From 6a25a35e704689d2bfa6c39032844674e6fdb3fd Mon Sep 17 00:00:00 2001 From: Samuel Dionne-Riel Date: Sun, 5 Aug 2018 19:15:14 -0400 Subject: [PATCH 001/173] nixos/activation: Identifies the snippet that failed This allows a developer to better identify in which snippet the failure happened. Furthermore, users seeking help will have more information available about the failure. --- nixos/modules/system/activation/activation-script.nix | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/nixos/modules/system/activation/activation-script.nix b/nixos/modules/system/activation/activation-script.nix index c563614caaa..93a1b13a81d 100644 --- a/nixos/modules/system/activation/activation-script.nix +++ b/nixos/modules/system/activation/activation-script.nix @@ -8,7 +8,12 @@ let addAttributeName = mapAttrs (a: v: v // { text = '' #### Activation script snippet ${a}: + _localstatus=0 ${v.text} + + if (( _localstatus > 0 )); then + printf "Activation script snippet '%s' failed (%s)\n" "${a}" "$_localstatus" + fi ''; }); @@ -71,7 +76,7 @@ in done _status=0 - trap "_status=1" ERR + trap "_status=1 _localstatus=\$?" ERR # Ensure a consistent umask. umask 0022 From 81b681c0f55df908e6494b97c262a0cc5012d5ea Mon Sep 17 00:00:00 2001 From: "R. RyanTM" Date: Thu, 16 Aug 2018 12:53:12 -0700 Subject: [PATCH 002/173] sc-controller: 0.4.3 -> 0.4.4 Semi-automatic update generated by https://github.com/ryantm/nixpkgs-update tools. This update was made based on information from https://repology.org/metapackage/sc-controller/versions. --- pkgs/misc/drivers/sc-controller/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/misc/drivers/sc-controller/default.nix b/pkgs/misc/drivers/sc-controller/default.nix index 5583461d375..872a90f7f59 100644 --- a/pkgs/misc/drivers/sc-controller/default.nix +++ b/pkgs/misc/drivers/sc-controller/default.nix @@ -7,13 +7,13 @@ buildPythonApplication rec { pname = "sc-controller"; - version = "0.4.3"; + version = "0.4.4"; src = fetchFromGitHub { owner = "kozec"; repo = pname; rev = "v${version}"; - sha256 = "0w4ykl78vdppqr3d4d0h1f31wly6kis57a1gxhnrbpfrgpj0qhvj"; + sha256 = "0ki9x28i5slpnygkpdglcvj8cssvvjyz732y1cnpzw1f0sj0kris"; }; nativeBuildInputs = [ wrapGAppsHook ]; From b00b2363b3de547eaeed6dd792e2a2232d2b9215 Mon Sep 17 00:00:00 2001 From: Shea Levy Date: Sun, 19 Aug 2018 15:17:35 -0400 Subject: [PATCH 003/173] haskellPackages.shellFor: fix after recent getHaskellBuildInputs fix. Fixes #45318 --- pkgs/development/haskell-modules/lib.nix | 15 +++++++++------ .../haskell-modules/make-package-set.nix | 4 ++-- 2 files changed, 11 insertions(+), 8 deletions(-) diff --git a/pkgs/development/haskell-modules/lib.nix b/pkgs/development/haskell-modules/lib.nix index 8790b56e501..5af68552f68 100644 --- a/pkgs/development/haskell-modules/lib.nix +++ b/pkgs/development/haskell-modules/lib.nix @@ -295,15 +295,18 @@ rec { overrideSrc = drv: { src, version ? drv.version }: overrideCabal drv (_: { inherit src version; editedCabalFile = null; }); + # Get all of the build inputs of a haskell package, divided by category. + getBuildInputs = p: + (overrideCabal p (args: { + passthru = (args.passthru or {}) // { + _getBuildInputs = extractBuildInputs p.compiler args; + }; + }))._getBuildInputs; + # Extract the haskell build inputs of a haskell package. # This is useful to build environments for developing on that # package. - getHaskellBuildInputs = p: - (overrideCabal p (args: { - passthru = (args.passthru or {}) // { - _getHaskellBuildInputs = (extractBuildInputs p.compiler args).haskellBuildInputs; - }; - }))._getHaskellBuildInputs; + getHaskellBuildInputs = p: (getBuildInputs p).haskellBuildInputs; # Under normal evaluation, simply return the original package. Under # nix-shell evaluation, return a nix-shell optimized environment. diff --git a/pkgs/development/haskell-modules/make-package-set.nix b/pkgs/development/haskell-modules/make-package-set.nix index 3f339030de5..608fb3625b2 100644 --- a/pkgs/development/haskell-modules/make-package-set.nix +++ b/pkgs/development/haskell-modules/make-package-set.nix @@ -38,7 +38,7 @@ let inherit (stdenv) buildPlatform hostPlatform; inherit (stdenv.lib) fix' extends makeOverridable; - inherit (haskellLib) overrideCabal getHaskellBuildInputs; + inherit (haskellLib) overrideCabal getBuildInputs; mkDerivationImpl = pkgs.callPackage ./generic-builder.nix { inherit stdenv; @@ -257,7 +257,7 @@ in package-set { inherit pkgs stdenv callPackage; } self // { shellFor = { packages, withHoogle ? false, ... } @ args: let selected = packages self; - packageInputs = builtins.map getHaskellBuildInputs selected; + packageInputs = builtins.map getBuildInputs selected; haskellInputs = builtins.filter (input: pkgs.lib.all (p: input.outPath != p.outPath) selected) From 5914624410d37f3f96560214609c4a0c73310d1d Mon Sep 17 00:00:00 2001 From: rnhmjoj Date: Tue, 21 Aug 2018 10:56:52 +0200 Subject: [PATCH 004/173] sc-controller: fix udev for NixOS --- pkgs/misc/drivers/sc-controller/default.nix | 6 +++-- .../misc/drivers/sc-controller/fix-udev.patch | 22 +++++++++++++++++++ 2 files changed, 26 insertions(+), 2 deletions(-) create mode 100644 pkgs/misc/drivers/sc-controller/fix-udev.patch diff --git a/pkgs/misc/drivers/sc-controller/default.nix b/pkgs/misc/drivers/sc-controller/default.nix index 872a90f7f59..a13b49bd6cf 100644 --- a/pkgs/misc/drivers/sc-controller/default.nix +++ b/pkgs/misc/drivers/sc-controller/default.nix @@ -2,7 +2,7 @@ , gtk3, gobjectIntrospection, libappindicator-gtk3, librsvg , evdev, pygobject3, pylibacl, pytest , linuxHeaders -, libX11, libXext, libXfixes, libusb1 +, libX11, libXext, libXfixes, libusb1, libudev }: buildPythonApplication rec { @@ -24,12 +24,14 @@ buildPythonApplication rec { checkInputs = [ pytest ]; + patches = [ ./fix-udev.patch ]; + postPatch = '' substituteInPlace scc/paths.py --replace sys.prefix "'$out'" substituteInPlace scc/uinput.py --replace /usr/include ${linuxHeaders}/include ''; - LD_LIBRARY_PATH = lib.makeLibraryPath [ libX11 libXext libXfixes libusb1 ]; + LD_LIBRARY_PATH = lib.makeLibraryPath [ libX11 libXext libXfixes libusb1 libudev ]; preFixup = '' gappsWrapperArgs+=(--prefix LD_LIBRARY_PATH : "$LD_LIBRARY_PATH") diff --git a/pkgs/misc/drivers/sc-controller/fix-udev.patch b/pkgs/misc/drivers/sc-controller/fix-udev.patch new file mode 100644 index 00000000000..2416ac216d7 --- /dev/null +++ b/pkgs/misc/drivers/sc-controller/fix-udev.patch @@ -0,0 +1,22 @@ +diff --git a/scc/lib/eudevmonitor.py b/scc/lib/eudevmonitor.py +index 6c1bd18..182eff2 100644 +--- a/scc/lib/eudevmonitor.py ++++ b/scc/lib/eudevmonitor.py +@@ -28,12 +28,11 @@ class Eudev: + + def __init__(self): + self._ctx = None +- self._lib = ctypes.CDLL(find_library(self.LIB_NAME)) +- if self._lib is None: +- # Alternative approach for NixOS +- try: +- self._lib = ctypes.cdll.LoadLibrary("libudev.so") +- except OSError: ++ try: ++ self._lib = ctypes.cdll.LoadLibrary("libudev.so") ++ except OSError: ++ self._lib = ctypes.CDLL(find_library(self.LIB_NAME)) ++ if self._lib is None: + raise ImportError("No library named udev") + Eudev._setup_lib(self._lib) + self._ctx = self._lib.udev_new() From aeb360caa3152f32781a5524a393dfc26d3590d9 Mon Sep 17 00:00:00 2001 From: Joseph Lukasik Date: Thu, 30 Aug 2018 14:06:50 -0700 Subject: [PATCH 005/173] ipfs-cluster: init at 0.5.0 --- .../networking/ipfs-cluster/default.nix | 39 +++++++++++++++++++ pkgs/top-level/all-packages.nix | 1 + 2 files changed, 40 insertions(+) create mode 100644 pkgs/applications/networking/ipfs-cluster/default.nix diff --git a/pkgs/applications/networking/ipfs-cluster/default.nix b/pkgs/applications/networking/ipfs-cluster/default.nix new file mode 100644 index 00000000000..d073593d488 --- /dev/null +++ b/pkgs/applications/networking/ipfs-cluster/default.nix @@ -0,0 +1,39 @@ +{ stdenv, buildGoPackage, fetchFromGitHub, fetchgx, gx-go }: + +buildGoPackage rec { + name = "ipfs-cluster-${version}"; + version = "0.5.0"; + rev = "v${version}"; + + goPackagePath = "github.com/ipfs/ipfs-cluster"; + + extraSrcPaths = [ + (fetchgx { + inherit name src; + sha256 = "0jwz3kd07i5fs0sxds80j8d338skhgxgxra377qxsk0cr2hhj2vm"; + }) + ]; + + src = fetchFromGitHub { + owner = "ipfs"; + repo = "ipfs-cluster"; + inherit rev; + sha256 = "132whjyplcifq8747hcdrgbc0amhp618dg049jq5nyslcxfgdypm"; + }; + + preBuild = '' + # fetchgx stores packages by their ipfs hash + # this will rewrite github.com/ imports to gx/ipfs/ + cd go/src/${goPackagePath} + ${gx-go}/bin/gx-go rewrite + ''; + + meta = with stdenv.lib; { + description = "Allocate, replicate, and track Pins across a cluster of IPFS daemons"; + homepage = https://cluster.ipfs.io/; + license = licenses.mit; + platforms = platforms.unix; + maintainers = with maintainers; [ jglukasik ]; + }; +} + diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 318b1941e9a..4e718f7def3 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -3307,6 +3307,7 @@ with pkgs; ipfs = callPackage ../applications/networking/ipfs { }; ipfs-migrator = callPackage ../applications/networking/ipfs-migrator { }; + ipfs-cluster = callPackage ../applications/networking/ipfs-cluster { }; ipget = callPackage ../applications/networking/ipget { buildGoPackage = buildGo110Package; From d8b4a46b0eaf33df89dfc9370d965448cd124a72 Mon Sep 17 00:00:00 2001 From: Joseph Lukasik Date: Thu, 30 Aug 2018 15:43:56 -0700 Subject: [PATCH 006/173] Add jglukasik to maintainer-list.nix --- maintainers/maintainer-list.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/maintainers/maintainer-list.nix b/maintainers/maintainer-list.nix index 1d6d772e7e9..7da5e645f37 100644 --- a/maintainers/maintainer-list.nix +++ b/maintainers/maintainer-list.nix @@ -1862,6 +1862,11 @@ github = "jgillich"; name = "Jakob Gillich"; }; + jglukasik = { + email = "joseph@jgl.me"; + github = "jglukasik"; + name = "Joseph Lukasik"; + }; jhhuh = { email = "jhhuh.note@gmail.com"; github = "jhhuh"; From 07d33b002400649f9f3f42e574020ea719651e8f Mon Sep 17 00:00:00 2001 From: "R. RyanTM" Date: Thu, 30 Aug 2018 23:09:50 -0700 Subject: [PATCH 007/173] augeas: 1.10.1 -> 1.11.0 Semi-automatic update generated by https://github.com/ryantm/nixpkgs-update tools. This update was made based on information from augeas --- pkgs/tools/system/augeas/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/tools/system/augeas/default.nix b/pkgs/tools/system/augeas/default.nix index 93ce4864463..4ba87666822 100644 --- a/pkgs/tools/system/augeas/default.nix +++ b/pkgs/tools/system/augeas/default.nix @@ -2,11 +2,11 @@ stdenv.mkDerivation rec { name = "augeas-${version}"; - version = "1.10.1"; + version = "1.11.0"; src = fetchurl { url = "http://download.augeas.net/${name}.tar.gz"; - sha256 = "0k9nssn7lk58cl5zv3c8kv2zx9cm2yks3sj7q4fd6qdjz9m2bnsj"; + sha256 = "1c507qj6dfn2dnsl27w94zs9r45xrgm07y8bqba9ry2s0psfhg1r"; }; nativeBuildInputs = [ pkgconfig ]; buildInputs = [ readline libxml2 ]; From 6d28393eb146c6b51012312b9542f4e43cfbb128 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bastian=20K=C3=B6cher?= Date: Fri, 31 Aug 2018 12:05:24 +0200 Subject: [PATCH 008/173] android-studio: Add desktop item --- .../editors/android-studio/common.nix | 60 +++++++++++++------ 1 file changed, 42 insertions(+), 18 deletions(-) diff --git a/pkgs/applications/editors/android-studio/common.nix b/pkgs/applications/editors/android-studio/common.nix index cd031ce5ac8..1d49c8c74a9 100644 --- a/pkgs/applications/editors/android-studio/common.nix +++ b/pkgs/applications/editors/android-studio/common.nix @@ -34,11 +34,12 @@ , writeTextFile , xkeyboard_config , zlib +, makeDesktopItem }: let drvName = "android-studio-${channel}-${version}"; - androidStudio = stdenv.mkDerivation { + androidStudio = stdenv.mkDerivation rec { name = drvName; src = fetchurl { @@ -110,7 +111,20 @@ let ]}" \ --set QT_XKB_CONFIG_ROOT "${xkeyboard_config}/share/X11/xkb" \ --set FONTCONFIG_FILE ${fontsConf} + + install -Dm644 bin/studio.png $out/share/pixmaps/${drvName}.png + ln -s ${desktopItem}/share/applications $out/share/applications ''; + + desktopItem = makeDesktopItem rec { + name = drvName; + exec = pname; + icon = drvName; + desktopName = "Android Studio"; + comment = "The official Android IDE"; + categories = "Development;IDE;"; + }; + }; # Android Studio downloads prebuilt binaries as part of the SDK. These tools @@ -121,8 +135,7 @@ let multiPkgs = pkgs: [ pkgs.ncurses5 ]; }; -in - writeTextFile { + wrapper = writeTextFile { name = "${drvName}-wrapper"; # TODO: Rename preview -> beta (and add -stable suffix?): destination = "/bin/${pname}"; @@ -131,18 +144,29 @@ in #!${bash}/bin/bash ${fhsEnv}/bin/${drvName}-fhs-env ${androidStudio}/bin/studio.sh ''; - } // { - meta = with stdenv.lib; { - description = "The Official IDE for Android (${channel} channel)"; - longDescription = '' - Android Studio is the official IDE for Android app development, based on - IntelliJ IDEA. - ''; - homepage = if channel == "stable" - then https://developer.android.com/studio/index.html - else https://developer.android.com/studio/preview/index.html; - license = licenses.asl20; - platforms = [ "x86_64-linux" ]; - maintainers = with maintainers; [ primeos ]; - }; - } + }; +in stdenv.mkDerivation { + name = "${drvName}-with-desktop-item"; + + buildCommand = '' + mkdir -p $out/{bin,share/pixmaps} + ln -s ${wrapper}/bin/${pname} $out/bin/${pname} + + ln -s ${androidStudio}/share/pixmaps/${drvName}.png $out/share/pixmaps/${drvName}.png + ln -s ${androidStudio}/share/applications $out/share/applications + ''; + + meta = with stdenv.lib; { + description = "The Official IDE for Android (${channel} channel)"; + longDescription = '' + Android Studio is the official IDE for Android app development, based on + IntelliJ IDEA. + ''; + homepage = if channel == "stable" + then https://developer.android.com/studio/index.html + else https://developer.android.com/studio/preview/index.html; + license = licenses.asl20; + platforms = [ "x86_64-linux" ]; + maintainers = with maintainers; [ primeos ]; + }; +} From c49e507bbc3286827d4610b08f1ccc18463e25b0 Mon Sep 17 00:00:00 2001 From: Sebastian Meric de Bellefon Date: Wed, 29 Aug 2018 10:26:46 -0400 Subject: [PATCH 009/173] python.pkgs.ratelimiter: init at 1.2.0.post0 --- maintainers/maintainer-list.nix | 5 +++ .../python-modules/ratelimiter/default.nix | 35 +++++++++++++++++++ pkgs/top-level/python-packages.nix | 2 ++ 3 files changed, 42 insertions(+) create mode 100644 pkgs/development/python-modules/ratelimiter/default.nix diff --git a/maintainers/maintainer-list.nix b/maintainers/maintainer-list.nix index 093a2aae86b..d4a96ff2904 100644 --- a/maintainers/maintainer-list.nix +++ b/maintainers/maintainer-list.nix @@ -1630,6 +1630,11 @@ github = "heel"; name = "Sergii Paryzhskyi"; }; + helkafen = { + email = "arnaudpourseb@gmail.com"; + github = "Helkafen"; + name = "Sébastian Méric de Bellefon"; + }; henrytill = { email = "henrytill@gmail.com"; github = "henrytill"; diff --git a/pkgs/development/python-modules/ratelimiter/default.nix b/pkgs/development/python-modules/ratelimiter/default.nix new file mode 100644 index 00000000000..375b6639368 --- /dev/null +++ b/pkgs/development/python-modules/ratelimiter/default.nix @@ -0,0 +1,35 @@ +{ + stdenv +, buildPythonPackage +, fetchPypi +, pytest +, glibcLocales +}: + +buildPythonPackage rec { + pname = "ratelimiter"; + version = "1.2.0.post0"; + + src = fetchPypi { + inherit pname version; + sha256 = "5c395dcabdbbde2e5178ef3f89b568a3066454a6ddc223b76473dac22f89b4f7"; + }; + + LC_ALL = "en_US.utf-8"; + + nativeBuildInputs = [ glibcLocales ]; + + checkInputs = [ pytest ]; + + checkPhase = '' + py.test tests + ''; + + meta = with stdenv.lib; { + homepage = https://github.com/RazerM/ratelimiter; + license = licenses.asl20; + description = "Simple python rate limiting object"; + maintainers = with maintainers; [ helkafen ]; + }; +} + diff --git a/pkgs/top-level/python-packages.nix b/pkgs/top-level/python-packages.nix index 3ba335146ce..7be5e3d5e33 100644 --- a/pkgs/top-level/python-packages.nix +++ b/pkgs/top-level/python-packages.nix @@ -4354,6 +4354,8 @@ in { regex = callPackage ../development/python-modules/regex { }; + ratelimiter = callPackage ../development/python-modules/ratelimiter { }; + repoze_lru = buildPythonPackage rec { name = "repoze.lru-0.6"; From 93ce77af405b0be6a6f5f5108b8e59cbac97249d Mon Sep 17 00:00:00 2001 From: Sebastian Meric de Bellefon Date: Wed, 29 Aug 2018 10:27:05 -0400 Subject: [PATCH 010/173] python.pkgs.snakemake: init at 5.2.2 --- .../science/misc/snakemake/default.nix | 41 +++++++++++++++++++ pkgs/top-level/all-packages.nix | 2 + 2 files changed, 43 insertions(+) create mode 100644 pkgs/applications/science/misc/snakemake/default.nix diff --git a/pkgs/applications/science/misc/snakemake/default.nix b/pkgs/applications/science/misc/snakemake/default.nix new file mode 100644 index 00000000000..6b0570814f2 --- /dev/null +++ b/pkgs/applications/science/misc/snakemake/default.nix @@ -0,0 +1,41 @@ +{ + stdenv +, python +}: + +python.buildPythonPackage rec { + pname = "snakemake"; + version = "5.2.2"; + + propagatedBuildInputs = with python; [ + appdirs + ConfigArgParse + datrie + docutils + jsonschema + pyyaml + ratelimiter + requests + wrapt + ]; + + src = python.fetchPypi { + inherit pname version; + sha256 = "adffe7e24b4a613a9e8bf0a2a320b3cea236d86afb9132bb0bbbc08b8e35a3a3"; + }; + + doCheck = false; # Tests depend on Google Cloud credentials at ${HOME}/gcloud-service-key.json + + meta = with stdenv.lib; { + homepage = http://snakemake.bitbucket.io; + license = licenses.mit; + description = "Python-based execution environment for make-like workflows"; + longDescription = '' + Snakemake is a workflow management system that aims to reduce the complexity of + creating workflows by providing a fast and comfortable execution environment, + together with a clean and readable specification language in Python style. Snakemake + workflows are essentially Python scripts extended by declarative code to define + rules. Rules describe how to create output files from input files. + ''; + }; +} diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 975b526bc22..46e8b0e2dd7 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -8677,6 +8677,8 @@ with pkgs; smc = callPackage ../tools/misc/smc { }; + snakemake = callPackage ../applications/science/misc/snakemake { python = python3Packages; }; + snowman = qt5.callPackage ../development/tools/analysis/snowman { }; sparse = callPackage ../development/tools/analysis/sparse { }; From 4ff5f304b9db4a85ad5da67cbcae8802fd574bcb Mon Sep 17 00:00:00 2001 From: Samuel Dionne-Riel Date: Sat, 1 Sep 2018 13:42:47 -0400 Subject: [PATCH 011/173] nixos/manual: nixos-help knows about colon-separated BROWSER This is the semantics as understood by `xdg-open`. Using these semantics on a non-colon-separated variable works because it acts as if it was a one element long list. This fixes an issue where it would try to exec `google-chrome-beta:google-chrome:chromium:firefox` on a system configured with these semantics in mind. --- nixos/modules/services/misc/nixos-manual.nix | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/nixos/modules/services/misc/nixos-manual.nix b/nixos/modules/services/misc/nixos-manual.nix index 3916c3052e8..993b59590bb 100644 --- a/nixos/modules/services/misc/nixos-manual.nix +++ b/nixos/modules/services/misc/nixos-manual.nix @@ -44,7 +44,13 @@ let helpScript = pkgs.writeScriptBin "nixos-help" '' #! ${pkgs.runtimeShell} -e - browser="$BROWSER" + # Finds first executable browser in a colon-separated list. + # (see how xdg-open defines BROWSER) + browser="$( + IFS=: ; for b in $BROWSER; do + [ -n "$(type -P "$b" || true)" ] && echo "$b" && break + done + )" if [ -z "$browser" ]; then browser="$(type -P xdg-open || true)" if [ -z "$browser" ]; then From 8938eede285fbd2f4e58da0663921d980f9a3f7d Mon Sep 17 00:00:00 2001 From: Uli Baum Date: Sat, 1 Sep 2018 20:07:11 +0200 Subject: [PATCH 012/173] dhcpcd: 6.11.5 -> 7.0.8 --- pkgs/tools/networking/dhcpcd/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/tools/networking/dhcpcd/default.nix b/pkgs/tools/networking/dhcpcd/default.nix index 93529fe4ce5..1fe29b8b96f 100644 --- a/pkgs/tools/networking/dhcpcd/default.nix +++ b/pkgs/tools/networking/dhcpcd/default.nix @@ -3,11 +3,11 @@ stdenv.mkDerivation rec { # when updating this to >=7, check, see previous reverts: # nix-build -A nixos.tests.networking.scripted.macvlan.x86_64-linux nixos/release-combined.nix - name = "dhcpcd-6.11.5"; + name = "dhcpcd-7.0.8"; src = fetchurl { url = "mirror://roy/dhcpcd/${name}.tar.xz"; - sha256 = "17nnhxmbdcc7k2mh6sgvxisqcqbic5540xbig363ds97gvf795kg"; + sha256 = "1df95lv3cbs3dk718a2vyvzmv7qhpgcxzagb27ylmav96f48x5ln"; }; nativeBuildInputs = [ pkgconfig ]; From 314d1fcdcb5b8602d634beaf577757ee5e8b6aee Mon Sep 17 00:00:00 2001 From: Joseph Lukasik Date: Sat, 1 Sep 2018 16:01:43 -0700 Subject: [PATCH 013/173] Add gx-go to nativeBuildInputs for ipfs-cluster --- pkgs/applications/networking/ipfs-cluster/default.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/pkgs/applications/networking/ipfs-cluster/default.nix b/pkgs/applications/networking/ipfs-cluster/default.nix index d073593d488..33b9f615139 100644 --- a/pkgs/applications/networking/ipfs-cluster/default.nix +++ b/pkgs/applications/networking/ipfs-cluster/default.nix @@ -21,11 +21,13 @@ buildGoPackage rec { sha256 = "132whjyplcifq8747hcdrgbc0amhp618dg049jq5nyslcxfgdypm"; }; + nativeBuildInputs = [ gx-go ]; + preBuild = '' # fetchgx stores packages by their ipfs hash # this will rewrite github.com/ imports to gx/ipfs/ cd go/src/${goPackagePath} - ${gx-go}/bin/gx-go rewrite + gx-go rewrite ''; meta = with stdenv.lib; { From f865d0feabfafbb30a9e0659e19a30cb0dc24481 Mon Sep 17 00:00:00 2001 From: aszlig Date: Sun, 2 Sep 2018 05:05:34 +0200 Subject: [PATCH 014/173] nixos: Split paras by \n\n in option descriptions What annoyed me for a long time was the fact, that in order to break into a new paragraph, you need to insert in the description attribute of an option. Now we will automatically create elements for every block that is separated by two consecutive newlines. I first tried to do this within options-to-docbook.xsl, but it turns out[1] that this isn't directly possible with XSLT 1.0, so I added another XSLT file that postprocesses the option descriptions that are now enclosed in by options-to-docbook.xsl. The splitting itself is a bit more involved, because we can't simply split on every \n\n because we'd also split text nodes of elements, for example: This would create one element for "one line" and another for "another line", which we obviously don't want because is used to display verbatim contents of what a user is seeing on the screen. So what we do instead is splitting *only* the top-level text nodes within the outermost and leave all elements as-is. If there are more than one elements at the top-level, we simply don't process it at all, because the description then already contains . https://www.mhonarc.org/archive/html/xsl-list/2012-09/msg00319.html Signed-off-by: aszlig Cc: @edolstra, @domenkozar --- nixos/doc/manual/default.nix | 4 +- nixos/doc/manual/options-to-docbook.xsl | 11 +- .../postprocess-option-descriptions.xsl | 115 ++++++++++++++++++ 3 files changed, 125 insertions(+), 5 deletions(-) create mode 100644 nixos/doc/manual/postprocess-option-descriptions.xsl diff --git a/nixos/doc/manual/default.nix b/nixos/doc/manual/default.nix index be28c2c17af..aaa6e0da545 100644 --- a/nixos/doc/manual/default.nix +++ b/nixos/doc/manual/default.nix @@ -90,7 +90,9 @@ let fi ${buildPackages.libxslt.bin}/bin/xsltproc \ --stringparam revision '${revision}' \ - -o $out ${./options-to-docbook.xsl} $optionsXML + -o intermediate.xml ${./options-to-docbook.xsl} $optionsXML + ${buildPackages.libxslt.bin}/bin/xsltproc \ + -o "$out" ${./postprocess-option-descriptions.xsl} intermediate.xml ''; sources = lib.sourceFilesBySuffices ./. [".xml"]; diff --git a/nixos/doc/manual/options-to-docbook.xsl b/nixos/doc/manual/options-to-docbook.xsl index 2038b0dff63..72ac89d4ff6 100644 --- a/nixos/doc/manual/options-to-docbook.xsl +++ b/nixos/doc/manual/options-to-docbook.xsl @@ -4,6 +4,7 @@ xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:str="http://exslt.org/strings" xmlns:xlink="http://www.w3.org/1999/xlink" + xmlns:nixos="tag:nixos.org" xmlns="http://docbook.org/ns/docbook" extension-element-prefixes="str" > @@ -30,10 +31,12 @@ - - - + + + + + diff --git a/nixos/doc/manual/postprocess-option-descriptions.xsl b/nixos/doc/manual/postprocess-option-descriptions.xsl new file mode 100644 index 00000000000..1201c7612c2 --- /dev/null +++ b/nixos/doc/manual/postprocess-option-descriptions.xsl @@ -0,0 +1,115 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + From 4d3ed9f5d56179e75999371b0df4b4db73b68249 Mon Sep 17 00:00:00 2001 From: Gabriel Ebner Date: Sun, 2 Sep 2018 12:17:22 +0200 Subject: [PATCH 015/173] gpxsee: 4.19 -> 5.17 --- pkgs/applications/misc/gpxsee/default.nix | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/pkgs/applications/misc/gpxsee/default.nix b/pkgs/applications/misc/gpxsee/default.nix index ed0dd3ba5be..33ffb6b5acb 100644 --- a/pkgs/applications/misc/gpxsee/default.nix +++ b/pkgs/applications/misc/gpxsee/default.nix @@ -2,29 +2,34 @@ stdenv.mkDerivation rec { name = "gpxsee-${version}"; - version = "4.19"; + version = "5.17"; src = fetchFromGitHub { owner = "tumic0"; repo = "GPXSee"; rev = version; - sha256 = "1xjf2aawf633c1ydhpcsjhdlfkjkfsjbcgjd737xpfv1wjz99l4l"; + sha256 = "0fr835glvwnpq6sy181z0gskvwfrmvh7115r3d92xy71v8b1l5ib"; }; - nativeBuildInputs = [ qmake qttools ]; + nativeBuildInputs = [ qmake ]; + buildInputs = [ qttools ]; preConfigure = '' substituteInPlace src/config.h --replace /usr/share/gpxsee $out/share/gpxsee lrelease lang/*.ts ''; - preFixup = '' + installPhase = '' install -Dm755 GPXSee $out/bin/GPXSee - mkdir -p $out/share/gpxsee - cp pkg/maps.txt $out/share/gpxsee + cp -r pkg/csv $out/share/gpxsee/ + cp -r pkg/maps $out/share/gpxsee/ + mkdir -p $out/share/gpxsee/translations + cp -r lang/*.qm $out/share/gpxsee/translations ''; + enableParallelBuilding = true; + meta = with stdenv.lib; { homepage = http://www.gpxsee.org/; description = "GPX viewer and analyzer"; From 13c3986b7a7da4f29005349674b334b6b914a371 Mon Sep 17 00:00:00 2001 From: Uli Baum Date: Sun, 2 Sep 2018 12:13:06 +0200 Subject: [PATCH 016/173] nixos/tests/networking.*.macvlan: disable reverse path check Generated reverse path filtering rules for the macvlan interface seem to be incorrect, causing the test to fail - sometimes or always, depending on the dhcpcd version used. - Disable reverse path checking temporarily to avoid blocking the channel - Print more diagnostic information for debugging --- nixos/tests/networking.nix | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/nixos/tests/networking.nix b/nixos/tests/networking.nix index ff088ad2621..02bd4bd9807 100644 --- a/nixos/tests/networking.nix +++ b/nixos/tests/networking.nix @@ -11,6 +11,7 @@ let let vlanIfs = range 1 (length config.virtualisation.vlans); in { + environment.systemPackages = [ pkgs.iptables ]; # to debug firewall rules virtualisation.vlans = [ 1 2 3 ]; boot.kernel.sysctl."net.ipv6.conf.all.forwarding" = true; networking = { @@ -320,9 +321,14 @@ let name = "MACVLAN"; nodes.router = router; nodes.client = { pkgs, ... }: with pkgs.lib; { + environment.systemPackages = [ pkgs.iptables ]; # to debug firewall rules virtualisation.vlans = [ 1 ]; networking = { useNetworkd = networkd; + firewall.logReversePathDrops = true; # to debug firewall rules + # reverse path filtering rules for the macvlan interface seem + # to be incorrect, causing the test to fail. Disable temporarily. + firewall.checkReversePath = false; firewall.allowPing = true; useDHCP = true; macvlans.macvlan.interface = "eth1"; @@ -341,9 +347,16 @@ let $client->waitUntilSucceeds("ip addr show dev eth1 | grep -q '192.168.1'"); $client->waitUntilSucceeds("ip addr show dev macvlan | grep -q '192.168.1'"); - # Print diagnosting information + # Print lots of diagnostic information + $router->log('**********************************************'); $router->succeed("ip addr >&2"); + $router->succeed("ip route >&2"); + $router->execute("iptables-save >&2"); + $client->log('=============================================='); $client->succeed("ip addr >&2"); + $client->succeed("ip route >&2"); + $client->execute("iptables-save >&2"); + $client->log('##############################################'); # Test macvlan creates routable ips $client->waitUntilSucceeds("ping -c 1 192.168.1.1"); From a9a8043b9bea34e86bfd15122cebef30a1acc157 Mon Sep 17 00:00:00 2001 From: volth Date: Sun, 2 Sep 2018 12:34:55 +0000 Subject: [PATCH 017/173] install-grub.pl: avoid double '/' in menu.lst and grub.conf (#45907) Although double '/' in paths is not a problem for GRUB supplied with nixpkgs, sometimes NixOS's grub.conf read by external GRUB and there are versions of GRUB which fail --- nixos/modules/system/boot/loader/grub/install-grub.pl | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/nixos/modules/system/boot/loader/grub/install-grub.pl b/nixos/modules/system/boot/loader/grub/install-grub.pl index ea6e56892cb..bda6a313640 100644 --- a/nixos/modules/system/boot/loader/grub/install-grub.pl +++ b/nixos/modules/system/boot/loader/grub/install-grub.pl @@ -248,7 +248,7 @@ if ($grubVersion == 1) { "; if ($splashImage) { copy $splashImage, "$bootPath/background.xpm.gz" or die "cannot copy $splashImage to $bootPath\n"; - $conf .= "splashimage " . $grubBoot->path . "/background.xpm.gz\n"; + $conf .= "splashimage " . ($grubBoot->path eq "/" ? "" : $grubBoot->path) . "/background.xpm.gz\n"; } } @@ -289,7 +289,7 @@ else { copy $font, "$bootPath/converted-font.pf2" or die "cannot copy $font to $bootPath\n"; $conf .= " insmod font - if loadfont " . $grubBoot->path . "/converted-font.pf2; then + if loadfont " . ($grubBoot->path eq "/" ? "" : $grubBoot->path) . "/converted-font.pf2; then insmod gfxterm if [ \"\${grub_platform}\" = \"efi\" ]; then set gfxmode=$gfxmodeEfi @@ -317,7 +317,7 @@ else { copy $splashImage, "$bootPath/background$suffix" or die "cannot copy $splashImage to $bootPath\n"; $conf .= " insmod " . substr($suffix, 1) . " - if background_image --mode '$splashMode' " . $grubBoot->path . "/background$suffix; then + if background_image --mode '$splashMode' " . ($grubBoot->path eq "/" ? "" : $grubBoot->path) . "/background$suffix; then set color_normal=white/black set color_highlight=black/white else @@ -352,7 +352,7 @@ sub copyToKernelsDir { rename $tmp, $dst or die "cannot rename $tmp to $dst\n"; } $copied{$dst} = 1; - return $grubBoot->path . "/kernels/$name"; + return ($grubBoot->path eq "/" ? "" : $grubBoot->path) . "/kernels/$name"; } sub addEntry { From a9629064d8c8b24c442f9db7fd451ede53d387b7 Mon Sep 17 00:00:00 2001 From: Michael Weiss Date: Sun, 2 Sep 2018 11:44:38 +0200 Subject: [PATCH 018/173] iputils: Drop unnecessary dependencies --- pkgs/os-specific/linux/iputils/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/os-specific/linux/iputils/default.nix b/pkgs/os-specific/linux/iputils/default.nix index 557bc2f186f..ce70cc37d69 100644 --- a/pkgs/os-specific/linux/iputils/default.nix +++ b/pkgs/os-specific/linux/iputils/default.nix @@ -1,6 +1,6 @@ { stdenv, fetchFromGitHub, fetchpatch , libxslt, docbook_xsl, docbook_xml_dtd_44 -, sysfsutils, openssl, libcap, libgcrypt, nettle, libidn2 +, libcap, nettle, libidn2 }: let @@ -38,7 +38,7 @@ stdenv.mkDerivation rec { nativeBuildInputs = [ libxslt.bin ]; buildInputs = [ - sysfsutils openssl libcap libgcrypt nettle + libcap nettle ] ++ stdenv.lib.optional (!stdenv.hostPlatform.isMusl) libidn2; # ninfod probably could build on cross, but the Makefile doesn't pass --host etc to the sub configure... From 1ef5b1780fdc02e4da1c98cec4612e4fdaddca97 Mon Sep 17 00:00:00 2001 From: Michael Weiss Date: Sun, 2 Sep 2018 12:40:46 +0200 Subject: [PATCH 019/173] iputils: Code refactoring and fixes - Fix the cross-compiling check and add openssl for ninfod - Add "AS-IS, SUN MICROSYSTEMS license" to meta.licenses - Install igp (see man pg3) --- pkgs/os-specific/linux/iputils/default.nix | 59 +++++++++++++--------- 1 file changed, 34 insertions(+), 25 deletions(-) diff --git a/pkgs/os-specific/linux/iputils/default.nix b/pkgs/os-specific/linux/iputils/default.nix index ce70cc37d69..e66dbe41d01 100644 --- a/pkgs/os-specific/linux/iputils/default.nix +++ b/pkgs/os-specific/linux/iputils/default.nix @@ -1,12 +1,20 @@ { stdenv, fetchFromGitHub, fetchpatch , libxslt, docbook_xsl, docbook_xml_dtd_44 -, libcap, nettle, libidn2 +, libcap, nettle, libidn2, openssl }: +with stdenv.lib; + let time = "20180629"; -in -stdenv.mkDerivation rec { + # ninfod probably could build on cross, but the Makefile doesn't pass --host + # etc to the sub configure... + withNinfod = stdenv.hostPlatform == stdenv.buildPlatform; + sunAsIsLicense = { + fullName = "AS-IS, SUN MICROSYSTEMS license"; + url = "https://github.com/iputils/iputils/blob/s${time}/rdisc.c"; + }; +in stdenv.mkDerivation { name = "iputils-${time}"; src = fetchFromGitHub { @@ -17,7 +25,7 @@ stdenv.mkDerivation rec { }; patches = [ - (fetchpatch { + (fetchpatch { name = "dont-hardcode-the-location-of-xsltproc.patch"; url = "https://github.com/iputils/iputils/commit/d0ff83e87ea9064d9215a18e93076b85f0f9e828.patch"; sha256 = "05wrwf0bfmax69bsgzh3b40n7rvyzw097j8z5ix0xsg0kciygjvx"; @@ -34,35 +42,36 @@ stdenv.mkDerivation rec { ''; # Disable idn usage w/musl: https://github.com/iputils/iputils/pull/111 - makeFlags = [ "USE_GNUTLS=no" ] ++ stdenv.lib.optional stdenv.hostPlatform.isMusl "USE_IDN=no"; + makeFlags = optional stdenv.hostPlatform.isMusl "USE_IDN=no"; nativeBuildInputs = [ libxslt.bin ]; - buildInputs = [ - libcap nettle - ] ++ stdenv.lib.optional (!stdenv.hostPlatform.isMusl) libidn2; + buildInputs = [ libcap nettle ] + ++ optional (!stdenv.hostPlatform.isMusl) libidn2 + ++ optional withNinfod openssl; # TODO: Build with nettle - # ninfod probably could build on cross, but the Makefile doesn't pass --host etc to the sub configure... - buildFlags = "man all" + stdenv.lib.optionalString (stdenv.hostPlatform != stdenv.buildPlatform) " ninfod"; + buildFlags = "man all" + optionalString withNinfod " ninfod"; - installPhase = - '' - mkdir -p $out/bin - cp -p arping clockdiff ping rarpd rdisc tftpd tracepath traceroute6 $out/bin/ - if [ -x ninfod/ninfod ]; then - cp -p ninfod/ninfod $out/bin - fi + installPhase = '' + mkdir -p $out/bin + mkdir -p $out/share/man/man8 - mkdir -p $out/share/man/man8 - cd doc - cp -p \ - arping.8 clockdiff.8 ninfod.8 pg3.8 ping.8 rarpd.8 rdisc.8 tftpd.8 tracepath.8 traceroute6.8 \ - $out/share/man/man8 - ''; + for tool in arping clockdiff ping rarpd rdisc tftpd tracepath traceroute6; do + cp $tool $out/bin/ + cp doc/$tool.8 $out/share/man/man8/ + done - meta = with stdenv.lib; { + # TODO: Requires kernel module pg3 + cp ipg $out/bin/ + cp doc/pg3.8 $out/share/man/man8/ + '' + optionalString withNinfod '' + cp ninfod/ninfod $out/bin/ + cp doc/ninfod.8 $out/share/man/man8/ + ''; + + meta = { homepage = https://github.com/iputils/iputils; description = "A set of small useful utilities for Linux networking"; - license = with licenses; [ gpl2Plus bsd3 ]; # TODO: AS-IS, SUN MICROSYSTEMS license + license = with licenses; [ gpl2Plus bsd3 sunAsIsLicense ]; platforms = platforms.linux; maintainers = with maintainers; [ primeos lheckemann ]; }; From c2a984c450838d122b2edd1c147ed53b34377999 Mon Sep 17 00:00:00 2001 From: "R. RyanTM" Date: Sun, 2 Sep 2018 07:43:46 -0700 Subject: [PATCH 020/173] itk: 4.13.0 -> 4.13.1 (#45827) Semi-automatic update generated by https://github.com/ryantm/nixpkgs-update tools. This update was made based on information from itk --- pkgs/development/libraries/itk/default.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/development/libraries/itk/default.nix b/pkgs/development/libraries/itk/default.nix index 5f6a6f51a52..df016d9fcac 100644 --- a/pkgs/development/libraries/itk/default.nix +++ b/pkgs/development/libraries/itk/default.nix @@ -1,11 +1,11 @@ { stdenv, fetchurl, cmake, libX11, libuuid, xz, vtk }: stdenv.mkDerivation rec { - name = "itk-4.13.0"; + name = "itk-4.13.1"; src = fetchurl { - url = mirror://sourceforge/itk/InsightToolkit-4.13.0.tar.xz; - sha256 = "09d1gmqx3wbdfgwf7r91r12m2vknviv0i8wxwh2q9w1vrpizrczy"; + url = mirror://sourceforge/itk/InsightToolkit-4.13.1.tar.xz; + sha256 = "0p4cspgbnjsnkjz8nfg092yaxz8qkqi2nkxjdv421d0zrmi0i2al"; }; cmakeFlags = [ From 1ee3ad6732dd617806d333bc3a0370fadf62f69f Mon Sep 17 00:00:00 2001 From: Yorick Date: Sun, 2 Sep 2018 17:07:55 +0200 Subject: [PATCH 021/173] wireguard: change preStop to postStop, require network.target (#45569) * wireguard: change preStop to postStop, require network.target * wireguard service: network.target -> network-online.target --- nixos/modules/services/networking/wireguard.nix | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/nixos/modules/services/networking/wireguard.nix b/nixos/modules/services/networking/wireguard.nix index 1b87b77f976..564632a85ae 100644 --- a/nixos/modules/services/networking/wireguard.nix +++ b/nixos/modules/services/networking/wireguard.nix @@ -190,7 +190,8 @@ let nameValuePair "wireguard-${name}" { description = "WireGuard Tunnel - ${name}"; - after = [ "network.target" ]; + requires = [ "network-online.target" ]; + after = [ "network.target" "network-online.target" ]; wantedBy = [ "multi-user.target" ]; environment.DEVICE = name; path = with pkgs; [ kmod iproute wireguard-tools ]; @@ -236,7 +237,7 @@ let ${values.postSetup} ''; - preStop = '' + postStop = '' ip link del dev ${name} ${values.postShutdown} ''; From 85e46d12b33c848cb01a0d6563394ea07ac3d33f Mon Sep 17 00:00:00 2001 From: Michael Weiss Date: Sun, 2 Sep 2018 18:41:20 +0200 Subject: [PATCH 022/173] android-studio: Refactor the code & minor improvements --- .../editors/android-studio/common.nix | 84 +++++++++---------- 1 file changed, 39 insertions(+), 45 deletions(-) diff --git a/pkgs/applications/editors/android-studio/common.nix b/pkgs/applications/editors/android-studio/common.nix index 1d49c8c74a9..23e0584cb7f 100644 --- a/pkgs/applications/editors/android-studio/common.nix +++ b/pkgs/applications/editors/android-studio/common.nix @@ -31,7 +31,7 @@ , stdenv , unzip , which -, writeTextFile +, runCommand , xkeyboard_config , zlib , makeDesktopItem @@ -39,7 +39,7 @@ let drvName = "android-studio-${channel}-${version}"; - androidStudio = stdenv.mkDerivation rec { + androidStudio = stdenv.mkDerivation { name = drvName; src = fetchurl { @@ -111,20 +111,18 @@ let ]}" \ --set QT_XKB_CONFIG_ROOT "${xkeyboard_config}/share/X11/xkb" \ --set FONTCONFIG_FILE ${fontsConf} - - install -Dm644 bin/studio.png $out/share/pixmaps/${drvName}.png - ln -s ${desktopItem}/share/applications $out/share/applications ''; + }; - desktopItem = makeDesktopItem rec { - name = drvName; - exec = pname; - icon = drvName; - desktopName = "Android Studio"; - comment = "The official Android IDE"; - categories = "Development;IDE;"; - }; - + desktopItem = makeDesktopItem { + name = drvName; + exec = pname; + icon = drvName; + desktopName = "Android Studio (${channel} channel)"; + comment = "The official Android IDE"; + categories = "Development;IDE;"; + startupNotify = "true"; + extraEntries="StartupWMClass=jetbrains-studio"; }; # Android Studio downloads prebuilt binaries as part of the SDK. These tools @@ -134,39 +132,35 @@ let name = "${drvName}-fhs-env"; multiPkgs = pkgs: [ pkgs.ncurses5 ]; }; - - wrapper = writeTextFile { - name = "${drvName}-wrapper"; - # TODO: Rename preview -> beta (and add -stable suffix?): - destination = "/bin/${pname}"; - executable = true; - text = '' +in runCommand + "${drvName}-wrapper" + { + startScript = '' #!${bash}/bin/bash ${fhsEnv}/bin/${drvName}-fhs-env ${androidStudio}/bin/studio.sh ''; - }; -in stdenv.mkDerivation { - name = "${drvName}-with-desktop-item"; - - buildCommand = '' + preferLocalBuild = true; + allowSubstitutes = false; + meta = with stdenv.lib; { + description = "The Official IDE for Android (${channel} channel)"; + longDescription = '' + Android Studio is the official IDE for Android app development, based on + IntelliJ IDEA. + ''; + homepage = if channel == "stable" + then https://developer.android.com/studio/index.html + else https://developer.android.com/studio/preview/index.html; + license = licenses.asl20; + platforms = [ "x86_64-linux" ]; + maintainers = with maintainers; [ primeos ]; + }; + } + '' mkdir -p $out/{bin,share/pixmaps} - ln -s ${wrapper}/bin/${pname} $out/bin/${pname} - ln -s ${androidStudio}/share/pixmaps/${drvName}.png $out/share/pixmaps/${drvName}.png - ln -s ${androidStudio}/share/applications $out/share/applications - ''; - - meta = with stdenv.lib; { - description = "The Official IDE for Android (${channel} channel)"; - longDescription = '' - Android Studio is the official IDE for Android app development, based on - IntelliJ IDEA. - ''; - homepage = if channel == "stable" - then https://developer.android.com/studio/index.html - else https://developer.android.com/studio/preview/index.html; - license = licenses.asl20; - platforms = [ "x86_64-linux" ]; - maintainers = with maintainers; [ primeos ]; - }; -} + # TODO: Rename preview -> beta (and add -stable suffix?): + echo -n "$startScript" > $out/bin/${pname} + chmod +x $out/bin/${pname} + ln -s ${androidStudio}/bin/studio.png $out/share/pixmaps/${drvName}.png + ln -s ${desktopItem}/share/applications $out/share/applications + '' From 87f3a2a4068c5b5ccadda429daecbc22601b8e2e Mon Sep 17 00:00:00 2001 From: Jan Tojnar Date: Sun, 2 Sep 2018 17:01:40 +0200 Subject: [PATCH 023/173] =?UTF-8?q?gcolor3:=202.2=20=E2=86=92=202.3?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../applications/graphics/gcolor3/default.nix | 36 ++++++++++++------- 1 file changed, 24 insertions(+), 12 deletions(-) diff --git a/pkgs/applications/graphics/gcolor3/default.nix b/pkgs/applications/graphics/gcolor3/default.nix index 09d1a86db8e..cd43cd2fe72 100644 --- a/pkgs/applications/graphics/gcolor3/default.nix +++ b/pkgs/applications/graphics/gcolor3/default.nix @@ -1,7 +1,7 @@ -{ stdenv, fetchFromGitHub, gnome3, libtool, intltool, pkgconfig, gtk3, hicolor-icon-theme, wrapGAppsHook } : +{ stdenv, fetchFromGitHub, fetchpatch, gnome3, meson, ninja, gettext, pkgconfig, libxml2, gtk3, hicolor-icon-theme, wrapGAppsHook }: let - version = "2.2"; + version = "2.3"; in stdenv.mkDerivation { name = "gcolor3-${version}"; @@ -9,23 +9,35 @@ in stdenv.mkDerivation { owner = "hjdskes"; repo = "gcolor3"; rev = "v${version}"; - sha256 = "1rbahsi33pfggpj5cigy6wy5333g3rpm8v2q0b35c6m7pwhmf2gr"; + sha256 = "186j72kwsqdcakvdik9jl18gz3csdj53j3ylwagr9gfwmy0nmyjb"; }; - nativeBuildInputs = [ gnome3.gnome-common libtool intltool pkgconfig hicolor-icon-theme wrapGAppsHook ]; + patches = [ + # Fix darwin build + (fetchpatch { + url = https://github.com/Hjdskes/gcolor3/commit/9130ffeff091fbafff6a0c8f06b09f54657d5dfd.patch; + sha256 = "1kn5hx536wivafb4awg7lsa8h32njy0lynmn7ci9y78dlp54057r"; + }) + (fetchpatch { + url = https://github.com/Hjdskes/gcolor3/commit/8d89081a8e13749f5a9051821114bc5fe814eaf3.patch; + sha256 = "1ldyr84dl2g6anqkp2mpxsrcr41fcqwi6ck14rfhai7rgrm8yar3"; + }) + ]; - buildInputs = [ gtk3 ]; + nativeBuildInputs = [ meson ninja gettext pkgconfig libxml2 wrapGAppsHook ]; - configureScript = "./autogen.sh"; + buildInputs = [ gtk3 hicolor-icon-theme ]; - # clang-4.0: error: argument unused during compilation: '-pthread' - NIX_CFLAGS_COMPILE = stdenv.lib.optional stdenv.cc.isClang "-Wno-error=unused-command-line-argument"; + postPatch = '' + chmod +x meson_install.sh # patchShebangs requires executable file + patchShebangs meson_install.sh + ''; - meta = { + meta = with stdenv.lib; { description = "A simple color chooser written in GTK3"; homepage = https://hjdskes.github.io/projects/gcolor3/; - license = stdenv.lib.licenses.gpl2; - maintainers = with stdenv.lib.maintainers; [ jtojnar ]; - platforms = stdenv.lib.platforms.unix; + license = licenses.gpl2; + maintainers = with maintainers; [ jtojnar ]; + platforms = platforms.unix; }; } From 8670ee4689285dde42b0c84d94f91603ff65f8b6 Mon Sep 17 00:00:00 2001 From: rnhmjoj Date: Mon, 27 Aug 2018 02:14:26 +0200 Subject: [PATCH 024/173] sc-controller: fix missing libbluetooth.so --- pkgs/misc/drivers/sc-controller/default.nix | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/pkgs/misc/drivers/sc-controller/default.nix b/pkgs/misc/drivers/sc-controller/default.nix index a13b49bd6cf..f1c4ff09157 100644 --- a/pkgs/misc/drivers/sc-controller/default.nix +++ b/pkgs/misc/drivers/sc-controller/default.nix @@ -1,6 +1,6 @@ { lib, buildPythonApplication, fetchFromGitHub, wrapGAppsHook , gtk3, gobjectIntrospection, libappindicator-gtk3, librsvg -, evdev, pygobject3, pylibacl, pytest +, evdev, pygobject3, pylibacl, pytest, bluez , linuxHeaders , libX11, libXext, libXfixes, libusb1, libudev }: @@ -24,14 +24,17 @@ buildPythonApplication rec { checkInputs = [ pytest ]; - patches = [ ./fix-udev.patch ]; + patches = [ + ./fix-udev.patch # fix upstream issue #401, remove with the next update + ]; postPatch = '' substituteInPlace scc/paths.py --replace sys.prefix "'$out'" substituteInPlace scc/uinput.py --replace /usr/include ${linuxHeaders}/include + substituteInPlace scc/device_monitor.py --replace "find_library('bluetooth')" "'libbluetooth.so.3'" ''; - LD_LIBRARY_PATH = lib.makeLibraryPath [ libX11 libXext libXfixes libusb1 libudev ]; + LD_LIBRARY_PATH = lib.makeLibraryPath [ libX11 libXext libXfixes libusb1 libudev bluez ]; preFixup = '' gappsWrapperArgs+=(--prefix LD_LIBRARY_PATH : "$LD_LIBRARY_PATH") From 96dc7a1c54d6762e6413f18316dba051e788db7b Mon Sep 17 00:00:00 2001 From: Markus Kowalewski Date: Sun, 2 Sep 2018 20:11:20 +0200 Subject: [PATCH 025/173] ilixi: update homepage --- pkgs/development/libraries/ilixi/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/development/libraries/ilixi/default.nix b/pkgs/development/libraries/ilixi/default.nix index 99f6df9c5f0..bb6e23937c0 100644 --- a/pkgs/development/libraries/ilixi/default.nix +++ b/pkgs/development/libraries/ilixi/default.nix @@ -23,7 +23,7 @@ stdenv.mkDerivation rec { meta = with stdenv.lib; { description = "Lightweight C++ GUI toolkit for embedded Linux systems"; - homepage = http://ilixi.org/; + homepage = https://github.com/ilixi/ilixi; license = licenses.lgpl3; platforms = platforms.linux; maintainers = [ maintainers.bjornfor ]; From e8c6b0f763cfd769a30ea8be584ff170a47b7721 Mon Sep 17 00:00:00 2001 From: Markus Kowalewski Date: Sun, 2 Sep 2018 20:13:36 +0200 Subject: [PATCH 026/173] iso-codes: update homepage + add license --- pkgs/development/libraries/iso-codes/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/libraries/iso-codes/default.nix b/pkgs/development/libraries/iso-codes/default.nix index d78c59e9c25..80154f504d4 100644 --- a/pkgs/development/libraries/iso-codes/default.nix +++ b/pkgs/development/libraries/iso-codes/default.nix @@ -17,9 +17,9 @@ stdenv.mkDerivation rec { buildInputs = [ gettext python3 ]; meta = with stdenv.lib; { - homepage = http://pkg-isocodes.alioth.debian.org/; + homepage = https://salsa.debian.org/iso-codes-team/iso-codes; description = "Various ISO codes packaged as XML files"; - maintainers = [ ]; + license = licenses.lgpl21; platforms = platforms.all; }; } From 964b1224318f252c3f7bbc621d5bd4a4b461d4ca Mon Sep 17 00:00:00 2001 From: Markus Kowalewski Date: Sun, 2 Sep 2018 20:18:15 +0200 Subject: [PATCH 027/173] liblas: update homepage --- pkgs/development/libraries/libLAS/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/development/libraries/libLAS/default.nix b/pkgs/development/libraries/libLAS/default.nix index de796307de1..7bd2a1ec573 100644 --- a/pkgs/development/libraries/libLAS/default.nix +++ b/pkgs/development/libraries/libLAS/default.nix @@ -24,7 +24,7 @@ stdenv.mkDerivation rec { meta = { description = "LAS 1.0/1.1/1.2 ASPRS LiDAR data translation toolset"; - homepage = https://www.liblas.org; + homepage = https://liblas.org; license = stdenv.lib.licenses.bsd3; platforms = stdenv.lib.platforms.unix; maintainers = [ stdenv.lib.maintainers.michelk ]; From c48a234ab1b826c7712b59a10dc541c83b76b5ee Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Romildo=20Malaquias?= Date: Sun, 2 Sep 2018 15:15:01 -0300 Subject: [PATCH 028/173] dtkcore: only define QT_HOST_DATA if it is empty, enable parallel building --- pkgs/desktops/deepin/dtkcore/default.nix | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/pkgs/desktops/deepin/dtkcore/default.nix b/pkgs/desktops/deepin/dtkcore/default.nix index 561e951f34d..1dfb627c605 100644 --- a/pkgs/desktops/deepin/dtkcore/default.nix +++ b/pkgs/desktops/deepin/dtkcore/default.nix @@ -23,11 +23,16 @@ stdenv.mkDerivation rec { ]; postPatch = '' - sed -i src/src.pro src/dtk_module.prf \ - -e "s,\$\''${QT_HOST_DATA}/mkspecs,$out/mkspecs," + # Only define QT_HOST_DATA if it is empty + sed '/QT_HOST_DATA=/a }' -i src/dtk_module.prf + sed '/QT_HOST_DATA=/i isEmpty(QT_HOST_DATA) {' -i src/dtk_module.prf - sed -i tools/script/dtk-translate.py \ - -e "s,#!env,#!/usr/bin/env," + # Fix shebang + sed -i tools/script/dtk-translate.py -e "s,#!env,#!/usr/bin/env," + ''; + + preConfigure = '' + qmakeFlags="$qmakeFlags QT_HOST_DATA=$out" ''; postFixup = '' @@ -35,6 +40,8 @@ stdenv.mkDerivation rec { wrapPythonProgramsIn "$out/lib/dtk2" "$out $pythonPath" ''; + enableParallelBuilding = true; + meta = with stdenv.lib; { description = "Deepin tool kit core modules"; homepage = https://github.com/linuxdeepin/dtkcore; From 564f722495531c0944d37ea990c6ead54cfea3b4 Mon Sep 17 00:00:00 2001 From: Markus Kowalewski Date: Sun, 2 Sep 2018 20:20:55 +0200 Subject: [PATCH 029/173] libmowgli: add license + update homepage --- pkgs/development/libraries/libmowgli/default.nix | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/pkgs/development/libraries/libmowgli/default.nix b/pkgs/development/libraries/libmowgli/default.nix index b23701837fa..512add5616a 100644 --- a/pkgs/development/libraries/libmowgli/default.nix +++ b/pkgs/development/libraries/libmowgli/default.nix @@ -3,15 +3,16 @@ stdenv.mkDerivation rec { name = "libmowgli-${version}"; version = "2.1.3"; - + src = fetchurl { url = "https://github.com/atheme/libmowgli-2/archive/v${version}.tar.gz"; sha256 = "0xx4vndmwz40pxa5gikl8z8cskpdl9a30i2i5fjncqzlp4pspymp"; }; - - meta = { + + meta = with stdenv.lib; { description = "A development framework for C providing high performance and highly flexible algorithms"; - homepage = http://www.atheme.org/projects/mowgli.shtml; - platforms = stdenv.lib.platforms.unix; + homepage = https://github.com/atheme/libmowgli-2; + license = licenses.isc; + platforms = platforms.unix; }; } From de7a1c8e4674d28e854948d7d86b79268852b823 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Romildo=20Malaquias?= Date: Sun, 2 Sep 2018 15:15:51 -0300 Subject: [PATCH 030/173] dtkwidget: init at 2.0.9.3 --- pkgs/desktops/deepin/default.nix | 1 + pkgs/desktops/deepin/dtkwidget/default.nix | 51 ++++++++++++++++++++++ 2 files changed, 52 insertions(+) create mode 100644 pkgs/desktops/deepin/dtkwidget/default.nix diff --git a/pkgs/desktops/deepin/default.nix b/pkgs/desktops/deepin/default.nix index 42a4b1989ca..912e6cdc807 100644 --- a/pkgs/desktops/deepin/default.nix +++ b/pkgs/desktops/deepin/default.nix @@ -11,6 +11,7 @@ let wnck = pkgs.libwnck3; }; dtkcore = callPackage ./dtkcore { }; + dtkwidget = callPackage ./dtkwidget { }; }; diff --git a/pkgs/desktops/deepin/dtkwidget/default.nix b/pkgs/desktops/deepin/dtkwidget/default.nix new file mode 100644 index 00000000000..c9dbd124b03 --- /dev/null +++ b/pkgs/desktops/deepin/dtkwidget/default.nix @@ -0,0 +1,51 @@ +{ stdenv, fetchFromGitHub, pkgconfig, qmake, qttools, qtmultimedia, + qtsvg, qtx11extras, librsvg, libstartup_notification, gsettings-qt, + dde-qt-dbus-factory, dtkcore +}: + +stdenv.mkDerivation rec { + name = "${pname}-${version}"; + pname = "dtkwidget"; + version = "2.0.9.3"; + + src = fetchFromGitHub { + owner = "linuxdeepin"; + repo = pname; + rev = version; + sha256 = "1ngspvjvws1d2nkyqjh9y45ilahkd1fqwxnlmazgik4355mb76bv"; + }; + + nativeBuildInputs = [ + pkgconfig + qmake + qttools + ]; + + buildInputs = [ + qtmultimedia + qtsvg + qtx11extras + librsvg + libstartup_notification + gsettings-qt + dde-qt-dbus-factory + dtkcore + ]; + + preConfigure = '' + qmakeFlags="$qmakeFlags \ + INCLUDE_INSTALL_DIR=$out/include \ + LIB_INSTALL_DIR=$out/lib \ + QT_HOST_DATA=$out" + ''; + + enableParallelBuilding = true; + + meta = with stdenv.lib; { + description = "Deepin graphical user interface library"; + homepage = https://github.com/linuxdeepin/dtkwidget; + license = licenses.gpl3; + platforms = platforms.linux; + maintainers = with maintainers; [ romildo ]; + }; +} From b9c53e32ca6198ef7e192296dbdb418d63e84c15 Mon Sep 17 00:00:00 2001 From: Markus Kowalewski Date: Sun, 2 Sep 2018 20:27:28 +0200 Subject: [PATCH 031/173] libtar: update homepage --- pkgs/development/libraries/libtar/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/development/libraries/libtar/default.nix b/pkgs/development/libraries/libtar/default.nix index 8123bf7ba84..481e7ad83cc 100644 --- a/pkgs/development/libraries/libtar/default.nix +++ b/pkgs/development/libraries/libtar/default.nix @@ -29,7 +29,7 @@ stdenv.mkDerivation rec { meta = with stdenv.lib; { description = "C library for manipulating POSIX tar files"; - homepage = http://www.feep.net/libtar/; + homepage = http://repo.or.cz/libtar; license = licenses.bsd3; platforms = with platforms; linux ++ darwin; maintainers = [ maintainers.bjornfor ]; From c7f081a9219c28bc194b03d98bf192c32500bffd Mon Sep 17 00:00:00 2001 From: Markus Kowalewski Date: Sun, 2 Sep 2018 20:28:24 +0200 Subject: [PATCH 032/173] libwebsockets: update homepage --- pkgs/development/libraries/libwebsockets/default.nix | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/pkgs/development/libraries/libwebsockets/default.nix b/pkgs/development/libraries/libwebsockets/default.nix index 1147c9606ad..9cd0aabcf09 100644 --- a/pkgs/development/libraries/libwebsockets/default.nix +++ b/pkgs/development/libraries/libwebsockets/default.nix @@ -21,9 +21,8 @@ stdenv.mkDerivation rec { use minimal CPU and memory resources, and provide fast throughput in both directions. ''; - homepage = https://libwebsockets.org/trac/libwebsockets; + homepage = https://libwebsockets.org; license = stdenv.lib.licenses.lgpl21; - maintainers = [ ]; platforms = stdenv.lib.platforms.all; }; } From e7f853acf36c983fb5821d18de5242ee31066d18 Mon Sep 17 00:00:00 2001 From: Markus Kowalewski Date: Sun, 2 Sep 2018 20:33:12 +0200 Subject: [PATCH 033/173] openslp: update homepage --- pkgs/development/libraries/openslp/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/development/libraries/openslp/default.nix b/pkgs/development/libraries/openslp/default.nix index 3e178d92013..537b67c5a3c 100644 --- a/pkgs/development/libraries/openslp/default.nix +++ b/pkgs/development/libraries/openslp/default.nix @@ -23,7 +23,7 @@ stdenv.mkDerivation { ]; meta = with stdenv.lib; { - homepage = http://openslp.org/; + homepage = http://www.openslp.org/; description = "An open-source implementation of the IETF Service Location Protocol"; maintainers = with maintainers; [ ttuegel ]; license = licenses.bsd3; From b6c721f6e958b05def71295134e4080cd182b50d Mon Sep 17 00:00:00 2001 From: Markus Kowalewski Date: Sun, 2 Sep 2018 20:44:46 +0200 Subject: [PATCH 034/173] pokersource: update homepage --- pkgs/development/libraries/poker-eval/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/development/libraries/poker-eval/default.nix b/pkgs/development/libraries/poker-eval/default.nix index f6e7ed56adc..51cc72ffd40 100644 --- a/pkgs/development/libraries/poker-eval/default.nix +++ b/pkgs/development/libraries/poker-eval/default.nix @@ -15,7 +15,7 @@ stdenv.mkDerivation rec { ''; meta = { - homepage = http://pokersource.org/poker-eval/; + homepage = http://pokersource.sourceforge.net; description = "Poker hand evaluator"; license = stdenv.lib.licenses.gpl3; maintainers = [stdenv.lib.maintainers.mtreskin]; From 58d03b427fce172208759e15043517dd28c17467 Mon Sep 17 00:00:00 2001 From: Markus Kowalewski Date: Sun, 2 Sep 2018 20:49:41 +0200 Subject: [PATCH 035/173] soqt,soxt: update homepage --- pkgs/development/libraries/soqt/default.nix | 2 +- pkgs/development/libraries/soxt/default.nix | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/libraries/soqt/default.nix b/pkgs/development/libraries/soqt/default.nix index fdad4e21b0b..9769596621b 100644 --- a/pkgs/development/libraries/soqt/default.nix +++ b/pkgs/development/libraries/soqt/default.nix @@ -14,7 +14,7 @@ stdenv.mkDerivation rec { nativeBuildInputs = [ pkgconfig ]; meta = { - homepage = http://www.coin3d.org/; + homepage = https://bitbucket.org/Coin3D/coin/wiki/Home; license = stdenv.lib.licenses.gpl2Plus; description = "Glue between Coin high-level 3D visualization library and Qt"; diff --git a/pkgs/development/libraries/soxt/default.nix b/pkgs/development/libraries/soxt/default.nix index 13f037960b0..c219d5bfb36 100644 --- a/pkgs/development/libraries/soxt/default.nix +++ b/pkgs/development/libraries/soxt/default.nix @@ -12,7 +12,7 @@ stdenv.mkDerivation rec { buildInputs = [ coin3d motif xlibsWrapper libGLU_combined ]; meta = with stdenv.lib; { - homepage = http://www.coin3d.org/; + homepage = https://bitbucket.org/Coin3D/coin/wiki/Home; license = licenses.bsd3; description = "A GUI binding for using Open Inventor with Xt/Motif"; maintainers = with maintainers; [ tmplt ]; From 4a901e44db2393a34b76b40aeef6a2315086d6dc Mon Sep 17 00:00:00 2001 From: Markus Kowalewski Date: Sun, 2 Sep 2018 20:53:01 +0200 Subject: [PATCH 036/173] tcllib: update homepage --- pkgs/development/libraries/tcllib/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/development/libraries/tcllib/default.nix b/pkgs/development/libraries/tcllib/default.nix index 6ffbe5dc60c..24b1d477b8a 100644 --- a/pkgs/development/libraries/tcllib/default.nix +++ b/pkgs/development/libraries/tcllib/default.nix @@ -16,7 +16,7 @@ stdenv.mkDerivation rec { buildInputs = [ tcl ]; meta = { - homepage = http://tcl.activestate.com/software/tcllib/; + homepage = https://sourceforge.net/projects/tcllib/; description = "Tcl-only library of standard routines for Tcl"; license = stdenv.lib.licenses.tcltk; platforms = stdenv.lib.platforms.unix; From 93a09d47065238be8f0a62b2768a455f8c09f7c2 Mon Sep 17 00:00:00 2001 From: Markus Kowalewski Date: Sun, 2 Sep 2018 20:54:39 +0200 Subject: [PATCH 037/173] vrpn: update homepage --- pkgs/development/libraries/vrpn/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/development/libraries/vrpn/default.nix b/pkgs/development/libraries/vrpn/default.nix index ddeecce21c6..0ae5ba147cb 100644 --- a/pkgs/development/libraries/vrpn/default.nix +++ b/pkgs/development/libraries/vrpn/default.nix @@ -26,7 +26,7 @@ stdenv.mkDerivation rec { set of physical devices (tracker, etc.) used in a virtual-reality (VR) system. ''; - homepage = http://www.vrpn.org/; + homepage = https://github.com/vrpn/vrpn; license = licenses.boost; # see https://github.com/vrpn/vrpn/wiki/License platforms = platforms.linux; maintainers = with maintainers; [ ludo ]; From d9649ea38b87572843da3c1cb57db677e6812a49 Mon Sep 17 00:00:00 2001 From: Markus Kowalewski Date: Sun, 2 Sep 2018 20:55:47 +0200 Subject: [PATCH 038/173] splint: update homepage --- pkgs/development/tools/analysis/splint/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/development/tools/analysis/splint/default.nix b/pkgs/development/tools/analysis/splint/default.nix index 2d6129dd376..57a83e54d70 100644 --- a/pkgs/development/tools/analysis/splint/default.nix +++ b/pkgs/development/tools/analysis/splint/default.nix @@ -15,7 +15,7 @@ stdenv.mkDerivation rec { doCheck = true; meta = with stdenv.lib; { - homepage = http://splint.org/; + homepage = http://www.splint.org/; description = "Annotation-assisted lightweight static analyzer for C"; longDescription = '' From c6878ad519556924f6f90756f03cab11404aa5a5 Mon Sep 17 00:00:00 2001 From: Markus Kowalewski Date: Sun, 2 Sep 2018 21:00:38 +0200 Subject: [PATCH 039/173] dfu-util: update homepage --- pkgs/development/tools/misc/dfu-util/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/development/tools/misc/dfu-util/default.nix b/pkgs/development/tools/misc/dfu-util/default.nix index d0a68caace6..2657e570106 100644 --- a/pkgs/development/tools/misc/dfu-util/default.nix +++ b/pkgs/development/tools/misc/dfu-util/default.nix @@ -23,7 +23,7 @@ stdenv.mkDerivation rec { phones. With dfu-util you are able to download firmware to your device or upload firmware from it. ''; - homepage = http://dfu-util.gnumonks.org/; + homepage = http://dfu-util.sourceforge.net; license = licenses.gpl2Plus; platforms = platforms.unix; maintainers = [ maintainers.fpletz ]; From 1c950666390b15e78d6a8ee6dd653151d12e077b Mon Sep 17 00:00:00 2001 From: Kenny Shen Date: Sun, 2 Sep 2018 19:05:05 +0000 Subject: [PATCH 040/173] gnu-pw-mgr: 2.3.3 -> 2.4.2 (#45951) --- pkgs/tools/security/gnu-pw-mgr/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/tools/security/gnu-pw-mgr/default.nix b/pkgs/tools/security/gnu-pw-mgr/default.nix index e71d313e20a..d58585c4069 100644 --- a/pkgs/tools/security/gnu-pw-mgr/default.nix +++ b/pkgs/tools/security/gnu-pw-mgr/default.nix @@ -2,10 +2,10 @@ stdenv.mkDerivation rec { name = "gnu-pw-mgr-${version}"; - version = "2.3.3"; + version = "2.4.2"; src = fetchurl { url = "http://ftp.gnu.org/gnu/gnu-pw-mgr/${name}.tar.xz"; - sha256 = "04xh38j7l0sfnb01kp05xc908pvqfc0lph94k7n9bi46zy3qy7ma"; + sha256 = "1yvdzc5w37qrjrkby5699ygj9bhkvgi3zk9k9jcjry1j6b7wdl17"; }; buildInputs = [ gnulib ]; From 720c163a55e6d8ad1ca391bc405214ac4bc09238 Mon Sep 17 00:00:00 2001 From: Roman Volosatovs Date: Sun, 2 Sep 2018 21:07:31 +0200 Subject: [PATCH 041/173] kitty: Add terminfo attr (#45953) --- pkgs/applications/misc/kitty/default.nix | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/pkgs/applications/misc/kitty/default.nix b/pkgs/applications/misc/kitty/default.nix index d3fff65a399..c34167b4ddb 100644 --- a/pkgs/applications/misc/kitty/default.nix +++ b/pkgs/applications/misc/kitty/default.nix @@ -26,6 +26,8 @@ buildPythonApplication rec { nativeBuildInputs = [ pkgconfig which sphinx ]; + outputs = [ "out" "terminfo" ]; + postPatch = '' substituteInPlace kitty/utils.py \ --replace "find_library('startup-notification-1')" "'${libstartup_notification}/lib/libstartup-notification-1.so'" @@ -47,11 +49,19 @@ buildPythonApplication rec { runHook postInstall ''; + postInstall = '' + mkdir -p $terminfo/share + mv $out/share/terminfo $terminfo/share/terminfo + + mkdir -p $out/nix-support + echo "$terminfo" >> $out/nix-support/propagated-user-env-packages + ''; + meta = with stdenv.lib; { homepage = https://github.com/kovidgoyal/kitty; description = "A modern, hackable, featureful, OpenGL based terminal emulator"; license = licenses.gpl3; platforms = platforms.linux; - maintainers = with maintainers; [ tex ]; + maintainers = with maintainers; [ tex rvolosatovs ]; }; } From 0dd7a0f2665d6215b25ddb453dd7b51bcb40c589 Mon Sep 17 00:00:00 2001 From: Christopher Birkbeck Date: Sun, 2 Sep 2018 15:21:14 -0400 Subject: [PATCH 042/173] Added an example for environment.variable. (#45956) --- nixos/modules/config/shells-environment.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/nixos/modules/config/shells-environment.nix b/nixos/modules/config/shells-environment.nix index b2bfc785f2a..31adc9b8262 100644 --- a/nixos/modules/config/shells-environment.nix +++ b/nixos/modules/config/shells-environment.nix @@ -34,6 +34,7 @@ in environment.variables = mkOption { default = {}; + example = { EDITOR = "nvim"; VISUAL = "nvim"; }; description = '' A set of environment variables used in the global environment. These variables will be set on shell initialisation (e.g. in /etc/profile). From ae76e51f86a9f0d9c677e90e992126dda8276629 Mon Sep 17 00:00:00 2001 From: Milan Svoboda Date: Sun, 2 Sep 2018 21:42:47 +0200 Subject: [PATCH 043/173] FreeOrion 0.4.7.1 -> 0.4.8 (#45943) --- pkgs/games/freeorion/default.nix | 20 +++++++++----------- pkgs/games/freeorion/fix-paths.sh | 4 ++-- pkgs/games/freeorion/fix_rpaths.patch | 11 ----------- 3 files changed, 11 insertions(+), 24 deletions(-) delete mode 100644 pkgs/games/freeorion/fix_rpaths.patch diff --git a/pkgs/games/freeorion/default.nix b/pkgs/games/freeorion/default.nix index 011812580e7..a9ebd994bb8 100644 --- a/pkgs/games/freeorion/default.nix +++ b/pkgs/games/freeorion/default.nix @@ -4,29 +4,25 @@ }: stdenv.mkDerivation rec { - version = "0.4.7.1"; + version = "0.4.8"; name = "freeorion-${version}"; src = fetchFromGitHub { owner = "freeorion"; repo = "freeorion"; - rev = "v${version}"; - sha256 = "1m05l3a6ilqd7p2g3aqjpq89grb571cg8n9bpgz0y3sxskcym6sp"; + rev = "v${version}"; + sha256 = "1lj1q2ljjgbbiqxb53wdrrcz0zxxr3vv9jqrhbzvfsss7q808jfw"; }; - buildInputs = [ boost SDL2 python2 freetype openal libogg libvorbis zlib libpng libtiff libjpeg libGLU_combined glew ]; + buildInputs = [ + (boost.override { enablePython = true; }) + SDL2 python2 freetype openal libogg libvorbis zlib libpng libtiff libjpeg libGLU_combined glew ]; nativeBuildInputs = [ cmake doxygen graphviz makeWrapper ]; enableParallelBuilding = true; patches = [ - # fix build with boost 1.66 - (fetchpatch { - url = https://github.com/freeorion/freeorion/commit/c9b5b13fb81b1ed142dee0e843101c6b8832ca95.patch; - sha256 = "0agqhxk8462sgd230lmdzbrbrfd77zyy7a4g8hrf28zxza1nza94"; - }) - ./fix_rpaths.patch ]; postInstall = '' @@ -41,7 +37,8 @@ stdenv.mkDerivation rec { chmod +x $out/fixpaths/fix-paths wrapProgram $out/bin/freeorion \ - --run $out/fixpaths/fix-paths + --run $out/fixpaths/fix-paths \ + --prefix LD_LIBRARY_PATH : $out/lib/freeorion ''; meta = with stdenv.lib; { @@ -49,5 +46,6 @@ stdenv.mkDerivation rec { homepage = http://www.freeorion.org; license = with licenses; [ gpl2 cc-by-sa-30 ]; platforms = platforms.linux; + maintainers = with maintainers; [ tex ]; }; } diff --git a/pkgs/games/freeorion/fix-paths.sh b/pkgs/games/freeorion/fix-paths.sh index cd6f381de25..73a3bd6feda 100644 --- a/pkgs/games/freeorion/fix-paths.sh +++ b/pkgs/games/freeorion/fix-paths.sh @@ -1,6 +1,6 @@ #!/bin/sh -if [ -e ~/.freeorion/config.xml ]; then - @libxsltBin@/bin/xsltproc -o ~/.freeorion/config.xml @out@/fixpaths/fix-paths.xslt ~/.freeorion/config.xml +if [ -e ~/.config/freeorion/config.xml ]; then + @libxsltBin@/bin/xsltproc -o ~/.config/freeorion/config.xml @out@/fixpaths/fix-paths.xslt ~/.config/freeorion/config.xml fi exit 0 diff --git a/pkgs/games/freeorion/fix_rpaths.patch b/pkgs/games/freeorion/fix_rpaths.patch deleted file mode 100644 index f53e9821e5d..00000000000 --- a/pkgs/games/freeorion/fix_rpaths.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- a/CMakeLists.txt -+++ b/CMakeLists.txt -@@ -46,7 +46,7 @@ - set(FreeOrion_INSTALL_LIBDIR "${CMAKE_INSTALL_LIBDIR}/freeorion") - endif() - --set(CMAKE_INSTALL_RPATH "${CMAKE_INSTALL_PREFIX}/${FreeOrion_INSTALL_LIBDIR}") -+set(CMAKE_INSTALL_RPATH "${CMAKE_INSTALL_FULL_LIBDIR}/freeorion") - set(CMAKE_INSTALL_RPATH_USE_LINK_PATH TRUE) - - if (WIN32) From a402c8f2957cd2cc27c96de03fa85297055c5e6c Mon Sep 17 00:00:00 2001 From: Jan Malakhovski Date: Sun, 2 Sep 2018 19:47:06 +0000 Subject: [PATCH 044/173] fbreader: 0.99.4 -> 0.99.6, switch to fetchFromGitHub, add more build options (#45840) This, apparently, is not an official release (it's tagged, but the tarball is not available on the official site), but this repo is the official repo mentioned on the official site. This fixes a bunch of very annoying bugs present in 0.99.4, e.g. ``` $ FBReader filename ``` does not crash anymore. Yay! --- pkgs/applications/misc/fbreader/default.nix | 70 +++++++++++++------ .../misc/fbreader/typecheck.patch | 11 +++ pkgs/top-level/all-packages.nix | 4 +- 3 files changed, 64 insertions(+), 21 deletions(-) create mode 100644 pkgs/applications/misc/fbreader/typecheck.patch diff --git a/pkgs/applications/misc/fbreader/default.nix b/pkgs/applications/misc/fbreader/default.nix index 6fa34a008e7..548966764fe 100644 --- a/pkgs/applications/misc/fbreader/default.nix +++ b/pkgs/applications/misc/fbreader/default.nix @@ -1,38 +1,68 @@ -{ stdenv, fetchurl, pkgconfig, bzip2, curl, expat, fribidi -, libunibreak, qt4, sqlite, zlib }: +{ stdenv, fetchFromGitHub, pkgconfig +, bzip2, curl, expat, fribidi, libunibreak, sqlite, zlib +, uiTarget ? if !stdenv.isDarwin then "desktop" else "macosx" +, uiType ? if !stdenv.isDarwin then "qt4" else "cocoa" +, qt4, gtk2 +, AppKit, Cocoa +}: + +with stdenv.lib; + +assert elem uiTarget [ "desktop" "macosx" ]; +assert elem uiType [ "qt4" "gtk" "cocoa" ]; +assert uiTarget == "macosx" -> uiType == "cocoa"; + +# Note: "qt" uiType option mentioned in ${src}/README.build is qt3, +# which is way to old and no longer in nixpkgs. stdenv.mkDerivation { - name = "fbreader-0.99.4"; + name = "fbreader-${uiType}-0.99.6"; - src = fetchurl { - url = https://fbreader.org/files/desktop/fbreader-sources-0.99.4.tgz; - sha256 = "1sdq3vvwkq4bkyrvh0p884d66gaddz8hlab3m798ji9ixbak2z1x"; + src = fetchFromGitHub { + owner = "geometer"; + repo = "FBReader"; + rev = "9e608db14372ae580beae4976eec7241fa069e75"; + sha256 = "0lzafk02mv0cf2l2a61q5y4743zi913byik4bw1ix0gr1drnsa7y"; }; + patches = [ ./typecheck.patch ]; + + postPatch = '' + cat << EOF > makefiles/target.mk + TARGET_ARCH = ${uiTarget} + TARGET_STATUS = release + UI_TYPE = ${uiType} + EOF + + substituteInPlace makefiles/arch/desktop.mk \ + --replace ccache "" \ + --replace moc-qt4 moc + + # libunibreak supersedes liblinebreak + substituteInPlace zlibrary/text/Makefile \ + --replace -llinebreak -lunibreak + ''; + nativeBuildInputs = [ pkgconfig ]; + buildInputs = [ - bzip2 curl expat fribidi libunibreak - qt4 sqlite zlib - ]; + bzip2 curl expat fribidi libunibreak sqlite zlib + ] + ++ optional (uiType == "qt4") qt4 + ++ optional (uiType == "gtk") gtk2 + ++ optionals (uiType == "cocoa") [ AppKit Cocoa ]; makeFlags = "INSTALLDIR=$(out)"; NIX_CFLAGS_COMPILE = [ "-Wno-error=narrowing" ]; # since gcc-6 - patchPhase = '' - # don't try to use ccache - substituteInPlace makefiles/arch/desktop.mk \ - --replace "CCACHE = " "# CCACHE = " - - substituteInPlace fbreader/desktop/Makefile \ - --replace "/usr/share" "$out/share" - ''; - meta = with stdenv.lib; { description = "An e-book reader for Linux"; homepage = http://www.fbreader.org/; license = licenses.gpl3; - platforms = platforms.linux; # possibly also on unix general + broken = stdenv.isDarwin # untested, might work + || uiType == "gtk"; # builds, but the result is unusable, hangs a lot + platforms = platforms.unix; maintainers = [ maintainers.coroa ]; - }; + }; } diff --git a/pkgs/applications/misc/fbreader/typecheck.patch b/pkgs/applications/misc/fbreader/typecheck.patch new file mode 100644 index 00000000000..cbac290e69c --- /dev/null +++ b/pkgs/applications/misc/fbreader/typecheck.patch @@ -0,0 +1,11 @@ +diff --git a/fbreader/src/database/booksdb/BooksDB.cpp b/fbreader/src/database/booksdb/BooksDB.cpp +index e33a22e76..1b6092800 100644 +--- a/fbreader/src/database/booksdb/BooksDB.cpp ++++ b/fbreader/src/database/booksdb/BooksDB.cpp +@@ -146,5 +146,5 @@ shared_ptr BooksDB::loadBook(const std::string &fileName) { + myFindFileId->setFileName(fileName); + if (!myFindFileId->run()) { +- return false; ++ return 0; + } + ((DBIntValue&)*myLoadBook->parameter("@file_id").value()) = myFindFileId->fileId(); diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index c95926aa6be..e09e89b0b90 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -16269,7 +16269,9 @@ with pkgs; fbpanel = callPackage ../applications/window-managers/fbpanel { }; - fbreader = callPackage ../applications/misc/fbreader { }; + fbreader = callPackage ../applications/misc/fbreader { + inherit (darwin.apple_sdk.frameworks) AppKit Cocoa; + }; fdr = libsForQt5.callPackage ../applications/science/programming/fdr { }; From ff23dd110bcd6993a9449d68cfcbf7f41ea14e10 Mon Sep 17 00:00:00 2001 From: Graham Christensen Date: Sun, 2 Sep 2018 15:45:04 -0400 Subject: [PATCH 045/173] nixos docs: more IDs --- nixos/doc/manual/configuration/x-windows.xml | 8 ++++---- nixos/doc/manual/configuration/xfce.xml | 6 +++--- nixos/doc/manual/development/option-def.xml | 6 +++--- nixos/modules/i18n/input-method/default.xml | 2 +- 4 files changed, 11 insertions(+), 11 deletions(-) diff --git a/nixos/doc/manual/configuration/x-windows.xml b/nixos/doc/manual/configuration/x-windows.xml index 948b35209b7..703a1b8b7f0 100644 --- a/nixos/doc/manual/configuration/x-windows.xml +++ b/nixos/doc/manual/configuration/x-windows.xml @@ -60,7 +60,7 @@ # systemctl start display-manager.service - + NVIDIA Graphics Cards NVIDIA provides a proprietary driver for its graphics cards that has better @@ -86,7 +86,7 @@ - + AMD Graphics Cards AMD provides a proprietary driver for its graphics cards that has better 3D @@ -106,7 +106,7 @@ - + Touchpads Support for Synaptics touchpads (found in many laptops such as the Dell @@ -123,7 +123,7 @@ since NixOS 17.09. - + GTK/Qt themes GTK themes can be installed either to user profile or system-wide (via diff --git a/nixos/doc/manual/configuration/xfce.xml b/nixos/doc/manual/configuration/xfce.xml index 40e61d2bd69..77d5d963279 100644 --- a/nixos/doc/manual/configuration/xfce.xml +++ b/nixos/doc/manual/configuration/xfce.xml @@ -31,7 +31,7 @@ (system wide), put them into your . - + Thunar Volume Support To enable Thunar volume support, put @@ -41,7 +41,7 @@ into your configuration.nix. - + Polkit Authentication Agent There is no authentication agent automatically installed alongside Xfce. To @@ -50,7 +50,7 @@ and login did the trick. - + Troubleshooting Even after enabling udisks2, volume management might not work. Thunar and/or diff --git a/nixos/doc/manual/development/option-def.xml b/nixos/doc/manual/development/option-def.xml index 580a5afd58c..50a705d0cb8 100644 --- a/nixos/doc/manual/development/option-def.xml +++ b/nixos/doc/manual/development/option-def.xml @@ -17,7 +17,7 @@ config = { definitions in a property to achieve certain effects: - + Delaying Conditionals If a set of option definitions is conditional on the value of another @@ -59,7 +59,7 @@ config = { - + Setting Priorities A module can override the definitions of an option in other modules by @@ -76,7 +76,7 @@ services.openssh.enable = mkOverride 10 false; - + Merging Configurations In conjunction with mkIf, it is sometimes useful for a diff --git a/nixos/modules/i18n/input-method/default.xml b/nixos/modules/i18n/input-method/default.xml index 524fbbb19e9..ab918a9fb23 100644 --- a/nixos/modules/i18n/input-method/default.xml +++ b/nixos/modules/i18n/input-method/default.xml @@ -69,7 +69,7 @@ ibus.engines = with pkgs.ibus-engines; [ table table-others ]; as shown above, and also (after running nixos-rebuild) the input method must be added from IBus' preference dialog. - + Troubleshooting If IBus works in some applications but not others, a likely cause of this is that IBus is depending on a different version of From a3872f66b73a603a6b030e5bcae537c4daf35643 Mon Sep 17 00:00:00 2001 From: Mario Rodas Date: Sun, 2 Sep 2018 14:51:49 -0500 Subject: [PATCH 046/173] racket-minimal: fix hash (#45952) --- pkgs/development/interpreters/racket/minimal.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/development/interpreters/racket/minimal.nix b/pkgs/development/interpreters/racket/minimal.nix index c63d0040cfe..ba4e94cbf13 100644 --- a/pkgs/development/interpreters/racket/minimal.nix +++ b/pkgs/development/interpreters/racket/minimal.nix @@ -5,7 +5,7 @@ racket.overrideAttrs (oldAttrs: rec { name = "racket-minimal-${oldAttrs.version}"; src = oldAttrs.src.override { inherit name; - sha256 = "0c565jy2y3gjl5lncd5adjsrj8c24p4i062kphv26ni5q1nn5ip5"; + sha256 = "0ivpr1a2w1ln1lx91q11rj9wp3rbfq33acrz2gxxvd80qqaq3zyh"; }; meta = oldAttrs.meta // { From 61deecdc34fc609d0f805b434101f3c8ae3b807a Mon Sep 17 00:00:00 2001 From: Graham Christensen Date: Sun, 2 Sep 2018 15:56:02 -0400 Subject: [PATCH 047/173] nixos docs: more IDs --- nixos/modules/services/editors/emacs.xml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/nixos/modules/services/editors/emacs.xml b/nixos/modules/services/editors/emacs.xml index 631570d6dec..94eb2e6a77b 100644 --- a/nixos/modules/services/editors/emacs.xml +++ b/nixos/modules/services/editors/emacs.xml @@ -274,7 +274,7 @@ $ ./result/bin/emacs -q The list of available packages in the various ELPA repositories can be seen with the following commands: - + Querying Emacs packages " -qaP -A emacsPackagesNg.elpaPackages @@ -291,7 +291,7 @@ nix-env -f "" -qaP -A emacsPackagesNg.orgPackages (see ). Simply modify your file configuration.nix to make it contain: - + Custom Emacs in <filename>configuration.nix</filename> ~/.config/nixpkgs/config.nix (see Nixpkgs manual): - + Custom Emacs in <filename>~/.config/nixpkgs/config.nix</filename> + Package initialization in <filename>.emacs</filename> Date: Sun, 2 Sep 2018 16:45:00 -0400 Subject: [PATCH 048/173] 18.09 -> 19.03 Name coming in the future. --- .version | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.version b/.version index 770bde1f44b..360de6347ae 100644 --- a/.version +++ b/.version @@ -1 +1 @@ -18.09 +19.03 \ No newline at end of file From e144899b7492d8fdc48c685516347ba7788245a5 Mon Sep 17 00:00:00 2001 From: Samuel Dionne-Riel Date: Sun, 2 Sep 2018 17:17:59 -0400 Subject: [PATCH 049/173] =?UTF-8?q?release-notes:=20Adds=2019.03=20?= =?UTF-8?q?=E2=80=94=20Koi?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../manual/release-notes/release-notes.xml | 1 + nixos/doc/manual/release-notes/rl-1903.xml | 58 +++++++++++++++++++ nixos/modules/misc/version.nix | 2 +- 3 files changed, 60 insertions(+), 1 deletion(-) create mode 100644 nixos/doc/manual/release-notes/rl-1903.xml diff --git a/nixos/doc/manual/release-notes/release-notes.xml b/nixos/doc/manual/release-notes/release-notes.xml index 94f176186b6..a222bfa29d5 100644 --- a/nixos/doc/manual/release-notes/release-notes.xml +++ b/nixos/doc/manual/release-notes/release-notes.xml @@ -8,6 +8,7 @@ This section lists the release notes for each stable version of NixOS and current unstable revision. + diff --git a/nixos/doc/manual/release-notes/rl-1903.xml b/nixos/doc/manual/release-notes/rl-1903.xml new file mode 100644 index 00000000000..9ae34dd58ab --- /dev/null +++ b/nixos/doc/manual/release-notes/rl-1903.xml @@ -0,0 +1,58 @@ +
+ Release 19.03 (“Koi”, 2019/03/??) + +
+ Highlights + + + In addition to numerous new and upgraded packages, this release has the + following highlights: + + + + + + + +
+ +
+ New Services + + + The following new services were added since the last release: + + + + + + + +
+ +
+ Other Notable Changes + + + + + + +
+
diff --git a/nixos/modules/misc/version.nix b/nixos/modules/misc/version.nix index 63717e0c6a8..c593adcdae6 100644 --- a/nixos/modules/misc/version.nix +++ b/nixos/modules/misc/version.nix @@ -84,7 +84,7 @@ in versionSuffix = mkIf (pathIsDirectory gitRepo) (mkDefault (".git." + gitCommitId)); # Note: the first letter is bumped on every release. It's an animal. - codeName = "Jellyfish"; + codeName = "Koi"; }; # Generate /etc/os-release. See From f828bb313b49251602e6ddb0132b5792bdcc5405 Mon Sep 17 00:00:00 2001 From: worldofpeace Date: Sun, 2 Sep 2018 18:50:40 -0400 Subject: [PATCH 050/173] valadoc: fix build --- pkgs/development/tools/valadoc/default.nix | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/pkgs/development/tools/valadoc/default.nix b/pkgs/development/tools/valadoc/default.nix index 8f9087ee3b3..6515e220f3d 100644 --- a/pkgs/development/tools/valadoc/default.nix +++ b/pkgs/development/tools/valadoc/default.nix @@ -11,8 +11,6 @@ stdenv.mkDerivation rec { nativeBuildInputs = [ automake autoconf which gnome3.vala libtool pkgconfig gobjectIntrospection ]; buildInputs = [ graphviz glib gnome3.libgee expat ]; - preConfigure = "./autogen.sh"; - passthru = { updateScript = gnome3.updateScript { packageName = "valadoc"; @@ -20,10 +18,10 @@ stdenv.mkDerivation rec { }; meta = with stdenv.lib; { - description = "valadoc is a documentation generator for generating API documentation from Vala source code"; - homepage = https://valadoc.org; - license = stdenv.lib.licenses.gpl2; + description = "A documentation generator for generating API documentation from Vala source code"; + homepage = https://valadoc.org; + license = licenses.gpl2; maintainers = with maintainers; [ sternenseemann ]; - platforms = with platforms; linux; + platforms = platforms.linux; }; } From 029b9924f1b2b024e4e18750c3aec1588b7d0fbb Mon Sep 17 00:00:00 2001 From: Tim Steinbach Date: Sun, 2 Sep 2018 18:56:38 -0400 Subject: [PATCH 051/173] linux: 4.19-rc1 -> 4.19-rc2 --- pkgs/os-specific/linux/kernel/linux-testing.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/os-specific/linux/kernel/linux-testing.nix b/pkgs/os-specific/linux/kernel/linux-testing.nix index 44f267bf715..1f45348824a 100644 --- a/pkgs/os-specific/linux/kernel/linux-testing.nix +++ b/pkgs/os-specific/linux/kernel/linux-testing.nix @@ -1,13 +1,13 @@ { stdenv, buildPackages, fetchurl, perl, buildLinux, libelf, utillinux, ... } @ args: buildLinux (args // rec { - version = "4.19-rc1"; - modDirVersion = "4.19.0-rc1"; + version = "4.19-rc2"; + modDirVersion = "4.19.0-rc2"; extraMeta.branch = "4.19"; src = fetchurl { url = "https://git.kernel.org/torvalds/t/linux-${version}.tar.gz"; - sha256 = "14c9xg9sv0jrdri36das97vdbybi7vmcy59mj9wmgaz81cdk3wg5"; + sha256 = "0a5ip4dxv5y1mdi03m5rnz2l9k6kv30gciss6fag41lwsfwwln3z"; }; # Should the testing kernels ever be built on Hydra? From 451e04fb4d1d258db8773e347c7cdaaaba1a9aad Mon Sep 17 00:00:00 2001 From: worldofpeace Date: Sun, 2 Sep 2018 18:59:23 -0400 Subject: [PATCH 052/173] SkypeExport: fix build --- .../networking/instant-messengers/SkypeExport/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/applications/networking/instant-messengers/SkypeExport/default.nix b/pkgs/applications/networking/instant-messengers/SkypeExport/default.nix index 9ec9a3451be..163f0ba3f49 100644 --- a/pkgs/applications/networking/instant-messengers/SkypeExport/default.nix +++ b/pkgs/applications/networking/instant-messengers/SkypeExport/default.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchFromGitHub, cmake, boost }: +{ stdenv, fetchFromGitHub, cmake, boost166 }: stdenv.mkDerivation rec { name = "SkypeExport-${version}"; @@ -12,7 +12,7 @@ stdenv.mkDerivation rec { }; nativeBuildInputs = [ cmake ]; - buildInputs = [ boost ]; + buildInputs = [ boost166 ]; preConfigure = "cd src/SkypeExport/_gccbuild/linux"; installPhase = "install -Dt $out/bin SkypeExport"; From 4652f2f87ebfa82b3c9fde3dd0cd7a84fe90ff58 Mon Sep 17 00:00:00 2001 From: aszlig Date: Mon, 3 Sep 2018 01:08:29 +0200 Subject: [PATCH 053/173] nixos: Document option description changes This adds a release notes entry to make users (and especially developers) aware so they no longer need to use in option descriptions as this is now done automatically on every two consecutive newlines. More details can be found in the commit message of f865d0feabfafbb30a9e. Signed-off-by: aszlig --- nixos/doc/manual/release-notes/rl-1809.xml | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/nixos/doc/manual/release-notes/rl-1809.xml b/nixos/doc/manual/release-notes/rl-1809.xml index 421208ec0f8..30e98a23bdf 100644 --- a/nixos/doc/manual/release-notes/rl-1809.xml +++ b/nixos/doc/manual/release-notes/rl-1809.xml @@ -528,6 +528,14 @@ inherit (pkgs.nixos { to true. + + + NixOS option descriptions are now automatically broken up into individual + paragraphs if the text contains two consecutive newlines, so it's no + longer necessary to use </para><para> to start + a new paragraph. + + From 6ed0823e1507c0674c8eb4cabb73ba30874a45e1 Mon Sep 17 00:00:00 2001 From: worldofpeace Date: Sun, 2 Sep 2018 19:31:04 -0400 Subject: [PATCH 054/173] xfce4-mixer: fix build --- pkgs/desktops/xfce4-13/xfce4-mixer/default.nix | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/pkgs/desktops/xfce4-13/xfce4-mixer/default.nix b/pkgs/desktops/xfce4-13/xfce4-mixer/default.nix index 266b05199dd..a4bc0a3eadd 100644 --- a/pkgs/desktops/xfce4-13/xfce4-mixer/default.nix +++ b/pkgs/desktops/xfce4-13/xfce4-mixer/default.nix @@ -1,5 +1,10 @@ -{ mkXfceDerivation, automakeAddFlags, dbus-glib, gtk2, libxfce4ui, libxfce4util, xfce4-panel, xfconf }: +{ mkXfceDerivation, automakeAddFlags, dbus-glib, gtk2, libxfce4ui, libxfce4util, xfce4-panel, xfconf, gst-plugins-base, libunique }: +let + gst_plugins_minimal = gst-plugins-base.override { + minimalDeps = true; + }; +in mkXfceDerivation rec { category = "apps"; pname = "xfce4-mixer"; @@ -16,7 +21,9 @@ mkXfceDerivation rec { buildInputs = [ dbus-glib + gst_plugins_minimal gtk2 + libunique libxfce4ui libxfce4util xfce4-panel From 347638ccfee74c06cae53983ea741d39d1efc032 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Mon, 3 Sep 2018 01:23:35 +0200 Subject: [PATCH 055/173] nix: 2.0.4 -> 2.1 --- nixos/modules/installer/tools/nix-fallback-paths.nix | 8 ++++---- pkgs/tools/package-management/nix/default.nix | 11 +++++------ 2 files changed, 9 insertions(+), 10 deletions(-) diff --git a/nixos/modules/installer/tools/nix-fallback-paths.nix b/nixos/modules/installer/tools/nix-fallback-paths.nix index 7c5414257b4..6611a6ca079 100644 --- a/nixos/modules/installer/tools/nix-fallback-paths.nix +++ b/nixos/modules/installer/tools/nix-fallback-paths.nix @@ -1,6 +1,6 @@ { - x86_64-linux = "/nix/store/0d60i73mcv8z1m8d2m74yfn84980gfsa-nix-2.0.4"; - i686-linux = "/nix/store/6ssafj2s5a2g9x28yld7b70vwd6vw6lb-nix-2.0.4"; - aarch64-linux = "/nix/store/3wwch7bp7n7xsl8apgy2a4b16yzyij1z-nix-2.0.4"; - x86_64-darwin = "/nix/store/771l8i0mz4c8kry8cz3sz8rr3alalckg-nix-2.0.4"; + x86_64-linux = "/nix/store/r9i30v8nasafg2851wflg71ln49fw03y-nix-2.1"; + i686-linux = "/nix/store/dsg3pr7wwrk51f7la9wgby173j18llqh-nix-2.1"; + aarch64-linux = "/nix/store/m3qgnch4xin21pmd1azas8kkcp9rhkr6-nix-2.1"; + x86_64-darwin = "/nix/store/n7fvy0k555gwkkdszdkhi3h0aahca8h3-nix-2.1"; } diff --git a/pkgs/tools/package-management/nix/default.nix b/pkgs/tools/package-management/nix/default.nix index bc07dd457f3..a447fbf2282 100644 --- a/pkgs/tools/package-management/nix/default.nix +++ b/pkgs/tools/package-management/nix/default.nix @@ -29,7 +29,7 @@ let buildInputs = [ curl openssl sqlite xz bzip2 ] ++ lib.optional (stdenv.isLinux || stdenv.isDarwin) libsodium - ++ lib.optionals is20 [ brotli ] # Since 1.12 + ++ lib.optionals is20 [ brotli boost ] ++ lib.optional withLibseccomp libseccomp ++ lib.optional ((stdenv.isLinux || stdenv.isDarwin) && is20) ((aws-sdk-cpp.override { @@ -40,8 +40,7 @@ let url = https://github.com/edolstra/aws-sdk-cpp/commit/7d58e303159b2fb343af9a1ec4512238efa147c7.patch; sha256 = "103phn6kyvs1yc7fibyin3lgxz699qakhw671kl207484im55id1"; })]; - })) - ++ lib.optional fromGit boost; + })); propagatedBuildInputs = [ boehmgc ]; @@ -51,7 +50,7 @@ let preConfigure = # Copy libboost_context so we don't get all of Boost in our closure. # https://github.com/NixOS/nixpkgs/issues/45462 - lib.optionalString fromGit + lib.optionalString is20 '' mkdir -p $out/lib cp ${boost}/lib/libboost_context* $out/lib @@ -148,10 +147,10 @@ in rec { }) // { perl-bindings = nix1; }; nixStable = (common rec { - name = "nix-2.0.4"; + name = "nix-2.1"; src = fetchurl { url = "http://nixos.org/releases/nix/${name}/${name}.tar.xz"; - sha256 = "166540ff7b8bb41449586b67e5fc6ab9e25525f6724b6c6bcbfb0648fbd6496b"; + sha256 = "0ed68e0c50f13810768fcf510abb2c56d735172c39a325aac7453ccf7ae152fc"; }; }) // { perl-bindings = perl-bindings { nix = nixStable; }; }; From 8e15622cf36ba78f69b539e6a991079f2d46a965 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Mon, 3 Sep 2018 01:15:59 +0100 Subject: [PATCH 056/173] python.pkgs.inflect: 0.2.5 -> 1.0.0 --- .../python-modules/inflect/default.nix | 15 +++++++++++++++ pkgs/top-level/python-packages.nix | 10 +--------- 2 files changed, 16 insertions(+), 9 deletions(-) create mode 100644 pkgs/development/python-modules/inflect/default.nix diff --git a/pkgs/development/python-modules/inflect/default.nix b/pkgs/development/python-modules/inflect/default.nix new file mode 100644 index 00000000000..94b0fc801fa --- /dev/null +++ b/pkgs/development/python-modules/inflect/default.nix @@ -0,0 +1,15 @@ +{ buildPythonPackage, fetchPypi, setuptools_scm, nose, six }: + +buildPythonPackage rec { + pname = "inflect"; + version = "1.0.0"; + + src = fetchPypi { + inherit pname version; + sha256 = "0ll34l5b2wsbcw9i2hvkhmq6szxrp7fzc2hjmpz1cvny81bhg3kx"; + }; + + buildInputs = [ setuptools_scm ]; + checkInputs = [ nose ]; + propagatedBuildInputs = [ six ]; +} diff --git a/pkgs/top-level/python-packages.nix b/pkgs/top-level/python-packages.nix index d2b45e979a3..bcda67d2bee 100644 --- a/pkgs/top-level/python-packages.nix +++ b/pkgs/top-level/python-packages.nix @@ -17067,15 +17067,7 @@ EOF propagatedBuildInputs = with self; [ inflect more-itertools six ]; }; - inflect = buildPythonPackage rec { - name = "inflect-${version}"; - version = "0.2.5"; - - src = pkgs.fetchurl { - url = "mirror://pypi/i/inflect/${name}.tar.gz"; - sha256 = "065866j9msrivbr74yrag53ch0lav7xz18qvjkiblkhinbfch510"; - }; - }; + inflect = callPackage ../development/python-modules/inflect { }; more-itertools = callPackage ../development/python-modules/more-itertools { }; From 97b73d6a58600f3c647592eadbd110d3a968fac4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Mon, 3 Sep 2018 01:17:06 +0100 Subject: [PATCH 057/173] python.pkgs.jaraco.stream: 1.1.1 -> 1.2 --- .../python-modules/jaraco_stream/default.nix | 13 +++++++++++++ pkgs/top-level/python-packages.nix | 15 +-------------- 2 files changed, 14 insertions(+), 14 deletions(-) create mode 100644 pkgs/development/python-modules/jaraco_stream/default.nix diff --git a/pkgs/development/python-modules/jaraco_stream/default.nix b/pkgs/development/python-modules/jaraco_stream/default.nix new file mode 100644 index 00000000000..5788a52dfff --- /dev/null +++ b/pkgs/development/python-modules/jaraco_stream/default.nix @@ -0,0 +1,13 @@ +{ buildPythonPackage, fetchPypi, setuptools_scm, six }: + +buildPythonPackage rec { + pname = "jaraco.stream"; + version = "1.2"; + src = fetchPypi { + inherit pname version; + sha256 = "06qsjyab56vi0ikr819ghb7f8ymf09n92vla7gcn8j12113m2mib"; + }; + doCheck = false; + buildInputs = [ setuptools_scm ]; + propagatedBuildInputs = [ six ]; +} diff --git a/pkgs/top-level/python-packages.nix b/pkgs/top-level/python-packages.nix index bcda67d2bee..0ac94bc76f3 100644 --- a/pkgs/top-level/python-packages.nix +++ b/pkgs/top-level/python-packages.nix @@ -17087,21 +17087,8 @@ EOF buildInputs = with self; [ setuptools_scm ]; }; - jaraco_stream = buildPythonPackage rec { - name = "jaraco.stream-${version}"; - version = "1.1.1"; - src = pkgs.fetchurl { - url = "mirror://pypi/j/jaraco.stream/${name}.tar.gz"; - sha256 = "0iwg5ljc2z8wwyl2wv7lldwviwd0q4rsccascyqvqqs0l2rcn4gi"; - }; - - doCheck = false; - - buildInputs = with self; [ setuptools_scm ]; - - propagatedBuildInputs = with self; [ six ]; - }; + jaraco_stream = callPackage ../development/python-modules/jaraco_stream { }; tempora= callPackage ../development/python-modules/tempora { }; From b3e9520a0ce0e36c7ce368acaa11d061117e9185 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Mon, 3 Sep 2018 01:17:36 +0100 Subject: [PATCH 058/173] python.pkgs.jaraco.classes: 1.4 -> 1.5 --- .../python-modules/jaraco_classes/default.nix | 13 +++++++++++++ pkgs/top-level/python-packages.nix | 15 +-------------- 2 files changed, 14 insertions(+), 14 deletions(-) create mode 100644 pkgs/development/python-modules/jaraco_classes/default.nix diff --git a/pkgs/development/python-modules/jaraco_classes/default.nix b/pkgs/development/python-modules/jaraco_classes/default.nix new file mode 100644 index 00000000000..35c70c3c033 --- /dev/null +++ b/pkgs/development/python-modules/jaraco_classes/default.nix @@ -0,0 +1,13 @@ +{ buildPythonPackage, fetchPypi, setuptools_scm, six }: + +buildPythonPackage rec { + pname = "jaraco.classes"; + version = "1.5"; + src = fetchPypi { + inherit pname version; + sha256 = "002zsifikv6qwigkjlij7jhyvbwv6793m8h9ckbkx2jizmgc80fi"; + }; + doCheck = false; + buildInputs = [ setuptools_scm ]; + propagatedBuildInputs = [ six ]; +} diff --git a/pkgs/top-level/python-packages.nix b/pkgs/top-level/python-packages.nix index 0ac94bc76f3..2b814d02bbb 100644 --- a/pkgs/top-level/python-packages.nix +++ b/pkgs/top-level/python-packages.nix @@ -17073,20 +17073,7 @@ EOF jaraco_functools = callPackage ../development/python-modules/jaraco_functools { }; - jaraco_classes = buildPythonPackage rec { - name = "jaraco.classes-${version}"; - version = "1.4"; - - src = pkgs.fetchurl { - url = "mirror://pypi/j/jaraco.classes/${name}.tar.gz"; - sha256 = "1yn1wa6m5rdhk4grmnycx3i5pzzdlwfx83h944c9g5rqggmg612h"; - }; - - doCheck = false; - - buildInputs = with self; [ setuptools_scm ]; - }; - + jaraco_classes = callPackage ../development/python-modules/jaraco_classes { }; jaraco_stream = callPackage ../development/python-modules/jaraco_stream { }; From 6b1b6c84bf188f016b29071c57b744187c499c2b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Mon, 3 Sep 2018 01:18:24 +0100 Subject: [PATCH 059/173] python.pkgs.jaraco.itertools: 1.7.1 -> 2.4 --- .../python-modules/jaraco_itertools/default.nix | 14 ++++++++++++++ pkgs/top-level/python-packages.nix | 16 +--------------- 2 files changed, 15 insertions(+), 15 deletions(-) create mode 100644 pkgs/development/python-modules/jaraco_itertools/default.nix diff --git a/pkgs/development/python-modules/jaraco_itertools/default.nix b/pkgs/development/python-modules/jaraco_itertools/default.nix new file mode 100644 index 00000000000..c7a66c89040 --- /dev/null +++ b/pkgs/development/python-modules/jaraco_itertools/default.nix @@ -0,0 +1,14 @@ +{ buildPythonPackage, fetchPypi, setuptools_scm +, inflect, more-itertools, six }: + +buildPythonPackage rec { + pname = "jaraco.itertools"; + version = "2.4"; + src = fetchPypi { + inherit pname version; + sha256 = "18cwjbnnnbwld70s3r24sys3blcss84d9ha9hhxsg2d35f9vywd5"; + }; + doCheck = false; + buildInputs = [ setuptools_scm ]; + propagatedBuildInputs = [ inflect more-itertools six ]; +} diff --git a/pkgs/top-level/python-packages.nix b/pkgs/top-level/python-packages.nix index 2b814d02bbb..bc95c5952af 100644 --- a/pkgs/top-level/python-packages.nix +++ b/pkgs/top-level/python-packages.nix @@ -17051,21 +17051,7 @@ EOF ''; }; - jaraco_itertools = buildPythonPackage rec { - name = "jaraco.itertools-${version}"; - version = "1.7.1"; - - src = pkgs.fetchurl { - url = "mirror://pypi/j/jaraco.itertools/${name}.tar.gz"; - sha256 = "0yvxp5nwhy4wc4naq5v152vbnxqcn5k031g089chq2lk5kr7np5z"; - }; - - doCheck = false; - - buildInputs = with self; [ setuptools_scm ]; - - propagatedBuildInputs = with self; [ inflect more-itertools six ]; - }; + jaraco_itertools = callPackage ../development/python-modules/jaraco_itertools { }; inflect = callPackage ../development/python-modules/inflect { }; From c4bf056c085518abf4ca9740480eb59cdcb6aa21 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Mon, 3 Sep 2018 01:18:59 +0100 Subject: [PATCH 060/173] python.pkgs.jaraco.collections: 1.3.2 -> 1.5.3 --- .../jaraco_collections/default.nix | 20 ++++++++++++++++++ pkgs/top-level/python-packages.nix | 21 +------------------ 2 files changed, 21 insertions(+), 20 deletions(-) create mode 100644 pkgs/development/python-modules/jaraco_collections/default.nix diff --git a/pkgs/development/python-modules/jaraco_collections/default.nix b/pkgs/development/python-modules/jaraco_collections/default.nix new file mode 100644 index 00000000000..0f2e53715cc --- /dev/null +++ b/pkgs/development/python-modules/jaraco_collections/default.nix @@ -0,0 +1,20 @@ +{ buildPythonPackage, fetchPypi, setuptools_scm +, six, jaraco_classes }: + +buildPythonPackage rec { + pname = "jaraco.collections"; + version = "1.5.3"; + src = fetchPypi { + inherit pname version; + sha256 = "05cmcq5k39bx73kjr00xfm2yr0npyrv89cxdh41ni6x8pkki1jyr"; + }; + + doCheck = false; + buildInputs = [ setuptools_scm ]; + propagatedBuildInputs = [ six jaraco_classes ]; + + # break dependency cycle + patchPhase = '' + sed -i "/'jaraco.text',/d" setup.py + ''; +} diff --git a/pkgs/top-level/python-packages.nix b/pkgs/top-level/python-packages.nix index bc95c5952af..4bfcf887162 100644 --- a/pkgs/top-level/python-packages.nix +++ b/pkgs/top-level/python-packages.nix @@ -17030,26 +17030,7 @@ EOF propagatedBuildInputs = with self; [ jaraco_functools jaraco_collections ]; }; - jaraco_collections = buildPythonPackage rec { - name = "jaraco.collections-${version}"; - version = "1.3.2"; - - src = pkgs.fetchurl { - url = "mirror://pypi/j/jaraco.collections/${name}.tar.gz"; - sha256 = "0mvyn9d4bs5zw9z84wwsbgff6s28vg6h4i8qhyb667fqi7xgr1w5"; - }; - - doCheck = false; - - buildInputs = with self; [ setuptools_scm ]; - - propagatedBuildInputs = with self; [ six jaraco_classes ]; - - # break dependency cycle - patchPhase = '' - sed -i "/'jaraco.text',/d" setup.py - ''; - }; + jaraco_collections = callPackage ../development/python-modules/jaraco_collections { }; jaraco_itertools = callPackage ../development/python-modules/jaraco_itertools { }; From 7cd2bf48f78bd8465c884f39e6a87c3cb4bfffae Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Mon, 3 Sep 2018 01:20:00 +0100 Subject: [PATCH 061/173] python.pkgs.jaraco_text: 1.7 -> 1.10.1 --- .../python-modules/jaraco_text/default.nix | 14 ++++++++++++++ pkgs/top-level/python-packages.nix | 16 +--------------- 2 files changed, 15 insertions(+), 15 deletions(-) create mode 100644 pkgs/development/python-modules/jaraco_text/default.nix diff --git a/pkgs/development/python-modules/jaraco_text/default.nix b/pkgs/development/python-modules/jaraco_text/default.nix new file mode 100644 index 00000000000..01309e0c4d9 --- /dev/null +++ b/pkgs/development/python-modules/jaraco_text/default.nix @@ -0,0 +1,14 @@ +{ buildPythonPackage, fetchPypi, setuptools_scm +, jaraco_functools, jaraco_collections }: + +buildPythonPackage rec { + pname = "jaraco.text"; + version = "1.10.1"; + src = fetchPypi { + inherit pname version; + sha256 = "07ccc0zc28sb1kyfyviw3n8f581qynrshqvqg1xsp4gkf1m2ibhh"; + }; + doCheck = false; + buildInputs =[ setuptools_scm ]; + propagatedBuildInputs = [ jaraco_functools jaraco_collections ]; +} diff --git a/pkgs/top-level/python-packages.nix b/pkgs/top-level/python-packages.nix index 4bfcf887162..93bf55127ac 100644 --- a/pkgs/top-level/python-packages.nix +++ b/pkgs/top-level/python-packages.nix @@ -17014,21 +17014,7 @@ EOF propagatedBuildInputs = with self; [ tempora six ]; }; - jaraco_text = buildPythonPackage rec { - name = "jaraco.text-${version}"; - version = "1.7"; - - src = pkgs.fetchurl { - url = "mirror://pypi/j/jaraco.text/${name}.tar.gz"; - sha256 = "07ccc0zc28sb1kyfyviw3n8f581qynrshqvqg1xsp4gkf1m2ibhh"; - }; - - doCheck = false; - - buildInputs = with self; [ setuptools_scm ]; - - propagatedBuildInputs = with self; [ jaraco_functools jaraco_collections ]; - }; + jaraco_text = callPackage ../development/python-modules/jaraco_text { }; jaraco_collections = callPackage ../development/python-modules/jaraco_collections { }; From 9bc1b13983ae8da91295c00714a9dd40203e45bc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Mon, 3 Sep 2018 01:20:50 +0100 Subject: [PATCH 062/173] python.pkgs.jaraco_logging: 1.5 -> 1.5.2 --- .../python-modules/jaraco_logging/default.nix | 14 ++++++++++++++ pkgs/top-level/python-packages.nix | 16 +--------------- 2 files changed, 15 insertions(+), 15 deletions(-) create mode 100644 pkgs/development/python-modules/jaraco_logging/default.nix diff --git a/pkgs/development/python-modules/jaraco_logging/default.nix b/pkgs/development/python-modules/jaraco_logging/default.nix new file mode 100644 index 00000000000..2aeb0dc3fa4 --- /dev/null +++ b/pkgs/development/python-modules/jaraco_logging/default.nix @@ -0,0 +1,14 @@ +{ buildPythonPackage, fetchPypi, setuptools_scm +, tempora, six }: + +buildPythonPackage rec { + pname = "jaraco.logging"; + version = "1.5.2"; + src = fetchPypi { + inherit pname version; + sha256 = "199pgwx9ziab3gxg6p0c24z8dp3bjpsvvshnmlph9zjsssq0xc93"; + }; + doCheck = false; + buildInputs = [ setuptools_scm ]; + propagatedBuildInputs = [ tempora six ]; +} diff --git a/pkgs/top-level/python-packages.nix b/pkgs/top-level/python-packages.nix index 93bf55127ac..ba9dcb0868e 100644 --- a/pkgs/top-level/python-packages.nix +++ b/pkgs/top-level/python-packages.nix @@ -16998,21 +16998,7 @@ EOF ]; }; - jaraco_logging = buildPythonPackage rec { - name = "jaraco.logging-${version}"; - version = "1.5"; - - src = pkgs.fetchurl { - url = "mirror://pypi/j/jaraco.logging/${name}.tar.gz"; - sha256 = "1lvw9zphiymiiar47kd0x0dbc9x2jks8w1kirg3ff8nd80k95j05"; - }; - - doCheck = false; - - buildInputs = with self; [ setuptools_scm ]; - - propagatedBuildInputs = with self; [ tempora six ]; - }; + jaraco_logging = callPackage ../development/python-modules/jaraco_logging { }; jaraco_text = callPackage ../development/python-modules/jaraco_text { }; From 35c9408ca4a78792227a3cbc47857fa3d99ec8b8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Mon, 3 Sep 2018 01:21:37 +0100 Subject: [PATCH 063/173] python.pkgs.irc: 14.2.2 -> 16.4 --- .../python-modules/irc/default.nix | 25 +++++++++++++++++++ pkgs/top-level/python-packages.nix | 19 +------------- 2 files changed, 26 insertions(+), 18 deletions(-) create mode 100644 pkgs/development/python-modules/irc/default.nix diff --git a/pkgs/development/python-modules/irc/default.nix b/pkgs/development/python-modules/irc/default.nix new file mode 100644 index 00000000000..2df571dde8e --- /dev/null +++ b/pkgs/development/python-modules/irc/default.nix @@ -0,0 +1,25 @@ +{ buildPythonPackage, fetchPypi +, six, jaraco_logging, jaraco_text, jaraco_stream, pytz, jaraco_itertools +, setuptools_scm }: + +buildPythonPackage rec { + pname = "irc"; + version = "16.4"; + + src = fetchPypi { + inherit pname version; + sha256 = "0l2fh2aqs54w4xihckgyz575qkd6mgzbp3zll4g0z9j6h88ghqf1"; + }; + + doCheck = false; + + buildInputs = [ setuptools_scm ]; + propagatedBuildInputs = [ + six + jaraco_logging + jaraco_text + jaraco_stream + pytz + jaraco_itertools + ]; +} diff --git a/pkgs/top-level/python-packages.nix b/pkgs/top-level/python-packages.nix index ba9dcb0868e..354d2f34190 100644 --- a/pkgs/top-level/python-packages.nix +++ b/pkgs/top-level/python-packages.nix @@ -16979,24 +16979,7 @@ EOF python-telegram-bot = callPackage ../development/python-modules/python-telegram-bot { }; - irc = buildPythonPackage rec { - name = "irc-${version}"; - version = "14.2.2"; - - src = pkgs.fetchurl { - url = "mirror://pypi/i/irc/${name}.tar.gz"; - sha256 = "0a6qjl4fjj98wxc8gaf5rxg94v7a0ydjdiw6pcka5fy814xl2i28"; - }; - - doCheck = false; - - buildInputs = with self; [ setuptools_scm ]; - - propagatedBuildInputs = with self; [ - six jaraco_logging jaraco_text jaraco_stream jaraco_stream pytz - jaraco_itertools - ]; - }; + irc = callPackage ../development/python-modules/irc { }; jaraco_logging = callPackage ../development/python-modules/jaraco_logging { }; From e3ee9c098a64deb30e8d9edb180e613b93046f45 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Vladim=C3=ADr=20=C4=8Cun=C3=A1t?= Date: Mon, 3 Sep 2018 08:31:01 +0200 Subject: [PATCH 064/173] Revert "Merge #42880: coreutils: 8.29 -> 8.30" This reverts commit edc13bae5462f7d088897bf6a268cc12c32f1aaf, reversing changes made to 90464f60490b965b482b82cd6b747bb4577c2786. Bootstrap tools generation is broken, and I don't know why yet. --- pkgs/tools/misc/coreutils/default.nix | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/pkgs/tools/misc/coreutils/default.nix b/pkgs/tools/misc/coreutils/default.nix index 582f8d8f05f..3d1c7145698 100644 --- a/pkgs/tools/misc/coreutils/default.nix +++ b/pkgs/tools/misc/coreutils/default.nix @@ -16,11 +16,11 @@ assert selinuxSupport -> libselinux != null && libsepol != null; with lib; stdenv.mkDerivation rec { - name = "coreutils-8.30"; + name = "coreutils-8.29"; src = fetchurl { url = "mirror://gnu/coreutils/${name}.tar.xz"; - sha256 = "0mxhw43d4wpqmvg0l4znk1vm10fy92biyh90lzdnqjcic2lb6cg8"; + sha256 = "0plm1zs9il6bb5mk881qvbghq4glc8ybbgakk2lfzb0w64fgml4j"; }; patches = optional stdenv.hostPlatform.isCygwin ./coreutils-8.23-4.cygwin.patch; @@ -32,7 +32,6 @@ stdenv.mkDerivation rec { sed '2i echo Skipping rm deep-2 test && exit 0' -i ./tests/rm/deep-2.sh sed '2i echo Skipping du long-from-unreadable test && exit 0' -i ./tests/du/long-from-unreadable.sh sed '2i echo Skipping chmod setgid test && exit 0' -i ./tests/chmod/setgid.sh - sed '2i print "Skipping env -S test"; exit 0;' -i ./tests/misc/env-S.pl substituteInPlace ./tests/install/install-C.sh \ --replace 'mode3=2755' 'mode3=1755' ''; From 185f0015f230a26bbd1fdea156e5ea6fbb2f288a Mon Sep 17 00:00:00 2001 From: Austin Seipp Date: Thu, 30 Aug 2018 17:10:39 -0500 Subject: [PATCH 065/173] opendht: rework module to use autoreconfHook, and use multiple outputs Signed-off-by: Austin Seipp --- .../development/libraries/opendht/default.nix | 49 ++++++++----------- 1 file changed, 20 insertions(+), 29 deletions(-) diff --git a/pkgs/development/libraries/opendht/default.nix b/pkgs/development/libraries/opendht/default.nix index bd7d252e1a0..49d70bc211a 100644 --- a/pkgs/development/libraries/opendht/default.nix +++ b/pkgs/development/libraries/opendht/default.nix @@ -1,14 +1,6 @@ -{ stdenv -, fetchFromGitHub -, autoconf -, automake -, libtool -, pkgconfig -, nettle -, gnutls -, msgpack -, readline -, libargon2 +{ stdenv, fetchFromGitHub +, autoreconfHook, pkgconfig +, nettle, gnutls, msgpack, readline, libargon2 }: stdenv.mkDerivation rec { @@ -22,27 +14,26 @@ stdenv.mkDerivation rec { sha256 = "1wqib5plak9bw2bla7y4qyjqi0b00kf8mfwlml16qj3i0aq6h2cp"; }; - buildInputs = [ - autoconf - automake - libtool - pkgconfig - nettle - gnutls - msgpack - readline - libargon2 - ]; + nativeBuildInputs = + [ autoreconfHook + pkgconfig + ]; - preConfigure = '' - ./autogen.sh - ''; + buildInputs = + [ nettle + gnutls + msgpack + readline + libargon2 + ]; + + outputs = [ "out" "lib" "dev" "man" ]; meta = with stdenv.lib; { description = "A C++11 Kademlia distributed hash table implementation"; - homepage = https://github.com/savoirfairelinux/opendht; - license = licenses.gpl3Plus; - maintainers = with maintainers; [ taeer olynch ]; - platforms = platforms.linux; + homepage = https://github.com/savoirfairelinux/opendht; + license = licenses.gpl3Plus; + maintainers = with maintainers; [ taeer olynch thoughtpolice ]; + platforms = platforms.linux; }; } From 252c0d4c82b70ede96cb669485f78aaa99400921 Mon Sep 17 00:00:00 2001 From: Bas van Dijk Date: Mon, 3 Sep 2018 12:38:50 +0200 Subject: [PATCH 066/173] opencv: 3.4.2 -> 3.4.3 --- pkgs/development/libraries/opencv/3.x.nix | 11 +++-------- pkgs/development/libraries/opencv/fix-dnn.patch | 13 ------------- 2 files changed, 3 insertions(+), 21 deletions(-) delete mode 100644 pkgs/development/libraries/opencv/fix-dnn.patch diff --git a/pkgs/development/libraries/opencv/3.x.nix b/pkgs/development/libraries/opencv/3.x.nix index 81d106a2a40..dd87fa93260 100644 --- a/pkgs/development/libraries/opencv/3.x.nix +++ b/pkgs/development/libraries/opencv/3.x.nix @@ -35,20 +35,20 @@ }: let - version = "3.4.2"; + version = "3.4.3"; src = fetchFromGitHub { owner = "opencv"; repo = "opencv"; rev = version; - sha256 = "0q752s1ir6iyqbp3pn425fi215fi7bzjl4aa3arvgh6sridda9lx"; + sha256 = "138q3wiv4g4xvqzsp93xaqayv7kz7bl2vrgppp8jm8w6m25cd4i2"; }; contribSrc = fetchFromGitHub { owner = "opencv"; repo = "opencv_contrib"; rev = version; - sha256 = "1fbgbf9xdby9a5yy6bmnkzchdsfii0jagfd373y015cjpr1mrlvz"; + sha256 = "1f334glf39nk42mpqq6j732h3ql2mpz89jd4mcl678s8n73nfjh2"; }; # Contrib must be built in order to enable Tesseract support: @@ -145,11 +145,6 @@ stdenv.mkDerivation rec { cp --no-preserve=mode -r "${contribSrc}/modules" "$NIX_BUILD_TOP/opencv_contrib" ''; - # TODO: remove the following patch once commit - # https://github.com/opencv/opencv/commit/e2b5d112909b9dfd764f14833b82e38e4bc2f81f - # is released. - patches = [ ./fix-dnn.patch ]; - # This prevents cmake from using libraries in impure paths (which # causes build failure on non NixOS) # Also, work around https://github.com/NixOS/nixpkgs/issues/26304 with diff --git a/pkgs/development/libraries/opencv/fix-dnn.patch b/pkgs/development/libraries/opencv/fix-dnn.patch deleted file mode 100644 index 62234a43e46..00000000000 --- a/pkgs/development/libraries/opencv/fix-dnn.patch +++ /dev/null @@ -1,13 +0,0 @@ -diff --git a/modules/dnn/src/caffe/caffe_io.cpp b/modules/dnn/src/caffe/caffe_io.cpp -index 730c752ce..abbce0453 100644 ---- a/modules/dnn/src/caffe/caffe_io.cpp -+++ b/modules/dnn/src/caffe/caffe_io.cpp -@@ -1120,7 +1120,7 @@ bool ReadProtoFromTextFile(const char* filename, Message* proto) { - std::ifstream fs(filename, std::ifstream::in); - CHECK(fs.is_open()) << "Can't open \"" << filename << "\""; - IstreamInputStream input(&fs); -- return google::protobuf::TextFormat::Parser(true).Parse(&input, proto); -+ return google::protobuf::TextFormat::Parser().Parse(&input, proto); - } - - bool ReadProtoFromBinaryFile(const char* filename, Message* proto) { From 7de2b6240b005203e2015f110598ac4805cf24f8 Mon Sep 17 00:00:00 2001 From: Symphorien Gibol Date: Mon, 3 Sep 2018 14:13:00 +0200 Subject: [PATCH 067/173] purple-matrix: 2016-07-11 -> 2018-08-02 This also fixes the build. --- .../pidgin-plugins/purple-matrix/default.nix | 28 ++++++++++--------- 1 file changed, 15 insertions(+), 13 deletions(-) diff --git a/pkgs/applications/networking/instant-messengers/pidgin-plugins/purple-matrix/default.nix b/pkgs/applications/networking/instant-messengers/pidgin-plugins/purple-matrix/default.nix index a6d893fd95a..d4a26a266c3 100644 --- a/pkgs/applications/networking/instant-messengers/pidgin-plugins/purple-matrix/default.nix +++ b/pkgs/applications/networking/instant-messengers/pidgin-plugins/purple-matrix/default.nix @@ -1,30 +1,32 @@ -{ stdenv, fetchgit, pkgconfig, pidgin, json-glib, glib, http-parser } : +{ stdenv, fetchgit, pkgconfig, pidgin, json-glib, glib, http-parser, sqlite, olm, libgcrypt } : let - version = "2016-07-11"; + version = "2018-08-03"; in stdenv.mkDerivation rec { name = "purple-matrix-unstable-${version}"; src = fetchgit { url = "https://github.com/matrix-org/purple-matrix"; - rev = "f9d36198a57de1cd1740a3ae11c2ad59b03b724a"; - sha256 = "1mmyvc70gslniphmcpk8sfl6ylik6dnprqghx4n47gsj1sb1cy00"; + rev = "5a7166a3f54f85793c6b60662f8d12196aeaaeb0"; + sha256 = "0ph0s24b37d1c50p8zbzgf4q2xns43a8v6vk85iz633wdd72zsa0"; }; nativeBuildInputs = [ pkgconfig ]; - buildInputs = [ pidgin json-glib glib http-parser ]; + buildInputs = [ pidgin json-glib glib http-parser sqlite olm libgcrypt ]; - installPhase = '' - install -Dm755 -t $out/lib/pidgin/ libmatrix.so - for size in 16 22 48; do - install -TDm644 matrix-"$size"px.png $out/pixmaps/pidgin/protocols/$size/matrix.png - done - ''; + hardeningDisable = [ "fortify" ]; # upstream compiles with -O0 - meta = { + makeFlags = [ + "DESTDIR=$(out)" + "PLUGIN_DIR_PURPLE=/lib/pidgin/" + "DATA_ROOT_DIR_PURPLE=/share" + ]; + + meta = with stdenv.lib; { homepage = https://github.com/matrix-org/purple-matrix; description = "Matrix support for Pidgin / libpurple"; - license = stdenv.lib.licenses.gpl2; + license = licenses.gpl2; + maintainers = with maintainers; [ symphorien ]; }; } From 608730af4404f40586ba1e764fbc8576451ec513 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Vladim=C3=ADr=20=C4=8Cun=C3=A1t?= Date: Mon, 3 Sep 2018 14:10:54 +0200 Subject: [PATCH 068/173] lib/trivial.nix: fix missing parens Broken in 62dca7c9a; the tricky thing is that it depends on nix version. Explanation: https://github.com/NixOS/nix/issues/629 --- lib/trivial.nix | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/lib/trivial.nix b/lib/trivial.nix index b75e81eb735..e702b8cdcc9 100644 --- a/lib/trivial.nix +++ b/lib/trivial.nix @@ -36,18 +36,18 @@ rec { /* bitwise “and” */ bitAnd = builtins.bitAnd - or import ./zip-int-bits.nix - (a: b: if a==1 && b==1 then 1 else 0); + or (import ./zip-int-bits.nix + (a: b: if a==1 && b==1 then 1 else 0)); /* bitwise “or” */ bitOr = builtins.bitOr - or import ./zip-int-bits.nix - (a: b: if a==1 || b==1 then 1 else 0); + or (import ./zip-int-bits.nix + (a: b: if a==1 || b==1 then 1 else 0)); /* bitwise “xor” */ bitXor = builtins.bitXor - or import ./zip-int-bits.nix - (a: b: if a!=b then 1 else 0); + or (import ./zip-int-bits.nix + (a: b: if a!=b then 1 else 0)); /* bitwise “not” */ bitNot = builtins.sub (-1); From 7a58a44474d48f4e55a053134d9d4bfe8757cc97 Mon Sep 17 00:00:00 2001 From: rnhmjoj Date: Mon, 3 Sep 2018 14:22:32 +0200 Subject: [PATCH 069/173] imv: 2.1.3 -> 3.0.0 --- pkgs/applications/graphics/imv/default.nix | 23 ++++++++++++++-------- 1 file changed, 15 insertions(+), 8 deletions(-) diff --git a/pkgs/applications/graphics/imv/default.nix b/pkgs/applications/graphics/imv/default.nix index e9a0dccd30a..f02184d9852 100644 --- a/pkgs/applications/graphics/imv/default.nix +++ b/pkgs/applications/graphics/imv/default.nix @@ -1,18 +1,25 @@ -{ stdenv, fetchgit, SDL2, SDL2_ttf, freeimage, fontconfig }: +{ stdenv, fetchFromGitHub, SDL2, SDL2_ttf +, freeimage, fontconfig, pkgconfig +, asciidoc, docbook_xsl, libxslt, cmocka +}: stdenv.mkDerivation rec { name = "imv-${version}"; - version = "2.1.3"; + version = "3.0.0"; - src = fetchgit { - url = "https://github.com/eXeC64/imv.git"; - rev = "e59d0e9e120f1dbde9ab068748a190e93978e5b7"; - sha256 = "0j48dk1bcbh5541522qkn487637wcx104zckrnxa5g3nirfqa7r7"; + src = fetchFromGitHub { + owner = "eXeC64"; + repo = "imv"; + rev = "v${version}"; + sha256 = "0j5aykdkm1g518ism5y5flhwxvjvl92ksq989fhl2wpnv0la82jp"; }; - buildInputs = [ SDL2 SDL2_ttf freeimage fontconfig ]; + buildInputs = [ + SDL2 SDL2_ttf freeimage fontconfig pkgconfig + asciidoc docbook_xsl libxslt cmocka + ]; - configurePhase = "substituteInPlace Makefile --replace /usr $out"; + installFlags = [ "PREFIX=$(out)" "CONFIGPREFIX=$(out)/etc" ]; meta = with stdenv.lib; { description = "A command line image viewer for tiling window managers"; From 66d6e847bb2e6ec3bd44146cd03bc3749c965c69 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Domen=20Ko=C5=BEar?= Date: Mon, 3 Sep 2018 13:23:16 +0100 Subject: [PATCH 070/173] nix-prefetch-git: needs findutils as it depends on find/xargs --- .../tools/package-management/nix-prefetch-scripts/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/tools/package-management/nix-prefetch-scripts/default.nix b/pkgs/tools/package-management/nix-prefetch-scripts/default.nix index 69e978d3439..ba47847f28b 100644 --- a/pkgs/tools/package-management/nix-prefetch-scripts/default.nix +++ b/pkgs/tools/package-management/nix-prefetch-scripts/default.nix @@ -1,5 +1,5 @@ { stdenv, makeWrapper, buildEnv, - git, subversion, mercurial, bazaar, cvs, gnused, coreutils, nix + git, subversion, mercurial, bazaar, cvs, gnused, coreutils, nix, findutils }: let mkPrefetchScript = tool: src: deps: @@ -28,7 +28,7 @@ let mkPrefetchScript = tool: src: deps: in rec { nix-prefetch-bzr = mkPrefetchScript "bzr" ../../../build-support/fetchbzr/nix-prefetch-bzr [ bazaar ]; nix-prefetch-cvs = mkPrefetchScript "cvs" ../../../build-support/fetchcvs/nix-prefetch-cvs [ cvs ]; - nix-prefetch-git = mkPrefetchScript "git" ../../../build-support/fetchgit/nix-prefetch-git [ git coreutils ]; + nix-prefetch-git = mkPrefetchScript "git" ../../../build-support/fetchgit/nix-prefetch-git [ git coreutils findutils ]; nix-prefetch-hg = mkPrefetchScript "hg" ../../../build-support/fetchhg/nix-prefetch-hg [ mercurial ]; nix-prefetch-svn = mkPrefetchScript "svn" ../../../build-support/fetchsvn/nix-prefetch-svn [ subversion ]; From 8d7439eb19892bb91653fb597398b30828d7d8da Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Vladim=C3=ADr=20=C4=8Cun=C3=A1t?= Date: Mon, 3 Sep 2018 14:23:35 +0200 Subject: [PATCH 071/173] tarball job: more --show-trace Without that I couldn't well do the grandparent commit. --- pkgs/top-level/make-tarball.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/top-level/make-tarball.nix b/pkgs/top-level/make-tarball.nix index f7f128547ba..a0c99847274 100644 --- a/pkgs/top-level/make-tarball.nix +++ b/pkgs/top-level/make-tarball.nix @@ -54,7 +54,7 @@ releaseTools.sourceTarball rec { mkdir $TMPDIR/foo ln -s $(readlink -f .) $TMPDIR/foo/bar p1=$(nix-instantiate ./. --dry-run -A firefox --show-trace) - p2=$(nix-instantiate $TMPDIR/foo/bar --dry-run -A firefox) + p2=$(nix-instantiate $TMPDIR/foo/bar --dry-run -A firefox --show-trace) if [ "$p1" != "$p2" ]; then echo "Nixpkgs evaluation depends on Nixpkgs path ($p1 vs $p2)!" exit 1 @@ -63,9 +63,9 @@ releaseTools.sourceTarball rec { # Run the regression tests in `lib'. if # `set -e` doesn't work inside here, so need to && instead :( - res="$(nix-instantiate --eval --strict lib/tests/misc.nix)" \ + res="$(nix-instantiate --eval --strict lib/tests/misc.nix --show-trace)" \ && [[ "$res" == "[ ]" ]] \ - && res="$(nix-instantiate --eval --strict lib/tests/systems.nix)" \ + && res="$(nix-instantiate --eval --strict lib/tests/systems.nix --show-trace)" \ && [[ "$res" == "[ ]" ]] then true From 0a5b8ef8c4661580959e792c4e6b2135233f9cd7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Vladim=C3=ADr=20=C4=8Cun=C3=A1t?= Date: Mon, 3 Sep 2018 14:39:33 +0200 Subject: [PATCH 072/173] knot-dns: 2.7.1 -> 2.7.2 https://lists.nic.cz/pipermail/knot-dns-users/2018-August/001423.html --- pkgs/servers/dns/knot-dns/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/servers/dns/knot-dns/default.nix b/pkgs/servers/dns/knot-dns/default.nix index 047729aa937..3837f06264b 100644 --- a/pkgs/servers/dns/knot-dns/default.nix +++ b/pkgs/servers/dns/knot-dns/default.nix @@ -7,11 +7,11 @@ let inherit (stdenv.lib) optional optionals; in # Note: ATM only the libraries have been tested in nixpkgs. stdenv.mkDerivation rec { name = "knot-dns-${version}"; - version = "2.7.1"; + version = "2.7.2"; src = fetchurl { url = "https://secure.nic.cz/files/knot-dns/knot-${version}.tar.xz"; - sha256 = "7d6ae20ada0f0ee7700d5df17f47f86b49eb21ee34977d0d70de6a0947371381"; + sha256 = "cb70b2ee1c7ecbaad8774a1e0c449a68c6a6f7c9d60595524f003201d6e38431"; }; outputs = [ "bin" "out" "dev" ]; From 56a35b39f7ed01d63aa97be57961da59b981518b Mon Sep 17 00:00:00 2001 From: rnhmjoj Date: Mon, 3 Sep 2018 15:09:20 +0200 Subject: [PATCH 073/173] vapoursynth-mvtools: 19 -> 20 --- .../libraries/vapoursynth-mvtools/default.nix | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/pkgs/development/libraries/vapoursynth-mvtools/default.nix b/pkgs/development/libraries/vapoursynth-mvtools/default.nix index c2ab61c6bd1..ecc6b7c30fc 100644 --- a/pkgs/development/libraries/vapoursynth-mvtools/default.nix +++ b/pkgs/development/libraries/vapoursynth-mvtools/default.nix @@ -1,22 +1,22 @@ { stdenv, fetchFromGitHub, pkgconfig, autoreconfHook, - vapoursynth, yasm, fftwFloat + vapoursynth, nasm, fftwFloat }: stdenv.mkDerivation rec { name = "vapoursynth-mvtools-${version}"; - version = "19"; + version = "20"; src = fetchFromGitHub { - owner = "dubhater"; - repo = "vapoursynth-mvtools"; + owner = "dubhater"; + repo = "vapoursynth-mvtools"; rev = "v${version}"; - sha256 = "1wjwf1lgfkqz87s0j251g625mw9xmx79zzgrjyhq3wlii73m6qwp"; + sha256 = "0nbq04wbmz7xqfcfpdvgg0p8xhh2xdcwhhx5gwr4j8bm611v0npz"; }; nativeBuildInputs = [ pkgconfig ]; buildInputs = [ autoreconfHook - yasm vapoursynth fftwFloat + nasm vapoursynth fftwFloat ]; configureFlags = [ "--libdir=$(out)/lib/vapoursynth" ]; From 5a27c2bdcdedce811671b669fa2b32fdbe24e9e0 Mon Sep 17 00:00:00 2001 From: rnhmjoj Date: Mon, 3 Sep 2018 15:09:28 +0200 Subject: [PATCH 074/173] vapoursynth: R43 -> R44 --- pkgs/development/libraries/vapoursynth/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/libraries/vapoursynth/default.nix b/pkgs/development/libraries/vapoursynth/default.nix index 7344f3a7e2b..2d3af9b70c5 100644 --- a/pkgs/development/libraries/vapoursynth/default.nix +++ b/pkgs/development/libraries/vapoursynth/default.nix @@ -12,13 +12,13 @@ with stdenv.lib; stdenv.mkDerivation rec { name = "vapoursynth-${version}"; - version = "R43"; + version = "R44"; src = fetchFromGitHub { owner = "vapoursynth"; repo = "vapoursynth"; rev = version; - sha256 = "01yzxggjxr6fz3wj81z6vgp9m4jqddyk73i22kz2x620cpdgb9j9"; + sha256 = "1270cggvk9nvy5g2z289nwhyvl4364yzirfn5jsa9i9ljfp00qml"; }; nativeBuildInputs = [ pkgconfig autoreconfHook nasm ]; From 9173c37e057691f9b813529440e50287dbbd6adc Mon Sep 17 00:00:00 2001 From: volth Date: Mon, 3 Sep 2018 13:15:43 +0000 Subject: [PATCH 075/173] perlPackages.UNIVERSALref: broken with perl 5.26+ --- pkgs/top-level/perl-packages.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/pkgs/top-level/perl-packages.nix b/pkgs/top-level/perl-packages.nix index 51d1a1c2215..aea2e458d21 100644 --- a/pkgs/top-level/perl-packages.nix +++ b/pkgs/top-level/perl-packages.nix @@ -17056,6 +17056,7 @@ let meta = { description = "Turns ref() into a multimethod"; license = with stdenv.lib.licenses; [ artistic1 gpl1Plus ]; + broken = stdenv.lib.versionAtLeast perl.version "5.26"; # 'OP {aka struct op}' has no member named 'op_sibling' }; }; From 875bb6bcb98de45bcc54c50cf4428ca9e3b1f7b5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Dani=C3=ABl=20de=20Kok?= Date: Mon, 3 Sep 2018 15:47:04 +0200 Subject: [PATCH 076/173] vowpalwabbit: fix build against boost-python. Patch setup.py to look for libboost_python{Major}{Minor}. --- .../python-modules/vowpalwabbit/default.nix | 9 ++++++++- .../vowpalwabbit/vowpal-wabbit-find-boost.diff | 16 ++++++++++++++++ 2 files changed, 24 insertions(+), 1 deletion(-) create mode 100644 pkgs/development/python-modules/vowpalwabbit/vowpal-wabbit-find-boost.diff diff --git a/pkgs/development/python-modules/vowpalwabbit/default.nix b/pkgs/development/python-modules/vowpalwabbit/default.nix index a8661fd3a98..6ee6e42e97d 100644 --- a/pkgs/development/python-modules/vowpalwabbit/default.nix +++ b/pkgs/development/python-modules/vowpalwabbit/default.nix @@ -9,13 +9,20 @@ buildPythonPackage rec { inherit pname version; sha256 = "0b517371fc64f1c728a0af42a31fa93def27306e9b4d25d6e5fd01bcff1b7304"; }; + + # Should be fixed in next Python release after 8.5.0: + # https://github.com/JohnLangford/vowpal_wabbit/pull/1533 + patches = [ + ./vowpal-wabbit-find-boost.diff + ]; + # vw tries to write some explicit things to home # python installed: The directory '/homeless-shelter/.cache/pip/http' preInstall = '' export HOME=$PWD ''; - buildInputs = [ boost.dev zlib.dev clang ncurses pytest docutils pygments ]; + buildInputs = [ python.pkgs.boost zlib.dev clang ncurses pytest docutils pygments ]; propagatedBuildInputs = [ numpy scipy scikitlearn ]; checkPhase = '' diff --git a/pkgs/development/python-modules/vowpalwabbit/vowpal-wabbit-find-boost.diff b/pkgs/development/python-modules/vowpalwabbit/vowpal-wabbit-find-boost.diff new file mode 100644 index 00000000000..0e7b13c0103 --- /dev/null +++ b/pkgs/development/python-modules/vowpalwabbit/vowpal-wabbit-find-boost.diff @@ -0,0 +1,16 @@ +--- vowpalwabbit-8.5.0.orig/setup.py 2018-09-03 14:27:22.833621339 +0200 ++++ vowpalwabbit-8.5.0/setup.py 2018-09-03 14:37:18.076127914 +0200 +@@ -25,12 +25,7 @@ + """Find correct boost-python library information """ + if system == 'Linux': + # use version suffix if present +- boost_lib = 'boost_python-py{v[0]}{v[1]}'.format(v=sys.version_info) +- if sys.version_info.major == 3: +- for candidate in ['-py36', '-py35', '-py34', '3']: +- boost_lib = 'boost_python{}'.format(candidate) +- if find_library(boost_lib): +- exit ++ boost_lib = 'boost_python{v[0]}{v[1]}'.format(v=sys.version_info) + if not find_library(boost_lib): + boost_lib = "boost_python" + elif system == 'Darwin': From 0d388e1bb6981ccffe08920e22000bee80a44446 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Vladim=C3=ADr=20=C4=8Cun=C3=A1t?= Date: Mon, 3 Sep 2018 16:29:35 +0200 Subject: [PATCH 077/173] aefs: fix meta.homepage --- pkgs/tools/filesystems/aefs/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/tools/filesystems/aefs/default.nix b/pkgs/tools/filesystems/aefs/default.nix index 9ea4d092548..9344ada8f93 100644 --- a/pkgs/tools/filesystems/aefs/default.nix +++ b/pkgs/tools/filesystems/aefs/default.nix @@ -11,7 +11,7 @@ stdenv.mkDerivation rec { buildInputs = [ fuse ]; meta = with stdenv.lib; { - homepage = http://www.st.ewi.tudelft.nl/~dolstra/aefs/; + homepage = https://nixos.org/~edolstra/aefs/; description = "A cryptographic filesystem implemented in userspace using FUSE"; platforms = platforms.linux; maintainers = [ maintainers.eelco ]; From 9b48a677316ec1e34821e19bf8af68ef0dda6fa3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Vladim=C3=ADr=20=C4=8Cun=C3=A1t?= Date: Mon, 3 Sep 2018 16:53:02 +0200 Subject: [PATCH 078/173] treewide: fix various links (homepage, src) --- pkgs/development/libraries/jbig2dec/default.nix | 4 ++-- pkgs/development/libraries/libsigcxx/1.2.nix | 2 +- pkgs/development/libraries/libsigcxx/default.nix | 2 +- pkgs/os-specific/linux/lm-sensors/default.nix | 5 +++-- pkgs/tools/graphics/imgur-screenshot/default.nix | 2 +- pkgs/tools/networking/dnscrypt-proxy/1.x/default.nix | 2 +- pkgs/tools/networking/dnscrypt-wrapper/default.nix | 2 +- pkgs/tools/networking/dnsperf/default.nix | 2 +- 8 files changed, 11 insertions(+), 10 deletions(-) diff --git a/pkgs/development/libraries/jbig2dec/default.nix b/pkgs/development/libraries/jbig2dec/default.nix index cc838be0f4f..1839d5519fc 100644 --- a/pkgs/development/libraries/jbig2dec/default.nix +++ b/pkgs/development/libraries/jbig2dec/default.nix @@ -4,7 +4,7 @@ stdenv.mkDerivation rec { name = "jbig2dec-0.14"; src = fetchurl { - url = "http://downloads.ghostscript.com/public/jbig2dec/${name}.tar.gz"; + url = "https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs922/jbig2dec-0.14.tar.gz"; sha256 = "0k01hp0q4275fj4rbr1gy64svfraw5w7wvwl08yjhvsnpb1rid11"; }; @@ -16,7 +16,7 @@ stdenv.mkDerivation rec { doCheck = false; # fails 1 of 4 tests meta = { - homepage = https://www.ghostscript.com/jbig2dec.html; + homepage = https://www.jbig2dec.com/; description = "Decoder implementation of the JBIG2 image compression format"; license = stdenv.lib.licenses.gpl2Plus; platforms = stdenv.lib.platforms.unix; diff --git a/pkgs/development/libraries/libsigcxx/1.2.nix b/pkgs/development/libraries/libsigcxx/1.2.nix index 9fc6ff86773..38e5ffcb4de 100644 --- a/pkgs/development/libraries/libsigcxx/1.2.nix +++ b/pkgs/development/libraries/libsigcxx/1.2.nix @@ -12,7 +12,7 @@ stdenv.mkDerivation rec { buildInputs = [ m4]; meta = { - homepage = http://libsigc.sourceforge.net/; + homepage = https://libsigcplusplus.github.io/libsigcplusplus/; description = "A typesafe callback system for standard C++"; branch = "1.2"; platforms = stdenv.lib.platforms.unix; diff --git a/pkgs/development/libraries/libsigcxx/default.nix b/pkgs/development/libraries/libsigcxx/default.nix index def5ee0e19a..8eba5377bc3 100644 --- a/pkgs/development/libraries/libsigcxx/default.nix +++ b/pkgs/development/libraries/libsigcxx/default.nix @@ -16,7 +16,7 @@ stdenv.mkDerivation rec { doCheck = true; meta = with stdenv.lib; { - homepage = http://libsigc.sourceforge.net/; + homepage = https://libsigcplusplus.github.io/libsigcplusplus/; description = "A typesafe callback system for standard C++"; license = licenses.lgpl21; platforms = platforms.all; diff --git a/pkgs/os-specific/linux/lm-sensors/default.nix b/pkgs/os-specific/linux/lm-sensors/default.nix index af52dc551dd..04ce60c87b0 100644 --- a/pkgs/os-specific/linux/lm-sensors/default.nix +++ b/pkgs/os-specific/linux/lm-sensors/default.nix @@ -11,7 +11,8 @@ stdenv.mkDerivation rec { src = fetchurl { urls = [ - "http://dl.lm-sensors.org/lm-sensors/releases/lm_sensors-${version}.tar.bz2" + # "http://dl.lm-sensors.org/lm-sensors/releases/lm_sensors-${version}.tar.bz2" # dead + # https://github.com/lm-sensors/lm-sensors/releases/... # only generated tarballs "https://src.fedoraproject.org/repo/pkgs/lm_sensors/lm_sensors-${version}.tar.bz2/c03675ae9d43d60322110c679416901a/lm_sensors-${version}.tar.bz2" ]; sha256 = "07q6811l4pp0f7pxr8bk3s97ippb84mx5qdg7v92s9hs10b90mz0"; @@ -28,7 +29,7 @@ stdenv.mkDerivation rec { ''; meta = with stdenv.lib; { - homepage = http://www.lm-sensors.org/; + homepage = https://hwmon.wiki.kernel.org/lm_sensors; description = "Tools for reading hardware sensors"; license = with licenses; [ gpl2 lgpl21 ]; platforms = platforms.linux; diff --git a/pkgs/tools/graphics/imgur-screenshot/default.nix b/pkgs/tools/graphics/imgur-screenshot/default.nix index e9f1ad5dacd..8db5b6c7dea 100644 --- a/pkgs/tools/graphics/imgur-screenshot/default.nix +++ b/pkgs/tools/graphics/imgur-screenshot/default.nix @@ -21,7 +21,7 @@ in stdenv.mkDerivation rec { meta = with stdenv.lib; { description = "A tool for easy screencapping and uploading to imgur"; - homepage = https://https://github.com/jomo/imgur-screenshot/; + homepage = https://github.com/jomo/imgur-screenshot/; platforms = platforms.linux; license = licenses.mit; maintainers = with maintainers; [ lw ]; diff --git a/pkgs/tools/networking/dnscrypt-proxy/1.x/default.nix b/pkgs/tools/networking/dnscrypt-proxy/1.x/default.nix index 6120b821bf4..d555a74ffb1 100644 --- a/pkgs/tools/networking/dnscrypt-proxy/1.x/default.nix +++ b/pkgs/tools/networking/dnscrypt-proxy/1.x/default.nix @@ -28,7 +28,7 @@ stdenv.mkDerivation rec { meta = { description = "A tool for securing communications between a client and a DNS resolver"; - homepage = https://dnscrypt.org/; + homepage = https://dnscrypt.info/; license = licenses.isc; maintainers = with maintainers; [ joachifm jgeerds ]; # upstream claims OSX support, but Hydra fails diff --git a/pkgs/tools/networking/dnscrypt-wrapper/default.nix b/pkgs/tools/networking/dnscrypt-wrapper/default.nix index 4351fd84dcd..7ed1dbf3220 100644 --- a/pkgs/tools/networking/dnscrypt-wrapper/default.nix +++ b/pkgs/tools/networking/dnscrypt-wrapper/default.nix @@ -18,7 +18,7 @@ stdenv.mkDerivation rec { meta = with stdenv.lib; { description = "A tool for adding dnscrypt support to any name resolver"; - homepage = https://dnscrypt.org/; + homepage = https://dnscrypt.info/; license = licenses.isc; maintainers = with maintainers; [ tstrobel joachifm ]; platforms = platforms.linux; diff --git a/pkgs/tools/networking/dnsperf/default.nix b/pkgs/tools/networking/dnsperf/default.nix index 015046f2bda..9d6b85092ef 100644 --- a/pkgs/tools/networking/dnsperf/default.nix +++ b/pkgs/tools/networking/dnsperf/default.nix @@ -24,7 +24,7 @@ stdenv.mkDerivation rec { outputsToInstall = outputs; # The man pages and PDFs are likely useful to most. description = "Tools for DNS benchmaring"; - homepage = https://nominum.com/measurement-tools/; + homepage = https://www.akamai.com/us/en/products/network-operator/measurement-tools.jsp; license = licenses.isc; platforms = platforms.unix; maintainers = [ maintainers.vcunat ]; From 3db3ae3700f6e3ced14cf33da05ae91a06d8e5bf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Vladim=C3=ADr=20=C4=8Cun=C3=A1t?= Date: Mon, 3 Sep 2018 16:54:14 +0200 Subject: [PATCH 079/173] fixup! treewide: fix various links (homepage, src) --- pkgs/development/libraries/jbig2dec/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/development/libraries/jbig2dec/default.nix b/pkgs/development/libraries/jbig2dec/default.nix index 1839d5519fc..04a165866fa 100644 --- a/pkgs/development/libraries/jbig2dec/default.nix +++ b/pkgs/development/libraries/jbig2dec/default.nix @@ -4,7 +4,7 @@ stdenv.mkDerivation rec { name = "jbig2dec-0.14"; src = fetchurl { - url = "https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs922/jbig2dec-0.14.tar.gz"; + url = "https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs922/${name}.tar.gz"; sha256 = "0k01hp0q4275fj4rbr1gy64svfraw5w7wvwl08yjhvsnpb1rid11"; }; From eac06ed0702638b7e9a058e5412940474ff872ca Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Mon, 3 Sep 2018 17:13:02 +0200 Subject: [PATCH 080/173] Manual: Random indentation fixes --- doc/configuration.xml | 42 ++++++------ doc/functions.xml | 150 ++++++++++++++++++++++-------------------- 2 files changed, 101 insertions(+), 91 deletions(-) diff --git a/doc/configuration.xml b/doc/configuration.xml index c91f38f3093..af74f3f9c01 100644 --- a/doc/configuration.xml +++ b/doc/configuration.xml @@ -325,7 +325,7 @@ }; }; } - + To install it into our environment, you can just run nix-env -iA @@ -347,7 +347,7 @@ }; }; } - + pathsToLink tells Nixpkgs to only link the paths listed @@ -383,7 +383,7 @@ }; }; } - + This provides us with some useful documentation for using our packages. @@ -395,15 +395,15 @@ { packageOverrides = pkgs: with pkgs; rec { myProfile = writeText "my-profile" '' -export PATH=$HOME/.nix-profile/bin:/nix/var/nix/profiles/default/bin:/sbin:/bin:/usr/sbin:/usr/bin -export MANPATH=$HOME/.nix-profile/share/man:/nix/var/nix/profiles/default/share/man:/usr/share/man + export PATH=$HOME/.nix-profile/bin:/nix/var/nix/profiles/default/bin:/sbin:/bin:/usr/sbin:/usr/bin + export MANPATH=$HOME/.nix-profile/share/man:/nix/var/nix/profiles/default/share/man:/usr/share/man ''; myPackages = pkgs.buildEnv { name = "my-packages"; paths = [ (runCommand "profile" {} '' -mkdir -p $out/etc/profile.d -cp ${myProfile} $out/etc/profile.d/my-profile.sh + mkdir -p $out/etc/profile.d + cp ${myProfile} $out/etc/profile.d/my-profile.sh '') aspell bc @@ -421,7 +421,7 @@ cp ${myProfile} $out/etc/profile.d/my-profile.sh }; }; } - + For this to work fully, you must also have this script sourced when you are @@ -438,7 +438,7 @@ if [ -d $HOME/.nix-profile/etc/profile.d ]; then fi done fi - + Now just run source $HOME/.profile and you can starting @@ -459,16 +459,16 @@ fi { packageOverrides = pkgs: with pkgs; rec { myProfile = writeText "my-profile" '' -export PATH=$HOME/.nix-profile/bin:/nix/var/nix/profiles/default/bin:/sbin:/bin:/usr/sbin:/usr/bin -export MANPATH=$HOME/.nix-profile/share/man:/nix/var/nix/profiles/default/share/man:/usr/share/man -export INFOPATH=$HOME/.nix-profile/share/info:/nix/var/nix/profiles/default/share/info:/usr/share/info + export PATH=$HOME/.nix-profile/bin:/nix/var/nix/profiles/default/bin:/sbin:/bin:/usr/sbin:/usr/bin + export MANPATH=$HOME/.nix-profile/share/man:/nix/var/nix/profiles/default/share/man:/usr/share/man + export INFOPATH=$HOME/.nix-profile/share/info:/nix/var/nix/profiles/default/share/info:/usr/share/info ''; myPackages = pkgs.buildEnv { name = "my-packages"; paths = [ (runCommand "profile" {} '' -mkdir -p $out/etc/profile.d -cp ${myProfile} $out/etc/profile.d/my-profile.sh + mkdir -p $out/etc/profile.d + cp ${myProfile} $out/etc/profile.d/my-profile.sh '') aspell bc @@ -485,17 +485,17 @@ cp ${myProfile} $out/etc/profile.d/my-profile.sh pathsToLink = [ "/share/man" "/share/doc" "/share/info" "/bin" "/etc" ]; extraOutputsToInstall = [ "man" "doc" "info" ]; postBuild = '' - if [ -x $out/bin/install-info -a -w $out/share/info ]; then - shopt -s nullglob - for i in $out/share/info/*.info $out/share/info/*.info.gz; do - $out/bin/install-info $i $out/share/info/dir - done - fi + if [ -x $out/bin/install-info -a -w $out/share/info ]; then + shopt -s nullglob + for i in $out/share/info/*.info $out/share/info/*.info.gz; do + $out/bin/install-info $i $out/share/info/dir + done + fi ''; }; }; } - + postBuild tells Nixpkgs to run a command after building diff --git a/doc/functions.xml b/doc/functions.xml index ec188e23454..3cfc6884bd2 100644 --- a/doc/functions.xml +++ b/doc/functions.xml @@ -1,7 +1,7 @@ + xml:id="chap-functions"> Functions reference The nixpkgs repository has several utility functions to manipulate Nix @@ -31,12 +31,16 @@ Example usages: pkgs.foo.override { arg1 = val1; arg2 = val2; ... } -import pkgs.path { overlays = [ (self: super: { - foo = super.foo.override { barSupport = true ; }; - })]}; -mypkg = pkgs.callPackage ./mypkg.nix { - mydep = pkgs.mydep.override { ... }; - } + +import pkgs.path { overlays = [ (self: super: { + foo = super.foo.override { barSupport = true ; }; + })]}; + + +mypkg = pkgs.callPackage ./mypkg.nix { + mydep = pkgs.mydep.override { ... }; + } + @@ -61,9 +65,11 @@ Example usage: -helloWithDebug = pkgs.hello.overrideAttrs (oldAttrs: rec { - separateDebugInfo = true; - }); + +helloWithDebug = pkgs.hello.overrideAttrs (oldAttrs: rec { + separateDebugInfo = true; +}); + @@ -134,14 +140,16 @@ Example usage: -mySed = pkgs.gnused.overrideDerivation (oldAttrs: { - name = "sed-4.2.2-pre"; - src = fetchurl { - url = ftp://alpha.gnu.org/gnu/sed/sed-4.2.2-pre.tar.bz2; - sha256 = "11nq06d131y4wmf3drm0yk502d2xc6n5qy82cg88rb9nqd2lj41k"; - }; - patches = []; - }); + +mySed = pkgs.gnused.overrideDerivation (oldAttrs: { + name = "sed-4.2.2-pre"; + src = fetchurl { + url = ftp://alpha.gnu.org/gnu/sed/sed-4.2.2-pre.tar.bz2; + sha256 = "11nq06d131y4wmf3drm0yk502d2xc6n5qy82cg88rb9nqd2lj41k"; + }; + patches = []; +}); + @@ -181,8 +189,10 @@ Example usage: -f = { a, b }: { result = a+b; } - c = lib.makeOverridable f { a = 1; b = 2; } + +f = { a, b }: { result = a+b; }; +c = lib.makeOverridable f { a = 1; b = 2; }; + @@ -482,29 +492,29 @@ merge:"diff3" Docker build - buildImage { - name = "redis"; - tag = "latest"; +buildImage { + name = "redis"; + tag = "latest"; - fromImage = someBaseImage; - fromImageName = null; - fromImageTag = "latest"; + fromImage = someBaseImage; + fromImageName = null; + fromImageTag = "latest"; - contents = pkgs.redis; - runAsRoot = '' - #!${stdenv.shell} - mkdir -p /data - ''; + contents = pkgs.redis; + runAsRoot = '' + #!${stdenv.shell} + mkdir -p /data + ''; - config = { - Cmd = [ "/bin/redis-server" ]; - WorkingDir = "/data"; - Volumes = { - "/data" = {}; - }; + config = { + Cmd = [ "/bin/redis-server" ]; + WorkingDir = "/data"; + Volumes = { + "/data" = {}; }; - } - + }; +} + @@ -647,15 +657,15 @@ merge:"diff3" Docker pull - pullImage { - imageName = "nixos/nix"; - imageDigest = "sha256:20d9485b25ecfd89204e843a962c1bd70e9cc6858d65d7f5fadc340246e2116b"; - finalImageTag = "1.11"; - sha256 = "0mqjy3zq2v6rrhizgb9nvhczl87lcfphq9601wcprdika2jz7qh8"; - os = "linux"; - arch = "x86_64"; - } - +pullImage { + imageName = "nixos/nix"; + imageDigest = "sha256:20d9485b25ecfd89204e843a962c1bd70e9cc6858d65d7f5fadc340246e2116b"; + finalImageTag = "1.11"; + sha256 = "0mqjy3zq2v6rrhizgb9nvhczl87lcfphq9601wcprdika2jz7qh8"; + os = "linux"; + arch = "x86_64"; +} + @@ -677,9 +687,9 @@ merge:"diff3" exactly which image you want. By default it will match the OS and architecture of the host the command is run on. - $ nix-shell --packages skopeo jq --command "skopeo --override-os linux --override-arch x86_64 inspect docker://docker.io/nixos/nix:1.11 | jq -r '.Digest'" - sha256:20d9485b25ecfd89204e843a962c1bd70e9cc6858d65d7f5fadc340246e2116b - +$ nix-shell --packages skopeo jq --command "skopeo --override-os linux --override-arch x86_64 inspect docker://docker.io/nixos/nix:1.11 | jq -r '.Digest'" +sha256:20d9485b25ecfd89204e843a962c1bd70e9cc6858d65d7f5fadc340246e2116b + This argument is required. @@ -737,13 +747,13 @@ merge:"diff3" Docker export - exportImage { - fromImage = someLayeredImage; - fromImageName = null; - fromImageTag = null; +exportImage { + fromImage = someLayeredImage; + fromImageName = null; + fromImageTag = null; - name = someLayeredImage.name; - } + name = someLayeredImage.name; +} @@ -774,19 +784,19 @@ merge:"diff3" Shadow base files - buildImage { - name = "shadow-basic"; +buildImage { + name = "shadow-basic"; - runAsRoot = '' - #!${stdenv.shell} - ${shadowSetup} - groupadd -r redis - useradd -r -g redis redis - mkdir /data - chown redis:redis /data - ''; - } - + runAsRoot = '' + #!${stdenv.shell} + ${shadowSetup} + groupadd -r redis + useradd -r -g redis redis + mkdir /data + chown redis:redis /data + ''; +} + From 5fccac2b8d77a660a968809519710a5bb7838e63 Mon Sep 17 00:00:00 2001 From: Tim Steinbach Date: Mon, 3 Sep 2018 11:18:11 -0400 Subject: [PATCH 081/173] kernel: Remove Copperhead The patches are unmaintained and suggest a false sense of security --- nixos/release.nix | 1 - nixos/tests/kernel-copperhead.nix | 19 - .../linux/kernel/copperhead-4-14.patch | 2864 ----------------- .../linux/kernel/copperhead-4-16.patch | 2571 --------------- .../linux/kernel/linux-copperhead-lts.nix | 30 - pkgs/os-specific/linux/kernel/patches.nix | 10 - pkgs/top-level/all-packages.nix | 10 - 7 files changed, 5505 deletions(-) delete mode 100644 nixos/tests/kernel-copperhead.nix delete mode 100644 pkgs/os-specific/linux/kernel/copperhead-4-14.patch delete mode 100644 pkgs/os-specific/linux/kernel/copperhead-4-16.patch delete mode 100644 pkgs/os-specific/linux/kernel/linux-copperhead-lts.nix diff --git a/nixos/release.nix b/nixos/release.nix index 1013053b5b3..17f51d977c9 100644 --- a/nixos/release.nix +++ b/nixos/release.nix @@ -327,7 +327,6 @@ in rec { tests.keymap = callSubTests tests/keymap.nix {}; tests.initrdNetwork = callTest tests/initrd-network.nix {}; tests.kafka = callSubTests tests/kafka.nix {}; - tests.kernel-copperhead = callTest tests/kernel-copperhead.nix {}; tests.kernel-latest = callTest tests/kernel-latest.nix {}; tests.kernel-lts = callTest tests/kernel-lts.nix {}; tests.kubernetes.dns = callSubTestsOnMatchingSystems ["x86_64-linux"] tests/kubernetes/dns.nix {}; diff --git a/nixos/tests/kernel-copperhead.nix b/nixos/tests/kernel-copperhead.nix deleted file mode 100644 index 652fbf05537..00000000000 --- a/nixos/tests/kernel-copperhead.nix +++ /dev/null @@ -1,19 +0,0 @@ -import ./make-test.nix ({ pkgs, ...} : { - name = "kernel-copperhead"; - meta = with pkgs.stdenv.lib.maintainers; { - maintainers = [ nequissimus ]; - }; - - machine = { pkgs, ... }: - { - boot.kernelPackages = pkgs.linuxPackages_copperhead_lts; - }; - - testScript = - '' - $machine->succeed("uname -a"); - $machine->succeed("uname -s | grep 'Linux'"); - $machine->succeed("uname -a | grep '${pkgs.linuxPackages_copperhead_lts.kernel.modDirVersion}'"); - $machine->succeed("uname -a | grep 'hardened'"); - ''; -}) diff --git a/pkgs/os-specific/linux/kernel/copperhead-4-14.patch b/pkgs/os-specific/linux/kernel/copperhead-4-14.patch deleted file mode 100644 index 78112d164f0..00000000000 --- a/pkgs/os-specific/linux/kernel/copperhead-4-14.patch +++ /dev/null @@ -1,2864 +0,0 @@ -diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt -index 0380a45ecf4b..39956a3ef645 100644 ---- a/Documentation/admin-guide/kernel-parameters.txt -+++ b/Documentation/admin-guide/kernel-parameters.txt -@@ -490,16 +490,6 @@ - nosocket -- Disable socket memory accounting. - nokmem -- Disable kernel memory accounting. - -- checkreqprot [SELINUX] Set initial checkreqprot flag value. -- Format: { "0" | "1" } -- See security/selinux/Kconfig help text. -- 0 -- check protection applied by kernel (includes -- any implied execute protection). -- 1 -- check protection requested by application. -- Default value is set via a kernel config option. -- Value can be changed at runtime via -- /selinux/checkreqprot. -- - cio_ignore= [S390] - See Documentation/s390/CommonIO for details. - clk_ignore_unused -@@ -2899,6 +2889,11 @@ - the specified number of seconds. This is to be used if - your oopses keep scrolling off the screen. - -+ extra_latent_entropy -+ Enable a very simple form of latent entropy extraction -+ from the first 4GB of memory as the bootmem allocator -+ passes the memory pages to the buddy allocator. -+ - pcbit= [HW,ISDN] - - pcd. [PARIDE] -diff --git a/Documentation/sysctl/kernel.txt b/Documentation/sysctl/kernel.txt -index 694968c7523c..002d86416ef8 100644 ---- a/Documentation/sysctl/kernel.txt -+++ b/Documentation/sysctl/kernel.txt -@@ -91,6 +91,7 @@ show up in /proc/sys/kernel: - - sysctl_writes_strict - - tainted - - threads-max -+- tiocsti_restrict - - unknown_nmi_panic - - watchdog - - watchdog_thresh -@@ -999,6 +1000,26 @@ available RAM pages threads-max is reduced accordingly. - - ============================================================== - -+tiocsti_restrict: -+ -+This toggle indicates whether unprivileged users are prevented -+from using the TIOCSTI ioctl to inject commands into other processes -+which share a tty session. -+ -+When tiocsti_restrict is set to (0) there are no restrictions(accept -+the default restriction of only being able to injection commands into -+one's own tty). When tiocsti_restrict is set to (1), users must -+have CAP_SYS_ADMIN to use the TIOCSTI ioctl. -+ -+When user namespaces are in use, the check for the capability -+CAP_SYS_ADMIN is done against the user namespace that originally -+opened the tty. -+ -+The kernel config option CONFIG_SECURITY_TIOCSTI_RESTRICT sets the -+default value of tiocsti_restrict. -+ -+============================================================== -+ - unknown_nmi_panic: - - The value in this file affects behavior of handling NMI. When the -diff --git a/Makefile b/Makefile -index 787cf6605209..e4fda5330730 100644 ---- a/Makefile -+++ b/Makefile -@@ -710,6 +710,9 @@ endif - KBUILD_CFLAGS += $(stackp-flag) - - ifeq ($(cc-name),clang) -+ifdef CONFIG_LOCAL_INIT -+KBUILD_CFLAGS += -fsanitize=local-init -+endif - KBUILD_CPPFLAGS += $(call cc-option,-Qunused-arguments,) - KBUILD_CFLAGS += $(call cc-disable-warning, unused-variable) - KBUILD_CFLAGS += $(call cc-disable-warning, format-invalid-specifier) -diff --git a/arch/Kconfig b/arch/Kconfig -index 400b9e1b2f27..4637096f7902 100644 ---- a/arch/Kconfig -+++ b/arch/Kconfig -@@ -440,6 +440,11 @@ config GCC_PLUGIN_LATENT_ENTROPY - is some slowdown of the boot process (about 0.5%) and fork and - irq processing. - -+ When extra_latent_entropy is passed on the kernel command line, -+ entropy will be extracted from up to the first 4GB of RAM while the -+ runtime memory allocator is being initialized. This costs even more -+ slowdown of the boot process. -+ - Note that entropy extracted this way is not cryptographically - secure! - -@@ -533,7 +538,7 @@ config CC_STACKPROTECTOR - choice - prompt "Stack Protector buffer overflow detection" - depends on HAVE_CC_STACKPROTECTOR -- default CC_STACKPROTECTOR_NONE -+ default CC_STACKPROTECTOR_STRONG - help - This option turns on the "stack-protector" GCC feature. This - feature puts, at the beginning of functions, a canary value on -@@ -735,7 +740,7 @@ config ARCH_MMAP_RND_BITS - int "Number of bits to use for ASLR of mmap base address" if EXPERT - range ARCH_MMAP_RND_BITS_MIN ARCH_MMAP_RND_BITS_MAX - default ARCH_MMAP_RND_BITS_DEFAULT if ARCH_MMAP_RND_BITS_DEFAULT -- default ARCH_MMAP_RND_BITS_MIN -+ default ARCH_MMAP_RND_BITS_MAX - depends on HAVE_ARCH_MMAP_RND_BITS - help - This value can be used to select the number of bits to use to -@@ -769,7 +774,7 @@ config ARCH_MMAP_RND_COMPAT_BITS - int "Number of bits to use for ASLR of mmap base address for compatible applications" if EXPERT - range ARCH_MMAP_RND_COMPAT_BITS_MIN ARCH_MMAP_RND_COMPAT_BITS_MAX - default ARCH_MMAP_RND_COMPAT_BITS_DEFAULT if ARCH_MMAP_RND_COMPAT_BITS_DEFAULT -- default ARCH_MMAP_RND_COMPAT_BITS_MIN -+ default ARCH_MMAP_RND_COMPAT_BITS_MAX - depends on HAVE_ARCH_MMAP_RND_COMPAT_BITS - help - This value can be used to select the number of bits to use to -@@ -952,6 +957,7 @@ config ARCH_HAS_REFCOUNT - - config REFCOUNT_FULL - bool "Perform full reference count validation at the expense of speed" -+ default y - help - Enabling this switches the refcounting infrastructure from a fast - unchecked atomic_t implementation to a fully state checked -diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig -index 2d5f7aca156d..aa4839a74c6a 100644 ---- a/arch/arm64/Kconfig -+++ b/arch/arm64/Kconfig -@@ -918,6 +918,7 @@ endif - - config ARM64_SW_TTBR0_PAN - bool "Emulate Privileged Access Never using TTBR0_EL1 switching" -+ default y - help - Enabling this option prevents the kernel from accessing - user-space memory directly by pointing TTBR0_EL1 to a reserved -@@ -1044,6 +1045,7 @@ config RANDOMIZE_BASE - bool "Randomize the address of the kernel image" - select ARM64_MODULE_PLTS if MODULES - select RELOCATABLE -+ default y - help - Randomizes the virtual address at which the kernel image is - loaded, as a security feature that deters exploit attempts -diff --git a/arch/arm64/Kconfig.debug b/arch/arm64/Kconfig.debug -index cc6bd559af85..01d5442d4722 100644 ---- a/arch/arm64/Kconfig.debug -+++ b/arch/arm64/Kconfig.debug -@@ -45,6 +45,7 @@ config ARM64_RANDOMIZE_TEXT_OFFSET - config DEBUG_WX - bool "Warn on W+X mappings at boot" - select ARM64_PTDUMP_CORE -+ default y - ---help--- - Generate a warning if any W+X mappings are found at boot. - -diff --git a/arch/arm64/configs/defconfig b/arch/arm64/configs/defconfig -index 34480e9af2e7..26304242250c 100644 ---- a/arch/arm64/configs/defconfig -+++ b/arch/arm64/configs/defconfig -@@ -1,4 +1,3 @@ --CONFIG_SYSVIPC=y - CONFIG_POSIX_MQUEUE=y - CONFIG_AUDIT=y - CONFIG_NO_HZ_IDLE=y -diff --git a/arch/arm64/include/asm/elf.h b/arch/arm64/include/asm/elf.h -index 33be513ef24c..6f0c0e3ef0dd 100644 ---- a/arch/arm64/include/asm/elf.h -+++ b/arch/arm64/include/asm/elf.h -@@ -114,10 +114,10 @@ - - /* - * This is the base location for PIE (ET_DYN with INTERP) loads. On -- * 64-bit, this is above 4GB to leave the entire 32-bit address -+ * 64-bit, this is raised to 4GB to leave the entire 32-bit address - * space open for things that want to use the area for 32-bit pointers. - */ --#define ELF_ET_DYN_BASE (2 * TASK_SIZE_64 / 3) -+#define ELF_ET_DYN_BASE 0x100000000UL - - #ifndef __ASSEMBLY__ - -@@ -158,10 +158,10 @@ extern int arch_setup_additional_pages(struct linux_binprm *bprm, - /* 1GB of VA */ - #ifdef CONFIG_COMPAT - #define STACK_RND_MASK (test_thread_flag(TIF_32BIT) ? \ -- 0x7ff >> (PAGE_SHIFT - 12) : \ -- 0x3ffff >> (PAGE_SHIFT - 12)) -+ ((1UL << mmap_rnd_compat_bits) - 1) >> (PAGE_SHIFT - 12) : \ -+ ((1UL << mmap_rnd_bits) - 1) >> (PAGE_SHIFT - 12)) - #else --#define STACK_RND_MASK (0x3ffff >> (PAGE_SHIFT - 12)) -+#define STACK_RND_MASK (((1UL << mmap_rnd_bits) - 1) >> (PAGE_SHIFT - 12)) - #endif - - #ifdef __AARCH64EB__ -diff --git a/arch/arm64/kernel/process.c b/arch/arm64/kernel/process.c -index 9e773732520c..91359f45b5fc 100644 ---- a/arch/arm64/kernel/process.c -+++ b/arch/arm64/kernel/process.c -@@ -419,9 +419,9 @@ unsigned long arch_align_stack(unsigned long sp) - unsigned long arch_randomize_brk(struct mm_struct *mm) - { - if (is_compat_task()) -- return randomize_page(mm->brk, SZ_32M); -+ return mm->brk + get_random_long() % SZ_32M + PAGE_SIZE; - else -- return randomize_page(mm->brk, SZ_1G); -+ return mm->brk + get_random_long() % SZ_1G + PAGE_SIZE; - } - - /* -diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig -index 7483cd514c32..835a86c45fb0 100644 ---- a/arch/x86/Kconfig -+++ b/arch/x86/Kconfig -@@ -1153,8 +1153,7 @@ config VM86 - default X86_LEGACY_VM86 - - config X86_16BIT -- bool "Enable support for 16-bit segments" if EXPERT -- default y -+ bool "Enable support for 16-bit segments" - depends on MODIFY_LDT_SYSCALL - ---help--- - This option is required by programs like Wine to run 16-bit -@@ -2228,7 +2227,7 @@ config COMPAT_VDSO - choice - prompt "vsyscall table for legacy applications" - depends on X86_64 -- default LEGACY_VSYSCALL_EMULATE -+ default LEGACY_VSYSCALL_NONE - help - Legacy user code that does not know how to find the vDSO expects - to be able to issue three syscalls by calling fixed addresses in -@@ -2318,8 +2317,7 @@ config CMDLINE_OVERRIDE - be set to 'N' under normal conditions. - - config MODIFY_LDT_SYSCALL -- bool "Enable the LDT (local descriptor table)" if EXPERT -- default y -+ bool "Enable the LDT (local descriptor table)" - ---help--- - Linux can allow user programs to install a per-process x86 - Local Descriptor Table (LDT) using the modify_ldt(2) system -diff --git a/arch/x86/Kconfig.debug b/arch/x86/Kconfig.debug -index 6293a8768a91..add82e0f1df3 100644 ---- a/arch/x86/Kconfig.debug -+++ b/arch/x86/Kconfig.debug -@@ -101,6 +101,7 @@ config EFI_PGT_DUMP - config DEBUG_WX - bool "Warn on W+X mappings at boot" - select X86_PTDUMP_CORE -+ default y - ---help--- - Generate a warning if any W+X mappings are found at boot. - -diff --git a/arch/x86/configs/x86_64_defconfig b/arch/x86/configs/x86_64_defconfig -index e32fc1f274d8..d08acc76502a 100644 ---- a/arch/x86/configs/x86_64_defconfig -+++ b/arch/x86/configs/x86_64_defconfig -@@ -1,5 +1,4 @@ - # CONFIG_LOCALVERSION_AUTO is not set --CONFIG_SYSVIPC=y - CONFIG_POSIX_MQUEUE=y - CONFIG_BSD_PROCESS_ACCT=y - CONFIG_TASKSTATS=y -diff --git a/arch/x86/entry/vdso/vma.c b/arch/x86/entry/vdso/vma.c -index 1911310959f8..bba8dbbc07a8 100644 ---- a/arch/x86/entry/vdso/vma.c -+++ b/arch/x86/entry/vdso/vma.c -@@ -203,55 +203,9 @@ static int map_vdso(const struct vdso_image *image, unsigned long addr) - } - - #ifdef CONFIG_X86_64 --/* -- * Put the vdso above the (randomized) stack with another randomized -- * offset. This way there is no hole in the middle of address space. -- * To save memory make sure it is still in the same PTE as the stack -- * top. This doesn't give that many random bits. -- * -- * Note that this algorithm is imperfect: the distribution of the vdso -- * start address within a PMD is biased toward the end. -- * -- * Only used for the 64-bit and x32 vdsos. -- */ --static unsigned long vdso_addr(unsigned long start, unsigned len) --{ -- unsigned long addr, end; -- unsigned offset; -- -- /* -- * Round up the start address. It can start out unaligned as a result -- * of stack start randomization. -- */ -- start = PAGE_ALIGN(start); -- -- /* Round the lowest possible end address up to a PMD boundary. */ -- end = (start + len + PMD_SIZE - 1) & PMD_MASK; -- if (end >= TASK_SIZE_MAX) -- end = TASK_SIZE_MAX; -- end -= len; -- -- if (end > start) { -- offset = get_random_int() % (((end - start) >> PAGE_SHIFT) + 1); -- addr = start + (offset << PAGE_SHIFT); -- } else { -- addr = start; -- } -- -- /* -- * Forcibly align the final address in case we have a hardware -- * issue that requires alignment for performance reasons. -- */ -- addr = align_vdso_addr(addr); -- -- return addr; --} -- - static int map_vdso_randomized(const struct vdso_image *image) - { -- unsigned long addr = vdso_addr(current->mm->start_stack, image->size-image->sym_vvar_start); -- -- return map_vdso(image, addr); -+ return map_vdso(image, 0); - } - #endif - -diff --git a/arch/x86/include/asm/elf.h b/arch/x86/include/asm/elf.h -index 3a091cea36c5..0931c05a3348 100644 ---- a/arch/x86/include/asm/elf.h -+++ b/arch/x86/include/asm/elf.h -@@ -249,11 +249,11 @@ extern int force_personality32; - - /* - * This is the base location for PIE (ET_DYN with INTERP) loads. On -- * 64-bit, this is above 4GB to leave the entire 32-bit address -+ * 64-bit, this is raised to 4GB to leave the entire 32-bit address - * space open for things that want to use the area for 32-bit pointers. - */ - #define ELF_ET_DYN_BASE (mmap_is_ia32() ? 0x000400000UL : \ -- (DEFAULT_MAP_WINDOW / 3 * 2)) -+ 0x100000000UL) - - /* This yields a mask that user programs can use to figure out what - instruction set this CPU supports. This could be done in user space, -@@ -312,8 +312,8 @@ extern unsigned long get_mmap_base(int is_legacy); - - #ifdef CONFIG_X86_32 - --#define __STACK_RND_MASK(is32bit) (0x7ff) --#define STACK_RND_MASK (0x7ff) -+#define __STACK_RND_MASK(is32bit) ((1UL << mmap_rnd_bits) - 1) -+#define STACK_RND_MASK ((1UL << mmap_rnd_bits) - 1) - - #define ARCH_DLINFO ARCH_DLINFO_IA32 - -@@ -322,7 +322,11 @@ extern unsigned long get_mmap_base(int is_legacy); - #else /* CONFIG_X86_32 */ - - /* 1GB for 64bit, 8MB for 32bit */ --#define __STACK_RND_MASK(is32bit) ((is32bit) ? 0x7ff : 0x3fffff) -+#ifdef CONFIG_COMPAT -+#define __STACK_RND_MASK(is32bit) ((is32bit) ? (1UL << mmap_rnd_compat_bits) - 1 : (1UL << mmap_rnd_bits) - 1) -+#else -+#define __STACK_RND_MASK(is32bit) ((1UL << mmap_rnd_bits) - 1) -+#endif - #define STACK_RND_MASK __STACK_RND_MASK(mmap_is_ia32()) - - #define ARCH_DLINFO \ -@@ -380,5 +384,4 @@ struct va_alignment { - } ____cacheline_aligned; - - extern struct va_alignment va_align; --extern unsigned long align_vdso_addr(unsigned long); - #endif /* _ASM_X86_ELF_H */ -diff --git a/arch/x86/include/asm/tlbflush.h b/arch/x86/include/asm/tlbflush.h -index 704f31315dde..bb82b6344a7b 100644 ---- a/arch/x86/include/asm/tlbflush.h -+++ b/arch/x86/include/asm/tlbflush.h -@@ -253,6 +253,7 @@ static inline void cr4_set_bits(unsigned long mask) - unsigned long cr4; - - cr4 = this_cpu_read(cpu_tlbstate.cr4); -+ BUG_ON(cr4 != __read_cr4()); - if ((cr4 | mask) != cr4) { - cr4 |= mask; - this_cpu_write(cpu_tlbstate.cr4, cr4); -@@ -266,6 +267,7 @@ static inline void cr4_clear_bits(unsigned long mask) - unsigned long cr4; - - cr4 = this_cpu_read(cpu_tlbstate.cr4); -+ BUG_ON(cr4 != __read_cr4()); - if ((cr4 & ~mask) != cr4) { - cr4 &= ~mask; - this_cpu_write(cpu_tlbstate.cr4, cr4); -@@ -278,6 +280,7 @@ static inline void cr4_toggle_bits(unsigned long mask) - unsigned long cr4; - - cr4 = this_cpu_read(cpu_tlbstate.cr4); -+ BUG_ON(cr4 != __read_cr4()); - cr4 ^= mask; - this_cpu_write(cpu_tlbstate.cr4, cr4); - __write_cr4(cr4); -@@ -386,6 +389,7 @@ static inline void __native_flush_tlb_global(void) - raw_local_irq_save(flags); - - cr4 = this_cpu_read(cpu_tlbstate.cr4); -+ BUG_ON(cr4 != __read_cr4()); - /* toggle PGE */ - native_write_cr4(cr4 ^ X86_CR4_PGE); - /* write old PGE again and flush TLBs */ -diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c -index 48e98964ecad..a94dc690612f 100644 ---- a/arch/x86/kernel/cpu/common.c -+++ b/arch/x86/kernel/cpu/common.c -@@ -1637,7 +1637,6 @@ void cpu_init(void) - wrmsrl(MSR_KERNEL_GS_BASE, 0); - barrier(); - -- x86_configure_nx(); - x2apic_setup(); - - /* -diff --git a/arch/x86/kernel/process.c b/arch/x86/kernel/process.c -index 988a98f34c66..dc36d2d9078a 100644 ---- a/arch/x86/kernel/process.c -+++ b/arch/x86/kernel/process.c -@@ -40,6 +40,8 @@ - #include - #include - #include -+#include -+#include - - /* - * per-CPU TSS segments. Threads are completely 'soft' on Linux, -@@ -719,7 +721,10 @@ unsigned long arch_align_stack(unsigned long sp) - - unsigned long arch_randomize_brk(struct mm_struct *mm) - { -- return randomize_page(mm->brk, 0x02000000); -+ if (mmap_is_ia32()) -+ return mm->brk + get_random_long() % SZ_32M + PAGE_SIZE; -+ else -+ return mm->brk + get_random_long() % SZ_1G + PAGE_SIZE; - } - - /* -diff --git a/arch/x86/kernel/sys_x86_64.c b/arch/x86/kernel/sys_x86_64.c -index a63fe77b3217..e1085e76043e 100644 ---- a/arch/x86/kernel/sys_x86_64.c -+++ b/arch/x86/kernel/sys_x86_64.c -@@ -54,13 +54,6 @@ static unsigned long get_align_bits(void) - return va_align.bits & get_align_mask(); - } - --unsigned long align_vdso_addr(unsigned long addr) --{ -- unsigned long align_mask = get_align_mask(); -- addr = (addr + align_mask) & ~align_mask; -- return addr | get_align_bits(); --} -- - static int __init control_va_addr_alignment(char *str) - { - /* guard against enabling this on other CPU families */ -@@ -122,10 +115,7 @@ static void find_start_end(unsigned long addr, unsigned long flags, - } - - *begin = get_mmap_base(1); -- if (in_compat_syscall()) -- *end = task_size_32bit(); -- else -- *end = task_size_64bit(addr > DEFAULT_MAP_WINDOW); -+ *end = get_mmap_base(0); - } - - unsigned long -@@ -206,7 +196,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, - - info.flags = VM_UNMAPPED_AREA_TOPDOWN; - info.length = len; -- info.low_limit = PAGE_SIZE; -+ info.low_limit = get_mmap_base(1); - info.high_limit = get_mmap_base(0); - - /* -diff --git a/arch/x86/mm/init_32.c b/arch/x86/mm/init_32.c -index 3141e67ec24c..e93173193f60 100644 ---- a/arch/x86/mm/init_32.c -+++ b/arch/x86/mm/init_32.c -@@ -558,7 +558,7 @@ static void __init pagetable_init(void) - permanent_kmaps_init(pgd_base); - } - --pteval_t __supported_pte_mask __read_mostly = ~(_PAGE_NX | _PAGE_GLOBAL); -+pteval_t __supported_pte_mask __ro_after_init = ~(_PAGE_NX | _PAGE_GLOBAL); - EXPORT_SYMBOL_GPL(__supported_pte_mask); - - /* user-defined highmem size */ -@@ -865,7 +865,7 @@ int arch_remove_memory(u64 start, u64 size) - #endif - #endif - --int kernel_set_to_readonly __read_mostly; -+int kernel_set_to_readonly __ro_after_init; - - void set_kernel_text_rw(void) - { -@@ -917,12 +917,11 @@ void mark_rodata_ro(void) - unsigned long start = PFN_ALIGN(_text); - unsigned long size = PFN_ALIGN(_etext) - start; - -+ kernel_set_to_readonly = 1; - set_pages_ro(virt_to_page(start), size >> PAGE_SHIFT); - printk(KERN_INFO "Write protecting the kernel text: %luk\n", - size >> 10); - -- kernel_set_to_readonly = 1; -- - #ifdef CONFIG_CPA_DEBUG - printk(KERN_INFO "Testing CPA: Reverting %lx-%lx\n", - start, start+size); -diff --git a/arch/x86/mm/init_64.c b/arch/x86/mm/init_64.c -index 642357aff216..8bbf93ce3cd2 100644 ---- a/arch/x86/mm/init_64.c -+++ b/arch/x86/mm/init_64.c -@@ -65,7 +65,7 @@ - * around without checking the pgd every time. - */ - --pteval_t __supported_pte_mask __read_mostly = ~0; -+pteval_t __supported_pte_mask __ro_after_init = ~0; - EXPORT_SYMBOL_GPL(__supported_pte_mask); - - int force_personality32; -@@ -1185,7 +1185,7 @@ void __init mem_init(void) - mem_init_print_info(NULL); - } - --int kernel_set_to_readonly; -+int kernel_set_to_readonly __ro_after_init; - - void set_kernel_text_rw(void) - { -@@ -1234,9 +1234,8 @@ void mark_rodata_ro(void) - - printk(KERN_INFO "Write protecting the kernel read-only data: %luk\n", - (end - start) >> 10); -- set_memory_ro(start, (end - start) >> PAGE_SHIFT); -- - kernel_set_to_readonly = 1; -+ set_memory_ro(start, (end - start) >> PAGE_SHIFT); - - /* - * The rodata/data/bss/brk section (but not the kernel text!) -diff --git a/block/blk-softirq.c b/block/blk-softirq.c -index 01e2b353a2b9..9aeddca4a29f 100644 ---- a/block/blk-softirq.c -+++ b/block/blk-softirq.c -@@ -20,7 +20,7 @@ static DEFINE_PER_CPU(struct list_head, blk_cpu_done); - * Softirq action handler - move entries to local list and loop over them - * while passing them to the queue registered handler. - */ --static __latent_entropy void blk_done_softirq(struct softirq_action *h) -+static __latent_entropy void blk_done_softirq(void) - { - struct list_head *cpu_list, local_list; - -diff --git a/drivers/ata/libata-core.c b/drivers/ata/libata-core.c -index 473f150d6b22..65a65f9824ed 100644 ---- a/drivers/ata/libata-core.c -+++ b/drivers/ata/libata-core.c -@@ -5141,7 +5141,7 @@ void ata_qc_free(struct ata_queued_cmd *qc) - struct ata_port *ap; - unsigned int tag; - -- WARN_ON_ONCE(qc == NULL); /* ata_qc_from_tag _might_ return NULL */ -+ BUG_ON(qc == NULL); /* ata_qc_from_tag _might_ return NULL */ - ap = qc->ap; - - qc->flags = 0; -@@ -5158,7 +5158,7 @@ void __ata_qc_complete(struct ata_queued_cmd *qc) - struct ata_port *ap; - struct ata_link *link; - -- WARN_ON_ONCE(qc == NULL); /* ata_qc_from_tag _might_ return NULL */ -+ BUG_ON(qc == NULL); /* ata_qc_from_tag _might_ return NULL */ - WARN_ON_ONCE(!(qc->flags & ATA_QCFLAG_ACTIVE)); - ap = qc->ap; - link = qc->dev->link; -diff --git a/drivers/char/Kconfig b/drivers/char/Kconfig -index c28dca0c613d..d4813f0d25ca 100644 ---- a/drivers/char/Kconfig -+++ b/drivers/char/Kconfig -@@ -9,7 +9,6 @@ source "drivers/tty/Kconfig" - - config DEVMEM - bool "/dev/mem virtual device support" -- default y - help - Say Y here if you want to support the /dev/mem device. - The /dev/mem device is used to access areas of physical -@@ -568,7 +567,6 @@ config TELCLOCK - config DEVPORT - bool "/dev/port character device" - depends on ISA || PCI -- default y - help - Say Y here if you want to support the /dev/port device. The /dev/port - device is similar to /dev/mem, but for I/O ports. -diff --git a/drivers/media/dvb-frontends/cx24116.c b/drivers/media/dvb-frontends/cx24116.c -index e105532bfba8..e07d52bb9b62 100644 ---- a/drivers/media/dvb-frontends/cx24116.c -+++ b/drivers/media/dvb-frontends/cx24116.c -@@ -1462,7 +1462,7 @@ static int cx24116_tune(struct dvb_frontend *fe, bool re_tune, - return cx24116_read_status(fe, status); - } - --static int cx24116_get_algo(struct dvb_frontend *fe) -+static enum dvbfe_algo cx24116_get_algo(struct dvb_frontend *fe) - { - return DVBFE_ALGO_HW; - } -diff --git a/drivers/media/dvb-frontends/cx24117.c b/drivers/media/dvb-frontends/cx24117.c -index d37cb7762bd6..97e0feff0ede 100644 ---- a/drivers/media/dvb-frontends/cx24117.c -+++ b/drivers/media/dvb-frontends/cx24117.c -@@ -1555,7 +1555,7 @@ static int cx24117_tune(struct dvb_frontend *fe, bool re_tune, - return cx24117_read_status(fe, status); - } - --static int cx24117_get_algo(struct dvb_frontend *fe) -+static enum dvbfe_algo cx24117_get_algo(struct dvb_frontend *fe) - { - return DVBFE_ALGO_HW; - } -diff --git a/drivers/media/dvb-frontends/cx24120.c b/drivers/media/dvb-frontends/cx24120.c -index 7f11dcc94d85..01da670760ba 100644 ---- a/drivers/media/dvb-frontends/cx24120.c -+++ b/drivers/media/dvb-frontends/cx24120.c -@@ -1491,7 +1491,7 @@ static int cx24120_tune(struct dvb_frontend *fe, bool re_tune, - return cx24120_read_status(fe, status); - } - --static int cx24120_get_algo(struct dvb_frontend *fe) -+static enum dvbfe_algo cx24120_get_algo(struct dvb_frontend *fe) - { - return DVBFE_ALGO_HW; - } -diff --git a/drivers/media/dvb-frontends/cx24123.c b/drivers/media/dvb-frontends/cx24123.c -index 1d59d1d3bd82..41cd0e9ea199 100644 ---- a/drivers/media/dvb-frontends/cx24123.c -+++ b/drivers/media/dvb-frontends/cx24123.c -@@ -1005,7 +1005,7 @@ static int cx24123_tune(struct dvb_frontend *fe, - return retval; - } - --static int cx24123_get_algo(struct dvb_frontend *fe) -+static enum dvbfe_algo cx24123_get_algo(struct dvb_frontend *fe) - { - return DVBFE_ALGO_HW; - } -diff --git a/drivers/media/dvb-frontends/cxd2820r_core.c b/drivers/media/dvb-frontends/cxd2820r_core.c -index f6ebbb47b9b2..3e0d8cbd76da 100644 ---- a/drivers/media/dvb-frontends/cxd2820r_core.c -+++ b/drivers/media/dvb-frontends/cxd2820r_core.c -@@ -403,7 +403,7 @@ static enum dvbfe_search cxd2820r_search(struct dvb_frontend *fe) - return DVBFE_ALGO_SEARCH_ERROR; - } - --static int cxd2820r_get_frontend_algo(struct dvb_frontend *fe) -+static enum dvbfe_algo cxd2820r_get_frontend_algo(struct dvb_frontend *fe) - { - return DVBFE_ALGO_CUSTOM; - } -diff --git a/drivers/media/dvb-frontends/mb86a20s.c b/drivers/media/dvb-frontends/mb86a20s.c -index e8ac8c3e2ec0..e0f4ba8302d1 100644 ---- a/drivers/media/dvb-frontends/mb86a20s.c -+++ b/drivers/media/dvb-frontends/mb86a20s.c -@@ -2055,7 +2055,7 @@ static void mb86a20s_release(struct dvb_frontend *fe) - kfree(state); - } - --static int mb86a20s_get_frontend_algo(struct dvb_frontend *fe) -+static enum dvbfe_algo mb86a20s_get_frontend_algo(struct dvb_frontend *fe) - { - return DVBFE_ALGO_HW; - } -diff --git a/drivers/media/dvb-frontends/s921.c b/drivers/media/dvb-frontends/s921.c -index 274544a3ae0e..9ef9b9bc1bd2 100644 ---- a/drivers/media/dvb-frontends/s921.c -+++ b/drivers/media/dvb-frontends/s921.c -@@ -464,7 +464,7 @@ static int s921_tune(struct dvb_frontend *fe, - return rc; - } - --static int s921_get_algo(struct dvb_frontend *fe) -+static enum dvbfe_algo s921_get_algo(struct dvb_frontend *fe) - { - return DVBFE_ALGO_HW; - } -diff --git a/drivers/media/pci/bt8xx/dst.c b/drivers/media/pci/bt8xx/dst.c -index 7166d2279465..fa682f9fdc4b 100644 ---- a/drivers/media/pci/bt8xx/dst.c -+++ b/drivers/media/pci/bt8xx/dst.c -@@ -1657,7 +1657,7 @@ static int dst_tune_frontend(struct dvb_frontend* fe, - return 0; - } - --static int dst_get_tuning_algo(struct dvb_frontend *fe) -+static enum dvbfe_algo dst_get_tuning_algo(struct dvb_frontend *fe) - { - return dst_algo ? DVBFE_ALGO_HW : DVBFE_ALGO_SW; - } -diff --git a/drivers/media/pci/pt1/va1j5jf8007s.c b/drivers/media/pci/pt1/va1j5jf8007s.c -index f75f69556be7..d913a6050e8c 100644 ---- a/drivers/media/pci/pt1/va1j5jf8007s.c -+++ b/drivers/media/pci/pt1/va1j5jf8007s.c -@@ -98,7 +98,7 @@ static int va1j5jf8007s_read_snr(struct dvb_frontend *fe, u16 *snr) - return 0; - } - --static int va1j5jf8007s_get_frontend_algo(struct dvb_frontend *fe) -+static enum dvbfe_algo va1j5jf8007s_get_frontend_algo(struct dvb_frontend *fe) - { - return DVBFE_ALGO_HW; - } -diff --git a/drivers/media/pci/pt1/va1j5jf8007t.c b/drivers/media/pci/pt1/va1j5jf8007t.c -index 63fda79a75c0..4115c3ccd4a8 100644 ---- a/drivers/media/pci/pt1/va1j5jf8007t.c -+++ b/drivers/media/pci/pt1/va1j5jf8007t.c -@@ -88,7 +88,7 @@ static int va1j5jf8007t_read_snr(struct dvb_frontend *fe, u16 *snr) - return 0; - } - --static int va1j5jf8007t_get_frontend_algo(struct dvb_frontend *fe) -+static enum dvbfe_algo va1j5jf8007t_get_frontend_algo(struct dvb_frontend *fe) - { - return DVBFE_ALGO_HW; - } -diff --git a/drivers/misc/lkdtm_core.c b/drivers/misc/lkdtm_core.c -index 981b3ef71e47..9883da1da383 100644 ---- a/drivers/misc/lkdtm_core.c -+++ b/drivers/misc/lkdtm_core.c -@@ -78,7 +78,7 @@ static irqreturn_t jp_handle_irq_event(unsigned int irq, - return 0; - } - --static void jp_tasklet_action(struct softirq_action *a) -+static void jp_tasklet_action(void) - { - lkdtm_handler(); - jprobe_return(); -diff --git a/drivers/tty/Kconfig b/drivers/tty/Kconfig -index b811442c5ce6..4f62a63cbcb1 100644 ---- a/drivers/tty/Kconfig -+++ b/drivers/tty/Kconfig -@@ -122,7 +122,6 @@ config UNIX98_PTYS - - config LEGACY_PTYS - bool "Legacy (BSD) PTY support" -- default y - ---help--- - A pseudo terminal (PTY) is a software device consisting of two - halves: a master and a slave. The slave device behaves identical to -diff --git a/drivers/tty/tty_io.c b/drivers/tty/tty_io.c -index 562d31073f9a..2184b9b5485f 100644 ---- a/drivers/tty/tty_io.c -+++ b/drivers/tty/tty_io.c -@@ -171,6 +171,7 @@ static void free_tty_struct(struct tty_struct *tty) - put_device(tty->dev); - kfree(tty->write_buf); - tty->magic = 0xDEADDEAD; -+ put_user_ns(tty->owner_user_ns); - kfree(tty); - } - -@@ -2154,11 +2155,19 @@ static int tty_fasync(int fd, struct file *filp, int on) - * FIXME: may race normal receive processing - */ - -+int tiocsti_restrict = IS_ENABLED(CONFIG_SECURITY_TIOCSTI_RESTRICT); -+ - static int tiocsti(struct tty_struct *tty, char __user *p) - { - char ch, mbz = 0; - struct tty_ldisc *ld; - -+ if (tiocsti_restrict && -+ !ns_capable(tty->owner_user_ns, CAP_SYS_ADMIN)) { -+ dev_warn_ratelimited(tty->dev, -+ "Denied TIOCSTI ioctl for non-privileged process\n"); -+ return -EPERM; -+ } - if ((current->signal->tty != tty) && !capable(CAP_SYS_ADMIN)) - return -EPERM; - if (get_user(ch, p)) -@@ -2841,6 +2850,7 @@ struct tty_struct *alloc_tty_struct(struct tty_driver *driver, int idx) - tty->index = idx; - tty_line_name(driver, idx, tty->name); - tty->dev = tty_get_device(tty); -+ tty->owner_user_ns = get_user_ns(current_user_ns()); - - return tty; - } -diff --git a/drivers/usb/core/hub.c b/drivers/usb/core/hub.c -index 442be7f312f6..788557d5c454 100644 ---- a/drivers/usb/core/hub.c -+++ b/drivers/usb/core/hub.c -@@ -38,6 +38,8 @@ - #define USB_VENDOR_GENESYS_LOGIC 0x05e3 - #define HUB_QUIRK_CHECK_PORT_AUTOSUSPEND 0x01 - -+extern int deny_new_usb; -+ - /* Protect struct usb_device->state and ->children members - * Note: Both are also protected by ->dev.sem, except that ->state can - * change to USB_STATE_NOTATTACHED even when the semaphore isn't held. */ -@@ -4806,6 +4808,12 @@ static void hub_port_connect(struct usb_hub *hub, int port1, u16 portstatus, - goto done; - return; - } -+ -+ if (deny_new_usb) { -+ dev_err(&port_dev->dev, "denied insert of USB device on port %d\n", port1); -+ goto done; -+ } -+ - if (hub_is_superspeed(hub->hdev)) - unit_load = 150; - else -diff --git a/fs/exec.c b/fs/exec.c -index 0da4d748b4e6..69fcee853363 100644 ---- a/fs/exec.c -+++ b/fs/exec.c -@@ -62,6 +62,7 @@ - #include - #include - #include -+#include - - #include - #include -@@ -321,6 +322,8 @@ static int __bprm_mm_init(struct linux_binprm *bprm) - arch_bprm_mm_init(mm, vma); - up_write(&mm->mmap_sem); - bprm->p = vma->vm_end - sizeof(void *); -+ if (randomize_va_space) -+ bprm->p ^= get_random_int() & ~PAGE_MASK; - return 0; - err: - up_write(&mm->mmap_sem); -diff --git a/fs/namei.c b/fs/namei.c -index 0b46b858cd42..3ae8e72341da 100644 ---- a/fs/namei.c -+++ b/fs/namei.c -@@ -902,8 +902,8 @@ static inline void put_link(struct nameidata *nd) - path_put(&last->link); - } - --int sysctl_protected_symlinks __read_mostly = 0; --int sysctl_protected_hardlinks __read_mostly = 0; -+int sysctl_protected_symlinks __read_mostly = 1; -+int sysctl_protected_hardlinks __read_mostly = 1; - - /** - * may_follow_link - Check symlink following for unsafe situations -diff --git a/fs/nfs/Kconfig b/fs/nfs/Kconfig -index 5f93cfacb3d1..cea0d7d3b23e 100644 ---- a/fs/nfs/Kconfig -+++ b/fs/nfs/Kconfig -@@ -195,4 +195,3 @@ config NFS_DEBUG - bool - depends on NFS_FS && SUNRPC_DEBUG - select CRC32 -- default y -diff --git a/fs/pipe.c b/fs/pipe.c -index 8ef7d7bef775..b82f305ec13d 100644 ---- a/fs/pipe.c -+++ b/fs/pipe.c -@@ -38,7 +38,7 @@ unsigned int pipe_max_size = 1048576; - /* - * Minimum pipe size, as required by POSIX - */ --unsigned int pipe_min_size = PAGE_SIZE; -+unsigned int pipe_min_size __read_only = PAGE_SIZE; - - /* Maximum allocatable pages per user. Hard limit is unset by default, soft - * matches default values. -diff --git a/fs/proc/Kconfig b/fs/proc/Kconfig -index 1ade1206bb89..60b0f76dec47 100644 ---- a/fs/proc/Kconfig -+++ b/fs/proc/Kconfig -@@ -39,7 +39,6 @@ config PROC_KCORE - config PROC_VMCORE - bool "/proc/vmcore support" - depends on PROC_FS && CRASH_DUMP -- default y - help - Exports the dump image of crashed kernel in ELF format. - -diff --git a/fs/stat.c b/fs/stat.c -index 873785dae022..d3c2ada8b9c7 100644 ---- a/fs/stat.c -+++ b/fs/stat.c -@@ -40,8 +40,13 @@ void generic_fillattr(struct inode *inode, struct kstat *stat) - stat->gid = inode->i_gid; - stat->rdev = inode->i_rdev; - stat->size = i_size_read(inode); -- stat->atime = inode->i_atime; -- stat->mtime = inode->i_mtime; -+ if (is_sidechannel_device(inode) && !capable_noaudit(CAP_MKNOD)) { -+ stat->atime = inode->i_ctime; -+ stat->mtime = inode->i_ctime; -+ } else { -+ stat->atime = inode->i_atime; -+ stat->mtime = inode->i_mtime; -+ } - stat->ctime = inode->i_ctime; - stat->blksize = i_blocksize(inode); - stat->blocks = inode->i_blocks; -@@ -75,9 +80,14 @@ int vfs_getattr_nosec(const struct path *path, struct kstat *stat, - stat->result_mask |= STATX_BASIC_STATS; - request_mask &= STATX_ALL; - query_flags &= KSTAT_QUERY_FLAGS; -- if (inode->i_op->getattr) -- return inode->i_op->getattr(path, stat, request_mask, -- query_flags); -+ if (inode->i_op->getattr) { -+ int retval = inode->i_op->getattr(path, stat, request_mask, query_flags); -+ if (!retval && is_sidechannel_device(inode) && !capable_noaudit(CAP_MKNOD)) { -+ stat->atime = stat->ctime; -+ stat->mtime = stat->ctime; -+ } -+ return retval; -+ } - - generic_fillattr(inode, stat); - return 0; -diff --git a/include/linux/cache.h b/include/linux/cache.h -index 750621e41d1c..e7157c18c62c 100644 ---- a/include/linux/cache.h -+++ b/include/linux/cache.h -@@ -31,6 +31,8 @@ - #define __ro_after_init __attribute__((__section__(".data..ro_after_init"))) - #endif - -+#define __read_only __ro_after_init -+ - #ifndef ____cacheline_aligned - #define ____cacheline_aligned __attribute__((__aligned__(SMP_CACHE_BYTES))) - #endif -diff --git a/include/linux/capability.h b/include/linux/capability.h -index f640dcbc880c..2b4f5d651f19 100644 ---- a/include/linux/capability.h -+++ b/include/linux/capability.h -@@ -207,6 +207,7 @@ extern bool has_capability_noaudit(struct task_struct *t, int cap); - extern bool has_ns_capability_noaudit(struct task_struct *t, - struct user_namespace *ns, int cap); - extern bool capable(int cap); -+extern bool capable_noaudit(int cap); - extern bool ns_capable(struct user_namespace *ns, int cap); - extern bool ns_capable_noaudit(struct user_namespace *ns, int cap); - #else -@@ -232,6 +233,10 @@ static inline bool capable(int cap) - { - return true; - } -+static inline bool capable_noaudit(int cap) -+{ -+ return true; -+} - static inline bool ns_capable(struct user_namespace *ns, int cap) - { - return true; -diff --git a/include/linux/fs.h b/include/linux/fs.h -index cc613f20e5a6..7606596d6c2e 100644 ---- a/include/linux/fs.h -+++ b/include/linux/fs.h -@@ -3392,4 +3392,15 @@ static inline bool dir_relax_shared(struct inode *inode) - extern bool path_noexec(const struct path *path); - extern void inode_nohighmem(struct inode *inode); - -+extern int device_sidechannel_restrict; -+ -+static inline bool is_sidechannel_device(const struct inode *inode) -+{ -+ umode_t mode; -+ if (!device_sidechannel_restrict) -+ return false; -+ mode = inode->i_mode; -+ return ((S_ISCHR(mode) || S_ISBLK(mode)) && (mode & (S_IROTH | S_IWOTH))); -+} -+ - #endif /* _LINUX_FS_H */ -diff --git a/include/linux/fsnotify.h b/include/linux/fsnotify.h -index bdaf22582f6e..326ff15d4637 100644 ---- a/include/linux/fsnotify.h -+++ b/include/linux/fsnotify.h -@@ -181,6 +181,9 @@ static inline void fsnotify_access(struct file *file) - struct inode *inode = path->dentry->d_inode; - __u32 mask = FS_ACCESS; - -+ if (is_sidechannel_device(inode)) -+ return; -+ - if (S_ISDIR(inode->i_mode)) - mask |= FS_ISDIR; - -@@ -199,6 +202,9 @@ static inline void fsnotify_modify(struct file *file) - struct inode *inode = path->dentry->d_inode; - __u32 mask = FS_MODIFY; - -+ if (is_sidechannel_device(inode)) -+ return; -+ - if (S_ISDIR(inode->i_mode)) - mask |= FS_ISDIR; - -diff --git a/include/linux/gfp.h b/include/linux/gfp.h -index b041f94678de..a5e0175c79e0 100644 ---- a/include/linux/gfp.h -+++ b/include/linux/gfp.h -@@ -518,9 +518,9 @@ extern struct page *alloc_pages_vma(gfp_t gfp_mask, int order, - extern unsigned long __get_free_pages(gfp_t gfp_mask, unsigned int order); - extern unsigned long get_zeroed_page(gfp_t gfp_mask); - --void *alloc_pages_exact(size_t size, gfp_t gfp_mask); -+void *alloc_pages_exact(size_t size, gfp_t gfp_mask) __attribute__((alloc_size(1))); - void free_pages_exact(void *virt, size_t size); --void * __meminit alloc_pages_exact_nid(int nid, size_t size, gfp_t gfp_mask); -+void * __meminit alloc_pages_exact_nid(int nid, size_t size, gfp_t gfp_mask) __attribute__((alloc_size(1))); - - #define __get_free_page(gfp_mask) \ - __get_free_pages((gfp_mask), 0) -diff --git a/include/linux/highmem.h b/include/linux/highmem.h -index 776f90f3a1cd..3f5c47000059 100644 ---- a/include/linux/highmem.h -+++ b/include/linux/highmem.h -@@ -191,6 +191,13 @@ static inline void clear_highpage(struct page *page) - kunmap_atomic(kaddr); - } - -+static inline void verify_zero_highpage(struct page *page) -+{ -+ void *kaddr = kmap_atomic(page); -+ BUG_ON(memchr_inv(kaddr, 0, PAGE_SIZE)); -+ kunmap_atomic(kaddr); -+} -+ - static inline void zero_user_segments(struct page *page, - unsigned start1, unsigned end1, - unsigned start2, unsigned end2) -diff --git a/include/linux/interrupt.h b/include/linux/interrupt.h -index 69c238210325..ee487ea4f48f 100644 ---- a/include/linux/interrupt.h -+++ b/include/linux/interrupt.h -@@ -485,7 +485,7 @@ extern const char * const softirq_to_name[NR_SOFTIRQS]; - - struct softirq_action - { -- void (*action)(struct softirq_action *); -+ void (*action)(void); - }; - - asmlinkage void do_softirq(void); -@@ -500,7 +500,7 @@ static inline void do_softirq_own_stack(void) - } - #endif - --extern void open_softirq(int nr, void (*action)(struct softirq_action *)); -+extern void __init open_softirq(int nr, void (*action)(void)); - extern void softirq_init(void); - extern void __raise_softirq_irqoff(unsigned int nr); - -diff --git a/include/linux/kobject_ns.h b/include/linux/kobject_ns.h -index df32d2508290..c992d130b94d 100644 ---- a/include/linux/kobject_ns.h -+++ b/include/linux/kobject_ns.h -@@ -46,7 +46,7 @@ struct kobj_ns_type_operations { - void (*drop_ns)(void *); - }; - --int kobj_ns_type_register(const struct kobj_ns_type_operations *ops); -+int __init kobj_ns_type_register(const struct kobj_ns_type_operations *ops); - int kobj_ns_type_registered(enum kobj_ns_type type); - const struct kobj_ns_type_operations *kobj_child_ns_ops(struct kobject *parent); - const struct kobj_ns_type_operations *kobj_ns_ops(struct kobject *kobj); -diff --git a/include/linux/mm.h b/include/linux/mm.h -index f23215854c80..98df98c44cc0 100644 ---- a/include/linux/mm.h -+++ b/include/linux/mm.h -@@ -525,7 +525,7 @@ static inline int is_vmalloc_or_module_addr(const void *x) - } - #endif - --extern void *kvmalloc_node(size_t size, gfp_t flags, int node); -+extern void *kvmalloc_node(size_t size, gfp_t flags, int node) __attribute__((alloc_size(1))); - static inline void *kvmalloc(size_t size, gfp_t flags) - { - return kvmalloc_node(size, flags, NUMA_NO_NODE); -diff --git a/include/linux/percpu.h b/include/linux/percpu.h -index 296bbe49d5d1..b26652c9a98d 100644 ---- a/include/linux/percpu.h -+++ b/include/linux/percpu.h -@@ -129,7 +129,7 @@ extern int __init pcpu_page_first_chunk(size_t reserved_size, - pcpu_fc_populate_pte_fn_t populate_pte_fn); - #endif - --extern void __percpu *__alloc_reserved_percpu(size_t size, size_t align); -+extern void __percpu *__alloc_reserved_percpu(size_t size, size_t align) __attribute__((alloc_size(1))); - extern bool __is_kernel_percpu_address(unsigned long addr, unsigned long *can_addr); - extern bool is_kernel_percpu_address(unsigned long addr); - -@@ -137,8 +137,8 @@ extern bool is_kernel_percpu_address(unsigned long addr); - extern void __init setup_per_cpu_areas(void); - #endif - --extern void __percpu *__alloc_percpu_gfp(size_t size, size_t align, gfp_t gfp); --extern void __percpu *__alloc_percpu(size_t size, size_t align); -+extern void __percpu *__alloc_percpu_gfp(size_t size, size_t align, gfp_t gfp) __attribute__((alloc_size(1))); -+extern void __percpu *__alloc_percpu(size_t size, size_t align) __attribute__((alloc_size(1))); - extern void free_percpu(void __percpu *__pdata); - extern phys_addr_t per_cpu_ptr_to_phys(void *addr); - -diff --git a/include/linux/perf_event.h b/include/linux/perf_event.h -index 8e22f24ded6a..b7fecdfa6de5 100644 ---- a/include/linux/perf_event.h -+++ b/include/linux/perf_event.h -@@ -1165,6 +1165,11 @@ extern int perf_cpu_time_max_percent_handler(struct ctl_table *table, int write, - int perf_event_max_stack_handler(struct ctl_table *table, int write, - void __user *buffer, size_t *lenp, loff_t *ppos); - -+static inline bool perf_paranoid_any(void) -+{ -+ return sysctl_perf_event_paranoid > 2; -+} -+ - static inline bool perf_paranoid_tracepoint_raw(void) - { - return sysctl_perf_event_paranoid > -1; -diff --git a/include/linux/slab.h b/include/linux/slab.h -index ae5ed6492d54..fd0786124504 100644 ---- a/include/linux/slab.h -+++ b/include/linux/slab.h -@@ -146,8 +146,8 @@ void memcg_destroy_kmem_caches(struct mem_cgroup *); - /* - * Common kmalloc functions provided by all allocators - */ --void * __must_check __krealloc(const void *, size_t, gfp_t); --void * __must_check krealloc(const void *, size_t, gfp_t); -+void * __must_check __krealloc(const void *, size_t, gfp_t) __attribute__((alloc_size(2))); -+void * __must_check krealloc(const void *, size_t, gfp_t) __attribute((alloc_size(2))); - void kfree(const void *); - void kzfree(const void *); - size_t ksize(const void *); -@@ -324,7 +324,7 @@ static __always_inline int kmalloc_index(size_t size) - } - #endif /* !CONFIG_SLOB */ - --void *__kmalloc(size_t size, gfp_t flags) __assume_kmalloc_alignment __malloc; -+void *__kmalloc(size_t size, gfp_t flags) __assume_kmalloc_alignment __malloc __attribute__((alloc_size(1))); - void *kmem_cache_alloc(struct kmem_cache *, gfp_t flags) __assume_slab_alignment __malloc; - void kmem_cache_free(struct kmem_cache *, void *); - -@@ -348,7 +348,7 @@ static __always_inline void kfree_bulk(size_t size, void **p) - } - - #ifdef CONFIG_NUMA --void *__kmalloc_node(size_t size, gfp_t flags, int node) __assume_kmalloc_alignment __malloc; -+void *__kmalloc_node(size_t size, gfp_t flags, int node) __assume_kmalloc_alignment __malloc __attribute__((alloc_size(1))); - void *kmem_cache_alloc_node(struct kmem_cache *, gfp_t flags, int node) __assume_slab_alignment __malloc; - #else - static __always_inline void *__kmalloc_node(size_t size, gfp_t flags, int node) -@@ -473,7 +473,7 @@ static __always_inline void *kmalloc_large(size_t size, gfp_t flags) - * for general use, and so are not documented here. For a full list of - * potential flags, always refer to linux/gfp.h. - */ --static __always_inline void *kmalloc(size_t size, gfp_t flags) -+static __always_inline __attribute__((alloc_size(1))) void *kmalloc(size_t size, gfp_t flags) - { - if (__builtin_constant_p(size)) { - if (size > KMALLOC_MAX_CACHE_SIZE) -@@ -513,7 +513,7 @@ static __always_inline int kmalloc_size(int n) - return 0; - } - --static __always_inline void *kmalloc_node(size_t size, gfp_t flags, int node) -+static __always_inline __attribute__((alloc_size(1))) void *kmalloc_node(size_t size, gfp_t flags, int node) - { - #ifndef CONFIG_SLOB - if (__builtin_constant_p(size) && -diff --git a/include/linux/slub_def.h b/include/linux/slub_def.h -index 39fa09bcde23..0b7a48cd883b 100644 ---- a/include/linux/slub_def.h -+++ b/include/linux/slub_def.h -@@ -120,6 +120,11 @@ struct kmem_cache { - unsigned long random; - #endif - -+#ifdef CONFIG_SLAB_CANARY -+ unsigned long random_active; -+ unsigned long random_inactive; -+#endif -+ - #ifdef CONFIG_NUMA - /* - * Defragmentation by allocating from a remote node. -diff --git a/include/linux/string.h b/include/linux/string.h -index cfd83eb2f926..b9ecb42c762d 100644 ---- a/include/linux/string.h -+++ b/include/linux/string.h -@@ -234,10 +234,16 @@ void __read_overflow2(void) __compiletime_error("detected read beyond size of ob - void __read_overflow3(void) __compiletime_error("detected read beyond size of object passed as 3rd parameter"); - void __write_overflow(void) __compiletime_error("detected write beyond size of object passed as 1st parameter"); - -+#ifdef CONFIG_FORTIFY_SOURCE_STRICT_STRING -+#define __string_size(p) __builtin_object_size(p, 1) -+#else -+#define __string_size(p) __builtin_object_size(p, 0) -+#endif -+ - #if !defined(__NO_FORTIFY) && defined(__OPTIMIZE__) && defined(CONFIG_FORTIFY_SOURCE) - __FORTIFY_INLINE char *strncpy(char *p, const char *q, __kernel_size_t size) - { -- size_t p_size = __builtin_object_size(p, 0); -+ size_t p_size = __string_size(p); - if (__builtin_constant_p(size) && p_size < size) - __write_overflow(); - if (p_size < size) -@@ -247,7 +253,7 @@ __FORTIFY_INLINE char *strncpy(char *p, const char *q, __kernel_size_t size) - - __FORTIFY_INLINE char *strcat(char *p, const char *q) - { -- size_t p_size = __builtin_object_size(p, 0); -+ size_t p_size = __string_size(p); - if (p_size == (size_t)-1) - return __builtin_strcat(p, q); - if (strlcat(p, q, p_size) >= p_size) -@@ -258,7 +264,7 @@ __FORTIFY_INLINE char *strcat(char *p, const char *q) - __FORTIFY_INLINE __kernel_size_t strlen(const char *p) - { - __kernel_size_t ret; -- size_t p_size = __builtin_object_size(p, 0); -+ size_t p_size = __string_size(p); - - /* Work around gcc excess stack consumption issue */ - if (p_size == (size_t)-1 || -@@ -273,7 +279,7 @@ __FORTIFY_INLINE __kernel_size_t strlen(const char *p) - extern __kernel_size_t __real_strnlen(const char *, __kernel_size_t) __RENAME(strnlen); - __FORTIFY_INLINE __kernel_size_t strnlen(const char *p, __kernel_size_t maxlen) - { -- size_t p_size = __builtin_object_size(p, 0); -+ size_t p_size = __string_size(p); - __kernel_size_t ret = __real_strnlen(p, maxlen < p_size ? maxlen : p_size); - if (p_size <= ret && maxlen != ret) - fortify_panic(__func__); -@@ -285,8 +291,8 @@ extern size_t __real_strlcpy(char *, const char *, size_t) __RENAME(strlcpy); - __FORTIFY_INLINE size_t strlcpy(char *p, const char *q, size_t size) - { - size_t ret; -- size_t p_size = __builtin_object_size(p, 0); -- size_t q_size = __builtin_object_size(q, 0); -+ size_t p_size = __string_size(p); -+ size_t q_size = __string_size(q); - if (p_size == (size_t)-1 && q_size == (size_t)-1) - return __real_strlcpy(p, q, size); - ret = strlen(q); -@@ -306,8 +312,8 @@ __FORTIFY_INLINE size_t strlcpy(char *p, const char *q, size_t size) - __FORTIFY_INLINE char *strncat(char *p, const char *q, __kernel_size_t count) - { - size_t p_len, copy_len; -- size_t p_size = __builtin_object_size(p, 0); -- size_t q_size = __builtin_object_size(q, 0); -+ size_t p_size = __string_size(p); -+ size_t q_size = __string_size(q); - if (p_size == (size_t)-1 && q_size == (size_t)-1) - return __builtin_strncat(p, q, count); - p_len = strlen(p); -@@ -420,8 +426,8 @@ __FORTIFY_INLINE void *kmemdup(const void *p, size_t size, gfp_t gfp) - /* defined after fortified strlen and memcpy to reuse them */ - __FORTIFY_INLINE char *strcpy(char *p, const char *q) - { -- size_t p_size = __builtin_object_size(p, 0); -- size_t q_size = __builtin_object_size(q, 0); -+ size_t p_size = __string_size(p); -+ size_t q_size = __string_size(q); - if (p_size == (size_t)-1 && q_size == (size_t)-1) - return __builtin_strcpy(p, q); - memcpy(p, q, strlen(q) + 1); -diff --git a/include/linux/tty.h b/include/linux/tty.h -index 1dd587ba6d88..9a9a04fb641d 100644 ---- a/include/linux/tty.h -+++ b/include/linux/tty.h -@@ -13,6 +13,7 @@ - #include - #include - #include -+#include - - - /* -@@ -335,6 +336,7 @@ struct tty_struct { - /* If the tty has a pending do_SAK, queue it here - akpm */ - struct work_struct SAK_work; - struct tty_port *port; -+ struct user_namespace *owner_user_ns; - } __randomize_layout; - - /* Each of a tty's open files has private_data pointing to tty_file_private */ -@@ -344,6 +346,8 @@ struct tty_file_private { - struct list_head list; - }; - -+extern int tiocsti_restrict; -+ - /* tty magic number */ - #define TTY_MAGIC 0x5401 - -diff --git a/include/linux/vmalloc.h b/include/linux/vmalloc.h -index 1e5d8c392f15..66d0e49c9987 100644 ---- a/include/linux/vmalloc.h -+++ b/include/linux/vmalloc.h -@@ -68,19 +68,19 @@ static inline void vmalloc_init(void) - } - #endif - --extern void *vmalloc(unsigned long size); --extern void *vzalloc(unsigned long size); --extern void *vmalloc_user(unsigned long size); --extern void *vmalloc_node(unsigned long size, int node); --extern void *vzalloc_node(unsigned long size, int node); --extern void *vmalloc_exec(unsigned long size); --extern void *vmalloc_32(unsigned long size); --extern void *vmalloc_32_user(unsigned long size); --extern void *__vmalloc(unsigned long size, gfp_t gfp_mask, pgprot_t prot); -+extern void *vmalloc(unsigned long size) __attribute__((alloc_size(1))); -+extern void *vzalloc(unsigned long size) __attribute__((alloc_size(1))); -+extern void *vmalloc_user(unsigned long size) __attribute__((alloc_size(1))); -+extern void *vmalloc_node(unsigned long size, int node) __attribute__((alloc_size(1))); -+extern void *vzalloc_node(unsigned long size, int node) __attribute__((alloc_size(1))); -+extern void *vmalloc_exec(unsigned long size) __attribute__((alloc_size(1))); -+extern void *vmalloc_32(unsigned long size) __attribute__((alloc_size(1))); -+extern void *vmalloc_32_user(unsigned long size) __attribute__((alloc_size(1))); -+extern void *__vmalloc(unsigned long size, gfp_t gfp_mask, pgprot_t prot) __attribute__((alloc_size(1))); - extern void *__vmalloc_node_range(unsigned long size, unsigned long align, - unsigned long start, unsigned long end, gfp_t gfp_mask, - pgprot_t prot, unsigned long vm_flags, int node, -- const void *caller); -+ const void *caller) __attribute__((alloc_size(1))); - #ifndef CONFIG_MMU - extern void *__vmalloc_node_flags(unsigned long size, int node, gfp_t flags); - static inline void *__vmalloc_node_flags_caller(unsigned long size, int node, -diff --git a/init/Kconfig b/init/Kconfig -index 46075327c165..0c78750bc76d 100644 ---- a/init/Kconfig -+++ b/init/Kconfig -@@ -309,6 +309,7 @@ config USELIB - config AUDIT - bool "Auditing support" - depends on NET -+ default y - help - Enable auditing infrastructure that can be used with another - kernel subsystem, such as SELinux (which requires this for -@@ -1052,6 +1053,12 @@ config CC_OPTIMIZE_FOR_SIZE - - endchoice - -+config LOCAL_INIT -+ bool "Zero uninitialized locals" -+ help -+ Zero-fill uninitialized local variables, other than variable-length -+ arrays. Requires compiler support. -+ - config SYSCTL - bool - -@@ -1361,8 +1368,7 @@ config SHMEM - which may be appropriate on small systems without swap. - - config AIO -- bool "Enable AIO support" if EXPERT -- default y -+ bool "Enable AIO support" - help - This option enables POSIX asynchronous I/O which may by used - by some high performance threaded applications. Disabling -@@ -1491,7 +1497,7 @@ config VM_EVENT_COUNTERS - - config SLUB_DEBUG - default y -- bool "Enable SLUB debugging support" if EXPERT -+ bool "Enable SLUB debugging support" - depends on SLUB && SYSFS - help - SLUB has extensive debug support features. Disabling these can -@@ -1515,7 +1521,6 @@ config SLUB_MEMCG_SYSFS_ON - - config COMPAT_BRK - bool "Disable heap randomization" -- default y - help - Randomizing heap placement makes heap exploits harder, but it - also breaks ancient binaries (including anything libc5 based). -@@ -1562,7 +1567,6 @@ endchoice - - config SLAB_MERGE_DEFAULT - bool "Allow slab caches to be merged" -- default y - help - For reduced kernel memory fragmentation, slab caches can be - merged when they share the same size and other characteristics. -@@ -1575,9 +1579,9 @@ config SLAB_MERGE_DEFAULT - command line. - - config SLAB_FREELIST_RANDOM -- default n - depends on SLAB || SLUB - bool "SLAB freelist randomization" -+ default y - help - Randomizes the freelist order used on creating new pages. This - security feature reduces the predictability of the kernel slab -@@ -1586,12 +1590,56 @@ config SLAB_FREELIST_RANDOM - config SLAB_FREELIST_HARDENED - bool "Harden slab freelist metadata" - depends on SLUB -+ default y - help - Many kernel heap attacks try to target slab cache metadata and - other infrastructure. This options makes minor performance - sacrifies to harden the kernel slab allocator against common - freelist exploit methods. - -+config SLAB_HARDENED -+ default y -+ depends on SLUB -+ bool "Hardened SLAB infrastructure" -+ help -+ Make minor performance sacrifices to harden the kernel slab -+ allocator. -+ -+config SLAB_CANARY -+ depends on SLUB -+ depends on !SLAB_MERGE_DEFAULT -+ bool "SLAB canaries" -+ default y -+ help -+ Place canaries at the end of kernel slab allocations, sacrificing -+ some performance and memory usage for security. -+ -+ Canaries can detect some forms of heap corruption when allocations -+ are freed and as part of the HARDENED_USERCOPY feature. It provides -+ basic use-after-free detection for HARDENED_USERCOPY. -+ -+ Canaries absorb small overflows (rendering them harmless), mitigate -+ non-NUL terminated C string overflows on 64-bit via a guaranteed zero -+ byte and provide basic double-free detection. -+ -+config SLAB_SANITIZE -+ bool "Sanitize SLAB allocations" -+ depends on SLUB -+ default y -+ help -+ Zero fill slab allocations on free, reducing the lifetime of -+ sensitive data and helping to mitigate use-after-free bugs. -+ -+ For slabs with debug poisoning enabling, this has no impact. -+ -+config SLAB_SANITIZE_VERIFY -+ depends on SLAB_SANITIZE && PAGE_SANITIZE -+ default y -+ bool "Verify sanitized SLAB allocations" -+ help -+ Verify that newly allocated slab allocations are zeroed to detect -+ write-after-free bugs. -+ - config SLUB_CPU_PARTIAL - default y - depends on SLUB && SMP -diff --git a/kernel/audit.c b/kernel/audit.c -index 5b34d3114af4..e57930192ce1 100644 ---- a/kernel/audit.c -+++ b/kernel/audit.c -@@ -1573,6 +1573,9 @@ static int __init audit_enable(char *str) - audit_default = !!simple_strtol(str, NULL, 0); - if (!audit_default) - audit_initialized = AUDIT_DISABLED; -+ else -+ audit_initialized = AUDIT_UNINITIALIZED; -+ - audit_enabled = audit_default; - audit_ever_enabled = !!audit_enabled; - -diff --git a/kernel/bpf/core.c b/kernel/bpf/core.c -index d203a5d6b726..2a6c3e2c57a6 100644 ---- a/kernel/bpf/core.c -+++ b/kernel/bpf/core.c -@@ -539,7 +539,7 @@ void __weak bpf_jit_free(struct bpf_prog *fp) - bpf_prog_unlock_free(fp); - } - --int bpf_jit_harden __read_mostly; -+int bpf_jit_harden __read_mostly = 2; - - static int bpf_jit_blind_insn(const struct bpf_insn *from, - const struct bpf_insn *aux, -diff --git a/kernel/bpf/syscall.c b/kernel/bpf/syscall.c -index 4e933219fec6..0f37db32a2b1 100644 ---- a/kernel/bpf/syscall.c -+++ b/kernel/bpf/syscall.c -@@ -37,7 +37,7 @@ static DEFINE_SPINLOCK(prog_idr_lock); - static DEFINE_IDR(map_idr); - static DEFINE_SPINLOCK(map_idr_lock); - --int sysctl_unprivileged_bpf_disabled __read_mostly; -+int sysctl_unprivileged_bpf_disabled __read_mostly = 1; - - static const struct bpf_map_ops * const bpf_map_types[] = { - #define BPF_PROG_TYPE(_id, _ops) -diff --git a/kernel/capability.c b/kernel/capability.c -index 1e1c0236f55b..452062fe45ce 100644 ---- a/kernel/capability.c -+++ b/kernel/capability.c -@@ -431,6 +431,12 @@ bool capable(int cap) - return ns_capable(&init_user_ns, cap); - } - EXPORT_SYMBOL(capable); -+ -+bool capable_noaudit(int cap) -+{ -+ return ns_capable_noaudit(&init_user_ns, cap); -+} -+EXPORT_SYMBOL(capable_noaudit); - #endif /* CONFIG_MULTIUSER */ - - /** -diff --git a/kernel/events/core.c b/kernel/events/core.c -index cb8274d7824f..c1b3d232b0a4 100644 ---- a/kernel/events/core.c -+++ b/kernel/events/core.c -@@ -397,8 +397,13 @@ static cpumask_var_t perf_online_mask; - * 0 - disallow raw tracepoint access for unpriv - * 1 - disallow cpu events for unpriv - * 2 - disallow kernel profiling for unpriv -+ * 3 - disallow all unpriv perf event use - */ -+#ifdef CONFIG_SECURITY_PERF_EVENTS_RESTRICT -+int sysctl_perf_event_paranoid __read_mostly = 3; -+#else - int sysctl_perf_event_paranoid __read_mostly = 2; -+#endif - - /* Minimum for 512 kiB + 1 user control page */ - int sysctl_perf_event_mlock __read_mostly = 512 + (PAGE_SIZE / 1024); /* 'free' kiB per user */ -@@ -9941,6 +9946,9 @@ SYSCALL_DEFINE5(perf_event_open, - if (flags & ~PERF_FLAG_ALL) - return -EINVAL; - -+ if (perf_paranoid_any() && !capable(CAP_SYS_ADMIN)) -+ return -EACCES; -+ - err = perf_copy_attr(attr_uptr, &attr); - if (err) - return err; -diff --git a/kernel/fork.c b/kernel/fork.c -index 98c91bd341b4..dbb9540ee61c 100644 ---- a/kernel/fork.c -+++ b/kernel/fork.c -@@ -102,6 +102,11 @@ - - #define CREATE_TRACE_POINTS - #include -+#ifdef CONFIG_USER_NS -+extern int unprivileged_userns_clone; -+#else -+#define unprivileged_userns_clone 0 -+#endif - - /* - * Minimum number of threads to boot the kernel -@@ -1554,6 +1559,10 @@ static __latent_entropy struct task_struct *copy_process( - if ((clone_flags & (CLONE_NEWUSER|CLONE_FS)) == (CLONE_NEWUSER|CLONE_FS)) - return ERR_PTR(-EINVAL); - -+ if ((clone_flags & CLONE_NEWUSER) && !unprivileged_userns_clone) -+ if (!capable(CAP_SYS_ADMIN)) -+ return ERR_PTR(-EPERM); -+ - /* - * Thread groups must share signals as well, and detached threads - * can only be started up within the thread group. -@@ -2347,6 +2356,12 @@ SYSCALL_DEFINE1(unshare, unsigned long, unshare_flags) - if (unshare_flags & CLONE_NEWNS) - unshare_flags |= CLONE_FS; - -+ if ((unshare_flags & CLONE_NEWUSER) && !unprivileged_userns_clone) { -+ err = -EPERM; -+ if (!capable(CAP_SYS_ADMIN)) -+ goto bad_unshare_out; -+ } -+ - err = check_unshare_flags(unshare_flags); - if (err) - goto bad_unshare_out; -diff --git a/kernel/power/snapshot.c b/kernel/power/snapshot.c -index 0972a8e09d08..00dde7aad47a 100644 ---- a/kernel/power/snapshot.c -+++ b/kernel/power/snapshot.c -@@ -1136,7 +1136,7 @@ void free_basic_memory_bitmaps(void) - - void clear_free_pages(void) - { --#ifdef CONFIG_PAGE_POISONING_ZERO -+#if defined(CONFIG_PAGE_POISONING_ZERO) || defined(CONFIG_PAGE_SANITIZE) - struct memory_bitmap *bm = free_pages_map; - unsigned long pfn; - -@@ -1153,7 +1153,7 @@ void clear_free_pages(void) - } - memory_bm_position_reset(bm); - pr_info("PM: free pages cleared after restore\n"); --#endif /* PAGE_POISONING_ZERO */ -+#endif /* PAGE_POISONING_ZERO || PAGE_SANITIZE */ - } - - /** -diff --git a/kernel/rcu/tiny.c b/kernel/rcu/tiny.c -index a64eee0db39e..4d7de378fe4c 100644 ---- a/kernel/rcu/tiny.c -+++ b/kernel/rcu/tiny.c -@@ -164,7 +164,7 @@ static void __rcu_process_callbacks(struct rcu_ctrlblk *rcp) - } - } - --static __latent_entropy void rcu_process_callbacks(struct softirq_action *unused) -+static __latent_entropy void rcu_process_callbacks(void) - { - __rcu_process_callbacks(&rcu_sched_ctrlblk); - __rcu_process_callbacks(&rcu_bh_ctrlblk); -diff --git a/kernel/rcu/tree.c b/kernel/rcu/tree.c -index 3e3650e94ae6..7ecd7a5d04b3 100644 ---- a/kernel/rcu/tree.c -+++ b/kernel/rcu/tree.c -@@ -2918,7 +2918,7 @@ __rcu_process_callbacks(struct rcu_state *rsp) - /* - * Do RCU core processing for the current CPU. - */ --static __latent_entropy void rcu_process_callbacks(struct softirq_action *unused) -+static __latent_entropy void rcu_process_callbacks(void) - { - struct rcu_state *rsp; - -diff --git a/kernel/sched/fair.c b/kernel/sched/fair.c -index 5c09ddf8c832..f5db6ece105a 100644 ---- a/kernel/sched/fair.c -+++ b/kernel/sched/fair.c -@@ -8986,7 +8986,7 @@ static void nohz_idle_balance(struct rq *this_rq, enum cpu_idle_type idle) { } - * run_rebalance_domains is triggered when needed from the scheduler tick. - * Also triggered for nohz idle balancing (with nohz_balancing_kick set). - */ --static __latent_entropy void run_rebalance_domains(struct softirq_action *h) -+static __latent_entropy void run_rebalance_domains(void) - { - struct rq *this_rq = this_rq(); - enum cpu_idle_type idle = this_rq->idle_balance ? -diff --git a/kernel/softirq.c b/kernel/softirq.c -index e89c3b0cff6d..0d3ebd520931 100644 ---- a/kernel/softirq.c -+++ b/kernel/softirq.c -@@ -53,7 +53,7 @@ irq_cpustat_t irq_stat[NR_CPUS] ____cacheline_aligned; - EXPORT_SYMBOL(irq_stat); - #endif - --static struct softirq_action softirq_vec[NR_SOFTIRQS] __cacheline_aligned_in_smp; -+static struct softirq_action softirq_vec[NR_SOFTIRQS] __ro_after_init __aligned(PAGE_SIZE); - - DEFINE_PER_CPU(struct task_struct *, ksoftirqd); - -@@ -281,7 +281,7 @@ asmlinkage __visible void __softirq_entry __do_softirq(void) - kstat_incr_softirqs_this_cpu(vec_nr); - - trace_softirq_entry(vec_nr); -- h->action(h); -+ h->action(); - trace_softirq_exit(vec_nr); - if (unlikely(prev_count != preempt_count())) { - pr_err("huh, entered softirq %u %s %p with preempt_count %08x, exited with %08x?\n", -@@ -444,7 +444,7 @@ void __raise_softirq_irqoff(unsigned int nr) - or_softirq_pending(1UL << nr); - } - --void open_softirq(int nr, void (*action)(struct softirq_action *)) -+void __init open_softirq(int nr, void (*action)(void)) - { - softirq_vec[nr].action = action; - } -@@ -486,7 +486,7 @@ void __tasklet_hi_schedule(struct tasklet_struct *t) - } - EXPORT_SYMBOL(__tasklet_hi_schedule); - --static __latent_entropy void tasklet_action(struct softirq_action *a) -+static __latent_entropy void tasklet_action(void) - { - struct tasklet_struct *list; - -@@ -522,7 +522,7 @@ static __latent_entropy void tasklet_action(struct softirq_action *a) - } - } - --static __latent_entropy void tasklet_hi_action(struct softirq_action *a) -+static __latent_entropy void tasklet_hi_action(void) - { - struct tasklet_struct *list; - -diff --git a/kernel/sysctl.c b/kernel/sysctl.c -index 069550540a39..822783a174aa 100644 ---- a/kernel/sysctl.c -+++ b/kernel/sysctl.c -@@ -66,6 +66,7 @@ - #include - #include - #include -+#include - - #include - #include -@@ -98,12 +99,19 @@ - #if defined(CONFIG_SYSCTL) - - /* External variables not in a header file. */ -+#if IS_ENABLED(CONFIG_USB) -+int deny_new_usb __read_mostly = 0; -+EXPORT_SYMBOL(deny_new_usb); -+#endif - extern int suid_dumpable; - #ifdef CONFIG_COREDUMP - extern int core_uses_pid; - extern char core_pattern[]; - extern unsigned int core_pipe_limit; - #endif -+#ifdef CONFIG_USER_NS -+extern int unprivileged_userns_clone; -+#endif - extern int pid_max; - extern int pid_max_min, pid_max_max; - extern int percpu_pagelist_fraction; -@@ -115,40 +123,43 @@ extern int sysctl_nr_trim_pages; - - /* Constants used for minimum and maximum */ - #ifdef CONFIG_LOCKUP_DETECTOR --static int sixty = 60; -+static int sixty __read_only = 60; - #endif - --static int __maybe_unused neg_one = -1; -+static int __maybe_unused neg_one __read_only = -1; - - static int zero; --static int __maybe_unused one = 1; --static int __maybe_unused two = 2; --static int __maybe_unused four = 4; --static unsigned long one_ul = 1; --static int one_hundred = 100; --static int one_thousand = 1000; -+static int __maybe_unused one __read_only = 1; -+static int __maybe_unused two __read_only = 2; -+static int __maybe_unused four __read_only = 4; -+static unsigned long one_ul __read_only = 1; -+static int one_hundred __read_only = 100; -+static int one_thousand __read_only = 1000; - #ifdef CONFIG_PRINTK --static int ten_thousand = 10000; -+static int ten_thousand __read_only = 10000; - #endif - #ifdef CONFIG_PERF_EVENTS --static int six_hundred_forty_kb = 640 * 1024; -+static int six_hundred_forty_kb __read_only = 640 * 1024; - #endif - - /* this is needed for the proc_doulongvec_minmax of vm_dirty_bytes */ --static unsigned long dirty_bytes_min = 2 * PAGE_SIZE; -+static unsigned long dirty_bytes_min __read_only = 2 * PAGE_SIZE; - - /* this is needed for the proc_dointvec_minmax for [fs_]overflow UID and GID */ --static int maxolduid = 65535; --static int minolduid; -+static int maxolduid __read_only = 65535; -+static int minolduid __read_only; - --static int ngroups_max = NGROUPS_MAX; -+static int ngroups_max __read_only = NGROUPS_MAX; - static const int cap_last_cap = CAP_LAST_CAP; - - /*this is needed for proc_doulongvec_minmax of sysctl_hung_task_timeout_secs */ - #ifdef CONFIG_DETECT_HUNG_TASK --static unsigned long hung_task_timeout_max = (LONG_MAX/HZ); -+static unsigned long hung_task_timeout_max __read_only = (LONG_MAX/HZ); - #endif - -+int device_sidechannel_restrict __read_mostly = 1; -+EXPORT_SYMBOL(device_sidechannel_restrict); -+ - #ifdef CONFIG_INOTIFY_USER - #include - #endif -@@ -286,19 +297,19 @@ static struct ctl_table sysctl_base_table[] = { - }; - - #ifdef CONFIG_SCHED_DEBUG --static int min_sched_granularity_ns = 100000; /* 100 usecs */ --static int max_sched_granularity_ns = NSEC_PER_SEC; /* 1 second */ --static int min_wakeup_granularity_ns; /* 0 usecs */ --static int max_wakeup_granularity_ns = NSEC_PER_SEC; /* 1 second */ -+static int min_sched_granularity_ns __read_only = 100000; /* 100 usecs */ -+static int max_sched_granularity_ns __read_only = NSEC_PER_SEC; /* 1 second */ -+static int min_wakeup_granularity_ns __read_only; /* 0 usecs */ -+static int max_wakeup_granularity_ns __read_only = NSEC_PER_SEC; /* 1 second */ - #ifdef CONFIG_SMP --static int min_sched_tunable_scaling = SCHED_TUNABLESCALING_NONE; --static int max_sched_tunable_scaling = SCHED_TUNABLESCALING_END-1; -+static int min_sched_tunable_scaling __read_only = SCHED_TUNABLESCALING_NONE; -+static int max_sched_tunable_scaling __read_only = SCHED_TUNABLESCALING_END-1; - #endif /* CONFIG_SMP */ - #endif /* CONFIG_SCHED_DEBUG */ - - #ifdef CONFIG_COMPACTION --static int min_extfrag_threshold; --static int max_extfrag_threshold = 1000; -+static int min_extfrag_threshold __read_only; -+static int max_extfrag_threshold __read_only = 1000; - #endif - - static struct ctl_table kern_table[] = { -@@ -512,6 +523,15 @@ static struct ctl_table kern_table[] = { - .proc_handler = proc_dointvec, - }, - #endif -+#ifdef CONFIG_USER_NS -+ { -+ .procname = "unprivileged_userns_clone", -+ .data = &unprivileged_userns_clone, -+ .maxlen = sizeof(int), -+ .mode = 0644, -+ .proc_handler = proc_dointvec, -+ }, -+#endif - #ifdef CONFIG_PROC_SYSCTL - { - .procname = "tainted", -@@ -853,6 +873,37 @@ static struct ctl_table kern_table[] = { - .extra1 = &zero, - .extra2 = &two, - }, -+#endif -+#if defined CONFIG_TTY -+ { -+ .procname = "tiocsti_restrict", -+ .data = &tiocsti_restrict, -+ .maxlen = sizeof(int), -+ .mode = 0644, -+ .proc_handler = proc_dointvec_minmax_sysadmin, -+ .extra1 = &zero, -+ .extra2 = &one, -+ }, -+#endif -+ { -+ .procname = "device_sidechannel_restrict", -+ .data = &device_sidechannel_restrict, -+ .maxlen = sizeof(int), -+ .mode = 0644, -+ .proc_handler = proc_dointvec_minmax_sysadmin, -+ .extra1 = &zero, -+ .extra2 = &one, -+ }, -+#if IS_ENABLED(CONFIG_USB) -+ { -+ .procname = "deny_new_usb", -+ .data = &deny_new_usb, -+ .maxlen = sizeof(int), -+ .mode = 0644, -+ .proc_handler = proc_dointvec_minmax_sysadmin, -+ .extra1 = &zero, -+ .extra2 = &one, -+ }, - #endif - { - .procname = "ngroups_max", -diff --git a/kernel/time/timer.c b/kernel/time/timer.c -index 9fe525f410bf..6a85b0e1292e 100644 ---- a/kernel/time/timer.c -+++ b/kernel/time/timer.c -@@ -1624,7 +1624,7 @@ static inline void __run_timers(struct timer_base *base) - /* - * This function runs timers and the timer-tq in bottom half context. - */ --static __latent_entropy void run_timer_softirq(struct softirq_action *h) -+static __latent_entropy void run_timer_softirq(void) - { - struct timer_base *base = this_cpu_ptr(&timer_bases[BASE_STD]); - -diff --git a/kernel/user_namespace.c b/kernel/user_namespace.c -index c490f1e4313b..dd03bd39d7bf 100644 ---- a/kernel/user_namespace.c -+++ b/kernel/user_namespace.c -@@ -24,6 +24,9 @@ - #include - #include - -+/* sysctl */ -+int unprivileged_userns_clone; -+ - static struct kmem_cache *user_ns_cachep __read_mostly; - static DEFINE_MUTEX(userns_state_mutex); - -diff --git a/lib/Kconfig.debug b/lib/Kconfig.debug -index 62d0e25c054c..3953072277eb 100644 ---- a/lib/Kconfig.debug -+++ b/lib/Kconfig.debug -@@ -937,6 +937,7 @@ endmenu # "Debug lockups and hangs" - - config PANIC_ON_OOPS - bool "Panic on Oops" -+ default y - help - Say Y here to enable the kernel to panic when it oopses. This - has the same effect as setting oops=panic on the kernel command -@@ -946,7 +947,7 @@ config PANIC_ON_OOPS - anything erroneous after an oops which could result in data - corruption or other issues. - -- Say N if unsure. -+ Say Y if unsure. - - config PANIC_ON_OOPS_VALUE - int -@@ -1319,6 +1320,7 @@ config DEBUG_BUGVERBOSE - config DEBUG_LIST - bool "Debug linked list manipulation" - depends on DEBUG_KERNEL || BUG_ON_DATA_CORRUPTION -+ default y - help - Enable this to turn on extended checks in the linked-list - walking routines. -@@ -1932,6 +1934,7 @@ config MEMTEST - config BUG_ON_DATA_CORRUPTION - bool "Trigger a BUG when data corruption is detected" - select DEBUG_LIST -+ default y - help - Select this option if the kernel should BUG when it encounters - data corruption in kernel memory structures when they get checked -@@ -1952,7 +1955,7 @@ config STRICT_DEVMEM - bool "Filter access to /dev/mem" - depends on MMU && DEVMEM - depends on ARCH_HAS_DEVMEM_IS_ALLOWED -- default y if TILE || PPC -+ default y - ---help--- - If this option is disabled, you allow userspace (root) access to all - of memory, including kernel and userspace memory. Accidental -@@ -1971,6 +1974,7 @@ config STRICT_DEVMEM - config IO_STRICT_DEVMEM - bool "Filter I/O access to /dev/mem" - depends on STRICT_DEVMEM -+ default y - ---help--- - If this option is disabled, you allow userspace (root) access to all - io-memory regardless of whether a driver is actively using that -diff --git a/lib/irq_poll.c b/lib/irq_poll.c -index 86a709954f5a..6f15787fcb1b 100644 ---- a/lib/irq_poll.c -+++ b/lib/irq_poll.c -@@ -75,7 +75,7 @@ void irq_poll_complete(struct irq_poll *iop) - } - EXPORT_SYMBOL(irq_poll_complete); - --static void __latent_entropy irq_poll_softirq(struct softirq_action *h) -+static void __latent_entropy irq_poll_softirq(void) - { - struct list_head *list = this_cpu_ptr(&blk_cpu_iopoll); - int rearm = 0, budget = irq_poll_budget; -diff --git a/lib/kobject.c b/lib/kobject.c -index 34f847252c02..4fda329de614 100644 ---- a/lib/kobject.c -+++ b/lib/kobject.c -@@ -956,9 +956,9 @@ EXPORT_SYMBOL_GPL(kset_create_and_add); - - - static DEFINE_SPINLOCK(kobj_ns_type_lock); --static const struct kobj_ns_type_operations *kobj_ns_ops_tbl[KOBJ_NS_TYPES]; -+static const struct kobj_ns_type_operations *kobj_ns_ops_tbl[KOBJ_NS_TYPES] __ro_after_init; - --int kobj_ns_type_register(const struct kobj_ns_type_operations *ops) -+int __init kobj_ns_type_register(const struct kobj_ns_type_operations *ops) - { - enum kobj_ns_type type = ops->type; - int error; -diff --git a/lib/nlattr.c b/lib/nlattr.c -index 3d8295c85505..3fa3b3409d69 100644 ---- a/lib/nlattr.c -+++ b/lib/nlattr.c -@@ -341,6 +341,8 @@ int nla_memcpy(void *dest, const struct nlattr *src, int count) - { - int minlen = min_t(int, count, nla_len(src)); - -+ BUG_ON(minlen < 0); -+ - memcpy(dest, nla_data(src), minlen); - if (count > minlen) - memset(dest + minlen, 0, count - minlen); -diff --git a/lib/vsprintf.c b/lib/vsprintf.c -index 86c3385b9eb3..c482070e379b 100644 ---- a/lib/vsprintf.c -+++ b/lib/vsprintf.c -@@ -1591,7 +1591,7 @@ char *device_node_string(char *buf, char *end, struct device_node *dn, - return widen_string(buf, buf - buf_start, end, spec); - } - --int kptr_restrict __read_mostly; -+int kptr_restrict __read_mostly = 2; - - /* - * Show a '%p' thing. A kernel extension is that the '%p' is followed -diff --git a/mm/Kconfig b/mm/Kconfig -index 59efbd3337e0..c070e14ec83d 100644 ---- a/mm/Kconfig -+++ b/mm/Kconfig -@@ -319,7 +319,8 @@ config KSM - config DEFAULT_MMAP_MIN_ADDR - int "Low address space to protect from user allocation" - depends on MMU -- default 4096 -+ default 32768 if ARM || (ARM64 && COMPAT) -+ default 65536 - help - This is the portion of low virtual memory which should be protected - from userspace allocation. Keeping a user from writing to low pages -diff --git a/mm/mmap.c b/mm/mmap.c -index 11f96fad5271..632e7f9a710e 100644 ---- a/mm/mmap.c -+++ b/mm/mmap.c -@@ -220,6 +220,13 @@ SYSCALL_DEFINE1(brk, unsigned long, brk) - - newbrk = PAGE_ALIGN(brk); - oldbrk = PAGE_ALIGN(mm->brk); -+ /* properly handle unaligned min_brk as an empty heap */ -+ if (min_brk & ~PAGE_MASK) { -+ if (brk == min_brk) -+ newbrk -= PAGE_SIZE; -+ if (mm->brk == min_brk) -+ oldbrk -= PAGE_SIZE; -+ } - if (oldbrk == newbrk) - goto set_brk; - -diff --git a/mm/page_alloc.c b/mm/page_alloc.c -index 1d7693c35424..8963a3b4d37c 100644 ---- a/mm/page_alloc.c -+++ b/mm/page_alloc.c -@@ -67,6 +67,7 @@ - #include - #include - #include -+#include - - #include - #include -@@ -98,6 +99,15 @@ int _node_numa_mem_[MAX_NUMNODES]; - DEFINE_MUTEX(pcpu_drain_mutex); - DEFINE_PER_CPU(struct work_struct, pcpu_drain); - -+bool __meminitdata extra_latent_entropy; -+ -+static int __init setup_extra_latent_entropy(char *str) -+{ -+ extra_latent_entropy = true; -+ return 0; -+} -+early_param("extra_latent_entropy", setup_extra_latent_entropy); -+ - #ifdef CONFIG_GCC_PLUGIN_LATENT_ENTROPY - volatile unsigned long latent_entropy __latent_entropy; - EXPORT_SYMBOL(latent_entropy); -@@ -1063,6 +1073,13 @@ static __always_inline bool free_pages_prepare(struct page *page, - debug_check_no_obj_freed(page_address(page), - PAGE_SIZE << order); - } -+ -+ if (IS_ENABLED(CONFIG_PAGE_SANITIZE)) { -+ int i; -+ for (i = 0; i < (1 << order); i++) -+ clear_highpage(page + i); -+ } -+ - arch_free_page(page, order); - kernel_poison_pages(page, 1 << order, 0); - kernel_map_pages(page, 1 << order, 0); -@@ -1278,6 +1295,21 @@ static void __init __free_pages_boot_core(struct page *page, unsigned int order) - __ClearPageReserved(p); - set_page_count(p, 0); - -+ if (extra_latent_entropy && !PageHighMem(page) && page_to_pfn(page) < 0x100000) { -+ unsigned long hash = 0; -+ size_t index, end = PAGE_SIZE * nr_pages / sizeof hash; -+ const unsigned long *data = lowmem_page_address(page); -+ -+ for (index = 0; index < end; index++) -+ hash ^= hash + data[index]; -+#ifdef CONFIG_GCC_PLUGIN_LATENT_ENTROPY -+ latent_entropy ^= hash; -+ add_device_randomness((const void *)&latent_entropy, sizeof(latent_entropy)); -+#else -+ add_device_randomness((const void *)&hash, sizeof(hash)); -+#endif -+ } -+ - page_zone(page)->managed_pages += nr_pages; - set_page_refcounted(page); - __free_pages(page, order); -@@ -1718,8 +1750,8 @@ static inline int check_new_page(struct page *page) - - static inline bool free_pages_prezeroed(void) - { -- return IS_ENABLED(CONFIG_PAGE_POISONING_ZERO) && -- page_poisoning_enabled(); -+ return IS_ENABLED(CONFIG_PAGE_SANITIZE) || -+ (IS_ENABLED(CONFIG_PAGE_POISONING_ZERO) && page_poisoning_enabled()); - } - - #ifdef CONFIG_DEBUG_VM -@@ -1776,6 +1808,11 @@ static void prep_new_page(struct page *page, unsigned int order, gfp_t gfp_flags - - post_alloc_hook(page, order, gfp_flags); - -+ if (IS_ENABLED(CONFIG_PAGE_SANITIZE_VERIFY)) { -+ for (i = 0; i < (1 << order); i++) -+ verify_zero_highpage(page + i); -+ } -+ - if (!free_pages_prezeroed() && (gfp_flags & __GFP_ZERO)) - for (i = 0; i < (1 << order); i++) - clear_highpage(page + i); -diff --git a/mm/slab.h b/mm/slab.h -index 485d9fbb8802..436461588804 100644 ---- a/mm/slab.h -+++ b/mm/slab.h -@@ -311,7 +311,11 @@ static inline bool is_root_cache(struct kmem_cache *s) - static inline bool slab_equal_or_root(struct kmem_cache *s, - struct kmem_cache *p) - { -+#ifdef CONFIG_SLAB_HARDENED -+ return p == s; -+#else - return true; -+#endif - } - - static inline const char *cache_name(struct kmem_cache *s) -@@ -363,18 +367,26 @@ static inline struct kmem_cache *cache_from_obj(struct kmem_cache *s, void *x) - * to not do even the assignment. In that case, slab_equal_or_root - * will also be a constant. - */ -- if (!memcg_kmem_enabled() && -+ if (!IS_ENABLED(CONFIG_SLAB_HARDENED) && -+ !memcg_kmem_enabled() && - !unlikely(s->flags & SLAB_CONSISTENCY_CHECKS)) - return s; - - page = virt_to_head_page(x); -+#ifdef CONFIG_SLAB_HARDENED -+ BUG_ON(!PageSlab(page)); -+#endif - cachep = page->slab_cache; - if (slab_equal_or_root(cachep, s)) - return cachep; - - pr_err("%s: Wrong slab cache. %s but object is from %s\n", - __func__, s->name, cachep->name); -+#ifdef CONFIG_BUG_ON_DATA_CORRUPTION -+ BUG_ON(1); -+#else - WARN_ON_ONCE(1); -+#endif - return s; - } - -@@ -399,7 +411,7 @@ static inline size_t slab_ksize(const struct kmem_cache *s) - * back there or track user information then we can - * only use the space before that information. - */ -- if (s->flags & (SLAB_TYPESAFE_BY_RCU | SLAB_STORE_USER)) -+ if ((s->flags & (SLAB_TYPESAFE_BY_RCU | SLAB_STORE_USER)) || IS_ENABLED(CONFIG_SLAB_CANARY)) - return s->inuse; - /* - * Else we can use all the padding etc for the allocation -diff --git a/mm/slab_common.c b/mm/slab_common.c -index 65212caa1f2a..d8bf8a75f445 100644 ---- a/mm/slab_common.c -+++ b/mm/slab_common.c -@@ -26,10 +26,10 @@ - - #include "slab.h" - --enum slab_state slab_state; -+enum slab_state slab_state __ro_after_init; - LIST_HEAD(slab_caches); - DEFINE_MUTEX(slab_mutex); --struct kmem_cache *kmem_cache; -+struct kmem_cache *kmem_cache __ro_after_init; - - static LIST_HEAD(slab_caches_to_rcu_destroy); - static void slab_caches_to_rcu_destroy_workfn(struct work_struct *work); -@@ -49,7 +49,7 @@ static DECLARE_WORK(slab_caches_to_rcu_destroy_work, - /* - * Merge control. If this is set then no merging of slab caches will occur. - */ --static bool slab_nomerge = !IS_ENABLED(CONFIG_SLAB_MERGE_DEFAULT); -+static bool slab_nomerge __ro_after_init = !IS_ENABLED(CONFIG_SLAB_MERGE_DEFAULT); - - static int __init setup_slab_nomerge(char *str) - { -@@ -927,7 +927,7 @@ EXPORT_SYMBOL(kmalloc_dma_caches); - * of two cache sizes there. The size of larger slabs can be determined using - * fls. - */ --static s8 size_index[24] = { -+static s8 size_index[24] __ro_after_init = { - 3, /* 8 */ - 4, /* 16 */ - 5, /* 24 */ -diff --git a/mm/slub.c b/mm/slub.c -index 41c01690d116..591dd60d37f3 100644 ---- a/mm/slub.c -+++ b/mm/slub.c -@@ -125,6 +125,16 @@ static inline int kmem_cache_debug(struct kmem_cache *s) - #endif - } - -+static inline bool has_sanitize(struct kmem_cache *s) -+{ -+ return IS_ENABLED(CONFIG_SLAB_SANITIZE) && !(s->flags & (SLAB_TYPESAFE_BY_RCU | SLAB_POISON)); -+} -+ -+static inline bool has_sanitize_verify(struct kmem_cache *s) -+{ -+ return IS_ENABLED(CONFIG_SLAB_SANITIZE_VERIFY) && has_sanitize(s); -+} -+ - void *fixup_red_left(struct kmem_cache *s, void *p) - { - if (kmem_cache_debug(s) && s->flags & SLAB_RED_ZONE) -@@ -297,6 +307,35 @@ static inline void set_freepointer(struct kmem_cache *s, void *object, void *fp) - *(void **)freeptr_addr = freelist_ptr(s, fp, freeptr_addr); - } - -+#ifdef CONFIG_SLAB_CANARY -+static inline unsigned long *get_canary(struct kmem_cache *s, void *object) -+{ -+ if (s->offset) -+ return object + s->offset + sizeof(void *); -+ return object + s->inuse; -+} -+ -+static inline unsigned long get_canary_value(const void *canary, unsigned long value) -+{ -+ return (value ^ (unsigned long)canary) & CANARY_MASK; -+} -+ -+static inline void set_canary(struct kmem_cache *s, void *object, unsigned long value) -+{ -+ unsigned long *canary = get_canary(s, object); -+ *canary = get_canary_value(canary, value); -+} -+ -+static inline void check_canary(struct kmem_cache *s, void *object, unsigned long value) -+{ -+ unsigned long *canary = get_canary(s, object); -+ BUG_ON(*canary != get_canary_value(canary, value)); -+} -+#else -+#define set_canary(s, object, value) -+#define check_canary(s, object, value) -+#endif -+ - /* Loop over all objects in a slab */ - #define for_each_object(__p, __s, __addr, __objects) \ - for (__p = fixup_red_left(__s, __addr); \ -@@ -484,13 +523,13 @@ static inline void *restore_red_left(struct kmem_cache *s, void *p) - * Debug settings: - */ - #if defined(CONFIG_SLUB_DEBUG_ON) --static int slub_debug = DEBUG_DEFAULT_FLAGS; -+static int slub_debug __ro_after_init = DEBUG_DEFAULT_FLAGS; - #else --static int slub_debug; -+static int slub_debug __ro_after_init; - #endif - --static char *slub_debug_slabs; --static int disable_higher_order_debug; -+static char *slub_debug_slabs __ro_after_init; -+static int disable_higher_order_debug __ro_after_init; - - /* - * slub is about to manipulate internal object metadata. This memory lies -@@ -550,6 +589,9 @@ static struct track *get_track(struct kmem_cache *s, void *object, - else - p = object + s->inuse; - -+ if (IS_ENABLED(CONFIG_SLAB_CANARY)) -+ p = (void *)p + sizeof(void *); -+ - return p + alloc; - } - -@@ -688,6 +730,9 @@ static void print_trailer(struct kmem_cache *s, struct page *page, u8 *p) - else - off = s->inuse; - -+ if (IS_ENABLED(CONFIG_SLAB_CANARY)) -+ off += sizeof(void *); -+ - if (s->flags & SLAB_STORE_USER) - off += 2 * sizeof(struct track); - -@@ -817,6 +862,9 @@ static int check_pad_bytes(struct kmem_cache *s, struct page *page, u8 *p) - /* Freepointer is placed after the object. */ - off += sizeof(void *); - -+ if (IS_ENABLED(CONFIG_SLAB_CANARY)) -+ off += sizeof(void *); -+ - if (s->flags & SLAB_STORE_USER) - /* We also have user information there */ - off += 2 * sizeof(struct track); -@@ -1416,8 +1464,9 @@ static void setup_object(struct kmem_cache *s, struct page *page, - void *object) - { - setup_object_debug(s, page, object); -+ set_canary(s, object, s->random_inactive); - kasan_init_slab_obj(s, object); -- if (unlikely(s->ctor)) { -+ if (unlikely(s->ctor) && !has_sanitize_verify(s)) { - kasan_unpoison_object_data(s, object); - s->ctor(object); - kasan_poison_object_data(s, object); -@@ -2717,9 +2766,21 @@ static __always_inline void *slab_alloc_node(struct kmem_cache *s, - stat(s, ALLOC_FASTPATH); - } - -- if (unlikely(gfpflags & __GFP_ZERO) && object) -+ if (has_sanitize_verify(s) && object) { -+ size_t offset = s->offset ? 0 : sizeof(void *); -+ BUG_ON(memchr_inv(object + offset, 0, s->object_size - offset)); -+ if (s->ctor) -+ s->ctor(object); -+ if (unlikely(gfpflags & __GFP_ZERO) && offset) -+ memset(object, 0, sizeof(void *)); -+ } else if (unlikely(gfpflags & __GFP_ZERO) && object) - memset(object, 0, s->object_size); - -+ if (object) { -+ check_canary(s, object, s->random_inactive); -+ set_canary(s, object, s->random_active); -+ } -+ - slab_post_alloc_hook(s, gfpflags, 1, &object); - - return object; -@@ -2926,6 +2987,27 @@ static __always_inline void do_slab_free(struct kmem_cache *s, - void *tail_obj = tail ? : head; - struct kmem_cache_cpu *c; - unsigned long tid; -+ bool sanitize = has_sanitize(s); -+ -+ if (IS_ENABLED(CONFIG_SLAB_CANARY) || sanitize) { -+ __maybe_unused int offset = s->offset ? 0 : sizeof(void *); -+ void *x = head; -+ -+ while (1) { -+ check_canary(s, x, s->random_active); -+ set_canary(s, x, s->random_inactive); -+ -+ if (sanitize) { -+ memset(x + offset, 0, s->object_size - offset); -+ if (!IS_ENABLED(CONFIG_SLAB_SANITIZE_VERIFY) && s->ctor) -+ s->ctor(x); -+ } -+ if (x == tail_obj) -+ break; -+ x = get_freepointer(s, x); -+ } -+ } -+ - redo: - /* - * Determine the currently cpus per cpu slab. -@@ -3104,7 +3186,7 @@ int kmem_cache_alloc_bulk(struct kmem_cache *s, gfp_t flags, size_t size, - void **p) - { - struct kmem_cache_cpu *c; -- int i; -+ int i, k; - - /* memcg and kmem_cache debug support */ - s = slab_pre_alloc_hook(s, flags); -@@ -3141,13 +3223,29 @@ int kmem_cache_alloc_bulk(struct kmem_cache *s, gfp_t flags, size_t size, - local_irq_enable(); - - /* Clear memory outside IRQ disabled fastpath loop */ -- if (unlikely(flags & __GFP_ZERO)) { -+ if (has_sanitize_verify(s)) { -+ int j; -+ -+ for (j = 0; j < i; j++) { -+ size_t offset = s->offset ? 0 : sizeof(void *); -+ BUG_ON(memchr_inv(p[j] + offset, 0, s->object_size - offset)); -+ if (s->ctor) -+ s->ctor(p[j]); -+ if (unlikely(flags & __GFP_ZERO) && offset) -+ memset(p[j], 0, sizeof(void *)); -+ } -+ } else if (unlikely(flags & __GFP_ZERO)) { - int j; - - for (j = 0; j < i; j++) - memset(p[j], 0, s->object_size); - } - -+ for (k = 0; k < i; k++) { -+ check_canary(s, p[k], s->random_inactive); -+ set_canary(s, p[k], s->random_active); -+ } -+ - /* memcg and kmem_cache debug support */ - slab_post_alloc_hook(s, flags, size, p); - return i; -@@ -3179,9 +3277,9 @@ EXPORT_SYMBOL(kmem_cache_alloc_bulk); - * and increases the number of allocations possible without having to - * take the list_lock. - */ --static int slub_min_order; --static int slub_max_order = PAGE_ALLOC_COSTLY_ORDER; --static int slub_min_objects; -+static int slub_min_order __ro_after_init; -+static int slub_max_order __ro_after_init = PAGE_ALLOC_COSTLY_ORDER; -+static int slub_min_objects __ro_after_init; - - /* - * Calculate the order of allocation given an slab object size. -@@ -3351,6 +3449,7 @@ static void early_kmem_cache_node_alloc(int node) - init_object(kmem_cache_node, n, SLUB_RED_ACTIVE); - init_tracking(kmem_cache_node, n); - #endif -+ set_canary(kmem_cache_node, n, kmem_cache_node->random_active); - kasan_kmalloc(kmem_cache_node, n, sizeof(struct kmem_cache_node), - GFP_KERNEL); - init_kmem_cache_node(n); -@@ -3507,6 +3606,9 @@ static int calculate_sizes(struct kmem_cache *s, int forced_order) - size += sizeof(void *); - } - -+ if (IS_ENABLED(CONFIG_SLAB_CANARY)) -+ size += sizeof(void *); -+ - #ifdef CONFIG_SLUB_DEBUG - if (flags & SLAB_STORE_USER) - /* -@@ -3577,6 +3679,10 @@ static int kmem_cache_open(struct kmem_cache *s, unsigned long flags) - #ifdef CONFIG_SLAB_FREELIST_HARDENED - s->random = get_random_long(); - #endif -+#ifdef CONFIG_SLAB_CANARY -+ s->random_active = get_random_long(); -+ s->random_inactive = get_random_long(); -+#endif - - if (need_reserve_slab_rcu && (s->flags & SLAB_TYPESAFE_BY_RCU)) - s->reserved = sizeof(struct rcu_head); -@@ -3841,6 +3947,8 @@ const char *__check_heap_object(const void *ptr, unsigned long n, - offset -= s->red_left_pad; - } - -+ check_canary(s, (void *)ptr - offset, s->random_active); -+ - /* Allow address range falling entirely within object size. */ - if (offset <= object_size && n <= object_size - offset) - return NULL; -@@ -3859,7 +3967,11 @@ static size_t __ksize(const void *object) - page = virt_to_head_page(object); - - if (unlikely(!PageSlab(page))) { -+#ifdef CONFIG_BUG_ON_DATA_CORRUPTION -+ BUG_ON(!PageCompound(page)); -+#else - WARN_ON(!PageCompound(page)); -+#endif - return PAGE_SIZE << compound_order(page); - } - -@@ -4724,7 +4836,7 @@ enum slab_stat_type { - #define SO_TOTAL (1 << SL_TOTAL) - - #ifdef CONFIG_MEMCG --static bool memcg_sysfs_enabled = IS_ENABLED(CONFIG_SLUB_MEMCG_SYSFS_ON); -+static bool memcg_sysfs_enabled __ro_after_init = IS_ENABLED(CONFIG_SLUB_MEMCG_SYSFS_ON); - - static int __init setup_slub_memcg_sysfs(char *str) - { -diff --git a/mm/swap.c b/mm/swap.c -index a77d68f2c1b6..d1f1d75f4d1f 100644 ---- a/mm/swap.c -+++ b/mm/swap.c -@@ -92,6 +92,13 @@ static void __put_compound_page(struct page *page) - if (!PageHuge(page)) - __page_cache_release(page); - dtor = get_compound_page_dtor(page); -+ if (!PageHuge(page)) -+ BUG_ON(dtor != free_compound_page -+#ifdef CONFIG_TRANSPARENT_HUGEPAGE -+ && dtor != free_transhuge_page -+#endif -+ ); -+ - (*dtor)(page); - } - -diff --git a/net/core/dev.c b/net/core/dev.c -index 6ca771f2f25b..6da2c9c3e6a5 100644 ---- a/net/core/dev.c -+++ b/net/core/dev.c -@@ -4095,7 +4095,7 @@ int netif_rx_ni(struct sk_buff *skb) - } - EXPORT_SYMBOL(netif_rx_ni); - --static __latent_entropy void net_tx_action(struct softirq_action *h) -+static __latent_entropy void net_tx_action(void) - { - struct softnet_data *sd = this_cpu_ptr(&softnet_data); - -@@ -5609,7 +5609,7 @@ static int napi_poll(struct napi_struct *n, struct list_head *repoll) - return work; - } - --static __latent_entropy void net_rx_action(struct softirq_action *h) -+static __latent_entropy void net_rx_action(void) - { - struct softnet_data *sd = this_cpu_ptr(&softnet_data); - unsigned long time_limit = jiffies + -diff --git a/net/ipv4/Kconfig b/net/ipv4/Kconfig -index f48fe6fc7e8c..d78c52835c08 100644 ---- a/net/ipv4/Kconfig -+++ b/net/ipv4/Kconfig -@@ -261,6 +261,7 @@ config IP_PIMSM_V2 - - config SYN_COOKIES - bool "IP: TCP syncookie support" -+ default y - ---help--- - Normal TCP/IP networking is open to an attack known as "SYN - flooding". This denial-of-service attack prevents legitimate remote -diff --git a/scripts/mod/modpost.c b/scripts/mod/modpost.c -index 54deaa1066cf..211f97bd5ee3 100644 ---- a/scripts/mod/modpost.c -+++ b/scripts/mod/modpost.c -@@ -37,6 +37,7 @@ static int vmlinux_section_warnings = 1; - static int warn_unresolved = 0; - /* How a symbol is exported */ - static int sec_mismatch_count = 0; -+static int writable_fptr_count = 0; - static int sec_mismatch_verbose = 1; - static int sec_mismatch_fatal = 0; - /* ignore missing files */ -@@ -965,6 +966,7 @@ enum mismatch { - ANY_EXIT_TO_ANY_INIT, - EXPORT_TO_INIT_EXIT, - EXTABLE_TO_NON_TEXT, -+ DATA_TO_TEXT - }; - - /** -@@ -1091,6 +1093,12 @@ static const struct sectioncheck sectioncheck[] = { - .good_tosec = {ALL_TEXT_SECTIONS , NULL}, - .mismatch = EXTABLE_TO_NON_TEXT, - .handler = extable_mismatch_handler, -+}, -+/* Do not reference code from writable data */ -+{ -+ .fromsec = { DATA_SECTIONS, NULL }, -+ .bad_tosec = { ALL_TEXT_SECTIONS, NULL }, -+ .mismatch = DATA_TO_TEXT - } - }; - -@@ -1240,10 +1248,10 @@ static Elf_Sym *find_elf_symbol(struct elf_info *elf, Elf64_Sword addr, - continue; - if (ELF_ST_TYPE(sym->st_info) == STT_SECTION) - continue; -- if (sym->st_value == addr) -- return sym; - /* Find a symbol nearby - addr are maybe negative */ - d = sym->st_value - addr; -+ if (d == 0) -+ return sym; - if (d < 0) - d = addr - sym->st_value; - if (d < distance) { -@@ -1402,7 +1410,11 @@ static void report_sec_mismatch(const char *modname, - char *prl_from; - char *prl_to; - -- sec_mismatch_count++; -+ if (mismatch->mismatch == DATA_TO_TEXT) -+ writable_fptr_count++; -+ else -+ sec_mismatch_count++; -+ - if (!sec_mismatch_verbose) - return; - -@@ -1526,6 +1538,14 @@ static void report_sec_mismatch(const char *modname, - fatal("There's a special handler for this mismatch type, " - "we should never get here."); - break; -+ case DATA_TO_TEXT: -+#if 0 -+ fprintf(stderr, -+ "The %s %s:%s references\n" -+ "the %s %s:%s%s\n", -+ from, fromsec, fromsym, to, tosec, tosym, to_p); -+#endif -+ break; - } - fprintf(stderr, "\n"); - } -@@ -2539,6 +2559,14 @@ int main(int argc, char **argv) - } - } - free(buf.p); -+ if (writable_fptr_count) { -+ if (!sec_mismatch_verbose) { -+ warn("modpost: Found %d writable function pointer(s).\n" -+ "To see full details build your kernel with:\n" -+ "'make CONFIG_DEBUG_SECTION_MISMATCH=y'\n", -+ writable_fptr_count); -+ } -+ } - - return err; - } -diff --git a/security/Kconfig b/security/Kconfig -index 87f2a6f842fd..7bdbb7edf5bf 100644 ---- a/security/Kconfig -+++ b/security/Kconfig -@@ -8,7 +8,7 @@ source security/keys/Kconfig - - config SECURITY_DMESG_RESTRICT - bool "Restrict unprivileged access to the kernel syslog" -- default n -+ default y - help - This enforces restrictions on unprivileged users reading the kernel - syslog via dmesg(8). -@@ -18,10 +18,34 @@ config SECURITY_DMESG_RESTRICT - - If you are unsure how to answer this question, answer N. - -+config SECURITY_PERF_EVENTS_RESTRICT -+ bool "Restrict unprivileged use of performance events" -+ depends on PERF_EVENTS -+ default y -+ help -+ If you say Y here, the kernel.perf_event_paranoid sysctl -+ will be set to 3 by default, and no unprivileged use of the -+ perf_event_open syscall will be permitted unless it is -+ changed. -+ -+config SECURITY_TIOCSTI_RESTRICT -+ bool "Restrict unprivileged use of tiocsti command injection" -+ default y -+ help -+ This enforces restrictions on unprivileged users injecting commands -+ into other processes which share a tty session using the TIOCSTI -+ ioctl. This option makes TIOCSTI use require CAP_SYS_ADMIN. -+ -+ If this option is not selected, no restrictions will be enforced -+ unless the tiocsti_restrict sysctl is explicitly set to (1). -+ -+ If you are unsure how to answer this question, answer N. -+ - config SECURITY - bool "Enable different security models" - depends on SYSFS - depends on MULTIUSER -+ default y - help - This allows you to choose different security modules to be - configured into your kernel. -@@ -48,6 +72,7 @@ config SECURITYFS - config SECURITY_NETWORK - bool "Socket and Networking Security Hooks" - depends on SECURITY -+ default y - help - This enables the socket and networking security hooks. - If enabled, a security module can use these hooks to -@@ -155,6 +180,7 @@ config HARDENED_USERCOPY - depends on HAVE_HARDENED_USERCOPY_ALLOCATOR - select BUG - imply STRICT_DEVMEM -+ default y - help - This option checks for obviously wrong memory regions when - copying memory to/from the kernel (via copy_to_user() and -@@ -178,10 +204,36 @@ config HARDENED_USERCOPY_PAGESPAN - config FORTIFY_SOURCE - bool "Harden common str/mem functions against buffer overflows" - depends on ARCH_HAS_FORTIFY_SOURCE -+ default y - help - Detect overflows of buffers in common string and memory functions - where the compiler can determine and validate the buffer sizes. - -+config FORTIFY_SOURCE_STRICT_STRING -+ bool "Harden common functions against buffer overflows" -+ depends on FORTIFY_SOURCE -+ depends on EXPERT -+ help -+ Perform stricter overflow checks catching overflows within objects -+ for common C string functions rather than only between objects. -+ -+ This is not yet intended for production use, only bug finding. -+ -+config PAGE_SANITIZE -+ bool "Sanitize pages" -+ default y -+ help -+ Zero fill page allocations on free, reducing the lifetime of -+ sensitive data and helping to mitigate use-after-free bugs. -+ -+config PAGE_SANITIZE_VERIFY -+ bool "Verify sanitized pages" -+ depends on PAGE_SANITIZE -+ default y -+ help -+ Verify that newly allocated pages are zeroed to detect -+ write-after-free bugs. -+ - config STATIC_USERMODEHELPER - bool "Force all usermode helper calls through a single binary" - help -diff --git a/security/selinux/Kconfig b/security/selinux/Kconfig -index 8af7a690eb40..6539694b0fd3 100644 ---- a/security/selinux/Kconfig -+++ b/security/selinux/Kconfig -@@ -2,7 +2,7 @@ config SECURITY_SELINUX - bool "NSA SELinux Support" - depends on SECURITY_NETWORK && AUDIT && NET && INET - select NETWORK_SECMARK -- default n -+ default y - help - This selects NSA Security-Enhanced Linux (SELinux). - You will also need a policy configuration and a labeled filesystem. -@@ -79,23 +79,3 @@ config SECURITY_SELINUX_AVC_STATS - This option collects access vector cache statistics to - /selinux/avc/cache_stats, which may be monitored via - tools such as avcstat. -- --config SECURITY_SELINUX_CHECKREQPROT_VALUE -- int "NSA SELinux checkreqprot default value" -- depends on SECURITY_SELINUX -- range 0 1 -- default 0 -- help -- This option sets the default value for the 'checkreqprot' flag -- that determines whether SELinux checks the protection requested -- by the application or the protection that will be applied by the -- kernel (including any implied execute for read-implies-exec) for -- mmap and mprotect calls. If this option is set to 0 (zero), -- SELinux will default to checking the protection that will be applied -- by the kernel. If this option is set to 1 (one), SELinux will -- default to checking the protection requested by the application. -- The checkreqprot flag may be changed from the default via the -- 'checkreqprot=' boot parameter. It may also be changed at runtime -- via /selinux/checkreqprot if authorized by policy. -- -- If you are unsure how to answer this question, answer 0. -diff --git a/security/selinux/include/objsec.h b/security/selinux/include/objsec.h -index 1649cd18eb0b..067f35559aa7 100644 ---- a/security/selinux/include/objsec.h -+++ b/security/selinux/include/objsec.h -@@ -150,6 +150,6 @@ struct pkey_security_struct { - u32 sid; /* SID of pkey */ - }; - --extern unsigned int selinux_checkreqprot; -+extern const unsigned int selinux_checkreqprot; - - #endif /* _SELINUX_OBJSEC_H_ */ -diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c -index 00eed842c491..8f7b8d7e6f91 100644 ---- a/security/selinux/selinuxfs.c -+++ b/security/selinux/selinuxfs.c -@@ -41,16 +41,7 @@ - #include "objsec.h" - #include "conditional.h" - --unsigned int selinux_checkreqprot = CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE; -- --static int __init checkreqprot_setup(char *str) --{ -- unsigned long checkreqprot; -- if (!kstrtoul(str, 0, &checkreqprot)) -- selinux_checkreqprot = checkreqprot ? 1 : 0; -- return 1; --} --__setup("checkreqprot=", checkreqprot_setup); -+const unsigned int selinux_checkreqprot; - - static DEFINE_MUTEX(sel_mutex); - -@@ -610,10 +601,9 @@ static ssize_t sel_write_checkreqprot(struct file *file, const char __user *buf, - return PTR_ERR(page); - - length = -EINVAL; -- if (sscanf(page, "%u", &new_value) != 1) -+ if (sscanf(page, "%u", &new_value) != 1 || new_value) - goto out; - -- selinux_checkreqprot = new_value ? 1 : 0; - length = count; - out: - kfree(page); -diff --git a/security/yama/Kconfig b/security/yama/Kconfig -index 96b27405558a..485c1b85c325 100644 ---- a/security/yama/Kconfig -+++ b/security/yama/Kconfig -@@ -1,7 +1,7 @@ - config SECURITY_YAMA - bool "Yama support" - depends on SECURITY -- default n -+ default y - help - This selects Yama, which extends DAC support with additional - system-wide security settings beyond regular Linux discretionary diff --git a/pkgs/os-specific/linux/kernel/copperhead-4-16.patch b/pkgs/os-specific/linux/kernel/copperhead-4-16.patch deleted file mode 100644 index f0a4bc94034..00000000000 --- a/pkgs/os-specific/linux/kernel/copperhead-4-16.patch +++ /dev/null @@ -1,2571 +0,0 @@ -diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt -index 9824d049367e..6ff72316ff0a 100644 ---- a/Documentation/admin-guide/kernel-parameters.txt -+++ b/Documentation/admin-guide/kernel-parameters.txt -@@ -496,16 +496,6 @@ - nosocket -- Disable socket memory accounting. - nokmem -- Disable kernel memory accounting. - -- checkreqprot [SELINUX] Set initial checkreqprot flag value. -- Format: { "0" | "1" } -- See security/selinux/Kconfig help text. -- 0 -- check protection applied by kernel (includes -- any implied execute protection). -- 1 -- check protection requested by application. -- Default value is set via a kernel config option. -- Value can be changed at runtime via -- /selinux/checkreqprot. -- - cio_ignore= [S390] - See Documentation/s390/CommonIO for details. - clk_ignore_unused -@@ -2946,6 +2936,11 @@ - the specified number of seconds. This is to be used if - your oopses keep scrolling off the screen. - -+ extra_latent_entropy -+ Enable a very simple form of latent entropy extraction -+ from the first 4GB of memory as the bootmem allocator -+ passes the memory pages to the buddy allocator. -+ - pcbit= [HW,ISDN] - - pcd. [PARIDE] -diff --git a/Makefile b/Makefile -index ded9e8480d74..2e948bb78142 100644 ---- a/Makefile -+++ b/Makefile -@@ -734,6 +734,9 @@ endif - endif - - ifeq ($(cc-name),clang) -+ifdef CONFIG_LOCAL_INIT -+KBUILD_CFLAGS += -fsanitize=local-init -+endif - KBUILD_CPPFLAGS += $(call cc-option,-Qunused-arguments,) - KBUILD_CFLAGS += $(call cc-disable-warning, format-invalid-specifier) - KBUILD_CFLAGS += $(call cc-disable-warning, gnu) -diff --git a/arch/Kconfig b/arch/Kconfig -index 76c0b54443b1..63a2d30f807f 100644 ---- a/arch/Kconfig -+++ b/arch/Kconfig -@@ -454,6 +454,11 @@ config GCC_PLUGIN_LATENT_ENTROPY - is some slowdown of the boot process (about 0.5%) and fork and - irq processing. - -+ When extra_latent_entropy is passed on the kernel command line, -+ entropy will be extracted from up to the first 4GB of RAM while the -+ runtime memory allocator is being initialized. This costs even more -+ slowdown of the boot process. -+ - Note that entropy extracted this way is not cryptographically - secure! - -@@ -747,7 +752,7 @@ config ARCH_MMAP_RND_BITS - int "Number of bits to use for ASLR of mmap base address" if EXPERT - range ARCH_MMAP_RND_BITS_MIN ARCH_MMAP_RND_BITS_MAX - default ARCH_MMAP_RND_BITS_DEFAULT if ARCH_MMAP_RND_BITS_DEFAULT -- default ARCH_MMAP_RND_BITS_MIN -+ default ARCH_MMAP_RND_BITS_MAX - depends on HAVE_ARCH_MMAP_RND_BITS - help - This value can be used to select the number of bits to use to -@@ -781,7 +786,7 @@ config ARCH_MMAP_RND_COMPAT_BITS - int "Number of bits to use for ASLR of mmap base address for compatible applications" if EXPERT - range ARCH_MMAP_RND_COMPAT_BITS_MIN ARCH_MMAP_RND_COMPAT_BITS_MAX - default ARCH_MMAP_RND_COMPAT_BITS_DEFAULT if ARCH_MMAP_RND_COMPAT_BITS_DEFAULT -- default ARCH_MMAP_RND_COMPAT_BITS_MIN -+ default ARCH_MMAP_RND_COMPAT_BITS_MAX - depends on HAVE_ARCH_MMAP_RND_COMPAT_BITS - help - This value can be used to select the number of bits to use to -@@ -968,6 +973,7 @@ config ARCH_HAS_REFCOUNT - - config REFCOUNT_FULL - bool "Perform full reference count validation at the expense of speed" -+ default y - help - Enabling this switches the refcounting infrastructure from a fast - unchecked atomic_t implementation to a fully state checked -diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig -index be665760f2bd..5fb9026c9762 100644 ---- a/arch/arm64/Kconfig -+++ b/arch/arm64/Kconfig -@@ -988,6 +988,7 @@ endif - - config ARM64_SW_TTBR0_PAN - bool "Emulate Privileged Access Never using TTBR0_EL1 switching" -+ default y - help - Enabling this option prevents the kernel from accessing - user-space memory directly by pointing TTBR0_EL1 to a reserved -@@ -1141,6 +1142,7 @@ config RANDOMIZE_BASE - bool "Randomize the address of the kernel image" - select ARM64_MODULE_PLTS if MODULES - select RELOCATABLE -+ default y - help - Randomizes the virtual address at which the kernel image is - loaded, as a security feature that deters exploit attempts -diff --git a/arch/arm64/Kconfig.debug b/arch/arm64/Kconfig.debug -index cc6bd559af85..01d5442d4722 100644 ---- a/arch/arm64/Kconfig.debug -+++ b/arch/arm64/Kconfig.debug -@@ -45,6 +45,7 @@ config ARM64_RANDOMIZE_TEXT_OFFSET - config DEBUG_WX - bool "Warn on W+X mappings at boot" - select ARM64_PTDUMP_CORE -+ default y - ---help--- - Generate a warning if any W+X mappings are found at boot. - -diff --git a/arch/arm64/configs/defconfig b/arch/arm64/configs/defconfig -index 634b373785c4..5b255a6db6a7 100644 ---- a/arch/arm64/configs/defconfig -+++ b/arch/arm64/configs/defconfig -@@ -1,4 +1,3 @@ --CONFIG_SYSVIPC=y - CONFIG_POSIX_MQUEUE=y - CONFIG_AUDIT=y - CONFIG_NO_HZ_IDLE=y -diff --git a/arch/arm64/include/asm/elf.h b/arch/arm64/include/asm/elf.h -index fac1c4de7898..34786ca166e4 100644 ---- a/arch/arm64/include/asm/elf.h -+++ b/arch/arm64/include/asm/elf.h -@@ -114,10 +114,10 @@ - - /* - * This is the base location for PIE (ET_DYN with INTERP) loads. On -- * 64-bit, this is above 4GB to leave the entire 32-bit address -+ * 64-bit, this is raised to 4GB to leave the entire 32-bit address - * space open for things that want to use the area for 32-bit pointers. - */ --#define ELF_ET_DYN_BASE (2 * TASK_SIZE_64 / 3) -+#define ELF_ET_DYN_BASE 0x100000000UL - - #ifndef __ASSEMBLY__ - -@@ -158,10 +158,10 @@ extern int arch_setup_additional_pages(struct linux_binprm *bprm, - /* 1GB of VA */ - #ifdef CONFIG_COMPAT - #define STACK_RND_MASK (test_thread_flag(TIF_32BIT) ? \ -- 0x7ff >> (PAGE_SHIFT - 12) : \ -- 0x3ffff >> (PAGE_SHIFT - 12)) -+ ((1UL << mmap_rnd_compat_bits) - 1) >> (PAGE_SHIFT - 12) : \ -+ ((1UL << mmap_rnd_bits) - 1) >> (PAGE_SHIFT - 12)) - #else --#define STACK_RND_MASK (0x3ffff >> (PAGE_SHIFT - 12)) -+#define STACK_RND_MASK (((1UL << mmap_rnd_bits) - 1) >> (PAGE_SHIFT - 12)) - #endif - - #ifdef __AARCH64EB__ -diff --git a/arch/arm64/kernel/process.c b/arch/arm64/kernel/process.c -index c0da6efe5465..f308b521c114 100644 ---- a/arch/arm64/kernel/process.c -+++ b/arch/arm64/kernel/process.c -@@ -481,9 +481,9 @@ unsigned long arch_align_stack(unsigned long sp) - unsigned long arch_randomize_brk(struct mm_struct *mm) - { - if (is_compat_task()) -- return randomize_page(mm->brk, SZ_32M); -+ return mm->brk + get_random_long() % SZ_32M + PAGE_SIZE; - else -- return randomize_page(mm->brk, SZ_1G); -+ return mm->brk + get_random_long() % SZ_1G + PAGE_SIZE; - } - - /* -diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig -index 0fa71a78ec99..d78d44944374 100644 ---- a/arch/x86/Kconfig -+++ b/arch/x86/Kconfig -@@ -1208,8 +1208,7 @@ config VM86 - default X86_LEGACY_VM86 - - config X86_16BIT -- bool "Enable support for 16-bit segments" if EXPERT -- default y -+ bool "Enable support for 16-bit segments" - depends on MODIFY_LDT_SYSCALL - ---help--- - This option is required by programs like Wine to run 16-bit -@@ -2299,7 +2298,7 @@ config COMPAT_VDSO - choice - prompt "vsyscall table for legacy applications" - depends on X86_64 -- default LEGACY_VSYSCALL_EMULATE -+ default LEGACY_VSYSCALL_NONE - help - Legacy user code that does not know how to find the vDSO expects - to be able to issue three syscalls by calling fixed addresses in -@@ -2380,8 +2379,7 @@ config CMDLINE_OVERRIDE - be set to 'N' under normal conditions. - - config MODIFY_LDT_SYSCALL -- bool "Enable the LDT (local descriptor table)" if EXPERT -- default y -+ bool "Enable the LDT (local descriptor table)" - ---help--- - Linux can allow user programs to install a per-process x86 - Local Descriptor Table (LDT) using the modify_ldt(2) system -diff --git a/arch/x86/Kconfig.debug b/arch/x86/Kconfig.debug -index 192e4d2f9efc..343c2f1b13da 100644 ---- a/arch/x86/Kconfig.debug -+++ b/arch/x86/Kconfig.debug -@@ -101,6 +101,7 @@ config EFI_PGT_DUMP - config DEBUG_WX - bool "Warn on W+X mappings at boot" - select X86_PTDUMP_CORE -+ default y - ---help--- - Generate a warning if any W+X mappings are found at boot. - -diff --git a/arch/x86/configs/x86_64_defconfig b/arch/x86/configs/x86_64_defconfig -index e32fc1f274d8..d08acc76502a 100644 ---- a/arch/x86/configs/x86_64_defconfig -+++ b/arch/x86/configs/x86_64_defconfig -@@ -1,5 +1,4 @@ - # CONFIG_LOCALVERSION_AUTO is not set --CONFIG_SYSVIPC=y - CONFIG_POSIX_MQUEUE=y - CONFIG_BSD_PROCESS_ACCT=y - CONFIG_TASKSTATS=y -diff --git a/arch/x86/entry/vdso/vma.c b/arch/x86/entry/vdso/vma.c -index 5b8b556dbb12..a569f08b4478 100644 ---- a/arch/x86/entry/vdso/vma.c -+++ b/arch/x86/entry/vdso/vma.c -@@ -204,55 +204,9 @@ static int map_vdso(const struct vdso_image *image, unsigned long addr) - } - - #ifdef CONFIG_X86_64 --/* -- * Put the vdso above the (randomized) stack with another randomized -- * offset. This way there is no hole in the middle of address space. -- * To save memory make sure it is still in the same PTE as the stack -- * top. This doesn't give that many random bits. -- * -- * Note that this algorithm is imperfect: the distribution of the vdso -- * start address within a PMD is biased toward the end. -- * -- * Only used for the 64-bit and x32 vdsos. -- */ --static unsigned long vdso_addr(unsigned long start, unsigned len) --{ -- unsigned long addr, end; -- unsigned offset; -- -- /* -- * Round up the start address. It can start out unaligned as a result -- * of stack start randomization. -- */ -- start = PAGE_ALIGN(start); -- -- /* Round the lowest possible end address up to a PMD boundary. */ -- end = (start + len + PMD_SIZE - 1) & PMD_MASK; -- if (end >= TASK_SIZE_MAX) -- end = TASK_SIZE_MAX; -- end -= len; -- -- if (end > start) { -- offset = get_random_int() % (((end - start) >> PAGE_SHIFT) + 1); -- addr = start + (offset << PAGE_SHIFT); -- } else { -- addr = start; -- } -- -- /* -- * Forcibly align the final address in case we have a hardware -- * issue that requires alignment for performance reasons. -- */ -- addr = align_vdso_addr(addr); -- -- return addr; --} -- - static int map_vdso_randomized(const struct vdso_image *image) - { -- unsigned long addr = vdso_addr(current->mm->start_stack, image->size-image->sym_vvar_start); -- -- return map_vdso(image, addr); -+ return map_vdso(image, 0); - } - #endif - -diff --git a/arch/x86/include/asm/elf.h b/arch/x86/include/asm/elf.h -index 0d157d2a1e2a..770c8ae97f92 100644 ---- a/arch/x86/include/asm/elf.h -+++ b/arch/x86/include/asm/elf.h -@@ -249,11 +249,11 @@ extern int force_personality32; - - /* - * This is the base location for PIE (ET_DYN with INTERP) loads. On -- * 64-bit, this is above 4GB to leave the entire 32-bit address -+ * 64-bit, this is raised to 4GB to leave the entire 32-bit address - * space open for things that want to use the area for 32-bit pointers. - */ - #define ELF_ET_DYN_BASE (mmap_is_ia32() ? 0x000400000UL : \ -- (DEFAULT_MAP_WINDOW / 3 * 2)) -+ 0x100000000UL) - - /* This yields a mask that user programs can use to figure out what - instruction set this CPU supports. This could be done in user space, -@@ -313,8 +313,8 @@ extern bool mmap_address_hint_valid(unsigned long addr, unsigned long len); - - #ifdef CONFIG_X86_32 - --#define __STACK_RND_MASK(is32bit) (0x7ff) --#define STACK_RND_MASK (0x7ff) -+#define __STACK_RND_MASK(is32bit) ((1UL << mmap_rnd_bits) - 1) -+#define STACK_RND_MASK ((1UL << mmap_rnd_bits) - 1) - - #define ARCH_DLINFO ARCH_DLINFO_IA32 - -@@ -323,7 +323,11 @@ extern bool mmap_address_hint_valid(unsigned long addr, unsigned long len); - #else /* CONFIG_X86_32 */ - - /* 1GB for 64bit, 8MB for 32bit */ --#define __STACK_RND_MASK(is32bit) ((is32bit) ? 0x7ff : 0x3fffff) -+#ifdef CONFIG_COMPAT -+#define __STACK_RND_MASK(is32bit) ((is32bit) ? (1UL << mmap_rnd_compat_bits) - 1 : (1UL << mmap_rnd_bits) - 1) -+#else -+#define __STACK_RND_MASK(is32bit) ((1UL << mmap_rnd_bits) - 1) -+#endif - #define STACK_RND_MASK __STACK_RND_MASK(mmap_is_ia32()) - - #define ARCH_DLINFO \ -@@ -381,5 +385,4 @@ struct va_alignment { - } ____cacheline_aligned; - - extern struct va_alignment va_align; --extern unsigned long align_vdso_addr(unsigned long); - #endif /* _ASM_X86_ELF_H */ -diff --git a/arch/x86/include/asm/tlbflush.h b/arch/x86/include/asm/tlbflush.h -index 84137c22fdfa..4f197404cab9 100644 ---- a/arch/x86/include/asm/tlbflush.h -+++ b/arch/x86/include/asm/tlbflush.h -@@ -261,6 +261,7 @@ static inline void cr4_set_bits(unsigned long mask) - - local_irq_save(flags); - cr4 = this_cpu_read(cpu_tlbstate.cr4); -+ BUG_ON(cr4 != __read_cr4()); - if ((cr4 | mask) != cr4) - __cr4_set(cr4 | mask); - local_irq_restore(flags); -@@ -273,6 +274,7 @@ static inline void cr4_clear_bits(unsigned long mask) - - local_irq_save(flags); - cr4 = this_cpu_read(cpu_tlbstate.cr4); -+ BUG_ON(cr4 != __read_cr4()); - if ((cr4 & ~mask) != cr4) - __cr4_set(cr4 & ~mask); - local_irq_restore(flags); -@@ -283,6 +285,7 @@ static inline void cr4_toggle_bits_irqsoff(unsigned long mask) - unsigned long cr4; - - cr4 = this_cpu_read(cpu_tlbstate.cr4); -+ BUG_ON(cr4 != __read_cr4()); - __cr4_set(cr4 ^ mask); - } - -@@ -389,6 +392,7 @@ static inline void __native_flush_tlb_global(void) - raw_local_irq_save(flags); - - cr4 = this_cpu_read(cpu_tlbstate.cr4); -+ BUG_ON(cr4 != __read_cr4()); - /* toggle PGE */ - native_write_cr4(cr4 ^ X86_CR4_PGE); - /* write old PGE again and flush TLBs */ -diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c -index 5f74f94244e1..9c9fdb5ef52e 100644 ---- a/arch/x86/kernel/cpu/common.c -+++ b/arch/x86/kernel/cpu/common.c -@@ -1662,7 +1662,6 @@ void cpu_init(void) - wrmsrl(MSR_KERNEL_GS_BASE, 0); - barrier(); - -- x86_configure_nx(); - x2apic_setup(); - - /* -diff --git a/arch/x86/kernel/process.c b/arch/x86/kernel/process.c -index 30ca2d1a9231..bde0a18cd9f9 100644 ---- a/arch/x86/kernel/process.c -+++ b/arch/x86/kernel/process.c -@@ -39,6 +39,8 @@ - #include - #include - #include -+#include -+#include - - /* - * per-CPU TSS segments. Threads are completely 'soft' on Linux, -@@ -718,7 +720,10 @@ unsigned long arch_align_stack(unsigned long sp) - - unsigned long arch_randomize_brk(struct mm_struct *mm) - { -- return randomize_page(mm->brk, 0x02000000); -+ if (mmap_is_ia32()) -+ return mm->brk + get_random_long() % SZ_32M + PAGE_SIZE; -+ else -+ return mm->brk + get_random_long() % SZ_1G + PAGE_SIZE; - } - - /* -diff --git a/arch/x86/kernel/sys_x86_64.c b/arch/x86/kernel/sys_x86_64.c -index 676774b9bb8d..5ad7a95382b0 100644 ---- a/arch/x86/kernel/sys_x86_64.c -+++ b/arch/x86/kernel/sys_x86_64.c -@@ -54,13 +54,6 @@ static unsigned long get_align_bits(void) - return va_align.bits & get_align_mask(); - } - --unsigned long align_vdso_addr(unsigned long addr) --{ -- unsigned long align_mask = get_align_mask(); -- addr = (addr + align_mask) & ~align_mask; -- return addr | get_align_bits(); --} -- - static int __init control_va_addr_alignment(char *str) - { - /* guard against enabling this on other CPU families */ -@@ -122,10 +115,7 @@ static void find_start_end(unsigned long addr, unsigned long flags, - } - - *begin = get_mmap_base(1); -- if (in_compat_syscall()) -- *end = task_size_32bit(); -- else -- *end = task_size_64bit(addr > DEFAULT_MAP_WINDOW); -+ *end = get_mmap_base(0); - } - - unsigned long -@@ -210,7 +200,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, - - info.flags = VM_UNMAPPED_AREA_TOPDOWN; - info.length = len; -- info.low_limit = PAGE_SIZE; -+ info.low_limit = get_mmap_base(1); - info.high_limit = get_mmap_base(0); - - /* -diff --git a/arch/x86/mm/init_32.c b/arch/x86/mm/init_32.c -index 396e1f0151ac..6526b19579dc 100644 ---- a/arch/x86/mm/init_32.c -+++ b/arch/x86/mm/init_32.c -@@ -558,7 +558,7 @@ static void __init pagetable_init(void) - permanent_kmaps_init(pgd_base); - } - --pteval_t __supported_pte_mask __read_mostly = ~(_PAGE_NX | _PAGE_GLOBAL); -+pteval_t __supported_pte_mask __ro_after_init = ~(_PAGE_NX | _PAGE_GLOBAL); - EXPORT_SYMBOL_GPL(__supported_pte_mask); - - /* user-defined highmem size */ -@@ -866,7 +866,7 @@ int arch_remove_memory(u64 start, u64 size, struct vmem_altmap *altmap) - #endif - #endif - --int kernel_set_to_readonly __read_mostly; -+int kernel_set_to_readonly __ro_after_init; - - void set_kernel_text_rw(void) - { -@@ -918,12 +918,11 @@ void mark_rodata_ro(void) - unsigned long start = PFN_ALIGN(_text); - unsigned long size = PFN_ALIGN(_etext) - start; - -+ kernel_set_to_readonly = 1; - set_pages_ro(virt_to_page(start), size >> PAGE_SHIFT); - printk(KERN_INFO "Write protecting the kernel text: %luk\n", - size >> 10); - -- kernel_set_to_readonly = 1; -- - #ifdef CONFIG_CPA_DEBUG - printk(KERN_INFO "Testing CPA: Reverting %lx-%lx\n", - start, start+size); -diff --git a/arch/x86/mm/init_64.c b/arch/x86/mm/init_64.c -index af11a2890235..b2d28d38c01e 100644 ---- a/arch/x86/mm/init_64.c -+++ b/arch/x86/mm/init_64.c -@@ -65,7 +65,7 @@ - * around without checking the pgd every time. - */ - --pteval_t __supported_pte_mask __read_mostly = ~0; -+pteval_t __supported_pte_mask __ro_after_init = ~0; - EXPORT_SYMBOL_GPL(__supported_pte_mask); - - int force_personality32; -@@ -1195,7 +1195,7 @@ void __init mem_init(void) - mem_init_print_info(NULL); - } - --int kernel_set_to_readonly; -+int kernel_set_to_readonly __ro_after_init; - - void set_kernel_text_rw(void) - { -@@ -1244,9 +1244,8 @@ void mark_rodata_ro(void) - - printk(KERN_INFO "Write protecting the kernel read-only data: %luk\n", - (end - start) >> 10); -- set_memory_ro(start, (end - start) >> PAGE_SHIFT); -- - kernel_set_to_readonly = 1; -+ set_memory_ro(start, (end - start) >> PAGE_SHIFT); - - /* - * The rodata/data/bss/brk section (but not the kernel text!) -diff --git a/block/blk-softirq.c b/block/blk-softirq.c -index 01e2b353a2b9..9aeddca4a29f 100644 ---- a/block/blk-softirq.c -+++ b/block/blk-softirq.c -@@ -20,7 +20,7 @@ static DEFINE_PER_CPU(struct list_head, blk_cpu_done); - * Softirq action handler - move entries to local list and loop over them - * while passing them to the queue registered handler. - */ --static __latent_entropy void blk_done_softirq(struct softirq_action *h) -+static __latent_entropy void blk_done_softirq(void) - { - struct list_head *cpu_list, local_list; - -diff --git a/drivers/ata/libata-core.c b/drivers/ata/libata-core.c -index 0df21f046fc6..6f8d9bf71bba 100644 ---- a/drivers/ata/libata-core.c -+++ b/drivers/ata/libata-core.c -@@ -5151,7 +5151,7 @@ void ata_qc_free(struct ata_queued_cmd *qc) - struct ata_port *ap; - unsigned int tag; - -- WARN_ON_ONCE(qc == NULL); /* ata_qc_from_tag _might_ return NULL */ -+ BUG_ON(qc == NULL); /* ata_qc_from_tag _might_ return NULL */ - ap = qc->ap; - - qc->flags = 0; -@@ -5168,7 +5168,7 @@ void __ata_qc_complete(struct ata_queued_cmd *qc) - struct ata_port *ap; - struct ata_link *link; - -- WARN_ON_ONCE(qc == NULL); /* ata_qc_from_tag _might_ return NULL */ -+ BUG_ON(qc == NULL); /* ata_qc_from_tag _might_ return NULL */ - WARN_ON_ONCE(!(qc->flags & ATA_QCFLAG_ACTIVE)); - ap = qc->ap; - link = qc->dev->link; -diff --git a/drivers/char/Kconfig b/drivers/char/Kconfig -index c28dca0c613d..d4813f0d25ca 100644 ---- a/drivers/char/Kconfig -+++ b/drivers/char/Kconfig -@@ -9,7 +9,6 @@ source "drivers/tty/Kconfig" - - config DEVMEM - bool "/dev/mem virtual device support" -- default y - help - Say Y here if you want to support the /dev/mem device. - The /dev/mem device is used to access areas of physical -@@ -568,7 +567,6 @@ config TELCLOCK - config DEVPORT - bool "/dev/port character device" - depends on ISA || PCI -- default y - help - Say Y here if you want to support the /dev/port device. The /dev/port - device is similar to /dev/mem, but for I/O ports. -diff --git a/drivers/tty/Kconfig b/drivers/tty/Kconfig -index b811442c5ce6..4f62a63cbcb1 100644 ---- a/drivers/tty/Kconfig -+++ b/drivers/tty/Kconfig -@@ -122,7 +122,6 @@ config UNIX98_PTYS - - config LEGACY_PTYS - bool "Legacy (BSD) PTY support" -- default y - ---help--- - A pseudo terminal (PTY) is a software device consisting of two - halves: a master and a slave. The slave device behaves identical to -diff --git a/drivers/usb/core/hub.c b/drivers/usb/core/hub.c -index 83c58a20d16f..32ef2e3a8482 100644 ---- a/drivers/usb/core/hub.c -+++ b/drivers/usb/core/hub.c -@@ -41,6 +41,8 @@ - #define USB_TP_TRANSMISSION_DELAY 40 /* ns */ - #define USB_TP_TRANSMISSION_DELAY_MAX 65535 /* ns */ - -+extern int deny_new_usb; -+ - /* Protect struct usb_device->state and ->children members - * Note: Both are also protected by ->dev.sem, except that ->state can - * change to USB_STATE_NOTATTACHED even when the semaphore isn't held. */ -@@ -4847,6 +4849,12 @@ static void hub_port_connect(struct usb_hub *hub, int port1, u16 portstatus, - goto done; - return; - } -+ -+ if (deny_new_usb) { -+ dev_err(&port_dev->dev, "denied insert of USB device on port %d\n", port1); -+ goto done; -+ } -+ - if (hub_is_superspeed(hub->hdev)) - unit_load = 150; - else -diff --git a/fs/exec.c b/fs/exec.c -index 7eb8d21bcab9..171f31b3bf05 100644 ---- a/fs/exec.c -+++ b/fs/exec.c -@@ -62,6 +62,7 @@ - #include - #include - #include -+#include - - #include - #include -@@ -321,6 +322,8 @@ static int __bprm_mm_init(struct linux_binprm *bprm) - arch_bprm_mm_init(mm, vma); - up_write(&mm->mmap_sem); - bprm->p = vma->vm_end - sizeof(void *); -+ if (randomize_va_space) -+ bprm->p ^= get_random_int() & ~PAGE_MASK; - return 0; - err: - up_write(&mm->mmap_sem); -diff --git a/fs/namei.c b/fs/namei.c -index b61d6aa9279d..255c2dc36189 100644 ---- a/fs/namei.c -+++ b/fs/namei.c -@@ -883,8 +883,8 @@ static inline void put_link(struct nameidata *nd) - path_put(&last->link); - } - --int sysctl_protected_symlinks __read_mostly = 0; --int sysctl_protected_hardlinks __read_mostly = 0; -+int sysctl_protected_symlinks __read_mostly = 1; -+int sysctl_protected_hardlinks __read_mostly = 1; - - /** - * may_follow_link - Check symlink following for unsafe situations -diff --git a/fs/nfs/Kconfig b/fs/nfs/Kconfig -index 5f93cfacb3d1..cea0d7d3b23e 100644 ---- a/fs/nfs/Kconfig -+++ b/fs/nfs/Kconfig -@@ -195,4 +195,3 @@ config NFS_DEBUG - bool - depends on NFS_FS && SUNRPC_DEBUG - select CRC32 -- default y -diff --git a/fs/proc/Kconfig b/fs/proc/Kconfig -index 1ade1206bb89..60b0f76dec47 100644 ---- a/fs/proc/Kconfig -+++ b/fs/proc/Kconfig -@@ -39,7 +39,6 @@ config PROC_KCORE - config PROC_VMCORE - bool "/proc/vmcore support" - depends on PROC_FS && CRASH_DUMP -- default y - help - Exports the dump image of crashed kernel in ELF format. - -diff --git a/fs/stat.c b/fs/stat.c -index 873785dae022..d3c2ada8b9c7 100644 ---- a/fs/stat.c -+++ b/fs/stat.c -@@ -40,8 +40,13 @@ void generic_fillattr(struct inode *inode, struct kstat *stat) - stat->gid = inode->i_gid; - stat->rdev = inode->i_rdev; - stat->size = i_size_read(inode); -- stat->atime = inode->i_atime; -- stat->mtime = inode->i_mtime; -+ if (is_sidechannel_device(inode) && !capable_noaudit(CAP_MKNOD)) { -+ stat->atime = inode->i_ctime; -+ stat->mtime = inode->i_ctime; -+ } else { -+ stat->atime = inode->i_atime; -+ stat->mtime = inode->i_mtime; -+ } - stat->ctime = inode->i_ctime; - stat->blksize = i_blocksize(inode); - stat->blocks = inode->i_blocks; -@@ -75,9 +80,14 @@ int vfs_getattr_nosec(const struct path *path, struct kstat *stat, - stat->result_mask |= STATX_BASIC_STATS; - request_mask &= STATX_ALL; - query_flags &= KSTAT_QUERY_FLAGS; -- if (inode->i_op->getattr) -- return inode->i_op->getattr(path, stat, request_mask, -- query_flags); -+ if (inode->i_op->getattr) { -+ int retval = inode->i_op->getattr(path, stat, request_mask, query_flags); -+ if (!retval && is_sidechannel_device(inode) && !capable_noaudit(CAP_MKNOD)) { -+ stat->atime = stat->ctime; -+ stat->mtime = stat->ctime; -+ } -+ return retval; -+ } - - generic_fillattr(inode, stat); - return 0; -diff --git a/include/linux/cache.h b/include/linux/cache.h -index 750621e41d1c..e7157c18c62c 100644 ---- a/include/linux/cache.h -+++ b/include/linux/cache.h -@@ -31,6 +31,8 @@ - #define __ro_after_init __attribute__((__section__(".data..ro_after_init"))) - #endif - -+#define __read_only __ro_after_init -+ - #ifndef ____cacheline_aligned - #define ____cacheline_aligned __attribute__((__aligned__(SMP_CACHE_BYTES))) - #endif -diff --git a/include/linux/capability.h b/include/linux/capability.h -index f640dcbc880c..2b4f5d651f19 100644 ---- a/include/linux/capability.h -+++ b/include/linux/capability.h -@@ -207,6 +207,7 @@ extern bool has_capability_noaudit(struct task_struct *t, int cap); - extern bool has_ns_capability_noaudit(struct task_struct *t, - struct user_namespace *ns, int cap); - extern bool capable(int cap); -+extern bool capable_noaudit(int cap); - extern bool ns_capable(struct user_namespace *ns, int cap); - extern bool ns_capable_noaudit(struct user_namespace *ns, int cap); - #else -@@ -232,6 +233,10 @@ static inline bool capable(int cap) - { - return true; - } -+static inline bool capable_noaudit(int cap) -+{ -+ return true; -+} - static inline bool ns_capable(struct user_namespace *ns, int cap) - { - return true; -diff --git a/include/linux/fs.h b/include/linux/fs.h -index c6baf767619e..31904f3d38a6 100644 ---- a/include/linux/fs.h -+++ b/include/linux/fs.h -@@ -3407,4 +3407,15 @@ static inline bool dir_relax_shared(struct inode *inode) - extern bool path_noexec(const struct path *path); - extern void inode_nohighmem(struct inode *inode); - -+extern int device_sidechannel_restrict; -+ -+static inline bool is_sidechannel_device(const struct inode *inode) -+{ -+ umode_t mode; -+ if (!device_sidechannel_restrict) -+ return false; -+ mode = inode->i_mode; -+ return ((S_ISCHR(mode) || S_ISBLK(mode)) && (mode & (S_IROTH | S_IWOTH))); -+} -+ - #endif /* _LINUX_FS_H */ -diff --git a/include/linux/fsnotify.h b/include/linux/fsnotify.h -index bdaf22582f6e..326ff15d4637 100644 ---- a/include/linux/fsnotify.h -+++ b/include/linux/fsnotify.h -@@ -181,6 +181,9 @@ static inline void fsnotify_access(struct file *file) - struct inode *inode = path->dentry->d_inode; - __u32 mask = FS_ACCESS; - -+ if (is_sidechannel_device(inode)) -+ return; -+ - if (S_ISDIR(inode->i_mode)) - mask |= FS_ISDIR; - -@@ -199,6 +202,9 @@ static inline void fsnotify_modify(struct file *file) - struct inode *inode = path->dentry->d_inode; - __u32 mask = FS_MODIFY; - -+ if (is_sidechannel_device(inode)) -+ return; -+ - if (S_ISDIR(inode->i_mode)) - mask |= FS_ISDIR; - -diff --git a/include/linux/gfp.h b/include/linux/gfp.h -index 1a4582b44d32..4d445a8fe7f2 100644 ---- a/include/linux/gfp.h -+++ b/include/linux/gfp.h -@@ -513,9 +513,9 @@ extern struct page *alloc_pages_vma(gfp_t gfp_mask, int order, - extern unsigned long __get_free_pages(gfp_t gfp_mask, unsigned int order); - extern unsigned long get_zeroed_page(gfp_t gfp_mask); - --void *alloc_pages_exact(size_t size, gfp_t gfp_mask); -+void *alloc_pages_exact(size_t size, gfp_t gfp_mask) __attribute__((alloc_size(1))); - void free_pages_exact(void *virt, size_t size); --void * __meminit alloc_pages_exact_nid(int nid, size_t size, gfp_t gfp_mask); -+void * __meminit alloc_pages_exact_nid(int nid, size_t size, gfp_t gfp_mask) __attribute__((alloc_size(1))); - - #define __get_free_page(gfp_mask) \ - __get_free_pages((gfp_mask), 0) -diff --git a/include/linux/highmem.h b/include/linux/highmem.h -index 776f90f3a1cd..3f5c47000059 100644 ---- a/include/linux/highmem.h -+++ b/include/linux/highmem.h -@@ -191,6 +191,13 @@ static inline void clear_highpage(struct page *page) - kunmap_atomic(kaddr); - } - -+static inline void verify_zero_highpage(struct page *page) -+{ -+ void *kaddr = kmap_atomic(page); -+ BUG_ON(memchr_inv(kaddr, 0, PAGE_SIZE)); -+ kunmap_atomic(kaddr); -+} -+ - static inline void zero_user_segments(struct page *page, - unsigned start1, unsigned end1, - unsigned start2, unsigned end2) -diff --git a/include/linux/interrupt.h b/include/linux/interrupt.h -index 69c238210325..ee487ea4f48f 100644 ---- a/include/linux/interrupt.h -+++ b/include/linux/interrupt.h -@@ -485,7 +485,7 @@ extern const char * const softirq_to_name[NR_SOFTIRQS]; - - struct softirq_action - { -- void (*action)(struct softirq_action *); -+ void (*action)(void); - }; - - asmlinkage void do_softirq(void); -@@ -500,7 +500,7 @@ static inline void do_softirq_own_stack(void) - } - #endif - --extern void open_softirq(int nr, void (*action)(struct softirq_action *)); -+extern void __init open_softirq(int nr, void (*action)(void)); - extern void softirq_init(void); - extern void __raise_softirq_irqoff(unsigned int nr); - -diff --git a/include/linux/kobject_ns.h b/include/linux/kobject_ns.h -index 069aa2ebef90..cb9e3637a620 100644 ---- a/include/linux/kobject_ns.h -+++ b/include/linux/kobject_ns.h -@@ -45,7 +45,7 @@ struct kobj_ns_type_operations { - void (*drop_ns)(void *); - }; - --int kobj_ns_type_register(const struct kobj_ns_type_operations *ops); -+int __init kobj_ns_type_register(const struct kobj_ns_type_operations *ops); - int kobj_ns_type_registered(enum kobj_ns_type type); - const struct kobj_ns_type_operations *kobj_child_ns_ops(struct kobject *parent); - const struct kobj_ns_type_operations *kobj_ns_ops(struct kobject *kobj); -diff --git a/include/linux/mm.h b/include/linux/mm.h -index a4e9bdbec490..0fe7ebd0f462 100644 ---- a/include/linux/mm.h -+++ b/include/linux/mm.h -@@ -535,7 +535,7 @@ static inline int is_vmalloc_or_module_addr(const void *x) - } - #endif - --extern void *kvmalloc_node(size_t size, gfp_t flags, int node); -+extern void *kvmalloc_node(size_t size, gfp_t flags, int node) __attribute__((alloc_size(1))); - static inline void *kvmalloc(size_t size, gfp_t flags) - { - return kvmalloc_node(size, flags, NUMA_NO_NODE); -diff --git a/include/linux/percpu.h b/include/linux/percpu.h -index 296bbe49d5d1..b26652c9a98d 100644 ---- a/include/linux/percpu.h -+++ b/include/linux/percpu.h -@@ -129,7 +129,7 @@ extern int __init pcpu_page_first_chunk(size_t reserved_size, - pcpu_fc_populate_pte_fn_t populate_pte_fn); - #endif - --extern void __percpu *__alloc_reserved_percpu(size_t size, size_t align); -+extern void __percpu *__alloc_reserved_percpu(size_t size, size_t align) __attribute__((alloc_size(1))); - extern bool __is_kernel_percpu_address(unsigned long addr, unsigned long *can_addr); - extern bool is_kernel_percpu_address(unsigned long addr); - -@@ -137,8 +137,8 @@ extern bool is_kernel_percpu_address(unsigned long addr); - extern void __init setup_per_cpu_areas(void); - #endif - --extern void __percpu *__alloc_percpu_gfp(size_t size, size_t align, gfp_t gfp); --extern void __percpu *__alloc_percpu(size_t size, size_t align); -+extern void __percpu *__alloc_percpu_gfp(size_t size, size_t align, gfp_t gfp) __attribute__((alloc_size(1))); -+extern void __percpu *__alloc_percpu(size_t size, size_t align) __attribute__((alloc_size(1))); - extern void free_percpu(void __percpu *__pdata); - extern phys_addr_t per_cpu_ptr_to_phys(void *addr); - -diff --git a/include/linux/perf_event.h b/include/linux/perf_event.h -index 7546822a1d74..320033b310d2 100644 ---- a/include/linux/perf_event.h -+++ b/include/linux/perf_event.h -@@ -1151,6 +1151,11 @@ extern int perf_cpu_time_max_percent_handler(struct ctl_table *table, int write, - int perf_event_max_stack_handler(struct ctl_table *table, int write, - void __user *buffer, size_t *lenp, loff_t *ppos); - -+static inline bool perf_paranoid_any(void) -+{ -+ return sysctl_perf_event_paranoid > 2; -+} -+ - static inline bool perf_paranoid_tracepoint_raw(void) - { - return sysctl_perf_event_paranoid > -1; -diff --git a/include/linux/slab.h b/include/linux/slab.h -index 231abc8976c5..b0bf5d4a4934 100644 ---- a/include/linux/slab.h -+++ b/include/linux/slab.h -@@ -177,8 +177,8 @@ void memcg_destroy_kmem_caches(struct mem_cgroup *); - /* - * Common kmalloc functions provided by all allocators - */ --void * __must_check __krealloc(const void *, size_t, gfp_t); --void * __must_check krealloc(const void *, size_t, gfp_t); -+void * __must_check __krealloc(const void *, size_t, gfp_t) __attribute__((alloc_size(2))); -+void * __must_check krealloc(const void *, size_t, gfp_t) __attribute((alloc_size(2))); - void kfree(const void *); - void kzfree(const void *); - size_t ksize(const void *); -@@ -351,7 +351,7 @@ static __always_inline int kmalloc_index(size_t size) - } - #endif /* !CONFIG_SLOB */ - --void *__kmalloc(size_t size, gfp_t flags) __assume_kmalloc_alignment __malloc; -+void *__kmalloc(size_t size, gfp_t flags) __assume_kmalloc_alignment __malloc __attribute__((alloc_size(1))); - void *kmem_cache_alloc(struct kmem_cache *, gfp_t flags) __assume_slab_alignment __malloc; - void kmem_cache_free(struct kmem_cache *, void *); - -@@ -375,7 +375,7 @@ static __always_inline void kfree_bulk(size_t size, void **p) - } - - #ifdef CONFIG_NUMA --void *__kmalloc_node(size_t size, gfp_t flags, int node) __assume_kmalloc_alignment __malloc; -+void *__kmalloc_node(size_t size, gfp_t flags, int node) __assume_kmalloc_alignment __malloc __attribute__((alloc_size(1))); - void *kmem_cache_alloc_node(struct kmem_cache *, gfp_t flags, int node) __assume_slab_alignment __malloc; - #else - static __always_inline void *__kmalloc_node(size_t size, gfp_t flags, int node) -@@ -497,7 +497,7 @@ static __always_inline void *kmalloc_large(size_t size, gfp_t flags) - * for general use, and so are not documented here. For a full list of - * potential flags, always refer to linux/gfp.h. - */ --static __always_inline void *kmalloc(size_t size, gfp_t flags) -+static __always_inline __attribute__((alloc_size(1))) void *kmalloc(size_t size, gfp_t flags) - { - if (__builtin_constant_p(size)) { - if (size > KMALLOC_MAX_CACHE_SIZE) -@@ -537,7 +537,7 @@ static __always_inline int kmalloc_size(int n) - return 0; - } - --static __always_inline void *kmalloc_node(size_t size, gfp_t flags, int node) -+static __always_inline __attribute__((alloc_size(1))) void *kmalloc_node(size_t size, gfp_t flags, int node) - { - #ifndef CONFIG_SLOB - if (__builtin_constant_p(size) && -diff --git a/include/linux/slub_def.h b/include/linux/slub_def.h -index 8ad99c47b19c..91fea0d0db3b 100644 ---- a/include/linux/slub_def.h -+++ b/include/linux/slub_def.h -@@ -120,6 +120,11 @@ struct kmem_cache { - unsigned long random; - #endif - -+#ifdef CONFIG_SLAB_CANARY -+ unsigned long random_active; -+ unsigned long random_inactive; -+#endif -+ - #ifdef CONFIG_NUMA - /* - * Defragmentation by allocating from a remote node. -diff --git a/include/linux/string.h b/include/linux/string.h -index dd39a690c841..00d16d874c0a 100644 ---- a/include/linux/string.h -+++ b/include/linux/string.h -@@ -235,10 +235,16 @@ void __read_overflow2(void) __compiletime_error("detected read beyond size of ob - void __read_overflow3(void) __compiletime_error("detected read beyond size of object passed as 3rd parameter"); - void __write_overflow(void) __compiletime_error("detected write beyond size of object passed as 1st parameter"); - -+#ifdef CONFIG_FORTIFY_SOURCE_STRICT_STRING -+#define __string_size(p) __builtin_object_size(p, 1) -+#else -+#define __string_size(p) __builtin_object_size(p, 0) -+#endif -+ - #if !defined(__NO_FORTIFY) && defined(__OPTIMIZE__) && defined(CONFIG_FORTIFY_SOURCE) - __FORTIFY_INLINE char *strncpy(char *p, const char *q, __kernel_size_t size) - { -- size_t p_size = __builtin_object_size(p, 0); -+ size_t p_size = __string_size(p); - if (__builtin_constant_p(size) && p_size < size) - __write_overflow(); - if (p_size < size) -@@ -248,7 +254,7 @@ __FORTIFY_INLINE char *strncpy(char *p, const char *q, __kernel_size_t size) - - __FORTIFY_INLINE char *strcat(char *p, const char *q) - { -- size_t p_size = __builtin_object_size(p, 0); -+ size_t p_size = __string_size(p); - if (p_size == (size_t)-1) - return __builtin_strcat(p, q); - if (strlcat(p, q, p_size) >= p_size) -@@ -259,7 +265,7 @@ __FORTIFY_INLINE char *strcat(char *p, const char *q) - __FORTIFY_INLINE __kernel_size_t strlen(const char *p) - { - __kernel_size_t ret; -- size_t p_size = __builtin_object_size(p, 0); -+ size_t p_size = __string_size(p); - - /* Work around gcc excess stack consumption issue */ - if (p_size == (size_t)-1 || -@@ -274,7 +280,7 @@ __FORTIFY_INLINE __kernel_size_t strlen(const char *p) - extern __kernel_size_t __real_strnlen(const char *, __kernel_size_t) __RENAME(strnlen); - __FORTIFY_INLINE __kernel_size_t strnlen(const char *p, __kernel_size_t maxlen) - { -- size_t p_size = __builtin_object_size(p, 0); -+ size_t p_size = __string_size(p); - __kernel_size_t ret = __real_strnlen(p, maxlen < p_size ? maxlen : p_size); - if (p_size <= ret && maxlen != ret) - fortify_panic(__func__); -@@ -286,8 +292,8 @@ extern size_t __real_strlcpy(char *, const char *, size_t) __RENAME(strlcpy); - __FORTIFY_INLINE size_t strlcpy(char *p, const char *q, size_t size) - { - size_t ret; -- size_t p_size = __builtin_object_size(p, 0); -- size_t q_size = __builtin_object_size(q, 0); -+ size_t p_size = __string_size(p); -+ size_t q_size = __string_size(q); - if (p_size == (size_t)-1 && q_size == (size_t)-1) - return __real_strlcpy(p, q, size); - ret = strlen(q); -@@ -307,8 +313,8 @@ __FORTIFY_INLINE size_t strlcpy(char *p, const char *q, size_t size) - __FORTIFY_INLINE char *strncat(char *p, const char *q, __kernel_size_t count) - { - size_t p_len, copy_len; -- size_t p_size = __builtin_object_size(p, 0); -- size_t q_size = __builtin_object_size(q, 0); -+ size_t p_size = __string_size(p); -+ size_t q_size = __string_size(q); - if (p_size == (size_t)-1 && q_size == (size_t)-1) - return __builtin_strncat(p, q, count); - p_len = strlen(p); -@@ -421,8 +427,8 @@ __FORTIFY_INLINE void *kmemdup(const void *p, size_t size, gfp_t gfp) - /* defined after fortified strlen and memcpy to reuse them */ - __FORTIFY_INLINE char *strcpy(char *p, const char *q) - { -- size_t p_size = __builtin_object_size(p, 0); -- size_t q_size = __builtin_object_size(q, 0); -+ size_t p_size = __string_size(p); -+ size_t q_size = __string_size(q); - if (p_size == (size_t)-1 && q_size == (size_t)-1) - return __builtin_strcpy(p, q); - memcpy(p, q, strlen(q) + 1); -diff --git a/include/linux/vmalloc.h b/include/linux/vmalloc.h -index 1e5d8c392f15..66d0e49c9987 100644 ---- a/include/linux/vmalloc.h -+++ b/include/linux/vmalloc.h -@@ -68,19 +68,19 @@ static inline void vmalloc_init(void) - } - #endif - --extern void *vmalloc(unsigned long size); --extern void *vzalloc(unsigned long size); --extern void *vmalloc_user(unsigned long size); --extern void *vmalloc_node(unsigned long size, int node); --extern void *vzalloc_node(unsigned long size, int node); --extern void *vmalloc_exec(unsigned long size); --extern void *vmalloc_32(unsigned long size); --extern void *vmalloc_32_user(unsigned long size); --extern void *__vmalloc(unsigned long size, gfp_t gfp_mask, pgprot_t prot); -+extern void *vmalloc(unsigned long size) __attribute__((alloc_size(1))); -+extern void *vzalloc(unsigned long size) __attribute__((alloc_size(1))); -+extern void *vmalloc_user(unsigned long size) __attribute__((alloc_size(1))); -+extern void *vmalloc_node(unsigned long size, int node) __attribute__((alloc_size(1))); -+extern void *vzalloc_node(unsigned long size, int node) __attribute__((alloc_size(1))); -+extern void *vmalloc_exec(unsigned long size) __attribute__((alloc_size(1))); -+extern void *vmalloc_32(unsigned long size) __attribute__((alloc_size(1))); -+extern void *vmalloc_32_user(unsigned long size) __attribute__((alloc_size(1))); -+extern void *__vmalloc(unsigned long size, gfp_t gfp_mask, pgprot_t prot) __attribute__((alloc_size(1))); - extern void *__vmalloc_node_range(unsigned long size, unsigned long align, - unsigned long start, unsigned long end, gfp_t gfp_mask, - pgprot_t prot, unsigned long vm_flags, int node, -- const void *caller); -+ const void *caller) __attribute__((alloc_size(1))); - #ifndef CONFIG_MMU - extern void *__vmalloc_node_flags(unsigned long size, int node, gfp_t flags); - static inline void *__vmalloc_node_flags_caller(unsigned long size, int node, -diff --git a/init/Kconfig b/init/Kconfig -index e37f4b2a6445..49c20dea1afd 100644 ---- a/init/Kconfig -+++ b/init/Kconfig -@@ -296,6 +296,7 @@ config USELIB - config AUDIT - bool "Auditing support" - depends on NET -+ default y - help - Enable auditing infrastructure that can be used with another - kernel subsystem, such as SELinux (which requires this for -@@ -1039,6 +1040,12 @@ config CC_OPTIMIZE_FOR_SIZE - - endchoice - -+config LOCAL_INIT -+ bool "Zero uninitialized locals" -+ help -+ Zero-fill uninitialized local variables, other than variable-length -+ arrays. Requires compiler support. -+ - config SYSCTL - bool - -@@ -1296,8 +1303,7 @@ config SHMEM - which may be appropriate on small systems without swap. - - config AIO -- bool "Enable AIO support" if EXPERT -- default y -+ bool "Enable AIO support" - help - This option enables POSIX asynchronous I/O which may by used - by some high performance threaded applications. Disabling -@@ -1502,7 +1508,7 @@ config VM_EVENT_COUNTERS - - config SLUB_DEBUG - default y -- bool "Enable SLUB debugging support" if EXPERT -+ bool "Enable SLUB debugging support" - depends on SLUB && SYSFS - help - SLUB has extensive debug support features. Disabling these can -@@ -1526,7 +1532,6 @@ config SLUB_MEMCG_SYSFS_ON - - config COMPAT_BRK - bool "Disable heap randomization" -- default y - help - Randomizing heap placement makes heap exploits harder, but it - also breaks ancient binaries (including anything libc5 based). -@@ -1573,7 +1578,6 @@ endchoice - - config SLAB_MERGE_DEFAULT - bool "Allow slab caches to be merged" -- default y - help - For reduced kernel memory fragmentation, slab caches can be - merged when they share the same size and other characteristics. -@@ -1586,9 +1590,9 @@ config SLAB_MERGE_DEFAULT - command line. - - config SLAB_FREELIST_RANDOM -- default n - depends on SLAB || SLUB - bool "SLAB freelist randomization" -+ default y - help - Randomizes the freelist order used on creating new pages. This - security feature reduces the predictability of the kernel slab -@@ -1597,12 +1601,56 @@ config SLAB_FREELIST_RANDOM - config SLAB_FREELIST_HARDENED - bool "Harden slab freelist metadata" - depends on SLUB -+ default y - help - Many kernel heap attacks try to target slab cache metadata and - other infrastructure. This options makes minor performance - sacrifies to harden the kernel slab allocator against common - freelist exploit methods. - -+config SLAB_HARDENED -+ default y -+ depends on SLUB -+ bool "Hardened SLAB infrastructure" -+ help -+ Make minor performance sacrifices to harden the kernel slab -+ allocator. -+ -+config SLAB_CANARY -+ depends on SLUB -+ depends on !SLAB_MERGE_DEFAULT -+ bool "SLAB canaries" -+ default y -+ help -+ Place canaries at the end of kernel slab allocations, sacrificing -+ some performance and memory usage for security. -+ -+ Canaries can detect some forms of heap corruption when allocations -+ are freed and as part of the HARDENED_USERCOPY feature. It provides -+ basic use-after-free detection for HARDENED_USERCOPY. -+ -+ Canaries absorb small overflows (rendering them harmless), mitigate -+ non-NUL terminated C string overflows on 64-bit via a guaranteed zero -+ byte and provide basic double-free detection. -+ -+config SLAB_SANITIZE -+ bool "Sanitize SLAB allocations" -+ depends on SLUB -+ default y -+ help -+ Zero fill slab allocations on free, reducing the lifetime of -+ sensitive data and helping to mitigate use-after-free bugs. -+ -+ For slabs with debug poisoning enabling, this has no impact. -+ -+config SLAB_SANITIZE_VERIFY -+ depends on SLAB_SANITIZE && PAGE_SANITIZE -+ default y -+ bool "Verify sanitized SLAB allocations" -+ help -+ Verify that newly allocated slab allocations are zeroed to detect -+ write-after-free bugs. -+ - config SLUB_CPU_PARTIAL - default y - depends on SLUB && SMP -diff --git a/kernel/audit.c b/kernel/audit.c -index 227db99b0f19..aec52b408543 100644 ---- a/kernel/audit.c -+++ b/kernel/audit.c -@@ -1578,6 +1578,9 @@ static int __init audit_enable(char *str) - - if (audit_default == AUDIT_OFF) - audit_initialized = AUDIT_DISABLED; -+ else if (!audit_ever_enabled) -+ audit_initialized = AUDIT_UNINITIALIZED; -+ - if (audit_set_enabled(audit_default)) - panic("audit: error setting audit state (%d)\n", audit_default); - -diff --git a/kernel/bpf/core.c b/kernel/bpf/core.c -index ba03ec39efb3..47ed9081b668 100644 ---- a/kernel/bpf/core.c -+++ b/kernel/bpf/core.c -@@ -302,7 +302,7 @@ struct bpf_prog *bpf_patch_insn_single(struct bpf_prog *prog, u32 off, - #ifdef CONFIG_BPF_JIT - /* All BPF JIT sysctl knobs here. */ - int bpf_jit_enable __read_mostly = IS_BUILTIN(CONFIG_BPF_JIT_ALWAYS_ON); --int bpf_jit_harden __read_mostly; -+int bpf_jit_harden __read_mostly = 2; - int bpf_jit_kallsyms __read_mostly; - - static __always_inline void -diff --git a/kernel/bpf/syscall.c b/kernel/bpf/syscall.c -index 43f95d190eea..8e353f596873 100644 ---- a/kernel/bpf/syscall.c -+++ b/kernel/bpf/syscall.c -@@ -42,7 +42,7 @@ static DEFINE_SPINLOCK(prog_idr_lock); - static DEFINE_IDR(map_idr); - static DEFINE_SPINLOCK(map_idr_lock); - --int sysctl_unprivileged_bpf_disabled __read_mostly; -+int sysctl_unprivileged_bpf_disabled __read_mostly = 1; - - static const struct bpf_map_ops * const bpf_map_types[] = { - #define BPF_PROG_TYPE(_id, _ops) -diff --git a/kernel/capability.c b/kernel/capability.c -index 1e1c0236f55b..452062fe45ce 100644 ---- a/kernel/capability.c -+++ b/kernel/capability.c -@@ -431,6 +431,12 @@ bool capable(int cap) - return ns_capable(&init_user_ns, cap); - } - EXPORT_SYMBOL(capable); -+ -+bool capable_noaudit(int cap) -+{ -+ return ns_capable_noaudit(&init_user_ns, cap); -+} -+EXPORT_SYMBOL(capable_noaudit); - #endif /* CONFIG_MULTIUSER */ - - /** -diff --git a/kernel/events/core.c b/kernel/events/core.c -index ca7298760c83..910ac6cc9f07 100644 ---- a/kernel/events/core.c -+++ b/kernel/events/core.c -@@ -397,8 +397,13 @@ static cpumask_var_t perf_online_mask; - * 0 - disallow raw tracepoint access for unpriv - * 1 - disallow cpu events for unpriv - * 2 - disallow kernel profiling for unpriv -+ * 3 - disallow all unpriv perf event use - */ -+#ifdef CONFIG_SECURITY_PERF_EVENTS_RESTRICT -+int sysctl_perf_event_paranoid __read_mostly = 3; -+#else - int sysctl_perf_event_paranoid __read_mostly = 2; -+#endif - - /* Minimum for 512 kiB + 1 user control page */ - int sysctl_perf_event_mlock __read_mostly = 512 + (PAGE_SIZE / 1024); /* 'free' kiB per user */ -@@ -9921,6 +9926,9 @@ SYSCALL_DEFINE5(perf_event_open, - if (flags & ~PERF_FLAG_ALL) - return -EINVAL; - -+ if (perf_paranoid_any() && !capable(CAP_SYS_ADMIN)) -+ return -EACCES; -+ - err = perf_copy_attr(attr_uptr, &attr); - if (err) - return err; -diff --git a/kernel/fork.c b/kernel/fork.c -index e5d9d405ae4e..c4be89c51f25 100644 ---- a/kernel/fork.c -+++ b/kernel/fork.c -@@ -103,6 +103,11 @@ - - #define CREATE_TRACE_POINTS - #include -+#ifdef CONFIG_USER_NS -+extern int unprivileged_userns_clone; -+#else -+#define unprivileged_userns_clone 0 -+#endif - - /* - * Minimum number of threads to boot the kernel -@@ -1591,6 +1596,10 @@ static __latent_entropy struct task_struct *copy_process( - if ((clone_flags & (CLONE_NEWUSER|CLONE_FS)) == (CLONE_NEWUSER|CLONE_FS)) - return ERR_PTR(-EINVAL); - -+ if ((clone_flags & CLONE_NEWUSER) && !unprivileged_userns_clone) -+ if (!capable(CAP_SYS_ADMIN)) -+ return ERR_PTR(-EPERM); -+ - /* - * Thread groups must share signals as well, and detached threads - * can only be started up within the thread group. -@@ -2385,6 +2394,12 @@ SYSCALL_DEFINE1(unshare, unsigned long, unshare_flags) - if (unshare_flags & CLONE_NEWNS) - unshare_flags |= CLONE_FS; - -+ if ((unshare_flags & CLONE_NEWUSER) && !unprivileged_userns_clone) { -+ err = -EPERM; -+ if (!capable(CAP_SYS_ADMIN)) -+ goto bad_unshare_out; -+ } -+ - err = check_unshare_flags(unshare_flags); - if (err) - goto bad_unshare_out; -diff --git a/kernel/power/snapshot.c b/kernel/power/snapshot.c -index 3d37c279c090..0789ca413f09 100644 ---- a/kernel/power/snapshot.c -+++ b/kernel/power/snapshot.c -@@ -1138,7 +1138,7 @@ void free_basic_memory_bitmaps(void) - - void clear_free_pages(void) - { --#ifdef CONFIG_PAGE_POISONING_ZERO -+#if defined(CONFIG_PAGE_POISONING_ZERO) || defined(CONFIG_PAGE_SANITIZE) - struct memory_bitmap *bm = free_pages_map; - unsigned long pfn; - -@@ -1155,7 +1155,7 @@ void clear_free_pages(void) - } - memory_bm_position_reset(bm); - pr_info("free pages cleared after restore\n"); --#endif /* PAGE_POISONING_ZERO */ -+#endif /* PAGE_POISONING_ZERO || PAGE_SANITIZE */ - } - - /** -diff --git a/kernel/rcu/tiny.c b/kernel/rcu/tiny.c -index a64eee0db39e..4d7de378fe4c 100644 ---- a/kernel/rcu/tiny.c -+++ b/kernel/rcu/tiny.c -@@ -164,7 +164,7 @@ static void __rcu_process_callbacks(struct rcu_ctrlblk *rcp) - } - } - --static __latent_entropy void rcu_process_callbacks(struct softirq_action *unused) -+static __latent_entropy void rcu_process_callbacks(void) - { - __rcu_process_callbacks(&rcu_sched_ctrlblk); - __rcu_process_callbacks(&rcu_bh_ctrlblk); -diff --git a/kernel/rcu/tree.c b/kernel/rcu/tree.c -index 491bdf39f276..28f51c774671 100644 ---- a/kernel/rcu/tree.c -+++ b/kernel/rcu/tree.c -@@ -2906,7 +2906,7 @@ __rcu_process_callbacks(struct rcu_state *rsp) - /* - * Do RCU core processing for the current CPU. - */ --static __latent_entropy void rcu_process_callbacks(struct softirq_action *unused) -+static __latent_entropy void rcu_process_callbacks(void) - { - struct rcu_state *rsp; - -diff --git a/kernel/sched/fair.c b/kernel/sched/fair.c -index 5eb3ffc9be84..a60c59cbbaee 100644 ---- a/kernel/sched/fair.c -+++ b/kernel/sched/fair.c -@@ -9387,7 +9387,7 @@ static void nohz_idle_balance(struct rq *this_rq, enum cpu_idle_type idle) { } - * run_rebalance_domains is triggered when needed from the scheduler tick. - * Also triggered for nohz idle balancing (with nohz_balancing_kick set). - */ --static __latent_entropy void run_rebalance_domains(struct softirq_action *h) -+static __latent_entropy void run_rebalance_domains(void) - { - struct rq *this_rq = this_rq(); - enum cpu_idle_type idle = this_rq->idle_balance ? -diff --git a/kernel/softirq.c b/kernel/softirq.c -index 24d243ef8e71..4ed8a162cd70 100644 ---- a/kernel/softirq.c -+++ b/kernel/softirq.c -@@ -53,7 +53,7 @@ irq_cpustat_t irq_stat[NR_CPUS] ____cacheline_aligned; - EXPORT_SYMBOL(irq_stat); - #endif - --static struct softirq_action softirq_vec[NR_SOFTIRQS] __cacheline_aligned_in_smp; -+static struct softirq_action softirq_vec[NR_SOFTIRQS] __ro_after_init __aligned(PAGE_SIZE); - - DEFINE_PER_CPU(struct task_struct *, ksoftirqd); - -@@ -282,7 +282,7 @@ asmlinkage __visible void __softirq_entry __do_softirq(void) - kstat_incr_softirqs_this_cpu(vec_nr); - - trace_softirq_entry(vec_nr); -- h->action(h); -+ h->action(); - trace_softirq_exit(vec_nr); - if (unlikely(prev_count != preempt_count())) { - pr_err("huh, entered softirq %u %s %p with preempt_count %08x, exited with %08x?\n", -@@ -444,7 +444,7 @@ void __raise_softirq_irqoff(unsigned int nr) - or_softirq_pending(1UL << nr); - } - --void open_softirq(int nr, void (*action)(struct softirq_action *)) -+void __init open_softirq(int nr, void (*action)(void)) - { - softirq_vec[nr].action = action; - } -@@ -486,7 +486,7 @@ void __tasklet_hi_schedule(struct tasklet_struct *t) - } - EXPORT_SYMBOL(__tasklet_hi_schedule); - --static __latent_entropy void tasklet_action(struct softirq_action *a) -+static __latent_entropy void tasklet_action(void) - { - struct tasklet_struct *list; - -@@ -522,7 +522,7 @@ static __latent_entropy void tasklet_action(struct softirq_action *a) - } - } - --static __latent_entropy void tasklet_hi_action(struct softirq_action *a) -+static __latent_entropy void tasklet_hi_action(void) - { - struct tasklet_struct *list; - -diff --git a/kernel/sysctl.c b/kernel/sysctl.c -index f98f28c12020..861e8b721161 100644 ---- a/kernel/sysctl.c -+++ b/kernel/sysctl.c -@@ -99,12 +99,19 @@ - #if defined(CONFIG_SYSCTL) - - /* External variables not in a header file. */ -+#if IS_ENABLED(CONFIG_USB) -+int deny_new_usb __read_mostly = 0; -+EXPORT_SYMBOL(deny_new_usb); -+#endif - extern int suid_dumpable; - #ifdef CONFIG_COREDUMP - extern int core_uses_pid; - extern char core_pattern[]; - extern unsigned int core_pipe_limit; - #endif -+#ifdef CONFIG_USER_NS -+extern int unprivileged_userns_clone; -+#endif - extern int pid_max; - extern int pid_max_min, pid_max_max; - extern int percpu_pagelist_fraction; -@@ -116,40 +123,43 @@ extern int sysctl_nr_trim_pages; - - /* Constants used for minimum and maximum */ - #ifdef CONFIG_LOCKUP_DETECTOR --static int sixty = 60; -+static int sixty __read_only = 60; - #endif - --static int __maybe_unused neg_one = -1; -+static int __maybe_unused neg_one __read_only = -1; - - static int zero; --static int __maybe_unused one = 1; --static int __maybe_unused two = 2; --static int __maybe_unused four = 4; --static unsigned long one_ul = 1; --static int one_hundred = 100; --static int one_thousand = 1000; -+static int __maybe_unused one __read_only = 1; -+static int __maybe_unused two __read_only = 2; -+static int __maybe_unused four __read_only = 4; -+static unsigned long one_ul __read_only = 1; -+static int one_hundred __read_only = 100; -+static int one_thousand __read_only = 1000; - #ifdef CONFIG_PRINTK --static int ten_thousand = 10000; -+static int ten_thousand __read_only = 10000; - #endif - #ifdef CONFIG_PERF_EVENTS --static int six_hundred_forty_kb = 640 * 1024; -+static int six_hundred_forty_kb __read_only = 640 * 1024; - #endif - - /* this is needed for the proc_doulongvec_minmax of vm_dirty_bytes */ --static unsigned long dirty_bytes_min = 2 * PAGE_SIZE; -+static unsigned long dirty_bytes_min __read_only = 2 * PAGE_SIZE; - - /* this is needed for the proc_dointvec_minmax for [fs_]overflow UID and GID */ --static int maxolduid = 65535; --static int minolduid; -+static int maxolduid __read_only = 65535; -+static int minolduid __read_only; - --static int ngroups_max = NGROUPS_MAX; -+static int ngroups_max __read_only = NGROUPS_MAX; - static const int cap_last_cap = CAP_LAST_CAP; - - /*this is needed for proc_doulongvec_minmax of sysctl_hung_task_timeout_secs */ - #ifdef CONFIG_DETECT_HUNG_TASK --static unsigned long hung_task_timeout_max = (LONG_MAX/HZ); -+static unsigned long hung_task_timeout_max __read_only = (LONG_MAX/HZ); - #endif - -+int device_sidechannel_restrict __read_mostly = 1; -+EXPORT_SYMBOL(device_sidechannel_restrict); -+ - #ifdef CONFIG_INOTIFY_USER - #include - #endif -@@ -289,19 +299,19 @@ static struct ctl_table sysctl_base_table[] = { - }; - - #ifdef CONFIG_SCHED_DEBUG --static int min_sched_granularity_ns = 100000; /* 100 usecs */ --static int max_sched_granularity_ns = NSEC_PER_SEC; /* 1 second */ --static int min_wakeup_granularity_ns; /* 0 usecs */ --static int max_wakeup_granularity_ns = NSEC_PER_SEC; /* 1 second */ -+static int min_sched_granularity_ns __read_only = 100000; /* 100 usecs */ -+static int max_sched_granularity_ns __read_only = NSEC_PER_SEC; /* 1 second */ -+static int min_wakeup_granularity_ns __read_only; /* 0 usecs */ -+static int max_wakeup_granularity_ns __read_only = NSEC_PER_SEC; /* 1 second */ - #ifdef CONFIG_SMP --static int min_sched_tunable_scaling = SCHED_TUNABLESCALING_NONE; --static int max_sched_tunable_scaling = SCHED_TUNABLESCALING_END-1; -+static int min_sched_tunable_scaling __read_only = SCHED_TUNABLESCALING_NONE; -+static int max_sched_tunable_scaling __read_only = SCHED_TUNABLESCALING_END-1; - #endif /* CONFIG_SMP */ - #endif /* CONFIG_SCHED_DEBUG */ - - #ifdef CONFIG_COMPACTION --static int min_extfrag_threshold; --static int max_extfrag_threshold = 1000; -+static int min_extfrag_threshold __read_only; -+static int max_extfrag_threshold __read_only = 1000; - #endif - - static struct ctl_table kern_table[] = { -@@ -515,6 +525,15 @@ static struct ctl_table kern_table[] = { - .proc_handler = proc_dointvec, - }, - #endif -+#ifdef CONFIG_USER_NS -+ { -+ .procname = "unprivileged_userns_clone", -+ .data = &unprivileged_userns_clone, -+ .maxlen = sizeof(int), -+ .mode = 0644, -+ .proc_handler = proc_dointvec, -+ }, -+#endif - #ifdef CONFIG_PROC_SYSCTL - { - .procname = "tainted", -@@ -856,6 +875,26 @@ static struct ctl_table kern_table[] = { - .extra1 = &zero, - .extra2 = &two, - }, -+#endif -+ { -+ .procname = "device_sidechannel_restrict", -+ .data = &device_sidechannel_restrict, -+ .maxlen = sizeof(int), -+ .mode = 0644, -+ .proc_handler = proc_dointvec_minmax_sysadmin, -+ .extra1 = &zero, -+ .extra2 = &one, -+ }, -+#if IS_ENABLED(CONFIG_USB) -+ { -+ .procname = "deny_new_usb", -+ .data = &deny_new_usb, -+ .maxlen = sizeof(int), -+ .mode = 0644, -+ .proc_handler = proc_dointvec_minmax_sysadmin, -+ .extra1 = &zero, -+ .extra2 = &one, -+ }, - #endif - { - .procname = "ngroups_max", -diff --git a/kernel/time/hrtimer.c b/kernel/time/hrtimer.c -index 23788100e214..5577a58d1c7a 100644 ---- a/kernel/time/hrtimer.c -+++ b/kernel/time/hrtimer.c -@@ -1413,7 +1413,7 @@ static void __hrtimer_run_queues(struct hrtimer_cpu_base *cpu_base, ktime_t now, - } - } - --static __latent_entropy void hrtimer_run_softirq(struct softirq_action *h) -+static __latent_entropy void hrtimer_run_softirq(void) - { - struct hrtimer_cpu_base *cpu_base = this_cpu_ptr(&hrtimer_bases); - unsigned long flags; -diff --git a/kernel/time/timer.c b/kernel/time/timer.c -index 4a4fd567fb26..be236ef42690 100644 ---- a/kernel/time/timer.c -+++ b/kernel/time/timer.c -@@ -1672,7 +1672,7 @@ static inline void __run_timers(struct timer_base *base) - /* - * This function runs timers and the timer-tq in bottom half context. - */ --static __latent_entropy void run_timer_softirq(struct softirq_action *h) -+static __latent_entropy void run_timer_softirq(void) - { - struct timer_base *base = this_cpu_ptr(&timer_bases[BASE_STD]); - -diff --git a/kernel/user_namespace.c b/kernel/user_namespace.c -index 246d4d4ce5c7..f64432b45cec 100644 ---- a/kernel/user_namespace.c -+++ b/kernel/user_namespace.c -@@ -26,6 +26,9 @@ - #include - #include - -+/* sysctl */ -+int unprivileged_userns_clone; -+ - static struct kmem_cache *user_ns_cachep __read_mostly; - static DEFINE_MUTEX(userns_state_mutex); - -diff --git a/lib/Kconfig.debug b/lib/Kconfig.debug -index 64155e310a9f..0c002bbb8f75 100644 ---- a/lib/Kconfig.debug -+++ b/lib/Kconfig.debug -@@ -945,6 +945,7 @@ endmenu # "Debug lockups and hangs" - - config PANIC_ON_OOPS - bool "Panic on Oops" -+ default y - help - Say Y here to enable the kernel to panic when it oopses. This - has the same effect as setting oops=panic on the kernel command -@@ -954,7 +955,7 @@ config PANIC_ON_OOPS - anything erroneous after an oops which could result in data - corruption or other issues. - -- Say N if unsure. -+ Say Y if unsure. - - config PANIC_ON_OOPS_VALUE - int -@@ -1309,6 +1310,7 @@ config DEBUG_BUGVERBOSE - config DEBUG_LIST - bool "Debug linked list manipulation" - depends on DEBUG_KERNEL || BUG_ON_DATA_CORRUPTION -+ default y - help - Enable this to turn on extended checks in the linked-list - walking routines. -@@ -1949,6 +1951,7 @@ config MEMTEST - config BUG_ON_DATA_CORRUPTION - bool "Trigger a BUG when data corruption is detected" - select DEBUG_LIST -+ default y - help - Select this option if the kernel should BUG when it encounters - data corruption in kernel memory structures when they get checked -@@ -1988,6 +1991,7 @@ config STRICT_DEVMEM - config IO_STRICT_DEVMEM - bool "Filter I/O access to /dev/mem" - depends on STRICT_DEVMEM -+ default y - ---help--- - If this option is disabled, you allow userspace (root) access to all - io-memory regardless of whether a driver is actively using that -diff --git a/lib/irq_poll.c b/lib/irq_poll.c -index 86a709954f5a..6f15787fcb1b 100644 ---- a/lib/irq_poll.c -+++ b/lib/irq_poll.c -@@ -75,7 +75,7 @@ void irq_poll_complete(struct irq_poll *iop) - } - EXPORT_SYMBOL(irq_poll_complete); - --static void __latent_entropy irq_poll_softirq(struct softirq_action *h) -+static void __latent_entropy irq_poll_softirq(void) - { - struct list_head *list = this_cpu_ptr(&blk_cpu_iopoll); - int rearm = 0, budget = irq_poll_budget; -diff --git a/lib/kobject.c b/lib/kobject.c -index d20a97a7e168..7afe7fcfa6c9 100644 ---- a/lib/kobject.c -+++ b/lib/kobject.c -@@ -954,9 +954,9 @@ EXPORT_SYMBOL_GPL(kset_create_and_add); - - - static DEFINE_SPINLOCK(kobj_ns_type_lock); --static const struct kobj_ns_type_operations *kobj_ns_ops_tbl[KOBJ_NS_TYPES]; -+static const struct kobj_ns_type_operations *kobj_ns_ops_tbl[KOBJ_NS_TYPES] __ro_after_init; - --int kobj_ns_type_register(const struct kobj_ns_type_operations *ops) -+int __init kobj_ns_type_register(const struct kobj_ns_type_operations *ops) - { - enum kobj_ns_type type = ops->type; - int error; -diff --git a/lib/nlattr.c b/lib/nlattr.c -index dfa55c873c13..c6b0436f473d 100644 ---- a/lib/nlattr.c -+++ b/lib/nlattr.c -@@ -364,6 +364,8 @@ int nla_memcpy(void *dest, const struct nlattr *src, int count) - { - int minlen = min_t(int, count, nla_len(src)); - -+ BUG_ON(minlen < 0); -+ - memcpy(dest, nla_data(src), minlen); - if (count > minlen) - memset(dest + minlen, 0, count - minlen); -diff --git a/lib/vsprintf.c b/lib/vsprintf.c -index 38b509cc6b46..6b3bf13d57d6 100644 ---- a/lib/vsprintf.c -+++ b/lib/vsprintf.c -@@ -1344,7 +1344,7 @@ char *uuid_string(char *buf, char *end, const u8 *addr, - return string(buf, end, uuid, spec); - } - --int kptr_restrict __read_mostly; -+int kptr_restrict __read_mostly = 2; - - static noinline_for_stack - char *restricted_pointer(char *buf, char *end, const void *ptr, -diff --git a/mm/Kconfig b/mm/Kconfig -index e07608f64d47..18937911b87a 100644 ---- a/mm/Kconfig -+++ b/mm/Kconfig -@@ -319,7 +319,8 @@ config KSM - config DEFAULT_MMAP_MIN_ADDR - int "Low address space to protect from user allocation" - depends on MMU -- default 4096 -+ default 32768 if ARM || (ARM64 && COMPAT) -+ default 65536 - help - This is the portion of low virtual memory which should be protected - from userspace allocation. Keeping a user from writing to low pages -diff --git a/mm/mmap.c b/mm/mmap.c -index 03ca089cce0f..9bf52aa6b042 100644 ---- a/mm/mmap.c -+++ b/mm/mmap.c -@@ -220,6 +220,13 @@ SYSCALL_DEFINE1(brk, unsigned long, brk) - - newbrk = PAGE_ALIGN(brk); - oldbrk = PAGE_ALIGN(mm->brk); -+ /* properly handle unaligned min_brk as an empty heap */ -+ if (min_brk & ~PAGE_MASK) { -+ if (brk == min_brk) -+ newbrk -= PAGE_SIZE; -+ if (mm->brk == min_brk) -+ oldbrk -= PAGE_SIZE; -+ } - if (oldbrk == newbrk) - goto set_brk; - -diff --git a/mm/page_alloc.c b/mm/page_alloc.c -index 1741dd23e7c1..462ce9910e43 100644 ---- a/mm/page_alloc.c -+++ b/mm/page_alloc.c -@@ -68,6 +68,7 @@ - #include - #include - #include -+#include - - #include - #include -@@ -101,6 +102,15 @@ int _node_numa_mem_[MAX_NUMNODES]; - DEFINE_MUTEX(pcpu_drain_mutex); - DEFINE_PER_CPU(struct work_struct, pcpu_drain); - -+bool __meminitdata extra_latent_entropy; -+ -+static int __init setup_extra_latent_entropy(char *str) -+{ -+ extra_latent_entropy = true; -+ return 0; -+} -+early_param("extra_latent_entropy", setup_extra_latent_entropy); -+ - #ifdef CONFIG_GCC_PLUGIN_LATENT_ENTROPY - volatile unsigned long latent_entropy __latent_entropy; - EXPORT_SYMBOL(latent_entropy); -@@ -1069,6 +1079,13 @@ static __always_inline bool free_pages_prepare(struct page *page, - debug_check_no_obj_freed(page_address(page), - PAGE_SIZE << order); - } -+ -+ if (IS_ENABLED(CONFIG_PAGE_SANITIZE)) { -+ int i; -+ for (i = 0; i < (1 << order); i++) -+ clear_highpage(page + i); -+ } -+ - arch_free_page(page, order); - kernel_poison_pages(page, 1 << order, 0); - kernel_map_pages(page, 1 << order, 0); -@@ -1286,6 +1303,21 @@ static void __init __free_pages_boot_core(struct page *page, unsigned int order) - __ClearPageReserved(p); - set_page_count(p, 0); - -+ if (extra_latent_entropy && !PageHighMem(page) && page_to_pfn(page) < 0x100000) { -+ unsigned long hash = 0; -+ size_t index, end = PAGE_SIZE * nr_pages / sizeof hash; -+ const unsigned long *data = lowmem_page_address(page); -+ -+ for (index = 0; index < end; index++) -+ hash ^= hash + data[index]; -+#ifdef CONFIG_GCC_PLUGIN_LATENT_ENTROPY -+ latent_entropy ^= hash; -+ add_device_randomness((const void *)&latent_entropy, sizeof(latent_entropy)); -+#else -+ add_device_randomness((const void *)&hash, sizeof(hash)); -+#endif -+ } -+ - page_zone(page)->managed_pages += nr_pages; - set_page_refcounted(page); - __free_pages(page, order); -@@ -1754,8 +1786,8 @@ static inline int check_new_page(struct page *page) - - static inline bool free_pages_prezeroed(void) - { -- return IS_ENABLED(CONFIG_PAGE_POISONING_ZERO) && -- page_poisoning_enabled(); -+ return IS_ENABLED(CONFIG_PAGE_SANITIZE) || -+ (IS_ENABLED(CONFIG_PAGE_POISONING_ZERO) && page_poisoning_enabled()); - } - - #ifdef CONFIG_DEBUG_VM -@@ -1812,6 +1844,11 @@ static void prep_new_page(struct page *page, unsigned int order, gfp_t gfp_flags - - post_alloc_hook(page, order, gfp_flags); - -+ if (IS_ENABLED(CONFIG_PAGE_SANITIZE_VERIFY)) { -+ for (i = 0; i < (1 << order); i++) -+ verify_zero_highpage(page + i); -+ } -+ - if (!free_pages_prezeroed() && (gfp_flags & __GFP_ZERO)) - for (i = 0; i < (1 << order); i++) - clear_highpage(page + i); -diff --git a/mm/slab.h b/mm/slab.h -index 51813236e773..e0d1b194a454 100644 ---- a/mm/slab.h -+++ b/mm/slab.h -@@ -312,7 +312,11 @@ static inline bool is_root_cache(struct kmem_cache *s) - static inline bool slab_equal_or_root(struct kmem_cache *s, - struct kmem_cache *p) - { -+#ifdef CONFIG_SLAB_HARDENED -+ return p == s; -+#else - return true; -+#endif - } - - static inline const char *cache_name(struct kmem_cache *s) -@@ -364,18 +368,26 @@ static inline struct kmem_cache *cache_from_obj(struct kmem_cache *s, void *x) - * to not do even the assignment. In that case, slab_equal_or_root - * will also be a constant. - */ -- if (!memcg_kmem_enabled() && -+ if (!IS_ENABLED(CONFIG_SLAB_HARDENED) && -+ !memcg_kmem_enabled() && - !unlikely(s->flags & SLAB_CONSISTENCY_CHECKS)) - return s; - - page = virt_to_head_page(x); -+#ifdef CONFIG_SLAB_HARDENED -+ BUG_ON(!PageSlab(page)); -+#endif - cachep = page->slab_cache; - if (slab_equal_or_root(cachep, s)) - return cachep; - - pr_err("%s: Wrong slab cache. %s but object is from %s\n", - __func__, s->name, cachep->name); -+#ifdef CONFIG_BUG_ON_DATA_CORRUPTION -+ BUG_ON(1); -+#else - WARN_ON_ONCE(1); -+#endif - return s; - } - -@@ -400,7 +412,7 @@ static inline size_t slab_ksize(const struct kmem_cache *s) - * back there or track user information then we can - * only use the space before that information. - */ -- if (s->flags & (SLAB_TYPESAFE_BY_RCU | SLAB_STORE_USER)) -+ if ((s->flags & (SLAB_TYPESAFE_BY_RCU | SLAB_STORE_USER)) || IS_ENABLED(CONFIG_SLAB_CANARY)) - return s->inuse; - /* - * Else we can use all the padding etc for the allocation -diff --git a/mm/slab_common.c b/mm/slab_common.c -index 10f127b2de7c..3637ef72c5b4 100644 ---- a/mm/slab_common.c -+++ b/mm/slab_common.c -@@ -26,10 +26,10 @@ - - #include "slab.h" - --enum slab_state slab_state; -+enum slab_state slab_state __ro_after_init; - LIST_HEAD(slab_caches); - DEFINE_MUTEX(slab_mutex); --struct kmem_cache *kmem_cache; -+struct kmem_cache *kmem_cache __ro_after_init; - - #ifdef CONFIG_HARDENED_USERCOPY - bool usercopy_fallback __ro_after_init = -@@ -57,7 +57,7 @@ static DECLARE_WORK(slab_caches_to_rcu_destroy_work, - /* - * Merge control. If this is set then no merging of slab caches will occur. - */ --static bool slab_nomerge = !IS_ENABLED(CONFIG_SLAB_MERGE_DEFAULT); -+static bool slab_nomerge __ro_after_init = !IS_ENABLED(CONFIG_SLAB_MERGE_DEFAULT); - - static int __init setup_slab_nomerge(char *str) - { -@@ -968,7 +968,7 @@ EXPORT_SYMBOL(kmalloc_dma_caches); - * of two cache sizes there. The size of larger slabs can be determined using - * fls. - */ --static s8 size_index[24] = { -+static s8 size_index[24] __ro_after_init = { - 3, /* 8 */ - 4, /* 16 */ - 5, /* 24 */ -diff --git a/mm/slub.c b/mm/slub.c -index e381728a3751..76dd844d978a 100644 ---- a/mm/slub.c -+++ b/mm/slub.c -@@ -125,6 +125,16 @@ static inline int kmem_cache_debug(struct kmem_cache *s) - #endif - } - -+static inline bool has_sanitize(struct kmem_cache *s) -+{ -+ return IS_ENABLED(CONFIG_SLAB_SANITIZE) && !(s->flags & (SLAB_TYPESAFE_BY_RCU | SLAB_POISON)); -+} -+ -+static inline bool has_sanitize_verify(struct kmem_cache *s) -+{ -+ return IS_ENABLED(CONFIG_SLAB_SANITIZE_VERIFY) && has_sanitize(s); -+} -+ - void *fixup_red_left(struct kmem_cache *s, void *p) - { - if (kmem_cache_debug(s) && s->flags & SLAB_RED_ZONE) -@@ -299,6 +309,35 @@ static inline void set_freepointer(struct kmem_cache *s, void *object, void *fp) - *(void **)freeptr_addr = freelist_ptr(s, fp, freeptr_addr); - } - -+#ifdef CONFIG_SLAB_CANARY -+static inline unsigned long *get_canary(struct kmem_cache *s, void *object) -+{ -+ if (s->offset) -+ return object + s->offset + sizeof(void *); -+ return object + s->inuse; -+} -+ -+static inline unsigned long get_canary_value(const void *canary, unsigned long value) -+{ -+ return (value ^ (unsigned long)canary) & CANARY_MASK; -+} -+ -+static inline void set_canary(struct kmem_cache *s, void *object, unsigned long value) -+{ -+ unsigned long *canary = get_canary(s, object); -+ *canary = get_canary_value(canary, value); -+} -+ -+static inline void check_canary(struct kmem_cache *s, void *object, unsigned long value) -+{ -+ unsigned long *canary = get_canary(s, object); -+ BUG_ON(*canary != get_canary_value(canary, value)); -+} -+#else -+#define set_canary(s, object, value) -+#define check_canary(s, object, value) -+#endif -+ - /* Loop over all objects in a slab */ - #define for_each_object(__p, __s, __addr, __objects) \ - for (__p = fixup_red_left(__s, __addr); \ -@@ -486,13 +525,13 @@ static inline void *restore_red_left(struct kmem_cache *s, void *p) - * Debug settings: - */ - #if defined(CONFIG_SLUB_DEBUG_ON) --static slab_flags_t slub_debug = DEBUG_DEFAULT_FLAGS; -+static slab_flags_t slub_debug __ro_after_init = DEBUG_DEFAULT_FLAGS; - #else --static slab_flags_t slub_debug; -+static slab_flags_t slub_debug __ro_after_init; - #endif - --static char *slub_debug_slabs; --static int disable_higher_order_debug; -+static char *slub_debug_slabs __ro_after_init; -+static int disable_higher_order_debug __ro_after_init; - - /* - * slub is about to manipulate internal object metadata. This memory lies -@@ -552,6 +591,9 @@ static struct track *get_track(struct kmem_cache *s, void *object, - else - p = object + s->inuse; - -+ if (IS_ENABLED(CONFIG_SLAB_CANARY)) -+ p = (void *)p + sizeof(void *); -+ - return p + alloc; - } - -@@ -690,6 +732,9 @@ static void print_trailer(struct kmem_cache *s, struct page *page, u8 *p) - else - off = s->inuse; - -+ if (IS_ENABLED(CONFIG_SLAB_CANARY)) -+ off += sizeof(void *); -+ - if (s->flags & SLAB_STORE_USER) - off += 2 * sizeof(struct track); - -@@ -819,6 +864,9 @@ static int check_pad_bytes(struct kmem_cache *s, struct page *page, u8 *p) - /* Freepointer is placed after the object. */ - off += sizeof(void *); - -+ if (IS_ENABLED(CONFIG_SLAB_CANARY)) -+ off += sizeof(void *); -+ - if (s->flags & SLAB_STORE_USER) - /* We also have user information there */ - off += 2 * sizeof(struct track); -@@ -1420,8 +1468,9 @@ static void setup_object(struct kmem_cache *s, struct page *page, - void *object) - { - setup_object_debug(s, page, object); -+ set_canary(s, object, s->random_inactive); - kasan_init_slab_obj(s, object); -- if (unlikely(s->ctor)) { -+ if (unlikely(s->ctor) && !has_sanitize_verify(s)) { - kasan_unpoison_object_data(s, object); - s->ctor(object); - kasan_poison_object_data(s, object); -@@ -2719,9 +2768,21 @@ static __always_inline void *slab_alloc_node(struct kmem_cache *s, - stat(s, ALLOC_FASTPATH); - } - -- if (unlikely(gfpflags & __GFP_ZERO) && object) -+ if (has_sanitize_verify(s) && object) { -+ size_t offset = s->offset ? 0 : sizeof(void *); -+ BUG_ON(memchr_inv(object + offset, 0, s->object_size - offset)); -+ if (s->ctor) -+ s->ctor(object); -+ if (unlikely(gfpflags & __GFP_ZERO) && offset) -+ memset(object, 0, sizeof(void *)); -+ } else if (unlikely(gfpflags & __GFP_ZERO) && object) - memset(object, 0, s->object_size); - -+ if (object) { -+ check_canary(s, object, s->random_inactive); -+ set_canary(s, object, s->random_active); -+ } -+ - slab_post_alloc_hook(s, gfpflags, 1, &object); - - return object; -@@ -2928,6 +2989,27 @@ static __always_inline void do_slab_free(struct kmem_cache *s, - void *tail_obj = tail ? : head; - struct kmem_cache_cpu *c; - unsigned long tid; -+ bool sanitize = has_sanitize(s); -+ -+ if (IS_ENABLED(CONFIG_SLAB_CANARY) || sanitize) { -+ __maybe_unused int offset = s->offset ? 0 : sizeof(void *); -+ void *x = head; -+ -+ while (1) { -+ check_canary(s, x, s->random_active); -+ set_canary(s, x, s->random_inactive); -+ -+ if (sanitize) { -+ memset(x + offset, 0, s->object_size - offset); -+ if (!IS_ENABLED(CONFIG_SLAB_SANITIZE_VERIFY) && s->ctor) -+ s->ctor(x); -+ } -+ if (x == tail_obj) -+ break; -+ x = get_freepointer(s, x); -+ } -+ } -+ - redo: - /* - * Determine the currently cpus per cpu slab. -@@ -3106,7 +3188,7 @@ int kmem_cache_alloc_bulk(struct kmem_cache *s, gfp_t flags, size_t size, - void **p) - { - struct kmem_cache_cpu *c; -- int i; -+ int i, k; - - /* memcg and kmem_cache debug support */ - s = slab_pre_alloc_hook(s, flags); -@@ -3143,13 +3225,29 @@ int kmem_cache_alloc_bulk(struct kmem_cache *s, gfp_t flags, size_t size, - local_irq_enable(); - - /* Clear memory outside IRQ disabled fastpath loop */ -- if (unlikely(flags & __GFP_ZERO)) { -+ if (has_sanitize_verify(s)) { -+ int j; -+ -+ for (j = 0; j < i; j++) { -+ size_t offset = s->offset ? 0 : sizeof(void *); -+ BUG_ON(memchr_inv(p[j] + offset, 0, s->object_size - offset)); -+ if (s->ctor) -+ s->ctor(p[j]); -+ if (unlikely(flags & __GFP_ZERO) && offset) -+ memset(p[j], 0, sizeof(void *)); -+ } -+ } else if (unlikely(flags & __GFP_ZERO)) { - int j; - - for (j = 0; j < i; j++) - memset(p[j], 0, s->object_size); - } - -+ for (k = 0; k < i; k++) { -+ check_canary(s, p[k], s->random_inactive); -+ set_canary(s, p[k], s->random_active); -+ } -+ - /* memcg and kmem_cache debug support */ - slab_post_alloc_hook(s, flags, size, p); - return i; -@@ -3181,9 +3279,9 @@ EXPORT_SYMBOL(kmem_cache_alloc_bulk); - * and increases the number of allocations possible without having to - * take the list_lock. - */ --static int slub_min_order; --static int slub_max_order = PAGE_ALLOC_COSTLY_ORDER; --static int slub_min_objects; -+static int slub_min_order __ro_after_init; -+static int slub_max_order __ro_after_init = PAGE_ALLOC_COSTLY_ORDER; -+static int slub_min_objects __ro_after_init; - - /* - * Calculate the order of allocation given an slab object size. -@@ -3353,6 +3451,7 @@ static void early_kmem_cache_node_alloc(int node) - init_object(kmem_cache_node, n, SLUB_RED_ACTIVE); - init_tracking(kmem_cache_node, n); - #endif -+ set_canary(kmem_cache_node, n, kmem_cache_node->random_active); - kasan_kmalloc(kmem_cache_node, n, sizeof(struct kmem_cache_node), - GFP_KERNEL); - init_kmem_cache_node(n); -@@ -3509,6 +3608,9 @@ static int calculate_sizes(struct kmem_cache *s, int forced_order) - size += sizeof(void *); - } - -+ if (IS_ENABLED(CONFIG_SLAB_CANARY)) -+ size += sizeof(void *); -+ - #ifdef CONFIG_SLUB_DEBUG - if (flags & SLAB_STORE_USER) - /* -@@ -3579,6 +3681,10 @@ static int kmem_cache_open(struct kmem_cache *s, slab_flags_t flags) - #ifdef CONFIG_SLAB_FREELIST_HARDENED - s->random = get_random_long(); - #endif -+#ifdef CONFIG_SLAB_CANARY -+ s->random_active = get_random_long(); -+ s->random_inactive = get_random_long(); -+#endif - - if (need_reserve_slab_rcu && (s->flags & SLAB_TYPESAFE_BY_RCU)) - s->reserved = sizeof(struct rcu_head); -@@ -3846,6 +3952,8 @@ void __check_heap_object(const void *ptr, unsigned long n, struct page *page, - offset -= s->red_left_pad; - } - -+ check_canary(s, (void *)ptr - offset, s->random_active); -+ - /* Allow address range falling entirely within usercopy region. */ - if (offset >= s->useroffset && - offset - s->useroffset <= s->usersize && -@@ -3879,7 +3987,11 @@ static size_t __ksize(const void *object) - page = virt_to_head_page(object); - - if (unlikely(!PageSlab(page))) { -+#ifdef CONFIG_BUG_ON_DATA_CORRUPTION -+ BUG_ON(!PageCompound(page)); -+#else - WARN_ON(!PageCompound(page)); -+#endif - return PAGE_SIZE << compound_order(page); - } - -@@ -4744,7 +4856,7 @@ enum slab_stat_type { - #define SO_TOTAL (1 << SL_TOTAL) - - #ifdef CONFIG_MEMCG --static bool memcg_sysfs_enabled = IS_ENABLED(CONFIG_SLUB_MEMCG_SYSFS_ON); -+static bool memcg_sysfs_enabled __ro_after_init = IS_ENABLED(CONFIG_SLUB_MEMCG_SYSFS_ON); - - static int __init setup_slub_memcg_sysfs(char *str) - { -diff --git a/mm/swap.c b/mm/swap.c -index 0f17330dd0e5..6e52cb476ef5 100644 ---- a/mm/swap.c -+++ b/mm/swap.c -@@ -92,6 +92,13 @@ static void __put_compound_page(struct page *page) - if (!PageHuge(page)) - __page_cache_release(page); - dtor = get_compound_page_dtor(page); -+ if (!PageHuge(page)) -+ BUG_ON(dtor != free_compound_page -+#ifdef CONFIG_TRANSPARENT_HUGEPAGE -+ && dtor != free_transhuge_page -+#endif -+ ); -+ - (*dtor)(page); - } - -diff --git a/net/core/dev.c b/net/core/dev.c -index ace13bea3e50..77a1519c52b7 100644 ---- a/net/core/dev.c -+++ b/net/core/dev.c -@@ -4196,7 +4196,7 @@ int netif_rx_ni(struct sk_buff *skb) - } - EXPORT_SYMBOL(netif_rx_ni); - --static __latent_entropy void net_tx_action(struct softirq_action *h) -+static __latent_entropy void net_tx_action(void) - { - struct softnet_data *sd = this_cpu_ptr(&softnet_data); - -@@ -5745,7 +5745,7 @@ static int napi_poll(struct napi_struct *n, struct list_head *repoll) - return work; - } - --static __latent_entropy void net_rx_action(struct softirq_action *h) -+static __latent_entropy void net_rx_action(void) - { - struct softnet_data *sd = this_cpu_ptr(&softnet_data); - unsigned long time_limit = jiffies + -diff --git a/net/ipv4/Kconfig b/net/ipv4/Kconfig -index f48fe6fc7e8c..d78c52835c08 100644 ---- a/net/ipv4/Kconfig -+++ b/net/ipv4/Kconfig -@@ -261,6 +261,7 @@ config IP_PIMSM_V2 - - config SYN_COOKIES - bool "IP: TCP syncookie support" -+ default y - ---help--- - Normal TCP/IP networking is open to an attack known as "SYN - flooding". This denial-of-service attack prevents legitimate remote -diff --git a/scripts/mod/modpost.c b/scripts/mod/modpost.c -index 9917f928d0fd..784e0e2fc839 100644 ---- a/scripts/mod/modpost.c -+++ b/scripts/mod/modpost.c -@@ -37,6 +37,7 @@ static int vmlinux_section_warnings = 1; - static int warn_unresolved = 0; - /* How a symbol is exported */ - static int sec_mismatch_count = 0; -+static int writable_fptr_count = 0; - static int sec_mismatch_verbose = 1; - static int sec_mismatch_fatal = 0; - /* ignore missing files */ -@@ -965,6 +966,7 @@ enum mismatch { - ANY_EXIT_TO_ANY_INIT, - EXPORT_TO_INIT_EXIT, - EXTABLE_TO_NON_TEXT, -+ DATA_TO_TEXT - }; - - /** -@@ -1091,6 +1093,12 @@ static const struct sectioncheck sectioncheck[] = { - .good_tosec = {ALL_TEXT_SECTIONS , NULL}, - .mismatch = EXTABLE_TO_NON_TEXT, - .handler = extable_mismatch_handler, -+}, -+/* Do not reference code from writable data */ -+{ -+ .fromsec = { DATA_SECTIONS, NULL }, -+ .bad_tosec = { ALL_TEXT_SECTIONS, NULL }, -+ .mismatch = DATA_TO_TEXT - } - }; - -@@ -1240,10 +1248,10 @@ static Elf_Sym *find_elf_symbol(struct elf_info *elf, Elf64_Sword addr, - continue; - if (ELF_ST_TYPE(sym->st_info) == STT_SECTION) - continue; -- if (sym->st_value == addr) -- return sym; - /* Find a symbol nearby - addr are maybe negative */ - d = sym->st_value - addr; -+ if (d == 0) -+ return sym; - if (d < 0) - d = addr - sym->st_value; - if (d < distance) { -@@ -1402,7 +1410,11 @@ static void report_sec_mismatch(const char *modname, - char *prl_from; - char *prl_to; - -- sec_mismatch_count++; -+ if (mismatch->mismatch == DATA_TO_TEXT) -+ writable_fptr_count++; -+ else -+ sec_mismatch_count++; -+ - if (!sec_mismatch_verbose) - return; - -@@ -1526,6 +1538,14 @@ static void report_sec_mismatch(const char *modname, - fatal("There's a special handler for this mismatch type, " - "we should never get here."); - break; -+ case DATA_TO_TEXT: -+#if 0 -+ fprintf(stderr, -+ "The %s %s:%s references\n" -+ "the %s %s:%s%s\n", -+ from, fromsec, fromsym, to, tosec, tosym, to_p); -+#endif -+ break; - } - fprintf(stderr, "\n"); - } -@@ -2539,6 +2559,14 @@ int main(int argc, char **argv) - } - } - free(buf.p); -+ if (writable_fptr_count) { -+ if (!sec_mismatch_verbose) { -+ warn("modpost: Found %d writable function pointer(s).\n" -+ "To see full details build your kernel with:\n" -+ "'make CONFIG_DEBUG_SECTION_MISMATCH=y'\n", -+ writable_fptr_count); -+ } -+ } - - return err; - } -diff --git a/security/Kconfig b/security/Kconfig -index c4302067a3ad..1b1e9368cae5 100644 ---- a/security/Kconfig -+++ b/security/Kconfig -@@ -8,7 +8,7 @@ source security/keys/Kconfig - - config SECURITY_DMESG_RESTRICT - bool "Restrict unprivileged access to the kernel syslog" -- default n -+ default y - help - This enforces restrictions on unprivileged users reading the kernel - syslog via dmesg(8). -@@ -18,10 +18,21 @@ config SECURITY_DMESG_RESTRICT - - If you are unsure how to answer this question, answer N. - -+config SECURITY_PERF_EVENTS_RESTRICT -+ bool "Restrict unprivileged use of performance events" -+ depends on PERF_EVENTS -+ default y -+ help -+ If you say Y here, the kernel.perf_event_paranoid sysctl -+ will be set to 3 by default, and no unprivileged use of the -+ perf_event_open syscall will be permitted unless it is -+ changed. -+ - config SECURITY - bool "Enable different security models" - depends on SYSFS - depends on MULTIUSER -+ default y - help - This allows you to choose different security modules to be - configured into your kernel. -@@ -48,6 +59,7 @@ config SECURITYFS - config SECURITY_NETWORK - bool "Socket and Networking Security Hooks" - depends on SECURITY -+ default y - help - This enables the socket and networking security hooks. - If enabled, a security module can use these hooks to -@@ -155,6 +167,7 @@ config HARDENED_USERCOPY - depends on HAVE_HARDENED_USERCOPY_ALLOCATOR - select BUG - imply STRICT_DEVMEM -+ default y - help - This option checks for obviously wrong memory regions when - copying memory to/from the kernel (via copy_to_user() and -@@ -167,7 +180,6 @@ config HARDENED_USERCOPY - config HARDENED_USERCOPY_FALLBACK - bool "Allow usercopy whitelist violations to fallback to object size" - depends on HARDENED_USERCOPY -- default y - help - This is a temporary option that allows missing usercopy whitelists - to be discovered via a WARN() to the kernel log, instead of -@@ -192,10 +204,36 @@ config HARDENED_USERCOPY_PAGESPAN - config FORTIFY_SOURCE - bool "Harden common str/mem functions against buffer overflows" - depends on ARCH_HAS_FORTIFY_SOURCE -+ default y - help - Detect overflows of buffers in common string and memory functions - where the compiler can determine and validate the buffer sizes. - -+config FORTIFY_SOURCE_STRICT_STRING -+ bool "Harden common functions against buffer overflows" -+ depends on FORTIFY_SOURCE -+ depends on EXPERT -+ help -+ Perform stricter overflow checks catching overflows within objects -+ for common C string functions rather than only between objects. -+ -+ This is not yet intended for production use, only bug finding. -+ -+config PAGE_SANITIZE -+ bool "Sanitize pages" -+ default y -+ help -+ Zero fill page allocations on free, reducing the lifetime of -+ sensitive data and helping to mitigate use-after-free bugs. -+ -+config PAGE_SANITIZE_VERIFY -+ bool "Verify sanitized pages" -+ depends on PAGE_SANITIZE -+ default y -+ help -+ Verify that newly allocated pages are zeroed to detect -+ write-after-free bugs. -+ - config STATIC_USERMODEHELPER - bool "Force all usermode helper calls through a single binary" - help -diff --git a/security/selinux/Kconfig b/security/selinux/Kconfig -index 8af7a690eb40..6539694b0fd3 100644 ---- a/security/selinux/Kconfig -+++ b/security/selinux/Kconfig -@@ -2,7 +2,7 @@ config SECURITY_SELINUX - bool "NSA SELinux Support" - depends on SECURITY_NETWORK && AUDIT && NET && INET - select NETWORK_SECMARK -- default n -+ default y - help - This selects NSA Security-Enhanced Linux (SELinux). - You will also need a policy configuration and a labeled filesystem. -@@ -79,23 +79,3 @@ config SECURITY_SELINUX_AVC_STATS - This option collects access vector cache statistics to - /selinux/avc/cache_stats, which may be monitored via - tools such as avcstat. -- --config SECURITY_SELINUX_CHECKREQPROT_VALUE -- int "NSA SELinux checkreqprot default value" -- depends on SECURITY_SELINUX -- range 0 1 -- default 0 -- help -- This option sets the default value for the 'checkreqprot' flag -- that determines whether SELinux checks the protection requested -- by the application or the protection that will be applied by the -- kernel (including any implied execute for read-implies-exec) for -- mmap and mprotect calls. If this option is set to 0 (zero), -- SELinux will default to checking the protection that will be applied -- by the kernel. If this option is set to 1 (one), SELinux will -- default to checking the protection requested by the application. -- The checkreqprot flag may be changed from the default via the -- 'checkreqprot=' boot parameter. It may also be changed at runtime -- via /selinux/checkreqprot if authorized by policy. -- -- If you are unsure how to answer this question, answer 0. -diff --git a/security/selinux/include/objsec.h b/security/selinux/include/objsec.h -index 3d54468ce334..ceafb908afde 100644 ---- a/security/selinux/include/objsec.h -+++ b/security/selinux/include/objsec.h -@@ -154,6 +154,6 @@ struct bpf_security_struct { - u32 sid; /*SID of bpf obj creater*/ - }; - --extern unsigned int selinux_checkreqprot; -+extern const unsigned int selinux_checkreqprot; - - #endif /* _SELINUX_OBJSEC_H_ */ -diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c -index 00eed842c491..8f7b8d7e6f91 100644 ---- a/security/selinux/selinuxfs.c -+++ b/security/selinux/selinuxfs.c -@@ -41,16 +41,7 @@ - #include "objsec.h" - #include "conditional.h" - --unsigned int selinux_checkreqprot = CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE; -- --static int __init checkreqprot_setup(char *str) --{ -- unsigned long checkreqprot; -- if (!kstrtoul(str, 0, &checkreqprot)) -- selinux_checkreqprot = checkreqprot ? 1 : 0; -- return 1; --} --__setup("checkreqprot=", checkreqprot_setup); -+const unsigned int selinux_checkreqprot; - - static DEFINE_MUTEX(sel_mutex); - -@@ -610,10 +601,9 @@ static ssize_t sel_write_checkreqprot(struct file *file, const char __user *buf, - return PTR_ERR(page); - - length = -EINVAL; -- if (sscanf(page, "%u", &new_value) != 1) -+ if (sscanf(page, "%u", &new_value) != 1 || new_value) - goto out; - -- selinux_checkreqprot = new_value ? 1 : 0; - length = count; - out: - kfree(page); -diff --git a/security/yama/Kconfig b/security/yama/Kconfig -index 96b27405558a..485c1b85c325 100644 ---- a/security/yama/Kconfig -+++ b/security/yama/Kconfig -@@ -1,7 +1,7 @@ - config SECURITY_YAMA - bool "Yama support" - depends on SECURITY -- default n -+ default y - help - This selects Yama, which extends DAC support with additional - system-wide security settings beyond regular Linux discretionary diff --git a/pkgs/os-specific/linux/kernel/linux-copperhead-lts.nix b/pkgs/os-specific/linux/kernel/linux-copperhead-lts.nix deleted file mode 100644 index 366cfd39e4a..00000000000 --- a/pkgs/os-specific/linux/kernel/linux-copperhead-lts.nix +++ /dev/null @@ -1,30 +0,0 @@ -{ stdenv, buildPackages, fetchFromGitHub, perl, buildLinux, ... } @ args: - -with stdenv.lib; - -let - version = "4.14.44"; - revision = "a"; - sha256 = "1alvhpwy9xzppwsag7qh1lkk3l4piyh2fv27w37il6gclja4dxkf"; - - # modVersion needs to be x.y.z, will automatically add .0 if needed - modVersion = concatStrings (intersperse "." (take 3 (splitString "." "${version}.0"))); - - # branchVersion needs to be x.y - branchVersion = concatStrings (intersperse "." (take 2 (splitString "." version))); - - modDirVersion = "${modVersion}-hardened"; -in -buildLinux (args // { - inherit modDirVersion; - - version = "${version}-${revision}"; - extraMeta.branch = "${branchVersion}"; - - src = fetchFromGitHub { - inherit sha256; - owner = "copperhead"; - repo = "linux-hardened"; - rev = "${version}.${revision}"; - }; -} // (args.argsOverride or {})) diff --git a/pkgs/os-specific/linux/kernel/patches.nix b/pkgs/os-specific/linux/kernel/patches.nix index 143671428c4..d54e0153229 100644 --- a/pkgs/os-specific/linux/kernel/patches.nix +++ b/pkgs/os-specific/linux/kernel/patches.nix @@ -28,16 +28,6 @@ rec { patch = ./tag-hardened.patch; }; - copperhead_4_14 = rec { - name = "copperhead-4.14"; - patch = ./copperhead-4-14.patch; - }; - - copperhead_4_16 = rec { - name = "copperhead-4.16"; - patch = ./copperhead-4-16.patch; - }; - # https://bugzilla.kernel.org/show_bug.cgi?id=197591#c6 iwlwifi_mvm_support_version_7_scan_req_umac_fw_command = rec { name = "iwlwifi_mvm_support_version_7_scan_req_umac_fw_command"; diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index e09e89b0b90..b4ad5304052 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -13924,14 +13924,6 @@ with pkgs; ]; }; - linux_copperhead_lts = (linux_4_14.override { - kernelPatches = linux_4_14.kernelPatches ++ [ - kernelPatches.copperhead_4_14 - kernelPatches.tag_hardened - ]; - modDirVersionArg = linux_4_14.modDirVersion + "-hardened"; - }); - # linux mptcp is based on the 4.4 kernel linux_mptcp = callPackage ../os-specific/linux/kernel/linux-mptcp.nix { kernelPatches = @@ -14273,8 +14265,6 @@ with pkgs; linuxPackages_latest_xen_dom0_hardened = recurseIntoAttrs (hardenedLinuxPackagesFor (pkgs.linux_latest.override { features.xen_dom0=true; })); - linuxPackages_copperhead_lts = recurseIntoAttrs (hardenedLinuxPackagesFor pkgs.linux_copperhead_lts); - # Samus kernels linuxPackages_samus_4_12 = recurseIntoAttrs (linuxPackagesFor pkgs.linux_samus_4_12); linuxPackages_samus_latest = linuxPackages_samus_4_12; From b06ad6199fbcc5e47fdb3db061d537ddf1f65666 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Mon, 3 Sep 2018 17:35:39 +0200 Subject: [PATCH 082/173] nix.perl-bindings: Fix build --- pkgs/tools/package-management/nix/default.nix | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/pkgs/tools/package-management/nix/default.nix b/pkgs/tools/package-management/nix/default.nix index a447fbf2282..edb78d1b63a 100644 --- a/pkgs/tools/package-management/nix/default.nix +++ b/pkgs/tools/package-management/nix/default.nix @@ -152,7 +152,10 @@ in rec { url = "http://nixos.org/releases/nix/${name}/${name}.tar.xz"; sha256 = "0ed68e0c50f13810768fcf510abb2c56d735172c39a325aac7453ccf7ae152fc"; }; - }) // { perl-bindings = perl-bindings { nix = nixStable; }; }; + }) // { perl-bindings = perl-bindings { + nix = nixStable; + needsBoost = true; + }; }; nixUnstable = (lib.lowPrio (common rec { name = "nix-2.1${suffix}"; From 9069908680ec3ceda4a02a98a493fb95eb3db919 Mon Sep 17 00:00:00 2001 From: worldofpeace Date: Sun, 2 Sep 2018 20:01:37 -0400 Subject: [PATCH 083/173] amule: fix build --- pkgs/tools/networking/p2p/amule/default.nix | 3 + pkgs/tools/networking/p2p/amule/gcc47.patch | 21 -- .../tools/networking/p2p/amule/upnp-1.8.patch | 230 ++++++++++++++++++ 3 files changed, 233 insertions(+), 21 deletions(-) delete mode 100644 pkgs/tools/networking/p2p/amule/gcc47.patch create mode 100644 pkgs/tools/networking/p2p/amule/upnp-1.8.patch diff --git a/pkgs/tools/networking/p2p/amule/default.nix b/pkgs/tools/networking/p2p/amule/default.nix index a74242ba5e1..b9a4360abfb 100644 --- a/pkgs/tools/networking/p2p/amule/default.nix +++ b/pkgs/tools/networking/p2p/amule/default.nix @@ -22,6 +22,9 @@ mkDerivation rec { ++ lib.optional httpServer libpng ++ lib.optional client libX11; + # See: https://github.com/amule-project/amule/issues/126 + patches = [ ./upnp-1.8.patch ]; + enableParallelBuilding = true; configureFlags = [ diff --git a/pkgs/tools/networking/p2p/amule/gcc47.patch b/pkgs/tools/networking/p2p/amule/gcc47.patch deleted file mode 100644 index e776dda3240..00000000000 --- a/pkgs/tools/networking/p2p/amule/gcc47.patch +++ /dev/null @@ -1,21 +0,0 @@ -# http://code.google.com/p/amule/source/detail?r=10772 -diff -ur aMule-2.3.1.orig//src/ObservableQueue.h aMule-2.3.1/src/ObservableQueue.h ---- aMule-2.3.1.orig//src/ObservableQueue.h 2012-04-22 19:40:05.560084120 +0200 -+++ aMule-2.3.1/src/ObservableQueue.h 2012-04-22 19:40:32.479085322 +0200 -@@ -331,14 +331,14 @@ - template - void CObservableQueue::ObserverAdded( ObserverType* o ) - { -- NotifyObservers( EventType( EventType::STARTING ), o ); -+ this->NotifyObservers( EventType( EventType::STARTING ), o ); - } - - - template - void CObservableQueue::ObserverRemoved( ObserverType* o ) - { -- NotifyObservers( EventType( EventType::STOPPING ), o ); -+ this->NotifyObservers( EventType( EventType::STOPPING ), o ); - } - - \ No newline at end of file diff --git a/pkgs/tools/networking/p2p/amule/upnp-1.8.patch b/pkgs/tools/networking/p2p/amule/upnp-1.8.patch new file mode 100644 index 00000000000..3f5502582a2 --- /dev/null +++ b/pkgs/tools/networking/p2p/amule/upnp-1.8.patch @@ -0,0 +1,230 @@ +--- a/src/UPnPBase.cpp ++++ b/src/UPnPBase.cpp +@@ -29,22 +29,12 @@ + + #ifdef ENABLE_UPNP + +-// check for broken Debian-hacked libUPnP + #include +-#ifdef STRING_H // defined in UpnpString.h Yes, I would have liked UPNPSTRING_H much better. +-#define BROKEN_DEBIAN_LIBUPNP +-#endif + + #include "UPnPBase.h" + + #include // For transform() + +-#ifdef BROKEN_DEBIAN_LIBUPNP +- #define GET_UPNP_STRING(a) UpnpString_get_String(a) +-#else +- #define GET_UPNP_STRING(a) (a) +-#endif +- + std::string stdEmptyString; + + const char s_argument[] = "argument"; +@@ -1127,7 +1117,7 @@ + + + // This function is static +-int CUPnPControlPoint::Callback(Upnp_EventType EventType, void *Event, void * /*Cookie*/) ++int CUPnPControlPoint::Callback(Upnp_EventType EventType, const void *Event, void * /*Cookie*/) + { + std::ostringstream msg; + std::ostringstream msg2; +@@ -1149,24 +1139,24 @@ + msg2<< "UPNP_DISCOVERY_SEARCH_RESULT: "; + // UPnP Discovery + upnpDiscovery: +- struct Upnp_Discovery *d_event = (struct Upnp_Discovery *)Event; ++ UpnpDiscovery *d_event = (UpnpDiscovery *)Event; + IXML_Document *doc = NULL; + int ret; +- if (d_event->ErrCode != UPNP_E_SUCCESS) { +- msg << UpnpGetErrorMessage(d_event->ErrCode) << "."; ++ if (UpnpDiscovery_get_ErrCode(d_event) != UPNP_E_SUCCESS) { ++ msg << UpnpGetErrorMessage(UpnpDiscovery_get_ErrCode(d_event)) << "."; + AddDebugLogLineC(logUPnP, msg); + } + // Get the XML tree device description in doc +- ret = UpnpDownloadXmlDoc(d_event->Location, &doc); ++ ret = UpnpDownloadXmlDoc(UpnpDiscovery_get_Location_cstr(d_event), &doc); + if (ret != UPNP_E_SUCCESS) { + msg << "Error retrieving device description from " << +- d_event->Location << ": " << ++ UpnpDiscovery_get_Location_cstr(d_event) << ": " << + UpnpGetErrorMessage(ret) << + "(" << ret << ")."; + AddDebugLogLineC(logUPnP, msg); + } else { + msg2 << "Retrieving device description from " << +- d_event->Location << "."; ++ UpnpDiscovery_get_Location_cstr(d_event) << "."; + AddDebugLogLineN(logUPnP, msg2); + } + if (doc) { +@@ -1195,7 +1185,7 @@ + } + // Add the root device to our list + upnpCP->AddRootDevice(rootDevice, urlBase, +- d_event->Location, d_event->Expires); ++ UpnpDiscovery_get_Location_cstr(d_event), UpnpDiscovery_get_Expires(d_event)); + } + // Free the XML doc tree + IXML::Document::Free(doc); +@@ -1216,28 +1206,28 @@ + case UPNP_DISCOVERY_ADVERTISEMENT_BYEBYE: { + //fprintf(stderr, "Callback: UPNP_DISCOVERY_ADVERTISEMENT_BYEBYE\n"); + // UPnP Device Removed +- struct Upnp_Discovery *dab_event = (struct Upnp_Discovery *)Event; +- if (dab_event->ErrCode != UPNP_E_SUCCESS) { ++ UpnpDiscovery *dab_event = (UpnpDiscovery *)Event; ++ if (UpnpDiscovery_get_ErrCode(dab_event) != UPNP_E_SUCCESS) { + msg << "error(UPNP_DISCOVERY_ADVERTISEMENT_BYEBYE): " << +- UpnpGetErrorMessage(dab_event->ErrCode) << ++ UpnpGetErrorMessage(UpnpDiscovery_get_ErrCode(dab_event)) << + "."; + AddDebugLogLineC(logUPnP, msg); + } +- std::string devType = dab_event->DeviceType; ++ std::string devType = UpnpDiscovery_get_DeviceType_cstr(dab_event); + // Check for an InternetGatewayDevice and removes it from the list + std::transform(devType.begin(), devType.end(), devType.begin(), tolower); + if (stdStringIsEqualCI(devType, UPnP::Device::IGW)) { +- upnpCP->RemoveRootDevice(dab_event->DeviceId); ++ upnpCP->RemoveRootDevice(UpnpDiscovery_get_DeviceID_cstr(dab_event)); + } + break; + } + case UPNP_EVENT_RECEIVED: { + //fprintf(stderr, "Callback: UPNP_EVENT_RECEIVED\n"); + // Event reveived +- struct Upnp_Event *e_event = (struct Upnp_Event *)Event; +- const std::string Sid = e_event->Sid; ++ UpnpEvent *e_event = (UpnpEvent *)Event; ++ const std::string Sid = UpnpEvent_get_SID_cstr(e_event); + // Parses the event +- upnpCP->OnEventReceived(Sid, e_event->EventKey, e_event->ChangedVariables); ++ upnpCP->OnEventReceived(Sid, UpnpEvent_get_EventKey(e_event), UpnpEvent_get_ChangedVariables(e_event)); + break; + } + case UPNP_EVENT_SUBSCRIBE_COMPLETE: +@@ -1252,16 +1242,15 @@ + //fprintf(stderr, "Callback: UPNP_EVENT_RENEWAL_COMPLETE\n"); + msg << "error(UPNP_EVENT_RENEWAL_COMPLETE): "; + upnpEventRenewalComplete: +- struct Upnp_Event_Subscribe *es_event = +- (struct Upnp_Event_Subscribe *)Event; +- if (es_event->ErrCode != UPNP_E_SUCCESS) { ++ UpnpEventSubscribe *es_event = (UpnpEventSubscribe *)Event; ++ if (UpnpEventSubscribe_get_ErrCode(es_event) != UPNP_E_SUCCESS) { + msg << "Error in Event Subscribe Callback"; + UPnP::ProcessErrorMessage( +- msg.str(), es_event->ErrCode, NULL, NULL); ++ msg.str(), UpnpEventSubscribe_get_ErrCode(es_event), NULL, NULL); + } else { + #if 0 + TvCtrlPointHandleSubscribeUpdate( +- GET_UPNP_STRING(es_event->PublisherUrl), ++ UpnpEventSubscribe_get_PublisherUrl_cstr(es_event), + es_event->Sid, + es_event->TimeOut ); + #endif +@@ -1280,29 +1269,29 @@ + msg << "error(UPNP_EVENT_SUBSCRIPTION_EXPIRED): "; + msg2 << "UPNP_EVENT_SUBSCRIPTION_EXPIRED: "; + upnpEventSubscriptionExpired: +- struct Upnp_Event_Subscribe *es_event = +- (struct Upnp_Event_Subscribe *)Event; ++ UpnpEventSubscribe *es_event = (UpnpEventSubscribe *)Event; + Upnp_SID newSID; + memset(newSID, 0, sizeof(Upnp_SID)); + int TimeOut = 1801; + int ret = UpnpSubscribe( + upnpCP->m_UPnPClientHandle, +- GET_UPNP_STRING(es_event->PublisherUrl), ++ ++ UpnpEventSubscribe_get_PublisherUrl_cstr(es_event), + &TimeOut, + newSID); + if (ret != UPNP_E_SUCCESS) { + msg << "Error Subscribing to EventURL"; + UPnP::ProcessErrorMessage( +- msg.str(), es_event->ErrCode, NULL, NULL); ++ msg.str(), UpnpEventSubscribe_get_ErrCode(es_event), NULL, NULL); + } else { + ServiceMap::iterator it = +- upnpCP->m_ServiceMap.find(GET_UPNP_STRING(es_event->PublisherUrl)); ++ upnpCP->m_ServiceMap.find(UpnpEventSubscribe_get_PublisherUrl_cstr(es_event)); + if (it != upnpCP->m_ServiceMap.end()) { + CUPnPService &service = *(it->second); + service.SetTimeout(TimeOut); + service.SetSID(newSID); + msg2 << "Re-subscribed to EventURL '" << +- GET_UPNP_STRING(es_event->PublisherUrl) << ++ UpnpEventSubscribe_get_PublisherUrl_cstr(es_event) << + "' with SID == '" << + newSID << "'."; + AddDebugLogLineC(logUPnP, msg2); +@@ -1321,17 +1310,16 @@ + case UPNP_CONTROL_ACTION_COMPLETE: { + //fprintf(stderr, "Callback: UPNP_CONTROL_ACTION_COMPLETE\n"); + // This is here if we choose to do this asynchronously +- struct Upnp_Action_Complete *a_event = +- (struct Upnp_Action_Complete *)Event; +- if (a_event->ErrCode != UPNP_E_SUCCESS) { ++ UpnpActionComplete *a_event = (UpnpActionComplete *)Event; ++ if (UpnpActionComplete_get_ErrCode(a_event) != UPNP_E_SUCCESS) { + UPnP::ProcessErrorMessage( + "UpnpSendActionAsync", +- a_event->ErrCode, NULL, +- a_event->ActionResult); ++ UpnpActionComplete_get_ErrCode(a_event), NULL, ++ UpnpActionComplete_get_ActionResult(a_event)); + } else { + // Check the response document + UPnP::ProcessActionResponse( +- a_event->ActionResult, ++ UpnpActionComplete_get_ActionResult(a_event), + ""); + } + /* No need for any processing here, just print out results. +@@ -1342,12 +1330,11 @@ + case UPNP_CONTROL_GET_VAR_COMPLETE: { + //fprintf(stderr, "Callback: UPNP_CONTROL_GET_VAR_COMPLETE\n"); + msg << "error(UPNP_CONTROL_GET_VAR_COMPLETE): "; +- struct Upnp_State_Var_Complete *sv_event = +- (struct Upnp_State_Var_Complete *)Event; +- if (sv_event->ErrCode != UPNP_E_SUCCESS) { ++ UpnpStateVarComplete *sv_event = (UpnpStateVarComplete *)Event; ++ if (UpnpStateVarComplete_get_ErrCode(sv_event) != UPNP_E_SUCCESS) { + msg << "m_UpnpGetServiceVarStatusAsync"; + UPnP::ProcessErrorMessage( +- msg.str(), sv_event->ErrCode, NULL, NULL); ++ msg.str(), UpnpStateVarComplete_get_ErrCode(sv_event), NULL, NULL); + } else { + #if 0 + // Warning: The use of UpnpGetServiceVarStatus and +--- a/src/UPnPBase.h ++++ b/src/UPnPBase.h +@@ -490,9 +490,19 @@ + // Callback function + static int Callback( + Upnp_EventType EventType, +- void* Event, ++ const void* Event, + void* Cookie); + ++#if UPNP_VERSION < 10800 ++ /* in libupnp 1.6 Event is not const */ ++ static int Callback( ++ Upnp_EventType EventType, ++ void* Event, ++ void* Cookie) { ++ return Callback(EventType, (const void *)Event, Cookie); ++ } ++#endif ++ + private: + void OnEventReceived( + const std::string &Sid, \ No newline at end of file From acfa8cb2a98f96d96c46b52c7563f0be3bf4e700 Mon Sep 17 00:00:00 2001 From: John Wiegley Date: Mon, 3 Sep 2018 10:15:47 -0700 Subject: [PATCH 084/173] ledger: Enable building of tests, and concurrent make --- pkgs/applications/office/ledger/default.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/pkgs/applications/office/ledger/default.nix b/pkgs/applications/office/ledger/default.nix index 387a71aa04e..10b971463e3 100644 --- a/pkgs/applications/office/ledger/default.nix +++ b/pkgs/applications/office/ledger/default.nix @@ -24,6 +24,11 @@ stdenv.mkDerivation rec { cmakeFlags = [ "-DCMAKE_INSTALL_LIBDIR=lib" (stdenv.lib.optionalString usePython "-DUSE_PYTHON=true") ]; + buildPhase = "make -j$NIX_BUILD_CORES"; + checkPhase = "ctest -j$NIX_BUILD_CORES"; + + doCheck = true; + # Skip byte-compiling of emacs-lisp files because this is currently # broken in ledger... postInstall = '' From 9d1bd7c8806366b299d32e40cf8545b07da901bd Mon Sep 17 00:00:00 2001 From: John Wiegley Date: Mon, 3 Sep 2018 10:18:13 -0700 Subject: [PATCH 085/173] Revert "ledger: Enable building of tests, and concurrent make" This reverts commit acfa8cb2a98f96d96c46b52c7563f0be3bf4e700. This fails because none of the tests seems to be working for the version that's in nixpkgs master. --- pkgs/applications/office/ledger/default.nix | 5 ----- 1 file changed, 5 deletions(-) diff --git a/pkgs/applications/office/ledger/default.nix b/pkgs/applications/office/ledger/default.nix index 10b971463e3..387a71aa04e 100644 --- a/pkgs/applications/office/ledger/default.nix +++ b/pkgs/applications/office/ledger/default.nix @@ -24,11 +24,6 @@ stdenv.mkDerivation rec { cmakeFlags = [ "-DCMAKE_INSTALL_LIBDIR=lib" (stdenv.lib.optionalString usePython "-DUSE_PYTHON=true") ]; - buildPhase = "make -j$NIX_BUILD_CORES"; - checkPhase = "ctest -j$NIX_BUILD_CORES"; - - doCheck = true; - # Skip byte-compiling of emacs-lisp files because this is currently # broken in ledger... postInstall = '' From fcccb9e5ca1102d470e5a9463b1dd63dd6ee6e61 Mon Sep 17 00:00:00 2001 From: Elis Hirwing Date: Mon, 3 Sep 2018 20:29:39 +0200 Subject: [PATCH 086/173] gitea: 1.5.0 -> 1.5.1 (#45968) Changelog: https://github.com/go-gitea/gitea/releases/tag/v1.5.1 --- pkgs/applications/version-management/gitea/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/applications/version-management/gitea/default.nix b/pkgs/applications/version-management/gitea/default.nix index 592b348d03f..c6eb563155f 100644 --- a/pkgs/applications/version-management/gitea/default.nix +++ b/pkgs/applications/version-management/gitea/default.nix @@ -7,13 +7,13 @@ with stdenv.lib; buildGoPackage rec { name = "gitea-${version}"; - version = "1.5.0"; + version = "1.5.1"; src = fetchFromGitHub { owner = "go-gitea"; repo = "gitea"; rev = "v${version}"; - sha256 = "0gp777x8yjbqvz9i79qv3bn3hrlp1bn7ib57r7w5a7jmr9rd0nca"; + sha256 = "06h6v9py35mm0xk9l8xrq02vvr5vzl15gfbw9qqvpn8kiamkn53r"; }; patches = [ ./static-root-path.patch ]; From f46d23996c5fc2172051a81baca1704259ed7edc Mon Sep 17 00:00:00 2001 From: Dmitry Kalinkin Date: Mon, 3 Sep 2018 14:51:28 -0400 Subject: [PATCH 087/173] Revert "arrow-cpp: 0.9.0 -> 0.10.0" (#45990) Hold off the upgrade until parquet 1.5.0 is released. This reverts commit 72d630779d69b0aff30f47bc8423e10d1dba50b9. --- pkgs/development/libraries/arrow-cpp/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/libraries/arrow-cpp/default.nix b/pkgs/development/libraries/arrow-cpp/default.nix index 8e89aeb21a2..952f7435c06 100644 --- a/pkgs/development/libraries/arrow-cpp/default.nix +++ b/pkgs/development/libraries/arrow-cpp/default.nix @@ -2,11 +2,11 @@ stdenv.mkDerivation rec { name = "arrow-cpp-${version}"; - version = "0.10.0"; + version = "0.9.0"; src = fetchurl { url = "mirror://apache/arrow/arrow-${version}/apache-arrow-${version}.tar.gz"; - sha256 = "0bc4krapz1kzdm16npzmgdz7zvg9lip6rnqbwph8vfn7zji0fcll"; + sha256 = "16l91fixb5dgx3v6xc73ipn1w1hjgbmijyvs81j7ywzpna2cdcdy"; }; sourceRoot = "apache-arrow-${version}/cpp"; From 66385a66dc4ad9a4d6fe7288d5072f509f6be3af Mon Sep 17 00:00:00 2001 From: worldofpeace Date: Sun, 2 Sep 2018 20:07:12 -0400 Subject: [PATCH 088/173] imgcat: fix build --- pkgs/applications/graphics/imgcat/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/applications/graphics/imgcat/default.nix b/pkgs/applications/graphics/imgcat/default.nix index ad2cb4198d2..a98029dd580 100644 --- a/pkgs/applications/graphics/imgcat/default.nix +++ b/pkgs/applications/graphics/imgcat/default.nix @@ -4,7 +4,7 @@ stdenv.mkDerivation rec { name = "imgcat-${version}"; version = "2.3.0"; - buildTools = [ autoconf automake libtool ncurses ]; + buildInputs = [ autoconf automake libtool ncurses ]; preConfigure = '' ${autoconf}/bin/autoconf From a3db67282d88072918a93f9e9ee6e490123040f4 Mon Sep 17 00:00:00 2001 From: worldofpeace Date: Sun, 2 Sep 2018 23:51:12 -0400 Subject: [PATCH 089/173] photoflow: 2018-03-06 -> 2018-08-28 --- pkgs/applications/graphics/photoflow/default.nix | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/pkgs/applications/graphics/photoflow/default.nix b/pkgs/applications/graphics/photoflow/default.nix index ffef558e84d..2d42ea3f18f 100644 --- a/pkgs/applications/graphics/photoflow/default.nix +++ b/pkgs/applications/graphics/photoflow/default.nix @@ -1,13 +1,13 @@ { stdenv, fetchFromGitHub, gettext, glib, libxml2, pkgconfig, swig, automake, gobjectIntrospection, cmake, ninja, libtiff, libjpeg, fftw, exiv2, lensfun, gtkmm2, libraw, lcms2, libexif, vips, expat, pcre, pugixml }: stdenv.mkDerivation { - name = "photoflow-unstable-2018-03-06"; + name = "photoflow-unstable-2018-08-28"; src = fetchFromGitHub { owner = "aferrero2707"; repo = "PhotoFlow"; - rev = "f9bbea183fa02412d1d17075955d2284eeaf8174"; - sha256 = "1fsk7kdmlkd64wcswbxrl87aqwmzqak6p3s38ggxzx2h51fa7lmf"; + rev = "df03f2538ddd232e693c307db4ab63eb5bdfea38"; + sha256 = "08ybhv08h24y4li8wb4m89xgrz1szlwpksf6vjharp8cznn4y4x9"; }; nativeBuildInputs = [ @@ -50,6 +50,6 @@ stdenv.mkDerivation { homepage = https://aferrero2707.github.io/PhotoFlow/; license = licenses.gpl3Plus; maintainers = [ maintainers.MtP ]; - platforms = platforms.all; + platforms = platforms.linux; }; } From 3149f84a924263416fdbef09d84c9f8df76bb516 Mon Sep 17 00:00:00 2001 From: worldofpeace Date: Mon, 3 Sep 2018 00:18:38 -0400 Subject: [PATCH 090/173] sayonara: 1.0.0-git5-20180115 -> 1.1.1-git1-20180828 --- pkgs/applications/audio/sayonara/default.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/applications/audio/sayonara/default.nix b/pkgs/applications/audio/sayonara/default.nix index 1bf1a8b2c49..fbe90c5377d 100644 --- a/pkgs/applications/audio/sayonara/default.nix +++ b/pkgs/applications/audio/sayonara/default.nix @@ -1,14 +1,14 @@ { stdenv, fetchurl, cmake, qt5, zlib, taglib, pkgconfig, pcre, gst_all_1 }: let - version = "1.0.0-git5-20180115"; + version = "1.1.1-git1-20180828"; in stdenv.mkDerivation { name = "sayonara-player-${version}"; src = fetchurl { url = "https://sayonara-player.com/sw/sayonara-player-${version}.tar.gz"; - sha256 = "1fl7zplnrrvbv1xm4g348bpd46jj39jvbm808hyjjq92i64wqg37"; + sha256 = "0rvy47qvavrp03zjdrw025dmq9fq5aaii3q1qq8b94byarl0c5kn"; }; nativeBuildInputs = [ cmake pkgconfig ]; @@ -39,7 +39,7 @@ stdenv.mkDerivation { { description = "Sayonara music player"; homepage = https://sayonara-player.com/; license = licenses.gpl3; - platforms = qt5.qtbase.meta.platforms; + platforms = platforms.linux; maintainers = [ maintainers.deepfire ]; }; } From ac52817bd90881acf2d27ffca834c78b27551601 Mon Sep 17 00:00:00 2001 From: volth Date: Mon, 3 Sep 2018 19:08:20 +0000 Subject: [PATCH 091/173] libguestfs-appliance: do not build on Hydra --- pkgs/development/libraries/libguestfs/appliance.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/pkgs/development/libraries/libguestfs/appliance.nix b/pkgs/development/libraries/libguestfs/appliance.nix index d47b0902818..9c2b317ab08 100644 --- a/pkgs/development/libraries/libguestfs/appliance.nix +++ b/pkgs/development/libraries/libguestfs/appliance.nix @@ -4,4 +4,8 @@ fetchzip { name = "libguestfs-appliance-1.38.0"; url = "http://libguestfs.org/download/binaries/appliance/appliance-1.38.0.tar.xz"; sha256 = "15rxwj5qjflizxk7slpbrj9lcwkd2lgm52f5yv101qba4yyn3g76"; + + meta = { + hydraPlatforms = []; # Hydra fails with "Output limit exceeded" + }; } From 507dfccdf811f391b6195081007b0d10cf9e9d7d Mon Sep 17 00:00:00 2001 From: worldofpeace Date: Mon, 3 Sep 2018 15:31:12 -0400 Subject: [PATCH 092/173] photoflow: mark broken for aarch64 --- pkgs/applications/graphics/photoflow/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/pkgs/applications/graphics/photoflow/default.nix b/pkgs/applications/graphics/photoflow/default.nix index 2d42ea3f18f..6f3bf69889c 100644 --- a/pkgs/applications/graphics/photoflow/default.nix +++ b/pkgs/applications/graphics/photoflow/default.nix @@ -51,5 +51,6 @@ stdenv.mkDerivation { license = licenses.gpl3Plus; maintainers = [ maintainers.MtP ]; platforms = platforms.linux; + broken = stdenv.isAarch64; }; } From 395d9077b2dfdd6e44cd0fa27101d3f3183d7361 Mon Sep 17 00:00:00 2001 From: Michele Guerini Rocco Date: Mon, 3 Sep 2018 21:37:01 +0200 Subject: [PATCH 093/173] ddcutil: 0.9.1 -> 0.9.2 (#45977) --- pkgs/tools/misc/ddcutil/default.nix | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/pkgs/tools/misc/ddcutil/default.nix b/pkgs/tools/misc/ddcutil/default.nix index 35c18954bf3..ec2a2e4b7dd 100644 --- a/pkgs/tools/misc/ddcutil/default.nix +++ b/pkgs/tools/misc/ddcutil/default.nix @@ -3,13 +3,13 @@ stdenv.mkDerivation rec { name = "ddcutil-${version}"; - version = "0.9.1"; + version = "0.9.2"; src = fetchFromGitHub { owner = "rockowitz"; repo = "ddcutil"; rev = "v${version}"; - sha256 = "0chs5bfw4yjnr7brhxxqydybcxdkjv4gnik2s0cvjzcj3bqnz73b"; + sha256 = "0mpd3j570yyfm9ki5in9i92nzg25ahmdfp2f7yby7xnqiy53zd8w"; }; nativeBuildInputs = [ autoreconfHook pkgconfig ]; @@ -22,6 +22,7 @@ stdenv.mkDerivation rec { homepage = http://www.ddcutil.com/; description = "Query and change Linux monitor settings using DDC/CI and USB"; license = licenses.gpl2; + platforms = platforms.linux; maintainers = with maintainers; [ rnhmjoj ]; }; } From 059c0ac6eb814fba9677c7a2393bd8d870950230 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Romildo=20Malaquias?= Date: Mon, 3 Sep 2018 16:37:54 -0300 Subject: [PATCH 094/173] qt5dxcb-plugin: init at 1.1.11 (#45966) --- pkgs/desktops/deepin/default.nix | 1 + .../deepin/qt5dxcb-plugin/default.nix | 40 +++++++++++++++++++ 2 files changed, 41 insertions(+) create mode 100644 pkgs/desktops/deepin/qt5dxcb-plugin/default.nix diff --git a/pkgs/desktops/deepin/default.nix b/pkgs/desktops/deepin/default.nix index 0162f85c37f..3343d836f61 100644 --- a/pkgs/desktops/deepin/default.nix +++ b/pkgs/desktops/deepin/default.nix @@ -13,6 +13,7 @@ let }; dtkcore = callPackage ./dtkcore { }; dtkwidget = callPackage ./dtkwidget { }; + qt5dxcb-plugin = callPackage ./qt5dxcb-plugin { }; }; diff --git a/pkgs/desktops/deepin/qt5dxcb-plugin/default.nix b/pkgs/desktops/deepin/qt5dxcb-plugin/default.nix new file mode 100644 index 00000000000..3754de3ea98 --- /dev/null +++ b/pkgs/desktops/deepin/qt5dxcb-plugin/default.nix @@ -0,0 +1,40 @@ +{ stdenv, fetchFromGitHub, pkgconfig, qmake, qtx11extras, libSM, mtdev, cairo }: + +stdenv.mkDerivation rec { + name = "${pname}-${version}"; + pname = "qt5dxcb-plugin"; + version = "1.1.11"; + + src = fetchFromGitHub { + owner = "linuxdeepin"; + repo = pname; + rev = version; + sha256 = "157p2cqs9fvd4n4fmxj6mh4cxlc35bkl4rnf832wk2gvjnxdfrfy"; + }; + + nativeBuildInputs = [ + pkgconfig + qmake + ]; + + buildInputs = [ + qtx11extras + libSM + mtdev + cairo + ]; + + preConfigure = '' + qmakeFlags="$qmakeFlags INSTALL_PATH=$out/$qtPluginPrefix/platforms" + ''; + + enableParallelBuilding = true; + + meta = with stdenv.lib; { + description = "Qt platform theme integration plugin for DDE"; + homepage = https://github.com/linuxdeepin/qt5dxcb-plugin; + license = licenses.gpl3; + platforms = platforms.linux; + maintainers = with maintainers; [ romildo ]; + }; +} From 882f6c96d2121e2762ddcae7080c5a07f33fab95 Mon Sep 17 00:00:00 2001 From: Urban Skudnik Date: Mon, 3 Sep 2018 20:57:32 +0200 Subject: [PATCH 095/173] backblaze-b2: Fix autocompletion support backblaze v1.3.6 incorporates[1] a fix[2] for autocompletion that replaced `have` function with `_have`. The postInstall hook therefore needs to be updated to replace `_have`. [1] https://github.com/Backblaze/B2_Command_Line_Tool#136-august-21-2018 [2] https://github.com/Backblaze/B2_Command_Line_Tool/pull/497 --- pkgs/development/tools/backblaze-b2/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/development/tools/backblaze-b2/default.nix b/pkgs/development/tools/backblaze-b2/default.nix index 6b133d959cc..79041b05557 100644 --- a/pkgs/development/tools/backblaze-b2/default.nix +++ b/pkgs/development/tools/backblaze-b2/default.nix @@ -33,7 +33,7 @@ buildPythonApplication rec { postInstall = '' mv "$out/bin/b2" "$out/bin/backblaze-b2" - sed 's/^have b2 \&\&$/_have backblaze-b2 \&\&/' -i contrib/bash_completion/b2 + sed 's/^_have b2 \&\&$/_have backblaze-b2 \&\&/' -i contrib/bash_completion/b2 sed 's/^\(complete -F _b2\) b2/\1 backblaze-b2/' -i contrib/bash_completion/b2 mkdir -p "$out/etc/bash_completion.d" From fe7e89ba3b57b6d3a75fd0b7d08f13ba98f79700 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Dani=C3=ABl=20de=20Kok?= Date: Mon, 3 Sep 2018 21:48:13 +0200 Subject: [PATCH 096/173] vowpal-wabbit: fix Darwin build. - Follow the same logic for finding boost-python as for Linux. - Set DYLD_LIBRARY_PATH so that ctypes find_library can find boost-python. - Do not use '-mt' suffix when linking against boost-serialization and boost-program_options on Darwin. --- .../python-modules/vowpalwabbit/default.nix | 9 ++++-- .../vowpal-wabbit-find-boost.diff | 28 +++++++++++++++---- 2 files changed, 30 insertions(+), 7 deletions(-) diff --git a/pkgs/development/python-modules/vowpalwabbit/default.nix b/pkgs/development/python-modules/vowpalwabbit/default.nix index 6ee6e42e97d..6530ce28a9e 100644 --- a/pkgs/development/python-modules/vowpalwabbit/default.nix +++ b/pkgs/development/python-modules/vowpalwabbit/default.nix @@ -1,5 +1,5 @@ -{ lib, buildPythonPackage, fetchPypi, python, boost, zlib, clang, ncurses -, pytest, docutils, pygments, numpy, scipy, scikitlearn }: +{ stdenv, lib, buildPythonPackage, fetchPypi, python, boost, zlib, clang +, ncurses, pytest, docutils, pygments, numpy, scipy, scikitlearn }: buildPythonPackage rec { pname = "vowpalwabbit"; @@ -25,6 +25,11 @@ buildPythonPackage rec { buildInputs = [ python.pkgs.boost zlib.dev clang ncurses pytest docutils pygments ]; propagatedBuildInputs = [ numpy scipy scikitlearn ]; + # Python ctypes.find_library uses DYLD_LIBRARY_PATH. + preConfigure = lib.optionalString stdenv.isDarwin '' + export DYLD_LIBRARY_PATH="${python.pkgs.boost}/lib" + ''; + checkPhase = '' # check-manifest requires a git clone, not a tarball # check-manifest --ignore "Makefile,PACKAGE.rst,*.cc,tox.ini,tests*,examples*,src*" diff --git a/pkgs/development/python-modules/vowpalwabbit/vowpal-wabbit-find-boost.diff b/pkgs/development/python-modules/vowpalwabbit/vowpal-wabbit-find-boost.diff index 0e7b13c0103..645956594bf 100644 --- a/pkgs/development/python-modules/vowpalwabbit/vowpal-wabbit-find-boost.diff +++ b/pkgs/development/python-modules/vowpalwabbit/vowpal-wabbit-find-boost.diff @@ -1,8 +1,11 @@ ---- vowpalwabbit-8.5.0.orig/setup.py 2018-09-03 14:27:22.833621339 +0200 -+++ vowpalwabbit-8.5.0/setup.py 2018-09-03 14:37:18.076127914 +0200 -@@ -25,12 +25,7 @@ +--- vowpalwabbit-8.5.0.orig/setup.py 2018-09-03 20:32:39.000000000 +0200 ++++ vowpalwabbit-8.5.0/setup.py 2018-09-03 20:34:09.000000000 +0200 +@@ -23,18 +23,11 @@ + + def find_boost(): """Find correct boost-python library information """ - if system == 'Linux': +- if system == 'Linux': ++ if system == 'Linux' or system == 'Darwin': # use version suffix if present - boost_lib = 'boost_python-py{v[0]}{v[1]}'.format(v=sys.version_info) - if sys.version_info.major == 3: @@ -13,4 +16,19 @@ + boost_lib = 'boost_python{v[0]}{v[1]}'.format(v=sys.version_info) if not find_library(boost_lib): boost_lib = "boost_python" - elif system == 'Darwin': +- elif system == 'Darwin': +- boost_lib = 'boost_python-mt' if sys.version_info[0] == 2 else 'boost_python3-mt' + elif system == 'Cygwin': + boost_lib = 'boost_python-mt' if sys.version_info[0] == 2 else 'boost_python3-mt' + else: +--- vowpalwabbit-8.5.0.orig/src/Makefile 2018-09-03 20:32:40.000000000 +0200 ++++ vowpalwabbit-8.5.0/src/Makefile 2018-09-03 21:42:30.000000000 +0200 +@@ -37,7 +37,7 @@ + NPROCS:=$(shell grep -c ^processor /proc/cpuinfo) + endif + ifeq ($(UNAME), Darwin) +- LIBS = -lboost_program_options-mt -lboost_serialization-mt -l pthread -l z ++ LIBS = -lboost_program_options -lboost_serialization -l pthread -l z + # On Macs, the location isn't always clear + # brew uses /usr/local + # but /opt/local seems to be preferred by some users From 9889c0f2417fe38016ccf8cf126e5b2a9f561f91 Mon Sep 17 00:00:00 2001 From: Uli Baum Date: Mon, 3 Sep 2018 21:52:56 +0200 Subject: [PATCH 097/173] Revert "[cpan2nix] perlPackages.GetoptLongDescriptive: 0.102 -> 0.103" It broke perlPackages.MouseXGetOpt This reverts commit ad47c381bda2d38cddb96e15efd4ea5b4836f542. --- pkgs/top-level/perl-packages.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/top-level/perl-packages.nix b/pkgs/top-level/perl-packages.nix index aea2e458d21..046f4a4eaba 100644 --- a/pkgs/top-level/perl-packages.nix +++ b/pkgs/top-level/perl-packages.nix @@ -6465,10 +6465,10 @@ let }; GetoptLongDescriptive = buildPerlPackage rec { - name = "Getopt-Long-Descriptive-0.103"; + name = "Getopt-Long-Descriptive-0.102"; src = fetchurl { url = "mirror://cpan/authors/id/R/RJ/RJBS/${name}.tar.gz"; - sha256 = "70e1bae7404a9dfb638b5d12e5bd4ea97e3bee743a4555909307d68e0111f4b2"; + sha256 = "9ad4b98f294aa0515cc3150a1ae878d39e470762b78d8bd9df055eba9dea2846"; }; buildInputs = [ CPANMetaCheck TestFatal TestWarnings ]; propagatedBuildInputs = [ ParamsValidate SubExporter ]; From e33be2ab56c4398e335cd910ce43a7ae377be547 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Dani=C3=ABl=20de=20Kok?= Date: Mon, 3 Sep 2018 21:59:36 +0200 Subject: [PATCH 098/173] Keras: fix build by updating expected dependencies. (#45992) Keras expects keras_preprocessing 1.0.2 and 1.0.4. 1.0.3 and 1.0.5 are respectively in nixpkgs. ZHF #45960 --- pkgs/development/python-modules/keras/default.nix | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/pkgs/development/python-modules/keras/default.nix b/pkgs/development/python-modules/keras/default.nix index ea699c9c04a..43f3bd935d2 100644 --- a/pkgs/development/python-modules/keras/default.nix +++ b/pkgs/development/python-modules/keras/default.nix @@ -25,6 +25,14 @@ buildPythonPackage rec { keras-applications keras-preprocessing ]; + # Keras 2.2.2 expects older versions of keras_applications + # and keras_preprocessing. These substitutions can be removed + # for for the next Keras release. + postPatch = '' + substituteInPlace setup.py --replace "keras_applications==1.0.4" "keras_applications==1.0.5" + substituteInPlace setup.py --replace "keras_preprocessing==1.0.2" "keras_preprocessing==1.0.3" + ''; + # Couldn't get tests working doCheck = false; From c36bfa7211e949a0f115f448e1d493403ff3b799 Mon Sep 17 00:00:00 2001 From: volth Date: Mon, 3 Sep 2018 20:04:05 +0000 Subject: [PATCH 099/173] perlPackages.TestAggregate: broken with perl 5.26+ (#46003) --- pkgs/top-level/perl-packages.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/pkgs/top-level/perl-packages.nix b/pkgs/top-level/perl-packages.nix index 046f4a4eaba..8903436d595 100644 --- a/pkgs/top-level/perl-packages.nix +++ b/pkgs/top-level/perl-packages.nix @@ -14925,6 +14925,7 @@ let meta = { description = "Aggregate C<*.t> tests to make them run faster"; license = with stdenv.lib.licenses; [ artistic1 gpl1Plus ]; + broken = stdenv.lib.versionAtLeast perl.version "5.26"; # This module only works with Test::More version < 1.3, but you have 1.302133 }; }; From 114fe007db04adfdb92baec84a351459c9004172 Mon Sep 17 00:00:00 2001 From: Michele Guerini Rocco Date: Mon, 3 Sep 2018 22:10:02 +0200 Subject: [PATCH 100/173] pirate-get: 0.3.1 -> 0.3.2 (#45975) --- pkgs/tools/networking/pirate-get/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/tools/networking/pirate-get/default.nix b/pkgs/tools/networking/pirate-get/default.nix index 5258d53a18a..3acf625fd00 100644 --- a/pkgs/tools/networking/pirate-get/default.nix +++ b/pkgs/tools/networking/pirate-get/default.nix @@ -4,13 +4,13 @@ with python3Packages; buildPythonApplication rec { pname = "pirate-get"; - version = "0.3.1"; + version = "0.3.2"; doCheck = false; src = fetchPypi { inherit pname version; - sha256 = "9d7cc4b15dd8c6a82f9e03a666372e38613ccafdc846ad4c1226ba936beea68d"; + sha256 = "1iirip12zrxm2nqsib5wfqqnlfmhh432y3kkyih9crk4q2p914df"; }; propagatedBuildInputs = [ colorama veryprettytable beautifulsoup4 pyperclip ]; From 328cf82838021b96aa8fdca78588cb800cbfdf4b Mon Sep 17 00:00:00 2001 From: baracoder Date: Mon, 3 Sep 2018 22:14:07 +0200 Subject: [PATCH 101/173] dotnet-sdk: 2.1.302 -> 2.1.401 (#45979) --- pkgs/development/compilers/dotnet/sdk/default.nix | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/pkgs/development/compilers/dotnet/sdk/default.nix b/pkgs/development/compilers/dotnet/sdk/default.nix index 50057f91e80..0e28e041cc5 100644 --- a/pkgs/development/compilers/dotnet/sdk/default.nix +++ b/pkgs/development/compilers/dotnet/sdk/default.nix @@ -12,12 +12,13 @@ let rpath = stdenv.lib.makeLibraryPath [ stdenv.cc.cc libunwind libuuid icu openssl zlib curl ]; in stdenv.mkDerivation rec { - version = "2.1.302"; + version = "2.1.401"; name = "dotnet-sdk-${version}"; src = fetchurl { url = "https://dotnetcli.azureedge.net/dotnet/Sdk/${version}/dotnet-sdk-${version}-linux-x64.tar.gz"; - sha256 = "1a8z9q69cd9a33j7fr7907abm5z4qiivw5k379cgsjmmvxwyvjia"; + # use sha512 from the download page + sha512 = "639f9f68f225246d9cce798d72d011f65c7eda0d775914d1394df050bddf93e2886555f5eed85a75d6c72e9063a54d8aa053c64c326c683b94e9e0a0570e5654"; }; unpackPhase = "tar xvzf $src"; From 3dd579f7b1192f28aacdc235c058a932657d24cc Mon Sep 17 00:00:00 2001 From: tv Date: Mon, 3 Sep 2018 22:14:39 +0200 Subject: [PATCH 102/173] urlwatch: 2.13 -> 2.14 (#45989) --- pkgs/tools/networking/urlwatch/default.nix | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/pkgs/tools/networking/urlwatch/default.nix b/pkgs/tools/networking/urlwatch/default.nix index ecaf498da42..850a33db58c 100644 --- a/pkgs/tools/networking/urlwatch/default.nix +++ b/pkgs/tools/networking/urlwatch/default.nix @@ -2,21 +2,22 @@ python3Packages.buildPythonApplication rec { name = "urlwatch-${version}"; - version = "2.13"; + version = "2.14"; src = fetchFromGitHub { owner = "thp"; repo = "urlwatch"; rev = version; - sha256 = "0rspb5j02mmb0r2dnfryx7jaczvb22lsnysgrr1l9iag0djcgdf5"; + sha256 = "1m7qdh2lk5napncmfnk86dj4wqcahq8y24xnylxa4qlx2ivwkr6b"; }; propagatedBuildInputs = with python3Packages; [ appdirs keyring + lxml minidb - pyyaml pycodestyle + pyyaml requests ]; From ca850897c87b45038981a740690c3ada6b4e7986 Mon Sep 17 00:00:00 2001 From: Michele Guerini Rocco Date: Mon, 3 Sep 2018 22:15:11 +0200 Subject: [PATCH 103/173] pdns-recursor: 4.1.3 -> 4.1.4 (#45984) --- pkgs/servers/dns/pdns-recursor/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/servers/dns/pdns-recursor/default.nix b/pkgs/servers/dns/pdns-recursor/default.nix index 286447352fc..933609ac268 100644 --- a/pkgs/servers/dns/pdns-recursor/default.nix +++ b/pkgs/servers/dns/pdns-recursor/default.nix @@ -8,11 +8,11 @@ with stdenv.lib; stdenv.mkDerivation rec { name = "pdns-recursor-${version}"; - version = "4.1.3"; + version = "4.1.4"; src = fetchurl { url = "https://downloads.powerdns.com/releases/pdns-recursor-${version}.tar.bz2"; - sha256 = "12x8gm6771wh2xaqad3p5y08p5pimp6k9h830s0487mwg9glacy1"; + sha256 = "0l5mf45r3x1z5mg95zpbyms88zv307hsrrx4h6jm9zm3pr9l77xi"; }; nativeBuildInputs = [ pkgconfig ]; From 435eccf15e366a3f6d66a0b9e8d2ae2bf92719fe Mon Sep 17 00:00:00 2001 From: aanderse Date: Mon, 3 Sep 2018 16:33:38 -0400 Subject: [PATCH 104/173] kodi: fix nfs support (#46006) libnfs is required to be in the LD_LIBRARY_PATH for kodi if you want nfs support see: https://www.reddit.com/r/NixOS/comments/9aiquo/how_to_enable_nfs_support_in_kodi/ --- pkgs/applications/video/kodi/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/applications/video/kodi/default.nix b/pkgs/applications/video/kodi/default.nix index 5ca678a2e17..454665455c5 100644 --- a/pkgs/applications/video/kodi/default.nix +++ b/pkgs/applications/video/kodi/default.nix @@ -189,7 +189,7 @@ in stdenv.mkDerivation rec { wrapProgram $out/bin/$p \ --prefix PATH ":" "${lib.makeBinPath [ python2 glxinfo xdpyinfo ]}" \ --prefix LD_LIBRARY_PATH ":" "${lib.makeLibraryPath - [ curl systemd libmad libvdpau libcec libcec_platform rtmpdump libass ]}" + ([ curl systemd libmad libvdpau libcec libcec_platform rtmpdump libass ] ++ lib.optional nfsSupport libnfs)}" done substituteInPlace $out/share/xsessions/kodi.desktop \ From 7422953eb0619d34a0ad38e76926dfe05c40ff03 Mon Sep 17 00:00:00 2001 From: Markus Kowalewski Date: Mon, 3 Sep 2018 21:52:21 +0200 Subject: [PATCH 105/173] lsof: add license + update homepage lib/licenses: add purdue style BSD license --- lib/licenses.nix | 5 +++++ pkgs/development/tools/misc/lsof/default.nix | 9 +++++---- 2 files changed, 10 insertions(+), 4 deletions(-) diff --git a/lib/licenses.nix b/lib/licenses.nix index c442d74c857..6f0e4217c19 100644 --- a/lib/licenses.nix +++ b/lib/licenses.nix @@ -546,6 +546,11 @@ lib.mapAttrs (n: v: v // { shortName = n; }) rec { fullName = "Public Domain"; }; + purdueBsd = { + fullName = " Purdue BSD-Style License"; # also know as lsof license + url = https://enterprise.dejacode.com/licenses/public/purdue-bsd; + }; + qpl = spdx { spdxId = "QPL-1.0"; fullName = "Q Public License 1.0"; diff --git a/pkgs/development/tools/misc/lsof/default.nix b/pkgs/development/tools/misc/lsof/default.nix index 28c2660ac3d..0a5a3c48781 100644 --- a/pkgs/development/tools/misc/lsof/default.nix +++ b/pkgs/development/tools/misc/lsof/default.nix @@ -51,15 +51,16 @@ stdenv.mkDerivation rec { cp lsof $out/bin ''; - meta = { - homepage = ftp://lsof.itap.purdue.edu/pub/tools/unix/lsof/; + meta = with stdenv.lib; { + homepage = https://people.freebsd.org/~abe/; description = "A tool to list open files"; longDescription = '' List open files. Can show what process has opened some file, socket (IPv6/IPv4/UNIX local), or partition (by opening a file from it). ''; - maintainers = [ stdenv.lib.maintainers.dezgeg ]; - platforms = stdenv.lib.platforms.unix; + maintainers = [ maintainers.dezgeg ]; + platforms = platforms.unix; + license = licenses.purdueBsd; }; } From 2fefff2fba8594dbaedff2350e677df06c4c7d69 Mon Sep 17 00:00:00 2001 From: Markus Kowalewski Date: Mon, 3 Sep 2018 22:00:56 +0200 Subject: [PATCH 106/173] gnugo: fix homepage --- pkgs/games/gnugo/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/games/gnugo/default.nix b/pkgs/games/gnugo/default.nix index 6b053d9d53c..133a00b67bb 100644 --- a/pkgs/games/gnugo/default.nix +++ b/pkgs/games/gnugo/default.nix @@ -13,7 +13,7 @@ stdenv.mkDerivation rec { meta = { description = "GNU Go - A computer go player"; - homepage = http://http://www.gnu.org/software/gnugo/; + homepage = http://www.gnu.org/software/gnugo/; license = stdenv.lib.licenses.gpl3; platforms = stdenv.lib.platforms.unix; }; From 6600a405c22819f882f09e0ad2ba8667ce4421d8 Mon Sep 17 00:00:00 2001 From: Markus Kowalewski Date: Mon, 3 Sep 2018 22:06:28 +0200 Subject: [PATCH 107/173] rogue: add license --- pkgs/games/rogue/default.nix | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/pkgs/games/rogue/default.nix b/pkgs/games/rogue/default.nix index bb93fafa3b5..c8af2331b08 100644 --- a/pkgs/games/rogue/default.nix +++ b/pkgs/games/rogue/default.nix @@ -17,10 +17,11 @@ stdenv.mkDerivation { # Fix build for recent ncurses versions NIX_CFLAGS_COMPILE = [ "-DNCURSES_INTERNALS=1" ]; - meta = { + meta = with stdenv.lib; { homepage = http://rogue.rogueforge.net/rogue-5-4/; description = "The final version of the original Rogue game developed for the UNIX operating system"; - platforms = stdenv.lib.platforms.all; - maintainers = [ stdenv.lib.maintainers.eelco ]; + platforms = platforms.all; + license = licenses.bsd3; + maintainers = [ maintainers.eelco ]; }; } From ee8b87a3596c4011e0be33ff9acd3d0c06cc27eb Mon Sep 17 00:00:00 2001 From: Markus Kowalewski Date: Mon, 3 Sep 2018 22:08:22 +0200 Subject: [PATCH 108/173] urbanterror: update homepage --- pkgs/games/urbanterror/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/games/urbanterror/default.nix b/pkgs/games/urbanterror/default.nix index afff5a5c9eb..8ceff15b93d 100644 --- a/pkgs/games/urbanterror/default.nix +++ b/pkgs/games/urbanterror/default.nix @@ -65,7 +65,7 @@ stdenv.mkDerivation rec { tactical shooter; somewhat realism based, but the motto is "fun over realism". This results in a very unique, enjoyable and addictive game. ''; - homepage = http://www.urbanterror.net; + homepage = http://www.urbanterror.info; license = licenses.unfreeRedistributable; maintainers = with maintainers; [ astsmtl fpletz ]; platforms = platforms.linux; From 34831e0537f8f0edb3460c3a1650a23339419234 Mon Sep 17 00:00:00 2001 From: Markus Kowalewski Date: Mon, 3 Sep 2018 22:11:48 +0200 Subject: [PATCH 109/173] talkfilters: update homepage --- pkgs/misc/talkfilters/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/misc/talkfilters/default.nix b/pkgs/misc/talkfilters/default.nix index 4b3158b7a3d..8154e417e06 100644 --- a/pkgs/misc/talkfilters/default.nix +++ b/pkgs/misc/talkfilters/default.nix @@ -17,7 +17,7 @@ stdenv.mkDerivation { meta = { description = "Converts English text into text that mimics a stereotyped or humorous dialect"; - homepage = "http://http://www.hyperrealm.com/${pname}"; + homepage = http://www.hyperrealm.com/talkfilters/talkfilters.html; license = stdenv.lib.licenses.gpl2; maintainers = with stdenv.lib.maintainers; [ ikervagyok ]; platforms = with stdenv.lib.platforms; unix; From be7730621577722d6dd9718d69627b6c1f222da3 Mon Sep 17 00:00:00 2001 From: Markus Kowalewski Date: Mon, 3 Sep 2018 22:14:32 +0200 Subject: [PATCH 110/173] i2c-tools: update homepage --- pkgs/os-specific/linux/i2c-tools/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/os-specific/linux/i2c-tools/default.nix b/pkgs/os-specific/linux/i2c-tools/default.nix index eacac156c97..3f90b91f10d 100644 --- a/pkgs/os-specific/linux/i2c-tools/default.nix +++ b/pkgs/os-specific/linux/i2c-tools/default.nix @@ -23,7 +23,7 @@ stdenv.mkDerivation rec { meta = with stdenv.lib; { description = "Set of I2C tools for Linux"; - homepage = http://www.lm-sensors.org/wiki/I2CTools; + homepage = https://i2c.wiki.kernel.org/index.php/I2C_Tools; license = licenses.gpl2; maintainers = [ maintainers.dezgeg ]; platforms = platforms.linux; From 91b570203be39ad54760b5cb43f45e4ba794d5bc Mon Sep 17 00:00:00 2001 From: Markus Kowalewski Date: Mon, 3 Sep 2018 22:35:09 +0200 Subject: [PATCH 111/173] pmount: update homepage --- pkgs/os-specific/linux/pmount/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/os-specific/linux/pmount/default.nix b/pkgs/os-specific/linux/pmount/default.nix index f0f706157ed..cd0e277b2c6 100644 --- a/pkgs/os-specific/linux/pmount/default.nix +++ b/pkgs/os-specific/linux/pmount/default.nix @@ -37,7 +37,7 @@ stdenv.mkDerivation rec { doCheck = false; # fails 1 out of 1 tests with "Error: could not open fstab-type file: No such file or directory" meta = { - homepage = http://pmount.alioth.debian.org/; + homepage = https://bazaar.launchpad.net/~fourmond/pmount/main/files; description = "Mount removable devices as normal user"; license = stdenv.lib.licenses.gpl2; platforms = stdenv.lib.platforms.linux; From 8954c1f71919af8fe9eeae966aa1e8861cc4de5c Mon Sep 17 00:00:00 2001 From: Vladyslav M Date: Mon, 3 Sep 2018 23:38:15 +0300 Subject: [PATCH 112/173] ion: broken on darwin (#46010) --- pkgs/shells/ion/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/pkgs/shells/ion/default.nix b/pkgs/shells/ion/default.nix index 1333bfd873f..239eeb89c8b 100644 --- a/pkgs/shells/ion/default.nix +++ b/pkgs/shells/ion/default.nix @@ -21,5 +21,6 @@ buildRustPackage rec { license = licenses.mit; maintainers = with maintainers; [ dywedir ]; platforms = platforms.all; + broken = stdenv.isDarwin; }; } From 31ccd1fd76a90218c04934df6bf4e0f272c6a506 Mon Sep 17 00:00:00 2001 From: Vladyslav M Date: Tue, 4 Sep 2018 00:23:23 +0300 Subject: [PATCH 113/173] rclone: 1.42 -> 1.43 (#46009) --- pkgs/applications/networking/sync/rclone/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/applications/networking/sync/rclone/default.nix b/pkgs/applications/networking/sync/rclone/default.nix index 337c166a79a..54d612387ac 100644 --- a/pkgs/applications/networking/sync/rclone/default.nix +++ b/pkgs/applications/networking/sync/rclone/default.nix @@ -2,7 +2,7 @@ buildGoPackage rec { name = "rclone-${version}"; - version = "1.42"; + version = "1.43"; goPackagePath = "github.com/ncw/rclone"; @@ -10,7 +10,7 @@ buildGoPackage rec { owner = "ncw"; repo = "rclone"; rev = "v${version}"; - sha256 = "0r85d45q0jdfwcrblq1rd698cw3h6mc9h4dmlhzl982zpkncijqj"; + sha256 = "1khg5jsrjmnblv8zg0zqs1n0hmjv05pjj94m9d7jbp9d936lxsxx"; }; outputs = [ "bin" "out" "man" ]; From 3549879b459cbfbc7f8550e5c712b66ca9e2591d Mon Sep 17 00:00:00 2001 From: symphorien Date: Mon, 3 Sep 2018 21:24:38 +0000 Subject: [PATCH 114/173] gede: 2.6.1 -> 2.10.9 (#45995) reverting to qt 5.9 fixed the build. --- pkgs/development/tools/misc/gede/default.nix | 6 +++--- pkgs/top-level/all-packages.nix | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/pkgs/development/tools/misc/gede/default.nix b/pkgs/development/tools/misc/gede/default.nix index 9e8ce3d9331..9db0062023c 100644 --- a/pkgs/development/tools/misc/gede/default.nix +++ b/pkgs/development/tools/misc/gede/default.nix @@ -2,11 +2,11 @@ stdenv.mkDerivation rec { name = "gede-${version}"; - version = "2.6.1"; + version = "2.10.9"; src = fetchurl { url = "http://gede.acidron.com/uploads/source/${name}.tar.xz"; - sha256 = "0jallpchl3c3i90hwic4n7n0ggk5wra0fki4by9ag26ln0k42c4r"; + sha256 = "0av9v3r6x6anjjm4hzn8wxnvrqc8zp1g7570m5ndg7cgc3sy3bg6"; }; nativeBuildInputs = [ qmake makeWrapper python ]; @@ -27,7 +27,7 @@ stdenv.mkDerivation rec { description = "Graphical frontend (GUI) to GDB"; homepage = http://gede.acidron.com; license = licenses.bsd2; - platforms = platforms.unix; + platforms = platforms.linux; maintainers = with maintainers; [ juliendehos ]; }; } diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index b4ad5304052..1ba704b375d 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -8270,7 +8270,7 @@ with pkgs; funnelweb = callPackage ../development/tools/literate-programming/funnelweb { }; - gede = libsForQt5.callPackage ../development/tools/misc/gede { }; + gede = libsForQt59.callPackage ../development/tools/misc/gede { }; gdbgui = callPackage ../development/tools/misc/gdbgui { }; From 9d6ff38f706c29cd376a52323c8f8018ac93aca6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Dani=C3=ABl=20de=20Kok?= Date: Mon, 3 Sep 2018 23:42:57 +0200 Subject: [PATCH 115/173] magit-todos: fix build by providing git as input. (#45999) magit-todos requires git during builds. Fixes #45868. --- pkgs/applications/editors/emacs-modes/melpa-packages.nix | 6 ++++++ .../editors/emacs-modes/melpa-stable-packages.nix | 6 ++++++ 2 files changed, 12 insertions(+) diff --git a/pkgs/applications/editors/emacs-modes/melpa-packages.nix b/pkgs/applications/editors/emacs-modes/melpa-packages.nix index bec845b815c..addae267468 100644 --- a/pkgs/applications/editors/emacs-modes/melpa-packages.nix +++ b/pkgs/applications/editors/emacs-modes/melpa-packages.nix @@ -146,6 +146,12 @@ self: (attrs.nativeBuildInputs or []) ++ [ external.git ]; }); + magit-todos = super.magit-todos.overrideAttrs (attrs: { + # searches for Git at build time + nativeBuildInputs = + (attrs.nativeBuildInputs or []) ++ [ external.git ]; + }); + # missing OCaml merlin = markBroken super.merlin; diff --git a/pkgs/applications/editors/emacs-modes/melpa-stable-packages.nix b/pkgs/applications/editors/emacs-modes/melpa-stable-packages.nix index 61086b96230..98927cbd987 100644 --- a/pkgs/applications/editors/emacs-modes/melpa-stable-packages.nix +++ b/pkgs/applications/editors/emacs-modes/melpa-stable-packages.nix @@ -151,6 +151,12 @@ self: (attrs.nativeBuildInputs or []) ++ [ external.git ]; }); + magit-todos = super.magit-todos.overrideAttrs (attrs: { + # searches for Git at build time + nativeBuildInputs = + (attrs.nativeBuildInputs or []) ++ [ external.git ]; + }); + # missing OCaml merlin = markBroken super.merlin; From 9692b7997c0b7349f75aecc897a0da43bc4eeda3 Mon Sep 17 00:00:00 2001 From: Michiel Leenaars Date: Mon, 3 Sep 2018 23:52:27 +0200 Subject: [PATCH 116/173] pythonPackages.authres: fix broken homepage --- pkgs/development/python-modules/authres/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/development/python-modules/authres/default.nix b/pkgs/development/python-modules/authres/default.nix index b5aad787dfb..a0ec276f22d 100644 --- a/pkgs/development/python-modules/authres/default.nix +++ b/pkgs/development/python-modules/authres/default.nix @@ -21,7 +21,7 @@ buildPythonPackage rec { Authentication-Results Headers generation and parsing for Python/Python3. ''; - homepage = https://launchpad.net/authres; + homepage = https://launchpad.net/authentication-results-python; license = licenses.bsd3; maintainers = with maintainers; [ leenaars ]; }; From 7c915abd52ad8b87f59d7752911704ce3cc38605 Mon Sep 17 00:00:00 2001 From: markuskowa Date: Tue, 4 Sep 2018 00:20:48 +0200 Subject: [PATCH 117/173] gnss-sdr: set boost version to 1.66 (#46014) --- pkgs/top-level/all-packages.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 1ba704b375d..9a9cdbcab12 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -16322,7 +16322,7 @@ with pkgs; gksu = callPackage ../applications/misc/gksu { }; - gnss-sdr = callPackage ../applications/misc/gnss-sdr { }; + gnss-sdr = callPackage ../applications/misc/gnss-sdr { boost=boost166; }; gnuradio = callPackage ../applications/misc/gnuradio { inherit (python2Packages) cheetah lxml Mako matplotlib numpy python pyopengl pyqt4 scipy wxPython pygtk; From e8fe244a7111c11ccaf69d075baba36a5b419bf4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Romildo=20Malaquias?= Date: Mon, 3 Sep 2018 19:22:57 -0300 Subject: [PATCH 118/173] qt5integration: init at 0.3.5 (#46012) --- pkgs/desktops/deepin/default.nix | 1 + .../deepin/qt5integration/default.nix | 52 +++++++++++++++++++ 2 files changed, 53 insertions(+) create mode 100644 pkgs/desktops/deepin/qt5integration/default.nix diff --git a/pkgs/desktops/deepin/default.nix b/pkgs/desktops/deepin/default.nix index 3343d836f61..b315df1f39e 100644 --- a/pkgs/desktops/deepin/default.nix +++ b/pkgs/desktops/deepin/default.nix @@ -14,6 +14,7 @@ let dtkcore = callPackage ./dtkcore { }; dtkwidget = callPackage ./dtkwidget { }; qt5dxcb-plugin = callPackage ./qt5dxcb-plugin { }; + qt5integration = callPackage ./qt5integration { }; }; diff --git a/pkgs/desktops/deepin/qt5integration/default.nix b/pkgs/desktops/deepin/qt5integration/default.nix new file mode 100644 index 00000000000..28e06bae42d --- /dev/null +++ b/pkgs/desktops/deepin/qt5integration/default.nix @@ -0,0 +1,52 @@ +{ stdenv, fetchFromGitHub, pkgconfig, qmake, mtdev, gsettings-qt +, lxqt, qtx11extras, qtmultimedia, qtsvg, fontconfig, freetype +, qt5dxcb-plugin, qtstyleplugins, dtkcore, dtkwidget +}: + +stdenv.mkDerivation rec { + name = "${pname}-${version}"; + pname = "qt5integration"; + version = "0.3.5"; + + src = fetchFromGitHub { + owner = "linuxdeepin"; + repo = pname; + rev = version; + sha256 = "0qf9ndsg8pz2n68y68a30d1hxr3ri8k4j00dxlbcf5cn5mbnny1b"; + }; + + nativeBuildInputs = [ + pkgconfig + qmake + ]; + + buildInputs = [ + dtkcore + dtkwidget + qt5dxcb-plugin + mtdev + lxqt.libqtxdg + qtstyleplugins + qtx11extras + qtmultimedia + qtsvg + ]; + + postPatch = '' + sed -i dstyleplugin/dstyleplugin.pro \ + platformthemeplugin/qt5deepintheme-plugin.pro \ + iconengineplugins/svgiconengine/svgiconengine.pro \ + imageformatplugins/svg/svg.pro \ + -e "s,\$\$\[QT_INSTALL_PLUGINS\],$out/$qtPluginPrefix," + ''; + + enableParallelBuilding = true; + + meta = with stdenv.lib; { + description = "Qt platform theme integration plugins for DDE"; + homepage = https://github.com/linuxdeepin/qt5integration; + license = with licenses; [ gpl3 lgpl2Plus bsd2 ]; + platforms = platforms.linux; + maintainers = with maintainers; [ romildo ]; + }; +} From efef4acc7e9328dd6eb2c38a4c39ea99cb2322aa Mon Sep 17 00:00:00 2001 From: rnhmjoj Date: Mon, 3 Sep 2018 15:34:30 +0200 Subject: [PATCH 119/173] masscan: 1.0.4 -> 1.0.5 --- pkgs/tools/security/masscan/default.nix | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/pkgs/tools/security/masscan/default.nix b/pkgs/tools/security/masscan/default.nix index 26497659d23..e33681c45e0 100644 --- a/pkgs/tools/security/masscan/default.nix +++ b/pkgs/tools/security/masscan/default.nix @@ -2,13 +2,13 @@ stdenv.mkDerivation rec { name = "masscan-${version}"; - version = "1.0.4"; + version = "1.0.5"; src = fetchFromGitHub { owner = "robertdavidgraham"; repo = "masscan"; - rev = "39061a5e9ef158dde1e6618f6fbf379739934a73"; - sha256 = "0mjvwh4i0ncsa3ywavw2s55v5bfv7pyga028c8m8xfash9764wwf"; + rev = "${version}"; + sha256 = "0q0c7bsf0pbl8napry1qyg0gl4pd8wn872h4mz9b56dx4rx90vqg"; }; nativeBuildInputs = [ makeWrapper ]; @@ -25,7 +25,7 @@ stdenv.mkDerivation rec { mkdir -p $out/etc/masscan cp data/exclude.conf $out/etc/masscan - cp -t $out/share/doc/masscan doc/algorithm.js doc/howto-afl.md doc/bot.hml + cp -t $out/share/doc/masscan doc/algorithm.js doc/howto-afl.md doc/bot.html cp doc/masscan.8 $out/share/man/man8/masscan.8 cp LICENSE $out/share/licenses/masscan/LICENSE From 6c8cea6315d98881d6183ae0df0e41380eb36cc4 Mon Sep 17 00:00:00 2001 From: symphorien Date: Mon, 3 Sep 2018 22:28:15 +0000 Subject: [PATCH 120/173] hdaps-gl: init at 0.0.5 (#45986) --- pkgs/tools/misc/hdaps-gl/default.nix | 25 +++++++++++++++++++++++++ pkgs/top-level/all-packages.nix | 2 ++ 2 files changed, 27 insertions(+) create mode 100644 pkgs/tools/misc/hdaps-gl/default.nix diff --git a/pkgs/tools/misc/hdaps-gl/default.nix b/pkgs/tools/misc/hdaps-gl/default.nix new file mode 100644 index 00000000000..8b19cd03895 --- /dev/null +++ b/pkgs/tools/misc/hdaps-gl/default.nix @@ -0,0 +1,25 @@ +{ stdenv, fetchzip, freeglut, libGL, libGLU }: + +let version = "0.0.5"; in +stdenv.mkDerivation { + name = "hdaps-gl-${version}"; + src = fetchzip { + url = "mirror://sourceforge/project/hdaps/hdaps-gl/hdaps-gl-${version}/hdaps-gl-${version}.tar.gz"; + sha256 = "16fk4k0lvr4c95vd6c7qdylcqa1h5yjp3xm4xwipdjbp0bvsgxq4"; + }; + + buildInputs = [ freeglut libGL libGLU ]; + + # the Makefile has no install target + installPhase = '' + install -Dt $out/bin ./hdaps-gl + ''; + + meta = with stdenv.lib; { + description = "GL-based laptop model that rotates in real-time via hdaps"; + homepage = https://sourceforge.net/projects/hdaps/; + license = licenses.gpl2; + platforms = platforms.linux; + maintainers = [ maintainers.symphorien ]; + }; +} diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 9a9cdbcab12..75f595c7605 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -3082,6 +3082,8 @@ with pkgs; hdapsd = callPackage ../os-specific/linux/hdapsd { }; + hdaps-gl = callPackage ../tools/misc/hdaps-gl { }; + hddtemp = callPackage ../tools/misc/hddtemp { }; hdf4 = callPackage ../tools/misc/hdf4 { From d5b0c4d5c2fb59316ee85125e9df49cb30b85b74 Mon Sep 17 00:00:00 2001 From: rnhmjoj Date: Tue, 4 Sep 2018 00:35:17 +0200 Subject: [PATCH 121/173] imv: build only on x86_64 linux --- pkgs/applications/graphics/imv/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/applications/graphics/imv/default.nix b/pkgs/applications/graphics/imv/default.nix index f02184d9852..9def3f16ad0 100644 --- a/pkgs/applications/graphics/imv/default.nix +++ b/pkgs/applications/graphics/imv/default.nix @@ -26,7 +26,7 @@ stdenv.mkDerivation rec { homepage = https://github.com/eXeC64/imv; license = licenses.gpl2; maintainers = with maintainers; [ rnhmjoj ]; - platforms = platforms.unix; + platforms = [ "x86_64-linux" ]; }; } From a2f490c5764c1372d72bd512707d1c703dacdcbc Mon Sep 17 00:00:00 2001 From: "R. RyanTM" Date: Mon, 3 Sep 2018 16:02:02 -0700 Subject: [PATCH 122/173] mkvtoolnix: 25.0.0 -> 26.0.0 (#45812) Semi-automatic update generated by https://github.com/ryantm/nixpkgs-update tools. This update was made based on information from mkvtoolnix --- pkgs/applications/video/mkvtoolnix/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/applications/video/mkvtoolnix/default.nix b/pkgs/applications/video/mkvtoolnix/default.nix index ef01ac4cdae..3f0fb0e8022 100644 --- a/pkgs/applications/video/mkvtoolnix/default.nix +++ b/pkgs/applications/video/mkvtoolnix/default.nix @@ -12,13 +12,13 @@ with stdenv.lib; stdenv.mkDerivation rec { name = "mkvtoolnix-${version}"; - version = "25.0.0"; + version = "26.0.0"; src = fetchFromGitLab { owner = "mbunkus"; repo = "mkvtoolnix"; rev = "release-${version}"; - sha256 = "04m57719q7q0h0gcj1b2bh8xbdcl5bijic4hw71xf9xd19a95k78"; + sha256 = "0dq0lbr6kzj455mv4z6a851n7ff3xlmsxklijiyp4drn1jf0q1pb"; }; nativeBuildInputs = [ From e4f4debcb961ba413b38e77cbdfffb3465074f6a Mon Sep 17 00:00:00 2001 From: Will Dietz Date: Mon, 3 Sep 2018 18:08:39 -0500 Subject: [PATCH 123/173] swift: 4.1 -> 4.1.3 (#45777) --- pkgs/development/compilers/swift/default.nix | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/pkgs/development/compilers/swift/default.nix b/pkgs/development/compilers/swift/default.nix index 9c1a3658590..3bc96288f83 100644 --- a/pkgs/development/compilers/swift/default.nix +++ b/pkgs/development/compilers/swift/default.nix @@ -36,9 +36,9 @@ }: let - v_major = "4.1"; - version = "${v_major}-RELEASE"; - version_friendly = "${v_major}"; + v_base = "4.1.3"; + version = "${v_base}-RELEASE"; + version_friendly = "${v_base}"; tag = "refs/tags/swift-${version}"; fetch = { repo, sha256, fetchSubmodules ? false }: @@ -58,7 +58,7 @@ let }; llvm = fetch { repo = "swift-llvm"; - sha256 = "03558f5zbchqvdabi3x9ahyz4xkmj7w69gazivz372832lgr9zfh"; + sha256 = "0q5cv4iydm8c1kcax32573y3q2cbpihwgj5aa8ws1fnpy4jvq934"; }; compilerrt = fetch { repo = "swift-compiler-rt"; @@ -70,7 +70,7 @@ let }; lldb = fetch { repo = "swift-lldb"; - sha256 = "09x3d3bc6rn9g6jpi3fb120c4r2carsmqla4bq4scjrs0867jz9m"; + sha256 = "1d0pa7xm289bjb6r52hkkmlngkqkwbwgixnmm30bin2q18mkxk7s"; }; llbuild = fetch { repo = "swift-llbuild"; @@ -86,7 +86,7 @@ let }; foundation = fetch { repo = "swift-corelibs-foundation"; - sha256 = "06pbhb7wg4q5qgprhiyzbqy6hssga7xxjclhlh81gd6rvfd6bxvw"; + sha256 = "1bhrag63rmz41bg2g6ap01qrdpq37hislgf5hg6myy2v69q7mahx"; }; libdispatch = fetch { repo = "swift-corelibs-libdispatch"; @@ -95,7 +95,7 @@ let }; swift = fetch { repo = "swift"; - sha256 = "1flvr12bg8m4k44yq0xy9qrllv5rpxgxisjgbpakk5p3myfsx7ky"; + sha256 = "1ydx11pkvaasgjbr29lnha0lpnak758gd5l0aqzmp3q6mcyvfm7a"; }; }; From e7a82cac35ecd7b1fb656bee587716ae07e85288 Mon Sep 17 00:00:00 2001 From: Uli Baum Date: Tue, 4 Sep 2018 01:13:55 +0200 Subject: [PATCH 124/173] swift: broken on aarch64 never built according to available hydra logs --- pkgs/development/compilers/swift/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/pkgs/development/compilers/swift/default.nix b/pkgs/development/compilers/swift/default.nix index 3bc96288f83..233eb6647c0 100644 --- a/pkgs/development/compilers/swift/default.nix +++ b/pkgs/development/compilers/swift/default.nix @@ -287,6 +287,7 @@ stdenv.mkDerivation rec { # Swift doesn't support 32bit Linux, unknown on other platforms. platforms = platforms.linux; badPlatforms = platforms.i686; + broken = stdenv.isAarch64; # 2018-09-04, never built on Hydra }; } From 767803b3d26d69420dd0674a5f988c2cdabe1797 Mon Sep 17 00:00:00 2001 From: Jan Tojnar Date: Sat, 1 Sep 2018 23:15:14 +0200 Subject: [PATCH 125/173] =?UTF-8?q?gnome3.tracker:=202.1.2=20=E2=86=92=202?= =?UTF-8?q?.1.3?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- pkgs/desktops/gnome-3/core/tracker/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/desktops/gnome-3/core/tracker/default.nix b/pkgs/desktops/gnome-3/core/tracker/default.nix index a0da1b7147d..06c41937d12 100644 --- a/pkgs/desktops/gnome-3/core/tracker/default.nix +++ b/pkgs/desktops/gnome-3/core/tracker/default.nix @@ -5,7 +5,7 @@ let pname = "tracker"; - version = "2.1.2"; + version = "2.1.3"; in stdenv.mkDerivation rec { name = "${pname}-${version}"; @@ -13,7 +13,7 @@ in stdenv.mkDerivation rec { src = fetchurl { url = "mirror://gnome/sources/${pname}/${gnome3.versionBranch version}/${name}.tar.xz"; - sha256 = "1sf923f3ya3gj5s90da8qkqqvjj3fdll7xrjgscpb6yhgv0kzqsi"; + sha256 = "00gimpn2ydv3yka25cmw3i0n402d2nhx7992byvq4yvhr77rni22"; }; nativeBuildInputs = [ From a502b155f0ab15a4287e3176e5e3ce47ada38091 Mon Sep 17 00:00:00 2001 From: Jan Tojnar Date: Mon, 3 Sep 2018 20:17:32 +0200 Subject: [PATCH 126/173] gnome3.libgweather: add python3 for install script Meson no longer propagates it so we need to re-add it. --- pkgs/desktops/gnome-3/core/libgweather/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/desktops/gnome-3/core/libgweather/default.nix b/pkgs/desktops/gnome-3/core/libgweather/default.nix index beab0246527..23405af50d3 100644 --- a/pkgs/desktops/gnome-3/core/libgweather/default.nix +++ b/pkgs/desktops/gnome-3/core/libgweather/default.nix @@ -1,5 +1,5 @@ { stdenv, fetchurl, meson, ninja, pkgconfig, libxml2, glib, gtk, gettext, libsoup -, gtk-doc, docbook_xsl, gobjectIntrospection, tzdata, geocode-glib, vala, gnome3 }: +, gtk-doc, docbook_xsl, docbook_xml_dtd_43, gobjectIntrospection, python3, tzdata, geocode-glib, vala, gnome3 }: let pname = "libgweather"; @@ -14,7 +14,7 @@ in stdenv.mkDerivation rec { sha256 = "0xfy5ghwvnz2g9074dy6512m4z2pv66pmja14vhi9imgacbfh708"; }; - nativeBuildInputs = [ meson ninja pkgconfig gettext vala gtk-doc docbook_xsl gobjectIntrospection ]; + nativeBuildInputs = [ meson ninja pkgconfig gettext vala gtk-doc docbook_xsl docbook_xml_dtd_43 gobjectIntrospection python3 ]; buildInputs = [ glib gtk libsoup libxml2 geocode-glib ]; postPatch = '' From 9c4323b5de604d3436f99467d4ed81c7943fdfb1 Mon Sep 17 00:00:00 2001 From: Jan Tojnar Date: Mon, 3 Sep 2018 20:35:09 +0200 Subject: [PATCH 127/173] gnome3.gnome-power-manager: add python3 for install script Meson no longer propagates it so we need to re-add it. --- pkgs/desktops/gnome-3/apps/gnome-power-manager/default.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/pkgs/desktops/gnome-3/apps/gnome-power-manager/default.nix b/pkgs/desktops/gnome-3/apps/gnome-power-manager/default.nix index 70ed4403f10..a7861dcf74d 100644 --- a/pkgs/desktops/gnome-3/apps/gnome-power-manager/default.nix +++ b/pkgs/desktops/gnome-3/apps/gnome-power-manager/default.nix @@ -7,6 +7,7 @@ , meson , ninja , upower +, python3 , desktop-file-utils , wrapGAppsHook , gnome3 }: @@ -37,6 +38,7 @@ in stdenv.mkDerivation rec { gettext # needed by meson_post_install.sh + python3 glib.dev desktop-file-utils ]; From 9879ed55ae4098c59f6baf1574c93d17d8e094a1 Mon Sep 17 00:00:00 2001 From: Jan Tojnar Date: Mon, 3 Sep 2018 20:36:10 +0200 Subject: [PATCH 128/173] feedreader: add python3 for install script Meson no longer propagates it so we need to re-add it. --- .../networking/feedreaders/feedreader/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/applications/networking/feedreaders/feedreader/default.nix b/pkgs/applications/networking/feedreaders/feedreader/default.nix index d2991c3ba1c..158b02cff5b 100644 --- a/pkgs/applications/networking/feedreaders/feedreader/default.nix +++ b/pkgs/applications/networking/feedreaders/feedreader/default.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchFromGitHub, meson, ninja, pkgconfig, vala_0_40, gettext +{ stdenv, fetchFromGitHub, meson, ninja, pkgconfig, vala_0_40, gettext, python3 , appstream-glib, desktop-file-utils, glibcLocales, wrapGAppsHook , curl, glib, gnome3, gst_all_1, json-glib, libnotify, libsecret, sqlite }: @@ -18,7 +18,7 @@ in stdenv.mkDerivation { nativeBuildInputs = [ meson ninja pkgconfig vala_0_40 gettext appstream-glib desktop-file-utils - glibcLocales wrapGAppsHook + python3 glibcLocales wrapGAppsHook ]; buildInputs = [ From 804a26e6b7986f7439588ff4e0d75b60f1daf3a4 Mon Sep 17 00:00:00 2001 From: Jan Tojnar Date: Mon, 3 Sep 2018 21:13:45 +0200 Subject: [PATCH 129/173] gnome3.dconf-editor: add python3 for install script Meson no longer propagates it so we need to re-add it. --- pkgs/desktops/gnome-3/core/dconf-editor/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/desktops/gnome-3/core/dconf-editor/default.nix b/pkgs/desktops/gnome-3/core/dconf-editor/default.nix index 57c102d89cc..13d73fa34d2 100644 --- a/pkgs/desktops/gnome-3/core/dconf-editor/default.nix +++ b/pkgs/desktops/gnome-3/core/dconf-editor/default.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchurl, meson, ninja, vala, libxslt, pkgconfig, glib, dbus-glib, gtk3, gnome3 +{ stdenv, fetchurl, meson, ninja, vala, libxslt, pkgconfig, glib, dbus-glib, gtk3, gnome3, python3 , libxml2, gettext, docbook_xsl, wrapGAppsHook, gobjectIntrospection }: let @@ -12,7 +12,7 @@ in stdenv.mkDerivation rec { sha256 = "0nhcpwqrkmpxbhaf0cafvy6dlp6s7vhm5vknl4lgs3l24zc56ns5"; }; - nativeBuildInputs = [ meson ninja vala libxslt pkgconfig wrapGAppsHook gettext docbook_xsl libxml2 gobjectIntrospection ]; + nativeBuildInputs = [ meson ninja vala libxslt pkgconfig wrapGAppsHook gettext docbook_xsl libxml2 gobjectIntrospection python3 ]; buildInputs = [ glib dbus-glib gtk3 gnome3.defaultIconTheme gnome3.dconf ]; From bf38aea59b1b3d81a66f42f8e21669d2cec69101 Mon Sep 17 00:00:00 2001 From: Jan Tojnar Date: Mon, 3 Sep 2018 21:14:58 +0200 Subject: [PATCH 130/173] gnome3.gnome-calculator: add python3 for install script Meson no longer propagates it so we need to re-add it. --- pkgs/desktops/gnome-3/core/gnome-calculator/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/desktops/gnome-3/core/gnome-calculator/default.nix b/pkgs/desktops/gnome-3/core/gnome-calculator/default.nix index 794f37fcbbd..2f4743ee263 100644 --- a/pkgs/desktops/gnome-3/core/gnome-calculator/default.nix +++ b/pkgs/desktops/gnome-3/core/gnome-calculator/default.nix @@ -1,5 +1,5 @@ { stdenv, meson, ninja, vala, gettext, itstool, fetchurl, pkgconfig, libxml2 -, gtk3, glib, gtksourceview3, wrapGAppsHook, gobjectIntrospection +, gtk3, glib, gtksourceview3, wrapGAppsHook, gobjectIntrospection, python3 , gnome3, mpfr, gmp, libsoup, libmpc }: stdenv.mkDerivation rec { @@ -12,7 +12,7 @@ stdenv.mkDerivation rec { }; nativeBuildInputs = [ - meson ninja pkgconfig vala gettext itstool wrapGAppsHook + meson ninja pkgconfig vala gettext itstool wrapGAppsHook python3 gobjectIntrospection # for finding vapi files ]; From 69fa70ad468b6877aa68c8c320fc7737024b74a4 Mon Sep 17 00:00:00 2001 From: Jan Tojnar Date: Mon, 3 Sep 2018 21:16:59 +0200 Subject: [PATCH 131/173] gnomeExtensions.mediaplayer: add python3 for install script Meson no longer propagates it so we need to re-add it. --- pkgs/desktops/gnome-3/extensions/mediaplayer/default.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/pkgs/desktops/gnome-3/extensions/mediaplayer/default.nix b/pkgs/desktops/gnome-3/extensions/mediaplayer/default.nix index f64a0ef3f27..6038443944f 100644 --- a/pkgs/desktops/gnome-3/extensions/mediaplayer/default.nix +++ b/pkgs/desktops/gnome-3/extensions/mediaplayer/default.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchFromGitHub, glib, meson, gettext, ninja }: +{ stdenv, fetchFromGitHub, glib, meson, gettext, ninja, python3 }: stdenv.mkDerivation rec { name = "gnome-shell-extensions-mediaplayer-${version}"; @@ -14,6 +14,7 @@ stdenv.mkDerivation rec { nativeBuildInputs = [ meson ninja + python3 ]; buildInputs = [ glib From 5043df2499e99d2aa79fb7337b4b7bedbcf34547 Mon Sep 17 00:00:00 2001 From: Jan Tojnar Date: Mon, 3 Sep 2018 21:28:16 +0200 Subject: [PATCH 132/173] gnome3.devhelp: add python3 for install script Meson no longer propagates it so we need to re-add it. --- pkgs/desktops/gnome-3/devtools/devhelp/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/desktops/gnome-3/devtools/devhelp/default.nix b/pkgs/desktops/gnome-3/devtools/devhelp/default.nix index 63fa2ebddcf..aa0f545c2db 100644 --- a/pkgs/desktops/gnome-3/devtools/devhelp/default.nix +++ b/pkgs/desktops/gnome-3/devtools/devhelp/default.nix @@ -1,5 +1,5 @@ { stdenv, fetchurl, meson, ninja, pkgconfig, gnome3, gtk3, wrapGAppsHook -, glib, amtk, appstream-glib, gobjectIntrospection +, glib, amtk, appstream-glib, gobjectIntrospection, python3 , webkitgtk, gettext, itstool, gsettings-desktop-schemas }: stdenv.mkDerivation rec { @@ -11,7 +11,7 @@ stdenv.mkDerivation rec { sha256 = "1rzilsn0v8dj86djankllc5f10d58f6rwg4w1fffh5zly10nlli5"; }; - nativeBuildInputs = [ meson ninja pkgconfig gettext itstool wrapGAppsHook appstream-glib gobjectIntrospection ]; + nativeBuildInputs = [ meson ninja pkgconfig gettext itstool wrapGAppsHook appstream-glib gobjectIntrospection python3 ]; buildInputs = [ glib gtk3 webkitgtk amtk gnome3.defaultIconTheme gsettings-desktop-schemas From 0c4e69dd783d6e9977181e55f8d322a48f6c9c9b Mon Sep 17 00:00:00 2001 From: Jan Tojnar Date: Mon, 3 Sep 2018 22:01:24 +0200 Subject: [PATCH 133/173] gnome3.gnome-calendar: add python3 for install script Meson no longer propagates it so we need to re-add it. --- pkgs/desktops/gnome-3/apps/gnome-calendar/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/desktops/gnome-3/apps/gnome-calendar/default.nix b/pkgs/desktops/gnome-3/apps/gnome-calendar/default.nix index 347cd7a16ae..05275fa01ac 100644 --- a/pkgs/desktops/gnome-3/apps/gnome-calendar/default.nix +++ b/pkgs/desktops/gnome-3/apps/gnome-calendar/default.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchurl, meson, ninja, pkgconfig, wrapGAppsHook, libdazzle, libgweather, geoclue2, geocode-glib +{ stdenv, fetchurl, meson, ninja, pkgconfig, wrapGAppsHook, libdazzle, libgweather, geoclue2, geocode-glib, python3 , gettext, libxml2, gnome3, gtk, evolution-data-server, libsoup , glib, gnome-online-accounts, gsettings-desktop-schemas }: @@ -20,7 +20,7 @@ in stdenv.mkDerivation rec { }; }; - nativeBuildInputs = [ meson ninja pkgconfig gettext libxml2 wrapGAppsHook ]; + nativeBuildInputs = [ meson ninja pkgconfig gettext libxml2 wrapGAppsHook python3 ]; buildInputs = [ gtk evolution-data-server libsoup glib gnome-online-accounts libdazzle libgweather geoclue2 geocode-glib gsettings-desktop-schemas gnome3.defaultIconTheme From d99291efab6e8b5477ec723c3595798d07877b5a Mon Sep 17 00:00:00 2001 From: Jan Tojnar Date: Mon, 3 Sep 2018 22:03:47 +0200 Subject: [PATCH 134/173] gnome3.gnome-documents: add python3 for install script Meson no longer propagates it so we need to re-add it. --- pkgs/desktops/gnome-3/apps/gnome-documents/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/desktops/gnome-3/apps/gnome-documents/default.nix b/pkgs/desktops/gnome-3/apps/gnome-documents/default.nix index 9948f9d909b..196331ec52e 100644 --- a/pkgs/desktops/gnome-3/apps/gnome-documents/default.nix +++ b/pkgs/desktops/gnome-3/apps/gnome-documents/default.nix @@ -4,7 +4,7 @@ , gnome-desktop, libzapojit, libgepub , gnome3, gdk_pixbuf, libsoup, docbook_xsl, docbook_xml_dtd_42 , gobjectIntrospection, inkscape, poppler_utils -, desktop-file-utils, wrapGAppsHook }: +, desktop-file-utils, wrapGAppsHook, python3 }: stdenv.mkDerivation rec { name = "gnome-documents-${version}"; @@ -20,7 +20,7 @@ stdenv.mkDerivation rec { mesonFlags = [ "-Dgetting-started=true" ]; nativeBuildInputs = [ - meson ninja pkgconfig gettext itstool libxslt desktop-file-utils docbook_xsl docbook_xml_dtd_42 wrapGAppsHook + meson ninja pkgconfig gettext itstool libxslt desktop-file-utils docbook_xsl docbook_xml_dtd_42 wrapGAppsHook python3 inkscape poppler_utils # building getting started ]; buildInputs = [ From af472866215bde79a6d109a66b753762aa819725 Mon Sep 17 00:00:00 2001 From: Jan Tojnar Date: Mon, 3 Sep 2018 22:07:30 +0200 Subject: [PATCH 135/173] gnome3.gnome-characters: add python3 for install script Meson no longer propagates it so we need to re-add it. --- pkgs/desktops/gnome-3/apps/gnome-characters/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/desktops/gnome-3/apps/gnome-characters/default.nix b/pkgs/desktops/gnome-3/apps/gnome-characters/default.nix index 92ce0eb8deb..8b497fbf433 100644 --- a/pkgs/desktops/gnome-3/apps/gnome-characters/default.nix +++ b/pkgs/desktops/gnome-3/apps/gnome-characters/default.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchurl, meson, ninja, pkgconfig, gettext, gnome3, glib, gtk3, pango, wrapGAppsHook +{ stdenv, fetchurl, meson, ninja, pkgconfig, gettext, gnome3, glib, gtk3, pango, wrapGAppsHook, python3 , gobjectIntrospection, gjs, libunistring }: stdenv.mkDerivation rec { @@ -22,7 +22,7 @@ stdenv.mkDerivation rec { }; }; - nativeBuildInputs = [ meson ninja pkgconfig gettext wrapGAppsHook gobjectIntrospection ]; + nativeBuildInputs = [ meson ninja pkgconfig gettext wrapGAppsHook python3 gobjectIntrospection ]; buildInputs = [ glib gtk3 gjs pango gnome3.gsettings-desktop-schemas gnome3.defaultIconTheme libunistring ]; mesonFlags = [ From dd8d38fcf025e376d0320f86cb36ba48ae51a06c Mon Sep 17 00:00:00 2001 From: Jan Tojnar Date: Mon, 3 Sep 2018 22:09:03 +0200 Subject: [PATCH 136/173] gnome3.bijiben: add python3 for install script Meson no longer propagates it so we need to re-add it. --- pkgs/desktops/gnome-3/apps/bijiben/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/desktops/gnome-3/apps/bijiben/default.nix b/pkgs/desktops/gnome-3/apps/bijiben/default.nix index 06510c8f34a..38c729a1c42 100644 --- a/pkgs/desktops/gnome-3/apps/bijiben/default.nix +++ b/pkgs/desktops/gnome-3/apps/bijiben/default.nix @@ -1,5 +1,5 @@ { stdenv, meson, ninja, gettext, fetchurl, pkgconfig -, wrapGAppsHook, itstool, desktop-file-utils +, wrapGAppsHook, itstool, desktop-file-utils, python3 , glib, gtk3, evolution-data-server , libuuid, webkitgtk, zeitgeist , gnome3, libxml2 }: @@ -22,7 +22,7 @@ in stdenv.mkDerivation rec { ''; nativeBuildInputs = [ - meson ninja pkgconfig gettext itstool libxml2 desktop-file-utils wrapGAppsHook + meson ninja pkgconfig gettext itstool libxml2 desktop-file-utils python3 wrapGAppsHook ]; buildInputs = [ From 091ed8f2f8b5b756b09608276f14c91b0b142bc3 Mon Sep 17 00:00:00 2001 From: Jan Tojnar Date: Mon, 3 Sep 2018 22:09:41 +0200 Subject: [PATCH 137/173] gnome3.eog: add python3 for install script Meson no longer propagates it so we need to re-add it. --- pkgs/desktops/gnome-3/core/eog/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/desktops/gnome-3/core/eog/default.nix b/pkgs/desktops/gnome-3/core/eog/default.nix index e5483333d40..8459ba2c126 100644 --- a/pkgs/desktops/gnome-3/core/eog/default.nix +++ b/pkgs/desktops/gnome-3/core/eog/default.nix @@ -1,6 +1,6 @@ { fetchurl, stdenv, meson, ninja, gettext, itstool, pkgconfig, libxml2, libjpeg, libpeas, gnome3 , gtk3, glib, gsettings-desktop-schemas, adwaita-icon-theme, gnome-desktop, lcms2, gdk_pixbuf, exempi -, shared-mime-info, wrapGAppsHook, librsvg, libexif, gobjectIntrospection }: +, shared-mime-info, wrapGAppsHook, librsvg, libexif, gobjectIntrospection, python3 }: let pname = "eog"; @@ -13,7 +13,7 @@ in stdenv.mkDerivation rec { sha256 = "1lj8v9m8jdxc3d4nzmgrxcccddg3hh8lkbmz4g71yxa0ykxxvbip"; }; - nativeBuildInputs = [ meson ninja pkgconfig gettext itstool wrapGAppsHook libxml2 gobjectIntrospection ]; + nativeBuildInputs = [ meson ninja pkgconfig gettext itstool wrapGAppsHook libxml2 gobjectIntrospection python3 ]; buildInputs = [ libjpeg gtk3 gdk_pixbuf glib libpeas librsvg lcms2 gnome-desktop libexif exempi From 3e3972a054a1fead7b61639d0bed886dfb2af5e4 Mon Sep 17 00:00:00 2001 From: Jan Tojnar Date: Mon, 3 Sep 2018 22:15:58 +0200 Subject: [PATCH 138/173] gnome3.gnome-todo: add python3 for install script Meson no longer propagates it so we need to re-add it. --- pkgs/desktops/gnome-3/apps/gnome-todo/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/desktops/gnome-3/apps/gnome-todo/default.nix b/pkgs/desktops/gnome-3/apps/gnome-todo/default.nix index 8e506b52270..3a9f33f46f0 100644 --- a/pkgs/desktops/gnome-3/apps/gnome-todo/default.nix +++ b/pkgs/desktops/gnome-3/apps/gnome-todo/default.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchurl, meson, ninja, pkgconfig, wrapGAppsHook +{ stdenv, fetchurl, meson, ninja, pkgconfig, python3, wrapGAppsHook , gettext, gnome3, glib, gtk, libpeas , gnome-online-accounts, gsettings-desktop-schemas , evolution-data-server, libxml2, libsoup, libical, rest, json-glib }: @@ -15,7 +15,7 @@ in stdenv.mkDerivation rec { }; nativeBuildInputs = [ - meson ninja pkgconfig gettext wrapGAppsHook + meson ninja pkgconfig gettext python3 wrapGAppsHook ]; buildInputs = [ glib gtk libpeas gnome-online-accounts From 3d899d0ddd99ec10ce6a84acff2070e9f502e978 Mon Sep 17 00:00:00 2001 From: Jan Tojnar Date: Mon, 3 Sep 2018 22:16:26 +0200 Subject: [PATCH 139/173] gnome3.gnome-disk-utility: add python3 for install script Meson no longer propagates it so we need to re-add it. --- pkgs/desktops/gnome-3/core/gnome-disk-utility/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/desktops/gnome-3/core/gnome-disk-utility/default.nix b/pkgs/desktops/gnome-3/core/gnome-disk-utility/default.nix index 2eb66b02627..a572e617766 100644 --- a/pkgs/desktops/gnome-3/core/gnome-disk-utility/default.nix +++ b/pkgs/desktops/gnome-3/core/gnome-disk-utility/default.nix @@ -1,5 +1,5 @@ { stdenv, gettext, fetchurl, pkgconfig, udisks2, libsecret, libdvdread -, meson, ninja, gtk, glib, wrapGAppsHook, libnotify +, meson, ninja, gtk, glib, wrapGAppsHook, python3, libnotify , itstool, gnome3, libxml2 , libcanberra-gtk3, libxslt, docbook_xsl, libpwquality }: @@ -18,7 +18,7 @@ stdenv.mkDerivation rec { nativeBuildInputs = [ meson ninja pkgconfig gettext itstool libxslt docbook_xsl - wrapGAppsHook libxml2 + wrapGAppsHook python3 libxml2 ]; buildInputs = [ gtk glib libsecret libpwquality libnotify libdvdread libcanberra-gtk3 From 1914e5124904c415d22833359179142ef35d7770 Mon Sep 17 00:00:00 2001 From: Jan Tojnar Date: Mon, 3 Sep 2018 22:20:43 +0200 Subject: [PATCH 140/173] gnome3.gnome-contacts: add python3 for install script Meson no longer propagates it so we need to re-add it. --- pkgs/desktops/gnome-3/core/gnome-contacts/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/desktops/gnome-3/core/gnome-contacts/default.nix b/pkgs/desktops/gnome-3/core/gnome-contacts/default.nix index 5799e613d5b..a9541d64b03 100644 --- a/pkgs/desktops/gnome-3/core/gnome-contacts/default.nix +++ b/pkgs/desktops/gnome-3/core/gnome-contacts/default.nix @@ -1,5 +1,5 @@ { stdenv, gettext, fetchurl, evolution-data-server -, pkgconfig, libxslt, docbook_xsl, docbook_xml_dtd_42, gtk3, glib, cheese +, pkgconfig, libxslt, docbook_xsl, docbook_xml_dtd_42, python3, gtk3, glib, cheese , libchamplain, clutter-gtk, geocode-glib, gnome-desktop, gnome-online-accounts , wrapGAppsHook, folks, libxml2, gnome3, telepathy-glib , vala, meson, ninja }: @@ -17,7 +17,7 @@ in stdenv.mkDerivation rec { propagatedUserEnvPkgs = [ evolution-data-server ]; nativeBuildInputs = [ - meson ninja pkgconfig vala gettext libxslt docbook_xsl docbook_xml_dtd_42 wrapGAppsHook + meson ninja pkgconfig vala gettext libxslt docbook_xsl docbook_xml_dtd_42 python3 wrapGAppsHook ]; buildInputs = [ From 88759d117d59deecce08657db5acc450e4d39bab Mon Sep 17 00:00:00 2001 From: Jan Tojnar Date: Mon, 3 Sep 2018 22:22:54 +0200 Subject: [PATCH 141/173] gnome3.gnome-chess: add python3 for install script Meson no longer propagates it so we need to re-add it. --- pkgs/desktops/gnome-3/games/gnome-chess/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/desktops/gnome-3/games/gnome-chess/default.nix b/pkgs/desktops/gnome-3/games/gnome-chess/default.nix index aebd72d65df..01e23384b8e 100644 --- a/pkgs/desktops/gnome-3/games/gnome-chess/default.nix +++ b/pkgs/desktops/gnome-3/games/gnome-chess/default.nix @@ -1,5 +1,5 @@ { stdenv, fetchurl, meson, ninja, vala, pkgconfig, wrapGAppsHook, gobjectIntrospection -, gettext, itstool, libxml2, gnome3, glib, gtk3, librsvg }: +, gettext, itstool, libxml2, python3, gnome3, glib, gtk3, librsvg }: stdenv.mkDerivation rec { name = "gnome-chess-${version}"; @@ -10,7 +10,7 @@ stdenv.mkDerivation rec { sha256 = "1q8gc0mq8k2b7pjy363g0yjd80czqknw6ssqzbvgqx5b8nkfvmv1"; }; - nativeBuildInputs = [ meson ninja vala pkgconfig gettext itstool libxml2 wrapGAppsHook gobjectIntrospection ]; + nativeBuildInputs = [ meson ninja vala pkgconfig gettext itstool libxml2 python3 wrapGAppsHook gobjectIntrospection ]; buildInputs = [ glib gtk3 librsvg gnome3.defaultIconTheme ]; postPatch = '' From b8a7e2a116d227e7971bf714f1dd1a8a94a4765a Mon Sep 17 00:00:00 2001 From: Jan Tojnar Date: Mon, 3 Sep 2018 22:23:44 +0200 Subject: [PATCH 142/173] gnome3.gnome-control-center: add python3 for install script Meson no longer propagates it so we need to re-add it. --- pkgs/desktops/gnome-3/core/gnome-control-center/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/desktops/gnome-3/core/gnome-control-center/default.nix b/pkgs/desktops/gnome-3/core/gnome-control-center/default.nix index 6d577761411..6a57e4cdff4 100644 --- a/pkgs/desktops/gnome-3/core/gnome-control-center/default.nix +++ b/pkgs/desktops/gnome-3/core/gnome-control-center/default.nix @@ -5,7 +5,7 @@ , cracklib, libkrb5, networkmanagerapplet, networkmanager, glibc , libwacom, samba, shared-mime-info, tzdata, libtool, libgnomekbd , docbook_xsl, modemmanager, clutter, clutter-gtk, cheese -, fontconfig, sound-theme-freedesktop, grilo }: +, fontconfig, sound-theme-freedesktop, grilo, python3 }: let pname = "gnome-control-center"; @@ -20,7 +20,7 @@ in stdenv.mkDerivation rec { nativeBuildInputs = [ meson ninja pkgconfig gettext wrapGAppsHook libtool libxslt docbook_xsl - shared-mime-info + shared-mime-info python3 ]; buildInputs = with gnome3; [ From 9ab012d0f17b7b67459c722d1d3c3eea5e10bdff Mon Sep 17 00:00:00 2001 From: Jan Tojnar Date: Mon, 3 Sep 2018 22:24:37 +0200 Subject: [PATCH 143/173] gnome3.swell-foop: add python3 for install script Meson no longer propagates it so we need to re-add it. --- pkgs/desktops/gnome-3/games/swell-foop/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/desktops/gnome-3/games/swell-foop/default.nix b/pkgs/desktops/gnome-3/games/swell-foop/default.nix index 13b6f57d0fd..b7dc6203b8a 100644 --- a/pkgs/desktops/gnome-3/games/swell-foop/default.nix +++ b/pkgs/desktops/gnome-3/games/swell-foop/default.nix @@ -1,5 +1,5 @@ { stdenv, fetchurl, meson, ninja, pkgconfig, vala, glib, gtk3, gnome3, desktop-file-utils -, clutter, clutter-gtk, gettext, itstool, libxml2, wrapGAppsHook }: +, clutter, clutter-gtk, gettext, itstool, libxml2, wrapGAppsHook, python3 }: let pname = "swell-foop"; @@ -19,7 +19,7 @@ in stdenv.mkDerivation rec { }; }; - nativeBuildInputs = [ meson ninja vala pkgconfig wrapGAppsHook itstool gettext libxml2 desktop-file-utils ]; + nativeBuildInputs = [ meson ninja vala pkgconfig wrapGAppsHook python3 itstool gettext libxml2 desktop-file-utils ]; buildInputs = [ glib gtk3 gnome3.defaultIconTheme clutter clutter-gtk ]; postPatch = '' From 18f3e118805310550a34d17a4df89791679f4f4b Mon Sep 17 00:00:00 2001 From: Jan Tojnar Date: Mon, 3 Sep 2018 22:26:09 +0200 Subject: [PATCH 144/173] gnome3.atomix: add python3 for install script Meson no longer propagates it so we need to re-add it. --- pkgs/desktops/gnome-3/games/atomix/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/desktops/gnome-3/games/atomix/default.nix b/pkgs/desktops/gnome-3/games/atomix/default.nix index 8ea4b82ca03..f7a18f4c5c3 100644 --- a/pkgs/desktops/gnome-3/games/atomix/default.nix +++ b/pkgs/desktops/gnome-3/games/atomix/default.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchurl, meson, ninja, pkgconfig, wrapGAppsHook +{ stdenv, fetchurl, meson, ninja, pkgconfig, wrapGAppsHook, python3 , gettext, gnome3, glib, gtk3, libgnome-games-support, gdk_pixbuf }: let @@ -12,7 +12,7 @@ in stdenv.mkDerivation rec { sha256 = "1k8bvwywpvw5f13pw40brk6c3rz2mdz9cd4zhcawg7qdm77dvcvb"; }; - nativeBuildInputs = [ meson ninja pkgconfig gettext wrapGAppsHook ]; + nativeBuildInputs = [ meson ninja pkgconfig gettext wrapGAppsHook python3 ]; buildInputs = [ glib gtk3 gdk_pixbuf libgnome-games-support gnome3.defaultIconTheme ]; postPatch = '' From 19225529c91f9a7d74628e59483250c63256ceff Mon Sep 17 00:00:00 2001 From: Jan Tojnar Date: Mon, 3 Sep 2018 22:38:13 +0200 Subject: [PATCH 145/173] gnome-mpv: add python3 for install script Meson no longer propagates it so we need to re-add it. --- pkgs/applications/video/gnome-mpv/default.nix | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/pkgs/applications/video/gnome-mpv/default.nix b/pkgs/applications/video/gnome-mpv/default.nix index 1bb77ffc4a8..75a299d46c7 100644 --- a/pkgs/applications/video/gnome-mpv/default.nix +++ b/pkgs/applications/video/gnome-mpv/default.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchFromGitHub, meson, ninja +{ stdenv, fetchFromGitHub, meson, ninja, python3 , gettext, pkgconfig, desktop-file-utils, wrapGAppsHook , appstream-glib, epoxy, glib, gtk3, mpv }: @@ -15,13 +15,14 @@ stdenv.mkDerivation rec { sha256 = "1cjhw3kz163iwj2japhnv354i1lr112xyyfkxw82cwy2554cfim4"; }; - nativeBuildInputs = [ meson ninja appstream-glib gettext pkgconfig desktop-file-utils wrapGAppsHook ]; + nativeBuildInputs = [ meson ninja python3 appstream-glib gettext pkgconfig desktop-file-utils wrapGAppsHook ]; buildInputs = [ epoxy glib gtk3 mpv ]; enableParallelBuilding = true; postPatch = '' - patchShebangs . + patchShebangs meson_post_install.py + patchShebangs src/generate_authors.py sed -i '/gtk-update-icon-cache/s/^/#/' meson_post_install.py ''; From 3a8b13ef8fd7846d12ae8e090d106ae95ff6a279 Mon Sep 17 00:00:00 2001 From: Jan Tojnar Date: Mon, 3 Sep 2018 23:13:02 +0200 Subject: [PATCH 146/173] lollypop: add python3 for install script Meson no longer propagates it so we need to re-add it. --- pkgs/applications/audio/lollypop/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/pkgs/applications/audio/lollypop/default.nix b/pkgs/applications/audio/lollypop/default.nix index ffaa9457527..2256fa1893d 100644 --- a/pkgs/applications/audio/lollypop/default.nix +++ b/pkgs/applications/audio/lollypop/default.nix @@ -19,6 +19,7 @@ stdenv.mkDerivation rec { gobjectIntrospection meson ninja + python36Packages.python pkgconfig wrapGAppsHook wrapPython From 6c701f6578cd6e1e06ec0d4490daa26c4356acbe Mon Sep 17 00:00:00 2001 From: Jan Tojnar Date: Mon, 3 Sep 2018 23:17:52 +0200 Subject: [PATCH 147/173] pulseeffects: add python3 for install script Meson no longer propagates it so we need to re-add it. --- pkgs/applications/audio/pulseeffects/default.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/pkgs/applications/audio/pulseeffects/default.nix b/pkgs/applications/audio/pulseeffects/default.nix index 0949611224d..46d4f971420 100644 --- a/pkgs/applications/audio/pulseeffects/default.nix +++ b/pkgs/applications/audio/pulseeffects/default.nix @@ -4,6 +4,7 @@ , ninja , pkgconfig , itstool +, python3 , libxml2 , desktop-file-utils , wrapGAppsHook @@ -58,6 +59,7 @@ in stdenv.mkDerivation rec { pkgconfig libxml2 itstool + python3 desktop-file-utils wrapGAppsHook ]; From 123556ed5f3a11d8a477cec81303d7f39416674b Mon Sep 17 00:00:00 2001 From: Jan Tojnar Date: Mon, 3 Sep 2018 23:18:20 +0200 Subject: [PATCH 148/173] corebird: add python3 for install script Meson no longer propagates it so we need to re-add it. --- pkgs/applications/networking/corebird/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/applications/networking/corebird/default.nix b/pkgs/applications/networking/corebird/default.nix index 56947d6650e..5dd4cbb52c2 100644 --- a/pkgs/applications/networking/corebird/default.nix +++ b/pkgs/applications/networking/corebird/default.nix @@ -1,6 +1,6 @@ { stdenv, fetchFromGitHub, glib, gtk3, json-glib, sqlite, libsoup, gettext, vala_0_40 , meson, ninja, pkgconfig, gnome3, gst_all_1, wrapGAppsHook, gobjectIntrospection -, glib-networking }: +, glib-networking, python3 }: stdenv.mkDerivation rec { version = "1.7.4"; @@ -14,7 +14,7 @@ stdenv.mkDerivation rec { }; nativeBuildInputs = [ - meson ninja vala_0_40 pkgconfig wrapGAppsHook + meson ninja vala_0_40 pkgconfig wrapGAppsHook python3 gobjectIntrospection # for setup hook ]; From 9efc9b5d9154e05767485dc4707e360bf0633eee Mon Sep 17 00:00:00 2001 From: Jan Tojnar Date: Mon, 3 Sep 2018 23:24:09 +0200 Subject: [PATCH 149/173] networkmanagerapplet: add python3 for install script Meson no longer propagates it so we need to re-add it. --- pkgs/tools/networking/network-manager/applet.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/tools/networking/network-manager/applet.nix b/pkgs/tools/networking/network-manager/applet.nix index d516a2b5ee8..4725b0a7d72 100644 --- a/pkgs/tools/networking/network-manager/applet.nix +++ b/pkgs/tools/networking/network-manager/applet.nix @@ -1,7 +1,7 @@ { stdenv, fetchurl, meson, ninja, intltool, gtk-doc, pkgconfig, networkmanager, gnome3 , libnotify, libsecret, polkit, isocodes, modemmanager, libxml2, docbook_xsl, docbook_xml_dtd_43 , mobile-broadband-provider-info, glib-networking, gsettings-desktop-schemas -, libgudev, jansson, wrapGAppsHook, gobjectIntrospection +, libgudev, jansson, wrapGAppsHook, gobjectIntrospection, python3 , libappindicator-gtk3, withGnome ? false }: let @@ -31,7 +31,7 @@ in stdenv.mkDerivation rec { libappindicator-gtk3 ] ++ stdenv.lib.optionals withGnome [ gnome3.gcr ]; # advanced certificate chooser - nativeBuildInputs = [ meson ninja intltool pkgconfig wrapGAppsHook gobjectIntrospection gtk-doc docbook_xsl docbook_xml_dtd_43 libxml2 ]; + nativeBuildInputs = [ meson ninja intltool pkgconfig wrapGAppsHook gobjectIntrospection python3 gtk-doc docbook_xsl docbook_xml_dtd_43 libxml2 ]; postPatch = '' chmod +x meson_post_install.py # patchShebangs requires executable file From b1da4f7856f6c5d812b8b349c14c02d92e6d988b Mon Sep 17 00:00:00 2001 From: Jan Tojnar Date: Mon, 3 Sep 2018 23:47:04 +0200 Subject: [PATCH 150/173] moka-icon-theme: add python3 for install script Meson no longer propagates it so we need to re-add it. --- pkgs/data/icons/moka-icon-theme/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/data/icons/moka-icon-theme/default.nix b/pkgs/data/icons/moka-icon-theme/default.nix index 2b4bb5d67c3..17892679a7e 100644 --- a/pkgs/data/icons/moka-icon-theme/default.nix +++ b/pkgs/data/icons/moka-icon-theme/default.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchFromGitHub, meson, ninja, gtk3, faba-icon-theme }: +{ stdenv, fetchFromGitHub, meson, ninja, gtk3, python3, faba-icon-theme }: stdenv.mkDerivation rec { name = "${pname}-${version}"; @@ -12,7 +12,7 @@ stdenv.mkDerivation rec { sha256 = "015l02im4mha5z91dbchxf6xkp66d346bg3xskwg0rh3lglhjsrd"; }; - nativeBuildInputs = [ meson ninja gtk3 faba-icon-theme ]; + nativeBuildInputs = [ meson ninja gtk3 python3 faba-icon-theme ]; postPatch = '' patchShebangs meson/post_install.py From 1189b3275f4e120106acd239a37d2cd647d6769f Mon Sep 17 00:00:00 2001 From: Jan Tojnar Date: Mon, 3 Sep 2018 23:47:28 +0200 Subject: [PATCH 151/173] paper-icon-theme: add python3 for install script Meson no longer propagates it so we need to re-add it. --- pkgs/data/icons/paper-icon-theme/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/data/icons/paper-icon-theme/default.nix b/pkgs/data/icons/paper-icon-theme/default.nix index 34c949519ba..b16c9b07682 100644 --- a/pkgs/data/icons/paper-icon-theme/default.nix +++ b/pkgs/data/icons/paper-icon-theme/default.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchFromGitHub, meson, ninja, gtk3 }: +{ stdenv, fetchFromGitHub, meson, ninja, gtk3, python3 }: stdenv.mkDerivation rec { name = "${pname}-${version}"; @@ -12,7 +12,7 @@ stdenv.mkDerivation rec { sha256 = "0x45zkjnmbz904df63ph06npbm3phpgck4xwyymx8r8jgrfplk6v"; }; - nativeBuildInputs = [ meson ninja gtk3 ]; + nativeBuildInputs = [ meson ninja gtk3 python3 ]; postPatch = '' patchShebangs meson/post_install.py From bf98e44d2315be2c7758c12c5ecd380d52c43e63 Mon Sep 17 00:00:00 2001 From: Jan Tojnar Date: Mon, 3 Sep 2018 23:50:27 +0200 Subject: [PATCH 152/173] faba-icon-theme: add python3 for install script Meson no longer propagates it so we need to re-add it. --- pkgs/data/icons/faba-icon-theme/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/data/icons/faba-icon-theme/default.nix b/pkgs/data/icons/faba-icon-theme/default.nix index e9d9efcfcb0..07d2b5ecf02 100644 --- a/pkgs/data/icons/faba-icon-theme/default.nix +++ b/pkgs/data/icons/faba-icon-theme/default.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchFromGitHub, meson, ninja, gtk3, elementary-icon-theme }: +{ stdenv, fetchFromGitHub, meson, ninja, python3, gtk3, elementary-icon-theme }: stdenv.mkDerivation rec { name = "${package-name}-${version}"; @@ -12,7 +12,7 @@ stdenv.mkDerivation rec { sha256 = "0xh6ppr73p76z60ym49b4d0liwdc96w41cc5p07d48hxjsa6qd6n"; }; - nativeBuildInputs = [ meson ninja gtk3 elementary-icon-theme ]; + nativeBuildInputs = [ meson ninja python3 gtk3 elementary-icon-theme ]; postPatch = '' patchShebangs meson/post_install.py From 577d1370f10a8c28fcc3c92e0917c6062eea673e Mon Sep 17 00:00:00 2001 From: Jan Tojnar Date: Mon, 3 Sep 2018 23:54:26 +0200 Subject: [PATCH 153/173] transporter: add python3 for install script Meson no longer propagates it so we need to re-add it. --- pkgs/applications/networking/transporter/default.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/pkgs/applications/networking/transporter/default.nix b/pkgs/applications/networking/transporter/default.nix index d084461a9b2..55abd22b605 100644 --- a/pkgs/applications/networking/transporter/default.nix +++ b/pkgs/applications/networking/transporter/default.nix @@ -5,6 +5,7 @@ , pkgconfig , granite , vala_0_40 +, python3 , gnome3 , libxml2 , gettext @@ -37,6 +38,7 @@ in stdenv.mkDerivation rec { ninja pkgconfig vala_0_40 + python3 wrapGAppsHook ]; From 58a372625294c00c0a87a541d19daf5b4372509b Mon Sep 17 00:00:00 2001 From: Jan Tojnar Date: Mon, 3 Sep 2018 23:55:43 +0200 Subject: [PATCH 154/173] gnome-builder: add python3 for install script Meson no longer propagates it so we need to re-add it. --- pkgs/applications/editors/gnome-builder/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/pkgs/applications/editors/gnome-builder/default.nix b/pkgs/applications/editors/gnome-builder/default.nix index db2d07db31e..6fcf9d7d3a9 100644 --- a/pkgs/applications/editors/gnome-builder/default.nix +++ b/pkgs/applications/editors/gnome-builder/default.nix @@ -52,6 +52,7 @@ in stdenv.mkDerivation { meson ninja pkgconfig + python3 python3.pkgs.wrapPython wrapGAppsHook ]; From ef01ca3adeddfbe60fcae0e4640913d5a4e951f1 Mon Sep 17 00:00:00 2001 From: Jan Tojnar Date: Mon, 3 Sep 2018 23:56:34 +0200 Subject: [PATCH 155/173] tootle: add python3 for install script Meson no longer propagates it so we need to re-add it. --- pkgs/applications/misc/tootle/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/applications/misc/tootle/default.nix b/pkgs/applications/misc/tootle/default.nix index b2aab54c104..d15b8111fb0 100644 --- a/pkgs/applications/misc/tootle/default.nix +++ b/pkgs/applications/misc/tootle/default.nix @@ -1,5 +1,5 @@ { stdenv, fetchFromGitHub -, meson, ninja, pkgconfig +, meson, ninja, pkgconfig, python3 , gnome3, vala, gobjectIntrospection, wrapGAppsHook , gtk3, granite , json-glib, glib, glib-networking @@ -18,7 +18,7 @@ in stdenv.mkDerivation rec { sha256 = "022h1rh1jk3m1f9al0s1rylmnqnkydyc81idfc8jf1g0frnvn5i6"; }; - nativeBuildInputs = [ meson ninja pkgconfig vala gobjectIntrospection wrapGAppsHook ]; + nativeBuildInputs = [ meson ninja pkgconfig python3 vala gobjectIntrospection wrapGAppsHook ]; buildInputs = [ gtk3 granite json-glib glib glib-networking gnome3.libgee gnome3.libsoup gnome3.gsettings-desktop-schemas From 726e7499610e452d9e2d8b24e3c0453cedcd792e Mon Sep 17 00:00:00 2001 From: Jan Tojnar Date: Mon, 3 Sep 2018 23:57:10 +0200 Subject: [PATCH 156/173] sequeler: add python3 for install script Meson no longer propagates it so we need to re-add it. --- pkgs/applications/misc/sequeler/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/applications/misc/sequeler/default.nix b/pkgs/applications/misc/sequeler/default.nix index 35242822d4a..cc676bb28e2 100644 --- a/pkgs/applications/misc/sequeler/default.nix +++ b/pkgs/applications/misc/sequeler/default.nix @@ -1,5 +1,5 @@ { stdenv, fetchFromGitHub -, meson, ninja, pkgconfig, vala, gobjectIntrospection, gettext, wrapGAppsHook, desktop-file-utils +, meson, ninja, pkgconfig, vala, gobjectIntrospection, gettext, wrapGAppsHook, python3, desktop-file-utils , gtk3, glib, granite, libgee, libgda, gtksourceview, libxml2, libsecret }: @@ -20,7 +20,7 @@ in stdenv.mkDerivation rec { sha256 = "04x3fg665201g3zy66sicfna4vac4n1pmrahbra90gvfzaia1cai"; }; - nativeBuildInputs = [ meson ninja pkgconfig vala gobjectIntrospection gettext wrapGAppsHook desktop-file-utils ]; + nativeBuildInputs = [ meson ninja pkgconfig vala gobjectIntrospection gettext wrapGAppsHook python3 desktop-file-utils ]; buildInputs = [ gtk3 glib granite libgee sqlGda gtksourceview libxml2 libsecret ]; From 50b6311f69293f464cd5426da2b390e62dce1498 Mon Sep 17 00:00:00 2001 From: Jan Tojnar Date: Mon, 3 Sep 2018 23:59:42 +0200 Subject: [PATCH 157/173] pitivi: add python3 for install script Meson no longer propagates it so we need to re-add it. --- pkgs/applications/video/pitivi/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/applications/video/pitivi/default.nix b/pkgs/applications/video/pitivi/default.nix index cea85f553b5..adb5d237f54 100644 --- a/pkgs/applications/video/pitivi/default.nix +++ b/pkgs/applications/video/pitivi/default.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchurl, pkgconfig, intltool, itstool, wrapGAppsHook +{ stdenv, fetchurl, pkgconfig, intltool, itstool, python3, wrapGAppsHook , python3Packages, gst, gtk3 , gobjectIntrospection, librsvg, gnome3, libnotify , meson, ninja @@ -43,7 +43,7 @@ in python3Packages.buildPythonApplication rec { patchShebangs ./getenvvar.py ''; - nativeBuildInputs = [ meson ninja pkgconfig intltool itstool wrapGAppsHook ]; + nativeBuildInputs = [ meson ninja pkgconfig intltool itstool python3 wrapGAppsHook ]; buildInputs = [ gobjectIntrospection gtk3 librsvg gnome3.gnome-desktop gnome3.gsound From 2431f9101cc764fc44f4ee5e53a96f1e807e8022 Mon Sep 17 00:00:00 2001 From: Jan Tojnar Date: Tue, 4 Sep 2018 00:00:39 +0200 Subject: [PATCH 158/173] gnome3.gnome-mines: add python3 for install script Meson no longer propagates it so we need to re-add it. --- pkgs/desktops/gnome-3/games/gnome-mines/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/desktops/gnome-3/games/gnome-mines/default.nix b/pkgs/desktops/gnome-3/games/gnome-mines/default.nix index 33672054a37..297e1a9ed7b 100644 --- a/pkgs/desktops/gnome-3/games/gnome-mines/default.nix +++ b/pkgs/desktops/gnome-3/games/gnome-mines/default.nix @@ -1,5 +1,5 @@ { stdenv, fetchurl, meson, ninja, vala, gobjectIntrospection, pkgconfig, gnome3, gtk3, wrapGAppsHook -, librsvg, gettext, itstool, libxml2, libgnome-games-support, libgee }: +, librsvg, gettext, itstool, python3, libxml2, libgnome-games-support, libgee }: stdenv.mkDerivation rec { name = "gnome-mines-${version}"; @@ -11,7 +11,7 @@ stdenv.mkDerivation rec { }; # gobjectIntrospection for finding vapi files - nativeBuildInputs = [ meson ninja vala gobjectIntrospection pkgconfig gettext itstool libxml2 wrapGAppsHook ]; + nativeBuildInputs = [ meson ninja vala gobjectIntrospection pkgconfig gettext itstool python3 libxml2 wrapGAppsHook ]; buildInputs = [ gtk3 librsvg gnome3.defaultIconTheme libgnome-games-support libgee ]; postPatch = '' From b39e9834cb2c551cec6a0291ddd16ed1d213f28c Mon Sep 17 00:00:00 2001 From: Jan Tojnar Date: Tue, 4 Sep 2018 00:01:35 +0200 Subject: [PATCH 159/173] gnome3.gnome-screenshot: add python3 for install script Meson no longer propagates it so we need to re-add it. --- pkgs/desktops/gnome-3/core/gnome-screenshot/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/desktops/gnome-3/core/gnome-screenshot/default.nix b/pkgs/desktops/gnome-3/core/gnome-screenshot/default.nix index f5b33c88f57..c92280ed566 100644 --- a/pkgs/desktops/gnome-3/core/gnome-screenshot/default.nix +++ b/pkgs/desktops/gnome-3/core/gnome-screenshot/default.nix @@ -1,5 +1,5 @@ { stdenv, gettext, libxml2, fetchurl, pkgconfig, libcanberra-gtk3 -, gtk3, glib, meson, ninja, wrapGAppsHook, appstream-glib, desktop-file-utils +, gtk3, glib, meson, ninja, python3, wrapGAppsHook, appstream-glib, desktop-file-utils , gnome3 }: let @@ -20,7 +20,7 @@ in stdenv.mkDerivation rec { patchShebangs build-aux/postinstall.py ''; - nativeBuildInputs = [ meson ninja pkgconfig gettext appstream-glib libxml2 desktop-file-utils wrapGAppsHook ]; + nativeBuildInputs = [ meson ninja pkgconfig gettext appstream-glib libxml2 desktop-file-utils python3 wrapGAppsHook ]; buildInputs = [ gtk3 glib libcanberra-gtk3 gnome3.defaultIconTheme gnome3.gsettings-desktop-schemas From cc4c51df934f5c074081d8c0a953394e61b17fbd Mon Sep 17 00:00:00 2001 From: Jan Tojnar Date: Tue, 4 Sep 2018 00:02:40 +0200 Subject: [PATCH 160/173] gnome3.epiphany: add python3 for install script Meson no longer propagates it so we need to re-add it. --- pkgs/desktops/gnome-3/core/epiphany/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/desktops/gnome-3/core/epiphany/default.nix b/pkgs/desktops/gnome-3/core/epiphany/default.nix index 9613606f777..01232b0f997 100644 --- a/pkgs/desktops/gnome-3/core/epiphany/default.nix +++ b/pkgs/desktops/gnome-3/core/epiphany/default.nix @@ -1,7 +1,7 @@ { stdenv, meson, ninja, gettext, fetchurl, pkgconfig, gtk, glib, icu , wrapGAppsHook, gnome3, libxml2, libxslt, itstool , webkitgtk, libsoup, glib-networking, libsecret, gnome-desktop, libnotify, p11-kit -, sqlite, gcr, isocodes, desktop-file-utils +, sqlite, gcr, isocodes, desktop-file-utils, python3 , gdk_pixbuf, gst_all_1, json-glib }: stdenv.mkDerivation rec { @@ -17,7 +17,7 @@ stdenv.mkDerivation rec { mesonFlags = [ "-Dunit_tests=false" ]; nativeBuildInputs = [ - meson ninja libxslt pkgconfig itstool gettext wrapGAppsHook desktop-file-utils + meson ninja libxslt pkgconfig itstool gettext wrapGAppsHook desktop-file-utils python3 ]; buildInputs = [ From 1d1af9cc4d5335a91fbdfe199a7175a7c0ba6b9c Mon Sep 17 00:00:00 2001 From: Jan Tojnar Date: Tue, 4 Sep 2018 00:04:46 +0200 Subject: [PATCH 161/173] gnome3.nautilus: add python3 for install script Meson no longer propagates it so we need to re-add it. --- pkgs/desktops/gnome-3/core/nautilus/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/desktops/gnome-3/core/nautilus/default.nix b/pkgs/desktops/gnome-3/core/nautilus/default.nix index 5beabd08fa3..33beb8a87d3 100644 --- a/pkgs/desktops/gnome-3/core/nautilus/default.nix +++ b/pkgs/desktops/gnome-3/core/nautilus/default.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchurl, meson, ninja, pkgconfig, gettext, libxml2, desktop-file-utils, wrapGAppsHook +{ stdenv, fetchurl, meson, ninja, pkgconfig, gettext, libxml2, desktop-file-utils, python3, wrapGAppsHook , gtk, gnome3, gnome-autoar, dbus-glib, shared-mime-info, libnotify, libexif , exempi, librsvg, tracker, tracker-miners, gnome-desktop, gexiv2, libselinux, gdk_pixbuf }: @@ -13,7 +13,7 @@ in stdenv.mkDerivation rec { sha256 = "19dhpa2ylrg8d5274lahy7xqr2p9z3jnq1h4qmsh95czkpy7is4w"; }; - nativeBuildInputs = [ meson ninja pkgconfig libxml2 gettext wrapGAppsHook desktop-file-utils ]; + nativeBuildInputs = [ meson ninja pkgconfig libxml2 gettext python3 wrapGAppsHook desktop-file-utils ]; buildInputs = [ dbus-glib shared-mime-info libexif gtk exempi libnotify libselinux From 4b50a184f3fd1669059c0e77299c1dfa08ff2087 Mon Sep 17 00:00:00 2001 From: Jan Tojnar Date: Tue, 4 Sep 2018 00:06:28 +0200 Subject: [PATCH 162/173] gnome3.simple-scan: add python3 for install script Meson no longer propagates it so we need to re-add it. --- pkgs/desktops/gnome-3/core/simple-scan/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/desktops/gnome-3/core/simple-scan/default.nix b/pkgs/desktops/gnome-3/core/simple-scan/default.nix index e4458b7d0a3..8596a059ca5 100644 --- a/pkgs/desktops/gnome-3/core/simple-scan/default.nix +++ b/pkgs/desktops/gnome-3/core/simple-scan/default.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchurl, meson, ninja, pkgconfig, gettext, itstool, wrapGAppsHook +{ stdenv, fetchurl, meson, ninja, pkgconfig, gettext, itstool, python3, wrapGAppsHook , cairo, gdk_pixbuf, colord, glib, gtk, gusb, packagekit, libwebp , libxml2, sane-backends, vala, gnome3, gobjectIntrospection }: @@ -18,7 +18,7 @@ stdenv.mkDerivation rec { buildInputs = [ cairo gdk_pixbuf colord glib gnome3.defaultIconTheme gusb gtk libwebp packagekit sane-backends vala ]; nativeBuildInputs = [ - meson ninja gettext itstool pkgconfig wrapGAppsHook libxml2 + meson ninja gettext itstool pkgconfig python3 wrapGAppsHook libxml2 # For setup hook gobjectIntrospection ]; From b3e4a1a64c8d64e0a448e01860d9c0ec54d20e15 Mon Sep 17 00:00:00 2001 From: Jan Tojnar Date: Tue, 4 Sep 2018 00:08:26 +0200 Subject: [PATCH 163/173] gnome3.gnome-tweaks: add python3 for install script Meson no longer propagates it so we need to re-add it. --- pkgs/desktops/gnome-3/misc/gnome-tweaks/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/desktops/gnome-3/misc/gnome-tweaks/default.nix b/pkgs/desktops/gnome-3/misc/gnome-tweaks/default.nix index 41206b71d42..0ff21a6b0dd 100644 --- a/pkgs/desktops/gnome-3/misc/gnome-tweaks/default.nix +++ b/pkgs/desktops/gnome-3/misc/gnome-tweaks/default.nix @@ -15,7 +15,7 @@ in stdenv.mkDerivation rec { }; nativeBuildInputs = [ - meson ninja pkgconfig gettext itstool libxml2 wrapGAppsHook + meson ninja pkgconfig gettext itstool libxml2 wrapGAppsHook python3Packages.python ]; buildInputs = [ gtk3 glib gnome3.gsettings-desktop-schemas From 5f33edda40c897442c4769b4ea35ed3ebd4c82b3 Mon Sep 17 00:00:00 2001 From: Jan Tojnar Date: Tue, 4 Sep 2018 00:11:58 +0200 Subject: [PATCH 164/173] gnome3.gnome-boxes: add python3 for install script Meson no longer propagates it so we need to re-add it. --- pkgs/desktops/gnome-3/apps/gnome-boxes/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/desktops/gnome-3/apps/gnome-boxes/default.nix b/pkgs/desktops/gnome-3/apps/gnome-boxes/default.nix index aee315124f8..b6679ccc269 100644 --- a/pkgs/desktops/gnome-3/apps/gnome-boxes/default.nix +++ b/pkgs/desktops/gnome-3/apps/gnome-boxes/default.nix @@ -1,5 +1,5 @@ { stdenv, fetchurl, meson, ninja, wrapGAppsHook, pkgconfig, gettext, itstool, libvirt-glib -, glib, gobjectIntrospection, libxml2, gtk3, gtk-vnc, libvirt, spice-gtk +, glib, gobjectIntrospection, libxml2, gtk3, gtk-vnc, libvirt, spice-gtk, python3 , spice-protocol, libsoup, libosinfo, systemd, tracker, tracker-miners, vala , libcap, yajl, gmp, gdbm, cyrus_sasl, gnome3, librsvg, desktop-file-utils , mtools, cdrkit, libcdio, libusb, libarchive, acl, libgudev, qemu, libsecret @@ -21,7 +21,7 @@ in stdenv.mkDerivation rec { doCheck = true; nativeBuildInputs = [ - meson ninja vala pkgconfig gettext itstool wrapGAppsHook gobjectIntrospection desktop-file-utils + meson ninja vala pkgconfig gettext itstool wrapGAppsHook gobjectIntrospection desktop-file-utils python3 ]; # Required for USB redirection PolicyKit rules file From 2e1acfce13834947edcb97e277e9591ef18bf715 Mon Sep 17 00:00:00 2001 From: Jan Tojnar Date: Tue, 4 Sep 2018 00:12:46 +0200 Subject: [PATCH 165/173] casync: add python3 for install script Meson no longer propagates it so we need to re-add it. --- pkgs/applications/networking/sync/casync/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/applications/networking/sync/casync/default.nix b/pkgs/applications/networking/sync/casync/default.nix index bea6a0780ed..8d9b941e26e 100644 --- a/pkgs/applications/networking/sync/casync/default.nix +++ b/pkgs/applications/networking/sync/casync/default.nix @@ -1,5 +1,5 @@ { stdenv, fetchFromGitHub -, meson, ninja, pkgconfig, sphinx +, meson, ninja, pkgconfig, python3, sphinx , acl, curl, fuse, libselinux, udev, xz, zstd , fuseSupport ? true , selinuxSupport ? true @@ -22,7 +22,7 @@ stdenv.mkDerivation rec { ++ stdenv.lib.optionals (fuseSupport) [ fuse ] ++ stdenv.lib.optionals (selinuxSupport) [ libselinux ] ++ stdenv.lib.optionals (udevSupport) [ udev ]; - nativeBuildInputs = [ meson ninja pkgconfig sphinx ]; + nativeBuildInputs = [ meson ninja pkgconfig python3 sphinx ]; checkInputs = [ glibcLocales rsync ]; postPatch = '' From d7c0d9a7f83b7f80e08888c040ea8a2ab7ca5f71 Mon Sep 17 00:00:00 2001 From: Jan Tojnar Date: Tue, 4 Sep 2018 00:13:41 +0200 Subject: [PATCH 166/173] gnome3.file-roller: add python3 for install script Meson no longer propagates it so we need to re-add it. --- pkgs/desktops/gnome-3/apps/file-roller/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/desktops/gnome-3/apps/file-roller/default.nix b/pkgs/desktops/gnome-3/apps/file-roller/default.nix index 42f0ddc6e4b..bd97393b7b6 100644 --- a/pkgs/desktops/gnome-3/apps/file-roller/default.nix +++ b/pkgs/desktops/gnome-3/apps/file-roller/default.nix @@ -1,5 +1,5 @@ { stdenv, fetchurl, glib, gtk, meson, ninja, pkgconfig, gnome3, gettext, itstool, libxml2, libarchive -, file, json-glib, wrapGAppsHook, desktop-file-utils, libnotify, nautilus, glibcLocales }: +, file, json-glib, python3, wrapGAppsHook, desktop-file-utils, libnotify, nautilus, glibcLocales }: stdenv.mkDerivation rec { name = "file-roller-${version}"; @@ -12,7 +12,7 @@ stdenv.mkDerivation rec { LANG = "en_US.UTF-8"; # postinstall.py - nativeBuildInputs = [ meson ninja gettext itstool pkgconfig libxml2 wrapGAppsHook glibcLocales desktop-file-utils ]; + nativeBuildInputs = [ meson ninja gettext itstool pkgconfig libxml2 python3 wrapGAppsHook glibcLocales desktop-file-utils ]; buildInputs = [ glib gtk json-glib libarchive file gnome3.defaultIconTheme libnotify nautilus ]; From ff8d974ec0350956601d0d0b1e15b65f900ab803 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Romildo=20Malaquias?= Date: Mon, 3 Sep 2018 22:45:51 -0300 Subject: [PATCH 167/173] deepin-menu: init at 3.3.10 --- pkgs/desktops/deepin/deepin-menu/default.nix | 40 ++++++++++++++++++++ pkgs/desktops/deepin/default.nix | 1 + 2 files changed, 41 insertions(+) create mode 100644 pkgs/desktops/deepin/deepin-menu/default.nix diff --git a/pkgs/desktops/deepin/deepin-menu/default.nix b/pkgs/desktops/deepin/deepin-menu/default.nix new file mode 100644 index 00000000000..df0dcc37907 --- /dev/null +++ b/pkgs/desktops/deepin/deepin-menu/default.nix @@ -0,0 +1,40 @@ +{ stdenv, fetchFromGitHub, pkgconfig, qmake, dtkcore, dtkwidget, + qt5integration }: + +stdenv.mkDerivation rec { + name = "${pname}-${version}"; + pname = "deepin-menu"; + version = "3.3.10"; + + src = fetchFromGitHub { + owner = "linuxdeepin"; + repo = pname; + rev = version; + sha256 = "1666821c2irs2hjgr3kvivij6c2fgjva8323kplrz75w2lz518xb"; + }; + + nativeBuildInputs = [ + pkgconfig + qmake + ]; + + buildInputs = [ + dtkcore + dtkwidget + qt5integration + ]; + + postPatch = '' + sed -i deepin-menu.pro -e "s,/usr,$out," + ''; + + enableParallelBuilding = true; + + meta = with stdenv.lib; { + description = "Deepin menu service"; + homepage = https://github.com/linuxdeepin/deepin-menu; + license = licenses.gpl3; + platforms = platforms.linux; + maintainers = with maintainers; [ romildo ]; + }; +} diff --git a/pkgs/desktops/deepin/default.nix b/pkgs/desktops/deepin/default.nix index b315df1f39e..15e108a651a 100644 --- a/pkgs/desktops/deepin/default.nix +++ b/pkgs/desktops/deepin/default.nix @@ -7,6 +7,7 @@ let deepin-gettext-tools = callPackage ./deepin-gettext-tools { }; deepin-gtk-theme = callPackage ./deepin-gtk-theme { }; deepin-icon-theme = callPackage ./deepin-icon-theme { }; + deepin-menu = callPackage ./deepin-menu { }; deepin-terminal = callPackage ./deepin-terminal { inherit (pkgs.gnome3) libgee vte; wnck = pkgs.libwnck3; From 3451488235170f5c5fa35abd94d7aebdc5714fb2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Romildo=20Malaquias?= Date: Mon, 3 Sep 2018 23:06:56 -0300 Subject: [PATCH 168/173] deepin-terminal: add dependency on deepin-menu --- pkgs/desktops/deepin/deepin-terminal/default.nix | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/pkgs/desktops/deepin/deepin-terminal/default.nix b/pkgs/desktops/deepin/deepin-terminal/default.nix index 7ace219dbf5..2ce7885807a 100644 --- a/pkgs/desktops/deepin/deepin-terminal/default.nix +++ b/pkgs/desktops/deepin/deepin-terminal/default.nix @@ -1,4 +1,6 @@ -{ stdenv, fetchurl, fetchFromGitHub, pkgconfig, gtk3, vala, cmake, ninja, vte, libgee, wnck, zssh, gettext, librsvg, libsecret, json-glib, gobjectIntrospection }: +{ stdenv, fetchurl, fetchFromGitHub, pkgconfig, gtk3, vala, cmake, + ninja, vte, libgee, wnck, zssh, gettext, librsvg, libsecret, + json-glib, gobjectIntrospection, deepin-menu }: stdenv.mkDerivation rec { name = "deepin-terminal-${version}"; @@ -30,7 +32,7 @@ stdenv.mkDerivation rec { gobjectIntrospection ]; - buildInputs = [ gtk3 vte libgee wnck librsvg libsecret json-glib ]; + buildInputs = [ gtk3 vte libgee wnck librsvg libsecret json-glib deepin-menu ]; meta = with stdenv.lib; { description = "The default terminal emulation for Deepin"; @@ -41,7 +43,7 @@ stdenv.mkDerivation rec { ''; homepage = https://github.com/linuxdeepin/deepin-terminal; license = licenses.gpl3; - maintainers = with maintainers; [ ]; platforms = platforms.linux; + maintainers = [ maintainers.romildo ]; }; } From 06cd7c15a3f2d990316b8c685226d8155f0304cf Mon Sep 17 00:00:00 2001 From: John Ericson Date: Mon, 3 Sep 2018 23:03:38 -0400 Subject: [PATCH 169/173] mkDerivation: Fix cross compilation Derivations where drawing their `system` attribute from `hostPlatform` instead of `buildPlatform`. Fix that, and add an explanatory commment. Fixes #45993 --- pkgs/stdenv/generic/make-derivation.nix | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/pkgs/stdenv/generic/make-derivation.nix b/pkgs/stdenv/generic/make-derivation.nix index 8af6d0e0400..e1ce3200e8c 100644 --- a/pkgs/stdenv/generic/make-derivation.nix +++ b/pkgs/stdenv/generic/make-derivation.nix @@ -187,7 +187,15 @@ rec { builder = attrs.realBuilder or stdenv.shell; args = attrs.args or ["-e" (attrs.builder or ./default-builder.sh)]; inherit stdenv; - inherit (stdenv.hostPlatform) system; + + # The `system` attribute of a derivation has special meaning to Nix. + # Derivations set it to choose what sort of machine could be used to + # execute the build, The build platform entirely determines this, + # indeed more finely than Nix knows or cares about. The `system` + # attribute of `buildPlatfom` matches Nix's degree of specificity. + # exactly. + inherit (stdenv.buildPlatform) system; + userHook = config.stdenv.userHook or null; __ignoreNulls = true; From 69d418aeac5e56e3cf7752cc22290fd35ee9c4bf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Dani=C3=ABl=20de=20Kok?= Date: Tue, 4 Sep 2018 07:43:53 +0200 Subject: [PATCH 170/173] vowpalwabbit: mark broken on aarch64. --- pkgs/development/python-modules/vowpalwabbit/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/pkgs/development/python-modules/vowpalwabbit/default.nix b/pkgs/development/python-modules/vowpalwabbit/default.nix index 6530ce28a9e..9bc2bbc2704 100644 --- a/pkgs/development/python-modules/vowpalwabbit/default.nix +++ b/pkgs/development/python-modules/vowpalwabbit/default.nix @@ -40,6 +40,7 @@ buildPythonPackage rec { description = "Vowpal Wabbit is a fast machine learning library for online learning, and this is the python wrapper for the project."; homepage = https://github.com/JohnLangford/vowpal_wabbit; license = licenses.bsd3; + broken = stdenv.isAarch64; maintainers = with maintainers; [ teh ]; }; } From 0f1125975a271ae970a88f04a78ebcbe97b2d89a Mon Sep 17 00:00:00 2001 From: Orivej Desh Date: Tue, 4 Sep 2018 07:41:08 +0000 Subject: [PATCH 171/173] psi: specify license (#43716) --- .../networking/instant-messengers/psi-plus/default.nix | 1 + .../networking/instant-messengers/psi/default.nix | 5 +++-- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/pkgs/applications/networking/instant-messengers/psi-plus/default.nix b/pkgs/applications/networking/instant-messengers/psi-plus/default.nix index 7c6f33935dc..6425ae25d4d 100644 --- a/pkgs/applications/networking/instant-messengers/psi-plus/default.nix +++ b/pkgs/applications/networking/instant-messengers/psi-plus/default.nix @@ -42,6 +42,7 @@ stdenv.mkDerivation rec { meta = with stdenv.lib; { description = "XMPP (Jabber) client"; maintainers = with maintainers; [ orivej ]; + license = licenses.gpl2; platforms = platforms.linux; }; } diff --git a/pkgs/applications/networking/instant-messengers/psi/default.nix b/pkgs/applications/networking/instant-messengers/psi/default.nix index 37d9de8794e..daa9d04cfb5 100644 --- a/pkgs/applications/networking/instant-messengers/psi/default.nix +++ b/pkgs/applications/networking/instant-messengers/psi/default.nix @@ -22,9 +22,10 @@ stdenv.mkDerivation rec { enableParallelBuilding = true; - meta = { + meta = with stdenv.lib; { description = "Psi, an XMPP (Jabber) client"; - maintainers = [ stdenv.lib.maintainers.raskin ]; + maintainers = [ maintainers.raskin ]; + license = licenses.gpl2; platforms = stdenv.lib.platforms.linux; }; } From 2e0befd22e607918c317a60a0a8595094f8551e3 Mon Sep 17 00:00:00 2001 From: Orivej Desh Date: Tue, 4 Sep 2018 08:35:52 +0000 Subject: [PATCH 172/173] libsignal-protocol-c: init at 2.3.2 --- .../libsignal-protocol-c/default.nix | 29 +++++++++++++++++++ pkgs/top-level/all-packages.nix | 2 ++ 2 files changed, 31 insertions(+) create mode 100644 pkgs/development/libraries/libsignal-protocol-c/default.nix diff --git a/pkgs/development/libraries/libsignal-protocol-c/default.nix b/pkgs/development/libraries/libsignal-protocol-c/default.nix new file mode 100644 index 00000000000..379361a7031 --- /dev/null +++ b/pkgs/development/libraries/libsignal-protocol-c/default.nix @@ -0,0 +1,29 @@ +{ stdenv, fetchFromGitHub, cmake, openssl }: + +stdenv.mkDerivation rec { + name = "libsignal-protocol-c"; + version = "2.3.2"; + + src = fetchFromGitHub { + owner = "signalapp"; + repo = "libsignal-protocol-c"; + rev = "v${version}"; + sha256 = "1qj2w4csy6j9jg1jy66n1qwysx7hgjywk4n35hlqcnh1kpa14k3p"; + }; + + nativeBuildInputs = [ cmake ]; + + buildInputs = [ openssl ]; + + cmakeFlags = [ "-DBUILD_SHARED_LIBS=ON" ]; + + outputs = [ "out" "dev" ]; + + meta = with stdenv.lib; { + description = "Signal Protocol C Library"; + homepage = https://github.com/signalapp/libsignal-protocol-c; + license = licenses.gpl3; + platforms = platforms.all; + maintainers = with maintainers; [ orivej ]; + }; +} diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 75f595c7605..887c5703111 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -10388,6 +10388,8 @@ with pkgs; libserialport = callPackage ../development/libraries/libserialport { }; + libsignal-protocol-c = callPackage ../development/libraries/libsignal-protocol-c { }; + libsoundio = callPackage ../development/libraries/libsoundio { inherit (darwin.apple_sdk.frameworks) AudioUnit; }; From 6767396e380b39128e5decf30d6cb87481a75490 Mon Sep 17 00:00:00 2001 From: Orivej Desh Date: Tue, 4 Sep 2018 08:39:13 +0000 Subject: [PATCH 173/173] psi-plus: 1.2.235 -> 1.3.410 --- .../instant-messengers/psi-plus/default.nix | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/pkgs/applications/networking/instant-messengers/psi-plus/default.nix b/pkgs/applications/networking/instant-messengers/psi-plus/default.nix index 6425ae25d4d..0fdd8dfb4bd 100644 --- a/pkgs/applications/networking/instant-messengers/psi-plus/default.nix +++ b/pkgs/applications/networking/instant-messengers/psi-plus/default.nix @@ -1,24 +1,24 @@ { stdenv, fetchFromGitHub, cmake , qt5, libidn, qca2-qt5, libXScrnSaver, hunspell -, libgcrypt, libotr, html-tidy, libgpgerror +, libgcrypt, libotr, html-tidy, libgpgerror, libsignal-protocol-c }: stdenv.mkDerivation rec { name = "psi-plus-${version}"; - version = "1.2.235"; + version = "1.3.410"; src = fetchFromGitHub { owner = "psi-plus"; repo = "psi-plus-snapshots"; rev = "${version}"; - sha256 = "0rc65gs6m3jxg407r99kikdylvrar5mq7x5m66ma604yk5igwg47"; + sha256 = "02m984z2dfmlx522q9x1z0aalvi2mi48s5ghhs80hr5afnfyc5w6"; }; resources = fetchFromGitHub { owner = "psi-plus"; repo = "resources"; - rev = "8f5038380e1be884b04b5a1ad3cc3385e793f668"; - sha256 = "1b8a2aixg966fzjwp9hz51rc31imyvpx014mp2fsm47k8na4470d"; + rev = "c0bfb8a025eeec82cd0a23a559e0aa3da15c3ec3"; + sha256 = "1q7v01w085vk7ml6gwis7j409w6f5cplpm7c0ajs4i93c4j53xdf"; }; postUnpack = '' @@ -34,7 +34,7 @@ stdenv.mkDerivation rec { buildInputs = [ qt5.qtbase qt5.qtmultimedia qt5.qtx11extras qt5.qttools qt5.qtwebkit libidn qca2-qt5 libXScrnSaver hunspell - libgcrypt libotr html-tidy libgpgerror + libgcrypt libotr html-tidy libgpgerror libsignal-protocol-c ]; enableParallelBuilding = true;