Merge branch 'staging-next'

Security fixes for a few packages are included.
2018-08-21 15:36:02 +02:00
parent 690a8017de cad8fc3447
commit 765d695b89
196 changed files with 9556 additions and 16487 deletions
--- a/pkgs/os-specific/linux/cryptsetup/default.nix
+++ b/pkgs/os-specific/linux/cryptsetup/default.nix
@@ -20,6 +20,10 @@ stdenv.mkDerivation rec {
    })
  ];

+  postPatch = ''
+    patchShebangs tests
+  '';
+
  NIX_LDFLAGS = "-lgcc_s";

  configureFlags = [
--- a/pkgs/os-specific/linux/fuse/common.nix
+++ b/pkgs/os-specific/linux/fuse/common.nix
@@ -4,6 +4,7 @@
 , fusePackages, utillinux, gettext
 , meson, ninja, pkgconfig
 , autoreconfHook
+, python3Packages, which
 }:

 let
@@ -58,6 +59,14 @@ in stdenv.mkDerivation rec {
      ./makeconf.sh
    '');

+  checkInputs = [ which ] ++ (with python3Packages; [ python pytest ]);
+
+  checkPhase = ''
+    python3 -m pytest test/
+  '';
+
+  doCheck = false; # v2: no tests, v3: all tests get skipped in a sandbox
+
  postFixup = "cd $out\n" + (if isFuse3 then ''
    install -D -m444 etc/fuse.conf $common/etc/fuse.conf
    install -D -m444 etc/udev/rules.d/99-fuse3.rules $common/etc/udev/rules.d/99-fuse.rules
--- a/pkgs/os-specific/linux/libaio/default.nix
+++ b/pkgs/os-specific/linux/libaio/default.nix
@@ -14,10 +14,20 @@ stdenv.mkDerivation rec {
    sha256 = "1kqpiswjn549s3w3m89bw5qkl7bw5pvq6gp5cdzd926ymlgivj5c";
  }) ];

+  postPatch = ''
+    patchShebangs harness
+
+    # Makefile is too optimistic, gcc is too smart
+    substituteInPlace harness/Makefile \
+      --replace "-Werror" ""
+  '';
+
  makeFlags = "prefix=$(out)";

  hardeningDisable = stdenv.lib.optional (stdenv.isi686) "stackprotector";

+  checkTarget = "partcheck"; # "check" needs root
+
  meta = {
    description = "Library for asynchronous I/O in Linux";
    homepage = http://lse.sourceforge.net/io/aio.html;
--- a/pkgs/os-specific/linux/numactl/default.nix
+++ b/pkgs/os-specific/linux/numactl/default.nix
@@ -23,6 +23,15 @@ stdenv.mkDerivation rec {
      sha256 = "080b0sygmg7104qbbh1amh3b322yyiajwi2d3d0vayffgva0720v";
    });

+  postPatch = ''
+    patchShebangs test
+  '';
+
+  # You probably shouldn't ever run these! They will reconfigure Linux
+  # NUMA settings, which on my build machine makes the rest of package
+  # building ~5% slower until reboot. Ugh!
+  doCheck = false; # never ever!
+
  meta = with stdenv.lib; {
    description = "Library and tools for non-uniform memory access (NUMA) machines";
    homepage = http://oss.sgi.com/projects/libnuma/;
--- a/pkgs/os-specific/linux/pmount/default.nix
+++ b/pkgs/os-specific/linux/pmount/default.nix
@@ -34,6 +34,8 @@ stdenv.mkDerivation rec {
    substituteInPlace ./src/Makefile --replace '-o root -g root -m 4755 ' '-m 755 '
  '';

+  doCheck = false; # fails 1 out of 1 tests with "Error: could not open fstab-type file: No such file or directory"
+
  meta = {
    homepage = http://pmount.alioth.debian.org/;
    description = "Mount removable devices as normal user";
--- a/pkgs/os-specific/linux/syslinux/default.nix
+++ b/pkgs/os-specific/linux/syslinux/default.nix
@@ -21,19 +21,23 @@ stdenv.mkDerivation rec {
    })
  ];

+  postPatch = ''
+    substituteInPlace Makefile --replace /bin/pwd $(type -P pwd)
+    substituteInPlace gpxe/src/Makefile.housekeeping --replace /bin/echo $(type -P echo)
+    substituteInPlace utils/ppmtolss16 --replace /usr/bin/perl $(type -P perl)
+    substituteInPlace gpxe/src/Makefile --replace /usr/bin/perl $(type -P perl)
+
+    # fix tests
+    substituteInPlace tests/unittest/include/unittest/unittest.h \
+      --replace /usr/include/ ""
+  '';
+
  nativeBuildInputs = [ nasm perl python ];
  buildInputs = [ libuuid makeWrapper ];

  enableParallelBuilding = false; # Fails very rarely with 'No rule to make target: ...'
  hardeningDisable = [ "pic" "stackprotector" "fortify" ];

-  preBuild = ''
-    substituteInPlace Makefile --replace /bin/pwd $(type -P pwd)
-    substituteInPlace gpxe/src/Makefile.housekeeping --replace /bin/echo $(type -P echo)
-    substituteInPlace utils/ppmtolss16 --replace /usr/bin/perl $(type -P perl)
-    substituteInPlace gpxe/src/Makefile --replace /usr/bin/perl $(type -P perl)
-  '';
-
  stripDebugList = "bin sbin share/syslinux/com32";

  makeFlags = [
@@ -47,6 +51,8 @@ stdenv.mkDerivation rec {
    "bios"
  ];

+  doCheck = false; # fails. some fail in a sandbox, others require qemu
+
  postInstall = ''
    wrapProgram $out/bin/syslinux \
      --prefix PATH : "${mtools}/bin"
--- a/pkgs/os-specific/linux/util-linux/default.nix
+++ b/pkgs/os-specific/linux/util-linux/default.nix
@@ -22,6 +22,8 @@ in stdenv.mkDerivation rec {
  outputs = [ "bin" "dev" "out" "man" ];

  postPatch = ''
+    patchShebangs tests/run.sh
+
    substituteInPlace include/pathnames.h \
      --replace "/bin/login" "${shadow}/bin/login"
    substituteInPlace sys-utils/eject.c \
@@ -54,6 +56,8 @@ in stdenv.mkDerivation rec {
    [ zlib pam ]
    ++ lib.filter (p: p != null) [ ncurses systemd perl ];

+  doCheck = false; # "For development purpose only. Don't execute on production system!"
+
  postInstall = ''
    rm "$bin/bin/su" # su should be supplied by the su package (shadow)
  '' + lib.optionalString minimal ''