From f42aa7e1d7ac4fb1050b73b296912fa7c7b927c2 Mon Sep 17 00:00:00 2001 From: Matthew Bauer Date: Mon, 6 Jul 2020 00:22:19 -0400 Subject: [PATCH 01/49] cc-wrapper: set FC when langFortran is on MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit We need to set FC so that CMake and other tools can find the fortran compiler. Also we need to limit the hardening flags since fortify and format don’t work with fortran. Fixes #88449 --- pkgs/build-support/cc-wrapper/default.nix | 5 +++-- pkgs/build-support/cc-wrapper/fortran-hook.sh | 11 +++++++++++ 2 files changed, 14 insertions(+), 2 deletions(-) create mode 100644 pkgs/build-support/cc-wrapper/fortran-hook.sh diff --git a/pkgs/build-support/cc-wrapper/default.nix b/pkgs/build-support/cc-wrapper/default.nix index da16a23f9df..b79aac37a33 100644 --- a/pkgs/build-support/cc-wrapper/default.nix +++ b/pkgs/build-support/cc-wrapper/default.nix @@ -214,6 +214,7 @@ stdenv.mkDerivation { wrap ${targetPrefix}gfortran $wrapper $ccPath/${targetPrefix}gfortran ln -sv ${targetPrefix}gfortran $out/bin/${targetPrefix}g77 ln -sv ${targetPrefix}gfortran $out/bin/${targetPrefix}f77 + export named_fc=${targetPrefix}gfortran '' + optionalString cc.langJava or false '' @@ -232,8 +233,8 @@ stdenv.mkDerivation { setupHooks = [ ../setup-hooks/role.bash - ./setup-hook.sh - ]; + ] ++ stdenv.lib.optional (cc.langC or true) ./setup-hook.sh + ++ stdenv.lib.optional (cc.langFortran or false) ./fortran-hook.sh; postFixup = '' diff --git a/pkgs/build-support/cc-wrapper/fortran-hook.sh b/pkgs/build-support/cc-wrapper/fortran-hook.sh new file mode 100644 index 00000000000..d72f314c01c --- /dev/null +++ b/pkgs/build-support/cc-wrapper/fortran-hook.sh @@ -0,0 +1,11 @@ +getTargetRole +getTargetRoleWrapper + +export FC${role_post}=@named_fc@ + +# If unset, assume the default hardening flags. +# These are different for fortran. +: ${NIX_HARDENING_ENABLE="stackprotector pic strictoverflow relro bindnow"} +export NIX_HARDENING_ENABLE + +unset -v role_post From e7ea3de83504cae4a83f3b9b868b137634269a04 Mon Sep 17 00:00:00 2001 From: Matthew Bauer Date: Mon, 6 Jul 2020 00:25:10 -0400 Subject: [PATCH 02/49] blas: use $NM instead of nm This is the right one on cross compilation. --- pkgs/build-support/alternatives/blas/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/build-support/alternatives/blas/default.nix b/pkgs/build-support/alternatives/blas/default.nix index bdee6688a74..1687bc4302a 100644 --- a/pkgs/build-support/alternatives/blas/default.nix +++ b/pkgs/build-support/alternatives/blas/default.nix @@ -70,7 +70,7 @@ stdenv.mkDerivation { exit 1 fi - nm -an "$libblas" | cut -f3 -d' ' > symbols + $NM -an "$libblas" | cut -f3 -d' ' > symbols for symbol in ${toString blasFortranSymbols}; do grep "^$symbol_$" symbols || { echo "$symbol" was not found in "$libblas"; exit 1; } done From 8a525d6a2b936b2a6a0471d29028784c688c801b Mon Sep 17 00:00:00 2001 From: Matthew Bauer Date: Mon, 6 Jul 2020 01:30:10 -0400 Subject: [PATCH 03/49] arpack: add blas, lapack to library path Fixes #89215 --- pkgs/development/libraries/science/math/arpack/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/development/libraries/science/math/arpack/default.nix b/pkgs/development/libraries/science/math/arpack/default.nix index 0829557d0f3..02d51f0c419 100644 --- a/pkgs/development/libraries/science/math/arpack/default.nix +++ b/pkgs/development/libraries/science/math/arpack/default.nix @@ -31,7 +31,7 @@ stdenv.mkDerivation { ]; preCheck = if stdenv.isDarwin then '' - export DYLD_LIBRARY_PATH=$DYLD_LIBRARY_PATH''${DYLD_LIBRARY_PATH:+:}`pwd`/lib + export DYLD_LIBRARY_PATH=$DYLD_LIBRARY_PATH''${DYLD_LIBRARY_PATH:+:}`pwd`/lib:${blas}/lib:${lapack}/lib '' else '' export LD_LIBRARY_PATH=$LD_LIBRARY_PATH''${LD_LIBRARY_PATH:+:}`pwd`/lib '' + '' From 6d19ab339ae74c44d98ec7f24352824d38fa100b Mon Sep 17 00:00:00 2001 From: Robert Scott Date: Sun, 12 Jul 2020 14:40:09 +0100 Subject: [PATCH 04/49] cpython: set separateDebugInfo --- pkgs/development/interpreters/python/cpython/default.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/pkgs/development/interpreters/python/cpython/default.nix b/pkgs/development/interpreters/python/cpython/default.nix index e6c8b301c0b..f45aae9953a 100644 --- a/pkgs/development/interpreters/python/cpython/default.nix +++ b/pkgs/development/interpreters/python/cpython/default.nix @@ -296,6 +296,8 @@ in with passthru; stdenv.mkDerivation { pythonForBuild buildPackages.bash ]; + separateDebugInfo = true; + inherit passthru; enableParallelBuilding = true; From ede2e00c9fffb0fcdb3929f045039485b5b2f99a Mon Sep 17 00:00:00 2001 From: Robert Scott Date: Sun, 12 Jul 2020 14:48:10 +0100 Subject: [PATCH 05/49] cpython: expose gdb libpython.py used together with cpython's debugging symbols, this allows inspection of the python stack of cpython programs in gdb. this file is a little different from the rest of the python output by this package, in that it's not intended to be run by the current python being built, instead by the python being used by the gdb in question, which could be very different. therefore placed in its own, but hopefully logical & predictable location. --- pkgs/development/interpreters/python/cpython/default.nix | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/pkgs/development/interpreters/python/cpython/default.nix b/pkgs/development/interpreters/python/cpython/default.nix index f45aae9953a..7b42f2c7565 100644 --- a/pkgs/development/interpreters/python/cpython/default.nix +++ b/pkgs/development/interpreters/python/cpython/default.nix @@ -279,6 +279,13 @@ in with passthru; stdenv.mkDerivation { find $out -name "*.py" | ${pythonForBuildInterpreter} -OO -m compileall -q -f -x "lib2to3" -i - '' + optionalString stripBytecode '' find $out -type d -name __pycache__ -print0 | xargs -0 -I {} rm -rf "{}" + '' + '' + # *strip* shebang from libpython gdb script - it should be dual-syntax and + # interpretable by whatever python the gdb in question is using, which may + # not even match the major version of this python. doing this after the + # bytecode compilations for the same reason. + mkdir -p $out/share/gdb + sed '/^#!/d' Tools/gdb/libpython.py > $out/share/gdb/libpython.py ''; preFixup = stdenv.lib.optionalString (stdenv.hostPlatform != stdenv.buildPlatform) '' From e296e89d75ab8aa1d0eed1c3688883a4f7937515 Mon Sep 17 00:00:00 2001 From: Pavol Rusnak Date: Mon, 27 Jul 2020 15:37:35 +0200 Subject: [PATCH 06/49] gnupg22: 2.2.20 -> 2.2.21 Fix reproducibility by fixing SOURCE_DATE_EPOCH usage --- pkgs/tools/security/gnupg/22.nix | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/pkgs/tools/security/gnupg/22.nix b/pkgs/tools/security/gnupg/22.nix index 7c095cffa31..3a99c8eb3f2 100644 --- a/pkgs/tools/security/gnupg/22.nix +++ b/pkgs/tools/security/gnupg/22.nix @@ -16,11 +16,11 @@ assert guiSupport -> pinentry != null && enableMinimal == false; stdenv.mkDerivation rec { pname = "gnupg"; - version = "2.2.20"; + version = "2.2.21"; src = fetchurl { url = "mirror://gnupg/gnupg/${pname}-${version}.tar.bz2"; - sha256 = "0c6a4v9p6qzhsw1pfcwc459bxpc8hma0w9z8iqb9khvligack9q4"; + sha256 = "1v3nirp9m7yxjkkcdixibckl379pdyr3mdx8b1k379szzdw35s31"; }; depsBuildBuild = [ buildPackages.stdenv.cc ]; @@ -38,8 +38,10 @@ stdenv.mkDerivation rec { ./accept-subkeys-with-a-good-revocation-but-no-self-sig.patch ]; postPatch = '' - sed -i 's,hkps://hkps.pool.sks-keyservers.net,hkps://keys.openpgp.org,g' \ - configure doc/dirmngr.texi doc/gnupg.info-1 + sed -i 's,hkps://hkps.pool.sks-keyservers.net,hkps://keys.openpgp.org,g' configure doc/dirmngr.texi doc/gnupg.info-1 + # Fix broken SOURCE_DATE_EPOCH usage - remove on the next upstream update + sed -i 's/$SOURCE_DATE_EPOCH/''${SOURCE_DATE_EPOCH}/' doc/Makefile.am + sed -i 's/$SOURCE_DATE_EPOCH/''${SOURCE_DATE_EPOCH}/' doc/Makefile.in '' + stdenv.lib.optionalString ( stdenv.isLinux && pcsclite != null) '' sed -i 's,"libpcsclite\.so[^"]*","${stdenv.lib.getLib pcsclite}/lib/libpcsclite.so",g' scd/scdaemon.c ''; #" fix Emacs syntax highlighting :-( From ff564f38cbdbe82812f4ed9c957e0940987f8cdb Mon Sep 17 00:00:00 2001 From: "R. RyanTM" Date: Sun, 2 Aug 2020 05:08:43 +0000 Subject: [PATCH 07/49] libbytesize: 2.3 -> 2.4 --- pkgs/development/libraries/libbytesize/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/libraries/libbytesize/default.nix b/pkgs/development/libraries/libbytesize/default.nix index ec14b2a6091..c93a59d462f 100644 --- a/pkgs/development/libraries/libbytesize/default.nix +++ b/pkgs/development/libraries/libbytesize/default.nix @@ -4,7 +4,7 @@ }: let - version = "2.3"; + version = "2.4"; in stdenv.mkDerivation rec { pname = "libbytesize"; inherit version; @@ -13,7 +13,7 @@ in stdenv.mkDerivation rec { owner = "storaged-project"; repo = "libbytesize"; rev = version; - sha256 = "1nrlmn63k0ix1yzn8v4lni5n5b4c0b6w9f33p1ig113ymmdvcc0h"; + sha256 = "1kq0hnw2yxjdmcrwvgp0x4j1arkka23k8vp2l6nqcw9lc15x18fp"; }; outputs = [ "out" "dev" "devdoc" ]; From 72c8ed038946850d345db13f30e259a368d7c3c5 Mon Sep 17 00:00:00 2001 From: Florian Klink Date: Mon, 19 Aug 2019 02:08:46 +0200 Subject: [PATCH 08/49] systemd: build with cryptsetup and cryptsetup-generators There's a circular dependency to systemd via cryptsetup and lvm2 (systemd -> cryptsetup -> lvm2 -> udev=systemd). However, cryptsetup only really needs the devmapper component shipped with lvm2. So build `pkgs.cryptsetup` with a lvm2 that doesn't come with udev. --- nixos/modules/system/boot/systemd.nix | 2 +- pkgs/os-specific/linux/systemd/default.nix | 4 +++- pkgs/top-level/all-packages.nix | 6 +++++- 3 files changed, 9 insertions(+), 3 deletions(-) diff --git a/nixos/modules/system/boot/systemd.nix b/nixos/modules/system/boot/systemd.nix index 86bd81d781a..b0828a923de 100644 --- a/nixos/modules/system/boot/systemd.nix +++ b/nixos/modules/system/boot/systemd.nix @@ -25,7 +25,7 @@ let "nss-lookup.target" "nss-user-lookup.target" "time-sync.target" - #"cryptsetup.target" + "cryptsetup.target" "sigpwr.target" "timers.target" "paths.target" diff --git a/pkgs/os-specific/linux/systemd/default.nix b/pkgs/os-specific/linux/systemd/default.nix index a76156a985c..440c7de204e 100644 --- a/pkgs/os-specific/linux/systemd/default.nix +++ b/pkgs/os-specific/linux/systemd/default.nix @@ -9,6 +9,7 @@ , patchelf , substituteAll , getent +, cryptsetup, lvm2 , buildPackages , perl , withSelinux ? false, libselinux @@ -30,6 +31,7 @@ let gnupg-minimal = gnupg.override { zlib = null; bzip2 = null; }; + in stdenv.mkDerivation { version = "245.6"; pname = "systemd"; @@ -89,7 +91,7 @@ in stdenv.mkDerivation { ]; buildInputs = [ linuxHeaders libcap curl.dev kmod xz pam acl - /* cryptsetup */ libuuid glib libgcrypt libgpgerror libidn2 + cryptsetup libuuid glib libgcrypt libgpgerror libidn2 pcre2 ] ++ stdenv.lib.optional withKexectools kexectools ++ stdenv.lib.optional withLibseccomp libseccomp ++ diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index d835916f0ed..3ec34778212 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -16931,7 +16931,11 @@ in criu = callPackage ../os-specific/linux/criu { }; - cryptsetup = callPackage ../os-specific/linux/cryptsetup { }; + cryptsetup = callPackage ../os-specific/linux/cryptsetup { + # cryptsetup only really needs the devmapper component of cryptsetup + # but itself is used as a library in systemd (=udev) + lvm2 = lvm2.override { udev = null; }; + }; cramfsswap = callPackage ../os-specific/linux/cramfsswap { }; From 0a41d69968cc6fe19493ec9f06c166066bcfcd45 Mon Sep 17 00:00:00 2001 From: Florian Klink Date: Tue, 14 May 2019 01:20:56 +0200 Subject: [PATCH 09/49] systemd: substituteInPlace paths to mkswap and mke2fs (used in new cryptsetup-generator.c) --- pkgs/os-specific/linux/systemd/default.nix | 22 +++++++++++++++++++--- 1 file changed, 19 insertions(+), 3 deletions(-) diff --git a/pkgs/os-specific/linux/systemd/default.nix b/pkgs/os-specific/linux/systemd/default.nix index 440c7de204e..3535b97e4fa 100644 --- a/pkgs/os-specific/linux/systemd/default.nix +++ b/pkgs/os-specific/linux/systemd/default.nix @@ -1,5 +1,5 @@ -{ stdenv, lib, fetchFromGitHub, fetchpatch, pkgconfig, intltool, gperf, libcap -, curl, kmod, gnupg, gnutar, xz, pam, acl, libuuid, m4, utillinux, libffi +{ stdenv, lib, fetchFromGitHub, pkgconfig, intltool, gperf, libcap +, curl, kmod, gnupg, gnutar, xz, pam, acl, libuuid, m4, e2fsprogs, utillinux, libffi , glib, kbd, libxslt, coreutils, libgcrypt, libgpgerror, libidn2, libapparmor , audit, lz4, bzip2, pcre2 , linuxHeaders ? stdenv.cc.libc.linuxHeaders @@ -178,12 +178,28 @@ in stdenv.mkDerivation { export LC_ALL="en_US.UTF-8"; # FIXME: patch this in systemd properly (and send upstream). # already fixed in f00929ad622c978f8ad83590a15a765b4beecac9: (u)mount - for i in src/remount-fs/remount-fs.c src/core/mount.c src/core/swap.c src/fsck/fsck.c units/emergency.service.in units/rescue.service.in src/journal/cat.c src/shutdown/shutdown.c src/nspawn/nspawn.c src/shared/generator.c units/systemd-logind.service.in units/systemd-nspawn@.service.in; do + for i in \ + src/core/mount.c \ + src/core/swap.c \ + src/cryptsetup/cryptsetup-generator.c \ + src/fsck/fsck.c \ + src/journal/cat.c \ + src/nspawn/nspawn.c \ + src/remount-fs/remount-fs.c \ + src/shared/generator.c \ + src/shutdown/shutdown.c \ + units/emergency.service.in \ + units/rescue.service.in \ + units/systemd-logind.service.in \ + units/systemd-nspawn@.service.in; \ + do test -e $i substituteInPlace $i \ --replace /usr/bin/getent ${getent}/bin/getent \ + --replace /sbin/mkswap ${lib.getBin utillinux}/sbin/mkswap \ --replace /sbin/swapon ${lib.getBin utillinux}/sbin/swapon \ --replace /sbin/swapoff ${lib.getBin utillinux}/sbin/swapoff \ + --replace /sbin/mke2fs ${lib.getBin e2fsprogs}/sbin/mke2fs \ --replace /sbin/fsck ${lib.getBin utillinux}/sbin/fsck \ --replace /bin/echo ${coreutils}/bin/echo \ --replace /bin/cat ${coreutils}/bin/cat \ From 29941db6bd333964145921a92c045c74b8bf4cb8 Mon Sep 17 00:00:00 2001 From: Arian van Putten Date: Mon, 13 May 2019 14:35:02 +0200 Subject: [PATCH 10/49] systemd-cryptsetup-generator: remove This package previously did override the systemd package, and instructed ninja, systemd's previous build system, to only build the cryptsetup-specific systemd generators (plus some manual rpath massaging, as ninja install wasn't used). Afterwards, users were expected to add this package to their `systemd.generator-packages` (or since https://github.com/NixOS/nixpkgs/pull/65376/files `systemd.packages`) NixOS module options, so systemd will use these generators. As the previous commit added cryptsetup support directly to the systemd package (and pkgs.systemd now already ships the cryptsetup generators), we don't need another package shipping the same generators. --- .../linux/systemd/cryptsetup-generator.nix | 34 ------------------- pkgs/top-level/aliases.nix | 1 + pkgs/top-level/all-packages.nix | 3 -- 3 files changed, 1 insertion(+), 37 deletions(-) delete mode 100644 pkgs/os-specific/linux/systemd/cryptsetup-generator.nix diff --git a/pkgs/os-specific/linux/systemd/cryptsetup-generator.nix b/pkgs/os-specific/linux/systemd/cryptsetup-generator.nix deleted file mode 100644 index 3fd8ff07f42..00000000000 --- a/pkgs/os-specific/linux/systemd/cryptsetup-generator.nix +++ /dev/null @@ -1,34 +0,0 @@ -{ systemd, cryptsetup }: - -systemd.overrideAttrs (p: { - version = p.version; - name = "systemd-cryptsetup-generator-${p.version}"; - - buildInputs = p.buildInputs ++ [ cryptsetup ]; - outputs = [ "out" ]; - - buildPhase = '' - ninja systemd-cryptsetup systemd-cryptsetup-generator - ''; - - # As ninja install is not used here, the rpath needs to be manually fixed. - # Otherwise the resulting binary doesn't properly link against systemd-shared.so - postFixup = '' - for prog in `find $out -type f -executable`; do - (patchelf --print-needed $prog | grep 'libsystemd-shared-.*\.so' > /dev/null) && ( - patchelf --set-rpath `patchelf --print-rpath $prog`:"$out/lib/systemd" $prog - ) || true - done - # test it's OK - "$out"/lib/systemd/systemd-cryptsetup - ''; - - installPhase = '' - mkdir -p $out/lib/systemd/ - cp systemd-cryptsetup $out/lib/systemd/systemd-cryptsetup - cp src/shared/*.so $out/lib/systemd/ - - mkdir -p $out/lib/systemd/system-generators/ - cp systemd-cryptsetup-generator $out/lib/systemd/system-generators/systemd-cryptsetup-generator - ''; -}) diff --git a/pkgs/top-level/aliases.nix b/pkgs/top-level/aliases.nix index 5bc4021ea08..8737435654a 100644 --- a/pkgs/top-level/aliases.nix +++ b/pkgs/top-level/aliases.nix @@ -546,6 +546,7 @@ mapAliases ({ surf-webkit2 = surf; # added 2017-04-02 sup = throw "deprecated in 2019-09-10: abandoned by upstream"; system_config_printer = system-config-printer; # added 2016-01-03 + systemd-cryptsetup-generator = throw "systemd-cryptsetup-generator is now included in the systemd package"; # added 2020-07-12 systemd_with_lvm2 = throw "obsolete, enabled by default via the lvm module"; # added 2020-07-12 systool = sysfsutils; # added 2018-04-25 tahoelafs = tahoe-lafs; # added 2018-03-26 diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 3ec34778212..9f84636129e 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -17994,9 +17994,6 @@ in }; udev = systemd; # TODO: move to aliases.nix - # standalone cryptsetup generator for systemd - systemd-cryptsetup-generator = callPackage ../os-specific/linux/systemd/cryptsetup-generator.nix { }; - systemd-wait = callPackage ../os-specific/linux/systemd-wait { }; sysvinit = callPackage ../os-specific/linux/sysvinit { }; From eb58711edf7b8a41c3b86c6099258c49a563b518 Mon Sep 17 00:00:00 2001 From: Florian Klink Date: Wed, 5 Aug 2020 01:34:12 +0200 Subject: [PATCH 11/49] nixosTests.systemd: test cryptsetup support This creates and opens a luks volume, puts its passphrase into a keyfile and writes a /etc/crypttab. It then reboots the machine, and verifies systemd parsed /etc/crypttab properly, and was able to unlock the volume with the keyfile provided (as we try to mount it). The memorySize of the VM had to be bumped, as luksFormat would otherwise run out of memory. --- nixos/tests/systemd.nix | 25 ++++++++++++++++++++++++- 1 file changed, 24 insertions(+), 1 deletion(-) diff --git a/nixos/tests/systemd.nix b/nixos/tests/systemd.nix index a653932fb37..9d21f9158f3 100644 --- a/nixos/tests/systemd.nix +++ b/nixos/tests/systemd.nix @@ -4,7 +4,10 @@ import ./make-test-python.nix ({ pkgs, ... }: { machine = { lib, ... }: { imports = [ common/user-account.nix common/x11.nix ]; - virtualisation.emptyDiskImages = [ 512 ]; + virtualisation.emptyDiskImages = [ 512 512 ]; + virtualisation.memorySize = 1024; + + environment.systemPackages = [ pkgs.cryptsetup ]; fileSystems = lib.mkVMOverride { "/test-x-initrd-mount" = { @@ -144,5 +147,25 @@ import ./make-test-python.nix ({ pkgs, ... }: { assert "RuntimeWatchdogUSec=30s" in output assert "RebootWatchdogUSec=10m" in output assert "KExecWatchdogUSec=5m" in output + + # Test systemd cryptsetup support + with subtest("systemd successfully reads /etc/crypttab and unlocks volumes"): + # create a luks volume and put a filesystem on it + machine.succeed( + "echo -n supersecret | cryptsetup luksFormat -q /dev/vdc -", + "echo -n supersecret | cryptsetup luksOpen --key-file - /dev/vdc foo", + "mkfs.ext3 /dev/mapper/foo", + ) + + # create a keyfile and /etc/crypttab + machine.succeed("echo -n supersecret > /var/lib/luks-keyfile") + machine.succeed("chmod 600 /var/lib/luks-keyfile") + machine.succeed("echo 'luks1 /dev/vdc /var/lib/luks-keyfile luks' > /etc/crypttab") + + # after a reboot, systemd should unlock the volume and we should be able to mount it + machine.shutdown() + machine.succeed("systemctl status systemd-cryptsetup@luks1.service") + machine.succeed("mkdir -p /tmp/luks1") + machine.succeed("mount /dev/mapper/luks1 /tmp/luks1") ''; }) From 9f911ab1b588cedfd5918ed5e09870648a528d57 Mon Sep 17 00:00:00 2001 From: Florian Klink Date: Tue, 4 Aug 2020 22:21:07 +0200 Subject: [PATCH 12/49] systemd: 245.6 -> 245.7 --- pkgs/os-specific/linux/systemd/default.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/os-specific/linux/systemd/default.nix b/pkgs/os-specific/linux/systemd/default.nix index a76156a985c..c6edbfe6764 100644 --- a/pkgs/os-specific/linux/systemd/default.nix +++ b/pkgs/os-specific/linux/systemd/default.nix @@ -31,7 +31,7 @@ let gnupg-minimal = gnupg.override { bzip2 = null; }; in stdenv.mkDerivation { - version = "245.6"; + version = "245.7"; pname = "systemd"; # When updating, use https://github.com/systemd/systemd-stable tree, not the development one! @@ -39,8 +39,8 @@ in stdenv.mkDerivation { src = fetchFromGitHub { owner = "systemd"; repo = "systemd-stable"; - rev = "aa0cb635f1f6a4d9b50ed2cca7782f3f751be933"; - sha256 = "191f0r1g946bsqxky00z78wygsxi9pld11y2q4374bshnpsff2ll"; + rev = "1e6233ed07f7af08550fffa7a885cac1ac67a2c3"; + sha256 = "1hd5kc3mm7mg4i7hhi82wg4cpg4fpi2k6hzjq9sv07pkn2lw390w"; }; patches = [ From 792f562ad546735c0b4ccea6b06813da03eb9c8e Mon Sep 17 00:00:00 2001 From: zowoq <59103226+zowoq@users.noreply.github.com> Date: Fri, 7 Aug 2020 04:16:42 +1000 Subject: [PATCH 13/49] go: 1.14.6 -> 1.14.7 --- pkgs/development/compilers/go/1.14.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/compilers/go/1.14.nix b/pkgs/development/compilers/go/1.14.nix index d9fc67cf46e..0bf972ff80f 100644 --- a/pkgs/development/compilers/go/1.14.nix +++ b/pkgs/development/compilers/go/1.14.nix @@ -31,11 +31,11 @@ in stdenv.mkDerivation rec { pname = "go"; - version = "1.14.6"; + version = "1.14.7"; src = fetchurl { url = "https://dl.google.com/go/go${version}.src.tar.gz"; - sha256 = "02acr52bxfjlr3m11576gdwn8hjv1pr2pffcis913m0m31w9vz3k"; + sha256 = "1qrhdjdzi1knchk1wmlaqgkqhxkq2niw14b931rhqrk36m1r4hq6"; }; # perl is used for testing go vet From 278f9b2a4c2860f205a29f654d08dbe1f76719ae Mon Sep 17 00:00:00 2001 From: Michael Weiss Date: Fri, 7 Aug 2020 18:46:10 +0000 Subject: [PATCH 14/49] mesa: 20.1.4 -> 20.1.5 --- pkgs/development/libraries/mesa/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/libraries/mesa/default.nix b/pkgs/development/libraries/mesa/default.nix index 9a2eda5e710..95a348409e6 100644 --- a/pkgs/development/libraries/mesa/default.nix +++ b/pkgs/development/libraries/mesa/default.nix @@ -32,7 +32,7 @@ with stdenv.lib; let # Release calendar: https://www.mesa3d.org/release-calendar.html # Release frequency: https://www.mesa3d.org/releasing.html#schedule - version = "20.1.4"; + version = "20.1.5"; branch = versions.major version; in @@ -47,7 +47,7 @@ stdenv.mkDerivation { "ftp://ftp.freedesktop.org/pub/mesa/${version}/mesa-${version}.tar.xz" "ftp://ftp.freedesktop.org/pub/mesa/older-versions/${branch}.x/${version}/mesa-${version}.tar.xz" ]; - sha256 = "1zlrczmmkcy42w332rfmlicihlnrxmkrnkpb21sl98725cf2f038"; + sha256 = "16y609zavqqhvxb55c06zwkg986qp6znvn7qjg4axw8bdqg8dhgs"; }; prePatch = "patchShebangs ."; From cec26d63917870ced3968d8de92f42661ff0e5a3 Mon Sep 17 00:00:00 2001 From: Alyssa Ross Date: Sat, 8 Aug 2020 15:12:12 +0000 Subject: [PATCH 15/49] cmake: fix grep in setupHook MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This produced a warning: > grep: Invalid range end In a [], - has to come last. Reported-by: Daniël de Kok Fixes: 75fdc1ced6c --- pkgs/development/tools/build-managers/cmake/setup-hook.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/development/tools/build-managers/cmake/setup-hook.sh b/pkgs/development/tools/build-managers/cmake/setup-hook.sh index 73f24a9a205..6ae560c5645 100755 --- a/pkgs/development/tools/build-managers/cmake/setup-hook.sh +++ b/pkgs/development/tools/build-managers/cmake/setup-hook.sh @@ -77,7 +77,7 @@ cmakeConfigurePhase() { fi # The argument sometimes contains garbage or variable interpolation. # When that is the case, let’s fall back to the derivation name. - if [[ -z "$shareDocName" ]] || echo "$shareDocName" | grep -q '[^a-zA-Z0-9_-+]'; then + if [[ -z "$shareDocName" ]] || echo "$shareDocName" | grep -q '[^a-zA-Z0-9_+-]'; then if [[ -n "${pname-}" ]]; then shareDocName="$pname" else From 83c541088e213af79735d99cfa0bc8776fa4b07e Mon Sep 17 00:00:00 2001 From: Michael Weiss Date: Mon, 10 Aug 2020 13:50:06 +0200 Subject: [PATCH 16/49] iproute: 5.7.0 -> 5.8.0 (#94965) "The former date based internal versioning (snapshot) is replaced by the regular version numbering which corresponds to the kernel version." [0] File changes (additions/removals): +share/man/man8/ip-mptcp.8.gz +share/man/man8/tc-gate.8.gz [0]: https://marc.info/?l=linux-netdev&m=159681449423365 --- pkgs/os-specific/linux/iproute/default.nix | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/pkgs/os-specific/linux/iproute/default.nix b/pkgs/os-specific/linux/iproute/default.nix index 3ac79464ac4..a9fcf455ee4 100644 --- a/pkgs/os-specific/linux/iproute/default.nix +++ b/pkgs/os-specific/linux/iproute/default.nix @@ -5,16 +5,19 @@ stdenv.mkDerivation rec { pname = "iproute2"; - version = "5.7.0"; + version = "5.8.0"; src = fetchurl { url = "mirror://kernel/linux/utils/net/${pname}/${pname}-${version}.tar.xz"; - sha256 = "088gs56iqhdlpw1iqjwrss4zxd4zbl2wl8s2implrrdajjxcfpbj"; + sha256 = "0vk4vickrpahdhl3zazr2qn2bf99v5549ncirjpwiy4h0a4izkfg"; }; preConfigure = '' # Don't try to create /var/lib/arpd: sed -e '/ARPDDIR/d' -i Makefile + # TODO: Drop temporary version fix for 5.8 (53159d81) once 5.9 is out: + substituteInPlace include/version.h \ + --replace "v5.7.0-77-gb687d1067169" "5.8.0" ''; outputs = [ "out" "dev" ]; From 5d65255d5784568e917c80b185ad685a088252bc Mon Sep 17 00:00:00 2001 From: Alyssa Ross Date: Sat, 8 Aug 2020 10:03:50 +0000 Subject: [PATCH 17/49] rust: 1.45.0 -> 1.45.2 --- pkgs/development/compilers/rust/1_45.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/compilers/rust/1_45.nix b/pkgs/development/compilers/rust/1_45.nix index c72292679e5..1a634d3f51e 100644 --- a/pkgs/development/compilers/rust/1_45.nix +++ b/pkgs/development/compilers/rust/1_45.nix @@ -16,8 +16,8 @@ } @ args: import ./default.nix { - rustcVersion = "1.45.0"; - rustcSha256 = "0z6dh0yd3fcm3qh960wi4s6fa6pxz9mh77psycsqfkkx5kqra15s"; + rustcVersion = "1.45.2"; + rustcSha256 = "0273a1g3f59plyi1n0azf21qjzwml1yqdnj5z472crz37qggr8xp"; # Note: the version MUST be one version prior to the version we're # building From 0bdf89e71992c0d91ead300101ca79b6cacb9beb Mon Sep 17 00:00:00 2001 From: "R. RyanTM" Date: Tue, 11 Aug 2020 12:18:35 +0000 Subject: [PATCH 18/49] radsecproxy: 1.8.1 -> 1.8.2 --- pkgs/tools/networking/radsecproxy/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/tools/networking/radsecproxy/default.nix b/pkgs/tools/networking/radsecproxy/default.nix index ab5ff481ec7..e2a0c900c52 100644 --- a/pkgs/tools/networking/radsecproxy/default.nix +++ b/pkgs/tools/networking/radsecproxy/default.nix @@ -2,13 +2,13 @@ stdenv.mkDerivation rec { pname = "radsecproxy"; - version = "1.8.1"; + version = "1.8.2"; src = fetchFromGitHub { owner = pname; repo = pname; rev = version; - sha256 = "12pvwd7v3iswki3riycxaiiqxingg4bqnkwc5ay3j4n2kzynr1qg"; + sha256 = "1g7q128cip1dac9jad58rd96afx4xz7x7vsiv0af8iyq2ivqvs2m"; }; nativeBuildInputs = [ autoreconfHook ]; From a14859c686da4a9c433aaa287a122519b4e97ca1 Mon Sep 17 00:00:00 2001 From: Christian Kauhaus Date: Tue, 4 Aug 2020 15:11:59 +0200 Subject: [PATCH 19/49] python: Apply patch for CVE-2019-20907 Incluing the patch file in-tree because the upstream patch is not intended to apply for Python 2. Re #94004 --- .../python/cpython/2.7/CVE-2019-20907.patch | 24 +++++++++++++++++++ .../python/cpython/2.7/default.nix | 3 +++ 2 files changed, 27 insertions(+) create mode 100644 pkgs/development/interpreters/python/cpython/2.7/CVE-2019-20907.patch diff --git a/pkgs/development/interpreters/python/cpython/2.7/CVE-2019-20907.patch b/pkgs/development/interpreters/python/cpython/2.7/CVE-2019-20907.patch new file mode 100644 index 00000000000..cf67ae2b51b --- /dev/null +++ b/pkgs/development/interpreters/python/cpython/2.7/CVE-2019-20907.patch @@ -0,0 +1,24 @@ +From 5a8d121a1f3ef5ad7c105ee378cc79a3eac0c7d4 Mon Sep 17 00:00:00 2001 +From: Rishi +Date: Wed, 15 Jul 2020 13:51:00 +0200 +Subject: [PATCH] bpo-39017: Avoid infinite loop in the tarfile module + (GH-21454) + +Avoid infinite loop when reading specially crafted TAR files using the tarfile module +(CVE-2019-20907). +--- + Lib/tarfile.py | 2 ++ + +diff --git a/Lib/tarfile.py b/Lib/tarfile.py +index e2b60532f6..6769066cab 100755 +--- a/Lib/tarfile.py ++++ b/Lib/tarfile.py +@@ -1249,6 +1249,8 @@ class TarInfo(object): + + length, keyword = match.groups() + length = int(length) ++ if length == 0: ++ raise InvalidHeaderError("invalid header") + value = buf[match.end(2) + 1:match.start(1) + length - 1] + + # Normally, we could just use "utf-8" as the encoding and "strict" diff --git a/pkgs/development/interpreters/python/cpython/2.7/default.nix b/pkgs/development/interpreters/python/cpython/2.7/default.nix index 62aae7b2212..2cfaa69a4c8 100644 --- a/pkgs/development/interpreters/python/cpython/2.7/default.nix +++ b/pkgs/development/interpreters/python/cpython/2.7/default.nix @@ -90,6 +90,9 @@ let # Backport from CPython 3.8 of a good list of tests to run for PGO. ./profile-task.patch + + # Patch is likely to go away in the next release (if there is any) + ./CVE-2019-20907.patch ] ++ optionals (x11Support && stdenv.isDarwin) [ ./use-correct-tcl-tk-on-darwin.patch ] ++ optionals stdenv.isLinux [ From e8bfa708c474c276d66318441e648a9c50e0f389 Mon Sep 17 00:00:00 2001 From: Jan Tojnar Date: Tue, 11 Aug 2020 15:30:39 +0200 Subject: [PATCH 20/49] meson: Fix rpath clearing MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Meson allows projects to set `build_rpath` property, containing paths that will be added during build but will be removed when installing. When Meson removes build_rpath from `DT_RUNPATH` entry, it just writes the shorter ␀-terminated new rpath over the old one to reduce the risk of potentially breaking the ELF files (when the linker does string de-duplication or something). But this can cause much bigger problem for Nix, as it can produce cut-in-half-by-␀ store path references. For example, in systemd’s libudev, it was removing three `$ORIGIN`-relative paths from $ORIGIN/../libsystemd:$ORIGIN/../basic:$ORIGIN/../shared:…␀ resulting in the following `DT_RUNPATH` entry: …␀store/v589pqjhvxrj73g3r0xb41yr84z5pwb7-gcc-9.3.0-lib/lib␀ We previously handled this in `fix-rpath.patch` but the method we prevent Meson from removing paths added to rpath through `NIX_LDFLAGS` was changed during 0.55.0 update and I forgot about this second purpose of the patch. Let’s re-add this clearing code, as it worked without issues for a long time. --- .../meson/clear-old-rpath.patch | 20 +++++++++++++++++++ .../tools/build-managers/meson/default.nix | 8 ++++++++ 2 files changed, 28 insertions(+) create mode 100644 pkgs/development/tools/build-managers/meson/clear-old-rpath.patch diff --git a/pkgs/development/tools/build-managers/meson/clear-old-rpath.patch b/pkgs/development/tools/build-managers/meson/clear-old-rpath.patch new file mode 100644 index 00000000000..0a52fe60e9d --- /dev/null +++ b/pkgs/development/tools/build-managers/meson/clear-old-rpath.patch @@ -0,0 +1,20 @@ +diff --git a/mesonbuild/scripts/depfixer.py b/mesonbuild/scripts/depfixer.py +index 77ac03d66..d12f77592 100644 +--- a/mesonbuild/scripts/depfixer.py ++++ b/mesonbuild/scripts/depfixer.py +@@ -337,6 +337,15 @@ class Elf(DataSizes): + if not new_rpath: + self.remove_rpath_entry(entrynum) + else: ++ # Clear old rpath to avoid stale references, ++ # not heeding the warning above about de-duplication ++ # since it does not seem to cause issues for us ++ # and not doing so trips up Nix’s reference checker. ++ # See https://github.com/NixOS/nixpkgs/pull/46020 ++ # and https://github.com/NixOS/nixpkgs/issues/95163 ++ self.bf.seek(rp_off) ++ self.bf.write(b'\0'*len(old_rpath)) ++ + self.bf.seek(rp_off) + self.bf.write(new_rpath) + self.bf.write(b'\0') diff --git a/pkgs/development/tools/build-managers/meson/default.nix b/pkgs/development/tools/build-managers/meson/default.nix index dad1dfa360c..c32635d80e1 100644 --- a/pkgs/development/tools/build-managers/meson/default.nix +++ b/pkgs/development/tools/build-managers/meson/default.nix @@ -43,6 +43,14 @@ python3.pkgs.buildPythonApplication rec { src = ./fix-rpath.patch; inherit (builtins) storeDir; }) + + # When Meson removes build_rpath from DT_RUNPATH entry, it just writes + # the shorter NUL-terminated new rpath over the old one to reduce + # the risk of potentially breaking the ELF files. + # But this can cause much bigger problem for Nix as it can produce + # cut-in-half-by-\0 store path references. + # Let’s just clear the whole rpath and hope for the best. + ./clear-old-rpath.patch ]; setupHook = ./setup-hook.sh; From e4eb9668751fc4571687c3edf50819fee9f49a23 Mon Sep 17 00:00:00 2001 From: Jan Tojnar Date: Tue, 11 Aug 2020 20:13:48 +0200 Subject: [PATCH 21/49] openexr: 2.4.1 -> 2.5.2 Needed to apply patch to fix pkg-config files so also removed patch that is unused since the switch to CMake during patches refactoring. --- .../development/libraries/ilmbase/cross.patch | 35 ------------- .../development/libraries/ilmbase/default.nix | 15 +++--- .../development/libraries/openexr/default.nix | 52 ++++++++----------- 3 files changed, 29 insertions(+), 73 deletions(-) delete mode 100644 pkgs/development/libraries/ilmbase/cross.patch diff --git a/pkgs/development/libraries/ilmbase/cross.patch b/pkgs/development/libraries/ilmbase/cross.patch deleted file mode 100644 index 207a440a0d8..00000000000 --- a/pkgs/development/libraries/ilmbase/cross.patch +++ /dev/null @@ -1,35 +0,0 @@ -From: Helmut Grohne <> -Subject: compile build tools with the build architecture compiler - -Patch-Source: https://github.com/openexr/openexr/issues/221 - -Index: ilmbase-2.2.0/configure.ac -=================================================================== ---- ilmbase-2.2.0.orig/configure.ac -+++ ilmbase-2.2.0/configure.ac -@@ -28,6 +28,7 @@ - AC_PROG_LN_S - AC_PROG_LIBTOOL - AC_PROG_MAKE_SET -+AX_PROG_CXX_FOR_BUILD - - dnl - dnl PKGCONFIG preparations -Index: ilmbase-2.2.0/Half/Makefile.am -=================================================================== ---- ilmbase-2.2.0.orig/Half/Makefile.am -+++ ilmbase-2.2.0/Half/Makefile.am -@@ -17,9 +17,11 @@ - - CLEANFILES = eLut eLut.h toFloat toFloat.h - --eLut_SOURCES = eLut.cpp -+eLut$(EXEEXT): eLut.cpp -+ $(CXX_FOR_BUILD) $(CXXFLAGS_FOR_BUILD) $< -o $@ - --toFloat_SOURCES = toFloat.cpp -+toFloat$(EXEEXT): toFloat.cpp -+ $(CXX_FOR_BUILD) $(CXXFLAGS_FOR_BUILD) $< -o $@ - - eLut.h: eLut - ./eLut > eLut.h diff --git a/pkgs/development/libraries/ilmbase/default.nix b/pkgs/development/libraries/ilmbase/default.nix index ac78257b74a..4053a865dac 100644 --- a/pkgs/development/libraries/ilmbase/default.nix +++ b/pkgs/development/libraries/ilmbase/default.nix @@ -12,26 +12,23 @@ stdenv.mkDerivation rec { # the project no longer provides separate tarballs. We may even want to merge # the ilmbase package into openexr in the future. - src = openexr.src; - - sourceRoot = "source/IlmBase"; + inherit (openexr) src patches; outputs = [ "out" "dev" ]; nativeBuildInputs = [ cmake libtool ]; depsBuildBuild = [ buildPackages.stdenv.cc ]; - patches = [ - ./cross.patch - ] ++ lib.optionals (stdenv.hostPlatform.isLinux && stdenv.hostPlatform.libc != "glibc") [ - openexr.non_glibc_fpstate_patch # see description of this patch in `openexr` - ]; - # fails 1 out of 1 tests with # "lt-ImathTest: testBoxAlgo.cpp:892: void {anonymous}::boxMatrixTransform(): Assertion `b21 == b2' failed" # at least on i686. spooky! doCheck = stdenv.isx86_64; + preConfigure = '' + # Need to cd after patches for openexr patches to apply. + cd IlmBase + ''; + meta = with stdenv.lib; { description = " A library for 2D/3D vectors and matrices and other mathematical objects, functions and data types for computer graphics"; homepage = "https://www.openexr.com/"; diff --git a/pkgs/development/libraries/openexr/default.nix b/pkgs/development/libraries/openexr/default.nix index a1f5183da90..7b6779a80de 100644 --- a/pkgs/development/libraries/openexr/default.nix +++ b/pkgs/development/libraries/openexr/default.nix @@ -9,49 +9,43 @@ , libtool }: -let - non_glibc_fpstate_patch = - # Fix ilmbase/openexr using glibc-only fpstate. - # Found via https://git.alpinelinux.org/aports/tree/community/openexr/10-musl-_fpstate.patch?id=80d9611b7b8e406a554c6f511137e03ff26acbae, - # TODO Remove when https://github.com/AcademySoftwareFoundation/openexr/pull/798 is merged and available. - # Remove it from `ilmbase` as well then. - (fetchpatch { - name = "ilmbase-musl-_fpstate.patch.patch"; - url = "https://raw.githubusercontent.com/void-linux/void-packages/80bbc168faa25448bd3399f4df331b836e74b85c/srcpkgs/ilmbase/patches/musl-_fpstate.patch"; - sha256 = "0appzbs9pd6dia5pzxmrs9ww35shlxi329ks6lchwzw4f2a81arz"; - }); -in - stdenv.mkDerivation rec { pname = "openexr"; - version = "2.4.1"; + version = "2.5.2"; + + outputs = [ "bin" "dev" "out" "doc" ]; src = fetchFromGitHub { owner = "AcademySoftwareFoundation"; repo = "openexr"; rev = "v${version}"; - sha256 = "020gyl8zv83ag6gbcchmqiyx9rh2jca7j8n52zx1gk4rck7kwc01"; + sha256 = "dtVoXA3JdmNs1iqu7cZlAdxt/CAgL5lSbOwu0SheyO0="; }; - outputs = [ "bin" "dev" "out" "doc" ]; + patches = [ + # Fix pkg-config paths + (fetchpatch { + url = "https://github.com/AcademySoftwareFoundation/openexr/commit/6442fb71a86c09fb0a8118b6dbd93bcec4883a3c.patch"; + sha256 = "bwD5WTKPT4DjOJDnPXIvT5hJJkH0b71Vo7qupWO9nPA="; + }) + ] ++ lib.optionals (stdenv.hostPlatform.isLinux && stdenv.hostPlatform.libc != "glibc") [ + # Fix ilmbase/openexr using glibc-only fpstate. + # Found via https://git.alpinelinux.org/aports/tree/community/openexr/10-musl-_fpstate.patch?id=80d9611b7b8e406a554c6f511137e03ff26acbae, + # TODO Remove when https://github.com/AcademySoftwareFoundation/openexr/pull/798 is merged and available. + (fetchpatch { + name = "ilmbase-musl-_fpstate.patch.patch"; + url = "https://raw.githubusercontent.com/void-linux/void-packages/80bbc168faa25448bd3399f4df331b836e74b85c/srcpkgs/ilmbase/patches/musl-_fpstate.patch"; + sha256 = "1bmyg4qfbz2p5iflrakbj8jzs85s1cf4cpfyclycnnqqi45j8m8d"; + # The patch's files are written as `IlmBase/...`, this turns it into + # `a/IlmBase/...`, so that the `patch -p1` that `patches` does works. + extraPrefix = ""; # Changing this requires changing the `sha256` (fixed-output)! + }) + ]; nativeBuildInputs = [ cmake libtool ]; propagatedBuildInputs = [ ilmbase zlib ]; - postPatch = - if (stdenv.hostPlatform.isLinux && stdenv.hostPlatform.libc != "glibc") - then - '' - patch -p0 < ${non_glibc_fpstate_patch} - '' - else null; # `null` avoids rebuild on glibc - enableParallelBuilding = true; - passthru = { - # So that ilmbase (sharing the same source code) can re-use this patch. - inherit non_glibc_fpstate_patch; - }; - meta = with stdenv.lib; { description = "A high dynamic-range (HDR) image file format"; homepage = "https://www.openexr.com/"; From 57f0574595160eeffae999e0fbed2cabfafbfda1 Mon Sep 17 00:00:00 2001 From: Michael Weiss Date: Tue, 11 Aug 2020 18:09:05 +0200 Subject: [PATCH 22/49] cmake: Add a patch to fix a regression since CMake 3.18 This fixes all CMake builds that use target_precompile_headers() and as a result fail since CMake 3.18 with e.g.: g++: error: unrecognized command line option '-Xarch_x86_64'; did you mean '-march=x86-64'? Fix #94905. CMake references: - https://gitlab.kitware.com/cmake/cmake/-/issues/21072 - https://gitlab.kitware.com/cmake/cmake/-/merge_requests/5118 --- pkgs/development/tools/build-managers/cmake/default.nix | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/pkgs/development/tools/build-managers/cmake/default.nix b/pkgs/development/tools/build-managers/cmake/default.nix index 0b296f023ad..3ae9fe6f42c 100644 --- a/pkgs/development/tools/build-managers/cmake/default.nix +++ b/pkgs/development/tools/build-managers/cmake/default.nix @@ -1,4 +1,4 @@ -{ stdenv, lib, fetchurl, pkgconfig +{ stdenv, lib, fetchurl, pkgconfig, fetchpatch , bzip2, curl, expat, libarchive, xz, zlib, libuv, rhash , buildPackages # darwin attributes @@ -37,6 +37,12 @@ stdenv.mkDerivation rec { # Derived from https://github.com/libuv/libuv/commit/1a5d4f08238dd532c3718e210078de1186a5920d ./libuv-application-services.patch + # TODO: Remove this patch for a regression once CMake 3.18.2 is out: + (fetchpatch { # PCH: Avoid Apple-specific architecture flags on other platforms + url = "https://gitlab.kitware.com/cmake/cmake/-/commit/70ce1ad64a04a244bb1c03753da0752c61fc3a37.patch"; + sha256 = "0jcdgv48j0dd4nlhyy3j0s3h6bcbrq2yg1mdhpgfqrb2y3p91fky"; + }) + ] ++ lib.optional stdenv.isCygwin ./3.2.2-cygwin.patch; outputs = [ "out" ]; From 6cdd374d50f4a767dbd3fd3981fd2cfe48d0703e Mon Sep 17 00:00:00 2001 From: Mario Rodas Date: Thu, 13 Aug 2020 20:00:00 -0500 Subject: [PATCH 23/49] postgresql_9_5: 9.5.22 -> 9.5.23 Release notes: https://www.postgresql.org/docs/9.5/release-9-5-23.html --- pkgs/servers/sql/postgresql/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/servers/sql/postgresql/default.nix b/pkgs/servers/sql/postgresql/default.nix index 2b440f78e99..cf3bc54acbf 100644 --- a/pkgs/servers/sql/postgresql/default.nix +++ b/pkgs/servers/sql/postgresql/default.nix @@ -182,9 +182,9 @@ let in self: { postgresql_9_5 = self.callPackage generic { - version = "9.5.22"; + version = "9.5.23"; psqlSchema = "9.5"; - sha256 = "03v4d4nr9f86y0i1j5jmvfan5w8y4ga1mar59lhcnj3jl5q58ma8"; + sha256 = "0rl31jc3kg2wq6hazyd297gnmx3cibjvivllbsivii2m6dzgl573"; this = self.postgresql_9_5; inherit self; }; From e9ed812c0786d4e01fc0116d53f008db34b67668 Mon Sep 17 00:00:00 2001 From: Mario Rodas Date: Thu, 13 Aug 2020 20:01:00 -0500 Subject: [PATCH 24/49] postgresql_9_6: 9.6.18 -> 9.6.19 Release notes: https://www.postgresql.org/docs/9.6/release-9-6-19.html --- pkgs/servers/sql/postgresql/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/servers/sql/postgresql/default.nix b/pkgs/servers/sql/postgresql/default.nix index cf3bc54acbf..ecdc8fdb55d 100644 --- a/pkgs/servers/sql/postgresql/default.nix +++ b/pkgs/servers/sql/postgresql/default.nix @@ -190,9 +190,9 @@ in self: { }; postgresql_9_6 = self.callPackage generic { - version = "9.6.18"; + version = "9.6.19"; psqlSchema = "9.6"; - sha256 = "16crr2a1sl97aiacqzd0bk56yl1abq6blc0c6qpx5rl5ny1c4zji"; + sha256 = "1c2wnl5bbpjs1s1rpzvlnzsqlpb0p823zw7s38nhpgnxrja3myb1"; this = self.postgresql_9_6; inherit self; }; From fce82f49f1085c74529f2732554a50f14e7ab99e Mon Sep 17 00:00:00 2001 From: Mario Rodas Date: Thu, 13 Aug 2020 20:02:00 -0500 Subject: [PATCH 25/49] postgresql_10: 10.13 -> 10.14 Release notes: https://www.postgresql.org/docs/10/release-10-14.html --- pkgs/servers/sql/postgresql/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/servers/sql/postgresql/default.nix b/pkgs/servers/sql/postgresql/default.nix index ecdc8fdb55d..a555b27b363 100644 --- a/pkgs/servers/sql/postgresql/default.nix +++ b/pkgs/servers/sql/postgresql/default.nix @@ -198,9 +198,9 @@ in self: { }; postgresql_10 = self.callPackage generic { - version = "10.13"; + version = "10.14"; psqlSchema = "10.0"; # should be 10, but changing it is invasive - sha256 = "1qal0yp7a90yzya7hl56gsmw5fvacplrdhpn7h9gnbyr1i2iyw2d"; + sha256 = "0fxj30jvwq5pqpbj97vhlxgmn2ah59a78s9jyjr7vxyqj7sdh71q"; this = self.postgresql_10; inherit self; }; From d242f33afbef3e91178216cfd470decdbd597ad2 Mon Sep 17 00:00:00 2001 From: Mario Rodas Date: Thu, 13 Aug 2020 20:03:00 -0500 Subject: [PATCH 26/49] postgresql_11: 11.8 -> 11.9 Release notes: https://www.postgresql.org/docs/11/release-11-9.html --- pkgs/servers/sql/postgresql/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/servers/sql/postgresql/default.nix b/pkgs/servers/sql/postgresql/default.nix index a555b27b363..cbee859eb75 100644 --- a/pkgs/servers/sql/postgresql/default.nix +++ b/pkgs/servers/sql/postgresql/default.nix @@ -206,9 +206,9 @@ in self: { }; postgresql_11 = self.callPackage generic { - version = "11.8"; + version = "11.9"; psqlSchema = "11.1"; # should be 11, but changing it is invasive - sha256 = "1qksqyayxmnccmbapg3ajsw9pjgqva0inxjhx64rqd6ckhrg9wpa"; + sha256 = "0db6pfphc5rp12abnkvv2l9pbl7bdyf3hhiwj8ghjwh35skqlq9m"; this = self.postgresql_11; inherit self; }; From fd741310af0b405b9d3575bb91589905541f1338 Mon Sep 17 00:00:00 2001 From: Mario Rodas Date: Thu, 13 Aug 2020 20:04:00 -0500 Subject: [PATCH 27/49] postgresql_12: 12.3 -> 12.4 Release notes: https://www.postgresql.org/docs/12/release-12-4.html --- pkgs/servers/sql/postgresql/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/servers/sql/postgresql/default.nix b/pkgs/servers/sql/postgresql/default.nix index cbee859eb75..e759a62c2eb 100644 --- a/pkgs/servers/sql/postgresql/default.nix +++ b/pkgs/servers/sql/postgresql/default.nix @@ -214,9 +214,9 @@ in self: { }; postgresql_12 = self.callPackage generic { - version = "12.3"; + version = "12.4"; psqlSchema = "12"; - sha256 = "0hfg3n7rlz96579cj3z1dh2idl15rh3wfvn8jl31jj4h2yk69vcl"; + sha256 = "1k06wryy8p4s1fim9qafcjlak3f58l0wqaqnrccr9x9j5jz3zsdy"; this = self.postgresql_12; inherit self; }; From dbac38cf0ed1666d433e13a77f7933a439c22bed Mon Sep 17 00:00:00 2001 From: Anders Kaseorg Date: Thu, 13 Aug 2020 17:25:13 -0700 Subject: [PATCH 28/49] meson: Add upstream patch to stop failing on skipped tests https://github.com/mesonbuild/meson/pull/7525 Signed-off-by: Anders Kaseorg --- pkgs/development/tools/build-managers/meson/default.nix | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/pkgs/development/tools/build-managers/meson/default.nix b/pkgs/development/tools/build-managers/meson/default.nix index c32635d80e1..a1c94fa1fce 100644 --- a/pkgs/development/tools/build-managers/meson/default.nix +++ b/pkgs/development/tools/build-managers/meson/default.nix @@ -4,6 +4,7 @@ , writeTextDir , substituteAll , pkgsHostHost +, fetchpatch }: python3.pkgs.buildPythonApplication rec { @@ -16,6 +17,13 @@ python3.pkgs.buildPythonApplication rec { }; patches = [ + # Meson 0.55.0 incorrectly considers skipped tests as failures, + # which makes some packages like gjs fail to build. + (fetchpatch { + url = "https://github.com/mesonbuild/meson/commit/7db49db67d4aa7582cf46feb7157235e66aa95b1.diff"; + sha256 = "1chq52sgk24afdlswssr8n8p6fa2wz8rjlxvkjhpqg1kg3qnqc9p"; + }) + # Upstream insists on not allowing bindir and other dir options # outside of prefix for some reason: # https://github.com/mesonbuild/meson/issues/2561 From 913ec2f78bc08a0272a34af3e9d93ccf93551e2d Mon Sep 17 00:00:00 2001 From: "R. RyanTM" Date: Fri, 14 Aug 2020 03:36:36 +0000 Subject: [PATCH 29/49] gnome3.gnome-desktop: 3.36.4 -> 3.36.5 --- pkgs/desktops/gnome-3/core/gnome-desktop/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/desktops/gnome-3/core/gnome-desktop/default.nix b/pkgs/desktops/gnome-3/core/gnome-desktop/default.nix index 2e89e6b9c27..e558eb66d40 100644 --- a/pkgs/desktops/gnome-3/core/gnome-desktop/default.nix +++ b/pkgs/desktops/gnome-3/core/gnome-desktop/default.nix @@ -4,13 +4,13 @@ stdenv.mkDerivation rec { pname = "gnome-desktop"; - version = "3.36.4"; + version = "3.36.5"; outputs = [ "out" "dev" "devdoc" ]; src = fetchurl { url = "mirror://gnome/sources/gnome-desktop/${stdenv.lib.versions.majorMinor version}/${pname}-${version}.tar.xz"; - sha256 = "1ilv49qkppbbag5728iswg1jhhqx9hbj7j8k8wccnbyaq54bsyq0"; + sha256 = "0lxpgb199hn37vq822qg9g43pwixbki3x5lkazqa77qhjhlj98gf"; }; nativeBuildInputs = [ From aec3c76dcabb3ceeb9975c5b6492fe68f9ceafa7 Mon Sep 17 00:00:00 2001 From: "R. RyanTM" Date: Sun, 2 Aug 2020 17:20:28 +0000 Subject: [PATCH 30/49] bison: 3.6.4 -> 3.7.1 --- pkgs/development/tools/parsing/bison/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/tools/parsing/bison/default.nix b/pkgs/development/tools/parsing/bison/default.nix index 357c8ea17cf..ca422f931da 100644 --- a/pkgs/development/tools/parsing/bison/default.nix +++ b/pkgs/development/tools/parsing/bison/default.nix @@ -7,11 +7,11 @@ stdenv.mkDerivation rec { pname = "bison"; - version = "3.6.4"; + version = "3.7.1"; src = fetchurl { url = "mirror://gnu/${pname}/${pname}-${version}.tar.gz"; - sha256 = "1s8kmfhg7a58vm65fc977ckp8zspy8diayrcjhs3cgrqnmjdx0w1"; + sha256 = "04vx6sah3bnr3a5n9knw306sb3y41pjfl7k9ihbsimghkj1m5n8x"; }; nativeBuildInputs = [ m4 perl ] ++ stdenv.lib.optional stdenv.isSunOS help2man; From 47d561b10fbe36be31c867151627cc0a955e0a63 Mon Sep 17 00:00:00 2001 From: Jan Tojnar Date: Fri, 14 Aug 2020 17:50:01 +0200 Subject: [PATCH 31/49] libinput: 1.15.6 -> 1.16.1 https://lists.freedesktop.org/archives/wayland-devel/2020-August/041578.html https://lists.freedesktop.org/archives/wayland-devel/2020-August/041590.html --- pkgs/development/libraries/libinput/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/libraries/libinput/default.nix b/pkgs/development/libraries/libinput/default.nix index cb8009011b6..576a2fec921 100644 --- a/pkgs/development/libraries/libinput/default.nix +++ b/pkgs/development/libraries/libinput/default.nix @@ -27,11 +27,11 @@ in with stdenv.lib; stdenv.mkDerivation rec { pname = "libinput"; - version = "1.15.6"; + version = "1.16.1"; src = fetchurl { url = "https://www.freedesktop.org/software/libinput/${pname}-${version}.tar.xz"; - sha256 = "073z61dw46cyq0635a5n1mw7hw4qdgr58gbwwb3ds5v3d8hymvdf"; + sha256 = "e6fRru3RUWi7IdF+nmKKocJ5V5Y6Qjo/6jk4pQF1hTk="; }; outputs = [ "bin" "out" "dev" ]; From 1e91e72a624056c09f40e8771000003e3087acf9 Mon Sep 17 00:00:00 2001 From: "R. RyanTM" Date: Fri, 14 Aug 2020 17:35:23 +0000 Subject: [PATCH 32/49] libipt: 2.0.1 -> 2.0.2 --- pkgs/development/libraries/libipt/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/libraries/libipt/default.nix b/pkgs/development/libraries/libipt/default.nix index cb4db488dc4..79ae927fc24 100644 --- a/pkgs/development/libraries/libipt/default.nix +++ b/pkgs/development/libraries/libipt/default.nix @@ -2,13 +2,13 @@ stdenv.mkDerivation rec { pname = "libipt"; - version = "2.0.1"; + version = "2.0.2"; src = fetchFromGitHub { owner = "intel"; repo = "libipt"; rev = "v${version}"; - sha256 = "19y1lk5z1rf8xmr08m8zrpjkgr5as83b96xyaxwn67m2wz58mpmh"; + sha256 = "095agnk7r2sq5yas6c1ri8fmsl55n4l5hkl6j5l397p9nxvxvrkc"; }; nativeBuildInputs = [ cmake ]; From 51f2d47897e735c1406f65b4be39c6edd02739ce Mon Sep 17 00:00:00 2001 From: "R. RyanTM" Date: Thu, 13 Aug 2020 18:35:52 +0000 Subject: [PATCH 33/49] doxygen: 1.8.18 -> 1.8.19 --- pkgs/development/tools/documentation/doxygen/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/tools/documentation/doxygen/default.nix b/pkgs/development/tools/documentation/doxygen/default.nix index a8e5f179916..772b654df93 100644 --- a/pkgs/development/tools/documentation/doxygen/default.nix +++ b/pkgs/development/tools/documentation/doxygen/default.nix @@ -2,14 +2,14 @@ stdenv.mkDerivation rec { - name = "doxygen-1.8.18"; + name = "doxygen-1.8.19"; src = fetchurl { urls = [ "mirror://sourceforge/doxygen/${name}.src.tar.gz" # faster, with https, etc. "http://doxygen.nl/files/${name}.src.tar.gz" ]; - sha256 = "0mh6s1ri1fs5yb27m0avnjsbcxpchgb9aaprq4bd3lj6vjg3s5qq"; + sha256 = "1lvqfw2yzba588c5ggl8yhw7aw4xkk44mrghsd9yqlajc48x25dc"; }; nativeBuildInputs = [ From 6093f9eb6e2b81d1c50fd7d2597599a5fb568310 Mon Sep 17 00:00:00 2001 From: Ben Wolsieffer Date: Thu, 13 Aug 2020 15:58:41 -0400 Subject: [PATCH 34/49] zstd: fix shebangs when cross-compiling --- pkgs/tools/compression/zstd/default.nix | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/pkgs/tools/compression/zstd/default.nix b/pkgs/tools/compression/zstd/default.nix index 9c9f91f9c19..8ce434741a5 100644 --- a/pkgs/tools/compression/zstd/default.nix +++ b/pkgs/tools/compression/zstd/default.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchFromGitHub, fetchpatch, cmake, gnugrep +{ stdenv, fetchFromGitHub, fetchpatch, cmake, bash, gnugrep , fixDarwinDylibNames , file , legacySupport ? false @@ -18,6 +18,7 @@ stdenv.mkDerivation rec { nativeBuildInputs = [ cmake ] ++ stdenv.lib.optional stdenv.isDarwin fixDarwinDylibNames; + buildInputs = [ bash ]; patches = [ ./playtests-darwin.patch @@ -29,11 +30,7 @@ stdenv.mkDerivation rec { # work fine, and I'm not sure how to write the condition. ++ stdenv.lib.optional stdenv.hostPlatform.isWindows ./mcfgthreads-no-pthread.patch; - postPatch = - # Patch shebangs for playTests - '' - patchShebangs programs/zstdgrep - '' + stdenv.lib.optionalString (!static) '' + postPatch = stdenv.lib.optionalString (!static) '' substituteInPlace build/cmake/CMakeLists.txt \ --replace 'message(SEND_ERROR "You need to build static library to build tests")' "" substituteInPlace build/cmake/tests/CMakeLists.txt \ @@ -60,6 +57,8 @@ stdenv.mkDerivation rec { doCheck = true; checkPhase = '' runHook preCheck + # Patch shebangs for playTests + patchShebangs ../programs/zstdgrep ctest -R playTests # The only relatively fast test. runHook postCheck ''; From 4005fe7f5530ebaadad2fe349a383fc6f5134592 Mon Sep 17 00:00:00 2001 From: "R. RyanTM" Date: Thu, 13 Aug 2020 06:05:17 +0000 Subject: [PATCH 35/49] cmake: 3.18.0 -> 3.18.1 --- pkgs/development/tools/build-managers/cmake/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/tools/build-managers/cmake/default.nix b/pkgs/development/tools/build-managers/cmake/default.nix index 3ae9fe6f42c..be9645453e3 100644 --- a/pkgs/development/tools/build-managers/cmake/default.nix +++ b/pkgs/development/tools/build-managers/cmake/default.nix @@ -19,12 +19,12 @@ stdenv.mkDerivation rec { + lib.optionalString useNcurses "-cursesUI" + lib.optionalString withQt5 "-qt5UI" + lib.optionalString useQt4 "-qt4UI"; - version = "3.18.0"; + version = "3.18.1"; src = fetchurl { url = "${meta.homepage}files/v${lib.versions.majorMinor version}/cmake-${version}.tar.gz"; # compare with https://cmake.org/files/v${lib.versions.majorMinor version}/cmake-${version}-SHA-256.txt - sha256 = "0aby67jn3i0rqhj6cvpm0f7idw3dl7jayaqxa9hkk9w2jk5zzd43"; + sha256 = "0215srmc9l7ygwdpfms8yx0wbd96qgz2d58ykmdiarvysf5k7qy0"; }; patches = [ From a1baa4f0bfa10cfcb43265772ad2845d31af5134 Mon Sep 17 00:00:00 2001 From: Jan Tojnar Date: Thu, 13 Aug 2020 01:38:37 +0200 Subject: [PATCH 36/49] =?UTF-8?q?openexr:=202.5.2=20=E2=86=92=202.5.3?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.5.3 * Includes the musl patch. * Also clean up a bit while at it: * libtool not necessary since CMake port * enableParallelBuilding is on by default with cmake --- .../development/libraries/ilmbase/default.nix | 3 +-- .../development/libraries/openexr/default.nix | 22 ++++--------------- 2 files changed, 5 insertions(+), 20 deletions(-) diff --git a/pkgs/development/libraries/ilmbase/default.nix b/pkgs/development/libraries/ilmbase/default.nix index 4053a865dac..68bd677cf77 100644 --- a/pkgs/development/libraries/ilmbase/default.nix +++ b/pkgs/development/libraries/ilmbase/default.nix @@ -2,7 +2,6 @@ , lib , buildPackages , cmake -, libtool , openexr }: @@ -16,7 +15,7 @@ stdenv.mkDerivation rec { outputs = [ "out" "dev" ]; - nativeBuildInputs = [ cmake libtool ]; + nativeBuildInputs = [ cmake ]; depsBuildBuild = [ buildPackages.stdenv.cc ]; # fails 1 out of 1 tests with diff --git a/pkgs/development/libraries/openexr/default.nix b/pkgs/development/libraries/openexr/default.nix index 7b6779a80de..b33b284f45c 100644 --- a/pkgs/development/libraries/openexr/default.nix +++ b/pkgs/development/libraries/openexr/default.nix @@ -6,12 +6,11 @@ , ilmbase , fetchpatch , cmake -, libtool }: stdenv.mkDerivation rec { pname = "openexr"; - version = "2.5.2"; + version = "2.5.3"; outputs = [ "bin" "dev" "out" "doc" ]; @@ -19,7 +18,7 @@ stdenv.mkDerivation rec { owner = "AcademySoftwareFoundation"; repo = "openexr"; rev = "v${version}"; - sha256 = "dtVoXA3JdmNs1iqu7cZlAdxt/CAgL5lSbOwu0SheyO0="; + sha256 = "xyYdRrwAYdnRZmErIK0tZspguqtrXvixO5+6nMDoOh8="; }; patches = [ @@ -28,23 +27,10 @@ stdenv.mkDerivation rec { url = "https://github.com/AcademySoftwareFoundation/openexr/commit/6442fb71a86c09fb0a8118b6dbd93bcec4883a3c.patch"; sha256 = "bwD5WTKPT4DjOJDnPXIvT5hJJkH0b71Vo7qupWO9nPA="; }) - ] ++ lib.optionals (stdenv.hostPlatform.isLinux && stdenv.hostPlatform.libc != "glibc") [ - # Fix ilmbase/openexr using glibc-only fpstate. - # Found via https://git.alpinelinux.org/aports/tree/community/openexr/10-musl-_fpstate.patch?id=80d9611b7b8e406a554c6f511137e03ff26acbae, - # TODO Remove when https://github.com/AcademySoftwareFoundation/openexr/pull/798 is merged and available. - (fetchpatch { - name = "ilmbase-musl-_fpstate.patch.patch"; - url = "https://raw.githubusercontent.com/void-linux/void-packages/80bbc168faa25448bd3399f4df331b836e74b85c/srcpkgs/ilmbase/patches/musl-_fpstate.patch"; - sha256 = "1bmyg4qfbz2p5iflrakbj8jzs85s1cf4cpfyclycnnqqi45j8m8d"; - # The patch's files are written as `IlmBase/...`, this turns it into - # `a/IlmBase/...`, so that the `patch -p1` that `patches` does works. - extraPrefix = ""; # Changing this requires changing the `sha256` (fixed-output)! - }) ]; - nativeBuildInputs = [ cmake libtool ]; - propagatedBuildInputs = [ ilmbase zlib ]; - enableParallelBuilding = true; + nativeBuildInputs = [ cmake ]; + propagatedBuildInputs = [ ilmbase zlib ]; meta = with stdenv.lib; { description = "A high dynamic-range (HDR) image file format"; From 900b2d5a6c3fc150e7ef983fd7fb99a921585b22 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Dani=C3=ABl=20de=20Kok?= Date: Wed, 12 Aug 2020 09:42:56 +0200 Subject: [PATCH 37/49] python3: fix impure /bin/sh call in subprocess --- pkgs/development/interpreters/python/cpython/default.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/pkgs/development/interpreters/python/cpython/default.nix b/pkgs/development/interpreters/python/cpython/default.nix index d26d060da72..b06ea4dda48 100644 --- a/pkgs/development/interpreters/python/cpython/default.nix +++ b/pkgs/development/interpreters/python/cpython/default.nix @@ -151,6 +151,8 @@ in with passthru; stdenv.mkDerivation { ]; postPatch = '' + substituteInPlace Lib/subprocess.py \ + --replace "'/bin/sh'" "'${bash}/bin/sh'" '' + optionalString (x11Support && (tix != null)) '' substituteInPlace "Lib/tkinter/tix.py" --replace "os.environ.get('TIX_LIBRARY')" "os.environ.get('TIX_LIBRARY') or '${tix}/lib'" ''; From 5530043208f0bef7aa4963f14cf599b74e9fd7e8 Mon Sep 17 00:00:00 2001 From: Thomas Tuegel Date: Mon, 10 Aug 2020 10:18:51 -0500 Subject: [PATCH 38/49] qtdeclarative: Patch for scrollbar regression --- .../libraries/qt-5/modules/qtdeclarative.nix | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/pkgs/development/libraries/qt-5/modules/qtdeclarative.nix b/pkgs/development/libraries/qt-5/modules/qtdeclarative.nix index b611282294c..c22857a6dc6 100644 --- a/pkgs/development/libraries/qt-5/modules/qtdeclarative.nix +++ b/pkgs/development/libraries/qt-5/modules/qtdeclarative.nix @@ -1,4 +1,4 @@ -{ qtModule, lib, python3, qtbase, qtsvg }: +{ qtModule, lib, fetchpatch, python3, qtbase, qtsvg }: with lib; @@ -23,4 +23,12 @@ qtModule { "bin/qmlscene" "bin/qmltestrunner" ]; + patches = + # https://mail.kde.org/pipermail/kde-distro-packagers/2020-June/000419.html + lib.optional (lib.versionAtLeast qtbase.version "5.14.2") + (fetchpatch { + url = "https://codereview.qt-project.org/gitweb?p=qt/qtdeclarative.git;a=patch;h=3e47ac319b0f53c43cc02a8356c2dec4f0daeef4"; + sha256 = "0wvncg7047q73nm0svc6kb14sigwk7sc53r4778kn033aj0qqszj"; + name = "qtdeclarative-QQuickItemView-fix-max-extent.patch"; + }); } From 760a0ef7ba12e7ad147f7d92cbe4a3402f3a0dc2 Mon Sep 17 00:00:00 2001 From: "R. RyanTM" Date: Mon, 10 Aug 2020 04:01:19 +0000 Subject: [PATCH 39/49] check: 0.15.0 -> 0.15.2 --- pkgs/development/libraries/check/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/libraries/check/default.nix b/pkgs/development/libraries/check/default.nix index e98fa465e0b..be000e457c4 100644 --- a/pkgs/development/libraries/check/default.nix +++ b/pkgs/development/libraries/check/default.nix @@ -4,11 +4,11 @@ stdenv.mkDerivation rec { pname = "check"; - version = "0.15.0"; + version = "0.15.2"; src = fetchurl { url = "https://github.com/libcheck/check/releases/download/${version}/check-${version}.tar.gz"; - sha256 = "0q5cs6rqbq8a1m9ij3dxnsjcs31mvg0b2i77g0iykqd6iz3f78mf"; + sha256 = "02m25y9m46pb6n46s51av62kpd936lkfv3b13kfpckgvmh5lxpm8"; }; # Test can randomly fail: https://hydra.nixos.org/build/7243912 From 1a3c5b2203c7f3018646396fb64a99a75e399118 Mon Sep 17 00:00:00 2001 From: Rohit Goswami Date: Sun, 9 Aug 2020 13:57:41 +0000 Subject: [PATCH 40/49] libuv: Skip tests which time out --- pkgs/development/libraries/libuv/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/development/libraries/libuv/default.nix b/pkgs/development/libraries/libuv/default.nix index aca345e6bbf..cf73a64f675 100644 --- a/pkgs/development/libraries/libuv/default.nix +++ b/pkgs/development/libraries/libuv/default.nix @@ -18,7 +18,7 @@ stdenv.mkDerivation rec { "getaddrinfo_fail" "getaddrinfo_fail_sync" "threadpool_multiple_event_loops" # times out on slow machines "get_passwd" # passed on NixOS but failed on other Linuxes - "tcp_writealot" # times out sometimes + "tcp_writealot" "udp_multicast_join" "udp_multicast_join6" # times out sometimes ] ++ stdenv.lib.optionals stdenv.isDarwin [ # Sometimes: timeout (no output), failed uv_listen. Someone # should report these failures to libuv team. There tests should From 22089bf50a5923001fb104c97091d60b2606c768 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Dani=C3=ABl=20de=20Kok?= Date: Sun, 9 Aug 2020 08:35:41 +0200 Subject: [PATCH 41/49] python3Packages.numpy: add hypothesis to checkInputs numpy has added hypothesis as a dependency for running property-based tests: https://github.com/numpy/numpy/pull/15189 However, hypothesis is not an input of the derivations. And thus tests have been failing with: ERROR .. - ModuleNotFoundError: No module named 'hypothesis' https://hydra.nixos.org/build/124613306/nixlog/1 This change adds hypothesis to checkInputs, so that tests are run again. --- pkgs/development/python-modules/numpy/default.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/pkgs/development/python-modules/numpy/default.nix b/pkgs/development/python-modules/numpy/default.nix index 4501eafe7bd..98ba0b5c688 100644 --- a/pkgs/development/python-modules/numpy/default.nix +++ b/pkgs/development/python-modules/numpy/default.nix @@ -3,6 +3,7 @@ , python , buildPythonPackage , gfortran +, hypothesis , pytest , blas , lapack @@ -67,6 +68,8 @@ in buildPythonPackage rec { doCheck = !isPyPy; # numpy 1.16+ hits a bug in pypy's ctypes, using either numpy or pypy HEAD fixes this (https://github.com/numpy/numpy/issues/13807) + checkInputs = [ hypothesis ]; + checkPhase = '' runHook preCheck pushd dist From 7c2918230f709e0bcc93972cd50167fef22001f7 Mon Sep 17 00:00:00 2001 From: "R. RyanTM" Date: Fri, 17 Jul 2020 11:12:56 +0000 Subject: [PATCH 42/49] libevdev: 1.9.0 -> 1.9.1 --- pkgs/development/libraries/libevdev/default.nix | 13 ++----------- 1 file changed, 2 insertions(+), 11 deletions(-) diff --git a/pkgs/development/libraries/libevdev/default.nix b/pkgs/development/libraries/libevdev/default.nix index c769006e0bf..fdd5e20640a 100644 --- a/pkgs/development/libraries/libevdev/default.nix +++ b/pkgs/development/libraries/libevdev/default.nix @@ -2,22 +2,13 @@ stdenv.mkDerivation rec { pname = "libevdev"; - version = "1.9.0"; + version = "1.9.1"; src = fetchurl { url = "https://www.freedesktop.org/software/${pname}/${pname}-${version}.tar.xz"; - sha256 = "17pb5375njb1r05xmk0r57a2j986ihglh2n5nqcylbag4rj8mqg7"; + sha256 = "1jvsphdrs1i54ccjcn6ll26jy42am7h28lbsvwa6pmxgqm43qq7m"; }; - patches = [ - # Fix libevdev-python tests on aarch64 - # https://gitlab.freedesktop.org/libevdev/libevdev/merge_requests/63 - (fetchpatch { - url = "https://gitlab.freedesktop.org/libevdev/libevdev/commit/66113fe84f62bab3a672a336eb10b255d2aa5ce7.patch"; - sha256 = "gZKr/P+/OqU69IGslP8CQlcGuyzA/ulcm+nGwHdis58="; - }) - ]; - nativeBuildInputs = [ python3 ]; meta = with stdenv.lib; { From 47e499f7a43bc5bc98d2b5f66204a5760642fb63 Mon Sep 17 00:00:00 2001 From: "R. RyanTM" Date: Thu, 16 Jul 2020 11:10:17 +0000 Subject: [PATCH 43/49] rhash: 1.3.9 -> 1.4.0 --- pkgs/tools/security/rhash/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/tools/security/rhash/default.nix b/pkgs/tools/security/rhash/default.nix index 863b03a117c..394dd89484f 100644 --- a/pkgs/tools/security/rhash/default.nix +++ b/pkgs/tools/security/rhash/default.nix @@ -1,14 +1,14 @@ { stdenv, fetchFromGitHub, which }: stdenv.mkDerivation rec { - version = "1.3.9"; + version = "1.4.0"; pname = "rhash"; src = fetchFromGitHub { owner = "rhash"; repo = "RHash"; rev = "v${version}"; - sha256 = "06i49x1l21h2q7pfnf4crbmjyg8b9ad0qs10ywyyn5sjpi0c21wq"; + sha256 = "18zgr1bjzz8v6rckz2q2hx9f2ssbv8qfwclzpbyjaz0c1c9lqqar"; }; nativeBuildInputs = [ which ]; From 1b54b2aa0d670ac98c3d5529a19f67bd2a219e1e Mon Sep 17 00:00:00 2001 From: David Guibert Date: Mon, 15 Jun 2020 18:01:49 +0200 Subject: [PATCH 44/49] ffmpeg: set explicit --enable-libass needed for subtitles filter. --- pkgs/development/libraries/ffmpeg/generic.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/pkgs/development/libraries/ffmpeg/generic.nix b/pkgs/development/libraries/ffmpeg/generic.nix index 5b98884c1fc..d763fb51354 100644 --- a/pkgs/development/libraries/ffmpeg/generic.nix +++ b/pkgs/development/libraries/ffmpeg/generic.nix @@ -126,6 +126,7 @@ stdenv.mkDerivation rec { # Docs (ifMinVer "0.6" "--disable-doc") # External Libraries + "--enable-libass" "--enable-bzlib" "--enable-gnutls" (ifMinVer "1.0" "--enable-fontconfig") From 90cd27e4a03f5a47f01445dee33af5abfda7f657 Mon Sep 17 00:00:00 2001 From: Dominik Honnef Date: Thu, 2 Jul 2020 16:33:53 +0200 Subject: [PATCH 45/49] x265: build a single shared library for all bit-depths This builds the 10-bit and 12-bit versions of x265 as static libraries, which then get linked into the 8-bit dynamic library and executable. This causes x265 to default to 8-bit, but make 10- and 12-bit available to callers that use introspection, such as ffmpeg. $ x265 -V x265 [info]: HEVC encoder version 3.2 x265 [info]: build info [Linux][GCC 9.3.0][64 bit] 8bit+10bit+12bit x265 [info]: using cpu capabilities: MMX2 SSE2Fast LZCNT SSSE3 SSE4.2 AVX FMA3 BMI2 AVX2 $ ffmpeg -h encoder=libx265 [...] Supported pixel formats: yuv420p yuvj420p yuv422p yuvj422p yuv444p yuvj444p gbrp yuv420p10le yuv422p10le yuv444p10le gbrp10le yuv420p12le yuv422p12le yuv444p12le gbrp12le gray gray10le gray12le Inspired by @codyopel's comment on #80405. --- pkgs/development/libraries/x265/default.nix | 66 ++++++++++++++++----- 1 file changed, 51 insertions(+), 15 deletions(-) diff --git a/pkgs/development/libraries/x265/default.nix b/pkgs/development/libraries/x265/default.nix index cfa19e5419f..ae3392aeb12 100644 --- a/pkgs/development/libraries/x265/default.nix +++ b/pkgs/development/libraries/x265/default.nix @@ -1,7 +1,6 @@ { stdenv, fetchurl, fetchpatch, cmake, nasm, numactl , numaSupport ? stdenv.hostPlatform.isLinux && (stdenv.hostPlatform.isx86 || stdenv.hostPlatform.isAarch64) # Enabled by default on NUMA platforms , debugSupport ? false # Run-time sanity checks (debugging) -, highbitdepthSupport ? false # false=8bits per channel, true=10/12bits per channel , werrorSupport ? false # Warnings as errors , ppaSupport ? false # PPA profiling instrumentation , vtuneSupport ? false # Vtune profiling instrumentation @@ -13,10 +12,17 @@ let mkFlag = optSet: flag: if optSet then "-D${flag}=ON" else "-D${flag}=OFF"; inherit (stdenv) is64bit; -in -stdenv.mkDerivation rec { - pname = "x265"; + cmakeFlagsAll = [ + "-DSTATIC_LINK_CRT=OFF" + (mkFlag debugSupport "CHECKED_BUILD") + (mkFlag ppaSupport "ENABLE_PPA") + (mkFlag vtuneSupport "ENABLE_VTUNE") + (mkFlag custatsSupport "DETAILED_CU_STATS") + (mkFlag unittestsSupport "ENABLE_TESTS") + (mkFlag werrorSupport "WARNINGS_AS_ERRORS") + ]; + version = "3.2"; src = fetchurl { @@ -27,8 +33,6 @@ stdenv.mkDerivation rec { sha256 = "0fqkhfhr22gzavxn60cpnj3agwdf5afivszxf3haj5k1sny7jk9n"; }; - enableParallelBuilding = true; - patches = [ # Fix build on ARM (#406) (fetchpatch { @@ -37,22 +41,54 @@ stdenv.mkDerivation rec { }) ]; + buildLib = has12Bit: stdenv.mkDerivation rec { + name = "libx265-${if has12Bit then "12" else "10"}-${version}"; + inherit src patches; + enableParallelBuilding = true; + + postPatch = '' + sed -i 's/unknown/${version}/g' source/cmake/version.cmake + ''; + + cmakeLibFlags = [ + "-DENABLE_CLI=OFF" + "-DENABLE_SHARED=OFF" + "-DENABLE_HDR10_PLUS=ON" + "-DEXPORT_C_API=OFF" + "-DHIGH_BIT_DEPTH=ON" + ]; + cmakeFlags = [(mkFlag has12Bit "MAIN12")] ++ cmakeLibFlags ++ cmakeFlagsAll; + + preConfigure = '' + cd source + ''; + + nativeBuildInputs = [cmake nasm] ++ stdenv.lib.optional numaSupport numactl; + }; + + libx265-10 = buildLib false; + libx265-12 = buildLib true; +in + +stdenv.mkDerivation rec { + pname = "x265"; + inherit version src patches; + + enableParallelBuilding = true; + postPatch = '' sed -i 's/unknown/${version}/g' source/cmake/version.cmake ''; cmakeFlags = [ - (mkFlag debugSupport "CHECKED_BUILD") - "-DSTATIC_LINK_CRT=OFF" - (mkFlag (highbitdepthSupport && is64bit) "HIGH_BIT_DEPTH") - (mkFlag werrorSupport "WARNINGS_AS_ERRORS") - (mkFlag ppaSupport "ENABLE_PPA") - (mkFlag vtuneSupport "ENABLE_VTUNE") - (mkFlag custatsSupport "DETAILED_CU_STATS") "-DENABLE_SHARED=ON" + "-DHIGH_BIT_DEPTH=OFF" + "-DENABLE_HDR10_PLUS=OFF" + "-DEXTRA_LIB=${libx265-10}/lib/libx265.a;${libx265-12}/lib/libx265.a" + "-DLINKED_10BIT=ON" + "-DLINKED_12BIT=ON" (mkFlag cliSupport "ENABLE_CLI") - (mkFlag unittestsSupport "ENABLE_TESTS") - ]; + ] ++ cmakeFlagsAll; preConfigure = '' cd source From cdd153807e0c0aa4cbe6792812a48ac65abfcd69 Mon Sep 17 00:00:00 2001 From: "R. RyanTM" Date: Thu, 6 Aug 2020 12:44:23 +0000 Subject: [PATCH 46/49] libqmi: 1.26.0 -> 1.26.2 --- pkgs/development/libraries/libqmi/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/libraries/libqmi/default.nix b/pkgs/development/libraries/libqmi/default.nix index e577b403823..e8db7501534 100644 --- a/pkgs/development/libraries/libqmi/default.nix +++ b/pkgs/development/libraries/libqmi/default.nix @@ -2,11 +2,11 @@ stdenv.mkDerivation rec { pname = "libqmi"; - version = "1.26.0"; + version = "1.26.2"; src = fetchurl { url = "https://www.freedesktop.org/software/libqmi/${pname}-${version}.tar.xz"; - sha256 = "0h3fzmjlla7ib9wn4rv98bm40y2k28jcl29da4hjwyaqmvh2j13z"; + sha256 = "00vvvfq74awg6mk0si1cdv79f6z6wqx11h47nl78a1h7zsr6fd0k"; }; outputs = [ "out" "dev" "devdoc" ]; From c6825953c033f8ae5be7d0505ace5db0f0625ebc Mon Sep 17 00:00:00 2001 From: "R. RyanTM" Date: Thu, 6 Aug 2020 10:35:08 +0000 Subject: [PATCH 47/49] libmbim: 1.24.0 -> 1.24.2 --- pkgs/development/libraries/libmbim/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/libraries/libmbim/default.nix b/pkgs/development/libraries/libmbim/default.nix index 0cc911fbd01..0e9a3784f38 100644 --- a/pkgs/development/libraries/libmbim/default.nix +++ b/pkgs/development/libraries/libmbim/default.nix @@ -10,11 +10,11 @@ stdenv.mkDerivation rec { pname = "libmbim"; - version = "1.24.0"; + version = "1.24.2"; src = fetchurl { url = "https://www.freedesktop.org/software/libmbim/${pname}-${version}.tar.xz"; - sha256 = "15hi1vq327drgi6h4dsi74lb7wg0sxd7mipa3irh5zgc7gn5qj9x"; + sha256 = "1r41d4yddp8rgccxrkz9vg5lbrj3dr5vy71d8igrr147k44qq69j"; }; outputs = [ "out" "dev" "man" ]; From e3a495f281dda3cc739332812b2de6f4596412ba Mon Sep 17 00:00:00 2001 From: "R. RyanTM" Date: Mon, 3 Aug 2020 08:02:21 +0000 Subject: [PATCH 48/49] imlib2: 1.6.1 -> 1.7.0 --- pkgs/development/libraries/imlib2/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/libraries/imlib2/default.nix b/pkgs/development/libraries/imlib2/default.nix index 36b1063531e..458b3d29d52 100644 --- a/pkgs/development/libraries/imlib2/default.nix +++ b/pkgs/development/libraries/imlib2/default.nix @@ -12,11 +12,11 @@ let in stdenv.mkDerivation rec { pname = "imlib2"; - version = "1.6.1"; + version = "1.7.0"; src = fetchurl { url = "mirror://sourceforge/enlightenment/${pname}-${version}.tar.bz2"; - sha256 = "0v8n3dswx7rxqfd0q03xwc7j2w1mv8lv18rdxv487a1xw5vklfad"; + sha256 = "0zdk4afdrrr1539f2q15zja19j4wwfmpswzws2ffgflcnhywlxhr"; }; buildInputs = [ From 9da079c6ff5e2870485ed014fe388a5c67997535 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Vladim=C3=ADr=20=C4=8Cun=C3=A1t?= Date: Wed, 12 Aug 2020 19:10:14 +0200 Subject: [PATCH 49/49] Re-Revert "linux: Init 5.8" This reverts commit fee8c0ae0739f847241fc1de2b619b4057e818a1. The required systemd update was done in 9f911ab1b5; test works for me: nix build -f nixos/release.nix tests.latestKernel.login.x86_64-linux --- pkgs/os-specific/linux/kernel/linux-5.8.nix | 18 ++++++++++++++++++ pkgs/top-level/all-packages.nix | 11 ++++++++++- 2 files changed, 28 insertions(+), 1 deletion(-) create mode 100644 pkgs/os-specific/linux/kernel/linux-5.8.nix diff --git a/pkgs/os-specific/linux/kernel/linux-5.8.nix b/pkgs/os-specific/linux/kernel/linux-5.8.nix new file mode 100644 index 00000000000..a7b929740d2 --- /dev/null +++ b/pkgs/os-specific/linux/kernel/linux-5.8.nix @@ -0,0 +1,18 @@ +{ stdenv, buildPackages, fetchurl, perl, buildLinux, modDirVersionArg ? null, ... } @ args: + +with stdenv.lib; + +buildLinux (args // rec { + version = "5.8"; + + # modDirVersion needs to be x.y.z, will automatically add .0 if needed + modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg; + + # branchVersion needs to be x.y + extraMeta.branch = versions.majorMinor version; + + src = fetchurl { + url = "mirror://kernel/linux/kernel/v5.x/linux-${version}.tar.xz"; + sha256 = "1xgibkwb1yfl6qdlbxyagai0qc1pk5ark7giz1512hh6ma353xz7"; + }; +} // (args.argsOverride or {})) diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 4b6baf4af2e..ad12f91d9d4 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -17401,6 +17401,14 @@ in ]; }; + linux_5_8 = callPackage ../os-specific/linux/kernel/linux-5.8.nix { + kernelPatches = [ + kernelPatches.bridge_stp_helper + kernelPatches.request_key_helper + kernelPatches.export_kernel_fpu_functions."5.3" + ]; + }; + linux_testing = callPackage ../os-specific/linux/kernel/linux-testing.nix { kernelPatches = [ kernelPatches.bridge_stp_helper @@ -17624,7 +17632,7 @@ in # Update this when adding the newest kernel major version! # And update linux_latest_for_hardened below if the patches are already available - linuxPackages_latest = linuxPackages_5_7; + linuxPackages_latest = linuxPackages_5_8; linux_latest = linuxPackages_latest.kernel; # Build the kernel modules for the some of the kernels. @@ -17639,6 +17647,7 @@ in linuxPackages_4_19 = recurseIntoAttrs (linuxPackagesFor pkgs.linux_4_19); linuxPackages_5_4 = recurseIntoAttrs (linuxPackagesFor pkgs.linux_5_4); linuxPackages_5_7 = recurseIntoAttrs (linuxPackagesFor pkgs.linux_5_7); + linuxPackages_5_8 = recurseIntoAttrs (linuxPackagesFor pkgs.linux_5_8); # When adding to this list: # - Update linuxPackages_latest to the latest version