diff --git a/doc/package-notes.xml b/doc/package-notes.xml index e1aea62f784..4d87a3a67fe 100644 --- a/doc/package-notes.xml +++ b/doc/package-notes.xml @@ -477,32 +477,18 @@ it. Place the resulting package.nix file into Using the FOSS Radeon or nouveau (nvidia) drivers - - Both the open source radeon drivers as well as the nouveau drivers (nvidia) - need a newer libc++ than is provided by the default runtime, which leads to a - crash on launch. Use environment.systemPackages = - [(pkgs.steam.override { newStdcpp = true; })]; in your config - if you get an error like - -libGL error: unable to load driver: radeonsi_dri.so -libGL error: driver pointer missing -libGL error: failed to load driver: radeonsi -libGL error: unable to load driver: swrast_dri.so -libGL error: failed to load driver: swrast - or - -libGL error: unable to load driver: nouveau_dri.so -libGL error: driver pointer missing -libGL error: failed to load driver: nouveau -libGL error: unable to load driver: swrast_dri.so -libGL error: failed to load driver: swrast - - Steam ships statically linked with a version of libcrypto that - conflics with the one dynamically loaded by radeonsi_dri.so. - If you get the error - steam.sh: line 713: 7842 Segmentation fault (core dumped) - have a look at this pull request. - + + The newStdcpp parameter + was removed since NixOS 17.09 and should not be needed anymore. + + + + Steam ships statically linked with a version of libcrypto that + conflics with the one dynamically loaded by radeonsi_dri.so. + If you get the error + steam.sh: line 713: 7842 Segmentation fault (core dumped) + have a look at this pull request. + diff --git a/nixos/doc/manual/release-notes/release-notes.xml b/nixos/doc/manual/release-notes/release-notes.xml index 6065a86f60d..5ed56bde665 100644 --- a/nixos/doc/manual/release-notes/release-notes.xml +++ b/nixos/doc/manual/release-notes/release-notes.xml @@ -9,6 +9,7 @@ This section lists the release notes for each stable version of NixOS and current unstable revision. + diff --git a/nixos/doc/manual/release-notes/rl-1709.xml b/nixos/doc/manual/release-notes/rl-1709.xml index c951934e623..1d6e693f83c 100644 --- a/nixos/doc/manual/release-notes/rl-1709.xml +++ b/nixos/doc/manual/release-notes/rl-1709.xml @@ -289,6 +289,52 @@ FLUSH PRIVILEGES; in them being reloaded. + + + + services.mysqlBackup now works by default + without any user setup, including for users other than + mysql. + + + + By default, the mysql user is no longer the + user which performs the backup. Instead a system account + mysqlbackup is used. + + + + The mysqlBackup service is also now using + systemd timers instead of cron. + + + + Therefore, the services.mysqlBackup.period + option no longer exists, and has been replaced with + services.mysqlBackup.calendar, which is in + the format of systemd.time(7). + + + + If you expect to be sent an e-mail when the backup fails, + consider using a script which monitors the systemd journal for + errors. Regretfully, at present there is no built-in + functionality for this. + + + + You can check that backups still work by running + systemctl start mysql-backup then + systemctl status mysql-backup. + + + + + Steam: the newStdcpp parameter + was removed and should not be needed anymore. + + Other notable improvements: @@ -344,7 +390,7 @@ FLUSH PRIVILEGES; - Definitions for /etc/hosts can now be sped + Definitions for /etc/hosts can now be specified declaratively with networking.hosts. diff --git a/nixos/doc/manual/release-notes/rl-1803.xml b/nixos/doc/manual/release-notes/rl-1803.xml index ce05cde7b08..7acc689ed11 100644 --- a/nixos/doc/manual/release-notes/rl-1803.xml +++ b/nixos/doc/manual/release-notes/rl-1803.xml @@ -29,8 +29,7 @@ following incompatible changes: - - + diff --git a/nixos/modules/services/backup/mysql-backup.nix b/nixos/modules/services/backup/mysql-backup.nix index 28f607861f7..3f533fa457d 100644 --- a/nixos/modules/services/backup/mysql-backup.nix +++ b/nixos/modules/services/backup/mysql-backup.nix @@ -6,10 +6,28 @@ let inherit (pkgs) mysql gzip; - cfg = config.services.mysqlBackup ; - location = cfg.location ; - mysqlBackupCron = db : '' - ${cfg.period} ${cfg.user} ${mysql}/bin/mysqldump ${if cfg.singleTransaction then "--single-transaction" else ""} ${db} | ${gzip}/bin/gzip -c > ${location}/${db}.gz + cfg = config.services.mysqlBackup; + defaultUser = "mysqlbackup"; + + backupScript = '' + set -o pipefail + failed="" + ${concatMapStringsSep "\n" backupDatabaseScript cfg.databases} + if [ -n "$failed" ]; then + echo "Backup of database(s) failed:$failed" + exit 1 + fi + ''; + backupDatabaseScript = db: '' + dest="${cfg.location}/${db}.gz" + if ${mysql}/bin/mysqldump ${if cfg.singleTransaction then "--single-transaction" else ""} ${db} | ${gzip}/bin/gzip -c > $dest.tmp; then + mv $dest.tmp $dest + echo "Backed up to $dest" + else + echo "Failed to back up to $dest" + rm -f $dest.tmp + failed="$failed ${db}" + fi ''; in @@ -26,17 +44,16 @@ in ''; }; - period = mkOption { - default = "15 01 * * *"; + calendar = mkOption { + type = types.str; + default = "01:15:00"; description = '' - This option defines (in the format used by cron) when the - databases should be dumped. - The default is to update at 01:15 (at night) every day. + Configured when to run the backup service systemd unit (DayOfWeek Year-Month-Day Hour:Minute:Second). ''; }; user = mkOption { - default = "mysql"; + default = defaultUser; description = '' User to be used to perform backup. ''; @@ -66,16 +83,49 @@ in }; - config = mkIf config.services.mysqlBackup.enable { + config = mkIf cfg.enable { + users.extraUsers = optionalAttrs (cfg.user == defaultUser) (singleton + { name = defaultUser; + isSystemUser = true; + createHome = false; + home = cfg.location; + group = "nogroup"; + }); - services.cron.systemCronJobs = map mysqlBackupCron config.services.mysqlBackup.databases; - - system.activationScripts.mysqlBackup = stringAfter [ "stdio" "users" ] - '' - mkdir -m 0700 -p ${config.services.mysqlBackup.location} - chown ${config.services.mysqlBackup.user} ${config.services.mysqlBackup.location} - ''; + services.mysql.ensureUsers = [{ + name = cfg.user; + ensurePermissions = with lib; + let + privs = "SELECT, SHOW VIEW, TRIGGER, LOCK TABLES"; + grant = db: nameValuePair "${db}.*" privs; + in + listToAttrs (map grant cfg.databases); + }]; + systemd = { + timers."mysql-backup" = { + description = "Mysql backup timer"; + wantedBy = [ "timers.target" ]; + timerConfig = { + OnCalendar = cfg.calendar; + AccuracySec = "5m"; + Unit = "mysql-backup.service"; + }; + }; + services."mysql-backup" = { + description = "Mysql backup service"; + enable = true; + serviceConfig = { + User = cfg.user; + PermissionsStartOnly = true; + }; + preStart = '' + mkdir -m 0700 -p ${cfg.location} + chown -R ${cfg.user} ${cfg.location} + ''; + script = backupScript; + }; + }; }; } diff --git a/nixos/modules/services/mail/spamassassin.nix b/nixos/modules/services/mail/spamassassin.nix index fc8396cd85e..d483a8c3d67 100644 --- a/nixos/modules/services/mail/spamassassin.nix +++ b/nixos/modules/services/mail/spamassassin.nix @@ -42,7 +42,7 @@ in Then you can Use this sieve filter: require ["fileinto", "reject", "envelope"]; - + if header :contains "X-Spam-Flag" "YES" { fileinto "spam"; } @@ -67,11 +67,11 @@ in initPreConf = mkOption { type = types.str; description = "The SpamAssassin init.pre config."; - default = - '' + default = + '' # # to update this list, run this command in the rules directory: - # grep 'loadplugin.*Mail::SpamAssassin::Plugin::.*' -o -h * | sort | uniq + # grep 'loadplugin.*Mail::SpamAssassin::Plugin::.*' -o -h * | sort | uniq # #loadplugin Mail::SpamAssassin::Plugin::AccessDB @@ -122,7 +122,11 @@ in config = mkIf cfg.enable { # Allow users to run 'spamc'. - environment.systemPackages = [ pkgs.spamassassin ]; + + environment = { + etc = singleton { source = spamdEnv; target = "spamassassin"; }; + systemPackages = [ pkgs.spamassassin ]; + }; users.extraUsers = singleton { name = "spamd"; @@ -138,7 +142,7 @@ in systemd.services.sa-update = { script = '' - set +e + set +e ${pkgs.su}/bin/su -s "${pkgs.bash}/bin/bash" -c "${pkgs.spamassassin}/bin/sa-update --gpghomedir=/var/lib/spamassassin/sa-update-keys/ --siteconfigpath=${spamdEnv}/" spamd v=$? @@ -153,7 +157,7 @@ in ''; }; - systemd.timers.sa-update = { + systemd.timers.sa-update = { description = "sa-update-service"; partOf = [ "sa-update.service" ]; wantedBy = [ "timers.target" ]; @@ -177,15 +181,10 @@ in # 0 and 1 no error, exitcode > 1 means error: # https://spamassassin.apache.org/full/3.1.x/doc/sa-update.html#exit_codes preStart = '' - # this abstraction requires no centralized config at all - if [ -d /etc/spamassassin ]; then - echo "This spamassassin does not support global '/etc/spamassassin' folder for configuration as this would be impure. Merge your configs into 'services.spamassassin' and remove the '/etc/spamassassin' folder to make this service work. Also see 'https://github.com/NixOS/nixpkgs/pull/26470'."; - exit 1 - fi echo "Recreating '/var/lib/spamasassin' with creating '3.004001' (or similar) and 'sa-update-keys'" mkdir -p /var/lib/spamassassin chown spamd:spamd /var/lib/spamassassin -R - set +e + set +e ${pkgs.su}/bin/su -s "${pkgs.bash}/bin/bash" -c "${pkgs.spamassassin}/bin/sa-update --gpghomedir=/var/lib/spamassassin/sa-update-keys/ --siteconfigpath=${spamdEnv}/" spamd v=$? set -e diff --git a/nixos/modules/services/misc/nix-daemon.nix b/nixos/modules/services/misc/nix-daemon.nix index bf1304ee7ac..efa3b5b6bd7 100644 --- a/nixos/modules/services/misc/nix-daemon.nix +++ b/nixos/modules/services/misc/nix-daemon.nix @@ -428,7 +428,7 @@ in fi ''; - nix.nrBuildUsers = mkDefault (lib.max 10 cfg.maxJobs); + nix.nrBuildUsers = mkDefault (lib.max 32 cfg.maxJobs); users.extraUsers = nixbldUsers; diff --git a/nixos/modules/services/networking/tinc.nix b/nixos/modules/services/networking/tinc.nix index d5db328310c..0354e76d74f 100644 --- a/nixos/modules/services/networking/tinc.nix +++ b/nixos/modules/services/networking/tinc.nix @@ -141,7 +141,6 @@ in ${optionalString (data.ed25519PrivateKeyFile != null) "Ed25519PrivateKeyFile = ${data.ed25519PrivateKeyFile}"} ${optionalString (data.listenAddress != null) "ListenAddress = ${data.listenAddress}"} ${optionalString (data.bindToAddress != null) "BindToAddress = ${data.bindToAddress}"} - Device = /dev/net/tun Interface = tinc.${network} ${data.extraConfig} ''; @@ -168,6 +167,7 @@ in Type = "simple"; Restart = "always"; RestartSec = "3"; + ExecStart = "${data.package}/bin/tincd -D -U tinc.${network} -n ${network} ${optionalString (data.chroot) "-R"} --pidfile /run/tinc.${network}.pid -d ${toString data.debugLevel}"; }; preStart = '' mkdir -p /etc/tinc/${network}/hosts @@ -187,9 +187,6 @@ in [ -f "/etc/tinc/${network}/rsa_key.priv" ] || tincd -n ${network} -K 4096 fi ''; - script = '' - tincd -D -U tinc.${network} -n ${network} ${optionalString (data.chroot) "-R"} --pidfile /run/tinc.${network}.pid -d ${toString data.debugLevel} - ''; }) ); diff --git a/nixos/release.nix b/nixos/release.nix index ac7755a160f..06f1c73410c 100644 --- a/nixos/release.nix +++ b/nixos/release.nix @@ -283,6 +283,7 @@ in rec { tests.mumble = callTest tests/mumble.nix {}; tests.munin = callTest tests/munin.nix {}; tests.mysql = callTest tests/mysql.nix {}; + tests.mysqlBackup = callTest tests/mysql-backup.nix {}; tests.mysqlReplication = callTest tests/mysql-replication.nix {}; tests.nat.firewall = callTest tests/nat.nix { withFirewall = true; }; tests.nat.firewall-conntrack = callTest tests/nat.nix { withFirewall = true; withConntrackHelpers = true; }; diff --git a/nixos/tests/mysql-backup.nix b/nixos/tests/mysql-backup.nix new file mode 100644 index 00000000000..f5bcc460cba --- /dev/null +++ b/nixos/tests/mysql-backup.nix @@ -0,0 +1,42 @@ +# Test whether mysqlBackup option works +import ./make-test.nix ({ pkgs, ... } : { + name = "mysql-backup"; + meta = with pkgs.stdenv.lib.maintainers; { + maintainers = [ rvl ]; + }; + + nodes = { + master = { config, pkgs, ... }: { + services.mysql = { + enable = true; + initialDatabases = [ { name = "testdb"; schema = ./testdb.sql; } ]; + package = pkgs.mysql; + }; + + services.mysqlBackup = { + enable = true; + databases = [ "doesnotexist" "testdb" ]; + }; + }; + }; + + testScript = + '' startAll; + + # Need to have mysql started so that it can be populated with data. + $master->waitForUnit("mysql.service"); + + # Wait for testdb to be populated. + $master->sleep(10); + + # Do a backup and wait for it to finish. + $master->startJob("mysql-backup.service"); + $master->waitForJob("mysql-backup.service"); + + # Check that data appears in backup + $master->succeed("${pkgs.gzip}/bin/zcat /var/backup/mysql/testdb.gz | grep hello"); + + # Check that a failed backup is logged + $master->succeed("journalctl -u mysql-backup.service | grep 'fail.*doesnotexist' > /dev/null"); + ''; +}) diff --git a/nixos/tests/testdb.sql b/nixos/tests/testdb.sql index 4fb28fea3df..3c68c49ae82 100644 --- a/nixos/tests/testdb.sql +++ b/nixos/tests/testdb.sql @@ -8,3 +8,4 @@ insert into tests values (1, 'a'); insert into tests values (2, 'b'); insert into tests values (3, 'c'); insert into tests values (4, 'd'); +insert into tests values (5, 'hello'); diff --git a/pkgs/applications/editors/vim/common.nix b/pkgs/applications/editors/vim/common.nix index 1d661014c77..18e1df4575d 100644 --- a/pkgs/applications/editors/vim/common.nix +++ b/pkgs/applications/editors/vim/common.nix @@ -1,12 +1,12 @@ { lib, fetchFromGitHub }: rec { - version = "8.0.0442"; + version = "8.0.1150"; src = fetchFromGitHub { owner = "vim"; repo = "vim"; rev = "v${version}"; - sha256 = "1pyyrkb7k5vhm1ijrh4v2f50lxhrgga5mm0gvmz4v704z0h585yg"; + sha256 = "1k1qkmb2jbymqikrp99q1yjagdf508xzabrw7b08dlh926b2v23j"; }; enableParallelBuilding = true; diff --git a/pkgs/applications/networking/browsers/firefox/no-buildconfig.patch b/pkgs/applications/networking/browsers/firefox/no-buildconfig.patch new file mode 100644 index 00000000000..83f9a1329be --- /dev/null +++ b/pkgs/applications/networking/browsers/firefox/no-buildconfig.patch @@ -0,0 +1,25 @@ +diff -ru -x '*~' firefox-55.0.3-orig/docshell/base/nsAboutRedirector.cpp firefox-55.0.3/docshell/base/nsAboutRedirector.cpp +--- firefox-55.0.3-orig/docshell/base/nsAboutRedirector.cpp 2017-07-31 18:20:51.000000000 +0200 ++++ firefox-55.0.3/docshell/base/nsAboutRedirector.cpp 2017-09-26 22:02:00.814151731 +0200 +@@ -40,10 +40,6 @@ + nsIAboutModule::ALLOW_SCRIPT + }, + { +- "buildconfig", "chrome://global/content/buildconfig.html", +- nsIAboutModule::URI_SAFE_FOR_UNTRUSTED_CONTENT +- }, +- { + "checkerboard", "chrome://global/content/aboutCheckerboard.xhtml", + nsIAboutModule::URI_SAFE_FOR_UNTRUSTED_CONTENT | + nsIAboutModule::ALLOW_SCRIPT +diff -ru -x '*~' firefox-55.0.3-orig/toolkit/content/jar.mn firefox-55.0.3/toolkit/content/jar.mn +--- firefox-55.0.3-orig/toolkit/content/jar.mn 2017-07-31 18:20:52.000000000 +0200 ++++ firefox-55.0.3/toolkit/content/jar.mn 2017-09-26 22:01:42.383350314 +0200 +@@ -40,7 +40,6 @@ + content/global/plugins.css + content/global/browser-child.js + content/global/browser-content.js +-* content/global/buildconfig.html + content/global/contentAreaUtils.js + #ifndef MOZ_FENNEC + content/global/customizeToolbar.css diff --git a/pkgs/applications/networking/browsers/firefox/packages.nix b/pkgs/applications/networking/browsers/firefox/packages.nix index 83eb563a8e7..e2a8e201fef 100644 --- a/pkgs/applications/networking/browsers/firefox/packages.nix +++ b/pkgs/applications/networking/browsers/firefox/packages.nix @@ -12,10 +12,12 @@ rec { sha512 = "3cacc87b97871f3a8c5e97c17ef7025079cb5c81f32377d9402cdad45815ac6c4c4762c79187f1e477910161c2377c42d41de62a50b6741d5d7c1cd70e8c6416"; }; - patches = lib.optional stdenv.isi686 (fetchpatch { - url = "https://hg.mozilla.org/mozilla-central/raw-rev/15517c5a5d37"; - sha256 = "1ba487p3hk4w2w7qqfxgv1y57vp86b8g3xhav2j20qd3j3phbbn7"; - }); + patches = + [ ./no-buildconfig.patch ] + ++ lib.optional stdenv.isi686 (fetchpatch { + url = "https://hg.mozilla.org/mozilla-central/raw-rev/15517c5a5d37"; + sha256 = "1ba487p3hk4w2w7qqfxgv1y57vp86b8g3xhav2j20qd3j3phbbn7"; + }); meta = { description = "A web browser built from Firefox source tree"; diff --git a/pkgs/applications/networking/browsers/firefox/wrapper.nix b/pkgs/applications/networking/browsers/firefox/wrapper.nix index 1dd5c9191f0..2413f1cfdca 100644 --- a/pkgs/applications/networking/browsers/firefox/wrapper.nix +++ b/pkgs/applications/networking/browsers/firefox/wrapper.nix @@ -129,6 +129,8 @@ in stdenv.mkDerivation { passthru = { unwrapped = browser; }; + disallowedRequisites = [ stdenv.cc ]; + meta = browser.meta // { description = browser.meta.description diff --git a/pkgs/applications/networking/browsers/tor-browser-bundle/default.nix b/pkgs/applications/networking/browsers/tor-browser-bundle/default.nix index 048017cae5b..ca20125332a 100644 --- a/pkgs/applications/networking/browsers/tor-browser-bundle/default.nix +++ b/pkgs/applications/networking/browsers/tor-browser-bundle/default.nix @@ -2,11 +2,20 @@ , lib , fetchurl , fetchgit +, symlinkJoin , tor , tor-browser-unwrapped +# Wrapper runtime +, coreutils +, hicolor_icon_theme +, shared_mime_info +, noto-fonts +, noto-fonts-emoji + # Extensions, common +, unzip , zip # HTTPS Everywhere @@ -15,6 +24,9 @@ , python27 , python27Packages , rsync + +# Customization +, extraPrefs ? "" }: let @@ -24,11 +36,16 @@ let sha256 = "0j37mqldj33fnzghxifvy6v8vdwkcz0i4z81prww64md5s8qcsa9"; }; + # Each extension drv produces an output comprising an unpacked .xpi + # named after the extension uuid, as it would appear under + # `firefox/extensions'. firefoxExtensions = { https-everywhere = stdenv.mkDerivation rec { name = "https-everywhere-${version}"; version = "5.2.21"; + extid = "https-everywhere-eff@eff.org"; + src = fetchgit { url = "https://git.torproject.org/https-everywhere.git"; rev = "refs/tags/${version}"; @@ -41,16 +58,24 @@ let python27 python27Packages.lxml rsync + unzip zip ]; - buildCommand = '' + unpackPhase = '' cp -dR --no-preserve=mode "$src" src cd src + ''; - sed -i makexpi.sh -e '104d' # cp -a translations/* fails because the dir is empty ... + # Beware: the build expects translations/ to be non-empty (which it + # will be with submodules initialized). + buildPhase = '' $shell ./makexpi.sh ${version} --no-recurse - install -m 444 -Dt $out pkg"/"*.xpi + ''; + + installPhase = '' + mkdir $out + unzip -d "$out/$extid" "pkg/https-everywhere-$version-eff.xpi" ''; meta = { @@ -58,53 +83,105 @@ let }; }; - noscript = fetchurl { - url = https://secure.informaction.com/download/releases/noscript-5.0.10.xpi; - sha256 = "18k5karbaj5mhd9cyjbqgik6044bw88rjalkh6anjanxbn503j6g"; + noscript = stdenv.mkDerivation rec { + name = "noscript-${version}"; + version = "5.0.10"; + + extid = "{73a6fe31-595d-460b-a920-fcc0f8843232}"; + + src = fetchurl { + url = "https://secure.informaction.com/download/releases/noscript-${version}.xpi"; + sha256 = "18k5karbaj5mhd9cyjbqgik6044bw88rjalkh6anjanxbn503j6g"; + }; + + nativeBuildInputs = [ unzip ]; + + unpackPhase = ":"; + + installPhase = '' + mkdir $out + unzip -d "$out/$extid" "$src" + ''; }; torbutton = stdenv.mkDerivation rec { name = "torbutton-${version}"; version = "1.9.8.1"; + extid = "torbutton@torproject.org"; + src = fetchgit { url = "https://git.torproject.org/torbutton.git"; rev = "refs/tags/${version}"; sha256 = "1amp0c9ky0a7fsa0bcbi6n6ginw7s2g3an4rj7kvc1lxmrcsm65l"; }; - nativeBuildInputs = [ zip ]; + nativeBuildInputs = [ unzip zip ]; - buildCommand = '' + unpackPhase = '' cp -dR --no-preserve=mode "$src" src cd src - - $shell ./makexpi.sh - install -m 444 -Dt $out pkg"/"*.xpi ''; + + buildPhase = '' + $shell ./makexpi.sh + ''; + + installPhase = '' + mkdir $out + unzip -d "$out/$extid" "pkg/torbutton-$version.xpi" + ''; + + meta = { + homepage = https://gitweb.torproject.org/torbutton.git/; + }; }; tor-launcher = stdenv.mkDerivation rec { name = "tor-launcher-${version}"; version = "0.2.12.3"; + extid = "tor-launcher@torproject.org"; + src = fetchgit { url = "https://git.torproject.org/tor-launcher.git"; rev = "refs/tags/${version}"; sha256 = "0126x48pjiy2zm4l8jzhk70w24hviaz560ffp4lb9x0ar615bc9q"; }; - nativeBuildInputs = [ zip ]; + nativeBuildInputs = [ unzip zip ]; - buildCommand = '' + unpackPhase = '' cp -dR --no-preserve=mode "$src" src cd src - - make package - install -m 444 -Dt $out pkg"/"*.xpi ''; + + buildPhase = '' + make package + ''; + + installPhase = '' + mkdir $out + unzip -d "$out/$extid" "pkg/tor-launcher-$version.xpi" + ''; + + meta = { + homepage = https://gitweb.torproject.org/tor-launcher.git/; + }; }; }; + + extensionsEnv = symlinkJoin { + name = "tor-browser-extensions"; + paths = with firefoxExtensions; [ https-everywhere noscript torbutton tor-launcher ]; + }; + + fontsEnv = symlinkJoin { + name = "tor-browser-fonts"; + paths = [ noto-fonts noto-fonts-emoji ]; + }; + + fontsDir = "${fontsEnv}/share/fonts"; in stdenv.mkDerivation rec { name = "tor-browser-bundle-${version}"; @@ -118,10 +195,13 @@ stdenv.mkDerivation rec { installPhase = '' TBBUILD=${tor-browser-build_src}/projects/tor-browser + TBDATA_PATH=TorBrowser-Data self=$out/lib/tor-browser mkdir -p $self && cd $self + TBDATA_IN_STORE=$self/$TBDATA_PATH + cp -dR ${tor-browser-unwrapped}/lib"/"*"/"* . chmod -R +w . @@ -144,58 +224,148 @@ stdenv.mkDerivation rec { // Where to find the Nixpkgs tor executable & config lockPref("extensions.torlauncher.tor_path", "${tor}/bin/tor"); - lockPref("extensions.torlauncher.torrc-defaults_path", "$self/torrc-defaults"); + lockPref("extensions.torlauncher.torrc-defaults_path", "$TBDATA_IN_STORE/torrc-defaults"); // Captures store paths clearPref("extensions.xpiState"); + clearPref("extensions.bootstrappedAddons"); // Insist on using IPC for communicating with Tor - // - // Defaults to $XDG_RUNTIME_DIR/Tor/{socks,control}.socket lockPref("extensions.torlauncher.control_port_use_ipc", true); lockPref("extensions.torlauncher.socks_port_use_ipc", true); + + // User customization + ${extraPrefs} EOF # Preload extensions - install -m 444 -D \ - ${firefoxExtensions.tor-launcher}/tor-launcher-*.xpi \ - browser/extensions/tor-launcher@torproject.org.xpi - install -m 444 -D \ - ${firefoxExtensions.torbutton}/torbutton-*.xpi \ - browser/extensions/torbutton@torproject.org.xpi - install -m 444 -D \ - ${firefoxExtensions.https-everywhere}/https-everywhere-*-eff.xpi \ - browser/extensions/https-everywhere-eff@eff.org.xpi - install -m 444 -D \ - ${firefoxExtensions.noscript} \ - browser/extensions/{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi + # XXX: the fact that ln -s env browser/extensions fails, symlinkJoin seems a little redundant ... + ln -s -t browser/extensions ${extensionsEnv}"/"* # Copy bundle data - cat \ - $TBBUILD/Bundle-Data/linux/Data/Tor/torrc-defaults \ - $TBBUILD/Bundle-Data/PTConfigs/linux/torrc-defaults-appendix \ - >> torrc-defaults + bundlePlatform=linux + bundleData=$TBBUILD/Bundle-Data + mkdir -p $TBDATA_PATH cat \ - $TBBUILD/Bundle-Data/linux/Data/Browser/profile.default/preferences/extension-overrides.js \ - $TBBUILD/Bundle-Data/PTConfigs/bridge_prefs.js >> defaults/pref/extension-overrides.js \ + $bundleData/$bundlePlatform/Data/Tor/torrc-defaults \ + >> $TBDATA_PATH/torrc-defaults + cat \ + $bundleData/$bundlePlatform/Data/Browser/profile.default/preferences/extension-overrides.js \ >> defaults/pref/extension-overrides.js + # Hard-code path to TBB fonts; xref: FONTCONFIG_FILE in the wrapper below + sed $bundleData/$bundlePlatform/Data/fontconfig/fonts.conf \ + -e "s,fonts,${fontsDir}," \ + > $TBDATA_PATH/fonts.conf + # Generate a suitable wrapper + wrapper_PATH=${lib.makeBinPath [ coreutils ]} + wrapper_XDG_DATA_DIRS=${lib.concatMapStringsSep ":" (x: "${x}/share") [ + hicolor_icon_theme + shared_mime_info + ]} + mkdir -p $out/bin cat >$out/bin/tor-browser <&2 + exit 1 + fi + mkdir -p "\$TBB_HOME" HOME=\$TBB_HOME cd "\$HOME" - exec $self/firefox -no-remote about:tor + # Re-init XDG basedir envvars + XDG_CACHE_HOME=\$HOME/.cache + XDG_CONFIG_HOME=\$HOME/.config + XDG_DATA_HOME=\$HOME/.local/share + + # Initialize empty TBB runtime state directory hierarchy. Mirror the + # layout used by the official TBB, to avoid the hassle of working + # against the assumptions made by tor-launcher & co. + mkdir -p "\$HOME/TorBrowser" "\$HOME/TorBrowser/Data" + + # Initialize the Tor data directory. + mkdir -p "\$HOME/TorBrowser/Data/Tor" + + # TBB fails if ownership is too permissive + chmod 0700 "\$HOME/TorBrowser/Data/Tor" + + # Initialize the browser profile state. Expect TBB to generate all data. + mkdir -p "\$HOME/TorBrowser/Data/Browser/profile.default" + + # Files that capture store paths; re-generated by firefox at startup + rm -rf "\$HOME/TorBrowser/Data/Browser/profile.default"/{compatibility.ini,extensions.ini,extensions.json,startupCache} + + # Clear out fontconfig caches + rm -f "\$HOME/.cache/fontconfig/"*.cache-* + + # Lift-off! + # + # TZ is set to avoid stat()ing /etc/localtime over and over ... + # + # DBUS_SESSION_BUS_ADDRESS is inherited to avoid auto-launching a new + # dbus instance; to prevent using the session bus, set the envvar to + # an empty/invalid value prior to running tor-browser. + # + # FONTCONFIG_FILE is required to make fontconfig read the TBB + # fonts.conf; upstream uses FONTCONFIG_PATH, but FC_DEBUG=1024 + # indicates the system fonts.conf being used instead. + # + # HOME, TMPDIR, XDG_*_HOME are set as a form of soft confinement; + # ideally, tor-browser should not write to any path outside TBB_HOME + # and should run even under strict confinement to TBB_HOME. + # + # XDG_DATA_DIRS is set to prevent searching system directories for + # mime and icon data. + # + # Parameters lacking a default value below are *required* (enforced by + # -o nounset). + exec env -i \ + TZ=":" \ + \ + DISPLAY="\$DISPLAY" \ + XAUTHORITY="\$XAUTHORITY" \ + DBUS_SESSION_BUS_ADDRESS="\$DBUS_SESSION_BUS_ADDRESS" \ + \ + HOME="\$HOME" \ + TMPDIR="\$XDG_CACHE_HOME/tmp" \ + XDG_CONFIG_HOME="\$XDG_CONFIG_HOME" \ + XDG_DATA_HOME="\$XDG_DATA_HOME" \ + XDG_CACHE_HOME="\$XDG_CACHE_HOME" \ + \ + XDG_DATA_DIRS="$wrapper_XDG_DATA_DIRS" \ + \ + FONTCONFIG_FILE="$TBDATA_IN_STORE/fonts.conf" \ + \ + $self/firefox \ + -no-remote \ + -profile "\$HOME/TorBrowser/Data/Browser/profile.default" \ + "\$@" EOF chmod +x $out/bin/tor-browser + + echo "Syntax checking wrapper ..." + bash -n $out/bin/tor-browser + + echo "Checking wrapper ..." + DISPLAY="" XAUTHORITY="" DBUS_SESSION_BUS_ADDRESS="" TBB_HOME=$TMPDIR/tbb \ + $out/bin/tor-browser -version >/dev/null ''; meta = with stdenv.lib; { diff --git a/pkgs/applications/science/math/caffe/default.nix b/pkgs/applications/science/math/caffe/default.nix index 5c6fe9c573d..cb28d38bf1d 100644 --- a/pkgs/applications/science/math/caffe/default.nix +++ b/pkgs/applications/science/math/caffe/default.nix @@ -46,9 +46,8 @@ stdenv.mkDerivation rec { propagatedBuildInputs = lib.optional pythonSupport python.pkgs.protobuf; - outputs = [ "out" "bin" ]; - # Don't propagate bin. - outputBin = "out"; + outputs = [ "bin" "out"]; + propagatedBuildOutputs = []; # otherwise propagates out -> bin cycle postInstall = '' # Internal static library. diff --git a/pkgs/applications/video/shotcut/default.nix b/pkgs/applications/video/shotcut/default.nix index 72dbf87fdef..88cb43b4d91 100644 --- a/pkgs/applications/video/shotcut/default.nix +++ b/pkgs/applications/video/shotcut/default.nix @@ -1,26 +1,29 @@ -{ stdenv, fetchurl, SDL, frei0r, gettext, mlt, jack1, pkgconfig, qtbase, -qtmultimedia, qtwebkit, qtx11extras, qtwebsockets, qtquickcontrols, -qtgraphicaleffects, -qmake, makeWrapper }: +{ stdenv, fetchFromGitHub, SDL2, frei0r, gettext, mlt, jack1, pkgconfig, qtbase +, qtmultimedia, qtwebkit, qtx11extras, qtwebsockets, qtquickcontrols +, qtgraphicaleffects, libmlt +, qmake, makeWrapper }: stdenv.mkDerivation rec { name = "shotcut-${version}"; - version = "17.02"; + version = "17.09"; - src = fetchurl { - url = "https://github.com/mltframework/shotcut/archive/v${version}.tar.gz"; - sha256 = "09nygz1x9fvqf33gqpc6jnr1j7ny0yny3w2ngwqqfkf3f8n83qhr"; + src = fetchFromGitHub { + owner = "mltframework"; + repo = "shotcut"; + rev = "v${version}"; + sha256 = "061jmk1g2h7p82kyk2zgk19g0y3dgx3lppfnm6cdmi550b51qllb"; }; - enableParallelBuilding = true; nativeBuildInputs = [ makeWrapper pkgconfig qmake ]; buildInputs = [ - SDL frei0r gettext mlt + SDL2 frei0r gettext mlt libmlt qtbase qtmultimedia qtwebkit qtx11extras qtwebsockets qtquickcontrols qtgraphicaleffects ]; + NIX_CFLAGS_COMPILE = "-I${libmlt}/include/mlt++ -I${libmlt}/include/mlt"; + prePatch = '' sed 's_shotcutPath, "qmelt"_"${mlt}/bin/melt"_' -i src/jobs/meltjob.cpp sed 's_shotcutPath, "ffmpeg"_"${mlt.ffmpeg}/bin/ffmpeg"_' -i src/jobs/ffmpegjob.cpp @@ -31,7 +34,7 @@ stdenv.mkDerivation rec { postInstall = '' mkdir -p $out/share/shotcut cp -r src/qml $out/share/shotcut/ - wrapProgram $out/bin/shotcut --prefix FREI0R_PATH : ${frei0r}/lib/frei0r-1 --prefix LD_LIBRARY_PATH : ${stdenv.lib.makeLibraryPath [ jack1 SDL ]} --prefix PATH : ${mlt}/bin + wrapProgram $out/bin/shotcut --prefix FREI0R_PATH : ${frei0r}/lib/frei0r-1 --prefix LD_LIBRARY_PATH : ${stdenv.lib.makeLibraryPath [ jack1 SDL2 ]} --prefix PATH : ${mlt}/bin ''; meta = with stdenv.lib; { diff --git a/pkgs/applications/virtualization/docker/default.nix b/pkgs/applications/virtualization/docker/default.nix index 043f27e13d2..f28ec6275b8 100644 --- a/pkgs/applications/virtualization/docker/default.nix +++ b/pkgs/applications/virtualization/docker/default.nix @@ -44,6 +44,13 @@ rec { rev = containerdRev; sha256 = containerdSha256; }; + + # This should go into the containerd derivation once 1.0.0 is out + preBuild = '' + mkdir $(pwd)/vendor/src + mv $(pwd)/vendor/{github.com,golang.org,google.golang.org} $(pwd)/vendor/src/ + ln -s $(pwd) vendor/src/github.com/containerd/containerd + ''; }); docker-tini = tini.overrideAttrs (oldAttrs: rec { name = "docker-init"; @@ -188,14 +195,14 @@ rec { tiniSha256 = "0zj4kdis1vvc6dwn4gplqna0bs7v6d1y2zc8v80s3zi018inhznw"; }; - docker_17_07 = dockerGen rec { - version = "17.07.0-ce"; - rev = "87847530f7176a48348d196f7c23bbd058052af1"; # git commit - sha256 = "0zw9zlzbd7il33ch17ypwpa73gsb930sf2njnphg7ylvnqp8qzsp"; - runcRev = "2d41c047c83e09a6d61d464906feb2a2f3c52aa4"; - runcSha256 = "0v5iv29ck6lkxvxh7a56gfrlgfs0bjvjhrq3p6qqv9qjzv825byq"; - containerdRev = "3addd840653146c90a254301d6c3a663c7fd6429"; - containerdSha256 = "0as4s5wd57pdh1cyavkccpgs46kvlhr41v07qrv0phzffdhq3d5j"; + docker_17_09 = dockerGen rec { + version = "17.09.0-ce"; + rev = "afdb6d44a80f777069885a9ee0e0f86cf841b1bb"; # git commit + sha256 = "03g0imdcxqx9y4hhyymxqzvm8bqg4cqrmb7sjbxfdgrhzh9kcn1p"; + runcRev = "3f2f8b84a77f73d38244dd690525642a72156c64"; + runcSha256 = "0vaagmav8443kmyxac2y1y5l2ipcs1c7gdmsnvj48y9bafqx72rq"; + containerdRev = "06b9cb35161009dcb7123345749fef02f7cea8e0"; + containerdSha256 = "10hms8a2nn69nfnwly6923jzx40c3slpsdhjhff4bxh36flpf9gd"; tiniRev = "949e6facb77383876aeff8a6944dde66b3089574"; tiniSha256 = "0zj4kdis1vvc6dwn4gplqna0bs7v6d1y2zc8v80s3zi018inhznw"; }; diff --git a/pkgs/applications/window-managers/sway/default.nix b/pkgs/applications/window-managers/sway/default.nix index 274325b6785..2c94f7f6fec 100644 --- a/pkgs/applications/window-managers/sway/default.nix +++ b/pkgs/applications/window-managers/sway/default.nix @@ -6,20 +6,8 @@ }: let + # TODO: Sway 0.14.0 with wlc 0.0.10 segfaults version = "0.13.0"; - # Temporary workaround (0.14.0 segfaults) - wlc_009 = stdenv.lib.overrideDerivation wlc (oldAttrs: rec { - name = "wlc-${version}"; - version = "0.0.9"; - - src = fetchFromGitHub { - owner = "Cloudef"; - repo = "wlc"; - rev = "v${version}"; - fetchSubmodules = true; - sha256 = "1r6jf64gs7n9a8129wsc0mdwhcv44p8k87kg0714rhx3g2w22asg"; - }; - }); in stdenv.mkDerivation rec { name = "sway-${version}"; @@ -35,7 +23,7 @@ in stdenv.mkDerivation rec { asciidoc libxslt docbook_xsl ]; buildInputs = [ - wayland wlc_009 libxkbcommon pixman fontconfig pcre json_c dbus_libs + wayland wlc libxkbcommon pixman fontconfig pcre json_c dbus_libs pango cairo libinput libcap xwayland pam gdk_pixbuf libpthreadstubs libXdmcp ]; @@ -48,7 +36,7 @@ in stdenv.mkDerivation rec { cmakeFlags = "-DVERSION=${version}"; installPhase = "PREFIX=$out make install"; - LD_LIBRARY_PATH = stdenv.lib.makeLibraryPath [ wlc_009 dbus_libs ]; + LD_LIBRARY_PATH = stdenv.lib.makeLibraryPath [ wlc dbus_libs ]; preFixup = '' wrapProgram $out/bin/sway \ --prefix LD_LIBRARY_PATH : "${LD_LIBRARY_PATH}"; diff --git a/pkgs/desktops/gnome-3/core/gcr/default.nix b/pkgs/desktops/gnome-3/core/gcr/default.nix index 55eebf77be5..0798d69f9e6 100644 --- a/pkgs/desktops/gnome-3/core/gcr/default.nix +++ b/pkgs/desktops/gnome-3/core/gcr/default.nix @@ -5,6 +5,8 @@ stdenv.mkDerivation rec { inherit (import ./src.nix fetchurl) name src; + outputs = [ "out" "dev" ]; + buildInputs = [ pkgconfig intltool gnupg glib gobjectIntrospection libxslt libgcrypt libtasn1 dbus_glib gtk pango gdk_pixbuf atk makeWrapper vala_0_32 diff --git a/pkgs/desktops/gnome-3/core/gnome-keyring/default.nix b/pkgs/desktops/gnome-3/core/gnome-keyring/default.nix index df47c1a477b..4baafecadd0 100644 --- a/pkgs/desktops/gnome-3/core/gnome-keyring/default.nix +++ b/pkgs/desktops/gnome-3/core/gnome-keyring/default.nix @@ -5,6 +5,8 @@ stdenv.mkDerivation rec { inherit (import ./src.nix fetchurl) name src; + outputs = [ "out" "dev" ]; + buildInputs = with gnome3; [ dbus libgcrypt pam python gtk3 gconf libgnome_keyring pango gcr gdk_pixbuf atk p11_kit diff --git a/pkgs/development/libraries/cwiid/default.nix b/pkgs/development/libraries/cwiid/default.nix index fb5431ff8d5..606058da854 100644 --- a/pkgs/development/libraries/cwiid/default.nix +++ b/pkgs/development/libraries/cwiid/default.nix @@ -1,12 +1,14 @@ -{ stdenv, autoreconfHook, fetchgit, bison, flex, bluez, pkgconfig, gtk2 }: +{ stdenv, fetchFromGitHub, autoreconfHook, bison, flex, bluez, pkgconfig, gtk2 }: stdenv.mkDerivation rec { - name = "cwiid-2010-02-21-git"; + name = "cwiid-${version}-git"; + version = "2010-02-21"; - src = fetchgit { - url = https://github.com/abstrakraft/cwiid; - sha256 = "0qdb0x757k76nfj32xc2nrrdqd9jlwgg63vfn02l2iznnzahxp0h"; - rev = "fadf11e89b579bcc0336a0692ac15c93785f3f82"; + src = fetchFromGitHub { + owner = "abstrakraft"; + repo = "cwiid"; + rev = "fadf11e89b579bcc0336a0692ac15c93785f3f82"; + sha256 = "0qdb0x757k76nfj32xc2nrrdqd9jlwgg63vfn02l2iznnzahxp0h"; }; hardeningDisable = [ "format" ]; @@ -17,18 +19,20 @@ stdenv.mkDerivation rec { sed -i -e '/$(LDCONFIG)/d' common/include/lib.mak.in ''; - buildInputs = [ autoreconfHook bison flex bluez pkgconfig gtk2 ]; + buildInputs = [ bison flex bluez gtk2 ]; + + nativeBuildInputs = [ autoreconfHook pkgconfig ]; postInstall = '' # Some programs (for example, cabal-install) have problems with the double 0 sed -i -e "s/0.6.00/0.6.0/" $out/lib/pkgconfig/cwiid.pc ''; - meta = { + meta = with stdenv.lib; { description = "Linux Nintendo Wiimote interface"; - homepage = http://cwiid.org; - license = stdenv.lib.licenses.gpl2Plus; - maintainers = [ stdenv.lib.maintainers.bennofs ]; - platforms = stdenv.lib.platforms.linux; + homepage = http://cwiid.org; + license = licenses.gpl2Plus; + maintainers = with maintainers; [ bennofs ]; + platforms = platforms.linux; }; } diff --git a/pkgs/development/libraries/imlib2/default.nix b/pkgs/development/libraries/imlib2/default.nix index 8c66dcec161..8d26cabc9b5 100644 --- a/pkgs/development/libraries/imlib2/default.nix +++ b/pkgs/development/libraries/imlib2/default.nix @@ -29,7 +29,7 @@ stdenv.mkDerivation rec { configureFlags = optional stdenv.isDarwin "--enable-amd64=no" ++ optional (!x11Support) "--without-x"; - outputs = [ "out" "bin" "dev" ]; + outputs = [ "bin" "out" "dev" ]; postInstall = '' moveToOutput bin/imlib2-config "$dev" diff --git a/pkgs/development/libraries/libnfs/default.nix b/pkgs/development/libraries/libnfs/default.nix new file mode 100644 index 00000000000..d9149a1fbac --- /dev/null +++ b/pkgs/development/libraries/libnfs/default.nix @@ -0,0 +1,25 @@ +{ stdenv, fetchFromGitHub, autoreconfHook }: + +stdenv.mkDerivation rec { + name = "libnfs-${version}"; + version = "2.0.0"; + + src = fetchFromGitHub { + owner = "sahlberg"; + repo = "libnfs"; + rev = "libnfs-${version}"; + sha256 = "1xd1xb09jxwmx7hblv0f9gxv7i1glk3nbj2vyq50zpi158lnf2mb"; + }; + + nativeBuildInputs = [ autoreconfHook ]; + + enableParallelBuilding = true; + + meta = with stdenv.lib; { + description = "NFS client library"; + homepage = https://github.com/sahlberg/libnfs; + license = with licenses; [ lgpl2 bsd2 gpl3 ]; + maintainers = with maintainers; [ peterhoeg ]; + platforms = platforms.unix; + }; +} diff --git a/pkgs/development/libraries/wlc/default.nix b/pkgs/development/libraries/wlc/default.nix index 936c88034aa..c67070094de 100644 --- a/pkgs/development/libraries/wlc/default.nix +++ b/pkgs/development/libraries/wlc/default.nix @@ -2,18 +2,19 @@ , wayland, pixman, libxkbcommon, libinput, libxcb, xcbutilwm, xcbutilimage, mesa , libdrm, udev, libX11, libXdamage, systemd, dbus_libs, wayland-protocols , libpthreadstubs, libXau, libXdmcp, libXext, libXxf86vm +, withOptionalPackages ? true, zlib, valgrind, doxygen }: stdenv.mkDerivation rec { name = "wlc-${version}"; - version = "0.0.10"; + version = "0.0.9"; # 0.0.10 currently causes segfaults src = fetchFromGitHub { owner = "Cloudef"; repo = "wlc"; rev = "v${version}"; fetchSubmodules = true; - sha256 = "09kvwhrpgkxlagn9lgqxc80jbg56djn29a6z0n6h0dsm90ysyb2k"; + sha256 = "1r6jf64gs7n9a8129wsc0mdwhcv44p8k87kg0714rhx3g2w22asg"; }; nativeBuildInputs = [ cmake pkgconfig ]; @@ -21,8 +22,8 @@ stdenv.mkDerivation rec { buildInputs = [ wayland pixman libxkbcommon libinput libxcb xcbutilwm xcbutilimage mesa libdrm udev libX11 libXdamage systemd dbus_libs wayland-protocols - libpthreadstubs libXau libXdmcp libXext libXxf86vm - ]; + libpthreadstubs libXau libXdmcp libXext libXxf86vm ] + ++ stdenv.lib.optionals withOptionalPackages [ zlib valgrind doxygen ]; doCheck = true; checkTarget = "test"; diff --git a/pkgs/development/lisp-modules/quicklisp-to-nix-output/cl-protobufs.nix b/pkgs/development/lisp-modules/quicklisp-to-nix-output/cl-protobufs.nix new file mode 100644 index 00000000000..7ec440076c3 --- /dev/null +++ b/pkgs/development/lisp-modules/quicklisp-to-nix-output/cl-protobufs.nix @@ -0,0 +1,30 @@ +args @ { fetchurl, ... }: +rec { + baseName = ''cl-protobufs''; + version = ''20170403-git''; + + description = ''Protobufs for Common Lisp''; + + deps = [ args."alexandria" args."babel" args."closer-mop" args."trivial-features" args."trivial-garbage" ]; + + src = fetchurl { + url = ''http://beta.quicklisp.org/archive/cl-protobufs/2017-04-03/cl-protobufs-20170403-git.tgz''; + sha256 = ''0ibpl076k8gq79sacg96mzjf5hqkrxzi5wlx3bjap52pla53w4g5''; + }; + + packageName = "cl-protobufs"; + + asdFilesToKeep = ["cl-protobufs.asd"]; + overrides = x: x; +} +/* (SYSTEM cl-protobufs DESCRIPTION Protobufs for Common Lisp SHA256 + 0ibpl076k8gq79sacg96mzjf5hqkrxzi5wlx3bjap52pla53w4g5 URL + http://beta.quicklisp.org/archive/cl-protobufs/2017-04-03/cl-protobufs-20170403-git.tgz + MD5 86c8da92b246b4b77d6107bc5dfaff08 NAME cl-protobufs FILENAME + cl-protobufs DEPS + ((NAME alexandria FILENAME alexandria) (NAME babel FILENAME babel) + (NAME closer-mop FILENAME closer-mop) + (NAME trivial-features FILENAME trivial-features) + (NAME trivial-garbage FILENAME trivial-garbage)) + DEPENDENCIES (alexandria babel closer-mop trivial-features trivial-garbage) + VERSION 20170403-git SIBLINGS (cl-protobufs-tests) PARASITES NIL) */ diff --git a/pkgs/development/lisp-modules/quicklisp-to-nix-systems.txt b/pkgs/development/lisp-modules/quicklisp-to-nix-systems.txt index 32ef6367e27..49aa941094b 100644 --- a/pkgs/development/lisp-modules/quicklisp-to-nix-systems.txt +++ b/pkgs/development/lisp-modules/quicklisp-to-nix-systems.txt @@ -33,6 +33,7 @@ closer-mop cl-ppcre cl-ppcre-template cl-ppcre-unicode +cl-protobufs cl-reexport cl-smtp clsql diff --git a/pkgs/development/lisp-modules/quicklisp-to-nix.nix b/pkgs/development/lisp-modules/quicklisp-to-nix.nix index 22b58895747..86817e14f55 100644 --- a/pkgs/development/lisp-modules/quicklisp-to-nix.nix +++ b/pkgs/development/lisp-modules/quicklisp-to-nix.nix @@ -2012,6 +2012,19 @@ let quicklisp-to-nix-packages = rec { })); + "cl-protobufs" = buildLispPackage + ((f: x: (x // (f x))) + (qlOverrides."cl-protobufs" or (x: {})) + (import ./quicklisp-to-nix-output/cl-protobufs.nix { + inherit fetchurl; + "alexandria" = quicklisp-to-nix-packages."alexandria"; + "babel" = quicklisp-to-nix-packages."babel"; + "closer-mop" = quicklisp-to-nix-packages."closer-mop"; + "trivial-features" = quicklisp-to-nix-packages."trivial-features"; + "trivial-garbage" = quicklisp-to-nix-packages."trivial-garbage"; + })); + + "cl-ppcre-unicode" = buildLispPackage ((f: x: (x // (f x))) (qlOverrides."cl-ppcre-unicode" or (x: {})) diff --git a/pkgs/development/node-packages/node-packages-v6.nix b/pkgs/development/node-packages/node-packages-v6.nix index ba2a6c77ce2..bd4a3e5abcc 100644 --- a/pkgs/development/node-packages/node-packages-v6.nix +++ b/pkgs/development/node-packages/node-packages-v6.nix @@ -23701,10 +23701,10 @@ in bower2nix = nodeEnv.buildNodePackage { name = "bower2nix"; packageName = "bower2nix"; - version = "3.1.1"; + version = "3.2.0"; src = fetchurl { - url = "https://registry.npmjs.org/bower2nix/-/bower2nix-3.1.1.tgz"; - sha1 = "77cc8f966a3595686f5d6fae30ad9bd2cc20bfe3"; + url = "https://registry.npmjs.org/bower2nix/-/bower2nix-3.2.0.tgz"; + sha1 = "nlzr17lidjf72s60vcsnqpjxgnnsn32s"; }; dependencies = [ sources."argparse-1.0.4" @@ -37338,4 +37338,4 @@ in }; production = true; }; -} \ No newline at end of file +} diff --git a/pkgs/development/python-modules/cffi/default.nix b/pkgs/development/python-modules/cffi/default.nix index 5b0265601a3..cced78c0c6a 100644 --- a/pkgs/development/python-modules/cffi/default.nix +++ b/pkgs/development/python-modules/cffi/default.nix @@ -10,6 +10,8 @@ if isPyPy then null else buildPythonPackage rec { sha256 = "1mffyilq4qycm8gs4wkgb18rnqil8a9blqq77chdlshzxc8jkc5k"; }; + outputs = [ "out" "dev" ]; + propagatedBuildInputs = [ libffi pycparser ]; buildInputs = [ pytest ]; diff --git a/pkgs/development/python-modules/phonenumbers/default.nix b/pkgs/development/python-modules/phonenumbers/default.nix index 53ec2c292fc..5f54fb12ec2 100644 --- a/pkgs/development/python-modules/phonenumbers/default.nix +++ b/pkgs/development/python-modules/phonenumbers/default.nix @@ -2,12 +2,12 @@ buildPythonPackage rec { pname = "phonenumbers"; - version = "8.8.1"; + version = "8.8.2"; name = "${pname}-${version}"; src = fetchPypi { inherit pname version; - sha256 = "09f4b307v6wn5zs6spvp5icwad3dz9baf7d14hyvpnxn7cdqj2xy"; + sha256 = "0xwis5hvp2wmnzqxax8896vhyb3q2fs9l9ilvyr44jdh3342dxpx"; }; meta = { diff --git a/pkgs/development/python-modules/requests/default.nix b/pkgs/development/python-modules/requests/default.nix index b85bb54a4f1..f3ff4a84f1e 100644 --- a/pkgs/development/python-modules/requests/default.nix +++ b/pkgs/development/python-modules/requests/default.nix @@ -12,6 +12,8 @@ buildPythonPackage rec { sha256 = "0zi3v9nsmv9j27d0c0m1dvqyvaxz53g8m0aa1h3qanxs4irkwi4w"; }; + outputs = [ "out" "dev" ]; + nativeBuildInputs = [ pytest ]; propagatedBuildInputs = [ urllib3 idna chardet certifi ]; # sadly, tests require networking diff --git a/pkgs/development/ruby-modules/gem-config/default.nix b/pkgs/development/ruby-modules/gem-config/default.nix index 6647d71bd00..a0d4b9adcbe 100644 --- a/pkgs/development/ruby-modules/gem-config/default.nix +++ b/pkgs/development/ruby-modules/gem-config/default.nix @@ -183,7 +183,7 @@ in pg = attrs: { buildFlags = [ - "--with-pg-config=${postgresql}/bin/pg_config" + "--with-pg-config=${postgresql.dev}/bin/pg_config" ]; }; diff --git a/pkgs/os-specific/linux/kernel/linux-4.12.nix b/pkgs/os-specific/linux/kernel/linux-4.12.nix deleted file mode 100644 index bff0f5db953..00000000000 --- a/pkgs/os-specific/linux/kernel/linux-4.12.nix +++ /dev/null @@ -1,11 +0,0 @@ -{ stdenv, hostPlatform, fetchurl, perl, buildLinux, ... } @ args: - -import ./generic.nix (args // rec { - version = "4.12.14"; - extraMeta.branch = "4.12"; - - src = fetchurl { - url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz"; - sha256 = "09zxmknh6awhqmj8dyq95bdlwcasryy35hkjxjlzixdgn52kzaw6"; - }; -} // (args.argsOverride or {})) diff --git a/pkgs/os-specific/linux/kernel/linux-4.13.nix b/pkgs/os-specific/linux/kernel/linux-4.13.nix index d1c4d8ba8e7..c45afd1cbeb 100644 --- a/pkgs/os-specific/linux/kernel/linux-4.13.nix +++ b/pkgs/os-specific/linux/kernel/linux-4.13.nix @@ -1,11 +1,11 @@ { stdenv, hostPlatform, fetchurl, perl, buildLinux, ... } @ args: import ./generic.nix (args // rec { - version = "4.13.3"; + version = "4.13.4"; extraMeta.branch = "4.13"; src = fetchurl { url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz"; - sha256 = "1ayai3i0jakxzszpijhknjiwwi055wa74bpmnr0n7dh2l5s2rlh3"; + sha256 = "087lv2laf4wx28z9zqg9s275nzygica0hc1g8vn5ql6yb7mrb7m0"; }; } // (args.argsOverride or {})) diff --git a/pkgs/os-specific/linux/kernel/linux-4.9.nix b/pkgs/os-specific/linux/kernel/linux-4.9.nix index 5033bb88f79..6531323c1d5 100644 --- a/pkgs/os-specific/linux/kernel/linux-4.9.nix +++ b/pkgs/os-specific/linux/kernel/linux-4.9.nix @@ -1,11 +1,11 @@ { stdenv, hostPlatform, fetchurl, perl, buildLinux, ... } @ args: import ./generic.nix (args // rec { - version = "4.9.51"; + version = "4.9.52"; extraMeta.branch = "4.9"; src = fetchurl { url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz"; - sha256 = "12mag09scyzi5a352y39y4b6rjh89qqca53hhmjc396q09hsdyl3"; + sha256 = "12h4w6x0zcl8kpia2y7myv7w7i0dihw4g8v638fs8bzk3d7h7pgz"; }; } // (args.argsOverride or {})) diff --git a/pkgs/os-specific/linux/spl/default.nix b/pkgs/os-specific/linux/spl/default.nix index 31af8a49de1..cd0c283edbb 100644 --- a/pkgs/os-specific/linux/spl/default.nix +++ b/pkgs/os-specific/linux/spl/default.nix @@ -70,6 +70,6 @@ in splUnstable = common { version = "2017-09-26"; rev = "e8474f9ad3b3d23c3277535c4f53f8fd1e6cbd74"; - sha256 = "1hydfhmngpq31gxkxipqxnin74l760d1ia202h12vsgix9sp32h7"; + sha256 = "0251cnffgx98nckgz6imwa8dnvba44wc02aacmr1n430gmq72xra"; }; } diff --git a/pkgs/servers/emby/default.nix b/pkgs/servers/emby/default.nix index 5b749b92c03..678fb42acd5 100644 --- a/pkgs/servers/emby/default.nix +++ b/pkgs/servers/emby/default.nix @@ -2,11 +2,11 @@ stdenv.mkDerivation rec { name = "emby-${version}"; - version = "3.2.30.0"; + version = "3.2.32.0"; src = fetchurl { url = "https://github.com/MediaBrowser/Emby/releases/download/${version}/Emby.Mono.zip"; - sha256 = "1aqal7n4a9dvy97zw4aah9a8jm4l2v1qgjgs5kvskrvir2dbid27"; + sha256 = "0bwcqwh9g8yrkh1schfr30jf5m2w3r2raczq5x94vjfs8i6dmqh0"; }; buildInputs = with pkgs; [ diff --git a/pkgs/servers/sql/mariadb/default.nix b/pkgs/servers/sql/mariadb/default.nix index 3ede229931e..a2e5fbb6df9 100644 --- a/pkgs/servers/sql/mariadb/default.nix +++ b/pkgs/servers/sql/mariadb/default.nix @@ -15,11 +15,11 @@ mariadb = everything // { }; common = rec { # attributes common to both builds - version = "10.1.25"; + version = "10.1.26"; src = fetchurl { url = "https://downloads.mariadb.org/f/mariadb-${version}/source/mariadb-${version}.tar.gz/from/http%3A//ftp.hosteurope.de/mirror/archive.mariadb.org/?serve"; - sha256 = "1mm0n8sl6grajk5rbrx55333laz5dg2abyl8mlsn7h8vdymfq1bj"; + sha256 = "0ggpdcal0if9y6h9hp1yv2q65cbkjfl4p8rqk68a5pk7k75v325s"; name = "mariadb-${version}.tar.gz"; }; diff --git a/pkgs/servers/sql/postgresql/default.nix b/pkgs/servers/sql/postgresql/default.nix index 022ac15aee7..980ed5056a1 100644 --- a/pkgs/servers/sql/postgresql/default.nix +++ b/pkgs/servers/sql/postgresql/default.nix @@ -46,7 +46,7 @@ let let path = if atLeast "9.6" then "src/common/config_info.c" else "src/bin/pg_config/pg_config.c"; in '' # Hardcode the path to pgxs so pg_config returns the path in $out - substituteInPlace "${path}" --replace HARDCODED_PGXS_PATH $out/lib + substituteInPlace "${path}" --replace HARDCODED_PGXS_PATH $dev/lib ''; postInstall = diff --git a/pkgs/tools/backup/bacula/default.nix b/pkgs/tools/backup/bacula/default.nix index 374122814c5..7c368ce4d03 100644 --- a/pkgs/tools/backup/bacula/default.nix +++ b/pkgs/tools/backup/bacula/default.nix @@ -12,9 +12,9 @@ stdenv.mkDerivation rec { # acl relies on attr, which I can't get to build on darwin ++ stdenv.lib.optional (!stdenv.isDarwin) acl; - configureFlags = [ + configureFlags = [ "--with-sqlite3=${sqlite.dev}" - "--with-postgresql=${postgresql}" + "--with-postgresql=${postgresql.dev}" ]; postInstall = '' diff --git a/pkgs/tools/inputmethods/ibus-engines/ibus-anthy/default.nix b/pkgs/tools/inputmethods/ibus-engines/ibus-anthy/default.nix index f93edffa7bd..53b2a3abf28 100644 --- a/pkgs/tools/inputmethods/ibus-engines/ibus-anthy/default.nix +++ b/pkgs/tools/inputmethods/ibus-engines/ibus-anthy/default.nix @@ -18,7 +18,7 @@ stdenv.mkDerivation rec { configureFlags = [ "--with-anthy-zipcode=${anthy}/share/anthy/zipcode.t" ]; buildInputs = [ - anthy glib gobjectIntrospection gtk3 ibus python3 + anthy glib gobjectIntrospection gtk3 ibus (python3.withPackages (ps: [ps.pygobject3])) ]; nativeBuildInputs = [ intltool pkgconfig python3.pkgs.wrapPython ]; diff --git a/pkgs/tools/inputmethods/ibus-engines/ibus-hangul/default.nix b/pkgs/tools/inputmethods/ibus-engines/ibus-hangul/default.nix index 74253fa09fc..f70c7d02e9f 100644 --- a/pkgs/tools/inputmethods/ibus-engines/ibus-hangul/default.nix +++ b/pkgs/tools/inputmethods/ibus-engines/ibus-hangul/default.nix @@ -11,7 +11,7 @@ stdenv.mkDerivation rec { sha256 = "120p9w7za6hi521hz8q235fkl4i3p1qqr8nqm4a3kxr0pcq40bd2"; }; - buildInputs = [ gtk3 ibus libhangul ]; + buildInputs = [ gtk3 ibus libhangul python3 ]; nativeBuildInputs = [ intltool pkgconfig python3.pkgs.wrapPython ]; diff --git a/pkgs/tools/inputmethods/ibus/default.nix b/pkgs/tools/inputmethods/ibus/default.nix index 66d61b8c5e9..3b076bb8ff6 100644 --- a/pkgs/tools/inputmethods/ibus/default.nix +++ b/pkgs/tools/inputmethods/ibus/default.nix @@ -110,6 +110,10 @@ in stdenv.mkDerivation rec { doInstallCheck = true; installCheckPhase = "$out/bin/ibus version"; + postInstall = '' + moveToOutput "bin/ibus-setup" "$dev" + ''; + meta = with stdenv.lib; { homepage = https://github.com/ibus/ibus; description = "Intelligent Input Bus for Linux / Unix OS"; diff --git a/pkgs/tools/inputmethods/ibus/wrapper.nix b/pkgs/tools/inputmethods/ibus/wrapper.nix index 13035698827..d41ba1e791f 100644 --- a/pkgs/tools/inputmethods/ibus/wrapper.nix +++ b/pkgs/tools/inputmethods/ibus/wrapper.nix @@ -21,7 +21,7 @@ let done done - for prog in ibus ibus-setup; do + for prog in ibus; do wrapProgram "$out/bin/$prog" \ --set GDK_PIXBUF_MODULE_FILE ${librsvg.out}/lib/gdk-pixbuf-2.0/2.10.0/loaders.cache \ --prefix GI_TYPELIB_PATH : "$GI_TYPELIB_PATH:$out/lib/girepository-1.0" \ diff --git a/pkgs/tools/networking/network-manager-applet/default.nix b/pkgs/tools/networking/network-manager-applet/default.nix index c0c4950f447..3220aebdfe4 100644 --- a/pkgs/tools/networking/network-manager-applet/default.nix +++ b/pkgs/tools/networking/network-manager-applet/default.nix @@ -1,7 +1,8 @@ { stdenv, fetchurl, intltool, pkgconfig, libglade, networkmanager, gnome3 , libnotify, libsecret, polkit, isocodes, modemmanager, librsvg , mobile_broadband_provider_info, glib_networking, gsettings_desktop_schemas -, makeWrapper, udev, libgudev, hicolor_icon_theme, jansson, wrapGAppsHook, webkitgtk }: +, makeWrapper, udev, libgudev, hicolor_icon_theme, jansson, wrapGAppsHook, webkitgtk +, withGnome ? false }: stdenv.mkDerivation rec { name = "${pname}-${major}.${minor}"; @@ -24,8 +25,8 @@ stdenv.mkDerivation rec { buildInputs = [ gnome3.gtk libglade networkmanager libnotify libsecret gsettings_desktop_schemas polkit isocodes makeWrapper udev libgudev gnome3.gconf gnome3.libgnome_keyring - modemmanager jansson librsvg glib_networking gnome3.dconf webkitgtk - ]; + modemmanager jansson librsvg glib_networking gnome3.dconf + ] ++ stdenv.lib.optional withGnome webkitgtk; nativeBuildInputs = [ intltool pkgconfig wrapGAppsHook ]; diff --git a/pkgs/tools/security/metasploit/default.nix b/pkgs/tools/security/metasploit/default.nix index 15a30db522e..37796fef174 100644 --- a/pkgs/tools/security/metasploit/default.nix +++ b/pkgs/tools/security/metasploit/default.nix @@ -35,14 +35,14 @@ in stdenv.mkDerivation rec { cp -r * $out/share/msf - for i in $out/share/msf/msf*; do - bin=$out/bin/$(basename $i) - cat > $bin <