diff --git a/doc/package-notes.xml b/doc/package-notes.xml
index e1aea62f784..4d87a3a67fe 100644
--- a/doc/package-notes.xml
+++ b/doc/package-notes.xml
@@ -477,32 +477,18 @@ it. Place the resulting package.nix file into
Using the FOSS Radeon or nouveau (nvidia) drivers
-
- Both the open source radeon drivers as well as the nouveau drivers (nvidia)
- need a newer libc++ than is provided by the default runtime, which leads to a
- crash on launch. Use environment.systemPackages =
- [(pkgs.steam.override { newStdcpp = true; })]; in your config
- if you get an error like
-
-libGL error: unable to load driver: radeonsi_dri.so
-libGL error: driver pointer missing
-libGL error: failed to load driver: radeonsi
-libGL error: unable to load driver: swrast_dri.so
-libGL error: failed to load driver: swrast
- or
-
-libGL error: unable to load driver: nouveau_dri.so
-libGL error: driver pointer missing
-libGL error: failed to load driver: nouveau
-libGL error: unable to load driver: swrast_dri.so
-libGL error: failed to load driver: swrast
-
- Steam ships statically linked with a version of libcrypto that
- conflics with the one dynamically loaded by radeonsi_dri.so.
- If you get the error
- steam.sh: line 713: 7842 Segmentation fault (core dumped)
- have a look at this pull request.
-
+
+ The newStdcpp parameter
+ was removed since NixOS 17.09 and should not be needed anymore.
+
+
+
+ Steam ships statically linked with a version of libcrypto that
+ conflics with the one dynamically loaded by radeonsi_dri.so.
+ If you get the error
+ steam.sh: line 713: 7842 Segmentation fault (core dumped)
+ have a look at this pull request.
+
diff --git a/nixos/doc/manual/release-notes/release-notes.xml b/nixos/doc/manual/release-notes/release-notes.xml
index 6065a86f60d..5ed56bde665 100644
--- a/nixos/doc/manual/release-notes/release-notes.xml
+++ b/nixos/doc/manual/release-notes/release-notes.xml
@@ -9,6 +9,7 @@
This section lists the release notes for each stable version of NixOS
and current unstable revision.
+
diff --git a/nixos/doc/manual/release-notes/rl-1709.xml b/nixos/doc/manual/release-notes/rl-1709.xml
index c951934e623..1d6e693f83c 100644
--- a/nixos/doc/manual/release-notes/rl-1709.xml
+++ b/nixos/doc/manual/release-notes/rl-1709.xml
@@ -289,6 +289,52 @@ FLUSH PRIVILEGES;
in them being reloaded.
+
+
+
+ services.mysqlBackup now works by default
+ without any user setup, including for users other than
+ mysql.
+
+
+
+ By default, the mysql user is no longer the
+ user which performs the backup. Instead a system account
+ mysqlbackup is used.
+
+
+
+ The mysqlBackup service is also now using
+ systemd timers instead of cron.
+
+
+
+ Therefore, the services.mysqlBackup.period
+ option no longer exists, and has been replaced with
+ services.mysqlBackup.calendar, which is in
+ the format of systemd.time(7).
+
+
+
+ If you expect to be sent an e-mail when the backup fails,
+ consider using a script which monitors the systemd journal for
+ errors. Regretfully, at present there is no built-in
+ functionality for this.
+
+
+
+ You can check that backups still work by running
+ systemctl start mysql-backup then
+ systemctl status mysql-backup.
+
+
+
+
+ Steam: the newStdcpp parameter
+ was removed and should not be needed anymore.
+
+
Other notable improvements:
@@ -344,7 +390,7 @@ FLUSH PRIVILEGES;
- Definitions for /etc/hosts can now be sped
+ Definitions for /etc/hosts can now be specified
declaratively with networking.hosts.
diff --git a/nixos/doc/manual/release-notes/rl-1803.xml b/nixos/doc/manual/release-notes/rl-1803.xml
index ce05cde7b08..7acc689ed11 100644
--- a/nixos/doc/manual/release-notes/rl-1803.xml
+++ b/nixos/doc/manual/release-notes/rl-1803.xml
@@ -29,8 +29,7 @@ following incompatible changes:
-
-
+
diff --git a/nixos/modules/services/backup/mysql-backup.nix b/nixos/modules/services/backup/mysql-backup.nix
index 28f607861f7..3f533fa457d 100644
--- a/nixos/modules/services/backup/mysql-backup.nix
+++ b/nixos/modules/services/backup/mysql-backup.nix
@@ -6,10 +6,28 @@ let
inherit (pkgs) mysql gzip;
- cfg = config.services.mysqlBackup ;
- location = cfg.location ;
- mysqlBackupCron = db : ''
- ${cfg.period} ${cfg.user} ${mysql}/bin/mysqldump ${if cfg.singleTransaction then "--single-transaction" else ""} ${db} | ${gzip}/bin/gzip -c > ${location}/${db}.gz
+ cfg = config.services.mysqlBackup;
+ defaultUser = "mysqlbackup";
+
+ backupScript = ''
+ set -o pipefail
+ failed=""
+ ${concatMapStringsSep "\n" backupDatabaseScript cfg.databases}
+ if [ -n "$failed" ]; then
+ echo "Backup of database(s) failed:$failed"
+ exit 1
+ fi
+ '';
+ backupDatabaseScript = db: ''
+ dest="${cfg.location}/${db}.gz"
+ if ${mysql}/bin/mysqldump ${if cfg.singleTransaction then "--single-transaction" else ""} ${db} | ${gzip}/bin/gzip -c > $dest.tmp; then
+ mv $dest.tmp $dest
+ echo "Backed up to $dest"
+ else
+ echo "Failed to back up to $dest"
+ rm -f $dest.tmp
+ failed="$failed ${db}"
+ fi
'';
in
@@ -26,17 +44,16 @@ in
'';
};
- period = mkOption {
- default = "15 01 * * *";
+ calendar = mkOption {
+ type = types.str;
+ default = "01:15:00";
description = ''
- This option defines (in the format used by cron) when the
- databases should be dumped.
- The default is to update at 01:15 (at night) every day.
+ Configured when to run the backup service systemd unit (DayOfWeek Year-Month-Day Hour:Minute:Second).
'';
};
user = mkOption {
- default = "mysql";
+ default = defaultUser;
description = ''
User to be used to perform backup.
'';
@@ -66,16 +83,49 @@ in
};
- config = mkIf config.services.mysqlBackup.enable {
+ config = mkIf cfg.enable {
+ users.extraUsers = optionalAttrs (cfg.user == defaultUser) (singleton
+ { name = defaultUser;
+ isSystemUser = true;
+ createHome = false;
+ home = cfg.location;
+ group = "nogroup";
+ });
- services.cron.systemCronJobs = map mysqlBackupCron config.services.mysqlBackup.databases;
-
- system.activationScripts.mysqlBackup = stringAfter [ "stdio" "users" ]
- ''
- mkdir -m 0700 -p ${config.services.mysqlBackup.location}
- chown ${config.services.mysqlBackup.user} ${config.services.mysqlBackup.location}
- '';
+ services.mysql.ensureUsers = [{
+ name = cfg.user;
+ ensurePermissions = with lib;
+ let
+ privs = "SELECT, SHOW VIEW, TRIGGER, LOCK TABLES";
+ grant = db: nameValuePair "${db}.*" privs;
+ in
+ listToAttrs (map grant cfg.databases);
+ }];
+ systemd = {
+ timers."mysql-backup" = {
+ description = "Mysql backup timer";
+ wantedBy = [ "timers.target" ];
+ timerConfig = {
+ OnCalendar = cfg.calendar;
+ AccuracySec = "5m";
+ Unit = "mysql-backup.service";
+ };
+ };
+ services."mysql-backup" = {
+ description = "Mysql backup service";
+ enable = true;
+ serviceConfig = {
+ User = cfg.user;
+ PermissionsStartOnly = true;
+ };
+ preStart = ''
+ mkdir -m 0700 -p ${cfg.location}
+ chown -R ${cfg.user} ${cfg.location}
+ '';
+ script = backupScript;
+ };
+ };
};
}
diff --git a/nixos/modules/services/mail/spamassassin.nix b/nixos/modules/services/mail/spamassassin.nix
index fc8396cd85e..d483a8c3d67 100644
--- a/nixos/modules/services/mail/spamassassin.nix
+++ b/nixos/modules/services/mail/spamassassin.nix
@@ -42,7 +42,7 @@ in
Then you can Use this sieve filter:
require ["fileinto", "reject", "envelope"];
-
+
if header :contains "X-Spam-Flag" "YES" {
fileinto "spam";
}
@@ -67,11 +67,11 @@ in
initPreConf = mkOption {
type = types.str;
description = "The SpamAssassin init.pre config.";
- default =
- ''
+ default =
+ ''
#
# to update this list, run this command in the rules directory:
- # grep 'loadplugin.*Mail::SpamAssassin::Plugin::.*' -o -h * | sort | uniq
+ # grep 'loadplugin.*Mail::SpamAssassin::Plugin::.*' -o -h * | sort | uniq
#
#loadplugin Mail::SpamAssassin::Plugin::AccessDB
@@ -122,7 +122,11 @@ in
config = mkIf cfg.enable {
# Allow users to run 'spamc'.
- environment.systemPackages = [ pkgs.spamassassin ];
+
+ environment = {
+ etc = singleton { source = spamdEnv; target = "spamassassin"; };
+ systemPackages = [ pkgs.spamassassin ];
+ };
users.extraUsers = singleton {
name = "spamd";
@@ -138,7 +142,7 @@ in
systemd.services.sa-update = {
script = ''
- set +e
+ set +e
${pkgs.su}/bin/su -s "${pkgs.bash}/bin/bash" -c "${pkgs.spamassassin}/bin/sa-update --gpghomedir=/var/lib/spamassassin/sa-update-keys/ --siteconfigpath=${spamdEnv}/" spamd
v=$?
@@ -153,7 +157,7 @@ in
'';
};
- systemd.timers.sa-update = {
+ systemd.timers.sa-update = {
description = "sa-update-service";
partOf = [ "sa-update.service" ];
wantedBy = [ "timers.target" ];
@@ -177,15 +181,10 @@ in
# 0 and 1 no error, exitcode > 1 means error:
# https://spamassassin.apache.org/full/3.1.x/doc/sa-update.html#exit_codes
preStart = ''
- # this abstraction requires no centralized config at all
- if [ -d /etc/spamassassin ]; then
- echo "This spamassassin does not support global '/etc/spamassassin' folder for configuration as this would be impure. Merge your configs into 'services.spamassassin' and remove the '/etc/spamassassin' folder to make this service work. Also see 'https://github.com/NixOS/nixpkgs/pull/26470'.";
- exit 1
- fi
echo "Recreating '/var/lib/spamasassin' with creating '3.004001' (or similar) and 'sa-update-keys'"
mkdir -p /var/lib/spamassassin
chown spamd:spamd /var/lib/spamassassin -R
- set +e
+ set +e
${pkgs.su}/bin/su -s "${pkgs.bash}/bin/bash" -c "${pkgs.spamassassin}/bin/sa-update --gpghomedir=/var/lib/spamassassin/sa-update-keys/ --siteconfigpath=${spamdEnv}/" spamd
v=$?
set -e
diff --git a/nixos/modules/services/misc/nix-daemon.nix b/nixos/modules/services/misc/nix-daemon.nix
index bf1304ee7ac..efa3b5b6bd7 100644
--- a/nixos/modules/services/misc/nix-daemon.nix
+++ b/nixos/modules/services/misc/nix-daemon.nix
@@ -428,7 +428,7 @@ in
fi
'';
- nix.nrBuildUsers = mkDefault (lib.max 10 cfg.maxJobs);
+ nix.nrBuildUsers = mkDefault (lib.max 32 cfg.maxJobs);
users.extraUsers = nixbldUsers;
diff --git a/nixos/modules/services/networking/tinc.nix b/nixos/modules/services/networking/tinc.nix
index d5db328310c..0354e76d74f 100644
--- a/nixos/modules/services/networking/tinc.nix
+++ b/nixos/modules/services/networking/tinc.nix
@@ -141,7 +141,6 @@ in
${optionalString (data.ed25519PrivateKeyFile != null) "Ed25519PrivateKeyFile = ${data.ed25519PrivateKeyFile}"}
${optionalString (data.listenAddress != null) "ListenAddress = ${data.listenAddress}"}
${optionalString (data.bindToAddress != null) "BindToAddress = ${data.bindToAddress}"}
- Device = /dev/net/tun
Interface = tinc.${network}
${data.extraConfig}
'';
@@ -168,6 +167,7 @@ in
Type = "simple";
Restart = "always";
RestartSec = "3";
+ ExecStart = "${data.package}/bin/tincd -D -U tinc.${network} -n ${network} ${optionalString (data.chroot) "-R"} --pidfile /run/tinc.${network}.pid -d ${toString data.debugLevel}";
};
preStart = ''
mkdir -p /etc/tinc/${network}/hosts
@@ -187,9 +187,6 @@ in
[ -f "/etc/tinc/${network}/rsa_key.priv" ] || tincd -n ${network} -K 4096
fi
'';
- script = ''
- tincd -D -U tinc.${network} -n ${network} ${optionalString (data.chroot) "-R"} --pidfile /run/tinc.${network}.pid -d ${toString data.debugLevel}
- '';
})
);
diff --git a/nixos/release.nix b/nixos/release.nix
index ac7755a160f..06f1c73410c 100644
--- a/nixos/release.nix
+++ b/nixos/release.nix
@@ -283,6 +283,7 @@ in rec {
tests.mumble = callTest tests/mumble.nix {};
tests.munin = callTest tests/munin.nix {};
tests.mysql = callTest tests/mysql.nix {};
+ tests.mysqlBackup = callTest tests/mysql-backup.nix {};
tests.mysqlReplication = callTest tests/mysql-replication.nix {};
tests.nat.firewall = callTest tests/nat.nix { withFirewall = true; };
tests.nat.firewall-conntrack = callTest tests/nat.nix { withFirewall = true; withConntrackHelpers = true; };
diff --git a/nixos/tests/mysql-backup.nix b/nixos/tests/mysql-backup.nix
new file mode 100644
index 00000000000..f5bcc460cba
--- /dev/null
+++ b/nixos/tests/mysql-backup.nix
@@ -0,0 +1,42 @@
+# Test whether mysqlBackup option works
+import ./make-test.nix ({ pkgs, ... } : {
+ name = "mysql-backup";
+ meta = with pkgs.stdenv.lib.maintainers; {
+ maintainers = [ rvl ];
+ };
+
+ nodes = {
+ master = { config, pkgs, ... }: {
+ services.mysql = {
+ enable = true;
+ initialDatabases = [ { name = "testdb"; schema = ./testdb.sql; } ];
+ package = pkgs.mysql;
+ };
+
+ services.mysqlBackup = {
+ enable = true;
+ databases = [ "doesnotexist" "testdb" ];
+ };
+ };
+ };
+
+ testScript =
+ '' startAll;
+
+ # Need to have mysql started so that it can be populated with data.
+ $master->waitForUnit("mysql.service");
+
+ # Wait for testdb to be populated.
+ $master->sleep(10);
+
+ # Do a backup and wait for it to finish.
+ $master->startJob("mysql-backup.service");
+ $master->waitForJob("mysql-backup.service");
+
+ # Check that data appears in backup
+ $master->succeed("${pkgs.gzip}/bin/zcat /var/backup/mysql/testdb.gz | grep hello");
+
+ # Check that a failed backup is logged
+ $master->succeed("journalctl -u mysql-backup.service | grep 'fail.*doesnotexist' > /dev/null");
+ '';
+})
diff --git a/nixos/tests/testdb.sql b/nixos/tests/testdb.sql
index 4fb28fea3df..3c68c49ae82 100644
--- a/nixos/tests/testdb.sql
+++ b/nixos/tests/testdb.sql
@@ -8,3 +8,4 @@ insert into tests values (1, 'a');
insert into tests values (2, 'b');
insert into tests values (3, 'c');
insert into tests values (4, 'd');
+insert into tests values (5, 'hello');
diff --git a/pkgs/applications/editors/vim/common.nix b/pkgs/applications/editors/vim/common.nix
index 1d661014c77..18e1df4575d 100644
--- a/pkgs/applications/editors/vim/common.nix
+++ b/pkgs/applications/editors/vim/common.nix
@@ -1,12 +1,12 @@
{ lib, fetchFromGitHub }:
rec {
- version = "8.0.0442";
+ version = "8.0.1150";
src = fetchFromGitHub {
owner = "vim";
repo = "vim";
rev = "v${version}";
- sha256 = "1pyyrkb7k5vhm1ijrh4v2f50lxhrgga5mm0gvmz4v704z0h585yg";
+ sha256 = "1k1qkmb2jbymqikrp99q1yjagdf508xzabrw7b08dlh926b2v23j";
};
enableParallelBuilding = true;
diff --git a/pkgs/applications/networking/browsers/firefox/no-buildconfig.patch b/pkgs/applications/networking/browsers/firefox/no-buildconfig.patch
new file mode 100644
index 00000000000..83f9a1329be
--- /dev/null
+++ b/pkgs/applications/networking/browsers/firefox/no-buildconfig.patch
@@ -0,0 +1,25 @@
+diff -ru -x '*~' firefox-55.0.3-orig/docshell/base/nsAboutRedirector.cpp firefox-55.0.3/docshell/base/nsAboutRedirector.cpp
+--- firefox-55.0.3-orig/docshell/base/nsAboutRedirector.cpp 2017-07-31 18:20:51.000000000 +0200
++++ firefox-55.0.3/docshell/base/nsAboutRedirector.cpp 2017-09-26 22:02:00.814151731 +0200
+@@ -40,10 +40,6 @@
+ nsIAboutModule::ALLOW_SCRIPT
+ },
+ {
+- "buildconfig", "chrome://global/content/buildconfig.html",
+- nsIAboutModule::URI_SAFE_FOR_UNTRUSTED_CONTENT
+- },
+- {
+ "checkerboard", "chrome://global/content/aboutCheckerboard.xhtml",
+ nsIAboutModule::URI_SAFE_FOR_UNTRUSTED_CONTENT |
+ nsIAboutModule::ALLOW_SCRIPT
+diff -ru -x '*~' firefox-55.0.3-orig/toolkit/content/jar.mn firefox-55.0.3/toolkit/content/jar.mn
+--- firefox-55.0.3-orig/toolkit/content/jar.mn 2017-07-31 18:20:52.000000000 +0200
++++ firefox-55.0.3/toolkit/content/jar.mn 2017-09-26 22:01:42.383350314 +0200
+@@ -40,7 +40,6 @@
+ content/global/plugins.css
+ content/global/browser-child.js
+ content/global/browser-content.js
+-* content/global/buildconfig.html
+ content/global/contentAreaUtils.js
+ #ifndef MOZ_FENNEC
+ content/global/customizeToolbar.css
diff --git a/pkgs/applications/networking/browsers/firefox/packages.nix b/pkgs/applications/networking/browsers/firefox/packages.nix
index 83eb563a8e7..e2a8e201fef 100644
--- a/pkgs/applications/networking/browsers/firefox/packages.nix
+++ b/pkgs/applications/networking/browsers/firefox/packages.nix
@@ -12,10 +12,12 @@ rec {
sha512 = "3cacc87b97871f3a8c5e97c17ef7025079cb5c81f32377d9402cdad45815ac6c4c4762c79187f1e477910161c2377c42d41de62a50b6741d5d7c1cd70e8c6416";
};
- patches = lib.optional stdenv.isi686 (fetchpatch {
- url = "https://hg.mozilla.org/mozilla-central/raw-rev/15517c5a5d37";
- sha256 = "1ba487p3hk4w2w7qqfxgv1y57vp86b8g3xhav2j20qd3j3phbbn7";
- });
+ patches =
+ [ ./no-buildconfig.patch ]
+ ++ lib.optional stdenv.isi686 (fetchpatch {
+ url = "https://hg.mozilla.org/mozilla-central/raw-rev/15517c5a5d37";
+ sha256 = "1ba487p3hk4w2w7qqfxgv1y57vp86b8g3xhav2j20qd3j3phbbn7";
+ });
meta = {
description = "A web browser built from Firefox source tree";
diff --git a/pkgs/applications/networking/browsers/firefox/wrapper.nix b/pkgs/applications/networking/browsers/firefox/wrapper.nix
index 1dd5c9191f0..2413f1cfdca 100644
--- a/pkgs/applications/networking/browsers/firefox/wrapper.nix
+++ b/pkgs/applications/networking/browsers/firefox/wrapper.nix
@@ -129,6 +129,8 @@ in stdenv.mkDerivation {
passthru = { unwrapped = browser; };
+ disallowedRequisites = [ stdenv.cc ];
+
meta = browser.meta // {
description =
browser.meta.description
diff --git a/pkgs/applications/networking/browsers/tor-browser-bundle/default.nix b/pkgs/applications/networking/browsers/tor-browser-bundle/default.nix
index 048017cae5b..ca20125332a 100644
--- a/pkgs/applications/networking/browsers/tor-browser-bundle/default.nix
+++ b/pkgs/applications/networking/browsers/tor-browser-bundle/default.nix
@@ -2,11 +2,20 @@
, lib
, fetchurl
, fetchgit
+, symlinkJoin
, tor
, tor-browser-unwrapped
+# Wrapper runtime
+, coreutils
+, hicolor_icon_theme
+, shared_mime_info
+, noto-fonts
+, noto-fonts-emoji
+
# Extensions, common
+, unzip
, zip
# HTTPS Everywhere
@@ -15,6 +24,9 @@
, python27
, python27Packages
, rsync
+
+# Customization
+, extraPrefs ? ""
}:
let
@@ -24,11 +36,16 @@ let
sha256 = "0j37mqldj33fnzghxifvy6v8vdwkcz0i4z81prww64md5s8qcsa9";
};
+ # Each extension drv produces an output comprising an unpacked .xpi
+ # named after the extension uuid, as it would appear under
+ # `firefox/extensions'.
firefoxExtensions = {
https-everywhere = stdenv.mkDerivation rec {
name = "https-everywhere-${version}";
version = "5.2.21";
+ extid = "https-everywhere-eff@eff.org";
+
src = fetchgit {
url = "https://git.torproject.org/https-everywhere.git";
rev = "refs/tags/${version}";
@@ -41,16 +58,24 @@ let
python27
python27Packages.lxml
rsync
+ unzip
zip
];
- buildCommand = ''
+ unpackPhase = ''
cp -dR --no-preserve=mode "$src" src
cd src
+ '';
- sed -i makexpi.sh -e '104d' # cp -a translations/* fails because the dir is empty ...
+ # Beware: the build expects translations/ to be non-empty (which it
+ # will be with submodules initialized).
+ buildPhase = ''
$shell ./makexpi.sh ${version} --no-recurse
- install -m 444 -Dt $out pkg"/"*.xpi
+ '';
+
+ installPhase = ''
+ mkdir $out
+ unzip -d "$out/$extid" "pkg/https-everywhere-$version-eff.xpi"
'';
meta = {
@@ -58,53 +83,105 @@ let
};
};
- noscript = fetchurl {
- url = https://secure.informaction.com/download/releases/noscript-5.0.10.xpi;
- sha256 = "18k5karbaj5mhd9cyjbqgik6044bw88rjalkh6anjanxbn503j6g";
+ noscript = stdenv.mkDerivation rec {
+ name = "noscript-${version}";
+ version = "5.0.10";
+
+ extid = "{73a6fe31-595d-460b-a920-fcc0f8843232}";
+
+ src = fetchurl {
+ url = "https://secure.informaction.com/download/releases/noscript-${version}.xpi";
+ sha256 = "18k5karbaj5mhd9cyjbqgik6044bw88rjalkh6anjanxbn503j6g";
+ };
+
+ nativeBuildInputs = [ unzip ];
+
+ unpackPhase = ":";
+
+ installPhase = ''
+ mkdir $out
+ unzip -d "$out/$extid" "$src"
+ '';
};
torbutton = stdenv.mkDerivation rec {
name = "torbutton-${version}";
version = "1.9.8.1";
+ extid = "torbutton@torproject.org";
+
src = fetchgit {
url = "https://git.torproject.org/torbutton.git";
rev = "refs/tags/${version}";
sha256 = "1amp0c9ky0a7fsa0bcbi6n6ginw7s2g3an4rj7kvc1lxmrcsm65l";
};
- nativeBuildInputs = [ zip ];
+ nativeBuildInputs = [ unzip zip ];
- buildCommand = ''
+ unpackPhase = ''
cp -dR --no-preserve=mode "$src" src
cd src
-
- $shell ./makexpi.sh
- install -m 444 -Dt $out pkg"/"*.xpi
'';
+
+ buildPhase = ''
+ $shell ./makexpi.sh
+ '';
+
+ installPhase = ''
+ mkdir $out
+ unzip -d "$out/$extid" "pkg/torbutton-$version.xpi"
+ '';
+
+ meta = {
+ homepage = https://gitweb.torproject.org/torbutton.git/;
+ };
};
tor-launcher = stdenv.mkDerivation rec {
name = "tor-launcher-${version}";
version = "0.2.12.3";
+ extid = "tor-launcher@torproject.org";
+
src = fetchgit {
url = "https://git.torproject.org/tor-launcher.git";
rev = "refs/tags/${version}";
sha256 = "0126x48pjiy2zm4l8jzhk70w24hviaz560ffp4lb9x0ar615bc9q";
};
- nativeBuildInputs = [ zip ];
+ nativeBuildInputs = [ unzip zip ];
- buildCommand = ''
+ unpackPhase = ''
cp -dR --no-preserve=mode "$src" src
cd src
-
- make package
- install -m 444 -Dt $out pkg"/"*.xpi
'';
+
+ buildPhase = ''
+ make package
+ '';
+
+ installPhase = ''
+ mkdir $out
+ unzip -d "$out/$extid" "pkg/tor-launcher-$version.xpi"
+ '';
+
+ meta = {
+ homepage = https://gitweb.torproject.org/tor-launcher.git/;
+ };
};
};
+
+ extensionsEnv = symlinkJoin {
+ name = "tor-browser-extensions";
+ paths = with firefoxExtensions; [ https-everywhere noscript torbutton tor-launcher ];
+ };
+
+ fontsEnv = symlinkJoin {
+ name = "tor-browser-fonts";
+ paths = [ noto-fonts noto-fonts-emoji ];
+ };
+
+ fontsDir = "${fontsEnv}/share/fonts";
in
stdenv.mkDerivation rec {
name = "tor-browser-bundle-${version}";
@@ -118,10 +195,13 @@ stdenv.mkDerivation rec {
installPhase = ''
TBBUILD=${tor-browser-build_src}/projects/tor-browser
+ TBDATA_PATH=TorBrowser-Data
self=$out/lib/tor-browser
mkdir -p $self && cd $self
+ TBDATA_IN_STORE=$self/$TBDATA_PATH
+
cp -dR ${tor-browser-unwrapped}/lib"/"*"/"* .
chmod -R +w .
@@ -144,58 +224,148 @@ stdenv.mkDerivation rec {
// Where to find the Nixpkgs tor executable & config
lockPref("extensions.torlauncher.tor_path", "${tor}/bin/tor");
- lockPref("extensions.torlauncher.torrc-defaults_path", "$self/torrc-defaults");
+ lockPref("extensions.torlauncher.torrc-defaults_path", "$TBDATA_IN_STORE/torrc-defaults");
// Captures store paths
clearPref("extensions.xpiState");
+ clearPref("extensions.bootstrappedAddons");
// Insist on using IPC for communicating with Tor
- //
- // Defaults to $XDG_RUNTIME_DIR/Tor/{socks,control}.socket
lockPref("extensions.torlauncher.control_port_use_ipc", true);
lockPref("extensions.torlauncher.socks_port_use_ipc", true);
+
+ // User customization
+ ${extraPrefs}
EOF
# Preload extensions
- install -m 444 -D \
- ${firefoxExtensions.tor-launcher}/tor-launcher-*.xpi \
- browser/extensions/tor-launcher@torproject.org.xpi
- install -m 444 -D \
- ${firefoxExtensions.torbutton}/torbutton-*.xpi \
- browser/extensions/torbutton@torproject.org.xpi
- install -m 444 -D \
- ${firefoxExtensions.https-everywhere}/https-everywhere-*-eff.xpi \
- browser/extensions/https-everywhere-eff@eff.org.xpi
- install -m 444 -D \
- ${firefoxExtensions.noscript} \
- browser/extensions/{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
+ # XXX: the fact that ln -s env browser/extensions fails, symlinkJoin seems a little redundant ...
+ ln -s -t browser/extensions ${extensionsEnv}"/"*
# Copy bundle data
- cat \
- $TBBUILD/Bundle-Data/linux/Data/Tor/torrc-defaults \
- $TBBUILD/Bundle-Data/PTConfigs/linux/torrc-defaults-appendix \
- >> torrc-defaults
+ bundlePlatform=linux
+ bundleData=$TBBUILD/Bundle-Data
+ mkdir -p $TBDATA_PATH
cat \
- $TBBUILD/Bundle-Data/linux/Data/Browser/profile.default/preferences/extension-overrides.js \
- $TBBUILD/Bundle-Data/PTConfigs/bridge_prefs.js >> defaults/pref/extension-overrides.js \
+ $bundleData/$bundlePlatform/Data/Tor/torrc-defaults \
+ >> $TBDATA_PATH/torrc-defaults
+ cat \
+ $bundleData/$bundlePlatform/Data/Browser/profile.default/preferences/extension-overrides.js \
>> defaults/pref/extension-overrides.js
+ # Hard-code path to TBB fonts; xref: FONTCONFIG_FILE in the wrapper below
+ sed $bundleData/$bundlePlatform/Data/fontconfig/fonts.conf \
+ -e "s,
fonts,${fontsDir}," \
+ > $TBDATA_PATH/fonts.conf
+
# Generate a suitable wrapper
+ wrapper_PATH=${lib.makeBinPath [ coreutils ]}
+ wrapper_XDG_DATA_DIRS=${lib.concatMapStringsSep ":" (x: "${x}/share") [
+ hicolor_icon_theme
+ shared_mime_info
+ ]}
+
mkdir -p $out/bin
cat >$out/bin/tor-browser <&2
+ exit 1
+ fi
+
mkdir -p "\$TBB_HOME"
HOME=\$TBB_HOME
cd "\$HOME"
- exec $self/firefox -no-remote about:tor
+ # Re-init XDG basedir envvars
+ XDG_CACHE_HOME=\$HOME/.cache
+ XDG_CONFIG_HOME=\$HOME/.config
+ XDG_DATA_HOME=\$HOME/.local/share
+
+ # Initialize empty TBB runtime state directory hierarchy. Mirror the
+ # layout used by the official TBB, to avoid the hassle of working
+ # against the assumptions made by tor-launcher & co.
+ mkdir -p "\$HOME/TorBrowser" "\$HOME/TorBrowser/Data"
+
+ # Initialize the Tor data directory.
+ mkdir -p "\$HOME/TorBrowser/Data/Tor"
+
+ # TBB fails if ownership is too permissive
+ chmod 0700 "\$HOME/TorBrowser/Data/Tor"
+
+ # Initialize the browser profile state. Expect TBB to generate all data.
+ mkdir -p "\$HOME/TorBrowser/Data/Browser/profile.default"
+
+ # Files that capture store paths; re-generated by firefox at startup
+ rm -rf "\$HOME/TorBrowser/Data/Browser/profile.default"/{compatibility.ini,extensions.ini,extensions.json,startupCache}
+
+ # Clear out fontconfig caches
+ rm -f "\$HOME/.cache/fontconfig/"*.cache-*
+
+ # Lift-off!
+ #
+ # TZ is set to avoid stat()ing /etc/localtime over and over ...
+ #
+ # DBUS_SESSION_BUS_ADDRESS is inherited to avoid auto-launching a new
+ # dbus instance; to prevent using the session bus, set the envvar to
+ # an empty/invalid value prior to running tor-browser.
+ #
+ # FONTCONFIG_FILE is required to make fontconfig read the TBB
+ # fonts.conf; upstream uses FONTCONFIG_PATH, but FC_DEBUG=1024
+ # indicates the system fonts.conf being used instead.
+ #
+ # HOME, TMPDIR, XDG_*_HOME are set as a form of soft confinement;
+ # ideally, tor-browser should not write to any path outside TBB_HOME
+ # and should run even under strict confinement to TBB_HOME.
+ #
+ # XDG_DATA_DIRS is set to prevent searching system directories for
+ # mime and icon data.
+ #
+ # Parameters lacking a default value below are *required* (enforced by
+ # -o nounset).
+ exec env -i \
+ TZ=":" \
+ \
+ DISPLAY="\$DISPLAY" \
+ XAUTHORITY="\$XAUTHORITY" \
+ DBUS_SESSION_BUS_ADDRESS="\$DBUS_SESSION_BUS_ADDRESS" \
+ \
+ HOME="\$HOME" \
+ TMPDIR="\$XDG_CACHE_HOME/tmp" \
+ XDG_CONFIG_HOME="\$XDG_CONFIG_HOME" \
+ XDG_DATA_HOME="\$XDG_DATA_HOME" \
+ XDG_CACHE_HOME="\$XDG_CACHE_HOME" \
+ \
+ XDG_DATA_DIRS="$wrapper_XDG_DATA_DIRS" \
+ \
+ FONTCONFIG_FILE="$TBDATA_IN_STORE/fonts.conf" \
+ \
+ $self/firefox \
+ -no-remote \
+ -profile "\$HOME/TorBrowser/Data/Browser/profile.default" \
+ "\$@"
EOF
chmod +x $out/bin/tor-browser
+
+ echo "Syntax checking wrapper ..."
+ bash -n $out/bin/tor-browser
+
+ echo "Checking wrapper ..."
+ DISPLAY="" XAUTHORITY="" DBUS_SESSION_BUS_ADDRESS="" TBB_HOME=$TMPDIR/tbb \
+ $out/bin/tor-browser -version >/dev/null
'';
meta = with stdenv.lib; {
diff --git a/pkgs/applications/science/math/caffe/default.nix b/pkgs/applications/science/math/caffe/default.nix
index 5c6fe9c573d..cb28d38bf1d 100644
--- a/pkgs/applications/science/math/caffe/default.nix
+++ b/pkgs/applications/science/math/caffe/default.nix
@@ -46,9 +46,8 @@ stdenv.mkDerivation rec {
propagatedBuildInputs = lib.optional pythonSupport python.pkgs.protobuf;
- outputs = [ "out" "bin" ];
- # Don't propagate bin.
- outputBin = "out";
+ outputs = [ "bin" "out"];
+ propagatedBuildOutputs = []; # otherwise propagates out -> bin cycle
postInstall = ''
# Internal static library.
diff --git a/pkgs/applications/video/shotcut/default.nix b/pkgs/applications/video/shotcut/default.nix
index 72dbf87fdef..88cb43b4d91 100644
--- a/pkgs/applications/video/shotcut/default.nix
+++ b/pkgs/applications/video/shotcut/default.nix
@@ -1,26 +1,29 @@
-{ stdenv, fetchurl, SDL, frei0r, gettext, mlt, jack1, pkgconfig, qtbase,
-qtmultimedia, qtwebkit, qtx11extras, qtwebsockets, qtquickcontrols,
-qtgraphicaleffects,
-qmake, makeWrapper }:
+{ stdenv, fetchFromGitHub, SDL2, frei0r, gettext, mlt, jack1, pkgconfig, qtbase
+, qtmultimedia, qtwebkit, qtx11extras, qtwebsockets, qtquickcontrols
+, qtgraphicaleffects, libmlt
+, qmake, makeWrapper }:
stdenv.mkDerivation rec {
name = "shotcut-${version}";
- version = "17.02";
+ version = "17.09";
- src = fetchurl {
- url = "https://github.com/mltframework/shotcut/archive/v${version}.tar.gz";
- sha256 = "09nygz1x9fvqf33gqpc6jnr1j7ny0yny3w2ngwqqfkf3f8n83qhr";
+ src = fetchFromGitHub {
+ owner = "mltframework";
+ repo = "shotcut";
+ rev = "v${version}";
+ sha256 = "061jmk1g2h7p82kyk2zgk19g0y3dgx3lppfnm6cdmi550b51qllb";
};
-
enableParallelBuilding = true;
nativeBuildInputs = [ makeWrapper pkgconfig qmake ];
buildInputs = [
- SDL frei0r gettext mlt
+ SDL2 frei0r gettext mlt libmlt
qtbase qtmultimedia qtwebkit qtx11extras qtwebsockets qtquickcontrols
qtgraphicaleffects
];
+ NIX_CFLAGS_COMPILE = "-I${libmlt}/include/mlt++ -I${libmlt}/include/mlt";
+
prePatch = ''
sed 's_shotcutPath, "qmelt"_"${mlt}/bin/melt"_' -i src/jobs/meltjob.cpp
sed 's_shotcutPath, "ffmpeg"_"${mlt.ffmpeg}/bin/ffmpeg"_' -i src/jobs/ffmpegjob.cpp
@@ -31,7 +34,7 @@ stdenv.mkDerivation rec {
postInstall = ''
mkdir -p $out/share/shotcut
cp -r src/qml $out/share/shotcut/
- wrapProgram $out/bin/shotcut --prefix FREI0R_PATH : ${frei0r}/lib/frei0r-1 --prefix LD_LIBRARY_PATH : ${stdenv.lib.makeLibraryPath [ jack1 SDL ]} --prefix PATH : ${mlt}/bin
+ wrapProgram $out/bin/shotcut --prefix FREI0R_PATH : ${frei0r}/lib/frei0r-1 --prefix LD_LIBRARY_PATH : ${stdenv.lib.makeLibraryPath [ jack1 SDL2 ]} --prefix PATH : ${mlt}/bin
'';
meta = with stdenv.lib; {
diff --git a/pkgs/applications/virtualization/docker/default.nix b/pkgs/applications/virtualization/docker/default.nix
index 043f27e13d2..f28ec6275b8 100644
--- a/pkgs/applications/virtualization/docker/default.nix
+++ b/pkgs/applications/virtualization/docker/default.nix
@@ -44,6 +44,13 @@ rec {
rev = containerdRev;
sha256 = containerdSha256;
};
+
+ # This should go into the containerd derivation once 1.0.0 is out
+ preBuild = ''
+ mkdir $(pwd)/vendor/src
+ mv $(pwd)/vendor/{github.com,golang.org,google.golang.org} $(pwd)/vendor/src/
+ ln -s $(pwd) vendor/src/github.com/containerd/containerd
+ '';
});
docker-tini = tini.overrideAttrs (oldAttrs: rec {
name = "docker-init";
@@ -188,14 +195,14 @@ rec {
tiniSha256 = "0zj4kdis1vvc6dwn4gplqna0bs7v6d1y2zc8v80s3zi018inhznw";
};
- docker_17_07 = dockerGen rec {
- version = "17.07.0-ce";
- rev = "87847530f7176a48348d196f7c23bbd058052af1"; # git commit
- sha256 = "0zw9zlzbd7il33ch17ypwpa73gsb930sf2njnphg7ylvnqp8qzsp";
- runcRev = "2d41c047c83e09a6d61d464906feb2a2f3c52aa4";
- runcSha256 = "0v5iv29ck6lkxvxh7a56gfrlgfs0bjvjhrq3p6qqv9qjzv825byq";
- containerdRev = "3addd840653146c90a254301d6c3a663c7fd6429";
- containerdSha256 = "0as4s5wd57pdh1cyavkccpgs46kvlhr41v07qrv0phzffdhq3d5j";
+ docker_17_09 = dockerGen rec {
+ version = "17.09.0-ce";
+ rev = "afdb6d44a80f777069885a9ee0e0f86cf841b1bb"; # git commit
+ sha256 = "03g0imdcxqx9y4hhyymxqzvm8bqg4cqrmb7sjbxfdgrhzh9kcn1p";
+ runcRev = "3f2f8b84a77f73d38244dd690525642a72156c64";
+ runcSha256 = "0vaagmav8443kmyxac2y1y5l2ipcs1c7gdmsnvj48y9bafqx72rq";
+ containerdRev = "06b9cb35161009dcb7123345749fef02f7cea8e0";
+ containerdSha256 = "10hms8a2nn69nfnwly6923jzx40c3slpsdhjhff4bxh36flpf9gd";
tiniRev = "949e6facb77383876aeff8a6944dde66b3089574";
tiniSha256 = "0zj4kdis1vvc6dwn4gplqna0bs7v6d1y2zc8v80s3zi018inhznw";
};
diff --git a/pkgs/applications/window-managers/sway/default.nix b/pkgs/applications/window-managers/sway/default.nix
index 274325b6785..2c94f7f6fec 100644
--- a/pkgs/applications/window-managers/sway/default.nix
+++ b/pkgs/applications/window-managers/sway/default.nix
@@ -6,20 +6,8 @@
}:
let
+ # TODO: Sway 0.14.0 with wlc 0.0.10 segfaults
version = "0.13.0";
- # Temporary workaround (0.14.0 segfaults)
- wlc_009 = stdenv.lib.overrideDerivation wlc (oldAttrs: rec {
- name = "wlc-${version}";
- version = "0.0.9";
-
- src = fetchFromGitHub {
- owner = "Cloudef";
- repo = "wlc";
- rev = "v${version}";
- fetchSubmodules = true;
- sha256 = "1r6jf64gs7n9a8129wsc0mdwhcv44p8k87kg0714rhx3g2w22asg";
- };
- });
in stdenv.mkDerivation rec {
name = "sway-${version}";
@@ -35,7 +23,7 @@ in stdenv.mkDerivation rec {
asciidoc libxslt docbook_xsl
];
buildInputs = [
- wayland wlc_009 libxkbcommon pixman fontconfig pcre json_c dbus_libs
+ wayland wlc libxkbcommon pixman fontconfig pcre json_c dbus_libs
pango cairo libinput libcap xwayland pam gdk_pixbuf libpthreadstubs
libXdmcp
];
@@ -48,7 +36,7 @@ in stdenv.mkDerivation rec {
cmakeFlags = "-DVERSION=${version}";
installPhase = "PREFIX=$out make install";
- LD_LIBRARY_PATH = stdenv.lib.makeLibraryPath [ wlc_009 dbus_libs ];
+ LD_LIBRARY_PATH = stdenv.lib.makeLibraryPath [ wlc dbus_libs ];
preFixup = ''
wrapProgram $out/bin/sway \
--prefix LD_LIBRARY_PATH : "${LD_LIBRARY_PATH}";
diff --git a/pkgs/desktops/gnome-3/core/gcr/default.nix b/pkgs/desktops/gnome-3/core/gcr/default.nix
index 55eebf77be5..0798d69f9e6 100644
--- a/pkgs/desktops/gnome-3/core/gcr/default.nix
+++ b/pkgs/desktops/gnome-3/core/gcr/default.nix
@@ -5,6 +5,8 @@
stdenv.mkDerivation rec {
inherit (import ./src.nix fetchurl) name src;
+ outputs = [ "out" "dev" ];
+
buildInputs = [
pkgconfig intltool gnupg glib gobjectIntrospection libxslt
libgcrypt libtasn1 dbus_glib gtk pango gdk_pixbuf atk makeWrapper vala_0_32
diff --git a/pkgs/desktops/gnome-3/core/gnome-keyring/default.nix b/pkgs/desktops/gnome-3/core/gnome-keyring/default.nix
index df47c1a477b..4baafecadd0 100644
--- a/pkgs/desktops/gnome-3/core/gnome-keyring/default.nix
+++ b/pkgs/desktops/gnome-3/core/gnome-keyring/default.nix
@@ -5,6 +5,8 @@
stdenv.mkDerivation rec {
inherit (import ./src.nix fetchurl) name src;
+ outputs = [ "out" "dev" ];
+
buildInputs = with gnome3; [
dbus libgcrypt pam python gtk3 gconf libgnome_keyring
pango gcr gdk_pixbuf atk p11_kit
diff --git a/pkgs/development/libraries/cwiid/default.nix b/pkgs/development/libraries/cwiid/default.nix
index fb5431ff8d5..606058da854 100644
--- a/pkgs/development/libraries/cwiid/default.nix
+++ b/pkgs/development/libraries/cwiid/default.nix
@@ -1,12 +1,14 @@
-{ stdenv, autoreconfHook, fetchgit, bison, flex, bluez, pkgconfig, gtk2 }:
+{ stdenv, fetchFromGitHub, autoreconfHook, bison, flex, bluez, pkgconfig, gtk2 }:
stdenv.mkDerivation rec {
- name = "cwiid-2010-02-21-git";
+ name = "cwiid-${version}-git";
+ version = "2010-02-21";
- src = fetchgit {
- url = https://github.com/abstrakraft/cwiid;
- sha256 = "0qdb0x757k76nfj32xc2nrrdqd9jlwgg63vfn02l2iznnzahxp0h";
- rev = "fadf11e89b579bcc0336a0692ac15c93785f3f82";
+ src = fetchFromGitHub {
+ owner = "abstrakraft";
+ repo = "cwiid";
+ rev = "fadf11e89b579bcc0336a0692ac15c93785f3f82";
+ sha256 = "0qdb0x757k76nfj32xc2nrrdqd9jlwgg63vfn02l2iznnzahxp0h";
};
hardeningDisable = [ "format" ];
@@ -17,18 +19,20 @@ stdenv.mkDerivation rec {
sed -i -e '/$(LDCONFIG)/d' common/include/lib.mak.in
'';
- buildInputs = [ autoreconfHook bison flex bluez pkgconfig gtk2 ];
+ buildInputs = [ bison flex bluez gtk2 ];
+
+ nativeBuildInputs = [ autoreconfHook pkgconfig ];
postInstall = ''
# Some programs (for example, cabal-install) have problems with the double 0
sed -i -e "s/0.6.00/0.6.0/" $out/lib/pkgconfig/cwiid.pc
'';
- meta = {
+ meta = with stdenv.lib; {
description = "Linux Nintendo Wiimote interface";
- homepage = http://cwiid.org;
- license = stdenv.lib.licenses.gpl2Plus;
- maintainers = [ stdenv.lib.maintainers.bennofs ];
- platforms = stdenv.lib.platforms.linux;
+ homepage = http://cwiid.org;
+ license = licenses.gpl2Plus;
+ maintainers = with maintainers; [ bennofs ];
+ platforms = platforms.linux;
};
}
diff --git a/pkgs/development/libraries/imlib2/default.nix b/pkgs/development/libraries/imlib2/default.nix
index 8c66dcec161..8d26cabc9b5 100644
--- a/pkgs/development/libraries/imlib2/default.nix
+++ b/pkgs/development/libraries/imlib2/default.nix
@@ -29,7 +29,7 @@ stdenv.mkDerivation rec {
configureFlags = optional stdenv.isDarwin "--enable-amd64=no"
++ optional (!x11Support) "--without-x";
- outputs = [ "out" "bin" "dev" ];
+ outputs = [ "bin" "out" "dev" ];
postInstall = ''
moveToOutput bin/imlib2-config "$dev"
diff --git a/pkgs/development/libraries/libnfs/default.nix b/pkgs/development/libraries/libnfs/default.nix
new file mode 100644
index 00000000000..d9149a1fbac
--- /dev/null
+++ b/pkgs/development/libraries/libnfs/default.nix
@@ -0,0 +1,25 @@
+{ stdenv, fetchFromGitHub, autoreconfHook }:
+
+stdenv.mkDerivation rec {
+ name = "libnfs-${version}";
+ version = "2.0.0";
+
+ src = fetchFromGitHub {
+ owner = "sahlberg";
+ repo = "libnfs";
+ rev = "libnfs-${version}";
+ sha256 = "1xd1xb09jxwmx7hblv0f9gxv7i1glk3nbj2vyq50zpi158lnf2mb";
+ };
+
+ nativeBuildInputs = [ autoreconfHook ];
+
+ enableParallelBuilding = true;
+
+ meta = with stdenv.lib; {
+ description = "NFS client library";
+ homepage = https://github.com/sahlberg/libnfs;
+ license = with licenses; [ lgpl2 bsd2 gpl3 ];
+ maintainers = with maintainers; [ peterhoeg ];
+ platforms = platforms.unix;
+ };
+}
diff --git a/pkgs/development/libraries/wlc/default.nix b/pkgs/development/libraries/wlc/default.nix
index 936c88034aa..c67070094de 100644
--- a/pkgs/development/libraries/wlc/default.nix
+++ b/pkgs/development/libraries/wlc/default.nix
@@ -2,18 +2,19 @@
, wayland, pixman, libxkbcommon, libinput, libxcb, xcbutilwm, xcbutilimage, mesa
, libdrm, udev, libX11, libXdamage, systemd, dbus_libs, wayland-protocols
, libpthreadstubs, libXau, libXdmcp, libXext, libXxf86vm
+, withOptionalPackages ? true, zlib, valgrind, doxygen
}:
stdenv.mkDerivation rec {
name = "wlc-${version}";
- version = "0.0.10";
+ version = "0.0.9"; # 0.0.10 currently causes segfaults
src = fetchFromGitHub {
owner = "Cloudef";
repo = "wlc";
rev = "v${version}";
fetchSubmodules = true;
- sha256 = "09kvwhrpgkxlagn9lgqxc80jbg56djn29a6z0n6h0dsm90ysyb2k";
+ sha256 = "1r6jf64gs7n9a8129wsc0mdwhcv44p8k87kg0714rhx3g2w22asg";
};
nativeBuildInputs = [ cmake pkgconfig ];
@@ -21,8 +22,8 @@ stdenv.mkDerivation rec {
buildInputs = [
wayland pixman libxkbcommon libinput libxcb xcbutilwm xcbutilimage mesa
libdrm udev libX11 libXdamage systemd dbus_libs wayland-protocols
- libpthreadstubs libXau libXdmcp libXext libXxf86vm
- ];
+ libpthreadstubs libXau libXdmcp libXext libXxf86vm ]
+ ++ stdenv.lib.optionals withOptionalPackages [ zlib valgrind doxygen ];
doCheck = true;
checkTarget = "test";
diff --git a/pkgs/development/lisp-modules/quicklisp-to-nix-output/cl-protobufs.nix b/pkgs/development/lisp-modules/quicklisp-to-nix-output/cl-protobufs.nix
new file mode 100644
index 00000000000..7ec440076c3
--- /dev/null
+++ b/pkgs/development/lisp-modules/quicklisp-to-nix-output/cl-protobufs.nix
@@ -0,0 +1,30 @@
+args @ { fetchurl, ... }:
+rec {
+ baseName = ''cl-protobufs'';
+ version = ''20170403-git'';
+
+ description = ''Protobufs for Common Lisp'';
+
+ deps = [ args."alexandria" args."babel" args."closer-mop" args."trivial-features" args."trivial-garbage" ];
+
+ src = fetchurl {
+ url = ''http://beta.quicklisp.org/archive/cl-protobufs/2017-04-03/cl-protobufs-20170403-git.tgz'';
+ sha256 = ''0ibpl076k8gq79sacg96mzjf5hqkrxzi5wlx3bjap52pla53w4g5'';
+ };
+
+ packageName = "cl-protobufs";
+
+ asdFilesToKeep = ["cl-protobufs.asd"];
+ overrides = x: x;
+}
+/* (SYSTEM cl-protobufs DESCRIPTION Protobufs for Common Lisp SHA256
+ 0ibpl076k8gq79sacg96mzjf5hqkrxzi5wlx3bjap52pla53w4g5 URL
+ http://beta.quicklisp.org/archive/cl-protobufs/2017-04-03/cl-protobufs-20170403-git.tgz
+ MD5 86c8da92b246b4b77d6107bc5dfaff08 NAME cl-protobufs FILENAME
+ cl-protobufs DEPS
+ ((NAME alexandria FILENAME alexandria) (NAME babel FILENAME babel)
+ (NAME closer-mop FILENAME closer-mop)
+ (NAME trivial-features FILENAME trivial-features)
+ (NAME trivial-garbage FILENAME trivial-garbage))
+ DEPENDENCIES (alexandria babel closer-mop trivial-features trivial-garbage)
+ VERSION 20170403-git SIBLINGS (cl-protobufs-tests) PARASITES NIL) */
diff --git a/pkgs/development/lisp-modules/quicklisp-to-nix-systems.txt b/pkgs/development/lisp-modules/quicklisp-to-nix-systems.txt
index 32ef6367e27..49aa941094b 100644
--- a/pkgs/development/lisp-modules/quicklisp-to-nix-systems.txt
+++ b/pkgs/development/lisp-modules/quicklisp-to-nix-systems.txt
@@ -33,6 +33,7 @@ closer-mop
cl-ppcre
cl-ppcre-template
cl-ppcre-unicode
+cl-protobufs
cl-reexport
cl-smtp
clsql
diff --git a/pkgs/development/lisp-modules/quicklisp-to-nix.nix b/pkgs/development/lisp-modules/quicklisp-to-nix.nix
index 22b58895747..86817e14f55 100644
--- a/pkgs/development/lisp-modules/quicklisp-to-nix.nix
+++ b/pkgs/development/lisp-modules/quicklisp-to-nix.nix
@@ -2012,6 +2012,19 @@ let quicklisp-to-nix-packages = rec {
}));
+ "cl-protobufs" = buildLispPackage
+ ((f: x: (x // (f x)))
+ (qlOverrides."cl-protobufs" or (x: {}))
+ (import ./quicklisp-to-nix-output/cl-protobufs.nix {
+ inherit fetchurl;
+ "alexandria" = quicklisp-to-nix-packages."alexandria";
+ "babel" = quicklisp-to-nix-packages."babel";
+ "closer-mop" = quicklisp-to-nix-packages."closer-mop";
+ "trivial-features" = quicklisp-to-nix-packages."trivial-features";
+ "trivial-garbage" = quicklisp-to-nix-packages."trivial-garbage";
+ }));
+
+
"cl-ppcre-unicode" = buildLispPackage
((f: x: (x // (f x)))
(qlOverrides."cl-ppcre-unicode" or (x: {}))
diff --git a/pkgs/development/node-packages/node-packages-v6.nix b/pkgs/development/node-packages/node-packages-v6.nix
index ba2a6c77ce2..bd4a3e5abcc 100644
--- a/pkgs/development/node-packages/node-packages-v6.nix
+++ b/pkgs/development/node-packages/node-packages-v6.nix
@@ -23701,10 +23701,10 @@ in
bower2nix = nodeEnv.buildNodePackage {
name = "bower2nix";
packageName = "bower2nix";
- version = "3.1.1";
+ version = "3.2.0";
src = fetchurl {
- url = "https://registry.npmjs.org/bower2nix/-/bower2nix-3.1.1.tgz";
- sha1 = "77cc8f966a3595686f5d6fae30ad9bd2cc20bfe3";
+ url = "https://registry.npmjs.org/bower2nix/-/bower2nix-3.2.0.tgz";
+ sha1 = "nlzr17lidjf72s60vcsnqpjxgnnsn32s";
};
dependencies = [
sources."argparse-1.0.4"
@@ -37338,4 +37338,4 @@ in
};
production = true;
};
-}
\ No newline at end of file
+}
diff --git a/pkgs/development/python-modules/cffi/default.nix b/pkgs/development/python-modules/cffi/default.nix
index 5b0265601a3..cced78c0c6a 100644
--- a/pkgs/development/python-modules/cffi/default.nix
+++ b/pkgs/development/python-modules/cffi/default.nix
@@ -10,6 +10,8 @@ if isPyPy then null else buildPythonPackage rec {
sha256 = "1mffyilq4qycm8gs4wkgb18rnqil8a9blqq77chdlshzxc8jkc5k";
};
+ outputs = [ "out" "dev" ];
+
propagatedBuildInputs = [ libffi pycparser ];
buildInputs = [ pytest ];
diff --git a/pkgs/development/python-modules/phonenumbers/default.nix b/pkgs/development/python-modules/phonenumbers/default.nix
index 53ec2c292fc..5f54fb12ec2 100644
--- a/pkgs/development/python-modules/phonenumbers/default.nix
+++ b/pkgs/development/python-modules/phonenumbers/default.nix
@@ -2,12 +2,12 @@
buildPythonPackage rec {
pname = "phonenumbers";
- version = "8.8.1";
+ version = "8.8.2";
name = "${pname}-${version}";
src = fetchPypi {
inherit pname version;
- sha256 = "09f4b307v6wn5zs6spvp5icwad3dz9baf7d14hyvpnxn7cdqj2xy";
+ sha256 = "0xwis5hvp2wmnzqxax8896vhyb3q2fs9l9ilvyr44jdh3342dxpx";
};
meta = {
diff --git a/pkgs/development/python-modules/requests/default.nix b/pkgs/development/python-modules/requests/default.nix
index b85bb54a4f1..f3ff4a84f1e 100644
--- a/pkgs/development/python-modules/requests/default.nix
+++ b/pkgs/development/python-modules/requests/default.nix
@@ -12,6 +12,8 @@ buildPythonPackage rec {
sha256 = "0zi3v9nsmv9j27d0c0m1dvqyvaxz53g8m0aa1h3qanxs4irkwi4w";
};
+ outputs = [ "out" "dev" ];
+
nativeBuildInputs = [ pytest ];
propagatedBuildInputs = [ urllib3 idna chardet certifi ];
# sadly, tests require networking
diff --git a/pkgs/development/ruby-modules/gem-config/default.nix b/pkgs/development/ruby-modules/gem-config/default.nix
index 6647d71bd00..a0d4b9adcbe 100644
--- a/pkgs/development/ruby-modules/gem-config/default.nix
+++ b/pkgs/development/ruby-modules/gem-config/default.nix
@@ -183,7 +183,7 @@ in
pg = attrs: {
buildFlags = [
- "--with-pg-config=${postgresql}/bin/pg_config"
+ "--with-pg-config=${postgresql.dev}/bin/pg_config"
];
};
diff --git a/pkgs/os-specific/linux/kernel/linux-4.12.nix b/pkgs/os-specific/linux/kernel/linux-4.12.nix
deleted file mode 100644
index bff0f5db953..00000000000
--- a/pkgs/os-specific/linux/kernel/linux-4.12.nix
+++ /dev/null
@@ -1,11 +0,0 @@
-{ stdenv, hostPlatform, fetchurl, perl, buildLinux, ... } @ args:
-
-import ./generic.nix (args // rec {
- version = "4.12.14";
- extraMeta.branch = "4.12";
-
- src = fetchurl {
- url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz";
- sha256 = "09zxmknh6awhqmj8dyq95bdlwcasryy35hkjxjlzixdgn52kzaw6";
- };
-} // (args.argsOverride or {}))
diff --git a/pkgs/os-specific/linux/kernel/linux-4.13.nix b/pkgs/os-specific/linux/kernel/linux-4.13.nix
index d1c4d8ba8e7..c45afd1cbeb 100644
--- a/pkgs/os-specific/linux/kernel/linux-4.13.nix
+++ b/pkgs/os-specific/linux/kernel/linux-4.13.nix
@@ -1,11 +1,11 @@
{ stdenv, hostPlatform, fetchurl, perl, buildLinux, ... } @ args:
import ./generic.nix (args // rec {
- version = "4.13.3";
+ version = "4.13.4";
extraMeta.branch = "4.13";
src = fetchurl {
url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz";
- sha256 = "1ayai3i0jakxzszpijhknjiwwi055wa74bpmnr0n7dh2l5s2rlh3";
+ sha256 = "087lv2laf4wx28z9zqg9s275nzygica0hc1g8vn5ql6yb7mrb7m0";
};
} // (args.argsOverride or {}))
diff --git a/pkgs/os-specific/linux/kernel/linux-4.9.nix b/pkgs/os-specific/linux/kernel/linux-4.9.nix
index 5033bb88f79..6531323c1d5 100644
--- a/pkgs/os-specific/linux/kernel/linux-4.9.nix
+++ b/pkgs/os-specific/linux/kernel/linux-4.9.nix
@@ -1,11 +1,11 @@
{ stdenv, hostPlatform, fetchurl, perl, buildLinux, ... } @ args:
import ./generic.nix (args // rec {
- version = "4.9.51";
+ version = "4.9.52";
extraMeta.branch = "4.9";
src = fetchurl {
url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz";
- sha256 = "12mag09scyzi5a352y39y4b6rjh89qqca53hhmjc396q09hsdyl3";
+ sha256 = "12h4w6x0zcl8kpia2y7myv7w7i0dihw4g8v638fs8bzk3d7h7pgz";
};
} // (args.argsOverride or {}))
diff --git a/pkgs/os-specific/linux/spl/default.nix b/pkgs/os-specific/linux/spl/default.nix
index 31af8a49de1..cd0c283edbb 100644
--- a/pkgs/os-specific/linux/spl/default.nix
+++ b/pkgs/os-specific/linux/spl/default.nix
@@ -70,6 +70,6 @@ in
splUnstable = common {
version = "2017-09-26";
rev = "e8474f9ad3b3d23c3277535c4f53f8fd1e6cbd74";
- sha256 = "1hydfhmngpq31gxkxipqxnin74l760d1ia202h12vsgix9sp32h7";
+ sha256 = "0251cnffgx98nckgz6imwa8dnvba44wc02aacmr1n430gmq72xra";
};
}
diff --git a/pkgs/servers/emby/default.nix b/pkgs/servers/emby/default.nix
index 5b749b92c03..678fb42acd5 100644
--- a/pkgs/servers/emby/default.nix
+++ b/pkgs/servers/emby/default.nix
@@ -2,11 +2,11 @@
stdenv.mkDerivation rec {
name = "emby-${version}";
- version = "3.2.30.0";
+ version = "3.2.32.0";
src = fetchurl {
url = "https://github.com/MediaBrowser/Emby/releases/download/${version}/Emby.Mono.zip";
- sha256 = "1aqal7n4a9dvy97zw4aah9a8jm4l2v1qgjgs5kvskrvir2dbid27";
+ sha256 = "0bwcqwh9g8yrkh1schfr30jf5m2w3r2raczq5x94vjfs8i6dmqh0";
};
buildInputs = with pkgs; [
diff --git a/pkgs/servers/sql/mariadb/default.nix b/pkgs/servers/sql/mariadb/default.nix
index 3ede229931e..a2e5fbb6df9 100644
--- a/pkgs/servers/sql/mariadb/default.nix
+++ b/pkgs/servers/sql/mariadb/default.nix
@@ -15,11 +15,11 @@ mariadb = everything // {
};
common = rec { # attributes common to both builds
- version = "10.1.25";
+ version = "10.1.26";
src = fetchurl {
url = "https://downloads.mariadb.org/f/mariadb-${version}/source/mariadb-${version}.tar.gz/from/http%3A//ftp.hosteurope.de/mirror/archive.mariadb.org/?serve";
- sha256 = "1mm0n8sl6grajk5rbrx55333laz5dg2abyl8mlsn7h8vdymfq1bj";
+ sha256 = "0ggpdcal0if9y6h9hp1yv2q65cbkjfl4p8rqk68a5pk7k75v325s";
name = "mariadb-${version}.tar.gz";
};
diff --git a/pkgs/servers/sql/postgresql/default.nix b/pkgs/servers/sql/postgresql/default.nix
index 022ac15aee7..980ed5056a1 100644
--- a/pkgs/servers/sql/postgresql/default.nix
+++ b/pkgs/servers/sql/postgresql/default.nix
@@ -46,7 +46,7 @@ let
let path = if atLeast "9.6" then "src/common/config_info.c" else "src/bin/pg_config/pg_config.c"; in
''
# Hardcode the path to pgxs so pg_config returns the path in $out
- substituteInPlace "${path}" --replace HARDCODED_PGXS_PATH $out/lib
+ substituteInPlace "${path}" --replace HARDCODED_PGXS_PATH $dev/lib
'';
postInstall =
diff --git a/pkgs/tools/backup/bacula/default.nix b/pkgs/tools/backup/bacula/default.nix
index 374122814c5..7c368ce4d03 100644
--- a/pkgs/tools/backup/bacula/default.nix
+++ b/pkgs/tools/backup/bacula/default.nix
@@ -12,9 +12,9 @@ stdenv.mkDerivation rec {
# acl relies on attr, which I can't get to build on darwin
++ stdenv.lib.optional (!stdenv.isDarwin) acl;
- configureFlags = [
+ configureFlags = [
"--with-sqlite3=${sqlite.dev}"
- "--with-postgresql=${postgresql}"
+ "--with-postgresql=${postgresql.dev}"
];
postInstall = ''
diff --git a/pkgs/tools/inputmethods/ibus-engines/ibus-anthy/default.nix b/pkgs/tools/inputmethods/ibus-engines/ibus-anthy/default.nix
index f93edffa7bd..53b2a3abf28 100644
--- a/pkgs/tools/inputmethods/ibus-engines/ibus-anthy/default.nix
+++ b/pkgs/tools/inputmethods/ibus-engines/ibus-anthy/default.nix
@@ -18,7 +18,7 @@ stdenv.mkDerivation rec {
configureFlags = [ "--with-anthy-zipcode=${anthy}/share/anthy/zipcode.t" ];
buildInputs = [
- anthy glib gobjectIntrospection gtk3 ibus python3
+ anthy glib gobjectIntrospection gtk3 ibus (python3.withPackages (ps: [ps.pygobject3]))
];
nativeBuildInputs = [ intltool pkgconfig python3.pkgs.wrapPython ];
diff --git a/pkgs/tools/inputmethods/ibus-engines/ibus-hangul/default.nix b/pkgs/tools/inputmethods/ibus-engines/ibus-hangul/default.nix
index 74253fa09fc..f70c7d02e9f 100644
--- a/pkgs/tools/inputmethods/ibus-engines/ibus-hangul/default.nix
+++ b/pkgs/tools/inputmethods/ibus-engines/ibus-hangul/default.nix
@@ -11,7 +11,7 @@ stdenv.mkDerivation rec {
sha256 = "120p9w7za6hi521hz8q235fkl4i3p1qqr8nqm4a3kxr0pcq40bd2";
};
- buildInputs = [ gtk3 ibus libhangul ];
+ buildInputs = [ gtk3 ibus libhangul python3 ];
nativeBuildInputs = [ intltool pkgconfig python3.pkgs.wrapPython ];
diff --git a/pkgs/tools/inputmethods/ibus/default.nix b/pkgs/tools/inputmethods/ibus/default.nix
index 66d61b8c5e9..3b076bb8ff6 100644
--- a/pkgs/tools/inputmethods/ibus/default.nix
+++ b/pkgs/tools/inputmethods/ibus/default.nix
@@ -110,6 +110,10 @@ in stdenv.mkDerivation rec {
doInstallCheck = true;
installCheckPhase = "$out/bin/ibus version";
+ postInstall = ''
+ moveToOutput "bin/ibus-setup" "$dev"
+ '';
+
meta = with stdenv.lib; {
homepage = https://github.com/ibus/ibus;
description = "Intelligent Input Bus for Linux / Unix OS";
diff --git a/pkgs/tools/inputmethods/ibus/wrapper.nix b/pkgs/tools/inputmethods/ibus/wrapper.nix
index 13035698827..d41ba1e791f 100644
--- a/pkgs/tools/inputmethods/ibus/wrapper.nix
+++ b/pkgs/tools/inputmethods/ibus/wrapper.nix
@@ -21,7 +21,7 @@ let
done
done
- for prog in ibus ibus-setup; do
+ for prog in ibus; do
wrapProgram "$out/bin/$prog" \
--set GDK_PIXBUF_MODULE_FILE ${librsvg.out}/lib/gdk-pixbuf-2.0/2.10.0/loaders.cache \
--prefix GI_TYPELIB_PATH : "$GI_TYPELIB_PATH:$out/lib/girepository-1.0" \
diff --git a/pkgs/tools/networking/network-manager-applet/default.nix b/pkgs/tools/networking/network-manager-applet/default.nix
index c0c4950f447..3220aebdfe4 100644
--- a/pkgs/tools/networking/network-manager-applet/default.nix
+++ b/pkgs/tools/networking/network-manager-applet/default.nix
@@ -1,7 +1,8 @@
{ stdenv, fetchurl, intltool, pkgconfig, libglade, networkmanager, gnome3
, libnotify, libsecret, polkit, isocodes, modemmanager, librsvg
, mobile_broadband_provider_info, glib_networking, gsettings_desktop_schemas
-, makeWrapper, udev, libgudev, hicolor_icon_theme, jansson, wrapGAppsHook, webkitgtk }:
+, makeWrapper, udev, libgudev, hicolor_icon_theme, jansson, wrapGAppsHook, webkitgtk
+, withGnome ? false }:
stdenv.mkDerivation rec {
name = "${pname}-${major}.${minor}";
@@ -24,8 +25,8 @@ stdenv.mkDerivation rec {
buildInputs = [
gnome3.gtk libglade networkmanager libnotify libsecret gsettings_desktop_schemas
polkit isocodes makeWrapper udev libgudev gnome3.gconf gnome3.libgnome_keyring
- modemmanager jansson librsvg glib_networking gnome3.dconf webkitgtk
- ];
+ modemmanager jansson librsvg glib_networking gnome3.dconf
+ ] ++ stdenv.lib.optional withGnome webkitgtk;
nativeBuildInputs = [ intltool pkgconfig wrapGAppsHook ];
diff --git a/pkgs/tools/security/metasploit/default.nix b/pkgs/tools/security/metasploit/default.nix
index 15a30db522e..37796fef174 100644
--- a/pkgs/tools/security/metasploit/default.nix
+++ b/pkgs/tools/security/metasploit/default.nix
@@ -35,14 +35,14 @@ in stdenv.mkDerivation rec {
cp -r * $out/share/msf
- for i in $out/share/msf/msf*; do
- bin=$out/bin/$(basename $i)
- cat > $bin <