Merge #132753: 'staging-next-21.05' into release-21.05
This commit is contained in:
commit
98d66e4541
@ -27,9 +27,9 @@
|
||||
, sha256
|
||||
, passthruFun
|
||||
, static ? false
|
||||
, stripBytecode ? reproducibleBuild
|
||||
, stripBytecode ? true
|
||||
, rebuildBytecode ? true
|
||||
, reproducibleBuild ? true
|
||||
, reproducibleBuild ? false
|
||||
, enableOptimizations ? false
|
||||
, pythonAttr ? "python${sourceVersion.major}${sourceVersion.minor}"
|
||||
}:
|
||||
@ -48,6 +48,8 @@ assert lib.assertMsg (reproducibleBuild -> stripBytecode)
|
||||
assert lib.assertMsg (reproducibleBuild -> (!enableOptimizations))
|
||||
"Deterministic builds are not achieved when optimizations are enabled.";
|
||||
|
||||
assert lib.assertMsg (reproducibleBuild -> (!rebuildBytecode))
|
||||
"Deterministic builds are not achieved when (default unoptimized) bytecode is created.";
|
||||
|
||||
with lib;
|
||||
|
||||
@ -296,8 +298,10 @@ in with passthru; stdenv.mkDerivation ({
|
||||
# First we delete all old bytecode.
|
||||
find $out -name "*.pyc" -delete
|
||||
'' + optionalString rebuildBytecode ''
|
||||
# Then, we build for the two optimization levels.
|
||||
# We do not build unoptimized bytecode, because its not entirely deterministic yet.
|
||||
# We build 3 levels of optimized bytecode. Note the default level, without optimizations,
|
||||
# is not reproducible yet. https://bugs.python.org/issue29708
|
||||
# Not creating bytecode will result in a large performance loss however, so we do build it.
|
||||
find $out -name "*.py" | ${pythonForBuildInterpreter} -m compileall -q -f -x "lib2to3" -i -
|
||||
find $out -name "*.py" | ${pythonForBuildInterpreter} -O -m compileall -q -f -x "lib2to3" -i -
|
||||
find $out -name "*.py" | ${pythonForBuildInterpreter} -OO -m compileall -q -f -x "lib2to3" -i -
|
||||
'' + optionalString stdenv.hostPlatform.isCygwin ''
|
||||
|
@ -35,11 +35,11 @@
|
||||
, stripTests ? false
|
||||
, stripTkinter ? false
|
||||
, rebuildBytecode ? true
|
||||
, stripBytecode ? reproducibleBuild
|
||||
, stripBytecode ? true
|
||||
, includeSiteCustomize ? true
|
||||
, static ? stdenv.hostPlatform.isStatic
|
||||
, enableOptimizations ? false
|
||||
, reproducibleBuild ? true
|
||||
, reproducibleBuild ? false
|
||||
, pythonAttr ? "python${sourceVersion.major}${sourceVersion.minor}"
|
||||
}:
|
||||
|
||||
@ -66,6 +66,9 @@ assert lib.assertMsg (reproducibleBuild -> stripBytecode)
|
||||
assert lib.assertMsg (reproducibleBuild -> (!enableOptimizations))
|
||||
"Deterministic builds are not achieved when optimizations are enabled.";
|
||||
|
||||
assert lib.assertMsg (reproducibleBuild -> (!rebuildBytecode))
|
||||
"Deterministic builds are not achieved when (default unoptimized) bytecode is created.";
|
||||
|
||||
with lib;
|
||||
|
||||
let
|
||||
@ -396,11 +399,14 @@ in with passthru; stdenv.mkDerivation {
|
||||
# First we delete all old bytecode.
|
||||
find $out -type d -name __pycache__ -print0 | xargs -0 -I {} rm -rf "{}"
|
||||
'' + optionalString rebuildBytecode ''
|
||||
# Then, we build for the two optimization levels.
|
||||
# We do not build unoptimized bytecode, because its not entirely deterministic yet.
|
||||
# Python 3.7 implements PEP 552, introducing support for deterministic bytecode.
|
||||
# compileall uses this checked-hash method by default when `SOURCE_DATE_EPOCH` is set.
|
||||
# compileall uses the therein introduced checked-hash method by default when
|
||||
# `SOURCE_DATE_EPOCH` is set.
|
||||
# We exclude lib2to3 because that's Python 2 code which fails
|
||||
# We build 3 levels of optimized bytecode. Note the default level, without optimizations,
|
||||
# is not reproducible yet. https://bugs.python.org/issue29708
|
||||
# Not creating bytecode will result in a large performance loss however, so we do build it.
|
||||
find $out -name "*.py" | ${pythonForBuildInterpreter} -m compileall -q -f -x "lib2to3" -i -
|
||||
find $out -name "*.py" | ${pythonForBuildInterpreter} -O -m compileall -q -f -x "lib2to3" -i -
|
||||
find $out -name "*.py" | ${pythonForBuildInterpreter} -OO -m compileall -q -f -x "lib2to3" -i -
|
||||
'';
|
||||
|
@ -35,6 +35,16 @@ in stdenv.mkDerivation rec {
|
||||
url = "https://gitlab.freedesktop.org/cairo/cairo/commit/6edf572ebb27b00d3c371ba5ae267e39d27d5b6d.patch";
|
||||
sha256 = "112hgrrsmcwxh1r52brhi5lksq4pvrz4xhkzcf2iqp55jl2pb7n1";
|
||||
})
|
||||
|
||||
# Fixes CVE-2020-35492; see https://github.com/NixOS/nixpkgs/issues/120364.
|
||||
# CVE information: https://nvd.nist.gov/vuln/detail/CVE-2020-35492
|
||||
# Upstream PR: https://gitlab.freedesktop.org/cairo/cairo/merge_requests/85
|
||||
(fetchpatch {
|
||||
name = "CVE-2020-35492.patch";
|
||||
includes = [ "src/cairo-image-compositor.c" ];
|
||||
url = "https://github.com/freedesktop/cairo/commit/78266cc8c0f7a595cfe8f3b694bfb9bcc3700b38.patch";
|
||||
sha256 = "048nzfz7rkgqb9xs0dfs56qdw7ckkxr87nbj3p0qziqdq4nb6wki";
|
||||
})
|
||||
] ++ optionals stdenv.hostPlatform.isDarwin [
|
||||
# Workaround https://gitlab.freedesktop.org/cairo/cairo/-/issues/121
|
||||
./skip-configure-stderr-check.patch
|
||||
|
Loading…
x
Reference in New Issue
Block a user