diff --git a/nixos/doc/manual/release-notes/rl-1909.xml b/nixos/doc/manual/release-notes/rl-1909.xml
index 51a894269d9..b92cefa441d 100644
--- a/nixos/doc/manual/release-notes/rl-1909.xml
+++ b/nixos/doc/manual/release-notes/rl-1909.xml
@@ -137,6 +137,40 @@
+
+ The option
+ was renamed to
+ (capital L). This follows
+
+ upstreams renaming
+ of the setting.
+
+
+
+
+ As of this release the NixOps feature autoLuks is deprecated. It no longer works
+ with our systemd version without manual intervention.
+
+
+ Whenever the usage of the module is detected the evaluation will fail with a message
+ explaining why and how to deal with the situation.
+
+
+ A new knob named nixops.enableDeprecatedAutoLuks
+ has been introduced to disable the eval failure and to acknowledge the notice was received and read.
+ If you plan on using the feature please note that it might break with subsequent updates.
+
+
+ Make sure you set the _netdev option for each of the file systems referring to block
+ devices provided by the autoLuks module. Not doing this might render the system in a
+ state where it doesn't boot anymore.
+
+
+ If you are actively using the autoLuks module please let us know in
+ issue #62211.
+
+
+
The setopt declarations will be evaluated at the end of /etc/zshrc, so any code in ,
and may break if it relies on those options being set.
@@ -211,6 +245,20 @@
RuntimeDirectory and tmpfiles.
+
+
+ With the upgrade to systemd version 242 the systemd-timesyncd
+ service is no longer using DynamicUser=yes. In order for the
+ upgrade to work we rely on an activation script to move the state from the old
+ to the new directory. The older directory (prior 19.09) was
+ /var/lib/private/systemd/timesync.
+
+
+ As long as the system.config.stateVersion is below
+ 19.09 the state folder will migrated to its proper location
+ (/var/lib/systemd/timesync), if required.
+
+
Since version 0.1.19, cargo-vendor honors package
@@ -221,7 +269,6 @@
vendored files for most Rust packages, the hash that use used to verify
the dependencies, cargoSha256, also changes.
-
The cargoSha256 hashes of all in-tree derivations that
use buildRustPackage have been updated to reflect this
diff --git a/nixos/modules/misc/nixops-autoluks.nix b/nixos/modules/misc/nixops-autoluks.nix
new file mode 100644
index 00000000000..2153c6f975a
--- /dev/null
+++ b/nixos/modules/misc/nixops-autoluks.nix
@@ -0,0 +1,44 @@
+{ config, options, lib, ... }:
+let
+ path = [ "deployment" "autoLuks" ];
+ hasAutoLuksOption = lib.hasAttrByPath path options;
+ hasAutoLuksConfig = lib.hasAttrByPath path config && (lib.attrByPath path {} config) != {};
+
+ inherit (config.nixops) enableDeprecatedAutoLuks;
+in {
+ options.nixops.enableDeprecatedAutoLuks = lib.mkEnableOption "Enable the deprecated NixOps AutoLuks module";
+
+ config = {
+ assertions = [
+ {
+ assertion = if hasAutoLuksConfig then hasAutoLuksConfig && enableDeprecatedAutoLuks else true;
+ message = ''
+ ⚠️ !!! WARNING !!! ⚠️
+
+ NixOps autoLuks is deprecated. The feature was never widely used and the maintenance did outgrow the benefit.
+ If you still want to use the module:
+ a) Please raise your voice in the issue tracking usage of the module:
+ https://github.com/NixOS/nixpkgs/issues/62211
+ b) make sure you set the `_netdev` option for each of the file
+ systems referring to block devices provided by the autoLuks module.
+
+ ⚠️ If you do not set the option your system will not boot anymore! ⚠️
+
+ {
+ fileSystems."/secret" = { options = [ "_netdev" ]; };
+ }
+
+ b) set the option >nixops.enableDeprecatedAutoLuks = true< to remove this error.
+
+
+ For more details read through the following resources:
+ - https://github.com/NixOS/nixops/pull/1156
+ - https://github.com/NixOS/nixpkgs/issues/47550
+ - https://github.com/NixOS/nixpkgs/issues/62211
+ - https://github.com/NixOS/nixpkgs/pull/61321
+ '';
+ }
+ ];
+ };
+
+}
diff --git a/nixos/modules/misc/version.nix b/nixos/modules/misc/version.nix
index c576cf4cb92..c9b374b6d7b 100644
--- a/nixos/modules/misc/version.nix
+++ b/nixos/modules/misc/version.nix
@@ -95,6 +95,7 @@ in
PRETTY_NAME="NixOS ${cfg.version} (${cfg.codeName})"
LOGO="nix-snowflake"
HOME_URL="https://nixos.org/"
+ DOCUMENTATION_URL="https://nixos.org/nixos/manual/index.html"
SUPPORT_URL="https://nixos.org/nixos/support.html"
BUG_REPORT_URL="https://github.com/NixOS/nixpkgs/issues"
'';
diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix
index bb2c0a8f180..bb33d8e6d95 100644
--- a/nixos/modules/module-list.nix
+++ b/nixos/modules/module-list.nix
@@ -84,6 +84,7 @@
./misc/nixpkgs.nix
./misc/passthru.nix
./misc/version.nix
+ ./misc/nixops-autoluks.nix
./programs/adb.nix
./programs/atop.nix
./programs/autojump.nix
diff --git a/nixos/modules/services/hardware/80-net-setup-link.rules b/nixos/modules/services/hardware/80-net-setup-link.rules
deleted file mode 100644
index 18547f170a3..00000000000
--- a/nixos/modules/services/hardware/80-net-setup-link.rules
+++ /dev/null
@@ -1,13 +0,0 @@
-# Copied from systemd 203.
-ACTION=="remove", GOTO="net_name_slot_end"
-SUBSYSTEM!="net", GOTO="net_name_slot_end"
-NAME!="", GOTO="net_name_slot_end"
-
-IMPORT{cmdline}="net.ifnames"
-ENV{net.ifnames}=="0", GOTO="net_name_slot_end"
-
-NAME=="", ENV{ID_NET_NAME_ONBOARD}!="", NAME="$env{ID_NET_NAME_ONBOARD}"
-NAME=="", ENV{ID_NET_NAME_SLOT}!="", NAME="$env{ID_NET_NAME_SLOT}"
-NAME=="", ENV{ID_NET_NAME_PATH}!="", NAME="$env{ID_NET_NAME_PATH}"
-
-LABEL="net_name_slot_end"
diff --git a/nixos/modules/services/hardware/udev.nix b/nixos/modules/services/hardware/udev.nix
index 0266286aaac..cb2f1e6621a 100644
--- a/nixos/modules/services/hardware/udev.nix
+++ b/nixos/modules/services/hardware/udev.nix
@@ -116,10 +116,6 @@ let
exit 1
fi
- ${optionalString config.networking.usePredictableInterfaceNames ''
- cp ${./80-net-setup-link.rules} $out/80-net-setup-link.rules
- ''}
-
# If auto-configuration is disabled, then remove
# udev's 80-drivers.rules file, which contains rules for
# automatically calling modprobe.
@@ -282,6 +278,8 @@ in
services.udev.path = [ pkgs.coreutils pkgs.gnused pkgs.gnugrep pkgs.utillinux udev ];
+ boot.kernelParams = mkIf (!config.networking.usePredictableInterfaceNames) [ "net.ifnames=0" ];
+
environment.etc =
[ { source = udevRules;
target = "udev/rules.d";
diff --git a/nixos/modules/system/boot/networkd.nix b/nixos/modules/system/boot/networkd.nix
index 882db9130ea..f1aa9064bef 100644
--- a/nixos/modules/system/boot/networkd.nix
+++ b/nixos/modules/system/boot/networkd.nix
@@ -203,7 +203,7 @@ let
checkRoute = checkUnitConfig "Route" [
(assertOnlyFields [
- "Gateway" "GatewayOnlink" "Destination" "Source" "Metric"
+ "Gateway" "GatewayOnLink" "Destination" "Source" "Metric"
"IPv6Preference" "Scope" "PreferredSource" "Table" "Protocol" "Type"
"InitialCongestionWindow" "InitialAdvertisedReceiveWindow" "QuickAck"
"MTUBytes"
diff --git a/nixos/modules/system/boot/systemd.nix b/nixos/modules/system/boot/systemd.nix
index 933dea1c6b8..cf35504e518 100644
--- a/nixos/modules/system/boot/systemd.nix
+++ b/nixos/modules/system/boot/systemd.nix
@@ -943,7 +943,6 @@ in
# Don't bother with certain units in containers.
systemd.services.systemd-remount-fs.unitConfig.ConditionVirtualization = "!container";
systemd.services.systemd-random-seed.unitConfig.ConditionVirtualization = "!container";
-
};
# FIXME: Remove these eventually.
@@ -952,5 +951,4 @@ in
(mkRenamedOptionModule [ "boot" "systemd" "targets" ] [ "systemd" "targets" ])
(mkRenamedOptionModule [ "boot" "systemd" "services" ] [ "systemd" "services" ])
];
-
}
diff --git a/nixos/modules/system/boot/timesyncd.nix b/nixos/modules/system/boot/timesyncd.nix
index 8d8bfe5900a..8282cdd6f3a 100644
--- a/nixos/modules/system/boot/timesyncd.nix
+++ b/nixos/modules/system/boot/timesyncd.nix
@@ -40,6 +40,15 @@ with lib;
users.users.systemd-timesync.uid = config.ids.uids.systemd-timesync;
users.groups.systemd-timesync.gid = config.ids.gids.systemd-timesync;
+ system.activationScripts.systemd-timesyncd-migration = mkIf (versionOlder config.system.stateVersion "19.09") ''
+ # workaround an issue of systemd-timesyncd not starting due to upstream systemd reverting their dynamic users changes
+ # - https://github.com/NixOS/nixpkgs/pull/61321#issuecomment-492423742
+ # - https://github.com/systemd/systemd/issues/12131
+ if [ -L /var/lib/systemd/timesync ]; then
+ rm /var/lib/systemd/timesync
+ mv /var/lib/private/systemd/timesync /var/lib/systemd/timesync
+ fi
+ '';
};
}
diff --git a/nixos/modules/tasks/network-interfaces-systemd.nix b/nixos/modules/tasks/network-interfaces-systemd.nix
index 2318bdd1d58..857aaf1e6e3 100644
--- a/nixos/modules/tasks/network-interfaces-systemd.nix
+++ b/nixos/modules/tasks/network-interfaces-systemd.nix
@@ -12,7 +12,7 @@ let
i.ipv4.addresses
++ optionals cfg.enableIPv6 i.ipv6.addresses;
- dhcpStr = useDHCP: if useDHCP == true || useDHCP == null then "both" else "none";
+ dhcpStr = useDHCP: if useDHCP == true || useDHCP == null then "both" else "no";
slaves =
concatLists (map (bond: bond.interfaces) (attrValues cfg.bonds))
@@ -59,7 +59,14 @@ in
in {
DHCP = override (dhcpStr cfg.useDHCP);
} // optionalAttrs (gateway != [ ]) {
- gateway = override gateway;
+ routes = override [
+ {
+ routeConfig = {
+ Gateway = gateway;
+ GatewayOnLink = false;
+ };
+ }
+ ];
} // optionalAttrs (domains != [ ]) {
domains = override domains;
};
diff --git a/nixos/modules/testing/test-instrumentation.nix b/nixos/modules/testing/test-instrumentation.nix
index ed4cfa7805e..1a11d9ce7c2 100644
--- a/nixos/modules/testing/test-instrumentation.nix
+++ b/nixos/modules/testing/test-instrumentation.nix
@@ -129,9 +129,6 @@ with import ../../lib/qemu-flags.nix { inherit pkgs; };
users.users.root.initialHashedPassword = mkOverride 150 "";
services.xserver.displayManager.job.logToJournal = true;
-
- # set default stateVersion to avoid warnings during eval
- system.stateVersion = mkDefault "18.03";
};
}
diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix
index 912e4f55231..3872970343a 100644
--- a/nixos/tests/all-tests.nix
+++ b/nixos/tests/all-tests.nix
@@ -240,6 +240,7 @@ in
syncthing-relay = handleTest ./syncthing-relay.nix {};
systemd = handleTest ./systemd.nix {};
systemd-confinement = handleTest ./systemd-confinement.nix {};
+ systemd-timesyncd = handleTest ./systemd-timesyncd.nix {};
pdns-recursor = handleTest ./pdns-recursor.nix {};
taskserver = handleTest ./taskserver.nix {};
telegraf = handleTest ./telegraf.nix {};
diff --git a/nixos/tests/containers-imperative.nix b/nixos/tests/containers-imperative.nix
index 0c101037aa7..2e7e4b2f1d6 100644
--- a/nixos/tests/containers-imperative.nix
+++ b/nixos/tests/containers-imperative.nix
@@ -35,7 +35,17 @@ import ./make-test.nix ({ pkgs, ...} : {
];
};
- testScript =
+ testScript = let
+ tmpfilesContainerConfig = pkgs.writeText "container-config-tmpfiles" ''
+ {
+ systemd.tmpfiles.rules = [ "d /foo - - - - -" ];
+ systemd.services.foo = {
+ serviceConfig.Type = "oneshot";
+ script = "ls -al /foo";
+ wantedBy = [ "multi-user.target" ];
+ };
+ }
+ ''; in
''
# Make sure we have a NixOS tree (required by ‘nixos-container create’).
$machine->succeed("PAGER=cat nix-env -qa -A nixos.hello >&2");
@@ -93,6 +103,15 @@ import ./make-test.nix ({ pkgs, ...} : {
$machine->succeed("nixos-container stop $id1");
$machine->succeed("nixos-container start $id1");
+ # Ensure tmpfiles are present
+ $machine->log("creating container tmpfiles");
+ $machine->succeed("nixos-container create tmpfiles --config-file ${tmpfilesContainerConfig}");
+ $machine->log("created, starting…");
+ $machine->succeed("nixos-container start tmpfiles");
+ $machine->log("done starting, investigating…");
+ $machine->succeed("echo \$(nixos-container run tmpfiles -- systemctl is-active foo.service) | grep -q active;");
+ $machine->succeed("nixos-container destroy tmpfiles");
+
# Execute commands via the root shell.
$machine->succeed("nixos-container run $id1 -- uname") =~ /Linux/ or die;
diff --git a/nixos/tests/radicale.nix b/nixos/tests/radicale.nix
index bf22fc9291a..60796425564 100644
--- a/nixos/tests/radicale.nix
+++ b/nixos/tests/radicale.nix
@@ -85,7 +85,7 @@ in
$radicale->succeed('mv /tmp/collections-new/collection-root /tmp/collections');
$radicale->succeed('${switchToConfig "radicale2_verify"} >&2');
$radicale->waitUntilFails('systemctl status radicale');
- my ($retcode, $logs) = $radicale->execute('journalctl -u radicale -n 5');
+ my ($retcode, $logs) = $radicale->execute('journalctl -u radicale -n 10');
if ($retcode != 0 || index($logs, 'Verifying storage') == -1) {
die "Radicale 2 didn't verify storage"
}
diff --git a/nixos/tests/systemd-timesyncd.nix b/nixos/tests/systemd-timesyncd.nix
new file mode 100644
index 00000000000..d12b8eb2bf7
--- /dev/null
+++ b/nixos/tests/systemd-timesyncd.nix
@@ -0,0 +1,52 @@
+# Regression test for systemd-timesync having moved the state directory without
+# upstream providing a migration path. https://github.com/systemd/systemd/issues/12131
+
+import ./make-test.nix (let
+ common = { lib, ... }: {
+ # override the `false` value from the qemu-vm base profile
+ services.timesyncd.enable = lib.mkForce true;
+ };
+ mkVM = conf: { imports = [ conf common ]; };
+in {
+ name = "systemd-timesyncd";
+ nodes = {
+ current = mkVM {};
+ pre1909 = mkVM ({lib, ... }: with lib; {
+ # create the path that should be migrated by our activation script when
+ # upgrading to a newer nixos version
+ system.stateVersion = "19.03";
+ system.activationScripts.simulate-old-timesync-state-dir = mkBefore ''
+ rm -f /var/lib/systemd/timesync
+ mkdir -p /var/lib/systemd /var/lib/private/systemd/timesync
+ ln -s /var/lib/private/systemd/timesync /var/lib/systemd/timesync
+ chown systemd-timesync: /var/lib/private/systemd/timesync
+ '';
+ });
+ };
+
+ testScript = ''
+ startAll;
+ $current->succeed('systemctl status systemd-timesyncd.service');
+ # on a new install with a recent systemd there should not be any
+ # leftovers from the dynamic user mess
+ $current->succeed('test -e /var/lib/systemd/timesync');
+ $current->succeed('test ! -L /var/lib/systemd/timesync');
+
+ # timesyncd should be running on the upgrading system since we fixed the
+ # file bits in the activation script
+ $pre1909->succeed('systemctl status systemd-timesyncd.service');
+
+ # the path should be gone after the migration
+ $pre1909->succeed('test ! -e /var/lib/private/systemd/timesync');
+
+ # and the new path should no longer be a symlink
+ $pre1909->succeed('test -e /var/lib/systemd/timesync');
+ $pre1909->succeed('test ! -L /var/lib/systemd/timesync');
+
+ # after a restart things should still work and not fail in the activation
+ # scripts and cause the boot to fail..
+ $pre1909->shutdown;
+ $pre1909->start;
+ $pre1909->succeed('systemctl status systemd-timesyncd.service');
+ '';
+})
diff --git a/pkgs/build-support/setup-hooks/patch-shebangs.sh b/pkgs/build-support/setup-hooks/patch-shebangs.sh
index f4a865e9668..3e900d0704c 100644
--- a/pkgs/build-support/setup-hooks/patch-shebangs.sh
+++ b/pkgs/build-support/setup-hooks/patch-shebangs.sh
@@ -4,11 +4,14 @@
# /usr/bin/env gets special treatment so that ".../bin/env python" is
# rewritten to /nix/store//bin/python. Interpreters that are
# already in the store are left untouched.
+# A script file must be marked as executable, otherwise it will not be
+# considered.
fixupOutputHooks+=(patchShebangsAuto)
-# Run patch shebangs on a directory.
-# patchShebangs [--build | --host] directory
+# Run patch shebangs on a directory or file.
+# Can take multiple paths as arguments.
+# patchShebangs [--build | --host] PATH...
# Flags:
# --build : Lookup commands available at build-time
@@ -29,9 +32,7 @@ patchShebangs() {
shift
fi
- local dir="$1"
-
- header "patching script interpreter paths in $dir"
+ echo "patching script interpreter paths in $@"
local f
local oldPath
local newPath
@@ -40,7 +41,10 @@ patchShebangs() {
local oldInterpreterLine
local newInterpreterLine
- [ -e "$dir" ] || return 0
+ if [ $# -eq 0 ]; then
+ echo "No arguments supplied to patchShebangs" >0
+ return 0
+ fi
local f
while IFS= read -r -d $'\0' f; do
@@ -62,7 +66,7 @@ patchShebangs() {
# - options: something starting with a '-'
# - environment variables: foo=bar
if $(echo "$arg0" | grep -q -- "^-.*\|.*=.*"); then
- echo "$f: unsupported interpreter directive \"$oldInterpreterLine\" (set dontPatchShebangs=1 and handle shebang patching yourself)"
+ echo "$f: unsupported interpreter directive \"$oldInterpreterLine\" (set dontPatchShebangs=1 and handle shebang patching yourself)" >0
exit 1
fi
@@ -95,7 +99,7 @@ patchShebangs() {
rm "$timestamp"
fi
fi
- done < <(find "$dir" -type f -perm -0100 -print0)
+ done < <(find "$@" -type f -perm -0100 -print0)
stopNest
}
diff --git a/pkgs/development/libraries/dbus/default.nix b/pkgs/development/libraries/dbus/default.nix
index 6d85fe1233c..60d0cc81d2b 100644
--- a/pkgs/development/libraries/dbus/default.nix
+++ b/pkgs/development/libraries/dbus/default.nix
@@ -6,8 +6,8 @@ assert x11Support -> libX11 != null
&& libSM != null;
let
- version = "1.12.12";
- sha256 = "1y7mxhkw2shd9mi9s62k81lz8npjkrafapr4fyfms7hs04kg4ilm";
+ version = "1.12.14";
+ sha256 = "13aca7gzgl7z1dfdipfs23773w8n6z01d4rj5kmssv4gms8c5ya4";
self = stdenv.mkDerivation {
name = "dbus-${version}";
diff --git a/pkgs/development/libraries/glib/default.nix b/pkgs/development/libraries/glib/default.nix
index db4eee38b6e..a2c7bdc5bde 100644
--- a/pkgs/development/libraries/glib/default.nix
+++ b/pkgs/development/libraries/glib/default.nix
@@ -46,7 +46,7 @@ let
'';
binPrograms = optional (!stdenv.isDarwin) "gapplication" ++ [ "gdbus" "gio" "gsettings" ];
- version = "2.60.2";
+ version = "2.60.3";
in
stdenv.mkDerivation rec {
@@ -54,7 +54,7 @@ stdenv.mkDerivation rec {
src = fetchurl {
url = "mirror://gnome/sources/glib/${stdenv.lib.versions.majorMinor version}/${name}.tar.xz";
- sha256 = "1nc0iyday7866hq0hb78h7lxa44an998lzis8jhgvp8a0rsm9w9f";
+ sha256 = "1fb0nx9fcmic8rsh0fbp79lqpasfjxljvnshbw2hsya51mb0vaq4";
};
patches = optional stdenv.isDarwin ./darwin-compilation.patch
diff --git a/pkgs/development/libraries/harfbuzz/default.nix b/pkgs/development/libraries/harfbuzz/default.nix
index 7c364c0fcdf..a405633c1b8 100644
--- a/pkgs/development/libraries/harfbuzz/default.nix
+++ b/pkgs/development/libraries/harfbuzz/default.nix
@@ -8,7 +8,7 @@
}:
let
- version = "2.3.1";
+ version = "2.5.1";
inherit (stdenv.lib) optional optionals optionalString;
in
@@ -16,8 +16,8 @@ stdenv.mkDerivation {
name = "harfbuzz${optionalString withIcu "-icu"}-${version}";
src = fetchurl {
- url = "https://www.freedesktop.org/software/harfbuzz/release/harfbuzz-${version}.tar.bz2";
- sha256 = "0s74ramsbfa183rxkidqgfd2vbhrwicnrqzqsq440dwibffnj1gj";
+ url = "https://www.freedesktop.org/software/harfbuzz/release/harfbuzz-${version}.tar.xz";
+ sha256 = "17kiyq23g7bnjvyn2yg4gyr7i7qjam65n20whsrplpxxk9bk8j3d";
};
postPatch = ''
diff --git a/pkgs/development/libraries/libevent/default.nix b/pkgs/development/libraries/libevent/default.nix
index 39d2c29b012..2bc2bcb5b85 100644
--- a/pkgs/development/libraries/libevent/default.nix
+++ b/pkgs/development/libraries/libevent/default.nix
@@ -6,25 +6,13 @@ assert sslSupport -> openssl != null;
stdenv.mkDerivation rec {
name = "libevent-${version}";
- version = "2.1.8";
+ version = "2.1.10";
src = fetchurl {
url = "https://github.com/libevent/libevent/releases/download/release-${version}-stable/libevent-${version}-stable.tar.gz";
- sha256 = "1hhxnxlr0fsdv7bdmzsnhdz16fxf3jg2r6vyljcl3kj6pflcap4n";
+ sha256 = "1c25928gdv495clxk2v1d4gkr5py7ack4gx2n7d13frnld0syr78";
};
- #NOTE: Patches to support libressl-2.7. These are taken from libevent upstream, and can both be dropped with the next release.
- patches = [
- (fetchpatch {
- url = "https://github.com/libevent/libevent/commit/22dd14945c25600de3cf8b91000c66703b551e4f.patch";
- sha256 = "0fzcb241cp9mm7j6baw22blcglbc083ryigzyjaij8r530av10kd";
- })
- (fetchpatch {
- url = "https://github.com/libevent/libevent/commit/28b8075400c70b2d2da2ce07e590c2ec6d11783d.patch";
- sha256 = "0dkzlk44033xksg2iq5w90r3lnziwl1mgz291nzqq906zrya0sdb";
- })
- ];
-
# libevent_openssl is moved into its own output, so that openssl isn't present
# in the default closure.
outputs = [ "out" "dev" ]
diff --git a/pkgs/development/libraries/libical/default.nix b/pkgs/development/libraries/libical/default.nix
index 8ca3dd72754..91653022052 100644
--- a/pkgs/development/libraries/libical/default.nix
+++ b/pkgs/development/libraries/libical/default.nix
@@ -5,7 +5,7 @@ stdenv.mkDerivation rec {
name = "libical-${version}";
version = "3.0.4";
- outputs = [ "out" "dev" "devdoc" ];
+ outputs = [ "out" "dev" ]; #"devdoc" ];
src = fetchFromGitHub {
owner = "libical";
@@ -17,7 +17,8 @@ stdenv.mkDerivation rec {
nativeBuildInputs = [
perl pkgconfig cmake ninja vala gobject-introspection
(python3.withPackages (pkgs: with pkgs; [ pygobject3 ])) # running libical-glib tests
- gtk-doc docbook_xsl docbook_xml_dtd_43 # docs
+# Docs building fails: https://github.com/NixOS/nixpkgs/pull/61657#issuecomment-495579489
+# gtk-doc docbook_xsl docbook_xml_dtd_43 # docs
];
buildInputs = [ glib libxml2 icu ];
diff --git a/pkgs/development/libraries/libidn2/default.nix b/pkgs/development/libraries/libidn2/default.nix
index c0fadfeb679..5ec5b8e04dd 100644
--- a/pkgs/development/libraries/libidn2/default.nix
+++ b/pkgs/development/libraries/libidn2/default.nix
@@ -4,11 +4,11 @@ with stdenv.lib;
stdenv.mkDerivation rec {
name = "libidn2-${version}";
- version = "2.1.1a";
+ version = "2.2.0";
src = fetchurl {
url = "mirror://gnu/gnu/libidn/${name}.tar.gz";
- sha256 = "0wlb0jrkccsdxlx90wx6ax5raqcm6y9c75dcgc6j6m6gdv7nnrjp";
+ sha256 = "1zl1cc2xgxw31pdhvhr5ij36x4vvpy16jq667rspin06nlr4fwzw";
};
outputs = [ "bin" "dev" "out" "info" "devdoc" ];
diff --git a/pkgs/development/libraries/libnftnl/default.nix b/pkgs/development/libraries/libnftnl/default.nix
index f94af349842..ad51ac8d6db 100644
--- a/pkgs/development/libraries/libnftnl/default.nix
+++ b/pkgs/development/libraries/libnftnl/default.nix
@@ -1,12 +1,12 @@
{ stdenv, fetchurl, pkgconfig, libmnl }:
stdenv.mkDerivation rec {
- version = "1.1.2";
- name = "libnftnl-${version}";
+ version = "1.1.3";
+ pname = "libnftnl";
src = fetchurl {
- url = "https://netfilter.org/projects/libnftnl/files/${name}.tar.bz2";
- sha256 = "0pffmsv41alsn5ac7mwnb9fh3qpwzqk13jrzn6c5i71wq6kbgix5";
+ url = "https://netfilter.org/projects/${pname}/files/${pname}-${version}.tar.bz2";
+ sha256 = "03xszkcpqk3s1rqc6vh7g5j13kh3d3yjnvjhk5scds3an39rgp92";
};
nativeBuildInputs = [ pkgconfig ];
diff --git a/pkgs/development/libraries/libpsl/default.nix b/pkgs/development/libraries/libpsl/default.nix
index ac00920d054..7e2443d31e9 100644
--- a/pkgs/development/libraries/libpsl/default.nix
+++ b/pkgs/development/libraries/libpsl/default.nix
@@ -26,7 +26,7 @@ stdenv.mkDerivation rec {
configureFlags = [
"--disable-static"
- "--enable-gtk-doc"
+# "--enable-gtk-doc"
"--enable-man"
"--enable-valgrind-tests"
"--with-psl-distfile=${publicsuffix-list}/share/publicsuffix/public_suffix_list.dat"
diff --git a/pkgs/development/libraries/librime/default.nix b/pkgs/development/libraries/librime/default.nix
index b1e42617253..71362fd7ef7 100644
--- a/pkgs/development/libraries/librime/default.nix
+++ b/pkgs/development/libraries/librime/default.nix
@@ -2,14 +2,14 @@
libyamlcpp, gmock }:
stdenv.mkDerivation rec {
- name = "librime-${version}";
- version = "1.4.0";
+ pname = "librime";
+ version = "1.5.0";
src = fetchFromGitHub {
owner = "rime";
repo = "librime";
rev = "${version}";
- sha256 = "1zkx1wfbd94v55gfycyd2b94jxclfyk2zl7yw35pyjx63qdlb6sd";
+ sha256 = "10wvh1l4317yzcys4rzlkw42i6cj5p8g62r1xzyjw32ky2d0ndxl";
};
nativeBuildInputs = [ cmake ];
diff --git a/pkgs/development/libraries/libsodium/default.nix b/pkgs/development/libraries/libsodium/default.nix
index 51f779bca6b..8c88abd2c44 100644
--- a/pkgs/development/libraries/libsodium/default.nix
+++ b/pkgs/development/libraries/libsodium/default.nix
@@ -1,11 +1,11 @@
{ stdenv, fetchurl }:
stdenv.mkDerivation rec {
- name = "libsodium-1.0.17";
+ name = "libsodium-1.0.18";
src = fetchurl {
url = "https://download.libsodium.org/libsodium/releases/${name}.tar.gz";
- sha256 = "1cf2d9v1gylz1qcy2zappbf526qfmph6gd6fnn3w2b347vixmhqc";
+ sha256 = "1h9ncvj23qbbni958knzsli8dvybcswcjbx0qjjgi922nf848l3g";
};
outputs = [ "out" "dev" ];
diff --git a/pkgs/development/libraries/libuv/default.nix b/pkgs/development/libraries/libuv/default.nix
index 78abbe7392c..e725439a3f1 100644
--- a/pkgs/development/libraries/libuv/default.nix
+++ b/pkgs/development/libraries/libuv/default.nix
@@ -1,14 +1,14 @@
{ stdenv, lib, fetchpatch, fetchFromGitHub, autoconf, automake, libtool, pkgconfig, ApplicationServices, CoreServices }:
stdenv.mkDerivation rec {
- version = "1.28.0";
+ version = "1.29.1";
pname = "libuv";
src = fetchFromGitHub {
owner = pname;
repo = pname;
rev = "v${version}";
- sha256 = "0l0gx69sdy3sv3pirjbca2ws54n9d83mj0j96h77k0ncywimvi64";
+ sha256 = "0scnircr6khgh7l3bw9zyfzdgx2c11mpfhd9d8qlw47arrvqg7l8";
};
postPatch = let
diff --git a/pkgs/development/libraries/mesa/default.nix b/pkgs/development/libraries/mesa/default.nix
index c18de60aad1..40a03707ea5 100644
--- a/pkgs/development/libraries/mesa/default.nix
+++ b/pkgs/development/libraries/mesa/default.nix
@@ -2,7 +2,7 @@
, pkgconfig, intltool, autoreconfHook
, file, expat, libdrm, xorg, wayland, wayland-protocols, openssl
, llvmPackages, libffi, libomxil-bellagio, libva-minimal
-, libelf, libvdpau, valgrind-light, python2, python2Packages
+, libelf, libvdpau, python2, python2Packages
, libglvnd
, enableRadv ? true
, galliumDrivers ? null
@@ -10,6 +10,7 @@
, vulkanDrivers ? null
, eglPlatforms ? [ "x11" ] ++ lib.optionals stdenv.isLinux [ "wayland" "drm" ]
, OpenGL, Xplugin
+, withValgrind ? stdenv.hostPlatform.isLinux && !stdenv.hostPlatform.isAarch32, valgrind-light
}:
/** Packaging design:
@@ -25,10 +26,6 @@
with stdenv.lib;
-if ! elem stdenv.hostPlatform.system platforms.mesaPlatforms then
- throw "${stdenv.system}: unsupported platform for Mesa"
-else
-
let
# platforms that have PCIe slots and thus can use most non-integrated GPUs
pciePlatform = !stdenv.hostPlatform.isAarch32 && !stdenv.hostPlatform.isAarch64;
@@ -150,7 +147,8 @@ let self = stdenv.mkDerivation {
libffi libvdpau libelf libXvMC
libpthreadstubs openssl /*or another sha1 provider*/
] ++ lib.optionals (elem "wayland" eglPlatforms) [ wayland wayland-protocols ]
- ++ lib.optionals stdenv.isLinux [ valgrind-light libomxil-bellagio libva-minimal ];
+ ++ lib.optionals stdenv.isLinux [ libomxil-bellagio libva-minimal ]
+ ++ lib.optional withValgrind valgrind-light;
enableParallelBuilding = true;
doCheck = false;
@@ -310,7 +308,7 @@ let self = stdenv.mkDerivation {
description = "An open source implementation of OpenGL";
homepage = https://www.mesa3d.org/;
license = licenses.mit; # X11 variant, in most files
- platforms = platforms.linux ++ platforms.darwin;
+ platforms = platforms.mesaPlatforms;
maintainers = with maintainers; [ vcunat ];
};
};
diff --git a/pkgs/development/libraries/newt/default.nix b/pkgs/development/libraries/newt/default.nix
index 1a5656b7ca1..60dc00a335d 100644
--- a/pkgs/development/libraries/newt/default.nix
+++ b/pkgs/development/libraries/newt/default.nix
@@ -1,11 +1,12 @@
{ fetchurl, stdenv, slang, popt }:
stdenv.mkDerivation rec {
- name = "newt-0.52.20";
+ pname = "newt";
+ version = "0.52.21";
src = fetchurl {
- url = "https://fedorahosted.org/releases/n/e/newt/${name}.tar.gz";
- sha256 = "1g3dpfnvaw7vljbr7nzq1rl88d6r8cmrvvng9inphgzwxxmvlrld";
+ url = "https://fedorahosted.org/releases/n/e/${pname}/${pname}-${version}.tar.gz";
+ sha256 = "0cdvbancr7y4nrj8257y5n45hmhizr8isynagy4fpsnpammv8pi6";
};
patchPhase = ''
diff --git a/pkgs/development/libraries/openssl/default.nix b/pkgs/development/libraries/openssl/default.nix
index 1c0d124b5c0..ef617a92eaa 100644
--- a/pkgs/development/libraries/openssl/default.nix
+++ b/pkgs/development/libraries/openssl/default.nix
@@ -120,8 +120,8 @@ let
in {
openssl_1_0_2 = common {
- version = "1.0.2r";
- sha256 = "1mnh27zf6r1bhm5d9fxqq9slv2gz0d9z2ij9i679b0wapa5x0ldf";
+ version = "1.0.2s";
+ sha256 = "15mbmg8hf7s12vr3v2bdc0pi9y4pdbnsxhzk4fyyap42jaa5rgfa";
patches = [
./1.0.2/nix-ssl-cert-file.patch
@@ -132,15 +132,10 @@ in {
};
openssl_1_1 = common {
- version = "1.1.1b";
- sha256 = "0jza8cmznnyiia43056dij1jdmz62dx17wsn0zxksh9h6817nmaw";
+ version = "1.1.1c";
+ sha256 = "142c7zdlz06hjrrvinb9f276czc78bnkyhd9xma621qmmmwk1yzn";
patches = [
./1.1/nix-ssl-cert-file.patch
- (fetchurl {
- name = "long-chacha-nonce.patch";
- url = "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff_plain;h=f426625b6ae9a7831010750490a5f0ad689c5ba3";
- sha256= "02ghqg3vzmzx3s1dwwwbm1p1l4asaiampyg4k9vfrjwficvgpdgp";
- })
(if stdenv.hostPlatform.isDarwin
then ./1.1/use-etc-ssl-certs-darwin.patch
diff --git a/pkgs/development/mobile/androidenv/compose-android-packages.nix b/pkgs/development/mobile/androidenv/compose-android-packages.nix
index 935a4a4f2fb..40b2ed775cd 100644
--- a/pkgs/development/mobile/androidenv/compose-android-packages.nix
+++ b/pkgs/development/mobile/androidenv/compose-android-packages.nix
@@ -26,7 +26,7 @@ let
# Determine the Android os identifier from Nix's system identifier
os = if stdenv.system == "x86_64-linux" then "linux"
else if stdenv.system == "x86_64-darwin" then "macosx"
- else throw "No tarballs found for system architecture: ${stdenv.system}";
+ else throw "No Android SDK tarballs are available for system architecture: ${stdenv.system}";
# Generated Nix packages
packages = import ./generated/packages.nix {
diff --git a/pkgs/development/python-modules/aiohttp/cors.nix b/pkgs/development/python-modules/aiohttp-cors/default.nix
similarity index 100%
rename from pkgs/development/python-modules/aiohttp/cors.nix
rename to pkgs/development/python-modules/aiohttp-cors/default.nix
diff --git a/pkgs/development/python-modules/aiohttp/default.nix b/pkgs/development/python-modules/aiohttp/default.nix
index 90bd7521ea4..5769109f774 100644
--- a/pkgs/development/python-modules/aiohttp/default.nix
+++ b/pkgs/development/python-modules/aiohttp/default.nix
@@ -40,6 +40,14 @@ buildPythonPackage rec {
propagatedBuildInputs = [ attrs chardet multidict async-timeout yarl ]
++ lib.optionals (pythonOlder "3.7") [ idna-ssl typing-extensions ];
+ # Don't error on cryptography deprecation warning
+ postPatch = ''
+ substituteInPlace pytest.ini --replace "filterwarnings = error" ""
+ '';
+
+ # coroutine 'noop2' was never awaited
+ doCheck = false;
+
meta = with lib; {
description = "Asynchronous HTTP Client/Server for Python and asyncio";
license = licenses.asl20;
diff --git a/pkgs/development/python-modules/asyncssh/default.nix b/pkgs/development/python-modules/asyncssh/default.nix
index 5320d5be108..a078a420716 100644
--- a/pkgs/development/python-modules/asyncssh/default.nix
+++ b/pkgs/development/python-modules/asyncssh/default.nix
@@ -5,12 +5,12 @@
buildPythonPackage rec {
pname = "asyncssh";
- version = "1.16.1";
+ version = "1.17.0";
disabled = pythonOlder "3.4";
src = fetchPypi {
inherit pname version;
- sha256 = "0qia1ay2dhwps5sfh0hif7mrv7yxvykxs9l7cmfp4m6hmqnn3r5r";
+ sha256 = "1qrpkdyl77956qg6g7g66bbd6bfvb2nwi2sjy3v3li8m3irx8d7d";
};
patches = [
@@ -21,13 +21,6 @@ buildPythonPackage rec {
# However that broke the test on NixOS, failing with
# "Operation not permitted"
./fix-sftp-chmod-test-nixos.patch
-
- # Restore libnacl support for curve25519/ed25519 as a fallback for PyCA
- # Fixes https://github.com/ronf/asyncssh/issues/206 with older openssl
- (fetchpatch {
- url = "https://github.com/ronf/asyncssh/commit/1dee113bb3e4a6888de562b0413e9abd6a0f0f04.patch";
- sha256 = "04bckdj7i6xk24lizkn3a8cj375pkz7yc57fc0vk222c6jzwzaml";
- })
];
propagatedBuildInputs = [
diff --git a/pkgs/development/python-modules/cryptography/default.nix b/pkgs/development/python-modules/cryptography/default.nix
index f40f0bf63d8..6b20b4b570a 100644
--- a/pkgs/development/python-modules/cryptography/default.nix
+++ b/pkgs/development/python-modules/cryptography/default.nix
@@ -21,11 +21,11 @@
buildPythonPackage rec {
pname = "cryptography";
- version = "2.6.1"; # Also update the hash in vectors.nix
+ version = "2.7"; # Also update the hash in vectors.nix
src = fetchPypi {
inherit pname version;
- sha256 = "19iwz5avym5zl6jrrrkym1rdaa9h61j20ph4cswsqgv8xg5j3j16";
+ sha256 = "1inlnr36kl36551c9rcad99jmhk81v33by3glkadwdcgmi17fd76";
};
outputs = [ "out" "dev" ];
diff --git a/pkgs/development/python-modules/cryptography/vectors.nix b/pkgs/development/python-modules/cryptography/vectors.nix
index 5679905cd14..ea24ed90801 100644
--- a/pkgs/development/python-modules/cryptography/vectors.nix
+++ b/pkgs/development/python-modules/cryptography/vectors.nix
@@ -7,7 +7,7 @@ buildPythonPackage rec {
src = fetchPypi {
inherit pname version;
- sha256 = "1bsqcv3h49dzqnyn29ijq8r7k1ra8ikl1y9qcpcns9nbvhaq3wq3";
+ sha256 = "1g38zw90510azyfrj6mxbslx2gp9yrnv5dac0w2819k9ssdznbgi";
};
# No tests included
diff --git a/pkgs/development/python-modules/scandir/default.nix b/pkgs/development/python-modules/scandir/default.nix
index 9aa2269c957..2736eb2ee9a 100644
--- a/pkgs/development/python-modules/scandir/default.nix
+++ b/pkgs/development/python-modules/scandir/default.nix
@@ -2,13 +2,15 @@
buildPythonPackage rec {
pname = "scandir";
- version = "1.7";
+ version = "1.10.0";
src = fetchPypi {
inherit pname version;
- sha256 ="0gbnhjzg42rj87ljv9kb648rfxph69ly3c8r9841dxy4d7l5pmdj";
+ sha256 ="1bkqwmf056pkchf05ywbnf659wqlp6lljcdb0y88wr9f0vv32ijd";
};
+ checkPhase = "python test/run_tests.py";
+
meta = with lib; {
description = "A better directory iterator and faster os.walk()";
homepage = https://github.com/benhoyt/scandir;
diff --git a/pkgs/development/tools/documentation/gtk-doc/0001-highlight-fix-permission-on-file-style.patch b/pkgs/development/tools/documentation/gtk-doc/0001-highlight-fix-permission-on-file-style.patch
new file mode 100644
index 00000000000..f7e37a1a5e5
--- /dev/null
+++ b/pkgs/development/tools/documentation/gtk-doc/0001-highlight-fix-permission-on-file-style.patch
@@ -0,0 +1,24 @@
+From 95a75c95c5c4e641ce7cda0ded968d66f07f822a Mon Sep 17 00:00:00 2001
+From: worldofpeace
+Date: Sat, 18 May 2019 14:44:08 -0400
+Subject: [PATCH] highlight: fix permission on file style
+
+---
+ gtkdoc/highlight.py | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/gtkdoc/highlight.py b/gtkdoc/highlight.py
+index 8f6e470..d11c432 100644
+--- a/gtkdoc/highlight.py
++++ b/gtkdoc/highlight.py
+@@ -47,6 +47,6 @@ def highlight_code(code, lang='c'):
+
+
+ def append_style_defs(css_file_name):
+- os.chmod(css_file_name, stat.S_IWRITE)
++ os.chmod(css_file_name, 0o664)
+ with open(css_file_name, 'at', newline='\n', encoding='utf-8') as css:
+ css.write(HTML_FORMATTER.get_style_defs())
+--
+2.21.0
+
diff --git a/pkgs/development/tools/documentation/gtk-doc/default.nix b/pkgs/development/tools/documentation/gtk-doc/default.nix
index f6083a78bf8..44b5384106e 100644
--- a/pkgs/development/tools/documentation/gtk-doc/default.nix
+++ b/pkgs/development/tools/documentation/gtk-doc/default.nix
@@ -1,30 +1,59 @@
-{ stdenv, fetchurl, autoreconfHook, pkgconfig, perl, python3, libxml2Python, libxslt, which
-, docbook_xml_dtd_43, docbook_xsl, gnome-doc-utils, gettext, itstool, gnome3
+{ stdenv
+, fetchFromGitLab
+, meson
+, ninja
+, pkgconfig
+, python3
+, libxml2Python
+, docbook_xml_dtd_43
+, docbook_xsl
+, libxslt
+, gettext
+, gnome3
, withDblatex ? false, dblatex
}:
stdenv.mkDerivation rec {
pname = "gtk-doc";
- version = "1.29";
+ version = "1.30";
- src = fetchurl {
- url = "mirror://gnome/sources/${pname}/${stdenv.lib.versions.majorMinor version}/${pname}-${version}.tar.xz";
- sha256 = "1cc6yl8l275qn3zpjl6f0s4fwmkczngjr9hhsdv74mln4h08wmql";
+ src = fetchFromGitLab {
+ domain = "gitlab.gnome.org";
+ owner = "GNOME";
+ repo = pname;
+ rev = "GTK_DOC_${stdenv.lib.replaceStrings ["."] ["_"] version }";
+ sha256 = "05lr6apj3pd3s59a7k6p45k9ywwrp577ra4pvkhxvb5p7v90c2fi";
};
patches = [
passthru.respect_xml_catalog_files_var_patch
+ # https://gitlab.gnome.org/GNOME/gtk-doc/issues/84
+ ./0001-highlight-fix-permission-on-file-style.patch
];
outputDevdoc = "out";
- nativeBuildInputs = [ autoreconfHook ];
- buildInputs =
- [ pkgconfig perl python3 libxml2Python libxslt docbook_xml_dtd_43 docbook_xsl
- gnome-doc-utils gettext which itstool
- ] ++ stdenv.lib.optional withDblatex dblatex;
+ nativeBuildInputs = [
+ gettext
+ meson
+ ninja
+ ];
- configureFlags = [ "--disable-scrollkeeper" ];
+ buildInputs = [
+ docbook_xml_dtd_43
+ docbook_xsl
+ libxslt
+ pkgconfig
+ python3
+ libxml2Python
+ ]
+ ++ stdenv.lib.optional withDblatex dblatex
+ ;
+
+ mesonFlags = [
+ "-Dtests=false"
+ "-Dyelp_manual=false"
+ ];
# Make pygments available for binaries, python.withPackages creates a wrapper
# but scripts are not allowed in shebangs so we link it into sys.path.
diff --git a/pkgs/os-specific/linux/busybox/default.nix b/pkgs/os-specific/linux/busybox/default.nix
index a0f0a4c47e3..7270877c52e 100644
--- a/pkgs/os-specific/linux/busybox/default.nix
+++ b/pkgs/os-specific/linux/busybox/default.nix
@@ -94,7 +94,7 @@ stdenv.mkDerivation rec {
depsBuildBuild = [ buildPackages.stdenv.cc ];
- buildInputs = lib.optionals (enableStatic && !useMusl) [ stdenv.cc.libc stdenv.cc.libc.static ];
+ buildInputs = lib.optionals (enableStatic && !useMusl && stdenv.cc.libc ? static) [ stdenv.cc.libc stdenv.cc.libc.static ];
enableParallelBuilding = true;
diff --git a/pkgs/os-specific/linux/iptables/default.nix b/pkgs/os-specific/linux/iptables/default.nix
index ff6ce3b4889..b2fee6184e2 100644
--- a/pkgs/os-specific/linux/iptables/default.nix
+++ b/pkgs/os-specific/linux/iptables/default.nix
@@ -2,42 +2,14 @@
, libnetfilter_conntrack, libnftnl, libmnl, libpcap }:
stdenv.mkDerivation rec {
- name = "iptables-${version}";
- version = "1.8.2";
+ pname = "iptables";
+ version = "1.8.3";
src = fetchurl {
- url = "https://www.netfilter.org/projects/iptables/files/${name}.tar.bz2";
- sha256 = "1bqj9hf3szy9r0w14iy23w00ir8448nfhpcprbwmcchsxm88nxx3";
+ url = "https://www.netfilter.org/projects/${pname}/files/${pname}-${version}.tar.bz2";
+ sha256 = "106xkkg5crsscjlinxvqvprva23fwwqfgrzl8m2nn841841sqg52";
};
- patches = [
- # Adds missing bits to extensions' libipt_icmp.c and libip6t_icmp6.c that were causing build to fail
- (fetchpatch {
- url = "https://git.netfilter.org/iptables/patch/?id=907e429d7548157016cd51aba4adc5d0c7d9f816";
- sha256 = "0vc7ljcglz5152lc3jx4p44vjfi6ipvxdrgkdb5dmkhlb5v93i2h";
- })
- # Build with musl libc fails because of conflicting struct ethhdr definitions
- (fetchpatch {
- url = "https://git.netfilter.org/iptables/patch/?id=51d374ba41ae4f1bb851228c06b030b83dd2092f";
- sha256 = "05fwrq03f9sm0v2bfwshbrg7pi2p978w1460arnmpay3135gj266";
- })
- # Extensions: libip6t_mh: fix bogus translation error
- (fetchpatch {
- url = "https://git.netfilter.org/iptables/patch/?id=5839d7fe62ff667af7132fc7d589b386951f27b3";
- sha256 = "0578jn1ip710z9kijwg9g2vjq2kfrbafl03m1rgi4fasz215gvkf";
- })
- # Prevent headers collisions between linux and netfilter (in.h and in6.h)
- # Fixed upstream with two commits
- (fetchpatch {
- url = "https://git.netfilter.org/iptables/patch/?id=8d9d7e4b9ef4c6e6abab2cf35c747d7ca36824bd";
- sha256 = "0q3wcspiqym1r6dg1jhg7h8hpvsjzx1k7cs39z36mzlbmj9lm0zb";
- })
- (fetchpatch {
- url = "https://git.netfilter.org/iptables/patch/?id=2908eda10bf9fc81119d4f3ad672c67918ab5955";
- sha256 = "1dci4c8b7gcdrf77l2aicrcwlbp320xjz76fhavams0b4kgs6yr3";
- })
- ];
-
nativeBuildInputs = [ bison flex pkgconfig pruneLibtoolFiles ];
buildInputs = [ libnetfilter_conntrack libnftnl libmnl libpcap ];
diff --git a/pkgs/os-specific/linux/multipath-tools/default.nix b/pkgs/os-specific/linux/multipath-tools/default.nix
index 14996fd76be..0e90a081476 100644
--- a/pkgs/os-specific/linux/multipath-tools/default.nix
+++ b/pkgs/os-specific/linux/multipath-tools/default.nix
@@ -1,16 +1,17 @@
-{ stdenv, fetchurl, lvm2, libaio, gzip, readline, systemd, liburcu }:
+{ stdenv, fetchurl, pkgconfig, perl, lvm2, libaio, gzip, readline, systemd, liburcu, json_c }:
stdenv.mkDerivation rec {
name = "multipath-tools-${version}";
- version = "0.6.2";
+ version = "0.8.1";
src = fetchurl {
name = "${name}.tar.gz";
- url = "https://git.opensvc.com/?p=multipath-tools/.git;a=snapshot;h=${version};sf=tgz";
- sha256 = "159hxvbk9kh1qay9x04w0gsqzg0hkl5yghfc1wi9kv2n5pcwbkpm";
+ url = "https://git.opensvc.com/gitweb.cgi?p=multipath-tools/.git;a=snapshot;h=refs/tags/${version};sf=tgz";
+ sha256 = "0669zl4dpai63dl04lf8vpwnpsff6qf19fifxfc4frawnh699k95";
};
postPatch = ''
+ substituteInPlace libmultipath/Makefile --replace /usr/include/libdevmapper.h ${lvm2}/include/libdevmapper.h
sed -i -re '
s,^( *#define +DEFAULT_MULTIPATHDIR\>).*,\1 "'"$out/lib/multipath"'",
' libmultipath/defaults.h
@@ -20,8 +21,8 @@ stdenv.mkDerivation rec {
Makefile.inc
'';
- nativeBuildInputs = [ gzip ];
- buildInputs = [ systemd lvm2 libaio readline liburcu ];
+ nativeBuildInputs = [ gzip pkgconfig perl ];
+ buildInputs = [ systemd lvm2 libaio readline liburcu json_c ];
makeFlags = [
"LIB=lib"
diff --git a/pkgs/os-specific/linux/systemd/default.nix b/pkgs/os-specific/linux/systemd/default.nix
index 84890b56916..8aa518ed1d0 100644
--- a/pkgs/os-specific/linux/systemd/default.nix
+++ b/pkgs/os-specific/linux/systemd/default.nix
@@ -9,16 +9,14 @@
, patchelf
, getent
, buildPackages
+, perl
, withSelinux ? false, libselinux
, withLibseccomp ? lib.any (lib.meta.platformMatch stdenv.hostPlatform) libseccomp.meta.platforms, libseccomp
, withKexectools ? lib.any (lib.meta.platformMatch stdenv.hostPlatform) kexectools.meta.platforms, kexectools
}:
-let
- pythonLxmlEnv = buildPackages.python3Packages.python.withPackages ( ps: with ps; [ python3Packages.lxml ]);
-
-in stdenv.mkDerivation rec {
- version = "239.20190219";
+stdenv.mkDerivation rec {
+ version = "242";
name = "systemd-${version}";
# When updating, use https://github.com/systemd/systemd-stable tree, not the development one!
@@ -27,27 +25,9 @@ in stdenv.mkDerivation rec {
owner = "NixOS";
repo = "systemd";
rev = "nixos-v${version}";
- sha256 = "0aczg25ih2gfjq810x8rw6rnpr6sw1lz6z0lvlyw2qphyih68b4x";
+ sha256 = "0ldyhfxdy4qlgygvpc92wp0qp6p1c9y3rnm77zwbkga48x60d9i8";
};
- prePatch = let
- # Upstream's maintenance branches are still too intrusive:
- # https://github.com/systemd/systemd-stable/tree/v239-stable
- patches-deb = fetchurl {
- # This URL should point to a stable location that does not easily
- # disappear. In the past we were using `mirror://debian` but that
- # eventually causes the files to disappear. While that was a good sign
- # for us to update our patch collection it does break reproducibility.
- name = "systemd-debian-patches.tar.xz";
- url = http://snapshot.debian.org/archive/debian/20190301T035241Z/pool/main/s/systemd/systemd_239-12%7Ebpo9%2B1.debian.tar.xz;
- sha256 = "0v9f62gyfiw5icdrdlcvjcipsqrsm49w6n8bqp9nb8s2ih6rsfhg";
- };
- # Note that we skip debian-specific patches, i.e. ./debian/patches/debian/*
- in ''
- tar xf ${patches-deb}
- patches="$patches $(cat debian/patches/series | grep -v '^debian/' | sed 's|^|debian/patches/|')"
- '';
-
outputs = [ "out" "lib" "man" "dev" ];
nativeBuildInputs =
@@ -56,6 +36,9 @@ in stdenv.mkDerivation rec {
coreutils # meson calls date, stat etc.
glibcLocales
patchelf getent m4
+ perl # to patch the libsystemd.so and remove dependencies on aarch64
+
+ (buildPackages.python3Packages.python.withPackages ( ps: with ps; [ python3Packages.lxml ]))
];
buildInputs =
[ linuxHeaders libcap kmod xz pam acl
@@ -65,17 +48,24 @@ in stdenv.mkDerivation rec {
stdenv.lib.optional withLibseccomp libseccomp ++
[ libffi audit lz4 bzip2 libapparmor
iptables gnu-efi
- # This is actually native, but we already pull it from buildPackages
- pythonLxmlEnv
] ++ stdenv.lib.optional withSelinux libselinux;
#dontAddPrefix = true;
mesonFlags = [
+ "-Ddbuspolicydir=${placeholder "out"}/etc/dbus-1/system.d"
+ "-Ddbussessionservicedir=${placeholder "out"}/share/dbus-1/services"
+ "-Ddbussystemservicedir=${placeholder "out"}/share/dbus-1/system-services"
+ "-Dpamconfdir=${placeholder "out"}/etc/pam.d"
+ "-Drootprefix=${placeholder "out"}"
+ "-Drootlibdir=${placeholder "lib"}/lib"
+ "-Dpkgconfiglibdir=${placeholder "dev"}/lib/pkgconfig"
+ "-Dpkgconfigdatadir=${placeholder "dev"}/share/pkgconfig"
"-Dloadkeys-path=${kbd}/bin/loadkeys"
"-Dsetfont-path=${kbd}/bin/setfont"
"-Dtty-gid=3" # tty in NixOS has gid 3
- # "-Dtests=" # TODO
+ # while we do not run tests we should also not build them. Removes about 600 targets
+ "-Dtests=false"
"-Dlz4=true"
"-Dhostnamed=true"
"-Dnetworkd=true"
@@ -92,6 +82,7 @@ in stdenv.mkDerivation rec {
"-Dquotacheck=false"
"-Dldconfig=false"
"-Dsmack=true"
+ "-Db_pie=true"
"-Dsystem-uid-max=499" #TODO: debug why awking around in /etc/login.defs doesn't work
"-Dsystem-gid-max=499"
# "-Dtime-epoch=1"
@@ -113,19 +104,10 @@ in stdenv.mkDerivation rec {
preConfigure = ''
mesonFlagsArray+=(-Dntp-servers="0.nixos.pool.ntp.org 1.nixos.pool.ntp.org 2.nixos.pool.ntp.org 3.nixos.pool.ntp.org")
- mesonFlagsArray+=(-Ddbuspolicydir=$out/etc/dbus-1/system.d)
- mesonFlagsArray+=(-Ddbussessionservicedir=$out/share/dbus-1/services)
- mesonFlagsArray+=(-Ddbussystemservicedir=$out/share/dbus-1/system-services)
- mesonFlagsArray+=(-Dpamconfdir=$out/etc/pam.d)
- mesonFlagsArray+=(-Drootprefix=$out)
- mesonFlagsArray+=(-Drootlibdir=$lib/lib)
- mesonFlagsArray+=(-Dpkgconfiglibdir=$dev/lib/pkgconfig)
- mesonFlagsArray+=(-Dpkgconfigdatadir=$dev/share/pkgconfig)
-
export LC_ALL="en_US.UTF-8";
# FIXME: patch this in systemd properly (and send upstream).
# already fixed in f00929ad622c978f8ad83590a15a765b4beecac9: (u)mount
- for i in src/remount-fs/remount-fs.c src/core/mount.c src/core/swap.c src/fsck/fsck.c units/emergency.service.in units/rescue.service.in src/journal/cat.c src/core/shutdown.c src/nspawn/nspawn.c src/shared/generator.c; do
+ for i in src/remount-fs/remount-fs.c src/core/mount.c src/core/swap.c src/fsck/fsck.c units/emergency.service.in units/rescue.service.in src/journal/cat.c src/shutdown/shutdown.c src/nspawn/nspawn.c src/shared/generator.c; do
test -e $i
substituteInPlace $i \
--replace /usr/bin/getent ${getent}/bin/getent \
@@ -139,14 +121,8 @@ in stdenv.mkDerivation rec {
--replace /bin/plymouth /run/current-system/sw/bin/plymouth # To avoid dependency
done
- for i in tools/xml_helper.py tools/make-directive-index.py tools/make-man-index.py test/sys-script.py; do
- substituteInPlace $i \
- --replace "#!/usr/bin/env python" "#!${pythonLxmlEnv}/bin/python"
- done
-
- for i in src/basic/generate-gperfs.py src/resolve/generate-dns_type-gperf.py src/test/generate-sym-test.py ; do
- substituteInPlace $i \
- --replace "#!/usr/bin/env python" "#!${buildPackages.python3Packages.python}/bin/python"
+ for dir in tools src/resolve test src/test; do
+ patchShebangs $dir
done
substituteInPlace src/journal/catalog.c \
@@ -207,13 +183,37 @@ in stdenv.mkDerivation rec {
enableParallelBuilding = true;
+ # On aarch64 we "leak" a reference to $out/lib/systemd/catalog in the lib
+ # output. The result of that is a dependency cycle between $out and $lib.
+ # Thus nix (rightfully) marks the build as failed. That reference originates
+ # from an array of strings (catalog_file_dirs) in systemd
+ # (src/src/journal/catalog.{c,h}). The only consumer (as of v242) of the
+ # symbol is the main function of journalctl. Still libsystemd.so contains
+ # the VALUE but not the symbol. Systemd seems to be properly using function
+ # & data sections together with the linker flags to garbage collect unused
+ # sections (-Wl,--gc-sections). For unknown reasons those flags do not
+ # eliminate the unused string constants, in this case on aarch64-linux. The
+ # hacky way is to just remove the reference after we finished compiling.
+ # Since it can not be used (there is no symbol to actually refer to it) there
+ # should not be any harm. It is a bit odd and I really do not like starting
+ # these kind of hacks but there doesn't seem to be a straight forward way at
+ # this point in time.
+ # The reference will be replaced by the same reference the usual nukeRefs
+ # tooling uses. The standard tooling can not / should not be uesd since it
+ # is a bit too excessive and could potentially do us some (more) harm.
+ postFixup = ''
+ nukedRef=$(echo $out | sed -e "s,$NIX_STORE/[^-]*-\(.*\),$NIX_STORE/eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee-\1,")
+ cat $lib/lib/libsystemd.so | perl -pe "s|$out/lib/systemd/catalog|$nukedRef/lib/systemd/catalog|" > $lib/lib/libsystemd.so.tmp
+ mv $lib/lib/libsystemd.so.tmp $(readlink -f $lib/lib/libsystemd.so)
+ '';
+
# The interface version prevents NixOS from switching to an
# incompatible systemd at runtime. (Switching across reboots is
# fine, of course.) It should be increased whenever systemd changes
# in a backwards-incompatible way. If the interface version of two
# systemd builds is the same, then we can switch between them at
# runtime; otherwise we can't and we need to reboot.
- passthru.interfaceVersion = 2;
+ passthru.interfaceVersion = 3;
meta = with stdenv.lib; {
homepage = http://www.freedesktop.org/wiki/Software/systemd;
diff --git a/pkgs/servers/pulseaudio/default.nix b/pkgs/servers/pulseaudio/default.nix
index 06693303ff9..13b5d4c3c9f 100644
--- a/pkgs/servers/pulseaudio/default.nix
+++ b/pkgs/servers/pulseaudio/default.nix
@@ -59,7 +59,21 @@ stdenv.mkDerivation rec {
++ lib.optionals bluetoothSupport [ bluez5 sbc ]
++ lib.optional remoteControlSupport lirc
++ lib.optional zeroconfSupport avahi
- );
+ );
+
+ patches = [
+ # The following two patches fix alsalib headers move, remove after the next release
+ (fetchpatch {
+ name = "alsa-asoundlib-include.patch";
+ url = "https://gitlab.freedesktop.org/pulseaudio/pulseaudio/commit/993d3fd89e5611997f1e165bf03edefb0204b0a4.patch";
+ sha256 = "17icnf8026947j1dqw4k16f91vy6zyg7q41zv2j6pxh9fncb1s71";
+ })
+ (fetchpatch {
+ name = "alsa-use-case-include.patch";
+ url = "https://gitlab.freedesktop.org/pulseaudio/pulseaudio/commit/b89d33bb182c42db5ad3987b0e91b7bf62f421e8.patch";
+ sha256 = "0jccpc0dgkb0v4xrkyca2pm2k4i6pvahs9bq4hbg34173p23g5nb";
+ })
+ ];
preConfigure = ''
# Performs and autoreconf
@@ -117,19 +131,6 @@ stdenv.mkDerivation rec {
--prefix GIO_EXTRA_MODULES : "${lib.getLib gnome3.dconf}/lib/gio/modules"
'';
- patches = [
- (fetchpatch {
- name = "alsa-asoundlib-include.patch";
- url = "https://gitlab.freedesktop.org/pulseaudio/pulseaudio/commit/993d3fd89e5611997f1e165bf03edefb0204b0a4.patch";
- sha256 = "17icnf8026947j1dqw4k16f91vy6zyg7q41zv2j6pxh9fncb1s71";
- })
- (fetchpatch {
- name = "alsa-use-case-include.patch";
- url = "https://gitlab.freedesktop.org/pulseaudio/pulseaudio/commit/b89d33bb182c42db5ad3987b0e91b7bf62f421e8.patch";
- sha256 = "0jccpc0dgkb0v4xrkyca2pm2k4i6pvahs9bq4hbg34173p23g5nb";
- })
- ];
-
meta = {
description = "Sound server for POSIX and Win32 systems";
homepage = http://www.pulseaudio.org/;
diff --git a/pkgs/servers/sql/postgresql/default.nix b/pkgs/servers/sql/postgresql/default.nix
index d46f0cc6317..701670187b6 100644
--- a/pkgs/servers/sql/postgresql/default.nix
+++ b/pkgs/servers/sql/postgresql/default.nix
@@ -38,7 +38,7 @@ let
enableParallelBuilding = !stdenv.isDarwin;
- makeFlags = [ "world" ];
+ buildFlags = [ "world" ];
NIX_CFLAGS_COMPILE = [ "-I${libxml2.dev}/include/libxml2" ];
@@ -60,6 +60,7 @@ let
(if atLeast "9.6" then ./patches/less-is-more-96.patch else ./patches/less-is-more.patch)
(if atLeast "9.6" then ./patches/hardcode-pgxs-path-96.patch else ./patches/hardcode-pgxs-path.patch)
./patches/specify_pkglibdir_at_runtime.patch
+ ./patches/findstring.patch
] ++ lib.optional stdenv.isLinux ./patches/socketdir-in-run.patch;
installTargets = [ "install-world" ];
diff --git a/pkgs/servers/sql/postgresql/patches/findstring.patch b/pkgs/servers/sql/postgresql/patches/findstring.patch
new file mode 100644
index 00000000000..959bf6a6caa
--- /dev/null
+++ b/pkgs/servers/sql/postgresql/patches/findstring.patch
@@ -0,0 +1,59 @@
+From: Matthew Bauer
+Date: Wed, 29 May 2019 22:51:52 -0400
+Subject: [PATCH] Add /postgresql suffix for Nix outputs
+
+Nix outputs put the `name' in each store path like
+/nix/store/...-. This was confusing the Postgres make script
+because it thought its data directory already had postgresql in its
+directory. This lead to Postgres installing all of its fils in
+$out/share. To fix this, we just look for postgres or psql in the part
+after the / using make's notdir.
+
+---
+From: Matthew Bauer
+Date: Wed, 29 May 2019 22:51:52 -0400
+Subject: [PATCH] Add /postgresql suffix for Nix outputs
+
+Nix outputs put the `name' in each store path like
+/nix/store/...-. This was confusing the Postgres make script
+because it thought its data directory already had postgresql in its
+directory. This lead to Postgres installing all of its fils in
+$out/share. To fix this, we just look for postgres or psql in the part
+after the / using make's notdir.
+
+---
+diff --git a/src/Makefile.global.in b/src/Makefile.global.in
+index b9d86acaa9..bce05464c3 100644
+--- a/src/Makefile.global.in
++++ b/src/Makefile.global.in
+@@ -102,15 +102,15 @@ datarootdir := @datarootdir@
+ bindir := @bindir@
+
+ datadir := @datadir@
+-ifeq "$(findstring pgsql, $(datadir))" ""
+-ifeq "$(findstring postgres, $(datadir))" ""
++ifeq "$(findstring pgsql, $(notdir $(datadir)))" ""
++ifeq "$(findstring postgres, $(notdir $(datadir)))" ""
+ override datadir := $(datadir)/postgresql
+ endif
+ endif
+
+ sysconfdir := @sysconfdir@
+-ifeq "$(findstring pgsql, $(sysconfdir))" ""
+-ifeq "$(findstring postgres, $(sysconfdir))" ""
++ifeq "$(findstring pgsql, $(notdir $(sysconfdir)))" ""
++ifeq "$(findstring postgres, $(notdir $(sysconfdir)))" ""
+ override sysconfdir := $(sysconfdir)/postgresql
+ endif
+ endif
+@@ -136,8 +136,8 @@ endif
+ mandir := @mandir@
+
+ docdir := @docdir@
+-ifeq "$(findstring pgsql, $(docdir))" ""
+-ifeq "$(findstring postgres, $(docdir))" ""
++ifeq "$(findstring pgsql, $(notdir $(docdir)))" ""
++ifeq "$(findstring postgres, $(notdir $(docdir)))" ""
+ override docdir := $(docdir)/postgresql
+ endif
+ endif
diff --git a/pkgs/tools/filesystems/e2fsprogs/default.nix b/pkgs/tools/filesystems/e2fsprogs/default.nix
index c06b5eeff4b..babb3d844fe 100644
--- a/pkgs/tools/filesystems/e2fsprogs/default.nix
+++ b/pkgs/tools/filesystems/e2fsprogs/default.nix
@@ -2,11 +2,11 @@
stdenv.mkDerivation rec {
pname = "e2fsprogs";
- version = "1.45.1";
+ version = "1.45.2";
src = fetchurl {
url = "mirror://sourceforge/${pname}/${pname}-${version}.tar.gz";
- sha256 = "0zi8jz28hs66vhjvrfxmkmr1via19aygcbzpnw3lp0crhizaasgf";
+ sha256 = "1bhqljgcngys1diaxh7rnxc85d1jsril8xd7bach9imdjwr1wlm8";
};
outputs = [ "bin" "dev" "out" "man" "info" ];
diff --git a/pkgs/tools/networking/mosh/default.nix b/pkgs/tools/networking/mosh/default.nix
index 9f81e0d5721..98d2625aade 100644
--- a/pkgs/tools/networking/mosh/default.nix
+++ b/pkgs/tools/networking/mosh/default.nix
@@ -1,4 +1,4 @@
-{ lib, stdenv, fetchurl, zlib, protobuf, ncurses, pkgconfig
+{ lib, stdenv, fetchurl, fetchpatch, zlib, protobuf, ncurses, pkgconfig
, makeWrapper, perlPackages, openssl, autoreconfHook, openssh, bash-completion
, libutempter ? null, withUtempter ? stdenv.isLinux }:
@@ -15,7 +15,15 @@ stdenv.mkDerivation rec {
++ (with perlPackages; [ perl IOTty ])
++ lib.optional withUtempter libutempter;
- patches = [ ./ssh_path.patch ./utempter_path.patch ];
+ patches = [
+ ./ssh_path.patch
+ ./utempter_path.patch
+ # Fix w/c++17, ::bind vs std::bind
+ (fetchpatch {
+ url = "https://github.com/mobile-shell/mosh/commit/e5f8a826ef9ff5da4cfce3bb8151f9526ec19db0.patch";
+ sha256 = "15518rb0r5w1zn4s6981bf1sz6ins6gpn2saizfzhmr13hw4gmhm";
+ })
+ ];
postPatch = ''
substituteInPlace scripts/mosh.pl \
--subst-var-by ssh "${openssh}/bin/ssh"
diff --git a/pkgs/tools/security/gnupg/22.nix b/pkgs/tools/security/gnupg/22.nix
index fbb370027d7..b360992c6be 100644
--- a/pkgs/tools/security/gnupg/22.nix
+++ b/pkgs/tools/security/gnupg/22.nix
@@ -16,11 +16,11 @@ assert guiSupport -> pinentry != null;
stdenv.mkDerivation rec {
name = "gnupg-${version}";
- version = "2.2.15";
+ version = "2.2.16";
src = fetchurl {
url = "mirror://gnupg/gnupg/${name}.tar.bz2";
- sha256 = "0m6lyphbb20i84isdxzfhcbzyc682hdrdv4aqkzmhrdksycf536b";
+ sha256 = "1jqlzp9b3kpfp1dkjqskm67jjrhvf9nh3lzf45321p7m9d2qvgkc";
};
depsBuildBuild = [ buildPackages.stdenv.cc ];
diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
index 889684d3fa9..a7d5f3b0b8d 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -4643,9 +4643,7 @@ in
docbook-xsl = docbook_xsl;
};
- mosh = callPackage ../tools/networking/mosh {
- stdenv = if stdenv.cc.isClang then llvmPackages_6.stdenv else stdenv;
- };
+ mosh = callPackage ../tools/networking/mosh { };
motuclient = callPackage ../applications/science/misc/motu-client { };
diff --git a/pkgs/top-level/python-packages.nix b/pkgs/top-level/python-packages.nix
index 828cf517d5c..61801eee158 100644
--- a/pkgs/top-level/python-packages.nix
+++ b/pkgs/top-level/python-packages.nix
@@ -1028,7 +1028,7 @@ in {
aiohttp = callPackage ../development/python-modules/aiohttp { };
- aiohttp-cors = callPackage ../development/python-modules/aiohttp/cors.nix { };
+ aiohttp-cors = callPackage ../development/python-modules/aiohttp-cors { };
aiohttp-jinja2 = callPackage ../development/python-modules/aiohttp-jinja2 { };
diff --git a/pkgs/top-level/release-cross.nix b/pkgs/top-level/release-cross.nix
index 339973f0574..bc822b466c9 100644
--- a/pkgs/top-level/release-cross.nix
+++ b/pkgs/top-level/release-cross.nix
@@ -107,7 +107,6 @@ in
mapTestEqual = lib.mapAttrsRecursive testEqual;
in mapTestEqual {
- androidndk = nativePlatforms;
boehmgc = nativePlatforms;
libffi = nativePlatforms;
libiconv = nativePlatforms;