diff --git a/nixos/doc/manual/release-notes/rl-1909.xml b/nixos/doc/manual/release-notes/rl-1909.xml index 51a894269d9..b92cefa441d 100644 --- a/nixos/doc/manual/release-notes/rl-1909.xml +++ b/nixos/doc/manual/release-notes/rl-1909.xml @@ -137,6 +137,40 @@ + + The option + was renamed to + (capital L). This follows + + upstreams renaming + of the setting. + + + + + As of this release the NixOps feature autoLuks is deprecated. It no longer works + with our systemd version without manual intervention. + + + Whenever the usage of the module is detected the evaluation will fail with a message + explaining why and how to deal with the situation. + + + A new knob named nixops.enableDeprecatedAutoLuks + has been introduced to disable the eval failure and to acknowledge the notice was received and read. + If you plan on using the feature please note that it might break with subsequent updates. + + + Make sure you set the _netdev option for each of the file systems referring to block + devices provided by the autoLuks module. Not doing this might render the system in a + state where it doesn't boot anymore. + + + If you are actively using the autoLuks module please let us know in + issue #62211. + + + The setopt declarations will be evaluated at the end of /etc/zshrc, so any code in , and may break if it relies on those options being set. @@ -211,6 +245,20 @@ RuntimeDirectory and tmpfiles. + + + With the upgrade to systemd version 242 the systemd-timesyncd + service is no longer using DynamicUser=yes. In order for the + upgrade to work we rely on an activation script to move the state from the old + to the new directory. The older directory (prior 19.09) was + /var/lib/private/systemd/timesync. + + + As long as the system.config.stateVersion is below + 19.09 the state folder will migrated to its proper location + (/var/lib/systemd/timesync), if required. + + Since version 0.1.19, cargo-vendor honors package @@ -221,7 +269,6 @@ vendored files for most Rust packages, the hash that use used to verify the dependencies, cargoSha256, also changes. - The cargoSha256 hashes of all in-tree derivations that use buildRustPackage have been updated to reflect this diff --git a/nixos/modules/misc/nixops-autoluks.nix b/nixos/modules/misc/nixops-autoluks.nix new file mode 100644 index 00000000000..2153c6f975a --- /dev/null +++ b/nixos/modules/misc/nixops-autoluks.nix @@ -0,0 +1,44 @@ +{ config, options, lib, ... }: +let + path = [ "deployment" "autoLuks" ]; + hasAutoLuksOption = lib.hasAttrByPath path options; + hasAutoLuksConfig = lib.hasAttrByPath path config && (lib.attrByPath path {} config) != {}; + + inherit (config.nixops) enableDeprecatedAutoLuks; +in { + options.nixops.enableDeprecatedAutoLuks = lib.mkEnableOption "Enable the deprecated NixOps AutoLuks module"; + + config = { + assertions = [ + { + assertion = if hasAutoLuksConfig then hasAutoLuksConfig && enableDeprecatedAutoLuks else true; + message = '' + ⚠️ !!! WARNING !!! ⚠️ + + NixOps autoLuks is deprecated. The feature was never widely used and the maintenance did outgrow the benefit. + If you still want to use the module: + a) Please raise your voice in the issue tracking usage of the module: + https://github.com/NixOS/nixpkgs/issues/62211 + b) make sure you set the `_netdev` option for each of the file + systems referring to block devices provided by the autoLuks module. + + ⚠️ If you do not set the option your system will not boot anymore! ⚠️ + + { + fileSystems."/secret" = { options = [ "_netdev" ]; }; + } + + b) set the option >nixops.enableDeprecatedAutoLuks = true< to remove this error. + + + For more details read through the following resources: + - https://github.com/NixOS/nixops/pull/1156 + - https://github.com/NixOS/nixpkgs/issues/47550 + - https://github.com/NixOS/nixpkgs/issues/62211 + - https://github.com/NixOS/nixpkgs/pull/61321 + ''; + } + ]; + }; + +} diff --git a/nixos/modules/misc/version.nix b/nixos/modules/misc/version.nix index c576cf4cb92..c9b374b6d7b 100644 --- a/nixos/modules/misc/version.nix +++ b/nixos/modules/misc/version.nix @@ -95,6 +95,7 @@ in PRETTY_NAME="NixOS ${cfg.version} (${cfg.codeName})" LOGO="nix-snowflake" HOME_URL="https://nixos.org/" + DOCUMENTATION_URL="https://nixos.org/nixos/manual/index.html" SUPPORT_URL="https://nixos.org/nixos/support.html" BUG_REPORT_URL="https://github.com/NixOS/nixpkgs/issues" ''; diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index bb2c0a8f180..bb33d8e6d95 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -84,6 +84,7 @@ ./misc/nixpkgs.nix ./misc/passthru.nix ./misc/version.nix + ./misc/nixops-autoluks.nix ./programs/adb.nix ./programs/atop.nix ./programs/autojump.nix diff --git a/nixos/modules/services/hardware/80-net-setup-link.rules b/nixos/modules/services/hardware/80-net-setup-link.rules deleted file mode 100644 index 18547f170a3..00000000000 --- a/nixos/modules/services/hardware/80-net-setup-link.rules +++ /dev/null @@ -1,13 +0,0 @@ -# Copied from systemd 203. -ACTION=="remove", GOTO="net_name_slot_end" -SUBSYSTEM!="net", GOTO="net_name_slot_end" -NAME!="", GOTO="net_name_slot_end" - -IMPORT{cmdline}="net.ifnames" -ENV{net.ifnames}=="0", GOTO="net_name_slot_end" - -NAME=="", ENV{ID_NET_NAME_ONBOARD}!="", NAME="$env{ID_NET_NAME_ONBOARD}" -NAME=="", ENV{ID_NET_NAME_SLOT}!="", NAME="$env{ID_NET_NAME_SLOT}" -NAME=="", ENV{ID_NET_NAME_PATH}!="", NAME="$env{ID_NET_NAME_PATH}" - -LABEL="net_name_slot_end" diff --git a/nixos/modules/services/hardware/udev.nix b/nixos/modules/services/hardware/udev.nix index 0266286aaac..cb2f1e6621a 100644 --- a/nixos/modules/services/hardware/udev.nix +++ b/nixos/modules/services/hardware/udev.nix @@ -116,10 +116,6 @@ let exit 1 fi - ${optionalString config.networking.usePredictableInterfaceNames '' - cp ${./80-net-setup-link.rules} $out/80-net-setup-link.rules - ''} - # If auto-configuration is disabled, then remove # udev's 80-drivers.rules file, which contains rules for # automatically calling modprobe. @@ -282,6 +278,8 @@ in services.udev.path = [ pkgs.coreutils pkgs.gnused pkgs.gnugrep pkgs.utillinux udev ]; + boot.kernelParams = mkIf (!config.networking.usePredictableInterfaceNames) [ "net.ifnames=0" ]; + environment.etc = [ { source = udevRules; target = "udev/rules.d"; diff --git a/nixos/modules/system/boot/networkd.nix b/nixos/modules/system/boot/networkd.nix index 882db9130ea..f1aa9064bef 100644 --- a/nixos/modules/system/boot/networkd.nix +++ b/nixos/modules/system/boot/networkd.nix @@ -203,7 +203,7 @@ let checkRoute = checkUnitConfig "Route" [ (assertOnlyFields [ - "Gateway" "GatewayOnlink" "Destination" "Source" "Metric" + "Gateway" "GatewayOnLink" "Destination" "Source" "Metric" "IPv6Preference" "Scope" "PreferredSource" "Table" "Protocol" "Type" "InitialCongestionWindow" "InitialAdvertisedReceiveWindow" "QuickAck" "MTUBytes" diff --git a/nixos/modules/system/boot/systemd.nix b/nixos/modules/system/boot/systemd.nix index 933dea1c6b8..cf35504e518 100644 --- a/nixos/modules/system/boot/systemd.nix +++ b/nixos/modules/system/boot/systemd.nix @@ -943,7 +943,6 @@ in # Don't bother with certain units in containers. systemd.services.systemd-remount-fs.unitConfig.ConditionVirtualization = "!container"; systemd.services.systemd-random-seed.unitConfig.ConditionVirtualization = "!container"; - }; # FIXME: Remove these eventually. @@ -952,5 +951,4 @@ in (mkRenamedOptionModule [ "boot" "systemd" "targets" ] [ "systemd" "targets" ]) (mkRenamedOptionModule [ "boot" "systemd" "services" ] [ "systemd" "services" ]) ]; - } diff --git a/nixos/modules/system/boot/timesyncd.nix b/nixos/modules/system/boot/timesyncd.nix index 8d8bfe5900a..8282cdd6f3a 100644 --- a/nixos/modules/system/boot/timesyncd.nix +++ b/nixos/modules/system/boot/timesyncd.nix @@ -40,6 +40,15 @@ with lib; users.users.systemd-timesync.uid = config.ids.uids.systemd-timesync; users.groups.systemd-timesync.gid = config.ids.gids.systemd-timesync; + system.activationScripts.systemd-timesyncd-migration = mkIf (versionOlder config.system.stateVersion "19.09") '' + # workaround an issue of systemd-timesyncd not starting due to upstream systemd reverting their dynamic users changes + # - https://github.com/NixOS/nixpkgs/pull/61321#issuecomment-492423742 + # - https://github.com/systemd/systemd/issues/12131 + if [ -L /var/lib/systemd/timesync ]; then + rm /var/lib/systemd/timesync + mv /var/lib/private/systemd/timesync /var/lib/systemd/timesync + fi + ''; }; } diff --git a/nixos/modules/tasks/network-interfaces-systemd.nix b/nixos/modules/tasks/network-interfaces-systemd.nix index 2318bdd1d58..857aaf1e6e3 100644 --- a/nixos/modules/tasks/network-interfaces-systemd.nix +++ b/nixos/modules/tasks/network-interfaces-systemd.nix @@ -12,7 +12,7 @@ let i.ipv4.addresses ++ optionals cfg.enableIPv6 i.ipv6.addresses; - dhcpStr = useDHCP: if useDHCP == true || useDHCP == null then "both" else "none"; + dhcpStr = useDHCP: if useDHCP == true || useDHCP == null then "both" else "no"; slaves = concatLists (map (bond: bond.interfaces) (attrValues cfg.bonds)) @@ -59,7 +59,14 @@ in in { DHCP = override (dhcpStr cfg.useDHCP); } // optionalAttrs (gateway != [ ]) { - gateway = override gateway; + routes = override [ + { + routeConfig = { + Gateway = gateway; + GatewayOnLink = false; + }; + } + ]; } // optionalAttrs (domains != [ ]) { domains = override domains; }; diff --git a/nixos/modules/testing/test-instrumentation.nix b/nixos/modules/testing/test-instrumentation.nix index ed4cfa7805e..1a11d9ce7c2 100644 --- a/nixos/modules/testing/test-instrumentation.nix +++ b/nixos/modules/testing/test-instrumentation.nix @@ -129,9 +129,6 @@ with import ../../lib/qemu-flags.nix { inherit pkgs; }; users.users.root.initialHashedPassword = mkOverride 150 ""; services.xserver.displayManager.job.logToJournal = true; - - # set default stateVersion to avoid warnings during eval - system.stateVersion = mkDefault "18.03"; }; } diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix index 912e4f55231..3872970343a 100644 --- a/nixos/tests/all-tests.nix +++ b/nixos/tests/all-tests.nix @@ -240,6 +240,7 @@ in syncthing-relay = handleTest ./syncthing-relay.nix {}; systemd = handleTest ./systemd.nix {}; systemd-confinement = handleTest ./systemd-confinement.nix {}; + systemd-timesyncd = handleTest ./systemd-timesyncd.nix {}; pdns-recursor = handleTest ./pdns-recursor.nix {}; taskserver = handleTest ./taskserver.nix {}; telegraf = handleTest ./telegraf.nix {}; diff --git a/nixos/tests/containers-imperative.nix b/nixos/tests/containers-imperative.nix index 0c101037aa7..2e7e4b2f1d6 100644 --- a/nixos/tests/containers-imperative.nix +++ b/nixos/tests/containers-imperative.nix @@ -35,7 +35,17 @@ import ./make-test.nix ({ pkgs, ...} : { ]; }; - testScript = + testScript = let + tmpfilesContainerConfig = pkgs.writeText "container-config-tmpfiles" '' + { + systemd.tmpfiles.rules = [ "d /foo - - - - -" ]; + systemd.services.foo = { + serviceConfig.Type = "oneshot"; + script = "ls -al /foo"; + wantedBy = [ "multi-user.target" ]; + }; + } + ''; in '' # Make sure we have a NixOS tree (required by ‘nixos-container create’). $machine->succeed("PAGER=cat nix-env -qa -A nixos.hello >&2"); @@ -93,6 +103,15 @@ import ./make-test.nix ({ pkgs, ...} : { $machine->succeed("nixos-container stop $id1"); $machine->succeed("nixos-container start $id1"); + # Ensure tmpfiles are present + $machine->log("creating container tmpfiles"); + $machine->succeed("nixos-container create tmpfiles --config-file ${tmpfilesContainerConfig}"); + $machine->log("created, starting…"); + $machine->succeed("nixos-container start tmpfiles"); + $machine->log("done starting, investigating…"); + $machine->succeed("echo \$(nixos-container run tmpfiles -- systemctl is-active foo.service) | grep -q active;"); + $machine->succeed("nixos-container destroy tmpfiles"); + # Execute commands via the root shell. $machine->succeed("nixos-container run $id1 -- uname") =~ /Linux/ or die; diff --git a/nixos/tests/radicale.nix b/nixos/tests/radicale.nix index bf22fc9291a..60796425564 100644 --- a/nixos/tests/radicale.nix +++ b/nixos/tests/radicale.nix @@ -85,7 +85,7 @@ in $radicale->succeed('mv /tmp/collections-new/collection-root /tmp/collections'); $radicale->succeed('${switchToConfig "radicale2_verify"} >&2'); $radicale->waitUntilFails('systemctl status radicale'); - my ($retcode, $logs) = $radicale->execute('journalctl -u radicale -n 5'); + my ($retcode, $logs) = $radicale->execute('journalctl -u radicale -n 10'); if ($retcode != 0 || index($logs, 'Verifying storage') == -1) { die "Radicale 2 didn't verify storage" } diff --git a/nixos/tests/systemd-timesyncd.nix b/nixos/tests/systemd-timesyncd.nix new file mode 100644 index 00000000000..d12b8eb2bf7 --- /dev/null +++ b/nixos/tests/systemd-timesyncd.nix @@ -0,0 +1,52 @@ +# Regression test for systemd-timesync having moved the state directory without +# upstream providing a migration path. https://github.com/systemd/systemd/issues/12131 + +import ./make-test.nix (let + common = { lib, ... }: { + # override the `false` value from the qemu-vm base profile + services.timesyncd.enable = lib.mkForce true; + }; + mkVM = conf: { imports = [ conf common ]; }; +in { + name = "systemd-timesyncd"; + nodes = { + current = mkVM {}; + pre1909 = mkVM ({lib, ... }: with lib; { + # create the path that should be migrated by our activation script when + # upgrading to a newer nixos version + system.stateVersion = "19.03"; + system.activationScripts.simulate-old-timesync-state-dir = mkBefore '' + rm -f /var/lib/systemd/timesync + mkdir -p /var/lib/systemd /var/lib/private/systemd/timesync + ln -s /var/lib/private/systemd/timesync /var/lib/systemd/timesync + chown systemd-timesync: /var/lib/private/systemd/timesync + ''; + }); + }; + + testScript = '' + startAll; + $current->succeed('systemctl status systemd-timesyncd.service'); + # on a new install with a recent systemd there should not be any + # leftovers from the dynamic user mess + $current->succeed('test -e /var/lib/systemd/timesync'); + $current->succeed('test ! -L /var/lib/systemd/timesync'); + + # timesyncd should be running on the upgrading system since we fixed the + # file bits in the activation script + $pre1909->succeed('systemctl status systemd-timesyncd.service'); + + # the path should be gone after the migration + $pre1909->succeed('test ! -e /var/lib/private/systemd/timesync'); + + # and the new path should no longer be a symlink + $pre1909->succeed('test -e /var/lib/systemd/timesync'); + $pre1909->succeed('test ! -L /var/lib/systemd/timesync'); + + # after a restart things should still work and not fail in the activation + # scripts and cause the boot to fail.. + $pre1909->shutdown; + $pre1909->start; + $pre1909->succeed('systemctl status systemd-timesyncd.service'); + ''; +}) diff --git a/pkgs/build-support/setup-hooks/patch-shebangs.sh b/pkgs/build-support/setup-hooks/patch-shebangs.sh index f4a865e9668..3e900d0704c 100644 --- a/pkgs/build-support/setup-hooks/patch-shebangs.sh +++ b/pkgs/build-support/setup-hooks/patch-shebangs.sh @@ -4,11 +4,14 @@ # /usr/bin/env gets special treatment so that ".../bin/env python" is # rewritten to /nix/store//bin/python. Interpreters that are # already in the store are left untouched. +# A script file must be marked as executable, otherwise it will not be +# considered. fixupOutputHooks+=(patchShebangsAuto) -# Run patch shebangs on a directory. -# patchShebangs [--build | --host] directory +# Run patch shebangs on a directory or file. +# Can take multiple paths as arguments. +# patchShebangs [--build | --host] PATH... # Flags: # --build : Lookup commands available at build-time @@ -29,9 +32,7 @@ patchShebangs() { shift fi - local dir="$1" - - header "patching script interpreter paths in $dir" + echo "patching script interpreter paths in $@" local f local oldPath local newPath @@ -40,7 +41,10 @@ patchShebangs() { local oldInterpreterLine local newInterpreterLine - [ -e "$dir" ] || return 0 + if [ $# -eq 0 ]; then + echo "No arguments supplied to patchShebangs" >0 + return 0 + fi local f while IFS= read -r -d $'\0' f; do @@ -62,7 +66,7 @@ patchShebangs() { # - options: something starting with a '-' # - environment variables: foo=bar if $(echo "$arg0" | grep -q -- "^-.*\|.*=.*"); then - echo "$f: unsupported interpreter directive \"$oldInterpreterLine\" (set dontPatchShebangs=1 and handle shebang patching yourself)" + echo "$f: unsupported interpreter directive \"$oldInterpreterLine\" (set dontPatchShebangs=1 and handle shebang patching yourself)" >0 exit 1 fi @@ -95,7 +99,7 @@ patchShebangs() { rm "$timestamp" fi fi - done < <(find "$dir" -type f -perm -0100 -print0) + done < <(find "$@" -type f -perm -0100 -print0) stopNest } diff --git a/pkgs/development/libraries/dbus/default.nix b/pkgs/development/libraries/dbus/default.nix index 6d85fe1233c..60d0cc81d2b 100644 --- a/pkgs/development/libraries/dbus/default.nix +++ b/pkgs/development/libraries/dbus/default.nix @@ -6,8 +6,8 @@ assert x11Support -> libX11 != null && libSM != null; let - version = "1.12.12"; - sha256 = "1y7mxhkw2shd9mi9s62k81lz8npjkrafapr4fyfms7hs04kg4ilm"; + version = "1.12.14"; + sha256 = "13aca7gzgl7z1dfdipfs23773w8n6z01d4rj5kmssv4gms8c5ya4"; self = stdenv.mkDerivation { name = "dbus-${version}"; diff --git a/pkgs/development/libraries/glib/default.nix b/pkgs/development/libraries/glib/default.nix index db4eee38b6e..a2c7bdc5bde 100644 --- a/pkgs/development/libraries/glib/default.nix +++ b/pkgs/development/libraries/glib/default.nix @@ -46,7 +46,7 @@ let ''; binPrograms = optional (!stdenv.isDarwin) "gapplication" ++ [ "gdbus" "gio" "gsettings" ]; - version = "2.60.2"; + version = "2.60.3"; in stdenv.mkDerivation rec { @@ -54,7 +54,7 @@ stdenv.mkDerivation rec { src = fetchurl { url = "mirror://gnome/sources/glib/${stdenv.lib.versions.majorMinor version}/${name}.tar.xz"; - sha256 = "1nc0iyday7866hq0hb78h7lxa44an998lzis8jhgvp8a0rsm9w9f"; + sha256 = "1fb0nx9fcmic8rsh0fbp79lqpasfjxljvnshbw2hsya51mb0vaq4"; }; patches = optional stdenv.isDarwin ./darwin-compilation.patch diff --git a/pkgs/development/libraries/harfbuzz/default.nix b/pkgs/development/libraries/harfbuzz/default.nix index 7c364c0fcdf..a405633c1b8 100644 --- a/pkgs/development/libraries/harfbuzz/default.nix +++ b/pkgs/development/libraries/harfbuzz/default.nix @@ -8,7 +8,7 @@ }: let - version = "2.3.1"; + version = "2.5.1"; inherit (stdenv.lib) optional optionals optionalString; in @@ -16,8 +16,8 @@ stdenv.mkDerivation { name = "harfbuzz${optionalString withIcu "-icu"}-${version}"; src = fetchurl { - url = "https://www.freedesktop.org/software/harfbuzz/release/harfbuzz-${version}.tar.bz2"; - sha256 = "0s74ramsbfa183rxkidqgfd2vbhrwicnrqzqsq440dwibffnj1gj"; + url = "https://www.freedesktop.org/software/harfbuzz/release/harfbuzz-${version}.tar.xz"; + sha256 = "17kiyq23g7bnjvyn2yg4gyr7i7qjam65n20whsrplpxxk9bk8j3d"; }; postPatch = '' diff --git a/pkgs/development/libraries/libevent/default.nix b/pkgs/development/libraries/libevent/default.nix index 39d2c29b012..2bc2bcb5b85 100644 --- a/pkgs/development/libraries/libevent/default.nix +++ b/pkgs/development/libraries/libevent/default.nix @@ -6,25 +6,13 @@ assert sslSupport -> openssl != null; stdenv.mkDerivation rec { name = "libevent-${version}"; - version = "2.1.8"; + version = "2.1.10"; src = fetchurl { url = "https://github.com/libevent/libevent/releases/download/release-${version}-stable/libevent-${version}-stable.tar.gz"; - sha256 = "1hhxnxlr0fsdv7bdmzsnhdz16fxf3jg2r6vyljcl3kj6pflcap4n"; + sha256 = "1c25928gdv495clxk2v1d4gkr5py7ack4gx2n7d13frnld0syr78"; }; - #NOTE: Patches to support libressl-2.7. These are taken from libevent upstream, and can both be dropped with the next release. - patches = [ - (fetchpatch { - url = "https://github.com/libevent/libevent/commit/22dd14945c25600de3cf8b91000c66703b551e4f.patch"; - sha256 = "0fzcb241cp9mm7j6baw22blcglbc083ryigzyjaij8r530av10kd"; - }) - (fetchpatch { - url = "https://github.com/libevent/libevent/commit/28b8075400c70b2d2da2ce07e590c2ec6d11783d.patch"; - sha256 = "0dkzlk44033xksg2iq5w90r3lnziwl1mgz291nzqq906zrya0sdb"; - }) - ]; - # libevent_openssl is moved into its own output, so that openssl isn't present # in the default closure. outputs = [ "out" "dev" ] diff --git a/pkgs/development/libraries/libical/default.nix b/pkgs/development/libraries/libical/default.nix index 8ca3dd72754..91653022052 100644 --- a/pkgs/development/libraries/libical/default.nix +++ b/pkgs/development/libraries/libical/default.nix @@ -5,7 +5,7 @@ stdenv.mkDerivation rec { name = "libical-${version}"; version = "3.0.4"; - outputs = [ "out" "dev" "devdoc" ]; + outputs = [ "out" "dev" ]; #"devdoc" ]; src = fetchFromGitHub { owner = "libical"; @@ -17,7 +17,8 @@ stdenv.mkDerivation rec { nativeBuildInputs = [ perl pkgconfig cmake ninja vala gobject-introspection (python3.withPackages (pkgs: with pkgs; [ pygobject3 ])) # running libical-glib tests - gtk-doc docbook_xsl docbook_xml_dtd_43 # docs +# Docs building fails: https://github.com/NixOS/nixpkgs/pull/61657#issuecomment-495579489 +# gtk-doc docbook_xsl docbook_xml_dtd_43 # docs ]; buildInputs = [ glib libxml2 icu ]; diff --git a/pkgs/development/libraries/libidn2/default.nix b/pkgs/development/libraries/libidn2/default.nix index c0fadfeb679..5ec5b8e04dd 100644 --- a/pkgs/development/libraries/libidn2/default.nix +++ b/pkgs/development/libraries/libidn2/default.nix @@ -4,11 +4,11 @@ with stdenv.lib; stdenv.mkDerivation rec { name = "libidn2-${version}"; - version = "2.1.1a"; + version = "2.2.0"; src = fetchurl { url = "mirror://gnu/gnu/libidn/${name}.tar.gz"; - sha256 = "0wlb0jrkccsdxlx90wx6ax5raqcm6y9c75dcgc6j6m6gdv7nnrjp"; + sha256 = "1zl1cc2xgxw31pdhvhr5ij36x4vvpy16jq667rspin06nlr4fwzw"; }; outputs = [ "bin" "dev" "out" "info" "devdoc" ]; diff --git a/pkgs/development/libraries/libnftnl/default.nix b/pkgs/development/libraries/libnftnl/default.nix index f94af349842..ad51ac8d6db 100644 --- a/pkgs/development/libraries/libnftnl/default.nix +++ b/pkgs/development/libraries/libnftnl/default.nix @@ -1,12 +1,12 @@ { stdenv, fetchurl, pkgconfig, libmnl }: stdenv.mkDerivation rec { - version = "1.1.2"; - name = "libnftnl-${version}"; + version = "1.1.3"; + pname = "libnftnl"; src = fetchurl { - url = "https://netfilter.org/projects/libnftnl/files/${name}.tar.bz2"; - sha256 = "0pffmsv41alsn5ac7mwnb9fh3qpwzqk13jrzn6c5i71wq6kbgix5"; + url = "https://netfilter.org/projects/${pname}/files/${pname}-${version}.tar.bz2"; + sha256 = "03xszkcpqk3s1rqc6vh7g5j13kh3d3yjnvjhk5scds3an39rgp92"; }; nativeBuildInputs = [ pkgconfig ]; diff --git a/pkgs/development/libraries/libpsl/default.nix b/pkgs/development/libraries/libpsl/default.nix index ac00920d054..7e2443d31e9 100644 --- a/pkgs/development/libraries/libpsl/default.nix +++ b/pkgs/development/libraries/libpsl/default.nix @@ -26,7 +26,7 @@ stdenv.mkDerivation rec { configureFlags = [ "--disable-static" - "--enable-gtk-doc" +# "--enable-gtk-doc" "--enable-man" "--enable-valgrind-tests" "--with-psl-distfile=${publicsuffix-list}/share/publicsuffix/public_suffix_list.dat" diff --git a/pkgs/development/libraries/librime/default.nix b/pkgs/development/libraries/librime/default.nix index b1e42617253..71362fd7ef7 100644 --- a/pkgs/development/libraries/librime/default.nix +++ b/pkgs/development/libraries/librime/default.nix @@ -2,14 +2,14 @@ libyamlcpp, gmock }: stdenv.mkDerivation rec { - name = "librime-${version}"; - version = "1.4.0"; + pname = "librime"; + version = "1.5.0"; src = fetchFromGitHub { owner = "rime"; repo = "librime"; rev = "${version}"; - sha256 = "1zkx1wfbd94v55gfycyd2b94jxclfyk2zl7yw35pyjx63qdlb6sd"; + sha256 = "10wvh1l4317yzcys4rzlkw42i6cj5p8g62r1xzyjw32ky2d0ndxl"; }; nativeBuildInputs = [ cmake ]; diff --git a/pkgs/development/libraries/libsodium/default.nix b/pkgs/development/libraries/libsodium/default.nix index 51f779bca6b..8c88abd2c44 100644 --- a/pkgs/development/libraries/libsodium/default.nix +++ b/pkgs/development/libraries/libsodium/default.nix @@ -1,11 +1,11 @@ { stdenv, fetchurl }: stdenv.mkDerivation rec { - name = "libsodium-1.0.17"; + name = "libsodium-1.0.18"; src = fetchurl { url = "https://download.libsodium.org/libsodium/releases/${name}.tar.gz"; - sha256 = "1cf2d9v1gylz1qcy2zappbf526qfmph6gd6fnn3w2b347vixmhqc"; + sha256 = "1h9ncvj23qbbni958knzsli8dvybcswcjbx0qjjgi922nf848l3g"; }; outputs = [ "out" "dev" ]; diff --git a/pkgs/development/libraries/libuv/default.nix b/pkgs/development/libraries/libuv/default.nix index 78abbe7392c..e725439a3f1 100644 --- a/pkgs/development/libraries/libuv/default.nix +++ b/pkgs/development/libraries/libuv/default.nix @@ -1,14 +1,14 @@ { stdenv, lib, fetchpatch, fetchFromGitHub, autoconf, automake, libtool, pkgconfig, ApplicationServices, CoreServices }: stdenv.mkDerivation rec { - version = "1.28.0"; + version = "1.29.1"; pname = "libuv"; src = fetchFromGitHub { owner = pname; repo = pname; rev = "v${version}"; - sha256 = "0l0gx69sdy3sv3pirjbca2ws54n9d83mj0j96h77k0ncywimvi64"; + sha256 = "0scnircr6khgh7l3bw9zyfzdgx2c11mpfhd9d8qlw47arrvqg7l8"; }; postPatch = let diff --git a/pkgs/development/libraries/mesa/default.nix b/pkgs/development/libraries/mesa/default.nix index c18de60aad1..40a03707ea5 100644 --- a/pkgs/development/libraries/mesa/default.nix +++ b/pkgs/development/libraries/mesa/default.nix @@ -2,7 +2,7 @@ , pkgconfig, intltool, autoreconfHook , file, expat, libdrm, xorg, wayland, wayland-protocols, openssl , llvmPackages, libffi, libomxil-bellagio, libva-minimal -, libelf, libvdpau, valgrind-light, python2, python2Packages +, libelf, libvdpau, python2, python2Packages , libglvnd , enableRadv ? true , galliumDrivers ? null @@ -10,6 +10,7 @@ , vulkanDrivers ? null , eglPlatforms ? [ "x11" ] ++ lib.optionals stdenv.isLinux [ "wayland" "drm" ] , OpenGL, Xplugin +, withValgrind ? stdenv.hostPlatform.isLinux && !stdenv.hostPlatform.isAarch32, valgrind-light }: /** Packaging design: @@ -25,10 +26,6 @@ with stdenv.lib; -if ! elem stdenv.hostPlatform.system platforms.mesaPlatforms then - throw "${stdenv.system}: unsupported platform for Mesa" -else - let # platforms that have PCIe slots and thus can use most non-integrated GPUs pciePlatform = !stdenv.hostPlatform.isAarch32 && !stdenv.hostPlatform.isAarch64; @@ -150,7 +147,8 @@ let self = stdenv.mkDerivation { libffi libvdpau libelf libXvMC libpthreadstubs openssl /*or another sha1 provider*/ ] ++ lib.optionals (elem "wayland" eglPlatforms) [ wayland wayland-protocols ] - ++ lib.optionals stdenv.isLinux [ valgrind-light libomxil-bellagio libva-minimal ]; + ++ lib.optionals stdenv.isLinux [ libomxil-bellagio libva-minimal ] + ++ lib.optional withValgrind valgrind-light; enableParallelBuilding = true; doCheck = false; @@ -310,7 +308,7 @@ let self = stdenv.mkDerivation { description = "An open source implementation of OpenGL"; homepage = https://www.mesa3d.org/; license = licenses.mit; # X11 variant, in most files - platforms = platforms.linux ++ platforms.darwin; + platforms = platforms.mesaPlatforms; maintainers = with maintainers; [ vcunat ]; }; }; diff --git a/pkgs/development/libraries/newt/default.nix b/pkgs/development/libraries/newt/default.nix index 1a5656b7ca1..60dc00a335d 100644 --- a/pkgs/development/libraries/newt/default.nix +++ b/pkgs/development/libraries/newt/default.nix @@ -1,11 +1,12 @@ { fetchurl, stdenv, slang, popt }: stdenv.mkDerivation rec { - name = "newt-0.52.20"; + pname = "newt"; + version = "0.52.21"; src = fetchurl { - url = "https://fedorahosted.org/releases/n/e/newt/${name}.tar.gz"; - sha256 = "1g3dpfnvaw7vljbr7nzq1rl88d6r8cmrvvng9inphgzwxxmvlrld"; + url = "https://fedorahosted.org/releases/n/e/${pname}/${pname}-${version}.tar.gz"; + sha256 = "0cdvbancr7y4nrj8257y5n45hmhizr8isynagy4fpsnpammv8pi6"; }; patchPhase = '' diff --git a/pkgs/development/libraries/openssl/default.nix b/pkgs/development/libraries/openssl/default.nix index 1c0d124b5c0..ef617a92eaa 100644 --- a/pkgs/development/libraries/openssl/default.nix +++ b/pkgs/development/libraries/openssl/default.nix @@ -120,8 +120,8 @@ let in { openssl_1_0_2 = common { - version = "1.0.2r"; - sha256 = "1mnh27zf6r1bhm5d9fxqq9slv2gz0d9z2ij9i679b0wapa5x0ldf"; + version = "1.0.2s"; + sha256 = "15mbmg8hf7s12vr3v2bdc0pi9y4pdbnsxhzk4fyyap42jaa5rgfa"; patches = [ ./1.0.2/nix-ssl-cert-file.patch @@ -132,15 +132,10 @@ in { }; openssl_1_1 = common { - version = "1.1.1b"; - sha256 = "0jza8cmznnyiia43056dij1jdmz62dx17wsn0zxksh9h6817nmaw"; + version = "1.1.1c"; + sha256 = "142c7zdlz06hjrrvinb9f276czc78bnkyhd9xma621qmmmwk1yzn"; patches = [ ./1.1/nix-ssl-cert-file.patch - (fetchurl { - name = "long-chacha-nonce.patch"; - url = "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff_plain;h=f426625b6ae9a7831010750490a5f0ad689c5ba3"; - sha256= "02ghqg3vzmzx3s1dwwwbm1p1l4asaiampyg4k9vfrjwficvgpdgp"; - }) (if stdenv.hostPlatform.isDarwin then ./1.1/use-etc-ssl-certs-darwin.patch diff --git a/pkgs/development/mobile/androidenv/compose-android-packages.nix b/pkgs/development/mobile/androidenv/compose-android-packages.nix index 935a4a4f2fb..40b2ed775cd 100644 --- a/pkgs/development/mobile/androidenv/compose-android-packages.nix +++ b/pkgs/development/mobile/androidenv/compose-android-packages.nix @@ -26,7 +26,7 @@ let # Determine the Android os identifier from Nix's system identifier os = if stdenv.system == "x86_64-linux" then "linux" else if stdenv.system == "x86_64-darwin" then "macosx" - else throw "No tarballs found for system architecture: ${stdenv.system}"; + else throw "No Android SDK tarballs are available for system architecture: ${stdenv.system}"; # Generated Nix packages packages = import ./generated/packages.nix { diff --git a/pkgs/development/python-modules/aiohttp/cors.nix b/pkgs/development/python-modules/aiohttp-cors/default.nix similarity index 100% rename from pkgs/development/python-modules/aiohttp/cors.nix rename to pkgs/development/python-modules/aiohttp-cors/default.nix diff --git a/pkgs/development/python-modules/aiohttp/default.nix b/pkgs/development/python-modules/aiohttp/default.nix index 90bd7521ea4..5769109f774 100644 --- a/pkgs/development/python-modules/aiohttp/default.nix +++ b/pkgs/development/python-modules/aiohttp/default.nix @@ -40,6 +40,14 @@ buildPythonPackage rec { propagatedBuildInputs = [ attrs chardet multidict async-timeout yarl ] ++ lib.optionals (pythonOlder "3.7") [ idna-ssl typing-extensions ]; + # Don't error on cryptography deprecation warning + postPatch = '' + substituteInPlace pytest.ini --replace "filterwarnings = error" "" + ''; + + # coroutine 'noop2' was never awaited + doCheck = false; + meta = with lib; { description = "Asynchronous HTTP Client/Server for Python and asyncio"; license = licenses.asl20; diff --git a/pkgs/development/python-modules/asyncssh/default.nix b/pkgs/development/python-modules/asyncssh/default.nix index 5320d5be108..a078a420716 100644 --- a/pkgs/development/python-modules/asyncssh/default.nix +++ b/pkgs/development/python-modules/asyncssh/default.nix @@ -5,12 +5,12 @@ buildPythonPackage rec { pname = "asyncssh"; - version = "1.16.1"; + version = "1.17.0"; disabled = pythonOlder "3.4"; src = fetchPypi { inherit pname version; - sha256 = "0qia1ay2dhwps5sfh0hif7mrv7yxvykxs9l7cmfp4m6hmqnn3r5r"; + sha256 = "1qrpkdyl77956qg6g7g66bbd6bfvb2nwi2sjy3v3li8m3irx8d7d"; }; patches = [ @@ -21,13 +21,6 @@ buildPythonPackage rec { # However that broke the test on NixOS, failing with # "Operation not permitted" ./fix-sftp-chmod-test-nixos.patch - - # Restore libnacl support for curve25519/ed25519 as a fallback for PyCA - # Fixes https://github.com/ronf/asyncssh/issues/206 with older openssl - (fetchpatch { - url = "https://github.com/ronf/asyncssh/commit/1dee113bb3e4a6888de562b0413e9abd6a0f0f04.patch"; - sha256 = "04bckdj7i6xk24lizkn3a8cj375pkz7yc57fc0vk222c6jzwzaml"; - }) ]; propagatedBuildInputs = [ diff --git a/pkgs/development/python-modules/cryptography/default.nix b/pkgs/development/python-modules/cryptography/default.nix index f40f0bf63d8..6b20b4b570a 100644 --- a/pkgs/development/python-modules/cryptography/default.nix +++ b/pkgs/development/python-modules/cryptography/default.nix @@ -21,11 +21,11 @@ buildPythonPackage rec { pname = "cryptography"; - version = "2.6.1"; # Also update the hash in vectors.nix + version = "2.7"; # Also update the hash in vectors.nix src = fetchPypi { inherit pname version; - sha256 = "19iwz5avym5zl6jrrrkym1rdaa9h61j20ph4cswsqgv8xg5j3j16"; + sha256 = "1inlnr36kl36551c9rcad99jmhk81v33by3glkadwdcgmi17fd76"; }; outputs = [ "out" "dev" ]; diff --git a/pkgs/development/python-modules/cryptography/vectors.nix b/pkgs/development/python-modules/cryptography/vectors.nix index 5679905cd14..ea24ed90801 100644 --- a/pkgs/development/python-modules/cryptography/vectors.nix +++ b/pkgs/development/python-modules/cryptography/vectors.nix @@ -7,7 +7,7 @@ buildPythonPackage rec { src = fetchPypi { inherit pname version; - sha256 = "1bsqcv3h49dzqnyn29ijq8r7k1ra8ikl1y9qcpcns9nbvhaq3wq3"; + sha256 = "1g38zw90510azyfrj6mxbslx2gp9yrnv5dac0w2819k9ssdznbgi"; }; # No tests included diff --git a/pkgs/development/python-modules/scandir/default.nix b/pkgs/development/python-modules/scandir/default.nix index 9aa2269c957..2736eb2ee9a 100644 --- a/pkgs/development/python-modules/scandir/default.nix +++ b/pkgs/development/python-modules/scandir/default.nix @@ -2,13 +2,15 @@ buildPythonPackage rec { pname = "scandir"; - version = "1.7"; + version = "1.10.0"; src = fetchPypi { inherit pname version; - sha256 ="0gbnhjzg42rj87ljv9kb648rfxph69ly3c8r9841dxy4d7l5pmdj"; + sha256 ="1bkqwmf056pkchf05ywbnf659wqlp6lljcdb0y88wr9f0vv32ijd"; }; + checkPhase = "python test/run_tests.py"; + meta = with lib; { description = "A better directory iterator and faster os.walk()"; homepage = https://github.com/benhoyt/scandir; diff --git a/pkgs/development/tools/documentation/gtk-doc/0001-highlight-fix-permission-on-file-style.patch b/pkgs/development/tools/documentation/gtk-doc/0001-highlight-fix-permission-on-file-style.patch new file mode 100644 index 00000000000..f7e37a1a5e5 --- /dev/null +++ b/pkgs/development/tools/documentation/gtk-doc/0001-highlight-fix-permission-on-file-style.patch @@ -0,0 +1,24 @@ +From 95a75c95c5c4e641ce7cda0ded968d66f07f822a Mon Sep 17 00:00:00 2001 +From: worldofpeace +Date: Sat, 18 May 2019 14:44:08 -0400 +Subject: [PATCH] highlight: fix permission on file style + +--- + gtkdoc/highlight.py | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/gtkdoc/highlight.py b/gtkdoc/highlight.py +index 8f6e470..d11c432 100644 +--- a/gtkdoc/highlight.py ++++ b/gtkdoc/highlight.py +@@ -47,6 +47,6 @@ def highlight_code(code, lang='c'): + + + def append_style_defs(css_file_name): +- os.chmod(css_file_name, stat.S_IWRITE) ++ os.chmod(css_file_name, 0o664) + with open(css_file_name, 'at', newline='\n', encoding='utf-8') as css: + css.write(HTML_FORMATTER.get_style_defs()) +-- +2.21.0 + diff --git a/pkgs/development/tools/documentation/gtk-doc/default.nix b/pkgs/development/tools/documentation/gtk-doc/default.nix index f6083a78bf8..44b5384106e 100644 --- a/pkgs/development/tools/documentation/gtk-doc/default.nix +++ b/pkgs/development/tools/documentation/gtk-doc/default.nix @@ -1,30 +1,59 @@ -{ stdenv, fetchurl, autoreconfHook, pkgconfig, perl, python3, libxml2Python, libxslt, which -, docbook_xml_dtd_43, docbook_xsl, gnome-doc-utils, gettext, itstool, gnome3 +{ stdenv +, fetchFromGitLab +, meson +, ninja +, pkgconfig +, python3 +, libxml2Python +, docbook_xml_dtd_43 +, docbook_xsl +, libxslt +, gettext +, gnome3 , withDblatex ? false, dblatex }: stdenv.mkDerivation rec { pname = "gtk-doc"; - version = "1.29"; + version = "1.30"; - src = fetchurl { - url = "mirror://gnome/sources/${pname}/${stdenv.lib.versions.majorMinor version}/${pname}-${version}.tar.xz"; - sha256 = "1cc6yl8l275qn3zpjl6f0s4fwmkczngjr9hhsdv74mln4h08wmql"; + src = fetchFromGitLab { + domain = "gitlab.gnome.org"; + owner = "GNOME"; + repo = pname; + rev = "GTK_DOC_${stdenv.lib.replaceStrings ["."] ["_"] version }"; + sha256 = "05lr6apj3pd3s59a7k6p45k9ywwrp577ra4pvkhxvb5p7v90c2fi"; }; patches = [ passthru.respect_xml_catalog_files_var_patch + # https://gitlab.gnome.org/GNOME/gtk-doc/issues/84 + ./0001-highlight-fix-permission-on-file-style.patch ]; outputDevdoc = "out"; - nativeBuildInputs = [ autoreconfHook ]; - buildInputs = - [ pkgconfig perl python3 libxml2Python libxslt docbook_xml_dtd_43 docbook_xsl - gnome-doc-utils gettext which itstool - ] ++ stdenv.lib.optional withDblatex dblatex; + nativeBuildInputs = [ + gettext + meson + ninja + ]; - configureFlags = [ "--disable-scrollkeeper" ]; + buildInputs = [ + docbook_xml_dtd_43 + docbook_xsl + libxslt + pkgconfig + python3 + libxml2Python + ] + ++ stdenv.lib.optional withDblatex dblatex + ; + + mesonFlags = [ + "-Dtests=false" + "-Dyelp_manual=false" + ]; # Make pygments available for binaries, python.withPackages creates a wrapper # but scripts are not allowed in shebangs so we link it into sys.path. diff --git a/pkgs/os-specific/linux/busybox/default.nix b/pkgs/os-specific/linux/busybox/default.nix index a0f0a4c47e3..7270877c52e 100644 --- a/pkgs/os-specific/linux/busybox/default.nix +++ b/pkgs/os-specific/linux/busybox/default.nix @@ -94,7 +94,7 @@ stdenv.mkDerivation rec { depsBuildBuild = [ buildPackages.stdenv.cc ]; - buildInputs = lib.optionals (enableStatic && !useMusl) [ stdenv.cc.libc stdenv.cc.libc.static ]; + buildInputs = lib.optionals (enableStatic && !useMusl && stdenv.cc.libc ? static) [ stdenv.cc.libc stdenv.cc.libc.static ]; enableParallelBuilding = true; diff --git a/pkgs/os-specific/linux/iptables/default.nix b/pkgs/os-specific/linux/iptables/default.nix index ff6ce3b4889..b2fee6184e2 100644 --- a/pkgs/os-specific/linux/iptables/default.nix +++ b/pkgs/os-specific/linux/iptables/default.nix @@ -2,42 +2,14 @@ , libnetfilter_conntrack, libnftnl, libmnl, libpcap }: stdenv.mkDerivation rec { - name = "iptables-${version}"; - version = "1.8.2"; + pname = "iptables"; + version = "1.8.3"; src = fetchurl { - url = "https://www.netfilter.org/projects/iptables/files/${name}.tar.bz2"; - sha256 = "1bqj9hf3szy9r0w14iy23w00ir8448nfhpcprbwmcchsxm88nxx3"; + url = "https://www.netfilter.org/projects/${pname}/files/${pname}-${version}.tar.bz2"; + sha256 = "106xkkg5crsscjlinxvqvprva23fwwqfgrzl8m2nn841841sqg52"; }; - patches = [ - # Adds missing bits to extensions' libipt_icmp.c and libip6t_icmp6.c that were causing build to fail - (fetchpatch { - url = "https://git.netfilter.org/iptables/patch/?id=907e429d7548157016cd51aba4adc5d0c7d9f816"; - sha256 = "0vc7ljcglz5152lc3jx4p44vjfi6ipvxdrgkdb5dmkhlb5v93i2h"; - }) - # Build with musl libc fails because of conflicting struct ethhdr definitions - (fetchpatch { - url = "https://git.netfilter.org/iptables/patch/?id=51d374ba41ae4f1bb851228c06b030b83dd2092f"; - sha256 = "05fwrq03f9sm0v2bfwshbrg7pi2p978w1460arnmpay3135gj266"; - }) - # Extensions: libip6t_mh: fix bogus translation error - (fetchpatch { - url = "https://git.netfilter.org/iptables/patch/?id=5839d7fe62ff667af7132fc7d589b386951f27b3"; - sha256 = "0578jn1ip710z9kijwg9g2vjq2kfrbafl03m1rgi4fasz215gvkf"; - }) - # Prevent headers collisions between linux and netfilter (in.h and in6.h) - # Fixed upstream with two commits - (fetchpatch { - url = "https://git.netfilter.org/iptables/patch/?id=8d9d7e4b9ef4c6e6abab2cf35c747d7ca36824bd"; - sha256 = "0q3wcspiqym1r6dg1jhg7h8hpvsjzx1k7cs39z36mzlbmj9lm0zb"; - }) - (fetchpatch { - url = "https://git.netfilter.org/iptables/patch/?id=2908eda10bf9fc81119d4f3ad672c67918ab5955"; - sha256 = "1dci4c8b7gcdrf77l2aicrcwlbp320xjz76fhavams0b4kgs6yr3"; - }) - ]; - nativeBuildInputs = [ bison flex pkgconfig pruneLibtoolFiles ]; buildInputs = [ libnetfilter_conntrack libnftnl libmnl libpcap ]; diff --git a/pkgs/os-specific/linux/multipath-tools/default.nix b/pkgs/os-specific/linux/multipath-tools/default.nix index 14996fd76be..0e90a081476 100644 --- a/pkgs/os-specific/linux/multipath-tools/default.nix +++ b/pkgs/os-specific/linux/multipath-tools/default.nix @@ -1,16 +1,17 @@ -{ stdenv, fetchurl, lvm2, libaio, gzip, readline, systemd, liburcu }: +{ stdenv, fetchurl, pkgconfig, perl, lvm2, libaio, gzip, readline, systemd, liburcu, json_c }: stdenv.mkDerivation rec { name = "multipath-tools-${version}"; - version = "0.6.2"; + version = "0.8.1"; src = fetchurl { name = "${name}.tar.gz"; - url = "https://git.opensvc.com/?p=multipath-tools/.git;a=snapshot;h=${version};sf=tgz"; - sha256 = "159hxvbk9kh1qay9x04w0gsqzg0hkl5yghfc1wi9kv2n5pcwbkpm"; + url = "https://git.opensvc.com/gitweb.cgi?p=multipath-tools/.git;a=snapshot;h=refs/tags/${version};sf=tgz"; + sha256 = "0669zl4dpai63dl04lf8vpwnpsff6qf19fifxfc4frawnh699k95"; }; postPatch = '' + substituteInPlace libmultipath/Makefile --replace /usr/include/libdevmapper.h ${lvm2}/include/libdevmapper.h sed -i -re ' s,^( *#define +DEFAULT_MULTIPATHDIR\>).*,\1 "'"$out/lib/multipath"'", ' libmultipath/defaults.h @@ -20,8 +21,8 @@ stdenv.mkDerivation rec { Makefile.inc ''; - nativeBuildInputs = [ gzip ]; - buildInputs = [ systemd lvm2 libaio readline liburcu ]; + nativeBuildInputs = [ gzip pkgconfig perl ]; + buildInputs = [ systemd lvm2 libaio readline liburcu json_c ]; makeFlags = [ "LIB=lib" diff --git a/pkgs/os-specific/linux/systemd/default.nix b/pkgs/os-specific/linux/systemd/default.nix index 84890b56916..8aa518ed1d0 100644 --- a/pkgs/os-specific/linux/systemd/default.nix +++ b/pkgs/os-specific/linux/systemd/default.nix @@ -9,16 +9,14 @@ , patchelf , getent , buildPackages +, perl , withSelinux ? false, libselinux , withLibseccomp ? lib.any (lib.meta.platformMatch stdenv.hostPlatform) libseccomp.meta.platforms, libseccomp , withKexectools ? lib.any (lib.meta.platformMatch stdenv.hostPlatform) kexectools.meta.platforms, kexectools }: -let - pythonLxmlEnv = buildPackages.python3Packages.python.withPackages ( ps: with ps; [ python3Packages.lxml ]); - -in stdenv.mkDerivation rec { - version = "239.20190219"; +stdenv.mkDerivation rec { + version = "242"; name = "systemd-${version}"; # When updating, use https://github.com/systemd/systemd-stable tree, not the development one! @@ -27,27 +25,9 @@ in stdenv.mkDerivation rec { owner = "NixOS"; repo = "systemd"; rev = "nixos-v${version}"; - sha256 = "0aczg25ih2gfjq810x8rw6rnpr6sw1lz6z0lvlyw2qphyih68b4x"; + sha256 = "0ldyhfxdy4qlgygvpc92wp0qp6p1c9y3rnm77zwbkga48x60d9i8"; }; - prePatch = let - # Upstream's maintenance branches are still too intrusive: - # https://github.com/systemd/systemd-stable/tree/v239-stable - patches-deb = fetchurl { - # This URL should point to a stable location that does not easily - # disappear. In the past we were using `mirror://debian` but that - # eventually causes the files to disappear. While that was a good sign - # for us to update our patch collection it does break reproducibility. - name = "systemd-debian-patches.tar.xz"; - url = http://snapshot.debian.org/archive/debian/20190301T035241Z/pool/main/s/systemd/systemd_239-12%7Ebpo9%2B1.debian.tar.xz; - sha256 = "0v9f62gyfiw5icdrdlcvjcipsqrsm49w6n8bqp9nb8s2ih6rsfhg"; - }; - # Note that we skip debian-specific patches, i.e. ./debian/patches/debian/* - in '' - tar xf ${patches-deb} - patches="$patches $(cat debian/patches/series | grep -v '^debian/' | sed 's|^|debian/patches/|')" - ''; - outputs = [ "out" "lib" "man" "dev" ]; nativeBuildInputs = @@ -56,6 +36,9 @@ in stdenv.mkDerivation rec { coreutils # meson calls date, stat etc. glibcLocales patchelf getent m4 + perl # to patch the libsystemd.so and remove dependencies on aarch64 + + (buildPackages.python3Packages.python.withPackages ( ps: with ps; [ python3Packages.lxml ])) ]; buildInputs = [ linuxHeaders libcap kmod xz pam acl @@ -65,17 +48,24 @@ in stdenv.mkDerivation rec { stdenv.lib.optional withLibseccomp libseccomp ++ [ libffi audit lz4 bzip2 libapparmor iptables gnu-efi - # This is actually native, but we already pull it from buildPackages - pythonLxmlEnv ] ++ stdenv.lib.optional withSelinux libselinux; #dontAddPrefix = true; mesonFlags = [ + "-Ddbuspolicydir=${placeholder "out"}/etc/dbus-1/system.d" + "-Ddbussessionservicedir=${placeholder "out"}/share/dbus-1/services" + "-Ddbussystemservicedir=${placeholder "out"}/share/dbus-1/system-services" + "-Dpamconfdir=${placeholder "out"}/etc/pam.d" + "-Drootprefix=${placeholder "out"}" + "-Drootlibdir=${placeholder "lib"}/lib" + "-Dpkgconfiglibdir=${placeholder "dev"}/lib/pkgconfig" + "-Dpkgconfigdatadir=${placeholder "dev"}/share/pkgconfig" "-Dloadkeys-path=${kbd}/bin/loadkeys" "-Dsetfont-path=${kbd}/bin/setfont" "-Dtty-gid=3" # tty in NixOS has gid 3 - # "-Dtests=" # TODO + # while we do not run tests we should also not build them. Removes about 600 targets + "-Dtests=false" "-Dlz4=true" "-Dhostnamed=true" "-Dnetworkd=true" @@ -92,6 +82,7 @@ in stdenv.mkDerivation rec { "-Dquotacheck=false" "-Dldconfig=false" "-Dsmack=true" + "-Db_pie=true" "-Dsystem-uid-max=499" #TODO: debug why awking around in /etc/login.defs doesn't work "-Dsystem-gid-max=499" # "-Dtime-epoch=1" @@ -113,19 +104,10 @@ in stdenv.mkDerivation rec { preConfigure = '' mesonFlagsArray+=(-Dntp-servers="0.nixos.pool.ntp.org 1.nixos.pool.ntp.org 2.nixos.pool.ntp.org 3.nixos.pool.ntp.org") - mesonFlagsArray+=(-Ddbuspolicydir=$out/etc/dbus-1/system.d) - mesonFlagsArray+=(-Ddbussessionservicedir=$out/share/dbus-1/services) - mesonFlagsArray+=(-Ddbussystemservicedir=$out/share/dbus-1/system-services) - mesonFlagsArray+=(-Dpamconfdir=$out/etc/pam.d) - mesonFlagsArray+=(-Drootprefix=$out) - mesonFlagsArray+=(-Drootlibdir=$lib/lib) - mesonFlagsArray+=(-Dpkgconfiglibdir=$dev/lib/pkgconfig) - mesonFlagsArray+=(-Dpkgconfigdatadir=$dev/share/pkgconfig) - export LC_ALL="en_US.UTF-8"; # FIXME: patch this in systemd properly (and send upstream). # already fixed in f00929ad622c978f8ad83590a15a765b4beecac9: (u)mount - for i in src/remount-fs/remount-fs.c src/core/mount.c src/core/swap.c src/fsck/fsck.c units/emergency.service.in units/rescue.service.in src/journal/cat.c src/core/shutdown.c src/nspawn/nspawn.c src/shared/generator.c; do + for i in src/remount-fs/remount-fs.c src/core/mount.c src/core/swap.c src/fsck/fsck.c units/emergency.service.in units/rescue.service.in src/journal/cat.c src/shutdown/shutdown.c src/nspawn/nspawn.c src/shared/generator.c; do test -e $i substituteInPlace $i \ --replace /usr/bin/getent ${getent}/bin/getent \ @@ -139,14 +121,8 @@ in stdenv.mkDerivation rec { --replace /bin/plymouth /run/current-system/sw/bin/plymouth # To avoid dependency done - for i in tools/xml_helper.py tools/make-directive-index.py tools/make-man-index.py test/sys-script.py; do - substituteInPlace $i \ - --replace "#!/usr/bin/env python" "#!${pythonLxmlEnv}/bin/python" - done - - for i in src/basic/generate-gperfs.py src/resolve/generate-dns_type-gperf.py src/test/generate-sym-test.py ; do - substituteInPlace $i \ - --replace "#!/usr/bin/env python" "#!${buildPackages.python3Packages.python}/bin/python" + for dir in tools src/resolve test src/test; do + patchShebangs $dir done substituteInPlace src/journal/catalog.c \ @@ -207,13 +183,37 @@ in stdenv.mkDerivation rec { enableParallelBuilding = true; + # On aarch64 we "leak" a reference to $out/lib/systemd/catalog in the lib + # output. The result of that is a dependency cycle between $out and $lib. + # Thus nix (rightfully) marks the build as failed. That reference originates + # from an array of strings (catalog_file_dirs) in systemd + # (src/src/journal/catalog.{c,h}). The only consumer (as of v242) of the + # symbol is the main function of journalctl. Still libsystemd.so contains + # the VALUE but not the symbol. Systemd seems to be properly using function + # & data sections together with the linker flags to garbage collect unused + # sections (-Wl,--gc-sections). For unknown reasons those flags do not + # eliminate the unused string constants, in this case on aarch64-linux. The + # hacky way is to just remove the reference after we finished compiling. + # Since it can not be used (there is no symbol to actually refer to it) there + # should not be any harm. It is a bit odd and I really do not like starting + # these kind of hacks but there doesn't seem to be a straight forward way at + # this point in time. + # The reference will be replaced by the same reference the usual nukeRefs + # tooling uses. The standard tooling can not / should not be uesd since it + # is a bit too excessive and could potentially do us some (more) harm. + postFixup = '' + nukedRef=$(echo $out | sed -e "s,$NIX_STORE/[^-]*-\(.*\),$NIX_STORE/eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee-\1,") + cat $lib/lib/libsystemd.so | perl -pe "s|$out/lib/systemd/catalog|$nukedRef/lib/systemd/catalog|" > $lib/lib/libsystemd.so.tmp + mv $lib/lib/libsystemd.so.tmp $(readlink -f $lib/lib/libsystemd.so) + ''; + # The interface version prevents NixOS from switching to an # incompatible systemd at runtime. (Switching across reboots is # fine, of course.) It should be increased whenever systemd changes # in a backwards-incompatible way. If the interface version of two # systemd builds is the same, then we can switch between them at # runtime; otherwise we can't and we need to reboot. - passthru.interfaceVersion = 2; + passthru.interfaceVersion = 3; meta = with stdenv.lib; { homepage = http://www.freedesktop.org/wiki/Software/systemd; diff --git a/pkgs/servers/pulseaudio/default.nix b/pkgs/servers/pulseaudio/default.nix index 06693303ff9..13b5d4c3c9f 100644 --- a/pkgs/servers/pulseaudio/default.nix +++ b/pkgs/servers/pulseaudio/default.nix @@ -59,7 +59,21 @@ stdenv.mkDerivation rec { ++ lib.optionals bluetoothSupport [ bluez5 sbc ] ++ lib.optional remoteControlSupport lirc ++ lib.optional zeroconfSupport avahi - ); + ); + + patches = [ + # The following two patches fix alsalib headers move, remove after the next release + (fetchpatch { + name = "alsa-asoundlib-include.patch"; + url = "https://gitlab.freedesktop.org/pulseaudio/pulseaudio/commit/993d3fd89e5611997f1e165bf03edefb0204b0a4.patch"; + sha256 = "17icnf8026947j1dqw4k16f91vy6zyg7q41zv2j6pxh9fncb1s71"; + }) + (fetchpatch { + name = "alsa-use-case-include.patch"; + url = "https://gitlab.freedesktop.org/pulseaudio/pulseaudio/commit/b89d33bb182c42db5ad3987b0e91b7bf62f421e8.patch"; + sha256 = "0jccpc0dgkb0v4xrkyca2pm2k4i6pvahs9bq4hbg34173p23g5nb"; + }) + ]; preConfigure = '' # Performs and autoreconf @@ -117,19 +131,6 @@ stdenv.mkDerivation rec { --prefix GIO_EXTRA_MODULES : "${lib.getLib gnome3.dconf}/lib/gio/modules" ''; - patches = [ - (fetchpatch { - name = "alsa-asoundlib-include.patch"; - url = "https://gitlab.freedesktop.org/pulseaudio/pulseaudio/commit/993d3fd89e5611997f1e165bf03edefb0204b0a4.patch"; - sha256 = "17icnf8026947j1dqw4k16f91vy6zyg7q41zv2j6pxh9fncb1s71"; - }) - (fetchpatch { - name = "alsa-use-case-include.patch"; - url = "https://gitlab.freedesktop.org/pulseaudio/pulseaudio/commit/b89d33bb182c42db5ad3987b0e91b7bf62f421e8.patch"; - sha256 = "0jccpc0dgkb0v4xrkyca2pm2k4i6pvahs9bq4hbg34173p23g5nb"; - }) - ]; - meta = { description = "Sound server for POSIX and Win32 systems"; homepage = http://www.pulseaudio.org/; diff --git a/pkgs/servers/sql/postgresql/default.nix b/pkgs/servers/sql/postgresql/default.nix index d46f0cc6317..701670187b6 100644 --- a/pkgs/servers/sql/postgresql/default.nix +++ b/pkgs/servers/sql/postgresql/default.nix @@ -38,7 +38,7 @@ let enableParallelBuilding = !stdenv.isDarwin; - makeFlags = [ "world" ]; + buildFlags = [ "world" ]; NIX_CFLAGS_COMPILE = [ "-I${libxml2.dev}/include/libxml2" ]; @@ -60,6 +60,7 @@ let (if atLeast "9.6" then ./patches/less-is-more-96.patch else ./patches/less-is-more.patch) (if atLeast "9.6" then ./patches/hardcode-pgxs-path-96.patch else ./patches/hardcode-pgxs-path.patch) ./patches/specify_pkglibdir_at_runtime.patch + ./patches/findstring.patch ] ++ lib.optional stdenv.isLinux ./patches/socketdir-in-run.patch; installTargets = [ "install-world" ]; diff --git a/pkgs/servers/sql/postgresql/patches/findstring.patch b/pkgs/servers/sql/postgresql/patches/findstring.patch new file mode 100644 index 00000000000..959bf6a6caa --- /dev/null +++ b/pkgs/servers/sql/postgresql/patches/findstring.patch @@ -0,0 +1,59 @@ +From: Matthew Bauer +Date: Wed, 29 May 2019 22:51:52 -0400 +Subject: [PATCH] Add /postgresql suffix for Nix outputs + +Nix outputs put the `name' in each store path like +/nix/store/...-. This was confusing the Postgres make script +because it thought its data directory already had postgresql in its +directory. This lead to Postgres installing all of its fils in +$out/share. To fix this, we just look for postgres or psql in the part +after the / using make's notdir. + +--- +From: Matthew Bauer +Date: Wed, 29 May 2019 22:51:52 -0400 +Subject: [PATCH] Add /postgresql suffix for Nix outputs + +Nix outputs put the `name' in each store path like +/nix/store/...-. This was confusing the Postgres make script +because it thought its data directory already had postgresql in its +directory. This lead to Postgres installing all of its fils in +$out/share. To fix this, we just look for postgres or psql in the part +after the / using make's notdir. + +--- +diff --git a/src/Makefile.global.in b/src/Makefile.global.in +index b9d86acaa9..bce05464c3 100644 +--- a/src/Makefile.global.in ++++ b/src/Makefile.global.in +@@ -102,15 +102,15 @@ datarootdir := @datarootdir@ + bindir := @bindir@ + + datadir := @datadir@ +-ifeq "$(findstring pgsql, $(datadir))" "" +-ifeq "$(findstring postgres, $(datadir))" "" ++ifeq "$(findstring pgsql, $(notdir $(datadir)))" "" ++ifeq "$(findstring postgres, $(notdir $(datadir)))" "" + override datadir := $(datadir)/postgresql + endif + endif + + sysconfdir := @sysconfdir@ +-ifeq "$(findstring pgsql, $(sysconfdir))" "" +-ifeq "$(findstring postgres, $(sysconfdir))" "" ++ifeq "$(findstring pgsql, $(notdir $(sysconfdir)))" "" ++ifeq "$(findstring postgres, $(notdir $(sysconfdir)))" "" + override sysconfdir := $(sysconfdir)/postgresql + endif + endif +@@ -136,8 +136,8 @@ endif + mandir := @mandir@ + + docdir := @docdir@ +-ifeq "$(findstring pgsql, $(docdir))" "" +-ifeq "$(findstring postgres, $(docdir))" "" ++ifeq "$(findstring pgsql, $(notdir $(docdir)))" "" ++ifeq "$(findstring postgres, $(notdir $(docdir)))" "" + override docdir := $(docdir)/postgresql + endif + endif diff --git a/pkgs/tools/filesystems/e2fsprogs/default.nix b/pkgs/tools/filesystems/e2fsprogs/default.nix index c06b5eeff4b..babb3d844fe 100644 --- a/pkgs/tools/filesystems/e2fsprogs/default.nix +++ b/pkgs/tools/filesystems/e2fsprogs/default.nix @@ -2,11 +2,11 @@ stdenv.mkDerivation rec { pname = "e2fsprogs"; - version = "1.45.1"; + version = "1.45.2"; src = fetchurl { url = "mirror://sourceforge/${pname}/${pname}-${version}.tar.gz"; - sha256 = "0zi8jz28hs66vhjvrfxmkmr1via19aygcbzpnw3lp0crhizaasgf"; + sha256 = "1bhqljgcngys1diaxh7rnxc85d1jsril8xd7bach9imdjwr1wlm8"; }; outputs = [ "bin" "dev" "out" "man" "info" ]; diff --git a/pkgs/tools/networking/mosh/default.nix b/pkgs/tools/networking/mosh/default.nix index 9f81e0d5721..98d2625aade 100644 --- a/pkgs/tools/networking/mosh/default.nix +++ b/pkgs/tools/networking/mosh/default.nix @@ -1,4 +1,4 @@ -{ lib, stdenv, fetchurl, zlib, protobuf, ncurses, pkgconfig +{ lib, stdenv, fetchurl, fetchpatch, zlib, protobuf, ncurses, pkgconfig , makeWrapper, perlPackages, openssl, autoreconfHook, openssh, bash-completion , libutempter ? null, withUtempter ? stdenv.isLinux }: @@ -15,7 +15,15 @@ stdenv.mkDerivation rec { ++ (with perlPackages; [ perl IOTty ]) ++ lib.optional withUtempter libutempter; - patches = [ ./ssh_path.patch ./utempter_path.patch ]; + patches = [ + ./ssh_path.patch + ./utempter_path.patch + # Fix w/c++17, ::bind vs std::bind + (fetchpatch { + url = "https://github.com/mobile-shell/mosh/commit/e5f8a826ef9ff5da4cfce3bb8151f9526ec19db0.patch"; + sha256 = "15518rb0r5w1zn4s6981bf1sz6ins6gpn2saizfzhmr13hw4gmhm"; + }) + ]; postPatch = '' substituteInPlace scripts/mosh.pl \ --subst-var-by ssh "${openssh}/bin/ssh" diff --git a/pkgs/tools/security/gnupg/22.nix b/pkgs/tools/security/gnupg/22.nix index fbb370027d7..b360992c6be 100644 --- a/pkgs/tools/security/gnupg/22.nix +++ b/pkgs/tools/security/gnupg/22.nix @@ -16,11 +16,11 @@ assert guiSupport -> pinentry != null; stdenv.mkDerivation rec { name = "gnupg-${version}"; - version = "2.2.15"; + version = "2.2.16"; src = fetchurl { url = "mirror://gnupg/gnupg/${name}.tar.bz2"; - sha256 = "0m6lyphbb20i84isdxzfhcbzyc682hdrdv4aqkzmhrdksycf536b"; + sha256 = "1jqlzp9b3kpfp1dkjqskm67jjrhvf9nh3lzf45321p7m9d2qvgkc"; }; depsBuildBuild = [ buildPackages.stdenv.cc ]; diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 889684d3fa9..a7d5f3b0b8d 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -4643,9 +4643,7 @@ in docbook-xsl = docbook_xsl; }; - mosh = callPackage ../tools/networking/mosh { - stdenv = if stdenv.cc.isClang then llvmPackages_6.stdenv else stdenv; - }; + mosh = callPackage ../tools/networking/mosh { }; motuclient = callPackage ../applications/science/misc/motu-client { }; diff --git a/pkgs/top-level/python-packages.nix b/pkgs/top-level/python-packages.nix index 828cf517d5c..61801eee158 100644 --- a/pkgs/top-level/python-packages.nix +++ b/pkgs/top-level/python-packages.nix @@ -1028,7 +1028,7 @@ in { aiohttp = callPackage ../development/python-modules/aiohttp { }; - aiohttp-cors = callPackage ../development/python-modules/aiohttp/cors.nix { }; + aiohttp-cors = callPackage ../development/python-modules/aiohttp-cors { }; aiohttp-jinja2 = callPackage ../development/python-modules/aiohttp-jinja2 { }; diff --git a/pkgs/top-level/release-cross.nix b/pkgs/top-level/release-cross.nix index 339973f0574..bc822b466c9 100644 --- a/pkgs/top-level/release-cross.nix +++ b/pkgs/top-level/release-cross.nix @@ -107,7 +107,6 @@ in mapTestEqual = lib.mapAttrsRecursive testEqual; in mapTestEqual { - androidndk = nativePlatforms; boehmgc = nativePlatforms; libffi = nativePlatforms; libiconv = nativePlatforms;