From 7f91e5fb037298c0cfd3f2899461e891cfae77b8 Mon Sep 17 00:00:00 2001 From: Will Dietz Date: Sat, 23 Feb 2019 11:18:16 -0600 Subject: [PATCH 01/59] gnutar: 1.31 -> 1.32 https://lists.gnu.org/archive/html/info-gnu/2019-02/msg00010.html --- pkgs/tools/archivers/gnutar/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/tools/archivers/gnutar/default.nix b/pkgs/tools/archivers/gnutar/default.nix index a6f5052ad08..8730eaf12cc 100644 --- a/pkgs/tools/archivers/gnutar/default.nix +++ b/pkgs/tools/archivers/gnutar/default.nix @@ -2,11 +2,11 @@ stdenv.mkDerivation rec { name = "gnutar-${version}"; - version = "1.31"; + version = "1.32"; src = fetchurl { url = "mirror://gnu/tar/tar-${version}.tar.xz"; - sha256 = "1h9dxhjhz1jnyhmh6jfhqw1g1sxqbg3cd32vpwg7x2xxxqffzwrp"; + sha256 = "1n7xy657ii0sa42zx6944v2m4v9qrh6sqgmw17l3nch3y43sxlyh"; }; # avoid retaining reference to CF during stdenv bootstrap From 208fbe20ad05098d42457cb81b1cbddd67bd4509 Mon Sep 17 00:00:00 2001 From: Will Dietz Date: Mon, 29 Apr 2019 07:55:56 -0500 Subject: [PATCH 02/59] mosh: upstream patch to fix w/newer clang/libcxx (c++17) Remove special-casing no longer needed. --- pkgs/tools/networking/mosh/default.nix | 12 ++++++++++-- pkgs/top-level/all-packages.nix | 4 +--- 2 files changed, 11 insertions(+), 5 deletions(-) diff --git a/pkgs/tools/networking/mosh/default.nix b/pkgs/tools/networking/mosh/default.nix index 9f81e0d5721..98d2625aade 100644 --- a/pkgs/tools/networking/mosh/default.nix +++ b/pkgs/tools/networking/mosh/default.nix @@ -1,4 +1,4 @@ -{ lib, stdenv, fetchurl, zlib, protobuf, ncurses, pkgconfig +{ lib, stdenv, fetchurl, fetchpatch, zlib, protobuf, ncurses, pkgconfig , makeWrapper, perlPackages, openssl, autoreconfHook, openssh, bash-completion , libutempter ? null, withUtempter ? stdenv.isLinux }: @@ -15,7 +15,15 @@ stdenv.mkDerivation rec { ++ (with perlPackages; [ perl IOTty ]) ++ lib.optional withUtempter libutempter; - patches = [ ./ssh_path.patch ./utempter_path.patch ]; + patches = [ + ./ssh_path.patch + ./utempter_path.patch + # Fix w/c++17, ::bind vs std::bind + (fetchpatch { + url = "https://github.com/mobile-shell/mosh/commit/e5f8a826ef9ff5da4cfce3bb8151f9526ec19db0.patch"; + sha256 = "15518rb0r5w1zn4s6981bf1sz6ins6gpn2saizfzhmr13hw4gmhm"; + }) + ]; postPatch = '' substituteInPlace scripts/mosh.pl \ --subst-var-by ssh "${openssh}/bin/ssh" diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index daf9dd2a8b1..c290d549e79 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -4486,9 +4486,7 @@ in docbook-xsl = docbook_xsl; }; - mosh = callPackage ../tools/networking/mosh { - stdenv = if stdenv.cc.isClang then llvmPackages_6.stdenv else stdenv; - }; + mosh = callPackage ../tools/networking/mosh { }; motuclient = callPackage ../applications/science/misc/motu-client { }; From 1671eeda2d5c14f44052d8938130f8959d1f0b42 Mon Sep 17 00:00:00 2001 From: Matthew Bauer Date: Wed, 8 May 2019 21:44:46 -0400 Subject: [PATCH 03/59] release-cross: remove androidndk It is no longer provided --- pkgs/top-level/release-cross.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/pkgs/top-level/release-cross.nix b/pkgs/top-level/release-cross.nix index acccd155e08..2640cade2e5 100644 --- a/pkgs/top-level/release-cross.nix +++ b/pkgs/top-level/release-cross.nix @@ -107,7 +107,6 @@ in mapTestEqual = lib.mapAttrsRecursive testEqual; in mapTestEqual { - androidndk = nativePlatforms; boehmgc = nativePlatforms; libffi = nativePlatforms; libiconv = nativePlatforms; From 4acc4348476faf5f9c93429e561c3d99024239d9 Mon Sep 17 00:00:00 2001 From: Matthew Bauer Date: Wed, 8 May 2019 21:45:33 -0400 Subject: [PATCH 04/59] androidenv: add more context to os not found error MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit We don’t have android sdk available for aarch64, so this error happens a lot. Adding some context on what is going on makes this clearer. --- pkgs/development/mobile/androidenv/compose-android-packages.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/development/mobile/androidenv/compose-android-packages.nix b/pkgs/development/mobile/androidenv/compose-android-packages.nix index 935a4a4f2fb..40b2ed775cd 100644 --- a/pkgs/development/mobile/androidenv/compose-android-packages.nix +++ b/pkgs/development/mobile/androidenv/compose-android-packages.nix @@ -26,7 +26,7 @@ let # Determine the Android os identifier from Nix's system identifier os = if stdenv.system == "x86_64-linux" then "linux" else if stdenv.system == "x86_64-darwin" then "macosx" - else throw "No tarballs found for system architecture: ${stdenv.system}"; + else throw "No Android SDK tarballs are available for system architecture: ${stdenv.system}"; # Generated Nix packages packages = import ./generated/packages.nix { From 922589053724885437b2c75257ab36383f95c378 Mon Sep 17 00:00:00 2001 From: Matthew Bauer Date: Wed, 8 May 2019 21:46:31 -0400 Subject: [PATCH 05/59] mesa: use platforms instead of throw mesaPlatforms can be used in the platforms attr. --- pkgs/development/libraries/mesa/default.nix | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/pkgs/development/libraries/mesa/default.nix b/pkgs/development/libraries/mesa/default.nix index c9ce97849e1..05c5116a01d 100644 --- a/pkgs/development/libraries/mesa/default.nix +++ b/pkgs/development/libraries/mesa/default.nix @@ -25,10 +25,6 @@ with stdenv.lib; -if ! elem stdenv.hostPlatform.system platforms.mesaPlatforms then - throw "unsupported platform for Mesa" -else - let defaultGalliumDrivers = optionals (elem "drm" eglPlatforms) @@ -273,7 +269,7 @@ let self = stdenv.mkDerivation { description = "An open source implementation of OpenGL"; homepage = https://www.mesa3d.org/; license = licenses.mit; # X11 variant, in most files - platforms = platforms.linux ++ platforms.darwin; + platforms = platforms.mesaPlatforms; maintainers = with maintainers; [ vcunat ]; }; }; From 476c580605c071cbadbd8715984b7da08f58d303 Mon Sep 17 00:00:00 2001 From: Matthew Bauer Date: Wed, 8 May 2019 21:47:11 -0400 Subject: [PATCH 06/59] =?UTF-8?q?mesa:=20don=E2=80=99t=20use=20valgrind-li?= =?UTF-8?q?ght=20on=20aarch32?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit valgrind-light doesn’t appear to work correctly on aarch32. It’s also not a required dependency on mesa, so in the future we may be able to disable it for other platforms --- pkgs/development/libraries/mesa/default.nix | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/pkgs/development/libraries/mesa/default.nix b/pkgs/development/libraries/mesa/default.nix index 05c5116a01d..79947ae2f15 100644 --- a/pkgs/development/libraries/mesa/default.nix +++ b/pkgs/development/libraries/mesa/default.nix @@ -2,7 +2,7 @@ , pkgconfig, intltool, autoreconfHook , file, expat, libdrm, xorg, wayland, wayland-protocols, openssl , llvmPackages, libffi, libomxil-bellagio, libva-minimal -, libelf, libvdpau, valgrind-light, python2, python2Packages +, libelf, libvdpau, python2, python2Packages , libglvnd , enableRadv ? true , galliumDrivers ? null @@ -10,6 +10,7 @@ , vulkanDrivers ? null , eglPlatforms ? [ "x11" ] ++ lib.optionals stdenv.isLinux [ "wayland" "drm" ] , OpenGL, Xplugin +, withValgrind ? stdenv.hostPlatform.isLinux && !stdenv.hostPlatform.isAarch32, valgrind-light }: /** Packaging design: @@ -146,7 +147,8 @@ let self = stdenv.mkDerivation { libffi libvdpau libelf libXvMC libpthreadstubs openssl /*or another sha1 provider*/ ] ++ lib.optionals (elem "wayland" eglPlatforms) [ wayland wayland-protocols ] - ++ lib.optionals stdenv.isLinux [ valgrind-light libomxil-bellagio libva-minimal ]; + ++ lib.optionals stdenv.isLinux [ libomxil-bellagio libva-minimal ] + ++ lib.optional withValgrind valgrind-light; enableParallelBuilding = true; doCheck = false; From dbd1a4481fca373b4a13d052c7c45075d8d5f143 Mon Sep 17 00:00:00 2001 From: Matthew Bauer Date: Wed, 8 May 2019 21:54:27 -0400 Subject: [PATCH 07/59] busybox: only use stdenv.cc.libc.static when it exists causes on evaluation error on macOS otherwise --- pkgs/os-specific/linux/busybox/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/os-specific/linux/busybox/default.nix b/pkgs/os-specific/linux/busybox/default.nix index a0f0a4c47e3..7270877c52e 100644 --- a/pkgs/os-specific/linux/busybox/default.nix +++ b/pkgs/os-specific/linux/busybox/default.nix @@ -94,7 +94,7 @@ stdenv.mkDerivation rec { depsBuildBuild = [ buildPackages.stdenv.cc ]; - buildInputs = lib.optionals (enableStatic && !useMusl) [ stdenv.cc.libc stdenv.cc.libc.static ]; + buildInputs = lib.optionals (enableStatic && !useMusl && stdenv.cc.libc ? static) [ stdenv.cc.libc stdenv.cc.libc.static ]; enableParallelBuilding = true; From c0af744b18a588aa8d5789cc9cdac074b7f007c7 Mon Sep 17 00:00:00 2001 From: Will Dietz Date: Fri, 17 May 2019 11:57:03 -0500 Subject: [PATCH 08/59] dbus: 1.12.14 https://gitlab.freedesktop.org/dbus/dbus/blob/dbus-1.12.14/NEWS --- pkgs/development/libraries/dbus/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/libraries/dbus/default.nix b/pkgs/development/libraries/dbus/default.nix index 6d85fe1233c..60d0cc81d2b 100644 --- a/pkgs/development/libraries/dbus/default.nix +++ b/pkgs/development/libraries/dbus/default.nix @@ -6,8 +6,8 @@ assert x11Support -> libX11 != null && libSM != null; let - version = "1.12.12"; - sha256 = "1y7mxhkw2shd9mi9s62k81lz8npjkrafapr4fyfms7hs04kg4ilm"; + version = "1.12.14"; + sha256 = "13aca7gzgl7z1dfdipfs23773w8n6z01d4rj5kmssv4gms8c5ya4"; self = stdenv.mkDerivation { name = "dbus-${version}"; From 81d3bd60a46d0f3eba92ca2659b4cbef50745368 Mon Sep 17 00:00:00 2001 From: Daniel Schaefer Date: Wed, 1 May 2019 03:18:35 +0200 Subject: [PATCH 09/59] patchShebangs: Explain that script must be executable --- pkgs/build-support/setup-hooks/patch-shebangs.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/pkgs/build-support/setup-hooks/patch-shebangs.sh b/pkgs/build-support/setup-hooks/patch-shebangs.sh index f4a865e9668..1dac1ca4d7b 100644 --- a/pkgs/build-support/setup-hooks/patch-shebangs.sh +++ b/pkgs/build-support/setup-hooks/patch-shebangs.sh @@ -4,6 +4,8 @@ # /usr/bin/env gets special treatment so that ".../bin/env python" is # rewritten to /nix/store//bin/python. Interpreters that are # already in the store are left untouched. +# A script file must be marked as executable, otherwise it will not be +# considered. fixupOutputHooks+=(patchShebangsAuto) From 4a1e51f957b57f781fbdd2e40ca48ebac886e974 Mon Sep 17 00:00:00 2001 From: Daniel Schaefer Date: Wed, 1 May 2019 03:19:02 +0200 Subject: [PATCH 10/59] patchShebangs: Allow for multiple arguments It's tempting to think patchShebangs supports multiple arguments. Without this patch it just silently ignores all but the first. Now it patches the shebangs in all of its arguments. Fixes: #57695 --- pkgs/build-support/setup-hooks/patch-shebangs.sh | 13 +++++-------- 1 file changed, 5 insertions(+), 8 deletions(-) diff --git a/pkgs/build-support/setup-hooks/patch-shebangs.sh b/pkgs/build-support/setup-hooks/patch-shebangs.sh index 1dac1ca4d7b..3a879db2c0a 100644 --- a/pkgs/build-support/setup-hooks/patch-shebangs.sh +++ b/pkgs/build-support/setup-hooks/patch-shebangs.sh @@ -9,8 +9,9 @@ fixupOutputHooks+=(patchShebangsAuto) -# Run patch shebangs on a directory. -# patchShebangs [--build | --host] directory +# Run patch shebangs on a directory or file. +# Can take multiple paths as arguments. +# patchShebangs [--build | --host] PATH... # Flags: # --build : Lookup commands available at build-time @@ -31,9 +32,7 @@ patchShebangs() { shift fi - local dir="$1" - - header "patching script interpreter paths in $dir" + header "patching script interpreter paths in $@" local f local oldPath local newPath @@ -42,8 +41,6 @@ patchShebangs() { local oldInterpreterLine local newInterpreterLine - [ -e "$dir" ] || return 0 - local f while IFS= read -r -d $'\0' f; do isScript "$f" || continue @@ -97,7 +94,7 @@ patchShebangs() { rm "$timestamp" fi fi - done < <(find "$dir" -type f -perm -0100 -print0) + done < <(find "$@" -type f -perm -0100 -print0) stopNest } From 7c3d7521f0d3e1a2562b0b341be52639248811bb Mon Sep 17 00:00:00 2001 From: Daniel Schaefer Date: Sat, 25 May 2019 16:21:56 +0200 Subject: [PATCH 11/59] patchShebangs: Exit if no arguments were given Commit "patchShebangs: Allow for multiple arguments" 4a1e51f957b57f78 removed the check. We don't want to break existing usages so this introduces it again with a successful exit code. --- pkgs/build-support/setup-hooks/patch-shebangs.sh | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/pkgs/build-support/setup-hooks/patch-shebangs.sh b/pkgs/build-support/setup-hooks/patch-shebangs.sh index 3a879db2c0a..3e900d0704c 100644 --- a/pkgs/build-support/setup-hooks/patch-shebangs.sh +++ b/pkgs/build-support/setup-hooks/patch-shebangs.sh @@ -32,7 +32,7 @@ patchShebangs() { shift fi - header "patching script interpreter paths in $@" + echo "patching script interpreter paths in $@" local f local oldPath local newPath @@ -41,6 +41,11 @@ patchShebangs() { local oldInterpreterLine local newInterpreterLine + if [ $# -eq 0 ]; then + echo "No arguments supplied to patchShebangs" >0 + return 0 + fi + local f while IFS= read -r -d $'\0' f; do isScript "$f" || continue @@ -61,7 +66,7 @@ patchShebangs() { # - options: something starting with a '-' # - environment variables: foo=bar if $(echo "$arg0" | grep -q -- "^-.*\|.*=.*"); then - echo "$f: unsupported interpreter directive \"$oldInterpreterLine\" (set dontPatchShebangs=1 and handle shebang patching yourself)" + echo "$f: unsupported interpreter directive \"$oldInterpreterLine\" (set dontPatchShebangs=1 and handle shebang patching yourself)" >0 exit 1 fi From c83b9bb6aaceeece94dab4df0c5040fcf847fc16 Mon Sep 17 00:00:00 2001 From: Will Dietz Date: Tue, 28 May 2019 18:55:03 -0500 Subject: [PATCH 12/59] openssl: 1.0.2r -> 1.0.2s https://mta.openssl.org/pipermail/openssl-announce/2019-May/000151.html --- pkgs/development/libraries/openssl/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/libraries/openssl/default.nix b/pkgs/development/libraries/openssl/default.nix index 1c0d124b5c0..6bb3d8113da 100644 --- a/pkgs/development/libraries/openssl/default.nix +++ b/pkgs/development/libraries/openssl/default.nix @@ -120,8 +120,8 @@ let in { openssl_1_0_2 = common { - version = "1.0.2r"; - sha256 = "1mnh27zf6r1bhm5d9fxqq9slv2gz0d9z2ij9i679b0wapa5x0ldf"; + version = "1.0.2s"; + sha256 = "15mbmg8hf7s12vr3v2bdc0pi9y4pdbnsxhzk4fyyap42jaa5rgfa"; patches = [ ./1.0.2/nix-ssl-cert-file.patch From f6297de3bc930c8e7573e8ad90975f636f796c75 Mon Sep 17 00:00:00 2001 From: Will Dietz Date: Tue, 28 May 2019 18:47:25 -0500 Subject: [PATCH 13/59] openssl: 1.1.1b -> 1.1.1c https://mta.openssl.org/pipermail/openssl-announce/2019-May/000153.html --- pkgs/development/libraries/openssl/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/libraries/openssl/default.nix b/pkgs/development/libraries/openssl/default.nix index 6bb3d8113da..d055f595220 100644 --- a/pkgs/development/libraries/openssl/default.nix +++ b/pkgs/development/libraries/openssl/default.nix @@ -132,8 +132,8 @@ in { }; openssl_1_1 = common { - version = "1.1.1b"; - sha256 = "0jza8cmznnyiia43056dij1jdmz62dx17wsn0zxksh9h6817nmaw"; + version = "1.1.1c"; + sha256 = "142c7zdlz06hjrrvinb9f276czc78bnkyhd9xma621qmmmwk1yzn"; patches = [ ./1.1/nix-ssl-cert-file.patch (fetchurl { From 3b215985ee054cb12db3a62c1759d9d6ded0378a Mon Sep 17 00:00:00 2001 From: Will Dietz Date: Tue, 28 May 2019 17:29:10 -0500 Subject: [PATCH 14/59] libnftnl: 1.1.2 -> 1.1.3 https://lists.netfilter.org/pipermail/netfilter-announce/2019/000230.html --- pkgs/development/libraries/libnftnl/default.nix | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/pkgs/development/libraries/libnftnl/default.nix b/pkgs/development/libraries/libnftnl/default.nix index f94af349842..ad51ac8d6db 100644 --- a/pkgs/development/libraries/libnftnl/default.nix +++ b/pkgs/development/libraries/libnftnl/default.nix @@ -1,12 +1,12 @@ { stdenv, fetchurl, pkgconfig, libmnl }: stdenv.mkDerivation rec { - version = "1.1.2"; - name = "libnftnl-${version}"; + version = "1.1.3"; + pname = "libnftnl"; src = fetchurl { - url = "https://netfilter.org/projects/libnftnl/files/${name}.tar.bz2"; - sha256 = "0pffmsv41alsn5ac7mwnb9fh3qpwzqk13jrzn6c5i71wq6kbgix5"; + url = "https://netfilter.org/projects/${pname}/files/${pname}-${version}.tar.bz2"; + sha256 = "03xszkcpqk3s1rqc6vh7g5j13kh3d3yjnvjhk5scds3an39rgp92"; }; nativeBuildInputs = [ pkgconfig ]; From 2703d285bfe6e5ae2eb8cc4a1716791433d9ab85 Mon Sep 17 00:00:00 2001 From: Will Dietz Date: Tue, 28 May 2019 17:17:46 -0500 Subject: [PATCH 15/59] iptables: 1.8.2 -> 1.8.3 * drop patches included in 1.8.3 (all of them) (checked each via `git tag --contains $rev`) https://lists.netfilter.org/pipermail/netfilter-announce/2019/000231.html --- pkgs/os-specific/linux/iptables/default.nix | 36 +++------------------ 1 file changed, 4 insertions(+), 32 deletions(-) diff --git a/pkgs/os-specific/linux/iptables/default.nix b/pkgs/os-specific/linux/iptables/default.nix index ff6ce3b4889..b2fee6184e2 100644 --- a/pkgs/os-specific/linux/iptables/default.nix +++ b/pkgs/os-specific/linux/iptables/default.nix @@ -2,42 +2,14 @@ , libnetfilter_conntrack, libnftnl, libmnl, libpcap }: stdenv.mkDerivation rec { - name = "iptables-${version}"; - version = "1.8.2"; + pname = "iptables"; + version = "1.8.3"; src = fetchurl { - url = "https://www.netfilter.org/projects/iptables/files/${name}.tar.bz2"; - sha256 = "1bqj9hf3szy9r0w14iy23w00ir8448nfhpcprbwmcchsxm88nxx3"; + url = "https://www.netfilter.org/projects/${pname}/files/${pname}-${version}.tar.bz2"; + sha256 = "106xkkg5crsscjlinxvqvprva23fwwqfgrzl8m2nn841841sqg52"; }; - patches = [ - # Adds missing bits to extensions' libipt_icmp.c and libip6t_icmp6.c that were causing build to fail - (fetchpatch { - url = "https://git.netfilter.org/iptables/patch/?id=907e429d7548157016cd51aba4adc5d0c7d9f816"; - sha256 = "0vc7ljcglz5152lc3jx4p44vjfi6ipvxdrgkdb5dmkhlb5v93i2h"; - }) - # Build with musl libc fails because of conflicting struct ethhdr definitions - (fetchpatch { - url = "https://git.netfilter.org/iptables/patch/?id=51d374ba41ae4f1bb851228c06b030b83dd2092f"; - sha256 = "05fwrq03f9sm0v2bfwshbrg7pi2p978w1460arnmpay3135gj266"; - }) - # Extensions: libip6t_mh: fix bogus translation error - (fetchpatch { - url = "https://git.netfilter.org/iptables/patch/?id=5839d7fe62ff667af7132fc7d589b386951f27b3"; - sha256 = "0578jn1ip710z9kijwg9g2vjq2kfrbafl03m1rgi4fasz215gvkf"; - }) - # Prevent headers collisions between linux and netfilter (in.h and in6.h) - # Fixed upstream with two commits - (fetchpatch { - url = "https://git.netfilter.org/iptables/patch/?id=8d9d7e4b9ef4c6e6abab2cf35c747d7ca36824bd"; - sha256 = "0q3wcspiqym1r6dg1jhg7h8hpvsjzx1k7cs39z36mzlbmj9lm0zb"; - }) - (fetchpatch { - url = "https://git.netfilter.org/iptables/patch/?id=2908eda10bf9fc81119d4f3ad672c67918ab5955"; - sha256 = "1dci4c8b7gcdrf77l2aicrcwlbp320xjz76fhavams0b4kgs6yr3"; - }) - ]; - nativeBuildInputs = [ bison flex pkgconfig pruneLibtoolFiles ]; buildInputs = [ libnetfilter_conntrack libnftnl libmnl libpcap ]; From 98bdeb049df2adc49c2b8b9650da1349103c0916 Mon Sep 17 00:00:00 2001 From: Will Dietz Date: Tue, 28 May 2019 20:15:07 -0500 Subject: [PATCH 16/59] harfbuzz: 2.3.1 -> 2.5.0 https://github.com/harfbuzz/harfbuzz/releases/tag/2.5.0 --- pkgs/development/libraries/harfbuzz/default.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/development/libraries/harfbuzz/default.nix b/pkgs/development/libraries/harfbuzz/default.nix index 7c364c0fcdf..7ec74d8974e 100644 --- a/pkgs/development/libraries/harfbuzz/default.nix +++ b/pkgs/development/libraries/harfbuzz/default.nix @@ -8,7 +8,7 @@ }: let - version = "2.3.1"; + version = "2.5.0"; inherit (stdenv.lib) optional optionals optionalString; in @@ -16,8 +16,8 @@ stdenv.mkDerivation { name = "harfbuzz${optionalString withIcu "-icu"}-${version}"; src = fetchurl { - url = "https://www.freedesktop.org/software/harfbuzz/release/harfbuzz-${version}.tar.bz2"; - sha256 = "0s74ramsbfa183rxkidqgfd2vbhrwicnrqzqsq440dwibffnj1gj"; + url = "https://www.freedesktop.org/software/harfbuzz/release/harfbuzz-${version}.tar.xz"; + sha256 = "1vqnqkzz7ws29g5djf31jj6a9dbid8a27a8y4balmy5lipwp774m"; }; postPatch = '' From 3f7657d7fb814c06e140ea70b22c8af26289be97 Mon Sep 17 00:00:00 2001 From: Will Dietz Date: Tue, 28 May 2019 21:04:13 -0500 Subject: [PATCH 17/59] gnupg: 2.2.15 -> 2.2.16 https://dev.gnupg.org/T4509 --- pkgs/tools/security/gnupg/22.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/tools/security/gnupg/22.nix b/pkgs/tools/security/gnupg/22.nix index fbb370027d7..b360992c6be 100644 --- a/pkgs/tools/security/gnupg/22.nix +++ b/pkgs/tools/security/gnupg/22.nix @@ -16,11 +16,11 @@ assert guiSupport -> pinentry != null; stdenv.mkDerivation rec { name = "gnupg-${version}"; - version = "2.2.15"; + version = "2.2.16"; src = fetchurl { url = "mirror://gnupg/gnupg/${name}.tar.bz2"; - sha256 = "0m6lyphbb20i84isdxzfhcbzyc682hdrdv4aqkzmhrdksycf536b"; + sha256 = "1jqlzp9b3kpfp1dkjqskm67jjrhvf9nh3lzf45321p7m9d2qvgkc"; }; depsBuildBuild = [ buildPackages.stdenv.cc ]; From 642c9a7e743a080a6eac168fed755c7af251c6ad Mon Sep 17 00:00:00 2001 From: Will Dietz Date: Wed, 29 May 2019 07:54:00 -0500 Subject: [PATCH 18/59] Revert "openssl: fix CVE-2019-1543" This reverts commit aae4c114a4f8e722ed221d47ecbb6a391682bca9. --- pkgs/development/libraries/openssl/default.nix | 5 ----- 1 file changed, 5 deletions(-) diff --git a/pkgs/development/libraries/openssl/default.nix b/pkgs/development/libraries/openssl/default.nix index d055f595220..ef617a92eaa 100644 --- a/pkgs/development/libraries/openssl/default.nix +++ b/pkgs/development/libraries/openssl/default.nix @@ -136,11 +136,6 @@ in { sha256 = "142c7zdlz06hjrrvinb9f276czc78bnkyhd9xma621qmmmwk1yzn"; patches = [ ./1.1/nix-ssl-cert-file.patch - (fetchurl { - name = "long-chacha-nonce.patch"; - url = "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff_plain;h=f426625b6ae9a7831010750490a5f0ad689c5ba3"; - sha256= "02ghqg3vzmzx3s1dwwwbm1p1l4asaiampyg4k9vfrjwficvgpdgp"; - }) (if stdenv.hostPlatform.isDarwin then ./1.1/use-etc-ssl-certs-darwin.patch From 989d7f8d2c044950466b9df59dd12fd26a151d1b Mon Sep 17 00:00:00 2001 From: Orivej Desh Date: Fri, 31 May 2019 00:55:55 +0000 Subject: [PATCH 19/59] libsodium: 1.0.17 -> 1.0.18 --- pkgs/development/libraries/libsodium/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/libraries/libsodium/default.nix b/pkgs/development/libraries/libsodium/default.nix index 51f779bca6b..8c88abd2c44 100644 --- a/pkgs/development/libraries/libsodium/default.nix +++ b/pkgs/development/libraries/libsodium/default.nix @@ -1,11 +1,11 @@ { stdenv, fetchurl }: stdenv.mkDerivation rec { - name = "libsodium-1.0.17"; + name = "libsodium-1.0.18"; src = fetchurl { url = "https://download.libsodium.org/libsodium/releases/${name}.tar.gz"; - sha256 = "1cf2d9v1gylz1qcy2zappbf526qfmph6gd6fnn3w2b347vixmhqc"; + sha256 = "1h9ncvj23qbbni958knzsli8dvybcswcjbx0qjjgi922nf848l3g"; }; outputs = [ "out" "dev" ]; From 376bb5108a9bfcfe136872a94b4b96b655c63842 Mon Sep 17 00:00:00 2001 From: Matthew Bauer Date: Thu, 30 May 2019 22:30:15 -0400 Subject: [PATCH 20/59] postgresql: install in $out/share/postgresql Fixes #62235 --- pkgs/servers/sql/postgresql/default.nix | 3 +- .../sql/postgresql/patches/findstring.patch | 59 +++++++++++++++++++ 2 files changed, 61 insertions(+), 1 deletion(-) create mode 100644 pkgs/servers/sql/postgresql/patches/findstring.patch diff --git a/pkgs/servers/sql/postgresql/default.nix b/pkgs/servers/sql/postgresql/default.nix index 6e62aee1375..423354a4480 100644 --- a/pkgs/servers/sql/postgresql/default.nix +++ b/pkgs/servers/sql/postgresql/default.nix @@ -38,7 +38,7 @@ let enableParallelBuilding = !stdenv.isDarwin; - makeFlags = [ "world" ]; + buildFlags = [ "world" ]; NIX_CFLAGS_COMPILE = [ "-I${libxml2.dev}/include/libxml2" ]; @@ -60,6 +60,7 @@ let (if atLeast "9.6" then ./patches/less-is-more-96.patch else ./patches/less-is-more.patch) (if atLeast "9.6" then ./patches/hardcode-pgxs-path-96.patch else ./patches/hardcode-pgxs-path.patch) ./patches/specify_pkglibdir_at_runtime.patch + ./patches/findstring.patch ] ++ lib.optional stdenv.isLinux ./patches/socketdir-in-run.patch; installTargets = [ "install-world" ]; diff --git a/pkgs/servers/sql/postgresql/patches/findstring.patch b/pkgs/servers/sql/postgresql/patches/findstring.patch new file mode 100644 index 00000000000..959bf6a6caa --- /dev/null +++ b/pkgs/servers/sql/postgresql/patches/findstring.patch @@ -0,0 +1,59 @@ +From: Matthew Bauer +Date: Wed, 29 May 2019 22:51:52 -0400 +Subject: [PATCH] Add /postgresql suffix for Nix outputs + +Nix outputs put the `name' in each store path like +/nix/store/...-. This was confusing the Postgres make script +because it thought its data directory already had postgresql in its +directory. This lead to Postgres installing all of its fils in +$out/share. To fix this, we just look for postgres or psql in the part +after the / using make's notdir. + +--- +From: Matthew Bauer +Date: Wed, 29 May 2019 22:51:52 -0400 +Subject: [PATCH] Add /postgresql suffix for Nix outputs + +Nix outputs put the `name' in each store path like +/nix/store/...-. This was confusing the Postgres make script +because it thought its data directory already had postgresql in its +directory. This lead to Postgres installing all of its fils in +$out/share. To fix this, we just look for postgres or psql in the part +after the / using make's notdir. + +--- +diff --git a/src/Makefile.global.in b/src/Makefile.global.in +index b9d86acaa9..bce05464c3 100644 +--- a/src/Makefile.global.in ++++ b/src/Makefile.global.in +@@ -102,15 +102,15 @@ datarootdir := @datarootdir@ + bindir := @bindir@ + + datadir := @datadir@ +-ifeq "$(findstring pgsql, $(datadir))" "" +-ifeq "$(findstring postgres, $(datadir))" "" ++ifeq "$(findstring pgsql, $(notdir $(datadir)))" "" ++ifeq "$(findstring postgres, $(notdir $(datadir)))" "" + override datadir := $(datadir)/postgresql + endif + endif + + sysconfdir := @sysconfdir@ +-ifeq "$(findstring pgsql, $(sysconfdir))" "" +-ifeq "$(findstring postgres, $(sysconfdir))" "" ++ifeq "$(findstring pgsql, $(notdir $(sysconfdir)))" "" ++ifeq "$(findstring postgres, $(notdir $(sysconfdir)))" "" + override sysconfdir := $(sysconfdir)/postgresql + endif + endif +@@ -136,8 +136,8 @@ endif + mandir := @mandir@ + + docdir := @docdir@ +-ifeq "$(findstring pgsql, $(docdir))" "" +-ifeq "$(findstring postgres, $(docdir))" "" ++ifeq "$(findstring pgsql, $(notdir $(docdir)))" "" ++ifeq "$(findstring postgres, $(notdir $(docdir)))" "" + override docdir := $(docdir)/postgresql + endif + endif From 558c4ce462586459a0a9326dd5e4d17e70dcb1c9 Mon Sep 17 00:00:00 2001 From: Will Dietz Date: Wed, 29 May 2019 22:58:26 -0500 Subject: [PATCH 21/59] libidn2: 2.1.1a -> 2.2.0 --- pkgs/development/libraries/libidn2/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/libraries/libidn2/default.nix b/pkgs/development/libraries/libidn2/default.nix index c0fadfeb679..5ec5b8e04dd 100644 --- a/pkgs/development/libraries/libidn2/default.nix +++ b/pkgs/development/libraries/libidn2/default.nix @@ -4,11 +4,11 @@ with stdenv.lib; stdenv.mkDerivation rec { name = "libidn2-${version}"; - version = "2.1.1a"; + version = "2.2.0"; src = fetchurl { url = "mirror://gnu/gnu/libidn/${name}.tar.gz"; - sha256 = "0wlb0jrkccsdxlx90wx6ax5raqcm6y9c75dcgc6j6m6gdv7nnrjp"; + sha256 = "1zl1cc2xgxw31pdhvhr5ij36x4vvpy16jq667rspin06nlr4fwzw"; }; outputs = [ "bin" "dev" "out" "info" "devdoc" ]; From c70260eea70ef3e6dce9928e4b68fef5523fcc30 Mon Sep 17 00:00:00 2001 From: Will Dietz Date: Tue, 28 May 2019 17:18:01 -0500 Subject: [PATCH 22/59] e2fsprogs: 1.45.1 -> 1.45.2 --- pkgs/tools/filesystems/e2fsprogs/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/tools/filesystems/e2fsprogs/default.nix b/pkgs/tools/filesystems/e2fsprogs/default.nix index c06b5eeff4b..babb3d844fe 100644 --- a/pkgs/tools/filesystems/e2fsprogs/default.nix +++ b/pkgs/tools/filesystems/e2fsprogs/default.nix @@ -2,11 +2,11 @@ stdenv.mkDerivation rec { pname = "e2fsprogs"; - version = "1.45.1"; + version = "1.45.2"; src = fetchurl { url = "mirror://sourceforge/${pname}/${pname}-${version}.tar.gz"; - sha256 = "0zi8jz28hs66vhjvrfxmkmr1via19aygcbzpnw3lp0crhizaasgf"; + sha256 = "1bhqljgcngys1diaxh7rnxc85d1jsril8xd7bach9imdjwr1wlm8"; }; outputs = [ "bin" "dev" "out" "man" "info" ]; From 77e1967dcd7cbb764de7617acf2da2dce77ee3ab Mon Sep 17 00:00:00 2001 From: Michael Weiss Date: Fri, 31 May 2019 23:16:41 +0200 Subject: [PATCH 23/59] python37Packages.cryptography: 2.6.1 -> 2.7 Changelog: https://cryptography.io/en/latest/changelog/#v2-7 Important changes: - BACKWARDS INCOMPATIBLE: We no longer distribute 32-bit manylinux1 wheels. Continuing to produce them was a maintenance burden. - BACKWARDS INCOMPATIBLE: Removed the cryptography.hazmat.primitives.mac.MACContext interface. The CMAC and HMAC APIs have not changed, but they are no longer registered as MACContext instances. --- pkgs/development/python-modules/cryptography/default.nix | 4 ++-- pkgs/development/python-modules/cryptography/vectors.nix | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/development/python-modules/cryptography/default.nix b/pkgs/development/python-modules/cryptography/default.nix index f40f0bf63d8..6b20b4b570a 100644 --- a/pkgs/development/python-modules/cryptography/default.nix +++ b/pkgs/development/python-modules/cryptography/default.nix @@ -21,11 +21,11 @@ buildPythonPackage rec { pname = "cryptography"; - version = "2.6.1"; # Also update the hash in vectors.nix + version = "2.7"; # Also update the hash in vectors.nix src = fetchPypi { inherit pname version; - sha256 = "19iwz5avym5zl6jrrrkym1rdaa9h61j20ph4cswsqgv8xg5j3j16"; + sha256 = "1inlnr36kl36551c9rcad99jmhk81v33by3glkadwdcgmi17fd76"; }; outputs = [ "out" "dev" ]; diff --git a/pkgs/development/python-modules/cryptography/vectors.nix b/pkgs/development/python-modules/cryptography/vectors.nix index 5679905cd14..ea24ed90801 100644 --- a/pkgs/development/python-modules/cryptography/vectors.nix +++ b/pkgs/development/python-modules/cryptography/vectors.nix @@ -7,7 +7,7 @@ buildPythonPackage rec { src = fetchPypi { inherit pname version; - sha256 = "1bsqcv3h49dzqnyn29ijq8r7k1ra8ikl1y9qcpcns9nbvhaq3wq3"; + sha256 = "1g38zw90510azyfrj6mxbslx2gp9yrnv5dac0w2819k9ssdznbgi"; }; # No tests included From 50ba595d2c131f7a52b8cf3942326a01b34dd9ad Mon Sep 17 00:00:00 2001 From: "R. RyanTM" Date: Sat, 1 Jun 2019 12:01:59 -0700 Subject: [PATCH 24/59] glib: 2.60.2 -> 2.60.3 Semi-automatic update generated by https://github.com/ryantm/nixpkgs-update tools. This update was made based on information from https://repology.org/metapackage/glib/versions --- pkgs/development/libraries/glib/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/libraries/glib/default.nix b/pkgs/development/libraries/glib/default.nix index db4eee38b6e..a2c7bdc5bde 100644 --- a/pkgs/development/libraries/glib/default.nix +++ b/pkgs/development/libraries/glib/default.nix @@ -46,7 +46,7 @@ let ''; binPrograms = optional (!stdenv.isDarwin) "gapplication" ++ [ "gdbus" "gio" "gsettings" ]; - version = "2.60.2"; + version = "2.60.3"; in stdenv.mkDerivation rec { @@ -54,7 +54,7 @@ stdenv.mkDerivation rec { src = fetchurl { url = "mirror://gnome/sources/glib/${stdenv.lib.versions.majorMinor version}/${name}.tar.xz"; - sha256 = "1nc0iyday7866hq0hb78h7lxa44an998lzis8jhgvp8a0rsm9w9f"; + sha256 = "1fb0nx9fcmic8rsh0fbp79lqpasfjxljvnshbw2hsya51mb0vaq4"; }; patches = optional stdenv.isDarwin ./darwin-compilation.patch From 3313c5e3f55675efe1b8f2d2213976735933d3e3 Mon Sep 17 00:00:00 2001 From: "R. RyanTM" Date: Sat, 1 Jun 2019 21:24:41 -0700 Subject: [PATCH 25/59] libuv: 1.28.0 -> 1.29.1 Semi-automatic update generated by https://github.com/ryantm/nixpkgs-update tools. This update was made based on information from https://repology.org/metapackage/libuv/versions --- pkgs/development/libraries/libuv/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/libraries/libuv/default.nix b/pkgs/development/libraries/libuv/default.nix index 78abbe7392c..e725439a3f1 100644 --- a/pkgs/development/libraries/libuv/default.nix +++ b/pkgs/development/libraries/libuv/default.nix @@ -1,14 +1,14 @@ { stdenv, lib, fetchpatch, fetchFromGitHub, autoconf, automake, libtool, pkgconfig, ApplicationServices, CoreServices }: stdenv.mkDerivation rec { - version = "1.28.0"; + version = "1.29.1"; pname = "libuv"; src = fetchFromGitHub { owner = pname; repo = pname; rev = "v${version}"; - sha256 = "0l0gx69sdy3sv3pirjbca2ws54n9d83mj0j96h77k0ncywimvi64"; + sha256 = "0scnircr6khgh7l3bw9zyfzdgx2c11mpfhd9d8qlw47arrvqg7l8"; }; postPatch = let From 5ccacc251426d1c5bf295487fb01f266b871c8b7 Mon Sep 17 00:00:00 2001 From: Orivej Desh Date: Sun, 2 Jun 2019 23:14:35 +0000 Subject: [PATCH 26/59] libevent: 2.1.8 -> 2.1.10 --- pkgs/development/libraries/libevent/default.nix | 16 ++-------------- 1 file changed, 2 insertions(+), 14 deletions(-) diff --git a/pkgs/development/libraries/libevent/default.nix b/pkgs/development/libraries/libevent/default.nix index 39d2c29b012..2bc2bcb5b85 100644 --- a/pkgs/development/libraries/libevent/default.nix +++ b/pkgs/development/libraries/libevent/default.nix @@ -6,25 +6,13 @@ assert sslSupport -> openssl != null; stdenv.mkDerivation rec { name = "libevent-${version}"; - version = "2.1.8"; + version = "2.1.10"; src = fetchurl { url = "https://github.com/libevent/libevent/releases/download/release-${version}-stable/libevent-${version}-stable.tar.gz"; - sha256 = "1hhxnxlr0fsdv7bdmzsnhdz16fxf3jg2r6vyljcl3kj6pflcap4n"; + sha256 = "1c25928gdv495clxk2v1d4gkr5py7ack4gx2n7d13frnld0syr78"; }; - #NOTE: Patches to support libressl-2.7. These are taken from libevent upstream, and can both be dropped with the next release. - patches = [ - (fetchpatch { - url = "https://github.com/libevent/libevent/commit/22dd14945c25600de3cf8b91000c66703b551e4f.patch"; - sha256 = "0fzcb241cp9mm7j6baw22blcglbc083ryigzyjaij8r530av10kd"; - }) - (fetchpatch { - url = "https://github.com/libevent/libevent/commit/28b8075400c70b2d2da2ce07e590c2ec6d11783d.patch"; - sha256 = "0dkzlk44033xksg2iq5w90r3lnziwl1mgz291nzqq906zrya0sdb"; - }) - ]; - # libevent_openssl is moved into its own output, so that openssl isn't present # in the default closure. outputs = [ "out" "dev" ] From 88f3e0a796266ea7eae5bf1ef3a50f14a1145775 Mon Sep 17 00:00:00 2001 From: Matthew Bauer Date: Sun, 2 Jun 2019 20:53:16 -0400 Subject: [PATCH 27/59] ghc: add bash to buildInputs Fixes #62417 --- pkgs/development/compilers/ghc/8.2.2.nix | 3 ++- pkgs/development/compilers/ghc/8.4.4.nix | 3 ++- pkgs/development/compilers/ghc/8.6.4.nix | 3 ++- pkgs/development/compilers/ghc/8.6.5.nix | 3 ++- pkgs/development/compilers/ghc/8.8.1.nix | 3 ++- pkgs/development/compilers/ghc/head.nix | 3 ++- 6 files changed, 12 insertions(+), 6 deletions(-) diff --git a/pkgs/development/compilers/ghc/8.2.2.nix b/pkgs/development/compilers/ghc/8.2.2.nix index a88cf9c0116..b9099699b02 100644 --- a/pkgs/development/compilers/ghc/8.2.2.nix +++ b/pkgs/development/compilers/ghc/8.2.2.nix @@ -3,6 +3,7 @@ # build-tools , bootPkgs , autoconf, autoreconfHook, automake, coreutils, fetchurl, fetchpatch, perl, python3, sphinx +, bash , runCommand , libiconv ? null, ncurses @@ -218,7 +219,7 @@ stdenv.mkDerivation (rec { # For building runtime libs depsBuildTarget = toolsForTarget; - buildInputs = [ perl ] ++ (libDeps hostPlatform); + buildInputs = [ perl bash ] ++ (libDeps hostPlatform); propagatedBuildInputs = [ targetPackages.stdenv.cc ] ++ stdenv.lib.optional useLLVM llvmPackages.llvm; diff --git a/pkgs/development/compilers/ghc/8.4.4.nix b/pkgs/development/compilers/ghc/8.4.4.nix index da72c351ec6..50f6905e5b7 100644 --- a/pkgs/development/compilers/ghc/8.4.4.nix +++ b/pkgs/development/compilers/ghc/8.4.4.nix @@ -3,6 +3,7 @@ # build-tools , bootPkgs , autoconf, automake, coreutils, fetchurl, fetchpatch, perl, python3, m4, sphinx +, bash , libiconv ? null, ncurses @@ -195,7 +196,7 @@ stdenv.mkDerivation (rec { # For building runtime libs depsBuildTarget = toolsForTarget; - buildInputs = [ perl ] ++ (libDeps hostPlatform); + buildInputs = [ perl bash ] ++ (libDeps hostPlatform); propagatedBuildInputs = [ targetPackages.stdenv.cc ] ++ stdenv.lib.optional useLLVM llvmPackages.llvm; diff --git a/pkgs/development/compilers/ghc/8.6.4.nix b/pkgs/development/compilers/ghc/8.6.4.nix index 54c53691574..5feb0a2032c 100644 --- a/pkgs/development/compilers/ghc/8.6.4.nix +++ b/pkgs/development/compilers/ghc/8.6.4.nix @@ -3,6 +3,7 @@ # build-tools , bootPkgs , autoconf, automake, coreutils, fetchurl, fetchpatch, perl, python3, m4, sphinx +, bash , libiconv ? null, ncurses @@ -194,7 +195,7 @@ stdenv.mkDerivation (rec { # For building runtime libs depsBuildTarget = toolsForTarget; - buildInputs = [ perl ] ++ (libDeps hostPlatform); + buildInputs = [ perl bash ] ++ (libDeps hostPlatform); propagatedBuildInputs = [ targetPackages.stdenv.cc ] ++ stdenv.lib.optional useLLVM llvmPackages.llvm; diff --git a/pkgs/development/compilers/ghc/8.6.5.nix b/pkgs/development/compilers/ghc/8.6.5.nix index bc45540036d..d84f2cca059 100644 --- a/pkgs/development/compilers/ghc/8.6.5.nix +++ b/pkgs/development/compilers/ghc/8.6.5.nix @@ -3,6 +3,7 @@ # build-tools , bootPkgs , autoconf, automake, coreutils, fetchurl, fetchpatch, perl, python3, m4, sphinx +, bash , libiconv ? null, ncurses @@ -194,7 +195,7 @@ stdenv.mkDerivation (rec { # For building runtime libs depsBuildTarget = toolsForTarget; - buildInputs = [ perl ] ++ (libDeps hostPlatform); + buildInputs = [ perl bash ] ++ (libDeps hostPlatform); propagatedBuildInputs = [ targetPackages.stdenv.cc ] ++ stdenv.lib.optional useLLVM llvmPackages.llvm; diff --git a/pkgs/development/compilers/ghc/8.8.1.nix b/pkgs/development/compilers/ghc/8.8.1.nix index ad2d64866f8..c180dc6ac86 100644 --- a/pkgs/development/compilers/ghc/8.8.1.nix +++ b/pkgs/development/compilers/ghc/8.8.1.nix @@ -3,6 +3,7 @@ # build-tools , bootPkgs , autoconf, automake, coreutils, fetchurl, fetchpatch, perl, python3, m4, sphinx +, bash , libiconv ? null, ncurses @@ -179,7 +180,7 @@ stdenv.mkDerivation (rec { # For building runtime libs depsBuildTarget = toolsForTarget; - buildInputs = [ perl ] ++ (libDeps hostPlatform); + buildInputs = [ perl bash ] ++ (libDeps hostPlatform); propagatedBuildInputs = [ targetPackages.stdenv.cc ] ++ stdenv.lib.optional useLLVM llvmPackages.llvm; diff --git a/pkgs/development/compilers/ghc/head.nix b/pkgs/development/compilers/ghc/head.nix index 46d8dfafd0f..b263b8b187d 100644 --- a/pkgs/development/compilers/ghc/head.nix +++ b/pkgs/development/compilers/ghc/head.nix @@ -3,6 +3,7 @@ # build-tools , bootPkgs , autoconf, automake, coreutils, fetchgit, fetchurl, fetchpatch, perl, python3, m4, sphinx +, bash , libiconv ? null, ncurses @@ -177,7 +178,7 @@ stdenv.mkDerivation (rec { # For building runtime libs depsBuildTarget = toolsForTarget; - buildInputs = [ perl ] ++ (libDeps hostPlatform); + buildInputs = [ perl bash ] ++ (libDeps hostPlatform); propagatedBuildInputs = [ targetPackages.stdenv.cc ] ++ stdenv.lib.optional useLLVM llvmPackages.llvm; From 30496d80fabe3cdf84267e0e545c952c416b19cf Mon Sep 17 00:00:00 2001 From: "R. RyanTM" Date: Mon, 3 Jun 2019 01:04:55 -0700 Subject: [PATCH 28/59] vim: 8.1.1234 -> 8.1.1432 Semi-automatic update generated by https://github.com/ryantm/nixpkgs-update tools. This update was made based on information from https://repology.org/metapackage/vim/versions --- pkgs/applications/editors/vim/common.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/applications/editors/vim/common.nix b/pkgs/applications/editors/vim/common.nix index 8f2986c1a49..2e4d494a0db 100644 --- a/pkgs/applications/editors/vim/common.nix +++ b/pkgs/applications/editors/vim/common.nix @@ -1,12 +1,12 @@ { lib, fetchFromGitHub }: rec { - version = "8.1.1234"; + version = "8.1.1432"; src = fetchFromGitHub { owner = "vim"; repo = "vim"; rev = "v${version}"; - sha256 = "1ywrgciwqh1kg93kfq54zh0gdxwzgy1h49wsjdsl6s4mfscmpwng"; + sha256 = "0f8isi84dcmsfvvjzayys57zf4j56wngnpn9hfj0jn1z7x3vdbww"; }; enableParallelBuilding = true; From 5b0db07ee1c86376755a7e91fc4d1cfda2a7cff6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Fri, 22 Feb 2019 08:23:48 +0000 Subject: [PATCH 29/59] systemd: 239.20190219 -> 241.20190221 --- pkgs/os-specific/linux/systemd/default.nix | 59 ++++++---------------- 1 file changed, 16 insertions(+), 43 deletions(-) diff --git a/pkgs/os-specific/linux/systemd/default.nix b/pkgs/os-specific/linux/systemd/default.nix index 84890b56916..69910d79d65 100644 --- a/pkgs/os-specific/linux/systemd/default.nix +++ b/pkgs/os-specific/linux/systemd/default.nix @@ -14,11 +14,8 @@ , withKexectools ? lib.any (lib.meta.platformMatch stdenv.hostPlatform) kexectools.meta.platforms, kexectools }: -let - pythonLxmlEnv = buildPackages.python3Packages.python.withPackages ( ps: with ps; [ python3Packages.lxml ]); - -in stdenv.mkDerivation rec { - version = "239.20190219"; +stdenv.mkDerivation rec { + version = "241.20190221"; name = "systemd-${version}"; # When updating, use https://github.com/systemd/systemd-stable tree, not the development one! @@ -27,27 +24,9 @@ in stdenv.mkDerivation rec { owner = "NixOS"; repo = "systemd"; rev = "nixos-v${version}"; - sha256 = "0aczg25ih2gfjq810x8rw6rnpr6sw1lz6z0lvlyw2qphyih68b4x"; + sha256 = "0grcf0x793k1jx4bx7p63h3f3cd8w262824mzf8iwdsy6y9wzylr"; }; - prePatch = let - # Upstream's maintenance branches are still too intrusive: - # https://github.com/systemd/systemd-stable/tree/v239-stable - patches-deb = fetchurl { - # This URL should point to a stable location that does not easily - # disappear. In the past we were using `mirror://debian` but that - # eventually causes the files to disappear. While that was a good sign - # for us to update our patch collection it does break reproducibility. - name = "systemd-debian-patches.tar.xz"; - url = http://snapshot.debian.org/archive/debian/20190301T035241Z/pool/main/s/systemd/systemd_239-12%7Ebpo9%2B1.debian.tar.xz; - sha256 = "0v9f62gyfiw5icdrdlcvjcipsqrsm49w6n8bqp9nb8s2ih6rsfhg"; - }; - # Note that we skip debian-specific patches, i.e. ./debian/patches/debian/* - in '' - tar xf ${patches-deb} - patches="$patches $(cat debian/patches/series | grep -v '^debian/' | sed 's|^|debian/patches/|')" - ''; - outputs = [ "out" "lib" "man" "dev" ]; nativeBuildInputs = @@ -56,6 +35,8 @@ in stdenv.mkDerivation rec { coreutils # meson calls date, stat etc. glibcLocales patchelf getent m4 + + (buildPackages.python3Packages.python.withPackages ( ps: with ps; [ python3Packages.lxml ])) ]; buildInputs = [ linuxHeaders libcap kmod xz pam acl @@ -65,13 +46,19 @@ in stdenv.mkDerivation rec { stdenv.lib.optional withLibseccomp libseccomp ++ [ libffi audit lz4 bzip2 libapparmor iptables gnu-efi - # This is actually native, but we already pull it from buildPackages - pythonLxmlEnv ] ++ stdenv.lib.optional withSelinux libselinux; #dontAddPrefix = true; mesonFlags = [ + "-Ddbuspolicydir=${placeholder "out"}/etc/dbus-1/system.d" + "-Ddbussessionservicedir=${placeholder "out"}/share/dbus-1/services" + "-Ddbussystemservicedir=${placeholder "out"}/share/dbus-1/system-services" + "-Dpamconfdir=${placeholder "out"}/etc/pam.d" + "-Drootprefix=${placeholder "out"}" + "-Drootlibdir=${placeholder "lib"}/lib" + "-Dpkgconfiglibdir=${placeholder "dev"}/lib/pkgconfig" + "-Dpkgconfigdatadir=${placeholder "dev"}/share/pkgconfig" "-Dloadkeys-path=${kbd}/bin/loadkeys" "-Dsetfont-path=${kbd}/bin/setfont" "-Dtty-gid=3" # tty in NixOS has gid 3 @@ -92,6 +79,7 @@ in stdenv.mkDerivation rec { "-Dquotacheck=false" "-Dldconfig=false" "-Dsmack=true" + "-Db_pie=true" "-Dsystem-uid-max=499" #TODO: debug why awking around in /etc/login.defs doesn't work "-Dsystem-gid-max=499" # "-Dtime-epoch=1" @@ -113,15 +101,6 @@ in stdenv.mkDerivation rec { preConfigure = '' mesonFlagsArray+=(-Dntp-servers="0.nixos.pool.ntp.org 1.nixos.pool.ntp.org 2.nixos.pool.ntp.org 3.nixos.pool.ntp.org") - mesonFlagsArray+=(-Ddbuspolicydir=$out/etc/dbus-1/system.d) - mesonFlagsArray+=(-Ddbussessionservicedir=$out/share/dbus-1/services) - mesonFlagsArray+=(-Ddbussystemservicedir=$out/share/dbus-1/system-services) - mesonFlagsArray+=(-Dpamconfdir=$out/etc/pam.d) - mesonFlagsArray+=(-Drootprefix=$out) - mesonFlagsArray+=(-Drootlibdir=$lib/lib) - mesonFlagsArray+=(-Dpkgconfiglibdir=$dev/lib/pkgconfig) - mesonFlagsArray+=(-Dpkgconfigdatadir=$dev/share/pkgconfig) - export LC_ALL="en_US.UTF-8"; # FIXME: patch this in systemd properly (and send upstream). # already fixed in f00929ad622c978f8ad83590a15a765b4beecac9: (u)mount @@ -139,14 +118,8 @@ in stdenv.mkDerivation rec { --replace /bin/plymouth /run/current-system/sw/bin/plymouth # To avoid dependency done - for i in tools/xml_helper.py tools/make-directive-index.py tools/make-man-index.py test/sys-script.py; do - substituteInPlace $i \ - --replace "#!/usr/bin/env python" "#!${pythonLxmlEnv}/bin/python" - done - - for i in src/basic/generate-gperfs.py src/resolve/generate-dns_type-gperf.py src/test/generate-sym-test.py ; do - substituteInPlace $i \ - --replace "#!/usr/bin/env python" "#!${buildPackages.python3Packages.python}/bin/python" + for dir in tools src/resolve test src/test; do + patchShebangs $dir done substituteInPlace src/journal/catalog.c \ From 2a0f85d882621c28b7bcfc8cbd0c9069c60bbd09 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Fri, 22 Feb 2019 09:22:51 +0000 Subject: [PATCH 30/59] nixos/os-release: add documentation url --- nixos/modules/misc/version.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/nixos/modules/misc/version.nix b/nixos/modules/misc/version.nix index c576cf4cb92..c9b374b6d7b 100644 --- a/nixos/modules/misc/version.nix +++ b/nixos/modules/misc/version.nix @@ -95,6 +95,7 @@ in PRETTY_NAME="NixOS ${cfg.version} (${cfg.codeName})" LOGO="nix-snowflake" HOME_URL="https://nixos.org/" + DOCUMENTATION_URL="https://nixos.org/nixos/manual/index.html" SUPPORT_URL="https://nixos.org/nixos/support.html" BUG_REPORT_URL="https://github.com/NixOS/nixpkgs/issues" ''; From 8c7e588362e708ade5e782c09dbdf84d06ab4254 Mon Sep 17 00:00:00 2001 From: Andreas Rammhold Date: Mon, 6 May 2019 08:44:02 +0200 Subject: [PATCH 31/59] systemd: 241.20190221 -> 242 --- pkgs/os-specific/linux/systemd/default.nix | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/pkgs/os-specific/linux/systemd/default.nix b/pkgs/os-specific/linux/systemd/default.nix index 69910d79d65..cc708cb4a89 100644 --- a/pkgs/os-specific/linux/systemd/default.nix +++ b/pkgs/os-specific/linux/systemd/default.nix @@ -15,7 +15,7 @@ }: stdenv.mkDerivation rec { - version = "241.20190221"; + version = "242"; name = "systemd-${version}"; # When updating, use https://github.com/systemd/systemd-stable tree, not the development one! @@ -24,7 +24,7 @@ stdenv.mkDerivation rec { owner = "NixOS"; repo = "systemd"; rev = "nixos-v${version}"; - sha256 = "0grcf0x793k1jx4bx7p63h3f3cd8w262824mzf8iwdsy6y9wzylr"; + sha256 = "0ldyhfxdy4qlgygvpc92wp0qp6p1c9y3rnm77zwbkga48x60d9i8"; }; outputs = [ "out" "lib" "man" "dev" ]; @@ -104,7 +104,7 @@ stdenv.mkDerivation rec { export LC_ALL="en_US.UTF-8"; # FIXME: patch this in systemd properly (and send upstream). # already fixed in f00929ad622c978f8ad83590a15a765b4beecac9: (u)mount - for i in src/remount-fs/remount-fs.c src/core/mount.c src/core/swap.c src/fsck/fsck.c units/emergency.service.in units/rescue.service.in src/journal/cat.c src/core/shutdown.c src/nspawn/nspawn.c src/shared/generator.c; do + for i in src/remount-fs/remount-fs.c src/core/mount.c src/core/swap.c src/fsck/fsck.c units/emergency.service.in units/rescue.service.in src/journal/cat.c src/shutdown/shutdown.c src/nspawn/nspawn.c src/shared/generator.c; do test -e $i substituteInPlace $i \ --replace /usr/bin/getent ${getent}/bin/getent \ @@ -186,7 +186,7 @@ stdenv.mkDerivation rec { # in a backwards-incompatible way. If the interface version of two # systemd builds is the same, then we can switch between them at # runtime; otherwise we can't and we need to reboot. - passthru.interfaceVersion = 2; + passthru.interfaceVersion = 3; meta = with stdenv.lib; { homepage = http://www.freedesktop.org/wiki/Software/systemd; From 1f03f6fc43a6f71b8204adf6cd02fb3685261add Mon Sep 17 00:00:00 2001 From: Andreas Rammhold Date: Thu, 9 May 2019 14:13:26 +0200 Subject: [PATCH 32/59] nixos/udev: switch `networking.usePredicatableInterfaceNames` to a kernel param The udev rules we are shipping no longer work with systemd v242 and were remove upstream some time ago. It seems like the entire renaming is now done in C and not in the udev rules. --- .../services/hardware/80-net-setup-link.rules | 13 ------------- nixos/modules/services/hardware/udev.nix | 6 ++---- 2 files changed, 2 insertions(+), 17 deletions(-) delete mode 100644 nixos/modules/services/hardware/80-net-setup-link.rules diff --git a/nixos/modules/services/hardware/80-net-setup-link.rules b/nixos/modules/services/hardware/80-net-setup-link.rules deleted file mode 100644 index 18547f170a3..00000000000 --- a/nixos/modules/services/hardware/80-net-setup-link.rules +++ /dev/null @@ -1,13 +0,0 @@ -# Copied from systemd 203. -ACTION=="remove", GOTO="net_name_slot_end" -SUBSYSTEM!="net", GOTO="net_name_slot_end" -NAME!="", GOTO="net_name_slot_end" - -IMPORT{cmdline}="net.ifnames" -ENV{net.ifnames}=="0", GOTO="net_name_slot_end" - -NAME=="", ENV{ID_NET_NAME_ONBOARD}!="", NAME="$env{ID_NET_NAME_ONBOARD}" -NAME=="", ENV{ID_NET_NAME_SLOT}!="", NAME="$env{ID_NET_NAME_SLOT}" -NAME=="", ENV{ID_NET_NAME_PATH}!="", NAME="$env{ID_NET_NAME_PATH}" - -LABEL="net_name_slot_end" diff --git a/nixos/modules/services/hardware/udev.nix b/nixos/modules/services/hardware/udev.nix index 0266286aaac..cb2f1e6621a 100644 --- a/nixos/modules/services/hardware/udev.nix +++ b/nixos/modules/services/hardware/udev.nix @@ -116,10 +116,6 @@ let exit 1 fi - ${optionalString config.networking.usePredictableInterfaceNames '' - cp ${./80-net-setup-link.rules} $out/80-net-setup-link.rules - ''} - # If auto-configuration is disabled, then remove # udev's 80-drivers.rules file, which contains rules for # automatically calling modprobe. @@ -282,6 +278,8 @@ in services.udev.path = [ pkgs.coreutils pkgs.gnused pkgs.gnugrep pkgs.utillinux udev ]; + boot.kernelParams = mkIf (!config.networking.usePredictableInterfaceNames) [ "net.ifnames=0" ]; + environment.etc = [ { source = udevRules; target = "udev/rules.d"; From 4743ad7392152d3745dee552aebe8a6b67e189a1 Mon Sep 17 00:00:00 2001 From: Andreas Rammhold Date: Fri, 10 May 2019 20:28:18 +0200 Subject: [PATCH 33/59] nixos/tests/radicale: be a bit more permissive when matching logs With the systemd update to v242 five lines are not longer sufficient to verify that the storage was verified. In order to reduce future test failures increasing it to 10 lines sounds like a sane amount. --- nixos/tests/radicale.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nixos/tests/radicale.nix b/nixos/tests/radicale.nix index bf22fc9291a..60796425564 100644 --- a/nixos/tests/radicale.nix +++ b/nixos/tests/radicale.nix @@ -85,7 +85,7 @@ in $radicale->succeed('mv /tmp/collections-new/collection-root /tmp/collections'); $radicale->succeed('${switchToConfig "radicale2_verify"} >&2'); $radicale->waitUntilFails('systemctl status radicale'); - my ($retcode, $logs) = $radicale->execute('journalctl -u radicale -n 5'); + my ($retcode, $logs) = $radicale->execute('journalctl -u radicale -n 10'); if ($retcode != 0 || index($logs, 'Verifying storage') == -1) { die "Radicale 2 didn't verify storage" } From a32cd7d84a7c832574ef0f09862e41bf84709baf Mon Sep 17 00:00:00 2001 From: Andreas Rammhold Date: Sat, 11 May 2019 00:10:08 +0200 Subject: [PATCH 34/59] nixos/networkd: use `no` instead of `none` for `DHCP=` option systemd has deprecated the use of `none` and recommends using `no` instead. --- nixos/modules/tasks/network-interfaces-systemd.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nixos/modules/tasks/network-interfaces-systemd.nix b/nixos/modules/tasks/network-interfaces-systemd.nix index 2318bdd1d58..dd9ba9eec42 100644 --- a/nixos/modules/tasks/network-interfaces-systemd.nix +++ b/nixos/modules/tasks/network-interfaces-systemd.nix @@ -12,7 +12,7 @@ let i.ipv4.addresses ++ optionals cfg.enableIPv6 i.ipv6.addresses; - dhcpStr = useDHCP: if useDHCP == true || useDHCP == null then "both" else "none"; + dhcpStr = useDHCP: if useDHCP == true || useDHCP == null then "both" else "no"; slaves = concatLists (map (bond: bond.interfaces) (attrValues cfg.bonds)) From d600da70457a8ca8d9543eb48b73e7c5eae1656f Mon Sep 17 00:00:00 2001 From: Andreas Rammhold Date: Sat, 11 May 2019 00:28:24 +0200 Subject: [PATCH 35/59] nixos/networkd: use the route section for default routes With systemd v242 using the `Gateway` attribute of the `[Network]` section will lead to "onlink" routes on all the device that are matched by the default configuration (typically all devices) causing multiple default routes (even on localhost). We can only avoid that - while keeping our default route option - when we mark the route as explicitly not on link. Only gateways that are within a subnet of one of the assigned interface addresses will be installed into the routing table. --- nixos/modules/tasks/network-interfaces-systemd.nix | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/nixos/modules/tasks/network-interfaces-systemd.nix b/nixos/modules/tasks/network-interfaces-systemd.nix index dd9ba9eec42..b9c1387cea5 100644 --- a/nixos/modules/tasks/network-interfaces-systemd.nix +++ b/nixos/modules/tasks/network-interfaces-systemd.nix @@ -59,7 +59,14 @@ in in { DHCP = override (dhcpStr cfg.useDHCP); } // optionalAttrs (gateway != [ ]) { - gateway = override gateway; + routes = override [ + { + routeConfig = { + Gateway = gateway; + GatewayOnlink = false; + }; + } + ]; } // optionalAttrs (domains != [ ]) { domains = override domains; }; From 1b7b1dbe2f88a3c8f0c5416d4e43de10977915cc Mon Sep 17 00:00:00 2001 From: Andreas Rammhold Date: Sat, 11 May 2019 13:48:48 +0200 Subject: [PATCH 36/59] nixos/networkd: rename GatewayOnlink to GatewayOnLink This follows upstreams renaming of the option [1]. [1] https://github.com/systemd/systemd/commit/9cb8c5593443d24c19e40bfd4fc06d672f8c554c --- nixos/doc/manual/release-notes/rl-1909.xml | 10 ++++++++++ nixos/modules/system/boot/networkd.nix | 2 +- nixos/modules/tasks/network-interfaces-systemd.nix | 2 +- 3 files changed, 12 insertions(+), 2 deletions(-) diff --git a/nixos/doc/manual/release-notes/rl-1909.xml b/nixos/doc/manual/release-notes/rl-1909.xml index 60b4a3bc17b..bac642fa539 100644 --- a/nixos/doc/manual/release-notes/rl-1909.xml +++ b/nixos/doc/manual/release-notes/rl-1909.xml @@ -104,6 +104,16 @@ + + + The option + was renamed to + (capital L). This follows + + upstreams renaming + of the setting. + + diff --git a/nixos/modules/system/boot/networkd.nix b/nixos/modules/system/boot/networkd.nix index 63a6f7fbe09..14a3832b0dc 100644 --- a/nixos/modules/system/boot/networkd.nix +++ b/nixos/modules/system/boot/networkd.nix @@ -203,7 +203,7 @@ let checkRoute = checkUnitConfig "Route" [ (assertOnlyFields [ - "Gateway" "GatewayOnlink" "Destination" "Source" "Metric" + "Gateway" "GatewayOnLink" "Destination" "Source" "Metric" "IPv6Preference" "Scope" "PreferredSource" "Table" "Protocol" "Type" "InitialCongestionWindow" "InitialAdvertisedReceiveWindow" "QuickAck" "MTUBytes" diff --git a/nixos/modules/tasks/network-interfaces-systemd.nix b/nixos/modules/tasks/network-interfaces-systemd.nix index b9c1387cea5..857aaf1e6e3 100644 --- a/nixos/modules/tasks/network-interfaces-systemd.nix +++ b/nixos/modules/tasks/network-interfaces-systemd.nix @@ -63,7 +63,7 @@ in { routeConfig = { Gateway = gateway; - GatewayOnlink = false; + GatewayOnLink = false; }; } ]; From bc71b6eaf6ff9451cbbaa3e62aa200845d12f4e3 Mon Sep 17 00:00:00 2001 From: Florian Klink Date: Sat, 11 May 2019 23:33:58 +0200 Subject: [PATCH 37/59] nixosTests.containers-imperative: add tmpfiles test (cherry picked from commit 92600a90e248aa27f2aedcce4ad309f987a390df) --- nixos/tests/containers-imperative.nix | 21 ++++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-) diff --git a/nixos/tests/containers-imperative.nix b/nixos/tests/containers-imperative.nix index 0c101037aa7..2e7e4b2f1d6 100644 --- a/nixos/tests/containers-imperative.nix +++ b/nixos/tests/containers-imperative.nix @@ -35,7 +35,17 @@ import ./make-test.nix ({ pkgs, ...} : { ]; }; - testScript = + testScript = let + tmpfilesContainerConfig = pkgs.writeText "container-config-tmpfiles" '' + { + systemd.tmpfiles.rules = [ "d /foo - - - - -" ]; + systemd.services.foo = { + serviceConfig.Type = "oneshot"; + script = "ls -al /foo"; + wantedBy = [ "multi-user.target" ]; + }; + } + ''; in '' # Make sure we have a NixOS tree (required by ‘nixos-container create’). $machine->succeed("PAGER=cat nix-env -qa -A nixos.hello >&2"); @@ -93,6 +103,15 @@ import ./make-test.nix ({ pkgs, ...} : { $machine->succeed("nixos-container stop $id1"); $machine->succeed("nixos-container start $id1"); + # Ensure tmpfiles are present + $machine->log("creating container tmpfiles"); + $machine->succeed("nixos-container create tmpfiles --config-file ${tmpfilesContainerConfig}"); + $machine->log("created, starting…"); + $machine->succeed("nixos-container start tmpfiles"); + $machine->log("done starting, investigating…"); + $machine->succeed("echo \$(nixos-container run tmpfiles -- systemctl is-active foo.service) | grep -q active;"); + $machine->succeed("nixos-container destroy tmpfiles"); + # Execute commands via the root shell. $machine->succeed("nixos-container run $id1 -- uname") =~ /Linux/ or die; From 024a383d64036dab02157927369ca680427aa61d Mon Sep 17 00:00:00 2001 From: Andreas Rammhold Date: Wed, 15 May 2019 11:05:37 +0200 Subject: [PATCH 38/59] nixos/systemd: migrate systemd-timesync state when required Somewhen between systemd v239 and v242 upstream decided to no longer run a few system services with `DyanmicUser=1` but failed to provide a migration path for all the state those services left behind. For the case of systemd-timesync the state has to be moved from /var/lib/private/systemd/timesync to /var/lib/systemd/timesync if /var/lib/systemd/timesync is currently a symlink. We only do this if the stateVersion is still below 19.09 to avoid starting to have an ever growing activation script for (then) ancient systemd migrations that are no longer required. See https://github.com/systemd/systemd/issues/12131 for details about the missing migration path and related discussion. --- nixos/doc/manual/release-notes/rl-1909.xml | 16 ++++++- nixos/modules/system/boot/systemd.nix | 2 - nixos/modules/system/boot/timesyncd.nix | 9 ++++ nixos/tests/all-tests.nix | 1 + nixos/tests/systemd-timesyncd.nix | 52 ++++++++++++++++++++++ 5 files changed, 77 insertions(+), 3 deletions(-) create mode 100644 nixos/tests/systemd-timesyncd.nix diff --git a/nixos/doc/manual/release-notes/rl-1909.xml b/nixos/doc/manual/release-notes/rl-1909.xml index bac642fa539..3b1a2d99794 100644 --- a/nixos/doc/manual/release-notes/rl-1909.xml +++ b/nixos/doc/manual/release-notes/rl-1909.xml @@ -172,6 +172,20 @@ which is linked to fr-toutesvariantes.{aff,dic}. - + + + With the upgrade to systemd version 242 the systemd-timesyncd + service is no longer using DynamicUser=yes. In order for the + upgrade to work we rely on an activation script to move the state from the old + to the new directory. The older directory (prior 19.09) was + /var/lib/private/systemd/timesync. + + + As long as the system.config.stateVersion is below + 19.09 the state folder will migrated to its proper location + (/var/lib/systemd/timesync), if required. + + + diff --git a/nixos/modules/system/boot/systemd.nix b/nixos/modules/system/boot/systemd.nix index 18ee2ef1b8f..8499b700d3e 100644 --- a/nixos/modules/system/boot/systemd.nix +++ b/nixos/modules/system/boot/systemd.nix @@ -940,7 +940,6 @@ in # Don't bother with certain units in containers. systemd.services.systemd-remount-fs.unitConfig.ConditionVirtualization = "!container"; systemd.services.systemd-random-seed.unitConfig.ConditionVirtualization = "!container"; - }; # FIXME: Remove these eventually. @@ -949,5 +948,4 @@ in (mkRenamedOptionModule [ "boot" "systemd" "targets" ] [ "systemd" "targets" ]) (mkRenamedOptionModule [ "boot" "systemd" "services" ] [ "systemd" "services" ]) ]; - } diff --git a/nixos/modules/system/boot/timesyncd.nix b/nixos/modules/system/boot/timesyncd.nix index 8d8bfe5900a..8282cdd6f3a 100644 --- a/nixos/modules/system/boot/timesyncd.nix +++ b/nixos/modules/system/boot/timesyncd.nix @@ -40,6 +40,15 @@ with lib; users.users.systemd-timesync.uid = config.ids.uids.systemd-timesync; users.groups.systemd-timesync.gid = config.ids.gids.systemd-timesync; + system.activationScripts.systemd-timesyncd-migration = mkIf (versionOlder config.system.stateVersion "19.09") '' + # workaround an issue of systemd-timesyncd not starting due to upstream systemd reverting their dynamic users changes + # - https://github.com/NixOS/nixpkgs/pull/61321#issuecomment-492423742 + # - https://github.com/systemd/systemd/issues/12131 + if [ -L /var/lib/systemd/timesync ]; then + rm /var/lib/systemd/timesync + mv /var/lib/private/systemd/timesync /var/lib/systemd/timesync + fi + ''; }; } diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix index 9bce49c9e30..ddc253adbd0 100644 --- a/nixos/tests/all-tests.nix +++ b/nixos/tests/all-tests.nix @@ -237,6 +237,7 @@ in syncthing-relay = handleTest ./syncthing-relay.nix {}; systemd = handleTest ./systemd.nix {}; systemd-confinement = handleTest ./systemd-confinement.nix {}; + systemd-timesyncd = handleTest ./systemd-timesyncd.nix {}; pdns-recursor = handleTest ./pdns-recursor.nix {}; taskserver = handleTest ./taskserver.nix {}; telegraf = handleTest ./telegraf.nix {}; diff --git a/nixos/tests/systemd-timesyncd.nix b/nixos/tests/systemd-timesyncd.nix new file mode 100644 index 00000000000..d12b8eb2bf7 --- /dev/null +++ b/nixos/tests/systemd-timesyncd.nix @@ -0,0 +1,52 @@ +# Regression test for systemd-timesync having moved the state directory without +# upstream providing a migration path. https://github.com/systemd/systemd/issues/12131 + +import ./make-test.nix (let + common = { lib, ... }: { + # override the `false` value from the qemu-vm base profile + services.timesyncd.enable = lib.mkForce true; + }; + mkVM = conf: { imports = [ conf common ]; }; +in { + name = "systemd-timesyncd"; + nodes = { + current = mkVM {}; + pre1909 = mkVM ({lib, ... }: with lib; { + # create the path that should be migrated by our activation script when + # upgrading to a newer nixos version + system.stateVersion = "19.03"; + system.activationScripts.simulate-old-timesync-state-dir = mkBefore '' + rm -f /var/lib/systemd/timesync + mkdir -p /var/lib/systemd /var/lib/private/systemd/timesync + ln -s /var/lib/private/systemd/timesync /var/lib/systemd/timesync + chown systemd-timesync: /var/lib/private/systemd/timesync + ''; + }); + }; + + testScript = '' + startAll; + $current->succeed('systemctl status systemd-timesyncd.service'); + # on a new install with a recent systemd there should not be any + # leftovers from the dynamic user mess + $current->succeed('test -e /var/lib/systemd/timesync'); + $current->succeed('test ! -L /var/lib/systemd/timesync'); + + # timesyncd should be running on the upgrading system since we fixed the + # file bits in the activation script + $pre1909->succeed('systemctl status systemd-timesyncd.service'); + + # the path should be gone after the migration + $pre1909->succeed('test ! -e /var/lib/private/systemd/timesync'); + + # and the new path should no longer be a symlink + $pre1909->succeed('test -e /var/lib/systemd/timesync'); + $pre1909->succeed('test ! -L /var/lib/systemd/timesync'); + + # after a restart things should still work and not fail in the activation + # scripts and cause the boot to fail.. + $pre1909->shutdown; + $pre1909->start; + $pre1909->succeed('systemctl status systemd-timesyncd.service'); + ''; +}) From d436ab07182ffee2b3447df892828137fc3767e8 Mon Sep 17 00:00:00 2001 From: Franz Pletz Date: Fri, 17 May 2019 16:26:15 +0200 Subject: [PATCH 39/59] multipath-tools: 0.6.2 -> 0.8.1 --- pkgs/os-specific/linux/multipath-tools/default.nix | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/pkgs/os-specific/linux/multipath-tools/default.nix b/pkgs/os-specific/linux/multipath-tools/default.nix index 14996fd76be..0e90a081476 100644 --- a/pkgs/os-specific/linux/multipath-tools/default.nix +++ b/pkgs/os-specific/linux/multipath-tools/default.nix @@ -1,16 +1,17 @@ -{ stdenv, fetchurl, lvm2, libaio, gzip, readline, systemd, liburcu }: +{ stdenv, fetchurl, pkgconfig, perl, lvm2, libaio, gzip, readline, systemd, liburcu, json_c }: stdenv.mkDerivation rec { name = "multipath-tools-${version}"; - version = "0.6.2"; + version = "0.8.1"; src = fetchurl { name = "${name}.tar.gz"; - url = "https://git.opensvc.com/?p=multipath-tools/.git;a=snapshot;h=${version};sf=tgz"; - sha256 = "159hxvbk9kh1qay9x04w0gsqzg0hkl5yghfc1wi9kv2n5pcwbkpm"; + url = "https://git.opensvc.com/gitweb.cgi?p=multipath-tools/.git;a=snapshot;h=refs/tags/${version};sf=tgz"; + sha256 = "0669zl4dpai63dl04lf8vpwnpsff6qf19fifxfc4frawnh699k95"; }; postPatch = '' + substituteInPlace libmultipath/Makefile --replace /usr/include/libdevmapper.h ${lvm2}/include/libdevmapper.h sed -i -re ' s,^( *#define +DEFAULT_MULTIPATHDIR\>).*,\1 "'"$out/lib/multipath"'", ' libmultipath/defaults.h @@ -20,8 +21,8 @@ stdenv.mkDerivation rec { Makefile.inc ''; - nativeBuildInputs = [ gzip ]; - buildInputs = [ systemd lvm2 libaio readline liburcu ]; + nativeBuildInputs = [ gzip pkgconfig perl ]; + buildInputs = [ systemd lvm2 libaio readline liburcu json_c ]; makeFlags = [ "LIB=lib" From 81f390d2e3f0b297e7b50c779b49babcd6a1fa7e Mon Sep 17 00:00:00 2001 From: Andreas Rammhold Date: Fri, 17 May 2019 20:00:22 +0200 Subject: [PATCH 40/59] systemd: disable building tests We are currently not running any tests but building them takes signitifcant amounts of time since they account to about 40% of all the compilation targets. --- pkgs/os-specific/linux/systemd/default.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/pkgs/os-specific/linux/systemd/default.nix b/pkgs/os-specific/linux/systemd/default.nix index cc708cb4a89..a94490d594b 100644 --- a/pkgs/os-specific/linux/systemd/default.nix +++ b/pkgs/os-specific/linux/systemd/default.nix @@ -62,7 +62,8 @@ stdenv.mkDerivation rec { "-Dloadkeys-path=${kbd}/bin/loadkeys" "-Dsetfont-path=${kbd}/bin/setfont" "-Dtty-gid=3" # tty in NixOS has gid 3 - # "-Dtests=" # TODO + # while we do not run tests we should also not build them. Removes about 600 targets + "-Dtests=false" "-Dlz4=true" "-Dhostnamed=true" "-Dnetworkd=true" From 0f93834c5e6e1e7489ab4be55c38cb1d4b9d325f Mon Sep 17 00:00:00 2001 From: Andreas Rammhold Date: Wed, 22 May 2019 00:07:39 +0200 Subject: [PATCH 41/59] systemd: remove references to $out/lib/systemd/catalog On aarch64 we "leak" a reference to $out/lib/systemd/catalog in the lib output. The result of that is a dependency cycle between $out and $lib. Thus nix (rightfully) marks the build as failed. That reference originates from an array of strings (catalog_file_dirs) in systemd (src/src/journal/catalog.{c,h}). The only consumer (as of v242) of the symbol is the main function of journalctl. Still libsystemd.so contains the VALUE but not the symbol. Systemd seems to be properly using function & data sections together with the linker flags to garbage collect unused sections (-Wl,--gc-sections). For unknown reasons those flags do not eliminate the unused string constants, in this case on aarch64-linux. The hacky way is to just remove the reference after we finished compiling. Since it can not be used (there is no symbol to actually refer to it) there should not be any harm. It is a bit odd and I really do not like starting these kind of hacks but there doesn't seem to be a straight forward way at this point in time. The reference will be replaced by the same reference the usual nukeRefs tooling uses. The standard tooling can not / should not be uesd since it is a bit too excessive and could potentially do us some (more) harm. --- pkgs/os-specific/linux/systemd/default.nix | 26 ++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/pkgs/os-specific/linux/systemd/default.nix b/pkgs/os-specific/linux/systemd/default.nix index a94490d594b..8aa518ed1d0 100644 --- a/pkgs/os-specific/linux/systemd/default.nix +++ b/pkgs/os-specific/linux/systemd/default.nix @@ -9,6 +9,7 @@ , patchelf , getent , buildPackages +, perl , withSelinux ? false, libselinux , withLibseccomp ? lib.any (lib.meta.platformMatch stdenv.hostPlatform) libseccomp.meta.platforms, libseccomp , withKexectools ? lib.any (lib.meta.platformMatch stdenv.hostPlatform) kexectools.meta.platforms, kexectools @@ -35,6 +36,7 @@ stdenv.mkDerivation rec { coreutils # meson calls date, stat etc. glibcLocales patchelf getent m4 + perl # to patch the libsystemd.so and remove dependencies on aarch64 (buildPackages.python3Packages.python.withPackages ( ps: with ps; [ python3Packages.lxml ])) ]; @@ -181,6 +183,30 @@ stdenv.mkDerivation rec { enableParallelBuilding = true; + # On aarch64 we "leak" a reference to $out/lib/systemd/catalog in the lib + # output. The result of that is a dependency cycle between $out and $lib. + # Thus nix (rightfully) marks the build as failed. That reference originates + # from an array of strings (catalog_file_dirs) in systemd + # (src/src/journal/catalog.{c,h}). The only consumer (as of v242) of the + # symbol is the main function of journalctl. Still libsystemd.so contains + # the VALUE but not the symbol. Systemd seems to be properly using function + # & data sections together with the linker flags to garbage collect unused + # sections (-Wl,--gc-sections). For unknown reasons those flags do not + # eliminate the unused string constants, in this case on aarch64-linux. The + # hacky way is to just remove the reference after we finished compiling. + # Since it can not be used (there is no symbol to actually refer to it) there + # should not be any harm. It is a bit odd and I really do not like starting + # these kind of hacks but there doesn't seem to be a straight forward way at + # this point in time. + # The reference will be replaced by the same reference the usual nukeRefs + # tooling uses. The standard tooling can not / should not be uesd since it + # is a bit too excessive and could potentially do us some (more) harm. + postFixup = '' + nukedRef=$(echo $out | sed -e "s,$NIX_STORE/[^-]*-\(.*\),$NIX_STORE/eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee-\1,") + cat $lib/lib/libsystemd.so | perl -pe "s|$out/lib/systemd/catalog|$nukedRef/lib/systemd/catalog|" > $lib/lib/libsystemd.so.tmp + mv $lib/lib/libsystemd.so.tmp $(readlink -f $lib/lib/libsystemd.so) + ''; + # The interface version prevents NixOS from switching to an # incompatible systemd at runtime. (Switching across reboots is # fine, of course.) It should be increased whenever systemd changes From 9077623324d9366041bb6628be1a5cffb7bc815d Mon Sep 17 00:00:00 2001 From: Andreas Rammhold Date: Tue, 28 May 2019 18:33:28 +0200 Subject: [PATCH 42/59] nixos/misc: warn when someone is using the nixops autoLuks module The autoLuks module is not really compatible with the updated systemd version anymore. We started dropping NixOS specific patches that caused unwanted side effects that we had to work around otherwise. This change points users towards the relevant PR and spits out a bit of information on how to deal with the situation. --- nixos/doc/manual/release-notes/rl-1909.xml | 24 ++++++++++++ nixos/modules/misc/nixops-autoluks.nix | 44 ++++++++++++++++++++++ nixos/modules/module-list.nix | 1 + 3 files changed, 69 insertions(+) create mode 100644 nixos/modules/misc/nixops-autoluks.nix diff --git a/nixos/doc/manual/release-notes/rl-1909.xml b/nixos/doc/manual/release-notes/rl-1909.xml index 3b1a2d99794..96c41edabd4 100644 --- a/nixos/doc/manual/release-notes/rl-1909.xml +++ b/nixos/doc/manual/release-notes/rl-1909.xml @@ -114,6 +114,30 @@ of the setting. + + + As of this release the NixOps feature autoLuks is deprecated. It no longer works + with our systemd version without manual intervention. + + + Whenever the usage of the module is detected the evaluation will fail with a message + explaining why and how to deal with the situation. + + + A new knob named nixops.enableDeprecatedAutoLuks + has been introduced to disable the eval failure and to acknowledge the notice was received and read. + If you plan on using the feature please note that it might break with subsequent updates. + + + Make sure you set the _netdev option for each of the file systems referring to block + devices provided by the autoLuks module. Not doing this might render the system in a + state where it doesn't boot anymore. + + + If you are actively using the autoLuks module please let us know in + issue #62211. + + diff --git a/nixos/modules/misc/nixops-autoluks.nix b/nixos/modules/misc/nixops-autoluks.nix new file mode 100644 index 00000000000..2153c6f975a --- /dev/null +++ b/nixos/modules/misc/nixops-autoluks.nix @@ -0,0 +1,44 @@ +{ config, options, lib, ... }: +let + path = [ "deployment" "autoLuks" ]; + hasAutoLuksOption = lib.hasAttrByPath path options; + hasAutoLuksConfig = lib.hasAttrByPath path config && (lib.attrByPath path {} config) != {}; + + inherit (config.nixops) enableDeprecatedAutoLuks; +in { + options.nixops.enableDeprecatedAutoLuks = lib.mkEnableOption "Enable the deprecated NixOps AutoLuks module"; + + config = { + assertions = [ + { + assertion = if hasAutoLuksConfig then hasAutoLuksConfig && enableDeprecatedAutoLuks else true; + message = '' + ⚠️ !!! WARNING !!! ⚠️ + + NixOps autoLuks is deprecated. The feature was never widely used and the maintenance did outgrow the benefit. + If you still want to use the module: + a) Please raise your voice in the issue tracking usage of the module: + https://github.com/NixOS/nixpkgs/issues/62211 + b) make sure you set the `_netdev` option for each of the file + systems referring to block devices provided by the autoLuks module. + + ⚠️ If you do not set the option your system will not boot anymore! ⚠️ + + { + fileSystems."/secret" = { options = [ "_netdev" ]; }; + } + + b) set the option >nixops.enableDeprecatedAutoLuks = true< to remove this error. + + + For more details read through the following resources: + - https://github.com/NixOS/nixops/pull/1156 + - https://github.com/NixOS/nixpkgs/issues/47550 + - https://github.com/NixOS/nixpkgs/issues/62211 + - https://github.com/NixOS/nixpkgs/pull/61321 + ''; + } + ]; + }; + +} diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index bc8bcc0cd8f..9152121d43d 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -84,6 +84,7 @@ ./misc/nixpkgs.nix ./misc/passthru.nix ./misc/version.nix + ./misc/nixops-autoluks.nix ./programs/adb.nix ./programs/atop.nix ./programs/autojump.nix From 7508490770ba490ad767d230241822129da70672 Mon Sep 17 00:00:00 2001 From: Andreas Rammhold Date: Sat, 25 May 2019 09:49:06 +0200 Subject: [PATCH 43/59] nixos/test: remove the stateVersion statement from the test-instrumentation We set stateVersion to `mkDefault 18.03` in `nixos/modules/testing/test-instrumentation.nix` and in `modules/installer/cd-dvd/installation-cd-base.nix`. Accessing the stateVersion in the module system from within the tests results in the following error: > The unique option `system.stateVersion' is defined multiple times, in > `nixpkgs/nixos/modules/installer/cd-dvd/installation-cd-base.nix' and > `nixpkgs/nixos/modules/testing/test-instrumentation.nix'. There are other tests that use it as well. Namely the radicale test also verifies behaviour between state versions is as expected. It switches a package default value. Others switched on the state directory default. It seems like having the timesyncd switch as part of every rendered activationScript might cause this weird error. Removing this line seems like a reasonable thing to do since we actually set the default to the very same value in the module system. This line should have been no-op besides the issue that we've two statements setting it in this very specific case. --- nixos/modules/testing/test-instrumentation.nix | 3 --- 1 file changed, 3 deletions(-) diff --git a/nixos/modules/testing/test-instrumentation.nix b/nixos/modules/testing/test-instrumentation.nix index ed4cfa7805e..1a11d9ce7c2 100644 --- a/nixos/modules/testing/test-instrumentation.nix +++ b/nixos/modules/testing/test-instrumentation.nix @@ -129,9 +129,6 @@ with import ../../lib/qemu-flags.nix { inherit pkgs; }; users.users.root.initialHashedPassword = mkOverride 150 ""; services.xserver.displayManager.job.logToJournal = true; - - # set default stateVersion to avoid warnings during eval - system.stateVersion = mkDefault "18.03"; }; } From 7d1ac249dfce996a8287eddbe24812d650e0dd6c Mon Sep 17 00:00:00 2001 From: worldofpeace Date: Mon, 3 Jun 2019 15:54:04 -0400 Subject: [PATCH 44/59] Revert "Revert "gtk-doc: 1.29 -> 1.30"" This reverts commit b41ef4c7ba3208b2b0f041cfedc7d0628c5a5181. --- pkgs/development/tools/documentation/gtk-doc/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/tools/documentation/gtk-doc/default.nix b/pkgs/development/tools/documentation/gtk-doc/default.nix index f6083a78bf8..91bd12a90a2 100644 --- a/pkgs/development/tools/documentation/gtk-doc/default.nix +++ b/pkgs/development/tools/documentation/gtk-doc/default.nix @@ -5,11 +5,11 @@ stdenv.mkDerivation rec { pname = "gtk-doc"; - version = "1.29"; + version = "1.30"; src = fetchurl { url = "mirror://gnome/sources/${pname}/${stdenv.lib.versions.majorMinor version}/${pname}-${version}.tar.xz"; - sha256 = "1cc6yl8l275qn3zpjl6f0s4fwmkczngjr9hhsdv74mln4h08wmql"; + sha256 = "17h6nwhis66z4dxjrc833wvfl6pqjp81yfx3fq6x7k1qp2749xm4"; }; patches = [ From 93cac33f95e5cb0312db366c48f6c163abcd0b0a Mon Sep 17 00:00:00 2001 From: worldofpeace Date: Mon, 3 Jun 2019 15:54:27 -0400 Subject: [PATCH 45/59] Revert "Revert "gtk-doc: build with meson"" This reverts commit 7c1568645bb8eb7cba5d408eedaffa9982514541. --- .../tools/documentation/gtk-doc/default.nix | 49 ++++++++++++++----- 1 file changed, 38 insertions(+), 11 deletions(-) diff --git a/pkgs/development/tools/documentation/gtk-doc/default.nix b/pkgs/development/tools/documentation/gtk-doc/default.nix index 91bd12a90a2..ee2ca64ffeb 100644 --- a/pkgs/development/tools/documentation/gtk-doc/default.nix +++ b/pkgs/development/tools/documentation/gtk-doc/default.nix @@ -1,5 +1,15 @@ -{ stdenv, fetchurl, autoreconfHook, pkgconfig, perl, python3, libxml2Python, libxslt, which -, docbook_xml_dtd_43, docbook_xsl, gnome-doc-utils, gettext, itstool, gnome3 +{ stdenv +, fetchFromGitLab +, meson +, ninja +, pkgconfig +, python3 +, libxml2Python +, docbook_xml_dtd_43 +, docbook_xsl +, libxslt +, gettext +, gnome3 , withDblatex ? false, dblatex }: @@ -7,9 +17,12 @@ stdenv.mkDerivation rec { pname = "gtk-doc"; version = "1.30"; - src = fetchurl { - url = "mirror://gnome/sources/${pname}/${stdenv.lib.versions.majorMinor version}/${pname}-${version}.tar.xz"; - sha256 = "17h6nwhis66z4dxjrc833wvfl6pqjp81yfx3fq6x7k1qp2749xm4"; + src = fetchFromGitLab { + domain = "gitlab.gnome.org"; + owner = "GNOME"; + repo = pname; + rev = "GTK_DOC_${stdenv.lib.replaceStrings ["."] ["_"] version }"; + sha256 = "05lr6apj3pd3s59a7k6p45k9ywwrp577ra4pvkhxvb5p7v90c2fi"; }; patches = [ @@ -18,13 +31,27 @@ stdenv.mkDerivation rec { outputDevdoc = "out"; - nativeBuildInputs = [ autoreconfHook ]; - buildInputs = - [ pkgconfig perl python3 libxml2Python libxslt docbook_xml_dtd_43 docbook_xsl - gnome-doc-utils gettext which itstool - ] ++ stdenv.lib.optional withDblatex dblatex; + nativeBuildInputs = [ + gettext + meson + ninja + ]; - configureFlags = [ "--disable-scrollkeeper" ]; + buildInputs = [ + docbook_xml_dtd_43 + docbook_xsl + libxslt + pkgconfig + python3 + libxml2Python + ] + ++ stdenv.lib.optional withDblatex dblatex + ; + + mesonFlags = [ + "-Dtests=false" + "-Dyelp_manual=false" + ]; # Make pygments available for binaries, python.withPackages creates a wrapper # but scripts are not allowed in shebangs so we link it into sys.path. From 9096648a2e6aa21e3c6a6ee5b114daed58701d5e Mon Sep 17 00:00:00 2001 From: worldofpeace Date: Mon, 3 Jun 2019 15:54:46 -0400 Subject: [PATCH 46/59] Revert "Revert "gtk-doc: fix css file permissions"" This reverts commit 451be596d3f640426736b6c1bbc19deaac1008aa. --- ...ghlight-fix-permission-on-file-style.patch | 24 +++++++++++++++++++ .../tools/documentation/gtk-doc/default.nix | 2 ++ 2 files changed, 26 insertions(+) create mode 100644 pkgs/development/tools/documentation/gtk-doc/0001-highlight-fix-permission-on-file-style.patch diff --git a/pkgs/development/tools/documentation/gtk-doc/0001-highlight-fix-permission-on-file-style.patch b/pkgs/development/tools/documentation/gtk-doc/0001-highlight-fix-permission-on-file-style.patch new file mode 100644 index 00000000000..f7e37a1a5e5 --- /dev/null +++ b/pkgs/development/tools/documentation/gtk-doc/0001-highlight-fix-permission-on-file-style.patch @@ -0,0 +1,24 @@ +From 95a75c95c5c4e641ce7cda0ded968d66f07f822a Mon Sep 17 00:00:00 2001 +From: worldofpeace +Date: Sat, 18 May 2019 14:44:08 -0400 +Subject: [PATCH] highlight: fix permission on file style + +--- + gtkdoc/highlight.py | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/gtkdoc/highlight.py b/gtkdoc/highlight.py +index 8f6e470..d11c432 100644 +--- a/gtkdoc/highlight.py ++++ b/gtkdoc/highlight.py +@@ -47,6 +47,6 @@ def highlight_code(code, lang='c'): + + + def append_style_defs(css_file_name): +- os.chmod(css_file_name, stat.S_IWRITE) ++ os.chmod(css_file_name, 0o664) + with open(css_file_name, 'at', newline='\n', encoding='utf-8') as css: + css.write(HTML_FORMATTER.get_style_defs()) +-- +2.21.0 + diff --git a/pkgs/development/tools/documentation/gtk-doc/default.nix b/pkgs/development/tools/documentation/gtk-doc/default.nix index ee2ca64ffeb..44b5384106e 100644 --- a/pkgs/development/tools/documentation/gtk-doc/default.nix +++ b/pkgs/development/tools/documentation/gtk-doc/default.nix @@ -27,6 +27,8 @@ stdenv.mkDerivation rec { patches = [ passthru.respect_xml_catalog_files_var_patch + # https://gitlab.gnome.org/GNOME/gtk-doc/issues/84 + ./0001-highlight-fix-permission-on-file-style.patch ]; outputDevdoc = "out"; From daf8b6897180e8a54b7b1f71da8fa0fcebe5764f Mon Sep 17 00:00:00 2001 From: worldofpeace Date: Mon, 3 Jun 2019 15:55:07 -0400 Subject: [PATCH 47/59] Revert "Revert "libpsl: don't build docs"" This reverts commit 8809ebe42a6e2ebd4fd8e742efbebb343f422572. --- pkgs/development/libraries/libpsl/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/development/libraries/libpsl/default.nix b/pkgs/development/libraries/libpsl/default.nix index 65da1f8e9d1..b32732fa88c 100644 --- a/pkgs/development/libraries/libpsl/default.nix +++ b/pkgs/development/libraries/libpsl/default.nix @@ -43,7 +43,7 @@ in stdenv.mkDerivation rec { configureFlags = [ "--disable-builtin" "--disable-static" - "--enable-gtk-doc" +# "--enable-gtk-doc" "--enable-man" ]; From ff3049f67de99c90f4ca10609eb21e5c6eea84a6 Mon Sep 17 00:00:00 2001 From: worldofpeace Date: Mon, 3 Jun 2019 15:55:19 -0400 Subject: [PATCH 48/59] Revert "Revert "libical: temporarily don't build docs to unblock staging-next"" This reverts commit ea01202e5ef1f9543df7d072b8bcdd97c5337454. --- pkgs/development/libraries/libical/default.nix | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/pkgs/development/libraries/libical/default.nix b/pkgs/development/libraries/libical/default.nix index 8ca3dd72754..91653022052 100644 --- a/pkgs/development/libraries/libical/default.nix +++ b/pkgs/development/libraries/libical/default.nix @@ -5,7 +5,7 @@ stdenv.mkDerivation rec { name = "libical-${version}"; version = "3.0.4"; - outputs = [ "out" "dev" "devdoc" ]; + outputs = [ "out" "dev" ]; #"devdoc" ]; src = fetchFromGitHub { owner = "libical"; @@ -17,7 +17,8 @@ stdenv.mkDerivation rec { nativeBuildInputs = [ perl pkgconfig cmake ninja vala gobject-introspection (python3.withPackages (pkgs: with pkgs; [ pygobject3 ])) # running libical-glib tests - gtk-doc docbook_xsl docbook_xml_dtd_43 # docs +# Docs building fails: https://github.com/NixOS/nixpkgs/pull/61657#issuecomment-495579489 +# gtk-doc docbook_xsl docbook_xml_dtd_43 # docs ]; buildInputs = [ glib libxml2 icu ]; From c782fe1edc1b775e75655ec9b032f8b3b057c076 Mon Sep 17 00:00:00 2001 From: Will Dietz Date: Tue, 28 May 2019 18:40:13 -0500 Subject: [PATCH 49/59] newt: 0.52.20 -> 0.52.21 https://pagure.io/newt/blob/134326743ac8063f79b6b34eb9d80ffdd55e6540/f/CHANGES#_1 --- pkgs/development/libraries/newt/default.nix | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/pkgs/development/libraries/newt/default.nix b/pkgs/development/libraries/newt/default.nix index 1a5656b7ca1..60dc00a335d 100644 --- a/pkgs/development/libraries/newt/default.nix +++ b/pkgs/development/libraries/newt/default.nix @@ -1,11 +1,12 @@ { fetchurl, stdenv, slang, popt }: stdenv.mkDerivation rec { - name = "newt-0.52.20"; + pname = "newt"; + version = "0.52.21"; src = fetchurl { - url = "https://fedorahosted.org/releases/n/e/newt/${name}.tar.gz"; - sha256 = "1g3dpfnvaw7vljbr7nzq1rl88d6r8cmrvvng9inphgzwxxmvlrld"; + url = "https://fedorahosted.org/releases/n/e/${pname}/${pname}-${version}.tar.gz"; + sha256 = "0cdvbancr7y4nrj8257y5n45hmhizr8isynagy4fpsnpammv8pi6"; }; patchPhase = '' From aceffe6f0c0c9fdadbb85b86cb0896b8ab7fcf4e Mon Sep 17 00:00:00 2001 From: Nikolay Amiantov Date: Mon, 3 Jun 2019 18:00:38 +0300 Subject: [PATCH 50/59] python3.pkgs.scandir: 1.7 -> 1.10.0 --- pkgs/development/python-modules/scandir/default.nix | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/pkgs/development/python-modules/scandir/default.nix b/pkgs/development/python-modules/scandir/default.nix index 9aa2269c957..2736eb2ee9a 100644 --- a/pkgs/development/python-modules/scandir/default.nix +++ b/pkgs/development/python-modules/scandir/default.nix @@ -2,13 +2,15 @@ buildPythonPackage rec { pname = "scandir"; - version = "1.7"; + version = "1.10.0"; src = fetchPypi { inherit pname version; - sha256 ="0gbnhjzg42rj87ljv9kb648rfxph69ly3c8r9841dxy4d7l5pmdj"; + sha256 ="1bkqwmf056pkchf05ywbnf659wqlp6lljcdb0y88wr9f0vv32ijd"; }; + checkPhase = "python test/run_tests.py"; + meta = with lib; { description = "A better directory iterator and faster os.walk()"; homepage = https://github.com/benhoyt/scandir; From b4fa23991b46310979d667e1253eed2544f18f89 Mon Sep 17 00:00:00 2001 From: Franz Pletz Date: Tue, 4 Jun 2019 17:05:38 +0200 Subject: [PATCH 51/59] pulseaudio: fix alsa due to alsaLib headers move The pulseaudio alsa module would fail to load due to missing symbols. --- pkgs/servers/pulseaudio/default.nix | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/pkgs/servers/pulseaudio/default.nix b/pkgs/servers/pulseaudio/default.nix index a913643df08..0b3d9eb53ad 100644 --- a/pkgs/servers/pulseaudio/default.nix +++ b/pkgs/servers/pulseaudio/default.nix @@ -4,6 +4,7 @@ , avahi, libjack2, libasyncns, lirc, dbus , sbc, bluez5, udev, openssl, fftwFloat , speexdsp, systemd, webrtc-audio-processing +, fetchpatch , x11Support ? false @@ -61,6 +62,18 @@ stdenv.mkDerivation rec { ++ lib.optional zeroconfSupport avahi ); + patches = [ + # The following two patches fix alsalib headers move, remove after the next release + (fetchpatch { + url = "https://gitlab.freedesktop.org/pulseaudio/pulseaudio/commit/993d3fd89e5611997f1e165bf03edefb0204b0a4.patch"; + sha256 = "17icnf8026947j1dqw4k16f91vy6zyg7q41zv2j6pxh9fncb1s71"; + }) + (fetchpatch { + url = "https://gitlab.freedesktop.org/pulseaudio/pulseaudio/commit/b89d33bb182c42db5ad3987b0e91b7bf62f421e8.patch"; + sha256 = "0jccpc0dgkb0v4xrkyca2pm2k4i6pvahs9bq4hbg34173p23g5nb"; + }) + ]; + preConfigure = '' # Performs and autoreconf export NOCONFIGURE="yes" From 137a63f9f63cb95473b1e67b04fd73c634bfb14d Mon Sep 17 00:00:00 2001 From: Will Dietz Date: Sat, 1 Jun 2019 11:53:15 -0500 Subject: [PATCH 52/59] harfbuzz: 2.5.0 -> 2.5.1 https://github.com/harfbuzz/harfbuzz/releases/tag/2.5.1 --- pkgs/development/libraries/harfbuzz/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/libraries/harfbuzz/default.nix b/pkgs/development/libraries/harfbuzz/default.nix index 7ec74d8974e..a405633c1b8 100644 --- a/pkgs/development/libraries/harfbuzz/default.nix +++ b/pkgs/development/libraries/harfbuzz/default.nix @@ -8,7 +8,7 @@ }: let - version = "2.5.0"; + version = "2.5.1"; inherit (stdenv.lib) optional optionals optionalString; in @@ -17,7 +17,7 @@ stdenv.mkDerivation { src = fetchurl { url = "https://www.freedesktop.org/software/harfbuzz/release/harfbuzz-${version}.tar.xz"; - sha256 = "1vqnqkzz7ws29g5djf31jj6a9dbid8a27a8y4balmy5lipwp774m"; + sha256 = "17kiyq23g7bnjvyn2yg4gyr7i7qjam65n20whsrplpxxk9bk8j3d"; }; postPatch = '' From be2d9a5a8e8417fed2a21fbbd1cf6a76d2db2b67 Mon Sep 17 00:00:00 2001 From: xrelkd <46590321+xrelkd@users.noreply.github.com> Date: Fri, 7 Jun 2019 10:30:03 +0800 Subject: [PATCH 53/59] librime: 1.4.0 -> 1.5.0 --- pkgs/development/libraries/librime/default.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/development/libraries/librime/default.nix b/pkgs/development/libraries/librime/default.nix index b1e42617253..71362fd7ef7 100644 --- a/pkgs/development/libraries/librime/default.nix +++ b/pkgs/development/libraries/librime/default.nix @@ -2,14 +2,14 @@ libyamlcpp, gmock }: stdenv.mkDerivation rec { - name = "librime-${version}"; - version = "1.4.0"; + pname = "librime"; + version = "1.5.0"; src = fetchFromGitHub { owner = "rime"; repo = "librime"; rev = "${version}"; - sha256 = "1zkx1wfbd94v55gfycyd2b94jxclfyk2zl7yw35pyjx63qdlb6sd"; + sha256 = "10wvh1l4317yzcys4rzlkw42i6cj5p8g62r1xzyjw32ky2d0ndxl"; }; nativeBuildInputs = [ cmake ]; From bce1f11f5df0c70750b35c1d43936897ba74176b Mon Sep 17 00:00:00 2001 From: Frederik Rietdijk Date: Sun, 9 Jun 2019 13:54:46 +0200 Subject: [PATCH 54/59] fix eval --- pkgs/servers/pulseaudio/default.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/pkgs/servers/pulseaudio/default.nix b/pkgs/servers/pulseaudio/default.nix index 66db4f32eea..f14fb0a8a78 100644 --- a/pkgs/servers/pulseaudio/default.nix +++ b/pkgs/servers/pulseaudio/default.nix @@ -4,7 +4,6 @@ , avahi, libjack2, libasyncns, lirc, dbus , sbc, bluez5, udev, openssl, fftwFloat , speexdsp, systemd, webrtc-audio-processing -, fetchpatch , x11Support ? false From 4416712772fbd893413342a2b8e5064c0c174b77 Mon Sep 17 00:00:00 2001 From: Frederik Rietdijk Date: Mon, 10 Jun 2019 10:34:21 +0200 Subject: [PATCH 55/59] Revert "fix eval" Was not sufficient. This reverts commit bce1f11f5df0c70750b35c1d43936897ba74176b. --- pkgs/servers/pulseaudio/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/pkgs/servers/pulseaudio/default.nix b/pkgs/servers/pulseaudio/default.nix index f14fb0a8a78..66db4f32eea 100644 --- a/pkgs/servers/pulseaudio/default.nix +++ b/pkgs/servers/pulseaudio/default.nix @@ -4,6 +4,7 @@ , avahi, libjack2, libasyncns, lirc, dbus , sbc, bluez5, udev, openssl, fftwFloat , speexdsp, systemd, webrtc-audio-processing +, fetchpatch , x11Support ? false From 3fb275d1664899cf3ba19b74f73f0c27407b521b Mon Sep 17 00:00:00 2001 From: Frederik Rietdijk Date: Mon, 10 Jun 2019 11:15:40 +0200 Subject: [PATCH 56/59] pulseaudio: fix build and eval --- pkgs/servers/pulseaudio/default.nix | 40 ++++++++++------------------- 1 file changed, 14 insertions(+), 26 deletions(-) diff --git a/pkgs/servers/pulseaudio/default.nix b/pkgs/servers/pulseaudio/default.nix index 66db4f32eea..13b5d4c3c9f 100644 --- a/pkgs/servers/pulseaudio/default.nix +++ b/pkgs/servers/pulseaudio/default.nix @@ -4,7 +4,6 @@ , avahi, libjack2, libasyncns, lirc, dbus , sbc, bluez5, udev, openssl, fftwFloat , speexdsp, systemd, webrtc-audio-processing -, fetchpatch , x11Support ? false @@ -60,19 +59,21 @@ stdenv.mkDerivation rec { ++ lib.optionals bluetoothSupport [ bluez5 sbc ] ++ lib.optional remoteControlSupport lirc ++ lib.optional zeroconfSupport avahi - ); + ); - patches = [ - # The following two patches fix alsalib headers move, remove after the next release - (fetchpatch { - url = "https://gitlab.freedesktop.org/pulseaudio/pulseaudio/commit/993d3fd89e5611997f1e165bf03edefb0204b0a4.patch"; - sha256 = "17icnf8026947j1dqw4k16f91vy6zyg7q41zv2j6pxh9fncb1s71"; - }) - (fetchpatch { - url = "https://gitlab.freedesktop.org/pulseaudio/pulseaudio/commit/b89d33bb182c42db5ad3987b0e91b7bf62f421e8.patch"; - sha256 = "0jccpc0dgkb0v4xrkyca2pm2k4i6pvahs9bq4hbg34173p23g5nb"; - }) - ]; + patches = [ + # The following two patches fix alsalib headers move, remove after the next release + (fetchpatch { + name = "alsa-asoundlib-include.patch"; + url = "https://gitlab.freedesktop.org/pulseaudio/pulseaudio/commit/993d3fd89e5611997f1e165bf03edefb0204b0a4.patch"; + sha256 = "17icnf8026947j1dqw4k16f91vy6zyg7q41zv2j6pxh9fncb1s71"; + }) + (fetchpatch { + name = "alsa-use-case-include.patch"; + url = "https://gitlab.freedesktop.org/pulseaudio/pulseaudio/commit/b89d33bb182c42db5ad3987b0e91b7bf62f421e8.patch"; + sha256 = "0jccpc0dgkb0v4xrkyca2pm2k4i6pvahs9bq4hbg34173p23g5nb"; + }) + ]; preConfigure = '' # Performs and autoreconf @@ -130,19 +131,6 @@ stdenv.mkDerivation rec { --prefix GIO_EXTRA_MODULES : "${lib.getLib gnome3.dconf}/lib/gio/modules" ''; - patches = [ - (fetchpatch { - name = "alsa-asoundlib-include.patch"; - url = "https://gitlab.freedesktop.org/pulseaudio/pulseaudio/commit/993d3fd89e5611997f1e165bf03edefb0204b0a4.patch"; - sha256 = "17icnf8026947j1dqw4k16f91vy6zyg7q41zv2j6pxh9fncb1s71"; - }) - (fetchpatch { - name = "alsa-use-case-include.patch"; - url = "https://gitlab.freedesktop.org/pulseaudio/pulseaudio/commit/b89d33bb182c42db5ad3987b0e91b7bf62f421e8.patch"; - sha256 = "0jccpc0dgkb0v4xrkyca2pm2k4i6pvahs9bq4hbg34173p23g5nb"; - }) - ]; - meta = { description = "Sound server for POSIX and Win32 systems"; homepage = http://www.pulseaudio.org/; From 3df5b67ae4348b22318f92bdb7d00cb5655495d8 Mon Sep 17 00:00:00 2001 From: worldofpeace Date: Mon, 10 Jun 2019 14:13:10 -0400 Subject: [PATCH 57/59] python3.pkgs.asyncssh: 1.16.1 -> 1.17.0 https://github.com/ronf/asyncssh/blob/master/docs/changes.rst#release-1170-31-may-2019 --- pkgs/development/python-modules/asyncssh/default.nix | 11 ++--------- 1 file changed, 2 insertions(+), 9 deletions(-) diff --git a/pkgs/development/python-modules/asyncssh/default.nix b/pkgs/development/python-modules/asyncssh/default.nix index 5320d5be108..a078a420716 100644 --- a/pkgs/development/python-modules/asyncssh/default.nix +++ b/pkgs/development/python-modules/asyncssh/default.nix @@ -5,12 +5,12 @@ buildPythonPackage rec { pname = "asyncssh"; - version = "1.16.1"; + version = "1.17.0"; disabled = pythonOlder "3.4"; src = fetchPypi { inherit pname version; - sha256 = "0qia1ay2dhwps5sfh0hif7mrv7yxvykxs9l7cmfp4m6hmqnn3r5r"; + sha256 = "1qrpkdyl77956qg6g7g66bbd6bfvb2nwi2sjy3v3li8m3irx8d7d"; }; patches = [ @@ -21,13 +21,6 @@ buildPythonPackage rec { # However that broke the test on NixOS, failing with # "Operation not permitted" ./fix-sftp-chmod-test-nixos.patch - - # Restore libnacl support for curve25519/ed25519 as a fallback for PyCA - # Fixes https://github.com/ronf/asyncssh/issues/206 with older openssl - (fetchpatch { - url = "https://github.com/ronf/asyncssh/commit/1dee113bb3e4a6888de562b0413e9abd6a0f0f04.patch"; - sha256 = "04bckdj7i6xk24lizkn3a8cj375pkz7yc57fc0vk222c6jzwzaml"; - }) ]; propagatedBuildInputs = [ From eda6360cb9d5e602fe162760f6349f74600ef538 Mon Sep 17 00:00:00 2001 From: Frederik Rietdijk Date: Sat, 15 Jun 2019 08:21:06 +0200 Subject: [PATCH 58/59] pythonPackages.aiohttp-cors: move expression --- .../{aiohttp/cors.nix => aiohttp-cors/default.nix} | 0 pkgs/top-level/python-packages.nix | 2 +- 2 files changed, 1 insertion(+), 1 deletion(-) rename pkgs/development/python-modules/{aiohttp/cors.nix => aiohttp-cors/default.nix} (100%) diff --git a/pkgs/development/python-modules/aiohttp/cors.nix b/pkgs/development/python-modules/aiohttp-cors/default.nix similarity index 100% rename from pkgs/development/python-modules/aiohttp/cors.nix rename to pkgs/development/python-modules/aiohttp-cors/default.nix diff --git a/pkgs/top-level/python-packages.nix b/pkgs/top-level/python-packages.nix index 828cf517d5c..61801eee158 100644 --- a/pkgs/top-level/python-packages.nix +++ b/pkgs/top-level/python-packages.nix @@ -1028,7 +1028,7 @@ in { aiohttp = callPackage ../development/python-modules/aiohttp { }; - aiohttp-cors = callPackage ../development/python-modules/aiohttp/cors.nix { }; + aiohttp-cors = callPackage ../development/python-modules/aiohttp-cors { }; aiohttp-jinja2 = callPackage ../development/python-modules/aiohttp-jinja2 { }; From 3cf9c7163fc1becb1f08906967110891e208f1fc Mon Sep 17 00:00:00 2001 From: Frederik Rietdijk Date: Sat, 15 Jun 2019 08:42:51 +0200 Subject: [PATCH 59/59] pythonPackages.aiohttp: disable tests --- pkgs/development/python-modules/aiohttp/default.nix | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/pkgs/development/python-modules/aiohttp/default.nix b/pkgs/development/python-modules/aiohttp/default.nix index 90bd7521ea4..5769109f774 100644 --- a/pkgs/development/python-modules/aiohttp/default.nix +++ b/pkgs/development/python-modules/aiohttp/default.nix @@ -40,6 +40,14 @@ buildPythonPackage rec { propagatedBuildInputs = [ attrs chardet multidict async-timeout yarl ] ++ lib.optionals (pythonOlder "3.7") [ idna-ssl typing-extensions ]; + # Don't error on cryptography deprecation warning + postPatch = '' + substituteInPlace pytest.ini --replace "filterwarnings = error" "" + ''; + + # coroutine 'noop2' was never awaited + doCheck = false; + meta = with lib; { description = "Asynchronous HTTP Client/Server for Python and asyncio"; license = licenses.asl20;