diff --git a/doc/package-notes.xml b/doc/package-notes.xml index 803d343aa09..e23593107d8 100644 --- a/doc/package-notes.xml +++ b/doc/package-notes.xml @@ -307,23 +307,19 @@ packageOverrides = pkgs: { +
Elm - The Nix expressions for Elm reside in - pkgs/development/compilers/elm. They are generated - automatically by update-elm.rb script. One should specify - versions of Elm packages inside the script, clear the - packages directory and run the script from inside it. - elm-reactor is special because it also has Elm package - dependencies. The process is not automated very much for now -- you should - get the elm-reactor source tree (e.g. with - nix-shell) and run elm2nix.rb inside - it. Place the resulting package.nix file into - packages/elm-reactor-elm.nix. + To update Elm compiler, see nixpkgs/pkgs/development/compilers/elm/README.md. + + + + To package Elm applications, read about elm2nix.
+
Interactive shell helpers diff --git a/lib/systems/parse.nix b/lib/systems/parse.nix index 7db09fc550e..6947d41419e 100644 --- a/lib/systems/parse.nix +++ b/lib/systems/parse.nix @@ -279,8 +279,14 @@ rec { "2" = # We only do 2-part hacks for things Nix already supports if elemAt l 1 == "cygwin" then { cpu = elemAt l 0; kernel = "windows"; abi = "cygnus"; } + # MSVC ought to be the default ABI so this case isn't needed. But then it + # becomes difficult to handle the gnu* variants for Aarch32 correctly for + # minGW. So it's easier to make gnu* the default for the MinGW, but + # hack-in MSVC for the non-MinGW case right here. + else if elemAt l 1 == "windows" + then { cpu = elemAt l 0; kernel = "windows"; abi = "msvc"; } else if (elemAt l 1) == "elf" - then { cpu = elemAt l 0; vendor = "unknown"; kernel = "none"; abi = elemAt l 1; } + then { cpu = elemAt l 0; vendor = "unknown"; kernel = "none"; abi = elemAt l 1; } else { cpu = elemAt l 0; kernel = elemAt l 1; }; "3" = # Awkwards hacks, beware! if elemAt l 1 == "apple" @@ -288,7 +294,7 @@ rec { else if (elemAt l 1 == "linux") || (elemAt l 2 == "gnu") then { cpu = elemAt l 0; kernel = elemAt l 1; abi = elemAt l 2; } else if (elemAt l 2 == "mingw32") # autotools breaks on -gnu for window - then { cpu = elemAt l 0; vendor = elemAt l 1; kernel = "windows"; abi = "gnu"; } + then { cpu = elemAt l 0; vendor = elemAt l 1; kernel = "windows"; } else if hasPrefix "netbsd" (elemAt l 2) then { cpu = elemAt l 0; vendor = elemAt l 1; kernel = elemAt l 2; } else if (elem (elemAt l 2) ["eabi" "eabihf" "elf"]) @@ -324,13 +330,12 @@ rec { else getKernel args.kernel; abi = /**/ if args ? abi then getAbi args.abi - else if isLinux parsed then + else if isLinux parsed || isWindows parsed then if isAarch32 parsed then if lib.versionAtLeast (parsed.cpu.version or "0") "6" then abis.gnueabihf else abis.gnueabi else abis.gnu - else if isWindows parsed then abis.gnu else abis.unknown; }; diff --git a/nixos/modules/misc/version.nix b/nixos/modules/misc/version.nix index fd77f637272..001505320c0 100644 --- a/nixos/modules/misc/version.nix +++ b/nixos/modules/misc/version.nix @@ -93,6 +93,7 @@ in VERSION_CODENAME=${toLower cfg.codeName} VERSION_ID="${cfg.version}" PRETTY_NAME="NixOS ${cfg.version} (${cfg.codeName})" + LOGO="nix-snowflake" HOME_URL="https://nixos.org/" SUPPORT_URL="https://nixos.org/nixos/support.html" BUG_REPORT_URL="https://github.com/NixOS/nixpkgs/issues" diff --git a/nixos/modules/profiles/hardened.nix b/nixos/modules/profiles/hardened.nix index a588943fe71..9ab2ee87a19 100644 --- a/nixos/modules/profiles/hardened.nix +++ b/nixos/modules/profiles/hardened.nix @@ -29,11 +29,20 @@ with lib; security.apparmor.enable = mkDefault true; boot.kernelParams = [ + # Slab/slub sanity checks, redzoning, and poisoning + "slub_debug=FZP" + + # Disable slab merging to make certain heap overflow attacks harder + "slab_nomerge" + # Overwrite free'd memory "page_poison=1" # Disable legacy virtual syscalls "vsyscall=none" + + # Enable PTI even if CPU claims to be safe from meltdown + "pti=on" ]; boot.blacklistedKernelModules = [ diff --git a/nixos/modules/programs/xss-lock.nix b/nixos/modules/programs/xss-lock.nix index 49d522c604f..c290df01b96 100644 --- a/nixos/modules/programs/xss-lock.nix +++ b/nixos/modules/programs/xss-lock.nix @@ -9,7 +9,8 @@ in options.programs.xss-lock = { enable = mkEnableOption "xss-lock"; lockerCommand = mkOption { - example = "xlock"; + default = "${pkgs.i3lock}/bin/i3lock"; + example = literalExample ''''${pkgs.i3lock-fancy}/bin/i3lock-fancy''; type = types.string; description = "Locker to be used with xsslock"; }; diff --git a/nixos/modules/services/hardware/lirc.nix b/nixos/modules/services/hardware/lirc.nix index 0072406a438..826e512c75d 100644 --- a/nixos/modules/services/hardware/lirc.nix +++ b/nixos/modules/services/hardware/lirc.nix @@ -32,7 +32,6 @@ in { default = []; description = "Extra arguments to lircd."; }; - }; }; @@ -43,14 +42,15 @@ in { # Note: LIRC executables raises a warning, if lirc_options.conf do not exists environment.etc."lirc/lirc_options.conf".text = cfg.options; + passthru.lirc.socket = "/run/lirc/lircd"; + environment.systemPackages = [ pkgs.lirc ]; systemd.sockets.lircd = { description = "LIRC daemon socket"; wantedBy = [ "sockets.target" ]; socketConfig = { - # default search path - ListenStream = "/run/lirc/lircd"; + ListenStream = config.passthru.lirc.socket; SocketUser = "lirc"; SocketMode = "0660"; }; diff --git a/nixos/modules/services/hardware/vdr.nix b/nixos/modules/services/hardware/vdr.nix index 75136a2f796..4822506a899 100644 --- a/nixos/modules/services/hardware/vdr.nix +++ b/nixos/modules/services/hardware/vdr.nix @@ -33,12 +33,14 @@ in { default = []; description = "Additional command line arguments to pass to VDR."; }; + + enableLirc = mkEnableOption "enable LIRC"; }; }; ###### implementation - config = mkIf cfg.enable { + config = mkIf cfg.enable (mkMerge [{ systemd.tmpfiles.rules = [ "d ${cfg.videoDir} 0755 vdr vdr -" "Z ${cfg.videoDir} - vdr vdr -" @@ -67,5 +69,13 @@ in { }; users.groups.vdr = {}; - }; + } + + (mkIf cfg.enableLirc { + services.lirc.enable = true; + users.users.vdr.extraGroups = [ "lirc" ]; + services.vdr.extraArguments = [ + "--lirc=${config.passthru.lirc.socket}" + ]; + })]); } diff --git a/nixos/tests/xss-lock.nix b/nixos/tests/xss-lock.nix index 045667bdcde..b46bb1a8f6e 100644 --- a/nixos/tests/xss-lock.nix +++ b/nixos/tests/xss-lock.nix @@ -9,7 +9,6 @@ with lib; machine = { imports = [ ./common/x11.nix ./common/user-account.nix ]; programs.xss-lock.enable = true; - programs.xss-lock.lockerCommand = "${pkgs.xlockmore}/bin/xlock"; services.xserver.displayManager.auto.user = "alice"; }; @@ -20,6 +19,6 @@ with lib; $machine->fail("pgrep xlock"); $machine->succeed("su -l alice -c 'xset dpms force standby'"); - $machine->waitUntilSucceeds("pgrep xlock"); + $machine->waitUntilSucceeds("pgrep i3lock"); ''; }) diff --git a/pkgs/applications/altcoins/bitcoin.nix b/pkgs/applications/altcoins/bitcoin.nix index c266fa2fef2..b50508342bf 100644 --- a/pkgs/applications/altcoins/bitcoin.nix +++ b/pkgs/applications/altcoins/bitcoin.nix @@ -5,13 +5,13 @@ with stdenv.lib; stdenv.mkDerivation rec{ name = "bitcoin" + (toString (optional (!withGui) "d")) + "-" + version; - version = "0.17.0"; + version = "0.17.1"; src = fetchurl { urls = [ "https://bitcoincore.org/bin/bitcoin-core-${version}/bitcoin-${version}.tar.gz" "https://bitcoin.org/bin/bitcoin-core-${version}/bitcoin-${version}.tar.gz" ]; - sha256 = "0pkq28d2dj22qrxyyg9kh0whmhj7ghyabnhyqldbljv4a7l3kvwq"; + sha256 = "0am4pnaf2cisv172jqx6jdpzx770agm8777163lkjbw3ryslymiy"; }; nativeBuildInputs = [ pkgconfig autoreconfHook ] diff --git a/pkgs/applications/audio/musescore/default.nix b/pkgs/applications/audio/musescore/default.nix index 28381fcfee6..340978c8183 100644 --- a/pkgs/applications/audio/musescore/default.nix +++ b/pkgs/applications/audio/musescore/default.nix @@ -1,20 +1,24 @@ { stdenv, lib, fetchFromGitHub, cmake, pkgconfig , alsaLib, freetype, libjack2, lame, libogg, libpulseaudio, libsndfile, libvorbis , portaudio, portmidi, qtbase, qtdeclarative, qtscript, qtsvg, qttools -, qtwebkit, qtxmlpatterns +, qtwebengine, qtxmlpatterns }: stdenv.mkDerivation rec { name = "musescore-${version}"; - version = "2.3.2"; + version = "3.0"; src = fetchFromGitHub { owner = "musescore"; repo = "MuseScore"; rev = "v${version}"; - sha256 = "0ncv0xfmq87plqa43cm0fpidlwzz1nq5s7h7139llrbc36yp3pr1"; + sha256 = "0g8n8xpw5d6wh8bwbvy12sinl9i0ir009sr28i4izr28lr4x8v50"; }; + patches = [ + ./remove_qtwebengine_install_hack.patch + ]; + cmakeFlags = [ ] ++ lib.optional (lib.versionAtLeast freetype.version "2.5.2") "-DUSE_SYSTEM_FREETYPE=ON"; @@ -23,7 +27,7 @@ stdenv.mkDerivation rec { buildInputs = [ alsaLib libjack2 freetype lame libogg libpulseaudio libsndfile libvorbis portaudio portmidi # tesseract - qtbase qtdeclarative qtscript qtsvg qttools qtwebkit qtxmlpatterns + qtbase qtdeclarative qtscript qtsvg qttools qtwebengine qtxmlpatterns ]; meta = with stdenv.lib; { diff --git a/pkgs/applications/audio/musescore/remove_qtwebengine_install_hack.patch b/pkgs/applications/audio/musescore/remove_qtwebengine_install_hack.patch new file mode 100644 index 00000000000..53a0c90ce46 --- /dev/null +++ b/pkgs/applications/audio/musescore/remove_qtwebengine_install_hack.patch @@ -0,0 +1,25 @@ +--- a/mscore/CMakeLists.txt ++++ b/mscore/CMakeLists.txt +@@ -660,22 +660,6 @@ if (MINGW) + else (MINGW) + + if ( NOT MSVC ) +-## install qwebengine core +- if (NOT APPLE AND USE_WEBENGINE) +- install(FILES +- ${QT_INSTALL_LIBEXECS}/QtWebEngineProcess +- DESTINATION bin +- ) +- install(DIRECTORY +- ${QT_INSTALL_DATA}/resources +- DESTINATION lib/qt5 +- ) +- install(DIRECTORY +- ${QT_INSTALL_TRANSLATIONS}/qtwebengine_locales +- DESTINATION lib/qt5/translations +- ) +- endif(NOT APPLE AND USE_WEBENGINE) +- + target_link_libraries(mscore + ${ALSA_LIB} + ${QT_LIBRARIES} diff --git a/pkgs/applications/editors/geany/default.nix b/pkgs/applications/editors/geany/default.nix index caead872eb2..9f33bd08489 100644 --- a/pkgs/applications/editors/geany/default.nix +++ b/pkgs/applications/editors/geany/default.nix @@ -3,7 +3,7 @@ with stdenv.lib; let - version = "1.34"; + version = "1.34.1"; in stdenv.mkDerivation rec { @@ -11,7 +11,7 @@ stdenv.mkDerivation rec { src = fetchurl { url = "https://download.geany.org/${name}.tar.bz2"; - sha256 = "63b93d25d037eaffa77895ae6dd29c91bca570e4053eff5cc8490f87e6021f8e"; + sha256 = "e765efd89e759defe3fd797d8a2052afbb4b23522efbcc72e3a72b7f1093ec11"; }; nativeBuildInputs = [ pkgconfig intltool libintl ]; diff --git a/pkgs/applications/misc/gpxsee/default.nix b/pkgs/applications/misc/gpxsee/default.nix index 50a81890789..5ef64b2b801 100644 --- a/pkgs/applications/misc/gpxsee/default.nix +++ b/pkgs/applications/misc/gpxsee/default.nix @@ -2,20 +2,20 @@ stdenv.mkDerivation rec { name = "gpxsee-${version}"; - version = "6.3"; + version = "7.1"; src = fetchFromGitHub { owner = "tumic0"; repo = "GPXSee"; rev = version; - sha256 = "0kbnmcis04kjqkd0msfjd8rdmdf23c71dpzx9wcpf2yadc9rv4c9"; + sha256 = "1dgag8j3566qwiz1pschfq2wqdp7y1pr4cm9na4zwrdjhn3ci6v5"; }; nativeBuildInputs = [ qmake ]; buildInputs = [ qttools ]; preConfigure = '' - substituteInPlace src/config.h --replace /usr/share/gpxsee $out/share/gpxsee + substituteInPlace src/common/programpaths.cpp --replace /usr/share/ $out/share/ lrelease lang/*.ts ''; @@ -31,11 +31,11 @@ stdenv.mkDerivation rec { enableParallelBuilding = true; meta = with stdenv.lib; { - homepage = http://www.gpxsee.org/; + homepage = https://www.gpxsee.org/; description = "GPX viewer and analyzer"; longDescription = '' GPXSee is a Qt-based GPS log file viewer and analyzer that supports GPX, - TCX, KML, FIT, IGC and NMEA files. + TCX, KML, FIT, IGC, NMEA, SLF, LOC and OziExplorer files. ''; license = licenses.gpl3; maintainers = [ maintainers.womfoo ]; diff --git a/pkgs/applications/networking/irc/weechat/scripts/weechat-matrix-bridge/default.nix b/pkgs/applications/networking/irc/weechat/scripts/weechat-matrix-bridge/default.nix index d2960ae93a9..137a32f9364 100644 --- a/pkgs/applications/networking/irc/weechat/scripts/weechat-matrix-bridge/default.nix +++ b/pkgs/applications/networking/irc/weechat/scripts/weechat-matrix-bridge/default.nix @@ -1,12 +1,12 @@ { stdenv, curl, fetchFromGitHub, cjson, olm, luaffi }: stdenv.mkDerivation { - name = "weechat-matrix-bridge-2018-05-29"; + name = "weechat-matrix-bridge-2018-11-19"; src = fetchFromGitHub { owner = "torhve"; repo = "weechat-matrix-protocol-script"; - rev = "ace3fefc0e35a627f8a528032df2e3111e41eb1b"; - sha256 = "1snf8vn5n9wzrnqnvdrcli4199s5p114jbjlgrj5c27i53173wqw"; + rev = "8d32e90d864a8f3f09ecc2857cd5dd6e39a8c3f7"; + sha256 = "0qqd6qmkrdc0r3rnl53c3yp93fbcz7d3mdw3vq5gmdqxyym4s9lj"; }; patches = [ diff --git a/pkgs/applications/networking/mailreaders/thunderbird/default.nix b/pkgs/applications/networking/mailreaders/thunderbird/default.nix index 4c41488acb4..22cf62d5282 100644 --- a/pkgs/applications/networking/mailreaders/thunderbird/default.nix +++ b/pkgs/applications/networking/mailreaders/thunderbird/default.nix @@ -24,11 +24,11 @@ let gcc = if stdenv.cc.isGNU then stdenv.cc.cc else stdenv.cc.cc.gcc; in stdenv.mkDerivation rec { name = "thunderbird-${version}"; - version = "60.3.3"; + version = "60.4.0"; src = fetchurl { url = "mirror://mozilla/thunderbird/releases/${version}/source/thunderbird-${version}.source.tar.xz"; - sha512 = "04m6mgm4nfnq3nfkv0d1al5b7bw95kfcjpyd7aschqi6wnn21g8qacx42ynj89i5l9vc1jx8nz0wy266sy6x5iv9q585c6l6j9gvkrh"; + sha512 = "0flg3j0bvgpyk4wbb8d17yl8rddww7q9m9n5brqx1jlj0vjk8lrf8awvxxhn5ssyhy2ys2sklnw75y35hnws3hijs8l9l8ahznfqjq8"; }; # from firefox, but without sound libraries diff --git a/pkgs/applications/science/logic/cryptominisat/default.nix b/pkgs/applications/science/logic/cryptominisat/default.nix index 4d96339149a..18af6f0a618 100644 --- a/pkgs/applications/science/logic/cryptominisat/default.nix +++ b/pkgs/applications/science/logic/cryptominisat/default.nix @@ -1,24 +1,18 @@ -{ stdenv, fetchFromGitHub, fetchpatch, cmake, python, xxd }: +{ stdenv, fetchFromGitHub, fetchpatch, cmake, python3, xxd, boost }: stdenv.mkDerivation rec { name = "cryptominisat-${version}"; - version = "5.0.1"; + version = "5.6.6"; src = fetchFromGitHub { owner = "msoos"; repo = "cryptominisat"; rev = version; - sha256 = "0cpw5d9vplxvv3aaplhnga55gz1hy29p7s4pkw1306knkbhlzvkb"; + sha256 = "1a1494gj4j73yij0hjbzsn2hglk9zy5c5wfwgig3j67cis28saf5"; }; - buildInputs = [ python xxd ]; - nativeBuildInputs = [ cmake ]; - - patches = [(fetchpatch rec { - name = "fix-exported-library-name.patch"; - url = "https://github.com/msoos/cryptominisat/commit/7a47795cbe5ad5a899731102d297f234bcade077.patch"; - sha256 = "11hf3cfqs4cykn7rlgjglq29lzqfxvlm0f20qasi0kdrz01cr30f"; - })]; + buildInputs = [ python3 boost ]; + nativeBuildInputs = [ cmake xxd ]; meta = with stdenv.lib; { description = "An advanced SAT Solver"; diff --git a/pkgs/applications/version-management/gitea/default.nix b/pkgs/applications/version-management/gitea/default.nix index eca07b81bac..4579c9a83b5 100644 --- a/pkgs/applications/version-management/gitea/default.nix +++ b/pkgs/applications/version-management/gitea/default.nix @@ -7,13 +7,13 @@ with stdenv.lib; buildGoPackage rec { name = "gitea-${version}"; - version = "1.6.2"; + version = "1.6.3"; src = fetchFromGitHub { owner = "go-gitea"; repo = "gitea"; rev = "v${version}"; - sha256 = "1ijxpihdg8k6gs1xpim0iviqakvjadjzp0a5ki2czykilnyg8y85"; + sha256 = "02d37mh1qxsq9lc9ylk5sgdlc1cgwh6fri077crk43mnyb5lhj3j"; # Required to generate the same checksum on MacOS due to unicode encoding differences # More information: https://github.com/NixOS/nixpkgs/pull/48128 extraPostFetch = '' diff --git a/pkgs/applications/video/obs-studio/default.nix b/pkgs/applications/video/obs-studio/default.nix index 9fc9c587108..c98acda9eea 100644 --- a/pkgs/applications/video/obs-studio/default.nix +++ b/pkgs/applications/video/obs-studio/default.nix @@ -91,6 +91,6 @@ in stdenv.mkDerivation rec { homepage = https://obsproject.com; maintainers = with maintainers; [ jb55 MP2E ]; license = licenses.gpl2; - platforms = with platforms; linux; + platforms = [ "x86_64-linux" "i686-linux" ]; }; } diff --git a/pkgs/applications/video/vlc/default.nix b/pkgs/applications/video/vlc/default.nix index cbf3c4917c3..8dee15206f4 100644 --- a/pkgs/applications/video/vlc/default.nix +++ b/pkgs/applications/video/vlc/default.nix @@ -21,11 +21,11 @@ assert (withQt5 -> qtbase != null && qtsvg != null && qtx11extras != null); stdenv.mkDerivation rec { name = "vlc-${version}"; - version = "3.0.4"; + version = "3.0.5"; src = fetchurl { url = "http://get.videolan.org/vlc/${version}/${name}.tar.xz"; - sha256 = "17jsq0zqpqyxw4ckvjba0hf6zk8ywc4wf8sy3z03hh3ij0vxpwq1"; + sha256 = "1nvj00khy08sing0mdnw6virmiq579mrk5rvpx9710nlxggqgh7m"; }; # VLC uses a *ton* of libraries for various pieces of functionality, many of diff --git a/pkgs/development/beam-modules/default.nix b/pkgs/development/beam-modules/default.nix index c5be1c78a55..f71379459dc 100644 --- a/pkgs/development/beam-modules/default.nix +++ b/pkgs/development/beam-modules/default.nix @@ -44,6 +44,11 @@ let # BEAM-based languages. elixir = elixir_1_7; + elixir_1_8 = lib.callElixir ../interpreters/elixir/1.8.nix { + inherit rebar erlang; + debugInfo = true; + }; + elixir_1_7 = lib.callElixir ../interpreters/elixir/1.7.nix { inherit rebar erlang; debugInfo = true; @@ -64,10 +69,8 @@ let debugInfo = true; }; - elixir_1_3 = lib.callElixir ../interpreters/elixir/1.3.nix { - inherit rebar erlang; - debugInfo = true; - }; + # Remove old versions of elixir, when the supports fades out: + # https://hexdocs.pm/elixir/compatibility-and-deprecations.html lfe = lfe_1_2; lfe_1_2 = lib.callLFE ../interpreters/lfe/1.2.nix { inherit erlang buildRebar3 buildHex; }; diff --git a/pkgs/development/compilers/elm/README.md b/pkgs/development/compilers/elm/README.md new file mode 100644 index 00000000000..f0254d0f954 --- /dev/null +++ b/pkgs/development/compilers/elm/README.md @@ -0,0 +1,24 @@ +# To update Elm: + +Modify revision in ./update.sh and run it + +# Notes about the build process: + +The elm binary embeds a piece of pre-compiled elm code, used by 'elm +reactor'. This means that the build process for 'elm' effectively +executes 'elm make'. that in turn expects to retrieve the elm +dependencies of that code (elm/core, etc.) from +package.elm-lang.org, as well as a cached bit of metadata +(versions.dat). + +The makeDotElm function lets us retrieve these dependencies in the +standard nix way. we have to copy them in (rather than symlink) and +make them writable because the elm compiler writes other .dat files +alongside the source code. versions.dat was produced during an +impure build of this same code; the build complains that it can't +update this cache, but continues past that warning. + +Finally, we set ELM_HOME to point to these pre-fetched artifacts so +that the default of ~/.elm isn't used. + +More: https://blog.hercules-ci.com/elm/2019/01/03/elm2nix-0.1/ diff --git a/pkgs/development/compilers/elm/default.nix b/pkgs/development/compilers/elm/default.nix index 47a0d459a93..aa8d9da9faa 100644 --- a/pkgs/development/compilers/elm/default.nix +++ b/pkgs/development/compilers/elm/default.nix @@ -2,95 +2,40 @@ , haskell, nodejs , fetchurl, fetchpatch, makeWrapper, git }: -# To update: - -# 1) Modify ./update.sh and run it - -# 2) to generate versions.dat: -# 2.1) git clone https://github.com/elm/compiler.git -# 2.2) cd compiler -# 2.3) cabal2nix --shell . | sed 's/"default",/"ghc822",/' > shell.nix -# 2.4) nix-shell -# 2.5) mkdir .elm -# 2.6) export ELM_HOME=$(pwd)/.elm -# 2.7) cabal build -# 2.8) cp .elm/0.19.0/package/versions.dat ... - -# 3) generate a template for elm-elm.nix with: -# ( -# echo "{"; -# jq '.dependencies | .direct, .indirect | to_entries | .[] | { (.key) : { version : .value, sha256: "" } } ' \ -# < ui/browser/elm.json \ -# | sed 's/:/ =/' \ -# | sed 's/^[{}]//' \ -# | sed -E 's/(["}]),?$/\1;/' \ -# | sed -E 's/"(version|sha256)"/\1/' \ -# | grep -v '^$'; -# echo "}" -# ) -# -# ... then fill in the sha256s - -# Notes: - -# the elm binary embeds a piece of pre-compiled elm code, used by 'elm -# reactor'. this means that the build process for 'elm' effectively -# executes 'elm make'. that in turn expects to retrieve the elm -# dependencies of that code (elm/core, etc.) from -# package.elm-lang.org, as well as a cached bit of metadata -# (versions.dat). - -# the makeDotElm function lets us retrieve these dependencies in the -# standard nix way. we have to copy them in (rather than symlink) and -# make them writable because the elm compiler writes other .dat files -# alongside the source code. versions.dat was produced during an -# impure build of this same code; the build complains that it can't -# update this cache, but continues past that warning. - -# finally, we set ELM_HOME to point to these pre-fetched artifacts so -# that the default of ~/.elm isn't used. - let fetchElmDeps = import ./fetchElmDeps.nix { inherit stdenv lib fetchurl; }; - hsPkgs = haskell.packages.ghc822.override { + hsPkgs = haskell.packages.ghc863.override { overrides = self: super: with haskell.lib; let elmPkgs = { elm = overrideCabal (self.callPackage ./packages/elm.nix { }) (drv: { # sadly with parallelism most of the time breaks compilation enableParallelBuilding = false; - preConfigure = fetchElmDeps { - elmPackages = (import ./packages/elm-elm.nix); + preConfigure = self.fetchElmDeps { + elmPackages = (import ./packages/elm-srcs.nix); versionsDat = ./versions.dat; }; buildTools = drv.buildTools or [] ++ [ makeWrapper ]; - patches = [ - (fetchpatch { - url = "https://github.com/elm/compiler/pull/1784/commits/78d2d8eab310552b1b877a3e90e1e57e7a09ddec.patch"; - sha256 = "0vdhk16xqm2hxw12s1b91a0bmi8w4wsxc086qlzglgnjxrl5b3w4"; - }) - ]; + jailbreak = true; postInstall = '' wrapProgram $out/bin/elm \ --prefix PATH ':' ${lib.makeBinPath [ nodejs ]} ''; }); - - /* The elm-format expression is updated via a script in the https://github.com/avh4/elm-format repo: `pacakge/nix/build.sh` */ - elm-format = self.callPackage ./packages/elm-format.nix {}; + elm-format = justStaticExecutables (doJailbreak (self.callPackage ./packages/elm-format.nix {})); + inherit fetchElmDeps; + elmVersion = elmPkgs.elm.version; }; in elmPkgs // { inherit elmPkgs; - elmVersion = elmPkgs.elm.version; # Needed for elm-format indents = self.callPackage ./packages/indents.nix {}; - tasty-quickcheck = self.callPackage ./packages/tasty-quickcheck.nix {}; }; }; in hsPkgs.elmPkgs diff --git a/pkgs/development/compilers/elm/elm2nix.rb b/pkgs/development/compilers/elm/elm2nix.rb deleted file mode 100755 index fab5551ca15..00000000000 --- a/pkgs/development/compilers/elm/elm2nix.rb +++ /dev/null @@ -1,26 +0,0 @@ -#!/usr/bin/env ruby - -require 'json' - -system("elm-package install -y") -depsSrc = JSON.parse(File.read("elm-stuff/exact-dependencies.json")) -deps = Hash[ depsSrc.map { |pkg, ver| - url = "https://github.com/#{pkg}/archive/#{ver}.tar.gz" - sha256 = `nix-prefetch-url #{url}` - - [ pkg, { version: ver, - sha256: sha256.strip - } - ] -} ] - -File.open("package.nix", 'w') do |file| - file.puts "{" - for pkg, info in deps - file.puts " \"#{pkg}\" = {" - file.puts " version = \"#{info[:version]}\";" - file.puts " sha256 = \"#{info[:sha256]}\";" - file.puts " };" - end - file.puts "}" -end diff --git a/pkgs/development/compilers/elm/packages/elm-elm.nix b/pkgs/development/compilers/elm/packages/elm-elm.nix deleted file mode 100644 index a38e21daa06..00000000000 --- a/pkgs/development/compilers/elm/packages/elm-elm.nix +++ /dev/null @@ -1,50 +0,0 @@ -{ - "elm/browser" = { - version = "1.0.0"; - sha256 = "1apmvyax93nvmagwj00y16zx10kfv640cxpi64xgqbgy7d2wphy4"; - }; - "elm/core" = { - version = "1.0.0"; - sha256 = "10kr86h4v5h4p0586q406a5wbl8xvr1jyrf6097zp2wb8sv21ylw"; - }; - "elm/html" = { - version = "1.0.0"; - sha256 = "1n3gpzmpqqdsldys4ipgyl1zacn0kbpc3g4v3hdpiyfjlgh8bf3k"; - }; - "elm/http" = { - version = "1.0.0"; - sha256 = "1igmm89ialzrjib1j8xagkxalq1x2gj4l0hfxcd66mpwmvg7psl8"; - }; - "elm/json" = { - version = "1.0.0"; - sha256 = "1g0hafkqf2q633r7ir9wxpb1lnlzskhpsyi0h5bkzj0gl072zfnb"; - }; - "elm/project-metadata-utils" = { - version = "1.0.0"; - sha256 = "1d4rd4grrnbdvj9gf00h7dr6hbkjzawgkzpizfrkp1z1pyr3mvq9"; - }; - "elm/svg" = { - version = "1.0.0"; - sha256 = "08x0v8p9wm699jjmsnbq69pxv3jh60j4f6fg7y6hyr7xxj85y390"; - }; - "elm-explorations/markdown" = { - version = "1.0.0"; - sha256 = "0k3110ixa4wwf3vkkdplagwah9ypr965qxr1y147rnsc1xsxmr6y"; - }; - "elm/parser" = { - version = "1.0.0"; - sha256 = "0k4zlq30lrvawqvzwbvsl0hrmwf9s832mb41z7fdspm4549dj7wc"; - }; - "elm/time" = { - version = "1.0.0"; - sha256 = "0vch7i86vn0x8b850w1p69vplll1bnbkp8s383z7pinyg94cm2z1"; - }; - "elm/url" = { - version = "1.0.0"; - sha256 = "0av8x5syid40sgpl5vd7pry2rq0q4pga28b4yykn9gd9v12rs3l4"; - }; - "elm/virtual-dom" = { - version = "1.0.0"; - sha256 = "0hm8g92h7z39km325dlnhk8n00nlyjkqp3r3jppr37k2k13md6aq"; - }; -} diff --git a/pkgs/development/compilers/elm/packages/elm-srcs.nix b/pkgs/development/compilers/elm/packages/elm-srcs.nix new file mode 100644 index 00000000000..e1f941626dd --- /dev/null +++ b/pkgs/development/compilers/elm/packages/elm-srcs.nix @@ -0,0 +1,62 @@ +{ + + "elm-explorations/markdown" = { + sha256 = "0k3110ixa4wwf3vkkdplagwah9ypr965qxr1y147rnsc1xsxmr6y"; + version = "1.0.0"; + }; + + "elm/json" = { + sha256 = "1g0hafkqf2q633r7ir9wxpb1lnlzskhpsyi0h5bkzj0gl072zfnb"; + version = "1.0.0"; + }; + + "elm/html" = { + sha256 = "1n3gpzmpqqdsldys4ipgyl1zacn0kbpc3g4v3hdpiyfjlgh8bf3k"; + version = "1.0.0"; + }; + + "elm/svg" = { + sha256 = "08x0v8p9wm699jjmsnbq69pxv3jh60j4f6fg7y6hyr7xxj85y390"; + version = "1.0.0"; + }; + + "elm/project-metadata-utils" = { + sha256 = "1d4rd4grrnbdvj9gf00h7dr6hbkjzawgkzpizfrkp1z1pyr3mvq9"; + version = "1.0.0"; + }; + + "elm/browser" = { + sha256 = "1apmvyax93nvmagwj00y16zx10kfv640cxpi64xgqbgy7d2wphy4"; + version = "1.0.0"; + }; + + "elm/core" = { + sha256 = "10kr86h4v5h4p0586q406a5wbl8xvr1jyrf6097zp2wb8sv21ylw"; + version = "1.0.0"; + }; + + "elm/http" = { + sha256 = "1igmm89ialzrjib1j8xagkxalq1x2gj4l0hfxcd66mpwmvg7psl8"; + version = "1.0.0"; + }; + + "elm/parser" = { + sha256 = "0k4zlq30lrvawqvzwbvsl0hrmwf9s832mb41z7fdspm4549dj7wc"; + version = "1.0.0"; + }; + + "elm/url" = { + sha256 = "0av8x5syid40sgpl5vd7pry2rq0q4pga28b4yykn9gd9v12rs3l4"; + version = "1.0.0"; + }; + + "elm/time" = { + sha256 = "0vch7i86vn0x8b850w1p69vplll1bnbkp8s383z7pinyg94cm2z1"; + version = "1.0.0"; + }; + + "elm/virtual-dom" = { + sha256 = "0hm8g92h7z39km325dlnhk8n00nlyjkqp3r3jppr37k2k13md6aq"; + version = "1.0.0"; + }; +} diff --git a/pkgs/development/compilers/elm/packages/elm.nix b/pkgs/development/compilers/elm/packages/elm.nix index 41998f4c9b3..67e63ea2b8e 100644 --- a/pkgs/development/compilers/elm/packages/elm.nix +++ b/pkgs/development/compilers/elm/packages/elm.nix @@ -13,6 +13,7 @@ mkDerivation { url = "https://github.com/elm/compiler"; sha256 = "13jks6c6i80z71mjjfg46ri570g5ini0k3xw3857v6z66zcl56x4"; rev = "d5cbc41aac23da463236bbc250933d037da4055a"; + fetchSubmodules = true; }; isLibrary = false; isExecutable = true; diff --git a/pkgs/development/compilers/elm/packages/tasty-quickcheck.nix b/pkgs/development/compilers/elm/packages/tasty-quickcheck.nix deleted file mode 100644 index 54235489edf..00000000000 --- a/pkgs/development/compilers/elm/packages/tasty-quickcheck.nix +++ /dev/null @@ -1,14 +0,0 @@ -{ mkDerivation, base, pcre-light, QuickCheck, random, stdenv -, tagged, tasty, tasty-hunit -}: -mkDerivation { - pname = "tasty-quickcheck"; - version = "0.9.2"; - sha256 = "c5920adeab6e283d5e3ab45f3c80a1b011bedfbe4a3246a52606da2e1da95873"; - libraryHaskellDepends = [ base QuickCheck random tagged tasty ]; - testHaskellDepends = [ base pcre-light tasty tasty-hunit ]; - doCheck = false; - homepage = "https://github.com/feuerbach/tasty"; - description = "QuickCheck support for the Tasty test framework"; - license = stdenv.lib.licenses.mit; -} diff --git a/pkgs/development/compilers/elm/update.sh b/pkgs/development/compilers/elm/update.sh index 2b5d85feeb2..920b95e5ad9 100755 --- a/pkgs/development/compilers/elm/update.sh +++ b/pkgs/development/compilers/elm/update.sh @@ -1 +1,8 @@ -cabal2nix https://github.com/elm/compiler --revision 32059a289d27e303fa1665e9ada0a52eb688f302 > packages/elm.nix +#!/usr/bin/env nix-shell +#!nix-shell -p cabal2nix elm2nix -i bash ../../.. + +cabal2nix https://github.com/elm/compiler --revision d5cbc41aac23da463236bbc250933d037da4055a > packages/elm.nix +elm2nix snapshot > versions.dat +pushd "$(nix-build -A elmPackages.elm.src --no-out-link ../../../..)/ui/browser" + elm2nix convert > $OLDPWD/packages/elm-srcs.nix +popd diff --git a/pkgs/development/compilers/elm/versions.dat b/pkgs/development/compilers/elm/versions.dat index 824ab383057..9dcfd8a2808 100644 Binary files a/pkgs/development/compilers/elm/versions.dat and b/pkgs/development/compilers/elm/versions.dat differ diff --git a/pkgs/development/compilers/sbcl/default.nix b/pkgs/development/compilers/sbcl/default.nix index 1ef6dd06570..3283555cd6e 100644 --- a/pkgs/development/compilers/sbcl/default.nix +++ b/pkgs/development/compilers/sbcl/default.nix @@ -10,11 +10,11 @@ stdenv.mkDerivation rec { name = "sbcl-${version}"; - version = "1.4.13"; + version = "1.4.15"; src = fetchurl { url = "mirror://sourceforge/project/sbcl/sbcl/${version}/${name}-source.tar.bz2"; - sha256 = "120rnnz8367lk7ljqlf8xidm4b0d738xqsib4kq0q5ms5r7fzgvm"; + sha256 = "0bipl4gsvpcifi6vkqm5636i3219mk1bl99px4xh5l1q2g7knv28"; }; buildInputs = [texinfo]; diff --git a/pkgs/development/haskell-modules/configuration-common.nix b/pkgs/development/haskell-modules/configuration-common.nix index a779122bfd4..96486ffd925 100644 --- a/pkgs/development/haskell-modules/configuration-common.nix +++ b/pkgs/development/haskell-modules/configuration-common.nix @@ -517,6 +517,10 @@ self: super: { # generic-deriving bound is too tight aeson = doJailbreak super.aeson; + # containers >=0.4 && <0.6 is too tight + # https://github.com/RaphaelJ/friday/issues/34 + friday = doJailbreak super.friday; + # Won't compile with recent versions of QuickCheck. inilist = dontCheck super.inilist; MissingH = dontCheck super.MissingH; diff --git a/pkgs/development/haskell-modules/configuration-ghc-8.6.x.nix b/pkgs/development/haskell-modules/configuration-ghc-8.6.x.nix index 0ca617bc6be..4d258a5490b 100644 --- a/pkgs/development/haskell-modules/configuration-ghc-8.6.x.nix +++ b/pkgs/development/haskell-modules/configuration-ghc-8.6.x.nix @@ -55,6 +55,8 @@ self: super: { unicode-transforms = dontCheck super.unicode-transforms; RSA = dontCheck super.RSA; # https://github.com/GaloisInc/RSA/issues/14 monad-par = dontCheck super.monad-par; # https://github.com/simonmar/monad-par/issues/66 + github = dontCheck super.github; # hspec upper bound exceeded; https://github.com/phadej/github/pull/341 + binary-orphans = dontCheck super.binary-orphans; # tasty upper bound exceeded; https://github.com/phadej/binary-orphans/commit/8ce857226595dd520236ff4c51fa1a45d8387b33 # https://github.com/jgm/skylighting/issues/55 skylighting-core = dontCheck super.skylighting-core; diff --git a/pkgs/development/interpreters/elixir/1.3.nix b/pkgs/development/interpreters/elixir/1.3.nix deleted file mode 100644 index 43d48e2cf7c..00000000000 --- a/pkgs/development/interpreters/elixir/1.3.nix +++ /dev/null @@ -1,7 +0,0 @@ -{ mkDerivation }: - -mkDerivation rec { - version = "1.3.4"; - sha256 = "01qqv1ghvfadcwcr5p88w8j217cgaf094pmpqllij3l0q1yg104l"; - minimumOTPVersion = "18"; -} diff --git a/pkgs/development/interpreters/elixir/1.8.nix b/pkgs/development/interpreters/elixir/1.8.nix new file mode 100644 index 00000000000..65c008f8ac6 --- /dev/null +++ b/pkgs/development/interpreters/elixir/1.8.nix @@ -0,0 +1,7 @@ +{ mkDerivation }: + +mkDerivation rec { + version = "1.8.0-rc.1"; + sha256 = "06k9q46cwn79ic6kw0b0mskf9rqlgm02jb8n1ajz55kmw134kq6m"; + minimumOTPVersion = "20"; +} diff --git a/pkgs/development/libraries/getdns/default.nix b/pkgs/development/libraries/getdns/default.nix index 66fc0138ef9..002c9bc0748 100644 --- a/pkgs/development/libraries/getdns/default.nix +++ b/pkgs/development/libraries/getdns/default.nix @@ -4,11 +4,11 @@ stdenv.mkDerivation rec { pname = "getdns"; name = "${pname}-${version}"; - version = "1.4.2"; + version = "1.5.0"; src = fetchurl { - url = "https://getdnsapi.net/releases/${pname}-1-4-2/${pname}-${version}.tar.gz"; - sha256 = "100fzjpvajvnv0kym8g5lkwyv8w8vhy7g2p0pb2gyz19zqnvi18n"; + url = "https://getdnsapi.net/releases/${pname}-1-5-0/${pname}-${version}.tar.gz"; + sha256 = "577182c3ace919ee70cee5629505581a10dc530bd53fe5c241603ea91c84fa84"; }; nativeBuildInputs = [ libtool m4 autoreconfHook automake file ]; diff --git a/pkgs/development/libraries/libcdr/default.nix b/pkgs/development/libraries/libcdr/default.nix index 5e46f4dc699..f7276d39b14 100644 --- a/pkgs/development/libraries/libcdr/default.nix +++ b/pkgs/development/libraries/libcdr/default.nix @@ -1,25 +1,17 @@ { stdenv, fetchurl, libwpg, libwpd, lcms, pkgconfig, librevenge, icu, boost, cppunit }: stdenv.mkDerivation rec { - name = "libcdr-0.1.4"; + name = "libcdr-0.1.5"; src = fetchurl { url = "https://dev-www.libreoffice.org/src/${name}.tar.xz"; - sha256 = "0vd6likgk51j46llybkx4wq3674xzrhp0k82220pkx9x1aqfi9z7"; + sha256 = "0j1skr11jwvafn0l6p37v3i4lqc8wcn489g8f7c4mqwbk94mrkka"; }; buildInputs = [ libwpg libwpd lcms librevenge icu boost cppunit ]; nativeBuildInputs = [ pkgconfig ]; - # Boost 1.59 compatability fix - # Attempt removing when updating - postPatch = '' - sed -i 's,^CPPFLAGS.*,\0 -DBOOST_ERROR_CODE_HEADER_ONLY -DBOOST_SYSTEM_NO_DEPRECATED,' src/lib/Makefile.in - ''; - - configureFlags = stdenv.lib.optional stdenv.cc.isClang "--disable-werror"; - CXXFLAGS="--std=gnu++0x"; # For c++11 constants in lcms2.h meta = { diff --git a/pkgs/development/python-modules/cbor/default.nix b/pkgs/development/python-modules/cbor/default.nix new file mode 100644 index 00000000000..360872c0f89 --- /dev/null +++ b/pkgs/development/python-modules/cbor/default.nix @@ -0,0 +1,22 @@ +{ stdenv, buildPythonPackage, fetchPypi }: + +buildPythonPackage rec { + pname = "cbor"; + version = "1.0.0"; + + src = fetchPypi { + inherit pname version; + sha256 = "1dmv163cnslyqccrybkxn0c9s1jk1mmafmgxv75iamnz5lk5l8hk"; + }; + + # Tests are excluded from PyPI and four unit tests are also broken: + # https://github.com/brianolson/cbor_py/issues/6 + doCheck = false; + + meta = with stdenv.lib; { + homepage = https://bitbucket.org/bodhisnarkva/cbor; + description = "Concise Binary Object Representation (CBOR) library"; + license = licenses.asl20; + maintainers = with maintainers; [ geistesk ]; + }; +} diff --git a/pkgs/development/python-modules/django_redis/default.nix b/pkgs/development/python-modules/django_redis/default.nix index e50b1e1cb65..85761be9ba5 100644 --- a/pkgs/development/python-modules/django_redis/default.nix +++ b/pkgs/development/python-modules/django_redis/default.nix @@ -2,11 +2,11 @@ mock, django, redis, msgpack }: buildPythonPackage rec { pname = "django-redis"; - version = "4.9.1"; + version = "4.10.0"; src = fetchPypi { inherit pname version; - sha256 = "93fc0f73b0c1736546a979a4996826b2c430f56f7e4176df40ef53b9cb0e4f36"; + sha256 = "1rxcwnv9ik0swkwvfqdi9i9baw6n8if5pj6q63fjh4p9chw3j2xg"; }; doCheck = false; diff --git a/pkgs/development/python-modules/easywatch/default.nix b/pkgs/development/python-modules/easywatch/default.nix new file mode 100644 index 00000000000..96301996fe8 --- /dev/null +++ b/pkgs/development/python-modules/easywatch/default.nix @@ -0,0 +1,28 @@ +{ lib +, fetchPypi +, buildPythonPackage +, watchdog +}: + +buildPythonPackage rec { + pname = "easywatch"; + version = "0.0.5"; + + src = fetchPypi { + inherit pname version; + sha256 = "1b40cjigv7s9qj8hxxy6yhwv0320z7qywrigwgkasgh80q0xgphc"; + }; + + propagatedBuildInputs = [ watchdog ]; + + # There are no tests + doCheck = false; + + meta = with lib; { + description = "Dead-simple way to watch a directory"; + homepage = https://github.com/Ceasar/easywatch; + license = licenses.mit; + maintainers = with maintainers; [ fgaz ]; + }; +} + diff --git a/pkgs/development/python-modules/faker/default.nix b/pkgs/development/python-modules/faker/default.nix index 515bd9e99bb..9a46d9611e0 100644 --- a/pkgs/development/python-modules/faker/default.nix +++ b/pkgs/development/python-modules/faker/default.nix @@ -8,11 +8,11 @@ assert pythonOlder "3.3" -> ipaddress != null; buildPythonPackage rec { pname = "Faker"; - version = "0.9.3"; + version = "1.0.1"; src = fetchPypi { inherit pname version; - sha256 = "8c6df7903c7b4a51f4ac273bc5fec79a249e3220c47b35d1ac1175b41982d772"; + sha256 = "067mdy9p1vbkypr3vazmrb0sga6maqbk542hr7hmzcb5lp3dr8sj"; }; buildInputs = [ pytestrunner ]; diff --git a/pkgs/development/python-modules/gcutil/default.nix b/pkgs/development/python-modules/gcutil/default.nix deleted file mode 100644 index 85c0fbb4d60..00000000000 --- a/pkgs/development/python-modules/gcutil/default.nix +++ /dev/null @@ -1,41 +0,0 @@ -{ stdenv -, buildPythonPackage -, fetchurl -, gflags -, iso8601 -, ipaddr -, httplib2 -, google_apputils -, google_api_python_client -, isPy3k -}: - -buildPythonPackage rec { - name = "gcutil-1.16.1"; - disabled = isPy3k; - - src = fetchurl { - url = https://dl.google.com/dl/cloudsdk/release/artifacts/gcutil-1.16.1.tar.gz; - sha256 = "00jaf7x1ji9y46fbkww2sg6r6almrqfsprydz3q2swr4jrnrsx9x"; - }; - - propagatedBuildInputs = [ gflags iso8601 ipaddr httplib2 google_apputils google_api_python_client ]; - - prePatch = '' - sed -i -e "s|google-apputils==0.4.0|google-apputils==0.4.1|g" setup.py - substituteInPlace setup.py \ - --replace "httplib2==0.8" "httplib2" \ - --replace "iso8601==0.1.4" "iso8601" \ - --replace "ipaddr==2.1.10" "ipaddr" \ - --replace "google-api-python-client==1.2" "google-api-python-client" \ - --replace "python-gflags==2.0" "python-gflags" - ''; - - meta = with stdenv.lib; { - description = "Command-line tool for interacting with Google Compute Engine"; - homepage = "https://cloud.google.com/compute/docs/gcutil/"; - license = licenses.asl20; - maintainers = with maintainers; [ phreedom ]; - }; - -} diff --git a/pkgs/development/python-modules/google-api-python-client/default.nix b/pkgs/development/python-modules/google-api-python-client/default.nix index c8dd5ea84ae..1a335ad6bb1 100644 --- a/pkgs/development/python-modules/google-api-python-client/default.nix +++ b/pkgs/development/python-modules/google-api-python-client/default.nix @@ -1,13 +1,14 @@ -{ lib, buildPythonPackage, fetchPypi +{ lib, buildPythonPackage, fetchPypi, isPy3k , httplib2, google_auth, google-auth-httplib2, six, uritemplate, oauth2client }: buildPythonPackage rec { pname = "google-api-python-client"; - version = "1.7.4"; + version = "1.7.7"; + #disabled = !isPy3k; # TODO: Python 2.7 was deprecated but weboob still depends on it. src = fetchPypi { inherit pname version; - sha256 = "5d5cb02c6f3112c68eed51b74891a49c0e35263380672d662f8bfe85b8114d7c"; + sha256 = "1nlsp8cll6v9w4649j98xw545bfnqa2xs7m9faa9mxc0kp8ff1li"; }; # No tests included in archive diff --git a/pkgs/development/python-modules/ldap3/default.nix b/pkgs/development/python-modules/ldap3/default.nix index 22d725fac61..73957df1d9d 100644 --- a/pkgs/development/python-modules/ldap3/default.nix +++ b/pkgs/development/python-modules/ldap3/default.nix @@ -1,12 +1,20 @@ -{ stdenv, fetchPypi, buildPythonPackage, gssapi, pyasn1 }: +{ stdenv, fetchPypi, fetchFromGitHub, buildPythonPackage, gssapi, pyasn1 }: buildPythonPackage rec { version = "2.5.2"; pname = "ldap3"; - src = fetchPypi { - inherit pname version; - sha256 = "063dacy01mphc3n7z2qc2avykjavqm1gllkbvy7xzw5ihlqwhrrz"; +## This should work, but 2.5.2 has a weird tarball with empty source files +## where upstream repository has non-empty ones +# src = fetchPypi { +# inherit pname version; +# sha256 = "063dacy01mphc3n7z2qc2avykjavqm1gllkbvy7xzw5ihlqwhrrz"; +# }; + src = fetchFromGitHub { + owner = "cannatag"; + repo = pname; + rev = "v${version}"; + sha256 = "0p5l4bhy6j2nvvlxz5zvznbaqb72x791v9la2jr2wpwr60mzz9hw"; }; buildInputs = [ gssapi ]; diff --git a/pkgs/development/python-modules/node-semver/default.nix b/pkgs/development/python-modules/node-semver/default.nix index 004ec42718e..34a81a66ec9 100644 --- a/pkgs/development/python-modules/node-semver/default.nix +++ b/pkgs/development/python-modules/node-semver/default.nix @@ -1,14 +1,14 @@ { stdenv, fetchPypi, buildPythonPackage, pytest }: buildPythonPackage rec { - version = "0.5.1"; + version = "0.6.1"; pname = "node-semver"; checkInputs = [ pytest ]; src = fetchPypi { inherit pname version; - sha256 = "b87e335179d874a3dd58041198b2715ae70fd20eba81683acde3553c51b28f8e"; + sha256 = "1dv6mjsm67l1razcgmq66riqmsb36wns17mnipqr610v0z0zf5j0"; }; meta = with stdenv.lib; { diff --git a/pkgs/development/python-modules/pdf2image/default.nix b/pkgs/development/python-modules/pdf2image/default.nix index 1af93531daa..32a4581676b 100644 --- a/pkgs/development/python-modules/pdf2image/default.nix +++ b/pkgs/development/python-modules/pdf2image/default.nix @@ -2,13 +2,13 @@ buildPythonPackage rec { pname = "pdf2image"; - version = "1.0.0"; + version = "1.3.1"; - buildInputs = [ pillow poppler_utils ]; + propagatedBuildInputs = [ pillow poppler_utils ]; src = fetchPypi { inherit pname version; - sha256 = "74607efb48a9e95289148d70af05a53dbef192010a44ac868437fb044842697d"; + sha256 = "0igkzl12582iq6bh6dycw9bcz2459rs6gybq9mranj54yfgjl2ky"; }; meta = with stdenv.lib; { diff --git a/pkgs/development/python-modules/simplejson/default.nix b/pkgs/development/python-modules/simplejson/default.nix index 4adf7083a0b..cc60e81a59e 100644 --- a/pkgs/development/python-modules/simplejson/default.nix +++ b/pkgs/development/python-modules/simplejson/default.nix @@ -33,7 +33,7 @@ buildPythonPackage rec { default, encoding is done in an encoding neutral fashion (plain ASCII with \uXXXX escapes for unicode characters). ''; - homepage = http://code.google.com/p/simplejson/; - license = lib.licenses.mit; + homepage = https://github.com/simplejson/simplejson; + license = with lib.licenses; [ mit afl21 ]; }; } diff --git a/pkgs/development/python-modules/staticjinja/default.nix b/pkgs/development/python-modules/staticjinja/default.nix new file mode 100644 index 00000000000..a5b3b4fe8d4 --- /dev/null +++ b/pkgs/development/python-modules/staticjinja/default.nix @@ -0,0 +1,30 @@ +{ lib +, fetchPypi +, buildPythonPackage +, docopt +, easywatch +, jinja2 +}: + +buildPythonPackage rec { + pname = "staticjinja"; + version = "0.3.4"; + + src = fetchPypi { + inherit pname version; + sha256 = "1mxv7yy35657mfxx9xhbzihh10m5lb29fmscfh9q455zd4ikr032"; + }; + + propagatedBuildInputs = [ jinja2 docopt easywatch ]; + + # There are no tests on pypi + doCheck = false; + + meta = with lib; { + description = "A library and cli tool that makes it easy to build static sites using Jinja2"; + homepage = https://staticjinja.readthedocs.io/en/latest/; + license = licenses.mit; + maintainers = with maintainers; [ fgaz ]; + }; +} + diff --git a/pkgs/development/python-modules/weboob/default.nix b/pkgs/development/python-modules/weboob/default.nix index 73a70a65c38..93a17ea4425 100644 --- a/pkgs/development/python-modules/weboob/default.nix +++ b/pkgs/development/python-modules/weboob/default.nix @@ -1,4 +1,4 @@ -{ buildPythonPackage, fetchurl, stdenv, isPy27 +{ buildPythonPackage, fetchurl, fetchPypi, stdenv, isPy27 , nose, pillow, prettytable, pyyaml, dateutil, gdata , requests, mechanize, feedparser, lxml, gnupg, pyqt5 , libyaml, simplejson, cssselect, futures, pdfminer @@ -6,7 +6,18 @@ , unidecode }: -buildPythonPackage rec { +let + # Support for Python 2.7 was dropped in 1.7.7 + google_api_python_client_python27 = google_api_python_client.overrideDerivation + (oldAttrs: rec { + pname = "google-api-python-client"; + version = "1.7.6"; + src = fetchPypi { + inherit pname version; + sha256 = "14w5sdrp0bk9n0r2lmpqmrbf2zclpfq6q7giyahnskkfzdkb165z"; + }; + }); +in buildPythonPackage rec { pname = "weboob"; version = "1.3"; disabled = ! isPy27; @@ -35,8 +46,8 @@ buildPythonPackage rec { propagatedBuildInputs = [ pillow prettytable pyyaml dateutil gdata requests mechanize feedparser lxml gnupg pyqt5 libyaml - simplejson cssselect futures pdfminer termcolor google_api_python_client - html2text unidecode ]; + simplejson cssselect futures pdfminer termcolor + google_api_python_client_python27 html2text unidecode ]; checkPhase = '' nosetests diff --git a/pkgs/development/tools/clang-tools/default.nix b/pkgs/development/tools/clang-tools/default.nix index 2ababe85d0c..42bcf7fd055 100644 --- a/pkgs/development/tools/clang-tools/default.nix +++ b/pkgs/development/tools/clang-tools/default.nix @@ -1,7 +1,7 @@ -{ stdenv, writeScript, llvmPackages_latest }: +{ stdenv, writeScript, llvmPackages }: let - clang = llvmPackages_latest.clang-unwrapped; + clang = llvmPackages.clang-unwrapped; version = stdenv.lib.getVersion clang; in diff --git a/pkgs/development/tools/gllvm/default.nix b/pkgs/development/tools/gllvm/default.nix index cae6d2255bf..b581e71129c 100644 --- a/pkgs/development/tools/gllvm/default.nix +++ b/pkgs/development/tools/gllvm/default.nix @@ -2,7 +2,7 @@ buildGoPackage rec { name = "gllvm-${version}"; - version = "1.2.2"; + version = "1.2.3"; goPackagePath = "github.com/SRI-CSL/gllvm"; @@ -10,7 +10,7 @@ buildGoPackage rec { owner = "SRI-CSL"; repo = "gllvm"; rev = "v${version}"; - sha256 = "1k6081frnc6i6h3fa8d796cirhbf5kkshw7qyarz5wi3fcgijn4s"; + sha256 = "12kdgsma62nzksvw266qm3ivkbz62ma93dd25wy0p19789v4fi7s"; }; meta = with stdenv.lib; { diff --git a/pkgs/development/tools/minizinc/ide.nix b/pkgs/development/tools/minizinc/ide.nix new file mode 100644 index 00000000000..ab2af43979a --- /dev/null +++ b/pkgs/development/tools/minizinc/ide.nix @@ -0,0 +1,42 @@ +{ stdenv, fetchFromGitHub, qtbase, qtwebengine, qtwebkit, qmake, makeWrapper, minizinc }: +let + version = "2.2.3"; +in +stdenv.mkDerivation { + name = "minizinc-ide-${version}"; + + nativeBuildInputs = [ qmake makeWrapper ]; + buildInputs = [ qtbase qtwebengine qtwebkit ]; + + src = fetchFromGitHub { + owner = "MiniZinc"; + repo = "MiniZincIDE"; + rev = version; + sha256 = "1hanq7c6li59awlwghgvpd8w93a7zb6iw7p4062nphnbd1dmg92f"; + }; + + sourceRoot = "source/MiniZincIDE"; + + enableParallelBuilding = true; + + postInstall = '' + wrapProgram $out/bin/MiniZincIDE --prefix PATH ":" ${stdenv.lib.makeBinPath [ minizinc ]} + ''; + + meta = with stdenv.lib; { + homepage = https://www.minizinc.org/; + description = "IDE for MiniZinc, a medium-level constraint modelling language"; + + longDescription = '' + MiniZinc is a medium-level constraint modelling + language. It is high-level enough to express most + constraint problems easily, but low-level enough + that it can be mapped onto existing solvers easily and consistently. + It is a subset of the higher-level language Zinc. + ''; + + license = licenses.mpl20; + platforms = platforms.linux; + maintainers = [ maintainers.dtzWill ]; + }; +} diff --git a/pkgs/games/anki/default.nix b/pkgs/games/anki/default.nix index b662b5b8e3b..ad202c6ad8c 100644 --- a/pkgs/games/anki/default.nix +++ b/pkgs/games/anki/default.nix @@ -20,13 +20,14 @@ , glibcLocales , nose , send2trash +, CoreAudio # This little flag adds a huge number of dependencies, but we assume that # everyone wants Anki to draw plots with statistics by default. , plotsSupport ? true }: buildPythonApplication rec { - version = "2.1.7"; + version = "2.1.8"; name = "anki-${version}"; src = fetchurl { @@ -36,12 +37,16 @@ buildPythonApplication rec { # "http://ankisrs.net/download/mirror/${name}.tgz" # "http://ankisrs.net/download/mirror/archive/${name}.tgz" ]; - sha256 = "0cvlimfxb7kficlf20hg7a345pahvr093b7yqvssww15h4y4va9d"; + sha256 = "08wb9hwpmbq7636h7sinim33qygdwwlh3frqqh2gfgm49f46di2p"; }; - propagatedBuildInputs = [ pyqt5 sqlalchemy - beautifulsoup4 send2trash pyaudio requests decorator markdown ] - ++ lib.optional plotsSupport matplotlib; + propagatedBuildInputs = [ + pyqt5 sqlalchemy beautifulsoup4 send2trash pyaudio requests decorator + markdown + ] + ++ lib.optional plotsSupport matplotlib + ++ lib.optional stdenv.isDarwin [ CoreAudio ] + ; checkInputs = [ pytest glibcLocales nose ]; diff --git a/pkgs/misc/emulators/wine/base.nix b/pkgs/misc/emulators/wine/base.nix index 94cf4a77456..2b9d048f77e 100644 --- a/pkgs/misc/emulators/wine/base.nix +++ b/pkgs/misc/emulators/wine/base.nix @@ -59,7 +59,7 @@ stdenv.mkDerivation ((lib.optionalAttrs (! isNull buildScript) { ++ lib.optionals stdenv.isLinux (with pkgs.xorg; [ libXi libXcursor libXrandr libXrender libXxf86vm libXcomposite libXext ]) - ++ [ pkgs.xorg.libX11 ])); + ++ [ pkgs.xorg.libX11 pkgs.perl ])); # Wine locates a lot of libraries dynamically through dlopen(). Add # them to the RPATH so that the user doesn't have to set them in diff --git a/pkgs/os-specific/linux/fuse/default.nix b/pkgs/os-specific/linux/fuse/default.nix index d712ea99578..e8d272622ce 100644 --- a/pkgs/os-specific/linux/fuse/default.nix +++ b/pkgs/os-specific/linux/fuse/default.nix @@ -6,8 +6,8 @@ let }; in { fuse_2 = mkFuse { - version = "2.9.8"; - sha256Hash = "0s04ln4k9zvvbjih8ybaa19fxg8xv7dcsz2yrlbk35psnf3l67af"; + version = "2.9.9"; + sha256Hash = "1yxxvm58c30pc022nl1wlg8fljqpmwnchkywic3r74zirvlcq23n"; }; fuse_3 = mkFuse { diff --git a/pkgs/os-specific/linux/i2c-tools/default.nix b/pkgs/os-specific/linux/i2c-tools/default.nix index 3f90b91f10d..5b061183356 100644 --- a/pkgs/os-specific/linux/i2c-tools/default.nix +++ b/pkgs/os-specific/linux/i2c-tools/default.nix @@ -2,22 +2,23 @@ stdenv.mkDerivation rec { name = "i2c-tools-${version}"; - version = "4.0"; + version = "4.1"; src = fetchurl { url = "https://www.kernel.org/pub/software/utils/i2c-tools/${name}.tar.xz"; - sha256 = "1mi8mykvl89y6liinc9jv1x8m2q093wrdc2hm86a47n524fcl06r"; + sha256 = "1m97hpwqfaqjl9xvr4pvz2vdrsdvxbcn0nnx8pamnyc3s7pikcjp"; }; buildInputs = [ perl ]; - patchPhase = '' + postPatch = '' substituteInPlace eeprom/decode-edid --replace "/usr/sbin/parse-edid" "${read-edid}/bin/parse-edid" substituteInPlace stub/i2c-stub-from-dump --replace "/sbin/" "" ''; - installPhase = '' - make install prefix=$out + makeFlags = [ "PREFIX=${placeholder "out"}" ]; + + postInstall = '' rm -rf $out/include # Installs include/linux/i2c-dev.h that conflics with kernel headers ''; diff --git a/pkgs/os-specific/linux/kernel/generic.nix b/pkgs/os-specific/linux/kernel/generic.nix index e424dff596d..3f6479c572b 100644 --- a/pkgs/os-specific/linux/kernel/generic.nix +++ b/pkgs/os-specific/linux/kernel/generic.nix @@ -4,6 +4,9 @@ , perl , bison ? null , flex ? null +, gmp ? null +, libmpc ? null +, mpfr ? null , stdenv , # The kernel source tarball. @@ -89,7 +92,7 @@ let passAsFile = [ "kernelConfig" ]; depsBuildBuild = [ buildPackages.stdenv.cc ]; - nativeBuildInputs = [ perl ] + nativeBuildInputs = [ perl gmp libmpc mpfr ] ++ lib.optionals (stdenv.lib.versionAtLeast version "4.16") [ bison flex ]; platformName = stdenv.hostPlatform.platform.name; @@ -112,7 +115,10 @@ let export buildRoot="''${buildRoot:-build}" # Get a basic config file for later refinement with $generateConfig. - make HOSTCC=${buildPackages.stdenv.cc.targetPrefix}gcc -C . O="$buildRoot" $kernelBaseConfig ARCH=$kernelArch + make -C . O="$buildRoot" $kernelBaseConfig \ + ARCH=$kernelArch \ + HOSTCC=${buildPackages.stdenv.cc.targetPrefix}gcc \ + HOSTCXX=${buildPackages.stdenv.cc.targetPrefix}g++ # Create the config file. echo "generating kernel configuration..." diff --git a/pkgs/os-specific/linux/kernel/hardened-config.nix b/pkgs/os-specific/linux/kernel/hardened-config.nix index 84d1dd8a378..ed540a9e751 100644 --- a/pkgs/os-specific/linux/kernel/hardened-config.nix +++ b/pkgs/os-specific/linux/kernel/hardened-config.nix @@ -28,9 +28,9 @@ ${optionalString (stdenv.hostPlatform.platform.kernelArch == "x86_64") '' # Reduce attack surface by disabling various emulations IA32_EMULATION n X86_X32 n - ${optionalString (versionOlder version "4.17") '' - MODIFY_LDT_SYSCALL? n - ''} + # Note: this config depends on EXPERT y and so will not take effect, hence + # it is left "optional" for now. + MODIFY_LDT_SYSCALL? n VMAP_STACK y # Catch kernel stack overflows @@ -52,18 +52,23 @@ ${optionalString (versionOlder version "4.11") '' DEBUG_SET_MODULE_RONX y ''} -# Mark LSM hooks read-only after init. Conflicts with SECURITY_SELINUX_DISABLE -# (disabling SELinux at runtime); hence, SELinux can only be disabled at boot -# via the selinux=0 boot parameter. +# Mark LSM hooks read-only after init. SECURITY_WRITABLE_HOOKS n +# conflicts with SECURITY_SELINUX_DISABLE y; disabling the latter +# implicitly marks LSM hooks read-only after init. +# +# SELinux can only be disabled at boot via selinux=0 +# +# We set SECURITY_WRITABLE_HOOKS n primarily for documentation purposes; the +# config builder fails to detect that it has indeed been unset. ${optionalString (versionAtLeast version "4.12") '' SECURITY_SELINUX_DISABLE n -''} - -${optionalString ((versionAtLeast version "4.12") && (versionOlder version "4.17")) '' - SECURITY_WRITABLE_HOOKS n + SECURITY_WRITABLE_HOOKS? n ''} DEBUG_WX y # boot-time warning on RWX mappings +${optionalString (versionAtLeast version "4.11") '' + STRICT_KERNEL_RWX y +''} # Stricter /dev/mem STRICT_DEVMEM? y @@ -84,7 +89,7 @@ ${optionalString (versionAtLeast version "4.13") '' # Perform usercopy bounds checking. HARDENED_USERCOPY y ${optionalString (versionAtLeast version "4.16") '' - HARDENED_USERCOPY_FALLBACK n + HARDENED_USERCOPY_FALLBACK n # for full whitelist enforcement ''} # Randomize allocator freelists. @@ -94,6 +99,9 @@ ${optionalString (versionAtLeast version "4.14") '' SLAB_FREELIST_HARDENED y ''} +# Allow enabling slub/slab free poisoning with slub_debug=P +SLUB_DEBUG y + # Wipe higher-level memory allocations on free() with page_poison=1 PAGE_POISONING y PAGE_POISONING_NO_SANITY y @@ -103,17 +111,23 @@ PAGE_POISONING_ZERO y PANIC_ON_OOPS y PANIC_TIMEOUT -1 -${optionalString (versionOlder version "4.18") '' - GCC_PLUGINS y # Enable gcc plugin options - # Gather additional entropy at boot time for systems that may not have appropriate entropy sources. - GCC_PLUGIN_LATENT_ENTROPY y +GCC_PLUGINS y # Enable gcc plugin options +# Gather additional entropy at boot time for systems that may not have appropriate entropy sources. +GCC_PLUGIN_LATENT_ENTROPY y - ${optionalString (versionAtLeast version "4.11") '' - GCC_PLUGIN_STRUCTLEAK y # A port of the PaX structleak plugin - ''} - ${optionalString (versionAtLeast version "4.14") '' - GCC_PLUGIN_STRUCTLEAK_BYREF_ALL y # Also cover structs passed by address - ''} +${optionalString (versionAtLeast version "4.11") '' + GCC_PLUGIN_STRUCTLEAK y # A port of the PaX structleak plugin +''} +${optionalString (versionAtLeast version "4.14") '' + GCC_PLUGIN_STRUCTLEAK_BYREF_ALL y # Also cover structs passed by address +''} +${optionalString (versionAtLeast version "4.20") '' + GCC_PLUGIN_STACKLEAK y # A port of the PaX stackleak plugin +''} + +${optionalString (versionAtLeast version "4.13") '' + GCC_PLUGIN_RANDSTRUCT y # A port of the PaX randstruct plugin + GCC_PLUGIN_RANDSTRUCT_PERFORMANCE y ''} # Disable various dangerous settings diff --git a/pkgs/os-specific/linux/sysstat/default.nix b/pkgs/os-specific/linux/sysstat/default.nix index d3a9d7834cd..27b27ebffdd 100644 --- a/pkgs/os-specific/linux/sysstat/default.nix +++ b/pkgs/os-specific/linux/sysstat/default.nix @@ -1,11 +1,11 @@ { stdenv, fetchurl, gettext, bzip2 }: stdenv.mkDerivation rec { - name = "sysstat-12.1.1"; + name = "sysstat-12.1.2"; src = fetchurl { url = "http://perso.orange.fr/sebastien.godard/${name}.tar.xz"; - sha256 = "0drrlv2fr64g5zf0a2bkla2rql4nmq4n192wvcr9r4zppg58d8k4"; + sha256 = "0xiv70x4n24fcycvlq95lqgb3jwjxfzq61bnyqai57x54hhn46yp"; }; buildInputs = [ gettext ]; diff --git a/pkgs/tools/X11/xpointerbarrier/default.nix b/pkgs/tools/X11/xpointerbarrier/default.nix index 50d0ac4f2b9..435f2b2e980 100644 --- a/pkgs/tools/X11/xpointerbarrier/default.nix +++ b/pkgs/tools/X11/xpointerbarrier/default.nix @@ -1,13 +1,11 @@ -{ stdenv, xorg, fetchFromGitHub }: +{ stdenv, xorg, fetchgit }: stdenv.mkDerivation rec { name = "xpointerbarrier-${version}"; - version = "17.11"; - - src = fetchFromGitHub { - owner = "vain"; - repo = "xpointerbarrier"; + version = "18.06"; + src = fetchgit { + url = "https://www.uninformativ.de/git/xpointerbarrier.git"; rev = "v${version}"; - sha256 = "0s6bd58xjyc2nqzjq6aglx6z64x9xavda3i6p8vrmxqmcpik54nm"; + sha256 = "1k7i641x18qhjm0llsaqn2h2g9k31kgv6p8sildllmbvgxyrgvq7"; }; buildInputs = [ xorg.libX11 xorg.libXfixes xorg.libXrandr ]; @@ -15,7 +13,7 @@ stdenv.mkDerivation rec { makeFlags = "prefix=$(out)"; meta = { - homepage = https://github.com/vain/xpointerbarrier; + homepage = https://uninformativ.de/git/xpointerbarrier; description = "Create X11 pointer barriers around your working area"; license = stdenv.lib.licenses.mit; maintainers = [ stdenv.lib.maintainers.xzfc ]; diff --git a/pkgs/tools/misc/plantuml/default.nix b/pkgs/tools/misc/plantuml/default.nix index c3d3f916d97..19cc8805b1c 100644 --- a/pkgs/tools/misc/plantuml/default.nix +++ b/pkgs/tools/misc/plantuml/default.nix @@ -1,12 +1,12 @@ { stdenv, fetchurl, makeWrapper, jre, graphviz }: stdenv.mkDerivation rec { - version = "1.2018.13"; + version = "1.2018.14"; name = "plantuml-${version}"; src = fetchurl { url = "mirror://sourceforge/project/plantuml/${version}/plantuml.${version}.jar"; - sha256 = "181wm05gp4hs4g0z345pp1x9w1g5bx1vpipkhnwvmy4vdj17b4bg"; + sha256 = "0alsrip25w3hy7h9rryrm7isl6jyk1spdm6bqgbmbscla7vq960y"; }; nativeBuildInputs = [ makeWrapper ]; diff --git a/pkgs/tools/networking/offlineimap/default.nix b/pkgs/tools/networking/offlineimap/default.nix index 50ed107bc20..5ac64d36eaf 100644 --- a/pkgs/tools/networking/offlineimap/default.nix +++ b/pkgs/tools/networking/offlineimap/default.nix @@ -1,5 +1,5 @@ { stdenv, fetchFromGitHub, python2Packages, - asciidoc, libxml2, libxslt, docbook_xsl }: + asciidoc, cacert, libxml2, libxslt, docbook_xsl }: python2Packages.buildPythonApplication rec { version = "7.2.2"; @@ -15,6 +15,9 @@ python2Packages.buildPythonApplication rec { postPatch = '' # Skip xmllint to stop failures due to no network access sed -i docs/Makefile -e "s|a2x -v -d |a2x -L -v -d |" + + # Provide CA certificates (Used when "sslcacertfile = OS-DEFAULT" is configured") + sed -i offlineimap/utils/distro.py -e '/def get_os_sslcertfile():/a\ \ \ \ return "${cacert}/etc/ssl/certs/ca-bundle.crt"' ''; doCheck = false; diff --git a/pkgs/tools/networking/stubby/default.nix b/pkgs/tools/networking/stubby/default.nix index 2882ba21739..d8088918f44 100644 --- a/pkgs/tools/networking/stubby/default.nix +++ b/pkgs/tools/networking/stubby/default.nix @@ -4,13 +4,13 @@ stdenv.mkDerivation rec { pname = "stubby"; name = "${pname}-${version}"; - version = "0.2.3"; + version = "0.2.4"; src = fetchFromGitHub { owner = "getdnsapi"; repo = pname; rev = "v${version}"; - sha256 = "1n02dj1hvh0aml54asxj42f0j9wfgiyavbh0gr0j9lm4f2xcd60w"; + sha256 = "1c0jqbxcrwc8kvpx7v0bmdladf20myyi2672r2r87m2q0jvsmgpr"; }; nativeBuildInputs = [ libtool m4 libbsd libyaml autoreconfHook ]; diff --git a/pkgs/tools/security/afl/default.nix b/pkgs/tools/security/afl/default.nix index 3476606049d..c90d031e989 100644 --- a/pkgs/tools/security/afl/default.nix +++ b/pkgs/tools/security/afl/default.nix @@ -3,79 +3,73 @@ }: let - afl-qemu = callPackage ./qemu.nix {}; + afl-qemu = callPackage ./qemu.nix { inherit afl; }; qemu-exe-name = if stdenv.hostPlatform.system == "x86_64-linux" then "qemu-x86_64" else if stdenv.hostPlatform.system == "i686-linux" then "qemu-i386" else throw "afl: no support for ${stdenv.hostPlatform.system}!"; -in + afl = stdenv.mkDerivation rec { + name = "afl-${version}"; + version = "2.52b"; -stdenv.mkDerivation rec { - name = "afl-${version}"; - version = "2.52b"; + src = fetchurl { + url = "http://lcamtuf.coredump.cx/afl/releases/${name}.tgz"; + sha256 = "0ig0ij4n1pwry5dw1hk4q88801jzzy2cric6y2gd6560j55lnqa3"; + }; + enableParallelBuilding = true; - src = fetchurl { - url = "http://lcamtuf.coredump.cx/afl/releases/${name}.tgz"; - sha256 = "0ig0ij4n1pwry5dw1hk4q88801jzzy2cric6y2gd6560j55lnqa3"; - }; + # Note: libcgroup isn't needed for building, just for the afl-cgroup + # script. + nativeBuildInputs = [ makeWrapper which ]; + buildInputs = [ llvm ]; - # Note: libcgroup isn't needed for building, just for the afl-cgroup - # script. - buildInputs = [ makeWrapper llvm which ]; - - buildPhase = '' - make PREFIX=$out - cd llvm_mode - make PREFIX=$out - cd .. - ''; - installPhase = '' - # Do the normal installation - make install PREFIX=$out - - # Install the custom QEMU emulator for binary blob fuzzing. - cp ${afl-qemu}/bin/${qemu-exe-name} $out/bin/afl-qemu-trace - - # Install the cgroups wrapper for asan-based fuzzing. - cp experimental/asan_cgroups/limit_memory.sh $out/bin/afl-cgroup - chmod +x $out/bin/afl-cgroup - substituteInPlace $out/bin/afl-cgroup \ - --replace "cgcreate" "${libcgroup}/bin/cgcreate" \ - --replace "cgexec" "${libcgroup}/bin/cgexec" \ - --replace "cgdelete" "${libcgroup}/bin/cgdelete" - - # Patch shebangs before wrapping - patchShebangs $out/bin - - # Wrap afl-clang-fast(++) with a *different* AFL_PATH, because it - # has totally different semantics in that case(?) - and also set a - # proper AFL_CC and AFL_CXX so we don't pick up the wrong one out - # of $PATH. - for x in $out/bin/afl-clang-fast $out/bin/afl-clang-fast++; do - wrapProgram $x \ - --prefix AFL_PATH : "$out/lib/afl" \ - --run 'export AFL_CC=''${AFL_CC:-${clang}/bin/clang} AFL_CXX=''${AFL_CXX:-${clang}/bin/clang++}' - done - ''; - - passthru = { - qemu = afl-qemu; - }; - - meta = { - description = "Powerful fuzzer via genetic algorithms and instrumentation"; - longDescription = '' - American fuzzy lop is a fuzzer that employs a novel type of - compile-time instrumentation and genetic algorithms to - automatically discover clean, interesting test cases that - trigger new internal states in the targeted binary. This - substantially improves the functional coverage for the fuzzed - code. The compact synthesized corpora produced by the tool are - also useful for seeding other, more labor or resource-intensive - testing regimes down the road. + makeFlags = [ "PREFIX=$(out)" ]; + postBuild = '' + make -C llvm_mode $makeFlags -j$NIX_BUILD_CORES ''; - homepage = "http://lcamtuf.coredump.cx/afl/"; - license = stdenv.lib.licenses.asl20; - platforms = ["x86_64-linux" "i686-linux"]; - maintainers = [ stdenv.lib.maintainers.thoughtpolice ]; + postInstall = '' + # Install the custom QEMU emulator for binary blob fuzzing. + cp ${afl-qemu}/bin/${qemu-exe-name} $out/bin/afl-qemu-trace + + # Install the cgroups wrapper for asan-based fuzzing. + cp experimental/asan_cgroups/limit_memory.sh $out/bin/afl-cgroup + chmod +x $out/bin/afl-cgroup + substituteInPlace $out/bin/afl-cgroup \ + --replace "cgcreate" "${libcgroup}/bin/cgcreate" \ + --replace "cgexec" "${libcgroup}/bin/cgexec" \ + --replace "cgdelete" "${libcgroup}/bin/cgdelete" + + # Patch shebangs before wrapping + patchShebangs $out/bin + + # Wrap afl-clang-fast(++) with a *different* AFL_PATH, because it + # has totally different semantics in that case(?) - and also set a + # proper AFL_CC and AFL_CXX so we don't pick up the wrong one out + # of $PATH. + for x in $out/bin/afl-clang-fast $out/bin/afl-clang-fast++; do + wrapProgram $x \ + --prefix AFL_PATH : "$out/lib/afl" \ + --run 'export AFL_CC=''${AFL_CC:-${clang}/bin/clang} AFL_CXX=''${AFL_CXX:-${clang}/bin/clang++}' + done + ''; + + passthru.qemu = afl-qemu; + + meta = { + description = "Powerful fuzzer via genetic algorithms and instrumentation"; + longDescription = '' + American fuzzy lop is a fuzzer that employs a novel type of + compile-time instrumentation and genetic algorithms to + automatically discover clean, interesting test cases that + trigger new internal states in the targeted binary. This + substantially improves the functional coverage for the fuzzed + code. The compact synthesized corpora produced by the tool are + also useful for seeding other, more labor or resource-intensive + testing regimes down the road. + ''; + homepage = "http://lcamtuf.coredump.cx/afl/"; + license = stdenv.lib.licenses.asl20; + platforms = ["x86_64-linux" "i686-linux"]; + maintainers = [ stdenv.lib.maintainers.thoughtpolice ]; + }; }; -} +in afl diff --git a/pkgs/tools/security/afl/qemu-patches/afl-config.h b/pkgs/tools/security/afl/qemu-patches/afl-config.h deleted file mode 100644 index cbf48881ade..00000000000 --- a/pkgs/tools/security/afl/qemu-patches/afl-config.h +++ /dev/null @@ -1,335 +0,0 @@ -/* - american fuzzy lop - vaguely configurable bits - ---------------------------------------------- - - Written and maintained by Michal Zalewski - - Copyright 2013, 2014, 2015 Google Inc. All rights reserved. - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at: - - http://www.apache.org/licenses/LICENSE-2.0 - - */ - -#ifndef _HAVE_CONFIG_H -#define _HAVE_CONFIG_H - -#include "afl-types.h" - -/****************************************************** - * * - * Settings that may be of interest to power users: * - * * - ******************************************************/ - -/* Comment out to disable terminal colors: */ - -#define USE_COLOR - -/* Comment out to disable fancy ANSI boxes and use poor man's 7-bit UI: */ - -#define FANCY_BOXES - -/* Default timeout for fuzzed code (milliseconds): */ - -#define EXEC_TIMEOUT 1000 - -/* Timeout rounding factor when auto-scaling (milliseconds): */ - -#define EXEC_TM_ROUND 20 - -/* Default memory limit for child process (MB): */ - -#ifndef __x86_64__ -# define MEM_LIMIT 25 -#else -# define MEM_LIMIT 50 -#endif /* ^!__x86_64__ */ - -/* Default memory limit when running in QEMU mode (MB): */ - -#define MEM_LIMIT_QEMU 200 - -/* Number of calibration cycles per every new test case (and for test - cases that show variable behavior): */ - -#define CAL_CYCLES 10 -#define CAL_CYCLES_LONG 40 - -/* The same, but when AFL_NO_VAR_CHECK is set in the environment: */ - -#define CAL_CYCLES_NO_VAR 4 - -/* Number of subsequent hangs before abandoning an input file: */ - -#define HANG_LIMIT 250 - -/* Maximum number of unique hangs or crashes to record: */ - -#define KEEP_UNIQUE_HANG 500 -#define KEEP_UNIQUE_CRASH 5000 - -/* Baseline number of random tweaks during a single 'havoc' stage: */ - -#define HAVOC_CYCLES 5000 - -/* Maximum multiplier for the above (should be a power of two, beware - of 32-bit int overflows): */ - -#define HAVOC_MAX_MULT 16 - -/* Absolute minimum number of havoc cycles (after all adjustments): */ - -#define HAVOC_MIN 10 - -/* Maximum stacking for havoc-stage tweaks. The actual value is calculated - like this: - - n = random between 1 and HAVOC_STACK_POW2 - stacking = 2^n - - In other words, the default (n = 7) produces 2, 4, 8, 16, 32, 64, or - 128 stacked tweaks: */ - -#define HAVOC_STACK_POW2 7 - -/* Caps on block sizes for cloning and deletion operations. Each of these - ranges has a 33% probability of getting picked, except for the first - two cycles where smaller blocks are favored: */ - -#define HAVOC_BLK_SMALL 32 -#define HAVOC_BLK_MEDIUM 128 -#define HAVOC_BLK_LARGE 1500 - -/* Probabilities of skipping non-favored entries in the queue, expressed as - percentages: */ - -#define SKIP_TO_NEW_PROB 99 /* ...when there are new, pending favorites */ -#define SKIP_NFAV_OLD_PROB 95 /* ...no new favs, cur entry already fuzzed */ -#define SKIP_NFAV_NEW_PROB 75 /* ...no new favs, cur entry not fuzzed yet */ - -/* Splicing cycle count: */ - -#define SPLICE_CYCLES 20 - -/* Nominal per-splice havoc cycle length: */ - -#define SPLICE_HAVOC 500 - -/* Maximum offset for integer addition / subtraction stages: */ - -#define ARITH_MAX 35 - -/* Limits for the test case trimmer. The absolute minimum chunk size; and - the starting and ending divisors for chopping up the input file: */ - -#define TRIM_MIN_BYTES 4 -#define TRIM_START_STEPS 16 -#define TRIM_END_STEPS 1024 - -/* Maximum size of input file, in bytes (keep under 100MB): */ - -#define MAX_FILE (1 * 1024 * 1024) - -/* The same, for the test case minimizer: */ - -#define TMIN_MAX_FILE (10 * 1024 * 1024) - -/* Block normalization steps for afl-tmin: */ - -#define TMIN_SET_MIN_SIZE 4 -#define TMIN_SET_STEPS 128 - -/* Maximum dictionary token size (-x), in bytes: */ - -#define MAX_DICT_FILE 128 - -/* Length limits for auto-detected dictionary tokens: */ - -#define MIN_AUTO_EXTRA 3 -#define MAX_AUTO_EXTRA 32 - -/* Maximum number of user-specified dictionary tokens to use in deterministic - steps; past this point, the "extras/user" step will be still carried out, - but with proportionally lower odds: */ - -#define MAX_DET_EXTRAS 200 - -/* Maximum number of auto-extracted dictionary tokens to actually use in fuzzing - (first value), and to keep in memory as candidates. The latter should be much - higher than the former. */ - -#define USE_AUTO_EXTRAS 50 -#define MAX_AUTO_EXTRAS (USE_AUTO_EXTRAS * 10) - -/* Scaling factor for the effector map used to skip some of the more - expensive deterministic steps. The actual divisor is set to - 2^EFF_MAP_SCALE2 bytes: */ - -#define EFF_MAP_SCALE2 3 - -/* Minimum input file length at which the effector logic kicks in: */ - -#define EFF_MIN_LEN 128 - -/* Maximum effector density past which everything is just fuzzed - unconditionally (%): */ - -#define EFF_MAX_PERC 90 - -/* UI refresh frequency (Hz): */ - -#define UI_TARGET_HZ 5 - -/* Fuzzer stats file and plot update intervals (sec): */ - -#define STATS_UPDATE_SEC 60 -#define PLOT_UPDATE_SEC 5 - -/* Smoothing divisor for CPU load and exec speed stats (1 - no smoothing). */ - -#define AVG_SMOOTHING 16 - -/* Sync interval (every n havoc cycles): */ - -#define SYNC_INTERVAL 5 - -/* Output directory reuse grace period (minutes): */ - -#define OUTPUT_GRACE 25 - -/* Uncomment to use simple file names (id_NNNNNN): */ - -// #define SIMPLE_FILES - -/* List of interesting values to use in fuzzing. */ - -#define INTERESTING_8 \ - -128, /* Overflow signed 8-bit when decremented */ \ - -1, /* */ \ - 0, /* */ \ - 1, /* */ \ - 16, /* One-off with common buffer size */ \ - 32, /* One-off with common buffer size */ \ - 64, /* One-off with common buffer size */ \ - 100, /* One-off with common buffer size */ \ - 127 /* Overflow signed 8-bit when incremented */ - -#define INTERESTING_16 \ - -32768, /* Overflow signed 16-bit when decremented */ \ - -129, /* Overflow signed 8-bit */ \ - 128, /* Overflow signed 8-bit */ \ - 255, /* Overflow unsig 8-bit when incremented */ \ - 256, /* Overflow unsig 8-bit */ \ - 512, /* One-off with common buffer size */ \ - 1000, /* One-off with common buffer size */ \ - 1024, /* One-off with common buffer size */ \ - 4096, /* One-off with common buffer size */ \ - 32767 /* Overflow signed 16-bit when incremented */ - -#define INTERESTING_32 \ - -2147483648LL, /* Overflow signed 32-bit when decremented */ \ - -100663046, /* Large negative number (endian-agnostic) */ \ - -32769, /* Overflow signed 16-bit */ \ - 32768, /* Overflow signed 16-bit */ \ - 65535, /* Overflow unsig 16-bit when incremented */ \ - 65536, /* Overflow unsig 16 bit */ \ - 100663045, /* Large positive number (endian-agnostic) */ \ - 2147483647 /* Overflow signed 32-bit when incremented */ - -/*********************************************************** - * * - * Really exotic stuff you probably don't want to touch: * - * * - ***********************************************************/ - -/* Call count interval between reseeding the libc PRNG from /dev/urandom: */ - -#define RESEED_RNG 10000 - -/* Maximum line length passed from GCC to 'as' and used for parsing - configuration files: */ - -#define MAX_LINE 8192 - -/* Environment variable used to pass SHM ID to the called program. */ - -#define SHM_ENV_VAR "__AFL_SHM_ID" - -/* Other less interesting, internal-only variables. */ - -#define CLANG_ENV_VAR "__AFL_CLANG_MODE" -#define AS_LOOP_ENV_VAR "__AFL_AS_LOOPCHECK" - -/* Distinctive bitmap signature used to indicate failed execution: */ - -#define EXEC_FAIL_SIG 0xfee1dead - -/* Distinctive exit code used to indicate MSAN trip condition: */ - -#define MSAN_ERROR 86 - -/* Designated file descriptors for forkserver commands (the application will - use FORKSRV_FD and FORKSRV_FD + 1): */ - -#define FORKSRV_FD 198 - -/* Fork server init timeout multiplier: we'll wait the user-selected - timeout plus this much for the fork server to spin up. */ - -#define FORK_WAIT_MULT 10 - -/* Calibration timeout adjustments, to be a bit more generous when resuming - fuzzing sessions or trying to calibrate already-added internal finds. - The first value is a percentage, the other is in milliseconds: */ - -#define CAL_TMOUT_PERC 125 -#define CAL_TMOUT_ADD 50 - -/* Number of chances to calibrate a case before giving up: */ - -#define CAL_CHANCES 3 - -/* Map size for the traced binary (2^MAP_SIZE_POW2). Must be greater than - 2; you probably want to keep it under 18 or so for performance reasons - (adjusting AFL_INST_RATIO when compiling is probably a better way to solve - problems with complex programs). You need to recompile the target binary - after changing this - otherwise, SEGVs may ensue. */ - -#define MAP_SIZE_POW2 16 -#define MAP_SIZE (1 << MAP_SIZE_POW2) - -/* Maximum allocator request size (keep well under INT_MAX): */ - -#define MAX_ALLOC 0x40000000 - -/* A made-up hashing seed: */ - -#define HASH_CONST 0xa5b35705 - -/* Constants for afl-gotcpu to control busy loop timing: */ - -#define CTEST_TARGET_MS 5000 -#define CTEST_BUSY_CYCLES (10 * 1000 * 1000) - -/* Uncomment this to use inferior block-coverage-based instrumentation. Note - that you need to recompile the target binary for this to have any effect: */ - -// #define COVERAGE_ONLY - -/* Uncomment this to ignore hit counts and output just one bit per tuple. - As with the previous setting, you will need to recompile the target - binary: */ - -// #define SKIP_COUNTS - -/* Uncomment this to use instrumentation data to record newly discovered paths, - but do not use them as seeds for fuzzing. This is useful for conveniently - measuring coverage that could be attained by a "dumb" fuzzing algorithm: */ - -// #define IGNORE_FINDS - -#endif /* ! _HAVE_CONFIG_H */ diff --git a/pkgs/tools/security/afl/qemu-patches/afl-qemu-cpu-inl.h b/pkgs/tools/security/afl/qemu-patches/afl-qemu-cpu-inl.h deleted file mode 100644 index e4a470b5523..00000000000 --- a/pkgs/tools/security/afl/qemu-patches/afl-qemu-cpu-inl.h +++ /dev/null @@ -1,296 +0,0 @@ -/* - american fuzzy lop - high-performance binary-only instrumentation - ----------------------------------------------------------------- - - Written by Andrew Griffiths and - Michal Zalewski - - Idea & design very much by Andrew Griffiths. - - Copyright 2015 Google Inc. All rights reserved. - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at: - - http://www.apache.org/licenses/LICENSE-2.0 - - This code is a shim patched into the separately-distributed source - code of QEMU 2.2.0. It leverages the built-in QEMU tracing functionality - to implement AFL-style instrumentation and to take care of the remaining - parts of the AFL fork server logic. - - The resulting QEMU binary is essentially a standalone instrumentation - tool; for an example of how to leverage it for other purposes, you can - have a look at afl-showmap.c. - - */ - -#include -#include "afl-config.h" - -/*************************** - * VARIOUS AUXILIARY STUFF * - ***************************/ - -/* A snippet patched into tb_find_slow to inform the parent process that - we have hit a new block that hasn't been translated yet, and to tell - it to translate within its own context, too (this avoids translation - overhead in the next forked-off copy). */ - -#define AFL_QEMU_CPU_SNIPPET1 do { \ - afl_request_tsl(pc, cs_base, flags); \ - } while (0) - -/* This snippet kicks in when the instruction pointer is positioned at - _start and does the usual forkserver stuff, not very different from - regular instrumentation injected via afl-as.h. */ - -#define AFL_QEMU_CPU_SNIPPET2 do { \ - if(tb->pc == afl_entry_point) { \ - afl_setup(); \ - afl_forkserver(env); \ - } \ - afl_maybe_log(tb->pc); \ - } while (0) - -/* We use one additional file descriptor to relay "needs translation" - messages between the child and the fork server. */ - -#define TSL_FD (FORKSRV_FD - 1) - -/* This is equivalent to afl-as.h: */ - -static unsigned char *afl_area_ptr; - -/* Exported variables populated by the code patched into elfload.c: */ - -abi_ulong afl_entry_point, /* ELF entry point (_start) */ - afl_start_code, /* .text start pointer */ - afl_end_code; /* .text end pointer */ - -/* Set in the child process in forkserver mode: */ - -static unsigned char afl_fork_child; -unsigned int afl_forksrv_pid; - -/* Instrumentation ratio: */ - -static unsigned int afl_inst_rms = MAP_SIZE; - -/* Function declarations. */ - -static void afl_setup(void); -static void afl_forkserver(CPUArchState*); -static inline void afl_maybe_log(abi_ulong); - -static void afl_wait_tsl(CPUArchState*, int); -static void afl_request_tsl(target_ulong, target_ulong, uint64_t); - -static TranslationBlock *tb_find_slow(CPUArchState*, target_ulong, - target_ulong, uint64_t); - - -/* Data structure passed around by the translate handlers: */ - -struct afl_tsl { - target_ulong pc; - target_ulong cs_base; - uint64_t flags; -}; - - -/************************* - * ACTUAL IMPLEMENTATION * - *************************/ - - -/* Set up SHM region and initialize other stuff. */ - -static void afl_setup(void) { - - char *id_str = getenv(SHM_ENV_VAR), - *inst_r = getenv("AFL_INST_RATIO"); - - int shm_id; - - if (inst_r) { - - unsigned int r; - - r = atoi(inst_r); - - if (r > 100) r = 100; - if (!r) r = 1; - - afl_inst_rms = MAP_SIZE * r / 100; - - } - - if (id_str) { - - shm_id = atoi(id_str); - afl_area_ptr = shmat(shm_id, NULL, 0); - - if (afl_area_ptr == (void*)-1) exit(1); - - /* With AFL_INST_RATIO set to a low value, we want to touch the bitmap - so that the parent doesn't give up on us. */ - - if (inst_r) afl_area_ptr[0] = 1; - - - } - - if (getenv("AFL_INST_LIBS")) { - - afl_start_code = 0; - afl_end_code = (abi_ulong)-1; - - } - -} - - -/* Fork server logic, invoked once we hit _start. */ - -static void afl_forkserver(CPUArchState *env) { - - static unsigned char tmp[4]; - - if (!afl_area_ptr) return; - - /* Tell the parent that we're alive. If the parent doesn't want - to talk, assume that we're not running in forkserver mode. */ - - if (write(FORKSRV_FD + 1, tmp, 4) != 4) return; - - afl_forksrv_pid = getpid(); - - /* All right, let's await orders... */ - - while (1) { - - pid_t child_pid; - int status, t_fd[2]; - - /* Whoops, parent dead? */ - - if (read(FORKSRV_FD, tmp, 4) != 4) exit(2); - - /* Establish a channel with child to grab translation commands. We'll - read from t_fd[0], child will write to TSL_FD. */ - - if (pipe(t_fd) || dup2(t_fd[1], TSL_FD) < 0) exit(3); - close(t_fd[1]); - - child_pid = fork(); - if (child_pid < 0) exit(4); - - if (!child_pid) { - - /* Child process. Close descriptors and run free. */ - - afl_fork_child = 1; - close(FORKSRV_FD); - close(FORKSRV_FD + 1); - close(t_fd[0]); - return; - - } - - /* Parent. */ - - close(TSL_FD); - - if (write(FORKSRV_FD + 1, &child_pid, 4) != 4) exit(5); - - /* Collect translation requests until child dies and closes the pipe. */ - - afl_wait_tsl(env, t_fd[0]); - - /* Get and relay exit status to parent. */ - - if (waitpid(child_pid, &status, WUNTRACED) < 0) exit(6); - if (write(FORKSRV_FD + 1, &status, 4) != 4) exit(7); - - } - -} - - -/* The equivalent of the tuple logging routine from afl-as.h. */ - -static inline void afl_maybe_log(abi_ulong cur_loc) { - - static abi_ulong prev_loc; - - /* Optimize for cur_loc > afl_end_code, which is the most likely case on - Linux systems. */ - - if (cur_loc > afl_end_code || cur_loc < afl_start_code || !afl_area_ptr) - return; - - /* Looks like QEMU always maps to fixed locations, so we can skip this: - cur_loc -= afl_start_code; */ - - /* Instruction addresses may be aligned. Let's mangle the value to get - something quasi-uniform. */ - - cur_loc = (cur_loc >> 4) ^ (cur_loc << 8); - cur_loc &= MAP_SIZE - 1; - - /* Implement probabilistic instrumentation by looking at scrambled block - address. This keeps the instrumented locations stable across runs. */ - - if (cur_loc >= afl_inst_rms) return; - - afl_area_ptr[cur_loc ^ prev_loc]++; - prev_loc = cur_loc >> 1; - -} - - -/* This code is invoked whenever QEMU decides that it doesn't have a - translation of a particular block and needs to compute it. When this happens, - we tell the parent to mirror the operation, so that the next fork() has a - cached copy. */ - -static void afl_request_tsl(target_ulong pc, target_ulong cb, uint64_t flags) { - - struct afl_tsl t; - - if (!afl_fork_child) return; - - t.pc = pc; - t.cs_base = cb; - t.flags = flags; - - if (write(TSL_FD, &t, sizeof(struct afl_tsl)) != sizeof(struct afl_tsl)) - return; - -} - - -/* This is the other side of the same channel. Since timeouts are handled by - afl-fuzz simply killing the child, we can just wait until the pipe breaks. */ - -static void afl_wait_tsl(CPUArchState *env, int fd) { - - struct afl_tsl t; - - while (1) { - - /* Broken pipe means it's time to return to the fork server routine. */ - - if (read(fd, &t, sizeof(struct afl_tsl)) != sizeof(struct afl_tsl)) - break; - - tb_find_slow(env, t.pc, t.cs_base, t.flags); - - } - - close(fd); - -} - diff --git a/pkgs/tools/security/afl/qemu-patches/afl-types.h b/pkgs/tools/security/afl/qemu-patches/afl-types.h deleted file mode 100644 index 58d6be51e2d..00000000000 --- a/pkgs/tools/security/afl/qemu-patches/afl-types.h +++ /dev/null @@ -1,79 +0,0 @@ -/* - american fuzzy lop - type definitions and minor macros - ------------------------------------------------------ - - Written and maintained by Michal Zalewski - - Copyright 2013, 2014, 2015 Google Inc. All rights reserved. - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at: - - http://www.apache.org/licenses/LICENSE-2.0 - - */ - -#ifndef _HAVE_TYPES_H -#define _HAVE_TYPES_H - -#include -#include - -typedef uint8_t u8; -typedef uint16_t u16; -typedef uint32_t u32; - -/* - - Ugh. There is an unintended compiler / glibc #include glitch caused by - combining the u64 type an %llu in format strings, necessitating a workaround. - - In essence, the compiler is always looking for 'unsigned long long' for %llu. - On 32-bit systems, the u64 type (aliased to uint64_t) is expanded to - 'unsigned long long' in , so everything checks out. - - But on 64-bit systems, it is #ifdef'ed in the same file as 'unsigned long'. - Now, it only happens in circumstances where the type happens to have the - expected bit width, *but* the compiler does not know that... and complains - about 'unsigned long' being unsafe to pass to %llu. - - */ - -#ifdef __x86_64__ -typedef unsigned long long u64; -#else -typedef uint64_t u64; -#endif /* ^sizeof(...) */ - -typedef int8_t s8; -typedef int16_t s16; -typedef int32_t s32; -typedef int64_t s64; - -#ifndef MIN -# define MIN(_a,_b) ((_a) > (_b) ? (_b) : (_a)) -# define MAX(_a,_b) ((_a) > (_b) ? (_a) : (_b)) -#endif /* !MIN */ - -#define SWAP16(_x) ({ \ - u16 _ret = (_x); \ - (u16)((_ret << 8) | (_ret >> 8)); \ - }) - -#define SWAP32(_x) ({ \ - u32 _ret = (_x); \ - (u32)((_ret << 24) | (_ret >> 24) | \ - ((_ret << 8) & 0x00FF0000) | \ - ((_ret >> 8) & 0x0000FF00)); \ - }) - -#define R(x) (random() % (x)) - -#define STRINGIFY_INTERNAL(x) #x -#define STRINGIFY(x) STRINGIFY_INTERNAL(x) - -#define MEM_BARRIER() \ - asm volatile("" ::: "memory") - -#endif /* ! _HAVE_TYPES_H */ diff --git a/pkgs/tools/security/afl/qemu-patches/cpu-exec.patch b/pkgs/tools/security/afl/qemu-patches/cpu-exec.patch deleted file mode 100644 index 75a7ea450ef..00000000000 --- a/pkgs/tools/security/afl/qemu-patches/cpu-exec.patch +++ /dev/null @@ -1,33 +0,0 @@ ---- qemu-2.3.0/cpu-exec.c.orig 2014-12-09 14:45:40.000000000 +0000 -+++ qemu-2.3.0/cpu-exec.c 2015-02-20 22:07:02.966000000 +0000 -@@ -28,6 +28,8 @@ - #include "exec/memory-internal.h" - #include "qemu/rcu.h" - -+#include "afl-qemu-cpu-inl.h" -+ - /* -icount align implementation. */ - - typedef struct SyncClocks { -@@ -296,8 +298,11 @@ - } - not_found: - /* if no translated code available, then translate it now */ -+ - tb = tb_gen_code(cpu, pc, cs_base, flags, 0); - -+ AFL_QEMU_CPU_SNIPPET1; -+ - found: - /* Move the last found TB to the head of the list */ - if (likely(*ptb1)) { -@@ -492,6 +497,9 @@ - next_tb = 0; - tcg_ctx.tb_ctx.tb_invalidated_flag = 0; - } -+ -+ AFL_QEMU_CPU_SNIPPET2; -+ - if (qemu_loglevel_mask(CPU_LOG_EXEC)) { - qemu_log("Trace %p [" TARGET_FMT_lx "] %s\n", - tb->tc_ptr, tb->pc, lookup_symbol(tb->pc)); diff --git a/pkgs/tools/security/afl/qemu-patches/elfload.patch b/pkgs/tools/security/afl/qemu-patches/elfload.patch deleted file mode 100644 index 325c917d15a..00000000000 --- a/pkgs/tools/security/afl/qemu-patches/elfload.patch +++ /dev/null @@ -1,32 +0,0 @@ ---- qemu-2.3.0/linux-user/elfload.c.orig 2014-12-09 14:45:42.000000000 +0000 -+++ qemu-2.3.0/linux-user/elfload.c 2015-01-28 02:51:23.719000000 +0000 -@@ -28,6 +28,8 @@ - - #define ELF_OSABI ELFOSABI_SYSV - -+extern abi_ulong afl_entry_point, afl_start_code, afl_end_code; -+ - /* from personality.h */ - - /* -@@ -1889,6 +1891,8 @@ - info->brk = 0; - info->elf_flags = ehdr->e_flags; - -+ if (!afl_entry_point) afl_entry_point = info->entry; -+ - for (i = 0; i < ehdr->e_phnum; i++) { - struct elf_phdr *eppnt = phdr + i; - if (eppnt->p_type == PT_LOAD) { -@@ -1922,9 +1926,11 @@ - if (elf_prot & PROT_EXEC) { - if (vaddr < info->start_code) { - info->start_code = vaddr; -+ if (!afl_start_code) afl_start_code = vaddr; - } - if (vaddr_ef > info->end_code) { - info->end_code = vaddr_ef; -+ if (!afl_end_code) afl_end_code = vaddr_ef; - } - } - if (elf_prot & PROT_WRITE) { diff --git a/pkgs/tools/security/afl/qemu-patches/no-etc-install.patch b/pkgs/tools/security/afl/qemu-patches/no-etc-install.patch index 81d29feea3d..5dfbfd780f1 100644 --- a/pkgs/tools/security/afl/qemu-patches/no-etc-install.patch +++ b/pkgs/tools/security/afl/qemu-patches/no-etc-install.patch @@ -2,13 +2,12 @@ diff --git a/Makefile b/Makefile index d6b9dc1..ce7c493 100644 --- a/Makefile +++ b/Makefile -@@ -384,8 +384,7 @@ install-confdir: - install-sysconfig: install-datadir install-confdir - $(INSTALL_DATA) $(SRC_PATH)/sysconfigs/target/target-x86_64.conf "$(DESTDIR)$(qemu_confdir)" +@@ -601,7 +601,7 @@ install-localstatedir: + endif --install: all $(if $(BUILD_DOCS),install-doc) install-sysconfig \ --install-datadir install-localstatedir + +-install: all $(if $(BUILD_DOCS),install-doc) install-datadir install-localstatedir +install: all $(if $(BUILD_DOCS),install-doc) install-datadir ifneq ($(TOOLS),) - $(call install-prog,$(TOOLS),$(DESTDIR)$(bindir)) + $(call install-prog,$(subst qemu-ga,qemu-ga$(EXESUF),$(TOOLS)),$(DESTDIR)$(bindir)) endif diff --git a/pkgs/tools/security/afl/qemu-patches/qemu-2.10.0-glibc-2.27.patch b/pkgs/tools/security/afl/qemu-patches/qemu-2.10.0-glibc-2.27.patch new file mode 100644 index 00000000000..6cc663dc1fb --- /dev/null +++ b/pkgs/tools/security/afl/qemu-patches/qemu-2.10.0-glibc-2.27.patch @@ -0,0 +1,28 @@ +A modified version of qemu commit 75e5b70e6b5dcc4f2219992d7cffa462aa406af0 +diff --git a/configure b/configure +index 9c8aa5a..99ccc17 100755 +--- a/configure ++++ b/configure +@@ -3855,7 +3855,7 @@ fi + # check if memfd is supported + memfd=no + cat > $TMPC << EOF +-#include ++#include + + int main(void) + { +diff --git a/util/memfd.c b/util/memfd.c +index 4571d1a..412e94a 100644 +--- a/util/memfd.c ++++ b/util/memfd.c +@@ -31,9 +31,7 @@ + + #include "qemu/memfd.h" + +-#ifdef CONFIG_MEMFD +-#include +-#elif defined CONFIG_LINUX ++#if defined CONFIG_LINUX && !defined CONFIG_MEMFD + #include + #include diff --git a/pkgs/tools/security/afl/qemu-patches/qemu-2.3.0-glibc-2.26.patch b/pkgs/tools/security/afl/qemu-patches/qemu-2.3.0-glibc-2.26.patch deleted file mode 100644 index 1c447c4051e..00000000000 --- a/pkgs/tools/security/afl/qemu-patches/qemu-2.3.0-glibc-2.26.patch +++ /dev/null @@ -1,121 +0,0 @@ -diff --git a/user-exec.c b/user-exec.c -index 8f57e8a..957f9f7 100644 ---- a/user-exec.c -+++ b/user-exec.c -@@ -57,7 +57,7 @@ static void exception_action(CPUState *cpu) - void cpu_resume_from_signal(CPUState *cpu, void *puc) - { - #ifdef __linux__ -- struct ucontext *uc = puc; -+ ucontext_t *uc = puc; - #elif defined(__OpenBSD__) - struct sigcontext *uc = puc; - #endif -@@ -171,7 +171,7 @@ int cpu_signal_handler(int host_signum, void *pinfo, - #elif defined(__OpenBSD__) - struct sigcontext *uc = puc; - #else -- struct ucontext *uc = puc; -+ ucontext_t *uc = puc; - #endif - unsigned long pc; - int trapno; -@@ -226,7 +226,7 @@ int cpu_signal_handler(int host_signum, void *pinfo, - #elif defined(__OpenBSD__) - struct sigcontext *uc = puc; - #else -- struct ucontext *uc = puc; -+ ucontext_t *uc = puc; - #endif - - pc = PC_sig(uc); -@@ -288,7 +288,7 @@ int cpu_signal_handler(int host_signum, void *pinfo, - - #ifdef __APPLE__ - #include --typedef struct ucontext SIGCONTEXT; -+typedef ucontext_t SIGCONTEXT; - /* All Registers access - only for local access */ - #define REG_sig(reg_name, context) \ - ((context)->uc_mcontext->ss.reg_name) -@@ -331,7 +331,7 @@ int cpu_signal_handler(int host_signum, void *pinfo, - #if defined(__FreeBSD__) || defined(__FreeBSD_kernel__) - ucontext_t *uc = puc; - #else -- struct ucontext *uc = puc; -+ ucontext_t *uc = puc; - #endif - unsigned long pc; - int is_write; -@@ -358,7 +358,7 @@ int cpu_signal_handler(int host_signum, void *pinfo, - void *puc) - { - siginfo_t *info = pinfo; -- struct ucontext *uc = puc; -+ ucontext_t *uc = puc; - uint32_t *pc = uc->uc_mcontext.sc_pc; - uint32_t insn = *pc; - int is_write = 0; -@@ -456,7 +456,7 @@ int cpu_signal_handler(int host_signum, void *pinfo, - #if defined(__NetBSD__) - ucontext_t *uc = puc; - #else -- struct ucontext *uc = puc; -+ ucontext_t *uc = puc; - #endif - unsigned long pc; - int is_write; -@@ -483,7 +483,7 @@ int cpu_signal_handler(int host_signum, void *pinfo, - int cpu_signal_handler(int host_signum, void *pinfo, void *puc) - { - siginfo_t *info = pinfo; -- struct ucontext *uc = puc; -+ ucontext_t *uc = puc; - uintptr_t pc = uc->uc_mcontext.pc; - uint32_t insn = *(uint32_t *)pc; - bool is_write; -@@ -512,7 +512,7 @@ int cpu_signal_handler(int host_signum, void *pinfo, - void *puc) - { - siginfo_t *info = pinfo; -- struct ucontext *uc = puc; -+ ucontext_t *uc = puc; - unsigned long pc; - int is_write; - -@@ -534,7 +534,7 @@ int cpu_signal_handler(int host_signum, void *pinfo, - int cpu_signal_handler(int host_signum, void *pinfo, void *puc) - { - siginfo_t *info = pinfo; -- struct ucontext *uc = puc; -+ ucontext_t *uc = puc; - unsigned long ip; - int is_write = 0; - -@@ -565,7 +565,7 @@ int cpu_signal_handler(int host_signum, void *pinfo, - void *puc) - { - siginfo_t *info = pinfo; -- struct ucontext *uc = puc; -+ ucontext_t *uc = puc; - unsigned long pc; - uint16_t *pinsn; - int is_write = 0; -@@ -618,7 +618,7 @@ int cpu_signal_handler(int host_signum, void *pinfo, - void *puc) - { - siginfo_t *info = pinfo; -- struct ucontext *uc = puc; -+ ucontext_t *uc = puc; - greg_t pc = uc->uc_mcontext.pc; - int is_write; - -@@ -634,7 +634,7 @@ int cpu_signal_handler(int host_signum, void *pinfo, - void *puc) - { - siginfo_t *info = pinfo; -- struct ucontext *uc = puc; -+ ucontext_t *uc = puc; - unsigned long pc = uc->uc_mcontext.sc_iaoq[0]; - uint32_t insn = *(uint32_t *)pc; - int is_write = 0; diff --git a/pkgs/tools/security/afl/qemu-patches/syscall.patch b/pkgs/tools/security/afl/qemu-patches/syscall.patch deleted file mode 100644 index 75d39386164..00000000000 --- a/pkgs/tools/security/afl/qemu-patches/syscall.patch +++ /dev/null @@ -1,25 +0,0 @@ ---- qemu-2.3.0/linux-user/syscall.c.orig 2014-12-09 14:45:43.000000000 +0000 -+++ qemu-2.3.0/linux-user/syscall.c 2015-03-27 06:33:00.736000000 +0000 -@@ -227,7 +227,21 @@ - _syscall3(int,sys_rt_sigqueueinfo,int,pid,int,sig,siginfo_t *,uinfo) - _syscall3(int,sys_syslog,int,type,char*,bufp,int,len) - #if defined(TARGET_NR_tgkill) && defined(__NR_tgkill) --_syscall3(int,sys_tgkill,int,tgid,int,pid,int,sig) -+ -+extern unsigned int afl_forksrv_pid; -+ -+static int sys_tgkill(int tgid, int pid, int sig) { -+ -+ /* Workaround for -lpthread to make abort() work properly, without -+ killing the forkserver due to a prematurely cached PID. */ -+ -+ if (afl_forksrv_pid && afl_forksrv_pid == pid && sig == SIGABRT) -+ pid = tgid = getpid(); -+ -+ return syscall(__NR_sys_tgkill, pid, tgid, sig); -+ -+} -+ - #endif - #if defined(TARGET_NR_tkill) && defined(__NR_tkill) - _syscall2(int,sys_tkill,int,tid,int,sig) diff --git a/pkgs/tools/security/afl/qemu-patches/translate-all.patch b/pkgs/tools/security/afl/qemu-patches/translate-all.patch deleted file mode 100644 index 180b3a55ab2..00000000000 --- a/pkgs/tools/security/afl/qemu-patches/translate-all.patch +++ /dev/null @@ -1,18 +0,0 @@ ---- qemu-2.3.0/translate-all.c.orig 2014-12-09 14:45:46.000000000 +0000 -+++ qemu-2.3.0/translate-all.c 2015-01-28 22:37:42.383000000 +0000 -@@ -393,8 +393,13 @@ - /* We can't use g_malloc because it may recurse into a locked mutex. */ - # define ALLOC(P, SIZE) \ - do { \ -- P = mmap(NULL, SIZE, PROT_READ | PROT_WRITE, \ -- MAP_PRIVATE | MAP_ANONYMOUS, -1, 0); \ -+ void* _tmp = mmap(NULL, SIZE, PROT_READ | PROT_WRITE, \ -+ MAP_PRIVATE | MAP_ANONYMOUS, -1, 0); \ -+ if (_tmp == (void*)-1) { \ -+ qemu_log(">>> Out of memory for stack, bailing out. <<<\n"); \ -+ exit(1); \ -+ } \ -+ (P) = _tmp; \ - } while (0) - #else - # define ALLOC(P, SIZE) \ diff --git a/pkgs/tools/security/afl/qemu.nix b/pkgs/tools/security/afl/qemu.nix index 82de6474e59..a007eb3913d 100644 --- a/pkgs/tools/security/afl/qemu.nix +++ b/pkgs/tools/security/afl/qemu.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchurl, python2, zlib, pkgconfig, glib, ncurses, perl +{ stdenv, fetchurl, afl, python2, zlib, pkgconfig, glib, ncurses, perl , attr, libcap, vde2, texinfo, libuuid, flex, bison, lzo, snappy , libaio, libcap_ng, gnutls, pixman, autoconf , writeText @@ -7,59 +7,65 @@ with stdenv.lib; let - n = "qemu-2.3.0"; - - aflHeaderFile = writeText "afl-qemu-cpu-inl.h" - (builtins.readFile ./qemu-patches/afl-qemu-cpu-inl.h); - aflConfigFile = writeText "afl-config.h" - (builtins.readFile ./qemu-patches/afl-config.h); - aflTypesFile = writeText "afl-types.h" - (builtins.readFile ./qemu-patches/afl-types.h); - + qemuName = "qemu-2.10.0"; + aflName = afl.name; cpuTarget = if stdenv.hostPlatform.system == "x86_64-linux" then "x86_64-linux-user" else if stdenv.hostPlatform.system == "i686-linux" then "i386-linux-user" else throw "afl: no support for ${stdenv.hostPlatform.system}!"; in stdenv.mkDerivation rec { - name = "afl-${n}"; + name = "afl-${qemuName}"; - src = fetchurl { - url = "http://wiki.qemu.org/download/${n}.tar.bz2"; - sha256 = "120m53c3p28qxmfzllicjzr8syjv6v4d9rsyrgkp7gnmcgvvgfmn"; - }; + srcs = [ + (fetchurl { + url = "http://wiki.qemu.org/download/${qemuName}.tar.bz2"; + sha256 = "0j3dfxzrzdp1w21k21fjvmakzc6lcha1rsclaicwqvbf63hkk7vy"; + }) + afl.src + ]; - buildInputs = - [ python2 zlib pkgconfig glib pixman ncurses perl attr libcap - vde2 texinfo libuuid flex bison lzo snappy autoconf - libcap_ng gnutls - ] - ++ optionals (hasSuffix "linux" stdenv.hostPlatform.system) [ libaio ]; + sourceRoot = qemuName; + + postUnpack = '' + cp ${aflName}/types.h $sourceRoot/afl-types.h + substitute ${aflName}/config.h $sourceRoot/afl-config.h \ + --replace "types.h" "afl-types.h" + substitute ${aflName}/qemu_mode/patches/afl-qemu-cpu-inl.h $sourceRoot/afl-qemu-cpu-inl.h \ + --replace "../../config.h" "afl-config.h" + substituteInPlace ${aflName}/qemu_mode/patches/cpu-exec.diff \ + --replace "../patches/afl-qemu-cpu-inl.h" "afl-qemu-cpu-inl.h" + ''; + + nativeBuildInputs = [ + python2 perl pkgconfig flex bison autoconf texinfo + ]; + + buildInputs = [ + zlib glib pixman ncurses attr libcap + vde2 libuuid lzo snappy libcap_ng gnutls + ] ++ optionals (stdenv.isLinux) [ libaio ]; enableParallelBuilding = true; - patches = - [ ./qemu-patches/elfload.patch - ./qemu-patches/cpu-exec.patch - ./qemu-patches/no-etc-install.patch - ./qemu-patches/translate-all.patch - ./qemu-patches/syscall.patch - ./qemu-patches/qemu-2.3.0-glibc-2.26.patch - ]; - - preConfigure = '' - cp ${aflTypesFile} afl-types.h - cp ${aflConfigFile} afl-config.h - cp ${aflHeaderFile} afl-qemu-cpu-inl.h - ''; + patches = [ + # patches extracted from afl source + "../${aflName}/qemu_mode/patches/cpu-exec.diff" + "../${aflName}/qemu_mode/patches/elfload.diff" + "../${aflName}/qemu_mode/patches/syscall.diff" + # nix-specific patches to make installation more well-behaved + ./qemu-patches/no-etc-install.patch + ./qemu-patches/qemu-2.10.0-glibc-2.27.patch + ]; configureFlags = [ "--disable-system" "--enable-linux-user" - "--enable-guest-base" "--disable-gtk" "--disable-sdl" "--disable-vnc" "--target-list=${cpuTarget}" + "--enable-pie" + "--enable-kvm" "--sysconfdir=/etc" "--localstatedir=/var" ]; diff --git a/pkgs/tools/system/bfs/default.nix b/pkgs/tools/system/bfs/default.nix index 3734fefe60a..3e9210d5b35 100644 --- a/pkgs/tools/system/bfs/default.nix +++ b/pkgs/tools/system/bfs/default.nix @@ -1,23 +1,17 @@ -{ stdenv, fetchFromGitHub, bash }: +{ stdenv, fetchFromGitHub, libcap, acl }: stdenv.mkDerivation rec { name = "bfs-${version}"; - version = "1.2.4"; + version = "1.3.1"; src = fetchFromGitHub { repo = "bfs"; owner = "tavianator"; rev = version; - sha256 = "0nxx2njjp04ik6msfmf07hprw0j88wg04m0q1sf17mhkliw2d78s"; + sha256 = "0gv9hrcsz7miv40v6wmkmb1a58ji5d1dlgwq6gwczd8rzlmhddmc"; }; - postPatch = '' - # Patch tests (both shebangs and usage in scripts) - for f in $(find -type f -name '*.sh'); do - substituteInPlace $f --replace "/bin/bash" "${bash}/bin/bash" - done - ''; - doCheck = true; + buildInputs = stdenv.lib.optionals stdenv.isLinux [ libcap acl ]; makeFlags = [ "PREFIX=$(out)" ]; buildFlags = [ "release" ]; # "release" enables compiler optimizations @@ -30,7 +24,7 @@ stdenv.mkDerivation rec { ''; homepage = https://github.com/tavianator/bfs; license = licenses.bsd0; - platforms = platforms.linux; + platforms = platforms.unix; maintainers = with maintainers; [ yesbox ]; }; } diff --git a/pkgs/tools/system/fakeroot/default.nix b/pkgs/tools/system/fakeroot/default.nix index 8796de4e9e0..1a16a8a34c7 100644 --- a/pkgs/tools/system/fakeroot/default.nix +++ b/pkgs/tools/system/fakeroot/default.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchurl, fetchpatch, getopt, libcap }: +{ stdenv, fetchurl, fetchpatch, getopt, libcap, gnused }: stdenv.mkDerivation rec { version = "1.23"; @@ -29,14 +29,12 @@ stdenv.mkDerivation rec { }) ]; - buildInputs = [ getopt ] + buildInputs = [ getopt gnused ] ++ stdenv.lib.optional (!stdenv.isDarwin) libcap ; postUnpack = '' - for prog in getopt; do - sed -i "s@getopt@$(type -p getopt)@g" ${name}/scripts/fakeroot.in - done + sed -i -e "s@getopt@$(type -p getopt)@g" -e "s@sed@$(type -p sed)@g" ${name}/scripts/fakeroot.in ''; meta = { diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 4d4a814b638..72ed7c0ffc0 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -6641,7 +6641,9 @@ in clang_37 = llvmPackages_37.clang; clang_35 = wrapCC llvmPackages_35.clang; - clang-tools = callPackage ../development/tools/clang-tools { }; + clang-tools = callPackage ../development/tools/clang-tools { + llvmPackages = llvmPackages_latest; + }; clang-analyzer = callPackage ../development/tools/analysis/clang-analyzer { }; @@ -7674,7 +7676,7 @@ in inherit (beam.interpreters) erlang erlangR18 erlangR19 erlangR20 erlangR21 erlang_odbc erlang_javac erlang_odbc_javac erlang_nox erlang_basho_R16B02 - elixir elixir_1_7 elixir_1_6 elixir_1_5 elixir_1_4 elixir_1_3 + elixir elixir_1_8 elixir_1_7 elixir_1_6 elixir_1_5 elixir_1_4 lfe lfe_1_2; inherit (beam.packages.erlang) @@ -8811,6 +8813,7 @@ in minify = callPackage ../development/web/minify { }; minizinc = callPackage ../development/tools/minizinc { }; + minizincide = qt5.callPackage ../development/tools/minizinc/ide.nix { }; mk = callPackage ../development/tools/build-managers/mk { }; @@ -13448,7 +13451,7 @@ in clamsmtp = callPackage ../servers/mail/clamsmtp { }; clickhouse = callPackage ../servers/clickhouse { - inherit (llvmPackages_6) clang-unwrapped lld llvm; + inherit (llvmPackages_latest) clang-unwrapped lld llvm; }; couchdb = callPackage ../servers/http/couchdb { @@ -20375,7 +20378,9 @@ in angband = callPackage ../games/angband { }; - anki = python3Packages.callPackage ../games/anki { }; + anki = python3Packages.callPackage ../games/anki { + inherit (darwin.apple_sdk.frameworks) CoreAudio; + }; armagetronad = callPackage ../games/armagetronad { }; diff --git a/pkgs/top-level/beam-packages.nix b/pkgs/top-level/beam-packages.nix index 85bdc59e6db..f05cf3d9290 100644 --- a/pkgs/top-level/beam-packages.nix +++ b/pkgs/top-level/beam-packages.nix @@ -61,7 +61,7 @@ rec { # Other Beam languages. These are built with `beam.interpreters.erlang`. To # access for example elixir built with different version of Erlang, use # `beam.packages.erlangR19.elixir`. - inherit (packages.erlang) elixir elixir_1_7 elixir_1_6 elixir_1_5 elixir_1_4 elixir_1_3; + inherit (packages.erlang) elixir elixir_1_8 elixir_1_7 elixir_1_6 elixir_1_5 elixir_1_4; inherit (packages.erlang) lfe lfe_1_2; }; diff --git a/pkgs/top-level/python-packages.nix b/pkgs/top-level/python-packages.nix index d77046f8b7a..d6f9bbf288e 100644 --- a/pkgs/top-level/python-packages.nix +++ b/pkgs/top-level/python-packages.nix @@ -1184,6 +1184,8 @@ in { case = callPackage ../development/python-modules/case {}; + cbor = callPackage ../development/python-modules/cbor {}; + cassandra-driver = callPackage ../development/python-modules/cassandra-driver { }; cccolutils = callPackage ../development/python-modules/cccolutils {}; @@ -1720,7 +1722,11 @@ in { gateone = callPackage ../development/python-modules/gateone { }; - gcutil = callPackage ../development/python-modules/gcutil { }; + # TODO: Remove after 19.03 is branched off: + gcutil = throw '' + pythonPackages.gcutil is deprecated and can be replaced with "gcloud + compute" from the package google-cloud-sdk. + ''; GeoIP = callPackage ../development/python-modules/GeoIP { }; @@ -2283,6 +2289,8 @@ in { dtopt = callPackage ../development/python-modules/dtopt { }; + easywatch = callPackage ../development/python-modules/easywatch { }; + ecdsa = callPackage ../development/python-modules/ecdsa { }; effect = callPackage ../development/python-modules/effect {}; @@ -3988,6 +3996,8 @@ in { sqlalchemy_migrate = callPackage ../development/python-modules/sqlalchemy-migrate { }; + staticjinja = callPackage ../development/python-modules/staticjinja { }; + statsmodels = callPackage ../development/python-modules/statsmodels { }; structlog = callPackage ../development/python-modules/structlog { };