From 0e4c444cfecb83b294b27518c43dbcaab28b920e Mon Sep 17 00:00:00 2001 From: Will Dietz Date: Fri, 30 Nov 2018 19:59:55 -0600 Subject: [PATCH 01/76] minizincide: init at 2.2.3 * wrap so minizinc on PATH (to ensure it's avail/found) --- pkgs/development/tools/minizinc/ide.nix | 42 +++++++++++++++++++++++++ pkgs/top-level/all-packages.nix | 1 + 2 files changed, 43 insertions(+) create mode 100644 pkgs/development/tools/minizinc/ide.nix diff --git a/pkgs/development/tools/minizinc/ide.nix b/pkgs/development/tools/minizinc/ide.nix new file mode 100644 index 00000000000..1bfb0726d6a --- /dev/null +++ b/pkgs/development/tools/minizinc/ide.nix @@ -0,0 +1,42 @@ +{ stdenv, fetchFromGitHub, qtbase, qtwebengine, qtwebkit, qmake, makeWrapper, minizinc }: +let + version = "2.2.3"; +in +stdenv.mkDerivation { + name = "minizinc-ide-${version}"; + + nativeBuildInputs = [ qmake makeWrapper ]; + buildInputs = [ qtbase qtwebengine qtwebkit ]; + + src = fetchFromGitHub { + owner = "MiniZinc"; + repo = "MiniZincIDE"; + rev = version; # XXX chance it//revisit: "3d66971a0cad6edbe797f4dd940229d38e5bfe3d"; # tags on the repo are disappearing: See https://github.com/MiniZinc/libminizinc/issues/257 + sha256 = "1hanq7c6li59awlwghgvpd8w93a7zb6iw7p4062nphnbd1dmg92f"; + }; + + postUnpack = ''export sourceRoot="$sourceRoot/MiniZincIDE"''; + + enableParallelBuilding = true; + + postInstall = '' + wrapProgram $out/bin/MiniZincIDE --prefix PATH ":" ${stdenv.lib.makeBinPath [ minizinc ]} + ''; + + meta = with stdenv.lib; { + homepage = http://www.minizinc.org/; + description = "IDE for MiniZinc, a medium-level constraint modelling language."; + + longDescription = '' + MiniZinc is a medium-level constraint modelling + language. It is high-level enough to express most + constraint problems easily, but low-level enough + that it can be mapped onto existing solvers easily and consistently. + It is a subset of the higher-level language Zinc. + ''; + + license = licenses.mpl20; + platforms = platforms.linux; + maintainers = [ maintainers.sheenobu ]; + }; +} diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index cc18e0a0611..9e1c190aa31 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -8725,6 +8725,7 @@ with pkgs; minify = callPackage ../development/web/minify { }; minizinc = callPackage ../development/tools/minizinc { }; + minizincide = qt5.callPackage ../development/tools/minizinc/ide.nix { }; mk = callPackage ../development/tools/build-managers/mk { }; From 3d5ee8648846b3f36038d1197a2882fd9cca8538 Mon Sep 17 00:00:00 2001 From: Will Dietz Date: Sun, 2 Dec 2018 12:14:43 -0600 Subject: [PATCH 02/76] minizincide: https, touchup, don't volunteer others to maintain haha :P --- pkgs/development/tools/minizinc/ide.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/development/tools/minizinc/ide.nix b/pkgs/development/tools/minizinc/ide.nix index 1bfb0726d6a..9e4edc236df 100644 --- a/pkgs/development/tools/minizinc/ide.nix +++ b/pkgs/development/tools/minizinc/ide.nix @@ -11,7 +11,7 @@ stdenv.mkDerivation { src = fetchFromGitHub { owner = "MiniZinc"; repo = "MiniZincIDE"; - rev = version; # XXX chance it//revisit: "3d66971a0cad6edbe797f4dd940229d38e5bfe3d"; # tags on the repo are disappearing: See https://github.com/MiniZinc/libminizinc/issues/257 + rev = version; sha256 = "1hanq7c6li59awlwghgvpd8w93a7zb6iw7p4062nphnbd1dmg92f"; }; @@ -24,7 +24,7 @@ stdenv.mkDerivation { ''; meta = with stdenv.lib; { - homepage = http://www.minizinc.org/; + homepage = https://www.minizinc.org/; description = "IDE for MiniZinc, a medium-level constraint modelling language."; longDescription = '' @@ -37,6 +37,6 @@ stdenv.mkDerivation { license = licenses.mpl20; platforms = platforms.linux; - maintainers = [ maintainers.sheenobu ]; + maintainers = [ maintainers.dtzWill ]; }; } From 8b4d458ccd7f4e96c5cab8373b28316de9b802a1 Mon Sep 17 00:00:00 2001 From: Will Dietz Date: Wed, 5 Dec 2018 18:19:19 -0600 Subject: [PATCH 03/76] i2c-tools: 4.0 -> 4.1 https://marc.info/?l=linux-i2c&m=154383448901807&w=2 --- pkgs/os-specific/linux/i2c-tools/default.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/os-specific/linux/i2c-tools/default.nix b/pkgs/os-specific/linux/i2c-tools/default.nix index 3f90b91f10d..b3fd34f665e 100644 --- a/pkgs/os-specific/linux/i2c-tools/default.nix +++ b/pkgs/os-specific/linux/i2c-tools/default.nix @@ -2,11 +2,11 @@ stdenv.mkDerivation rec { name = "i2c-tools-${version}"; - version = "4.0"; + version = "4.1"; src = fetchurl { url = "https://www.kernel.org/pub/software/utils/i2c-tools/${name}.tar.xz"; - sha256 = "1mi8mykvl89y6liinc9jv1x8m2q093wrdc2hm86a47n524fcl06r"; + sha256 = "1m97hpwqfaqjl9xvr4pvz2vdrsdvxbcn0nnx8pamnyc3s7pikcjp"; }; buildInputs = [ perl ]; @@ -17,7 +17,7 @@ stdenv.mkDerivation rec { ''; installPhase = '' - make install prefix=$out + make install PREFIX=$out rm -rf $out/include # Installs include/linux/i2c-dev.h that conflics with kernel headers ''; From 5a09820a13c2cd742f9db4b19388400a954ca00f Mon Sep 17 00:00:00 2001 From: Robert Scott Date: Sun, 2 Dec 2018 16:26:31 +0000 Subject: [PATCH 04/76] afl-qemu: update to qemu 2.10.0, as specified by afl 2.52b refresh patches & configure options directly from afl 2.52b to make installation as vanilla as possible --- pkgs/tools/security/afl/default.nix | 137 +++---- .../security/afl/qemu-patches/afl-config.h | 335 ------------------ .../afl/qemu-patches/afl-qemu-cpu-inl.h | 296 ---------------- .../security/afl/qemu-patches/afl-types.h | 79 ----- .../security/afl/qemu-patches/cpu-exec.patch | 33 -- .../security/afl/qemu-patches/elfload.patch | 32 -- .../afl/qemu-patches/no-etc-install.patch | 11 +- .../qemu-patches/qemu-2.10.0-glibc-2.27.patch | 28 ++ .../qemu-patches/qemu-2.3.0-glibc-2.26.patch | 121 ------- .../security/afl/qemu-patches/syscall.patch | 25 -- .../afl/qemu-patches/translate-all.patch | 18 - pkgs/tools/security/afl/qemu.nix | 64 ++-- 12 files changed, 136 insertions(+), 1043 deletions(-) delete mode 100644 pkgs/tools/security/afl/qemu-patches/afl-config.h delete mode 100644 pkgs/tools/security/afl/qemu-patches/afl-qemu-cpu-inl.h delete mode 100644 pkgs/tools/security/afl/qemu-patches/afl-types.h delete mode 100644 pkgs/tools/security/afl/qemu-patches/cpu-exec.patch delete mode 100644 pkgs/tools/security/afl/qemu-patches/elfload.patch create mode 100644 pkgs/tools/security/afl/qemu-patches/qemu-2.10.0-glibc-2.27.patch delete mode 100644 pkgs/tools/security/afl/qemu-patches/qemu-2.3.0-glibc-2.26.patch delete mode 100644 pkgs/tools/security/afl/qemu-patches/syscall.patch delete mode 100644 pkgs/tools/security/afl/qemu-patches/translate-all.patch diff --git a/pkgs/tools/security/afl/default.nix b/pkgs/tools/security/afl/default.nix index 3476606049d..067d355fb90 100644 --- a/pkgs/tools/security/afl/default.nix +++ b/pkgs/tools/security/afl/default.nix @@ -3,79 +3,80 @@ }: let - afl-qemu = callPackage ./qemu.nix {}; + afl-qemu = callPackage ./qemu.nix { inherit afl; }; qemu-exe-name = if stdenv.hostPlatform.system == "x86_64-linux" then "qemu-x86_64" else if stdenv.hostPlatform.system == "i686-linux" then "qemu-i386" else throw "afl: no support for ${stdenv.hostPlatform.system}!"; -in + afl = stdenv.mkDerivation rec { + name = "afl-${version}"; + version = "2.52b"; -stdenv.mkDerivation rec { - name = "afl-${version}"; - version = "2.52b"; + src = fetchurl { + url = "http://lcamtuf.coredump.cx/afl/releases/${name}.tgz"; + sha256 = "0ig0ij4n1pwry5dw1hk4q88801jzzy2cric6y2gd6560j55lnqa3"; + }; - src = fetchurl { - url = "http://lcamtuf.coredump.cx/afl/releases/${name}.tgz"; - sha256 = "0ig0ij4n1pwry5dw1hk4q88801jzzy2cric6y2gd6560j55lnqa3"; - }; + # Note: libcgroup isn't needed for building, just for the afl-cgroup + # script. + buildInputs = [ makeWrapper llvm which ]; - # Note: libcgroup isn't needed for building, just for the afl-cgroup - # script. - buildInputs = [ makeWrapper llvm which ]; - - buildPhase = '' - make PREFIX=$out - cd llvm_mode - make PREFIX=$out - cd .. - ''; - installPhase = '' - # Do the normal installation - make install PREFIX=$out - - # Install the custom QEMU emulator for binary blob fuzzing. - cp ${afl-qemu}/bin/${qemu-exe-name} $out/bin/afl-qemu-trace - - # Install the cgroups wrapper for asan-based fuzzing. - cp experimental/asan_cgroups/limit_memory.sh $out/bin/afl-cgroup - chmod +x $out/bin/afl-cgroup - substituteInPlace $out/bin/afl-cgroup \ - --replace "cgcreate" "${libcgroup}/bin/cgcreate" \ - --replace "cgexec" "${libcgroup}/bin/cgexec" \ - --replace "cgdelete" "${libcgroup}/bin/cgdelete" - - # Patch shebangs before wrapping - patchShebangs $out/bin - - # Wrap afl-clang-fast(++) with a *different* AFL_PATH, because it - # has totally different semantics in that case(?) - and also set a - # proper AFL_CC and AFL_CXX so we don't pick up the wrong one out - # of $PATH. - for x in $out/bin/afl-clang-fast $out/bin/afl-clang-fast++; do - wrapProgram $x \ - --prefix AFL_PATH : "$out/lib/afl" \ - --run 'export AFL_CC=''${AFL_CC:-${clang}/bin/clang} AFL_CXX=''${AFL_CXX:-${clang}/bin/clang++}' - done - ''; - - passthru = { - qemu = afl-qemu; - }; - - meta = { - description = "Powerful fuzzer via genetic algorithms and instrumentation"; - longDescription = '' - American fuzzy lop is a fuzzer that employs a novel type of - compile-time instrumentation and genetic algorithms to - automatically discover clean, interesting test cases that - trigger new internal states in the targeted binary. This - substantially improves the functional coverage for the fuzzed - code. The compact synthesized corpora produced by the tool are - also useful for seeding other, more labor or resource-intensive - testing regimes down the road. + buildPhase = '' + make PREFIX=$out + cd llvm_mode + make PREFIX=$out + cd .. ''; - homepage = "http://lcamtuf.coredump.cx/afl/"; - license = stdenv.lib.licenses.asl20; - platforms = ["x86_64-linux" "i686-linux"]; - maintainers = [ stdenv.lib.maintainers.thoughtpolice ]; + installPhase = '' + # Do the normal installation + make install PREFIX=$out + + # Install the custom QEMU emulator for binary blob fuzzing. + cp ${afl-qemu}/bin/${qemu-exe-name} $out/bin/afl-qemu-trace + + # Install the cgroups wrapper for asan-based fuzzing. + cp experimental/asan_cgroups/limit_memory.sh $out/bin/afl-cgroup + chmod +x $out/bin/afl-cgroup + substituteInPlace $out/bin/afl-cgroup \ + --replace "cgcreate" "${libcgroup}/bin/cgcreate" \ + --replace "cgexec" "${libcgroup}/bin/cgexec" \ + --replace "cgdelete" "${libcgroup}/bin/cgdelete" + + # Patch shebangs before wrapping + patchShebangs $out/bin + + # Wrap afl-clang-fast(++) with a *different* AFL_PATH, because it + # has totally different semantics in that case(?) - and also set a + # proper AFL_CC and AFL_CXX so we don't pick up the wrong one out + # of $PATH. + for x in $out/bin/afl-clang-fast $out/bin/afl-clang-fast++; do + wrapProgram $x \ + --prefix AFL_PATH : "$out/lib/afl" \ + --run 'export AFL_CC=''${AFL_CC:-${clang}/bin/clang} AFL_CXX=''${AFL_CXX:-${clang}/bin/clang++}' + done + ''; + + passthru = { + qemu = afl-qemu; + }; + + meta = { + description = "Powerful fuzzer via genetic algorithms and instrumentation"; + longDescription = '' + American fuzzy lop is a fuzzer that employs a novel type of + compile-time instrumentation and genetic algorithms to + automatically discover clean, interesting test cases that + trigger new internal states in the targeted binary. This + substantially improves the functional coverage for the fuzzed + code. The compact synthesized corpora produced by the tool are + also useful for seeding other, more labor or resource-intensive + testing regimes down the road. + ''; + homepage = "http://lcamtuf.coredump.cx/afl/"; + license = stdenv.lib.licenses.asl20; + platforms = ["x86_64-linux" "i686-linux"]; + maintainers = [ stdenv.lib.maintainers.thoughtpolice ]; + }; }; -} +in afl + + diff --git a/pkgs/tools/security/afl/qemu-patches/afl-config.h b/pkgs/tools/security/afl/qemu-patches/afl-config.h deleted file mode 100644 index cbf48881ade..00000000000 --- a/pkgs/tools/security/afl/qemu-patches/afl-config.h +++ /dev/null @@ -1,335 +0,0 @@ -/* - american fuzzy lop - vaguely configurable bits - ---------------------------------------------- - - Written and maintained by Michal Zalewski - - Copyright 2013, 2014, 2015 Google Inc. All rights reserved. - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at: - - http://www.apache.org/licenses/LICENSE-2.0 - - */ - -#ifndef _HAVE_CONFIG_H -#define _HAVE_CONFIG_H - -#include "afl-types.h" - -/****************************************************** - * * - * Settings that may be of interest to power users: * - * * - ******************************************************/ - -/* Comment out to disable terminal colors: */ - -#define USE_COLOR - -/* Comment out to disable fancy ANSI boxes and use poor man's 7-bit UI: */ - -#define FANCY_BOXES - -/* Default timeout for fuzzed code (milliseconds): */ - -#define EXEC_TIMEOUT 1000 - -/* Timeout rounding factor when auto-scaling (milliseconds): */ - -#define EXEC_TM_ROUND 20 - -/* Default memory limit for child process (MB): */ - -#ifndef __x86_64__ -# define MEM_LIMIT 25 -#else -# define MEM_LIMIT 50 -#endif /* ^!__x86_64__ */ - -/* Default memory limit when running in QEMU mode (MB): */ - -#define MEM_LIMIT_QEMU 200 - -/* Number of calibration cycles per every new test case (and for test - cases that show variable behavior): */ - -#define CAL_CYCLES 10 -#define CAL_CYCLES_LONG 40 - -/* The same, but when AFL_NO_VAR_CHECK is set in the environment: */ - -#define CAL_CYCLES_NO_VAR 4 - -/* Number of subsequent hangs before abandoning an input file: */ - -#define HANG_LIMIT 250 - -/* Maximum number of unique hangs or crashes to record: */ - -#define KEEP_UNIQUE_HANG 500 -#define KEEP_UNIQUE_CRASH 5000 - -/* Baseline number of random tweaks during a single 'havoc' stage: */ - -#define HAVOC_CYCLES 5000 - -/* Maximum multiplier for the above (should be a power of two, beware - of 32-bit int overflows): */ - -#define HAVOC_MAX_MULT 16 - -/* Absolute minimum number of havoc cycles (after all adjustments): */ - -#define HAVOC_MIN 10 - -/* Maximum stacking for havoc-stage tweaks. The actual value is calculated - like this: - - n = random between 1 and HAVOC_STACK_POW2 - stacking = 2^n - - In other words, the default (n = 7) produces 2, 4, 8, 16, 32, 64, or - 128 stacked tweaks: */ - -#define HAVOC_STACK_POW2 7 - -/* Caps on block sizes for cloning and deletion operations. Each of these - ranges has a 33% probability of getting picked, except for the first - two cycles where smaller blocks are favored: */ - -#define HAVOC_BLK_SMALL 32 -#define HAVOC_BLK_MEDIUM 128 -#define HAVOC_BLK_LARGE 1500 - -/* Probabilities of skipping non-favored entries in the queue, expressed as - percentages: */ - -#define SKIP_TO_NEW_PROB 99 /* ...when there are new, pending favorites */ -#define SKIP_NFAV_OLD_PROB 95 /* ...no new favs, cur entry already fuzzed */ -#define SKIP_NFAV_NEW_PROB 75 /* ...no new favs, cur entry not fuzzed yet */ - -/* Splicing cycle count: */ - -#define SPLICE_CYCLES 20 - -/* Nominal per-splice havoc cycle length: */ - -#define SPLICE_HAVOC 500 - -/* Maximum offset for integer addition / subtraction stages: */ - -#define ARITH_MAX 35 - -/* Limits for the test case trimmer. The absolute minimum chunk size; and - the starting and ending divisors for chopping up the input file: */ - -#define TRIM_MIN_BYTES 4 -#define TRIM_START_STEPS 16 -#define TRIM_END_STEPS 1024 - -/* Maximum size of input file, in bytes (keep under 100MB): */ - -#define MAX_FILE (1 * 1024 * 1024) - -/* The same, for the test case minimizer: */ - -#define TMIN_MAX_FILE (10 * 1024 * 1024) - -/* Block normalization steps for afl-tmin: */ - -#define TMIN_SET_MIN_SIZE 4 -#define TMIN_SET_STEPS 128 - -/* Maximum dictionary token size (-x), in bytes: */ - -#define MAX_DICT_FILE 128 - -/* Length limits for auto-detected dictionary tokens: */ - -#define MIN_AUTO_EXTRA 3 -#define MAX_AUTO_EXTRA 32 - -/* Maximum number of user-specified dictionary tokens to use in deterministic - steps; past this point, the "extras/user" step will be still carried out, - but with proportionally lower odds: */ - -#define MAX_DET_EXTRAS 200 - -/* Maximum number of auto-extracted dictionary tokens to actually use in fuzzing - (first value), and to keep in memory as candidates. The latter should be much - higher than the former. */ - -#define USE_AUTO_EXTRAS 50 -#define MAX_AUTO_EXTRAS (USE_AUTO_EXTRAS * 10) - -/* Scaling factor for the effector map used to skip some of the more - expensive deterministic steps. The actual divisor is set to - 2^EFF_MAP_SCALE2 bytes: */ - -#define EFF_MAP_SCALE2 3 - -/* Minimum input file length at which the effector logic kicks in: */ - -#define EFF_MIN_LEN 128 - -/* Maximum effector density past which everything is just fuzzed - unconditionally (%): */ - -#define EFF_MAX_PERC 90 - -/* UI refresh frequency (Hz): */ - -#define UI_TARGET_HZ 5 - -/* Fuzzer stats file and plot update intervals (sec): */ - -#define STATS_UPDATE_SEC 60 -#define PLOT_UPDATE_SEC 5 - -/* Smoothing divisor for CPU load and exec speed stats (1 - no smoothing). */ - -#define AVG_SMOOTHING 16 - -/* Sync interval (every n havoc cycles): */ - -#define SYNC_INTERVAL 5 - -/* Output directory reuse grace period (minutes): */ - -#define OUTPUT_GRACE 25 - -/* Uncomment to use simple file names (id_NNNNNN): */ - -// #define SIMPLE_FILES - -/* List of interesting values to use in fuzzing. */ - -#define INTERESTING_8 \ - -128, /* Overflow signed 8-bit when decremented */ \ - -1, /* */ \ - 0, /* */ \ - 1, /* */ \ - 16, /* One-off with common buffer size */ \ - 32, /* One-off with common buffer size */ \ - 64, /* One-off with common buffer size */ \ - 100, /* One-off with common buffer size */ \ - 127 /* Overflow signed 8-bit when incremented */ - -#define INTERESTING_16 \ - -32768, /* Overflow signed 16-bit when decremented */ \ - -129, /* Overflow signed 8-bit */ \ - 128, /* Overflow signed 8-bit */ \ - 255, /* Overflow unsig 8-bit when incremented */ \ - 256, /* Overflow unsig 8-bit */ \ - 512, /* One-off with common buffer size */ \ - 1000, /* One-off with common buffer size */ \ - 1024, /* One-off with common buffer size */ \ - 4096, /* One-off with common buffer size */ \ - 32767 /* Overflow signed 16-bit when incremented */ - -#define INTERESTING_32 \ - -2147483648LL, /* Overflow signed 32-bit when decremented */ \ - -100663046, /* Large negative number (endian-agnostic) */ \ - -32769, /* Overflow signed 16-bit */ \ - 32768, /* Overflow signed 16-bit */ \ - 65535, /* Overflow unsig 16-bit when incremented */ \ - 65536, /* Overflow unsig 16 bit */ \ - 100663045, /* Large positive number (endian-agnostic) */ \ - 2147483647 /* Overflow signed 32-bit when incremented */ - -/*********************************************************** - * * - * Really exotic stuff you probably don't want to touch: * - * * - ***********************************************************/ - -/* Call count interval between reseeding the libc PRNG from /dev/urandom: */ - -#define RESEED_RNG 10000 - -/* Maximum line length passed from GCC to 'as' and used for parsing - configuration files: */ - -#define MAX_LINE 8192 - -/* Environment variable used to pass SHM ID to the called program. */ - -#define SHM_ENV_VAR "__AFL_SHM_ID" - -/* Other less interesting, internal-only variables. */ - -#define CLANG_ENV_VAR "__AFL_CLANG_MODE" -#define AS_LOOP_ENV_VAR "__AFL_AS_LOOPCHECK" - -/* Distinctive bitmap signature used to indicate failed execution: */ - -#define EXEC_FAIL_SIG 0xfee1dead - -/* Distinctive exit code used to indicate MSAN trip condition: */ - -#define MSAN_ERROR 86 - -/* Designated file descriptors for forkserver commands (the application will - use FORKSRV_FD and FORKSRV_FD + 1): */ - -#define FORKSRV_FD 198 - -/* Fork server init timeout multiplier: we'll wait the user-selected - timeout plus this much for the fork server to spin up. */ - -#define FORK_WAIT_MULT 10 - -/* Calibration timeout adjustments, to be a bit more generous when resuming - fuzzing sessions or trying to calibrate already-added internal finds. - The first value is a percentage, the other is in milliseconds: */ - -#define CAL_TMOUT_PERC 125 -#define CAL_TMOUT_ADD 50 - -/* Number of chances to calibrate a case before giving up: */ - -#define CAL_CHANCES 3 - -/* Map size for the traced binary (2^MAP_SIZE_POW2). Must be greater than - 2; you probably want to keep it under 18 or so for performance reasons - (adjusting AFL_INST_RATIO when compiling is probably a better way to solve - problems with complex programs). You need to recompile the target binary - after changing this - otherwise, SEGVs may ensue. */ - -#define MAP_SIZE_POW2 16 -#define MAP_SIZE (1 << MAP_SIZE_POW2) - -/* Maximum allocator request size (keep well under INT_MAX): */ - -#define MAX_ALLOC 0x40000000 - -/* A made-up hashing seed: */ - -#define HASH_CONST 0xa5b35705 - -/* Constants for afl-gotcpu to control busy loop timing: */ - -#define CTEST_TARGET_MS 5000 -#define CTEST_BUSY_CYCLES (10 * 1000 * 1000) - -/* Uncomment this to use inferior block-coverage-based instrumentation. Note - that you need to recompile the target binary for this to have any effect: */ - -// #define COVERAGE_ONLY - -/* Uncomment this to ignore hit counts and output just one bit per tuple. - As with the previous setting, you will need to recompile the target - binary: */ - -// #define SKIP_COUNTS - -/* Uncomment this to use instrumentation data to record newly discovered paths, - but do not use them as seeds for fuzzing. This is useful for conveniently - measuring coverage that could be attained by a "dumb" fuzzing algorithm: */ - -// #define IGNORE_FINDS - -#endif /* ! _HAVE_CONFIG_H */ diff --git a/pkgs/tools/security/afl/qemu-patches/afl-qemu-cpu-inl.h b/pkgs/tools/security/afl/qemu-patches/afl-qemu-cpu-inl.h deleted file mode 100644 index e4a470b5523..00000000000 --- a/pkgs/tools/security/afl/qemu-patches/afl-qemu-cpu-inl.h +++ /dev/null @@ -1,296 +0,0 @@ -/* - american fuzzy lop - high-performance binary-only instrumentation - ----------------------------------------------------------------- - - Written by Andrew Griffiths and - Michal Zalewski - - Idea & design very much by Andrew Griffiths. - - Copyright 2015 Google Inc. All rights reserved. - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at: - - http://www.apache.org/licenses/LICENSE-2.0 - - This code is a shim patched into the separately-distributed source - code of QEMU 2.2.0. It leverages the built-in QEMU tracing functionality - to implement AFL-style instrumentation and to take care of the remaining - parts of the AFL fork server logic. - - The resulting QEMU binary is essentially a standalone instrumentation - tool; for an example of how to leverage it for other purposes, you can - have a look at afl-showmap.c. - - */ - -#include -#include "afl-config.h" - -/*************************** - * VARIOUS AUXILIARY STUFF * - ***************************/ - -/* A snippet patched into tb_find_slow to inform the parent process that - we have hit a new block that hasn't been translated yet, and to tell - it to translate within its own context, too (this avoids translation - overhead in the next forked-off copy). */ - -#define AFL_QEMU_CPU_SNIPPET1 do { \ - afl_request_tsl(pc, cs_base, flags); \ - } while (0) - -/* This snippet kicks in when the instruction pointer is positioned at - _start and does the usual forkserver stuff, not very different from - regular instrumentation injected via afl-as.h. */ - -#define AFL_QEMU_CPU_SNIPPET2 do { \ - if(tb->pc == afl_entry_point) { \ - afl_setup(); \ - afl_forkserver(env); \ - } \ - afl_maybe_log(tb->pc); \ - } while (0) - -/* We use one additional file descriptor to relay "needs translation" - messages between the child and the fork server. */ - -#define TSL_FD (FORKSRV_FD - 1) - -/* This is equivalent to afl-as.h: */ - -static unsigned char *afl_area_ptr; - -/* Exported variables populated by the code patched into elfload.c: */ - -abi_ulong afl_entry_point, /* ELF entry point (_start) */ - afl_start_code, /* .text start pointer */ - afl_end_code; /* .text end pointer */ - -/* Set in the child process in forkserver mode: */ - -static unsigned char afl_fork_child; -unsigned int afl_forksrv_pid; - -/* Instrumentation ratio: */ - -static unsigned int afl_inst_rms = MAP_SIZE; - -/* Function declarations. */ - -static void afl_setup(void); -static void afl_forkserver(CPUArchState*); -static inline void afl_maybe_log(abi_ulong); - -static void afl_wait_tsl(CPUArchState*, int); -static void afl_request_tsl(target_ulong, target_ulong, uint64_t); - -static TranslationBlock *tb_find_slow(CPUArchState*, target_ulong, - target_ulong, uint64_t); - - -/* Data structure passed around by the translate handlers: */ - -struct afl_tsl { - target_ulong pc; - target_ulong cs_base; - uint64_t flags; -}; - - -/************************* - * ACTUAL IMPLEMENTATION * - *************************/ - - -/* Set up SHM region and initialize other stuff. */ - -static void afl_setup(void) { - - char *id_str = getenv(SHM_ENV_VAR), - *inst_r = getenv("AFL_INST_RATIO"); - - int shm_id; - - if (inst_r) { - - unsigned int r; - - r = atoi(inst_r); - - if (r > 100) r = 100; - if (!r) r = 1; - - afl_inst_rms = MAP_SIZE * r / 100; - - } - - if (id_str) { - - shm_id = atoi(id_str); - afl_area_ptr = shmat(shm_id, NULL, 0); - - if (afl_area_ptr == (void*)-1) exit(1); - - /* With AFL_INST_RATIO set to a low value, we want to touch the bitmap - so that the parent doesn't give up on us. */ - - if (inst_r) afl_area_ptr[0] = 1; - - - } - - if (getenv("AFL_INST_LIBS")) { - - afl_start_code = 0; - afl_end_code = (abi_ulong)-1; - - } - -} - - -/* Fork server logic, invoked once we hit _start. */ - -static void afl_forkserver(CPUArchState *env) { - - static unsigned char tmp[4]; - - if (!afl_area_ptr) return; - - /* Tell the parent that we're alive. If the parent doesn't want - to talk, assume that we're not running in forkserver mode. */ - - if (write(FORKSRV_FD + 1, tmp, 4) != 4) return; - - afl_forksrv_pid = getpid(); - - /* All right, let's await orders... */ - - while (1) { - - pid_t child_pid; - int status, t_fd[2]; - - /* Whoops, parent dead? */ - - if (read(FORKSRV_FD, tmp, 4) != 4) exit(2); - - /* Establish a channel with child to grab translation commands. We'll - read from t_fd[0], child will write to TSL_FD. */ - - if (pipe(t_fd) || dup2(t_fd[1], TSL_FD) < 0) exit(3); - close(t_fd[1]); - - child_pid = fork(); - if (child_pid < 0) exit(4); - - if (!child_pid) { - - /* Child process. Close descriptors and run free. */ - - afl_fork_child = 1; - close(FORKSRV_FD); - close(FORKSRV_FD + 1); - close(t_fd[0]); - return; - - } - - /* Parent. */ - - close(TSL_FD); - - if (write(FORKSRV_FD + 1, &child_pid, 4) != 4) exit(5); - - /* Collect translation requests until child dies and closes the pipe. */ - - afl_wait_tsl(env, t_fd[0]); - - /* Get and relay exit status to parent. */ - - if (waitpid(child_pid, &status, WUNTRACED) < 0) exit(6); - if (write(FORKSRV_FD + 1, &status, 4) != 4) exit(7); - - } - -} - - -/* The equivalent of the tuple logging routine from afl-as.h. */ - -static inline void afl_maybe_log(abi_ulong cur_loc) { - - static abi_ulong prev_loc; - - /* Optimize for cur_loc > afl_end_code, which is the most likely case on - Linux systems. */ - - if (cur_loc > afl_end_code || cur_loc < afl_start_code || !afl_area_ptr) - return; - - /* Looks like QEMU always maps to fixed locations, so we can skip this: - cur_loc -= afl_start_code; */ - - /* Instruction addresses may be aligned. Let's mangle the value to get - something quasi-uniform. */ - - cur_loc = (cur_loc >> 4) ^ (cur_loc << 8); - cur_loc &= MAP_SIZE - 1; - - /* Implement probabilistic instrumentation by looking at scrambled block - address. This keeps the instrumented locations stable across runs. */ - - if (cur_loc >= afl_inst_rms) return; - - afl_area_ptr[cur_loc ^ prev_loc]++; - prev_loc = cur_loc >> 1; - -} - - -/* This code is invoked whenever QEMU decides that it doesn't have a - translation of a particular block and needs to compute it. When this happens, - we tell the parent to mirror the operation, so that the next fork() has a - cached copy. */ - -static void afl_request_tsl(target_ulong pc, target_ulong cb, uint64_t flags) { - - struct afl_tsl t; - - if (!afl_fork_child) return; - - t.pc = pc; - t.cs_base = cb; - t.flags = flags; - - if (write(TSL_FD, &t, sizeof(struct afl_tsl)) != sizeof(struct afl_tsl)) - return; - -} - - -/* This is the other side of the same channel. Since timeouts are handled by - afl-fuzz simply killing the child, we can just wait until the pipe breaks. */ - -static void afl_wait_tsl(CPUArchState *env, int fd) { - - struct afl_tsl t; - - while (1) { - - /* Broken pipe means it's time to return to the fork server routine. */ - - if (read(fd, &t, sizeof(struct afl_tsl)) != sizeof(struct afl_tsl)) - break; - - tb_find_slow(env, t.pc, t.cs_base, t.flags); - - } - - close(fd); - -} - diff --git a/pkgs/tools/security/afl/qemu-patches/afl-types.h b/pkgs/tools/security/afl/qemu-patches/afl-types.h deleted file mode 100644 index 58d6be51e2d..00000000000 --- a/pkgs/tools/security/afl/qemu-patches/afl-types.h +++ /dev/null @@ -1,79 +0,0 @@ -/* - american fuzzy lop - type definitions and minor macros - ------------------------------------------------------ - - Written and maintained by Michal Zalewski - - Copyright 2013, 2014, 2015 Google Inc. All rights reserved. - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at: - - http://www.apache.org/licenses/LICENSE-2.0 - - */ - -#ifndef _HAVE_TYPES_H -#define _HAVE_TYPES_H - -#include -#include - -typedef uint8_t u8; -typedef uint16_t u16; -typedef uint32_t u32; - -/* - - Ugh. There is an unintended compiler / glibc #include glitch caused by - combining the u64 type an %llu in format strings, necessitating a workaround. - - In essence, the compiler is always looking for 'unsigned long long' for %llu. - On 32-bit systems, the u64 type (aliased to uint64_t) is expanded to - 'unsigned long long' in , so everything checks out. - - But on 64-bit systems, it is #ifdef'ed in the same file as 'unsigned long'. - Now, it only happens in circumstances where the type happens to have the - expected bit width, *but* the compiler does not know that... and complains - about 'unsigned long' being unsafe to pass to %llu. - - */ - -#ifdef __x86_64__ -typedef unsigned long long u64; -#else -typedef uint64_t u64; -#endif /* ^sizeof(...) */ - -typedef int8_t s8; -typedef int16_t s16; -typedef int32_t s32; -typedef int64_t s64; - -#ifndef MIN -# define MIN(_a,_b) ((_a) > (_b) ? (_b) : (_a)) -# define MAX(_a,_b) ((_a) > (_b) ? (_a) : (_b)) -#endif /* !MIN */ - -#define SWAP16(_x) ({ \ - u16 _ret = (_x); \ - (u16)((_ret << 8) | (_ret >> 8)); \ - }) - -#define SWAP32(_x) ({ \ - u32 _ret = (_x); \ - (u32)((_ret << 24) | (_ret >> 24) | \ - ((_ret << 8) & 0x00FF0000) | \ - ((_ret >> 8) & 0x0000FF00)); \ - }) - -#define R(x) (random() % (x)) - -#define STRINGIFY_INTERNAL(x) #x -#define STRINGIFY(x) STRINGIFY_INTERNAL(x) - -#define MEM_BARRIER() \ - asm volatile("" ::: "memory") - -#endif /* ! _HAVE_TYPES_H */ diff --git a/pkgs/tools/security/afl/qemu-patches/cpu-exec.patch b/pkgs/tools/security/afl/qemu-patches/cpu-exec.patch deleted file mode 100644 index 75a7ea450ef..00000000000 --- a/pkgs/tools/security/afl/qemu-patches/cpu-exec.patch +++ /dev/null @@ -1,33 +0,0 @@ ---- qemu-2.3.0/cpu-exec.c.orig 2014-12-09 14:45:40.000000000 +0000 -+++ qemu-2.3.0/cpu-exec.c 2015-02-20 22:07:02.966000000 +0000 -@@ -28,6 +28,8 @@ - #include "exec/memory-internal.h" - #include "qemu/rcu.h" - -+#include "afl-qemu-cpu-inl.h" -+ - /* -icount align implementation. */ - - typedef struct SyncClocks { -@@ -296,8 +298,11 @@ - } - not_found: - /* if no translated code available, then translate it now */ -+ - tb = tb_gen_code(cpu, pc, cs_base, flags, 0); - -+ AFL_QEMU_CPU_SNIPPET1; -+ - found: - /* Move the last found TB to the head of the list */ - if (likely(*ptb1)) { -@@ -492,6 +497,9 @@ - next_tb = 0; - tcg_ctx.tb_ctx.tb_invalidated_flag = 0; - } -+ -+ AFL_QEMU_CPU_SNIPPET2; -+ - if (qemu_loglevel_mask(CPU_LOG_EXEC)) { - qemu_log("Trace %p [" TARGET_FMT_lx "] %s\n", - tb->tc_ptr, tb->pc, lookup_symbol(tb->pc)); diff --git a/pkgs/tools/security/afl/qemu-patches/elfload.patch b/pkgs/tools/security/afl/qemu-patches/elfload.patch deleted file mode 100644 index 325c917d15a..00000000000 --- a/pkgs/tools/security/afl/qemu-patches/elfload.patch +++ /dev/null @@ -1,32 +0,0 @@ ---- qemu-2.3.0/linux-user/elfload.c.orig 2014-12-09 14:45:42.000000000 +0000 -+++ qemu-2.3.0/linux-user/elfload.c 2015-01-28 02:51:23.719000000 +0000 -@@ -28,6 +28,8 @@ - - #define ELF_OSABI ELFOSABI_SYSV - -+extern abi_ulong afl_entry_point, afl_start_code, afl_end_code; -+ - /* from personality.h */ - - /* -@@ -1889,6 +1891,8 @@ - info->brk = 0; - info->elf_flags = ehdr->e_flags; - -+ if (!afl_entry_point) afl_entry_point = info->entry; -+ - for (i = 0; i < ehdr->e_phnum; i++) { - struct elf_phdr *eppnt = phdr + i; - if (eppnt->p_type == PT_LOAD) { -@@ -1922,9 +1926,11 @@ - if (elf_prot & PROT_EXEC) { - if (vaddr < info->start_code) { - info->start_code = vaddr; -+ if (!afl_start_code) afl_start_code = vaddr; - } - if (vaddr_ef > info->end_code) { - info->end_code = vaddr_ef; -+ if (!afl_end_code) afl_end_code = vaddr_ef; - } - } - if (elf_prot & PROT_WRITE) { diff --git a/pkgs/tools/security/afl/qemu-patches/no-etc-install.patch b/pkgs/tools/security/afl/qemu-patches/no-etc-install.patch index 81d29feea3d..5dfbfd780f1 100644 --- a/pkgs/tools/security/afl/qemu-patches/no-etc-install.patch +++ b/pkgs/tools/security/afl/qemu-patches/no-etc-install.patch @@ -2,13 +2,12 @@ diff --git a/Makefile b/Makefile index d6b9dc1..ce7c493 100644 --- a/Makefile +++ b/Makefile -@@ -384,8 +384,7 @@ install-confdir: - install-sysconfig: install-datadir install-confdir - $(INSTALL_DATA) $(SRC_PATH)/sysconfigs/target/target-x86_64.conf "$(DESTDIR)$(qemu_confdir)" +@@ -601,7 +601,7 @@ install-localstatedir: + endif --install: all $(if $(BUILD_DOCS),install-doc) install-sysconfig \ --install-datadir install-localstatedir + +-install: all $(if $(BUILD_DOCS),install-doc) install-datadir install-localstatedir +install: all $(if $(BUILD_DOCS),install-doc) install-datadir ifneq ($(TOOLS),) - $(call install-prog,$(TOOLS),$(DESTDIR)$(bindir)) + $(call install-prog,$(subst qemu-ga,qemu-ga$(EXESUF),$(TOOLS)),$(DESTDIR)$(bindir)) endif diff --git a/pkgs/tools/security/afl/qemu-patches/qemu-2.10.0-glibc-2.27.patch b/pkgs/tools/security/afl/qemu-patches/qemu-2.10.0-glibc-2.27.patch new file mode 100644 index 00000000000..6cc663dc1fb --- /dev/null +++ b/pkgs/tools/security/afl/qemu-patches/qemu-2.10.0-glibc-2.27.patch @@ -0,0 +1,28 @@ +A modified version of qemu commit 75e5b70e6b5dcc4f2219992d7cffa462aa406af0 +diff --git a/configure b/configure +index 9c8aa5a..99ccc17 100755 +--- a/configure ++++ b/configure +@@ -3855,7 +3855,7 @@ fi + # check if memfd is supported + memfd=no + cat > $TMPC << EOF +-#include ++#include + + int main(void) + { +diff --git a/util/memfd.c b/util/memfd.c +index 4571d1a..412e94a 100644 +--- a/util/memfd.c ++++ b/util/memfd.c +@@ -31,9 +31,7 @@ + + #include "qemu/memfd.h" + +-#ifdef CONFIG_MEMFD +-#include +-#elif defined CONFIG_LINUX ++#if defined CONFIG_LINUX && !defined CONFIG_MEMFD + #include + #include diff --git a/pkgs/tools/security/afl/qemu-patches/qemu-2.3.0-glibc-2.26.patch b/pkgs/tools/security/afl/qemu-patches/qemu-2.3.0-glibc-2.26.patch deleted file mode 100644 index 1c447c4051e..00000000000 --- a/pkgs/tools/security/afl/qemu-patches/qemu-2.3.0-glibc-2.26.patch +++ /dev/null @@ -1,121 +0,0 @@ -diff --git a/user-exec.c b/user-exec.c -index 8f57e8a..957f9f7 100644 ---- a/user-exec.c -+++ b/user-exec.c -@@ -57,7 +57,7 @@ static void exception_action(CPUState *cpu) - void cpu_resume_from_signal(CPUState *cpu, void *puc) - { - #ifdef __linux__ -- struct ucontext *uc = puc; -+ ucontext_t *uc = puc; - #elif defined(__OpenBSD__) - struct sigcontext *uc = puc; - #endif -@@ -171,7 +171,7 @@ int cpu_signal_handler(int host_signum, void *pinfo, - #elif defined(__OpenBSD__) - struct sigcontext *uc = puc; - #else -- struct ucontext *uc = puc; -+ ucontext_t *uc = puc; - #endif - unsigned long pc; - int trapno; -@@ -226,7 +226,7 @@ int cpu_signal_handler(int host_signum, void *pinfo, - #elif defined(__OpenBSD__) - struct sigcontext *uc = puc; - #else -- struct ucontext *uc = puc; -+ ucontext_t *uc = puc; - #endif - - pc = PC_sig(uc); -@@ -288,7 +288,7 @@ int cpu_signal_handler(int host_signum, void *pinfo, - - #ifdef __APPLE__ - #include --typedef struct ucontext SIGCONTEXT; -+typedef ucontext_t SIGCONTEXT; - /* All Registers access - only for local access */ - #define REG_sig(reg_name, context) \ - ((context)->uc_mcontext->ss.reg_name) -@@ -331,7 +331,7 @@ int cpu_signal_handler(int host_signum, void *pinfo, - #if defined(__FreeBSD__) || defined(__FreeBSD_kernel__) - ucontext_t *uc = puc; - #else -- struct ucontext *uc = puc; -+ ucontext_t *uc = puc; - #endif - unsigned long pc; - int is_write; -@@ -358,7 +358,7 @@ int cpu_signal_handler(int host_signum, void *pinfo, - void *puc) - { - siginfo_t *info = pinfo; -- struct ucontext *uc = puc; -+ ucontext_t *uc = puc; - uint32_t *pc = uc->uc_mcontext.sc_pc; - uint32_t insn = *pc; - int is_write = 0; -@@ -456,7 +456,7 @@ int cpu_signal_handler(int host_signum, void *pinfo, - #if defined(__NetBSD__) - ucontext_t *uc = puc; - #else -- struct ucontext *uc = puc; -+ ucontext_t *uc = puc; - #endif - unsigned long pc; - int is_write; -@@ -483,7 +483,7 @@ int cpu_signal_handler(int host_signum, void *pinfo, - int cpu_signal_handler(int host_signum, void *pinfo, void *puc) - { - siginfo_t *info = pinfo; -- struct ucontext *uc = puc; -+ ucontext_t *uc = puc; - uintptr_t pc = uc->uc_mcontext.pc; - uint32_t insn = *(uint32_t *)pc; - bool is_write; -@@ -512,7 +512,7 @@ int cpu_signal_handler(int host_signum, void *pinfo, - void *puc) - { - siginfo_t *info = pinfo; -- struct ucontext *uc = puc; -+ ucontext_t *uc = puc; - unsigned long pc; - int is_write; - -@@ -534,7 +534,7 @@ int cpu_signal_handler(int host_signum, void *pinfo, - int cpu_signal_handler(int host_signum, void *pinfo, void *puc) - { - siginfo_t *info = pinfo; -- struct ucontext *uc = puc; -+ ucontext_t *uc = puc; - unsigned long ip; - int is_write = 0; - -@@ -565,7 +565,7 @@ int cpu_signal_handler(int host_signum, void *pinfo, - void *puc) - { - siginfo_t *info = pinfo; -- struct ucontext *uc = puc; -+ ucontext_t *uc = puc; - unsigned long pc; - uint16_t *pinsn; - int is_write = 0; -@@ -618,7 +618,7 @@ int cpu_signal_handler(int host_signum, void *pinfo, - void *puc) - { - siginfo_t *info = pinfo; -- struct ucontext *uc = puc; -+ ucontext_t *uc = puc; - greg_t pc = uc->uc_mcontext.pc; - int is_write; - -@@ -634,7 +634,7 @@ int cpu_signal_handler(int host_signum, void *pinfo, - void *puc) - { - siginfo_t *info = pinfo; -- struct ucontext *uc = puc; -+ ucontext_t *uc = puc; - unsigned long pc = uc->uc_mcontext.sc_iaoq[0]; - uint32_t insn = *(uint32_t *)pc; - int is_write = 0; diff --git a/pkgs/tools/security/afl/qemu-patches/syscall.patch b/pkgs/tools/security/afl/qemu-patches/syscall.patch deleted file mode 100644 index 75d39386164..00000000000 --- a/pkgs/tools/security/afl/qemu-patches/syscall.patch +++ /dev/null @@ -1,25 +0,0 @@ ---- qemu-2.3.0/linux-user/syscall.c.orig 2014-12-09 14:45:43.000000000 +0000 -+++ qemu-2.3.0/linux-user/syscall.c 2015-03-27 06:33:00.736000000 +0000 -@@ -227,7 +227,21 @@ - _syscall3(int,sys_rt_sigqueueinfo,int,pid,int,sig,siginfo_t *,uinfo) - _syscall3(int,sys_syslog,int,type,char*,bufp,int,len) - #if defined(TARGET_NR_tgkill) && defined(__NR_tgkill) --_syscall3(int,sys_tgkill,int,tgid,int,pid,int,sig) -+ -+extern unsigned int afl_forksrv_pid; -+ -+static int sys_tgkill(int tgid, int pid, int sig) { -+ -+ /* Workaround for -lpthread to make abort() work properly, without -+ killing the forkserver due to a prematurely cached PID. */ -+ -+ if (afl_forksrv_pid && afl_forksrv_pid == pid && sig == SIGABRT) -+ pid = tgid = getpid(); -+ -+ return syscall(__NR_sys_tgkill, pid, tgid, sig); -+ -+} -+ - #endif - #if defined(TARGET_NR_tkill) && defined(__NR_tkill) - _syscall2(int,sys_tkill,int,tid,int,sig) diff --git a/pkgs/tools/security/afl/qemu-patches/translate-all.patch b/pkgs/tools/security/afl/qemu-patches/translate-all.patch deleted file mode 100644 index 180b3a55ab2..00000000000 --- a/pkgs/tools/security/afl/qemu-patches/translate-all.patch +++ /dev/null @@ -1,18 +0,0 @@ ---- qemu-2.3.0/translate-all.c.orig 2014-12-09 14:45:46.000000000 +0000 -+++ qemu-2.3.0/translate-all.c 2015-01-28 22:37:42.383000000 +0000 -@@ -393,8 +393,13 @@ - /* We can't use g_malloc because it may recurse into a locked mutex. */ - # define ALLOC(P, SIZE) \ - do { \ -- P = mmap(NULL, SIZE, PROT_READ | PROT_WRITE, \ -- MAP_PRIVATE | MAP_ANONYMOUS, -1, 0); \ -+ void* _tmp = mmap(NULL, SIZE, PROT_READ | PROT_WRITE, \ -+ MAP_PRIVATE | MAP_ANONYMOUS, -1, 0); \ -+ if (_tmp == (void*)-1) { \ -+ qemu_log(">>> Out of memory for stack, bailing out. <<<\n"); \ -+ exit(1); \ -+ } \ -+ (P) = _tmp; \ - } while (0) - #else - # define ALLOC(P, SIZE) \ diff --git a/pkgs/tools/security/afl/qemu.nix b/pkgs/tools/security/afl/qemu.nix index 82de6474e59..769b89ec4c5 100644 --- a/pkgs/tools/security/afl/qemu.nix +++ b/pkgs/tools/security/afl/qemu.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchurl, python2, zlib, pkgconfig, glib, ncurses, perl +{ stdenv, fetchurl, afl, python2, zlib, pkgconfig, glib, ncurses, perl , attr, libcap, vde2, texinfo, libuuid, flex, bison, lzo, snappy , libaio, libcap_ng, gnutls, pixman, autoconf , writeText @@ -7,26 +7,34 @@ with stdenv.lib; let - n = "qemu-2.3.0"; - - aflHeaderFile = writeText "afl-qemu-cpu-inl.h" - (builtins.readFile ./qemu-patches/afl-qemu-cpu-inl.h); - aflConfigFile = writeText "afl-config.h" - (builtins.readFile ./qemu-patches/afl-config.h); - aflTypesFile = writeText "afl-types.h" - (builtins.readFile ./qemu-patches/afl-types.h); - + qemuName = "qemu-2.10.0"; + aflName = afl.name; cpuTarget = if stdenv.hostPlatform.system == "x86_64-linux" then "x86_64-linux-user" else if stdenv.hostPlatform.system == "i686-linux" then "i386-linux-user" else throw "afl: no support for ${stdenv.hostPlatform.system}!"; in stdenv.mkDerivation rec { - name = "afl-${n}"; + name = "afl-${qemuName}"; - src = fetchurl { - url = "http://wiki.qemu.org/download/${n}.tar.bz2"; - sha256 = "120m53c3p28qxmfzllicjzr8syjv6v4d9rsyrgkp7gnmcgvvgfmn"; - }; + srcs = [ + (fetchurl { + url = "http://wiki.qemu.org/download/${qemuName}.tar.bz2"; + sha256 = "0j3dfxzrzdp1w21k21fjvmakzc6lcha1rsclaicwqvbf63hkk7vy"; + }) + afl.src + ]; + + sourceRoot = qemuName; + + postUnpack = '' + cp ${aflName}/types.h $sourceRoot/afl-types.h + substitute ${aflName}/config.h $sourceRoot/afl-config.h \ + --replace "types.h" "afl-types.h" + substitute ${aflName}/qemu_mode/patches/afl-qemu-cpu-inl.h $sourceRoot/afl-qemu-cpu-inl.h \ + --replace "../../config.h" "afl-config.h" + substituteInPlace ${aflName}/qemu_mode/patches/cpu-exec.diff \ + --replace "../patches/afl-qemu-cpu-inl.h" "afl-qemu-cpu-inl.h" + ''; buildInputs = [ python2 zlib pkgconfig glib pixman ncurses perl attr libcap @@ -37,29 +45,25 @@ stdenv.mkDerivation rec { enableParallelBuilding = true; - patches = - [ ./qemu-patches/elfload.patch - ./qemu-patches/cpu-exec.patch - ./qemu-patches/no-etc-install.patch - ./qemu-patches/translate-all.patch - ./qemu-patches/syscall.patch - ./qemu-patches/qemu-2.3.0-glibc-2.26.patch - ]; - - preConfigure = '' - cp ${aflTypesFile} afl-types.h - cp ${aflConfigFile} afl-config.h - cp ${aflHeaderFile} afl-qemu-cpu-inl.h - ''; + patches = [ + # patches extracted from afl source + "../${aflName}/qemu_mode/patches/cpu-exec.diff" + "../${aflName}/qemu_mode/patches/elfload.diff" + "../${aflName}/qemu_mode/patches/syscall.diff" + # nix-specific patches to make installation more well-behaved + ./qemu-patches/no-etc-install.patch + ./qemu-patches/qemu-2.10.0-glibc-2.27.patch + ]; configureFlags = [ "--disable-system" "--enable-linux-user" - "--enable-guest-base" "--disable-gtk" "--disable-sdl" "--disable-vnc" "--target-list=${cpuTarget}" + "--enable-pie" + "--enable-kvm" "--sysconfdir=/etc" "--localstatedir=/var" ]; From 9af59a6878a9b9455a351051fcc97bf9e13ee951 Mon Sep 17 00:00:00 2001 From: Russell O'Connor Date: Tue, 25 Dec 2018 16:31:16 -0500 Subject: [PATCH 05/76] Bitcoin: 0.17.0 -> 0.17.1 --- pkgs/applications/altcoins/bitcoin.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/applications/altcoins/bitcoin.nix b/pkgs/applications/altcoins/bitcoin.nix index c266fa2fef2..b50508342bf 100644 --- a/pkgs/applications/altcoins/bitcoin.nix +++ b/pkgs/applications/altcoins/bitcoin.nix @@ -5,13 +5,13 @@ with stdenv.lib; stdenv.mkDerivation rec{ name = "bitcoin" + (toString (optional (!withGui) "d")) + "-" + version; - version = "0.17.0"; + version = "0.17.1"; src = fetchurl { urls = [ "https://bitcoincore.org/bin/bitcoin-core-${version}/bitcoin-${version}.tar.gz" "https://bitcoin.org/bin/bitcoin-core-${version}/bitcoin-${version}.tar.gz" ]; - sha256 = "0pkq28d2dj22qrxyyg9kh0whmhj7ghyabnhyqldbljv4a7l3kvwq"; + sha256 = "0am4pnaf2cisv172jqx6jdpzx770agm8777163lkjbw3ryslymiy"; }; nativeBuildInputs = [ pkgconfig autoreconfHook ] From b3e56b05330e0647f1c2bb4c59159a1cd7e98298 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=D0=A1=D1=83=D1=85=D0=B0=D1=80=D0=B8=D0=BA?= Date: Tue, 25 Dec 2018 17:09:36 +0300 Subject: [PATCH 06/76] musescore: 2.3.2 -> 3.0 --- pkgs/applications/audio/musescore/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/applications/audio/musescore/default.nix b/pkgs/applications/audio/musescore/default.nix index 28381fcfee6..32e121547cb 100644 --- a/pkgs/applications/audio/musescore/default.nix +++ b/pkgs/applications/audio/musescore/default.nix @@ -6,13 +6,13 @@ stdenv.mkDerivation rec { name = "musescore-${version}"; - version = "2.3.2"; + version = "3.0"; src = fetchFromGitHub { owner = "musescore"; repo = "MuseScore"; rev = "v${version}"; - sha256 = "0ncv0xfmq87plqa43cm0fpidlwzz1nq5s7h7139llrbc36yp3pr1"; + sha256 = "0g8n8xpw5d6wh8bwbvy12sinl9i0ir009sr28i4izr28lr4x8v50"; }; cmakeFlags = [ From 987fdea1a8f8c0e1c0052646cfacf463e8a80e28 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20K=C3=B6gler?= Date: Wed, 26 Dec 2018 22:10:04 +0100 Subject: [PATCH 07/76] nixos vdr: introduce option enableLirc also introduce option socket for lirc, to have access to socket path --- nixos/modules/services/hardware/lirc.nix | 10 ++++++++-- nixos/modules/services/hardware/vdr.nix | 14 ++++++++++++-- 2 files changed, 20 insertions(+), 4 deletions(-) diff --git a/nixos/modules/services/hardware/lirc.nix b/nixos/modules/services/hardware/lirc.nix index 0072406a438..ece38bd1e1c 100644 --- a/nixos/modules/services/hardware/lirc.nix +++ b/nixos/modules/services/hardware/lirc.nix @@ -33,6 +33,13 @@ in { description = "Extra arguments to lircd."; }; + socket = mkOption { + type = types.path; + # default search path of many applications + default = "/run/lirc/lircd"; + description = "Socket path"; + }; + }; }; @@ -49,8 +56,7 @@ in { description = "LIRC daemon socket"; wantedBy = [ "sockets.target" ]; socketConfig = { - # default search path - ListenStream = "/run/lirc/lircd"; + ListenStream = cfg.socket; SocketUser = "lirc"; SocketMode = "0660"; }; diff --git a/nixos/modules/services/hardware/vdr.nix b/nixos/modules/services/hardware/vdr.nix index 75136a2f796..695f0cbab1f 100644 --- a/nixos/modules/services/hardware/vdr.nix +++ b/nixos/modules/services/hardware/vdr.nix @@ -33,12 +33,14 @@ in { default = []; description = "Additional command line arguments to pass to VDR."; }; + + enableLirc = mkEnableOption "enable LIRC"; }; }; ###### implementation - config = mkIf cfg.enable { + config = mkIf cfg.enable (mkMerge [{ systemd.tmpfiles.rules = [ "d ${cfg.videoDir} 0755 vdr vdr -" "Z ${cfg.videoDir} - vdr vdr -" @@ -67,5 +69,13 @@ in { }; users.groups.vdr = {}; - }; + } + + (mkIf cfg.enableLirc { + services.lirc.enable = true; + users.users.vdr.extraGroups = [ "lirc" ]; + services.vdr.extraArguments = [ + "--lirc=${config.services.lirc.socket}" + ]; + })]); } From d60806b90bef359a8e654147e7f8c0d39ccd5476 Mon Sep 17 00:00:00 2001 From: Will Dietz Date: Mon, 31 Dec 2018 11:26:07 -0600 Subject: [PATCH 08/76] i2c-toools: touchups, NFCI. (reviewer suggestions, thanks!) --- pkgs/os-specific/linux/i2c-tools/default.nix | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/pkgs/os-specific/linux/i2c-tools/default.nix b/pkgs/os-specific/linux/i2c-tools/default.nix index b3fd34f665e..5b061183356 100644 --- a/pkgs/os-specific/linux/i2c-tools/default.nix +++ b/pkgs/os-specific/linux/i2c-tools/default.nix @@ -11,13 +11,14 @@ stdenv.mkDerivation rec { buildInputs = [ perl ]; - patchPhase = '' + postPatch = '' substituteInPlace eeprom/decode-edid --replace "/usr/sbin/parse-edid" "${read-edid}/bin/parse-edid" substituteInPlace stub/i2c-stub-from-dump --replace "/sbin/" "" ''; - installPhase = '' - make install PREFIX=$out + makeFlags = [ "PREFIX=${placeholder "out"}" ]; + + postInstall = '' rm -rf $out/include # Installs include/linux/i2c-dev.h that conflics with kernel headers ''; From a07c7548563849a7f86f4c7a9d611d1459762873 Mon Sep 17 00:00:00 2001 From: Ryan Mulligan Date: Tue, 1 Jan 2019 14:54:08 -0800 Subject: [PATCH 09/76] haskellPackages.github: dontCheck --- pkgs/development/haskell-modules/configuration-ghc-8.6.x.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/pkgs/development/haskell-modules/configuration-ghc-8.6.x.nix b/pkgs/development/haskell-modules/configuration-ghc-8.6.x.nix index c780564d801..4ed5bfe9a88 100644 --- a/pkgs/development/haskell-modules/configuration-ghc-8.6.x.nix +++ b/pkgs/development/haskell-modules/configuration-ghc-8.6.x.nix @@ -93,6 +93,7 @@ self: super: { # https://github.com/jgm/skylighting/issues/55 skylighting-core = dontCheck super.skylighting-core; + github = dontCheck super.github; # hspec upper bound exceeded; https://github.com/phadej/github/pull/341 # Break out of "yaml >=0.10.4.0 && <0.11". stack = doJailbreak super.stack; From 8acd7a9ab70364cc4ac4c3cabb013dff73dd9166 Mon Sep 17 00:00:00 2001 From: "R. RyanTM" Date: Tue, 1 Jan 2019 16:36:45 -0800 Subject: [PATCH 10/76] libsForQt5.vlc: 3.0.4 -> 3.0.5 Semi-automatic update generated by https://github.com/ryantm/nixpkgs-update tools. This update was made based on information from https://repology.org/metapackage/vlc/versions --- pkgs/applications/video/vlc/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/applications/video/vlc/default.nix b/pkgs/applications/video/vlc/default.nix index cbf3c4917c3..8dee15206f4 100644 --- a/pkgs/applications/video/vlc/default.nix +++ b/pkgs/applications/video/vlc/default.nix @@ -21,11 +21,11 @@ assert (withQt5 -> qtbase != null && qtsvg != null && qtx11extras != null); stdenv.mkDerivation rec { name = "vlc-${version}"; - version = "3.0.4"; + version = "3.0.5"; src = fetchurl { url = "http://get.videolan.org/vlc/${version}/${name}.tar.xz"; - sha256 = "17jsq0zqpqyxw4ckvjba0hf6zk8ywc4wf8sy3z03hh3ij0vxpwq1"; + sha256 = "1nvj00khy08sing0mdnw6virmiq579mrk5rvpx9710nlxggqgh7m"; }; # VLC uses a *ton* of libraries for various pieces of functionality, many of From 4345715025d618689edeb66dfa1f33557d426a20 Mon Sep 17 00:00:00 2001 From: Jean-Philippe Cugnet Date: Wed, 26 Dec 2018 16:09:12 +0100 Subject: [PATCH 11/76] elixir_1_8: init at 1.8.0-rc.1 --- pkgs/development/beam-modules/default.nix | 5 +++++ pkgs/development/interpreters/elixir/1.8.nix | 7 +++++++ pkgs/top-level/all-packages.nix | 2 +- pkgs/top-level/beam-packages.nix | 3 ++- 4 files changed, 15 insertions(+), 2 deletions(-) create mode 100644 pkgs/development/interpreters/elixir/1.8.nix diff --git a/pkgs/development/beam-modules/default.nix b/pkgs/development/beam-modules/default.nix index c5be1c78a55..94ffa32a678 100644 --- a/pkgs/development/beam-modules/default.nix +++ b/pkgs/development/beam-modules/default.nix @@ -44,6 +44,11 @@ let # BEAM-based languages. elixir = elixir_1_7; + elixir_1_8 = lib.callElixir ../interpreters/elixir/1.8.nix { + inherit rebar erlang; + debugInfo = true; + }; + elixir_1_7 = lib.callElixir ../interpreters/elixir/1.7.nix { inherit rebar erlang; debugInfo = true; diff --git a/pkgs/development/interpreters/elixir/1.8.nix b/pkgs/development/interpreters/elixir/1.8.nix new file mode 100644 index 00000000000..65c008f8ac6 --- /dev/null +++ b/pkgs/development/interpreters/elixir/1.8.nix @@ -0,0 +1,7 @@ +{ mkDerivation }: + +mkDerivation rec { + version = "1.8.0-rc.1"; + sha256 = "06k9q46cwn79ic6kw0b0mskf9rqlgm02jb8n1ajz55kmw134kq6m"; + minimumOTPVersion = "20"; +} diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 2bcb2803c0e..7917ccffd13 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -7697,7 +7697,7 @@ in inherit (beam.interpreters) erlang erlangR18 erlangR19 erlangR20 erlangR21 erlang_odbc erlang_javac erlang_odbc_javac erlang_nox erlang_basho_R16B02 - elixir elixir_1_7 elixir_1_6 elixir_1_5 elixir_1_4 elixir_1_3 + elixir elixir_1_8 elixir_1_7 elixir_1_6 elixir_1_5 elixir_1_4 elixir_1_3 lfe lfe_1_2; inherit (beam.packages.erlang) diff --git a/pkgs/top-level/beam-packages.nix b/pkgs/top-level/beam-packages.nix index 85bdc59e6db..8255a2223f9 100644 --- a/pkgs/top-level/beam-packages.nix +++ b/pkgs/top-level/beam-packages.nix @@ -61,7 +61,8 @@ rec { # Other Beam languages. These are built with `beam.interpreters.erlang`. To # access for example elixir built with different version of Erlang, use # `beam.packages.erlangR19.elixir`. - inherit (packages.erlang) elixir elixir_1_7 elixir_1_6 elixir_1_5 elixir_1_4 elixir_1_3; + inherit (packages.erlang) + elixir elixir_1_8 elixir_1_7 elixir_1_6 elixir_1_5 elixir_1_4 elixir_1_3; inherit (packages.erlang) lfe lfe_1_2; }; From 6da4584acf4478b04457d57f3881b3aca7d3f7b6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Domen=20Ko=C5=BEar?= Date: Thu, 3 Jan 2019 16:31:00 +0000 Subject: [PATCH 12/76] Elm: automate packaging with elm2nix - rewrite documentation - automate whole process into update.sh - remove all legacy snippets --- doc/package-notes.xml | 18 ++--- pkgs/development/compilers/elm/README.md | 24 +++++++ pkgs/development/compilers/elm/default.nix | 54 +-------------- pkgs/development/compilers/elm/elm2nix.rb | 26 -------- .../compilers/elm/packages/elm-elm.nix | 50 -------------- .../compilers/elm/packages/elm-srcs.nix | 62 ++++++++++++++++++ .../compilers/elm/packages/elm.nix | 1 + pkgs/development/compilers/elm/update.sh | 9 ++- pkgs/development/compilers/elm/versions.dat | Bin 83377 -> 94810 bytes 9 files changed, 104 insertions(+), 140 deletions(-) create mode 100644 pkgs/development/compilers/elm/README.md delete mode 100755 pkgs/development/compilers/elm/elm2nix.rb delete mode 100644 pkgs/development/compilers/elm/packages/elm-elm.nix create mode 100644 pkgs/development/compilers/elm/packages/elm-srcs.nix diff --git a/doc/package-notes.xml b/doc/package-notes.xml index 803d343aa09..e23593107d8 100644 --- a/doc/package-notes.xml +++ b/doc/package-notes.xml @@ -307,23 +307,19 @@ packageOverrides = pkgs: { +
Elm - The Nix expressions for Elm reside in - pkgs/development/compilers/elm. They are generated - automatically by update-elm.rb script. One should specify - versions of Elm packages inside the script, clear the - packages directory and run the script from inside it. - elm-reactor is special because it also has Elm package - dependencies. The process is not automated very much for now -- you should - get the elm-reactor source tree (e.g. with - nix-shell) and run elm2nix.rb inside - it. Place the resulting package.nix file into - packages/elm-reactor-elm.nix. + To update Elm compiler, see nixpkgs/pkgs/development/compilers/elm/README.md. + + + + To package Elm applications, read about elm2nix.
+
Interactive shell helpers diff --git a/pkgs/development/compilers/elm/README.md b/pkgs/development/compilers/elm/README.md new file mode 100644 index 00000000000..f0254d0f954 --- /dev/null +++ b/pkgs/development/compilers/elm/README.md @@ -0,0 +1,24 @@ +# To update Elm: + +Modify revision in ./update.sh and run it + +# Notes about the build process: + +The elm binary embeds a piece of pre-compiled elm code, used by 'elm +reactor'. This means that the build process for 'elm' effectively +executes 'elm make'. that in turn expects to retrieve the elm +dependencies of that code (elm/core, etc.) from +package.elm-lang.org, as well as a cached bit of metadata +(versions.dat). + +The makeDotElm function lets us retrieve these dependencies in the +standard nix way. we have to copy them in (rather than symlink) and +make them writable because the elm compiler writes other .dat files +alongside the source code. versions.dat was produced during an +impure build of this same code; the build complains that it can't +update this cache, but continues past that warning. + +Finally, we set ELM_HOME to point to these pre-fetched artifacts so +that the default of ~/.elm isn't used. + +More: https://blog.hercules-ci.com/elm/2019/01/03/elm2nix-0.1/ diff --git a/pkgs/development/compilers/elm/default.nix b/pkgs/development/compilers/elm/default.nix index 47a0d459a93..3c8ae70981e 100644 --- a/pkgs/development/compilers/elm/default.nix +++ b/pkgs/development/compilers/elm/default.nix @@ -2,54 +2,6 @@ , haskell, nodejs , fetchurl, fetchpatch, makeWrapper, git }: -# To update: - -# 1) Modify ./update.sh and run it - -# 2) to generate versions.dat: -# 2.1) git clone https://github.com/elm/compiler.git -# 2.2) cd compiler -# 2.3) cabal2nix --shell . | sed 's/"default",/"ghc822",/' > shell.nix -# 2.4) nix-shell -# 2.5) mkdir .elm -# 2.6) export ELM_HOME=$(pwd)/.elm -# 2.7) cabal build -# 2.8) cp .elm/0.19.0/package/versions.dat ... - -# 3) generate a template for elm-elm.nix with: -# ( -# echo "{"; -# jq '.dependencies | .direct, .indirect | to_entries | .[] | { (.key) : { version : .value, sha256: "" } } ' \ -# < ui/browser/elm.json \ -# | sed 's/:/ =/' \ -# | sed 's/^[{}]//' \ -# | sed -E 's/(["}]),?$/\1;/' \ -# | sed -E 's/"(version|sha256)"/\1/' \ -# | grep -v '^$'; -# echo "}" -# ) -# -# ... then fill in the sha256s - -# Notes: - -# the elm binary embeds a piece of pre-compiled elm code, used by 'elm -# reactor'. this means that the build process for 'elm' effectively -# executes 'elm make'. that in turn expects to retrieve the elm -# dependencies of that code (elm/core, etc.) from -# package.elm-lang.org, as well as a cached bit of metadata -# (versions.dat). - -# the makeDotElm function lets us retrieve these dependencies in the -# standard nix way. we have to copy them in (rather than symlink) and -# make them writable because the elm compiler writes other .dat files -# alongside the source code. versions.dat was produced during an -# impure build of this same code; the build complains that it can't -# update this cache, but continues past that warning. - -# finally, we set ELM_HOME to point to these pre-fetched artifacts so -# that the default of ~/.elm isn't used. - let fetchElmDeps = import ./fetchElmDeps.nix { inherit stdenv lib fetchurl; }; hsPkgs = haskell.packages.ghc822.override { @@ -58,8 +10,8 @@ let elm = overrideCabal (self.callPackage ./packages/elm.nix { }) (drv: { # sadly with parallelism most of the time breaks compilation enableParallelBuilding = false; - preConfigure = fetchElmDeps { - elmPackages = (import ./packages/elm-elm.nix); + preConfigure = self.fetchElmDeps { + elmPackages = (import ./packages/elm-srcs.nix); versionsDat = ./versions.dat; }; buildTools = drv.buildTools or [] ++ [ makeWrapper ]; @@ -75,8 +27,6 @@ let ''; }); - - /* The elm-format expression is updated via a script in the https://github.com/avh4/elm-format repo: `pacakge/nix/build.sh` diff --git a/pkgs/development/compilers/elm/elm2nix.rb b/pkgs/development/compilers/elm/elm2nix.rb deleted file mode 100755 index fab5551ca15..00000000000 --- a/pkgs/development/compilers/elm/elm2nix.rb +++ /dev/null @@ -1,26 +0,0 @@ -#!/usr/bin/env ruby - -require 'json' - -system("elm-package install -y") -depsSrc = JSON.parse(File.read("elm-stuff/exact-dependencies.json")) -deps = Hash[ depsSrc.map { |pkg, ver| - url = "https://github.com/#{pkg}/archive/#{ver}.tar.gz" - sha256 = `nix-prefetch-url #{url}` - - [ pkg, { version: ver, - sha256: sha256.strip - } - ] -} ] - -File.open("package.nix", 'w') do |file| - file.puts "{" - for pkg, info in deps - file.puts " \"#{pkg}\" = {" - file.puts " version = \"#{info[:version]}\";" - file.puts " sha256 = \"#{info[:sha256]}\";" - file.puts " };" - end - file.puts "}" -end diff --git a/pkgs/development/compilers/elm/packages/elm-elm.nix b/pkgs/development/compilers/elm/packages/elm-elm.nix deleted file mode 100644 index a38e21daa06..00000000000 --- a/pkgs/development/compilers/elm/packages/elm-elm.nix +++ /dev/null @@ -1,50 +0,0 @@ -{ - "elm/browser" = { - version = "1.0.0"; - sha256 = "1apmvyax93nvmagwj00y16zx10kfv640cxpi64xgqbgy7d2wphy4"; - }; - "elm/core" = { - version = "1.0.0"; - sha256 = "10kr86h4v5h4p0586q406a5wbl8xvr1jyrf6097zp2wb8sv21ylw"; - }; - "elm/html" = { - version = "1.0.0"; - sha256 = "1n3gpzmpqqdsldys4ipgyl1zacn0kbpc3g4v3hdpiyfjlgh8bf3k"; - }; - "elm/http" = { - version = "1.0.0"; - sha256 = "1igmm89ialzrjib1j8xagkxalq1x2gj4l0hfxcd66mpwmvg7psl8"; - }; - "elm/json" = { - version = "1.0.0"; - sha256 = "1g0hafkqf2q633r7ir9wxpb1lnlzskhpsyi0h5bkzj0gl072zfnb"; - }; - "elm/project-metadata-utils" = { - version = "1.0.0"; - sha256 = "1d4rd4grrnbdvj9gf00h7dr6hbkjzawgkzpizfrkp1z1pyr3mvq9"; - }; - "elm/svg" = { - version = "1.0.0"; - sha256 = "08x0v8p9wm699jjmsnbq69pxv3jh60j4f6fg7y6hyr7xxj85y390"; - }; - "elm-explorations/markdown" = { - version = "1.0.0"; - sha256 = "0k3110ixa4wwf3vkkdplagwah9ypr965qxr1y147rnsc1xsxmr6y"; - }; - "elm/parser" = { - version = "1.0.0"; - sha256 = "0k4zlq30lrvawqvzwbvsl0hrmwf9s832mb41z7fdspm4549dj7wc"; - }; - "elm/time" = { - version = "1.0.0"; - sha256 = "0vch7i86vn0x8b850w1p69vplll1bnbkp8s383z7pinyg94cm2z1"; - }; - "elm/url" = { - version = "1.0.0"; - sha256 = "0av8x5syid40sgpl5vd7pry2rq0q4pga28b4yykn9gd9v12rs3l4"; - }; - "elm/virtual-dom" = { - version = "1.0.0"; - sha256 = "0hm8g92h7z39km325dlnhk8n00nlyjkqp3r3jppr37k2k13md6aq"; - }; -} diff --git a/pkgs/development/compilers/elm/packages/elm-srcs.nix b/pkgs/development/compilers/elm/packages/elm-srcs.nix new file mode 100644 index 00000000000..e1f941626dd --- /dev/null +++ b/pkgs/development/compilers/elm/packages/elm-srcs.nix @@ -0,0 +1,62 @@ +{ + + "elm-explorations/markdown" = { + sha256 = "0k3110ixa4wwf3vkkdplagwah9ypr965qxr1y147rnsc1xsxmr6y"; + version = "1.0.0"; + }; + + "elm/json" = { + sha256 = "1g0hafkqf2q633r7ir9wxpb1lnlzskhpsyi0h5bkzj0gl072zfnb"; + version = "1.0.0"; + }; + + "elm/html" = { + sha256 = "1n3gpzmpqqdsldys4ipgyl1zacn0kbpc3g4v3hdpiyfjlgh8bf3k"; + version = "1.0.0"; + }; + + "elm/svg" = { + sha256 = "08x0v8p9wm699jjmsnbq69pxv3jh60j4f6fg7y6hyr7xxj85y390"; + version = "1.0.0"; + }; + + "elm/project-metadata-utils" = { + sha256 = "1d4rd4grrnbdvj9gf00h7dr6hbkjzawgkzpizfrkp1z1pyr3mvq9"; + version = "1.0.0"; + }; + + "elm/browser" = { + sha256 = "1apmvyax93nvmagwj00y16zx10kfv640cxpi64xgqbgy7d2wphy4"; + version = "1.0.0"; + }; + + "elm/core" = { + sha256 = "10kr86h4v5h4p0586q406a5wbl8xvr1jyrf6097zp2wb8sv21ylw"; + version = "1.0.0"; + }; + + "elm/http" = { + sha256 = "1igmm89ialzrjib1j8xagkxalq1x2gj4l0hfxcd66mpwmvg7psl8"; + version = "1.0.0"; + }; + + "elm/parser" = { + sha256 = "0k4zlq30lrvawqvzwbvsl0hrmwf9s832mb41z7fdspm4549dj7wc"; + version = "1.0.0"; + }; + + "elm/url" = { + sha256 = "0av8x5syid40sgpl5vd7pry2rq0q4pga28b4yykn9gd9v12rs3l4"; + version = "1.0.0"; + }; + + "elm/time" = { + sha256 = "0vch7i86vn0x8b850w1p69vplll1bnbkp8s383z7pinyg94cm2z1"; + version = "1.0.0"; + }; + + "elm/virtual-dom" = { + sha256 = "0hm8g92h7z39km325dlnhk8n00nlyjkqp3r3jppr37k2k13md6aq"; + version = "1.0.0"; + }; +} diff --git a/pkgs/development/compilers/elm/packages/elm.nix b/pkgs/development/compilers/elm/packages/elm.nix index 41998f4c9b3..67e63ea2b8e 100644 --- a/pkgs/development/compilers/elm/packages/elm.nix +++ b/pkgs/development/compilers/elm/packages/elm.nix @@ -13,6 +13,7 @@ mkDerivation { url = "https://github.com/elm/compiler"; sha256 = "13jks6c6i80z71mjjfg46ri570g5ini0k3xw3857v6z66zcl56x4"; rev = "d5cbc41aac23da463236bbc250933d037da4055a"; + fetchSubmodules = true; }; isLibrary = false; isExecutable = true; diff --git a/pkgs/development/compilers/elm/update.sh b/pkgs/development/compilers/elm/update.sh index 2b5d85feeb2..920b95e5ad9 100755 --- a/pkgs/development/compilers/elm/update.sh +++ b/pkgs/development/compilers/elm/update.sh @@ -1 +1,8 @@ -cabal2nix https://github.com/elm/compiler --revision 32059a289d27e303fa1665e9ada0a52eb688f302 > packages/elm.nix +#!/usr/bin/env nix-shell +#!nix-shell -p cabal2nix elm2nix -i bash ../../.. + +cabal2nix https://github.com/elm/compiler --revision d5cbc41aac23da463236bbc250933d037da4055a > packages/elm.nix +elm2nix snapshot > versions.dat +pushd "$(nix-build -A elmPackages.elm.src --no-out-link ../../../..)/ui/browser" + elm2nix convert > $OLDPWD/packages/elm-srcs.nix +popd diff --git a/pkgs/development/compilers/elm/versions.dat b/pkgs/development/compilers/elm/versions.dat index 824ab383057f2138d4dcd431b52851a2e6b8b127..9dcfd8a2808f666b0cff1a54b79a6543e46451d9 100644 GIT binary patch delta 11082 zcmdnk&3fwzs{jKS$c2C@1~%o10&0^r0tF|!^RY28Gcz%>OgtbtF^_lhjCS71N38`W zPL&g2Wn^GrWMp7sU|c6)S~=i-ITw&@%`kV)A%Q^W>T8W zAtK1c$Tayblf~o+4!+4xn1m)9G0RLYixin$%EG@nk6DcgEODJxX!1tZ8g3qtu?2}m zC7H?78Lb$_Cxaw(*#sv`2=K8oGJ?$VWBWh3VvG1>a}I&YdF+{dDX9gic`2!RCAuZ4 z6(y4$PY6%eW#^xKja_VVm=7NZ6C)D?0}~^|WCIRy9R5JOXt?1+joC1@DIb0_P&xF`k#vw8}V-_FS=A|4;lV2Ng zbAyADiGh)cfeB>8E z0Th8uj0{YSjF4#Dtj5j4$i>Xa$iN5!Op^_HmQ3ExEi~DJSA6ns9x)AGWIaqw3{1=n zOw5c-%uGxy3`{IgQlXLl$HecoU zVVv&kz{ofGi~#RsOTn1QmV$hYmXi~OMJIO%DuDw#N|1N*A;GB0->pR^cL?%Mwi1d0 zraA85Hm>35~VQFGsNoLyQz$)R%AjuwKe}66y zM?YQ1U>9AN5U4}>3W_rGi!w_pbqh;VOH-ku%*#k80?85k!o6cd@;E#@%!#Cf5~ z9^%52--_Lz&Y{mJH2Jo;A}D)^vwP*|1?88+T*D3u%&hW~$&Pb{C%a1sOqP@Q!3WCB z@SMytSz0pFffM3tW(Ecp5MpFyU|<6wMo^-GIE}-*D6t~HC=r(5!I>gAv7{)oLN{^p zyEW32mq=QwaC(;(6{Y4G8W}@$F^FXArWEBDq~w?9=_cprl_X~7O>X26nS57rPCc7X zW>QjVE>tBi$gSW^T#}g&OAS!Bf)Xt_^+DC5>I9c6MX4!CIf=>HB}J*JuoTAuDYih_ z43zdkG!p|e6UdVc3=EUYrFz);KuQ=GCp&hF@i8*6GBB_*LcKm&QhEzGecX_q0Zu#j zWW**6aKX*hvP_JkqM#D2Br`X)ATv2TwMaK7H9awTGGnj!#$xU+A(<96n z1t;H<6PUcq(|U5JqQGWpd3Q!JQIJ>D@{4j4OG;8xz$K8bp(VHwdauAQA&*76B(=C? zIzK<7EXb6}NeXi&Ur=CU%gHZ6(l}XOnRWV6O-8}VD>b<%zf(|T6rL=gXvWAf`J$ZU zWCJDE$w`W~laozErgOVQP5xmnIC+h#z~l=Gtn5Yk zIXOv*MUyYQlLmQ#6I{XWno5}$zPObN`n$2BLf>FBO4wdcywhtn8971K79;cI z|3)36?2t?dsd7Pa#mKpH ze8{X5MPTy#U2K#6%_Sx;GB=+b zWzNgT3(9-o;;1M;r+9LHr1a!4b3v$ZYEEiyYFn7$DWF&$u0+)B7rX3>_10yp7Bg@;g(#4Ge66{5oHbzFM>sb?v^2>dp9B|p3QIeaZTb@~x z0Zt^K24WzG=;TRGLX(@F)_dQsdlk;;X z8y*pvEbYNFIo$ohWC_GFo8$;n+D z+>;;rluiygD6%=-mxXb1hA`jcGC$?X>C*)#FY&uS*>jbED5&@VJD-UW+D!qqOa+6a zChznYo4h*Tr#?2{#egeNZuV4chu5FjiBD#epai%arzb)i{*asrnq6BEN^ zkk-HeF-F13wmalR85!9iHh>B!P-bCbW?%-ZSrCxV4Nep3srfni$&(MTicb!JSTX&z z7^BE!jlgh5zR3-NqM|Ge%*bsFHU=g(s3GeEWxyq!M3Arm*f3CsLN~26FE2G`@`6aw z$zD77CN~93O@1G^3Bxm2f?Ovrn;|t><1*j$J^YM3U>`~bi%q|%%qRlp1P8ZIULVM6 zT%MX#oS&SXTB4hrlbM9fuj5d>}hUGg8Ffa%( zG6*s-2r@DVF)#=*G6*p;3NtVWGcbxUFo=Q>qbLKDC?kUy1A`a?qZlKDI0J(O1A`<3 zgCrw^6a$0QWP@<2$ui-M%3MiBiN%>Ync47WpkQXPZb4#kae01Gif(pZe);5$0m75# zhJOX;p1Bb>C;yzyJ9&XU*W`#u-pSJ=dnZ4eD!|0VyxAa%71U2KitUCr9N7ZBEP5V;15}NzBVlEJ{vHf||oOJwc68 zbh?ciBll#fJpRdxbN!}&mtYi_+>jtTdHqH9$x?apASX@!_l%7L+^GZwXHcHG3TsMY zadHOK7&b^j3FRSL3ypabVL=SaRLYc`cmI^a+PYx6k=4A!dprDXvU|?Yc$!#t#tY(Cn2C@efYz)lc_619E z{^af4f|KitHK(7pVC0+pu9$!G!Qv}Syx_h~a#3bUYEdS*Z^O!xQeK$@>PAmqT~@8k zk(!cHnUk0YE8f6mNLo&2fo@`6W^N+57&GvYnXF!3ES8g;4+{!jNKoiz=A}%&xJY!e zeFfjgO7tD|$t!Ajn3F-J_H9WJn+etoTv1~Q&JU+* zcvwL7?)3jsjM9_&Y9%Mnk>#6gR67yeV_8wdGx=6+=;W1O1t(k8Damp{x_O{14v8>u zp9+-M85vkM$JH@2O}_q4WU^(0=;ZbW5k}t0a~f0_Stc7a$W6Y}AjHT&`F(>H6BEm1 z!v@*Ori~KQd({~ss<+Asf(ozAvm3pb8F?l@Yf)rm18Y-m6`IT;!pF?SzzpI~Zx>>e zm|WS~#K<%GPpcx-Y|FMOjQo?&wP`VNFoMk%X&0J2D@A0od3)mIAJcicK#3g`Welt! zLnfbU-#1x8K!AyfY4ZLC*~wcvyczi?b!tIPbL(_f1T~95gBqab8&Zh|X=Q=>f0J63 zC-3SMoVZzJvVMoyM^50S}=T@sUvy6mSbyD$oZ zIBcxtsY&TMlM{PYH~;B+!wepx`PQd7dF3y@$y)s`GF+*-1tpbfIf=!vc;|$a6~$%g zlOHY?+nnF8#ta^qST-qovh`#^DR$6kSTVfM%bQo4o0M9lTU?qpIe(hyX8y@0Ot4Nn zxGZ5{nd~<;aq^4@B9p&Q;hTJJ>UBom$u(}$-0TcY>;dzpu_+PBS;YkZksWIT1cP@eX`8#FT6Zysfi^SsYRK| z`FX_?Wuzugogz3{dN$`|fjL^>@g$H=Q2PNI#*@9~WGV5dWu}#6=z?0Tr8$Z4CID}8 zer{4`ULvRsvi_~;xbn=j1S%Q)F7M|^VIeBsGk=DC80xInoSRvJt`KTmS9{QLlM zP){D5;Tb?_0X){l0&1-$&Xb-zV}2i~VKCWzf!gG2ntYSZ7YI&%CoDDDqnu}Q=7KIM zaNP#-DX6IfY3wjDFo0Uylj9eNPgYzwg_{dhqURf3~owig2oRslP5ctiA>gAqzKMtk&7&3xYAQgic5%Zrp*l5+C%ColXeIeGUY1#m{)y@;C&+`TR-O3j1xD1{fxG4f3|TCBpx z$il?P!aO-_vHIj+l3bGwT(~A5U(7#w?&9@~+>?Em$T6`nOy0j(W^&sS3r69|`%@HF&C`~4G1~BCBxdL573CKf zrzXKhe?b*bN`5lR=nSau0ZP=23@nhu1nMA2E`KJ)laW}Io0MOioRO1{Y=Ca+fA}PW~3$;WkG|H8{9L1l;hw*FO8M_oA<6TVU$D} z#^VMJ3Z>{KCnjg4PG{6-l$iW}rTpaAMgo%$oM2&MV4N(s>L|$Y$?B^`CNr(}oqU`F zTz4@tO_pCRGr4@VHcVDR9OSF?)coAklA=o8f}+%-)ST4B;?&6(ABatUy;^wkk<}7V z#gdcPF6W2z2zITK1Tw$-B+uzyk%A>*E=PCkL8}PF}ZO zV)_dmMqzfg%>0zpvf|17O;VF1t9T}#TdxQ%{vZ<&pnmFP`3;hrc{eaJPR^e%uE3L7 zoS2wgoLZTiUs?o>C;pVwf}+&qM9}csWPx(A$x0hR-7o&hT^ofbr*8}fmo#t#nHZQh zAKbWw5fqM_n>W`pPe07eD8kK^m6@Jcl%8LlSTs5HfX-y$?Y^KE_GGIMJd?|}hk(aY zAf*+kTg%AA%rH5ByV&Fp+Xdj=K=BTmlA2VS4j#cS-_FMY4%?#C!pY|aMLEF3G@yR4zz(U&Yj!LH*ZZ+M!$7Tu$vr!H zC!gLa01}ht%F0dGO({(*f|t2m=|%aa1-dzz(;2N9MJGSsDK8H#^+C=C8w{Td0FCT3 zFi*a}Q*^S%E`iA}wfQ%@?7GT~R?LH&4U<3a6`O3oFHe>$D?cwkF{vm&5!U$RO3u&C zO)SYTPE7%gLruQ1kAL#seZ>l#S@}gNmAU!(u*}a=keQPPjV#cZpT_=clNC1cZRR{6 z!iY4cq;Sv#JZ+P4Pz5Qq1e+H!M&T0goa`T04;6BDIC5h#l!1hoJnQkIxg znmYO5!BdRflY0(Hu!BlTMh2G2iw-r)aAcJhm!#+C!^Yvk5mTO;lv0#gHu=JTsmaQR z;Fr6zAXmdwJOkyS%`PdmbW+q1F$p&YoC;vaQov~u`_Oq#sj53q;&dN=;IDec`V$uaC7SQ6CoX#fAC^C85MZU@JFStyO+$RoZ2VMNj$OCHs^RqHCvN14%#)_FhP62Cse}PpR z)R}~)1<#?2S6crgmHnbkR zElJHS08J?v?h>9n=eFSHgE#q*%K(U3ObiU0@7(cY1UHZ??ukzhx+gKY_Nw6IihG)q zZ~hnDy#C%M#>rpTh-@x;@RSi=7+!xYw7K>X7bB!z0kyPC3#J!{FiK25r^Pe*`eUKV z?T=SMhSf_mCmU`Sn|$N3;N(_SF-D=u9#4#!SQ#cid?Yn_$`eUOfywKh=o)~c4HBAM zxv4q%dAd3IWw3Arw+7M^lXMdcG9hXhxF)ZABF)Usz%cpt6HQ2L3S4IeH}S-uP6ai| zH}8GAnvs!fa^`bsW@bjF$t};5C-3^lJ()jiqet``E(K_gI6mzSbj03LJ$ z7kAn(_$Q~oaD$9ef@2YpE+#j=kYp5??r6p+4j#|i_hK?=dPrz<>`M)%$>{-n0t_sS z44`f;sET7?U}l^g_*!c6uGimWIdV%f5>s+gE1@2NHerf0bc^y!C;yL=#83erq9`wd zHu*Qaxda+f+&t~ABO|D{p9dcKe)vIj^1o-?pwY>I z_wkTucKaYU`Pv6lQI@>S3|M=NzaSOV{z}Z5e4$iwGWSRO$(JUJgR6D(kDy_LxR26o z(6ZX#qtxWdAALb(iQx1uO-Am?-#(r<6aW<)42+rDYhmdO)-M4=T(Uw&wT zx}mJ#G4jcJKb2uQ9#jf|3UQFl;3;s1$*+FOOm6rYKD}IoQ4pLkKmJr_^ub0+^fEVx+I0{mWsuJ_E zVW9?2nV`}C%)Io;AHT>=Zu=`d`M@6$b}>+BFfvSDkR&?!!ynKv76Yg>V_=$G|5s|V z#@}{E@5vkf-eVM)T>DpM@``^#kbw<&xdqCcphn2CfBujL9dtQ{$Y%EcT8xvUlKG~V zG4f6IVzlDo$|xx*&@D+U&Yu2|g;8{>9V5@w7Dj=|8P5f{Ss38+pi}c0#kL+|WMrN^ z?IIr+BWUiFnVEr^dHMuqM%n3am>Gp&zMMXTnNf7QA`7GFWDg~w?M^I=mWL8h2Fg2N9xF>pQD!PA-nMV#W<0~h$UD7`k5Q2o zROv8I7vN)*oxYoo@v<^+QGRY>QD%NlenDzgGBo3Yn-v+kiOIU)nYx45C8ziEGs=S; zEzHcw$Ta;RKVujupr)VTXB33A0g{VhZ6=lJ&H{|d?EDN2{EQ3&(?9StN=@GR`^I%EUa~;?z9YM34liv;Y+qnK`LNx~WA)`9-?L#mVrV zE~v8&$rF%_kCd3EKNe;*0L9~U6%j@y$OsPebWah+ce0#CmH8!!24+SkPqR?&;^`8RHqHr|T&&y7DjyFfa*%n;DD@)9V!(MW=TtFn$1yB~5QrWRw6+n}Zm9 zkY=N9N@j6MVqP-XM=KQ>MIqTcH8($NdLaj+@bs06jJmKA2~>$@kqxSSS8lW^>nV6e1*->41y1o{pGPpwq>C}M|A85pI zdZHGiDI~HowHSG)Z`5MEJ6%tUk(YzLATb9tLp52jT4s8`Hsd))j>-F%NK8-EWfY&@ zqQfZ2$US|U4x=113nL>$@U#x20I2>FnEqOakrPx7g2f?mk({5CKl$S{vFUSl83iB% z$e^}64_TRX-#di;>q3P=hzTnnl_ z7(kQ3EDX$`(MLu`7DmuAK^8`q>CfyL?b+EX4KgYXGN#M$FzQTKbztn_02kLuMfsBr zrNpK$abQ%O+_6Jw`V|L8Wzd-JbXG^kpvlW4`FO$Ox6p`SoSx&zsLd!aeTE~W7I?yL z`bS4b@yQb2qSN0vGX4@}txC_&fc2cg;hS7s25ur~x-#-j|LVl}YciXI$aD=?M*ivi uE{r1V(D#lGg)8fGeXSGb;n*bVXN2ndwtp8D#;VZGr3n delta 5238 zcmcchgmq&#s{jKSNd5v-46KC{1=J>orVC7TwY|lb^E*f^~zmGB84Q zbF=@Sd@53C@@@|P$%Y)6lTUMqf)z0`GB7eSGBSY_PM*juKDmz5b#eul+~ilBB9ni1 za!*d+7MLuvhmC=Oje(Jkfr*WQ zc{8I>4kOs%D}|*ePZRc=EGi-j7dX~D@`q<>8QQOZC0h)g^q$K;P|M48zb7$=v@ zI!t~qJ7+SFe3uwI$Y-EP0AYBXO+F~U1)LU|6=qCcxt)9RK1H#~_KJ6=OX@T7ZPrm@ zVw~)+$~rkuxf*PLrIx_vP!)H^$&zYwCX1*GG73#rQ#YIZSy_B?nYzlC#n!w~mni11If*E;PKxuTcpqB6C zPOZ7{z-MA$WS(58B{A7oTbR*!a-#Ok$wgY?n{{+587JS;^<DfeR7@lPA8C-|S`L z!Z`Wa1@Xx%Ors`Ss_{%-X(qywk(yXAInhO8vy*uQ^W-a5Qj>RX;G5iRB|bUST6Xg8 z9&Rvuy0!G=PDbv@hpnwQo7osKPOiw~ot(?VIl0}oO$eHPK>^Ijz|6qF%s5%e&S3I# zXOYQTc6^)5?RuCP1t+sO8c()zTrhdg7w*YYPU_R6ycoGA@1M#wS;|Rpa=w%K<{;;1 zOw(7|GICG$bjzCj(%o!wpoh-n-yXu7?L1#GPZyA66rb$m8#8&atjOlAz84v%YZNky zO#T_jJ9&eD%4FXFk;xp_`6u7-=b79Tuxav)zkFPb44~Y{%)rPp`D38yLnS3&kck-H`n8{Yb5|b^r@k~w(R$=6u?EhA5@|<9i&6|TAnI_AGJpe0R5y~@J zKHLSI7*>SxY;Fi|Vw`Ln**n=%fp7BCNP)?(Bh@GSMD;@QF*GAFFoLXQnEW-WVDgJV z!O1nzI*{auEYHly$igr=F-Cl{RZQIE!!f1c9JJXdmW2_Nj<_es#VLa`*rd4olUGFZ zO@7D0#sTsZ6B8rDWcw8P$y?(ECv#lkn{IE%$UFIYg7{>{gn-E#;#nupN)QB>9ea}a zCtLsEn*1!GY4Y5}0ugYQ0GEBt3=E)@2nrm=RK>~RN#fw7>K89O`Dqd;{1hfXOAwxX zHrW+yU|fpebPX9sp~=q^geK>wvQD0z(zH20br%z(>SV2q{K@w+W=>w4`4!}Dp2-`t zZcIMmBr!|Gzk&}1rx{_tPBjS42-Oxa)x1YWp2x4%{>3< z5r&L>leL35CwJxxPF|K*hFaK3WBzQTPm>HOu8JQU-H|9$U zu%_iFmli`a10xgTW{rZQ?3-mOHZe{PyDu^MW#w^3zR4S_v?kxHGH2wQELN>G{Vxk6 z`{c0df74kw8HJ~Ng)s6?F0VN{c}^YwW^KGEe4djAi7WoYkl}*}hS1vV^$+ zNU;bjq&m6KXg=AvsS{jA-)x#a`PM3_$>GhylmAw7ZC=+L%Q#&si;-{g^H!0`$1e+R zp5B_p2+2a=XaN-j;4CE8o)0c6r?qQ>%hGA>{G0EzUtyYDc3f=oudeFJo4ZRU>-TYQ zPUyMDGQHZCk!SL~Nn9)}$@xW-4b_Av-<`xg`N~AS$(DTFV7Bxm9&mOBiMvhWgX@@_ zJE?8*&Mgo{Jd?vFYZ`J-E}pD3*;0*rvi}tE&6g%WW}JL_y4vJ>Q$-kgCV!r)GFf4+ z%w)4^LX3QqJ*R1bd6T9|OpYoLoP1}x=;q7QikKO>C%es31WUEe65>a#a+xL{oGLrL z!k1BE^8Hy&a@?RY3gUT21|}v3Pz16tFo9D86Z_=E`3jR4&7Q)@H@QDmVzU1np~=Rx zWjS*)i%WEi3vx0iZ(J-1vUc+BIXU^2W`{ub$wp=g3%*4P1cE0<3!O3BB)h0L2_n5RmY;vUx_vF|G z5|f=4*n^`5#9p<4ce3SV?#WS$1U6q?@P-*&S4~|aKKbPmA#j*;E_K;lw^W@OoWCdU zToFB4W(nWskd-D(ldoioO!i*GH+k)9ugUDMg(mx~;hikG<~k$K72~A$L@y+Dxo3y5Tgfj9mF)&UR*_<_b!WNm$ z7dP)^oNPW%WHR@5p~>5~x`A!EwN+@c+O~k{9XyN@lc#T+4|0sq!esG%vXk%b z5u9wXch%&Yed3dC_wa$jd~?mdD8|W=2LvZ;9XL06&cUGRZU&6vlUWamOg?;2WU}QU zfyovR_$PB7=G#2?kO|{tmLsyDa)o#LeFa9Y$#zHffg`lzsK{i+qrQ{HE{IOXY-2@lUomsx+DJxX$FP<4KcSPDpJIKM~6`S?+ZFWbu6hlNGLU zO`d*QWb)(FnxJ}Ov+@~1#_8g|jG~j9&ZKJu9-={oG7O za5DIKzMdJkJX!tG>dn579T*w8 zC-*&3+`Qw72jgU~XDOQ@8X$DvgqOrRoznTde~l&KjRK_T?;z072X zx7!%YH-CSd$~gJqd+Etl?@us_O?Lj^G@0>}=;Q?-Dktw)DL6UuBj04}k1mscrU*{{ z`GIfpl8=8Uznsl246eHwSs55v86oMMk!|wF4`P#Ve-fA+WFRt`>9Z_2kK2FN02h;` zpOrz?Fe?KK69dEKb)PjMt<=|_wIPiHP@N5G89^%C$qT-SPj>#&4Q>kE|5CAe+E-`B zP2ZImr*AW66r7y;Q*iR{AH0*NS4mFJ{qc6P^*6!E$A9u~ZvLsyxcU1pKIX~llSC#* z{NvlK`_GaQoU5w->x0wPuK$|g%4PGH|C<;=?T+oc7#W{3f|@bY%~=?Qwx4EZ%*A`a4!eF-F1ZtZaPtRjx)Sdp4jZt%QPYB0kfh%mF#s$xG zeRjsa$tSl8PXEcy$h-X>JL5dY=@qJs0@LLs7};4F8JHOvr_bhOOa_-K(}lShgF!iK z`Wi0AFi^WeaC#6of@7P7 zfrXKAdV(CI?DXZbjNy|tdCQj1`c`I;F@cG2L2`k)Kg`y0;>u<#YjMMyct`6&c$Zy{79c zG2R0S=uG}mAv!%unbB?gX=O$k#_7Lf73JrMiqjcQ7-c433YVDNHAF?6()0B5twX~!Zkh8 zj8SkpuNkA=8vlX?uqS<3dJoUyc=&p&6&!SusjZUv0$*Zb47K zX2qy9{htjZ&-Ck7jC|7-tr@RRkFsI3p1#+HQE5AmE#rM=P~&(zlOtn2BPcIV=Wt>a z5@1iw$<@s&FM+mI1*RW%Vlnm1!AxEPtf)rV1F`WtUXM_$+<0TXE0WcoTEM)Bz( zK8!*vpoZP_g))r7Ahm*=MXAN9C5cHnsgn!2#HMfaVN{shSH!^$>4-5gGBPnuf8)cL zHu+|-;Pf)CxzG>><%-FL4x-Z+g))jyUmnIN1@Sa*IHSPyr(ujz zpyu~<`3OdV>9XOB;*+_L@l6NIg@!Xqf?Dj1pf(e@z0L^g$xUA$&Zr0KJ#SBoVANm) zm37nSL^7sKZrLa}`F|M)E2u(Yo30qem;)+q_!t>MY{~6Aq8P=PrnAK|Dlu|`YsKmJ z#Tj|0`^7T)f<|tpuZd+0XXKgA633`AeM20h$aMQS#%NG=11Xrd$1%!)dcMU|xJ8BQK~SHN7s8@$B~AB*qnt+cQ!abr>h_JR~xGT`Jh^ z7gHIfr+-algw%f1jnWvkr%y{`tcRpLa52cl0ICL=85y=~r!!t+ny!(>ST%WynaK1# zS&Tm?H>ZhAf0fN>F+DVgv1d9@E~5xIEqCWI@=dqTWfTKDHY=AgaB@YSFsMMkmdmKk z$TyuSk5Oy8Q68fT Date: Thu, 3 Jan 2019 22:36:49 -0500 Subject: [PATCH 13/76] bfs: 1.2.4 -> 1.3.1 --- pkgs/tools/system/bfs/default.nix | 16 +++++----------- 1 file changed, 5 insertions(+), 11 deletions(-) diff --git a/pkgs/tools/system/bfs/default.nix b/pkgs/tools/system/bfs/default.nix index 3734fefe60a..3e9210d5b35 100644 --- a/pkgs/tools/system/bfs/default.nix +++ b/pkgs/tools/system/bfs/default.nix @@ -1,23 +1,17 @@ -{ stdenv, fetchFromGitHub, bash }: +{ stdenv, fetchFromGitHub, libcap, acl }: stdenv.mkDerivation rec { name = "bfs-${version}"; - version = "1.2.4"; + version = "1.3.1"; src = fetchFromGitHub { repo = "bfs"; owner = "tavianator"; rev = version; - sha256 = "0nxx2njjp04ik6msfmf07hprw0j88wg04m0q1sf17mhkliw2d78s"; + sha256 = "0gv9hrcsz7miv40v6wmkmb1a58ji5d1dlgwq6gwczd8rzlmhddmc"; }; - postPatch = '' - # Patch tests (both shebangs and usage in scripts) - for f in $(find -type f -name '*.sh'); do - substituteInPlace $f --replace "/bin/bash" "${bash}/bin/bash" - done - ''; - doCheck = true; + buildInputs = stdenv.lib.optionals stdenv.isLinux [ libcap acl ]; makeFlags = [ "PREFIX=$(out)" ]; buildFlags = [ "release" ]; # "release" enables compiler optimizations @@ -30,7 +24,7 @@ stdenv.mkDerivation rec { ''; homepage = https://github.com/tavianator/bfs; license = licenses.bsd0; - platforms = platforms.linux; + platforms = platforms.unix; maintainers = with maintainers; [ yesbox ]; }; } From 4a09853516c44c3ef72b45b2b332519cdccb7f72 Mon Sep 17 00:00:00 2001 From: Albert Safin Date: Fri, 4 Jan 2019 15:55:58 +0700 Subject: [PATCH 14/76] xpointerbarrier: 17.11 -> 18.06 --- pkgs/tools/X11/xpointerbarrier/default.nix | 14 ++++++-------- 1 file changed, 6 insertions(+), 8 deletions(-) diff --git a/pkgs/tools/X11/xpointerbarrier/default.nix b/pkgs/tools/X11/xpointerbarrier/default.nix index 50d0ac4f2b9..435f2b2e980 100644 --- a/pkgs/tools/X11/xpointerbarrier/default.nix +++ b/pkgs/tools/X11/xpointerbarrier/default.nix @@ -1,13 +1,11 @@ -{ stdenv, xorg, fetchFromGitHub }: +{ stdenv, xorg, fetchgit }: stdenv.mkDerivation rec { name = "xpointerbarrier-${version}"; - version = "17.11"; - - src = fetchFromGitHub { - owner = "vain"; - repo = "xpointerbarrier"; + version = "18.06"; + src = fetchgit { + url = "https://www.uninformativ.de/git/xpointerbarrier.git"; rev = "v${version}"; - sha256 = "0s6bd58xjyc2nqzjq6aglx6z64x9xavda3i6p8vrmxqmcpik54nm"; + sha256 = "1k7i641x18qhjm0llsaqn2h2g9k31kgv6p8sildllmbvgxyrgvq7"; }; buildInputs = [ xorg.libX11 xorg.libXfixes xorg.libXrandr ]; @@ -15,7 +13,7 @@ stdenv.mkDerivation rec { makeFlags = "prefix=$(out)"; meta = { - homepage = https://github.com/vain/xpointerbarrier; + homepage = https://uninformativ.de/git/xpointerbarrier; description = "Create X11 pointer barriers around your working area"; license = stdenv.lib.licenses.mit; maintainers = [ stdenv.lib.maintainers.xzfc ]; From 224cd007c1c82ce5f7ad97d657dbfd983be29576 Mon Sep 17 00:00:00 2001 From: Clemens Fruhwirth Date: Tue, 25 Dec 2018 17:45:43 +0100 Subject: [PATCH 15/76] fakeroot: Add sed dependency. --- pkgs/tools/system/fakeroot/default.nix | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/pkgs/tools/system/fakeroot/default.nix b/pkgs/tools/system/fakeroot/default.nix index 8796de4e9e0..1a16a8a34c7 100644 --- a/pkgs/tools/system/fakeroot/default.nix +++ b/pkgs/tools/system/fakeroot/default.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchurl, fetchpatch, getopt, libcap }: +{ stdenv, fetchurl, fetchpatch, getopt, libcap, gnused }: stdenv.mkDerivation rec { version = "1.23"; @@ -29,14 +29,12 @@ stdenv.mkDerivation rec { }) ]; - buildInputs = [ getopt ] + buildInputs = [ getopt gnused ] ++ stdenv.lib.optional (!stdenv.isDarwin) libcap ; postUnpack = '' - for prog in getopt; do - sed -i "s@getopt@$(type -p getopt)@g" ${name}/scripts/fakeroot.in - done + sed -i -e "s@getopt@$(type -p getopt)@g" -e "s@sed@$(type -p sed)@g" ${name}/scripts/fakeroot.in ''; meta = { From fb0e49a9a7af13fd52edba4c51bda191604d10ca Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Domen=20Ko=C5=BEar?= Date: Fri, 4 Jan 2019 13:03:24 +0000 Subject: [PATCH 16/76] elm: get to compile on GHC 8.6.3 --- pkgs/development/compilers/elm/default.nix | 15 +++++---------- .../compilers/elm/packages/tasty-quickcheck.nix | 14 -------------- 2 files changed, 5 insertions(+), 24 deletions(-) delete mode 100644 pkgs/development/compilers/elm/packages/tasty-quickcheck.nix diff --git a/pkgs/development/compilers/elm/default.nix b/pkgs/development/compilers/elm/default.nix index 3c8ae70981e..ba35e093f6a 100644 --- a/pkgs/development/compilers/elm/default.nix +++ b/pkgs/development/compilers/elm/default.nix @@ -4,7 +4,7 @@ let fetchElmDeps = import ./fetchElmDeps.nix { inherit stdenv lib fetchurl; }; - hsPkgs = haskell.packages.ghc822.override { + hsPkgs = haskell.packages.ghc863.override { overrides = self: super: with haskell.lib; let elmPkgs = { elm = overrideCabal (self.callPackage ./packages/elm.nix { }) (drv: { @@ -15,12 +15,7 @@ let versionsDat = ./versions.dat; }; buildTools = drv.buildTools or [] ++ [ makeWrapper ]; - patches = [ - (fetchpatch { - url = "https://github.com/elm/compiler/pull/1784/commits/78d2d8eab310552b1b877a3e90e1e57e7a09ddec.patch"; - sha256 = "0vdhk16xqm2hxw12s1b91a0bmi8w4wsxc086qlzglgnjxrl5b3w4"; - }) - ]; + jailbreak = true; postInstall = '' wrapProgram $out/bin/elm \ --prefix PATH ':' ${lib.makeBinPath [ nodejs ]} @@ -31,16 +26,16 @@ let The elm-format expression is updated via a script in the https://github.com/avh4/elm-format repo: `pacakge/nix/build.sh` */ - elm-format = self.callPackage ./packages/elm-format.nix {}; + elm-format = doJailbreak (self.callPackage ./packages/elm-format.nix {}); + inherit fetchElmDeps; + elmVersion = elmPkgs.elm.version; }; in elmPkgs // { inherit elmPkgs; - elmVersion = elmPkgs.elm.version; # Needed for elm-format indents = self.callPackage ./packages/indents.nix {}; - tasty-quickcheck = self.callPackage ./packages/tasty-quickcheck.nix {}; }; }; in hsPkgs.elmPkgs diff --git a/pkgs/development/compilers/elm/packages/tasty-quickcheck.nix b/pkgs/development/compilers/elm/packages/tasty-quickcheck.nix deleted file mode 100644 index 54235489edf..00000000000 --- a/pkgs/development/compilers/elm/packages/tasty-quickcheck.nix +++ /dev/null @@ -1,14 +0,0 @@ -{ mkDerivation, base, pcre-light, QuickCheck, random, stdenv -, tagged, tasty, tasty-hunit -}: -mkDerivation { - pname = "tasty-quickcheck"; - version = "0.9.2"; - sha256 = "c5920adeab6e283d5e3ab45f3c80a1b011bedfbe4a3246a52606da2e1da95873"; - libraryHaskellDepends = [ base QuickCheck random tagged tasty ]; - testHaskellDepends = [ base pcre-light tasty tasty-hunit ]; - doCheck = false; - homepage = "https://github.com/feuerbach/tasty"; - description = "QuickCheck support for the Tasty test framework"; - license = stdenv.lib.licenses.mit; -} From 89c433fbf1847df041aa5c1e18db53648836ac66 Mon Sep 17 00:00:00 2001 From: geistesk Date: Fri, 4 Jan 2019 13:51:51 +0100 Subject: [PATCH 17/76] cbor: init at 1.0.0 --- .../python-modules/cbor/default.nix | 22 +++++++++++++++++++ pkgs/top-level/python-packages.nix | 2 ++ 2 files changed, 24 insertions(+) create mode 100644 pkgs/development/python-modules/cbor/default.nix diff --git a/pkgs/development/python-modules/cbor/default.nix b/pkgs/development/python-modules/cbor/default.nix new file mode 100644 index 00000000000..360872c0f89 --- /dev/null +++ b/pkgs/development/python-modules/cbor/default.nix @@ -0,0 +1,22 @@ +{ stdenv, buildPythonPackage, fetchPypi }: + +buildPythonPackage rec { + pname = "cbor"; + version = "1.0.0"; + + src = fetchPypi { + inherit pname version; + sha256 = "1dmv163cnslyqccrybkxn0c9s1jk1mmafmgxv75iamnz5lk5l8hk"; + }; + + # Tests are excluded from PyPI and four unit tests are also broken: + # https://github.com/brianolson/cbor_py/issues/6 + doCheck = false; + + meta = with stdenv.lib; { + homepage = https://bitbucket.org/bodhisnarkva/cbor; + description = "Concise Binary Object Representation (CBOR) library"; + license = licenses.asl20; + maintainers = with maintainers; [ geistesk ]; + }; +} diff --git a/pkgs/top-level/python-packages.nix b/pkgs/top-level/python-packages.nix index f00e2b4cb0f..36bd7904ff1 100644 --- a/pkgs/top-level/python-packages.nix +++ b/pkgs/top-level/python-packages.nix @@ -1170,6 +1170,8 @@ in { case = callPackage ../development/python-modules/case {}; + cbor = callPackage ../development/python-modules/cbor {}; + cassandra-driver = callPackage ../development/python-modules/cassandra-driver { }; cccolutils = callPackage ../development/python-modules/cccolutils {}; From 28293fb169ac78df15360c6d98da5022bda8f25a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Domen=20Ko=C5=BEar?= Date: Fri, 4 Jan 2019 13:55:06 +0000 Subject: [PATCH 18/76] fix #52118 --- pkgs/development/compilers/elm/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/development/compilers/elm/default.nix b/pkgs/development/compilers/elm/default.nix index ba35e093f6a..aa8d9da9faa 100644 --- a/pkgs/development/compilers/elm/default.nix +++ b/pkgs/development/compilers/elm/default.nix @@ -26,7 +26,7 @@ let The elm-format expression is updated via a script in the https://github.com/avh4/elm-format repo: `pacakge/nix/build.sh` */ - elm-format = doJailbreak (self.callPackage ./packages/elm-format.nix {}); + elm-format = justStaticExecutables (doJailbreak (self.callPackage ./packages/elm-format.nix {})); inherit fetchElmDeps; elmVersion = elmPkgs.elm.version; From 6acde263185d4e057495aceb7d5e839ce5b093d0 Mon Sep 17 00:00:00 2001 From: Frank Lanitz Date: Fri, 4 Jan 2019 16:58:22 +0100 Subject: [PATCH 19/76] Geany: 1.34 -> 1.34.1 --- pkgs/applications/editors/geany/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/applications/editors/geany/default.nix b/pkgs/applications/editors/geany/default.nix index caead872eb2..9f33bd08489 100644 --- a/pkgs/applications/editors/geany/default.nix +++ b/pkgs/applications/editors/geany/default.nix @@ -3,7 +3,7 @@ with stdenv.lib; let - version = "1.34"; + version = "1.34.1"; in stdenv.mkDerivation rec { @@ -11,7 +11,7 @@ stdenv.mkDerivation rec { src = fetchurl { url = "https://download.geany.org/${name}.tar.bz2"; - sha256 = "63b93d25d037eaffa77895ae6dd29c91bca570e4053eff5cc8490f87e6021f8e"; + sha256 = "e765efd89e759defe3fd797d8a2052afbb4b23522efbcc72e3a72b7f1093ec11"; }; nativeBuildInputs = [ pkgconfig intltool libintl ]; From 3bf0e4efc751b4f8d647c5521f317c44b5f9c4a3 Mon Sep 17 00:00:00 2001 From: John Ericson Date: Sat, 29 Dec 2018 03:25:20 -0500 Subject: [PATCH 20/76] lib: Fix Mingw on 32-bit ARM --- lib/systems/parse.nix | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/lib/systems/parse.nix b/lib/systems/parse.nix index 7db09fc550e..6947d41419e 100644 --- a/lib/systems/parse.nix +++ b/lib/systems/parse.nix @@ -279,8 +279,14 @@ rec { "2" = # We only do 2-part hacks for things Nix already supports if elemAt l 1 == "cygwin" then { cpu = elemAt l 0; kernel = "windows"; abi = "cygnus"; } + # MSVC ought to be the default ABI so this case isn't needed. But then it + # becomes difficult to handle the gnu* variants for Aarch32 correctly for + # minGW. So it's easier to make gnu* the default for the MinGW, but + # hack-in MSVC for the non-MinGW case right here. + else if elemAt l 1 == "windows" + then { cpu = elemAt l 0; kernel = "windows"; abi = "msvc"; } else if (elemAt l 1) == "elf" - then { cpu = elemAt l 0; vendor = "unknown"; kernel = "none"; abi = elemAt l 1; } + then { cpu = elemAt l 0; vendor = "unknown"; kernel = "none"; abi = elemAt l 1; } else { cpu = elemAt l 0; kernel = elemAt l 1; }; "3" = # Awkwards hacks, beware! if elemAt l 1 == "apple" @@ -288,7 +294,7 @@ rec { else if (elemAt l 1 == "linux") || (elemAt l 2 == "gnu") then { cpu = elemAt l 0; kernel = elemAt l 1; abi = elemAt l 2; } else if (elemAt l 2 == "mingw32") # autotools breaks on -gnu for window - then { cpu = elemAt l 0; vendor = elemAt l 1; kernel = "windows"; abi = "gnu"; } + then { cpu = elemAt l 0; vendor = elemAt l 1; kernel = "windows"; } else if hasPrefix "netbsd" (elemAt l 2) then { cpu = elemAt l 0; vendor = elemAt l 1; kernel = elemAt l 2; } else if (elem (elemAt l 2) ["eabi" "eabihf" "elf"]) @@ -324,13 +330,12 @@ rec { else getKernel args.kernel; abi = /**/ if args ? abi then getAbi args.abi - else if isLinux parsed then + else if isLinux parsed || isWindows parsed then if isAarch32 parsed then if lib.versionAtLeast (parsed.cpu.version or "0") "6" then abis.gnueabihf else abis.gnueabi else abis.gnu - else if isWindows parsed then abis.gnu else abis.unknown; }; From 7ce548ef4f6b062ec83d3344df2bd431c639f3d0 Mon Sep 17 00:00:00 2001 From: Will Dietz Date: Fri, 4 Jan 2019 14:08:53 -0600 Subject: [PATCH 21/76] getdns: 1.4.2 -> 1.5.0 https://getdnsapi.net/releases/getdns-1-5-0/ --- pkgs/development/libraries/getdns/default.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/development/libraries/getdns/default.nix b/pkgs/development/libraries/getdns/default.nix index 66fc0138ef9..002c9bc0748 100644 --- a/pkgs/development/libraries/getdns/default.nix +++ b/pkgs/development/libraries/getdns/default.nix @@ -4,11 +4,11 @@ stdenv.mkDerivation rec { pname = "getdns"; name = "${pname}-${version}"; - version = "1.4.2"; + version = "1.5.0"; src = fetchurl { - url = "https://getdnsapi.net/releases/${pname}-1-4-2/${pname}-${version}.tar.gz"; - sha256 = "100fzjpvajvnv0kym8g5lkwyv8w8vhy7g2p0pb2gyz19zqnvi18n"; + url = "https://getdnsapi.net/releases/${pname}-1-5-0/${pname}-${version}.tar.gz"; + sha256 = "577182c3ace919ee70cee5629505581a10dc530bd53fe5c241603ea91c84fa84"; }; nativeBuildInputs = [ libtool m4 autoreconfHook automake file ]; From c1eb0e8ad94b8be9ac842dac195a2bc0413c8795 Mon Sep 17 00:00:00 2001 From: Will Dietz Date: Fri, 4 Jan 2019 14:09:01 -0600 Subject: [PATCH 22/76] stubby: 0.2.3 -> 0.2.4 --- pkgs/tools/networking/stubby/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/tools/networking/stubby/default.nix b/pkgs/tools/networking/stubby/default.nix index 2882ba21739..d8088918f44 100644 --- a/pkgs/tools/networking/stubby/default.nix +++ b/pkgs/tools/networking/stubby/default.nix @@ -4,13 +4,13 @@ stdenv.mkDerivation rec { pname = "stubby"; name = "${pname}-${version}"; - version = "0.2.3"; + version = "0.2.4"; src = fetchFromGitHub { owner = "getdnsapi"; repo = pname; rev = "v${version}"; - sha256 = "1n02dj1hvh0aml54asxj42f0j9wfgiyavbh0gr0j9lm4f2xcd60w"; + sha256 = "1c0jqbxcrwc8kvpx7v0bmdladf20myyi2672r2r87m2q0jvsmgpr"; }; nativeBuildInputs = [ libtool m4 libbsd libyaml autoreconfHook ]; From c789f642f02d8bab42bca6c1bf920e2d916389c7 Mon Sep 17 00:00:00 2001 From: Pierre Bourdon Date: Fri, 4 Jan 2019 02:07:17 +0100 Subject: [PATCH 23/76] kernel/generic.nix: provide required dependencies for GCC plugins builds --- pkgs/os-specific/linux/kernel/generic.nix | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/pkgs/os-specific/linux/kernel/generic.nix b/pkgs/os-specific/linux/kernel/generic.nix index e424dff596d..3f6479c572b 100644 --- a/pkgs/os-specific/linux/kernel/generic.nix +++ b/pkgs/os-specific/linux/kernel/generic.nix @@ -4,6 +4,9 @@ , perl , bison ? null , flex ? null +, gmp ? null +, libmpc ? null +, mpfr ? null , stdenv , # The kernel source tarball. @@ -89,7 +92,7 @@ let passAsFile = [ "kernelConfig" ]; depsBuildBuild = [ buildPackages.stdenv.cc ]; - nativeBuildInputs = [ perl ] + nativeBuildInputs = [ perl gmp libmpc mpfr ] ++ lib.optionals (stdenv.lib.versionAtLeast version "4.16") [ bison flex ]; platformName = stdenv.hostPlatform.platform.name; @@ -112,7 +115,10 @@ let export buildRoot="''${buildRoot:-build}" # Get a basic config file for later refinement with $generateConfig. - make HOSTCC=${buildPackages.stdenv.cc.targetPrefix}gcc -C . O="$buildRoot" $kernelBaseConfig ARCH=$kernelArch + make -C . O="$buildRoot" $kernelBaseConfig \ + ARCH=$kernelArch \ + HOSTCC=${buildPackages.stdenv.cc.targetPrefix}gcc \ + HOSTCXX=${buildPackages.stdenv.cc.targetPrefix}g++ # Create the config file. echo "generating kernel configuration..." From 9dc0d948965ecfa8bae20de5699f7d32cc6707a6 Mon Sep 17 00:00:00 2001 From: Pierre Bourdon Date: Fri, 4 Jan 2019 02:07:53 +0100 Subject: [PATCH 24/76] kernel/hardened-config.nix: re-enable GCC plugins --- .../linux/kernel/hardened-config.nix | 18 ++++++++---------- 1 file changed, 8 insertions(+), 10 deletions(-) diff --git a/pkgs/os-specific/linux/kernel/hardened-config.nix b/pkgs/os-specific/linux/kernel/hardened-config.nix index 84d1dd8a378..2454ecd0b05 100644 --- a/pkgs/os-specific/linux/kernel/hardened-config.nix +++ b/pkgs/os-specific/linux/kernel/hardened-config.nix @@ -103,17 +103,15 @@ PAGE_POISONING_ZERO y PANIC_ON_OOPS y PANIC_TIMEOUT -1 -${optionalString (versionOlder version "4.18") '' - GCC_PLUGINS y # Enable gcc plugin options - # Gather additional entropy at boot time for systems that may not have appropriate entropy sources. - GCC_PLUGIN_LATENT_ENTROPY y +GCC_PLUGINS y # Enable gcc plugin options +# Gather additional entropy at boot time for systems that may not have appropriate entropy sources. +GCC_PLUGIN_LATENT_ENTROPY y - ${optionalString (versionAtLeast version "4.11") '' - GCC_PLUGIN_STRUCTLEAK y # A port of the PaX structleak plugin - ''} - ${optionalString (versionAtLeast version "4.14") '' - GCC_PLUGIN_STRUCTLEAK_BYREF_ALL y # Also cover structs passed by address - ''} +${optionalString (versionAtLeast version "4.11") '' + GCC_PLUGIN_STRUCTLEAK y # A port of the PaX structleak plugin +''} +${optionalString (versionAtLeast version "4.14") '' + GCC_PLUGIN_STRUCTLEAK_BYREF_ALL y # Also cover structs passed by address ''} # Disable various dangerous settings From 0f7ca26a48389bf9133573f5eaf2d7b30cf51625 Mon Sep 17 00:00:00 2001 From: Pierre Bourdon Date: Fri, 4 Jan 2019 02:08:49 +0100 Subject: [PATCH 25/76] kernel/hardened-config.nix: add STACKLEAK plugin on 4.20+ --- pkgs/os-specific/linux/kernel/hardened-config.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/pkgs/os-specific/linux/kernel/hardened-config.nix b/pkgs/os-specific/linux/kernel/hardened-config.nix index 2454ecd0b05..9d28b3edf85 100644 --- a/pkgs/os-specific/linux/kernel/hardened-config.nix +++ b/pkgs/os-specific/linux/kernel/hardened-config.nix @@ -113,6 +113,9 @@ ${optionalString (versionAtLeast version "4.11") '' ${optionalString (versionAtLeast version "4.14") '' GCC_PLUGIN_STRUCTLEAK_BYREF_ALL y # Also cover structs passed by address ''} +${optionalString (versionAtLeast version "4.20") '' + GCC_PLUGIN_STACKLEAK y # A port of the PaX stackleak plugin +''} # Disable various dangerous settings ACPI_CUSTOM_METHOD n # Allows writing directly to physical memory From bb5ebed17f3a6ec2534b2c6666b7d1810e543c88 Mon Sep 17 00:00:00 2001 From: "R. RyanTM" Date: Wed, 2 Jan 2019 11:36:14 -0800 Subject: [PATCH 26/76] python37Packages.faker: 0.9.3 -> 1.0.1 Semi-automatic update generated by https://github.com/ryantm/nixpkgs-update tools. This update was made based on information from https://repology.org/metapackage/python3.7-faker/versions --- pkgs/development/python-modules/faker/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/python-modules/faker/default.nix b/pkgs/development/python-modules/faker/default.nix index 515bd9e99bb..9a46d9611e0 100644 --- a/pkgs/development/python-modules/faker/default.nix +++ b/pkgs/development/python-modules/faker/default.nix @@ -8,11 +8,11 @@ assert pythonOlder "3.3" -> ipaddress != null; buildPythonPackage rec { pname = "Faker"; - version = "0.9.3"; + version = "1.0.1"; src = fetchPypi { inherit pname version; - sha256 = "8c6df7903c7b4a51f4ac273bc5fec79a249e3220c47b35d1ac1175b41982d772"; + sha256 = "067mdy9p1vbkypr3vazmrb0sga6maqbk542hr7hmzcb5lp3dr8sj"; }; buildInputs = [ pytestrunner ]; From e65eb19da524aa3c9a055f7def3a7bac5ca2a297 Mon Sep 17 00:00:00 2001 From: "R. RyanTM" Date: Wed, 2 Jan 2019 14:28:15 -0800 Subject: [PATCH 27/76] plantuml: 1.2018.13 -> 1.2018.14 Semi-automatic update generated by https://github.com/ryantm/nixpkgs-update tools. This update was made based on information from https://repology.org/metapackage/plantuml/versions --- pkgs/tools/misc/plantuml/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/tools/misc/plantuml/default.nix b/pkgs/tools/misc/plantuml/default.nix index c3d3f916d97..19cc8805b1c 100644 --- a/pkgs/tools/misc/plantuml/default.nix +++ b/pkgs/tools/misc/plantuml/default.nix @@ -1,12 +1,12 @@ { stdenv, fetchurl, makeWrapper, jre, graphviz }: stdenv.mkDerivation rec { - version = "1.2018.13"; + version = "1.2018.14"; name = "plantuml-${version}"; src = fetchurl { url = "mirror://sourceforge/project/plantuml/${version}/plantuml.${version}.jar"; - sha256 = "181wm05gp4hs4g0z345pp1x9w1g5bx1vpipkhnwvmy4vdj17b4bg"; + sha256 = "0alsrip25w3hy7h9rryrm7isl6jyk1spdm6bqgbmbscla7vq960y"; }; nativeBuildInputs = [ makeWrapper ]; From b69d3fae737c811be77b7ca743262e12233e5a87 Mon Sep 17 00:00:00 2001 From: "R. RyanTM" Date: Wed, 2 Jan 2019 06:55:02 -0800 Subject: [PATCH 28/76] python37Packages.django_redis: 4.9.1 -> 4.10.0 Semi-automatic update generated by https://github.com/ryantm/nixpkgs-update tools. This update was made based on information from https://repology.org/metapackage/python3.7-django-redis/versions --- pkgs/development/python-modules/django_redis/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/python-modules/django_redis/default.nix b/pkgs/development/python-modules/django_redis/default.nix index e50b1e1cb65..85761be9ba5 100644 --- a/pkgs/development/python-modules/django_redis/default.nix +++ b/pkgs/development/python-modules/django_redis/default.nix @@ -2,11 +2,11 @@ mock, django, redis, msgpack }: buildPythonPackage rec { pname = "django-redis"; - version = "4.9.1"; + version = "4.10.0"; src = fetchPypi { inherit pname version; - sha256 = "93fc0f73b0c1736546a979a4996826b2c430f56f7e4176df40ef53b9cb0e4f36"; + sha256 = "1rxcwnv9ik0swkwvfqdi9i9baw6n8if5pj6q63fjh4p9chw3j2xg"; }; doCheck = false; From 487cbfc5634e1f89eb4a72df9ce8e425a0c999f6 Mon Sep 17 00:00:00 2001 From: "R. RyanTM" Date: Wed, 2 Jan 2019 06:17:39 -0800 Subject: [PATCH 29/76] python37Packages.node-semver: 0.5.1 -> 0.6.1 Semi-automatic update generated by https://github.com/ryantm/nixpkgs-update tools. This update was made based on information from https://repology.org/metapackage/python3.7-node-semver/versions --- pkgs/development/python-modules/node-semver/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/python-modules/node-semver/default.nix b/pkgs/development/python-modules/node-semver/default.nix index 004ec42718e..34a81a66ec9 100644 --- a/pkgs/development/python-modules/node-semver/default.nix +++ b/pkgs/development/python-modules/node-semver/default.nix @@ -1,14 +1,14 @@ { stdenv, fetchPypi, buildPythonPackage, pytest }: buildPythonPackage rec { - version = "0.5.1"; + version = "0.6.1"; pname = "node-semver"; checkInputs = [ pytest ]; src = fetchPypi { inherit pname version; - sha256 = "b87e335179d874a3dd58041198b2715ae70fd20eba81683acde3553c51b28f8e"; + sha256 = "1dv6mjsm67l1razcgmq66riqmsb36wns17mnipqr610v0z0zf5j0"; }; meta = with stdenv.lib; { From eeb35be95dd6cd5d35946a6191e9b9b48703dd00 Mon Sep 17 00:00:00 2001 From: Elis Hirwing Date: Fri, 4 Jan 2019 22:38:14 +0100 Subject: [PATCH 30/76] gitea: 1.6.2 -> 1.6.3 Changelog: https://github.com/go-gitea/gitea/releases/tag/v1.6.3 --- pkgs/applications/version-management/gitea/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/applications/version-management/gitea/default.nix b/pkgs/applications/version-management/gitea/default.nix index eca07b81bac..4579c9a83b5 100644 --- a/pkgs/applications/version-management/gitea/default.nix +++ b/pkgs/applications/version-management/gitea/default.nix @@ -7,13 +7,13 @@ with stdenv.lib; buildGoPackage rec { name = "gitea-${version}"; - version = "1.6.2"; + version = "1.6.3"; src = fetchFromGitHub { owner = "go-gitea"; repo = "gitea"; rev = "v${version}"; - sha256 = "1ijxpihdg8k6gs1xpim0iviqakvjadjzp0a5ki2czykilnyg8y85"; + sha256 = "02d37mh1qxsq9lc9ylk5sgdlc1cgwh6fri077crk43mnyb5lhj3j"; # Required to generate the same checksum on MacOS due to unicode encoding differences # More information: https://github.com/NixOS/nixpkgs/pull/48128 extraPostFetch = '' From fc2a65308f751da93a085626a2e188b9bdc9a007 Mon Sep 17 00:00:00 2001 From: Dmitry Kalinkin Date: Fri, 4 Jan 2019 19:43:23 -0500 Subject: [PATCH 31/76] musescore: switch to QtWebEngine Since version 3.0 it builds with QtWebEngine by default. --- pkgs/applications/audio/musescore/default.nix | 8 ++++-- .../remove_qtwebengine_install_hack.patch | 25 +++++++++++++++++++ 2 files changed, 31 insertions(+), 2 deletions(-) create mode 100644 pkgs/applications/audio/musescore/remove_qtwebengine_install_hack.patch diff --git a/pkgs/applications/audio/musescore/default.nix b/pkgs/applications/audio/musescore/default.nix index 32e121547cb..340978c8183 100644 --- a/pkgs/applications/audio/musescore/default.nix +++ b/pkgs/applications/audio/musescore/default.nix @@ -1,7 +1,7 @@ { stdenv, lib, fetchFromGitHub, cmake, pkgconfig , alsaLib, freetype, libjack2, lame, libogg, libpulseaudio, libsndfile, libvorbis , portaudio, portmidi, qtbase, qtdeclarative, qtscript, qtsvg, qttools -, qtwebkit, qtxmlpatterns +, qtwebengine, qtxmlpatterns }: stdenv.mkDerivation rec { @@ -15,6 +15,10 @@ stdenv.mkDerivation rec { sha256 = "0g8n8xpw5d6wh8bwbvy12sinl9i0ir009sr28i4izr28lr4x8v50"; }; + patches = [ + ./remove_qtwebengine_install_hack.patch + ]; + cmakeFlags = [ ] ++ lib.optional (lib.versionAtLeast freetype.version "2.5.2") "-DUSE_SYSTEM_FREETYPE=ON"; @@ -23,7 +27,7 @@ stdenv.mkDerivation rec { buildInputs = [ alsaLib libjack2 freetype lame libogg libpulseaudio libsndfile libvorbis portaudio portmidi # tesseract - qtbase qtdeclarative qtscript qtsvg qttools qtwebkit qtxmlpatterns + qtbase qtdeclarative qtscript qtsvg qttools qtwebengine qtxmlpatterns ]; meta = with stdenv.lib; { diff --git a/pkgs/applications/audio/musescore/remove_qtwebengine_install_hack.patch b/pkgs/applications/audio/musescore/remove_qtwebengine_install_hack.patch new file mode 100644 index 00000000000..53a0c90ce46 --- /dev/null +++ b/pkgs/applications/audio/musescore/remove_qtwebengine_install_hack.patch @@ -0,0 +1,25 @@ +--- a/mscore/CMakeLists.txt ++++ b/mscore/CMakeLists.txt +@@ -660,22 +660,6 @@ if (MINGW) + else (MINGW) + + if ( NOT MSVC ) +-## install qwebengine core +- if (NOT APPLE AND USE_WEBENGINE) +- install(FILES +- ${QT_INSTALL_LIBEXECS}/QtWebEngineProcess +- DESTINATION bin +- ) +- install(DIRECTORY +- ${QT_INSTALL_DATA}/resources +- DESTINATION lib/qt5 +- ) +- install(DIRECTORY +- ${QT_INSTALL_TRANSLATIONS}/qtwebengine_locales +- DESTINATION lib/qt5/translations +- ) +- endif(NOT APPLE AND USE_WEBENGINE) +- + target_link_libraries(mscore + ${ALSA_LIB} + ${QT_LIBRARIES} From d2114571887bc4fc4d35c63534a303c867927fa6 Mon Sep 17 00:00:00 2001 From: "R. RyanTM" Date: Thu, 3 Jan 2019 03:22:12 -0800 Subject: [PATCH 32/76] libcdr: 0.1.4 -> 0.1.5 Semi-automatic update generated by https://github.com/ryantm/nixpkgs-update tools. This update was made based on information from https://repology.org/metapackage/libcdr/versions --- pkgs/development/libraries/libcdr/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/libraries/libcdr/default.nix b/pkgs/development/libraries/libcdr/default.nix index 5e46f4dc699..456bd4c6703 100644 --- a/pkgs/development/libraries/libcdr/default.nix +++ b/pkgs/development/libraries/libcdr/default.nix @@ -1,11 +1,11 @@ { stdenv, fetchurl, libwpg, libwpd, lcms, pkgconfig, librevenge, icu, boost, cppunit }: stdenv.mkDerivation rec { - name = "libcdr-0.1.4"; + name = "libcdr-0.1.5"; src = fetchurl { url = "https://dev-www.libreoffice.org/src/${name}.tar.xz"; - sha256 = "0vd6likgk51j46llybkx4wq3674xzrhp0k82220pkx9x1aqfi9z7"; + sha256 = "0j1skr11jwvafn0l6p37v3i4lqc8wcn489g8f7c4mqwbk94mrkka"; }; buildInputs = [ libwpg libwpd lcms librevenge icu boost cppunit ]; From 2764297cc5a3a8023bce499d7c37a9dcaffa9d6b Mon Sep 17 00:00:00 2001 From: worldofpeace Date: Thu, 3 Jan 2019 17:29:36 -0500 Subject: [PATCH 33/76] libcdr: disable werror is default So this optional configure flag is uneeded. See: https://github.com/LibreOffice/libcdr/blob/10211e95bb95d05c2261819c88b7f48d9db20b32/NEWS#L5 --- pkgs/development/libraries/libcdr/default.nix | 2 -- 1 file changed, 2 deletions(-) diff --git a/pkgs/development/libraries/libcdr/default.nix b/pkgs/development/libraries/libcdr/default.nix index 456bd4c6703..4c9877cd597 100644 --- a/pkgs/development/libraries/libcdr/default.nix +++ b/pkgs/development/libraries/libcdr/default.nix @@ -18,8 +18,6 @@ stdenv.mkDerivation rec { sed -i 's,^CPPFLAGS.*,\0 -DBOOST_ERROR_CODE_HEADER_ONLY -DBOOST_SYSTEM_NO_DEPRECATED,' src/lib/Makefile.in ''; - configureFlags = stdenv.lib.optional stdenv.cc.isClang "--disable-werror"; - CXXFLAGS="--std=gnu++0x"; # For c++11 constants in lcms2.h meta = { From 678dda92a5d8a9d90fa5cff24d4afaf6c6072633 Mon Sep 17 00:00:00 2001 From: worldofpeace Date: Fri, 4 Jan 2019 17:05:22 -0500 Subject: [PATCH 34/76] libcdr: drop boost159 compat fix --- pkgs/development/libraries/libcdr/default.nix | 6 ------ 1 file changed, 6 deletions(-) diff --git a/pkgs/development/libraries/libcdr/default.nix b/pkgs/development/libraries/libcdr/default.nix index 4c9877cd597..f7276d39b14 100644 --- a/pkgs/development/libraries/libcdr/default.nix +++ b/pkgs/development/libraries/libcdr/default.nix @@ -12,12 +12,6 @@ stdenv.mkDerivation rec { nativeBuildInputs = [ pkgconfig ]; - # Boost 1.59 compatability fix - # Attempt removing when updating - postPatch = '' - sed -i 's,^CPPFLAGS.*,\0 -DBOOST_ERROR_CODE_HEADER_ONLY -DBOOST_SYSTEM_NO_DEPRECATED,' src/lib/Makefile.in - ''; - CXXFLAGS="--std=gnu++0x"; # For c++11 constants in lcms2.h meta = { From e7e18206dd59c78b54b006ef94afe772cc97bbfa Mon Sep 17 00:00:00 2001 From: Michael Weiss Date: Fri, 4 Jan 2019 18:35:40 +0100 Subject: [PATCH 35/76] fuse: 2.9.8 -> 2.9.9 --- pkgs/os-specific/linux/fuse/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/os-specific/linux/fuse/default.nix b/pkgs/os-specific/linux/fuse/default.nix index d712ea99578..e8d272622ce 100644 --- a/pkgs/os-specific/linux/fuse/default.nix +++ b/pkgs/os-specific/linux/fuse/default.nix @@ -6,8 +6,8 @@ let }; in { fuse_2 = mkFuse { - version = "2.9.8"; - sha256Hash = "0s04ln4k9zvvbjih8ybaa19fxg8xv7dcsz2yrlbk35psnf3l67af"; + version = "2.9.9"; + sha256Hash = "1yxxvm58c30pc022nl1wlg8fljqpmwnchkywic3r74zirvlcq23n"; }; fuse_3 = mkFuse { From 2d9d6337f87fec9b46a5fbc01a226b175b770e0a Mon Sep 17 00:00:00 2001 From: Tomas Hlavaty Date: Sat, 5 Jan 2019 05:19:42 +0100 Subject: [PATCH 36/76] sbcl: 1.4.13 -> 1.4.15 --- pkgs/development/compilers/sbcl/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/compilers/sbcl/default.nix b/pkgs/development/compilers/sbcl/default.nix index 1ef6dd06570..3283555cd6e 100644 --- a/pkgs/development/compilers/sbcl/default.nix +++ b/pkgs/development/compilers/sbcl/default.nix @@ -10,11 +10,11 @@ stdenv.mkDerivation rec { name = "sbcl-${version}"; - version = "1.4.13"; + version = "1.4.15"; src = fetchurl { url = "mirror://sourceforge/project/sbcl/sbcl/${version}/${name}-source.tar.bz2"; - sha256 = "120rnnz8367lk7ljqlf8xidm4b0d738xqsib4kq0q5ms5r7fzgvm"; + sha256 = "0bipl4gsvpcifi6vkqm5636i3219mk1bl99px4xh5l1q2g7knv28"; }; buildInputs = [texinfo]; From 21327795ceecd247493782a8cddcdaefb9624cfa Mon Sep 17 00:00:00 2001 From: worldofpeace Date: Sat, 5 Jan 2019 00:03:39 -0500 Subject: [PATCH 37/76] nixos/version: add LOGO to /etc/os-release --- nixos/modules/misc/version.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/nixos/modules/misc/version.nix b/nixos/modules/misc/version.nix index fd77f637272..001505320c0 100644 --- a/nixos/modules/misc/version.nix +++ b/nixos/modules/misc/version.nix @@ -93,6 +93,7 @@ in VERSION_CODENAME=${toLower cfg.codeName} VERSION_ID="${cfg.version}" PRETTY_NAME="NixOS ${cfg.version} (${cfg.codeName})" + LOGO="nix-snowflake" HOME_URL="https://nixos.org/" SUPPORT_URL="https://nixos.org/nixos/support.html" BUG_REPORT_URL="https://github.com/NixOS/nixpkgs/issues" From f24d62c1e90a896a9a5840cf4112b03d7bef01ca Mon Sep 17 00:00:00 2001 From: Vladyslav Mykhailichenko Date: Sat, 5 Jan 2019 11:44:07 +0200 Subject: [PATCH 38/76] gpxsee: 6.3 -> 7.1 --- pkgs/applications/misc/gpxsee/default.nix | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/pkgs/applications/misc/gpxsee/default.nix b/pkgs/applications/misc/gpxsee/default.nix index 50a81890789..5ef64b2b801 100644 --- a/pkgs/applications/misc/gpxsee/default.nix +++ b/pkgs/applications/misc/gpxsee/default.nix @@ -2,20 +2,20 @@ stdenv.mkDerivation rec { name = "gpxsee-${version}"; - version = "6.3"; + version = "7.1"; src = fetchFromGitHub { owner = "tumic0"; repo = "GPXSee"; rev = version; - sha256 = "0kbnmcis04kjqkd0msfjd8rdmdf23c71dpzx9wcpf2yadc9rv4c9"; + sha256 = "1dgag8j3566qwiz1pschfq2wqdp7y1pr4cm9na4zwrdjhn3ci6v5"; }; nativeBuildInputs = [ qmake ]; buildInputs = [ qttools ]; preConfigure = '' - substituteInPlace src/config.h --replace /usr/share/gpxsee $out/share/gpxsee + substituteInPlace src/common/programpaths.cpp --replace /usr/share/ $out/share/ lrelease lang/*.ts ''; @@ -31,11 +31,11 @@ stdenv.mkDerivation rec { enableParallelBuilding = true; meta = with stdenv.lib; { - homepage = http://www.gpxsee.org/; + homepage = https://www.gpxsee.org/; description = "GPX viewer and analyzer"; longDescription = '' GPXSee is a Qt-based GPS log file viewer and analyzer that supports GPX, - TCX, KML, FIT, IGC and NMEA files. + TCX, KML, FIT, IGC, NMEA, SLF, LOC and OziExplorer files. ''; license = licenses.gpl3; maintainers = [ maintainers.womfoo ]; From f94016eb84d10ec0594bfad82017c58ad5c6218f Mon Sep 17 00:00:00 2001 From: Tobias Happ Date: Thu, 27 Dec 2018 03:31:42 +0100 Subject: [PATCH 39/76] pythonPackages.pdf2image: 1.0.0 -> 1.3.1 --- pkgs/development/python-modules/pdf2image/default.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/development/python-modules/pdf2image/default.nix b/pkgs/development/python-modules/pdf2image/default.nix index 1af93531daa..32a4581676b 100644 --- a/pkgs/development/python-modules/pdf2image/default.nix +++ b/pkgs/development/python-modules/pdf2image/default.nix @@ -2,13 +2,13 @@ buildPythonPackage rec { pname = "pdf2image"; - version = "1.0.0"; + version = "1.3.1"; - buildInputs = [ pillow poppler_utils ]; + propagatedBuildInputs = [ pillow poppler_utils ]; src = fetchPypi { inherit pname version; - sha256 = "74607efb48a9e95289148d70af05a53dbef192010a44ac868437fb044842697d"; + sha256 = "0igkzl12582iq6bh6dycw9bcz2459rs6gybq9mranj54yfgjl2ky"; }; meta = with stdenv.lib; { From 8dddd6d4a1a276e00501595f19d6eaaede41c1b1 Mon Sep 17 00:00:00 2001 From: Orivej Desh Date: Sat, 5 Jan 2019 11:19:37 +0000 Subject: [PATCH 40/76] clang-tools: override llvm version in all-packages --- pkgs/development/tools/clang-tools/default.nix | 4 ++-- pkgs/top-level/all-packages.nix | 4 +++- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/pkgs/development/tools/clang-tools/default.nix b/pkgs/development/tools/clang-tools/default.nix index 2ababe85d0c..42bcf7fd055 100644 --- a/pkgs/development/tools/clang-tools/default.nix +++ b/pkgs/development/tools/clang-tools/default.nix @@ -1,7 +1,7 @@ -{ stdenv, writeScript, llvmPackages_latest }: +{ stdenv, writeScript, llvmPackages }: let - clang = llvmPackages_latest.clang-unwrapped; + clang = llvmPackages.clang-unwrapped; version = stdenv.lib.getVersion clang; in diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 8c8b53ffc84..c54b5390350 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -6668,7 +6668,9 @@ in clang_37 = llvmPackages_37.clang; clang_35 = wrapCC llvmPackages_35.clang; - clang-tools = callPackage ../development/tools/clang-tools { }; + clang-tools = callPackage ../development/tools/clang-tools { + llvmPackages = llvmPackages_latest; + }; clang-analyzer = callPackage ../development/tools/analysis/clang-analyzer { }; From 5cefef0d12428771e5fd84c35fe505b1a3e81ac9 Mon Sep 17 00:00:00 2001 From: Jean-Philippe Cugnet Date: Sat, 5 Jan 2019 12:34:35 +0100 Subject: [PATCH 41/76] elixir_1_3: Remove since it is not supported anymore --- pkgs/development/beam-modules/default.nix | 5 ----- pkgs/development/interpreters/elixir/1.3.nix | 7 ------- pkgs/top-level/all-packages.nix | 2 +- pkgs/top-level/beam-packages.nix | 3 +-- 4 files changed, 2 insertions(+), 15 deletions(-) delete mode 100644 pkgs/development/interpreters/elixir/1.3.nix diff --git a/pkgs/development/beam-modules/default.nix b/pkgs/development/beam-modules/default.nix index 94ffa32a678..dd374bcccb4 100644 --- a/pkgs/development/beam-modules/default.nix +++ b/pkgs/development/beam-modules/default.nix @@ -69,11 +69,6 @@ let debugInfo = true; }; - elixir_1_3 = lib.callElixir ../interpreters/elixir/1.3.nix { - inherit rebar erlang; - debugInfo = true; - }; - lfe = lfe_1_2; lfe_1_2 = lib.callLFE ../interpreters/lfe/1.2.nix { inherit erlang buildRebar3 buildHex; }; diff --git a/pkgs/development/interpreters/elixir/1.3.nix b/pkgs/development/interpreters/elixir/1.3.nix deleted file mode 100644 index 43d48e2cf7c..00000000000 --- a/pkgs/development/interpreters/elixir/1.3.nix +++ /dev/null @@ -1,7 +0,0 @@ -{ mkDerivation }: - -mkDerivation rec { - version = "1.3.4"; - sha256 = "01qqv1ghvfadcwcr5p88w8j217cgaf094pmpqllij3l0q1yg104l"; - minimumOTPVersion = "18"; -} diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 7917ccffd13..46bf24b5a2d 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -7697,7 +7697,7 @@ in inherit (beam.interpreters) erlang erlangR18 erlangR19 erlangR20 erlangR21 erlang_odbc erlang_javac erlang_odbc_javac erlang_nox erlang_basho_R16B02 - elixir elixir_1_8 elixir_1_7 elixir_1_6 elixir_1_5 elixir_1_4 elixir_1_3 + elixir elixir_1_8 elixir_1_7 elixir_1_6 elixir_1_5 elixir_1_4 lfe lfe_1_2; inherit (beam.packages.erlang) diff --git a/pkgs/top-level/beam-packages.nix b/pkgs/top-level/beam-packages.nix index 8255a2223f9..f05cf3d9290 100644 --- a/pkgs/top-level/beam-packages.nix +++ b/pkgs/top-level/beam-packages.nix @@ -61,8 +61,7 @@ rec { # Other Beam languages. These are built with `beam.interpreters.erlang`. To # access for example elixir built with different version of Erlang, use # `beam.packages.erlangR19.elixir`. - inherit (packages.erlang) - elixir elixir_1_8 elixir_1_7 elixir_1_6 elixir_1_5 elixir_1_4 elixir_1_3; + inherit (packages.erlang) elixir elixir_1_8 elixir_1_7 elixir_1_6 elixir_1_5 elixir_1_4; inherit (packages.erlang) lfe lfe_1_2; }; From 69d3eb6b6f28856db99d1ced1d5ec5218bbe1fc9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Sat, 5 Jan 2019 12:38:20 +0100 Subject: [PATCH 42/76] elixir: link to compatibility table --- pkgs/development/beam-modules/default.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/pkgs/development/beam-modules/default.nix b/pkgs/development/beam-modules/default.nix index dd374bcccb4..f71379459dc 100644 --- a/pkgs/development/beam-modules/default.nix +++ b/pkgs/development/beam-modules/default.nix @@ -69,6 +69,9 @@ let debugInfo = true; }; + # Remove old versions of elixir, when the supports fades out: + # https://hexdocs.pm/elixir/compatibility-and-deprecations.html + lfe = lfe_1_2; lfe_1_2 = lib.callLFE ../interpreters/lfe/1.2.nix { inherit erlang buildRebar3 buildHex; }; From 4a4d1d64979e3ad80aaa03a2b2a526e50cead3a9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Fri, 4 Jan 2019 11:40:39 +0100 Subject: [PATCH 43/76] cryptominisat: 5.0.1 -> 5.6.6 --- .../science/logic/cryptominisat/default.nix | 16 +++++----------- 1 file changed, 5 insertions(+), 11 deletions(-) diff --git a/pkgs/applications/science/logic/cryptominisat/default.nix b/pkgs/applications/science/logic/cryptominisat/default.nix index 4d96339149a..25027841ab8 100644 --- a/pkgs/applications/science/logic/cryptominisat/default.nix +++ b/pkgs/applications/science/logic/cryptominisat/default.nix @@ -1,24 +1,18 @@ -{ stdenv, fetchFromGitHub, fetchpatch, cmake, python, xxd }: +{ stdenv, fetchFromGitHub, fetchpatch, cmake, python, xxd, boost }: stdenv.mkDerivation rec { name = "cryptominisat-${version}"; - version = "5.0.1"; + version = "5.6.6"; src = fetchFromGitHub { owner = "msoos"; repo = "cryptominisat"; rev = version; - sha256 = "0cpw5d9vplxvv3aaplhnga55gz1hy29p7s4pkw1306knkbhlzvkb"; + sha256 = "1a1494gj4j73yij0hjbzsn2hglk9zy5c5wfwgig3j67cis28saf5"; }; - buildInputs = [ python xxd ]; - nativeBuildInputs = [ cmake ]; - - patches = [(fetchpatch rec { - name = "fix-exported-library-name.patch"; - url = "https://github.com/msoos/cryptominisat/commit/7a47795cbe5ad5a899731102d297f234bcade077.patch"; - sha256 = "11hf3cfqs4cykn7rlgjglq29lzqfxvlm0f20qasi0kdrz01cr30f"; - })]; + buildInputs = [ python boost ]; + nativeBuildInputs = [ cmake xxd ]; meta = with stdenv.lib; { description = "An advanced SAT Solver"; From 17f4d415a2270441dd19f7abcc2fe7b5a1c6900b Mon Sep 17 00:00:00 2001 From: taku0 Date: Sat, 5 Jan 2019 15:02:39 +0900 Subject: [PATCH 44/76] thunderbird: 60.3.3 -> 60.4.0 Picked from PR #53437. It runs fine for me. --- .../networking/mailreaders/thunderbird/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/applications/networking/mailreaders/thunderbird/default.nix b/pkgs/applications/networking/mailreaders/thunderbird/default.nix index c048c2938a9..038e24de031 100644 --- a/pkgs/applications/networking/mailreaders/thunderbird/default.nix +++ b/pkgs/applications/networking/mailreaders/thunderbird/default.nix @@ -24,11 +24,11 @@ let gcc = if stdenv.cc.isGNU then stdenv.cc.cc else stdenv.cc.cc.gcc; in stdenv.mkDerivation rec { name = "thunderbird-${version}"; - version = "60.3.3"; + version = "60.4.0"; src = fetchurl { url = "mirror://mozilla/thunderbird/releases/${version}/source/thunderbird-${version}.source.tar.xz"; - sha512 = "04m6mgm4nfnq3nfkv0d1al5b7bw95kfcjpyd7aschqi6wnn21g8qacx42ynj89i5l9vc1jx8nz0wy266sy6x5iv9q585c6l6j9gvkrh"; + sha512 = "0flg3j0bvgpyk4wbb8d17yl8rddww7q9m9n5brqx1jlj0vjk8lrf8awvxxhn5ssyhy2ys2sklnw75y35hnws3hijs8l9l8ahznfqjq8"; }; # from firefox, but without sound libraries From 3b152247eadbf3257e684525d49549b55f26c87d Mon Sep 17 00:00:00 2001 From: Michael Raskin <7c6f434c@mail.ru> Date: Sat, 5 Jan 2019 13:17:50 +0100 Subject: [PATCH 45/76] weechatScripts.weechat-matrix-bridge: 2018-05-29 -> 2018-11-19 (HTTP/2 support fix) --- .../irc/weechat/scripts/weechat-matrix-bridge/default.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/applications/networking/irc/weechat/scripts/weechat-matrix-bridge/default.nix b/pkgs/applications/networking/irc/weechat/scripts/weechat-matrix-bridge/default.nix index d2960ae93a9..137a32f9364 100644 --- a/pkgs/applications/networking/irc/weechat/scripts/weechat-matrix-bridge/default.nix +++ b/pkgs/applications/networking/irc/weechat/scripts/weechat-matrix-bridge/default.nix @@ -1,12 +1,12 @@ { stdenv, curl, fetchFromGitHub, cjson, olm, luaffi }: stdenv.mkDerivation { - name = "weechat-matrix-bridge-2018-05-29"; + name = "weechat-matrix-bridge-2018-11-19"; src = fetchFromGitHub { owner = "torhve"; repo = "weechat-matrix-protocol-script"; - rev = "ace3fefc0e35a627f8a528032df2e3111e41eb1b"; - sha256 = "1snf8vn5n9wzrnqnvdrcli4199s5p114jbjlgrj5c27i53173wqw"; + rev = "8d32e90d864a8f3f09ecc2857cd5dd6e39a8c3f7"; + sha256 = "0qqd6qmkrdc0r3rnl53c3yp93fbcz7d3mdw3vq5gmdqxyym4s9lj"; }; patches = [ From 9b2f0fbcdd4cbb4acac3f894cb93d0efdd5fcd26 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Sat, 5 Jan 2019 13:22:39 +0100 Subject: [PATCH 46/76] nixos/lirc: expose socket path via passthru --- nixos/modules/services/hardware/lirc.nix | 12 +++--------- nixos/modules/services/hardware/vdr.nix | 2 +- 2 files changed, 4 insertions(+), 10 deletions(-) diff --git a/nixos/modules/services/hardware/lirc.nix b/nixos/modules/services/hardware/lirc.nix index ece38bd1e1c..826e512c75d 100644 --- a/nixos/modules/services/hardware/lirc.nix +++ b/nixos/modules/services/hardware/lirc.nix @@ -32,14 +32,6 @@ in { default = []; description = "Extra arguments to lircd."; }; - - socket = mkOption { - type = types.path; - # default search path of many applications - default = "/run/lirc/lircd"; - description = "Socket path"; - }; - }; }; @@ -50,13 +42,15 @@ in { # Note: LIRC executables raises a warning, if lirc_options.conf do not exists environment.etc."lirc/lirc_options.conf".text = cfg.options; + passthru.lirc.socket = "/run/lirc/lircd"; + environment.systemPackages = [ pkgs.lirc ]; systemd.sockets.lircd = { description = "LIRC daemon socket"; wantedBy = [ "sockets.target" ]; socketConfig = { - ListenStream = cfg.socket; + ListenStream = config.passthru.lirc.socket; SocketUser = "lirc"; SocketMode = "0660"; }; diff --git a/nixos/modules/services/hardware/vdr.nix b/nixos/modules/services/hardware/vdr.nix index 695f0cbab1f..4822506a899 100644 --- a/nixos/modules/services/hardware/vdr.nix +++ b/nixos/modules/services/hardware/vdr.nix @@ -75,7 +75,7 @@ in { services.lirc.enable = true; users.users.vdr.extraGroups = [ "lirc" ]; services.vdr.extraArguments = [ - "--lirc=${config.services.lirc.socket}" + "--lirc=${config.passthru.lirc.socket}" ]; })]); } From c68e8b05f005381ac1caf51bb28282b70242b77b Mon Sep 17 00:00:00 2001 From: Joachim Fasting Date: Sat, 5 Jan 2019 13:10:05 +0100 Subject: [PATCH 47/76] Revert "linux-hardened: Disable GCC_PLUGIN_RANDSTRUCT" This reverts commit 5dda1324be421c1a2afd5a559a87f97691287003. Presumably this was done to work around build errors or something but it works fine now. --- pkgs/os-specific/linux/kernel/hardened-config.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/pkgs/os-specific/linux/kernel/hardened-config.nix b/pkgs/os-specific/linux/kernel/hardened-config.nix index 9d28b3edf85..a6a835c1fe9 100644 --- a/pkgs/os-specific/linux/kernel/hardened-config.nix +++ b/pkgs/os-specific/linux/kernel/hardened-config.nix @@ -117,6 +117,11 @@ ${optionalString (versionAtLeast version "4.20") '' GCC_PLUGIN_STACKLEAK y # A port of the PaX stackleak plugin ''} +${optionalString (versionAtLeast version "4.13") '' + GCC_PLUGIN_RANDSTRUCT y # A port of the PaX randstruct plugin + GCC_PLUGIN_RANDSTRUCT_PERFORMANCE y +''} + # Disable various dangerous settings ACPI_CUSTOM_METHOD n # Allows writing directly to physical memory PROC_KCORE n # Exposes kernel text image layout From abc8ed3fcae60ad2586307c854bdb21f993592f0 Mon Sep 17 00:00:00 2001 From: Joachim Fasting Date: Sat, 5 Jan 2019 13:20:09 +0100 Subject: [PATCH 48/76] hardened-config: clarify readonly LSM hooks config SECURITY_WRITABLE_HOOKS is implicitly controlled by SECURITY_SELINUX_DISABLE; explicitly unsetting results in an error because the configfile builder fails to detect that it has in fact been unset (reporting it as an unused option). For now, leave WRITABLE_HOOKS as an "optional" config for documentation purposes. --- .../os-specific/linux/kernel/hardened-config.nix | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/pkgs/os-specific/linux/kernel/hardened-config.nix b/pkgs/os-specific/linux/kernel/hardened-config.nix index a6a835c1fe9..13db3873e62 100644 --- a/pkgs/os-specific/linux/kernel/hardened-config.nix +++ b/pkgs/os-specific/linux/kernel/hardened-config.nix @@ -52,15 +52,17 @@ ${optionalString (versionOlder version "4.11") '' DEBUG_SET_MODULE_RONX y ''} -# Mark LSM hooks read-only after init. Conflicts with SECURITY_SELINUX_DISABLE -# (disabling SELinux at runtime); hence, SELinux can only be disabled at boot -# via the selinux=0 boot parameter. +# Mark LSM hooks read-only after init. SECURITY_WRITABLE_HOOKS n +# conflicts with SECURITY_SELINUX_DISABLE y; disabling the latter +# implicitly marks LSM hooks read-only after init. +# +# SELinux can only be disabled at boot via selinux=0 +# +# We set SECURITY_WRITABLE_HOOKS n primarily for documentation purposes; the +# config builder fails to detect that it has indeed been unset. ${optionalString (versionAtLeast version "4.12") '' SECURITY_SELINUX_DISABLE n -''} - -${optionalString ((versionAtLeast version "4.12") && (versionOlder version "4.17")) '' - SECURITY_WRITABLE_HOOKS n + SECURITY_WRITABLE_HOOKS? n ''} DEBUG_WX y # boot-time warning on RWX mappings From 1801aad7b889e1acd3b2f41046852ae78f61a32d Mon Sep 17 00:00:00 2001 From: Joachim Fasting Date: Sat, 5 Jan 2019 13:24:54 +0100 Subject: [PATCH 49/76] hardened-config: clarify MODIFY_LDT_SYSCALL This likely never worked; MODIFY_LDT_SYSCALL depends on EXPERT; enabling EXPERT however seems to introduce quite a few changes that would need to be properly vetted. The version guard is unnecessary, however, as this config has been supported since 4.3. --- pkgs/os-specific/linux/kernel/hardened-config.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/os-specific/linux/kernel/hardened-config.nix b/pkgs/os-specific/linux/kernel/hardened-config.nix index 13db3873e62..6ae0108b3f0 100644 --- a/pkgs/os-specific/linux/kernel/hardened-config.nix +++ b/pkgs/os-specific/linux/kernel/hardened-config.nix @@ -28,9 +28,9 @@ ${optionalString (stdenv.hostPlatform.platform.kernelArch == "x86_64") '' # Reduce attack surface by disabling various emulations IA32_EMULATION n X86_X32 n - ${optionalString (versionOlder version "4.17") '' - MODIFY_LDT_SYSCALL? n - ''} + # Note: this config depends on EXPERT y and so will not take effect, hence + # it is left "optional" for now. + MODIFY_LDT_SYSCALL? n VMAP_STACK y # Catch kernel stack overflows From dfd77a046de192d8dfa5f9534552c299c3da26ac Mon Sep 17 00:00:00 2001 From: Joachim Fasting Date: Sat, 5 Jan 2019 13:43:42 +0100 Subject: [PATCH 50/76] hardened-config: ensure STRICT_KERNEL_RWX This is y in the default config, but enable it explicitly here to catch situations where it has been disabled (explicitly or implicitly). --- pkgs/os-specific/linux/kernel/hardened-config.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/pkgs/os-specific/linux/kernel/hardened-config.nix b/pkgs/os-specific/linux/kernel/hardened-config.nix index 6ae0108b3f0..90856d593dd 100644 --- a/pkgs/os-specific/linux/kernel/hardened-config.nix +++ b/pkgs/os-specific/linux/kernel/hardened-config.nix @@ -66,6 +66,9 @@ ${optionalString (versionAtLeast version "4.12") '' ''} DEBUG_WX y # boot-time warning on RWX mappings +${optionalString (versionAtLeast version "4.11") '' + STRICT_KERNEL_RWX y +''} # Stricter /dev/mem STRICT_DEVMEM? y From 11840f5c7071d1d687dc69a2585844a8c97b01a3 Mon Sep 17 00:00:00 2001 From: Joachim Fasting Date: Sat, 5 Jan 2019 13:44:33 +0100 Subject: [PATCH 51/76] hardened-config: explain HARDENED_USERCOPY_FALLBACK n --- pkgs/os-specific/linux/kernel/hardened-config.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/os-specific/linux/kernel/hardened-config.nix b/pkgs/os-specific/linux/kernel/hardened-config.nix index 90856d593dd..62bd4945a66 100644 --- a/pkgs/os-specific/linux/kernel/hardened-config.nix +++ b/pkgs/os-specific/linux/kernel/hardened-config.nix @@ -89,7 +89,7 @@ ${optionalString (versionAtLeast version "4.13") '' # Perform usercopy bounds checking. HARDENED_USERCOPY y ${optionalString (versionAtLeast version "4.16") '' - HARDENED_USERCOPY_FALLBACK n + HARDENED_USERCOPY_FALLBACK n # for full whitelist enforcement ''} # Randomize allocator freelists. From d62086e6fc2fdf8d5f5d45e697edac418e6bad0f Mon Sep 17 00:00:00 2001 From: Joachim Fasting Date: Sat, 5 Jan 2019 13:44:54 +0100 Subject: [PATCH 52/76] hardened-config: allow slub/slab free poisoning --- pkgs/os-specific/linux/kernel/hardened-config.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/pkgs/os-specific/linux/kernel/hardened-config.nix b/pkgs/os-specific/linux/kernel/hardened-config.nix index 62bd4945a66..ed540a9e751 100644 --- a/pkgs/os-specific/linux/kernel/hardened-config.nix +++ b/pkgs/os-specific/linux/kernel/hardened-config.nix @@ -99,6 +99,9 @@ ${optionalString (versionAtLeast version "4.14") '' SLAB_FREELIST_HARDENED y ''} +# Allow enabling slub/slab free poisoning with slub_debug=P +SLUB_DEBUG y + # Wipe higher-level memory allocations on free() with page_poison=1 PAGE_POISONING y PAGE_POISONING_NO_SANITY y From 3f1f44312536ef93b3591cabe141166cac23b8db Mon Sep 17 00:00:00 2001 From: Joachim Fasting Date: Sat, 5 Jan 2019 13:47:25 +0100 Subject: [PATCH 53/76] nixos/hardened profile: slab/slub hardening slab_nomerge may reduce surface somewhat slub_debug is used to enable additional sanity checks and "red zones" around allocations to detect read/writes beyond the allocated area, as well as poisoning to overwrite free'd data. The cost is yet more memory fragmentation ... --- nixos/modules/profiles/hardened.nix | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/nixos/modules/profiles/hardened.nix b/nixos/modules/profiles/hardened.nix index a588943fe71..aa9ea2c9a35 100644 --- a/nixos/modules/profiles/hardened.nix +++ b/nixos/modules/profiles/hardened.nix @@ -29,6 +29,12 @@ with lib; security.apparmor.enable = mkDefault true; boot.kernelParams = [ + # Slab/slub sanity checks, redzoning, and poisoning + "slub_debug=FZP" + + # Disable slab merging to make certain heap overflow attacks harder + "slab_nomerge" + # Overwrite free'd memory "page_poison=1" From 167578163a5031e8d7519b010824499db73fa62f Mon Sep 17 00:00:00 2001 From: Joachim Fasting Date: Sat, 5 Jan 2019 13:50:36 +0100 Subject: [PATCH 54/76] nixos/hardened profile: always enable pti --- nixos/modules/profiles/hardened.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/nixos/modules/profiles/hardened.nix b/nixos/modules/profiles/hardened.nix index aa9ea2c9a35..9ab2ee87a19 100644 --- a/nixos/modules/profiles/hardened.nix +++ b/nixos/modules/profiles/hardened.nix @@ -40,6 +40,9 @@ with lib; # Disable legacy virtual syscalls "vsyscall=none" + + # Enable PTI even if CPU claims to be safe from meltdown + "pti=on" ]; boot.blacklistedKernelModules = [ From 8358ffc7081091c52a39bd468c39658f0f336c6c Mon Sep 17 00:00:00 2001 From: Matt McHenry Date: Fri, 4 Jan 2019 23:08:53 -0500 Subject: [PATCH 55/76] haskellPackages.friday: jailbreak --- pkgs/development/haskell-modules/configuration-common.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/pkgs/development/haskell-modules/configuration-common.nix b/pkgs/development/haskell-modules/configuration-common.nix index 7bd540c8578..c55ddf833d7 100644 --- a/pkgs/development/haskell-modules/configuration-common.nix +++ b/pkgs/development/haskell-modules/configuration-common.nix @@ -520,6 +520,10 @@ self: super: { # generic-deriving bound is too tight aeson = doJailbreak super.aeson; + # containers >=0.4 && <0.6 is too tight + # https://github.com/RaphaelJ/friday/issues/34 + friday = doJailbreak super.friday; + # Won't compile with recent versions of QuickCheck. inilist = dontCheck super.inilist; MissingH = dontCheck super.MissingH; From df834ee56d8c2ba5f75eae872e4dedc037874a61 Mon Sep 17 00:00:00 2001 From: "R. RyanTM" Date: Sat, 5 Jan 2019 05:47:25 -0800 Subject: [PATCH 56/76] sysstat: 12.1.1 -> 12.1.2 (#52675) Semi-automatic update generated by https://github.com/ryantm/nixpkgs-update tools. This update was made based on information from https://repology.org/metapackage/sysstat/versions --- pkgs/os-specific/linux/sysstat/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/os-specific/linux/sysstat/default.nix b/pkgs/os-specific/linux/sysstat/default.nix index d3a9d7834cd..27b27ebffdd 100644 --- a/pkgs/os-specific/linux/sysstat/default.nix +++ b/pkgs/os-specific/linux/sysstat/default.nix @@ -1,11 +1,11 @@ { stdenv, fetchurl, gettext, bzip2 }: stdenv.mkDerivation rec { - name = "sysstat-12.1.1"; + name = "sysstat-12.1.2"; src = fetchurl { url = "http://perso.orange.fr/sebastien.godard/${name}.tar.xz"; - sha256 = "0drrlv2fr64g5zf0a2bkla2rql4nmq4n192wvcr9r4zppg58d8k4"; + sha256 = "0xiv70x4n24fcycvlq95lqgb3jwjxfzq61bnyqai57x54hhn46yp"; }; buildInputs = [ gettext ]; From 37fe593d486f006173e91df2cfc1429db7fb06e0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Sat, 5 Jan 2019 16:38:10 +0100 Subject: [PATCH 57/76] cryptominisat: switch to python3 --- pkgs/applications/science/logic/cryptominisat/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/applications/science/logic/cryptominisat/default.nix b/pkgs/applications/science/logic/cryptominisat/default.nix index 25027841ab8..18af6f0a618 100644 --- a/pkgs/applications/science/logic/cryptominisat/default.nix +++ b/pkgs/applications/science/logic/cryptominisat/default.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchFromGitHub, fetchpatch, cmake, python, xxd, boost }: +{ stdenv, fetchFromGitHub, fetchpatch, cmake, python3, xxd, boost }: stdenv.mkDerivation rec { name = "cryptominisat-${version}"; @@ -11,7 +11,7 @@ stdenv.mkDerivation rec { sha256 = "1a1494gj4j73yij0hjbzsn2hglk9zy5c5wfwgig3j67cis28saf5"; }; - buildInputs = [ python boost ]; + buildInputs = [ python3 boost ]; nativeBuildInputs = [ cmake xxd ]; meta = with stdenv.lib; { From 2614c8a6c564d7eb5b693975b3c1ff9771f5753f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Fri, 4 Jan 2019 15:41:51 +0100 Subject: [PATCH 58/76] nixos/xss-lock: specify a default locker Having a default locker is less error-prone and more convenient. Incorrect values might leave the machine vulnerable since there is no fallback. --- nixos/modules/programs/xss-lock.nix | 3 ++- nixos/tests/xss-lock.nix | 3 +-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/nixos/modules/programs/xss-lock.nix b/nixos/modules/programs/xss-lock.nix index 49d522c604f..c290df01b96 100644 --- a/nixos/modules/programs/xss-lock.nix +++ b/nixos/modules/programs/xss-lock.nix @@ -9,7 +9,8 @@ in options.programs.xss-lock = { enable = mkEnableOption "xss-lock"; lockerCommand = mkOption { - example = "xlock"; + default = "${pkgs.i3lock}/bin/i3lock"; + example = literalExample ''''${pkgs.i3lock-fancy}/bin/i3lock-fancy''; type = types.string; description = "Locker to be used with xsslock"; }; diff --git a/nixos/tests/xss-lock.nix b/nixos/tests/xss-lock.nix index 045667bdcde..b46bb1a8f6e 100644 --- a/nixos/tests/xss-lock.nix +++ b/nixos/tests/xss-lock.nix @@ -9,7 +9,6 @@ with lib; machine = { imports = [ ./common/x11.nix ./common/user-account.nix ]; programs.xss-lock.enable = true; - programs.xss-lock.lockerCommand = "${pkgs.xlockmore}/bin/xlock"; services.xserver.displayManager.auto.user = "alice"; }; @@ -20,6 +19,6 @@ with lib; $machine->fail("pgrep xlock"); $machine->succeed("su -l alice -c 'xset dpms force standby'"); - $machine->waitUntilSucceeds("pgrep xlock"); + $machine->waitUntilSucceeds("pgrep i3lock"); ''; }) From 5da3d039d4b6b5d46c39b3cd22223f02bb02bf3f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Sat, 5 Jan 2019 17:01:50 +0100 Subject: [PATCH 59/76] qemu-afl: various cleanups --- pkgs/tools/security/afl/qemu.nix | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/pkgs/tools/security/afl/qemu.nix b/pkgs/tools/security/afl/qemu.nix index 769b89ec4c5..a007eb3913d 100644 --- a/pkgs/tools/security/afl/qemu.nix +++ b/pkgs/tools/security/afl/qemu.nix @@ -36,12 +36,14 @@ stdenv.mkDerivation rec { --replace "../patches/afl-qemu-cpu-inl.h" "afl-qemu-cpu-inl.h" ''; - buildInputs = - [ python2 zlib pkgconfig glib pixman ncurses perl attr libcap - vde2 texinfo libuuid flex bison lzo snappy autoconf - libcap_ng gnutls - ] - ++ optionals (hasSuffix "linux" stdenv.hostPlatform.system) [ libaio ]; + nativeBuildInputs = [ + python2 perl pkgconfig flex bison autoconf texinfo + ]; + + buildInputs = [ + zlib glib pixman ncurses attr libcap + vde2 libuuid lzo snappy libcap_ng gnutls + ] ++ optionals (stdenv.isLinux) [ libaio ]; enableParallelBuilding = true; From e2b79b10b57ac5b4484a94f4e54e87297d7c9591 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Sat, 5 Jan 2019 16:58:51 +0100 Subject: [PATCH 60/76] afl: various cleanups --- pkgs/tools/security/afl/default.nix | 23 ++++++++--------------- 1 file changed, 8 insertions(+), 15 deletions(-) diff --git a/pkgs/tools/security/afl/default.nix b/pkgs/tools/security/afl/default.nix index 067d355fb90..c90d031e989 100644 --- a/pkgs/tools/security/afl/default.nix +++ b/pkgs/tools/security/afl/default.nix @@ -15,21 +15,18 @@ let url = "http://lcamtuf.coredump.cx/afl/releases/${name}.tgz"; sha256 = "0ig0ij4n1pwry5dw1hk4q88801jzzy2cric6y2gd6560j55lnqa3"; }; + enableParallelBuilding = true; # Note: libcgroup isn't needed for building, just for the afl-cgroup # script. - buildInputs = [ makeWrapper llvm which ]; + nativeBuildInputs = [ makeWrapper which ]; + buildInputs = [ llvm ]; - buildPhase = '' - make PREFIX=$out - cd llvm_mode - make PREFIX=$out - cd .. + makeFlags = [ "PREFIX=$(out)" ]; + postBuild = '' + make -C llvm_mode $makeFlags -j$NIX_BUILD_CORES ''; - installPhase = '' - # Do the normal installation - make install PREFIX=$out - + postInstall = '' # Install the custom QEMU emulator for binary blob fuzzing. cp ${afl-qemu}/bin/${qemu-exe-name} $out/bin/afl-qemu-trace @@ -55,9 +52,7 @@ let done ''; - passthru = { - qemu = afl-qemu; - }; + passthru.qemu = afl-qemu; meta = { description = "Powerful fuzzer via genetic algorithms and instrumentation"; @@ -78,5 +73,3 @@ let }; }; in afl - - From 8a7d9e6dd09d6db119ccfb34b8cb52157e61e7bc Mon Sep 17 00:00:00 2001 From: Dmitry Kalinkin Date: Sat, 5 Jan 2019 11:38:10 -0500 Subject: [PATCH 61/76] offlineimap: provide "OS-DEFAULT" CA certificates (#53268) --- pkgs/tools/networking/offlineimap/default.nix | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/pkgs/tools/networking/offlineimap/default.nix b/pkgs/tools/networking/offlineimap/default.nix index 50ed107bc20..5ac64d36eaf 100644 --- a/pkgs/tools/networking/offlineimap/default.nix +++ b/pkgs/tools/networking/offlineimap/default.nix @@ -1,5 +1,5 @@ { stdenv, fetchFromGitHub, python2Packages, - asciidoc, libxml2, libxslt, docbook_xsl }: + asciidoc, cacert, libxml2, libxslt, docbook_xsl }: python2Packages.buildPythonApplication rec { version = "7.2.2"; @@ -15,6 +15,9 @@ python2Packages.buildPythonApplication rec { postPatch = '' # Skip xmllint to stop failures due to no network access sed -i docs/Makefile -e "s|a2x -v -d |a2x -L -v -d |" + + # Provide CA certificates (Used when "sslcacertfile = OS-DEFAULT" is configured") + sed -i offlineimap/utils/distro.py -e '/def get_os_sslcertfile():/a\ \ \ \ return "${cacert}/etc/ssl/certs/ca-bundle.crt"' ''; doCheck = false; From 0d99389a6d7335daea2443fe5b7949acb0aa052d Mon Sep 17 00:00:00 2001 From: Tadeo Kondrak Date: Sat, 5 Jan 2019 10:10:27 -0700 Subject: [PATCH 62/76] wine: add perl to buildInputs to fix winemaker --- pkgs/misc/emulators/wine/base.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/misc/emulators/wine/base.nix b/pkgs/misc/emulators/wine/base.nix index 94cf4a77456..2b9d048f77e 100644 --- a/pkgs/misc/emulators/wine/base.nix +++ b/pkgs/misc/emulators/wine/base.nix @@ -59,7 +59,7 @@ stdenv.mkDerivation ((lib.optionalAttrs (! isNull buildScript) { ++ lib.optionals stdenv.isLinux (with pkgs.xorg; [ libXi libXcursor libXrandr libXrender libXxf86vm libXcomposite libXext ]) - ++ [ pkgs.xorg.libX11 ])); + ++ [ pkgs.xorg.libX11 pkgs.perl ])); # Wine locates a lot of libraries dynamically through dlopen(). Add # them to the RPATH so that the user doesn't have to set them in From f706777f5b19e0af6b5552ce3fdcf782e399f882 Mon Sep 17 00:00:00 2001 From: Ryan Mulligan Date: Tue, 1 Jan 2019 14:51:01 -0800 Subject: [PATCH 63/76] haskellPackages.binary-orphans: dontCheck --- pkgs/development/haskell-modules/configuration-ghc-8.6.x.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/pkgs/development/haskell-modules/configuration-ghc-8.6.x.nix b/pkgs/development/haskell-modules/configuration-ghc-8.6.x.nix index d5c1fadc5a2..4d258a5490b 100644 --- a/pkgs/development/haskell-modules/configuration-ghc-8.6.x.nix +++ b/pkgs/development/haskell-modules/configuration-ghc-8.6.x.nix @@ -56,6 +56,7 @@ self: super: { RSA = dontCheck super.RSA; # https://github.com/GaloisInc/RSA/issues/14 monad-par = dontCheck super.monad-par; # https://github.com/simonmar/monad-par/issues/66 github = dontCheck super.github; # hspec upper bound exceeded; https://github.com/phadej/github/pull/341 + binary-orphans = dontCheck super.binary-orphans; # tasty upper bound exceeded; https://github.com/phadej/binary-orphans/commit/8ce857226595dd520236ff4c51fa1a45d8387b33 # https://github.com/jgm/skylighting/issues/55 skylighting-core = dontCheck super.skylighting-core; From 5adde64416b6f4fce41e1152efe9902a28ace26b Mon Sep 17 00:00:00 2001 From: Will Dietz Date: Sat, 5 Jan 2019 13:35:10 -0600 Subject: [PATCH 64/76] minizincide: minor touchups per reviewer suggestion (sourceRoot needed a "source/" prefix, FWIW) --- pkgs/development/tools/minizinc/ide.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/tools/minizinc/ide.nix b/pkgs/development/tools/minizinc/ide.nix index 9e4edc236df..ab2af43979a 100644 --- a/pkgs/development/tools/minizinc/ide.nix +++ b/pkgs/development/tools/minizinc/ide.nix @@ -15,7 +15,7 @@ stdenv.mkDerivation { sha256 = "1hanq7c6li59awlwghgvpd8w93a7zb6iw7p4062nphnbd1dmg92f"; }; - postUnpack = ''export sourceRoot="$sourceRoot/MiniZincIDE"''; + sourceRoot = "source/MiniZincIDE"; enableParallelBuilding = true; @@ -25,7 +25,7 @@ stdenv.mkDerivation { meta = with stdenv.lib; { homepage = https://www.minizinc.org/; - description = "IDE for MiniZinc, a medium-level constraint modelling language."; + description = "IDE for MiniZinc, a medium-level constraint modelling language"; longDescription = '' MiniZinc is a medium-level constraint modelling From 6f886ca7aaa1948b58640915f4a350fcb85d3155 Mon Sep 17 00:00:00 2001 From: Will Dietz Date: Sat, 5 Jan 2019 13:39:17 -0600 Subject: [PATCH 65/76] gllvm: 1.2.2 -> 1.2.3 https://github.com/SRI-CSL/gllvm/releases/tag/v1.2.3 --- pkgs/development/tools/gllvm/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/tools/gllvm/default.nix b/pkgs/development/tools/gllvm/default.nix index cae6d2255bf..b581e71129c 100644 --- a/pkgs/development/tools/gllvm/default.nix +++ b/pkgs/development/tools/gllvm/default.nix @@ -2,7 +2,7 @@ buildGoPackage rec { name = "gllvm-${version}"; - version = "1.2.2"; + version = "1.2.3"; goPackagePath = "github.com/SRI-CSL/gllvm"; @@ -10,7 +10,7 @@ buildGoPackage rec { owner = "SRI-CSL"; repo = "gllvm"; rev = "v${version}"; - sha256 = "1k6081frnc6i6h3fa8d796cirhbf5kkshw7qyarz5wi3fcgijn4s"; + sha256 = "12kdgsma62nzksvw266qm3ivkbz62ma93dd25wy0p19789v4fi7s"; }; meta = with stdenv.lib; { From f27fe449b10c65830a2f27cae5d3213077b6f07e Mon Sep 17 00:00:00 2001 From: Michael Raskin <7c6f434c@mail.ru> Date: Sat, 5 Jan 2019 22:37:00 +0100 Subject: [PATCH 66/76] pythonPackages.ldap3: switch src to fetchFromGitHub PyPI links to a source tarball at PythonHosted that has an empty ldap3/protocol/sasl/digestMd5.py while the linked egg file has a non-empty file (and the upstream GitHub repository has a non-empty file that hasn't even had a non-comment change for some time. --- .../development/python-modules/ldap3/default.nix | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/pkgs/development/python-modules/ldap3/default.nix b/pkgs/development/python-modules/ldap3/default.nix index 22d725fac61..73957df1d9d 100644 --- a/pkgs/development/python-modules/ldap3/default.nix +++ b/pkgs/development/python-modules/ldap3/default.nix @@ -1,12 +1,20 @@ -{ stdenv, fetchPypi, buildPythonPackage, gssapi, pyasn1 }: +{ stdenv, fetchPypi, fetchFromGitHub, buildPythonPackage, gssapi, pyasn1 }: buildPythonPackage rec { version = "2.5.2"; pname = "ldap3"; - src = fetchPypi { - inherit pname version; - sha256 = "063dacy01mphc3n7z2qc2avykjavqm1gllkbvy7xzw5ihlqwhrrz"; +## This should work, but 2.5.2 has a weird tarball with empty source files +## where upstream repository has non-empty ones +# src = fetchPypi { +# inherit pname version; +# sha256 = "063dacy01mphc3n7z2qc2avykjavqm1gllkbvy7xzw5ihlqwhrrz"; +# }; + src = fetchFromGitHub { + owner = "cannatag"; + repo = pname; + rev = "v${version}"; + sha256 = "0p5l4bhy6j2nvvlxz5zvznbaqb72x791v9la2jr2wpwr60mzz9hw"; }; buildInputs = [ gssapi ]; From 8d9c2fc3ffdd6079d141e833d6b28c6397ecbd21 Mon Sep 17 00:00:00 2001 From: Michael Weiss Date: Sat, 5 Jan 2019 21:23:09 +0100 Subject: [PATCH 67/76] python37Packages.google_api_python_client: 1.7.4 -> 1.7.7 --- .../python-modules/google-api-python-client/default.nix | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/pkgs/development/python-modules/google-api-python-client/default.nix b/pkgs/development/python-modules/google-api-python-client/default.nix index c8dd5ea84ae..1a335ad6bb1 100644 --- a/pkgs/development/python-modules/google-api-python-client/default.nix +++ b/pkgs/development/python-modules/google-api-python-client/default.nix @@ -1,13 +1,14 @@ -{ lib, buildPythonPackage, fetchPypi +{ lib, buildPythonPackage, fetchPypi, isPy3k , httplib2, google_auth, google-auth-httplib2, six, uritemplate, oauth2client }: buildPythonPackage rec { pname = "google-api-python-client"; - version = "1.7.4"; + version = "1.7.7"; + #disabled = !isPy3k; # TODO: Python 2.7 was deprecated but weboob still depends on it. src = fetchPypi { inherit pname version; - sha256 = "5d5cb02c6f3112c68eed51b74891a49c0e35263380672d662f8bfe85b8114d7c"; + sha256 = "1nlsp8cll6v9w4649j98xw545bfnqa2xs7m9faa9mxc0kp8ff1li"; }; # No tests included in archive From 2acda72b859fe7fc5f8e0301b922e3fbf4c294af Mon Sep 17 00:00:00 2001 From: Michael Weiss Date: Sat, 5 Jan 2019 22:30:09 +0100 Subject: [PATCH 68/76] python27Packages.weboob: Override google_api_python_client --- .../python-modules/weboob/default.nix | 19 +++++++++++++++---- 1 file changed, 15 insertions(+), 4 deletions(-) diff --git a/pkgs/development/python-modules/weboob/default.nix b/pkgs/development/python-modules/weboob/default.nix index 73a70a65c38..93a17ea4425 100644 --- a/pkgs/development/python-modules/weboob/default.nix +++ b/pkgs/development/python-modules/weboob/default.nix @@ -1,4 +1,4 @@ -{ buildPythonPackage, fetchurl, stdenv, isPy27 +{ buildPythonPackage, fetchurl, fetchPypi, stdenv, isPy27 , nose, pillow, prettytable, pyyaml, dateutil, gdata , requests, mechanize, feedparser, lxml, gnupg, pyqt5 , libyaml, simplejson, cssselect, futures, pdfminer @@ -6,7 +6,18 @@ , unidecode }: -buildPythonPackage rec { +let + # Support for Python 2.7 was dropped in 1.7.7 + google_api_python_client_python27 = google_api_python_client.overrideDerivation + (oldAttrs: rec { + pname = "google-api-python-client"; + version = "1.7.6"; + src = fetchPypi { + inherit pname version; + sha256 = "14w5sdrp0bk9n0r2lmpqmrbf2zclpfq6q7giyahnskkfzdkb165z"; + }; + }); +in buildPythonPackage rec { pname = "weboob"; version = "1.3"; disabled = ! isPy27; @@ -35,8 +46,8 @@ buildPythonPackage rec { propagatedBuildInputs = [ pillow prettytable pyyaml dateutil gdata requests mechanize feedparser lxml gnupg pyqt5 libyaml - simplejson cssselect futures pdfminer termcolor google_api_python_client - html2text unidecode ]; + simplejson cssselect futures pdfminer termcolor + google_api_python_client_python27 html2text unidecode ]; checkPhase = '' nosetests From a68ae2c2056b1fe286e0d07c0c9ded1ca6e4e994 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Vladim=C3=ADr=20=C4=8Cun=C3=A1t?= Date: Sat, 5 Jan 2019 22:51:21 +0100 Subject: [PATCH 69/76] obs-studio: restrict meta.platforms Hydra has been trying to build it on aarch64-linux, but never succeeded: https://hydra.nixos.org/job/nixpkgs/trunk/obs-studio.aarch64-linux/all (It tries to feed compiler x86-specific options.) I didn't test i686-linux, due to a transitive dependency not building (libupnp), but there it might likely work. --- pkgs/applications/video/obs-studio/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/applications/video/obs-studio/default.nix b/pkgs/applications/video/obs-studio/default.nix index 9fc9c587108..c98acda9eea 100644 --- a/pkgs/applications/video/obs-studio/default.nix +++ b/pkgs/applications/video/obs-studio/default.nix @@ -91,6 +91,6 @@ in stdenv.mkDerivation rec { homepage = https://obsproject.com; maintainers = with maintainers; [ jb55 MP2E ]; license = licenses.gpl2; - platforms = with platforms; linux; + platforms = [ "x86_64-linux" "i686-linux" ]; }; } From 35bee29824bba254f84fa6ccfcfae8eec940e47c Mon Sep 17 00:00:00 2001 From: Michael Weiss Date: Sat, 5 Jan 2019 22:40:24 +0100 Subject: [PATCH 70/76] pythonPackages.simplejson: Update the metadata The old homepage URL returns a 404 and the project is dual-licensed. --- pkgs/development/python-modules/simplejson/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/python-modules/simplejson/default.nix b/pkgs/development/python-modules/simplejson/default.nix index 4adf7083a0b..cc60e81a59e 100644 --- a/pkgs/development/python-modules/simplejson/default.nix +++ b/pkgs/development/python-modules/simplejson/default.nix @@ -33,7 +33,7 @@ buildPythonPackage rec { default, encoding is done in an encoding neutral fashion (plain ASCII with \uXXXX escapes for unicode characters). ''; - homepage = http://code.google.com/p/simplejson/; - license = lib.licenses.mit; + homepage = https://github.com/simplejson/simplejson; + license = with lib.licenses; [ mit afl21 ]; }; } From 46dd27e02594bf868922f16d5aba8cbb661382b9 Mon Sep 17 00:00:00 2001 From: Michael Weiss Date: Sat, 5 Jan 2019 22:42:48 +0100 Subject: [PATCH 71/76] pythonPackages.gcutil: Deprecate the package The package doesn't exist anymore (even the deprecation notice is gone [0]) and the build is currently broken: Collecting google-apputils==0.4.1 (from gcutil==1.16.1) Could not find a version that satisfies the requirement google-apputils==0.4.1 (from gcutil==1.16.1) (from versions: ) No matching distribution found for google-apputils==0.4.1 (from gcutil==1.16.1) [0]: https://download.huihoo.com/google/gdgdevkit/DVD1/developers.google.com/compute/docs/gcutil.1.html > "Warning: gcutil is deprecated. We encourage you to transition to > using gcloud compute ." --- .../python-modules/gcutil/default.nix | 41 ------------------- pkgs/top-level/python-packages.nix | 6 ++- 2 files changed, 5 insertions(+), 42 deletions(-) delete mode 100644 pkgs/development/python-modules/gcutil/default.nix diff --git a/pkgs/development/python-modules/gcutil/default.nix b/pkgs/development/python-modules/gcutil/default.nix deleted file mode 100644 index 85c0fbb4d60..00000000000 --- a/pkgs/development/python-modules/gcutil/default.nix +++ /dev/null @@ -1,41 +0,0 @@ -{ stdenv -, buildPythonPackage -, fetchurl -, gflags -, iso8601 -, ipaddr -, httplib2 -, google_apputils -, google_api_python_client -, isPy3k -}: - -buildPythonPackage rec { - name = "gcutil-1.16.1"; - disabled = isPy3k; - - src = fetchurl { - url = https://dl.google.com/dl/cloudsdk/release/artifacts/gcutil-1.16.1.tar.gz; - sha256 = "00jaf7x1ji9y46fbkww2sg6r6almrqfsprydz3q2swr4jrnrsx9x"; - }; - - propagatedBuildInputs = [ gflags iso8601 ipaddr httplib2 google_apputils google_api_python_client ]; - - prePatch = '' - sed -i -e "s|google-apputils==0.4.0|google-apputils==0.4.1|g" setup.py - substituteInPlace setup.py \ - --replace "httplib2==0.8" "httplib2" \ - --replace "iso8601==0.1.4" "iso8601" \ - --replace "ipaddr==2.1.10" "ipaddr" \ - --replace "google-api-python-client==1.2" "google-api-python-client" \ - --replace "python-gflags==2.0" "python-gflags" - ''; - - meta = with stdenv.lib; { - description = "Command-line tool for interacting with Google Compute Engine"; - homepage = "https://cloud.google.com/compute/docs/gcutil/"; - license = licenses.asl20; - maintainers = with maintainers; [ phreedom ]; - }; - -} diff --git a/pkgs/top-level/python-packages.nix b/pkgs/top-level/python-packages.nix index 665c0a59f7c..697ebc3b508 100644 --- a/pkgs/top-level/python-packages.nix +++ b/pkgs/top-level/python-packages.nix @@ -1732,7 +1732,11 @@ in { gateone = callPackage ../development/python-modules/gateone { }; - gcutil = callPackage ../development/python-modules/gcutil { }; + # TODO: Remove after 19.03 is branched off: + gcutil = throw '' + pythonPackages.gcutil is deprecated and can be replaced with "gcloud + compute" from the package google-cloud-sdk. + ''; GeoIP = callPackage ../development/python-modules/GeoIP { }; From 779e916c3b8907ae6e0353c92c18b8c78ce880a4 Mon Sep 17 00:00:00 2001 From: Francesco Gazzetta Date: Fri, 21 Dec 2018 18:25:04 +0100 Subject: [PATCH 72/76] pythonPackages.easywatch: init at 0.0.5 --- .../python-modules/easywatch/default.nix | 28 +++++++++++++++++++ pkgs/top-level/python-packages.nix | 2 ++ 2 files changed, 30 insertions(+) create mode 100644 pkgs/development/python-modules/easywatch/default.nix diff --git a/pkgs/development/python-modules/easywatch/default.nix b/pkgs/development/python-modules/easywatch/default.nix new file mode 100644 index 00000000000..96301996fe8 --- /dev/null +++ b/pkgs/development/python-modules/easywatch/default.nix @@ -0,0 +1,28 @@ +{ lib +, fetchPypi +, buildPythonPackage +, watchdog +}: + +buildPythonPackage rec { + pname = "easywatch"; + version = "0.0.5"; + + src = fetchPypi { + inherit pname version; + sha256 = "1b40cjigv7s9qj8hxxy6yhwv0320z7qywrigwgkasgh80q0xgphc"; + }; + + propagatedBuildInputs = [ watchdog ]; + + # There are no tests + doCheck = false; + + meta = with lib; { + description = "Dead-simple way to watch a directory"; + homepage = https://github.com/Ceasar/easywatch; + license = licenses.mit; + maintainers = with maintainers; [ fgaz ]; + }; +} + diff --git a/pkgs/top-level/python-packages.nix b/pkgs/top-level/python-packages.nix index 697ebc3b508..716f0a85d2f 100644 --- a/pkgs/top-level/python-packages.nix +++ b/pkgs/top-level/python-packages.nix @@ -2299,6 +2299,8 @@ in { dtopt = callPackage ../development/python-modules/dtopt { }; + easywatch = callPackage ../development/python-modules/easywatch { }; + ecdsa = callPackage ../development/python-modules/ecdsa { }; effect = callPackage ../development/python-modules/effect {}; From e7551acb7b70862561d7c3a6d9ad6408fc0cbfe7 Mon Sep 17 00:00:00 2001 From: Francesco Gazzetta Date: Fri, 21 Dec 2018 18:25:29 +0100 Subject: [PATCH 73/76] pythonPackages.staticjinja: init at 0.3.4 --- .../python-modules/staticjinja/default.nix | 30 +++++++++++++++++++ pkgs/top-level/python-packages.nix | 2 ++ 2 files changed, 32 insertions(+) create mode 100644 pkgs/development/python-modules/staticjinja/default.nix diff --git a/pkgs/development/python-modules/staticjinja/default.nix b/pkgs/development/python-modules/staticjinja/default.nix new file mode 100644 index 00000000000..a5b3b4fe8d4 --- /dev/null +++ b/pkgs/development/python-modules/staticjinja/default.nix @@ -0,0 +1,30 @@ +{ lib +, fetchPypi +, buildPythonPackage +, docopt +, easywatch +, jinja2 +}: + +buildPythonPackage rec { + pname = "staticjinja"; + version = "0.3.4"; + + src = fetchPypi { + inherit pname version; + sha256 = "1mxv7yy35657mfxx9xhbzihh10m5lb29fmscfh9q455zd4ikr032"; + }; + + propagatedBuildInputs = [ jinja2 docopt easywatch ]; + + # There are no tests on pypi + doCheck = false; + + meta = with lib; { + description = "A library and cli tool that makes it easy to build static sites using Jinja2"; + homepage = https://staticjinja.readthedocs.io/en/latest/; + license = licenses.mit; + maintainers = with maintainers; [ fgaz ]; + }; +} + diff --git a/pkgs/top-level/python-packages.nix b/pkgs/top-level/python-packages.nix index 716f0a85d2f..d9295c58a22 100644 --- a/pkgs/top-level/python-packages.nix +++ b/pkgs/top-level/python-packages.nix @@ -4006,6 +4006,8 @@ in { sqlalchemy_migrate = callPackage ../development/python-modules/sqlalchemy-migrate { }; + staticjinja = callPackage ../development/python-modules/staticjinja { }; + statsmodels = callPackage ../development/python-modules/statsmodels { }; structlog = callPackage ../development/python-modules/structlog { }; From 90c68f650d1c7d187c30505b820af2796af75f67 Mon Sep 17 00:00:00 2001 From: Lorenzo Manacorda Date: Sun, 6 Jan 2019 00:09:10 +0100 Subject: [PATCH 74/76] anki: 2.1.7 -> 2.1.8 --- pkgs/games/anki/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/games/anki/default.nix b/pkgs/games/anki/default.nix index b662b5b8e3b..6dd4473a3e7 100644 --- a/pkgs/games/anki/default.nix +++ b/pkgs/games/anki/default.nix @@ -26,7 +26,7 @@ }: buildPythonApplication rec { - version = "2.1.7"; + version = "2.1.8"; name = "anki-${version}"; src = fetchurl { @@ -36,7 +36,7 @@ buildPythonApplication rec { # "http://ankisrs.net/download/mirror/${name}.tgz" # "http://ankisrs.net/download/mirror/archive/${name}.tgz" ]; - sha256 = "0cvlimfxb7kficlf20hg7a345pahvr093b7yqvssww15h4y4va9d"; + sha256 = "08wb9hwpmbq7636h7sinim33qygdwwlh3frqqh2gfgm49f46di2p"; }; propagatedBuildInputs = [ pyqt5 sqlalchemy From d2cfddd3b593922c97650455a67a75454cf2382e Mon Sep 17 00:00:00 2001 From: Dmitry Kalinkin Date: Sat, 5 Jan 2019 18:51:25 -0500 Subject: [PATCH 75/76] anki: fix build on darwin Runtime doesn't work: ModuleNotFoundError: No module named 'PyQt5.QtWebEngineWidgets' This is probably because qtwebengine is broken on darwin, but doesn't fail the build (#40149) --- pkgs/games/anki/default.nix | 11 ++++++++--- pkgs/top-level/all-packages.nix | 4 +++- 2 files changed, 11 insertions(+), 4 deletions(-) diff --git a/pkgs/games/anki/default.nix b/pkgs/games/anki/default.nix index 6dd4473a3e7..ad202c6ad8c 100644 --- a/pkgs/games/anki/default.nix +++ b/pkgs/games/anki/default.nix @@ -20,6 +20,7 @@ , glibcLocales , nose , send2trash +, CoreAudio # This little flag adds a huge number of dependencies, but we assume that # everyone wants Anki to draw plots with statistics by default. , plotsSupport ? true @@ -39,9 +40,13 @@ buildPythonApplication rec { sha256 = "08wb9hwpmbq7636h7sinim33qygdwwlh3frqqh2gfgm49f46di2p"; }; - propagatedBuildInputs = [ pyqt5 sqlalchemy - beautifulsoup4 send2trash pyaudio requests decorator markdown ] - ++ lib.optional plotsSupport matplotlib; + propagatedBuildInputs = [ + pyqt5 sqlalchemy beautifulsoup4 send2trash pyaudio requests decorator + markdown + ] + ++ lib.optional plotsSupport matplotlib + ++ lib.optional stdenv.isDarwin [ CoreAudio ] + ; checkInputs = [ pytest glibcLocales nose ]; diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 47e87091d97..dc7f61d4005 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -20430,7 +20430,9 @@ in angband = callPackage ../games/angband { }; - anki = python3Packages.callPackage ../games/anki { }; + anki = python3Packages.callPackage ../games/anki { + inherit (darwin.apple_sdk.frameworks) CoreAudio; + }; armagetronad = callPackage ../games/armagetronad { }; From 7d864c6bd6391baa516118051ec5fb7e9836280e Mon Sep 17 00:00:00 2001 From: Orivej Desh Date: Sun, 6 Jan 2019 02:46:58 +0000 Subject: [PATCH 76/76] clickhouse: build with llvmPackages_latest This will simplify updates since the upstream tracks the latest llvm. --- pkgs/top-level/all-packages.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index dc7f61d4005..2ffb41b2ffc 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -13474,7 +13474,7 @@ in clamsmtp = callPackage ../servers/mail/clamsmtp { }; clickhouse = callPackage ../servers/clickhouse { - inherit (llvmPackages_6) clang-unwrapped lld llvm; + inherit (llvmPackages_latest) clang-unwrapped lld llvm; }; couchdb = callPackage ../servers/http/couchdb {