commit
b43614a6bb
|
@ -641,6 +641,19 @@ community to help save time. No tool is preferred at the moment.
|
|||
- [pypi2nix](https://github.com/garbas/pypi2nix) by Rok Garbas
|
||||
- [pypi2nix](https://github.com/offlinehacker/pypi2nix) by Jaka Hudoklin
|
||||
|
||||
### Deterministic builds
|
||||
|
||||
Python 2.7, 3.5 and 3.6 are now built deterministically and 3.4 mostly.
|
||||
Minor modifications had to be made to the interpreters in order to generate
|
||||
deterministic bytecode. This has security implications and is relevant for
|
||||
those using Python in a `nix-shell`.
|
||||
|
||||
When the environment variable `DETERMINISTIC_BUILD` is set, all bytecode will have timestamp 1.
|
||||
The `buildPythonPackage` function sets `DETERMINISTIC_BUILD` as well as
|
||||
[PYTHONHASHSEED](https://docs.python.org/3.5/using/cmdline.html#envvar-PYTHONHASHSEED).
|
||||
Both are also exported in `nix-shell`.
|
||||
|
||||
|
||||
## FAQ
|
||||
|
||||
### How can I install a working Python environment?
|
||||
|
|
|
@ -271,6 +271,16 @@ following incompatible changes:</para>
|
|||
</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>
|
||||
Python 2.7, 3.5 and 3.6 are now built deterministically and 3.4 mostly.
|
||||
Minor modifications had to be made to the interpreters in order to generate
|
||||
deterministic bytecode. This has security implications and is relevant for
|
||||
those using Python in a <literal>nix-shell</literal>. See the Nixpkgs manual
|
||||
for details.
|
||||
</para>
|
||||
</listitem>
|
||||
|
||||
</itemizedlist>
|
||||
|
||||
|
||||
|
|
|
@ -3,26 +3,30 @@ fixupOutputHooks+=('if [ -z "$dontGzipMan" ]; then compressManPages "$prefix"; f
|
|||
compressManPages() {
|
||||
local dir="$1"
|
||||
|
||||
if [ ! -d "$dir/share/man" ]; then return; fi
|
||||
echo "gzipping man pages in $dir"
|
||||
if [ -L "$dir"/share ] || [ -L "$dir"/share/man ] || [ ! -d "$dir/share/man" ]
|
||||
then return
|
||||
fi
|
||||
echo "gzipping man pages under $dir/share/man/"
|
||||
|
||||
GLOBIGNORE=.:..:*.gz:*.bz2
|
||||
|
||||
for f in "$dir"/share/man/*/* "$dir"/share/man/*/*/*; do
|
||||
if [ -f "$f" -a ! -L "$f" ]; then
|
||||
if gzip -c -n "$f" > "$f".gz; then
|
||||
rm "$f"
|
||||
else
|
||||
rm "$f".gz
|
||||
fi
|
||||
# Compress all uncompressed manpages. Don't follow symlinks, etc.
|
||||
find "$dir"/share/man/ -type f -a '!' -regex '.*\.\(bz2\|gz\)$' -print0 \
|
||||
| while IFS= read -r -d $'\0' f
|
||||
do
|
||||
if gzip -c -n "$f" > "$f".gz; then
|
||||
rm "$f"
|
||||
else
|
||||
rm "$f".gz
|
||||
fi
|
||||
done
|
||||
|
||||
for f in "$dir"/share/man/*/* "$dir"/share/man/*/*/*; do
|
||||
if [ -L "$f" -a -f `readlink -f "$f"`.gz ]; then
|
||||
ln -sf `readlink "$f"`.gz "$f".gz && rm "$f"
|
||||
# Point symlinks to compressed manpages.
|
||||
find "$dir"/share/man/ -type l -a '!' -regex '.*\.\(bz2\|gz\)$' -print0 \
|
||||
| while IFS= read -r -d $'\0' f
|
||||
do
|
||||
local target
|
||||
target="$(readlink -f "$f")"
|
||||
if [ -f "$target".gz ]; then
|
||||
ln -sf "$target".gz "$f".gz && rm "$f"
|
||||
fi
|
||||
done
|
||||
|
||||
unset GLOBIGNORE
|
||||
}
|
||||
|
|
|
@ -178,6 +178,17 @@ in stdenv.mkDerivation {
|
|||
echo "manylinux1_compatible=False" >> $out/lib/${libPrefix}/_manylinux.py
|
||||
|
||||
rm "$out"/lib/python*/plat-*/regen # refers to glibc.dev
|
||||
|
||||
# Determinism: Windows installers were not deterministic.
|
||||
# We're also not interested in building Windows installers.
|
||||
find "$out" -name 'wininst*.exe' | xargs -r rm -f
|
||||
|
||||
# Determinism: rebuild all bytecode
|
||||
# We exclude lib2to3 because that's Python 2 code which fails
|
||||
# We rebuild three times, once for each optimization level
|
||||
find $out -name "*.py" | $out/bin/python -m compileall -q -f -x "lib2to3" -i -
|
||||
find $out -name "*.py" | $out/bin/python -O -m compileall -q -f -x "lib2to3" -i -
|
||||
find $out -name "*.py" | $out/bin/python -OO -m compileall -q -f -x "lib2to3" -i -
|
||||
'';
|
||||
|
||||
passthru = let
|
||||
|
@ -210,5 +221,8 @@ in stdenv.mkDerivation {
|
|||
license = stdenv.lib.licenses.psfl;
|
||||
platforms = stdenv.lib.platforms.all;
|
||||
maintainers = with stdenv.lib.maintainers; [ chaoflow domenkozar ];
|
||||
# Higher priority than Python 3.x so that `/bin/python` points to `/bin/python2`
|
||||
# in case both 2 and 3 are installed.
|
||||
priority = -100;
|
||||
};
|
||||
}
|
||||
|
|
|
@ -1,5 +1,7 @@
|
|||
{ stdenv, fetchurl
|
||||
, bzip2
|
||||
, expat
|
||||
, libffi
|
||||
, gdbm
|
||||
, lzma
|
||||
, ncurses
|
||||
|
@ -50,21 +52,43 @@ in stdenv.mkDerivation {
|
|||
|
||||
NIX_LDFLAGS = optionalString stdenv.isLinux "-lgcc_s";
|
||||
|
||||
# Determinism: The interpreter is patched to write null timestamps when compiling python files.
|
||||
# This way python doesn't try to update them when we freeze timestamps in nix store.
|
||||
DETERMINISTIC_BUILD=1;
|
||||
# Determinism: We fix the hashes of str, bytes and datetime objects.
|
||||
PYTHONHASHSEED=0;
|
||||
|
||||
prePatch = optionalString stdenv.isDarwin ''
|
||||
substituteInPlace configure --replace '`/usr/bin/arch`' '"i386"'
|
||||
substituteInPlace configure --replace '-Wl,-stack_size,1000000' ' '
|
||||
'';
|
||||
|
||||
postPatch = optionalString (x11Support && (tix != null)) ''
|
||||
postPatch = ''
|
||||
# Determinism
|
||||
substituteInPlace "Lib/py_compile.py" --replace "source_stats['mtime']" "(1 if 'DETERMINISTIC_BUILD' in os.environ else source_stats['mtime'])"
|
||||
# Determinism. This is done unconditionally
|
||||
substituteInPlace "Lib/importlib/_bootstrap.py" --replace "source_mtime = int(source_stats['mtime'])" "source_mtime = 1"
|
||||
'' + optionalString (x11Support && (tix != null)) ''
|
||||
substituteInPlace "Lib/tkinter/tix.py" --replace "os.environ.get('TIX_LIBRARY')" "os.environ.get('TIX_LIBRARY') or '${tix}/lib'"
|
||||
''
|
||||
# Avoid picking up getentropy() from glibc >= 2.25, as that would break
|
||||
# on older kernels. http://bugs.python.org/issue29157
|
||||
+ optionalString stdenv.isLinux
|
||||
''
|
||||
+ optionalString stdenv.isLinux ''
|
||||
substituteInPlace Python/random.c --replace 'defined(HAVE_GETENTROPY)' '0'
|
||||
cat Python/random.c
|
||||
'';
|
||||
'';
|
||||
|
||||
CPPFLAGS="${concatStringsSep " " (map (p: "-I${getDev p}/include") buildInputs)}";
|
||||
LDFLAGS="${concatStringsSep " " (map (p: "-L${getLib p}/lib") buildInputs)}";
|
||||
LIBS="${optionalString (!stdenv.isDarwin) "-lcrypt"} ${optionalString (ncurses != null) "-lncurses"}";
|
||||
|
||||
configureFlags = [
|
||||
"--enable-shared"
|
||||
"--with-threads"
|
||||
"--without-ensurepip"
|
||||
"--with-system-expat"
|
||||
"--with-system-ffi"
|
||||
];
|
||||
|
||||
preConfigure = ''
|
||||
for i in /usr /sw /opt /pkg; do # improve purity
|
||||
|
@ -74,12 +98,6 @@ in stdenv.mkDerivation {
|
|||
export NIX_CFLAGS_COMPILE="$NIX_CFLAGS_COMPILE -msse2"
|
||||
export MACOSX_DEPLOYMENT_TARGET=10.6
|
||||
''}
|
||||
|
||||
configureFlagsArray=( --enable-shared --with-threads
|
||||
CPPFLAGS="${concatStringsSep " " (map (p: "-I${getDev p}/include") buildInputs)}"
|
||||
LDFLAGS="${concatStringsSep " " (map (p: "-L${getLib p}/lib") buildInputs)}"
|
||||
LIBS="${optionalString (!stdenv.isDarwin) "-lcrypt"} ${optionalString (ncurses != null) "-lncurses"}"
|
||||
)
|
||||
'';
|
||||
|
||||
setupHook = ./setup-hook.sh;
|
||||
|
@ -102,6 +120,10 @@ in stdenv.mkDerivation {
|
|||
# Python on Nix is not manylinux1 compatible. https://github.com/NixOS/nixpkgs/issues/18484
|
||||
echo "manylinux1_compatible=False" >> $out/lib/${libPrefix}/_manylinux.py
|
||||
|
||||
# Determinism: Windows installers were not deterministic.
|
||||
# We're also not interested in building Windows installers.
|
||||
find "$out" -name 'wininst*.exe' | xargs -r rm -f
|
||||
|
||||
# Use Python3 as default python
|
||||
ln -s "$out/bin/idle3" "$out/bin/idle"
|
||||
ln -s "$out/bin/pip3" "$out/bin/pip"
|
||||
|
@ -109,6 +131,13 @@ in stdenv.mkDerivation {
|
|||
ln -s "$out/bin/python3" "$out/bin/python"
|
||||
ln -s "$out/bin/python3-config" "$out/bin/python-config"
|
||||
ln -s "$out/lib/pkgconfig/python3.pc" "$out/lib/pkgconfig/python.pc"
|
||||
|
||||
# Determinism: rebuild all bytecode
|
||||
# We exclude lib2to3 because that's Python 2 code which fails
|
||||
# We rebuild three times, once for each optimization level
|
||||
find $out -name "*.py" | $out/bin/python -m compileall -q -f -x "lib2to3" -i -
|
||||
find $out -name "*.py" | $out/bin/python -O -m compileall -q -f -x "lib2to3" -i -
|
||||
find $out -name "*.py" | $out/bin/python -OO -m compileall -q -f -x "lib2to3" -i -
|
||||
'';
|
||||
|
||||
postFixup = ''
|
||||
|
|
|
@ -1,5 +1,7 @@
|
|||
{ stdenv, fetchurl, fetchpatch
|
||||
, bzip2
|
||||
, expat
|
||||
, libffi
|
||||
, gdbm
|
||||
, lzma
|
||||
, ncurses
|
||||
|
@ -32,7 +34,7 @@ let
|
|||
sitePackages = "lib/${libPrefix}/site-packages";
|
||||
|
||||
buildInputs = filter (p: p != null) [
|
||||
zlib bzip2 lzma gdbm sqlite readline ncurses openssl ]
|
||||
zlib bzip2 expat lzma libffi gdbm sqlite readline ncurses openssl ]
|
||||
++ optionals x11Support [ tcl tk libX11 xproto ]
|
||||
++ optionals stdenv.isDarwin [ CF configd ];
|
||||
|
||||
|
@ -50,6 +52,12 @@ in stdenv.mkDerivation {
|
|||
|
||||
NIX_LDFLAGS = optionalString stdenv.isLinux "-lgcc_s";
|
||||
|
||||
# Determinism: The interpreter is patched to write null timestamps when compiling python files.
|
||||
# This way python doesn't try to update them when we freeze timestamps in nix store.
|
||||
DETERMINISTIC_BUILD=1;
|
||||
# Determinism: We fix the hashes of str, bytes and datetime objects.
|
||||
PYTHONHASHSEED=0;
|
||||
|
||||
prePatch = optionalString stdenv.isDarwin ''
|
||||
substituteInPlace configure --replace '`/usr/bin/arch`' '"i386"'
|
||||
substituteInPlace configure --replace '-Wl,-stack_size,1000000' ' '
|
||||
|
@ -63,10 +71,27 @@ in stdenv.mkDerivation {
|
|||
})
|
||||
];
|
||||
|
||||
postPatch = optionalString (x11Support && (tix != null)) ''
|
||||
postPatch = ''
|
||||
# Determinism
|
||||
substituteInPlace "Lib/py_compile.py" --replace "source_stats['mtime']" "(1 if 'DETERMINISTIC_BUILD' in os.environ else source_stats['mtime'])"
|
||||
# Determinism. This is done unconditionally
|
||||
substituteInPlace "Lib/importlib/_bootstrap_external.py" --replace "source_mtime = int(st['mtime'])" "source_mtime = 1"
|
||||
'' + optionalString (x11Support && (tix != null)) ''
|
||||
substituteInPlace "Lib/tkinter/tix.py" --replace "os.environ.get('TIX_LIBRARY')" "os.environ.get('TIX_LIBRARY') or '${tix}/lib'"
|
||||
'';
|
||||
|
||||
CPPFLAGS="${concatStringsSep " " (map (p: "-I${getDev p}/include") buildInputs)}";
|
||||
LDFLAGS="${concatStringsSep " " (map (p: "-L${getLib p}/lib") buildInputs)}";
|
||||
LIBS="${optionalString (!stdenv.isDarwin) "-lcrypt"} ${optionalString (ncurses != null) "-lncurses"}";
|
||||
|
||||
configureFlags = [
|
||||
"--enable-shared"
|
||||
"--with-threads"
|
||||
"--without-ensurepip"
|
||||
"--with-system-expat"
|
||||
"--with-system-ffi"
|
||||
];
|
||||
|
||||
preConfigure = ''
|
||||
for i in /usr /sw /opt /pkg; do # improve purity
|
||||
substituteInPlace ./setup.py --replace $i /no-such-path
|
||||
|
@ -75,12 +100,6 @@ in stdenv.mkDerivation {
|
|||
export NIX_CFLAGS_COMPILE="$NIX_CFLAGS_COMPILE -msse2"
|
||||
export MACOSX_DEPLOYMENT_TARGET=10.6
|
||||
''}
|
||||
|
||||
configureFlagsArray=( --enable-shared --with-threads
|
||||
CPPFLAGS="${concatStringsSep " " (map (p: "-I${getDev p}/include") buildInputs)}"
|
||||
LDFLAGS="${concatStringsSep " " (map (p: "-L${getLib p}/lib") buildInputs)}"
|
||||
LIBS="${optionalString (!stdenv.isDarwin) "-lcrypt"} ${optionalString (ncurses != null) "-lncurses"}"
|
||||
)
|
||||
'';
|
||||
|
||||
setupHook = ./setup-hook.sh;
|
||||
|
@ -103,6 +122,10 @@ in stdenv.mkDerivation {
|
|||
# Python on Nix is not manylinux1 compatible. https://github.com/NixOS/nixpkgs/issues/18484
|
||||
echo "manylinux1_compatible=False" >> $out/lib/${libPrefix}/_manylinux.py
|
||||
|
||||
# Determinism: Windows installers were not deterministic.
|
||||
# We're also not interested in building Windows installers.
|
||||
find "$out" -name 'wininst*.exe' | xargs -r rm -f
|
||||
|
||||
# Use Python3 as default python
|
||||
ln -s "$out/bin/idle3" "$out/bin/idle"
|
||||
ln -s "$out/bin/pip3" "$out/bin/pip"
|
||||
|
@ -110,6 +133,13 @@ in stdenv.mkDerivation {
|
|||
ln -s "$out/bin/python3" "$out/bin/python"
|
||||
ln -s "$out/bin/python3-config" "$out/bin/python-config"
|
||||
ln -s "$out/lib/pkgconfig/python3.pc" "$out/lib/pkgconfig/python.pc"
|
||||
|
||||
# Determinism: rebuild all bytecode
|
||||
# We exclude lib2to3 because that's Python 2 code which fails
|
||||
# We rebuild three times, once for each optimization level
|
||||
find $out -name "*.py" | $out/bin/python -m compileall -q -f -x "lib2to3" -i -
|
||||
find $out -name "*.py" | $out/bin/python -O -m compileall -q -f -x "lib2to3" -i -
|
||||
find $out -name "*.py" | $out/bin/python -OO -m compileall -q -f -x "lib2to3" -i -
|
||||
'';
|
||||
|
||||
postFixup = ''
|
||||
|
|
|
@ -1,6 +1,8 @@
|
|||
{ stdenv, fetchurl, fetchpatch
|
||||
, glibc
|
||||
, bzip2
|
||||
, expat
|
||||
, libffi
|
||||
, gdbm
|
||||
, lzma
|
||||
, ncurses
|
||||
|
@ -50,6 +52,12 @@ in stdenv.mkDerivation {
|
|||
|
||||
NIX_LDFLAGS = optionalString stdenv.isLinux "-lgcc_s";
|
||||
|
||||
# Determinism: The interpreter is patched to write null timestamps when compiling python files.
|
||||
# This way python doesn't try to update them when we freeze timestamps in nix store.
|
||||
DETERMINISTIC_BUILD=1;
|
||||
# Determinism: We fix the hashes of str, bytes and datetime objects.
|
||||
PYTHONHASHSEED=0;
|
||||
|
||||
prePatch = optionalString stdenv.isDarwin ''
|
||||
substituteInPlace configure --replace '`/usr/bin/arch`' '"i386"'
|
||||
substituteInPlace configure --replace '-Wl,-stack_size,1000000' ' '
|
||||
|
@ -63,10 +71,27 @@ in stdenv.mkDerivation {
|
|||
})
|
||||
];
|
||||
|
||||
postPatch = optionalString (x11Support && (tix != null)) ''
|
||||
postPatch = ''
|
||||
# Determinism
|
||||
substituteInPlace "Lib/py_compile.py" --replace "source_stats['mtime']" "(1 if 'DETERMINISTIC_BUILD' in os.environ else source_stats['mtime'])"
|
||||
# Determinism. This is done unconditionally
|
||||
substituteInPlace "Lib/importlib/_bootstrap_external.py" --replace "source_mtime = int(st['mtime'])" "source_mtime = 1"
|
||||
'' + optionalString (x11Support && (tix != null)) ''
|
||||
substituteInPlace "Lib/tkinter/tix.py" --replace "os.environ.get('TIX_LIBRARY')" "os.environ.get('TIX_LIBRARY') or '${tix}/lib'"
|
||||
'';
|
||||
|
||||
CPPFLAGS="${concatStringsSep " " (map (p: "-I${getDev p}/include") buildInputs)}";
|
||||
LDFLAGS="${concatStringsSep " " (map (p: "-L${getLib p}/lib") buildInputs)}";
|
||||
LIBS="${optionalString (!stdenv.isDarwin) "-lcrypt"} ${optionalString (ncurses != null) "-lncurses"}";
|
||||
|
||||
configureFlags = [
|
||||
"--enable-shared"
|
||||
"--with-threads"
|
||||
"--without-ensurepip"
|
||||
"--with-system-expat"
|
||||
"--with-system-ffi"
|
||||
];
|
||||
|
||||
preConfigure = ''
|
||||
for i in /usr /sw /opt /pkg; do # improve purity
|
||||
substituteInPlace ./setup.py --replace $i /no-such-path
|
||||
|
@ -75,12 +100,6 @@ in stdenv.mkDerivation {
|
|||
export NIX_CFLAGS_COMPILE="$NIX_CFLAGS_COMPILE -msse2"
|
||||
export MACOSX_DEPLOYMENT_TARGET=10.6
|
||||
''}
|
||||
|
||||
configureFlagsArray=( --enable-shared --with-threads
|
||||
CPPFLAGS="${concatStringsSep " " (map (p: "-I${getDev p}/include") buildInputs)}"
|
||||
LDFLAGS="${concatStringsSep " " (map (p: "-L${getLib p}/lib") buildInputs)}"
|
||||
LIBS="${optionalString (!stdenv.isDarwin) "-lcrypt"} ${optionalString (ncurses != null) "-lncurses"}"
|
||||
)
|
||||
'';
|
||||
|
||||
setupHook = ./setup-hook.sh;
|
||||
|
@ -103,6 +122,10 @@ in stdenv.mkDerivation {
|
|||
# Python on Nix is not manylinux1 compatible. https://github.com/NixOS/nixpkgs/issues/18484
|
||||
echo "manylinux1_compatible=False" >> $out/lib/${libPrefix}/_manylinux.py
|
||||
|
||||
# Determinism: Windows installers were not deterministic.
|
||||
# We're also not interested in building Windows installers.
|
||||
find "$out" -name 'wininst*.exe' | xargs -r rm -f
|
||||
|
||||
# Use Python3 as default python
|
||||
ln -s "$out/bin/idle3" "$out/bin/idle"
|
||||
ln -s "$out/bin/pip3" "$out/bin/pip"
|
||||
|
@ -110,6 +133,13 @@ in stdenv.mkDerivation {
|
|||
ln -s "$out/bin/python3" "$out/bin/python"
|
||||
ln -s "$out/bin/python3-config" "$out/bin/python-config"
|
||||
ln -s "$out/lib/pkgconfig/python3.pc" "$out/lib/pkgconfig/python.pc"
|
||||
|
||||
# Determinism: rebuild all bytecode
|
||||
# We exclude lib2to3 because that's Python 2 code which fails
|
||||
# We rebuild three times, once for each optimization level
|
||||
find $out -name "*.py" | $out/bin/python -m compileall -q -f -x "lib2to3" -i -
|
||||
find $out -name "*.py" | $out/bin/python -O -m compileall -q -f -x "lib2to3" -i -
|
||||
find $out -name "*.py" | $out/bin/python -OO -m compileall -q -f -x "lib2to3" -i -
|
||||
'';
|
||||
|
||||
passthru = let
|
||||
|
|
|
@ -57,9 +57,12 @@ python.stdenv.mkDerivation (builtins.removeAttrs attrs ["disabled"] // {
|
|||
|
||||
inherit pythonPath;
|
||||
|
||||
# patch python interpreter to write null timestamps when compiling python files
|
||||
# this way python doesn't try to update them when we freeze timestamps in nix store
|
||||
|
||||
# Determinism: The interpreter is patched to write null timestamps when compiling python files.
|
||||
# This way python doesn't try to update them when we freeze timestamps in nix store.
|
||||
DETERMINISTIC_BUILD=1;
|
||||
# Determinism: We fix the hashes of str, bytes and datetime objects.
|
||||
PYTHONHASHSEED = 0;
|
||||
|
||||
buildInputs = [ wrapPython ] ++ buildInputs ++ pythonPath
|
||||
++ [ (ensureNewerSourcesHook { year = "1980"; }) ]
|
||||
|
|
|
@ -23,11 +23,21 @@ stdenv.mkDerivation {
|
|||
| grep -v '^dh-autoreconf' | sed 's|^|debian/patches/|')"
|
||||
'';
|
||||
|
||||
outputs = [ "out" "dev" ];
|
||||
# libevent_openssl is moved into its own output, so that openssl isn't present
|
||||
# in the default closure.
|
||||
outputs = [ "out" "dev" "openssl" ];
|
||||
outputBin = "dev";
|
||||
propagatedBuildOutputs = [ "out" "openssl" ];
|
||||
|
||||
buildInputs = [ openssl ] ++ stdenv.lib.optional stdenv.isCygwin findutils;
|
||||
|
||||
postInstall = ''
|
||||
moveToOutput "lib/libevent_openssl*" "$openssl"
|
||||
substituteInPlace "$dev/lib/pkgconfig/libevent_openssl.pc" \
|
||||
--replace "$out" "$openssl"
|
||||
sed "/^libdir=/s|$out|$openssl|" -i "$openssl"/lib/libevent_openssl.la
|
||||
'';
|
||||
|
||||
meta = with stdenv.lib; {
|
||||
description = "Event notification library";
|
||||
longDescription = ''
|
||||
|
|
|
@ -17,7 +17,9 @@ stdenv.mkDerivation rec {
|
|||
"getnameinfo_basic" # probably network-dependent
|
||||
"spawn_setuid_fails" "spawn_setgid_fails" "fs_chown" # user namespaces
|
||||
"getaddrinfo_fail" "getaddrinfo_fail_sync"
|
||||
];
|
||||
]
|
||||
# sometimes: timeout (no output)
|
||||
++ stdenv.lib.optional stdenv.isDarwin "process_title";
|
||||
tdRegexp = lib.concatStringsSep "\\|" toDisable;
|
||||
in lib.optionalString doCheck ''
|
||||
sed '/${tdRegexp}/d' -i test/test-list.h
|
||||
|
|
|
@ -27,7 +27,7 @@ if ! lists.elem stdenv.system platforms.mesaPlatforms then
|
|||
else
|
||||
|
||||
let
|
||||
version = "13.0.5";
|
||||
version = "17.0.0";
|
||||
branch = head (splitString "." version);
|
||||
driverLink = "/run/opengl-driver" + optionalString stdenv.isi686 "-32";
|
||||
in
|
||||
|
@ -41,7 +41,7 @@ stdenv.mkDerivation {
|
|||
"ftp://ftp.freedesktop.org/pub/mesa/older-versions/${branch}.x/${version}/mesa-${version}.tar.xz"
|
||||
"https://launchpad.net/mesa/trunk/${version}/+download/mesa-${version}.tar.xz"
|
||||
];
|
||||
sha256 = "bfcea7e2c801525a60895c8aff11aa68457ee9aa35d01a4638e1f310a3f5ef87";
|
||||
sha256 = "10c4cvm6hhdch0idh2kn7qv1dq6zlw97sc3pz7bssn81f1ckvnrr";
|
||||
};
|
||||
|
||||
prePatch = "patchShebangs .";
|
||||
|
@ -54,11 +54,6 @@ stdenv.mkDerivation {
|
|||
./symlink-drivers.patch
|
||||
];
|
||||
|
||||
postPatch = ''
|
||||
substituteInPlace src/egl/main/egldriver.c \
|
||||
--replace _EGL_DRIVER_SEARCH_DIR '"${driverLink}"'
|
||||
'';
|
||||
|
||||
outputs = [ "out" "dev" "drivers" "osmesa" ];
|
||||
|
||||
# TODO: Figure out how to enable opencl without having a runtime dependency on clang
|
||||
|
@ -69,7 +64,7 @@ stdenv.mkDerivation {
|
|||
"--with-dri-searchpath=${driverLink}/lib/dri"
|
||||
"--with-egl-platforms=x11,wayland,drm"
|
||||
] ++ (if stdenv.isArm || stdenv.isAarch64 then [
|
||||
"--with-gallium-drivers=nouveau,freedreno,vc4,swrast"
|
||||
"--with-gallium-drivers=nouveau,freedreno,vc4,etnaviv,swrast"
|
||||
"--with-dri-drivers=nouveau,swrast"
|
||||
] else [
|
||||
"--with-gallium-drivers=svga,i915,ilo,r300,r600,radeonsi,nouveau,swrast"
|
||||
|
|
|
@ -1,7 +1,6 @@
|
|||
Index: qttools-opensource-src-5.5.1/src/assistant/help/Qt5HelpConfigExtras.cmake.in
|
||||
===================================================================
|
||||
--- qttools-opensource-src-5.5.1.orig/src/assistant/help/Qt5HelpConfigExtras.cmake.in
|
||||
+++ qttools-opensource-src-5.5.1/src/assistant/help/Qt5HelpConfigExtras.cmake.in
|
||||
diff -Naur qttools-opensource-src-5.7.1.orig/src/assistant/help/Qt5HelpConfigExtras.cmake.in qttools-opensource-src-5.7.1/src/assistant/help/Qt5HelpConfigExtras.cmake.in
|
||||
--- qttools-opensource-src-5.7.1.orig/src/assistant/help/Qt5HelpConfigExtras.cmake.in 2016-11-03 09:31:16.000000000 +0100
|
||||
+++ qttools-opensource-src-5.7.1/src/assistant/help/Qt5HelpConfigExtras.cmake.in 2017-02-28 16:37:20.130457615 +0100
|
||||
@@ -2,11 +2,10 @@
|
||||
if (NOT TARGET Qt5::qcollectiongenerator)
|
||||
add_executable(Qt5::qcollectiongenerator IMPORTED)
|
||||
|
@ -18,11 +17,26 @@ Index: qttools-opensource-src-5.5.1/src/assistant/help/Qt5HelpConfigExtras.cmake
|
|||
_qt5_Help_check_file_exists(${imported_location})
|
||||
|
||||
set_target_properties(Qt5::qcollectiongenerator PROPERTIES
|
||||
Index: qttools-opensource-src-5.5.1/src/linguist/Qt5LinguistToolsConfig.cmake.in
|
||||
===================================================================
|
||||
--- qttools-opensource-src-5.5.1.orig/src/linguist/Qt5LinguistToolsConfig.cmake.in
|
||||
+++ qttools-opensource-src-5.5.1/src/linguist/Qt5LinguistToolsConfig.cmake.in
|
||||
@@ -44,11 +44,10 @@ endmacro()
|
||||
@@ -17,11 +16,10 @@
|
||||
if (NOT TARGET Qt5::qhelpgenerator)
|
||||
add_executable(Qt5::qhelpgenerator IMPORTED)
|
||||
|
||||
-!!IF isEmpty(CMAKE_BIN_DIR_IS_ABSOLUTE)
|
||||
- set(imported_location \"${_qt5Help_install_prefix}/$${CMAKE_BIN_DIR}qhelpgenerator$$CMAKE_BIN_SUFFIX\")
|
||||
-!!ELSE
|
||||
- set(imported_location \"$${CMAKE_BIN_DIR}qhelpgenerator$$CMAKE_BIN_SUFFIX\")
|
||||
-!!ENDIF
|
||||
+ set(imported_location \"@NIX_OUT@/$${CMAKE_BIN_DIR}qhelpgenerator$$CMAKE_BIN_SUFFIX\")
|
||||
+ if(NOT EXISTS \"${imported_location}\")
|
||||
+ set(imported_location \"@NIX_DEV@/$${CMAKE_BIN_DIR}qhelpgenerator$$CMAKE_BIN_SUFFIX\")
|
||||
+ endif()
|
||||
_qt5_Help_check_file_exists(${imported_location})
|
||||
|
||||
set_target_properties(Qt5::qhelpgenerator PROPERTIES
|
||||
diff -Naur qttools-opensource-src-5.7.1.orig/src/linguist/Qt5LinguistToolsConfig.cmake.in qttools-opensource-src-5.7.1/src/linguist/Qt5LinguistToolsConfig.cmake.in
|
||||
--- qttools-opensource-src-5.7.1.orig/src/linguist/Qt5LinguistToolsConfig.cmake.in 2016-11-03 09:31:16.000000000 +0100
|
||||
+++ qttools-opensource-src-5.7.1/src/linguist/Qt5LinguistToolsConfig.cmake.in 2017-02-28 16:35:40.470100681 +0100
|
||||
@@ -44,11 +44,10 @@
|
||||
if (NOT TARGET Qt5::lrelease)
|
||||
add_executable(Qt5::lrelease IMPORTED)
|
||||
|
||||
|
@ -38,7 +52,7 @@ Index: qttools-opensource-src-5.5.1/src/linguist/Qt5LinguistToolsConfig.cmake.in
|
|||
_qt5_LinguistTools_check_file_exists(${imported_location})
|
||||
|
||||
set_target_properties(Qt5::lrelease PROPERTIES
|
||||
@@ -59,11 +58,10 @@ endif()
|
||||
@@ -59,11 +58,10 @@
|
||||
if (NOT TARGET Qt5::lupdate)
|
||||
add_executable(Qt5::lupdate IMPORTED)
|
||||
|
||||
|
@ -54,7 +68,7 @@ Index: qttools-opensource-src-5.5.1/src/linguist/Qt5LinguistToolsConfig.cmake.in
|
|||
_qt5_LinguistTools_check_file_exists(${imported_location})
|
||||
|
||||
set_target_properties(Qt5::lupdate PROPERTIES
|
||||
@@ -74,11 +72,10 @@ endif()
|
||||
@@ -74,11 +72,10 @@
|
||||
if (NOT TARGET Qt5::lconvert)
|
||||
add_executable(Qt5::lconvert IMPORTED)
|
||||
|
||||
|
|
|
@ -81,8 +81,6 @@ stdenv.mkDerivation rec {
|
|||
|
||||
enableParallelBuilding = true;
|
||||
|
||||
postFixup = optionalString (cross == null) "ln -s $out/bin $dev/bin"; # tools needed for development
|
||||
|
||||
meta = with stdenv.lib; {
|
||||
description = "Tools for manipulating binaries (linker, assembler, etc.)";
|
||||
longDescription = ''
|
||||
|
|
|
@ -6,11 +6,11 @@ stdenv.mkDerivation rec {
|
|||
version = lib.concatStringsSep "." ([ majorVersion ]
|
||||
++ lib.optional (patchVersion != "") patchVersion);
|
||||
majorVersion = "2.29";
|
||||
patchVersion = "";
|
||||
patchVersion = "2";
|
||||
|
||||
src = fetchurl {
|
||||
url = "mirror://kernel/linux/utils/util-linux/v${majorVersion}/${name}.tar.xz";
|
||||
sha256 = "1rzrmdrz51p9sy7vlw5qmj8pmqazm7hgcch5yq242mkvrikyln9c";
|
||||
sha256 = "1qz81w8vzrmy8xn9yx7ls4amkbgwx6vr62pl6kv9g7r0g3ba9kmc";
|
||||
};
|
||||
|
||||
patches = [ ./rtcwake-search-PATH-for-shutdown.patch ];
|
||||
|
|
|
@ -669,11 +669,11 @@ let
|
|||
}) // {inherit windowswmproto libX11 libXext xextproto ;};
|
||||
|
||||
libX11 = (mkDerivation "libX11" {
|
||||
name = "libX11-1.6.4";
|
||||
name = "libX11-1.6.5";
|
||||
builder = ./builder.sh;
|
||||
src = fetchurl {
|
||||
url = mirror://xorg/individual/lib/libX11-1.6.4.tar.bz2;
|
||||
sha256 = "0hg46i6h92pmb7xp1cis2j43zq3fkdz89p0yv35w4vm17az4iixp";
|
||||
url = mirror://xorg/individual/lib/libX11-1.6.5.tar.bz2;
|
||||
sha256 = "0pa3cfp6h9rl2vxmkph65250gfqyki0ccqyaan6bl9d25gdr0f2d";
|
||||
};
|
||||
buildInputs = [pkgconfig inputproto kbproto libxcb xextproto xf86bigfontproto xproto xtrans ];
|
||||
meta.platforms = stdenv.lib.platforms.unix;
|
||||
|
|
|
@ -59,7 +59,7 @@ mirror://xorg/individual/lib/libICE-1.0.9.tar.bz2
|
|||
mirror://xorg/individual/lib/libpciaccess-0.13.4.tar.bz2
|
||||
mirror://xorg/individual/lib/libSM-1.2.2.tar.bz2
|
||||
mirror://xorg/X11R7.7/src/everything/libWindowsWM-1.0.1.tar.bz2
|
||||
mirror://xorg/individual/lib/libX11-1.6.4.tar.bz2
|
||||
mirror://xorg/individual/lib/libX11-1.6.5.tar.bz2
|
||||
mirror://xorg/individual/lib/libXau-1.0.8.tar.bz2
|
||||
mirror://xorg/individual/lib/libXaw-1.0.13.tar.bz2
|
||||
mirror://xorg/individual/lib/libXcomposite-0.4.4.tar.bz2
|
||||
|
|
|
@ -15,6 +15,12 @@ stdenv.mkDerivation {
|
|||
|
||||
patches = [ ./ploticus-install.patch ];
|
||||
|
||||
# Make the symlink relative instead of absolute.
|
||||
# Otherwise it breaks when auto-moved to $out/share.
|
||||
preFixup = ''
|
||||
ln -sf pl.1 "$out"/man/man1/ploticus.1
|
||||
'';
|
||||
|
||||
meta = with stdenv.lib; {
|
||||
description = "A non-interactive software package for producing plots and charts";
|
||||
longDescription = ''Ploticus is a free, GPL'd, non-interactive
|
||||
|
|
|
@ -8,7 +8,7 @@ stdenv.mkDerivation rec {
|
|||
sha256 = "178nn4dl7wbcw499czikirnkniwnx36argdnqgz4ik9i6zvwkm6y";
|
||||
};
|
||||
|
||||
patches = [ ./memory-leak.patch ];
|
||||
patches = [ ./memory-leak.patch ./no-install-statedir.patch ];
|
||||
|
||||
buildInputs = [ coreutils ]; # bin/updatedb script needs to call sort
|
||||
|
||||
|
@ -17,6 +17,8 @@ stdenv.mkDerivation rec {
|
|||
|
||||
outputs = [ "out" "info" ];
|
||||
|
||||
configureFlags = [ "--localstatedir=/var/cache" ];
|
||||
|
||||
crossAttrs = {
|
||||
# Fix the 'buildInputs = [ coreutils ]' above - that adds the cross coreutils to PATH :(
|
||||
propagatedBuildInputs = [ ];
|
||||
|
|
|
@ -0,0 +1,11 @@
|
|||
--- a/locate/Makefile.in
|
||||
+++ b/locate/Makefile.in
|
||||
@@ -2357,7 +2357,7 @@ updatedb: updatedb.sh Makefile
|
||||
chmod +x $@
|
||||
|
||||
install-data-hook:
|
||||
- $(top_srcdir)/build-aux/mkinstalldirs $(DESTDIR)$(localstatedir)
|
||||
+ #$(top_srcdir)/build-aux/mkinstalldirs $(DESTDIR)$(localstatedir)
|
||||
|
||||
dblocation.texi:
|
||||
echo '@set LOCATE_DB $(LOCATE_DB)' > $@.tmp
|
|
@ -21,11 +21,11 @@ assert scpSupport -> libssh2 != null;
|
|||
assert c-aresSupport -> c-ares != null;
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
name = "curl-7.53.0";
|
||||
name = "curl-7.53.1";
|
||||
|
||||
src = fetchurl {
|
||||
url = "http://curl.haxx.se/download/${name}.tar.bz2";
|
||||
sha256 = "008833dd9w4l2277q9r0bsq1vqmm0fr7qqyzvqlw5d47xy5mld5j";
|
||||
sha256 = "1s1hyndva0yp62xy96pcp4anzrvw6cl0abjajim17sbmdp00fwhw";
|
||||
};
|
||||
|
||||
patches = [ ];
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
{ stdenv, fetchurl, openssl, expat, libevent }:
|
||||
{ stdenv, fetchurl, openssl, nettle, expat, libevent }:
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
name = "unbound-${version}";
|
||||
|
@ -11,7 +11,7 @@ stdenv.mkDerivation rec {
|
|||
|
||||
outputs = [ "out" "lib" "man" ]; # "dev" would only split ~20 kB
|
||||
|
||||
buildInputs = [ openssl expat libevent ];
|
||||
buildInputs = [ openssl nettle expat libevent ];
|
||||
|
||||
configureFlags = [
|
||||
"--with-ssl=${openssl.dev}"
|
||||
|
@ -26,11 +26,21 @@ stdenv.mkDerivation rec {
|
|||
|
||||
installFlags = [ "configfile=\${out}/etc/unbound/unbound.conf" ];
|
||||
|
||||
# get rid of runtime dependencies on $dev outputs
|
||||
postInstall = ''substituteInPlace "$lib/lib/libunbound.la" ''
|
||||
preFixup = stdenv.lib.optionalString stdenv.isLinux
|
||||
# Build libunbound again, but only against nettle instead of openssl.
|
||||
# This avoids gnutls.out -> unbound.lib -> openssl.out.
|
||||
# There was some problem with this on Darwin; let's not complicate non-Linux.
|
||||
''
|
||||
configureFlags="$configureFlags --with-nettle=${nettle.dev} --with-libunbound-only"
|
||||
configurePhase
|
||||
buildPhase
|
||||
installPhase
|
||||
''
|
||||
# get rid of runtime dependencies on $dev outputs
|
||||
+ ''substituteInPlace "$lib/lib/libunbound.la" ''
|
||||
+ stdenv.lib.concatMapStrings
|
||||
(pkg: " --replace '-L${pkg.dev}/lib' '-L${pkg.out}/lib' ")
|
||||
[ openssl expat libevent ];
|
||||
buildInputs;
|
||||
|
||||
meta = with stdenv.lib; {
|
||||
description = "Validating, recursive, and caching DNS resolver";
|
||||
|
|
|
@ -20325,12 +20325,12 @@ in {
|
|||
};
|
||||
|
||||
pygments = buildPythonPackage rec {
|
||||
version = "2.1.3";
|
||||
version = "2.2.0";
|
||||
name = "Pygments-${version}";
|
||||
|
||||
src = pkgs.fetchurl {
|
||||
url = "mirror://pypi/P/Pygments/${name}.tar.gz";
|
||||
sha256 = "10axnp2wpjnq9g8wg53fx0c70dfxqrz498jyz8mrdx9a3flwir48";
|
||||
sha256 = "1k78qdvir1yb1c634nkv6rbga8wv4289xarghmsbbvzhvr311bnv";
|
||||
};
|
||||
|
||||
propagatedBuildInputs = with self; [ docutils ];
|
||||
|
@ -20807,11 +20807,11 @@ in {
|
|||
|
||||
pyparsing = buildPythonPackage rec {
|
||||
name = "pyparsing-${version}";
|
||||
version = "2.1.8";
|
||||
version = "2.1.10";
|
||||
|
||||
src = pkgs.fetchurl {
|
||||
url = "mirror://pypi/p/pyparsing/${name}.tar.gz";
|
||||
sha256 = "0sy5fxhsvhf0fwk9h6nqlhn1lsjpdmg41jziw5z814rlkydqd903";
|
||||
sha256 = "811c3e7b0031021137fc83e051795025fcb98674d07eb8fe922ba4de53d39188";
|
||||
};
|
||||
|
||||
# Not everything necessary to run the tests is included in the distribution
|
||||
|
@ -28976,7 +28976,8 @@ EOF
|
|||
--replace 'pyyaml==3.11' 'pyyaml' \
|
||||
--replace 'lxml==3.7.1' 'lxml' \
|
||||
--replace 'pyopenssl==16.2.0' 'pyopenssl' \
|
||||
--replace 'requests[socks]==2.12.4' 'requests[socks]'
|
||||
--replace 'requests[socks]==2.12.4' 'requests[socks]' \
|
||||
--replace 'pygments==2.1.3' 'pygments>=2.1,<3.0'
|
||||
'';
|
||||
|
||||
propagatedBuildInputs = with self; [
|
||||
|
@ -31899,10 +31900,10 @@ EOF
|
|||
};
|
||||
|
||||
packaging = buildPythonPackage rec {
|
||||
name = "packaging-16.7";
|
||||
name = "packaging-16.8";
|
||||
src = pkgs.fetchurl {
|
||||
url = "mirror://pypi/p/packaging/${name}.tar.gz";
|
||||
sha256 = "07h18mrpqs0lv2x4fl43pqi0xj6hdrmrnm6v9q634yliagg6q91f";
|
||||
sha256 = "5d50835fdf0a7edf0b55e311b7c887786504efea1177abd7e69329a8e5ea619e";
|
||||
};
|
||||
propagatedBuildInputs = with self; [ pyparsing six ];
|
||||
buildInputs = with self; [ pytest pretend ];
|
||||
|
|
Loading…
Reference in New Issue