Merge branch 'staging'

(Truly, this time :-)
This commit is contained in:
Vladimír Čunát 2017-03-01 11:34:44 +01:00
commit b43614a6bb
No known key found for this signature in database
GPG Key ID: E747DF1F9575A3AA
22 changed files with 269 additions and 87 deletions

View File

@ -641,6 +641,19 @@ community to help save time. No tool is preferred at the moment.
- [pypi2nix](https://github.com/garbas/pypi2nix) by Rok Garbas
- [pypi2nix](https://github.com/offlinehacker/pypi2nix) by Jaka Hudoklin
### Deterministic builds
Python 2.7, 3.5 and 3.6 are now built deterministically and 3.4 mostly.
Minor modifications had to be made to the interpreters in order to generate
deterministic bytecode. This has security implications and is relevant for
those using Python in a `nix-shell`.
When the environment variable `DETERMINISTIC_BUILD` is set, all bytecode will have timestamp 1.
The `buildPythonPackage` function sets `DETERMINISTIC_BUILD` as well as
[PYTHONHASHSEED](https://docs.python.org/3.5/using/cmdline.html#envvar-PYTHONHASHSEED).
Both are also exported in `nix-shell`.
## FAQ
### How can I install a working Python environment?

View File

@ -271,6 +271,16 @@ following incompatible changes:</para>
</para>
</listitem>
<listitem>
<para>
Python 2.7, 3.5 and 3.6 are now built deterministically and 3.4 mostly.
Minor modifications had to be made to the interpreters in order to generate
deterministic bytecode. This has security implications and is relevant for
those using Python in a <literal>nix-shell</literal>. See the Nixpkgs manual
for details.
</para>
</listitem>
</itemizedlist>

View File

@ -3,26 +3,30 @@ fixupOutputHooks+=('if [ -z "$dontGzipMan" ]; then compressManPages "$prefix"; f
compressManPages() {
local dir="$1"
if [ ! -d "$dir/share/man" ]; then return; fi
echo "gzipping man pages in $dir"
if [ -L "$dir"/share ] || [ -L "$dir"/share/man ] || [ ! -d "$dir/share/man" ]
then return
fi
echo "gzipping man pages under $dir/share/man/"
GLOBIGNORE=.:..:*.gz:*.bz2
for f in "$dir"/share/man/*/* "$dir"/share/man/*/*/*; do
if [ -f "$f" -a ! -L "$f" ]; then
# Compress all uncompressed manpages. Don't follow symlinks, etc.
find "$dir"/share/man/ -type f -a '!' -regex '.*\.\(bz2\|gz\)$' -print0 \
| while IFS= read -r -d $'\0' f
do
if gzip -c -n "$f" > "$f".gz; then
rm "$f"
else
rm "$f".gz
fi
fi
done
for f in "$dir"/share/man/*/* "$dir"/share/man/*/*/*; do
if [ -L "$f" -a -f `readlink -f "$f"`.gz ]; then
ln -sf `readlink "$f"`.gz "$f".gz && rm "$f"
# Point symlinks to compressed manpages.
find "$dir"/share/man/ -type l -a '!' -regex '.*\.\(bz2\|gz\)$' -print0 \
| while IFS= read -r -d $'\0' f
do
local target
target="$(readlink -f "$f")"
if [ -f "$target".gz ]; then
ln -sf "$target".gz "$f".gz && rm "$f"
fi
done
unset GLOBIGNORE
}

View File

@ -178,6 +178,17 @@ in stdenv.mkDerivation {
echo "manylinux1_compatible=False" >> $out/lib/${libPrefix}/_manylinux.py
rm "$out"/lib/python*/plat-*/regen # refers to glibc.dev
# Determinism: Windows installers were not deterministic.
# We're also not interested in building Windows installers.
find "$out" -name 'wininst*.exe' | xargs -r rm -f
# Determinism: rebuild all bytecode
# We exclude lib2to3 because that's Python 2 code which fails
# We rebuild three times, once for each optimization level
find $out -name "*.py" | $out/bin/python -m compileall -q -f -x "lib2to3" -i -
find $out -name "*.py" | $out/bin/python -O -m compileall -q -f -x "lib2to3" -i -
find $out -name "*.py" | $out/bin/python -OO -m compileall -q -f -x "lib2to3" -i -
'';
passthru = let
@ -210,5 +221,8 @@ in stdenv.mkDerivation {
license = stdenv.lib.licenses.psfl;
platforms = stdenv.lib.platforms.all;
maintainers = with stdenv.lib.maintainers; [ chaoflow domenkozar ];
# Higher priority than Python 3.x so that `/bin/python` points to `/bin/python2`
# in case both 2 and 3 are installed.
priority = -100;
};
}

View File

@ -1,5 +1,7 @@
{ stdenv, fetchurl
, bzip2
, expat
, libffi
, gdbm
, lzma
, ncurses
@ -50,22 +52,44 @@ in stdenv.mkDerivation {
NIX_LDFLAGS = optionalString stdenv.isLinux "-lgcc_s";
# Determinism: The interpreter is patched to write null timestamps when compiling python files.
# This way python doesn't try to update them when we freeze timestamps in nix store.
DETERMINISTIC_BUILD=1;
# Determinism: We fix the hashes of str, bytes and datetime objects.
PYTHONHASHSEED=0;
prePatch = optionalString stdenv.isDarwin ''
substituteInPlace configure --replace '`/usr/bin/arch`' '"i386"'
substituteInPlace configure --replace '-Wl,-stack_size,1000000' ' '
'';
postPatch = optionalString (x11Support && (tix != null)) ''
postPatch = ''
# Determinism
substituteInPlace "Lib/py_compile.py" --replace "source_stats['mtime']" "(1 if 'DETERMINISTIC_BUILD' in os.environ else source_stats['mtime'])"
# Determinism. This is done unconditionally
substituteInPlace "Lib/importlib/_bootstrap.py" --replace "source_mtime = int(source_stats['mtime'])" "source_mtime = 1"
'' + optionalString (x11Support && (tix != null)) ''
substituteInPlace "Lib/tkinter/tix.py" --replace "os.environ.get('TIX_LIBRARY')" "os.environ.get('TIX_LIBRARY') or '${tix}/lib'"
''
# Avoid picking up getentropy() from glibc >= 2.25, as that would break
# on older kernels. http://bugs.python.org/issue29157
+ optionalString stdenv.isLinux
''
+ optionalString stdenv.isLinux ''
substituteInPlace Python/random.c --replace 'defined(HAVE_GETENTROPY)' '0'
cat Python/random.c
'';
CPPFLAGS="${concatStringsSep " " (map (p: "-I${getDev p}/include") buildInputs)}";
LDFLAGS="${concatStringsSep " " (map (p: "-L${getLib p}/lib") buildInputs)}";
LIBS="${optionalString (!stdenv.isDarwin) "-lcrypt"} ${optionalString (ncurses != null) "-lncurses"}";
configureFlags = [
"--enable-shared"
"--with-threads"
"--without-ensurepip"
"--with-system-expat"
"--with-system-ffi"
];
preConfigure = ''
for i in /usr /sw /opt /pkg; do # improve purity
substituteInPlace ./setup.py --replace $i /no-such-path
@ -74,12 +98,6 @@ in stdenv.mkDerivation {
export NIX_CFLAGS_COMPILE="$NIX_CFLAGS_COMPILE -msse2"
export MACOSX_DEPLOYMENT_TARGET=10.6
''}
configureFlagsArray=( --enable-shared --with-threads
CPPFLAGS="${concatStringsSep " " (map (p: "-I${getDev p}/include") buildInputs)}"
LDFLAGS="${concatStringsSep " " (map (p: "-L${getLib p}/lib") buildInputs)}"
LIBS="${optionalString (!stdenv.isDarwin) "-lcrypt"} ${optionalString (ncurses != null) "-lncurses"}"
)
'';
setupHook = ./setup-hook.sh;
@ -102,6 +120,10 @@ in stdenv.mkDerivation {
# Python on Nix is not manylinux1 compatible. https://github.com/NixOS/nixpkgs/issues/18484
echo "manylinux1_compatible=False" >> $out/lib/${libPrefix}/_manylinux.py
# Determinism: Windows installers were not deterministic.
# We're also not interested in building Windows installers.
find "$out" -name 'wininst*.exe' | xargs -r rm -f
# Use Python3 as default python
ln -s "$out/bin/idle3" "$out/bin/idle"
ln -s "$out/bin/pip3" "$out/bin/pip"
@ -109,6 +131,13 @@ in stdenv.mkDerivation {
ln -s "$out/bin/python3" "$out/bin/python"
ln -s "$out/bin/python3-config" "$out/bin/python-config"
ln -s "$out/lib/pkgconfig/python3.pc" "$out/lib/pkgconfig/python.pc"
# Determinism: rebuild all bytecode
# We exclude lib2to3 because that's Python 2 code which fails
# We rebuild three times, once for each optimization level
find $out -name "*.py" | $out/bin/python -m compileall -q -f -x "lib2to3" -i -
find $out -name "*.py" | $out/bin/python -O -m compileall -q -f -x "lib2to3" -i -
find $out -name "*.py" | $out/bin/python -OO -m compileall -q -f -x "lib2to3" -i -
'';
postFixup = ''

View File

@ -1,5 +1,7 @@
{ stdenv, fetchurl, fetchpatch
, bzip2
, expat
, libffi
, gdbm
, lzma
, ncurses
@ -32,7 +34,7 @@ let
sitePackages = "lib/${libPrefix}/site-packages";
buildInputs = filter (p: p != null) [
zlib bzip2 lzma gdbm sqlite readline ncurses openssl ]
zlib bzip2 expat lzma libffi gdbm sqlite readline ncurses openssl ]
++ optionals x11Support [ tcl tk libX11 xproto ]
++ optionals stdenv.isDarwin [ CF configd ];
@ -50,6 +52,12 @@ in stdenv.mkDerivation {
NIX_LDFLAGS = optionalString stdenv.isLinux "-lgcc_s";
# Determinism: The interpreter is patched to write null timestamps when compiling python files.
# This way python doesn't try to update them when we freeze timestamps in nix store.
DETERMINISTIC_BUILD=1;
# Determinism: We fix the hashes of str, bytes and datetime objects.
PYTHONHASHSEED=0;
prePatch = optionalString stdenv.isDarwin ''
substituteInPlace configure --replace '`/usr/bin/arch`' '"i386"'
substituteInPlace configure --replace '-Wl,-stack_size,1000000' ' '
@ -63,10 +71,27 @@ in stdenv.mkDerivation {
})
];
postPatch = optionalString (x11Support && (tix != null)) ''
postPatch = ''
# Determinism
substituteInPlace "Lib/py_compile.py" --replace "source_stats['mtime']" "(1 if 'DETERMINISTIC_BUILD' in os.environ else source_stats['mtime'])"
# Determinism. This is done unconditionally
substituteInPlace "Lib/importlib/_bootstrap_external.py" --replace "source_mtime = int(st['mtime'])" "source_mtime = 1"
'' + optionalString (x11Support && (tix != null)) ''
substituteInPlace "Lib/tkinter/tix.py" --replace "os.environ.get('TIX_LIBRARY')" "os.environ.get('TIX_LIBRARY') or '${tix}/lib'"
'';
CPPFLAGS="${concatStringsSep " " (map (p: "-I${getDev p}/include") buildInputs)}";
LDFLAGS="${concatStringsSep " " (map (p: "-L${getLib p}/lib") buildInputs)}";
LIBS="${optionalString (!stdenv.isDarwin) "-lcrypt"} ${optionalString (ncurses != null) "-lncurses"}";
configureFlags = [
"--enable-shared"
"--with-threads"
"--without-ensurepip"
"--with-system-expat"
"--with-system-ffi"
];
preConfigure = ''
for i in /usr /sw /opt /pkg; do # improve purity
substituteInPlace ./setup.py --replace $i /no-such-path
@ -75,12 +100,6 @@ in stdenv.mkDerivation {
export NIX_CFLAGS_COMPILE="$NIX_CFLAGS_COMPILE -msse2"
export MACOSX_DEPLOYMENT_TARGET=10.6
''}
configureFlagsArray=( --enable-shared --with-threads
CPPFLAGS="${concatStringsSep " " (map (p: "-I${getDev p}/include") buildInputs)}"
LDFLAGS="${concatStringsSep " " (map (p: "-L${getLib p}/lib") buildInputs)}"
LIBS="${optionalString (!stdenv.isDarwin) "-lcrypt"} ${optionalString (ncurses != null) "-lncurses"}"
)
'';
setupHook = ./setup-hook.sh;
@ -103,6 +122,10 @@ in stdenv.mkDerivation {
# Python on Nix is not manylinux1 compatible. https://github.com/NixOS/nixpkgs/issues/18484
echo "manylinux1_compatible=False" >> $out/lib/${libPrefix}/_manylinux.py
# Determinism: Windows installers were not deterministic.
# We're also not interested in building Windows installers.
find "$out" -name 'wininst*.exe' | xargs -r rm -f
# Use Python3 as default python
ln -s "$out/bin/idle3" "$out/bin/idle"
ln -s "$out/bin/pip3" "$out/bin/pip"
@ -110,6 +133,13 @@ in stdenv.mkDerivation {
ln -s "$out/bin/python3" "$out/bin/python"
ln -s "$out/bin/python3-config" "$out/bin/python-config"
ln -s "$out/lib/pkgconfig/python3.pc" "$out/lib/pkgconfig/python.pc"
# Determinism: rebuild all bytecode
# We exclude lib2to3 because that's Python 2 code which fails
# We rebuild three times, once for each optimization level
find $out -name "*.py" | $out/bin/python -m compileall -q -f -x "lib2to3" -i -
find $out -name "*.py" | $out/bin/python -O -m compileall -q -f -x "lib2to3" -i -
find $out -name "*.py" | $out/bin/python -OO -m compileall -q -f -x "lib2to3" -i -
'';
postFixup = ''

View File

@ -1,6 +1,8 @@
{ stdenv, fetchurl, fetchpatch
, glibc
, bzip2
, expat
, libffi
, gdbm
, lzma
, ncurses
@ -50,6 +52,12 @@ in stdenv.mkDerivation {
NIX_LDFLAGS = optionalString stdenv.isLinux "-lgcc_s";
# Determinism: The interpreter is patched to write null timestamps when compiling python files.
# This way python doesn't try to update them when we freeze timestamps in nix store.
DETERMINISTIC_BUILD=1;
# Determinism: We fix the hashes of str, bytes and datetime objects.
PYTHONHASHSEED=0;
prePatch = optionalString stdenv.isDarwin ''
substituteInPlace configure --replace '`/usr/bin/arch`' '"i386"'
substituteInPlace configure --replace '-Wl,-stack_size,1000000' ' '
@ -63,10 +71,27 @@ in stdenv.mkDerivation {
})
];
postPatch = optionalString (x11Support && (tix != null)) ''
postPatch = ''
# Determinism
substituteInPlace "Lib/py_compile.py" --replace "source_stats['mtime']" "(1 if 'DETERMINISTIC_BUILD' in os.environ else source_stats['mtime'])"
# Determinism. This is done unconditionally
substituteInPlace "Lib/importlib/_bootstrap_external.py" --replace "source_mtime = int(st['mtime'])" "source_mtime = 1"
'' + optionalString (x11Support && (tix != null)) ''
substituteInPlace "Lib/tkinter/tix.py" --replace "os.environ.get('TIX_LIBRARY')" "os.environ.get('TIX_LIBRARY') or '${tix}/lib'"
'';
CPPFLAGS="${concatStringsSep " " (map (p: "-I${getDev p}/include") buildInputs)}";
LDFLAGS="${concatStringsSep " " (map (p: "-L${getLib p}/lib") buildInputs)}";
LIBS="${optionalString (!stdenv.isDarwin) "-lcrypt"} ${optionalString (ncurses != null) "-lncurses"}";
configureFlags = [
"--enable-shared"
"--with-threads"
"--without-ensurepip"
"--with-system-expat"
"--with-system-ffi"
];
preConfigure = ''
for i in /usr /sw /opt /pkg; do # improve purity
substituteInPlace ./setup.py --replace $i /no-such-path
@ -75,12 +100,6 @@ in stdenv.mkDerivation {
export NIX_CFLAGS_COMPILE="$NIX_CFLAGS_COMPILE -msse2"
export MACOSX_DEPLOYMENT_TARGET=10.6
''}
configureFlagsArray=( --enable-shared --with-threads
CPPFLAGS="${concatStringsSep " " (map (p: "-I${getDev p}/include") buildInputs)}"
LDFLAGS="${concatStringsSep " " (map (p: "-L${getLib p}/lib") buildInputs)}"
LIBS="${optionalString (!stdenv.isDarwin) "-lcrypt"} ${optionalString (ncurses != null) "-lncurses"}"
)
'';
setupHook = ./setup-hook.sh;
@ -103,6 +122,10 @@ in stdenv.mkDerivation {
# Python on Nix is not manylinux1 compatible. https://github.com/NixOS/nixpkgs/issues/18484
echo "manylinux1_compatible=False" >> $out/lib/${libPrefix}/_manylinux.py
# Determinism: Windows installers were not deterministic.
# We're also not interested in building Windows installers.
find "$out" -name 'wininst*.exe' | xargs -r rm -f
# Use Python3 as default python
ln -s "$out/bin/idle3" "$out/bin/idle"
ln -s "$out/bin/pip3" "$out/bin/pip"
@ -110,6 +133,13 @@ in stdenv.mkDerivation {
ln -s "$out/bin/python3" "$out/bin/python"
ln -s "$out/bin/python3-config" "$out/bin/python-config"
ln -s "$out/lib/pkgconfig/python3.pc" "$out/lib/pkgconfig/python.pc"
# Determinism: rebuild all bytecode
# We exclude lib2to3 because that's Python 2 code which fails
# We rebuild three times, once for each optimization level
find $out -name "*.py" | $out/bin/python -m compileall -q -f -x "lib2to3" -i -
find $out -name "*.py" | $out/bin/python -O -m compileall -q -f -x "lib2to3" -i -
find $out -name "*.py" | $out/bin/python -OO -m compileall -q -f -x "lib2to3" -i -
'';
passthru = let

View File

@ -57,9 +57,12 @@ python.stdenv.mkDerivation (builtins.removeAttrs attrs ["disabled"] // {
inherit pythonPath;
# patch python interpreter to write null timestamps when compiling python files
# this way python doesn't try to update them when we freeze timestamps in nix store
# Determinism: The interpreter is patched to write null timestamps when compiling python files.
# This way python doesn't try to update them when we freeze timestamps in nix store.
DETERMINISTIC_BUILD=1;
# Determinism: We fix the hashes of str, bytes and datetime objects.
PYTHONHASHSEED = 0;
buildInputs = [ wrapPython ] ++ buildInputs ++ pythonPath
++ [ (ensureNewerSourcesHook { year = "1980"; }) ]

View File

@ -23,11 +23,21 @@ stdenv.mkDerivation {
| grep -v '^dh-autoreconf' | sed 's|^|debian/patches/|')"
'';
outputs = [ "out" "dev" ];
# libevent_openssl is moved into its own output, so that openssl isn't present
# in the default closure.
outputs = [ "out" "dev" "openssl" ];
outputBin = "dev";
propagatedBuildOutputs = [ "out" "openssl" ];
buildInputs = [ openssl ] ++ stdenv.lib.optional stdenv.isCygwin findutils;
postInstall = ''
moveToOutput "lib/libevent_openssl*" "$openssl"
substituteInPlace "$dev/lib/pkgconfig/libevent_openssl.pc" \
--replace "$out" "$openssl"
sed "/^libdir=/s|$out|$openssl|" -i "$openssl"/lib/libevent_openssl.la
'';
meta = with stdenv.lib; {
description = "Event notification library";
longDescription = ''

View File

@ -17,7 +17,9 @@ stdenv.mkDerivation rec {
"getnameinfo_basic" # probably network-dependent
"spawn_setuid_fails" "spawn_setgid_fails" "fs_chown" # user namespaces
"getaddrinfo_fail" "getaddrinfo_fail_sync"
];
]
# sometimes: timeout (no output)
++ stdenv.lib.optional stdenv.isDarwin "process_title";
tdRegexp = lib.concatStringsSep "\\|" toDisable;
in lib.optionalString doCheck ''
sed '/${tdRegexp}/d' -i test/test-list.h

View File

@ -27,7 +27,7 @@ if ! lists.elem stdenv.system platforms.mesaPlatforms then
else
let
version = "13.0.5";
version = "17.0.0";
branch = head (splitString "." version);
driverLink = "/run/opengl-driver" + optionalString stdenv.isi686 "-32";
in
@ -41,7 +41,7 @@ stdenv.mkDerivation {
"ftp://ftp.freedesktop.org/pub/mesa/older-versions/${branch}.x/${version}/mesa-${version}.tar.xz"
"https://launchpad.net/mesa/trunk/${version}/+download/mesa-${version}.tar.xz"
];
sha256 = "bfcea7e2c801525a60895c8aff11aa68457ee9aa35d01a4638e1f310a3f5ef87";
sha256 = "10c4cvm6hhdch0idh2kn7qv1dq6zlw97sc3pz7bssn81f1ckvnrr";
};
prePatch = "patchShebangs .";
@ -54,11 +54,6 @@ stdenv.mkDerivation {
./symlink-drivers.patch
];
postPatch = ''
substituteInPlace src/egl/main/egldriver.c \
--replace _EGL_DRIVER_SEARCH_DIR '"${driverLink}"'
'';
outputs = [ "out" "dev" "drivers" "osmesa" ];
# TODO: Figure out how to enable opencl without having a runtime dependency on clang
@ -69,7 +64,7 @@ stdenv.mkDerivation {
"--with-dri-searchpath=${driverLink}/lib/dri"
"--with-egl-platforms=x11,wayland,drm"
] ++ (if stdenv.isArm || stdenv.isAarch64 then [
"--with-gallium-drivers=nouveau,freedreno,vc4,swrast"
"--with-gallium-drivers=nouveau,freedreno,vc4,etnaviv,swrast"
"--with-dri-drivers=nouveau,swrast"
] else [
"--with-gallium-drivers=svga,i915,ilo,r300,r600,radeonsi,nouveau,swrast"

View File

@ -1,7 +1,6 @@
Index: qttools-opensource-src-5.5.1/src/assistant/help/Qt5HelpConfigExtras.cmake.in
===================================================================
--- qttools-opensource-src-5.5.1.orig/src/assistant/help/Qt5HelpConfigExtras.cmake.in
+++ qttools-opensource-src-5.5.1/src/assistant/help/Qt5HelpConfigExtras.cmake.in
diff -Naur qttools-opensource-src-5.7.1.orig/src/assistant/help/Qt5HelpConfigExtras.cmake.in qttools-opensource-src-5.7.1/src/assistant/help/Qt5HelpConfigExtras.cmake.in
--- qttools-opensource-src-5.7.1.orig/src/assistant/help/Qt5HelpConfigExtras.cmake.in 2016-11-03 09:31:16.000000000 +0100
+++ qttools-opensource-src-5.7.1/src/assistant/help/Qt5HelpConfigExtras.cmake.in 2017-02-28 16:37:20.130457615 +0100
@@ -2,11 +2,10 @@
if (NOT TARGET Qt5::qcollectiongenerator)
add_executable(Qt5::qcollectiongenerator IMPORTED)
@ -18,11 +17,26 @@ Index: qttools-opensource-src-5.5.1/src/assistant/help/Qt5HelpConfigExtras.cmake
_qt5_Help_check_file_exists(${imported_location})
set_target_properties(Qt5::qcollectiongenerator PROPERTIES
Index: qttools-opensource-src-5.5.1/src/linguist/Qt5LinguistToolsConfig.cmake.in
===================================================================
--- qttools-opensource-src-5.5.1.orig/src/linguist/Qt5LinguistToolsConfig.cmake.in
+++ qttools-opensource-src-5.5.1/src/linguist/Qt5LinguistToolsConfig.cmake.in
@@ -44,11 +44,10 @@ endmacro()
@@ -17,11 +16,10 @@
if (NOT TARGET Qt5::qhelpgenerator)
add_executable(Qt5::qhelpgenerator IMPORTED)
-!!IF isEmpty(CMAKE_BIN_DIR_IS_ABSOLUTE)
- set(imported_location \"${_qt5Help_install_prefix}/$${CMAKE_BIN_DIR}qhelpgenerator$$CMAKE_BIN_SUFFIX\")
-!!ELSE
- set(imported_location \"$${CMAKE_BIN_DIR}qhelpgenerator$$CMAKE_BIN_SUFFIX\")
-!!ENDIF
+ set(imported_location \"@NIX_OUT@/$${CMAKE_BIN_DIR}qhelpgenerator$$CMAKE_BIN_SUFFIX\")
+ if(NOT EXISTS \"${imported_location}\")
+ set(imported_location \"@NIX_DEV@/$${CMAKE_BIN_DIR}qhelpgenerator$$CMAKE_BIN_SUFFIX\")
+ endif()
_qt5_Help_check_file_exists(${imported_location})
set_target_properties(Qt5::qhelpgenerator PROPERTIES
diff -Naur qttools-opensource-src-5.7.1.orig/src/linguist/Qt5LinguistToolsConfig.cmake.in qttools-opensource-src-5.7.1/src/linguist/Qt5LinguistToolsConfig.cmake.in
--- qttools-opensource-src-5.7.1.orig/src/linguist/Qt5LinguistToolsConfig.cmake.in 2016-11-03 09:31:16.000000000 +0100
+++ qttools-opensource-src-5.7.1/src/linguist/Qt5LinguistToolsConfig.cmake.in 2017-02-28 16:35:40.470100681 +0100
@@ -44,11 +44,10 @@
if (NOT TARGET Qt5::lrelease)
add_executable(Qt5::lrelease IMPORTED)
@ -38,7 +52,7 @@ Index: qttools-opensource-src-5.5.1/src/linguist/Qt5LinguistToolsConfig.cmake.in
_qt5_LinguistTools_check_file_exists(${imported_location})
set_target_properties(Qt5::lrelease PROPERTIES
@@ -59,11 +58,10 @@ endif()
@@ -59,11 +58,10 @@
if (NOT TARGET Qt5::lupdate)
add_executable(Qt5::lupdate IMPORTED)
@ -54,7 +68,7 @@ Index: qttools-opensource-src-5.5.1/src/linguist/Qt5LinguistToolsConfig.cmake.in
_qt5_LinguistTools_check_file_exists(${imported_location})
set_target_properties(Qt5::lupdate PROPERTIES
@@ -74,11 +72,10 @@ endif()
@@ -74,11 +72,10 @@
if (NOT TARGET Qt5::lconvert)
add_executable(Qt5::lconvert IMPORTED)

View File

@ -81,8 +81,6 @@ stdenv.mkDerivation rec {
enableParallelBuilding = true;
postFixup = optionalString (cross == null) "ln -s $out/bin $dev/bin"; # tools needed for development
meta = with stdenv.lib; {
description = "Tools for manipulating binaries (linker, assembler, etc.)";
longDescription = ''

View File

@ -6,11 +6,11 @@ stdenv.mkDerivation rec {
version = lib.concatStringsSep "." ([ majorVersion ]
++ lib.optional (patchVersion != "") patchVersion);
majorVersion = "2.29";
patchVersion = "";
patchVersion = "2";
src = fetchurl {
url = "mirror://kernel/linux/utils/util-linux/v${majorVersion}/${name}.tar.xz";
sha256 = "1rzrmdrz51p9sy7vlw5qmj8pmqazm7hgcch5yq242mkvrikyln9c";
sha256 = "1qz81w8vzrmy8xn9yx7ls4amkbgwx6vr62pl6kv9g7r0g3ba9kmc";
};
patches = [ ./rtcwake-search-PATH-for-shutdown.patch ];

View File

@ -669,11 +669,11 @@ let
}) // {inherit windowswmproto libX11 libXext xextproto ;};
libX11 = (mkDerivation "libX11" {
name = "libX11-1.6.4";
name = "libX11-1.6.5";
builder = ./builder.sh;
src = fetchurl {
url = mirror://xorg/individual/lib/libX11-1.6.4.tar.bz2;
sha256 = "0hg46i6h92pmb7xp1cis2j43zq3fkdz89p0yv35w4vm17az4iixp";
url = mirror://xorg/individual/lib/libX11-1.6.5.tar.bz2;
sha256 = "0pa3cfp6h9rl2vxmkph65250gfqyki0ccqyaan6bl9d25gdr0f2d";
};
buildInputs = [pkgconfig inputproto kbproto libxcb xextproto xf86bigfontproto xproto xtrans ];
meta.platforms = stdenv.lib.platforms.unix;

View File

@ -59,7 +59,7 @@ mirror://xorg/individual/lib/libICE-1.0.9.tar.bz2
mirror://xorg/individual/lib/libpciaccess-0.13.4.tar.bz2
mirror://xorg/individual/lib/libSM-1.2.2.tar.bz2
mirror://xorg/X11R7.7/src/everything/libWindowsWM-1.0.1.tar.bz2
mirror://xorg/individual/lib/libX11-1.6.4.tar.bz2
mirror://xorg/individual/lib/libX11-1.6.5.tar.bz2
mirror://xorg/individual/lib/libXau-1.0.8.tar.bz2
mirror://xorg/individual/lib/libXaw-1.0.13.tar.bz2
mirror://xorg/individual/lib/libXcomposite-0.4.4.tar.bz2

View File

@ -15,6 +15,12 @@ stdenv.mkDerivation {
patches = [ ./ploticus-install.patch ];
# Make the symlink relative instead of absolute.
# Otherwise it breaks when auto-moved to $out/share.
preFixup = ''
ln -sf pl.1 "$out"/man/man1/ploticus.1
'';
meta = with stdenv.lib; {
description = "A non-interactive software package for producing plots and charts";
longDescription = ''Ploticus is a free, GPL'd, non-interactive

View File

@ -8,7 +8,7 @@ stdenv.mkDerivation rec {
sha256 = "178nn4dl7wbcw499czikirnkniwnx36argdnqgz4ik9i6zvwkm6y";
};
patches = [ ./memory-leak.patch ];
patches = [ ./memory-leak.patch ./no-install-statedir.patch ];
buildInputs = [ coreutils ]; # bin/updatedb script needs to call sort
@ -17,6 +17,8 @@ stdenv.mkDerivation rec {
outputs = [ "out" "info" ];
configureFlags = [ "--localstatedir=/var/cache" ];
crossAttrs = {
# Fix the 'buildInputs = [ coreutils ]' above - that adds the cross coreutils to PATH :(
propagatedBuildInputs = [ ];

View File

@ -0,0 +1,11 @@
--- a/locate/Makefile.in
+++ b/locate/Makefile.in
@@ -2357,7 +2357,7 @@ updatedb: updatedb.sh Makefile
chmod +x $@
install-data-hook:
- $(top_srcdir)/build-aux/mkinstalldirs $(DESTDIR)$(localstatedir)
+ #$(top_srcdir)/build-aux/mkinstalldirs $(DESTDIR)$(localstatedir)
dblocation.texi:
echo '@set LOCATE_DB $(LOCATE_DB)' > $@.tmp

View File

@ -21,11 +21,11 @@ assert scpSupport -> libssh2 != null;
assert c-aresSupport -> c-ares != null;
stdenv.mkDerivation rec {
name = "curl-7.53.0";
name = "curl-7.53.1";
src = fetchurl {
url = "http://curl.haxx.se/download/${name}.tar.bz2";
sha256 = "008833dd9w4l2277q9r0bsq1vqmm0fr7qqyzvqlw5d47xy5mld5j";
sha256 = "1s1hyndva0yp62xy96pcp4anzrvw6cl0abjajim17sbmdp00fwhw";
};
patches = [ ];

View File

@ -1,4 +1,4 @@
{ stdenv, fetchurl, openssl, expat, libevent }:
{ stdenv, fetchurl, openssl, nettle, expat, libevent }:
stdenv.mkDerivation rec {
name = "unbound-${version}";
@ -11,7 +11,7 @@ stdenv.mkDerivation rec {
outputs = [ "out" "lib" "man" ]; # "dev" would only split ~20 kB
buildInputs = [ openssl expat libevent ];
buildInputs = [ openssl nettle expat libevent ];
configureFlags = [
"--with-ssl=${openssl.dev}"
@ -26,11 +26,21 @@ stdenv.mkDerivation rec {
installFlags = [ "configfile=\${out}/etc/unbound/unbound.conf" ];
preFixup = stdenv.lib.optionalString stdenv.isLinux
# Build libunbound again, but only against nettle instead of openssl.
# This avoids gnutls.out -> unbound.lib -> openssl.out.
# There was some problem with this on Darwin; let's not complicate non-Linux.
''
configureFlags="$configureFlags --with-nettle=${nettle.dev} --with-libunbound-only"
configurePhase
buildPhase
installPhase
''
# get rid of runtime dependencies on $dev outputs
postInstall = ''substituteInPlace "$lib/lib/libunbound.la" ''
+ ''substituteInPlace "$lib/lib/libunbound.la" ''
+ stdenv.lib.concatMapStrings
(pkg: " --replace '-L${pkg.dev}/lib' '-L${pkg.out}/lib' ")
[ openssl expat libevent ];
buildInputs;
meta = with stdenv.lib; {
description = "Validating, recursive, and caching DNS resolver";

View File

@ -20325,12 +20325,12 @@ in {
};
pygments = buildPythonPackage rec {
version = "2.1.3";
version = "2.2.0";
name = "Pygments-${version}";
src = pkgs.fetchurl {
url = "mirror://pypi/P/Pygments/${name}.tar.gz";
sha256 = "10axnp2wpjnq9g8wg53fx0c70dfxqrz498jyz8mrdx9a3flwir48";
sha256 = "1k78qdvir1yb1c634nkv6rbga8wv4289xarghmsbbvzhvr311bnv";
};
propagatedBuildInputs = with self; [ docutils ];
@ -20807,11 +20807,11 @@ in {
pyparsing = buildPythonPackage rec {
name = "pyparsing-${version}";
version = "2.1.8";
version = "2.1.10";
src = pkgs.fetchurl {
url = "mirror://pypi/p/pyparsing/${name}.tar.gz";
sha256 = "0sy5fxhsvhf0fwk9h6nqlhn1lsjpdmg41jziw5z814rlkydqd903";
sha256 = "811c3e7b0031021137fc83e051795025fcb98674d07eb8fe922ba4de53d39188";
};
# Not everything necessary to run the tests is included in the distribution
@ -28976,7 +28976,8 @@ EOF
--replace 'pyyaml==3.11' 'pyyaml' \
--replace 'lxml==3.7.1' 'lxml' \
--replace 'pyopenssl==16.2.0' 'pyopenssl' \
--replace 'requests[socks]==2.12.4' 'requests[socks]'
--replace 'requests[socks]==2.12.4' 'requests[socks]' \
--replace 'pygments==2.1.3' 'pygments>=2.1,<3.0'
'';
propagatedBuildInputs = with self; [
@ -31899,10 +31900,10 @@ EOF
};
packaging = buildPythonPackage rec {
name = "packaging-16.7";
name = "packaging-16.8";
src = pkgs.fetchurl {
url = "mirror://pypi/p/packaging/${name}.tar.gz";
sha256 = "07h18mrpqs0lv2x4fl43pqi0xj6hdrmrnm6v9q634yliagg6q91f";
sha256 = "5d50835fdf0a7edf0b55e311b7c887786504efea1177abd7e69329a8e5ea619e";
};
propagatedBuildInputs = with self; [ pyparsing six ];
buildInputs = with self; [ pytest pretend ];