public
/
nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch 'staging' 

It seemed very fine on Hydra before it was cancelled due to glibc rebuild,
in particular the nixpkgs unstable job succeeded except for
bootstrap-tarball tests which should be fine after ee994dfae6.

Therefore, let's avoid another mass rebuild by merging now when we don't
have binaries for master anyway.
This commit is contained in:
Vladimír Čunát 2016-02-17 10:54:26 +01:00
parent 4ca2332bac e9520e81b3
commit b8c489e781
80 changed files with 876 additions and 949 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
doc/languages-frameworks/ruby.xml
View File

@ -42,5 +42,37 @@ and scalable.";
<para>Please check in the <filename>Gemfile</filename>, <filename>Gemfile.lock</filename> and the <filename>gemset.nix</filename> so future updates can be run easily.
</para>
<para>Resulting derivations also have two helpful items, <literal>env</literal> and <literal>wrapper</literal>. The first one allows one to quickly drop into
<command>nix-shell</command> with the specified environment present. E.g. <command>nix-shell -A sensu.env</command> would give you an environment with Ruby preset
so it has all the libraries necessary for <literal>sensu</literal> in its paths. The second one can be used to make derivations from custom Ruby scripts which have
<filename>Gemfile</filename>s with their dependencies specified. It is a derivation with <command>ruby</command> wrapped so it can find all the needed dependencies.
For example, to make a derivation <literal>my-script</literal> for a <filename>my-script.rb</filename> (which should be placed in <filename>bin</filename>) you should
run <command>bundix</command> as specified above and then use <literal>bundlerEnv</literal> lile this:</para>
<programlisting>
<![CDATA[let env = bundlerEnv {
name = "my-script-env";
inherit ruby;
gemfile = ./Gemfile;
lockfile = ./Gemfile.lock;
gemset = ./gemset.nix;
};
in stdenv.mkDerivation {
name = "my-script";
buildInputs = [ env.wrapper ];
script = ./my-script.rb;
buildCommand = ''
mkdir -p $out/bin
install -D -m755 $script $out/bin/my-script
patchShebangs $out/bin/my-script
'';
}]]>
</programlisting>
</section>

26
nixos/doc/manual/release-notes/rl-unstable.xml
View File

@ -169,10 +169,34 @@ fileSystems."/example" = {
options = [ "noatime" "compress=lzo" "space_cache" "autodefrag" ];
};
</programlisting>
</para>
</listitem>
<listitem>
<para>CUPS, installed by <literal>services.printing</literal> module, now
has its data directory in <filename>/var/lib/cups</filename>. Old
configurations from <filename>/etc/cups</filename> are moved there
automatically, but there might be problems. Also configuration options
<literal>services.printing.cupsdConf</literal> and
<literal>services.printing.cupsdFilesConf</literal> were removed
because they had been allowing one to override configuration variables
required for CUPS to work at all on NixOS. For most use cases,
<literal>services.printing.extraConf</literal> and new option
<literal>services.printing.extraFilesConf</literal> should be enough;
if you encounter a situation when they are not, please file a bug.</para>
<para>There are also Gutenprint improvements; in particular, a new option
<literal>services.printing.gutenprint</literal> is added to enable automatic
updating of Gutenprint PPMs; it's greatly recommended to enable it instead
of adding <literal>gutenprint</literal> to the <literal>drivers</literal> list.
</para>
</listitem>
<listitem>
<para><literal>services.xserver.vaapiDrivers</literal> has been removed. Use
<literal>services.hardware.opengl.extraPackages{,32}</literal> instead. You can
also specify VDPAU drivers there.</para>
</listitem>
</itemizedlist>

17
nixos/modules/config/fonts/fontconfig.nix
View File

@ -129,6 +129,14 @@ with lib;
};
cache32Bit = mkOption {
default = false;
type = types.bool;
description = ''
Generate system fonts cache for 32-bit applications.
'';
};
};
};
@ -231,12 +239,19 @@ with lib;
"${pkgs.fontconfig}/etc/fonts/fonts.conf";
environment.etc."fonts/${pkgs.fontconfig.configVersion}/conf.d/00-nixos.conf".text =
''
let
cache = fontconfig: pkgs.makeFontsCache { inherit fontconfig; fontDirectories = config.fonts.fonts; };
in ''
<?xml version='1.0'?>
<!DOCTYPE fontconfig SYSTEM 'fonts.dtd'>
<fontconfig>
<!-- Font directories -->
${concatStringsSep "\n" (map (font: "<dir>${font}</dir>") config.fonts.fonts)}
<!-- Pre-generated font caches -->
<cachedir>${cache pkgs.fontconfig}</cachedir>
${optionalString (pkgs.stdenv.isx86_64 && config.fonts.fontconfig.cache32Bit) ''
<cachedir>${cache pkgs.pkgsi686Linux.fontconfig}</cachedir>
''}
</fontconfig>
'';

39
nixos/modules/hardware/opengl.nix
View File

@ -10,7 +10,7 @@ let
videoDrivers = config.services.xserver.videoDrivers;
makePackage = p: p.buildEnv {
makePackage = p: pkgs.buildEnv {
name = "mesa-drivers+txc-${p.mesa_drivers.version}";
paths =
[ p.mesa_drivers
@ -19,6 +19,16 @@ let
];
};
package = pkgs.buildEnv {
name = "opengl-drivers";
paths = [ cfg.package ] ++ cfg.extraPackages;
};
package32 = pkgs.buildEnv {
name = "opengl-drivers-32bit";
paths = [ cfg.package32 ] ++ cfg.extraPackages32;
};
in
{
@ -75,11 +85,32 @@ in
internal = true;
description = ''
The package that provides the 32-bit OpenGL implementation on
64-bit systems. Used when <option>driSupport32Bit</option> is
64-bit systems. Used when <option>driSupport32Bit</option> is
set.
'';
};
hardware.opengl.extraPackages = mkOption {
type = types.listOf types.package;
default = [];
example = literalExample "with pkgs; [ vaapiIntel libvdpau-va-gl vaapiVdpau ]";
description = ''
Additional packages to add to OpenGL drivers. This can be used
to add additional VA-API/VDPAU drivers.
'';
};
hardware.opengl.extraPackages32 = mkOption {
type = types.listOf types.package;
default = [];
example = literalExample "with pkgs; [ vaapiIntel libvdpau-va-gl vaapiVdpau ]";
description = ''
Additional packages to add to 32-bit OpenGL drivers on
64-bit systems. Used when <option>driSupport32Bit</option> is
set. This can be used to add additional VA-API/VDPAU drivers.
'';
};
};
config = mkIf cfg.enable {
@ -91,11 +122,11 @@ in
system.activationScripts.setup-opengl =
''
ln -sfn ${cfg.package} /run/opengl-driver
ln -sfn ${package} /run/opengl-driver
${if pkgs.stdenv.isi686 then ''
ln -sfn opengl-driver /run/opengl-driver-32
'' else if cfg.driSupport32Bit then ''
ln -sfn ${cfg.package32} /run/opengl-driver-32
ln -sfn ${package32} /run/opengl-driver-32
'' else ''
rm -f /run/opengl-driver-32
''}

2
nixos/modules/installer/tools/auto-upgrade.nix
View File

@ -74,7 +74,7 @@ let cfg = config.system.autoUpgrade; in
serviceConfig.Type = "oneshot";
environment = config.nix.envVars //
{ inherit (config.environment.sessionVariables) NIX_PATH SSL_CERT_FILE;
{ inherit (config.environment.sessionVariables) NIX_PATH;
HOME = "/root";
};

1
nixos/modules/programs/venus.nix
View File

@ -165,7 +165,6 @@ in
script = "exec venus-planet ${configFile}";
serviceConfig.User = "${cfg.user}";
serviceConfig.Group = "${cfg.group}";
environment.SSL_CERT_FILE = "/etc/ssl/certs/ca-certificates.crt";
startAt = cfg.dates;
};

3
nixos/modules/rename.nix
View File

@ -77,6 +77,7 @@ with lib;
(mkRenamedOptionModule [ "services" "xserver" "driSupport32Bit" ] [ "hardware" "opengl" "driSupport32Bit" ])
(mkRenamedOptionModule [ "services" "xserver" "s3tcSupport" ] [ "hardware" "opengl" "s3tcSupport" ])
(mkRenamedOptionModule [ "hardware" "opengl" "videoDrivers" ] [ "services" "xserver" "videoDrivers" ])
(mkRenamedOptionModule [ "services" "xserver" "vaapiDrivers" ] [ "hardware" "opengl" "extraPackages" ])
(mkRenamedOptionModule [ "services" "mysql55" ] [ "services" "mysql" ])
@ -99,6 +100,8 @@ with lib;
(mkRemovedOptionModule [ "services" "syslog-ng" "listenToJournal" ])
(mkRemovedOptionModule [ "ec2" "metadata" ])
(mkRemovedOptionModule [ "services" "openvpn" "enable" ])
(mkRemovedOptionModule [ "services" "printing" "cupsFilesConf" ])
(mkRemovedOptionModule [ "services" "printing" "cupsdConf" ])
];
}

6
nixos/modules/security/ca.nix
View File

@ -64,12 +64,6 @@ in
# CentOS/Fedora compatibility.
environment.etc."pki/tls/certs/ca-bundle.crt".source = caCertificates;
environment.sessionVariables =
{ SSL_CERT_FILE = "/etc/ssl/certs/ca-certificates.crt";
# FIXME: unneeded - remove eventually.
GIT_SSL_CAINFO = "/etc/ssl/certs/ca-certificates.crt";
};
};
}

17
nixos/modules/services/continuous-integration/jenkins/default.nix
View File

@ -92,11 +92,12 @@ in {
type = with types; attrsOf str;
description = ''
Additional environment variables to be passed to the jenkins process.
As a base environment, jenkins receives NIX_PATH, SSL_CERT_FILE and
GIT_SSL_CAINFO from <option>environment.sessionVariables</option>,
NIX_REMOTE is set to "daemon" and JENKINS_HOME is set to
the value of <option>services.jenkins.home</option>. This option has
precedence and can be used to override those mentioned variables.
As a base environment, jenkins receives NIX_PATH from
<option>environment.sessionVariables</option>, NIX_REMOTE is set to
"daemon" and JENKINS_HOME is set to the value of
<option>services.jenkins.home</option>.
This option has precedence and can be used to override those
mentioned variables.
'';
};
@ -136,11 +137,7 @@ in {
environment =
let
selectedSessionVars =
lib.filterAttrs (n: v: builtins.elem n
[ "NIX_PATH"
"SSL_CERT_FILE"
"GIT_SSL_CAINFO"
])
lib.filterAttrs (n: v: builtins.elem n [ "NIX_PATH" ])
config.environment.sessionVariables;
in
selectedSessionVars //

1
nixos/modules/services/monitoring/dd-agent.nix
View File

@ -183,7 +183,6 @@ in {
Restart = "always";
RestartSec = 2;
};
environment.SSL_CERT_FILE = "/etc/ssl/certs/ca-certificates.crt";
restartTriggers = [ pkgs.dd-agent ddConf diskConfig networkConfig postgresqlConfig nginxConfig mongoConfig ];
};

1
nixos/modules/services/networking/ddclient.nix
View File

@ -127,7 +127,6 @@ in
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
environment.SSL_CERT_FILE = "/etc/ssl/certs/ca-certificates.crt";
serviceConfig = {
# Uncomment this if too many problems occur:
# Type = "forking";

188
nixos/modules/services/printing/cupsd.nix
View File

@ -4,10 +4,13 @@ with lib;
let
inherit (pkgs) cups cups_filters;
inherit (pkgs) cups cups-pk-helper cups_filters gutenprint;
cfg = config.services.printing;
avahiEnabled = config.services.avahi.enable;
polkitEnabled = config.security.polkit.enable;
additionalBackends = pkgs.runCommand "additional-cups-backends" { }
''
mkdir -p $out
@ -30,12 +33,75 @@ let
# cupsd.conf tells cupsd to use this tree.
bindir = pkgs.buildEnv {
name = "cups-progs";
paths = cfg.drivers;
pathsToLink = [ "/lib/cups" "/share/cups" "/bin" "/etc/cups" ];
paths =
[ cups additionalBackends cups_filters pkgs.ghostscript ]
++ optional cfg.gutenprint gutenprint
++ cfg.drivers;
pathsToLink = [ "/lib/cups" "/share/cups" "/bin" ];
postBuild = cfg.bindirCmds;
ignoreCollisions = true;
};
writeConf = name: text: pkgs.writeTextFile {
inherit name text;
destination = "/etc/cups/${name}";
};
cupsFilesFile = writeConf "cups-files.conf" ''
SystemGroup root wheel
ServerBin ${bindir}/lib/cups
DataDir ${bindir}/share/cups
AccessLog syslog
ErrorLog syslog
PageLog syslog
TempDir ${cfg.tempDir}
# User and group used to run external programs, including
# those that actually send the job to the printer. Note that
# Udev sets the group of printer devices to `lp', so we want
# these programs to run as `lp' as well.
User cups
Group lp
${cfg.extraFilesConf}
'';
cupsdFile = writeConf "cupsd.conf" ''
${concatMapStrings (addr: ''
Listen ${addr}
'') cfg.listenAddresses}
Listen /var/run/cups/cups.sock
SetEnv PATH ${bindir}/lib/cups/filter:${bindir}/bin
DefaultShared ${if cfg.defaultShared then "Yes" else "No"}
Browsing ${if cfg.browsing then "Yes" else "No"}
WebInterface ${if cfg.webInterface then "Yes" else "No"}
${cfg.extraConf}
'';
browsedFile = writeConf "cups-browsed.conf" cfg.browsedConf;
rootdir = pkgs.buildEnv {
name = "cups-progs";
paths = [
cupsFilesFile
cupsdFile
(writeConf "client.conf" cfg.clientConf)
(writeConf "snmp.conf" cfg.snmpConf)
] ++ optional avahiEnabled browsedFile
++ optional cfg.gutenprint gutenprint
++ cfg.drivers;
pathsToLink = [ "/etc/cups" ];
ignoreCollisions = true;
};
in
{
@ -96,25 +162,11 @@ in
'';
};
cupsdConf = mkOption {
type = types.lines;
default = "";
example =
''
BrowsePoll cups.example.com
LogLevel debug
'';
description = ''
The contents of the configuration file of the CUPS daemon
(<filename>cupsd.conf</filename>).
'';
};
cupsFilesConf = mkOption {
extraFilesConf = mkOption {
type = types.lines;
default = "";
description = ''
The contents of the configuration file of the CUPS daemon
Extra contents of the configuration file of the CUPS daemon
(<filename>cups-files.conf</filename>).
'';
};
@ -171,8 +223,18 @@ in
'';
};
gutenprint = mkOption {
type = types.bool;
default = false;
description = ''
Whether to enable Gutenprint drivers for CUPS. This includes auto-updating
Gutenprint PPD files.
'';
};
drivers = mkOption {
type = types.listOf types.path;
default = [];
example = literalExample "[ pkgs.splix ]";
description = ''
CUPS drivers to use. Drivers provided by CUPS, cups-filters, Ghostscript
@ -204,15 +266,10 @@ in
description = "CUPS printing services";
};
environment.systemPackages = [ cups ];
environment.systemPackages = [ cups ] ++ optional polkitEnabled cups-pk-helper;
environment.etc."cups".source = "/var/lib/cups";
environment.etc."cups/client.conf".text = cfg.clientConf;
environment.etc."cups/cups-files.conf".text = cfg.cupsFilesConf;
environment.etc."cups/cupsd.conf".text = cfg.cupsdConf;
environment.etc."cups/cups-browsed.conf".text = cfg.browsedConf;
environment.etc."cups/snmp.conf".text = cfg.snmpConf;
services.dbus.packages = [ cups ];
services.dbus.packages = [ cups ] ++ optional polkitEnabled cups-pk-helper;
# Cups uses libusb to talk to printers, and does not use the
# linux kernel driver. If the driver is not in a black list, it
@ -230,19 +287,35 @@ in
preStart =
''
mkdir -m 0755 -p /etc/cups
mkdir -m 0700 -p /var/cache/cups
mkdir -m 0700 -p /var/spool/cups
mkdir -m 0755 -p ${cfg.tempDir}
'';
restartTriggers =
[ config.environment.etc."cups/cups-files.conf".source
config.environment.etc."cups/cupsd.conf".source
];
mkdir -m 0755 -p /var/lib/cups
# Backwards compatibility
if [ ! -L /etc/cups ]; then
mv /etc/cups/* /var/lib/cups
rmdir /etc/cups
ln -s /var/lib/cups /etc/cups
fi
# First, clean existing symlinks
if [ -n "$(ls /var/lib/cups)" ]; then
for i in /var/lib/cups/*; do
[ -L "$i" ] && rm "$i"
done
fi
# Then, populate it with static files
cd ${rootdir}/etc/cups
for i in *; do
[ ! -e "/var/lib/cups/$i" ] && ln -s "${rootdir}/etc/cups/$i" "/var/lib/cups/$i"
done
${optionalString cfg.gutenprint ''
${gutenprint}/bin/cups-genppdupdate
''}
'';
};
systemd.services.cups-browsed = mkIf config.services.avahi.enable
systemd.services.cups-browsed = mkIf avahiEnabled
{ description = "CUPS Remote Printer Discovery";
wantedBy = [ "multi-user.target" ];
@ -255,54 +328,13 @@ in
serviceConfig.ExecStart = "${cups_filters}/bin/cups-browsed";
restartTriggers =
[ config.environment.etc."cups/cups-browsed.conf".source
];
restartTriggers = [ browsedFile ];
};
services.printing.drivers =
[ cups pkgs.ghostscript pkgs.cups_filters additionalBackends
pkgs.perl pkgs.coreutils pkgs.gnused pkgs.bc pkgs.gawk pkgs.gnugrep
];
services.printing.cupsFilesConf =
''
SystemGroup root wheel
ServerBin ${bindir}/lib/cups
DataDir ${bindir}/share/cups
AccessLog syslog
ErrorLog syslog
PageLog syslog
TempDir ${cfg.tempDir}
# User and group used to run external programs, including
# those that actually send the job to the printer. Note that
# Udev sets the group of printer devices to `lp', so we want
# these programs to run as `lp' as well.
User cups
Group lp
'';
services.printing.cupsdConf =
services.printing.extraConf =
''
LogLevel info
${concatMapStrings (addr: ''
Listen ${addr}
'') cfg.listenAddresses}
Listen /var/run/cups/cups.sock
SetEnv PATH ${bindir}/lib/cups/filter:${bindir}/bin:${bindir}/sbin
DefaultShared ${if cfg.defaultShared then "Yes" else "No"}
Browsing ${if cfg.browsing then "Yes" else "No"}
WebInterface ${if cfg.webInterface then "Yes" else "No"}
DefaultAuthType Basic
<Location />
@ -343,8 +375,6 @@ in
Order deny,allow
</Limit>
</Policy>
${cfg.extraConf}
'';
security.pam.services.cups = {};

9
nixos/modules/services/x11/display-managers/default.nix
View File

@ -16,13 +16,6 @@ let
cfg = config.services.xserver;
xorg = pkgs.xorg;
vaapiDrivers = pkgs.buildEnv {
name = "vaapi-drivers";
paths = cfg.vaapiDrivers;
# We only want /lib/dri, but with a single input path, we need "/" for it to work
pathsToLink = [ "/" ];
};
fontconfig = config.fonts.fontconfig;
xresourcesXft = pkgs.writeText "Xresources-Xft" ''
${optionalString (fontconfig.dpi != 0) ''Xft.dpi: ${toString fontconfig.dpi}''}
@ -104,8 +97,6 @@ let
${xorg.xrdb}/bin/xrdb -merge ~/.Xdefaults
fi
export LIBVA_DRIVERS_PATH=${vaapiDrivers}/lib/dri
# Speed up application start by 50-150ms according to
# http://kdemonkey.blogspot.nl/2008/04/magic-trick.html
rm -rf $HOME/.compose-cache

9
nixos/modules/services/x11/xserver.nix
View File

@ -216,15 +216,6 @@ in
'';
};
vaapiDrivers = mkOption {
type = types.listOf types.path;
default = [ ];
example = literalExample "[ pkgs.vaapiIntel pkgs.vaapiVdpau ]";
description = ''
Packages providing libva acceleration drivers.
'';
};
startGnuPGAgent = mkOption {
type = types.bool;
default = false;

6
nixos/modules/virtualisation/azure-agent.nix
View File

@ -157,12 +157,6 @@ in
after = [ "ip-up.target" ];
wants = [ "ip-up.target" ];
environment = {
GIT_SSL_CAINFO = "/etc/ssl/certs/ca-certificates.crt";
OPENSSL_X509_CERT_FILE = "/etc/ssl/certs/ca-certificates.crt";
SSL_CERT_FILE = "/etc/ssl/certs/ca-certificates.crt";
};
path = [ pkgs.e2fsprogs ];
description = "Windows Azure Agent Service";
unitConfig.ConditionPathExists = "/etc/waagent.conf";

2
pkgs/applications/graphics/gimp/2.8.nix
View File

@ -27,6 +27,8 @@ stdenv.mkDerivation rec {
#configureFlags = [ "--disable-print" ];
enableParallelBuilding = true;
# "screenshot" needs this.
NIX_LDFLAGS = "-rpath ${xorg.libX11}/lib"
+ stdenv.lib.optionalString stdenv.isDarwin " -lintl";

1
pkgs/applications/networking/cluster/panamax/api/default.nix
View File

@ -62,7 +62,6 @@ stdenv.mkDerivation rec {
--prefix "PATH" : "$out/share/panamax-api/bin:${env.ruby}/bin:$PATH" \
--prefix "HOME" : "$out/share/panamax-api" \
--prefix "GEM_HOME" : "${env}/${env.ruby.gemPath}" \
--prefix "SSL_CERT_FILE" : /etc/ssl/certs/ca-certificates.crt \
--prefix "GEM_PATH" : "$out/share/panamax-api:${bundler}/${env.ruby.gemPath}"
'';

6
pkgs/applications/networking/instant-messengers/tkabber/default.nix
View File

@ -40,11 +40,7 @@ let
} // removeAttrs attrs [ "name" "sha256" ]);
in mkTkabber (main // {
postPatch = ''
substituteInPlace login.tcl --replace \
"custom::defvar loginconf(sslcacertstore) \"\"" \
"custom::defvar loginconf(sslcacertstore) \$env(SSL_CERT_FILE)"
'' + optionalString (theme != null) ''
postPatch = optionalString (theme != null) ''
themePath="$out/share/doc/tkabber/examples/xrdb/${theme}.xrdb"
sed -i '/^if.*load_default_xrdb/,/^}$/ {
s@option readfile \(\[fullpath [^]]*\]\)@option readfile "'"$themePath"'"@

12
pkgs/applications/version-management/git-and-tools/git/cert-path.patch
View File

@ -1,12 +0,0 @@
diff -ru -x '*~' git-1.9.2-orig/git-send-email.perl git-1.9.2/git-send-email.perl
--- git-1.9.2-orig/git-send-email.perl 2014-04-09 21:09:34.000000000 +0200
+++ git-1.9.2/git-send-email.perl 2014-04-16 18:35:05.861132282 +0200
@@ -1094,6 +1094,8 @@
return;
}
+ $smtp_ssl_cert_path //= $ENV{'SSL_CERT_FILE'};
+
if (!defined $smtp_ssl_cert_path) {
# use the OpenSSL defaults
return (SSL_verify_mode => SSL_VERIFY_PEER());

2
pkgs/applications/version-management/git-and-tools/git/default.nix
View File

@ -24,8 +24,6 @@ stdenv.mkDerivation {
patches = [
./docbook2texi.patch
./symlinks-in-bin.patch
./cert-path.patch
./ssl-cert-file.patch
];
buildInputs = [curl openssl zlib expat gettext cpio makeWrapper libiconv]

13
pkgs/applications/version-management/git-and-tools/git/ssl-cert-file.patch
View File

@ -1,13 +0,0 @@
This patch adds support for the OpenSSL SSL_CERT_FILE environment variable.
GIT_SSL_CAINFO still takes precedence.
--- git-orig/http.c.orig 2014-11-25 23:27:56.000000000 +0100
+++ git-orig/http.c 2014-11-25 23:28:48.000000000 +0100
@@ -433,6 +433,7 @@
#if LIBCURL_VERSION_NUM >= 0x070908
set_from_env(&ssl_capath, "GIT_SSL_CAPATH");
#endif
+ set_from_env(&ssl_cainfo, "SSL_CERT_FILE");
set_from_env(&ssl_cainfo, "GIT_SSL_CAINFO");
set_from_env(&user_agent, "GIT_HTTP_USER_AGENT");

6
pkgs/build-support/cc-wrapper/add-flags
View File

@ -1,11 +1,11 @@
# `-B@out@/bin' forces gcc to use ld-wrapper.sh when calling ld.
# `-B@out@/bin' forces cc to use ld-wrapper.sh when calling ld.
export NIX_CFLAGS_COMPILE="-B@out@/bin/ $NIX_CFLAGS_COMPILE"
if [ -e @out@/nix-support/libc-cflags ]; then
export NIX_CFLAGS_COMPILE="$(cat @out@/nix-support/libc-cflags) $NIX_CFLAGS_COMPILE"
fi
if [ -e @out@/nix-support/gcc-cflags ]; then
if [ -e @out@/nix-support/cc-cflags ]; then
export NIX_CFLAGS_COMPILE="$(cat @out@/nix-support/cc-cflags) $NIX_CFLAGS_COMPILE"
fi
@ -17,7 +17,7 @@ if [ -e @out@/nix-support/libc-ldflags ]; then
export NIX_LDFLAGS+=" $(cat @out@/nix-support/libc-ldflags)"
fi
if [ -e @out@/nix-support/gcc-ldflags ]; then
if [ -e @out@/nix-support/cc-ldflags ]; then
export NIX_LDFLAGS+=" $(cat @out@/nix-support/cc-ldflags)"
fi

5
pkgs/build-support/cc-wrapper/cc-wrapper.sh
View File

@ -1,4 +1,8 @@
#! @shell@ -e
path_backup="$PATH"
if [ -n "@coreutils@" ]; then
PATH="@coreutils@/bin:@gnugrep@/bin"
fi
if [ -n "$NIX_CC_WRAPPER_START_HOOK" ]; then
source "$NIX_CC_WRAPPER_START_HOOK"
@ -141,4 +145,5 @@ if [ -n "$NIX_CC_WRAPPER_EXEC_HOOK" ]; then
source "$NIX_CC_WRAPPER_EXEC_HOOK"
fi
PATH="$path_backup"
exec @prog@ ${extraBefore[@]} "${params[@]}" "${extraAfter[@]}"

13
pkgs/build-support/cc-wrapper/default.nix
View File

@ -9,13 +9,14 @@
, cc ? null, libc ? null, binutils ? null, coreutils ? null, shell ? stdenv.shell
, zlib ? null, extraPackages ? [], extraBuildCommands ? ""
, dyld ? null # TODO: should this be a setup-hook on dyld?
, isGNU ? false, isClang ? cc.isClang or false
, isGNU ? false, isClang ? cc.isClang or false, gnugrep ? null
}:
with stdenv.lib;
assert nativeTools -> nativePrefix != "";
assert !nativeTools -> cc != null && binutils != null && coreutils != null;
assert !nativeTools ->
cc != null && binutils != null && coreutils != null && gnugrep != null;
assert !nativeLibc -> libc != null;
# For ghdl (the vhdl language provider to gcc) we need zlib in the wrapper.
@ -37,9 +38,11 @@ stdenv.mkDerivation {
inherit cc shell;
libc = if nativeLibc then null else libc;
binutils = if nativeTools then null else binutils;
# The wrapper scripts use 'cat', so we may need coreutils.
coreutils = if nativeTools then null else coreutils;
binutils = if nativeTools then "" else binutils;
# The wrapper scripts use 'cat' and 'grep', so we may need coreutils
# and gnugrep.
coreutils = if nativeTools then "" else coreutils;
gnugrep = if nativeTools then "" else gnugrep;
passthru = { inherit nativeTools nativeLibc nativePrefix isGNU isClang; };

5
pkgs/build-support/cc-wrapper/gnat-wrapper.sh
View File

@ -1,4 +1,8 @@
#! @shell@ -e
path_backup="$PATH"
if [ -n "@coreutils@" ]; then
PATH="@coreutils@/bin"
fi
if [ -n "$NIX_GNAT_WRAPPER_START_HOOK" ]; then
source "$NIX_GNAT_WRAPPER_START_HOOK"
@ -100,4 +104,5 @@ if [ -n "$NIX_GNAT_WRAPPER_EXEC_HOOK" ]; then
source "$NIX_GNAT_WRAPPER_EXEC_HOOK"
fi
PATH="$path_backup"
exec @prog@ ${extraBefore[@]} "${params[@]}" ${extraAfter[@]}

5
pkgs/build-support/cc-wrapper/ld-wrapper.sh
View File

@ -1,4 +1,8 @@
#! @shell@ -e
path_backup="$PATH"
if [ -n "@coreutils@" ]; then
PATH="@coreutils@/bin"
fi
if [ -n "$NIX_LD_WRAPPER_START_HOOK" ]; then
source "$NIX_LD_WRAPPER_START_HOOK"
@ -163,4 +167,5 @@ if [ -n "$NIX_LD_WRAPPER_EXEC_HOOK" ]; then
source "$NIX_LD_WRAPPER_EXEC_HOOK"
fi
PATH="$path_backup"
exec @prog@ ${extraBefore[@]} "${params[@]}" ${extra[@]}

10
pkgs/build-support/gcc-wrapper-old/add-flags
View File

@ -1,12 +1,12 @@
# `-B@out@/bin' forces gcc to use ld-wrapper.sh when calling ld.
# `-B@out@/bin' forces cc to use ld-wrapper.sh when calling ld.
export NIX_CFLAGS_COMPILE="-B@out@/bin/ $NIX_CFLAGS_COMPILE"
if test -e @out@/nix-support/libc-cflags; then
export NIX_CFLAGS_COMPILE="$(cat @out@/nix-support/libc-cflags) $NIX_CFLAGS_COMPILE"
fi
if test -e @out@/nix-support/gcc-cflags; then
export NIX_CFLAGS_COMPILE="$(cat @out@/nix-support/gcc-cflags) $NIX_CFLAGS_COMPILE"
if test -e @out@/nix-support/cc-cflags; then
export NIX_CFLAGS_COMPILE="$(cat @out@/nix-support/cc-cflags) $NIX_CFLAGS_COMPILE"
fi
if test -e @out@/nix-support/gnat-cflags; then
@ -17,8 +17,8 @@ if test -e @out@/nix-support/libc-ldflags; then
export NIX_LDFLAGS="$NIX_LDFLAGS $(cat @out@/nix-support/libc-ldflags)"
fi
if test -e @out@/nix-support/gcc-ldflags; then
export NIX_LDFLAGS="$NIX_LDFLAGS $(cat @out@/nix-support/gcc-ldflags)"
if test -e @out@/nix-support/cc-ldflags; then
export NIX_LDFLAGS="$NIX_LDFLAGS $(cat @out@/nix-support/cc-ldflags)"
fi
if test -e @out@/nix-support/libc-ldflags-before; then

4
pkgs/build-support/gcc-wrapper-old/builder.sh
View File

@ -45,7 +45,7 @@ else
if [ -n "$langVhdl" ]; then
gccLDFlags="$gccLDFlags -L$zlib/lib"
fi
echo "$gccLDFlags" > $out/nix-support/gcc-ldflags
echo "$gccLDFlags" > $out/nix-support/cc-ldflags
# GCC shows $gcc/lib in `gcc -print-search-dirs', but not
# $gcc/lib64 (even though it does actually search there...)..
@ -63,7 +63,7 @@ else
gnatCFlags="-aI$basePath/adainclude -aO$basePath/adalib"
echo "$gnatCFlags" > $out/nix-support/gnat-cflags
fi
echo "$gccCFlags" > $out/nix-support/gcc-cflags
echo "$gccCFlags" > $out/nix-support/cc-cflags
gccPath="$gcc/bin"
# On Illumos/Solaris we might prefer native ld

2
pkgs/build-support/rust/fetchcargo.nix
View File

@ -16,8 +16,6 @@ stdenv.mkDerivation {
outputHashMode = "recursive";
outputHash = sha256;
SSL_CERT_FILE = "${cacert}/etc/ssl/certs/ca-bundle.crt";
impureEnvVars = [ "http_proxy" "https_proxy" "ftp_proxy" "all_proxy" "no_proxy" ];
preferLocalBuild = true;
}

4
pkgs/build-support/setup-hooks/set-source-date-epoch-to-latest.sh
View File

@ -27,5 +27,7 @@ updateSourceDateEpoch() {
postUnpackHooks+=(_updateSourceDateEpochFromSourceRoot)
_updateSourceDateEpochFromSourceRoot() {
updateSourceDateEpoch "$sourceRoot"
if [ -n "$sourceRoot" ]; then
updateSourceDateEpoch "$sourceRoot"
fi
}

6
pkgs/development/compilers/gcc/4.9/default.nix
View File

@ -71,8 +71,10 @@ let version = "4.9.3";
# The GNAT Makefiles did not pay attention to CFLAGS_FOR_TARGET for its
# target libraries and tools.
++ optional langAda ../gnat-cflags.patch
++ optional langFortran ../gfortran-driving.patch;
++ optional langFortran ../gfortran-driving.patch
# The NXConstStr.patch can be removed at 4.9.4
++ optional stdenv.isDarwin ../gfortran-darwin-NXConstStr.patch;
javaEcj = fetchurl {
# The `$(top_srcdir)/ecj.jar' file is automatically picked up at
# `configure' time.

2
pkgs/development/compilers/gcc/builder.sh
View File

@ -24,7 +24,7 @@ if test "$noSysDirs" = "1"; then
# Figure out what extra flags to pass to the gcc compilers
# being generated to make sure that they use our glibc.
extraFlags="$(cat $NIX_CC/nix-support/libc-cflags)"
extraLDFlags="$(cat $NIX_CC/nix-support/libc-ldflags) $(cat $NIX_CC/nix-support/libc-ldflags-before)"
extraLDFlags="$(cat $NIX_CC/nix-support/libc-ldflags) $(cat $NIX_CC/nix-support/libc-ldflags-before || true)"
# Use *real* header files, otherwise a limits.h is generated
# that does not include Glibc's limits.h (notably missing

27
pkgs/development/compilers/gcc/gfortran-darwin-NXConstStr.patch Normal file
View File

@ -0,0 +1,27 @@
From 82f81877458ea372176eabb5de36329431dce99b Mon Sep 17 00:00:00 2001
From: Iain Sandoe <iain@codesourcery.com>
Date: Sat, 21 Dec 2013 00:30:18 +0000
Subject: [PATCH] don't try to mark local symbols as no-dead-strip
---
gcc/config/darwin.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/gcc/config/darwin.c b/gcc/config/darwin.c
index 40804b8..0080299 100644
--- a/gcc/config/darwin.c
+++ b/gcc/config/darwin.c
@@ -1259,6 +1259,11 @@ darwin_encode_section_info (tree decl, rtx rtl, int first ATTRIBUTE_UNUSED)
void
darwin_mark_decl_preserved (const char *name)
{
+ /* Actually we shouldn't mark any local symbol this way, but for now
+ this only happens with ObjC meta-data. */
+ if (darwin_label_is_anonymous_local_objc_name (name))
+ return;
+
fprintf (asm_out_file, "\t.no_dead_strip ");
assemble_name (asm_out_file, name);
fputc ('\n', asm_out_file);
--
2.2.1

24
pkgs/development/interpreters/ruby/bundler-env/default.nix
View File

@ -65,8 +65,24 @@ let
"${bundler}/${ruby.gemPath}" \
${shellEscape (toString envPaths)}
'' + lib.optionalString (postBuild != null) postBuild;
passthru = {
passthru = rec {
inherit ruby bundler meta gems;
wrappedRuby = stdenv.mkDerivation {
name = "wrapped-ruby-${name}";
nativeBuildInputs = [ makeWrapper ];
buildCommand = ''
mkdir -p $out/bin
for i in ${ruby}/bin/*; do
makeWrapper "$i" $out/bin/$(basename "$i") \
--set BUNDLE_GEMFILE ${confFiles}/Gemfile \
--set BUNDLE_PATH ${bundlerEnv}/${ruby.gemPath} \
--set GEM_HOME ${bundlerEnv}/${ruby.gemPath} \
--set GEM_PATH ${bundlerEnv}/${ruby.gemPath}
done
'';
};
env = let
irbrc = builtins.toFile "irbrc" ''
if !(ENV["OLD_IRBRC"].nil? || ENV["OLD_IRBRC"].empty?)
@ -77,12 +93,8 @@ let
'';
in stdenv.mkDerivation {
name = "interactive-${name}-environment";
nativeBuildInputs = [ ruby bundlerEnv ];
nativeBuildInputs = [ wrappedRuby bundlerEnv ];
shellHook = ''
export BUNDLE_GEMFILE=${confFiles}/Gemfile
export BUNDLE_PATH=${bundlerEnv}/${ruby.gemPath}
export GEM_HOME=${bundlerEnv}/${ruby.gemPath}
export GEM_PATH=${bundlerEnv}/${ruby.gemPath}
export OLD_IRBRC="$IRBRC"
export IRBRC=${irbrc}
'';

61
pkgs/development/libraries/SDL/default.nix
View File

@ -1,4 +1,4 @@
{ stdenv, fetchurl, pkgconfig, audiofile, libcap
{ stdenv, fetchurl, fetchpatch, pkgconfig, audiofile, libcap
, openglSupport ? false, mesa ? null
, alsaSupport ? true, alsaLib ? null
, x11Support ? true, xlibsWrapper ? null, libXrandr ? null
@ -60,34 +60,49 @@ stdenv.mkDerivation rec {
"--without-x"
] ++ stdenv.lib.optional alsaSupport "--with-alsa-prefix=${alsaLib}/lib");
# Fix a build failure on OS X Mavericks
# Ticket: https://bugzilla.libsdl.org/show_bug.cgi?id=2085
patches = stdenv.lib.optional stdenv.isDarwin [ (fetchurl {
url = "http://bugzilla-attachments.libsdl.org/attachment.cgi?id=1320";
sha1 = "3137feb503a89a8d606405373905b92dcf7e293b";
}) ];
patches = [
# Fix window resizing issues, e.g. for xmonad
# Ticket: http://bugzilla.libsdl.org/show_bug.cgi?id=1430
(fetchpatch {
name = "fix_window_resizing.diff";
url = "https://bugs.debian.org/cgi-bin/bugreport.cgi?msg=10;filename=fix_window_resizing.diff;att=2;bug=665779";
sha256 = "1z35azc73vvi19pzi6byck31132a8w1vzrghp1x3hy4a4f9z4gc6";
})
# Fix drops of keyboard events for SDL_EnableUNICODE
(fetchpatch {
url = "http://hg.libsdl.org/SDL/raw-rev/0aade9c0203f";
sha256 = "1y9izncjlqvk1mkz1pkl9lrk9s452cmg2izjjlqqrhbn8279xy50";
})
# Ignore insane joystick axis events
(fetchpatch {
url = "http://hg.libsdl.org/SDL/raw-rev/95abff7adcc2";
sha256 = "0i8x0kx0pw12ld5bfxhyzs466y3c0n9dscw1ijhq1b96r72xyhqq";
})
# Workaround X11 bug to allow changing gamma
# Ticket: https://bugs.freedesktop.org/show_bug.cgi?id=27222
(fetchpatch {
url = "http://pkgs.fedoraproject.org/cgit/rpms/SDL.git/plain/SDL-1.2.15-x11-Bypass-SetGammaRamp-when-changing-gamma.patch?id=04a3a7b1bd88c2d5502292fad27e0e02d084698d";
sha256 = "0x52s4328kilyq43i7psqkqg7chsfwh0aawr50j566nzd7j51dlv";
})
# Fix a build failure on OS X Mavericks
# Ticket: https://bugzilla.libsdl.org/show_bug.cgi?id=2085
(fetchpatch {
url = "http://hg.libsdl.org/SDL/raw-rev/e9466ead70e5";
sha256 = "0mpwdi09h89df2wxqw87m1rdz7pr46k0w6alk691k8kwv970z6pl";
})
(fetchpatch {
url = "http://hg.libsdl.org/SDL/raw-rev/bbfb41c13a87";
sha256 = "1336g7waaf1c8yhkz11xbs500h8bmvabh4h437ax8l1xdwcppfxv";
})
];
crossAttrs =stdenv.lib.optionalAttrs (stdenv.cross.libc == "libSystem") {
patches = let
f = rev: sha256: fetchurl {
url = "http://hg.libsdl.org/SDL/raw-rev/${rev}";
inherit sha256;
};
in [
(f "e9466ead70e5" "0ygir3k83d0vxp7s3k48jn3j8n2bnv9wm6613wpx3ybnjrxabrip")
(f "bbfb41c13a87" "17v29ybjifvka19m8qf14rjc43nfdwk9v9inaizznarhb17amlnv")
];
postPatch = ''
sed -i -e 's/ *-fpascal-strings//' configure
'';
};
passthru = {inherit openglSupport;};
passthru = { inherit openglSupport; };
meta = with stdenv.lib; {
description = "A cross-platform multimedia library";
homepage = http://www.libsdl.org/;
maintainers = with maintainers; [ lovek323 ];
platforms = platforms.unix;
license = licenses.lgpl21;
};
}

19
pkgs/development/libraries/fontconfig-ultimate/confd.nix
View File

@ -1,13 +1,18 @@
{ stdenv, fetchurl }:
{ stdenv, fetchFromGitHub }:
let version = "2015-12-06"; in
stdenv.mkDerivation {
name = "fontconfig-ultimate-20141123";
src = fetchurl {
url = "https://github.com/bohoomil/fontconfig-ultimate/archive/2014-11-23.tar.gz";
sha256 = "0czfm3hxc41x5mscwrba7p1vhm2w62j1qg7z8kfdrf21z8fvgznw";
name = "fontconfig-ultimate-${version}";
src = fetchFromGitHub {
sha256 = "02a811szxkq4q088nxfpdzp6rv0brvgkdhwigk09qffygxd776g6";
rev = version;
repo = "fontconfig-ultimate";
owner = "bohoomil";
};
phases = "$prePhases unpackPhase installPhase $postPhases";
installPhase = ''
mkdir -p $out/etc/fonts/conf.d
cp conf.d.infinality/*.conf $out/etc/fonts/conf.d
@ -22,8 +27,8 @@ stdenv.mkDerivation {
rm $out/etc/fonts/conf.d/83-*.conf
# Inclusion of local and user configs handled by global configuration
rm $out/etc/fonts/conf.d/97-local.conf
rm $out/etc/fonts/conf.d/98-user.conf
rm $out/etc/fonts/conf.d/29-local.conf
rm $out/etc/fonts/conf.d/28-user.conf
cp fontconfig_patches/fonts-settings/*.conf $out/etc/fonts/conf.d

27
pkgs/development/libraries/fontconfig/make-fonts-cache.nix Normal file
View File

@ -0,0 +1,27 @@
{ runCommand, lib, writeText, fontconfig, fontbhttf, fontDirectories }:
runCommand "fc-cache"
rec {
buildInputs = [ fontconfig ];
passAsFile = [ "fontDirs" ];
fontDirs = ''
<!-- Font directories -->
${lib.concatStringsSep "\n" (map (font: "<dir>${font}</dir>") fontDirectories)}
'';
}
''
export FONTCONFIG_FILE=$(pwd)/fonts.conf
cat > fonts.conf << EOF
<?xml version='1.0'?>
<!DOCTYPE fontconfig SYSTEM 'fonts.dtd'>
<fontconfig>
<include>${fontconfig}/etc/fonts/fonts.conf</include>
<cachedir>$out</cachedir>
EOF
cat "$fontDirsPath" >> fonts.conf
echo "</fontconfig>" >> fonts.conf
mkdir -p $out
fc-cache -sv
''

10
pkgs/development/libraries/fontconfig/make-fonts-conf.xsl
View File

@ -23,16 +23,16 @@
<fontconfig>
<xsl:apply-templates select="child::node()[name() != 'dir' and name() != 'cachedir' and name() != 'include']" />
<!-- fontconfig distribution conf.d -->
<include><xsl:value-of select="$fontconfig" />/etc/fonts/conf.d</include>
<!-- versioned system-wide config -->
<include ignore_missing="yes">/etc/fonts/<xsl:value-of select="$fontconfigConfigVersion" />/conf.d</include>
<!-- the first cachedir will be used to store the cache -->
<cachedir prefix="xdg">fontconfig</cachedir>
<!-- /var/cache/fontconfig is useful for non-nixos systems -->
<cachedir>/var/cache/fontconfig</cachedir>
<!-- fontconfig distribution conf.d -->
<include><xsl:value-of select="$fontconfig" />/etc/fonts/conf.d</include>
<!-- versioned system-wide config -->
<include ignore_missing="yes">/etc/fonts/<xsl:value-of select="$fontconfigConfigVersion" />/conf.d</include>
<dir prefix="xdg">fonts</dir>
<xsl:for-each select="str:tokenize($fontDirectories)">
<dir><xsl:value-of select="." /></dir>

29
pkgs/development/libraries/freetype/default.nix
View File

@ -1,16 +1,18 @@
{ stdenv, fetchurl, fetchpatch, pkgconfig, which, zlib, bzip2, libpng, gnumake
, glib /* passthru only */
# FreeType supports sub-pixel rendering. This is patented by
# Microsoft, so it is disabled by default. This option allows it to
# be enabled. See http://www.freetype.org/patents.html.
, glib/*passthru only*/
, useEncumberedCode ? true
}:
let
version = "2.5.4";
version = "2.6.2";
fetch_bohoomil = name: sha256: fetchpatch {
url = https://raw.githubusercontent.com/bohoomil/fontconfig-ultimate/e4c99bcf5ac9595e2c64393c0661377685c0ad24/01_freetype2-iu/ + name;
# Don't use fetchpatch. It mangles them. That's an hour I'll never get back.
fetchbohoomil = name: sha256: fetchurl {
url = https://raw.githubusercontent.com/bohoomil/fontconfig-ultimate/254b688f96d4a37f78fb594303a43160fc15c7cd/freetype/ + name;
inherit sha256;
};
in
@ -20,15 +22,17 @@ stdenv.mkDerivation rec {
src = fetchurl {
url = "mirror://sourceforge/freetype/${name}.tar.bz2";
sha256 = "1fxsbk4lp6ymifldzrb86g3x6mz771jmrzphkz92mcrkddk2qkiv";
sha256 = "14mqrfgl18q2by1yzv6vcxi97zjy4kppcgsqf312mhfwgkpvvxms";
};
patches = [ ./enable-validation.patch ] # from Gentoo, bohoomil has the same patch as well
++ [ ./fix-pcf.patch ]
patches = []
++ optionals useEncumberedCode [
(fetch_bohoomil "02-ftsmooth-2.5.4.patch" "11w4wb7gwgpijc788mpkxj92d7rfdwrdv7jzrpxwv5w5cgpx9iw9")
(fetch_bohoomil "03-upstream-2014.12.07.patch" "0gq7y63mg3gc5z69nfkv2kl7xad0bjzsvnl6j1j9q79jjbvaqdq0")
(fetch_bohoomil "04-infinality-2.5.4-2014.12.07.patch" "1gph7z9s2221gy5dxn01v3lga0m9yib8yqsaqj5km74bqx1vlalh")
(fetchbohoomil "01-freetype-2.6.2-enable-valid.patch"
"1szq0zha7n41f4pq179wgfkam034mp2xn0xc36sdl5sjp9s9hv08")
(fetchbohoomil "02-upstream-2015.12.05.patch"
"0781r9n35kpn8db8nma0l47cpkzh0hbp84ziii5sald90dnrqdj4")
(fetchbohoomil "03-infinality-2.6.2-2015.12.05.patch"
"0wcjf9hiymplgqm3szla633i417pb57vpzzs2dyl1dnmcxgqa2y8")
];
propagatedBuildInputs = [ zlib bzip2 libpng ]; # needed when linking against freetype
@ -46,10 +50,7 @@ stdenv.mkDerivation rec {
doCheck = true;
# compat hacks
postInstall = glib.flattenInclude + ''
ln -s . "$out"/include/freetype
'';
postInstall = glib.flattenInclude;
crossAttrs = {
# Somehow it calls the unwrapped gcc, "i686-pc-linux-gnu-gcc", instead

22
pkgs/development/libraries/freetype/enable-validation.patch
View File

@ -1,22 +0,0 @@
Enables gxvalid and otvalid modules for use with ftvalid.
--- freetype-2.2.1/modules.cfg.orig 2006-07-07 21:01:09.000000000 -0400
+++ freetype-2.2.1/modules.cfg 2006-07-07 21:01:54.000000000 -0400
@@ -110,7 +110,7 @@
AUX_MODULES += cache
# TrueType GX/AAT table validation. Needs ftgxval.c below.
-# AUX_MODULES += gxvalid
+AUX_MODULES += gxvalid
# Support for streams compressed with gzip (files with suffix .gz).
#
@@ -124,7 +124,7 @@
# OpenType table validation. Needs ftotval.c below.
#
-# AUX_MODULES += otvalid
+AUX_MODULES += otvalid
# Auxiliary PostScript driver component to share common code.
#

132
pkgs/development/libraries/freetype/fix-pcf.patch
View File

@ -1,132 +0,0 @@
Upstream fixes for pcf fonts.
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=74af85c4b62b35e55b0ce9dec55ee10cbc4962a2
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=06842c7b49c21f13c0ab61201daab6ff5a358fcc
diff --git a/src/pcf/pcfread.c b/src/pcf/pcfread.c
index 998cbed..e3caf82 100644
--- a/src/pcf/pcfread.c
+++ b/src/pcf/pcfread.c
@@ -2,7 +2,7 @@
FreeType font driver for pcf fonts
- Copyright 2000-2010, 2012, 2013 by
+ Copyright 2000-2010, 2012-2014 by
Francesco Zappa Nardelli
Permission is hereby granted, free of charge, to any person obtaining a copy
@@ -78,7 +78,7 @@ THE SOFTWARE.
FT_FRAME_START( 16 ),
FT_FRAME_ULONG_LE( type ),
FT_FRAME_ULONG_LE( format ),
- FT_FRAME_ULONG_LE( size ),
+ FT_FRAME_ULONG_LE( size ), /* rounded up to a multiple of 4 */
FT_FRAME_ULONG_LE( offset ),
FT_FRAME_END
};
@@ -95,9 +95,11 @@ THE SOFTWARE.
FT_Memory memory = FT_FACE( face )->memory;
FT_UInt n;
+ FT_ULong size;
- if ( FT_STREAM_SEEK ( 0 ) ||
- FT_STREAM_READ_FIELDS ( pcf_toc_header, toc ) )
+
+ if ( FT_STREAM_SEEK( 0 ) ||
+ FT_STREAM_READ_FIELDS( pcf_toc_header, toc ) )
return FT_THROW( Cannot_Open_Resource );
if ( toc->version != PCF_FILE_VERSION ||
@@ -154,14 +156,35 @@ THE SOFTWARE.
break;
}
- /* we now check whether the `size' and `offset' values are reasonable: */
- /* `offset' + `size' must not exceed the stream size */
+ /*
+ * We now check whether the `size' and `offset' values are reasonable:
+ * `offset' + `size' must not exceed the stream size.
+ *
+ * Note, however, that X11's `pcfWriteFont' routine (used by the
+ * `bdftopcf' program to create PDF font files) has two special
+ * features.
+ *
+ * - It always assigns the accelerator table a size of 100 bytes in the
+ * TOC, regardless of its real size, which can vary between 34 and 72
+ * bytes.
+ *
+ * - Due to the way the routine is designed, it ships out the last font
+ * table with its real size, ignoring the TOC's size value. Since
+ * the TOC size values are always rounded up to a multiple of 4, the
+ * difference can be up to three bytes for all tables except the
+ * accelerator table, for which the difference can be as large as 66
+ * bytes.
+ *
+ */
+
tables = face->toc.tables;
- for ( n = 0; n < toc->count; n++ )
+ size = stream->size;
+
+ for ( n = 0; n < toc->count - 1; n++ )
{
/* we need two checks to avoid overflow */
- if ( ( tables->size > stream->size ) ||
- ( tables->offset > stream->size - tables->size ) )
+ if ( ( tables->size > size ) ||
+ ( tables->offset > size - tables->size ) )
{
error = FT_THROW( Invalid_Table );
goto Exit;
@@ -169,6 +192,15 @@ THE SOFTWARE.
tables++;
}
+ /* no check of `tables->size' for last table element ... */
+ if ( ( tables->offset > size ) )
+ {
+ error = FT_THROW( Invalid_Table );
+ goto Exit;
+ }
+ /* ... instead, we adjust `tables->size' to the real value */
+ tables->size = size - tables->offset;
+
#ifdef FT_DEBUG_LEVEL_TRACE
{
@@ -733,8 +765,8 @@ THE SOFTWARE.
FT_TRACE4(( " number of bitmaps: %d\n", nbitmaps ));
- /* XXX: PCF_Face->nmetrics is singed FT_Long, see pcf.h */
- if ( face->nmetrics < 0 || nbitmaps != ( FT_ULong )face->nmetrics )
+ /* XXX: PCF_Face->nmetrics is signed FT_Long, see pcf.h */
+ if ( face->nmetrics < 0 || nbitmaps != (FT_ULong)face->nmetrics )
return FT_THROW( Invalid_File_Format );
if ( FT_NEW_ARRAY( offsets, nbitmaps ) )
diff --git a/src/pcf/pcfread.c b/src/pcf/pcfread.c
index e3caf82..a29a9e3 100644
--- a/src/pcf/pcfread.c
+++ b/src/pcf/pcfread.c
@@ -192,14 +192,15 @@ THE SOFTWARE.
tables++;
}
- /* no check of `tables->size' for last table element ... */
+ /* only check `tables->offset' for last table element ... */
if ( ( tables->offset > size ) )
{
error = FT_THROW( Invalid_Table );
goto Exit;
}
- /* ... instead, we adjust `tables->size' to the real value */
- tables->size = size - tables->offset;
+ /* ... and adjust `tables->size' to the real value if necessary */
+ if ( tables->size > size - tables->offset )
+ tables->size = size - tables->offset;
#ifdef FT_DEBUG_LEVEL_TRACE

1
pkgs/development/libraries/gnutls/generic.nix
View File

@ -16,7 +16,6 @@ stdenv.mkDerivation {
outputs = [ "out" "man" ];
configureFlags =
# FIXME: perhaps use $SSL_CERT_FILE instead
lib.optional stdenv.isLinux "--with-default-trust-store-file=/etc/ssl/certs/ca-certificates.crt"
++ [
"--disable-dependency-tracking"

17
pkgs/development/libraries/ijs/default.nix
View File

@ -1,16 +1,25 @@
{ stdenv, fetchurl, autoreconfHook }:
{ stdenv, fetchurl, fetchpatch, autoreconfHook }:
let version = "9.16";
let version = "9.18";
in
stdenv.mkDerivation {
name = "ijs-${version}";
src = fetchurl {
url = "http://downloads.ghostscript.com/public/ghostscript-${version}.tar.bz2";
sha256 = "0vdqbjkickb0109lk6397bb2zjmg1s46dac5p5j4gfxa4pwl8b9y";
sha256 = "18ad90za28dxybajqwf3y3dld87cgkx1ljllmcnc7ysspfxzbnl3";
};
prePatch = "cd ijs";
patches = [
# http://bugs.ghostscript.com/show_bug.cgi?id=696246
(fetchpatch {
name = "devijs-account-for-device-subclassing.patch";
url = "http://git.ghostscript.com/?p=ghostpdl.git;a=patch;h=b68e05c3";
sha256 = "1c3fzfjzvf15z533vpw3l3da8wcxw98qi3p1lc6lf13940a57c7n";
})
];
postPatch = "cd ijs";
enableParallelBuilding = true;

2
pkgs/development/libraries/libspectre/default.nix
View File

@ -8,6 +8,8 @@ stdenv.mkDerivation rec {
sha256 = "1v63lqc6bhhxwkpa43qmz8phqs8ci4dhzizyy16d3vkb20m846z8";
};
patches = [ ./libspectre-0.2.7-gs918.patch ];
buildInputs = [
# Need `libgs.so'.
pkgconfig ghostscript cairo /*for tests*/

42
pkgs/development/libraries/libspectre/libspectre-0.2.7-gs918.patch Normal file
View File

@ -0,0 +1,42 @@
Fixed error namespace for >=ghostscript-gpl-9.18
https://bugs.gentoo.org/563540
--- libspectre-0.2.7/libspectre/spectre-gs.c
+++ libspectre-0.2.7/libspectre/spectre-gs.c
@@ -43,12 +43,12 @@
if (code <= -100) {
switch (code) {
- case e_Fatal:
+ case gs_error_Fatal:
fprintf (stderr, "fatal internal error %d", code);
return TRUE;
break;
- case e_ExecStackUnderflow:
+ case gs_error_ExecStackUnderflow:
fprintf (stderr, "stack overflow %d", code);
return TRUE;
break;
@@ -109,9 +109,9 @@
set = _spectre_strdup_printf ("%d %d translate\n", -x, -y);
error = gsapi_run_string_continue (ghostscript_instance, set, strlen (set),
0, &exit_code);
- error = error == e_NeedInput ? 0 : error;
+ error = error == gs_error_NeedInput ? 0 : error;
free (set);
- if (error != e_NeedInput && critic_error_code (error)) {
+ if (error != gs_error_NeedInput && critic_error_code (error)) {
fclose (fd);
return FALSE;
}
@@ -126,7 +126,7 @@
read = fread (buf, sizeof (char), to_read, fd);
error = gsapi_run_string_continue (ghostscript_instance,
buf, read, 0, &exit_code);
- error = error == e_NeedInput ? 0 : error;
+ error = error == gs_error_NeedInput ? 0 : error;
left -= read;
}

21
pkgs/development/libraries/libva/default.nix
View File

@ -1,18 +1,25 @@
{ stdenv, fetchurl, libX11, pkgconfig, libXext, libdrm, libXfixes, wayland, libffi
, mesa ? null
{ stdenv, lib, fetchurl, libX11, pkgconfig, libXext, libdrm, libXfixes, wayland, libffi
, mesa_noglu ? null
}:
stdenv.mkDerivation rec {
name = "libva-1.6.1";
let
withMesa = mesa_noglu != null;
in stdenv.mkDerivation rec {
name = "libva-1.6.2";
src = fetchurl {
url = "http://www.freedesktop.org/software/vaapi/releases/libva/${name}.tar.bz2";
sha256 = "0bjfb5s8dk3lql843l91ffxzlq47isqks5sj19cxh7j3nhzw58kz";
sha256 = "1l4bij21shqbfllbxicmqgmay4v509v9hpxyyia9wm7gvsfg05y4";
};
buildInputs = [ libX11 libXext pkgconfig libdrm libXfixes wayland libffi mesa ];
buildInputs = [ libX11 libXext pkgconfig libdrm libXfixes wayland libffi mesa_noglu ];
configureFlags = stdenv.lib.optional (mesa != null) "--enable-glx";
configureFlags = lib.optionals withMesa [
"--with-drivers-path=${mesa_noglu.driverLink}/lib/dri"
"--enable-glx"
];
installFlags = [ "dummy_drv_video_ladir=$(out)/lib/dri" ];
meta = with stdenv.lib; {
homepage = http://www.freedesktop.org/wiki/Software/vaapi;

27
pkgs/development/libraries/libvdpau-va-gl/default.nix Normal file
View File

@ -0,0 +1,27 @@
{ stdenv, fetchFromGitHub, cmake, pkgconfig, libX11, libpthreadstubs, libvdpau, glib
, libva, ffmpeg, mesa_glu }:
let
version = "0.3.4";
in stdenv.mkDerivation rec {
name = "libvdpau-va-gl-${version}";
src = fetchFromGitHub {
owner = "i-rinat";
repo = "libvdpau-va-gl";
rev = "v${version}";
sha256 = "1909f3srm2iy2hv4m6jxg1nxrh9xgsnjs07wfzw3ais1fww0i2nn";
};
nativeBuildInputs = [ cmake pkgconfig ];
buildInputs = [ libX11 libpthreadstubs libvdpau glib libva ffmpeg mesa_glu ];
meta = with stdenv.lib; {
homepage = https://github.com/i-rinat/libvdpau-va-gl;
description = "VDPAU driver with OpenGL/VAAPI backend";
license = licenses.lgpl3;
platforms = platforms.linux;
maintainers = with maintainers; [ abbradar ];
};
}

7
pkgs/development/libraries/libvdpau/default.nix
View File

@ -1,4 +1,4 @@
{ stdenv, fetchurl, pkgconfig, xorg }:
{ stdenv, fetchurl, pkgconfig, xorg, mesa_noglu }:
stdenv.mkDerivation rec {
name = "libvdpau-1.1.1";
@ -12,6 +12,11 @@ stdenv.mkDerivation rec {
propagatedBuildInputs = [ xorg.libX11 ];
configureFlags = stdenv.lib.optional stdenv.isLinux
"--with-module-dir=${mesa_noglu.driverLink}/lib/vdpau";
installFlags = [ "moduledir=$(out)/lib/vdpau" ];
meta = with stdenv.lib; {
homepage = http://people.freedesktop.org/~aplattner/vdpau/;
description = "Library to use the Video Decode and Presentation API for Unix (VDPAU)";

13
pkgs/development/libraries/libxslt/default.nix
View File

@ -1,4 +1,4 @@
{ stdenv, fetchurl, libxml2, findXMLCatalogs }:
{ stdenv, fetchurl, fetchpatch, libxml2, findXMLCatalogs }:
stdenv.mkDerivation rec {
name = "libxslt-1.1.28";
@ -8,14 +8,21 @@ stdenv.mkDerivation rec {
sha256 = "13029baw9kkyjgr7q3jccw2mz38amq7mmpr5p3bh775qawd1bisz";
};
patches = stdenv.lib.optional stdenv.isSunOS ./patch-ah.patch
++ [
(fetchpatch {
name = "CVE-2015-7995.patch";
url = "http://git.gnome.org/browse/libxslt/patch/?id=7ca19df892ca22";
sha256 = "1xzg0q94dzbih9nvqp7g9ihz0a3qb0w23l1158m360z9smbi8zbd";
})
];
outputs = [ "out" "doc" ];
buildInputs = [ libxml2 ];
propagatedBuildInputs = [ findXMLCatalogs ];
patches = stdenv.lib.optionals stdenv.isSunOS [ ./patch-ah.patch ];
configureFlags = [
"--with-libxml-prefix=${libxml2}"
"--without-python"

6
pkgs/development/libraries/mesa/default.nix
View File

@ -22,7 +22,7 @@ else
*/
let
version = "11.0.8";
version = "11.1.1";
# this is the default search path for DRI drivers
driverLink = "/run/opengl-driver" + stdenv.lib.optionalString stdenv.isi686 "-32";
in
@ -38,7 +38,7 @@ stdenv.mkDerivation {
+ head (splitString "." version) + ''.x/${version}/mesa-${version}.tar.xz'')
"https://launchpad.net/mesa/trunk/${version}/+download/mesa-${version}.tar.xz"
];
sha256 = "5696e4730518b6805d2ed5def393c4293f425a2c2c01bd5ed4bdd7ad62f7ad75";
sha256 = "087xlxl8dzmhzjilpsdiy19dn106spq120c9ndgnn4qlqm7hgnv4";
};
prePatch = "patchShebangs .";
@ -158,8 +158,6 @@ stdenv.mkDerivation {
done
'' + /* set the default search path for DRI drivers; used e.g. by X server */ ''
substituteInPlace "$out/lib/pkgconfig/dri.pc" --replace '$(drivers)' "${driverLink}"
'' + /* move vdpau drivers to $drivers/lib, so they are found */ ''
mv "$drivers"/lib/vdpau/* "$drivers"/lib/ && rmdir "$drivers"/lib/vdpau
'';
#ToDo: @vcunat isn't sure if drirc will be found when in $out/etc/, but it doesn't seem important ATM

91
pkgs/development/libraries/openssl/1.0.2.x.nix
View File

@ -1,91 +0,0 @@
{ stdenv, fetchurl, perl
, withCryptodev ? false, cryptodevHeaders }:
with stdenv.lib;
let
opensslCrossSystem = attrByPath [ "openssl" "system" ]
(throw "openssl needs its platform name cross building" null)
stdenv.cross;
in
stdenv.mkDerivation rec {
name = "openssl-1.0.2f";
src = fetchurl {
urls = [
"http://www.openssl.org/source/${name}.tar.gz"
"http://openssl.linux-mirror.org/source/${name}.tar.gz"
];
sha256 = "932b4ee4def2b434f85435d9e3e19ca8ba99ce9a065a61524b429a9d5e9b2e9c";
};
patches = optional stdenv.isCygwin ./1.0.1-cygwin64.patch;
nativeBuildInputs = [ perl ];
buildInputs = stdenv.lib.optional withCryptodev cryptodevHeaders;
# On x86_64-darwin, "./config" misdetects the system as
# "darwin-i386-cc". So specify the system type explicitly.
configureScript =
if stdenv.system == "x86_64-darwin" then "./Configure darwin64-x86_64-cc"
else if stdenv.system == "x86_64-solaris" then "./Configure solaris64-x86_64-gcc"
else "./config";
configureFlags = [
"shared"
"--libdir=lib"
"--openssldir=etc/ssl"
] ++ stdenv.lib.optionals withCryptodev [
"-DHAVE_CRYPTODEV"
"-DUSE_CRYPTODEV_DIGESTS"
];
makeFlags = [
"MANDIR=$(out)/share/man"
];
# Parallel building is broken in OpenSSL.
enableParallelBuilding = false;
postInstall = ''
# If we're building dynamic libraries, then don't install static
# libraries.
if [ -n "$(echo $out/lib/*.so $out/lib/*.dylib $out/lib/*.dll)" ]; then
rm "$out/lib/"*.a
fi
# remove dependency on Perl at runtime
rm -r $out/etc/ssl/misc $out/bin/c_rehash
'';
postFixup = ''
# Check to make sure we don't depend on perl
if grep -r '${perl}' $out; then
echo "Found an erroneous dependency on perl ^^^" >&2
exit 1
fi
'';
crossAttrs = {
# upstream patch: https://rt.openssl.org/Ticket/Display.html?id=2558
postPatch = ''
sed -i -e 's/[$][(]CROSS_COMPILE[)]windres/$(WINDRES)/' Makefile.shared
'';
preConfigure=''
# It's configure does not like --build or --host
export configureFlags="${concatStringsSep " " (configureFlags ++ [ opensslCrossSystem ])}"
# WINDRES and RANLIB need to be prefixed when cross compiling;
# the openssl configure script doesn't do that for us
export WINDRES=${stdenv.cross.config}-windres
export RANLIB=${stdenv.cross.config}-ranlib
'';
configureScript = "./Configure";
};
meta = {
homepage = http://www.openssl.org/;
description = "A cryptographic library that implements the SSL and TLS protocols";
platforms = stdenv.lib.platforms.all;
maintainers = [ stdenv.lib.maintainers.simons ];
priority = 10; # resolves collision with man-pages
};
}

168
pkgs/development/libraries/openssl/default.nix
View File

@ -2,93 +2,109 @@
, withCryptodev ? false, cryptodevHeaders }:
with stdenv.lib;
let
opensslCrossSystem = attrByPath [ "openssl" "system" ]
(throw "openssl needs its platform name cross building" null)
stdenv.cross;
in
stdenv.mkDerivation rec {
name = "openssl-1.0.1q";
src = fetchurl {
urls = [
"http://www.openssl.org/source/${name}.tar.gz"
"http://openssl.linux-mirror.org/source/${name}.tar.gz"
opensslCrossSystem = stdenv.cross.openssl.system or
(throw "openssl needs its platform name cross building");
common = { version, sha256 }: stdenv.mkDerivation rec {
name = "openssl-${version}";
src = fetchurl {
url = "http://www.openssl.org/source/${name}.tar.gz";
inherit sha256;
};
outputs = [ "out" "man" ];
patches =
[ ./use-etc-ssl-certs.patch ]
++ optional stdenv.isCygwin ./1.0.1-cygwin64.patch
++ optional (stdenv.isDarwin || (stdenv ? cross && stdenv.cross.libc == "libSystem")) ./darwin-arch.patch;
nativeBuildInputs = [ perl ];
buildInputs = stdenv.lib.optional withCryptodev cryptodevHeaders;
# On x86_64-darwin, "./config" misdetects the system as
# "darwin-i386-cc". So specify the system type explicitly.
configureScript =
if stdenv.system == "x86_64-darwin" then "./Configure darwin64-x86_64-cc"
else if stdenv.system == "x86_64-solaris" then "./Configure solaris64-x86_64-gcc"
else "./config";
configureFlags = [
"shared"
"--libdir=lib"
"--openssldir=etc/ssl"
] ++ stdenv.lib.optionals withCryptodev [
"-DHAVE_CRYPTODEV"
"-DUSE_CRYPTODEV_DIGESTS"
];
sha256 = "1dvz0hx7fjxag06b51pawy154y6d2xajm5rwxmfnlq7ax628nrdk";
};
outputs = [ "out" "man" ];
makeFlags = [
"MANDIR=$(out)/share/man"
];
patches = optional stdenv.isCygwin ./1.0.1-cygwin64.patch
++ optional (stdenv.isDarwin || (stdenv ? cross && stdenv.cross.libc == "libSystem")) ./darwin-arch.patch;
# Parallel building is broken in OpenSSL.
enableParallelBuilding = false;
nativeBuildInputs = [ perl ];
buildInputs = stdenv.lib.optional withCryptodev cryptodevHeaders;
postInstall = ''
# If we're building dynamic libraries, then don't install static
# libraries.
if [ -n "$(echo $out/lib/*.so $out/lib/*.dylib $out/lib/*.dll)" ]; then
rm "$out/lib/"*.a
fi
# On x86_64-darwin, "./config" misdetects the system as
# "darwin-i386-cc". So specify the system type explicitly.
configureScript =
if stdenv.system == "x86_64-darwin" then "./Configure darwin64-x86_64-cc"
else if stdenv.system == "x86_64-solaris" then "./Configure solaris64-x86_64-gcc"
else "./config";
# remove dependency on Perl at runtime
rm -r $out/etc/ssl/misc $out/bin/c_rehash
configureFlags = [
"shared"
"--libdir=lib"
"--openssldir=etc/ssl"
] ++ stdenv.lib.optionals withCryptodev [
"-DHAVE_CRYPTODEV"
"-DUSE_CRYPTODEV_DIGESTS"
];
makeFlags = [
"MANDIR=$(out)/share/man"
];
# Parallel building is broken in OpenSSL.
enableParallelBuilding = false;
postInstall = ''
# If we're building dynamic libraries, then don't install static
# libraries.
if [ -n "$(echo $out/lib/*.so $out/lib/*.dylib $out/lib/*.dll)" ]; then
rm "$out/lib/"*.a
fi
# remove dependency on Perl at runtime
rm -r $out/etc/ssl/misc $out/bin/c_rehash
'';
postFixup = ''
# Check to make sure we don't depend on perl
if grep -r '${perl}' $out; then
echo "Found an erroneous dependency on perl ^^^" >&2
exit 1
fi
'';
crossAttrs = {
# upstream patch: https://rt.openssl.org/Ticket/Display.html?id=2558
postPatch = ''
sed -i -e 's/[$][(]CROSS_COMPILE[)]windres/$(WINDRES)/' Makefile.shared
rmdir $out/etc/ssl/{certs,private}
'';
preConfigure=''
# It's configure does not like --build or --host
export configureFlags="${concatStringsSep " " (configureFlags ++ [ opensslCrossSystem ])}"
# WINDRES and RANLIB need to be prefixed when cross compiling;
# the openssl configure script doesn't do that for us
export WINDRES=${stdenv.cross.config}-windres
export RANLIB=${stdenv.cross.config}-ranlib
postFixup = ''
# Check to make sure we don't depend on perl
if grep -r '${perl}' $out; then
echo "Found an erroneous dependency on perl ^^^" >&2
exit 1
fi
'';
configureScript = "./Configure";
crossAttrs = {
# upstream patch: https://rt.openssl.org/Ticket/Display.html?id=2558
postPatch = ''
sed -i -e 's/[$][(]CROSS_COMPILE[)]windres/$(WINDRES)/' Makefile.shared
'';
preConfigure=''
# It's configure does not like --build or --host
export configureFlags="${concatStringsSep " " (configureFlags ++ [ opensslCrossSystem ])}"
# WINDRES and RANLIB need to be prefixed when cross compiling;
# the openssl configure script doesn't do that for us
export WINDRES=${stdenv.cross.config}-windres
export RANLIB=${stdenv.cross.config}-ranlib
'';
configureScript = "./Configure";
};
meta = {
homepage = http://www.openssl.org/;
description = "A cryptographic library that implements the SSL and TLS protocols";
platforms = stdenv.lib.platforms.all;
maintainers = [ stdenv.lib.maintainers.simons ];
priority = 10; # resolves collision with man-pages
};
};
meta = {
homepage = http://www.openssl.org/;
description = "A cryptographic library that implements the SSL and TLS protocols";
platforms = stdenv.lib.platforms.all;
maintainers = [ stdenv.lib.maintainers.simons ];
priority = 10; # resolves collision with man-pages
in {
openssl_1_0_1 = common {
version = "1.0.1r";
sha256 = "0iik7a3b0mrfrxzngdf7ywfscg9inbw77y0jp2ccw0gdap9xhjvq";
};
openssl_1_0_2 = common {
version = "1.0.2f";
sha256 = "932b4ee4def2b434f85435d9e3e19ca8ba99ce9a065a61524b429a9d5e9b2e9c";
};
}

13
pkgs/development/libraries/openssl/use-etc-ssl-certs.patch Normal file
View File

@ -0,0 +1,13 @@
diff -ru -x '*~' openssl-1.0.1r-orig/crypto/cryptlib.h openssl-1.0.1r/crypto/cryptlib.h
--- openssl-1.0.1r-orig/crypto/cryptlib.h 2016-01-28 14:38:30.000000000 +0100
+++ openssl-1.0.1r/crypto/cryptlib.h 2016-02-03 12:54:29.193165176 +0100
@@ -81,8 +81,8 @@
# ifndef OPENSSL_SYS_VMS
# define X509_CERT_AREA OPENSSLDIR
# define X509_CERT_DIR OPENSSLDIR "/certs"
-# define X509_CERT_FILE OPENSSLDIR "/cert.pem"
+# define X509_CERT_FILE "/etc/ssl/certs/ca-certificates.crt"
# define X509_PRIVATE_DIR OPENSSLDIR "/private"
# else
# define X509_CERT_AREA "SSLROOT:[000000]"

87
pkgs/development/libraries/pcre/cve-2015-3210.patch
View File

@ -1,87 +0,0 @@
From 68ff1beb43bb3d4d8838f3285c97023d1e50513a Mon Sep 17 00:00:00 2001
From: ph10 <ph10@2f5784b3-3f2a-0410-8824-cb99058d5e15>
Date: Fri, 15 May 2015 17:17:03 +0000
Subject: [PATCH] Fix buffer overflow for named recursive back reference when
the name is duplicated.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Upstream commit ported to pcre-8.37:
commit 4b79af6b4cbeb5326ae5e4d83f3e935e00286c19
Author: ph10 <ph10@2f5784b3-3f2a-0410-8824-cb99058d5e15>
Date: Fri May 15 17:17:03 2015 +0000
Fix buffer overflow for named recursive back reference when the name is
duplicated.
git-svn-id: svn://vcs.exim.org/pcre/code/trunk@1558 2f5784b3-3f2a-0410-8824-cb99058d5e15
This fixes CVE-2015-3210.
Signed-off-by: Petr Písař <ppisar@redhat.com>
---
pcre_compile.c | 16 ++++++++++++++--
testdata/testinput2 | 2 ++
testdata/testoutput2 | 2 ++
3 files changed, 18 insertions(+), 2 deletions(-)
diff --git a/pcre_compile.c b/pcre_compile.c
index 0efad26..6f06912 100644
--- a/pcre_compile.c
+++ b/pcre_compile.c
@@ -7173,14 +7173,26 @@ for (;; ptr++)
number. If the name is not found, set the value to 0 for a forward
reference. */
+ recno = 0;
ng = cd->named_groups;
for (i = 0; i < cd->names_found; i++, ng++)
{
if (namelen == ng->length &&
STRNCMP_UC_UC(name, ng->name, namelen) == 0)
- break;
+ {
+ open_capitem *oc;
+ recno = ng->number;
+ if (is_recurse) break;
+ for (oc = cd->open_caps; oc != NULL; oc = oc->next)
+ {
+ if (oc->number == recno)
+ {
+ oc->flag = TRUE;
+ break;
+ }
+ }
+ }
}
- recno = (i < cd->names_found)? ng->number : 0;
/* Count named back references. */
diff --git a/testdata/testinput2 b/testdata/testinput2
index 58fe53b..83bb471 100644
--- a/testdata/testinput2
+++ b/testdata/testinput2
@@ -4152,4 +4152,6 @@ backtracking verbs. --/
/((?2){73}(?2))((?1))/
+"(?J)(?'d'(?'d'\g{d}))"
+
/-- End of testinput2 --/
diff --git a/testdata/testoutput2 b/testdata/testoutput2
index b718df0..7dff52a 100644
--- a/testdata/testoutput2
+++ b/testdata/testoutput2
@@ -14423,4 +14423,6 @@ Failed: lookbehind assertion is not fixed length at offset 17
/((?2){73}(?2))((?1))/
+"(?J)(?'d'(?'d'\g{d}))"
+
/-- End of testinput2 --/
--
2.4.3

68
pkgs/development/libraries/pcre/cve-2015-5073.patch
View File

@ -1,68 +0,0 @@
From 354e1f8e921dcb9cf2f3a5eac93cd826d01a7d8a Mon Sep 17 00:00:00 2001
From: ph10 <ph10@2f5784b3-3f2a-0410-8824-cb99058d5e15>
Date: Tue, 23 Jun 2015 16:34:53 +0000
Subject: [PATCH] Fix buffer overflow for forward reference within backward
assertion with excess closing parenthesis. Bugzilla 1651.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
This is upstream commit ported to 8.37:
commit 764692f9aea9eab50fdba6cb537441d8b34c6c37
Author: ph10 <ph10@2f5784b3-3f2a-0410-8824-cb99058d5e15>
Date: Tue Jun 23 16:34:53 2015 +0000
Fix buffer overflow for forward reference within backward assertion with excess
closing parenthesis. Bugzilla 1651.
git-svn-id: svn://vcs.exim.org/pcre/code/trunk@1571 2f5784b3-3f2a-0410-8824-cb99058d5e15
It fixes CVE-2015-5073.
Signed-off-by: Petr Písař <ppisar@redhat.com>
---
pcre_compile.c | 2 +-
testdata/testinput2 | 2 ++
testdata/testoutput2 | 3 +++
3 files changed, 6 insertions(+), 1 deletion(-)
diff --git a/pcre_compile.c b/pcre_compile.c
index 6f06912..b66b1f6 100644
--- a/pcre_compile.c
+++ b/pcre_compile.c
@@ -9392,7 +9392,7 @@ OP_RECURSE that are not fixed length get a diagnosic with a useful offset. The
exceptional ones forgo this. We scan the pattern to check that they are fixed
length, and set their lengths. */
-if (cd->check_lookbehind)
+if (errorcode == 0 && cd->check_lookbehind)
{
pcre_uchar *cc = (pcre_uchar *)codestart;
diff --git a/testdata/testinput2 b/testdata/testinput2
index 83bb471..5cc9ce6 100644
--- a/testdata/testinput2
+++ b/testdata/testinput2
@@ -4154,4 +4154,6 @@ backtracking verbs. --/
"(?J)(?'d'(?'d'\g{d}))"
+/(?=di(?<=(?1))|(?=(.))))/
+
/-- End of testinput2 --/
diff --git a/testdata/testoutput2 b/testdata/testoutput2
index 7dff52a..4decb8d 100644
--- a/testdata/testoutput2
+++ b/testdata/testoutput2
@@ -14425,4 +14425,7 @@ Failed: lookbehind assertion is not fixed length at offset 17
"(?J)(?'d'(?'d'\g{d}))"
+/(?=di(?<=(?1))|(?=(.))))/
+Failed: unmatched parentheses at offset 23
+
/-- End of testinput2 --/
--
2.4.3

8
pkgs/development/libraries/pcre/default.nix
View File

@ -5,17 +5,15 @@
with stdenv.lib;
stdenv.mkDerivation rec {
name = "pcre-8.37";
name = "pcre-8.38";
src = fetchurl {
url = "ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/${name}.tar.bz2";
sha256 = "17bqykp604p7376wj3q2nmjdhrb6v1ny8q08zdwi7qvc02l9wrsi";
sha256 = "1pvra19ljkr5ky35y2iywjnsckrs9ch2anrf5b0dc91hw8v2vq5r";
};
patches =
[ ./cve-2015-3210.patch
./cve-2015-5073.patch
];
[ ];
outputs = [ "out" "doc" "man" ];

5
pkgs/development/libraries/qpdf/default.nix
View File

@ -1,13 +1,13 @@
{ stdenv, fetchurl, pcre, zlib, perl }:
let version = "5.1.3";
let version = "6.0.0";
in
stdenv.mkDerivation rec {
name = "qpdf-${version}";
src = fetchurl {
url = "mirror://sourceforge/qpdf/qpdf/${version}/${name}.tar.gz";
sha256 = "1lq1v7xghvl6p4hgrwbps3a13ad6lh4ib3myimb83hxgsgd4n5nm";
sha256 = "0csj2p2gkxrc0rk8ykymlsdgfas96vzf1dip3y1x7z1q9plwgzd9";
};
nativeBuildInputs = [ perl ];
@ -23,6 +23,7 @@ stdenv.mkDerivation rec {
'';
doCheck = true;
enableParallelBuilding = true;
meta = with stdenv.lib; {
homepage = http://qpdf.sourceforge.net/;

17
pkgs/development/perl-modules/lwp-protocol-https-cert-file.patch
View File

@ -1,17 +0,0 @@
Use $SSL_CERT_FILE to get the CA certificates.
diff -ru -x '*~' LWP-Protocol-https-6.02-orig/lib/LWP/Protocol/https.pm LWP-Protocol-https-6.02/lib/LWP/Protocol/https.pm
--- LWP-Protocol-https-6.02-orig/lib/LWP/Protocol/https.pm 2011-03-27 13:54:01.000000000 +0200
+++ LWP-Protocol-https-6.02/lib/LWP/Protocol/https.pm 2011-10-07 13:23:41.398628375 +0200
@@ -21,6 +21,11 @@
}
if ($ssl_opts{SSL_verify_mode}) {
unless (exists $ssl_opts{SSL_ca_file} || exists $ssl_opts{SSL_ca_path}) {
+ if (defined $ENV{'SSL_CERT_FILE'}) {
+ $ssl_opts{SSL_ca_file} = $ENV{'SSL_CERT_FILE'};
+ }
+ }
+ unless (exists $ssl_opts{SSL_ca_file} || exists $ssl_opts{SSL_ca_path}) {
eval {
require Mozilla::CA;
};

4
pkgs/development/python-modules/generic/default.nix
View File

@ -3,7 +3,8 @@
(http://pypi.python.org/pypi/setuptools/), which represents a large
number of Python packages nowadays. */
{ python, setuptools, unzip, wrapPython, lib, bootstrapped-pip }:
{ python, setuptools, unzip, wrapPython, lib, bootstrapped-pip
, ensureNewerSourcesHook }:
{ name
@ -60,6 +61,7 @@ python.stdenv.mkDerivation (builtins.removeAttrs attrs ["disabled" "doCheck"] //
name = namePrefix + name;
buildInputs = [ wrapPython bootstrapped-pip ] ++ buildInputs ++ pythonPath
++ [ (ensureNewerSourcesHook { year = "1980"; }) ]
++ (lib.optional (lib.hasSuffix "zip" attrs.src.name or "") unzip);
# propagate python/setuptools to active setup-hook in nix-shell

4
pkgs/development/tools/build-managers/cmake/default.nix
View File

@ -11,7 +11,7 @@ assert wantPS -> (ps != null);
let
os = stdenv.lib.optionalString;
majorVersion = "3.4";
minorVersion = "0";
minorVersion = "3";
version = "${majorVersion}.${minorVersion}";
in
@ -22,7 +22,7 @@ stdenv.mkDerivation rec {
src = fetchurl {
url = "${meta.homepage}files/v${majorVersion}/cmake-${version}.tar.gz";
sha256 = "1shwim3gfdybjx9f11ykxz5l09rh58vmvz8ip76q3i76mkv2pf55";
sha256 = "1yl0z422gr7zfc638chifv343vx0ig5gasvrh7nzf7b15488qgxp";
};
enableParallelBuilding = true;

7
pkgs/misc/cups/default.nix
View File

@ -3,7 +3,7 @@
, libusb ? null, gnutls ? null, avahi ? null, libpaper ? null
}:
let version = "2.0.4"; in
let version = "2.1.2"; in
with stdenv.lib;
stdenv.mkDerivation {
@ -13,7 +13,7 @@ stdenv.mkDerivation {
src = fetchurl {
url = "https://www.cups.org/software/${version}/cups-${version}-source.tar.bz2";
sha256 = "1gaakz24k6x5nc09rmpiq0xq20j1qdjc3szag8qwmyi4ky6ydmg1";
sha256 = "1bc1y8fjgh54ryh520gk63i5rbagn6jijsrskcqlibhfm0xwmc5s";
};
buildInputs = [ pkgconfig zlib libjpeg libpng libtiff libusb gnutls libpaper ]
@ -51,7 +51,6 @@ stdenv.mkDerivation {
# Idem for /etc.
"PAMDIR=$(out)/etc/pam.d"
"DBUSDIR=$(out)/etc/dbus-1"
"INITDIR=$(out)/etc/rc.d"
"XINETD=$(out)/etc/xinetd.d"
"SERVERROOT=$(out)/etc/cups"
# Idem for /usr.
@ -61,6 +60,8 @@ stdenv.mkDerivation {
"CUPS_PRIMARY_SYSTEM_GROUP=root"
];
enableParallelBuilding = true;
postInstall = ''
# Delete obsolete stuff that conflicts with cups-filters.
rm -rf $out/share/cups/banners $out/share/cups/data/testprint

35
pkgs/misc/cups/filters.nix
View File

@ -1,26 +1,24 @@
{ stdenv, fetchurl, fetchpatch, pkgconfig, cups, poppler, poppler_utils, fontconfig
, libjpeg, libpng, perl, ijs, qpdf, dbus, substituteAll, bash, avahi }:
{ stdenv, fetchurl, pkgconfig, cups, poppler, poppler_utils, fontconfig
, libjpeg, libpng, perl, ijs, qpdf, dbus, substituteAll, bash, avahi
, makeWrapper, coreutils, gnused, bc, gawk, gnugrep, which
}:
stdenv.mkDerivation rec {
let
binPath = stdenv.lib.makeSearchPath "bin" [ coreutils gnused bc gawk gnugrep which ];
in stdenv.mkDerivation rec {
name = "cups-filters-${version}";
version = "1.0.71";
version = "1.5.0";
src = fetchurl {
url = "http://openprinting.org/download/cups-filters/${name}.tar.xz";
sha256 = "07wwlqcykfjfqcwj1bxk60ggahyaw7wcx32n5s104d1qkhham01i";
sha256 = "0cjrh4wpdhkvmahfkg8f2a2qzilcq12i78q5arwr7dnmx1j8hapj";
};
patches = [
./longer-shell-path.patch
(fetchpatch { # drop on update
name = "poppler-0.34.patch";
url = "https://bugs.linuxfoundation.org/attachment.cgi?id=493";
sha256 = "18za83q0b0n4hpvvw76jsv0hm89zmijvps2z5kg1srickqlxj891";
})
];
nativeBuildInputs = [ pkgconfig makeWrapper ];
buildInputs = [
pkgconfig cups poppler poppler_utils fontconfig libjpeg libpng perl
cups poppler poppler_utils fontconfig libjpeg libpng perl
ijs qpdf dbus avahi
];
@ -29,9 +27,10 @@ stdenv.mkDerivation rec {
"--enable-imagefilters"
"--with-rcdir=no"
"--with-shell=${stdenv.shell}"
"--with-test-font-path=/path-does-not-exist"
];
makeFlags = "CUPS_SERVERBIN=$(out)/lib/cups CUPS_DATADIR=$(out)/share/cups CUPS_SERVERROOT=$(out)/etc/cups";
makeFlags = [ "CUPS_SERVERBIN=$(out)/lib/cups" "CUPS_DATADIR=$(out)/share/cups" "CUPS_SERVERROOT=$(out)/etc/cups" ];
postConfigure =
''
@ -46,11 +45,13 @@ stdenv.mkDerivation rec {
postInstall =
''
for i in $out/lib/cups/filter/{pstopdf,texttops,imagetops}; do
substituteInPlace $i --replace 'which ' 'type -p '
for i in $out/lib/cups/filter/*; do
wrapProgram "$i" --prefix PATH ':' ${binPath}
done
'';
enableParallelBuilding = true;
meta = {
homepage = http://www.linuxfoundation.org/collaborate/workgroups/openprinting/cups-filters;
description = "Backends, filters, and other software that was once part of the core CUPS distribution but is no longer maintained by Apple Inc";

13
pkgs/misc/cups/longer-shell-path.patch
View File

@ -1,13 +0,0 @@
diff --git a/filter/foomatic-rip/foomaticrip.c b/filter/foomatic-rip/foomaticrip.c
index 90a851c..689a2bd 100644
--- a/filter/foomatic-rip/foomaticrip.c
+++ b/filter/foomatic-rip/foomaticrip.c
@@ -174,7 +174,7 @@ char cupsfilterpath[PATH_MAX] = "/usr/local/lib/cups/filter:"
"/opt/cups/filter:"
"/usr/lib/cups/filter";
-char modern_shell[64] = SHELL;
+char modern_shell[] = SHELL;
void config_set_option(const char *key, const char *value)
{

91
pkgs/misc/drivers/gutenprint/default.nix
View File

@ -1,78 +1,41 @@
# this package was called gimp-print in the past
{ fetchurl, stdenv, pkgconfig, composableDerivation, cups
, libtiff, libpng, makeWrapper, openssl, gimp }:
{ stdenv, lib, fetchurl, pkgconfig
, ijs, makeWrapper
, gimp2Support ? true, gimp
, cupsSupport ? true, cups, libusb, perl
}:
let
version = "5.2.10";
inherit (composableDerivation) edf wwf;
in
composableDerivation.composableDerivation {} {
name = "gutenprint-${version}";
stdenv.mkDerivation rec {
name = "gutenprint-5.2.11";
src = fetchurl {
url = "mirror://sourceforge/gimp-print/gutenprint-${version}.tar.bz2";
sha256 = "0n8f6vpadnagrp6yib3mca1c3lgwl4vmma16s44riyrd84mka7s3";
url = "mirror://sourceforge/gimp-print/${name}.tar.bz2";
sha256 = "1yadw96rgp1z0jv1wxrz6cds36nb693w3xlv596xw9r5w394r8y1";
};
# gimp, gui is still not working (TODO)
buildInputs = [ makeWrapper openssl pkgconfig ];
nativeBuildInputs = [ makeWrapper pkgconfig ];
buildInputs =
[ ijs ]
++ lib.optionals gimp2Support [ gimp.gtk gimp ]
++ lib.optionals cupsSupport [ cups libusb perl ];
configureFlags = ["--enable-static-genppd"];
NIX_CFLAGS_COMPILE="-include stdio.h";
#preConfigure = ''
# configureFlags="--with-cups=$out/usr-cups $configureFlags"
#'';
/*
is this recommended? without it this warning is printed:
configureFlags = lib.optionals cupsSupport [
"--disable-static-genppd" # should be harmless on NixOS
];
***WARNING: Use of --disable-static-genppd or --disable-static
when building CUPS is very dangerous. The build may
fail when building the PPD files, or may *SILENTLY*
build incorrect PPD files or cause other problems.
Please review the README and release notes carefully!
*/
enableParallelBuilding = true;
installPhase = ''
eval "make install $installArgs"
mkdir -p $out/lib/cups
ln -s $out/filter $out/lib/cups/
wrapProgram $out/filter/rastertogutenprint.5.2 --prefix LD_LIBRARY_PATH : $out/lib
wrapProgram $out/sbin/cups-genppd.5.2 --prefix LD_LIBRARY_PATH : $out/lib
'';
# Testing is very, very long.
# doCheck = true;
meta = {
installFlags =
lib.optionals cupsSupport [ "cups_conf_datadir=$(out)/share/cups" "cups_conf_serverbin=$(out)/lib/cups" "cups_conf_serverroot=$(out)/etc/cups" ]
++ lib.optionals gimp2Support [ "gimp2_plug_indir=$(out)/${gimp.name}-plugins" ];
meta = with stdenv.lib; {
description = "Ghostscript and cups printer drivers";
homepage = http://sourceforge.net/projects/gimp-print/;
license = "GPL";
license = licenses.gpl2;
platforms = platforms.linux;
};
mergeAttrBy = { installArgs = stdenv.lib.concat; };
# most interpreters aren't tested yet.. (see python for example how to do it)
flags =
wwf {
name = "gimp2";
enable = {
buildInputs = [gimp gimp.gtk];
installArgs = [ "gimp2_plug_indir=$out/${gimp.name}-plugins" ];
};
}
// {
cups = {
set = {
buildInputs = [cups libtiff libpng ];
installArgs = [ "cups_conf_datadir=$out cups_conf_serverbin=$out cups_conf_serverroot=$out"];
};
};
}
;
cfg = {
gimp2Support = true;
cupsSupport = true;
};
}

20
pkgs/misc/ghostscript/CVE-2015-3228.patch
View File

@ -1,20 +0,0 @@
Description: Sanity check for memory allocation.
In gs_heap_alloc_bytes(), add a sanity check to ensure we don't overflow the
variable holding the actual number of bytes we allocate.
Origin: upstream, http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=0c0b085
Author: Chris Liddell <chris.liddell@artifex.com>
Forwarded: yes
Bug-Debian: http://bugs.debian.org/793489
Last-Update: 2015-07-26
--- a/base/gsmalloc.c
+++ b/base/gsmalloc.c
@@ -178,7 +178,7 @@
} else {
uint added = size + sizeof(gs_malloc_block_t);
- if (mmem->limit - added < mmem->used)
+ if (added <= size || mmem->limit - added < mmem->used)
set_msg("exceeded limit");
else if ((ptr = (byte *) Memento_label(malloc(added), cname)) == 0)
set_msg("failed");

73
pkgs/misc/ghostscript/default.nix
View File

@ -1,6 +1,6 @@
{ stdenv, fetchurl, pkgconfig, zlib, expat, openssl
{ stdenv, lib, fetchurl, fetchpatch, pkgconfig, zlib, expat, openssl, autoconf
, libjpeg, libpng, libtiff, freetype, fontconfig, lcms2, libpaper, jbig2dec
, libiconv
, libiconv, ijs
, x11Support ? false, xlibsWrapper ? null
, cupsSupport ? false, cups ? null
}:
@ -8,8 +8,8 @@
assert x11Support -> xlibsWrapper != null;
assert cupsSupport -> cups != null;
let
version = "9.15";
sha256 = "0p1isp6ssfay141klirn7n9s8b546vcz6paksfmksbwy0ljsypg6";
version = "9.18";
sha256 = "18ad90za28dxybajqwf3y3dld87cgkx1ljllmcnc7ysspfxzbnl3";
fonts = stdenv.mkDerivation {
name = "ghostscript-fonts";
@ -45,55 +45,84 @@ stdenv.mkDerivation rec {
enableParallelBuilding = true;
nativeBuildInputs = [ pkgconfig autoconf ];
buildInputs =
[ pkgconfig zlib expat openssl
[ zlib expat openssl
libjpeg libpng libtiff freetype fontconfig lcms2 libpaper jbig2dec
libiconv
libiconv ijs
]
++ stdenv.lib.optional x11Support xlibsWrapper
++ stdenv.lib.optional cupsSupport cups
# [] # maybe sometimes jpeg2000 support
++ lib.optional x11Support xlibsWrapper
++ lib.optional cupsSupport cups
;
patches = [
./urw-font-files.patch
# fetched from debian's ghostscript 9.15_dfsg-1 (called 020150707~0c0b085.patch there)
./CVE-2015-3228.patch
# http://bugs.ghostscript.com/show_bug.cgi?id=696281
(fetchpatch {
name = "fix-check-for-using-shared-freetype-lib.patch";
url = "http://git.ghostscript.com/?p=ghostpdl.git;a=patch;h=8f5d285";
sha256 = "1f0k043rng7f0rfl9hhb89qzvvksqmkrikmm38p61yfx51l325xr";
})
# http://bugs.ghostscript.com/show_bug.cgi?id=696301
(fetchpatch {
name = "add-gserrors.h-to-the-installed-files.patch";
url = "http://git.ghostscript.com/?p=ghostpdl.git;a=patch;h=feafe5e5";
sha256 = "0s4ayzakjv809dkn7vilxwvs4dw35p3pw942ml91bk9z4kkaxyz7";
})
# http://bugs.ghostscript.com/show_bug.cgi?id=696246
(fetchpatch {
name = "guard-against-NULL-base-for-non-clist-devices.patch";
url = "http://git.ghostscript.com/?p=ghostpdl.git;a=patch;h=007bd77d08d800e6b07274d62e3c91be7c4a3f47";
sha256 = "1la53273agl92lpy7qd0qhgzynx8b90hrk8g9jsj3055ssn6rqwh";
})
(fetchpatch {
name = "ensure-plib-devices-always-use-the-clist.patch";
url = "http://git.ghostscript.com/?p=ghostpdl.git;a=patch;h=1bdbe4f87dc57648821e613ebcc591b84e8b35b3";
sha256 = "1cq83fgyvrycapxm69v4r9f9qhzsr40ygrc3bkp8pk15wsmvq0k7";
})
(fetchpatch {
name = "prevent-rinkj-device-crash-when-misconfigured.patch";
url = "http://git.ghostscript.com/?p=ghostpdl.git;a=patch;h=5571ddfa377c5d7d98f55af40e693814ac287ae4";
sha256 = "08iqdlrngi6k0ml2b71dj5q136fyp1s9g0rr87ayyshn0k0lxwkv";
})
];
makeFlags = [ "cups_serverroot=$(out)" "cups_serverbin=$(out)/lib/cups" ];
preConfigure = ''
rm -rf jpeg libpng zlib jasper expat tiff lcms{,2} jbig2dec openjpeg freetype cups/libs
# requires in-tree (heavily patched) openjpeg
rm -rf jpeg libpng zlib jasper expat tiff lcms{,2} jbig2dec freetype cups/libs ijs
sed "s@if ( test -f \$(INCLUDE)[^ ]* )@if ( true )@; s@INCLUDE=/usr/include@INCLUDE=/no-such-path@" -i base/unix-aux.mak
sed "s@^ZLIBDIR=.*@ZLIBDIR=${zlib}/include@" -i configure.ac
autoconf
'' + lib.optionalString cupsSupport ''
configureFlags="$configureFlags --with-cups-serverbin=$out/lib/cups --with-cups-serverroot=$out/etc/cups --with-cups-datadir=$out/share/cups"
'';
configureFlags =
[ "--with-system-libtiff"
"--enable-dynamic"
(if x11Support then "--with-x" else "--without-x")
(if cupsSupport then "--enable-cups" else "--disable-cups")
];
] ++ lib.optional x11Support "--with-x"
++ lib.optional cupsSupport "--enable-cups";
doCheck = true;
preCheck = "mkdir ./obj";
# parallel check sometimes gave: Fatal error: can't create ./obj/whitelst.o
# don't build/install statically linked bin/gs
buildFlags = "so";
installTargets="soinstall";
buildFlags = [ "so" ];
installTargets = [ "soinstall" ];
postInstall = ''
ln -s gsc "$out"/bin/gs
cp -r Resource "$out/share/ghostscript/${version}"
mkdir -p "$doc/share/ghostscript/${version}"
mv "$out/share/ghostscript/${version}"/{doc,examples} "$doc/share/ghostscript/${version}/"
ln -s "${fonts}" "$out/share/ghostscript/fonts"
'';
preFixup = stdenv.lib.strings.optionalString stdenv.isDarwin ''
preFixup = lib.optionalString stdenv.isDarwin ''
install_name_tool -change libgs.dylib.${version} $out/lib/libgs.dylib.${version} $out/bin/gs
'';

4
pkgs/os-specific/linux/nvidia-x11/builder-legacy304.sh
View File

@ -93,6 +93,10 @@ installPhase() {
substituteInPlace $out/share/applications/nvidia-settings.desktop \
--replace '__UTILS_PATH__' $out/bin \
--replace '__PIXMAP_PATH__' $out/share/pixmaps
# Move VDPAU libraries to their place
mkdir "$out"/lib/vdpau
mv "$out"/lib/libvdpau* "$out"/lib/vdpau
fi
}

6
pkgs/os-specific/linux/nvidia-x11/builder-legacy340.sh
View File

@ -108,8 +108,12 @@ installPhase() {
#patchelf --set-rpath $cudaPath $out/lib/libcuda.so.*.*
#patchelf --set-rpath $openclPath $out/lib/libnvidia-opencl.so.*.*
# we distribute these separately in `libvdpau`
# We distribute these separately in `libvdpau`
rm "$out"/lib/libvdpau{.*,_trace.*}
# Move VDPAU libraries to their place
mkdir "$out"/lib/vdpau
mv "$out"/lib/libvdpau* "$out"/lib/vdpau
}

6
pkgs/os-specific/linux/nvidia-x11/builder.sh
View File

@ -119,8 +119,12 @@ installPhase() {
# For simplicity and dependency reduction, don't support the gtk3 interface.
rm $out/lib/libnvidia-gtk3.*
# we distribute these separately in `libvdpau`
# We distribute these separately in `libvdpau`
rm "$out"/lib/libvdpau{.*,_trace.*}
# Move VDPAU libraries to their place
mkdir "$out"/lib/vdpau
mv "$out"/lib/libvdpau* "$out"/lib/vdpau
}

2
pkgs/stdenv/darwin/default.nix
View File

@ -278,7 +278,7 @@ in rec {
inherit stdenv shell;
nativeTools = false;
nativeLibc = false;
inherit (pkgs) coreutils binutils;
inherit (pkgs) coreutils binutils gnugrep;
inherit (pkgs.darwin) dyld;
cc = pkgs.llvmPackages.clang-unwrapped;
libc = pkgs.darwin.Libsystem;

17
pkgs/stdenv/generic/setup.sh
View File

@ -371,6 +371,11 @@ export NIX_BUILD_CORES
paxmark() { true; }
# Prevent OpenSSL-based applications from using certificates in
# /etc/ssl.
export SSL_CERT_FILE=/no-cert-file.crt
######################################################################
# Textual substitution functions.
@ -480,9 +485,11 @@ _defaultUnpack() {
if [ -d "$fn" ]; then
stripHash "$fn"
# We can't preserve hardlinks because they may have been introduced by
# store optimization, which might break things in the build
cp -pr --reflink=auto --no-preserve=timestamps "$fn" $strippedName
# We can't preserve hardlinks because they may have been
# introduced by store optimization, which might break things
# in the build.
cp -pr --reflink=auto "$fn" $strippedName
else
@ -637,14 +644,14 @@ configurePhase() {
# Add --disable-dependency-tracking to speed up some builds.
if [ -z "$dontAddDisableDepTrack" ]; then
if grep -q dependency-tracking $configureScript; then
if grep -q dependency-tracking "$configureScript"; then
configureFlags="--disable-dependency-tracking $configureFlags"
fi
fi
# By default, disable static builds.
if [ -z "$dontDisableStatic" ]; then
if grep -q enable-static $configureScript; then
if grep -q enable-static "$configureScript"; then
configureFlags="--disable-static $configureFlags"
fi
fi

11
pkgs/stdenv/linux/default.nix
View File

@ -64,7 +64,7 @@ rec {
# the bootstrap. In all stages, we build an stdenv and the package
# set that can be built with that stdenv.
stageFun =
{gccPlain, glibc, binutils, coreutils, name, overrides ? (pkgs: {}), extraBuildInputs ? []}:
{gccPlain, glibc, binutils, coreutils, gnugrep, name, overrides ? (pkgs: {}), extraBuildInputs ? []}:
let
@ -93,7 +93,7 @@ rec {
cc = gccPlain;
isGNU = true;
libc = glibc;
inherit binutils coreutils;
inherit binutils coreutils gnugrep;
name = name;
stdenv = stage0.stdenv;
};
@ -125,6 +125,7 @@ rec {
glibc = null;
binutils = null;
coreutils = null;
gnugrep = null;
name = null;
overrides = pkgs: {
@ -160,6 +161,7 @@ rec {
inherit (stage0.pkgs) glibc;
binutils = bootstrapTools;
coreutils = bootstrapTools;
gnugrep = bootstrapTools;
name = "bootstrap-gcc-wrapper";
# Rebuild binutils to use from stage2 onwards.
@ -184,6 +186,7 @@ rec {
inherit (stage1.pkgs) glibc;
binutils = stage1.pkgs.binutils;
coreutils = bootstrapTools;
gnugrep = bootstrapTools;
name = "bootstrap-gcc-wrapper";
overrides = pkgs: {
@ -200,6 +203,7 @@ rec {
gccPlain = bootstrapTools;
inherit (stage2.pkgs) glibc binutils;
coreutils = bootstrapTools;
gnugrep = bootstrapTools;
name = "bootstrap-gcc-wrapper";
overrides = pkgs: rec {
@ -228,6 +232,7 @@ rec {
# still from the bootstrap tools.
stage4 = stageFun {
inherit (stage3.pkgs) gccPlain glibc binutils;
gnugrep = bootstrapTools;
coreutils = bootstrapTools;
name = "";
@ -244,7 +249,7 @@ rec {
isGNU = true;
cc = stage4.stdenv.cc.cc;
libc = stage4.pkgs.glibc;
inherit (stage4.pkgs) binutils coreutils;
inherit (stage4.pkgs) binutils coreutils gnugrep;
name = "";
stdenv = stage4.stdenv;
shell = stage4.pkgs.bash + "/bin/bash";

1
pkgs/stdenv/linux/make-bootstrap-tools.nix
View File

@ -11,6 +11,7 @@ rec {
});
curlMinimal = curl.override {
http2Support = false;
zlibSupport = false;
sslSupport = false;
scpSupport = false;

26
pkgs/tools/compression/bzip2/default.nix
View File

@ -3,9 +3,13 @@
let
version = "1.0.6";
sharedLibrary = !stdenv.isDarwin && !(stdenv ? isStatic)
sharedLibrary = !(stdenv ? isStatic)
&& stdenv.system != "i686-cygwin" && !linkStatic;
darwinMakefile = fetchurl {
url = "https://gitweb.gentoo.org/repo/proj/prefix.git/plain/app-arch/bzip2/files/bzip2-1.0.6-Makefile-libbz2_dylib";
sha256 = "1lq6g98kfpwv2f7wn4sk8hzcf87dwf92gviq0b4691f5bvc9mawz";
};
in stdenv.mkDerivation {
name = "bzip2-${version}";
@ -38,17 +42,24 @@ in stdenv.mkDerivation {
};
preBuild = stdenv.lib.optionalString sharedLibrary ''
make -f Makefile-libbz2_so
make -f ${if stdenv.isDarwin then "Makefile-libbz2_dylib" else "Makefile-libbz2_so"}
'';
preInstall = stdenv.lib.optionalString sharedLibrary ''
preInstall = stdenv.lib.optionalString sharedLibrary (if !stdenv.isDarwin then ''
mkdir -p $out/lib
mv libbz2.so* $out/lib
( cd $out/lib &&
ln -s libbz2.so.1.0.? libbz2.so &&
ln -s libbz2.so.1.0.? libbz2.so.1
)
'';
'' else ''
mkdir -p $out/lib
mv libbz2.*.dylib $out/lib
( cd $out/lib &&
ln -s libbz2.1.0.?.dylib libbz2.dylib &&
ln -s libbz2.1.0.?.dylib libbz2.1.dylib
)
'');
installFlags = [ "PREFIX=$(out)" ];
@ -58,9 +69,14 @@ in stdenv.mkDerivation {
ln -s bzip2 $out/bin/bzcat
'';
patchPhase = ''
postPatch = ''
substituteInPlace Makefile --replace CC=gcc CC=cc
substituteInPlace Makefile-libbz2_so --replace CC=gcc CC=cc
'' + stdenv.lib.optionalString stdenv.isDarwin ''
cp ${darwinMakefile} Makefile-libbz2_dylib
substituteInPlace Makefile-libbz2_dylib \
--replace "CC=gcc" "CC=cc" \
--replace "PREFIX=/usr" "PREFIX=$out"
'';
preConfigure = ''

27
pkgs/tools/misc/system-config-printer/default.nix
View File

@ -5,16 +5,20 @@
, withGUI ? true
}:
stdenv.mkDerivation rec {
name = "system-config-printer-1.3.12";
let majorVersion = "1.5";
in stdenv.mkDerivation rec {
name = "system-config-printer-${majorVersion}.7";
src = fetchurl {
url = "http://cyberelk.net/tim/data/system-config-printer/1.3/${name}.tar.xz";
url = "http://cyberelk.net/tim/data/system-config-printer/${majorVersion}/${name}.tar.xz";
sha256 = "1cg9n75rg5l9vr1925n2g771kga33imikyl0mf70lww2sfgvs18r";
};
propagatedBuildInputs = [ pythonPackages.pycurl ];
patches = [ ./detect_serverbindir.patch ];
buildInputs =
[ intltool pkgconfig glib udev libusb1 cups xmlto
libxml2 docbook_xml_dtd_412 docbook_xsl desktop_file_utils
@ -32,17 +36,28 @@ stdenv.mkDerivation rec {
postInstall =
''
export makeWrapperArgs="--set prefix $out"
wrapPythonPrograms
# The program imports itself, so we need to move shell wrappers to a proper place.
fixupWrapper() {
mv "$out/share/system-config-printer/$2.py" \
"$out/bin/$1"
sed -i "s/.$2.py-wrapped/$2.py/g" "$out/bin/$1"
mv "$out/share/system-config-printer/.$2.py-wrapped" \
"$out/share/system-config-printer/$2.py"
}
fixupWrapper scp-dbus-service scp-dbus-service
fixupWrapper system-config-printer system-config-printer
fixupWrapper system-config-printer-applet applet
# This __init__.py is both executed and imported.
( cd $out/share/system-config-printer/troubleshoot
mv .__init__.py-wrapped __init__.py
)
# Upstream issue: https://github.com/twaugh/system-config-printer/issues/28
sed -i -e "s|/usr/bin|$out/bin|" "$out/share/dbus-1/services/org.fedoraproject.Config.Printing.service"
'';
meta = {
homepage = http://cyberelk.net/tim/software/system-config-printer/;
platforms = stdenv.lib.platforms.linux;
license = stdenv.lib.licenses.gpl2;
};
}

17
pkgs/tools/misc/system-config-printer/detect_serverbindir.patch Normal file
View File

@ -0,0 +1,17 @@
diff --git a/cupshelpers/config.py.in b/cupshelpers/config.py.in
index 55abbfc..1244327 100644
--- a/cupshelpers/config.py.in
+++ b/cupshelpers/config.py.in
@@ -22,3 +22,12 @@
prefix="@prefix@"
sysconfdir="@sysconfdir@"
cupsserverbindir="@cupsserverbindir@"
+
+try:
+ with open("/etc/cups/cups-files.conf") as config:
+ for cfgline in config:
+ args = cfgline.split(" ")
+ if len(args) == 2 and args[0] == "ServerBin":
+ cupsserverbindir = args[1].strip()
+except OSError:
+ pass

6
pkgs/tools/networking/curl/7.15.nix
View File

@ -33,12 +33,8 @@ stdenv.mkDerivation rec {
sed -e 's|/usr/bin|/no-such-path|g' -i.bak configure
'';
# make curl honor CURL_CA_BUNDLE & SSL_CERT_FILE
postConfigure = ''
echo '#define CURL_CA_BUNDLE (getenv("CURL_CA_BUNDLE") || getenv("SSL_CERT_FILE"))' >> lib/curl_config.h
'';
configureFlags = [
"--with-ca-bundle=/etc/ssl/certs/ca-certificates.crt"
( if sslSupport then "--with-ssl=${openssl}" else "--without-ssl" )
( if scpSupport then "--with-libssh2=${libssh2}" else "--without-libssh2" )
]

18
pkgs/tools/networking/curl/default.nix
View File

@ -1,4 +1,5 @@
{ stdenv, fetchurl
{ stdenv, fetchurl, pkgconfig, perl
, http2Support ? true, libnghttp2
, idnSupport ? false, libidn ? null
, ldapSupport ? false, openldap ? null
, zlibSupport ? false, zlib ? null
@ -8,6 +9,7 @@
, c-aresSupport ? false, c-ares ? null
}:
assert http2Support -> libnghttp2 != null;
assert idnSupport -> libidn != null;
assert ldapSupport -> openldap != null;
assert zlibSupport -> zlib != null;
@ -16,17 +18,20 @@ assert scpSupport -> libssh2 != null;
assert c-aresSupport -> c-ares != null;
stdenv.mkDerivation rec {
name = "curl-7.45.0";
name = "curl-7.47.0";
src = fetchurl {
url = "http://ngcobalt13.uxnr.de/mirror/curl/${name}.tar.bz2";
sha256 = "1slq5c0v9wa8hajgimhkxhvsrd07jmih8sa3gjsl597qp5k4w5b5";
sha256 = "0riz70pjg82gbcfi2ndvsksb2dv55g31ir8piph2p6zvhy9ny29b";
};
nativeBuildInputs = [ pkgconfig perl ];
# Zlib and OpenSSL must be propagated because `libcurl.la' contains
# "-lz -lssl", which aren't necessary direct build inputs of
# applications that use Curl.
propagatedBuildInputs = with stdenv.lib;
optional http2Support libnghttp2 ++
optional idnSupport libidn ++
optional ldapSupport openldap ++
optional zlibSupport zlib ++
@ -41,13 +46,10 @@ stdenv.mkDerivation rec {
rm src/tool_hugehelp.c
'';
# make curl honor CURL_CA_BUNDLE & SSL_CERT_FILE
postConfigure = ''
echo '#define CURL_CA_BUNDLE (getenv("CURL_CA_BUNDLE") ? getenv("CURL_CA_BUNDLE") : getenv("SSL_CERT_FILE"))' >> lib/curl_config.h
'';
configureFlags = [
"--with-ca-bundle=/etc/ssl/certs/ca-certificates.crt"
"--disable-manual"
( if http2Support then "--with-nghttp2=${libnghttp2}" else "--without-nghttp2" )
( if sslSupport then "--with-ssl=${openssl}" else "--without-ssl" )
( if scpSupport then "--with-libssh2=${libssh2}" else "--without-libssh2" )
( if ldapSupport then "--enable-ldap" else "--disable-ldap" )

37
pkgs/top-level/all-packages.nix
View File

@ -259,6 +259,15 @@ let
{ substitutions = { inherit autoconf automake gettext libtool; }; }
../build-support/setup-hooks/autoreconf.sh;
ensureNewerSourcesHook = { year }: makeSetupHook {}
(writeScript "ensure-newer-sources-hook.sh" ''
postUnpackHooks+=(_ensureNewerSources)
_ensureNewerSources() {
'${findutils}/bin/find' "$sourceRoot" \
'!' -newermt '${year}-01-01' -exec touch -d '${year}-01-02' '{}' '+'
}
'');
buildEnv = callPackage ../build-support/buildenv { }; # not actually a package
buildFHSEnv = callPackage ../build-support/build-fhs-chrootenv/env.nix {
@ -6604,6 +6613,11 @@ let
inherit fontconfig fontDirectories;
};
makeFontsCache = let fontconfig_ = fontconfig; in {fontconfig ? fontconfig_, fontDirectories}:
callPackage ../development/libraries/fontconfig/make-fonts-cache.nix {
inherit fontconfig fontDirectories;
};
freealut = callPackage ../development/libraries/freealut { };
freeglut = callPackage ../development/libraries/freeglut { };
@ -7838,6 +7852,8 @@ let
libvdpau = callPackage ../development/libraries/libvdpau { };
libvdpau-va-gl = callPackage ../development/libraries/libvdpau-va-gl { };
libvirt = callPackage ../development/libraries/libvirt { };
libvirt-glib = callPackage ../development/libraries/libvirt-glib { };
@ -8181,21 +8197,16 @@ let
wolfssl = callPackage ../development/libraries/wolfssl { };
openssl = openssl_1_0_1;
openssl_1_0_1 = callPackage ../development/libraries/openssl {
fetchurl = fetchurlBoot;
cryptodevHeaders = linuxPackages.cryptodev.override {
fetchurl = fetchurlBoot;
onlyHeaders = true;
};
};
openssl_1_0_2 = callPackage ../development/libraries/openssl/1.0.2.x.nix {
fetchurl = fetchurlBoot;
cryptodevHeaders = linuxPackages.cryptodev.override {
inherit (callPackages ../development/libraries/openssl {
fetchurl = fetchurlBoot;
onlyHeaders = true;
};
};
cryptodevHeaders = linuxPackages.cryptodev.override {
fetchurl = fetchurlBoot;
onlyHeaders = true;
};
})
openssl_1_0_1
openssl_1_0_2;
openssl-chacha = callPackage ../development/libraries/openssl/chacha.nix {
cryptodevHeaders = linuxPackages.cryptodev.override {

1
pkgs/top-level/perl-packages.nix
View File

@ -6943,7 +6943,6 @@ let self = _self // overrides; _self = with self; {
url = mirror://cpan/authors/id/G/GA/GAAS/LWP-Protocol-https-6.04.tar.gz;
sha256 = "0agnga5dg94222h6rlzqxa0dri2sh3gayncvfb7jad9nxr87gxhy";
};
patches = [ ../development/perl-modules/lwp-protocol-https-cert-file.patch ];
propagatedBuildInputs = [ LWP IOSocketSSL ];
doCheck = false; # tries to connect to https://www.apache.org/.
meta = {