From 81f39ee22f40af86a3b8ec155be63f9b641769ab Mon Sep 17 00:00:00 2001 From: Will Dietz Date: Wed, 31 Oct 2018 10:14:06 -0500 Subject: [PATCH 01/10] slack-term: init at 0.4.1 --- .../instant-messengers/slack-term/default.nix | 23 +++++++++++++++++++ pkgs/top-level/all-packages.nix | 2 ++ 2 files changed, 25 insertions(+) create mode 100644 pkgs/applications/networking/instant-messengers/slack-term/default.nix diff --git a/pkgs/applications/networking/instant-messengers/slack-term/default.nix b/pkgs/applications/networking/instant-messengers/slack-term/default.nix new file mode 100644 index 00000000000..79464f54232 --- /dev/null +++ b/pkgs/applications/networking/instant-messengers/slack-term/default.nix @@ -0,0 +1,23 @@ +{ stdenv, buildGoPackage, fetchFromGitHub }: + +buildGoPackage rec { + # https://github.com/erroneousboat/slack-term + name = "slack-term-${version}"; + version = "0.4.1"; + + goPackagePath = "github.com/erroneousboat/slack-term"; + + src = fetchFromGitHub { + owner = "erroneousboat"; + repo = "slack-term"; + rev = "v${version}"; + sha256 = "1340bq7h31fxykxbxpn6hv7n2hmjf20f8vg5gan9pjf5jaa6kfza"; + }; + + meta = with stdenv.lib; { + description = "Slack client for your terminal"; + homepage = https://github.com/erroneousboat/slack-term; + license = licenses.mit; + maintainers = with maintainers; [ dtzWill ]; + }; +} diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 89b32ec3bfa..531753c19b4 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -17240,6 +17240,8 @@ with pkgs; slack-cli = callPackage ../tools/networking/slack-cli { }; + slack-term = callPackage ../applications/networking/instant-messengers/slack-term { }; + singularity = callPackage ../applications/virtualization/singularity { }; spectmorph = callPackage ../applications/audio/spectmorph { }; From dd21f83950471bcd1878268b525207df4445ad8d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Th=C3=A9o=20Zimmermann?= Date: Fri, 2 Nov 2018 10:09:15 +0100 Subject: [PATCH 02/10] coq_8_9: init at 8.9+beta1 --- pkgs/applications/science/logic/coq/default.nix | 1 + pkgs/top-level/all-packages.nix | 13 +++++++------ pkgs/top-level/coq-packages.nix | 10 +++++----- 3 files changed, 13 insertions(+), 11 deletions(-) diff --git a/pkgs/applications/science/logic/coq/default.nix b/pkgs/applications/science/logic/coq/default.nix index 040d722f941..5fab9788a94 100644 --- a/pkgs/applications/science/logic/coq/default.nix +++ b/pkgs/applications/science/logic/coq/default.nix @@ -25,6 +25,7 @@ let "8.8.0" = "13a4fka22hdxsjk11mgjb9ffzplfxyxp1sg5v1c8nk1grxlscgw8"; "8.8.1" = "1hlf58gwazywbmfa48219amid38vqdl94yz21i11b4map6jfwhbk"; "8.8.2" = "1lip3xja924dm6qblisk1bk0x8ai24s5xxqxphbdxj6djglj68fd"; + "8.9+beta1" = "1yxv2klqal3mh6symi3gc6gv3xm684zlld2c0b6ijhjmp865cin8"; }."${version}"; coq-version = builtins.substring 0 3 version; ideFlags = if buildIde then "-lablgtkdir ${ocamlPackages.lablgtk}/lib/ocaml/*/site-lib/lablgtk2 -coqide opt" else ""; diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 6bdb2be4480..7fc0c9fee9d 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -21364,13 +21364,14 @@ with pkgs; boogie = dotnetPackages.Boogie; inherit (callPackage ./coq-packages.nix { - inherit (ocaml-ng) ocamlPackages_4_02 - ocamlPackages_4_05 - ; + inherit (ocaml-ng) ocamlPackages_4_05; }) mkCoqPackages - coq_8_5 coq_8_6 coq_8_7 coq_8_8 - coqPackages_8_5 coqPackages_8_6 coqPackages_8_7 coqPackages_8_8 - coqPackages coq + coqPackages_8_5 coq_8_5 + coqPackages_8_6 coq_8_6 + coqPackages_8_7 coq_8_7 + coqPackages_8_8 coq_8_8 + coqPackages_8_9 coq_8_9 + coqPackages coq ; coq2html = callPackage ../applications/science/logic/coq2html { diff --git a/pkgs/top-level/coq-packages.nix b/pkgs/top-level/coq-packages.nix index a4f44b6fc6f..3ba90f3b594 100644 --- a/pkgs/top-level/coq-packages.nix +++ b/pkgs/top-level/coq-packages.nix @@ -1,8 +1,4 @@ -{ lib, callPackage, newScope, recurseIntoAttrs -, gnumake3 -, ocamlPackages_4_02 -, ocamlPackages_4_05 -}: +{ lib, callPackage, newScope, recurseIntoAttrs, ocamlPackages_4_05 }: let mkCoqPackages' = self: coq: @@ -70,11 +66,15 @@ in rec { coq_8_8 = callPackage ../applications/science/logic/coq { version = "8.8.2"; }; + coq_8_9 = callPackage ../applications/science/logic/coq { + version = "8.9+beta1"; + }; coqPackages_8_5 = mkCoqPackages coq_8_5; coqPackages_8_6 = mkCoqPackages coq_8_6; coqPackages_8_7 = mkCoqPackages coq_8_7; coqPackages_8_8 = mkCoqPackages coq_8_8; + coqPackages_8_9 = mkCoqPackages coq_8_9; coqPackages = coqPackages_8_8; coq = coqPackages.coq; From 6e052567047166460db229074e48d7e6c393957e Mon Sep 17 00:00:00 2001 From: davidak Date: Sun, 4 Nov 2018 04:03:57 +0100 Subject: [PATCH 03/10] radeon-crimson: fix download --- pkgs/os-specific/linux/ati-drivers/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/os-specific/linux/ati-drivers/default.nix b/pkgs/os-specific/linux/ati-drivers/default.nix index d5d42faa913..cda7e03cd06 100644 --- a/pkgs/os-specific/linux/ati-drivers/default.nix +++ b/pkgs/os-specific/linux/ati-drivers/default.nix @@ -61,8 +61,8 @@ stdenv.mkDerivation rec { src = fetchurl { url = "https://www2.ati.com/drivers/linux/radeon-crimson-15.12-15.302-151217a-297685e.zip"; - sha256 = "0n0ynqmjkjp5dl5q07as7ps3rlyyn63hq4mlwgd7c7v82ky2skvh"; - curlOpts = "--referer http://support.amd.com/en-us/download/desktop?os=Linux+x86_64"; + sha256 = "704f2dfc14681f76dae3b4120c87b1ded33cf43d5a1d800b6de5ca292bb61e58"; + curlOpts = "--referer https://www.amd.com/en/support"; }; hardeningDisable = [ "pic" "format" ]; From 64d50a00991983e90d6a22f39d03b028602e34d6 Mon Sep 17 00:00:00 2001 From: Frederik Rietdijk Date: Sun, 4 Nov 2018 08:46:30 +0100 Subject: [PATCH 04/10] meson: fix building with python 3.7 --- pkgs/development/tools/build-managers/meson/default.nix | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/pkgs/development/tools/build-managers/meson/default.nix b/pkgs/development/tools/build-managers/meson/default.nix index 35ae59af617..ffbcc46bd1a 100644 --- a/pkgs/development/tools/build-managers/meson/default.nix +++ b/pkgs/development/tools/build-managers/meson/default.nix @@ -1,4 +1,4 @@ -{ lib, python3Packages, stdenv, writeTextDir, substituteAll }: +{ lib, python3Packages, stdenv, writeTextDir, substituteAll, fetchpatch }: python3Packages.buildPythonApplication rec { version = "0.46.1"; @@ -41,6 +41,12 @@ python3Packages.buildPythonApplication rec { src = ./fix-rpath.patch; inherit (builtins) storeDir; }) + + # Support Python 3.7. This is part of 0.47 and 0.48.1. + (fetchpatch { + url = https://github.com/mesonbuild/meson/commit/a87496addd9160300837aa50193f4798c6f1d251.patch; + sha256 = "1jfn9dgib5bc8frcd65cxn3fzhp19bpbjadxjkqzbjk1v4hdbl88"; + }) ]; setupHook = ./setup-hook.sh; From c1e003ff2f8a43189d48b7194ec8556aa3d88641 Mon Sep 17 00:00:00 2001 From: Frederik Rietdijk Date: Sun, 4 Nov 2018 09:45:41 +0100 Subject: [PATCH 05/10] Python: reduce amount of warnings when building with `buildPython*` By default all warnings were printed. This occasionally resulted in a lot of warnings leading to builds being killed. This commit reduces the amount of warnings printed. --- pkgs/development/interpreters/python/mk-python-derivation.nix | 4 ++++ pkgs/development/python-modules/pytest/default.nix | 3 ++- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/pkgs/development/interpreters/python/mk-python-derivation.nix b/pkgs/development/interpreters/python/mk-python-derivation.nix index 63ffdbb8c0a..ef8ee4e5425 100644 --- a/pkgs/development/interpreters/python/mk-python-derivation.nix +++ b/pkgs/development/interpreters/python/mk-python-derivation.nix @@ -101,6 +101,10 @@ toPythonModule (python.stdenv.mkDerivation (builtins.removeAttrs attrs [ ${python.interpreter} ${./catch_conflicts}/catch_conflicts.py '' + attrs.postFixup or ''''; + # Print fewer warnings so we have less noise in our logs + # The amount of warnings also caused builds to be terminated. + PYTHONWARNINGS="once"; + meta = { # default to python's platforms platforms = python.meta.platforms; diff --git a/pkgs/development/python-modules/pytest/default.nix b/pkgs/development/python-modules/pytest/default.nix index 9412a750a9a..ad8c8d9ad0d 100644 --- a/pkgs/development/python-modules/pytest/default.nix +++ b/pkgs/development/python-modules/pytest/default.nix @@ -24,7 +24,8 @@ buildPythonPackage rec { checkPhase = '' runHook preCheck - $out/bin/py.test -x testing/ + # Re-enable warnings because the test suite relies on it. + PYTHONWARNINGS= $out/bin/py.test -x testing/ runHook postCheck ''; From 5b744f4cd9aca7097edbabdc8f974c45cba7fe26 Mon Sep 17 00:00:00 2001 From: Frederik Rietdijk Date: Sun, 4 Nov 2018 10:20:06 +0100 Subject: [PATCH 06/10] python.pkgs.cffi: disable a test --- pkgs/development/python-modules/cffi/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/development/python-modules/cffi/default.nix b/pkgs/development/python-modules/cffi/default.nix index 3f1456f6e94..18826d46b86 100644 --- a/pkgs/development/python-modules/cffi/default.nix +++ b/pkgs/development/python-modules/cffi/default.nix @@ -33,7 +33,7 @@ if isPyPy then null else buildPythonPackage rec { doCheck = !stdenv.hostPlatform.isMusl; # TODO: Investigate checkPhase = '' - py.test + py.test -k "not test_char_pointer_conversion" ''; meta = with stdenv.lib; { From abea6f461ae886544917e32634e5612b0fc73c13 Mon Sep 17 00:00:00 2001 From: Frederik Rietdijk Date: Sun, 4 Nov 2018 11:01:09 +0100 Subject: [PATCH 07/10] Revert "Merge pull request #49398 from Synthetica9/implement-rfc0035" to fix eval This reverts commit 3fc7d5eb83804e10ae55b1ae9b102f88b1ea2b08, reversing changes made to 1fddf2b68996b56804a24b67191e4d883943057d. The idea is good, however, before enforcing, make sure all occurences are fixed. --- pkgs/stdenv/generic/make-derivation.nix | 13 +------------ 1 file changed, 1 insertion(+), 12 deletions(-) diff --git a/pkgs/stdenv/generic/make-derivation.nix b/pkgs/stdenv/generic/make-derivation.nix index cb3731da193..e06faed30a1 100644 --- a/pkgs/stdenv/generic/make-derivation.nix +++ b/pkgs/stdenv/generic/make-derivation.nix @@ -12,9 +12,7 @@ rec { # * https://nixos.org/nix/manual/#ssec-derivation # Explanation about derivations in general mkDerivation = - { name ? if attrs ? pname && attrs ? version - then "${attrs.pname}-${attrs.version}" - else "" + { name ? "" # These types of dependencies are all exhaustively documented in # the "Specifying Dependencies" section of the "Standard @@ -67,8 +65,6 @@ rec { , pos ? # position used in error messages and for meta.position (if attrs.meta.description or null != null then builtins.unsafeGetAttrPos "description" attrs.meta - else if attrs.version or null != null - then builtins.unsafeGetAttrPos "version" attrs else builtins.unsafeGetAttrPos "name" attrs) , separateDebugInfo ? false , outputs ? [ "out" ] @@ -82,13 +78,6 @@ rec { , ... } @ attrs: - # Check that the name is consistent with pname and version: - assert lib.assertMsg - (lib.lists.all (name: builtins.hasAttr name attrs) ["name" "pname" "version"] - -> lib.strings.hasSuffix "${attrs.pname}-${attrs.version}" attrs.name) - ("mkDerivation: `name` (\"${attrs.name}\") must be consistent " + - "with `pname-version` \"${attrs.pname}-${attrs.version}\""); - let # TODO(@oxij, @Ericson2314): This is here to keep the old semantics, remove when # no package has `doCheck = true`. From 058a3c0806e2148ae3d0519bcaa929b7c2486c17 Mon Sep 17 00:00:00 2001 From: Timon Stampfli Date: Sat, 27 Oct 2018 15:25:52 +0200 Subject: [PATCH 08/10] openjpeg: adding patch for CVE-2018-7648 (cherry picked from commit 3dc0838450ad5ec8c25adcd1c7bfe3b8b630b7e5) Forward-picking from staging-next. The CVE is marked as critical, and the amount of rebuilds isn't that high (~500 linux, ~100 darwin). --- pkgs/development/libraries/openjpeg/2.x.nix | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/pkgs/development/libraries/openjpeg/2.x.nix b/pkgs/development/libraries/openjpeg/2.x.nix index d18c971dc11..77d9e5829a1 100644 --- a/pkgs/development/libraries/openjpeg/2.x.nix +++ b/pkgs/development/libraries/openjpeg/2.x.nix @@ -5,4 +5,12 @@ callPackage ./generic.nix (args // rec { branch = "2.3"; revision = "v${version}"; sha256 = "08plxrnfl33sn2vh5nwbsngyv6b1sfpplvx881crm1v1ai10m2lz"; + + patches = [ + (fetchpatch { + name = "CVE-2018-7648.patch"; + url = "https://github.com/uclouvain/openjpeg/commit/cc3824767bde397fedb8a1ae4786a222ba860c8d.patch"; + sha256 = "1j5nxmlgyfkxldk2f1ij6h850xw45q3b5brxqa04dxsfsv8cdj5j"; + }) + ]; }) From 587c3774abc075f117eb73bf01ef4d582de03411 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Vladim=C3=ADr=20=C4=8Cun=C3=A1t?= Date: Sat, 3 Nov 2018 15:07:45 +0100 Subject: [PATCH 09/10] Revert "systemd: 239 -> 239.20181031" This reverts commit d1de23b8302d02d4699e884533906a3992f370b6. The changes turned out to be too intrusive, so we'll patch instead. Discussion: https://github.com/NixOS/systemd/pull/24 --- pkgs/os-specific/linux/systemd/default.nix | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/pkgs/os-specific/linux/systemd/default.nix b/pkgs/os-specific/linux/systemd/default.nix index 2a17a0a2875..db64b8e6f6d 100644 --- a/pkgs/os-specific/linux/systemd/default.nix +++ b/pkgs/os-specific/linux/systemd/default.nix @@ -18,7 +18,7 @@ let pythonLxmlEnv = buildPackages.python3Packages.python.withPackages ( ps: with ps; [ python3Packages.lxml ]); in stdenv.mkDerivation rec { - version = "239.20181031"; + version = "239"; name = "systemd-${version}"; # When updating, use https://github.com/systemd/systemd-stable tree, not the development one! @@ -26,8 +26,8 @@ in stdenv.mkDerivation rec { src = fetchFromGitHub { owner = "NixOS"; repo = "systemd"; - rev = "nixos-v${version}"; - sha256 = "1rzl0iqrpa4ajvama5k3cb3yc7893c55kzcxkl3cyavpdzsw5505"; + rev = "31859ddd35fc3fa82a583744caa836d356c31d7f"; + sha256 = "1xci0491j95vdjgs397n618zii3sgwnvanirkblqqw6bcvcjvir1"; }; outputs = [ "out" "lib" "man" "dev" ]; @@ -91,7 +91,6 @@ in stdenv.mkDerivation rec { "-Dsulogin-path=${utillinux}/bin/sulogin" "-Dmount-path=${utillinux}/bin/mount" "-Dumount-path=${utillinux}/bin/umount" - "-Ddns-over-tls=false" ]; preConfigure = '' From 179b8146e668636fe59ef7663a6c8cd15d00db7e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Vladim=C3=ADr=20=C4=8Cun=C3=A1t?= Date: Sat, 3 Nov 2018 15:47:44 +0100 Subject: [PATCH 10/10] systemd: apply patches from Debian There are some security fixes among those. --- pkgs/os-specific/linux/systemd/default.nix | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/pkgs/os-specific/linux/systemd/default.nix b/pkgs/os-specific/linux/systemd/default.nix index db64b8e6f6d..1d45109ac85 100644 --- a/pkgs/os-specific/linux/systemd/default.nix +++ b/pkgs/os-specific/linux/systemd/default.nix @@ -1,4 +1,4 @@ -{ stdenv, lib, fetchFromGitHub, fetchpatch, pkgconfig, intltool, gperf, libcap, kmod +{ stdenv, lib, fetchFromGitHub, fetchpatch, fetchurl, pkgconfig, intltool, gperf, libcap, kmod , xz, pam, acl, libuuid, m4, utillinux, libffi , glib, kbd, libxslt, coreutils, libgcrypt, libgpgerror, libidn2, libapparmor , audit, lz4, bzip2, libmicrohttpd, pcre2 @@ -30,6 +30,22 @@ in stdenv.mkDerivation rec { sha256 = "1xci0491j95vdjgs397n618zii3sgwnvanirkblqqw6bcvcjvir1"; }; + prePatch = let + # Upstream's maintenance branches are still too intrusive: + # https://github.com/systemd/systemd-stable/tree/v239-stable + patches-deb = fetchurl { + # When the URL disappears, it typically means that Debian has new patches + # (probably security) and updating to new tarball will apply them as well. + name = "systemd-debian-patches.tar.xz"; + url = mirror://debian/pool/main/s/systemd/systemd_239-11~bpo9+1.debian.tar.xz; + sha256 = "136f6p4jbi4z94mf4g099dfcacwka8jwhza0wxxw2q5l5q3xiysh"; + }; + # Note that we skip debian-specific patches, i.e. ./debian/patches/debian/* + in '' + tar xf ${patches-deb} + patches="$patches $(cat debian/patches/series | grep -v '^debian/' | sed 's|^|debian/patches/|')" + ''; + outputs = [ "out" "lib" "man" "dev" ]; nativeBuildInputs =