From d273ad0310fe29e95acb8ceb12cde34dcb3e424e Mon Sep 17 00:00:00 2001 From: "R. RyanTM" Date: Sat, 7 Aug 2021 07:48:50 +0000 Subject: [PATCH 01/11] folly: 2021.01.25.00 -> 2021.08.02.00 (cherry picked from commit 34892123a4edf8479c1d93e5b0c96feacf86a6a2) --- pkgs/development/libraries/folly/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/libraries/folly/default.nix b/pkgs/development/libraries/folly/default.nix index 212b656adda..a80a5cd9f8f 100644 --- a/pkgs/development/libraries/folly/default.nix +++ b/pkgs/development/libraries/folly/default.nix @@ -19,13 +19,13 @@ stdenv.mkDerivation (rec { pname = "folly"; - version = "2021.01.25.00"; + version = "2021.08.02.00"; src = fetchFromGitHub { owner = "facebook"; repo = "folly"; rev = "v${version}"; - sha256 = "sha256-n2cpXdjPZYNjvSHBZFFn3JFwqYCFWc8qSKwet80LtJE="; + sha256 = "sha256-Y2CqPlhbfC++udbbURnI9mvRZswC8kmikp1HY0qJz4k="; }; nativeBuildInputs = [ From 61a9a2d6d7bfb744dfa86fe4bde6f40ed0cb7d66 Mon Sep 17 00:00:00 2001 From: Robert Scott Date: Sat, 14 Aug 2021 22:26:16 +0100 Subject: [PATCH 02/11] openvswitch: add patch for CVE-2021-36980 --- .../os-specific/linux/openvswitch/default.nix | 19 ++++++++++++++++--- 1 file changed, 16 insertions(+), 3 deletions(-) diff --git a/pkgs/os-specific/linux/openvswitch/default.nix b/pkgs/os-specific/linux/openvswitch/default.nix index 5faccc14ce7..8222c155878 100644 --- a/pkgs/os-specific/linux/openvswitch/default.nix +++ b/pkgs/os-specific/linux/openvswitch/default.nix @@ -1,5 +1,5 @@ -{ lib, stdenv, fetchurl, makeWrapper, pkg-config, util-linux, which -, procps, libcap_ng, openssl, python3 , perl +{ lib, stdenv, fetchurl, fetchpatch, makeWrapper, pkg-config, util-linux, which +, procps, libcap_ng, openssl, python3, perl, autoconf, automake, libtool , kernel ? null }: with lib; @@ -16,9 +16,22 @@ in stdenv.mkDerivation rec { sha256 = "sha256-ZfQg+VTiUNiV+y2yKhMuHLVgvF4rkFHoNFETSBCOWXo="; }; + patches = [ + (fetchpatch { + name = "CVE-2021-36980.patch"; + url = "https://github.com/openvswitch/ovs/commit/8ce8dc34b5f73b30ce0c1869af9947013c3c6575.patch"; + sha256 = "1iyaqkiwijl2djjvnnvykh95qlzgvn9hmpszrwzmhwvik5m7b6g6"; + # we don't run the tests, and the binary example missing from the patch + # file upsets the build process + excludes = [ "tests/*" ]; + }) + ]; + + preConfigure = "./boot.sh"; + kernel = optional (_kernel != null) _kernel.dev; - nativeBuildInputs = [ pkg-config makeWrapper ]; + nativeBuildInputs = [ pkg-config makeWrapper autoconf automake libtool ]; buildInputs = [ util-linux openssl libcap_ng pythonEnv perl procps which ]; From a49928582fa13afb87244c6ad4314b96eb37572a Mon Sep 17 00:00:00 2001 From: "R. RyanTM" Date: Mon, 22 Mar 2021 14:43:22 +0000 Subject: [PATCH 03/11] postsrsd: 1.10 -> 1.11 (cherry picked from commit 6c81f568877c7cac80d8b8b168950c42d8fc604b) --- pkgs/servers/mail/postsrsd/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/servers/mail/postsrsd/default.nix b/pkgs/servers/mail/postsrsd/default.nix index b61332be243..67dbea9c470 100644 --- a/pkgs/servers/mail/postsrsd/default.nix +++ b/pkgs/servers/mail/postsrsd/default.nix @@ -2,13 +2,13 @@ stdenv.mkDerivation rec { pname = "postsrsd"; - version = "1.10"; + version = "1.11"; src = fetchFromGitHub { owner = "roehling"; repo = "postsrsd"; rev = version; - sha256 = "sha256-AqOHHOnGqOnIw5hPPiJjUJFiwngTux7gwn8qig0t7hs="; + sha256 = "sha256-M1VtH+AToLh9J4zwIznInfFJzqmKElTvqAgI+qqL+Lw="; }; cmakeFlags = [ "-DGENERATE_SRS_SECRET=OFF" "-DINIT_FLAVOR=systemd" ]; From 7b11c267127d051102c9b1b47e52eb6a7950588e Mon Sep 17 00:00:00 2001 From: Robert Scott Date: Sun, 15 Aug 2021 18:59:17 +0100 Subject: [PATCH 04/11] ndpi: add patch for CVE-2021-36082 --- .../libraries/ndpi/3.4-CVE-2021-36082.patch | 101 ++++++++++++++++++ pkgs/development/libraries/ndpi/default.nix | 4 + 2 files changed, 105 insertions(+) create mode 100644 pkgs/development/libraries/ndpi/3.4-CVE-2021-36082.patch diff --git a/pkgs/development/libraries/ndpi/3.4-CVE-2021-36082.patch b/pkgs/development/libraries/ndpi/3.4-CVE-2021-36082.patch new file mode 100644 index 00000000000..192605917ab --- /dev/null +++ b/pkgs/development/libraries/ndpi/3.4-CVE-2021-36082.patch @@ -0,0 +1,101 @@ +Based on upstream https://github.com/ntop/nDPI/commit/1ec621c85b9411cc611652fd57a892cfef478af3 +adapted by ris to apply to ndpi 3.4 + +diff --git a/src/lib/protocols/netbios.c b/src/lib/protocols/netbios.c +index 1f3850cb..0d3b705f 100644 +--- a/src/lib/protocols/netbios.c ++++ b/src/lib/protocols/netbios.c +@@ -42,7 +42,7 @@ int ndpi_netbios_name_interpret(char *in, size_t inlen, char *out, u_int out_len + int ret = 0, len, idx = inlen; + char *b; + +- len = (*in++)/2; ++ len = (*in++)/2, inlen--; + b = out; + *out = 0; + + +diff --git a/src/lib/protocols/tls.c b/src/lib/protocols/tls.c +index 5b572cae..304d5799 100644 +--- a/src/lib/protocols/tls.c ++++ b/src/lib/protocols/tls.c +@@ -994,21 +994,23 @@ int processClientServerHello(struct ndpi_detection_module_struct *ndpi_struct, + i += 4 + extension_len, offset += 4 + extension_len; + } + +- ja3_str_len = snprintf(ja3_str, sizeof(ja3_str), "%u,", ja3.tls_handshake_version); ++ ja3_str_len = snprintf(ja3_str, JA3_STR_LEN, "%u,", ja3.tls_handshake_version); + +- for(i=0; i 0) ? "-" : "", ja3.cipher[i]); ++ for(i=0; (i ja3_str_len); i++) { ++ rc = snprintf(&ja3_str[ja3_str_len], JA3_STR_LEN-ja3_str_len, "%s%u", (i > 0) ? "-" : "", ja3.cipher[i]); + + if(rc <= 0) break; else ja3_str_len += rc; + } + +- rc = snprintf(&ja3_str[ja3_str_len], sizeof(ja3_str)-ja3_str_len, ","); ++ if(JA3_STR_LEN > ja3_str_len) { ++ rc = snprintf(&ja3_str[ja3_str_len], JA3_STR_LEN-ja3_str_len, ","); + if(rc > 0 && ja3_str_len + rc < JA3_STR_LEN) ja3_str_len += rc; ++ } + + /* ********** */ + +- for(i=0; i 0) ? "-" : "", ja3.tls_extension[i]); ++ for(i=0; (i ja3_str_len); i++) { ++ int rc = snprintf(&ja3_str[ja3_str_len], JA3_STR_LEN-ja3_str_len, "%s%u", (i > 0) ? "-" : "", ja3.tls_extension[i]); + + if(rc <= 0) break; else ja3_str_len += rc; + } +@@ -1443,41 +1445,41 @@ int processClientServerHello(struct ndpi_detection_module_struct *ndpi_struct, + int rc; + + compute_ja3c: +- ja3_str_len = snprintf(ja3_str, sizeof(ja3_str), "%u,", ja3.tls_handshake_version); ++ ja3_str_len = snprintf(ja3_str, JA3_STR_LEN, "%u,", ja3.tls_handshake_version); + + for(i=0; i 0) ? "-" : "", ja3.cipher[i]); + if(rc > 0 && ja3_str_len + rc < JA3_STR_LEN) ja3_str_len += rc; else break; + } + +- rc = snprintf(&ja3_str[ja3_str_len], sizeof(ja3_str)-ja3_str_len, ","); ++ rc = snprintf(&ja3_str[ja3_str_len], JA3_STR_LEN-ja3_str_len, ","); + if(rc > 0 && ja3_str_len + rc < JA3_STR_LEN) ja3_str_len += rc; + + /* ********** */ + + for(i=0; i 0) ? "-" : "", ja3.tls_extension[i]); + if(rc > 0 && ja3_str_len + rc < JA3_STR_LEN) ja3_str_len += rc; else break; + } + +- rc = snprintf(&ja3_str[ja3_str_len], sizeof(ja3_str)-ja3_str_len, ","); ++ rc = snprintf(&ja3_str[ja3_str_len], JA3_STR_LEN-ja3_str_len, ","); + if(rc > 0 && ja3_str_len + rc < JA3_STR_LEN) ja3_str_len += rc; + + /* ********** */ + + for(i=0; i 0) ? "-" : "", ja3.elliptic_curve[i]); + if(rc > 0 && ja3_str_len + rc < JA3_STR_LEN) ja3_str_len += rc; else break; + } + +- rc = snprintf(&ja3_str[ja3_str_len], sizeof(ja3_str)-ja3_str_len, ","); ++ rc = snprintf(&ja3_str[ja3_str_len], JA3_STR_LEN-ja3_str_len, ","); + if(rc > 0 && ja3_str_len + rc < JA3_STR_LEN) ja3_str_len += rc; + + for(i=0; i 0) ? "-" : "", ja3.elliptic_curve_point_format[i]); + if(rc > 0 && ja3_str_len + rc < JA3_STR_LEN) ja3_str_len += rc; else break; + } diff --git a/pkgs/development/libraries/ndpi/default.nix b/pkgs/development/libraries/ndpi/default.nix index c3df23052e2..c2cd1fca699 100644 --- a/pkgs/development/libraries/ndpi/default.nix +++ b/pkgs/development/libraries/ndpi/default.nix @@ -14,6 +14,10 @@ stdenv.mkDerivation { sha256 = "0xjh9gv0mq0213bjfs5ahrh6m7l7g99jjg8104c0pw54hz0p5pq1"; }; + patches = [ + ./3.4-CVE-2021-36082.patch + ]; + configureScript = "./autogen.sh"; nativeBuildInputs = [which autoconf automake libtool]; From 1948243193167cca5346ce68e11fb816e97b6e58 Mon Sep 17 00:00:00 2001 From: Sumner Evans Date: Tue, 3 Aug 2021 09:15:31 -0600 Subject: [PATCH 05/11] matrix-synapse: 1.39.0 -> 1.40.0 (cherry picked from commit 6f434ed48ce3ea9f5458bd58c81c68472a6103fb) --- pkgs/servers/matrix-synapse/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/servers/matrix-synapse/default.nix b/pkgs/servers/matrix-synapse/default.nix index 6214df94be9..d27079399d9 100644 --- a/pkgs/servers/matrix-synapse/default.nix +++ b/pkgs/servers/matrix-synapse/default.nix @@ -12,11 +12,11 @@ let in buildPythonApplication rec { pname = "matrix-synapse"; - version = "1.39.0"; + version = "1.40.0"; src = fetchPypi { inherit pname version; - sha256 = "sha256-dErfNHDUo0yGLbrRQdwbNkMVfnMfbrO3f7bsRwgRQMM="; + sha256 = "sha256-5RCeKTAtuFERQSoz4WinGz36tMuKtijnupPR/X02hCU="; }; patches = [ From 11cb4d06801ae3fb59d5345288abbab2c2cd95a2 Mon Sep 17 00:00:00 2001 From: Sumner Evans Date: Tue, 3 Aug 2021 09:44:06 -0600 Subject: [PATCH 06/11] matrix-synapse: fix homeserver script (cherry picked from commit 4444860f074e4530c25217a528748786f9334308) --- pkgs/servers/matrix-synapse/default.nix | 18 +++++++++++---- .../matrix-synapse/homeserver-script.patch | 23 ------------------- 2 files changed, 13 insertions(+), 28 deletions(-) delete mode 100644 pkgs/servers/matrix-synapse/homeserver-script.patch diff --git a/pkgs/servers/matrix-synapse/default.nix b/pkgs/servers/matrix-synapse/default.nix index d27079399d9..f98220d5d30 100644 --- a/pkgs/servers/matrix-synapse/default.nix +++ b/pkgs/servers/matrix-synapse/default.nix @@ -19,11 +19,6 @@ buildPythonApplication rec { sha256 = "sha256-5RCeKTAtuFERQSoz4WinGz36tMuKtijnupPR/X02hCU="; }; - patches = [ - # adds an entry point for the service - ./homeserver-script.patch - ]; - buildInputs = [ openssl ]; propagatedBuildInputs = [ @@ -70,6 +65,19 @@ buildPythonApplication rec { PYTHONPATH=".:$PYTHONPATH" ${python3.interpreter} -m twisted.trial tests ''; + postFixup = '' + mkdir -p $out/bin + + # Make a little wrapper for running Synapse with its dependencies + echo "#!/bin/sh + exec python -m synapse.app.homeserver \"\$@\" + " > $out/bin/homeserver + chmod +x $out/bin/homeserver + wrapProgram $out/bin/homeserver \ + --set PATH ${python3}/bin \ + --set PYTHONPATH $PYTHONPATH + ''; + passthru.tests = { inherit (nixosTests) matrix-synapse; }; passthru.plugins = plugins; passthru.tools = tools; diff --git a/pkgs/servers/matrix-synapse/homeserver-script.patch b/pkgs/servers/matrix-synapse/homeserver-script.patch deleted file mode 100644 index 554a2c5f66c..00000000000 --- a/pkgs/servers/matrix-synapse/homeserver-script.patch +++ /dev/null @@ -1,23 +0,0 @@ -diff --git a/homeserver b/homeserver -new file mode 120000 -index 000000000..2f1d41351 ---- /dev/null -+++ b/homeserver -@@ -0,0 +1 @@ -+synapse/app/homeserver.py -\ No newline at end of file -diff --git a/setup.py b/setup.py -index 5ce06c898..f1ccd95bc 100755 ---- a/setup.py -+++ b/setup.py -@@ -115,6 +115,6 @@ setup( - "Programming Language :: Python :: 3.6", - "Programming Language :: Python :: 3.7", - ], -- scripts=["synctl"] + glob.glob("scripts/*"), -+ scripts=["synctl", "homeserver"] + glob.glob("scripts/*"), - cmdclass={"test": TestCommand}, - ) --- -2.22.0 - From 2a186797673b22df3d863375987c982165b0ad7a Mon Sep 17 00:00:00 2001 From: Maximilian Bosch Date: Mon, 16 Aug 2021 13:01:57 +0200 Subject: [PATCH 07/11] Revert "matrix-synapse: fix homeserver script" This reverts commit 4444860f074e4530c25217a528748786f9334308. (cherry picked from commit 21eb8c5b37c6bcc18ecd2ebaeaf4a4fabe9c0f36) --- pkgs/servers/matrix-synapse/default.nix | 18 ++++----------- .../matrix-synapse/homeserver-script.patch | 23 +++++++++++++++++++ 2 files changed, 28 insertions(+), 13 deletions(-) create mode 100644 pkgs/servers/matrix-synapse/homeserver-script.patch diff --git a/pkgs/servers/matrix-synapse/default.nix b/pkgs/servers/matrix-synapse/default.nix index f98220d5d30..d27079399d9 100644 --- a/pkgs/servers/matrix-synapse/default.nix +++ b/pkgs/servers/matrix-synapse/default.nix @@ -19,6 +19,11 @@ buildPythonApplication rec { sha256 = "sha256-5RCeKTAtuFERQSoz4WinGz36tMuKtijnupPR/X02hCU="; }; + patches = [ + # adds an entry point for the service + ./homeserver-script.patch + ]; + buildInputs = [ openssl ]; propagatedBuildInputs = [ @@ -65,19 +70,6 @@ buildPythonApplication rec { PYTHONPATH=".:$PYTHONPATH" ${python3.interpreter} -m twisted.trial tests ''; - postFixup = '' - mkdir -p $out/bin - - # Make a little wrapper for running Synapse with its dependencies - echo "#!/bin/sh - exec python -m synapse.app.homeserver \"\$@\" - " > $out/bin/homeserver - chmod +x $out/bin/homeserver - wrapProgram $out/bin/homeserver \ - --set PATH ${python3}/bin \ - --set PYTHONPATH $PYTHONPATH - ''; - passthru.tests = { inherit (nixosTests) matrix-synapse; }; passthru.plugins = plugins; passthru.tools = tools; diff --git a/pkgs/servers/matrix-synapse/homeserver-script.patch b/pkgs/servers/matrix-synapse/homeserver-script.patch new file mode 100644 index 00000000000..554a2c5f66c --- /dev/null +++ b/pkgs/servers/matrix-synapse/homeserver-script.patch @@ -0,0 +1,23 @@ +diff --git a/homeserver b/homeserver +new file mode 120000 +index 000000000..2f1d41351 +--- /dev/null ++++ b/homeserver +@@ -0,0 +1 @@ ++synapse/app/homeserver.py +\ No newline at end of file +diff --git a/setup.py b/setup.py +index 5ce06c898..f1ccd95bc 100755 +--- a/setup.py ++++ b/setup.py +@@ -115,6 +115,6 @@ setup( + "Programming Language :: Python :: 3.6", + "Programming Language :: Python :: 3.7", + ], +- scripts=["synctl"] + glob.glob("scripts/*"), ++ scripts=["synctl", "homeserver"] + glob.glob("scripts/*"), + cmdclass={"test": TestCommand}, + ) +-- +2.22.0 + From 268946d9ca84ee0826f663fa108cc0a0a1ac9652 Mon Sep 17 00:00:00 2001 From: Maximilian Bosch Date: Mon, 16 Aug 2021 13:48:00 +0200 Subject: [PATCH 08/11] matrix-synapse: fix startup (cherry picked from commit 5a01d3ac1f1ea31b9b2635eb2ae1d9f6cd860230) --- ...tup-add-homeserver-as-console-script.patch | 33 +++++++++++++++++++ pkgs/servers/matrix-synapse/default.nix | 3 +- .../matrix-synapse/homeserver-script.patch | 23 ------------- 3 files changed, 34 insertions(+), 25 deletions(-) create mode 100644 pkgs/servers/matrix-synapse/0001-setup-add-homeserver-as-console-script.patch delete mode 100644 pkgs/servers/matrix-synapse/homeserver-script.patch diff --git a/pkgs/servers/matrix-synapse/0001-setup-add-homeserver-as-console-script.patch b/pkgs/servers/matrix-synapse/0001-setup-add-homeserver-as-console-script.patch new file mode 100644 index 00000000000..eb70d21ed5c --- /dev/null +++ b/pkgs/servers/matrix-synapse/0001-setup-add-homeserver-as-console-script.patch @@ -0,0 +1,33 @@ +From 36ffbb7ad2c535180cae473b470a43f9db4fbdcd Mon Sep 17 00:00:00 2001 +From: Maximilian Bosch +Date: Mon, 16 Aug 2021 13:27:28 +0200 +Subject: [PATCH] setup: add homeserver as console script + +With this change, it will be added to `$out/bin` in `nixpkgs` directly. +This became necessary since our old workaround, calling it as script, +doesn't work anymore since the shebangs were removed[1]. + +[1] https://github.com/matrix-org/synapse/pull/10415 +--- + setup.py | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/setup.py b/setup.py +index c47856351..27f1d842c 100755 +--- a/setup.py ++++ b/setup.py +@@ -133,6 +133,11 @@ setup( + long_description=long_description, + long_description_content_type="text/x-rst", + python_requires="~=3.6", ++ entry_points={ ++ 'console_scripts': [ ++ 'homeserver = synapse.app.homeserver:main' ++ ] ++ }, + classifiers=[ + "Development Status :: 5 - Production/Stable", + "Topic :: Communications :: Chat", +-- +2.31.1 + diff --git a/pkgs/servers/matrix-synapse/default.nix b/pkgs/servers/matrix-synapse/default.nix index d27079399d9..0eefbbb1147 100644 --- a/pkgs/servers/matrix-synapse/default.nix +++ b/pkgs/servers/matrix-synapse/default.nix @@ -20,8 +20,7 @@ buildPythonApplication rec { }; patches = [ - # adds an entry point for the service - ./homeserver-script.patch + ./0001-setup-add-homeserver-as-console-script.patch ]; buildInputs = [ openssl ]; diff --git a/pkgs/servers/matrix-synapse/homeserver-script.patch b/pkgs/servers/matrix-synapse/homeserver-script.patch deleted file mode 100644 index 554a2c5f66c..00000000000 --- a/pkgs/servers/matrix-synapse/homeserver-script.patch +++ /dev/null @@ -1,23 +0,0 @@ -diff --git a/homeserver b/homeserver -new file mode 120000 -index 000000000..2f1d41351 ---- /dev/null -+++ b/homeserver -@@ -0,0 +1 @@ -+synapse/app/homeserver.py -\ No newline at end of file -diff --git a/setup.py b/setup.py -index 5ce06c898..f1ccd95bc 100755 ---- a/setup.py -+++ b/setup.py -@@ -115,6 +115,6 @@ setup( - "Programming Language :: Python :: 3.6", - "Programming Language :: Python :: 3.7", - ], -- scripts=["synctl"] + glob.glob("scripts/*"), -+ scripts=["synctl", "homeserver"] + glob.glob("scripts/*"), - cmdclass={"test": TestCommand}, - ) --- -2.22.0 - From 938357ce193c6c4475b72dba7be3f4ef7c4d8ec9 Mon Sep 17 00:00:00 2001 From: Robert Scott Date: Sat, 21 Aug 2021 23:17:34 +0100 Subject: [PATCH 09/11] python3Packages.yamale: 3.0.4 -> 3.0.8 (cherry picked from commit 58078da425264785882e120edd5b28f6a9b92ea6) --- pkgs/development/python-modules/yamale/default.nix | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/pkgs/development/python-modules/yamale/default.nix b/pkgs/development/python-modules/yamale/default.nix index 9b2c7b116c6..5d292644139 100644 --- a/pkgs/development/python-modules/yamale/default.nix +++ b/pkgs/development/python-modules/yamale/default.nix @@ -9,7 +9,7 @@ buildPythonPackage rec { pname = "yamale"; - version = "3.0.4"; + version = "3.0.8"; disabled = !isPy3k; @@ -17,7 +17,7 @@ buildPythonPackage rec { owner = "23andMe"; repo = pname; rev = version; - sha256 = "1xjvah4r3gpwk4zxql3c9jpllb34k175fm6iq1zvsd2vv2fwf8s2"; + sha256 = "0bn0himn5fwndaxn205s55bdc4np7lhd940i0lkv0m7ybhbw7dap"; }; propagatedBuildInputs = [ @@ -28,6 +28,7 @@ buildPythonPackage rec { checkInputs = [ pytest ]; + pythonImportsCheck = [ "yamale" ]; meta = with lib; { description = "A schema and validator for YAML"; From 66966119f34333f7a742f42fefba1b973c876657 Mon Sep 17 00:00:00 2001 From: adisbladis Date: Fri, 6 Aug 2021 16:25:38 -0500 Subject: [PATCH 10/11] emacs: Add custom elpa fetcher Elpa only serves the latest version of a given package uncompressed. Once that release is no longer the latest & greatest it gets archived and compressed meaning that both the URL and the hash changes. To work around this issue we fall back to the URL with the .lz suffix and if that's the one we downloaded we uncompress the file to ensure the hash matches regardless of compression. --- .../emacs/elisp-packages/fetchelpa.nix | 21 +++++++++++++++++++ 1 file changed, 21 insertions(+) create mode 100644 pkgs/applications/editors/emacs/elisp-packages/fetchelpa.nix diff --git a/pkgs/applications/editors/emacs/elisp-packages/fetchelpa.nix b/pkgs/applications/editors/emacs/elisp-packages/fetchelpa.nix new file mode 100644 index 00000000000..f4524f3b7a9 --- /dev/null +++ b/pkgs/applications/editors/emacs/elisp-packages/fetchelpa.nix @@ -0,0 +1,21 @@ +# Elpa only serves the latest version of a given package uncompressed. +# Once that release is no longer the latest & greatest it gets archived and compressed +# meaning that both the URL and the hash changes. +# +# To work around this issue we fall back to the URL with the .lz suffix and if that's the +# one we downloaded we uncompress the file to ensure the hash matches regardless of compression. + +{ fetchurl, lzip }: + +{ url, ... }@args: fetchurl ((removeAttrs args [ "url" ]) // { + urls = [ + url + (url + ".lz") + ]; + postFetch = '' + if [[ $url == *.lz ]]; then + ${lzip}/bin/lzip -c -d $out > uncompressed + mv uncompressed $out + fi + ''; +}) From 6a5fc6becadc086f548582e513edd7b7c07dcda6 Mon Sep 17 00:00:00 2001 From: adisbladis Date: Fri, 6 Aug 2021 16:26:09 -0500 Subject: [PATCH 11/11] emacs.pkgs.elpaPackages: Use custom elpa fetcher --- .../editors/emacs/elisp-packages/elpa-packages.nix | 7 +++++-- pkgs/top-level/emacs-packages.nix | 2 +- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/pkgs/applications/editors/emacs/elisp-packages/elpa-packages.nix b/pkgs/applications/editors/emacs/elisp-packages/elpa-packages.nix index 02a9a6e6562..0b8929d5127 100644 --- a/pkgs/applications/editors/emacs/elisp-packages/elpa-packages.nix +++ b/pkgs/applications/editors/emacs/elisp-packages/elpa-packages.nix @@ -21,7 +21,7 @@ formats commits for you. */ -{ lib, stdenv, texinfo, writeText }: +{ lib, stdenv, buildPackages, texinfo, writeText }: self: let @@ -41,7 +41,10 @@ self: let }: let imported = import generated { - inherit (self) callPackage; + callPackage = pkgs: args: self.callPackage pkgs (args // { + # Use custom elpa url fetcher with fallback/uncompress + fetchurl = buildPackages.callPackage ./fetchelpa.nix { }; + }); }; super = removeAttrs imported [ "dash" ]; diff --git a/pkgs/top-level/emacs-packages.nix b/pkgs/top-level/emacs-packages.nix index d168d34e373..c682a9da014 100644 --- a/pkgs/top-level/emacs-packages.nix +++ b/pkgs/top-level/emacs-packages.nix @@ -26,7 +26,7 @@ let mkElpaPackages = { pkgs, lib }: import ../applications/editors/emacs/elisp-packages/elpa-packages.nix { - inherit (pkgs) stdenv texinfo writeText; + inherit (pkgs) stdenv texinfo writeText buildPackages; inherit lib; };