Merge https://github.com/NixOS/nixpkgs

author: Alyssa Ross <hi@alyssa.is> 2023-12-01 19:00:09 +0100
committer: Alyssa Ross <hi@alyssa.is> 2023-12-01 19:00:09 +0100
commit: 9e9b07490d5bab5d115c66b80bdb10ff0c11ed8d (patch)
tree: 4368f9e4cb2d5b93a956c085337e45cb70f1e331 /nixpkgs/pkgs/build-support
parent: a9cbfb6941b47d6f50129e6e36927882392daed7 (diff)
parent: 2344fe1da14cb08b0c18743b207995f9b8597915 (diff)
download: nixlib-9e9b07490d5bab5d115c66b80bdb10ff0c11ed8d.tar
nixlib-9e9b07490d5bab5d115c66b80bdb10ff0c11ed8d.tar.gz
nixlib-9e9b07490d5bab5d115c66b80bdb10ff0c11ed8d.tar.bz2
nixlib-9e9b07490d5bab5d115c66b80bdb10ff0c11ed8d.tar.lz
nixlib-9e9b07490d5bab5d115c66b80bdb10ff0c11ed8d.tar.xz
nixlib-9e9b07490d5bab5d115c66b80bdb10ff0c11ed8d.tar.zst
nixlib-9e9b07490d5bab5d115c66b80bdb10ff0c11ed8d.zip
22 files changed, 216 insertions, 85 deletions
diff --git a/nixpkgs/pkgs/build-support/build-graalvm-native-image/default.nix b/nixpkgs/pkgs/build-support/build-graalvm-native-image/default.nix
index 6a5e82427f7b..e5fe1abe1d11 100644
--- a/nixpkgs/pkgs/build-support/build-graalvm-native-image/default.nix
+++ b/nixpkgs/pkgs/build-support/build-graalvm-native-image/default.nix
@@ -3,6 +3,7 @@
 , glibcLocales
   # The GraalVM derivation to use
 , graalvmDrv
+, removeReferencesTo
 , executable ? args.pname
   # JAR used as input for GraalVM derivation, defaults to src
 , jar ? args.src
@@ -11,6 +12,7 @@
   # except in special cases. In most cases, use extraNativeBuildArgs instead
 , nativeImageBuildArgs ? [
     (lib.optionalString stdenv.isDarwin "-H:-CheckToolchain")
+    (lib.optionalString (stdenv.isLinux && stdenv.isAarch64) "-H:PageSize=64K")
     "-H:Name=${executable}"
     "-march=compatibility"
     "--verbose"
@@ -37,12 +39,13 @@ let
     "buildPhase"
     "nativeBuildInputs"
     "installPhase"
+    "postInstall"
   ];
 in
 stdenv.mkDerivation ({
   inherit dontUnpack jar;
 
-  nativeBuildInputs = (args.nativeBuildInputs or [ ]) ++ [ graalvmDrv glibcLocales ];
+  nativeBuildInputs = (args.nativeBuildInputs or [ ]) ++ [ graalvmDrv glibcLocales removeReferencesTo ];
 
   nativeImageBuildArgs = nativeImageBuildArgs ++ extraNativeImageBuildArgs ++ [ graalvmXmx ];
 
@@ -62,6 +65,11 @@ stdenv.mkDerivation ({
     runHook postInstall
   '';
 
+  postInstall = ''
+    remove-references-to -t ${graalvmDrv} $out/bin/${executable}
+    ${args.postInstall or ""}
+  '';
+
   disallowedReferences = [ graalvmDrv ];
 
   passthru = { inherit graalvmDrv; };
diff --git a/nixpkgs/pkgs/build-support/emacs/wrapper.nix b/nixpkgs/pkgs/build-support/emacs/wrapper.nix
index 6c1383c53304..59a694286d09 100644
--- a/nixpkgs/pkgs/build-support/emacs/wrapper.nix
+++ b/nixpkgs/pkgs/build-support/emacs/wrapper.nix
@@ -36,8 +36,8 @@ in customEmacsPackages.withPackages (epkgs: [ epkgs.evil epkgs.magit ])
 self:
 let
   inherit (self) emacs;
-  withNativeCompilation = emacs.withNativeCompilation or emacs.nativeComp or false;
-  withTreeSitter = emacs.withTreeSitter or emacs.treeSitter or false;
+  withNativeCompilation = emacs.withNativeCompilation or false;
+  withTreeSitter = emacs.withTreeSitter or false;
 in
 packagesFun: # packages explicitly requested by the user
 let
diff --git a/nixpkgs/pkgs/build-support/fetchfossil/default.nix b/nixpkgs/pkgs/build-support/fetchfossil/default.nix
index 7866c403ec42..3f3bf69db047 100644
--- a/nixpkgs/pkgs/build-support/fetchfossil/default.nix
+++ b/nixpkgs/pkgs/build-support/fetchfossil/default.nix
@@ -1,7 +1,15 @@
 {stdenv, lib, fossil, cacert}:
 
-{name ? null, url, rev, sha256}:
+{ name ? null
+, url
+, rev
+, sha256 ? ""
+, hash ? ""
+}:
 
+if hash != "" && sha256 != "" then
+  throw "Only one of sha256 or hash can be set"
+else
 stdenv.mkDerivation {
   name = "fossil-archive" + (lib.optionalString (name != null) "-${name}");
   builder = ./builder.sh;
@@ -11,9 +19,14 @@ stdenv.mkDerivation {
   # https://www.fossil-scm.org/index.html/doc/trunk/www/env-opts.md
   impureEnvVars = [ "http_proxy" ];
 
-  outputHashAlgo = "sha256";
+  outputHashAlgo = if hash != "" then null else "sha256";
   outputHashMode = "recursive";
-  outputHash = sha256;
+  outputHash = if hash != "" then
+    hash
+  else if sha256 != "" then
+    sha256
+  else
+    lib.fakeSha256;
 
   inherit url rev;
   preferLocalBuild = true;
diff --git a/nixpkgs/pkgs/build-support/fetchgitlab/default.nix b/nixpkgs/pkgs/build-support/fetchgitlab/default.nix
index 146845e06a71..2ccb81335cc2 100644
--- a/nixpkgs/pkgs/build-support/fetchgitlab/default.nix
+++ b/nixpkgs/pkgs/build-support/fetchgitlab/default.nix
@@ -30,5 +30,5 @@ let
   }) // passthruAttrs // { inherit name; };
 in
 
-fetcher fetcherArgs // { meta.homepage = "${protocol}://${domain}/${slug}/"; inherit rev; }
+fetcher fetcherArgs // { meta.homepage = "${protocol}://${domain}/${slug}/"; inherit rev owner repo; }
 )
diff --git a/nixpkgs/pkgs/build-support/kernel/make-initrd-ng/Cargo.lock b/nixpkgs/pkgs/build-support/kernel/make-initrd-ng/Cargo.lock
index 8965b8793cca..c407d36d90f4 100644
--- a/nixpkgs/pkgs/build-support/kernel/make-initrd-ng/Cargo.lock
+++ b/nixpkgs/pkgs/build-support/kernel/make-initrd-ng/Cargo.lock
@@ -4,9 +4,9 @@ version = 3
 
 [[package]]
 name = "eyre"
-version = "0.6.8"
+version = "0.6.9"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "4c2b6b5a29c02cdc822728b7d7b8ae1bab3e3b05d44522770ddd49722eeac7eb"
+checksum = "80f656be11ddf91bd709454d15d5bd896fbaf4cc3314e69349e4d1569f5b46cd"
 dependencies = [
  "indenter",
  "once_cell",
@@ -95,9 +95,9 @@ dependencies = [
 
 [[package]]
 name = "syn"
-version = "2.0.38"
+version = "2.0.39"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e96b79aaa137db8f61e26363a0c9b47d8b4ec75da28b7d1d614c2303e232408b"
+checksum = "23e78b90f2fcf45d3e842032ce32e3f2d1545ba6636271dcbf24fa306d87be7a"
 dependencies = [
  "proc-macro2",
  "quote",
diff --git a/nixpkgs/pkgs/build-support/kernel/modules-closure.sh b/nixpkgs/pkgs/build-support/kernel/modules-closure.sh
index 74bc490eb15c..5f61bac751af 100644
--- a/nixpkgs/pkgs/build-support/kernel/modules-closure.sh
+++ b/nixpkgs/pkgs/build-support/kernel/modules-closure.sh
@@ -66,8 +66,8 @@ for module in $rootModules; do
     fi
 done
 
-mkdir -p $out/lib/firmware
-for module in $(cat closure); do
+cd "$firmware"
+for module in $(< ~-/closure); do
     # for builtin modules, modinfo will reply with a wrong output looking like:
     #   $ modinfo -F firmware unix
     #   name:           unix
@@ -78,16 +78,15 @@ for module in $(cat closure); do
     #
     # For now, the workaround is just to filter out the extraneous lines out
     # of its output.
-    for i in $(modinfo -b $kernel --set-version "$version" -F firmware $module | grep -v '^name:'); do
-        mkdir -p "$out/lib/firmware/$(dirname "$i")"
+    modinfo -b $kernel --set-version "$version" -F firmware $module | grep -v '^name:' | while read -r i; do
         echo "firmware for $module: $i"
         for name in "$i" "$i.xz" ""; do
             [ -z "$name" ] && echo "WARNING: missing firmware $i for module $module"
-            if cp "$firmware/lib/firmware/$name" "$out/lib/firmware/$name" 2>/dev/null; then
+            if cp -v --parents --no-preserve=mode lib/firmware/$name "$out" 2>/dev/null; then
                 break
             fi
         done
-    done
+    done || :
 done
 
 # copy module ordering hints for depmod
diff --git a/nixpkgs/pkgs/build-support/make-hardcode-gsettings-patch/default.nix b/nixpkgs/pkgs/build-support/make-hardcode-gsettings-patch/default.nix
index a1d2de21c4cb..820b003e3c6f 100644
--- a/nixpkgs/pkgs/build-support/make-hardcode-gsettings-patch/default.nix
+++ b/nixpkgs/pkgs/build-support/make-hardcode-gsettings-patch/default.nix
@@ -6,42 +6,61 @@
 }:
 
 /*
-  Can be used as part of an update script to automatically create a patch
-  hardcoding the path of all GSettings schemas in C code.
-  For example:
-  passthru = {
-    hardcodeGsettingsPatch = makeHardcodeGsettingsPatch {
-      inherit src;
-      schemaIdToVariableMapping = {
-         ...
+  Creates a patch that replaces every instantiation of GSettings in a C project
+  with a code that loads a GSettings schema from a hardcoded path.
+
+  This is useful so that libraries can find schemas even though Nix lacks
+  a standard location like /usr/share, where GSettings system could look for schemas.
+  The derivation is is somewhat dependency-heavy so it is best used as part of an update script.
+
+  For each schema id referenced in the source code (e.g. org.gnome.evolution),
+  a variable name such as `EVOLUTION` must be provided.
+  It will end up in the generated patch as `@EVOLUTION@` placeholder, which should be replaced at build time
+  with a path to the directory containing a `gschemas.compiled` file that includes the schema.
+
+
+  Arguments:
+  - `src`: source to generate the patch for.
+
+  - `schemaIdToVariableMapping`: attrset assigning schema ids to variable names.
+    All used schemas must be listed.
+
+    For example, `{ "org.gnome.evolution" = "EVOLUTION_SCHEMA_PATH"; }`
+    hardcodes looking for `org.gnome.evolution` into `@EVOLUTION_SCHEMA_PATH@`.
+
+  - `patches`: A list of patches to apply before generating the patch.
+
+  Example:
+    passthru = {
+      hardcodeGsettingsPatch = makeHardcodeGsettingsPatch {
+        inherit (finalAttrs) src;
+        schemaIdToVariableMapping = {
+           ...
+        };
       };
-    };
-
-    updateScript =
-      let
-        updateSource = ...;
-        updatePatch = _experimental-update-script-combinators.copyAttrOutputToFile "evolution-ews.hardcodeGsettingsPatch" ./hardcode-gsettings.patch;
-      in
-      _experimental-update-script-combinators.sequence [
-        updateSource
-        updatePatch
-      ];
-    };
-  }
-  takes as input a mapping from schema path to variable name.
-  For example `{ "org.gnome.evolution" = "EVOLUTION_SCHEMA_PATH"; }`
-  hardcodes looking for `org.gnome.evolution` into `@EVOLUTION_SCHEMA_PATH@`.
-  All schemas must be listed.
+
+      updateScript =
+        let
+          updateSource = ...;
+          updatePatch = _experimental-update-script-combinators.copyAttrOutputToFile "evolution-ews.hardcodeGsettingsPatch" ./hardcode-gsettings.patch;
+        in
+        _experimental-update-script-combinators.sequence [
+          updateSource
+          updatePatch
+        ];
+      };
+    }
 */
 {
   src,
+  patches ? [ ],
   schemaIdToVariableMapping,
 }:
 
 runCommand
   "hardcode-gsettings.patch"
   {
-    inherit src;
+    inherit src patches;
     nativeBuildInputs = [
       git
       coccinelle
@@ -51,6 +70,7 @@ runCommand
   ''
     unpackPhase
     cd "''${sourceRoot:-.}"
+    patchPhase
     set -x
     cp ${builtins.toFile "glib-schema-to-var.json" (builtins.toJSON schemaIdToVariableMapping)} ./glib-schema-to-var.json
     git init
diff --git a/nixpkgs/pkgs/build-support/make-hardcode-gsettings-patch/hardcode-gsettings.cocci b/nixpkgs/pkgs/build-support/make-hardcode-gsettings-patch/hardcode-gsettings.cocci
index a265f5fac384..e916d74fd1f5 100644
--- a/nixpkgs/pkgs/build-support/make-hardcode-gsettings-patch/hardcode-gsettings.cocci
+++ b/nixpkgs/pkgs/build-support/make-hardcode-gsettings-patch/hardcode-gsettings.cocci
@@ -1,11 +1,14 @@
 /**
- * Since Nix does not have a standard location like /usr/share,
- * where GSettings system could look for schemas, we need to point the software to a correct location somehow.
+ * Since Nix does not have a standard location like /usr/share where GSettings system
+ * could look for schemas, we need to point the software to a correct location somehow.
  * For executables, we handle this using wrappers but this is not an option for libraries like e-d-s.
- * Instead, we hardcode the schema path when creating the settings.
- * A schema path (ie org.gnome.evolution) can be replaced by @EVOLUTION_SCHEMA_ID@
- * which is then replaced at build time by substituteAll.
- * The mapping is provided in a json file ./glib-schema-to-var.json
+ * Instead, we patch the source code to look for the schema in a schema source
+ * through a hardcoded path to the schema.
+ *
+ * For each schema id referenced in the source code (e.g. org.gnome.evolution),
+ * a variable name such as `EVOLUTION` must be provided in the ./glib-schema-to-var.json JSON file.
+ * It will end up in the resulting patch as `@EVOLUTION@` placeholder, which should be replaced at build time
+ * with a path to the directory containing a `gschemas.compiled` file that includes the schema.
  */
 
 @initialize:python@
diff --git a/nixpkgs/pkgs/build-support/node/build-npm-package/default.nix b/nixpkgs/pkgs/build-support/node/build-npm-package/default.nix
index eecea8b76758..42c6a9c065b2 100644
--- a/nixpkgs/pkgs/build-support/node/build-npm-package/default.nix
+++ b/nixpkgs/pkgs/build-support/node/build-npm-package/default.nix
@@ -21,6 +21,9 @@
   # Whether to force the usage of Git dependencies that have install scripts, but not a lockfile.
   # Use with care.
 , forceGitDeps ? false
+  # Whether to force allow an empty dependency cache.
+  # This can be enabled if there are truly no remote dependencies, but generally an empty cache indicates something is wrong.
+, forceEmptyCache ? false
   # Whether to make the cache writable prior to installing dependencies.
   # Don't set this unless npm tries to write to the cache directory, as it can slow down the build.
 , makeCacheWritable ? false
@@ -42,7 +45,7 @@
 , npmWorkspace ? null
 , nodejs ? topLevelArgs.nodejs
 , npmDeps ?  fetchNpmDeps {
-  inherit forceGitDeps src srcs sourceRoot prePatch patches postPatch;
+  inherit forceGitDeps forceEmptyCache src srcs sourceRoot prePatch patches postPatch;
   name = "${name}-npm-deps";
   hash = npmDepsHash;
 }
diff --git a/nixpkgs/pkgs/build-support/node/fetch-npm-deps/default.nix b/nixpkgs/pkgs/build-support/node/fetch-npm-deps/default.nix
index 67a4c337c0d2..cfa3366491f2 100644
--- a/nixpkgs/pkgs/build-support/node/fetch-npm-deps/default.nix
+++ b/nixpkgs/pkgs/build-support/node/fetch-npm-deps/default.nix
@@ -36,8 +36,8 @@
           '';
         };
 
-        makeTest = { name, src, hash, forceGitDeps ? false }: testers.invalidateFetcherByDrvHash fetchNpmDeps {
-          inherit name hash forceGitDeps;
+        makeTest = { name, src, hash, forceGitDeps ? false, forceEmptyCache ? false }: testers.invalidateFetcherByDrvHash fetchNpmDeps {
+          inherit name hash forceGitDeps forceEmptyCache;
 
           src = makeTestSrc { inherit name src; };
         };
@@ -98,6 +98,20 @@
           hash = "sha256-VzQhArHoznYSXUT7l9HkJV4yoSOmoP8eYTLel1QwmB4=";
         };
 
+        # This package has no resolved deps whatsoever, which will not actually work but does test the forceEmptyCache option.
+        emptyCache = makeTest {
+          name = "empty-cache";
+
+          src = fetchurl {
+            url = "https://raw.githubusercontent.com/bufbuild/protobuf-es/v1.2.1/package-lock.json";
+            hash = "sha256-UdBUEb4YRHsbvyjymIyjemJEiaI9KQRirqt+SFSK0wA=";
+          };
+
+          hash = "sha256-Cdv40lQjRszzJtJydZt25uYfcJVeJGwH54A+agdH9wI=";
+
+          forceEmptyCache = true;
+        };
+
         # This package contains both hosted Git shorthand, and a bundled dependency that happens to override an existing one.
         etherpadLite1818 = makeTest {
           name = "etherpad-lite-1.8.18";
@@ -124,6 +138,7 @@
     { name ? "npm-deps"
     , hash ? ""
     , forceGitDeps ? false
+    , forceEmptyCache ? false
     , ...
     } @ args:
     let
@@ -136,6 +151,7 @@
         };
 
       forceGitDeps_ = lib.optionalAttrs forceGitDeps { FORCE_GIT_DEPS = true; };
+      forceEmptyCache_ = lib.optionalAttrs forceEmptyCache { FORCE_EMPTY_CACHE = true; };
     in
     stdenvNoCC.mkDerivation (args // {
       inherit name;
@@ -174,5 +190,5 @@
         else "/no-cert-file.crt";
 
       outputHashMode = "recursive";
-    } // hash_ // forceGitDeps_);
+    } // hash_ // forceGitDeps_ // forceEmptyCache_);
 }
diff --git a/nixpkgs/pkgs/build-support/node/fetch-npm-deps/src/cacache.rs b/nixpkgs/pkgs/build-support/node/fetch-npm-deps/src/cacache.rs
index b7efedac59bd..75133b1b03ea 100644
--- a/nixpkgs/pkgs/build-support/node/fetch-npm-deps/src/cacache.rs
+++ b/nixpkgs/pkgs/build-support/node/fetch-npm-deps/src/cacache.rs
@@ -43,6 +43,13 @@ impl Cache {
         Cache(path)
     }
 
+    pub fn init(&self) -> anyhow::Result<()> {
+        fs::create_dir_all(self.0.join("content-v2"))?;
+        fs::create_dir_all(self.0.join("index-v5"))?;
+
+        Ok(())
+    }
+
     pub fn put(
         &self,
         key: String,
diff --git a/nixpkgs/pkgs/build-support/node/fetch-npm-deps/src/main.rs b/nixpkgs/pkgs/build-support/node/fetch-npm-deps/src/main.rs
index 9d86bd8091a7..2b28e290ad51 100644
--- a/nixpkgs/pkgs/build-support/node/fetch-npm-deps/src/main.rs
+++ b/nixpkgs/pkgs/build-support/node/fetch-npm-deps/src/main.rs
@@ -234,9 +234,14 @@ fn main() -> anyhow::Result<()> {
         (out_tempdir.path(), true)
     };
 
-    let packages = parse::lockfile(&lock_content, env::var("FORCE_GIT_DEPS").is_ok())?;
+    let packages = parse::lockfile(
+        &lock_content,
+        env::var("FORCE_GIT_DEPS").is_ok(),
+        env::var("FORCE_EMPTY_CACHE").is_ok(),
+    )?;
 
     let cache = Cache::new(out.join("_cacache"));
+    cache.init()?;
 
     packages.into_par_iter().try_for_each(|package| {
         eprintln!("{}", package.name);
diff --git a/nixpkgs/pkgs/build-support/node/fetch-npm-deps/src/parse/mod.rs b/nixpkgs/pkgs/build-support/node/fetch-npm-deps/src/parse/mod.rs
index 86e9120de02f..880a972e80e9 100644
--- a/nixpkgs/pkgs/build-support/node/fetch-npm-deps/src/parse/mod.rs
+++ b/nixpkgs/pkgs/build-support/node/fetch-npm-deps/src/parse/mod.rs
@@ -14,7 +14,11 @@ use crate::util;
 
 pub mod lock;
 
-pub fn lockfile(content: &str, force_git_deps: bool) -> anyhow::Result<Vec<Package>> {
+pub fn lockfile(
+    content: &str,
+    force_git_deps: bool,
+    force_empty_cache: bool,
+) -> anyhow::Result<Vec<Package>> {
     let mut packages = lock::packages(content)
         .context("failed to extract packages from lockfile")?
         .into_par_iter()
@@ -25,6 +29,10 @@ pub fn lockfile(content: &str, force_git_deps: bool) -> anyhow::Result<Vec<Packa
         })
         .collect::<anyhow::Result<Vec<_>>>()?;
 
+    if packages.is_empty() && !force_empty_cache {
+        bail!("No cacheable dependencies were found. Please inspect the upstream `package-lock.json` file and ensure that remote dependencies have `resolved` URLs and `integrity` hashes. If the lockfile is missing this data, attempt to get upstream to fix it via a tool like <https://github.com/jeslie0/npm-lockfile-fix>. If generating an empty cache is intentional and you would like to do it anyways, set `forceEmptyCache = true`.");
+    }
+
     let mut new = Vec::new();
 
     for pkg in packages
@@ -64,7 +72,13 @@ pub fn lockfile(content: &str, force_git_deps: bool) -> anyhow::Result<Vec<Packa
         }
 
         if let Ok(lockfile_contents) = lockfile_contents {
-            new.append(&mut lockfile(&lockfile_contents, force_git_deps)?);
+            new.append(&mut lockfile(
+                &lockfile_contents,
+                force_git_deps,
+                // force_empty_cache is turned on here since recursively parsed lockfiles should be
+                // allowed to have an empty cache without erroring by default
+                true,
+            )?);
         }
     }
 
diff --git a/nixpkgs/pkgs/build-support/node/fetch-yarn-deps/default.nix b/nixpkgs/pkgs/build-support/node/fetch-yarn-deps/default.nix
index 49c2f6cbfc98..e837f7457d17 100644
--- a/nixpkgs/pkgs/build-support/node/fetch-yarn-deps/default.nix
+++ b/nixpkgs/pkgs/build-support/node/fetch-yarn-deps/default.nix
@@ -62,8 +62,9 @@ in {
       dontUnpack = src == null;
       dontInstall = true;
 
-      nativeBuildInputs = [ prefetch-yarn-deps ];
+      nativeBuildInputs = [ prefetch-yarn-deps cacert ];
       GIT_SSL_CAINFO = "${cacert}/etc/ssl/certs/ca-bundle.crt";
+      NODE_EXTRA_CA_CERTS = "${cacert}/etc/ssl/certs/ca-bundle.crt";
 
       buildPhase = ''
         runHook preBuild
diff --git a/nixpkgs/pkgs/build-support/node/fetch-yarn-deps/index.js b/nixpkgs/pkgs/build-support/node/fetch-yarn-deps/index.js
index de2a09ee9041..e60fdeb54330 100755
--- a/nixpkgs/pkgs/build-support/node/fetch-yarn-deps/index.js
+++ b/nixpkgs/pkgs/build-support/node/fetch-yarn-deps/index.js
@@ -88,10 +88,17 @@ const isGitUrl = pattern => {
 }
 
 const downloadPkg = (pkg, verbose) => {
-	const [ name, spec ] = pkg.key.split('@', 2);
-	if (spec.startsWith('file:')) {
-		console.info(`ignoring relative file:path dependency "${spec}"`)
+	const fileMarker = '@file:'
+	const split = pkg.key.split(fileMarker)
+	if (split.length == 2) {
+		console.info(`ignoring lockfile entry "${split[0]}" which points at path "${split[1]}"`)
 		return
+	} else if (split.length > 2) {
+		throw new Error(`The lockfile entry key "${pkg.key}" contains "${fileMarker}" more than once. Processing is not implemented.`)
+	}
+
+	if (pkg.resolved === undefined) {
+		throw new Error(`The lockfile entry with key "${pkg.key}" cannot be downloaded because it is missing the "resolved" attribute, which should contain the URL to download from. The lockfile might be invalid.`)
 	}
 
 	const [ url, hash ] = pkg.resolved.split('#')
@@ -133,19 +140,10 @@ const performParallel = tasks => {
 
 const prefetchYarnDeps = async (lockContents, verbose) => {
 	const lockData = lockfile.parse(lockContents)
-	const tasks = Object.values(
+	await performParallel(
 		Object.entries(lockData.object)
-		.map(([key, value]) => {
-			return { key, ...value }
-		})
-		.reduce((out, pkg) => {
-			out[pkg.resolved] = pkg
-			return out
-		}, {})
+		.map(([key, value]) => () => downloadPkg({ key, ...value }, verbose))
 	)
-		.map(pkg => () => downloadPkg(pkg, verbose))
-
-	await performParallel(tasks)
 	await fs.promises.writeFile('yarn.lock', lockContents)
 	if (verbose) console.log('Done')
 }
diff --git a/nixpkgs/pkgs/build-support/node/fetch-yarn-deps/tests/default.nix b/nixpkgs/pkgs/build-support/node/fetch-yarn-deps/tests/default.nix
index 8ffe103a9548..8057d05ba72c 100644
--- a/nixpkgs/pkgs/build-support/node/fetch-yarn-deps/tests/default.nix
+++ b/nixpkgs/pkgs/build-support/node/fetch-yarn-deps/tests/default.nix
@@ -1,6 +1,10 @@
 { testers, fetchYarnDeps, ... }:
 
 {
+  file = testers.invalidateFetcherByDrvHash fetchYarnDeps {
+    yarnLock = ./file.lock;
+    sha256 = "sha256-BPuyQVCbdpFL/iRhmarwWAmWO2NodlVCOY9JU+4pfa4=";
+  };
   simple = testers.invalidateFetcherByDrvHash fetchYarnDeps {
     yarnLock = ./simple.lock;
     sha256 = "sha256-FRrt8BixleILmFB2ZV8RgPNLqgS+dlH5nWoPgeaaNQ8=";
diff --git a/nixpkgs/pkgs/build-support/node/fetch-yarn-deps/tests/file.lock b/nixpkgs/pkgs/build-support/node/fetch-yarn-deps/tests/file.lock
new file mode 100644
index 000000000000..4881d83a7de9
--- /dev/null
+++ b/nixpkgs/pkgs/build-support/node/fetch-yarn-deps/tests/file.lock
@@ -0,0 +1,9 @@
+# THIS IS AN AUTOGENERATED FILE. DO NOT EDIT THIS FILE DIRECTLY.
+# yarn lockfile v1
+
+
+"@org/somepack@file:vendor/orgpacks/somepack/assets":
+  version "1.0.0"
+
+"otherpack@file:vendor/otherpack":
+  version "1.0.0"
diff --git a/nixpkgs/pkgs/build-support/prefer-remote-fetch/default.nix b/nixpkgs/pkgs/build-support/prefer-remote-fetch/default.nix
index a1f2d0c56cff..3257e7000fe3 100644
--- a/nixpkgs/pkgs/build-support/prefer-remote-fetch/default.nix
+++ b/nixpkgs/pkgs/build-support/prefer-remote-fetch/default.nix
@@ -11,9 +11,16 @@
 # $ echo 'self: super: super.prefer-remote-fetch self super' > ~/.config/nixpkgs/overlays/prefer-remote-fetch.nix
 #
 self: super: {
-  fetchurl = args: super.fetchurl ({ preferLocalBuild = false; } // args);
+  binary-cache = args: super.binary-cache ({ preferLocalBuild = false; } // args);
+  buildenv = args: super.buildenv ({ preferLocalBuild = false; } // args);
+  fetchfossil = args: super.fetchfossil ({ preferLocalBuild = false; } // args);
+  fetchdocker = args: super.fetchdocker ({ preferLocalBuild = false; } // args);
   fetchgit = args: super.fetchgit ({ preferLocalBuild = false; } // args);
+  fetchgx = args: super.fetchgx ({ preferLocalBuild = false; } // args);
   fetchhg = args: super.fetchhg ({ preferLocalBuild = false; } // args);
-  fetchsvn = args: super.fetchsvn ({ preferLocalBuild = false; } // args);
   fetchipfs = args: super.fetchipfs ({ preferLocalBuild = false; } // args);
+  fetchrepoproject = args: super.fetchrepoproject ({ preferLocalBuild = false; } // args);
+  fetchs3 = args: super.fetchs3 ({ preferLocalBuild = false; } // args);
+  fetchsvn = args: super.fetchsvn ({ preferLocalBuild = false; } // args);
+  fetchurl = args: super.fetchurl ({ preferLocalBuild = false; } // args);
 }
diff --git a/nixpkgs/pkgs/build-support/release/default.nix b/nixpkgs/pkgs/build-support/release/default.nix
index d09f6c8568be..1cc6a5812f1f 100644
--- a/nixpkgs/pkgs/build-support/release/default.nix
+++ b/nixpkgs/pkgs/build-support/release/default.nix
@@ -88,7 +88,8 @@ rec {
       preferLocalBuild = true;
       _hydraAggregate = true;
 
-      phases = [ "unpackPhase" "patchPhase" "installPhase" ];
+      dontConfigure = true;
+      dontBuild = true;
 
       patchPhase = lib.optionalString isNixOS ''
         touch .update-on-nixos-rebuild
diff --git a/nixpkgs/pkgs/build-support/replace-secret/replace-secret.nix b/nixpkgs/pkgs/build-support/replace-secret/replace-secret.nix
index 4881ba25f5d2..41f5cb042558 100644
--- a/nixpkgs/pkgs/build-support/replace-secret/replace-secret.nix
+++ b/nixpkgs/pkgs/build-support/replace-secret/replace-secret.nix
@@ -32,5 +32,6 @@ stdenv.mkDerivation {
       Since the secret is read from a file, it won't be leaked through
       '/proc/<pid>/cmdline', unlike when 'sed' or 'replace' is used.
     '';
+    mainProgram = "replace-secret";
   };
 }
diff --git a/nixpkgs/pkgs/build-support/singularity-tools/default.nix b/nixpkgs/pkgs/build-support/singularity-tools/default.nix
index 9689e4124590..8d7ad9e742a1 100644
--- a/nixpkgs/pkgs/build-support/singularity-tools/default.nix
+++ b/nixpkgs/pkgs/build-support/singularity-tools/default.nix
@@ -111,7 +111,7 @@ rec {
             touch .${projectName}.d/env/94-appsbase.sh
 
             cd ..
-            mkdir -p /var/lib/${projectName}/mnt/{container,final,overlay,session,source}
+            mkdir -p /var/lib/${projectName}/mnt/session
             echo "root:x:0:0:System administrator:/root:/bin/sh" > /etc/passwd
             echo > /etc/resolv.conf
             TMPDIR=$(pwd -P) ${projectName} build $out ./img
diff --git a/nixpkgs/pkgs/build-support/vm/default.nix b/nixpkgs/pkgs/build-support/vm/default.nix
index 4ec5531192dc..1184d43ccb2c 100644
--- a/nixpkgs/pkgs/build-support/vm/default.nix
+++ b/nixpkgs/pkgs/build-support/vm/default.nix
@@ -1034,24 +1034,46 @@ rec {
     };
 
     debian11i386 = {
-      name = "debian-11.6-bullseye-i386";
-      fullName = "Debian 11.6 Bullseye (i386)";
+      name = "debian-11.8-bullseye-i386";
+      fullName = "Debian 11.8 Bullseye (i386)";
       packagesList = fetchurl {
-        url = "https://snapshot.debian.org/archive/debian/20230131T034648Z/dists/bullseye/main/binary-i386/Packages.xz";
-        hash = "sha256-z9eG7RlvelEnZAaeCfIO+XxTZVL3d+zTA7ShU43l/pw=";
+        url = "https://snapshot.debian.org/archive/debian/20231124T031419Z/dists/bullseye/main/binary-i386/Packages.xz";
+        hash = "sha256-0bKSLLPhEC7FB5D1NA2jaQP0wTe/Qp1ddiA/NDVjRaI=";
       };
-      urlPrefix = "https://snapshot.debian.org/archive/debian/20230131T034648Z";
+      urlPrefix = "https://snapshot.debian.org/archive/debian/20231124T031419Z";
       packages = commonDebianPackages;
     };
 
     debian11x86_64 = {
-      name = "debian-11.6-bullseye-amd64";
-      fullName = "Debian 11.6 Bullseye (amd64)";
+      name = "debian-11.8-bullseye-amd64";
+      fullName = "Debian 11.8 Bullseye (amd64)";
       packagesList = fetchurl {
-        url = "https://snapshot.debian.org/archive/debian/20230131T034648Z/dists/bullseye/main/binary-amd64/Packages.xz";
-        hash = "sha256-mz0eCWdn6uWt40OxsSPheHzEnMeLE52yR/vpb48/VF0=";
+        url = "https://snapshot.debian.org/archive/debian/20231124T031419Z/dists/bullseye/main/binary-amd64/Packages.xz";
+        hash = "sha256-CYPsGgQgJZkh3JmbcAQkYDWP193qrkOADOgrMETZIeo=";
       };
-      urlPrefix = "https://snapshot.debian.org/archive/debian/20230131T034648Z";
+      urlPrefix = "https://snapshot.debian.org/archive/debian/20231124T031419Z";
+      packages = commonDebianPackages;
+    };
+
+    debian12i386 = {
+      name = "debian-12.2-bookworm-i386";
+      fullName = "Debian 12.2 Bookworm (i386)";
+      packagesList = fetchurl {
+        url = "https://snapshot.debian.org/archive/debian/20231124T031419Z/dists/bookworm/main/binary-i386/Packages.xz";
+        hash = "sha256-OeN9Q2HFM3GsPNhOa4VhM7qpwT66yUNwC+6Z8SbGEeQ=";
+      };
+      urlPrefix = "https://snapshot.debian.org/archive/debian/20231124T031419Z";
+      packages = commonDebianPackages;
+    };
+
+    debian12x86_64 = {
+      name = "debian-12.2-bookworm-amd64";
+      fullName = "Debian 12.2 Bookworm (amd64)";
+      packagesList = fetchurl {
+        url = "https://snapshot.debian.org/archive/debian/20231124T031419Z/dists/bookworm/main/binary-amd64/Packages.xz";
+        hash = "sha256-SZDElRfe9BlBwDlajQB79Qdn08rv8whYoQDeVCveKVs=";
+      };
+      urlPrefix = "https://snapshot.debian.org/archive/debian/20231124T031419Z";
       packages = commonDebianPackages;
     };
   };
author	Alyssa Ross <hi@alyssa.is>	2023-12-01 19:00:09 +0100
committer	Alyssa Ross <hi@alyssa.is>	2023-12-01 19:00:09 +0100
commit	9e9b07490d5bab5d115c66b80bdb10ff0c11ed8d (patch)
tree	4368f9e4cb2d5b93a956c085337e45cb70f1e331 /nixpkgs/pkgs/build-support
parent	a9cbfb6941b47d6f50129e6e36927882392daed7 (diff)
parent	2344fe1da14cb08b0c18743b207995f9b8597915 (diff)
download	nixlib-9e9b07490d5bab5d115c66b80bdb10ff0c11ed8d.tar nixlib-9e9b07490d5bab5d115c66b80bdb10ff0c11ed8d.tar.gz nixlib-9e9b07490d5bab5d115c66b80bdb10ff0c11ed8d.tar.bz2 nixlib-9e9b07490d5bab5d115c66b80bdb10ff0c11ed8d.tar.lz nixlib-9e9b07490d5bab5d115c66b80bdb10ff0c11ed8d.tar.xz nixlib-9e9b07490d5bab5d115c66b80bdb10ff0c11ed8d.tar.zst nixlib-9e9b07490d5bab5d115c66b80bdb10ff0c11ed8d.zip