diff options
author | Alyssa Ross <hi@alyssa.is> | 2023-06-16 06:56:35 +0000 |
---|---|---|
committer | Alyssa Ross <hi@alyssa.is> | 2023-06-16 06:56:35 +0000 |
commit | 99fcaeccb89621dd492203ce1f2d551c06f228ed (patch) | |
tree | 41cb730ae07383004789779b0f6e11cb3f4642a3 /nixpkgs/pkgs/development/misc | |
parent | 59c5f5ac8682acc13bb22bc29c7cf02f7d75f01f (diff) | |
parent | 75a5ebf473cd60148ba9aec0d219f72e5cf52519 (diff) | |
download | nixlib-99fcaeccb89621dd492203ce1f2d551c06f228ed.tar nixlib-99fcaeccb89621dd492203ce1f2d551c06f228ed.tar.gz nixlib-99fcaeccb89621dd492203ce1f2d551c06f228ed.tar.bz2 nixlib-99fcaeccb89621dd492203ce1f2d551c06f228ed.tar.lz nixlib-99fcaeccb89621dd492203ce1f2d551c06f228ed.tar.xz nixlib-99fcaeccb89621dd492203ce1f2d551c06f228ed.tar.zst nixlib-99fcaeccb89621dd492203ce1f2d551c06f228ed.zip |
Merge branch 'nixos-unstable' of https://github.com/NixOS/nixpkgs
Conflicts: nixpkgs/nixos/modules/config/console.nix nixpkgs/nixos/modules/services/mail/mailman.nix nixpkgs/nixos/modules/services/mail/public-inbox.nix nixpkgs/nixos/modules/services/mail/rss2email.nix nixpkgs/nixos/modules/services/networking/ssh/sshd.nix nixpkgs/pkgs/applications/networking/instant-messengers/dino/default.nix nixpkgs/pkgs/applications/networking/irc/weechat/default.nix nixpkgs/pkgs/applications/window-managers/sway/default.nix nixpkgs/pkgs/build-support/go/module.nix nixpkgs/pkgs/build-support/rust/build-rust-package/default.nix nixpkgs/pkgs/development/interpreters/python/default.nix nixpkgs/pkgs/development/node-packages/overrides.nix nixpkgs/pkgs/development/tools/b4/default.nix nixpkgs/pkgs/servers/dict/dictd-db.nix nixpkgs/pkgs/servers/mail/public-inbox/default.nix nixpkgs/pkgs/tools/security/pinentry/default.nix nixpkgs/pkgs/tools/text/unoconv/default.nix nixpkgs/pkgs/top-level/all-packages.nix
Diffstat (limited to 'nixpkgs/pkgs/development/misc')
24 files changed, 433 insertions, 140 deletions
diff --git a/nixpkgs/pkgs/development/misc/avr/libc/default.nix b/nixpkgs/pkgs/development/misc/avr/libc/default.nix index b1d8eb4332e8..ac9da31fcc0f 100644 --- a/nixpkgs/pkgs/development/misc/avr/libc/default.nix +++ b/nixpkgs/pkgs/development/misc/avr/libc/default.nix @@ -2,11 +2,11 @@ stdenv.mkDerivation rec { pname = "avr-libc"; - version = "2.0.0"; + version = "2.1.0"; src = fetchurl { - url = "https://download.savannah.gnu.org/releases/avr-libc/avr-libc-2.0.0.tar.bz2"; - sha256 = "15svr2fx8j6prql2il2fc0ppwlv50rpmyckaxx38d3gxxv97zpdj"; + url = "https://download.savannah.gnu.org/releases/avr-libc/avr-libc-${version}.tar.bz2"; + sha256 = "1s2lnqsbr1zs7dvsbyyckay52lm8mbjjaqf3cyx5qpcbq3jwx10b"; }; nativeBuildInputs = [ automake autoconf ]; @@ -21,9 +21,9 @@ stdenv.mkDerivation rec { meta = with lib; { description = "a C runtime library for AVR microcontrollers"; - homepage = "https://savannah.nongnu.org/projects/avr-libc/"; + homepage = "https://github.com/avrdudes/avr-libc"; license = licenses.bsd3; platforms = [ "avr-none" ]; - maintainers = with maintainers; [ mguentner ]; + maintainers = with maintainers; [ mguentner emilytrau ]; }; } diff --git a/nixpkgs/pkgs/development/misc/brev-cli/default.nix b/nixpkgs/pkgs/development/misc/brev-cli/default.nix new file mode 100644 index 000000000000..35583d835979 --- /dev/null +++ b/nixpkgs/pkgs/development/misc/brev-cli/default.nix @@ -0,0 +1,38 @@ +{ lib +, buildGoModule +, fetchFromGitHub +}: + +buildGoModule rec { + pname = "brev-cli"; + version = "0.6.229"; + + src = fetchFromGitHub { + owner = "brevdev"; + repo = pname; + rev = "v${version}"; + sha256 = "sha256-DZ1WLuGoMndnLuvvoOQTkSG0v5Vd5z0zDAs5YLymT18="; + }; + + vendorHash = "sha256-IR/tgqh8rS4uN5jSOcopCutbHCKHSU9icUfRhOgu4t8="; + + CGO_ENABLED = 0; + subPackages = [ "." ]; + + ldflags = [ + "-s" + "-w" + "-X github.com/brevdev/brev-cli/pkg/cmd/version.Version=${src.rev}" + ]; + + postInstall = '' + mv $out/bin/brev-cli $out/bin/brev + ''; + + meta = with lib; { + description = "Connect your laptop to cloud computers"; + homepage = "https://github.com/brevdev/brev-cli"; + license = licenses.mit; + maintainers = with maintainers; [ dit7ya ]; + }; +} diff --git a/nixpkgs/pkgs/development/misc/cppreference-doc/default.nix b/nixpkgs/pkgs/development/misc/cppreference-doc/default.nix new file mode 100644 index 000000000000..9361f10e60c8 --- /dev/null +++ b/nixpkgs/pkgs/development/misc/cppreference-doc/default.nix @@ -0,0 +1,32 @@ +{ lib, stdenvNoCC, fetchurl }: + +stdenvNoCC.mkDerivation rec { + pname = "cppreference-doc"; + version = "20220730"; + + src = fetchurl { + url = "https://github.com/PeterFeicht/${pname}/releases/download/v${version}/html-book-${version}.tar.xz"; + hash = "sha256-cfFQA8FouNxaAMuvGbZICps+h6t+Riqjnttj11EcAos="; + }; + + sourceRoot = "."; + + installPhase = '' + runHook preInstall + + mkdir -p $out/share/cppreference/doc + mv reference $out/share/cppreference/doc/html + + runHook postInstall + ''; + + passthru = { inherit pname version; }; + + meta = with lib; { + description = "C++ standard library reference"; + homepage = "https://en.cppreference.com"; + license = licenses.cc-by-sa-30; + maintainers = with maintainers; [ panicgh ]; + platforms = platforms.all; + }; +} diff --git a/nixpkgs/pkgs/development/misc/datafusion/default.nix b/nixpkgs/pkgs/development/misc/datafusion/default.nix index a2e90dab6125..ee8c053be6b6 100644 --- a/nixpkgs/pkgs/development/misc/datafusion/default.nix +++ b/nixpkgs/pkgs/development/misc/datafusion/default.nix @@ -1,35 +1,42 @@ -{ stdenv -, lib +{ lib , rustPlatform , fetchFromGitHub +, stdenv +, darwin }: -let + +rustPlatform.buildRustPackage rec { pname = "datafusion-cli"; - version = "unstable-2022-04-08"; -in -rustPlatform.buildRustPackage { - inherit pname version; + version = "22.0.0"; - # TODO the crate has been yanked so not the best source - # the repo is a workspace with a lock inside a subdirectory, making - # compilation from github source not straightforward - # re-evaluate strategy on release after 7.0.0 src = fetchFromGitHub { + name = "datafusion-cli-source"; owner = "apache"; repo = "arrow-datafusion"; - rev = "9cbde6d0e30fd29f59b0a16e309bdb0843cc7c64"; - sha256 = "sha256-XXd9jvWVivOBRS0PVOU9F4RQ6MrS/q78JF4S6Htd67w="; + rev = version; + sha256 = "sha256-TWvbtuLmAdYS8otD2TpVlZx2FJS6DF03U2zM28FNsfc="; }; - sourceRoot = "source/datafusion-cli"; - cargoSha256 = "sha256-Q0SjVofl1+sex15sSU9s7PgKeHG2b0gJPSqz7YZFOVs="; + sourceRoot = "datafusion-cli-source/datafusion-cli"; + + cargoSha256 = "sha256-muWWVJDKm4rbpCK0SS7Zj6umFoMKGMScEAd2ZyZ5An8="; + + buildInputs = lib.optionals stdenv.isDarwin [ + darwin.apple_sdk.frameworks.Security + ]; + + checkFlags = [ + # fails even outside the Nix sandbox + "--skip=object_storage::tests::s3_region_validation" + # broken + "--skip=exec::tests::create_object_store_table_gcs" + ]; meta = with lib; { - broken = stdenv.isDarwin; description = "cli for Apache Arrow DataFusion"; homepage = "https://arrow.apache.org/datafusion"; + changelog = "https://github.com/apache/arrow-datafusion/blob/${version}/datafusion/CHANGELOG.md"; license = licenses.asl20; maintainers = with maintainers; [ happysalada ]; - platforms = platforms.unix; }; } diff --git a/nixpkgs/pkgs/development/misc/h3/default.nix b/nixpkgs/pkgs/development/misc/h3/default.nix index 99b7f8fdc325..13c8f8d0424e 100644 --- a/nixpkgs/pkgs/development/misc/h3/default.nix +++ b/nixpkgs/pkgs/development/misc/h3/default.nix @@ -2,32 +2,52 @@ , stdenv , cmake , fetchFromGitHub +, static ? stdenv.hostPlatform.isStatic }: -stdenv.mkDerivation rec { - pname = "h3"; - version = "3.7.2"; +let + generic = { version, hash }: + stdenv.mkDerivation rec { + inherit version; + pname = "h3"; - src = fetchFromGitHub { - owner = "uber"; - repo = "h3"; - rev = "v${version}"; - sha256 = "sha256-MvWqQraTnab6EuDx4V0v8EvrFWHT95f2EHTL2p2kei8="; - }; + src = fetchFromGitHub { + owner = "uber"; + repo = "h3"; + rev = "v${version}"; + inherit hash; + }; + + nativeBuildInputs = [ cmake ]; - nativeBuildInputs = [ cmake ]; + cmakeFlags = [ + "-DBUILD_SHARED_LIBS=${if static then "OFF" else "ON"}" + "-DBUILD_BENCHMARKS=OFF" + "-DBUILD_FUZZERS=OFF" + "-DBUILD_GENERATORS=OFF" + "-DENABLE_COVERAGE=OFF" + "-DENABLE_FORMAT=OFF" + "-DENABLE_LINTING=OFF" + ]; - cmakeFlags = [ - "-DBUILD_SHARED_LIBS=ON" - "-DENABLE_LINTING=OFF" - ]; + meta = with lib; { + homepage = "https://h3geo.org/"; + description = "Hexagonal hierarchical geospatial indexing system"; + license = licenses.asl20; + changelog = "https://github.com/uber/h3/raw/v${version}/CHANGELOG.md"; + platforms = platforms.all; + maintainers = with maintainers; [ kalbasit marsam ]; + }; + }; +in +{ + h3_3 = generic { + version = "3.7.2"; + hash = "sha256-MvWqQraTnab6EuDx4V0v8EvrFWHT95f2EHTL2p2kei8="; + }; - meta = with lib; { - homepage = "https://h3geo.org/"; - description = "Hexagonal hierarchical geospatial indexing system"; - license = licenses.asl20; - changelog = "https://github.com/uber/h3/raw/v${version}/CHANGELOG.md"; - platforms = platforms.all; - maintainers = [ maintainers.kalbasit ]; + h3_4 = generic { + version = "4.1.0"; + hash = "sha256-7qyN73T8XDwZLgMZld7wwShUwoLEi/2gN2oiZX8n5nQ="; }; } diff --git a/nixpkgs/pkgs/development/misc/haskell/hasura/kriti-lang.nix b/nixpkgs/pkgs/development/misc/haskell/hasura/kriti-lang.nix index 7e22aff40d7b..17362f05dd0d 100644 --- a/nixpkgs/pkgs/development/misc/haskell/hasura/kriti-lang.nix +++ b/nixpkgs/pkgs/development/misc/haskell/hasura/kriti-lang.nix @@ -38,4 +38,8 @@ mkDerivation { ]; license = lib.licenses.asl20; maintainers = with lib.maintainers; [ lassulus ]; + + # Does not compile with ghc-9.2 + hydraPlatforms = lib.platforms.none; + broken = true; } diff --git a/nixpkgs/pkgs/development/misc/haskell/hasura/pool.nix b/nixpkgs/pkgs/development/misc/haskell/hasura/pool.nix index 48954114a4a1..c03b1fb88121 100644 --- a/nixpkgs/pkgs/development/misc/haskell/hasura/pool.nix +++ b/nixpkgs/pkgs/development/misc/haskell/hasura/pool.nix @@ -17,7 +17,7 @@ mkDerivation { vector ]; testHaskellDepends = [ base hspec ]; - homepage = "http://github.com/bos/pool"; + homepage = "https://github.com/bos/pool"; description = "A high-performance striped resource pooling implementation"; license = lib.licenses.bsd3; maintainers = with lib.maintainers; [ lassulus ]; diff --git a/nixpkgs/pkgs/development/misc/haskell/hercules-ci-optparse-applicative.nix b/nixpkgs/pkgs/development/misc/haskell/hercules-ci-optparse-applicative.nix index 5c0b6b0eecb3..28f2c7e812b0 100644 --- a/nixpkgs/pkgs/development/misc/haskell/hercules-ci-optparse-applicative.nix +++ b/nixpkgs/pkgs/development/misc/haskell/hercules-ci-optparse-applicative.nix @@ -7,8 +7,8 @@ mkDerivation { src = fetchFromGitHub { owner = "hercules-ci"; repo = "optparse-applicative"; - rev = "9e2968c09a7c5b29d04578dc68d81ce5aec0591e"; - sha256 = "sha256-11MnpQjmR89gW5WY5BwsPhpk/LwSIxEEhIa4LLiCbBc="; + rev = "3d20deefbef2e66d3c075facc5d01c1aede34f3c"; + sha256 = "sha256-FnFbPvy5iITT7rAjZBBUNQdo3UDP2z8iLg0MiIdXMdo="; }; libraryHaskellDepends = [ ansi-wl-pprint base process transformers transformers-compat diff --git a/nixpkgs/pkgs/development/misc/loc/default.nix b/nixpkgs/pkgs/development/misc/loc/default.nix index ce262d946a80..9f6286d14f4c 100644 --- a/nixpkgs/pkgs/development/misc/loc/default.nix +++ b/nixpkgs/pkgs/development/misc/loc/default.nix @@ -1,8 +1,6 @@ { lib, fetchFromGitHub, rustPlatform }: -with rustPlatform; - -buildRustPackage rec { +rustPlatform.buildRustPackage rec { version = "0.4.1"; pname = "loc"; diff --git a/nixpkgs/pkgs/development/misc/msp430/mspds/binary.nix b/nixpkgs/pkgs/development/misc/msp430/mspds/binary.nix index 5b64ec328ae6..3558599c2de0 100644 --- a/nixpkgs/pkgs/development/misc/msp430/mspds/binary.nix +++ b/nixpkgs/pkgs/development/misc/msp430/mspds/binary.nix @@ -1,9 +1,7 @@ { stdenv, lib, fetchurl, unzip, autoPatchelfHook }: -with lib; - let - archPostfix = optionalString (stdenv.is64bit && !stdenv.isDarwin) "_64"; + archPostfix = lib.optionalString (stdenv.is64bit && !stdenv.isDarwin) "_64"; in stdenv.mkDerivation rec { pname = "msp-debug-stack-bin"; version = "3.15.1.1"; @@ -26,7 +24,7 @@ in stdenv.mkDerivation rec { install -Dm0644 -t $out/include Inc/*.h ''; - meta = { + meta = with lib; { description = "Unfree binary release of the TI MSP430 FET debug driver"; homepage = "https://www.ti.com/tool/MSPDS"; sourceProvenance = with lib.sourceTypes; [ binaryNativeCode ]; diff --git a/nixpkgs/pkgs/development/misc/msp430/mspds/default.nix b/nixpkgs/pkgs/development/misc/msp430/mspds/default.nix index 891e7d980b4a..75dd08805f3f 100644 --- a/nixpkgs/pkgs/development/misc/msp430/mspds/default.nix +++ b/nixpkgs/pkgs/development/misc/msp430/mspds/default.nix @@ -6,11 +6,10 @@ , libusb1 ? null }: -with lib; assert stdenv.isLinux -> libusb1 != null; let - hidapiDriver = optionalString stdenv.isLinux "-libusb"; + hidapiDriver = lib.optionalString stdenv.isLinux "-libusb"; in stdenv.mkDerivation { pname = "msp-debug-stack"; @@ -26,14 +25,14 @@ in stdenv.mkDerivation { libName = "libmsp430${stdenv.hostPlatform.extensions.sharedLibrary}"; makeFlags = [ "OUTPUT=$(libName)" "HIDOBJ=" ]; NIX_LDFLAGS = [ "-lpugixml" "-lhidapi${hidapiDriver}" ]; - NIX_CFLAGS_COMPILE = [ "-I${hidapi}/include/hidapi" ]; + env.NIX_CFLAGS_COMPILE = toString [ "-I${hidapi}/include/hidapi" ]; patches = [ ./bsl430.patch ]; preBuild = '' rm ThirdParty/src/pugixml.cpp rm ThirdParty/include/pugi{config,xml}.hpp - '' + optionalString stdenv.isDarwin '' + '' + lib.optionalString stdenv.isDarwin '' makeFlagsArray+=(OUTNAME="-install_name ") ''; @@ -44,9 +43,9 @@ in stdenv.mkDerivation { nativeBuildInputs = [ unzip ]; buildInputs = [ boost hidapi pugixml ] - ++ optional stdenv.isLinux libusb1; + ++ lib.optional stdenv.isLinux libusb1; - meta = { + meta = with lib; { description = "TI MSP430 FET debug driver"; homepage = "https://www.ti.com/tool/MSPDS"; license = licenses.bsd3; diff --git a/nixpkgs/pkgs/development/misc/msp430/newlib.nix b/nixpkgs/pkgs/development/misc/msp430/newlib.nix index 4ea98bfc8b2e..005d8f8cbd9f 100644 --- a/nixpkgs/pkgs/development/misc/msp430/newlib.nix +++ b/nixpkgs/pkgs/development/misc/msp430/newlib.nix @@ -1,4 +1,4 @@ -{ stdenvNoCC, lndir, newlib, msp430GccSupport }: +{ stdenvNoCC, xorg, newlib, msp430GccSupport }: stdenvNoCC.mkDerivation { name = "msp430-${newlib.name}"; @@ -10,9 +10,9 @@ stdenvNoCC.mkDerivation { buildCommand = '' mkdir $out - ${lndir}/bin/lndir -silent $newlib $out - ${lndir}/bin/lndir -silent $msp430GccSupport/include $out/${newlib.incdir} - ${lndir}/bin/lndir -silent $msp430GccSupport/lib $out/${newlib.libdir} + ${xorg.lndir}/bin/lndir -silent $newlib $out + ${xorg.lndir}/bin/lndir -silent $msp430GccSupport/include $out/${newlib.incdir} + ${xorg.lndir}/bin/lndir -silent $msp430GccSupport/lib $out/${newlib.libdir} ''; passthru = { diff --git a/nixpkgs/pkgs/development/misc/newlib/default.nix b/nixpkgs/pkgs/development/misc/newlib/default.nix index 60ad50a8e4f7..4ec603f250d5 100644 --- a/nixpkgs/pkgs/development/misc/newlib/default.nix +++ b/nixpkgs/pkgs/development/misc/newlib/default.nix @@ -1,20 +1,32 @@ -{ stdenv, fetchurl, buildPackages +{ stdenv, fetchurl, buildPackages, lib, fetchpatch, texinfo , # "newlib-nano" is what the official ARM embedded toolchain calls this build # configuration that prioritizes low space usage. We include it as a preset # for embedded projects striving for a similar configuration. nanoizeNewlib ? false }: -stdenv.mkDerivation rec { +stdenv.mkDerivation (finalAttrs: { pname = "newlib"; - version = "4.1.0"; + version = "4.3.0.20230120"; src = fetchurl { - url = "ftp://sourceware.org/pub/newlib/newlib-${version}.tar.gz"; - sha256 = "0m01sjjyj0ib7bwlcrvmk1qkkgd66zf1dhbw716j490kymrf75pj"; + url = "ftp://sourceware.org/pub/newlib/newlib-${finalAttrs.version}.tar.gz"; + sha256 = "sha256-g6Yqma9Z4465sMWO0JLuJNcA//Q6IsA+QzlVET7zUVA="; }; - depsBuildBuild = [ buildPackages.stdenv.cc ]; + patches = lib.optionals nanoizeNewlib [ + # https://bugs.gentoo.org/723756 + (fetchpatch { + name = "newlib-3.3.0-no-nano-cxx.patch"; + url = "https://gitweb.gentoo.org/repo/gentoo.git/plain/sys-libs/newlib/files/newlib-3.3.0-no-nano-cxx.patch?id=9ee5a1cd6f8da6d084b93b3dbd2e8022a147cfbf"; + sha256 = "sha256-S3mf7vwrzSMWZIGE+d61UDH+/SK/ao1hTPee1sElgco="; + }) + ]; + + depsBuildBuild = [ + buildPackages.stdenv.cc + texinfo # for makeinfo + ]; # newlib expects CC to build for build platform, not host platform preConfigure = '' @@ -22,31 +34,65 @@ stdenv.mkDerivation rec { ''; configurePlatforms = [ "build" "target" ]; + # flags copied from https://community.arm.com/support-forums/f/compilers-and-libraries-forum/53310/gcc-arm-none-eabi-what-were-the-newlib-compilation-options + # sort alphabetically configureFlags = [ "--host=${stdenv.buildPlatform.config}" - + ] ++ (if !nanoizeNewlib then [ "--disable-newlib-supplied-syscalls" "--disable-nls" - "--enable-newlib-retargetable-locking" - ] ++ (if !nanoizeNewlib then [ + "--enable-newlib-io-c99-formats" "--enable-newlib-io-long-long" + "--enable-newlib-reent-check-verify" "--enable-newlib-register-fini" + "--enable-newlib-retargetable-locking" ] else [ - "--enable-newlib-reent-small" - "--disable-newlib-fvwrite-in-streamio" "--disable-newlib-fseek-optimization" - "--disable-newlib-wide-orient" - "--enable-newlib-nano-malloc" + "--disable-newlib-fvwrite-in-streamio" + "--disable-newlib-supplied-syscalls" "--disable-newlib-unbuf-stream-opt" + "--disable-newlib-wide-orient" + "--disable-nls" "--enable-lite-exit" "--enable-newlib-global-atexit" "--enable-newlib-nano-formatted-io" + "--enable-newlib-nano-malloc" + "--enable-newlib-reent-check-verify" + "--enable-newlib-reent-small" + "--enable-newlib-retargetable-locking" ]); dontDisableStatic = true; + # apply necessary nano changes from https://developer.arm.com/-/media/Files/downloads/gnu/12.2.rel1/manifest/copy_nano_libraries.sh?rev=4c50be6ccb9c4205a5262a3925317073&hash=1375A7B0A1CD0DB9B9EB0D2B574ADF66 + postInstall = lib.optionalString nanoizeNewlib '' + mkdir -p $out${finalAttrs.passthru.incdir}/newlib-nano + cp $out${finalAttrs.passthru.incdir}/newlib.h $out${finalAttrs.passthru.incdir}/newlib-nano/ + + ( + cd $out${finalAttrs.passthru.libdir} + + for f in librdimon.a libc.a libg.a; do + cp "$f" "''${f%%\.a}_nano.a" + done + ) + ''; + passthru = { incdir = "/${stdenv.targetPlatform.config}/include"; libdir = "/${stdenv.targetPlatform.config}/lib"; }; -} + + meta = with lib; { + description = "a C library intended for use on embedded systems"; + homepage = "https://sourceware.org/newlib/"; + # arch has "bsd" while gentoo has "NEWLIB LIBGLOSS GPL-2" while COPYING has "gpl2" + # there are 5 copying files in total + # COPYING + # COPYING.LIB + # COPYING.LIBGLOSS + # COPYING.NEWLIB + # COPYING3 + license = licenses.gpl2Plus; + }; +}) diff --git a/nixpkgs/pkgs/development/misc/resholve/README.md b/nixpkgs/pkgs/development/misc/resholve/README.md index 28fbfbb707ef..18d98f364f28 100644 --- a/nixpkgs/pkgs/development/misc/resholve/README.md +++ b/nixpkgs/pkgs/development/misc/resholve/README.md @@ -94,8 +94,9 @@ resholve.mkDerivation rec { ## Basic `resholve.writeScript` and `resholve.writeScriptBin` examples -Both of these functions have the same basic API. This example is a little -trivial for now. If you have a real usage that you find helpful, please PR it. +Both of these functions have the same basic API. The examples are a little +trivial, so I'll also link to some real-world examples: +- [shell.nix from abathur/tdverpy](https://github.com/abathur/tdverpy/blob/e1f956df3ed1c7097a5164e0c85b178772e277f5/shell.nix#L6-L13) ```nix resholvedScript = resholve.writeScript "name" { @@ -183,6 +184,7 @@ handle any potential problems it encounters with directives. There are currently scripts from using the latest current-system symlinks.) - resolve commands in a variable definition - resolve an absolute command path from inputs as if it were a bare reference + - force resholve to resolve known security wrappers 3. `keep` directives tell resholve not to raise an error (i.e., ignore) something it would usually object to. Common examples: - variables used as/within the first word of a command @@ -190,7 +192,7 @@ handle any potential problems it encounters with directives. There are currently - dynamic (variable) arguments to commands known to accept/run other commands > NOTE: resholve has a (growing) number of directives detailed in `man resholve` -> via `nixpkgs.resholve`. +> via `nixpkgs.resholve` (though protections against run-time use of python2 in nixpkgs mean you'll have to set `NIXPKGS_ALLOW_INSECURE=1` to pull resholve into nix-shell). Each of these 3 types is represented by its own attrset, where you can think of the key as a scope. The value should be: @@ -250,8 +252,23 @@ with some rules (internal to resholve) for locating sub-executions in some of the more common commands. - "execer" lore identifies whether an executable can, cannot, - or might execute its arguments. Every "can" or "might" verdict requires - either built-in rules for finding the executable, or human triage. + or might execute its arguments. Every "can" or "might" verdict requires: + - an update to the matching rules in [binlore](https://github.com/abathur/binlore) + if there's absolutely no exec in the executable and binlore just lacks + rules for understanding this + - an override in [binlore](https://github.com/abathur/binlore) if there is + exec but it isn't actually under user control + - a parser in [resholve](https://github.com/abathur/resholve) capable of + isolating the exec'd words if the command does have exec under user + control + - overriding the execer lore for the executable if manual triage indicates + that all of the invocations in the current package don't include any + commands that the executable would exec + - if manual triage turns up any commands that would be exec'd, use some + non-resholve tool to patch/substitute/replace them before or after you + run resholve on them (if before, you may need to also add keep directives + for these absolute paths) + - "wrapper" lore maps shell exec wrappers to the programs they exec so that resholve can substitute an executable's verdict for its wrapper's. diff --git a/nixpkgs/pkgs/development/misc/resholve/default.nix b/nixpkgs/pkgs/development/misc/resholve/default.nix index b2ee3c1d1b57..74f45f8ed3cc 100644 --- a/nixpkgs/pkgs/development/misc/resholve/default.nix +++ b/nixpkgs/pkgs/development/misc/resholve/default.nix @@ -1,21 +1,54 @@ -{ callPackage +{ lib +, pkgs +, pkgsBuildHost , ... }: let + removeKnownVulnerabilities = pkg: pkg.overrideAttrs (old: { + meta = (old.meta or { }) // { knownVulnerabilities = [ ]; }; + }); + # We are removing `meta.knownVulnerabilities` from `python27`, + # and setting it in `resholve` itself. + python27' = (removeKnownVulnerabilities pkgsBuildHost.python27).override { + self = python27'; + pkgsBuildHost = pkgsBuildHost // { python27 = python27'; }; + # strip down that python version as much as possible + openssl = null; + bzip2 = null; + readline = null; + ncurses = null; + gdbm = null; + sqlite = null; + rebuildBytecode = false; + stripBytecode = true; + strip2to3 = true; + stripConfig = true; + stripIdlelib = true; + stripTests = true; + enableOptimizations = false; + }; + callPackage = lib.callPackageWith (pkgs // { python27 = python27'; }); source = callPackage ./source.nix { }; deps = callPackage ./deps.nix { }; in rec { + # not exposed in all-packages + resholveBuildTimeOnly = removeKnownVulnerabilities resholve; # resholve itself resholve = callPackage ./resholve.nix { inherit (source) rSrc version; inherit (deps.oil) oildev; + inherit (deps) configargparse; inherit resholve-utils; + # used only in tests + resholve = resholveBuildTimeOnly; }; # funcs to validate and phrase invocations of resholve # and use those invocations to build packages resholve-utils = callPackage ./resholve-utils.nix { - inherit resholve; + # we can still use resholve-utils without triggering a security warn + # this is safe since we will only use `resholve` at build time + resholve = resholveBuildTimeOnly; }; } diff --git a/nixpkgs/pkgs/development/misc/resholve/deps.nix b/nixpkgs/pkgs/development/misc/resholve/deps.nix index 604bfa872c25..80ffa4aa42ff 100644 --- a/nixpkgs/pkgs/development/misc/resholve/deps.nix +++ b/nixpkgs/pkgs/development/misc/resholve/deps.nix @@ -1,4 +1,8 @@ -{ callPackage +{ lib +, callPackage +, fetchFromGitHub +, python27 +, fetchPypi , ... }: @@ -14,5 +18,64 @@ rec { # binlore = callPackage ./binlore.nix { }; - oil = callPackage ./oildev.nix { }; + oil = callPackage ./oildev.nix { + inherit python27; + inherit six; + inherit typing; + }; + configargparse = python27.pkgs.buildPythonPackage rec { + pname = "configargparse"; + version = "1.5.3"; + + src = fetchFromGitHub { + owner = "bw2"; + repo = "ConfigArgParse"; + rev = "v${version}"; + sha256 = "1dsai4bilkp2biy9swfdx2z0k4akw4lpvx12flmk00r80hzgbglz"; + }; + + doCheck = false; + + pythonImportsCheck = [ "configargparse" ]; + + meta = with lib; { + description = "A drop-in replacement for argparse"; + homepage = "https://github.com/bw2/ConfigArgParse"; + license = licenses.mit; + }; + }; + six = python27.pkgs.buildPythonPackage rec { + pname = "six"; + version = "1.16.0"; + + src = fetchPypi { + inherit pname version; + sha256 = "1e61c37477a1626458e36f7b1d82aa5c9b094fa4802892072e49de9c60c4c926"; + }; + + doCheck = false; + + meta = { + description = "A Python 2 and 3 compatibility library"; + homepage = "https://pypi.python.org/pypi/six/"; + license = lib.licenses.mit; + }; + }; + typing = python27.pkgs.buildPythonPackage rec { + pname = "typing"; + version = "3.10.0.0"; + + src = fetchPypi { + inherit pname version; + sha256 = "13b4ad211f54ddbf93e5901a9967b1e07720c1d1b78d596ac6a439641aa1b130"; + }; + + doCheck = false; + + meta = with lib; { + description = "Backport of typing module to Python versions older than 3.5"; + homepage = "https://docs.python.org/3/library/typing.html"; + license = licenses.psfl; + }; + }; } diff --git a/nixpkgs/pkgs/development/misc/resholve/oildev.nix b/nixpkgs/pkgs/development/misc/resholve/oildev.nix index 00855e7f7bcc..de3ac08ec99d 100644 --- a/nixpkgs/pkgs/development/misc/resholve/oildev.nix +++ b/nixpkgs/pkgs/development/misc/resholve/oildev.nix @@ -1,6 +1,6 @@ { lib , stdenv -, python27Packages +, python27 , callPackage , fetchFromGitHub , makeWrapper @@ -9,10 +9,11 @@ , # py-yajl deps git , # oil deps - readline -, cmark + cmark , file , glibcLocales +, six +, typing }: rec { @@ -32,14 +33,14 @@ rec { ''; }; - py-yajl = python27Packages.buildPythonPackage rec { + py-yajl = python27.pkgs.buildPythonPackage rec { pname = "oil-pyyajl-unstable"; - version = "2019-12-05"; + version = "2022-09-01"; src = fetchFromGitHub { owner = "oilshell"; repo = "py-yajl"; - rev = "eb561e9aea6e88095d66abcc3990f2ee1f5339df"; - sha256 = "17hcgb7r7cy8r1pwbdh8di0nvykdswlqj73c85k6z8m0filj3hbh"; + rev = "72686b0e2e9d13d3ce5fefe47ecd607c540c90a3"; + hash = "sha256-H3GKN0Pq1VFD5+SWxm8CXUVO7zAyj/ngKVmDaG/aRT4="; fetchSubmodules = true; }; # just for submodule IIRC @@ -51,16 +52,16 @@ rec { (or accepting all of the patches we need to do so). This creates one without disturbing upstream too much. */ - oildev = python27Packages.buildPythonPackage rec { + oildev = python27.pkgs.buildPythonPackage rec { pname = "oildev-unstable"; version = "2021-07-14"; src = fetchFromGitHub { owner = "oilshell"; repo = "oil"; - # rev == present HEAD of release/0.8.12 - rev = "799c0703d1da86cb80d1f5b163edf9369ad77cf1"; - hash = "sha256-QNSISr719ycZ1Z0quxHWzCb3IvHGj9TpogaYz20hDM4="; + # rev == present HEAD of release/0.14.0 + rev = "3d0427e222f7e42ae7be90c706d7fde555efca2e"; + hash = "sha256-XMoNkBEEmD6AwNSu1uSh3OcWLfy4/ADtRckn/Pj2cP4="; /* It's not critical to drop most of these; the primary target is @@ -71,16 +72,16 @@ rec { hash on rev updates. Command will fail w/o and not print hash. */ postFetch = '' - rm -rf Python-2.7.13 benchmarks metrics py-yajl rfc gold web testdata services demo devtools cpp + rm -rf $out/{Python-2.7.13,metrics,py-yajl,rfc,gold,web,testdata,services,demo,devtools} ''; }; - # patch to support a python package, pass tests on macOS, etc. + # patch to support a python package, pass tests on macOS, drop deps, etc. patchSrc = fetchFromGitHub { owner = "abathur"; repo = "nix-py-dev-oil"; - rev = "v0.8.12.2"; - hash = "sha256-+dVxzPKMGNKFE+7Ggzx9iWjjvwW2Ow3UqmjjUud9Mqo="; + rev = "v0.14.0.0"; + hash = "sha256-U6uR8G6yB2xwuDE/fznco23mVFSVdCxPUNdCRYz4Mj8="; }; patches = [ "${patchSrc}/0001-add_setup_py.patch" @@ -89,13 +90,18 @@ rec { "${patchSrc}/0006-disable_failing_libc_tests.patch" "${patchSrc}/0007-namespace_via_init.patch" "${patchSrc}/0009-avoid_nix_arch64_darwin_toolchain_bug.patch" + "${patchSrc}/0010-disable-line-input.patch" + "${patchSrc}/0011-disable-fanos.patch" + "${patchSrc}/0012-disable-doc-cmark.patch" ]; - buildInputs = [ readline cmark py-yajl ]; + configureFlags = [ + "--without-readline" + ]; nativeBuildInputs = [ re2c file makeWrapper ]; - propagatedBuildInputs = with python27Packages; [ six typing ]; + propagatedBuildInputs = [ six typing py-yajl ]; doCheck = true; @@ -104,7 +110,12 @@ rec { ''; postPatch = '' - patchShebangs asdl build core doctools frontend native oil_lang + patchShebangs asdl build core doctools frontend pyext oil_lang + substituteInPlace pyext/fastlex.c --replace '_gen/frontend' '../_gen/frontend' + substituteInPlace core/main_loop.py --replace 'import fanos' '# import fanos' + rm cpp/stdlib.h # keep modules from finding the wrong stdlib? + # work around hard parse failure documented in oilshell/oil#1468 + substituteInPlace osh/cmd_parse.py --replace 'elif self.c_id == Id.Op_LParen' 'elif False' ''; /* @@ -118,8 +129,17 @@ rec { # See earlier note on glibcLocales TODO: verify needed? LOCALE_ARCHIVE = lib.optionalString (stdenv.buildPlatform.libc == "glibc") "${glibcLocales}/lib/locale/locale-archive"; - # not exhaustive; just a spot-check for now - pythonImportsCheck = [ "oil" "oil._devbuild" ]; + # not exhaustive; sample what resholve uses as a sanity check + pythonImportsCheck = [ + "oil" + "oil.asdl" + "oil.core" + "oil.frontend" + "oil._devbuild" + "oil._devbuild.gen.id_kind_asdl" + "oil._devbuild.gen.syntax_asdl" + "oil.tools.osh2oil" + ]; meta = { license = with lib.licenses; [ diff --git a/nixpkgs/pkgs/development/misc/resholve/resholve-utils.nix b/nixpkgs/pkgs/development/misc/resholve/resholve-utils.nix index 27e347e7c4aa..a903b674eb33 100644 --- a/nixpkgs/pkgs/development/misc/resholve/resholve-utils.nix +++ b/nixpkgs/pkgs/development/misc/resholve/resholve-utils.nix @@ -129,6 +129,7 @@ rec { ) ) )} + '' + lib.optionalString (partialSolution.interpreter != "none") '' ${partialSolution.interpreter} -n $out ''; }; @@ -146,6 +147,7 @@ rec { ) ) } + '' + lib.optionalString (partialSolution.interpreter != "none") '' ${partialSolution.interpreter} -n $out/bin/${name} ''; }; @@ -167,7 +169,8 @@ rec { */ unresholved = (stdenv.mkDerivation ((removeAttrs attrs [ "solutions" ]) // { - inherit pname version src; + inherit version src; + pname = "${pname}-unresholved"; })); in /* @@ -178,13 +181,15 @@ rec { */ lib.extendDerivation true passthru (stdenv.mkDerivation { src = unresholved; - version = unresholved.version; - pname = "resholved-${unresholved.pname}"; + inherit version pname; buildInputs = [ resholve ]; + disallowedReferences = [ resholve ]; # retain a reference to the base passthru = unresholved.passthru // { unresholved = unresholved; + # fallback attr for update bot to query our src + originalSrc = unresholved.src; }; # do these imply that we should use NoCC or something? @@ -199,5 +204,8 @@ rec { # supports default python.logging levels # LOGLEVEL="INFO"; preFixup = phraseSolutions solutions unresholved; + + # don't break the metadata... + meta = unresholved.meta; }); } diff --git a/nixpkgs/pkgs/development/misc/resholve/resholve.nix b/nixpkgs/pkgs/development/misc/resholve/resholve.nix index 959e7ee0cb52..28a0e401cf5d 100644 --- a/nixpkgs/pkgs/development/misc/resholve/resholve.nix +++ b/nixpkgs/pkgs/development/misc/resholve/resholve.nix @@ -1,16 +1,18 @@ { lib , stdenv , callPackage -, python27Packages +, python27 , installShellFiles , rSrc , version , oildev +, configargparse , binlore +, resholve , resholve-utils }: -python27Packages.buildPythonApplication { +python27.pkgs.buildPythonApplication { pname = "resholve"; inherit version; src = rSrc; @@ -19,24 +21,16 @@ python27Packages.buildPythonApplication { propagatedBuildInputs = [ oildev - /* - Disable configargparse's tests on aarch64-darwin. - Several of py27 scandir's tests fail on aarch64-darwin. Chain: - configargparse -> pytest-check-hook -> pytest -> pathlib2 -> scandir - TODO: drop if https://github.com/NixOS/nixpkgs/issues/156807 resolves? - */ - (python27Packages.configargparse.overridePythonAttrs (old: { - doCheck = stdenv.hostPlatform.system != "aarch64-darwin"; - })) + configargparse ]; - patchPhase = '' + postPatch = '' for file in setup.cfg _resholve/version.py; do substituteInPlace $file --subst-var-by version ${version} done ''; - postInstall = '' + postInstall = '' installManPage resholve.1 ''; @@ -48,7 +42,7 @@ python27Packages.buildPythonApplication { passthru = { inherit (resholve-utils) mkDerivation phraseSolution writeScript writeScriptBin; - tests = callPackage ./test.nix { inherit rSrc binlore; }; + tests = callPackage ./test.nix { inherit rSrc binlore python27 resholve; }; }; meta = with lib; { @@ -57,5 +51,10 @@ python27Packages.buildPythonApplication { license = with licenses; [ mit ]; maintainers = with maintainers; [ abathur ]; platforms = platforms.all; + knownVulnerabilities = [ '' + resholve depends on python27 (EOL). While it's safe to + run on trusted input in the build sandbox, you should + avoid running it on untrusted input. + '' ]; }; } diff --git a/nixpkgs/pkgs/development/misc/resholve/source.nix b/nixpkgs/pkgs/development/misc/resholve/source.nix index fa3b9c80e31d..70182722bde4 100644 --- a/nixpkgs/pkgs/development/misc/resholve/source.nix +++ b/nixpkgs/pkgs/development/misc/resholve/source.nix @@ -3,7 +3,7 @@ }: rec { - version = "0.8.1"; + version = "0.9.0"; rSrc = # local build -> `make ci`; `make clean` to restore # return to remote source @@ -14,6 +14,6 @@ rec { owner = "abathur"; repo = "resholve"; rev = "v${version}"; - hash = "sha256-EVrv4Lj9GQa3g18BRQjC0wCxzsfsn4Ka1iq5Ouu1cII="; + hash = "sha256-FRdCeeC2c3bMEXekEyilgW0PwFfUWGstZ5mXdmRPM5w="; }; } diff --git a/nixpkgs/pkgs/development/misc/resholve/test.nix b/nixpkgs/pkgs/development/misc/resholve/test.nix index 2b8a3ec3d296..8f9da36c9de4 100644 --- a/nixpkgs/pkgs/development/misc/resholve/test.nix +++ b/nixpkgs/pkgs/development/misc/resholve/test.nix @@ -20,7 +20,7 @@ , runDemo ? false , binlore , sqlite -, util-linux +, unixtools , gawk , rlwrap , gnutar @@ -29,7 +29,7 @@ let default_packages = [ bash file findutils gettext ]; - parsed_packages = [ coreutils sqlite util-linux gnused gawk findutils rlwrap gnutar bc ]; + parsed_packages = [ coreutils sqlite unixtools.script gnused gawk findutils rlwrap gnutar bc ]; in rec { module1 = resholve.mkDerivation { @@ -127,7 +127,7 @@ rec { ''; doCheck = true; buildInputs = [ resholve ]; - checkInputs = [ coreutils bats python27 ]; + nativeCheckInputs = [ coreutils bats python27 ]; # LOGLEVEL="DEBUG"; # default path @@ -179,4 +179,11 @@ rec { echo "Hello" file . ''; + resholvedScriptBinNone = resholve.writeScriptBin "resholved-script-bin" { + inputs = [ file ]; + interpreter = "none"; + } '' + echo "Hello" + file . + ''; } diff --git a/nixpkgs/pkgs/development/misc/rpiboot/default.nix b/nixpkgs/pkgs/development/misc/rpiboot/default.nix index 35fb41d0a8da..8930648cdaaa 100644 --- a/nixpkgs/pkgs/development/misc/rpiboot/default.nix +++ b/nixpkgs/pkgs/development/misc/rpiboot/default.nix @@ -1,17 +1,18 @@ -{ lib, stdenv, fetchFromGitHub, libusb1 }: +{ lib, stdenv, fetchFromGitHub, libusb1, pkg-config }: stdenv.mkDerivation rec { pname = "rpiboot"; - version = "2021.07.01"; + version = "20221215-105525"; src = fetchFromGitHub { owner = "raspberrypi"; repo = "usbboot"; - rev = "v${version}"; - sha256 = "sha256-BkNyYCrasfiRs7CbJa7tCo2k70TLGcXkOX+zGPyZGGE="; + rev = version; + hash = "sha256-Y77IrDblXmnpZleJ3zTyiGDYLZ7gNxASXpqUzwS1NCU="; }; - nativeBuildInputs = [ libusb1 ]; + buildInputs = [ libusb1 ]; + nativeBuildInputs = [ pkg-config ]; patchPhase = '' sed -i "s@/usr/@$out/@g" main.c @@ -28,7 +29,7 @@ stdenv.mkDerivation rec { homepage = "https://github.com/raspberrypi/usbboot"; description = "Utility to boot a Raspberry Pi CM/CM3/CM4/Zero over USB"; license = licenses.asl20; - maintainers = with maintainers; [ cartr ]; + maintainers = with maintainers; [ cartr flokli ]; platforms = [ "aarch64-linux" "aarch64-darwin" "armv7l-linux" "armv6l-linux" "x86_64-linux" "x86_64-darwin" ]; }; } diff --git a/nixpkgs/pkgs/development/misc/umr/default.nix b/nixpkgs/pkgs/development/misc/umr/default.nix index 3dba51022d3c..b83cb91a91b5 100644 --- a/nixpkgs/pkgs/development/misc/umr/default.nix +++ b/nixpkgs/pkgs/development/misc/umr/default.nix @@ -1,25 +1,28 @@ { lib, stdenv, fetchgit, bash-completion, cmake, pkg-config -, libdrm, libpciaccess, llvmPackages, ncurses +, json_c, libdrm, libpciaccess, llvmPackages, nanomsg, ncurses, SDL2 }: stdenv.mkDerivation rec { pname = "umr"; - version = "unstable-2021-02-18"; + version = "unstable-2022-08-23"; src = fetchgit { url = "https://gitlab.freedesktop.org/tomstdenis/umr"; - rev = "79e17f8f2807ed707fc1be369d0aad536f6dbc97"; - sha256 = "IwTkHEuJ82hngPjFVIihU2rSolLBqHxQTNsP8puYPaY="; + rev = "87f814b1ffdbac8bfddd8529d344a7901cd7e112"; + hash = "sha256-U1VP1AicSGWzBwzz99i7+3awATZocw5jaqtAxuRNaBE="; }; nativeBuildInputs = [ cmake pkg-config llvmPackages.llvm.dev ]; buildInputs = [ bash-completion + json_c libdrm libpciaccess llvmPackages.llvm + nanomsg ncurses + SDL2 ]; # Remove static libraries (there are no dynamic libraries in there) diff --git a/nixpkgs/pkgs/development/misc/yelp-tools/default.nix b/nixpkgs/pkgs/development/misc/yelp-tools/default.nix index a58891bc333b..088b4ccf48af 100644 --- a/nixpkgs/pkgs/development/misc/yelp-tools/default.nix +++ b/nixpkgs/pkgs/development/misc/yelp-tools/default.nix @@ -13,13 +13,13 @@ python3.pkgs.buildPythonApplication rec { pname = "yelp-tools"; - version = "42.0"; + version = "42.1"; format = "other"; src = fetchurl { url = "mirror://gnome/sources/yelp-tools/${lib.versions.major version}/${pname}-${version}.tar.xz"; - sha256 = "LNQwY/+nJi3xXdjTeao+o5mdQmYfB1Y/SALaoRSfffQ="; + sha256 = "PklqQCDUFFuZ/VCKJfoJM2pQOk6JAAKEIecsaksR+QU="; }; nativeBuildInputs = [ |