diff options
author | Alyssa Ross <hi@alyssa.is> | 2024-02-13 12:25:07 +0100 |
---|---|---|
committer | Alyssa Ross <hi@alyssa.is> | 2024-02-13 12:25:07 +0100 |
commit | a5e1520e4538e29ecfbd4b168306f890566d7bfd (patch) | |
tree | 28099c268b5d4b1e33c2b29f0714c45f0b961382 /nixpkgs/pkgs/development/tools/analysis | |
parent | 822f7c15c04567fbdc27020e862ea2b70cfbf8eb (diff) | |
parent | 3560d1c8269d0091b9aae10731b5e85274b7bbc1 (diff) | |
download | nixlib-a5e1520e4538e29ecfbd4b168306f890566d7bfd.tar nixlib-a5e1520e4538e29ecfbd4b168306f890566d7bfd.tar.gz nixlib-a5e1520e4538e29ecfbd4b168306f890566d7bfd.tar.bz2 nixlib-a5e1520e4538e29ecfbd4b168306f890566d7bfd.tar.lz nixlib-a5e1520e4538e29ecfbd4b168306f890566d7bfd.tar.xz nixlib-a5e1520e4538e29ecfbd4b168306f890566d7bfd.tar.zst nixlib-a5e1520e4538e29ecfbd4b168306f890566d7bfd.zip |
Merge branch 'nixos-unstable-small' of https://github.com/NixOS/nixpkgs
Conflicts: nixpkgs/nixos/modules/services/mail/rss2email.nix nixpkgs/pkgs/build-support/go/module.nix
Diffstat (limited to 'nixpkgs/pkgs/development/tools/analysis')
14 files changed, 206 insertions, 227 deletions
diff --git a/nixpkgs/pkgs/development/tools/analysis/brakeman/Gemfile.lock b/nixpkgs/pkgs/development/tools/analysis/brakeman/Gemfile.lock index bb45178f79d4..dcc9920bd534 100644 --- a/nixpkgs/pkgs/development/tools/analysis/brakeman/Gemfile.lock +++ b/nixpkgs/pkgs/development/tools/analysis/brakeman/Gemfile.lock @@ -1,7 +1,9 @@ GEM remote: https://rubygems.org/ specs: - brakeman (6.1.0) + brakeman (6.1.1) + racc + racc (1.7.3) PLATFORMS ruby @@ -10,4 +12,4 @@ DEPENDENCIES brakeman BUNDLED WITH - 2.4.22 + 2.5.3 diff --git a/nixpkgs/pkgs/development/tools/analysis/brakeman/gemset.nix b/nixpkgs/pkgs/development/tools/analysis/brakeman/gemset.nix index 31705fe31a6d..fdee80a9ff75 100644 --- a/nixpkgs/pkgs/development/tools/analysis/brakeman/gemset.nix +++ b/nixpkgs/pkgs/development/tools/analysis/brakeman/gemset.nix @@ -1,12 +1,23 @@ { brakeman = { + dependencies = ["racc"]; groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "00vlip5z1gc1npj1nxvcy2gvwya4fk01xzyhazkhz3ymdn9nch0d"; + sha256 = "1ahkss5xpdw7vwykyd5kba74cs4r987fcn7ad5qvzhzhqdariqvy"; type = "gem"; }; - version = "6.1.0"; + version = "6.1.1"; + }; + racc = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "01b9662zd2x9bp4rdjfid07h09zxj7kvn7f5fghbqhzc625ap1dp"; + type = "gem"; + }; + version = "1.7.3"; }; } diff --git a/nixpkgs/pkgs/development/tools/analysis/checkov/default.nix b/nixpkgs/pkgs/development/tools/analysis/checkov/default.nix index 3d6b7b06ac83..a60ef454284d 100644 --- a/nixpkgs/pkgs/development/tools/analysis/checkov/default.nix +++ b/nixpkgs/pkgs/development/tools/analysis/checkov/default.nix @@ -5,14 +5,14 @@ python3.pkgs.buildPythonApplication rec { pname = "checkov"; - version = "3.1.66"; + version = "3.2.8"; pyproject = true; src = fetchFromGitHub { owner = "bridgecrewio"; repo = "checkov"; rev = "refs/tags/${version}"; - hash = "sha256-hvl29/K4qHvDiXM0Ufmi3ExMq+2JXQbSzaFYCCP0OhU="; + hash = "sha256-Hd1YOzIH6v8N/oP2cJRUv6OkgOv9aSe7nkvzpsCN3rc="; }; patches = [ diff --git a/nixpkgs/pkgs/development/tools/analysis/checkstyle/default.nix b/nixpkgs/pkgs/development/tools/analysis/checkstyle/default.nix index 0e881d29fdbb..84730b829751 100644 --- a/nixpkgs/pkgs/development/tools/analysis/checkstyle/default.nix +++ b/nixpkgs/pkgs/development/tools/analysis/checkstyle/default.nix @@ -1,12 +1,12 @@ { lib, stdenvNoCC, fetchurl, makeBinaryWrapper, jre }: stdenvNoCC.mkDerivation rec { - version = "10.12.6"; + version = "10.13.0"; pname = "checkstyle"; src = fetchurl { url = "https://github.com/checkstyle/checkstyle/releases/download/checkstyle-${version}/checkstyle-${version}-all.jar"; - sha256 = "sha256-4oxCnop4ImJs9ltDWso83EsDGeu9WrETEkQzMft5V58="; + sha256 = "sha256-VhEMyn20ubXbsDMHnNS4/E2Aeeyby3U3OV29/uXEQw4="; }; nativeBuildInputs = [ makeBinaryWrapper ]; diff --git a/nixpkgs/pkgs/development/tools/analysis/codeql/default.nix b/nixpkgs/pkgs/development/tools/analysis/codeql/default.nix index 05ee6c4019db..10634622fe5e 100644 --- a/nixpkgs/pkgs/development/tools/analysis/codeql/default.nix +++ b/nixpkgs/pkgs/development/tools/analysis/codeql/default.nix @@ -2,7 +2,7 @@ stdenv.mkDerivation rec { pname = "codeql"; - version = "2.15.5"; + version = "2.16.1"; dontConfigure = true; dontBuild = true; @@ -10,7 +10,7 @@ stdenv.mkDerivation rec { src = fetchzip { url = "https://github.com/github/codeql-cli-binaries/releases/download/v${version}/codeql.zip"; - hash = "sha256-FkiGyug8kYxiVdsnljwka4PJz5BSFVRVlOOf5pjTvM8="; + hash = "sha256-y9tSG/SxCeyFdWF6gKuPSBgfG5H2uB/XRmQkfMBdKQU="; }; nativeBuildInputs = [ diff --git a/nixpkgs/pkgs/development/tools/analysis/cppcheck/default.nix b/nixpkgs/pkgs/development/tools/analysis/cppcheck/default.nix index 1a7a1c0f4c95..0582c1d6e89a 100644 --- a/nixpkgs/pkgs/development/tools/analysis/cppcheck/default.nix +++ b/nixpkgs/pkgs/development/tools/analysis/cppcheck/default.nix @@ -14,7 +14,7 @@ stdenv.mkDerivation (finalAttrs: { pname = "cppcheck"; - version = "2.13.0"; + version = "2.13.3"; outputs = [ "out" "man" ]; @@ -22,7 +22,7 @@ stdenv.mkDerivation (finalAttrs: { owner = "danmar"; repo = "cppcheck"; rev = finalAttrs.version; - hash = "sha256-+z8mMwI4hHpE3enIriTsxZEocqifppYgjZz3UPGswIo="; + hash = "sha256-JTasjK9EkdGCTGL5Qx9uU3UBFlQzVdpTJ/v1IfzXCLE="; }; nativeBuildInputs = [ diff --git a/nixpkgs/pkgs/development/tools/analysis/flow/default.nix b/nixpkgs/pkgs/development/tools/analysis/flow/default.nix index 2f3820c555fd..21811bd668c7 100644 --- a/nixpkgs/pkgs/development/tools/analysis/flow/default.nix +++ b/nixpkgs/pkgs/development/tools/analysis/flow/default.nix @@ -2,13 +2,13 @@ stdenv.mkDerivation rec { pname = "flow"; - version = "0.226.0"; + version = "0.228.0"; src = fetchFromGitHub { owner = "facebook"; repo = "flow"; rev = "v${version}"; - hash = "sha256-mWC98FLh5m2gYFlFUjrJBeaFBuNx8fm5ojiidE7c2rU="; + hash = "sha256-JUmDnpa9hvaGBcZR+OOD9R4P06x94zAdXW1SotXlcMc="; }; postPatch = '' diff --git a/nixpkgs/pkgs/development/tools/analysis/frama-c/default.nix b/nixpkgs/pkgs/development/tools/analysis/frama-c/default.nix index 4b6cadfcfa82..1bf477cf3d16 100644 --- a/nixpkgs/pkgs/development/tools/analysis/frama-c/default.nix +++ b/nixpkgs/pkgs/development/tools/analysis/frama-c/default.nix @@ -20,7 +20,7 @@ let ppx_deriving_yojson ppx_import stdlib-shims - why3 + why3.dev re result seq @@ -45,6 +45,10 @@ stdenv.mkDerivation rec { hash = "sha256-KWEogjMOy27d0LTKOvwEkrcND+szeaG46JMZTG4XOYM="; }; + preConfigure = '' + substituteInPlace src/dune --replace " bytes " " " + ''; + postConfigure = "patchShebangs src/plugins/eva/gen-api.sh"; strictDeps = true; diff --git a/nixpkgs/pkgs/development/tools/analysis/ikos/default.nix b/nixpkgs/pkgs/development/tools/analysis/ikos/default.nix index 65d5f0e91bd8..50f4f552e0ff 100644 --- a/nixpkgs/pkgs/development/tools/analysis/ikos/default.nix +++ b/nixpkgs/pkgs/development/tools/analysis/ikos/default.nix @@ -20,10 +20,18 @@ stdenv.mkDerivation rec { hash = "sha256-scaFkUhCkIi41iR6CGPbEndzXkgqTKMb3PDNvhgVbCE="; }; - patches = fetchpatch { + patches = [ (fetchpatch { url = "https://github.com/NASA-SW-VnV/ikos/commit/2e647432427b3f0dbb639e0371d976ab6406f290.patch"; hash = "sha256-ffzjlqEp4qp76Kwl5zpyQlg/xUMt8aLDSSP4XA4ndS8="; - }; + }) + # Fix build with GCC 13 + # https://github.com/NASA-SW-VnV/ikos/pull/262 + (fetchpatch { + name = "gcc-13.patch"; + url = "https://github.com/NASA-SW-VnV/ikos/commit/73c816641fb9780f0d3b5e448510363a3cf21ce2.patch"; + hash = "sha256-bkeSAtxrL+z+6QNiGOWSg7kN8XiZqMxlJiu5Dquhca0="; + }) + ]; nativeBuildInputs = [ cmake ]; buildInputs = [ boost tbb gmp clang llvm sqlite python diff --git a/nixpkgs/pkgs/development/tools/analysis/retdec/default.nix b/nixpkgs/pkgs/development/tools/analysis/retdec/default.nix index 3cb64dbc1341..95e95bb34bab 100644 --- a/nixpkgs/pkgs/development/tools/analysis/retdec/default.nix +++ b/nixpkgs/pkgs/development/tools/analysis/retdec/default.nix @@ -2,8 +2,8 @@ , fetchFromGitHub , fetchpatch , fetchzip +, writeText , lib -, callPackage , openssl , cmake , autoconf @@ -15,131 +15,132 @@ , groff , perl , python3 +, ncurses , time , upx -, ncurses +, gtest , libffi , libxml2 , zlib -, withPEPatterns ? false +, enableTests ? true +, buildDevTools ? true +, compileYaraPatterns ? true }: let + # all dependencies that are normally fetched during build time (the subdirectories of `deps`) + # all of these need to be fetched through nix and applied via their <NAME>_URL cmake variable capstone = fetchFromGitHub { - owner = "avast-tl"; + owner = "capstone-engine"; repo = "capstone"; - rev = "27c713fe4f6eaf9721785932d850b6291a6073fe"; - sha256 = "105z1g9q7s6n15qpln9vzhlij7vj6cyc5dqdr05n7wzjvlagwgxc"; - }; - elfio = fetchFromGitHub { - owner = "avast-tl"; - repo = "elfio"; - rev = "998374baace397ea98f3b1d768e81c978b4fba41"; - sha256 = "09n34rdp0wpm8zy30zx40wkkc4gbv2k3cv181y6c1260rllwk5d1"; - }; - keystone = fetchFromGitHub { # only for tests - owner = "keystone-engine"; - repo = "keystone"; - rev = "d7ba8e378e5284e6384fc9ecd660ed5f6532e922"; - sha256 = "1yzw3v8xvxh1rysh97y0i8y9svzbglx2zbsqjhrfx18vngh0x58f"; - }; - libdwarf = fetchFromGitHub { - owner = "avast-tl"; - repo = "libdwarf"; - rev = "85465d5e235cc2d2f90d04016d6aca1a452d0e73"; - sha256 = "11y62r65py8yp57i57a4cymxispimn62by9z4j2g19hngrpsgbki"; + rev = "5.0-rc2"; + sha256 = "sha256-nB7FcgisBa8rRDS3k31BbkYB+tdqA6Qyj9hqCnFW+ME="; }; llvm = fetchFromGitHub { owner = "avast-tl"; repo = "llvm"; - rev = "725d0cee133c6ab9b95c493f05de3b08016f5c3c"; - sha256 = "0dzvafmn4qs62w1y9vh0a11clpj6q3hb41aym4izpcyybjndf9bq"; - }; - pelib = fetchFromGitHub { - owner = "avast-tl"; - repo = "pelib"; - rev = "a7004b2e80e4f6dc984f78b821e7b585a586050d"; - sha256 = "0nyrb3g749lxgcymz1j584xbb1x6rvy1mc700lyn0brznvqsm81n"; + rev = "2a1f3d8a97241c6e91710be8f84cf3cf80c03390"; + sha256 = "sha256-+v1T0VI9R92ed9ViqsfYZMJtPCjPHCr4FenoYdLuFOU="; }; - rapidjson = fetchFromGitHub { - owner = "Tencent"; - repo = "rapidjson"; - rev = "v1.1.0"; - sha256 = "1jixgb8w97l9gdh3inihz7avz7i770gy2j2irvvlyrq3wi41f5ab"; + yaracpp = fetchFromGitHub { + owner = "VirusTotal"; + repo = "yara"; + rev = "v4.2.0-rc1"; + sha256 = "sha256-WcN6ClYO2d+/MdG06RHx3kN0o0WVAY876dJiG7CwJ8w="; }; - yaracpp = callPackage ./yaracpp.nix {}; # is its own package because it needs a patch yaramod = fetchFromGitHub { - owner = "avast-tl"; + owner = "avast"; repo = "yaramod"; - rev = "v2.2.2"; - sha256 = "0cq9h4h686q9ybamisbl797g6xjy211s3cq83nixkwkigmz48ccp"; - }; - jsoncpp = fetchFromGitHub { - owner = "open-source-parsers"; - repo = "jsoncpp"; - rev = "1.8.4"; - sha256 = "1z0gj7a6jypkijmpknis04qybs1hkd04d1arr3gy89lnxmp6qzlm"; - }; - googletest = fetchFromGitHub { # only for tests - owner = "google"; - repo = "googletest"; - rev = "83fa0cb17dad47a1d905526dcdddb5b96ed189d2"; - sha256 = "1c2r0p9v7vz2vasy8bknfb448l6wsvzw35s8hmc5z013z5502mpk"; + rev = "aa06dd408c492a8f4488774caf2ee105ccc23ab5"; + sha256 = "sha256-NVDRf2U5H92EN/Ks//uxNEaeKU+sT4VL4QyyYMO+zKk="; }; - tinyxml2 = fetchFromGitHub { - owner = "leethomason"; - repo = "tinyxml2"; - rev = "cc1745b552dd12bb1297a99f82044f83b06729e0"; - sha256 = "015g8520a0c55gwmv7pfdsgfz2rpdmh3d1nq5n9bd65n35492s3q"; + keystone = fetchFromGitHub { + # only for tests + owner = "keystone-engine"; + repo = "keystone"; + rev = "d7ba8e378e5284e6384fc9ecd660ed5f6532e922"; + sha256 = "1yzw3v8xvxh1rysh97y0i8y9svzbglx2zbsqjhrfx18vngh0x58f"; }; - retdec-support = let - version = "2018-02-08"; # make sure to adjust both hashes (once with withPEPatterns=true and once withPEPatterns=false) - in fetchzip { - url = "https://github.com/avast-tl/retdec-support/releases/download/${version}/retdec-support_${version}.tar.xz"; - sha256 = if withPEPatterns then "148i8flbyj1y4kfdyzsz7jsj38k4h97npjxj18h6v4wksd4m4jm7" - else "0ixv9qyqq40pzyqy6v9jf5rxrvivjb0z0zn260nbmb9gk765bacy"; - stripRoot = false; - # Removing PE signatures reduces this from 3.8GB -> 642MB (uncompressed) - postFetch = lib.optionalString (!withPEPatterns) '' - rm -r "$out/generic/yara_patterns/static-code/pe" + retdec-support-version = "2019-03-08"; + retdec-support = + { rev = retdec-support-version; } // # for checking the version against the expected version + fetchzip { + url = "https://github.com/avast-tl/retdec-support/releases/download/${retdec-support-version}/retdec-support_${retdec-support-version}.tar.xz"; + hash = "sha256-t1tx4MfLW/lwtbO5JQ1nrFBIOeMclq+0dENuXW+ahIM="; + stripRoot = false; + }; + + check-dep = name: dep: + '' + context="$(grep ${name}_URL --after-context 1 cmake/deps.cmake)" + expected="$(echo "$context" | grep --only-matching '".*"')" + have="${dep.rev}" + + echo "checking ${name} dependency matches deps.cmake..."; + if ! echo "$expected" | grep -q "$have"; then + printf '%s\n' "${name} version does not match!" " nix: $have, expected: $expected" + false + fi ''; - } // { - inherit version; # necessary to check the version against the expected version - }; - # patch CMakeLists.txt for a dependency and compare the versions to the ones expected by upstream - # this has to be applied for every dependency (which it is in postPatch) - patchDep = dep: '' - # check if our version of dep is the same version that upstream expects - echo "Checking version of ${dep.dep_name}" - expected_rev="$( sed -n -e 's|.*URL https://github.com/.*/archive/\(.*\)\.zip.*|\1|p' "deps/${dep.dep_name}/CMakeLists.txt" )" - if [ "$expected_rev" != '${dep.rev}' ]; then - echo "The ${dep.dep_name} dependency has the wrong version: ${dep.rev} while $expected_rev is expected." - exit 1 - fi - - # patch the CMakeLists.txt file to use our local copy of the dependency instead of fetching it at build time - sed -i -e 's|URL .*|URL ${dep}|' "deps/${dep.dep_name}/CMakeLists.txt" - ''; + deps = { + CAPSTONE = capstone; + LLVM = llvm; + YARA = yaracpp; + YARAMOD = yaramod; + SUPPORT_PKG = retdec-support; + } // lib.optionalAttrs enableTests { + KEYSTONE = keystone; + # nixpkgs googletest is used + # GOOGLETEST = googletest; + }; -in stdenv.mkDerivation rec { + # overwrite install-share.py to copy instead of download. + # we use this so the copy happens at the right time in the build, + # otherwise, the build process cleans the directory. + install-share = + writeText + "install-share.py" + '' + import os, sys, shutil, subprocess + + install_path, arch_url, sha256hash_ref, version = sys.argv[1:] + support_dir = os.path.join(install_path, 'share', 'retdec', 'support') + + assert os.path.isdir(arch_url), "nix install-share.py expects a path for support url" + + os.makedirs(support_dir, exist_ok=True) + shutil.copytree(arch_url, support_dir, dirs_exist_ok=True) + subprocess.check_call(['chmod', '-R', 'u+w', support_dir]) + ''; +in +stdenv.mkDerivation (self: { pname = "retdec"; - # If you update this you will also need to adjust the versions of the updated dependencies. You can do this by first just updating retdec - # itself and trying to build it. The build should fail and tell you which dependencies you have to upgrade to which versions. + # If you update this you will also need to adjust the versions of the updated dependencies. # I've notified upstream about this problem here: # https://github.com/avast-tl/retdec/issues/412 - # gcc is pinned to gcc8 in all-packages.nix. That should probably be re-evaluated on update. - version = "3.2"; + # + # The dependencies and their sources are listed in this file: + # https://github.com/avast/retdec/blob/master/cmake/deps.cmake + version = "5.0"; src = fetchFromGitHub { - owner = "avast-tl"; - repo = pname; - rev = "refs/tags/v${version}"; - sha256 = "0chky656lsddn20bnm3pmz6ix20y4a0y8swwr42hrhi01vkhmzrp"; + owner = "avast"; + repo = "retdec"; + rev = "refs/tags/v${self.version}"; + sha256 = "sha256-H4e+aSgdBBbG6X6DzHGiDEIASPwBVNVsfHyeBTQLAKI="; }; + patches = [ + # gcc 13 compatibility: https://github.com/avast/retdec/pull/1153 + (fetchpatch { + url = "https://github.com/avast/retdec/commit/dbaab2c3d17b1eae22c581e8ab6bfefadf4ef6ae.patch"; + hash = "sha256-YqHYPGAGWT4x6C+CpsOSsOIZ+NPM2FBQtGQFs74OUIQ="; + }) + ]; + nativeBuildInputs = [ cmake autoconf @@ -159,64 +160,66 @@ in stdenv.mkDerivation rec { libffi libxml2 zlib - ]; + ] ++ lib.optional self.doInstallCheck gtest; cmakeFlags = [ - "-DRETDEC_TESTS=ON" # build tests - ]; - - # all dependencies that are normally fetched during build time (the subdirectories of `deps`) - # all of these need to be fetched through nix and the CMakeLists files need to be patched not to fetch them themselves - external_deps = [ - (capstone // { dep_name = "capstone"; }) - (elfio // { dep_name = "elfio"; }) - (googletest // { dep_name = "googletest"; }) - (jsoncpp // { dep_name = "jsoncpp"; }) - (keystone // { dep_name = "keystone"; }) - (libdwarf // { dep_name = "libdwarf"; }) - (llvm // { dep_name = "llvm"; }) - (pelib // { dep_name = "pelib"; }) - (rapidjson // { dep_name = "rapidjson"; }) - (tinyxml2 // { dep_name = "tinyxml2"; }) - (yaracpp // { dep_name = "yaracpp"; }) - (yaramod // { dep_name = "yaramod"; }) - ]; - - # Use newer yaramod to fix w/bison 3.2+ - patches = [ - # 2.1.2 -> 2.2.1 - (fetchpatch { - url = "https://github.com/avast-tl/retdec/commit/c9d23da1c6e23c149ed684c6becd3f3828fb4a55.patch"; - sha256 = "0hdq634f72fihdy10nx2ajbps561w03dfdsy5r35afv9fapla6mv"; - }) - # 2.2.1 -> 2.2.2 - (fetchpatch { - url = "https://github.com/avast-tl/retdec/commit/fb85f00754b5d13b781385651db557741679721e.patch"; - sha256 = "0a8mwmwb39pr5ag3q11nv81ncdk51shndqrkm92shqrmdq14va52"; - }) - ]; - - postPatch = (lib.concatMapStrings patchDep external_deps) + '' - # install retdec-support - echo "Checking version of retdec-support" - expected_version="$( sed -n -e "s|^version = '\(.*\)'$|\1|p" 'cmake/install-share.py' )" - if [ "$expected_version" != '${retdec-support.version}' ]; then - echo "The retdec-support dependency has the wrong version: ${retdec-support.version} while $expected_version is expected." - exit 1 - fi - mkdir -p "$out/share/retdec" - cp -r ${retdec-support} "$out/share/retdec/support" # write permission needed during install - chmod -R u+w "$out/share/retdec/support" - # python file originally responsible for fetching the retdec-support archive to $out/share/retdec - # that is not necessary anymore, so empty the file - echo > cmake/install-share.py - - # call correct `time` and `upx` programs - substituteInPlace scripts/retdec-config.py --replace /usr/bin/time ${time}/bin/time - substituteInPlace scripts/retdec-unpacker.py --replace "'upx'" "'${upx}/bin/upx'" - ''; + (lib.cmakeBool "RETDEC_TESTS" self.doInstallCheck) # build tests + (lib.cmakeBool "RETDEC_DEV_TOOLS" buildDevTools) # build tools e.g. capstone2llvmir, retdectool + (lib.cmakeBool "RETDEC_COMPILE_YARA" compileYaraPatterns) # build and install compiled patterns + ] ++ lib.mapAttrsToList (k: v: lib.cmakeFeature "${k}_URL" "${v}") deps; + + preConfigure = + lib.concatStringsSep "\n" (lib.mapAttrsToList check-dep deps) + + + '' + cp -v ${install-share} ./support/install-share.py + + # the CMakeLists assume CMAKE_INSTALL_BINDIR, etc are path components but in Nix, they are absolute. + # therefore, we need to remove the unnecessary CMAKE_INSTALL_PREFIX prepend. + substituteInPlace ./CMakeLists.txt \ + --replace-warn "''$"{CMAKE_INSTALL_PREFIX}/"''$"{RETDEC_INSTALL_BIN_DIR} "''$"{CMAKE_INSTALL_FULL_BINDIR} \ + --replace-warn "''$"{CMAKE_INSTALL_PREFIX}/"''$"{RETDEC_INSTALL_LIB_DIR} "''$"{CMAKE_INSTALL_FULL_LIBDIR} \ + + # --replace "''$"{CMAKE_INSTALL_PREFIX}/"''$"{RETDEC_INSTALL_SUPPORT_DIR} "''$"{RETDEC_INSTALL_SUPPORT_DIR} + # note! Nix does not set CMAKE_INSTALL_DATADIR to an absolute path, so this replacement would be incorrect + + # similarly for yaramod. here, we fix the LIBDIR to lib64. for whatever reason, only "lib64" works. + substituteInPlace deps/yaramod/CMakeLists.txt \ + --replace-fail "''$"{YARAMOD_INSTALL_DIR}/"''$"{CMAKE_INSTALL_LIBDIR} "''$"{YARAMOD_INSTALL_DIR}/lib64 \ + --replace-fail CMAKE_ARGS 'CMAKE_ARGS -DCMAKE_INSTALL_LIBDIR=lib64' + + # yara needs write permissions in the generated source directory. + echo ${lib.escapeShellArg '' + ExternalProject_Add_Step( + yara chmod WORKING_DIRECTORY ''${YARA_DIR} + DEPENDEES download COMMAND chmod -R u+w . + ) + ''} >> deps/yara/CMakeLists.txt + + # patch gtest to use the system package + gtest=deps/googletest/CMakeLists.txt + old="$(cat $gtest)" + (echo 'find_package(GTest REQUIRED)'; echo "$old") > $gtest + sed -i 's/ExternalProject_[^(]\+[(]/ set(IGNORED /g' $gtest + + substituteInPlace $gtest \ + --replace-fail '$'{GTEST_LIB} "GTest::gtest"\ + --replace-fail '$'{GMOCK_LIB} "GTest::gmock"\ + --replace-fail '$'{GTEST_MAIN_LIB} "GTest::gtest_main"\ + --replace-fail '$'{GMOCK_MAIN_LIB} "GTest::gmock_main" + + # without git history, there is no chance these tests will pass. + substituteInPlace tests/utils/version_tests.cpp \ + --replace-quiet VersionTests DISABLED_VersionTests + + substituteInPlace scripts/retdec-utils.py \ + --replace-warn /usr/bin/time ${time} \ + --replace-warn /usr/local/bin/gtime ${time} + substituteInPlace scripts/retdec-unpacker.py \ + --replace-warn "'upx'" "'${upx}'" + ''; - doInstallCheck = true; + doInstallCheck = enableTests; installCheckPhase = '' ${python3.interpreter} "$out/bin/retdec-tests-runner.py" @@ -227,7 +230,7 @@ in stdenv.mkDerivation rec { description = "A retargetable machine-code decompiler based on LLVM"; homepage = "https://retdec.com"; license = licenses.mit; - maintainers = with maintainers; [ dtzWill timokau ]; - platforms = ["x86_64-linux" "i686-linux"]; + maintainers = with maintainers; [ dtzWill katrinafyi ]; + platforms = [ "x86_64-linux" ]; }; -} +}) diff --git a/nixpkgs/pkgs/development/tools/analysis/retdec/yaracpp.nix b/nixpkgs/pkgs/development/tools/analysis/retdec/yaracpp.nix deleted file mode 100644 index c8bc4ed747b3..000000000000 --- a/nixpkgs/pkgs/development/tools/analysis/retdec/yaracpp.nix +++ /dev/null @@ -1,49 +0,0 @@ -{ stdenv -, fetchFromGitHub -, coreutils -}: - -let - yara = fetchFromGitHub { - owner = "avast-tl"; - repo = "yara"; - rev = "ea101c5856941f39cad2db3012f2660d1d5c8b65"; - sha256 = "033ssx2hql5k4pv9si043s3mjq2b748ymjzif8pg6rdwh260faky"; - }; -in stdenv.mkDerivation rec { - # only fetches the yaracpp source patched to work with a local yara clone, - # does not build anything - pname = "yaracpp-src"; - version = "2018-10-09"; - rev = "b92bde0e59e3b75bc445227e04b71105771dee8b"; # as specified in retdec/deps/yaracpp/CMakeLists.txt - - src = fetchFromGitHub { - inherit rev; - owner = "avast-tl"; - repo = "yaracpp"; - sha256 = "0fan7q79j7s3bjmhsd2nw6sqyi14xgikn7mr2p4nj87lick5l4a2"; - }; - - postPatch = '' - # check if our version of yara is the same version that upstream expects - echo "Checking version of yara" - expected_rev="$( sed -n -e 's|.*URL https://github.com/.*/archive/\(.*\)\.zip.*|\1|p' "deps/CMakeLists.txt" )" - if [ "$expected_rev" != '${yara.rev}' ]; then - echo "The yara dependency has the wrong version: ${yara.rev} while $expected_rev is expected." - exit 1 - fi - - # patch the CMakeLists.txt file to use our local copy of the dependency instead of fetching it at build time - sed -i -e "s|URL .*|URL ${yara}|" "deps/CMakeLists.txt" - - # abuse the CONFIGURE_COMMAND to make the source writeable after copying it to the build locatoin (necessary for the build) - sed -i -e 's|CONFIGURE_COMMAND ""|CONFIGURE_COMMAND COMMAND ${coreutils}/bin/chmod -R u+w .|' "deps/CMakeLists.txt" - ''; - - buildPhase = "# do nothing"; - configurePhase = "# do nothing"; - installPhase = '' - mkdir -p "$out" - cp -r * "$out" - ''; -} diff --git a/nixpkgs/pkgs/development/tools/analysis/snyk/default.nix b/nixpkgs/pkgs/development/tools/analysis/snyk/default.nix index 3d8a82b59b5b..fc5db92cb161 100644 --- a/nixpkgs/pkgs/development/tools/analysis/snyk/default.nix +++ b/nixpkgs/pkgs/development/tools/analysis/snyk/default.nix @@ -2,16 +2,16 @@ buildNpmPackage rec { pname = "snyk"; - version = "1.1269.0"; + version = "1.1276.0"; src = fetchFromGitHub { owner = "snyk"; repo = "cli"; rev = "v${version}"; - hash = "sha256-jFaWkit96mIBCIYVOYoa5qNOP+fzmzwoi5bFgpi8JHM="; + hash = "sha256-l5Xx6z3NbtwdtKe8MmRWTJoKaEH3AZjHKXqoLv3rHfU="; }; - npmDepsHash = "sha256-GCWpNFDfvpZrMLy8S7q1V0bzngL0fe0gZeMx+MbHOKU="; + npmDepsHash = "sha256-FJGxCEhBADH4c1khJaVFHL4e25Mq4PHrez+2NPFBx0w="; postPatch = '' substituteInPlace package.json --replace '"version": "1.0.0-monorepo"' '"version": "${version}"' diff --git a/nixpkgs/pkgs/development/tools/analysis/stylelint/default.nix b/nixpkgs/pkgs/development/tools/analysis/stylelint/default.nix index f410359d06e0..23afd1aff86e 100644 --- a/nixpkgs/pkgs/development/tools/analysis/stylelint/default.nix +++ b/nixpkgs/pkgs/development/tools/analysis/stylelint/default.nix @@ -2,16 +2,16 @@ buildNpmPackage rec { pname = "stylelint"; - version = "16.1.0"; + version = "16.2.1"; src = fetchFromGitHub { owner = "stylelint"; repo = "stylelint"; rev = version; - hash = "sha256-r6FSPMOvx0SI8u2qqk/ALmlSMCcCb3JlAHEawdGoERw="; + hash = "sha256-ncJ5oCXe23+an2nFOafMEypFUkwRVW3hZf5pWCKkBNE="; }; - npmDepsHash = "sha256-SHZ7nB4//8IAc8ApmmHbeWi954Za6Ryv+bYuHnZ3Ef0="; + npmDepsHash = "sha256-0+jrfXoM6yqkd43lot3JPB+HBTz3XXzqAulGketRsxU="; dontNpmBuild = true; diff --git a/nixpkgs/pkgs/development/tools/analysis/tflint/default.nix b/nixpkgs/pkgs/development/tools/analysis/tflint/default.nix index afdd4fe022b5..e59d0ad11d0f 100644 --- a/nixpkgs/pkgs/development/tools/analysis/tflint/default.nix +++ b/nixpkgs/pkgs/development/tools/analysis/tflint/default.nix @@ -10,16 +10,16 @@ buildGoModule rec { pname = "tflint"; - version = "0.50.1"; + version = "0.50.3"; src = fetchFromGitHub { owner = "terraform-linters"; repo = pname; rev = "v${version}"; - hash = "sha256-r/mVLgJudHyNvQa9H9pQ1qhiFx11RikIg4IIz5tC6Us="; + hash = "sha256-PfPynSPuMhiyQW9f6HY2WDNlmtltU4xOo0A88I/bCuI="; }; - vendorHash = "sha256-iyJx5dp+NYbaJhZL67ZjFd28ms3vyF38z9P8qJscryQ="; + vendorHash = "sha256-HjvEbEfPVeqAVmVKCJHYPSZjZc19DV1HDaz/HcBJAUg="; doCheck = false; |