Merge remote-tracking branch 'NixOS/master' into staging

5 files changed, 190 insertions, 13 deletions

diff --git a/pkgs/build-support/build-bazel-package/default.nix b/pkgs/build-support/build-bazel-package/default.nix
index 28247bac1021..931b68c6329f 100644
--- a/pkgs/build-support/build-bazel-package/default.nix
+++ b/pkgs/build-support/build-bazel-package/default.nix
@@ -1,4 +1,4 @@
-{ stdenv, bazel, enableNixHacks ? true }:
+{ stdenv, bazel, cacert, enableNixHacks ? true }:
 
 args@{ name, bazelFlags ? [], bazelTarget, buildAttrs, fetchAttrs, ... }:
 
@@ -20,6 +20,8 @@ in stdenv.mkDerivation (fBuildAttrs // {
       export bazelOut="$(echo ''${NIX_BUILD_TOP}/output | sed -e 's,//,/,g')"
       export bazelUserRoot="$(echo ''${NIX_BUILD_TOP}/tmp | sed -e 's,//,/,g')"
       export HOME="$NIX_BUILD_TOP"
+      # This is needed for git_repository with https remotes
+      export GIT_SSL_CAINFO="${cacert}/etc/ssl/certs/ca-bundle.crt"
     '';
 
     buildPhase = fFetchAttrs.buildPhase or ''
diff --git a/pkgs/build-support/docker/default.nix b/pkgs/build-support/docker/default.nix
index 372c567a7e75..ef17a3f4e58a 100644
--- a/pkgs/build-support/docker/default.nix
+++ b/pkgs/build-support/docker/default.nix
@@ -783,7 +783,7 @@ rec {
         imageJson=$(cat ${baseJson} | jq ". + {\"rootfs\": {\"diff_ids\": [], \"type\": \"layers\"}}")
         manifestJson=$(jq -n "[{\"RepoTags\":[\"$imageName:$imageTag\"]}]")
 
-        for layerTar in $(cat ./layer-list); do
+        for layerTar in $(tac ./layer-list); do
           layerChecksum=$(sha256sum image/$layerTar | cut -d ' ' -f1)
           imageJson=$(echo "$imageJson" | jq ".history |= [{\"created\": \"$(jq -r .created ${baseJson})\"}] + .")
           imageJson=$(echo "$imageJson" | jq ".rootfs.diff_ids |= [\"sha256:$layerChecksum\"] + .")
diff --git a/pkgs/build-support/fetchurl/mirrors.nix b/pkgs/build-support/fetchurl/mirrors.nix
index eccfe1964acf..404c744eea2a 100644
--- a/pkgs/build-support/fetchurl/mirrors.nix
+++ b/pkgs/build-support/fetchurl/mirrors.nix
@@ -44,6 +44,8 @@ rec {
 
   # GCC.
   gcc = [
+    https://bigsearcher.com/mirrors/gcc/
+    http://mirror.koddos.net/gcc/
     ftp://ftp.nluug.nl/mirror/languages/gcc/
     ftp://ftp.fu-berlin.de/unix/languages/gcc/
     ftp://ftp.irisa.fr/pub/mirrors/gcc.gnu.org/gcc/
diff --git a/pkgs/build-support/nix-gitignore/default.nix b/pkgs/build-support/nix-gitignore/default.nix
new file mode 100644
index 000000000000..28ee6bad5540
--- /dev/null
+++ b/pkgs/build-support/nix-gitignore/default.nix
@@ -0,0 +1,178 @@
+# https://github.com/siers/nix-gitignore/
+
+{ lib, runCommand }:
+
+# An interesting bit from the gitignore(5):
+# - A slash followed by two consecutive asterisks then a slash matches
+# - zero or more directories. For example, "a/**/b" matches "a/b",
+# - "a/x/b", "a/x/y/b" and so on.
+
+with builtins;
+
+let
+  debug = a: trace a a;
+  last = l: elemAt l ((length l) - 1);
+
+  throwIfOldNix = let required = "2.0"; in
+    if compareVersions nixVersion required == -1
+    then throw "nix (v${nixVersion} =< v${required}) is too old for nix-gitignore"
+    else true;
+in rec {
+  # [["good/relative/source/file" true] ["bad.tmpfile" false]] -> root -> path
+  filterPattern = patterns: root:
+    (name: _type:
+      let
+        relPath = lib.removePrefix ((toString root) + "/") name;
+        matches = pair: (match (head pair) relPath) != null;
+        matched = map (pair: [(matches pair) (last pair)]) patterns;
+      in
+        last (last ([[true true]] ++ (filter head matched)))
+    );
+
+  # string -> [[regex bool]]
+  gitignoreToPatterns = gitignore:
+    assert throwIfOldNix;
+    let
+      # ignore -> bool
+      isComment = i: (match "^(#.*|$)" i) != null;
+
+      # ignore -> [ignore bool]
+      computeNegation = l:
+        let split = match "^(!?)(.*)" l;
+        in [(elemAt split 1) (head split == "!")];
+
+      # ignore -> regex
+      substWildcards =
+        let
+          special = "^$.+{}()";
+          escs = "\\*?";
+          splitString =
+            let recurse = str : [(substring 0 1 str)] ++
+                                 (if str == "" then [] else (recurse (substring 1 (stringLength(str)) str) ));
+            in str : recurse str;
+          chars = s: filter (c: c != "" && !isList c) (splitString s);
+          escape = s: map (c: "\\" + c) (chars s);
+        in
+          replaceStrings
+            ((chars special)  ++ (escape escs) ++ ["**/"    "**" "*"     "?"])
+            ((escape special) ++ (escape escs) ++ ["(.*/)?" ".*" "[^/]*" "[^/]"]);
+
+      # (regex -> regex) -> regex -> regex
+      mapAroundCharclass = f: r: # rl = regex or list
+        let slightFix = replaceStrings ["\\]"] ["]"];
+        in
+          concatStringsSep ""
+          (map (rl: if isList rl then slightFix (elemAt rl 0) else f rl)
+          (split "(\\[([^\\\\]|\\\\.)+])" r));
+
+      # regex -> regex
+      handleSlashPrefix = l:
+        let
+          split = (match "^(/?)(.*)" l);
+          findSlash = l: if (match ".+/.+" l) != null then "" else l;
+          hasSlash = mapAroundCharclass findSlash l != l;
+        in
+          (if (elemAt split 0) == "/" || hasSlash
+          then "^"
+          else "(^|.*/)"
+          ) + (elemAt split 1);
+
+      # regex -> regex
+      handleSlashSuffix = l:
+        let split = (match "^(.*)/$" l);
+        in if split != null then (elemAt split 0) + "($|/.*)" else l;
+
+      # (regex -> regex) -> [regex, bool] -> [regex, bool]
+      mapPat = f: l: [(f (head l)) (last l)];
+    in
+      map (l: # `l' for "line"
+        mapPat (l: handleSlashSuffix (handleSlashPrefix (mapAroundCharclass substWildcards l)))
+        (computeNegation l))
+      (filter (l: !isList l && !isComment l)
+      (split "\n" gitignore));
+
+  gitignoreFilter = ign: root: filterPattern (gitignoreToPatterns ign) root;
+
+  # string|[string|file] (→ [string|file] → [string]) -> string
+  gitignoreCompileIgnore = file_str_patterns: root:
+    let
+      onPath = f: a: if typeOf a == "path" then f a else a;
+      str_patterns = map (onPath readFile) (lib.toList file_str_patterns);
+    in concatStringsSep "\n" str_patterns;
+
+  gitignoreFilterPure = filter: patterns: root: name: type:
+    gitignoreFilter (gitignoreCompileIgnore patterns root) root name type
+    && filter name type;
+
+  # This is a very hacky way of programming this!
+  # A better way would be to reuse existing filtering by making multiple gitignore functions per each root.
+  # Then for each file find the set of roots with gitignores (and functions).
+  # This would make gitignoreFilterSource very different from gitignoreFilterPure.
+  # rootPath → gitignoresConcatenated
+  compileRecursiveGitignore = root:
+    let
+      dirOrIgnore = file: type: baseNameOf file == ".gitignore" || type == "directory";
+      ignores = builtins.filterSource dirOrIgnore root;
+    in readFile (
+      runCommand "${baseNameOf root}-recursive-gitignore" {} ''
+        cd ${ignores}
+
+        find -type f -exec sh -c '
+          rel="$(realpath --relative-to=. "$(dirname "$1")")/"
+          if [ "$rel" = "./" ]; then rel=""; fi
+
+          awk -v prefix="$rel" -v root="$1" -v top="$(test -z "$rel" && echo 1)" "
+            BEGIN { print \"# \"root }
+
+            /^!?[^\\/]+\/?$/ {
+              match(\$0, /^!?/, negation)
+              sub(/^!?/, \"\")
+
+              if (top) { middle = \"\" } else { middle = \"**/\" }
+
+              print negation[0] prefix middle \$0
+            }
+
+            /^!?(\\/|.*\\/.+$)/ {
+              match(\$0, /^!?/, negation)
+              sub(/^!?/, \"\")
+
+              if (!top) sub(/^\//, \"\")
+
+              print negation[0] prefix \$0
+            }
+
+            END { print \"\" }
+          " "$1"
+        ' sh {} \; > $out
+      '');
+
+  withGitignoreFile = patterns: root:
+    lib.toList patterns ++ [(root + "/.gitignore")];
+
+  withRecursiveGitignoreFile = patterns: root:
+    lib.toList patterns ++ [(compileRecursiveGitignore root)];
+
+  # filterSource derivatives
+
+  gitignoreFilterSourcePure = filter: patterns: root:
+    filterSource (gitignoreFilterPure filter patterns root) root;
+
+  gitignoreFilterSource = filter: patterns: root:
+    gitignoreFilterSourcePure filter (withGitignoreFile patterns root) root;
+
+  gitignoreFilterRecursiveSource = filter: patterns: root:
+    gitignoreFilterSourcePure filter (withRecursiveGitignoreFile patterns root) root;
+
+  # "Filter"-less alternatives
+
+  gitignoreSourcePure = gitignoreFilterSourcePure (_: _: true);
+  gitignoreSource = patterns: let type = typeOf patterns; in
+    if (type == "string" && pathExists patterns) || type == "path"
+    then throw
+      "type error in gitignoreSource(patterns -> source -> path), "
+      "use [] or \"\" if there are no additional patterns"
+    else gitignoreFilterSource (_: _: true) patterns;
+
+  gitignoreRecursiveSource = gitignoreFilterSourcePure (_: _: true);
+}
diff --git a/pkgs/build-support/singularity-tools/default.nix b/pkgs/build-support/singularity-tools/default.nix
index f9b4c8a7fd35..4206b0f33ff9 100644
--- a/pkgs/build-support/singularity-tools/default.nix
+++ b/pkgs/build-support/singularity-tools/default.nix
@@ -87,19 +87,14 @@ rec {
             # Create runScript
             ln -s ${runScriptFile} singularity
 
-            # Size calculation
-            cd ..
-            umount disk
-            size=$(resize2fs -P /dev/${vmTools.hd} | awk '{print $NF}')
-            mount /dev/${vmTools.hd} disk
-            cd disk
+            # Fill out .singularity.d
+            mkdir -p .singularity.d/env
+            touch .singularity.d/env/94-appsbase.sh
 
-            export PATH=$PATH:${e2fsprogs}/bin/
-            echo creating
-            singularity image.create -s $((1 + size * 4 / 1024 + ${toString extraSpace})) $out
-            echo importing
+            cd ..
             mkdir -p /var/singularity/mnt/{container,final,overlay,session,source}
-            tar -c . | singularity image.import $out
+            echo "root:x:0:0:System administrator:/root:/bin/sh" > /etc/passwd
+            singularity build $out ./disk
           '');
 
     in result;