diff options
| author | Robin Gloster <mail@glob.in> | 2016-04-18 13:00:40 +0000 |
|---|---|---|
| committer | Robin Gloster <mail@glob.in> | 2016-04-18 13:49:22 +0000 |
| commit | d020caa5b2eca90ea051403fbb4c52b99ee071b9 (patch) | |
| tree | ba44ef1e784bca89e0df6b249956fd035b1d86e3 /pkgs/tools/networking | |
| parent | 3e68106afd95df012ddb548575f0133681687a90 (diff) | |
| parent | 0729f606973870c03d21bb2f21b70d91216943ca (diff) | |
| download | nixlib-d020caa5b2eca90ea051403fbb4c52b99ee071b9.tar nixlib-d020caa5b2eca90ea051403fbb4c52b99ee071b9.tar.gz nixlib-d020caa5b2eca90ea051403fbb4c52b99ee071b9.tar.bz2 nixlib-d020caa5b2eca90ea051403fbb4c52b99ee071b9.tar.lz nixlib-d020caa5b2eca90ea051403fbb4c52b99ee071b9.tar.xz nixlib-d020caa5b2eca90ea051403fbb4c52b99ee071b9.tar.zst nixlib-d020caa5b2eca90ea051403fbb4c52b99ee071b9.zip | |
Merge remote-tracking branch 'upstream/master' into hardened-stdenv
Diffstat (limited to 'pkgs/tools/networking')
31 files changed, 134 insertions, 55 deletions
diff --git a/pkgs/tools/networking/aria2/default.nix b/pkgs/tools/networking/aria2/default.nix index 8cb6172d87b6..189be8be9e26 100644 --- a/pkgs/tools/networking/aria2/default.nix +++ b/pkgs/tools/networking/aria2/default.nix @@ -5,11 +5,11 @@ stdenv.mkDerivation rec { name = "aria2-${version}"; - version = "1.20.0"; + version = "1.21.0"; src = fetchurl { url = "https://github.com/tatsuhiro-t/aria2/releases/download/release-${version}/${name}.tar.xz"; - sha256 = "1l4gzz3yr0cl6a9xdy7843c5sb7afyq0i80wi2hasfpfdx5k95mz"; + sha256 = "1035rzx9y7qv4p7cv04f461343dxha7ikprch059x2fci8n5yp12"; }; nativeBuildInputs = [ pkgconfig ]; diff --git a/pkgs/tools/networking/cjdns/default.nix b/pkgs/tools/networking/cjdns/default.nix index 906ca5f39dd3..32cf5750c6a4 100644 --- a/pkgs/tools/networking/cjdns/default.nix +++ b/pkgs/tools/networking/cjdns/default.nix @@ -1,28 +1,23 @@ -{ stdenv, fetchFromGitHub, nodejs, which, python27, utillinux }: +{ stdenv, fetchurl, nodejs, which, python27, utillinux }: -let - version = "16"; # see ${src}/util/version/Version.h - date = "20150509"; -in +let version = "17.3"; in stdenv.mkDerivation { - name = "cjdns-${version}-${date}"; + name = "cjdns-"+version; - src = fetchFromGitHub { - owner = "cjdelisle"; - repo = "cjdns"; - rev = "a05ade40dc31caebaf3aa770aac3ab2ecb02d867"; - sha256 = "07vwsw5d0sdxypl187cyzzdrv0chf4yyjxcymf847afkfr249n29"; + src = fetchurl { + url = "https://github.com/cjdelisle/cjdns/archive/cjdns-v${version}.tar.gz"; + sha256 = "00p62y7b89y3piirpj27crprji8nh0zv7zh4mcqhzh6r39jxz4ri"; }; buildInputs = [ which python27 nodejs ] ++ # for flock - stdenv.lib.optional stdenv.isLinux [ utillinux ]; + stdenv.lib.optional stdenv.isLinux utillinux; buildPhase = stdenv.lib.optionalString stdenv.isArm "Seccomp_NO=1 " + "bash do"; installPhase = '' - installBin cjdroute makekeys privatetopublic publictoip6 + install -Dt "$out/bin/" cjdroute makekeys privatetopublic publictoip6 sed -i 's,/usr/bin/env node,'$(type -P node), \ $(find contrib -name "*.js") sed -i 's,/usr/bin/env python,'$(type -P python), \ @@ -35,7 +30,7 @@ stdenv.mkDerivation { homepage = https://github.com/cjdelisle/cjdns; description = "Encrypted networking for regular people"; license = licenses.gpl3; - maintainers = with maintainers; [ viric ehmry ]; + maintainers = with maintainers; [ ehmry ]; platforms = platforms.unix; }; } diff --git a/pkgs/tools/networking/cmst/default.nix b/pkgs/tools/networking/cmst/default.nix index 24010e20f374..5c8b801dbbe3 100644 --- a/pkgs/tools/networking/cmst/default.nix +++ b/pkgs/tools/networking/cmst/default.nix @@ -13,6 +13,7 @@ stdenv.mkDerivation rec { buildInputs = [ qtbase makeWrapper ]; configurePhase = '' + runHook preConfigure substituteInPlace ./cmst.pro \ --replace "/usr/bin" "$out/bin" \ --replace "/usr/share" "$out/usr/share" @@ -28,11 +29,14 @@ stdenv.mkDerivation rec { substituteInPlace ./apps/rootapp/rootapp.pro \ --replace "/etc" "$out/etc" \ --replace "/usr/share" "$out/share" + runHook postConfigure ''; buildPhase = '' + runHook preBuild qmake PREFIX=$out make + runHook postBuild ''; postInstall = '' diff --git a/pkgs/tools/networking/curl/default.nix b/pkgs/tools/networking/curl/default.nix index c59ea619942d..6008afa27872 100644 --- a/pkgs/tools/networking/curl/default.nix +++ b/pkgs/tools/networking/curl/default.nix @@ -25,6 +25,8 @@ stdenv.mkDerivation rec { sha256 = "13z9gba3q2ybp50z0gdkzhwcx9m0i7qkvm278yz4pql2jfml7inx"; }; + outputs = [ "dev" "out" "bin" "man" "docdev" ]; + nativeBuildInputs = [ pkgconfig perl ]; # Zlib and OpenSSL must be propagated because `libcurl.la' contains @@ -62,6 +64,11 @@ stdenv.mkDerivation rec { CXX = "g++"; CXXCPP = "g++ -E"; + postInstall = '' + moveToOutput bin/curl-config "$dev" + sed '/^dependency_libs/s|${libssh2.dev}|${libssh2.out}|' -i "$out"/lib/*.la + ''; + crossAttrs = { # We should refer to the cross built openssl # For the 'urandom', maybe it should be a cross-system option diff --git a/pkgs/tools/networking/dnscrypt-proxy/default.nix b/pkgs/tools/networking/dnscrypt-proxy/default.nix index 565a83047efe..23f081c8be35 100644 --- a/pkgs/tools/networking/dnscrypt-proxy/default.nix +++ b/pkgs/tools/networking/dnscrypt-proxy/default.nix @@ -19,6 +19,8 @@ stdenv.mkDerivation rec { buildInputs = [ libsodium ] ++ optional stdenv.isLinux systemd; + outputs = [ "out" "man" ]; + meta = { description = "A tool for securing communications between a client and a DNS resolver"; homepage = https://dnscrypt.org/; diff --git a/pkgs/tools/networking/easyrsa/2.x.nix b/pkgs/tools/networking/easyrsa/2.x.nix index e49c32aac704..493243cf81c8 100644 --- a/pkgs/tools/networking/easyrsa/2.x.nix +++ b/pkgs/tools/networking/easyrsa/2.x.nix @@ -30,7 +30,7 @@ stdenv.mkDerivation rec { for prog in $(find "$out/share/easy-rsa" -executable -type f); do makeWrapper "$prog" "$out/bin/$(basename $prog)" \ --set EASY_RSA "$out/share/easy-rsa" \ - --set OPENSSL "${openssl}/bin/openssl" \ + --set OPENSSL "${openssl.bin}/bin/openssl" \ --set GREP "${gnugrep}/bin/grep" done sed -i "/EASY_RSA=\|OPENSSL=\|GREP=/d" $out/share/easy-rsa/vars diff --git a/pkgs/tools/networking/easyrsa/default.nix b/pkgs/tools/networking/easyrsa/default.nix index 2b41f8ca1d3c..59d97a4a18b6 100644 --- a/pkgs/tools/networking/easyrsa/default.nix +++ b/pkgs/tools/networking/easyrsa/default.nix @@ -20,7 +20,7 @@ in stdenv.mkDerivation rec { install -D -m755 easyrsa3/easyrsa $out/bin/easyrsa substituteInPlace $out/bin/easyrsa \ --subst-var out \ - --subst-var-by openssl ${openssl}/bin/openssl + --subst-var-by openssl ${openssl.bin}/bin/openssl # Helper utility cat > $out/bin/easyrsa-init <<EOF diff --git a/pkgs/tools/networking/gupnp-tools/default.nix b/pkgs/tools/networking/gupnp-tools/default.nix index af6eff5c31e9..f846a711aa4a 100644 --- a/pkgs/tools/networking/gupnp-tools/default.nix +++ b/pkgs/tools/networking/gupnp-tools/default.nix @@ -15,7 +15,7 @@ stdenv.mkDerivation rec { postInstall = '' for program in gupnp-av-cp gupnp-universal-cp; do wrapProgram "$out/bin/$program" \ - --prefix XDG_DATA_DIRS : "${gtk3}/share:${gnome3.gnome_themes_standard}/share:${gnome2.gnome_icon_theme}/share:$out/share" + --prefix XDG_DATA_DIRS : "${gtk3.out}/share:${gnome3.gnome_themes_standard}/share:${gnome2.gnome_icon_theme}/share:$out/share" done ''; diff --git a/pkgs/tools/networking/i2p/default.nix b/pkgs/tools/networking/i2p/default.nix index b1bfeb215f68..dbb85f386354 100644 --- a/pkgs/tools/networking/i2p/default.nix +++ b/pkgs/tools/networking/i2p/default.nix @@ -1,10 +1,10 @@ { stdenv, procps, coreutils, fetchurl, jdk, jre, ant, gettext, which }: stdenv.mkDerivation rec { - name = "i2p-0.9.24"; + name = "i2p-0.9.25"; src = fetchurl { url = "https://github.com/i2p/i2p.i2p/archive/${name}.tar.gz"; - sha256 = "0hk28cigil6ia707zb6p8n7959xg7v816bacxxlln780cc1wi830"; + sha256 = "1lj4khln0k0b4f55hjighwn5j3cyal8flmapjmadjyj6cd5py0v8"; }; buildInputs = [ jdk ant gettext which ]; patches = [ ./i2p.patch ]; diff --git a/pkgs/tools/networking/inetutils/default.nix b/pkgs/tools/networking/inetutils/default.nix index eca416b53d4e..a92c34328579 100644 --- a/pkgs/tools/networking/inetutils/default.nix +++ b/pkgs/tools/networking/inetutils/default.nix @@ -10,7 +10,7 @@ stdenv.mkDerivation rec { buildInputs = [ ncurses /* for `talk' */ ]; - configureFlags = "--with-ncurses-include-dir=${ncurses}/include"; + configureFlags = "--with-ncurses-include-dir=${ncurses.dev}/include"; # Test fails with "UNIX socket name too long", probably because our # $TMPDIR is too long. diff --git a/pkgs/tools/networking/megatools/default.nix b/pkgs/tools/networking/megatools/default.nix index 10a951f84fc1..7c2a437ab658 100644 --- a/pkgs/tools/networking/megatools/default.nix +++ b/pkgs/tools/networking/megatools/default.nix @@ -16,7 +16,7 @@ stdenv.mkDerivation rec { postInstall = '' for i in $(find $out/bin/ -type f); do wrapProgram "$i" \ - --prefix GIO_EXTRA_MODULES : "${glib_networking}/lib/gio/modules" \ + --prefix GIO_EXTRA_MODULES : "${glib_networking.out}/lib/gio/modules" \ --prefix XDG_DATA_DIRS : "$GSETTINGS_SCHEMAS_PATH" done ''; diff --git a/pkgs/tools/networking/minidlna/default.nix b/pkgs/tools/networking/minidlna/default.nix index c0944bb891ec..9e8e0c180d7e 100644 --- a/pkgs/tools/networking/minidlna/default.nix +++ b/pkgs/tools/networking/minidlna/default.nix @@ -16,6 +16,12 @@ stdenv.mkDerivation { buildInputs = [ ffmpeg flac libvorbis libogg libid3tag libexif libjpeg sqlite gettext ]; + postInstall = '' + mkdir -p $out/share/man/man{5,8} + cp minidlna.conf.5 $out/share/man/man5 + cp minidlnad.8 $out/share/man/man8 + ''; + meta = with stdenv.lib; { description = "Media server software"; longDescription = '' diff --git a/pkgs/tools/networking/netsniff-ng/default.nix b/pkgs/tools/networking/netsniff-ng/default.nix index 93b20704620a..742e6a93b655 100644 --- a/pkgs/tools/networking/netsniff-ng/default.nix +++ b/pkgs/tools/networking/netsniff-ng/default.nix @@ -22,7 +22,7 @@ stdenv.mkDerivation rec { configurePhase = '' patchShebangs configure substituteInPlace configure --replace "which" "command -v" - NACL_INC_DIR=${libsodium}/include/sodium NACL_LIB=sodium ./configure + NACL_INC_DIR=${libsodium.dev}/include/sodium NACL_LIB=sodium ./configure ''; enableParallelBuilding = true; diff --git a/pkgs/tools/networking/network-manager-applet/default.nix b/pkgs/tools/networking/network-manager-applet/default.nix index d2e2215831b7..5e8931579cb3 100644 --- a/pkgs/tools/networking/network-manager-applet/default.nix +++ b/pkgs/tools/networking/network-manager-applet/default.nix @@ -41,7 +41,7 @@ stdenv.mkDerivation rec { preFixup = '' wrapProgram "$out/bin/nm-applet" \ - --prefix GIO_EXTRA_MODULES : "${glib_networking}/lib/gio/modules:${gnome3.dconf}/lib/gio/modules" \ + --prefix GIO_EXTRA_MODULES : "${glib_networking.out}/lib/gio/modules:${gnome3.dconf}/lib/gio/modules" \ --prefix XDG_DATA_DIRS : "${gnome3.gtk}/share:$out/share:$GSETTINGS_SCHEMAS_PATH" \ --set GCONF_CONFIG_SOURCE "xml::~/.gconf" \ --prefix PATH ":" "${gnome3.gconf}/bin" diff --git a/pkgs/tools/networking/network-manager/default.nix b/pkgs/tools/networking/network-manager/default.nix index 7403490e58f8..afdca314ae64 100644 --- a/pkgs/tools/networking/network-manager/default.nix +++ b/pkgs/tools/networking/network-manager/default.nix @@ -1,5 +1,5 @@ { stdenv, fetchurl, intltool, wirelesstools, pkgconfig, dbus_glib, xz -, udev, libgudev, libnl, libuuid, polkit, gnutls, ppp, dhcp, dhcpcd, iptables +, systemd, libgudev, libnl, libuuid, polkit, gnutls, ppp, dhcp, dhcpcd, iptables , libgcrypt, dnsmasq, avahi, bind, perl, bluez5, substituteAll, readline , gobjectIntrospection, modemmanager, openresolv, libndp, newt, libsoup , ethtool, gnused, coreutils, file, inetutils }: @@ -54,7 +54,7 @@ stdenv.mkDerivation rec { "--with-libsoup=yes" ]; - buildInputs = [ wirelesstools udev libgudev libnl libuuid polkit ppp libndp + buildInputs = [ wirelesstools systemd libgudev libnl libuuid polkit ppp libndp xz bluez5 dnsmasq gobjectIntrospection modemmanager readline newt libsoup ]; propagatedBuildInputs = [ dbus_glib gnutls libgcrypt ]; diff --git a/pkgs/tools/networking/nylon/default.nix b/pkgs/tools/networking/nylon/default.nix index daeb7ffb57bb..fc89ea8db51b 100644 --- a/pkgs/tools/networking/nylon/default.nix +++ b/pkgs/tools/networking/nylon/default.nix @@ -1,5 +1,11 @@ -{ stdenv, fetchurl, libevent }: - +{ stdenv, fetchurl, libevent, buildEnv }: +let + # failed to find a better way to make it work + libevent-comb = buildEnv { + inherit (libevent.out) name; + paths = [ libevent.dev libevent.out ]; + }; +in stdenv.mkDerivation { name = "nylon-1.21"; src = fetchurl { @@ -9,7 +15,7 @@ stdenv.mkDerivation { patches = [ ./configure-use-solib.patch ]; - configureFlags = [ "--with-libevent=${libevent}" ]; + configureFlags = [ "--with-libevent=${libevent-comb}" ]; buildInputs = [ libevent ]; diff --git a/pkgs/tools/networking/openconnect.nix b/pkgs/tools/networking/openconnect.nix index 54239b766174..43e48e9a4cdf 100644 --- a/pkgs/tools/networking/openconnect.nix +++ b/pkgs/tools/networking/openconnect.nix @@ -18,8 +18,8 @@ stdenv.mkDerivation rec { preConfigure = '' export PKG_CONFIG=${pkgconfig}/bin/pkg-config - export LIBXML2_CFLAGS="-I ${libxml2}/include/libxml2" - export LIBXML2_LIBS="-L${libxml2}/lib -lxml2" + export LIBXML2_CFLAGS="-I ${libxml2.dev}/include/libxml2" + export LIBXML2_LIBS="-L${libxml2.out}/lib -lxml2" ''; configureFlags = [ diff --git a/pkgs/tools/networking/openssh/CVE-2015-8325.patch b/pkgs/tools/networking/openssh/CVE-2015-8325.patch new file mode 100644 index 000000000000..c752726aeae7 --- /dev/null +++ b/pkgs/tools/networking/openssh/CVE-2015-8325.patch @@ -0,0 +1,28 @@ +From 85bdcd7c92fe7ff133bbc4e10a65c91810f88755 Mon Sep 17 00:00:00 2001 +From: Damien Miller <djm@mindrot.org> +Date: Wed, 13 Apr 2016 10:39:57 +1000 +Subject: [PATCH] ignore PAM environment vars when UseLogin=yes + +If PAM is configured to read user-specified environment variables +and UseLogin=yes in sshd_config, then a hostile local user may +attack /bin/login via LD_PRELOAD or similar environment variables +set via PAM. + +CVE-2015-8325, found by Shayan Sadigh, via Colin Watson +--- + session.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/session.c b/session.c +index 4859245..4653b09 100644 +--- a/session.c ++++ b/session.c +@@ -1322,7 +1322,7 @@ do_setup_env(Session *s, const char *shell) + * Pull in any environment variables that may have + * been set by PAM. + */ +- if (options.use_pam) { ++ if (options.use_pam && !options.use_login) { + char **p; + + p = fetch_pam_child_environment(); diff --git a/pkgs/tools/networking/openssh/default.nix b/pkgs/tools/networking/openssh/default.nix index 79c9613ee4c9..064745f88558 100644 --- a/pkgs/tools/networking/openssh/default.nix +++ b/pkgs/tools/networking/openssh/default.nix @@ -41,8 +41,10 @@ stdenv.mkDerivation rec { ''; patches = - [ ./locale_archive.patch + [ + ./locale_archive.patch ./fix-host-key-algorithms-plus.patch + ./CVE-2015-8325.patch ] ++ optional withGssapiPatches gssapiSrc; diff --git a/pkgs/tools/networking/p2p/gtk-gnutella/default.nix b/pkgs/tools/networking/p2p/gtk-gnutella/default.nix index 5f335c8f76a9..ec2821f4d818 100644 --- a/pkgs/tools/networking/p2p/gtk-gnutella/default.nix +++ b/pkgs/tools/networking/p2p/gtk-gnutella/default.nix @@ -16,7 +16,7 @@ stdenv.mkDerivation { nativeBuildInputs = [ bison pkgconfig ]; buildInputs = [ glib gtk libxml2 gettext zlib ]; - NIX_LDFLAGS = "-rpath ${zlib}/lib"; + NIX_LDFLAGS = "-rpath ${zlib.out}/lib"; configureScript = "./Configure"; dontAddPrefix = true; configureFlags = "-d -e -D prefix=$out -D gtkversion=2 -D official=true"; diff --git a/pkgs/tools/networking/p2p/seeks/default.nix b/pkgs/tools/networking/p2p/seeks/default.nix index 28dce0f567e9..621e71c9eae2 100644 --- a/pkgs/tools/networking/p2p/seeks/default.nix +++ b/pkgs/tools/networking/p2p/seeks/default.nix @@ -1,4 +1,4 @@ -{ fetchgit, stdenv, zlib, docbook2x, pcre, curl, libxml2, libevent, perl +{ fetchgit, stdenv, zlib, bzip2, docbook2x, pcre, curl, libxml2, libevent, perl , pkgconfig, protobuf, tokyocabinet, tokyotyrant, opencv, autoconf, automake , libtool, seeks_confDir ? "" }: @@ -13,14 +13,14 @@ stdenv.mkDerivation { }; buildInputs = - [ zlib docbook2x pcre curl libxml2 libevent perl pkgconfig + [ zlib bzip2 docbook2x pcre curl libxml2 libevent perl pkgconfig protobuf tokyocabinet tokyotyrant opencv autoconf automake libtool ]; configureFlags = [ # Enable the built-in web server providing a web search interface. "--enable-httpserv-plugin=yes" - "--with-libevent=${libevent}" + "--with-libevent=${libevent.dev}" ]; preConfigure = '' diff --git a/pkgs/tools/networking/p2p/tahoe-lafs/default.nix b/pkgs/tools/networking/p2p/tahoe-lafs/default.nix index 5f1d6b4ef1a4..aa1b01c11fad 100644 --- a/pkgs/tools/networking/p2p/tahoe-lafs/default.nix +++ b/pkgs/tools/networking/p2p/tahoe-lafs/default.nix @@ -6,13 +6,13 @@ # some loss of functionality because of it. pythonPackages.buildPythonApplication rec { - version = "1.10.2"; + version = "1.11.0"; name = "tahoe-lafs-${version}"; namePrefix = ""; src = fetchurl { - url = "http://tahoe-lafs.org/source/tahoe-lafs/releases/allmydata-tahoe-${version}.tar.bz2"; - sha256 = "1rvv0ik5biy7ji8pg56v0qycnggzr3k6dbg88n555nb6r4cxgmgy"; + url = "https://tahoe-lafs.org/downloads/tahoe-lafs-${version}.tar.bz2"; + sha256 = "0hrp87rarbmmpnrxk91s83h6irkykds3pl263dagcddbdl5inqdi"; }; patchPhase = '' @@ -30,7 +30,6 @@ pythonPackages.buildPythonApplication rec { sed -i 's/"pycrypto.*"/"pycrypto"/' src/allmydata/_auto_deps.py ''; - # Some tests want this + http://tahoe-lafs.org/source/tahoe-lafs/deps/tahoe-dep-sdists/mock-0.6.0.tar.bz2 buildInputs = with pythonPackages; [ unzip numpy mock ]; # The `backup' command requires `sqlite3'. @@ -48,8 +47,8 @@ pythonPackages.buildPythonApplication rec { ''; checkPhase = '' - # TODO: broken with wheels - #${pythonPackages.python.interpreter} setup.py trial + # Still broken. ~ C. + # trial allmydata ''; meta = { @@ -60,9 +59,9 @@ pythonPackages.buildPythonApplication rec { such a way that it remains available even when some of the peers are unavailable, malfunctioning, or malicious. ''; - homepage = http://allmydata.org/; + homepage = http://tahoe-lafs.org/; license = [ lib.licenses.gpl2Plus /* or */ "TGPPLv1+" ]; - maintainers = [ lib.maintainers.simons ]; + maintainers = with lib.maintainers; [ simons MostAwesomeDude ]; platforms = lib.platforms.gnu; # arbitrary choice }; } diff --git a/pkgs/tools/networking/plasma-nm/default.nix b/pkgs/tools/networking/plasma-nm/default.nix index 0c10e6655b8e..f0f379d38295 100644 --- a/pkgs/tools/networking/plasma-nm/default.nix +++ b/pkgs/tools/networking/plasma-nm/default.nix @@ -14,7 +14,7 @@ stdenv.mkDerivation { sha256 = "0xj14isvjq8ll70b6q66n8adm8ff4j9ng195ndk2gmavjf6bb751"; }; - NIX_CFLAGS_COMPILE = "-I${glib}/include/glib-2.0 -I${glib}/lib/glib-2.0/include"; + NIX_CFLAGS_COMPILE = "-I${glib.dev}/include/glib-2.0 -I${glib.out}/lib/glib-2.0/include"; nativeBuildInputs = [ automoc4 cmake gettext perl pkgconfig ]; diff --git a/pkgs/tools/networking/ppp/default.nix b/pkgs/tools/networking/ppp/default.nix index dd07e53ee6f9..bc6b2b0e5ded 100644 --- a/pkgs/tools/networking/ppp/default.nix +++ b/pkgs/tools/networking/ppp/default.nix @@ -13,7 +13,7 @@ stdenv.mkDerivation rec { [ ( substituteAll { src = ./nix-purity.patch; inherit libpcap; - glibc = stdenv.cc.libc; + glibc = stdenv.cc.libc.dev or stdenv.cc.libc; }) # Without nonpriv.patch, pppd --version doesn't work when not run as # root. diff --git a/pkgs/tools/networking/sipsak/default.nix b/pkgs/tools/networking/sipsak/default.nix index 7242417bf2be..1149d9aa8e4e 100644 --- a/pkgs/tools/networking/sipsak/default.nix +++ b/pkgs/tools/networking/sipsak/default.nix @@ -10,6 +10,8 @@ stdenv.mkDerivation rec { c-ares ]; + NIX_CFLAGS_COMPILE = "--std=gnu89"; + src = fetchurl { url = "https://github.com/sipwise/sipsak/archive/mr${version}.tar.gz"; sha256 = "769fe59966b1962b67aa35aad7beb9a2110ebdface36558072a05c6405fb5374"; diff --git a/pkgs/tools/networking/unbound/default.nix b/pkgs/tools/networking/unbound/default.nix index edbf32bb775a..f639044a195d 100644 --- a/pkgs/tools/networking/unbound/default.nix +++ b/pkgs/tools/networking/unbound/default.nix @@ -9,12 +9,14 @@ stdenv.mkDerivation rec { sha256 = "33567a20f73e288f8daa4ec021fbb30fe1824b346b34f12677ad77899ecd09be"; }; + outputs = [ "out" "lib" "man" ]; # "dev" would only split ~20 kB + buildInputs = [ openssl expat libevent ]; configureFlags = [ - "--with-ssl=${openssl}" + "--with-ssl=${openssl.dev}" "--with-libexpat=${expat}" - "--with-libevent=${libevent}" + "--with-libevent=${libevent.dev}" "--localstatedir=/var" "--sysconfdir=/etc" "--sbindir=\${out}/bin" @@ -24,6 +26,12 @@ stdenv.mkDerivation rec { installFlags = [ "configfile=\${out}/etc/unbound/unbound.conf" ]; + # get rid of runtime dependencies on $dev outputs + postInstall = ''substituteInPlace "$lib/lib/libunbound.la" '' + + stdenv.lib.concatMapStrings + (pkg: " --replace '-L${pkg.dev}/lib' '-L${pkg.out}/lib' ") + [ openssl expat libevent ]; + meta = with stdenv.lib; { description = "Validating, recursive, and caching DNS resolver"; license = licenses.bsd3; diff --git a/pkgs/tools/networking/urlwatch/default.nix b/pkgs/tools/networking/urlwatch/default.nix index 8ad930951607..67b53c83448f 100644 --- a/pkgs/tools/networking/urlwatch/default.nix +++ b/pkgs/tools/networking/urlwatch/default.nix @@ -1,17 +1,17 @@ { stdenv, fetchurl, python3Packages }: python3Packages.buildPythonApplication rec { - name = "urlwatch-2.0"; + name = "urlwatch-2.1"; src = fetchurl { url = "http://thp.io/2008/urlwatch/${name}.tar.gz"; - sha256 = "0j38qzw4jxw41vnnpi6j851hqpv8d6p1cbni6cv8r2vqf5307s3b"; + sha256 = "0xn435cml9wjwk39117p1diqmvw3jbmv9ccr7230iaf7z59vf9v6"; }; propagatedBuildInputs = with python3Packages; [ - keyring minidb pyyaml + requests2 ]; postFixup = '' diff --git a/pkgs/tools/networking/uwimap/default.nix b/pkgs/tools/networking/uwimap/default.nix index e7c771618480..69b3e633f379 100644 --- a/pkgs/tools/networking/uwimap/default.nix +++ b/pkgs/tools/networking/uwimap/default.nix @@ -20,8 +20,9 @@ stdenv.mkDerivation { ++ stdenv.lib.optional (!stdenv.isDarwin) pam; patchPhase = '' - sed -i -e s,/usr/local/ssl,${openssl}, \ - src/osdep/unix/Makefile + sed -i src/osdep/unix/Makefile -e 's,/usr/local/ssl,${openssl},' + sed -i src/osdep/unix/Makefile -e 's,^SSLCERTS=.*,SSLCERTS=/etc/ssl/certs,' + sed -i src/osdep/unix/Makefile -e 's,^SSLLIB=.*,SSLLIB=${openssl.out}/lib,' ''; NIX_CFLAGS_COMPILE = stdenv.lib.optionalString stdenv.isDarwin diff --git a/pkgs/tools/networking/wget/default.nix b/pkgs/tools/networking/wget/default.nix index a6d2913abf66..9b9909a89432 100644 --- a/pkgs/tools/networking/wget/default.nix +++ b/pkgs/tools/networking/wget/default.nix @@ -10,6 +10,8 @@ stdenv.mkDerivation rec { sha256 = "1jcpvl5sxb2ag8yahpy370c5jlfb097a21k2mhsidh4wxdhrnmgy"; }; + patches = [ ./remove-runtime-dep-on-openssl-headers.patch ]; + preConfigure = '' for i in "doc/texi2pod.pl" "util/rmold.pl"; do sed -i "$i" -e 's|/usr/bin.*perl|${perl}/bin/perl|g' diff --git a/pkgs/tools/networking/wget/remove-runtime-dep-on-openssl-headers.patch b/pkgs/tools/networking/wget/remove-runtime-dep-on-openssl-headers.patch new file mode 100644 index 000000000000..a6a1fcfcb37b --- /dev/null +++ b/pkgs/tools/networking/wget/remove-runtime-dep-on-openssl-headers.patch @@ -0,0 +1,17 @@ +diff --git a/src/Makefile.in b/src/Makefile.in +index 1a36a9b..e279c84 100644 +--- a/src/Makefile.in ++++ b/src/Makefile.in +@@ -2211,10 +2211,9 @@ version.c: $(wget_SOURCES) ../lib/libgnu.a + echo '' >> $@ + echo '#include "version.h"' >> $@ + echo 'const char *version_string = "@VERSION@";' >> $@ +- echo 'const char *compilation_string = "'$(COMPILE)'";' \ ++ echo 'const char *compilation_string = 0;' \ + | $(ESCAPEQUOTE) >> $@ +- echo 'const char *link_string = "'$(CCLD) $(AM_CFLAGS) $(CFLAGS) \ +- $(AM_LDFLAGS) $(LDFLAGS) $(LIBS) $(wget_LDADD)'";' \ ++ echo 'const char *link_string = 0;' \ + | $(ESCAPEQUOTE) >> $@ + + css.c: $(srcdir)/css.l diff --git a/pkgs/tools/networking/zerotierone/default.nix b/pkgs/tools/networking/zerotierone/default.nix index 9f5f777a239b..e05a65d6967e 100644 --- a/pkgs/tools/networking/zerotierone/default.nix +++ b/pkgs/tools/networking/zerotierone/default.nix @@ -23,7 +23,7 @@ stdenv.mkDerivation rec { buildInputs = [ openssl lzo zlib gcc iproute ]; installPhase = '' - installBin zerotier-one + install -Dt "$out/bin/" zerotier-one ln -s $out/bin/zerotier-one $out/bin/zerotier-idtool ln -s $out/bin/zerotier-one $out/bin/zerotier-cli ''; |