diff options
40 files changed, 442 insertions, 235 deletions
diff --git a/nixos/modules/services/hardware/tcsd.nix b/nixos/modules/services/hardware/tcsd.nix index 220b154bd97a..ced2d49c1e15 100644 --- a/nixos/modules/services/hardware/tcsd.nix +++ b/nixos/modules/services/hardware/tcsd.nix @@ -17,8 +17,8 @@ let # what is available directly from the PCR registers. firmware_log_file = /sys/kernel/security/tpm0/binary_bios_measurements kernel_log_file = /sys/kernel/security/ima/binary_runtime_measurements - #firmware_pcrs = 0,1,2,3,4,5,6,7 - #kernel_pcrs = 10,11 + firmware_pcrs = ${cfg.firmwarePCRs} + kernel_pcrs = ${cfg.kernelPCRs} platform_cred = ${cfg.platformCred} conformance_cred = ${cfg.conformanceCred} endorsement_cred = ${cfg.endorsementCred} @@ -60,20 +60,32 @@ in }; stateDir = mkOption { - default = "/var/lib/tpm"; + default = "/var/lib/tpm"; type = types.path; - description = '' + description = '' The location of the system persistent storage file. The system persistent storage file holds keys and data across restarts of the TCSD and system reboots. - ''; + ''; + }; + + firmwarePCRs = mkOption { + default = "0,1,2,3,4,5,6,7"; + type = types.string; + description = "PCR indices used in the TPM for firmware measurements."; + }; + + kernelPCRs = mkOption { + default = "10,11"; + type = types.string; + description = "PCR indices used in the TPM for kernel measurements."; }; platformCred = mkOption { default = "${cfg.stateDir}/platform.cert"; type = types.path; description = '' - Path to the platform credential for your TPM. Your TPM + Path to the platform credential for your TPM. Your TPM manufacturer may have provided you with a set of credentials (certificates) that should be used when creating identities using your TPM. When a user of your TPM makes an identity, diff --git a/nixos/modules/virtualisation/xen-dom0.nix b/nixos/modules/virtualisation/xen-dom0.nix index c750286a3970..a0b2d5363eb2 100644 --- a/nixos/modules/virtualisation/xen-dom0.nix +++ b/nixos/modules/virtualisation/xen-dom0.nix @@ -121,6 +121,10 @@ in "xenfs" ]; + # The xenfs module is needed in system.activationScripts.xen, but + # the modprobe command there fails silently. Include xenfs in the + # initrd as a work around. + boot.initrd.kernelModules = [ "xenfs" ]; # The radeonfb kernel module causes the screen to go black as soon # as it's loaded, so don't load it. @@ -182,6 +186,9 @@ in { source = "${pkgs.xen}/etc/xen/scripts"; target = "xen/scripts"; } + { source = "${pkgs.xen}/etc/default/xendomains"; + target = "default/xendomains"; + } ]; # Xen provides udev rules. @@ -199,7 +206,8 @@ in rm -f "$XENSTORED_ROOTDIR"/tdb* &>/dev/null mkdir -p /var/run - ${optionalString cfg.trace "mkdir -p /var/log/xen"} + mkdir -p /var/log/xen # Running xl requires /var/log/xen and /var/lib/xen, + mkdir -p /var/lib/xen # so we create them here unconditionally. grep -q control_d /proc/xen/capabilities ''; serviceConfig.ExecStart = '' diff --git a/pkgs/applications/networking/mumble/default.nix b/pkgs/applications/networking/mumble/default.nix index aececbb6130b..afe27eb38149 100644 --- a/pkgs/applications/networking/mumble/default.nix +++ b/pkgs/applications/networking/mumble/default.nix @@ -1,5 +1,5 @@ { stdenv, fetchurl, pkgconfig -, avahi, boost, libopus, libsndfile, protobuf, qt4, speex +, avahi, boost, libopus, celt, libsndfile, protobuf, qt4, speex , jackSupport ? false, libjack2 ? null , speechdSupport ? false, speechd ? null , pulseSupport ? false, libpulseaudio ? null @@ -31,7 +31,7 @@ stdenv.mkDerivation rec { "CONFIG+=no-update" "CONFIG+=no-server" "CONFIG+=no-embed-qt-translations" - "CONFIG+=bundled-celt" + "CONFIG+=no-bundled-celt" "CONFIG+=no-bundled-opus" "CONFIG+=no-bundled-speex" ] ++ optional (!speechdSupport) "CONFIG+=no-speechd" @@ -43,7 +43,9 @@ stdenv.mkDerivation rec { nativeBuildInputs = [ pkgconfig ]; - buildInputs = [ avahi boost libopus libsndfile protobuf qt4 speex ] + NIX_CFLAGS_COMPILE = [ "-I${celt}/include/celt" ]; + + buildInputs = [ avahi boost libopus celt libsndfile protobuf qt4 speex ] ++ optional jackSupport libjack2 ++ optional speechdSupport speechd ++ optional pulseSupport libpulseaudio; diff --git a/pkgs/applications/version-management/mercurial/default.nix b/pkgs/applications/version-management/mercurial/default.nix index 12f3c8f11d86..5026efb71751 100644 --- a/pkgs/applications/version-management/mercurial/default.nix +++ b/pkgs/applications/version-management/mercurial/default.nix @@ -3,7 +3,7 @@ , ApplicationServices }: let - version = "3.3.3"; + version = "3.4.2"; name = "mercurial-${version}"; in @@ -12,7 +12,7 @@ stdenv.mkDerivation { src = fetchurl { url = "http://mercurial.selenic.com/release/${name}.tar.gz"; - sha256 = "04xfzwb7jabzsfv2r18c3w6vwag7cjrl79xzg5i3mbyb1mzkcid4"; + sha256 = "1kcfznv990mj30y4yk59hz4wkd3050h0hg7iib69w53nhi50xjfw"; }; inherit python; # pass it so that the same version can be used in hg2git diff --git a/pkgs/applications/video/makemkv/default.nix b/pkgs/applications/video/makemkv/default.nix index 7d604101f4b1..040f74c16ff8 100644 --- a/pkgs/applications/video/makemkv/default.nix +++ b/pkgs/applications/video/makemkv/default.nix @@ -4,17 +4,17 @@ stdenv.mkDerivation rec { name = "makemkv-${ver}"; - ver = "1.9.4"; + ver = "1.9.5"; builder = ./builder.sh; src_bin = fetchurl { url = "http://www.makemkv.com/download/makemkv-bin-${ver}.tar.gz"; - sha256 = "0xr5bfbpzd1s9fyxbwj0crpgi57hm4wrm1dybx13lv4n6xdj2ww0"; + sha256 = "1qzkdrij89s748rvmibx083g1irfm8dqx257skr45i2gsg2qqijp"; }; src_oss = fetchurl { url = "http://www.makemkv.com/download/makemkv-oss-${ver}.tar.gz"; - sha256 = "0gpmyp2g44piaj47a52ik5i3sk5flbs8kqlqmjxnqkv16s01vfra"; + sha256 = "1immnlx1rld8iw89fxgq2sk2l050sa8h046ka8mdwg8682d75lfg"; }; buildInputs = [openssl qt4 mesa zlib pkgconfig libav]; diff --git a/pkgs/applications/virtualization/xen/generic.nix b/pkgs/applications/virtualization/xen/generic.nix index 2c92a9834740..32e385635250 100644 --- a/pkgs/applications/virtualization/xen/generic.nix +++ b/pkgs/applications/virtualization/xen/generic.nix @@ -147,6 +147,9 @@ stdenv.mkDerivation { --replace /etc/xen/scripts/hotplugpath.sh $out/etc/xen/scripts/hotplugpath.sh \ --replace /bin/ls ls + substituteInPlace tools/hotplug/Linux/xendomains \ + --replace /bin/ls ls + # Xen's tools and firmares need various git repositories that it # usually checks out at time using git. We can't have that. ${flip concatMapStrings xenConfig.toolsGits (x: let src = fetchgit x.git; in '' diff --git a/pkgs/desktops/gnome-3/3.16/default.nix b/pkgs/desktops/gnome-3/3.16/default.nix index 4d30520df117..9c32ddf528c7 100644 --- a/pkgs/desktops/gnome-3/3.16/default.nix +++ b/pkgs/desktops/gnome-3/3.16/default.nix @@ -53,7 +53,7 @@ let gegl_0_3 = pkgs.gegl_0_3.override { inherit gtk; }; version = "3.16"; - maintainers = with pkgs.lib.maintainers; [ lethalman ]; + maintainers = with pkgs.lib.maintainers; [ lethalman jgeerds ]; # Simplify the nixos module and gnome packages defaultIconTheme = adwaita-icon-theme; diff --git a/pkgs/development/libraries/ldb/default.nix b/pkgs/development/libraries/ldb/default.nix index b400ff813d29..07d4b0344746 100644 --- a/pkgs/development/libraries/ldb/default.nix +++ b/pkgs/development/libraries/ldb/default.nix @@ -3,11 +3,11 @@ }: stdenv.mkDerivation rec { - name = "ldb-1.1.20"; + name = "ldb-1.1.21"; src = fetchurl { url = "mirror://samba/ldb/${name}.tar.gz"; - sha256 = "1ckplfvr8rp5y632w5j0abdgkj3irbzjh1wn0yxadnhz4ymknjds"; + sha256 = "1wfvqys8g3l2gki5xhf5jc50f6k95vdgzb97vvqfls404xzvnyr6"; }; buildInputs = [ @@ -16,7 +16,6 @@ stdenv.mkDerivation rec { ]; preConfigure = '' - echo $PYTHONPATH sed -i 's,#!/usr/bin/env python,#!${python}/bin/python,g' buildtools/bin/waf ''; diff --git a/pkgs/development/libraries/libs3/default.nix b/pkgs/development/libraries/libs3/default.nix index 62970b719048..f5c4683e7308 100644 --- a/pkgs/development/libraries/libs3/default.nix +++ b/pkgs/development/libraries/libs3/default.nix @@ -1,13 +1,13 @@ { stdenv, fetchFromGitHub, curl, libxml2 }: stdenv.mkDerivation { - name = "libs3-2015-01-09"; + name = "libs3-2015-04-23"; src = fetchFromGitHub { owner = "bji"; repo = "libs3"; - rev = "4d21fdc0857b88c964649b321057d7105d1e4da3"; - sha256 = "1c33h8lzlpmsbkymd2dac9g8hqhd6j6yzdjrhha8bcqyys6vcpy3"; + rev = "11a4e976c28ba525e7d61fbc3867c345a2af1519"; + sha256 = "0xjjwyw14sk9am6s2m25hxi55vmsrc2yiawd6ln2lvg59xjcr48i"; }; buildInputs = [ curl libxml2 ]; @@ -17,7 +17,7 @@ stdenv.mkDerivation { meta = with stdenv.lib; { homepage = https://github.com/bji/libs3; description = "A library for interfacing with amazon s3"; - license = licenses.gpl3; + license = licenses.lgpl3; platforms = platforms.unix; }; } diff --git a/pkgs/development/libraries/nghttp2/default.nix b/pkgs/development/libraries/nghttp2/default.nix index 129a65d3203b..9681c4d7eeed 100644 --- a/pkgs/development/libraries/nghttp2/default.nix +++ b/pkgs/development/libraries/nghttp2/default.nix @@ -34,12 +34,12 @@ let in stdenv.mkDerivation rec { name = "${prefix}nghttp2-${version}"; - version = "1.1.1"; + version = "1.1.2"; # Don't use fetchFromGitHub since this needs a bootstrap curl src = fetchurl { url = "http://pub.wak.io/nixos/tarballs/nghttp2-${version}.tar.bz2"; - sha256 = "9659e8598c8481f1bf8e63ba4f828f5283053df62a51fa8324cb55ea7a51b80c"; + sha256 = "5b218a0d27eeaa6898eb0757b6bbcc643ada2148696d864f185b3123c392904b"; }; # Configure script searches for a symbol which does not exist in jemalloc on Darwin diff --git a/pkgs/development/libraries/talloc/default.nix b/pkgs/development/libraries/talloc/default.nix index d9f52d8d87c3..467ccf9db86e 100644 --- a/pkgs/development/libraries/talloc/default.nix +++ b/pkgs/development/libraries/talloc/default.nix @@ -3,11 +3,11 @@ }: stdenv.mkDerivation rec { - name = "talloc-2.1.2"; + name = "talloc-2.1.3"; src = fetchurl { url = "mirror://samba/talloc/${name}.tar.gz"; - sha256 = "13c365f7y8idjf2v1jxdjpkc3lxdmsxxfxjx1ymianm7zjiph393"; + sha256 = "1c1c3zs13qyripjwcjpz2hqc3p9p50m5yl95gdrrrvyl49dzg9bs"; }; buildInputs = [ diff --git a/pkgs/development/libraries/tdb/default.nix b/pkgs/development/libraries/tdb/default.nix index 46f4bb683476..2bb47df20cf0 100644 --- a/pkgs/development/libraries/tdb/default.nix +++ b/pkgs/development/libraries/tdb/default.nix @@ -3,11 +3,11 @@ }: stdenv.mkDerivation rec { - name = "tdb-1.3.6"; + name = "tdb-1.3.7"; src = fetchurl { url = "mirror://samba/tdb/${name}.tar.gz"; - sha256 = "19arbbicw469q6a9m8yyaigrxzrxkb1jnajlvq1v7n2qgqjdvmw5"; + sha256 = "04k42cjvjc5wsqsqf44397hclq3nxlm9avjcsbz2hsn01k59akd6"; }; buildInputs = [ diff --git a/pkgs/development/libraries/ustr/default.nix b/pkgs/development/libraries/ustr/default.nix index b016a6f715c1..9a7475969c69 100644 --- a/pkgs/development/libraries/ustr/default.nix +++ b/pkgs/development/libraries/ustr/default.nix @@ -1,6 +1,6 @@ -{ stdenv, fetchurl, glibc }: -stdenv.mkDerivation rec { +{ stdenv, fetchurl }: +stdenv.mkDerivation rec { name = "ustr-${version}"; version = "1.0.4"; @@ -9,14 +9,30 @@ stdenv.mkDerivation rec { sha256 = "1i623ygdj7rkizj7985q9d6vj5amwg686aqb5j3ixpkqkyp6xbrx"; }; - prePatch = "substituteInPlace Makefile --replace /usr/include/ ${glibc}/include/"; + # Fixes bogus warnings that failed libsemanage + patches = [ ./va_args.patch ]; + + # Work around gcc5 switch to gnu11 + NIX_CFLAGS_COMPILE = "-std=gnu89"; + + # Fix detection of stdint.h + postPatch = '' + sed -i 's,\(have_stdint_h\)=0,\1=1,g' Makefile + sed -i 's,\(USTR_CONF_HAVE_STDINT_H\) 0,\1 1,g' ustr-import.in + ''; - patches = [ ./va_args.patch ]; # fixes bogus warnings that failed libsemanage + buildTargets = [ "all-shared" ]; - makeFlags = "DESTDIR=$(out) prefix= LDCONFIG=echo"; + preBuild = '' + makeFlagsArray+=("prefix=$out") + makeFlagsArray+=("LDCONFIG=echo") + makeFlagsArray+=("HIDE=") + ''; - configurePhase = "make ustr-import"; - buildInputs = [ glibc ]; + # Remove debug libraries + postInstall = '' + find $out/lib -name \*debug\* -delete + ''; meta = with stdenv.lib; { homepage = http://www.and.org/ustr/; diff --git a/pkgs/development/tools/misc/elfutils/CVE-2014-0172.patch b/pkgs/development/tools/misc/elfutils/CVE-2014-0172.patch deleted file mode 100644 index 6553dea7b4c3..000000000000 --- a/pkgs/development/tools/misc/elfutils/CVE-2014-0172.patch +++ /dev/null @@ -1,32 +0,0 @@ -https://bugzilla.redhat.com/show_bug.cgi?id=1085663 - -Reported-by: Florian Weimer <fweimer at redhat.com> -Signed-off-by: Mark Wielaard <mjw at redhat.com> ---- - libdw/dwarf_begin_elf.c | 8 +++++++- - 2 files changed, 12 insertions(+), 1 deletions(-) - -diff --git a/libdw/dwarf_begin_elf.c b/libdw/dwarf_begin_elf.c -index 79daeac..34ea373 100644 ---- a/libdw/dwarf_begin_elf.c -+++ b/libdw/dwarf_begin_elf.c -@@ -1,5 +1,5 @@ - /* Create descriptor from ELF descriptor for processing file. -- Copyright (C) 2002-2011 Red Hat, Inc. -+ Copyright (C) 2002-2011, 2014 Red Hat, Inc. - This file is part of elfutils. - Written by Ulrich Drepper <drepper at redhat.com>, 2002. - -@@ -282,6 +282,12 @@ check_section (Dwarf *result, GElf_Ehdr *ehdr, Elf_Scn *scn, bool inscngrp) - memcpy (&size, data->d_buf + 4, sizeof size); - size = be64toh (size); - -+ /* Check for unsigned overflow so malloc always allocated -+ enough memory for both the Elf_Data header and the -+ uncompressed section data. */ -+ if (unlikely (sizeof (Elf_Data) + size < size)) -+ break; -+ - Elf_Data *zdata = malloc (sizeof (Elf_Data) + size); - if (unlikely (zdata == NULL)) - break; diff --git a/pkgs/development/tools/misc/elfutils/default.nix b/pkgs/development/tools/misc/elfutils/default.nix index 53e4bd6821f2..95ccdd89de19 100644 --- a/pkgs/development/tools/misc/elfutils/default.nix +++ b/pkgs/development/tools/misc/elfutils/default.nix @@ -3,21 +3,20 @@ # TODO: Look at the hardcoded paths to kernel, modules etc. stdenv.mkDerivation rec { name = "elfutils-${version}"; - version = "0.158"; + version = "0.163"; src = fetchurl { urls = [ "http://fedorahosted.org/releases/e/l/elfutils/${version}/${name}.tar.bz2" "mirror://gentoo/distfiles/${name}.tar.bz2" ]; - sha256 = "0z9rprmizd7rwb3xwfmz5liii7hbiv3g2arl23h56brm45fay9xy"; + sha256 = "7c774f1eef329309f3b05e730bdac50013155d437518a2ec0e24871d312f2e23"; }; patches = [ - ./CVE-2014-0172.patch (fetchurl { - url = "http://fedorahosted.org/releases/e/l/elfutils/${version}/elfutils-portability.patch"; - sha256 = "0y2fyjis5xrd3g2pcbcm145q2kmh52n5c74w8dwv3hqdp5ky7igd"; + url = "http://fedorahosted.org/releases/e/l/elfutils/${version}/elfutils-portability-${version}.patch"; + sha256 = "e4e82315dad2efaa4e4476503e7537e01b7c1b1f98a96de4ca1c7fa85f4f1045"; }) ]; # We need bzip2 in NativeInputs because otherwise we can't unpack the src, diff --git a/pkgs/games/minecraft-server/default.nix b/pkgs/games/minecraft-server/default.nix index a30c0e174899..82f826556f52 100644 --- a/pkgs/games/minecraft-server/default.nix +++ b/pkgs/games/minecraft-server/default.nix @@ -2,11 +2,11 @@ stdenv.mkDerivation rec { name = "minecraft-server-${version}"; - version = "1.8.1"; + version = "1.8.8"; src = fetchurl { url = "http://s3.amazonaws.com/Minecraft.Download/versions/${version}/minecraft_server.${version}.jar"; - sha256 = "0icqkcj28l69p618vh0aah9cnvpwgvwsqlw1n5cph23q38d5lpzg"; + sha256 = "07pkdb8cnfnn8zywnhplpcdh9lrxdx8nmsgjarplf2akvhhggbir"; }; installPhase = '' diff --git a/pkgs/misc/emulators/dolphin-emu/master.nix b/pkgs/misc/emulators/dolphin-emu/master.nix index f742973c08d4..06734d24c8a6 100644 --- a/pkgs/misc/emulators/dolphin-emu/master.nix +++ b/pkgs/misc/emulators/dolphin-emu/master.nix @@ -1,14 +1,14 @@ { stdenv, gcc5, pkgconfig, cmake, bluez, ffmpeg, libao, mesa, gtk2, glib , gettext, git, libpthreadstubs, libXrandr, libXext, readline -, openal, libXdmcp, portaudio, SDL, fetchgit, libusb +, openal, libXdmcp, portaudio, fetchgit, libusb, libevdev , libpulseaudio ? null }: stdenv.mkDerivation rec { - name = "dolphin-emu-20150609"; + name = "dolphin-emu-20150802"; src = fetchgit { url = git://github.com/dolphin-emu/dolphin.git; - rev = "e47e4c677ad22895f8c8bc78676dd295e36f2695"; - sha256 = "0g176x0rw9lssw68alr83cakldq1q38mzjwxdaf524bkvnn7fl3r"; + rev = "5097a22844b850b429872f4de390bd958b11a616"; + sha256 = "1qizkahbimpmgjs51av1cdmnnyvbz0j0gknmi5vdc38vrzxvwkrf"; fetchSubmodules = false; }; @@ -24,7 +24,7 @@ stdenv.mkDerivation rec { buildInputs = [ gcc5 pkgconfig cmake bluez ffmpeg libao mesa gtk2 glib gettext libpthreadstubs libXrandr libXext readline openal - git libXdmcp portaudio SDL libusb libpulseaudio ]; + libevdev git libXdmcp portaudio libusb libpulseaudio ]; meta = { homepage = http://dolphin-emu.org/; diff --git a/pkgs/misc/ghostscript/CVE-2015-3228.patch b/pkgs/misc/ghostscript/CVE-2015-3228.patch new file mode 100644 index 000000000000..7be18b0a7302 --- /dev/null +++ b/pkgs/misc/ghostscript/CVE-2015-3228.patch @@ -0,0 +1,20 @@ +Description: Sanity check for memory allocation. + In gs_heap_alloc_bytes(), add a sanity check to ensure we don't overflow the + variable holding the actual number of bytes we allocate. +Origin: upstream, http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=0c0b085 +Author: Chris Liddell <chris.liddell@artifex.com> +Forwarded: yes +Bug-Debian: http://bugs.debian.org/793489 +Last-Update: 2015-07-26 + +--- a/base/gsmalloc.c ++++ b/base/gsmalloc.c +@@ -178,7 +178,7 @@ + } else { + uint added = size + sizeof(gs_malloc_block_t); + +- if (mmem->limit - added < mmem->used) ++ if (added <= size || mmem->limit - added < mmem->used) + set_msg("exceeded limit"); + else if ((ptr = (byte *) Memento_label(malloc(added), cname)) == 0) + set_msg("failed"); diff --git a/pkgs/misc/ghostscript/default.nix b/pkgs/misc/ghostscript/default.nix index 11f816dbb972..820e5f3cffe6 100644 --- a/pkgs/misc/ghostscript/default.nix +++ b/pkgs/misc/ghostscript/default.nix @@ -40,7 +40,11 @@ stdenv.mkDerivation rec { # [] # maybe sometimes jpeg2000 support ; - patches = [ ./urw-font-files.patch ]; + patches = [ + ./urw-font-files.patch + # fetched from debian's ghostscript 9.15_dfsg-1 (called 020150707~0c0b085.patch there) + ./CVE-2015-3228.patch + ]; makeFlags = [ "cups_serverroot=$(out)" "cups_serverbin=$(out)/lib/cups" ]; diff --git a/pkgs/os-specific/linux/cgmanager/default.nix b/pkgs/os-specific/linux/cgmanager/default.nix index 79be500a13d7..8f56eda3a1bc 100644 --- a/pkgs/os-specific/linux/cgmanager/default.nix +++ b/pkgs/os-specific/linux/cgmanager/default.nix @@ -1,31 +1,21 @@ { stdenv, fetchurl, pkgconfig, libnih, dbus }: stdenv.mkDerivation rec { - name = "cgmanager-0.36"; + name = "cgmanager-0.37"; src = fetchurl { url = "https://linuxcontainers.org/downloads/cgmanager/${name}.tar.gz"; - sha256 = "039azd4ghpmiccd95ki8fna321kccapff00rib6hrdgg600pyw7l"; + sha256 = "0vkv8am6h3x89c1rqb6a1glwz3mik3065jigri96njjzmvrff2c3"; }; buildInputs = [ pkgconfig libnih dbus ]; configureFlags = [ "--with-init-script=systemd" - "--sysconfdir=/etc/" + "--sysconfdir=/etc" "--localstatedir=/var" ]; - installFlags = [ "DESTDIR=\${out}" ]; - - postInstall = '' - mv $out/$out/* $out - DIR=$out/$out - while rmdir $DIR 2>/dev/null; do - DIR="$(dirname "$DIR")" - done - ''; - meta = with stdenv.lib; { homepage = https://linuxcontainers.org/cgmanager/introduction/; description = "a central privileged daemon that manages all your cgroups"; diff --git a/pkgs/os-specific/linux/checkpolicy/default.nix b/pkgs/os-specific/linux/checkpolicy/default.nix index 1f06fb662188..9fbed50f3b9a 100644 --- a/pkgs/os-specific/linux/checkpolicy/default.nix +++ b/pkgs/os-specific/linux/checkpolicy/default.nix @@ -1,25 +1,32 @@ -{ stdenv, fetchurl, libsepol, libselinux, bison, flex }: -stdenv.mkDerivation rec { +{ stdenv, fetchurl, bison, flex, libsepol }: +stdenv.mkDerivation rec { name = "checkpolicy-${version}"; - version = "2.3"; + version = "2.4"; inherit (libsepol) se_release se_url; src = fetchurl { url = "${se_url}/${se_release}/checkpolicy-${version}.tar.gz"; - sha256 = "0yr0r2cxz9lbj7i0wqgcd4wjvc6zf1fmqk0xjybnkdpcmw8jsqwh"; + sha256 = "1m5wjm43lzp6bld8higsvdm2dkddydihhwv9qw2w9r4dm0largcv"; }; - buildInputs = [ libsepol libselinux bison flex ]; + nativeBuildInputs = [ bison flex ]; + buildInputs = [ libsepol ]; + + NIX_CFLAGS_COMPILE = "-fstack-protector-all"; + + # Don't build tests + postPatch = '' + sed -i '/-C test/d' Makefile + ''; preBuild = '' - makeFlags="$makeFlags LEX=flex LIBDIR=${libsepol}/lib PREFIX=$out" - sed -e 's@[.]o$@& ../lex.yy.o@' -i test/Makefile + makeFlagsArray+=("LEX=flex") + makeFlagsArray+=("LIBDIR=${libsepol}/lib") + makeFlagsArray+=("PREFIX=$out") ''; - meta = with stdenv.lib; { + meta = libsepol.meta // { description = "SELinux policy compiler"; - license = licenses.gpl2; - inherit (libsepol.meta) homepage platforms maintainers; }; } diff --git a/pkgs/os-specific/linux/libselinux/default.nix b/pkgs/os-specific/linux/libselinux/default.nix index 746f49b519dd..22ff351e45a6 100644 --- a/pkgs/os-specific/linux/libselinux/default.nix +++ b/pkgs/os-specific/linux/libselinux/default.nix @@ -1,5 +1,5 @@ { stdenv, fetchurl, pkgconfig, libsepol, pcre -, enablePython ? false, swig ? null, python ? null +, enablePython ? true, swig ? null, python ? null }: assert enablePython -> swig != null && python != null; @@ -8,31 +8,34 @@ with stdenv.lib; stdenv.mkDerivation rec { name = "libselinux-${version}"; - version = "2.3"; + version = "2.4"; inherit (libsepol) se_release se_url; src = fetchurl { url = "${se_url}/${se_release}/libselinux-${version}.tar.gz"; - sha256 = "1ckpiv6m5c07rp5vawlhv02w5rq8kc0n95fh2ckq2jnqxi1hn7hb"; + sha256 = "0yqg73ns97jwjh1iyv0jr5qxb8k5sqq5ywfkx11lzfn5yj8k0126"; }; buildInputs = [ pkgconfig libsepol pcre ] ++ optionals enablePython [ swig python ]; + NIX_CFLAGS_COMPILE = "-fstack-protector-all -std=gnu89"; + postPatch = optionalString enablePython '' sed -i -e 's|\$(LIBDIR)/libsepol.a|${libsepol}/lib/libsepol.a|' src/Makefile ''; - installFlags = [ "PREFIX=$(out)" "DESTDIR=$(out)" ]; - installTargets = [ "install" ] ++ optional enablePython "install-pywrap"; + preBuild = '' + # Build fails without this precreated + mkdir -p $out/include - # TODO: Figure out why the build incorrectly links libselinux.so - postInstall = '' - rm $out/lib/libselinux.so - ln -s libselinux.so.1 $out/lib/libselinux.so + makeFlagsArray+=("PREFIX=$out") + makeFlagsArray+=("DESTDIR=$out") ''; - meta = { - inherit (libsepol.meta) homepage platforms maintainers; + installTargets = [ "install" ] ++ optional enablePython "install-pywrap"; + + meta = libsepol.meta // { + description = "SELinux core library"; }; } diff --git a/pkgs/os-specific/linux/libsemanage/default.nix b/pkgs/os-specific/linux/libsemanage/default.nix index 599da9e4b3c2..c60d96bba784 100644 --- a/pkgs/os-specific/linux/libsemanage/default.nix +++ b/pkgs/os-specific/linux/libsemanage/default.nix @@ -1,25 +1,27 @@ -{ stdenv, fetchurl, libsepol, libselinux, ustr, bzip2, bison, flex, audit }: -stdenv.mkDerivation rec { +{ stdenv, fetchurl, bison, flex, libsepol, libselinux, ustr, bzip2, libaudit }: +stdenv.mkDerivation rec { name = "libsemanage-${version}"; - version = "2.3"; + version = "2.4"; inherit (libsepol) se_release se_url; src = fetchurl { url = "${se_url}/${se_release}/libsemanage-${version}.tar.gz"; - sha256 = "0jrf66df80mvjhrsbxcnb60j69pg4dh2pydy8vj8dhhiwqsrxq03"; + sha256 = "1134ka4mi4387ac5yv68bpp2y7ln5xxhwp07xhqnay0nxzjaqk0s"; }; - makeFlags = "PREFIX=$(out) DESTDIR=$(out)"; + nativeBuildInputs = [ bison flex ]; + buildInputs = [ libsepol libselinux ustr bzip2 libaudit ]; - NIX_CFLAGS_COMPILE = "-fstack-protector-all"; - NIX_CFLAGS_LINK = "-lsepol"; + NIX_CFLAGS_COMPILE = "-fstack-protector-all -std=gnu89"; - buildInputs = [ libsepol libselinux ustr bzip2 bison flex audit ]; + preBuild = '' + makeFlagsArray+=("PREFIX=$out") + makeFlagsArray+=("DESTDIR=$out") + ''; - meta = with stdenv.lib; { - inherit (libsepol.meta) homepage platforms maintainers; + meta = libsepol.meta // { description = "Policy management tools for SELinux"; - license = licenses.lgpl21; + license = stdenv.lib.licenses.lgpl21; }; } diff --git a/pkgs/os-specific/linux/libsepol/default.nix b/pkgs/os-specific/linux/libsepol/default.nix index 29b6d80445a5..ecbb2a0ec464 100644 --- a/pkgs/os-specific/linux/libsepol/default.nix +++ b/pkgs/os-specific/linux/libsepol/default.nix @@ -1,22 +1,23 @@ -{ stdenv, fetchurl }: +{ stdenv, fetchurl, flex }: stdenv.mkDerivation rec { name = "libsepol-${version}"; - version = "2.3"; - se_release = "20140506"; + version = "2.4"; + se_release = "20150202"; se_url = "https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases"; src = fetchurl { url = "${se_url}/${se_release}/libsepol-${version}.tar.gz"; - sha256 = "13z6xakc2qqyhlvnc5h53jy7lqmh5b5cnpfn51lmvfdpqd18d3fc"; + sha256 = "0ncnwhpc1gx4hrrb822fqkwy5h75zzngsrfkd5mlqh1jk7aib419"; }; - preBuild = '' makeFlags="$makeFlags PREFIX=$out DESTDIR=$out" ''; + nativeBuildInputs = [ flex ]; - # TODO: Figure out why the build incorrectly links libsepol.so - postInstall = '' - rm $out/lib/libsepol.so - ln -s libsepol.so.1 $out/lib/libsepol.so + NIX_CFLAGS_COMPILE = "-fstack-protector-all"; + + preBuild = '' + makeFlagsArray+=("PREFIX=$out") + makeFlagsArray+=("DESTDIR=$out") ''; passthru = { inherit se_release se_url; }; diff --git a/pkgs/os-specific/linux/lxc/default.nix b/pkgs/os-specific/linux/lxc/default.nix index 1c6847cce822..c7170d5b4648 100644 --- a/pkgs/os-specific/linux/lxc/default.nix +++ b/pkgs/os-specific/linux/lxc/default.nix @@ -1,7 +1,9 @@ { stdenv, fetchFromGitHub, autoreconfHook, pkgconfig, perl, docbook2x -, docbook_xml_dtd_45, systemd, wrapPython -, libapparmor ? null, gnutls ? null, libseccomp ? null, cgmanager ? null -, libnih ? null, dbus ? null, libcap ? null, python3 ? null +, docbook_xml_dtd_45, python3Packages + +# Optional Dependencies +, libapparmor ? null, gnutls ? null, libselinux ? null, libseccomp ? null +, cgmanager ? null, libnih ? null, dbus ? null, libcap ? null, systemd ? null }: let @@ -18,10 +20,12 @@ stdenv.mkDerivation rec { sha256 = "149nq630h9bg87hb3cn086ci0cz29l7fp3i6qf1mqxv7hnildm8p"; }; + nativeBuildInputs = [ + autoreconfHook pkgconfig perl docbook2x python3Packages.wrapPython + ]; buildInputs = [ - autoreconfHook pkgconfig perl docbook2x systemd - libapparmor gnutls libseccomp cgmanager libnih dbus libcap python3 - wrapPython + libapparmor gnutls libselinux libseccomp cgmanager libnih dbus libcap + python3Packages.python systemd ]; patches = [ ./support-db2x.patch ]; @@ -31,17 +35,23 @@ stdenv.mkDerivation rec { configureFlags = [ "--localstatedir=/var" "--sysconfdir=/etc" - "--with-rootfs-path=/var/lib/lxc/rootfs" + "--enable-doc" + "--disable-api-docs" ] ++ optional (libapparmor != null) "--enable-apparmor" - ++ optional (gnutls != null) "--enable-gnutls" + ++ optional (libselinux != null) "--enable-selinux" ++ optional (libseccomp != null) "--enable-seccomp" - ++ optional (enableCgmanager) "--enable-cgmanager" ++ optional (libcap != null) "--enable-capabilities" ++ [ - "--enable-doc" - "--enable-tests" + "--disable-examples" + "--enable-python" + "--disable-lua" + "--enable-bash" + (if doCheck then "--enable-tests" else "--disable-tests") + "--with-rootfs-path=/var/lib/lxc/rootfs" ]; + doCheck = false; + installFlags = [ "localstatedir=\${TMPDIR}" "sysconfdir=\${out}/etc" @@ -50,7 +60,9 @@ stdenv.mkDerivation rec { "LXCPATH=\${TMPDIR}/var/lib/lxc" ]; - postInstall = "wrapPythonPrograms"; + postInstall = '' + wrapPythonPrograms + ''; meta = { homepage = "http://lxc.sourceforge.net"; diff --git a/pkgs/os-specific/linux/policycoreutils/default.nix b/pkgs/os-specific/linux/policycoreutils/default.nix index ef7e76824db5..4eb8394a4d34 100644 --- a/pkgs/os-specific/linux/policycoreutils/default.nix +++ b/pkgs/os-specific/linux/policycoreutils/default.nix @@ -1,29 +1,38 @@ -{ stdenv, fetchurl, intltool, pcre, libcap_ng, libcgroup -, libsepol, libselinux, libsemanage, setools -, python, sepolgen }: -stdenv.mkDerivation rec { +{ stdenv, fetchurl, pythonPackages, gettext +, setools, libsepol, libselinux, libcap_ng, libsemanage, sepolgen +}: +stdenv.mkDerivation rec { name = "policycoreutils-${version}"; - version = "2.3"; + version = "2.4"; inherit (libsepol) se_release se_url; src = fetchurl { url = "${se_url}/${se_release}/policycoreutils-${version}.tar.gz"; - sha256 = "1lpwxr5hw3dwhlp2p7y8jcr18mvfcrclwd8c2idz3lmmb3pglk46"; + sha256 = "0y9l9k60iy21hj0lcvfdfxs1fxydg6d3pxp9rhy7hwr4y5vgh6dq"; }; - preConfigure = '' + postPatch = '' + # Fix references to libsepol.a + find . -name Makefile -exec sed -i 's,[^ ]*/libsepol.a,${libsepol}/lib/libsepol.a,g' {} \; + + # Fix install references substituteInPlace po/Makefile --replace /usr/bin/install install - find . -type f -exec sed -i 's,/usr/bin/python,${python}/bin/python,' {} \; + + # Fix references to /usr/share + grep -r '/usr/share' | awk -F: '{print $1}' | xargs sed -i "s,\(\$(DESTDIR)\)*/usr/share,$out/share,g" + + # Fix sepolicy install + sed -i "s,\(setup.py install\).*,\1 --prefix=$out,g" sepolicy/Makefile ''; - buildInputs = [ intltool pcre libcap_ng libcgroup - libsepol libselinux libsemanage setools - python sepolgen # ToDo? these are optional - ]; + nativeBuildInputs = [ pythonPackages.python gettext ]; + buildInputs = [ setools libsepol libselinux libcap_ng libsemanage ]; + pythonPath = [ libselinux sepolgen ]; preBuild = '' - mkdir -p "$out/lib" && cp -s "${libsepol}/lib/libsepol.a" "$out/lib" + makeFlagsArray+=("PREFIX=$out") + makeFlagsArray+=("DESTDIR=$out") ''; # Creation of the system-config-selinux directory is broken @@ -31,14 +40,19 @@ stdenv.mkDerivation rec { mkdir -p $out/share/system-config-selinux ''; - NIX_CFLAGS_COMPILE = "-fstack-protector-all"; - NIX_LDFLAGS = "-lsepol -lpcre"; - - makeFlags = "PREFIX=$(out) DESTDIR=$(out) LOCALEDIR=$(out)/share/locale"; - - patches = [ ./size_format.patch ]; + # Fix the python scripts to include paths to libraries + # NOTE: We are not using wrapPythonPrograms or makeWrapper as these scripts + # purge the environment as a security measure + postInstall = '' + grep -r '#!.*python' $out/bin | awk -F: '{print $1}' | xargs sed -i "1a \ + import sys; \ + sys.path.append('$(toPythonPath "$out")'); \ + ${stdenv.lib.flip stdenv.lib.concatMapStrings pythonPath (lib: '' + sys.path.append('$(toPythonPath "${lib}")'); \ + '')}" + ''; - patchFlags = [ "-p0" ]; + NIX_CFLAGS_COMPILE = "-fstack-protector-all"; meta = with stdenv.lib; { description = "SELinux policy core utilities"; diff --git a/pkgs/os-specific/linux/policycoreutils/size_format.patch b/pkgs/os-specific/linux/policycoreutils/size_format.patch deleted file mode 100644 index 044320985479..000000000000 --- a/pkgs/os-specific/linux/policycoreutils/size_format.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- setfiles/restore.c.orig 2014-08-21 17:26:00.200788259 +0200 -+++ setfiles/restore.c 2014-08-21 17:26:04.728888118 +0200 -@@ -118,7 +118,7 @@ - r_opts->count++; - if (r_opts->count % STAR_COUNT == 0) { - if (r_opts->progress == 1) { -- fprintf(stdout, "\r%luk", (size_t) r_opts->count / STAR_COUNT ); -+ fprintf(stdout, "\r%zuk", (size_t) r_opts->count / STAR_COUNT ); - } else { - if (r_opts->nfile > 0) { - progress = (r_opts->count < r_opts->nfile) ? (100.0 * r_opts->count / r_opts->nfile) : 100; diff --git a/pkgs/os-specific/linux/sepolgen/default.nix b/pkgs/os-specific/linux/sepolgen/default.nix index 812b100699f7..4067e5f70e27 100644 --- a/pkgs/os-specific/linux/sepolgen/default.nix +++ b/pkgs/os-specific/linux/sepolgen/default.nix @@ -2,17 +2,19 @@ stdenv.mkDerivation rec { name = "sepolgen-${version}"; - version = "1.2.1"; + version = "1.2.2"; inherit (libsepol) se_release se_url; src = fetchurl { url = "${se_url}/${se_release}/sepolgen-${version}.tar.gz"; - sha256 = "1c41hz4a64mjvbfhgc7c7plydahsc161z0qn46qz2g3bvimj9323"; + sha256 = "09139kspr41zgksayi4dh982p8080lrfl96p4dld51nknbpaigdy"; }; - makeFlags = "PREFIX=$(out) DESTDIR=$(out) PYTHONLIBDIR=lib/${python.libPrefix}/site-packages"; - - buildInputs = [ python ]; + preBuild = '' + makeFlagsArray+=("PREFIX=$out") + makeFlagsArray+=("DESTDIR=$out") + makeFlagsArray+=("PYTHONLIBDIR=lib/${python.libPrefix}/site-packages") + ''; meta = with stdenv.lib; { inherit (libsepol.meta) homepage platforms maintainers; diff --git a/pkgs/os-specific/linux/setools/default.nix b/pkgs/os-specific/linux/setools/default.nix index 63a43b2b5e93..bb17683800f1 100644 --- a/pkgs/os-specific/linux/setools/default.nix +++ b/pkgs/os-specific/linux/setools/default.nix @@ -1,28 +1,28 @@ -{ stdenv, fetchurl, fetchpatch, autoreconfHook, pkgconfig, bison, flex +{ stdenv, fetchFromGitHub, autoreconfHook, pkgconfig, bison, flex , python, swig2, tcl, libsepol, libselinux, libxml2, sqlite, bzip2 }: stdenv.mkDerivation rec { - name = "setools-3.3.8"; + name = "setools-2015-02-12"; - src = fetchurl { - url = "http://oss.tresys.com/projects/setools/chrome/site/dists/${name}/${name}.tar.bz2"; - sha256 = "16g987ijaxabc30zyjzia4nafq49rm038y1pm4vca7i3kb67wf24"; + src = fetchFromGitHub { + owner = "TresysTechnology"; + repo = "setools3"; + rev = "f1e5b208d507171968ca4d2eeefd7980f1004a3c"; + sha256 = "02gzy2kpszhr13f0d9qfiwh2hj4201g2x366j53v5n5qz481aykd"; }; - patches = [ ./ftbfs-invalid-operands-of-types.patch ]; + configureFlags = [ + "--disable-gui" + "--with-sepol-devel=${libsepol}" + "--with-selinux-devel=${libselinux}" + "--with-tcl=${tcl}/lib" + ]; - # SWIG-TCL is broken in 3.3.8 - configureFlags = '' - --with-tcl=${tcl}/lib - --with-sepol-devel=${libsepol} - --with-selinux-devel=${libselinux} - --disable-gui - --disable-swig-tcl - ''; + NIX_CFLAGS_COMPILE = "-fstack-protector-all"; + NIX_LDFLAGS = "-L${libsepol}/lib -L${libselinux}/lib"; - buildInputs = [ autoreconfHook pkgconfig bison flex python swig2 ]; - - nativeBuildInputs = [ tcl libsepol libselinux libxml2 sqlite bzip2 ]; + nativeBuildInputs = [ autoreconfHook pkgconfig python swig2 bison flex ]; + buildInputs = [ tcl libxml2 sqlite bzip2 ]; meta = { description = "SELinux Tools"; diff --git a/pkgs/os-specific/linux/setools/ftbfs-invalid-operands-of-types.patch b/pkgs/os-specific/linux/setools/ftbfs-invalid-operands-of-types.patch deleted file mode 100644 index 97a5727f05b0..000000000000 --- a/pkgs/os-specific/linux/setools/ftbfs-invalid-operands-of-types.patch +++ /dev/null @@ -1,15 +0,0 @@ -https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=750331 - -Index: setools-git/secmds/replcon.cc -=================================================================== ---- setools-git.orig/secmds/replcon.cc -+++ setools-git/secmds/replcon.cc -@@ -60,7 +60,7 @@ static struct option const longopts[] = - {NULL, 0, NULL, 0} - }; - --extern int lsetfilecon_raw(const char *, security_context_t) __attribute__ ((weak)); -+extern int lsetfilecon_raw(const char *, const char *) __attribute__ ((weak)); - - /** - * As that setools must work with older libselinux versions that may diff --git a/pkgs/tools/filesystems/ceph/0.80.nix b/pkgs/tools/filesystems/ceph/0.80.nix index 3e859626ee8d..ffb52f3fa5b1 100644 --- a/pkgs/tools/filesystems/ceph/0.80.nix +++ b/pkgs/tools/filesystems/ceph/0.80.nix @@ -6,8 +6,7 @@ callPackage ./generic.nix (args // rec { src = fetchgit { url = "git://github.com/ceph/ceph.git"; rev = "refs/tags/v${version}"; - leaveDotGit = true; - sha256 = "0s81j6yj8y27hlx1hid9maz0l7bhjjskjxzxlhsikzmdc1j27m4r"; + sha256 = "1arajccczjdqp7igs17569xlq5cj4azcm5wwixg6ryypjr2grcbl"; }; patches = [ diff --git a/pkgs/tools/filesystems/ceph/0.94.nix b/pkgs/tools/filesystems/ceph/0.94.nix index 3947cd70f56b..4dca90e5f273 100644 --- a/pkgs/tools/filesystems/ceph/0.94.nix +++ b/pkgs/tools/filesystems/ceph/0.94.nix @@ -6,8 +6,7 @@ callPackage ./generic.nix (args // rec { src = fetchgit { url = "https://github.com/ceph/ceph.git"; rev = "refs/tags/v${version}"; - leaveDotGit = true; - sha256 = "094f9knxgx8vb9fb1yzld9ib4m0wpqwqgqjl3xqf0dzm48nxqd73"; + sha256 = "1nhqzmxv7bz93b8rbd88wgmw9icm2lhmc94dfscgh23kfpipyd6l"; }; patches = [ diff --git a/pkgs/tools/filesystems/ceph/dev.nix b/pkgs/tools/filesystems/ceph/dev.nix index c57bc200f24c..5cc183d1053c 100644 --- a/pkgs/tools/filesystems/ceph/dev.nix +++ b/pkgs/tools/filesystems/ceph/dev.nix @@ -6,8 +6,7 @@ callPackage ./generic.nix (args // rec { src = fetchgit { url = "https://github.com/ceph/ceph.git"; rev = "refs/tags/v${version}"; - leaveDotGit = true; - sha256 = "13iyv53kq2ka5py759cdiw0wmzpsycskvhmyr74qkpxmw9g6177y"; + sha256 = "0kydjyvb1566mh33p6dlljfx1r4cfdj8ic4i19h5r9vavkc46nf0"; }; patches = [ ./fix-pythonpath.patch ]; diff --git a/pkgs/tools/filesystems/ceph/generic.nix b/pkgs/tools/filesystems/ceph/generic.nix index 51e304bec216..dca6d9300206 100644 --- a/pkgs/tools/filesystems/ceph/generic.nix +++ b/pkgs/tools/filesystems/ceph/generic.nix @@ -56,7 +56,7 @@ let optLibatomic_ops = shouldUsePkg libatomic_ops; optKinetic-cpp-client = shouldUsePkg kinetic-cpp-client; optRocksdb = shouldUsePkg rocksdb; - optLibs3 = shouldUsePkg libs3; + optLibs3 = if versionAtLeast version "10.0.0" then null else shouldUsePkg libs3; optJemalloc = shouldUsePkg jemalloc; optGperftools = shouldUsePkg gperftools; @@ -195,8 +195,6 @@ stdenv.mkDerivation { (mkWith hasKinetic "kinetic" null) (mkWith hasRocksdb "librocksdb" null) (mkWith false "librocksdb-static" null) - (mkWith (optLibs3 != null) "system-libs3" null) - (mkWith true "rest-bench" null) ] ++ optional stdenv.isLinux [ (mkWith (optLibaio != null) "libaio" null) (mkWith (optLibxfs != null) "libxfs" null) @@ -207,6 +205,9 @@ stdenv.mkDerivation { ] ++ optional (versionAtLeast version "9.0.2") [ (mkWith true "man-pages" null) (mkWith true "systemd-libexec-dir" "\${TMPDIR}") + ] ++ optional (versionOlder version "10.0.0") [ + (mkWith (optLibs3 != null) "system-libs3" null) + (mkWith true "rest-bench" null) ]; preBuild = optionalString (versionAtLeast version "9.0.0") '' @@ -234,15 +235,24 @@ stdenv.mkDerivation { for PY in $(find $lib/lib -name \*.py); do LIBS="$(sed -n "s/.*find_library('\([^)]*\)').*/\1/p" "$PY")" + # Delete any calls to find_library + sed -i '/find_library/d' "$PY" + # Fix each find_library call for LIB in $LIBS; do REALLIB="$lib/lib/lib$LIB.so" - sed -i "s,find_library('$LIB'),'$REALLIB',g" "$PY" + sed -i "s,\(lib$LIB = CDLL(\).*,\1'$REALLIB'),g" "$PY" done # Reapply compilation optimizations NAME=$(basename -s .py "$PY") - (cd "$(dirname $PY)"; python -c "import $NAME"; python -O -c "import $NAME") + rm -f "$PY"{c,o} + pushd "$(dirname $PY)" + python -c "import $NAME" + python -O -c "import $NAME" + popd + test -f "$PY"c + test -f "$PY"o done ''; diff --git a/pkgs/tools/filesystems/ceph/git.nix b/pkgs/tools/filesystems/ceph/git.nix index 8534c2fdba38..913901a0f801 100644 --- a/pkgs/tools/filesystems/ceph/git.nix +++ b/pkgs/tools/filesystems/ceph/git.nix @@ -1,13 +1,12 @@ { callPackage, fetchgit, ... } @ args: callPackage ./generic.nix (args // rec { - version = "2015-07-29"; + version = "2015-07-31"; src = fetchgit { url = "git://github.com/ceph/ceph.git"; - rev = "338ead0f498238fd1b5b7f18d86ad407de6f347b"; - leaveDotGit = true; - sha256 = "0ip62l4qkcmszbczwdnqhn93glnpgy0fhymf627x0vf49dgv3a6i"; + rev = "ef86e29259d0e863e62115926bf67287dc9a7e41"; + sha256 = "14h387ngx3fmdm0b0sgl0l743j3d22gnp3lv68ah59yc4crfgdcx"; }; patches = [ ./fix-pythonpath.patch ]; diff --git a/pkgs/tools/misc/cv/default.nix b/pkgs/tools/misc/cv/default.nix index 5b54ed1d4cf7..a92bfcdb35d3 100644 --- a/pkgs/tools/misc/cv/default.nix +++ b/pkgs/tools/misc/cv/default.nix @@ -2,13 +2,13 @@ stdenv.mkDerivation rec { name = "cv-${version}"; - version = "0.7.1"; + version = "0.8"; src = fetchFromGitHub { owner = "Xfennec"; repo = "cv"; rev = "v${version}"; - sha256 = "1dcq45mz443mzzf344ap5dgsazhcrn3aislxs57jqbg4p5bbmh1b"; + sha256 = "17vfcv0n1ib4rh1hdl126aid7cnnk94avzlk9yp7y855iml8xzs4"; }; buildInputs = [ ncurses ]; diff --git a/pkgs/tools/security/minisign/default.nix b/pkgs/tools/security/minisign/default.nix new file mode 100644 index 000000000000..48de14ddce6c --- /dev/null +++ b/pkgs/tools/security/minisign/default.nix @@ -0,0 +1,25 @@ +{ stdenv, fetchurl, cmake, libsodium }: + +stdenv.mkDerivation rec { + name = "minisign-${version}"; + version = "0.4"; + + src = fetchurl { + url = "https://github.com/jedisct1/minisign/archive/${version}.tar.gz"; + sha256 = "1k1dk6piaz8pw4b9zg55n4wcpyc301mkxb873njm8mki7r8raxnw"; + }; + + buildInputs = [ cmake libsodium ]; + + meta = with stdenv.lib; { + description = "A simple tool for signing files and verifying signatures"; + longDescription = '' + minisign uses public key cryptography to help facilitate secure (but not + necessarily private) file transfer, e.g., of software artefacts. minisign + is similar to and compatible with OpenBSD's signify. + ''; + homepage = https://jedisct1.github.io/minisign/; + license = licenses.isc; + maintainers = with maintainers; [ joachifm ]; + }; +} diff --git a/pkgs/tools/security/monkeysphere/default.nix b/pkgs/tools/security/monkeysphere/default.nix new file mode 100644 index 000000000000..f0d3a870676c --- /dev/null +++ b/pkgs/tools/security/monkeysphere/default.nix @@ -0,0 +1,44 @@ +{ stdenv, fetchurl, perl, makeWrapper, perlPackages }: + +stdenv.mkDerivation rec { + name = "monkeysphere-${version}"; + version = "0.37"; + + src = fetchurl { + url = "http://archive.monkeysphere.info/debian/pool/monkeysphere/m/monkeysphere/monkeysphere_0.37.orig.tar.gz"; + sha256 = "0nbfd220miflah5l2y20qlmgfpbqi0j8h7qgx1b06h7v2jjbh45m"; + }; + + buildInputs = [ makeWrapper perl ]; + + patches = [ ./monkeysphere.patch ]; + + makeFlags = '' + PREFIX=/ + DESTDIR=$(out) + ''; + + postInstall = '' + wrapProgram $out/bin/openpgp2ssh --prefix PERL5LIB : \ + "${with perlPackages; stdenv.lib.makePerlPath [ + CryptOpenSSLRSA + CryptOpenSSLBignum + ]}" + ''; + + meta = with stdenv.lib; { + homepage = http://web.monkeysphere.info/; + description = "Leverage the OpenPGP web of trust for SSH and TLS authentication"; + longDescription = '' + The Monkeysphere project's goal is to extend OpenPGP's web of + trust to new areas of the Internet to help us securely identify + servers we connect to, as well as each other while we work online. + The suite of Monkeysphere utilities provides a framework to + transparently leverage the web of trust for authentication of + TLS/SSL communications through the normal use of tools you are + familiar with, such as your web browser0 or secure shell. + ''; + license = licenses.gpl3; + platforms = platforms.all; + }; +} diff --git a/pkgs/tools/security/monkeysphere/monkeysphere.patch b/pkgs/tools/security/monkeysphere/monkeysphere.patch new file mode 100644 index 000000000000..8b343b93454f --- /dev/null +++ b/pkgs/tools/security/monkeysphere/monkeysphere.patch @@ -0,0 +1,92 @@ +diff -rupN monkeysphere-0.37/Makefile monkeysphere-0.37-patched/Makefile +--- monkeysphere-0.37/Makefile 2014-08-06 19:27:38.000000000 +0200 ++++ monkeysphere-0.37-patched/Makefile 2015-07-31 19:51:57.539373097 +0200 +@@ -42,11 +42,11 @@ install: all installman + mkdir -p $(DESTDIR)$(PREFIX)/share/doc/monkeysphere + printf "Monkeysphere %s\n" $(MONKEYSPHERE_VERSION) > $(DESTDIR)$(PREFIX)/share/monkeysphere/VERSION + install src/monkeysphere $(DESTDIR)$(PREFIX)/bin +- sed -i 's:__SYSSHAREDIR_PREFIX__:$(PREFIX):' $(DESTDIR)$(PREFIX)/bin/monkeysphere ++ sed -i 's:__SYSSHAREDIR_PREFIX__:$(DESTDIR):' $(DESTDIR)$(PREFIX)/bin/monkeysphere + install src/monkeysphere-host $(DESTDIR)$(PREFIX)/sbin +- sed -i 's:__SYSSHAREDIR_PREFIX__:$(PREFIX):' $(DESTDIR)$(PREFIX)/sbin/monkeysphere-host ++ sed -i 's:__SYSSHAREDIR_PREFIX__:$(DESTDIR):' $(DESTDIR)$(PREFIX)/sbin/monkeysphere-host + install src/monkeysphere-authentication $(DESTDIR)$(PREFIX)/sbin +- sed -i 's:__SYSSHAREDIR_PREFIX__:$(PREFIX):' $(DESTDIR)$(PREFIX)/sbin/monkeysphere-authentication ++ sed -i 's:__SYSSHAREDIR_PREFIX__:$(DESTDIR):' $(DESTDIR)$(PREFIX)/sbin/monkeysphere-authentication + install src/monkeysphere-authentication-keys-for-user $(DESTDIR)$(PREFIX)/share/monkeysphere + install -m 0755 src/share/common $(DESTDIR)$(PREFIX)/share/monkeysphere + install -m 0644 src/share/defaultenv $(DESTDIR)$(PREFIX)/share/monkeysphere +@@ -59,8 +59,8 @@ install: all installman + ln -sf ../share/monkeysphere/keytrans $(DESTDIR)$(PREFIX)/bin/openpgp2pem + ln -sf ../share/monkeysphere/keytrans $(DESTDIR)$(PREFIX)/bin/openpgp2spki + install -m 0744 src/transitions/* $(DESTDIR)$(PREFIX)/share/monkeysphere/transitions +- sed -i 's:__SYSSHAREDIR_PREFIX__:$(PREFIX):' $(DESTDIR)$(PREFIX)/share/monkeysphere/transitions/0.23 +- sed -i 's:__SYSSHAREDIR_PREFIX__:$(PREFIX):' $(DESTDIR)$(PREFIX)/share/monkeysphere/transitions/0.28 ++ sed -i 's:__SYSSHAREDIR_PREFIX__:$(DESTDIR):' $(DESTDIR)$(PREFIX)/share/monkeysphere/transitions/0.23 ++ sed -i 's:__SYSSHAREDIR_PREFIX__:$(DESTDIR):' $(DESTDIR)$(PREFIX)/share/monkeysphere/transitions/0.28 + install -m 0644 src/transitions/README.txt $(DESTDIR)$(PREFIX)/share/monkeysphere/transitions + install -m 0644 src/share/m/* $(DESTDIR)$(PREFIX)/share/monkeysphere/m + install -m 0644 src/share/mh/* $(DESTDIR)$(PREFIX)/share/monkeysphere/mh +diff -rupN monkeysphere-0.37/src/share/checkperms monkeysphere-0.37-patched/src/share/checkperms +--- monkeysphere-0.37/src/share/checkperms 2014-08-06 19:27:38.000000000 +0200 ++++ monkeysphere-0.37-patched/src/share/checkperms 2015-07-31 19:52:18.170675985 +0200 +@@ -1,4 +1,4 @@ +-#!/usr/bin/perl -T ++#!/usr/bin/perl + + # checkperms: ensure as best we can that a given file can only be + # modified by the given user (or the superuser, naturally). This +diff -rupN monkeysphere-0.37/src/share/keytrans monkeysphere-0.37-patched/src/share/keytrans +--- monkeysphere-0.37/src/share/keytrans 2014-08-06 19:27:38.000000000 +0200 ++++ monkeysphere-0.37-patched/src/share/keytrans 2015-07-31 20:13:36.664514290 +0200 +@@ -1,4 +1,4 @@ +-#!/usr/bin/perl -T ++#!/usr/bin/perl + + # keytrans: this is an RSA key translation utility; it is capable of + # transforming RSA keys (both public keys and secret keys) between +@@ -1069,7 +1069,7 @@ sub packetwalk { + + + for (basename($0)) { +- if (/^pem2openpgp$/) { ++ if (/pem2openpgp/) { + my $rsa; + my $stdin; + +@@ -1107,7 +1107,7 @@ for (basename($0)) { + } + ); + } +- elsif (/^openpgp2ssh$/) { ++ elsif (/openpgp2ssh/) { + my $fpr = shift; + my $instream; + open($instream,'-'); +@@ -1123,7 +1123,7 @@ for (basename($0)) { + die "No matching key found.\n"; + } + } +- elsif (/^openpgp2pem$/) { ++ elsif (/openpgp2pem/) { + my $fpr = shift; + my $instream; + open($instream,'-'); +@@ -1139,7 +1139,7 @@ for (basename($0)) { + die "No matching key found.\n"; + } + } +- elsif (/^openpgp2spki$/) { ++ elsif (/openpgp2spki/) { + my $fpr = shift; + my $instream; + open($instream,'-'); +@@ -1151,7 +1151,7 @@ for (basename($0)) { + die "No matching key found.\n"; + } + } +- elsif (/^keytrans$/) { ++ elsif (/keytrans/) { + # subcommands when keytrans is invoked directly are UNSUPPORTED, + # UNDOCUMENTED, and WILL NOT BE MAINTAINED. + my $subcommand = shift; diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 29b7d16cf212..8c0a818b38fd 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -2026,6 +2026,8 @@ let minidlna = callPackage ../tools/networking/minidlna { }; + minisign = callPackage ../tools/security/minisign { }; + mmv = callPackage ../tools/misc/mmv { }; morituri = callPackage ../applications/audio/morituri { }; @@ -2140,9 +2142,7 @@ let lshw = callPackage ../tools/system/lshw { }; - lxc = callPackage ../os-specific/linux/lxc { - wrapPython = python3Packages.wrapPython; - }; + lxc = callPackage ../os-specific/linux/lxc { }; lzip = callPackage ../tools/compression/lzip { }; @@ -9376,6 +9376,7 @@ let atop = callPackage ../os-specific/linux/atop { }; audit = callPackage ../os-specific/linux/audit { }; + libaudit = audit; b43Firmware_5_1_138 = callPackage ../os-specific/linux/firmware/b43-firmware/5.1.138.nix { }; @@ -12045,6 +12046,8 @@ let monkeysAudio = callPackage ../applications/audio/monkeys-audio { }; + monkeysphere = callPackage ../tools/security/monkeysphere { }; + monodevelop = callPackage ../applications/editors/monodevelop {}; monotone = callPackage ../applications/version-management/monotone { @@ -12130,6 +12133,7 @@ let avahi = avahi.override { withLibdnssdCompat = true; }; + celt = celt_0_7; jackSupport = config.mumble.jackSupport or false; speechdSupport = config.mumble.speechdSupport or false; pulseSupport = config.pulseaudio or false; |