diff options
682 files changed, 5050 insertions, 3183 deletions
diff --git a/doc/languages-frameworks/python.md b/doc/languages-frameworks/python.md index 36611394242a..c38266413bf7 100644 --- a/doc/languages-frameworks/python.md +++ b/doc/languages-frameworks/python.md @@ -632,7 +632,7 @@ Given a `default.nix`: src = ./.; } Running `nix-shell` with no arguments should give you -the environment in which the package would be build with +the environment in which the package would be built with `nix-build`. Shortcut to setup environments with C headers/libraries and python packages: @@ -715,8 +715,8 @@ Python attribute sets are created for each interpreter version. We will therefor In the following example we change the name of the package `pandas` to `foo`. ``` newpkgs = pkgs.overridePackages(self: super: rec { - python35Packages = super.python35Packages.override { - self = python35Packages // { pandas = python35Packages.pandas.override{name="foo";};}; + python35Packages = (super.python35Packages.override { self = python35Packages;}) + // { pandas = super.python35Packages.pandas.override {name = "foo";}; }; }); ``` @@ -727,8 +727,8 @@ with import <nixpkgs> {}; (let newpkgs = pkgs.overridePackages(self: super: rec { - python35Packages = super.python35Packages.override { - self = python35Packages // { pandas = python35Packages.pandas.override{name="foo";};}; + python35Packages = (super.python35Packages.override { self = python35Packages;}) + // { pandas = super.python35Packages.pandas.override {name = "foo";}; }; }); in newpkgs.python35.withPackages (ps: [ps.blaze]) @@ -743,7 +743,7 @@ with import <nixpkgs> {}; newpkgs = pkgs.overridePackages(self: super: rec { python35Packages = super.python35Packages.override { - self = python35Packages // { scipy = python35Packages.scipy_0_16;}; + self = python35Packages // { scipy = python35Packages.scipy_0_17;}; }; }); in newpkgs.python35.withPackages (ps: [ps.blaze]) @@ -751,23 +751,41 @@ in newpkgs.python35.withPackages (ps: [ps.blaze]) ``` The requested package `blaze` depends upon `pandas` which itself depends on `scipy`. +A similar example but now using `django` +``` +with import <nixpkgs> {}; + +(let + +newpkgs = pkgs.overridePackages(self: super: rec { + python27Packages = (super.python27Packages.override {self = python27Packages;}) + // { django = super.python27Packages.django_1_9; }; +}); +in newpkgs.python27.withPackages (ps: [ps.django_guardian ]) +).env +``` + ### `python setup.py bdist_wheel` cannot create .whl -Executing `python setup.py bdist_wheel` fails with +Executing `python setup.py bdist_wheel` in a `nix-shell `fails with ``` ValueError: ZIP does not support timestamps before 1980 ``` This is because files are included that depend on items in the Nix store which have a timestamp of, that is, it corresponds to January the 1st, 1970 at 00:00:00. And as the error informs you, ZIP does not support that. -Fortunately `bdist_wheel` takes into account `SOURCE_DATE_EPOCH`. On Nix this value is set to 1. By setting it to a value correspond to 1980 or later it is possible to build wheels. +The command `bdist_wheel` takes into account `SOURCE_DATE_EPOCH`, and `nix-shell` sets this to 1. By setting it to a value corresponding to 1980 or later, or by unsetting it, it is possible to build wheels. Use 1980 as timestamp: ``` -SOURCE_DATE_EPOCH=315532800 python3 setup.py bdist_wheel +nix-shell --run "SOURCE_DATE_EPOCH=315532800 python3 setup.py bdist_wheel" ``` or the current time: ``` -SOURCE_DATE_EPOCH=$(date +%s) python3 setup.py bdist_wheel +nix-shell --run "SOURCE_DATE_EPOCH=$(date +%s) python3 setup.py bdist_wheel" ``` +or unset: +""" +nix-shell --run "unset SOURCE_DATE_EPOCH; python3 setup.py bdist_wheel" +""" ### `install_data` / `data_files` problems diff --git a/doc/stdenv.xml b/doc/stdenv.xml index ee01dcf01df7..5be57fc5a976 100644 --- a/doc/stdenv.xml +++ b/doc/stdenv.xml @@ -1360,6 +1360,209 @@ in the default system locations.</para> </section> +<section xml:id="sec-hardening-in-nixpkgs"><title>Hardening in Nixpkgs</title> + +<para>There are flags available to harden packages at compile or link-time. +These can be toggled using the <varname>stdenv.mkDerivation</varname> parameters +<varname>hardeningDisable</varname> and <varname>hardeningEnable</varname>. +</para> + +<para>The following flags are enabled by default and might require disabling +if the program to package is incompatible. +</para> + +<variablelist> + + <varlistentry> + <term><varname>format</varname></term> + <listitem><para>Adds the <option>-Wformat -Wformat-security + -Werror=format-security</option> compiler options. At present, + this warns about calls to <varname>printf</varname> and + <varname>scanf</varname> functions where the format string is + not a string literal and there are no format arguments, as in + <literal>printf(foo);</literal>. This may be a security hole + if the format string came from untrusted input and contains + <literal>%n</literal>.</para> + + <para>This needs to be turned off or fixed for errors similar to:</para> + + <programlisting> +/tmp/nix-build-zynaddsubfx-2.5.2.drv-0/zynaddsubfx-2.5.2/src/UI/guimain.cpp:571:28: error: format not a string literal and no format arguments [-Werror=format-security] + printf(help_message); + ^ +cc1plus: some warnings being treated as errors + </programlisting></listitem> + </varlistentry> + + <varlistentry> + <term><varname>stackprotector</varname></term> + <listitem> + <para>Adds the <option>-fstack-protector-strong + --param ssp-buffer-size=4</option> + compiler options. This adds safety checks against stack overwrites + rendering many potential code injection attacks into aborting situations. + In the best case this turns code injection vulnerabilities into denial + of service or into non-issues (depending on the application).</para> + + <para>This needs to be turned off or fixed for errors similar to:</para> + + <programlisting> +bin/blib.a(bios_console.o): In function `bios_handle_cup': +/tmp/nix-build-ipxe-20141124-5cbdc41.drv-0/ipxe-5cbdc41/src/arch/i386/firmware/pcbios/bios_console.c:86: undefined reference to `__stack_chk_fail' + </programlisting></listitem> + </varlistentry> + + <varlistentry> + <term><varname>fortify</varname></term> + <listitem> + <para>Adds the <option>-O2 -D_FORTIFY_SOURCE=2</option> compiler + options. During code generation the compiler knows a great deal of + information about buffer sizes (where possible), and attempts to replace + insecure unlimited length buffer function calls with length-limited ones. + This is especially useful for old, crufty code. Additionally, format + strings in writable memory that contain '%n' are blocked. If an application + depends on such a format string, it will need to be worked around. + </para> + + <para>Addtionally, some warnings are enabled which might trigger build + failures if compiler warnings are treated as errors in the package build. + In this case, set <option>NIX_CFLAGS_COMPILE</option> to + <option>-Wno-error=warning-type</option>.</para> + + <para>This needs to be turned off or fixed for errors similar to:</para> + + <programlisting> +malloc.c:404:15: error: return type is an incomplete type +malloc.c:410:19: error: storage size of 'ms' isn't known + </programlisting> + <programlisting> +strdup.h:22:1: error: expected identifier or '(' before '__extension__' + </programlisting> + <programlisting> +strsep.c:65:23: error: register name not specified for 'delim' + </programlisting> + <programlisting> +installwatch.c:3751:5: error: conflicting types for '__open_2' + </programlisting> + <programlisting> +fcntl2.h:50:4: error: call to '__open_missing_mode' declared with attribute error: open with O_CREAT or O_TMPFILE in second argument needs 3 arguments + </programlisting> + </listitem> + </varlistentry> + + <varlistentry> + <term><varname>pic</varname></term> + <listitem> + <para>Adds the <option>-fPIC</option> compiler options. This options adds + support for position independant code in shared libraries and thus making + ASLR possible.</para> + <para>Most notably, the Linux kernel, kernel modules and other code + not running in an operating system environment like boot loaders won't + build with PIC enabled. The compiler will is most cases complain that + PIC is not supported for a specific build. + </para> + + <para>This needs to be turned off or fixed for assembler errors similar to:</para> + + <programlisting> +ccbLfRgg.s: Assembler messages: +ccbLfRgg.s:33: Error: missing or invalid displacement expression `private_key_len@GOTOFF' + </programlisting> + </listitem> + </varlistentry> + + <varlistentry> + <term><varname>strictoverflow</varname></term> + <listitem> + <para>Signed integer overflow is undefined behaviour according to the C + standard. If it happens, it is an error in the program as it should check + for overflow before it can happen, not afterwards. GCC provides built-in + functions to perform arithmetic with overflow checking, which are correct + and faster than any custom implementation. As a workaround, the option + <option>-fno-strict-overflow</option> makes gcc behave as if signed + integer overflows were defined. + </para> + + <para>This flag should not trigger any build or runtime errors.</para> + </listitem> + </varlistentry> + + <varlistentry> + <term><varname>relro</varname></term> + <listitem> + <para>Adds the <option>-z relro</option> linker option. During program + load, several ELF memory sections need to be written to by the linker, + but can be turned read-only before turning over control to the program. + This prevents some GOT (and .dtors) overwrite attacks, but at least the + part of the GOT used by the dynamic linker (.got.plt) is still vulnerable. + </para> + + <para>This flag can break dynamic shared object loading. For instance, the + module systems of Xorg and OpenCV are incompatible with this flag. In almost + all cases the <varname>bindnow</varname> flag must also be disabled and + incompatible programs typically fail with similar errors at runtime.</para> + </listitem> + </varlistentry> + + <varlistentry> + <term><varname>bindnow</varname></term> + <listitem> + <para>Adds the <option>-z bindnow</option> linker option. During program + load, all dynamic symbols are resolved, allowing for the complete GOT to + be marked read-only (due to <varname>relro</varname>). This prevents GOT + overwrite attacks. For very large applications, this can incur some + performance loss during initial load while symbols are resolved, but this + shouldn't be an issue for daemons. + </para> + + <para>This flag can break dynamic shared object loading. For instance, the + module systems of Xorg and PHP are incompatible with this flag. Programs + incompatible with this flag often fail at runtime due to missing symbols, + like:</para> + + <programlisting> +intel_drv.so: undefined symbol: vgaHWFreeHWRec + </programlisting> + </listitem> + </varlistentry> + +</variablelist> + +<para>The following flags are disabled by default and should be enabled +for packages that take untrusted input, like network services. +</para> + +<variablelist> + + <varlistentry> + <term><varname>pie</varname></term> + <listitem> + <para>Adds the <option>-fPIE</option> compiler and <option>-pie</option> + linker options. Position Independent Executables are needed to take + advantage of Address Space Layout Randomization, supported by modern + kernel versions. While ASLR can already be enforced for data areas in + the stack and heap (brk and mmap), the code areas must be compiled as + position-independent. Shared libraries already do this with the + <varname>pic</varname> flag, so they gain ASLR automatically, but binary + .text regions need to be build with <varname>pie</varname> to gain ASLR. + When this happens, ROP attacks are much harder since there are no static + locations to bounce off of during a memory corruption attack. + </para> + </listitem> + </varlistentry> + +</variablelist> + +<para>For more in-depth information on these hardening flags and hardening in +general, refer to the +<link xlink:href="https://wiki.debian.org/Hardening">Debian Wiki</link>, +<link xlink:href="https://wiki.ubuntu.com/Security/Features">Ubuntu Wiki</link>, +<link xlink:href="https://wiki.gentoo.org/wiki/Project:Hardened">Gentoo Wiki</link>, +and the <link xlink:href="https://wiki.archlinux.org/index.php/DeveloperWiki:Security"> +Arch Wiki</link>. +</para> + +</section> </chapter> diff --git a/lib/licenses.nix b/lib/licenses.nix index c91b0c21a061..3708b1eb15cf 100644 --- a/lib/licenses.nix +++ b/lib/licenses.nix @@ -188,7 +188,7 @@ lib.mapAttrs (n: v: v // { shortName = n; }) rec { fdl13 = spdx { spdxId = "GFDL-1.3"; - fullName = "GNU Free Documentation License v1.2"; + fullName = "GNU Free Documentation License v1.3"; }; free = { diff --git a/lib/lists.nix b/lib/lists.nix index 4bf732b88c9a..5e224921de81 100644 --- a/lib/lists.nix +++ b/lib/lists.nix @@ -218,12 +218,12 @@ rec { partition (x: x > 2) [ 5 1 2 3 4 ] => { right = [ 5 3 4 ]; wrong = [ 1 2 ]; } */ - partition = pred: + partition = builtins.partition or (pred: fold (h: t: if pred h then { right = [h] ++ t.right; wrong = t.wrong; } else { right = t.right; wrong = [h] ++ t.wrong; } - ) { right = []; wrong = []; }; + ) { right = []; wrong = []; }); /* Merges two lists of the same size together. If the sizes aren't the same the merging stops at the shortest. How both lists are merged is defined diff --git a/lib/maintainers.nix b/lib/maintainers.nix index b9fd905dd54d..8c29c9b4cf26 100644 --- a/lib/maintainers.nix +++ b/lib/maintainers.nix @@ -273,6 +273,7 @@ mudri = "James Wood <lamudri@gmail.com>"; muflax = "Stefan Dorn <mail@muflax.com>"; myrl = "Myrl Hex <myrl.0xf@gmail.com>"; + nand0p = "Fernando Jose Pando <nando@hex7.com>"; nathan-gs = "Nathan Bijnens <nathan@nathan.gs>"; Nate-Devv = "Nathan Moore <natedevv@gmail.com>"; nckx = "Tobias Geerinckx-Rice <tobias.geerinckx.rice@gmail.com>"; @@ -352,8 +353,10 @@ rvlander = "Gaëtan André <rvlander@gaetanandre.eu>"; ryanartecona = "Ryan Artecona <ryanartecona@gmail.com>"; ryantm = "Ryan Mulligan <ryan@ryantm.com>"; + ryansydnor = "Ryan Sydnor <ryan.t.sydnor@gmail.com>"; rycee = "Robert Helgesson <robert@rycee.net>"; ryneeverett = "Ryne Everett <ryneeverett@gmail.com>"; + s1lvester = "Markus Silvester <s1lvester@bockhacker.me>"; samuelrivas = "Samuel Rivas <samuelrivas@gmail.com>"; sander = "Sander van der Burg <s.vanderburg@tudelft.nl>"; schmitthenner = "Fabian Schmitthenner <development@schmitthenner.eu>"; diff --git a/lib/modules.nix b/lib/modules.nix index e2fa3d7fbf0c..6f08a49399ab 100644 --- a/lib/modules.nix +++ b/lib/modules.nix @@ -105,8 +105,12 @@ rec { /* Massage a module into canonical form, that is, a set consisting of ‘options’, ‘config’ and ‘imports’ attributes. */ unifyModuleSyntax = file: key: m: + let metaSet = if m ? meta + then { meta = m.meta; } + else {}; + in if m ? config || m ? options then - let badAttrs = removeAttrs m ["imports" "options" "config" "key" "_file"]; in + let badAttrs = removeAttrs m ["imports" "options" "config" "key" "_file" "meta"]; in if badAttrs != {} then throw "Module `${key}' has an unsupported attribute `${head (attrNames badAttrs)}'. This is caused by assignments to the top-level attributes `config' or `options'." else @@ -114,14 +118,14 @@ rec { key = toString m.key or key; imports = m.imports or []; options = m.options or {}; - config = m.config or {}; + config = mkMerge [ (m.config or {}) metaSet ]; } else { file = m._file or file; key = toString m.key or key; imports = m.require or [] ++ m.imports or []; options = {}; - config = removeAttrs m ["key" "_file" "require" "imports"]; + config = mkMerge [ (removeAttrs m ["key" "_file" "require" "imports"]) metaSet ]; }; applyIfFunction = key: f: args@{ config, options, lib, ... }: if isFunction f then @@ -503,19 +507,25 @@ rec { /* Return a module that causes a warning to be shown if the specified option is defined. For example, - mkRemovedOptionModule [ "boot" "loader" "grub" "bootDevice" ] + mkRemovedOptionModule [ "boot" "loader" "grub" "bootDevice" ] "<replacement instructions>" causes a warning if the user defines boot.loader.grub.bootDevice. + + replacementInstructions is a string that provides instructions on + how to achieve the same functionality without the removed option, + or alternatively a reasoning why the functionality is not needed. + replacementInstructions SHOULD be provided! */ - mkRemovedOptionModule = optionName: + mkRemovedOptionModule = optionName: replacementInstructions: { options, ... }: { options = setAttrByPath optionName (mkOption { visible = false; }); config.warnings = let opt = getAttrFromPath optionName options; in - optional opt.isDefined - "The option definition `${showOption optionName}' in ${showFiles opt.files} no longer has any effect; please remove it."; + optional opt.isDefined '' + The option definition `${showOption optionName}' in ${showFiles opt.files} no longer has any effect; please remove it. + ${replacementInstructions}''; }; /* Return a module that causes a warning to be shown if the diff --git a/nixos/doc/manual/configuration/configuration.xml b/nixos/doc/manual/configuration/configuration.xml index 26f8ebad7344..448e2a932e91 100644 --- a/nixos/doc/manual/configuration/configuration.xml +++ b/nixos/doc/manual/configuration/configuration.xml @@ -23,16 +23,10 @@ effect after you run <command>nixos-rebuild</command>.</para> <xi:include href="x-windows.xml" /> <xi:include href="networking.xml" /> <xi:include href="linux-kernel.xml" /> -<xi:include href="grsecurity.xml" /> -<!-- FIXME: auto-include NixOS module docs --> -<xi:include href="postgresql.xml" /> -<xi:include href="gitlab.xml" /> -<xi:include href="taskserver.xml" /> -<xi:include href="acme.xml" /> -<xi:include href="input-methods.xml" /> -<xi:include href="emacs.xml" /> +<xi:include href="modules.xml" xpointer="xpointer(//section[@id='modules']/*)" /> <!-- Apache; libvirtd virtualisation --> </part> + diff --git a/nixos/doc/manual/default.nix b/nixos/doc/manual/default.nix index 2592766ee496..13668dfd8ebc 100644 --- a/nixos/doc/manual/default.nix +++ b/nixos/doc/manual/default.nix @@ -1,4 +1,4 @@ -{ pkgs, options, version, revision, extraSources ? [] }: +{ pkgs, options, config, version, revision, extraSources ? [] }: with pkgs; @@ -51,16 +51,19 @@ let sources = lib.sourceFilesBySuffices ./. [".xml"]; + modulesDoc = builtins.toFile "modules.xml" '' + <section xmlns:xi="http://www.w3.org/2001/XInclude" id="modules"> + ${(lib.concatMapStrings (path: '' + <xi:include href="${path}" /> + '') (lib.catAttrs "value" config.meta.doc))} + </section> + ''; + copySources = '' cp -prd $sources/* . # */ chmod -R u+w . - cp ${../../modules/services/databases/postgresql.xml} configuration/postgresql.xml - cp ${../../modules/services/misc/gitlab.xml} configuration/gitlab.xml - cp ${../../modules/services/misc/taskserver/doc.xml} configuration/taskserver.xml - cp ${../../modules/security/acme.xml} configuration/acme.xml - cp ${../../modules/i18n/input-method/default.xml} configuration/input-methods.xml - cp ${../../modules/services/editors/emacs.xml} configuration/emacs.xml + ln -s ${modulesDoc} configuration/modules.xml ln -s ${optionsDocBook} options-db.xml echo "${version}" > version ''; diff --git a/nixos/doc/manual/development/meta-attributes.xml b/nixos/doc/manual/development/meta-attributes.xml new file mode 100644 index 000000000000..de0870314dcb --- /dev/null +++ b/nixos/doc/manual/development/meta-attributes.xml @@ -0,0 +1,62 @@ +<section xmlns="http://docbook.org/ns/docbook" + xmlns:xlink="http://www.w3.org/1999/xlink" + xmlns:xi="http://www.w3.org/2001/XInclude" + version="5.0" + xml:id="sec-meta-attributes"> + +<title>Meta Attributes</title> + +<para>Like Nix packages, NixOS modules can declare meta-attributes to provide + extra information. Module meta attributes are defined in the + <filename + xlink:href="https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/misc/meta.nix">meta.nix</filename> + special module.</para> + +<para><literal>meta</literal> is a top level attribute like + <literal>options</literal> and <literal>config</literal>. Available + meta-attributes are <literal>maintainers</literal> and + <literal>doc</literal>.</para> + +<para>Each of the meta-attributes must be defined at most once per module + file.</para> + +<programlisting> +{ config, lib, pkgs, ... }: +{ + options = { + ... + }; + + config = { + ... + }; + + meta = { + maintainers = with lib.maintainers; [ ericsagnes ]; <co + xml:id='modules-meta-1' /> + doc = ./default.xml; <co xml:id='modules-meta-2' /> + }; +} +</programlisting> + +<calloutlist> + <callout arearefs='modules-meta-1'> + <para> + <varname>maintainers</varname> contains a list of the module maintainers. + </para> + </callout> + + <callout arearefs='modules-meta-2'> + <para> + <varname>doc</varname> points to a valid DocBook file containing the module + documentation. Its contents is automatically added to <xref + linkend="ch-configuration"/>. + Changes to a module documentation have to be checked to not break + building the NixOS manual: + </para> + <programlisting>$ nix-build nixos/release.nix -A manual</programlisting> + </callout> + +</calloutlist> + +</section> diff --git a/nixos/doc/manual/development/writing-modules.xml b/nixos/doc/manual/development/writing-modules.xml index 971e586f20bd..a68b122ce022 100644 --- a/nixos/doc/manual/development/writing-modules.xml +++ b/nixos/doc/manual/development/writing-modules.xml @@ -177,5 +177,6 @@ in { <xi:include href="option-declarations.xml" /> <xi:include href="option-def.xml" /> +<xi:include href="meta-attributes.xml" /> </chapter> diff --git a/nixos/doc/manual/release-notes/rl-1603.xml b/nixos/doc/manual/release-notes/rl-1603.xml index c51316bd2808..f460e00e836e 100644 --- a/nixos/doc/manual/release-notes/rl-1603.xml +++ b/nixos/doc/manual/release-notes/rl-1603.xml @@ -385,6 +385,41 @@ services.syncthing = { the github issue</link>. </para> </listitem> + + <listitem> + <para> + The <literal>services.xserver.startGnuPGAgent</literal> option has been removed. + GnuPG 2.1.x changed the way the gpg-agent works, and that new approach no + longer requires (or even supports) the "start everything as a child of the + agent" scheme we've implemented in NixOS for older versions. + To configure the gpg-agent for your X session, add the following code to + <filename>~/.bashrc</filename> or some file that’s sourced when your shell is started: + <programlisting> +GPG_TTY=$(tty) +export GPG_TTY + </programlisting> + If you want to use gpg-agent for SSH, too, add the following to your session + initialization (e.g. <literal>displayManager.sessionCommands</literal>) + <programlisting> +gpg-connect-agent /bye +unset SSH_AGENT_PID +export SSH_AUTH_SOCK="''${HOME}/.gnupg/S.gpg-agent.ssh" + </programlisting> + and make sure that + <programlisting> +enable-ssh-support + </programlisting> + is included in your <filename>~/.gnupg/gpg-agent.conf</filename>. + You will need to use <command>ssh-add</command> to re-add your ssh keys. + If gpg’s automatic transformation of the private keys to the new format fails, + you will need to re-import your private keyring as well: + <programlisting> +gpg --import ~/.gnupg/secring.gpg + </programlisting> + The <command>gpg-agent(1)</command> man page has more details about this subject, + i.e. in the "EXAMPLES" section. + </para> + </listitem> </itemizedlist> diff --git a/nixos/modules/config/gnu.nix b/nixos/modules/config/gnu.nix index ad0e35c8a63f..f8c35b440d12 100644 --- a/nixos/modules/config/gnu.nix +++ b/nixos/modules/config/gnu.nix @@ -37,6 +37,7 @@ with lib; services.openssh.enable = false; services.lshd.enable = true; programs.ssh.startAgent = false; + services.xserver.startGnuPGAgent = true; # TODO: GNU dico. # TODO: GNU Inetutils' inetd. diff --git a/nixos/modules/config/update-users-groups.pl b/nixos/modules/config/update-users-groups.pl index 967f427374b1..cbbe216e5a17 100644 --- a/nixos/modules/config/update-users-groups.pl +++ b/nixos/modules/config/update-users-groups.pl @@ -52,8 +52,8 @@ foreach my $g (@{$spec->{groups}}) { $gidsUsed{$g->{gid}} = 1 if defined $g->{gid}; } -foreach my $u (@{$spec->{groups}}) { - $uidsUsed{$u->{u}} = 1 if defined $u->{uid}; +foreach my $u (@{$spec->{users}}) { + $uidsUsed{$u->{uid}} = 1 if defined $u->{uid}; } # Read the current /etc/group. diff --git a/nixos/modules/i18n/input-method/default.nix b/nixos/modules/i18n/input-method/default.nix index 5d57a7f99666..f3e568f1dde3 100644 --- a/nixos/modules/i18n/input-method/default.nix +++ b/nixos/modules/i18n/input-method/default.nix @@ -62,4 +62,9 @@ in environment.systemPackages = [ cfg.package gtk2_cache gtk3_cache ]; }; + meta = { + maintainers = with lib.maintainers; [ ericsagnes ]; + doc = ./default.xml; + }; + } diff --git a/nixos/modules/misc/meta.nix b/nixos/modules/misc/meta.nix index 22622706f2c8..6a5738e47ff3 100644 --- a/nixos/modules/misc/meta.nix +++ b/nixos/modules/misc/meta.nix @@ -39,7 +39,7 @@ in default = []; example = [ lib.maintainers.all ]; description = '' - List of maintainers of each module. This option should be defined at + List of maintainers of each module. This option should be defined at most once per module. ''; }; @@ -49,7 +49,7 @@ in internal = true; example = "./meta.xml"; description = '' - Documentation prologe for the set of options of each module. This + Documentation prologe for the set of options of each module. This option should be defined at most once per module. ''; }; @@ -57,7 +57,5 @@ in }; }; - config = { - meta.maintainers = singleton lib.maintainers.pierron; - }; + meta.maintainers = singleton lib.maintainers.pierron; } diff --git a/nixos/modules/rename.nix b/nixos/modules/rename.nix index 3caac6c4ee60..412cccc20d58 100644 --- a/nixos/modules/rename.nix +++ b/nixos/modules/rename.nix @@ -29,7 +29,7 @@ with lib; (mkRenamedOptionModule [ "jobs" ] [ "systemd" "services" ]) (mkRenamedOptionModule [ "services" "gitlab" "stateDir" ] [ "services" "gitlab" "statePath" ]) - (mkRemovedOptionModule [ "services" "gitlab" "satelliteDir" ]) + (mkRemovedOptionModule [ "services" "gitlab" "satelliteDir" ] "") # Old Grub-related options. (mkRenamedOptionModule [ "boot" "initrd" "extraKernelModules" ] [ "boot" "initrd" "kernelModules" ]) @@ -112,27 +112,27 @@ with lib; (mkRenamedOptionModule [ "services" "iodined" "domain" ] [ "services" "iodine" "server" "domain" ]) (mkRenamedOptionModule [ "services" "iodined" "ip" ] [ "services" "iodine" "server" "ip" ]) (mkRenamedOptionModule [ "services" "iodined" "extraConfig" ] [ "services" "iodine" "server" "extraConfig" ]) - (mkRemovedOptionModule [ "services" "iodined" "client" ]) + (mkRemovedOptionModule [ "services" "iodined" "client" ] "") # Grsecurity - (mkRemovedOptionModule [ "security" "grsecurity" "kernelPatch" ]) - (mkRemovedOptionModule [ "security" "grsecurity" "config" "mode" ]) - (mkRemovedOptionModule [ "security" "grsecurity" "config" "priority" ]) - (mkRemovedOptionModule [ "security" "grsecurity" "config" "system" ]) - (mkRemovedOptionModule [ "security" "grsecurity" "config" "virtualisationConfig" ]) - (mkRemovedOptionModule [ "security" "grsecurity" "config" "hardwareVirtualisation" ]) - (mkRemovedOptionModule [ "security" "grsecurity" "config" "virtualisationSoftware" ]) - (mkRemovedOptionModule [ "security" "grsecurity" "config" "sysctl" ]) - (mkRemovedOptionModule [ "security" "grsecurity" "config" "denyChrootChmod" ]) - (mkRemovedOptionModule [ "security" "grsecurity" "config" "denyChrootCaps" ]) - (mkRemovedOptionModule [ "security" "grsecurity" "config" "denyUSB" ]) - (mkRemovedOptionModule [ "security" "grsecurity" "config" "restrictProc" ]) - (mkRemovedOptionModule [ "security" "grsecurity" "config" "restrictProcWithGroup" ]) - (mkRemovedOptionModule [ "security" "grsecurity" "config" "unrestrictProcGid" ]) - (mkRemovedOptionModule [ "security" "grsecurity" "config" "disableRBAC" ]) - (mkRemovedOptionModule [ "security" "grsecurity" "config" "disableSimultConnect" ]) - (mkRemovedOptionModule [ "security" "grsecurity" "config" "verboseVersion" ]) - (mkRemovedOptionModule [ "security" "grsecurity" "config" "kernelExtraConfig" ]) + (mkRemovedOptionModule [ "security" "grsecurity" "kernelPatch" ] "") + (mkRemovedOptionModule [ "security" "grsecurity" "config" "mode" ] "") + (mkRemovedOptionModule [ "security" "grsecurity" "config" "priority" ] "") + (mkRemovedOptionModule [ "security" "grsecurity" "config" "system" ] "") + (mkRemovedOptionModule [ "security" "grsecurity" "config" "virtualisationConfig" ] "") + (mkRemovedOptionModule [ "security" "grsecurity" "config" "hardwareVirtualisation" ] "") + (mkRemovedOptionModule [ "security" "grsecurity" "config" "virtualisationSoftware" ] "") + (mkRemovedOptionModule [ "security" "grsecurity" "config" "sysctl" ] "") + (mkRemovedOptionModule [ "security" "grsecurity" "config" "denyChrootChmod" ] "") + (mkRemovedOptionModule [ "security" "grsecurity" "config" "denyChrootCaps" ] "") + (mkRemovedOptionModule [ "security" "grsecurity" "config" "denyUSB" ] "") + (mkRemovedOptionModule [ "security" "grsecurity" "config" "restrictProc" ] "") + (mkRemovedOptionModule [ "security" "grsecurity" "config" "restrictProcWithGroup" ] "") + (mkRemovedOptionModule [ "security" "grsecurity" "config" "unrestrictProcGid" ] "") + (mkRemovedOptionModule [ "security" "grsecurity" "config" "disableRBAC" ] "") + (mkRemovedOptionModule [ "security" "grsecurity" "config" "disableSimultConnect" ] "") + (mkRemovedOptionModule [ "security" "grsecurity" "config" "verboseVersion" ] "") + (mkRemovedOptionModule [ "security" "grsecurity" "config" "kernelExtraConfig" ] "") # Unity3D (mkRenamedOptionModule [ "programs" "unity3d" "enable" ] [ "security" "chromiumSuidSandbox" "enable" ]) @@ -141,18 +141,18 @@ with lib; (mkRenamedOptionModule [ "fonts" "fontconfig" "ultimate" "rendering" ] [ "fonts" "fontconfig" "ultimate" "preset" ]) # Options that are obsolete and have no replacement. - (mkRemovedOptionModule [ "boot" "initrd" "luks" "enable" ]) - (mkRemovedOptionModule [ "programs" "bash" "enable" ]) - (mkRemovedOptionModule [ "services" "samba" "defaultShare" ]) - (mkRemovedOptionModule [ "services" "syslog-ng" "serviceName" ]) - (mkRemovedOptionModule [ "services" "syslog-ng" "listenToJournal" ]) - (mkRemovedOptionModule [ "ec2" "metadata" ]) - (mkRemovedOptionModule [ "services" "openvpn" "enable" ]) - (mkRemovedOptionModule [ "services" "printing" "cupsFilesConf" ]) - (mkRemovedOptionModule [ "services" "printing" "cupsdConf" ]) - (mkRemovedOptionModule [ "services" "xserver" "startGnuPGAgent" ]) - (mkRemovedOptionModule [ "services" "phpfpm" "phpIni" ]) - (mkRemovedOptionModule [ "services" "dovecot2" "package" ]) - + (mkRemovedOptionModule [ "boot" "initrd" "luks" "enable" ] "") + (mkRemovedOptionModule [ "programs" "bash" "enable" ] "") + (mkRemovedOptionModule [ "services" "samba" "defaultShare" ] "") + (mkRemovedOptionModule [ "services" "syslog-ng" "serviceName" ] "") + (mkRemovedOptionModule [ "services" "syslog-ng" "listenToJournal" ] "") + (mkRemovedOptionModule [ "ec2" "metadata" ] "") + (mkRemovedOptionModule [ "services" "openvpn" "enable" ] "") + (mkRemovedOptionModule [ "services" "printing" "cupsFilesConf" ] "") + (mkRemovedOptionModule [ "services" "printing" "cupsdConf" ] "") + (mkRemovedOptionModule [ "services" "xserver" "startGnuPGAgent" ] + "See the 16.03 release notes for more information.") + (mkRemovedOptionModule [ "services" "phpfpm" "phpIni" ] "") + (mkRemovedOptionModule [ "services" "dovecot2" "package" ] "") ]; } diff --git a/nixos/modules/security/acme.nix b/nixos/modules/security/acme.nix index f646602221a4..3dac558b9537 100644 --- a/nixos/modules/security/acme.nix +++ b/nixos/modules/security/acme.nix @@ -290,9 +290,10 @@ in systemd.targets."acme-certificates" = {}; }) - { meta.maintainers = with lib.maintainers; [ abbradar fpletz globin ]; - meta.doc = ./acme.xml; - } ]; + meta = { + maintainers = with lib.maintainers; [ abbradar fpletz globin ]; + doc = ./acme.xml; + }; } diff --git a/nixos/modules/security/grsecurity.nix b/nixos/modules/security/grsecurity.nix index c6332ca9f9f6..ea1064c2d425 100644 --- a/nixos/modules/security/grsecurity.nix +++ b/nixos/modules/security/grsecurity.nix @@ -20,6 +20,11 @@ let in { + meta = { + maintainers = with maintainers; [ joachifm ]; + doc = ./grsecurity.xml; + }; + options.security.grsecurity = { enable = mkEnableOption "grsecurity/PaX"; diff --git a/nixos/doc/manual/configuration/grsecurity.xml b/nixos/modules/security/grsecurity.xml index 28415e89bfab..28415e89bfab 100644 --- a/nixos/doc/manual/configuration/grsecurity.xml +++ b/nixos/modules/security/grsecurity.xml diff --git a/nixos/modules/services/databases/postgresql.nix b/nixos/modules/services/databases/postgresql.nix index 80ee32f4ee33..9988fc6e63be 100644 --- a/nixos/modules/services/databases/postgresql.nix +++ b/nixos/modules/services/databases/postgresql.nix @@ -253,4 +253,6 @@ in }; + meta.doc = ./postgresql.xml; + } diff --git a/nixos/modules/services/databases/redis.nix b/nixos/modules/services/databases/redis.nix index 480e1184ffa3..a039ad138f6f 100644 --- a/nixos/modules/services/databases/redis.nix +++ b/nixos/modules/services/databases/redis.nix @@ -234,9 +234,8 @@ in serviceConfig.Type = "oneshot"; script = '' - if ! test -e ${cfg.dbpath}; then - install -d -m0700 -o ${cfg.user} ${cfg.dbpath} - fi + install -d -m0700 -o ${cfg.user} ${cfg.dbpath} + chown -R ${cfg.user} ${cfg.dbpath} ''; }; diff --git a/nixos/modules/services/editors/emacs.nix b/nixos/modules/services/editors/emacs.nix index 43b4219c51dd..6795ec52fe4d 100644 --- a/nixos/modules/services/editors/emacs.nix +++ b/nixos/modules/services/editors/emacs.nix @@ -83,4 +83,6 @@ in { EDITOR = mkOverride 900 "${editorScript}/bin/emacseditor"; } else {}; }; + + meta.doc = ./emacs.xml; } diff --git a/nixos/modules/services/mail/opensmtpd.nix b/nixos/modules/services/mail/opensmtpd.nix index e773cdedaea2..fb94560e10aa 100644 --- a/nixos/modules/services/mail/opensmtpd.nix +++ b/nixos/modules/services/mail/opensmtpd.nix @@ -109,12 +109,14 @@ in { after = [ "network.target" ]; preStart = '' mkdir -p /var/spool/smtpd + chmod 711 /var/spool/smtpd mkdir -p /var/spool/smtpd/offline chown root.smtpq /var/spool/smtpd/offline chmod 770 /var/spool/smtpd/offline mkdir -p /var/spool/smtpd/purge + chown smtpq.root /var/spool/smtpd/purge chmod 700 /var/spool/smtpd/purge ''; serviceConfig.ExecStart = "${opensmtpd}/sbin/smtpd -d -f ${conf} ${args}"; diff --git a/nixos/modules/services/misc/gitlab.nix b/nixos/modules/services/misc/gitlab.nix index f4ab26714d54..b3f09999adba 100644 --- a/nixos/modules/services/misc/gitlab.nix +++ b/nixos/modules/services/misc/gitlab.nix @@ -556,4 +556,7 @@ in { }; }; + + meta.doc = ./gitlab.xml; + } diff --git a/nixos/modules/services/misc/nix-daemon.nix b/nixos/modules/services/misc/nix-daemon.nix index fe5132d4973e..333782d15bcb 100644 --- a/nixos/modules/services/misc/nix-daemon.nix +++ b/nixos/modules/services/misc/nix-daemon.nix @@ -311,7 +311,7 @@ in nixPath = mkOption { type = types.listOf types.str; default = - [ "/nix/var/nix/profiles/per-user/root/channels/nixos" + [ "nixpkgs=/nix/var/nix/profiles/per-user/root/channels/nixos/nixpkgs" "nixos-config=/etc/nixos/configuration.nix" "/nix/var/nix/profiles/per-user/root/channels" ]; diff --git a/nixos/modules/services/misc/nixos-manual.nix b/nixos/modules/services/misc/nixos-manual.nix index a60d5f7983bc..306ee346523d 100644 --- a/nixos/modules/services/misc/nixos-manual.nix +++ b/nixos/modules/services/misc/nixos-manual.nix @@ -17,7 +17,7 @@ let Caveat: even if the package is reached by a different means, the path above will be shown and not e.g. `${config.services.foo.package}`. */ manual = import ../../../doc/manual { - inherit pkgs; + inherit pkgs config; version = config.system.nixosRelease; revision = "release-${config.system.nixosRelease}"; options = diff --git a/nixos/modules/services/misc/taskserver/default.nix b/nixos/modules/services/misc/taskserver/default.nix index c846ffd04551..6d458feec345 100644 --- a/nixos/modules/services/misc/taskserver/default.nix +++ b/nixos/modules/services/misc/taskserver/default.nix @@ -534,6 +534,7 @@ in { (mkIf (cfg.enable && cfg.listenHost != "localhost") { networking.firewall.allowedTCPPorts = [ cfg.listenPort ]; }) - { meta.doc = ./taskserver.xml; } ]; + + meta.doc = ./doc.xml; } diff --git a/nixos/modules/services/networking/dnscrypt-proxy.nix b/nixos/modules/services/networking/dnscrypt-proxy.nix index cf36ccf05725..2714e8d75993 100644 --- a/nixos/modules/services/networking/dnscrypt-proxy.nix +++ b/nixos/modules/services/networking/dnscrypt-proxy.nix @@ -28,31 +28,15 @@ let in { + meta = { + maintainers = with maintainers; [ joachifm ]; + doc = ./dnscrypt-proxy.xml; + }; + options = { services.dnscrypt-proxy = { - enable = mkEnableOption "dnscrypt-proxy" // { description = '' - Whether to enable the DNSCrypt client proxy. The proxy relays - DNS queries to a DNSCrypt enabled upstream resolver. The traffic - between the client and the upstream resolver is encrypted and - authenticated, mitigating the risk of MITM attacks and third-party - snooping (assuming the upstream is trustworthy). - - Enabling this option does not alter the system nameserver; to relay - local queries, prepend <literal>127.0.0.1</literal> to - <option>networking.nameservers</option>. - - The recommended configuration is to run DNSCrypt proxy as a forwarder - for a caching DNS client, as in - <programlisting> - { - services.dnscrypt-proxy.enable = true; - services.dnscrypt-proxy.localPort = 43; - services.dnsmasq.enable = true; - services.dnsmasq.servers = [ "127.0.0.1#43" ]; - services.dnsmasq.resolveLocalQueries = true; # this is the default - } - </programlisting> - ''; }; + enable = mkEnableOption "DNSCrypt client proxy"; + localAddress = mkOption { default = "127.0.0.1"; type = types.str; @@ -62,6 +46,7 @@ in of other machines (typically on the local network). ''; }; + localPort = mkOption { default = 53; type = types.int; @@ -72,6 +57,7 @@ in to a different value; otherwise leave the default. ''; }; + resolverName = mkOption { default = "dnscrypt.eu-nl"; type = types.nullOr types.str; @@ -82,6 +68,7 @@ in extensions, and claims to not keep logs. ''; }; + resolverList = mkOption { description = '' The list of upstream DNSCrypt resolvers. By default, we use the most @@ -94,6 +81,7 @@ in }; defaultText = "pkgs.fetchurl { url = ...; sha256 = ...; }"; }; + customResolver = mkOption { default = null; description = '' @@ -103,26 +91,30 @@ in type = types.nullOr (types.submodule ({ ... }: { options = { address = mkOption { type = types.str; - description = "Resolver IP address"; + description = "IP address"; example = "208.67.220.220"; }; + port = mkOption { type = types.int; - description = "Resolver port"; + description = "Port"; default = 443; }; + name = mkOption { type = types.str; - description = "Provider fully qualified domain name"; + description = "Fully qualified domain name"; example = "2.dnscrypt-cert.opendns.com"; }; + key = mkOption { type = types.str; - description = "Provider public key"; + description = "Public key"; example = "B735:1140:206F:225D:3E2B:D822:D7FD:691E:A1C3:3CC8:D666:8D0C:BE04:BFAB:CA43:FB79"; }; }; })); }; + tcpOnly = mkOption { default = false; type = types.bool; @@ -131,6 +123,7 @@ in TCP instead of UDP (on port 443). Use only if the UDP port is blocked. ''; }; + ephemeralKeys = mkOption { default = false; type = types.bool; @@ -212,7 +205,6 @@ in ExecStart = "${dnscrypt-proxy}/bin/dnscrypt-proxy ${toString daemonArgs}"; User = "dnscrypt-proxy"; - Group = "dnscrypt-proxy"; PrivateTmp = true; PrivateDevices = true; diff --git a/nixos/modules/services/networking/dnscrypt-proxy.xml b/nixos/modules/services/networking/dnscrypt-proxy.xml new file mode 100644 index 000000000000..e212a8d3e2c3 --- /dev/null +++ b/nixos/modules/services/networking/dnscrypt-proxy.xml @@ -0,0 +1,76 @@ +<chapter xmlns="http://docbook.org/ns/docbook" + xmlns:xlink="http://www.w3.org/1999/xlink" + xmlns:xi="http://www.w3.org/2001/XInclude" + version="5.0" + xml:id="sec-dnscrypt-proxy"> + + <title>DNSCrypt client proxy</title> + + <para> + The DNSCrypt client proxy relays DNS queries to a DNSCrypt enabled + upstream resolver. The traffic between the client and the upstream + resolver is encrypted and authenticated, mitigating the risk of MITM + attacks, DNS poisoning attacks, and third-party snooping (assuming the + upstream is trustworthy). + </para> + + <sect1><title>Basic configuration</title> + + <para> + To enable the client proxy, set + <programlisting> + services.dnscrypt-proxy.enable = true; + </programlisting> + </para> + + <para> + Enabling the client proxy does not alter the system nameserver; to + relay local queries, prepend <literal>127.0.0.1</literal> to + <option>networking.nameservers</option>. + </para> + + </sect1> + + <sect1><title>As a forwarder for a caching DNS client</title> + + <para> + By default, DNSCrypt proxy acts as a transparent proxy for the + system stub resolver. Because the client does not cache lookups, this + setup can significantly slow down e.g., web browsing. The recommended + configuration is to run DNSCrypt proxy as a forwarder for a caching DNS + client. To achieve this, change the default proxy listening port to + a non-standard value and point the caching client to it: + <programlisting> + services.dnscrypt-proxy.localPort = 43; + </programlisting> + </para> + + <sect2><title>dnsmasq</title> + <para> + <programlisting> + { + services.dnsmasq.enable = true; + services.dnsmasq.servers = [ "127.0.0.1#43" ]; + } + </programlisting> + </para> + </sect2> + + <sect2><title>unbound</title> + <para> + <programlisting> + { + networking.nameservers = [ "127.0.0.1" ]; + services.unbound.enable = true; + services.unbound.forwardAddresses = [ "127.0.0.1@43" ]; + services.unbound.extraConfig = '' + do-not-query-localhost: no + ''; + } + </programlisting> + </para> + </sect2> + + </sect1> + +</chapter> diff --git a/nixos/modules/services/networking/teamspeak3.nix b/nixos/modules/services/networking/teamspeak3.nix index 5f04926eed24..3703921ff703 100644 --- a/nixos/modules/services/networking/teamspeak3.nix +++ b/nixos/modules/services/networking/teamspeak3.nix @@ -95,47 +95,44 @@ in ###### implementation - config = mkMerge [ - (mkIf cfg.enable { - users.users.teamspeak = { - description = "Teamspeak3 voice communication server daemon"; - group = group; - uid = config.ids.uids.teamspeak; - home = cfg.dataDir; - createHome = true; - }; - - users.groups.teamspeak = { - gid = config.ids.gids.teamspeak; - }; + config = mkIf cfg.enable { + users.users.teamspeak = { + description = "Teamspeak3 voice communication server daemon"; + group = group; + uid = config.ids.uids.teamspeak; + home = cfg.dataDir; + createHome = true; + }; - systemd.services.teamspeak3-server = { - description = "Teamspeak3 voice communication server daemon"; - after = [ "network.target" ]; - wantedBy = [ "multi-user.target" ]; + users.groups.teamspeak = { + gid = config.ids.gids.teamspeak; + }; - preStart = '' - mkdir -p ${cfg.logPath} - chown ${user}:${group} ${cfg.logPath} + systemd.services.teamspeak3-server = { + description = "Teamspeak3 voice communication server daemon"; + after = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; + + preStart = '' + mkdir -p ${cfg.logPath} + chown ${user}:${group} ${cfg.logPath} + ''; + + serviceConfig = { + ExecStart = '' + ${ts3}/bin/ts3server \ + dbsqlpath=${ts3}/lib/teamspeak/sql/ logpath=${cfg.logPath} \ + voice_ip=${cfg.voiceIP} default_voice_port=${toString cfg.defaultVoicePort} \ + filetransfer_ip=${cfg.fileTransferIP} filetransfer_port=${toString cfg.fileTransferPort} \ + query_ip=${cfg.queryIP} query_port=${toString cfg.queryPort} ''; - - serviceConfig = { - ExecStart = '' - ${ts3}/bin/ts3server \ - dbsqlpath=${ts3}/lib/teamspeak/sql/ logpath=${cfg.logPath} \ - voice_ip=${cfg.voiceIP} default_voice_port=${toString cfg.defaultVoicePort} \ - filetransfer_ip=${cfg.fileTransferIP} filetransfer_port=${toString cfg.fileTransferPort} \ - query_ip=${cfg.queryIP} query_port=${toString cfg.queryPort} - ''; - WorkingDirectory = cfg.dataDir; - User = user; - Group = group; - PermissionsStartOnly = true; - }; + WorkingDirectory = cfg.dataDir; + User = user; + Group = group; + PermissionsStartOnly = true; }; - }) - { - meta.maintainers = with lib.maintainers; [ arobyn ]; - } - ]; + }; + }; + + meta.maintainers = with lib.maintainers; [ arobyn ]; } diff --git a/nixos/modules/services/networking/wpa_supplicant.nix b/nixos/modules/services/networking/wpa_supplicant.nix index 8d22c10d3f78..de99ce4f0260 100644 --- a/nixos/modules/services/networking/wpa_supplicant.nix +++ b/nixos/modules/services/networking/wpa_supplicant.nix @@ -111,57 +111,54 @@ in { }; }; - config = mkMerge [ - (mkIf cfg.enable { - assertions = flip mapAttrsToList cfg.networks (name: cfg: { - assertion = cfg.psk == null || cfg.pskRaw == null; - message = ''networking.wireless."${name}".psk and networking.wireless."${name}".pskRaw are mutually exclusive''; - }); - - environment.systemPackages = [ pkgs.wpa_supplicant ]; - - services.dbus.packages = [ pkgs.wpa_supplicant ]; - - # FIXME: start a separate wpa_supplicant instance per interface. - systemd.services.wpa_supplicant = let - ifaces = cfg.interfaces; - deviceUnit = interface: [ "sys-subsystem-net-devices-${interface}.device" ]; - in { - description = "WPA Supplicant"; - - after = [ "network-interfaces.target" ] ++ lib.concatMap deviceUnit ifaces; - requires = lib.concatMap deviceUnit ifaces; - wantedBy = [ "network.target" ]; - - path = [ pkgs.wpa_supplicant ]; - - script = '' - ${if ifaces == [] then '' - for i in $(cd /sys/class/net && echo *); do - DEVTYPE= - source /sys/class/net/$i/uevent - if [ "$DEVTYPE" = "wlan" -o -e /sys/class/net/$i/wireless ]; then - ifaces="$ifaces''${ifaces:+ -N} -i$i" - fi - done - '' else '' - ifaces="${concatStringsSep " -N " (map (i: "-i${i}") ifaces)}" - ''} - exec wpa_supplicant -s -u -D${cfg.driver} -c ${configFile} $ifaces - ''; - }; - - powerManagement.resumeCommands = '' - ${config.systemd.package}/bin/systemctl try-restart wpa_supplicant + config = mkIf cfg.enable { + assertions = flip mapAttrsToList cfg.networks (name: cfg: { + assertion = cfg.psk == null || cfg.pskRaw == null; + message = ''networking.wireless."${name}".psk and networking.wireless."${name}".pskRaw are mutually exclusive''; + }); + + environment.systemPackages = [ pkgs.wpa_supplicant ]; + + services.dbus.packages = [ pkgs.wpa_supplicant ]; + + # FIXME: start a separate wpa_supplicant instance per interface. + systemd.services.wpa_supplicant = let + ifaces = cfg.interfaces; + deviceUnit = interface: [ "sys-subsystem-net-devices-${interface}.device" ]; + in { + description = "WPA Supplicant"; + + after = [ "network-interfaces.target" ] ++ lib.concatMap deviceUnit ifaces; + requires = lib.concatMap deviceUnit ifaces; + wantedBy = [ "network.target" ]; + + path = [ pkgs.wpa_supplicant ]; + + script = '' + ${if ifaces == [] then '' + for i in $(cd /sys/class/net && echo *); do + DEVTYPE= + source /sys/class/net/$i/uevent + if [ "$DEVTYPE" = "wlan" -o -e /sys/class/net/$i/wireless ]; then + ifaces="$ifaces''${ifaces:+ -N} -i$i" + fi + done + '' else '' + ifaces="${concatStringsSep " -N " (map (i: "-i${i}") ifaces)}" + ''} + exec wpa_supplicant -s -u -D${cfg.driver} -c ${configFile} $ifaces ''; + }; - # Restart wpa_supplicant when a wlan device appears or disappears. - services.udev.extraRules = '' - ACTION=="add|remove", SUBSYSTEM=="net", ENV{DEVTYPE}=="wlan", RUN+="${config.systemd.package}/bin/systemctl try-restart wpa_supplicant.service" - ''; - }) - { - meta.maintainers = with lib.maintainers; [ globin ]; - } - ]; + powerManagement.resumeCommands = '' + ${config.systemd.package}/bin/systemctl try-restart wpa_supplicant + ''; + + # Restart wpa_supplicant when a wlan device appears or disappears. + services.udev.extraRules = '' + ACTION=="add|remove", SUBSYSTEM=="net", ENV{DEVTYPE}=="wlan", RUN+="${config.systemd.package}/bin/systemctl try-restart wpa_supplicant.service" + ''; + }; + + meta.maintainers = with lib.maintainers; [ globin ]; } diff --git a/nixos/modules/services/x11/display-managers/default.nix b/nixos/modules/services/x11/display-managers/default.nix index 1c928ff22a1f..75d80609f73f 100644 --- a/nixos/modules/services/x11/display-managers/default.nix +++ b/nixos/modules/services/x11/display-managers/default.nix @@ -306,7 +306,8 @@ in }; imports = [ - (mkRemovedOptionModule [ "services" "xserver" "displayManager" "desktopManagerHandlesLidAndPower" ]) + (mkRemovedOptionModule [ "services" "xserver" "displayManager" "desktopManagerHandlesLidAndPower" ] + "The option is no longer necessary because all display managers have already delegated lid management to systemd.") ]; } diff --git a/nixos/modules/system/boot/loader/grub/grub.nix b/nixos/modules/system/boot/loader/grub/grub.nix index 0640ec306e18..e86df4e74c9f 100644 --- a/nixos/modules/system/boot/loader/grub/grub.nix +++ b/nixos/modules/system/boot/loader/grub/grub.nix @@ -341,7 +341,7 @@ in default = false; type = types.bool; description = '' - Whether GRUB should be build against libzfs. + Whether GRUB should be built against libzfs. ZFS support is only available for GRUB v2. This option is ignored for GRUB v1. ''; @@ -351,7 +351,7 @@ in default = false; type = types.bool; description = '' - Whether GRUB should be build with EFI support. + Whether GRUB should be built with EFI support. EFI support is only available for GRUB v2. This option is ignored for GRUB v1. ''; @@ -500,7 +500,7 @@ in imports = - [ (mkRemovedOptionModule [ "boot" "loader" "grub" "bootDevice" ]) + [ (mkRemovedOptionModule [ "boot" "loader" "grub" "bootDevice" ] "") (mkRenamedOptionModule [ "boot" "copyKernels" ] [ "boot" "loader" "grub" "copyKernels" ]) (mkRenamedOptionModule [ "boot" "extraGrubEntries" ] [ "boot" "loader" "grub" "extraEntries" ]) (mkRenamedOptionModule [ "boot" "extraGrubEntriesBeforeNixos" ] [ "boot" "loader" "grub" "extraEntriesBeforeNixOS" ]) diff --git a/nixos/modules/tasks/cpu-freq.nix b/nixos/modules/tasks/cpu-freq.nix index 2fe7f4f8197a..5f8b5df52acf 100644 --- a/nixos/modules/tasks/cpu-freq.nix +++ b/nixos/modules/tasks/cpu-freq.nix @@ -19,7 +19,7 @@ in description = '' Configure the governor used to regulate the frequence of the available CPUs. By default, the kernel configures the - on-demand governor. + performance governor. ''; }; diff --git a/nixos/modules/virtualisation/containers.nix b/nixos/modules/virtualisation/containers.nix index d83841452f95..413aa94339f1 100644 --- a/nixos/modules/virtualisation/containers.nix +++ b/nixos/modules/virtualisation/containers.nix @@ -340,6 +340,20 @@ in A specification of the desired configuration of this container, as a NixOS module. ''; + type = lib.mkOptionType { + name = "Toplevel NixOS config"; + merge = loc: defs: (import ../../lib/eval-config.nix { + inherit system; + modules = + let extraConfig = + { boot.isContainer = true; + networking.hostName = mkDefault name; + networking.useDHCP = false; + }; + in [ extraConfig ] ++ (map (x: x.value) defs); + prefix = [ "containers" name ]; + }).config; + }; }; path = mkOption { @@ -410,18 +424,9 @@ in } // networkOptions; config = mkMerge - [ (mkIf options.config.isDefined { - path = (import ../../lib/eval-config.nix { - inherit system; - modules = - let extraConfig = - { boot.isContainer = true; - networking.hostName = mkDefault name; - networking.useDHCP = false; - }; - in [ extraConfig config.config ]; - prefix = [ "containers" name ]; - }).config.system.build.toplevel; + [ + (mkIf options.config.isDefined { + path = config.config.system.build.toplevel; }) ]; })); diff --git a/nixos/modules/virtualisation/virtualbox-image.nix b/nixos/modules/virtualisation/virtualbox-image.nix index 4f8ea2651007..3a598a1c7dc5 100644 --- a/nixos/modules/virtualisation/virtualbox-image.nix +++ b/nixos/modules/virtualisation/virtualbox-image.nix @@ -57,6 +57,8 @@ in { fn="$out/nixos-${config.system.nixosLabel}-${pkgs.stdenv.system}.ova" VBoxManage export "$vmName" --output "$fn" + rm -v $diskImage + mkdir -p $out/nix-support echo "file ova $fn" >> $out/nix-support/hydra-build-products ''; diff --git a/nixos/tests/boot-stage1.nix b/nixos/tests/boot-stage1.nix index ad253d23c543..ccd8394a1f03 100644 --- a/nixos/tests/boot-stage1.nix +++ b/nixos/tests/boot-stage1.nix @@ -8,6 +8,7 @@ import ./make-test.nix ({ pkgs, ... }: { kdev = config.boot.kernelPackages.kernel.dev; kver = config.boot.kernelPackages.kernel.modDirVersion; ksrc = "${kdev}/lib/modules/${kver}/build"; + hardeningDisable = [ "pic" ]; } '' echo "obj-m += $name.o" > Makefile echo "$source" > "$name.c" diff --git a/pkgs/applications/audio/aacgain/default.nix b/pkgs/applications/audio/aacgain/default.nix index 69cc798ec0f9..a22866dc031a 100644 --- a/pkgs/applications/audio/aacgain/default.nix +++ b/pkgs/applications/audio/aacgain/default.nix @@ -2,6 +2,7 @@ stdenv.mkDerivation { name = "aacgain-1.9.0"; + src = fetchFromGitHub { owner = "mulx"; repo = "aacgain"; @@ -9,6 +10,8 @@ stdenv.mkDerivation { sha256 = "07hl432vsscqg01b6wr99qmsj4gbx0i02x4k565432y6zpfmaxm0"; }; + hardeningDisable = [ "format" ]; + configurePhase = '' cd mp4v2 ./configure @@ -28,7 +31,7 @@ stdenv.mkDerivation { make LDFLAGS=-static cd .. - make + make ''; installPhase = '' diff --git a/pkgs/applications/audio/cdparanoia/default.nix b/pkgs/applications/audio/cdparanoia/default.nix index 8d5ff663a540..28183a2c6691 100644 --- a/pkgs/applications/audio/cdparanoia/default.nix +++ b/pkgs/applications/audio/cdparanoia/default.nix @@ -8,6 +8,8 @@ stdenv.mkDerivation rec { sha256 = "1pv4zrajm46za0f6lv162iqffih57a8ly4pc69f7y0gfyigb8p80"; }; + hardeningDisable = [ "format" ]; + preConfigure = "unset CC"; patches = stdenv.lib.optionals stdenv.isDarwin [ diff --git a/pkgs/applications/audio/csound/default.nix b/pkgs/applications/audio/csound/default.nix index 664d80490f2a..166ed592ad84 100644 --- a/pkgs/applications/audio/csound/default.nix +++ b/pkgs/applications/audio/csound/default.nix @@ -16,6 +16,8 @@ stdenv.mkDerivation { enableParallelBuilding = true; + hardeningDisable = [ "format" ]; + src = fetchurl { url = mirror://sourceforge/csound/Csound6.04.tar.gz; sha256 = "1030w38lxdwjz1irr32m9cl0paqmgr02lab2m7f7j1yihwxj1w0g"; diff --git a/pkgs/applications/audio/freewheeling/default.nix b/pkgs/applications/audio/freewheeling/default.nix index 5f787dbba508..6971a718de9f 100644 --- a/pkgs/applications/audio/freewheeling/default.nix +++ b/pkgs/applications/audio/freewheeling/default.nix @@ -19,6 +19,8 @@ stdenv.mkDerivation { patches = [ ./am_path_sdl.patch ./xml.patch ]; + hardeningDisable = [ "format" ]; + meta = { description = "A live looping instrument with JACK and MIDI support"; longDescription = '' diff --git a/pkgs/applications/audio/gjay/default.nix b/pkgs/applications/audio/gjay/default.nix index 93b23b2f763f..7486ec3e081f 100644 --- a/pkgs/applications/audio/gjay/default.nix +++ b/pkgs/applications/audio/gjay/default.nix @@ -13,6 +13,8 @@ stdenv.mkDerivation { buildInputs = [ mpd_clientlib dbus_glib audacious gtk gsl libaudclient ]; + hardeningDisable = [ "format" ]; + meta = with stdenv.lib; { description = "Generates playlists such that each song sounds good following the previous song"; homepage = http://gjay.sourceforge.net/; diff --git a/pkgs/applications/audio/jack-capture/default.nix b/pkgs/applications/audio/jack-capture/default.nix index ef6d13e56966..ec7f7a5c32db 100644 --- a/pkgs/applications/audio/jack-capture/default.nix +++ b/pkgs/applications/audio/jack-capture/default.nix @@ -18,7 +18,9 @@ stdenv.mkDerivation rec { cp jack_capture $out/bin/ ''; - meta = with stdenv.lib; { + hardeningDisable = [ "format" ]; + + meta = with stdenv.lib; { description = "A program for recording soundfiles with jack"; homepage = http://archive.notam02.no/arkiv/src; license = licenses.gpl2; diff --git a/pkgs/applications/audio/lingot/default.nix b/pkgs/applications/audio/lingot/default.nix index 4b07c84b0be8..22ab37dc98af 100644 --- a/pkgs/applications/audio/lingot/default.nix +++ b/pkgs/applications/audio/lingot/default.nix @@ -8,6 +8,8 @@ stdenv.mkDerivation { sha256 = "0ygras6ndw2fylwxx86ac11pcr2y2bcfvvgiwrh92z6zncx254gc"; }; + hardeningDisable = [ "format" ]; + buildInputs = [ pkgconfig intltool gtk alsaLib libglade ]; configureFlags = "--disable-jack"; diff --git a/pkgs/applications/audio/mi2ly/default.nix b/pkgs/applications/audio/mi2ly/default.nix index 1d736b06938a..fa4ea6343e91 100644 --- a/pkgs/applications/audio/mi2ly/default.nix +++ b/pkgs/applications/audio/mi2ly/default.nix @@ -21,6 +21,8 @@ stdenv.mkDerivation { sourceRoot="."; + hardeningDisable = [ "format" ]; + buildPhase = "./cc"; installPhase = '' mkdir -p "$out"/{bin,share/doc/mi2ly} diff --git a/pkgs/applications/audio/mp3info/default.nix b/pkgs/applications/audio/mp3info/default.nix index e4c45c613ee8..d28cd7c9e06d 100644 --- a/pkgs/applications/audio/mp3info/default.nix +++ b/pkgs/applications/audio/mp3info/default.nix @@ -10,6 +10,8 @@ stdenv.mkDerivation rec { buildInputs = [ ncurses pkgconfig gtk ]; + hardeningDisable = [ "format" ]; + configurePhase = '' sed -i Makefile \ -e "s|^prefix=.*$|prefix=$out|g ; diff --git a/pkgs/applications/audio/mp3val/default.nix b/pkgs/applications/audio/mp3val/default.nix index 0957420b6585..7477bea7602c 100644 --- a/pkgs/applications/audio/mp3val/default.nix +++ b/pkgs/applications/audio/mp3val/default.nix @@ -15,6 +15,8 @@ stdenv.mkDerivation rec { install -Dv mp3val "$out/bin/mp3val" ''; + hardeningDisable = [ "fortify" ]; + meta = { description = "A tool for validating and repairing MPEG audio streams"; longDescription = '' diff --git a/pkgs/applications/audio/mpg321/default.nix b/pkgs/applications/audio/mpg321/default.nix index 489831dc4641..b68c44278ee1 100644 --- a/pkgs/applications/audio/mpg321/default.nix +++ b/pkgs/applications/audio/mpg321/default.nix @@ -9,6 +9,8 @@ stdenv.mkDerivation rec { sha256 = "0ki8mh76bbmdh77qsiw682dvi8y468yhbdabqwg05igmwc1wqvq5"; }; + hardeningDisable = [ "format" ]; + configureFlags = [ ("--enable-alsa=" + (if stdenv.isLinux then "yes" else "no")) ]; diff --git a/pkgs/applications/audio/musescore/default.nix b/pkgs/applications/audio/musescore/default.nix index 99fe26b5927a..c719080c7427 100644 --- a/pkgs/applications/audio/musescore/default.nix +++ b/pkgs/applications/audio/musescore/default.nix @@ -13,6 +13,8 @@ stdenv.mkDerivation rec { sha256 = "067f4li48qfhz2barj70zpf2d2mlii12npx07jx9xjkkgz84z4c9"; }; + hardeningDisable = [ "relro" "bindnow" ]; + makeFlags = [ "PREFIX=$(out)" ]; diff --git a/pkgs/applications/audio/pd-plugins/cyclone/default.nix b/pkgs/applications/audio/pd-plugins/cyclone/default.nix index 2331944db017..e4ec281cacb8 100644 --- a/pkgs/applications/audio/pd-plugins/cyclone/default.nix +++ b/pkgs/applications/audio/pd-plugins/cyclone/default.nix @@ -11,6 +11,8 @@ stdenv.mkDerivation rec { buildInputs = [ puredata ]; + hardeningDisable = [ "format" ]; + patchPhase = '' for file in `grep -r -l g_canvas.h` do diff --git a/pkgs/applications/audio/pd-plugins/maxlib/default.nix b/pkgs/applications/audio/pd-plugins/maxlib/default.nix index c5732387b503..3b836d9eb330 100644 --- a/pkgs/applications/audio/pd-plugins/maxlib/default.nix +++ b/pkgs/applications/audio/pd-plugins/maxlib/default.nix @@ -11,6 +11,8 @@ stdenv.mkDerivation rec { buildInputs = [ puredata ]; + hardeningDisable = [ "format" ]; + patchPhase = '' for i in ${puredata}/include/pd/*; do ln -s $i . diff --git a/pkgs/applications/audio/pd-plugins/mrpeach/default.nix b/pkgs/applications/audio/pd-plugins/mrpeach/default.nix index 5f76b208e143..972a162b73f4 100644 --- a/pkgs/applications/audio/pd-plugins/mrpeach/default.nix +++ b/pkgs/applications/audio/pd-plugins/mrpeach/default.nix @@ -14,7 +14,9 @@ stdenv.mkDerivation rec { sha256 = "12jqba3jsdrk20ib9wc2wiivki88ypcd4mkzgsri9siywbbz9w8x"; }; - buildInputs = [puredata ]; + buildInputs = [ puredata ]; + + hardeningDisable = [ "format" ]; patchPhase = '' for D in net osc diff --git a/pkgs/applications/audio/qmidinet/default.nix b/pkgs/applications/audio/qmidinet/default.nix index d8d8945db928..42c98cbb1101 100644 --- a/pkgs/applications/audio/qmidinet/default.nix +++ b/pkgs/applications/audio/qmidinet/default.nix @@ -9,6 +9,8 @@ stdenv.mkDerivation rec { sha256 = "1a1pj4w74wj1gcfv4a0vzcglmr5sw0xp0y56w8rk3ig4k11xi8sa"; }; + hardeningDisable = [ "format" ]; + buildInputs = [ qt4 alsaLib libjack2 ]; meta = with stdenv.lib; { diff --git a/pkgs/applications/audio/rakarrack/default.nix b/pkgs/applications/audio/rakarrack/default.nix index 37815412fc35..ec71cfb427c6 100644 --- a/pkgs/applications/audio/rakarrack/default.nix +++ b/pkgs/applications/audio/rakarrack/default.nix @@ -10,6 +10,8 @@ stdenv.mkDerivation rec { sha256 = "1rpf63pdn54c4yg13k7cb1w1c7zsvl97c4qxcpz41c8l91xd55kn"; }; + hardeningDisable = [ "format" ]; + patches = [ ./fltk-path.patch ]; buildInputs = [ alsaLib alsaUtils fltk libjack2 libXft libXpm libjpeg diff --git a/pkgs/applications/audio/x42-plugins/default.nix b/pkgs/applications/audio/x42-plugins/default.nix index f3a720508103..9ca78ee1a3f4 100644 --- a/pkgs/applications/audio/x42-plugins/default.nix +++ b/pkgs/applications/audio/x42-plugins/default.nix @@ -1,5 +1,5 @@ { stdenv, fetchurl, fetchgit, ftgl, freefont_ttf, libjack2, mesa_glu, pkgconfig -, libltc, libsndfile, libsamplerate +, libltc, libsndfile, libsamplerate, xz , lv2, mesa, gtk2, cairo, pango, fftwFloat, zita-convolver }: stdenv.mkDerivation rec { @@ -11,7 +11,7 @@ stdenv.mkDerivation rec { sha256 = "1ald0c5xbfkdq6g5xwyy8wmbi636m3k3gqrq16kbh46g0kld1as9"; }; - buildInputs = [ mesa_glu ftgl freefont_ttf libjack2 libltc libsndfile libsamplerate lv2 mesa gtk2 cairo pango fftwFloat pkgconfig zita-convolver]; + buildInputs = [ xz mesa_glu ftgl freefont_ttf libjack2 libltc libsndfile libsamplerate lv2 mesa gtk2 cairo pango fftwFloat pkgconfig zita-convolver]; makeFlags = [ "PREFIX=$(out)" "FONTFILE=${freefont_ttf}/share/fonts/truetype/FreeSansBold.ttf" "LIBZITACONVOLVER=${zita-convolver}/include/zita-convolver.h" ]; diff --git a/pkgs/applications/audio/zynaddsubfx/default.nix b/pkgs/applications/audio/zynaddsubfx/default.nix index 0fccf66ddbc7..ec803f2a9c52 100644 --- a/pkgs/applications/audio/zynaddsubfx/default.nix +++ b/pkgs/applications/audio/zynaddsubfx/default.nix @@ -14,6 +14,8 @@ stdenv.mkDerivation rec { buildInputs = [ alsaLib libjack2 fftw fltk13 libjpeg minixml zlib liblo ]; nativeBuildInputs = [ cmake pkgconfig ]; + hardeningDisable = [ "format" ]; + meta = with stdenv.lib; { description = "High quality software synthesizer"; homepage = http://zynaddsubfx.sourceforge.net; diff --git a/pkgs/applications/editors/bviplus/default.nix b/pkgs/applications/editors/bviplus/default.nix index 18a9cc5f02ac..d08e006ec5b3 100644 --- a/pkgs/applications/editors/bviplus/default.nix +++ b/pkgs/applications/editors/bviplus/default.nix @@ -1,19 +1,23 @@ -{ stdenv, lib, fetchurl, ncurses }: +{ stdenv, fetchurl, ncurses }: stdenv.mkDerivation rec { name = "bviplus-${version}"; version = "0.9.4"; + src = fetchurl { url = "mirror://sourceforge/project/bviplus/bviplus/${version}/bviplus-${version}.tgz"; sha256 = "10x6fbn8v6i0y0m40ja30pwpyqksnn8k2vqd290vxxlvlhzah4zb"; }; + buildInputs = [ ncurses ]; + makeFlags = "PREFIX=$(out)"; + buildFlags = [ "CFLAGS=-fgnu89-inline" ]; - meta = with lib; { + meta = with stdenv.lib; { description = "Ncurses based hex editor with a vim-like interface"; homepage = http://bviplus.sourceforge.net; license = licenses.gpl3; diff --git a/pkgs/applications/editors/emacs-24/default.nix b/pkgs/applications/editors/emacs-24/default.nix index 273507274faa..df53cf2c9a49 100644 --- a/pkgs/applications/editors/emacs-24/default.nix +++ b/pkgs/applications/editors/emacs-24/default.nix @@ -44,6 +44,10 @@ stdenv.mkDerivation rec { postPatch = '' sed -i 's|/usr/share/locale|${gettext}/share/locale|g' lisp/international/mule-cmds.el + # emacs runs then dumps itself. In the process, it keeps a copy of the + # PATH env var, holding all the build inputs in it's closure. + # Prevent that by running the self-dumping emacs with an empty PATH. + sed -i 's|^RUN_TEMACS = |&PATH= |' src/Makefile.in ''; buildInputs = diff --git a/pkgs/applications/editors/emacs-25/default.nix b/pkgs/applications/editors/emacs-25/default.nix index 2637eb3c01d7..a8d994012e27 100644 --- a/pkgs/applications/editors/emacs-25/default.nix +++ b/pkgs/applications/editors/emacs-25/default.nix @@ -56,6 +56,8 @@ stdenv.mkDerivation rec { propagatedBuildInputs = stdenv.lib.optionals stdenv.isDarwin [ AppKit GSS ImageIO ]; + hardeningDisable = [ "format" ]; + configureFlags = (if stdenv.isDarwin then [ "--with-ns" "--disable-ns-self-contained" ] diff --git a/pkgs/applications/editors/ht/default.nix b/pkgs/applications/editors/ht/default.nix index 0ca4f19b4afe..4455c70d71a8 100644 --- a/pkgs/applications/editors/ht/default.nix +++ b/pkgs/applications/editors/ht/default.nix @@ -3,13 +3,18 @@ stdenv.mkDerivation rec { name = "ht-${version}"; version = "2.1.0"; + src = fetchurl { url = "mirror://sourceforge/project/hte/ht-source/ht-${version}.tar.bz2"; sha256 = "0w2xnw3z9ws9qrdpb80q55h6ynhh3aziixcfn45x91bzrbifix9i"; }; + buildInputs = [ ncurses ]; + + hardeningDisable = [ "format" ]; + meta = with lib; { description = "File editor/viewer/analyzer for executables"; homepage = "http://hte.sourceforge.net"; diff --git a/pkgs/applications/editors/kdevelop5/kdevelop-pg-qt.nix b/pkgs/applications/editors/kdevelop5/kdevelop-pg-qt.nix new file mode 100644 index 000000000000..c8aae34e6c48 --- /dev/null +++ b/pkgs/applications/editors/kdevelop5/kdevelop-pg-qt.nix @@ -0,0 +1,32 @@ +{ stdenv, fetchurl, cmake, pkgconfig, extra-cmake-modules, qtbase }: + +let + pname = "kdevelop-pg-qt"; + version = "2.0"; + dirVersion = "2.0.0"; + +in +stdenv.mkDerivation rec { + name = "${pname}-${version}"; + + src = fetchurl { + url = "mirror://kde/stable/${pname}/${dirVersion}/src/${name}.tar.xz"; + sha256 = "2f778d324b7c0962e8bb5f62dd2643bac1a6f3ac971d145b6aace7cd61878993"; + }; + + nativeBuildInputs = [ cmake pkgconfig extra-cmake-modules ]; + + buildInputs = [ qtbase ]; + + meta = with stdenv.lib; { + maintainers = [ maintainers.ambrop72 ]; + platforms = platforms.linux; + description = "Parser-generator from KDevplatform"; + longDescription = '' + KDevelop-PG-Qt is the parser-generator from KDevplatform. + It is used for some KDevelop-languagesupport-plugins (Ruby, PHP, CSS...). + ''; + homepage = https://www.kdevelop.org; + license = with stdenv.lib.licenses; [ lgpl2Plus ]; + }; +} diff --git a/pkgs/applications/editors/kdevelop5/kdevelop.nix b/pkgs/applications/editors/kdevelop5/kdevelop.nix new file mode 100644 index 000000000000..845a02bebf6a --- /dev/null +++ b/pkgs/applications/editors/kdevelop5/kdevelop.nix @@ -0,0 +1,54 @@ +{ stdenv, fetchurl, cmake, gettext, pkgconfig, extra-cmake-modules, makeQtWrapper +, qtquickcontrols, qtwebkit +, kconfig, kdeclarative, kdoctools, kiconthemes, ki18n, kitemmodels, kitemviews +, kjobwidgets, kcmutils, kio, knewstuff, knotifyconfig, kparts, ktexteditor +, threadweaver, kxmlgui, kwindowsystem +, plasma-framework, krunner, kdevplatform, kdevelop-pg-qt, shared_mime_info +, libksysguard, llvmPackages +}: + +let + pname = "kdevelop"; + version = "5.0"; + dirVersion = "5.0.0"; + +in +stdenv.mkDerivation rec { + name = "${pname}-${version}"; + + src = fetchurl { + url = "mirror://kde/stable/${pname}/${dirVersion}/src/${name}.tar.xz"; + sha256 = "5e034b8670f4ba13ccb2948c28efa0b54df346e85b648078698cca8974ea811c"; + }; + + nativeBuildInputs = [ cmake gettext pkgconfig extra-cmake-modules makeQtWrapper ]; + + buildInputs = [ + qtquickcontrols qtwebkit + kconfig kdeclarative kdoctools kiconthemes ki18n kitemmodels kitemviews + kjobwidgets kcmutils kio knewstuff knotifyconfig kparts ktexteditor + threadweaver kxmlgui kwindowsystem plasma-framework krunner + kdevplatform kdevelop-pg-qt shared_mime_info libksysguard + llvmPackages.llvm llvmPackages.clang-unwrapped + ]; + + postInstall = '' + wrapQtProgram "$out/bin/kdevelop" + ''; + + meta = with stdenv.lib; { + maintainers = [ maintainers.ambrop72 ]; + platforms = platforms.linux; + description = "KDE official IDE"; + longDescription = + '' + A free, opensource IDE (Integrated Development Environment) + for MS Windows, Mac OsX, Linux, Solaris and FreeBSD. It is a + feature-full, plugin extendable IDE for C/C++ and other + programing languages. It is based on KDevPlatform, KDE and Qt + libraries and is under development since 1998. + ''; + homepage = https://www.kdevelop.org; + license = with stdenv.lib.licenses; [ gpl2Plus lgpl2Plus ]; + }; +} diff --git a/pkgs/applications/editors/kdevelop5/kdevplatform.nix b/pkgs/applications/editors/kdevelop5/kdevplatform.nix new file mode 100644 index 000000000000..52af0a4e05db --- /dev/null +++ b/pkgs/applications/editors/kdevelop5/kdevplatform.nix @@ -0,0 +1,44 @@ +{ stdenv, fetchurl, cmake, gettext, pkgconfig, extra-cmake-modules, makeQtWrapper +, boost, subversion, apr, aprutil +, qtscript, qtwebkit, grantlee, karchive, kconfig, kcoreaddons, kguiaddons, kiconthemes, ki18n +, kitemmodels, kitemviews, kio, kparts, sonnet, kcmutils, knewstuff, knotifications +, knotifyconfig, ktexteditor, threadweaver, kdeclarative, libkomparediff2 }: + +let + pname = "kdevplatform"; + version = "5.0"; + dirVersion = "5.0.0"; + +in +stdenv.mkDerivation rec { + name = "${pname}-${version}"; + + src = fetchurl { + url = "mirror://kde/stable/kdevelop/${dirVersion}/src/${name}.tar.xz"; + sha256 = "4085b355ab8d599d902afbc11027e1aefb22afe30d63ed54ea5fe02f24edfd10"; + }; + + nativeBuildInputs = [ cmake gettext pkgconfig extra-cmake-modules makeQtWrapper ]; + + propagatedBuildInputs = [ ]; + buildInputs = [ + boost subversion apr aprutil + qtscript qtwebkit grantlee karchive kconfig kcoreaddons kguiaddons kiconthemes + ki18n kitemmodels kitemviews kio kparts sonnet kcmutils knewstuff + knotifications knotifyconfig ktexteditor threadweaver kdeclarative + libkomparediff2 + ]; + + meta = with stdenv.lib; { + maintainers = [ maintainers.ambrop72 ]; + platforms = platforms.linux; + description = "KDE libraries for IDE-like programs"; + longDescription = '' + A free, opensource set of libraries that can be used as a foundation for + IDE-like programs. It is programing-language independent, and is planned + to be used by programs like: KDevelop, Quanta, Kile, KTechLab ... etc." + ''; + homepage = https://www.kdevelop.org; + license = with stdenv.lib.licenses; [ gpl2Plus lgpl2Plus ]; + }; +} diff --git a/pkgs/applications/editors/leafpad/default.nix b/pkgs/applications/editors/leafpad/default.nix index fc35a993badf..a5b0f2e400a4 100644 --- a/pkgs/applications/editors/leafpad/default.nix +++ b/pkgs/applications/editors/leafpad/default.nix @@ -10,6 +10,8 @@ stdenv.mkDerivation rec { buildInputs = [ intltool pkgconfig gtk ]; + hardeningDisable = [ "format" ]; + configureFlags = [ "--enable-chooser" ]; diff --git a/pkgs/applications/editors/manuskript/default.nix b/pkgs/applications/editors/manuskript/default.nix index 93813152a164..fc27e4a00f7e 100644 --- a/pkgs/applications/editors/manuskript/default.nix +++ b/pkgs/applications/editors/manuskript/default.nix @@ -17,11 +17,17 @@ python3Packages.buildPythonApplication rec { zlib ]; + patchPhase = '' + substituteInPlace manuskript/ui/welcome.py \ + --replace sample-projects $out/share/${name}/sample-projects + ''; + buildPhase = ''''; installPhase = '' - mkdir -p $out - cp -av * $out/ + mkdir -p $out/share/${name} + cp -av bin/ i18n/ libs/ manuskript/ resources/ icons/ $out + cp -r sample-projects/ $out/share/${name} ''; doCheck = false; @@ -29,6 +35,18 @@ python3Packages.buildPythonApplication rec { meta = { description = "A open-source tool for writers"; homepage = http://www.theologeek.ch/manuskript; + longDescription = '' + Manuskript is a tool for those writer who like to organize and + plan everything before writing. The snowflake method can help you + grow your idea into a book, by leading you step by step and asking + you questions to go deeper. While writing, keep track of notes + about every characters, plot, event, place in your story. + + Develop complex characters and keep track of all useful infos. + Create intricate plots, linked to your characters, and use them to + outline your story. Organize your ideas about the world your + characters live in. + ''; license = stdenv.lib.licenses.gpl3; maintainers = [ stdenv.lib.maintainers.steveej ]; platforms = stdenv.lib.platforms.linux; diff --git a/pkgs/applications/editors/nedit/default.nix b/pkgs/applications/editors/nedit/default.nix index 8a478b275933..d933a207cd4a 100644 --- a/pkgs/applications/editors/nedit/default.nix +++ b/pkgs/applications/editors/nedit/default.nix @@ -8,6 +8,8 @@ stdenv.mkDerivation rec { sha256 = "1v8y8vwj3kn91crsddqkz843y6csgw7wkjnd3zdcb4bcrf1pjrsk"; }; + hardeningDisable = [ "format" ]; + buildInputs = [ xlibsWrapper motif libXpm ]; buildFlags = if stdenv.isLinux then "linux" else diff --git a/pkgs/applications/editors/neovim/default.nix b/pkgs/applications/editors/neovim/default.nix index a01dd7a8d846..19678d241e67 100644 --- a/pkgs/applications/editors/neovim/default.nix +++ b/pkgs/applications/editors/neovim/default.nix @@ -23,8 +23,8 @@ let src = fetchFromGitHub { owner = "neovim"; repo = "libvterm"; - rev = "a9c7c6fd20fa35e0ad3e0e98901ca12dfca9c25c"; - sha256 = "090pyf1n5asaw1m2l9bsbdv3zd753aq1plb0w0drbc2k43ds7k3g"; + rev = "487f21dbf65f1c28962fef3f064603f415fbaeb2"; + sha256 = "1fig6v0qk0ylr7lqqk0d6x5yywb9ymh85vay4spw5b5r5p0ky7yx"; }; buildInputs = [ perl ]; @@ -60,13 +60,13 @@ let neovim = stdenv.mkDerivation rec { name = "neovim-${version}"; - version = "0.1.4"; + version = "0.1.5"; src = fetchFromGitHub { owner = "neovim"; repo = "neovim"; rev = "v${version}"; - sha256 = "14c4gydkm2mz22i616190yif1k0i6d7h5hyxa1mf5cmcyqmp3kkp"; + sha256 = "1ihlgm2h7147xyd5wrwg61vsnmkqc9j3ghsida4g2ilr7gw9c85y"; }; enableParallelBuilding = true; @@ -99,6 +99,9 @@ let "-DLUA_PRG=${luaPackages.lua}/bin/lua" ]; + # triggers on buffer overflow bug while running tests + hardeningDisable = [ "fortify" ]; + preConfigure = '' substituteInPlace runtime/autoload/man.vim \ --replace /usr/bin/man ${man}/bin/man diff --git a/pkgs/applications/editors/neovim/qt.nix b/pkgs/applications/editors/neovim/qt.nix index 778c1cc64457..10522f449ae5 100644 --- a/pkgs/applications/editors/neovim/qt.nix +++ b/pkgs/applications/editors/neovim/qt.nix @@ -9,8 +9,8 @@ stdenv.mkDerivation { name = "neovim-qt-${version}"; src = fetchFromGitHub { - repo = "neovim-qt"; owner = "equalsraf"; + repo = "neovim-qt"; rev = "v${version}"; sha256 = "0mqs2f7l05q2ayj77czr5fnpr7fa00qrmjdjxglbwxdxswcsz88n"; }; diff --git a/pkgs/applications/editors/vim/configurable.nix b/pkgs/applications/editors/vim/configurable.nix index b46ac7d40d5e..f0d76eae3b4f 100644 --- a/pkgs/applications/editors/vim/configurable.nix +++ b/pkgs/applications/editors/vim/configurable.nix @@ -192,6 +192,8 @@ composableDerivation { dontStrip = 1; + hardeningDisable = [ "fortify" ]; + meta = with stdenv.lib; { description = "The most popular clone of the VI editor"; homepage = http://www.vim.org; diff --git a/pkgs/applications/editors/vim/default.nix b/pkgs/applications/editors/vim/default.nix index 97a40e5c7e5a..1c81cda7ce97 100644 --- a/pkgs/applications/editors/vim/default.nix +++ b/pkgs/applications/editors/vim/default.nix @@ -30,6 +30,8 @@ stdenv.mkDerivation rec { "--enable-nls" ]; + hardeningDisable = [ "fortify" ]; + postInstall = '' ln -s $out/bin/vim $out/bin/vi mkdir -p $out/share/vim diff --git a/pkgs/applications/gis/qgis/default.nix b/pkgs/applications/gis/qgis/default.nix index a8c1428f8cb7..880053e05c29 100644 --- a/pkgs/applications/gis/qgis/default.nix +++ b/pkgs/applications/gis/qgis/default.nix @@ -5,7 +5,7 @@ }: stdenv.mkDerivation rec { - name = "qgis-2.16.1"; + name = "qgis-2.16.2"; buildInputs = [ gdal qt4 flex bison proj geos xlibsWrapper sqlite gsl qwt qscintilla fcgi libspatialindex libspatialite postgresql qjson qca2 txt2tags ] ++ @@ -25,7 +25,7 @@ stdenv.mkDerivation rec { src = fetchurl { url = "http://qgis.org/downloads/${name}.tar.bz2"; - sha256 = "4a526cd8ae76fc06bb2b6a158e86db5dc0c94545137a8233cd465ef867acdc8b"; + sha256 = "0dll8klz0qfba4c1y7mp9k4y4azlay0sypvryicggllk1hna4w0n"; }; cmakeFlags = stdenv.lib.optional withGrass "-DGRASS_PREFIX7=${grass}/${grass.name}"; diff --git a/pkgs/applications/graphics/cinepaint/default.nix b/pkgs/applications/graphics/cinepaint/default.nix index f1ca27eed803..4866ba92addd 100644 --- a/pkgs/applications/graphics/cinepaint/default.nix +++ b/pkgs/applications/graphics/cinepaint/default.nix @@ -18,14 +18,14 @@ stdenv.mkDerivation rec { libXext libXpm libXau libXxf86vm pixman libpthreadstubs fltk ]; + hardeningDisable = [ "format" ]; + patches = [ ./install.patch ]; nativeBuildInputs = [ cmake pkgconfig ]; NIX_LDFLAGS = "-llcms -ljpeg -lX11"; - # NIX_CFLAGS_COMPILE = "-I."; - meta = { homepage = http://www.cinepaint.org/; license = stdenv.lib.licenses.free; diff --git a/pkgs/applications/graphics/fontmatrix/default.nix b/pkgs/applications/graphics/fontmatrix/default.nix index 14ab9c26d7de..fc30a3559105 100644 --- a/pkgs/applications/graphics/fontmatrix/default.nix +++ b/pkgs/applications/graphics/fontmatrix/default.nix @@ -11,6 +11,8 @@ stdenv.mkDerivation rec { nativeBuildInputs = [ cmake ]; + hardeningDisable = [ "format" ]; + meta = { description = "Fontmatrix is a free/libre font explorer for Linux, Windows and Mac"; homepage = http://fontmatrix.be/; diff --git a/pkgs/applications/graphics/gimp/2.8.nix b/pkgs/applications/graphics/gimp/2.8.nix index 27d7376fe526..bc101e241145 100644 --- a/pkgs/applications/graphics/gimp/2.8.nix +++ b/pkgs/applications/graphics/gimp/2.8.nix @@ -28,7 +28,12 @@ stdenv.mkDerivation rec { pythonPath = [ pygtk ]; - postInstall = ''wrapPythonPrograms''; + postFixup = '' + wrapPythonProgramsIn $out/lib/gimp/2.0/plug-ins/ + wrapProgram $out/bin/gimp \ + --prefix PYTHONPATH : "$PYTHONPATH" \ + --set GDK_PIXBUF_MODULE_FILE "$GDK_PIXBUF_MODULE_FILE" + ''; passthru = { inherit gtk; }; # probably its a good idea to use the same gtk in plugins ? diff --git a/pkgs/applications/graphics/giv/default.nix b/pkgs/applications/graphics/giv/default.nix index 1b5ee01d4c06..1587ceb4037e 100644 --- a/pkgs/applications/graphics/giv/default.nix +++ b/pkgs/applications/graphics/giv/default.nix @@ -11,8 +11,7 @@ stdenv.mkDerivation rec { sha256 = "1sz2n7jbmg3g97bs613xxjpzqbsl5rvpg6v7g3x3ycyd35r8vsfp"; }; - # It built code to be put in a shared object without -fPIC - NIX_CFLAGS_COMPILE = "-fPIC"; + hardeningDisable = [ "format" ]; prePatch = '' sed -i s,/usr/bin/perl,${perl}/bin/perl, doc/eperl diff --git a/pkgs/applications/graphics/gqview/default.nix b/pkgs/applications/graphics/gqview/default.nix index 58bae84cd500..d2a819c1a3c2 100644 --- a/pkgs/applications/graphics/gqview/default.nix +++ b/pkgs/applications/graphics/gqview/default.nix @@ -15,6 +15,8 @@ stdenv.mkDerivation { buildInputs = [pkgconfig gtk libpng]; + hardeningDisable = [ "format" ]; + meta = { description = "A fast image viewer"; homepage = http://gqview.sourceforge.net; diff --git a/pkgs/applications/graphics/kipi-plugins/default.nix b/pkgs/applications/graphics/kipi-plugins/default.nix index 6a38698370d8..b69105fba7c8 100644 --- a/pkgs/applications/graphics/kipi-plugins/default.nix +++ b/pkgs/applications/graphics/kipi-plugins/default.nix @@ -7,7 +7,7 @@ stdenv.mkDerivation rec { name = "kipi-plugins-1.9.0"; - src = fetchurl { + src = fetchurl { url = "mirror://sourceforge/kipi/${name}.tar.bz2"; sha256 = "0k4k9v1rj7129n0s0i5pvv4rabx0prxqs6sca642fj95cxc6c96m"; }; @@ -25,6 +25,6 @@ stdenv.mkDerivation rec { homepage = http://www.kipi-plugins.org; inherit (kdelibs.meta) platforms; maintainers = with stdenv.lib.maintainers; [ viric urkud ]; - broken = true; # it should be build from digikam sources, perhaps together + broken = true; # it should be built from digikam sources, perhaps together }; } diff --git a/pkgs/applications/graphics/meshlab/default.nix b/pkgs/applications/graphics/meshlab/default.nix index d8434de5a77e..07789fce3a92 100644 --- a/pkgs/applications/graphics/meshlab/default.nix +++ b/pkgs/applications/graphics/meshlab/default.nix @@ -14,6 +14,8 @@ stdenv.mkDerivation rec { patches = [ ./include-unistd.diff ]; + hardeningDisable = [ "format" ]; + buildPhase = '' mkdir -p "$out/include" export NIX_LDFLAGS="-rpath $out/opt/meshlab $NIX_LDFLAGS" diff --git a/pkgs/applications/graphics/qtpfsgui/default.nix b/pkgs/applications/graphics/qtpfsgui/default.nix index d0558605f5bf..14af2062c61f 100644 --- a/pkgs/applications/graphics/qtpfsgui/default.nix +++ b/pkgs/applications/graphics/qtpfsgui/default.nix @@ -11,6 +11,8 @@ stdenv.mkDerivation rec { buildInputs = [ qt4 exiv2 openexr fftwSinglePrec libtiff ]; nativeBuildInputs = [ qmake4Hook ]; + hardeningDisable = [ "format" ]; + preConfigure = '' export CPATH="${ilmbase}/include/OpenEXR:$CPATH" ''; diff --git a/pkgs/applications/graphics/tesseract/default.nix b/pkgs/applications/graphics/tesseract/default.nix index b531c41e2d8a..375b09995488 100644 --- a/pkgs/applications/graphics/tesseract/default.nix +++ b/pkgs/applications/graphics/tesseract/default.nix @@ -38,6 +38,8 @@ stdenv.mkDerivation rec { buildInputs = [ autoconf automake libtool leptonica libpng libtiff ]; + hardeningDisable = [ "format" ]; + preConfigure = '' ./autogen.sh substituteInPlace "configure" \ diff --git a/pkgs/applications/graphics/xaos/default.nix b/pkgs/applications/graphics/xaos/default.nix index 1f3a9967b020..a6f97bb5334e 100644 --- a/pkgs/applications/graphics/xaos/default.nix +++ b/pkgs/applications/graphics/xaos/default.nix @@ -10,6 +10,8 @@ stdenv.mkDerivation rec { sha256 = "15cd1cx1dyygw6g2nhjqq3bsfdj8sj8m4va9n75i0f3ryww3x7wq"; }; + hardeningDisable = [ "format" ]; + buildInputs = [ aalib gsl libpng libX11 xproto libXext xextproto libXt zlib gettext intltool perl diff --git a/pkgs/applications/graphics/xfig/default.nix b/pkgs/applications/graphics/xfig/default.nix index ca1d5345fb6a..c70b1029b791 100644 --- a/pkgs/applications/graphics/xfig/default.nix +++ b/pkgs/applications/graphics/xfig/default.nix @@ -16,6 +16,8 @@ stdenv.mkDerivation { nativeBuildInputs = [ imake makeWrapper ]; + hardeningDisable = [ "format" ]; + NIX_CFLAGS_COMPILE = "-I${libXpm.dev}/include/X11"; patches = diff --git a/pkgs/applications/graphics/zgv/default.nix b/pkgs/applications/graphics/zgv/default.nix index 46d3e117d0e7..e06b76e35b12 100644 --- a/pkgs/applications/graphics/zgv/default.nix +++ b/pkgs/applications/graphics/zgv/default.nix @@ -10,6 +10,8 @@ stdenv.mkDerivation rec { buildInputs = [ SDL SDL_image pkgconfig libjpeg libpng libtiff ]; + hardeningDisable = [ "format" ]; + makeFlags = [ "BACKEND=SDL" ]; diff --git a/pkgs/applications/inferno/default.nix b/pkgs/applications/inferno/default.nix index 1a720f003004..b1574ea6963b 100644 --- a/pkgs/applications/inferno/default.nix +++ b/pkgs/applications/inferno/default.nix @@ -46,6 +46,8 @@ stdenv.mkDerivation rec { --set INFERNO_ROOT "$out/share/inferno" ''; + hardeningDisable = [ "fortify" ]; + meta = { description = "A compact distributed operating system for building cross-platform distributed systems"; homepage = "http://inferno-os.org/"; diff --git a/pkgs/applications/misc/audio/wavrsocvt/default.nix b/pkgs/applications/misc/audio/wavrsocvt/default.nix new file mode 100644 index 000000000000..09b75e27d46a --- /dev/null +++ b/pkgs/applications/misc/audio/wavrsocvt/default.nix @@ -0,0 +1,38 @@ +{ stdenv, fetchurl }: + +stdenv.mkDerivation { + name = "wavrsocvt-1.0.2.0"; + + src = fetchurl { + url = "http://bricxcc.sourceforge.net/wavrsocvt.tgz"; + sha256 = "15qlvdfwbiclljj7075ycm78yzqahzrgl4ky8pymix5179acm05h"; + }; + + phases = [ "unpackPhase" "installPhase" ]; + + unpackPhase = '' + tar -zxf $src + ''; + + installPhase = '' + mkdir -p $out/bin + cp wavrsocvt $out/bin + ''; + + meta = with stdenv.lib; { + description = "Convert .wav files into sound files for Lego NXT brick"; + longDescription = '' + wavrsocvt is a command-line utility which can be used from a + terminal window or script to convert .wav files into sound + files for the NXT brick (.rso files). It can also convert the + other direction (i.e., .rso -> .wav). It can produce RSO files + with a sample rate between 2000 and 16000 (the min/max range of + supported sample rates in the standard NXT firmware). + You can then upload these with e.g. nxt-python. + ''; + homepage = http://bricxcc.sourceforge.net/; + license = licenses.mpl11; + maintainers = with maintainers; [ leenaars ]; + platforms = with platforms; linux; + }; +} diff --git a/pkgs/applications/misc/epdfview/default.nix b/pkgs/applications/misc/epdfview/default.nix index da198e6d88b0..782ef4ae3660 100644 --- a/pkgs/applications/misc/epdfview/default.nix +++ b/pkgs/applications/misc/epdfview/default.nix @@ -1,11 +1,17 @@ { stdenv, fetchurl, fetchpatch, pkgconfig, gtk, poppler }: + stdenv.mkDerivation rec { name = "epdfview-0.1.8"; + src = fetchurl { url = "http://trac.emma-soft.com/epdfview/chrome/site/releases/${name}.tar.bz2"; sha256 = "1w7qybh8ssl4dffi5qfajq8mndw7ipsd92vkim03nywxgjp4i1ll"; }; + buildInputs = [ pkgconfig gtk poppler ]; + + hardeningDisable = [ "format" ]; + patches = [ (fetchpatch { name = "epdfview-0.1.8-glib2-headers.patch"; url = "https://projects.archlinux.org/svntogit/community.git/plain/trunk/epdfview-0.1.8-glib2-headers.patch?h=packages/epdfview&id=40ba115c860bdec31d03a30fa594a7ec2864d634"; @@ -17,13 +23,14 @@ stdenv.mkDerivation rec { sha256 = "07yvgvai2bvbr5fa1mv6lg7nqr0qyryjn1xyjlh8nidg9k9vv001"; }) ]; + meta = { homepage = http://trac.emma-soft.com/epdfview/; description = "A lightweight PDF document viewer using Poppler and GTK+"; longDescription = '' ePDFView is a free lightweight PDF document viewer using Poppler and GTK+ libraries. The aim of ePDFView is to make a simple PDF document - viewer, in the lines of Evince but without using the Gnome libraries. + viewer, in the lines of Evince but without using the Gnome libraries. ''; license = stdenv.lib.licenses.gpl2; maintainers = with stdenv.lib.maintainers; [ astsmtl ]; diff --git a/pkgs/applications/misc/gkrellm/default.nix b/pkgs/applications/misc/gkrellm/default.nix index 23b705058df1..f4fec41b9e66 100644 --- a/pkgs/applications/misc/gkrellm/default.nix +++ b/pkgs/applications/misc/gkrellm/default.nix @@ -11,6 +11,8 @@ stdenv.mkDerivation rec { buildInputs = [gettext pkgconfig glib gtk libX11 libSM libICE] ++ stdenv.lib.optionals stdenv.isDarwin [ IOKit ]; + hardeningDisable = [ "format" ]; + # Makefiles are patched to fix references to `/usr/X11R6' and to add # `-lX11' to make sure libX11's store path is in the RPATH. patchPhase = '' diff --git a/pkgs/applications/misc/gksu/default.nix b/pkgs/applications/misc/gksu/default.nix index a6e06c85ac76..c3f78efd4123 100644 --- a/pkgs/applications/misc/gksu/default.nix +++ b/pkgs/applications/misc/gksu/default.nix @@ -24,6 +24,8 @@ stdenv.mkDerivation rec { libgksu ]; + hardeningDisable = [ "format" ]; + patches = [ # https://savannah.nongnu.org/bugs/index.php?36127 ./gksu-2.0.2-glib-2.31.patch diff --git a/pkgs/applications/misc/gpxsee/default.nix b/pkgs/applications/misc/gpxsee/default.nix index 58575af462a2..edc8bbc3f77e 100644 --- a/pkgs/applications/misc/gpxsee/default.nix +++ b/pkgs/applications/misc/gpxsee/default.nix @@ -2,13 +2,13 @@ stdenv.mkDerivation rec { name = "gpxsee-${version}"; - version = "2.16"; + version = "2.17"; src = fetchFromGitHub { owner = "tumic0"; repo = "GPXSee"; rev = version; - sha256 = "0xqmjh071my9klxlk5afx8r673zlknq84n7ain6mz9i8n9m1gviv"; + sha256 = "1422kgj972ydasqqm0k02qf3v2py7if2ibri7yjg8awqilacy6by"; }; nativeBuildInputs = [ qmakeHook ]; diff --git a/pkgs/applications/misc/grip/default.nix b/pkgs/applications/misc/grip/default.nix index dc180adde65a..07cecc2d84e2 100644 --- a/pkgs/applications/misc/grip/default.nix +++ b/pkgs/applications/misc/grip/default.nix @@ -12,6 +12,8 @@ stdenv.mkDerivation rec { buildInputs = [ gtk glib pkgconfig libgnome libgnomeui vte curl cdparanoia libid3tag ncurses libtool ]; + hardeningDisable = [ "format" ]; + meta = { description = "GTK+-based audio CD player/ripper"; homepage = "http://nostatic.org/grip"; diff --git a/pkgs/applications/misc/k2pdfopt/default.nix b/pkgs/applications/misc/k2pdfopt/default.nix index ce57db371dde..7c0d615f3663 100644 --- a/pkgs/applications/misc/k2pdfopt/default.nix +++ b/pkgs/applications/misc/k2pdfopt/default.nix @@ -31,6 +31,8 @@ in stdenv.mkDerivation rec { openjpeg freetype jbig2dec djvulibre openssl ]; NIX_LDFLAGS = "-lX11 -lXext"; + hardeningDisable = [ "format" ]; + k2_pa = ./k2pdfopt.patch; tess_pa = ./tesseract.patch; @@ -96,7 +98,7 @@ in stdenv.mkDerivation rec { -ljbig2dec -ljpeg -lopenjp2 -lpng -lfreetype -lpthread -lmujs \ -lPgm2asc -llept -ltesseract -lcrypto - mkdir -p $out/bin + mkdir -p $out/bin cp k2pdfopt $out/bin ''; diff --git a/pkgs/applications/misc/keepassx/2.0-http.nix b/pkgs/applications/misc/keepassx/2.0-http.nix new file mode 100644 index 000000000000..b3a84d36b1ec --- /dev/null +++ b/pkgs/applications/misc/keepassx/2.0-http.nix @@ -0,0 +1,23 @@ +{ stdenv, fetchFromGitHub, cmake, libgcrypt, qt5, zlib, libmicrohttpd, libXtst }: + +stdenv.mkDerivation rec { + name = "keepassx2-http-unstable-${version}"; + version = "2016-05-27"; + + src = fetchFromGitHub { + owner = "droidmonkey"; + repo = "keepassx_http"; + rev = "bb2e1ee8da3a3245c3ca58978a979dd6b5c2472a"; + sha256 = "1rlbjs0i1kbrkksliisnykhki8f15g09xm3fwqlgcfc2czwbv5sv"; + }; + + buildInputs = [ cmake libgcrypt zlib qt5.full libXtst libmicrohttpd ]; + + meta = { + description = "Fork of the keepassX password-manager with additional http-interface to allow browser-integration an use with plugins such as PasslFox (https://github.com/pfn/passifox). See also keepassX2."; + homepage = http://www.keepassx.org/; + license = stdenv.lib.licenses.gpl2; + maintainers = with stdenv.lib.maintainers; [ s1lvester ]; + platforms = with stdenv.lib.platforms; linux; + }; +} diff --git a/pkgs/applications/misc/milu/default.nix b/pkgs/applications/misc/milu/default.nix index 8b7fb6787d76..b8ccbe77cf5b 100644 --- a/pkgs/applications/misc/milu/default.nix +++ b/pkgs/applications/misc/milu/default.nix @@ -11,6 +11,8 @@ stdenv.mkDerivation rec { owner = "yuejia"; }; + hardeningDisable = [ "format" ]; + preConfigure = '' sed -i 's#/usr/bin/##g' Makefile sed -i "s#-lclang#-L$(clang --print-search-dirs | diff --git a/pkgs/applications/misc/navit/default.nix b/pkgs/applications/misc/navit/default.nix index 1be39c666421..53b1106a2239 100644 --- a/pkgs/applications/misc/navit/default.nix +++ b/pkgs/applications/misc/navit/default.nix @@ -9,9 +9,14 @@ stdenv.mkDerivation rec { sha256 = "1xx62l5srfhh9cfi7n3pxj8hpcgr1rpa0hzfmbrqadzv09z36723"; }; - # 'cvs' is only for the autogen - buildInputs = [ pkgconfig gtk SDL fontconfig freetype imlib2 SDL_image mesa - libXmu freeglut python gettext quesoglc gd postgresql cmake qt4 SDL_ttf fribidi ]; + hardeningDisable = [ "format" ]; + + buildInputs = [ gtk SDL fontconfig freetype imlib2 SDL_image mesa + libXmu freeglut python gettext quesoglc gd postgresql qt4 SDL_ttf fribidi ]; + + nativeBuildInputs = [ pkgconfig cmake ]; + + NIX_CFLAGS_COMPILE = [ "-I${SDL.dev}/include/SDL" ]; cmakeFlags = [ "-DSAMPLE_MAP=n" ]; diff --git a/pkgs/applications/misc/posterazor/default.nix b/pkgs/applications/misc/posterazor/default.nix index f55af543f18d..b6d46cf9ed13 100644 --- a/pkgs/applications/misc/posterazor/default.nix +++ b/pkgs/applications/misc/posterazor/default.nix @@ -8,6 +8,8 @@ stdenv.mkDerivation rec { sha256 = "1dqpdk8zl0smdg4fganp3hxb943q40619qmxjlga9jhjc01s7fq5"; }; + hardeningDisable = [ "format" ]; + buildInputs = [ cmake unzip pkgconfig libXpm fltk13 freeimage ]; unpackPhase = '' diff --git a/pkgs/applications/misc/sdcv/default.nix b/pkgs/applications/misc/sdcv/default.nix index 3859d2c82abd..8e781cd1c026 100644 --- a/pkgs/applications/misc/sdcv/default.nix +++ b/pkgs/applications/misc/sdcv/default.nix @@ -16,6 +16,8 @@ stdenv.mkDerivation rec { sha256 = "1cnyv7gd1qvz8ma8545d3aq726wxrx4km7ykl97831irx5wz0r51"; }; + hardeningDisable = [ "format" ]; + patches = ( if stdenv.isDarwin then [ ./sdcv.cpp.patch-darwin ./utils.hpp.patch ] else [ ./sdcv.cpp.patch ] ); diff --git a/pkgs/applications/misc/tasknc/default.nix b/pkgs/applications/misc/tasknc/default.nix index 85e6c07d670a..ae0b46d056fe 100644 --- a/pkgs/applications/misc/tasknc/default.nix +++ b/pkgs/applications/misc/tasknc/default.nix @@ -9,6 +9,8 @@ stdenv.mkDerivation rec { sha256 = "0max5schga9hmf3vfqk2ic91dr6raxglyyjcqchzla280kxn5c28"; }; + hardeningDisable = [ "format" ]; + # # I know this is ugly, but the Makefile does strange things in this package, # so we have to: diff --git a/pkgs/applications/misc/timewarrior/default.nix b/pkgs/applications/misc/timewarrior/default.nix index e67c141f3582..091d51d33059 100644 --- a/pkgs/applications/misc/timewarrior/default.nix +++ b/pkgs/applications/misc/timewarrior/default.nix @@ -2,13 +2,13 @@ stdenv.mkDerivation rec { name = "timewarrior-${version}"; - version = "1.0.0.beta1"; + version = "1.0.0"; enableParallelBuilding = true; src = fetchurl { url = "https://taskwarrior.org/download/timew-${version}.tar.gz"; - sha256 = "1gkh07mw8hiqslw8ps35r9lp5jbdy93s0sdrcbp34dd5h99qx587"; + sha256 = "1d8b9sjdbdld81n535iwip9igl16kcw452wa47fmndp8w487j0mc"; }; nativeBuildInputs = [ cmake ]; diff --git a/pkgs/applications/misc/valauncher/default.nix b/pkgs/applications/misc/valauncher/default.nix new file mode 100644 index 000000000000..7d35f1f64a8e --- /dev/null +++ b/pkgs/applications/misc/valauncher/default.nix @@ -0,0 +1,23 @@ +{ stdenv, fetchFromGitHub, cmake, gtk3, vala_0_26, pkgconfig, gnome3 }: + +stdenv.mkDerivation rec { + version = "1.2"; + name = "valauncher-${version}"; + + src = fetchFromGitHub { + owner = "Mic92"; + repo = "valauncher"; + rev = "v${version}"; + sha256 = "1d1gfmzmr5ra2rnjc6rbz31mf3hk7q04lh4i1hljgk7fh90dacb6"; + }; + + buildInputs = [ cmake gtk3 vala_0_26 pkgconfig gnome3.libgee ]; + + meta = with stdenv.lib; { + description = "A fast dmenu-like gtk3 application launcher"; + homepage = https://github.com/Mic92/valauncher; + license = licenses.mit; + maintainers = with maintainers; [ mic92 ]; + platforms = platforms.all; + }; +} diff --git a/pkgs/applications/misc/vym/default.nix b/pkgs/applications/misc/vym/default.nix index 97fa47399f50..8e1514583a25 100644 --- a/pkgs/applications/misc/vym/default.nix +++ b/pkgs/applications/misc/vym/default.nix @@ -9,6 +9,8 @@ stdenv.mkDerivation rec { sha256 = "1x4qp6wpszscbbs4czkfvskm7qjglvxm813nqv281bpy4y1hhvgs"; }; + hardeningDisable = [ "format" ]; + buildInputs = [ pkgconfig qt4 qmake4Hook ]; meta = with stdenv.lib; { @@ -18,7 +20,7 @@ stdenv.mkDerivation rec { Such maps can help you to improve your creativity and effectivity. You can use them for time management, to organize tasks, to get an overview over complex contexts, to sort your ideas etc. - + Maps can be drawn by hand on paper or a flip chart and help to structure your thoughs. While a tree like structure like shown on this page can be drawn by hand or any drawing software vym offers much more features to work with such maps. diff --git a/pkgs/applications/misc/wordnet/default.nix b/pkgs/applications/misc/wordnet/default.nix index b244e9c1bfce..2f98bc66e9b3 100644 --- a/pkgs/applications/misc/wordnet/default.nix +++ b/pkgs/applications/misc/wordnet/default.nix @@ -10,6 +10,8 @@ stdenv.mkDerivation { buildInputs = [tcl tk xlibsWrapper makeWrapper]; + hardeningDisable = [ "format" ]; + patchPhase = '' sed "13i#define USE_INTERP_RESULT 1" -i src/stubs.c ''; diff --git a/pkgs/applications/misc/xpdf/default.nix b/pkgs/applications/misc/xpdf/default.nix index a7d288162e39..739f1f0a9754 100644 --- a/pkgs/applications/misc/xpdf/default.nix +++ b/pkgs/applications/misc/xpdf/default.nix @@ -25,6 +25,8 @@ stdenv.mkDerivation { # Debian uses '-fpermissive' to bypass some errors on char* constantness. CXXFLAGS = "-O2 -fpermissive"; + hardeningDisable = [ "format" ]; + configureFlags = "--enable-a4-paper"; postInstall = stdenv.lib.optionalString (base14Fonts != null) '' diff --git a/pkgs/applications/misc/xsw/default.nix b/pkgs/applications/misc/xsw/default.nix index 57ea8fe19218..b3a57e1cef21 100644 --- a/pkgs/applications/misc/xsw/default.nix +++ b/pkgs/applications/misc/xsw/default.nix @@ -1,6 +1,9 @@ -{ stdenv, fetchFromGitHub, pkgconfig, autoconf, automake, SDL, SDL_image, SDL_ttf, SDL_gfx, flex, bison }: +{ stdenv, lib, fetchFromGitHub, pkgconfig, SDL, SDL_image, SDL_ttf, SDL_gfx, flex, bison }: -stdenv.mkDerivation rec { +let + makeSDLFlags = map (p: "-I${lib.getDev p}/include/SDL"); + +in stdenv.mkDerivation rec { name = "xsw-${version}"; version = "0.1.2"; @@ -11,7 +14,11 @@ stdenv.mkDerivation rec { sha256 = "092vp61ngd2vscsvyisi7dv6qrk5m1i81gg19hyfl5qvjq5p0p8g"; }; - buildInputs = [ pkgconfig autoconf automake SDL SDL_image SDL_ttf SDL_gfx flex bison ]; + nativeBuildInputs = [ SDL SDL_image SDL_ttf SDL_gfx flex bison ]; + + buildInputs = [ pkgconfig ]; + + NIX_CFLAGS_COMPILE = makeSDLFlags [ SDL SDL_image SDL_ttf SDL_gfx ]; patches = [ ./parse.patch # Fixes compilation error by avoiding redundant definitions. diff --git a/pkgs/applications/networking/browsers/chromium/default.nix b/pkgs/applications/networking/browsers/chromium/default.nix index e55a599267a0..973669f87cdc 100644 --- a/pkgs/applications/networking/browsers/chromium/default.nix +++ b/pkgs/applications/networking/browsers/chromium/default.nix @@ -74,9 +74,8 @@ in stdenv.mkDerivation { browserBinary = "${chromium.browser}/libexec/chromium/chromium"; getWrapperFlags = plugin: "$(< \"${plugin}/nix-support/wrapper-flags\")"; in with stdenv.lib; '' - mkdir -p "$out/bin" "$out/share/applications" + mkdir -p "$out/bin" - ln -s "${chromium.browser}/share" "$out/share" eval makeWrapper "${browserBinary}" "$out/bin/chromium" \ ${concatMapStringsSep " " getWrapperFlags chromium.plugins.enabled} @@ -100,7 +99,11 @@ in stdenv.mkDerivation { ln -sv "${chromium.browser.sandbox}" "$sandbox" ln -s "$out/bin/chromium" "$out/bin/chromium-browser" - ln -s "${chromium.browser}/share/icons" "$out/share/icons" + + mkdir -p "$out/share/applications" + for f in '${chromium.browser}'/share/*; do + ln -s -t "$out/share/" "$f" + done cp -v "${desktopItem}/share/applications/"* "$out/share/applications" ''; diff --git a/pkgs/applications/networking/browsers/vimprobable2/default.nix b/pkgs/applications/networking/browsers/vimprobable2/default.nix index 45aa2a9c2d12..e2d5061b92e4 100644 --- a/pkgs/applications/networking/browsers/vimprobable2/default.nix +++ b/pkgs/applications/networking/browsers/vimprobable2/default.nix @@ -11,9 +11,9 @@ stdenv.mkDerivation rec { buildInputs = [ makeWrapper gtk libsoup libX11 perl pkgconfig webkit gsettings_desktop_schemas ]; - installPhase = '' - make PREFIX=/ DESTDIR=$out install - ''; + hardeningDisable = [ "format" ]; + + installFlags = "PREFIX=/ DESTDIR=$(out)"; preFixup = '' wrapProgram "$out/bin/vimprobable2" \ @@ -32,7 +32,7 @@ stdenv.mkDerivation rec { GTK bindings). The goal of Vimprobable is to build a completely keyboard-driven, efficient and pleasurable browsing-experience. Its featureset might be considered "minimalistic", but not as minimalistic as - being completely featureless. + being completely featureless. ''; homepage = "http://sourceforge.net/apps/trac/vimprobable"; license = stdenv.lib.licenses.mit; diff --git a/pkgs/applications/networking/browsers/w3m/default.nix b/pkgs/applications/networking/browsers/w3m/default.nix index d3b7843f291d..e4486943e628 100644 --- a/pkgs/applications/networking/browsers/w3m/default.nix +++ b/pkgs/applications/networking/browsers/w3m/default.nix @@ -50,6 +50,8 @@ stdenv.mkDerivation rec { ln -s $out/libexec/w3m/w3mimgdisplay $out/bin ''; + hardeningDisable = [ "format" ]; + configureFlags = "--with-ssl=${openssl.dev} --with-gc=${boehmgc.dev}" + optionalString graphicsSupport " --enable-image=${optionalString x11Support "x11,"}fb"; diff --git a/pkgs/applications/networking/dropbox/default.nix b/pkgs/applications/networking/dropbox/default.nix index eadd85d46487..b98e7eea14b5 100644 --- a/pkgs/applications/networking/dropbox/default.nix +++ b/pkgs/applications/networking/dropbox/default.nix @@ -23,17 +23,17 @@ let # NOTE: When updating, please also update in current stable, # as older versions stop working - version = "8.4.19"; + version = "8.4.21"; sha256 = { - "x86_64-linux" = "0pm43cklsm41mg463mz0ypvbladm2mz65s7ar9z4k4hgjrhyh67j"; - "i686-linux" = "0myz8s2xdl034zb4548fgzz2f5gfvzfr1nwp50fh3f3hmf6frgp3"; + "x86_64-linux" = "1nihmr99mzyjhhdlg39j6g0m6hqgdz80lgrjdw1nnh38vq4fgbnq"; + "i686-linux" = "09jfdc8isjcpvgnvfykawlvdq65ng0dg6b54m4vdswk58ggndvlq"; }."${stdenv.system}" or (throw "system ${stdenv.system} not supported"); arch = { "x86_64-linux" = "x86_64"; - "i686-linux" = "x86"; + "i686-linux" = "x86"; }."${stdenv.system}" or (throw "system ${stdenv.system} not supported"); # relative location where the dropbox libraries are stored @@ -74,7 +74,7 @@ in stdenv.mkDerivation { installPhase = '' mkdir -p "$out/${appdir}" - cp -r "dropbox-lnx.${arch}-${version}"/* "$out/${appdir}/" + cp -r --no-preserve=mode "dropbox-lnx.${arch}-${version}"/* "$out/${appdir}/" rm "$out/${appdir}/libdrm.so.2" rm "$out/${appdir}/libffi.so.6" @@ -104,6 +104,8 @@ in stdenv.mkDerivation { RPATH="${ldpath}:$out/${appdir}" makeWrapper "$out/${appdir}/dropbox" "$out/bin/dropbox" \ --prefix LD_LIBRARY_PATH : "$RPATH" + + chmod 755 $out/${appdir}/dropbox ''; fixupPhase = '' diff --git a/pkgs/applications/networking/ike/default.nix b/pkgs/applications/networking/ike/default.nix index 0cd603996c13..a5c21e28c3d6 100644 --- a/pkgs/applications/networking/ike/default.nix +++ b/pkgs/applications/networking/ike/default.nix @@ -33,7 +33,7 @@ stdenv.mkDerivation rec { installPhase = '' make install for file in "$out"/bin/* "$out"/sbin/*; do - wrapProgram $file --prefix LD_LIBRARY_PATH ":" "$out/lib:${stdenv.lib.makeLibraryPath [ openssl gcc.cc stdenv.glibc libedit qt4 ]}" + wrapProgram $file --prefix LD_LIBRARY_PATH ":" "$out/lib:${stdenv.lib.makeLibraryPath [ openssl gcc.cc stdenv.cc.libc libedit qt4 ]}" done ''; diff --git a/pkgs/applications/networking/instant-messengers/oneteam/default.nix b/pkgs/applications/networking/instant-messengers/oneteam/default.nix index bec367818e2f..00650bb685de 100644 --- a/pkgs/applications/networking/instant-messengers/oneteam/default.nix +++ b/pkgs/applications/networking/instant-messengers/oneteam/default.nix @@ -1,88 +1,64 @@ -x@{builderDefsPackage - , fetchgit, perl, xulrunner, cmake, perlPackages, zip, unzip, pkgconfig - , libpulseaudio, glib, gtk, pixman, nspr, nss, libXScrnSaver, scrnsaverproto - , ...}: -builderDefsPackage -(a : -let - helperArgNames = ["stdenv" "fetchurl" "builderDefsPackage"] ++ - ["fetchgit" "perlPackages"]; +{ stdenv, fetchFromGitHub +, perl, xulrunner, cmake, perlPackages, zip, unzip, pkgconfig +, libpulseaudio, glib, gtk, pixman, nspr, nss, libXScrnSaver +, scrnsaverproto +}: - buildInputs = map (n: builtins.getAttr n x) - (builtins.attrNames (builtins.removeAttrs x helperArgNames)) ++ [ - a.perlPackages.SubName a.gtk a.glib - ]; - sourceInfo = rec { - baseName="oneteam"; - version="git-head"; - name="${baseName}-${version}"; - url="git://git.process-one.net/oneteam/oneteam.git"; - rev="066cd861ea4436bbe363f032c58a746a1cac7498"; - hash="972310d6ef20db7dc749d7d935aa50889afe2004db2a07409830e09ef639f30a"; - method="fetchgit"; - }; -in -rec { - srcDrv = a.fetchgit { - url = sourceInfo.url; - sha256 = sourceInfo.hash; - rev = sourceInfo.rev; - }; +stdenv.mkDerivation rec { + name = "oneteam-unstable-2013-02-21"; - src=srcDrv + "/"; + src = fetchFromGitHub { + repo = "oneteam"; + owner = "processone"; + rev = "c51bc545c3a32db4ea8b96e43b84fcfc6b8d3d2a"; + sha256 = "19104fwdaf0nnsr5w755fg8wwww5sh96wmn939gxa5ah155nf2w3"; + }; - inherit (sourceInfo) name version; - inherit buildInputs; + nativeBuildInputs = [ pkgconfig cmake zip unzip ]; - /* doConfigure should be removed if not needed */ - phaseNames = ["goComponents" "setVars" "fixComponents" "doCmake" - "doMakeInstall" "goBack" "buildApp" "doDeploy"]; + buildInputs = + [ perl xulrunner libpulseaudio glib gtk pixman nspr + nss libXScrnSaver scrnsaverproto + ] ++ [ perlPackages.SubName gtk glib ]; - fixComponents = a.fullDepEntry '' + postPatch = '' sed -e '1i#include <netinet/in.h>' -i src/rtp/otRTPDecoder.cpp src/rtp/otRTPEncoder.cpp - '' ["minInit" "doUnpack"]; - - setVars=a.noDepEntry '' - export NIX_CFLAGS_COMPILE="$NIX_CFLAGS_COMPILE -I${nspr.dev}/include/nspr" ''; - cmakeBuildDir="cmake-build"; - cmakeFlags=["-D XPCOM_GECKO_SDK=${xulrunner}/lib/xulrunner-devel-${xulrunner.version}"]; - - goComponents=a.fullDepEntry "cd src/components" ["doUnpack"]; - goBack=a.noDepEntry "cd ../../.."; + cmakeBuildDir = "cmake-build"; + cmakeFlags = ["-D XPCOM_GECKO_SDK=${xulrunner}/lib/xulrunner-devel-${xulrunner.version}"]; - buildApp=a.fullDepEntry '' + buildPhase = '' + export NIX_CFLAGS_COMPILE="$NIX_CFLAGS_COMPILE -I${nspr.dev}/include/nspr" + cd src/components perl build.pl XULAPP 1 - '' ["addInputs"]; + cd ../../ + ''; - doDeploy = a.fullDepEntry '' + installPhase = '' TARGET_DIR="$out/share/oneteam/app" BUILD_DIR="$PWD" mkdir -p "$TARGET_DIR" cd "$TARGET_DIR" unzip "$BUILD_DIR/oneteam.xulapp" mkdir -p "$out/bin" - echo "#! ${a.stdenv.shell}" > "$out/bin/oneteam" + echo "#! ${stdenv.shell}" > "$out/bin/oneteam" echo "\"${xulrunner}/bin/xulrunner\" \"$TARGET_DIR/application.ini\"" > "$out/bin/oneteam" chmod a+x "$out/bin/oneteam" mkdir -p "$out/share/doc" cp -r "$BUILD_DIR/docs" "$out/share/doc/oneteam" - '' ["defEnsureDir"]; + ''; meta = { description = "An XMPP client"; - maintainers = with a.lib.maintainers; - [ - raskin - ]; - license = a.lib.licenses.gpl2; + maintainers = with stdenv.lib.maintainers; [ raskin ]; + license = stdenv.lib.licenses.gpl2; homepage="http://oneteam.im"; }; + passthru = { updateInfo = { - downloadPage = "git://git.process-one.net/oneteam/oneteam.git"; + downloadPage = "git://github.com/processone/oneteam"; }; }; -}) x - +} diff --git a/pkgs/applications/networking/instant-messengers/silc-client/default.nix b/pkgs/applications/networking/instant-messengers/silc-client/default.nix index 1454760f541b..df85c55dbee0 100644 --- a/pkgs/applications/networking/instant-messengers/silc-client/default.nix +++ b/pkgs/applications/networking/instant-messengers/silc-client/default.nix @@ -19,6 +19,8 @@ stdenv.mkDerivation { dontDisableStatic = true; + hardeningDisable = [ "format" ]; + configureFlags = "--with-ncurses=${ncurses.dev}"; preConfigure = stdenv.lib.optionalString enablePlugin '' diff --git a/pkgs/applications/networking/instant-messengers/vacuum/default.nix b/pkgs/applications/networking/instant-messengers/vacuum/default.nix index 0572e3f9e2e9..e8c1f50164df 100644 --- a/pkgs/applications/networking/instant-messengers/vacuum/default.nix +++ b/pkgs/applications/networking/instant-messengers/vacuum/default.nix @@ -27,6 +27,8 @@ stdenv.mkDerivation rec { qmakeFlags="$qmakeFlags INSTALL_PREFIX=$out" ''; + hardeningDisable = [ "format" ]; + meta = with stdenv.lib; { description = "An XMPP client fully composed of plugins"; maintainers = [ maintainers.raskin ]; diff --git a/pkgs/applications/networking/ipfs/default.nix b/pkgs/applications/networking/ipfs/default.nix index a08a347ab284..79e2185f04e6 100644 --- a/pkgs/applications/networking/ipfs/default.nix +++ b/pkgs/applications/networking/ipfs/default.nix @@ -1,6 +1,6 @@ -{ stdenv, buildGo15Package, fetchFromGitHub }: +{ stdenv, buildGoPackage, fetchFromGitHub }: -buildGo15Package rec { +buildGoPackage rec { name = "ipfs-${version}"; version = "i20160112--${stdenv.lib.strings.substring 0 7 rev}"; rev = "7070b4d878baad57dcc8da80080dd293aa46cabd"; @@ -17,5 +17,6 @@ buildGo15Package rec { meta = with stdenv.lib; { description = "A global, versioned, peer-to-peer filesystem"; license = licenses.mit; + broken = true; }; } diff --git a/pkgs/applications/networking/iptraf-ng/default.nix b/pkgs/applications/networking/iptraf-ng/default.nix index 368d78a36f90..746d79805f5c 100644 --- a/pkgs/applications/networking/iptraf-ng/default.nix +++ b/pkgs/applications/networking/iptraf-ng/default.nix @@ -16,6 +16,8 @@ stdenv.mkDerivation rec { --localstatedir=$out/var --sbindir=$out/bin ''; + hardeningDisable = [ "format" ]; + meta = { description = "A console-based network monitoring utility (fork of iptraf)"; longDescription = '' diff --git a/pkgs/applications/networking/iptraf/default.nix b/pkgs/applications/networking/iptraf/default.nix index 1d67fa3dcf57..d1a0b2d4b029 100644 --- a/pkgs/applications/networking/iptraf/default.nix +++ b/pkgs/applications/networking/iptraf/default.nix @@ -2,12 +2,14 @@ stdenv.mkDerivation rec { name = "iptraf-3.0.1"; - + src = fetchurl { url = ftp://iptraf.seul.org/pub/iptraf/iptraf-3.0.1.tar.gz; sha256 = "12n059j9iihhpf6spmlaspqzxz3wqan6kkpnhmlj08jdijpnk84m"; }; + hardeningDisable = [ "format" ]; + patchPhase = '' sed -i -e 's,#include <linux/if_tr.h>,#include <netinet/if_tr.h>,' src/* ''; @@ -18,7 +20,7 @@ stdenv.mkDerivation rec { mkdir -p $out/bin cp iptraf $out/bin ''; - + buildInputs = [ncurses]; meta = { diff --git a/pkgs/applications/networking/irc/bip/default.nix b/pkgs/applications/networking/irc/bip/default.nix index ee9a6392e07e..e391f0074c5a 100644 --- a/pkgs/applications/networking/irc/bip/default.nix +++ b/pkgs/applications/networking/irc/bip/default.nix @@ -30,10 +30,7 @@ in stdenv.mkDerivation { } ]; - postPatch = '' - ''; - - configureFlags = [ "--disable-pie" ]; + NIX_CFLAGS_COMPILE = "-Wno-error=unused-result"; buildInputs = [ bison flex autoconf automake openssl ]; diff --git a/pkgs/applications/networking/irc/communi/default.nix b/pkgs/applications/networking/irc/communi/default.nix index 382044bec5a7..8b467a868b5c 100644 --- a/pkgs/applications/networking/irc/communi/default.nix +++ b/pkgs/applications/networking/irc/communi/default.nix @@ -2,12 +2,13 @@ stdenv.mkDerivation rec { name = "communi-${version}"; - version = "2016-01-03"; + version = "2016-08-19"; src = fetchgit { url = "https://github.com/communi/communi-desktop.git"; - rev = "ad1b9a30ed6c51940c0d2714b126a32b5d68c876"; - sha256 = "0jx963pfvzk4dbk8mrmzfrhzybk5y6ib9yzaj662wliayrzj7vpg"; + rev = "d516b01b1382a805de65f21f3475e0a8e64a97b5"; + sha256 = "1pn7mr7ch1ck5qv9zdn3ril40c9kk6l04475564rpzf11jly76an"; + fetchSubmodules = true; }; nativeBuildInputs = [ makeQtWrapper qmakeHook ]; @@ -34,6 +35,10 @@ stdenv.mkDerivation rec { --replace "/usr/bin" "$out/bin" ''; + postFixup = '' + patchelf --set-rpath "$out/lib:$(patchelf --print-rpath $out/bin/.communi-wrapped)" $out/bin/.communi-wrapped + ''; + meta = with stdenv.lib; { description = "A simple and elegant cross-platform IRC client"; homepage = https://github.com/communi/communi-desktop; diff --git a/pkgs/applications/networking/irc/qweechat/default.nix b/pkgs/applications/networking/irc/qweechat/default.nix new file mode 100644 index 000000000000..83d459a97fe3 --- /dev/null +++ b/pkgs/applications/networking/irc/qweechat/default.nix @@ -0,0 +1,31 @@ +{ stdenv, fetchFromGitHub, python27Packages }: + +python27Packages.buildPythonApplication rec { + version = "2016-07-29"; + name = "qweechat-unstable-${version}"; + namePrefix = ""; + + src = fetchFromGitHub { + owner = "weechat"; + repo = "qweechat"; + rev = "f5e54d01691adb3abef47e051a6412186c33313c"; + sha256 = "0dhlriwvkrsn7jj01p2wqhf2p63n9qd173jsgccgxlacm2zzvhaz"; + }; + + prePatch = '' + substituteInPlace setup.py \ + --replace 'qweechat = qweechat.qweechat' 'qweechat = qweechat.qweechat:main' + ''; + + propagatedBuildInputs = with python27Packages; [ + pyside + ]; + + meta = with stdenv.lib; { + homepage = https://github.com/weechat/qweechat; + description = "Qt remote GUI for WeeChat"; + license = licenses.gpl3; + maintainers = with maintainers; [ ramkromberg ]; + platform = with platforms; linux; + }; +} diff --git a/pkgs/applications/networking/irc/wraith/default.nix b/pkgs/applications/networking/irc/wraith/default.nix index 16346bcf7202..add52d85d8b4 100644 --- a/pkgs/applications/networking/irc/wraith/default.nix +++ b/pkgs/applications/networking/irc/wraith/default.nix @@ -10,6 +10,7 @@ mkDerivation rec { url = "mirror://sourceforge/wraithbotpack/wraith-v${version}.tar.gz"; sha256 = "0h6liac5y7im0jfm2sj18mibvib7d1l727fjs82irsjj1v9kif3j"; }; + hardeningDisable = [ "format" ]; buildInputs = [ openssl ]; patches = [ ./configure.patch ./dlopen.patch ]; postPatch = '' diff --git a/pkgs/applications/networking/mailreaders/alpine/default.nix b/pkgs/applications/networking/mailreaders/alpine/default.nix index 129595efaaa1..22859a4c25d5 100644 --- a/pkgs/applications/networking/mailreaders/alpine/default.nix +++ b/pkgs/applications/networking/mailreaders/alpine/default.nix @@ -1,37 +1,38 @@ {stdenv, fetchurl, ncurses, tcl, openssl, pam, pkgconfig, gettext, kerberos , openldap }: + # NOTE: Please check if any changes here are applicable to ../realpine/ as well let - s = - rec { - version = "2.00"; + version = "2.00"; + baseName = "alpine"; +in +stdenv.mkDerivation { + name = "${baseName}-${version}"; + + src = fetchurl { url = "ftp://ftp.cac.washington.edu/alpine/alpine-${version}.tar.bz2"; sha256 = "19m2w21dqn55rhxbh5lr9qarc2fqa9wmpj204jx7a0zrb90bhpf8"; - baseName = "alpine"; - name = "${baseName}-${version}"; }; + buildInputs = [ ncurses tcl openssl pam kerberos openldap ]; -in -stdenv.mkDerivation { - inherit (s) name version; - inherit buildInputs; - src = fetchurl { - inherit (s) url sha256; - }; + + hardeningDisable = [ "format" "fortify" ]; + configureFlags = [ "--with-ssl-include-dir=${openssl.dev}/include/openssl" "--with-tcl-lib=${tcl.libPrefix}" "--with-passfile=.pine-passfile" - ]; + ]; + preConfigure = '' export NIX_LDFLAGS="$NIX_LDFLAGS -lgcc_s" ''; + meta = { - inherit (s) version; - description = ''Console mail reader''; + description = "Console mail reader"; license = stdenv.lib.licenses.asl20; maintainers = [stdenv.lib.maintainers.raskin]; platforms = stdenv.lib.platforms.linux; diff --git a/pkgs/applications/networking/mailreaders/realpine/default.nix b/pkgs/applications/networking/mailreaders/realpine/default.nix index 946538685756..c196ce777ffc 100644 --- a/pkgs/applications/networking/mailreaders/realpine/default.nix +++ b/pkgs/applications/networking/mailreaders/realpine/default.nix @@ -3,35 +3,36 @@ }: # NOTE: Please check if any changes here are applicable to ../alpine/ as well let - s = - rec { - version = "2.03"; + baseName = "re-alpine"; + version = "2.03"; +in +stdenv.mkDerivation { + name = "${baseName}-${version}"; + inherit version; + + src = fetchurl { url = "mirror://sourceforge/re-alpine/re-alpine-${version}.tar.bz2"; sha256 = "11xspzbk9cwmklmcw6rxsan7j71ysd4m9c7qldlc59ck595k5nbh"; - baseName = "re-alpine"; - name = "${baseName}-${version}"; }; + buildInputs = [ ncurses tcl openssl pam kerberos openldap ]; -in -stdenv.mkDerivation { - inherit (s) name version; - inherit buildInputs; - src = fetchurl { - inherit (s) url sha256; - }; + + hardeningDisable = [ "format" ]; + configureFlags = [ "--with-ssl-include-dir=${openssl.dev}/include/openssl" "--with-tcl-lib=${tcl.libPrefix}" "--with-passfile=.pine-passfile" - ]; + ]; + preConfigure = '' export NIX_LDFLAGS="$NIX_LDFLAGS -lgcc_s" ''; + meta = { - inherit (s) version; - description = ''Console mail reader''; + description = "Console mail reader"; license = stdenv.lib.licenses.asl20; maintainers = [stdenv.lib.maintainers.raskin]; platforms = stdenv.lib.platforms.linux; diff --git a/pkgs/applications/networking/mumble/default.nix b/pkgs/applications/networking/mumble/default.nix index 2ac4f76c7361..26dcbe200792 100644 --- a/pkgs/applications/networking/mumble/default.nix +++ b/pkgs/applications/networking/mumble/default.nix @@ -107,12 +107,12 @@ let }; stableSource = rec { - version = "1.2.15"; + version = "1.2.16"; qtVersion = 4; src = fetchurl { url = "https://github.com/mumble-voip/mumble/releases/download/${version}/mumble-${version}.tar.gz"; - sha256 = "1yjywzybgq23ry5s2yihggs13ffrphhwl6rlp6lq79rkwvafa9v5"; + sha256 = "1ikswfm7zhwqcwcc1fwk0i9jjgqng49s0yilw50s34bgg1h3im7b"; }; }; diff --git a/pkgs/applications/networking/remote/ssvnc/default.nix b/pkgs/applications/networking/remote/ssvnc/default.nix index 956391b71f86..ed64629fe244 100644 --- a/pkgs/applications/networking/remote/ssvnc/default.nix +++ b/pkgs/applications/networking/remote/ssvnc/default.nix @@ -14,6 +14,8 @@ stdenv.mkDerivation rec { configurePhase = "makeFlags=PREFIX=$out"; + hardeningDisable = [ "format" ]; + postInstall = '' sed -i -e 's|exec wish|exec ${tk}/bin/wish|' $out/lib/ssvnc/util/ssvnc.tcl sed -i -e 's|/usr/bin/perl|${perl}/bin/perl|' $out/lib/ssvnc/util/ss_vncviewer diff --git a/pkgs/applications/office/gnumeric/default.nix b/pkgs/applications/office/gnumeric/default.nix index ae7ee63519fb..ba37a3ef4288 100644 --- a/pkgs/applications/office/gnumeric/default.nix +++ b/pkgs/applications/office/gnumeric/default.nix @@ -1,21 +1,21 @@ { stdenv, fetchurl, pkgconfig, intltool, perl, perlXMLParser -, goffice, gnome3, makeWrapper, gtk3 +, goffice, gnome3, makeWrapper, gtk3, bison , python, pygobject3 }: stdenv.mkDerivation rec { - name = "gnumeric-1.12.26"; + name = "gnumeric-1.12.32"; src = fetchurl { url = "mirror://gnome/sources/gnumeric/1.12/${name}.tar.xz"; - sha256 = "48250718133e998f7b2e73f71be970542e46c9096afb936dbcb152cf5394ee14"; + sha256 = "a07bc83e2adaeb94bfa2c737c9a19d90381a19cb203dd7c4d5f7d6cfdbee6de8"; }; configureFlags = "--disable-component"; # ToDo: optional libgda, introspection? buildInputs = [ - pkgconfig intltool perl perlXMLParser + pkgconfig intltool perl perlXMLParser bison goffice gtk3 makeWrapper gnome3.defaultIconTheme python pygobject3 ]; @@ -26,7 +26,7 @@ stdenv.mkDerivation rec { for f in "$out"/bin/gnumeric-*; do wrapProgram $f \ --prefix XDG_DATA_DIRS : "$XDG_ICON_DIRS:$GSETTINGS_SCHEMAS_PATH" \ - --prefix GIO_EXTRA_MODULES : "${gnome3.dconf}/lib/gio/modules" + ${stdenv.lib.optionalString (!stdenv.isDarwin) "--prefix GIO_EXTRA_MODULES : '${gnome3.dconf}/lib/gio/modules'"} done ''; diff --git a/pkgs/applications/office/jabref/default.nix b/pkgs/applications/office/jabref/default.nix index d91da6a57a1a..6904d1873aa8 100644 --- a/pkgs/applications/office/jabref/default.nix +++ b/pkgs/applications/office/jabref/default.nix @@ -1,12 +1,12 @@ { stdenv, fetchurl, makeWrapper, makeDesktopItem, ant, jdk, jre }: stdenv.mkDerivation rec { - version = "3.5"; + version = "3.6"; name = "jabref-${version}"; src = fetchurl { url = "https://github.com/JabRef/jabref/releases/download/v${version}/JabRef-${version}.jar"; - sha256 = "19q86xc8qr6j8zd9rsc6aa3jd4kbblkr6ik1h6h7npq012019adm"; + sha256 = "140fixwffw463dprgg6kcccsp833dnclzjzvwmqs7dq0f9y2nyc5"; }; desktopItem = makeDesktopItem { diff --git a/pkgs/applications/office/libreoffice/still.nix b/pkgs/applications/office/libreoffice/still.nix index 8739f08fbd62..d873ca0a02f0 100644 --- a/pkgs/applications/office/libreoffice/still.nix +++ b/pkgs/applications/office/libreoffice/still.nix @@ -69,6 +69,16 @@ in stdenv.mkDerivation rec { sha256 = "1qg0dj0zwh5ifhmvv4k771nmyqddz4ifn75s9mr1p0nyix8zks8x"; }; + # we only have this problem on i686 ATM + patches = if stdenv.is64bit then null else [ + (fetchurl { + name = "disable-flaky-tests.diff"; + url = "https://anonscm.debian.org/git/pkg-openoffice/libreoffice.git/plain" + + "/patches/disable-flaky-tests.diff?h=libreoffice_5.1.5_rc2-1"; + sha256 = "1v1aiqdi64iijjraj6v4ljzclrd9lqan54hmy2h6m20x3ab005wb"; + }) + ]; + # Openoffice will open libcups dynamically, so we link it directly # to make its dlopen work. # It also seems not to mention libdl explicitly in some places. diff --git a/pkgs/applications/office/mendeley/default.nix b/pkgs/applications/office/mendeley/default.nix index 5ad6df96325e..7ccf66c055ed 100644 --- a/pkgs/applications/office/mendeley/default.nix +++ b/pkgs/applications/office/mendeley/default.nix @@ -1,5 +1,5 @@ { fetchurl, stdenv, dpkg, makeWrapper, which -,gcc, xorg, qt4, zlib +,gcc, liborc, xorg, qt4, zlib , ...}: assert stdenv.system == "i686-linux" || stdenv.system == "x86_64-linux"; @@ -12,17 +12,18 @@ let then "i386" else "amd64"; - shortVersion = "1.16.1-stable"; + shortVersion = "1.16.2-stable"; version = "${shortVersion}_${arch}"; url = "http://desktop-download.mendeley.com/download/apt/pool/main/m/mendeleydesktop/mendeleydesktop_${version}.deb"; sha256 = if stdenv.system == arch32 - then "0lsmaw8zzyfvndsz1awz3vl5cdvsik9wc3ck8983y20awh7r9f4m" - else "0q11v6dv7z5q4s9hlr1hmsd73nmkp8l0sj0b3hjxfblx4mqk6wl7"; + then "08f61972d5a5e491fcd3d4cf5dfe59ad7e07b3883b7ad50d440868c3057af6fb" + else "9bd139b236143f78b23ff4271c01a20c059622abe9dd125e771e0b5db16b7b7b"; deps = [ gcc.cc + liborc qt4 xorg.libX11 zlib diff --git a/pkgs/applications/science/astronomy/gravit/default.nix b/pkgs/applications/science/astronomy/gravit/default.nix index 19fa277341a5..eb5506e74908 100644 --- a/pkgs/applications/science/astronomy/gravit/default.nix +++ b/pkgs/applications/science/astronomy/gravit/default.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchurl, SDL, SDL_ttf, SDL_image, mesa, libpng, lua5, automake, autoconf }: +{ stdenv, fetchurl, SDL, SDL_ttf, SDL_image, libSM, libICE, mesa, libpng, lua5, autoconf, automake }: stdenv.mkDerivation rec { name = "gravit-0.5.1"; @@ -8,9 +8,11 @@ stdenv.mkDerivation rec { sha256 = "14vf7zj2bgrl96wsl3f1knsggc8h9624354ajzd72l46y09x5ky7"; }; - buildInputs = [mesa SDL SDL_ttf SDL_image lua5 automake autoconf libpng]; + buildInputs = [ mesa SDL SDL_ttf SDL_image lua5 libpng libSM libICE ]; - preConfigure = "sh autogen.sh"; + nativeBuildInputs = [ autoconf automake ]; + + preConfigure = "./autogen.sh"; meta = { homepage = "http://gravit.slowchop.com"; diff --git a/pkgs/applications/science/electronics/caneda/default.nix b/pkgs/applications/science/electronics/caneda/default.nix index 404ffc5010b4..dc00cef88982 100644 --- a/pkgs/applications/science/electronics/caneda/default.nix +++ b/pkgs/applications/science/electronics/caneda/default.nix @@ -19,7 +19,7 @@ stdenv.mkDerivation rec { sha256 = "dfbcac97f5a1b41ad9a63392394f37fb294cbf78c576673c9bc4a5370957b2c8"; }; - cmakeFlags = [ "-DCMAKE_BUILD_TYPE=Release" ]; + hardeningDisable = [ "format" ]; buildInputs = [ cmake qt4 libxml2 libxslt ]; diff --git a/pkgs/applications/science/electronics/qfsm/default.nix b/pkgs/applications/science/electronics/qfsm/default.nix index 95b312a44389..4b4d21aca006 100644 --- a/pkgs/applications/science/electronics/qfsm/default.nix +++ b/pkgs/applications/science/electronics/qfsm/default.nix @@ -12,6 +12,8 @@ stdenv.mkDerivation rec { patches = [ ./drop-hardcoded-prefix.patch ]; + hardeningDisable = [ "format" ]; + enableParallelBuilding = true; meta = { diff --git a/pkgs/applications/science/geometry/drgeo/default.nix b/pkgs/applications/science/geometry/drgeo/default.nix index 048f34d7abfa..3e5408ac7f5d 100644 --- a/pkgs/applications/science/geometry/drgeo/default.nix +++ b/pkgs/applications/science/geometry/drgeo/default.nix @@ -5,6 +5,8 @@ stdenv.mkDerivation rec { name = "drgeo-${version}"; version = "1.1.0"; + hardeningDisable = [ "format" ]; + src = fetchurl { url = "mirror://sourceforge/ofset/${name}.tar.gz"; sha256 = "05i2czgzhpzi80xxghinvkyqx4ym0gm9f38fz53idjhigiivp4wc"; diff --git a/pkgs/applications/science/logic/boolector/default.nix b/pkgs/applications/science/logic/boolector/default.nix index 3879ee8ef470..37d25c9e9477 100644 --- a/pkgs/applications/science/logic/boolector/default.nix +++ b/pkgs/applications/science/logic/boolector/default.nix @@ -23,10 +23,11 @@ let license = with stdenv.lib.licenses; if useV16 then unfreeRedistributable else gpl3; in stdenv.mkDerivation (boolectorPkg // { - buildInputs = [ zlib ]; - enableParallelBuilding = false; + buildInputs = [ + zlib zlib.static (stdenv.lib.getOutput "static" stdenv.cc.libc) + ]; - buildPhase = "./build.sh"; + enableParallelBuilding = false; installPhase = '' mkdir -p $out/bin $out/lib $out/include diff --git a/pkgs/applications/science/logic/ltl2ba/default.nix b/pkgs/applications/science/logic/ltl2ba/default.nix index 59c6461f5b6c..f0947fa0ed6e 100644 --- a/pkgs/applications/science/logic/ltl2ba/default.nix +++ b/pkgs/applications/science/logic/ltl2ba/default.nix @@ -9,6 +9,8 @@ stdenv.mkDerivation rec { sha256 = "16z0gc7a9dkarwn0l6rvg5jdhw1q4qyn4501zlchy0zxqddz0sx6"; }; + hardeningDisable = [ "format" ]; + preConfigure = '' substituteInPlace Makefile \ --replace "CC=gcc" "" diff --git a/pkgs/applications/science/logic/otter/default.nix b/pkgs/applications/science/logic/otter/default.nix index 08d19c143eed..b19650eb8630 100644 --- a/pkgs/applications/science/logic/otter/default.nix +++ b/pkgs/applications/science/logic/otter/default.nix @@ -17,6 +17,9 @@ stdenv.mkDerivation { src = fetchurl { inherit (s) url sha256; }; + + hardeningDisable = [ "format" ]; + buildPhase = '' find . -name Makefile | xargs sed -i -e "s@/bin/rm@$(type -P rm)@g" find . -name Makefile | xargs sed -i -e "s@/bin/mv@$(type -P mv)@g" @@ -32,11 +35,13 @@ stdenv.mkDerivation { make -C source/formed realclean make -C source/formed formed ''; + installPhase = '' mkdir -p "$out"/{bin,share/otter} cp bin/* source/formed/formed "$out/bin/" cp -r examples examples-mace2 documents README* Legal Changelog Contents index.html "$out/share/otter/" ''; + meta = { inherit (s) version; description = "A reliable first-order theorem prover"; diff --git a/pkgs/applications/science/logic/prover9/default.nix b/pkgs/applications/science/logic/prover9/default.nix index d92c7887210e..9c09ea3db980 100644 --- a/pkgs/applications/science/logic/prover9/default.nix +++ b/pkgs/applications/science/logic/prover9/default.nix @@ -8,7 +8,7 @@ stdenv.mkDerivation { sha256 = "1l2i3d3h5z7nnbzilb6z92r0rbx0kh6yaxn2c5qhn3000xcfsay3"; }; - phases = "unpackPhase patchPhase buildPhase installPhase"; + hardeningDisable = [ "format" ]; patchPhase = '' RM=$(type -tp rm) @@ -23,6 +23,8 @@ stdenv.mkDerivation { buildFlags = "all"; + checkPhase = "make test1"; + installPhase = '' mkdir -p $out/bin cp bin/* $out/bin diff --git a/pkgs/applications/science/math/cbc/default.nix b/pkgs/applications/science/math/cbc/default.nix index 0d1ef26092e2..7643c912db4b 100644 --- a/pkgs/applications/science/math/cbc/default.nix +++ b/pkgs/applications/science/math/cbc/default.nix @@ -12,6 +12,8 @@ stdenv.mkDerivation { enableParallelBuilding = true; + hardeningDisable = [ "format" ]; + buildInputs = [ zlib bzip2 ]; # FIXME: move share/coin/Data to a separate output? diff --git a/pkgs/applications/science/math/maxima/default.nix b/pkgs/applications/science/math/maxima/default.nix index 21d3c656d304..4981767f21f2 100644 --- a/pkgs/applications/science/math/maxima/default.nix +++ b/pkgs/applications/science/math/maxima/default.nix @@ -1,8 +1,8 @@ -{ stdenv, fetchurl, sbcl, texinfo, perl, makeWrapper, rlwrap ? null, tk ? null, gnuplot ? null }: +{ stdenv, fetchurl, sbcl, texinfo, perl, python, makeWrapper, rlwrap ? null, tk ? null, gnuplot ? null }: let name = "maxima"; - version = "5.36.1"; + version = "5.38.1"; searchPath = stdenv.lib.makeBinPath @@ -13,10 +13,10 @@ stdenv.mkDerivation { src = fetchurl { url = "mirror://sourceforge/${name}/${name}-${version}.tar.gz"; - sha256 = "0x1rk659sn3cq0n5c90848ilzr1gb1wf0072fl6jhkdq00qgh2s0"; + sha256 = "1p6646rvq43hk09msyp0dk50cqpkh07mf4x0bc2fqisqmcv6b1hf"; }; - buildInputs = [sbcl texinfo perl makeWrapper]; + buildInputs = [sbcl texinfo perl python makeWrapper]; postInstall = '' # Make sure that maxima can find its runtime dependencies. diff --git a/pkgs/applications/science/math/perseus/default.nix b/pkgs/applications/science/math/perseus/default.nix index 15a1de5f0c5f..55293e6c8a79 100644 --- a/pkgs/applications/science/math/perseus/default.nix +++ b/pkgs/applications/science/math/perseus/default.nix @@ -5,6 +5,8 @@ stdenv.mkDerivation { version = "4-beta"; buildInputs = [ unzip ]; + hardeningDisable = [ "stackprotector" ]; + src = fetchurl { url = "http://www.sas.upenn.edu/~vnanda/source/perseus_4_beta.zip"; sha256 = "09brijnqabhgfjlj5wny0bqm5dwqcfkp1x5wif6yzdmqh080jybj"; @@ -30,7 +32,7 @@ stdenv.mkDerivation { around datasets arising from point samples, images, distance matrices and so forth. ''; - homepage = "www.sas.upenn.edu/~vnanda/perseus/index.html"; + homepage = "http://www.sas.upenn.edu/~vnanda/perseus/index.html"; license = stdenv.lib.licenses.gpl3; maintainers = with stdenv.lib.maintainers; [erikryb]; platforms = stdenv.lib.platforms.linux; diff --git a/pkgs/applications/science/math/qalculate-gtk/default.nix b/pkgs/applications/science/math/qalculate-gtk/default.nix index fe13a9aebbcd..5f49b240fc06 100644 --- a/pkgs/applications/science/math/qalculate-gtk/default.nix +++ b/pkgs/applications/science/math/qalculate-gtk/default.nix @@ -1,13 +1,16 @@ { stdenv, fetchurl, intltool, autoreconfHook, pkgconfig, libqalculate, gtk3, wrapGAppsHook }: + stdenv.mkDerivation rec { name = "qalculate-gtk-${version}"; - version = "0.9.8"; + version = "0.9.9"; src = fetchurl { url = "https://github.com/Qalculate/qalculate-gtk/archive/v${version}.tar.gz"; - sha256 = "15ci0p7jlikk2rira6ykgrmcdvgpxzprpqmkdxx6hsg4pvzrj54s"; + sha256 = "0v9ibycilygmi9zzi7cxif7si56c85lfzdvbqnbf32whg8ydqqkg"; }; + hardeningDisable = [ "format" ]; + nativeBuildInputs = [ intltool pkgconfig autoreconfHook wrapGAppsHook ]; buildInputs = [ libqalculate gtk3 ]; diff --git a/pkgs/applications/science/math/sage/default.nix b/pkgs/applications/science/math/sage/default.nix index 6e0b4313b47d..9e17fe60c295 100644 --- a/pkgs/applications/science/math/sage/default.nix +++ b/pkgs/applications/science/math/sage/default.nix @@ -7,7 +7,7 @@ stdenv.mkDerivation rec { name = "sage-6.8"; src = fetchurl { - url = "mirror://sagemath/${name}.tar.gz"; + url = "http://old.files.sagemath.org/src-old/${name}.tar.gz"; sha256 = "102mrzzi215g1xn5zgcv501x9sghwg758jagx2jixvg1rj2jijj9"; }; @@ -18,11 +18,14 @@ stdenv.mkDerivation rec { enableParallelBuilding = true; + hardeningDisable = [ "format" ]; + preConfigure = '' export SAGE_NUM_THREADS=$NIX_BUILD_CORES export SAGE_ATLAS_ARCH=fast mkdir -p $out/sageHome export HOME=$out/sageHome + export CPPFLAGS="-P" ''; preBuild = "patchShebangs build"; @@ -30,7 +33,6 @@ stdenv.mkDerivation rec { installPhase = ''DESTDIR=$out make install''; meta = { - broken = true; homepage = "http://www.sagemath.org"; description = "A free open source mathematics software system"; license = stdenv.lib.licenses.gpl2Plus; diff --git a/pkgs/applications/science/math/singular/default.nix b/pkgs/applications/science/math/singular/default.nix index 8bae1d6206d0..a0fdf7c82395 100644 --- a/pkgs/applications/science/math/singular/default.nix +++ b/pkgs/applications/science/math/singular/default.nix @@ -16,6 +16,8 @@ stdenv.mkDerivation rec { find . -exec sed -e 's@/bin/uname@${coreutils}&@g' -i '{}' ';' ''; + hardeningDisable = stdenv.lib.optional stdenv.isi686 "stackprotector"; + postInstall = '' rm -rf "$out/LIB" cp -r Singular/LIB "$out" diff --git a/pkgs/applications/science/math/yacas/default.nix b/pkgs/applications/science/math/yacas/default.nix index 2c9d63be1b4d..adf87c4ee5ba 100644 --- a/pkgs/applications/science/math/yacas/default.nix +++ b/pkgs/applications/science/math/yacas/default.nix @@ -8,6 +8,8 @@ stdenv.mkDerivation rec { sha256 = "1dmafm3w0lm5w211nwkfzaid1rvvmgskz7k4500pjhgdczi5sd78"; }; + hardeningDisable = [ "format" ]; + # Perl is only for the documentation nativeBuildInputs = [ perl ]; @@ -32,7 +34,7 @@ stdenv.mkDerivation rec { ''; }; - meta = { + meta = { description = "Easy to use, general purpose Computer Algebra System"; homepage = http://yacas.sourceforge.net/; license = stdenv.lib.licenses.gpl2Plus; diff --git a/pkgs/applications/science/misc/openmodelica/default.nix b/pkgs/applications/science/misc/openmodelica/default.nix index 8ea670c38189..8b413f20b1e9 100644 --- a/pkgs/applications/science/misc/openmodelica/default.nix +++ b/pkgs/applications/science/misc/openmodelica/default.nix @@ -20,6 +20,8 @@ stdenv.mkDerivation { doxygen boost openscenegraph gnome.gtkglext pangox_compat xorg.libXmu git gtk makeWrapper]; + hardeningDisable = [ "format" ]; + patchPhase = '' cp -fv ${fakegit}/bin/checkout-git.sh libraries/checkout-git.sh cp -fv ${fakegit}/bin/checkout-svn.sh libraries/checkout-svn.sh diff --git a/pkgs/applications/version-management/bitkeeper/default.nix b/pkgs/applications/version-management/bitkeeper/default.nix index 760832924822..e5937977994e 100644 --- a/pkgs/applications/version-management/bitkeeper/default.nix +++ b/pkgs/applications/version-management/bitkeeper/default.nix @@ -11,6 +11,8 @@ stdenv.mkDerivation rec { sha256 = "0lk4vydpq5bi52m81h327gvzdzybf8kkak7yjwmpj6kg1jn9blaz"; }; + hardeningDisable = [ "fortify" ]; + enableParallelBuilding = true; buildInputs = [ diff --git a/pkgs/applications/version-management/cvs/default.nix b/pkgs/applications/version-management/cvs/default.nix index b0e0f334e4d0..3aace6b7e021 100644 --- a/pkgs/applications/version-management/cvs/default.nix +++ b/pkgs/applications/version-management/cvs/default.nix @@ -10,6 +10,8 @@ stdenv.mkDerivation { patches = [ ./getcwd-chroot.patch ]; + hardeningDisable = [ "format" ]; + preConfigure = '' # Apply the Debian patches. for p in "debian/patches/"*; do diff --git a/pkgs/applications/version-management/git-and-tools/git/default.nix b/pkgs/applications/version-management/git-and-tools/git/default.nix index 8443745735b0..4eea75ad4ef8 100644 --- a/pkgs/applications/version-management/git-and-tools/git/default.nix +++ b/pkgs/applications/version-management/git-and-tools/git/default.nix @@ -22,6 +22,8 @@ stdenv.mkDerivation { sha256 = "0qzs681a64k3shh5p0rg41l1z16fbk5sj0xga45k34hp1hsp654z"; }; + hardeningDisable = [ "format" ]; + patches = [ ./docbook2texi.patch ./symlinks-in-bin.patch diff --git a/pkgs/applications/version-management/git-and-tools/qgit/default.nix b/pkgs/applications/version-management/git-and-tools/qgit/default.nix index 3f5f9a2dbe1b..b8d001ee97c8 100644 --- a/pkgs/applications/version-management/git-and-tools/qgit/default.nix +++ b/pkgs/applications/version-management/git-and-tools/qgit/default.nix @@ -3,20 +3,13 @@ stdenv.mkDerivation rec { name = "qgit-2.5"; - meta = - { - license = stdenv.lib.licenses.gpl2; - homepage = "http://libre.tibirna.org/projects/qgit/wiki/QGit"; - description = "Graphical front-end to Git"; - inherit (qt4.meta) platforms; - }; - - src = fetchurl - { + src = fetchurl { url = "http://libre.tibirna.org/attachments/download/9/${name}.tar.gz"; sha256 = "25f1ca2860d840d87b9919d34fc3a1b05d4163671ed87d29c3e4a8a09e0b2499"; }; + hardeningDisable = [ "format" ]; + buildInputs = [ qt4 libXext libX11 ]; nativeBuildInputs = [ qmake4Hook ]; @@ -24,4 +17,11 @@ stdenv.mkDerivation rec { installPhase = '' install -s -D -m 755 bin/qgit "$out/bin/qgit" ''; + + meta = { + license = stdenv.lib.licenses.gpl2; + homepage = "http://libre.tibirna.org/projects/qgit/wiki/QGit"; + description = "Graphical front-end to Git"; + inherit (qt4.meta) platforms; + }; } diff --git a/pkgs/applications/version-management/redmine/default.nix b/pkgs/applications/version-management/redmine/default.nix index 7590ae743a37..b81808edc224 100644 --- a/pkgs/applications/version-management/redmine/default.nix +++ b/pkgs/applications/version-management/redmine/default.nix @@ -11,6 +11,8 @@ in stdenv.mkDerivation rec { sha256 = "0x0zwxyj4dwbk7l64s3lgny10mjf0ba8jwrbafsm4d72sncmacv0"; }; + hardeningDisable = [ "format" ]; + # taken from redmine (2.5.1-2~bpo70+3) in debian wheezy-backports # needed to separate run-time and build-time directories patches = [ @@ -18,6 +20,7 @@ in stdenv.mkDerivation rec { ./2004_FHS_plugins_assets.patch ./2003_externalize_session_config.patch ]; + postPatch = '' substituteInPlace lib/redmine/plugin.rb --replace "File.join(Rails.root, 'plugins')" "ENV['RAILS_PLUGINS']" substituteInPlace lib/redmine/plugin.rb --replace "File.join(Rails.root, 'plugins', id.to_s, 'db', 'migrate')" "File.join(ENV['RAILS_PLUGINS'], id.to_s, 'db', 'migrate')" diff --git a/pkgs/applications/video/aegisub/default.nix b/pkgs/applications/video/aegisub/default.nix index 92a2f4fb6343..39a85a03199d 100644 --- a/pkgs/applications/video/aegisub/default.nix +++ b/pkgs/applications/video/aegisub/default.nix @@ -43,6 +43,8 @@ stdenv.mkDerivation rec { enableParallelBuilding = true; + hardeningDisable = [ "bindnow" "relro" ]; + postInstall = "ln -s $out/bin/aegisub-* $out/bin/aegisub"; meta = { diff --git a/pkgs/applications/video/handbrake/default.nix b/pkgs/applications/video/handbrake/default.nix index 351cf5c5211b..9f257cde21f9 100644 --- a/pkgs/applications/video/handbrake/default.nix +++ b/pkgs/applications/video/handbrake/default.nix @@ -7,8 +7,6 @@ # This has the benefits of providing improvements to other packages, # making licenses more clear and reducing compile time/install size. # -# For compliance, the unfree codec faac is optionally spliced out. -# # Only tested on Linux # # TODO: package and use libappindicator @@ -18,47 +16,40 @@ autoconf, automake, libtool, m4, libass, libsamplerate, fribidi, libxml2, bzip2, libogg, libtheora, libvorbis, libdvdcss, a52dec, fdk_aac, - lame, faac, ffmpeg, libdvdread, libdvdnav, libbluray, - mp4v2, mpeg2dec, x264, libmkv, + lame, ffmpeg, libdvdread, libdvdnav, libbluray, + mp4v2, mpeg2dec, x264, x265, libmkv, fontconfig, freetype, hicolor_icon_theme, - glib, gtk, webkitgtk, intltool, libnotify, - gst_all_1, dbus_glib, udev, libgudev, - useGtk ? true, - useWebKitGtk ? false # This prevents ghb from starting in my tests + glib, gtk3, intltool, libnotify, + gst_all_1, dbus_glib, udev, libgudev, libvpx, + wrapGAppsHook, + useGtk ? true }: stdenv.mkDerivation rec { - version = "0.9.9"; + version = "0.10.5"; name = "handbrake-${version}"; - # ToDo: doesn't work (yet) - allowUnfree = false; # config.allowUnfree or false; - buildInputsX = stdenv.lib.optionals useGtk [ - glib gtk intltool libnotify + glib gtk3 intltool libnotify gst_all_1.gstreamer gst_all_1.gst-plugins-base dbus_glib udev libgudev - ] ++ stdenv.lib.optionals useWebKitGtk [ webkitgtk ]; - - # Did not test compiling with it - unfreeInputs = stdenv.lib.optional allowUnfree faac; + wrapGAppsHook + ]; nativeBuildInputs = [ python pkgconfig yasm autoconf automake libtool m4 ]; buildInputs = [ fribidi fontconfig freetype hicolor_icon_theme libass libsamplerate libxml2 bzip2 libogg libtheora libvorbis libdvdcss a52dec libmkv fdk_aac - lame ffmpeg libdvdread libdvdnav libbluray mp4v2 mpeg2dec x264 - ] ++ buildInputsX ++ unfreeInputs; + lame ffmpeg libdvdread libdvdnav libbluray mp4v2 mpeg2dec x264 x265 libvpx + ] ++ buildInputsX; src = fetchurl { url = "http://download.handbrake.fr/releases/${version}/HandBrake-${version}.tar.bz2"; - sha256 = "1crmm1c32vx60jfl2bqzg59q4qqx6m83b08snp7h1njc21sdf7d7"; + sha256 = "1w720y3bplkz187wgvy4a4xm0vpppg45mlni55l6yi8v2bfk14pv"; }; - patches = stdenv.lib.optional (! allowUnfree) ./disable-unfree.patch; - preConfigure = '' # Fake wget to prevent downloads mkdir wget @@ -72,13 +63,13 @@ stdenv.mkDerivation rec { sed -i '/MODULES += contrib/d' make/include/main.defs sed -i '/PKG_CONFIG_PATH=/d' gtk/module.rules - # disable faac if non-free - if [ -z "$allowUnfree" ]; then - rm libhb/encfaac.c - fi + patch -p1 -R < ${./handbrake-0.10.3-nolibav.patch} ''; - configureFlags = "--enable-fdk-aac ${if useGtk then "--disable-gtk-update-checks" else "--disable-gtk"}"; + configureFlags = [ + "--enable-fdk-aac" + (if useGtk then "--disable-gtk-update-checks" else "--disable-gtk") + ]; preBuild = '' cd build @@ -90,7 +81,6 @@ stdenv.mkDerivation rec { longDescription = '' Handbrake is a versatile transcoding DVD ripper. This package provides the cli HandbrakeCLI and the GTK+ version ghb. - The faac library is disabled if you're compiling free-only. ''; license = stdenv.lib.licenses.gpl2; maintainers = [ stdenv.lib.maintainers.wmertens ]; diff --git a/pkgs/applications/video/handbrake/disable-unfree.patch b/pkgs/applications/video/handbrake/disable-unfree.patch deleted file mode 100644 index 30edcb81c099..000000000000 --- a/pkgs/applications/video/handbrake/disable-unfree.patch +++ /dev/null @@ -1,101 +0,0 @@ -diff -ru HandBrake-0.9.9-orig/gtk/configure.ac HandBrake-0.9.9/gtk/configure.ac ---- HandBrake-0.9.9-orig/gtk/configure.ac 2014-05-02 22:50:00.047305795 +0200 -+++ HandBrake-0.9.9/gtk/configure.ac 2014-05-02 22:48:57.119304020 +0200 -@@ -203,7 +203,7 @@ - ;; - esac - --HB_LIBS="-lhb -la52 -lmkv -lavresample -lavformat -lavcodec -lavutil -ldvdnav -ldvdread -lfaac -lmp3lame -lmpeg2 -lvorbis -lvorbisenc -logg -lsamplerate -lx264 -lmp4v2 -lswscale -ltheoraenc -ltheoradec -lz -lbz2 -lpthread -lbluray -lass -lfontconfig -lfreetype -lxml2" -+HB_LIBS="-lhb -la52 -lmkv -lavresample -lavformat -lavcodec -lavutil -ldvdnav -ldvdread -lmp3lame -lmpeg2 -lvorbis -lvorbisenc -logg -lsamplerate -lx264 -lmp4v2 -lswscale -ltheoraenc -ltheoradec -lz -lbz2 -lpthread -lbluray -lass -lfontconfig -lfreetype -lxml2" - - if test "x$use_fdk_aac" = "xyes" ; then - HB_LIBS+=" -lfdk-aac" -diff -ru HandBrake-0.9.9-orig/gtk/src/preset_xlat.c HandBrake-0.9.9/gtk/src/preset_xlat.c ---- HandBrake-0.9.9-orig/gtk/src/preset_xlat.c 2014-05-02 22:50:00.043305794 +0200 -+++ HandBrake-0.9.9/gtk/src/preset_xlat.c 2014-05-02 22:42:20.987292846 +0200 -@@ -260,7 +260,6 @@ - - static value_map_t acodec_xlat[] = - { -- {"AAC (faac)", "faac"}, - {"AC3 Passthru", "ac3"}, - {"MP3 (lame)", "lame"}, - {"Vorbis (vorbis)", "vorbis"}, -diff -ru HandBrake-0.9.9-orig/gtk/src/presets.c HandBrake-0.9.9/gtk/src/presets.c ---- HandBrake-0.9.9-orig/gtk/src/presets.c 2014-05-02 22:50:00.043305794 +0200 -+++ HandBrake-0.9.9/gtk/src/presets.c 2014-05-02 22:42:41.283293419 +0200 -@@ -2029,8 +2029,6 @@ - - static value_map_t acodec_xlat_compat[] = - { -- {"AAC (CoreAudio)", "faac"}, -- {"HE-AAC (CoreAudio)", "faac"}, - {"AC3 (ffmpeg)", "ac3"}, - {"AC3", "ac3"}, - {"MP3 Passthru", "mp3pass"}, -diff -ru HandBrake-0.9.9-orig/libhb/common.c HandBrake-0.9.9/libhb/common.c ---- HandBrake-0.9.9-orig/libhb/common.c 2014-05-02 22:50:00.047305795 +0200 -+++ HandBrake-0.9.9/libhb/common.c 2014-05-02 22:37:24.679284489 +0200 -@@ -126,7 +126,6 @@ - { "AAC (CoreAudio)", "ca_aac", HB_ACODEC_CA_AAC, HB_MUX_MP4|HB_MUX_MKV }, - { "HE-AAC (CoreAudio)", "ca_haac", HB_ACODEC_CA_HAAC, HB_MUX_MP4|HB_MUX_MKV }, - #endif -- { "AAC (faac)", "faac", HB_ACODEC_FAAC, HB_MUX_MP4|HB_MUX_MKV }, - #ifdef USE_FDK_AAC - { "AAC (FDK)", "fdk_aac", HB_ACODEC_FDK_AAC, HB_MUX_MP4|HB_MUX_MKV }, - { "HE-AAC (FDK)", "fdk_haac", HB_ACODEC_FDK_HAAC, HB_MUX_MP4|HB_MUX_MKV }, -diff -ru HandBrake-0.9.9-orig/libhb/common.h HandBrake-0.9.9/libhb/common.h ---- HandBrake-0.9.9-orig/libhb/common.h 2014-05-02 22:50:00.047305795 +0200 -+++ HandBrake-0.9.9/libhb/common.h 2014-05-02 22:39:37.839288245 +0200 -@@ -945,7 +945,6 @@ - extern hb_work_object_t hb_decavcodeca; - extern hb_work_object_t hb_decavcodecv; - extern hb_work_object_t hb_declpcm; --extern hb_work_object_t hb_encfaac; - extern hb_work_object_t hb_enclame; - extern hb_work_object_t hb_encvorbis; - extern hb_work_object_t hb_muxer; -diff -ru HandBrake-0.9.9-orig/libhb/hb.c HandBrake-0.9.9/libhb/hb.c ---- HandBrake-0.9.9-orig/libhb/hb.c 2014-05-02 22:50:00.047305795 +0200 -+++ HandBrake-0.9.9/libhb/hb.c 2014-05-02 22:39:02.287287242 +0200 -@@ -487,7 +487,6 @@ - hb_register( &hb_decavcodeca ); - hb_register( &hb_decavcodecv ); - hb_register( &hb_declpcm ); -- hb_register( &hb_encfaac ); - hb_register( &hb_enclame ); - hb_register( &hb_encvorbis ); - hb_register( &hb_muxer ); -@@ -588,7 +587,6 @@ - hb_register( &hb_decavcodeca ); - hb_register( &hb_decavcodecv ); - hb_register( &hb_declpcm ); -- hb_register( &hb_encfaac ); - hb_register( &hb_enclame ); - hb_register( &hb_encvorbis ); - hb_register( &hb_muxer ); -diff -ru HandBrake-0.9.9-orig/libhb/module.defs HandBrake-0.9.9/libhb/module.defs ---- HandBrake-0.9.9-orig/libhb/module.defs 2014-05-02 22:50:00.047305795 +0200 -+++ HandBrake-0.9.9/libhb/module.defs 2014-05-02 22:39:25.727287903 +0200 -@@ -95,7 +95,7 @@ - LIBHB.lib = $(LIBHB.build/)hb.lib - - LIBHB.dll.libs = $(foreach n, \ -- a52 ass avcodec avformat avutil avresample dvdnav dvdread faac \ -+ a52 ass avcodec avformat avutil avresample dvdnav dvdread \ - fontconfig freetype mkv mpeg2 mp3lame mp4v2 \ - ogg samplerate swscale theora vorbis vorbisenc x264 xml2 bluray, \ - $(CONTRIB.build/)lib/lib$(n).a ) -Only in HandBrake-0.9.9: libhb-orig -diff -ru HandBrake-0.9.9orig/test/module.defs HandBrake-0.9.9/test/module.defs ---- HandBrake-0.9.9-orig/test/module.defs 2014-05-02 23:15:10.575348401 +0200 -+++ HandBrake-0.9.9/test/module.defs 2014-05-02 23:17:00.523351502 +0200 -@@ -14,7 +14,7 @@ - TEST.libs = $(LIBHB.a) - - TEST.GCC.l = \ -- a52 ass avcodec avformat avutil avresample dvdnav dvdread faac \ -+ a52 ass avcodec avformat avutil avresample dvdnav dvdread \ - fontconfig freetype fribidi mkv mpeg2 mp3lame mp4v2 ogg \ - samplerate swscale theoraenc theoradec vorbis vorbisenc x264 \ - bluray xml2 bz2 z diff --git a/pkgs/applications/video/handbrake/handbrake-0.10.3-nolibav.patch b/pkgs/applications/video/handbrake/handbrake-0.10.3-nolibav.patch new file mode 100644 index 000000000000..8539186aaa56 --- /dev/null +++ b/pkgs/applications/video/handbrake/handbrake-0.10.3-nolibav.patch @@ -0,0 +1,76 @@ +From 75549414927212d4d1666730133805b33447de79 Mon Sep 17 00:00:00 2001 +From: John Stebbins <jstebbins.hb@gmail.com> +Date: Tue, 3 Nov 2015 10:16:01 -0800 +Subject: [PATCH] muxavformat: add support for mp4 fallback audio signalling + +--- +diff --git a/libhb/muxavformat.c b/libhb/muxavformat.c +index 0d70597..373c2ab 100644 +--- a/libhb/muxavformat.c ++++ b/libhb/muxavformat.c +@@ -121,7 +121,7 @@ static int avformatInit( hb_mux_object_t * m ) + hb_mux_data_t * track; + int meta_mux; + int max_tracks; +- int ii, ret; ++ int ii, jj, ret; + + int clock_min, clock_max, clock; + hb_video_framerate_get_limits(&clock_min, &clock_max, &clock); +@@ -589,6 +589,56 @@ static int avformatInit( hb_mux_object_t * m ) + } + } + ++ // Check for audio track associations ++ for (ii = 0; ii < hb_list_count(job->list_audio); ii++) ++ { ++ audio = hb_list_item(job->list_audio, ii); ++ switch (audio->config.out.codec & HB_ACODEC_MASK) ++ { ++ case HB_ACODEC_FFAAC: ++ case HB_ACODEC_CA_AAC: ++ case HB_ACODEC_CA_HAAC: ++ case HB_ACODEC_FDK_AAC: ++ case HB_ACODEC_FDK_HAAC: ++ break; ++ ++ default: ++ { ++ // Mark associated fallback audio tracks for any non-aac track ++ for(jj = 0; jj < hb_list_count( job->list_audio ); jj++ ) ++ { ++ hb_audio_t * fallback; ++ int codec; ++ ++ if (ii == jj) continue; ++ ++ fallback = hb_list_item( job->list_audio, jj ); ++ codec = fallback->config.out.codec & HB_ACODEC_MASK; ++ if (fallback->config.in.track == audio->config.in.track && ++ (codec == HB_ACODEC_FFAAC || ++ codec == HB_ACODEC_CA_AAC || ++ codec == HB_ACODEC_CA_HAAC || ++ codec == HB_ACODEC_FDK_AAC || ++ codec == HB_ACODEC_FDK_HAAC)) ++ { ++ hb_mux_data_t * fallback_track; ++ int * sd; ++ ++ track = audio->priv.mux_data; ++ fallback_track = fallback->priv.mux_data; ++ sd = (int*)av_stream_new_side_data(track->st, ++ AV_PKT_DATA_FALLBACK_TRACK, ++ sizeof(int)); ++ if (sd != NULL) ++ { ++ *sd = fallback_track->st->index; ++ } ++ } ++ } ++ } break; ++ } ++ } ++ + char * subidx_fmt = + "size: %dx%d\n" + "org: %d, %d\n" diff --git a/pkgs/applications/video/kino/default.nix b/pkgs/applications/video/kino/default.nix index 2503d78183f3..ea5158270876 100644 --- a/pkgs/applications/video/kino/default.nix +++ b/pkgs/applications/video/kino/default.nix @@ -67,13 +67,10 @@ stdenv.mkDerivation { pkgconfig perl perlXMLParser libavc1394 libiec61883 intltool libXv gettext libX11 glib cairo ffmpeg libv4l ]; # TODOoptional packages configureFlags = "--enable-local-ffmpeg=no"; - #preConfigure = " - # grep 11 env-vars - # ex - #"; - patches = [ ./kino-1.3.4-v4l1.patch ./kino-1.3.4-libav-0.7.patch ./kino-1.3.4-libav-0.8.patch ]; #./kino-1.3.4-libavcodec-pkg-config.patch ]; + hardeningDisable = [ "format" ]; + patches = [ ./kino-1.3.4-v4l1.patch ./kino-1.3.4-libav-0.7.patch ./kino-1.3.4-libav-0.8.patch ]; #./kino-1.3.4-libavcodec-pkg-config.patch ]; postInstall = " rpath=`patchelf --print-rpath \$out/bin/kino`; @@ -86,8 +83,7 @@ stdenv.mkDerivation { done "; - - meta = { + meta = { description = "Non-linear DV editor for GNU/Linux"; homepage = http://www.kinodv.org/; license = stdenv.lib.licenses.gpl2; diff --git a/pkgs/applications/video/qarte/default.nix b/pkgs/applications/video/qarte/default.nix index f01f4ffd7f5c..40011e11b2d4 100644 --- a/pkgs/applications/video/qarte/default.nix +++ b/pkgs/applications/video/qarte/default.nix @@ -1,25 +1,23 @@ -{ stdenv, fetchbzr, pythonPackages, rtmpdump, makeWrapper }: +{ stdenv, fetchbzr, python3, rtmpdump, makeWrapper }: let - inherit (pythonPackages) python pyqt4 sip; + pythonEnv = python3.withPackages (ps: with ps; [ pyqt5 sip ]); in stdenv.mkDerivation { - name = "qarte-2.4.0"; + name = "qarte-3.2.0"; src = fetchbzr { - url = http://bazaar.launchpad.net/~vincent-vandevyvre/qarte/trunk; - rev = "150"; - sha256 = "0fj11jx9l5qi968c906rrksdic7w4yj414m47k6axlb4v6ghdnar"; + url = http://bazaar.launchpad.net/~vincent-vandevyvre/qarte/qarte-3; + rev = "146"; + sha256 = "0dvl38dknmnj2p4yr25p88kw3mh502c6qdp2bd43bhd2sqc3b0v0"; }; - buildInputs = [ makeWrapper ]; + buildInputs = [ makeWrapper pythonEnv ]; installPhase = '' mkdir -p $out/bin mv qarte $out/bin/ substituteInPlace $out/bin/qarte \ - --replace '/usr/bin/python' "${python.interpreter}" \ --replace '/usr/share' "$out/share" wrapProgram $out/bin/qarte \ - --prefix PYTHONPATH : "${pyqt4}/lib/${python.libPrefix}/site-packages:${sip}/lib/${python.libPrefix}/site-packages" \ --prefix PATH : "${rtmpdump}/bin" mkdir -p $out/share/man/man1/ diff --git a/pkgs/applications/video/subtitleeditor/default.nix b/pkgs/applications/video/subtitleeditor/default.nix index c9655e2a4f27..e3cd242bd73c 100644 --- a/pkgs/applications/video/subtitleeditor/default.nix +++ b/pkgs/applications/video/subtitleeditor/default.nix @@ -41,6 +41,8 @@ stdenv.mkDerivation rec { doCheck = true; + hardeningDisable = [ "format" ]; + patches = [ ./subtitleeditor-0.52.1-build-fix.patch ]; preConfigure = '' diff --git a/pkgs/applications/virtualization/OVMF/default.nix b/pkgs/applications/virtualization/OVMF/default.nix index 479d625c7de7..fc3c679d414d 100644 --- a/pkgs/applications/virtualization/OVMF/default.nix +++ b/pkgs/applications/virtualization/OVMF/default.nix @@ -17,6 +17,8 @@ stdenv.mkDerivation (edk2.setup "OvmfPkg/OvmfPkg${targetArch}.dsc" { # TODO: properly include openssl for secureBoot buildInputs = [nasm iasl] ++ stdenv.lib.optionals (secureBoot == true) [ openssl ]; + hardeningDisable = [ "stackprotector" "pic" "fortify" ]; + unpackPhase = '' for file in \ "${edk2.src}"/{UefiCpuPkg,MdeModulePkg,IntelFrameworkModulePkg,PcAtChipsetPkg,FatBinPkg,EdkShellBinPkg,MdePkg,ShellPkg,OptionRomPkg,IntelFrameworkPkg}; diff --git a/pkgs/applications/virtualization/bochs/default.nix b/pkgs/applications/virtualization/bochs/default.nix index 2cf57d78ba0c..8c420b11f55c 100644 --- a/pkgs/applications/virtualization/bochs/default.nix +++ b/pkgs/applications/virtualization/bochs/default.nix @@ -145,7 +145,9 @@ stdenv.mkDerivation rec { NIX_CFLAGS_COMPILE="-I${gtk.dev}/include/gtk-2.0/ -I${libtool}/include/"; NIX_LDFLAGS="-L${libtool.lib}/lib"; - + + hardeningDisable = [ "format" ]; + meta = with stdenv.lib; { description = "An open-source IA-32 (x86) PC emulator"; longDescription = '' diff --git a/pkgs/applications/virtualization/cbfstool/default.nix b/pkgs/applications/virtualization/cbfstool/default.nix index 97ca3003fdd0..1a45dc3c44d9 100644 --- a/pkgs/applications/virtualization/cbfstool/default.nix +++ b/pkgs/applications/virtualization/cbfstool/default.nix @@ -12,6 +12,8 @@ stdenv.mkDerivation rec { buildInputs = [ iasl flex bison ]; + hardeningDisable = [ "fortify" ]; + buildPhase = '' export LEX=${flex}/bin/flex make -C util/cbfstool diff --git a/pkgs/applications/virtualization/qboot/default.nix b/pkgs/applications/virtualization/qboot/default.nix index e4439ec124f4..0c6e3991b1c0 100644 --- a/pkgs/applications/virtualization/qboot/default.nix +++ b/pkgs/applications/virtualization/qboot/default.nix @@ -12,7 +12,9 @@ stdenv.mkDerivation { installPhase = '' mkdir -p $out cp bios.bin* $out/. - ''; + ''; + + hardeningDisable = [ "stackprotector" "pic" ]; meta = { description = "A simple x86 firmware for booting Linux"; diff --git a/pkgs/applications/virtualization/seabios/default.nix b/pkgs/applications/virtualization/seabios/default.nix index cf17c08554a7..ba5fe4dcc1da 100644 --- a/pkgs/applications/virtualization/seabios/default.nix +++ b/pkgs/applications/virtualization/seabios/default.nix @@ -12,6 +12,8 @@ stdenv.mkDerivation rec { buildInputs = [ iasl python ]; + hardeningDisable = [ "pic" "stackprotector" "fortify" ]; + configurePhase = '' # build SeaBIOS for CSM cat > .config << EOF @@ -21,12 +23,12 @@ stdenv.mkDerivation rec { EOF make olddefconfig - ''; + ''; installPhase = '' mkdir $out cp out/Csm16.bin $out/Csm16.bin - ''; + ''; meta = with stdenv.lib; { description = "Open source implementation of a 16bit X86 BIOS"; diff --git a/pkgs/applications/virtualization/virtualbox/default.nix b/pkgs/applications/virtualization/virtualbox/default.nix index ebdac411b113..feb662fb1bc3 100644 --- a/pkgs/applications/virtualization/virtualbox/default.nix +++ b/pkgs/applications/virtualization/virtualbox/default.nix @@ -18,7 +18,7 @@ let # revision/hash as well. See # http://download.virtualbox.org/virtualbox/${version}/SHA256SUMS # for hashes. - version = "5.0.20"; + version = "5.0.26"; forEachModule = action: '' for mod in \ @@ -39,12 +39,12 @@ let ''; # See https://github.com/NixOS/nixpkgs/issues/672 for details - extpackRevision = "106931"; + extpackRevision = "108824"; extensionPack = requireFile rec { name = "Oracle_VM_VirtualBox_Extension_Pack-${version}-${extpackRevision}.vbox-extpack"; # IMPORTANT: Hash must be base16 encoded because it's used as an input to # VBoxExtPackHelperApp! - sha256 = "11f40842a56ebb17da1bbc82a21543e66108a5330ebd54ded68038a990aa071b"; + sha256 = "2f2302c7ba3d00a1258fe8e7767a6eb08dccdc3c31f6e3eeb74063c2c268b104"; message = '' In order to use the extension pack, you need to comply with the VirtualBox Personal Use and Evaluation License (PUEL) available at: @@ -63,7 +63,7 @@ in stdenv.mkDerivation { src = fetchurl { url = "http://download.virtualbox.org/virtualbox/${version}/VirtualBox-${version}.tar.bz2"; - sha256 = "0asc5n9an2dzvrd4isjz3vac2h0sm6dbzvrc36hn8ag2ma3hg75g"; + sha256 = "78dec1369d2c8feefea3c682d95e76c0e99414c56626388035cf4061d4dad62e"; }; buildInputs = @@ -74,6 +74,8 @@ in stdenv.mkDerivation { ++ optional pythonBindings python ++ optional pulseSupport libpulseaudio; + hardeningDisable = [ "fortify" "pic" "stackprotector" ]; + prePatch = '' set -x MODULES_BUILD_DIR=`echo ${kernel.dev}/lib/modules/*/build` @@ -97,14 +99,7 @@ in stdenv.mkDerivation { set +x ''; - patches = optional enableHardening ./hardened.patch - ++ [ - (fetchurl rec { - name = "fix-detect-gcc-5.4.patch"; - url = "https://bugs.debian.org/cgi-bin/bugreport.cgi?att=1;bug=827193;filename=${name};msg=5"; - sha256 = "0y6v5dc6fqj9iv27cl8q2g87v1kxg19129mpas4vjg7g0529v4g9"; - }) - ]; + patches = optional enableHardening ./hardened.patch; postPatch = '' sed -i -e 's|/sbin/ifconfig|${nettools}/bin/ifconfig|' \ diff --git a/pkgs/applications/virtualization/virtualbox/guest-additions/default.nix b/pkgs/applications/virtualization/virtualbox/guest-additions/default.nix index c0183fc7af71..56e025197925 100644 --- a/pkgs/applications/virtualization/virtualbox/guest-additions/default.nix +++ b/pkgs/applications/virtualization/virtualbox/guest-additions/default.nix @@ -12,11 +12,13 @@ stdenv.mkDerivation { src = fetchurl { url = "http://download.virtualbox.org/virtualbox/${version}/VBoxGuestAdditions_${version}.iso"; - sha256 = "1rh1dw0fqz1zhdbpnwxclh1bfj889xh27dm2m23v5wg54bymkfvg"; + sha256 = "7458ee5a7121a7d243fd6a7528ba427945d9120c5efc7cd75b3951fb01f09c59"; }; KERN_DIR = "${kernel.dev}/lib/modules/*/build"; + hardeningDisable = [ "pic" ]; + buildInputs = [ patchelf cdrkit makeWrapper dbus ]; installPhase = '' diff --git a/pkgs/applications/virtualization/xen/generic.nix b/pkgs/applications/virtualization/xen/generic.nix index 39ca30a75434..4b0201bc189d 100644 --- a/pkgs/applications/virtualization/xen/generic.nix +++ b/pkgs/applications/virtualization/xen/generic.nix @@ -48,6 +48,8 @@ stdenv.mkDerivation { pythonPath = [ pythonPackages.curses ]; + hardeningDisable = [ "stackprotector" "fortify" "pic" ]; + patches = stdenv.lib.optionals ((xenserverPatched == false) && (builtins.hasAttr "xenPatches" xenConfig)) xenConfig.xenPatches; postPatch = '' @@ -99,9 +101,6 @@ stdenv.mkDerivation { --replace /usr/sbin/vgs ${lvm2}/sbin/vgs \ --replace /usr/sbin/lvs ${lvm2}/sbin/lvs - substituteInPlace tools/hotplug/Linux/network-bridge \ - --replace /usr/bin/logger ${utillinux}/bin/logger - substituteInPlace tools/xenmon/xenmon.py \ --replace /usr/bin/pkill ${procps}/bin/pkill diff --git a/pkgs/applications/window-managers/stalonetray/default.nix b/pkgs/applications/window-managers/stalonetray/default.nix index 5ef5ba769c42..3b5af42a8be2 100644 --- a/pkgs/applications/window-managers/stalonetray/default.nix +++ b/pkgs/applications/window-managers/stalonetray/default.nix @@ -3,12 +3,16 @@ stdenv.mkDerivation rec { name = "stalonetray-${version}"; version = "0.8.1"; + src = fetchurl { url = "mirror://sourceforge/stalonetray/${name}.tar.bz2"; sha256 = "1wp8pnlv34w7xizj1vivnc3fkwqq4qgb9dbrsg15598iw85gi8ll"; }; + buildInputs = [ libX11 xproto ]; + hardeningDisable = [ "format" ]; + meta = with stdenv.lib; { description = "Stand alone tray"; maintainers = with maintainers; [ raskin ]; diff --git a/pkgs/applications/window-managers/yabar/default.nix b/pkgs/applications/window-managers/yabar/default.nix index 2f4a7f0e06c5..c199cf6c01b0 100644 --- a/pkgs/applications/window-managers/yabar/default.nix +++ b/pkgs/applications/window-managers/yabar/default.nix @@ -13,6 +13,8 @@ stdenv.mkDerivation rec { buildInputs = [ cairo gdk_pixbuf libconfig pango pkgconfig xcbutilwm ]; + hardeningDisable = [ "format" ]; + postPatch = '' substituteInPlace ./Makefile --replace "\$(shell git describe)" "${version}" ''; diff --git a/pkgs/build-support/cc-wrapper/add-flags b/pkgs/build-support/cc-wrapper/add-flags.sh index 5634c82aa285..5634c82aa285 100644 --- a/pkgs/build-support/cc-wrapper/add-flags +++ b/pkgs/build-support/cc-wrapper/add-flags.sh diff --git a/pkgs/build-support/cc-wrapper/add-hardening.sh b/pkgs/build-support/cc-wrapper/add-hardening.sh new file mode 100644 index 000000000000..b98833b3513b --- /dev/null +++ b/pkgs/build-support/cc-wrapper/add-hardening.sh @@ -0,0 +1,59 @@ +hardeningFlags=(fortify stackprotector pic strictoverflow format relro bindnow) +hardeningFlags+=("${hardeningEnable[@]}") +hardeningCFlags=() +hardeningLDFlags=() +hardeningDisable=${hardeningDisable:-""} + +hardeningDisable+=" @hardening_unsupported_flags@" + +if [[ -n "$NIX_DEBUG" ]]; then echo HARDENING: Value of '$hardeningDisable': $hardeningDisable >&2; fi + +if [[ ! $hardeningDisable =~ "all" ]]; then + if [[ -n "$NIX_DEBUG" ]]; then echo 'HARDENING: Is active (not completely disabled with "all" flag)' >&2; fi + for flag in "${hardeningFlags[@]}" + do + if [[ ! "${hardeningDisable}" =~ "$flag" ]]; then + case $flag in + fortify) + if [[ -n "$NIX_DEBUG" ]]; then echo HARDENING: enabling fortify >&2; fi + hardeningCFlags+=('-O2' '-D_FORTIFY_SOURCE=2') + ;; + stackprotector) + if [[ -n "$NIX_DEBUG" ]]; then echo HARDENING: enabling stackprotector >&2; fi + hardeningCFlags+=('-fstack-protector-strong' '--param ssp-buffer-size=4') + ;; + pie) + if [[ -n "$NIX_DEBUG" ]]; then echo HARDENING: enabling CFlags -fPIE >&2; fi + hardeningCFlags+=('-fPIE') + if [[ ! ("$*" =~ " -shared " || "$*" =~ " -static ") ]]; then + if [[ -n "$NIX_DEBUG" ]]; then echo HARDENING: enabling LDFlags -pie >&2; fi + hardeningLDFlags+=('-pie') + fi + ;; + pic) + if [[ -n "$NIX_DEBUG" ]]; then echo HARDENING: enabling pic >&2; fi + hardeningCFlags+=('-fPIC') + ;; + strictoverflow) + if [[ -n "$NIX_DEBUG" ]]; then echo HARDENING: enabling strictoverflow >&2; fi + hardeningCFlags+=('-fno-strict-overflow') + ;; + format) + if [[ -n "$NIX_DEBUG" ]]; then echo HARDENING: enabling format >&2; fi + hardeningCFlags+=('-Wformat' '-Wformat-security' '-Werror=format-security') + ;; + relro) + if [[ -n "$NIX_DEBUG" ]]; then echo HARDENING: enabling relro >&2; fi + hardeningLDFlags+=('-z' 'relro') + ;; + bindnow) + if [[ -n "$NIX_DEBUG" ]]; then echo HARDENING: enabling bindnow >&2; fi + hardeningLDFlags+=('-z' 'now') + ;; + *) + echo "Hardening flag unknown: $flag" >&2 + ;; + esac + fi + done +fi diff --git a/pkgs/build-support/cc-wrapper/cc-wrapper.sh b/pkgs/build-support/cc-wrapper/cc-wrapper.sh index 024a1866daca..03f068d8298e 100644 --- a/pkgs/build-support/cc-wrapper/cc-wrapper.sh +++ b/pkgs/build-support/cc-wrapper/cc-wrapper.sh @@ -70,7 +70,6 @@ if [ "$nonFlagArgs" = 0 ]; then dontLink=1 fi - # Optionally filter out paths not refering to the store. if [ "$NIX_ENFORCE_PURITY" = 1 -a -n "$NIX_STORE" ]; then rest=() @@ -117,16 +116,18 @@ if [[ "$isCpp" = 1 ]]; then NIX_CFLAGS_LINK="$NIX_CFLAGS_LINK $NIX_CXXSTDLIB_LINK" fi +LD=@ldPath@/ld +source @out@/nix-support/add-hardening.sh + # Add the flags for the C compiler proper. -extraAfter=($NIX_CFLAGS_COMPILE) +extraAfter=($NIX_CFLAGS_COMPILE ${hardeningCFlags[@]}) extraBefore=() - if [ "$dontLink" != 1 ]; then # Add the flags that should only be passed to the compiler when # linking. - extraAfter+=($NIX_CFLAGS_LINK) + extraAfter+=($NIX_CFLAGS_LINK ${hardeningLDFlags[@]}) # Add the flags that should be passed to the linker (and prevent # `ld-wrapper' from adding NIX_LDFLAGS again). diff --git a/pkgs/build-support/cc-wrapper/default.nix b/pkgs/build-support/cc-wrapper/default.nix index a37c806905fd..8a746ea016ef 100644 --- a/pkgs/build-support/cc-wrapper/default.nix +++ b/pkgs/build-support/cc-wrapper/default.nix @@ -237,7 +237,17 @@ stdenv.mkDerivation { cat $out/nix-support/setup-hook.tmp >> $out/nix-support/setup-hook rm $out/nix-support/setup-hook.tmp - substituteAll ${./add-flags} $out/nix-support/add-flags.sh + # some linkers on some platforms don't support specific -z flags + hardening_unsupported_flags="" + if [[ "$($ldPath/ld -z now 2>&1 || true)" =~ "unknown option" ]]; then + hardening_unsupported_flags+=" bindnow" + fi + if [[ "$($ldPath/ld -z relro 2>&1 || true)" =~ "unknown option" ]]; then + hardening_unsupported_flags+=" relro" + fi + + substituteAll ${./add-flags.sh} $out/nix-support/add-flags.sh + substituteAll ${./add-hardening.sh} $out/nix-support/add-hardening.sh cp -p ${./utils.sh} $out/nix-support/utils.sh '' + extraBuildCommands; diff --git a/pkgs/build-support/cc-wrapper/ld-wrapper.sh b/pkgs/build-support/cc-wrapper/ld-wrapper.sh index 28d73f046e68..44d9a047936a 100644 --- a/pkgs/build-support/cc-wrapper/ld-wrapper.sh +++ b/pkgs/build-support/cc-wrapper/ld-wrapper.sh @@ -47,8 +47,10 @@ if [ "$NIX_ENFORCE_PURITY" = 1 -a -n "$NIX_STORE" \ params=("${rest[@]}") fi +LD=@prog@ +source @out@/nix-support/add-hardening.sh -extra=() +extra=(${hardeningLDFlags[@]}) extraBefore=() if [ -z "$NIX_LDFLAGS_SET" ]; then @@ -56,7 +58,7 @@ if [ -z "$NIX_LDFLAGS_SET" ]; then extraBefore+=($NIX_LDFLAGS_BEFORE) fi -extra+=($NIX_LDFLAGS_AFTER) +extra+=($NIX_LDFLAGS_AFTER $NIX_LDFLAGS_HARDEN) # Add all used dynamic libraries to the rpath. diff --git a/pkgs/build-support/grsecurity/default.nix b/pkgs/build-support/grsecurity/default.nix index 8713f2d22c45..1070d6f746dd 100644 --- a/pkgs/build-support/grsecurity/default.nix +++ b/pkgs/build-support/grsecurity/default.nix @@ -20,8 +20,7 @@ assert (kernel.version == grsecPatch.kver); overrideDerivation (kernel.override { inherit modDirVersion; - kernelPatches = [ { inherit (grsecPatch) name patch; } ] ++ kernelPatches ++ (kernel.kernelPatches or []); - features = (kernel.features or {}) // { grsecurity = true; }; + kernelPatches = [ grsecPatch ] ++ kernelPatches ++ (kernel.kernelPatches or []); inherit extraConfig; ignoreConfigErrors = true; }) (attrs: { diff --git a/pkgs/data/fonts/oxygenfonts/default.nix b/pkgs/data/fonts/oxygenfonts/default.nix new file mode 100644 index 000000000000..4d4065466e6c --- /dev/null +++ b/pkgs/data/fonts/oxygenfonts/default.nix @@ -0,0 +1,51 @@ +{ stdenv, fetchFromGitHub }: + +stdenv.mkDerivation rec { + name = "oxygenfonts-20160825"; + + src = fetchFromGitHub { + owner = "vernnobile"; + repo = "oxygenFont"; + rev = "62db0ebe3488c936406685485071a54e3d18473b"; + sha256 = "134kx3d0g3zdkw8kl8p6j37fzw3bl163jv2dx4dk1451f3ramcnh"; + }; + + phases = [ "unpackPhase" "installPhase" ]; + + installPhase = '' + mkdir -p $out/share/fonts/truetype/ + cp OxygenSans-version-0.4/*/*.ttf $out/share/fonts/truetype/ + cp Oxygen-Monospace/*.ttf $out/share/fonts/truetype/ + ''; + + meta = with stdenv.lib; { + description = "Desktop/gui font for integrated use with the KDE desktop"; + longDescription = '' + Oxygen Font is a font family originally aimed as a desktop/gui + font for integrated use with the KDE desktop. + + The basic concept for Oxygen Font was to design a clear, + legible, sans serif, that would be rendered with Freetype on + Linux-based devices. In addition a bold weight, plus regular and + bold italics, and a monospace version will be made. + + Oxygen is constructed closely with the gridfitting aspects of + the Freetype font rendering engine. The oxygen fonts are also + autohinted with Werner Lemberg's "ttfautohint" library to + further the compatibility with the Freetype engine. The aim of + this approach is to produce a family of freetype-specific + desktop fonts whose appearance will stay uniform under different + screen render settings, unlike more traditionally designed + 'screen fonts' that have tended to be designed for best + legibility on the Windows GDI render engine. + + The main creator of Oxygen, Vernon Adams, suffered a heavy + traffic accident three months after its last release, causing him severe brain + injury. He finally passed away, sans oxygen, on August 25th 2016. + See: http://sansoxygen.com/ + ''; + + license = licenses.ofl; + platforms = platforms.all; + }; +} diff --git a/pkgs/data/fonts/roboto/default.nix b/pkgs/data/fonts/roboto/default.nix new file mode 100644 index 000000000000..711cca5b1641 --- /dev/null +++ b/pkgs/data/fonts/roboto/default.nix @@ -0,0 +1,31 @@ +{ stdenv, fetchurl, unzip }: + +stdenv.mkDerivation rec { + name = "roboto-${version}"; + version = "2.134"; + + src = fetchurl { + url = "https://github.com/google/roboto/releases/download/v${version}/roboto-unhinted.zip"; + sha256 = "1l033xc2n4754gwakxshh5235cnrnzy7q6zsp5zghn8ib0gdp5rb"; + }; + + nativeBuildInputs = [ unzip ]; + + installPhase = '' + mkdir -p $out/share/fonts/truetype + cp -a * $out/share/fonts/truetype/ + ''; + + meta = { + homepage = https://github.com/google/roboto; + description = "The Roboto family of fonts"; + longDescription = '' + Google’s signature family of fonts, the default font on Android and + Chrome OS, and the recommended font for Google’s visual language, + Material Design. + ''; + license = stdenv.lib.licenses.asl20; + maintainers = [ stdenv.lib.maintainers.romildo ]; + platforms = stdenv.lib.platforms.all; + }; +} diff --git a/pkgs/data/sgml+xml/schemas/xml-dtd/docbook/generic.nix b/pkgs/data/sgml+xml/schemas/xml-dtd/docbook/generic.nix index 29a18f4ce69e..fc3c4c3c8410 100644 --- a/pkgs/data/sgml+xml/schemas/xml-dtd/docbook/generic.nix +++ b/pkgs/data/sgml+xml/schemas/xml-dtd/docbook/generic.nix @@ -3,7 +3,11 @@ assert unzip != null; stdenv.mkDerivation { - inherit src name postInstall meta; + inherit src name postInstall; builder = ./builder.sh; buildInputs = [unzip]; + + meta = meta // { + platforms = stdenv.lib.platforms.unix; + }; } diff --git a/pkgs/desktops/gnome-2/platform/libgnomecups/default.nix b/pkgs/desktops/gnome-2/platform/libgnomecups/default.nix index 2aa47d799c9a..7eef5af0adcb 100644 --- a/pkgs/desktops/gnome-2/platform/libgnomecups/default.nix +++ b/pkgs/desktops/gnome-2/platform/libgnomecups/default.nix @@ -8,6 +8,8 @@ stdenv.mkDerivation rec { sha256 = "0a8xdaxzz2wc0n1fjcav65093gixzyac3948l8cxx1mk884yhc71"; }; + hardeningDisable = [ "format" ]; + patches = [ ./glib.patch ./cups_1.6.patch ]; buildInputs = [ pkgconfig gtk gettext intltool libart_lgpl ]; diff --git a/pkgs/desktops/gnome-2/platform/libgtkhtml/default.nix b/pkgs/desktops/gnome-2/platform/libgtkhtml/default.nix index 6aab400c60ae..be288b809d43 100644 --- a/pkgs/desktops/gnome-2/platform/libgtkhtml/default.nix +++ b/pkgs/desktops/gnome-2/platform/libgtkhtml/default.nix @@ -2,12 +2,14 @@ stdenv.mkDerivation { name = "libgtkhtml-2.11.1"; - + src = fetchurl { url = mirror://gnome/sources/libgtkhtml/2.11/libgtkhtml-2.11.1.tar.bz2; sha256 = "0msajafd42545dxzyr5zqka990cjrxw2yz09ajv4zs8m1w6pm9rw"; }; - + buildInputs = [ pkgconfig gtk gettext ]; propagatedBuildInputs = [ libxml2 ]; + + hardeningDisable = [ "format" ]; } diff --git a/pkgs/desktops/gnome-3/3.20/core/nautilus/default.nix b/pkgs/desktops/gnome-3/3.20/core/nautilus/default.nix index 67229487085e..4cb0b7fb35ca 100644 --- a/pkgs/desktops/gnome-3/3.20/core/nautilus/default.nix +++ b/pkgs/desktops/gnome-3/3.20/core/nautilus/default.nix @@ -11,6 +11,8 @@ stdenv.mkDerivation rec { gnome3.gnome_desktop gnome3.adwaita-icon-theme gnome3.gsettings_desktop_schemas gnome3.dconf libnotify tracker libselinux ]; + hardeningDisable = [ "format" ]; + patches = [ ./extension_dir.patch ]; meta = with stdenv.lib; { diff --git a/pkgs/desktops/gnome-3/3.20/misc/gitg/default.nix b/pkgs/desktops/gnome-3/3.20/misc/gitg/default.nix index e98c2ae8e579..27d5bc91b9f3 100644 --- a/pkgs/desktops/gnome-3/3.20/misc/gitg/default.nix +++ b/pkgs/desktops/gnome-3/3.20/misc/gitg/default.nix @@ -1,6 +1,8 @@ { stdenv, fetchurl, fetchgit, vala_0_32, intltool, libgit2, pkgconfig, gtk3, glib -, json_glib, webkitgtk, makeWrapper, libpeas, bash, gobjectIntrospection -, gnome3, gtkspell3, shared_mime_info, libgee, libgit2-glib, librsvg, libsecret }: +, json_glib, webkitgtk, wrapGAppsHook, libpeas, bash, gobjectIntrospection +, gnome3, gtkspell3, shared_mime_info, libgee, libgit2-glib, librsvg, libsecret +, dconf}: + # TODO: icons and theme still does not work # use packaged gnome3.adwaita-icon-theme @@ -20,19 +22,14 @@ stdenv.mkDerivation rec { buildInputs = [ vala_0_32 intltool libgit2 pkgconfig gtk3 glib json_glib webkitgtk libgee libpeas libgit2-glib gtkspell3 gnome3.gsettings_desktop_schemas gnome3.gtksourceview - librsvg libsecret - gobjectIntrospection makeWrapper gnome3.adwaita-icon-theme ]; + librsvg libsecret dconf + gobjectIntrospection gnome3.adwaita-icon-theme ]; + + nativeBuildInputs = [ wrapGAppsHook ]; # https://bugzilla.gnome.org/show_bug.cgi?id=758240 preBuild = ''make -j$NIX_BUILD_CORES Gitg-1.0.gir''; - preFixup = '' - wrapProgram "$out/bin/gitg" \ - --prefix GI_TYPELIB_PATH : "$GI_TYPELIB_PATH" \ - --set GDK_PIXBUF_MODULE_FILE "$GDK_PIXBUF_MODULE_FILE" \ - --prefix XDG_DATA_DIRS : "$XDG_ICON_DIRS:${gtk3.out}/share:${gnome3.gnome_themes_standard}/share:$out/share:$GSETTINGS_SCHEMAS_PATH" - ''; - meta = with stdenv.lib; { homepage = https://wiki.gnome.org/action/show/Apps/Gitg; description = "GNOME GUI client to view git repositories"; diff --git a/pkgs/desktops/gnome-3/3.20/misc/libgda/default.nix b/pkgs/desktops/gnome-3/3.20/misc/libgda/default.nix index 75c45634636c..2e5b0a4af840 100644 --- a/pkgs/desktops/gnome-3/3.20/misc/libgda/default.nix +++ b/pkgs/desktops/gnome-3/3.20/misc/libgda/default.nix @@ -9,6 +9,8 @@ stdenv.mkDerivation rec { enableParallelBuilding = true; + hardeningDisable = [ "format" ]; + buildInputs = [ pkgconfig intltool itstool libxml2 gtk3 openssl ]; meta = with stdenv.lib; { diff --git a/pkgs/desktops/kde-4.14/kdebindings/qtruby.nix b/pkgs/desktops/kde-4.14/kdebindings/qtruby.nix index 03e9dc9a007f..ed83dd03eca1 100644 --- a/pkgs/desktops/kde-4.14/kdebindings/qtruby.nix +++ b/pkgs/desktops/kde-4.14/kdebindings/qtruby.nix @@ -1,18 +1,20 @@ -{ kde, cmake, smokeqt, ruby }: +{ kde, cmake, smokeqt, ruby_2_2 }: kde { # TODO: scintilla2, qwt5 - buildInputs = [ smokeqt ruby ]; + buildInputs = [ smokeqt ruby_2_2 ]; nativeBuildInputs = [ cmake ]; + hardeningDisable = [ "all" ]; + # The patch is not ready for upstream submmission. # I should add an option() instead. patches = [ ./qtruby-install-prefix.patch ]; - cmakeFlags="-DRUBY_ROOT_DIR=${ruby}"; + cmakeFlags="-DRUBY_ROOT_DIR=${ruby_2_2}"; meta = { description = "Ruby bindings for Qt library"; diff --git a/pkgs/desktops/xfce/panel-plugins/xfce4-verve-plugin.nix b/pkgs/desktops/xfce/panel-plugins/xfce4-verve-plugin.nix index 603a68cc5f67..442690706094 100644 --- a/pkgs/desktops/xfce/panel-plugins/xfce4-verve-plugin.nix +++ b/pkgs/desktops/xfce/panel-plugins/xfce4-verve-plugin.nix @@ -15,6 +15,8 @@ stdenv.mkDerivation rec { buildInputs = [ pkgconfig intltool glib exo pcre libxfce4util libxfce4ui xfce4panel xfconf gtk ]; + hardeningDisable = [ "format" ]; + meta = { homepage = "http://goodies.xfce.org/projects/panel-plugins/${p_name}"; description = "A command-line plugin"; diff --git a/pkgs/development/beam-modules/build-rebar3.nix b/pkgs/development/beam-modules/build-rebar3.nix index ac40b76a78af..f783683cd4a5 100644 --- a/pkgs/development/beam-modules/build-rebar3.nix +++ b/pkgs/development/beam-modules/build-rebar3.nix @@ -49,7 +49,7 @@ let postPatch = '' rm -f rebar rebar3 - ''; + '' + postPatch; configurePhase = if configurePhase == null then '' diff --git a/pkgs/development/compilers/ccl/default.nix b/pkgs/development/compilers/ccl/default.nix index e5e07705a18b..3e1784424e3c 100644 --- a/pkgs/development/compilers/ccl/default.nix +++ b/pkgs/development/compilers/ccl/default.nix @@ -5,7 +5,7 @@ let /* TODO: there are also MacOS, FreeBSD and Windows versions */ x86_64-linux = { arch = "linuxx86"; - sha256 = "0d2vhp5n74yhwixnvlsnp7dzaf9aj6zd2894hr2728djyd8x9fx6"; + sha256 = "0g6mkl207ri3ib9w85i9w0sv7srz784pbxidz0d95p6qkvg6shba"; runtime = "lx86cl64"; kernel = "linuxx8664"; }; diff --git a/pkgs/development/compilers/clean/default.nix b/pkgs/development/compilers/clean/default.nix index 7f3e679e8476..3fed2289f954 100644 --- a/pkgs/development/compilers/clean/default.nix +++ b/pkgs/development/compilers/clean/default.nix @@ -14,6 +14,8 @@ stdenv.mkDerivation rec { }) else throw "Architecture not supported"; + hardeningDisable = [ "format" "pic" ]; + # clm uses timestamps of dcl, icl, abc and o files to decide what must be rebuild # and for chroot builds all of the library files will have equal timestamps. This # makes clm try to rebuild the library modules (and fail due to absence of write permission diff --git a/pkgs/development/compilers/dev86/default.nix b/pkgs/development/compilers/dev86/default.nix index d17a5775db25..514075651e15 100644 --- a/pkgs/development/compilers/dev86/default.nix +++ b/pkgs/development/compilers/dev86/default.nix @@ -9,6 +9,8 @@ stdenv.mkDerivation rec { sha256 = "154dyr2ph4n0kwi8yx0n78j128kw29rk9r9f7s2gddzrdl712jr3"; }; + hardeningDisable = [ "format" ]; + makeFlags = "PREFIX=$(out)"; meta = { diff --git a/pkgs/development/compilers/ecl/default.nix b/pkgs/development/compilers/ecl/default.nix index 76ee5219a900..61737004e6fb 100644 --- a/pkgs/development/compilers/ecl/default.nix +++ b/pkgs/development/compilers/ecl/default.nix @@ -23,9 +23,11 @@ in stdenv.mkDerivation { inherit (s) name version; inherit buildInputs propagatedBuildInputs; + src = fetchurl { inherit (s) url sha256; }; + configureFlags = [ "--enable-threads" "--with-gmp-prefix=${gmp.dev}" @@ -35,12 +37,16 @@ stdenv.mkDerivation { (stdenv.lib.optional (! noUnicode) "--enable-unicode") ; + + hardeningDisable = [ "format" ]; + postInstall = '' sed -e 's/@[-a-zA-Z_]*@//g' -i $out/bin/ecl-config wrapProgram "$out/bin/ecl" \ --prefix NIX_LDFLAGS ' ' "-L${gmp.lib or gmp.out or gmp}/lib" \ --prefix NIX_LDFLAGS ' ' "-L${libffi.lib or libffi.out or libffi}/lib" ''; + meta = { inherit (s) version; description = "Lisp implementation aiming to be small, fast and easy to embed"; diff --git a/pkgs/development/compilers/edk2/default.nix b/pkgs/development/compilers/edk2/default.nix index 99b652e0a5f3..4ddf580fae5d 100644 --- a/pkgs/development/compilers/edk2/default.nix +++ b/pkgs/development/compilers/edk2/default.nix @@ -11,7 +11,7 @@ else edk2 = stdenv.mkDerivation { name = "edk2-2014-12-10"; - + src = fetchgit { url = git://github.com/tianocore/edk2; rev = "684a565a04"; @@ -20,9 +20,9 @@ edk2 = stdenv.mkDerivation { buildInputs = [ libuuid pythonFull ]; - buildPhase = '' - make -C BaseTools - ''; + makeFlags = "-C BaseTools"; + + hardeningDisable = [ "format" "fortify" ]; installPhase = '' mkdir -vp $out diff --git a/pkgs/development/compilers/gcc/4.5/default.nix b/pkgs/development/compilers/gcc/4.5/default.nix index 69ff590a6314..7a97b6897145 100644 --- a/pkgs/development/compilers/gcc/4.5/default.nix +++ b/pkgs/development/compilers/gcc/4.5/default.nix @@ -134,6 +134,8 @@ stdenv.mkDerivation ({ inherit langC langCC langFortran langJava langAda; }; + hardeningDisable = [ "format" ] ++ optional (name != "gnat") "all"; + patches = [ ] ++ optional (cross != null) ../libstdc++-target.patch @@ -207,7 +209,7 @@ stdenv.mkDerivation ({ nativeBuildInputs = [ texinfo which gettext ] ++ optional (perl != null) perl; - + buildInputs = [ gmp mpfr libmpc libelf ] ++ (optional (ppl != null) ppl) ++ (optional (cloogppl != null) cloogppl) diff --git a/pkgs/development/compilers/gcc/4.6/default.nix b/pkgs/development/compilers/gcc/4.6/default.nix index fad198b1f5c8..f98fde69fc4b 100644 --- a/pkgs/development/compilers/gcc/4.6/default.nix +++ b/pkgs/development/compilers/gcc/4.6/default.nix @@ -193,6 +193,8 @@ stdenv.mkDerivation ({ inherit patches enableMultilib; + hardeningDisable = [ "format" ]; + libc_dev = stdenv.cc.libc_dev; postPatch = diff --git a/pkgs/development/compilers/gcc/4.8/default.nix b/pkgs/development/compilers/gcc/4.8/default.nix index 42fd4bec2ebc..d15a9a90b794 100644 --- a/pkgs/development/compilers/gcc/4.8/default.nix +++ b/pkgs/development/compilers/gcc/4.8/default.nix @@ -217,6 +217,8 @@ stdenv.mkDerivation ({ inherit patches; + hardeningDisable = [ "format" ]; + outputs = [ "out" "lib" "doc" ]; setOutputFlags = false; NIX_NO_SELF_RPATH = true; diff --git a/pkgs/development/compilers/gcc/4.9/default.nix b/pkgs/development/compilers/gcc/4.9/default.nix index a8aa550c93c4..7bf3e3bb6056 100644 --- a/pkgs/development/compilers/gcc/4.9/default.nix +++ b/pkgs/development/compilers/gcc/4.9/default.nix @@ -221,6 +221,8 @@ stdenv.mkDerivation ({ inherit patches; + hardeningDisable = [ "format" ]; + outputs = if langJava || langGo then ["out" "man" "info"] else [ "out" "lib" "man" "info" ]; setOutputFlags = false; diff --git a/pkgs/development/compilers/gcc/5/default.nix b/pkgs/development/compilers/gcc/5/default.nix index 2ac4f553f850..74f7f37e7f30 100644 --- a/pkgs/development/compilers/gcc/5/default.nix +++ b/pkgs/development/compilers/gcc/5/default.nix @@ -219,6 +219,9 @@ stdenv.mkDerivation ({ inherit sha256; }; + # FIXME stackprotector needs gcc 4.9 in bootstrap tools + hardeningDisable = [ "stackprotector" "format" ]; + inherit patches; outputs = [ "out" "lib" "man" "info" ]; diff --git a/pkgs/development/compilers/gcc/6/default.nix b/pkgs/development/compilers/gcc/6/default.nix index c6fb6da2320e..079b277a8e58 100644 --- a/pkgs/development/compilers/gcc/6/default.nix +++ b/pkgs/development/compilers/gcc/6/default.nix @@ -226,6 +226,8 @@ stdenv.mkDerivation ({ libc_dev = stdenv.cc.libc_dev; + hardeningDisable = [ "format" ]; + postPatch = if (stdenv.isGNU || (libcCross != null # e.g., building `gcc.crossDrv' diff --git a/pkgs/development/compilers/gcc/gfortran-darwin.nix b/pkgs/development/compilers/gcc/gfortran-darwin.nix index 7fa58a053b44..48caeea5f1ff 100644 --- a/pkgs/development/compilers/gcc/gfortran-darwin.nix +++ b/pkgs/development/compilers/gcc/gfortran-darwin.nix @@ -7,12 +7,18 @@ stdenv.mkDerivation rec { name = "gfortran-${version}"; version = "5.1.0"; - buildInputs = [gmp mpfr libmpc isl_0_14 cloog zlib]; + + buildInputs = [ gmp mpfr libmpc isl_0_14 cloog zlib ]; + src = fetchurl { url = "mirror://gnu/gcc/gcc-${version}/gcc-${version}.tar.bz2"; sha256 = "1bd5vj4px3s8nlakbgrh38ynxq4s654m6nxz7lrj03mvkkwgvnmp"; }; + patches = ./gfortran-darwin.patch; + + hardeningDisable = [ "format" ]; + configureFlags = '' --disable-bootstrap --disable-cloog-version-check @@ -28,11 +34,15 @@ stdenv.mkDerivation rec { --with-native-system-header-dir=${Libsystem}/include --with-system-zlib ''; + postConfigure = '' export DYLD_LIBRARY_PATH=`pwd`/`uname -m`-apple-darwin`uname -r`/libgcc ''; - makeFlags = ["CC=clang"]; + + makeFlags = [ "CC=clang" ]; + passthru.cc = stdenv.cc.cc; + meta = with stdenv.lib; { description = "GNU Fortran compiler, part of the GNU Compiler Collection"; homepage = "https://gcc.gnu.org/fortran/"; diff --git a/pkgs/development/compilers/gcl/default.nix b/pkgs/development/compilers/gcl/default.nix index cf5b862646e4..0e4d5bed0514 100644 --- a/pkgs/development/compilers/gcl/default.nix +++ b/pkgs/development/compilers/gcl/default.nix @@ -32,24 +32,9 @@ stdenv.mkDerivation rec { "--enable-ansi" ]; - # Upstream bug submitted - http://savannah.gnu.org/bugs/index.php?30371 - # $TMPDIR must have no extension - # setVars = a.noDepEntry '' - # export TMPDIR="''${TMPDIR:-''${TMP:-''${TEMP}}}/tmp-for-gcl" - # mkdir -p "$TMPDIR" - # ''; - - preBuild = '' - # sed -re "s@/bin/cat@$(which cat)@g" -i configure */configure - # sed -re "s@if test -d /proc/self @if false @" -i configure - # sed -re 's^([ \t])cpp ^\1cpp -I${stdenv.cc.cc}/include -I${stdenv.cc.libc}/include ^g' -i makefile - - export NIX_CFLAGS_COMPILE="$NIX_CFLAGS_COMPILE -fgnu89-inline" - ''; - - /* doConfigure should be removed if not needed */ - # phaseNames = ["setVars" "doUnpack" "preBuild" - # "doConfigure" "doMakeInstall"]; + hardeningDisable = [ "pic" "bindnow" ]; + + NIX_CFLAGS_COMPILE = "-fgnu89-inline"; meta = { description = "GNU Common Lisp compiler working via GCC"; diff --git a/pkgs/development/compilers/ghc/6.10.4.nix b/pkgs/development/compilers/ghc/6.10.4.nix index d8d25ef8082c..9a816797291b 100644 --- a/pkgs/development/compilers/ghc/6.10.4.nix +++ b/pkgs/development/compilers/ghc/6.10.4.nix @@ -12,6 +12,8 @@ stdenv.mkDerivation rec { buildInputs = [ghc libedit perl gmp]; + hardeningDisable = [ "format" ]; + configureFlags = [ "--with-gmp-libraries=${gmp.out}/lib" "--with-gmp-includes=${gmp.dev}/include" diff --git a/pkgs/development/compilers/ghc/7.0.4.nix b/pkgs/development/compilers/ghc/7.0.4.nix index 7442c5ca53c8..099f1376c778 100644 --- a/pkgs/development/compilers/ghc/7.0.4.nix +++ b/pkgs/development/compilers/ghc/7.0.4.nix @@ -9,7 +9,7 @@ stdenv.mkDerivation rec { sha256 = "1a9b78d9d66c9c21de6c0932e36bb87406a4856f1611bf83bd44539bdc6ed0ed"; }; - patches = [ ./fix-7.0.4-clang.patch ]; + patches = [ ./fix-7.0.4-clang.patch ./relocation.patch ]; buildInputs = [ ghc perl gmp ncurses ]; diff --git a/pkgs/development/compilers/ghc/7.10.2.nix b/pkgs/development/compilers/ghc/7.10.2.nix index 2e96c999b9e0..e384a42a51f4 100644 --- a/pkgs/development/compilers/ghc/7.10.2.nix +++ b/pkgs/development/compilers/ghc/7.10.2.nix @@ -29,6 +29,8 @@ stdenv.mkDerivation rec { buildInputs = [ ghc perl libxml2 libxslt docbook_xsl docbook_xml_dtd_45 docbook_xml_dtd_42 hscolour ]; + patches = [ ./relocation.patch ]; + enableParallelBuilding = true; outputs = [ "out" "doc" ]; diff --git a/pkgs/development/compilers/ghc/7.10.3.nix b/pkgs/development/compilers/ghc/7.10.3.nix index c059a89bde3b..31cf0b3c8bde 100644 --- a/pkgs/development/compilers/ghc/7.10.3.nix +++ b/pkgs/development/compilers/ghc/7.10.3.nix @@ -23,6 +23,7 @@ stdenv.mkDerivation rec { patches = [ docFixes + ./relocation.patch ./ghc-7.x-dont-pass-linker-flags-via-response-files.patch # https://github.com/NixOS/nixpkgs/issues/10752 ]; diff --git a/pkgs/development/compilers/ghc/7.2.2.nix b/pkgs/development/compilers/ghc/7.2.2.nix index 06f7cb9af2c4..31cac49135fc 100644 --- a/pkgs/development/compilers/ghc/7.2.2.nix +++ b/pkgs/development/compilers/ghc/7.2.2.nix @@ -9,7 +9,7 @@ stdenv.mkDerivation rec { sha256 = "0g87d3z9275dniaqzkf56qfgzp1msd89nqqhhm2gkc6iga072spz"; }; - patches = [ ./fix-7.2.2-clang.patch ]; + patches = [ ./fix-7.2.2-clang.patch ./relocation.patch ]; buildInputs = [ ghc perl gmp ncurses ]; diff --git a/pkgs/development/compilers/ghc/7.4.2.nix b/pkgs/development/compilers/ghc/7.4.2.nix index c74461a064e6..63ce7ddfacc7 100644 --- a/pkgs/development/compilers/ghc/7.4.2.nix +++ b/pkgs/development/compilers/ghc/7.4.2.nix @@ -10,7 +10,7 @@ stdenv.mkDerivation rec { sha256 = "0vc3zmxqi4gflssmj35n5c8idbvyrhd88abi50whbirwlf4i5vpj"; }; - patches = [ ./fix-7.4.2-clang.patch ]; + patches = [ ./fix-7.4.2-clang.patch ./relocation.patch ]; buildInputs = [ ghc perl gmp ncurses ]; diff --git a/pkgs/development/compilers/ghc/7.6.3.nix b/pkgs/development/compilers/ghc/7.6.3.nix index 6ee629cc9804..5a933a23aa8b 100644 --- a/pkgs/development/compilers/ghc/7.6.3.nix +++ b/pkgs/development/compilers/ghc/7.6.3.nix @@ -17,7 +17,7 @@ in stdenv.mkDerivation rec { sha256 = "1669m8k9q72rpd2mzs0bh2q6lcwqiwd1ax3vrard1dgn64yq4hxx"; }; - patches = [ ./fix-7.6.3-clang.patch ]; + patches = [ ./fix-7.6.3-clang.patch ./relocation.patch ]; buildInputs = [ ghc perl gmp ncurses ]; diff --git a/pkgs/development/compilers/ghc/7.8.3.nix b/pkgs/development/compilers/ghc/7.8.3.nix index 55f8655c7009..f631ad923560 100644 --- a/pkgs/development/compilers/ghc/7.8.3.nix +++ b/pkgs/development/compilers/ghc/7.8.3.nix @@ -9,6 +9,8 @@ stdenv.mkDerivation rec { sha256 = "0n5rhwl83yv8qm0zrbaxnyrf8x1i3b6si927518mwfxs96jrdkdh"; }; + patches = [ ./relocation.patch ]; + buildInputs = [ ghc perl gmp ncurses ]; enableParallelBuilding = true; diff --git a/pkgs/development/compilers/ghc/7.8.4.nix b/pkgs/development/compilers/ghc/7.8.4.nix index 6e10b1443c8f..f41a1cf7d98d 100644 --- a/pkgs/development/compilers/ghc/7.8.4.nix +++ b/pkgs/development/compilers/ghc/7.8.4.nix @@ -9,6 +9,8 @@ stdenv.mkDerivation (rec { sha256 = "1i4254akbb4ym437rf469gc0m40bxm31blp6s1z1g15jmnacs6f3"; }; + patches = [ ./relocation.patch ]; + buildInputs = [ ghc perl gmp ncurses ]; enableParallelBuilding = true; diff --git a/pkgs/development/compilers/ghc/8.0.1.nix b/pkgs/development/compilers/ghc/8.0.1.nix index 8341fca9f42f..02a78f60550f 100644 --- a/pkgs/development/compilers/ghc/8.0.1.nix +++ b/pkgs/development/compilers/ghc/8.0.1.nix @@ -23,6 +23,7 @@ stdenv.mkDerivation rec { patches = [ ./ghc-8.x-dont-pass-linker-flags-via-response-files.patch # https://github.com/NixOS/nixpkgs/issues/10752 + ./relocation.patch # Fix https://ghc.haskell.org/trac/ghc/ticket/12130 (fetchFilteredPatch { url = https://git.haskell.org/ghc.git/patch/4d71cc89b4e9648f3fbb29c8fcd25d725616e265; sha256 = "0syaxb4y4s2dc440qmrggb4vagvqqhb55m6mx12rip4i9qhxl8k0"; }) diff --git a/pkgs/development/compilers/ghc/nokinds.nix b/pkgs/development/compilers/ghc/nokinds.nix index ca0a78eb0b67..a041ff02f936 100644 --- a/pkgs/development/compilers/ghc/nokinds.nix +++ b/pkgs/development/compilers/ghc/nokinds.nix @@ -38,6 +38,8 @@ stdenv.mkDerivation rec { sha256 = "183l4v6aw52r3ydwl8bxg1lh3cwfakb35rpy6mjg23dqmqsynmcn"; }; + patches = [ ./relocation.patch ]; + postUnpack = '' pushd ghc-${builtins.substring 0 7 rev} echo ${version} >VERSION diff --git a/pkgs/development/compilers/ghc/relocation.patch b/pkgs/development/compilers/ghc/relocation.patch new file mode 100644 index 000000000000..b9becfc86b54 --- /dev/null +++ b/pkgs/development/compilers/ghc/relocation.patch @@ -0,0 +1,27 @@ +Adding support for the R_X86_64_REX_GOTPCRELX relocation type. +This relocation is treated by the linker the same as the R_X86_64_GOTPCRELX type +G + GOT + A - P to generate relative offsets to the GOT. +The REX prefix has no influence in this stage. + +This caused breakage when enabling relro/bindnow hardening e.g. in ghcPaclages.vector + +Source: https://phabricator.haskell.org/D2303#67070 +diff --git a/rts/Linker.c b/rts/Linker.c +--- a/rts/Linker.c ++++ b/rts/Linker.c +@@ -5681,7 +5681,13 @@ + *(Elf64_Sword *)P = (Elf64_Sword)value; + #endif + break; +- ++/* These two relocations were introduced in glibc 2.23 and binutils 2.26. ++ But in order to use them the system which compiles the bindist for GHC needs ++ to have glibc >= 2.23. So only use them if they're defined. */ ++#if defined(R_X86_64_REX_GOTPCRELX) && defined(R_X86_64_GOTPCRELX) ++ case R_X86_64_REX_GOTPCRELX: ++ case R_X86_64_GOTPCRELX: ++#endif + case R_X86_64_GOTPCREL: + { + StgInt64 gotAddress = (StgInt64) &makeSymbolExtra(oc, ELF_R_SYM(info), S)->addr; + diff --git a/pkgs/development/compilers/go/1.1.nix b/pkgs/development/compilers/go/1.1.nix deleted file mode 100644 index 0c6d41264149..000000000000 --- a/pkgs/development/compilers/go/1.1.nix +++ /dev/null @@ -1,101 +0,0 @@ -{ stdenv, fetchurl, bison, glibc, bash, coreutils, makeWrapper, tzdata, iana_etc -, removeGodocExternals ? false }: - -let - loader386 = "${glibc.out}/lib/ld-linux.so.2"; - loaderAmd64 = "${glibc.out}/lib/ld-linux-x86-64.so.2"; - loaderArm = "${glibc.out}/lib/ld-linux.so.3"; -in - -stdenv.mkDerivation { - name = "go-1.1.2"; - - src = fetchurl { - url = http://go.googlecode.com/files/go1.1.2.src.tar.gz; - sha256 = "0w7bchhb4b053az3wjp6z342rs9lp9nxf4w2mnfd1b89d6sb7izz"; - }; - - buildInputs = [ bison glibc bash makeWrapper ]; - - NIX_CFLAGS_COMPILE = "-Wno-error=cpp"; - - # I'm not sure what go wants from its 'src', but the go installation manual - # describes an installation keeping the src. - preUnpack = '' - mkdir -p $out/share - cd $out/share - ''; - - prePatch = '' - cd .. - if [ ! -d go ]; then - mv * go - fi - cd go - - patchShebangs ./ # replace /bin/bash - # !!! substituteInPlace does not seems to be effective. - sed -i 's,/lib/ld-linux.so.2,${loader386},' src/cmd/8l/asm.c - sed -i 's,/lib64/ld-linux-x86-64.so.2,${loaderAmd64},' src/cmd/6l/asm.c - sed -i 's,/lib64/ld-linux-x86-64.so.3,${loaderArm},' src/cmd/5l/asm.c - sed -i 's,/usr/share/zoneinfo/,${tzdata}/share/zoneinfo/,' src/pkg/time/zoneinfo_unix.go - sed -i 's,/etc/protocols,${iana_etc}/etc/protocols,' src/pkg/net/lookup_unix.go - - #sed -i -e 's,/bin/cat,${coreutils}/bin/cat,' \ - # -e 's,/bin/echo,${coreutils}/bin/echo,' \ - # src/pkg/exec/exec_test.go - - # Disabling the 'os/http/net' tests (they want files not available in - # chroot builds) - rm src/pkg/net/{multicast_test.go,parse_test.go,port_test.go} - # The os test wants to read files in an existing path. Just it don't be /usr/bin. - sed -i 's,/usr/bin,'"`pwd`", src/pkg/os/os_test.go - sed -i 's,/bin/pwd,'"`type -P pwd`", src/pkg/os/os_test.go - # Disable the hostname test - sed -i '/TestHostname/areturn' src/pkg/os/os_test.go - # ParseInLocation fails the test - sed -i '/TestParseInSydney/areturn' src/pkg/time/time_test.go - '' + stdenv.lib.optionalString removeGodocExternals '' - sed -i -e '/googleapi/d' -e '/javascript">$/,+6d' lib/godoc/godoc.html - ''; - - patches = [ ./cacert.patch ]; - - GOOS = "linux"; - GOARCH = if stdenv.system == "i686-linux" then "386" - else if stdenv.system == "x86_64-linux" then "amd64" - else if stdenv.system == "armv5tel-linux" then "arm" - else throw "Unsupported system"; - GOARM = stdenv.lib.optionalString (stdenv.system == "armv5tel-linux") "5"; - - installPhase = '' - mkdir -p "$out/bin" - export GOROOT="$(pwd)/" - export GOBIN="$out/bin" - export PATH="$GOBIN:$PATH" - cd ./src - ./all.bash - cd - - - # Wrap the tools to define the location of the - # libraries. - for a in go gofmt godoc; do - wrapProgram "$out/bin/$a" \ - --set "GOROOT" $out/share/go \ - ${if stdenv.system == "armv5tel-linux" then "--set GOARM $GOARM" else ""} - done - - # Copy the emacs configuration for Go files. - mkdir -p "$out/share/emacs/site-lisp" - cp ./misc/emacs/* $out/share/emacs/site-lisp/ - ''; - - meta = { - branch = "1.1"; - homepage = http://golang.org/; - description = "The Go Programming language"; - license = "BSD"; - maintainers = with stdenv.lib.maintainers; [ pierron viric ]; - platforms = stdenv.lib.platforms.linux; - }; -} diff --git a/pkgs/development/compilers/go/1.2.nix b/pkgs/development/compilers/go/1.2.nix deleted file mode 100644 index 0454ea96d892..000000000000 --- a/pkgs/development/compilers/go/1.2.nix +++ /dev/null @@ -1,91 +0,0 @@ -{ stdenv, fetchurl, bison, glibc, bash, coreutils, makeWrapper, tzdata, iana_etc }: - -let - loader386 = "${glibc.out}/lib/ld-linux.so.2"; - loaderAmd64 = "${glibc.out}/lib/ld-linux-x86-64.so.2"; - loaderArm = "${glibc.out}/lib/ld-linux.so.3"; -in - -stdenv.mkDerivation { - name = "go-1.2.2"; - - src = fetchurl { - url = https://storage.googleapis.com/golang/go1.2.2.src.tar.gz; - sha1 = "3ce0ac4db434fc1546fec074841ff40dc48c1167"; - }; - - buildInputs = [ bison glibc bash makeWrapper ]; - - NIX_CFLAGS_COMPILE = "-Wno-error=cpp"; - - # I'm not sure what go wants from its 'src', but the go installation manual - # describes an installation keeping the src. - preUnpack = '' - mkdir -p $out/share - cd $out/share - ''; - - prePatch = '' - cd .. - if [ ! -d go ]; then - mv * go - fi - cd go - - patchShebangs ./ # replace /bin/bash - # !!! substituteInPlace does not seems to be effective. - sed -i 's,/lib/ld-linux.so.2,${loader386},' src/cmd/8l/asm.c - sed -i 's,/lib64/ld-linux-x86-64.so.2,${loaderAmd64},' src/cmd/6l/asm.c - sed -i 's,/lib64/ld-linux-x86-64.so.3,${loaderArm},' src/cmd/5l/asm.c - sed -i 's,/usr/share/zoneinfo/,${tzdata}/share/zoneinfo/,' src/pkg/time/zoneinfo_unix.go - sed -i 's,/etc/protocols,${iana_etc}/etc/protocols,' src/pkg/net/lookup_unix.go - - #sed -i -e 's,/bin/cat,${coreutils}/bin/cat,' \ - # -e 's,/bin/echo,${coreutils}/bin/echo,' \ - # src/pkg/exec/exec_test.go - - # Disabling the 'os/http/net' tests (they want files not available in - # chroot builds) - rm src/pkg/net/{multicast_test.go,parse_test.go,port_test.go} - # The os test wants to read files in an existing path. Just it don't be /usr/bin. - sed -i 's,/usr/bin,'"`pwd`", src/pkg/os/os_test.go - sed -i 's,/bin/pwd,'"`type -P pwd`", src/pkg/os/os_test.go - # Disable the hostname test - sed -i '/TestHostname/areturn' src/pkg/os/os_test.go - # ParseInLocation fails the test - sed -i '/TestParseInSydney/areturn' src/pkg/time/time_test.go - ''; - - patches = [ ./cacert-1.2.patch ]; - - GOOS = "linux"; - GOARCH = if stdenv.system == "i686-linux" then "386" - else if stdenv.system == "x86_64-linux" then "amd64" - else if stdenv.system == "armv5tel-linux" then "arm" - else throw "Unsupported system"; - GOARM = stdenv.lib.optionalString (stdenv.system == "armv5tel-linux") "5"; - GO386 = 387; # from Arch: don't assume sse2 on i686 - - installPhase = '' - mkdir -p "$out/bin" - export GOROOT="$(pwd)/" - export GOBIN="$out/bin" - export PATH="$GOBIN:$PATH" - cd ./src - ./all.bash - cd - - - # Copy the emacs configuration for Go files. - mkdir -p "$out/share/emacs/site-lisp" - cp ./misc/emacs/* $out/share/emacs/site-lisp/ - ''; - - meta = { - branch = "1.2"; - homepage = http://golang.org/; - description = "The Go Programming language"; - license = "BSD"; - maintainers = with stdenv.lib.maintainers; [ pierron viric ]; - platforms = stdenv.lib.platforms.linux; - }; -} diff --git a/pkgs/development/compilers/go/1.3.nix b/pkgs/development/compilers/go/1.3.nix deleted file mode 100644 index a9a3c10584b0..000000000000 --- a/pkgs/development/compilers/go/1.3.nix +++ /dev/null @@ -1,113 +0,0 @@ -{ stdenv, lib, fetchurl, fetchhg, bison, glibc, bash, coreutils, makeWrapper, tzdata, iana_etc, perl }: - -let - loader386 = "${glibc.out}/lib/ld-linux.so.2"; - loaderAmd64 = "${glibc.out}/lib/ld-linux-x86-64.so.2"; - loaderArm = "${glibc.out}/lib/ld-linux.so.3"; - srcs = { - golang = fetchurl { - url = https://storage.googleapis.com/golang/go1.3.3.src.tar.gz; - sha1 = "b54b7deb7b7afe9f5d9a3f5dd830c7dede35393a"; - }; - tools = fetchhg { - url = https://code.google.com/p/go.tools/; - rev = "e1c276c4e679"; - sha256 = "0x62njflwkd99i2ixbksg6mjppl1wfg86f0g3swn350l1h0xzp76"; - }; - }; -in - -stdenv.mkDerivation { - name = "go-1.3.3"; - - src = srcs.golang; - - # perl is used for testing go vet - buildInputs = [ bison bash makeWrapper perl ] ++ lib.optionals stdenv.isLinux [ glibc ] ; - - # I'm not sure what go wants from its 'src', but the go installation manual - # describes an installation keeping the src. - preUnpack = '' - mkdir -p $out/share - cd $out/share - ''; - postUnpack = '' - mkdir -p $out/share/go/src/pkg/code.google.com/p/ - cp -rv --no-preserve=mode,ownership ${srcs.tools} $out/share/go/src/pkg/code.google.com/p/go.tools - ''; - - prePatch = '' - # Ensure that the source directory is named go - cd .. - if [ ! -d go ]; then - mv * go - fi - cd go - patchShebangs ./ # replace /bin/bash - - # Disabling the 'os/http/net' tests (they want files not available in - # chroot builds) - rm src/pkg/net/{multicast_test.go,parse_test.go,port_test.go} - # !!! substituteInPlace does not seems to be effective. - # The os test wants to read files in an existing path. Just don't let it be /usr/bin. - sed -i 's,/usr/bin,'"`pwd`", src/pkg/os/os_test.go - sed -i 's,/bin/pwd,'"`type -P pwd`", src/pkg/os/os_test.go - # Disable the unix socket test - sed -i '/TestShutdownUnix/areturn' src/pkg/net/net_test.go - # Disable the hostname test - sed -i '/TestHostname/areturn' src/pkg/os/os_test.go - sed -i 's,/etc/protocols,${iana_etc}/etc/protocols,' src/pkg/net/lookup_unix.go - # ParseInLocation fails the test - sed -i '/TestParseInSydney/areturn' src/pkg/time/format_test.go - '' + lib.optionalString stdenv.isLinux '' - sed -i 's,/usr/share/zoneinfo/,${tzdata}/share/zoneinfo/,' src/pkg/time/zoneinfo_unix.go - sed -i 's,/lib/ld-linux.so.3,${loaderArm},' src/cmd/5l/asm.c - sed -i 's,/lib64/ld-linux-x86-64.so.2,${loaderAmd64},' src/cmd/6l/asm.c - sed -i 's,/lib/ld-linux.so.2,${loader386},' src/cmd/8l/asm.c - ''; - - patches = [ ./cacert-1.2.patch ]; - - GOOS = if stdenv.isDarwin then "darwin" else "linux"; - GOARCH = if stdenv.isDarwin then "amd64" - else if stdenv.system == "i686-linux" then "386" - else if stdenv.system == "x86_64-linux" then "amd64" - else if stdenv.system == "armv5tel-linux" then "arm" - else throw "Unsupported system"; - GOARM = stdenv.lib.optionalString (stdenv.system == "armv5tel-linux") "5"; - GO386 = 387; # from Arch: don't assume sse2 on i686 - CGO_ENABLED = if stdenv.isDarwin then 0 else 1; - - installPhase = '' - export CC=cc - mkdir -p "$out/bin" - unset GOPATH - export GOROOT="$(pwd)/" - export GOBIN="$out/bin" - export PATH="$GOBIN:$PATH" - cd ./src - ./all.bash - cd - - - # Build extra tooling - # TODO: Fix godoc tests - TOOL_ROOT=code.google.com/p/go.tools/cmd - go install -v $TOOL_ROOT/cover $TOOL_ROOT/vet $TOOL_ROOT/godoc - go test -v $TOOL_ROOT/cover $TOOL_ROOT/vet # $TOOL_ROOT/godoc - - # Copy the emacs configuration for Go files. - mkdir -p "$out/share/emacs/site-lisp" - cp ./misc/emacs/* $out/share/emacs/site-lisp/ - ''; - - setupHook = ./setup-hook.sh; - - meta = { - branch = "1.3"; - homepage = http://golang.org/; - description = "The Go Programming language"; - license = "BSD"; - maintainers = with stdenv.lib.maintainers; [ cstrahan ]; - platforms = stdenv.lib.platforms.linux ++ stdenv.lib.platforms.darwin; - }; -} diff --git a/pkgs/development/compilers/go/1.4.nix b/pkgs/development/compilers/go/1.4.nix index 17c3cc052177..273d768ce21f 100644 --- a/pkgs/development/compilers/go/1.4.nix +++ b/pkgs/development/compilers/go/1.4.nix @@ -20,6 +20,8 @@ stdenv.mkDerivation rec { buildInputs = [ pcre ]; propagatedBuildInputs = lib.optional stdenv.isDarwin Security; + hardeningDisable = [ "all" ]; + # I'm not sure what go wants from its 'src', but the go installation manual # describes an installation keeping the src. preUnpack = '' @@ -98,7 +100,7 @@ stdenv.mkDerivation rec { else throw "Unsupported system"; GOARM = stdenv.lib.optionalString (stdenv.system == "armv5tel-linux") "5"; GO386 = 387; # from Arch: don't assume sse2 on i686 - CGO_ENABLED = 1; + CGO_ENABLED = 0; # The go build actually checks for CC=*/clang and does something different, so we don't # just want the generic `cc` here. diff --git a/pkgs/development/compilers/go/1.5.nix b/pkgs/development/compilers/go/1.5.nix deleted file mode 100644 index b2eb4b1f246f..000000000000 --- a/pkgs/development/compilers/go/1.5.nix +++ /dev/null @@ -1,141 +0,0 @@ -{ stdenv, lib, fetchFromGitHub, tzdata, iana_etc, go_1_4, runCommand -, perl, which, pkgconfig, patch -, pcre -, Security, Foundation }: - -let - goBootstrap = runCommand "go-bootstrap" {} '' - mkdir $out - cp -rf ${go_1_4}/* $out/ - chmod -R u+w $out - find $out -name "*.c" -delete - cp -rf $out/bin/* $out/share/go/bin/ - ''; -in - -stdenv.mkDerivation rec { - name = "go-${version}"; - version = "1.5.4"; - - src = fetchFromGitHub { - owner = "golang"; - repo = "go"; - rev = "go${version}"; - sha256 = "1lvk9awmkjbz5z4snv3q3b3r7ijfz97kig2wkqz6jmr7b0lp1fcy"; - }; - - # perl is used for testing go vet - nativeBuildInputs = [ perl which pkgconfig patch ]; - buildInputs = [ pcre ]; - propagatedBuildInputs = lib.optionals stdenv.isDarwin [ - Security Foundation - ]; - - # I'm not sure what go wants from its 'src', but the go installation manual - # describes an installation keeping the src. - preUnpack = '' - mkdir -p $out/share - cd $out/share - ''; - - prePatch = '' - # Ensure that the source directory is named go - cd .. - if [ ! -d go ]; then - mv * go - fi - - cd go - patchShebangs ./ # replace /bin/bash - - # Disabling the 'os/http/net' tests (they want files not available in - # chroot builds) - rm src/net/{listen_test.go,parse_test.go,port_test.go} - rm src/syscall/exec_linux_test.go - # !!! substituteInPlace does not seems to be effective. - # The os test wants to read files in an existing path. Just don't let it be /usr/bin. - sed -i 's,/usr/bin,'"`pwd`", src/os/os_test.go - sed -i 's,/bin/pwd,'"`type -P pwd`", src/os/os_test.go - # Disable the unix socket test - sed -i '/TestShutdownUnix/areturn' src/net/net_test.go - # Disable the hostname test - sed -i '/TestHostname/areturn' src/os/os_test.go - # ParseInLocation fails the test - sed -i '/TestParseInSydney/areturn' src/time/format_test.go - # Remove the api check as it never worked - sed -i '/src\/cmd\/api\/run.go/ireturn nil' src/cmd/dist/test.go - # Remove the coverage test as we have removed this utility - sed -i '/TestCoverageWithCgo/areturn' src/cmd/go/go_test.go - - sed -i 's,/etc/protocols,${iana_etc}/etc/protocols,' src/net/lookup_unix.go - '' + lib.optionalString stdenv.isLinux '' - sed -i 's,/usr/share/zoneinfo/,${tzdata}/share/zoneinfo/,' src/time/zoneinfo_unix.go - '' + lib.optionalString stdenv.isDarwin '' - substituteInPlace src/race.bash --replace \ - "sysctl machdep.cpu.extfeatures | grep -qv EM64T" true - sed -i 's,strings.Contains(.*sysctl.*,true {,' src/cmd/dist/util.go - sed -i 's,"/etc","'"$TMPDIR"'",' src/os/os_test.go - sed -i 's,/_go_os_test,'"$TMPDIR"'/_go_os_test,' src/os/path_test.go - sed -i '/TestCgoLookupIP/areturn' src/net/cgo_unix_test.go - sed -i '/TestChdirAndGetwd/areturn' src/os/os_test.go - sed -i '/TestRead0/areturn' src/os/os_test.go - sed -i '/TestNohup/areturn' src/os/signal/signal_test.go - sed -i '/TestSystemRoots/areturn' src/crypto/x509/root_darwin_test.go - - sed -i '/TestGoInstallRebuildsStalePackagesInOtherGOPATH/areturn' src/cmd/go/go_test.go - sed -i '/TestBuildDashIInstallsDependencies/areturn' src/cmd/go/go_test.go - - sed -i '/TestDisasmExtld/areturn' src/cmd/objdump/objdump_test.go - - touch $TMPDIR/group $TMPDIR/hosts $TMPDIR/passwd - ''; - - patches = [ - ./remove-tools-1.5.patch - ] - # -ldflags=-s is required to compile on Darwin, see - # https://github.com/golang/go/issues/11994 - ++ stdenv.lib.optional stdenv.isDarwin ./strip.patch; - - GOOS = if stdenv.isDarwin then "darwin" else "linux"; - GOARCH = if stdenv.isDarwin then "amd64" - else if stdenv.system == "i686-linux" then "386" - else if stdenv.system == "x86_64-linux" then "amd64" - else if stdenv.isArm then "arm" - else throw "Unsupported system"; - GOARM = stdenv.lib.optionalString (stdenv.system == "armv5tel-linux") "5"; - GO386 = 387; # from Arch: don't assume sse2 on i686 - CGO_ENABLED = 1; - GOROOT_BOOTSTRAP = "${goBootstrap}/share/go"; - - # The go build actually checks for CC=*/clang and does something different, so we don't - # just want the generic `cc` here. - CC = if stdenv.isDarwin then "clang" else "cc"; - - installPhase = '' - mkdir -p "$out/bin" - export GOROOT="$(pwd)/" - export GOBIN="$out/bin" - export PATH="$GOBIN:$PATH" - cd ./src - echo Building - ./all.bash - ''; - - preFixup = '' - rm -r $out/share/go/pkg/bootstrap - ''; - - setupHook = ./setup-hook.sh; - - disallowedReferences = [ go_1_4 ]; - - meta = with stdenv.lib; { - branch = "1.5"; - homepage = http://golang.org/; - description = "The Go Programming language"; - license = licenses.bsd3; - maintainers = with maintainers; [ cstrahan wkennington ]; - platforms = platforms.linux ++ platforms.darwin; - }; -} diff --git a/pkgs/development/compilers/go/1.6.nix b/pkgs/development/compilers/go/1.6.nix index fa2b3d31d75b..38b114d8d070 100644 --- a/pkgs/development/compilers/go/1.6.nix +++ b/pkgs/development/compilers/go/1.6.nix @@ -1,4 +1,4 @@ -{ stdenv, lib, fetchurl, tzdata, iana_etc, go_1_4, runCommand +{ stdenv, lib, fetchurl, tzdata, iana_etc, go_bootstrap, runCommand , perl, which, pkgconfig, patch, fetchpatch , pcre , Security, Foundation, bash }: @@ -6,7 +6,7 @@ let goBootstrap = runCommand "go-bootstrap" {} '' mkdir $out - cp -rf ${go_1_4}/* $out/ + cp -rf ${go_bootstrap}/* $out/ chmod -R u+w $out find $out -name "*.c" -delete cp -rf $out/bin/* $out/share/go/bin/ @@ -29,6 +29,8 @@ stdenv.mkDerivation rec { Security Foundation ]; + hardeningDisable = [ "all" ]; + # I'm not sure what go wants from its 'src', but the go installation manual # describes an installation keeping the src. preUnpack = '' @@ -141,7 +143,7 @@ stdenv.mkDerivation rec { setupHook = ./setup-hook.sh; - disallowedReferences = [ go_1_4 ]; + disallowedReferences = [ go_bootstrap ]; meta = with stdenv.lib; { branch = "1.6"; diff --git a/pkgs/development/compilers/go/1.7.nix b/pkgs/development/compilers/go/1.7.nix index 25ae26f28181..bc298924eb86 100644 --- a/pkgs/development/compilers/go/1.7.nix +++ b/pkgs/development/compilers/go/1.7.nix @@ -1,4 +1,4 @@ -{ stdenv, lib, fetchFromGitHub, tzdata, iana_etc, go_1_4, runCommand +{ stdenv, lib, fetchFromGitHub, tzdata, iana_etc, go_bootstrap, runCommand , perl, which, pkgconfig, patch, fetchpatch , pcre , Security, Foundation, bash }: @@ -6,7 +6,7 @@ let goBootstrap = runCommand "go-bootstrap" {} '' mkdir $out - cp -rf ${go_1_4}/* $out/ + cp -rf ${go_bootstrap}/* $out/ chmod -R u+w $out find $out -name "*.c" -delete cp -rf $out/bin/* $out/share/go/bin/ @@ -31,6 +31,8 @@ stdenv.mkDerivation rec { Security Foundation ]; + hardeningDisable = [ "all" ]; + # I'm not sure what go wants from its 'src', but the go installation manual # describes an installation keeping the src. preUnpack = '' @@ -151,7 +153,7 @@ stdenv.mkDerivation rec { setupHook = ./setup-hook.sh; - disallowedReferences = [ go_1_4 ]; + disallowedReferences = [ go_bootstrap ]; meta = with stdenv.lib; { branch = "1.7"; diff --git a/pkgs/development/compilers/gprolog/default.nix b/pkgs/development/compilers/gprolog/default.nix index 283bfedcf54e..1465206484d4 100644 --- a/pkgs/development/compilers/gprolog/default.nix +++ b/pkgs/development/compilers/gprolog/default.nix @@ -11,6 +11,8 @@ stdenv.mkDerivation rec { sha256 = "13miyas47bmijmadm68cbvb21n4s156gjafz7kfx9brk9djfkh0q"; }; + hardeningDisable = stdenv.lib.optional stdenv.isi686 "pic"; + patchPhase = '' sed -i -e "s|/tmp/make.log|$TMPDIR/make.log|g" src/Pl2Wam/check_boot ''; diff --git a/pkgs/development/compilers/mkcl/default.nix b/pkgs/development/compilers/mkcl/default.nix index 4d53ba20d081..daebf3b284ee 100644 --- a/pkgs/development/compilers/mkcl/default.nix +++ b/pkgs/development/compilers/mkcl/default.nix @@ -13,6 +13,8 @@ stdenv.mkDerivation rec { buildInputs = [ makeWrapper ]; propagatedBuildInputs = [ gmp ]; + hardeningDisable = [ "format" ]; + configureFlags = [ "GMP_CFLAGS=-I${gmp.dev}/include" "GMP_LDFLAGS=-L${gmp.out}/lib" diff --git a/pkgs/development/compilers/picat/default.nix b/pkgs/development/compilers/picat/default.nix index 7f2f6158dd89..e86f3869e49a 100644 --- a/pkgs/development/compilers/picat/default.nix +++ b/pkgs/development/compilers/picat/default.nix @@ -12,6 +12,8 @@ stdenv.mkDerivation { else if stdenv.system == "x86_64-linux" then "linux64" else throw "Unsupported system"; + hardeningDisable = [ "format" ]; + buildPhase = '' cd emu make -f Makefile.picat.$ARCH diff --git a/pkgs/development/compilers/qcmm/builder.sh b/pkgs/development/compilers/qcmm/builder.sh deleted file mode 100644 index acdfbaa08dce..000000000000 --- a/pkgs/development/compilers/qcmm/builder.sh +++ /dev/null @@ -1,29 +0,0 @@ -source $stdenv/setup - -configureFlags="--with-lua=$lua" - -MKFLAGS="-w$lua/include/lauxlib.h,$lua/include/luadebug.h,$lua/include/lua.h,$lua/include/lualib.h" - -buildPhase() { - mk timestamps - mk $MKFLAGS all.opt -} - -installPhase() { - mk $MKFLAGS install.opt - - for file in $out/bin/*.opt; do - mv $file ${file%.opt} - done - - find $out/man -type f -exec gzip -9n {} \; - - find $out -name \*.a -exec echo stripping {} \; \ - -exec strip -S {} \; - - patchELF $out -} - -checkPhase="mk $MKFLAGS test.opt" - -genericBuild diff --git a/pkgs/development/compilers/qcmm/default.nix b/pkgs/development/compilers/qcmm/default.nix deleted file mode 100644 index a221ae29f04d..000000000000 --- a/pkgs/development/compilers/qcmm/default.nix +++ /dev/null @@ -1,12 +0,0 @@ -{stdenv, fetchurl, mk, ocaml, noweb, lua, groff }: -stdenv.mkDerivation { - name = "qcmm-2006-01-31"; - src = fetchurl { - url = http://tarballs.nixos.org/qc--20060131.tar.gz; - md5 = "9097830775bcf22c9bad54f389f5db23"; - }; - buildInputs = [ mk ocaml noweb groff ]; - patches = [ ./qcmm.patch ]; - builder = ./builder.sh; - inherit lua; -} diff --git a/pkgs/development/compilers/qcmm/qcmm.patch b/pkgs/development/compilers/qcmm/qcmm.patch deleted file mode 100644 index 414f18a9f73a..000000000000 --- a/pkgs/development/compilers/qcmm/qcmm.patch +++ /dev/null @@ -1,121 +0,0 @@ -diff -ur qc--20060131.orig/configure qc--20060131/configure ---- qc--20060131.orig/configure 2005-11-05 22:15:24.000000000 +0100 -+++ qc--20060131/configure 2006-02-02 14:29:07.000000000 +0100 -@@ -93,7 +93,22 @@ - # for file in dirs and return, full path, if found, and "" otherwise. - # - --sub search { search_with( sub($) { return (-f shift) }, @_) } -+sub combine { -+ my $base = shift; -+ my $file = shift; -+ return ("$base/$file") -+}; -+ -+sub search { search_with( sub($) { return (-f shift) }, \&combine, @_) } -+ -+sub search_suffix { -+ my $f = sub($) { -+ my $suffix = shift; -+ my $base = shift; -+ return ($base . $suffix); -+ }; -+ search_with(sub($) { return (-f shift) }, $f, @_) -+} - - sub searchx { - my $f = sub($) { -@@ -105,16 +120,17 @@ - } - return (1==2); # how do you write false in perl? - }; -- search_with($f, @_) -+ search_with($f, \&combine, @_) - } - - sub search_with { - my $p = shift; -+ my $com = shift; - my $file = shift; - -- printf(LOG "searching for %-20s", $file); -+ printf(LOG "searching for %-20s ", $file); - while ($f = shift (@_)) { -- my $x = "$f/$file"; -+ my $x = &$com($f, $file); - if (&$p($x)) { - print LOG "found $x\n"; - return $x -@@ -124,6 +140,20 @@ - return ""; - } - -+#configure lua based on some known installation prefix -+sub config_lua { -+ my $base = shift; -+ @libsuffix = ( ".so", "40.so", ".a", "40.a" ); -+ -+ $x{lua_h} = "$base/include/lua.h"; -+ $x{lualib_h} = "$base/include/lualib.h"; -+ $x{liblua} = search_suffix("$base/lib/liblua", @libsuffix); -+ $x{liblualib} = search_suffix("$base/lib/liblualib", @libsuffix); -+ $x{lua_inc} = "-I$base/include"; -+ $x{lua_lib} = "-L$base/lib/"; -+ $x{lua_libs} = "-llua -llualib"; -+} -+ - - # - # compile and run a small C program to find out about architecture -@@ -183,6 +213,8 @@ - - ./configure [options] - -+ --with-lua=/lua/path lua is installed in /lua/path the default -+ is to search for standard locations - --prefix=/usr/local install into the /usr/local hierarchy which - is also the default - -h, --help this summary -@@ -224,15 +256,15 @@ - # We start from here with reading the command line - # ------------------------------------------------------------------ - -+open (LOG, ">$configure_log") || die "cannot write configure.log: $!"; -+ - foreach (@ARGV) { - if (/^--?prefix=(.*)$/) { $x{prefix}=$1 } - elsif (/^--?h(elp?)$/) { usage(); exit 0 } -+ elsif (/^--?with-lua=(.*)$/) { config_lua($1) } - else { usage(); exit 1 } - } - -- --open (LOG, ">$configure_log") || die "cannot write configure.log: $!"; -- - # check for various executables and versions. Only update variable if - # it is not already set. - # -diff -ur qc--20060131.orig/doc/mkfile qc--20060131/doc/mkfile ---- qc--20060131.orig/doc/mkfile 2005-11-07 01:41:21.000000000 +0100 -+++ qc--20060131/doc/mkfile 2006-02-02 00:38:00.000000000 +0100 -@@ -92,7 +92,7 @@ - # and accessible from Lua as This.manual. - - qc--.man:D: qc--.1 -- GROFF_NO_SGR=1 nroff -man -Tascii qc--.1 | ul -t dump > $target -+ GROFF_NO_SGR=1 nroff -man -Tascii qc--.1 > $target - - release.tex:D: release.nw - noweave -delay $prereq > $target -diff -ur qc--20060131.orig/mkfile qc--20060131/mkfile ---- qc--20060131.orig/mkfile 2005-07-01 22:29:52.000000000 +0200 -+++ qc--20060131/mkfile 2006-02-02 19:15:53.000000000 +0100 -@@ -97,7 +97,7 @@ - cd test2 && NPROC=1 mk $MKFLAGS all - - test.opt:V: all.opt -- cd test2 && NPROC=1 mk QC=../bin/qc--.opt $MKFLAGS all -+ cd test2 && NPROC=1 mk $MKFLAGS QC=../bin/qc--.opt all - - coverage: test2/ocamlprof.dump - rm -f $target diff --git a/pkgs/development/compilers/rust/beta.nix b/pkgs/development/compilers/rust/beta.nix index 2414480dda8b..cb1b0bd8b40c 100644 --- a/pkgs/development/compilers/rust/beta.nix +++ b/pkgs/development/compilers/rust/beta.nix @@ -18,10 +18,6 @@ rec { }; cargo = callPackage ./cargo.nix rec { - # TODO: We're temporarily tracking master here as Darwin needs the - # `http.cainfo` option from .cargo/config which isn't released - # yet. - version = "beta-2016-07-25"; srcRev = "f09ef68cc47956ccc5f99212bdcdd15298c400a0"; srcSha = "1r6q9jd0fl6mzhwkvrrcv358q2784hg51dfpy28xgh4n61m7c155"; diff --git a/pkgs/development/compilers/rust/default.nix b/pkgs/development/compilers/rust/default.nix index 9bbcb360e618..b7e992c916d3 100644 --- a/pkgs/development/compilers/rust/default.nix +++ b/pkgs/development/compilers/rust/default.nix @@ -25,10 +25,6 @@ rec { }; cargo = callPackage ./cargo.nix rec { - # TODO: We're temporarily tracking master here as Darwin needs the - # `http.cainfo` option from .cargo/config which isn't released - # yet. - version = "0.12.0"; srcRev = "6b98d1f8abf5b33c1ca2771d3f5f3bafc3407b93"; srcSha = "0pq6l3yzmh2il6320f6501hvp9iikdxzl34i5b52v93ncpim36bk"; diff --git a/pkgs/development/compilers/squeak/default.nix b/pkgs/development/compilers/squeak/default.nix index 059a9e7dbe34..af56026b43a2 100644 --- a/pkgs/development/compilers/squeak/default.nix +++ b/pkgs/development/compilers/squeak/default.nix @@ -27,6 +27,8 @@ stdenv.mkDerivation rec { enableParallelBuilding = true; + hardeningDisable = [ "format" ]; + meta = with stdenv.lib; { description = "Smalltalk programming language and environment"; longDescription = '' diff --git a/pkgs/development/compilers/strategoxt/0.16.nix b/pkgs/development/compilers/strategoxt/0.16.nix deleted file mode 100644 index 4cfa2c798920..000000000000 --- a/pkgs/development/compilers/strategoxt/0.16.nix +++ /dev/null @@ -1,47 +0,0 @@ -{stdenv, fetchurl, aterm, pkgconfig, getopt}: - -rec { - - inherit aterm; - - - sdf = stdenv.mkDerivation rec { - name = "sdf2-bundle-2.3.3"; - - src = fetchurl { - url = ftp://ftp.stratego-language.org/pub/stratego/sdf2/sdf2-bundle-2.3.3/sdf2-bundle-2.3.3.tar.gz; - md5 = "62ecabe5fbb8bbe043ee18470107ef88"; - }; - - buildInputs = [pkgconfig aterm getopt]; - - preConfigure = '' - substituteInPlace pgen/src/sdf2table.src \ - --replace getopt ${getopt}/bin/getopt - ''; - - meta = { - homepage = http://www.program-transformation.org/Sdf/SdfBundle; - meta = "Tools for the SDF2 Syntax Definition Formalism, including the `pgen' parser generator and `sglr' parser"; - }; - }; - - - strategoxt = stdenv.mkDerivation { - name = "strategoxt-0.16"; - - src = fetchurl { - url = ftp://ftp.strategoxt.org/pub/stratego/StrategoXT/strategoxt-0.16/strategoxt-0.16.tar.gz; - md5 = "8b8eabbd785faa84ec20134b63d4829e"; - }; - - buildInputs = [pkgconfig aterm sdf getopt]; - - meta = { - homepage = http://strategoxt.org/; - meta = "A language and toolset for program transformation"; - }; - }; - - -} diff --git a/pkgs/development/compilers/strategoxt/0.17.nix b/pkgs/development/compilers/strategoxt/0.17.nix deleted file mode 100644 index d621cbf5f0c2..000000000000 --- a/pkgs/development/compilers/strategoxt/0.17.nix +++ /dev/null @@ -1,112 +0,0 @@ -{stdenv, fetchurl, aterm, pkgconfig, getopt, jdk, readline, ncurses}: - -rec { - - inherit aterm; - - - sdf = stdenv.mkDerivation ( rec { - name = "sdf2-bundle-2.4"; - - src = fetchurl { - url = "ftp://ftp.strategoxt.org/pub/stratego/StrategoXT/strategoxt-0.17/sdf2-bundle-2.4.tar.gz"; - sha256 = "2ec83151173378f48a3326e905d11049d094bf9f0c7cff781bc2fce0f3afbc11"; - }; - - buildInputs = [pkgconfig aterm]; - - preConfigure = '' - substituteInPlace pgen/src/sdf2table.src \ - --replace getopt ${getopt}/bin/getopt - ''; - - meta = { - homepage = http://www.program-transformation.org/Sdf/SdfBundle; - meta = "Tools for the SDF2 Syntax Definition Formalism, including the `pgen' parser generator and `sglr' parser"; - }; - } // ( if stdenv.system == "i686-cygwin" then { CFLAGS = "-O2 -Wl,--stack=0x2300000"; } else {} ) ) ; - - - strategoxt = stdenv.mkDerivation rec { - name = "strategoxt-0.17"; - - src = fetchurl { - url = "ftp://ftp.strategoxt.org/pub/stratego/StrategoXT/strategoxt-0.17/strategoxt-0.17.tar.gz"; - sha256 = "70355576c3ce3c5a8a26435705a49cf7d13e91eada974a654534d63e0d34acdb"; - }; - - buildInputs = [pkgconfig aterm sdf getopt]; - - meta = { - homepage = http://strategoxt.org/; - meta = "A language and toolset for program transformation"; - }; - }; - - strategoShell = stdenv.mkDerivation rec { - name = "stratego-shell-0.7"; - - src = fetchurl { - url = "ftp://ftp.strategoxt.org/pub/stratego/StrategoXT/strategoxt-0.17/stratego-shell-0.7.tar.gz"; - sha256 = "0q21vks9gaw9v4rxz90wb0pxzb19l7gwi4nbjvk4zb1imdk7znck"; - }; - - buildInputs = [pkgconfig aterm sdf strategoxt getopt readline ncurses]; - - meta = { - homepage = http://strategoxt.org/; - meta = "A language and toolset for program transformation"; - }; - }; - - - javafront = stdenv.mkDerivation (rec { - name = "java-front-0.9"; - - src = fetchurl { - url = "ftp://ftp.strategoxt.org/pub/stratego/java-front/java-front-0.9/java-front-0.9.tar.gz"; - sha256 = "96f40bf31486d3ced3ecebdcc0067e83ce6acbdbe57e3c847136ac3d7b62cc3c"; - }; - - buildInputs = [pkgconfig aterm sdf strategoxt]; - - # !!! The explicit `--with-strategoxt' is necessary; otherwise we - # get an XTC registration that refers to "/share/strategoxt/XTC". - configureFlags = "--enable-xtc --with-strategoxt=${strategoxt}"; - - meta = { - homepage = http://strategoxt.org/Stratego/JavaFront; - meta = "Tools for generating or transforming Java code"; - }; - } // ( if stdenv.system == "i686-cygwin" then { CFLAGS = "-O2"; } else {} ) ) ; - - - dryad = stdenv.mkDerivation rec { - name = "dryad-0.2pre18355"; - - src = fetchurl { - url = "http://releases.strategoxt.org/dryad/${name}-zbqfh1rm/dryad-0.2pre18355.tar.gz"; - sha256 = "2c27b7f82f87ffc27b75969acc365560651275d348b3b5cbb530276d20ae83ab"; - }; - - buildInputs = [jdk pkgconfig aterm sdf strategoxt javafront]; - - meta = { - homepage = http://strategoxt.org/Stratego/TheDryad; - meta = "A collection of tools for developing transformation systems for Java source and bytecode"; - }; - }; - - - /* - libraries = ... { - configureFlags = - if stdenv ? isMinGW && stdenv.isMinGW then "--with-std=C99" else ""; - - # avoids loads of warnings about too big description fields because of a broken debug format - CFLAGS = - if stdenv ? isMinGW && stdenv.isMinGW then "-O2" else null; - }; - */ - -} diff --git a/pkgs/development/compilers/strategoxt/0.18.nix b/pkgs/development/compilers/strategoxt/0.18.nix deleted file mode 100644 index 611586c5d932..000000000000 --- a/pkgs/development/compilers/strategoxt/0.18.nix +++ /dev/null @@ -1,124 +0,0 @@ -{stdenv, fetchurl, aterm, pkgconfig, getopt, jdk, makeStaticBinaries, readline, ncurses}: - -rec { - - inherit aterm; - - sdf = stdenv.mkDerivation ( rec { - name = "sdf2-bundle-2.4"; - - src = fetchurl { - url = "ftp://ftp.strategoxt.org/pub/stratego/StrategoXT/strategoxt-0.17/sdf2-bundle-2.4.tar.gz"; - sha256 = "2ec83151173378f48a3326e905d11049d094bf9f0c7cff781bc2fce0f3afbc11"; - }; - - buildInputs = [pkgconfig aterm]; - - preConfigure = '' - substituteInPlace pgen/src/sdf2table.src \ - --replace getopt ${getopt}/bin/getopt - ''; - - meta = { - homepage = http://www.program-transformation.org/Sdf/SdfBundle; - meta = "Tools for the SDF2 Syntax Definition Formalism, including the `pgen' parser generator and `sglr' parser"; - }; - } // ( if stdenv.system == "i686-cygwin" then { CFLAGS = "-O2 -Wl,--stack=0x2300000"; } else {} ) ) ; - - - strategoxt = stdenv.mkDerivation rec { - name = "strategoxt-1.8pre24429"; - - src = fetchurl { - url = http://hydra.nixos.org/build/2175544/download/1/strategoxt-1.8pre24429.tar.gz; - sha256 = "124f1d61a440b94c38b731c2e7015340dbbc1deb6d442b31dbecb46b0a00fa83"; - }; - - buildInputs = [pkgconfig aterm sdf getopt]; - - meta = { - homepage = http://strategoxt.org/; - meta = "A language and toolset for program transformation"; - }; - }; - - strategoShell = stdenv.mkDerivation rec { - name = "stratego-shell-0.7"; - - src = fetchurl { - url = "ftp://ftp.strategoxt.org/pub/stratego/StrategoXT/strategoxt-0.17/stratego-shell-0.7.tar.gz"; - sha256 = "0q21vks9gaw9v4rxz90wb0pxzb19l7gwi4nbjvk4zb1imdk7znck"; - }; - - buildInputs = [pkgconfig aterm sdf strategoxt getopt readline ncurses]; - - meta = { - homepage = http://strategoxt.org/; - meta = "A language and toolset for program transformation"; - broken = true; - }; - }; - - javafront = stdenv.mkDerivation (rec { - name = "java-front-0.9.1pre20122"; - - src = fetchurl { - url = "http://hydra.nixos.org/build/766286/download/1/java-front-0.9.1pre20122.tar.gz"; - sha256 = "ef85d3af962fcd54e028ea501e64220b86af335a49143f2819bd3f4789bef7e6"; - }; - - buildInputs = [pkgconfig aterm sdf strategoxt]; - - # !!! The explicit `--with-strategoxt' is necessary; otherwise we - # get an XTC registration that refers to "/share/strategoxt/XTC". - configureFlags = "--enable-xtc --with-strategoxt=${strategoxt}"; - - meta = { - homepage = http://strategoxt.org/Stratego/JavaFront; - meta = "Tools for generating or transforming Java code"; - }; - } // ( if stdenv.system == "i686-cygwin" then { CFLAGS = "-O2"; } else {} ) ) ; - - - aspectjfront = stdenv.mkDerivation (rec { - name = "aspectj-front-0.2pre20035"; - - src = fetchurl { - url = "http://hydra.nixos.org/build/175690/download/1/aspectj-front-0.2pre20035.tar.gz"; - sha256 = "48f6cda6f9f19436e9553e8d27e6bb42500d08370332e3ad214affb49851e58e"; - }; - - buildInputs = [pkgconfig aterm sdf strategoxt javafront]; - - } // ( if stdenv.system == "i686-cygwin" then { CFLAGS = "-O2"; } else {} ) ) ; - - dryad = stdenv.mkDerivation rec { - name = "dryad-0.2pre18355"; - - src = fetchurl { - url = "http://releases.strategoxt.org/dryad/${name}-zbqfh1rm/dryad-0.2pre18355.tar.gz"; - sha256 = "2c27b7f82f87ffc27b75969acc365560651275d348b3b5cbb530276d20ae83ab"; - }; - - buildInputs = [jdk pkgconfig aterm sdf strategoxt javafront]; - - meta = { - homepage = http://strategoxt.org/Stratego/TheDryad; - meta = "A collection of tools for developing transformation systems for Java source and bytecode"; - broken = true; - }; - }; - - - /* - libraries = ... { - configureFlags = - if stdenv ? isMinGW && stdenv.isMinGW then "--with-std=C99" else ""; - - # avoids loads of warnings about too big description fields because of a broken debug format - CFLAGS = - if stdenv ? isMinGW && stdenv.isMinGW then "-O2" else null; - }; - */ - -} diff --git a/pkgs/development/compilers/swi-prolog/default.nix b/pkgs/development/compilers/swi-prolog/default.nix index ae3e162910c9..c3e77152b3e0 100644 --- a/pkgs/development/compilers/swi-prolog/default.nix +++ b/pkgs/development/compilers/swi-prolog/default.nix @@ -17,6 +17,8 @@ stdenv.mkDerivation { buildInputs = [ gmp readline openssl libjpeg unixODBC libXinerama libXft libXpm libSM libXt zlib freetype pkgconfig fontconfig ]; + hardeningDisable = [ "format" ]; + configureFlags = "--with-world --enable-gmp --enable-shared"; buildFlags = "world"; diff --git a/pkgs/development/compilers/teyjus/default.nix b/pkgs/development/compilers/teyjus/default.nix index b16b32a6a062..301915b7a26b 100644 --- a/pkgs/development/compilers/teyjus/default.nix +++ b/pkgs/development/compilers/teyjus/default.nix @@ -12,6 +12,8 @@ stdenv.mkDerivation { buildInputs = [ omake ocaml flex bison ]; + hardeningDisable = [ "format" ]; + buildPhase = "omake all"; checkPhase = "omake check"; diff --git a/pkgs/development/compilers/tinycc/default.nix b/pkgs/development/compilers/tinycc/default.nix index de8044386e70..87e09e3231f2 100644 --- a/pkgs/development/compilers/tinycc/default.nix +++ b/pkgs/development/compilers/tinycc/default.nix @@ -24,6 +24,8 @@ stdenv.mkDerivation rec { nativeBuildInputs = [ perl texinfo ]; + hardeningDisable = [ "fortify" ]; + postPatch = '' substituteInPlace "texi2pod.pl" \ --replace "/usr/bin/perl" "${perl}/bin/perl" diff --git a/pkgs/development/compilers/webdsl/default.nix b/pkgs/development/compilers/webdsl/default.nix deleted file mode 100644 index a0122319aed7..000000000000 --- a/pkgs/development/compilers/webdsl/default.nix +++ /dev/null @@ -1,24 +0,0 @@ -{ stdenv, fetchurl, pkgconfig, strategoPackages }: - -stdenv.mkDerivation rec { - name = "webdsl-9.7pre4168"; - - src = fetchurl { - url = "http://hydra.nixos.org/build/654196/download/1/${name}.tar.gz"; - sha256 = "08bec3ba02254ec7474ce70206b7be4390fe07456cfc57d927d96a21dd6dcb33"; - }; - - buildInputs = - [ pkgconfig strategoPackages.aterm strategoPackages.sdf - strategoPackages.strategoxt strategoPackages.javafront - ]; - - # This corrected a failing build on at least one 64 bit Linux system. - # See the comment about this here: http://webdsl.org/selectpage/Download/WebDSLOnLinux - preBuild = (if stdenv.system == "x86_64-linux" then "ulimit -s unlimited" else ""); - - meta = { - homepage = http://webdsl.org/; - description = "A domain-specific language for developing dynamic web applications with a rich data model"; - }; -} diff --git a/pkgs/development/compilers/wla-dx/default.nix b/pkgs/development/compilers/wla-dx/default.nix index f01d93cafd6c..13a48aaaa30c 100644 --- a/pkgs/development/compilers/wla-dx/default.nix +++ b/pkgs/development/compilers/wla-dx/default.nix @@ -2,16 +2,21 @@ stdenv.mkDerivation rec { name = "wla-dx-git-2016-02-27"; + src = fetchFromGitHub { owner = "vhelin"; repo = "wla-dx"; rev = "8189fe8d5620584ea16563875ff3c5430527c86a"; sha256 = "02zgkcyfx7y8j6jvyi12lm29fydnd7m3rxv6g2psv23fyzmpkkir"; }; + + hardeningDisable = [ "format" ]; + installPhase = '' mkdir -p $out/bin install binaries/* $out/bin ''; + nativeBuildInputs = [ cmake ]; meta = with stdenv.lib; { diff --git a/pkgs/development/haskell-modules/configuration-common.nix b/pkgs/development/haskell-modules/configuration-common.nix index 7cba0d1599fd..9fa66338d8ca 100644 --- a/pkgs/development/haskell-modules/configuration-common.nix +++ b/pkgs/development/haskell-modules/configuration-common.nix @@ -23,7 +23,12 @@ self: super: { nanospec = dontCheck super.nanospec; options = dontCheck super.options; statistics = dontCheck super.statistics; - c2hs = if pkgs.stdenv.isDarwin then dontCheck super.c2hs else super.c2hs; + c2hs = dontCheck super.c2hs; + + # fix errors caused by hardening flags + epanet-haskell = super.epanet-haskell.overrideDerivation (drv: { + hardeningDisable = [ "format" ]; + }); # This test keeps being aborted because it runs too quietly for too long Lazy-Pbkdf2 = if pkgs.stdenv.isi686 then dontCheck super.Lazy-Pbkdf2 else super.Lazy-Pbkdf2; @@ -39,7 +44,7 @@ self: super: { src = pkgs.fetchFromGitHub { owner = "joeyh"; repo = "git-annex"; - sha256 = "1b4yw305h7ca28x8s2jnkcc9cwn3rygnjyarib33dk4z066lsg7s"; + sha256 = "1frdld9kgnfd4ll8yx086lwmbqxa5k56y567qw2zy9kz1iiz2fpi"; rev = drv.version; }; })).override { @@ -203,10 +208,24 @@ self: super: { jwt = dontCheck super.jwt; # https://github.com/NixOS/cabal2nix/issues/136 and https://github.com/NixOS/cabal2nix/issues/216 - gio = addPkgconfigDepend (addBuildTool super.gio self.gtk2hs-buildtools) pkgs.glib; - glib = addPkgconfigDepend (addBuildTool super.glib self.gtk2hs-buildtools) pkgs.glib; - gtk3 = super.gtk3.override { inherit (pkgs) gtk3; }; - gtk = addPkgconfigDepend (addBuildTool super.gtk self.gtk2hs-buildtools) pkgs.gtk; + gio = pkgs.lib.overrideDerivation (addPkgconfigDepend ( + addBuildTool super.gio self.gtk2hs-buildtools + ) pkgs.glib) (drv: { + hardeningDisable = [ "fortify" ]; + }); + glib = pkgs.lib.overrideDerivation (addPkgconfigDepend ( + addBuildTool super.glib self.gtk2hs-buildtools + ) pkgs.glib) (drv: { + hardeningDisable = [ "fortify" ]; + }); + gtk3 = pkgs.lib.overrideDerivation (super.gtk3.override { inherit (pkgs) gtk3; }) (drv: { + hardeningDisable = [ "fortify" ]; + }); + gtk = pkgs.lib.overrideDerivation (addPkgconfigDepend ( + addBuildTool super.gtk self.gtk2hs-buildtools + ) pkgs.gtk) (drv: { + hardeningDisable = [ "fortify" ]; + }); gtksourceview2 = (addPkgconfigDepend super.gtksourceview2 pkgs.gtk2).override { inherit (pkgs.gnome2) gtksourceview; }; gtksourceview3 = super.gtksourceview3.override { inherit (pkgs.gnome3) gtksourceview; }; @@ -385,7 +404,9 @@ self: super: { lensref = dontCheck super.lensref; liquidhaskell = dontCheck super.liquidhaskell; lucid = dontCheck super.lucid; #https://github.com/chrisdone/lucid/issues/25 - lvmrun = dontCheck super.lvmrun; + lvmrun = pkgs.lib.overrideDerivation (dontCheck super.lvmrun) (drv: { + hardeningDisable = [ "format" ]; + }); memcache = dontCheck super.memcache; milena = dontCheck super.milena; nats-queue = dontCheck super.nats-queue; @@ -933,7 +954,9 @@ self: super: { # Tools that use gtk2hs-buildtools now depend on them in a custom-setup stanza cairo = addBuildTool super.cairo self.gtk2hs-buildtools; - pango = addBuildTool super.pango self.gtk2hs-buildtools; + pango = (addBuildTool super.pango self.gtk2hs-buildtools).overrideDerivation (drv: { + hardeningDisable = [ "fortify" ]; + }); # Fix tests which would otherwise fail with "Couldn't launch intero process." intero = overrideCabal super.intero (drv: { @@ -975,4 +998,7 @@ self: super: { ''; }); + # https://bitbucket.org/ssaasen/spy/pull-requests/3/fsnotify-dropped-system-filepath + spy = appendPatch super.spy ./patches/spy.patch; + } diff --git a/pkgs/development/haskell-modules/generic-stack-builder.nix b/pkgs/development/haskell-modules/generic-stack-builder.nix index 09bd38ccc933..c7cfbef7d132 100644 --- a/pkgs/development/haskell-modules/generic-stack-builder.nix +++ b/pkgs/development/haskell-modules/generic-stack-builder.nix @@ -19,12 +19,13 @@ stdenv.mkDerivation (args // { STACK_PLATFORM_VARIANT="nix"; STACK_IN_NIX_SHELL=1; STACK_IN_NIX_EXTRA_ARGS = - concatMap (pkg: ["--extra-lib-dirs=${pkg}/lib" - "--extra-include-dirs=${pkg}/include"]) buildInputs ++ + concatMap (pkg: ["--extra-lib-dirs=${getLib pkg}/lib" + "--extra-include-dirs=${getDev pkg}/include"]) buildInputs ++ extraArgs; # XXX: workaround for https://ghc.haskell.org/trac/ghc/ticket/11042. LD_LIBRARY_PATH = makeLibraryPath (LD_LIBRARY_PATH ++ buildInputs); + # ^^^ Internally uses `getOutput "lib"` (equiv. to getLib) preferLocalBuild = true; diff --git a/pkgs/development/haskell-modules/hackage-packages.nix b/pkgs/development/haskell-modules/hackage-packages.nix index 606add41f046..26ed77e7a995 100644 --- a/pkgs/development/haskell-modules/hackage-packages.nix +++ b/pkgs/development/haskell-modules/hackage-packages.nix @@ -171679,12 +171679,12 @@ self: { "unbound" = callPackage ({ mkDerivation, base, binary, containers, mtl, parsec, pretty - , QuickCheck, RepLib, template-haskell, transformers + , QuickCheck, RepLib, stdenv, template-haskell, transformers }: mkDerivation { pname = "unbound"; - version = "0.5.0"; - sha256 = "1290827b7a67d87eaa4dfa8d753e01d98ef0d501ee42da0f9635fdd73b64220e"; + version = "0.5.1"; + sha256 = "0cjfd6fdxpi94dac5aslgfggm81fdspbywfyl5m20ah5drgpsr12"; libraryHaskellDepends = [ base binary containers mtl RepLib transformers ]; @@ -171695,7 +171695,6 @@ self: { homepage = "https://github.com/sweirich/replib"; description = "Generic support for programming with names and binders"; license = stdenv.lib.licenses.bsd3; - hydraPlatforms = [ "x86_64-darwin" ]; }) {}; "unbound-generics" = callPackage diff --git a/pkgs/development/haskell-modules/patches/spy.patch b/pkgs/development/haskell-modules/patches/spy.patch new file mode 100644 index 000000000000..4c4e1844361b --- /dev/null +++ b/pkgs/development/haskell-modules/patches/spy.patch @@ -0,0 +1,26 @@ +diff --git a/src/Spy/Watcher.hs b/src/Spy/Watcher.hs + index 8512613..4df67d4 100644 +--- a/src/Spy/Watcher.hs ++++ b/src/Spy/Watcher.hs +@@ -50,7 +50,7 @@ plainFormat = Plain + spy :: Spy -> IO b -> IO () + spy config after = withManager $ \wm -> + runIndefinitely +- (watchTree wm (decodeString $ dir config) ++ (watchTree wm (dir config) + (not . skipEvent config . eventPath) + (handleEvent config)) + (const after) +@@ -106,9 +106,9 @@ eventTime (Modified _ t) = t + eventTime (Removed _ t) = t + + eventPath :: Event -> FilePath +-eventPath (Added fp _) = encodeString fp +-eventPath (Modified fp _) = encodeString fp +-eventPath (Removed fp _) = encodeString fp ++eventPath (Added fp _) = fp ++eventPath (Modified fp _) = fp ++eventPath (Removed fp _) = fp + + eventType :: Event -> FilePath + eventType (Added _ _) = "Added" diff --git a/pkgs/development/interpreters/clisp/2.44.1.nix b/pkgs/development/interpreters/clisp/2.44.1.nix index 682978a5ac8d..b7b329ea9560 100644 --- a/pkgs/development/interpreters/clisp/2.44.1.nix +++ b/pkgs/development/interpreters/clisp/2.44.1.nix @@ -1,11 +1,11 @@ { stdenv, fetchurl, libsigsegv, gettext, ncurses, readline, libX11 , libXau, libXt, pcre, zlib, libXpm, xproto, libXext, xextproto , libffi, libffcall, coreutils }: - + stdenv.mkDerivation rec { v = "2.44.1"; name = "clisp-${v}"; - + src = fetchurl { url = "mirror://gnu/clisp/release/${v}/${name}.tar.gz"; sha256 = "0rkp6j6rih4s5d9acifh7pi4b9xfgcspif512l269dqy9qgyy4j1"; @@ -16,7 +16,7 @@ stdenv.mkDerivation rec { zlib libXpm xproto libXext xextproto libffi libffcall ]; patches = [ ./bits_ipctypes_to_sys_ipc.patch ]; # from Gentoo - + # First, replace port 9090 (rather low, can be used) # with 64237 (much higher, IANA private area, not # anything rememberable). @@ -29,7 +29,7 @@ stdenv.mkDerivation rec { substituteInPlace modules/bindings/glibc/linux.lisp --replace "(def-c-type __swblk_t)" "" ''; - + configureFlags = '' --with-readline builddir --with-dynamic-ffi @@ -45,6 +45,8 @@ stdenv.mkDerivation rec { NIX_CFLAGS_COMPILE = "-O0 ${stdenv.lib.optionalString (!stdenv.is64bit) "-falign-functions=4"}"; + hardeningDisable = [ "format" ]; + # TODO : make mod-check fails doCheck = false; diff --git a/pkgs/development/interpreters/erlang/R14.nix b/pkgs/development/interpreters/erlang/R14.nix new file mode 100644 index 000000000000..cf4355a38e16 --- /dev/null +++ b/pkgs/development/interpreters/erlang/R14.nix @@ -0,0 +1,65 @@ +{ stdenv, fetchurl, perl, gnum4, ncurses, openssl +, makeWrapper, gnused, gawk }: + +let version = "14B04"; in + +stdenv.mkDerivation { + name = "erlang-" + version; + + src = fetchurl { + url = "http://www.erlang.org/download/otp_src_R${version}.tar.gz"; + sha256 = "0vlvjlg8vzcy6inb4vj00bnj0aarvpchzxwhmi492nv31s8kb6q9"; + }; + + buildInputs = [ perl gnum4 ncurses openssl makeWrapper ]; + + patchPhase = '' sed -i "s@/bin/rm@rm@" lib/odbc/configure erts/configure ''; + + preConfigure = '' + export HOME=$PWD/../ + sed -e s@/bin/pwd@pwd@g -i otp_build + ''; + + configureFlags = "--with-ssl=${openssl}"; + + hardeningDisable = [ "format" ]; + + postInstall = let + manpages = fetchurl { + url = "http://www.erlang.org/download/otp_doc_man_R${version}.tar.gz"; + sha256 = "1nh7l7wilyyaxvlwkjxgm3cq7wpd90sk6vxhgpvg7hwai8g52545"; + }; + in '' + tar xf "${manpages}" -C "$out/lib/erlang" + for i in "$out"/lib/erlang/man/man[0-9]/*.[0-9]; do + prefix="''${i%/*}" + ensureDir "$out/share/man/''${prefix##*/}" + ln -s "$i" "$out/share/man/''${prefix##*/}/''${i##*/}erl" + done + ''; + + # Some erlang bin/ scripts run sed and awk + postFixup = '' + wrapProgram $out/lib/erlang/bin/erl --prefix PATH ":" "${gnused}/bin/" + wrapProgram $out/lib/erlang/bin/start_erl --prefix PATH ":" "${gnused}/bin/:${gawk}/bin" + ''; + + setupHook = ./setup-hook.sh; + + meta = { + homepage = "http://www.erlang.org/"; + description = "Programming language used for massively scalable soft real-time systems"; + + longDescription = '' + Erlang is a programming language used to build massively scalable + soft real-time systems with requirements on high availability. + Some of its uses are in telecoms, banking, e-commerce, computer + telephony and instant messaging. Erlang's runtime system has + built-in support for concurrency, distribution and fault + tolerance. + ''; + + platforms = stdenv.lib.platforms.linux; + maintainers = [ stdenv.lib.maintainers.simons ]; + }; +} diff --git a/pkgs/development/interpreters/gnu-apl/default.nix b/pkgs/development/interpreters/gnu-apl/default.nix index 444621614071..789f349fb163 100644 --- a/pkgs/development/interpreters/gnu-apl/default.nix +++ b/pkgs/development/interpreters/gnu-apl/default.nix @@ -2,11 +2,11 @@ stdenv.mkDerivation rec { name = "gnu-apl-${version}"; - version = "1.5"; + version = "1.6"; src = fetchurl { url = "mirror://gnu/apl/apl-${version}.tar.gz"; - sha256 = "0h4diq3wfbdwxp5nm0z4b0p1zq13lwip0y7v28r9v0mbbk8xsfh1"; + sha256 = "057zwzvvgcrrwsl52a27w86hgy31jqq6avqq629xj7yq90qah3ay"; }; buildInputs = [ readline gettext ncurses ]; diff --git a/pkgs/development/interpreters/io/default.nix b/pkgs/development/interpreters/io/default.nix index 5adca2c0b42c..773a2c86028b 100644 --- a/pkgs/development/interpreters/io/default.nix +++ b/pkgs/development/interpreters/io/default.nix @@ -47,6 +47,6 @@ stdenv.mkDerivation { z77z vrthra ]; - platforms = platforms.linux; + platforms = [ "x86_64-linux" ]; }; } diff --git a/pkgs/development/interpreters/lua-4/default.nix b/pkgs/development/interpreters/lua-4/default.nix index 2d216389bd7c..d6f385f5b503 100644 --- a/pkgs/development/interpreters/lua-4/default.nix +++ b/pkgs/development/interpreters/lua-4/default.nix @@ -12,6 +12,8 @@ stdenv.mkDerivation { buildFlags = "all so sobin"; installFlags = "INSTALL_ROOT=$$out"; + hardeningDisable = stdenv.lib.optional stdenv.isi686 "stackprotector"; + meta = { homepage = "http://www.lua.org"; description = "Powerful, fast, lightweight, embeddable scripting language"; diff --git a/pkgs/development/interpreters/lua-5/5.0.3.nix b/pkgs/development/interpreters/lua-5/5.0.3.nix index 76e02f90f5f7..773883ef34a9 100644 --- a/pkgs/development/interpreters/lua-5/5.0.3.nix +++ b/pkgs/development/interpreters/lua-5/5.0.3.nix @@ -8,6 +8,8 @@ stdenv.mkDerivation { sha256 = "1193a61b0e08acaa6eee0eecf29709179ee49c71baebc59b682a25c3b5a45671"; }; + hardeningDisable = stdenv.lib.optional stdenv.isi686 "stackprotector"; + configurePhase = "sed -i -e 's/MYCFLAGS=.*/MYCFLAGS=-O3 -fomit-frame-pointer -fPIC/' config"; buildFlags = "all so sobin"; installFlags = "INSTALL_ROOT=$$out"; diff --git a/pkgs/development/interpreters/lua-5/sec.nix b/pkgs/development/interpreters/lua-5/sec.nix index a4d14f7e9d70..478f65fd8284 100644 --- a/pkgs/development/interpreters/lua-5/sec.nix +++ b/pkgs/development/interpreters/lua-5/sec.nix @@ -10,6 +10,8 @@ stdenv.mkDerivation rec { buildInputs = [ lua5 openssl ]; + hardeningDisable = stdenv.lib.optional stdenv.isi686 "stackprotector"; + preBuild = '' makeFlagsArray=( linux diff --git a/pkgs/development/interpreters/lush/default.nix b/pkgs/development/interpreters/lush/default.nix index 63cf85bc506b..62568c40c784 100644 --- a/pkgs/development/interpreters/lush/default.nix +++ b/pkgs/development/interpreters/lush/default.nix @@ -1,32 +1,29 @@ {stdenv, fetchurl, libX11, xproto, indent, readline, gsl, freeglut, mesa, SDL -, blas, binutils, intltool, gettext, zlib}: -let - s = # Generated upstream information - rec { - baseName="lush"; - version="2.0.1"; - name="${baseName}-${version}"; - hash="02pkfn3nqdkm9fm44911dbcz0v3r0l53vygj8xigl6id5g3iwi4k"; +, blas, binutils, intltool, gettext, zlib, libSM}: + +stdenv.mkDerivation rec { + baseName = "lush"; + version = "2.0.1"; + name = "${baseName}-${version}"; + + src = fetchurl { url="mirror://sourceforge/project/lush/lush2/lush-2.0.1.tar.gz"; sha256="02pkfn3nqdkm9fm44911dbcz0v3r0l53vygj8xigl6id5g3iwi4k"; }; + buildInputs = [ - libX11 xproto indent readline gsl freeglut mesa SDL blas binutils + libX11 libSM xproto indent readline gsl freeglut mesa SDL blas binutils intltool gettext zlib ]; -in -stdenv.mkDerivation { - inherit (s) name version; - inherit buildInputs; - src = fetchurl { - inherit (s) url sha256; - }; + + hardeningDisable = [ "pic" ]; + NIX_LDFLAGS=" -lz "; + meta = { - inherit (s) version; - description = ''Lisp Universal SHell''; + description = "Lisp Universal SHell"; license = stdenv.lib.licenses.gpl2Plus ; - maintainers = [stdenv.lib.maintainers.raskin]; + maintainers = [ stdenv.lib.maintainers.raskin ]; platforms = stdenv.lib.platforms.linux; }; } diff --git a/pkgs/development/interpreters/maude/default.nix b/pkgs/development/interpreters/maude/default.nix index 737ded6e1bbc..13403d50759a 100644 --- a/pkgs/development/interpreters/maude/default.nix +++ b/pkgs/development/interpreters/maude/default.nix @@ -15,6 +15,9 @@ stdenv.mkDerivation rec { buildInputs = [flex bison ncurses buddy tecla gmpxx libsigsegv makeWrapper]; + hardeningDisable = [ "stackprotector" ] ++ + stdenv.lib.optionals stdenv.isi686 [ "pic" "fortify" ]; + preConfigure = '' configureFlagsArray=( --datadir=$out/share/maude diff --git a/pkgs/development/interpreters/perl/default.nix b/pkgs/development/interpreters/perl/default.nix index 99860c304685..04d6c706b46c 100644 --- a/pkgs/development/interpreters/perl/default.nix +++ b/pkgs/development/interpreters/perl/default.nix @@ -68,6 +68,9 @@ let enableParallelBuilding = true; + # FIXME needs gcc 4.9 in bootstrap tools + hardeningDisable = [ "stackprotector" ]; + preConfigure = '' configureFlags="$configureFlags -Dprefix=$out -Dman1dir=$out/share/man/man1 -Dman3dir=$out/share/man/man3" diff --git a/pkgs/development/interpreters/php/default.nix b/pkgs/development/interpreters/php/default.nix index 5297087eb33a..7c1fe8f29674 100644 --- a/pkgs/development/interpreters/php/default.nix +++ b/pkgs/development/interpreters/php/default.nix @@ -257,6 +257,8 @@ let calendarSupport = config.php.calendar or true; }; + hardeningDisable = [ "bindnow" ]; + configurePhase = '' # Don't record the configure flags since this causes unnecessary # runtime dependencies. diff --git a/pkgs/development/interpreters/python/pypy/2.7/default.nix b/pkgs/development/interpreters/python/pypy/2.7/default.nix index 2e54e953e670..76464d5412e6 100644 --- a/pkgs/development/interpreters/python/pypy/2.7/default.nix +++ b/pkgs/development/interpreters/python/pypy/2.7/default.nix @@ -36,6 +36,8 @@ let ++ stdenv.lib.optional (stdenv ? cc && stdenv.cc.libc != null) stdenv.cc.libc ++ stdenv.lib.optional zlibSupport zlib; + hardeningDisable = stdenv.lib.optional stdenv.isi686 "pic"; + C_INCLUDE_PATH = stdenv.lib.makeSearchPathOutput "dev" "include" buildInputs; LIBRARY_PATH = stdenv.lib.makeLibraryPath buildInputs; LD_LIBRARY_PATH = stdenv.lib.makeLibraryPath (stdenv.lib.filter (x : x.outPath != stdenv.cc.libc.outPath or "") buildInputs); diff --git a/pkgs/development/interpreters/ruby/default.nix b/pkgs/development/interpreters/ruby/default.nix index 8db9dd4eaf9a..446013faafdc 100644 --- a/pkgs/development/interpreters/ruby/default.nix +++ b/pkgs/development/interpreters/ruby/default.nix @@ -22,6 +22,7 @@ let then version else versionNoPatch; tag = "v" + stdenv.lib.replaceChars ["." "p" "-"] ["_" "_" ""] fullVersionName; + isRuby20 = majorVersion == "2" && minorVersion == "0"; isRuby21 = majorVersion == "2" && minorVersion == "1"; baseruby = self.override { useRailsExpress = false; }; self = lib.makeOverridable ( @@ -81,6 +82,8 @@ let enableParallelBuilding = true; + hardeningDisable = lib.optional isRuby20 [ "format" ]; + patches = [ ./gem_hook.patch ] ++ (import ./patchsets.nix { diff --git a/pkgs/development/interpreters/ruby/patchsets.nix b/pkgs/development/interpreters/ruby/patchsets.nix index 0e81db4e047f..bf848aba5825 100644 --- a/pkgs/development/interpreters/ruby/patchsets.nix +++ b/pkgs/development/interpreters/ruby/patchsets.nix @@ -3,6 +3,7 @@ rec { "1.9.3" = [ ./ssl_v3.patch + ./rand-egd.patch ./ruby19-parallel-install.patch ./bitperfect-rdoc.patch ] ++ ops useRailsExpress [ @@ -28,6 +29,7 @@ rec { ]; "2.0.0" = [ ./ssl_v3.patch + ./rand-egd.patch ] ++ ops useRailsExpress [ "${patchSet}/patches/ruby/2.0.0/p${patchLevel}/railsexpress/01-zero-broken-tests.patch" "${patchSet}/patches/ruby/2.0.0/p${patchLevel}/railsexpress/02-railsexpress-gc.patch" @@ -36,6 +38,7 @@ rec { ]; "2.1.7" = [ ./ssl_v3.patch + ./rand-egd.patch ] ++ ops useRailsExpress [ "${patchSet}/patches/ruby/2.1.7/railsexpress/01-zero-broken-tests.patch" "${patchSet}/patches/ruby/2.1.7/railsexpress/02-improve-gc-stats.patch" @@ -49,6 +52,7 @@ rec { ]; "2.2.3" = [ ./ssl_v3.patch + ./ruby22-rand-egd.patch ] ++ ops useRailsExpress [ "${patchSet}/patches/ruby/2.2.3/railsexpress/01-zero-broken-tests.patch" "${patchSet}/patches/ruby/2.2.3/railsexpress/02-improve-gc-stats.patch" diff --git a/pkgs/development/interpreters/ruby/rand-egd.patch b/pkgs/development/interpreters/ruby/rand-egd.patch new file mode 100644 index 000000000000..e4f6452000c2 --- /dev/null +++ b/pkgs/development/interpreters/ruby/rand-egd.patch @@ -0,0 +1,42 @@ +diff --git a/ext/openssl/extconf.rb b/ext/openssl/extconf.rb +index e272cba..3a1fa71 100644 +--- a/ext/openssl/extconf.rb ++++ b/ext/openssl/extconf.rb +@@ -87,6 +87,7 @@ + have_func("PEM_def_callback") + have_func("PKCS5_PBKDF2_HMAC") + have_func("PKCS5_PBKDF2_HMAC_SHA1") ++have_func("RAND_egd") + have_func("X509V3_set_nconf") + have_func("X509V3_EXT_nconf_nid") + have_func("X509_CRL_add0_revoked") +diff --git a/ext/openssl/ossl_rand.c b/ext/openssl/ossl_rand.c +index 29cbf8c..27466fe 100644 +--- a/ext/openssl/ossl_rand.c ++++ b/ext/openssl/ossl_rand.c +@@ -148,6 +148,7 @@ ossl_rand_pseudo_bytes(VALUE self, VALUE len) + return str; + } + ++#ifdef HAVE_RAND_EGD + /* + * call-seq: + * egd(filename) -> true +@@ -186,6 +187,7 @@ ossl_rand_egd_bytes(VALUE self, VALUE filename, VALUE len) + } + return Qtrue; + } ++#endif /* HAVE_RAND_EGD */ + + /* + * call-seq: +@@ -219,7 +221,9 @@ Init_ossl_rand(void) + DEFMETH(mRandom, "write_random_file", ossl_rand_write_file, 1); + DEFMETH(mRandom, "random_bytes", ossl_rand_bytes, 1); + DEFMETH(mRandom, "pseudo_bytes", ossl_rand_pseudo_bytes, 1); ++#ifdef HAVE_RAND_EGD + DEFMETH(mRandom, "egd", ossl_rand_egd, 1); + DEFMETH(mRandom, "egd_bytes", ossl_rand_egd_bytes, 2); ++#endif /* HAVE_RAND_EGD */ + DEFMETH(mRandom, "status?", ossl_rand_status, 0) + } diff --git a/pkgs/development/interpreters/ruby/ruby22-rand-egd.patch b/pkgs/development/interpreters/ruby/ruby22-rand-egd.patch new file mode 100644 index 000000000000..ebf2bf56fcfa --- /dev/null +++ b/pkgs/development/interpreters/ruby/ruby22-rand-egd.patch @@ -0,0 +1,42 @@ +diff --git a/ext/openssl/extconf.rb b/ext/openssl/extconf.rb +index e272cba..3a1fa71 100644 +--- a/ext/openssl/extconf.rb ++++ b/ext/openssl/extconf.rb +@@ -87,6 +87,7 @@ + have_func("PEM_def_callback") + have_func("PKCS5_PBKDF2_HMAC") + have_func("PKCS5_PBKDF2_HMAC_SHA1") ++have_func("RAND_egd") + have_func("X509V3_set_nconf") + have_func("X509V3_EXT_nconf_nid") + have_func("X509_CRL_add0_revoked") +diff --git a/ext/openssl/ossl_rand.c b/ext/openssl/ossl_rand.c +index 29cbf8c..27466fe 100644 +--- a/ext/openssl/ossl_rand.c ++++ b/ext/openssl/ossl_rand.c +@@ -148,6 +148,7 @@ ossl_rand_pseudo_bytes(VALUE self, VALUE len) + return str; + } + ++#ifdef HAVE_RAND_EGD + /* + * call-seq: + * egd(filename) -> true +@@ -186,6 +187,7 @@ ossl_rand_egd_bytes(VALUE self, VALUE filename, VALUE len) + } + return Qtrue; + } ++#endif /* HAVE_RAND_EGD */ + + /* + * call-seq: +@@ -219,8 +221,10 @@ Init_ossl_rand(void) + rb_define_module_function(mRandom, "write_random_file", ossl_rand_write_file, 1); + rb_define_module_function(mRandom, "random_bytes", ossl_rand_bytes, 1); + rb_define_module_function(mRandom, "pseudo_bytes", ossl_rand_pseudo_bytes, 1); ++#ifdef HAVE_RAND_EGD + rb_define_module_function(mRandom, "egd", ossl_rand_egd, 1); + rb_define_module_function(mRandom, "egd_bytes", ossl_rand_egd_bytes, 2); ++#endif /* HAVE_RAND_EGD */ + rb_define_module_function(mRandom, "status?", ossl_rand_status, 0); + } diff --git a/pkgs/development/interpreters/spidermonkey/1.8.0-rc1.nix b/pkgs/development/interpreters/spidermonkey/1.8.0-rc1.nix index 46dedb36de96..24ba479186ec 100644 --- a/pkgs/development/interpreters/spidermonkey/1.8.0-rc1.nix +++ b/pkgs/development/interpreters/spidermonkey/1.8.0-rc1.nix @@ -13,9 +13,11 @@ stdenv.mkDerivation rec { postUnpack = "sourceRoot=\${sourceRoot}/src"; + hardeningDisable = [ "format" ] ++ stdenv.lib.optional stdenv.isi686 "pic"; + makefileExtra = ./Makefile.extra; makefile = "Makefile.ref"; - + patchPhase = '' cat ${makefileExtra} >> ${makefile} diff --git a/pkgs/development/interpreters/spidermonkey/default.nix b/pkgs/development/interpreters/spidermonkey/default.nix index 21ba0b8cba48..1fe4b90b2b80 100644 --- a/pkgs/development/interpreters/spidermonkey/default.nix +++ b/pkgs/development/interpreters/spidermonkey/default.nix @@ -8,6 +8,9 @@ stdenv.mkDerivation rec { sha256 = "12v6v2ccw1y6ng3kny3xw0lfs58d1klylqq707k0x04m707kydj4"; }; + hardeningDisable = [ "format" ] + ++ stdenv.lib.optional stdenv.isi686 "stackprotector"; + buildInputs = [ readline ]; postUnpack = "sourceRoot=\${sourceRoot}/src"; diff --git a/pkgs/development/interpreters/supercollider/default.nix b/pkgs/development/interpreters/supercollider/default.nix index 20690cbd4772..dcb1f8e7062e 100644 --- a/pkgs/development/interpreters/supercollider/default.nix +++ b/pkgs/development/interpreters/supercollider/default.nix @@ -17,6 +17,8 @@ stdenv.mkDerivation rec { sha256 = "1mybxcnl7flliz74kdfnvh18v5dwd9zbdsw2kc7wpl4idcly1n0s"; }; + hardeningDisable = [ "stackprotector" ]; + cmakeFlags = '' -DSC_WII=OFF -DSC_EL=${if useSCEL then "ON" else "OFF"} @@ -26,7 +28,7 @@ stdenv.mkDerivation rec { buildInputs = [ gcc libjack2 libsndfile fftw curl libXt qt55.qtwebkit qt55.qttools readline ] - ++ optional useSCEL emacs; + ++ optional useSCEL emacs; meta = { description = "Programming language for real time audio synthesis"; diff --git a/pkgs/development/interpreters/unicon-lang/default.nix b/pkgs/development/interpreters/unicon-lang/default.nix index 7487aa633131..a6dfec49b2a2 100644 --- a/pkgs/development/interpreters/unicon-lang/default.nix +++ b/pkgs/development/interpreters/unicon-lang/default.nix @@ -9,6 +9,8 @@ stdenv.mkDerivation rec { }; buildInputs = [ libX11 libXt unzip ]; + hardeningDisable = [ "fortify" ]; + sourceRoot = "."; configurePhase = '' diff --git a/pkgs/development/interpreters/wasm/default.nix b/pkgs/development/interpreters/wasm/default.nix index 56eebbf89a2e..9a30ae7d8a85 100644 --- a/pkgs/development/interpreters/wasm/default.nix +++ b/pkgs/development/interpreters/wasm/default.nix @@ -17,6 +17,9 @@ let buildInputs = [ cmake clang python ]; buildPhase = "make clang-debug-no-tests"; + + hardeningDisable = [ "format" ]; + installPhase = '' mkdir -p $out/bin cp out/clang/Debug/no-tests/sexpr-wasm $out/bin diff --git a/pkgs/development/libraries/CoinMP/default.nix b/pkgs/development/libraries/CoinMP/default.nix index e819078f7868..079c0a5cf6f7 100644 --- a/pkgs/development/libraries/CoinMP/default.nix +++ b/pkgs/development/libraries/CoinMP/default.nix @@ -9,6 +9,8 @@ stdenv.mkDerivation rec { sha256 = "0gqi2vqkg35gazzzv8asnhihchnbjcd6bzjfzqhmj7wy1dw9iiw6"; }; + hardeningDisable = [ "format" ]; + meta = with stdenv.lib; { homepage = https://projects.coin-or.org/CoinMP/; description = "COIN-OR lightweight API for COIN-OR libraries CLP, CBC, and CGL"; diff --git a/pkgs/development/libraries/SDL_ttf/default.nix b/pkgs/development/libraries/SDL_ttf/default.nix index 9dc6b9983e66..1f290bf7044f 100644 --- a/pkgs/development/libraries/SDL_ttf/default.nix +++ b/pkgs/development/libraries/SDL_ttf/default.nix @@ -21,8 +21,6 @@ stdenv.mkDerivation rec { buildInputs = [ SDL freetype ]; - postInstall = "ln -s $out/include/SDL/SDL_ttf.h $out/include/"; - meta = with stdenv.lib; { description = "SDL TrueType library"; license = licenses.zlib; diff --git a/pkgs/development/libraries/a52dec/default.nix b/pkgs/development/libraries/a52dec/default.nix index 5c7cd9fddc62..d8a56a3d28ed 100644 --- a/pkgs/development/libraries/a52dec/default.nix +++ b/pkgs/development/libraries/a52dec/default.nix @@ -8,8 +8,6 @@ stdenv.mkDerivation rec { sha256 = "0czccp4fcpf2ykp16xcrzdfmnircz1ynhls334q374xknd5747d2"; }; - NIX_CFLAGS_COMPILE = "-fpic"; - # From Handbrake patches = [ ./A00-a52-state-t-public.patch diff --git a/pkgs/development/libraries/accelio/default.nix b/pkgs/development/libraries/accelio/default.nix index 76c5cf32bbdb..002b26078f53 100644 --- a/pkgs/development/libraries/accelio/default.nix +++ b/pkgs/development/libraries/accelio/default.nix @@ -15,6 +15,8 @@ stdenv.mkDerivation rec { sha256 = "172frqk2n43g0arhazgcwfvj0syf861vdzdpxl7idr142bb0ykf7"; }; + hardeningDisable = [ "format" "pic" ]; + patches = [ ./fix-printfs.patch ]; postPatch = '' diff --git a/pkgs/development/libraries/allegro/default.nix b/pkgs/development/libraries/allegro/default.nix index deb3a6877e89..997a8d223054 100644 --- a/pkgs/development/libraries/allegro/default.nix +++ b/pkgs/development/libraries/allegro/default.nix @@ -18,6 +18,8 @@ stdenv.mkDerivation rec { xf86dgaproto xf86miscproto xf86vidmodeproto libXxf86vm openal mesa ]; + hardeningDisable = [ "format" ]; + cmakeFlags = [ "-DCMAKE_SKIP_RPATH=ON" ]; meta = with stdenv.lib; { diff --git a/pkgs/development/libraries/aterm/2.5.nix b/pkgs/development/libraries/aterm/2.5.nix deleted file mode 100644 index c1bbbb0ae5a9..000000000000 --- a/pkgs/development/libraries/aterm/2.5.nix +++ /dev/null @@ -1,34 +0,0 @@ -{stdenv, fetchurl}: - -stdenv.mkDerivation { - name = "aterm-2.5-r21238"; - - src = fetchurl { - url = http://buildfarm.st.ewi.tudelft.nl/releases/meta-environment/aterm-2.5pre21238-l2q7rg38/aterm-2.5.tar.gz; - md5 = "33ddcb1a229baf406ad1f603eb1d5995"; - }; - - patches = [ - # Fix for http://bugzilla.sen.cwi.nl:8080/show_bug.cgi?id=841 - ./max-long.patch - - # Patch the ATerm header files so that they don't rely on - # SIZEOF_LONG, SIZEOF_INT and SIZEOF_VOID_P being set. - ./sizeof.patch - ]; - - doCheck = true; - - dontDisableStatic = true; - - NIX_CFLAGS_COMPILE = "-D__USE_BSD"; - - meta = { - homepage = http://www.cwi.nl/htbin/sen1/twiki/bin/view/SEN1/ATerm; - license = "LGPL"; - description = "Library for manipulation of term data structures in C"; - platforms = stdenv.lib.platforms.linux ++ stdenv.lib.platforms.darwin; - maintainers = [ stdenv.lib.maintainers.eelco ]; - broken = true; - }; -} diff --git a/pkgs/development/libraries/aterm/max-long.patch b/pkgs/development/libraries/aterm/max-long.patch deleted file mode 100644 index a2f260b970b3..000000000000 --- a/pkgs/development/libraries/aterm/max-long.patch +++ /dev/null @@ -1,77 +0,0 @@ -diff -rc aterm-2.8-orig/aterm/hash.c aterm-2.8/aterm/hash.c -*** aterm-2.8-orig/aterm/hash.c 2008-11-10 13:54:22.000000000 +0100 ---- aterm-2.8/aterm/hash.c 2009-01-27 18:14:14.000000000 +0100 -*************** -*** 93,146 **** - } - - /*}}} */ -- /*{{{ static long calc_long_max() */ -- static long calc_long_max() -- { -- long try_long_max; -- long long_max; -- long delta; -- -- try_long_max = 1; -- do { -- long_max = try_long_max; -- try_long_max = long_max * 2; -- } while (try_long_max > 0); -- -- delta = long_max; -- while (delta > 1) { -- while (long_max + delta < 0) { -- delta /= 2; -- } -- long_max += delta; -- } -- -- return long_max; -- -- } -- /*}}} */ - /*{{{ static long calculateNewSize(sizeMinus1, nrdel, nrentries) */ - - static long calculateNewSize - (long sizeMinus1, long nr_deletions, long nr_entries) - { -- -- /* Hack: LONG_MAX (limits.h) is often unreliable, we need to find -- * out the maximum possible value of a signed long dynamically. -- */ -- static long st_long_max = 0; -- -- /* the resulting length has the form 2^k-1 */ -- - if (nr_deletions >= nr_entries/2) { - return sizeMinus1; - } - -! if (st_long_max == 0) { -! st_long_max = calc_long_max(); -! } -! -! if (sizeMinus1 > st_long_max / 2) { -! return st_long_max-1; - } - - return (2*sizeMinus1)+1; ---- 93,109 ---- - } - - /*}}} */ - /*{{{ static long calculateNewSize(sizeMinus1, nrdel, nrentries) */ - - static long calculateNewSize - (long sizeMinus1, long nr_deletions, long nr_entries) - { - if (nr_deletions >= nr_entries/2) { - return sizeMinus1; - } - -! if (sizeMinus1 > LONG_MAX / 2) { -! return LONG_MAX-1; - } - - return (2*sizeMinus1)+1; diff --git a/pkgs/development/libraries/aterm/sizeof.patch b/pkgs/development/libraries/aterm/sizeof.patch deleted file mode 100644 index 2649cc564913..000000000000 --- a/pkgs/development/libraries/aterm/sizeof.patch +++ /dev/null @@ -1,56 +0,0 @@ -diff -rc -x '*~' aterm-2.5-orig/aterm/aterm.c aterm-2.5/aterm/aterm.c -*** aterm-2.5-orig/aterm/aterm.c 2007-02-27 23:41:31.000000000 +0100 ---- aterm-2.5/aterm/aterm.c 2010-02-23 15:10:38.000000000 +0100 -*************** -*** 150,155 **** ---- 150,157 ---- - if (initialized) - return; - -+ assert(sizeof(long) == sizeof(void *)); -+ - /*{{{ Handle arguments */ - - for (lcv=1; lcv < argc; lcv++) { -diff -rc -x '*~' aterm-2.5-orig/aterm/encoding.h aterm-2.5/aterm/encoding.h -*** aterm-2.5-orig/aterm/encoding.h 2007-02-27 23:41:31.000000000 +0100 ---- aterm-2.5/aterm/encoding.h 2010-02-23 15:36:05.000000000 +0100 -*************** -*** 10,24 **** - { - #endif/* __cplusplus */ - -! #if SIZEOF_LONG > 4 -! #define AT_64BIT - #endif - -! #if SIZEOF_LONG != SIZEOF_VOID_P -! #error Size of long is not the same as the size of a pointer - #endif - -! #if SIZEOF_INT > 4 - #error Size of int is not 32 bits - #endif - ---- 10,30 ---- - { - #endif/* __cplusplus */ - -! #include <limits.h> -! -! #ifndef SIZEOF_LONG -! #if ULONG_MAX > 4294967295 -! #define SIZEOF_LONG 8 -! #else -! #define SIZEOF_LONG 4 -! #endif - #endif - -! #if SIZEOF_LONG > 4 -! #define AT_64BIT - #endif - -! #if UINT_MAX > 4294967295 - #error Size of int is not 32 bits - #endif - diff --git a/pkgs/development/libraries/audio/libbs2b/default.nix b/pkgs/development/libraries/audio/libbs2b/default.nix index d81bceffffbc..b625bb18b88f 100644 --- a/pkgs/development/libraries/audio/libbs2b/default.nix +++ b/pkgs/development/libraries/audio/libbs2b/default.nix @@ -11,6 +11,8 @@ stdenv.mkDerivation rec { buildInputs = [ pkgconfig libsndfile ]; + hardeningDisable = [ "format" ]; + meta = { homepage = "http://bs2b.sourceforge.net/"; description = "Bauer stereophonic-to-binaural DSP library"; diff --git a/pkgs/development/libraries/belle-sip/default.nix b/pkgs/development/libraries/belle-sip/default.nix index 5975a61ff77c..8ba0f6fcc2d2 100644 --- a/pkgs/development/libraries/belle-sip/default.nix +++ b/pkgs/development/libraries/belle-sip/default.nix @@ -9,15 +9,17 @@ let }; in stdenv.mkDerivation rec { - name = "belle-sip-1.4.1"; + name = "belle-sip-1.4.2"; src = fetchurl { url = "mirror://savannah/linphone/belle-sip/${name}.tar.gz"; - sha256 = "0q1d3fqsrxi3kxcjcibr376js25h6in8c1hm7c53wz252jx6f42b"; + sha256 = "0c48jh3kjz58swvx1m63ijx5x0c0hf37d803d99flk2l10kbfb42"; }; nativeBuildInputs = [ jre ]; + NIX_CFLAGS_COMPILE = "-Wno-error=deprecated-declarations"; + # belle-sip.pc doesn't have a library path for antlr3c or polarssl propagatedBuildInputs = [ libantlr3c polarssl ]; diff --git a/pkgs/development/libraries/cgui/default.nix b/pkgs/development/libraries/cgui/default.nix index 0f1178622360..da9d1122cc54 100644 --- a/pkgs/development/libraries/cgui/default.nix +++ b/pkgs/development/libraries/cgui/default.nix @@ -12,10 +12,11 @@ stdenv.mkDerivation rec { buildInputs = [ texinfo allegro perl ]; configurePhase = '' - export NIX_CFLAGS_COMPILE="$NIX_CFLAGS_COMPILE -fPIC" sh fix.sh unix ''; + hardeningDisable = [ "format" ]; + makeFlags = [ "SYSTEM_DIR=$(out)" ]; meta = with stdenv.lib; { diff --git a/pkgs/development/libraries/cloog/0.18.0.nix b/pkgs/development/libraries/cloog/0.18.0.nix index ccd938283199..359bde2e0582 100644 --- a/pkgs/development/libraries/cloog/0.18.0.nix +++ b/pkgs/development/libraries/cloog/0.18.0.nix @@ -18,6 +18,9 @@ stdenv.mkDerivation rec { doCheck = true; + # FIXME needs gcc 4.9 in bootstrap tools + hardeningDisable = [ "stackprotector" ]; + meta = { description = "Library that generates loops for scanning polyhedra"; diff --git a/pkgs/development/libraries/cpp-hocon/default.nix b/pkgs/development/libraries/cpp-hocon/default.nix new file mode 100644 index 000000000000..3c4fe70c19d4 --- /dev/null +++ b/pkgs/development/libraries/cpp-hocon/default.nix @@ -0,0 +1,26 @@ +{ stdenv, fetchFromGitHub, cmake, boost, curl, leatherman }: + +stdenv.mkDerivation rec { + name = "cpp-hocon-${version}"; + version = "0.1.2"; + + src = fetchFromGitHub { + sha256 = "0v2mnak6fh13dkl25lfvw1la2dfjqrh3lq1d40r3a52m56vwflrg"; + rev = version; + repo = "cpp-hocon"; + owner = "puppetlabs"; + }; + + nativeBuildInputs = [ cmake ]; + + buildInputs = [ boost curl leatherman ]; + + meta = with stdenv.lib; { + inherit (src.meta) homepage; + description = " A C++ port of the Typesafe Config library"; + license = licenses.asl20; + maintainers = [ maintainers.womfoo ]; + platforms = platforms.linux; + }; + +} diff --git a/pkgs/development/libraries/cwiid/default.nix b/pkgs/development/libraries/cwiid/default.nix index 41d6320adc6c..980155c007a9 100644 --- a/pkgs/development/libraries/cwiid/default.nix +++ b/pkgs/development/libraries/cwiid/default.nix @@ -1,26 +1,34 @@ { stdenv, autoreconfHook, fetchgit, bison, flex, bluez, pkgconfig, gtk }: stdenv.mkDerivation rec { - name = "cwiid-2010-02-21-git"; - src = fetchgit { - url = https://github.com/abstrakraft/cwiid; - sha256 = "0qdb0x757k76nfj32xc2nrrdqd9jlwgg63vfn02l2iznnzahxp0h"; - rev = "fadf11e89b579bcc0336a0692ac15c93785f3f82"; - }; - configureFlags = "--without-python"; - prePatch = '' - sed -i -e '/$(LDCONFIG)/d' common/include/lib.mak.in - ''; - buildInputs = [ autoreconfHook bison flex bluez pkgconfig gtk ]; - postInstall = '' - # Some programs (for example, cabal-install) have problems with the double 0 - sed -i -e "s/0.6.00/0.6.0/" $out/lib/pkgconfig/cwiid.pc - ''; - meta = { - description = "Linux Nintendo Wiimote interface"; - homepage = http://cwiid.org; - license = stdenv.lib.licenses.gpl2Plus; - maintainers = [ stdenv.lib.maintainers.bennofs ]; - platforms = stdenv.lib.platforms.linux; - }; + name = "cwiid-2010-02-21-git"; + + src = fetchgit { + url = https://github.com/abstrakraft/cwiid; + sha256 = "0qdb0x757k76nfj32xc2nrrdqd9jlwgg63vfn02l2iznnzahxp0h"; + rev = "fadf11e89b579bcc0336a0692ac15c93785f3f82"; + }; + + hardeningDisable = [ "format" ]; + + configureFlags = "--without-python"; + + prePatch = '' + sed -i -e '/$(LDCONFIG)/d' common/include/lib.mak.in + ''; + + buildInputs = [ autoreconfHook bison flex bluez pkgconfig gtk ]; + + postInstall = '' + # Some programs (for example, cabal-install) have problems with the double 0 + sed -i -e "s/0.6.00/0.6.0/" $out/lib/pkgconfig/cwiid.pc + ''; + + meta = { + description = "Linux Nintendo Wiimote interface"; + homepage = http://cwiid.org; + license = stdenv.lib.licenses.gpl2Plus; + maintainers = [ stdenv.lib.maintainers.bennofs ]; + platforms = stdenv.lib.platforms.linux; + }; } diff --git a/pkgs/development/libraries/cxxtest/default.nix b/pkgs/development/libraries/cxxtest/default.nix new file mode 100644 index 000000000000..ebf21c13010e --- /dev/null +++ b/pkgs/development/libraries/cxxtest/default.nix @@ -0,0 +1,35 @@ +{ stdenv, fetchFromGitHub, pythonPackages}: + +stdenv.mkDerivation rec { + version = "4.4"; + name = "cxxtest"; + + src = fetchFromGitHub { + owner = "CxxTest"; + repo = name; + rev = version; + sha256 = "19w92kipfhp5wvs47l0qpibn3x49sbmvkk91yxw6nwk6fafcdl17"; + }; + + buildInputs = with pythonPackages; [ python wrapPython ]; + + installPhase = '' + cd python + python setup.py install --prefix=$out + cd .. + + mkdir -p $out/include + cp -R cxxtest $out/include/ + + wrapPythonProgramsIn $out/bin "$out $pythonPath" + ''; + + meta = with stdenv.lib; { + homepage = "http://cxxtest.com"; + description = "Unit testing framework for C++"; + platforms = platforms.unix ; + license = licenses.lgpl3; + maintainers = [ maintainers.juliendehos ]; + }; +} + diff --git a/pkgs/development/libraries/db/db-4.4.nix b/pkgs/development/libraries/db/db-4.4.nix index 757b1f71405b..00875d73f418 100644 --- a/pkgs/development/libraries/db/db-4.4.nix +++ b/pkgs/development/libraries/db/db-4.4.nix @@ -5,4 +5,5 @@ import ./generic.nix (args // rec { extraPatches = [ ./cygwin-4.4.patch ]; sha256 = "0y9vsq8dkarx1mhhip1vaciz6imbbyv37c1dm8b20l7p064bg2i9"; branch = "4.4"; + drvArgs = { hardeningDisable = [ "format" ]; }; }) diff --git a/pkgs/development/libraries/db/db-4.5.nix b/pkgs/development/libraries/db/db-4.5.nix index b1e4b2c47085..84b5ea67420a 100644 --- a/pkgs/development/libraries/db/db-4.5.nix +++ b/pkgs/development/libraries/db/db-4.5.nix @@ -5,4 +5,5 @@ import ./generic.nix (args // rec { extraPatches = [ ./cygwin-4.5.patch ./register-race-fix.patch ]; sha256 = "0bd81k0qv5i8w5gbddrvld45xi9k1gvmcrfm0393v0lrm37dab7m"; branch = "4.5"; + drvArgs = { hardeningDisable = [ "format" ]; }; }) diff --git a/pkgs/development/libraries/db/db-4.7.nix b/pkgs/development/libraries/db/db-4.7.nix index 9a7d586cd042..6016d112d517 100644 --- a/pkgs/development/libraries/db/db-4.7.nix +++ b/pkgs/development/libraries/db/db-4.7.nix @@ -4,4 +4,5 @@ import ./generic.nix (args // rec { version = "4.7.25"; sha256 = "0gi667v9cw22c03hddd6xd6374l0pczsd56b7pba25c9sdnxjkzi"; branch = "4.7"; + drvArgs = { hardeningDisable = [ "format" ]; }; }) diff --git a/pkgs/development/libraries/db/db-4.8.nix b/pkgs/development/libraries/db/db-4.8.nix index 6a161b0b72d8..40869a865ae5 100644 --- a/pkgs/development/libraries/db/db-4.8.nix +++ b/pkgs/development/libraries/db/db-4.8.nix @@ -5,4 +5,5 @@ import ./generic.nix (args // rec { extraPatches = [ ./clang-4.8.patch ]; sha256 = "0ampbl2f0hb1nix195kz1syrqqxpmvnvnfvphambj7xjrl3iljg0"; branch = "4.8"; + drvArgs = { hardeningDisable = [ "format" ]; }; }) diff --git a/pkgs/development/libraries/db/generic.nix b/pkgs/development/libraries/db/generic.nix index f5ee4e440ff0..fdc828effdfb 100644 --- a/pkgs/development/libraries/db/generic.nix +++ b/pkgs/development/libraries/db/generic.nix @@ -7,9 +7,10 @@ , extraPatches ? [ ] , license ? stdenv.lib.licenses.sleepycat , branch ? null +, drvArgs ? {} }: -stdenv.mkDerivation rec { +stdenv.mkDerivation (rec { name = "db-${version}"; src = fetchurl { @@ -42,4 +43,4 @@ stdenv.mkDerivation rec { platforms = platforms.unix; branch = branch; }; -} +} // drvArgs) diff --git a/pkgs/development/libraries/faac/default.nix b/pkgs/development/libraries/faac/default.nix index 802aafc444c3..1ab01033f4df 100644 --- a/pkgs/development/libraries/faac/default.nix +++ b/pkgs/development/libraries/faac/default.nix @@ -19,6 +19,8 @@ stdenv.mkDerivation rec { ++ optional mp4v2Support "--with-mp4v2" ++ optional drmSupport "--enable-drm"; + hardeningDisable = [ "format" ]; + buildInputs = [ ] ++ optional mp4v2Support mp4v2; diff --git a/pkgs/development/libraries/ffmpeg/3.1.nix b/pkgs/development/libraries/ffmpeg/3.1.nix index f2158b3756f5..c0e70f1f3486 100644 --- a/pkgs/development/libraries/ffmpeg/3.1.nix +++ b/pkgs/development/libraries/ffmpeg/3.1.nix @@ -5,8 +5,8 @@ }@args: callPackage ./generic.nix (args // rec { - version = "${branch}.2"; + version = "${branch}.3"; branch = "3.1"; - sha256 = "1xvh1c8nlws0wx6b7yl1pvkybgzaj5585h1r6z1gzhck1f0qvsv2"; + sha256 = "0f4ajs0c4088nkal4gqagx05wfyhd1izfxmzxxsdh56ibp38kg2q"; darwinFrameworks = [ Cocoa CoreMedia ]; }) diff --git a/pkgs/development/libraries/fftw/default.nix b/pkgs/development/libraries/fftw/default.nix index 68d1e62244cb..6e92f2bd3845 100644 --- a/pkgs/development/libraries/fftw/default.nix +++ b/pkgs/development/libraries/fftw/default.nix @@ -1,34 +1,24 @@ -{ fetchFromGitHub , stdenv, lib, ocaml, perl, indent, transfig, ghostscript, texinfo, libtool, gettext, automake, autoconf, precision ? "double" }: +{ fetchurl, stdenv, lib, precision ? "double" }: with lib; assert elem precision [ "single" "double" "long-double" "quad-precision" ]; -let version = "3.3.5-rc1"; in +let version = "3.3.5"; in stdenv.mkDerivation rec { name = "fftw-${precision}-${version}"; - src = fetchFromGitHub { - owner = "FFTW"; - repo = "fftw3"; - rev = "fftw-${version}"; - sha256 = "1gc57xvdqbapq30ylj3fxwkv61la4kzyf7ji0q0xqjwpji2ynqi4"; + src = fetchurl { + url = "ftp://ftp.fftw.org/pub/fftw/fftw-${version}.tar.gz"; + sha256 = "1kwbx92ps0r7s2mqy7lxbxanslxdzj7dp7r7gmdkzv1j8yqf3kwf"; }; - nativeBuildInputs = [ ocaml perl indent transfig ghostscript texinfo libtool gettext automake autoconf ]; - - # remove the ./configure lines, so we can use nix's configureFlags - patchPhase = "sed -e '27,29d' -i bootstrap.sh"; - - preConfigurePhases = "./bootstrap.sh"; - outputs = [ "dev" "out" "doc" ]; # it's dev-doc only outputBin = "dev"; # fftw-wisdom configureFlags = - [ "--enable-maintainer-mode" - "--enable-shared" "--disable-static" + [ "--enable-shared" "--disable-static" "--enable-threads" ] ++ optional (precision != "double") "--enable-${precision}" diff --git a/pkgs/development/libraries/fox/default.nix b/pkgs/development/libraries/fox/default.nix index 78c8b8645290..8969e4bd5ba8 100644 --- a/pkgs/development/libraries/fox/default.nix +++ b/pkgs/development/libraries/fox/default.nix @@ -20,6 +20,8 @@ stdenv.mkDerivation rec { enableParallelBuilding = true; + hardeningDisable = [ "format" ]; + meta = { description = "C++ based class library for building Graphical User Interfaces"; longDescription = '' diff --git a/pkgs/development/libraries/fox/fox-1.6.nix b/pkgs/development/libraries/fox/fox-1.6.nix index 3c823adf91b6..ce778e4a3473 100644 --- a/pkgs/development/libraries/fox/fox-1.6.nix +++ b/pkgs/development/libraries/fox/fox-1.6.nix @@ -20,6 +20,8 @@ stdenv.mkDerivation rec { enableParallelBuilding = true; + hardeningDisable = [ "format" ]; + meta = { branch = "1.6"; description = "A C++ based class library for building Graphical User Interfaces"; diff --git a/pkgs/development/libraries/freetds/default.nix b/pkgs/development/libraries/freetds/default.nix index 695abcfbba2b..3ed308a34920 100644 --- a/pkgs/development/libraries/freetds/default.nix +++ b/pkgs/development/libraries/freetds/default.nix @@ -11,6 +11,8 @@ stdenv.mkDerivation rec { sha256 = "0r946axzxs0czsmr7283w7vmk5jx3jnxxc32d2ncxsrsh2yli0ba"; }; + hardeningDisable = [ "format" ]; + buildInputs = stdenv.lib.optional odbcSupport [ unixODBC ]; configureFlags = stdenv.lib.optionalString odbcSupport "--with-odbc=${unixODBC}"; diff --git a/pkgs/development/libraries/fribidi/default.nix b/pkgs/development/libraries/fribidi/default.nix index 669d023dde8b..35d67b633097 100644 --- a/pkgs/development/libraries/fribidi/default.nix +++ b/pkgs/development/libraries/fribidi/default.nix @@ -3,12 +3,14 @@ stdenv.mkDerivation rec { name = "fribidi-${version}"; version = "0.19.6"; - + src = fetchurl { url = "http://fribidi.org/download/${name}.tar.bz2"; sha256 = "0zg1hpaml34ny74fif97j7ngrshlkl3wk3nja3gmlzl17i1bga6b"; }; + hardeningDisable = [ "format" ]; + meta = with stdenv.lib; { homepage = http://fribidi.org/; description = "GNU implementation of the Unicode Bidirectional Algorithm (bidi)"; diff --git a/pkgs/development/libraries/gd/default.nix b/pkgs/development/libraries/gd/default.nix index dfeec5d8890b..06da5d4264de 100644 --- a/pkgs/development/libraries/gd/default.nix +++ b/pkgs/development/libraries/gd/default.nix @@ -19,10 +19,13 @@ stdenv.mkDerivation rec { sha256 = "0g3xz8jpz1pl2zzmssglrpa9nxiaa7rmcmvgpbrjz8k9cyynqsvl"; }; + hardeningDisable = [ "format" ]; + # -pthread gets passed to clang, causing warnings configureFlags = stdenv.lib.optional stdenv.isDarwin "--enable-werror=no"; nativeBuildInputs = [ pkgconfig ]; + buildInputs = [ zlib fontconfig freetype ]; propagatedBuildInputs = [ libpng libjpeg libwebp libtiff libXpm ]; diff --git a/pkgs/development/libraries/gdal/default.nix b/pkgs/development/libraries/gdal/default.nix index f19f760c7487..90341898a8a8 100644 --- a/pkgs/development/libraries/gdal/default.nix +++ b/pkgs/development/libraries/gdal/default.nix @@ -18,6 +18,8 @@ composableDerivation.composableDerivation {} (fixed: rec { ++ (with pythonPackages; [ python numpy wrapPython ]) ++ (stdenv.lib.optionals netcdfSupport [ netcdf hdf5 curl ]); + hardeningDisable = [ "format" ]; + # Don't use optimization for gcc >= 4.3. That's said to be causing segfaults. # Unset CC and CXX as they confuse libtool. preConfigure = "export CFLAGS=-O0 CXXFLAGS=-O0; unset CC CXX"; diff --git a/pkgs/development/libraries/gdal/gdal-1_11.nix b/pkgs/development/libraries/gdal/gdal-1_11.nix index 06f8afba3341..b62f87c2a21e 100644 --- a/pkgs/development/libraries/gdal/gdal-1_11.nix +++ b/pkgs/development/libraries/gdal/gdal-1_11.nix @@ -19,6 +19,8 @@ composableDerivation.composableDerivation {} (fixed: rec { ./python.patch ]; + hardeningDisable = [ "format" ]; + # Don't use optimization for gcc >= 4.3. That's said to be causing segfaults. # Unset CC and CXX as they confuse libtool. preConfigure = "export CFLAGS=-O0 CXXFLAGS=-O0; unset CC CXX"; diff --git a/pkgs/development/libraries/gdome2/default.nix b/pkgs/development/libraries/gdome2/default.nix index cc8f76949eea..e9643da221ef 100644 --- a/pkgs/development/libraries/gdome2/default.nix +++ b/pkgs/development/libraries/gdome2/default.nix @@ -13,6 +13,8 @@ stdenv.mkDerivation { sha256 = "0hyms5s3hziajp3qbwdwqjc2xcyhb783damqg8wxjpwfxyi81fzl"; }; + hardeningDisable = [ "format" ]; + buildInputs = [pkgconfig glib libxml2 gtkdoc]; propagatedBuildInputs = [glib libxml2]; patches = [ ./xml-document.patch ]; diff --git a/pkgs/development/libraries/gegl/3.0.nix b/pkgs/development/libraries/gegl/3.0.nix index 2a201ed55236..df68eecd137b 100644 --- a/pkgs/development/libraries/gegl/3.0.nix +++ b/pkgs/development/libraries/gegl/3.0.nix @@ -1,5 +1,5 @@ { stdenv, fetchurl, pkgconfig, glib, babl, libpng, cairo, libjpeg, which -, librsvg, pango, gtk, bzip2, intltool, libtool, automake, autoconf, json_glib , libraw }: +, librsvg, pango, gtk, bzip2, json_glib, intltool, autoreconfHook, libraw }: stdenv.mkDerivation rec { name = "gegl-0.3.6"; @@ -9,17 +9,19 @@ stdenv.mkDerivation rec { sha256 = "08m7dlf2kwmp7jw3qskwxas192swhn1g4jcd8aldg9drfjygprvh"; }; - configureScript = "./autogen.sh"; + hardeningDisable = [ "format" ]; # needs fonts otherwise don't know how to pass them configureFlags = "--disable-docs"; - buildInputs = [ babl libpng cairo libjpeg librsvg pango gtk bzip2 intltool - autoconf automake libtool which json_glib libraw ]; + buildInputs = [ + babl libpng cairo libjpeg librsvg pango gtk bzip2 which json_glib intltool + libraw + ]; - nativeBuildInputs = [ pkgconfig ]; + nativeBuildInputs = [ pkgconfig autoreconfHook ]; - meta = { + meta = { description = "Graph-based image processing framework"; homepage = http://www.gegl.org; license = stdenv.lib.licenses.gpl3; diff --git a/pkgs/development/libraries/geoclue/default.nix b/pkgs/development/libraries/geoclue/default.nix index 1b703e2fdba8..754c85ecf030 100644 --- a/pkgs/development/libraries/geoclue/default.nix +++ b/pkgs/development/libraries/geoclue/default.nix @@ -11,6 +11,8 @@ stdenv.mkDerivation rec { propagatedBuildInputs = [dbus glib dbus_glib]; + hardeningDisable = [ "format" ]; + preConfigure = '' sed -e '/-Werror/d' -i configure ''; diff --git a/pkgs/development/libraries/gettext/default.nix b/pkgs/development/libraries/gettext/default.nix index bf65e6947532..7d555ba4d062 100644 --- a/pkgs/development/libraries/gettext/default.nix +++ b/pkgs/development/libraries/gettext/default.nix @@ -12,6 +12,9 @@ stdenv.mkDerivation rec { outputs = [ "out" "doc" ]; + # FIXME stackprotector needs gcc 4.9 in bootstrap tools + hardeningDisable = [ "format" "stackprotector" ]; + LDFLAGS = if stdenv.isSunOS then "-lm -lmd -lmp -luutil -lnvpair -lnsl -lidmap -lavl -lsec" else ""; configureFlags = [ "--disable-csharp" "--with-xz" ] diff --git a/pkgs/development/libraries/giflib/4.1.nix b/pkgs/development/libraries/giflib/4.1.nix index 2f9d54c0b4ee..c70bda034871 100644 --- a/pkgs/development/libraries/giflib/4.1.nix +++ b/pkgs/development/libraries/giflib/4.1.nix @@ -2,10 +2,14 @@ stdenv.mkDerivation { name = "giflib-4.1.6"; + src = fetchurl { url = mirror://sourceforge/giflib/giflib-4.1.6.tar.bz2; sha256 = "1v9b7ywz7qg8hli0s9vv1b8q9xxb2xvqq2mg1zpr73xwqpcwxhg1"; }; + + hardeningDisable = [ "format" ]; + meta = { branch = "4.1"; platforms = stdenv.lib.platforms.unix; diff --git a/pkgs/development/libraries/giflib/libungif.nix b/pkgs/development/libraries/giflib/libungif.nix index 4abd96fa3cec..357ca751ccf1 100644 --- a/pkgs/development/libraries/giflib/libungif.nix +++ b/pkgs/development/libraries/giflib/libungif.nix @@ -7,6 +7,8 @@ stdenv.mkDerivation { sha256 = "5e65e1e5deacd0cde489900dbf54c6c2ee2ebc818199e720dbad685d87abda3d"; }; + hardeningDisable = [ "format" ]; + meta = { platforms = stdenv.lib.platforms.unix; }; diff --git a/pkgs/development/libraries/glibc/common.nix b/pkgs/development/libraries/glibc/common.nix index d7e916423422..3ee9d2289acd 100644 --- a/pkgs/development/libraries/glibc/common.nix +++ b/pkgs/development/libraries/glibc/common.nix @@ -181,6 +181,6 @@ stdenv.mkDerivation ({ license = lib.licenses.lgpl2Plus; maintainers = [ lib.maintainers.eelco ]; - #platforms = lib.platforms.linux; + platforms = lib.platforms.linux; } // meta; }) diff --git a/pkgs/development/libraries/glibc/default.nix b/pkgs/development/libraries/glibc/default.nix index 4d377bb93cbe..1c116c8d9870 100644 --- a/pkgs/development/libraries/glibc/default.nix +++ b/pkgs/development/libraries/glibc/default.nix @@ -33,6 +33,8 @@ in makeFlagsArray+=("bindir=$bin/bin" "sbindir=$bin/sbin" "rootsbindir=$bin/sbin") ''; + hardeningDisable = [ "stackprotector" "fortify" ]; + # When building glibc from bootstrap-tools, we need libgcc_s at RPATH for # any program we run, because the gcc will have been placed at a new # store path than that determined when built (as a source for the diff --git a/pkgs/development/libraries/gmp/5.1.x.nix b/pkgs/development/libraries/gmp/5.1.x.nix index 1e9142444d11..c6cbfdd89b41 100644 --- a/pkgs/development/libraries/gmp/5.1.x.nix +++ b/pkgs/development/libraries/gmp/5.1.x.nix @@ -14,6 +14,9 @@ stdenv.mkDerivation rec { nativeBuildInputs = [ m4 ]; + # FIXME needs gcc 4.9 in bootstrap tools + hardeningDisable = [ "format" "stackprotector" ]; + patches = if stdenv.isDarwin then [ ./need-size-t.patch ] else null; configureFlags = diff --git a/pkgs/development/libraries/gnu-efi/default.nix b/pkgs/development/libraries/gnu-efi/default.nix index 336785e1abdd..d679d88e91d1 100644 --- a/pkgs/development/libraries/gnu-efi/default.nix +++ b/pkgs/development/libraries/gnu-efi/default.nix @@ -11,6 +11,8 @@ stdenv.mkDerivation rec { buildInputs = [ pciutils ]; + hardeningDisable = [ "stackprotector" ]; + makeFlags = [ "PREFIX=\${out}" "CC=gcc" diff --git a/pkgs/development/libraries/goffice/default.nix b/pkgs/development/libraries/goffice/default.nix index 4b58f3ab2ef4..cf9ab101018d 100644 --- a/pkgs/development/libraries/goffice/default.nix +++ b/pkgs/development/libraries/goffice/default.nix @@ -2,11 +2,11 @@ , libgsf, libxml2, libxslt, cairo, pango, librsvg, libspectre }: stdenv.mkDerivation rec { - name = "goffice-0.10.26"; + name = "goffice-0.10.32"; src = fetchurl { url = "mirror://gnome/sources/goffice/0.10/${name}.tar.xz"; - sha256 = "2b8dd0a0f84ef4f6bd32bfdae2b68caa0e41631026a74d04c4d2266512a744bb"; + sha256 = "02b37da9f54fb92725b973875d1d2da49b54f6486eb03648fd1ea58e4a297ac3"; }; nativeBuildInputs = [ pkgconfig intltool ]; diff --git a/pkgs/development/libraries/gsl/default.nix b/pkgs/development/libraries/gsl/default.nix index 4ab1b0cf56c5..82e41329e001 100644 --- a/pkgs/development/libraries/gsl/default.nix +++ b/pkgs/development/libraries/gsl/default.nix @@ -1,11 +1,11 @@ { fetchurl, fetchpatch, stdenv }: stdenv.mkDerivation rec { - name = "gsl-2.1"; + name = "gsl-2.2"; src = fetchurl { url = "mirror://gnu/gsl/${name}.tar.gz"; - sha256 = "0rhcia9jhr3p1f1wybwyllwqfs9bggz99i3mi5lpyqcpff1hdbar"; + sha256 = "1pyq2c0j91z955746myn29c89jwkd435s2cbj8ks2hpag6d0mr2d"; }; patches = [ diff --git a/pkgs/development/libraries/gsm/default.nix b/pkgs/development/libraries/gsm/default.nix index fb9ff8eb0fbc..42d36b8406e2 100644 --- a/pkgs/development/libraries/gsm/default.nix +++ b/pkgs/development/libraries/gsm/default.nix @@ -41,8 +41,6 @@ stdenv.mkDerivation rec { preInstall = "mkdir -p $out/{bin,lib,man/man1,man/man3,include/gsm}"; - NIX_CFLAGS_COMPILE = optional (!staticSupport) "-fPIC"; - parallelBuild = false; meta = with stdenv.lib; { diff --git a/pkgs/development/libraries/gstreamer/legacy/gst-python/default.nix b/pkgs/development/libraries/gstreamer/legacy/gst-python/default.nix index b0ac9e799e9a..249eb9a30da7 100644 --- a/pkgs/development/libraries/gstreamer/legacy/gst-python/default.nix +++ b/pkgs/development/libraries/gstreamer/legacy/gst-python/default.nix @@ -13,6 +13,8 @@ stdenv.mkDerivation rec { sha256 = "0y1i4n5m1diljqr9dsq12anwazrhbs70jziich47gkdwllcza9lg"; }; + hardeningDisable = [ "bindnow" ]; + # Need to disable the testFake test case due to bug in pygobject. # See https://bugzilla.gnome.org/show_bug.cgi?id=692479 patches = [ ./disable-testFake.patch ]; diff --git a/pkgs/development/libraries/gtk+/3.x.nix b/pkgs/development/libraries/gtk+/3.x.nix index b0409ee2808a..249f2651517f 100644 --- a/pkgs/development/libraries/gtk+/3.x.nix +++ b/pkgs/development/libraries/gtk+/3.x.nix @@ -41,7 +41,7 @@ stdenv.mkDerivation rec { ++ optional cupsSupport cups; #TODO: colord? - NIX_LDFLAGS = stdenv.lib.optionalString stdenv.isDarwin "-lintl"; + NIX_LDFLAGS = optionalString stdenv.isDarwin "-lintl"; # demos fail to install, no idea where's the problem preConfigure = "sed '/^SRC_SUBDIRS /s/demos//' -i Makefile.in"; @@ -60,7 +60,7 @@ stdenv.mkDerivation rec { "--enable-wayland-backend" ]; - postInstall = '' + postInstall = optionalString (!stdenv.isDarwin) '' substituteInPlace "$out/lib/gtk-3.0/3.0.0/printbackends/libprintbackend-cups.la" \ --replace '-L${gmp.dev}/lib' '-L${gmp.out}/lib' ''; diff --git a/pkgs/development/libraries/hspell/default.nix b/pkgs/development/libraries/hspell/default.nix index 9b44d12c2934..eebd105a00db 100644 --- a/pkgs/development/libraries/hspell/default.nix +++ b/pkgs/development/libraries/hspell/default.nix @@ -16,8 +16,6 @@ stdenv.mkDerivation rec { patchPhase = ''patchShebangs .''; buildInputs = [ perl zlib ]; - makeFlags = "CFLAGS=-fPIC"; - meta = { description = "Hebrew spell checker"; homepage = http://hspell.ivrix.org.il/; diff --git a/pkgs/development/libraries/hunspell/default.nix b/pkgs/development/libraries/hunspell/default.nix index 0d0ff38fb47f..d48c598dd92d 100644 --- a/pkgs/development/libraries/hunspell/default.nix +++ b/pkgs/development/libraries/hunspell/default.nix @@ -13,6 +13,8 @@ stdenv.mkDerivation rec { buildInputs = [ ncurses readline ]; configureFlags = [ "--with-ui" "--with-readline" ]; + hardeningDisable = [ "format" ]; + meta = with stdenv.lib; { homepage = http://hunspell.sourceforge.net; description = "Spell checker"; diff --git a/pkgs/development/libraries/ilmbase/default.nix b/pkgs/development/libraries/ilmbase/default.nix index 742048c9ae66..4df17d271a2b 100644 --- a/pkgs/development/libraries/ilmbase/default.nix +++ b/pkgs/development/libraries/ilmbase/default.nix @@ -14,6 +14,8 @@ stdenv.mkDerivation rec { buildInputs = [ automake autoconf libtool which ]; + NIX_CFLAGS_LINK = [ "-pthread" ]; + patches = [ ./bootstrap.patch ]; meta = with stdenv.lib; { diff --git a/pkgs/development/libraries/isl/0.14.1.nix b/pkgs/development/libraries/isl/0.14.1.nix index 8196dec283ac..77ba20cbb200 100644 --- a/pkgs/development/libraries/isl/0.14.1.nix +++ b/pkgs/development/libraries/isl/0.14.1.nix @@ -12,6 +12,9 @@ stdenv.mkDerivation rec { enableParallelBuilding = true; + # FIXME needs gcc 4.9 in bootstrap tools + hardeningDisable = [ "stackprotector" ]; + meta = { homepage = http://www.kotnet.org/~skimo/isl/; license = stdenv.lib.licenses.lgpl21; diff --git a/pkgs/development/libraries/itk/default.nix b/pkgs/development/libraries/itk/default.nix index 7b4e3834af76..eda9434ab657 100644 --- a/pkgs/development/libraries/itk/default.nix +++ b/pkgs/development/libraries/itk/default.nix @@ -12,7 +12,6 @@ stdenv.mkDerivation rec { "-DBUILD_TESTING=OFF" "-DBUILD_EXAMPLES=OFF" "-DBUILD_SHARED_LIBS=ON" - "-DCMAKE_CXX_FLAGS=-fPIC" ]; enableParallelBuilding = true; diff --git a/pkgs/development/libraries/java/rhino/default.nix b/pkgs/development/libraries/java/rhino/default.nix index 37ab6b4f8fd4..f106bbe6ebca 100644 --- a/pkgs/development/libraries/java/rhino/default.nix +++ b/pkgs/development/libraries/java/rhino/default.nix @@ -20,6 +20,8 @@ stdenv.mkDerivation { patches = [ ./gcj-type-mismatch.patch ]; + hardeningDisable = [ "fortify" "format" ]; + preConfigure = '' find -name \*.jar -or -name \*.class -exec rm -v {} \; diff --git a/pkgs/development/libraries/java/swt/default.nix b/pkgs/development/libraries/java/swt/default.nix index 37b8b502c3b7..5ea6fa644cde 100644 --- a/pkgs/development/libraries/java/swt/default.nix +++ b/pkgs/development/libraries/java/swt/default.nix @@ -23,6 +23,8 @@ in stdenv.mkDerivation rec { fullVersion = "${version}-201202080800"; name = "swt-${version}"; + hardeningDisable = [ "format" ]; + # Alas, the Eclipse Project apparently doesn't produce source-only # releases of SWT. So we just grab a binary release and extract # "src.zip" from that. diff --git a/pkgs/development/libraries/leatherman/default.nix b/pkgs/development/libraries/leatherman/default.nix index a4b007fa399d..bc62a04808ff 100644 --- a/pkgs/development/libraries/leatherman/default.nix +++ b/pkgs/development/libraries/leatherman/default.nix @@ -2,10 +2,10 @@ stdenv.mkDerivation rec { name = "leatherman-${version}"; - version = "0.7.5"; + version = "0.9.0"; src = fetchFromGitHub { - sha256 = "103qzhjhgw7jh0xcaxag735wfm6q35xprq5wmdimfhhmmrmjr51g"; + sha256 = "18nidasykbwdd9qzwc8pnzhczy6acr3rsxwvv2v3j5gq3nbsk2mc"; rev = version; repo = "leatherman"; owner = "puppetlabs"; @@ -13,10 +13,6 @@ stdenv.mkDerivation rec { buildInputs = [ boost cmake curl ]; - # curl upgrade to 7.50.0 (#17152) broke the curl mock tests, disabling for now - # upstream bug raised https://tickets.puppetlabs.com/browse/LTH-108 - cmakeFlags = [ "-DLEATHERMAN_MOCK_CURL=OFF" ]; - meta = with stdenv.lib; { homepage = https://github.com/puppetlabs/leatherman/; description = "A collection of C++ and CMake utility libraries"; diff --git a/pkgs/development/libraries/libcommuni/default.nix b/pkgs/development/libraries/libcommuni/default.nix index 77199bf27a3e..06a7f54e42ba 100644 --- a/pkgs/development/libraries/libcommuni/default.nix +++ b/pkgs/development/libraries/libcommuni/default.nix @@ -1,17 +1,18 @@ -{ fetchgit, qtbase, qmakeHook, which, stdenv +{ stdenv, fetchFromGitHub, qtbase, qtdeclarative, qmakeHook, which }: stdenv.mkDerivation rec { name = "libcommuni-${version}"; - version = "2016-03-23"; + version = "2016-08-17"; - src = fetchgit { - url = "https://github.com/communi/libcommuni.git"; - rev = "6a5110b25e2838e7dc2c62d16b9fd06d12beee7e"; - sha256 = "184ah5xqg5pgy8h6fyyz2k0vak1fmhrcidwz828yl4lsvz1vjqh1"; + src = fetchFromGitHub { + owner = "communi"; + repo = "libcommuni"; + rev = "dedba6faf57c31c8c70fd563ba12d75a9caee8a3"; + sha256 = "0wvs53z34vfs5xlln4a6sbd4981svag89xm0f4k20mb1i052b20i"; }; - buildInputs = [ qtbase ]; + buildInputs = [ qtbase qtdeclarative ]; nativeBuildInputs = [ qmakeHook which ]; enableParallelBuild = true; diff --git a/pkgs/development/libraries/libdnet/default.nix b/pkgs/development/libraries/libdnet/default.nix index 8911539d7b02..dbda4107c485 100644 --- a/pkgs/development/libraries/libdnet/default.nix +++ b/pkgs/development/libraries/libdnet/default.nix @@ -12,8 +12,6 @@ stdenv.mkDerivation { buildInputs = [ automake autoconf libtool ]; - CFLAGS="-fPIC"; - # .so endings are missing (quick and dirty fix) postInstall = '' for i in $out/lib/*; do diff --git a/pkgs/development/libraries/libdrm/default.nix b/pkgs/development/libraries/libdrm/default.nix index d2bb05a3bb64..13a7cfe0fb9f 100644 --- a/pkgs/development/libraries/libdrm/default.nix +++ b/pkgs/development/libraries/libdrm/default.nix @@ -1,11 +1,11 @@ { stdenv, fetchurl, pkgconfig, libpthreadstubs, libpciaccess, udev, valgrind }: stdenv.mkDerivation rec { - name = "libdrm-2.4.68"; + name = "libdrm-2.4.70"; src = fetchurl { url = "http://dri.freedesktop.org/libdrm/${name}.tar.bz2"; - sha256 = "5b4bd9a5922929bc716411cb74061fbf31b06ba36feb89bc1358a91a8d0ca9df"; + sha256 = "b17d4b39ed97ca0e4cffa0db06ff609e617bac94646ec38e8e0579d530540e7b"; }; outputs = [ "dev" "out" ]; diff --git a/pkgs/development/libraries/libdwg/default.nix b/pkgs/development/libraries/libdwg/default.nix index f44d228f6501..2a2dfbb0be53 100644 --- a/pkgs/development/libraries/libdwg/default.nix +++ b/pkgs/development/libraries/libdwg/default.nix @@ -10,6 +10,8 @@ stdenv.mkDerivation { nativeBuildInputs = [ indent ]; + hardeningDisable = [ "format" ]; + meta = { description = "Library reading dwg files"; homepage = http://libdwg.sourceforge.net/en/; diff --git a/pkgs/development/libraries/libelf/default.nix b/pkgs/development/libraries/libelf/default.nix index 12588617d4a1..5027afa397ac 100644 --- a/pkgs/development/libraries/libelf/default.nix +++ b/pkgs/development/libraries/libelf/default.nix @@ -10,6 +10,9 @@ stdenv.mkDerivation rec { doCheck = true; + # FIXME needs gcc 4.9 in bootstrap tools + hardeningDisable = [ "stackprotector" ]; + # For cross-compiling, native glibc is needed for the "gencat" program. crossAttrs = { nativeBuildInputs = [ gettext glibc ]; diff --git a/pkgs/development/libraries/libf2c/default.nix b/pkgs/development/libraries/libf2c/default.nix index 97168c3ae6c4..78901e2f013e 100644 --- a/pkgs/development/libraries/libf2c/default.nix +++ b/pkgs/development/libraries/libf2c/default.nix @@ -2,7 +2,7 @@ stdenv.mkDerivation rec { name = "libf2c-20100903"; - + src = fetchurl { url = http://www.netlib.org/f2c/libf2c.zip; sha256 = "1mcp1lh7gay7hm186dr0wvwd2bc05xydhnc1qy3dqs4n3r102g7i"; @@ -24,6 +24,8 @@ stdenv.mkDerivation rec { buildInputs = [ unzip ]; + hardeningDisable = [ "format" ]; + meta = { description = "F2c converts Fortran 77 source code to C"; homepage = http://www.netlib.org/f2c/; diff --git a/pkgs/development/libraries/libgeotiff/default.nix b/pkgs/development/libraries/libgeotiff/default.nix index d07aae3ab807..d30ea6e5324b 100644 --- a/pkgs/development/libraries/libgeotiff/default.nix +++ b/pkgs/development/libraries/libgeotiff/default.nix @@ -10,6 +10,8 @@ stdenv.mkDerivation { buildInputs = [ libtiff ]; + hardeningDisable = [ "format" ]; + meta = { description = "Library implementing attempt to create a tiff based interchange format for georeferenced raster imagery"; homepage = http://www.remotesensing.org/geotiff/geotiff.html; diff --git a/pkgs/development/libraries/libgksu/default.nix b/pkgs/development/libraries/libgksu/default.nix index 90d1b21cd3f0..b86eba685bbb 100644 --- a/pkgs/development/libraries/libgksu/default.nix +++ b/pkgs/development/libraries/libgksu/default.nix @@ -24,6 +24,8 @@ stdenv.mkDerivation rec { enableParallelBuilding = true; + hardeningDisable = [ "format" ]; + patches = [ # Patches from the gentoo ebuild diff --git a/pkgs/development/libraries/libgphoto2/default.nix b/pkgs/development/libraries/libgphoto2/default.nix index af8c1a8f1a21..a6c739017ee9 100644 --- a/pkgs/development/libraries/libgphoto2/default.nix +++ b/pkgs/development/libraries/libgphoto2/default.nix @@ -20,6 +20,8 @@ stdenv.mkDerivation rec { # These are mentioned in the Requires line of libgphoto's pkg-config file. propagatedBuildInputs = [ libexif ]; + hardeningDisable = [ "format" ]; + meta = { homepage = http://www.gphoto.org/proj/libgphoto2/; description = "A library for accessing digital cameras"; diff --git a/pkgs/development/libraries/libidn/default.nix b/pkgs/development/libraries/libidn/default.nix index d1abf155ae3a..52b74c54d99f 100644 --- a/pkgs/development/libraries/libidn/default.nix +++ b/pkgs/development/libraries/libidn/default.nix @@ -12,6 +12,8 @@ stdenv.mkDerivation rec { doCheck = ! stdenv.isDarwin; + hardeningDisable = [ "format" ]; + buildInputs = stdenv.lib.optional stdenv.isDarwin libiconv; meta = { diff --git a/pkgs/development/libraries/libjson-rpc-cpp/default.nix b/pkgs/development/libraries/libjson-rpc-cpp/default.nix index 2cfede1eb6e3..ca60f1570bc4 100644 --- a/pkgs/development/libraries/libjson-rpc-cpp/default.nix +++ b/pkgs/development/libraries/libjson-rpc-cpp/default.nix @@ -18,6 +18,8 @@ stdenv.mkDerivation rec { rev = "c6e3d7195060774bf95afc6df9c9588922076d3e"; }; + hardeningDisable = [ "format" ]; + patchPhase = '' for f in cmake/FindArgtable.cmake \ src/stubgenerator/stubgenerator.cpp \ diff --git a/pkgs/development/libraries/libmpack/default.nix b/pkgs/development/libraries/libmpack/default.nix index de2bb9334d5a..5ac5c9eee96a 100644 --- a/pkgs/development/libraries/libmpack/default.nix +++ b/pkgs/development/libraries/libmpack/default.nix @@ -3,12 +3,12 @@ stdenv.mkDerivation rec { name = "libmpack-${version}"; version = "1.0.3-rev${rev}"; - rev = "071d944c9ff7b7fbd2c3c19d1fd1a231363ddeea"; + rev = "80bd55ea677e70b041f65a4b99438c1f059cce4b"; src = fetchFromGitHub { owner = "tarruda"; repo = "libmpack"; inherit rev; - sha256 = "1h3pbmykm69gfyi0wz647gz5836a6f3jc4azzll7i3mkpc11gcrd"; + sha256 = "1whnbgxd5580h59kvc2xgx6ymw7nk9kz6r4ajgsfv6c6h2xbwbl3"; }; LIBTOOL = "libtool"; buildInputs = [ libtool ]; diff --git a/pkgs/development/libraries/libmpc/default.nix b/pkgs/development/libraries/libmpc/default.nix index 2a4600f52045..0d3c9c0997c1 100644 --- a/pkgs/development/libraries/libmpc/default.nix +++ b/pkgs/development/libraries/libmpc/default.nix @@ -16,6 +16,9 @@ stdenv.mkDerivation rec { doCheck = true; + # FIXME needs gcc 4.9 in bootstrap tools + hardeningDisable = [ "stackprotector" ]; + meta = { description = "Library for multiprecision complex arithmetic with exact rounding"; diff --git a/pkgs/development/libraries/liborc/default.nix b/pkgs/development/libraries/liborc/default.nix new file mode 100644 index 000000000000..2b298c97379c --- /dev/null +++ b/pkgs/development/libraries/liborc/default.nix @@ -0,0 +1,17 @@ +{ stdenv, fetchurl }: + +stdenv.mkDerivation rec { + name = "liborc-${version}"; + version = "0.4.16"; + + src = fetchurl { + url = "http://http.debian.net/debian/pool/main/o/orc/orc_${version}.orig.tar.gz"; + sha256 = "1asq58gm87ig60ib4cs69hyqhnsirqkdlidnchhx83halbdlw3kh"; + }; + + meta = with stdenv.lib; { + homepage = https://packages.debian.org/wheezy/liborc-0.4-0; + description = "Orc is a library and set of tools for compiling and executing very simple programs that operate on arrays of data."; + license = with licenses; [ bsd2 bsd3 ]; + }; +} diff --git a/pkgs/development/libraries/libqalculate/default.nix b/pkgs/development/libraries/libqalculate/default.nix index 8c6ee6dc9b9f..3aa708e568a9 100644 --- a/pkgs/development/libraries/libqalculate/default.nix +++ b/pkgs/development/libraries/libqalculate/default.nix @@ -2,11 +2,11 @@ stdenv.mkDerivation rec { name = "libqalculate-${version}"; - version = "0.9.8"; + version = "0.9.9"; src = fetchurl { url = "https://github.com/Qalculate/libqalculate/archive/v${version}.tar.gz"; - sha256 = "07rd95a0wsqs3iymr64mlljn191f8gdnjvr9d4l1spjv3s8j5wdi"; + sha256 = "0avri5c3sr31ax0vjvzla1a11xb4irnrc6571lm6w4zxigqakkqk"; }; nativeBuildInputs = [ intltool pkgconfig autoreconfHook doxygen ]; diff --git a/pkgs/development/libraries/librsync/0.9.nix b/pkgs/development/libraries/librsync/0.9.nix index 9738794b6b17..0954694cf290 100644 --- a/pkgs/development/libraries/librsync/0.9.nix +++ b/pkgs/development/libraries/librsync/0.9.nix @@ -1,13 +1,15 @@ -{stdenv, fetchurl}: +{ stdenv, fetchurl }: stdenv.mkDerivation { name = "librsync-0.9.7"; - + src = fetchurl { url = mirror://sourceforge/librsync/librsync-0.9.7.tar.gz; sha256 = "1mj1pj99mgf1a59q9f2mxjli2fzxpnf55233pc1klxk2arhf8cv6"; }; + hardeningDisable = [ "format" ]; + configureFlags = if stdenv.isCygwin then "--enable-static" else "--enable-shared"; crossAttrs = { diff --git a/pkgs/development/libraries/libseccomp/default.nix b/pkgs/development/libraries/libseccomp/default.nix index e30271aaa384..a086ae890bd0 100644 --- a/pkgs/development/libraries/libseccomp/default.nix +++ b/pkgs/development/libraries/libseccomp/default.nix @@ -1,13 +1,13 @@ { stdenv, fetchurl, getopt }: -let version = "2.3.0"; in +let version = "2.3.1"; in stdenv.mkDerivation rec { name = "libseccomp-${version}"; src = fetchurl { url = "https://github.com/seccomp/libseccomp/releases/download/v${version}/libseccomp-${version}.tar.gz"; - sha256 = "07chdgr87aayn6sjm94y6gisl4j6si1hr9cqhs09l9bqfnky6mnp"; + sha256 = "0asnlkzqms520r0dra08dzcz5hh6hs7lkajfw9wij3vrd0hxsnzz"; }; buildInputs = [ getopt ]; diff --git a/pkgs/development/libraries/libtelnet/default.nix b/pkgs/development/libraries/libtelnet/default.nix new file mode 100644 index 000000000000..5f284d1a49a4 --- /dev/null +++ b/pkgs/development/libraries/libtelnet/default.nix @@ -0,0 +1,24 @@ +{ stdenv, fetchFromGitHub, pkgconfig, autoreconfHook, zlib }: + +stdenv.mkDerivation rec { + name = "libtelnet-${version}"; + version = "0.21+45f2d5c"; + + src = fetchFromGitHub { + owner = "seanmiddleditch"; + repo = "libtelnet"; + rev = "45f2d5cfcf383312280e61c85b107285fed260cf"; + sha256 = "1lp6gdbndsp2w8mhy88c2jknxj2klvnggvq04ln7qjg8407ifpda"; + }; + + nativeBuildInputs = [ pkgconfig autoreconfHook ]; + buildInputs = [ zlib ]; + + meta = { + description = "Simple RFC-complient TELNET implementation as a C library"; + homepage = "https://github.com/seanmiddleditch/libtelnet"; + license = stdenv.lib.licenses.publicDomain; + maintainers = [ stdenv.lib.maintainers.tomberek ]; + platforms = stdenv.lib.platforms.linux; + }; +} diff --git a/pkgs/development/libraries/libunwind/default.nix b/pkgs/development/libraries/libunwind/default.nix index da09e2fcbe25..7eea905f64af 100644 --- a/pkgs/development/libraries/libunwind/default.nix +++ b/pkgs/development/libraries/libunwind/default.nix @@ -24,7 +24,6 @@ stdenv.mkDerivation rec { propagatedBuildInputs = [ xz ]; - NIX_CFLAGS_COMPILE = if stdenv.system == "x86_64-linux" then "-fPIC" else ""; preInstall = '' mkdir -p "$out/lib" touch "$out/lib/libunwind-generic.so" diff --git a/pkgs/development/libraries/libvisual/default.nix b/pkgs/development/libraries/libvisual/default.nix index dc2f0338b483..50a1f5ac3377 100644 --- a/pkgs/development/libraries/libvisual/default.nix +++ b/pkgs/development/libraries/libvisual/default.nix @@ -10,6 +10,8 @@ stdenv.mkDerivation rec { buildInputs = [ pkgconfig glib ]; + hardeningDisable = [ "format" ]; + meta = { description = "An abstraction library for audio visualisations"; homepage = "http://sourceforge.net/projects/libvisual/"; diff --git a/pkgs/development/libraries/libyaml-cpp/default.nix b/pkgs/development/libraries/libyaml-cpp/default.nix index ef806bce1232..21442cd16242 100644 --- a/pkgs/development/libraries/libyaml-cpp/default.nix +++ b/pkgs/development/libraries/libyaml-cpp/default.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchFromGitHub, cmake, boost, makePIC ? false }: +{ stdenv, fetchFromGitHub, cmake, boost }: stdenv.mkDerivation rec { name = "libyaml-cpp-${version}"; @@ -13,8 +13,6 @@ stdenv.mkDerivation rec { buildInputs = [ cmake boost ]; - cmakeFlags = stdenv.lib.optionals makePIC [ "-DCMAKE_C_FLAGS=-fPIC" "-DCMAKE_CXX_FLAGS=-fPIC" ]; - meta = with stdenv.lib; { inherit (src.meta) homepage; description = "A YAML parser and emitter for C++"; diff --git a/pkgs/development/libraries/loadcaffe/default.nix b/pkgs/development/libraries/loadcaffe/default.nix new file mode 100644 index 000000000000..f0904726eedf --- /dev/null +++ b/pkgs/development/libraries/loadcaffe/default.nix @@ -0,0 +1,19 @@ +{stdenv, fetchFromGitHub, cmake, torch, protobuf, protobufc}: +stdenv.mkDerivation rec { + name = "loadcaffe-${version}"; + version = "0.0pre2016.08.01"; + buildInputs = [cmake torch protobuf protobufc]; + src = fetchFromGitHub { + owner = "szagoruyko"; + repo = "loadcaffe"; + rev = "9be65cf6fa08e9333eae3553f68a8082debe9978"; + sha256 = "0b22hvd9nvjsan2h93nl6y34kkkbs36d0k1zr3csjfb5l13xz0lh"; + }; + meta = { + inherit version; + description = ''Torch7 loader for Caffe networks''; + license = stdenv.lib.licenses.bsd2 ; + maintainers = [stdenv.lib.maintainers.raskin]; + platforms = stdenv.lib.platforms.linux; + }; +} diff --git a/pkgs/development/libraries/mesa/default.nix b/pkgs/development/libraries/mesa/default.nix index 4ed47f46a321..8f037d239d04 100644 --- a/pkgs/development/libraries/mesa/default.nix +++ b/pkgs/development/libraries/mesa/default.nix @@ -1,13 +1,12 @@ -{ stdenv, fetchurl, fetchpatch, pkgconfig, intltool, autoreconfHook, substituteAll -, file, expat, libdrm, xorg, wayland, libudev, llvmPackages, libffi, libomxil-bellagio -, libvdpau, libelf, libva -, grsecEnabled +{ stdenv, fetchurl, fetchpatch +, pkgconfig, intltool, autoreconfHook, substituteAll +, file, expat, libdrm, xorg, wayland, libudev +, llvmPackages, libffi, libomxil-bellagio, libva +, libelf, libvdpau, python +, grsecEnabled ? false , enableTextureFloats ? false # Texture floats are patented, see docs/patents.txt }: -if ! stdenv.lib.lists.elem stdenv.system stdenv.lib.platforms.mesaPlatforms then - throw "unsupported platform for Mesa" -else /** Packaging design: - The basic mesa ($out) contains headers and libraries (GLU is in mesa_glu now). @@ -20,11 +19,15 @@ else - libOSMesa is in $osmesa (~4 MB) */ -with { inherit (stdenv.lib) optional optionalString; }; +with stdenv.lib; + +if ! lists.elem stdenv.system platforms.mesaPlatforms then + throw "unsupported platform for Mesa" +else let - version = "11.2.2"; - # this is the default search path for DRI drivers + version = "12.0.1"; + branch = head (splitString "." version); driverLink = "/run/opengl-driver" + optionalString stdenv.isi686 "-32"; in @@ -34,20 +37,20 @@ stdenv.mkDerivation { src = fetchurl { urls = [ "ftp://ftp.freedesktop.org/pub/mesa/${version}/mesa-${version}.tar.xz" - (with stdenv.lib; ''ftp://ftp.freedesktop.org/pub/mesa/older-versions/'' - + head (splitString "." version) + ''.x/${version}/mesa-${version}.tar.xz'') + "ftp://ftp.freedesktop.org/pub/mesa/older-versions/${branch}.x/${version}/mesa-${version}.tar.xz" "https://launchpad.net/mesa/trunk/${version}/+download/mesa-${version}.tar.xz" ]; - sha256 = "40e148812388ec7c6d7b6657d5a16e2e8dabba8b97ddfceea5197947647bdfb4"; + sha256 = "12b3i59xdn2in2hchrkgh4fwij8zhznibx976l3pdj3qkyvlzcms"; }; prePatch = "patchShebangs ."; + # TODO: + # revive ./dricore-gallium.patch when it gets ported (from Ubuntu), as it saved + # ~35 MB in $drivers; watch https://launchpad.net/ubuntu/+source/mesa/+changelog patches = [ ./glx_ro_text_segm.patch # fix for grsecurity/PaX ./symlink-drivers.patch - # TODO: revive ./dricore-gallium.patch when it gets ported (from Ubuntu), - # as it saved ~35 MB in $drivers; watch https://launchpad.net/ubuntu/+source/mesa/+changelog ] ++ optional stdenv.isLinux (substituteAll { src = ./dlopen-absolute-paths.diff; @@ -61,61 +64,59 @@ stdenv.mkDerivation { outputs = [ "dev" "out" "drivers" "osmesa" ]; + # TODO: Figure out how to enable opencl without having a runtime dependency on clang configureFlags = [ "--sysconfdir=/etc" "--localstatedir=/var" "--with-dri-driverdir=$(drivers)/lib/dri" "--with-dri-searchpath=${driverLink}/lib/dri" - + "--with-egl-platforms=x11,wayland,drm" + (optionalString (stdenv.system != "armv7l-linux") + "--with-gallium-drivers=svga,i915,ilo,r300,r600,radeonsi,nouveau,freedreno,swrast") + (optionalString (stdenv.system != "armv7l-linux") + "--with-dri-drivers=i915,i965,nouveau,radeon,r200,swrast") + + (enableFeature enableTextureFloats "texture-float") + (enableFeature grsecEnabled "glx-rts") + (enableFeature stdenv.isLinux "dri3") + (enableFeature stdenv.isLinux "nine") # Direct3D in Wine + "--enable-dri" + "--enable-driglx-direct" "--enable-gles1" "--enable-gles2" - "--enable-dri" - ] ++ optional stdenv.isLinux "--enable-dri3" - ++ [ "--enable-glx" + "--enable-glx-tls" "--enable-gallium-osmesa" # used by wine + "--enable-gallium-llvm" "--enable-egl" "--enable-xa" # used in vmware driver "--enable-gbm" - ] ++ optional stdenv.isLinux "--enable-nine" # Direct3D in Wine - ++ [ "--enable-xvmc" "--enable-vdpau" - #"--enable-omx" - #"--enable-va" - - # TODO: Figure out how to enable opencl without having a runtime dependency on clang - "--disable-opencl" - - (if "armv7l-linux" == stdenv.system - then null - else "--with-gallium-drivers=svga,i915,ilo,r300,r600,radeonsi,nouveau,freedreno,swrast") "--enable-shared-glapi" "--enable-sysfs" - "--enable-driglx-direct" # seems enabled anyway - "--enable-glx-tls" - (if "armv7l-linux" == stdenv.system - then "--with-dri-drivers=" - else "--with-dri-drivers=i915,i965,nouveau,radeon,r200,swrast") - "--with-egl-platforms=x11,wayland,drm" - - "--enable-gallium-llvm" "--enable-llvm-shared-libs" - ] ++ optional enableTextureFloats "--enable-texture-float" - ++ optional grsecEnabled "--enable-glx-rts"; # slight performance degradation, enable only for grsec + "--enable-omx" + "--enable-va" + "--disable-opencl" + ]; nativeBuildInputs = [ pkgconfig file ]; - propagatedBuildInputs = with xorg; [ libXdamage libXxf86vm ] + propagatedBuildInputs = with xorg; + [ libXdamage libXxf86vm ] ++ optional stdenv.isLinux libdrm; buildInputs = with xorg; [ autoreconfHook intltool expat llvmPackages.llvm glproto dri2proto dri3proto presentproto libX11 libXext libxcb libXt libXfixes libxshmfence - libffi wayland libvdpau libelf libXvMC /* libomxil-bellagio libva */ + libffi wayland libvdpau libelf libXvMC + libomxil-bellagio libva libpthreadstubs + (python.withPackages (ps: [ ps.Mako ])) ] ++ optional stdenv.isLinux libudev; + enableParallelBuilding = true; doCheck = false; @@ -124,42 +125,42 @@ stdenv.mkDerivation { "localstatedir=\${TMPDIR}" ]; - # move gallium-related stuff to $drivers, so $out doesn't depend on LLVM; - # also move libOSMesa to $osmesa, as it's relatively big - # ToDo: probably not all .la files are completely fixed, but it shouldn't matter - postInstall = with stdenv.lib; '' - mv -t "$drivers/lib/" \ - $out/lib/libXvMC* \ - $out/lib/d3d \ - $out/lib/vdpau \ - $out/lib/libxatracker* + # TODO: probably not all .la files are completely fixed, but it shouldn't matter; + postInstall = '' + # move gallium-related stuff to $drivers, so $out doesn't depend on LLVM + mv -t "$drivers/lib/" \ + $out/lib/libXvMC* \ + $out/lib/d3d \ + $out/lib/vdpau \ + $out/lib/bellagio \ + $out/lib/libxatracker* \ + + mv $out/lib/dri/* $drivers/lib/dri + # move libOSMesa to $osmesa, as it's relatively big mkdir -p {$osmesa,$drivers}/lib/ - mv -t $osmesa/lib/ \ - $out/lib/libOSMesa* + mv -t $osmesa/lib/ $out/lib/libOSMesa* - '' + /* now fix references in .la files */ '' - sed "/^libdir=/s,$out,$osmesa," -i \ - $osmesa/lib/libOSMesa*.la + # now fix references in .la files + sed "/^libdir=/s,$out,$osmesa," -i $osmesa/lib/libOSMesa*.la - '' + /* set the default search path for DRI drivers; used e.g. by X server */ '' + # set the default search path for DRI drivers; used e.g. by X server substituteInPlace "$dev/lib/pkgconfig/dri.pc" --replace '$(drivers)' "${driverLink}" ''; - #ToDo: @vcunat isn't sure if drirc will be found when in $out/etc/, but it doesn't seem important ATM */ - postFixup = + # TODO: + # @vcunat isn't sure if drirc will be found when in $out/etc/; + # check $out doesn't depend on llvm: builder failures are ignored + # for some reason grep -qv '${llvmPackages.llvm}' -R "$out"; + postFixup = '' # add RPATH so the drivers can find the moved libgallium and libdricore9 # moved here to avoid problems with stripping patchelfed files - '' for lib in $drivers/lib/*.so* $drivers/lib/*/*.so*; do if [[ ! -L "$lib" ]]; then patchelf --set-rpath "$(patchelf --print-rpath $lib):$drivers/lib" "$lib" fi done ''; - # ToDo + /* check $out doesn't depend on llvm */ '' - # builder failures are ignored for some reason - # grep -qv '${llvmPackages.llvm}' -R "$out" passthru = { inherit libdrm version driverLink; }; diff --git a/pkgs/development/libraries/motif/default.nix b/pkgs/development/libraries/motif/default.nix index 08b59deff59d..1f86af0a2e86 100644 --- a/pkgs/development/libraries/motif/default.nix +++ b/pkgs/development/libraries/motif/default.nix @@ -26,6 +26,8 @@ stdenv.mkDerivation rec { propagatedBuildInputs = [ libXp libXau ]; + hardeningDisable = [ "format" ]; + makeFlags = [ "CFLAGS=-fno-strict-aliasing" ]; prePatch = ''rm lib/Xm/Xm.h''; diff --git a/pkgs/development/libraries/mp4v2/default.nix b/pkgs/development/libraries/mp4v2/default.nix index 06e8c8e5ac35..ab3c3ed8c5a7 100644 --- a/pkgs/development/libraries/mp4v2/default.nix +++ b/pkgs/development/libraries/mp4v2/default.nix @@ -17,6 +17,8 @@ stdenv.mkDerivation rec { # `faac' expects `mp4.h'. postInstall = "ln -s mp4v2/mp4v2.h $out/include/mp4.h"; + hardeningDisable = [ "format" ]; + meta = { homepage = http://code.google.com/p/mp4v2; maintainers = [ stdenv.lib.maintainers.urkud ]; diff --git a/pkgs/development/libraries/mpfr/default.nix b/pkgs/development/libraries/mpfr/default.nix index 8a964af01c80..882e0ec4faaf 100644 --- a/pkgs/development/libraries/mpfr/default.nix +++ b/pkgs/development/libraries/mpfr/default.nix @@ -15,6 +15,9 @@ stdenv.mkDerivation rec { # mpfr.h requires gmp.h propagatedBuildInputs = [ gmp ]; + # FIXME needs gcc 4.9 in bootstrap tools + hardeningDisable = [ "stackprotector" ]; + configureFlags = stdenv.lib.optional stdenv.isSunOS "--disable-thread-safe" ++ stdenv.lib.optional stdenv.is64bit "--with-pic"; diff --git a/pkgs/development/libraries/nvidia-texture-tools/default.nix b/pkgs/development/libraries/nvidia-texture-tools/default.nix index 754ab4233e58..f35d363e5755 100644 --- a/pkgs/development/libraries/nvidia-texture-tools/default.nix +++ b/pkgs/development/libraries/nvidia-texture-tools/default.nix @@ -15,6 +15,8 @@ stdenv.mkDerivation rec { buildInputs = [ cmake libpng ilmbase libtiff zlib libjpeg mesa libX11 ]; + hardeningDisable = [ "format" ]; + patchPhase = '' # Fix build due to missing dependnecies. echo 'target_link_libraries(bc7 nvmath)' >> src/nvtt/bc7/CMakeLists.txt diff --git a/pkgs/development/libraries/opencascade/6.5.nix b/pkgs/development/libraries/opencascade/6.5.nix index 904137c4d8cc..252a6bb0ad16 100644 --- a/pkgs/development/libraries/opencascade/6.5.nix +++ b/pkgs/development/libraries/opencascade/6.5.nix @@ -26,6 +26,8 @@ stdenv.mkDerivation rec { # https://bugs.freedesktop.org/show_bug.cgi?id=83631 + " -DGLX_GLXEXT_LEGACY"; + hardeningDisable = [ "format" ]; + configureFlags = [ "--with-tcl=${tcl}/lib" "--with-tk=${tk}/lib" "--with-qt=${qt4}" "--with-ftgl=${ftgl}" "--with-freetype=${freetype.dev}" ]; postInstall = '' diff --git a/pkgs/development/libraries/opencascade/default.nix b/pkgs/development/libraries/opencascade/default.nix index 536281d53725..8a7f9970e657 100644 --- a/pkgs/development/libraries/opencascade/default.nix +++ b/pkgs/development/libraries/opencascade/default.nix @@ -17,6 +17,8 @@ stdenv.mkDerivation rec { # https://bugs.freedesktop.org/show_bug.cgi?id=83631 NIX_CFLAGS_COMPILE = "-DGLX_GLXEXT_LEGACY"; + hardeningDisable = [ "format" ]; + postInstall = '' mv $out/inc $out/include mkdir -p $out/share/doc/${name} diff --git a/pkgs/development/libraries/opencascade/oce.nix b/pkgs/development/libraries/opencascade/oce.nix index 4988ee6ef240..58f9019d6e03 100644 --- a/pkgs/development/libraries/opencascade/oce.nix +++ b/pkgs/development/libraries/opencascade/oce.nix @@ -2,10 +2,10 @@ ftgl, freetype}: stdenv.mkDerivation rec { - name = "opencascade-oce-0.16"; + name = "opencascade-oce-0.17.2"; src = fetchurl { - url = https://github.com/tpaviot/oce/archive/OCE-0.16.tar.gz; - sha256 = "05bmg1cjz827bpq8s0hp96byirm4c3zc9vx26qz76kjsg8ry87w4"; + url = https://github.com/tpaviot/oce/archive/OCE-0.17.2.tar.gz; + sha256 = "0vpmnb0k5y2f7lpmwx9pg9yfq24zjvnsak5alzacncfm1hv9b6cd"; }; buildInputs = [ mesa tcl tk file libXmu libtool qt4 ftgl freetype cmake ]; diff --git a/pkgs/development/libraries/opencv/3.x.nix b/pkgs/development/libraries/opencv/3.x.nix index 187b6df39b2c..9ca59c9c73af 100644 --- a/pkgs/development/libraries/opencv/3.x.nix +++ b/pkgs/development/libraries/opencv/3.x.nix @@ -94,6 +94,8 @@ stdenv.mkDerivation rec { enableParallelBuilding = true; + hardeningDisable = [ "bindnow" "relro" ]; + passthru = lib.optionalAttrs enablePython { pythonPath = []; }; meta = { diff --git a/pkgs/development/libraries/opencv/default.nix b/pkgs/development/libraries/opencv/default.nix index 70ea306ae808..f792e17890cb 100644 --- a/pkgs/development/libraries/opencv/default.nix +++ b/pkgs/development/libraries/opencv/default.nix @@ -58,6 +58,8 @@ stdenv.mkDerivation rec { enableParallelBuilding = true; + hardeningDisable = [ "bindnow" "relro" ]; + passthru = lib.optionalAttrs enablePython { pythonPath = []; }; meta = { diff --git a/pkgs/development/libraries/openssl/1.0.1-CVE-2016-2177.diff b/pkgs/development/libraries/openssl/1.0.1-CVE-2016-2177.diff new file mode 100644 index 000000000000..f8a4b7c22573 --- /dev/null +++ b/pkgs/development/libraries/openssl/1.0.1-CVE-2016-2177.diff @@ -0,0 +1,256 @@ +From 6f35f6deb5ca7daebe289f86477e061ce3ee5f46 Mon Sep 17 00:00:00 2001 +From: Matt Caswell <matt@openssl.org> +Date: Thu, 5 May 2016 11:10:26 +0100 +Subject: [PATCH] Avoid some undefined pointer arithmetic + +A common idiom in the codebase is: + +if (p + len > limit) +{ + return; /* Too long */ +} + +Where "p" points to some malloc'd data of SIZE bytes and +limit == p + SIZE + +"len" here could be from some externally supplied data (e.g. from a TLS +message). + +The rules of C pointer arithmetic are such that "p + len" is only well +defined where len <= SIZE. Therefore the above idiom is actually +undefined behaviour. + +For example this could cause problems if some malloc implementation +provides an address for "p" such that "p + len" actually overflows for +values of len that are too big and therefore p + len < limit! + +Issue reported by Guido Vranken. + +CVE-2016-2177 + +Reviewed-by: Rich Salz <rsalz@openssl.org> +--- + ssl/s3_srvr.c | 14 +++++++------- + ssl/ssl_sess.c | 2 +- + ssl/t1_lib.c | 48 ++++++++++++++++++++++++++---------------------- + 3 files changed, 34 insertions(+), 30 deletions(-) + +diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c +index 04cf93a..6c74caa 100644 +--- a/ssl/s3_srvr.c ++++ b/ssl/s3_srvr.c +@@ -1040,7 +1040,7 @@ int ssl3_get_client_hello(SSL *s) + + session_length = *(p + SSL3_RANDOM_SIZE); + +- if (p + SSL3_RANDOM_SIZE + session_length + 1 >= d + n) { ++ if (SSL3_RANDOM_SIZE + session_length + 1 >= (d + n) - p) { + al = SSL_AD_DECODE_ERROR; + SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT); + goto f_err; +@@ -1058,7 +1058,7 @@ int ssl3_get_client_hello(SSL *s) + /* get the session-id */ + j = *(p++); + +- if (p + j > d + n) { ++ if ((d + n) - p < j) { + al = SSL_AD_DECODE_ERROR; + SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT); + goto f_err; +@@ -1114,14 +1114,14 @@ int ssl3_get_client_hello(SSL *s) + + if (s->version == DTLS1_VERSION || s->version == DTLS1_BAD_VER) { + /* cookie stuff */ +- if (p + 1 > d + n) { ++ if ((d + n) - p < 1) { + al = SSL_AD_DECODE_ERROR; + SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT); + goto f_err; + } + cookie_len = *(p++); + +- if (p + cookie_len > d + n) { ++ if ((d + n ) - p < cookie_len) { + al = SSL_AD_DECODE_ERROR; + SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT); + goto f_err; +@@ -1166,7 +1166,7 @@ int ssl3_get_client_hello(SSL *s) + p += cookie_len; + } + +- if (p + 2 > d + n) { ++ if ((d + n ) - p < 2) { + al = SSL_AD_DECODE_ERROR; + SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT); + goto f_err; +@@ -1180,7 +1180,7 @@ int ssl3_get_client_hello(SSL *s) + } + + /* i bytes of cipher data + 1 byte for compression length later */ +- if ((p + i + 1) > (d + n)) { ++ if ((d + n) - p < i + 1) { + /* not enough data */ + al = SSL_AD_DECODE_ERROR; + SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_MISMATCH); +@@ -1246,7 +1246,7 @@ int ssl3_get_client_hello(SSL *s) + + /* compression */ + i = *(p++); +- if ((p + i) > (d + n)) { ++ if ((d + n) - p < i) { + /* not enough data */ + al = SSL_AD_DECODE_ERROR; + SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_MISMATCH); +diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c +index 48fc451..a97d060 100644 +--- a/ssl/ssl_sess.c ++++ b/ssl/ssl_sess.c +@@ -602,7 +602,7 @@ int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len, + int r; + #endif + +- if (session_id + len > limit) { ++ if (limit - session_id < len) { + fatal = 1; + goto err; + } +diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c +index 0bdb77d..8ed1793 100644 +--- a/ssl/t1_lib.c ++++ b/ssl/t1_lib.c +@@ -942,11 +942,11 @@ static void ssl_check_for_safari(SSL *s, const unsigned char *data, + 0x02, 0x03, /* SHA-1/ECDSA */ + }; + +- if (data >= (limit - 2)) ++ if (limit - data <= 2) + return; + data += 2; + +- if (data > (limit - 4)) ++ if (limit - data < 4) + return; + n2s(data, type); + n2s(data, size); +@@ -954,7 +954,7 @@ static void ssl_check_for_safari(SSL *s, const unsigned char *data, + if (type != TLSEXT_TYPE_server_name) + return; + +- if (data + size > limit) ++ if (limit - data < size) + return; + data += size; + +@@ -962,7 +962,7 @@ static void ssl_check_for_safari(SSL *s, const unsigned char *data, + const size_t len1 = sizeof(kSafariExtensionsBlock); + const size_t len2 = sizeof(kSafariTLS12ExtensionsBlock); + +- if (data + len1 + len2 != limit) ++ if (limit - data != (int)(len1 + len2)) + return; + if (memcmp(data, kSafariExtensionsBlock, len1) != 0) + return; +@@ -971,7 +971,7 @@ static void ssl_check_for_safari(SSL *s, const unsigned char *data, + } else { + const size_t len = sizeof(kSafariExtensionsBlock); + +- if (data + len != limit) ++ if (limit - data != (int)(len)) + return; + if (memcmp(data, kSafariExtensionsBlock, len) != 0) + return; +@@ -1019,19 +1019,19 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, + if (data == limit) + goto ri_check; + +- if (data > (limit - 2)) ++ if (limit - data < 2) + goto err; + + n2s(data, len); + +- if (data + len != limit) ++ if (limit - data != len) + goto err; + +- while (data <= (limit - 4)) { ++ while (limit - data >= 4) { + n2s(data, type); + n2s(data, size); + +- if (data + size > (limit)) ++ if (limit - data < size) + goto err; + # if 0 + fprintf(stderr, "Received extension type %d size %d\n", type, size); +@@ -1460,20 +1460,20 @@ int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, + SSL_TLSEXT_HB_DONT_SEND_REQUESTS); + # endif + +- if (data >= (d + n - 2)) ++ if ((d + n) - data <= 2) + goto ri_check; + + n2s(data, length); +- if (data + length != d + n) { ++ if ((d + n) - data != length) { + *al = SSL_AD_DECODE_ERROR; + return 0; + } + +- while (data <= (d + n - 4)) { ++ while ((d + n) - data >= 4) { + n2s(data, type); + n2s(data, size); + +- if (data + size > (d + n)) ++ if ((d + n) - data < size) + goto ri_check; + + if (s->tlsext_debug_cb) +@@ -2179,29 +2179,33 @@ int tls1_process_ticket(SSL *s, unsigned char *session_id, int len, + /* Skip past DTLS cookie */ + if (s->version == DTLS1_VERSION || s->version == DTLS1_BAD_VER) { + i = *(p++); +- p += i; +- if (p >= limit) ++ ++ if (limit - p <= i) + return -1; ++ ++ p += i; + } + /* Skip past cipher list */ + n2s(p, i); +- p += i; +- if (p >= limit) ++ if (limit - p <= i) + return -1; ++ p += i; ++ + /* Skip past compression algorithm list */ + i = *(p++); +- p += i; +- if (p > limit) ++ if (limit - p < i) + return -1; ++ p += i; ++ + /* Now at start of extensions */ +- if ((p + 2) >= limit) ++ if (limit - p <= 2) + return 0; + n2s(p, i); +- while ((p + 4) <= limit) { ++ while (limit - p >= 4) { + unsigned short type, size; + n2s(p, type); + n2s(p, size); +- if (p + size > limit) ++ if (limit - p < size) + return 0; + if (type == TLSEXT_TYPE_session_ticket) { + int r; +-- +1.9.1 + diff --git a/pkgs/development/libraries/openssl/1.0.2-CVE-2016-2177.diff b/pkgs/development/libraries/openssl/1.0.2-CVE-2016-2177.diff new file mode 100644 index 000000000000..ca934c20a674 --- /dev/null +++ b/pkgs/development/libraries/openssl/1.0.2-CVE-2016-2177.diff @@ -0,0 +1,279 @@ +From a004e72b95835136d3f1ea90517f706c24c03da7 Mon Sep 17 00:00:00 2001 +From: Matt Caswell <matt@openssl.org> +Date: Thu, 5 May 2016 11:10:26 +0100 +Subject: [PATCH] Avoid some undefined pointer arithmetic + +A common idiom in the codebase is: + +if (p + len > limit) +{ + return; /* Too long */ +} + +Where "p" points to some malloc'd data of SIZE bytes and +limit == p + SIZE + +"len" here could be from some externally supplied data (e.g. from a TLS +message). + +The rules of C pointer arithmetic are such that "p + len" is only well +defined where len <= SIZE. Therefore the above idiom is actually +undefined behaviour. + +For example this could cause problems if some malloc implementation +provides an address for "p" such that "p + len" actually overflows for +values of len that are too big and therefore p + len < limit! + +Issue reported by Guido Vranken. + +CVE-2016-2177 + +Reviewed-by: Rich Salz <rsalz@openssl.org> +--- + ssl/s3_srvr.c | 14 +++++++------- + ssl/ssl_sess.c | 2 +- + ssl/t1_lib.c | 56 ++++++++++++++++++++++++++++++-------------------------- + 3 files changed, 38 insertions(+), 34 deletions(-) + +diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c +index ab28702..ab7f690 100644 +--- a/ssl/s3_srvr.c ++++ b/ssl/s3_srvr.c +@@ -980,7 +980,7 @@ int ssl3_get_client_hello(SSL *s) + + session_length = *(p + SSL3_RANDOM_SIZE); + +- if (p + SSL3_RANDOM_SIZE + session_length + 1 >= d + n) { ++ if (SSL3_RANDOM_SIZE + session_length + 1 >= (d + n) - p) { + al = SSL_AD_DECODE_ERROR; + SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT); + goto f_err; +@@ -998,7 +998,7 @@ int ssl3_get_client_hello(SSL *s) + /* get the session-id */ + j = *(p++); + +- if (p + j > d + n) { ++ if ((d + n) - p < j) { + al = SSL_AD_DECODE_ERROR; + SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT); + goto f_err; +@@ -1054,14 +1054,14 @@ int ssl3_get_client_hello(SSL *s) + + if (SSL_IS_DTLS(s)) { + /* cookie stuff */ +- if (p + 1 > d + n) { ++ if ((d + n) - p < 1) { + al = SSL_AD_DECODE_ERROR; + SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT); + goto f_err; + } + cookie_len = *(p++); + +- if (p + cookie_len > d + n) { ++ if ((d + n ) - p < cookie_len) { + al = SSL_AD_DECODE_ERROR; + SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT); + goto f_err; +@@ -1131,7 +1131,7 @@ int ssl3_get_client_hello(SSL *s) + } + } + +- if (p + 2 > d + n) { ++ if ((d + n ) - p < 2) { + al = SSL_AD_DECODE_ERROR; + SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT); + goto f_err; +@@ -1145,7 +1145,7 @@ int ssl3_get_client_hello(SSL *s) + } + + /* i bytes of cipher data + 1 byte for compression length later */ +- if ((p + i + 1) > (d + n)) { ++ if ((d + n) - p < i + 1) { + /* not enough data */ + al = SSL_AD_DECODE_ERROR; + SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_MISMATCH); +@@ -1211,7 +1211,7 @@ int ssl3_get_client_hello(SSL *s) + + /* compression */ + i = *(p++); +- if ((p + i) > (d + n)) { ++ if ((d + n) - p < i) { + /* not enough data */ + al = SSL_AD_DECODE_ERROR; + SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_MISMATCH); +diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c +index b182998..54ee783 100644 +--- a/ssl/ssl_sess.c ++++ b/ssl/ssl_sess.c +@@ -573,7 +573,7 @@ int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len, + int r; + #endif + +- if (session_id + len > limit) { ++ if (limit - session_id < len) { + fatal = 1; + goto err; + } +diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c +index fb64607..cdac011 100644 +--- a/ssl/t1_lib.c ++++ b/ssl/t1_lib.c +@@ -1867,11 +1867,11 @@ static void ssl_check_for_safari(SSL *s, const unsigned char *data, + 0x02, 0x03, /* SHA-1/ECDSA */ + }; + +- if (data >= (limit - 2)) ++ if (limit - data <= 2) + return; + data += 2; + +- if (data > (limit - 4)) ++ if (limit - data < 4) + return; + n2s(data, type); + n2s(data, size); +@@ -1879,7 +1879,7 @@ static void ssl_check_for_safari(SSL *s, const unsigned char *data, + if (type != TLSEXT_TYPE_server_name) + return; + +- if (data + size > limit) ++ if (limit - data < size) + return; + data += size; + +@@ -1887,7 +1887,7 @@ static void ssl_check_for_safari(SSL *s, const unsigned char *data, + const size_t len1 = sizeof(kSafariExtensionsBlock); + const size_t len2 = sizeof(kSafariTLS12ExtensionsBlock); + +- if (data + len1 + len2 != limit) ++ if (limit - data != (int)(len1 + len2)) + return; + if (memcmp(data, kSafariExtensionsBlock, len1) != 0) + return; +@@ -1896,7 +1896,7 @@ static void ssl_check_for_safari(SSL *s, const unsigned char *data, + } else { + const size_t len = sizeof(kSafariExtensionsBlock); + +- if (data + len != limit) ++ if (limit - data != (int)(len)) + return; + if (memcmp(data, kSafariExtensionsBlock, len) != 0) + return; +@@ -2053,19 +2053,19 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p, + if (data == limit) + goto ri_check; + +- if (data > (limit - 2)) ++ if (limit - data < 2) + goto err; + + n2s(data, len); + +- if (data + len != limit) ++ if (limit - data != len) + goto err; + +- while (data <= (limit - 4)) { ++ while (limit - data >= 4) { + n2s(data, type); + n2s(data, size); + +- if (data + size > (limit)) ++ if (limit - data < size) + goto err; + # if 0 + fprintf(stderr, "Received extension type %d size %d\n", type, size); +@@ -2472,18 +2472,18 @@ static int ssl_scan_clienthello_custom_tlsext(SSL *s, + if (s->hit || s->cert->srv_ext.meths_count == 0) + return 1; + +- if (data >= limit - 2) ++ if (limit - data <= 2) + return 1; + n2s(data, len); + +- if (data > limit - len) ++ if (limit - data < len) + return 1; + +- while (data <= limit - 4) { ++ while (limit - data >= 4) { + n2s(data, type); + n2s(data, size); + +- if (data + size > limit) ++ if (limit - data < size) + return 1; + if (custom_ext_parse(s, 1 /* server */ , type, data, size, al) <= 0) + return 0; +@@ -2569,20 +2569,20 @@ static int ssl_scan_serverhello_tlsext(SSL *s, unsigned char **p, + SSL_TLSEXT_HB_DONT_SEND_REQUESTS); + # endif + +- if (data >= (d + n - 2)) ++ if ((d + n) - data <= 2) + goto ri_check; + + n2s(data, length); +- if (data + length != d + n) { ++ if ((d + n) - data != length) { + *al = SSL_AD_DECODE_ERROR; + return 0; + } + +- while (data <= (d + n - 4)) { ++ while ((d + n) - data >= 4) { + n2s(data, type); + n2s(data, size); + +- if (data + size > (d + n)) ++ if ((d + n) - data < size) + goto ri_check; + + if (s->tlsext_debug_cb) +@@ -3307,29 +3307,33 @@ int tls1_process_ticket(SSL *s, unsigned char *session_id, int len, + /* Skip past DTLS cookie */ + if (SSL_IS_DTLS(s)) { + i = *(p++); +- p += i; +- if (p >= limit) ++ ++ if (limit - p <= i) + return -1; ++ ++ p += i; + } + /* Skip past cipher list */ + n2s(p, i); +- p += i; +- if (p >= limit) ++ if (limit - p <= i) + return -1; ++ p += i; ++ + /* Skip past compression algorithm list */ + i = *(p++); +- p += i; +- if (p > limit) ++ if (limit - p < i) + return -1; ++ p += i; ++ + /* Now at start of extensions */ +- if ((p + 2) >= limit) ++ if (limit - p <= 2) + return 0; + n2s(p, i); +- while ((p + 4) <= limit) { ++ while (limit - p >= 4) { + unsigned short type, size; + n2s(p, type); + n2s(p, size); +- if (p + size > limit) ++ if (limit - p < size) + return 0; + if (type == TLSEXT_TYPE_session_ticket) { + int r; +-- +1.9.1 + diff --git a/pkgs/development/libraries/openssl/default.nix b/pkgs/development/libraries/openssl/default.nix index d1796480f527..0c32bf034387 100644 --- a/pkgs/development/libraries/openssl/default.nix +++ b/pkgs/development/libraries/openssl/default.nix @@ -8,7 +8,7 @@ let opensslCrossSystem = stdenv.cross.openssl.system or (throw "openssl needs its platform name cross building"); - common = { version, sha256 }: stdenv.mkDerivation rec { + common = args@{ version, sha256, patches ? [] }: stdenv.mkDerivation rec { name = "openssl-${version}"; src = fetchurl { @@ -17,7 +17,8 @@ let }; patches = - optional (versionOlder version "1.1.0") ./use-etc-ssl-certs.patch + (args.patches or []) + ++ optional (versionOlder version "1.1.0") ./use-etc-ssl-certs.patch ++ optional stdenv.isCygwin ./1.0.1-cygwin64.patch ++ optional (versionOlder version "1.0.2" && (stdenv.isDarwin || (stdenv ? cross && stdenv.cross.libc == "libSystem"))) @@ -107,11 +108,19 @@ in { openssl_1_0_1 = common { version = "1.0.1t"; sha256 = "4a6ee491a2fdb22e519c76fdc2a628bb3cec12762cd456861d207996c8a07088"; + patches = [ + # https://git.openssl.org/?p=openssl.git;a=commit;h=6f35f6deb5ca7daebe289f86477e061ce3ee5f46 + ./1.0.1-CVE-2016-2177.diff + ]; }; openssl_1_0_2 = common { version = "1.0.2h"; sha256 = "1d4007e53aad94a5b2002fe045ee7bb0b3d98f1a47f8b2bc851dcd1c74332919"; + patches = [ + # https://git.openssl.org/?p=openssl.git;a=commit;h=a004e72b95835136d3f1ea90517f706c24c03da7 + ./1.0.2-CVE-2016-2177.diff + ]; }; openssl_1_1_0 = common { diff --git a/pkgs/development/libraries/pdf2xml/default.nix b/pkgs/development/libraries/pdf2xml/default.nix index 52c785becc52..c4cb57f3fa22 100644 --- a/pkgs/development/libraries/pdf2xml/default.nix +++ b/pkgs/development/libraries/pdf2xml/default.nix @@ -2,20 +2,22 @@ stdenv.mkDerivation { name = "pdf2xml"; - + src = fetchurl { url = http://tarballs.nixos.org/pdf2xml.tar.gz; sha256 = "04rl7ppxqgnvxvvws669cxp478lnrdmiqj0g3m4p69bawfjc4z3w"; }; sourceRoot = "pdf2xml/pdf2xml"; - + buildInputs = [libxml2 libxpdf]; patches = [./pdf2xml.patch]; + hardeningDisable = [ "format" ]; + preBuild = '' cp Makefile.linux Makefile - + sed -i 's|/usr/include/libxml2|${libxml2.dev}/include/libxml2|' Makefile sed -i 's|-lxml2|-lxml2 -L${libxml2.out}/lib|' Makefile sed -i 's|XPDF = xpdf_3.01|XPDF = ${libxpdf}/lib|' Makefile @@ -24,7 +26,7 @@ stdenv.mkDerivation { buildFlags+=" CXX=$CXX" ''; - + installPhase = '' mkdir -p $out/bin cp exe/* $out/bin diff --git a/pkgs/development/libraries/plib/default.nix b/pkgs/development/libraries/plib/default.nix index 51e59fda5ac1..4030be2996cc 100644 --- a/pkgs/development/libraries/plib/default.nix +++ b/pkgs/development/libraries/plib/default.nix @@ -1,6 +1,5 @@ { fetchurl, fetchpatch, stdenv, mesa, freeglut, SDL -, libXi, libSM, libXmu, libXext, libX11, -enablePIC ? false }: +, libXi, libSM, libXmu, libXext, libX11 }: stdenv.mkDerivation rec { name = "plib-1.8.5"; @@ -22,8 +21,6 @@ stdenv.mkDerivation rec { }) ]; - NIX_CFLAGS_COMPILE = if enablePIC then "-fPIC" else ""; - propagatedBuildInputs = [ mesa freeglut SDL diff --git a/pkgs/development/libraries/portmidi/default.nix b/pkgs/development/libraries/portmidi/default.nix index 6ca35ab3c570..5318df445170 100644 --- a/pkgs/development/libraries/portmidi/default.nix +++ b/pkgs/development/libraries/portmidi/default.nix @@ -46,6 +46,8 @@ stdenv.mkDerivation rec { buildInputs = [ unzip cmake /*jdk*/ alsaLib ]; + hardeningDisable = [ "format" ]; + meta = { homepage = "http://portmedia.sourceforge.net/portmidi/"; description = "Platform independent library for MIDI I/O"; diff --git a/pkgs/development/libraries/pupnp/default.nix b/pkgs/development/libraries/pupnp/default.nix index 9d47b5575515..2138e1689b39 100644 --- a/pkgs/development/libraries/pupnp/default.nix +++ b/pkgs/development/libraries/pupnp/default.nix @@ -8,6 +8,8 @@ stdenv.mkDerivation rec { sha256 = "0amjv4lypvclmi4vim2qdyw5xa6v4x50zjgf682vahqjc0wjn55k"; }; + hardeningDisable = [ "fortify" ]; + meta = { description = "libupnp, an open source UPnP development kit for Linux"; diff --git a/pkgs/development/libraries/qhull/default.nix b/pkgs/development/libraries/qhull/default.nix index 58d11c04fcca..829765d85499 100644 --- a/pkgs/development/libraries/qhull/default.nix +++ b/pkgs/development/libraries/qhull/default.nix @@ -12,6 +12,8 @@ stdenv.mkDerivation rec { cmakeFlags = "-DMAN_INSTALL_DIR=share/man/man1 -DDOC_INSTALL_DIR=share/doc/qhull"; + hardeningDisable = [ "format" ]; + patchPhase = stdenv.lib.optionalString stdenv.isDarwin '' sed -i 's/namespace std { struct bidirectional_iterator_tag; struct random_access_iterator_tag; }/#include <iterator>/' ./src/libqhullcpp/QhullIterator.h sed -i 's/namespace std { struct bidirectional_iterator_tag; struct random_access_iterator_tag; }/#include <iterator>/' ./src/libqhullcpp/QhullLinkedList.h diff --git a/pkgs/development/libraries/qt-3/default.nix b/pkgs/development/libraries/qt-3/default.nix index 949f3f5b7786..6d92de001cb7 100644 --- a/pkgs/development/libraries/qt-3/default.nix +++ b/pkgs/development/libraries/qt-3/default.nix @@ -32,6 +32,8 @@ stdenv.mkDerivation { nativeBuildInputs = [ which ]; propagatedBuildInputs = [libpng xlibsWrapper libXft libXrender zlib libjpeg]; + hardeningDisable = [ "format" ]; + configureFlags = " -v -system-zlib -system-libpng -system-libjpeg diff --git a/pkgs/development/libraries/qt-5/5.6/default.nix b/pkgs/development/libraries/qt-5/5.6/default.nix index 1f03b138f252..54624fa99b73 100644 --- a/pkgs/development/libraries/qt-5/5.6/default.nix +++ b/pkgs/development/libraries/qt-5/5.6/default.nix @@ -92,7 +92,7 @@ let qtsvg = callPackage ./qtsvg.nix {}; qttools = callPackage ./qttools {}; qttranslations = callPackage ./qttranslations.nix {}; - /* qtwayland = not packaged */ + qtwayland = callPackage ./qtwayland.nix {}; qtwebchannel = callPackage ./qtwebchannel.nix {}; qtwebengine = callPackage ./qtwebengine.nix {}; qtwebkit = callPackage ./qtwebkit {}; @@ -105,8 +105,8 @@ let full = env "qt-${qtbase.version}" [ qtconnectivity qtdeclarative qtdoc qtenginio qtgraphicaleffects qtimageformats qtlocation qtmultimedia qtquickcontrols qtscript - qtsensors qtserialport qtsvg qttools qttranslations qtwebsockets - qtx11extras qtxmlpatterns + qtsensors qtserialport qtsvg qttools qttranslations qtwayland + qtwebsockets qtx11extras qtxmlpatterns ]; makeQtWrapper = makeSetupHook { deps = [ makeWrapper ]; } ./make-qt-wrapper.sh; diff --git a/pkgs/development/libraries/qt-5/5.6/qtbase/cmake-paths.patch b/pkgs/development/libraries/qt-5/5.6/qtbase/cmake-paths.patch index 6a5c73d3e148..ca8a42663754 100644 --- a/pkgs/development/libraries/qt-5/5.6/qtbase/cmake-paths.patch +++ b/pkgs/development/libraries/qt-5/5.6/qtbase/cmake-paths.patch @@ -1,7 +1,7 @@ -Index: qtbase-opensource-src-5.6.0/mkspecs/features/data/cmake/Qt5BasicConfig.cmake.in +Index: qtbase-opensource-src-5.6.1/mkspecs/features/data/cmake/Qt5BasicConfig.cmake.in =================================================================== ---- qtbase-opensource-src-5.6.0.orig/mkspecs/features/data/cmake/Qt5BasicConfig.cmake.in -+++ qtbase-opensource-src-5.6.0/mkspecs/features/data/cmake/Qt5BasicConfig.cmake.in +--- qtbase-opensource-src-5.6.1.orig/mkspecs/features/data/cmake/Qt5BasicConfig.cmake.in ++++ qtbase-opensource-src-5.6.1/mkspecs/features/data/cmake/Qt5BasicConfig.cmake.in @@ -9,30 +9,6 @@ if (CMAKE_VERSION VERSION_LESS 3.0.0) endif() !!ENDIF @@ -173,19 +173,23 @@ Index: qtbase-opensource-src-5.6.0/mkspecs/features/data/cmake/Qt5BasicConfig.cm endif() !!ENDIF // CMAKE_RELEASE_TYPE !!ENDIF // CMAKE_FIND_OTHER_LIBRARY_BUILD -@@ -329,7 +259,7 @@ if (NOT TARGET Qt5::$${CMAKE_MODULE_NAME +@@ -328,11 +258,7 @@ if (NOT TARGET Qt5::$${CMAKE_MODULE_NAME + macro(_populate_$${CMAKE_MODULE_NAME}_plugin_properties Plugin Configuration PLUGIN_LOCATION) set_property(TARGET Qt5::${Plugin} APPEND PROPERTY IMPORTED_CONFIGURATIONS ${Configuration}) - !!IF isEmpty(CMAKE_PLUGIN_DIR_IS_ABSOLUTE) +-!!IF isEmpty(CMAKE_PLUGIN_DIR_IS_ABSOLUTE) - set(imported_location \"${_qt5$${CMAKE_MODULE_NAME}_install_prefix}/$${CMAKE_PLUGIN_DIR}${PLUGIN_LOCATION}\") -+ set(imported_location \"@NIX_OUT@/$${CMAKE_PLUGIN_DIR}${PLUGIN_LOCATION}\") - !!ELSE - set(imported_location \"$${CMAKE_PLUGIN_DIR}${PLUGIN_LOCATION}\") - !!ENDIF -Index: qtbase-opensource-src-5.6.0/src/gui/Qt5GuiConfigExtras.cmake.in +-!!ELSE +- set(imported_location \"$${CMAKE_PLUGIN_DIR}${PLUGIN_LOCATION}\") +-!!ENDIF ++ set(imported_location \"${PLUGIN_LOCATION}\") + _qt5_$${CMAKE_MODULE_NAME}_check_file_exists(${imported_location}) + set_target_properties(Qt5::${Plugin} PROPERTIES + \"IMPORTED_LOCATION_${Configuration}\" ${imported_location} +Index: qtbase-opensource-src-5.6.1/src/gui/Qt5GuiConfigExtras.cmake.in =================================================================== ---- qtbase-opensource-src-5.6.0.orig/src/gui/Qt5GuiConfigExtras.cmake.in -+++ qtbase-opensource-src-5.6.0/src/gui/Qt5GuiConfigExtras.cmake.in +--- qtbase-opensource-src-5.6.1.orig/src/gui/Qt5GuiConfigExtras.cmake.in ++++ qtbase-opensource-src-5.6.1/src/gui/Qt5GuiConfigExtras.cmake.in @@ -2,7 +2,7 @@ !!IF !isEmpty(CMAKE_ANGLE_EGL_DLL_RELEASE) @@ -211,10 +215,10 @@ Index: qtbase-opensource-src-5.6.0/src/gui/Qt5GuiConfigExtras.cmake.in !!ELSE set(imported_implib \"$${CMAKE_LIB_DIR}${IMPLIB_LOCATION}\") !!ENDIF -Index: qtbase-opensource-src-5.6.0/src/widgets/Qt5WidgetsConfigExtras.cmake.in +Index: qtbase-opensource-src-5.6.1/src/widgets/Qt5WidgetsConfigExtras.cmake.in =================================================================== ---- qtbase-opensource-src-5.6.0.orig/src/widgets/Qt5WidgetsConfigExtras.cmake.in -+++ qtbase-opensource-src-5.6.0/src/widgets/Qt5WidgetsConfigExtras.cmake.in +--- qtbase-opensource-src-5.6.1.orig/src/widgets/Qt5WidgetsConfigExtras.cmake.in ++++ qtbase-opensource-src-5.6.1/src/widgets/Qt5WidgetsConfigExtras.cmake.in @@ -3,7 +3,7 @@ if (NOT TARGET Qt5::uic) add_executable(Qt5::uic IMPORTED) @@ -224,10 +228,10 @@ Index: qtbase-opensource-src-5.6.0/src/widgets/Qt5WidgetsConfigExtras.cmake.in !!ELSE set(imported_location \"$${CMAKE_BIN_DIR}uic$$CMAKE_BIN_SUFFIX\") !!ENDIF -Index: qtbase-opensource-src-5.6.0/src/corelib/Qt5CoreConfigExtras.cmake.in +Index: qtbase-opensource-src-5.6.1/src/corelib/Qt5CoreConfigExtras.cmake.in =================================================================== ---- qtbase-opensource-src-5.6.0.orig/src/corelib/Qt5CoreConfigExtras.cmake.in -+++ qtbase-opensource-src-5.6.0/src/corelib/Qt5CoreConfigExtras.cmake.in +--- qtbase-opensource-src-5.6.1.orig/src/corelib/Qt5CoreConfigExtras.cmake.in ++++ qtbase-opensource-src-5.6.1/src/corelib/Qt5CoreConfigExtras.cmake.in @@ -3,7 +3,7 @@ if (NOT TARGET Qt5::qmake) add_executable(Qt5::qmake IMPORTED) @@ -273,10 +277,10 @@ Index: qtbase-opensource-src-5.6.0/src/corelib/Qt5CoreConfigExtras.cmake.in !!ELSE set(imported_location \"$${CMAKE_LIB_DIR}$${CMAKE_WINMAIN_FILE_LOCATION_DEBUG}\") !!ENDIF -Index: qtbase-opensource-src-5.6.0/src/corelib/Qt5CoreConfigExtrasMkspecDirForInstall.cmake.in +Index: qtbase-opensource-src-5.6.1/src/corelib/Qt5CoreConfigExtrasMkspecDirForInstall.cmake.in =================================================================== ---- qtbase-opensource-src-5.6.0.orig/src/corelib/Qt5CoreConfigExtrasMkspecDirForInstall.cmake.in -+++ qtbase-opensource-src-5.6.0/src/corelib/Qt5CoreConfigExtrasMkspecDirForInstall.cmake.in +--- qtbase-opensource-src-5.6.1.orig/src/corelib/Qt5CoreConfigExtrasMkspecDirForInstall.cmake.in ++++ qtbase-opensource-src-5.6.1/src/corelib/Qt5CoreConfigExtrasMkspecDirForInstall.cmake.in @@ -1,6 +1,6 @@ !!IF isEmpty(CMAKE_INSTALL_DATA_DIR_IS_ABSOLUTE) @@ -285,10 +289,10 @@ Index: qtbase-opensource-src-5.6.0/src/corelib/Qt5CoreConfigExtrasMkspecDirForIn !!ELSE set(_qt5_corelib_extra_includes \"$${CMAKE_INSTALL_DATA_DIR}mkspecs/$${CMAKE_MKSPEC}\") !!ENDIF -Index: qtbase-opensource-src-5.6.0/src/corelib/Qt5CoreConfigExtrasMkspecDir.cmake.in +Index: qtbase-opensource-src-5.6.1/src/corelib/Qt5CoreConfigExtrasMkspecDir.cmake.in =================================================================== ---- qtbase-opensource-src-5.6.0.orig/src/corelib/Qt5CoreConfigExtrasMkspecDir.cmake.in -+++ qtbase-opensource-src-5.6.0/src/corelib/Qt5CoreConfigExtrasMkspecDir.cmake.in +--- qtbase-opensource-src-5.6.1.orig/src/corelib/Qt5CoreConfigExtrasMkspecDir.cmake.in ++++ qtbase-opensource-src-5.6.1/src/corelib/Qt5CoreConfigExtrasMkspecDir.cmake.in @@ -1,6 +1,6 @@ !!IF isEmpty(CMAKE_HOST_DATA_DIR_IS_ABSOLUTE) @@ -297,10 +301,10 @@ Index: qtbase-opensource-src-5.6.0/src/corelib/Qt5CoreConfigExtrasMkspecDir.cmak !!ELSE set(_qt5_corelib_extra_includes \"$${CMAKE_HOST_DATA_DIR}mkspecs/$${CMAKE_MKSPEC}\") !!ENDIF -Index: qtbase-opensource-src-5.6.0/src/dbus/Qt5DBusConfigExtras.cmake.in +Index: qtbase-opensource-src-5.6.1/src/dbus/Qt5DBusConfigExtras.cmake.in =================================================================== ---- qtbase-opensource-src-5.6.0.orig/src/dbus/Qt5DBusConfigExtras.cmake.in -+++ qtbase-opensource-src-5.6.0/src/dbus/Qt5DBusConfigExtras.cmake.in +--- qtbase-opensource-src-5.6.1.orig/src/dbus/Qt5DBusConfigExtras.cmake.in ++++ qtbase-opensource-src-5.6.1/src/dbus/Qt5DBusConfigExtras.cmake.in @@ -3,7 +3,7 @@ if (NOT TARGET Qt5::qdbuscpp2xml) add_executable(Qt5::qdbuscpp2xml IMPORTED) @@ -319,3 +323,63 @@ Index: qtbase-opensource-src-5.6.0/src/dbus/Qt5DBusConfigExtras.cmake.in !!ELSE set(imported_location \"$${CMAKE_BIN_DIR}qdbusxml2cpp$$CMAKE_BIN_SUFFIX\") !!ENDIF +Index: qtbase-opensource-src-5.6.1/mkspecs/features/create_cmake.prf +=================================================================== +--- qtbase-opensource-src-5.6.1.orig/mkspecs/features/create_cmake.prf ++++ qtbase-opensource-src-5.6.1/mkspecs/features/create_cmake.prf +@@ -136,28 +136,28 @@ contains(CONFIG, plugin) { + + win32 { + isEmpty(CMAKE_STATIC_TYPE) { +- CMAKE_PLUGIN_LOCATION_RELEASE = $$PLUGIN_TYPE/$${TARGET}.dll +- CMAKE_PLUGIN_LOCATION_DEBUG = $$PLUGIN_TYPE/$${TARGET}d.dll ++ CMAKE_PLUGIN_LOCATION_RELEASE = $${CMAKE_PLUGIN_DIR}$$PLUGIN_TYPE/$${TARGET}.dll ++ CMAKE_PLUGIN_LOCATION_DEBUG = $${CMAKE_PLUGIN_DIR}$$PLUGIN_TYPE/$${TARGET}d.dll + } else:mingw { +- CMAKE_PLUGIN_LOCATION_RELEASE = $$PLUGIN_TYPE/lib$${TARGET}.a +- CMAKE_PLUGIN_LOCATION_DEBUG = $$PLUGIN_TYPE/lib$${TARGET}d.a ++ CMAKE_PLUGIN_LOCATION_RELEASE = $${CMAKE_PLUGIN_DIR}/$$PLUGIN_TYPE/lib$${TARGET}.a ++ CMAKE_PLUGIN_LOCATION_DEBUG = $${CMAKE_PLUGIN_DIR}$$PLUGIN_TYPE/lib$${TARGET}d.a + } else { # MSVC static +- CMAKE_PLUGIN_LOCATION_RELEASE = $$PLUGIN_TYPE/$${TARGET}.lib +- CMAKE_PLUGIN_LOCATION_DEBUG = $$PLUGIN_TYPE/$${TARGET}d.lib ++ CMAKE_PLUGIN_LOCATION_RELEASE = $${CMAKE_PLUGIN_DIR}$$PLUGIN_TYPE/$${TARGET}.lib ++ CMAKE_PLUGIN_LOCATION_DEBUG = $${CMAKE_PLUGIN_DIR}$$PLUGIN_TYPE/$${TARGET}d.lib + } + } else { + mac { + isEmpty(CMAKE_STATIC_TYPE): CMAKE_PlUGIN_EXT = .dylib + else: CMAKE_PlUGIN_EXT = .a + +- CMAKE_PLUGIN_LOCATION_RELEASE = $$PLUGIN_TYPE/lib$${TARGET}$${CMAKE_PlUGIN_EXT} +- CMAKE_PLUGIN_LOCATION_DEBUG = $$PLUGIN_TYPE/lib$${TARGET}$${CMAKE_PlUGIN_EXT} ++ CMAKE_PLUGIN_LOCATION_RELEASE = $${CMAKE_PLUGIN_DIR}$$PLUGIN_TYPE/lib$${TARGET}$${CMAKE_PlUGIN_EXT} ++ CMAKE_PLUGIN_LOCATION_DEBUG = $${CMAKE_PLUGIN_DIR}$$PLUGIN_TYPE/lib$${TARGET}$${CMAKE_PlUGIN_EXT} + } else { + isEmpty(CMAKE_STATIC_TYPE): CMAKE_PlUGIN_EXT = .so + else: CMAKE_PlUGIN_EXT = .a + +- CMAKE_PLUGIN_LOCATION_RELEASE = $$PLUGIN_TYPE/lib$${TARGET}$${CMAKE_PlUGIN_EXT} +- CMAKE_PLUGIN_LOCATION_DEBUG = $$PLUGIN_TYPE/lib$${TARGET}$${CMAKE_PlUGIN_EXT} ++ CMAKE_PLUGIN_LOCATION_RELEASE = $${CMAKE_PLUGIN_DIR}$$PLUGIN_TYPE/lib$${TARGET}$${CMAKE_PlUGIN_EXT} ++ CMAKE_PLUGIN_LOCATION_DEBUG = $${CMAKE_PLUGIN_DIR}$$PLUGIN_TYPE/lib$${TARGET}$${CMAKE_PlUGIN_EXT} + } + } + cmake_target_file.input = $$PWD/data/cmake/Qt5PluginTarget.cmake.in +Index: qtbase-opensource-src-5.6.1/mkspecs/features/data/cmake/Qt5PluginTarget.cmake.in +=================================================================== +--- qtbase-opensource-src-5.6.1.orig/mkspecs/features/data/cmake/Qt5PluginTarget.cmake.in ++++ qtbase-opensource-src-5.6.1/mkspecs/features/data/cmake/Qt5PluginTarget.cmake.in +@@ -2,10 +2,10 @@ + add_library(Qt5::$$CMAKE_PLUGIN_NAME MODULE IMPORTED) + + !!IF !isEmpty(CMAKE_RELEASE_TYPE) +-_populate_$${CMAKE_MODULE_NAME}_plugin_properties($$CMAKE_PLUGIN_NAME RELEASE \"$${CMAKE_PLUGIN_LOCATION_RELEASE}\") ++_populate_$${CMAKE_MODULE_NAME}_plugin_properties($$CMAKE_PLUGIN_NAME RELEASE \"@NIX_OUT@/$${CMAKE_PLUGIN_LOCATION_RELEASE}\") + !!ENDIF + !!IF !isEmpty(CMAKE_DEBUG_TYPE) +-_populate_$${CMAKE_MODULE_NAME}_plugin_properties($$CMAKE_PLUGIN_NAME DEBUG \"$${CMAKE_PLUGIN_LOCATION_DEBUG}\") ++_populate_$${CMAKE_MODULE_NAME}_plugin_properties($$CMAKE_PLUGIN_NAME DEBUG \"@NIX_OUT@/$${CMAKE_PLUGIN_LOCATION_DEBUG}\") + !!ENDIF + + list(APPEND Qt5$${CMAKE_MODULE_NAME}_PLUGINS Qt5::$$CMAKE_PLUGIN_NAME) diff --git a/pkgs/development/libraries/qt-5/5.6/qtbase/dlopen-dbus.patch b/pkgs/development/libraries/qt-5/5.6/qtbase/dlopen-dbus.patch index 9118507e9388..2bc526a72bd7 100644 --- a/pkgs/development/libraries/qt-5/5.6/qtbase/dlopen-dbus.patch +++ b/pkgs/development/libraries/qt-5/5.6/qtbase/dlopen-dbus.patch @@ -1,8 +1,8 @@ -Index: qtbase-opensource-src-5.5.1/src/dbus/qdbus_symbols.cpp +Index: qtbase-opensource-src-5.6.1/src/dbus/qdbus_symbols.cpp =================================================================== ---- qtbase-opensource-src-5.5.1.orig/src/dbus/qdbus_symbols.cpp -+++ qtbase-opensource-src-5.5.1/src/dbus/qdbus_symbols.cpp -@@ -89,7 +89,7 @@ bool qdbus_loadLibDBus() +--- qtbase-opensource-src-5.6.1.orig/src/dbus/qdbus_symbols.cpp ++++ qtbase-opensource-src-5.6.1/src/dbus/qdbus_symbols.cpp +@@ -90,7 +90,7 @@ bool qdbus_loadLibDBus() #ifdef Q_OS_WIN QLatin1String("dbus-1"), #endif diff --git a/pkgs/development/libraries/qt-5/5.6/qtbase/dlopen-resolv.patch b/pkgs/development/libraries/qt-5/5.6/qtbase/dlopen-resolv.patch index 5c285188ce40..a0b546aaa3af 100644 --- a/pkgs/development/libraries/qt-5/5.6/qtbase/dlopen-resolv.patch +++ b/pkgs/development/libraries/qt-5/5.6/qtbase/dlopen-resolv.patch @@ -1,26 +1,26 @@ -Index: qtbase-opensource-src-5.6.0/src/network/kernel/qdnslookup_unix.cpp +Index: qtbase-opensource-src-5.6.1/src/network/kernel/qdnslookup_unix.cpp =================================================================== ---- qtbase-opensource-src-5.6.0.orig/src/network/kernel/qdnslookup_unix.cpp -+++ qtbase-opensource-src-5.6.0/src/network/kernel/qdnslookup_unix.cpp -@@ -79,7 +79,7 @@ static void resolveLibrary() +--- qtbase-opensource-src-5.6.1.orig/src/network/kernel/qdnslookup_unix.cpp ++++ qtbase-opensource-src-5.6.1/src/network/kernel/qdnslookup_unix.cpp +@@ -78,7 +78,7 @@ static bool resolveLibraryInternal() if (!lib.load()) #endif { - lib.setFileName(QLatin1String("resolv")); + lib.setFileName(QLatin1String("@glibc@/lib/resolv")); if (!lib.load()) - return; + return false; } -Index: qtbase-opensource-src-5.6.0/src/network/kernel/qhostinfo_unix.cpp +Index: qtbase-opensource-src-5.6.1/src/network/kernel/qhostinfo_unix.cpp =================================================================== ---- qtbase-opensource-src-5.6.0.orig/src/network/kernel/qhostinfo_unix.cpp -+++ qtbase-opensource-src-5.6.0/src/network/kernel/qhostinfo_unix.cpp -@@ -95,7 +95,7 @@ static void resolveLibrary() +--- qtbase-opensource-src-5.6.1.orig/src/network/kernel/qhostinfo_unix.cpp ++++ qtbase-opensource-src-5.6.1/src/network/kernel/qhostinfo_unix.cpp +@@ -94,7 +94,7 @@ static bool resolveLibraryInternal() if (!lib.load()) #endif { - lib.setFileName(QLatin1String("resolv")); + lib.setFileName(QLatin1String("@glibc@/lib/libresolv")); if (!lib.load()) - return; + return false; } diff --git a/pkgs/development/libraries/qt-5/5.6/qtwayland.nix b/pkgs/development/libraries/qt-5/5.6/qtwayland.nix new file mode 100644 index 000000000000..6d887f7c650b --- /dev/null +++ b/pkgs/development/libraries/qt-5/5.6/qtwayland.nix @@ -0,0 +1,8 @@ +{ qtSubmodule, qtbase, qtquickcontrols, wayland, pkgconfig }: + +qtSubmodule { + name = "qtwayland"; + qtInputs = [ qtbase qtquickcontrols ]; + buildInputs = [ wayland ]; + nativeBuildInputs = [ pkgconfig ]; +} diff --git a/pkgs/development/libraries/qt-5/5.7/default.nix b/pkgs/development/libraries/qt-5/5.7/default.nix index aa2cbb921698..286ef0887c7a 100644 --- a/pkgs/development/libraries/qt-5/5.7/default.nix +++ b/pkgs/development/libraries/qt-5/5.7/default.nix @@ -88,6 +88,7 @@ let qtsvg = callPackage ./qtsvg.nix {}; qttools = callPackage ./qttools {}; qttranslations = callPackage ./qttranslations.nix {}; + qtwayland = callPackage ./qtwayland.nix {}; qtwebchannel = callPackage ./qtwebchannel.nix {}; qtwebengine = callPackage ./qtwebengine.nix {}; qtwebkit = callPackage ./qtwebkit {}; @@ -99,8 +100,8 @@ let full = env "qt-${qtbase.version}" [ qtconnectivity qtdeclarative qtdoc qtgraphicaleffects qtimageformats qtlocation qtmultimedia qtquickcontrols qtscript - qtsensors qtserialport qtsvg qttools qttranslations qtwebsockets - qtx11extras qtxmlpatterns + qtsensors qtserialport qtsvg qttools qttranslations qtwayland + qtwebsockets qtx11extras qtxmlpatterns ]; makeQtWrapper = diff --git a/pkgs/development/libraries/qt-5/5.7/qtbase/cmake-paths.patch b/pkgs/development/libraries/qt-5/5.7/qtbase/cmake-paths.patch index 6e2de0b3022a..0d5c2d510929 100644 --- a/pkgs/development/libraries/qt-5/5.7/qtbase/cmake-paths.patch +++ b/pkgs/development/libraries/qt-5/5.7/qtbase/cmake-paths.patch @@ -173,15 +173,19 @@ Index: qtbase-opensource-src-5.7.0/mkspecs/features/data/cmake/Qt5BasicConfig.cm endif() !!ENDIF // CMAKE_RELEASE_TYPE !!ENDIF // CMAKE_FIND_OTHER_LIBRARY_BUILD -@@ -329,7 +259,7 @@ if (NOT TARGET Qt5::$${CMAKE_MODULE_NAME +@@ -328,11 +258,7 @@ if (NOT TARGET Qt5::$${CMAKE_MODULE_NAME + macro(_populate_$${CMAKE_MODULE_NAME}_plugin_properties Plugin Configuration PLUGIN_LOCATION) set_property(TARGET Qt5::${Plugin} APPEND PROPERTY IMPORTED_CONFIGURATIONS ${Configuration}) - !!IF isEmpty(CMAKE_PLUGIN_DIR_IS_ABSOLUTE) +-!!IF isEmpty(CMAKE_PLUGIN_DIR_IS_ABSOLUTE) - set(imported_location \"${_qt5$${CMAKE_MODULE_NAME}_install_prefix}/$${CMAKE_PLUGIN_DIR}${PLUGIN_LOCATION}\") -+ set(imported_location \"@NIX_OUT@/$${CMAKE_PLUGIN_DIR}${PLUGIN_LOCATION}\") - !!ELSE - set(imported_location \"$${CMAKE_PLUGIN_DIR}${PLUGIN_LOCATION}\") - !!ENDIF +-!!ELSE +- set(imported_location \"$${CMAKE_PLUGIN_DIR}${PLUGIN_LOCATION}\") +-!!ENDIF ++ set(imported_location \"${PLUGIN_LOCATION}\") + _qt5_$${CMAKE_MODULE_NAME}_check_file_exists(${imported_location}) + set_target_properties(Qt5::${Plugin} PROPERTIES + \"IMPORTED_LOCATION_${Configuration}\" ${imported_location} Index: qtbase-opensource-src-5.7.0/src/gui/Qt5GuiConfigExtras.cmake.in =================================================================== --- qtbase-opensource-src-5.7.0.orig/src/gui/Qt5GuiConfigExtras.cmake.in @@ -319,3 +323,63 @@ Index: qtbase-opensource-src-5.7.0/src/dbus/Qt5DBusConfigExtras.cmake.in !!ELSE set(imported_location \"$${CMAKE_BIN_DIR}qdbusxml2cpp$$CMAKE_BIN_SUFFIX\") !!ENDIF +Index: qtbase-opensource-src-5.7.0/mkspecs/features/create_cmake.prf +=================================================================== +--- qtbase-opensource-src-5.7.0.orig/mkspecs/features/create_cmake.prf ++++ qtbase-opensource-src-5.7.0/mkspecs/features/create_cmake.prf +@@ -136,28 +136,28 @@ contains(CONFIG, plugin) { + + win32 { + isEmpty(CMAKE_STATIC_TYPE) { +- CMAKE_PLUGIN_LOCATION_RELEASE = $$PLUGIN_TYPE/$${TARGET}.dll +- CMAKE_PLUGIN_LOCATION_DEBUG = $$PLUGIN_TYPE/$${TARGET}d.dll ++ CMAKE_PLUGIN_LOCATION_RELEASE = $${CMAKE_PLUGIN_DIR}$$PLUGIN_TYPE/$${TARGET}.dll ++ CMAKE_PLUGIN_LOCATION_DEBUG = $${CMAKE_PLUGIN_DIR}$$PLUGIN_TYPE/$${TARGET}d.dll + } else:mingw { +- CMAKE_PLUGIN_LOCATION_RELEASE = $$PLUGIN_TYPE/lib$${TARGET}.a +- CMAKE_PLUGIN_LOCATION_DEBUG = $$PLUGIN_TYPE/lib$${TARGET}d.a ++ CMAKE_PLUGIN_LOCATION_RELEASE = $${CMAKE_PLUGIN_DIR}/$$PLUGIN_TYPE/lib$${TARGET}.a ++ CMAKE_PLUGIN_LOCATION_DEBUG = $${CMAKE_PLUGIN_DIR}$$PLUGIN_TYPE/lib$${TARGET}d.a + } else { # MSVC static +- CMAKE_PLUGIN_LOCATION_RELEASE = $$PLUGIN_TYPE/$${TARGET}.lib +- CMAKE_PLUGIN_LOCATION_DEBUG = $$PLUGIN_TYPE/$${TARGET}d.lib ++ CMAKE_PLUGIN_LOCATION_RELEASE = $${CMAKE_PLUGIN_DIR}$$PLUGIN_TYPE/$${TARGET}.lib ++ CMAKE_PLUGIN_LOCATION_DEBUG = $${CMAKE_PLUGIN_DIR}$$PLUGIN_TYPE/$${TARGET}d.lib + } + } else { + mac { + isEmpty(CMAKE_STATIC_TYPE): CMAKE_PlUGIN_EXT = .dylib + else: CMAKE_PlUGIN_EXT = .a + +- CMAKE_PLUGIN_LOCATION_RELEASE = $$PLUGIN_TYPE/lib$${TARGET}$${CMAKE_PlUGIN_EXT} +- CMAKE_PLUGIN_LOCATION_DEBUG = $$PLUGIN_TYPE/lib$${TARGET}$${CMAKE_PlUGIN_EXT} ++ CMAKE_PLUGIN_LOCATION_RELEASE = $${CMAKE_PLUGIN_DIR}$$PLUGIN_TYPE/lib$${TARGET}$${CMAKE_PlUGIN_EXT} ++ CMAKE_PLUGIN_LOCATION_DEBUG = $${CMAKE_PLUGIN_DIR}$$PLUGIN_TYPE/lib$${TARGET}$${CMAKE_PlUGIN_EXT} + } else { + isEmpty(CMAKE_STATIC_TYPE): CMAKE_PlUGIN_EXT = .so + else: CMAKE_PlUGIN_EXT = .a + +- CMAKE_PLUGIN_LOCATION_RELEASE = $$PLUGIN_TYPE/lib$${TARGET}$${CMAKE_PlUGIN_EXT} +- CMAKE_PLUGIN_LOCATION_DEBUG = $$PLUGIN_TYPE/lib$${TARGET}$${CMAKE_PlUGIN_EXT} ++ CMAKE_PLUGIN_LOCATION_RELEASE = $${CMAKE_PLUGIN_DIR}$$PLUGIN_TYPE/lib$${TARGET}$${CMAKE_PlUGIN_EXT} ++ CMAKE_PLUGIN_LOCATION_DEBUG = $${CMAKE_PLUGIN_DIR}$$PLUGIN_TYPE/lib$${TARGET}$${CMAKE_PlUGIN_EXT} + } + } + cmake_target_file.input = $$PWD/data/cmake/Qt5PluginTarget.cmake.in +Index: qtbase-opensource-src-5.7.0/mkspecs/features/data/cmake/Qt5PluginTarget.cmake.in +=================================================================== +--- qtbase-opensource-src-5.7.0.orig/mkspecs/features/data/cmake/Qt5PluginTarget.cmake.in ++++ qtbase-opensource-src-5.7.0/mkspecs/features/data/cmake/Qt5PluginTarget.cmake.in +@@ -2,10 +2,10 @@ + add_library(Qt5::$$CMAKE_PLUGIN_NAME MODULE IMPORTED) + + !!IF !isEmpty(CMAKE_RELEASE_TYPE) +-_populate_$${CMAKE_MODULE_NAME}_plugin_properties($$CMAKE_PLUGIN_NAME RELEASE \"$${CMAKE_PLUGIN_LOCATION_RELEASE}\") ++_populate_$${CMAKE_MODULE_NAME}_plugin_properties($$CMAKE_PLUGIN_NAME RELEASE \"@NIX_OUT@/$${CMAKE_PLUGIN_LOCATION_RELEASE}\") + !!ENDIF + !!IF !isEmpty(CMAKE_DEBUG_TYPE) +-_populate_$${CMAKE_MODULE_NAME}_plugin_properties($$CMAKE_PLUGIN_NAME DEBUG \"$${CMAKE_PLUGIN_LOCATION_DEBUG}\") ++_populate_$${CMAKE_MODULE_NAME}_plugin_properties($$CMAKE_PLUGIN_NAME DEBUG \"@NIX_OUT@/$${CMAKE_PLUGIN_LOCATION_DEBUG}\") + !!ENDIF + + list(APPEND Qt5$${CMAKE_MODULE_NAME}_PLUGINS Qt5::$$CMAKE_PLUGIN_NAME) diff --git a/pkgs/development/libraries/qt-5/5.7/qtwayland.nix b/pkgs/development/libraries/qt-5/5.7/qtwayland.nix new file mode 100644 index 000000000000..6d887f7c650b --- /dev/null +++ b/pkgs/development/libraries/qt-5/5.7/qtwayland.nix @@ -0,0 +1,8 @@ +{ qtSubmodule, qtbase, qtquickcontrols, wayland, pkgconfig }: + +qtSubmodule { + name = "qtwayland"; + qtInputs = [ qtbase qtquickcontrols ]; + buildInputs = [ wayland ]; + nativeBuildInputs = [ pkgconfig ]; +} diff --git a/pkgs/development/libraries/qtscriptgenerator/default.nix b/pkgs/development/libraries/qtscriptgenerator/default.nix index 5b93fbfaade9..3221fec4b4bc 100644 --- a/pkgs/development/libraries/qtscriptgenerator/default.nix +++ b/pkgs/development/libraries/qtscriptgenerator/default.nix @@ -9,13 +9,13 @@ stdenv.mkDerivation { buildInputs = [ qt4 ]; patches = [ ./qtscriptgenerator.gcc-4.4.patch ./qt-4.8.patch ]; - + # Why isn't the author providing proper Makefile or a CMakeLists.txt ? buildPhase = '' # remove phonon stuff which causes errors (thanks to Gentoo bug reports) sed -i "/typesystem_phonon.xml/d" generator/generator.qrc - sed -i "/qtscript_phonon/d" qtbindings/qtbindings.pro - + sed -i "/qtscript_phonon/d" qtbindings/qtbindings.pro + cd generator qmake make @@ -25,13 +25,15 @@ stdenv.mkDerivation { qmake make ''; - + installPhase = '' cd .. mkdir -p $out/lib/qt4/plugins/script cp -av plugins/script/* $out/lib/qt4/plugins/script ''; + hardeningDisable = [ "format" ]; + meta = { description = "QtScript bindings generator"; homepage = http://code.google.com/p/qtscriptgenerator/; diff --git a/pkgs/development/libraries/science/math/atlas/default.nix b/pkgs/development/libraries/science/math/atlas/default.nix index 23f12e7cf762..6ff7e387ec1f 100644 --- a/pkgs/development/libraries/science/math/atlas/default.nix +++ b/pkgs/development/libraries/science/math/atlas/default.nix @@ -66,6 +66,8 @@ stdenv.mkDerivation { patches = optional tolerateCpuTimingInaccuracy ./disable-timing-accuracy-check.patch ++ optional stdenv.isDarwin ./tmpdir.patch; + hardeningDisable = [ "format" ]; + # Configure outside of the source directory. preConfigure = '' mkdir build @@ -73,14 +75,9 @@ stdenv.mkDerivation { configureScript=../configure ''; - # * -fPIC is passed even in non-shared builds so that the ATLAS code can be - # used to inside of shared libraries, like Octave does. - # # * -t 0 disables use of multi-threading. It's not quite clear what the # consequences of that setting are and whether it's necessary or not. configureFlags = [ - "-Fa alg" - "-fPIC" "-t ${threads}" cpuConfig ] ++ optional shared "--shared" diff --git a/pkgs/development/libraries/science/math/suitesparse/default.nix b/pkgs/development/libraries/science/math/suitesparse/default.nix index f81df2a6c022..99f54cebddd1 100644 --- a/pkgs/development/libraries/science/math/suitesparse/default.nix +++ b/pkgs/development/libraries/science/math/suitesparse/default.nix @@ -38,7 +38,7 @@ stdenv.mkDerivation { "LAPACK=" ]; - NIX_CFLAGS = "-fPIC" + stdenv.lib.optionalString stdenv.isDarwin " -DNTIMER"; + NIX_CFLAGS = stdenv.lib.optionalString stdenv.isDarwin " -DNTIMER"; postInstall = '' # Build and install shared library diff --git a/pkgs/development/libraries/smpeg/default.nix b/pkgs/development/libraries/smpeg/default.nix index 388b34d31e19..77a74c4e8446 100644 --- a/pkgs/development/libraries/smpeg/default.nix +++ b/pkgs/development/libraries/smpeg/default.nix @@ -12,6 +12,8 @@ stdenv.mkDerivation rec { enableParallelBuilding = true; + hardeningDisable = [ "format" ]; + buildInputs = [ SDL gtk mesa ]; nativeBuildInputs = [ autoconf automake libtool m4 pkgconfig makeWrapper ]; diff --git a/pkgs/development/libraries/speechd/default.nix b/pkgs/development/libraries/speechd/default.nix index 613fee3c6d63..1a943be0fc20 100644 --- a/pkgs/development/libraries/speechd/default.nix +++ b/pkgs/development/libraries/speechd/default.nix @@ -18,6 +18,8 @@ stdenv.mkDerivation rec { ++ lib.optional withPico svox; nativeBuildInputs = [ pkgconfig python3Packages.wrapPython ]; + hardeningDisable = [ "format" ]; + pythonPath = with python3Packages; [ pyxdg ]; postPatch = lib.optionalString withPico '' diff --git a/pkgs/development/libraries/sqlite/default.nix b/pkgs/development/libraries/sqlite/default.nix index 1e59745b34a2..c834c47ba947 100644 --- a/pkgs/development/libraries/sqlite/default.nix +++ b/pkgs/development/libraries/sqlite/default.nix @@ -3,11 +3,11 @@ assert interactive -> readline != null && ncurses != null; stdenv.mkDerivation { - name = "sqlite-3.13.0"; + name = "sqlite-3.14.1"; src = fetchurl { - url = "http://sqlite.org/2016/sqlite-autoconf-3130000.tar.gz"; - sha256 = "0sq88jbwsk48i41f7m7rkw9xvijq011nsbs7pl49s31inck70yg2"; + url = "http://sqlite.org/2016/sqlite-autoconf-3140100.tar.gz"; + sha256 = "19j73j44akqgc6m82wm98yvnmm3mfzmfqr8mp3n7n080d53q4wdw"; }; outputs = [ "dev" "out" "bin" ]; diff --git a/pkgs/development/libraries/tidyp/default.nix b/pkgs/development/libraries/tidyp/default.nix index fee74f3d6f9e..ba95da77b72c 100644 --- a/pkgs/development/libraries/tidyp/default.nix +++ b/pkgs/development/libraries/tidyp/default.nix @@ -8,6 +8,8 @@ stdenv.mkDerivation rec { sha256 = "0f5ky0ih4vap9c6j312jn73vn8m2bj69pl2yd3a5nmv35k9zmc10"; }; + hardeningDisable = [ "format" ]; + meta = with stdenv.lib; { description = "A program that can validate your HTML, as well as modify it to be more clean and standard"; homepage = http://tidyp.com/; diff --git a/pkgs/development/libraries/torch/default.nix b/pkgs/development/libraries/torch/default.nix index 8700378ae75d..254c210a61ed 100644 --- a/pkgs/development/libraries/torch/default.nix +++ b/pkgs/development/libraries/torch/default.nix @@ -1,18 +1,32 @@ -{stdenv, fetchgit, luajit, openblas, imagemagick, cmake, curl, fftw, gnuplot, - libjpeg_turbo, zeromq3, ncurses, openssl, libpng, qt4, readline, unzip}: +{stdenv, fetchgit, luajit, openblas, imagemagick, cmake, curl, fftw, gnuplot + , libjpeg, zeromq3, ncurses, openssl, libpng, qt4, readline, unzip + , pkgconfig, zlib, libX11, which + }: stdenv.mkDerivation rec{ version = "0.0pre20160820"; name = "torch-${version}"; buildInputs = [ luajit openblas imagemagick cmake curl fftw gnuplot unzip qt4 - libjpeg_turbo zeromq3 ncurses openssl libpng readline + libjpeg zeromq3 ncurses openssl libpng readline pkgconfig + zlib libX11 which ]; src = fetchgit (stdenv.lib.importJSON ./src.json); - configurePhase = '' - ''; buildPhase = '' cd .. export PREFIX=$out + + include= + for i in $NIX_CFLAGS_COMPILE; do + if test -n "$include" && test -d "$i"; then + export CMAKE_INCLUDE_PATH="$CMAKE_INCLUDE_PATH''${CMAKE_INCLUDE_PATH:+:}$i" + fi; + if test "x$i" = "x-isystem"; then + include=1 + else + include= + fi + done + mkdir "$out" sh install.sh -s ''; diff --git a/pkgs/development/libraries/ucommon/default.nix b/pkgs/development/libraries/ucommon/default.nix index 50d8f5e8745b..4d1409324020 100644 --- a/pkgs/development/libraries/ucommon/default.nix +++ b/pkgs/development/libraries/ucommon/default.nix @@ -19,6 +19,12 @@ stdenv.mkDerivation rec { buildInputs = [ pkgconfig ]; + # disable flaky networking test + postPatch = '' + substituteInPlace test/stream.cpp \ + --replace 'ifndef UCOMMON_SYSRUNTIME' 'if 0' + ''; + # ucommon.pc has link time depdendencies on -lssl, -lcrypto, -lz, -lgnutls propagatedBuildInputs = [ openssl zlib gnutls ]; diff --git a/pkgs/development/libraries/vxl/default.nix b/pkgs/development/libraries/vxl/default.nix index 725a0bdfceaf..b9f3c0e64d6c 100644 --- a/pkgs/development/libraries/vxl/default.nix +++ b/pkgs/development/libraries/vxl/default.nix @@ -1,10 +1,12 @@ -{ stdenv, fetchurl, unzip, cmake, libtiff, expat, zlib, libpng, libjpeg }: +{ stdenv, fetchFromGitHub, unzip, cmake, libtiff, expat, zlib, libpng, libjpeg }: stdenv.mkDerivation { - name = "vxl-1.17.0"; + name = "vxl-1.17.0-nix1"; - src = fetchurl { - url = mirror://sourceforge/vxl/vxl-1.17.0.zip; - sha256 = "1qg7i8h201pa8jljg7vph4rlxk6n5cj9f9gd1hkkmbw6fh44lsxh"; + src = fetchFromGitHub { + owner = "vxl"; + repo = "vxl"; + rev = "777c0beb7c8b30117400f6fc9a6d63bf8cb7c67a"; + sha256 = "0xpkwwb93ka6c3da8zjhfg9jk5ssmh9ifdh1by54sz6c7mbp55m8"; }; buildInputs = [ cmake unzip libtiff expat zlib libpng libjpeg ]; @@ -20,8 +22,6 @@ stdenv.mkDerivation { enableParallelBuilding = true; - patches = [ ./gcc5.patch ]; - meta = { description = "C++ Libraries for Computer Vision Research and Implementation"; homepage = http://vxl.sourceforge.net/; diff --git a/pkgs/development/libraries/vxl/gcc5.patch b/pkgs/development/libraries/vxl/gcc5.patch deleted file mode 100644 index 4660f9e8f483..000000000000 --- a/pkgs/development/libraries/vxl/gcc5.patch +++ /dev/null @@ -1,15 +0,0 @@ -https://lists.fedoraproject.org/pipermail/scm-commits/Week-of-Mon-20150216/1511118.html - ---- vxl-git4e07960/vcl/vcl_compiler.h~ 2012-11-02 12:08:21.000000000 +0100 -+++ vxl-git4e07960/vcl/vcl_compiler.h 2015-02-15 13:50:46.376329878 +0100 -@@ -119,6 +119,10 @@ - # else - # define VCL_GCC_40 - # endif -+# elif (__GNUC__== 5) -+// pretend GCC 5 to be GCC 4 -+# define VCL_GCC_4 -+# define VCL_GCC_41 - # else - # error "Dunno about this gcc" - # endif diff --git a/pkgs/development/libraries/wxGTK-2.8/default.nix b/pkgs/development/libraries/wxGTK-2.8/default.nix index e023665f0701..7396b7009552 100644 --- a/pkgs/development/libraries/wxGTK-2.8/default.nix +++ b/pkgs/development/libraries/wxGTK-2.8/default.nix @@ -21,6 +21,8 @@ stdenv.mkDerivation rec { nativeBuildInputs = [ pkgconfig ]; + hardeningDisable = [ "format" ]; + configureFlags = [ "--enable-gtk2" (if compat24 then "--enable-compat24" else "--disable-compat24") diff --git a/pkgs/development/libraries/xmlrpc-c/default.nix b/pkgs/development/libraries/xmlrpc-c/default.nix index 56bcba8297de..0b5f08bdf9b3 100644 --- a/pkgs/development/libraries/xmlrpc-c/default.nix +++ b/pkgs/development/libraries/xmlrpc-c/default.nix @@ -19,6 +19,8 @@ stdenv.mkDerivation rec { (cd tools/xmlrpc && make && make install) ''; + hardeningDisable = [ "format" ]; + meta = with stdenv.lib; { description = "A lightweight RPC library based on XML and HTTP"; homepage = http://xmlrpc-c.sourceforge.net/; diff --git a/pkgs/development/libraries/zlib/default.nix b/pkgs/development/libraries/zlib/default.nix index 2176fa6f31ce..77f576239a97 100644 --- a/pkgs/development/libraries/zlib/default.nix +++ b/pkgs/development/libraries/zlib/default.nix @@ -31,6 +31,9 @@ stdenv.mkDerivation rec { fi ''; + # FIXME needs gcc 4.9 in bootstrap tools + hardeningDisable = [ "stackprotector" ]; + configureFlags = stdenv.lib.optional (!static) "--shared"; postInstall = '' @@ -47,8 +50,7 @@ stdenv.mkDerivation rec { # As zlib takes part in the stdenv building, we don't want references # to the bootstrap-tools libgcc (as uses to happen on arm/mips) - NIX_CFLAGS_COMPILE = stdenv.lib.optionalString (!stdenv.isDarwin) "-static-libgcc " - + stdenv.lib.optionalString (stdenv.isFreeBSD) "-fPIC"; + NIX_CFLAGS_COMPILE = stdenv.lib.optionalString (!stdenv.isDarwin) "-static-libgcc"; crossAttrs = { dontStrip = static; diff --git a/pkgs/development/misc/avr-gcc-with-avr-libc/default.nix b/pkgs/development/misc/avr-gcc-with-avr-libc/default.nix index 87a0d0dda9b7..237c4e4027f1 100644 --- a/pkgs/development/misc/avr-gcc-with-avr-libc/default.nix +++ b/pkgs/development/misc/avr-gcc-with-avr-libc/default.nix @@ -26,6 +26,8 @@ stdenv.mkDerivation { buildInputs = [ gmp mpfr libmpc zlib ]; + hardeningDisable = [ "format" ]; + # Make sure we don't strip the libraries in lib/gcc/avr. stripDebugList= [ "bin" "avr/bin" "libexec" ]; diff --git a/pkgs/development/ocaml-modules/menhir/generic.nix b/pkgs/development/ocaml-modules/menhir/generic.nix index 088c2db061be..c182d2100490 100644 --- a/pkgs/development/ocaml-modules/menhir/generic.nix +++ b/pkgs/development/ocaml-modules/menhir/generic.nix @@ -13,16 +13,14 @@ stdenv.mkDerivation { createFindlibDestdir = true; preBuild = '' - #Fix makefiles. + # fix makefiles. RM=$(type -p rm) CHMOD=$(type -p chmod) - ENV=$(type -p env) - for f in src/Makefile demos/OMakefile* demos/Makefile* demos/ocamldep.wrapper + for f in src/Makefile demos/OMakefile* demos/Makefile* do substituteInPlace $f \ --replace /bin/rm $RM \ - --replace /bin/chmod $CHMOD \ - --replace /usr/bin/env $ENV + --replace /bin/chmod $CHMOD done export PREFIX=$out diff --git a/pkgs/development/pharo/vm/build-vm.nix b/pkgs/development/pharo/vm/build-vm.nix index 3dfe913145ce..8265e1dc776f 100644 --- a/pkgs/development/pharo/vm/build-vm.nix +++ b/pkgs/development/pharo/vm/build-vm.nix @@ -21,6 +21,8 @@ stdenv.mkDerivation rec { mimeType = "application/x-pharo-image"; }; + hardeningDisable = [ "format" ]; + # Building preConfigure = '' cd build/ diff --git a/pkgs/development/python-modules/generic/run_setup.py b/pkgs/development/python-modules/generic/run_setup.py index d980ac7d23d4..e3a530eb0cb6 100644 --- a/pkgs/development/python-modules/generic/run_setup.py +++ b/pkgs/development/python-modules/generic/run_setup.py @@ -1,3 +1,5 @@ +# -*- coding: utf-8 -*- + import setuptools import tokenize diff --git a/pkgs/development/python-modules/generic/wrap.sh b/pkgs/development/python-modules/generic/wrap.sh index ca73a473ed56..f4b63b826403 100644 --- a/pkgs/development/python-modules/generic/wrap.sh +++ b/pkgs/development/python-modules/generic/wrap.sh @@ -8,7 +8,6 @@ wrapPythonPrograms() { # of dependencies. buildPythonPath() { local pythonPath="$1" - local python="@executable@" local path # Create an empty table of python paths (see doc on _addToPythonPath @@ -51,9 +50,9 @@ wrapPythonProgramsIn() { for f in $(find "$dir" -type f -perm -0100); do # Rewrite "#! .../env python" to "#! /nix/store/.../python". # Strip suffix, like "3" or "2.7m" -- we don't have any choice on which - # Python to use besides one in $python anyway. + # Python to use besides one with this hook anyway. if head -n1 "$f" | grep -q '#!.*/env.*\(python\|pypy\)'; then - sed -i "$f" -e "1 s^.*/env[ ]*\(python\|pypy\)[^ ]*^#! $python^" + sed -i "$f" -e "1 s^.*/env[ ]*\(python\|pypy\)[^ ]*^#! @executable@^" fi # catch /python and /.python-wrapped diff --git a/pkgs/development/python-modules/h5py/default.nix b/pkgs/development/python-modules/h5py/default.nix index 37265a88e2c1..e2cb11cedb41 100644 --- a/pkgs/development/python-modules/h5py/default.nix +++ b/pkgs/development/python-modules/h5py/default.nix @@ -12,11 +12,11 @@ let in buildPythonPackage rec { name = "h5py-${version}"; - version = "2.5.0"; + version = "2.6.0"; src = fetchurl { url = "mirror://pypi/h/h5py/${name}.tar.gz"; - sha256 = "9833df8a679e108b561670b245bcf9f3a827b10ccb3a5fa1341523852cfac2f6"; + sha256 = "0df46dg7i7xfking9lp221bfm8dbl974yvlrbi1w7r6m61ac7bxj"; }; configure_flags = "--hdf5=${hdf5}" + optionalString mpiSupport " --mpi"; diff --git a/pkgs/development/python-modules/wxPython/3.0.nix b/pkgs/development/python-modules/wxPython/3.0.nix index 7c225a95f2a6..5f224428fce4 100644 --- a/pkgs/development/python-modules/wxPython/3.0.nix +++ b/pkgs/development/python-modules/wxPython/3.0.nix @@ -23,6 +23,8 @@ buildPythonPackage rec { sha256 = "0qfzx3sqx4mwxv99sfybhsij4b5pc03ricl73h4vhkzazgjjjhfm"; }; + hardeningDisable = [ "format" ]; + propagatedBuildInputs = [ pkgconfig wxGTK (wxGTK.gtk) libX11 ] ++ lib.optional openglSupport pyopengl; preConfigure = "cd wxPython"; diff --git a/pkgs/development/ruby-modules/bundler/default.nix b/pkgs/development/ruby-modules/bundler/default.nix index 50b8725a0af3..c3c544d52689 100644 --- a/pkgs/development/ruby-modules/bundler/default.nix +++ b/pkgs/development/ruby-modules/bundler/default.nix @@ -7,4 +7,8 @@ buildRubyGem rec { version = "1.12.5"; sha256 = "1q84xiwm9j771lpmiply0ls9l2bpvl5axn3jblxjvrldh8di2pkc"; dontPatchShebangs = true; + + postFixup = '' + sed -i -e "s/activate_bin_path/bin_path/g" $out/bin/bundle + ''; } diff --git a/pkgs/development/ruby-modules/gem-config/default.nix b/pkgs/development/ruby-modules/gem-config/default.nix index 95b5033cc9d2..41c837f52f0a 100644 --- a/pkgs/development/ruby-modules/gem-config/default.nix +++ b/pkgs/development/ruby-modules/gem-config/default.nix @@ -29,6 +29,21 @@ let in { + bundler = attrs: + let + templates = "${attrs.ruby.gemPath}/gems/${attrs.gemName}-${attrs.version}/lib/bundler/templates/"; + in { + # patching shebangs would fail on the templates/Executable file, so we + # temporarily remove the executable flag. + preFixup = "chmod -x $out/${templates}/Executable"; + postFixup = '' + chmod +x $out/${templates}/Executable + + # Allows to load another bundler version + sed -i -e "s/activate_bin_path/bin_path/g" $out/bin/bundle + ''; + }; + capybara-webkit = attrs: { buildInputs = [ qt48 ]; }; @@ -177,14 +192,5 @@ in ''; }; - # patching shebangs would fail on the templates/Executable file, so we - # temporarily remove the executable flag. - bundler = attrs: - let - templates = "${attrs.ruby.gemPath}/gems/${attrs.gemName}-${attrs.version}/lib/bundler/templates/"; - in { - preFixup = "chmod -x $out/${templates}/Executable"; - postFixup = "chmod +x $out/${templates}/Executable"; - }; } diff --git a/pkgs/development/tools/analysis/cccc/default.nix b/pkgs/development/tools/analysis/cccc/default.nix index ea7f6d4f5908..374331f3ac87 100644 --- a/pkgs/development/tools/analysis/cccc/default.nix +++ b/pkgs/development/tools/analysis/cccc/default.nix @@ -11,7 +11,11 @@ stdenv.mkDerivation { url = "mirror://sourceforge/${name}/${version}/${name}-${version}.tar.gz"; sha256 = "1gsdzzisrk95kajs3gfxks3bjvfd9g680fin6a9pjrism2lyrcr7"; }; + + hardeningDisable = [ "format" ]; + patches = [ ./cccc.patch ]; + preConfigure = '' substituteInPlace install/install.mak --replace /usr/local/bin $out/bin substituteInPlace install/install.mak --replace MKDIR=mkdir "MKDIR=mkdir -p" diff --git a/pkgs/development/tools/analysis/flow/default.nix b/pkgs/development/tools/analysis/flow/default.nix index f9aae3760d6c..618d87f8b0a2 100644 --- a/pkgs/development/tools/analysis/flow/default.nix +++ b/pkgs/development/tools/analysis/flow/default.nix @@ -5,6 +5,7 @@ with lib; stdenv.mkDerivation rec { version = "0.30.0"; name = "flow-${version}"; + src = fetchFromGitHub { owner = "facebook"; repo = "flow"; diff --git a/pkgs/development/tools/analysis/garcosim/tracefilesim/default.nix b/pkgs/development/tools/analysis/garcosim/tracefilesim/default.nix index 740d51cc1348..7a6f3481d53f 100644 --- a/pkgs/development/tools/analysis/garcosim/tracefilesim/default.nix +++ b/pkgs/development/tools/analysis/garcosim/tracefilesim/default.nix @@ -10,6 +10,8 @@ stdenv.mkDerivation { sha256 = "156m92k38ap4bzidbr8dzl065rni8lrib71ih88myk9z5y1x5nxm"; }; + hardeningDisable = [ "fortify" ]; + installPhase = '' mkdir --parents "$out/bin" cp ./traceFileSim "$out/bin" diff --git a/pkgs/development/tools/analysis/radare/default.nix b/pkgs/development/tools/analysis/radare/default.nix index 3c83f0e9d495..d42227198ce3 100644 --- a/pkgs/development/tools/analysis/radare/default.nix +++ b/pkgs/development/tools/analysis/radare/default.nix @@ -8,8 +8,8 @@ assert useX11 -> (gtk != null && vte != null && gtkdialog != null); assert rubyBindings -> ruby != null; assert pythonBindings -> python != null; -let - optional = stdenv.lib.optional; +let + inherit (stdenv.lib) optional; in stdenv.mkDerivation rec { name = "radare-1.5.2"; @@ -19,6 +19,7 @@ stdenv.mkDerivation rec { sha256 = "1qdrmcnzfvfvqb27c7pknwm8jl2hqa6c4l66wzyddwlb8yjm46hd"; }; + hardeningDisable = [ "format" ]; buildInputs = [pkgconfig readline libusb perl] ++ optional useX11 [gtkdialog vte gtk] diff --git a/pkgs/development/tools/analysis/rr/default.nix b/pkgs/development/tools/analysis/rr/default.nix index c1184445e28e..8cd38a152ecf 100644 --- a/pkgs/development/tools/analysis/rr/default.nix +++ b/pkgs/development/tools/analysis/rr/default.nix @@ -24,6 +24,11 @@ stdenv.mkDerivation rec { "-Ddisable32bit=ON" ]; + # we turn on additional warnings due to hardening + NIX_CFLAGS_COMPILE = "-Wno-error"; + + hardeningDisable = [ "fortify" ]; + enableParallelBuilding = true; # FIXME diff --git a/pkgs/development/tools/analysis/valgrind/default.nix b/pkgs/development/tools/analysis/valgrind/default.nix index b4b56be9c6d9..0e0e44183f6b 100644 --- a/pkgs/development/tools/analysis/valgrind/default.nix +++ b/pkgs/development/tools/analysis/valgrind/default.nix @@ -19,6 +19,8 @@ stdenv.mkDerivation rec { outputs = [ "out" "doc" ]; + hardeningDisable = [ "stackprotector" ]; + # Perl is needed for `cg_annotate'. # GDB is needed to provide a sane default for `--db-command'. nativeBuildInputs = [ perl ]; diff --git a/pkgs/development/tools/boost-build/default.nix b/pkgs/development/tools/boost-build/default.nix index 723219336bb9..240d24961e00 100644 --- a/pkgs/development/tools/boost-build/default.nix +++ b/pkgs/development/tools/boost-build/default.nix @@ -8,6 +8,8 @@ stdenv.mkDerivation rec { sha256 = "10sbbkx2752r4i1yshyp47nw29lyi1p34sy6hj7ivvnddiliayca"; }; + hardeningDisable = [ "format" ]; + patchPhase = '' grep -r '/usr/share/boost-build' \ | awk '{split($0,a,":"); print a[1];}' \ diff --git a/pkgs/development/tools/build-managers/bear/default.nix b/pkgs/development/tools/build-managers/bear/default.nix new file mode 100644 index 000000000000..cc34a73ecd5d --- /dev/null +++ b/pkgs/development/tools/build-managers/bear/default.nix @@ -0,0 +1,32 @@ +{ stdenv, fetchFromGitHub, cmake, python }: + +stdenv.mkDerivation rec { + name = "bear-${version}"; + version = "2.2.0"; + + src = fetchFromGitHub { + owner = "rizsotto"; + repo = "Bear"; + rev = version; + sha256 = "08llfqg8y6d7vfwaw5plrk1rrqzs0ywi2ldnlwvy917603971rg0"; + }; + + nativeBuildInputs = [ cmake ]; + buildInputs = [ python ]; # just for shebang of bin/bear + + doCheck = false; # all fail + + meta = with stdenv.lib; { + description = "Tool that generates a compilation database for clang tooling"; + longDescription = '' + Note: the bear command is very useful to generate compilation commands + e.g. for YouCompleteMe. You just enter your development nix-shell + and run `bear make`. It's not perfect, but it gets a long way. + ''; + homepage = https://github.com/rizsotto/Bear; + license = licenses.gpl3Plus; + platforms = platforms.unix; + maintainers = [ maintainers.vcunat ]; + }; +} + diff --git a/pkgs/development/tools/build-managers/gnumake/3.80/default.nix b/pkgs/development/tools/build-managers/gnumake/3.80/default.nix index 9422a74aedda..08dd0acb42be 100644 --- a/pkgs/development/tools/build-managers/gnumake/3.80/default.nix +++ b/pkgs/development/tools/build-managers/gnumake/3.80/default.nix @@ -2,12 +2,16 @@ stdenv.mkDerivation { name = "gnumake-3.80"; + src = fetchurl { url = http://tarballs.nixos.org/make-3.80.tar.bz2; md5 = "0bbd1df101bc0294d440471e50feca71"; }; + patches = [./log.patch]; + hardeningDisable = [ "format" ]; + meta = { platforms = stdenv.lib.platforms.unix; }; diff --git a/pkgs/development/tools/literate-programming/noweb/default.nix b/pkgs/development/tools/literate-programming/noweb/default.nix index 756da8a85393..44df2b1e1534 100644 --- a/pkgs/development/tools/literate-programming/noweb/default.nix +++ b/pkgs/development/tools/literate-programming/noweb/default.nix @@ -17,7 +17,7 @@ stdenv.mkDerivation { postInstall= '' substituteInPlace $out/bin/cpif --replace "PATH=/bin:/usr/bin" "" for f in $out/bin/{noweb,nountangle,noroots,noroff,noindex} \ - $out/lib/noweb/{toroff,btdefn,totex,pipedoc,noidx,unmarkup,toascii,tohtml,emptydefn}; do + $out/lib/noweb/{toroff,btdefn,totex,noidx,unmarkup,toascii,tohtml,emptydefn}; do substituteInPlace $f --replace "nawk" "${gawk}/bin/awk" done ''; diff --git a/pkgs/development/tools/misc/automake/automake-1.10.x.nix b/pkgs/development/tools/misc/automake/automake-1.10.x.nix deleted file mode 100644 index 2d9937bc48c2..000000000000 --- a/pkgs/development/tools/misc/automake/automake-1.10.x.nix +++ /dev/null @@ -1,47 +0,0 @@ -{ stdenv, fetchurl, perl, autoconf, makeWrapper }: - -stdenv.mkDerivation rec { - name = "automake-1.10.3"; - - # TODO: Remove the `aclocal' wrapper when $ACLOCAL_PATH support is - # available upstream; see - # <http://debbugs.gnu.org/cgi/bugreport.cgi?bug=9026>. - builder = ./builder.sh; - - setupHook = ./setup-hook.sh; - - src = fetchurl { - url = "mirror://gnu/automake/${name}.tar.gz"; - sha256 = "fda9b22ec8705780c8292510b3376bb45977f45a4f7eb3578c5ad126d7758028"; - }; - - buildInputs = [perl autoconf makeWrapper]; - - # Disable indented log output from Make, otherwise "make.test" will - # fail. - preCheck = "unset NIX_INDENT_MAKE"; - - # Don't fixup "#! /bin/sh" in Libtool, otherwise it will use the - # "fixed" path in generated files! - dontPatchShebangs = true; - - # Run the test suite in parallel. - enableParallelBuilding = true; - - meta = { - branch = "1.10"; - homepage = http://www.gnu.org/software/automake/; - description = "GNU standard-compliant makefile generator"; - - longDescription = '' - GNU Automake is a tool for automatically generating - `Makefile.in' files compliant with the GNU Coding - Standards. Automake requires the use of Autoconf. - ''; - - license = stdenv.lib.licenses.gpl2Plus; - - maintainers = [ ]; - platforms = stdenv.lib.platforms.unix; - }; -} diff --git a/pkgs/development/tools/misc/binutils/default.nix b/pkgs/development/tools/misc/binutils/default.nix index bbdb01bdc65f..667a9aa88c8c 100644 --- a/pkgs/development/tools/misc/binutils/default.nix +++ b/pkgs/development/tools/misc/binutils/default.nix @@ -2,7 +2,7 @@ , cross ? null, gold ? true, bison ? null }: -let basename = "binutils-2.26.1"; in +let basename = "binutils-2.27"; in with { inherit (stdenv.lib) optional optionals optionalString; }; @@ -11,7 +11,7 @@ stdenv.mkDerivation rec { src = fetchurl { url = "mirror://gnu/binutils/${basename}.tar.bz2"; - sha256 = "1n4zjibdvqwz63kkzkjdqdp1nh993pn0lml6yyr19yx4gb44dhrr"; + sha256 = "125clslv17xh1sab74343fg6v31msavpmaa1c1394zsqa773g5rn"; }; patches = [ @@ -41,6 +41,9 @@ stdenv.mkDerivation rec { inherit noSysDirs; + # FIXME needs gcc 4.9 in bootstrap tools + hardeningDisable = [ "stackprotector" ]; + preConfigure = '' # Clear the default library search path. if test "$noSysDirs" = "1"; then diff --git a/pkgs/development/tools/misc/elfutils/default.nix b/pkgs/development/tools/misc/elfutils/default.nix index 0a62859d2075..d4a2f80599f7 100644 --- a/pkgs/development/tools/misc/elfutils/default.nix +++ b/pkgs/development/tools/misc/elfutils/default.nix @@ -12,6 +12,8 @@ stdenv.mkDerivation rec { patches = [ ./glibc-2.21.patch ]; + hardeningDisable = [ "format" ]; + # We need bzip2 in NativeInputs because otherwise we can't unpack the src, # as the host-bzip2 will be in the path. nativeBuildInputs = [ m4 bison flex gettext bzip2 ]; diff --git a/pkgs/development/tools/misc/gnum4/default.nix b/pkgs/development/tools/misc/gnum4/default.nix index 0670428005e4..0696dc906449 100644 --- a/pkgs/development/tools/misc/gnum4/default.nix +++ b/pkgs/development/tools/misc/gnum4/default.nix @@ -15,6 +15,9 @@ stdenv.mkDerivation rec { # Upstream is aware of it; it may be in the next release. patches = [ ./s_isdir.patch ]; + # FIXME needs gcc 4.9 in bootstrap tools + hardeningDisable = [ "stackprotector" ]; + meta = { homepage = http://www.gnu.org/software/m4/; description = "GNU M4, a macro processor"; diff --git a/pkgs/development/tools/misc/indent/default.nix b/pkgs/development/tools/misc/indent/default.nix index 594bef7e16a3..996043c16d87 100644 --- a/pkgs/development/tools/misc/indent/default.nix +++ b/pkgs/development/tools/misc/indent/default.nix @@ -12,6 +12,8 @@ stdenv.mkDerivation rec { sed -i 's|#include <malloc.h>|#include <malloc/malloc.h>|' ./man/texinfo2man.c ''; + hardeningDisable = [ "format" ]; + meta = { homepage = https://www.gnu.org/software/indent/; description = "A source code reformatter"; diff --git a/pkgs/development/tools/misc/kconfig-frontends/default.nix b/pkgs/development/tools/misc/kconfig-frontends/default.nix index 13e02fb9272b..8449cf9b6f38 100644 --- a/pkgs/development/tools/misc/kconfig-frontends/default.nix +++ b/pkgs/development/tools/misc/kconfig-frontends/default.nix @@ -12,6 +12,8 @@ stdenv.mkDerivation rec { buildInputs = [ bison flex gperf ncurses pkgconfig ]; + hardeningDisable = [ "format" ]; + configureFlags = [ "--enable-frontends=conf,mconf,nconf" ]; diff --git a/pkgs/development/tools/misc/patchelf/default.nix b/pkgs/development/tools/misc/patchelf/default.nix index 77a1f2661682..807b2a9a49db 100644 --- a/pkgs/development/tools/misc/patchelf/default.nix +++ b/pkgs/development/tools/misc/patchelf/default.nix @@ -10,6 +10,9 @@ stdenv.mkDerivation rec { setupHook = [ ./setup-hook.sh ]; + # FIXME needs gcc 4.9 in bootstrap tools + hardeningDisable = [ "stackprotector" ]; + #doCheck = true; # problems when loading libc.so.6 meta = { diff --git a/pkgs/development/tools/misc/prelink/default.nix b/pkgs/development/tools/misc/prelink/default.nix index 15abc1f48c1e..f2c5208d7ae8 100644 --- a/pkgs/development/tools/misc/prelink/default.nix +++ b/pkgs/development/tools/misc/prelink/default.nix @@ -6,7 +6,9 @@ in stdenv.mkDerivation rec { name = "prelink-${version}"; - buildInputs = [ libelf ]; + buildInputs = [ + libelf stdenv.cc.libc (stdenv.lib.getOutput "static" stdenv.cc.libc) + ]; src = fetchurl { url = "http://people.redhat.com/jakub/prelink/prelink-${version}.tar.bz2"; diff --git a/pkgs/development/tools/misc/rman/default.nix b/pkgs/development/tools/misc/rman/default.nix index 01e4b22e5f14..702dabcf3955 100644 --- a/pkgs/development/tools/misc/rman/default.nix +++ b/pkgs/development/tools/misc/rman/default.nix @@ -2,16 +2,21 @@ stdenv.mkDerivation { name = "rman-3.2"; + src = fetchurl { url = mirror://sourceforge/polyglotman/3.2/rman-3.2.tar.gz; sha256 = "0prdld6nbkdlkcgc2r1zp13h2fh8r0mlwxx423dnc695ddlk18b8"; }; + makeFlags = "BINDIR=$(out)/bin MANDIR=$(out)/share/man"; + preInstall = '' mkdir -p $out/bin mkdir -p $out/share/man ''; - + + hardeningDisable = [ "format" ]; + meta = { description = "Parse formatted man pages and man page source from most flavors of UNIX and converts them to HTML, ASCII, TkMan, DocBook, and other formats"; license = "artistic"; diff --git a/pkgs/development/tools/misc/texinfo/6.1.nix b/pkgs/development/tools/misc/texinfo/6.1.nix index f19ccb35508f..e3001ffba7bd 100644 --- a/pkgs/development/tools/misc/texinfo/6.1.nix +++ b/pkgs/development/tools/misc/texinfo/6.1.nix @@ -17,6 +17,9 @@ stdenv.mkDerivation rec { configureFlags = stdenv.lib.optional stdenv.isSunOS "AWK=${gawk}/bin/awk"; + # FIXME needs gcc 4.9 in bootstrap tools + hardeningDisable = [ "stackprotector" ]; + preInstall = '' installFlags="TEXMF=$out/texmf-dist"; installTargets="install install-tex"; diff --git a/pkgs/development/tools/omniorb/default.nix b/pkgs/development/tools/omniorb/default.nix index 09955ca5d70d..8488d47dea5f 100644 --- a/pkgs/development/tools/omniorb/default.nix +++ b/pkgs/development/tools/omniorb/default.nix @@ -12,6 +12,8 @@ stdenv.mkDerivation rec { buildInputs = [ python ]; + hardeningDisable = [ "format" ]; + meta = with stdenv.lib; { description = "omniORB is a robust high performance CORBA ORB for C++ and Python. It is freely available under the terms of the GNU Lesser General Public License (for the libraries), and GNU General Public License (for the tools). omniORB is largely CORBA 2.6 compliant"; homepage = "http://omniorb.sourceforge.net/"; diff --git a/pkgs/development/tools/parsing/bison/3.x.nix b/pkgs/development/tools/parsing/bison/3.x.nix index 6aa717c53cde..ebbee4e693dc 100644 --- a/pkgs/development/tools/parsing/bison/3.x.nix +++ b/pkgs/development/tools/parsing/bison/3.x.nix @@ -11,6 +11,9 @@ stdenv.mkDerivation rec { nativeBuildInputs = [ m4 perl ] ++ stdenv.lib.optional stdenv.isSunOS help2man; propagatedBuildInputs = [ m4 ]; + # FIXME needs gcc 4.9 in bootstrap tools + hardeningDisable = [ "stackprotector" ]; + meta = { homepage = "http://www.gnu.org/software/bison/"; description = "Yacc-compatible parser generator"; diff --git a/pkgs/development/tools/rtags/default.nix b/pkgs/development/tools/rtags/default.nix index 06ab4ffed3ca..959681c7e1a8 100644 --- a/pkgs/development/tools/rtags/default.nix +++ b/pkgs/development/tools/rtags/default.nix @@ -2,8 +2,7 @@ stdenv.mkDerivation rec { name = "rtags-${version}"; - version = "git-2016-04-29"; - rev = "233543d343bf86fa31c35ee21242fa2da3a965ab"; + version = "2.3"; buildInputs = [ cmake llvmPackages.llvm openssl llvmPackages.clang emacs ]; @@ -13,10 +12,10 @@ stdenv.mkDerivation rec { ''; src = fetchgit { - inherit rev; + rev = "refs/tags/v${version}"; fetchSubmodules = true; url = "https://github.com/andersbakken/rtags.git"; - sha256 = "10j1s7kvnd5823p1kgx3hyca9jz9j27y6xk0q208p095wf8hk105"; + sha256 = "05kzch88x2wiimygfli6vsr9i5hzgkybsya8qx4zvb6daip4b7yf"; }; meta = { diff --git a/pkgs/development/tools/toluapp/default.nix b/pkgs/development/tools/toluapp/default.nix index c11e1b34f1ad..64a2f4346c79 100644 --- a/pkgs/development/tools/toluapp/default.nix +++ b/pkgs/development/tools/toluapp/default.nix @@ -20,8 +20,6 @@ stdenv.mkDerivation rec { --replace /usr/local $out ''; - NIX_CFLAGS_COMPILE = "-fPIC"; - buildPhase = ''scons''; installPhase = ''scons install''; diff --git a/pkgs/development/web/nodejs/v6.nix b/pkgs/development/web/nodejs/v6.nix index b2a50e2a8d9f..c0a906aeb717 100644 --- a/pkgs/development/web/nodejs/v6.nix +++ b/pkgs/development/web/nodejs/v6.nix @@ -8,8 +8,8 @@ let inherit (darwin.apple_sdk.frameworks) CoreServices ApplicationServices; in import ./nodejs.nix (args // rec { - version = "6.3.1"; - sha256 = "06ran2ccfxkwyk6w4wikd7qws286952lbx93pqaygmbh9f0q9rbg"; + version = "6.4.0"; + sha256 = "1b3xpp38fd2y8zdkpvkyyvsddh5y4vly81hxkf9hi6wap0nqidj9"; extraBuildInputs = stdenv.lib.optionals stdenv.isDarwin [ CoreServices ApplicationServices ]; preBuild = stdenv.lib.optionalString stdenv.isDarwin '' diff --git a/pkgs/development/web/valum/default.nix b/pkgs/development/web/valum/default.nix index 21881fe6a315..c700fd81a245 100644 --- a/pkgs/development/web/valum/default.nix +++ b/pkgs/development/web/valum/default.nix @@ -3,13 +3,13 @@ stdenv.mkDerivation rec { name = "valum-${version}"; - version = "0.2.0"; + version = "0.2.16"; src = fetchFromGitHub { owner = "valum-framework"; repo = "valum"; rev = "v${version}"; - sha256 = "1lciwqk4k9sf1hl4drl207g0ydlxl906kx9lx5fqhfb8gwcfqh2g"; + sha256 = "0ca067gg5z1798bazwzgg2yd2mbysvk8i2q2v3i8d0d188y2hj84"; }; buildInputs = [ python pkgconfig glib vala_0_28 ctpl libgee libsoup fcgi ]; diff --git a/pkgs/development/web/wml/default.nix b/pkgs/development/web/wml/default.nix index 3d47d32f1c83..58336c80e04f 100644 --- a/pkgs/development/web/wml/default.nix +++ b/pkgs/development/web/wml/default.nix @@ -21,12 +21,14 @@ perlPackages.buildPerlPackage rec { sed -i 's/ doc / /g' wml_backend/p2_mp4h/Makefile.in sed -i '/p2_mp4h\/doc/d' Makefile.in ''; - + buildInputs = with perlPackages; [ perl TermReadKey GD BitVector ncurses lynx makeWrapper ImageSize ]; patches = [ ./redhat-with-thr.patch ./dynaloader.patch ./no_bitvector.patch ]; - + + hardeningDisable = [ "format" ]; + postPatch = '' substituteInPlace wml_frontend/wml.src \ --replace "File::PathConvert::realpath" "Cwd::realpath" \ diff --git a/pkgs/games/asc/default.nix b/pkgs/games/asc/default.nix index b2f251bfecb8..e67b92afa768 100644 --- a/pkgs/games/asc/default.nix +++ b/pkgs/games/asc/default.nix @@ -13,6 +13,7 @@ stdenv.mkDerivation rec { configureFlags = [ "--disable-paragui" "--disable-paraguitest" ]; NIX_CFLAGS_COMPILE = "-fpermissive"; # I'm too lazy to catch all gcc47-related problems + hardeningDisable = [ "format" ]; buildInputs = [ SDL SDL_image SDL_mixer SDL_sound libsigcxx physfs boost expat diff --git a/pkgs/games/bsdgames/default.nix b/pkgs/games/bsdgames/default.nix index 0709692552c2..599588e6f0ee 100644 --- a/pkgs/games/bsdgames/default.nix +++ b/pkgs/games/bsdgames/default.nix @@ -17,6 +17,8 @@ stdenv.mkDerivation { }) ]; + hardeningDisable = [ "format" ]; + preConfigure = '' cat > config.params << EOF bsd_games_cfg_man6dir=$out/share/man/man6 diff --git a/pkgs/games/crack-attack/default.nix b/pkgs/games/crack-attack/default.nix index 538efebf8334..eb20c0b329e8 100644 --- a/pkgs/games/crack-attack/default.nix +++ b/pkgs/games/crack-attack/default.nix @@ -10,6 +10,8 @@ stdenv.mkDerivation { buildInputs = [ pkgconfig gtk freeglut SDL mesa libXi libXmu ]; + hardeningDisable = [ "format" ]; + meta = { description = "A fast-paced puzzle game inspired by the classic Super NES title Tetris Attack!"; homepage = http://www.nongnu.org/crack-attack/; diff --git a/pkgs/games/cuyo/default.nix b/pkgs/games/cuyo/default.nix index 84ba7b4b7d80..69c7adfd284c 100644 --- a/pkgs/games/cuyo/default.nix +++ b/pkgs/games/cuyo/default.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchurl, SDL, SDL_mixer }: +{ stdenv, fetchurl, SDL, SDL_mixer, zlib }: stdenv.mkDerivation rec { name = "cuyo-${version}"; @@ -9,7 +9,7 @@ stdenv.mkDerivation rec { sha256 = "17yqv924x7yvwix7yz9jdhgyar8lzdhqvmpvv0any8rdkajhj23c"; }; - buildInputs = [ SDL SDL_mixer]; + buildInputs = [ SDL SDL_mixer zlib ]; meta = { homepage = http://karimmi.de/cuyo; diff --git a/pkgs/games/eboard/default.nix b/pkgs/games/eboard/default.nix index 1a99fcd9c24e..7915822589c3 100644 --- a/pkgs/games/eboard/default.nix +++ b/pkgs/games/eboard/default.nix @@ -13,6 +13,8 @@ stdenv.mkDerivation { buildInputs = [ gtk ]; nativeBuildInputs = [ perl pkgconfig ]; + hardeningDisable = [ "format" ]; + preConfigure = '' patchShebangs ./configure ''; diff --git a/pkgs/games/fsg/default.nix b/pkgs/games/fsg/default.nix index db18bc7c249b..f6f52aabb6b0 100644 --- a/pkgs/games/fsg/default.nix +++ b/pkgs/games/fsg/default.nix @@ -4,31 +4,13 @@ stdenv.mkDerivation { name = "fsg-4.4"; src = fetchurl { - #url = http://www.piettes.com/fallingsandgame/fsg-src-4.4.tar.gz; url = http://www.sourcefiles.org/Games/Simulation/Other/fsg-src-4.4.tar.gz; sha256 = "1756y01rkvd3f1pkj88jqh83fqcfl2fy0c48mcq53pjzln9ycv8c"; }; - buildInputs = [ gtk glib pkgconfig mesa wxGTK libX11 xproto ]; - -/* -# One day Unicode will overcome? + hardeningDisable = [ "format" ]; - preBuild = " - sed -e ' - s/\\(str\\.Printf(\\)\\(\".*\"\\)/\\1_(\\2)/; - s@\\<fopen(\\([^\"),]\\+\\)@fopen(wxConvertWX2MB(\\1)@ - s@\\<wxString(\\([^)]\\+\\)@wxString(wxConvertMB2WX(\\1)@ - s/\\(wxString str(\\)\\(\".*\"\\)/\\1_(\\2)/; - ' -i MainFrame.cpp Canvas.cpp; - sed -e ' - s@\\(^[^\"]*([^\"]*[^(]\\|^[^\"].*[^_](\\)\\(\"\\([^\"]\\|\\\"\\)*\"\\)@\\1_(\\2)@; - ' -i DownloadFileDialog.cpp; - sed -e ' - s@currentProbIndex != 100@0@; - ' -i MainFrame.cpp; - cp -r . /tmp/fsg - ";*/ + buildInputs = [ gtk glib pkgconfig mesa wxGTK libX11 xproto ]; preBuild = '' sed -e ' diff --git a/pkgs/games/gnugo/default.nix b/pkgs/games/gnugo/default.nix index 4e6163d71638..827388691af0 100644 --- a/pkgs/games/gnugo/default.nix +++ b/pkgs/games/gnugo/default.nix @@ -1,25 +1,20 @@ { stdenv, fetchurl }: -let - - versionNumber = "3.8"; - -in - -stdenv.mkDerivation { - - name = "gnugo-${versionNumber}"; +stdenv.mkDerivation rec { + name = "gnugo-${version}"; + version = "3.8"; src = fetchurl { - url = "mirror://gnu/gnugo/gnugo-${versionNumber}.tar.gz"; + url = "mirror://gnu/gnugo/gnugo-${version}.tar.gz"; sha256 = "0wkahvqpzq6lzl5r49a4sd4p52frdmphnqsfdv7gdp24bykdfs6s"; }; + hardeningDisable = [ "format" ]; + meta = { description = "GNU Go - A computer go player"; homepage = "http://http://www.gnu.org/software/gnugo/"; license = stdenv.lib.licenses.gpl3; platforms = stdenv.lib.platforms.unix; }; - } diff --git a/pkgs/games/kobodeluxe/default.nix b/pkgs/games/kobodeluxe/default.nix index f45f9e9dcb25..2c45e1361b40 100644 --- a/pkgs/games/kobodeluxe/default.nix +++ b/pkgs/games/kobodeluxe/default.nix @@ -1,4 +1,4 @@ -{stdenv, fetchurl, SDL, SDL_image} : +{stdenv, fetchurl, SDL, SDL_image, mesa} : stdenv.mkDerivation { name = "kobodeluxe-0.5.1"; @@ -7,7 +7,7 @@ stdenv.mkDerivation { sha256 = "0f7b910a399d985437564af8c5d81d6dcf22b96b26b01488d72baa6a6fdb5c2c"; }; - buildInputs = [ SDL SDL_image]; + buildInputs = [ SDL SDL_image mesa ]; prePatch = '' sed -e 's/char \*tok/const char \*tok/' -i graphics/window.cpp diff --git a/pkgs/games/lincity/ng.nix b/pkgs/games/lincity/ng.nix index 8807831ef014..b6574eaf39e3 100644 --- a/pkgs/games/lincity/ng.nix +++ b/pkgs/games/lincity/ng.nix @@ -15,13 +15,15 @@ let s = # Generated upstream information }; buildInputs = [zlib jam pkgconfig gettext libxml2 libxslt xproto libX11 mesa SDL SDL_mixer SDL_image SDL_ttf SDL_gfx physfs]; -in +in stdenv.mkDerivation rec { inherit (s) name version; src = fetchurl { inherit (s) url sha256; }; + hardeningDisable = [ "format" ]; + inherit buildInputs; buildPhase = "jam"; diff --git a/pkgs/games/liquidwar/5.nix b/pkgs/games/liquidwar/5.nix index ac24f3bac740..dfb2934cf775 100644 --- a/pkgs/games/liquidwar/5.nix +++ b/pkgs/games/liquidwar/5.nix @@ -7,18 +7,16 @@ stdenv.mkDerivation rec { sha256 = "18wkbfzp07yckg05b5gjy67rw06z9lxp0hzg0zwj7rz8i12jxi9j"; }; - buildInputs = [ - allegro - ]; + buildInputs = [ allegro ]; - configureFlags = - (stdenv.lib.optional stdenv.isx86_64 "--disable-asm") - ; + configureFlags = stdenv.lib.optional stdenv.isx86_64 "--disable-asm"; - meta = with stdenv.lib; { - description = ''The classic version of a quick tactics game LiquidWar''; - maintainers = [ maintainers.raskin ]; - license = licenses.gpl2Plus; - platforms = platforms.linux; - }; + hardeningDisable = [ "format" ]; + + meta = with stdenv.lib; { + description = ''The classic version of a quick tactics game LiquidWar''; + maintainers = [ maintainers.raskin ]; + license = licenses.gpl2Plus; + platforms = platforms.linux; + }; } diff --git a/pkgs/games/liquidwar/default.nix b/pkgs/games/liquidwar/default.nix index fb1cacc3d1c6..04640095ec0c 100644 --- a/pkgs/games/liquidwar/default.nix +++ b/pkgs/games/liquidwar/default.nix @@ -24,7 +24,9 @@ stdenv.mkDerivation rec { libXrender libcaca cunit ]; - NIX_CFLAGS_COMPILE="-Wno-error=deprecated-declarations"; + hardeningDisable = [ "format" ]; + + NIX_CFLAGS_COMPILE = "-Wno-error=deprecated-declarations"; # To avoid problems finding SDL_types.h. configureFlags = [ "CFLAGS=-I${SDL.dev}/include/SDL" ]; diff --git a/pkgs/games/njam/default.nix b/pkgs/games/njam/default.nix index ba17fe28e351..bcbbc9e7756b 100644 --- a/pkgs/games/njam/default.nix +++ b/pkgs/games/njam/default.nix @@ -14,6 +14,8 @@ stdenv.mkDerivation rec { buildInputs = [ SDL SDL_image SDL_mixer SDL_net ]; + hardeningDisable = [ "format" ]; + patches = [ ./logfile.patch ]; meta = { diff --git a/pkgs/games/pioneers/default.nix b/pkgs/games/pioneers/default.nix index af9900cede53..3f1735c31aa1 100644 --- a/pkgs/games/pioneers/default.nix +++ b/pkgs/games/pioneers/default.nix @@ -9,6 +9,8 @@ stdenv.mkDerivation rec { buildInputs = [ gtk pkgconfig intltool ]; + hardeningDisable = [ "format" ]; + meta = { homepage = http://pio.sourceforge.net/; license = stdenv.lib.licenses.gpl2Plus; diff --git a/pkgs/games/pokerth/default.nix b/pkgs/games/pokerth/default.nix index 9daf98dcfb4f..e34f05402f77 100644 --- a/pkgs/games/pokerth/default.nix +++ b/pkgs/games/pokerth/default.nix @@ -19,6 +19,8 @@ in stdenv.mkDerivation rec { qmakeFlags = [ "pokerth.pro" ]; + NIX_CFLAGS_COMPILE = [ "-I${SDL.dev}/include/SDL" ]; + postPatch = '' for f in connectivity.pro load.pro pokerth_game.pro pokerth_server.pro do @@ -27,6 +29,8 @@ in stdenv.mkDerivation rec { done ''; + enableParallelBuilding = true; + postInstall = '' install -D -m755 bin/pokerth_server $server/bin/pokerth_server ''; diff --git a/pkgs/games/scummvm/default.nix b/pkgs/games/scummvm/default.nix index a51b51395dbb..603e0b0e9e4e 100644 --- a/pkgs/games/scummvm/default.nix +++ b/pkgs/games/scummvm/default.nix @@ -1,14 +1,16 @@ -{ stdenv, fetchurl, SDL, zlib, libmpeg2, libmad, libogg, libvorbis, flac, alsaLib }: +{ stdenv, fetchurl, SDL, zlib, libmpeg2, libmad, libogg, libvorbis, flac, alsaLib, mesa }: stdenv.mkDerivation rec { name = "scummvm-1.8.0"; - + src = fetchurl { url = "mirror://sourceforge/scummvm/${name}.tar.bz2"; sha256 = "0f3zgvz886lk9ps0v333aq74vx6grlx68hg14gfaxcvj55g73v01"; }; - buildInputs = [ SDL zlib libmpeg2 libmad libogg libvorbis flac alsaLib ]; + buildInputs = [ SDL zlib libmpeg2 libmad libogg libvorbis flac alsaLib mesa ]; + + hardeningDisable = [ "format" ]; crossAttrs = { preConfigure = '' diff --git a/pkgs/games/spring/springlobby.nix b/pkgs/games/spring/springlobby.nix index 62a5d81320f3..78b9e155642c 100644 --- a/pkgs/games/spring/springlobby.nix +++ b/pkgs/games/spring/springlobby.nix @@ -1,8 +1,8 @@ { stdenv, fetchurl, cmake, wxGTK30, openal, pkgconfig, curl, libtorrentRasterbar , libpng, libX11, gettext, bash, gawk, boost, libnotify, gtk, doxygen, spring , makeWrapper, glib, minizip, alure, pcre, jsoncpp }: -stdenv.mkDerivation rec { +stdenv.mkDerivation rec { name = "springlobby-${version}"; version = "0.255"; @@ -16,12 +16,6 @@ stdenv.mkDerivation rec { boost libpng libX11 libnotify gtk doxygen makeWrapper glib minizip alure ]; - prePatch = '' - substituteInPlace tools/regen_config_header.sh --replace "#!/usr/bin/env bash" "#!${bash}/bin/bash" - substituteInPlace tools/test-susynclib.awk --replace "#!/usr/bin/awk" "#!${gawk}/bin/awk" - substituteInPlace CMakeLists.txt --replace "boost_system-mt" "boost_system" - ''; - patches = [ ./revert_58b423e.patch ]; # Allows springLobby to continue using system installed spring until #707 is fixed enableParallelBuilding = true; diff --git a/pkgs/games/stardust/default.nix b/pkgs/games/stardust/default.nix index aa68da6b73d0..74d9bdcb35dc 100644 --- a/pkgs/games/stardust/default.nix +++ b/pkgs/games/stardust/default.nix @@ -17,6 +17,8 @@ stdenv.mkDerivation rec { installFlags = [ "bindir=\${out}/bin" ]; + hardeningDisable = [ "format" ]; + postConfigure = '' substituteInPlace config.h \ --replace '#define PACKAGE ""' '#define PACKAGE "stardust"' diff --git a/pkgs/games/torcs/default.nix b/pkgs/games/torcs/default.nix index e6370d6e7c61..1b1e877d274d 100644 --- a/pkgs/games/torcs/default.nix +++ b/pkgs/games/torcs/default.nix @@ -21,6 +21,8 @@ stdenv.mkDerivation rec { installTargets = "install datainstall"; + hardeningDisable = [ "format" ]; + meta = { description = "Car racing game"; homepage = http://torcs.sourceforge.net/; diff --git a/pkgs/games/trackballs/default.nix b/pkgs/games/trackballs/default.nix index 65e8f82178eb..5606be6a5943 100644 --- a/pkgs/games/trackballs/default.nix +++ b/pkgs/games/trackballs/default.nix @@ -13,6 +13,8 @@ stdenv.mkDerivation rec { buildInputs = [ zlib mesa SDL SDL_ttf SDL_mixer SDL_image guile gettext ]; + hardeningDisable = [ "format" ]; + CFLAGS = optionalString debug "-g -O0"; CXXFLAGS = CFLAGS; dontStrip = debug; diff --git a/pkgs/games/xconq/default.nix b/pkgs/games/xconq/default.nix index 53c3ec7dec85..e6e237529531 100644 --- a/pkgs/games/xconq/default.nix +++ b/pkgs/games/xconq/default.nix @@ -3,9 +3,9 @@ stdenv.mkDerivation rec { name = "${baseName}-${version}"; - baseName="xconq"; + baseName = "xconq"; version = "7.5.0-0pre.0.20050612"; - + src = fetchurl { url = "mirror://sourceforge/project/${baseName}/${baseName}/${name}/${name}.tar.gz"; sha256 = "1za78yx57mgwcmmi33wx3533yz1x093dnqis8q2qmqivxav51lca"; @@ -20,6 +20,8 @@ stdenv.mkDerivation rec { "--with-tkconfig=${tk}/lib" ]; + hardeningDisable = [ "format" ]; + patchPhase = '' # Fix Makefiles find . -name 'Makefile.in' -exec sed -re 's@^ ( *)(cd|[&][&])@ \1\2@' -i '{}' ';' diff --git a/pkgs/games/xpilot/bloodspilot-server.nix b/pkgs/games/xpilot/bloodspilot-server.nix index 3c811f1ba2ef..42bcb3263169 100644 --- a/pkgs/games/xpilot/bloodspilot-server.nix +++ b/pkgs/games/xpilot/bloodspilot-server.nix @@ -1,23 +1,27 @@ -{stdenv, fetchurl, expat}: -let - buildInputs = [ - expat - ]; -in +{ stdenv, fetchurl, expat }: + stdenv.mkDerivation rec { - version = "1.4.6"; name = "bloodspilot-xpilot-fxi-server-${version}"; - inherit buildInputs; + version = "1.4.6"; + src = fetchurl { url = "mirror://sourceforge/project/bloodspilot/server/server%20v${version}/xpilot-${version}fxi.tar.gz"; sha256 = "0d7hnpshifq6gy9a0g6il6h1hgqqjyys36n8w84hr8d4nhg4d1ji"; }; - meta = { - inherit version; - description = ''A multiplayer X11 space combat game (server part)''; - homepage = "http://bloodspilot.sf.net/"; - license = stdenv.lib.licenses.gpl2Plus ; - maintainers = [stdenv.lib.maintainers.raskin]; - platforms = stdenv.lib.platforms.linux; + + buildInputs = [ + expat + ]; + + patches = [ + ./server-gcc5.patch + ]; + + meta = with stdenv.lib; { + description = "A multiplayer X11 space combat game (server part)"; + homepage = http://bloodspilot.sf.net/; + license = licenses.gpl2Plus ; + maintainers = [ maintainers.raskin ]; + platforms = platforms.linux; }; } diff --git a/pkgs/games/xpilot/server-gcc5.patch b/pkgs/games/xpilot/server-gcc5.patch new file mode 100644 index 000000000000..5618399bfecd --- /dev/null +++ b/pkgs/games/xpilot/server-gcc5.patch @@ -0,0 +1,65 @@ +--- xpilot-1.4.6fxi/src/common/net.c 2016-02-09 00:20:43.531714342 +0000 ++++ xpilot-1.4.6fxi/src/common/net.c 2016-02-09 00:21:15.301331053 +0000 +@@ -608,9 +608,9 @@ + } + + #if STDVA +-inline int32_t Packet_scanf(sockbuf_t *sbuf, const char *fmt, ...) ++extern int32_t Packet_scanf(sockbuf_t *sbuf, const char *fmt, ...) + #else +-inline int32_t Packet_scanf(va_alist) ++extern int32_t Packet_scanf(va_alist) + va_dcl + #endif + { +--- xpilot-1.4.6fxi/src/server/collision.c 2016-02-09 00:22:29.581784405 +0000 ++++ xpilot-1.4.6fxi/src/server/collision.c 2016-02-09 00:22:38.152952500 +0000 +@@ -71,7 +71,7 @@ + * p: first object, q: second object + */ + +-inline int32_t Collision_occured(int32_t p1x, int32_t p1y, int32_t p2x, int32_t p2y, ++extern int32_t Collision_occured(int32_t p1x, int32_t p1y, int32_t p2x, int32_t p2y, + int32_t q1x, int32_t q1y, int32_t q2x, int32_t q2y, int32_t r) + { + int32_t fac1, fac2; /* contraction between the distance between the x and y coordinates of objects */ +--- xpilot-1.4.6fxi/src/server/player.c 2016-02-09 00:25:29.546313808 +0000 ++++ xpilot-1.4.6fxi/src/server/player.c 2016-02-09 00:25:40.464527932 +0000 +@@ -1411,12 +1411,12 @@ + return NULL; + } + +-inline bool Player_idle_timed_out(player_t *pl) ++extern bool Player_idle_timed_out(player_t *pl) + { + return (frame_loops - pl->frame_last_busy > MAX_PLAYER_IDLE_TICKS && (NumPlayers > 1)) ? true : false; + } + +-inline bool Player_is_recovered(player_t *pl) ++extern bool Player_is_recovered(player_t *pl) + { + return (pl->recovery_count <= 0.0) ? true : false; + } +--- xpilot-1.4.6fxi/src/server/score.c 2016-02-09 00:21:45.659923025 +0000 ++++ xpilot-1.4.6fxi/src/server/score.c 2016-02-09 00:22:07.224345939 +0000 +@@ -24,17 +24,17 @@ + char msg[MSG_LEN]; + + +-inline double Get_Score(player_t *pl) ++extern double Get_Score(player_t *pl) + { + return pl->score; + } + +-inline void Score_set(player_t * pl, double score) ++extern void Score_set(player_t * pl, double score) + { + pl->score = score; + } + +-inline void Score_add(player_t * pl, double score) ++extern void Score_add(player_t * pl, double score) + { + pl->score += score; + } diff --git a/pkgs/games/zandronum/default.nix b/pkgs/games/zandronum/default.nix index 4e1dcd443237..39c1ea6b7469 100644 --- a/pkgs/games/zandronum/default.nix +++ b/pkgs/games/zandronum/default.nix @@ -35,6 +35,8 @@ in stdenv.mkDerivation { enableParallelBuilding = true; + hardeningDisable = [ "format" ]; + installPhase = '' mkdir -p $out/bin mkdir -p $out/share/zandronum diff --git a/pkgs/misc/drivers/moltengamepad/default.nix b/pkgs/misc/drivers/moltengamepad/default.nix index 61d7810c2d4b..590441bb6ddb 100644 --- a/pkgs/misc/drivers/moltengamepad/default.nix +++ b/pkgs/misc/drivers/moltengamepad/default.nix @@ -11,6 +11,8 @@ stdenv.mkDerivation rec { sha256 = "05cpxfzxgm86kxx0a9f76bshjwpz9w1g8bn30ib1i5a3fv7bmirl"; }; + hardeningDisable = [ "format" ]; + buildInputs = [ libudev ]; buildPhase = '' diff --git a/pkgs/misc/emulators/atari++/default.nix b/pkgs/misc/emulators/atari++/default.nix index 9d4a142cf2e0..d669233e7593 100644 --- a/pkgs/misc/emulators/atari++/default.nix +++ b/pkgs/misc/emulators/atari++/default.nix @@ -1,5 +1,4 @@ -{ stdenv, fetchurl -, libX11, SDL }: +{ stdenv, fetchurl, libSM, libX11, SDL }: with stdenv.lib; stdenv.mkDerivation rec{ @@ -11,7 +10,8 @@ stdenv.mkDerivation rec{ sha256 = "1y5kwh08717jsa5agxrvxnggnwxq36irrid9rzfhca1nnvp9a45l"; }; - buildInputs = [ libX11 SDL ]; + buildInputs = [ libSM libX11 SDL ]; + meta = { homepage = http://www.xl-project.com/; description = "An enhanced, cycle-accurated Atari emulator"; diff --git a/pkgs/misc/emulators/dlx/default.nix b/pkgs/misc/emulators/dlx/default.nix index 01c5f866e1b0..feb474a13765 100644 --- a/pkgs/misc/emulators/dlx/default.nix +++ b/pkgs/misc/emulators/dlx/default.nix @@ -12,6 +12,8 @@ stdenv.mkDerivation { makeFlags = "LINK=gcc CFLAGS=-O2"; + hardeningDisable = [ "format" ]; + installPhase = '' mkdir -p $out/include/dlx $out/share/dlx/{examples,doc} $out/bin mv -v masm mon dasm $out/bin/ diff --git a/pkgs/misc/emulators/dosbox/default.nix b/pkgs/misc/emulators/dosbox/default.nix index ebbb1fe7c316..f7400e4b7615 100644 --- a/pkgs/misc/emulators/dosbox/default.nix +++ b/pkgs/misc/emulators/dosbox/default.nix @@ -2,7 +2,7 @@ stdenv.mkDerivation rec { name = "dosbox-0.74"; - + src = fetchurl { url = "mirror://sourceforge/dosbox/${name}.tar.gz"; sha256 = "01cfjc5bs08m4w79nbxyv7rnvzq2yckmgrbq36njn06lw8b4kxqk"; @@ -17,9 +17,11 @@ stdenv.mkDerivation rec { ]; patchFlags = "-p0"; - + + hardeningDisable = [ "format" ]; + buildInputs = [ SDL mesa ]; - + desktopItem = makeDesktopItem { name = "dosbox"; exec = "dosbox"; diff --git a/pkgs/misc/emulators/fakenes/default.nix b/pkgs/misc/emulators/fakenes/default.nix index 1f986430b81d..6e9253b299e4 100644 --- a/pkgs/misc/emulators/fakenes/default.nix +++ b/pkgs/misc/emulators/fakenes/default.nix @@ -11,6 +11,8 @@ stdenv.mkDerivation { buildInputs = [ allegro openal mesa zlib hawknl freeglut libX11 libXxf86vm libXcursor libXpm ]; + hardeningDisable = [ "format" ]; + installPhase = '' mkdir -p $out/bin cp fakenes $out/bin diff --git a/pkgs/misc/emulators/mupen64plus/default.nix b/pkgs/misc/emulators/mupen64plus/default.nix index a51d97773e4b..07174d76e4e8 100644 --- a/pkgs/misc/emulators/mupen64plus/default.nix +++ b/pkgs/misc/emulators/mupen64plus/default.nix @@ -6,9 +6,11 @@ stdenv.mkDerivation { url = http://mupen64plus.googlecode.com/files/Mupen64Plus-1-5-src.tar.gz; sha256 = "0gygfgyr2sg4yx77ijk133d1ra0v1yxi4xjxrg6kp3zdjmhdmcjq"; }; - + buildInputs = [ which pkgconfig SDL gtk mesa SDL_ttf ]; - + + hardeningDisable = [ "format" ]; + preConfigure = '' # Some C++ incompatibility fixes sed -i -e 's|char \* extstr = strstr|const char * extstr = strstr|' glide64/Main.cpp @@ -20,10 +22,10 @@ stdenv.mkDerivation { # Remove PATH environment variable from install script sed -i -e "s|export PATH=|#export PATH=|" ./install.sh ''; - + buildPhase = "make all"; installPhase = "PREFIX=$out make install"; - + meta = { description = "A Nintendo 64 Emulator"; license = stdenv.lib.licenses.gpl2Plus; diff --git a/pkgs/misc/emulators/nestopia/default.nix b/pkgs/misc/emulators/nestopia/default.nix index fc64caf1053d..6620018c3376 100644 --- a/pkgs/misc/emulators/nestopia/default.nix +++ b/pkgs/misc/emulators/nestopia/default.nix @@ -11,6 +11,8 @@ stdenv.mkDerivation rec { # nondeterministic failures when creating directories enableParallelBuilding = false; + hardeningDisable = [ "format" ]; + buildInputs = [ pkgconfig SDL2 alsaLib gtk3 mesa_glu mesa makeWrapper libarchive libao unzip xdg_utils gsettings_desktop_schemas ]; diff --git a/pkgs/misc/emulators/uae/default.nix b/pkgs/misc/emulators/uae/default.nix index b57a2143cc22..ceafc714381c 100644 --- a/pkgs/misc/emulators/uae/default.nix +++ b/pkgs/misc/emulators/uae/default.nix @@ -2,13 +2,18 @@ stdenv.mkDerivation rec { name = "uae-0.8.29"; + src = fetchurl { url = "http://web.archive.org/web/20130905032631/http://www.amigaemulator.org/files/sources/develop/${name}.tar.bz2"; sha256 = "05s3cd1rd5a970s938qf4c2xm3l7f54g5iaqw56v8smk355m4qr4"; }; + configureFlags = [ "--with-sdl" "--with-sdl-sound" "--with-sdl-gfx" "--with-alsa" ]; + buildInputs = [ pkgconfig gtk alsaLib SDL ]; - + + hardeningDisable = [ "format" ]; + meta = { description = "Ultimate/Unix/Unusable Amiga Emulator"; license = stdenv.lib.licenses.gpl2Plus; diff --git a/pkgs/misc/mxt-app/default.nix b/pkgs/misc/mxt-app/default.nix index cfcba8a3a8ba..2873225b26f1 100644 --- a/pkgs/misc/mxt-app/default.nix +++ b/pkgs/misc/mxt-app/default.nix @@ -14,6 +14,8 @@ stdenv.mkDerivation rec{ buildInputs = [ autoconf automake libtool ]; preConfigure = "./autogen.sh"; + hardeningDisable = [ "fortify" ]; + meta = with stdenv.lib; { description = "Command line utility for Atmel maXTouch devices"; homepage = http://github.com/atmel-maxtouch/mxt-app; diff --git a/pkgs/misc/talkfilters/default.nix b/pkgs/misc/talkfilters/default.nix index 7447620e71b6..4b3158b7a3d5 100644 --- a/pkgs/misc/talkfilters/default.nix +++ b/pkgs/misc/talkfilters/default.nix @@ -1,21 +1,23 @@ { stdenv, fetchurl }: -let - name = "talkfilters"; +let + pname = "talkfilters"; version = "2.3.8"; in stdenv.mkDerivation { - name = "${name}"; + name = "${pname}-${version}"; src = fetchurl { - url = "http://www.hyperrealm.com/${name}/${name}-${version}.tar.gz"; + url = "http://www.hyperrealm.com/${pname}/${pname}-${version}.tar.gz"; sha256 = "19nc5vq4bnkjvhk8srqddzhcs93jyvpm9r6lzjzwc1mgf08yg0a6"; }; - meta = { + hardeningDisable = [ "format" ]; + + meta = { description = "Converts English text into text that mimics a stereotyped or humorous dialect"; - homepage = "http://http://www.hyperrealm.com/${name}"; + homepage = "http://http://www.hyperrealm.com/${pname}"; license = stdenv.lib.licenses.gpl2; maintainers = with stdenv.lib.maintainers; [ ikervagyok ]; platforms = with stdenv.lib.platforms; unix; diff --git a/pkgs/misc/vim-plugins/default.nix b/pkgs/misc/vim-plugins/default.nix index 6a49103a2f7a..67ea56be8477 100644 --- a/pkgs/misc/vim-plugins/default.nix +++ b/pkgs/misc/vim-plugins/default.nix @@ -13,7 +13,8 @@ in # TL;DR # Add your plugin to ./vim-plugin-names -# Generate via `vim-plugin-names-to-nix` +# Regenerate via `nix-build -Q -A vimPlugins.pluginnames2nix; ./result/bin/vim-plugin-names-to-nix` +# Copy the generated expression(s) into this file. # If plugin is complicated then make changes to ./vim2nix/additional-nix-code # This attrs contains two sections: @@ -885,6 +886,17 @@ rec { }; + vim-indent-guides = buildVimPluginFrom2Nix { # created by nix#NixDerivation + name = "vim-indent-guides-2016-04-17"; + src = fetchgit { + url = "git://github.com/nathanaelkane/vim-indent-guides"; + rev = "018298ead9d3aa9cd3b4ae222f81022a33978b09"; + sha256 = "0zyrs9r3vza2kqhqir6qpkygy6yljpn877bvycspv89ljzczmwrs"; + }; + dependencies = []; + + }; + vim-stylish-haskell = buildVimPluginFrom2Nix { # created by nix#NixDerivation name = "vim-stylish-haskell-2015-05-10"; src = fetchgit { diff --git a/pkgs/misc/vim-plugins/vim-plugin-names b/pkgs/misc/vim-plugins/vim-plugin-names index 8f09ea935ed9..6cef8885ce0b 100644 --- a/pkgs/misc/vim-plugins/vim-plugin-names +++ b/pkgs/misc/vim-plugins/vim-plugin-names @@ -68,6 +68,7 @@ "github:mhinz/vim-startify" "github:mkasa/lushtags" "github:mpickering/hlint-refactor-vim" +"github:nathanaelkane/vim-indent-guides" "github:nbouscal/vim-stylish-haskell" "github:neovimhaskell/haskell-vim" "github:osyo-manga/shabadou.vim" diff --git a/pkgs/os-specific/darwin/apple-source-releases/Libc/default.nix b/pkgs/os-specific/darwin/apple-source-releases/Libc/default.nix index 16cfa9e554b6..ce04be0e0836 100644 --- a/pkgs/os-specific/darwin/apple-source-releases/Libc/default.nix +++ b/pkgs/os-specific/darwin/apple-source-releases/Libc/default.nix @@ -1,4 +1,4 @@ -{ stdenv, appleDerivation, ed, unifdef, Libc_old }: +{ stdenv, appleDerivation, ed, unifdef, Libc_old, Libc_10-9 }: appleDerivation { phases = [ "unpackPhase" "installPhase" ]; @@ -13,6 +13,8 @@ appleDerivation { export PRIVATE_HEADERS_FOLDER_PATH=include bash xcodescripts/headers.sh + cp ${Libc_10-9}/include/NSSystemDirectories.h $out/include + # Ugh Apple stopped releasing this stuff so we need an older one... cp ${Libc_old}/include/spawn.h $out/include cp ${Libc_old}/include/setjmp.h $out/include diff --git a/pkgs/os-specific/darwin/apple-source-releases/Libsystem/default.nix b/pkgs/os-specific/darwin/apple-source-releases/Libsystem/default.nix index 1c9b5879e6ec..27d2360a9800 100644 --- a/pkgs/os-specific/darwin/apple-source-releases/Libsystem/default.nix +++ b/pkgs/os-specific/darwin/apple-source-releases/Libsystem/default.nix @@ -5,42 +5,7 @@ appleDerivation rec { phases = [ "unpackPhase" "installPhase" ]; - buildInputs = [ cpio libpthread ]; - - systemlibs = [ "cache" - "commonCrypto" - "compiler_rt" - "copyfile" - "corecrypto" - "dispatch" - "dyld" - "keymgr" - "kxld" - "launch" - "macho" - "quarantine" - "removefile" - "system_asl" - "system_blocks" - # "system_c" # special re-export here to hide newer functions - "system_configuration" - "system_dnssd" - "system_info" - # "system_kernel" # special re-export here to hide newer functions - "system_m" - "system_malloc" - "system_network" - "system_notify" - "system_platform" - "system_pthread" - "system_sandbox" - # does not exist in El Capitan beta - # FIXME: does anything on yosemite actually need this? - # "system_stats" - "unc" - "unwind" - "xpc" - ]; + buildInputs = [ cpio ]; installPhase = '' export NIX_ENFORCE_PURITY= @@ -54,7 +19,7 @@ appleDerivation rec { for dep in ${Libc} ${Libm} ${Libinfo} ${dyld} ${architecture} ${libclosure} ${CarbonHeaders} \ ${libdispatch} ${ncurses.dev} ${CommonCrypto} ${copyfile} ${removefile} ${libresolv} \ - ${Libnotify} ${mDNSResponder} ${launchd} ${libutil}; do + ${Libnotify} ${mDNSResponder} ${launchd} ${libutil} ${libpthread}; do (cd $dep/include && find . -name '*.h' | cpio -pdm $out/include) done @@ -91,33 +56,9 @@ appleDerivation rec { # The startup object files cp ${Csu}/lib/* $out/lib - # selectively re-export functions from libsystem_c and libsystem_kernel - # to provide a consistent interface across OSX verions - mkdir -p $out/lib/system - ld -macosx_version_min 10.7 -arch x86_64 -dylib \ - -o $out/lib/system/libsystem_c.dylib \ - /usr/lib/libSystem.dylib \ - -reexported_symbols_list ${./system_c_symbols} - - ld -macosx_version_min 10.7 -arch x86_64 -dylib \ - -o $out/lib/system/libsystem_kernel.dylib \ - /usr/lib/libSystem.dylib \ - -reexported_symbols_list ${./system_kernel_symbols} - - # Set up the actual library link - clang -c -o CompatibilityHacks.o -Os CompatibilityHacks.c - clang -c -o init.o -Os init.c - ld -macosx_version_min 10.7 \ - -arch x86_64 \ - -dylib \ - -o $out/lib/libSystem.dylib \ - CompatibilityHacks.o init.o \ - -compatibility_version 1.0 \ - -current_version 1197.1.1 \ - -reexport_library $out/lib/system/libsystem_c.dylib \ - -reexport_library $out/lib/system/libsystem_kernel.dylib \ - ${stdenv.lib.concatStringsSep " " - (map (l: "-reexport_library /usr/lib/system/lib${l}.dylib") systemlibs)} + # OMG impurity + ln -s /usr/lib/libSystem.B.dylib $out/lib/libSystem.B.dylib + ln -s /usr/lib/libSystem.dylib $out/lib/libSystem.dylib # Set up links to pretend we work like a conventional unix (Apple's design, not mine!) for name in c dbm dl info m mx poll proc pthread rpcsvc util gcc_s.10.4 gcc_s.10.5; do diff --git a/pkgs/os-specific/darwin/apple-source-releases/configd/default.nix b/pkgs/os-specific/darwin/apple-source-releases/configd/default.nix index 1fbacfb92845..24797fc286a7 100644 --- a/pkgs/os-specific/darwin/apple-source-releases/configd/default.nix +++ b/pkgs/os-specific/darwin/apple-source-releases/configd/default.nix @@ -3,7 +3,7 @@ appleDerivation { meta.broken = stdenv.cc.nativeLibc; - buildInputs = [ launchd bootstrap_cmds xnu ppp IOKit eap8021x ]; + buildInputs = [ launchd bootstrap_cmds ppp IOKit eap8021x ]; propagatedBuildInputs = [ Security ]; @@ -12,6 +12,11 @@ appleDerivation { ''; patchPhase = '' + HACK=$PWD/hack + mkdir $HACK + cp -r ${xnu}/Library/Frameworks/System.framework/Versions/B/PrivateHeaders/net $HACK + + substituteInPlace SystemConfiguration.fproj/SCNetworkReachabilityInternal.h \ --replace '#include <xpc/xpc.h>' "" @@ -172,9 +177,9 @@ appleDerivation { cc -I. -Ihelper -Iderived -F. -c DHCP.c -o DHCP.o cc -I. -Ihelper -Iderived -F. -c moh.c -o moh.o cc -I. -Ihelper -Iderived -F. -c DeviceOnHold.c -o DeviceOnHold.o - cc -I. -Ihelper -Iderived -I${xnu}/Library/Frameworks/System.framework/Versions/B/PrivateHeaders -F. -c LinkConfiguration.c -o LinkConfiguration.o + cc -I. -Ihelper -Iderived -I $HACK -F. -c LinkConfiguration.c -o LinkConfiguration.o cc -I. -Ihelper -Iderived -F. -c dy_framework.c -o dy_framework.o - cc -I. -Ihelper -Iderived -I${xnu}/Library/Frameworks/System.framework/Versions/B/PrivateHeaders -F. -c VLANConfiguration.c -o VLANConfiguration.o + cc -I. -Ihelper -Iderived -I $HACK -F. -c VLANConfiguration.c -o VLANConfiguration.o cc -I. -Ihelper -Iderived -F. -c derived/configUser.c -o configUser.o cc -I. -Ihelper -Iderived -F. -c SCPreferencesPathKey.c -o SCPreferencesPathKey.o cc -I. -Ihelper -Iderived -I../dnsinfo -F. -c derived/shared_dns_infoUser.c -o shared_dns_infoUser.o @@ -183,8 +188,8 @@ appleDerivation { cc -I. -Ihelper -Iderived -F. -c SCNetworkProtocol.c -o SCNetworkProtocol.o cc -I. -Ihelper -Iderived -F. -c SCNetworkService.c -o SCNetworkService.o cc -I. -Ihelper -Iderived -F. -c SCNetworkSet.c -o SCNetworkSet.o - cc -I. -Ihelper -Iderived -I${xnu}/Library/Frameworks/System.framework/Versions/B/PrivateHeaders -F. -c BondConfiguration.c -o BondConfiguration.o - cc -I. -Ihelper -Iderived -I${xnu}/Library/Frameworks/System.framework/Versions/B/PrivateHeaders -F. -c BridgeConfiguration.c -o BridgeConfiguration.o + cc -I. -Ihelper -Iderived -I $HACK -F. -c BondConfiguration.c -o BondConfiguration.o + cc -I. -Ihelper -Iderived -I $HACK -F. -c BridgeConfiguration.c -o BridgeConfiguration.o cc -I. -Ihelper -Iderived -F. -c helper/SCHelper_client.c -o SCHelper_client.o cc -I. -Ihelper -Iderived -F. -c SCPreferencesKeychainPrivate.c -o SCPreferencesKeychainPrivate.o cc -I. -Ihelper -Iderived -F. -c SCNetworkSignature.c -o SCNetworkSignature.o diff --git a/pkgs/os-specific/darwin/apple-source-releases/default.nix b/pkgs/os-specific/darwin/apple-source-releases/default.nix index ce128f14530b..d7710abf291b 100644 --- a/pkgs/os-specific/darwin/apple-source-releases/default.nix +++ b/pkgs/os-specific/darwin/apple-source-releases/default.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchurl, pkgs }: +{ stdenv, fetchurl, fetchzip, pkgs }: let # This attrset can in theory be computed automatically, but for that to work nicely we need @@ -6,9 +6,13 @@ let # a stdenv out of something like this. With some care we can probably get rid of this, but for # now it's staying here. versions = { - "osx-10.11.2" = { - dtrace = "168"; - xnu = "3248.20.55"; + "osx-10.11.6" = { + dtrace = "168"; + xnu = "3248.60.10"; + libpthread = "138.10.4"; + }; + "osx-10.11.5" = { + Libc = "1082.50.1"; # 10.11.6 still unreleased :/ }; "osx-10.10.5" = { adv_cmds = "158"; @@ -185,13 +189,18 @@ let CoreOSMakefiles = applePackage "CoreOSMakefiles" "osx-10.5" "0kxp53spbn7109l7cvhi88pmfsi81lwmbws819b6wr3hm16v84f4" {}; Csu = applePackage "Csu" "osx-10.10.5" "0yh5mslyx28xzpv8qww14infkylvc1ssi57imhi471fs91sisagj" {}; dtrace = applePackage "dtrace" "osx-10.10.5" "0pp5x8dgvzmg9vvg32hpy2brm17dpmbwrcr4prsmdmfvd4767wcf" {}; - dtracen = applePackage "dtrace" "osx-10.11.2" "04mi0jy8gy0w59rk9i9dqznysv6fzz1v5mq779s41cp308yi0h1c" {}; + dtracen = applePackage "dtrace" "osx-10.11.6" "04mi0jy8gy0w59rk9i9dqznysv6fzz1v5mq779s41cp308yi0h1c" {}; dyld = applePackage "dyld" "osx-10.10.5" "167f74ln8pmfimwn6kwh199ylvy3fw72fd15da94mf34ii0zar6k" {}; eap8021x = applePackage "eap8021x" "osx-10.10.5" "1f37dpbcgrd1b14nrv2lpqrkap74myjbparz9masx92df6kcn7l2" {}; IOKit = applePackage "IOKit" "osx-10.10.5" "0kcbrlyxcyirvg5p95hjd9k8a01k161zg0bsfgfhkb90kh2s8x0m" { inherit IOKitSrcs; }; launchd = applePackage "launchd" "osx-10.9.5" "0w30hvwqq8j5n90s3qyp0fccxflvrmmjnicjri4i1vd2g196jdgj" {}; libauto = applePackage "libauto" "osx-10.9.5" "17z27yq5d7zfkwr49r7f0vn9pxvj95884sd2k6lq6rfaz9gxqhy3" {}; - Libc = applePackage "Libc" "osx-10.9.5" "1jz5bx9l4q484vn28c6n9b28psja3rpxiqbj6zwrwvlndzmq1yz5" {}; + Libc = applePackage "Libc" "osx-10.11.5" "1qv7r0dgz06jy9i5agbqzxgdibb0m8ylki6g5n5pary88lzrawfd" { + Libc_10-9 = fetchzip { + url = "http://www.opensource.apple.com/tarballs/Libc/Libc-997.90.3.tar.gz"; + sha256 = "1xchgxkxg5288r2b9yfrqji2gsgdap92k4wx2dbjwslixws12pq7"; + }; + }; Libc_old = applePackage "Libc/825_40_1.nix" "osx-10.8.5" "0xsx1im52gwlmcrv4lnhhhn9dyk5ci6g27k6yvibn9vj8fzjxwcf" {}; libclosure = applePackage "libclosure" "osx-10.10.5" "1zqy1zvra46cmqv6vsf1mcsz3a76r9bky145phfwh4ab6y15vjpq" {}; libdispatch = applePackage "libdispatch" "osx-10.9.5" "1lc5033cmkwxy3r26gh9plimxshxfcbgw6i0j7mgjlnpk86iy5bk" {}; @@ -199,7 +208,7 @@ let Libinfo = applePackage "Libinfo" "osx-10.10.5" "19n72s652rrqnc9hzlh4xq3h7xsfyjyklmcgyzyj0v0z68ww3z6h" {}; Libm = applePackage "Libm" "osx-10.7.4" "02sd82ig2jvvyyfschmb4gpz6psnizri8sh6i982v341x6y4ysl7" {}; Libnotify = applePackage "Libnotify" "osx-10.9.5" "164rx4za5z74s0mk9x0m1815r1m9kfal8dz3bfaw7figyjd6nqad" {}; - libpthread = applePackage "libpthread" "osx-10.10.5" "1p2y6xvsfqyakivr6d48fgrd163b5m9r045cxyfwrf8w0r33nfn3" {}; + libpthread = applePackage "libpthread" "osx-10.11.6" "1kbw738cmr9pa7pz1igmajs307clfq7gv2vm1sqdzhcnnjxbl28w" {}; libresolv = applePackage "libresolv" "osx-10.10.5" "0nvssf4qaqgs1dxwayzdy66757k99969f6c7n68n58n2yh6f5f6a" {}; Libsystem = applePackage "Libsystem" "osx-10.9.5" "1yfj2qdrf9vrzs7p9m4wlb7zzxcrim1gw43x4lvz4qydpp5kg2rh" {}; libutil = applePackage "libutil" "osx-10.10.5" "12gsvmj342n5d81kqwba68bmz3zf2757442g1sz2y5xmcapa3g5f" {}; @@ -209,7 +218,7 @@ let ppp = applePackage "ppp" "osx-10.10.5" "01v7i0xds185glv8psvlffylfcfhbx1wgsfg74kx5rh3lyrigwrb" {}; removefile = applePackage "removefile" "osx-10.10.5" "1f2jw5irq6fz2jv5pag1w2ivfp8659v74f0h8kh0yx0rqw4asm33" {}; Security = applePackage "Security" "osx-10.9.5" "1nv0dczf67dhk17hscx52izgdcyacgyy12ag0jh6nl5hmfzsn8yy" {}; - xnu = applePackage "xnu" "osx-10.9.5" "1ssw5fzvgix20bw6y13c39ib0zs7ykpig3irlwbaccpjpci5jl0s" {}; + xnu = applePackage "xnu" "osx-10.11.6" "0yhziq4dqqcbjpf6vyqn8xhwva2zb525gndkx8cp8alzwp76jnr9" {}; # Pending work... we can't change the above packages in place because the bootstrap depends on them, so we detach the expressions # here so we can work on them. diff --git a/pkgs/os-specific/darwin/apple-source-releases/libpthread/default.nix b/pkgs/os-specific/darwin/apple-source-releases/libpthread/default.nix index 027784e2ea6d..c9d4b654a589 100644 --- a/pkgs/os-specific/darwin/apple-source-releases/libpthread/default.nix +++ b/pkgs/os-specific/darwin/apple-source-releases/libpthread/default.nix @@ -6,8 +6,14 @@ appleDerivation { propagatedBuildInputs = [ libdispatch xnu ]; installPhase = '' - mkdir -p $out/include/pthread + mkdir -p $out/include/pthread/ + mkdir -p $out/include/sys/_types cp pthread/*.h $out/include/pthread/ - cp private/*.h $out/include/pthread/ + + # This overwrites qos.h, and is probably not necessary, but I'll leave it here for now + # cp private/*.h $out/include/pthread/ + + cp -r sys $out/include + cp -r sys/_pthread/*.h $out/include/sys/_types/ ''; } diff --git a/pkgs/os-specific/darwin/apple-source-releases/xnu/default.nix b/pkgs/os-specific/darwin/apple-source-releases/xnu/default.nix index 4933f94d4a93..0ce9c54e48c4 100644 --- a/pkgs/os-specific/darwin/apple-source-releases/xnu/default.nix +++ b/pkgs/os-specific/darwin/apple-source-releases/xnu/default.nix @@ -30,11 +30,12 @@ appleDerivation { substituteInPlace libsyscall/xcodescripts/mach_install_mig.sh \ --replace "/usr/include" "/include" \ --replace "/usr/local/include" "/include" \ - --replace "MIG=" "# " \ - --replace "MIGCC=" "# " \ + --replace 'MIG=`' "# " \ + --replace 'MIGCC=`' "# " \ --replace " -o 0" "" \ --replace '$SRC/$mig' '-I$DSTROOT/include $SRC/$mig' \ - --replace '$SRC/servers/netname.defs' '-I$DSTROOT/include $SRC/servers/netname.defs' + --replace '$SRC/servers/netname.defs' '-I$DSTROOT/include $SRC/servers/netname.defs' \ + --replace '$BUILT_PRODUCTS_DIR/mig_hdr' '$BUILT_PRODUCTS_DIR' patchShebangs . ''; @@ -46,9 +47,9 @@ appleDerivation { cat > sdk/usr/local/libexec/availability.pl <<EOF #!$SHELL if [ "\$1" == "--macosx" ]; then - echo 10.0 10.1 10.2 10.3 10.4 10.5 10.6 10.7 10.8 10.9 + echo 10.0 10.1 10.2 10.3 10.4 10.5 10.6 10.7 10.8 10.9 10.10 10.11 elif [ "\$1" == "--ios" ]; then - echo 2.0 2.1 2.2 3.0 3.1 3.2 4.0 4.1 4.2 4.3 5.0 5.1 6.0 6.1 7.0 + echo 2.0 2.1 2.2 3.0 3.1 3.2 4.0 4.1 4.2 4.3 5.0 5.1 6.0 6.1 7.0 8.0 9.0 fi EOF chmod +x sdk/usr/local/libexec/availability.pl @@ -56,7 +57,7 @@ appleDerivation { export SDKROOT_RESOLVED=$PWD/sdk export HOST_SDKROOT_RESOLVED=$PWD/sdk export PLATFORM=MacOSX - export SDKVERSION=10.7 + export SDKVERSION=10.11 export CC=cc export CXX=c++ @@ -87,13 +88,13 @@ appleDerivation { make installhdrs mv $out/usr/include $out - rmdir $out/usr # TODO: figure out why I need to do this cp libsyscall/wrappers/*.h $out/include mkdir -p $out/include/os cp libsyscall/os/tsd.h $out/include/os/tsd.h cp EXTERNAL_HEADERS/AssertMacros.h $out/include + cp EXTERNAL_HEADERS/Availability*.h $out/System/Library/Frameworks/Kernel.framework/Versions/A/Headers/ # Build the mach headers we crave export MIGCC=cc @@ -101,11 +102,21 @@ appleDerivation { export SRCROOT=$PWD/libsyscall export DERIVED_SOURCES_DIR=$out/include export SDKROOT=$out + export OBJROOT=$PWD + export BUILT_PRODUCTS_DIR=$out libsyscall/xcodescripts/mach_install_mig.sh # Get rid of the System prefix mv $out/System/* $out/ + # TODO: do I need this? + mv $out/internal_hdr/include/mach/*.h $out/include/mach + + # Get rid of some junk lying around + rm -rf $out/internal_hdr + rm -rf $out/usr + rm -rf $out/local + # Add some symlinks ln -s $out/Library/Frameworks/System.framework/Versions/B \ $out/Library/Frameworks/System.framework/Versions/Current diff --git a/pkgs/os-specific/darwin/swift-corefoundation/default.nix b/pkgs/os-specific/darwin/swift-corefoundation/default.nix new file mode 100644 index 000000000000..969168fa54ba --- /dev/null +++ b/pkgs/os-specific/darwin/swift-corefoundation/default.nix @@ -0,0 +1,32 @@ +{ stdenv, fetchFromGitHub, python, ninja, libxml2 }: + +stdenv.mkDerivation { + name = "swift-corefoundation"; + + src = fetchFromGitHub { + owner = "apple"; + repo = "swift-corelibs-foundation"; + rev = "dce4233f583ec15190b240d6116396bf9641cd57"; + sha256 = "0i2ldvy14x05k2vgl5z0g5l2i5llifdfbij5zwfdwb8jmmq215qr"; + }; + + buildInputs = [ ninja python libxml2 ]; + + patchPhase = '' + substituteInPlace CoreFoundation/build.py \ + --replace '-I''${SYSROOT}/usr/include/libxml2' '-I${libxml2.dev}/include/libxml2' \ + ''; + + configurePhase = ":"; + + buildPhase = '' + cd CoreFoundation + ../configure --sysroot unused + ninja + ''; + + installPhase = '' + mkdir -p $out/lib + cp ../Build/CoreFoundation/libCoreFoundation.a $out/lib + ''; +} diff --git a/pkgs/os-specific/linux/acpi-call/default.nix b/pkgs/os-specific/linux/acpi-call/default.nix index 289b54f1b54c..65223a32bad6 100644 --- a/pkgs/os-specific/linux/acpi-call/default.nix +++ b/pkgs/os-specific/linux/acpi-call/default.nix @@ -8,7 +8,9 @@ stdenv.mkDerivation { rev = "ac67445bc75ec4fcf46ceb195fb84d74ad350d51"; sha256 = "0jl19irz9x9pxab2qp4z8c3jijv2m30zhmnzi6ygbrisqqlg4c75"; }; - + + hardeningDisable = [ "pic" ]; + preBuild = '' sed -e 's/break/true/' -i examples/turn_off_gpu.sh sed -e 's@/bin/bash@.bin/sh@' -i examples/turn_off_gpu.sh diff --git a/pkgs/os-specific/linux/ati-drivers/default.nix b/pkgs/os-specific/linux/ati-drivers/default.nix index e5eb9b8c6c3c..902f0e37e35f 100644 --- a/pkgs/os-specific/linux/ati-drivers/default.nix +++ b/pkgs/os-specific/linux/ati-drivers/default.nix @@ -65,6 +65,8 @@ stdenv.mkDerivation rec { curlOpts = "--referer http://support.amd.com/en-us/download/desktop?os=Linux+x86_64"; }; + hardeningDisable = [ "pic" "format" ]; + patchPhaseSamples = "patch -p2 < ${./patches/patch-samples.patch}"; patches = [ ./patches/15.12-xstate-fp.patch diff --git a/pkgs/os-specific/linux/batman-adv/default.nix b/pkgs/os-specific/linux/batman-adv/default.nix index 0b8a70cb9762..65fcd07a6e08 100644 --- a/pkgs/os-specific/linux/batman-adv/default.nix +++ b/pkgs/os-specific/linux/batman-adv/default.nix @@ -12,6 +12,8 @@ stdenv.mkDerivation rec { sha256 = "0pj6jans75pxw9arp1747kmmk72zbc2vgkf2a0w565pj98x1nlk1"; }; + hardeningDisable = [ "pic" ]; + preBuild = '' makeFlags="KERNELPATH=${kernel.dev}/lib/modules/${kernel.modDirVersion}/build" sed -i -e "s,INSTALL_MOD_DIR=,INSTALL_MOD_PATH=$out INSTALL_MOD_DIR=," \ @@ -24,5 +26,6 @@ stdenv.mkDerivation rec { license = stdenv.lib.licenses.gpl2; maintainers = with stdenv.lib.maintainers; [ viric fpletz ]; platforms = with stdenv.lib.platforms; linux; + broken = (kernel.features.grsecurity or false); }; } diff --git a/pkgs/os-specific/linux/bbswitch/default.nix b/pkgs/os-specific/linux/bbswitch/default.nix index ec1e5f2e20bc..67b843fac4dc 100644 --- a/pkgs/os-specific/linux/bbswitch/default.nix +++ b/pkgs/os-specific/linux/bbswitch/default.nix @@ -20,6 +20,8 @@ stdenv.mkDerivation { sha256 = "1lbr6pyyby4k9rn2ry5qc38kc738d0442jhhq57vmdjb6hxjya7m"; }) ]; + hardeningDisable = [ "pic" ]; + preBuild = '' substituteInPlace Makefile \ --replace "\$(shell uname -r)" "${kernel.modDirVersion}" \ diff --git a/pkgs/os-specific/linux/blcr/default.nix b/pkgs/os-specific/linux/blcr/default.nix index bc7523858fe1..c2e3fa4b9e1f 100644 --- a/pkgs/os-specific/linux/blcr/default.nix +++ b/pkgs/os-specific/linux/blcr/default.nix @@ -19,6 +19,8 @@ stdenv.mkDerivation { buildInputs = [ perl makeWrapper ]; + hardeningDisable = [ "pic" ]; + preConfigure = '' configureFlagsArray=( --with-linux=${kernel.dev}/lib/modules/${kernel.modDirVersion}/build @@ -33,7 +35,7 @@ stdenv.mkDerivation { wrapProgram "$prog" --prefix LD_LIBRARY_PATH ":" "$out/lib" done ''; - + meta = { description = "Berkeley Lab Checkpoint/Restart for Linux (BLCR)"; homepage = https://ftg.lbl.gov/projects/CheckpointRestart/; diff --git a/pkgs/os-specific/linux/broadcom-sta/default.nix b/pkgs/os-specific/linux/broadcom-sta/default.nix index 28b23a61ff06..e36512e00767 100644 --- a/pkgs/os-specific/linux/broadcom-sta/default.nix +++ b/pkgs/os-specific/linux/broadcom-sta/default.nix @@ -19,6 +19,8 @@ stdenv.mkDerivation { sha256 = hashes.${stdenv.system}; }; + hardeningDisable = [ "pic" ]; + patches = [ ./i686-build-failure.patch ./license.patch diff --git a/pkgs/os-specific/linux/busybox/default.nix b/pkgs/os-specific/linux/busybox/default.nix index 296b19bc5b6c..efb06ba845e8 100644 --- a/pkgs/os-specific/linux/busybox/default.nix +++ b/pkgs/os-specific/linux/busybox/default.nix @@ -33,6 +33,8 @@ stdenv.mkDerivation rec { sha256 = "16ii9sqracvh2r1gfzhmlypl269nnbkpvrwa7270k35d3bigk9h5"; }; + hardeningDisable = [ "format" ]; + patches = [ ./busybox-in-store.patch ]; configurePhase = '' @@ -72,7 +74,7 @@ stdenv.mkDerivation rec { makeFlagsArray+=("CC=gcc -isystem ${musl}/include -B${musl}/lib -L${musl}/lib") ''; - buildInputs = lib.optionals (enableStatic && !useMusl) [ glibc glibc.static ]; + buildInputs = lib.optionals (enableStatic && !useMusl) [ stdenv.cc.libc stdenv.cc.libc.static ]; crossAttrs = { extraCrossConfig = '' diff --git a/pkgs/os-specific/linux/checksec/default.nix b/pkgs/os-specific/linux/checksec/default.nix index e698c11ad0fb..1a879ba33304 100644 --- a/pkgs/os-specific/linux/checksec/default.nix +++ b/pkgs/os-specific/linux/checksec/default.nix @@ -3,6 +3,7 @@ stdenv.mkDerivation rec { name = "checksec-${version}"; version = "1.5"; + src = fetchurl { url = "http://www.trapkit.de/tools/checksec.sh"; sha256 = "0iq9v568mk7g7ksa1939g5f5sx7ffq8s8n2ncvphvlckjgysgf3p"; @@ -11,9 +12,9 @@ stdenv.mkDerivation rec { patches = [ ./0001-attempt-to-modprobe-config-before-checking-kernel.patch ]; unpackPhase = '' - mkdir ${name}-${version} - cp $src ${name}-${version}/checksec.sh - cd ${name}-${version} + mkdir ${name} + cp $src ${name}/checksec.sh + cd ${name} ''; installPhase = '' @@ -32,8 +33,6 @@ stdenv.mkDerivation rec { substituteInPlace $out/bin/checksec --replace "/usr/bin/id -" "${coreutils}/bin/id -" ''; - phases = "unpackPhase patchPhase installPhase"; - meta = { description = "A tool for checking security bits on executables"; homepage = "http://www.trapkit.de/tools/checksec.html"; diff --git a/pkgs/os-specific/linux/criu/default.nix b/pkgs/os-specific/linux/criu/default.nix index 630c49853258..efca4c7bbb5b 100644 --- a/pkgs/os-specific/linux/criu/default.nix +++ b/pkgs/os-specific/linux/criu/default.nix @@ -24,7 +24,11 @@ stdenv.mkDerivation rec { ln -sf ${protobuf}/include/google/protobuf/descriptor.proto ./images/google/protobuf/descriptor.proto ''; - buildPhase = "make PREFIX=$out"; + buildPhase = "make PREFIX=$out"; + + makeFlags = "PREFIX=$(out)"; + + hardeningDisable = [ "stackprotector" ]; installPhase = '' mkdir -p $out/etc/logrotate.d diff --git a/pkgs/os-specific/linux/cryptodev/default.nix b/pkgs/os-specific/linux/cryptodev/default.nix index 4ea9295ef4f9..f3c262231223 100644 --- a/pkgs/os-specific/linux/cryptodev/default.nix +++ b/pkgs/os-specific/linux/cryptodev/default.nix @@ -1,26 +1,19 @@ { fetchurl, stdenv, kernel, onlyHeaders ? false }: stdenv.mkDerivation rec { - pname = "cryptodev-linux-1.6"; + pname = "cryptodev-linux-1.8"; name = "${pname}-${kernel.version}"; src = fetchurl { url = "http://download.gna.org/cryptodev-linux/${pname}.tar.gz"; - sha256 = "0bryzdb4xz3fp2q00a0mlqkj629md825lnlh4gjwmy51irf45wbm"; + sha256 = "0xhkhcdlds9aiz0hams93dv0zkgcn2abaiagdjlqdck7zglvvyk7"; }; - buildPhase = if !onlyHeaders then '' - make -C ${kernel.dev}/lib/modules/${kernel.modDirVersion}/build \ - SUBDIRS=`pwd` INSTALL_PATH=$out - '' else ":"; + hardeningDisable = [ "pic" ]; - installPhase = stdenv.lib.optionalString (!onlyHeaders) '' - make -C ${kernel.dev}/lib/modules/${kernel.modDirVersion}/build \ - INSTALL_MOD_PATH=$out SUBDIRS=`pwd` modules_install - '' + '' - mkdir -p $out/include/crypto - cp crypto/cryptodev.h $out/include/crypto - ''; + KERNEL_DIR = "${kernel.dev}/lib/modules/${kernel.modDirVersion}/build"; + INSTALL_MOD_PATH = "\${out}"; + PREFIX = "\${out}"; meta = { description = "Device that allows access to Linux kernel cryptographic drivers"; diff --git a/pkgs/os-specific/linux/disk-indicator/default.nix b/pkgs/os-specific/linux/disk-indicator/default.nix index d0d0371ec2d7..46ebc923e3b2 100644 --- a/pkgs/os-specific/linux/disk-indicator/default.nix +++ b/pkgs/os-specific/linux/disk-indicator/default.nix @@ -20,6 +20,8 @@ stdenv.mkDerivation { NIX_CFLAGS_COMPILE = "-Wno-error=cpp"; + hardeningDisable = [ "fortify" ]; + installPhase = '' mkdir -p "$out/bin" cp ./disk_indicator "$out/bin/" diff --git a/pkgs/os-specific/linux/dmraid/default.nix b/pkgs/os-specific/linux/dmraid/default.nix index fcbc8cb51253..d39cadf41993 100644 --- a/pkgs/os-specific/linux/dmraid/default.nix +++ b/pkgs/os-specific/linux/dmraid/default.nix @@ -8,6 +8,8 @@ stdenv.mkDerivation rec { sha256 = "0m92971gyqp61darxbiri6a48jz3wq3gkp8r2k39320z0i6w8jgq"; }; + patches = [ ./hardening-format.patch ]; + postPatch = '' sed -i 's/\[\[[^]]*\]\]/[ "''$''${n##*.}" = "so" ]/' */lib/Makefile.in ''; diff --git a/pkgs/os-specific/linux/dmraid/hardening-format.patch b/pkgs/os-specific/linux/dmraid/hardening-format.patch new file mode 100644 index 000000000000..f91a7fb18aa0 --- /dev/null +++ b/pkgs/os-specific/linux/dmraid/hardening-format.patch @@ -0,0 +1,18 @@ +--- a/1.0.0.rc16/lib/events/libdmraid-events-isw.c 2016-01-29 05:16:57.455425454 +0000 ++++ b/1.0.0.rc16/lib/events/libdmraid-events-isw.c 2016-01-29 05:17:55.520564013 +0000 +@@ -838,13 +838,13 @@ + + sz = _log_all_devs(log_type, rs, NULL, 0); + if (!sz) { +- syslog(LOG_ERR, msg[0]); ++ syslog(LOG_ERR, "%s", msg[0]); + return; + } + + str = dm_malloc(++sz); + if (!str) { +- syslog(LOG_ERR, msg[1]); ++ syslog(LOG_ERR, "%s", msg[1]); + return; + } + diff --git a/pkgs/os-specific/linux/dpdk/default.nix b/pkgs/os-specific/linux/dpdk/default.nix index 9d1d3d666ace..e0c164e6232e 100644 --- a/pkgs/os-specific/linux/dpdk/default.nix +++ b/pkgs/os-specific/linux/dpdk/default.nix @@ -22,6 +22,8 @@ stdenv.mkDerivation rec { enableParallelBuilding = true; outputs = [ "out" "kmod" "examples" ]; + hardeningDisable = [ "pic" ]; + configurePhase = '' make T=x86_64-native-linuxapp-gcc config ''; diff --git a/pkgs/os-specific/linux/e1000e/default.nix b/pkgs/os-specific/linux/e1000e/default.nix index 0b67a5382f75..5406c37522ea 100644 --- a/pkgs/os-specific/linux/e1000e/default.nix +++ b/pkgs/os-specific/linux/e1000e/default.nix @@ -8,6 +8,8 @@ stdenv.mkDerivation { sha256 = "07hg6xxqgqshnys1qs9wbl9qr7d4ixdkd1y1fj27cg6bn8s2n797"; }; + hardeningDisable = [ "pic" ]; + configurePhase = '' cd src kernel_version=${kernel.modDirVersion} diff --git a/pkgs/os-specific/linux/ena/default.nix b/pkgs/os-specific/linux/ena/default.nix index 7a047e9f2338..8d2f368bc99a 100644 --- a/pkgs/os-specific/linux/ena/default.nix +++ b/pkgs/os-specific/linux/ena/default.nix @@ -10,6 +10,11 @@ stdenv.mkDerivation rec { sha256 = "03w6xgv3lfn28n38mj9cdi3px5zjyrbxnflpd3ggivkv6grf9fp7"; }; + hardeningDisable = [ "pic" ]; + + # linux 3.12 + NIX_CFLAGS_COMPILE = "-Wno-error=implicit-function-declaration"; + configurePhase = '' cd kernel/linux/ena @@ -30,5 +35,6 @@ stdenv.mkDerivation rec { homepage = https://github.com/amzn/amzn-drivers; license = lib.licenses.gpl2; maintainers = [ lib.maintainers.eelco ]; + platforms = lib.platforms.linux; }; } diff --git a/pkgs/os-specific/linux/facetimehd/default.nix b/pkgs/os-specific/linux/facetimehd/default.nix index cbacb6ae074d..de726d5b42c9 100644 --- a/pkgs/os-specific/linux/facetimehd/default.nix +++ b/pkgs/os-specific/linux/facetimehd/default.nix @@ -4,7 +4,6 @@ assert stdenv.lib.versionAtLeast kernel.version "3.19"; stdenv.mkDerivation rec { - name = "facetimehd-${version}-${kernel.version}"; version = "git-20160503"; @@ -29,6 +28,8 @@ stdenv.mkDerivation rec { export INSTALL_MOD_PATH="$out" ''; + hardeningDisable = [ "pic" ]; + makeFlags = [ "KDIR=${kernel.dev}/lib/modules/${kernel.modDirVersion}/build" ]; @@ -40,5 +41,4 @@ stdenv.mkDerivation rec { maintainers = with maintainers; [ womfoo grahamc ]; platforms = platforms.linux; }; - } diff --git a/pkgs/os-specific/linux/firmware/raspberrypi/default.nix b/pkgs/os-specific/linux/firmware/raspberrypi/default.nix index 4787eb57afd3..2ee232e877df 100644 --- a/pkgs/os-specific/linux/firmware/raspberrypi/default.nix +++ b/pkgs/os-specific/linux/firmware/raspberrypi/default.nix @@ -11,6 +11,8 @@ stdenv.mkDerivation rec { sha256 = "06g691px0abndp5zvz2ba1g675rcqb64n055h5ahgnlck5cdpawg"; }; + dontStrip = true; # Stripping breaks some of the binaries + installPhase = '' mkdir -p $out/share/raspberrypi/boot cp -R boot/* $out/share/raspberrypi/boot diff --git a/pkgs/os-specific/linux/forkstat/default.nix b/pkgs/os-specific/linux/forkstat/default.nix index 3a253003e8e1..a0478af912c8 100644 --- a/pkgs/os-specific/linux/forkstat/default.nix +++ b/pkgs/os-specific/linux/forkstat/default.nix @@ -2,10 +2,10 @@ stdenv.mkDerivation rec { name = "forkstat-${version}"; - version = "0.01.13"; + version = "0.01.14"; src = fetchurl { url = "http://kernel.ubuntu.com/~cking/tarballs/forkstat/forkstat-${version}.tar.gz"; - sha256 = "12dmqpv0q3x166sya93rhcj7vs4868x7y7lwfwv9l54hhirpamhq"; + sha256 = "0yj3mhf9b2nm8fnz4vf2fqdd8417g30p2sgv3ilq3zwy4hbg9bav"; }; installFlags = [ "DESTDIR=$(out)" ]; postInstall = '' diff --git a/pkgs/os-specific/linux/frandom/default.nix b/pkgs/os-specific/linux/frandom/default.nix index 80ad483b3676..dfdc79c2005f 100644 --- a/pkgs/os-specific/linux/frandom/default.nix +++ b/pkgs/os-specific/linux/frandom/default.nix @@ -11,6 +11,8 @@ stdenv.mkDerivation rec { sha256 = "15rgyk4hfawqg7z1spk2xlk1nn6rcdls8gdhc70f91shrc9pvlls"; }; + hardeningDisable = [ "pic" ]; + preBuild = '' kernelVersion=${kernel.modDirVersion} substituteInPlace Makefile \ diff --git a/pkgs/os-specific/linux/fusionio/vsl.nix b/pkgs/os-specific/linux/fusionio/vsl.nix index 8e24b5061cd3..665c4b4d0813 100644 --- a/pkgs/os-specific/linux/fusionio/vsl.nix +++ b/pkgs/os-specific/linux/fusionio/vsl.nix @@ -8,6 +8,8 @@ stdenv.mkDerivation rec { src = srcs.vsl; + hardeningDisable = [ "pic" ]; + prePatch = '' cd root/usr/src/iomemory-vsl-* ''; diff --git a/pkgs/os-specific/linux/gogoclient/default.nix b/pkgs/os-specific/linux/gogoclient/default.nix index c33d9cfae9ed..7383db95c375 100644 --- a/pkgs/os-specific/linux/gogoclient/default.nix +++ b/pkgs/os-specific/linux/gogoclient/default.nix @@ -16,6 +16,8 @@ stdenv.mkDerivation rec { makeFlags = ["target=linux"]; installFlags = ["installdir=$(out)"]; + hardeningDisable = [ "format" ]; + buildInputs = [openssl]; preFixup = '' diff --git a/pkgs/os-specific/linux/ifenslave/default.nix b/pkgs/os-specific/linux/ifenslave/default.nix index d8985003b41a..b9390d1d5893 100644 --- a/pkgs/os-specific/linux/ifenslave/default.nix +++ b/pkgs/os-specific/linux/ifenslave/default.nix @@ -18,6 +18,8 @@ stdenv.mkDerivation rec { cp -a ifenslave $out/bin ''; + hardeningDisable = [ "format" ]; + meta = { description = "Utility for enslaving networking interfaces under a bond"; license = stdenv.lib.licenses.gpl2; diff --git a/pkgs/os-specific/linux/ixgbevf/default.nix b/pkgs/os-specific/linux/ixgbevf/default.nix index eb90c9fb1eb7..1f8ced6c2d2a 100644 --- a/pkgs/os-specific/linux/ixgbevf/default.nix +++ b/pkgs/os-specific/linux/ixgbevf/default.nix @@ -9,6 +9,8 @@ stdenv.mkDerivation rec { sha256 = "1i6ry3vd77190sxb47xhbz3v30gighwax6prav4ggs3q80a389c8"; }; + hardeningDisable = [ "pic" ]; + configurePhase = '' cd src makeFlagsArray+=(KSRC=${kernel.dev}/lib/modules/${kernel.modDirVersion}/build INSTALL_MOD_PATH=$out MANDIR=/share/man) diff --git a/pkgs/os-specific/linux/jool/default.nix b/pkgs/os-specific/linux/jool/default.nix index 389dcc220536..274d0cc41394 100644 --- a/pkgs/os-specific/linux/jool/default.nix +++ b/pkgs/os-specific/linux/jool/default.nix @@ -9,6 +9,8 @@ stdenv.mkDerivation { src = sourceAttrs.src; + hardeningDisable = [ "pic" ]; + prePatch = '' sed -e 's@/lib/modules/\$(.*)@${kernel.dev}/lib/modules/${kernel.modDirVersion}@' -i mod/*/Makefile ''; diff --git a/pkgs/os-specific/linux/kernel-headers/3.18.nix b/pkgs/os-specific/linux/kernel-headers/3.18.nix index 0cc38a0548ca..22650747ba21 100644 --- a/pkgs/os-specific/linux/kernel-headers/3.18.nix +++ b/pkgs/os-specific/linux/kernel-headers/3.18.nix @@ -34,6 +34,9 @@ stdenv.mkDerivation { buildInputs = [perl]; + # FIXME needs gcc 4.9 in bootstrap tools + hardeningDisable = [ "stackprotector" ]; + extraIncludeDirs = if cross != null then (if cross.arch == "powerpc" then ["ppc"] else []) diff --git a/pkgs/os-specific/linux/kernel/common-config.nix b/pkgs/os-specific/linux/kernel/common-config.nix index 7cec276a4faf..54e6b7822f9a 100644 --- a/pkgs/os-specific/linux/kernel/common-config.nix +++ b/pkgs/os-specific/linux/kernel/common-config.nix @@ -35,9 +35,7 @@ with stdenv.lib; DEBUG_DEVRES n DEBUG_NX_TEST n DEBUG_STACK_USAGE n - ${optionalString (!(features.grsecurity or false)) '' - DEBUG_STACKOVERFLOW n - ''} + DEBUG_STACKOVERFLOW n RCU_TORTURE_TEST n SCHEDSTATS n DETECT_HUNG_TASK y @@ -107,6 +105,7 @@ with stdenv.lib; WAN y # Networking options. + NET y IP_PNP n ${optionalString (versionOlder version "3.13") '' IPV6_PRIVACY y @@ -210,6 +209,7 @@ with stdenv.lib; # Filesystem options - in particular, enable extended attributes and # ACLs for all filesystems that support them. FANOTIFY y + TMPFS y EXT2_FS_XATTR y EXT2_FS_POSIX_ACL y EXT2_FS_SECURITY y @@ -313,6 +313,7 @@ with stdenv.lib; ${optionalString (versionOlder version "4.4") '' B43_PCMCIA? y ''} + BLK_DEV_INITRD y BLK_DEV_INTEGRITY y BSD_PROCESS_ACCT_V3 y BT_HCIUART_BCSP? y @@ -323,8 +324,10 @@ with stdenv.lib; CRASH_DUMP? n DVB_DYNAMIC_MINORS? y # we use udev EFI_STUB y # EFI bootloader in the bzImage itself + CGROUPS y # used by systemd FHANDLE y # used by systemd SECCOMP y # used by systemd >= 231 + POSIX_MQUEUE y FRONTSWAP y FUSION y # Fusion MPT device support IDE n # deprecated IDE support @@ -343,7 +346,7 @@ with stdenv.lib; LOGO n # not needed MEDIA_ATTACH y MEGARAID_NEWGEN y - ${optionalString (versionAtLeast version "3.15") '' + ${optionalString (versionAtLeast version "3.15" && versionOlder version "4.8") '' MLX4_EN_VXLAN y ''} MODVERSIONS y @@ -430,7 +433,9 @@ with stdenv.lib; PARAVIRT? y HYPERVISOR_GUEST y PARAVIRT_SPINLOCKS? y - KVM_APIC_ARCHITECTURE y + ${optionalString (versionOlder version "4.8") '' + KVM_APIC_ARCHITECTURE y + ''} KVM_ASYNC_PF y ${optionalString (versionAtLeast version "4.0") '' KVM_COMPAT? y diff --git a/pkgs/os-specific/linux/kernel/linux-testing.nix b/pkgs/os-specific/linux/kernel/linux-testing.nix index da2296bb22af..7b4284028ed8 100644 --- a/pkgs/os-specific/linux/kernel/linux-testing.nix +++ b/pkgs/os-specific/linux/kernel/linux-testing.nix @@ -1,13 +1,13 @@ { stdenv, fetchurl, perl, buildLinux, ... } @ args: import ./generic.nix (args // rec { - version = "4.8-rc3"; - modDirVersion = "4.8.0-rc3"; - extraMeta.branch = "4.7"; + version = "4.8-rc4"; + modDirVersion = "4.8.0-rc4"; + extraMeta.branch = "4.8"; src = fetchurl { url = "mirror://kernel/linux/kernel/v4.x/testing/linux-${version}.tar.xz"; - sha256 = "08ir3w034qkalyi8mc6czgk9mcglm7wfazr2md94a8x98j69v38r"; + sha256 = "0is4pzmci1i59fxw9b645c8710zjnx19dfl20m4k06kxdbbs01wg"; }; features.iwlwifi = true; diff --git a/pkgs/os-specific/linux/kernel/manual-config.nix b/pkgs/os-specific/linux/kernel/manual-config.nix index c5a4ba2b18ad..f4693417e205 100644 --- a/pkgs/os-specific/linux/kernel/manual-config.nix +++ b/pkgs/os-specific/linux/kernel/manual-config.nix @@ -222,6 +222,8 @@ stdenv.mkDerivation ((drvAttrs config stdenv.platform (kernelPatches ++ nativeKe nativeBuildInputs = [ perl bc nettools openssl ] ++ optional (stdenv.platform.uboot != null) (ubootChooser stdenv.platform.uboot); + hardeningDisable = [ "bindnow" "format" "fortify" "stackprotector" "pic" ]; + makeFlags = commonMakeFlags ++ [ "ARCH=${stdenv.platform.kernelArch}" ]; diff --git a/pkgs/os-specific/linux/kernel/modinst-arg-list-too-long.patch b/pkgs/os-specific/linux/kernel/modinst-arg-list-too-long.patch new file mode 100644 index 000000000000..58a9191989ae --- /dev/null +++ b/pkgs/os-specific/linux/kernel/modinst-arg-list-too-long.patch @@ -0,0 +1,14 @@ +diff --git a/scripts/Makefile.modinst b/scripts/Makefile.modinst +index 07650ee..934a7a8 100644 +--- a/scripts/Makefile.modinst ++++ b/scripts/Makefile.modinst +@@ -9,7 +9,8 @@ include scripts/Kbuild.include + + # + +-__modules := $(sort $(shell grep -h '\.ko$$' /dev/null $(wildcard $(MODVERDIR)/*.mod))) ++__modules := $(sort $(foreach f,$(wildcard $(MODVERDIR)/*.mod),$(shell \ ++ grep -h '\.ko$$' '$f'))) + modules := $(patsubst %.o,%.ko,$(wildcard $(__modules:.ko=.o))) + + PHONY += $(modules) diff --git a/pkgs/os-specific/linux/kernel/patches.nix b/pkgs/os-specific/linux/kernel/patches.nix index 1b4a83cb1146..03a3023053a0 100644 --- a/pkgs/os-specific/linux/kernel/patches.nix +++ b/pkgs/os-specific/linux/kernel/patches.nix @@ -31,6 +31,8 @@ let url = "https://raw.githubusercontent.com/slashbeast/grsecurity-scrape/master/${grbranch}/${name}.patch"; inherit sha256; }; + + features.grsecurity = true; }; in @@ -72,6 +74,11 @@ rec { patch = ./mips-ext3-n32.patch; }; + modinst_arg_list_too_long = + { name = "modinst-arglist-too-long"; + patch = ./modinst-arg-list-too-long.patch; + }; + ubuntu_fan_4_4 = { name = "ubuntu-fan"; patch = ./ubuntu-fan-4.4.patch; diff --git a/pkgs/os-specific/linux/kernel/perf.nix b/pkgs/os-specific/linux/kernel/perf.nix index 34cd0cbd433b..4b1120afa4e7 100644 --- a/pkgs/os-specific/linux/kernel/perf.nix +++ b/pkgs/os-specific/linux/kernel/perf.nix @@ -25,18 +25,15 @@ stdenv.mkDerivation { # binutils is required for libbfd. nativeBuildInputs = [ asciidoc xmlto docbook_xsl docbook_xml_dtd_45 libxslt flex bison libiberty ]; - buildInputs = [ python perl newt slang pkgconfig libunwind binutils zlib ] ++ + buildInputs = [ elfutils python perl newt slang pkgconfig libunwind binutils zlib ] ++ stdenv.lib.optional withGtk gtk; # Note: we don't add elfutils to buildInputs, since it provides a # bad `ld' and other stuff. - NIX_CFLAGS_COMPILE = "-I${elfutils}/include -Wno-error=cpp -Wno-error=bool-compare -Wno-error=deprecated-declarations"; - NIX_CFLAGS_LINK = "-L${elfutils}/lib"; + NIX_CFLAGS_COMPILE = "-Wno-error=cpp -Wno-error=bool-compare -Wno-error=deprecated-declarations"; installFlags = "install install-man ASCIIDOC8=1"; - inherit elfutils; - crossAttrs = { /* I don't want cross-python or cross-perl - I don't know if cross-python even works */ diff --git a/pkgs/os-specific/linux/kexectools/default.nix b/pkgs/os-specific/linux/kexectools/default.nix index d7d79b0257d7..cb30de44a81a 100644 --- a/pkgs/os-specific/linux/kexectools/default.nix +++ b/pkgs/os-specific/linux/kexectools/default.nix @@ -12,6 +12,8 @@ stdenv.mkDerivation rec { sha256 = "03cj7w2l5fqn72xfhl4q6z0zbziwkp9bfn0gs7gaf9i44jv6gkhl"; }; + hardeningDisable = [ "format" ]; + buildInputs = [ zlib ]; meta = with stdenv.lib; { diff --git a/pkgs/os-specific/linux/klibc/default.nix b/pkgs/os-specific/linux/klibc/default.nix index 02ec36d64ba7..84b66ac0d9c7 100644 --- a/pkgs/os-specific/linux/klibc/default.nix +++ b/pkgs/os-specific/linux/klibc/default.nix @@ -20,6 +20,8 @@ stdenv.mkDerivation rec { nativeBuildInputs = [ perl ]; + hardeningDisable = [ "format" "stackprotector" ]; + makeFlags = commonMakeFlags ++ [ "KLIBCARCH=${stdenv.platform.kernelArch}" "KLIBCKERNELSRC=${linuxHeaders}" diff --git a/pkgs/os-specific/linux/ldm/default.nix b/pkgs/os-specific/linux/ldm/default.nix index 9a9fca2431af..0c333feab1c1 100644 --- a/pkgs/os-specific/linux/ldm/default.nix +++ b/pkgs/os-specific/linux/ldm/default.nix @@ -25,7 +25,7 @@ stdenv.mkDerivation rec { sed '16i#include <sys/stat.h>' -i ldm.c ''; - buildPhase = "make ldm"; + buildFlags = "ldm"; installPhase = '' mkdir -p $out/bin diff --git a/pkgs/os-specific/linux/libaio/default.nix b/pkgs/os-specific/linux/libaio/default.nix index b3df129912e4..1e85182d6c35 100644 --- a/pkgs/os-specific/linux/libaio/default.nix +++ b/pkgs/os-specific/linux/libaio/default.nix @@ -11,6 +11,8 @@ stdenv.mkDerivation rec { makeFlags = "prefix=$(out)"; + hardeningDisable = stdenv.lib.optional (stdenv.isi686) "stackprotector"; + meta = { description = "Library for asynchronous I/O in Linux"; homepage = http://lse.sourceforge.net/io/aio.html; diff --git a/pkgs/os-specific/linux/libnl/default.nix b/pkgs/os-specific/linux/libnl/default.nix index 6e5c63a2722f..7e6fd1d19909 100644 --- a/pkgs/os-specific/linux/libnl/default.nix +++ b/pkgs/os-specific/linux/libnl/default.nix @@ -1,12 +1,12 @@ { stdenv, fetchFromGitHub, autoreconfHook, bison, flex, pkgconfig }: -let version = "3.2.27"; in +let version = "3.2.28"; in stdenv.mkDerivation { name = "libnl-${version}"; src = fetchFromGitHub { - sha256 = "1rc8plgl2ijq2pwlzinpfr06kiggjyx71r3lw505m6rvxvdac82r"; - rev = "libnl3_2_27"; + sha256 = "02cm57z4h7rhjlxza07zhk02924acfz6m5gbmm5lbkkp6qh81328"; + rev = "libnl3_2_28"; repo = "libnl"; owner = "thom311"; }; diff --git a/pkgs/os-specific/linux/lttng-modules/default.nix b/pkgs/os-specific/linux/lttng-modules/default.nix index f029c6b82bec..10551c080770 100644 --- a/pkgs/os-specific/linux/lttng-modules/default.nix +++ b/pkgs/os-specific/linux/lttng-modules/default.nix @@ -3,13 +3,17 @@ stdenv.mkDerivation rec { pname = "lttng-modules-${version}"; name = "${pname}-${kernel.version}"; - version = "2.6.3"; + version = "2.8.0"; src = fetchurl { url = "http://lttng.org/files/lttng-modules/lttng-modules-${version}.tar.bz2"; - sha256 = "0sk7cyjf5ylmxqrrrz5zmmw4c0dmxh1f98aj870gmcnxfa76y4mx"; + sha256 = "0a9xwq0kgpx1y800l232h524f19g3py6cnxff10j9p01q6lzhrxh"; }; + hardeningDisable = [ "pic" ]; + + NIX_CFLAGS_COMPILE = "-Wno-error=implicit-function-declaration"; + preConfigure = '' export KERNELDIR="${kernel.dev}/lib/modules/${kernel.modDirVersion}/build" export INSTALL_MOD_PATH="$out" diff --git a/pkgs/os-specific/linux/mba6x_bl/default.nix b/pkgs/os-specific/linux/mba6x_bl/default.nix index 010bda4bb154..2a0e53b39257 100644 --- a/pkgs/os-specific/linux/mba6x_bl/default.nix +++ b/pkgs/os-specific/linux/mba6x_bl/default.nix @@ -17,6 +17,8 @@ stdenv.mkDerivation rec { enableParallelBuilding = true; + hardeningDisable = [ "pic" ]; + makeFlags = [ "KDIR=${kernel.dev}/lib/modules/${kernel.modDirVersion}/build" "INSTALL_MOD_PATH=$(out)" diff --git a/pkgs/os-specific/linux/multipath-tools/default.nix b/pkgs/os-specific/linux/multipath-tools/default.nix index ba69b421c3d3..409eb31e14f7 100644 --- a/pkgs/os-specific/linux/multipath-tools/default.nix +++ b/pkgs/os-specific/linux/multipath-tools/default.nix @@ -8,6 +8,8 @@ stdenv.mkDerivation rec { sha256 = "1yd6l1l1c62xjr1xnij2x49kr416anbgfs4y06r86kp9hkmz2g7i"; }; + hardeningDisable = [ "format" ]; + postPatch = '' sed -i -re ' s,^( *#define +DEFAULT_MULTIPATHDIR\>).*,\1 "'"$out/lib/multipath"'", diff --git a/pkgs/os-specific/linux/musl/default.nix b/pkgs/os-specific/linux/musl/default.nix index a8055df92fde..ae0c7703de61 100644 --- a/pkgs/os-specific/linux/musl/default.nix +++ b/pkgs/os-specific/linux/musl/default.nix @@ -11,6 +11,10 @@ stdenv.mkDerivation rec { enableParallelBuilding = true; + # required to avoid busybox segfaulting on startup when invoking + # nix-build "<nixpkgs/pkgs/stdenv/linux/make-bootstrap-tools.nix>" + hardeningDisable = [ "stackprotector" ]; + preConfigure = '' configureFlagsArray+=("--syslibdir=$out/lib") ''; diff --git a/pkgs/os-specific/linux/mxu11x0/default.nix b/pkgs/os-specific/linux/mxu11x0/default.nix index 4af404324039..ed88fc643fd0 100644 --- a/pkgs/os-specific/linux/mxu11x0/default.nix +++ b/pkgs/os-specific/linux/mxu11x0/default.nix @@ -28,6 +28,8 @@ stdenv.mkDerivation { enableParallelBuilding = true; + hardeningDisable = [ "pic" ]; + meta = with stdenv.lib; { description = "MOXA UPort 11x0 USB to Serial Hub driver"; homepage = "https://github.com/ellysh/mxu11x0"; diff --git a/pkgs/os-specific/linux/ndiswrapper/default.nix b/pkgs/os-specific/linux/ndiswrapper/default.nix index f95de4335648..eabc2840881e 100644 --- a/pkgs/os-specific/linux/ndiswrapper/default.nix +++ b/pkgs/os-specific/linux/ndiswrapper/default.nix @@ -3,6 +3,8 @@ stdenv.mkDerivation { name = "ndiswrapper-1.59-${kernel.version}"; + hardeningDisable = [ "pic" ]; + patches = [ ./no-sbin.patch ]; # need at least .config and include diff --git a/pkgs/os-specific/linux/netatop/default.nix b/pkgs/os-specific/linux/netatop/default.nix index 5d54d0a21ff3..5177ea45e7ab 100644 --- a/pkgs/os-specific/linux/netatop/default.nix +++ b/pkgs/os-specific/linux/netatop/default.nix @@ -14,6 +14,8 @@ stdenv.mkDerivation { buildInputs = [ zlib ]; + hardeningDisable = [ "pic" ]; + preConfigure = '' patchShebangs mkversion sed -i -e 's,^KERNDIR.*,KERNDIR=${kernel.dev}/lib/modules/${kernel.modDirVersion}/build,' \ diff --git a/pkgs/os-specific/linux/numad/default.nix b/pkgs/os-specific/linux/numad/default.nix index 55edff577120..ed84c41001b6 100644 --- a/pkgs/os-specific/linux/numad/default.nix +++ b/pkgs/os-specific/linux/numad/default.nix @@ -8,6 +8,8 @@ stdenv.mkDerivation rec { sha256 = "08zd1yc3w00yv4mvvz5sq1gf91f6p2s9ljcd72m33xgnkglj60v4"; }; + hardeningDisable = [ "format" ]; + patches = [ ./numad-linker-flags.patch ]; diff --git a/pkgs/os-specific/linux/nvidia-x11/beta.nix b/pkgs/os-specific/linux/nvidia-x11/beta.nix index d3111a4f75a1..6fd5fb6c0b63 100644 --- a/pkgs/os-specific/linux/nvidia-x11/beta.nix +++ b/pkgs/os-specific/linux/nvidia-x11/beta.nix @@ -41,6 +41,8 @@ stdenv.mkDerivation { kernel = if libsOnly then null else kernel.dev; + hardeningDisable = [ "pic" "format" ]; + dontStrip = true; glPath = makeLibraryPath [xorg.libXext xorg.libX11 xorg.libXrandr]; diff --git a/pkgs/os-specific/linux/nvidia-x11/default.nix b/pkgs/os-specific/linux/nvidia-x11/default.nix index cbd4e466b702..f561c0addc87 100644 --- a/pkgs/os-specific/linux/nvidia-x11/default.nix +++ b/pkgs/os-specific/linux/nvidia-x11/default.nix @@ -42,6 +42,8 @@ stdenv.mkDerivation { kernel = if libsOnly then null else kernel.dev; + hardeningDisable = [ "pic" "format" ]; + dontStrip = true; glPath = makeLibraryPath [xorg.libXext xorg.libX11 xorg.libXrandr]; diff --git a/pkgs/os-specific/linux/nvidia-x11/legacy173.nix b/pkgs/os-specific/linux/nvidia-x11/legacy173.nix index 91813d67e1c1..27c963f4bd9c 100644 --- a/pkgs/os-specific/linux/nvidia-x11/legacy173.nix +++ b/pkgs/os-specific/linux/nvidia-x11/legacy173.nix @@ -26,6 +26,8 @@ stdenv.mkDerivation { kernel = kernel.dev; + hardeningDisable = [ "pic" "format" ]; + inherit versionNumber; dontStrip = true; diff --git a/pkgs/os-specific/linux/nvidia-x11/legacy304.nix b/pkgs/os-specific/linux/nvidia-x11/legacy304.nix index 5cf3583e873c..65cf42333e05 100644 --- a/pkgs/os-specific/linux/nvidia-x11/legacy304.nix +++ b/pkgs/os-specific/linux/nvidia-x11/legacy304.nix @@ -32,6 +32,8 @@ stdenv.mkDerivation { kernel = if libsOnly then null else kernel.dev; + hardeningDisable = [ "pic" "format" ]; + dontStrip = true; glPath = stdenv.lib.makeLibraryPath [xorg.libXext xorg.libX11 xorg.libXrandr]; diff --git a/pkgs/os-specific/linux/nvidia-x11/legacy340.nix b/pkgs/os-specific/linux/nvidia-x11/legacy340.nix index fa9d6442e424..0682954d558f 100644 --- a/pkgs/os-specific/linux/nvidia-x11/legacy340.nix +++ b/pkgs/os-specific/linux/nvidia-x11/legacy340.nix @@ -42,6 +42,8 @@ stdenv.mkDerivation { kernel = if libsOnly then null else kernel.dev; + hardeningDisable = [ "pic" "format" ]; + dontStrip = true; glPath = makeLibraryPath [xorg.libXext xorg.libX11 xorg.libXrandr]; diff --git a/pkgs/os-specific/linux/nvidiabl/default.nix b/pkgs/os-specific/linux/nvidiabl/default.nix index a6797608664f..881c29c1ce0f 100644 --- a/pkgs/os-specific/linux/nvidiabl/default.nix +++ b/pkgs/os-specific/linux/nvidiabl/default.nix @@ -8,6 +8,8 @@ stdenv.mkDerivation { sha256 = "1c7ar39wc8jpqh67sw03lwnyp0m9l6dad469ybqrgcywdiwxspwj"; }; + hardeningDisable = [ "pic" ]; + patches = [ ./linux4compat.patch ]; preConfigure = '' diff --git a/pkgs/os-specific/linux/otpw/default.nix b/pkgs/os-specific/linux/otpw/default.nix index ff5367b98397..69c6dd1510cb 100644 --- a/pkgs/os-specific/linux/otpw/default.nix +++ b/pkgs/os-specific/linux/otpw/default.nix @@ -24,6 +24,8 @@ stdenv.mkDerivation rec { buildInputs = [ pam ]; + hardeningDisable = [ "stackprotector" ]; + meta = { homepage = http://www.cl.cam.ac.uk/~mgk25/otpw.html; description = "A one-time password login package"; diff --git a/pkgs/os-specific/linux/paxctl/default.nix b/pkgs/os-specific/linux/paxctl/default.nix index afb342768c33..7ef98eb23536 100644 --- a/pkgs/os-specific/linux/paxctl/default.nix +++ b/pkgs/os-specific/linux/paxctl/default.nix @@ -18,6 +18,9 @@ stdenv.mkDerivation rec { "MANDIR=share/man/man1" ]; + # FIXME needs gcc 4.9 in bootstrap tools + hardeningDisable = [ "stackprotector" ]; + setupHook = ./setup-hook.sh; meta = with stdenv.lib; { diff --git a/pkgs/os-specific/linux/phc-intel/default.nix b/pkgs/os-specific/linux/phc-intel/default.nix index 2b86238b2df5..56c12e9a4f0a 100644 --- a/pkgs/os-specific/linux/phc-intel/default.nix +++ b/pkgs/os-specific/linux/phc-intel/default.nix @@ -21,6 +21,8 @@ in stdenv.mkDerivation rec { buildInputs = [ which ]; + hardeningDisable = [ "pic" ]; + makeFlags = with kernel; [ "DESTDIR=$(out)" "KERNELSRC=${dev}/lib/modules/${modDirVersion}/build" diff --git a/pkgs/os-specific/linux/prl-tools/default.nix b/pkgs/os-specific/linux/prl-tools/default.nix index da5d7d5f6070..9ca48ccaf057 100644 --- a/pkgs/os-specific/linux/prl-tools/default.nix +++ b/pkgs/os-specific/linux/prl-tools/default.nix @@ -47,6 +47,8 @@ stdenv.mkDerivation rec { ''; }; + hardeningDisable = [ "pic" ]; + # also maybe python2 to generate xorg.conf nativeBuildInputs = [ p7zip ] ++ lib.optionals (!libsOnly) [ makeWrapper ]; diff --git a/pkgs/os-specific/linux/psmouse-alps/default.nix b/pkgs/os-specific/linux/psmouse-alps/default.nix deleted file mode 100644 index 9dd78f5885ad..000000000000 --- a/pkgs/os-specific/linux/psmouse-alps/default.nix +++ /dev/null @@ -1,40 +0,0 @@ -{ stdenv, fetchurl, kernel, zlib }: - -/* Only useful for kernels 3.2 to 3.5. - Fails to build in 3.8. - 3.9 upstream already includes a proper alps driver for this */ - -assert builtins.compareVersions "3.8" kernel.version == 1; - -let - ver = "1.3"; - bname = "psmouse-alps-${ver}"; -in -stdenv.mkDerivation { - name = "psmouse-alps-${kernel.version}-${ver}"; - - src = fetchurl { - url = http://www.dahetral.com/public-download/alps-psmouse-dlkm-for-3-2-and-3-5/at_download/file; - name = "${bname}-alt.tar.bz2"; - sha256 = "1ghr8xcyidz31isxbwrbcr9rvxi4ad2idwmb3byar9n2ig116cxp"; - }; - - buildPhase = '' - cd src/${bname}/src - make -C ${kernel.dev}/lib/modules/${kernel.modDirVersion}/build \ - SUBDIRS=`pwd` INSTALL_PATH=$out - ''; - - installPhase = '' - make -C ${kernel.dev}/lib/modules/${kernel.modDirVersion}/build \ - INSTALL_MOD_PATH=$out SUBDIRS=`pwd` modules_install - ''; - - meta = { - description = "ALPS dlkm driver with all known touchpads"; - homepage = http://www.dahetral.com/public-download/alps-psmouse-dlkm-for-3-2-and-3-5/view; - license = stdenv.lib.licenses.gpl2; - platforms = stdenv.lib.platforms.linux; - maintainers = with stdenv.lib.maintainers; [viric]; - }; -} diff --git a/pkgs/os-specific/linux/rtl8723bs/default.nix b/pkgs/os-specific/linux/rtl8723bs/default.nix index 046445345903..39f6a3826c27 100644 --- a/pkgs/os-specific/linux/rtl8723bs/default.nix +++ b/pkgs/os-specific/linux/rtl8723bs/default.nix @@ -11,6 +11,8 @@ stdenv.mkDerivation rec { sha256 = "07srd457wnz29nvvq02wz66s387bhjbydnmbs3qr7ljprabhsgmi"; }; + hardeningDisable = [ "pic" ]; + buildInputs = [ nukeReferences ]; makeFlags = concatStringsSep " " [ diff --git a/pkgs/os-specific/linux/rtl8812au/default.nix b/pkgs/os-specific/linux/rtl8812au/default.nix index bc6a97029c7e..c38fa8843f42 100644 --- a/pkgs/os-specific/linux/rtl8812au/default.nix +++ b/pkgs/os-specific/linux/rtl8812au/default.nix @@ -3,25 +3,29 @@ stdenv.mkDerivation rec { name = "rtl8812au-${kernel.version}-${version}"; version = "4.2.2-1"; - + src = fetchFromGitHub { owner = "csssuf"; repo = "rtl8812au"; rev = "874906aec694c800bfc29b146737b88dae767832"; sha256 = "14ifhplawipfd6971mxw76dv3ygwc0n8sbz2l3f0vvkin6x88bsj"; }; - + + hardeningDisable = [ "pic" ]; + + NIX_CFLAGS_COMPILE="-Wno-error=incompatible-pointer-types"; + patchPhase = '' substituteInPlace ./Makefile --replace /lib/modules/ "${kernel.dev}/lib/modules/" substituteInPlace ./Makefile --replace '$(shell uname -r)' "${kernel.modDirVersion}" substituteInPlace ./Makefile --replace /sbin/depmod # substituteInPlace ./Makefile --replace '$(MODDESTDIR)' "$out/lib/modules/${kernel.modDirVersion}/kernel/net/wireless/" ''; - + preInstall = '' mkdir -p "$out/lib/modules/${kernel.modDirVersion}/kernel/net/wireless/" ''; - + meta = { description = "Driver for Realtek 802.11ac, rtl8812au, provides the 8812au mod"; homepage = "https://github.com/csssuf/rtl8812au"; diff --git a/pkgs/os-specific/linux/setools/default.nix b/pkgs/os-specific/linux/setools/default.nix index bb17683800f1..5f539b9a97e5 100644 --- a/pkgs/os-specific/linux/setools/default.nix +++ b/pkgs/os-specific/linux/setools/default.nix @@ -18,6 +18,8 @@ stdenv.mkDerivation rec { "--with-tcl=${tcl}/lib" ]; + hardeningDisable = [ "format" ]; + NIX_CFLAGS_COMPILE = "-fstack-protector-all"; NIX_LDFLAGS = "-L${libsepol}/lib -L${libselinux}/lib"; diff --git a/pkgs/os-specific/linux/sinit/default.nix b/pkgs/os-specific/linux/sinit/default.nix index 783e5fa20634..bf8367fcd45c 100644 --- a/pkgs/os-specific/linux/sinit/default.nix +++ b/pkgs/os-specific/linux/sinit/default.nix @@ -3,13 +3,14 @@ let s = # Generated upstream information rec { baseName="sinit"; - version="0.9.2"; + version="1.0"; name="${baseName}-${version}"; url="http://git.suckless.org/sinit/"; - sha256="0nncyzwnszwlqcvx1jf42rn1n2dd5vcxkndqb1b546pgpifniivp"; + sha256="0cf8yylgrrj1wxm5v6jdlbnxpx97m38yxrc9nmv1l8hldjqsj9pc"; rev = "refs/tags/v${version}"; }; buildInputs = [ + (stdenv.lib.getOutput "static" stdenv.cc.libc) ]; in stdenv.mkDerivation { diff --git a/pkgs/os-specific/linux/spl/default.nix b/pkgs/os-specific/linux/spl/default.nix index 45926228b6c8..d5a235084d4d 100644 --- a/pkgs/os-specific/linux/spl/default.nix +++ b/pkgs/os-specific/linux/spl/default.nix @@ -30,6 +30,8 @@ stdenv.mkDerivation rec { nativeBuildInputs = [ autoreconfHook ]; + hardeningDisable = [ "pic" ]; + preConfigure = '' substituteInPlace ./module/spl/spl-generic.c --replace /usr/bin/hostid hostid substituteInPlace ./module/spl/spl-generic.c --replace "PATH=/sbin:/usr/sbin:/bin:/usr/bin" "PATH=${coreutils}:${gawk}:/bin" diff --git a/pkgs/os-specific/linux/sysdig/default.nix b/pkgs/os-specific/linux/sysdig/default.nix index cda63ea70af2..76858ab5e48e 100644 --- a/pkgs/os-specific/linux/sysdig/default.nix +++ b/pkgs/os-specific/linux/sysdig/default.nix @@ -1,17 +1,8 @@ {stdenv, fetchurl, fetchFromGitHub, cmake, luajit, kernel, zlib, ncurses, perl, jsoncpp, libb64, openssl, curl}: let inherit (stdenv.lib) optional optionalString; - s = rec { - name = "sysdig-${version}"; - version = "0.11.0"; - owner = "draios"; - repo = "sysdig"; - rev = version; - sha256 = "131bafa7jy16r2jwph50j0bxwqdvr319fsfhqkavx6xy18i31q3v"; - }; - buildInputs = [ - cmake zlib luajit ncurses perl jsoncpp libb64 openssl curl - ]; + baseName = "sysdig"; + version = "0.10.0"; # sysdig-0.11.0 depends on some headers from jq which are not # installed by default. # Relevant sysdig issue: https://github.com/draios/sysdig/issues/626 @@ -21,11 +12,19 @@ let }; in stdenv.mkDerivation { - inherit (s) name version; - inherit buildInputs; - src = fetchFromGitHub { - inherit (s) owner repo rev sha256; + name = "${baseName}-${version}"; + + src = fetchurl { + url = "https://github.com/draios/sysdig/archive/${version}.tar.gz"; + sha256 = "0hs0r9z9j7padqdcj69bwx52iw6gvdl0w322qwivpv12j3prcpsj"; }; + + buildInputs = [ + cmake zlib luajit ncurses perl jsoncpp libb64 openssl curl + ]; + + hardeningDisable = [ "pic" ]; + postPatch = '' sed '1i#include <cmath>' -i userspace/libsinsp/{cursesspectro,filterchecks}.cpp ''; @@ -33,17 +32,20 @@ stdenv.mkDerivation { cmakeFlags = [ "-DUSE_BUNDLED_DEPS=OFF" "-DUSE_BUNDLED_JQ=ON" - "-DSYSDIG_VERSION=${s.version}" + "-DSYSDIG_VERSION=${version}" ] ++ optional (kernel == null) "-DBUILD_DRIVER=OFF"; + preConfigure = '' export INSTALL_MOD_PATH="$out" '' + optionalString (kernel != null) '' export KERNELDIR="${kernel.dev}/lib/modules/${kernel.modDirVersion}/build" ''; + preBuild = '' mkdir -p jq-prefix/src cp ${jq-prefix} jq-prefix/src/jq-1.5.tar.gz ''; + postInstall = optionalString (kernel != null) '' make install_driver kernel_dev=${kernel.dev} @@ -59,8 +61,7 @@ stdenv.mkDerivation { ''; meta = with stdenv.lib; { - inherit (s) version; - description = ''A tracepoint-based system tracing tool for Linux (with clients for other OSes)''; + description = "A tracepoint-based system tracing tool for Linux (with clients for other OSes)"; license = licenses.gpl2; maintainers = [maintainers.raskin]; platforms = platforms.linux ++ platforms.darwin; diff --git a/pkgs/os-specific/linux/syslinux/default.nix b/pkgs/os-specific/linux/syslinux/default.nix index c051aac43126..f4ad94b5085c 100644 --- a/pkgs/os-specific/linux/syslinux/default.nix +++ b/pkgs/os-specific/linux/syslinux/default.nix @@ -16,6 +16,7 @@ stdenv.mkDerivation rec { buildInputs = [ libuuid makeWrapper ]; enableParallelBuilding = false; # Fails very rarely with 'No rule to make target: ...' + hardeningDisable = [ "pic" "stackprotector" "fortify" ]; preBuild = '' substituteInPlace Makefile --replace /bin/pwd $(type -P pwd) diff --git a/pkgs/os-specific/linux/systemd/default.nix b/pkgs/os-specific/linux/systemd/default.nix index baf303f6f332..eff515c3dad1 100644 --- a/pkgs/os-specific/linux/systemd/default.nix +++ b/pkgs/os-specific/linux/systemd/default.nix @@ -80,6 +80,8 @@ stdenv.mkDerivation rec { "--with-rc-local-script-path-stop=/etc/halt.local" ] ++ (if enableKDbus then [ "--enable-kdbus" ] else [ "--disable-kdbus" ]); + hardeningDisable = [ "stackprotector" ]; + preConfigure = '' ./autogen.sh diff --git a/pkgs/os-specific/linux/tp_smapi/default.nix b/pkgs/os-specific/linux/tp_smapi/default.nix index 38f2c8545db8..f0f25f14e496 100644 --- a/pkgs/os-specific/linux/tp_smapi/default.nix +++ b/pkgs/os-specific/linux/tp_smapi/default.nix @@ -9,6 +9,8 @@ stdenv.mkDerivation rec { sha256 = "09rdg7fm423x6sbbw3lvnvmk4nyc33az8ar93xgq0n9qii49z3bv"; }; + hardeningDisable = [ "pic" ]; + makeFlags = [ "KBASE=${kernel.dev}/lib/modules/${kernel.modDirVersion}" "SHELL=/bin/sh" diff --git a/pkgs/os-specific/linux/uclibc/default.nix b/pkgs/os-specific/linux/uclibc/default.nix index 448c9f3f4ee4..81c8b7b4df7a 100644 --- a/pkgs/os-specific/linux/uclibc/default.nix +++ b/pkgs/os-specific/linux/uclibc/default.nix @@ -79,6 +79,8 @@ stdenv.mkDerivation { make oldconfig ''; + hardeningDisable = [ "stackprotector" ]; + # Cross stripping hurts. dontStrip = cross != null; diff --git a/pkgs/os-specific/linux/util-linux/default.nix b/pkgs/os-specific/linux/util-linux/default.nix index 5c3a0d78d992..4d4a22fc720d 100644 --- a/pkgs/os-specific/linux/util-linux/default.nix +++ b/pkgs/os-specific/linux/util-linux/default.nix @@ -2,11 +2,14 @@ stdenv.mkDerivation rec { name = "util-linux-${version}"; - version = "2.28"; + version = stdenv.lib.concatStringsSep "." ([ majorVersion ] + ++ stdenv.lib.optional (patchVersion != "") patchVersion); + majorVersion = "2.28"; + patchVersion = "1"; src = fetchurl { - url = "mirror://kernel/linux/utils/util-linux/v${version}/${name}.tar.xz"; - sha256 = "1fql204qn3098j34yd358l85ffp7a4kqjf7jf1qk2b4al7i4fn1r"; + url = "mirror://kernel/linux/utils/util-linux/v${majorVersion}/${name}.tar.xz"; + sha256 = "03xnaw3c7pavxvvh1vnimcr44hlhhf25whawiyv8dxsflfj4xkiy"; }; patches = [ diff --git a/pkgs/os-specific/linux/v4l2loopback/default.nix b/pkgs/os-specific/linux/v4l2loopback/default.nix index 5fa81a0d3a73..57f4b9ab6747 100644 --- a/pkgs/os-specific/linux/v4l2loopback/default.nix +++ b/pkgs/os-specific/linux/v4l2loopback/default.nix @@ -8,7 +8,9 @@ stdenv.mkDerivation rec { url = "https://github.com/umlaeute/v4l2loopback/archive/v${version}.tar.gz"; sha256 = "1crkhxlnskqrfj3f7jmiiyi5m75zmj7n0s26xz07wcwdzdf2p568"; }; - + + hardeningDisable = [ "format" "pic" ]; + preBuild = '' substituteInPlace Makefile --replace "modules_install" "INSTALL_MOD_PATH=$out modules_install" sed -i '/depmod/d' Makefile @@ -16,7 +18,7 @@ stdenv.mkDerivation rec { ''; buildInputs = [ kmod ]; - + makeFlags = [ "KERNELRELEASE=${kernel.modDirVersion}" "KERNEL_DIR=${kernel.dev}/lib/modules/${kernel.modDirVersion}/build" diff --git a/pkgs/os-specific/linux/v86d/default.nix b/pkgs/os-specific/linux/v86d/default.nix index 0ef992a4b44c..073a6ded998b 100644 --- a/pkgs/os-specific/linux/v86d/default.nix +++ b/pkgs/os-specific/linux/v86d/default.nix @@ -17,6 +17,8 @@ stdenv.mkDerivation rec { configureFlags = [ "--with-klibc" "--with-x86emu" ]; + hardeningDisable = [ "stackprotector" ]; + makeFlags = [ "KDIR=${kernel.dev}/lib/modules/${kernel.modDirVersion}/source" "DESTDIR=$(out)" diff --git a/pkgs/os-specific/linux/wireguard/default.nix b/pkgs/os-specific/linux/wireguard/default.nix index 84f67bfd8cf9..3264194f1256 100644 --- a/pkgs/os-specific/linux/wireguard/default.nix +++ b/pkgs/os-specific/linux/wireguard/default.nix @@ -30,6 +30,8 @@ let sed -i '/depmod/,+1d' Makefile ''; + hardeningDisable = [ "pic" ]; + KERNELDIR = "${kernel.dev}/lib/modules/${kernel.modDirVersion}/build"; INSTALL_MOD_PATH = "\${out}"; diff --git a/pkgs/os-specific/linux/xf86-video-nested/default.nix b/pkgs/os-specific/linux/xf86-video-nested/default.nix index 247ec6e152a7..8d3e490db87c 100644 --- a/pkgs/os-specific/linux/xf86-video-nested/default.nix +++ b/pkgs/os-specific/linux/xf86-video-nested/default.nix @@ -16,10 +16,9 @@ stdenv.mkDerivation { pkgconfig renderproto utilmacros xorgserver ]; + hardeningDisable = [ "fortify" ]; - configurePhase = '' - ./configure --prefix=$out CFLAGS="-I${pixman}/include/pixman-1" - ''; + CFLAGS = "-I${pixman}/include/pixman-1"; meta = { homepage = http://cgit.freedesktop.org/xorg/driver/xf86-video-nested; diff --git a/pkgs/os-specific/linux/zfs/default.nix b/pkgs/os-specific/linux/zfs/default.nix index 3ae41bc00b8e..4b5d7e35daeb 100644 --- a/pkgs/os-specific/linux/zfs/default.nix +++ b/pkgs/os-specific/linux/zfs/default.nix @@ -38,6 +38,8 @@ stdenv.mkDerivation rec { # for zdb to get the rpath to libgcc_s, needed for pthread_cancel to work NIX_CFLAGS_LINK = "-lgcc_s"; + hardeningDisable = [ "pic" ]; + preConfigure = '' substituteInPlace ./module/zfs/zfs_ctldir.c --replace "umount -t zfs" "${utillinux}/bin/umount -t zfs" substituteInPlace ./module/zfs/zfs_ctldir.c --replace "mount -t zfs" "${utillinux}/bin/mount -t zfs" diff --git a/pkgs/servers/beanstalkd/default.nix b/pkgs/servers/beanstalkd/default.nix index cea7ca0b337f..ef4621fb9a65 100644 --- a/pkgs/servers/beanstalkd/default.nix +++ b/pkgs/servers/beanstalkd/default.nix @@ -10,6 +10,8 @@ stdenv.mkDerivation rec { sha256 = "0n9dlmiddcfl7i0f1lwfhqiwyvf26493fxfcmn8jm30nbqciwfwj"; }; + hardeningDisable = [ "fortify" ]; + meta = with stdenv.lib; { homepage = http://kr.github.io/beanstalkd/; description = "A simple, fast work queue"; diff --git a/pkgs/servers/dico/default.nix b/pkgs/servers/dico/default.nix index 2078e2e2d42d..7c2af1dd25e7 100644 --- a/pkgs/servers/dico/default.nix +++ b/pkgs/servers/dico/default.nix @@ -9,6 +9,8 @@ stdenv.mkDerivation rec { sha256 = "13by0zimx90v2j8v7n4k9y3xwmh4q9jdc2f4f8yjs3x7f5bzm2pk"; }; + hardeningDisable = [ "format" ]; + # XXX: Add support for GNU SASL. buildInputs = [ libtool gettext zlib readline gsasl guile python pcre libffi groff ]; diff --git a/pkgs/servers/firebird/default.nix b/pkgs/servers/firebird/default.nix index 3e778317169c..3e258ee6d3f1 100644 --- a/pkgs/servers/firebird/default.nix +++ b/pkgs/servers/firebird/default.nix @@ -11,7 +11,7 @@ # icu version missmatch may cause such error when selecting from a table: # "Collation unicode for character set utf8 is not installed" - # icu 3.0 can still be build easily by nix (by dropping the #elif case and + # icu 3.0 can still be built easily by nix (by dropping the #elif case and # make | make) icu ? null @@ -65,6 +65,8 @@ stdenv.mkDerivation rec { sha256 = "0887a813wffp44hnc2gmwbc4ylpqw3fh3hz3bf6q3648344a9fdv"; }; + hardeningDisable = [ "format" ]; + # configurePhase = '' # sed -i 's@cp /usr/share/automake-.*@@' autogen.sh # sh autogen.sh $configureFlags --prefix=$out diff --git a/pkgs/servers/gpm/default.nix b/pkgs/servers/gpm/default.nix index a9fac485f905..ac5e0b7c1b1c 100644 --- a/pkgs/servers/gpm/default.nix +++ b/pkgs/servers/gpm/default.nix @@ -15,6 +15,8 @@ stdenv.mkDerivation rec { nativeBuildInputs = [ automake autoconf libtool flex bison texinfo ]; buildInputs = [ ncurses ]; + hardeningDisable = [ "format" ]; + preConfigure = '' ./autogen.sh ''; diff --git a/pkgs/servers/http/nginx/generic.nix b/pkgs/servers/http/nginx/generic.nix index 6817f18bd1db..b1d70907e28c 100644 --- a/pkgs/servers/http/nginx/generic.nix +++ b/pkgs/servers/http/nginx/generic.nix @@ -49,14 +49,9 @@ stdenv.mkDerivation { NIX_CFLAGS_COMPILE = [ "-I${libxml2.dev}/include/libxml2" ] ++ optional stdenv.isDarwin "-Wno-error=deprecated-declarations"; - preConfigure = (concatMapStringsSep "\n" (mod: mod.preConfigure or "") modules) - + optionalString (hardening && (stdenv.cc.cc.isGNU or false)) '' - configureFlagsArray=( - --with-cc-opt="-fPIE -fstack-protector-all --param ssp-buffer-size=4 -O2 -D_FORTIFY_SOURCE=2" - --with-ld-opt="-pie -Wl,-z,relro,-z,now" - ) - '' - ; + preConfigure = (concatMapStringsSep "\n" (mod: mod.preConfigure or "") modules); + + hardeningEnable = [ "pie" ]; postInstall = '' mv $out/sbin $out/bin diff --git a/pkgs/servers/icecast/default.nix b/pkgs/servers/icecast/default.nix index 9beb961de207..d241b59c3feb 100644 --- a/pkgs/servers/icecast/default.nix +++ b/pkgs/servers/icecast/default.nix @@ -12,6 +12,8 @@ stdenv.mkDerivation rec { buildInputs = [ libxml2 libxslt curl libvorbis libtheora speex libkate libopus ]; + hardeningEnable = [ "pie" ]; + meta = { description = "Server software for streaming multimedia"; diff --git a/pkgs/servers/irc/charybdis/default.nix b/pkgs/servers/irc/charybdis/default.nix index df4250c81fa7..89eeeaecb34a 100644 --- a/pkgs/servers/irc/charybdis/default.nix +++ b/pkgs/servers/irc/charybdis/default.nix @@ -21,6 +21,8 @@ stdenv.mkDerivation rec { "--with-program-prefix=charybdis-" ]; + hardeningDisable = [ "format" ]; + buildInputs = [ bison flex openssl ]; meta = with stdenv.lib; { diff --git a/pkgs/servers/mail/postfix/default.nix b/pkgs/servers/mail/postfix/default.nix index c4d46ff49e9e..176fd22162bc 100644 --- a/pkgs/servers/mail/postfix/default.nix +++ b/pkgs/servers/mail/postfix/default.nix @@ -9,12 +9,11 @@ let ccargs = lib.concatStringsSep " " ([ "-DUSE_TLS" "-DUSE_SASL_AUTH" "-DUSE_CYRUS_SASL" "-I${cyrus_sasl.dev}/include/sasl" "-DHAS_DB_BYPASS_MAKEDEFS_CHECK" - "-fPIE" "-fstack-protector-all" "--param" "ssp-buffer-size=4" "-O2" "-D_FORTIFY_SOURCE=2" ] ++ lib.optional withPgSQL "-DHAS_PGSQL" ++ lib.optionals withMySQL [ "-DHAS_MYSQL" "-I${lib.getDev libmysql}/include/mysql" ] ++ lib.optional withSQLite "-DHAS_SQLITE"); auxlibs = lib.concatStringsSep " " ([ - "-ldb" "-lnsl" "-lresolv" "-lsasl2" "-lcrypto" "-lssl" "-pie" "-Wl,-z,relro,-z,now" + "-ldb" "-lnsl" "-lresolv" "-lsasl2" "-lcrypto" "-lssl" ] ++ lib.optional withPgSQL "-lpq" ++ lib.optional withMySQL "-lmysqlclient" ++ lib.optional withSQLite "-lsqlite3"); @@ -35,6 +34,9 @@ in stdenv.mkDerivation rec { ++ lib.optional withMySQL libmysql ++ lib.optional withSQLite sqlite; + hardeningDisable = [ "format" ]; + hardeningEnable = [ "pie" ]; + patches = [ ./postfix-script-shell.patch ./postfix-3.0-no-warnings.patch diff --git a/pkgs/servers/mail/postfix/pfixtools.nix b/pkgs/servers/mail/postfix/pfixtools.nix index 3e7ef9f23db5..b17beeb095f2 100644 --- a/pkgs/servers/mail/postfix/pfixtools.nix +++ b/pkgs/servers/mail/postfix/pfixtools.nix @@ -38,6 +38,8 @@ stdenv.mkDerivation { --replace /bin/bash ${bash}/bin/bash; ''; + NIX_CFLAGS_COMPILE = "-Wno-error=unused-result"; + makeFlags = "DESTDIR=$(out) prefix="; meta = { diff --git a/pkgs/servers/memcached/default.nix b/pkgs/servers/memcached/default.nix index 9d110d9c1461..72b12d5aad5c 100644 --- a/pkgs/servers/memcached/default.nix +++ b/pkgs/servers/memcached/default.nix @@ -10,6 +10,10 @@ stdenv.mkDerivation rec { buildInputs = [cyrus_sasl libevent]; + hardeningEnable = [ "pie" ]; + + NIX_CFLAGS_COMPILE = stdenv.lib.optionalString stdenv.isDarwin "-Wno-error"; + meta = with stdenv.lib; { description = "A distributed memory object caching system"; repositories.git = https://github.com/memcached/memcached.git; diff --git a/pkgs/servers/nosql/mongodb/default.nix b/pkgs/servers/nosql/mongodb/default.nix index 127d807133e0..d18de78bdde3 100644 --- a/pkgs/servers/nosql/mongodb/default.nix +++ b/pkgs/servers/nosql/mongodb/default.nix @@ -19,6 +19,7 @@ let version = "3.2.1"; #"stemmer" -- not nice to package yet (no versioning, no makefile, no shared libs). "yaml" ] ++ optionals stdenv.isLinux [ "tcmalloc" ]; + buildInputs = [ sasl boost gperftools pcre-cpp snappy zlib libyamlcpp sasl openssl libpcap @@ -92,6 +93,8 @@ in stdenv.mkDerivation rec { enableParallelBuilding = true; + hardeningEnable = [ "pie" ]; + meta = { description = "A scalable, high-performance, open source NoSQL database"; homepage = http://www.mongodb.org; diff --git a/pkgs/servers/nosql/riak/2.1.1.nix b/pkgs/servers/nosql/riak/2.1.1.nix index c62cea180be7..b66e99f0afbe 100644 --- a/pkgs/servers/nosql/riak/2.1.1.nix +++ b/pkgs/servers/nosql/riak/2.1.1.nix @@ -34,6 +34,8 @@ stdenv.mkDerivation rec { src = srcs.riak; + hardeningDisable = [ "format" ]; + postPatch = '' sed -i deps/node_package/priv/base/env.sh \ -e 's@{{platform_data_dir}}@''${RIAK_DATA_DIR:-/var/db/riak}@' \ diff --git a/pkgs/servers/openafs-client/default.nix b/pkgs/servers/openafs-client/default.nix index 40d3edcf21a4..52a7941d0932 100644 --- a/pkgs/servers/openafs-client/default.nix +++ b/pkgs/servers/openafs-client/default.nix @@ -14,6 +14,8 @@ stdenv.mkDerivation rec { buildInputs = [ ncurses ]; + hardeningDisable = [ "pic" ]; + preConfigure = '' ln -s "${kernel.dev}/lib/modules/"*/build $TMP/linux diff --git a/pkgs/servers/sip/freeswitch/default.nix b/pkgs/servers/sip/freeswitch/default.nix index 1c5c1aef4cd5..977575491f5a 100644 --- a/pkgs/servers/sip/freeswitch/default.nix +++ b/pkgs/servers/sip/freeswitch/default.nix @@ -16,7 +16,9 @@ stdenv.mkDerivation rec { libsndfile ]; - NIX_CFLAGS_COMPILE = "-Wno-error=cpp"; + NIX_CFLAGS_COMPILE = "-Wno-error"; + + hardeningDisable = [ "format" ]; meta = { description = "Cross-Platform Scalable FREE Multi-Protocol Soft Switch"; diff --git a/pkgs/servers/sql/virtuoso/7.x.nix b/pkgs/servers/sql/virtuoso/7.x.nix index 192bdc9dcb1e..7a8db3f2962c 100644 --- a/pkgs/servers/sql/virtuoso/7.x.nix +++ b/pkgs/servers/sql/virtuoso/7.x.nix @@ -29,7 +29,7 @@ stdenv.mkDerivation rec { meta = with stdenv.lib; { description = "SQL/RDF database used by, e.g., KDE-nepomuk"; homepage = http://virtuoso.openlinksw.com/dataspace/dav/wiki/Main/; - #configure: The current version [...] can only be build on 64bit platforms + #configure: The current version [...] can only be built on 64bit platforms platforms = [ "x86_64-linux" "x86_64-darwin" ]; maintainers = [ maintainers.urkud ]; }; diff --git a/pkgs/servers/x11/xorg/builder.sh b/pkgs/servers/x11/xorg/builder.sh index c9e53f3800d3..055886374df4 100644 --- a/pkgs/servers/x11/xorg/builder.sh +++ b/pkgs/servers/x11/xorg/builder.sh @@ -46,5 +46,4 @@ fi enableParallelBuilding=1 - genericBuild diff --git a/pkgs/servers/x11/xorg/default.nix b/pkgs/servers/x11/xorg/default.nix index da74fcb4ca6d..6d09116a867a 100644 --- a/pkgs/servers/x11/xorg/default.nix +++ b/pkgs/servers/x11/xorg/default.nix @@ -9,7 +9,9 @@ let mkDerivation = name: attrs: let newAttrs = (overrides."${name}" or (x: x)) attrs; stdenv = newAttrs.stdenv or args.stdenv; - in stdenv.mkDerivation (removeAttrs newAttrs [ "stdenv" ]); + in stdenv.mkDerivation ((removeAttrs newAttrs [ "stdenv" ]) // { + hardeningDisable = [ "bindnow" "relro" ]; + }); overrides = import ./overrides.nix {inherit args xorg;}; diff --git a/pkgs/servers/x11/xorg/overrides.nix b/pkgs/servers/x11/xorg/overrides.nix index ebd09e3096ee..acbfe69ee43b 100644 --- a/pkgs/servers/x11/xorg/overrides.nix +++ b/pkgs/servers/x11/xorg/overrides.nix @@ -541,6 +541,17 @@ in nativeBuildInputs = [args.autoreconfHook xorg.utilmacros]; }; + xf86videoxgi = attrs: attrs // { + patches = [ + # fixes invalid open mode + # https://cgit.freedesktop.org/xorg/driver/xf86-video-xgi/commit/?id=bd94c475035739b42294477cff108e0c5f15ef67 + (args.fetchpatch { + url = "https://cgit.freedesktop.org/xorg/driver/xf86-video-xgi/patch/?id=bd94c475035739b42294477cff108e0c5f15ef67"; + sha256 = "0myfry07655adhrpypa9rqigd6rfx57pqagcwibxw7ab3wjay9f6"; + }) + ]; + }; + xwd = attrs: attrs // { buildInputs = with xorg; attrs.buildInputs ++ [libXt libxkbfile]; }; @@ -561,4 +572,8 @@ in configureFlags = "--with-cpp=${args.mcpp}/bin/mcpp"; }; + sessreg = attrs: attrs // { + preBuild = "sed -i 's|gcc -E|gcc -E -P|' man/Makefile"; + }; + } diff --git a/pkgs/shells/bash/bash-4.3-patches.nix b/pkgs/shells/bash/bash-4.3-patches.nix index f84ac836e941..83743938de32 100644 --- a/pkgs/shells/bash/bash-4.3-patches.nix +++ b/pkgs/shells/bash/bash-4.3-patches.nix @@ -43,4 +43,8 @@ patch: [ (patch "040" "0sypv66vsldmc95gwvf7ylz1k7y37vnvdsjg8ajjr6b2j9mkkfw4") (patch "041" "06ic2gdpbi1afik3wqf9d4vh95if4bz8bmhcgr555621dsb35i2f") (patch "042" "06a90k0p6bqc4wk2dsmapna69124an76xvlnlj3xm497vci968dc") +(patch "043" "1031g97w8gamimb41jr9r2qm7mn10k5mr3sd3y12avml0p0a7a27") +(patch "044" "16bzaq9fs2kaw2n2k6vvljkjw5k5kx06isnq8hxkfrxz60384f4k") +(patch "045" "08q02mj9imp2njpgm6f5q5m61i7qzp33rbxxzarixalyisbw6vms") +(patch "046" "13v8dymwj83wcvrfayjqrs5kqar05bcj4zpiacrjkkchnsk5dd5k") ] diff --git a/pkgs/shells/bash/default.nix b/pkgs/shells/bash/default.nix index 0e3fc1d80690..c6868eedba6c 100644 --- a/pkgs/shells/bash/default.nix +++ b/pkgs/shells/bash/default.nix @@ -21,6 +21,8 @@ stdenv.mkDerivation rec { inherit sha256; }; + hardeningDisable = [ "format" ]; + outputs = [ "out" "doc" "info" ]; # the man pages are small and useful enough diff --git a/pkgs/shells/dash/default.nix b/pkgs/shells/dash/default.nix index b950d48f04c6..eaccb9a68dad 100644 --- a/pkgs/shells/dash/default.nix +++ b/pkgs/shells/dash/default.nix @@ -8,6 +8,8 @@ stdenv.mkDerivation rec { sha256 = "03y6z8akj72swa6f42h2dhq3p09xasbi6xia70h2vc27fwikmny6"; }; + hardeningDisable = [ "format" ]; + meta = { homepage = http://gondor.apana.org.au/~herbert/dash/; description = "A POSIX-compliant implementation of /bin/sh that aims to be as small as possible"; diff --git a/pkgs/shells/mksh/default.nix b/pkgs/shells/mksh/default.nix index dde890a022db..edb44e09b1fa 100644 --- a/pkgs/shells/mksh/default.nix +++ b/pkgs/shells/mksh/default.nix @@ -14,6 +14,8 @@ stdenv.mkDerivation rec { buildInputs = [ groff ]; + hardeningDisable = [ "format" ]; + buildPhase = '' mkdir build-dir/ cp mksh.1 dot.mkshrc build-dir/ diff --git a/pkgs/stdenv/darwin/make-bootstrap-tools.nix b/pkgs/stdenv/darwin/make-bootstrap-tools.nix index 0216acee659b..41c94bd16745 100644 --- a/pkgs/stdenv/darwin/make-bootstrap-tools.nix +++ b/pkgs/stdenv/darwin/make-bootstrap-tools.nix @@ -2,9 +2,7 @@ with import ../../.. { inherit system; }; -let - llvmPackages = llvmPackages_38; -in rec { +rec { coreutils_ = coreutils.override (args: { # We want coreutils without ACL support. aclSupport = false; @@ -29,7 +27,6 @@ in rec { # C standard library stuff cp -d ${darwin.Libsystem}/lib/*.o $out/lib/ cp -d ${darwin.Libsystem}/lib/*.dylib $out/lib/ - cp -d ${darwin.Libsystem}/lib/system/*.dylib $out/lib/ # Resolv is actually a link to another package, so let's copy it properly rm $out/lib/libresolv.9.dylib @@ -81,11 +78,11 @@ in rec { cp -rL ${llvmPackages.clang-unwrapped}/lib/clang $out/lib - cp -d ${llvmPackages.libcxx}/lib/libc++*.dylib $out/lib - cp -d ${llvmPackages.libcxxabi}/lib/libc++abi*.dylib $out/lib + cp -d ${libcxx}/lib/libc++*.dylib $out/lib + cp -d ${libcxxabi}/lib/libc++abi*.dylib $out/lib mkdir $out/include - cp -rd ${llvmPackages.libcxx}/include/c++ $out/include + cp -rd ${libcxx}/include/c++ $out/include cp -d ${icu.out}/lib/libicu*.dylib $out/lib cp -d ${zlib.out}/lib/libz.* $out/lib @@ -93,7 +90,7 @@ in rec { cp -d ${xz.out}/lib/liblzma*.* $out/lib # Copy binutils. - for i in as ld ar ranlib nm strip otool install_name_tool dsymutil; do + for i in as ld ar ranlib nm strip otool install_name_tool dsymutil lipo; do cp ${darwin.cctools}/bin/$i $out/bin done diff --git a/pkgs/stdenv/generic/default.nix b/pkgs/stdenv/generic/default.nix index b2891030728f..cf7894fc005b 100644 --- a/pkgs/stdenv/generic/default.nix +++ b/pkgs/stdenv/generic/default.nix @@ -274,7 +274,10 @@ let // rec { - meta.description = "The default build environment for Unix packages in Nixpkgs"; + meta = { + description = "The default build environment for Unix packages in Nixpkgs"; + platforms = lib.platforms.all; + }; # Utility flags to test the type of platform. isDarwin = system == "x86_64-darwin"; diff --git a/pkgs/stdenv/generic/setup.sh b/pkgs/stdenv/generic/setup.sh index 5b50167d9b9f..c478c3753233 100644 --- a/pkgs/stdenv/generic/setup.sh +++ b/pkgs/stdenv/generic/setup.sh @@ -389,6 +389,11 @@ substitute() { local input="$1" local output="$2" + if [ ! -f "$input" ]; then + echo "substitute(): file '$input' does not exist" + return 1 + fi + local -a params=("$@") local n p pattern replacement varName content diff --git a/pkgs/stdenv/linux/make-bootstrap-tools-cross.nix b/pkgs/stdenv/linux/make-bootstrap-tools-cross.nix index 522c28905a86..af82788d3fa9 100644 --- a/pkgs/stdenv/linux/make-bootstrap-tools-cross.nix +++ b/pkgs/stdenv/linux/make-bootstrap-tools-cross.nix @@ -16,6 +16,7 @@ let libc = "glibc"; platform = pkgsNoParams.platforms.sheevaplug; openssl.system = "linux-generic32"; + inherit (platform) gcc; }; }; diff --git a/pkgs/tools/X11/x2vnc/default.nix b/pkgs/tools/X11/x2vnc/default.nix index a0d1013b8726..31ad524cf8f3 100644 --- a/pkgs/tools/X11/x2vnc/default.nix +++ b/pkgs/tools/X11/x2vnc/default.nix @@ -13,7 +13,7 @@ stdenv.mkDerivation rec { xorg.libXrandr xorg.randrproto ]; - preInstall = "mkdir -p $out"; + hardeningDisable = [ "format" ]; meta = { homepage = http://fredrik.hubbe.net/x2vnc.html; diff --git a/pkgs/tools/X11/x2x/default.nix b/pkgs/tools/X11/x2x/default.nix index 06d08195688a..dd529011557a 100644 --- a/pkgs/tools/X11/x2x/default.nix +++ b/pkgs/tools/X11/x2x/default.nix @@ -10,6 +10,8 @@ stdenv.mkDerivation { buildInputs = [ imake libX11 libXtst libXext ]; + hardeningDisable = [ "format" ]; + configurePhase = '' xmkmf makeFlags="BINDIR=$out/bin x2x" diff --git a/pkgs/tools/X11/xbindkeys-config/default.nix b/pkgs/tools/X11/xbindkeys-config/default.nix index 57d8d82759ce..cef071bb3b61 100644 --- a/pkgs/tools/X11/xbindkeys-config/default.nix +++ b/pkgs/tools/X11/xbindkeys-config/default.nix @@ -11,6 +11,8 @@ stdenv.mkDerivation rec { sha256 = "1rs3li2hyig6cdzvgqlbz0vw6x7rmgr59qd6m0cvrai8xhqqykda"; }; + hardeningDisable = [ "format" ]; + meta = { homepage = https://packages.debian.org/source/xbindkeys-config; description = "Graphical interface for configuring xbindkeys"; diff --git a/pkgs/tools/admin/tightvnc/default.nix b/pkgs/tools/admin/tightvnc/default.nix index 22b8a607fd34..e7164bf07b6c 100644 --- a/pkgs/tools/admin/tightvnc/default.nix +++ b/pkgs/tools/admin/tightvnc/default.nix @@ -13,6 +13,8 @@ stdenv.mkDerivation { inherit xauth fontDirectories perl; gcc = stdenv.cc.cc; + hardeningDisable = [ "format" ]; + buildInputs = [ xlibsWrapper zlib libjpeg imake gccmakedep libXmu libXaw libXpm libXp xauth openssh ]; diff --git a/pkgs/tools/archivers/cromfs/default.nix b/pkgs/tools/archivers/cromfs/default.nix index 23aa02bcac7f..042880b39c9b 100644 --- a/pkgs/tools/archivers/cromfs/default.nix +++ b/pkgs/tools/archivers/cromfs/default.nix @@ -10,9 +10,6 @@ stdenv.mkDerivation rec { postPatch = "patchShebangs configure"; - # Removing the static linking, as it doesn't compile in x86_64. - makeFlags = "cromfs-driver util/mkcromfs util/unmkcromfs util/cvcromfs"; - installPhase = '' install -d $out/bin install cromfs-driver $out/bin diff --git a/pkgs/tools/archivers/dar/default.nix b/pkgs/tools/archivers/dar/default.nix index 92a81f9e5d67..b64b6e4ca0a2 100644 --- a/pkgs/tools/archivers/dar/default.nix +++ b/pkgs/tools/archivers/dar/default.nix @@ -15,6 +15,8 @@ stdenv.mkDerivation rec { enableParallelBuilding = true; + hardeningDisable = [ "format" ]; + meta = { homepage = http://dar.linux.free.fr/; description = "Disk ARchiver, allows backing up files into indexed archives"; diff --git a/pkgs/tools/archivers/sharutils/default.nix b/pkgs/tools/archivers/sharutils/default.nix index e806a962eabb..41043cda5b65 100644 --- a/pkgs/tools/archivers/sharutils/default.nix +++ b/pkgs/tools/archivers/sharutils/default.nix @@ -8,6 +8,8 @@ stdenv.mkDerivation rec { sha256 = "1mallg1gprimlggdisfzdmh1xi676jsfdlfyvanlcw72ny8fsj3g"; }; + hardeningDisable = [ "format" ]; + preConfigure = '' # Fix for building on Glibc 2.16. Won't be needed once the # gnulib in sharutils is updated. diff --git a/pkgs/tools/archivers/unzip/default.nix b/pkgs/tools/archivers/unzip/default.nix index b5d03bc18b27..da0983fc0970 100644 --- a/pkgs/tools/archivers/unzip/default.nix +++ b/pkgs/tools/archivers/unzip/default.nix @@ -9,6 +9,8 @@ stdenv.mkDerivation { sha256 = "0dxx11knh3nk95p2gg2ak777dd11pr7jx5das2g49l262scrcv83"; }; + hardeningDisable = [ "format" ]; + patches = [ ./CVE-2014-8139.diff ./CVE-2014-8140.diff diff --git a/pkgs/tools/archivers/xarchive/default.nix b/pkgs/tools/archivers/xarchive/default.nix index 5868dcf10a7f..0cb4fbbf3f03 100644 --- a/pkgs/tools/archivers/xarchive/default.nix +++ b/pkgs/tools/archivers/xarchive/default.nix @@ -11,6 +11,8 @@ stdenv.mkDerivation rec { buildInputs = [ gtk2 pkgconfig ]; + hardeningDisable = [ "format" ]; + meta = { description = "A GTK+ front-end for command line archiving tools"; maintainers = [ stdenv.lib.maintainers.domenkozar ]; diff --git a/pkgs/tools/archivers/zip/default.nix b/pkgs/tools/archivers/zip/default.nix index 431ed354d21c..145b81c95bc8 100644 --- a/pkgs/tools/archivers/zip/default.nix +++ b/pkgs/tools/archivers/zip/default.nix @@ -13,6 +13,8 @@ stdenv.mkDerivation { sha256 = "0sb3h3067pzf3a7mlxn1hikpcjrsvycjcnj9hl9b1c3ykcgvps7h"; }; + hardeningDisable = [ "format" ]; + makefile = "unix/Makefile"; buildFlags = if stdenv.isCygwin then "cygwin" else "generic"; installFlags = "prefix=$(out) INSTALL=cp"; diff --git a/pkgs/tools/backup/borg/default.nix b/pkgs/tools/backup/borg/default.nix index 09683ce4b8ff..9649e35c074b 100644 --- a/pkgs/tools/backup/borg/default.nix +++ b/pkgs/tools/backup/borg/default.nix @@ -2,13 +2,13 @@ python3Packages.buildPythonApplication rec { name = "borgbackup-${version}"; - version = "1.0.6"; + version = "1.0.7"; namePrefix = ""; src = fetchurl { url = "https://github.com/borgbackup/borg/releases/download/" + "${version}/${name}.tar.gz"; - sha256 = "1dxn9p4xm0zd32xzzd9hs4a542db34clykrrnnv3hrdnc394895p"; + sha256 = "1l9iw55w5x51yxl3q89cf6avg80lajxvc8qz584hrsmnk6i56cr0"; }; nativeBuildInputs = with python3Packages; [ diff --git a/pkgs/tools/backup/partclone/default.nix b/pkgs/tools/backup/partclone/default.nix index 9aea0c80c6fa..54756a29cd6d 100644 --- a/pkgs/tools/backup/partclone/default.nix +++ b/pkgs/tools/backup/partclone/default.nix @@ -1,21 +1,25 @@ -{stdenv, fetchFromGitHub -, pkgconfig, libuuid -, e2fsprogs, automake, autoconf +{ stdenv, fetchFromGitHub, autoreconfHook +, pkgconfig, libuuid, e2fsprogs }: -stdenv.mkDerivation { - name = "partclone-stable"; - enableParallelBuilding = true; + +stdenv.mkDerivation rec { + name = "partclone-${version}"; + version = "0.2.89"; src = fetchFromGitHub { owner = "Thomas-Tsai"; repo = "partclone"; - rev = "stable"; - sha256 = "0q3brjmnldpr89nhbiajxg3gncz0nagc34n7q2723lpz7bn28w3z"; + rev = version; + sha256 = "0gw47pchqshhm00yf34qgxh6bh2jfryv0sm7ghwn77bv5gzwr481"; }; - buildInputs = [e2fsprogs pkgconfig libuuid automake autoconf]; + nativeBuildInputs = [ autoreconfHook pkgconfig ]; + buildInputs = [ + e2fsprogs libuuid stdenv.cc.libc + (stdenv.lib.getOutput "static" stdenv.cc.libc) + ]; - installPhase = ''make INSTPREFIX=$out install''; + enableParallelBuilding = true; meta = { description = "Utilities to save and restore used blocks on a partition"; diff --git a/pkgs/tools/bootloaders/refind/default.nix b/pkgs/tools/bootloaders/refind/default.nix index 744d67c75248..5121ecc9477c 100644 --- a/pkgs/tools/bootloaders/refind/default.nix +++ b/pkgs/tools/bootloaders/refind/default.nix @@ -23,6 +23,8 @@ stdenv.mkDerivation rec { buildInputs = [ gnu-efi efibootmgr dosfstools imagemagick ]; + hardeningDisable = [ "stackprotector" ]; + HOSTARCH = if stdenv.system == "x86_64-linux" then "x64" else if stdenv.system == "i686-linux" then "ia32" diff --git a/pkgs/tools/cd-dvd/cdrdao/default.nix b/pkgs/tools/cd-dvd/cdrdao/default.nix index 95d0f1051be9..caf37ccbe1d5 100644 --- a/pkgs/tools/cd-dvd/cdrdao/default.nix +++ b/pkgs/tools/cd-dvd/cdrdao/default.nix @@ -12,6 +12,8 @@ stdenv.mkDerivation { buildInputs = [ lame libvorbis libmad pkgconfig libao ]; + hardeningDisable = [ "format" ]; + # Adjust some headers to match glibc 2.12 ... patch is a diff between # the cdrdao CVS head and the 1.2.3 release. patches = [ ./adjust-includes-for-glibc-212.patch ]; diff --git a/pkgs/tools/cd-dvd/cdrkit/default.nix b/pkgs/tools/cd-dvd/cdrkit/default.nix index 5353a8d432f7..36382c9e8c9f 100644 --- a/pkgs/tools/cd-dvd/cdrkit/default.nix +++ b/pkgs/tools/cd-dvd/cdrkit/default.nix @@ -10,6 +10,8 @@ stdenv.mkDerivation rec { buildInputs = [cmake libcap zlib bzip2]; + hardeningDisable = [ "format" ]; + # efi-boot-patch extracted from http://arm.koji.fedoraproject.org/koji/rpminfo?rpmID=174244 patches = [ ./include-path.patch ./cdrkit-1.1.9-efi-boot.patch ]; diff --git a/pkgs/tools/compression/xz/default.nix b/pkgs/tools/compression/xz/default.nix index 5d6a8634b1ba..64571e24d9a3 100644 --- a/pkgs/tools/compression/xz/default.nix +++ b/pkgs/tools/compression/xz/default.nix @@ -17,6 +17,9 @@ stdenv.mkDerivation rec { postInstall = "rm -rf $out/share/doc"; + # FIXME needs gcc 4.9 in bootstrap tools + hardeningDisable = [ "stackprotector" ]; + meta = with stdenv.lib; { homepage = http://tukaani.org/xz/; description = "XZ, general-purpose data compression software, successor of LZMA"; diff --git a/pkgs/tools/filesystems/fusesmb/default.nix b/pkgs/tools/filesystems/fusesmb/default.nix index 4ddab385a427..5a3451810a12 100644 --- a/pkgs/tools/filesystems/fusesmb/default.nix +++ b/pkgs/tools/filesystems/fusesmb/default.nix @@ -16,6 +16,8 @@ stdenv.mkDerivation rec { ln -fs ${samba}/lib/libsmbclient.so $out/lib/libsmbclient.so.0 ''; + hardeningDisable = [ "format" ]; + meta = { description = "Samba mounted via FUSE"; homepage = http://www.ricardis.tudelft.nl/~vincent/fusesmb/; diff --git a/pkgs/tools/filesystems/jfsutils/default.nix b/pkgs/tools/filesystems/jfsutils/default.nix index 46ded088c696..16d95bd19336 100644 --- a/pkgs/tools/filesystems/jfsutils/default.nix +++ b/pkgs/tools/filesystems/jfsutils/default.nix @@ -8,7 +8,7 @@ stdenv.mkDerivation rec { sha1 = "291e8bd9d615cf3d27e4000117c81a3602484a50"; }; - patches = [ ./types.patch ]; + patches = [ ./types.patch ./hardening-format.patch ]; buildInputs = [ libuuid ]; diff --git a/pkgs/tools/filesystems/jfsutils/hardening-format.patch b/pkgs/tools/filesystems/jfsutils/hardening-format.patch new file mode 100644 index 000000000000..dd2a93a81ec6 --- /dev/null +++ b/pkgs/tools/filesystems/jfsutils/hardening-format.patch @@ -0,0 +1,37 @@ +--- a/fscklog/fscklog.c 2016-01-29 04:59:54.102223291 +0000 ++++ b/fscklog/fscklog.c 2016-01-29 05:00:10.707552565 +0000 +@@ -252,8 +252,8 @@ + + sprintf(debug_detail, " [%s:%d]\n", basename(file_name), line_number); + +- printf(msg_string); +- printf(debug_detail); ++ printf("%s", msg_string); ++ printf("%s", debug_detail); + + return 0; + } +--- a/fscklog/display.c 2016-01-29 05:05:42.582133444 +0000 ++++ b/fscklog/display.c 2016-01-29 05:05:47.541231780 +0000 +@@ -182,7 +182,7 @@ + } else { + /* the record looks ok */ + msg_txt = &log_entry[log_entry_pos]; +- printf(msg_txt); ++ printf("%s", msg_txt); + /* + * set up for the next record + */ +--- a/logdump/helpers.c 2016-01-29 05:06:26.081996021 +0000 ++++ b/logdump/helpers.c 2016-01-29 05:06:43.097333425 +0000 +@@ -95,8 +95,8 @@ + + sprintf(debug_detail, " [%s:%d]\n", file_name, line_number); + +- printf(msg_string); +- printf(debug_detail); ++ printf("%s", msg_string); ++ printf("%s", debug_detail); + + return 0; + } diff --git a/pkgs/tools/filesystems/reiser4progs/default.nix b/pkgs/tools/filesystems/reiser4progs/default.nix index cd32025e5b66..681fc1c80ef0 100644 --- a/pkgs/tools/filesystems/reiser4progs/default.nix +++ b/pkgs/tools/filesystems/reiser4progs/default.nix @@ -11,6 +11,8 @@ stdenv.mkDerivation rec { buildInputs = [libaal]; + hardeningDisable = [ "format" ]; + preConfigure = '' substituteInPlace configure --replace " -static" "" ''; diff --git a/pkgs/tools/filesystems/relfs/default.nix b/pkgs/tools/filesystems/relfs/default.nix index 6d803f725318..0c8e1c4ef81a 100644 --- a/pkgs/tools/filesystems/relfs/default.nix +++ b/pkgs/tools/filesystems/relfs/default.nix @@ -1,54 +1,48 @@ -{ stdenv, fetchcvs, builderDefs, ocaml, fuse, postgresql, pcre +{ stdenv, fetchcvs, ocaml, fuse, postgresql, pcre , libuuid, gnome_vfs, pkgconfig, GConf }: - let localDefs = builderDefs.passthru.function { +stdenv.mkDerivation rec { + name = "relfs-2008.03.05"; + src = fetchcvs { cvsRoot = ":pserver:anonymous@relfs.cvs.sourceforge.net:/cvsroot/relfs"; module = "relfs"; date = "2008-03-05"; sha256 = "949f8eff7e74ff2666cccf8a1efbfcce8d54bc41bec6ad6db8c029de7ca832a3"; }; - - buildInputs = [ocaml fuse postgresql pcre - libuuid gnome_vfs pkgconfig GConf]; - configureFlags = []; - build = builderDefs.stringsWithDeps.fullDepEntry (" - cd deps - sed -e 's/^CPP/#&/ ; s/^# CPP=gcc/CPP=gcc/' -i Makefile.camlidl - make - cd ../src - sed -e 's/NULL\\|FALSE/0/g' -i Mimetype_lib.c - sed -e 's@/usr/local/@'\$out/'@' -i Makefile - sed -e '/install:/a\\\tmkdir -p '\$out'/share' -i Makefile - make - mkdir -p \$out/bin - echo ' - createuser -A -D \$1 - dropdb relfs_\$1 ; - rm -rf /tmp/relfs-\$1-tmp; - mkdir /tmp/relfs-\$1-tmp; - USER=\$1 relfs -f -s /tmp/relfs-\$1-tmp & - sleep 1 && - kill -15 \${!}; - rm -rf /tmp/relfs-\$1-tmp ; - psql -d relfs_\$1 <<< \"ALTER DATABASE relfs_\$1 OWNER TO \$1; - ALTER TABLE obj OWNER TO \$1; - ALTER TABLE obj_mimetype OWNER TO \$1; - ALTER TABLE membership OWNER TO \$1;\"' > \$out/bin/relfs_grant; - chmod a+x \$out/bin/relfs_grant; - ") ["minInit" "doUnpack" "addInputs"]; - }; - in with localDefs; -assert libuuid != null; - -stdenv.mkDerivation rec { - name = "relfs-2008.03.05"; - builder = writeScript (name + "-builder") - (textClosure localDefs ["build" "doMakeInstall" "doForceShare" "doPropagate"]); + buildInputs = [ ocaml fuse postgresql pcre libuuid gnome_vfs pkgconfig GConf ]; + + buildPhase = '' + cd deps + sed -e 's/^CPP/#&/ ; s/^# CPP=gcc/CPP=gcc/' -i Makefile.camlidl + make + cd ../src + sed -e 's/NULL\\|FALSE/0/g' -i Mimetype_lib.c + sed -e 's@/usr/local/@'\$out/'@' -i Makefile + sed -e '/install:/a\\\tmkdir -p '\$out'/share' -i Makefile + make + mkdir -p \$out/bin + echo ' + createuser -A -D \$1 + dropdb relfs_\$1 ; + rm -rf /tmp/relfs-\$1-tmp; + mkdir /tmp/relfs-\$1-tmp; + USER=\$1 relfs -f -s /tmp/relfs-\$1-tmp & + sleep 1 && + kill -15 \''${!}; + rm -rf /tmp/relfs-\$1-tmp ; + psql -d relfs_\$1 <<< \"ALTER DATABASE relfs_\$1 OWNER TO \$1; + ALTER TABLE obj OWNER TO \$1; + ALTER TABLE obj_mimetype OWNER TO \$1; + ALTER TABLE membership OWNER TO \$1;\"' > \$out/bin/relfs_grant; + chmod a+x \$out/bin/relfs_grant; + ''; + meta = { description = "A relational filesystem on top of FUSE"; - maintainers = [stdenv.lib.maintainers.raskin]; + maintainers = [stdenv.lib.maintainers.raskin]; platforms = stdenv.lib.platforms.linux; + broken = true; }; } diff --git a/pkgs/tools/filesystems/udftools/default.nix b/pkgs/tools/filesystems/udftools/default.nix index 7cb924c6cf13..b912bab68260 100644 --- a/pkgs/tools/filesystems/udftools/default.nix +++ b/pkgs/tools/filesystems/udftools/default.nix @@ -10,6 +10,8 @@ stdenv.mkDerivation rec { buildInputs = [ ncurses readline ]; + hardeningDisable = [ "fortify" ]; + NIX_CFLAGS_COMPILE = "-std=gnu90"; preConfigure = '' diff --git a/pkgs/tools/filesystems/xtreemfs/default.nix b/pkgs/tools/filesystems/xtreemfs/default.nix index adee80d9c5d0..2a85adb60b56 100644 --- a/pkgs/tools/filesystems/xtreemfs/default.nix +++ b/pkgs/tools/filesystems/xtreemfs/default.nix @@ -42,15 +42,19 @@ stdenv.mkDerivation rec { substituteInPlace etc/init.d/generate_initd_scripts.sh \ --replace "/bin/bash" "${stdenv.shell}" + substituteInPlace cpp/thirdparty/gtest-1.7.0/configure \ + --replace "/usr/bin/file" "${file}/bin/file" + + substituteInPlace cpp/thirdparty/protobuf-2.5.0/configure \ + --replace "/usr/bin/file" "${file}/bin/file" + + substituteInPlace cpp/thirdparty/protobuf-2.5.0/gtest/configure \ + --replace "/usr/bin/file" "${file}/bin/file" + # do not put cmake into buildInputs export PATH="$PATH:${cmake}/bin" ''; - preBuild = '' - substituteInPlace configure \ - --replace "/usr/bin/file" "${file}/bin/file" - ''; - doCheck = false; postInstall = '' diff --git a/pkgs/tools/graphics/barcode/default.nix b/pkgs/tools/graphics/barcode/default.nix index b35b929da404..d6a31bd5c7f7 100644 --- a/pkgs/tools/graphics/barcode/default.nix +++ b/pkgs/tools/graphics/barcode/default.nix @@ -9,13 +9,14 @@ stdenv.mkDerivation rec { sha256 = "1indapql5fjz0bysyc88cmc54y8phqrbi7c76p71fgjp45jcyzp8"; }; + hardeningDisable = [ "format" ]; + meta = with stdenv.lib; { description = "GNU barcode generator"; maintainers = with maintainers; [ raskin ]; platforms = with platforms; allBut darwin; downloadPage = "http://ftp.gnu.org/gnu/barcode/"; updateWalker = true; - inherit version; homepage = http://ftp.gnu.org/gnu/barcode/; }; } diff --git a/pkgs/tools/graphics/editres/default.nix b/pkgs/tools/graphics/editres/default.nix index 78a66721b0c9..a3d343cea577 100644 --- a/pkgs/tools/graphics/editres/default.nix +++ b/pkgs/tools/graphics/editres/default.nix @@ -10,7 +10,9 @@ stdenv.mkDerivation rec { buildInputs = [ pkgconfig libXt libXaw libXres utilmacros ]; - preConfigure = "configureFlags=--with-appdefaultdir=$out/share/X11/app-defaults/editres"; + configureFlags = "--with-appdefaultdir=$(out)/share/X11/app-defaults/editres"; + + hardeningDisable = [ "format" ]; meta = { homepage = "http://cgit.freedesktop.org/xorg/app/editres/"; diff --git a/pkgs/tools/graphics/ggobi/default.nix b/pkgs/tools/graphics/ggobi/default.nix index cf2c5598d2a9..e7fb3e773c1d 100644 --- a/pkgs/tools/graphics/ggobi/default.nix +++ b/pkgs/tools/graphics/ggobi/default.nix @@ -13,6 +13,8 @@ stdenv.mkDerivation rec { configureFlags = "--with-all-plugins"; + hardeningDisable = [ "format" ]; + meta = with stdenv.lib; { description = "Visualization program for exploring high-dimensional data"; homepage = http://www.ggobi.org/; diff --git a/pkgs/tools/graphics/graphviz/2.0.nix b/pkgs/tools/graphics/graphviz/2.0.nix index 5fa78a3e3b8c..255ec2d536f6 100644 --- a/pkgs/tools/graphics/graphviz/2.0.nix +++ b/pkgs/tools/graphics/graphviz/2.0.nix @@ -12,10 +12,13 @@ stdenv.mkDerivation rec { sha256 = "39b8e1f2ba4cc1f5bdc8e39c7be35e5f831253008e4ee2c176984f080416676c"; }; - buildInputs = [pkgconfig xlibsWrapper libpng libjpeg expat libXaw yacc + buildInputs = [ + pkgconfig xlibsWrapper libpng libjpeg expat libXaw yacc libtool fontconfig pango gd libwebp - ]; - + ]; + + hardeningDisable = [ "format" "fortify" ]; + configureFlags = [ "--with-pngincludedir=${libpng.dev}/include" "--with-pnglibdir=${libpng.out}/lib" diff --git a/pkgs/tools/graphics/graphviz/2.32.nix b/pkgs/tools/graphics/graphviz/2.32.nix index edbe9cd33747..9c125433c3a6 100644 --- a/pkgs/tools/graphics/graphviz/2.32.nix +++ b/pkgs/tools/graphics/graphviz/2.32.nix @@ -31,6 +31,8 @@ stdenv.mkDerivation rec { ] ++ stdenv.lib.optional (xorg == null) "--without-x"; + hardeningDisable = [ "fortify" ]; + preBuild = '' sed -e 's@am__append_5 *=.*@am_append_5 =@' -i lib/gvc/Makefile ''; diff --git a/pkgs/tools/graphics/graphviz/default.nix b/pkgs/tools/graphics/graphviz/default.nix index 975c5dc13e8e..1162b338ed75 100644 --- a/pkgs/tools/graphics/graphviz/default.nix +++ b/pkgs/tools/graphics/graphviz/default.nix @@ -12,9 +12,11 @@ stdenv.mkDerivation rec { sha256 = "17l5czpvv5ilmg17frg0w4qwf89jzh2aglm9fgx0l0aakn6j7al1"; }; + hardeningDisable = [ "fortify" ]; + patches = [ ./0001-vimdot-lookup-vim-in-PATH.patch - + # NOTE: Once this patch is removed, flex can probably be removed from # buildInputs. ./cve-2014-9157.patch diff --git a/pkgs/tools/graphics/jbig2enc/default.nix b/pkgs/tools/graphics/jbig2enc/default.nix index 8d0b7d2d9f49..0bb0bb00efa5 100644 --- a/pkgs/tools/graphics/jbig2enc/default.nix +++ b/pkgs/tools/graphics/jbig2enc/default.nix @@ -1,4 +1,6 @@ -{stdenv, fetchurl, leptonica, zlib, libwebp, giflib, libjpeg, libpng, libtiff }: stdenv.mkDerivation { +{ stdenv, fetchurl, fetchpatch, leptonica, zlib, libwebp, giflib, libjpeg, libpng, libtiff }: + +stdenv.mkDerivation { name = "jbig2enc-0.28"; src = fetchurl { diff --git a/pkgs/tools/graphics/logstalgia/default.nix b/pkgs/tools/graphics/logstalgia/default.nix index 0deb24ed56f9..f7f9211b5154 100644 --- a/pkgs/tools/graphics/logstalgia/default.nix +++ b/pkgs/tools/graphics/logstalgia/default.nix @@ -1,5 +1,5 @@ -{ stdenv, fetchurl, SDL, ftgl, pkgconfig, libpng, libjpeg, pcre, SDL_image, glew -, mesa, boost, glm }: +{ stdenv, fetchurl, SDL2, ftgl, pkgconfig, libpng, libjpeg, pcre, SDL2_image, glew +, mesa, boost, glm, freetype }: stdenv.mkDerivation rec { name = "logstalgia-${version}"; @@ -10,8 +10,8 @@ stdenv.mkDerivation rec { sha256 = "1qghz1j3jmfj093br2hfyibayg3fmhg8fvp5ix9n9rbvzc1zslsm"; }; - buildInputs = [ glew SDL ftgl pkgconfig libpng libjpeg pcre SDL_image mesa boost - glm ]; + buildInputs = [ glew SDL2 ftgl pkgconfig libpng libjpeg pcre SDL2_image mesa boost + glm freetype ]; meta = with stdenv.lib; { homepage = http://code.google.com/p/logstalgia; diff --git a/pkgs/tools/graphics/lprof/default.nix b/pkgs/tools/graphics/lprof/default.nix index 0aee233e79bb..cbce8bb61f7c 100644 --- a/pkgs/tools/graphics/lprof/default.nix +++ b/pkgs/tools/graphics/lprof/default.nix @@ -7,6 +7,8 @@ stdenv.mkDerivation { name = "lprof-1.11.4.1"; buildInputs = [ scons qt3 lcms1 libtiff vigra ]; + hardeningDisable = [ "format" ]; + preConfigure = '' export QTDIR=${qt3} export qt_directory=${qt3} @@ -28,6 +30,7 @@ stdenv.mkDerivation { -e "s/not config.CheckHeader('tiff.h')/False/" \ -e "s/not config.CheckCXXHeader('vigra\/impex.hxx')/False/" \ \ + -e "s/^\( 'LDFLAGS'.*\)/\1\n,'hardeningDisable' : os.environ['hardeningDisable']/" \ -e "s/^\( 'LDFLAGS'.*\)/\1\n,'NIX_CFLAGS_COMPILE' : os.environ['NIX_CFLAGS_COMPILE']/" \ -e "s/^\( 'LDFLAGS'.*\)/\1\n,'NIX_LDFLAGS' : os.environ['NIX_LDFLAGS']/" diff --git a/pkgs/tools/graphics/netpbm/default.nix b/pkgs/tools/graphics/netpbm/default.nix index bebf7680ded3..3c724ccc2b83 100644 --- a/pkgs/tools/graphics/netpbm/default.nix +++ b/pkgs/tools/graphics/netpbm/default.nix @@ -3,11 +3,11 @@ , enableX11 ? false, libX11 }: stdenv.mkDerivation rec { - name = "netpbm-10.66.00"; + name = "netpbm-10.70.00"; src = fetchurl { url = "mirror://gentoo/distfiles/${name}.tar.xz"; - sha256 = "1z33pxdir92m7jlvp5c2q44gxwj7jyf8skiqkr71kgirw4w4zsbz"; + sha256 = "14vxmzbwsy4rzrqjnzr4cvz1s0amacq69faps3v1j1kr05lcns0j"; }; postPatch = /* CVE-2005-2471, from Arch */ '' @@ -15,8 +15,6 @@ stdenv.mkDerivation rec { --replace '"-DSAFER"' '"-DPARANOIDSAFER"' ''; - NIX_CFLAGS_COMPILE = "-fPIC"; # Gentoo adds this on every platform - buildInputs = [ pkgconfig flex zlib perl libpng libjpeg libxml2 makeWrapper libtiff ] ++ lib.optional enableX11 libX11; diff --git a/pkgs/tools/graphics/neural-style/default.nix b/pkgs/tools/graphics/neural-style/default.nix new file mode 100644 index 000000000000..4efa6aa29768 --- /dev/null +++ b/pkgs/tools/graphics/neural-style/default.nix @@ -0,0 +1,57 @@ +{stdenv, fetchFromGitHub, torch, loadcaffe, fetchurl, bash}: +stdenv.mkDerivation rec { + name = "neural-style-${version}"; + version = "0.0pre2016.08.15"; + buildInputs = [torch loadcaffe]; + src = fetchFromGitHub { + owner = "jcjohnson"; + repo = "neural-style"; + rev = "ec5ba3a690d3090428d3b92b0c5d686a311bf432"; + sha256 = "14qzbs9f95izvd0vbbirhymdw9pq2nw0jvhrh7vnyzr99xllwp02"; + }; + models = [ + (fetchurl { + url = "https://gist.githubusercontent.com/ksimonyan/3785162f95cd2d5fee77/raw/bb2b4fe0a9bb0669211cf3d0bc949dfdda173e9e/VGG_ILSVRC_19_layers_deploy.prototxt"; + sha256 = "09cpz7pyvc8sypg2q5j2i8yqwj1sjdbnmd6skl293p9pv13dmjg7"; + }) + (fetchurl { + url = "https://bethgelab.org/media/uploads/deeptextures/vgg_normalised.caffemodel"; + sha256 = "11qckdvlck7wwl3pan0nawgxm8l2ccddi272i5l8rs9qzm7b23rf"; + }) + (fetchurl { + url = "http://www.robots.ox.ac.uk/~vgg/software/very_deep/caffe/VGG_ILSVRC_19_layers.caffemodel"; + sha256 = "0m399x7pl4lnhy435ycsyz8xpzapqmx9n1sz698y2vhcqhkwdd1i"; + }) + ]; + installPhase = '' + mkdir -p "$out"/{bin,lib/lua/neural-style/models,share/doc/neural-style,share/neural-style} + for file in $models; do + cp "$file" "$out/lib/lua/neural-style/models/$(basename "$file" | sed -e 's/[^-]*-//')" + done; + cp README* INSTALL* LICEN?E* "$out"/share/doc/neural-style/ + cp neural_style.lua "$out"/lib/lua/neural-style + + substituteAll "${./neural-style.sh}" "$out/bin/neural-style" + chmod a+x "$out/bin/neural-style" + cp "$out/bin/neural-style" . + cp "$out/lib/lua/neural-style/models/"* models/ + + echo "Testing..." + + "$out/bin/neural-style" -style_image examples/inputs/golden_gate.jpg \ + -content_image examples/inputs/golden_gate.jpg -output_image $PWD/test.png \ + -gpu -1 -save_iter 1 -print_iter 1 -num_iterations 1 || true + + cp -f "$out/lib/lua/neural-style/models/"* models/ + + test -e test.png || exit 1 + ''; + inherit torch bash loadcaffe; + meta = { + inherit version; + description = ''A torch implementation of the paper A Neural Algorithm of Artistic Style''; + license = stdenv.lib.licenses.mit ; + maintainers = [stdenv.lib.maintainers.raskin]; + platforms = stdenv.lib.platforms.linux; + }; +} diff --git a/pkgs/tools/graphics/neural-style/neural-style.sh b/pkgs/tools/graphics/neural-style/neural-style.sh new file mode 100644 index 000000000000..07a4d6dedc04 --- /dev/null +++ b/pkgs/tools/graphics/neural-style/neural-style.sh @@ -0,0 +1,25 @@ +#! @bash@/bin/bash + +declare -a args +c=1 +flag= + +for arg in "$@"; do + if test "$arg" = "${arg#-}" && test "$arg" = "${arg#/}" && test -n "$flag"; then + arg="$PWD/$arg" + flag= + elif test "$arg" != "${arg%_image}" && test "$arg" != "${arg#-}"; then + flag=1 + else + flag= + fi + args[c]="$arg"; + c=$((c+1)); +done + +cd "@out@/lib/lua/neural-style" + +export LUA_PATH="$LUA_PATH${LUA_PATH:+;}@loadcaffe@/lua/?/init.lua;@loadcaffe@/lua/?.lua" +export LUA_CPATH="$LUA_CPATH${LUA_CPATH:+;}@loadcaffe@/lib/?.so" + +@torch@/bin/th neural_style.lua "${args[@]}" diff --git a/pkgs/tools/graphics/nifskope/default.nix b/pkgs/tools/graphics/nifskope/default.nix index decd6fb56fd3..f66d01ef7aa3 100644 --- a/pkgs/tools/graphics/nifskope/default.nix +++ b/pkgs/tools/graphics/nifskope/default.nix @@ -23,6 +23,8 @@ stdenv.mkDerivation rec { enableParallelBuilding = true; + hardeningDisable = [ "format" ]; + # Inspired by linux-install/nifskope.spec.in. installPhase = '' diff --git a/pkgs/tools/graphics/ploticus/default.nix b/pkgs/tools/graphics/ploticus/default.nix index ff28959148fc..b855410f37f2 100644 --- a/pkgs/tools/graphics/ploticus/default.nix +++ b/pkgs/tools/graphics/ploticus/default.nix @@ -11,6 +11,8 @@ stdenv.mkDerivation { buildInputs = [ zlib libX11 libpng ]; + hardeningDisable = [ "format" ]; + patches = [ ./ploticus-install.patch ]; meta = with stdenv.lib; { diff --git a/pkgs/tools/graphics/plotutils/default.nix b/pkgs/tools/graphics/plotutils/default.nix index 3cf0c5c3c89a..c6bde4c5b0c3 100644 --- a/pkgs/tools/graphics/plotutils/default.nix +++ b/pkgs/tools/graphics/plotutils/default.nix @@ -25,6 +25,8 @@ stdenv.mkDerivation rec { configureFlags = "--enable-libplotter"; # required for pstoedit + hardeningDisable = [ "format" ]; + doCheck = true; meta = { diff --git a/pkgs/tools/graphics/pngcheck/default.nix b/pkgs/tools/graphics/pngcheck/default.nix index 38efa0236b2e..6814a06e3b95 100644 --- a/pkgs/tools/graphics/pngcheck/default.nix +++ b/pkgs/tools/graphics/pngcheck/default.nix @@ -8,9 +8,7 @@ stdenv.mkDerivation rec { sha256 = "0pzkj1bb4kdybk6vbfq9s0wzdm5szmrgixkas3xmbpv4mhws1w3p"; }; - # configurePhase = '' - # sed -i s,/usr,$out, Makefile - # ''; + hardeningDisable = [ "format" ]; makefile = "Makefile.unx"; makeFlags = "ZPATH=${zlib.static}/lib"; diff --git a/pkgs/tools/graphics/qrcode/default.nix b/pkgs/tools/graphics/qrcode/default.nix index f0e86ddfb1de..606e546af293 100644 --- a/pkgs/tools/graphics/qrcode/default.nix +++ b/pkgs/tools/graphics/qrcode/default.nix @@ -1,4 +1,4 @@ -{stdenv, fetchgit}: +{ stdenv, fetchgit }: let s = rec { @@ -16,14 +16,19 @@ in stdenv.mkDerivation { inherit (s) name version; inherit buildInputs; + src = fetchgit { inherit (s) rev url sha256; }; + + NIX_CFLAGS_COMPILE = "-Wno-error=unused-result"; + installPhase = '' mkdir -p "$out"/{bin,share/doc/qrcode} cp qrcode "$out/bin" cp DOCUMENTATION LICENCE "$out/share/doc/qrcode" ''; + meta = { inherit (s) version; description = ''A small QR-code tool''; diff --git a/pkgs/tools/graphics/transfig/default.nix b/pkgs/tools/graphics/transfig/default.nix index 3e8e824d1c65..948bba6d459f 100644 --- a/pkgs/tools/graphics/transfig/default.nix +++ b/pkgs/tools/graphics/transfig/default.nix @@ -11,6 +11,8 @@ stdenv.mkDerivation rec { buildInputs = [zlib libjpeg libpng imake]; inherit libpng; + hardeningDisable = [ "format" ]; + patches = [prefixPatch1 prefixPatch2 prefixPatch3 varargsPatch gensvgPatch]; prefixPatch1 = diff --git a/pkgs/tools/graphics/zbar/default.nix b/pkgs/tools/graphics/zbar/default.nix index 2751da42a4c3..9a181e7d087d 100644 --- a/pkgs/tools/graphics/zbar/default.nix +++ b/pkgs/tools/graphics/zbar/default.nix @@ -38,6 +38,8 @@ stdenv.mkDerivation rec { [ imagemagickBig pkgconfig python pygtk perl libX11 libv4l qt4 lzma gtk2 autoreconfHook ]; + hardeningDisable = [ "fortify" ]; + meta = with stdenv.lib; { description = "Bar code reader"; longDescription = '' diff --git a/pkgs/tools/inputmethods/ibus-engines/ibus-m17n/default.nix b/pkgs/tools/inputmethods/ibus-engines/ibus-m17n/default.nix index 81bfffb25464..2dbab7129555 100644 --- a/pkgs/tools/inputmethods/ibus-engines/ibus-m17n/default.nix +++ b/pkgs/tools/inputmethods/ibus-engines/ibus-m17n/default.nix @@ -1,5 +1,5 @@ { stdenv, fetchFromGitHub -, automake, autoconf, libtool, pkgconfig +, autoreconfHook, pkgconfig , ibus, m17n_lib, m17n_db, gettext, python3, pygobject3 }: @@ -19,11 +19,7 @@ stdenv.mkDerivation rec { python3 pygobject3 ]; - nativeBuildInputs = [ automake autoconf libtool pkgconfig ]; - - preConfigure = '' - autoreconf --verbose --force --install - ''; + nativeBuildInputs = [ autoreconfHook pkgconfig ]; meta = with stdenv.lib; { isIbusEngine = true; diff --git a/pkgs/tools/misc/blink1-tool/default.nix b/pkgs/tools/misc/blink1-tool/default.nix new file mode 100644 index 000000000000..29b199e5866b --- /dev/null +++ b/pkgs/tools/misc/blink1-tool/default.nix @@ -0,0 +1,29 @@ +{ stdenv, fetchurl, libusb1, pkgconfig, ... }: + +stdenv.mkDerivation rec { + name = "blink1-${version}"; + version = "v1.98"; + + src = fetchurl { + url = "https://github.com/todbot/blink1/archive/${version}.tar.gz"; + sha256 = "05hbnp20cdvyyqf6jr01waz1ycis20qzsd8hn27snmn6qd48igrb"; + }; + + buildInputs = [ libusb1 pkgconfig ]; + + configurePhase = '' + cd commandline + ''; + + installPhase = '' + PREFIX=$out make install + ''; + + meta = { + description = "Command line client for the blink(1) notification light"; + homepage = https://blink1.thingm.com/; + license = stdenv.lib.licenses.cc-by-sa-30; + maintainers = [ stdenv.lib.maintainers.cransom ]; + platforms = stdenv.lib.platforms.linux; + }; +} diff --git a/pkgs/tools/misc/calamares/default.nix b/pkgs/tools/misc/calamares/default.nix index 98fcf9182d4b..7c7c0b0a5ec3 100644 --- a/pkgs/tools/misc/calamares/default.nix +++ b/pkgs/tools/misc/calamares/default.nix @@ -1,15 +1,16 @@ -{ stdenv, fetchgit, cmake, polkit-qt, libyamlcpp, python, boost, parted +{ stdenv, fetchurl, cmake, polkit-qt, libyamlcpp, python, boost, parted , extra-cmake-modules, kconfig, ki18n, kcoreaddons, solid, utillinux, libatasmart , ckbcomp, glibc, tzdata, xkeyboard_config, qtbase, qtsvg, qttools }: stdenv.mkDerivation rec { - name = "calamares-${version}"; - version = "1.0"; - - src = fetchgit { - url = "https://github.com/calamares/calamares.git"; - rev = "dabfb68a68cb012a90cd7b94a22e1ea08f7dd8ad"; - sha256 = "12n161fmzybi20pxcjikqnckhzh175ni5da122p74bx7fzv7q41p"; + name = "${pname}-${version}"; + pname = "calamares"; + version = "1.1.4.2"; + + # release including submodule + src = fetchurl { + url = "https://github.com/${pname}/${pname}/releases/download/v${version}/${name}.tar.gz"; + sha256 = "1mh0nmzc3i1aqcj79q2s3vpccn0mirlfbj26sfyb0v6gcrvf707d"; }; buildInputs = [ diff --git a/pkgs/tools/misc/coreutils/default.nix b/pkgs/tools/misc/coreutils/default.nix index ea9ee271ebfd..e1d9bb921fd9 100644 --- a/pkgs/tools/misc/coreutils/default.nix +++ b/pkgs/tools/misc/coreutils/default.nix @@ -20,12 +20,17 @@ let sha256 = "11yfrnb94xzmvi4lhclkcmkqsbhww64wf234ya1aacjvg82prrii"; }; + # FIXME needs gcc 4.9 in bootstrap tools + hardeningDisable = [ "stackprotector" ]; + patches = optional stdenv.isCygwin ./coreutils-8.23-4.cygwin.patch; # The test tends to fail on btrfs and maybe other unusual filesystems. postPatch = optionalString (!stdenv.isDarwin) '' sed '2i echo Skipping dd sparse test && exit 0' -i ./tests/dd/sparse.sh sed '2i echo Skipping cp sparse test && exit 0' -i ./tests/cp/sparse.sh + sed '2i echo Skipping rm deep-2 test && exit 0' -i ./tests/rm/deep-2.sh + sed '2i echo Skipping du long-from-unreadable test && exit 0' -i ./tests/du/long-from-unreadable.sh ''; outputs = [ "out" "info" ]; diff --git a/pkgs/tools/misc/ddccontrol/automake.patch b/pkgs/tools/misc/ddccontrol/automake.patch new file mode 100644 index 000000000000..a890654ca7c7 --- /dev/null +++ b/pkgs/tools/misc/ddccontrol/automake.patch @@ -0,0 +1,14 @@ +diff --git a/src/gnome-ddcc-applet/Makefile.am b/src/gnome-ddcc-applet/Makefile.am +index d85ff56..b13e74c 100644 +--- a/src/gnome-ddcc-applet/Makefile.am ++++ b/src/gnome-ddcc-applet/Makefile.am +@@ -6,7 +6,8 @@ DDCC_LDADD = ../lib/libddccontrol.la + + EXTRA_DIST = GNOME_ddcc-applet.server.in.in GNOME_ddcc-applet.xml + +-pkglib_PROGRAMS = ddcc-applet ++programfilesdir = $(pkglibdir) ++programfiles_PROGRAMS = ddcc-applet + ddcc_applet_SOURCES = ddcc-applet.c ddcc-applet.h + + ddcc_applet_LDADD = $(GNOME_LDFLAGS) $(DDCC_LDADD) diff --git a/pkgs/tools/misc/ddccontrol/default.nix b/pkgs/tools/misc/ddccontrol/default.nix index 2d5d10054b5b..fb11a3b87567 100644 --- a/pkgs/tools/misc/ddccontrol/default.nix +++ b/pkgs/tools/misc/ddccontrol/default.nix @@ -1,39 +1,25 @@ -{ stdenv -, fetchurl -, intltool -, libtool -, autoconf -, automake110x -, perl -, perlPackages -, libxml2 -, pciutils -, pkgconfig -, gtk -, ddccontrol-db +{ stdenv, fetchurl, autoreconfHook, intltool, perl, perlPackages, libxml2 +, pciutils, pkgconfig, gtk, ddccontrol-db }: let version = "0.4.2"; in stdenv.mkDerivation { name = "ddccontrol-${version}"; + src = fetchurl { url = "mirror://sourceforge/ddccontrol/ddccontrol-${version}.tar.bz2"; sha1 = "fd5c53286315a61a18697a950e63ed0c8d5acff1"; }; - buildInputs = - [ - intltool - libtool - autoconf - automake110x - perl - perlPackages.libxml_perl - libxml2 - pciutils - pkgconfig - gtk - ddccontrol-db - ]; + + nativeBuildInputs = [ autoreconfHook intltool pkgconfig ]; + + buildInputs = [ + perl perlPackages.libxml_perl libxml2 pciutils gtk ddccontrol-db + ]; + + patches = [ ./automake.patch ]; + + hardeningDisable = [ "format" ]; prePatch = '' newPath=$(echo "${ddccontrol-db}/share/ddccontrol-db" | sed "s/\\//\\\\\\//g") @@ -43,9 +29,6 @@ stdenv.mkDerivation { sed "s/$oldPath/$newPath/" <configure.ac.old >configure.ac rm configure.ac.old ''; - preConfigure = '' - autoreconf --install - ''; meta = with stdenv.lib; { description = "A program used to control monitor parameters by software"; diff --git a/pkgs/tools/misc/detox/default.nix b/pkgs/tools/misc/detox/default.nix index bdc018aec34a..7d17dee8b53c 100644 --- a/pkgs/tools/misc/detox/default.nix +++ b/pkgs/tools/misc/detox/default.nix @@ -10,6 +10,8 @@ stdenv.mkDerivation { buildInputs = [flex]; + hardeningDisable = [ "format" ]; + meta = with stdenv.lib; { homepage = http://detox.sourceforge.net/; description = "Utility designed to clean up filenames"; diff --git a/pkgs/tools/misc/expect/default.nix b/pkgs/tools/misc/expect/default.nix index a50717d53992..80fb3c6a694c 100644 --- a/pkgs/tools/misc/expect/default.nix +++ b/pkgs/tools/misc/expect/default.nix @@ -12,6 +12,8 @@ stdenv.mkDerivation rec { buildInputs = [ tcl ]; nativeBuildInputs = [ makeWrapper ]; + hardeningDisable = [ "format" ]; + patchPhase = '' sed -i "s,/bin/stty,$(type -p stty),g" configure ''; diff --git a/pkgs/tools/misc/fondu/default.nix b/pkgs/tools/misc/fondu/default.nix index 516abfd2eb50..7610bb88f390 100644 --- a/pkgs/tools/misc/fondu/default.nix +++ b/pkgs/tools/misc/fondu/default.nix @@ -3,12 +3,16 @@ stdenv.mkDerivation rec { version = "060102"; name = "fondu-${version}"; + src = fetchurl { url = "http://fondu.sourceforge.net/fondu_src-${version}.tgz"; sha256 = "152prqad9jszjmm4wwqrq83zk13ypsz09n02nrk1gg0fcxfm7fr2"; }; + makeFlags = "DESTDIR=$(out)"; + hardeningDisable = [ "fortify" ]; + meta = { platforms = stdenv.lib.platforms.unix; }; diff --git a/pkgs/tools/misc/gbdfed/default.nix b/pkgs/tools/misc/gbdfed/default.nix index 104d3fad8d09..1ba4bceb7876 100644 --- a/pkgs/tools/misc/gbdfed/default.nix +++ b/pkgs/tools/misc/gbdfed/default.nix @@ -13,6 +13,8 @@ stdenv.mkDerivation rec { patches = [ ./Makefile.patch ]; + hardeningDisable = [ "format" ]; + meta = { description = "Bitmap Font Editor"; longDescription = '' diff --git a/pkgs/tools/misc/grub/2.0x.nix b/pkgs/tools/misc/grub/2.0x.nix index ae1df626fe5d..15b1740638e2 100644 --- a/pkgs/tools/misc/grub/2.0x.nix +++ b/pkgs/tools/misc/grub/2.0x.nix @@ -52,6 +52,8 @@ stdenv.mkDerivation rec { ++ optional doCheck qemu ++ optional zfsSupport zfs; + hardeningDisable = [ "all" ]; + preConfigure = '' for i in "tests/util/"*.in do diff --git a/pkgs/tools/misc/grub/default.nix b/pkgs/tools/misc/grub/default.nix index d6534fc5ee61..a690ef2084b2 100644 --- a/pkgs/tools/misc/grub/default.nix +++ b/pkgs/tools/misc/grub/default.nix @@ -36,6 +36,8 @@ stdenv.mkDerivation { # autoreconfHook required for the splashimage patch. buildInputs = [ autoreconfHook texinfo ]; + hardeningDisable = [ "stackprotector" ]; + prePatch = '' unpackFile $gentooPatches rm patch/400_all_grub-0.97-reiser4-20050808-gentoo.patch diff --git a/pkgs/tools/misc/grub/trusted.nix b/pkgs/tools/misc/grub/trusted.nix index 6ae672db7a55..377d6faefa01 100644 --- a/pkgs/tools/misc/grub/trusted.nix +++ b/pkgs/tools/misc/grub/trusted.nix @@ -47,6 +47,8 @@ stdenv.mkDerivation rec { buildInputs = [ ncurses libusb freetype gettext devicemapper ] ++ optional doCheck qemu; + hardeningDisable = [ "stackprotector" "pic" ]; + preConfigure = '' for i in "tests/util/"*.in do diff --git a/pkgs/tools/misc/grub4dos/default.nix b/pkgs/tools/misc/grub4dos/default.nix index ec784d8e1a4c..7e9b82a6a3f9 100644 --- a/pkgs/tools/misc/grub4dos/default.nix +++ b/pkgs/tools/misc/grub4dos/default.nix @@ -17,6 +17,8 @@ in stdenv.mkDerivation rec { nativeBuildInputs = [ nasm ]; + hardeningDisable = [ "stackprotector" ]; + configureFlags = [ "--host=${arch}-pc-linux-gnu" ]; postInstall = '' diff --git a/pkgs/tools/misc/ipxe/default.nix b/pkgs/tools/misc/ipxe/default.nix index a79b9018c545..6ee14a0ce937 100644 --- a/pkgs/tools/misc/ipxe/default.nix +++ b/pkgs/tools/misc/ipxe/default.nix @@ -18,6 +18,9 @@ stdenv.mkDerivation { preConfigure = "cd src"; + # not possible due to assembler code + hardeningDisable = [ "pic" "stackprotector" ]; + NIX_CFLAGS_COMPILE = "-Wno-error"; makeFlags = diff --git a/pkgs/tools/misc/lrzsz/default.nix b/pkgs/tools/misc/lrzsz/default.nix index 729faa7a95d9..11351790becc 100644 --- a/pkgs/tools/misc/lrzsz/default.nix +++ b/pkgs/tools/misc/lrzsz/default.nix @@ -8,6 +8,8 @@ stdenv.mkDerivation rec { sha256 = "1wcgfa9fsigf1gri74gq0pa7pyajk12m4z69x7ci9c6x9fqkd2y2"; }; + hardeningDisable = [ "format" ]; + configureFlags = [ "--program-transform-name=s/^l//" ]; meta = with stdenv.lib; { diff --git a/pkgs/tools/misc/memtest86+/default.nix b/pkgs/tools/misc/memtest86+/default.nix index f9c8ac4b8387..77149a179900 100644 --- a/pkgs/tools/misc/memtest86+/default.nix +++ b/pkgs/tools/misc/memtest86+/default.nix @@ -22,6 +22,8 @@ stdenv.mkDerivation rec { NIX_CFLAGS_COMPILE = "-I. -std=gnu90"; + hardeningDisable = [ "stackprotector" "pic" ]; + buildFlags = "memtest.bin"; installPhase = '' diff --git a/pkgs/tools/misc/mmv/default.nix b/pkgs/tools/misc/mmv/default.nix index ed2f54d693d0..417583ecc9eb 100644 --- a/pkgs/tools/misc/mmv/default.nix +++ b/pkgs/tools/misc/mmv/default.nix @@ -9,6 +9,8 @@ stdenv.mkDerivation rec { sha256 = "0399c027ea1e51fd607266c1e33573866d4db89f64a74be8b4a1d2d1ff1fdeef"; }; + hardeningDisable = [ "format" ]; + patches = [ # Use Debian patched version, as upstream is no longer maintained and it # contains a _lot_ of fixes. diff --git a/pkgs/tools/misc/mstflint/default.nix b/pkgs/tools/misc/mstflint/default.nix index 32953483daae..1d1ff991f3b8 100644 --- a/pkgs/tools/misc/mstflint/default.nix +++ b/pkgs/tools/misc/mstflint/default.nix @@ -1,11 +1,11 @@ { stdenv, fetchurl, zlib, libibmad }: -stdenv.mkDerivation { - name = "mstflint-3.7.0-1.18"; +stdenv.mkDerivation rec { + name = "mstflint-4.4.0-1.12.gd1edd58"; src = fetchurl { - url = "https://www.openfabrics.org/downloads/mstflint/mstflint-3.7.0-1.18.gcdb9f80.tar.gz"; - sha256 = "10x4l3i58ynnni18i8qq1gfbqd2028r4jd3frshiwrl9yrj7sxn2"; + url = "https://www.openfabrics.org/downloads/mstflint/${name}.tar.gz"; + sha256 = "0kg33i5s5zdc7kigww62r0b824zfw06r757fl6jwrq7lj91j0380"; }; buildInputs = [ zlib libibmad ]; diff --git a/pkgs/tools/misc/pal/default.nix b/pkgs/tools/misc/pal/default.nix index ff7279d0d57c..f92069e7b9f5 100644 --- a/pkgs/tools/misc/pal/default.nix +++ b/pkgs/tools/misc/pal/default.nix @@ -12,12 +12,12 @@ stdenv.mkDerivation rec { sed -i -e 's,/etc/pal\.conf,'$out/etc/pal.conf, src/input.c ''; - preBuild = '' - export makeFlags="prefix=$out" - ''; + makeFlags = "prefix=$(out)"; buildInputs = [ glib gettext readline pkgconfig ]; + hardeningDisable = [ "format" ]; + meta = { homepage = http://palcal.sourceforge.net/; description = "Command-line calendar program that can keep track of events"; diff --git a/pkgs/tools/misc/recutils/default.nix b/pkgs/tools/misc/recutils/default.nix index 4d6829e99a4c..6dd40e8476f3 100644 --- a/pkgs/tools/misc/recutils/default.nix +++ b/pkgs/tools/misc/recutils/default.nix @@ -12,6 +12,8 @@ stdenv.mkDerivation rec { doCheck = true; + hardeningDisable = [ "format" ]; + buildInputs = [ curl emacs ] ++ (stdenv.lib.optionals doCheck [ check bc ]); meta = { diff --git a/pkgs/tools/misc/rpm-ostree/default.nix b/pkgs/tools/misc/rpm-ostree/default.nix index 997d8279e04e..f96e70650b7c 100644 --- a/pkgs/tools/misc/rpm-ostree/default.nix +++ b/pkgs/tools/misc/rpm-ostree/default.nix @@ -20,8 +20,6 @@ in stdenv.mkDerivation rec { sha256 = "19jvnmy9zinx0j5nvy3h5abfv9d988kvyza09gljx16gll8qkbbf"; }; - NIX_CFLAGS_LINK = "-L${elfutils}/lib"; - buildInputs = [ which autoconf automake pkgconfig libtool libcap ostree rpm glib libgsystem json_glib libarchive libhif librepo gtk_doc libxslt docbook_xsl docbook_xml_dtd_42 diff --git a/pkgs/tools/misc/sam-ba/default.nix b/pkgs/tools/misc/sam-ba/default.nix index 1b7315ebedf6..cca18007c580 100644 --- a/pkgs/tools/misc/sam-ba/default.nix +++ b/pkgs/tools/misc/sam-ba/default.nix @@ -45,7 +45,7 @@ stdenv.mkDerivation rec { homepage = "http://www.at91.com/linux4sam/bin/view/Linux4SAM/SoftwareTools"; # License in <source>/doc/readme.txt license = "BSD-like (partly binary-only)"; # according to Buildroot - platforms = [ "i686-linux" "x86_64-linux" ]; + platforms = [ "x86_64-linux" ]; # patchelf fails on i686-linux maintainers = [ maintainers.bjornfor ]; }; } diff --git a/pkgs/tools/misc/sutils/default.nix b/pkgs/tools/misc/sutils/default.nix index d0576cc069a7..8d4f00ee8478 100644 --- a/pkgs/tools/misc/sutils/default.nix +++ b/pkgs/tools/misc/sutils/default.nix @@ -8,6 +8,8 @@ stdenv.mkDerivation rec { sha256 = "0xqk42vl82chy458d64fj68a4md4bxaip8n3xw9skxz0a1sgvks8"; }; + hardeningDisable = [ "format" ]; + prePatch = ''sed -i "s@/usr/local@$out@" Makefile''; meta = { diff --git a/pkgs/tools/misc/svtplay-dl/default.nix b/pkgs/tools/misc/svtplay-dl/default.nix index 1169752b9cac..d3d1197943eb 100644 --- a/pkgs/tools/misc/svtplay-dl/default.nix +++ b/pkgs/tools/misc/svtplay-dl/default.nix @@ -22,7 +22,7 @@ in stdenv.mkDerivation rec { substituteInPlace lib/svtplay_dl/fetcher/rtmp.py \ --replace '"rtmpdump"' '"${rtmpdump}/bin/rtmpdump"' - substituteInPlace run-tests.sh \ + substituteInPlace scripts/run-tests.sh \ --replace 'PYTHONPATH=lib' 'PYTHONPATH=lib:$PYTHONPATH' ''; @@ -34,7 +34,7 @@ in stdenv.mkDerivation rec { ''; doCheck = true; - checkPhase = "sh run-tests.sh -2"; + checkPhase = "sh scripts/run-tests.sh -2"; meta = with stdenv.lib; { homepage = https://github.com/spaam/svtplay-dl; diff --git a/pkgs/tools/misc/ttyrec/default.nix b/pkgs/tools/misc/ttyrec/default.nix index 63b91adb4936..a836a2a0d0e9 100644 --- a/pkgs/tools/misc/ttyrec/default.nix +++ b/pkgs/tools/misc/ttyrec/default.nix @@ -11,7 +11,7 @@ stdenv.mkDerivation rec { patches = [ ./clang-fixes.patch ]; - makeFlags = [] + makeFlags = [ "CFLAGS=-DSVR4" ] ++ stdenv.lib.optional stdenv.cc.isClang "CC=clang"; installPhase = '' diff --git a/pkgs/tools/misc/uucp/default.nix b/pkgs/tools/misc/uucp/default.nix index bf73dbcbf2fc..4ef050b409e5 100644 --- a/pkgs/tools/misc/uucp/default.nix +++ b/pkgs/tools/misc/uucp/default.nix @@ -8,7 +8,7 @@ stdenv.mkDerivation rec { sha256 = "0b5nhl9vvif1w3wdipjsk8ckw49jj1w85xw1mmqi3zbcpazia306"; }; - doCheck = true; + hardeningDisable = [ "format" ]; meta = { description = "Unix-unix cp over serial line, also includes cu program"; diff --git a/pkgs/tools/misc/vmtouch/default.nix b/pkgs/tools/misc/vmtouch/default.nix index 34328b339fc7..ec2f9c63547c 100644 --- a/pkgs/tools/misc/vmtouch/default.nix +++ b/pkgs/tools/misc/vmtouch/default.nix @@ -2,14 +2,14 @@ stdenv.mkDerivation rec { pname = "vmtouch"; - version = "1.0.2"; + version = "1.1.0"; name = "${pname}-git-${version}"; src = fetchFromGitHub { owner = "hoytech"; repo = "vmtouch"; - rev = "vmtouch-${version}"; - sha256 = "0m4s1am1r3qp8si3rnc8j2qc7sbf1k3gxvxr6fnpbf8fcfhh6cay"; + rev = "v${version}"; + sha256 = "1cr8bw3favdvc3kc05n1r7f5fibqqv54bn3z2jwj70br8s5g0qx0"; }; buildInputs = [perl]; diff --git a/pkgs/tools/misc/vorbisgain/default.nix b/pkgs/tools/misc/vorbisgain/default.nix index ea61e0633282..567783f63138 100644 --- a/pkgs/tools/misc/vorbisgain/default.nix +++ b/pkgs/tools/misc/vorbisgain/default.nix @@ -8,11 +8,14 @@ stdenv.mkDerivation rec { sha256 = "1v1h6mhnckmvvn7345hzi9abn5z282g4lyyl4nnbqwnrr98v0vfx"; }; + hardeningDisable = [ "format" ]; + buildInputs = [ unzip libogg libvorbis ]; + patchPhase = '' chmod -v +x configure configureFlags="--mandir=$out/share/man" - ''; + ''; meta = with stdenv.lib; { homepage = http://sjeng.org/vorbisgain.html; diff --git a/pkgs/tools/misc/wv/default.nix b/pkgs/tools/misc/wv/default.nix index 411a549a6861..a18c03b126ac 100644 --- a/pkgs/tools/misc/wv/default.nix +++ b/pkgs/tools/misc/wv/default.nix @@ -13,6 +13,8 @@ stdenv.mkDerivation rec { buildInputs = [ zlib imagemagick libpng glib pkgconfig libgsf libxml2 bzip2 ]; + hardeningDisable = [ "format" ]; + meta = { description = "Converter from Microsoft Word formats to human-editable ones"; platforms = stdenv.lib.platforms.unix; diff --git a/pkgs/tools/misc/xfstests/default.nix b/pkgs/tools/misc/xfstests/default.nix index 80025164cb68..5574e3274cd6 100644 --- a/pkgs/tools/misc/xfstests/default.nix +++ b/pkgs/tools/misc/xfstests/default.nix @@ -13,6 +13,8 @@ stdenv.mkDerivation { buildInputs = [ acl autoreconfHook attr gawk libaio libuuid libxfs openssl perl ]; + hardeningDisable = [ "format" ]; + patchPhase = '' # Patch the destination directory sed -i include/builddefs.in -e "s|^PKG_LIB_DIR\s*=.*|PKG_LIB_DIR=$out/lib/xfstests|" diff --git a/pkgs/tools/misc/youtube-dl/default.nix b/pkgs/tools/misc/youtube-dl/default.nix index 12ecf11517c7..a4f837bf8330 100644 --- a/pkgs/tools/misc/youtube-dl/default.nix +++ b/pkgs/tools/misc/youtube-dl/default.nix @@ -1,13 +1,15 @@ -{ stdenv, fetchurl, buildPythonApplication, makeWrapper, ffmpeg, zip -, pandoc ? null +{ stdenv, fetchurl, buildPythonApplication, makeWrapper, zip, ffmpeg, pandoc +, atomicparsley +# Pandoc is required to build the package's man page. Release tarballs contain a +# formatted man page already, though, it will still be installed. We keep the +# manpage argument in place in case someone wants to use this derivation to +# build a Git version of the tool that doesn't have the formatted man page +# included. +, generateManPage ? false +, ffmpegSupport ? true }: -# Pandoc is required to build the package's man page. Release tarballs -# contain a formatted man page already, though, so it's fine to pass -# "pandoc = null" to this derivation; the man page will still be -# installed. We keep the pandoc argument and build input in place in -# case someone wants to use this derivation to build a Git version of -# the tool that doesn't have the formatted man page included. +with stdenv.lib; buildPythonApplication rec { @@ -19,16 +21,20 @@ buildPythonApplication rec { sha256 = "017x2hqc2bacypjmn9ac9f91y9y6afydl0z7dich5l627494hvfg"; }; - buildInputs = [ makeWrapper zip pandoc ]; + buildInputs = [ makeWrapper zip ] ++ optional generateManPage pandoc; # Ensure ffmpeg is available in $PATH for post-processing & transcoding support. - postInstall = stdenv.lib.optionalString (ffmpeg != null) - ''wrapProgram $out/bin/youtube-dl --prefix PATH : "${ffmpeg.bin}/bin"''; + # atomicparsley for embedding thumbnails + postInstall = let + packagesthatwillbeusedbelow = [ atomicparsley ] ++ optional ffmpegSupport ffmpeg; + in '' + wrapProgram $out/bin/youtube-dl --prefix PATH : "${makeBinPath packagesthatwillbeusedbelow}" + ''; # Requires network doCheck = false; - meta = with stdenv.lib; { + meta = { homepage = http://rg3.github.io/youtube-dl/; repositories.git = https://github.com/rg3/youtube-dl.git; description = "Command-line tool to download videos from YouTube.com and other sites"; diff --git a/pkgs/tools/networking/chrony/default.nix b/pkgs/tools/networking/chrony/default.nix index 9d2afe752571..f5b5893d5437 100644 --- a/pkgs/tools/networking/chrony/default.nix +++ b/pkgs/tools/networking/chrony/default.nix @@ -15,6 +15,8 @@ stdenv.mkDerivation rec { buildInputs = [ readline texinfo nss nspr ] ++ stdenv.lib.optional stdenv.isLinux libcap; nativeBuildInputs = [ pkgconfig ]; + hardeningEnable = [ "pie" ]; + configureFlags = [ "--chronyvardir=$(out)/var/lib/chrony" ]; diff --git a/pkgs/tools/networking/dhcpdump/default.nix b/pkgs/tools/networking/dhcpdump/default.nix index 778cfc3b5ed6..91232b4ffa74 100644 --- a/pkgs/tools/networking/dhcpdump/default.nix +++ b/pkgs/tools/networking/dhcpdump/default.nix @@ -10,6 +10,8 @@ stdenv.mkDerivation rec { buildInputs = [libpcap perl]; + hardeningDisable = [ "fortify" ]; + installPhase = '' mkdir -pv $out/bin cp dhcpdump $out/bin diff --git a/pkgs/tools/networking/dnsmasq/default.nix b/pkgs/tools/networking/dnsmasq/default.nix index 6b47e0cae840..14bde9a5fa5b 100644 --- a/pkgs/tools/networking/dnsmasq/default.nix +++ b/pkgs/tools/networking/dnsmasq/default.nix @@ -29,6 +29,8 @@ stdenv.mkDerivation rec { "LOCALEDIR=$(out)/share/locale" ]; + hardeningEnable = [ "pie" ]; + postBuild = optionalString stdenv.isLinux '' make -C contrib/lease-tools ''; diff --git a/pkgs/tools/networking/easyrsa/2.x.nix b/pkgs/tools/networking/easyrsa/2.x.nix index 493243cf81c8..b33034515fb6 100644 --- a/pkgs/tools/networking/easyrsa/2.x.nix +++ b/pkgs/tools/networking/easyrsa/2.x.nix @@ -1,5 +1,5 @@ -{ stdenv, fetchurl, autoconf, automake111x, makeWrapper -, gnugrep, openssl}: +{ stdenv, fetchurl, autoreconfHook, makeWrapper +, gnugrep, openssl }: stdenv.mkDerivation rec { name = "easyrsa-2.2.0"; @@ -9,20 +9,12 @@ stdenv.mkDerivation rec { sha256 = "1xq4by5frb6ikn53ss3y8v7ss639dccxfq8jfrbk07ynkmk668qk"; }; - # Copy missing files and autoreconf - preConfigure = '' - cp ${automake111x}/share/automake/install-sh . - cp ${automake111x}/share/automake/missing . - - autoreconf - ''; - preBuild = '' mkdir -p $out/share/easy-rsa ''; - nativeBuildInputs = [ autoconf makeWrapper automake111x ]; - buildInputs = [ gnugrep openssl]; + nativeBuildInputs = [ autoreconfHook makeWrapper ]; + buildInputs = [ gnugrep openssl ]; # Make sane defaults and patch default config vars postInstall = '' diff --git a/pkgs/tools/networking/eggdrop/default.nix b/pkgs/tools/networking/eggdrop/default.nix index 623b42d6fc1b..a9f2419b1368 100644 --- a/pkgs/tools/networking/eggdrop/default.nix +++ b/pkgs/tools/networking/eggdrop/default.nix @@ -1,20 +1,19 @@ -{ stdenv, fetchurl, tcl }: +{ stdenv, fetchFromGitHub, tcl }: stdenv.mkDerivation rec { name = "eggdrop-${version}"; - version = "1.6.21"; + version = "1.6.21-nix1"; - src = fetchurl { - url = "ftp://ftp.eggheads.org/pub/eggdrop/GNU/1.6/eggdrop${version}.tar.gz"; - sha256 = "1galvbh9y4c3msrg1s9na0asm077mh1g2i2vsv1vczmfrbgq92vs"; + src = fetchFromGitHub { + owner = "eggheads"; + repo = "eggdrop"; + rev = "9ec109a13c016c4cdc7d52b7e16e4b9b6fbb9331"; + sha256 = "0mf1vcbmpnvmf5mxk7gi3z32fxpcbynsh9jni8z8frrscrdf5lp5"; }; buildInputs = [ tcl ]; - patches = [ - # https://github.com/eggheads/eggdrop/issues/123 - ./b34a33255f56bbd2317c26da12d702796d67ed50.patch - ]; + hardeningDisable = [ "format" ]; preConfigure = '' prefix=$out/eggdrop diff --git a/pkgs/tools/networking/flannel/default.nix b/pkgs/tools/networking/flannel/default.nix index 53b5e4839ba1..2eea08b92383 100644 --- a/pkgs/tools/networking/flannel/default.nix +++ b/pkgs/tools/networking/flannel/default.nix @@ -7,6 +7,8 @@ buildGoPackage rec { goPackagePath = "github.com/coreos/flannel"; + hardeningDisable = [ "fortify" ]; + src = fetchFromGitHub { inherit rev; owner = "coreos"; diff --git a/pkgs/tools/networking/iperf/2.nix b/pkgs/tools/networking/iperf/2.nix index 33d8ee2fd636..13f8cedc673d 100644 --- a/pkgs/tools/networking/iperf/2.nix +++ b/pkgs/tools/networking/iperf/2.nix @@ -8,6 +8,8 @@ stdenv.mkDerivation rec { sha256 = "0nr6c81x55ihs7ly2dwq19v9i1n6wiyad1gacw3aikii0kzlwsv3"; }; + hardeningDisable = [ "format" ]; + meta = with stdenv.lib; { homepage = "http://sourceforge.net/projects/iperf/"; description = "Tool to measure IP bandwidth using UDP or TCP"; diff --git a/pkgs/tools/networking/mailutils/default.nix b/pkgs/tools/networking/mailutils/default.nix index 4b1633947b09..0ae993db332e 100644 --- a/pkgs/tools/networking/mailutils/default.nix +++ b/pkgs/tools/networking/mailutils/default.nix @@ -10,6 +10,8 @@ stdenv.mkDerivation rec { sha256 = "0szbqa12zqzldqyw97lxqax3ja2adis83i7brdfsxmrfw68iaf65"; }; + hardeningDisable = [ "format" ]; + patches = [ ./path-to-cat.patch ./no-gets.patch ./scm_c_string.patch ]; configureFlags = [ diff --git a/pkgs/tools/networking/netboot/default.nix b/pkgs/tools/networking/netboot/default.nix index 0f75bd44d69b..7a1eac59eeae 100644 --- a/pkgs/tools/networking/netboot/default.nix +++ b/pkgs/tools/networking/netboot/default.nix @@ -9,10 +9,12 @@ stdenv.mkDerivation rec { buildInputs = [ yacc lzo db4 ]; + hardeningDisable = [ "format" ]; + meta = with stdenv.lib; { description = "Mini PXE server"; maintainers = [ maintainers.raskin ]; platforms = ["x86_64-linux"]; license = stdenv.lib.licenses.free; }; -} \ No newline at end of file +} diff --git a/pkgs/tools/networking/ntp/default.nix b/pkgs/tools/networking/ntp/default.nix index 433a3349702d..4c42771be170 100644 --- a/pkgs/tools/networking/ntp/default.nix +++ b/pkgs/tools/networking/ntp/default.nix @@ -19,6 +19,8 @@ stdenv.mkDerivation rec { nativeBuildInputs = [ autoreconfHook ]; buildInputs = [ libcap openssl ]; + hardeningEnable = [ "pie" ]; + postInstall = '' rm -rf $out/share/doc ''; diff --git a/pkgs/tools/networking/openfortivpn/default.nix b/pkgs/tools/networking/openfortivpn/default.nix index d0e8ea4b1d9b..e3e2053e2ce6 100644 --- a/pkgs/tools/networking/openfortivpn/default.nix +++ b/pkgs/tools/networking/openfortivpn/default.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchFromGitHub, automake, autoconf, openssl, ppp }: +{ stdenv, fetchFromGitHub, autoreconfHook, openssl, ppp }: with stdenv.lib; @@ -15,13 +15,11 @@ in stdenv.mkDerivation { sha256 = "08ycz053wa29ckgr93132hr3vrd84r3bks9q807qanri0n35y256"; }; - buildInputs = [ openssl automake autoconf ppp ]; + buildInputs = [ openssl ppp autoreconfHook ]; - preConfigure = '' - aclocal - autoconf - automake --add-missing + hardeningDisable = [ "format" ]; + preConfigure = '' substituteInPlace src/tunnel.c --replace "/usr/sbin/pppd" "${ppp}/bin/pppd" ''; diff --git a/pkgs/tools/networking/openssh/default.nix b/pkgs/tools/networking/openssh/default.nix index dab638301820..8f4c0aa54dfa 100644 --- a/pkgs/tools/networking/openssh/default.nix +++ b/pkgs/tools/networking/openssh/default.nix @@ -71,6 +71,8 @@ stdenv.mkDerivation rec { enableParallelBuilding = true; + hardeningEnable = [ "pie" ]; + postInstall = '' # Install ssh-copy-id, it's very useful. cp contrib/ssh-copy-id $out/bin/ diff --git a/pkgs/tools/networking/quicktun/default.nix b/pkgs/tools/networking/quicktun/default.nix index f07cfe4d0724..ed559f5d5c9f 100644 --- a/pkgs/tools/networking/quicktun/default.nix +++ b/pkgs/tools/networking/quicktun/default.nix @@ -11,8 +11,6 @@ stdenv.mkDerivation rec { sha256 = "0m7gvlgs1mhyw3c8s2dg05j7r7hz8kjpb0sk245m61ir9dmwlf8i"; }; - CFLAGS = "-fPIE -fPIC -pie -fstack-protector-all -D_FORTIFY_SOURCE=2 -O2 -Wl,-z,relro,-z,now"; - buildInputs = [ libsodium ]; phases = [ "unpackPhase" "buildPhase" "installPhase" ]; diff --git a/pkgs/tools/networking/radvd/default.nix b/pkgs/tools/networking/radvd/default.nix index 42d4a8177563..1c8ef67a7830 100644 --- a/pkgs/tools/networking/radvd/default.nix +++ b/pkgs/tools/networking/radvd/default.nix @@ -10,6 +10,8 @@ stdenv.mkDerivation rec { buildInputs = [ pkgconfig libdaemon bison flex check ]; + hardeningEnable = [ "pie" ]; + meta = with stdenv.lib; { homepage = http://www.litech.org/radvd/; description = "IPv6 Router Advertisement Daemon"; diff --git a/pkgs/tools/networking/socat/default.nix b/pkgs/tools/networking/socat/default.nix index f9eff5b12d55..19cdb884bd1a 100644 --- a/pkgs/tools/networking/socat/default.nix +++ b/pkgs/tools/networking/socat/default.nix @@ -12,6 +12,8 @@ stdenv.mkDerivation rec { patches = [ ./enable-ecdhe.patch ./libressl-fixes.patch ]; + hardeningEnable = [ "pie" ]; + meta = { description = "A utility for bidirectional data transfer between two independent data channels"; homepage = http://www.dest-unreach.org/socat/; diff --git a/pkgs/tools/networking/stunnel/default.nix b/pkgs/tools/networking/stunnel/default.nix index 2f12aaa7ee23..114247682c7a 100644 --- a/pkgs/tools/networking/stunnel/default.nix +++ b/pkgs/tools/networking/stunnel/default.nix @@ -2,11 +2,11 @@ stdenv.mkDerivation rec { name = "stunnel-${version}"; - version = "5.29"; + version = "5.31"; src = fetchurl { url = "http://www.stunnel.org/downloads/${name}.tar.gz"; - sha256 = "0lgmdpsm36a6j5s0jabv3cfg3rzqz9c9sfdqgkx399iy80jrd423"; + sha256 = "1dz0p85ha78vxc2hjhrkr4xf8w3q8r177bqdrgm26v6wncdbfim7"; }; buildInputs = [ openssl ]; diff --git a/pkgs/tools/networking/telnet/default.nix b/pkgs/tools/networking/telnet/default.nix index 9827b62c6c4a..3a5117653c83 100644 --- a/pkgs/tools/networking/telnet/default.nix +++ b/pkgs/tools/networking/telnet/default.nix @@ -9,6 +9,8 @@ stdenv.mkDerivation { sha256 = "0cs7ks22dhcn5qfjv2vl6ikhw93x68gg33zdn5f5cxgg81kx5afn"; }; + hardeningDisable = [ "format" ]; + buildInputs = [ncurses]; meta = { diff --git a/pkgs/tools/networking/trickle/default.nix b/pkgs/tools/networking/trickle/default.nix index d10e645dc874..1c8829a07b27 100644 --- a/pkgs/tools/networking/trickle/default.nix +++ b/pkgs/tools/networking/trickle/default.nix @@ -8,7 +8,7 @@ stdenv.mkDerivation rec { sha256 = "0s1qq3k5mpcs9i7ng0l9fvr1f75abpbzfi1jaf3zpzbs1dz50dlx"; }; - buildInputs = [libevent]; + buildInputs = [ libevent ]; preConfigure = '' sed -i 's|libevent.a|libevent.so|' configure @@ -22,6 +22,8 @@ stdenv.mkDerivation rec { configureFlags = "--with-libevent"; + hardeningDisable = [ "format" ]; + meta = { description = "Lightweight userspace bandwidth shaper"; license = stdenv.lib.licenses.bsd3; diff --git a/pkgs/tools/networking/uwimap/default.nix b/pkgs/tools/networking/uwimap/default.nix index 9d4ae5d671ac..c2c707fbc77a 100644 --- a/pkgs/tools/networking/uwimap/default.nix +++ b/pkgs/tools/networking/uwimap/default.nix @@ -14,6 +14,8 @@ stdenv.mkDerivation { # -fPIC is required to compile php with imap on x86_64 systems + stdenv.lib.optionalString stdenv.isx86_64 " EXTRACFLAGS=-fPIC"; + hardeningDisable = [ "format" ]; + buildInputs = [ openssl ] ++ stdenv.lib.optional (!stdenv.isDarwin) pam; diff --git a/pkgs/tools/networking/vde2/default.nix b/pkgs/tools/networking/vde2/default.nix index 88ee459f8168..3a3709a9df00 100644 --- a/pkgs/tools/networking/vde2/default.nix +++ b/pkgs/tools/networking/vde2/default.nix @@ -10,6 +10,8 @@ stdenv.mkDerivation rec { buildInputs = [ openssl libpcap python ]; + hardeningDisable = [ "format" ]; + meta = { homepage = http://vde.sourceforge.net/; description = "Virtual Distributed Ethernet, an Ethernet compliant virtual network"; diff --git a/pkgs/tools/networking/vlan/default.nix b/pkgs/tools/networking/vlan/default.nix index 9c9376550dfb..41ece0537ab4 100644 --- a/pkgs/tools/networking/vlan/default.nix +++ b/pkgs/tools/networking/vlan/default.nix @@ -8,6 +8,8 @@ stdenv.mkDerivation rec { sha256 = "1jjc5f26hj7bk8nkjxsa8znfxcf8pgry2ipnwmj2fr6ky0dhm3rv"; }; + hardeningDisable = [ "format" ]; + preBuild = '' # Ouch, the tarball contains pre-compiled binaries. @@ -18,12 +20,12 @@ stdenv.mkDerivation rec { '' mkdir -p $out/sbin cp vconfig $out/sbin/ - + mkdir -p $out/share/man/man8 cp vconfig.8 $out/share/man/man8/ ''; - meta = { + meta = { description = "User mode programs to enable VLANs on Ethernet devices"; platforms = stdenv.lib.platforms.linux; }; diff --git a/pkgs/tools/package-management/checkinstall/default.nix b/pkgs/tools/package-management/checkinstall/default.nix index 8ab9001573a2..fea6ccedd34f 100644 --- a/pkgs/tools/package-management/checkinstall/default.nix +++ b/pkgs/tools/package-management/checkinstall/default.nix @@ -44,6 +44,8 @@ stdenv.mkDerivation { buildInputs = [gettext]; + hardeningDisable = [ "fortify" ]; + preBuild = '' makeFlagsArray=(PREFIX=$out) diff --git a/pkgs/tools/package-management/clib/default.nix b/pkgs/tools/package-management/clib/default.nix index c1f76bca14b1..cd9499d9146d 100644 --- a/pkgs/tools/package-management/clib/default.nix +++ b/pkgs/tools/package-management/clib/default.nix @@ -11,6 +11,8 @@ stdenv.mkDerivation rec { sha256 = "08n2i3dyh5vnrb74a6wlqqn67c9nwkq0v0v651zzha495mqbciq7"; }; + hardeningDisable = [ "fortify" ]; + makeFlags = "PREFIX=$(out)"; buildInputs = [ curl ]; diff --git a/pkgs/tools/package-management/nix/default.nix b/pkgs/tools/package-management/nix/default.nix index bf3f8aed712b..320f13089a6e 100644 --- a/pkgs/tools/package-management/nix/default.nix +++ b/pkgs/tools/package-management/nix/default.nix @@ -89,10 +89,10 @@ in rec { nix = nixStable; nixStable = common rec { - name = "nix-1.11.2"; + name = "nix-1.11.3"; src = fetchurl { url = "http://nixos.org/releases/nix/${name}/${name}.tar.xz"; - sha256 = "fc1233814ebb385a2a991c1fb88c97b344267281e173fea7d9acd3f9caf969d6"; + sha256 = "054fya7q60nv4mcpnd5pxj4hxafrikdimjknpj46w4jd2fg61237"; }; }; diff --git a/pkgs/tools/package-management/rpm/default.nix b/pkgs/tools/package-management/rpm/default.nix index c0a4f7f693d5..f4a7273d8cc7 100644 --- a/pkgs/tools/package-management/rpm/default.nix +++ b/pkgs/tools/package-management/rpm/default.nix @@ -11,13 +11,9 @@ stdenv.mkDerivation rec { buildInputs = [ cpio zlib bzip2 file libarchive nspr nss db xz python lua pkgconfig autoreconfHook ]; # rpm/rpmlib.h includes popt.h, and then the pkg-config file mentions these as linkage requirements - propagatedBuildInputs = [ popt nss db bzip2 libarchive ]; + propagatedBuildInputs = [ popt elfutils nss db bzip2 libarchive ]; - # Note: we don't add elfutils to buildInputs, since it provides a - # bad `ld' and other stuff. - NIX_CFLAGS_COMPILE = "-I${nspr.dev}/include/nspr -I${nss.dev}/include/nss -I${elfutils}/include"; - - NIX_CFLAGS_LINK = "-L${elfutils}/lib"; + NIX_CFLAGS_COMPILE = "-I${nspr.dev}/include/nspr -I${nss.dev}/include/nss"; postPatch = '' # For Python3, the original expression evaluates as 'python3.4' but we want 'python3.4m' here diff --git a/pkgs/tools/security/ccrypt/default.nix b/pkgs/tools/security/ccrypt/default.nix index e6a63a2f2882..0afa91086890 100644 --- a/pkgs/tools/security/ccrypt/default.nix +++ b/pkgs/tools/security/ccrypt/default.nix @@ -10,6 +10,8 @@ stdenv.mkDerivation { nativeBuildInputs = [ perl ]; + hardeningDisable = [ "format" ]; + meta = { homepage = http://ccrypt.sourceforge.net/; description = "Utility for encrypting and decrypting files and streams with AES-256"; diff --git a/pkgs/tools/security/fprint_demo/default.nix b/pkgs/tools/security/fprint_demo/default.nix index c2dbb31bec45..26e0d0e45e13 100644 --- a/pkgs/tools/security/fprint_demo/default.nix +++ b/pkgs/tools/security/fprint_demo/default.nix @@ -12,6 +12,8 @@ stdenv.mkDerivation rec { buildInputs = [ libfprint gtk2 ]; nativeBuildInputs = [ pkgconfig autoreconfHook ]; + hardeningDisable = [ "format" ]; + meta = with stdenv.lib; { homepage = "http://www.freedesktop.org/wiki/Software/fprint/fprint_demo/"; description = "A simple GTK+ application to demonstrate and test libfprint's capabilities"; diff --git a/pkgs/tools/security/gnupg/21.nix b/pkgs/tools/security/gnupg/21.nix index 418f622fafdb..34042d802ccb 100644 --- a/pkgs/tools/security/gnupg/21.nix +++ b/pkgs/tools/security/gnupg/21.nix @@ -15,11 +15,11 @@ assert x11Support -> pinentry != null; stdenv.mkDerivation rec { name = "gnupg-${version}"; - version = "2.1.14"; + version = "2.1.15"; src = fetchurl { url = "mirror://gnupg/gnupg/${name}.tar.bz2"; - sha256 = "0hmsiscpdpdqd8kcjpzkz2gzcc3cnrvswk9p1jzi4sivd7lxwl4l"; + sha256 = "1pgz02gd84ab94w4xdg67p9z8kvkyr9d523bvcxxd2hviwh1m362"; }; buildInputs = [ @@ -27,10 +27,6 @@ stdenv.mkDerivation rec { readline libusb gnutls adns openldap zlib bzip2 ]; - # gpgsm-linking is fixed by commit (c49c43d7) in the gnupg master branch; - # fix-gpgsm-linking.patch should be dropped after gnupg 2.1.15 is released - patches = [ ./fix-gpgsm-linking.patch ]; - postPatch = stdenv.lib.optionalString stdenv.isLinux '' sed -i 's,"libpcsclite\.so[^"]*","${pcsclite}/lib/libpcsclite.so",g' scd/scdaemon.c ''; #" fix Emacs syntax highlighting :-( diff --git a/pkgs/tools/security/gnupg/fix-gpgsm-linking.patch b/pkgs/tools/security/gnupg/fix-gpgsm-linking.patch deleted file mode 100644 index 290d43f5b0d4..000000000000 --- a/pkgs/tools/security/gnupg/fix-gpgsm-linking.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- a/tests/gpgscm/Makefile.in -+++ b/tests/gpgscm/Makefile.in -@@ -457,7 +457,7 @@ - scheme-config.h opdefines.h scheme.c scheme.h scheme-private.h - - gpgscm_LDADD = $(LDADD) $(common_libs) \ -- $(NETLIBS) $(LIBICONV) $(LIBREADLINE) \ -+ $(NETLIBS) $(LIBICONV) $(LIBREADLINE) $(LIBINTL) \ - $(LIBGCRYPT_LIBS) $(GPG_ERROR_LIBS) - - t_child_SOURCES = t-child.c diff --git a/pkgs/tools/security/john/default.nix b/pkgs/tools/security/john/default.nix index d428d67fdc9f..c44f144bea68 100644 --- a/pkgs/tools/security/john/default.nix +++ b/pkgs/tools/security/john/default.nix @@ -13,6 +13,8 @@ stdenv.mkDerivation rec { sha256 = "08q92sfdvkz47rx6qjn7qv57cmlpy7i7rgddapq5384mb413vjds"; }; + patches = [ ./gcc5.patch ]; + postPatch = '' sed -ri -e ' s!^(#define\s+CFG_[A-Z]+_NAME\s+).*/!\1"'"$out"'/etc/john/! diff --git a/pkgs/tools/security/john/gcc5.patch b/pkgs/tools/security/john/gcc5.patch new file mode 100644 index 000000000000..73da83483f90 --- /dev/null +++ b/pkgs/tools/security/john/gcc5.patch @@ -0,0 +1,14 @@ +diff --git a/src/common.h b/src/common.h +--- a/src/common.h ++++ b/src/common.h +@@ -31,7 +31,9 @@ typedef unsigned long long ARCH_WORD_64; + #define is_aligned(PTR, CNT) ((((ARCH_WORD)(const void *)(PTR))&(CNT-1))==0) + + #ifdef __GNUC__ +-#if __GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 7) || defined(__INTEL_COMPILER) ++#if __GNUC__ >= 5 ++#define MAYBE_INLINE __attribute__((gnu_inline)) inline ++#elif __GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 7) || defined(__INTEL_COMPILER) + #define MAYBE_INLINE __attribute__((always_inline)) inline + #elif __GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ >= 1) + #define MAYBE_INLINE __attribute__((always_inline)) diff --git a/pkgs/tools/security/scrypt/default.nix b/pkgs/tools/security/scrypt/default.nix index 893b7b319000..1835dbdb620b 100644 --- a/pkgs/tools/security/scrypt/default.nix +++ b/pkgs/tools/security/scrypt/default.nix @@ -12,8 +12,6 @@ stdenv.mkDerivation rec { buildInputs = [ openssl ]; patchPhase = '' - substituteInPlace Makefile \ - --replace "command -p mv" "mv" substituteInPlace Makefile.in \ --replace "command -p mv" "mv" substituteInPlace autocrap/Makefile.am \ diff --git a/pkgs/tools/security/tboot/default.nix b/pkgs/tools/security/tboot/default.nix index 854f67f2aeec..506b1d398d54 100644 --- a/pkgs/tools/security/tboot/default.nix +++ b/pkgs/tools/security/tboot/default.nix @@ -12,12 +12,15 @@ stdenv.mkDerivation rec { patches = [ ./tboot-add-well-known-secret-option-to-lcp_writepol.patch ]; + hardeningDisable = [ "pic" "stackprotector" ]; + configurePhase = '' for a in lcptools utils tb_polgen; do substituteInPlace $a/Makefile --replace /usr/sbin /sbin done substituteInPlace docs/Makefile --replace /usr/share /share ''; + installFlags = "DESTDIR=$(out)"; meta = with stdenv.lib; { diff --git a/pkgs/tools/system/cron/default.nix b/pkgs/tools/system/cron/default.nix index 2ddea737c8bb..3d03f19cb6f8 100644 --- a/pkgs/tools/system/cron/default.nix +++ b/pkgs/tools/system/cron/default.nix @@ -9,6 +9,8 @@ stdenv.mkDerivation { unpackCmd = "(mkdir cron && cd cron && sh $curSrc)"; + hardeningEnable = [ "pie" ]; + preBuild = '' substituteInPlace Makefile --replace ' -o root' ' ' --replace 111 755 makeFlags="DESTROOT=$out" diff --git a/pkgs/tools/system/evemu/default.nix b/pkgs/tools/system/evemu/default.nix index 2a2340a21525..873abd4812cb 100644 --- a/pkgs/tools/system/evemu/default.nix +++ b/pkgs/tools/system/evemu/default.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchgit, automake, autoconf, libtool, pkgconfig, pythonPackages +{ stdenv, fetchgit, autoreconfHook, pkgconfig, pythonPackages , libevdev, linuxHeaders }: @@ -14,18 +14,9 @@ stdenv.mkDerivation rec { sha256 = "07iha13xrpf4z59rzl9cm2h1zkc5xhyipbd3ajd3c1d4hhpn9w9s"; }; - buildInputs = [ - automake autoconf libtool pkgconfig pythonPackages.python - pythonPackages.evdev libevdev - ]; + nativeBuildInputs = [ pkgconfig autoreconfHook ]; - preConfigure = '' - ./autogen.sh --prefix=$out - ''; - - postPatch = '' - substituteInPlace src/make-event-names.py --replace "/usr/include/linux/input.h" "${linuxHeaders}/include/linux/input.h" - ''; + buildInputs = [ pythonPackages.python pythonPackages.evdev libevdev ]; meta = with stdenv.lib; { description = "Records and replays device descriptions and events to emulate input devices through the kernel's input system"; diff --git a/pkgs/tools/system/facter/default.nix b/pkgs/tools/system/facter/default.nix index de9b79d79c35..83936ca65a5e 100644 --- a/pkgs/tools/system/facter/default.nix +++ b/pkgs/tools/system/facter/default.nix @@ -1,11 +1,11 @@ -{ stdenv, fetchurl, boost, cmake, curl, leatherman, libyamlcpp, openssl, ruby, utillinux }: +{ stdenv, fetchurl, boost, cmake, cpp-hocon, curl, leatherman, libyamlcpp, openssl, ruby, utillinux }: stdenv.mkDerivation rec { name = "facter-${version}"; - version = "3.1.8"; + version = "3.4.1"; src = fetchurl { url = "https://downloads.puppetlabs.com/facter/${name}.tar.gz"; - sha256 = "1fhfjf5bm5kyjiady14fxhpp7hdrkgx56vsvdbqj82km0xqcxpj9"; + sha256 = "1vvvqni68l3hmnxi8jp0n2rwzxyh1vmgv6xa2954h94dfax6dmcj"; }; cmakeFlags = [ "-DFACTER_RUBY=${ruby}/lib/libruby.so" ]; @@ -13,9 +13,7 @@ stdenv.mkDerivation rec { # since we cant expand $out in cmakeFlags preConfigure = "cmakeFlags+=\" -DRUBY_LIB_INSTALL=$out/lib/ruby\""; - libyamlcpp_ = libyamlcpp.override { makePIC = true; }; - - buildInputs = [ boost cmake curl leatherman libyamlcpp_ openssl ruby utillinux ]; + buildInputs = [ boost cmake cpp-hocon curl leatherman libyamlcpp openssl ruby utillinux ]; meta = with stdenv.lib; { homepage = https://github.com/puppetlabs/facter; diff --git a/pkgs/tools/system/foremost/default.nix b/pkgs/tools/system/foremost/default.nix index cfac89237795..0114c1d41ff6 100644 --- a/pkgs/tools/system/foremost/default.nix +++ b/pkgs/tools/system/foremost/default.nix @@ -15,6 +15,8 @@ stdenv.mkDerivation rec { enableParallelBuilding = true; + hardeningDisable = [ "format" ]; + preInstall = '' mkdir -p $out/{bin,share/man/man8} ''; diff --git a/pkgs/tools/system/gdmap/default.nix b/pkgs/tools/system/gdmap/default.nix index 3d3809610e4d..7800bfa08313 100644 --- a/pkgs/tools/system/gdmap/default.nix +++ b/pkgs/tools/system/gdmap/default.nix @@ -2,7 +2,7 @@ stdenv.mkDerivation rec { name = "gdmap-0.8.1"; - + src = fetchurl { url = "mirror://sourceforge/gdmap/${name}.tar.gz"; sha256 = "0nr8l88cg19zj585hczj8v73yh21k7j13xivhlzl8jdk0j0cj052"; @@ -12,6 +12,8 @@ stdenv.mkDerivation rec { patches = [ ./get_sensitive.patch ./set_flags.patch ]; + hardeningDisable = [ "format" ]; + meta = with stdenv.lib; { homepage = http://gdmap.sourceforge.net; description = "Recursive rectangle map of disk usage"; diff --git a/pkgs/tools/system/rowhammer-test/default.nix b/pkgs/tools/system/rowhammer-test/default.nix index 728b15bb2988..226ec4351ea4 100644 --- a/pkgs/tools/system/rowhammer-test/default.nix +++ b/pkgs/tools/system/rowhammer-test/default.nix @@ -10,6 +10,8 @@ stdenv.mkDerivation { sha256 = "1fbfcnm5gjish47wdvikcsgzlb5vnlfqlzzm6mwiw2j5qkq0914i"; }; + NIX_CFLAGS_COMPILE = stdenv.lib.optional stdenv.isi686 "-Wno-error=format"; + buildPhase = "sh -e make.sh"; installPhase = '' diff --git a/pkgs/tools/system/rsyslog/default.nix b/pkgs/tools/system/rsyslog/default.nix index 2f38c9b374af..f3e6b15ed2c5 100644 --- a/pkgs/tools/system/rsyslog/default.nix +++ b/pkgs/tools/system/rsyslog/default.nix @@ -28,6 +28,8 @@ stdenv.mkDerivation rec { rabbitmq-c hiredis ] ++ stdenv.lib.optional stdenv.isLinux systemd; + hardeningDisable = [ "format" ]; + configureFlags = [ "--sysconfdir=/etc" "--localstatedir=/var" diff --git a/pkgs/tools/system/runit/default.nix b/pkgs/tools/system/runit/default.nix index 87cf720b981e..54899cb14df5 100644 --- a/pkgs/tools/system/runit/default.nix +++ b/pkgs/tools/system/runit/default.nix @@ -1,4 +1,6 @@ -{ stdenv, fetchurl }: +{ stdenv, fetchurl +, static ? false +}: stdenv.mkDerivation rec { name = "runit-${version}"; @@ -15,7 +17,9 @@ stdenv.mkDerivation rec { doCheck = true; - postPatch = '' + buildInputs = stdenv.lib.optionals static [ stdenv.cc.libc stdenv.cc.libc.static ]; + + postPatch = stdenv.lib.optionalString (!static) '' sed -i 's,-static,,g' src/Makefile ''; diff --git a/pkgs/tools/system/stress-ng/default.nix b/pkgs/tools/system/stress-ng/default.nix index c45cc8a596b1..cdc7122fcc4b 100644 --- a/pkgs/tools/system/stress-ng/default.nix +++ b/pkgs/tools/system/stress-ng/default.nix @@ -2,10 +2,10 @@ stdenv.mkDerivation rec { name = "stress-ng-${version}"; - version = "0.06.11"; + version = "0.06.14"; src = fetchurl { - sha256 = "0481aji9hdq8qbslrrc87r2p2pn8jxf913ac8wm5kxj02yqf7ccv"; + sha256 = "06kycxfwkdrm2vs9xk8cb6c1mki29ymrrqwwxxqx4icnwvq135hv"; url = "http://kernel.ubuntu.com/~cking/tarballs/stress-ng/${name}.tar.gz"; }; @@ -15,7 +15,11 @@ stdenv.mkDerivation rec { substituteInPlace Makefile --replace "/usr" "" ''; - enableParallelBuilding = true; + # Won't build on i686 because the binary will be linked again in the + # install phase without checking the dependencies. This will prevent + # triggering the rebuild. Why this only happens on i686 remains a + # mystery, though. :-( + enableParallelBuilding = (!stdenv.isi686); installFlags = [ "DESTDIR=$(out)" ]; diff --git a/pkgs/tools/system/which/default.nix b/pkgs/tools/system/which/default.nix index e9199a8f0632..fc0889012c2e 100644 --- a/pkgs/tools/system/which/default.nix +++ b/pkgs/tools/system/which/default.nix @@ -2,12 +2,15 @@ stdenv.mkDerivation rec { name = "which-2.21"; - + src = fetchurl { url = "mirror://gnu/which/${name}.tar.gz"; sha256 = "1bgafvy3ypbhhfznwjv1lxmd6mci3x1byilnnkc7gcr486wlb8pl"; }; + # FIXME needs gcc 4.9 in bootstrap tools + hardeningDisable = [ "stackprotector" ]; + meta = with stdenv.lib; { homepage = http://ftp.gnu.org/gnu/which/; platforms = platforms.all; diff --git a/pkgs/tools/text/a2ps/default.nix b/pkgs/tools/text/a2ps/default.nix index 7de6a8dd5745..c7476d9f3391 100644 --- a/pkgs/tools/text/a2ps/default.nix +++ b/pkgs/tools/text/a2ps/default.nix @@ -14,8 +14,10 @@ stdenv.mkDerivation rec { buildInputs = [ libpaper gperf file ]; + hardeningDisable = [ "format" ]; + meta = with stdenv.lib; { - description = "An Anyithing to PostScript converter and pretty-printer"; + description = "An Anything to PostScript converter and pretty-printer"; longDescription = '' GNU a2ps converts files into PostScript for printing or viewing. It uses a nice default format, usually two pages on each physical page, borders surrounding pages, headers with useful information diff --git a/pkgs/tools/text/convertlit/default.nix b/pkgs/tools/text/convertlit/default.nix index 331fc3fea359..ffc2dc1c4d5c 100644 --- a/pkgs/tools/text/convertlit/default.nix +++ b/pkgs/tools/text/convertlit/default.nix @@ -1,22 +1,24 @@ -{stdenv, fetchurl, unzip, libtommath}: +{stdenv, fetchzip, libtommath}: stdenv.mkDerivation { name = "convertlit-1.8"; - - src = fetchurl { + + src = fetchzip { url = http://www.convertlit.com/convertlit18src.zip; - sha256 = "1fjpwncyc2r3ipav7c9m7jxy6i7mphbyqj3gsm046425p7sqa2np"; + sha256 = "182nsin7qscgbw2h92m0zadh3h8q410h5cza6v486yjfvla3dxjx"; + stripRoot = false; }; - buildInputs = [unzip libtommath]; + buildInputs = [libtommath]; - sourceRoot = "."; + hardeningDisable = [ "format" ]; buildPhase = '' cd lib make cd ../clit18 - substituteInPlace Makefile --replace ../libtommath-0.30/libtommath.a -ltommath + substituteInPlace Makefile \ + --replace ../libtommath-0.30/libtommath.a -ltommath make ''; diff --git a/pkgs/tools/text/diffutils/default.nix b/pkgs/tools/text/diffutils/default.nix index 420e0a37ba7e..587c89554aa5 100644 --- a/pkgs/tools/text/diffutils/default.nix +++ b/pkgs/tools/text/diffutils/default.nix @@ -1,11 +1,11 @@ { stdenv, fetchurl, xz, coreutils ? null }: stdenv.mkDerivation rec { - name = "diffutils-3.3"; + name = "diffutils-3.5"; src = fetchurl { url = "mirror://gnu/diffutils/${name}.tar.xz"; - sha256 = "1761vymxbp4wb5rzjvabhdkskk95pghnn67464byvzb5mfl8jpm2"; + sha256 = "0csmqfz8ks23kdjsq0v2ll1acqiz8lva06dj19mwmymrsp69ilys"; }; outputs = [ "out" "info" ]; diff --git a/pkgs/tools/text/patchutils/default.nix b/pkgs/tools/text/patchutils/default.nix index 4df52eef669e..75922a6c830c 100644 --- a/pkgs/tools/text/patchutils/default.nix +++ b/pkgs/tools/text/patchutils/default.nix @@ -10,6 +10,8 @@ stdenv.mkDerivation rec { patches = [ ./drop-comments.patch ]; # we would get into a cycle when using fetchpatch on this one + hardeningDisable = [ "format" ]; + meta = with stdenv.lib; { description = "Tools to manipulate patch files"; homepage = http://cyberelk.net/tim/software/patchutils; diff --git a/pkgs/tools/text/untex/default.nix b/pkgs/tools/text/untex/default.nix index e2f6142a2a0f..ec99e8b4a27a 100644 --- a/pkgs/tools/text/untex/default.nix +++ b/pkgs/tools/text/untex/default.nix @@ -9,6 +9,8 @@ stdenv.mkDerivation rec { sha256 = "07p836jydd5yjy905m5ylnnac1h4cc4jsr41panqb808mlsiwmmy"; }; + hardeningDisable = [ "format" ]; + unpackPhase = "tar xf $src"; installTargets = "install install.man"; installFlags = "BINDIR=$(out)/bin MANDIR=$(out)/share/man/man1"; diff --git a/pkgs/tools/typesetting/bibtex-tools/default.nix b/pkgs/tools/typesetting/bibtex-tools/default.nix deleted file mode 100644 index a822a181a653..000000000000 --- a/pkgs/tools/typesetting/bibtex-tools/default.nix +++ /dev/null @@ -1,17 +0,0 @@ -{stdenv, fetchurl, hevea, tetex, strategoxt, aterm, sdf}: - -stdenv.mkDerivation { - name = "bibtex-tools-0.2pre13026"; - src = fetchurl { - url = http://tarballs.nixos.org/bibtex-tools-0.2pre13026.tar.gz; - md5 = "2d8a5de7c53eb670307048eb3d14cdd6"; - }; - configureFlags = " - --with-aterm=${aterm} - --with-sdf=${sdf} - --with-strategoxt=${strategoxt} - --with-hevea=${hevea} - --with-latex=${tetex}"; - buildInputs = [aterm sdf strategoxt hevea]; - meta.broken = true; -} diff --git a/pkgs/tools/typesetting/kindlegen/default.nix b/pkgs/tools/typesetting/kindlegen/default.nix new file mode 100644 index 000000000000..159119a8a710 --- /dev/null +++ b/pkgs/tools/typesetting/kindlegen/default.nix @@ -0,0 +1,48 @@ +{ fetchurl, stdenv }: + +let + version = "2.9"; + fileVersion = builtins.replaceStrings [ "." ] [ "_" ] version; + + sha256 = { + "x86_64-linux" = "15i20kzhdcmi94w7wfhqbl6j20v47cdakjm2mn3x8w495iddna4q"; + "i686-linux" = "15i20kzhdcmi94w7wfhqbl6j20v47cdakjm2mn3x8w495iddna4q"; + "x86_64-darwin" = "0zniyn0s41fxqrajbgwxbcsj5vzf9m7a6yvdz2b11mphr00kpbbs"; + "i686-darwin" = "0zniyn0s41fxqrajbgwxbcsj5vzf9m7a6yvdz2b11mphr00kpbbs"; + "x86_64-cygwin" = "02slfh1bbpijay4skj85cjiv7z43ha8vm5aa1lwiqjk86qbl1f3h"; + "i686-cygwin" = "02slfh1bbpijay4skj85cjiv7z43ha8vm5aa1lwiqjk86qbl1f3h"; + }."${stdenv.system}" or (throw "system #{stdenv.system.} is not supported"); + + url = { + "x86_64-linux" = "http://kindlegen.s3.amazonaws.com/kindlegen_linux_2.6_i386_v${fileVersion}.tar.gz"; + "i686-linux" = "http://kindlegen.s3.amazonaws.com/kindlegen_linux_2.6_i386_v${fileVersion}.tar.gz"; + "x86_64-darwin" = "http://kindlegen.s3.amazonaws.com/KindleGen_Mac_i386_v${fileVersion}.zip"; + "i686-darwin" = "http://kindlegen.s3.amazonaws.com/KindleGen_Mac_i386_v${fileVersion}.zip"; + "x86_64-cygwin" = "http://kindlegen.s3.amazonaws.com/kindlegen_win32_v${fileVersion}.zip"; + "i686-cygwin" = "http://kindlegen.s3.amazonaws.com/kindlegen_win32_v${fileVersion}.zip"; + }."${stdenv.system}" or (throw "system #{stdenv.system.} is not supported"); + +in stdenv.mkDerivation rec { + name = "kindlegen-${version}"; + + src = fetchurl { + inherit url; + inherit sha256; + }; + + sourceRoot = "."; + + installPhase = '' + mkdir -p $out/bin $out/share/kindlegen/doc + install -m755 kindlegen $out/bin/kindlegen + cp -r *.txt *.html docs/* $out/share/kindlegen/doc + ''; + + meta = with stdenv.lib; { + description = "Convert documents to .mobi for use with Amazon Kindle"; + homepage = https://www.amazon.com/gp/feature.html?docId=1000765211; + license = licenses.unfree; + maintainers = with maintainers; [ peterhoeg ]; + platforms = [ "x86_64-linux" "i686-linux" "x86_64-darwin" "i686-darwin" "x86_64-cygwin" "i686-cygwin" ]; + }; +} diff --git a/pkgs/tools/typesetting/pdftk/default.nix b/pkgs/tools/typesetting/pdftk/default.nix index 84a853bb0df6..73bf0b9e1287 100644 --- a/pkgs/tools/typesetting/pdftk/default.nix +++ b/pkgs/tools/typesetting/pdftk/default.nix @@ -10,6 +10,8 @@ stdenv.mkDerivation { buildInputs = [ gcj unzip ]; + hardeningDisable = [ "fortify" "format" ]; + preBuild = '' cd pdftk sed -e 's@/usr/bin/@@g' -i Makefile.* diff --git a/pkgs/tools/typesetting/tex/tetex/default.nix b/pkgs/tools/typesetting/tex/tetex/default.nix index 8d6c88a0004e..c3d226a2acb0 100644 --- a/pkgs/tools/typesetting/tex/tetex/default.nix +++ b/pkgs/tools/typesetting/tex/tetex/default.nix @@ -2,7 +2,7 @@ stdenv.mkDerivation { name = "tetex-3.0"; - + src = fetchurl { url = ftp://cam.ctan.org/tex-archive/systems/unix/teTeX/current/distrib/tetex-src-3.0.tar.gz; md5 = "944a4641e79e61043fdaf8f38ecbb4b3"; @@ -15,6 +15,8 @@ stdenv.mkDerivation { buildInputs = [ flex bison zlib libpng ncurses ed ]; + hardeningDisable = [ "format" ]; + # fixes "error: conflicting types for 'calloc'", etc. preBuild = stdenv.lib.optionalString stdenv.isDarwin '' sed -i 57d texk/kpathsea/c-std.h diff --git a/pkgs/tools/typesetting/tex/tex4ht/default.nix b/pkgs/tools/typesetting/tex/tex4ht/default.nix index 8380abf2e948..5aaae2c06b2a 100644 --- a/pkgs/tools/typesetting/tex/tex4ht/default.nix +++ b/pkgs/tools/typesetting/tex/tex4ht/default.nix @@ -10,6 +10,8 @@ stdenv.mkDerivation rec { buildInputs = [ tetex unzip ]; + hardeningDisable = [ "format" ]; + buildPhase = '' cd src for f in tex4ht t4ht htcmd ; do diff --git a/pkgs/tools/typesetting/tex/texlive-new/bin.nix b/pkgs/tools/typesetting/tex/texlive-new/bin.nix index b98b9103ce74..26aebd567724 100644 --- a/pkgs/tools/typesetting/tex/texlive-new/bin.nix +++ b/pkgs/tools/typesetting/tex/texlive-new/bin.nix @@ -64,6 +64,8 @@ core = stdenv.mkDerivation rec { perl ]; + hardeningDisable = [ "format" ]; + postPatch = '' for i in texk/kpathsea/mktex*; do sed -i '/^mydir=/d' "$i" @@ -128,6 +130,8 @@ core-big = stdenv.mkDerivation { inherit (common) src; + hardeningDisable = [ "format" ]; + buildInputs = core.buildInputs ++ [ core cairo harfbuzz icu graphite2 ]; configureFlags = common.configureFlags diff --git a/pkgs/tools/typesetting/xmlroff/default.nix b/pkgs/tools/typesetting/xmlroff/default.nix index 7bd34f402504..daa79d8e352c 100644 --- a/pkgs/tools/typesetting/xmlroff/default.nix +++ b/pkgs/tools/typesetting/xmlroff/default.nix @@ -28,6 +28,8 @@ stdenv.mkDerivation rec { configureFlags = "--disable-pangoxsl --disable-gp"; + hardeningDisable = [ "format" ]; + preBuild = '' substituteInPlace tools/insert-file-as-string.pl --replace "/usr/bin/perl" "${perl}/bin/perl" substituteInPlace Makefile --replace "docs" "" diff --git a/pkgs/tools/video/mjpegtools/default.nix b/pkgs/tools/video/mjpegtools/default.nix index 40fe5eb01477..0e90a5071b75 100644 --- a/pkgs/tools/video/mjpegtools/default.nix +++ b/pkgs/tools/video/mjpegtools/default.nix @@ -15,6 +15,8 @@ stdenv.mkDerivation rec { sha256 = "01y4xpfdvd4zgv6fmcjny9mr1gbfd4y2i4adp657ydw6fqyi8kw6"; }; + hardeningDisable = [ "format" ]; + buildInputs = [ libdv libjpeg libpng pkgconfig ] ++ lib.optional (!withMinimal) [ gtk libX11 SDL SDL_gfx ]; diff --git a/pkgs/tools/video/vncrec/default.nix b/pkgs/tools/video/vncrec/default.nix index 7d395afebecb..162a1b6d5a47 100644 --- a/pkgs/tools/video/vncrec/default.nix +++ b/pkgs/tools/video/vncrec/default.nix @@ -10,6 +10,8 @@ stdenv.mkDerivation rec { sha256 = "1yp6r55fqpdhc8cgrgh9i0mzxmkls16pgf8vfcpng1axr7cigyhc"; }; + hardeningDisable = [ "format" ]; + buildInputs = [ libX11 xproto imake gccmakedep libXt libXmu libXaw libXext xextproto libSM libICE libXpm libXp diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 74bde248417b..fd6154ebde81 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -598,6 +598,8 @@ in gnutls = gnutls33; }; + blink1-tool = callPackage ../tools/misc/blink1-tool { }; + blitz = callPackage ../development/libraries/blitz { }; blockdiag = pythonPackages.blockdiag; @@ -673,7 +675,7 @@ in calamares = qt5.callPackage ../tools/misc/calamares rec { python = python3; boost = pkgs.boost.override { python=python3; }; - libyamlcpp = callPackage ../development/libraries/libyaml-cpp { makePIC=true; boost=boost; }; + libyamlcpp = callPackage ../development/libraries/libyaml-cpp { boost=boost; }; }; capstone = callPackage ../development/libraries/capstone { }; @@ -949,10 +951,6 @@ in ClassAccessor TextRoman DataUniqid LinguaTranslit UnicodeNormalize; }; - bibtextools = callPackage ../tools/typesetting/bibtex-tools { - inherit (strategoPackages016) strategoxt sdf; - }; - blueman = callPackage ../tools/bluetooth/blueman { inherit (gnome3) dconf gsettings_desktop_schemas; withPulseAudio = config.pulseaudio or true; @@ -2378,6 +2376,8 @@ in npm2nix = nodePackages.npm2nix; + kindlegen = callPackage ../tools/typesetting/kindlegen { }; + ldapvi = callPackage ../tools/misc/ldapvi { }; ldns = callPackage ../development/libraries/ldns { }; @@ -2412,6 +2412,8 @@ in libtermkey = callPackage ../development/libraries/libtermkey { }; + libtelnet = callPackage ../development/libraries/libtelnet { }; + libtirpc = callPackage ../development/libraries/ti-rpc { }; libshout = callPackage ../development/libraries/libshout { }; @@ -2701,6 +2703,8 @@ in netcdffortran = callPackage ../development/libraries/netcdf-fortran { }; + neural-style = callPackage ../tools/graphics/neural-style {}; + nco = callPackage ../development/libraries/nco { }; nc6 = callPackage ../tools/networking/nc6 { }; @@ -4366,10 +4370,7 @@ in clang_35 = wrapCC llvmPackages_35.clang; clang_34 = wrapCC llvmPackages_34.clang; - clang-analyzer = callPackage ../development/tools/analysis/clang-analyzer { - clang = clang_34; - llvmPackages = llvmPackages_34; - }; + clang-analyzer = callPackage ../development/tools/analysis/clang-analyzer { }; clangUnwrapped = llvm: pkg: callPackage pkg { inherit llvm; }; @@ -4728,14 +4729,10 @@ in dotnetPackages = recurseIntoAttrs (callPackage ./dotnet-packages.nix {}); - go_1_4 = callPackage ../development/compilers/go/1.4.nix { + go_bootstrap = callPackage ../development/compilers/go/1.4.nix { inherit (darwin.apple_sdk.frameworks) Security; }; - go_1_5 = callPackage ../development/compilers/go/1.5.nix { - inherit (darwin.apple_sdk.frameworks) Security Foundation; - }; - go_1_6 = callPackage ../development/compilers/go/1.6.nix { inherit (darwin.apple_sdk.frameworks) Security Foundation; }; @@ -5485,21 +5482,16 @@ in ponyc = callPackage ../development/compilers/ponyc { }; - qcmm = callPackage ../development/compilers/qcmm { - lua = lua4; - ocaml = ocaml_3_08_0; - }; - rgbds = callPackage ../development/compilers/rgbds { }; rtags = callPackage ../development/tools/rtags/default.nix {}; rust = rustStable; rustStable = callPackage ../development/compilers/rust {}; - rustBeta = lowPrio (callPackage ../development/compilers/rust/beta.nix {}); - rustUnstable = lowPrio (callPackage ../development/compilers/rust/head.nix { + rustBeta = callPackage ../development/compilers/rust/beta.nix {}; + rustUnstable = callPackage ../development/compilers/rust/head.nix { rustPlatform = recurseIntoAttrs (makeRustPlatform rustBeta); - }); + }; cargo = rust.cargo; rustc = rust.rustc; @@ -5557,20 +5549,6 @@ in stalin = callPackage ../development/compilers/stalin { }; - strategoPackages = recurseIntoAttrs strategoPackages018; - - strategoPackages016 = callPackage ../development/compilers/strategoxt/0.16.nix { - stdenv = overrideInStdenv stdenv [gnumake380]; - }; - - strategoPackages017 = callPackage ../development/compilers/strategoxt/0.17.nix { - readline = readline5; - }; - - strategoPackages018 = callPackage ../development/compilers/strategoxt/0.18.nix { - readline = readline5; - }; - metaBuildEnv = callPackage ../development/compilers/meta-environment/meta-build-env { }; swiProlog = callPackage ../development/compilers/swi-prolog { }; @@ -5612,8 +5590,6 @@ in vs90wrapper = callPackage ../development/compilers/vs90wrapper { }; - webdsl = callPackage ../development/compilers/webdsl { }; - wla-dx = callPackage ../development/compilers/wla-dx { }; wrapCCWith = ccWrapper: libc: extraBuildCommands: baseCC: ccWrapper { @@ -6147,8 +6123,6 @@ in automake = self.automake115x; - automake110x = callPackage ../development/tools/misc/automake/automake-1.10.x.nix { }; - automake111x = callPackage ../development/tools/misc/automake/automake-1.11.x.nix { }; automake112x = callPackage ../development/tools/misc/automake/automake-1.12.x.nix { }; @@ -6173,6 +6147,8 @@ in bazel = callPackage ../development/tools/build-managers/bazel { jdk = openjdk8; }; + bear = callPackage ../development/tools/build-managers/bear { }; + bin_replace_string = callPackage ../development/tools/misc/bin_replace_string { }; binutils = if stdenv.isDarwin then self.darwin.binutils else self.binutils-raw; @@ -6450,7 +6426,7 @@ in gnumake = self.gnumake42; gnustep = recurseIntoAttrs (callPackage ../desktops/gnustep {}); - + gob2 = callPackage ../development/tools/misc/gob2 { }; gocd-agent = callPackage ../development/tools/continuous-integration/gocd-agent { }; @@ -6896,10 +6872,6 @@ in aspellDicts = recurseIntoAttrs (callPackages ../development/libraries/aspell/dictionaries.nix {}); - aterm = self.aterm25; - - aterm25 = callPackage ../development/libraries/aterm/2.5.nix { }; - attica = callPackage ../development/libraries/attica { }; attr = callPackage ../development/libraries/attr { }; @@ -7081,6 +7053,8 @@ in cppdb = callPackage ../development/libraries/cppdb { }; + cpp-hocon = callPackage ../development/libraries/cpp-hocon { }; + cpp-netlib = callPackage ../development/libraries/cpp-netlib { }; cppcms = callPackage ../development/libraries/cppcms { }; @@ -7101,6 +7075,8 @@ in cxx-prettyprint = callPackage ../development/libraries/cxx-prettyprint { }; + cxxtest = callPackage ../development/libraries/cxxtest { }; + cyrus_sasl = callPackage ../development/libraries/cyrus-sasl { kerberos = if stdenv.isFreeBSD then libheimdal else kerberos; }; @@ -8427,6 +8403,8 @@ in libopus = callPackage ../development/libraries/libopus { }; + liborc = callPackage ../development/libraries/liborc { }; + libosinfo = callPackage ../development/libraries/libosinfo { inherit (gnome3) libsoup; }; @@ -8722,6 +8700,8 @@ in live555 = callPackage ../development/libraries/live555 { }; + loadcaffe = callPackage ../development/libraries/loadcaffe {}; + log4cpp = callPackage ../development/libraries/log4cpp { }; log4cxx = callPackage ../development/libraries/log4cxx { }; @@ -8777,6 +8757,9 @@ in mesa = mesaDarwinOr (buildEnv { name = "mesa-${mesa_noglu.version}"; paths = [ mesa_noglu.dev mesa_noglu.out mesa_glu ]; + meta = { + platforms = lib.platforms.unix; + }; }); meterbridge = callPackage ../applications/audio/meterbridge { }; @@ -9594,7 +9577,9 @@ in tokyotyrant = callPackage ../development/libraries/tokyo-tyrant { }; - torch = callPackage ../development/libraries/torch {}; + torch = callPackage ../development/libraries/torch { + openblas = openblasCompat; + }; tremor = callPackage ../development/libraries/tremor { }; @@ -9642,8 +9627,6 @@ in v8_3_16_14 = callPackage ../development/libraries/v8/3.16.14.nix { inherit (pythonPackages) gyp; - # The build succeeds using gcc5 but it fails to build pkgs.consul-ui - stdenv = overrideCC stdenv gcc48; }; v8_3_24_10 = callPackage ../development/libraries/v8/3.24.10.nix { @@ -9999,14 +9982,6 @@ in ### DEVELOPMENT / GO MODULES - buildGo14Package = callPackage ../development/go-modules/generic { - go = go_1_4; - }; - - buildGo15Package = callPackage ../development/go-modules/generic { - go = go_1_5; - }; - buildGo16Package = callPackage ../development/go-modules/generic { go = go_1_6; }; @@ -10497,7 +10472,7 @@ in influxdb = (callPackage ../servers/nosql/influxdb/v0.nix { }).bin // { outputs = [ "bin" ]; }; - influxdb10 = (callPackage ../servers/nosql/influxdb/v1.nix { }).bin // { outputs = [ "bin" ]; }; + influxdb10 = (callPackage ../servers/nosql/influxdb/v1.nix { }).bin // { outputs = [ "bin" ]; }; hyperdex = callPackage ../servers/nosql/hyperdex { }; @@ -10878,6 +10853,8 @@ in opencflite = callPackage ../os-specific/darwin/opencflite {}; + swift-corefoundation = callPackage ../os-specific/darwin/swift-corefoundation {}; + xcode = callPackage ../os-specific/darwin/xcode {}; osx_sdk = callPackage ../os-specific/darwin/osx-sdk {}; @@ -11212,12 +11189,14 @@ in }; linux_testing = callPackage ../os-specific/linux/kernel/linux-testing.nix { - kernelPatches = [ kernelPatches.bridge_stp_helper ] - ++ lib.optionals ((platform.kernelArch or null) == "mips") - [ kernelPatches.mips_fpureg_emu - kernelPatches.mips_fpu_sigill - kernelPatches.mips_ext3_n32 - ]; + kernelPatches = [ + kernelPatches.bridge_stp_helper + kernelPatches.modinst_arg_list_too_long + ] ++ lib.optionals ((platform.kernelArch or null) == "mips") [ + kernelPatches.mips_fpureg_emu + kernelPatches.mips_fpu_sigill + kernelPatches.mips_ext3_n32 + ]; }; linux_chromiumos_3_14 = callPackage ../os-specific/linux/kernel/linux-chromiumos-3.14.nix { @@ -11322,8 +11301,6 @@ in prl-tools = callPackage ../os-specific/linux/prl-tools { }; - psmouse_alps = callPackage ../os-specific/linux/psmouse-alps { }; - seturgent = callPackage ../os-specific/linux/seturgent { }; spl = callPackage ../os-specific/linux/spl { @@ -11427,50 +11404,6 @@ in ''; }; - # grsecurity: legacy - - grsecurity_base_linux_3_14 = throw "grsecurity stable is no longer supported"; - grsecurity_base_linux_4_4 = throw "grsecurity stable is no longer supported"; - - linuxPackages_grsec_desktop_3_14 = throw "linuxPackages_grsec_desktop has been removed"; - linuxPackages_grsec_desktop_4_4 = throw "linuxPackages_grsec_desktop has been removed"; - linuxPackages_grsec_desktop_4_5 = throw "linuxPackages_grsec_desktop has been removed"; - linuxPackages_grsec_desktop_latest = throw "linuxPackages_grsec_desktop has been removed"; - - linuxPackages_grsec_server_3_14 = throw "linuxPackages_grsec_server has been removed"; - linuxPackages_grsec_server_4_4 = throw "linuxPackages_grsec_server has been removed"; - linuxPackages_grsec_server_4_5 = throw "linuxPackages_grsec_server has been removed"; - linuxPackages_grsec_server_latest = throw "linuxPackages_grsec_server has been removed"; - - linuxPackages_grsec_server_xen_3_14 = throw "linuxPackages_grsec_server_xen has been removed"; - linuxPackages_grsec_server_xen_4_4 = throw "linuxPackages_grsec_server_xen has been removed"; - linuxPackages_grsec_server_xen_4_5 = throw "linuxPackages_grsec_server_xen has been removed"; - linuxPackages_grsec_server_xen_latest = throw "linuxPackages_grsec_server_xen has been removed"; - - linux_grsec_desktop_3_14 = throw "grsecurity stable is no longer supported"; - linux_grsec_desktop_4_4 = throw "grsecurity stable is no longer supported"; - linux_grsec_desktop_4_5 = throw "linux_grsec_desktop has been removed"; - linux_grsec_desktop_latest = throw "linux_grsec_desktop has been removed"; - - linux_grsec_server_3_14 = throw "grsecurity stable is no longer supported"; - linux_grsec_server_4_4 = throw "grsecurity stable is no longer supported"; - linux_grsec_server_4_5 = throw "linux_grsec_server has been removed"; - linux_grsec_server_latest = throw "linux_grsec_server_latest has been removed"; - - linux_grsec_server_xen_3_14 = throw "grsecurity stable is no longer supported"; - linux_grsec_server_xen_4_4 = throw "grsecurity stable is no longer supported"; - linux_grsec_server_xen_4_5 = throw "linux_grsec_server_xen has been removed"; - linux_grsec_server_xen_latest = throw "linux_grsec_server_xen has been removed"; - - linux_grsec_stable_desktop = self.linux_grsec_desktop_3_14; - linux_grsec_stable_server = self.linux_grsec_server_3_14; - linux_grsec_stable_server_xen = self.linux_grsec_server_xen_3_14; - - linux_grsec_testing_desktop = self.linux_grsec_desktop_latest; - linux_grsec_testing_server = self.linux_grsec_server_latest; - linux_grsec_testing_server_xen = self.linux_grsec_server_xen_latest; - - # ChromiumOS kernels linuxPackages_chromiumos_3_14 = recurseIntoAttrs (self.linuxPackagesFor self.linux_chromiumos_3_14 linuxPackages_chromiumos_3_14); linuxPackages_chromiumos_3_18 = recurseIntoAttrs (self.linuxPackagesFor self.linux_chromiumos_3_18 linuxPackages_chromiumos_3_18); @@ -12122,6 +12055,8 @@ in orbitron = callPackage ../data/fonts/orbitron { }; + oxygenfonts = callPackage ../data/fonts/oxygenfonts { }; + paper-icon-theme = callPackage ../data/icons/paper-icon-theme { }; pecita = callPackage ../data/fonts/pecita {}; @@ -12171,6 +12106,8 @@ in r5rs = callPackage ../data/documentation/rnrs/r5rs.nix { }; + roboto = callPackage ../data/fonts/roboto { }; + hasklig = callPackage ../data/fonts/hasklig {}; sound-theme-freedesktop = callPackage ../data/misc/sound-theme-freedesktop { }; @@ -12732,7 +12669,6 @@ in docker = callPackage ../applications/virtualization/docker { btrfs-progs = btrfs-progs_4_4_1; - go = go_1_4; }; docker-gc = callPackage ../applications/virtualization/docker/gc.nix { }; @@ -13045,6 +12981,7 @@ in keepassx = callPackage ../applications/misc/keepassx { }; keepassx2 = callPackage ../applications/misc/keepassx/2.0.nix { }; + keepassx2-http = callPackage ../applications/misc/keepassx/2.0-http.nix { }; inherit (gnome3) evince; evolution_data_server = gnome3.evolution_data_server; @@ -13153,6 +13090,8 @@ in wavesurfer = callPackage ../applications/misc/audio/wavesurfer { }; + wavrsocvt = callPackage ../applications/misc/audio/wavrsocvt { }; + wireshark-cli = callPackage ../applications/networking/sniffers/wireshark { withQt = false; withGtk = false; @@ -13686,6 +13625,14 @@ in kdeconnect = qt5.callPackage ../applications/misc/kdeconnect { }; + kdevelop-pg-qt = kde5.callPackage ../applications/editors/kdevelop5/kdevelop-pg-qt.nix {}; + + kdevelop = kde5.callPackage ../applications/editors/kdevelop5/kdevelop.nix { + llvmPackages = llvmPackages_38; + }; + + kdevplatform = kde5.callPackage ../applications/editors/kdevelop5/kdevplatform.nix {}; + keepnote = callPackage ../applications/office/keepnote { pygtk = pyGtkGlade; }; @@ -13873,7 +13820,6 @@ in lxdvdrip = callPackage ../applications/video/lxdvdrip { }; handbrake = callPackage ../applications/video/handbrake { - webkitgtk = webkitgtk24x; ffmpeg = ffmpeg_2; }; @@ -15915,6 +15861,8 @@ in privateer = callPackage ../games/privateer { }; + qweechat = callPackage ../applications/networking/irc/qweechat { }; + qqwing = callPackage ../games/qqwing { }; quake3wrapper = callPackage ../games/quake3/wrapper { }; @@ -16059,15 +16007,10 @@ in speed_dreams = callPackage ../games/speed-dreams { # Torcs wants to make shared libraries linked with plib libraries (it provides static). # i686 is the only platform I know than can do that linking without plib built with -fPIC - plib = plib.override { enablePIC = !stdenv.isi686; }; libpng = libpng12; }; - torcs = callPackage ../games/torcs { - # Torcs wants to make shared libraries linked with plib libraries (it provides static). - # i686 is the only platform I know than can do that linking without plib built with -fPIC - plib = plib.override { enablePIC = !stdenv.isi686; }; - }; + torcs = callPackage ../games/torcs { }; trigger = callPackage ../games/trigger { }; @@ -17469,6 +17412,8 @@ in utf8proc = callPackage ../development/libraries/utf8proc { }; + valauncher = callPackage ../applications/misc/valauncher { }; + vault = callPackage ../tools/security/vault { }; vbam = callPackage ../misc/emulators/vbam { diff --git a/pkgs/top-level/perl-packages.nix b/pkgs/top-level/perl-packages.nix index a1a080aac559..39324e9e96ac 100644 --- a/pkgs/top-level/perl-packages.nix +++ b/pkgs/top-level/perl-packages.nix @@ -4227,15 +4227,16 @@ let self = _self // overrides; _self = with self; { }; }; - DistZillaPluginTestPodLinkCheck = buildPerlPackage { - name = "Dist-Zilla-Plugin-Test-Pod-LinkCheck-1.001"; + DistZillaPluginTestPodLinkCheck = buildPerlPackage rec { + name = "Dist-Zilla-Plugin-Test-Pod-LinkCheck-1.002"; src = fetchurl { - url = mirror://cpan/authors/id/R/RW/RWSTAUNER/Dist-Zilla-Plugin-Test-Pod-LinkCheck-1.001.tar.gz; - sha256 = "d75682175dff1f79928794ba30ea29389a4666f781a50cba281c25cfd3c95bbd"; + url = "mirror://cpan/authors/id/R/RW/RWSTAUNER/${name}.tar.gz"; + sha256 = "26f3b257d5037aeec8335910cfdaf76fc8612f38f5d3134f46cd433e116947b0"; }; +# buildInputs = [ ModuleBuild ]; propagatedBuildInputs = [ DistZilla Moose TestPodLinkCheck ]; meta = { - homepage = http://github.com/rwstauner/Dist-Zilla-Plugin-Test-Pod-LinkCheck; + homepage = https://github.com/rwstauner/Dist-Zilla-Plugin-Test-Pod-LinkCheck; description = "Add release tests for POD links"; license = with stdenv.lib.licenses; [ artistic1 gpl1Plus ]; }; @@ -5148,10 +5149,10 @@ let self = _self // overrides; _self = with self; { }; FileMimeInfo = buildPerlPackage rec { - name = "File-MimeInfo-0.23"; + name = "File-MimeInfo-0.27"; src = fetchurl { url = "mirror://cpan/modules/by-module/File/${name}.tar.gz"; - sha256 = "006i9idnxv9hsz1gykc5bqs05ma5wz9dsjrpmah9293bgdy1ccxj"; + sha256 = "0d3jcs2fgrrfwl3rxk8xg0varjah2llm66jk6rk2gznpzqkgi72p"; }; doCheck = false; # Failed test 'desktop file is the right one' propagatedBuildInputs = [ FileBaseDir FileDesktopEntry ]; @@ -6613,10 +6614,10 @@ let self = _self // overrides; _self = with self; { }; IOSocketSSL = buildPerlPackage rec { - name = "IO-Socket-SSL-2.027"; + name = "IO-Socket-SSL-2.037"; src = fetchurl { url = "mirror://cpan/authors/id/S/SU/SULLR/${name}.tar.gz"; - sha256 = "723517ea71f90105579e7db7a1a2e053bf5c8142a187df8bc1fe3881c3383f67"; + sha256 = "6747226937d652a30a2c9c21d171412737f41f27ea7d82cd74845b3052909469"; }; propagatedBuildInputs = [ NetSSLeay URI ]; # Fix path to default certificate store. @@ -12707,13 +12708,13 @@ let self = _self // overrides; _self = with self; { propagatedBuildInputs = [PodCoverage]; }; - TestPodLinkCheck = buildPerlPackage { - name = "Test-Pod-LinkCheck-0.007"; + TestPodLinkCheck = buildPerlPackage rec { + name = "Test-Pod-LinkCheck-0.008"; src = fetchurl { - url = mirror://cpan/authors/id/A/AP/APOCAL/Test-Pod-LinkCheck-0.007.tar.gz; - sha256 = "de2992e756fca96824411bb3ab2b94b05567cb3f2c5e3ffd8162ffdfd1f77c88"; + url = "mirror://cpan/authors/id/A/AP/APOCAL/${name}.tar.gz"; + sha256 = "2bfe771173c38b69eeb089504e3f76511b8e45e6a9e6dac3e616e400ea67bcf0"; }; - buildInputs = [ TestTester ]; + buildInputs = [ ModuleBuildTiny ]; propagatedBuildInputs = [ CaptureTiny Moose TestPod podlinkcheck ]; meta = { homepage = http://search.cpan.org/dist/Test-Pod-LinkCheck/; diff --git a/pkgs/top-level/python-packages.nix b/pkgs/top-level/python-packages.nix index 677b757f1d99..9f892423a428 100644 --- a/pkgs/top-level/python-packages.nix +++ b/pkgs/top-level/python-packages.nix @@ -3597,6 +3597,25 @@ in modules // { }; }; + cmdline = buildPythonPackage rec { + pname = "cmdline"; + version = "0.1.6"; + name = "${pname}-${version}"; + + src = pkgs.fetchurl { + url = "mirror://pypi/c/${pname}/${name}.tar.gz"; + sha256 = "be2cb4711e9111bb7386a408e3c66a730c36dd6ac05851a9f03d0f4eae63536a"; + }; + + # No tests, https://github.com/rca/cmdline/issues/1 + doCheck = false; + propagatedBuildInputs = with self; [ pyyaml ]; + meta = { + description = "Utilities for consistent command line tools"; + homepage = http://github.com/rca/cmdline; + license = licenses.asl20; + }; + }; cogapp = buildPythonPackage rec { version = "2.3"; @@ -3983,26 +4002,23 @@ in modules // { cytoolz = buildPythonPackage rec { name = "cytoolz-${version}"; - version = "0.7.4"; + version = "0.8.0"; src = pkgs.fetchurl{ url = "mirror://pypi/c/cytoolz/cytoolz-${version}.tar.gz"; - sha256 = "9c2e3dda8232b6cd5b84b8c8df6c8155c2adeb8734eb7ec38e189affc0f2eba5"; + sha256 = "2239890c8fe2da3eba82947c6a68cfa406e5a5045911c9ab3de8113462372629"; }; # Extension types disabled = isPyPy; buildInputs = with self; [ nose ]; + propagatedBuildInputs = with self; [ toolz ]; checkPhase = '' nosetests -v $out/${python.sitePackages} ''; - # Several tests fail with Python 3.5 - # https://github.com/pytoolz/cytoolz/issues/73 - doCheck = !isPy35; - meta = { homepage = "http://github.com/pytoolz/cytoolz/"; description = "Cython implementation of Toolz: High performance functional utilities"; @@ -4033,11 +4049,11 @@ in modules // { cryptography = buildPythonPackage rec { # also bump cryptography_vectors name = "cryptography-${version}"; - version = "1.4"; + version = "1.5"; src = pkgs.fetchurl { url = "mirror://pypi/c/cryptography/${name}.tar.gz"; - sha256 = "0a6i4914ychryj7kqqmf970incynj5lzx57n3cbv5i4hxm09a55v"; + sha256 = "52f47ec9a57676043f88e3ca133638790b6b71e56e8890d9d7f3ae4fcd75fa24"; }; buildInputs = [ pkgs.openssl self.pretend self.cryptography_vectors @@ -4054,11 +4070,11 @@ in modules // { cryptography_vectors = buildPythonPackage rec { # also bump cryptography name = "cryptography_vectors-${version}"; - version = "1.4"; + version = "1.5"; src = pkgs.fetchurl { url = "mirror://pypi/c/cryptography-vectors/${name}.tar.gz"; - sha256 = "1sk6yhphk2k2vzshi0djxi0jsxd9a02259bs8gynfgf5y1g82a07"; + sha256 = "ad19a2b98a475785c3b2ec8a8c9c974e0c48d00db0c23e79d776a2c489ad812d"; }; }; @@ -4421,12 +4437,11 @@ in modules // { bcrypt = buildPythonPackage rec { name = "bcrypt-${version}"; - version = "2.0.0"; + version = "3.1.0"; src = pkgs.fetchurl { - url = "https://api.github.com/repos/pyca/bcrypt/tarball/${version}"; - name = "bcrypt-${version}.tar.gz"; - sha256 = "14i1yp4qkjklx82jl61cjjcw367lc0pkvnix3gaz451ijdcmz3x8"; + url = "mirror://pypi/b/bcrypt/${name}.tar.gz"; + sha256 = "e54820d8b9eff357d1003f5b8d4b949a632b76b89610d8a933783fd476033ebe"; }; buildInputs = with self; [ pycparser mock pytest py ]; propagatedBuildInputs = with self; optional (!isPyPy) cffi; @@ -4612,6 +4627,31 @@ in modules // { }; }; + pytest-fixture-config = buildPythonPackage rec { + name = "${pname}-${version}"; + pname = "pytest-fixture-config"; + version = "1.0.1"; + + src = pkgs.fetchurl { + url = "mirror://pypi/p/${pname}/${name}.tar.gz"; + sha256 = "7d7cc1cb25f88a707f083b1dc2e3c2fdfc6f37709567a2587dd0cd0bcd70edb6"; + }; + + propagatedBuildInputs = with self; [ pytest coverage virtualenv pytestcov six ]; + + checkPhase = '' + py.test -k "not test_yield_requires_config_doesnt_skip and not test_yield_requires_config_skips" + ''; + + meta = { + description = "Simple configuration objects for Py.test fixtures. Allows you to skip tests when their required config variables aren’t set."; + homepage = https://github.com/manahl/pytest-plugins; + license = licenses.mit; + maintainers = with maintainers; [ ryansydnor ]; + platforms = platforms.all; + }; + }; + pytestflakes = buildPythonPackage rec { name = "pytest-flakes-${version}"; version = "1.0.0"; @@ -4630,6 +4670,27 @@ in modules // { }; }; + pytest-mock = buildPythonPackage rec { + name = "${pname}-${version}"; + pname = "pytest-mock"; + version = "1.2"; + + propagatedBuildInputs = with self; [ mock pytest ]; + + meta = { + description = "Thin-wrapper around the mock package for easier use with py.test."; + homepage = "https://github.com/pytest-dev/pytest-mock"; + license = licenses.mit; + maintainers = with maintainers; [ nand0p ]; + platforms = platforms.all; + }; + + src = pkgs.fetchurl { + url = "mirror://pypi/p/${pname}/${name}.zip"; + sha256 = "03zxar5drzm7ksqyrwypjaza3cri6wqvpr6iam92djvg6znp32gp"; + }; + }; + pytestpep8 = buildPythonPackage rec { name = "pytest-pep8"; src = pkgs.fetchurl { @@ -4726,15 +4787,69 @@ in modules // { }; }; + pytest-server-fixtures = buildPythonPackage rec { + name = "${pname}-${version}"; + pname = "pytest-server-fixtures"; + version = "1.1.0"; + + propagatedBuildInputs = with self; [ setuptools-git pytest-shutil pytest-fixture-config psutil requests2 ]; + + meta = { + description = "Extensible server fixures for py.test"; + homepage = "https://github.com/manahl/pytest-plugins"; + license = licenses.mit; + maintainers = with maintainers; [ nand0p ]; + platforms = platforms.all; + }; + + doCheck = false; + # RuntimeError: Unable to find a free server number to start Xvfb + + src = pkgs.fetchurl { + url = "mirror://pypi/p/${pname}/${name}.tar.gz"; + sha256 = "1gs9qimcn8q6xi9d6i5624l0dziwvn6nj2rda07fg15g1cq66s8l"; + }; + }; + + pytest-shutil = buildPythonPackage rec { + name = "pytest-shutil-${version}"; + version = "1.1.1"; + src = pkgs.fetchurl { + url = "mirror://pypi/p/pytest-shutil/${name}.tar.gz"; + sha256 = "bb3c4fc2dddaf70b38bd9bb7a710d07728fa14f88fbc89c2a07979b383ade5d4"; + }; + buildInputs = with self; [ cmdline ]; + propagatedBuildInputs = with self; [ pytest pytestcov coverage setuptools-git mock pathpy execnet contextlib2 ]; + meta = { + description = "A goodie-bag of unix shell and environment tools for py.test"; + homepage = https://github.com/manahl/pytest-plugins; + maintainers = with maintainers; [ ryansydnor ]; + platforms = platforms.all; + license = licenses.mit; + }; + + + checkPhase = '' + py.test + ''; + # Bunch of pickle errors + doCheck = false; + }; + pytestcov = buildPythonPackage (rec { - name = "pytest-cov-2.2.0"; + name = "pytest-cov-2.3.1"; src = pkgs.fetchurl { url = "mirror://pypi/p/pytest-cov/${name}.tar.gz"; - sha256 = "1lf9jsmhqk5nc4w3kzwglmdzjvmi7ajvrsnwv826j3bn0wzx8c92"; + sha256 = "fa0a212283cdf52e2eecc24dd6459bb7687cc29adb60cb84258fab73be8dda0f"; }; - buildInputs = with self; [ covCore pytest ]; + buildInputs = with self; [ covCore pytest virtualenv process-tests helper ]; + + doCheck = false; + checkPhase = '' + py.test tests + ''; meta = { description = "Plugin for coverage reporting with support for both centralised and distributed testing, including subprocesses and multiprocessing"; @@ -4895,11 +5010,11 @@ in modules // { dask = buildPythonPackage rec { name = "dask-${version}"; - version = "0.9.0"; + version = "0.11.0"; src = pkgs.fetchurl { url = "mirror://pypi/d/dask/${name}.tar.gz"; - sha256 = "1jm6riz6fbbd554i0dg0w1xfcmx3f9ryp4jrlavsy4zambilm6b3"; + sha256 = "ef32490c0b156584a71576dccec4dfe550a0cd81a9c131a4ee2e43c241b601c3"; }; buildInputs = with self; [ pytest ]; @@ -6140,11 +6255,11 @@ in modules // { fake_factory = buildPythonPackage rec { name = "fake-factory-${version}"; - version = "0.5.7"; + version = "0.6.0"; src = pkgs.fetchurl { url = "mirror://pypi/f/fake-factory/${name}.tar.gz"; - sha256 = "1chmarnrdzn4r017n8qlic0m0bbnhw04s3hkwribjvm3mqpb6pa0"; + sha256 = "09sgk0kylsshs64a1xsz3qr187sbnqrbf4z8k3dgsy32lsgyffv2"; }; propagatedBuildInputs = with self; [ six dateutil ipaddress mock ]; @@ -6331,8 +6446,8 @@ in modules // { ${python.interpreter} -m unittest discover ''; - # Judging from SyntaxError in tests. - disabled = isPy3k; + # Tests are Python 2.x only judging from SyntaxError + doCheck = !(isPy3k); meta = { description = "Recursive descent parsing library based on functional combinators"; @@ -6634,37 +6749,6 @@ in modules // { propagatedBuildInputs = with self; [ gdata ]; }; - googleplaydownloader = buildPythonPackage rec { - version = "1.8"; - name = "googleplaydownloader-${version}"; - - src = pkgs.fetchurl { - url = "https://codingteam.net/project/googleplaydownloader/download/file/googleplaydownloader_${version}.orig.tar.gz"; - sha256 = "1hxl4wdbiyq8ay6vnf3m7789jg0kc63kycjj01x1wm4gcm4qvbkx"; - }; - - disabled = ! isPy27; - - propagatedBuildInputs = with self; [ configparser pyasn1 ndg-httpsclient requests protobuf wxPython]; - - preBuild = '' - substituteInPlace googleplaydownloader/__init__.py --replace \ - 'open(os.path.join(HERE, "googleplaydownloader"' \ - 'open(os.path.join(HERE' - ''; - - postInstall = '' - cp -R googleplaydownloader/ext_libs $out/${python.sitePackages}/ - ''; - - meta = { - homepage = https://codingteam.net/project/googleplaydownloader; - description = "Graphical software to download APKs from the Google Play store"; - license = licenses.agpl3; - maintainers = with maintainers; [ DamienCassou ]; - }; - }; - gplaycli = buildPythonPackage rec { version = "0.1.2"; name = "gplaycli-${version}"; @@ -6768,6 +6852,31 @@ in modules // { }; }; + helper = buildPythonPackage rec { + pname = "helper"; + version = "2.4.1"; + name = "${pname}-${version}"; + + src = pkgs.fetchurl { + url = "mirror://pypi/h/${pname}/${name}.tar.gz"; + sha256 = "4e33dde42ad4df30fb7790689f93d77252cff26a565610d03ff2e434865a53a2"; + }; + + buildInputs = with self; [ mock ]; + propagatedBuildInputs = with self; [ pyyaml ]; + + # No tests + doCheck = false; + + meta = { + description = "Development library for quickly writing configurable applications and daemons"; + homepage = https://helper.readthedocs.org/; + license = licenses.bsd3; + }; + + + }; + hglib = buildPythonPackage rec { version = "1.7"; name = "hglib-${version}"; @@ -7197,6 +7306,9 @@ in modules // { ipywidgets ]; + # Meta-package, no tests + doCheck = false; + meta = { description = "Installs all the Jupyter components in one go"; homepage = "http://jupyter.org/"; @@ -12182,12 +12294,12 @@ in modules // { }; jupyter_client = buildPythonPackage rec { - version = "4.2.2"; + version = "4.3.0"; name = "jupyter_client-${version}"; src = pkgs.fetchurl { url = "mirror://pypi/j/jupyter_client/${name}.tar.gz"; - sha256 = "052a02p38byp3n95k8cwidid05gc5cx44qinzsdzs605zw757z1z"; + sha256 = "70b2e88403835a1d54b83858783d9e5e5771fa4bb6f6904e0b5bb8cfde4b99dd"; }; buildInputs = with self; [ nose ]; @@ -12209,12 +12321,12 @@ in modules // { }; jupyter_core = buildPythonPackage rec { - version = "4.1.0"; + version = "4.1.1"; name = "jupyter_core-${version}"; src = pkgs.fetchurl { url = "mirror://pypi/j/jupyter_core/${name}.tar.gz"; - sha256 = "04xxqa2m8yjpzxb2szbym6ngycyrmhymyy2vp2s6vi9kkikz0shl"; + sha256 = "ae0e69435258126466c86cd989e465a9c334c50107ef4f257decc8693650bf4c"; }; buildInputs = with self; [ pytest mock ]; @@ -12676,19 +12788,19 @@ in modules // { }; }; - llvmlite = buildPythonPackage rec { + llvmlite = let + llvm = pkgs.llvm_38; + in buildPythonPackage rec { name = "llvmlite-${version}"; - version = "0.12.1"; + version = "0.13.0"; disabled = isPyPy; src = pkgs.fetchurl { url = "mirror://pypi/l/llvmlite/${name}.tar.gz"; - sha256 = "3ce71beebd4cbc7a49abe4eadfc99725477fd43caeb7405650ebb746c7a1d0df"; + sha256 = "f852be3391acb2e77ef484c5d0ff90e7cf2821dcf9575e358a1f08c274c582eb"; }; - llvm = pkgs.llvm_37; - propagatedBuildInputs = with self; [ llvm ] ++ optional (pythonOlder "3.4") enum34; # Disable static linking @@ -17569,11 +17681,11 @@ in modules // { }; pillow = buildPythonPackage rec { - name = "Pillow-3.3.0"; + name = "Pillow-3.3.1"; src = pkgs.fetchurl { url = "mirror://pypi/P/Pillow/${name}.tar.gz"; - sha256 = "1lfc197rj4b4inib9b0q0g3rsi204gywfrnk38yk8kssi2f7q7h3"; + sha256 = "3491ca65d9fdba4db094ab3f8e17170425e7dd670e507921a665a1975d1b3df1"; }; # Check is disabled because of assertion errors, see @@ -18151,14 +18263,14 @@ in modules // { vobject = buildPythonPackage rec { - version = "0.9.2"; + version = "0.9.3"; name = "vobject-${version}"; src = pkgs.fetchFromGitHub { owner = "eventable"; repo = "vobject"; - sha256 = "0zj0wplj8pry98x3g551wdhh12ric7rl6rsd6li23lzdxik82s3g"; - rev = "7f042fdc62c9e9dc29d5f81313b9747cde205670"; + sha256 = "00vbii5awwqwfh5hfklj1q79w7d85gjigvf2imgyb71g03sb8cjv"; + rev = version; }; disabled = isPyPy; @@ -19558,6 +19670,26 @@ in modules // { }; }); + process-tests = buildPythonPackage rec { + pname = "process-tests"; + name = "${pname}-${version}"; + version = "1.2.1"; + + src = pkgs.fetchurl { + url = "mirror://pypi/p/${pname}/${name}.tar.gz"; + sha256 = "65c9d7a0260f31c15b4a22a851757e61f7072d0557db5f8a976112fbe81ff7e9"; + }; + + # No tests + doCheck = false; + + meta = { + description = "Tools for testing processes"; + license = licenses.bsd2; + homepage = https://github.com/ionelmc/python-process-tests; + }; + }; + progressbar = buildPythonPackage (rec { name = "progressbar-2.2"; @@ -20111,13 +20243,17 @@ in modules // { pytz = buildPythonPackage rec { name = "pytz-${version}"; - version = "2016.3"; + version = "2016.6.1"; src = pkgs.fetchurl { url = "mirror://pypi/p/pytz/${name}.tar.gz"; - sha256 = "1a3hjclyylc4m1v1dn04b38wm2vl649ijdswpg0d8m8n0lcxlj9l"; + sha256 = "6f57732f0f8849817e9853eb9d50d85d1ebb1404f702dbc44ee627c642a486ca"; }; + checkPhase = '' + ${python.interpreter} -m unittest discover -s pytz/tests + ''; + meta = { description = "World timezone definitions, modern and historical"; homepage = "http://pythonhosted.org/pytz"; @@ -20422,11 +20558,11 @@ in modules // { requests2 = buildPythonPackage rec { name = "requests-${version}"; - version = "2.11.0"; + version = "2.11.1"; src = pkgs.fetchurl { url = "mirror://pypi/r/requests/${name}.tar.gz"; - sha256 = "11d3vrbiqrz30qbplv80y72y9i47hihs35p5n04fl4ggjcz0bzxj"; + sha256 = "5acf980358283faba0b897c73959cecf8b841205bb4b2ad3ef545f46eae1a133"; }; nativeBuildInputs = [ self.pytest ]; @@ -22013,11 +22149,11 @@ in modules // { sounddevice = buildPythonPackage rec { name = "sounddevice-${version}"; - version = "0.3.1"; + version = "0.3.4"; src = pkgs.fetchurl { url = "mirror://pypi/s/sounddevice/${name}.tar.gz"; - sha256 = "8e5a6816b369c7aea77e06092b2fee99c8b6efbeef4851f53ea3cb208a7607f5"; + sha256 = "f6c4120357c1458b23bd0d466c66808efdefad397bf97b1162600d079d4665ae"; }; propagatedBuildInputs = with self; [ cffi numpy pkgs.portaudio ]; @@ -22737,6 +22873,55 @@ in modules // { }; }); + sphinx-testing = buildPythonPackage rec { + name = "sphinx-testing-${version}"; + version = "0.7.1"; + + src = pkgs.fetchurl { + url = "mirror://pypi/s/sphinx-testing/${name}.tar.gz"; + sha256 = "0cd235ce939770ae5128eda01d8611fb1e36d8129399e98565f99fcbff3a8062"; + }; + + buildInputs = with self; [ mock ]; + propagatedBuildInputs = with self; [ sphinx six ]; + + checkPhase = '' + ${python.interpreter} -m unittest discover -s tests + ''; + + meta = { + homepage = https://github.com/sphinx-doc/sphinx-testing; + license = licenses.bsd2; + description = "Testing utility classes and functions for Sphinx extensions"; + }; + + }; + + sphinxcontrib-blockdiag = buildPythonPackage (rec { + name = "${pname}-${version}"; + pname = "sphinxcontrib-blockdiag"; + version = "1.5.5"; + src = pkgs.fetchurl { + url = "mirror://pypi/s/${pname}/${name}.tar.gz"; + sha256 = "1w7q2hhpzk159wd35hlbwkh80hnglqa475blcd9vjwpkv1kgkpvw"; + }; + + buildInputs = with self; [ mock sphinx-testing ]; + propagatedBuildInputs = with self; [ sphinx blockdiag ]; + + # Seems to look for files in the wrong dir + doCheck = false; + checkPhase = '' + ${python.interpreter} -m unittest discover -s tests + ''; + + meta = { + description = "Sphinx blockdiag extension"; + homepage = "https://github.com/blockdiag/sphinxcontrib-blockdiag"; + maintainers = with maintainers; [ nand0p ]; + license = licenses.bsd2; + }; + }); sphinxcontrib_httpdomain = buildPythonPackage (rec { name = "sphinxcontrib-httpdomain-1.3.0"; @@ -22782,6 +22967,45 @@ in modules // { }; }); + sphinxcontrib-spelling = buildPythonPackage (rec { + name = "${pname}-${version}"; + pname = "sphinxcontrib-spelling"; + version = "2.2.0"; + src = pkgs.fetchurl { + url = "mirror://pypi/s/${pname}/${name}.tar.gz"; + sha256 = "1f0fymrk4kvhqs0vj9gay4lhacxkfrlrpj4gvg0p4wjdczplxd3z"; + }; + propagatedBuildInputs = with self; [ sphinx pyenchant]; + # No tests included + doCheck = false; + meta = { + description = "Sphinx spelling extension"; + homepage = "http://bitbucket.org/dhellmann/sphinxcontrib-spelling"; + maintainers = with maintainers; [ nand0p ]; + license = licenses.bsd2; + }; + }); + + sphinx-jinja = buildPythonPackage (rec { + name = "${pname}-${version}"; + pname = "sphinx-jinja"; + version = "0.2.1"; + src = pkgs.fetchurl { + url = "mirror://pypi/s/${pname}/${name}.tar.gz"; + sha256 = "1zsnhc573rvaww9qqyzs4f5h4hhvxklvppv14450vi5dk8rij81z"; + }; + buildInputs = with self; [ sphinx-testing pytest]; + propagatedBuildInputs = with self; [ sphinx blockdiag ]; + checkPhase = '' + py.test -k "not test_build_epub" + ''; + disabled = isPy3k; + meta = { + description = "includes jinja templates in a documentation"; + maintainers = with maintainers; [ nand0p ]; + license = licenses.mit; + }; + }); sphinx_pypi_upload = buildPythonPackage (rec { name = "Sphinx-PyPI-upload-0.2.1"; @@ -23586,12 +23810,12 @@ in modules // { }; traitlets = buildPythonPackage rec { - version = "4.2.1"; + version = "4.2.2"; name = "traitlets-${version}"; src = pkgs.fetchurl { url = "mirror://pypi/t/traitlets/${name}.tar.gz"; - sha256 = "1h0aryjiqz2f3ykcjb34k5wz6bmzyp5cll7r4k08yfvji4ya7svn"; + sha256 = "7d7e3070484b2fe490fa55e0acf7023afc5ed9ddabec57405f25c355158e152a"; }; buildInputs = with self; [ nose mock ]; @@ -23719,11 +23943,11 @@ in modules // { toolz = buildPythonPackage rec{ name = "toolz-${version}"; - version = "0.7.4"; + version = "0.8.0"; src = pkgs.fetchurl{ url = "mirror://pypi/t/toolz/toolz-${version}.tar.gz"; - sha256 = "43c2c9e5e7a16b6c88ba3088a9bfc82f7db8e13378be7c78d6c14a5f8ed05afd"; + sha256 = "e8451af61face57b7c5d09e71c0d27b8005f001ead56e9fdf470417e5cc6d479"; }; buildInputs = with self; [ nose ]; @@ -23756,11 +23980,11 @@ in modules // { tqdm = buildPythonPackage rec { name = "tqdm-${version}"; - version = "3.7.1"; + version = "3.8.4"; src = pkgs.fetchurl { url = "mirror://pypi/t/tqdm/${name}.tar.gz"; - sha256 = "f12d792685f779e8754e623aff1a25a93b98a90457e3a2b7eb89b4401c2c239e"; + sha256 = "bab05f8bb6efd2702ab6c532e5e6a758a66c0d2f443e09784b73e4066e6b3a37"; }; buildInputs = with self; [ nose coverage pkgs.glibcLocales flake8 ]; @@ -24049,23 +24273,28 @@ in modules // { }; twisted = buildPythonPackage rec { - disabled = isPy3k; name = "Twisted-${version}"; - version = "16.2.0"; + version = "16.4.0"; src = pkgs.fetchurl { url = "mirror://pypi/T/Twisted/${name}.tar.bz2"; - sha256 = "0ydxrp9myw1mvsz3qfzx5579y5llmqa82pxvqchgp5syczffi450"; + sha256 = "cd8820901900542d21fb1dee2cd4d4d334fff130e3fc30b777f81dd7d7f2836e"; }; propagatedBuildInputs = with self; [ zope_interface ]; - # Generate Twisted's plug-in cache. Twited users must do it as well. See + # Generate Twisted's plug-in cache. Twisted users must do it as well. See # http://twistedmatrix.com/documents/current/core/howto/plugin.html#auto3 # and http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=477103 for # details. postInstall = "$out/bin/twistd --help > /dev/null"; + checkPhase = '' + ${python.interpreter} -m unittest discover -s twisted/test + ''; + # Tests require network + doCheck = false; + meta = { homepage = http://twistedmatrix.com/; description = "Twisted, an event-driven networking engine written in Python"; @@ -24897,17 +25126,20 @@ in modules // { }; xlib = buildPythonPackage (rec { - name = "xlib-0.15rc1"; + name = "xlib-${version}"; + version = "0.17"; - src = pkgs.fetchurl { - url = "mirror://sourceforge/python-xlib/python-${name}.tar.bz2"; - sha256 = "0mvzz605pxzj7lfp2w6z4qglmr4rjza9xrb7sl8yn12cklzfky0m"; + src = pkgs.fetchFromGitHub { + owner = "python-xlib"; + repo = "python-xlib"; + rev = "${version}"; + sha256 = "1iiz2nq2hq9x6laavngvfngnmxbgnwh54wdbq6ncx4va7v98liyi"; }; # Tests require `pyutil' so disable them to avoid circular references. doCheck = false; - propagatedBuildInputs = with self; [ pkgs.xorg.libX11 ]; + propagatedBuildInputs = with self; [ six setuptools_scm pkgs.xorg.libX11 ]; meta = { description = "Fully functional X client library for Python programs"; @@ -24937,11 +25169,11 @@ in modules // { xarray = buildPythonPackage rec { name = "xarray-${version}"; - version = "0.7.2"; + version = "0.8.2"; src = pkgs.fetchurl { url = "mirror://pypi/x/xarray/${name}.tar.gz"; - sha256 = "0gnhznv18iz478r8wg6a686dqgs1v4i3yra8y91x3vsfl23mgv34"; + sha256 = "4da06e38baea65c51347ba0770db416ebf003dbad5637215d2b25b191f2be1fb"; }; buildInputs = with self; [ pytest ]; @@ -24980,17 +25212,10 @@ in modules // { }; }; - youtube-dl = callPackage ../tools/misc/youtube-dl { - # Release versions don't need pandoc because the formatted man page - # is included in the tarball. - pandoc = null; - }; + youtube-dl = callPackage ../tools/misc/youtube-dl {}; youtube-dl-light = callPackage ../tools/misc/youtube-dl { - # Release versions don't need pandoc because the formatted man page - # is included in the tarball. - ffmpeg = null; - pandoc = null; + ffmpegSupport = false; }; zbase32 = buildPythonPackage (rec { @@ -27722,12 +27947,13 @@ in modules // { sed -i -e "s|test_open_unix_connection_error|skip_test_open_unix_connection_error|" tests/test_streams.py sed -i -e "s|test_open_unix_connection_no_loop_ssl|skip_test_open_unix_connection_no_loop_ssl|" tests/test_streams.py sed -i -e "s|test_open_unix_connection|skip_test_open_unix_connection|" tests/test_streams.py + sed -i -e "s|test_pause_reading|skip_test_pause_reading|" tests/test_subprocess.py sed -i -e "s|test_read_pty_output|skip_test_read_pty_output|" tests/test_events.py - sed -i -e "s|test_write_pty|skip_test_write_pty|" tests/test_events.py sed -i -e "s|test_start_unix_server|skip_test_start_unix_server|" tests/test_streams.py sed -i -e "s|test_unix_sock_client_ops|skip_test_unix_sock_client_ops|" tests/test_events.py sed -i -e "s|test_unix_sock_client_ops|skip_test_unix_sock_client_ops|" tests/test_events.py sed -i -e "s|test_unix_sock_client_ops|skip_test_unix_sock_client_ops|" tests/test_events.py + sed -i -e "s|test_write_pty|skip_test_write_pty|" tests/test_events.py '' + optionalString isPy26 '' sed -i -e "s|test_env_var_debug|skip_test_env_var_debug|" tests/test_tasks.py ''; @@ -29443,6 +29669,58 @@ in modules // { ''; }; + txaio = buildPythonPackage rec { + name = "${pname}-${version}"; + pname = "txaio"; + version = "2.5.1"; + + meta = { + description = "Utilities to support code that runs unmodified on Twisted and asyncio."; + homepage = "https://github.com/crossbario/txaio"; + license = licenses.mit; + maintainers = with maintainers; [ nand0p ]; + platforms = platforms.all; + }; + + buildInputs = with self; [ pytest mock ]; + propagatedBuildInputs = with self; [ six twisted ]; + + checkPhase = '' + py.test -k "not test_sdist" + ''; + + src = pkgs.fetchurl { + url = "mirror://pypi/t/${pname}/${name}.tar.gz"; + sha256 = "1pni1m66mlmbybmaf3py4h7cpkmkssqb5l3rigkxvql2f53pcl32"; + }; + }; + + ramlfications = buildPythonPackage rec { + name = "${pname}-${version}"; + pname = "ramlfications"; + version = "0.1.9"; + + meta = { + description = "A Python RAML parser."; + homepage = "https://ramlfications.readthedocs.org"; + license = licenses.asl20; + maintainers = with maintainers; [ nand0p ]; + platforms = platforms.all; + }; + + doCheck = false; + # [darwin] AssertionError: Expected 'update_mime_types' to have been called once. Called 0 times. + + buildInputs = with self; [ mock pytest pytest-mock pytest-server-fixtures pytest-localserver ]; + + propagatedBuildInputs = with self; [ termcolor click markdown2 six jsonref pyyaml xmltodict attrs ]; + + src = pkgs.fetchurl { + url = "mirror://pypi/r/${pname}/${name}.tar.gz"; + sha256 = "0xvnna7kaq4nm5nfnwcwbr5bcm2s532hgyp7kq4v9iivn48rrf3v"; + }; + }; + yapf = buildPythonPackage rec { name = "yapf-${version}"; version = "0.11.0"; @@ -29459,4 +29737,51 @@ in modules // { sha256 = "14kb9gxw39zhvrijhp066b4bm6bgv35iw56c394y4dyczpha0dij"; }; }; + + autobahn = buildPythonPackage rec { + name = "${pname}-${version}"; + pname = "autobahn"; + version = "0.16.0"; + src = pkgs.fetchurl { + url = "mirror://pypi/a/${pname}/${name}.tar.gz"; + sha256 = "1158ml8h3g0vlsgw2jmy579glbg7dn0mjij8xibdl509b8qv9p51"; + }; + buildInputs = with self; [ unittest2 mock pytest txaio trollius ]; + propagatedBuildInputs = with self; [ six twisted ]; + checkPhase = '' + py.test $out + ''; + + meta = { + description = "WebSocket and WAMP in Python for Twisted and asyncio."; + homepage = "http://crossbar.io/autobahn"; + license = licenses.mit; + maintainers = with maintainers; [ nand0p ]; + platforms = platforms.all; + }; + }; + + jsonref = buildPythonPackage rec { + name = "${pname}-${version}"; + pname = "jsonref"; + version = "0.1"; + + meta = { + description = "An implementation of JSON Reference for Python."; + homepage = "http://github.com/gazpachoking/jsonref"; + license = licenses.mit; + maintainers = with maintainers; [ nand0p ]; + platforms = platforms.all; + }; + + buildInputs = with self; [ pytest mock ]; + checkPhase = '' + py.test tests.py + ''; + + src = pkgs.fetchurl { + url = "mirror://pypi/j/${pname}/${name}.tar.gz"; + sha256 = "1lqa8dy1sr1bxi00ri79lmbxvzxi84ki8p46zynyrgcqhwicxq2n"; + }; + }; } diff --git a/pkgs/top-level/release.nix b/pkgs/top-level/release.nix index 4ae5951ceff5..160c19b1d859 100644 --- a/pkgs/top-level/release.nix +++ b/pkgs/top-level/release.nix @@ -11,8 +11,9 @@ { nixpkgs ? { outPath = (import ../.. {}).lib.cleanSource ../..; revCount = 1234; shortRev = "abcdef"; } , officialRelease ? false -, # The platforms for which we build Nixpkgs. - supportedSystems ? [ "x86_64-linux" "i686-linux" "x86_64-darwin" ] +# The platforms for which we build Nixpkgs. +, supportedSystems ? [ "x86_64-linux" "i686-linux" "x86_64-darwin" ] +# Strip most of attributes when evaluating to spare memory usage , scrubJobs ? true }: @@ -84,189 +85,15 @@ let }; } // (mapTestOn ((packagePlatforms pkgs) // rec { - - # TODO: most (but possibly not all) of the jobs specified here are unnecessary now that we have release-lib.nix - # traversing all packages and looking at their meta.platform attributes. Someone who's better at this than I am - # should go through these and kill the ones that are safe to kill. - # - # <niksnut> note that all that " = linux" stuff in release.nix is legacy, from before we had meta.platforms - # <copumpkin> niksnut: so should I just kill all the obsolete jobs in release.nix? - # <niksnut> I don't know if they're all covered - abcde = linux; - aspell = all; - atlas = linux; - bazaar = linux; # first let sqlite3 work on darwin - binutils = linux; - bind = linux; - bvi = all; - cdrkit = linux; - classpath = linux; - ddrescue = linux; - dhcp = linux; - dico = linux; - diffutils = all; - disnix = all; - disnixos = linux; - DisnixWebService = linux; - docbook5 = all; - docbook5_xsl = all; - docbook_xml_dtd_42 = all; - docbook_xml_dtd_43 = all; - docbook_xsl = all; - dosbox = linux; - dovecot = linux; - doxygen = linux; - drgeo = linux; - ejabberd = linux; - elinks = linux; - eprover = linux; - expect = linux; - exult = linux; - flex = all; - fontforge = linux; - gajim = linux; - gawk = all; - gcc = linux; - gcj = linux; - ghostscript = linux; - ghostscriptX = linux; - glibc = linux; - glibcLocales = linux; - glxinfo = linux; - gnum4 = all; - gnupg = linux; - gnuplot = allBut cygwin; - gnutls = linux; - gogoclient = linux; - gphoto2 = linux; - gpscorrelate = linux; - gqview = gtkSupported; - gsl = linux; - guile = linux; # tests fail on Cygwin - html-tidy = all; - icewm = linux; - inkscape = linux; - irssi = linux; - jnettop = linux; - keen4 = ["i686-linux"]; - lftp = all; - libarchive = linux; - libtool = all; - libtool_2 = all; - lout = linux; - lsof = linux; - ltrace = linux; - lynx = linux; - lzma = linux; - man = linux; - man-pages = linux; - maxima = linux; - mc = linux; - mcabber = linux; - mcron = linux; - mdadm = linux; - mercurial = unix; - mercurialFull = linux; - mesa = mesaPlatforms; - mk = linux; - mktemp = all; - mod_python = linux; - mupen64plus = linux; - mutt = linux; - nano = allBut cygwin; - netcat = all; - nss_ldap = linux; - nssmdns = linux; - ocaml = linux; - pciutils = linux; - pdf2xml = all; - php = linux; - pltScheme = linux; - pmccabe = linux; - ppl = all; - procps = linux; - pygtk = linux; - python = allBut cygwin; - pythonFull = linux; - sbcl = linux; - qt3 = linux; - qt4_clang = ["i686-linux"]; - quake3demo = linux; - reiserfsprogs = linux; - rubber = allBut cygwin; - rxvt_unicode = linux; - scrot = linux; - sdparm = linux; - seccure = linux; - sgtpuzzles = linux; - sloccount = allBut cygwin; - spidermonkey = linux; - squid = linux; - ssmtp = linux; - stdenv = all; - stlport = linux; - superTuxKart = linux; - swig = linux; - tahoelafs = linux; - tangogps = linux; - tcl = linux; - teeworlds = linux; - tightvnc = linux; - time = linux; - tinycc = linux; - uae = linux; - viking = linux; - vice = linux; - vimHugeX = linux; - vncrec = linux; - vorbis-tools = linux; - vsftpd = linux; - w3m = all; - weechat = linux; - wicd = linux; - wine = ["i686-linux"]; - wirelesstools = linux; - wxGTK = linux; - x11_ssh_askpass = linux; - xchm = linux; - xfig = x11Supported; - xfsprogs = linux; - xineUI = linux; - xkeyboard_config = linux; - xlockmore = linux; - xpdf = linux; - xscreensaver = linux; - xsel = linux; - xterm = linux; - zdelta = linux; - zsh = linux; - zsnes = ["i686-linux"]; - - #emacs24PackagesNg = packagePlatforms pkgs.emacs24PackagesNg; - - gnome = { - gnome_panel = linux; - metacity = linux; - gnome_vfs = linux; - }; - haskell.compiler = packagePlatforms pkgs.haskell.compiler; haskellPackages = packagePlatforms pkgs.haskellPackages; - #rPackages = packagePlatforms pkgs.rPackages; - - strategoPackages = { - sdf = linux; - strategoxt = linux; - javafront = linux; - strategoShell = linux ++ darwin; - dryad = linux; - }; + # Language packages disabled in https://github.com/NixOS/nixpkgs/commit/ccd1029f58a3bb9eca32d81bf3f33cb4be25cc66 + #emacs24PackagesNg = packagePlatforms pkgs.emacs24PackagesNg; + #rPackages = packagePlatforms pkgs.rPackages; ocamlPackages = { }; - perlPackages = { }; - pythonPackages = { pandas = unix; scikitlearn = unix; @@ -279,63 +106,6 @@ let pandas = unix; scikitlearn = unix; }; - - xorg = { - fontadobe100dpi = linux ++ darwin; - fontadobe75dpi = linux ++ darwin; - fontbh100dpi = linux ++ darwin; - fontbhlucidatypewriter100dpi = linux ++ darwin; - fontbhlucidatypewriter75dpi = linux ++ darwin; - fontbhttf = linux ++ darwin; - fontcursormisc = linux ++ darwin; - fontmiscmisc = linux ++ darwin; - iceauth = linux ++ darwin; - libX11 = linux ++ darwin; - lndir = all ++ darwin; - setxkbmap = linux ++ darwin; - xauth = linux ++ darwin; - xbitmaps = linux ++ darwin; - xev = linux ++ darwin; - xf86inputevdev = linux; - xf86inputkeyboard = linux; - xf86inputmouse = linux; - xf86inputsynaptics = linux; - xf86videoati = linux; - xf86videocirrus = linux; - xf86videointel = linux; - xf86videonv = linux; - xf86videovesa = linux; - xf86videovmware = linux; - xfs = linux ++ darwin; - xinput = linux ++ darwin; - xkbcomp = linux ++ darwin; - xlsclients = linux ++ darwin; - xmessage = linux ++ darwin; - xorgserver = linux ++ darwin; - xprop = linux ++ darwin; - xrandr = linux ++ darwin; - xrdb = linux ++ darwin; - xset = linux ++ darwin; - xsetroot = linux ++ darwin; - xwininfo = linux ++ darwin; - }; - - xfce = { - gtk_xfce_engine = linux; - mousepad = linux; - ristretto = linux; - terminal = linux; - thunar = linux; - xfce4_power_manager = linux; - xfce4icontheme = linux; - xfce4mixer = linux; - xfce4panel = linux; - xfce4session = linux; - xfce4settings = linux; - xfdesktop = linux; - xfwm4 = linux; - }; - } )); in jobs |