diff options
24 files changed, 440 insertions, 41 deletions
diff --git a/lib/licenses.nix b/lib/licenses.nix index 2d4e52ae4806..c370af346791 100644 --- a/lib/licenses.nix +++ b/lib/licenses.nix @@ -387,6 +387,14 @@ lib.mapAttrs (n: v: v // { shortName = n; }) rec { fullName = "ISC License"; }; + # Proprietary binaries; free to redistribute without modification. + issl = { + fullName = "Intel Simplified Software License"; + url = https://software.intel.com/en-us/license/intel-simplified-software-license; + free = false; + }; + + lgpl2 = spdx { spdxId = "LGPL-2.0"; fullName = "GNU Library General Public License v2 only"; diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index f55c32fa511d..2bb41767b0b2 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -149,6 +149,7 @@ ./security/duosec.nix ./security/hidepid.nix ./security/lock-kernel-modules.nix + ./security/misc.nix ./security/oath.nix ./security/pam.nix ./security/pam_usb.nix diff --git a/nixos/modules/profiles/hardened.nix b/nixos/modules/profiles/hardened.nix index 38c5a42ba6fb..d712fb2514b1 100644 --- a/nixos/modules/profiles/hardened.nix +++ b/nixos/modules/profiles/hardened.nix @@ -16,6 +16,8 @@ with lib; security.lockKernelModules = mkDefault true; + security.allowUserNamespaces = mkDefault false; + security.apparmor.enable = mkDefault true; boot.kernelParams = [ @@ -59,18 +61,6 @@ with lib; # ... or at least apply some hardening to it boot.kernel.sysctl."net.core.bpf_jit_harden" = mkDefault true; - # A recurring problem with user namespaces is that there are - # still code paths where the kernel's permission checking logic - # fails to account for namespacing, instead permitting a - # namespaced process to act outside the namespace with the - # same privileges as it would have inside it. This is particularly - # bad in the common case of running as root within the namespace. - # - # Setting the number of allowed user namespaces to 0 effectively disables - # the feature at runtime. Attempting to create a user namespace - # with unshare will then fail with "no space left on device". - boot.kernel.sysctl."user.max_user_namespaces" = mkDefault 0; - # Raise ASLR entropy for 64bit & 32bit, respectively. # # Note: mmap_rnd_compat_bits may not exist on 64bit. diff --git a/nixos/modules/security/misc.nix b/nixos/modules/security/misc.nix new file mode 100644 index 000000000000..42f872b7b088 --- /dev/null +++ b/nixos/modules/security/misc.nix @@ -0,0 +1,39 @@ +{ config, lib, ... }: + +with lib; + +{ + meta = { + maintainers = [ maintainers.joachifm ]; + }; + + options = { + security.allowUserNamespaces = mkOption { + type = types.bool; + default = true; + description = '' + Whether to allow creation of user namespaces. A recurring problem + with user namespaces is the presence of code paths where the kernel's + permission checking logic fails to account for namespacing, instead + permitting a namespaced process to act outside the namespace with the + same privileges as it would have inside it. This is particularly + damaging in the common case of running as root within the namespace. + When user namespace creation is disallowed, attempting to create + a user namespace fails with "no space left on device" (ENOSPC). + ''; + }; + }; + + config = mkIf (!config.security.allowUserNamespaces) { + # Setting the number of allowed user namespaces to 0 effectively disables + # the feature at runtime. Note that root may raise the limit again + # at any time. + boot.kernel.sysctl."user.max_user_namespaces" = 0; + + assertions = [ + { assertion = config.nix.useSandbox -> config.security.allowUserNamespaces; + message = "`nix.useSandbox = true` conflicts with `!security.allowUserNamespaces`."; + } + ]; + }; +} diff --git a/nixos/modules/virtualisation/amazon-image.nix b/nixos/modules/virtualisation/amazon-image.nix index e9e935e90202..c92570582f20 100644 --- a/nixos/modules/virtualisation/amazon-image.nix +++ b/nixos/modules/virtualisation/amazon-image.nix @@ -145,8 +145,12 @@ let cfg = config.ec2; in environment.systemPackages = [ pkgs.cryptsetup ]; boot.initrd.supportedFilesystems = [ "unionfs-fuse" ]; - + # EC2 has its own NTP server provided by the hypervisor networking.timeServers = [ "169.254.169.123" ]; + + # udisks has become too bloated to have in a headless system + # (e.g. it depends on GTK+). + services.udisks2.enable = false; }; } diff --git a/nixos/modules/virtualisation/ec2-amis.nix b/nixos/modules/virtualisation/ec2-amis.nix index 76facac39fc6..aaea06bb9a63 100644 --- a/nixos/modules/virtualisation/ec2-amis.nix +++ b/nixos/modules/virtualisation/ec2-amis.nix @@ -257,5 +257,22 @@ let self = { "18.03".sa-east-1.hvm-ebs = "ami-163e1f7a"; "18.03".ap-south-1.hvm-ebs = "ami-6a390b05"; - latest = self."18.03"; + # 18.09.910.c15e342304a + "18.09".eu-west-1.hvm-ebs = "ami-0f412186fb8a0ec97"; + "18.09".eu-west-2.hvm-ebs = "ami-0dada3805ce43c55e"; + "18.09".eu-west-3.hvm-ebs = "ami-074df85565f2e02e2"; + "18.09".eu-central-1.hvm-ebs = "ami-07c9b884e679df4f8"; + "18.09".us-east-1.hvm-ebs = "ami-009c9c3f1af480ff3"; + "18.09".us-east-2.hvm-ebs = "ami-08199961085ea8bc6"; + "18.09".us-west-1.hvm-ebs = "ami-07aa7f56d612ddd38"; + "18.09".us-west-2.hvm-ebs = "ami-01c84b7c368ac24d1"; + "18.09".ca-central-1.hvm-ebs = "ami-04f66113f76198f6c"; + "18.09".ap-southeast-1.hvm-ebs = "ami-0892c7e24ebf2194f"; + "18.09".ap-southeast-2.hvm-ebs = "ami-010730f36424b0a2c"; + "18.09".ap-northeast-1.hvm-ebs = "ami-0cdba8e998f076547"; + "18.09".ap-northeast-2.hvm-ebs = "ami-0400a698e6a9f4a15"; + "18.09".sa-east-1.hvm-ebs = "ami-0e4a8a47fd6db6112"; + "18.09".ap-south-1.hvm-ebs = "ami-0880a678d3f555313"; + + latest = self."18.09"; }; in self diff --git a/pkgs/applications/editors/eclipse/default.nix b/pkgs/applications/editors/eclipse/default.nix index 4d77c47695a3..55bbc778e3ae 100644 --- a/pkgs/applications/editors/eclipse/default.nix +++ b/pkgs/applications/editors/eclipse/default.nix @@ -228,6 +228,27 @@ rec { }; eclipse_sdk_37 = eclipse-sdk-37; # backward compatibility, added 2016-01-30 + ### Eclipse Java + + eclipse-java = eclipse-java-49; + + eclipse-java-49 = buildEclipse { + name = "eclipse-java-4.9.0"; + description = "Eclipse IDE for Java Developers"; + src = + if stdenv.system == "x86_64-linux" then + fetchurl { + url = http://www.eclipse.org/downloads/download.php?r=1&nf=1&file=/technology/epp/downloads/release/2018-09/R/eclipse-java-2018-09-linux-gtk-x86_64.tar.gz; + sha512 = "9dac5d040cdabf779de3996de87290e352130c7e860c1d0a98772f41da828ad45f90748b68e0a8a4f8d1ebbbbe5fdfe6401b7d871b93af34103d4a81a041c6a5"; + } + else if stdenv.system == "i686-linux" then + fetchurl { + url = http://www.eclipse.org/downloads/download.php?r=1&nf=1&file=/technology/epp/downloads/release/2018-09/R/eclipse-java-2018-09-linux-gtk.tar.gz; + sha512 = "24208e95b972e848d6b65ed8108d9e81584cf051397f2f43fb6269f5a625b8d7552ad77c7980a1a5653c87f06776e2926fd85607aae44e44657b4f6cc9b3e2e3"; + } + else throw "Unsupported system: ${stdenv.system}"; + }; + ### Environments # Function that assembles a complete Eclipse environment from an diff --git a/pkgs/applications/version-management/gitea/default.nix b/pkgs/applications/version-management/gitea/default.nix index c6eb563155f6..58cfa1862604 100644 --- a/pkgs/applications/version-management/gitea/default.nix +++ b/pkgs/applications/version-management/gitea/default.nix @@ -7,13 +7,21 @@ with stdenv.lib; buildGoPackage rec { name = "gitea-${version}"; - version = "1.5.1"; + version = "1.5.2"; src = fetchFromGitHub { owner = "go-gitea"; repo = "gitea"; rev = "v${version}"; - sha256 = "06h6v9py35mm0xk9l8xrq02vvr5vzl15gfbw9qqvpn8kiamkn53r"; + sha256 = "168pbndlh7c148p8wzkd39kd7idiba9zw7v0alp9zqcqzzayaydj"; + # Required to generate the same checksum on MacOS due to unicode encoding differences + # More information: https://github.com/NixOS/nixpkgs/pull/48128 + extraPostFetch = '' + rm -rf $out/integrations + rm -rf $out/vendor/github.com/Unknown/cae/tz/testdata + rm -rf $out/vendor/github.com/Unknown/cae/zip/testdata + rm -rf $out/vendor/gopkg.in/macaron.v1/fixtures + ''; }; patches = [ ./static-root-path.patch ]; diff --git a/pkgs/desktops/deepin/deepin-metacity/default.nix b/pkgs/desktops/deepin/deepin-metacity/default.nix new file mode 100644 index 000000000000..b5eb71108763 --- /dev/null +++ b/pkgs/desktops/deepin/deepin-metacity/default.nix @@ -0,0 +1,62 @@ +{ stdenv, fetchFromGitHub, pkgconfig, intltool, libtool, gnome3, bamf, + json-glib, libcanberra-gtk3, libxkbcommon, libstartup_notification, + deepin-wallpapers, deepin-desktop-schemas }: + +stdenv.mkDerivation rec { + name = "${pname}-${version}"; + pname = "deepin-metacity"; + version = "3.22.22"; + + src = fetchFromGitHub { + owner = "linuxdeepin"; + repo = pname; + rev = version; + sha256 = "0gr10dv8vphla6z7zqiyyg3n3ag4rrlz43c4kr7fd5xwx2bfvp3d"; + }; + + nativeBuildInputs = [ + pkgconfig + intltool + libtool + gnome3.gnome-common + gnome3.glib.dev + ]; + + buildInputs = [ + gnome3.dconf + gnome3.gtk + gnome3.libgtop + gnome3.zenity + bamf + json-glib + libcanberra-gtk3 + libstartup_notification + libxkbcommon + deepin-wallpapers + deepin-desktop-schemas + ]; + + postPatch = '' + sed -i src/ui/deepin-background-cache.c \ + -e 's;/usr/share/backgrounds/default_background.jpg;${deepin-wallpapers}/share/backgrounds/deepin/desktop.jpg;' + ''; + + NIX_CFLAGS_COMPILE = "-I${gnome3.glib.dev}/include/gio-unix-2.0"; + + configureFlags = [ "--disable-themes-documentation" ]; + + preConfigure = '' + HOME=$TMP + NOCONFIGURE=1 ./autogen.sh + ''; + + enableParallelBuilding = true; + + meta = with stdenv.lib; { + description = "2D window manager for Deepin"; + homepage = https://github.com/linuxdeepin/deepin-metacity; + license = licenses.gpl3; + platforms = platforms.linux; + maintainers = with maintainers; [ romildo ]; + }; +} diff --git a/pkgs/desktops/deepin/deepin-wm/default.nix b/pkgs/desktops/deepin/deepin-wm/default.nix new file mode 100644 index 000000000000..f936934dcc0c --- /dev/null +++ b/pkgs/desktops/deepin/deepin-wm/default.nix @@ -0,0 +1,58 @@ +{ stdenv, fetchFromGitHub, pkgconfig, intltool, libtool, vala, gnome3, + bamf, clutter-gtk, granite, libcanberra-gtk3, libwnck3, + deepin-mutter, deepin-wallpapers, deepin-desktop-schemas, + hicolor-icon-theme }: + +stdenv.mkDerivation rec { + name = "${pname}-${version}"; + pname = "deepin-wm"; + version = "1.9.32"; + + src = fetchFromGitHub { + owner = "linuxdeepin"; + repo = pname; + rev = version; + sha256 = "02vwbkfpxcwv01vqa70pg7dm0lhm1lwhdqhk057r147a9cjb3ssc"; + }; + + nativeBuildInputs = [ + pkgconfig + intltool + libtool + gnome3.gnome-common + vala + ]; + + buildInputs = [ + gnome3.gnome-desktop + gnome3.libgee + bamf + clutter-gtk + granite + libcanberra-gtk3 + libwnck3 + deepin-mutter + deepin-wallpapers + deepin-desktop-schemas + hicolor-icon-theme + ]; + + postPatch = '' + sed -i src/Background/BackgroundSource.vala \ + -e 's;/usr/share/backgrounds/default_background.jpg;${deepin-wallpapers}/share/backgrounds/deepin/desktop.jpg;' + ''; + + preConfigure = '' + ./autogen.sh + ''; + + enableParallelBuilding = true; + + meta = with stdenv.lib; { + description = "Deepin Window Manager"; + homepage = https://github.com/linuxdeepin/deepin-wm; + license = licenses.gpl3; + platforms = platforms.linux; + maintainers = with maintainers; [ romildo ]; + }; +} diff --git a/pkgs/desktops/deepin/default.nix b/pkgs/desktops/deepin/default.nix index 84f41dc3451b..291aa8c11be1 100644 --- a/pkgs/desktops/deepin/default.nix +++ b/pkgs/desktops/deepin/default.nix @@ -13,6 +13,7 @@ let deepin-icon-theme = callPackage ./deepin-icon-theme { }; deepin-image-viewer = callPackage ./deepin-image-viewer { }; deepin-menu = callPackage ./deepin-menu { }; + deepin-metacity = callPackage ./deepin-metacity { }; deepin-mutter = callPackage ./deepin-mutter { }; deepin-shortcut-viewer = callPackage ./deepin-shortcut-viewer { }; deepin-sound-theme = callPackage ./deepin-sound-theme { }; @@ -21,6 +22,7 @@ let wnck = pkgs.libwnck3; }; deepin-wallpapers = callPackage ./deepin-wallpapers { }; + deepin-wm = callPackage ./deepin-wm { }; dtkcore = callPackage ./dtkcore { }; dtkwm = callPackage ./dtkwm { }; dtkwidget = callPackage ./dtkwidget { }; diff --git a/pkgs/development/haskell-modules/configuration-common.nix b/pkgs/development/haskell-modules/configuration-common.nix index 6f654c32dbb2..125413d61511 100644 --- a/pkgs/development/haskell-modules/configuration-common.nix +++ b/pkgs/development/haskell-modules/configuration-common.nix @@ -676,8 +676,13 @@ self: super: { # https://github.com/goldfirere/singletons/issues/122 singletons = dontCheck super.singletons; - # https://github.com/fpco/stackage/issues/838 - cryptonite = dontCheck super.cryptonite; + # Fix an aarch64 issue with cryptonite-0.25: + # https://github.com/haskell-crypto/cryptonite/issues/234 + # This has been committed upstream, but there is, as of yet, no new release. + cryptonite = appendPatch super.cryptonite (pkgs.fetchpatch { + url = https://github.com/haskell-crypto/cryptonite/commit/4622e5fc8ece82f4cf31358e31cd02cf020e558e.patch; + sha256 = "1m2d47ni4jbrpvxry50imj91qahr3r7zkqm157clrzlmw6gzpgnq"; + }); # We cannot build this package w/o the C library from <http://www.phash.org/>. phash = markBroken super.phash; diff --git a/pkgs/development/libraries/git2/0.27.nix b/pkgs/development/libraries/git2/0.27.nix index bafd6be37df6..db627449e1ba 100644 --- a/pkgs/development/libraries/git2/0.27.nix +++ b/pkgs/development/libraries/git2/0.27.nix @@ -4,14 +4,14 @@ }: stdenv.mkDerivation rec { - version = "0.27.4"; + version = "0.27.5"; name = "libgit2-${version}"; src = fetchFromGitHub { owner = "libgit2"; repo = "libgit2"; rev = "v${version}"; - sha256 = "1cmc8ldhpyp62pswb7dmjjya3ng0ssaggcsxs1labvp6xyxjvp6s"; + sha256 = "1f6jxgw4pf6jln439v1pj8a0kgym5sq5xry8x0gq18dr5gv3wims"; }; cmakeFlags = [ "-DTHREADSAFE=ON" ]; diff --git a/pkgs/development/libraries/leatherman/default.nix b/pkgs/development/libraries/leatherman/default.nix index b01d902fd91a..259975815d8e 100644 --- a/pkgs/development/libraries/leatherman/default.nix +++ b/pkgs/development/libraries/leatherman/default.nix @@ -2,10 +2,10 @@ stdenv.mkDerivation rec { name = "leatherman-${version}"; - version = "1.5.0"; + version = "1.5.2"; src = fetchFromGitHub { - sha256 = "1plx111mfci8z33mwy56y54n597gi8965s7bmnribkk8bvdn10dy"; + sha256 = "0drn8wdl4mwqz84lwc7cjmc6pxj2jwpx7n2dxwzwj43ps624zhbj"; rev = version; repo = "leatherman"; owner = "puppetlabs"; diff --git a/pkgs/development/libraries/librealsense/default.nix b/pkgs/development/libraries/librealsense/default.nix index ea24c9da88b9..f91fa192c034 100644 --- a/pkgs/development/libraries/librealsense/default.nix +++ b/pkgs/development/libraries/librealsense/default.nix @@ -2,13 +2,13 @@ stdenv.mkDerivation rec { name = "librealsense-${version}"; - version = "2.15.0"; + version = "2.16.1"; src = fetchFromGitHub { owner = "IntelRealSense"; repo = "librealsense"; rev = "v${version}"; - sha256 = "12918gcn0w5h6bqgx6s44w44bs1x2pcndn2833xzya69rddkdv6x"; + sha256 = "0vs2vcfmsb574bvdqrfgdmam0p631c738apk0w9mjdqk59zy1bz2"; }; buildInputs = [ diff --git a/pkgs/development/libraries/science/math/ipopt/default.nix b/pkgs/development/libraries/science/math/ipopt/default.nix index 4a6aabb447f3..7e58a4c7c982 100644 --- a/pkgs/development/libraries/science/math/ipopt/default.nix +++ b/pkgs/development/libraries/science/math/ipopt/default.nix @@ -2,11 +2,11 @@ stdenv.mkDerivation rec { name = "ipopt-${version}"; - version = "3.12.10"; + version = "3.12.11"; src = fetchurl { url = "https://www.coin-or.org/download/source/Ipopt/Ipopt-${version}.zip"; - sha256 = "004pd90knnnzcx727knb7ffkabb1ggbskb8s607bfvfgdd7wlli9"; + sha256 = "1qihlwwqsqpbwpp6zqfa7nrmb55dndppzmdy98897aiknaa2650h"; }; CXXDEFS = [ "-DHAVE_RAND" "-DHAVE_CSTRING" "-DHAVE_CSTDIO" ]; diff --git a/pkgs/development/libraries/science/math/mkl/default.nix b/pkgs/development/libraries/science/math/mkl/default.nix new file mode 100644 index 000000000000..37814047f975 --- /dev/null +++ b/pkgs/development/libraries/science/math/mkl/default.nix @@ -0,0 +1,85 @@ +{ stdenvNoCC, writeText, fetchurl, rpmextract, undmg }: +/* + Some (but not all) mkl functions require openmp, but Intel does not add these + to SO_NEEDED and instructs users to put openmp on their LD_LIBRARY_PATH. If + you are using mkl and your library/application is using some of the functions + that require openmp, add a setupHook like this to your package: + + setupHook = writeText "setup-hook.sh" '' + addOpenmp() { + addToSearchPath LD_LIBRARY_PATH ${openmp}/lib + } + addEnvHooks "$targetOffset" addOpenmp + ''; + + We do not add the setup hook here, because avoiding it allows this large + package to be a fixed-output derivation with better cache efficiency. + */ + +stdenvNoCC.mkDerivation rec { + name = "mkl-${version}"; + version = "${date}.${rel}"; + date = "2019.0"; + rel = "117"; + + src = if stdenvNoCC.isDarwin + then + (fetchurl { + url = "http://registrationcenter-download.intel.com/akdlm/irc_nas/tec/13565/m_mkl_${version}.dmg"; + sha256 = "1f1jppac7vqwn00hkws0p4njx38ajh0n25bsjyb5d7jcacwfvm02"; + }) + else + (fetchurl { + url = "http://registrationcenter-download.intel.com/akdlm/irc_nas/tec/13575/l_mkl_${version}.tgz"; + sha256 = "1bf7i54iqlf7x7fn8kqwmi06g30sxr6nq3ac0r871i6g0p3y47sf"; + }); + + buildInputs = if stdenvNoCC.isDarwin then [ undmg ] else [ rpmextract ]; + + buildPhase = if stdenvNoCC.isDarwin then '' + for f in Contents/Resources/pkg/*.tgz; do + tar xzvf $f + done + '' else '' + rpmextract rpm/intel-mkl-common-c-${date}-${rel}-${date}-${rel}.noarch.rpm + rpmextract rpm/intel-mkl-core-rt-${date}-${rel}-${date}-${rel}.x86_64.rpm + ''; + + installPhase = if stdenvNoCC.isDarwin then '' + mkdir -p $out/lib + cp -r compilers_and_libraries_${version}/mac/mkl/include $out/ + cp -r compilers_and_libraries_${version}/mac/mkl/lib/* $out/lib/ + cp -r compilers_and_libraries_${version}/licensing/mkl/en/license.txt $out/lib/ + '' else '' + mkdir -p $out/lib + cp -r opt/intel/compilers_and_libraries_${version}/linux/mkl/include $out/ + cp -r opt/intel/compilers_and_libraries_${version}/linux/mkl/lib/intel64_lin/* $out/lib/ + cp license.txt $out/lib/ + ''; + + # Per license agreement, do not modify the binary + dontStrip = true; + dontPatchELF = true; + + # Since these are unmodified binaries from Intel, they do not depend on stdenv + # and we can make them fixed-output derivations for cache efficiency. + outputHashAlgo = "sha256"; + outputHashMode = "recursive"; + outputHash = if stdenvNoCC.isDarwin + then "1224dln7n8px1rk8biiggf77wjhxh8mzw0hd8zlyjm8i6j8w7i12" + else "0d8ai0wi8drp071acqkm1wv6vyg12010y843y56zzi1pql81xqvx"; + + meta = with stdenvNoCC.lib; { + description = "Intel Math Kernel Library"; + longDescription = '' + Intel Math Kernel Library (Intel MKL) optimizes code with minimal effort + for future generations of Intel processors. It is compatible with your + choice of compilers, languages, operating systems, and linking and + threading models. + ''; + homepage = https://software.intel.com/en-us/mkl; + license = [ licenses.issl licenses.unfreeRedistributable ]; + platforms = [ "x86_64-linux" "x86_64-darwin" ]; + maintainers = [ maintainers.bhipple ]; + }; +} diff --git a/pkgs/development/ocaml-modules/elpi/default.nix b/pkgs/development/ocaml-modules/elpi/default.nix index 3eecb9b45b7d..fd42cbe20c7f 100644 --- a/pkgs/development/ocaml-modules/elpi/default.nix +++ b/pkgs/development/ocaml-modules/elpi/default.nix @@ -4,12 +4,12 @@ stdenv.mkDerivation rec { name = "ocaml${ocaml.version}-elpi-${version}"; - version = "1.0.5"; + version = "1.1.0"; src = fetchFromGitHub { owner = "LPCIC"; repo = "elpi"; rev = "v${version}"; - sha256 = "1n1m183l4ms949m2l24w0887m1rmvc9b3j8alnbw8ckn6wwnhpmk"; + sha256 = "1fd4mqggdcnbhqwrg8r0ikb1j2lv0fc9hv9xfbyjzbzxbjggf5zc"; }; buildInputs = [ ocaml findlib ppx_tools_versioned ]; diff --git a/pkgs/development/tools/misc/abi-compliance-checker/default.nix b/pkgs/development/tools/misc/abi-compliance-checker/default.nix new file mode 100644 index 000000000000..db0e41d27ab3 --- /dev/null +++ b/pkgs/development/tools/misc/abi-compliance-checker/default.nix @@ -0,0 +1,26 @@ +{ stdenv, fetchFromGitHub, ctags, perl, binutils, abi-dumper }: + +stdenv.mkDerivation rec { + name = "abi-compliance-checker-${version}"; + version = "2.3"; + + src = fetchFromGitHub { + owner = "lvc"; + repo = "abi-compliance-checker"; + rev = version; + sha256 = "1f1f9j2nf9j83sfl2ljadch99v6ha8rq8xm7ax5akc05hjpyckij"; + }; + + buildInputs = [ binutils ctags perl ]; + propagatedBuildInputs = [ abi-dumper ]; + + makeFlags = [ "prefix=$(out)" ]; + + meta = with stdenv.lib; { + homepage = https://lvc.github.io/abi-compliance-checker; + description = "A tool for checking backward API/ABI compatibility of a C/C++ library"; + license = licenses.lgpl21; + maintainers = [ maintainers.bhipple ]; + platforms = platforms.all; + }; +} diff --git a/pkgs/development/tools/misc/abi-dumper/default.nix b/pkgs/development/tools/misc/abi-dumper/default.nix new file mode 100644 index 000000000000..047cd466baac --- /dev/null +++ b/pkgs/development/tools/misc/abi-dumper/default.nix @@ -0,0 +1,33 @@ +{ stdenv, fetchFromGitHub, ctags, perl, elfutils, vtable-dumper }: + +stdenv.mkDerivation rec { + name = "abi-dumper-${version}"; + version = "1.1"; + + src = fetchFromGitHub { + owner = "lvc"; + repo = "abi-dumper"; + rev = version; + sha256 = "1byhw132aj7a5a5zh5s3pnjlrhdk4cz6xd5irp1y08jl980qba5j"; + }; + + patchPhase = '' + substituteInPlace abi-dumper.pl \ + --replace eu-readelf ${elfutils}/bin/eu-readelf \ + --replace vtable-dumper ${vtable-dumper}/bin/vtable-dumper \ + --replace '"ctags"' '"${ctags}/bin/ctags"' + ''; + + buildInputs = [ elfutils ctags perl vtable-dumper ]; + + preBuild = "mkdir -p $out"; + makeFlags = [ "prefix=$(out)" ]; + + meta = with stdenv.lib; { + homepage = https://github.com/lvc/abi-dumper; + description = "Dump ABI of an ELF object containing DWARF debug info"; + license = licenses.lgpl21; + maintainers = [ maintainers.bhipple ]; + platforms = platforms.all; + }; +} diff --git a/pkgs/development/tools/misc/vtable-dumper/default.nix b/pkgs/development/tools/misc/vtable-dumper/default.nix new file mode 100644 index 000000000000..e806a7796386 --- /dev/null +++ b/pkgs/development/tools/misc/vtable-dumper/default.nix @@ -0,0 +1,24 @@ +{ stdenv, fetchFromGitHub, libelf }: + +stdenv.mkDerivation rec { + name = "vtable-dumper-${version}"; + version = "1.2"; + + src = fetchFromGitHub { + owner = "lvc"; + repo = "vtable-dumper"; + rev = version; + sha256 = "0sl7lnjr2l4c2f7qaazvpwpzsp4gckkvccfam88wcq9f7j9xxbyp"; + }; + + buildInputs = [ libelf ]; + makeFlags = [ "prefix=$(out)" ]; + + meta = with stdenv.lib; { + homepage = https://github.com/lvc/vtable-dumper; + description = "A tool to list content of virtual tables in a C++ shared library"; + license = licenses.lgpl21; + maintainers = [ maintainers.bhipple ]; + platforms = platforms.all; + }; +} diff --git a/pkgs/servers/sql/sqlite/jdbc/default.nix b/pkgs/servers/sql/sqlite/jdbc/default.nix index 5b0425c410fc..4e40d8761526 100644 --- a/pkgs/servers/sql/sqlite/jdbc/default.nix +++ b/pkgs/servers/sql/sqlite/jdbc/default.nix @@ -1,25 +1,28 @@ -{ lib, stdenv, fetchurl }: +{ stdenv, fetchMavenArtifact }: stdenv.mkDerivation rec { - version = "3.20.0"; pname = "sqlite-jdbc"; name = "${pname}-${version}"; + version = "3.25.2"; - src = fetchurl { - url = "https://bitbucket.org/xerial/${pname}/downloads/${name}.jar"; - sha256 = "0wxfxnq2ghiwy2mwz3rljgmy1lciafhrw80lprvqz6iw8l51qfql"; + src = fetchMavenArtifact { + groupId = "org.xerial"; + artifactId = "sqlite-jdbc"; + inherit version; + sha256 = "1xk5fi2wzq3jspvbdm5hvs78501i14jy3v7x6fjnh5fnpqdacpd4"; }; phases = [ "installPhase" ]; installPhase = '' - install -D "${src}" "$out/share/java/${name}.jar" + install -m444 -D ${src}/share/java/*${name}.jar "$out/share/java/${name}.jar" ''; - meta = with lib; { + meta = with stdenv.lib; { homepage = "https://github.com/xerial/sqlite-jdbc"; - description = "SQLite JDBC Driver"; + description = "Library for accessing and creating SQLite database files in Java"; license = licenses.asl20; + platforms = platforms.linux; maintainers = with maintainers; [ jraygauthier ]; }; } diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index aaa8da74333d..0a3da230798e 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -8003,6 +8003,10 @@ with pkgs; ### DEVELOPMENT / TOOLS + abi-compliance-checker = callPackage ../development/tools/misc/abi-compliance-checker { }; + + abi-dumper = callPackage ../development/tools/misc/abi-dumper { }; + activator = throw '' Typesafe Activator was removed in 2017-05-08 as the actual package reaches end of life. @@ -8011,13 +8015,13 @@ with pkgs; for more information. ''; + adtool = callPackage ../tools/admin/adtool { }; + inherit (callPackage ../development/tools/alloy { }) alloy4 alloy5 alloy; - adtool = callPackage ../tools/admin/adtool { }; - augeas = callPackage ../tools/system/augeas { }; inherit (callPackages ../tools/admin/ansible {}) @@ -8941,6 +8945,8 @@ with pkgs; pythonPackages = python3Packages; }; + vtable-dumper = callPackage ../development/tools/misc/vtable-dumper { }; + watson-ruby = callPackage ../development/tools/misc/watson-ruby {}; xc3sprog = callPackage ../development/tools/misc/xc3sprog { }; @@ -21060,6 +21066,8 @@ with pkgs; m4rie = callPackage ../development/libraries/science/math/m4rie { }; + mkl = callPackage ../development/libraries/science/math/mkl { }; + nasc = callPackage ../applications/science/math/nasc { }; openblas = callPackage ../development/libraries/science/math/openblas { }; diff --git a/pkgs/top-level/stage.nix b/pkgs/top-level/stage.nix index 7637371a40f1..d0fb885dc747 100644 --- a/pkgs/top-level/stage.nix +++ b/pkgs/top-level/stage.nix @@ -134,13 +134,16 @@ let # default GNU libc on Linux systems. Non-Linux systems are not # supported. pkgsMusl = if stdenv.hostPlatform.isLinux then nixpkgsFun { - localSystem = { + inherit overlays config; + ${if stdenv.hostPlatform == stdenv.buildPlatform + then "localSystem" else "crossSystem"} = { parsed = stdenv.hostPlatform.parsed // { abi = { "gnu" = lib.systems.parse.abis.musl; "gnueabi" = lib.systems.parse.abis.musleabi; "gnueabihf" = lib.systems.parse.abis.musleabihf; - }.${stdenv.hostPlatform.parsed.abi.name} or lib.systems.parse.abis.musl; + }.${stdenv.hostPlatform.parsed.abi.name} + or lib.systems.parse.abis.musl; }; }; } else throw "Musl libc only supports Linux systems."; @@ -148,7 +151,9 @@ let # All packages built for i686 Linux. # Used by wine, firefox with debugging version of Flash, ... pkgsi686Linux = assert stdenv.hostPlatform.isLinux; nixpkgsFun { - localSystem = { + inherit overlays config; + ${if stdenv.hostPlatform == stdenv.buildPlatform + then "localSystem" else "crossSystem"} = { parsed = stdenv.hostPlatform.parsed // { cpu = lib.systems.parse.cpuTypes.i686; }; |