diff options
25 files changed, 149 insertions, 93 deletions
diff --git a/doc/cross-compilation.xml b/doc/cross-compilation.xml index 118a82bf0b06..028fd6744910 100644 --- a/doc/cross-compilation.xml +++ b/doc/cross-compilation.xml @@ -61,7 +61,7 @@ <listitem> <para> The "target platform" attribute is, unlike the other two attributes, not actually fundamental to the process of building software. - Instead, it is only relevant for compatability with building certain specific compilers and build tools. + Instead, it is only relevant for compatibility with building certain specific compilers and build tools. It can be safely ignored for all other packages. </para> <para> @@ -162,7 +162,7 @@ <para> A runtime dependency between 2 packages implies that between them both the host and target platforms match. This is directly implied by the meaning of "host platform" and "runtime dependency": - The package dependency exists while both packages are runnign on a single host platform. + The package dependency exists while both packages are running on a single host platform. </para> <para> A build time dependency, however, implies a shift in platforms between the depending package and the depended-on package. diff --git a/lib/default.nix b/lib/default.nix index f729a36249af..03a902945a3b 100644 --- a/lib/default.nix +++ b/lib/default.nix @@ -93,7 +93,7 @@ let hiPrioSet; inherit (sources) pathType pathIsDirectory cleanSourceFilter cleanSource sourceByRegex sourceFilesBySuffices - commitIdFromGitRepo cleanSourceWith; + commitIdFromGitRepo cleanSourceWith pathHasContext canCleanSource; inherit (modules) evalModules closeModules unifyModuleSyntax applyIfFunction unpackSubmodule packSubmodule mergeModules mergeModules' mergeOptionDecls evalOptionValue mergeDefinitions diff --git a/lib/sources.nix b/lib/sources.nix index 703f5a71da6a..704711b20cd9 100644 --- a/lib/sources.nix +++ b/lib/sources.nix @@ -93,4 +93,8 @@ rec { else lib.head matchRef else throw ("Not a .git directory: " + path); in lib.flip readCommitFromFile "HEAD"; + + pathHasContext = builtins.hasContext or (lib.hasPrefix builtins.storeDir); + + canCleanSource = src: src ? _isLibCleanSourceWith || !(pathHasContext (toString src)); } diff --git a/nixos/modules/security/acme.nix b/nixos/modules/security/acme.nix index fb011019f7f5..5940f471883c 100644 --- a/nixos/modules/security/acme.nix +++ b/nixos/modules/security/acme.nix @@ -139,6 +139,14 @@ in ''; }; + tosHash = mkOption { + type = types.string; + default = "cc88d8d9517f490191401e7b54e9ffd12a2b9082ec7a1d4cec6101f9f1647e7b"; + description = '' + SHA256 of the Terms of Services document. This changes once in a while. + ''; + }; + production = mkOption { type = types.bool; default = true; @@ -188,7 +196,7 @@ in domain = if data.domain != null then data.domain else cert; cpath = "${cfg.directory}/${cert}"; rights = if data.allowKeysForGroup then "750" else "700"; - cmdline = [ "-v" "-d" domain "--default_root" data.webroot "--valid_min" cfg.validMin ] + cmdline = [ "-v" "-d" domain "--default_root" data.webroot "--valid_min" cfg.validMin "--tos_sha256" cfg.tosHash ] ++ optionals (data.email != null) [ "--email" data.email ] ++ concatMap (p: [ "-f" p ]) data.plugins ++ concatLists (mapAttrsToList (name: root: [ "-d" (if root == null then name else "${name}:${root}")]) data.extraDomains) diff --git a/pkgs/applications/networking/mailreaders/sylpheed/default.nix b/pkgs/applications/networking/mailreaders/sylpheed/default.nix index a63bedfb29d2..d58680d15d5a 100644 --- a/pkgs/applications/networking/mailreaders/sylpheed/default.nix +++ b/pkgs/applications/networking/mailreaders/sylpheed/default.nix @@ -1,38 +1,36 @@ -{ stdenv, fetchurl, pkgconfig, gtk2 -, openssl ? null -, gpgme ? null -, sslSupport ? true -, gpgSupport ? true -}: +{ stdenv, fetchurl, pkgconfig, gtk2, openssl ? null, gpgme ? null +, gpgSupport ? true, sslSupport ? true }: -with stdenv.lib; - -assert sslSupport -> openssl != null; assert gpgSupport -> gpgme != null; +assert sslSupport -> openssl != null; + +with stdenv.lib; stdenv.mkDerivation rec { name = "sylpheed-${version}"; - version = "3.5.1"; + version = "3.6.0"; src = fetchurl { - url = "http://sylpheed.sraoss.jp/sylpheed/v3.5/${name}.tar.bz2"; - sha256 = "11qhbfyvi5hxv1f448zgbzgrdjj3a4mxj2bfpk6k4bqf7ahh8nis"; + url = "http://sylpheed.sraoss.jp/sylpheed/v3.6/${name}.tar.bz2"; + sha256 = "0idk9nz3d200l2bxc38vnxlx0wcslrvncy9lk50vz7dl8c5sg97b"; }; nativeBuildInputs = [ pkgconfig ]; - buildInputs = - [ gtk2 ] - ++ optional sslSupport openssl - ++ optional gpgSupport gpgme; - configureFlags = optional sslSupport "--enable-ssl" - ++ optional gpgSupport "--enable-gpgme"; + buildInputs = [ gtk2 ] + ++ optionals gpgSupport [ gpgme ] + ++ optionals sslSupport [ openssl ]; + + configureFlags = [ + (optional gpgSupport "--enable-gpgme") + (optional sslSupport "--enable-ssl") + ]; meta = { homepage = http://sylpheed.sraoss.jp/en/; - description = "A lightweight and user-friendly e-mail client"; - maintainers = [ maintainers.eelco ]; + description = "Lightweight and user-friendly e-mail client"; + maintainers = with maintainers; [ eelco ]; platforms = platforms.linux ++ platforms.darwin; - license = "GPL"; + license = licenses.gpl2; }; } diff --git a/pkgs/build-support/safe-discard-string-context.nix b/pkgs/build-support/safe-discard-string-context.nix new file mode 100644 index 000000000000..293a15295d55 --- /dev/null +++ b/pkgs/build-support/safe-discard-string-context.nix @@ -0,0 +1,14 @@ +# | Discard the context of a string while ensuring that expected path +# validity invariants hold. +# +# This relies on import-from-derivation, but it is only useful in +# contexts where the string is going to be used in an +# import-from-derivation anyway. +# +# safeDiscardStringContext : String → String +{ writeText }: s: + builtins.seq + (import (writeText + "discard.nix" + "${builtins.substring 0 0 s}null\n")) + (builtins.unsafeDiscardStringContext s) diff --git a/pkgs/development/compilers/ghc/7.10.3-binary.nix b/pkgs/development/compilers/ghc/7.10.3-binary.nix index b68c84711b0d..c56798e31ae4 100644 --- a/pkgs/development/compilers/ghc/7.10.3-binary.nix +++ b/pkgs/development/compilers/ghc/7.10.3-binary.nix @@ -43,7 +43,7 @@ stdenv.mkDerivation rec { or (throw "cannot bootstrap GHC on this platform")); nativeBuildInputs = [ perl ]; - buildInputs = stdenv.lib.optionals stdenv.isArm [ llvm_35 ]; + buildInputs = stdenv.lib.optionals stdenv.targetPlatform.isArm [ llvm_35 ]; # Cannot patchelf beforehand due to relative RPATHs that anticipate # the final install location/ diff --git a/pkgs/development/compilers/ghc/7.10.3.nix b/pkgs/development/compilers/ghc/7.10.3.nix index dd5acfa16f1f..3fb70c31a7c2 100644 --- a/pkgs/development/compilers/ghc/7.10.3.nix +++ b/pkgs/development/compilers/ghc/7.10.3.nix @@ -44,7 +44,7 @@ stdenv.mkDerivation rec { ./relocation.patch ]; - buildInputs = [ ghc perl libxml2 libxslt docbook_xsl docbook_xml_dtd_45 docbook_xml_dtd_42 hscolour ] ++ stdenv.lib.optionals stdenv.isArm [ llvm_35 ]; + buildInputs = [ ghc perl libxml2 libxslt docbook_xsl docbook_xml_dtd_45 docbook_xml_dtd_42 hscolour ] ++ stdenv.lib.optionals targetPlatform.isArm [ llvm_35 ]; enableParallelBuilding = true; diff --git a/pkgs/development/compilers/ghc/8.2.1-binary.nix b/pkgs/development/compilers/ghc/8.2.1-binary.nix index ec2694a00286..8a08ab4b9862 100644 --- a/pkgs/development/compilers/ghc/8.2.1-binary.nix +++ b/pkgs/development/compilers/ghc/8.2.1-binary.nix @@ -46,7 +46,7 @@ stdenv.mkDerivation rec { or (throw "cannot bootstrap GHC on this platform")); nativeBuildInputs = [ perl ]; - buildInputs = stdenv.lib.optionals (stdenv.isArm || stdenv.isAarch64) [ llvm_39 ]; + buildInputs = stdenv.lib.optionals (stdenv.targetPlatform.isArm || stdenv.targetPlatform.isAarch64) [ llvm_39 ]; # Cannot patchelf beforehand due to relative RPATHs that anticipate # the final install location/ diff --git a/pkgs/development/compilers/ghc/8.2.2.nix b/pkgs/development/compilers/ghc/8.2.2.nix index 5ef71804b570..0e87ea68649e 100644 --- a/pkgs/development/compilers/ghc/8.2.2.nix +++ b/pkgs/development/compilers/ghc/8.2.2.nix @@ -46,7 +46,7 @@ stdenv.mkDerivation (rec { sed 's|#BuildFlavour = quick-cross|BuildFlavour = perf-cross|' mk/build.mk.sample > mk/build.mk ''; - buildInputs = [ alex autoconf automake ghc happy hscolour perl python3 sphinx ] ++ stdenv.lib.optionals (stdenv.isArm || stdenv.isAarch64) [ llvm_39 ]; + buildInputs = [ alex autoconf automake ghc happy hscolour perl python3 sphinx ] ++ stdenv.lib.optionals (targetPlatform.isArm || targetPlatform.isAarch64) [ llvm_39 ]; enableParallelBuilding = true; diff --git a/pkgs/development/haskell-modules/configuration-common.nix b/pkgs/development/haskell-modules/configuration-common.nix index 0b302c3d0c06..c7c42c1add7e 100644 --- a/pkgs/development/haskell-modules/configuration-common.nix +++ b/pkgs/development/haskell-modules/configuration-common.nix @@ -931,7 +931,7 @@ self: super: { hashable = if pkgs.stdenv.isArm then dontCheck super.hashable else super.hashable; # https://github.com/tibbe/hashable/issues/95 servant-docs = if pkgs.stdenv.isArm then dontCheck super.servant-docs else super.servant-docs; servant-swagger = if pkgs.stdenv.isArm then dontCheck super.servant-swagger else super.servant-swagger; - swagger2 = if pkgs.stdenv.isArm then dontCheck super.swagger2 else super.swagger2; + swagger2 = if pkgs.stdenv.isArm then dontHaddock (dontCheck super.swagger2) else super.swagger2; # Tries to read a file it is not allowed to in the test suite load-env = dontCheck super.load-env; diff --git a/pkgs/development/haskell-modules/generic-builder.nix b/pkgs/development/haskell-modules/generic-builder.nix index bf195696f947..5b2b23fc7903 100644 --- a/pkgs/development/haskell-modules/generic-builder.nix +++ b/pkgs/development/haskell-modules/generic-builder.nix @@ -130,7 +130,7 @@ let (optionalString (enableSharedExecutables && stdenv.isDarwin) "--ghc-option=-optl=-Wl,-headerpad_max_install_names") (optionalString enableParallelBuilding "--ghc-option=-j$NIX_BUILD_CORES") (optionalString useCpphs "--with-cpphs=${cpphs}/bin/cpphs --ghc-options=-cpp --ghc-options=-pgmP${cpphs}/bin/cpphs --ghc-options=-optP--cpp") - (enableFeature (enableDeadCodeElimination && !stdenv.isArm && !stdenv.isAarch64 && (versionAtLeast "8.0.1" ghc.version)) "split-objs") + (enableFeature (enableDeadCodeElimination && !hostPlatform.isArm && !hostPlatform.isAarch64 && (versionAtLeast "8.0.1" ghc.version)) "split-objs") (enableFeature enableLibraryProfiling "library-profiling") (enableFeature enableExecutableProfiling (if versionOlder ghc.version "8" then "executable-profiling" else "profiling")) (enableFeature enableSharedLibraries "shared") diff --git a/pkgs/development/haskell-modules/make-package-set.nix b/pkgs/development/haskell-modules/make-package-set.nix index f85259e699bc..b91d73c9748c 100644 --- a/pkgs/development/haskell-modules/make-package-set.nix +++ b/pkgs/development/haskell-modules/make-package-set.nix @@ -142,24 +142,18 @@ in package-set { inherit pkgs stdenv callPackage; } self // { callHackage = name: version: self.callPackage (self.hackage2nix name version); # Creates a Haskell package from a source package by calling cabal2nix on the source. - callCabal2nix = name: src: args: if builtins.typeOf src != "path" - then self.callPackage (haskellSrc2nix { inherit name src; }) args - else - # When `src` is a Nix path literal, only use `cabal2nix` on - # the cabal file, so that the "import-from-derivation" is only - # recomputed when the cabal file changes, and so your source - # code isn't duplicated into the nix store on every change. - # This can only be done when `src` is a Nix path literal - # because that is the only kind of source that - # `builtins.filterSource` works on. But this filtering isn't - # usually important on other kinds of sources, like - # `fetchFromGitHub`. - overrideCabal (self.callPackage (haskellSrc2nix { - inherit name; - src = builtins.filterSource (path: type: - pkgs.lib.hasSuffix "${name}.cabal" path || pkgs.lib.hasSuffix "package.yaml" path - ) src; - }) args) (_: { inherit src; }); + callCabal2nix = name: src: args: + overrideCabal (self.callPackage (haskellSrc2nix { + inherit name; + src = pkgs.lib.cleanSourceWith + { src = if pkgs.lib.canCleanSource src + then src + else pkgs.safeDiscardStringContext src; + filter = path: type: + pkgs.lib.hasSuffix "${name}.cabal" path || + pkgs.lib.hasSuffix "package.yaml" path; + }; + }) args) (_: { inherit src; }); # : Map Name (Either Path VersionNumber) -> HaskellPackageOverrideSet # Given a set whose values are either paths or version strings, produces diff --git a/pkgs/development/interpreters/elixir/1.6.nix b/pkgs/development/interpreters/elixir/1.6.nix index c8b0d904ccd3..168007d22d77 100644 --- a/pkgs/development/interpreters/elixir/1.6.nix +++ b/pkgs/development/interpreters/elixir/1.6.nix @@ -1,7 +1,7 @@ { mkDerivation }: mkDerivation rec { - version = "1.6.0-rc.0"; - sha256 = "1yfyp7y0mfdbh410xsfkq9a7ai2y22mjh2qn2cvpim76s96qjpw6"; + version = "1.6.0-rc.1"; + sha256 = "06g6n9qvv57xa07fyaqhki2y8zw24m3smcjiw1wiw9pzl5a76iby"; minimumOTPVersion = "18"; } diff --git a/pkgs/development/libraries/bullet/default.nix b/pkgs/development/libraries/bullet/default.nix index f6676321860f..39a5a9869ba7 100644 --- a/pkgs/development/libraries/bullet/default.nix +++ b/pkgs/development/libraries/bullet/default.nix @@ -2,13 +2,13 @@ stdenv.mkDerivation rec { name = "bullet-${version}"; - version = "2.86.1"; + version = "2.87"; src = fetchFromGitHub { owner = "bulletphysics"; repo = "bullet3"; rev = version; - sha256 = "1k81hr5y9rs2nsal6711fal21rxp6h573cpmjjk8x8ji2crqbqlz"; + sha256 = "1msp7w3563vb43w70myjmqsdb97kna54dcfa7yvi9l3bvamb92w3"; }; buildInputs = [ cmake ] ++ @@ -16,6 +16,8 @@ stdenv.mkDerivation rec { then with darwin.apple_sdk.frameworks; [ Cocoa OpenGL ] else [mesa freeglut]); + patches = [ ./gwen-narrowing.patch ]; + postPatch = stdenv.lib.optionalString stdenv.isDarwin '' sed -i 's/FIND_PACKAGE(OpenGL)//' CMakeLists.txt sed -i 's/FIND_LIBRARY(COCOA_LIBRARY Cocoa)//' CMakeLists.txt diff --git a/pkgs/development/libraries/bullet/gwen-narrowing.patch b/pkgs/development/libraries/bullet/gwen-narrowing.patch new file mode 100644 index 000000000000..c6c06325dae0 --- /dev/null +++ b/pkgs/development/libraries/bullet/gwen-narrowing.patch @@ -0,0 +1,22 @@ +commit a5d3497577c78b03c05c69d17df972fa9fb54f53 +Author: Linus Heckemann <git@sphalerite.org> +Date: Fri Jan 5 23:57:09 2018 +0100 + + Add -Wno-narrowing to GWEN's CMakeLists + + This avoids the compilation issue that occurs on aarch64 with gcc6. + (nixpkgs-specific patch) + +diff --git a/examples/ThirdPartyLibs/Gwen/CMakeLists.txt b/examples/ThirdPartyLibs/Gwen/CMakeLists.txt +index 82fa0ffba..26c4bbd37 100644 +--- a/examples/ThirdPartyLibs/Gwen/CMakeLists.txt ++++ b/examples/ThirdPartyLibs/Gwen/CMakeLists.txt +@@ -15,7 +15,7 @@ IF(NOT WIN32 AND NOT APPLE) + ADD_DEFINITIONS("-DDYNAMIC_LOAD_X11_FUNCTIONS=1") + ENDIF() + +-ADD_DEFINITIONS( -DGLEW_STATIC -DGWEN_COMPILE_STATIC -D_HAS_EXCEPTIONS=0 -D_STATIC_CPPLIB ) ++ADD_DEFINITIONS( -DGLEW_STATIC -DGWEN_COMPILE_STATIC -D_HAS_EXCEPTIONS=0 -D_STATIC_CPPLIB -Wno-narrowing ) + + FILE(GLOB gwen_SRCS "*.cpp" "Controls/*.cpp" "Controls/Dialog/*.cpp" "Controls/Dialogs/*.cpp" "Controls/Layout/*.cpp" "Controls/Property/*.cpp" "Input/*.cpp" "Platforms/*.cpp" "Renderers/*.cpp" "Skins/*.cpp") + FILE(GLOB gwen_HDRS "*.h" "Controls/*.h" "Controls/Dialog/*.h" "Controls/Dialogs/*.h" "Controls/Layout/*.h" "Controls/Property/*.h" "Input/*.h" "Platforms/*.h" "Renderers/*.h" "Skins/*.h") diff --git a/pkgs/os-specific/linux/busybox/busybox-in-store.patch b/pkgs/os-specific/linux/busybox/busybox-in-store.patch index 0de7348c44fe..2d356b66b3ae 100644 --- a/pkgs/os-specific/linux/busybox/busybox-in-store.patch +++ b/pkgs/os-specific/linux/busybox/busybox-in-store.patch @@ -1,19 +1,19 @@ Allow BusyBox to be invoked as "<something>-busybox". This is necessary when it's run from the Nix store as <hash>-busybox during stdenv bootstrap. ---- busybox-1.26.1-orig/libbb/appletlib.orig 2016-10-26 19:54:20.510957575 -0400 -+++ busybox-1.26.1/libbb/appletlib.c 2016-10-26 19:48:31.590862853 -0400 -@@ -887,7 +887,7 @@ +--- a/libbb/appletlib.c ++++ b/libbb/appletlib.c +@@ -947,7 +947,7 @@ void FAST_FUNC run_applet_no_and_exit(int applet_no, const char *name, char **ar static NORETURN void run_applet_and_exit(const char *name, char **argv) { # if ENABLE_BUSYBOX - if (is_prefixed_with(name, "busybox")) + if (strstr(name, "busybox") != 0) - exit(busybox_main(argv)); + exit(busybox_main(/*unused:*/ 0, argv)); # endif # if NUM_APPLETS > 0 -@@ -981,7 +981,7 @@ int main(int argc UNUSED_PARAM, char **argv) - +@@ -1045,7 +1045,7 @@ int main(int argc UNUSED_PARAM, char **argv) + lbb_prepare("busybox" IF_FEATURE_INDIVIDUAL(, argv)); # if !ENABLE_BUSYBOX - if (argv[1] && is_prefixed_with(bb_basename(argv[0]), "busybox")) diff --git a/pkgs/os-specific/linux/busybox/default.nix b/pkgs/os-specific/linux/busybox/default.nix index 73c945fa0baf..a8d5ab48ac21 100644 --- a/pkgs/os-specific/linux/busybox/default.nix +++ b/pkgs/os-specific/linux/busybox/default.nix @@ -27,35 +27,20 @@ let in stdenv.mkDerivation rec { - name = "busybox-1.27.2"; + name = "busybox-1.28.0"; # Note to whoever is updating busybox: please verify that: # nix-build pkgs/stdenv/linux/make-bootstrap-tools.nix -A test # still builds after the update. src = fetchurl { url = "http://busybox.net/downloads/${name}.tar.bz2"; - sha256 = "1pv3vs2w4l2wnw5qb0rkbpvjjdd1fwjv87miavqq0r0ynqbfajwx"; + sha256 = "1701carjf02y7r3djm1yvyd5kzrcxm4szinp7agfv7fmvfvm6ib0"; }; hardeningDisable = [ "format" ] ++ lib.optionals enableStatic [ "fortify" ]; patches = [ - ./busybox-in-store.patch - (fetchpatch { - name = "CVE-2017-15873.patch"; - url = "https://git.busybox.net/busybox/patch/?id=0402cb32df015d9372578e3db27db47b33d5c7b0"; - sha256 = "1s3xqifd0dww19mbnzrks0i1az0qwd884sxjzrx33d6a9jxv4dzn"; - }) - (fetchpatch { - name = "CVE-2017-15874.patch"; - url = "https://git.busybox.net/busybox/patch/?id=9ac42c500586fa5f10a1f6d22c3f797df11b1f6b"; - sha256 = "0169p4ylz9zd14ghhb39yfjvbdca2kb21pphylfh9ny7i484ahql"; - }) - (fetchpatch { - name = "CVE-2017-16544.patch"; - url = "https://git.busybox.net/busybox/patch/?id=c3797d40a1c57352192c6106cc0f435e7d9c11e8"; - sha256 = "1q3lkc4xczxrzhz73x2r0w7kmd6y33zhcnz3478nk5xi0qr66mcy"; - }) + ./busybox-in-store.patch ]; configurePhase = '' diff --git a/pkgs/os-specific/linux/kernel/common-config.nix b/pkgs/os-specific/linux/kernel/common-config.nix index 5fc22736d7f4..24ae1967570b 100644 --- a/pkgs/os-specific/linux/kernel/common-config.nix +++ b/pkgs/os-specific/linux/kernel/common-config.nix @@ -343,7 +343,7 @@ with stdenv.lib; # Security related features. RANDOMIZE_BASE? y - STRICT_DEVMEM y # Filter access to /dev/mem + STRICT_DEVMEM? y # Filter access to /dev/mem SECURITY_SELINUX_BOOTPARAM_VALUE 0 # Disable SELinux by default SECURITY_YAMA? y # Prevent processes from ptracing non-children processes DEVKMEM n # Disable /dev/kmem diff --git a/pkgs/os-specific/linux/kernel/hardened-config.nix b/pkgs/os-specific/linux/kernel/hardened-config.nix index b7959f9d3599..3a82c00c5010 100644 --- a/pkgs/os-specific/linux/kernel/hardened-config.nix +++ b/pkgs/os-specific/linux/kernel/hardened-config.nix @@ -61,8 +61,8 @@ ${optionalString (versionAtLeast version "4.12") '' DEBUG_WX y # boot-time warning on RWX mappings # Stricter /dev/mem -STRICT_DEVMEM y -IO_STRICT_DEVMEM y +STRICT_DEVMEM? y +IO_STRICT_DEVMEM? y # Perform additional validation of commonly targeted structures. DEBUG_CREDENTIALS y diff --git a/pkgs/os-specific/linux/kernel/linux-hardened-copperhead.nix b/pkgs/os-specific/linux/kernel/linux-hardened-copperhead.nix index 5f4a5d5adb59..1ccc152bb289 100644 --- a/pkgs/os-specific/linux/kernel/linux-hardened-copperhead.nix +++ b/pkgs/os-specific/linux/kernel/linux-hardened-copperhead.nix @@ -3,9 +3,9 @@ with stdenv.lib; let - version = "4.14.12"; + version = "4.14.13"; revision = "a"; - sha256 = "002a3c177fix472wqc89zrpfzwk60l7dn76l869ivgnd60n6wqb2"; + sha256 = "08fvb1lllb0xkckw2y66g0j5z88kp877r51jj3kksfkvjfibjr0j"; # modVersion needs to be x.y.z, will automatically add .0 if needed modVersion = concatStrings (intersperse "." (take 3 (splitString "." "${version}.0"))); diff --git a/pkgs/servers/sql/postgresql/default.nix b/pkgs/servers/sql/postgresql/default.nix index cffdbb969280..1a721e90a8df 100644 --- a/pkgs/servers/sql/postgresql/default.nix +++ b/pkgs/servers/sql/postgresql/default.nix @@ -58,13 +58,15 @@ let # Prevent a retained dependency on gcc-wrapper. substituteInPlace "$out/lib/pgxs/src/Makefile.global" --replace ${stdenv.cc}/bin/ld ld - # Remove static libraries in case dynamic are available. - for i in $out/lib/*.a; do - name="$(basename "$i")" - if [ -e "$lib/lib/''${name%.a}.so" ] || [ -e "''${i%.a}.so" ]; then - rm "$i" - fi - done + if [ -z "''${dontDisableStatic:-}" ]; then + # Remove static libraries in case dynamic are available. + for i in $out/lib/*.a; do + name="$(basename "$i")" + if [ -e "$lib/lib/''${name%.a}.so" ] || [ -e "''${i%.a}.so" ]; then + rm "$i" + fi + done + fi ''; postFixup = lib.optionalString (!stdenv.isDarwin) diff --git a/pkgs/tools/admin/aws-vault/default.nix b/pkgs/tools/admin/aws-vault/default.nix new file mode 100644 index 000000000000..4f8b1bc1368f --- /dev/null +++ b/pkgs/tools/admin/aws-vault/default.nix @@ -0,0 +1,23 @@ +{ buildGoPackage, lib, fetchFromGitHub }: +buildGoPackage rec { + name = "${pname}-${version}"; + pname = "aws-vault"; + version = "4.1.0"; + + goPackagePath = "github.com/99designs/${pname}"; + + src = fetchFromGitHub { + owner = "99designs"; + repo = pname; + rev = "v${version}"; + sha256 = "04cdynqmkbs7bkl2aay4sjxq49i90fg048lw0ssw1fpwldbvnl6j"; + }; + + meta = with lib; { + description = "A vault for securely storing and accessing AWS credentials in development environments"; + homepage = "https://github.com/99designs/aws-vault"; + license = licenses.mit; + maintainers = with maintainers; [ zimbatm ]; + }; + +} diff --git a/pkgs/tools/filesystems/glusterfs/default.nix b/pkgs/tools/filesystems/glusterfs/default.nix index 87356fd34838..494fd7036e29 100644 --- a/pkgs/tools/filesystems/glusterfs/default.nix +++ b/pkgs/tools/filesystems/glusterfs/default.nix @@ -15,10 +15,10 @@ let # The command # find /nix/store/...-glusterfs-.../ -name '*.py' -executable # can help with finding new Python scripts. - version = "3.12.3"; + version = "3.12.4"; name="${baseName}-${version}"; url="https://github.com/gluster/glusterfs/archive/v${version}.tar.gz"; - sha256 = "16ra4qr4ds011mmxaqdhdj7slcx8yv0xh6ww7bwsz7f1gn9sr10h"; + sha256 = "01gsc3dw491ipl47q733iznddxbg42aa749vkyaq6i6w4d7m157f"; }; buildInputs = [ fuse bison flex_2_5_35 openssl ncurses readline diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index bc1708f9c91d..8d20d1bcba8c 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -541,6 +541,8 @@ with pkgs; aws_shell = pythonPackages.aws_shell; + aws-vault = callPackage ../tools/admin/aws-vault { }; + azure-cli = nodePackages.azure-cli; azure-vhd-utils = callPackage ../tools/misc/azure-vhd-utils { }; @@ -10584,7 +10586,7 @@ with pkgs; inherit (gst_all_1) gstreamer gst-plugins-base; }); - libsForQt56 = recurseIntoAttrs (lib.makeScope qt56.newScope mkLibsForQt5); + libsForQt56 = lib.makeScope qt56.newScope mkLibsForQt5; qt59 = recurseIntoAttrs (makeOverridable (import ../development/libraries/qt-5/5.9) { @@ -10599,7 +10601,7 @@ with pkgs; inherit (gnome3) gtk3 dconf; }); - libsForQt59 = recurseIntoAttrs (lib.makeScope qt59.newScope mkLibsForQt5); + libsForQt59 = lib.makeScope qt59.newScope mkLibsForQt5; qt5 = qt59; libsForQt5 = libsForQt59; @@ -20234,4 +20236,6 @@ with pkgs; wal-g = callPackage ../tools/backup/wal-g {}; tlwg = callPackage ../data/fonts/tlwg { }; + + safeDiscardStringContext = callPackage ../build-support/safe-discard-string-context.nix { }; } |