diff options
59 files changed, 514 insertions, 1531 deletions
diff --git a/doc/builders/fetchers.chapter.md b/doc/builders/fetchers.chapter.md new file mode 100644 index 000000000000..d4cab056c70b --- /dev/null +++ b/doc/builders/fetchers.chapter.md @@ -0,0 +1,70 @@ +# Fetchers {#chap-pkgs-fetchers} + +When using Nix, you will frequently need to download source code and other files from the internet. Nixpkgs comes with a few helper functions that allow you to fetch fixed-output derivations in a structured way. + +The two fetcher primitives are `fetchurl` and `fetchzip`. Both of these have two required arguments, a URL and a hash. The hash is typically `sha256`, although many more hash algorithms are supported. Nixpkgs contributors are currently recommended to use `sha256`. This hash will be used by Nix to identify your source. A typical usage of fetchurl is provided below. + +```nix +{ stdenv, fetchurl }: + +stdenv.mkDerivation { + name = "hello"; + src = fetchurl { + url = "http://www.example.org/hello.tar.gz"; + sha256 = "1111111111111111111111111111111111111111111111111111"; + }; +} +``` + +The main difference between `fetchurl` and `fetchzip` is in how they store the contents. `fetchurl` will store the unaltered contents of the URL within the Nix store. `fetchzip` on the other hand will decompress the archive for you, making files and directories directly accessible in the future. `fetchzip` can only be used with archives. Despite the name, `fetchzip` is not limited to .zip files and can also be used with any tarball. + +`fetchpatch` works very similarly to `fetchurl` with the same arguments expected. It expects patch files as a source and and performs normalization on them before computing the checksum. For example it will remove comments or other unstable parts that are sometimes added by version control systems and can change over time. + + +Other fetcher functions allow you to add source code directly from a VCS such as subversion or git. These are mostly straightforward nambes based on the name of the command used with the VCS system. Because they give you a working repository, they act most like `fetchzip`. + +## `fetchsvn` + +Used with Subversion. Expects `url` to a Subversion directory, `rev`, and `sha256`. + +## `fetchgit` + +Used with Git. Expects `url` to a Git repo, `rev`, and `sha256`. `rev` in this case can be full the git commit id (SHA1 hash) or a tag name like `refs/tags/v1.0`. + +## `fetchfossil` + +Used with Fossil. Expects `url` to a Fossil archive, `rev`, and `sha256`. + +## `fetchcvs` + +Used with CVS. Expects `cvsRoot`, `tag`, and `sha256`. + +## `fetchhg` + +Used with Mercurial. Expects `url`, `rev`, and `sha256`. + +A number of fetcher functions wrap part of `fetchurl` and `fetchzip`. They are mainly convenience functions intended for commonly used destinations of source code in Nixpkgs. These wrapper fetchers are listed below. + +## `fetchFromGitHub` + +`fetchFromGitHub` expects four arguments. `owner` is a string corresponding to the GitHub user or organization that controls this repository. `repo` corresponds to the name of the software repository. These are located at the top of every GitHub HTML page as `owner`/`repo`. `rev` corresponds to the Git commit hash or tag (e.g `v1.0`) that will be downloaded from Git. Finally, `sha256` corresponds to the hash of the extracted directory. Again, other hash algorithms are also available but `sha256` is currently preferred. + +## `fetchFromGitLab` + +This is used with GitLab repositories. The arguments expected are very similar to fetchFromGitHub above. + +## `fetchFromGitiles` + +This is used with Gitiles repositories. The arguments expected are similar to fetchgit. + +## `fetchFromBitbucket` + +This is used with BitBucket repositories. The arguments expected are very similar to fetchFromGitHub above. + +## `fetchFromSavannah` + +This is used with Savannah repositories. The arguments expected are very similar to fetchFromGitHub above. + +## `fetchFromRepoOrCz` + +This is used with repo.or.cz repositories. The arguments expected are very similar to fetchFromGitHub above. diff --git a/doc/builders/fetchers.xml b/doc/builders/fetchers.xml deleted file mode 100644 index f07c310dcdf1..000000000000 --- a/doc/builders/fetchers.xml +++ /dev/null @@ -1,150 +0,0 @@ -<chapter xmlns="http://docbook.org/ns/docbook" - xmlns:xlink="http://www.w3.org/1999/xlink" - xmlns:xi="http://www.w3.org/2001/XInclude" - xml:id="chap-pkgs-fetchers"> - <title>Fetchers</title> - <para> - When using Nix, you will frequently need to download source code and other files from the internet. Nixpkgs comes with a few helper functions that allow you to fetch fixed-output derivations in a structured way. - </para> - <para> - The two fetcher primitives are <function>fetchurl</function> and <function>fetchzip</function>. Both of these have two required arguments, a URL and a hash. The hash is typically <literal>sha256</literal>, although many more hash algorithms are supported. Nixpkgs contributors are currently recommended to use <literal>sha256</literal>. This hash will be used by Nix to identify your source. A typical usage of fetchurl is provided below. - </para> -<programlisting><![CDATA[ -{ stdenv, fetchurl }: - -stdenv.mkDerivation { - name = "hello"; - src = fetchurl { - url = "http://www.example.org/hello.tar.gz"; - sha256 = "1111111111111111111111111111111111111111111111111111"; - }; -} -]]></programlisting> - <para> - The main difference between <function>fetchurl</function> and <function>fetchzip</function> is in how they store the contents. <function>fetchurl</function> will store the unaltered contents of the URL within the Nix store. <function>fetchzip</function> on the other hand will decompress the archive for you, making files and directories directly accessible in the future. <function>fetchzip</function> can only be used with archives. Despite the name, <function>fetchzip</function> is not limited to .zip files and can also be used with any tarball. - </para> - <para> - <function>fetchpatch</function> works very similarly to <function>fetchurl</function> with the same arguments expected. It expects patch files as a source and and performs normalization on them before computing the checksum. For example it will remove comments or other unstable parts that are sometimes added by version control systems and can change over time. - </para> - <para> - Other fetcher functions allow you to add source code directly from a VCS such as subversion or git. These are mostly straightforward names based on the name of the command used with the VCS system. Because they give you a working repository, they act most like <function>fetchzip</function>. - </para> - <variablelist> - <varlistentry> - <term> - <literal>fetchsvn</literal> - </term> - <listitem> - <para> - Used with Subversion. Expects <literal>url</literal> to a Subversion directory, <literal>rev</literal>, and <literal>sha256</literal>. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term> - <literal>fetchgit</literal> - </term> - <listitem> - <para> - Used with Git. Expects <literal>url</literal> to a Git repo, <literal>rev</literal>, and <literal>sha256</literal>. <literal>rev</literal> in this case can be full the git commit id (SHA1 hash) or a tag name like <literal>refs/tags/v1.0</literal>. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term> - <literal>fetchfossil</literal> - </term> - <listitem> - <para> - Used with Fossil. Expects <literal>url</literal> to a Fossil archive, <literal>rev</literal>, and <literal>sha256</literal>. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term> - <literal>fetchcvs</literal> - </term> - <listitem> - <para> - Used with CVS. Expects <literal>cvsRoot</literal>, <literal>tag</literal>, and <literal>sha256</literal>. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term> - <literal>fetchhg</literal> - </term> - <listitem> - <para> - Used with Mercurial. Expects <literal>url</literal>, <literal>rev</literal>, and <literal>sha256</literal>. - </para> - </listitem> - </varlistentry> - </variablelist> - <para> - A number of fetcher functions wrap part of <function>fetchurl</function> and <function>fetchzip</function>. They are mainly convenience functions intended for commonly used destinations of source code in Nixpkgs. These wrapper fetchers are listed below. - </para> - <variablelist> - <varlistentry> - <term> - <literal>fetchFromGitHub</literal> - </term> - <listitem> - <para> - <function>fetchFromGitHub</function> expects four arguments. <literal>owner</literal> is a string corresponding to the GitHub user or organization that controls this repository. <literal>repo</literal> corresponds to the name of the software repository. These are located at the top of every GitHub HTML page as <literal>owner</literal>/<literal>repo</literal>. <literal>rev</literal> corresponds to the Git commit hash or tag (e.g <literal>v1.0</literal>) that will be downloaded from Git. Finally, <literal>sha256</literal> corresponds to the hash of the extracted directory. Again, other hash algorithms are also available but <literal>sha256</literal> is currently preferred. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term> - <literal>fetchFromGitLab</literal> - </term> - <listitem> - <para> - This is used with GitLab repositories. The arguments expected are very similar to fetchFromGitHub above. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term> - <literal>fetchFromGitiles</literal> - </term> - <listitem> - <para> - This is used with Gitiles repositories. The arguments expected - are similar to fetchgit. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term> - <literal>fetchFromBitbucket</literal> - </term> - <listitem> - <para> - This is used with BitBucket repositories. The arguments expected are very similar to fetchFromGitHub above. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term> - <literal>fetchFromSavannah</literal> - </term> - <listitem> - <para> - This is used with Savannah repositories. The arguments expected are very similar to fetchFromGitHub above. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term> - <literal>fetchFromRepoOrCz</literal> - </term> - <listitem> - <para> - This is used with repo.or.cz repositories. The arguments expected are very similar to fetchFromGitHub above. - </para> - </listitem> - </varlistentry> - </variablelist> -</chapter> diff --git a/doc/builders/packages/index.xml b/doc/builders/packages/index.xml index c7a4aa9f47dc..e1ddfd276e20 100644 --- a/doc/builders/packages/index.xml +++ b/doc/builders/packages/index.xml @@ -14,7 +14,7 @@ <xi:include href="ibus.xml" /> <xi:include href="kakoune.section.xml" /> <xi:include href="linux.section.xml" /> - <xi:include href="locales.xml" /> + <xi:include href="locales.section.xml" /> <xi:include href="nginx.section.xml" /> <xi:include href="opengl.section.xml" /> <xi:include href="shell-helpers.section.xml" /> diff --git a/doc/builders/packages/locales.section.md b/doc/builders/packages/locales.section.md new file mode 100644 index 000000000000..e5a037004818 --- /dev/null +++ b/doc/builders/packages/locales.section.md @@ -0,0 +1,5 @@ +# Locales {#locales} + +To allow simultaneous use of packages linked against different versions of `glibc` with different locale archive formats Nixpkgs patches `glibc` to rely on `LOCALE_ARCHIVE` environment variable. + +On non-NixOS distributions this variable is obviously not set. This can cause regressions in language support or even crashes in some Nixpkgs-provided programs. The simplest way to mitigate this problem is exporting the `LOCALE_ARCHIVE` variable pointing to `${glibcLocales}/lib/locale/locale-archive`. The drawback (and the reason this is not the default) is the relatively large (a hundred MiB) size of the full set of locales. It is possible to build a custom set of locales by overriding parameters `allLocales` and `locales` of the package. diff --git a/doc/builders/packages/locales.xml b/doc/builders/packages/locales.xml deleted file mode 100644 index 44fdef034e77..000000000000 --- a/doc/builders/packages/locales.xml +++ /dev/null @@ -1,13 +0,0 @@ -<section xmlns="http://docbook.org/ns/docbook" - xmlns:xlink="http://www.w3.org/1999/xlink" - xml:id="locales"> - <title>Locales</title> - - <para> - To allow simultaneous use of packages linked against different versions of <literal>glibc</literal> with different locale archive formats Nixpkgs patches <literal>glibc</literal> to rely on <literal>LOCALE_ARCHIVE</literal> environment variable. - </para> - - <para> - On non-NixOS distributions this variable is obviously not set. This can cause regressions in language support or even crashes in some Nixpkgs-provided programs. The simplest way to mitigate this problem is exporting the <literal>LOCALE_ARCHIVE</literal> variable pointing to <literal>${glibcLocales}/lib/locale/locale-archive</literal>. The drawback (and the reason this is not the default) is the relatively large (a hundred MiB) size of the full set of locales. It is possible to build a custom set of locales by overriding parameters <literal>allLocales</literal> and <literal>locales</literal> of the package. - </para> -</section> diff --git a/doc/builders/special.xml b/doc/builders/special.xml index 15fdba9a0419..8902ce5c8132 100644 --- a/doc/builders/special.xml +++ b/doc/builders/special.xml @@ -5,6 +5,6 @@ <para> This chapter describes several special builders. </para> - <xi:include href="special/fhs-environments.xml" /> - <xi:include href="special/mkshell.xml" /> + <xi:include href="special/fhs-environments.section.xml" /> + <xi:include href="special/mkshell.section.xml" /> </chapter> diff --git a/doc/builders/special/fhs-environments.section.md b/doc/builders/special/fhs-environments.section.md new file mode 100644 index 000000000000..512a31cae0f1 --- /dev/null +++ b/doc/builders/special/fhs-environments.section.md @@ -0,0 +1,45 @@ +# buildFHSUserEnv {#sec-fhs-environments} + +`buildFHSUserEnv` provides a way to build and run FHS-compatible lightweight sandboxes. It creates an isolated root with bound `/nix/store`, so its footprint in terms of disk space needed is quite small. This allows one to run software which is hard or unfeasible to patch for NixOS -- 3rd-party source trees with FHS assumptions, games distributed as tarballs, software with integrity checking and/or external self-updated binaries. It uses Linux namespaces feature to create temporary lightweight environments which are destroyed after all child processes exit, without root user rights requirement. Accepted arguments are: + +- `name` + Environment name. +- `targetPkgs` + Packages to be installed for the main host's architecture (i.e. x86_64 on x86_64 installations). Along with libraries binaries are also installed. +- `multiPkgs` + Packages to be installed for all architectures supported by a host (i.e. i686 and x86_64 on x86_64 installations). Only libraries are installed by default. +- `extraBuildCommands` + Additional commands to be executed for finalizing the directory structure. +- `extraBuildCommandsMulti` + Like `extraBuildCommands`, but executed only on multilib architectures. +- `extraOutputsToInstall` + Additional derivation outputs to be linked for both target and multi-architecture packages. +- `extraInstallCommands` + Additional commands to be executed for finalizing the derivation with runner script. +- `runScript` + A command that would be executed inside the sandbox and passed all the command line arguments. It defaults to `bash`. + +One can create a simple environment using a `shell.nix` like that: + +```nix +{ pkgs ? import <nixpkgs> {} }: + +(pkgs.buildFHSUserEnv { + name = "simple-x11-env"; + targetPkgs = pkgs: (with pkgs; + [ udev + alsaLib + ]) ++ (with pkgs.xorg; + [ libX11 + libXcursor + libXrandr + ]); + multiPkgs = pkgs: (with pkgs; + [ udev + alsaLib + ]); + runScript = "bash"; +}).env +``` + +Running `nix-shell` would then drop you into a shell with these libraries and binaries available. You can use this to run closed-source applications which expect FHS structure without hassles: simply change `runScript` to the application path, e.g. `./bin/start.sh` -- relative paths are supported. diff --git a/doc/builders/special/fhs-environments.xml b/doc/builders/special/fhs-environments.xml deleted file mode 100644 index e7b81e97a23f..000000000000 --- a/doc/builders/special/fhs-environments.xml +++ /dev/null @@ -1,122 +0,0 @@ -<section xmlns="http://docbook.org/ns/docbook" - xmlns:xlink="http://www.w3.org/1999/xlink" - xmlns:xi="http://www.w3.org/2001/XInclude" - xml:id="sec-fhs-environments"> - <title>buildFHSUserEnv</title> - - <para> - <function>buildFHSUserEnv</function> provides a way to build and run FHS-compatible lightweight sandboxes. It creates an isolated root with bound <filename>/nix/store</filename>, so its footprint in terms of disk space needed is quite small. This allows one to run software which is hard or unfeasible to patch for NixOS -- 3rd-party source trees with FHS assumptions, games distributed as tarballs, software with integrity checking and/or external self-updated binaries. It uses Linux namespaces feature to create temporary lightweight environments which are destroyed after all child processes exit, without root user rights requirement. Accepted arguments are: - </para> - - <variablelist> - <varlistentry> - <term> - <literal>name</literal> - </term> - <listitem> - <para> - Environment name. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term> - <literal>targetPkgs</literal> - </term> - <listitem> - <para> - Packages to be installed for the main host's architecture (i.e. x86_64 on x86_64 installations). Along with libraries binaries are also installed. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term> - <literal>multiPkgs</literal> - </term> - <listitem> - <para> - Packages to be installed for all architectures supported by a host (i.e. i686 and x86_64 on x86_64 installations). Only libraries are installed by default. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term> - <literal>extraBuildCommands</literal> - </term> - <listitem> - <para> - Additional commands to be executed for finalizing the directory structure. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term> - <literal>extraBuildCommandsMulti</literal> - </term> - <listitem> - <para> - Like <literal>extraBuildCommands</literal>, but executed only on multilib architectures. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term> - <literal>extraOutputsToInstall</literal> - </term> - <listitem> - <para> - Additional derivation outputs to be linked for both target and multi-architecture packages. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term> - <literal>extraInstallCommands</literal> - </term> - <listitem> - <para> - Additional commands to be executed for finalizing the derivation with runner script. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term> - <literal>runScript</literal> - </term> - <listitem> - <para> - A command that would be executed inside the sandbox and passed all the command line arguments. It defaults to <literal>bash</literal>. - </para> - </listitem> - </varlistentry> - </variablelist> - - <para> - One can create a simple environment using a <literal>shell.nix</literal> like that: - </para> - -<programlisting><![CDATA[ -{ pkgs ? import <nixpkgs> {} }: - -(pkgs.buildFHSUserEnv { - name = "simple-x11-env"; - targetPkgs = pkgs: (with pkgs; - [ udev - alsaLib - ]) ++ (with pkgs.xorg; - [ libX11 - libXcursor - libXrandr - ]); - multiPkgs = pkgs: (with pkgs; - [ udev - alsaLib - ]); - runScript = "bash"; -}).env -]]></programlisting> - - <para> - Running <literal>nix-shell</literal> would then drop you into a shell with these libraries and binaries available. You can use this to run closed-source applications which expect FHS structure without hassles: simply change <literal>runScript</literal> to the application path, e.g. <filename>./bin/start.sh</filename> -- relative paths are supported. - </para> -</section> diff --git a/doc/builders/special/mkshell.section.md b/doc/builders/special/mkshell.section.md new file mode 100644 index 000000000000..1feb75cbd6f7 --- /dev/null +++ b/doc/builders/special/mkshell.section.md @@ -0,0 +1,15 @@ +# pkgs.mkShell {#sec-pkgs-mkShell} + +`pkgs.mkShell` is a special kind of derivation that is only useful when using it combined with `nix-shell`. It will in fact fail to instantiate when invoked with `nix-build`. + +## Usage {#sec-pkgs-mkShell-usage} + +```nix +{ pkgs ? import <nixpkgs> {} }: +pkgs.mkShell { + # this will make all the build inputs from hello and gnutar + # available to the shell environment + inputsFrom = with pkgs; [ hello gnutar ]; + buildInputs = [ pkgs.gnumake ]; +} +``` diff --git a/doc/builders/special/mkshell.xml b/doc/builders/special/mkshell.xml deleted file mode 100644 index cef65d06b882..000000000000 --- a/doc/builders/special/mkshell.xml +++ /dev/null @@ -1,24 +0,0 @@ -<section xmlns="http://docbook.org/ns/docbook" - xmlns:xlink="http://www.w3.org/1999/xlink" - xmlns:xi="http://www.w3.org/2001/XInclude" - xml:id="sec-pkgs-mkShell"> - <title>pkgs.mkShell</title> - - <para> - <function>pkgs.mkShell</function> is a special kind of derivation that is only useful when using it combined with <command>nix-shell</command>. It will in fact fail to instantiate when invoked with <command>nix-build</command>. - </para> - - <section xml:id="sec-pkgs-mkShell-usage"> - <title>Usage</title> - -<programlisting><![CDATA[ -{ pkgs ? import <nixpkgs> {} }: -pkgs.mkShell { - # this will make all the build inputs from hello and gnutar - # available to the shell environment - inputsFrom = with pkgs; [ hello gnutar ]; - buildInputs = [ pkgs.gnumake ]; -} -]]></programlisting> - </section> -</section> diff --git a/doc/builders/trivial-builders.chapter.md b/doc/builders/trivial-builders.chapter.md new file mode 100644 index 000000000000..c39803fbe339 --- /dev/null +++ b/doc/builders/trivial-builders.chapter.md @@ -0,0 +1,52 @@ +# Trivial builders {#chap-trivial-builders} + +Nixpkgs provides a couple of functions that help with building derivations. The most important one, `stdenv.mkDerivation`, has already been documented above. The following functions wrap `stdenv.mkDerivation`, making it easier to use in certain cases. + +## `runCommand` {#trivial-builder-runCommand} + +This takes three arguments, `name`, `env`, and `buildCommand`. `name` is just the name that Nix will append to the store path in the same way that `stdenv.mkDerivation` uses its `name` attribute. `env` is an attribute set specifying environment variables that will be set for this derivation. These attributes are then passed to the wrapped `stdenv.mkDerivation`. `buildCommand` specifies the commands that will be run to create this derivation. Note that you will need to create `$out` for Nix to register the command as successful. + +An example of using `runCommand` is provided below. + +```nix +(import <nixpkgs> {}).runCommand "my-example" {} '' + echo My example command is running + + mkdir $out + + echo I can write data to the Nix store > $out/message + + echo I can also run basic commands like: + + echo ls + ls + + echo whoami + whoami + + echo date + date +'' +``` + +## `runCommandCC` {#trivial-builder-runCommandCC} + +This works just like `runCommand`. The only difference is that it also provides a C compiler in `buildCommand`'s environment. To minimize your dependencies, you should only use this if you are sure you will need a C compiler as part of running your command. + +## `runCommandLocal` {#trivial-builder-runCommandLocal} + +Variant of `runCommand` that forces the derivation to be built locally, it is not substituted. This is intended for very cheap commands (<1s execution time). It saves on the network roundrip and can speed up a build. + +::: {.note} +This sets [`allowSubstitutes` to `false`](https://nixos.org/nix/manual/#adv-attr-allowSubstitutes), so only use `runCommandLocal` if you are certain the user will always have a builder for the `system` of the derivation. This should be true for most trivial use cases (e.g. just copying some files to a different location or adding symlinks), because there the `system` is usually the same as `builtins.currentSystem`. +::: + +## `writeTextFile`, `writeText`, `writeTextDir`, `writeScript`, `writeScriptBin` {#trivial-builder-writeText} + +These functions write `text` to the Nix store. This is useful for creating scripts from Nix expressions. `writeTextFile` takes an attribute set and expects two arguments, `name` and `text`. `name` corresponds to the name used in the Nix store path. `text` will be the contents of the file. You can also set `executable` to true to make this file have the executable bit set. + +Many more commands wrap `writeTextFile` including `writeText`, `writeTextDir`, `writeScript`, and `writeScriptBin`. These are convenience functions over `writeTextFile`. + +## `symlinkJoin` {#trivial-builder-symlinkJoin} + +This can be used to put many derivations into the same directory structure. It works by creating a new derivation and adding symlinks to each of the paths listed. It expects two arguments, `name`, and `paths`. `name` is the name used in the Nix store path for the created derivation. `paths` is a list of paths that will be symlinked. These paths can be to Nix store derivations or any other subdirectory contained within. diff --git a/doc/builders/trivial-builders.xml b/doc/builders/trivial-builders.xml deleted file mode 100644 index 94948c57b91f..000000000000 --- a/doc/builders/trivial-builders.xml +++ /dev/null @@ -1,90 +0,0 @@ -<chapter xmlns="http://docbook.org/ns/docbook" - xmlns:xlink="http://www.w3.org/1999/xlink" - xmlns:xi="http://www.w3.org/2001/XInclude" - xml:id="chap-trivial-builders"> - <title>Trivial builders</title> - <para> - Nixpkgs provides a couple of functions that help with building derivations. The most important one, <function>stdenv.mkDerivation</function>, has already been documented above. The following functions wrap <function>stdenv.mkDerivation</function>, making it easier to use in certain cases. - </para> - <variablelist> - <varlistentry xml:id="trivial-builder-runCommand"> - <term> - <literal>runCommand</literal> - </term> - <listitem> - <para> - This takes three arguments, <literal>name</literal>, <literal>env</literal>, and <literal>buildCommand</literal>. <literal>name</literal> is just the name that Nix will append to the store path in the same way that <literal>stdenv.mkDerivation</literal> uses its <literal>name</literal> attribute. <literal>env</literal> is an attribute set specifying environment variables that will be set for this derivation. These attributes are then passed to the wrapped <literal>stdenv.mkDerivation</literal>. <literal>buildCommand</literal> specifies the commands that will be run to create this derivation. Note that you will need to create <literal>$out</literal> for Nix to register the command as successful. - </para> - <para> - An example of using <literal>runCommand</literal> is provided below. - </para> -<programlisting> -(import <nixpkgs> {}).runCommand "my-example" {} '' - echo My example command is running - - mkdir $out - - echo I can write data to the Nix store > $out/message - - echo I can also run basic commands like: - - echo ls - ls - - echo whoami - whoami - - echo date - date -'' -</programlisting> - </listitem> - </varlistentry> - <varlistentry xml:id="trivial-builder-runCommandCC"> - <term> - <literal>runCommandCC</literal> - </term> - <listitem> - <para> - This works just like <literal>runCommand</literal>. The only difference is that it also provides a C compiler in <literal>buildCommand</literal>’s environment. To minimize your dependencies, you should only use this if you are sure you will need a C compiler as part of running your command. - </para> - </listitem> - </varlistentry> - <varlistentry xml:id="trivial-builder-runCommandLocal"> - <term> - <literal>runCommandLocal</literal> - </term> - <listitem> - <para> - Variant of <literal>runCommand</literal> that forces the derivation to be built locally, it is not substituted. This is intended for very cheap commands (<1s execution time). It saves on the network roundrip and can speed up a build. - </para> - <note><para> - This sets <link xlink:href="https://nixos.org/nix/manual/#adv-attr-allowSubstitutes"><literal>allowSubstitutes</literal> to <literal>false</literal></link>, so only use <literal>runCommandLocal</literal> if you are certain the user will always have a builder for the <literal>system</literal> of the derivation. This should be true for most trivial use cases (e.g. just copying some files to a different location or adding symlinks), because there the <literal>system</literal> is usually the same as <literal>builtins.currentSystem</literal>. - </para></note> - </listitem> - </varlistentry> - <varlistentry xml:id="trivial-builder-writeText"> - <term> - <literal>writeTextFile</literal>, <literal>writeText</literal>, <literal>writeTextDir</literal>, <literal>writeScript</literal>, <literal>writeScriptBin</literal> - </term> - <listitem> - <para> - These functions write <literal>text</literal> to the Nix store. This is useful for creating scripts from Nix expressions. <literal>writeTextFile</literal> takes an attribute set and expects two arguments, <literal>name</literal> and <literal>text</literal>. <literal>name</literal> corresponds to the name used in the Nix store path. <literal>text</literal> will be the contents of the file. You can also set <literal>executable</literal> to true to make this file have the executable bit set. - </para> - <para> - Many more commands wrap <literal>writeTextFile</literal> including <literal>writeText</literal>, <literal>writeTextDir</literal>, <literal>writeScript</literal>, and <literal>writeScriptBin</literal>. These are convenience functions over <literal>writeTextFile</literal>. - </para> - </listitem> - </varlistentry> - <varlistentry xml:id="trivial-builder-symlinkJoin"> - <term> - <literal>symlinkJoin</literal> - </term> - <listitem> - <para> - This can be used to put many derivations into the same directory structure. It works by creating a new derivation and adding symlinks to each of the paths listed. It expects two arguments, <literal>name</literal>, and <literal>paths</literal>. <literal>name</literal> is the name used in the Nix store path for the created derivation. <literal>paths</literal> is a list of paths that will be symlinked. These paths can be to Nix store derivations or any other subdirectory contained within. - </para> - </listitem> - </varlistentry> - </variablelist> -</chapter> diff --git a/doc/manual.xml b/doc/manual.xml index 4367c023b402..8cecb01fc227 100644 --- a/doc/manual.xml +++ b/doc/manual.xml @@ -23,8 +23,8 @@ </part> <part> <title>Builders</title> - <xi:include href="builders/fetchers.xml" /> - <xi:include href="builders/trivial-builders.xml" /> + <xi:include href="builders/fetchers.chapter.xml" /> + <xi:include href="builders/trivial-builders.chapter.xml" /> <xi:include href="builders/special.xml" /> <xi:include href="builders/images.xml" /> <xi:include href="languages-frameworks/index.xml" /> diff --git a/nixos/doc/manual/release-notes/rl-2103.xml b/nixos/doc/manual/release-notes/rl-2103.xml index 2b0144a69c22..7c6356770a5f 100644 --- a/nixos/doc/manual/release-notes/rl-2103.xml +++ b/nixos/doc/manual/release-notes/rl-2103.xml @@ -431,6 +431,13 @@ been dropped from upstream releases. </para> </listitem> + <listitem> + <para> + <xref linkend="opt-users.users._name_.createHome" /> now always ensures home directory permissions to be <literal>0700</literal>. + Permissions had previously been ignored for already existing home directories, possibly leaving them readable by others. + The option's description was incorrect regarding ownership management and has been simplified greatly. + </para> + </listitem> </itemizedlist> </section> </section> diff --git a/nixos/modules/config/update-users-groups.pl b/nixos/modules/config/update-users-groups.pl index fd3affae899c..758237152932 100644 --- a/nixos/modules/config/update-users-groups.pl +++ b/nixos/modules/config/update-users-groups.pl @@ -209,10 +209,11 @@ foreach my $u (@{$spec->{users}}) { } } - # Create a home directory. + # Ensure home directory incl. ownership and permissions. if ($u->{createHome}) { make_path($u->{home}, { mode => 0700 }) if ! -e $u->{home}; chown $u->{uid}, $u->{gid}, $u->{home}; + chmod 0700, $u->{home}; } if (defined $u->{passwordFile}) { diff --git a/nixos/modules/config/users-groups.nix b/nixos/modules/config/users-groups.nix index 72285fe631da..a95763380986 100644 --- a/nixos/modules/config/users-groups.nix +++ b/nixos/modules/config/users-groups.nix @@ -198,10 +198,8 @@ let type = types.bool; default = false; description = '' - If true, the home directory will be created automatically. If this - option is true and the home directory already exists but is not - owned by the user, directory owner and group will be changed to - match the user. + Whether to create the home directory and ensure ownership as well as + permissions to match the user. ''; }; diff --git a/nixos/tests/minecraft.nix b/nixos/tests/minecraft.nix index e0c35f2d2769..3225ebac392a 100644 --- a/nixos/tests/minecraft.nix +++ b/nixos/tests/minecraft.nix @@ -21,7 +21,7 @@ import ./make-test-python.nix ({ pkgs, lib, ... }: { in '' client.wait_for_x() client.execute("su - alice -c minecraft-launcher &") - client.wait_for_text("CONTINUE WITHOUT LOGIN") + client.wait_for_text("Create a new Microsoft account") client.sleep(10) client.screenshot("launcher") ''; diff --git a/pkgs/applications/editors/vscode/update-vscodium.sh b/pkgs/applications/editors/vscode/update-vscodium.sh index 0ddab6063cad..5df4cafdee94 100755 --- a/pkgs/applications/editors/vscode/update-vscodium.sh +++ b/pkgs/applications/editors/vscode/update-vscodium.sh @@ -23,6 +23,6 @@ VSCODIUM_LINUX_URL="https://github.com/VSCodium/vscodium/releases/download/${VSC VSCODIUM_LINUX_SHA256=$(nix-prefetch-url ${VSCODIUM_LINUX_URL}) sed -i "s/x86_64-linux = \".\{52\}\"/x86_64-linux = \"${VSCODIUM_LINUX_SHA256}\"/" "$ROOT/vscodium.nix" -VSCODIUM_DARWIN_URL="https://github.com/VSCodium/vscodium/releases/download/${VSCODIUM_VER}/VSCodium-darwin-${VSCODIUM_VER}.zip" +VSCODIUM_DARWIN_URL="https://github.com/VSCodium/vscodium/releases/download/${VSCODIUM_VER}/VSCodium-darwin-x64-${VSCODIUM_VER}.zip" VSCODIUM_DARWIN_SHA256=$(nix-prefetch-url ${VSCODIUM_DARWIN_URL}) sed -i "s/x86_64-darwin = \".\{52\}\"/x86_64-darwin = \"${VSCODIUM_DARWIN_SHA256}\"/" "$ROOT/vscodium.nix" diff --git a/pkgs/applications/networking/browsers/chromium/browser.nix b/pkgs/applications/networking/browsers/chromium/browser.nix index d3953da71d28..b9a42e825f31 100644 --- a/pkgs/applications/networking/browsers/chromium/browser.nix +++ b/pkgs/applications/networking/browsers/chromium/browser.nix @@ -1,4 +1,4 @@ -{ stdenv, mkChromiumDerivation, channel, enableWideVine }: +{ stdenv, mkChromiumDerivation, channel, enableWideVine, ungoogled }: with stdenv.lib; @@ -69,18 +69,25 @@ mkChromiumDerivation (base: rec { requiredSystemFeatures = [ "big-parallel" ]; meta = { - description = "An open source web browser from Google"; + description = "An open source web browser from Google" + + optionalString ungoogled ", with dependencies on Google web services removed"; longDescription = '' Chromium is an open source web browser from Google that aims to build a safer, faster, and more stable way for all Internet users to experience the web. It has a minimalist user interface and provides the vast majority of source code for Google Chrome (which has some additional features). ''; - homepage = "https://www.chromium.org/"; - maintainers = with maintainers; [ primeos thefloweringash bendlas ]; # See README.md + homepage = if ungoogled + then "https://github.com/Eloston/ungoogled-chromium" + else "https://www.chromium.org/"; + maintainers = with maintainers; if ungoogled + then [ squalus primeos ] + else [ primeos thefloweringash bendlas ]; license = if enableWideVine then licenses.unfree else licenses.bsd3; platforms = platforms.linux; - hydraPlatforms = if channel == "stable" then ["aarch64-linux" "x86_64-linux"] else []; + hydraPlatforms = if (channel == "stable" || channel == "ungoogled-chromium") + then ["aarch64-linux" "x86_64-linux"] + else []; timeout = 172800; # 48 hours (increased from the Hydra default of 10h) }; }) diff --git a/pkgs/applications/networking/browsers/chromium/common.nix b/pkgs/applications/networking/browsers/chromium/common.nix index 0c16d0c9ec60..d754c2769c90 100644 --- a/pkgs/applications/networking/browsers/chromium/common.nix +++ b/pkgs/applications/networking/browsers/chromium/common.nix @@ -31,6 +31,7 @@ , proprietaryCodecs ? true , cupsSupport ? true , pulseSupport ? false, libpulseaudio ? null +, ungoogled ? false, ungoogled-chromium , channel , upstream-info @@ -109,6 +110,10 @@ let result else result; + ungoogler = ungoogled-chromium { + inherit (upstream-info.deps.ungoogled-patches) rev sha256; + }; + base = rec { name = "${packageName}-unwrapped-${version}"; inherit (upstream-info) version; @@ -208,6 +213,10 @@ let '' + optionalString stdenv.isAarch64 '' substituteInPlace build/toolchain/linux/BUILD.gn \ --replace 'toolprefix = "aarch64-linux-gnu-"' 'toolprefix = ""' + '' + optionalString ungoogled '' + ${ungoogler}/utils/prune_binaries.py . ${ungoogler}/pruning.list || echo "some errors" + ${ungoogler}/utils/patches.py . ${ungoogler}/patches + ${ungoogler}/utils/domain_substitution.py apply -r ${ungoogler}/domain_regex.list -f ${ungoogler}/domain_substitution.list -c ./ungoogled-domsubcache.tar.gz . ''; gnFlags = mkGnFlags ({ @@ -260,6 +269,24 @@ let use_system_minigbm = true; use_system_libdrm = true; system_wayland_scanner_path = "${wayland}/bin/wayland-scanner"; + } // optionalAttrs ungoogled { + chrome_pgo_phase = 0; + enable_hangout_services_extension = false; + enable_js_type_check = false; + enable_mdns = false; + enable_nacl_nonsfi = false; + enable_one_click_signin = false; + enable_reading_list = false; + enable_remoting = false; + enable_reporting = false; + enable_service_discovery = false; + exclude_unwind_tables = true; + google_api_key = ""; + google_default_client_id = ""; + google_default_client_secret = ""; + safe_browsing_mode = 0; + use_official_google_api_keys = false; + use_unofficial_version_number = false; } // (extraAttrs.gnFlags or {})); configurePhase = '' diff --git a/pkgs/applications/networking/browsers/chromium/default.nix b/pkgs/applications/networking/browsers/chromium/default.nix index e35e4d945dde..0cbfbc332706 100644 --- a/pkgs/applications/networking/browsers/chromium/default.nix +++ b/pkgs/applications/networking/browsers/chromium/default.nix @@ -15,6 +15,7 @@ , enablePepperFlash ? false , enableWideVine ? false , enableVaapi ? false # Disabled by default due to unofficial support +, ungoogled ? false # Whether to build chromium or ungoogled-chromium , cupsSupport ? true , pulseSupport ? config.pulseaudio or stdenv.isLinux , commandLineArgs ? "" @@ -33,7 +34,7 @@ let mkChromiumDerivation = callPackage ./common.nix ({ inherit channel gnome gnomeSupport gnomeKeyringSupport proprietaryCodecs - cupsSupport pulseSupport; + cupsSupport pulseSupport ungoogled; gnChromium = gn.overrideAttrs (oldAttrs: { inherit (upstream-info.deps.gn) version; src = fetchgit { @@ -42,11 +43,13 @@ let }); }); - browser = callPackage ./browser.nix { inherit channel enableWideVine; }; + browser = callPackage ./browser.nix { inherit channel enableWideVine ungoogled; }; plugins = callPackage ./plugins.nix { inherit enablePepperFlash; }; + + ungoogled-chromium = callPackage ./ungoogled.nix {}; }; pkgSuffix = if channel == "dev" then "unstable" else channel; @@ -113,7 +116,9 @@ let }; }; - suffix = if channel != "stable" then "-" + channel else ""; + suffix = if (channel == "stable" || channel == "ungoogled-chromium") + then "" + else "-" + channel; sandboxExecutableName = chromium.browser.passthru.sandboxExecutableName; @@ -133,7 +138,8 @@ let else browser; in stdenv.mkDerivation { - name = "chromium${suffix}-${version}"; + name = lib.optionalString ungoogled "ungoogled-" + + "chromium${suffix}-${version}"; inherit version; buildInputs = [ diff --git a/pkgs/applications/networking/browsers/ungoogled-chromium/ungoogled.nix b/pkgs/applications/networking/browsers/chromium/ungoogled.nix index 17418c90af49..299b19f2f4f6 100644 --- a/pkgs/applications/networking/browsers/ungoogled-chromium/ungoogled.nix +++ b/pkgs/applications/networking/browsers/chromium/ungoogled.nix @@ -4,6 +4,7 @@ , makeWrapper , patch }: + { rev , sha256 }: diff --git a/pkgs/applications/networking/browsers/chromium/update.py b/pkgs/applications/networking/browsers/chromium/update.py index 9e1f0aec598d..57fe268e72fe 100755 --- a/pkgs/applications/networking/browsers/chromium/update.py +++ b/pkgs/applications/networking/browsers/chromium/update.py @@ -113,9 +113,12 @@ with open(JSON_PATH, 'w') as out: return 1 elif channel_name == 'dev': return 2 + elif channel_name == 'ungoogled-chromium': + return 3 else: print(f'Error: Unexpected channel: {channel_name}', file=sys.stderr) sys.exit(1) + channels['ungoogled-chromium'] = last_channels['ungoogled-chromium'] # Keep ungoogled-chromium unchanged sorted_channels = OrderedDict(sorted(channels.items(), key=get_channel_key)) json.dump(sorted_channels, out, indent=2) out.write('\n') diff --git a/pkgs/applications/networking/browsers/chromium/upstream-info.json b/pkgs/applications/networking/browsers/chromium/upstream-info.json index 3b64e601eba6..1fd36cb15f30 100644 --- a/pkgs/applications/networking/browsers/chromium/upstream-info.json +++ b/pkgs/applications/networking/browsers/chromium/upstream-info.json @@ -42,5 +42,21 @@ "sha256": "1xcm07qjk6m2czi150fiqqxql067i832adck6zxrishm70c9jbr9" } } + }, + "ungoogled-chromium": { + "version": "87.0.4280.88", + "sha256": "1h09g9b2zxad85vd146ymvg3w2kpngpi78yig3dn1vrmhwr4aiiy", + "deps": { + "ungoogled-patches": { + "rev": "87.0.4280.88-1", + "sha256": "0w2137w8hfcgl6f938hqnb4ffp33v5r8vdzxrvs814w7dszkiqgg" + }, + "gn": { + "version": "2020-09-09", + "url": "https://gn.googlesource.com/gn", + "rev": "e002e68a48d1c82648eadde2f6aafa20d08c36f2", + "sha256": "0x4c7amxwzxs39grqs3dnnz0531mpf1p75niq7zhinyfqm86i4dk" + } + } } } diff --git a/pkgs/applications/networking/browsers/ungoogled-chromium/browser.nix b/pkgs/applications/networking/browsers/ungoogled-chromium/browser.nix deleted file mode 100644 index c23a8cead3a7..000000000000 --- a/pkgs/applications/networking/browsers/ungoogled-chromium/browser.nix +++ /dev/null @@ -1,86 +0,0 @@ -{ stdenv, mkChromiumDerivation, channel, enableWideVine }: - -with stdenv.lib; - -mkChromiumDerivation (base: rec { - name = "chromium-browser"; - packageName = "chromium"; - buildTargets = [ "mksnapshot" "chrome_sandbox" "chrome" ]; - - outputs = ["out" "sandbox"]; - - sandboxExecutableName = "__chromium-suid-sandbox"; - - installPhase = '' - mkdir -p "$libExecPath" - cp -v "$buildPath/"*.so "$buildPath/"*.pak "$buildPath/"*.bin "$libExecPath/" - cp -v "$buildPath/icudtl.dat" "$libExecPath/" - cp -vLR "$buildPath/locales" "$buildPath/resources" "$libExecPath/" - cp -v "$buildPath/chrome" "$libExecPath/$packageName" - - # Swiftshader - # See https://stackoverflow.com/a/4264351/263061 for the find invocation. - if [ -n "$(find "$buildPath/swiftshader/" -maxdepth 1 -name '*.so' -print -quit)" ]; then - echo "Swiftshader files found; installing" - mkdir -p "$libExecPath/swiftshader" - cp -v "$buildPath/swiftshader/"*.so "$libExecPath/swiftshader/" - else - echo "Swiftshader files not found" - fi - - mkdir -p "$sandbox/bin" - cp -v "$buildPath/chrome_sandbox" "$sandbox/bin/${sandboxExecutableName}" - - mkdir -vp "$out/share/man/man1" - cp -v "$buildPath/chrome.1" "$out/share/man/man1/$packageName.1" - - for icon_file in chrome/app/theme/chromium/product_logo_*[0-9].png; do - num_and_suffix="''${icon_file##*logo_}" - icon_size="''${num_and_suffix%.*}" - expr "$icon_size" : "^[0-9][0-9]*$" || continue - logo_output_prefix="$out/share/icons/hicolor" - logo_output_path="$logo_output_prefix/''${icon_size}x''${icon_size}/apps" - mkdir -vp "$logo_output_path" - cp -v "$icon_file" "$logo_output_path/$packageName.png" - done - - # Install Desktop Entry - install -D chrome/installer/linux/common/desktop.template \ - $out/share/applications/chromium-browser.desktop - - substituteInPlace $out/share/applications/chromium-browser.desktop \ - --replace "@@MENUNAME@@" "Chromium" \ - --replace "@@PACKAGE@@" "chromium" \ - --replace "Exec=/usr/bin/@@USR_BIN_SYMLINK_NAME@@" "Exec=chromium" - - # Append more mime types to the end - sed -i '/^MimeType=/ s,$,x-scheme-handler/webcal;x-scheme-handler/mailto;x-scheme-handler/about;x-scheme-handler/unknown,' \ - $out/share/applications/chromium-browser.desktop - - # See https://github.com/NixOS/nixpkgs/issues/12433 - sed -i \ - -e '/\[Desktop Entry\]/a\' \ - -e 'StartupWMClass=chromium-browser' \ - $out/share/applications/chromium-browser.desktop - ''; - - passthru = { inherit sandboxExecutableName; }; - - requiredSystemFeatures = [ "big-parallel" ]; - - meta = { - description = "An open source web browser from Google, with dependencies on Google web services removed"; - longDescription = '' - Chromium is an open source web browser from Google that aims to build a - safer, faster, and more stable way for all Internet users to experience - the web. It has a minimalist user interface and provides the vast majority - of source code for Google Chrome (which has some additional features). - ''; - homepage = "https://github.com/Eloston/ungoogled-chromium"; - maintainers = with maintainers; [ squalus ]; - license = if enableWideVine then licenses.unfree else licenses.bsd3; - platforms = platforms.linux; - hydraPlatforms = if channel == "stable" then ["aarch64-linux" "x86_64-linux"] else []; - timeout = 172800; # 48 hours (increased from the Hydra default of 10h) - }; -}) diff --git a/pkgs/applications/networking/browsers/ungoogled-chromium/common.nix b/pkgs/applications/networking/browsers/ungoogled-chromium/common.nix deleted file mode 100644 index 17814c26caa4..000000000000 --- a/pkgs/applications/networking/browsers/ungoogled-chromium/common.nix +++ /dev/null @@ -1,345 +0,0 @@ -{ stdenv, lib, llvmPackages, gnChromium, ninja, which, nodejs, fetchpatch, fetchurl - -# default dependencies -, gnutar, bzip2, flac, speex, libopus -, libevent, expat, libjpeg, snappy -, libpng, libcap -, xdg_utils, yasm, nasm, minizip, libwebp -, libusb1, pciutils, nss, re2 - -, python2Packages, perl, pkgconfig -, nspr, systemd, kerberos -, util-linux, alsaLib -, bison, gperf -, glib, gtk3, dbus-glib -, glibc -, libXScrnSaver, libXcursor, libXtst, libGLU, libGL -, protobuf, speechd, libXdamage, cups -, ffmpeg, libxslt, libxml2, at-spi2-core -, jre8 -, pipewire_0_2 -, libva - -# optional dependencies -, libgcrypt ? null # gnomeSupport || cupsSupport -, libdrm ? null, wayland ? null, mesa ? null, libxkbcommon ? null # useOzone - -# package customization -, useOzone ? true -, gnomeSupport ? false, gnome ? null -, gnomeKeyringSupport ? false, libgnome-keyring3 ? null -, proprietaryCodecs ? true -, cupsSupport ? true -, pulseSupport ? false, libpulseaudio ? null -, ungoogled-chromium -, ungoogled ? false - -, channel -, upstream-info -}: - -buildFun: - -with stdenv.lib; - -let - jre = jre8; # TODO: remove override https://github.com/NixOS/nixpkgs/pull/89731 - - # The additional attributes for creating derivations based on the chromium - # source tree. - extraAttrs = buildFun base; - - githubPatch = commit: sha256: fetchpatch { - url = "https://github.com/chromium/chromium/commit/${commit}.patch"; - inherit sha256; - }; - - mkGnFlags = - let - # Serialize Nix types into GN types according to this document: - # https://source.chromium.org/gn/gn/+/master:docs/language.md - mkGnString = value: "\"${escape ["\"" "$" "\\"] value}\""; - sanitize = value: - if value == true then "true" - else if value == false then "false" - else if isList value then "[${concatMapStringsSep ", " sanitize value}]" - else if isInt value then toString value - else if isString value then mkGnString value - else throw "Unsupported type for GN value `${value}'."; - toFlag = key: value: "${key}=${sanitize value}"; - in attrs: concatStringsSep " " (attrValues (mapAttrs toFlag attrs)); - - # https://source.chromium.org/chromium/chromium/src/+/master:build/linux/unbundle/replace_gn_files.py - gnSystemLibraries = [ - "ffmpeg" - "flac" - "libjpeg" - "libpng" - "libwebp" - "libxslt" - "opus" - "snappy" - "zlib" - ]; - - opusWithCustomModes = libopus.override { - withCustomModes = true; - }; - - defaultDependencies = [ - bzip2 flac speex opusWithCustomModes - libevent expat libjpeg snappy - libpng libcap - xdg_utils minizip libwebp - libusb1 re2 - ffmpeg libxslt libxml2 - nasm - ]; - - # build paths and release info - packageName = extraAttrs.packageName or extraAttrs.name; - buildType = "Release"; - buildPath = "out/${buildType}"; - libExecPath = "$out/libexec/${packageName}"; - - versionRange = min-version: upto-version: - let inherit (upstream-info) version; - result = versionAtLeast version min-version && versionOlder version upto-version; - stable-version = (importJSON ./upstream-info.json).stable.version; - in if versionAtLeast stable-version upto-version - then warn "chromium: stable version ${stable-version} is newer than a patchset bounded at ${upto-version}. You can safely delete it." - result - else result; - - ungoogler = - let versionEntry = (import ./ungoogled-src.nix)."${upstream-info.version}"; - in ungoogled-chromium { - inherit (versionEntry) rev sha256; - }; - base = rec { - name = "${packageName}-unwrapped-${version}"; - inherit (upstream-info) version; - inherit channel packageName buildType buildPath; - - src = fetchurl { - url = "https://commondatastorage.googleapis.com/chromium-browser-official/chromium-${version}.tar.xz"; - inherit (upstream-info) sha256; - }; - - nativeBuildInputs = [ - llvmPackages.lldClang.bintools - ninja which python2Packages.python perl pkgconfig - python2Packages.ply python2Packages.jinja2 nodejs - gnutar python2Packages.setuptools - ]; - - buildInputs = defaultDependencies ++ [ - nspr nss systemd - util-linux alsaLib - bison gperf kerberos - glib gtk3 dbus-glib - libXScrnSaver libXcursor libXtst libGLU libGL - pciutils protobuf speechd libXdamage at-spi2-core - jre - pipewire_0_2 - libva - ] ++ optional gnomeKeyringSupport libgnome-keyring3 - ++ optionals gnomeSupport [ gnome.GConf libgcrypt ] - ++ optionals cupsSupport [ libgcrypt cups ] - ++ optional pulseSupport libpulseaudio - ++ optionals useOzone [ libdrm wayland mesa.drivers libxkbcommon ]; - - patches = [ - ./patches/no-build-timestamps.patch # Optional patch to use SOURCE_DATE_EPOCH in compute_build_timestamp.py (should be upstreamed) - ./patches/widevine-79.patch # For bundling Widevine (DRM), might be replaceable via bundle_widevine_cdm=true in gnFlags - # ++ optional (versionRange "68" "72") ( githubPatch "<patch>" "0000000000000000000000000000000000000000000000000000000000000000" ) - ]; - - postPatch = '' - # remove unused third-party - for lib in ${toString gnSystemLibraries}; do - if [ -d "third_party/$lib" ]; then - find "third_party/$lib" -type f \ - \! -path "third_party/$lib/chromium/*" \ - \! -path "third_party/$lib/google/*" \ - \! -path "third_party/harfbuzz-ng/utils/hb_scoped.h" \ - \! -regex '.*\.\(gn\|gni\|isolate\)' \ - -delete - fi - done - - # Required for patchShebangs (unsupported interpreter directive, basename: invalid option -- '*', etc.): - substituteInPlace native_client/SConstruct --replace "#! -*- python -*-" "" - if [ -e third_party/harfbuzz-ng/src/src/update-unicode-tables.make ]; then - substituteInPlace third_party/harfbuzz-ng/src/src/update-unicode-tables.make \ - --replace "/usr/bin/env -S make -f" "/usr/bin/make -f" - fi - - # We want to be able to specify where the sandbox is via CHROME_DEVEL_SANDBOX - substituteInPlace sandbox/linux/suid/client/setuid_sandbox_host.cc \ - --replace \ - 'return sandbox_binary;' \ - 'return base::FilePath(GetDevelSandboxPath());' - - substituteInPlace services/audio/audio_sandbox_hook_linux.cc \ - --replace \ - '/usr/share/alsa/' \ - '${alsaLib}/share/alsa/' \ - --replace \ - '/usr/lib/x86_64-linux-gnu/gconv/' \ - '${glibc}/lib/gconv/' \ - --replace \ - '/usr/share/locale/' \ - '${glibc}/share/locale/' - - sed -i -e 's@"\(#!\)\?.*xdg-@"\1${xdg_utils}/bin/xdg-@' \ - chrome/browser/shell_integration_linux.cc - - sed -i -e '/lib_loader.*Load/s!"\(libudev\.so\)!"${lib.getLib systemd}/lib/\1!' \ - device/udev_linux/udev?_loader.cc - - sed -i -e '/libpci_loader.*Load/s!"\(libpci\.so\)!"${pciutils}/lib/\1!' \ - gpu/config/gpu_info_collector_linux.cc - - # Allow to put extensions into the system-path. - sed -i -e 's,/usr,/run/current-system/sw,' chrome/common/chrome_paths.cc - - patchShebangs . - # use our own nodejs - mkdir -p third_party/node/linux/node-linux-x64/bin - ln -s "$(command -v node)" third_party/node/linux/node-linux-x64/bin/node - - # Allow building against system libraries in official builds - sed -i 's/OFFICIAL_BUILD/GOOGLE_CHROME_BUILD/' tools/generate_shim_headers/generate_shim_headers.py - - '' + optionalString stdenv.isAarch64 '' - substituteInPlace build/toolchain/linux/BUILD.gn \ - --replace 'toolprefix = "aarch64-linux-gnu-"' 'toolprefix = ""' - '' + optionalString ungoogled '' - ${ungoogler}/utils/prune_binaries.py . ${ungoogler}/pruning.list || echo "some errors" - ${ungoogler}/utils/patches.py . ${ungoogler}/patches - ${ungoogler}/utils/domain_substitution.py apply -r ${ungoogler}/domain_regex.list -f ${ungoogler}/domain_substitution.list -c ./ungoogled-domsubcache.tar.gz . - ''; - - gnFlags = mkGnFlags ({ - custom_toolchain = "//build/toolchain/linux/unbundle:default"; - host_toolchain = "//build/toolchain/linux/unbundle:default"; - is_official_build = true; - - use_vaapi = !stdenv.isAarch64; # TODO: Remove once M88 is released - use_sysroot = false; - use_gnome_keyring = gnomeKeyringSupport; - use_gio = gnomeSupport; - # ninja: error: '../../native_client/toolchain/linux_x86/pnacl_newlib/bin/x86_64-nacl-objcopy', - # needed by 'nacl_irt_x86_64.nexe', missing and no known rule to make it - enable_nacl = false; - # Enabling the Widevine component here doesn't affect whether we can - # redistribute the chromium package; the Widevine component is either - # added later in the wrapped -wv build or downloaded from Google. - enable_widevine = true; - use_cups = cupsSupport; - # Provides the enable-webrtc-pipewire-capturer flag to support Wayland screen capture. - rtc_use_pipewire = true; - - treat_warnings_as_errors = false; - clang_use_chrome_plugins = false; - blink_symbol_level = 0; - symbol_level = 0; - fieldtrial_testing_like_official_build = true; - - # Google API keys, see: - # http://www.chromium.org/developers/how-tos/api-keys - # Note: These are for NixOS/nixpkgs use ONLY. For your own distribution, - # please get your own set of keys. - google_api_key = "AIzaSyDGi15Zwl11UNe6Y-5XW_upsfyw31qwZPI"; - google_default_client_id = "404761575300.apps.googleusercontent.com"; - google_default_client_secret = "9rIFQjfnkykEmqb6FfjJQD1D"; - } // optionalAttrs proprietaryCodecs { - # enable support for the H.264 codec - proprietary_codecs = true; - enable_hangout_services_extension = true; - ffmpeg_branding = "Chrome"; - } // optionalAttrs pulseSupport { - use_pulseaudio = true; - link_pulseaudio = true; - } // optionalAttrs useOzone { - use_ozone = true; - use_xkbcommon = true; - use_glib = true; - use_gtk = true; - use_system_libwayland = true; - use_system_minigbm = true; - use_system_libdrm = true; - system_wayland_scanner_path = "${wayland}/bin/wayland-scanner"; - } // optionalAttrs ungoogled { - chrome_pgo_phase = 0; - enable_hangout_services_extension = false; - enable_js_type_check = false; - enable_mdns = false; - enable_nacl_nonsfi = false; - enable_one_click_signin = false; - enable_reading_list = false; - enable_remoting = false; - enable_reporting = false; - enable_service_discovery = false; - exclude_unwind_tables = true; - google_api_key = ""; - google_default_client_id = ""; - google_default_client_secret = ""; - safe_browsing_mode = 0; - use_official_google_api_keys = false; - use_unofficial_version_number = false; - } // (extraAttrs.gnFlags or {})); - - configurePhase = '' - runHook preConfigure - - # This is to ensure expansion of $out. - libExecPath="${libExecPath}" - python build/linux/unbundle/replace_gn_files.py --system-libraries ${toString gnSystemLibraries} - ${gnChromium}/bin/gn gen --args=${escapeShellArg gnFlags} out/Release | tee gn-gen-outputs.txt - - # Fail if `gn gen` contains a WARNING. - grep -o WARNING gn-gen-outputs.txt && echo "Found gn WARNING, exiting nix build" && exit 1 - - runHook postConfigure - ''; - - # Don't spam warnings about unknown warning options. This is useful because - # our Clang is always older than Chromium's and the build logs have a size - # of approx. 25 MB without this option (and this saves e.g. 66 %). - NIX_CFLAGS_COMPILE = "-Wno-unknown-warning-option"; - - buildPhase = let - buildCommand = target: '' - ninja -C "${buildPath}" -j$NIX_BUILD_CORES -l$NIX_BUILD_CORES "${target}" - ( - source chrome/installer/linux/common/installer.include - PACKAGE=$packageName - MENUNAME="Chromium" - process_template chrome/app/resources/manpage.1.in "${buildPath}/chrome.1" - ) - ''; - targets = extraAttrs.buildTargets or []; - commands = map buildCommand targets; - in concatStringsSep "\n" commands; - - postFixup = '' - # Make sure that libGLESv2 is found by dlopen (if using EGL). - chromiumBinary="$libExecPath/$packageName" - origRpath="$(patchelf --print-rpath "$chromiumBinary")" - patchelf --set-rpath "${libGL}/lib:$origRpath" "$chromiumBinary" - ''; - - passthru = { - updateScript = ./update.py; - chromiumDeps = { - gn = gnChromium; - }; - }; - }; - -# Remove some extraAttrs we supplied to the base attributes already. -in stdenv.mkDerivation (base // removeAttrs extraAttrs [ - "name" "gnFlags" "buildTargets" -] // { passthru = base.passthru // (extraAttrs.passthru or {}); }) diff --git a/pkgs/applications/networking/browsers/ungoogled-chromium/default.nix b/pkgs/applications/networking/browsers/ungoogled-chromium/default.nix deleted file mode 100644 index b75d271ace55..000000000000 --- a/pkgs/applications/networking/browsers/ungoogled-chromium/default.nix +++ /dev/null @@ -1,214 +0,0 @@ -{ newScope, config, stdenv, fetchurl, makeWrapper -, llvmPackages_11, ed, gnugrep, coreutils, xdg_utils -, glib, gtk3, gnome3, gsettings-desktop-schemas, gn, fetchgit -, libva ? null -, pipewire_0_2 -, gcc, nspr, nss, runCommand -, lib - -# package customization -# Note: enable* flags should not require full rebuilds (i.e. only affect the wrapper) -, channel ? "stable" -, gnomeSupport ? false, gnome ? null -, gnomeKeyringSupport ? false -, proprietaryCodecs ? true -, enablePepperFlash ? false -, enableWideVine ? false -, enableVaapi ? false # Disabled by default due to unofficial support -, ungoogled ? true -, cupsSupport ? true -, pulseSupport ? config.pulseaudio or stdenv.isLinux -, commandLineArgs ? "" -}: - -let - llvmPackages = llvmPackages_11; - stdenv = llvmPackages.stdenv; - - callPackage = newScope chromium; - - chromium = rec { - inherit stdenv llvmPackages; - - upstream-info = (lib.importJSON ./upstream-info.json).${channel}; - - mkChromiumDerivation = callPackage ./common.nix ({ - inherit channel gnome gnomeSupport gnomeKeyringSupport proprietaryCodecs - cupsSupport pulseSupport; - inherit ungoogled; - gnChromium = gn.overrideAttrs (oldAttrs: { - inherit (upstream-info.deps.gn) version; - src = fetchgit { - inherit (upstream-info.deps.gn) url rev sha256; - }; - }); - }); - - browser = callPackage ./browser.nix { inherit channel enableWideVine; }; - - plugins = callPackage ./plugins.nix { - inherit enablePepperFlash; - }; - - ungoogled-chromium = callPackage ./ungoogled.nix {}; - }; - - pkgSuffix = if channel == "dev" then "unstable" else channel; - pkgName = "google-chrome-${pkgSuffix}"; - chromeSrc = fetchurl { - urls = map (repo: "${repo}/${pkgName}/${pkgName}_${version}-1_amd64.deb") [ - "https://dl.google.com/linux/chrome/deb/pool/main/g" - "http://95.31.35.30/chrome/pool/main/g" - "http://mirror.pcbeta.com/google/chrome/deb/pool/main/g" - "http://repo.fdzh.org/chrome/deb/pool/main/g" - ]; - sha256 = chromium.upstream-info.sha256bin64; - }; - - mkrpath = p: "${lib.makeSearchPathOutput "lib" "lib64" p}:${lib.makeLibraryPath p}"; - widevineCdm = stdenv.mkDerivation { - name = "chrome-widevine-cdm"; - - src = chromeSrc; - - phases = [ "unpackPhase" "patchPhase" "installPhase" "checkPhase" ]; - - unpackCmd = let - widevineCdmPath = - if channel == "stable" then - "./opt/google/chrome/WidevineCdm" - else if channel == "beta" then - "./opt/google/chrome-beta/WidevineCdm" - else if channel == "dev" then - "./opt/google/chrome-unstable/WidevineCdm" - else - throw "Unknown chromium channel."; - in '' - # Extract just WidevineCdm from upstream's .deb file - ar p "$src" data.tar.xz | tar xJ "${widevineCdmPath}" - - # Move things around so that we don't have to reference a particular - # chrome-* directory later. - mv "${widevineCdmPath}" ./ - - # unpackCmd wants a single output directory; let it take WidevineCdm/ - rm -rf opt - ''; - - doCheck = true; - checkPhase = '' - ! find -iname '*.so' -exec ldd {} + | grep 'not found' - ''; - - PATCH_RPATH = mkrpath [ gcc.cc glib nspr nss ]; - - patchPhase = '' - patchelf --set-rpath "$PATCH_RPATH" _platform_specific/linux_x64/libwidevinecdm.so - ''; - - installPhase = '' - mkdir -p $out/WidevineCdm - cp -a * $out/WidevineCdm/ - ''; - - meta = { - platforms = [ "x86_64-linux" ]; - license = lib.licenses.unfree; - }; - }; - - suffix = if channel != "stable" then "-" + channel else ""; - - sandboxExecutableName = chromium.browser.passthru.sandboxExecutableName; - - version = chromium.browser.version; - - # We want users to be able to enableWideVine without rebuilding all of - # chromium, so we have a separate derivation here that copies chromium - # and adds the unfree WidevineCdm. - chromiumWV = let browser = chromium.browser; in if enableWideVine then - runCommand (browser.name + "-wv") { version = browser.version; } - '' - mkdir -p $out - cp -a ${browser}/* $out/ - chmod u+w $out/libexec/chromium - cp -a ${widevineCdm}/WidevineCdm $out/libexec/chromium/ - '' - else browser; - -in stdenv.mkDerivation { - name = "ungoogled-chromium${suffix}-${version}"; - inherit version; - - buildInputs = [ - makeWrapper ed - - # needed for GSETTINGS_SCHEMAS_PATH - gsettings-desktop-schemas glib gtk3 - - # needed for XDG_ICON_DIRS - gnome3.adwaita-icon-theme - ]; - - outputs = ["out" "sandbox"]; - - buildCommand = let - browserBinary = "${chromiumWV}/libexec/chromium/chromium"; - getWrapperFlags = plugin: "$(< \"${plugin}/nix-support/wrapper-flags\")"; - libPath = stdenv.lib.makeLibraryPath [ libva pipewire_0_2 ]; - - in with stdenv.lib; '' - mkdir -p "$out/bin" - - eval makeWrapper "${browserBinary}" "$out/bin/chromium" \ - --add-flags ${escapeShellArg (escapeShellArg commandLineArgs)} \ - ${lib.optionalString enableVaapi "--add-flags --enable-accelerated-video-decode"} \ - ${concatMapStringsSep " " getWrapperFlags chromium.plugins.enabled} - - ed -v -s "$out/bin/chromium" << EOF - 2i - - if [ -x "/run/wrappers/bin/${sandboxExecutableName}" ] - then - export CHROME_DEVEL_SANDBOX="/run/wrappers/bin/${sandboxExecutableName}" - else - export CHROME_DEVEL_SANDBOX="$sandbox/bin/${sandboxExecutableName}" - fi - - '' + lib.optionalString (libPath != "") '' - # To avoid loading .so files from cwd, LD_LIBRARY_PATH here must not - # contain an empty section before or after a colon. - export LD_LIBRARY_PATH="\$LD_LIBRARY_PATH\''${LD_LIBRARY_PATH:+:}${libPath}" - '' + '' - - # libredirect causes chromium to deadlock on startup - export LD_PRELOAD="\$(echo -n "\$LD_PRELOAD" | ${coreutils}/bin/tr ':' '\n' | ${gnugrep}/bin/grep -v /lib/libredirect\\\\.so$ | ${coreutils}/bin/tr '\n' ':')" - - export XDG_DATA_DIRS=$XDG_ICON_DIRS:$GSETTINGS_SCHEMAS_PATH\''${XDG_DATA_DIRS:+:}\$XDG_DATA_DIRS - - # Mainly for xdg-open but also other xdg-* tools: - export PATH="${xdg_utils}/bin\''${PATH:+:}\$PATH" - - . - w - EOF - - ln -sv "${chromium.browser.sandbox}" "$sandbox" - - ln -s "$out/bin/chromium" "$out/bin/chromium-browser" - - mkdir -p "$out/share" - for f in '${chromium.browser}'/share/*; do # hello emacs */ - ln -s -t "$out/share/" "$f" - done - ''; - - inherit (chromium.browser) packageName; - meta = chromium.browser.meta; - passthru = { - inherit (chromium) upstream-info browser; - mkDerivation = chromium.mkChromiumDerivation; - inherit chromeSrc sandboxExecutableName; - updateScript = ./update.py; - }; -} diff --git a/pkgs/applications/networking/browsers/ungoogled-chromium/patches/no-build-timestamps.patch b/pkgs/applications/networking/browsers/ungoogled-chromium/patches/no-build-timestamps.patch deleted file mode 100644 index 6b788f43d29c..000000000000 --- a/pkgs/applications/networking/browsers/ungoogled-chromium/patches/no-build-timestamps.patch +++ /dev/null @@ -1,17 +0,0 @@ ---- chromium-70.0.3538.67/build/compute_build_timestamp.py.orig 2018-11-02 16:00:34.368933077 +0200 -+++ chromium-70.0.3538.67/build/compute_build_timestamp.py 2018-11-08 04:06:21.658105129 +0200 -@@ -94,6 +94,14 @@ - 'build_type', help='The type of build', choices=('official', 'default')) - args = argument_parser.parse_args() - -+ # I don't trust LASTCHANGE magic, and I definelly want something deterministic here -+ SOURCE_DATE_EPOCH = os.getenv("SOURCE_DATE_EPOCH", None) -+ if SOURCE_DATE_EPOCH is not None: -+ print(SOURCE_DATE_EPOCH) -+ return 0 -+ else: -+ raise RuntimeError("SOURCE_DATE_EPOCH not set") -+ - # The mtime of the revision in build/util/LASTCHANGE is stored in a file - # next to it. Read it, to get a deterministic time close to "now". - # That date is then modified as described at the top of the file so that diff --git a/pkgs/applications/networking/browsers/ungoogled-chromium/patches/widevine-79.patch b/pkgs/applications/networking/browsers/ungoogled-chromium/patches/widevine-79.patch deleted file mode 100644 index 32f0ae2fb5e6..000000000000 --- a/pkgs/applications/networking/browsers/ungoogled-chromium/patches/widevine-79.patch +++ /dev/null @@ -1,13 +0,0 @@ -diff --git a/third_party/widevine/cdm/BUILD.gn b/third_party/widevine/cdm/BUILD.gn -index ed0e2f5208b..5b431a030d5 100644 ---- a/third_party/widevine/cdm/BUILD.gn -+++ b/third_party/widevine/cdm/BUILD.gn -@@ -14,7 +14,7 @@ buildflag_header("buildflags") { - - flags = [ - "ENABLE_WIDEVINE=$enable_widevine", -- "BUNDLE_WIDEVINE_CDM=$bundle_widevine_cdm", -+ "BUNDLE_WIDEVINE_CDM=true", - "ENABLE_WIDEVINE_CDM_COMPONENT=$enable_widevine_cdm_component", - ] - } diff --git a/pkgs/applications/networking/browsers/ungoogled-chromium/plugins.nix b/pkgs/applications/networking/browsers/ungoogled-chromium/plugins.nix deleted file mode 100644 index eef1c5ef38c2..000000000000 --- a/pkgs/applications/networking/browsers/ungoogled-chromium/plugins.nix +++ /dev/null @@ -1,92 +0,0 @@ -{ stdenv, gcc -, jshon -, glib -, nspr -, nss -, fetchzip -, enablePepperFlash ? false - -, upstream-info -}: - -with stdenv.lib; - -let - mkrpath = p: "${makeSearchPathOutput "lib" "lib64" p}:${makeLibraryPath p}"; - - # Generate a shell fragment that emits flags appended to the - # final makeWrapper call for wrapping the browser's main binary. - # - # Note that this is shell-escaped so that only the variable specified - # by the "output" attribute is substituted. - mkPluginInfo = { output ? "out", allowedVars ? [ output ] - , flags ? [], envVars ? {} - }: let - shSearch = ["'"] ++ map (var: "@${var}@") allowedVars; - shReplace = ["'\\''"] ++ map (var: "'\"\${${var}}\"'") allowedVars; - # We need to triple-escape "val": - # * First because makeWrapper doesn't do any quoting of its arguments by - # itself. - # * Second because it's passed to the makeWrapper call separated by IFS but - # not by the _real_ arguments, for example the Widevine plugin flags - # contain spaces, so they would end up as separate arguments. - # * Third in order to be correctly quoted for the "echo" call below. - shEsc = val: "'${replaceStrings ["'"] ["'\\''"] val}'"; - mkSh = val: "'${replaceStrings shSearch shReplace (shEsc val)}'"; - mkFlag = flag: ["--add-flags" (shEsc flag)]; - mkEnvVar = key: val: ["--set" (shEsc key) (shEsc val)]; - envList = mapAttrsToList mkEnvVar envVars; - quoted = map mkSh (flatten ((map mkFlag flags) ++ envList)); - in '' - mkdir -p "''$${output}/nix-support" - echo ${toString quoted} > "''$${output}/nix-support/wrapper-flags" - ''; - - flash = stdenv.mkDerivation rec { - pname = "flashplayer-ppapi"; - version = "32.0.0.465"; - - src = fetchzip { - url = "https://fpdownload.adobe.com/pub/flashplayer/pdc/${version}/flash_player_ppapi_linux.x86_64.tar.gz"; - sha256 = "16qbc2s8dg2rwggphf8f5665iccc6lrvgz45bdwskg9pwg87hlj1"; - stripRoot = false; - }; - - patchPhase = '' - chmod +x libpepflashplayer.so - patchelf --set-rpath "${mkrpath [ gcc.cc ]}" libpepflashplayer.so - ''; - - doCheck = true; - checkPhase = '' - ! find -iname '*.so' -exec ldd {} + | grep 'not found' - ''; - - installPhase = '' - flashVersion="$( - "${jshon}/bin/jshon" -F manifest.json -e version -u - )" - - install -vD libpepflashplayer.so "$out/lib/libpepflashplayer.so" - - ${mkPluginInfo { - allowedVars = [ "out" "flashVersion" ]; - flags = [ - "--ppapi-flash-path=@out@/lib/libpepflashplayer.so" - "--ppapi-flash-version=@flashVersion@" - ]; - }} - ''; - - dontStrip = true; - - meta = { - license = stdenv.lib.licenses.unfree; - maintainers = with stdenv.lib.maintainers; [ taku0 ]; - platforms = platforms.x86_64; - }; - }; - -in { - enabled = optional enablePepperFlash flash; -} diff --git a/pkgs/applications/networking/browsers/ungoogled-chromium/ungoogled-src.nix b/pkgs/applications/networking/browsers/ungoogled-chromium/ungoogled-src.nix deleted file mode 100644 index 26f2f730a41d..000000000000 --- a/pkgs/applications/networking/browsers/ungoogled-chromium/ungoogled-src.nix +++ /dev/null @@ -1,6 +0,0 @@ -{ - "87.0.4280.88" = { - rev = "87.0.4280.88-1"; - sha256 = "0w2137w8hfcgl6f938hqnb4ffp33v5r8vdzxrvs814w7dszkiqgg"; - }; -} diff --git a/pkgs/applications/networking/browsers/ungoogled-chromium/update.py b/pkgs/applications/networking/browsers/ungoogled-chromium/update.py deleted file mode 100755 index 9e1f0aec598d..000000000000 --- a/pkgs/applications/networking/browsers/ungoogled-chromium/update.py +++ /dev/null @@ -1,121 +0,0 @@ -#! /usr/bin/env nix-shell -#! nix-shell -i python -p python3 nix nix-prefetch-git - -import csv -import json -import re -import subprocess -import sys - -from codecs import iterdecode -from collections import OrderedDict -from datetime import datetime -from os.path import abspath, dirname -from urllib.request import urlopen - -HISTORY_URL = 'https://omahaproxy.appspot.com/history?os=linux' -DEB_URL = 'https://dl.google.com/linux/chrome/deb/pool/main/g' -BUCKET_URL = 'https://commondatastorage.googleapis.com/chromium-browser-official' - -JSON_PATH = dirname(abspath(__file__)) + '/upstream-info.json' - -def load_json(path): - with open(path, 'r') as f: - return json.load(f) - -def nix_prefetch_url(url, algo='sha256'): - print(f'nix-prefetch-url {url}') - out = subprocess.check_output(['nix-prefetch-url', '--type', algo, url]) - return out.decode('utf-8').rstrip() - -def nix_prefetch_git(url, rev): - print(f'nix-prefetch-git {url} {rev}') - out = subprocess.check_output(['nix-prefetch-git', '--quiet', '--url', url, '--rev', rev]) - return json.loads(out) - -def get_file_revision(revision, file_path): - url = f'https://raw.githubusercontent.com/chromium/chromium/{revision}/{file_path}' - with urlopen(url) as http_response: - return http_response.read() - -def get_matching_chromedriver(version): - # See https://chromedriver.chromium.org/downloads/version-selection - build = re.sub('.[0-9]+$', '', version) - chromedriver_version_url = f'https://chromedriver.storage.googleapis.com/LATEST_RELEASE_{build}' - with urlopen(chromedriver_version_url) as http_response: - chromedriver_version = http_response.read().decode() - def get_chromedriver_url(system): - return f'https://chromedriver.storage.googleapis.com/{chromedriver_version}/chromedriver_{system}.zip' - return { - 'version': chromedriver_version, - 'sha256_linux': nix_prefetch_url(get_chromedriver_url('linux64')), - 'sha256_darwin': nix_prefetch_url(get_chromedriver_url('mac64')) - } - -def get_channel_dependencies(channel): - deps = get_file_revision(channel['version'], 'DEPS') - gn_pattern = b"'gn_version': 'git_revision:([0-9a-f]{40})'" - gn_commit = re.search(gn_pattern, deps).group(1).decode() - gn = nix_prefetch_git('https://gn.googlesource.com/gn', gn_commit) - return { - 'gn': { - 'version': datetime.fromisoformat(gn['date']).date().isoformat(), - 'url': gn['url'], - 'rev': gn['rev'], - 'sha256': gn['sha256'] - } - } - -channels = {} -last_channels = load_json(JSON_PATH) - -print(f'GET {HISTORY_URL}', file=sys.stderr) -with urlopen(HISTORY_URL) as resp: - builds = csv.DictReader(iterdecode(resp, 'utf-8')) - for build in builds: - channel_name = build['channel'] - - # If we've already found a newer build for this channel, we're - # no longer interested in it. - if channel_name in channels: - continue - - # If we're back at the last build we used, we don't need to - # keep going -- there's no new version available, and we can - # just reuse the info from last time. - if build['version'] == last_channels[channel_name]['version']: - channels[channel_name] = last_channels[channel_name] - continue - - channel = {'version': build['version']} - suffix = 'unstable' if channel_name == 'dev' else channel_name - - try: - channel['sha256'] = nix_prefetch_url(f'{BUCKET_URL}/chromium-{build["version"]}.tar.xz') - channel['sha256bin64'] = nix_prefetch_url(f'{DEB_URL}/google-chrome-{suffix}/google-chrome-{suffix}_{build["version"]}-1_amd64.deb') - except subprocess.CalledProcessError: - # This build isn't actually available yet. Continue to - # the next one. - continue - - channel['deps'] = get_channel_dependencies(channel) - if channel_name == 'stable': - channel['chromedriver'] = get_matching_chromedriver(channel['version']) - - channels[channel_name] = channel - -with open(JSON_PATH, 'w') as out: - def get_channel_key(item): - channel_name = item[0] - if channel_name == 'stable': - return 0 - elif channel_name == 'beta': - return 1 - elif channel_name == 'dev': - return 2 - else: - print(f'Error: Unexpected channel: {channel_name}', file=sys.stderr) - sys.exit(1) - sorted_channels = OrderedDict(sorted(channels.items(), key=get_channel_key)) - json.dump(sorted_channels, out, indent=2) - out.write('\n') diff --git a/pkgs/applications/networking/browsers/ungoogled-chromium/upstream-info.json b/pkgs/applications/networking/browsers/ungoogled-chromium/upstream-info.json deleted file mode 100644 index 6343dd4b2468..000000000000 --- a/pkgs/applications/networking/browsers/ungoogled-chromium/upstream-info.json +++ /dev/null @@ -1,46 +0,0 @@ -{ - "stable": { - "version": "87.0.4280.88", - "sha256": "1h09g9b2zxad85vd146ymvg3w2kpngpi78yig3dn1vrmhwr4aiiy", - "sha256bin64": "0n3fm6wf8zfkv135d50xl8xxrnng3q55vyxkck1da8jyvh18bijb", - "deps": { - "gn": { - "version": "2020-09-09", - "url": "https://gn.googlesource.com/gn", - "rev": "e002e68a48d1c82648eadde2f6aafa20d08c36f2", - "sha256": "0x4c7amxwzxs39grqs3dnnz0531mpf1p75niq7zhinyfqm86i4dk" - } - }, - "chromedriver": { - "version": "87.0.4280.88", - "sha256_linux": "141mr2jiy3nslwd3s43m4i6plkv9wv5fgi78cn7mz0ac9x6fpcgx", - "sha256_darwin": "048hsqp6575r980m769lzznvxypmfcwn89f1d3ik751ymzmb5r78" - } - }, - "beta": { - "version": "88.0.4324.27", - "sha256": "0mciiyh3sn2zrl8g6znylc2pm9sb0wzsclgavf7mmlknri5sjblc", - "sha256bin64": "0qf2j1j3p94s724rwh8fydpjn88cs9yxxhjf5axvqwi7q3h35cfx", - "deps": { - "gn": { - "version": "2020-11-05", - "url": "https://gn.googlesource.com/gn", - "rev": "53d92014bf94c3893886470a1c7c1289f8818db0", - "sha256": "1xcm07qjk6m2czi150fiqqxql067i832adck6zxrishm70c9jbr9" - } - } - }, - "dev": { - "version": "89.0.4343.0", - "sha256": "0jmc1l0lysl5zax98fjhzsfq3c1sqh3n3xscidafflx362wcfpwa", - "sha256bin64": "1v6xik8kf531y0g5xj0c8szjmak0qvh77kwkw7p7hqxqmnwwp06d", - "deps": { - "gn": { - "version": "2020-11-05", - "url": "https://gn.googlesource.com/gn", - "rev": "53d92014bf94c3893886470a1c7c1289f8818db0", - "sha256": "1xcm07qjk6m2czi150fiqqxql067i832adck6zxrishm70c9jbr9" - } - } - } -} diff --git a/pkgs/applications/networking/cluster/nomad/0.11.nix b/pkgs/applications/networking/cluster/nomad/0.11.nix index 6487a2edd7f6..2fd7c0403a3c 100644 --- a/pkgs/applications/networking/cluster/nomad/0.11.nix +++ b/pkgs/applications/networking/cluster/nomad/0.11.nix @@ -2,6 +2,6 @@ callPackage ./generic.nix { inherit buildGoPackage; - version = "0.11.7"; - sha256 = "sha256-wp1Je+I3iijD/pHHQtylMQhOiVhS6AT/y2/pUiLr0M4="; + version = "0.11.8"; + sha256 = "1dhh07bifr02jh2lls8fv1d9ra67ymgh8qxqvpvm0cd0qdd469z1"; } diff --git a/pkgs/applications/networking/cluster/nomad/0.12.nix b/pkgs/applications/networking/cluster/nomad/0.12.nix index 863f7cbed2f9..0120887957a8 100644 --- a/pkgs/applications/networking/cluster/nomad/0.12.nix +++ b/pkgs/applications/networking/cluster/nomad/0.12.nix @@ -2,6 +2,6 @@ callPackage ./generic.nix { inherit buildGoPackage; - version = "0.12.7"; - sha256 = "0y1nwmpc4fqgjyb19n1f2w4y5k7fy4p68v2vnnry11nj3im7ia14"; + version = "0.12.9"; + sha256 = "1a0ig6pb0z3qp7zk4jgz3h241bifmjlyqsfikyy3sxdnzj7yha27"; } diff --git a/pkgs/desktops/gnome-3/core/gdm/default.nix b/pkgs/desktops/gnome-3/core/gdm/default.nix index 026e0d2fae61..10130be57da0 100644 --- a/pkgs/desktops/gnome-3/core/gdm/default.nix +++ b/pkgs/desktops/gnome-3/core/gdm/default.nix @@ -47,13 +47,13 @@ in stdenv.mkDerivation rec { pname = "gdm"; - version = "3.38.2"; + version = "3.38.2.1"; outputs = [ "out" "dev" ]; src = fetchurl { url = "mirror://gnome/sources/gdm/${stdenv.lib.versions.majorMinor version}/${pname}-${version}.tar.xz"; - sha256 = "1k2k3rv10y9dppp6ffz6gqi2p6s3g03bxjyy8njvcjyxqdk6d8i5"; + sha256 = "yliiBdXr/L2rVqEXFriY4Wrl3/Ia7nnQdgRkRGKOxNo="; }; mesonFlags = [ diff --git a/pkgs/development/arduino/arduino-ci/default.nix b/pkgs/development/arduino/arduino-ci/default.nix index cdc6cb8ccb61..b6b1fc9c89d1 100644 --- a/pkgs/development/arduino/arduino-ci/default.nix +++ b/pkgs/development/arduino/arduino-ci/default.nix @@ -1,23 +1,22 @@ -{ stdenv, fetchFromGitHub, makeWrapper, arduino-cli, ruby, python3, patchelf }: +{ stdenv, fetchFromGitHub, makeWrapper, arduino-cli, ruby, python3 }: let runtimePath = stdenv.lib.makeBinPath [ arduino-cli - (python3.withPackages (ps: [ ps.pyserial ])) # required by esp32 core - patchelf # required by esp32 core + python3 # required by the esp8266 core ]; in stdenv.mkDerivation rec { pname = "arduino-ci"; - version = "0.1.0"; + version = "0.2.0"; src = fetchFromGitHub { owner = "pololu"; repo = "arduino-ci"; rev = "v${version}"; - sha256 = "sha256-uLCLupzJ446WcxXZtzJk1wnae+k1NTSy0cGHLqW7MZU="; + sha256 = "sha256-9RbBxgwsSQ7oGGKr1Vsn9Ug9AsacoRgvQgd9jbRQ034="; }; nativeBuildInputs = [ makeWrapper ]; diff --git a/pkgs/development/libraries/simgear/default.nix b/pkgs/development/libraries/simgear/default.nix index 3a7c0b3c410b..e6fb1d7caf75 100644 --- a/pkgs/development/libraries/simgear/default.nix +++ b/pkgs/development/libraries/simgear/default.nix @@ -4,7 +4,7 @@ , curl }: let - version = "2020.1.3"; + version = "2020.3.4"; shortVersion = builtins.substring 0 6 version; in stdenv.mkDerivation rec { @@ -13,7 +13,7 @@ stdenv.mkDerivation rec { src = fetchurl { url = "mirror://sourceforge/flightgear/release-${shortVersion}/${pname}-${version}.tar.bz2"; - sha256 = "1l8kiicm0klbx0b05994vqd8a8wj7k0djbbg41a6i3q5d17jrnk6"; + sha256 = "1laa8dllpvf2z0cjxx22ravdf1d7a18bm708gd2ny35fhjfibm0h"; }; nativeBuildInputs = [ cmake ]; diff --git a/pkgs/development/python-modules/awkward/default.nix b/pkgs/development/python-modules/awkward/default.nix deleted file mode 100644 index 6a919c768c70..000000000000 --- a/pkgs/development/python-modules/awkward/default.nix +++ /dev/null @@ -1,34 +0,0 @@ -{ lib -, buildPythonPackage -, fetchPypi -, numpy -, pandas -, pytestrunner -, pytest -, h5py -}: - -buildPythonPackage rec { - pname = "awkward"; - version = "0.14.0"; - - src = fetchPypi { - inherit pname version; - sha256 = "6a3878f46e8bc2acf28a0b9feb69d354ad2fee2a2a0f65c48c115aa74f245204"; - }; - - nativeBuildInputs = [ pytestrunner ]; - checkInputs = [ pandas pytest h5py ]; - propagatedBuildInputs = [ numpy ]; - - checkPhase = '' - py.test - ''; - - meta = with lib; { - description = "Manipulate jagged, chunky, and/or bitmasked arrays as easily as Numpy"; - homepage = "https://github.com/scikit-hep/awkward-array"; - license = licenses.bsd3; - maintainers = [ maintainers.costrouc ]; - }; -} diff --git a/pkgs/development/python-modules/awkward0/default.nix b/pkgs/development/python-modules/awkward0/default.nix new file mode 100644 index 000000000000..4441d131e637 --- /dev/null +++ b/pkgs/development/python-modules/awkward0/default.nix @@ -0,0 +1,39 @@ +{ lib +, buildPythonPackage +, fetchFromGitHub +, numpy +, pandas +, pytestrunner +, pytestCheckHook +}: + +buildPythonPackage rec { + pname = "awkward0"; + version = "0.15.1"; + + src = fetchFromGitHub { + owner = "scikit-hep"; + repo = "awkward-0.x"; + rev = version; + sha256 = "17zrw25h6g5m4ik1c5piqb7q2bxrshfm4hm3lzfz4s8gi0xjm5gz"; + }; + + nativeBuildInputs = [ pytestrunner ]; + + propagatedBuildInputs = [ numpy ]; + + checkInputs = [ pandas pytestCheckHook ]; + + checkPhase = '' + # Almost all tests in this file fail + rm tests/test_persist.py + py.test + ''; + + meta = with lib; { + description = "Manipulate jagged, chunky, and/or bitmasked arrays as easily as Numpy"; + homepage = "https://github.com/scikit-hep/awkward-array"; + license = licenses.bsd3; + maintainers = with maintainers; [ costrouc SuperSandro2000 ]; + }; +} diff --git a/pkgs/development/python-modules/boto3/default.nix b/pkgs/development/python-modules/boto3/default.nix index 8af7b6b04c50..2814e6ffb649 100644 --- a/pkgs/development/python-modules/boto3/default.nix +++ b/pkgs/development/python-modules/boto3/default.nix @@ -13,11 +13,11 @@ buildPythonPackage rec { pname = "boto3"; - version = "1.16.37"; # N.B: if you change this, change botocore too + version = "1.16.38"; # N.B: if you change this, change botocore too src = fetchPypi { inherit pname version; - sha256 = "01d4mk1q37dc5l5jmsxm7fijmhq7678ka1bd4p8a8yj57mmw51pf"; + sha256 = "1xxvpf0q8xiz1cr5q1m4pdpzbhjriw3j6afi5dwvrrq9sh3x7pqx"; }; propagatedBuildInputs = [ botocore jmespath s3transfer ] ++ lib.optionals (!isPy3k) [ futures ]; diff --git a/pkgs/development/python-modules/botocore/default.nix b/pkgs/development/python-modules/botocore/default.nix index eabb8873fd2a..1b953ab6fc49 100644 --- a/pkgs/development/python-modules/botocore/default.nix +++ b/pkgs/development/python-modules/botocore/default.nix @@ -12,11 +12,11 @@ buildPythonPackage rec { pname = "botocore"; - version = "1.19.37"; # N.B: if you change this, change boto3 and awscli to a matching version + version = "1.19.38"; # N.B: if you change this, change boto3 and awscli to a matching version src = fetchPypi { inherit pname version; - sha256 = "14bl9sklilrz0fsch4zw1rx8zdq6h9va2786wxn36yax8n2i5gv7"; + sha256 = "12ipyrm5180lf00q6v669mrfkpw6x4rhzd7fsp6qzz3g1hdwn7hz"; }; propagatedBuildInputs = [ diff --git a/pkgs/development/python-modules/pyrsistent/default.nix b/pkgs/development/python-modules/pyrsistent/default.nix index a343db4f5540..7da3239f3e74 100644 --- a/pkgs/development/python-modules/pyrsistent/default.nix +++ b/pkgs/development/python-modules/pyrsistent/default.nix @@ -1,6 +1,7 @@ { stdenv , buildPythonPackage , fetchPypi +, isPy27 , six , pytest_4 , hypothesis_4 @@ -11,6 +12,8 @@ buildPythonPackage rec { pname = "pyrsistent"; version = "0.17.3"; + disabled = isPy27; + src = fetchPypi { inherit pname version; sha256 = "2e636185d9eb976a18a8a8e96efce62f2905fea90041958d8cc2a189756ebf3e"; diff --git a/pkgs/development/python-modules/uproot-methods/default.nix b/pkgs/development/python-modules/uproot-methods/default.nix deleted file mode 100644 index 3c268ed7ed4f..000000000000 --- a/pkgs/development/python-modules/uproot-methods/default.nix +++ /dev/null @@ -1,28 +0,0 @@ -{ stdenv -, buildPythonPackage -, fetchPypi -, numpy -, awkward -}: - -buildPythonPackage rec { - version = "0.9.1"; - pname = "uproot-methods"; - - src = fetchPypi { - inherit pname version; - sha256 = "accb4392c59a1485ce3ee6d78a6fd163731ade8b9b5208e7bde8fa1767aef097"; - }; - - propagatedBuildInputs = [ numpy awkward ]; - - # No tests on PyPi - doCheck = false; - - meta = with stdenv.lib; { - homepage = "https://github.com/scikit-hep/uproot-methods"; - description = "Pythonic mix-ins for ROOT classes"; - license = licenses.bsd3; - maintainers = [ maintainers.costrouc ]; - }; -} diff --git a/pkgs/development/python-modules/uproot/default.nix b/pkgs/development/python-modules/uproot/default.nix deleted file mode 100644 index eadd6c36de1a..000000000000 --- a/pkgs/development/python-modules/uproot/default.nix +++ /dev/null @@ -1,59 +0,0 @@ -{ lib, fetchPypi, buildPythonPackage, isPy27 -, awkward -, backports_lzma -, cachetools -, lz4 -, pandas -, pytestrunner -, pytest -, pkgconfig -, mock -, numpy -, requests -, uproot-methods -, xxhash -}: - -buildPythonPackage rec { - pname = "uproot"; - version = "3.13.1"; - - src = fetchPypi { - inherit pname version; - sha256 = "099b0b274dc000faf724df835579c76306e60200a5ba7b600a0c4b76dabbf344"; - }; - - nativeBuildInputs = [ pytestrunner ]; - - checkInputs = [ - lz4 - mock - pandas - pkgconfig - pytest - requests - xxhash - ] ++ lib.optional isPy27 backports_lzma; - - propagatedBuildInputs = [ - numpy - cachetools - uproot-methods - awkward - ]; - - # skip tests which do network calls - # test_compression.py is missing zstandard package - checkPhase = '' - pytest tests -k 'not hist_in_tree \ - and not branch_auto_interpretation' \ - --ignore=tests/test_compression.py - ''; - - meta = with lib; { - homepage = "https://github.com/scikit-hep/uproot"; - description = "ROOT I/O in pure Python and Numpy"; - license = licenses.bsd3; - maintainers = with maintainers; [ ktf ]; - }; -} diff --git a/pkgs/development/python-modules/uproot3-methods/default.nix b/pkgs/development/python-modules/uproot3-methods/default.nix new file mode 100644 index 000000000000..3a9457a574ba --- /dev/null +++ b/pkgs/development/python-modules/uproot3-methods/default.nix @@ -0,0 +1,30 @@ +{ stdenv +, buildPythonPackage +, fetchPypi +, numpy +, awkward0 +}: + +buildPythonPackage rec { + version = "0.10.0"; + pname = "uproot3-methods"; + + src = fetchPypi { + inherit pname version; + sha256 = "1rk9i1ra3panli96ghz80ddpqk77xb1kpxs3wf8rw0jy5d88pc26"; + }; + + nativeBuildInputs = [ awkward0 ]; + + propagatedBuildInputs = [ numpy awkward0 ]; + + # No tests on PyPi + doCheck = false; + + meta = with stdenv.lib; { + homepage = "https://github.com/scikit-hep/uproot3-methods"; + description = "Pythonic mix-ins for ROOT classes"; + license = licenses.bsd3; + maintainers = with maintainers; [ costrouc SuperSandro2000 ]; + }; +} diff --git a/pkgs/development/python-modules/uproot3/default.nix b/pkgs/development/python-modules/uproot3/default.nix new file mode 100644 index 000000000000..0d0c2365b637 --- /dev/null +++ b/pkgs/development/python-modules/uproot3/default.nix @@ -0,0 +1,44 @@ +{ lib, fetchFromGitHub, buildPythonPackage, isPy27 +, awkward0, backports_lzma, cachetools, lz4, pandas +, pytestCheckHook, pytestrunner, pkgconfig, mock +, numpy, requests, uproot3-methods, xxhash, zstandard +}: + +buildPythonPackage rec { + pname = "uproot3"; + version = "3.14.1"; + + src = fetchFromGitHub { + owner = "scikit-hep"; + repo = "uproot3"; + rev = version; + sha256 = "1npwh4l96wg3m24jhfc8i84nfwfc18flrmymf80fx101wmpi2qz8"; + }; + + nativeBuildInputs = [ pytestrunner ]; + + propagatedBuildInputs = [ + awkward0 + cachetools + lz4 + numpy + uproot3-methods + xxhash + zstandard + ] ++ lib.optional isPy27 backports_lzma; + + checkInputs = [ + mock + pandas + pkgconfig + pytestCheckHook + requests + ] ++ lib.optional isPy27 backports_lzma; + + meta = with lib; { + homepage = "https://github.com/scikit-hep/uproot3"; + description = "ROOT I/O in pure Python and Numpy"; + license = licenses.bsd3; + maintainers = with maintainers; [ ktf SuperSandro2000 ]; + }; +} diff --git a/pkgs/development/tools/build-managers/sbt-extras/default.nix b/pkgs/development/tools/build-managers/sbt-extras/default.nix index 3b433ea5e77a..cf85d894a377 100644 --- a/pkgs/development/tools/build-managers/sbt-extras/default.nix +++ b/pkgs/development/tools/build-managers/sbt-extras/default.nix @@ -4,14 +4,14 @@ stdenv.mkDerivation rec { pname = "sbt-extras"; - rev = "be2f5d98f13884a18eaf5205458f985575dbe13a"; - version = "2020-11-23"; + rev = "32cf43b58f91bd3b7063baa9f2d75d4af45d9c4b"; + version = "2020-12-17"; src = fetchFromGitHub { owner = "paulp"; repo = "sbt-extras"; inherit rev; - sha256 = "00acnj357fcwx7w25axaj0l5ync97ixsixg8s55r7hwibkxn0fa7"; + sha256 = "046xr3x73p63xnfakq981gvl299l5fahxgnn0bacvp7pa8g99dv2"; }; dontBuild = true; diff --git a/pkgs/development/tools/wrangler/default.nix b/pkgs/development/tools/wrangler/default.nix index b7020eacdc32..6b85e20612bf 100644 --- a/pkgs/development/tools/wrangler/default.nix +++ b/pkgs/development/tools/wrangler/default.nix @@ -2,16 +2,16 @@ rustPlatform.buildRustPackage rec { pname = "wrangler"; - version = "1.12.2"; + version = "1.12.3"; src = fetchFromGitHub { owner = "cloudflare"; repo = pname; rev = "v${version}"; - sha256 = "1w0j6if1fnih1036hlb9a3c6wgjw4p057llhjf0f3d568ah1244a"; + sha256 = "1h9020yf5jsbilzn94h7qyxw9qnz3vw43g8a2415wvjqq6ihzfvm"; }; - cargoSha256 = "0d9wvdjjakznz8dnqx4gqxh0xkxrh4229460hg6dr9qn492p7nfx"; + cargoSha256 = "12azc41y2yx936ax9b1yylc0gy91k0m7ih6p0bkw7m928f762hpx"; nativeBuildInputs = [ perl ] ++ stdenv.lib.optionals stdenv.isLinux [ pkg-config ]; diff --git a/pkgs/games/flightgear/default.nix b/pkgs/games/flightgear/default.nix index e32f2e96d4fa..a8aef81523d8 100644 --- a/pkgs/games/flightgear/default.nix +++ b/pkgs/games/flightgear/default.nix @@ -6,7 +6,7 @@ }: let - version = "2020.1.2"; + version = "2020.3.4"; shortVersion = builtins.substring 0 6 version; data = stdenv.mkDerivation rec { pname = "flightgear-data"; @@ -14,7 +14,7 @@ let src = fetchurl { url = "mirror://sourceforge/flightgear/release-${shortVersion}/FlightGear-${version}-data.tar.bz2"; - sha256 = "0ldsjb54k8nb99h6n4f4x20nawd2pa0a8skkwkrgckdpmdv0zwyk"; + sha256 = "1cqikbqvidfaynml9bhqfr9yw5ga35gpqrbz62z94a1skdijkpkg"; }; phases = [ "installPhase" ]; @@ -32,7 +32,7 @@ stdenv.mkDerivation rec { src = fetchurl { url = "mirror://sourceforge/flightgear/release-${shortVersion}/${pname}-${version}.tar.bz2"; - sha256 = "1770kgwa7z70sx6da9x1q9cszpd3ywz6nn8jrb6xv8ldjqcpqpvb"; + sha256 = "02d9h10p8hyn0a25csragj6pbwmrir1z8zb92023s9vi21j7bwy8"; }; # Of all the files in the source and data archives, there doesn't seem to be diff --git a/pkgs/misc/emulators/dgen-sdl/default.nix b/pkgs/misc/emulators/dgen-sdl/default.nix new file mode 100644 index 000000000000..1eabf5b53b01 --- /dev/null +++ b/pkgs/misc/emulators/dgen-sdl/default.nix @@ -0,0 +1,70 @@ +{ stdenv +, fetchurl +, libarchive +, doxygen +, SDL +}: + +let + pname = "dgen-sdl"; + version = "1.33"; +in stdenv.mkDerivation { + inherit pname version; + + src = fetchurl { + url = "https://sourceforge.net/projects/dgen/files/dgen/${version}/${pname}-${version}.tar.gz"; + hash = "sha256-meLAYBfCKHPHf4gYbrzAmGckTrbgQsdjuwlLArje9h4="; + }; + + buildInputs = [ SDL libarchive ]; + + configureFlags = [ + "--enable-joystick" + "--enable-debugger" + "--enable-debug-vdp" + "--enable-pico" # experimental + "--enable-vgmdump" + "--with-star=no" # Needs ASM support + "--with-musa" + "--with-cyclone=no" # Needs ASM support + "--with-mz80" + "--with-cz80" + "--with-drz80=no" # Needs ASM support + "--with-dz80" + ]; + + meta = with stdenv.lib; { + homepage = "https://dgen.sourceforge.net/"; + description = "Sega Genesis/Mega Drive emulator"; + longDescription = '' + DGen/SDL is a free, open source emulator for Sega Genesis/Mega Drive + systems. DGen was originally written by Dave, then ported to SDL by Joe + Groff and Phil K. Hornung in 1998. + + It features: + + - Game Genie/Hex codes support + - PAL/NTSC, fullscreen modes + - Joypad/joystick support + - Mouse support + - Highly configurable controls + - OpenGL textured video output + - Portable (64‐bit, endian safe), runs in Windows using MinGW + - Screenshots, demos recording and playback + - Musashi (generic) and StarScream (x86‐only) CPU cores + - Cyclone 68000 and DrZ80 (both ARM‐only) CPU cores + - CZ80 (generic) and MZ80 (generic and x86‐only versions) + - 16‐bit, 8000 to 48000Hz sound output + - Support for 8, 15, 16, 24 and 32 bpp modes + - Archived/compressed ROMs support + - M68K debugger (contributed by Edd Barrett) + - Z80 debugger + - hqx and scale2x upscaling filters + - VGM dumping + ''; + license = licenses.mit; + maintainers = with maintainers; [ AndersonTorres ]; + platforms = with platforms; unix; + }; +} +# TODO: implement configure options diff --git a/pkgs/os-specific/linux/kernel/hardened/patches.json b/pkgs/os-specific/linux/kernel/hardened/patches.json index c1f870e3d81e..ea7ed2076428 100644 --- a/pkgs/os-specific/linux/kernel/hardened/patches.json +++ b/pkgs/os-specific/linux/kernel/hardened/patches.json @@ -10,13 +10,13 @@ "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.19.163.a/linux-hardened-4.19.163.a.patch" }, "5.4": { - "name": "linux-hardened-5.4.83.a.patch", - "sha256": "08srahgfzynv2bfd0ym6vgl1c0xjfqg6qvgzlq85y9pb7fain5yp", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.4.83.a/linux-hardened-5.4.83.a.patch" + "name": "linux-hardened-5.4.84.a.patch", + "sha256": "1pwij0bxgf61ahi6fa8qwrr85yhx92z4sif71kdgxkbwcw9qwyzs", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.4.84.a/linux-hardened-5.4.84.a.patch" }, "5.9": { - "name": "linux-hardened-5.9.14.a.patch", - "sha256": "1rr61s9k7nmr27r4vkgpvvra7r8ksi6h6axf5kcbx7krbgdmwmfv", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.9.14.a/linux-hardened-5.9.14.a.patch" + "name": "linux-hardened-5.9.15.a.patch", + "sha256": "1iqkw4mnr1p9wzfmjy5lawc6cn9wvg05xsak24fzbp1i22h4dfz4", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.9.15.a/linux-hardened-5.9.15.a.patch" } } diff --git a/pkgs/os-specific/linux/kernel/linux-rt-5.10.nix b/pkgs/os-specific/linux/kernel/linux-rt-5.10.nix index 4eec6c431b6c..dfb4cb9cc86a 100644 --- a/pkgs/os-specific/linux/kernel/linux-rt-5.10.nix +++ b/pkgs/os-specific/linux/kernel/linux-rt-5.10.nix @@ -6,7 +6,7 @@ , ... } @ args: let - version = "5.10-rt17"; # updated by ./update-rt.sh + version = "5.10.1-rt19"; # updated by ./update-rt.sh branch = lib.versions.majorMinor version; kversion = builtins.elemAt (lib.splitString "-" version) 0; in buildLinux (args // { @@ -18,14 +18,14 @@ in buildLinux (args // { src = fetchurl { url = "mirror://kernel/linux/kernel/v5.x/linux-${kversion}.tar.xz"; - sha256 = "0hyav21vzz5v1kgb455pcz9ncg5qqzxmp60na290scwq7vj9kpyw"; + sha256 = "0p2fl7kl4ckphq17xir7n7vgrzlhbdqmyd2yyp4yilwvih9625pd"; }; kernelPatches = let rt-patch = { name = "rt"; patch = fetchurl { url = "mirror://kernel/linux/kernel/projects/rt/${branch}/older/patch-${version}.patch.xz"; - sha256 = "0baf7363f6h3smr4lgw88dbpf4977j6c1asifyhc8zhd7100ckhn"; + sha256 = "0hihi7p866alh03ziz8q1l0p3sxi437h4a45c5dlv9lrg6f177qb"; }; }; in [ rt-patch ] ++ lib.remove rt-patch kernelPatches; diff --git a/pkgs/shells/nushell/default.nix b/pkgs/shells/nushell/default.nix index 44961696195f..1774a1c66772 100644 --- a/pkgs/shells/nushell/default.nix +++ b/pkgs/shells/nushell/default.nix @@ -15,16 +15,16 @@ rustPlatform.buildRustPackage rec { pname = "nushell"; - version = "0.23.0"; + version = "0.24.1"; src = fetchFromGitHub { owner = pname; repo = pname; rev = version; - sha256 = "0rbg0jchg59x0g4h0xahdm9qah8l8g4i2s8lkaqzdkm4yv29gqx4"; + sha256 = "0nza860gg9lnkld9c7is93fmfxl9yay8yf2f18h16cgjk3n686kd"; }; - cargoSha256 = "1sbgn68n0rqh1m98dm3r2a3pqqqx4v7axw5djw8qlx4gv7xw1ql0"; + cargoSha256 = "1mb6ws2zw089cx475c1vpvvxkzi8by6wmw4frans5lbl3a2lldl0"; nativeBuildInputs = [ pkg-config ] ++ lib.optionals (withStableFeatures && stdenv.isLinux) [ python3 ]; diff --git a/pkgs/shells/zsh/oh-my-zsh/default.nix b/pkgs/shells/zsh/oh-my-zsh/default.nix index 8264626b36de..38236c117e80 100644 --- a/pkgs/shells/zsh/oh-my-zsh/default.nix +++ b/pkgs/shells/zsh/oh-my-zsh/default.nix @@ -5,15 +5,15 @@ , nix, nixfmt, jq, coreutils, gnused, curl, cacert }: stdenv.mkDerivation rec { - version = "2020-12-14"; + version = "2020-12-16"; pname = "oh-my-zsh"; - rev = "f2a4b2b17bbf9103dd90d23a73163e9b4e0e47f1"; + rev = "b28665aebb4c1b07a57890eb59551bc51d0acf37"; src = fetchFromGitHub { inherit rev; owner = "ohmyzsh"; repo = "ohmyzsh"; - sha256 = "1kcrdvasphlrxcx5yzhlb5nmnzbbybl9lzp85r6bscsjsmgi7ssc"; + sha256 = "00m8d992jhbkd8mhm6zhirk9ga3dfzhh8idn2yp40yk7wdbzrd74"; }; installPhase = '' diff --git a/pkgs/tools/admin/awscli/default.nix b/pkgs/tools/admin/awscli/default.nix index 56e2dfa7e8ec..9e0a165b051d 100644 --- a/pkgs/tools/admin/awscli/default.nix +++ b/pkgs/tools/admin/awscli/default.nix @@ -28,11 +28,11 @@ let in with py.pkgs; buildPythonApplication rec { pname = "awscli"; - version = "1.18.197"; # N.B: if you change this, change botocore to a matching version too + version = "1.18.198"; # N.B: if you change this, change botocore to a matching version too src = fetchPypi { inherit pname version; - sha256 = "0m73ks5ans135vrwmbd4fpbmi7mgiqj0dmlx4ximk0jh7hbl7rcb"; + sha256 = "0zcjx2gh9s1mak9cc9bmydg0f68id4rwhhpcaqqkcd3p37swyr2b"; }; postPatch = '' diff --git a/pkgs/tools/security/sequoia/default.nix b/pkgs/tools/security/sequoia/default.nix index aa2a12fc351e..201b4c56f2b9 100644 --- a/pkgs/tools/security/sequoia/default.nix +++ b/pkgs/tools/security/sequoia/default.nix @@ -23,16 +23,16 @@ assert pythonSupport -> pythonPackages != null; rustPlatform.buildRustPackage rec { pname = "sequoia"; - version = "0.20.0"; + version = "1.0.0"; src = fetchFromGitLab { owner = "sequoia-pgp"; repo = "sequoia"; rev = "v${version}"; - sha256 = "sha256-br5GRzWprQTixNrE0WpNIB7Ayj5oEfyCg5JY4MnX5rA="; + sha256 = "0y80bl786m29ww3272qsl1ql0xc3pwd6iiqlkv3nmhnjsmygbn0d"; }; - cargoSha256 = "sha256-SpCdoLCtvU9jpG/ivB/+4KhRdKZxN3/+7P/RlR6n9/c="; + cargoSha256 = "03ngywa5z0c7qmdmhynk13xcivhg8gpivvpzg2gxp34gfr7j438l"; nativeBuildInputs = [ pkg-config diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 901a7dc1e1d9..e52d5b374a75 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -2009,6 +2009,8 @@ in dlx = callPackage ../misc/emulators/dlx { }; + dgen-sdl = callPackage ../misc/emulators/dgen-sdl { }; + doitlive = callPackage ../tools/misc/doitlive { }; dokuwiki = callPackage ../servers/web-apps/dokuwiki { }; @@ -24471,7 +24473,10 @@ in uefitoolPackages = recurseIntoAttrs (callPackage ../tools/system/uefitool/variants.nix {}); uefitool = uefitoolPackages.new-engine; - ungoogled-chromium = callPackage ../applications/networking/browsers/ungoogled-chromium (config.chromium or {}); + ungoogled-chromium = callPackage ../applications/networking/browsers/chromium ((config.chromium or {}) // { + ungoogled = true; + channel = "ungoogled-chromium"; + }); unigine-valley = callPackage ../applications/graphics/unigine-valley { }; diff --git a/pkgs/top-level/python-packages.nix b/pkgs/top-level/python-packages.nix index 4c57648ae299..6976bb7a44e6 100644 --- a/pkgs/top-level/python-packages.nix +++ b/pkgs/top-level/python-packages.nix @@ -504,7 +504,7 @@ in { awesome-slugify = callPackage ../development/python-modules/awesome-slugify { }; - awkward = callPackage ../development/python-modules/awkward { }; + awkward0 = callPackage ../development/python-modules/awkward0 { }; awkward1 = callPackage ../development/python-modules/awkward1 { }; aws-adfs = callPackage ../development/python-modules/aws-adfs { }; @@ -7628,9 +7628,9 @@ in { update-dotdee = callPackage ../development/python-modules/update-dotdee { }; - uproot = callPackage ../development/python-modules/uproot { }; + uproot3 = callPackage ../development/python-modules/uproot3 { }; - uproot-methods = callPackage ../development/python-modules/uproot-methods { }; + uproot3-methods = callPackage ../development/python-modules/uproot3-methods { }; uptime = callPackage ../development/python-modules/uptime { }; |