diff options
55 files changed, 496 insertions, 1338 deletions
diff --git a/doc/package-notes.xml b/doc/package-notes.xml index 803d343aa096..e23593107d8d 100644 --- a/doc/package-notes.xml +++ b/doc/package-notes.xml @@ -307,23 +307,19 @@ packageOverrides = pkgs: { </screen> </para> </section> + <section xml:id="sec-elm"> <title>Elm</title> <para> - The Nix expressions for Elm reside in - <filename>pkgs/development/compilers/elm</filename>. They are generated - automatically by <command>update-elm.rb</command> script. One should specify - versions of Elm packages inside the script, clear the - <filename>packages</filename> directory and run the script from inside it. - <literal>elm-reactor</literal> is special because it also has Elm package - dependencies. The process is not automated very much for now -- you should - get the <literal>elm-reactor</literal> source tree (e.g. with - <command>nix-shell</command>) and run <command>elm2nix.rb</command> inside - it. Place the resulting <filename>package.nix</filename> file into - <filename>packages/elm-reactor-elm.nix</filename>. + To update Elm compiler, see <filename>nixpkgs/pkgs/development/compilers/elm/README.md</filename>. + </para> + + <para> + To package Elm applications, <link xlink:href="https://github.com/hercules-ci/elm2nix#elm2nix">read about elm2nix</link>. </para> </section> + <section xml:id="sec-shell-helpers"> <title>Interactive shell helpers</title> diff --git a/nixos/modules/profiles/hardened.nix b/nixos/modules/profiles/hardened.nix index a588943fe710..9ab2ee87a19e 100644 --- a/nixos/modules/profiles/hardened.nix +++ b/nixos/modules/profiles/hardened.nix @@ -29,11 +29,20 @@ with lib; security.apparmor.enable = mkDefault true; boot.kernelParams = [ + # Slab/slub sanity checks, redzoning, and poisoning + "slub_debug=FZP" + + # Disable slab merging to make certain heap overflow attacks harder + "slab_nomerge" + # Overwrite free'd memory "page_poison=1" # Disable legacy virtual syscalls "vsyscall=none" + + # Enable PTI even if CPU claims to be safe from meltdown + "pti=on" ]; boot.blacklistedKernelModules = [ diff --git a/nixos/modules/programs/xss-lock.nix b/nixos/modules/programs/xss-lock.nix index 49d522c604f5..c290df01b960 100644 --- a/nixos/modules/programs/xss-lock.nix +++ b/nixos/modules/programs/xss-lock.nix @@ -9,7 +9,8 @@ in options.programs.xss-lock = { enable = mkEnableOption "xss-lock"; lockerCommand = mkOption { - example = "xlock"; + default = "${pkgs.i3lock}/bin/i3lock"; + example = literalExample ''''${pkgs.i3lock-fancy}/bin/i3lock-fancy''; type = types.string; description = "Locker to be used with xsslock"; }; diff --git a/nixos/modules/services/hardware/lirc.nix b/nixos/modules/services/hardware/lirc.nix index 0072406a438c..826e512c75d1 100644 --- a/nixos/modules/services/hardware/lirc.nix +++ b/nixos/modules/services/hardware/lirc.nix @@ -32,7 +32,6 @@ in { default = []; description = "Extra arguments to lircd."; }; - }; }; @@ -43,14 +42,15 @@ in { # Note: LIRC executables raises a warning, if lirc_options.conf do not exists environment.etc."lirc/lirc_options.conf".text = cfg.options; + passthru.lirc.socket = "/run/lirc/lircd"; + environment.systemPackages = [ pkgs.lirc ]; systemd.sockets.lircd = { description = "LIRC daemon socket"; wantedBy = [ "sockets.target" ]; socketConfig = { - # default search path - ListenStream = "/run/lirc/lircd"; + ListenStream = config.passthru.lirc.socket; SocketUser = "lirc"; SocketMode = "0660"; }; diff --git a/nixos/modules/services/hardware/vdr.nix b/nixos/modules/services/hardware/vdr.nix index 75136a2f7964..4822506a899b 100644 --- a/nixos/modules/services/hardware/vdr.nix +++ b/nixos/modules/services/hardware/vdr.nix @@ -33,12 +33,14 @@ in { default = []; description = "Additional command line arguments to pass to VDR."; }; + + enableLirc = mkEnableOption "enable LIRC"; }; }; ###### implementation - config = mkIf cfg.enable { + config = mkIf cfg.enable (mkMerge [{ systemd.tmpfiles.rules = [ "d ${cfg.videoDir} 0755 vdr vdr -" "Z ${cfg.videoDir} - vdr vdr -" @@ -67,5 +69,13 @@ in { }; users.groups.vdr = {}; - }; + } + + (mkIf cfg.enableLirc { + services.lirc.enable = true; + users.users.vdr.extraGroups = [ "lirc" ]; + services.vdr.extraArguments = [ + "--lirc=${config.passthru.lirc.socket}" + ]; + })]); } diff --git a/nixos/tests/xss-lock.nix b/nixos/tests/xss-lock.nix index 045667bdcdec..b46bb1a8f6e9 100644 --- a/nixos/tests/xss-lock.nix +++ b/nixos/tests/xss-lock.nix @@ -9,7 +9,6 @@ with lib; machine = { imports = [ ./common/x11.nix ./common/user-account.nix ]; programs.xss-lock.enable = true; - programs.xss-lock.lockerCommand = "${pkgs.xlockmore}/bin/xlock"; services.xserver.displayManager.auto.user = "alice"; }; @@ -20,6 +19,6 @@ with lib; $machine->fail("pgrep xlock"); $machine->succeed("su -l alice -c 'xset dpms force standby'"); - $machine->waitUntilSucceeds("pgrep xlock"); + $machine->waitUntilSucceeds("pgrep i3lock"); ''; }) diff --git a/pkgs/applications/altcoins/bitcoin.nix b/pkgs/applications/altcoins/bitcoin.nix index c266fa2fef25..b50508342bf9 100644 --- a/pkgs/applications/altcoins/bitcoin.nix +++ b/pkgs/applications/altcoins/bitcoin.nix @@ -5,13 +5,13 @@ with stdenv.lib; stdenv.mkDerivation rec{ name = "bitcoin" + (toString (optional (!withGui) "d")) + "-" + version; - version = "0.17.0"; + version = "0.17.1"; src = fetchurl { urls = [ "https://bitcoincore.org/bin/bitcoin-core-${version}/bitcoin-${version}.tar.gz" "https://bitcoin.org/bin/bitcoin-core-${version}/bitcoin-${version}.tar.gz" ]; - sha256 = "0pkq28d2dj22qrxyyg9kh0whmhj7ghyabnhyqldbljv4a7l3kvwq"; + sha256 = "0am4pnaf2cisv172jqx6jdpzx770agm8777163lkjbw3ryslymiy"; }; nativeBuildInputs = [ pkgconfig autoreconfHook ] diff --git a/pkgs/applications/editors/geany/default.nix b/pkgs/applications/editors/geany/default.nix index caead872eb27..9f33bd084890 100644 --- a/pkgs/applications/editors/geany/default.nix +++ b/pkgs/applications/editors/geany/default.nix @@ -3,7 +3,7 @@ with stdenv.lib; let - version = "1.34"; + version = "1.34.1"; in stdenv.mkDerivation rec { @@ -11,7 +11,7 @@ stdenv.mkDerivation rec { src = fetchurl { url = "https://download.geany.org/${name}.tar.bz2"; - sha256 = "63b93d25d037eaffa77895ae6dd29c91bca570e4053eff5cc8490f87e6021f8e"; + sha256 = "e765efd89e759defe3fd797d8a2052afbb4b23522efbcc72e3a72b7f1093ec11"; }; nativeBuildInputs = [ pkgconfig intltool libintl ]; diff --git a/pkgs/applications/networking/irc/weechat/scripts/weechat-matrix-bridge/default.nix b/pkgs/applications/networking/irc/weechat/scripts/weechat-matrix-bridge/default.nix index d2960ae93a99..137a32f9364f 100644 --- a/pkgs/applications/networking/irc/weechat/scripts/weechat-matrix-bridge/default.nix +++ b/pkgs/applications/networking/irc/weechat/scripts/weechat-matrix-bridge/default.nix @@ -1,12 +1,12 @@ { stdenv, curl, fetchFromGitHub, cjson, olm, luaffi }: stdenv.mkDerivation { - name = "weechat-matrix-bridge-2018-05-29"; + name = "weechat-matrix-bridge-2018-11-19"; src = fetchFromGitHub { owner = "torhve"; repo = "weechat-matrix-protocol-script"; - rev = "ace3fefc0e35a627f8a528032df2e3111e41eb1b"; - sha256 = "1snf8vn5n9wzrnqnvdrcli4199s5p114jbjlgrj5c27i53173wqw"; + rev = "8d32e90d864a8f3f09ecc2857cd5dd6e39a8c3f7"; + sha256 = "0qqd6qmkrdc0r3rnl53c3yp93fbcz7d3mdw3vq5gmdqxyym4s9lj"; }; patches = [ diff --git a/pkgs/applications/science/logic/cryptominisat/default.nix b/pkgs/applications/science/logic/cryptominisat/default.nix index 4d96339149af..18af6f0a618b 100644 --- a/pkgs/applications/science/logic/cryptominisat/default.nix +++ b/pkgs/applications/science/logic/cryptominisat/default.nix @@ -1,24 +1,18 @@ -{ stdenv, fetchFromGitHub, fetchpatch, cmake, python, xxd }: +{ stdenv, fetchFromGitHub, fetchpatch, cmake, python3, xxd, boost }: stdenv.mkDerivation rec { name = "cryptominisat-${version}"; - version = "5.0.1"; + version = "5.6.6"; src = fetchFromGitHub { owner = "msoos"; repo = "cryptominisat"; rev = version; - sha256 = "0cpw5d9vplxvv3aaplhnga55gz1hy29p7s4pkw1306knkbhlzvkb"; + sha256 = "1a1494gj4j73yij0hjbzsn2hglk9zy5c5wfwgig3j67cis28saf5"; }; - buildInputs = [ python xxd ]; - nativeBuildInputs = [ cmake ]; - - patches = [(fetchpatch rec { - name = "fix-exported-library-name.patch"; - url = "https://github.com/msoos/cryptominisat/commit/7a47795cbe5ad5a899731102d297f234bcade077.patch"; - sha256 = "11hf3cfqs4cykn7rlgjglq29lzqfxvlm0f20qasi0kdrz01cr30f"; - })]; + buildInputs = [ python3 boost ]; + nativeBuildInputs = [ cmake xxd ]; meta = with stdenv.lib; { description = "An advanced SAT Solver"; diff --git a/pkgs/applications/video/obs-studio/default.nix b/pkgs/applications/video/obs-studio/default.nix index 9fc9c5871086..c98acda9eea0 100644 --- a/pkgs/applications/video/obs-studio/default.nix +++ b/pkgs/applications/video/obs-studio/default.nix @@ -91,6 +91,6 @@ in stdenv.mkDerivation rec { homepage = https://obsproject.com; maintainers = with maintainers; [ jb55 MP2E ]; license = licenses.gpl2; - platforms = with platforms; linux; + platforms = [ "x86_64-linux" "i686-linux" ]; }; } diff --git a/pkgs/applications/video/vlc/default.nix b/pkgs/applications/video/vlc/default.nix index cbf3c4917c35..8dee15206f49 100644 --- a/pkgs/applications/video/vlc/default.nix +++ b/pkgs/applications/video/vlc/default.nix @@ -21,11 +21,11 @@ assert (withQt5 -> qtbase != null && qtsvg != null && qtx11extras != null); stdenv.mkDerivation rec { name = "vlc-${version}"; - version = "3.0.4"; + version = "3.0.5"; src = fetchurl { url = "http://get.videolan.org/vlc/${version}/${name}.tar.xz"; - sha256 = "17jsq0zqpqyxw4ckvjba0hf6zk8ywc4wf8sy3z03hh3ij0vxpwq1"; + sha256 = "1nvj00khy08sing0mdnw6virmiq579mrk5rvpx9710nlxggqgh7m"; }; # VLC uses a *ton* of libraries for various pieces of functionality, many of diff --git a/pkgs/development/compilers/elm/README.md b/pkgs/development/compilers/elm/README.md new file mode 100644 index 000000000000..f0254d0f9547 --- /dev/null +++ b/pkgs/development/compilers/elm/README.md @@ -0,0 +1,24 @@ +# To update Elm: + +Modify revision in ./update.sh and run it + +# Notes about the build process: + +The elm binary embeds a piece of pre-compiled elm code, used by 'elm +reactor'. This means that the build process for 'elm' effectively +executes 'elm make'. that in turn expects to retrieve the elm +dependencies of that code (elm/core, etc.) from +package.elm-lang.org, as well as a cached bit of metadata +(versions.dat). + +The makeDotElm function lets us retrieve these dependencies in the +standard nix way. we have to copy them in (rather than symlink) and +make them writable because the elm compiler writes other .dat files +alongside the source code. versions.dat was produced during an +impure build of this same code; the build complains that it can't +update this cache, but continues past that warning. + +Finally, we set ELM_HOME to point to these pre-fetched artifacts so +that the default of ~/.elm isn't used. + +More: https://blog.hercules-ci.com/elm/2019/01/03/elm2nix-0.1/ diff --git a/pkgs/development/compilers/elm/default.nix b/pkgs/development/compilers/elm/default.nix index 47a0d459a93d..aa8d9da9faaf 100644 --- a/pkgs/development/compilers/elm/default.nix +++ b/pkgs/development/compilers/elm/default.nix @@ -2,95 +2,40 @@ , haskell, nodejs , fetchurl, fetchpatch, makeWrapper, git }: -# To update: - -# 1) Modify ./update.sh and run it - -# 2) to generate versions.dat: -# 2.1) git clone https://github.com/elm/compiler.git -# 2.2) cd compiler -# 2.3) cabal2nix --shell . | sed 's/"default",/"ghc822",/' > shell.nix -# 2.4) nix-shell -# 2.5) mkdir .elm -# 2.6) export ELM_HOME=$(pwd)/.elm -# 2.7) cabal build -# 2.8) cp .elm/0.19.0/package/versions.dat ... - -# 3) generate a template for elm-elm.nix with: -# ( -# echo "{"; -# jq '.dependencies | .direct, .indirect | to_entries | .[] | { (.key) : { version : .value, sha256: "" } } ' \ -# < ui/browser/elm.json \ -# | sed 's/:/ =/' \ -# | sed 's/^[{}]//' \ -# | sed -E 's/(["}]),?$/\1;/' \ -# | sed -E 's/"(version|sha256)"/\1/' \ -# | grep -v '^$'; -# echo "}" -# ) -# -# ... then fill in the sha256s - -# Notes: - -# the elm binary embeds a piece of pre-compiled elm code, used by 'elm -# reactor'. this means that the build process for 'elm' effectively -# executes 'elm make'. that in turn expects to retrieve the elm -# dependencies of that code (elm/core, etc.) from -# package.elm-lang.org, as well as a cached bit of metadata -# (versions.dat). - -# the makeDotElm function lets us retrieve these dependencies in the -# standard nix way. we have to copy them in (rather than symlink) and -# make them writable because the elm compiler writes other .dat files -# alongside the source code. versions.dat was produced during an -# impure build of this same code; the build complains that it can't -# update this cache, but continues past that warning. - -# finally, we set ELM_HOME to point to these pre-fetched artifacts so -# that the default of ~/.elm isn't used. - let fetchElmDeps = import ./fetchElmDeps.nix { inherit stdenv lib fetchurl; }; - hsPkgs = haskell.packages.ghc822.override { + hsPkgs = haskell.packages.ghc863.override { overrides = self: super: with haskell.lib; let elmPkgs = { elm = overrideCabal (self.callPackage ./packages/elm.nix { }) (drv: { # sadly with parallelism most of the time breaks compilation enableParallelBuilding = false; - preConfigure = fetchElmDeps { - elmPackages = (import ./packages/elm-elm.nix); + preConfigure = self.fetchElmDeps { + elmPackages = (import ./packages/elm-srcs.nix); versionsDat = ./versions.dat; }; buildTools = drv.buildTools or [] ++ [ makeWrapper ]; - patches = [ - (fetchpatch { - url = "https://github.com/elm/compiler/pull/1784/commits/78d2d8eab310552b1b877a3e90e1e57e7a09ddec.patch"; - sha256 = "0vdhk16xqm2hxw12s1b91a0bmi8w4wsxc086qlzglgnjxrl5b3w4"; - }) - ]; + jailbreak = true; postInstall = '' wrapProgram $out/bin/elm \ --prefix PATH ':' ${lib.makeBinPath [ nodejs ]} ''; }); - - /* The elm-format expression is updated via a script in the https://github.com/avh4/elm-format repo: `pacakge/nix/build.sh` */ - elm-format = self.callPackage ./packages/elm-format.nix {}; + elm-format = justStaticExecutables (doJailbreak (self.callPackage ./packages/elm-format.nix {})); + inherit fetchElmDeps; + elmVersion = elmPkgs.elm.version; }; in elmPkgs // { inherit elmPkgs; - elmVersion = elmPkgs.elm.version; # Needed for elm-format indents = self.callPackage ./packages/indents.nix {}; - tasty-quickcheck = self.callPackage ./packages/tasty-quickcheck.nix {}; }; }; in hsPkgs.elmPkgs diff --git a/pkgs/development/compilers/elm/elm2nix.rb b/pkgs/development/compilers/elm/elm2nix.rb deleted file mode 100755 index fab5551ca158..000000000000 --- a/pkgs/development/compilers/elm/elm2nix.rb +++ /dev/null @@ -1,26 +0,0 @@ -#!/usr/bin/env ruby - -require 'json' - -system("elm-package install -y") -depsSrc = JSON.parse(File.read("elm-stuff/exact-dependencies.json")) -deps = Hash[ depsSrc.map { |pkg, ver| - url = "https://github.com/#{pkg}/archive/#{ver}.tar.gz" - sha256 = `nix-prefetch-url #{url}` - - [ pkg, { version: ver, - sha256: sha256.strip - } - ] -} ] - -File.open("package.nix", 'w') do |file| - file.puts "{" - for pkg, info in deps - file.puts " \"#{pkg}\" = {" - file.puts " version = \"#{info[:version]}\";" - file.puts " sha256 = \"#{info[:sha256]}\";" - file.puts " };" - end - file.puts "}" -end diff --git a/pkgs/development/compilers/elm/packages/elm-elm.nix b/pkgs/development/compilers/elm/packages/elm-elm.nix deleted file mode 100644 index a38e21daa06d..000000000000 --- a/pkgs/development/compilers/elm/packages/elm-elm.nix +++ /dev/null @@ -1,50 +0,0 @@ -{ - "elm/browser" = { - version = "1.0.0"; - sha256 = "1apmvyax93nvmagwj00y16zx10kfv640cxpi64xgqbgy7d2wphy4"; - }; - "elm/core" = { - version = "1.0.0"; - sha256 = "10kr86h4v5h4p0586q406a5wbl8xvr1jyrf6097zp2wb8sv21ylw"; - }; - "elm/html" = { - version = "1.0.0"; - sha256 = "1n3gpzmpqqdsldys4ipgyl1zacn0kbpc3g4v3hdpiyfjlgh8bf3k"; - }; - "elm/http" = { - version = "1.0.0"; - sha256 = "1igmm89ialzrjib1j8xagkxalq1x2gj4l0hfxcd66mpwmvg7psl8"; - }; - "elm/json" = { - version = "1.0.0"; - sha256 = "1g0hafkqf2q633r7ir9wxpb1lnlzskhpsyi0h5bkzj0gl072zfnb"; - }; - "elm/project-metadata-utils" = { - version = "1.0.0"; - sha256 = "1d4rd4grrnbdvj9gf00h7dr6hbkjzawgkzpizfrkp1z1pyr3mvq9"; - }; - "elm/svg" = { - version = "1.0.0"; - sha256 = "08x0v8p9wm699jjmsnbq69pxv3jh60j4f6fg7y6hyr7xxj85y390"; - }; - "elm-explorations/markdown" = { - version = "1.0.0"; - sha256 = "0k3110ixa4wwf3vkkdplagwah9ypr965qxr1y147rnsc1xsxmr6y"; - }; - "elm/parser" = { - version = "1.0.0"; - sha256 = "0k4zlq30lrvawqvzwbvsl0hrmwf9s832mb41z7fdspm4549dj7wc"; - }; - "elm/time" = { - version = "1.0.0"; - sha256 = "0vch7i86vn0x8b850w1p69vplll1bnbkp8s383z7pinyg94cm2z1"; - }; - "elm/url" = { - version = "1.0.0"; - sha256 = "0av8x5syid40sgpl5vd7pry2rq0q4pga28b4yykn9gd9v12rs3l4"; - }; - "elm/virtual-dom" = { - version = "1.0.0"; - sha256 = "0hm8g92h7z39km325dlnhk8n00nlyjkqp3r3jppr37k2k13md6aq"; - }; -} diff --git a/pkgs/development/compilers/elm/packages/elm-srcs.nix b/pkgs/development/compilers/elm/packages/elm-srcs.nix new file mode 100644 index 000000000000..e1f941626dd7 --- /dev/null +++ b/pkgs/development/compilers/elm/packages/elm-srcs.nix @@ -0,0 +1,62 @@ +{ + + "elm-explorations/markdown" = { + sha256 = "0k3110ixa4wwf3vkkdplagwah9ypr965qxr1y147rnsc1xsxmr6y"; + version = "1.0.0"; + }; + + "elm/json" = { + sha256 = "1g0hafkqf2q633r7ir9wxpb1lnlzskhpsyi0h5bkzj0gl072zfnb"; + version = "1.0.0"; + }; + + "elm/html" = { + sha256 = "1n3gpzmpqqdsldys4ipgyl1zacn0kbpc3g4v3hdpiyfjlgh8bf3k"; + version = "1.0.0"; + }; + + "elm/svg" = { + sha256 = "08x0v8p9wm699jjmsnbq69pxv3jh60j4f6fg7y6hyr7xxj85y390"; + version = "1.0.0"; + }; + + "elm/project-metadata-utils" = { + sha256 = "1d4rd4grrnbdvj9gf00h7dr6hbkjzawgkzpizfrkp1z1pyr3mvq9"; + version = "1.0.0"; + }; + + "elm/browser" = { + sha256 = "1apmvyax93nvmagwj00y16zx10kfv640cxpi64xgqbgy7d2wphy4"; + version = "1.0.0"; + }; + + "elm/core" = { + sha256 = "10kr86h4v5h4p0586q406a5wbl8xvr1jyrf6097zp2wb8sv21ylw"; + version = "1.0.0"; + }; + + "elm/http" = { + sha256 = "1igmm89ialzrjib1j8xagkxalq1x2gj4l0hfxcd66mpwmvg7psl8"; + version = "1.0.0"; + }; + + "elm/parser" = { + sha256 = "0k4zlq30lrvawqvzwbvsl0hrmwf9s832mb41z7fdspm4549dj7wc"; + version = "1.0.0"; + }; + + "elm/url" = { + sha256 = "0av8x5syid40sgpl5vd7pry2rq0q4pga28b4yykn9gd9v12rs3l4"; + version = "1.0.0"; + }; + + "elm/time" = { + sha256 = "0vch7i86vn0x8b850w1p69vplll1bnbkp8s383z7pinyg94cm2z1"; + version = "1.0.0"; + }; + + "elm/virtual-dom" = { + sha256 = "0hm8g92h7z39km325dlnhk8n00nlyjkqp3r3jppr37k2k13md6aq"; + version = "1.0.0"; + }; +} diff --git a/pkgs/development/compilers/elm/packages/elm.nix b/pkgs/development/compilers/elm/packages/elm.nix index 41998f4c9b3d..67e63ea2b8e8 100644 --- a/pkgs/development/compilers/elm/packages/elm.nix +++ b/pkgs/development/compilers/elm/packages/elm.nix @@ -13,6 +13,7 @@ mkDerivation { url = "https://github.com/elm/compiler"; sha256 = "13jks6c6i80z71mjjfg46ri570g5ini0k3xw3857v6z66zcl56x4"; rev = "d5cbc41aac23da463236bbc250933d037da4055a"; + fetchSubmodules = true; }; isLibrary = false; isExecutable = true; diff --git a/pkgs/development/compilers/elm/packages/tasty-quickcheck.nix b/pkgs/development/compilers/elm/packages/tasty-quickcheck.nix deleted file mode 100644 index 54235489edfa..000000000000 --- a/pkgs/development/compilers/elm/packages/tasty-quickcheck.nix +++ /dev/null @@ -1,14 +0,0 @@ -{ mkDerivation, base, pcre-light, QuickCheck, random, stdenv -, tagged, tasty, tasty-hunit -}: -mkDerivation { - pname = "tasty-quickcheck"; - version = "0.9.2"; - sha256 = "c5920adeab6e283d5e3ab45f3c80a1b011bedfbe4a3246a52606da2e1da95873"; - libraryHaskellDepends = [ base QuickCheck random tagged tasty ]; - testHaskellDepends = [ base pcre-light tasty tasty-hunit ]; - doCheck = false; - homepage = "https://github.com/feuerbach/tasty"; - description = "QuickCheck support for the Tasty test framework"; - license = stdenv.lib.licenses.mit; -} diff --git a/pkgs/development/compilers/elm/update.sh b/pkgs/development/compilers/elm/update.sh index 2b5d85feeb28..920b95e5ad95 100755 --- a/pkgs/development/compilers/elm/update.sh +++ b/pkgs/development/compilers/elm/update.sh @@ -1 +1,8 @@ -cabal2nix https://github.com/elm/compiler --revision 32059a289d27e303fa1665e9ada0a52eb688f302 > packages/elm.nix +#!/usr/bin/env nix-shell +#!nix-shell -p cabal2nix elm2nix -i bash ../../.. + +cabal2nix https://github.com/elm/compiler --revision d5cbc41aac23da463236bbc250933d037da4055a > packages/elm.nix +elm2nix snapshot > versions.dat +pushd "$(nix-build -A elmPackages.elm.src --no-out-link ../../../..)/ui/browser" + elm2nix convert > $OLDPWD/packages/elm-srcs.nix +popd diff --git a/pkgs/development/compilers/elm/versions.dat b/pkgs/development/compilers/elm/versions.dat index 824ab383057f..9dcfd8a2808f 100644 --- a/pkgs/development/compilers/elm/versions.dat +++ b/pkgs/development/compilers/elm/versions.dat Binary files differdiff --git a/pkgs/development/haskell-modules/configuration-common.nix b/pkgs/development/haskell-modules/configuration-common.nix index a779122bfd4f..96486ffd925f 100644 --- a/pkgs/development/haskell-modules/configuration-common.nix +++ b/pkgs/development/haskell-modules/configuration-common.nix @@ -517,6 +517,10 @@ self: super: { # generic-deriving bound is too tight aeson = doJailbreak super.aeson; + # containers >=0.4 && <0.6 is too tight + # https://github.com/RaphaelJ/friday/issues/34 + friday = doJailbreak super.friday; + # Won't compile with recent versions of QuickCheck. inilist = dontCheck super.inilist; MissingH = dontCheck super.MissingH; diff --git a/pkgs/development/haskell-modules/configuration-ghc-8.6.x.nix b/pkgs/development/haskell-modules/configuration-ghc-8.6.x.nix index 0ca617bc6be6..4d258a5490b2 100644 --- a/pkgs/development/haskell-modules/configuration-ghc-8.6.x.nix +++ b/pkgs/development/haskell-modules/configuration-ghc-8.6.x.nix @@ -55,6 +55,8 @@ self: super: { unicode-transforms = dontCheck super.unicode-transforms; RSA = dontCheck super.RSA; # https://github.com/GaloisInc/RSA/issues/14 monad-par = dontCheck super.monad-par; # https://github.com/simonmar/monad-par/issues/66 + github = dontCheck super.github; # hspec upper bound exceeded; https://github.com/phadej/github/pull/341 + binary-orphans = dontCheck super.binary-orphans; # tasty upper bound exceeded; https://github.com/phadej/binary-orphans/commit/8ce857226595dd520236ff4c51fa1a45d8387b33 # https://github.com/jgm/skylighting/issues/55 skylighting-core = dontCheck super.skylighting-core; diff --git a/pkgs/development/libraries/getdns/default.nix b/pkgs/development/libraries/getdns/default.nix index 66fc0138ef9b..002c9bc0748f 100644 --- a/pkgs/development/libraries/getdns/default.nix +++ b/pkgs/development/libraries/getdns/default.nix @@ -4,11 +4,11 @@ stdenv.mkDerivation rec { pname = "getdns"; name = "${pname}-${version}"; - version = "1.4.2"; + version = "1.5.0"; src = fetchurl { - url = "https://getdnsapi.net/releases/${pname}-1-4-2/${pname}-${version}.tar.gz"; - sha256 = "100fzjpvajvnv0kym8g5lkwyv8w8vhy7g2p0pb2gyz19zqnvi18n"; + url = "https://getdnsapi.net/releases/${pname}-1-5-0/${pname}-${version}.tar.gz"; + sha256 = "577182c3ace919ee70cee5629505581a10dc530bd53fe5c241603ea91c84fa84"; }; nativeBuildInputs = [ libtool m4 autoreconfHook automake file ]; diff --git a/pkgs/development/python-modules/easywatch/default.nix b/pkgs/development/python-modules/easywatch/default.nix new file mode 100644 index 000000000000..96301996fe8d --- /dev/null +++ b/pkgs/development/python-modules/easywatch/default.nix @@ -0,0 +1,28 @@ +{ lib +, fetchPypi +, buildPythonPackage +, watchdog +}: + +buildPythonPackage rec { + pname = "easywatch"; + version = "0.0.5"; + + src = fetchPypi { + inherit pname version; + sha256 = "1b40cjigv7s9qj8hxxy6yhwv0320z7qywrigwgkasgh80q0xgphc"; + }; + + propagatedBuildInputs = [ watchdog ]; + + # There are no tests + doCheck = false; + + meta = with lib; { + description = "Dead-simple way to watch a directory"; + homepage = https://github.com/Ceasar/easywatch; + license = licenses.mit; + maintainers = with maintainers; [ fgaz ]; + }; +} + diff --git a/pkgs/development/python-modules/gcutil/default.nix b/pkgs/development/python-modules/gcutil/default.nix deleted file mode 100644 index 85c0fbb4d609..000000000000 --- a/pkgs/development/python-modules/gcutil/default.nix +++ /dev/null @@ -1,41 +0,0 @@ -{ stdenv -, buildPythonPackage -, fetchurl -, gflags -, iso8601 -, ipaddr -, httplib2 -, google_apputils -, google_api_python_client -, isPy3k -}: - -buildPythonPackage rec { - name = "gcutil-1.16.1"; - disabled = isPy3k; - - src = fetchurl { - url = https://dl.google.com/dl/cloudsdk/release/artifacts/gcutil-1.16.1.tar.gz; - sha256 = "00jaf7x1ji9y46fbkww2sg6r6almrqfsprydz3q2swr4jrnrsx9x"; - }; - - propagatedBuildInputs = [ gflags iso8601 ipaddr httplib2 google_apputils google_api_python_client ]; - - prePatch = '' - sed -i -e "s|google-apputils==0.4.0|google-apputils==0.4.1|g" setup.py - substituteInPlace setup.py \ - --replace "httplib2==0.8" "httplib2" \ - --replace "iso8601==0.1.4" "iso8601" \ - --replace "ipaddr==2.1.10" "ipaddr" \ - --replace "google-api-python-client==1.2" "google-api-python-client" \ - --replace "python-gflags==2.0" "python-gflags" - ''; - - meta = with stdenv.lib; { - description = "Command-line tool for interacting with Google Compute Engine"; - homepage = "https://cloud.google.com/compute/docs/gcutil/"; - license = licenses.asl20; - maintainers = with maintainers; [ phreedom ]; - }; - -} diff --git a/pkgs/development/python-modules/google-api-python-client/default.nix b/pkgs/development/python-modules/google-api-python-client/default.nix index c8dd5ea84aec..1a335ad6bb1c 100644 --- a/pkgs/development/python-modules/google-api-python-client/default.nix +++ b/pkgs/development/python-modules/google-api-python-client/default.nix @@ -1,13 +1,14 @@ -{ lib, buildPythonPackage, fetchPypi +{ lib, buildPythonPackage, fetchPypi, isPy3k , httplib2, google_auth, google-auth-httplib2, six, uritemplate, oauth2client }: buildPythonPackage rec { pname = "google-api-python-client"; - version = "1.7.4"; + version = "1.7.7"; + #disabled = !isPy3k; # TODO: Python 2.7 was deprecated but weboob still depends on it. src = fetchPypi { inherit pname version; - sha256 = "5d5cb02c6f3112c68eed51b74891a49c0e35263380672d662f8bfe85b8114d7c"; + sha256 = "1nlsp8cll6v9w4649j98xw545bfnqa2xs7m9faa9mxc0kp8ff1li"; }; # No tests included in archive diff --git a/pkgs/development/python-modules/ldap3/default.nix b/pkgs/development/python-modules/ldap3/default.nix index 22d725fac617..73957df1d9d6 100644 --- a/pkgs/development/python-modules/ldap3/default.nix +++ b/pkgs/development/python-modules/ldap3/default.nix @@ -1,12 +1,20 @@ -{ stdenv, fetchPypi, buildPythonPackage, gssapi, pyasn1 }: +{ stdenv, fetchPypi, fetchFromGitHub, buildPythonPackage, gssapi, pyasn1 }: buildPythonPackage rec { version = "2.5.2"; pname = "ldap3"; - src = fetchPypi { - inherit pname version; - sha256 = "063dacy01mphc3n7z2qc2avykjavqm1gllkbvy7xzw5ihlqwhrrz"; +## This should work, but 2.5.2 has a weird tarball with empty source files +## where upstream repository has non-empty ones +# src = fetchPypi { +# inherit pname version; +# sha256 = "063dacy01mphc3n7z2qc2avykjavqm1gllkbvy7xzw5ihlqwhrrz"; +# }; + src = fetchFromGitHub { + owner = "cannatag"; + repo = pname; + rev = "v${version}"; + sha256 = "0p5l4bhy6j2nvvlxz5zvznbaqb72x791v9la2jr2wpwr60mzz9hw"; }; buildInputs = [ gssapi ]; diff --git a/pkgs/development/python-modules/simplejson/default.nix b/pkgs/development/python-modules/simplejson/default.nix index 4adf7083a0b6..cc60e81a59ee 100644 --- a/pkgs/development/python-modules/simplejson/default.nix +++ b/pkgs/development/python-modules/simplejson/default.nix @@ -33,7 +33,7 @@ buildPythonPackage rec { default, encoding is done in an encoding neutral fashion (plain ASCII with \uXXXX escapes for unicode characters). ''; - homepage = http://code.google.com/p/simplejson/; - license = lib.licenses.mit; + homepage = https://github.com/simplejson/simplejson; + license = with lib.licenses; [ mit afl21 ]; }; } diff --git a/pkgs/development/python-modules/staticjinja/default.nix b/pkgs/development/python-modules/staticjinja/default.nix new file mode 100644 index 000000000000..a5b3b4fe8d49 --- /dev/null +++ b/pkgs/development/python-modules/staticjinja/default.nix @@ -0,0 +1,30 @@ +{ lib +, fetchPypi +, buildPythonPackage +, docopt +, easywatch +, jinja2 +}: + +buildPythonPackage rec { + pname = "staticjinja"; + version = "0.3.4"; + + src = fetchPypi { + inherit pname version; + sha256 = "1mxv7yy35657mfxx9xhbzihh10m5lb29fmscfh9q455zd4ikr032"; + }; + + propagatedBuildInputs = [ jinja2 docopt easywatch ]; + + # There are no tests on pypi + doCheck = false; + + meta = with lib; { + description = "A library and cli tool that makes it easy to build static sites using Jinja2"; + homepage = https://staticjinja.readthedocs.io/en/latest/; + license = licenses.mit; + maintainers = with maintainers; [ fgaz ]; + }; +} + diff --git a/pkgs/development/python-modules/weboob/default.nix b/pkgs/development/python-modules/weboob/default.nix index 73a70a65c380..93a17ea4425d 100644 --- a/pkgs/development/python-modules/weboob/default.nix +++ b/pkgs/development/python-modules/weboob/default.nix @@ -1,4 +1,4 @@ -{ buildPythonPackage, fetchurl, stdenv, isPy27 +{ buildPythonPackage, fetchurl, fetchPypi, stdenv, isPy27 , nose, pillow, prettytable, pyyaml, dateutil, gdata , requests, mechanize, feedparser, lxml, gnupg, pyqt5 , libyaml, simplejson, cssselect, futures, pdfminer @@ -6,7 +6,18 @@ , unidecode }: -buildPythonPackage rec { +let + # Support for Python 2.7 was dropped in 1.7.7 + google_api_python_client_python27 = google_api_python_client.overrideDerivation + (oldAttrs: rec { + pname = "google-api-python-client"; + version = "1.7.6"; + src = fetchPypi { + inherit pname version; + sha256 = "14w5sdrp0bk9n0r2lmpqmrbf2zclpfq6q7giyahnskkfzdkb165z"; + }; + }); +in buildPythonPackage rec { pname = "weboob"; version = "1.3"; disabled = ! isPy27; @@ -35,8 +46,8 @@ buildPythonPackage rec { propagatedBuildInputs = [ pillow prettytable pyyaml dateutil gdata requests mechanize feedparser lxml gnupg pyqt5 libyaml - simplejson cssselect futures pdfminer termcolor google_api_python_client - html2text unidecode ]; + simplejson cssselect futures pdfminer termcolor + google_api_python_client_python27 html2text unidecode ]; checkPhase = '' nosetests diff --git a/pkgs/development/tools/gllvm/default.nix b/pkgs/development/tools/gllvm/default.nix index cae6d2255bf2..b581e71129ca 100644 --- a/pkgs/development/tools/gllvm/default.nix +++ b/pkgs/development/tools/gllvm/default.nix @@ -2,7 +2,7 @@ buildGoPackage rec { name = "gllvm-${version}"; - version = "1.2.2"; + version = "1.2.3"; goPackagePath = "github.com/SRI-CSL/gllvm"; @@ -10,7 +10,7 @@ buildGoPackage rec { owner = "SRI-CSL"; repo = "gllvm"; rev = "v${version}"; - sha256 = "1k6081frnc6i6h3fa8d796cirhbf5kkshw7qyarz5wi3fcgijn4s"; + sha256 = "12kdgsma62nzksvw266qm3ivkbz62ma93dd25wy0p19789v4fi7s"; }; meta = with stdenv.lib; { diff --git a/pkgs/development/tools/minizinc/ide.nix b/pkgs/development/tools/minizinc/ide.nix new file mode 100644 index 000000000000..ab2af43979a6 --- /dev/null +++ b/pkgs/development/tools/minizinc/ide.nix @@ -0,0 +1,42 @@ +{ stdenv, fetchFromGitHub, qtbase, qtwebengine, qtwebkit, qmake, makeWrapper, minizinc }: +let + version = "2.2.3"; +in +stdenv.mkDerivation { + name = "minizinc-ide-${version}"; + + nativeBuildInputs = [ qmake makeWrapper ]; + buildInputs = [ qtbase qtwebengine qtwebkit ]; + + src = fetchFromGitHub { + owner = "MiniZinc"; + repo = "MiniZincIDE"; + rev = version; + sha256 = "1hanq7c6li59awlwghgvpd8w93a7zb6iw7p4062nphnbd1dmg92f"; + }; + + sourceRoot = "source/MiniZincIDE"; + + enableParallelBuilding = true; + + postInstall = '' + wrapProgram $out/bin/MiniZincIDE --prefix PATH ":" ${stdenv.lib.makeBinPath [ minizinc ]} + ''; + + meta = with stdenv.lib; { + homepage = https://www.minizinc.org/; + description = "IDE for MiniZinc, a medium-level constraint modelling language"; + + longDescription = '' + MiniZinc is a medium-level constraint modelling + language. It is high-level enough to express most + constraint problems easily, but low-level enough + that it can be mapped onto existing solvers easily and consistently. + It is a subset of the higher-level language Zinc. + ''; + + license = licenses.mpl20; + platforms = platforms.linux; + maintainers = [ maintainers.dtzWill ]; + }; +} diff --git a/pkgs/games/anki/default.nix b/pkgs/games/anki/default.nix index b662b5b8e3bd..ad202c6ad8cc 100644 --- a/pkgs/games/anki/default.nix +++ b/pkgs/games/anki/default.nix @@ -20,13 +20,14 @@ , glibcLocales , nose , send2trash +, CoreAudio # This little flag adds a huge number of dependencies, but we assume that # everyone wants Anki to draw plots with statistics by default. , plotsSupport ? true }: buildPythonApplication rec { - version = "2.1.7"; + version = "2.1.8"; name = "anki-${version}"; src = fetchurl { @@ -36,12 +37,16 @@ buildPythonApplication rec { # "http://ankisrs.net/download/mirror/${name}.tgz" # "http://ankisrs.net/download/mirror/archive/${name}.tgz" ]; - sha256 = "0cvlimfxb7kficlf20hg7a345pahvr093b7yqvssww15h4y4va9d"; + sha256 = "08wb9hwpmbq7636h7sinim33qygdwwlh3frqqh2gfgm49f46di2p"; }; - propagatedBuildInputs = [ pyqt5 sqlalchemy - beautifulsoup4 send2trash pyaudio requests decorator markdown ] - ++ lib.optional plotsSupport matplotlib; + propagatedBuildInputs = [ + pyqt5 sqlalchemy beautifulsoup4 send2trash pyaudio requests decorator + markdown + ] + ++ lib.optional plotsSupport matplotlib + ++ lib.optional stdenv.isDarwin [ CoreAudio ] + ; checkInputs = [ pytest glibcLocales nose ]; diff --git a/pkgs/misc/emulators/wine/base.nix b/pkgs/misc/emulators/wine/base.nix index 94cf4a774569..2b9d048f77e6 100644 --- a/pkgs/misc/emulators/wine/base.nix +++ b/pkgs/misc/emulators/wine/base.nix @@ -59,7 +59,7 @@ stdenv.mkDerivation ((lib.optionalAttrs (! isNull buildScript) { ++ lib.optionals stdenv.isLinux (with pkgs.xorg; [ libXi libXcursor libXrandr libXrender libXxf86vm libXcomposite libXext ]) - ++ [ pkgs.xorg.libX11 ])); + ++ [ pkgs.xorg.libX11 pkgs.perl ])); # Wine locates a lot of libraries dynamically through dlopen(). Add # them to the RPATH so that the user doesn't have to set them in diff --git a/pkgs/os-specific/linux/i2c-tools/default.nix b/pkgs/os-specific/linux/i2c-tools/default.nix index 3f90b91f10d8..5b061183356c 100644 --- a/pkgs/os-specific/linux/i2c-tools/default.nix +++ b/pkgs/os-specific/linux/i2c-tools/default.nix @@ -2,22 +2,23 @@ stdenv.mkDerivation rec { name = "i2c-tools-${version}"; - version = "4.0"; + version = "4.1"; src = fetchurl { url = "https://www.kernel.org/pub/software/utils/i2c-tools/${name}.tar.xz"; - sha256 = "1mi8mykvl89y6liinc9jv1x8m2q093wrdc2hm86a47n524fcl06r"; + sha256 = "1m97hpwqfaqjl9xvr4pvz2vdrsdvxbcn0nnx8pamnyc3s7pikcjp"; }; buildInputs = [ perl ]; - patchPhase = '' + postPatch = '' substituteInPlace eeprom/decode-edid --replace "/usr/sbin/parse-edid" "${read-edid}/bin/parse-edid" substituteInPlace stub/i2c-stub-from-dump --replace "/sbin/" "" ''; - installPhase = '' - make install prefix=$out + makeFlags = [ "PREFIX=${placeholder "out"}" ]; + + postInstall = '' rm -rf $out/include # Installs include/linux/i2c-dev.h that conflics with kernel headers ''; diff --git a/pkgs/os-specific/linux/kernel/hardened-config.nix b/pkgs/os-specific/linux/kernel/hardened-config.nix index 9d28b3edf855..ed540a9e7518 100644 --- a/pkgs/os-specific/linux/kernel/hardened-config.nix +++ b/pkgs/os-specific/linux/kernel/hardened-config.nix @@ -28,9 +28,9 @@ ${optionalString (stdenv.hostPlatform.platform.kernelArch == "x86_64") '' # Reduce attack surface by disabling various emulations IA32_EMULATION n X86_X32 n - ${optionalString (versionOlder version "4.17") '' - MODIFY_LDT_SYSCALL? n - ''} + # Note: this config depends on EXPERT y and so will not take effect, hence + # it is left "optional" for now. + MODIFY_LDT_SYSCALL? n VMAP_STACK y # Catch kernel stack overflows @@ -52,18 +52,23 @@ ${optionalString (versionOlder version "4.11") '' DEBUG_SET_MODULE_RONX y ''} -# Mark LSM hooks read-only after init. Conflicts with SECURITY_SELINUX_DISABLE -# (disabling SELinux at runtime); hence, SELinux can only be disabled at boot -# via the selinux=0 boot parameter. +# Mark LSM hooks read-only after init. SECURITY_WRITABLE_HOOKS n +# conflicts with SECURITY_SELINUX_DISABLE y; disabling the latter +# implicitly marks LSM hooks read-only after init. +# +# SELinux can only be disabled at boot via selinux=0 +# +# We set SECURITY_WRITABLE_HOOKS n primarily for documentation purposes; the +# config builder fails to detect that it has indeed been unset. ${optionalString (versionAtLeast version "4.12") '' SECURITY_SELINUX_DISABLE n -''} - -${optionalString ((versionAtLeast version "4.12") && (versionOlder version "4.17")) '' - SECURITY_WRITABLE_HOOKS n + SECURITY_WRITABLE_HOOKS? n ''} DEBUG_WX y # boot-time warning on RWX mappings +${optionalString (versionAtLeast version "4.11") '' + STRICT_KERNEL_RWX y +''} # Stricter /dev/mem STRICT_DEVMEM? y @@ -84,7 +89,7 @@ ${optionalString (versionAtLeast version "4.13") '' # Perform usercopy bounds checking. HARDENED_USERCOPY y ${optionalString (versionAtLeast version "4.16") '' - HARDENED_USERCOPY_FALLBACK n + HARDENED_USERCOPY_FALLBACK n # for full whitelist enforcement ''} # Randomize allocator freelists. @@ -94,6 +99,9 @@ ${optionalString (versionAtLeast version "4.14") '' SLAB_FREELIST_HARDENED y ''} +# Allow enabling slub/slab free poisoning with slub_debug=P +SLUB_DEBUG y + # Wipe higher-level memory allocations on free() with page_poison=1 PAGE_POISONING y PAGE_POISONING_NO_SANITY y @@ -117,6 +125,11 @@ ${optionalString (versionAtLeast version "4.20") '' GCC_PLUGIN_STACKLEAK y # A port of the PaX stackleak plugin ''} +${optionalString (versionAtLeast version "4.13") '' + GCC_PLUGIN_RANDSTRUCT y # A port of the PaX randstruct plugin + GCC_PLUGIN_RANDSTRUCT_PERFORMANCE y +''} + # Disable various dangerous settings ACPI_CUSTOM_METHOD n # Allows writing directly to physical memory PROC_KCORE n # Exposes kernel text image layout diff --git a/pkgs/os-specific/linux/sysstat/default.nix b/pkgs/os-specific/linux/sysstat/default.nix index d3a9d7834cdc..27b27ebffdd8 100644 --- a/pkgs/os-specific/linux/sysstat/default.nix +++ b/pkgs/os-specific/linux/sysstat/default.nix @@ -1,11 +1,11 @@ { stdenv, fetchurl, gettext, bzip2 }: stdenv.mkDerivation rec { - name = "sysstat-12.1.1"; + name = "sysstat-12.1.2"; src = fetchurl { url = "http://perso.orange.fr/sebastien.godard/${name}.tar.xz"; - sha256 = "0drrlv2fr64g5zf0a2bkla2rql4nmq4n192wvcr9r4zppg58d8k4"; + sha256 = "0xiv70x4n24fcycvlq95lqgb3jwjxfzq61bnyqai57x54hhn46yp"; }; buildInputs = [ gettext ]; diff --git a/pkgs/tools/networking/offlineimap/default.nix b/pkgs/tools/networking/offlineimap/default.nix index 50ed107bc20d..5ac64d36eaf9 100644 --- a/pkgs/tools/networking/offlineimap/default.nix +++ b/pkgs/tools/networking/offlineimap/default.nix @@ -1,5 +1,5 @@ { stdenv, fetchFromGitHub, python2Packages, - asciidoc, libxml2, libxslt, docbook_xsl }: + asciidoc, cacert, libxml2, libxslt, docbook_xsl }: python2Packages.buildPythonApplication rec { version = "7.2.2"; @@ -15,6 +15,9 @@ python2Packages.buildPythonApplication rec { postPatch = '' # Skip xmllint to stop failures due to no network access sed -i docs/Makefile -e "s|a2x -v -d |a2x -L -v -d |" + + # Provide CA certificates (Used when "sslcacertfile = OS-DEFAULT" is configured") + sed -i offlineimap/utils/distro.py -e '/def get_os_sslcertfile():/a\ \ \ \ return "${cacert}/etc/ssl/certs/ca-bundle.crt"' ''; doCheck = false; diff --git a/pkgs/tools/networking/stubby/default.nix b/pkgs/tools/networking/stubby/default.nix index 2882ba217398..d8088918f449 100644 --- a/pkgs/tools/networking/stubby/default.nix +++ b/pkgs/tools/networking/stubby/default.nix @@ -4,13 +4,13 @@ stdenv.mkDerivation rec { pname = "stubby"; name = "${pname}-${version}"; - version = "0.2.3"; + version = "0.2.4"; src = fetchFromGitHub { owner = "getdnsapi"; repo = pname; rev = "v${version}"; - sha256 = "1n02dj1hvh0aml54asxj42f0j9wfgiyavbh0gr0j9lm4f2xcd60w"; + sha256 = "1c0jqbxcrwc8kvpx7v0bmdladf20myyi2672r2r87m2q0jvsmgpr"; }; nativeBuildInputs = [ libtool m4 libbsd libyaml autoreconfHook ]; diff --git a/pkgs/tools/security/afl/default.nix b/pkgs/tools/security/afl/default.nix index 3476606049d1..c90d031e989b 100644 --- a/pkgs/tools/security/afl/default.nix +++ b/pkgs/tools/security/afl/default.nix @@ -3,79 +3,73 @@ }: let - afl-qemu = callPackage ./qemu.nix {}; + afl-qemu = callPackage ./qemu.nix { inherit afl; }; qemu-exe-name = if stdenv.hostPlatform.system == "x86_64-linux" then "qemu-x86_64" else if stdenv.hostPlatform.system == "i686-linux" then "qemu-i386" else throw "afl: no support for ${stdenv.hostPlatform.system}!"; -in + afl = stdenv.mkDerivation rec { + name = "afl-${version}"; + version = "2.52b"; -stdenv.mkDerivation rec { - name = "afl-${version}"; - version = "2.52b"; + src = fetchurl { + url = "http://lcamtuf.coredump.cx/afl/releases/${name}.tgz"; + sha256 = "0ig0ij4n1pwry5dw1hk4q88801jzzy2cric6y2gd6560j55lnqa3"; + }; + enableParallelBuilding = true; - src = fetchurl { - url = "http://lcamtuf.coredump.cx/afl/releases/${name}.tgz"; - sha256 = "0ig0ij4n1pwry5dw1hk4q88801jzzy2cric6y2gd6560j55lnqa3"; - }; - - # Note: libcgroup isn't needed for building, just for the afl-cgroup - # script. - buildInputs = [ makeWrapper llvm which ]; + # Note: libcgroup isn't needed for building, just for the afl-cgroup + # script. + nativeBuildInputs = [ makeWrapper which ]; + buildInputs = [ llvm ]; - buildPhase = '' - make PREFIX=$out - cd llvm_mode - make PREFIX=$out - cd .. - ''; - installPhase = '' - # Do the normal installation - make install PREFIX=$out - - # Install the custom QEMU emulator for binary blob fuzzing. - cp ${afl-qemu}/bin/${qemu-exe-name} $out/bin/afl-qemu-trace + makeFlags = [ "PREFIX=$(out)" ]; + postBuild = '' + make -C llvm_mode $makeFlags -j$NIX_BUILD_CORES + ''; + postInstall = '' + # Install the custom QEMU emulator for binary blob fuzzing. + cp ${afl-qemu}/bin/${qemu-exe-name} $out/bin/afl-qemu-trace - # Install the cgroups wrapper for asan-based fuzzing. - cp experimental/asan_cgroups/limit_memory.sh $out/bin/afl-cgroup - chmod +x $out/bin/afl-cgroup - substituteInPlace $out/bin/afl-cgroup \ - --replace "cgcreate" "${libcgroup}/bin/cgcreate" \ - --replace "cgexec" "${libcgroup}/bin/cgexec" \ - --replace "cgdelete" "${libcgroup}/bin/cgdelete" + # Install the cgroups wrapper for asan-based fuzzing. + cp experimental/asan_cgroups/limit_memory.sh $out/bin/afl-cgroup + chmod +x $out/bin/afl-cgroup + substituteInPlace $out/bin/afl-cgroup \ + --replace "cgcreate" "${libcgroup}/bin/cgcreate" \ + --replace "cgexec" "${libcgroup}/bin/cgexec" \ + --replace "cgdelete" "${libcgroup}/bin/cgdelete" - # Patch shebangs before wrapping - patchShebangs $out/bin + # Patch shebangs before wrapping + patchShebangs $out/bin - # Wrap afl-clang-fast(++) with a *different* AFL_PATH, because it - # has totally different semantics in that case(?) - and also set a - # proper AFL_CC and AFL_CXX so we don't pick up the wrong one out - # of $PATH. - for x in $out/bin/afl-clang-fast $out/bin/afl-clang-fast++; do - wrapProgram $x \ - --prefix AFL_PATH : "$out/lib/afl" \ - --run 'export AFL_CC=''${AFL_CC:-${clang}/bin/clang} AFL_CXX=''${AFL_CXX:-${clang}/bin/clang++}' - done - ''; + # Wrap afl-clang-fast(++) with a *different* AFL_PATH, because it + # has totally different semantics in that case(?) - and also set a + # proper AFL_CC and AFL_CXX so we don't pick up the wrong one out + # of $PATH. + for x in $out/bin/afl-clang-fast $out/bin/afl-clang-fast++; do + wrapProgram $x \ + --prefix AFL_PATH : "$out/lib/afl" \ + --run 'export AFL_CC=''${AFL_CC:-${clang}/bin/clang} AFL_CXX=''${AFL_CXX:-${clang}/bin/clang++}' + done + ''; - passthru = { - qemu = afl-qemu; - }; + passthru.qemu = afl-qemu; - meta = { - description = "Powerful fuzzer via genetic algorithms and instrumentation"; - longDescription = '' - American fuzzy lop is a fuzzer that employs a novel type of - compile-time instrumentation and genetic algorithms to - automatically discover clean, interesting test cases that - trigger new internal states in the targeted binary. This - substantially improves the functional coverage for the fuzzed - code. The compact synthesized corpora produced by the tool are - also useful for seeding other, more labor or resource-intensive - testing regimes down the road. - ''; - homepage = "http://lcamtuf.coredump.cx/afl/"; - license = stdenv.lib.licenses.asl20; - platforms = ["x86_64-linux" "i686-linux"]; - maintainers = [ stdenv.lib.maintainers.thoughtpolice ]; + meta = { + description = "Powerful fuzzer via genetic algorithms and instrumentation"; + longDescription = '' + American fuzzy lop is a fuzzer that employs a novel type of + compile-time instrumentation and genetic algorithms to + automatically discover clean, interesting test cases that + trigger new internal states in the targeted binary. This + substantially improves the functional coverage for the fuzzed + code. The compact synthesized corpora produced by the tool are + also useful for seeding other, more labor or resource-intensive + testing regimes down the road. + ''; + homepage = "http://lcamtuf.coredump.cx/afl/"; + license = stdenv.lib.licenses.asl20; + platforms = ["x86_64-linux" "i686-linux"]; + maintainers = [ stdenv.lib.maintainers.thoughtpolice ]; + }; }; -} +in afl diff --git a/pkgs/tools/security/afl/qemu-patches/afl-config.h b/pkgs/tools/security/afl/qemu-patches/afl-config.h deleted file mode 100644 index cbf48881ade2..000000000000 --- a/pkgs/tools/security/afl/qemu-patches/afl-config.h +++ /dev/null @@ -1,335 +0,0 @@ -/* - american fuzzy lop - vaguely configurable bits - ---------------------------------------------- - - Written and maintained by Michal Zalewski <lcamtuf@google.com> - - Copyright 2013, 2014, 2015 Google Inc. All rights reserved. - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at: - - http://www.apache.org/licenses/LICENSE-2.0 - - */ - -#ifndef _HAVE_CONFIG_H -#define _HAVE_CONFIG_H - -#include "afl-types.h" - -/****************************************************** - * * - * Settings that may be of interest to power users: * - * * - ******************************************************/ - -/* Comment out to disable terminal colors: */ - -#define USE_COLOR - -/* Comment out to disable fancy ANSI boxes and use poor man's 7-bit UI: */ - -#define FANCY_BOXES - -/* Default timeout for fuzzed code (milliseconds): */ - -#define EXEC_TIMEOUT 1000 - -/* Timeout rounding factor when auto-scaling (milliseconds): */ - -#define EXEC_TM_ROUND 20 - -/* Default memory limit for child process (MB): */ - -#ifndef __x86_64__ -# define MEM_LIMIT 25 -#else -# define MEM_LIMIT 50 -#endif /* ^!__x86_64__ */ - -/* Default memory limit when running in QEMU mode (MB): */ - -#define MEM_LIMIT_QEMU 200 - -/* Number of calibration cycles per every new test case (and for test - cases that show variable behavior): */ - -#define CAL_CYCLES 10 -#define CAL_CYCLES_LONG 40 - -/* The same, but when AFL_NO_VAR_CHECK is set in the environment: */ - -#define CAL_CYCLES_NO_VAR 4 - -/* Number of subsequent hangs before abandoning an input file: */ - -#define HANG_LIMIT 250 - -/* Maximum number of unique hangs or crashes to record: */ - -#define KEEP_UNIQUE_HANG 500 -#define KEEP_UNIQUE_CRASH 5000 - -/* Baseline number of random tweaks during a single 'havoc' stage: */ - -#define HAVOC_CYCLES 5000 - -/* Maximum multiplier for the above (should be a power of two, beware - of 32-bit int overflows): */ - -#define HAVOC_MAX_MULT 16 - -/* Absolute minimum number of havoc cycles (after all adjustments): */ - -#define HAVOC_MIN 10 - -/* Maximum stacking for havoc-stage tweaks. The actual value is calculated - like this: - - n = random between 1 and HAVOC_STACK_POW2 - stacking = 2^n - - In other words, the default (n = 7) produces 2, 4, 8, 16, 32, 64, or - 128 stacked tweaks: */ - -#define HAVOC_STACK_POW2 7 - -/* Caps on block sizes for cloning and deletion operations. Each of these - ranges has a 33% probability of getting picked, except for the first - two cycles where smaller blocks are favored: */ - -#define HAVOC_BLK_SMALL 32 -#define HAVOC_BLK_MEDIUM 128 -#define HAVOC_BLK_LARGE 1500 - -/* Probabilities of skipping non-favored entries in the queue, expressed as - percentages: */ - -#define SKIP_TO_NEW_PROB 99 /* ...when there are new, pending favorites */ -#define SKIP_NFAV_OLD_PROB 95 /* ...no new favs, cur entry already fuzzed */ -#define SKIP_NFAV_NEW_PROB 75 /* ...no new favs, cur entry not fuzzed yet */ - -/* Splicing cycle count: */ - -#define SPLICE_CYCLES 20 - -/* Nominal per-splice havoc cycle length: */ - -#define SPLICE_HAVOC 500 - -/* Maximum offset for integer addition / subtraction stages: */ - -#define ARITH_MAX 35 - -/* Limits for the test case trimmer. The absolute minimum chunk size; and - the starting and ending divisors for chopping up the input file: */ - -#define TRIM_MIN_BYTES 4 -#define TRIM_START_STEPS 16 -#define TRIM_END_STEPS 1024 - -/* Maximum size of input file, in bytes (keep under 100MB): */ - -#define MAX_FILE (1 * 1024 * 1024) - -/* The same, for the test case minimizer: */ - -#define TMIN_MAX_FILE (10 * 1024 * 1024) - -/* Block normalization steps for afl-tmin: */ - -#define TMIN_SET_MIN_SIZE 4 -#define TMIN_SET_STEPS 128 - -/* Maximum dictionary token size (-x), in bytes: */ - -#define MAX_DICT_FILE 128 - -/* Length limits for auto-detected dictionary tokens: */ - -#define MIN_AUTO_EXTRA 3 -#define MAX_AUTO_EXTRA 32 - -/* Maximum number of user-specified dictionary tokens to use in deterministic - steps; past this point, the "extras/user" step will be still carried out, - but with proportionally lower odds: */ - -#define MAX_DET_EXTRAS 200 - -/* Maximum number of auto-extracted dictionary tokens to actually use in fuzzing - (first value), and to keep in memory as candidates. The latter should be much - higher than the former. */ - -#define USE_AUTO_EXTRAS 50 -#define MAX_AUTO_EXTRAS (USE_AUTO_EXTRAS * 10) - -/* Scaling factor for the effector map used to skip some of the more - expensive deterministic steps. The actual divisor is set to - 2^EFF_MAP_SCALE2 bytes: */ - -#define EFF_MAP_SCALE2 3 - -/* Minimum input file length at which the effector logic kicks in: */ - -#define EFF_MIN_LEN 128 - -/* Maximum effector density past which everything is just fuzzed - unconditionally (%): */ - -#define EFF_MAX_PERC 90 - -/* UI refresh frequency (Hz): */ - -#define UI_TARGET_HZ 5 - -/* Fuzzer stats file and plot update intervals (sec): */ - -#define STATS_UPDATE_SEC 60 -#define PLOT_UPDATE_SEC 5 - -/* Smoothing divisor for CPU load and exec speed stats (1 - no smoothing). */ - -#define AVG_SMOOTHING 16 - -/* Sync interval (every n havoc cycles): */ - -#define SYNC_INTERVAL 5 - -/* Output directory reuse grace period (minutes): */ - -#define OUTPUT_GRACE 25 - -/* Uncomment to use simple file names (id_NNNNNN): */ - -// #define SIMPLE_FILES - -/* List of interesting values to use in fuzzing. */ - -#define INTERESTING_8 \ - -128, /* Overflow signed 8-bit when decremented */ \ - -1, /* */ \ - 0, /* */ \ - 1, /* */ \ - 16, /* One-off with common buffer size */ \ - 32, /* One-off with common buffer size */ \ - 64, /* One-off with common buffer size */ \ - 100, /* One-off with common buffer size */ \ - 127 /* Overflow signed 8-bit when incremented */ - -#define INTERESTING_16 \ - -32768, /* Overflow signed 16-bit when decremented */ \ - -129, /* Overflow signed 8-bit */ \ - 128, /* Overflow signed 8-bit */ \ - 255, /* Overflow unsig 8-bit when incremented */ \ - 256, /* Overflow unsig 8-bit */ \ - 512, /* One-off with common buffer size */ \ - 1000, /* One-off with common buffer size */ \ - 1024, /* One-off with common buffer size */ \ - 4096, /* One-off with common buffer size */ \ - 32767 /* Overflow signed 16-bit when incremented */ - -#define INTERESTING_32 \ - -2147483648LL, /* Overflow signed 32-bit when decremented */ \ - -100663046, /* Large negative number (endian-agnostic) */ \ - -32769, /* Overflow signed 16-bit */ \ - 32768, /* Overflow signed 16-bit */ \ - 65535, /* Overflow unsig 16-bit when incremented */ \ - 65536, /* Overflow unsig 16 bit */ \ - 100663045, /* Large positive number (endian-agnostic) */ \ - 2147483647 /* Overflow signed 32-bit when incremented */ - -/*********************************************************** - * * - * Really exotic stuff you probably don't want to touch: * - * * - ***********************************************************/ - -/* Call count interval between reseeding the libc PRNG from /dev/urandom: */ - -#define RESEED_RNG 10000 - -/* Maximum line length passed from GCC to 'as' and used for parsing - configuration files: */ - -#define MAX_LINE 8192 - -/* Environment variable used to pass SHM ID to the called program. */ - -#define SHM_ENV_VAR "__AFL_SHM_ID" - -/* Other less interesting, internal-only variables. */ - -#define CLANG_ENV_VAR "__AFL_CLANG_MODE" -#define AS_LOOP_ENV_VAR "__AFL_AS_LOOPCHECK" - -/* Distinctive bitmap signature used to indicate failed execution: */ - -#define EXEC_FAIL_SIG 0xfee1dead - -/* Distinctive exit code used to indicate MSAN trip condition: */ - -#define MSAN_ERROR 86 - -/* Designated file descriptors for forkserver commands (the application will - use FORKSRV_FD and FORKSRV_FD + 1): */ - -#define FORKSRV_FD 198 - -/* Fork server init timeout multiplier: we'll wait the user-selected - timeout plus this much for the fork server to spin up. */ - -#define FORK_WAIT_MULT 10 - -/* Calibration timeout adjustments, to be a bit more generous when resuming - fuzzing sessions or trying to calibrate already-added internal finds. - The first value is a percentage, the other is in milliseconds: */ - -#define CAL_TMOUT_PERC 125 -#define CAL_TMOUT_ADD 50 - -/* Number of chances to calibrate a case before giving up: */ - -#define CAL_CHANCES 3 - -/* Map size for the traced binary (2^MAP_SIZE_POW2). Must be greater than - 2; you probably want to keep it under 18 or so for performance reasons - (adjusting AFL_INST_RATIO when compiling is probably a better way to solve - problems with complex programs). You need to recompile the target binary - after changing this - otherwise, SEGVs may ensue. */ - -#define MAP_SIZE_POW2 16 -#define MAP_SIZE (1 << MAP_SIZE_POW2) - -/* Maximum allocator request size (keep well under INT_MAX): */ - -#define MAX_ALLOC 0x40000000 - -/* A made-up hashing seed: */ - -#define HASH_CONST 0xa5b35705 - -/* Constants for afl-gotcpu to control busy loop timing: */ - -#define CTEST_TARGET_MS 5000 -#define CTEST_BUSY_CYCLES (10 * 1000 * 1000) - -/* Uncomment this to use inferior block-coverage-based instrumentation. Note - that you need to recompile the target binary for this to have any effect: */ - -// #define COVERAGE_ONLY - -/* Uncomment this to ignore hit counts and output just one bit per tuple. - As with the previous setting, you will need to recompile the target - binary: */ - -// #define SKIP_COUNTS - -/* Uncomment this to use instrumentation data to record newly discovered paths, - but do not use them as seeds for fuzzing. This is useful for conveniently - measuring coverage that could be attained by a "dumb" fuzzing algorithm: */ - -// #define IGNORE_FINDS - -#endif /* ! _HAVE_CONFIG_H */ diff --git a/pkgs/tools/security/afl/qemu-patches/afl-qemu-cpu-inl.h b/pkgs/tools/security/afl/qemu-patches/afl-qemu-cpu-inl.h deleted file mode 100644 index e4a470b55230..000000000000 --- a/pkgs/tools/security/afl/qemu-patches/afl-qemu-cpu-inl.h +++ /dev/null @@ -1,296 +0,0 @@ -/* - american fuzzy lop - high-performance binary-only instrumentation - ----------------------------------------------------------------- - - Written by Andrew Griffiths <agriffiths@google.com> and - Michal Zalewski <lcamtuf@google.com> - - Idea & design very much by Andrew Griffiths. - - Copyright 2015 Google Inc. All rights reserved. - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at: - - http://www.apache.org/licenses/LICENSE-2.0 - - This code is a shim patched into the separately-distributed source - code of QEMU 2.2.0. It leverages the built-in QEMU tracing functionality - to implement AFL-style instrumentation and to take care of the remaining - parts of the AFL fork server logic. - - The resulting QEMU binary is essentially a standalone instrumentation - tool; for an example of how to leverage it for other purposes, you can - have a look at afl-showmap.c. - - */ - -#include <sys/shm.h> -#include "afl-config.h" - -/*************************** - * VARIOUS AUXILIARY STUFF * - ***************************/ - -/* A snippet patched into tb_find_slow to inform the parent process that - we have hit a new block that hasn't been translated yet, and to tell - it to translate within its own context, too (this avoids translation - overhead in the next forked-off copy). */ - -#define AFL_QEMU_CPU_SNIPPET1 do { \ - afl_request_tsl(pc, cs_base, flags); \ - } while (0) - -/* This snippet kicks in when the instruction pointer is positioned at - _start and does the usual forkserver stuff, not very different from - regular instrumentation injected via afl-as.h. */ - -#define AFL_QEMU_CPU_SNIPPET2 do { \ - if(tb->pc == afl_entry_point) { \ - afl_setup(); \ - afl_forkserver(env); \ - } \ - afl_maybe_log(tb->pc); \ - } while (0) - -/* We use one additional file descriptor to relay "needs translation" - messages between the child and the fork server. */ - -#define TSL_FD (FORKSRV_FD - 1) - -/* This is equivalent to afl-as.h: */ - -static unsigned char *afl_area_ptr; - -/* Exported variables populated by the code patched into elfload.c: */ - -abi_ulong afl_entry_point, /* ELF entry point (_start) */ - afl_start_code, /* .text start pointer */ - afl_end_code; /* .text end pointer */ - -/* Set in the child process in forkserver mode: */ - -static unsigned char afl_fork_child; -unsigned int afl_forksrv_pid; - -/* Instrumentation ratio: */ - -static unsigned int afl_inst_rms = MAP_SIZE; - -/* Function declarations. */ - -static void afl_setup(void); -static void afl_forkserver(CPUArchState*); -static inline void afl_maybe_log(abi_ulong); - -static void afl_wait_tsl(CPUArchState*, int); -static void afl_request_tsl(target_ulong, target_ulong, uint64_t); - -static TranslationBlock *tb_find_slow(CPUArchState*, target_ulong, - target_ulong, uint64_t); - - -/* Data structure passed around by the translate handlers: */ - -struct afl_tsl { - target_ulong pc; - target_ulong cs_base; - uint64_t flags; -}; - - -/************************* - * ACTUAL IMPLEMENTATION * - *************************/ - - -/* Set up SHM region and initialize other stuff. */ - -static void afl_setup(void) { - - char *id_str = getenv(SHM_ENV_VAR), - *inst_r = getenv("AFL_INST_RATIO"); - - int shm_id; - - if (inst_r) { - - unsigned int r; - - r = atoi(inst_r); - - if (r > 100) r = 100; - if (!r) r = 1; - - afl_inst_rms = MAP_SIZE * r / 100; - - } - - if (id_str) { - - shm_id = atoi(id_str); - afl_area_ptr = shmat(shm_id, NULL, 0); - - if (afl_area_ptr == (void*)-1) exit(1); - - /* With AFL_INST_RATIO set to a low value, we want to touch the bitmap - so that the parent doesn't give up on us. */ - - if (inst_r) afl_area_ptr[0] = 1; - - - } - - if (getenv("AFL_INST_LIBS")) { - - afl_start_code = 0; - afl_end_code = (abi_ulong)-1; - - } - -} - - -/* Fork server logic, invoked once we hit _start. */ - -static void afl_forkserver(CPUArchState *env) { - - static unsigned char tmp[4]; - - if (!afl_area_ptr) return; - - /* Tell the parent that we're alive. If the parent doesn't want - to talk, assume that we're not running in forkserver mode. */ - - if (write(FORKSRV_FD + 1, tmp, 4) != 4) return; - - afl_forksrv_pid = getpid(); - - /* All right, let's await orders... */ - - while (1) { - - pid_t child_pid; - int status, t_fd[2]; - - /* Whoops, parent dead? */ - - if (read(FORKSRV_FD, tmp, 4) != 4) exit(2); - - /* Establish a channel with child to grab translation commands. We'll - read from t_fd[0], child will write to TSL_FD. */ - - if (pipe(t_fd) || dup2(t_fd[1], TSL_FD) < 0) exit(3); - close(t_fd[1]); - - child_pid = fork(); - if (child_pid < 0) exit(4); - - if (!child_pid) { - - /* Child process. Close descriptors and run free. */ - - afl_fork_child = 1; - close(FORKSRV_FD); - close(FORKSRV_FD + 1); - close(t_fd[0]); - return; - - } - - /* Parent. */ - - close(TSL_FD); - - if (write(FORKSRV_FD + 1, &child_pid, 4) != 4) exit(5); - - /* Collect translation requests until child dies and closes the pipe. */ - - afl_wait_tsl(env, t_fd[0]); - - /* Get and relay exit status to parent. */ - - if (waitpid(child_pid, &status, WUNTRACED) < 0) exit(6); - if (write(FORKSRV_FD + 1, &status, 4) != 4) exit(7); - - } - -} - - -/* The equivalent of the tuple logging routine from afl-as.h. */ - -static inline void afl_maybe_log(abi_ulong cur_loc) { - - static abi_ulong prev_loc; - - /* Optimize for cur_loc > afl_end_code, which is the most likely case on - Linux systems. */ - - if (cur_loc > afl_end_code || cur_loc < afl_start_code || !afl_area_ptr) - return; - - /* Looks like QEMU always maps to fixed locations, so we can skip this: - cur_loc -= afl_start_code; */ - - /* Instruction addresses may be aligned. Let's mangle the value to get - something quasi-uniform. */ - - cur_loc = (cur_loc >> 4) ^ (cur_loc << 8); - cur_loc &= MAP_SIZE - 1; - - /* Implement probabilistic instrumentation by looking at scrambled block - address. This keeps the instrumented locations stable across runs. */ - - if (cur_loc >= afl_inst_rms) return; - - afl_area_ptr[cur_loc ^ prev_loc]++; - prev_loc = cur_loc >> 1; - -} - - -/* This code is invoked whenever QEMU decides that it doesn't have a - translation of a particular block and needs to compute it. When this happens, - we tell the parent to mirror the operation, so that the next fork() has a - cached copy. */ - -static void afl_request_tsl(target_ulong pc, target_ulong cb, uint64_t flags) { - - struct afl_tsl t; - - if (!afl_fork_child) return; - - t.pc = pc; - t.cs_base = cb; - t.flags = flags; - - if (write(TSL_FD, &t, sizeof(struct afl_tsl)) != sizeof(struct afl_tsl)) - return; - -} - - -/* This is the other side of the same channel. Since timeouts are handled by - afl-fuzz simply killing the child, we can just wait until the pipe breaks. */ - -static void afl_wait_tsl(CPUArchState *env, int fd) { - - struct afl_tsl t; - - while (1) { - - /* Broken pipe means it's time to return to the fork server routine. */ - - if (read(fd, &t, sizeof(struct afl_tsl)) != sizeof(struct afl_tsl)) - break; - - tb_find_slow(env, t.pc, t.cs_base, t.flags); - - } - - close(fd); - -} - diff --git a/pkgs/tools/security/afl/qemu-patches/afl-types.h b/pkgs/tools/security/afl/qemu-patches/afl-types.h deleted file mode 100644 index 58d6be51e2d0..000000000000 --- a/pkgs/tools/security/afl/qemu-patches/afl-types.h +++ /dev/null @@ -1,79 +0,0 @@ -/* - american fuzzy lop - type definitions and minor macros - ------------------------------------------------------ - - Written and maintained by Michal Zalewski <lcamtuf@google.com> - - Copyright 2013, 2014, 2015 Google Inc. All rights reserved. - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at: - - http://www.apache.org/licenses/LICENSE-2.0 - - */ - -#ifndef _HAVE_TYPES_H -#define _HAVE_TYPES_H - -#include <stdint.h> -#include <stdlib.h> - -typedef uint8_t u8; -typedef uint16_t u16; -typedef uint32_t u32; - -/* - - Ugh. There is an unintended compiler / glibc #include glitch caused by - combining the u64 type an %llu in format strings, necessitating a workaround. - - In essence, the compiler is always looking for 'unsigned long long' for %llu. - On 32-bit systems, the u64 type (aliased to uint64_t) is expanded to - 'unsigned long long' in <bits/types.h>, so everything checks out. - - But on 64-bit systems, it is #ifdef'ed in the same file as 'unsigned long'. - Now, it only happens in circumstances where the type happens to have the - expected bit width, *but* the compiler does not know that... and complains - about 'unsigned long' being unsafe to pass to %llu. - - */ - -#ifdef __x86_64__ -typedef unsigned long long u64; -#else -typedef uint64_t u64; -#endif /* ^sizeof(...) */ - -typedef int8_t s8; -typedef int16_t s16; -typedef int32_t s32; -typedef int64_t s64; - -#ifndef MIN -# define MIN(_a,_b) ((_a) > (_b) ? (_b) : (_a)) -# define MAX(_a,_b) ((_a) > (_b) ? (_a) : (_b)) -#endif /* !MIN */ - -#define SWAP16(_x) ({ \ - u16 _ret = (_x); \ - (u16)((_ret << 8) | (_ret >> 8)); \ - }) - -#define SWAP32(_x) ({ \ - u32 _ret = (_x); \ - (u32)((_ret << 24) | (_ret >> 24) | \ - ((_ret << 8) & 0x00FF0000) | \ - ((_ret >> 8) & 0x0000FF00)); \ - }) - -#define R(x) (random() % (x)) - -#define STRINGIFY_INTERNAL(x) #x -#define STRINGIFY(x) STRINGIFY_INTERNAL(x) - -#define MEM_BARRIER() \ - asm volatile("" ::: "memory") - -#endif /* ! _HAVE_TYPES_H */ diff --git a/pkgs/tools/security/afl/qemu-patches/cpu-exec.patch b/pkgs/tools/security/afl/qemu-patches/cpu-exec.patch deleted file mode 100644 index 75a7ea450eff..000000000000 --- a/pkgs/tools/security/afl/qemu-patches/cpu-exec.patch +++ /dev/null @@ -1,33 +0,0 @@ ---- qemu-2.3.0/cpu-exec.c.orig 2014-12-09 14:45:40.000000000 +0000 -+++ qemu-2.3.0/cpu-exec.c 2015-02-20 22:07:02.966000000 +0000 -@@ -28,6 +28,8 @@ - #include "exec/memory-internal.h" - #include "qemu/rcu.h" - -+#include "afl-qemu-cpu-inl.h" -+ - /* -icount align implementation. */ - - typedef struct SyncClocks { -@@ -296,8 +298,11 @@ - } - not_found: - /* if no translated code available, then translate it now */ -+ - tb = tb_gen_code(cpu, pc, cs_base, flags, 0); - -+ AFL_QEMU_CPU_SNIPPET1; -+ - found: - /* Move the last found TB to the head of the list */ - if (likely(*ptb1)) { -@@ -492,6 +497,9 @@ - next_tb = 0; - tcg_ctx.tb_ctx.tb_invalidated_flag = 0; - } -+ -+ AFL_QEMU_CPU_SNIPPET2; -+ - if (qemu_loglevel_mask(CPU_LOG_EXEC)) { - qemu_log("Trace %p [" TARGET_FMT_lx "] %s\n", - tb->tc_ptr, tb->pc, lookup_symbol(tb->pc)); diff --git a/pkgs/tools/security/afl/qemu-patches/elfload.patch b/pkgs/tools/security/afl/qemu-patches/elfload.patch deleted file mode 100644 index 325c917d15a3..000000000000 --- a/pkgs/tools/security/afl/qemu-patches/elfload.patch +++ /dev/null @@ -1,32 +0,0 @@ ---- qemu-2.3.0/linux-user/elfload.c.orig 2014-12-09 14:45:42.000000000 +0000 -+++ qemu-2.3.0/linux-user/elfload.c 2015-01-28 02:51:23.719000000 +0000 -@@ -28,6 +28,8 @@ - - #define ELF_OSABI ELFOSABI_SYSV - -+extern abi_ulong afl_entry_point, afl_start_code, afl_end_code; -+ - /* from personality.h */ - - /* -@@ -1889,6 +1891,8 @@ - info->brk = 0; - info->elf_flags = ehdr->e_flags; - -+ if (!afl_entry_point) afl_entry_point = info->entry; -+ - for (i = 0; i < ehdr->e_phnum; i++) { - struct elf_phdr *eppnt = phdr + i; - if (eppnt->p_type == PT_LOAD) { -@@ -1922,9 +1926,11 @@ - if (elf_prot & PROT_EXEC) { - if (vaddr < info->start_code) { - info->start_code = vaddr; -+ if (!afl_start_code) afl_start_code = vaddr; - } - if (vaddr_ef > info->end_code) { - info->end_code = vaddr_ef; -+ if (!afl_end_code) afl_end_code = vaddr_ef; - } - } - if (elf_prot & PROT_WRITE) { diff --git a/pkgs/tools/security/afl/qemu-patches/no-etc-install.patch b/pkgs/tools/security/afl/qemu-patches/no-etc-install.patch index 81d29feea3de..5dfbfd780f1c 100644 --- a/pkgs/tools/security/afl/qemu-patches/no-etc-install.patch +++ b/pkgs/tools/security/afl/qemu-patches/no-etc-install.patch @@ -2,13 +2,12 @@ diff --git a/Makefile b/Makefile index d6b9dc1..ce7c493 100644 --- a/Makefile +++ b/Makefile -@@ -384,8 +384,7 @@ install-confdir: - install-sysconfig: install-datadir install-confdir - $(INSTALL_DATA) $(SRC_PATH)/sysconfigs/target/target-x86_64.conf "$(DESTDIR)$(qemu_confdir)" +@@ -601,7 +601,7 @@ install-localstatedir: + endif + --install: all $(if $(BUILD_DOCS),install-doc) install-sysconfig \ --install-datadir install-localstatedir +-install: all $(if $(BUILD_DOCS),install-doc) install-datadir install-localstatedir +install: all $(if $(BUILD_DOCS),install-doc) install-datadir ifneq ($(TOOLS),) - $(call install-prog,$(TOOLS),$(DESTDIR)$(bindir)) + $(call install-prog,$(subst qemu-ga,qemu-ga$(EXESUF),$(TOOLS)),$(DESTDIR)$(bindir)) endif diff --git a/pkgs/tools/security/afl/qemu-patches/qemu-2.10.0-glibc-2.27.patch b/pkgs/tools/security/afl/qemu-patches/qemu-2.10.0-glibc-2.27.patch new file mode 100644 index 000000000000..6cc663dc1fb9 --- /dev/null +++ b/pkgs/tools/security/afl/qemu-patches/qemu-2.10.0-glibc-2.27.patch @@ -0,0 +1,28 @@ +A modified version of qemu commit 75e5b70e6b5dcc4f2219992d7cffa462aa406af0 +diff --git a/configure b/configure +index 9c8aa5a..99ccc17 100755 +--- a/configure ++++ b/configure +@@ -3855,7 +3855,7 @@ fi + # check if memfd is supported + memfd=no + cat > $TMPC << EOF +-#include <sys/memfd.h> ++#include <sys/mman.h> + + int main(void) + { +diff --git a/util/memfd.c b/util/memfd.c +index 4571d1a..412e94a 100644 +--- a/util/memfd.c ++++ b/util/memfd.c +@@ -31,9 +31,7 @@ + + #include "qemu/memfd.h" + +-#ifdef CONFIG_MEMFD +-#include <sys/memfd.h> +-#elif defined CONFIG_LINUX ++#if defined CONFIG_LINUX && !defined CONFIG_MEMFD + #include <sys/syscall.h> + #include <asm/unistd.h> diff --git a/pkgs/tools/security/afl/qemu-patches/qemu-2.3.0-glibc-2.26.patch b/pkgs/tools/security/afl/qemu-patches/qemu-2.3.0-glibc-2.26.patch deleted file mode 100644 index 1c447c4051e8..000000000000 --- a/pkgs/tools/security/afl/qemu-patches/qemu-2.3.0-glibc-2.26.patch +++ /dev/null @@ -1,121 +0,0 @@ -diff --git a/user-exec.c b/user-exec.c -index 8f57e8a..957f9f7 100644 ---- a/user-exec.c -+++ b/user-exec.c -@@ -57,7 +57,7 @@ static void exception_action(CPUState *cpu) - void cpu_resume_from_signal(CPUState *cpu, void *puc) - { - #ifdef __linux__ -- struct ucontext *uc = puc; -+ ucontext_t *uc = puc; - #elif defined(__OpenBSD__) - struct sigcontext *uc = puc; - #endif -@@ -171,7 +171,7 @@ int cpu_signal_handler(int host_signum, void *pinfo, - #elif defined(__OpenBSD__) - struct sigcontext *uc = puc; - #else -- struct ucontext *uc = puc; -+ ucontext_t *uc = puc; - #endif - unsigned long pc; - int trapno; -@@ -226,7 +226,7 @@ int cpu_signal_handler(int host_signum, void *pinfo, - #elif defined(__OpenBSD__) - struct sigcontext *uc = puc; - #else -- struct ucontext *uc = puc; -+ ucontext_t *uc = puc; - #endif - - pc = PC_sig(uc); -@@ -288,7 +288,7 @@ int cpu_signal_handler(int host_signum, void *pinfo, - - #ifdef __APPLE__ - #include <sys/ucontext.h> --typedef struct ucontext SIGCONTEXT; -+typedef ucontext_t SIGCONTEXT; - /* All Registers access - only for local access */ - #define REG_sig(reg_name, context) \ - ((context)->uc_mcontext->ss.reg_name) -@@ -331,7 +331,7 @@ int cpu_signal_handler(int host_signum, void *pinfo, - #if defined(__FreeBSD__) || defined(__FreeBSD_kernel__) - ucontext_t *uc = puc; - #else -- struct ucontext *uc = puc; -+ ucontext_t *uc = puc; - #endif - unsigned long pc; - int is_write; -@@ -358,7 +358,7 @@ int cpu_signal_handler(int host_signum, void *pinfo, - void *puc) - { - siginfo_t *info = pinfo; -- struct ucontext *uc = puc; -+ ucontext_t *uc = puc; - uint32_t *pc = uc->uc_mcontext.sc_pc; - uint32_t insn = *pc; - int is_write = 0; -@@ -456,7 +456,7 @@ int cpu_signal_handler(int host_signum, void *pinfo, - #if defined(__NetBSD__) - ucontext_t *uc = puc; - #else -- struct ucontext *uc = puc; -+ ucontext_t *uc = puc; - #endif - unsigned long pc; - int is_write; -@@ -483,7 +483,7 @@ int cpu_signal_handler(int host_signum, void *pinfo, - int cpu_signal_handler(int host_signum, void *pinfo, void *puc) - { - siginfo_t *info = pinfo; -- struct ucontext *uc = puc; -+ ucontext_t *uc = puc; - uintptr_t pc = uc->uc_mcontext.pc; - uint32_t insn = *(uint32_t *)pc; - bool is_write; -@@ -512,7 +512,7 @@ int cpu_signal_handler(int host_signum, void *pinfo, - void *puc) - { - siginfo_t *info = pinfo; -- struct ucontext *uc = puc; -+ ucontext_t *uc = puc; - unsigned long pc; - int is_write; - -@@ -534,7 +534,7 @@ int cpu_signal_handler(int host_signum, void *pinfo, - int cpu_signal_handler(int host_signum, void *pinfo, void *puc) - { - siginfo_t *info = pinfo; -- struct ucontext *uc = puc; -+ ucontext_t *uc = puc; - unsigned long ip; - int is_write = 0; - -@@ -565,7 +565,7 @@ int cpu_signal_handler(int host_signum, void *pinfo, - void *puc) - { - siginfo_t *info = pinfo; -- struct ucontext *uc = puc; -+ ucontext_t *uc = puc; - unsigned long pc; - uint16_t *pinsn; - int is_write = 0; -@@ -618,7 +618,7 @@ int cpu_signal_handler(int host_signum, void *pinfo, - void *puc) - { - siginfo_t *info = pinfo; -- struct ucontext *uc = puc; -+ ucontext_t *uc = puc; - greg_t pc = uc->uc_mcontext.pc; - int is_write; - -@@ -634,7 +634,7 @@ int cpu_signal_handler(int host_signum, void *pinfo, - void *puc) - { - siginfo_t *info = pinfo; -- struct ucontext *uc = puc; -+ ucontext_t *uc = puc; - unsigned long pc = uc->uc_mcontext.sc_iaoq[0]; - uint32_t insn = *(uint32_t *)pc; - int is_write = 0; diff --git a/pkgs/tools/security/afl/qemu-patches/syscall.patch b/pkgs/tools/security/afl/qemu-patches/syscall.patch deleted file mode 100644 index 75d39386164e..000000000000 --- a/pkgs/tools/security/afl/qemu-patches/syscall.patch +++ /dev/null @@ -1,25 +0,0 @@ ---- qemu-2.3.0/linux-user/syscall.c.orig 2014-12-09 14:45:43.000000000 +0000 -+++ qemu-2.3.0/linux-user/syscall.c 2015-03-27 06:33:00.736000000 +0000 -@@ -227,7 +227,21 @@ - _syscall3(int,sys_rt_sigqueueinfo,int,pid,int,sig,siginfo_t *,uinfo) - _syscall3(int,sys_syslog,int,type,char*,bufp,int,len) - #if defined(TARGET_NR_tgkill) && defined(__NR_tgkill) --_syscall3(int,sys_tgkill,int,tgid,int,pid,int,sig) -+ -+extern unsigned int afl_forksrv_pid; -+ -+static int sys_tgkill(int tgid, int pid, int sig) { -+ -+ /* Workaround for -lpthread to make abort() work properly, without -+ killing the forkserver due to a prematurely cached PID. */ -+ -+ if (afl_forksrv_pid && afl_forksrv_pid == pid && sig == SIGABRT) -+ pid = tgid = getpid(); -+ -+ return syscall(__NR_sys_tgkill, pid, tgid, sig); -+ -+} -+ - #endif - #if defined(TARGET_NR_tkill) && defined(__NR_tkill) - _syscall2(int,sys_tkill,int,tid,int,sig) diff --git a/pkgs/tools/security/afl/qemu-patches/translate-all.patch b/pkgs/tools/security/afl/qemu-patches/translate-all.patch deleted file mode 100644 index 180b3a55ab25..000000000000 --- a/pkgs/tools/security/afl/qemu-patches/translate-all.patch +++ /dev/null @@ -1,18 +0,0 @@ ---- qemu-2.3.0/translate-all.c.orig 2014-12-09 14:45:46.000000000 +0000 -+++ qemu-2.3.0/translate-all.c 2015-01-28 22:37:42.383000000 +0000 -@@ -393,8 +393,13 @@ - /* We can't use g_malloc because it may recurse into a locked mutex. */ - # define ALLOC(P, SIZE) \ - do { \ -- P = mmap(NULL, SIZE, PROT_READ | PROT_WRITE, \ -- MAP_PRIVATE | MAP_ANONYMOUS, -1, 0); \ -+ void* _tmp = mmap(NULL, SIZE, PROT_READ | PROT_WRITE, \ -+ MAP_PRIVATE | MAP_ANONYMOUS, -1, 0); \ -+ if (_tmp == (void*)-1) { \ -+ qemu_log(">>> Out of memory for stack, bailing out. <<<\n"); \ -+ exit(1); \ -+ } \ -+ (P) = _tmp; \ - } while (0) - #else - # define ALLOC(P, SIZE) \ diff --git a/pkgs/tools/security/afl/qemu.nix b/pkgs/tools/security/afl/qemu.nix index 82de6474e598..a007eb3913db 100644 --- a/pkgs/tools/security/afl/qemu.nix +++ b/pkgs/tools/security/afl/qemu.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchurl, python2, zlib, pkgconfig, glib, ncurses, perl +{ stdenv, fetchurl, afl, python2, zlib, pkgconfig, glib, ncurses, perl , attr, libcap, vde2, texinfo, libuuid, flex, bison, lzo, snappy , libaio, libcap_ng, gnutls, pixman, autoconf , writeText @@ -7,59 +7,65 @@ with stdenv.lib; let - n = "qemu-2.3.0"; - - aflHeaderFile = writeText "afl-qemu-cpu-inl.h" - (builtins.readFile ./qemu-patches/afl-qemu-cpu-inl.h); - aflConfigFile = writeText "afl-config.h" - (builtins.readFile ./qemu-patches/afl-config.h); - aflTypesFile = writeText "afl-types.h" - (builtins.readFile ./qemu-patches/afl-types.h); - + qemuName = "qemu-2.10.0"; + aflName = afl.name; cpuTarget = if stdenv.hostPlatform.system == "x86_64-linux" then "x86_64-linux-user" else if stdenv.hostPlatform.system == "i686-linux" then "i386-linux-user" else throw "afl: no support for ${stdenv.hostPlatform.system}!"; in stdenv.mkDerivation rec { - name = "afl-${n}"; + name = "afl-${qemuName}"; - src = fetchurl { - url = "http://wiki.qemu.org/download/${n}.tar.bz2"; - sha256 = "120m53c3p28qxmfzllicjzr8syjv6v4d9rsyrgkp7gnmcgvvgfmn"; - }; + srcs = [ + (fetchurl { + url = "http://wiki.qemu.org/download/${qemuName}.tar.bz2"; + sha256 = "0j3dfxzrzdp1w21k21fjvmakzc6lcha1rsclaicwqvbf63hkk7vy"; + }) + afl.src + ]; - buildInputs = - [ python2 zlib pkgconfig glib pixman ncurses perl attr libcap - vde2 texinfo libuuid flex bison lzo snappy autoconf - libcap_ng gnutls - ] - ++ optionals (hasSuffix "linux" stdenv.hostPlatform.system) [ libaio ]; + sourceRoot = qemuName; - enableParallelBuilding = true; + postUnpack = '' + cp ${aflName}/types.h $sourceRoot/afl-types.h + substitute ${aflName}/config.h $sourceRoot/afl-config.h \ + --replace "types.h" "afl-types.h" + substitute ${aflName}/qemu_mode/patches/afl-qemu-cpu-inl.h $sourceRoot/afl-qemu-cpu-inl.h \ + --replace "../../config.h" "afl-config.h" + substituteInPlace ${aflName}/qemu_mode/patches/cpu-exec.diff \ + --replace "../patches/afl-qemu-cpu-inl.h" "afl-qemu-cpu-inl.h" + ''; - patches = - [ ./qemu-patches/elfload.patch - ./qemu-patches/cpu-exec.patch - ./qemu-patches/no-etc-install.patch - ./qemu-patches/translate-all.patch - ./qemu-patches/syscall.patch - ./qemu-patches/qemu-2.3.0-glibc-2.26.patch - ]; + nativeBuildInputs = [ + python2 perl pkgconfig flex bison autoconf texinfo + ]; - preConfigure = '' - cp ${aflTypesFile} afl-types.h - cp ${aflConfigFile} afl-config.h - cp ${aflHeaderFile} afl-qemu-cpu-inl.h - ''; + buildInputs = [ + zlib glib pixman ncurses attr libcap + vde2 libuuid lzo snappy libcap_ng gnutls + ] ++ optionals (stdenv.isLinux) [ libaio ]; + + enableParallelBuilding = true; + + patches = [ + # patches extracted from afl source + "../${aflName}/qemu_mode/patches/cpu-exec.diff" + "../${aflName}/qemu_mode/patches/elfload.diff" + "../${aflName}/qemu_mode/patches/syscall.diff" + # nix-specific patches to make installation more well-behaved + ./qemu-patches/no-etc-install.patch + ./qemu-patches/qemu-2.10.0-glibc-2.27.patch + ]; configureFlags = [ "--disable-system" "--enable-linux-user" - "--enable-guest-base" "--disable-gtk" "--disable-sdl" "--disable-vnc" "--target-list=${cpuTarget}" + "--enable-pie" + "--enable-kvm" "--sysconfdir=/etc" "--localstatedir=/var" ]; diff --git a/pkgs/tools/system/bfs/default.nix b/pkgs/tools/system/bfs/default.nix index 3734fefe60a2..3e9210d5b350 100644 --- a/pkgs/tools/system/bfs/default.nix +++ b/pkgs/tools/system/bfs/default.nix @@ -1,23 +1,17 @@ -{ stdenv, fetchFromGitHub, bash }: +{ stdenv, fetchFromGitHub, libcap, acl }: stdenv.mkDerivation rec { name = "bfs-${version}"; - version = "1.2.4"; + version = "1.3.1"; src = fetchFromGitHub { repo = "bfs"; owner = "tavianator"; rev = version; - sha256 = "0nxx2njjp04ik6msfmf07hprw0j88wg04m0q1sf17mhkliw2d78s"; + sha256 = "0gv9hrcsz7miv40v6wmkmb1a58ji5d1dlgwq6gwczd8rzlmhddmc"; }; - postPatch = '' - # Patch tests (both shebangs and usage in scripts) - for f in $(find -type f -name '*.sh'); do - substituteInPlace $f --replace "/bin/bash" "${bash}/bin/bash" - done - ''; - doCheck = true; + buildInputs = stdenv.lib.optionals stdenv.isLinux [ libcap acl ]; makeFlags = [ "PREFIX=$(out)" ]; buildFlags = [ "release" ]; # "release" enables compiler optimizations @@ -30,7 +24,7 @@ stdenv.mkDerivation rec { ''; homepage = https://github.com/tavianator/bfs; license = licenses.bsd0; - platforms = platforms.linux; + platforms = platforms.unix; maintainers = with maintainers; [ yesbox ]; }; } diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 5401ff3c29be..6815da9c3fe5 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -8837,6 +8837,7 @@ in minify = callPackage ../development/web/minify { }; minizinc = callPackage ../development/tools/minizinc { }; + minizincide = qt5.callPackage ../development/tools/minizinc/ide.nix { }; mk = callPackage ../development/tools/build-managers/mk { }; @@ -13475,7 +13476,7 @@ in clamsmtp = callPackage ../servers/mail/clamsmtp { }; clickhouse = callPackage ../servers/clickhouse { - inherit (llvmPackages_6) clang-unwrapped lld llvm; + inherit (llvmPackages_latest) clang-unwrapped lld llvm; }; couchdb = callPackage ../servers/http/couchdb { @@ -20402,7 +20403,9 @@ in angband = callPackage ../games/angband { }; - anki = python3Packages.callPackage ../games/anki { }; + anki = python3Packages.callPackage ../games/anki { + inherit (darwin.apple_sdk.frameworks) CoreAudio; + }; armagetronad = callPackage ../games/armagetronad { }; diff --git a/pkgs/top-level/python-packages.nix b/pkgs/top-level/python-packages.nix index bcf3c03a2d05..453eda0d6118 100644 --- a/pkgs/top-level/python-packages.nix +++ b/pkgs/top-level/python-packages.nix @@ -1732,7 +1732,11 @@ in { gateone = callPackage ../development/python-modules/gateone { }; - gcutil = callPackage ../development/python-modules/gcutil { }; + # TODO: Remove after 19.03 is branched off: + gcutil = throw '' + pythonPackages.gcutil is deprecated and can be replaced with "gcloud + compute" from the package google-cloud-sdk. + ''; GeoIP = callPackage ../development/python-modules/GeoIP { }; @@ -2295,6 +2299,8 @@ in { dtopt = callPackage ../development/python-modules/dtopt { }; + easywatch = callPackage ../development/python-modules/easywatch { }; + ecdsa = callPackage ../development/python-modules/ecdsa { }; effect = callPackage ../development/python-modules/effect {}; @@ -4000,6 +4006,8 @@ in { sqlalchemy_migrate = callPackage ../development/python-modules/sqlalchemy-migrate { }; + staticjinja = callPackage ../development/python-modules/staticjinja { }; + statsmodels = callPackage ../development/python-modules/statsmodels { }; structlog = callPackage ../development/python-modules/structlog { }; |