diff options
Diffstat (limited to 'pkgs/tools')
27 files changed, 97 insertions, 36 deletions
diff --git a/pkgs/tools/X11/xnee/default.nix b/pkgs/tools/X11/xnee/default.nix index 7b7d5d1aeedc..a84f101cdf7b 100644 --- a/pkgs/tools/X11/xnee/default.nix +++ b/pkgs/tools/X11/xnee/default.nix @@ -13,7 +13,7 @@ stdenv.mkDerivation rec { patchPhase = '' for i in `find cnee/test -name \*.sh` do - sed -i "$i" -e's|/bin/bash|/bin/sh|g ; s|/usr/bin/env bash|/bin/sh|g' + sed -i "$i" -e's|/bin/bash|${stdenv.shell}|g ; s|/usr/bin/env bash|${stdenv.shell}|g' done ''; diff --git a/pkgs/tools/archivers/rpmextract/default.nix b/pkgs/tools/archivers/rpmextract/default.nix index 8d4d5fd8dddd..6d5041c52d03 100644 --- a/pkgs/tools/archivers/rpmextract/default.nix +++ b/pkgs/tools/archivers/rpmextract/default.nix @@ -10,6 +10,7 @@ stdenv.mkDerivation rec { script = substituteAll { src = ./rpmextract.sh; inherit rpm cpio; + inherit (stdenv) shell; }; meta = with stdenv.lib; { diff --git a/pkgs/tools/archivers/rpmextract/rpmextract.sh b/pkgs/tools/archivers/rpmextract/rpmextract.sh index 04f57f6e6045..6ebfa251955d 100644 --- a/pkgs/tools/archivers/rpmextract/rpmextract.sh +++ b/pkgs/tools/archivers/rpmextract/rpmextract.sh @@ -1,4 +1,4 @@ -#!/bin/sh -e +#!@shell@ -e if [ "$1" = "" ]; then echo "usage: rpmextract package_name..." 1>&2 diff --git a/pkgs/tools/archivers/unzip/CVE-2018-18384.patch b/pkgs/tools/archivers/unzip/CVE-2018-18384.patch new file mode 100644 index 000000000000..e9320e125cf6 --- /dev/null +++ b/pkgs/tools/archivers/unzip/CVE-2018-18384.patch @@ -0,0 +1,35 @@ +--- unzip60/list.c ++++ unzip60/list.c +@@ -97,7 +97,7 @@ int list_files(__G) /* return PK-type + { + int do_this_file=FALSE, cfactor, error, error_in_archive=PK_COOL; + #ifndef WINDLL +- char sgn, cfactorstr[10]; ++ char sgn, cfactorstr[1+10+1+1]; /* <sgn><int>%NUL */ + int longhdr=(uO.vflag>1); + #endif + int date_format; +@@ -389,9 +389,9 @@ int list_files(__G) /* return PK-type + } + #else /* !WINDLL */ + if (cfactor == 100) +- sprintf(cfactorstr, LoadFarString(CompFactor100)); ++ snprintf(cfactorstr, sizeof(cfactorstr), LoadFarString(CompFactor100)); + else +- sprintf(cfactorstr, LoadFarString(CompFactorStr), sgn, cfactor); ++ snprintf(cfactorstr, sizeof(cfactorstr), LoadFarString(CompFactorStr), sgn, cfactor); + if (longhdr) + Info(slide, 0, ((char *)slide, LoadFarString(LongHdrStats), + FmZofft(G.crec.ucsize, "8", "u"), methbuf, +@@ -471,9 +471,9 @@ int list_files(__G) /* return PK-type + + #else /* !WINDLL */ + if (cfactor == 100) +- sprintf(cfactorstr, LoadFarString(CompFactor100)); ++ snprintf(cfactorstr, sizeof(cfactorstr), LoadFarString(CompFactor100)); + else +- sprintf(cfactorstr, LoadFarString(CompFactorStr), sgn, cfactor); ++ snprintf(cfactorstr, sizeof(cfactorstr), LoadFarString(CompFactorStr), sgn, cfactor); + if (longhdr) { + Info(slide, 0, ((char *)slide, LoadFarString(LongFileTrailer), + FmZofft(tot_ucsize, "8", "u"), FmZofft(tot_csize, "8", "u"), diff --git a/pkgs/tools/archivers/unzip/default.nix b/pkgs/tools/archivers/unzip/default.nix index 7c4bb988b629..cdf189e82df5 100644 --- a/pkgs/tools/archivers/unzip/default.nix +++ b/pkgs/tools/archivers/unzip/default.nix @@ -24,6 +24,7 @@ stdenv.mkDerivation { ./CVE-2015-7697.diff ./CVE-2014-9913.patch ./CVE-2016-9844.patch + ./CVE-2018-18384.patch ./dont-hardcode-cc.patch ] ++ stdenv.lib.optional enableNLS (fetchurl { diff --git a/pkgs/tools/backup/flockit/default.nix b/pkgs/tools/backup/flockit/default.nix index e569d9b6d598..e6284aa42d75 100644 --- a/pkgs/tools/backup/flockit/default.nix +++ b/pkgs/tools/backup/flockit/default.nix @@ -16,7 +16,7 @@ stdenv.mkDerivation rec { cp ./libflockit.so $out/lib (cat <<EOI - #!/bin/sh + #!${stdenv.shell} env LD_PRELOAD="$out/lib/libflockit.so" FLOCKIT_FILE_PREFIX=\$1 \''${@:2} EOI ) > $out/bin/flockit diff --git a/pkgs/tools/backup/store-backup/default.nix b/pkgs/tools/backup/store-backup/default.nix index 5f44e19fdf27..7324f75d95fa 100644 --- a/pkgs/tools/backup/store-backup/default.nix +++ b/pkgs/tools/backup/store-backup/default.nix @@ -9,7 +9,7 @@ # known impurity: test cases seem to bu using /tmp/storeBackup.lock .. -let dummyMount = writeScriptBin "mount" "#!/bin/sh"; +let dummyMount = writeScriptBin "mount" "#!${stdenv.shell}"; in stdenv.mkDerivation rec { diff --git a/pkgs/tools/filesystems/e2fsprogs/default.nix b/pkgs/tools/filesystems/e2fsprogs/default.nix index 2c597ccef35e..806469493900 100644 --- a/pkgs/tools/filesystems/e2fsprogs/default.nix +++ b/pkgs/tools/filesystems/e2fsprogs/default.nix @@ -48,7 +48,7 @@ stdenv.mkDerivation rec { homepage = http://e2fsprogs.sourceforge.net/; description = "Tools for creating and checking ext2/ext3/ext4 filesystems"; license = licenses.gpl2; - platforms = platforms.linux; + platforms = platforms.unix; maintainers = [ maintainers.eelco ]; }; } diff --git a/pkgs/tools/graphics/briss/default.nix b/pkgs/tools/graphics/briss/default.nix index a5045f97b45d..fb9b7cae488f 100644 --- a/pkgs/tools/graphics/briss/default.nix +++ b/pkgs/tools/graphics/briss/default.nix @@ -18,7 +18,7 @@ in stdenv.mkDerivation { mkdir -p "$out/bin"; mkdir -p "$out/share"; install -D -m444 -t "$out/share" *.jar - echo "#!/bin/sh" > "$out/bin/briss" + echo "#!${stdenv.shell}" > "$out/bin/briss" echo "${jre}/bin/java -Xms128m -Xmx1024m -cp \"$out/share/\" -jar \"$out/share/briss-${version}.jar\"" >> "$out/bin/briss" chmod +x "$out/bin/briss" ''; diff --git a/pkgs/tools/graphics/graphviz/base.nix b/pkgs/tools/graphics/graphviz/base.nix index 68ff84c7495a..db21df9b5d0d 100644 --- a/pkgs/tools/graphics/graphviz/base.nix +++ b/pkgs/tools/graphics/graphviz/base.nix @@ -2,12 +2,26 @@ { stdenv, fetchFromGitLab, autoreconfHook, pkgconfig, cairo, expat, flex , fontconfig, gd, gettext, gts, libdevil, libjpeg, libpng, libtool, pango -, yacc, xorg ? null, ApplicationServices ? null }: +, yacc, fetchpatch, xorg ? null, ApplicationServices ? null }: assert stdenv.isDarwin -> ApplicationServices != null; let inherit (stdenv.lib) optionals optionalString; + raw_patch = + # https://gitlab.com/graphviz/graphviz/issues/1367 CVE-2018-10196 + fetchpatch { + name = "CVE-2018-10196.patch"; + url = https://gitlab.com/graphviz/graphviz/uploads/30f8f0b00e357c112ac35fb20241604a/p.diff; + sha256 = "074qx6ch9blrnlilmz7p96fkiz2va84x2fbqdza5k4808rngirc7"; + excludes = ["tests/*"]; # we don't run them and they don't apply + }; + # the patch needs a small adaption for older versions + patch = if stdenv.lib.versionAtLeast version "2.37" then raw_patch else + stdenv.mkDerivation { + inherit (raw_patch) name; + buildCommand = "sed s/dot_root/agroot/g ${raw_patch} > $out"; + }; in stdenv.mkDerivation rec { @@ -37,6 +51,10 @@ stdenv.mkDerivation rec { "--with-ltdl-include=${libtool}/include" ] ++ stdenv.lib.optional (xorg == null) [ "--without-x" ]; + patches = [ + patch + ]; + postPatch = '' for f in $(find . -name Makefile.in); do substituteInPlace $f --replace "-lstdc++" "-lc++" diff --git a/pkgs/tools/graphics/povray/default.nix b/pkgs/tools/graphics/povray/default.nix index 76829b6b7271..dc9d9630ae5a 100644 --- a/pkgs/tools/graphics/povray/default.nix +++ b/pkgs/tools/graphics/povray/default.nix @@ -34,7 +34,7 @@ stdenv.mkDerivation rec { preInstall = '' mkdir "$TMP/bin" for i in chown chgrp; do - echo '#!/bin/sh' >> "$TMP/bin/$i" + echo '#!${stdenv.shell}' >> "$TMP/bin/$i" chmod +x "$TMP/bin/$i" PATH="$TMP/bin:$PATH" done diff --git a/pkgs/tools/graphics/sng/default.nix b/pkgs/tools/graphics/sng/default.nix index 098721d6b932..182ab5806d7b 100644 --- a/pkgs/tools/graphics/sng/default.nix +++ b/pkgs/tools/graphics/sng/default.nix @@ -20,6 +20,6 @@ stdenv.mkDerivation rec { homepage = http://sng.sourceforge.net/; license = licenses.zlib; maintainers = [ maintainers.dezgeg ]; - platforms = platforms.linux; + platforms = platforms.unix; }; } diff --git a/pkgs/tools/misc/coreutils/default.nix b/pkgs/tools/misc/coreutils/default.nix index 3a3486503081..84a2735dff8f 100644 --- a/pkgs/tools/misc/coreutils/default.nix +++ b/pkgs/tools/misc/coreutils/default.nix @@ -26,8 +26,9 @@ stdenv.mkDerivation rec { patches = optional stdenv.hostPlatform.isCygwin ./coreutils-8.23-4.cygwin.patch; postPatch = '' - # The test tends to fail on btrfs and maybe other unusual filesystems. + # The test tends to fail on btrfs,f2fs and maybe other unusual filesystems. sed '2i echo Skipping dd sparse test && exit 0' -i ./tests/dd/sparse.sh + sed '2i echo Skipping du threshold test && exit 0' -i ./tests/du/threshold.sh sed '2i echo Skipping cp sparse test && exit 0' -i ./tests/cp/sparse.sh sed '2i echo Skipping rm deep-2 test && exit 0' -i ./tests/rm/deep-2.sh sed '2i echo Skipping du long-from-unreadable test && exit 0' -i ./tests/du/long-from-unreadable.sh diff --git a/pkgs/tools/misc/fzf/default.nix b/pkgs/tools/misc/fzf/default.nix index a882fe9a9ba3..08efe3e6e18b 100644 --- a/pkgs/tools/misc/fzf/default.nix +++ b/pkgs/tools/misc/fzf/default.nix @@ -47,7 +47,7 @@ buildGoPackage rec { cp -R $src/shell $bin/share/fzf cat <<SCRIPT > $bin/bin/fzf-share - #!/bin/sh + #!${stdenv.shell} # Run this script to find the fzf shared folder where all the shell # integration scripts are living. echo $bin/share/fzf diff --git a/pkgs/tools/misc/grub/2.0x.nix b/pkgs/tools/misc/grub/2.0x.nix index d50797508596..2a8734822ac7 100644 --- a/pkgs/tools/misc/grub/2.0x.nix +++ b/pkgs/tools/misc/grub/2.0x.nix @@ -64,7 +64,7 @@ stdenv.mkDerivation rec { preConfigure = '' for i in "tests/util/"*.in do - sed -i "$i" -e's|/bin/bash|/bin/sh|g' + sed -i "$i" -e's|/bin/bash|${stdenv.shell}|g' done # Apparently, the QEMU executable is no longer called diff --git a/pkgs/tools/misc/grub/trusted.nix b/pkgs/tools/misc/grub/trusted.nix index 94beff8dfe37..ca4e477adce7 100644 --- a/pkgs/tools/misc/grub/trusted.nix +++ b/pkgs/tools/misc/grub/trusted.nix @@ -54,7 +54,7 @@ stdenv.mkDerivation rec { preConfigure = '' for i in "tests/util/"*.in do - sed -i "$i" -e's|/bin/bash|/bin/sh|g' + sed -i "$i" -e's|/bin/bash|${stdenv.shell}|g' done # Apparently, the QEMU executable is no longer called diff --git a/pkgs/tools/misc/hashit/default.nix b/pkgs/tools/misc/hashit/default.nix index 0cb839c26ffc..f1f2fd9aa44d 100644 --- a/pkgs/tools/misc/hashit/default.nix +++ b/pkgs/tools/misc/hashit/default.nix @@ -1,11 +1,9 @@ -{ stdenv, fetchFromGitHub, meson, ninja, pkgconfig, cmake, vala_0_40, python3, gnome3, gtk3, granite, gobject-introspection, desktop-file-utils, wrapGAppsHook }: +{ stdenv, fetchFromGitHub, meson, ninja, pkgconfig, cmake, pantheon, python3, gnome3, gtk3, gobject-introspection, desktop-file-utils, wrapGAppsHook }: stdenv.mkDerivation rec { pname = "hashit"; version = "1.0.0"; - name = "${pname}-${version}"; - src = fetchFromGitHub { owner = "artemanufrij"; repo = pname; @@ -20,14 +18,14 @@ stdenv.mkDerivation rec { ninja pkgconfig python3 - vala_0_40 # should be `elementary.vala` when elementary attribute set is merged + pantheon.vala wrapGAppsHook ]; buildInputs = [ - gnome3.defaultIconTheme # should be `elementary.defaultIconTheme`when elementary attribute set is merged + pantheon.elementary-icon-theme gnome3.libgee - granite + pantheon.granite gtk3 ]; diff --git a/pkgs/tools/misc/qjoypad/default.nix b/pkgs/tools/misc/qjoypad/default.nix index 4d91c184b0ae..4428bf1e625a 100644 --- a/pkgs/tools/misc/qjoypad/default.nix +++ b/pkgs/tools/misc/qjoypad/default.nix @@ -10,7 +10,7 @@ stdenv.mkDerivation rec { NIX_LDFLAGS = [ "-lX11" ]; patchPhase = '' cd src - substituteInPlace config --replace /bin/bash /bin/sh + substituteInPlace config --replace /bin/bash ${stdenv.shell} mkdir -p $out export NIX_LDFLAGS="$NIX_LDFLAGS -rpath ${libX11}/lib" ''; diff --git a/pkgs/tools/misc/xfstests/default.nix b/pkgs/tools/misc/xfstests/default.nix index e03f84355cad..7305013eb8b7 100644 --- a/pkgs/tools/misc/xfstests/default.nix +++ b/pkgs/tools/misc/xfstests/default.nix @@ -78,7 +78,7 @@ stdenv.mkDerivation { # wants to write temporary files there. So create a temporary # to run from and symlink the runtime files to it. wrapperScript = writeScript "xfstests-check" '' - #!/bin/sh + #!${stdenv.shell} set -e export RESULT_BASE="$(pwd)/results" diff --git a/pkgs/tools/networking/airfield/default.nix b/pkgs/tools/networking/airfield/default.nix index 70005038f99d..94a606f9c782 100644 --- a/pkgs/tools/networking/airfield/default.nix +++ b/pkgs/tools/networking/airfield/default.nix @@ -49,7 +49,7 @@ in stdenv.mkDerivation { installPhase = '' mkdir -p $out/bin cat >$out/bin/airfield <<EOF - #!${stdenv.shell}/bin/sh + #!${stdenv.shell} ${nodejs}/bin/node ${src}/airfield.js EOF ''; diff --git a/pkgs/tools/networking/tcpdump/default.nix b/pkgs/tools/networking/tcpdump/default.nix index 58f020e1bdd8..f1470fc6c148 100644 --- a/pkgs/tools/networking/tcpdump/default.nix +++ b/pkgs/tools/networking/tcpdump/default.nix @@ -33,6 +33,6 @@ stdenv.mkDerivation rec { homepage = http://www.tcpdump.org/; license = "BSD-style"; maintainers = with stdenv.lib.maintainers; [ jgeerds ]; - platforms = stdenv.lib.platforms.linux; + platforms = stdenv.lib.platforms.unix; }; } diff --git a/pkgs/tools/networking/zap/default.nix b/pkgs/tools/networking/zap/default.nix index 7dc0e07f9451..56b54fed61b9 100644 --- a/pkgs/tools/networking/zap/default.nix +++ b/pkgs/tools/networking/zap/default.nix @@ -22,7 +22,7 @@ stdenv.mkDerivation rec { mkdir -p "$out/share" tar xvf "ZAP_${version}_Linux.tar.gz" -C "$out/share/" mkdir -p "$out/bin" - echo "#!/bin/sh" > "$out/bin/zap" + echo "#!${stdenv.shell}" > "$out/bin/zap" echo \"$out/share/ZAP_${version}/zap.sh\" >> "$out/bin/zap" chmod +x "$out/bin/zap" ''; diff --git a/pkgs/tools/security/eid-mw/default.nix b/pkgs/tools/security/eid-mw/default.nix index 6bdc8570982d..9ac62dc334f7 100644 --- a/pkgs/tools/security/eid-mw/default.nix +++ b/pkgs/tools/security/eid-mw/default.nix @@ -3,7 +3,8 @@ , gtk3, nssTools, pcsclite , libxml2, libproxy , openssl, curl -, makeWrapper }: +, makeWrapper +, substituteAll }: stdenv.mkDerivation rec { name = "eid-mw-${version}"; @@ -32,8 +33,15 @@ stdenv.mkDerivation rec { configureFlags = [ "--enable-dialogs=yes" ]; - postInstall = '' - install -D ${./eid-nssdb.in} $out/bin/eid-nssdb + postInstall = + let + eid-nssdb-in = substituteAll { + inherit (stdenv) shell; + src = ./eid-nssdb.in; + }; + in + '' + install -D ${eid-nssdb-in} $out/bin/eid-nssdb substituteInPlace $out/bin/eid-nssdb \ --replace "modutil" "${nssTools}/bin/modutil" diff --git a/pkgs/tools/security/pgpdump/default.nix b/pkgs/tools/security/pgpdump/default.nix index 82bec2486e81..9c8f47cd2756 100644 --- a/pkgs/tools/security/pgpdump/default.nix +++ b/pkgs/tools/security/pgpdump/default.nix @@ -23,7 +23,7 @@ stdenv.mkDerivation rec { ''; homepage = http://www.mew.org/~kazu/proj/pgpdump/en/; license = licenses.bsd3; - platforms = platforms.linux; + platforms = platforms.unix; maintainers = with maintainers; [ primeos ]; }; } diff --git a/pkgs/tools/security/rhash/default.nix b/pkgs/tools/security/rhash/default.nix index 27f2ca04d710..5e622cf68f35 100644 --- a/pkgs/tools/security/rhash/default.nix +++ b/pkgs/tools/security/rhash/default.nix @@ -1,14 +1,14 @@ { stdenv, fetchFromGitHub, which }: stdenv.mkDerivation rec { - version = "1.3.6"; + version = "1.3.8"; name = "rhash-${version}"; src = fetchFromGitHub { owner = "rhash"; repo = "RHash"; rev = "v${version}"; - sha256 = "1c8gngjj34ylx1f56hjbvml22bif0bx1b88dx2cyxbix8praxqh7"; + sha256 = "0i00wl63hn80g0s9gdi772gchbghwgkvn4nbb5227y2wwy30yyi2"; }; nativeBuildInputs = [ which ]; @@ -16,10 +16,11 @@ stdenv.mkDerivation rec { # configure script is not autotools-based, doesn't support these options configurePlatforms = [ ]; - doCheck = false; # fails + doCheck = true; - installTargets = [ "install" "install-lib-shared" "install-lib-so-link" ]; - postInstall = "make -C librhash install-headers"; + checkTarget = "test-full"; + + installTargets = [ "install" "install-lib-shared" "install-lib-so-link" "install-lib-headers" ]; meta = with stdenv.lib; { homepage = http://rhash.anz.ru; diff --git a/pkgs/tools/typesetting/lout/builder.sh b/pkgs/tools/typesetting/lout/builder.sh index cd3b9c67e3c9..61459e48b7f0 100755 --- a/pkgs/tools/typesetting/lout/builder.sh +++ b/pkgs/tools/typesetting/lout/builder.sh @@ -1,5 +1,3 @@ -#!/bin/sh - # Prepare a makefile specifying the appropriate output directories. # # Written by Ludovic Courtès <ludo@gnu.org>. diff --git a/pkgs/tools/virtualization/google-compute-engine-oslogin/default.nix b/pkgs/tools/virtualization/google-compute-engine-oslogin/default.nix index 5096c7f94686..012090ba079d 100644 --- a/pkgs/tools/virtualization/google-compute-engine-oslogin/default.nix +++ b/pkgs/tools/virtualization/google-compute-engine-oslogin/default.nix @@ -21,7 +21,7 @@ stdenv.mkDerivation rec { # change sudoers dir from /var/google-sudoers.d to /run/google-sudoers.d (managed through systemd-tmpfiles) substituteInPlace pam_module/pam_oslogin_admin.cc --replace /var/google-sudoers.d /run/google-sudoers.d # fix "User foo not allowed because shell /bin/bash does not exist" - substituteInPlace utils/oslogin_utils.cc --replace /bin/bash /bin/sh + substituteInPlace utils/oslogin_utils.cc --replace /bin/bash ${stdenv.shell} ''; buildInputs = [ curl.dev pam ]; |