pyrox.dev
Merge master into staging-next
authored by github-actions[bot] and committed by GitHub 115f2f78 4c0c8ac7
+1
-1
lib/tests/modules.sh
+1
-1
lib/tests/modules.sh
···
313
314
## Option collision
315
checkConfigError \
316
-
'The option .set. in module .*/declare-set.nix. would be a parent of the following options, but its type .attribute set of signed integers. does not support nested options.\n\s*- option[(]s[)] with prefix .set.enable. in module .*/declare-enable-nested.nix.' \
317
config.set \
318
./declare-set.nix ./declare-enable-nested.nix
319
···
313
314
## Option collision
315
checkConfigError \
316
+
'The option .set. in module .*/declare-set.nix. would be a parent of the following options, but its type .attribute set of signed integer. does not support nested options.\n\s*- option[(]s[)] with prefix .set.enable. in module .*/declare-enable-nested.nix.' \
317
config.set \
318
./declare-set.nix ./declare-enable-nested.nix
319
+3
-3
lib/types.nix
+3
-3
lib/types.nix
···
397
398
listOf = elemType: mkOptionType rec {
399
name = "listOf";
400
-
description = "list of ${elemType.description}s";
401
check = isList;
402
merge = loc: defs:
403
map (x: x.value) (filter (x: x ? value) (concatLists (imap1 (n: def:
···
426
427
attrsOf = elemType: mkOptionType rec {
428
name = "attrsOf";
429
-
description = "attribute set of ${elemType.description}s";
430
check = isAttrs;
431
merge = loc: defs:
432
mapAttrs (n: v: v.value) (filterAttrs (n: v: v ? value) (zipAttrsWith (name: defs:
···
449
# error that it's not defined. Use only if conditional definitions don't make sense.
450
lazyAttrsOf = elemType: mkOptionType rec {
451
name = "lazyAttrsOf";
452
-
description = "lazy attribute set of ${elemType.description}s";
453
check = isAttrs;
454
merge = loc: defs:
455
zipAttrsWith (name: defs:
···
397
398
listOf = elemType: mkOptionType rec {
399
name = "listOf";
400
+
description = "list of ${elemType.description}";
401
check = isList;
402
merge = loc: defs:
403
map (x: x.value) (filter (x: x ? value) (concatLists (imap1 (n: def:
···
426
427
attrsOf = elemType: mkOptionType rec {
428
name = "attrsOf";
429
+
description = "attribute set of ${elemType.description}";
430
check = isAttrs;
431
merge = loc: defs:
432
mapAttrs (n: v: v.value) (filterAttrs (n: v: v ? value) (zipAttrsWith (name: defs:
···
449
# error that it's not defined. Use only if conditional definitions don't make sense.
450
lazyAttrsOf = elemType: mkOptionType rec {
451
name = "lazyAttrsOf";
452
+
description = "lazy attribute set of ${elemType.description}";
453
check = isAttrs;
454
merge = loc: defs:
455
zipAttrsWith (name: defs:
+21
-17
nixos/modules/security/wrappers/wrapper.c
+21
-17
nixos/modules/security/wrappers/wrapper.c
···
2
#include <stdio.h>
3
#include <string.h>
4
#include <unistd.h>
5
#include <sys/types.h>
6
#include <sys/stat.h>
7
#include <sys/xattr.h>
8
#include <fcntl.h>
9
#include <dirent.h>
10
-
#include <assert.h>
11
#include <errno.h>
12
#include <linux/capability.h>
13
#include <sys/prctl.h>
···
16
#include <syscall.h>
17
#include <byteswap.h>
18
19
-
// Make sure assertions are not compiled out, we use them to codify
20
-
// invariants about this program and we want it to fail fast and
21
-
// loudly if they are violated.
22
-
#undef NDEBUG
23
24
extern char **environ;
25
···
37
#else
38
#define LE32_TO_H(x) (x)
39
#endif
40
41
int get_last_cap(unsigned *last_cap) {
42
FILE* file = fopen("/proc/sys/kernel/cap_last_cap", "r");
···
167
}
168
169
int main(int argc, char **argv) {
170
char *self_path = NULL;
171
int self_path_size = readlink_malloc("/proc/self/exe", &self_path);
172
if (self_path_size < 0) {
···
181
int len = strlen(wrapper_dir);
182
if (len > 0 && '/' == wrapper_dir[len - 1])
183
--len;
184
-
assert(!strncmp(self_path, wrapper_dir, len));
185
-
assert('/' == wrapper_dir[0]);
186
-
assert('/' == self_path[len]);
187
188
// Make *really* *really* sure that we were executed as
189
// `self_path', and not, say, as some other setuid program. That
190
// is, our effective uid/gid should match the uid/gid of
191
// `self_path'.
192
struct stat st;
193
-
assert(lstat(self_path, &st) != -1);
194
195
-
assert(!(st.st_mode & S_ISUID) || (st.st_uid == geteuid()));
196
-
assert(!(st.st_mode & S_ISGID) || (st.st_gid == getegid()));
197
198
// And, of course, we shouldn't be writable.
199
-
assert(!(st.st_mode & (S_IWGRP | S_IWOTH)));
200
201
// Read the path of the real (wrapped) program from <self>.real.
202
char real_fn[PATH_MAX + 10];
203
int real_fn_size = snprintf(real_fn, sizeof(real_fn), "%s.real", self_path);
204
-
assert(real_fn_size < sizeof(real_fn));
205
206
int fd_self = open(real_fn, O_RDONLY);
207
-
assert(fd_self != -1);
208
209
char source_prog[PATH_MAX];
210
len = read(fd_self, source_prog, PATH_MAX);
211
-
assert(len != -1);
212
-
assert(len < sizeof(source_prog));
213
-
assert(len > 0);
214
source_prog[len] = 0;
215
216
close(fd_self);
···
2
#include <stdio.h>
3
#include <string.h>
4
#include <unistd.h>
5
+
#include <stdnoreturn.h>
6
#include <sys/types.h>
7
#include <sys/stat.h>
8
#include <sys/xattr.h>
9
#include <fcntl.h>
10
#include <dirent.h>
11
#include <errno.h>
12
#include <linux/capability.h>
13
#include <sys/prctl.h>
···
16
#include <syscall.h>
17
#include <byteswap.h>
18
19
+
#define ASSERT(expr) ((expr) ? (void) 0 : assert_failure(#expr))
20
21
extern char **environ;
22
···
34
#else
35
#define LE32_TO_H(x) (x)
36
#endif
37
+
38
+
static noreturn void assert_failure(const char *assertion) {
39
+
fprintf(stderr, "Assertion `%s` in NixOS's wrapper.c failed.\n", assertion);
40
+
fflush(stderr);
41
+
abort();
42
+
}
43
44
int get_last_cap(unsigned *last_cap) {
45
FILE* file = fopen("/proc/sys/kernel/cap_last_cap", "r");
···
170
}
171
172
int main(int argc, char **argv) {
173
+
ASSERT(argc >= 1);
174
char *self_path = NULL;
175
int self_path_size = readlink_malloc("/proc/self/exe", &self_path);
176
if (self_path_size < 0) {
···
185
int len = strlen(wrapper_dir);
186
if (len > 0 && '/' == wrapper_dir[len - 1])
187
--len;
188
+
ASSERT(!strncmp(self_path, wrapper_dir, len));
189
+
ASSERT('/' == wrapper_dir[0]);
190
+
ASSERT('/' == self_path[len]);
191
192
// Make *really* *really* sure that we were executed as
193
// `self_path', and not, say, as some other setuid program. That
194
// is, our effective uid/gid should match the uid/gid of
195
// `self_path'.
196
struct stat st;
197
+
ASSERT(lstat(self_path, &st) != -1);
198
199
+
ASSERT(!(st.st_mode & S_ISUID) || (st.st_uid == geteuid()));
200
+
ASSERT(!(st.st_mode & S_ISGID) || (st.st_gid == getegid()));
201
202
// And, of course, we shouldn't be writable.
203
+
ASSERT(!(st.st_mode & (S_IWGRP | S_IWOTH)));
204
205
// Read the path of the real (wrapped) program from <self>.real.
206
char real_fn[PATH_MAX + 10];
207
int real_fn_size = snprintf(real_fn, sizeof(real_fn), "%s.real", self_path);
208
+
ASSERT(real_fn_size < sizeof(real_fn));
209
210
int fd_self = open(real_fn, O_RDONLY);
211
+
ASSERT(fd_self != -1);
212
213
char source_prog[PATH_MAX];
214
len = read(fd_self, source_prog, PATH_MAX);
215
+
ASSERT(len != -1);
216
+
ASSERT(len < sizeof(source_prog));
217
+
ASSERT(len > 0);
218
source_prog[len] = 0;
219
220
close(fd_self);
+1
-1
nixos/modules/services/misc/nitter.nix
+1
-1
nixos/modules/services/misc/nitter.nix
+21
-3
pkgs/applications/networking/cluster/k0sctl/default.nix
+21
-3
pkgs/applications/networking/cluster/k0sctl/default.nix
···
1
{ lib
2
, buildGoModule
3
, fetchFromGitHub
4
}:
5
6
buildGoModule rec {
7
pname = "k0sctl";
8
-
version = "0.11.4";
9
10
src = fetchFromGitHub {
11
owner = "k0sproject";
12
repo = pname;
13
rev = "v${version}";
14
-
sha256 = "sha256-Fk1aYSa3LqzxiHtlzH5pcNtodOprjfnCFh4UMqCa6Rc=";
15
};
16
17
-
vendorSha256 = "sha256-21C6wZ8lKQnbUg3aD0ZFVOgopblXyWk4WP/ubZVk3Yk=";
18
19
ldflags = [
20
"-s"
···
22
"-X github.com/k0sproject/k0sctl/version.Environment=production"
23
"-X github.com/k0sproject/k0sctl/version.Version=${version}"
24
];
25
26
meta = with lib; {
27
description = "A bootstrapping and management tool for k0s clusters.";
···
1
{ lib
2
, buildGoModule
3
, fetchFromGitHub
4
+
, fetchpatch
5
+
, installShellFiles
6
}:
7
8
buildGoModule rec {
9
pname = "k0sctl";
10
+
version = "0.12.6";
11
12
src = fetchFromGitHub {
13
owner = "k0sproject";
14
repo = pname;
15
rev = "v${version}";
16
+
sha256 = "sha256-TkkMO6xBHY5t5Rpd0ieSDXMrnQ+Xdq+65Rk93ZkYcUs=";
17
};
18
19
+
vendorSha256 = "sha256-nTAuvHcsJiW0XYX5GM1SL8cnOhwdrj6iw8tuAkEWNzQ=";
20
+
21
+
patches = [
22
+
(fetchpatch {
23
+
url = "https://github.com/k0sproject/${pname}/commit/22c694ab0335a1e6146d0d3f939ef79d2c005a3d.patch";
24
+
sha256 = "sha256-Ftq/vbQd5ArdHboDt6NdyuqpFalHVnsQBdpmyDG/t5Q=";
25
+
})
26
+
];
27
28
ldflags = [
29
"-s"
···
31
"-X github.com/k0sproject/k0sctl/version.Environment=production"
32
"-X github.com/k0sproject/k0sctl/version.Version=${version}"
33
];
34
+
35
+
nativeBuildInputs = [ installShellFiles ];
36
+
37
+
postInstall = ''
38
+
for shell in bash zsh fish; do
39
+
installShellCompletion --cmd ${pname} \
40
+
--$shell <($out/bin/${pname} completion --shell $shell)
41
+
done
42
+
'';
43
44
meta = with lib; {
45
description = "A bootstrapping and management tool for k0s clusters.";
+2
-2
pkgs/applications/networking/cluster/tilt/default.nix
+2
-2
pkgs/applications/networking/cluster/tilt/default.nix
···
5
/* Do not use "dev" as a version. If you do, Tilt will consider itself
6
running in development environment and try to serve assets from the
7
source tree, which is not there once build completes. */
8
-
version = "0.26.3";
9
10
src = fetchFromGitHub {
11
owner = "tilt-dev";
12
repo = pname;
13
rev = "v${version}";
14
-
sha256 = "sha256-jrVf6vNlEkTgALS93o3kIiticvsyFHm5oA2Fh1edAGY=";
15
};
16
vendorSha256 = null;
17
···
5
/* Do not use "dev" as a version. If you do, Tilt will consider itself
6
running in development environment and try to serve assets from the
7
source tree, which is not there once build completes. */
8
+
version = "0.30.0";
9
10
src = fetchFromGitHub {
11
owner = "tilt-dev";
12
repo = pname;
13
rev = "v${version}";
14
+
sha256 = "sha256-bZYm9T3NRNNtT8RDGwnXcXC7Rb/GuIxI/U06By4gR/w=";
15
};
16
vendorSha256 = null;
17
+6
-13
pkgs/applications/video/mpc-qt/default.nix
+6
-13
pkgs/applications/video/mpc-qt/default.nix
···
1
-
{ lib, stdenv, mkDerivation, fetchFromGitLab, fetchpatch, pkg-config, qmake, qtx11extras, qttools, mpv }:
2
3
mkDerivation rec {
4
pname = "mpc-qt";
5
-
version = "2019-06-09";
6
7
-
src = fetchFromGitLab {
8
owner = "mpc-qt";
9
repo = "mpc-qt";
10
-
rev = "2abe6e7fc643068d50522468fe75d614861555ad";
11
-
sha256 = "1cis8dl9pm91mpnp696zvwsfp96gkwr8jgs45anbwd7ldw78w4x5";
12
};
13
14
-
patches = [
15
-
(fetchpatch {
16
-
url = "https://gitlab.com/mpc-qt/mpc-qt/-/commit/02f2bc7a22e863a89ba322b9acb61cf1aef23ba0.diff";
17
-
sha256 = "0khld55i194zgi18d0wch5459lfzzkbfdbl1im8akvq8ks5xijis";
18
-
})
19
-
];
20
-
21
nativeBuildInputs = [ pkg-config qmake qttools ];
22
23
buildInputs = [ mpv qtx11extras ];
···
26
27
meta = with lib; {
28
description = "Media Player Classic Qute Theater";
29
-
homepage = "https://gitlab.com/mpc-qt/mpc-qt";
30
license = licenses.gpl2;
31
platforms = platforms.unix;
32
broken = stdenv.isDarwin;
···
1
+
{ lib, stdenv, mkDerivation, fetchFromGitHub, pkg-config, qmake, qtx11extras, qttools, mpv }:
2
3
mkDerivation rec {
4
pname = "mpc-qt";
5
+
version = "22.02";
6
7
+
src = fetchFromGitHub {
8
owner = "mpc-qt";
9
repo = "mpc-qt";
10
+
rev = "v${version}";
11
+
sha256 = "sha256-DRbNDrWnaTT4A0dRFAv9MX/MDwV/rXIw+R8fQJmVN+g=";
12
};
13
14
nativeBuildInputs = [ pkg-config qmake qttools ];
15
16
buildInputs = [ mpv qtx11extras ];
···
19
20
meta = with lib; {
21
description = "Media Player Classic Qute Theater";
22
+
homepage = "https://mpc-qt.github.io";
23
license = licenses.gpl2;
24
platforms = platforms.unix;
25
broken = stdenv.isDarwin;
+2
-2
pkgs/development/libraries/bullet/default.nix
+2
-2
pkgs/development/libraries/bullet/default.nix
+2
-2
pkgs/development/libraries/libdigidocpp/default.nix
+2
-2
pkgs/development/libraries/libdigidocpp/default.nix
···
2
, xercesc, xml-security-c, pkg-config, xsd, zlib, xalanc, xxd }:
3
4
stdenv.mkDerivation rec {
5
-
version = "3.14.7";
6
pname = "libdigidocpp";
7
8
src = fetchurl {
9
url = "https://github.com/open-eid/libdigidocpp/releases/download/v${version}/libdigidocpp-${version}.tar.gz";
10
-
sha256 = "sha256-QdctW2+T8kPNUJv30pXZ/qfnw1Uhq6gScSjUI+bZMfY=";
11
};
12
13
nativeBuildInputs = [ cmake pkg-config xxd ];
···
2
, xercesc, xml-security-c, pkg-config, xsd, zlib, xalanc, xxd }:
3
4
stdenv.mkDerivation rec {
5
+
version = "3.14.8";
6
pname = "libdigidocpp";
7
8
src = fetchurl {
9
url = "https://github.com/open-eid/libdigidocpp/releases/download/v${version}/libdigidocpp-${version}.tar.gz";
10
+
sha256 = "sha256-U5i5IAyJF4359q6M6mQemEuG7+inPYIXqLy8GHv4dkg=";
11
};
12
13
nativeBuildInputs = [ cmake pkg-config xxd ];
+2
-2
pkgs/development/nim-packages/jsony/default.nix
+2
-2
pkgs/development/nim-packages/jsony/default.nix
+2
-2
pkgs/development/nim-packages/supersnappy/default.nix
+2
-2
pkgs/development/nim-packages/supersnappy/default.nix
+3
-3
pkgs/development/python-modules/pycep-parser/default.nix
+3
-3
pkgs/development/python-modules/pycep-parser/default.nix
···
12
13
buildPythonPackage rec {
14
pname = "pycep-parser";
15
-
version = "0.3.4";
16
format = "pyproject";
17
18
disabled = pythonOlder "3.7";
···
20
src = fetchFromGitHub {
21
owner = "gruebel";
22
repo = "pycep";
23
-
rev = version;
24
-
hash = "sha256-o2sYPvZVevDqZV8EtKWTL2zHHzX2kmTZ4iVHsUhFv7M=";
25
};
26
27
nativeBuildInputs = [
···
12
13
buildPythonPackage rec {
14
pname = "pycep-parser";
15
+
version = "0.3.5";
16
format = "pyproject";
17
18
disabled = pythonOlder "3.7";
···
20
src = fetchFromGitHub {
21
owner = "gruebel";
22
repo = "pycep";
23
+
rev = "refs/tags/${version}";
24
+
hash = "sha256-Nj/drNRSIBh8DaE+vzQRijQg8NVUK5qBClwU3aWiA48=";
25
};
26
27
nativeBuildInputs = [
+2
-2
pkgs/development/python-modules/pyskyqhub/default.nix
+2
-2
pkgs/development/python-modules/pyskyqhub/default.nix
···
7
8
buildPythonPackage rec {
9
pname = "pyskyqhub";
10
-
version = "0.1.8";
11
format = "setuptools";
12
13
disabled = pythonOlder "3.8";
···
16
owner = "RogerSelwyn";
17
repo = "skyq_hub";
18
rev = version;
19
-
sha256 = "sha256-1KNgF3d5w+aNKNkOZVkdD3VVLz/F8NyQ5MxO1UaWrFk=";
20
};
21
22
propagatedBuildInputs = [
···
7
8
buildPythonPackage rec {
9
pname = "pyskyqhub";
10
+
version = "0.1.9";
11
format = "setuptools";
12
13
disabled = pythonOlder "3.8";
···
16
owner = "RogerSelwyn";
17
repo = "skyq_hub";
18
rev = version;
19
+
sha256 = "sha256-yXqtABbsCh1yb96lsEA0gquikVenGLCo6J93AeXAC8k=";
20
};
21
22
propagatedBuildInputs = [
+3
pkgs/development/python-modules/sanic/default.nix
+3
pkgs/development/python-modules/sanic/default.nix
+5
-6
pkgs/development/tools/ocaml/merlin/4.x.nix
+5
-6
pkgs/development/tools/ocaml/merlin/4.x.nix
···
15
}:
16
17
let
18
-
merlinVersion = "4.4";
19
20
hashes = {
21
-
"4.4-411" = "sha256:0chx28098mmnjbnaz5wgzsn82rh1w9dhzqmsykb412cq13msl1q4";
22
-
"4.4-412" = "sha256:18xjpsiz7xbgjdnsxfc52l7yfh22harj0birlph4xm42d14pkn0n";
23
-
"4.4-413" = "sha256:1ilmh2gqpwgr51w2ba8r0s5zkj75h00wkw4az61ssvivn9jxr7k0";
24
};
25
26
ocamlVersionShorthand = lib.concatStrings
···
54
# Fixed in 4.4 for OCaml ≥ 4.12
55
./test.patch
56
;
57
-
58
-
useDune2 = true;
59
60
strictDeps = true;
61
···
15
}:
16
17
let
18
+
merlinVersion = "4.5";
19
20
hashes = {
21
+
"4.5-411" = "sha256:05nz6y7r91rh0lj8b6xdv3s3yknmvjc7y60v17kszgqnr887bvpn";
22
+
"4.5-412" = "sha256:0i5c3rfzinmwdjya7gv94zyknsm32qx9dlg472xpfqivwvnnhf1z";
23
+
"4.5-413" = "sha256:1sphq9anfg1qzrvj7hdcqflj6cmc1qiyfkljhng9fxnnr0i7550s";
24
+
"4.5-414" = "sha256:13h588kwih05zd9p3p7q528q4zc0d1l983kkvbmkxgay5d17nn1i";
25
};
26
27
ocamlVersionShorthand = lib.concatStrings
···
55
# Fixed in 4.4 for OCaml ≥ 4.12
56
./test.patch
57
;
58
59
strictDeps = true;
60
+4
-3
pkgs/servers/nitter/default.nix
+4
-3
pkgs/servers/nitter/default.nix
···
2
3
nimPackages.buildNimPackage rec {
4
pname = "nitter";
5
-
version = "unstable-2022-03-21";
6
nimBinOnly = true;
7
8
src = fetchFromGitHub {
9
owner = "zedeus";
10
repo = "nitter";
11
-
rev = "6884f05041a9b8619ec709afacdfdd6482a120a0";
12
-
sha256 = "1mnc6jqljpqp9lgcrxxvf3aiswssr34v139cxfbwlmj45swmsazh";
13
};
14
15
buildInputs = with nimPackages; [
···
29
30
postBuild = ''
31
nim c --hint[Processing]:off -r tools/gencss
32
'';
33
34
postInstall = ''
···
2
3
nimPackages.buildNimPackage rec {
4
pname = "nitter";
5
+
version = "unstable-2022-05-13";
6
nimBinOnly = true;
7
8
src = fetchFromGitHub {
9
owner = "zedeus";
10
repo = "nitter";
11
+
rev = "683c052036b268028f0ecae020a1519bc586516d";
12
+
sha256 = "179z66jlwbdarrgvpdh8aqy2ihkiakd22wqydrfgpsgr59ma8fgl";
13
};
14
15
buildInputs = with nimPackages; [
···
29
30
postBuild = ''
31
nim c --hint[Processing]:off -r tools/gencss
32
+
nim c --hint[Processing]:off -r tools/rendermd
33
'';
34
35
postInstall = ''
+10
-30
pkgs/tools/security/clamav/default.nix
+10
-30
pkgs/tools/security/clamav/default.nix
···
1
-
{ lib, stdenv, fetchurl, pkg-config
2
, zlib, bzip2, libiconv, libxml2, openssl, ncurses, curl, libmilter, pcre2
3
, libmspack, systemd, Foundation, json_c, check
4
}:
5
6
stdenv.mkDerivation rec {
7
pname = "clamav";
8
-
version = "0.103.6";
9
10
src = fetchurl {
11
url = "https://www.clamav.net/downloads/production/${pname}-${version}.tar.gz";
12
-
sha256 = "sha256-qqEuPcGfHTI7HFDXoQ+or1V+Q5AUnoZNWb3jm2rZujM=";
13
};
14
15
-
# don't install sample config files into the absolute sysconfdir folder
16
-
postPatch = ''
17
-
substituteInPlace Makefile.in --replace ' etc ' ' '
18
-
'';
19
20
enableParallelBuilding = true;
21
-
nativeBuildInputs = [ pkg-config ];
22
buildInputs = [
23
zlib bzip2 libxml2 openssl ncurses curl libiconv libmilter pcre2 libmspack json_c check
24
] ++ lib.optional stdenv.isLinux systemd
25
++ lib.optional stdenv.isDarwin Foundation;
26
27
-
configureFlags = [
28
-
"--libdir=$(out)/lib"
29
-
"--sysconfdir=/etc/clamav"
30
-
"--disable-llvm" # enabling breaks the build at the moment
31
-
"--with-zlib=${zlib.dev}"
32
-
"--with-xml=${libxml2.dev}"
33
-
"--with-openssl=${openssl.dev}"
34
-
"--with-libcurl=${curl.dev}"
35
-
"--with-libjson=${json_c.dev}"
36
-
"--with-system-libmspack"
37
-
"--enable-milter"
38
-
"--disable-unrar" # disable unrar because it's non-free and requires some extra patching to work properly
39
-
"--enable-check"
40
-
] ++ lib.optional stdenv.isLinux
41
-
"--with-systemdsystemunitdir=$(out)/lib/systemd";
42
-
43
-
postInstall = ''
44
-
mkdir $out/etc
45
-
cp etc/*.sample $out/etc
46
-
'';
47
48
-
# Only required for the unit tests
49
-
hardeningDisable = [ "format" ];
50
doCheck = true;
51
52
meta = with lib; {
···
1
+
{ lib, stdenv, fetchurl, pkg-config, cmake
2
, zlib, bzip2, libiconv, libxml2, openssl, ncurses, curl, libmilter, pcre2
3
, libmspack, systemd, Foundation, json_c, check
4
+
, rustc, rust-bindgen, rustfmt, cargo, python3
5
}:
6
7
stdenv.mkDerivation rec {
8
pname = "clamav";
9
+
version = "0.105.0";
10
11
src = fetchurl {
12
url = "https://www.clamav.net/downloads/production/${pname}-${version}.tar.gz";
13
+
sha256 = "sha256-JwIDpUxFgEnbVPzZNoP/Wy2xkVHzY8SOgs7O/d4rNdQ=";
14
};
15
16
+
# Flaky test, remove this when https://github.com/Cisco-Talos/clamav/issues/343 is fixed
17
+
patches = [ ./remove-freshclam-test.patch ];
18
19
enableParallelBuilding = true;
20
+
nativeBuildInputs = [ cmake pkg-config rustc rust-bindgen rustfmt cargo python3 ];
21
buildInputs = [
22
zlib bzip2 libxml2 openssl ncurses curl libiconv libmilter pcre2 libmspack json_c check
23
] ++ lib.optional stdenv.isLinux systemd
24
++ lib.optional stdenv.isDarwin Foundation;
25
26
+
cmakeFlags = [
27
+
"-DSYSTEMD_UNIT_DIR=${placeholder "out"}/lib/systemd"
28
+
];
29
30
doCheck = true;
31
32
meta = with lib; {
+20
pkgs/tools/security/clamav/remove-freshclam-test.patch
+20
pkgs/tools/security/clamav/remove-freshclam-test.patch
···
···
1
+
diff --git a/unit_tests/CMakeLists.txt b/unit_tests/CMakeLists.txt
2
+
index 1460357ba..1194abc9d 100644
3
+
--- a/unit_tests/CMakeLists.txt
4
+
+++ b/unit_tests/CMakeLists.txt
5
+
@@ -371,15 +371,6 @@ if(ENABLE_APP)
6
+
set_property(TEST clamd_valgrind PROPERTY ENVIRONMENT ${ENVIRONMENT} VALGRIND=${Valgrind_EXECUTABLE})
7
+
endif()
8
+
9
+
- add_test(NAME freshclam COMMAND ${PythonTest_COMMAND};freshclam_test.py
10
+
- WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR})
11
+
- set_property(TEST freshclam PROPERTY ENVIRONMENT ${ENVIRONMENT})
12
+
- if(Valgrind_FOUND)
13
+
- add_test(NAME freshclam_valgrind COMMAND ${PythonTest_COMMAND};freshclam_test.py
14
+
- WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR})
15
+
- set_property(TEST freshclam_valgrind PROPERTY ENVIRONMENT ${ENVIRONMENT} VALGRIND=${Valgrind_EXECUTABLE})
16
+
- endif()
17
+
-
18
+
add_test(NAME sigtool COMMAND ${PythonTest_COMMAND};sigtool_test.py
19
+
WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR})
20
+
set_property(TEST sigtool PROPERTY ENVIRONMENT ${ENVIRONMENT})
+3
-1
pkgs/top-level/all-packages.nix
+3
-1
pkgs/top-level/all-packages.nix