Merge remote-tracking branch 'origin/staging-next'

+1 -1

doc/stdenv/stdenv.chapter.md

··· 869 869 makeWrapper $out/bin/foo $wrapperfile --prefix PATH : ${lib.makeBinPath [ hello git ]} 870 870 ``` 871 871 872 - There’s many more kinds of arguments, they are documented in `nixpkgs/pkgs/build-support/setup-hooks/make-wrapper.sh` for the `makeWrapper` implementation and in `nixpkgs/pkgs/build-support/setup-hooks/make-binary-wrapper.sh` for the `makeBinaryWrapper` implementation. 872 + There’s many more kinds of arguments, they are documented in `nixpkgs/pkgs/build-support/setup-hooks/make-wrapper.sh` for the `makeWrapper` implementation and in `nixpkgs/pkgs/build-support/setup-hooks/make-binary-wrapper/make-binary-wrapper.sh` for the `makeBinaryWrapper` implementation. 873 873 874 874 `wrapProgram` is a convenience function you probably want to use most of the time, implemented by both `makeWrapper` and `makeBinaryWrapper`. 875 875

+17

nixos/doc/manual/from_md/release-notes/rl-2205.section.xml

··· 118 118 </listitem> 119 119 <listitem> 120 120 <para> 121 + PostgreSQL now defaults to major version 14. 122 + </para> 123 + </listitem> 124 + <listitem> 125 + <para> 121 126 The new 122 127 <link xlink:href="https://nixos.org/manual/nixpkgs/stable/#sec-postgresqlTestHook"><literal>postgresqlTestHook</literal></link> 123 128 runs a PostgreSQL server for the duration of package checks. ··· 696 701 In the ncdns module, the default value of 697 702 <literal>services.ncdns.address</literal> has been changed to 698 703 the IPv6 loopback address (<literal>::1</literal>). 704 + </para> 705 + </listitem> 706 + <listitem> 707 + <para> 708 + <literal>openldap</literal> (and therefore the slapd LDAP 709 + server) were updated to version 2.6.2. The project introduced 710 + backwards-incompatible changes, namely the removal of the bdb, 711 + hdb, ndb, and shell backends in slapd. Therefore before 712 + updating, dump your database <literal>slapcat -n 1</literal> 713 + in LDIF format, and reimport it after updating your 714 + <literal>services.openldap.settings</literal>, which 715 + represents your <literal>cn=config</literal>. 699 716 </para> 700 717 </listitem> 701 718 <listitem>

+4

nixos/doc/manual/release-notes/rl-2205.section.md

··· 45 45 - Pulseaudio has been upgraded to version 15.0 and now optionally [supports additional Bluetooth audio codecs](https://www.freedesktop.org/wiki/Software/PulseAudio/Notes/15.0/#supportforldacandaptxbluetoothcodecsplussbcxqsbcwithhigher-qualityparameters) like aptX or LDAC, with codec switching support being available in `pavucontrol`. This feature is disabled by default but can be enabled by using `hardware.pulseaudio.package = pkgs.pulseaudioFull;`. 46 46 Existing 3rd party modules that provided similar functionality, like `pulseaudio-modules-bt` or `pulseaudio-hsphfpd` are deprecated and have been removed. 47 47 48 + - PostgreSQL now defaults to major version 14. 49 + 48 50 - The new [`postgresqlTestHook`](https://nixos.org/manual/nixpkgs/stable/#sec-postgresqlTestHook) runs a PostgreSQL server for the duration of package checks. 49 51 50 52 - [`kops`](https://kops.sigs.k8s.io) defaults to 1.22.4, which will enable [Instance Metadata Service Version 2](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/configuring-instance-metadata-service.html) and require tokens on new clusters with Kubernetes 1.22. This will increase security by default, but may break some types of workloads. See the [release notes](https://kops.sigs.k8s.io/releases/1.22-notes/) for details. ··· 245 247 - allow only local connections to the REST API server (`services.pdns-recursor.api.allowFrom`). 246 248 247 249 - In the ncdns module, the default value of `services.ncdns.address` has been changed to the IPv6 loopback address (`::1`). 250 + 251 + - `openldap` (and therefore the slapd LDAP server) were updated to version 2.6.2. The project introduced backwards-incompatible changes, namely the removal of the bdb, hdb, ndb, and shell backends in slapd. Therefore before updating, dump your database `slapcat -n 1` in LDIF format, and reimport it after updating your `services.openldap.settings`, which represents your `cn=config`. 248 252 249 253 - `openssh` has been update to 8.9p1, changing the FIDO security key middleware interface. 250 254

+8 -3

nixos/modules/services/databases/openldap.nix

··· 268 268 }; 269 269 270 270 systemd.services.openldap = { 271 - description = "LDAP server"; 271 + description = "OpenLDAP Server Daemon"; 272 + documentation = [ 273 + "man:slapd" 274 + "man:slapd-config" 275 + "man:slapd-mdb" 276 + ]; 272 277 wantedBy = [ "multi-user.target" ]; 273 - after = [ "network.target" ]; 278 + after = [ "network-online.target" ]; 274 279 preStart = let 275 280 settingsFile = pkgs.writeText "config.ldif" (lib.concatStringsSep "\n" (attrsToLdif "cn=config" cfg.settings)); 276 281 ··· 306 311 "${openldap}/libexec/slapd" "-u" cfg.user "-g" cfg.group "-F" configDir 307 312 "-h" (lib.concatStringsSep " " cfg.urlList) 308 313 ]); 309 - Type = "forking"; 314 + Type = "notify"; 310 315 PIDFile = cfg.settings.attrs.olcPidFile; 311 316 }; 312 317 };

+2 -1

nixos/modules/services/databases/postgresql.nix

··· 295 295 # Note: when changing the default, make it conditional on 296 296 # ‘system.stateVersion’ to maintain compatibility with existing 297 297 # systems! 298 - mkDefault (if versionAtLeast config.system.stateVersion "21.11" then pkgs.postgresql_13 298 + mkDefault (if versionAtLeast config.system.stateVersion "22.05" then pkgs.postgresql_14 299 + else if versionAtLeast config.system.stateVersion "21.11" then pkgs.postgresql_13 299 300 else if versionAtLeast config.system.stateVersion "20.03" then pkgs.postgresql_11 300 301 else if versionAtLeast config.system.stateVersion "17.09" then mkThrow "9_6" 301 302 else mkThrow "9_5");

+1 -1

pkgs/applications/editors/neovim/utils.nix

··· 108 108 hostprog_check_table); 109 109 in 110 110 [ 111 - "--argv0" "$0" "--add-flags" (lib.escapeShellArgs flags) 111 + "--inherit-argv0" "--add-flags" (lib.escapeShellArgs flags) 112 112 ] ++ lib.optionals withRuby [ 113 113 "--set" "GEM_HOME" "${rubyEnv}/${rubyEnv.ruby.gemPath}" 114 114 ] ++ lib.optionals (binPath != "") [

+1 -1

pkgs/applications/editors/vscode/generic.nix

··· 72 72 ++ lib.optionals stdenv.isLinux [ 73 73 autoPatchelfHook 74 74 nodePackages.asar 75 - (wrapGAppsHook.override { makeBinaryWrapper = makeWrapper; }) 75 + (wrapGAppsHook.override { inherit makeWrapper; }) 76 76 ]; 77 77 78 78 dontBuild = true;

+1 -3

pkgs/applications/emulators/wine/base.nix

··· 175 175 done 176 176 ''; 177 177 178 - # Until https://github.com/NixOS/nixpkgs/pull/172617 is applied, 179 - # parallel builds do not always work because of a bug in dlltool. 180 - enableParallelBuilding = false; 178 + enableParallelBuilding = true; 181 179 182 180 # https://bugs.winehq.org/show_bug.cgi?id=43530 183 181 # https://github.com/NixOS/nixpkgs/issues/31989

+1 -1

pkgs/applications/networking/browsers/brave/default.nix

··· 104 104 105 105 nativeBuildInputs = [ 106 106 dpkg 107 - (wrapGAppsHook.override { makeBinaryWrapper = makeWrapper; }) 107 + (wrapGAppsHook.override { inherit makeWrapper; }) 108 108 ]; 109 109 110 110 buildInputs = [

+20 -4

pkgs/applications/networking/browsers/firefox/common.nix

··· 68 68 , xorg 69 69 , zip 70 70 , zlib 71 + , pkgsBuildBuild 71 72 72 73 # optionals 73 74 ··· 142 143 143 144 # Target the LLVM version that rustc is built with for LTO. 144 145 llvmPackages0 = rustc.llvmPackages; 146 + llvmPackagesBuildBuild0 = pkgsBuildBuild.rustc.llvmPackages; 145 147 146 148 # Force the use of lld and other llvm tools for LTO 147 149 llvmPackages = llvmPackages0.override { 150 + bootBintoolsNoLibc = null; 151 + bootBintools = null; 152 + }; 153 + llvmPackagesBuildBuild = llvmPackagesBuildBuild0.override { 148 154 bootBintoolsNoLibc = null; 149 155 bootBintools = null; 150 156 }; 151 157 152 158 # LTO requires LLVM bintools including ld.lld and llvm-ar. 153 159 buildStdenv = overrideCC llvmPackages.stdenv (llvmPackages.stdenv.cc.override { 154 - inherit (llvmPackages) bintools; 160 + bintools = if ltoSupport then buildPackages.rustc.llvmPackages.bintools else stdenv.cc.bintools; 155 161 }); 156 162 157 163 # Compile the wasm32 sysroot to build the RLBox Sandbox ··· 216 222 # ./env_var_for_system_dir.patch with Firefox >=65 without having to track 217 223 # two patches. 218 224 patchFlags = [ "-p1" "-l" ]; 225 + 226 + # if not explicitly set, wrong cc from buildStdenv would be used 227 + HOST_CC = "${llvmPackagesBuildBuild.stdenv.cc}/bin/cc"; 228 + HOST_CXX = "${llvmPackagesBuildBuild.stdenv.cc}/bin/c++"; 219 229 220 230 nativeBuildInputs = [ 221 231 autoconf 222 232 cargo 223 - llvmPackages.llvm # llvm-objdump 233 + gnum4 234 + llvmPackagesBuildBuild.bintools 224 235 makeWrapper 225 236 nodejs 226 237 perl ··· 302 313 export MOZILLA_OFFICIAL=1 303 314 ''; 304 315 316 + # firefox has a different definition of configurePlatforms from nixpkgs, see configureFlags 317 + configurePlatforms = [ ]; 318 + 305 319 configureFlags = [ 306 320 "--disable-tests" 307 321 "--disable-updater" ··· 309 323 "--enable-default-toolkit=cairo-gtk3${lib.optionalString waylandSupport "-wayland"}" 310 324 "--enable-system-pixman" 311 325 "--with-distribution-id=org.nixos" 312 - "--with-libclang-path=${llvmPackages.libclang.lib}/lib" 326 + "--with-libclang-path=${llvmPackagesBuildBuild.libclang.lib}/lib" 313 327 "--with-system-ffi" 314 328 "--with-system-icu" 315 329 "--with-system-jpeg" ··· 320 334 "--with-system-png" # needs APNG support 321 335 "--with-system-webp" 322 336 "--with-system-zlib" 337 + # for firefox, host is buildPlatform, target is hostPlatform 338 + "--host=${buildStdenv.buildPlatform.config}" 339 + "--target=${buildStdenv.hostPlatform.config}" 323 340 ] 324 341 # LTO is done using clang and lld on Linux. 325 342 ++ lib.optionals ltoSupport [ ··· 362 379 fontconfig 363 380 freetype 364 381 glib 365 - gnum4 366 382 gtk3 367 383 icu 368 384 libffi

+3 -6

pkgs/applications/networking/browsers/firefox/wrapper.nix

··· 1 - { stdenv, lib, makeDesktopItem, makeWrapper, lndir, config 1 + { stdenv, lib, makeDesktopItem, makeWrapper, makeBinaryWrapper, lndir, config 2 2 , fetchurl, zip, unzip, jq, xdg-utils, writeText 3 3 4 4 ## various stuff that can be plugged in ··· 231 231 # Symbolic link: wrap the link's target. 232 232 oldExe="$(readlink -v --canonicalize-existing "$executablePath")" 233 233 rm "$executablePath" 234 - elif wrapperCmd=$(strings -dw "$executablePath" | sed -n '/^makeCWrapper/,/^$/ p'); [[ $wrapperCmd ]]; then 234 + elif wrapperCmd=$(${makeBinaryWrapper.extractCmd} "$executablePath"); [[ $wrapperCmd ]]; then 235 235 # If the executable is a binary wrapper, we need to update its target to 236 236 # point to $out, but we can't just edit the binary in-place because of length 237 237 # issues. So we extract the command used to create the wrapper and add the ··· 239 239 parseMakeCWrapperCall() { 240 240 shift # makeCWrapper 241 241 oldExe=$1; shift 242 - for arg do case $arg in 243 - --inherit-argv0) oldWrapperArgs+=(--argv0 '$0');; # makeWrapper doesn't understand --inherit-argv0 244 - *) oldWrapperArgs+=("$arg");; 245 - esac done 242 + oldWrapperArgs=("$@") 246 243 } 247 244 eval "parseMakeCWrapperCall ''${wrapperCmd//"${browser}"/"$out"}" 248 245 rm "$executablePath"

+4 -3

pkgs/applications/networking/instant-messengers/discord/linux.nix

··· 1 1 { pname, version, src, meta, binaryName, desktopName, autoPatchelfHook 2 - , makeDesktopItem, lib, stdenv, wrapGAppsHook, makeWrapper, alsa-lib, at-spi2-atk 2 + , makeDesktopItem, lib, stdenv, wrapGAppsHook, makeShellWrapper, alsa-lib, at-spi2-atk 3 3 , at-spi2-core, atk, cairo, cups, dbus, expat, fontconfig, freetype, gdk-pixbuf 4 4 , glib, gtk3, libcxx, libdrm, libnotify, libpulseaudio, libuuid, libX11 5 5 , libXScrnSaver, libXcomposite, libXcursor, libXdamage, libXext, libXfixes ··· 24 24 libxshmfence 25 25 mesa 26 26 nss 27 - (wrapGAppsHook.override { makeBinaryWrapper = makeWrapper; }) 27 + wrapGAppsHook 28 + makeShellWrapper 28 29 ]; 29 30 30 31 dontWrapGApps = true; ··· 78 79 patchelf --set-interpreter ${stdenv.cc.bintools.dynamicLinker} \ 79 80 $out/opt/${binaryName}/${binaryName} 80 81 81 - wrapProgram $out/opt/${binaryName}/${binaryName} \ 82 + wrapProgramShell $out/opt/${binaryName}/${binaryName} \ 82 83 "''${gappsWrapperArgs[@]}" \ 83 84 --add-flags "\''${NIXOS_OZONE_WL:+\''${WAYLAND_DISPLAY:+--enable-features=UseOzonePlatform --ozone-platform=wayland}}" \ 84 85 --prefix XDG_DATA_DIRS : "${gtk3}/share/gsettings-schemas/${gtk3.name}/" \

+1 -1

pkgs/applications/networking/instant-messengers/signal-desktop/default.nix

··· 40 40 nativeBuildInputs = [ 41 41 autoPatchelfHook 42 42 dpkg 43 - (wrapGAppsHook.override { makeBinaryWrapper = makeWrapper; }) 43 + (wrapGAppsHook.override { inherit makeWrapper; }) 44 44 ]; 45 45 46 46 buildInputs = [

+4 -4

pkgs/applications/science/logic/tlaplus/toolbox.nix

··· 1 1 { lib 2 2 , fetchzip 3 - , makeWrapper 3 + , makeShellWrapper 4 4 , makeDesktopItem 5 5 , stdenv 6 6 , gtk3 ··· 35 35 buildInputs = [ gtk3 ]; 36 36 37 37 nativeBuildInputs = [ 38 - makeWrapper 39 - (wrapGAppsHook.override { makeBinaryWrapper = makeWrapper; }) 38 + makeShellWrapper 39 + wrapGAppsHook 40 40 ]; 41 41 42 42 dontWrapGApps = true; ··· 64 64 --set-interpreter $(cat $NIX_CC/nix-support/dynamic-linker) \ 65 65 "$(find "$out/toolbox" -name jspawnhelper)" 66 66 67 - makeWrapper $out/toolbox/toolbox $out/bin/tla-toolbox \ 67 + makeShellWrapper $out/toolbox/toolbox $out/bin/tla-toolbox \ 68 68 --chdir "$out/toolbox" \ 69 69 --add-flags "-data ~/.tla-toolbox" \ 70 70 --prefix LD_LIBRARY_PATH : "${lib.makeLibraryPath [ gtk3 libXtst glib zlib ]}" \

+2 -2

pkgs/applications/video/mpv/wrapper.nix

··· 32 32 # All arguments besides the input and output binaries (${mpv}/bin/mpv and 33 33 # $out/bin/mpv). These are used by the darwin specific makeWrapper call 34 34 # used to wrap $out/Applications/mpv.app/Contents/MacOS/mpv as well. 35 - mostMakeWrapperArgs = lib.strings.escapeShellArgs ([ "--argv0" "'$0'" 35 + mostMakeWrapperArgs = lib.strings.escapeShellArgs ([ "--inherit-argv0" 36 36 # These are always needed (TODO: Explain why) 37 37 "--prefix" "LUA_CPATH" ";" "${mpv.luaEnv}/lib/lua/${mpv.lua.luaversion}/?.so" 38 38 "--prefix" "LUA_PATH" ";" "${mpv.luaEnv}/share/lua/${mpv.lua.luaversion}/?.lua" ··· 53 53 )) ++ extraMakeWrapperArgs) 54 54 ; 55 55 umpvWrapperArgs = lib.strings.escapeShellArgs ([ 56 - "--argv0" "'$0'" 56 + "--inherit-argv0" 57 57 "--set" "MPV" "${placeholder "out"}/bin/mpv" 58 58 ] ++ extraUmpvWrapperArgs) 59 59 ;

-34

pkgs/build-support/bintools-wrapper/default.nix

··· 184 184 done 185 185 ''; 186 186 187 - emulation = let 188 - fmt = 189 - /**/ if targetPlatform.isDarwin then "mach-o" 190 - else if targetPlatform.isWindows then "pe" 191 - else "elf" + toString targetPlatform.parsed.cpu.bits; 192 - endianPrefix = if targetPlatform.isBigEndian then "big" else "little"; 193 - sep = optionalString (!targetPlatform.isMips && !targetPlatform.isPower && !targetPlatform.isRiscV) "-"; 194 - arch = 195 - /**/ if targetPlatform.isAarch64 then endianPrefix + "aarch64" 196 - else if targetPlatform.isAarch32 then endianPrefix + "arm" 197 - else if targetPlatform.isx86_64 then "x86-64" 198 - else if targetPlatform.isx86_32 then "i386" 199 - else if targetPlatform.isMips then { 200 - mips = "btsmipn32"; # n32 variant 201 - mipsel = "ltsmipn32"; # n32 variant 202 - mips64 = "btsmip"; 203 - mips64el = "ltsmip"; 204 - }.${targetPlatform.parsed.cpu.name} 205 - else if targetPlatform.isMmix then "mmix" 206 - else if targetPlatform.isPower then if targetPlatform.isBigEndian then "ppc" else "lppc" 207 - else if targetPlatform.isSparc then "sparc" 208 - else if targetPlatform.isMsp430 then "msp430" 209 - else if targetPlatform.isAvr then "avr" 210 - else if targetPlatform.isAlpha then "alpha" 211 - else if targetPlatform.isVc4 then "vc4" 212 - else if targetPlatform.isOr1k then "or1k" 213 - else if targetPlatform.isM68k then "m68k" 214 - else if targetPlatform.isS390 then "s390" 215 - else if targetPlatform.isRiscV then "lriscv" 216 - else if targetPlatform.isRx then "rx" 217 - else throw "unknown emulation for platform: ${targetPlatform.config}"; 218 - in if targetPlatform.useLLVM or false then "" 219 - else targetPlatform.bfdEmulation or (fmt + sep + arch); 220 - 221 187 strictDeps = true; 222 188 depsTargetTargetPropagated = extraPackages; 223 189

-5

pkgs/build-support/bintools-wrapper/ld-wrapper.sh

··· 93 93 fi 94 94 95 95 96 - # Specify the target emulation if nothing is passed in ("-m" overrides this 97 - # environment variable). Ensures we never blindly fallback on targeting the host 98 - # platform. 99 - : ${LDEMULATION:=@emulation@} 100 - 101 96 # Three tasks: 102 97 # 103 98 # 1. Find all -L... switches for rpath

+8 -1

pkgs/build-support/cc-wrapper/default.nix

··· 14 14 , nativeTools, noLibc ? false, nativeLibc, nativePrefix ? "" 15 15 , propagateDoc ? cc != null && cc ? man 16 16 , extraTools ? [], extraPackages ? [], extraBuildCommands ? "" 17 + , nixSupport ? {} 17 18 , isGNU ? false, isClang ? cc.isClang or false, gnugrep ? null 18 19 , buildPackages ? {} 19 20 , libcxx ? null ··· 155 156 (setenv "NIX_CFLAGS_COMPILE_${suffixSalt}" (concat (getenv "NIX_CFLAGS_COMPILE_${suffixSalt}") " -isystem " arg "/include")))) 156 157 '(${concatStringsSep " " (map (pkg: "\"${pkg}\"") pkgs)})) 157 158 ''; 159 + 160 + inherit nixSupport; 158 161 }; 159 162 160 163 dontBuild = true; ··· 521 524 ## 522 525 ## Extra custom steps 523 526 ## 524 - + extraBuildCommands; 527 + + extraBuildCommands 528 + + lib.strings.concatStringsSep "; " 529 + (lib.attrsets.mapAttrsToList 530 + (name: value: "echo ${toString value} >> $out/nix-support/${name}") 531 + nixSupport); 525 532 526 533 inherit expand-response-params; 527 534

+13 -12

pkgs/build-support/setup-hooks/make-binary-wrapper.sh pkgs/build-support/setup-hooks/make-binary-wrapper/make-binary-wrapper.sh

··· 15 15 # makeWrapper EXECUTABLE OUT_PATH ARGS 16 16 17 17 # ARGS: 18 - # --argv0 NAME : set name of executed process to NAME 19 - # (otherwise it’s called …-wrapped) 18 + # --argv0 NAME : set the name of the executed process to NAME 19 + # (if unset or empty, defaults to EXECUTABLE) 20 20 # --inherit-argv0 : the executable inherits argv0 from the wrapper. 21 21 # (use instead of --argv0 '$0') 22 - # --set VAR VAL : add VAR with value VAL to the executable’s 23 - # environment 22 + # --set VAR VAL : add VAR with value VAL to the executable's environment 24 23 # --set-default VAR VAL : like --set, but only adds VAR if not already set in 25 24 # the environment 26 25 # --unset VAR : remove VAR from the environment 27 26 # --chdir DIR : change working directory (use instead of --run "cd DIR") 28 27 # --add-flags FLAGS : add FLAGS to invocation of executable 28 + # TODO(@ncfavier): --append-flags 29 29 30 30 # --prefix ENV SEP VAL : suffix/prefix ENV with VAL, separated by SEP 31 31 # --suffix 32 32 33 33 # To troubleshoot a binary wrapper after you compiled it, 34 34 # use the `strings` command or open the binary file in a text editor. 35 - makeWrapper() { 35 + makeWrapper() { makeBinaryWrapper "$@"; } 36 + makeBinaryWrapper() { 36 37 local NIX_CFLAGS_COMPILE= NIX_CFLAGS_LINK= 37 38 local original="$1" 38 39 local wrapper="$2" ··· 43 44 mkdir -p "$(dirname "$wrapper")" 44 45 45 46 makeDocumentedCWrapper "$original" "$@" | \ 46 - @CC@ \ 47 + @cc@ \ 47 48 -Wall -Werror -Wpedantic \ 48 49 -Wno-overlength-strings \ 49 50 -Os \ ··· 52 53 } 53 54 54 55 # Syntax: wrapProgram <PROGRAM> <MAKE-WRAPPER FLAGS...> 55 - wrapProgram() { 56 + wrapProgram() { wrapProgramBinary "$@"; } 57 + wrapProgramBinary() { 56 58 local prog="$1" 57 59 local hidden 58 60 ··· 63 65 hidden="${hidden}_" 64 66 done 65 67 mv "$prog" "$hidden" 66 - # Silence warning about unexpanded $0: 67 - # shellcheck disable=SC2016 68 68 makeWrapper "$hidden" "$prog" --inherit-argv0 "${@:2}" 69 69 } 70 70 ··· 311 311 " 312 312 } 313 313 314 - # Embed a C string which shows up as readable text in the compiled binary wrapper 315 - # documentationString ARGS 314 + # Embed a C string which shows up as readable text in the compiled binary wrapper, 315 + # giving instructions for recreating the wrapper. 316 + # Keep in sync with makeBinaryWrapper.extractCmd 316 317 docstring() { 317 318 printf '%s' "const char * DOCSTRING = \"$(escapeStringLiteral " 318 319 ··· 333 334 334 335 # formatArgs EXECUTABLE ARGS 335 336 formatArgs() { 336 - printf '%s' "$1" 337 + printf '%s' "${1@Q}" 337 338 shift 338 339 while [ $# -gt 0 ]; do 339 340 case "$1" in

+26

pkgs/build-support/setup-hooks/make-binary-wrapper/default.nix

··· 1 + { stdenv 2 + , lib 3 + , makeSetupHook 4 + , dieHook 5 + , writeShellScript 6 + , tests 7 + , cc ? stdenv.cc 8 + , sanitizers ? [] 9 + }: 10 + 11 + makeSetupHook { 12 + deps = [ dieHook ] 13 + # https://github.com/NixOS/nixpkgs/issues/148189 14 + ++ lib.optional (stdenv.isDarwin && stdenv.isAarch64) cc; 15 + 16 + substitutions = { 17 + cc = "${cc}/bin/cc ${lib.escapeShellArgs (map (s: "-fsanitize=${s}") sanitizers)}"; 18 + 19 + # Extract the function call used to create a binary wrapper from its embedded docstring 20 + passthru.extractCmd = writeShellScript "extract-binary-wrapper-cmd" '' 21 + strings -dw "$1" | sed -n '/^makeCWrapper/,/^$/ p' 22 + ''; 23 + 24 + passthru.tests = tests.makeBinaryWrapper; 25 + }; 26 + } ./make-binary-wrapper.sh

+14 -9

pkgs/build-support/setup-hooks/make-wrapper.sh

··· 11 11 # makeWrapper EXECUTABLE OUT_PATH ARGS 12 12 13 13 # ARGS: 14 - # --argv0 NAME : set name of executed process to NAME 15 - # (otherwise it’s called …-wrapped) 16 - # --set VAR VAL : add VAR with value VAL to the executable’s 17 - # environment 14 + # --argv0 NAME : set the name of the executed process to NAME 15 + # (if unset or empty, defaults to EXECUTABLE) 16 + # --inherit-argv0 : the executable inherits argv0 from the wrapper. 17 + # (use instead of --argv0 '$0') 18 + # --set VAR VAL : add VAR with value VAL to the executable's environment 18 19 # --set-default VAR VAL : like --set, but only adds VAR if not already set in 19 20 # the environment 20 21 # --unset VAR : remove VAR from the environment 21 22 # --chdir DIR : change working directory (use instead of --run "cd DIR") 22 23 # --run COMMAND : run command before the executable 23 24 # --add-flags FLAGS : add FLAGS to invocation of executable 25 + # TODO(@ncfavier): --append-flags 24 26 25 27 # --prefix ENV SEP VAL : suffix/prefix ENV with VAL, separated by SEP 26 28 # --suffix ··· 29 31 # --prefix-contents ENV SEP FILES : like --suffix-each, but contents of FILES 30 32 # are read first and used as VALS 31 33 # --suffix-contents 32 - makeWrapper() { 34 + makeWrapper() { makeShellWrapper "$@"; } 35 + makeShellWrapper() { 33 36 local original="$1" 34 37 local wrapper="$2" 35 38 local params varName value command separator n fileNames ··· 165 168 elif [[ "$p" == "--argv0" ]]; then 166 169 argv0="${params[$((n + 1))]}" 167 170 n=$((n + 1)) 171 + elif [[ "$p" == "--inherit-argv0" ]]; then 172 + # Whichever comes last of --argv0 and --inherit-argv0 wins 173 + argv0='$0' 168 174 else 169 175 die "makeWrapper doesn't understand the arg $p" 170 176 fi ··· 193 199 } 194 200 195 201 # Syntax: wrapProgram <PROGRAM> <MAKE-WRAPPER FLAGS...> 196 - wrapProgram() { 202 + wrapProgram() { wrapProgramShell "$@"; } 203 + wrapProgramShell() { 197 204 local prog="$1" 198 205 local hidden 199 206 ··· 204 211 hidden="${hidden}_" 205 212 done 206 213 mv "$prog" "$hidden" 207 - # Silence warning about unexpanded $0: 208 - # shellcheck disable=SC2016 209 - makeWrapper "$hidden" "$prog" --argv0 '$0' "${@:2}" 214 + makeWrapper "$hidden" "$prog" --inherit-argv0 "${@:2}" 210 215 }

+2 -2

pkgs/build-support/setup-hooks/wrap-gapps-hook/default.nix

··· 1 1 { stdenv 2 2 , lib 3 3 , makeSetupHook 4 - , makeBinaryWrapper 4 + , makeWrapper 5 5 , gobject-introspection 6 6 , isGraphical ? true 7 7 , gtk3 ··· 34 34 ] ++ [ 35 35 36 36 # We use the wrapProgram function. 37 - makeBinaryWrapper 37 + makeWrapper 38 38 ]; 39 39 substitutions = { 40 40 passthru.tests = let

+24 -22

pkgs/development/compilers/llvm/14/default.nix

··· 158 158 ] ++ lib.optionals (!stdenv.targetPlatform.isWasm) [ 159 159 targetLlvmLibraries.libunwind 160 160 ]; 161 - extraBuildCommands = '' 162 - echo "-rtlib=compiler-rt -Wno-unused-command-line-argument" >> $out/nix-support/cc-cflags 163 - echo "-B${targetLlvmLibraries.compiler-rt}/lib" >> $out/nix-support/cc-cflags 164 - '' + lib.optionalString (!stdenv.targetPlatform.isWasm) '' 165 - echo "--unwindlib=libunwind" >> $out/nix-support/cc-cflags 166 - '' + lib.optionalString (!stdenv.targetPlatform.isWasm && stdenv.targetPlatform.useLLVM or false) '' 167 - echo "-lunwind" >> $out/nix-support/cc-ldflags 168 - '' + lib.optionalString stdenv.targetPlatform.isWasm '' 169 - echo "-fno-exceptions" >> $out/nix-support/cc-cflags 170 - '' + mkExtraBuildCommands cc; 161 + extraBuildCommands = mkExtraBuildCommands cc; 162 + nixSupport.cc-cflags = 163 + [ "-rtlib=compiler-rt" 164 + "-Wno-unused-command-line-argument" 165 + "-B${targetLlvmLibraries.compiler-rt}/lib" 166 + ] 167 + ++ lib.optional (!stdenv.targetPlatform.isWasm) "--unwindlib=libunwind" 168 + ++ lib.optional 169 + (!stdenv.targetPlatform.isWasm && stdenv.targetPlatform.useLLVM or false) 170 + "-lunwind" 171 + ++ lib.optional stdenv.targetPlatform.isWasm "-fno-exceptions"; 171 172 }; 172 173 173 174 clangNoLibcxx = wrapCCWith rec { ··· 177 178 extraPackages = [ 178 179 targetLlvmLibraries.compiler-rt 179 180 ]; 180 - extraBuildCommands = '' 181 - echo "-rtlib=compiler-rt" >> $out/nix-support/cc-cflags 182 - echo "-B${targetLlvmLibraries.compiler-rt}/lib" >> $out/nix-support/cc-cflags 183 - echo "-nostdlib++" >> $out/nix-support/cc-cflags 184 - '' + mkExtraBuildCommands cc; 181 + extraBuildCommands = mkExtraBuildCommands cc; 182 + nixSupport.cc-cflags = [ 183 + "-rtlib=compiler-rt" 184 + "-B${targetLlvmLibraries.compiler-rt}/lib" 185 + "-nostdlib++" 186 + ]; 185 187 }; 186 188 187 189 clangNoLibc = wrapCCWith rec { ··· 191 193 extraPackages = [ 192 194 targetLlvmLibraries.compiler-rt 193 195 ]; 194 - extraBuildCommands = '' 195 - echo "-rtlib=compiler-rt" >> $out/nix-support/cc-cflags 196 - echo "-B${targetLlvmLibraries.compiler-rt}/lib" >> $out/nix-support/cc-cflags 197 - '' + mkExtraBuildCommands cc; 196 + extraBuildCommands = mkExtraBuildCommands cc; 197 + nixSupport.cc-cflags = [ 198 + "-rtlib=compiler-rt" 199 + "-B${targetLlvmLibraries.compiler-rt}/lib" 200 + ]; 198 201 }; 199 202 200 203 clangNoCompilerRt = wrapCCWith rec { ··· 202 205 libcxx = null; 203 206 bintools = bintoolsNoLibc'; 204 207 extraPackages = [ ]; 205 - extraBuildCommands = '' 206 - echo "-nostartfiles" >> $out/nix-support/cc-cflags 207 - '' + mkExtraBuildCommands0 cc; 208 + extraBuildCommands = mkExtraBuildCommands0 cc; 209 + nixSupport.cc-cflags = [ "-nostartfiles" ]; 208 210 }; 209 211 210 212 clangNoCompilerRtWithLibc = wrapCCWith rec {

+1 -1

pkgs/development/compilers/rust/1_60.nix

··· 33 33 llvmShared = llvm_14.override { enableSharedLibraries = true; }; 34 34 35 35 # Expose llvmPackages used for rustc from rustc via passthru for LTO in Firefox 36 - llvmPackagesForBuild = pkgsBuildBuild.llvmPackages_14; 36 + llvmPackages = llvmPackages_14; 37 37 38 38 # Note: the version MUST be one version prior to the version we're 39 39 # building

+2 -2

pkgs/development/compilers/rust/default.nix

··· 10 10 , llvmSharedForBuild 11 11 , llvmSharedForHost 12 12 , llvmSharedForTarget 13 - , llvmPackagesForBuild # Exposed through rustc for LTO in Firefox 13 + , llvmPackages # Exposed through rustc for LTO in Firefox 14 14 }: 15 15 { stdenv, lib 16 16 , buildPackages ··· 64 64 version = rustcVersion; 65 65 sha256 = rustcSha256; 66 66 inherit enableRustcDev; 67 - inherit llvmShared llvmSharedForBuild llvmSharedForHost llvmSharedForTarget llvmPackagesForBuild; 67 + inherit llvmShared llvmSharedForBuild llvmSharedForHost llvmSharedForTarget llvmPackages; 68 68 69 69 patches = rustcPatches; 70 70

+2 -2

pkgs/development/compilers/rust/rustc.nix

··· 1 1 { lib, stdenv, removeReferencesTo, pkgsBuildBuild, pkgsBuildHost, pkgsBuildTarget 2 - , llvmShared, llvmSharedForBuild, llvmSharedForHost, llvmSharedForTarget, llvmPackagesForBuild 2 + , llvmShared, llvmSharedForBuild, llvmSharedForHost, llvmSharedForTarget, llvmPackages 3 3 , fetchurl, file, python3 4 4 , darwin, cmake, rust, rustPlatform 5 5 , pkg-config, openssl ··· 179 179 180 180 passthru = { 181 181 llvm = llvmShared; 182 - llvmPackages = llvmPackagesForBuild; 182 + inherit llvmPackages; 183 183 }; 184 184 185 185 meta = with lib; {

+5 -1

pkgs/development/interpreters/lua-5/default.nix

··· 1 1 # similar to interpreters/python/default.nix 2 - { stdenv, lib, callPackage, fetchurl, fetchpatch }: 2 + { stdenv, lib, callPackage, fetchurl, fetchpatch, makeBinaryWrapper }: 3 3 4 4 rec { 5 5 lua5_4 = callPackage ./interpreter.nix { 6 6 sourceVersion = { major = "5"; minor = "4"; patch = "3"; }; 7 7 hash = "1yxvjvnbg4nyrdv10bq42gz6dr66pyan28lgzfygqfwy2rv24qgq"; 8 + makeWrapper = makeBinaryWrapper; 8 9 9 10 patches = lib.optional stdenv.isDarwin ./5.4.darwin.patch; 10 11 }; ··· 16 17 lua5_3 = callPackage ./interpreter.nix { 17 18 sourceVersion = { major = "5"; minor = "3"; patch = "6"; }; 18 19 hash = "0q3d8qhd7p0b7a4mh9g7fxqksqfs6mr1nav74vq26qvkp2dxcpzw"; 20 + makeWrapper = makeBinaryWrapper; 19 21 20 22 patches = 21 23 lib.optionals stdenv.isDarwin [ ./5.2.darwin.patch ]; ··· 29 31 lua5_2 = callPackage ./interpreter.nix { 30 32 sourceVersion = { major = "5"; minor = "2"; patch = "4"; }; 31 33 hash = "0jwznq0l8qg9wh5grwg07b5cy3lzngvl5m2nl1ikp6vqssmf9qmr"; 34 + makeWrapper = makeBinaryWrapper; 32 35 patches = lib.optional stdenv.isDarwin ./5.2.darwin.patch; 33 36 }; 34 37 ··· 40 43 lua5_1 = callPackage ./interpreter.nix { 41 44 sourceVersion = { major = "5"; minor = "1"; patch = "5"; }; 42 45 hash = "2640fc56a795f29d28ef15e13c34a47e223960b0240e8cb0a82d9b0738695333"; 46 + makeWrapper = makeBinaryWrapper; 43 47 patches = (lib.optional stdenv.isDarwin ./5.1.darwin.patch) 44 48 ++ [ ./CVE-2014-5461.patch ]; 45 49 };

+1

pkgs/development/interpreters/lua-5/interpreter.nix

··· 126 126 passthru = rec { 127 127 buildEnv = callPackage ./wrapper.nix { 128 128 lua = self; 129 + inherit makeWrapper; 129 130 inherit (luaPackages) requiredLuaModules; 130 131 }; 131 132 withPackages = import ./with-packages.nix { inherit buildEnv luaPackages;};

+7 -5

pkgs/development/libraries/gtk/3.x.nix

··· 1 1 { lib 2 2 , stdenv 3 3 , substituteAll 4 - , fetchurl 4 + , fetchzip 5 5 , pkg-config 6 6 , gettext 7 7 , docbook-xsl-nons ··· 60 60 61 61 stdenv.mkDerivation rec { 62 62 pname = "gtk+3"; 63 - version = "3.24.33"; 63 + version = "3.24.33-2022-03-11"; 64 64 65 65 outputs = [ "out" "dev" ] ++ lib.optional withGtkDoc "devdoc"; 66 66 outputBin = "dev"; ··· 70 70 gtkCleanImmodulesCache 71 71 ]; 72 72 73 - src = fetchurl { 74 - url = "mirror://gnome/sources/gtk+/${lib.versions.majorMinor version}/gtk+-${version}.tar.xz"; 75 - sha256 = "sha256-WIsGUi4l0VeemJtvnYob2/L+E83gGgTpBP80aiJeeAE="; 73 + src = fetchzip { 74 + url = "https://gitlab.gnome.org/GNOME/gtk/-/archive/9d1d2f0a6643570274121fc1473e46a6edc2e32d/gtk-9d1d2f0a6643570274121fc1473e46a6edc2e32d.tar.gz"; 75 + sha256 = "sha256-+K1Kp3Sklrj/Ly0pSktfQwfcrIKpbf05NQbMDhWJZNI="; 76 76 }; 77 77 78 78 patches = [ ··· 201 201 for f in $dev/bin/gtk-encode-symbolic-svg; do 202 202 wrapProgram $f --prefix XDG_DATA_DIRS : "${shared-mime-info}/share" 203 203 done 204 + '' + lib.optionalString (stdenv.buildPlatform == stdenv.hostPlatform) '' 205 + GTK_PATH="''${out:?}/lib/gtk-3.0/3.0.0/immodules/" ''${dev:?}/bin/gtk-query-immodules-3.0 > "''${out:?}/lib/gtk-3.0/3.0.0/immodules.cache" 204 206 ''; 205 207 206 208 # Wrap demos

+7 -1

pkgs/development/libraries/libqrtr-glib/default.nix

··· 20 20 sha256 = "MNh5sq3m+PRh3vOmd3VdtcAji6v2iNXIPAOz5qvjXO4="; 21 21 }; 22 22 23 + strictDeps = true; 24 + 25 + depsBuildBuild = [ 26 + pkg-config 27 + ]; 28 + 23 29 nativeBuildInputs = [ 24 30 pkg-config 25 31 gobject-introspection ··· 32 38 glib 33 39 ]; 34 40 35 - configureFlags = [ 41 + configureFlags = lib.optionals (stdenv.buildPlatform == stdenv.hostPlatform) [ 36 42 "--enable-gtk-doc" 37 43 ]; 38 44

+74 -51

pkgs/development/libraries/openldap/default.nix

··· 1 - { lib, stdenv, fetchurl, openssl, db, groff, libtool, libsodium 2 - , withCyrusSasl ? true 1 + { lib 2 + , stdenv 3 + , fetchurl 4 + 5 + # dependencies 3 6 , cyrus_sasl 7 + , db 8 + , groff 9 + , libsodium 10 + , libtool 11 + , openssl 12 + , systemdMinimal 4 13 }: 5 14 6 15 stdenv.mkDerivation rec { 7 16 pname = "openldap"; 8 - version = "2.4.58"; 17 + version = "2.6.2"; 9 18 10 19 src = fetchurl { 11 20 url = "https://www.openldap.org/software/download/OpenLDAP/openldap-release/${pname}-${version}.tgz"; 12 - sha256 = "sha256-V7WSVL4V0L9qmrPVFMHAV3ewISMpFTMTSofJRGj49Hs="; 21 + hash = "sha256-gdCTRSMutiSG7PWsrNLFbAxFtKbIwGZhLn9CGiOhz4c"; 13 22 }; 14 23 15 24 # TODO: separate "out" and "bin" 16 - outputs = [ "out" "dev" "man" "devdoc" ]; 25 + outputs = [ 26 + "out" 27 + "dev" 28 + "man" 29 + "devdoc" 30 + ]; 17 31 18 32 enableParallelBuilding = true; 19 33 20 - nativeBuildInputs = [ groff ]; 34 + nativeBuildInputs = [ 35 + groff 36 + ]; 21 37 22 - buildInputs = [ openssl cyrus_sasl db libsodium libtool ]; 23 - 24 - # Disable install stripping as it breaks cross-compiling. 25 - # We strip binaries anyway in fixupPhase. 26 - makeFlags= [ 27 - "STRIP=" 28 - "prefix=$(out)" 29 - "moduledir=$(out)/lib/modules" 30 - "CC=${stdenv.cc.targetPrefix}cc" 38 + buildInputs = [ 39 + cyrus_sasl 40 + db 41 + libsodium 42 + libtool 43 + openssl 44 + ] ++ lib.optionals (stdenv.isLinux) [ 45 + systemdMinimal 31 46 ]; 32 47 33 48 preConfigure = lib.optionalString (lib.versionAtLeast stdenv.hostPlatform.darwinMinVersion "11") '' ··· 35 50 ''; 36 51 37 52 configureFlags = [ 53 + "--enable-argon2" 54 + "--enable-crypt" 55 + "--enable-modules" 38 56 "--enable-overlays" 39 - "--disable-dependency-tracking" # speeds up one-time build 40 - "--enable-modules" 41 - "--sysconfdir=/etc" 42 - "--localstatedir=/var" 43 - "--enable-crypt" 44 57 ] ++ lib.optionals (stdenv.hostPlatform != stdenv.buildPlatform) [ 45 58 "--with-yielding_select=yes" 46 59 "ac_cv_func_memcmp_working=yes" 47 - ] ++ lib.optional (!withCyrusSasl) "--without-cyrus-sasl" 48 - ++ lib.optional stdenv.isFreeBSD "--with-pic"; 60 + ] ++ lib.optional stdenv.isFreeBSD "--with-pic"; 61 + 62 + makeFlags= [ 63 + "CC=${stdenv.cc.targetPrefix}cc" 64 + "STRIP=" # Disable install stripping as it breaks cross-compiling. We strip binaries anyway in fixupPhase. 65 + "prefix=${placeholder "out"}" 66 + "sysconfdir=${placeholder "out"}/etc" 67 + "systemdsystemunitdir=${placeholder "out"}/lib/systemd/system" 68 + # contrib modules require these 69 + "moduledir=${placeholder "out"}/lib/modules" 70 + "mandir=${placeholder "out"}/share/man" 71 + ] ++ lib.optionals (stdenv.buildPlatform != stdenv.hostPlatform) [ 72 + # Can be unconditional, doing it like this to prevent a mass rebuild. 73 + "STRIP_OPTS=" 74 + ]; 75 + 76 + extraContribModules = [ 77 + # https://git.openldap.org/openldap/openldap/-/tree/master/contrib/slapd-modules 78 + "passwd/sha2" 79 + "passwd/pbkdf2" 80 + "passwd/totp" 81 + ]; 49 82 50 83 postBuild = '' 51 - make $makeFlags CC=$CC -C contrib/slapd-modules/passwd/sha2 52 - make $makeFlags CC=$CC -C contrib/slapd-modules/passwd/pbkdf2 53 - make $makeFlags CC=$CC -C contrib/slapd-modules/passwd/argon2 84 + for module in ${lib.concatStringsSep " " extraContribModules}; do 85 + make $makeFlags CC=$CC -C contrib/slapd-modules/$module 86 + done 54 87 ''; 55 88 56 - doCheck = false; # needs a running LDAP server 89 + preCheck = '' 90 + substituteInPlace tests/scripts/all \ 91 + --replace "/bin/rm" "rm" 92 + ''; 57 93 58 - installFlags = [ 59 - "sysconfdir=$(out)/etc" 60 - "localstatedir=$(out)/var" 61 - "moduledir=$(out)/lib/modules" 62 - # The argon2 module hardcodes /usr/bin/install as the path for the 63 - # `install` binary, which is overridden here. 64 - "INSTALL=install" 65 - ]; 94 + doCheck = true; 66 95 67 - # 1. Libraries left in the build location confuse `patchelf --shrink-rpath` 68 - # Delete these to let patchelf discover the right path instead. 69 - # FIXME: that one can be removed when https://github.com/NixOS/patchelf/pull/98 70 - # is in Nixpkgs patchelf. 71 - # 2. Fixup broken libtool for openssl and cyrus_sasl (if it is not disabled) 96 + # The directory is empty and serve no purpose. 72 97 preFixup = '' 73 98 rm -r $out/var 74 - rm -r libraries/*/.libs 75 - rm -r contrib/slapd-modules/passwd/*/.libs 76 - for f in $out/lib/libldap.la $out/lib/libldap_r.la; do 77 - substituteInPlace "$f" --replace '-lssl' '-L${lib.getLib openssl}/lib -lssl' 78 - '' + lib.optionalString withCyrusSasl '' 79 - substituteInPlace "$f" --replace '-lsasl2' '-L${cyrus_sasl.out}/lib -lsasl2' 80 - '' + '' 81 - done 82 99 ''; 83 100 101 + installFlags = [ 102 + "prefix=${placeholder "out"}" 103 + "moduledir=${placeholder "out"}/lib/modules" 104 + "INSTALL=install" 105 + ]; 106 + 84 107 postInstall = '' 85 - make $installFlags install -C contrib/slapd-modules/passwd/sha2 86 - make $installFlags install -C contrib/slapd-modules/passwd/pbkdf2 87 - make $installFlags install-lib -C contrib/slapd-modules/passwd/argon2 108 + for module in ${lib.concatStringsSep " " extraContribModules}; do 109 + make $installFlags install -C contrib/slapd-modules/$module 110 + done 88 111 chmod +x "$out"/lib/*.{so,dylib} 89 112 ''; 90 113 ··· 92 115 homepage = "https://www.openldap.org/"; 93 116 description = "An open source implementation of the Lightweight Directory Access Protocol"; 94 117 license = licenses.openldap; 95 - maintainers = with maintainers; [ lovek323 ]; 118 + maintainers = with maintainers; [ ajs124 das_j hexa ]; 96 119 platforms = platforms.unix; 97 120 }; 98 121 }

+94

pkgs/development/python-modules/ldap/0001-Check-whether-libldap-is-threadsafe-on-startup.patch

··· 1 + From 3593e2c299c0ac0402f23d44cdbe8e6ff3687b68 Mon Sep 17 00:00:00 2001 2 + From: =?UTF-8?q?Ond=C5=99ej=20Kuzn=C3=ADk?= <ondra@mistotebe.net> 3 + Date: Thu, 27 Jan 2022 10:35:56 +0000 4 + Subject: [PATCH] Check whether libldap is threadsafe on startup. 5 + 6 + Closes #432 7 + --- 8 + Lib/ldap/constants.py | 2 -- 9 + Modules/constants.c | 10 ++++++++++ 10 + setup.cfg | 6 ++++-- 11 + setup.py | 1 - 12 + 4 files changed, 14 insertions(+), 5 deletions(-) 13 + 14 + diff --git a/Lib/ldap/constants.py b/Lib/ldap/constants.py 15 + index 1c1d76a..f76609b 100644 16 + --- a/Lib/ldap/constants.py 17 + +++ b/Lib/ldap/constants.py 18 + @@ -341,9 +341,7 @@ CONSTANTS = ( 19 + # XXX - these should be errors 20 + Int('URL_ERR_BADSCOPE'), 21 + Int('URL_ERR_MEM'), 22 + - # Int('LIBLDAP_R'), 23 + 24 + - Feature('LIBLDAP_R', 'HAVE_LIBLDAP_R'), 25 + Feature('SASL_AVAIL', 'HAVE_SASL'), 26 + Feature('TLS_AVAIL', 'HAVE_TLS'), 27 + Feature('INIT_FD_AVAIL', 'HAVE_LDAP_INIT_FD'), 28 + diff --git a/Modules/constants.c b/Modules/constants.c 29 + index 07d6065..8d6f63b 100644 30 + --- a/Modules/constants.c 31 + +++ b/Modules/constants.c 32 + @@ -197,6 +197,8 @@ int 33 + LDAPinit_constants(PyObject *m) 34 + { 35 + PyObject *exc, *nobj; 36 + + struct ldap_apifeature_info info = { 1, "X_OPENLDAP_THREAD_SAFE", 0 }; 37 + + int thread_safe = 0; 38 + 39 + /* simple constants */ 40 + 41 + @@ -221,6 +223,14 @@ LDAPinit_constants(PyObject *m) 42 + return -1; 43 + Py_INCREF(LDAPexception_class); 44 + 45 + +#ifdef LDAP_API_FEATURE_X_OPENLDAP_THREAD_SAFE 46 + + if (ldap_get_option(NULL, LDAP_OPT_API_FEATURE_INFO, &info) == LDAP_SUCCESS) { 47 + + thread_safe = (info.ldapaif_version == 1); 48 + + } 49 + +#endif 50 + + if (PyModule_AddIntConstant(m, "LIBLDAP_R", thread_safe) != 0) 51 + + return -1; 52 + + 53 + /* Generated constants -- see Lib/ldap/constants.py */ 54 + 55 + #define add_err(n) do { \ 56 + diff --git a/setup.cfg b/setup.cfg 57 + index 2e372ba..a75f186 100644 58 + --- a/setup.cfg 59 + +++ b/setup.cfg 60 + @@ -5,7 +5,9 @@ license_file = LICENCE 61 + defines = HAVE_SASL HAVE_TLS HAVE_LIBLDAP_R 62 + extra_compile_args = 63 + extra_objects = 64 + -libs = ldap_r lber 65 + +# Uncomment this if your libldap is not thread-safe and you need libldap_r 66 + +# instead 67 + +#libs = ldap_r lber 68 + 69 + [install] 70 + compile = 1 71 + @@ -13,7 +15,7 @@ optimize = 1 72 + 73 + [bdist_rpm] 74 + provides = python-ldap 75 + -requires = python libldap-2_4 76 + +requires = python libldap-2 77 + vendor = python-ldap project 78 + packager = python-ldap team 79 + distribution_name = openSUSE 11.x 80 + diff --git a/setup.py b/setup.py 81 + index 119b571..b193957 100644 82 + --- a/setup.py 83 + +++ b/setup.py 84 + @@ -132,7 +132,6 @@ setup( 85 + extra_objects = LDAP_CLASS.extra_objects, 86 + runtime_library_dirs = (not sys.platform.startswith("win"))*LDAP_CLASS.library_dirs, 87 + define_macros = LDAP_CLASS.defines + \ 88 + - ('ldap_r' in LDAP_CLASS.libs or 'oldap_r' in LDAP_CLASS.libs)*[('HAVE_LIBLDAP_R',None)] + \ 89 + ('sasl' in LDAP_CLASS.libs or 'sasl2' in LDAP_CLASS.libs or 'libsasl' in LDAP_CLASS.libs)*[('HAVE_SASL',None)] + \ 90 + ('ssl' in LDAP_CLASS.libs and 'crypto' in LDAP_CLASS.libs)*[('HAVE_TLS',None)] + \ 91 + [ 92 + -- 93 + 2.36.0 94 +

+4

pkgs/development/python-modules/ldap/default.nix

··· 12 12 sha256 = "60464c8fc25e71e0fd40449a24eae482dcd0fb7fcf823e7de627a6525b3e0d12"; 13 13 }; 14 14 15 + patches = [ 16 + ./0001-Check-whether-libldap-is-threadsafe-on-startup.patch 17 + ]; 18 + 15 19 propagatedBuildInputs = [ pyasn1 pyasn1-modules ]; 16 20 17 21 checkInputs = [ pytestCheckHook ];

+4

pkgs/development/python-modules/pandas/default.nix

··· 93 93 ] ++ lib.optionals stdenv.isDarwin [ 94 94 "test_locale" 95 95 "test_clipboard" 96 + # ValueError: cannot reindex on an axis with duplicate labels 97 + # 98 + # Attempts to reproduce this problem outside of Hydra failed. 99 + "test_reindex_timestamp_with_fold" 96 100 ]; 97 101 98 102 # Tests have relative paths, and need to reference compiled C extensions

+4 -2

pkgs/development/python-modules/python-mimeparse/default.nix

··· 1 1 { lib 2 2 , buildPythonPackage 3 3 , fetchPypi 4 + , pytestCheckHook 4 5 }: 5 6 6 7 buildPythonPackage rec { ··· 12 13 sha256 = "76e4b03d700a641fd7761d3cd4fdbbdcd787eade1ebfac43f877016328334f78"; 13 14 }; 14 15 15 - # error: invalid command 'test' 16 - doCheck = false; 16 + checkInputs = [ 17 + pytestCheckHook 18 + ]; 17 19 18 20 meta = with lib; { 19 21 description = "A module provides basic functions for parsing mime-type names and matching them against a list of media-ranges";

+18 -14

pkgs/development/tools/analysis/valgrind/default.nix

··· 1 1 { lib, stdenv, fetchurl, fetchpatch 2 2 , autoreconfHook, perl 3 3 , gdb, cctools, xnu, bootstrap_cmds 4 + , writeScript 4 5 }: 5 6 6 7 stdenv.mkDerivation rec { 7 8 pname = "valgrind"; 8 - version = "3.18.1"; 9 + version = "3.19.0"; 9 10 10 11 src = fetchurl { 11 12 url = "https://sourceware.org/pub/${pname}/${pname}-${version}.tar.bz2"; 12 - sha256 = "sha256-AIWaoTp3Lt33giIl9LRu4NOa++Bx0yd42k2ZmECB9/U="; 13 + sha256 = "sha256-3V40SG8aSD/3vnMAzBa01rJGkJh4d8MnjXl1NNZzjwI="; 13 14 }; 14 - 15 - patches = [ 16 - # Fix tests on Musl. 17 - # https://bugs.kde.org/show_bug.cgi?id=445300 18 - (fetchpatch { 19 - url = "https://bugsfiles.kde.org/attachment.cgi?id=143535"; 20 - sha256 = "036zyk30rixjvpylw3c7n171n4gpn6zcp7h6ya2dz4h5r478l9i6"; 21 - }) 22 - ]; 23 15 24 16 outputs = [ "out" "dev" "man" "doc" ]; 25 17 ··· 59 51 --replace /usr/bin/ld ${cctools}/bin/ld 60 52 ''); 61 53 62 - # To prevent rebuild on linux when moving darwin's postPatch fixes to preConfigure 63 - postPatch = ""; 64 - 65 54 configureFlags = 66 55 lib.optional (stdenv.hostPlatform.system == "x86_64-linux" || stdenv.hostPlatform.system == "x86_64-darwin") "--enable-only64bit" 67 56 ++ lib.optional stdenv.hostPlatform.isDarwin "--with-xcodedir=${xnu}/include"; ··· 76 65 --replace 'obj:/usr/lib' 'obj:*/lib' 77 66 done 78 67 ''; 68 + 69 + passthru = { 70 + updateScript = writeScript "update-valgrind" '' 71 + #!/usr/bin/env nix-shell 72 + #!nix-shell -i bash -p curl pcre common-updater-scripts 73 + 74 + set -eu -o pipefail 75 + 76 + # Expect the text in format of: 77 + # 'Current release: <a href="/downloads/current.html#current">valgrind-3.19.0</a>' 78 + new_version="$(curl -s https://valgrind.org/ | 79 + pcregrep -o1 'Current release: .*>valgrind-([0-9.]+)</a>')" 80 + update-source-version ${pname} "$new_version" 81 + ''; 82 + }; 79 83 80 84 meta = { 81 85 homepage = "http://www.valgrind.org/";

+6

pkgs/development/tools/misc/binutils/default.nix

··· 82 82 # override this behavior, forcing ld to search DT_RPATH even when 83 83 # cross-compiling. 84 84 ./always-search-rpath.patch 85 + 86 + # Fixed in 2.39 87 + # https://sourceware.org/bugzilla/show_bug.cgi?id=28885 88 + # https://sourceware.org/git/?p=binutils-gdb.git;a=patch;h=99852365513266afdd793289813e8e565186c9e6 89 + # https://github.com/NixOS/nixpkgs/issues/170946 90 + ./deterministic-temp-prefixes.patch 85 91 ] 86 92 ++ lib.optional targetPlatform.isiOS ./support-ios.patch 87 93 # This patch was suggested by Nick Clifton to fix

+36

pkgs/development/tools/misc/binutils/deterministic-temp-prefixes.patch

··· 1 + From 99852365513266afdd793289813e8e565186c9e6 Mon Sep 17 00:00:00 2001 2 + From: Nick Clifton <nickc@redhat.com> 3 + Date: Wed, 23 Mar 2022 11:39:49 +0000 4 + Subject: [PATCH] dlltool: Use the output name as basis for deterministic temp 5 + prefixes 6 + 7 + PR 28885 8 + * dlltool.c (main): use imp_name rather than dll_name when 9 + generating a temporary file name. 10 + --- 11 + binutils/ChangeLog | 9 +++++++++ 12 + binutils/dlltool.c | 7 ++++--- 13 + 2 files changed, 13 insertions(+), 3 deletions(-) 14 + 15 + diff --git a/binutils/dlltool.c b/binutils/dlltool.c 16 + index d95bf3f5470..89871510b45 100644 17 + --- a/binutils/dlltool.c 18 + +++ b/binutils/dlltool.c 19 + @@ -3992,10 +3992,11 @@ main (int ac, char **av) 20 + if (tmp_prefix == NULL) 21 + { 22 + /* If possible use a deterministic prefix. */ 23 + - if (dll_name) 24 + + if (imp_name || delayimp_name) 25 + { 26 + - tmp_prefix = xmalloc (strlen (dll_name) + 2); 27 + - sprintf (tmp_prefix, "%s_", dll_name); 28 + + const char *input = imp_name ? imp_name : delayimp_name; 29 + + tmp_prefix = xmalloc (strlen (input) + 2); 30 + + sprintf (tmp_prefix, "%s_", input); 31 + for (i = 0; tmp_prefix[i]; i++) 32 + if (!ISALNUM (tmp_prefix[i])) 33 + tmp_prefix[i] = '_'; 34 + -- 35 + 2.31.1 36 +

+68

pkgs/development/tools/misc/gdb/32-bit-BFD_VMA-format.patch

··· 1 + Fix iWerror=format build for 32-bit systems. 2 + https://sourceware.org/pipermail/gdb-patches/2022-May/189288.html 3 + --- a/sim/cris/sim-if.c 4 + +++ b/sim/cris/sim-if.c 5 + @@ -257,7 +257,8 @@ cris_load_elf_file (SIM_DESC sd, struct bfd *abfd, sim_write_fn do_write) 6 + 7 + if (verbose) 8 + sim_io_printf (sd, 9 + - "Loading segment at 0x%" BFD_VMA_FMT "x, size 0x%lx\n", 10 + + "Loading segment at 0x%" BFD_VMA_FMT "x, " 11 + + "size 0x%" BFD_VMA_FMT "x\n", 12 + lma, phdr[i].p_filesz); 13 + 14 + if (bfd_seek (abfd, phdr[i].p_offset, SEEK_SET) != 0 15 + @@ -265,7 +266,7 @@ cris_load_elf_file (SIM_DESC sd, struct bfd *abfd, sim_write_fn do_write) 16 + { 17 + sim_io_eprintf (sd, 18 + "%s: could not read segment at 0x%" BFD_VMA_FMT "x, " 19 + - "size 0x%lx\n", 20 + + "size 0x%" BFD_VMA_FMT "x\n", 21 + STATE_MY_NAME (sd), lma, phdr[i].p_filesz); 22 + free (buf); 23 + return FALSE; 24 + @@ -275,7 +276,7 @@ cris_load_elf_file (SIM_DESC sd, struct bfd *abfd, sim_write_fn do_write) 25 + { 26 + sim_io_eprintf (sd, 27 + "%s: could not load segment at 0x%" BFD_VMA_FMT "x, " 28 + - "size 0x%lx\n", 29 + + "size 0x%" BFD_VMA_FMT "x\n", 30 + STATE_MY_NAME (sd), lma, phdr[i].p_filesz); 31 + free (buf); 32 + return FALSE; 33 + @@ -572,7 +573,8 @@ cris_handle_interpreter (SIM_DESC sd, struct bfd *abfd) 34 + memory area, so we go via a temporary area. Luckily, the 35 + interpreter is supposed to be small, less than 0x40000 36 + bytes. */ 37 + - sim_do_commandf (sd, "memory region 0x%" BFD_VMA_FMT "x,0x%lx", 38 + + sim_do_commandf (sd, "memory region 0x%" BFD_VMA_FMT "x," 39 + + "0x%" BFD_VMA_FMT "x", 40 + interp_load_addr, interpsiz); 41 + 42 + /* Now that memory for the interpreter is defined, load it. */ 43 + --- a/sim/m32c/syscalls.c 44 + +++ b/sim/m32c/syscalls.c 45 + @@ -299,8 +299,8 @@ m32c_syscall (int id) 46 + 47 + rv = gettimeofday (&tv, 0); 48 + if (trace) 49 + - printf ("gettimeofday: %ld sec %ld usec to 0x%x\n", tv.tv_sec, 50 + - tv.tv_usec, tvaddr); 51 + + printf ("gettimeofday: %lld sec %lld usec to 0x%x\n", 52 + + (long long)tv.tv_sec, (long long)tv.tv_usec, tvaddr); 53 + mem_put_si (tvaddr, tv.tv_sec); 54 + mem_put_si (tvaddr + 4, tv.tv_usec); 55 + put_reg (r0, rv); 56 + --- a/sim/rx/syscalls.c 57 + +++ b/sim/rx/syscalls.c 58 + @@ -270,8 +270,8 @@ rx_syscall (int id) 59 + 60 + rv = gettimeofday (&tv, 0); 61 + if (trace) 62 + - printf ("gettimeofday: %ld sec %ld usec to 0x%x\n", tv.tv_sec, 63 + - tv.tv_usec, tvaddr); 64 + + printf ("gettimeofday: %lld sec %lld usec to 0x%x\n", 65 + + (long long)tv.tv_sec, (long long)tv.tv_usec, tvaddr); 66 + mem_put_si (tvaddr, tv.tv_sec); 67 + mem_put_si (tvaddr + 4, tv.tv_usec); 68 + put_reg (1, rv);

+10 -17

pkgs/development/tools/misc/gdb/debug-info-from-env.patch

··· 1 - diff -ur a/gdb/main.c b/gdb/main.c 2 - --- a/gdb/main.c 2020-02-08 13:50:14.000000000 +0100 3 - +++ b/gdb/main.c 2020-02-24 10:02:07.731806739 +0100 4 - @@ -567,9 +567,17 @@ 5 - gdb_sysroot = xstrdup (TARGET_SYSROOT_PREFIX); 6 - } 1 + --- a/gdb/main.c 2 + +++ b/gdb/main.c 3 + @@ -708,8 +708,12 @@ captured_main_1 (struct captured_main_args *context) 4 + if (gdb_sysroot.empty ()) 5 + gdb_sysroot = TARGET_SYSROOT_PREFIX; 7 6 8 7 - debug_file_directory 9 - - = xstrdup (relocate_gdb_directory (DEBUGDIR, 10 - - DEBUGDIR_RELOCATABLE).c_str ()); 11 - + debug_file_directory = getenv ("NIX_DEBUG_INFO_DIRS"); 12 - + if (debug_file_directory != NULL) 13 - + // This might be updated later using 14 - + // $ set debug-file-directory /to/some/path 15 - + // which will use xfree. We must then have a xmallocated 16 - + // copy of the string that can be xfeed later. 17 - + debug_file_directory = xstrdup (debug_file_directory); 8 + - = relocate_gdb_directory (DEBUGDIR, DEBUGDIR_RELOCATABLE); 9 + + const char * nix_debug = getenv ("NIX_DEBUG_INFO_DIRS"); 10 + + if (nix_debug != NULL) 11 + + debug_file_directory = nix_debug; 18 12 + else 19 13 + debug_file_directory 20 - + = xstrdup (relocate_gdb_directory (DEBUGDIR, 21 - + DEBUGDIR_RELOCATABLE).c_str ()); 14 + + = relocate_gdb_directory (DEBUGDIR, DEBUGDIR_RELOCATABLE); 22 15 23 16 gdb_datadir = relocate_gdb_directory (GDB_DATADIR, 24 17 GDB_DATADIR_RELOCATABLE);

+29 -18

pkgs/development/tools/misc/gdb/default.nix

··· 1 1 { lib, stdenv, targetPackages 2 2 3 3 # Build time 4 - , fetchurl, fetchpatch, pkg-config, perl, texinfo, setupDebugInfoDirs, buildPackages 4 + , fetchurl, pkg-config, perl, texinfo, setupDebugInfoDirs, buildPackages 5 5 6 6 # Run time 7 7 , ncurses, readline, gmp, mpfr, expat, libipt, zlib, dejagnu, sourceHighlight ··· 15 15 # targetPackages so we get the right libc when cross-compiling and using buildPackages.gdb 16 16 targetPackages.stdenv.cc.cc.lib 17 17 ] 18 + , writeScript 18 19 }: 19 20 20 21 let ··· 27 28 28 29 stdenv.mkDerivation rec { 29 30 pname = targetPrefix + basename; 30 - version = "11.2"; 31 + version = "12.1"; 31 32 32 33 src = fetchurl { 33 34 url = "mirror://gnu/gdb/${basename}-${version}.tar.xz"; 34 - hash = "sha256-FJfDanGIG4ZxqahKDuQPqreIyjDXuhnYRjw8x4cVLjI="; 35 + hash = "sha256-DheTv48rVNU/Rt6oTM/URvSPgbKXsoxPf8AXuBjWn+0="; 35 36 }; 36 37 37 - postPatch = if stdenv.isDarwin then '' 38 + postPatch = lib.optionalString stdenv.isDarwin '' 38 39 substituteInPlace gdb/darwin-nat.c \ 39 40 --replace '#include "bfd/mach-o.h"' '#include "mach-o.h"' 40 - '' else if stdenv.hostPlatform.isMusl then '' 41 + '' + lib.optionalString stdenv.hostPlatform.isMusl '' 42 + substituteInPlace sim/erc32/erc32.c --replace sys/fcntl.h fcntl.h 43 + substituteInPlace sim/erc32/interf.c --replace sys/fcntl.h fcntl.h 44 + substituteInPlace sim/erc32/sis.c --replace sys/fcntl.h fcntl.h 41 45 substituteInPlace sim/ppc/emul_unix.c --replace sys/termios.h termios.h 42 - '' else null; 46 + ''; 43 47 44 48 patches = [ 45 49 ./debug-info-from-env.patch 46 - 47 - # Pull upstream fix for gcc-12. Will be included in gdb-12. 48 - (fetchpatch { 49 - name = "gcc-12.patch"; 50 - url = "https://sourceware.org/git/?p=binutils-gdb.git;a=patch;h=e97436b1b789dcdb6ffb502263f4c86f8bc22996"; 51 - sha256 = "1mpgw6s9qgnwhwyg3hagc6vhqhvia0l1s8nr22bcahwqxi3wvzcw"; 52 - }) 53 50 ] ++ lib.optionals stdenv.isDarwin [ 54 51 ./darwin-target-match.patch 55 - ] ++ lib.optional stdenv.hostPlatform.isMusl (fetchpatch { 56 - name = "musl-fix-pagesize-page_size.patch"; 57 - url = "https://sourceware.org/git/?p=binutils-gdb.git;a=patch;h=fd0975b96b16d96010dce439af9620d3dfb65426"; 58 - hash = "sha256-M3U7uIIFJnYu0g8/sMLJPhm02q7cGOi6pLjgsUUjeKI="; 59 - }); 52 + # Does not nave to be conditional. We apply it conditionally 53 + # to speed up inclusion to nearby nixos release. 54 + ] ++ lib.optionals stdenv.is32bit [ 55 + ./32-bit-BFD_VMA-format.patch 56 + ]; 60 57 61 58 nativeBuildInputs = [ pkg-config texinfo perl setupDebugInfoDirs ]; 62 59 ··· 114 111 115 112 # TODO: Investigate & fix the test failures. 116 113 doCheck = false; 114 + 115 + passthru = { 116 + updateScript = writeScript "update-gdb" '' 117 + #!/usr/bin/env nix-shell 118 + #!nix-shell -i bash -p curl pcre common-updater-scripts 119 + 120 + set -eu -o pipefail 121 + 122 + # Expect the text in format of '<h3>GDB version 12.1</h3>' 123 + new_version="$(curl -s https://www.sourceware.org/gdb/ | 124 + pcregrep -o1 '<h3>GDB version ([0-9.]+)</h3>')" 125 + update-source-version ${pname} "$new_version" 126 + ''; 127 + }; 117 128 118 129 meta = with lib; { 119 130 description = "The GNU Project debugger";

+1

pkgs/misc/sndio/default.nix

··· 11 11 12 12 nativeBuildInputs = lib.optional stdenv.hostPlatform.isDarwin fixDarwinDylibNames; 13 13 buildInputs = lib.optional stdenv.hostPlatform.isLinux alsa-lib; 14 + configurePlatforms = []; 14 15 15 16 postInstall = '' 16 17 install -Dm644 contrib/sndiod.service $out/lib/systemd/system/sndiod.service

+10 -10

pkgs/servers/sql/postgresql/default.nix

··· 202 202 in self: { 203 203 204 204 postgresql_10 = self.callPackage generic { 205 - version = "10.20"; 205 + version = "10.21"; 206 206 psqlSchema = "10.0"; # should be 10, but changing it is invasive 207 - sha256 = "sha256-h94W1ZvP5C+mBcMSxZvl4pToo+astlXdetR8u5MKZZ8="; 207 + sha256 = "sha256-0yGYhW1Sqab11QZC74ZoesBYvW78pcntV754CElvRdE="; 208 208 this = self.postgresql_10; 209 209 thisAttr = "postgresql_10"; 210 210 inherit self; ··· 212 212 }; 213 213 214 214 postgresql_11 = self.callPackage generic { 215 - version = "11.15"; 215 + version = "11.16"; 216 216 psqlSchema = "11.1"; # should be 11, but changing it is invasive 217 - sha256 = "sha256-yPWOjr1PRWf0+boQMus+meAlHYfL4+VktIVZDjeoeeM="; 217 + sha256 = "sha256-LdnhEfCllJ7nyswGXOoPshCSkpuuMQzgW/AbT/xRA6U="; 218 218 this = self.postgresql_11; 219 219 thisAttr = "postgresql_11"; 220 220 inherit self; 221 221 }; 222 222 223 223 postgresql_12 = self.callPackage generic { 224 - version = "12.10"; 224 + version = "12.11"; 225 225 psqlSchema = "12"; 226 - sha256 = "sha256-g90ZLmA0lRGSuahtwZzzcXqLghIOLxGgo2cjyCDSslc="; 226 + sha256 = "sha256-ECYkil/Svur0PkxyNqyBflbVi2gaM1hWRl37x1s+gwI="; 227 227 this = self.postgresql_12; 228 228 thisAttr = "postgresql_12"; 229 229 inherit self; 230 230 }; 231 231 232 232 postgresql_13 = self.callPackage generic { 233 - version = "13.6"; 233 + version = "13.7"; 234 234 psqlSchema = "13"; 235 - sha256 = "sha256-uvx/o9nU2o/nG4TGO6i9/oCSk1wwwKqFwkssCFCPZ/w="; 235 + sha256 = "sha256-G5Bb9PPYNhSjk7PFH9NFkQ/SYeT1Ekpo2aH906KkY5k="; 236 236 this = self.postgresql_13; 237 237 thisAttr = "postgresql_13"; 238 238 inherit self; 239 239 }; 240 240 241 241 postgresql_14 = self.callPackage generic { 242 - version = "14.2"; 242 + version = "14.3"; 243 243 psqlSchema = "14"; 244 - sha256 = "sha256-LPeLLkaJEvgQHWldtTQM8xPC6faKYS+3FCdSToyal3o="; 244 + sha256 = "sha256-J5BXNov1mpGcBa2o+VxeBKu0PnS5oqacPUaiDgeprzg="; 245 245 this = self.postgresql_14; 246 246 thisAttr = "postgresql_14"; 247 247 inherit self;

+2 -2

pkgs/servers/sql/postgresql/ext/pg_safeupdate.nix

··· 2 2 3 3 stdenv.mkDerivation rec { 4 4 pname = "pg-safeupdate"; 5 - version = "1.2"; 5 + version = "1.4"; 6 6 7 7 buildInputs = [ postgresql ]; 8 8 ··· 10 10 owner = "eradman"; 11 11 repo = pname; 12 12 rev = version; 13 - sha256 = "010m57jcv5v8pyfm1cqs3a306y750lvnvla9m5d98v5vdx3349jg"; 13 + sha256 = "sha256-1cyvVEC9MQGMr7Tg6EUbsVBrMc8ahdFS3+CmDkmAq4Y="; 14 14 }; 15 15 16 16 installPhase = ''

+9 -1

pkgs/test/default.nix

··· 72 72 73 73 dhall = callPackage ./dhall { }; 74 74 75 - makeWrapper = callPackage ./make-wrapper {}; 75 + makeWrapper = callPackage ./make-wrapper { }; 76 + makeBinaryWrapper = callPackage ./make-binary-wrapper { 77 + makeBinaryWrapper = pkgs.makeBinaryWrapper.override { 78 + # Enable sanitizers in the tests only, to avoid the performance cost in regular usage. 79 + # The sanitizers cause errors on aarch64-darwin, see https://github.com/NixOS/nixpkgs/pull/150079#issuecomment-994132734 80 + sanitizers = pkgs.lib.optionals (! (pkgs.stdenv.isDarwin && pkgs.stdenv.isAarch64)) 81 + [ "undefined" "address" ]; 82 + }; 83 + }; 76 84 77 85 pkgs-lib = recurseIntoAttrs (import ../pkgs-lib/tests { inherit pkgs; }); 78 86 }

+10 -5

pkgs/tools/filesystems/e2fsprogs/default.nix

··· 23 23 ++ lib.optionals stdenv.isLinux [ fuse ]; 24 24 25 25 # Only use glibc's __GNUC_PREREQ(X,Y) (checks if compiler is gcc version >= X.Y) when using glibc 26 - patches = if stdenv.hostPlatform.libc == "glibc" then null 27 - else [ 28 - (fetchpatch { 26 + patches = [ 27 + (fetchpatch { 28 + name = "CVE-2022-1304.patch"; 29 + url = "https://git.kernel.org/pub/scm/fs/ext2/e2fsprogs.git/patch/?id=ab51d587bb9b229b1fade1afd02e1574c1ba5c76"; 30 + sha256 = "sha256-YEEow34/81NBOc6F6FS6i505FCQ7GHeIz0a0qWNs7Fg="; 31 + }) 32 + ] ++ lib.optionals (stdenv.hostPlatform.libc == "glibc") [ 33 + (fetchpatch { 29 34 url = "https://raw.githubusercontent.com/void-linux/void-packages/9583597eb3e6e6b33f61dbc615d511ce030bc443/srcpkgs/e2fsprogs/patches/fix-glibcism.patch"; 30 35 sha256 = "1gfcsr0i3q8q2f0lqza8na0iy4l4p3cbii51ds6zmj0y4hz2dwhb"; 31 36 excludes = [ "lib/ext2fs/hashmap.h" ]; 32 37 extraPrefix = ""; 33 - }) 34 - ]; 38 + }) 39 + ]; 35 40 36 41 postPatch = '' 37 42 # Remove six failing tests

+4 -4

pkgs/tools/security/cryptomator/default.nix

··· 1 1 { lib, stdenv, fetchFromGitHub 2 2 , autoPatchelfHook 3 3 , fuse, jffi 4 - , maven, jdk, jre, makeWrapper, glib, wrapGAppsHook 4 + , maven, jdk, jre, makeShellWrapper, glib, wrapGAppsHook 5 5 }: 6 6 7 7 let ··· 65 65 rm $out/share/cryptomator/libs/jff*.jar 66 66 cp -f ${jffi}/share/java/jffi-complete.jar $out/share/cryptomator/libs/ 67 67 68 - makeWrapper ${jre}/bin/java $out/bin/cryptomator \ 68 + makeShellWrapper ${jre}/bin/java $out/bin/cryptomator \ 69 69 --add-flags "--class-path '$out/share/cryptomator/libs/*'" \ 70 70 --add-flags "--module-path '$out/share/cryptomator/mods'" \ 71 71 --add-flags "-Dcryptomator.logDir='~/.local/share/Cryptomator/logs'" \ ··· 101 101 nativeBuildInputs = [ 102 102 autoPatchelfHook 103 103 maven 104 - makeWrapper 105 - (wrapGAppsHook.override { makeBinaryWrapper = makeWrapper; }) 104 + makeShellWrapper 105 + wrapGAppsHook 106 106 jdk 107 107 ]; 108 108 buildInputs = [ fuse jre glib jffi ];

-1

pkgs/tools/typesetting/sile/default.nix

··· 114 114 homepage = "https://sile-typesetter.org"; 115 115 changelog = "https://github.com/sile-typesetter/sile/raw/v${version}/CHANGELOG.md"; 116 116 platforms = platforms.unix; 117 - broken = stdenv.isDarwin; # https://github.com/NixOS/nixpkgs/issues/23018 118 117 maintainers = with maintainers; [ doronbehar alerque ]; 119 118 license = licenses.mit; 120 119 };

+13 -35

pkgs/top-level/all-packages.nix

··· 781 781 makeInitrdNG = callPackage ../build-support/kernel/make-initrd-ng.nix; 782 782 makeInitrdNGTool = callPackage ../build-support/kernel/make-initrd-ng-tool.nix {}; 783 783 784 - makeWrapper = makeSetupHook 784 + makeWrapper = makeShellWrapper; 785 + 786 + makeShellWrapper = makeSetupHook 785 787 { deps = [ dieHook ]; 786 788 substitutions = { 787 789 shell = targetPackages.runtimeShell; ··· 790 792 } 791 793 ../build-support/setup-hooks/make-wrapper.sh; 792 794 793 - makeBinaryWrapper = let 794 - f = { cc, sanitizers }: let 795 - san = lib.concatMapStringsSep " " (s: "-fsanitize=${s}") sanitizers; 796 - script = runCommand "make-binary-wrapper.sh" {} '' 797 - substitute ${../build-support/setup-hooks/make-binary-wrapper.sh} $out \ 798 - --replace " @CC@ " " ${cc}/bin/cc ${san} " 799 - ''; 800 - in 801 - makeSetupHook { 802 - deps = [ dieHook cc ]; 803 - substitutions.passthru.tests = callPackage ../test/make-binary-wrapper { 804 - makeBinaryWrapper = makeBinaryWrapper.override { 805 - sanitizers = (if stdenv.isDarwin && stdenv.isAarch64 806 - then [ ] 807 - else [ "undefined" "address" ] 808 - ); 809 - }; 810 - }; 811 - } script; 812 - in 813 - lib.makeOverridable f { 814 - cc = stdenv.cc; 815 - sanitizers = [ ]; 816 - }; 795 + makeBinaryWrapper = callPackage ../build-support/setup-hooks/make-binary-wrapper { }; 817 796 818 797 compressFirmwareXz = callPackage ../build-support/kernel/compress-firmware-xz.nix { }; 819 798 ··· 912 891 913 892 findXMLCatalogs = makeSetupHook { } ../build-support/setup-hooks/find-xml-catalogs.sh; 914 893 915 - wrapGAppsHook = callPackage ../build-support/setup-hooks/wrap-gapps-hook { }; 894 + wrapGAppsHook = callPackage ../build-support/setup-hooks/wrap-gapps-hook { 895 + makeWrapper = makeBinaryWrapper; 896 + }; 916 897 917 898 wrapGAppsHook4 = wrapGAppsHook.override { gtk3 = gtk4; }; 918 899 ··· 14055 14036 # default. 14056 14037 libcxx ? null 14057 14038 , extraPackages ? lib.optional (cc.isGNU or false && stdenv.targetPlatform.isMinGW) threadsCross 14039 + , nixSupport ? {} 14058 14040 , ... 14059 14041 } @ extraArgs: 14060 14042 callPackage ../build-support/cc-wrapper (let self = { ··· 14066 14048 isGNU = cc.isGNU or false; 14067 14049 isClang = cc.isClang or false; 14068 14050 14069 - inherit cc bintools libc libcxx extraPackages zlib; 14051 + inherit cc bintools libc libcxx extraPackages nixSupport zlib; 14070 14052 } // extraArgs; in self); 14071 14053 14072 14054 wrapCC = cc: wrapCCWith { ··· 22350 22332 postgresql_13 22351 22333 postgresql_14 22352 22334 ; 22353 - postgresql = postgresql_13.override { this = postgresql; }; 22335 + postgresql = postgresql_14.override { this = postgresql; }; 22354 22336 postgresqlPackages = recurseIntoAttrs postgresql.pkgs; 22355 22337 postgresql11Packages = recurseIntoAttrs postgresql_11.pkgs; 22356 22338 postgresql12Packages = recurseIntoAttrs postgresql_12.pkgs; 22357 - postgresql13Packages = postgresqlPackages; 22358 - postgresql14Packages = recurseIntoAttrs postgresql_14.pkgs; 22339 + postgresql13Packages = recurseIntoAttrs postgresql_13.pkgs; 22340 + postgresql14Packages = postgresqlPackages; 22359 22341 22360 22342 postgresql_jdbc = callPackage ../development/java-modules/postgresql_jdbc { }; 22361 22343 ··· 26450 26432 26451 26433 filezilla = callPackage ../applications/networking/ftp/filezilla { }; 26452 26434 26453 - buildMozillaMach = 26454 - let callPackage = newScope { 26455 - inherit (rustPackages) cargo rustc; 26456 - }; 26457 - in opts: callPackage (import ../applications/networking/browsers/firefox/common.nix opts) {}; 26435 + buildMozillaMach = opts: callPackage (import ../applications/networking/browsers/firefox/common.nix opts) {}; 26458 26436 26459 26437 firefoxPackages = recurseIntoAttrs (callPackage ../applications/networking/browsers/firefox/packages.nix {}); 26460 26438