pyrox.dev / nixpkgs
lol
fork atom

Merge branch 'staging'

(Truly, this time :-)

Vladimír Čunát b43614a6 150796d3

+269 -87
unified split
+13
doc/languages-frameworks/python.md
··· 641 641 - [pypi2nix](https://github.com/garbas/pypi2nix) by Rok Garbas 642 642 - [pypi2nix](https://github.com/offlinehacker/pypi2nix) by Jaka Hudoklin 643 643 644 + ### Deterministic builds 645 + 646 + Python 2.7, 3.5 and 3.6 are now built deterministically and 3.4 mostly. 647 + Minor modifications had to be made to the interpreters in order to generate 648 + deterministic bytecode. This has security implications and is relevant for 649 + those using Python in a `nix-shell`. 650 + 651 + When the environment variable `DETERMINISTIC_BUILD` is set, all bytecode will have timestamp 1. 652 + The `buildPythonPackage` function sets `DETERMINISTIC_BUILD` as well as 653 + [PYTHONHASHSEED](https://docs.python.org/3.5/using/cmdline.html#envvar-PYTHONHASHSEED). 654 + Both are also exported in `nix-shell`. 655 + 656 + 644 657 ## FAQ 645 658 646 659 ### How can I install a working Python environment?
+10
nixos/doc/manual/release-notes/rl-1703.xml
··· 271 271 </para> 272 272 </listitem> 273 273 274 + <listitem> 275 + <para> 276 + Python 2.7, 3.5 and 3.6 are now built deterministically and 3.4 mostly. 277 + Minor modifications had to be made to the interpreters in order to generate 278 + deterministic bytecode. This has security implications and is relevant for 279 + those using Python in a <literal>nix-shell</literal>. See the Nixpkgs manual 280 + for details. 281 + </para> 282 + </listitem> 283 + 274 284 </itemizedlist> 275 285 276 286
+20 -16
pkgs/build-support/setup-hooks/compress-man-pages.sh
··· 3 3 compressManPages() { 4 4 local dir="$1" 5 5 6 - if [ ! -d "$dir/share/man" ]; then return; fi 7 - echo "gzipping man pages in $dir" 6 + if [ -L "$dir"/share ] || [ -L "$dir"/share/man ] || [ ! -d "$dir/share/man" ] 7 + then return 8 + fi 9 + echo "gzipping man pages under $dir/share/man/" 8 10 9 - GLOBIGNORE=.:..:*.gz:*.bz2 10 - 11 - for f in "$dir"/share/man/*/* "$dir"/share/man/*/*/*; do 12 - if [ -f "$f" -a ! -L "$f" ]; then 13 - if gzip -c -n "$f" > "$f".gz; then 14 - rm "$f" 15 - else 16 - rm "$f".gz 17 - fi 11 + # Compress all uncompressed manpages. Don't follow symlinks, etc. 12 + find "$dir"/share/man/ -type f -a '!' -regex '.*\.\(bz2\|gz\)$' -print0 \ 13 + | while IFS= read -r -d $'\0' f 14 + do 15 + if gzip -c -n "$f" > "$f".gz; then 16 + rm "$f" 17 + else 18 + rm "$f".gz 18 19 fi 19 20 done 20 21 21 - for f in "$dir"/share/man/*/* "$dir"/share/man/*/*/*; do 22 - if [ -L "$f" -a -f `readlink -f "$f"`.gz ]; then 23 - ln -sf `readlink "$f"`.gz "$f".gz && rm "$f" 22 + # Point symlinks to compressed manpages. 23 + find "$dir"/share/man/ -type l -a '!' -regex '.*\.\(bz2\|gz\)$' -print0 \ 24 + | while IFS= read -r -d $'\0' f 25 + do 26 + local target 27 + target="$(readlink -f "$f")" 28 + if [ -f "$target".gz ]; then 29 + ln -sf "$target".gz "$f".gz && rm "$f" 24 30 fi 25 31 done 26 - 27 - unset GLOBIGNORE 28 32 }
+14
pkgs/development/interpreters/python/cpython/2.7/default.nix
··· 178 178 echo "manylinux1_compatible=False" >> $out/lib/${libPrefix}/_manylinux.py 179 179 180 180 rm "$out"/lib/python*/plat-*/regen # refers to glibc.dev 181 + 182 + # Determinism: Windows installers were not deterministic. 183 + # We're also not interested in building Windows installers. 184 + find "$out" -name 'wininst*.exe' | xargs -r rm -f 185 + 186 + # Determinism: rebuild all bytecode 187 + # We exclude lib2to3 because that's Python 2 code which fails 188 + # We rebuild three times, once for each optimization level 189 + find $out -name "*.py" | $out/bin/python -m compileall -q -f -x "lib2to3" -i - 190 + find $out -name "*.py" | $out/bin/python -O -m compileall -q -f -x "lib2to3" -i - 191 + find $out -name "*.py" | $out/bin/python -OO -m compileall -q -f -x "lib2to3" -i - 181 192 ''; 182 193 183 194 passthru = let ··· 210 221 license = stdenv.lib.licenses.psfl; 211 222 platforms = stdenv.lib.platforms.all; 212 223 maintainers = with stdenv.lib.maintainers; [ chaoflow domenkozar ]; 224 + # Higher priority than Python 3.x so that `/bin/python` points to `/bin/python2` 225 + # in case both 2 and 3 are installed. 226 + priority = -100; 213 227 }; 214 228 }
+39 -10
pkgs/development/interpreters/python/cpython/3.4/default.nix
··· 1 1 { stdenv, fetchurl 2 2 , bzip2 3 + , expat 4 + , libffi 3 5 , gdbm 4 6 , lzma 5 7 , ncurses ··· 50 52 51 53 NIX_LDFLAGS = optionalString stdenv.isLinux "-lgcc_s"; 52 54 55 + # Determinism: The interpreter is patched to write null timestamps when compiling python files. 56 + # This way python doesn't try to update them when we freeze timestamps in nix store. 57 + DETERMINISTIC_BUILD=1; 58 + # Determinism: We fix the hashes of str, bytes and datetime objects. 59 + PYTHONHASHSEED=0; 60 + 53 61 prePatch = optionalString stdenv.isDarwin '' 54 62 substituteInPlace configure --replace '`/usr/bin/arch`' '"i386"' 55 63 substituteInPlace configure --replace '-Wl,-stack_size,1000000' ' ' 56 64 ''; 57 65 58 - postPatch = optionalString (x11Support && (tix != null)) '' 66 + postPatch = '' 67 + # Determinism 68 + substituteInPlace "Lib/py_compile.py" --replace "source_stats['mtime']" "(1 if 'DETERMINISTIC_BUILD' in os.environ else source_stats['mtime'])" 69 + # Determinism. This is done unconditionally 70 + substituteInPlace "Lib/importlib/_bootstrap.py" --replace "source_mtime = int(source_stats['mtime'])" "source_mtime = 1" 71 + '' + optionalString (x11Support && (tix != null)) '' 59 72 substituteInPlace "Lib/tkinter/tix.py" --replace "os.environ.get('TIX_LIBRARY')" "os.environ.get('TIX_LIBRARY') or '${tix}/lib'" 60 73 '' 61 74 # Avoid picking up getentropy() from glibc >= 2.25, as that would break 62 75 # on older kernels. http://bugs.python.org/issue29157 63 - + optionalString stdenv.isLinux 64 - '' 76 + + optionalString stdenv.isLinux '' 65 77 substituteInPlace Python/random.c --replace 'defined(HAVE_GETENTROPY)' '0' 66 78 cat Python/random.c 67 - ''; 79 + ''; 80 + 81 + CPPFLAGS="${concatStringsSep " " (map (p: "-I${getDev p}/include") buildInputs)}"; 82 + LDFLAGS="${concatStringsSep " " (map (p: "-L${getLib p}/lib") buildInputs)}"; 83 + LIBS="${optionalString (!stdenv.isDarwin) "-lcrypt"} ${optionalString (ncurses != null) "-lncurses"}"; 84 + 85 + configureFlags = [ 86 + "--enable-shared" 87 + "--with-threads" 88 + "--without-ensurepip" 89 + "--with-system-expat" 90 + "--with-system-ffi" 91 + ]; 68 92 69 93 preConfigure = '' 70 94 for i in /usr /sw /opt /pkg; do # improve purity ··· 74 98 export NIX_CFLAGS_COMPILE="$NIX_CFLAGS_COMPILE -msse2" 75 99 export MACOSX_DEPLOYMENT_TARGET=10.6 76 100 ''} 77 - 78 - configureFlagsArray=( --enable-shared --with-threads 79 - CPPFLAGS="${concatStringsSep " " (map (p: "-I${getDev p}/include") buildInputs)}" 80 - LDFLAGS="${concatStringsSep " " (map (p: "-L${getLib p}/lib") buildInputs)}" 81 - LIBS="${optionalString (!stdenv.isDarwin) "-lcrypt"} ${optionalString (ncurses != null) "-lncurses"}" 82 - ) 83 101 ''; 84 102 85 103 setupHook = ./setup-hook.sh; ··· 102 120 # Python on Nix is not manylinux1 compatible. https://github.com/NixOS/nixpkgs/issues/18484 103 121 echo "manylinux1_compatible=False" >> $out/lib/${libPrefix}/_manylinux.py 104 122 123 + # Determinism: Windows installers were not deterministic. 124 + # We're also not interested in building Windows installers. 125 + find "$out" -name 'wininst*.exe' | xargs -r rm -f 126 + 105 127 # Use Python3 as default python 106 128 ln -s "$out/bin/idle3" "$out/bin/idle" 107 129 ln -s "$out/bin/pip3" "$out/bin/pip" ··· 109 131 ln -s "$out/bin/python3" "$out/bin/python" 110 132 ln -s "$out/bin/python3-config" "$out/bin/python-config" 111 133 ln -s "$out/lib/pkgconfig/python3.pc" "$out/lib/pkgconfig/python.pc" 134 + 135 + # Determinism: rebuild all bytecode 136 + # We exclude lib2to3 because that's Python 2 code which fails 137 + # We rebuild three times, once for each optimization level 138 + find $out -name "*.py" | $out/bin/python -m compileall -q -f -x "lib2to3" -i - 139 + find $out -name "*.py" | $out/bin/python -O -m compileall -q -f -x "lib2to3" -i - 140 + find $out -name "*.py" | $out/bin/python -OO -m compileall -q -f -x "lib2to3" -i - 112 141 ''; 113 142 114 143 postFixup = ''
+38 -8
pkgs/development/interpreters/python/cpython/3.5/default.nix
··· 1 1 { stdenv, fetchurl, fetchpatch 2 2 , bzip2 3 + , expat 4 + , libffi 3 5 , gdbm 4 6 , lzma 5 7 , ncurses ··· 32 34 sitePackages = "lib/${libPrefix}/site-packages"; 33 35 34 36 buildInputs = filter (p: p != null) [ 35 - zlib bzip2 lzma gdbm sqlite readline ncurses openssl ] 37 + zlib bzip2 expat lzma libffi gdbm sqlite readline ncurses openssl ] 36 38 ++ optionals x11Support [ tcl tk libX11 xproto ] 37 39 ++ optionals stdenv.isDarwin [ CF configd ]; 38 40 ··· 50 52 51 53 NIX_LDFLAGS = optionalString stdenv.isLinux "-lgcc_s"; 52 54 55 + # Determinism: The interpreter is patched to write null timestamps when compiling python files. 56 + # This way python doesn't try to update them when we freeze timestamps in nix store. 57 + DETERMINISTIC_BUILD=1; 58 + # Determinism: We fix the hashes of str, bytes and datetime objects. 59 + PYTHONHASHSEED=0; 60 + 53 61 prePatch = optionalString stdenv.isDarwin '' 54 62 substituteInPlace configure --replace '`/usr/bin/arch`' '"i386"' 55 63 substituteInPlace configure --replace '-Wl,-stack_size,1000000' ' ' ··· 63 71 }) 64 72 ]; 65 73 66 - postPatch = optionalString (x11Support && (tix != null)) '' 74 + postPatch = '' 75 + # Determinism 76 + substituteInPlace "Lib/py_compile.py" --replace "source_stats['mtime']" "(1 if 'DETERMINISTIC_BUILD' in os.environ else source_stats['mtime'])" 77 + # Determinism. This is done unconditionally 78 + substituteInPlace "Lib/importlib/_bootstrap_external.py" --replace "source_mtime = int(st['mtime'])" "source_mtime = 1" 79 + '' + optionalString (x11Support && (tix != null)) '' 67 80 substituteInPlace "Lib/tkinter/tix.py" --replace "os.environ.get('TIX_LIBRARY')" "os.environ.get('TIX_LIBRARY') or '${tix}/lib'" 68 81 ''; 69 82 83 + CPPFLAGS="${concatStringsSep " " (map (p: "-I${getDev p}/include") buildInputs)}"; 84 + LDFLAGS="${concatStringsSep " " (map (p: "-L${getLib p}/lib") buildInputs)}"; 85 + LIBS="${optionalString (!stdenv.isDarwin) "-lcrypt"} ${optionalString (ncurses != null) "-lncurses"}"; 86 + 87 + configureFlags = [ 88 + "--enable-shared" 89 + "--with-threads" 90 + "--without-ensurepip" 91 + "--with-system-expat" 92 + "--with-system-ffi" 93 + ]; 94 + 70 95 preConfigure = '' 71 96 for i in /usr /sw /opt /pkg; do # improve purity 72 97 substituteInPlace ./setup.py --replace $i /no-such-path ··· 75 100 export NIX_CFLAGS_COMPILE="$NIX_CFLAGS_COMPILE -msse2" 76 101 export MACOSX_DEPLOYMENT_TARGET=10.6 77 102 ''} 78 - 79 - configureFlagsArray=( --enable-shared --with-threads 80 - CPPFLAGS="${concatStringsSep " " (map (p: "-I${getDev p}/include") buildInputs)}" 81 - LDFLAGS="${concatStringsSep " " (map (p: "-L${getLib p}/lib") buildInputs)}" 82 - LIBS="${optionalString (!stdenv.isDarwin) "-lcrypt"} ${optionalString (ncurses != null) "-lncurses"}" 83 - ) 84 103 ''; 85 104 86 105 setupHook = ./setup-hook.sh; ··· 103 122 # Python on Nix is not manylinux1 compatible. https://github.com/NixOS/nixpkgs/issues/18484 104 123 echo "manylinux1_compatible=False" >> $out/lib/${libPrefix}/_manylinux.py 105 124 125 + # Determinism: Windows installers were not deterministic. 126 + # We're also not interested in building Windows installers. 127 + find "$out" -name 'wininst*.exe' | xargs -r rm -f 128 + 106 129 # Use Python3 as default python 107 130 ln -s "$out/bin/idle3" "$out/bin/idle" 108 131 ln -s "$out/bin/pip3" "$out/bin/pip" ··· 110 133 ln -s "$out/bin/python3" "$out/bin/python" 111 134 ln -s "$out/bin/python3-config" "$out/bin/python-config" 112 135 ln -s "$out/lib/pkgconfig/python3.pc" "$out/lib/pkgconfig/python.pc" 136 + 137 + # Determinism: rebuild all bytecode 138 + # We exclude lib2to3 because that's Python 2 code which fails 139 + # We rebuild three times, once for each optimization level 140 + find $out -name "*.py" | $out/bin/python -m compileall -q -f -x "lib2to3" -i - 141 + find $out -name "*.py" | $out/bin/python -O -m compileall -q -f -x "lib2to3" -i - 142 + find $out -name "*.py" | $out/bin/python -OO -m compileall -q -f -x "lib2to3" -i - 113 143 ''; 114 144 115 145 postFixup = ''
+37 -7
pkgs/development/interpreters/python/cpython/3.6/default.nix
··· 1 1 { stdenv, fetchurl, fetchpatch 2 2 , glibc 3 3 , bzip2 4 + , expat 5 + , libffi 4 6 , gdbm 5 7 , lzma 6 8 , ncurses ··· 50 52 51 53 NIX_LDFLAGS = optionalString stdenv.isLinux "-lgcc_s"; 52 54 55 + # Determinism: The interpreter is patched to write null timestamps when compiling python files. 56 + # This way python doesn't try to update them when we freeze timestamps in nix store. 57 + DETERMINISTIC_BUILD=1; 58 + # Determinism: We fix the hashes of str, bytes and datetime objects. 59 + PYTHONHASHSEED=0; 60 + 53 61 prePatch = optionalString stdenv.isDarwin '' 54 62 substituteInPlace configure --replace '`/usr/bin/arch`' '"i386"' 55 63 substituteInPlace configure --replace '-Wl,-stack_size,1000000' ' ' ··· 63 71 }) 64 72 ]; 65 73 66 - postPatch = optionalString (x11Support && (tix != null)) '' 74 + postPatch = '' 75 + # Determinism 76 + substituteInPlace "Lib/py_compile.py" --replace "source_stats['mtime']" "(1 if 'DETERMINISTIC_BUILD' in os.environ else source_stats['mtime'])" 77 + # Determinism. This is done unconditionally 78 + substituteInPlace "Lib/importlib/_bootstrap_external.py" --replace "source_mtime = int(st['mtime'])" "source_mtime = 1" 79 + '' + optionalString (x11Support && (tix != null)) '' 67 80 substituteInPlace "Lib/tkinter/tix.py" --replace "os.environ.get('TIX_LIBRARY')" "os.environ.get('TIX_LIBRARY') or '${tix}/lib'" 68 81 ''; 69 82 83 + CPPFLAGS="${concatStringsSep " " (map (p: "-I${getDev p}/include") buildInputs)}"; 84 + LDFLAGS="${concatStringsSep " " (map (p: "-L${getLib p}/lib") buildInputs)}"; 85 + LIBS="${optionalString (!stdenv.isDarwin) "-lcrypt"} ${optionalString (ncurses != null) "-lncurses"}"; 86 + 87 + configureFlags = [ 88 + "--enable-shared" 89 + "--with-threads" 90 + "--without-ensurepip" 91 + "--with-system-expat" 92 + "--with-system-ffi" 93 + ]; 94 + 70 95 preConfigure = '' 71 96 for i in /usr /sw /opt /pkg; do # improve purity 72 97 substituteInPlace ./setup.py --replace $i /no-such-path ··· 75 100 export NIX_CFLAGS_COMPILE="$NIX_CFLAGS_COMPILE -msse2" 76 101 export MACOSX_DEPLOYMENT_TARGET=10.6 77 102 ''} 78 - 79 - configureFlagsArray=( --enable-shared --with-threads 80 - CPPFLAGS="${concatStringsSep " " (map (p: "-I${getDev p}/include") buildInputs)}" 81 - LDFLAGS="${concatStringsSep " " (map (p: "-L${getLib p}/lib") buildInputs)}" 82 - LIBS="${optionalString (!stdenv.isDarwin) "-lcrypt"} ${optionalString (ncurses != null) "-lncurses"}" 83 - ) 84 103 ''; 85 104 86 105 setupHook = ./setup-hook.sh; ··· 103 122 # Python on Nix is not manylinux1 compatible. https://github.com/NixOS/nixpkgs/issues/18484 104 123 echo "manylinux1_compatible=False" >> $out/lib/${libPrefix}/_manylinux.py 105 124 125 + # Determinism: Windows installers were not deterministic. 126 + # We're also not interested in building Windows installers. 127 + find "$out" -name 'wininst*.exe' | xargs -r rm -f 128 + 106 129 # Use Python3 as default python 107 130 ln -s "$out/bin/idle3" "$out/bin/idle" 108 131 ln -s "$out/bin/pip3" "$out/bin/pip" ··· 110 133 ln -s "$out/bin/python3" "$out/bin/python" 111 134 ln -s "$out/bin/python3-config" "$out/bin/python-config" 112 135 ln -s "$out/lib/pkgconfig/python3.pc" "$out/lib/pkgconfig/python.pc" 136 + 137 + # Determinism: rebuild all bytecode 138 + # We exclude lib2to3 because that's Python 2 code which fails 139 + # We rebuild three times, once for each optimization level 140 + find $out -name "*.py" | $out/bin/python -m compileall -q -f -x "lib2to3" -i - 141 + find $out -name "*.py" | $out/bin/python -O -m compileall -q -f -x "lib2to3" -i - 142 + find $out -name "*.py" | $out/bin/python -OO -m compileall -q -f -x "lib2to3" -i - 113 143 ''; 114 144 115 145 passthru = let
+5 -2
pkgs/development/interpreters/python/mk-python-derivation.nix
··· 57 57 58 58 inherit pythonPath; 59 59 60 - # patch python interpreter to write null timestamps when compiling python files 61 - # this way python doesn't try to update them when we freeze timestamps in nix store 60 + 61 + # Determinism: The interpreter is patched to write null timestamps when compiling python files. 62 + # This way python doesn't try to update them when we freeze timestamps in nix store. 62 63 DETERMINISTIC_BUILD=1; 64 + # Determinism: We fix the hashes of str, bytes and datetime objects. 65 + PYTHONHASHSEED = 0; 63 66 64 67 buildInputs = [ wrapPython ] ++ buildInputs ++ pythonPath 65 68 ++ [ (ensureNewerSourcesHook { year = "1980"; }) ]
+11 -1
pkgs/development/libraries/libevent/default.nix
··· 23 23 | grep -v '^dh-autoreconf' | sed 's|^|debian/patches/|')" 24 24 ''; 25 25 26 - outputs = [ "out" "dev" ]; 26 + # libevent_openssl is moved into its own output, so that openssl isn't present 27 + # in the default closure. 28 + outputs = [ "out" "dev" "openssl" ]; 27 29 outputBin = "dev"; 30 + propagatedBuildOutputs = [ "out" "openssl" ]; 28 31 29 32 buildInputs = [ openssl ] ++ stdenv.lib.optional stdenv.isCygwin findutils; 33 + 34 + postInstall = '' 35 + moveToOutput "lib/libevent_openssl*" "$openssl" 36 + substituteInPlace "$dev/lib/pkgconfig/libevent_openssl.pc" \ 37 + --replace "$out" "$openssl" 38 + sed "/^libdir=/s|$out|$openssl|" -i "$openssl"/lib/libevent_openssl.la 39 + ''; 30 40 31 41 meta = with stdenv.lib; { 32 42 description = "Event notification library";
+3 -1
pkgs/development/libraries/libuv/default.nix
··· 17 17 "getnameinfo_basic" # probably network-dependent 18 18 "spawn_setuid_fails" "spawn_setgid_fails" "fs_chown" # user namespaces 19 19 "getaddrinfo_fail" "getaddrinfo_fail_sync" 20 - ]; 20 + ] 21 + # sometimes: timeout (no output) 22 + ++ stdenv.lib.optional stdenv.isDarwin "process_title"; 21 23 tdRegexp = lib.concatStringsSep "\\|" toDisable; 22 24 in lib.optionalString doCheck '' 23 25 sed '/${tdRegexp}/d' -i test/test-list.h
+3 -8
pkgs/development/libraries/mesa/default.nix
··· 27 27 else 28 28 29 29 let 30 - version = "13.0.5"; 30 + version = "17.0.0"; 31 31 branch = head (splitString "." version); 32 32 driverLink = "/run/opengl-driver" + optionalString stdenv.isi686 "-32"; 33 33 in ··· 41 41 "ftp://ftp.freedesktop.org/pub/mesa/older-versions/${branch}.x/${version}/mesa-${version}.tar.xz" 42 42 "https://launchpad.net/mesa/trunk/${version}/+download/mesa-${version}.tar.xz" 43 43 ]; 44 - sha256 = "bfcea7e2c801525a60895c8aff11aa68457ee9aa35d01a4638e1f310a3f5ef87"; 44 + sha256 = "10c4cvm6hhdch0idh2kn7qv1dq6zlw97sc3pz7bssn81f1ckvnrr"; 45 45 }; 46 46 47 47 prePatch = "patchShebangs ."; ··· 54 54 ./symlink-drivers.patch 55 55 ]; 56 56 57 - postPatch = '' 58 - substituteInPlace src/egl/main/egldriver.c \ 59 - --replace _EGL_DRIVER_SEARCH_DIR '"${driverLink}"' 60 - ''; 61 - 62 57 outputs = [ "out" "dev" "drivers" "osmesa" ]; 63 58 64 59 # TODO: Figure out how to enable opencl without having a runtime dependency on clang ··· 69 64 "--with-dri-searchpath=${driverLink}/lib/dri" 70 65 "--with-egl-platforms=x11,wayland,drm" 71 66 ] ++ (if stdenv.isArm || stdenv.isAarch64 then [ 72 - "--with-gallium-drivers=nouveau,freedreno,vc4,swrast" 67 + "--with-gallium-drivers=nouveau,freedreno,vc4,etnaviv,swrast" 73 68 "--with-dri-drivers=nouveau,swrast" 74 69 ] else [ 75 70 "--with-gallium-drivers=svga,i915,ilo,r300,r600,radeonsi,nouveau,swrast"
+25 -11
pkgs/development/libraries/qt-5/5.7/qttools/cmake-paths.patch
··· 1 - Index: qttools-opensource-src-5.5.1/src/assistant/help/Qt5HelpConfigExtras.cmake.in 2 - =================================================================== 3 - --- qttools-opensource-src-5.5.1.orig/src/assistant/help/Qt5HelpConfigExtras.cmake.in 4 - +++ qttools-opensource-src-5.5.1/src/assistant/help/Qt5HelpConfigExtras.cmake.in 1 + diff -Naur qttools-opensource-src-5.7.1.orig/src/assistant/help/Qt5HelpConfigExtras.cmake.in qttools-opensource-src-5.7.1/src/assistant/help/Qt5HelpConfigExtras.cmake.in 2 + --- qttools-opensource-src-5.7.1.orig/src/assistant/help/Qt5HelpConfigExtras.cmake.in 2016-11-03 09:31:16.000000000 +0100 3 + +++ qttools-opensource-src-5.7.1/src/assistant/help/Qt5HelpConfigExtras.cmake.in 2017-02-28 16:37:20.130457615 +0100 5 4 @@ -2,11 +2,10 @@ 6 5 if (NOT TARGET Qt5::qcollectiongenerator) 7 6 add_executable(Qt5::qcollectiongenerator IMPORTED) ··· 18 17 _qt5_Help_check_file_exists(${imported_location}) 19 18 20 19 set_target_properties(Qt5::qcollectiongenerator PROPERTIES 21 - Index: qttools-opensource-src-5.5.1/src/linguist/Qt5LinguistToolsConfig.cmake.in 22 - =================================================================== 23 - --- qttools-opensource-src-5.5.1.orig/src/linguist/Qt5LinguistToolsConfig.cmake.in 24 - +++ qttools-opensource-src-5.5.1/src/linguist/Qt5LinguistToolsConfig.cmake.in 25 - @@ -44,11 +44,10 @@ endmacro() 20 + @@ -17,11 +16,10 @@ 21 + if (NOT TARGET Qt5::qhelpgenerator) 22 + add_executable(Qt5::qhelpgenerator IMPORTED) 23 + 24 + -!!IF isEmpty(CMAKE_BIN_DIR_IS_ABSOLUTE) 25 + - set(imported_location \"${_qt5Help_install_prefix}/$${CMAKE_BIN_DIR}qhelpgenerator$$CMAKE_BIN_SUFFIX\") 26 + -!!ELSE 27 + - set(imported_location \"$${CMAKE_BIN_DIR}qhelpgenerator$$CMAKE_BIN_SUFFIX\") 28 + -!!ENDIF 29 + + set(imported_location \"@NIX_OUT@/$${CMAKE_BIN_DIR}qhelpgenerator$$CMAKE_BIN_SUFFIX\") 30 + + if(NOT EXISTS \"${imported_location}\") 31 + + set(imported_location \"@NIX_DEV@/$${CMAKE_BIN_DIR}qhelpgenerator$$CMAKE_BIN_SUFFIX\") 32 + + endif() 33 + _qt5_Help_check_file_exists(${imported_location}) 34 + 35 + set_target_properties(Qt5::qhelpgenerator PROPERTIES 36 + diff -Naur qttools-opensource-src-5.7.1.orig/src/linguist/Qt5LinguistToolsConfig.cmake.in qttools-opensource-src-5.7.1/src/linguist/Qt5LinguistToolsConfig.cmake.in 37 + --- qttools-opensource-src-5.7.1.orig/src/linguist/Qt5LinguistToolsConfig.cmake.in 2016-11-03 09:31:16.000000000 +0100 38 + +++ qttools-opensource-src-5.7.1/src/linguist/Qt5LinguistToolsConfig.cmake.in 2017-02-28 16:35:40.470100681 +0100 39 + @@ -44,11 +44,10 @@ 26 40 if (NOT TARGET Qt5::lrelease) 27 41 add_executable(Qt5::lrelease IMPORTED) 28 42 ··· 38 52 _qt5_LinguistTools_check_file_exists(${imported_location}) 39 53 40 54 set_target_properties(Qt5::lrelease PROPERTIES 41 - @@ -59,11 +58,10 @@ endif() 55 + @@ -59,11 +58,10 @@ 42 56 if (NOT TARGET Qt5::lupdate) 43 57 add_executable(Qt5::lupdate IMPORTED) 44 58 ··· 54 68 _qt5_LinguistTools_check_file_exists(${imported_location}) 55 69 56 70 set_target_properties(Qt5::lupdate PROPERTIES 57 - @@ -74,11 +72,10 @@ endif() 71 + @@ -74,11 +72,10 @@ 58 72 if (NOT TARGET Qt5::lconvert) 59 73 add_executable(Qt5::lconvert IMPORTED) 60 74
-2
pkgs/development/tools/misc/binutils/default.nix
··· 81 81 82 82 enableParallelBuilding = true; 83 83 84 - postFixup = optionalString (cross == null) "ln -s $out/bin $dev/bin"; # tools needed for development 85 - 86 84 meta = with stdenv.lib; { 87 85 description = "Tools for manipulating binaries (linker, assembler, etc.)"; 88 86 longDescription = ''
+2 -2
pkgs/os-specific/linux/util-linux/default.nix
··· 6 6 version = lib.concatStringsSep "." ([ majorVersion ] 7 7 ++ lib.optional (patchVersion != "") patchVersion); 8 8 majorVersion = "2.29"; 9 - patchVersion = ""; 9 + patchVersion = "2"; 10 10 11 11 src = fetchurl { 12 12 url = "mirror://kernel/linux/utils/util-linux/v${majorVersion}/${name}.tar.xz"; 13 - sha256 = "1rzrmdrz51p9sy7vlw5qmj8pmqazm7hgcch5yq242mkvrikyln9c"; 13 + sha256 = "1qz81w8vzrmy8xn9yx7ls4amkbgwx6vr62pl6kv9g7r0g3ba9kmc"; 14 14 }; 15 15 16 16 patches = [ ./rtcwake-search-PATH-for-shutdown.patch ];
+3 -3
pkgs/servers/x11/xorg/default.nix
··· 669 669 }) // {inherit windowswmproto libX11 libXext xextproto ;}; 670 670 671 671 libX11 = (mkDerivation "libX11" { 672 - name = "libX11-1.6.4"; 672 + name = "libX11-1.6.5"; 673 673 builder = ./builder.sh; 674 674 src = fetchurl { 675 - url = mirror://xorg/individual/lib/libX11-1.6.4.tar.bz2; 676 - sha256 = "0hg46i6h92pmb7xp1cis2j43zq3fkdz89p0yv35w4vm17az4iixp"; 675 + url = mirror://xorg/individual/lib/libX11-1.6.5.tar.bz2; 676 + sha256 = "0pa3cfp6h9rl2vxmkph65250gfqyki0ccqyaan6bl9d25gdr0f2d"; 677 677 }; 678 678 buildInputs = [pkgconfig inputproto kbproto libxcb xextproto xf86bigfontproto xproto xtrans ]; 679 679 meta.platforms = stdenv.lib.platforms.unix;
+1 -1
pkgs/servers/x11/xorg/tarballs-7.7.list
··· 59 59 mirror://xorg/individual/lib/libpciaccess-0.13.4.tar.bz2 60 60 mirror://xorg/individual/lib/libSM-1.2.2.tar.bz2 61 61 mirror://xorg/X11R7.7/src/everything/libWindowsWM-1.0.1.tar.bz2 62 - mirror://xorg/individual/lib/libX11-1.6.4.tar.bz2 62 + mirror://xorg/individual/lib/libX11-1.6.5.tar.bz2 63 63 mirror://xorg/individual/lib/libXau-1.0.8.tar.bz2 64 64 mirror://xorg/individual/lib/libXaw-1.0.13.tar.bz2 65 65 mirror://xorg/individual/lib/libXcomposite-0.4.4.tar.bz2
+6
pkgs/tools/graphics/ploticus/default.nix
··· 15 15 16 16 patches = [ ./ploticus-install.patch ]; 17 17 18 + # Make the symlink relative instead of absolute. 19 + # Otherwise it breaks when auto-moved to $out/share. 20 + preFixup = '' 21 + ln -sf pl.1 "$out"/man/man1/ploticus.1 22 + ''; 23 + 18 24 meta = with stdenv.lib; { 19 25 description = "A non-interactive software package for producing plots and charts"; 20 26 longDescription = ''Ploticus is a free, GPL'd, non-interactive
+3 -1
pkgs/tools/misc/findutils/default.nix
··· 8 8 sha256 = "178nn4dl7wbcw499czikirnkniwnx36argdnqgz4ik9i6zvwkm6y"; 9 9 }; 10 10 11 - patches = [ ./memory-leak.patch ]; 11 + patches = [ ./memory-leak.patch ./no-install-statedir.patch ]; 12 12 13 13 buildInputs = [ coreutils ]; # bin/updatedb script needs to call sort 14 14 ··· 16 16 doCheck = !stdenv.isDarwin && (stdenv.system != "i686-linux"); 17 17 18 18 outputs = [ "out" "info" ]; 19 + 20 + configureFlags = [ "--localstatedir=/var/cache" ]; 19 21 20 22 crossAttrs = { 21 23 # Fix the 'buildInputs = [ coreutils ]' above - that adds the cross coreutils to PATH :(
+11
pkgs/tools/misc/findutils/no-install-statedir.patch
··· 1 + --- a/locate/Makefile.in 2 + +++ b/locate/Makefile.in 3 + @@ -2357,7 +2357,7 @@ updatedb: updatedb.sh Makefile 4 + chmod +x $@ 5 + 6 + install-data-hook: 7 + - $(top_srcdir)/build-aux/mkinstalldirs $(DESTDIR)$(localstatedir) 8 + + #$(top_srcdir)/build-aux/mkinstalldirs $(DESTDIR)$(localstatedir) 9 + 10 + dblocation.texi: 11 + echo '@set LOCATE_DB $(LOCATE_DB)' > $@.tmp
+2 -2
pkgs/tools/networking/curl/default.nix
··· 21 21 assert c-aresSupport -> c-ares != null; 22 22 23 23 stdenv.mkDerivation rec { 24 - name = "curl-7.53.0"; 24 + name = "curl-7.53.1"; 25 25 26 26 src = fetchurl { 27 27 url = "http://curl.haxx.se/download/${name}.tar.bz2"; 28 - sha256 = "008833dd9w4l2277q9r0bsq1vqmm0fr7qqyzvqlw5d47xy5mld5j"; 28 + sha256 = "1s1hyndva0yp62xy96pcp4anzrvw6cl0abjajim17sbmdp00fwhw"; 29 29 }; 30 30 31 31 patches = [ ];
+15 -5
pkgs/tools/networking/unbound/default.nix
··· 1 - { stdenv, fetchurl, openssl, expat, libevent }: 1 + { stdenv, fetchurl, openssl, nettle, expat, libevent }: 2 2 3 3 stdenv.mkDerivation rec { 4 4 name = "unbound-${version}"; ··· 11 11 12 12 outputs = [ "out" "lib" "man" ]; # "dev" would only split ~20 kB 13 13 14 - buildInputs = [ openssl expat libevent ]; 14 + buildInputs = [ openssl nettle expat libevent ]; 15 15 16 16 configureFlags = [ 17 17 "--with-ssl=${openssl.dev}" ··· 26 26 27 27 installFlags = [ "configfile=\${out}/etc/unbound/unbound.conf" ]; 28 28 29 - # get rid of runtime dependencies on $dev outputs 30 - postInstall = ''substituteInPlace "$lib/lib/libunbound.la" '' 29 + preFixup = stdenv.lib.optionalString stdenv.isLinux 30 + # Build libunbound again, but only against nettle instead of openssl. 31 + # This avoids gnutls.out -> unbound.lib -> openssl.out. 32 + # There was some problem with this on Darwin; let's not complicate non-Linux. 33 + '' 34 + configureFlags="$configureFlags --with-nettle=${nettle.dev} --with-libunbound-only" 35 + configurePhase 36 + buildPhase 37 + installPhase 38 + '' 39 + # get rid of runtime dependencies on $dev outputs 40 + + ''substituteInPlace "$lib/lib/libunbound.la" '' 31 41 + stdenv.lib.concatMapStrings 32 42 (pkg: " --replace '-L${pkg.dev}/lib' '-L${pkg.out}/lib' ") 33 - [ openssl expat libevent ]; 43 + buildInputs; 34 44 35 45 meta = with stdenv.lib; { 36 46 description = "Validating, recursive, and caching DNS resolver";
+8 -7
pkgs/top-level/python-packages.nix
··· 20325 20325 }; 20326 20326 20327 20327 pygments = buildPythonPackage rec { 20328 - version = "2.1.3"; 20328 + version = "2.2.0"; 20329 20329 name = "Pygments-${version}"; 20330 20330 20331 20331 src = pkgs.fetchurl { 20332 20332 url = "mirror://pypi/P/Pygments/${name}.tar.gz"; 20333 - sha256 = "10axnp2wpjnq9g8wg53fx0c70dfxqrz498jyz8mrdx9a3flwir48"; 20333 + sha256 = "1k78qdvir1yb1c634nkv6rbga8wv4289xarghmsbbvzhvr311bnv"; 20334 20334 }; 20335 20335 20336 20336 propagatedBuildInputs = with self; [ docutils ]; ··· 20807 20807 20808 20808 pyparsing = buildPythonPackage rec { 20809 20809 name = "pyparsing-${version}"; 20810 - version = "2.1.8"; 20810 + version = "2.1.10"; 20811 20811 20812 20812 src = pkgs.fetchurl { 20813 20813 url = "mirror://pypi/p/pyparsing/${name}.tar.gz"; 20814 - sha256 = "0sy5fxhsvhf0fwk9h6nqlhn1lsjpdmg41jziw5z814rlkydqd903"; 20814 + sha256 = "811c3e7b0031021137fc83e051795025fcb98674d07eb8fe922ba4de53d39188"; 20815 20815 }; 20816 20816 20817 20817 # Not everything necessary to run the tests is included in the distribution ··· 28976 28976 --replace 'pyyaml==3.11' 'pyyaml' \ 28977 28977 --replace 'lxml==3.7.1' 'lxml' \ 28978 28978 --replace 'pyopenssl==16.2.0' 'pyopenssl' \ 28979 - --replace 'requests[socks]==2.12.4' 'requests[socks]' 28979 + --replace 'requests[socks]==2.12.4' 'requests[socks]' \ 28980 + --replace 'pygments==2.1.3' 'pygments>=2.1,<3.0' 28980 28981 ''; 28981 28982 28982 28983 propagatedBuildInputs = with self; [ ··· 31899 31900 }; 31900 31901 31901 31902 packaging = buildPythonPackage rec { 31902 - name = "packaging-16.7"; 31903 + name = "packaging-16.8"; 31903 31904 src = pkgs.fetchurl { 31904 31905 url = "mirror://pypi/p/packaging/${name}.tar.gz"; 31905 - sha256 = "07h18mrpqs0lv2x4fl43pqi0xj6hdrmrnm6v9q634yliagg6q91f"; 31906 + sha256 = "5d50835fdf0a7edf0b55e311b7c887786504efea1177abd7e69329a8e5ea619e"; 31906 31907 }; 31907 31908 propagatedBuildInputs = with self; [ pyparsing six ]; 31908 31909 buildInputs = with self; [ pytest pretend ];