tjh.dev / nixpkgs
Clone of https://github.com/NixOS/nixpkgs.git (to stress-test knotserver)
fork atom
nixpkgs / pkgs / misc / ghostscript / default.nix
at release-19.03 157 lines 5.4 kB view raw
1{ config, stdenv, lib, fetchurl, pkgconfig, zlib, expat, openssl, autoconf 2, libjpeg, libpng, libtiff, freetype, fontconfig, libpaper, jbig2dec 3, libiconv, ijs, fetchpatch, lcms2 4, cupsSupport ? config.ghostscript.cups or (!stdenv.isDarwin), cups ? null 5, x11Support ? cupsSupport, xlibsWrapper ? null # with CUPS, X11 only adds very little 6}: 7 8assert x11Support -> xlibsWrapper != null; 9assert cupsSupport -> cups != null; 10 11let 12 version = "9.${ver_min}"; 13 ver_min = "26"; 14 sha512 = "0z2mvsh06qgnxl7p9isw7swg8jp8xcx3rnbqk727avw7ammvfh8785d2bn5i4fhz8y45ka3cpgp7b598m06yq5zawijhcnzkq187nrx"; 15 16 fonts = stdenv.mkDerivation { 17 name = "ghostscript-fonts"; 18 19 srcs = [ 20 (fetchurl { 21 url = "mirror://sourceforge/gs-fonts/ghostscript-fonts-std-8.11.tar.gz"; 22 sha256 = "00f4l10xd826kak51wsmaz69szzm2wp8a41jasr4jblz25bg7dhf"; 23 }) 24 (fetchurl { 25 url = "mirror://gnu/ghostscript/gnu-gs-fonts-other-6.0.tar.gz"; 26 sha256 = "1cxaah3r52qq152bbkiyj2f7dx1rf38vsihlhjmrvzlr8v6cqil1"; 27 }) 28 # ... add other fonts here 29 ]; 30 31 installPhase = '' 32 mkdir "$out" 33 mv -v * "$out/" 34 ''; 35 }; 36 37in 38stdenv.mkDerivation rec { 39 name = "ghostscript-${version}"; 40 41 src = fetchurl { 42 url = "https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs9${ver_min}/${name}.tar.xz"; 43 inherit sha512; 44 }; 45 46 patches = [ 47 ./urw-font-files.patch 48 ./doc-no-ref.diff 49 (fetchpatch { 50 name = "CVE-2019-6116"; 51 url = "http://git.ghostscript.com/?p=ghostpdl.git;a=patch;h=d3537a54740d78c5895ec83694a07b3e4f616f61"; 52 sha256 = "1hr8bpi87bbg1kvv28kflmfh1dhzxw66p9q0ddvbrj72qd86p3kx"; 53 }) 54 (fetchpatch { 55 name = "CVE-2019-3839-part-1"; 56 url = "http://git.ghostscript.com/?p=ghostpdl.git;a=patch;h=4ec9ca74bed49f2a82acb4bf430eae0d8b3b75c9"; 57 sha256 = "0gn1n9fq5msrxxzspidcnmykp1iv3yvx5485fddmgrslr52ngcf9"; 58 }) 59 (fetchpatch { 60 name = "CVE-2019-3839-part-2"; 61 url = "http://git.ghostscript.com/?p=ghostpdl.git;a=patch;h=db24f253409d5d085c2760c814c3e1d3fa2dac59"; 62 sha256 = "1h6kpwc6ryr6jlxjr6bfnvmmf8x0kqmyjlx3hggqjs23n0wsr9p9"; 63 }) 64 ./9.26-CVE-2019-10216.patch 65 (fetchpatch { 66 name = "CVE-2019-14811.CVE-2019-14812.CVE-2019-14813.patch"; 67 url = "https://git.ghostscript.com/?p=ghostpdl.git;a=patch;h=885444fcbe10dc42787ecb76686c8ee4dd33bf33"; 68 sha256 = "19928sr7xpx7iibk9gn127g0r1yv2lcfpwgk2ipzz4wgrs3f5j70"; 69 }) 70 (fetchpatch { 71 name = "CVE-2019-14817-partial.patch"; 72 url = "https://git.ghostscript.com/?p=ghostpdl.git;a=patch;h=cd1b1cacadac2479e291efe611979bdc1b3bdb19"; 73 # patch doesn't apply cleanly to all files, but at least partially applying it fixes 74 # *some* of the problematic sites. 75 excludes = ["Resource/Init/pdf_font.ps" "Resource/Init/pdf_draw.ps"]; 76 sha256 = "04sy05svm3d2hyyzq41x5aqg3cgg2shaq08ivdqsys95nlihccpn"; 77 }) 78 ]; 79 80 outputs = [ "out" "man" "doc" ]; 81 82 enableParallelBuilding = true; 83 84 nativeBuildInputs = [ pkgconfig autoconf ]; 85 buildInputs = 86 [ zlib expat openssl 87 libjpeg libpng libtiff freetype fontconfig libpaper jbig2dec 88 libiconv ijs lcms2 89 ] 90 ++ lib.optional x11Support xlibsWrapper 91 ++ lib.optional cupsSupport cups 92 ; 93 94 preConfigure = '' 95 # requires in-tree (heavily patched) openjpeg 96 rm -rf jpeg libpng zlib jasper expat tiff lcms2mt jbig2dec freetype cups/libs ijs 97 98 sed "s@if ( test -f \$(INCLUDE)[^ ]* )@if ( true )@; s@INCLUDE=/usr/include@INCLUDE=/no-such-path@" -i base/unix-aux.mak 99 sed "s@^ZLIBDIR=.*@ZLIBDIR=${zlib.dev}/include@" -i configure.ac 100 101 autoconf 102 '' + lib.optionalString cupsSupport '' 103 configureFlags="$configureFlags --with-cups-serverbin=$out/lib/cups --with-cups-serverroot=$out/etc/cups --with-cups-datadir=$out/share/cups" 104 ''; 105 106 configureFlags = 107 [ "--with-system-libtiff" 108 "--enable-dynamic" 109 ] ++ lib.optional x11Support "--with-x" 110 ++ lib.optional cupsSupport "--enable-cups"; 111 112 doCheck = true; 113 114 # don't build/install statically linked bin/gs 115 buildFlags = [ "so" ]; 116 installTargets = [ "soinstall" ]; 117 118 postInstall = '' 119 ln -s gsc "$out"/bin/gs 120 121 cp -r Resource "$out/share/ghostscript/${version}" 122 123 mkdir -p "$doc/share/doc/ghostscript" 124 mv "$doc/share/doc/${version}" "$doc/share/doc/ghostscript/" 125 126 ln -s "${fonts}" "$out/share/ghostscript/fonts" 127 '' + stdenv.lib.optionalString stdenv.isDarwin '' 128 for file in $out/lib/*.dylib* ; do 129 install_name_tool -id "$file" $file 130 done 131 ''; 132 133 preFixup = lib.optionalString stdenv.isDarwin '' 134 install_name_tool -change libgs.dylib.${version} $out/lib/libgs.dylib.${version} $out/bin/gs 135 ''; 136 137 passthru = { inherit version; }; 138 139 meta = { 140 homepage = https://www.ghostscript.com/; 141 description = "PostScript interpreter (mainline version)"; 142 143 longDescription = '' 144 Ghostscript is the name of a set of tools that provides (i) an 145 interpreter for the PostScript language and the PDF file format, 146 (ii) a set of C procedures (the Ghostscript library) that 147 implement the graphics capabilities that appear as primitive 148 operations in the PostScript language, and (iii) a wide variety 149 of output drivers for various file formats and printers. 150 ''; 151 152 license = stdenv.lib.licenses.agpl3; 153 154 platforms = stdenv.lib.platforms.all; 155 maintainers = [ stdenv.lib.maintainers.viric ]; 156 }; 157}