Skip to content

Commit

Permalink
Merge remote-tracking branch 'upstream/master' into HEAD
Browse files Browse the repository at this point in the history
  • Loading branch information
FRidh committed Sep 10, 2017
2 parents 9d6ac8e + 6521a83 commit dab3272
Show file tree
Hide file tree
Showing 81 changed files with 766 additions and 409 deletions.
58 changes: 33 additions & 25 deletions doc/package-notes.xml
Original file line number Diff line number Diff line change
Expand Up @@ -101,7 +101,7 @@ modulesTree = [kernel]
$ nix-env -i ncurses
$ export NIX_CFLAGS_LINK=-lncurses
$ make menuconfig ARCH=<replaceable>arch</replaceable></screen>

</para>
</listitem>

Expand All @@ -111,9 +111,9 @@ $ make menuconfig ARCH=<replaceable>arch</replaceable></screen>
</listitem>

</orderedlist>

</para>

</listitem>

<listitem>
Expand Down Expand Up @@ -409,24 +409,24 @@ it. Place the resulting <filename>package.nix</filename> file into
<title>Steam in Nix</title>

<para>
Steam is distributed as a <filename>.deb</filename> file, for now only
as an i686 package (the amd64 package only has documentation).
When unpacked, it has a script called <filename>steam</filename> that
Steam is distributed as a <filename>.deb</filename> file, for now only
as an i686 package (the amd64 package only has documentation).
When unpacked, it has a script called <filename>steam</filename> that
in ubuntu (their target distro) would go to <filename>/usr/bin
</filename>. When run for the first time, this script copies some
files to the user's home, which include another script that is the
ultimate responsible for launching the steam binary, which is also
</filename>. When run for the first time, this script copies some
files to the user's home, which include another script that is the
ultimate responsible for launching the steam binary, which is also
in $HOME.
</para>
<para>
Nix problems and constraints:
<itemizedlist>
<listitem><para>We don't have <filename>/bin/bash</filename> and many
<listitem><para>We don't have <filename>/bin/bash</filename> and many
scripts point there. Similarly for <filename>/usr/bin/python</filename>
.</para></listitem>
<listitem><para>We don't have the dynamic loader in <filename>/lib
</filename>.</para></listitem>
<listitem><para>The <filename>steam.sh</filename> script in $HOME can
<listitem><para>The <filename>steam.sh</filename> script in $HOME can
not be patched, as it is checked and rewritten by steam.</para></listitem>
<listitem><para>The steam binary cannot be patched, it's also checked.</para></listitem>
</itemizedlist>
Expand All @@ -446,10 +446,10 @@ it. Place the resulting <filename>package.nix</filename> file into
<title>How to play</title>

<para>
For 64-bit systems it's important to have
<programlisting>hardware.opengl.driSupport32Bit = true;</programlisting>
in your <filename>/etc/nixos/configuration.nix</filename>. You'll also need
<programlisting>hardware.pulseaudio.support32Bit = true;</programlisting>
For 64-bit systems it's important to have
<programlisting>hardware.opengl.driSupport32Bit = true;</programlisting>
in your <filename>/etc/nixos/configuration.nix</filename>. You'll also need
<programlisting>hardware.pulseaudio.support32Bit = true;</programlisting>
if you are using PulseAudio - this will enable 32bit ALSA apps integration.
To use the Steam controller, you need to add
<programlisting>services.udev.extraRules = ''
Expand All @@ -470,23 +470,31 @@ it. Place the resulting <filename>package.nix</filename> file into

<varlistentry>
<term>Steam fails to start. What do I do?</term>
<listitem><para>Try to run
<listitem><para>Try to run
<programlisting>strace steam</programlisting>
to see what is causing steam to fail.</para></listitem>
</varlistentry>

<varlistentry>
<term>Using the FOSS Radeon drivers</term>
<term>Using the FOSS Radeon or nouveau (nvidia) drivers</term>
<listitem><itemizedlist><listitem><para>
The open source radeon drivers need a newer libc++ than is provided
by the default runtime, which leads to a crash on launch. Use
<programlisting>environment.systemPackages = [(pkgs.steam.override { newStdcpp = true; })];</programlisting>
in your config if you get an error like
Both the open source radeon drivers as well as the nouveau drivers (nvidia)
need a newer libc++ than is provided by the default runtime, which leads to a
crash on launch. Use <programlisting>environment.systemPackages =
[(pkgs.steam.override { newStdcpp = true; })];</programlisting> in your config
if you get an error like
<programlisting>
libGL error: unable to load driver: radeonsi_dri.so
libGL error: driver pointer missing
libGL error: failed to load driver: radeonsi
libGL error: unable to load driver: swrast_dri.so
libGL error: failed to load driver: swrast</programlisting>
or
<programlisting>
libGL error: unable to load driver: nouveau_dri.so
libGL error: driver pointer missing
libGL error: failed to load driver: nouveau
libGL error: unable to load driver: swrast_dri.so
libGL error: failed to load driver: swrast</programlisting></para></listitem>
<listitem><para>
Steam ships statically linked with a version of libcrypto that
Expand All @@ -504,7 +512,7 @@ libGL error: failed to load driver: swrast</programlisting></para></listitem>
<listitem><para>
There is no java in steam chrootenv by default. If you get a message like
<programlisting>/home/foo/.local/share/Steam/SteamApps/common/towns/towns.sh: line 1: java: command not found</programlisting>
You need to add
You need to add
<programlisting> steam.override { withJava = true; };</programlisting>
to your configuration.
</para></listitem>
Expand All @@ -519,14 +527,14 @@ libGL error: failed to load driver: swrast</programlisting></para></listitem>

<title>steam-run</title>
<para>
The FHS-compatible chroot used for steam can also be used to run
The FHS-compatible chroot used for steam can also be used to run
other linux games that expect a FHS environment.
To do it, add
To do it, add
<programlisting>pkgs.(steam.override {
nativeOnly = true;
newStdcpp = true;
}).run</programlisting>
to your configuration, rebuild, and run the game with
to your configuration, rebuild, and run the game with
<programlisting>steam-run ./foo</programlisting>
</para>

Expand Down
17 changes: 17 additions & 0 deletions nixos/modules/profiles/hardened.nix
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,13 @@ with lib;
"nohibernate"
];

boot.blacklistedKernelModules = [
# Obscure network protocols
"ax25"
"netrom"
"rose"
];

# Restrict ptrace() usage to processes with a pre-defined relationship
# (e.g., parent/child)
boot.kernel.sysctl."kernel.yama.ptrace_scope" = mkOverride 500 1;
Expand Down Expand Up @@ -65,4 +72,14 @@ with lib;
# Note: mmap_rnd_compat_bits may not exist on 64bit.
boot.kernel.sysctl."vm.mmap_rnd_bits" = mkDefault 32;
boot.kernel.sysctl."vm.mmap_rnd_compat_bits" = mkDefault 16;

# Allowing users to mmap() memory starting at virtual address 0 can turn a
# NULL dereference bug in the kernel into code execution with elevated
# privilege. Mitigate by enforcing a minimum base addr beyond the NULL memory
# space. This breaks applications that require mapping the 0 page, such as
# dosemu or running 16bit applications under wine. It also breaks older
# versions of qemu.
#
# The value is taken from the KSPP recommendations (Debian uses 4096).
boot.kernel.sysctl."vm.mmap_min_addr" = mkDefault 65536;
}
10 changes: 9 additions & 1 deletion nixos/modules/services/network-filesystems/glusterfs.nix
Original file line number Diff line number Diff line change
Expand Up @@ -50,11 +50,19 @@ in
after = [ "rpcbind.service" "network.target" "local-fs.target" ];
before = [ "network-online.target" ];

# The copying of hooks is due to upstream bug https://bugzilla.redhat.com/show_bug.cgi?id=1452761
preStart = ''
install -m 0755 -d /var/log/glusterfs
''
# The copying of hooks is due to upstream bug https://bugzilla.redhat.com/show_bug.cgi?id=1452761
+ ''
mkdir -p /var/lib/glusterd/hooks/
${rsync}/bin/rsync -a ${glusterfs}/var/lib/glusterd/hooks/ /var/lib/glusterd/hooks/
''
# `glusterfind` needs dirs that upstream installs at `make install` phase
# https://github.com/gluster/glusterfs/blob/v3.10.2/tools/glusterfind/Makefile.am#L16-L17
+ ''
mkdir -p /var/lib/glusterd/glusterfind/.keys
mkdir -p /var/lib/glusterd/hooks/1/delete/post/
'';

serviceConfig = {
Expand Down
10 changes: 9 additions & 1 deletion nixos/modules/services/torrent/transmission.nix
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ let
cfg = config.services.transmission;
apparmor = config.security.apparmor.enable;

homeDir = "/var/lib/transmission";
homeDir = cfg.home;
downloadDir = "${homeDir}/Downloads";
incompleteDir = "${homeDir}/.incomplete";

Expand Down Expand Up @@ -69,6 +69,14 @@ in
default = 9091;
description = "TCP port number to run the RPC/web interface.";
};

home = mkOption {
type = types.path;
default = "/var/lib/transmission";
description = ''
The directory where transmission will create files.
'';
};
};
};

Expand Down
1 change: 1 addition & 0 deletions nixos/tests/xmonad.nix
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@ import ./make-test.nix ({ pkgs, ...} : {
$machine->waitForX;
$machine->waitForFile("/home/alice/.Xauthority");
$machine->succeed("xauth merge ~alice/.Xauthority");
$machine->waitUntilSucceeds("xmonad --restart");
$machine->sleep(3);
$machine->sendKeys("alt-shift-ret");
$machine->waitForWindow(qr/machine.*alice/);
Expand Down
20 changes: 12 additions & 8 deletions pkgs/applications/audio/clementine/default.nix
Original file line number Diff line number Diff line change
Expand Up @@ -54,19 +54,23 @@ let
++ stdenv.lib.optionals (withCD) [libcdio]
++ stdenv.lib.optionals (withCloud) [sparsehash];

postPatch = ''
sed -i src/CMakeLists.txt \
-e 's,-Werror,,g' \
-e 's,-Wno-unknown-warning-option,,g' \
-e 's,-Wno-unused-private-field,,g'
sed -i CMakeLists.txt \
-e 's,libprotobuf.a,protobuf,g'
'';

free = stdenv.mkDerivation {
name = "clementine-free-${version}";
inherit src patches nativeBuildInputs buildInputs;
inherit src patches nativeBuildInputs buildInputs postPatch;

cmakeFlags = [ "-DUSE_SYSTEM_PROJECTM=ON" ];

enableParallelBuilding = true;
postPatch = ''
sed -i src/CMakeLists.txt \
-e 's,-Werror,,g' \
-e 's,-Wno-unknown-warning-option,,g' \
-e 's,-Wno-unused-private-field,,g'
'';

meta = with stdenv.lib; {
homepage = http://www.clementine-player.org;
description = "A multiplatform music player";
Expand All @@ -80,7 +84,7 @@ let
blob = stdenv.mkDerivation {
name = "clementine-blob-${version}";
# Use the same patches and sources as Clementine
inherit src nativeBuildInputs;
inherit src nativeBuildInputs postPatch;

patches = [
./clementine-spotify-blob.patch
Expand Down
6 changes: 3 additions & 3 deletions pkgs/applications/editors/android-studio/packages.nix
Original file line number Diff line number Diff line change
Expand Up @@ -27,9 +27,9 @@ in rec {

preview = mkStudio rec {
pname = "android-studio-preview";
version = "3.0.0.12"; # "Android Studio 3.0 Beta 4"
build = "171.4304935";
sha256Hash = "127ys250m1gdglj5y2qzxl73kh5qb4zlwyf79as7765mmcfcikn5";
version = "3.0.0.13"; # "Android Studio 3.0 Beta 5"
build = "171.4316950";
sha256Hash = "0aj6mkc5pb8ws3ff8hcphdvymlysjmhx507r7wkqrk0b4ylbijmc";

meta = stable.meta // {
description = "The Official IDE for Android (preview version)";
Expand Down
26 changes: 13 additions & 13 deletions pkgs/applications/editors/neovim/qt.nix
Original file line number Diff line number Diff line change
Expand Up @@ -3,28 +3,20 @@

stdenv.mkDerivation rec {
name = "neovim-qt-${version}";
version = "0.2.7";
version = "0.2.8";

src = fetchFromGitHub {
owner = "equalsraf";
repo = "neovim-qt";
rev = "v${version}";
sha256 = "1bfni38l7cs0wbd9c6hgz2jfc8h3ixmg94izdvydm8j7amdz0cb6";
sha256 = "190yg6kkw953h8wajlqr2hvs2fz65y6z0blmywlg1nff724allaq";
};

cmakeFlags = [
"-DMSGPACK_INCLUDE_DIRS=${libmsgpack}/include"
"-DMSGPACK_LIBRARIES=${libmsgpack}/lib/libmsgpackc.so"
];

# The following tests FAILED:
# 2 - tst_neovimconnector (Failed)
# 3 - tst_callallmethods (Failed)
# 4 - tst_encoding (Failed)
#
# Tests failed when upgraded to neovim 0.2.0
doCheck = false;

buildInputs = with pythonPackages; [
neovim qtbase libmsgpack
] ++ (with pythonPackages; [
Expand All @@ -38,18 +30,26 @@ stdenv.mkDerivation rec {
preConfigure = ''
# avoid cmake trying to download libmsgpack
echo "" > third-party/CMakeLists.txt
# we rip out the gui test as spawning a GUI fails in our build environment
sed -i '/^add_xtest_gui/d' test/CMakeLists.txt
# we rip out a number of tests that fail in the build env
# the GUI tests will never work but the others should - they did before neovim 0.2.0
# was released
sed -i test/CMakeLists.txt \
-e '/^add_xtest_gui/d' \
-e '/tst_neovimconnector/d' \
-e '/tst_callallmethods/d' \
-e '/tst_encoding/d'
'';

doCheck = true;

postInstall = ''
wrapProgram "$out/bin/nvim-qt" \
--prefix PATH : "${neovim}/bin"
'';

meta = with stdenv.lib; {
description = "Neovim client library and GUI, in Qt5";
license = licenses.isc;
license = licenses.isc;
maintainers = with maintainers; [ peterhoeg ];
inherit (neovim.meta) platforms;
inherit version;
Expand Down
21 changes: 14 additions & 7 deletions pkgs/applications/editors/vscode/default.nix
Original file line number Diff line number Diff line change
@@ -1,8 +1,8 @@
{ stdenv, lib, callPackage, fetchurl, unzip, atomEnv, makeDesktopItem,
makeWrapper, libXScrnSaver, libxkbfile }:
makeWrapper, libXScrnSaver, libxkbfile, libsecret }:

let
version = "1.15.1";
version = "1.16.0";
channel = "stable";

plat = {
Expand All @@ -12,15 +12,16 @@ let
}.${stdenv.system};

sha256 = {
"i686-linux" = "09vvq02bsq6fdb0ibshn97kll43dpfmyq2dahl9gj02jlwardq27";
"x86_64-linux" = "1kg25i4kavmgivnk4w3dsbsnn9vncl5d2m0ds93f8qvmxpizwg21";
"x86_64-darwin" = "1fgjg7c9appp8v0ir7m2r3a3x4z0gx4na0p3d8j1x4pcs0kqy0qp";
"i686-linux" = "04jf9rl5116qc3n7xgqxir9c54dpkjm210yinih0qnp1wxhb6q0m";
"x86_64-linux" = "125xl933y4zmvp4922wm6b3p5d2xfdi9c5a7svx63p6fwxqjk33y";
"x86_64-darwin" = "0v8v4spz31qbv5ikb4bkdfldmpj5i6ahlzwn2h5wbfzlzsl8bk24";
}.${stdenv.system};

archive_fmt = if stdenv.system == "x86_64-darwin" then "zip" else "tar.gz";

rpath = lib.concatStringsSep ":" [
atomEnv.libPath
"${lib.makeLibraryPath [libsecret]}/libsecret-1.so.0"
"${lib.makeLibraryPath [libXScrnSaver]}/libXss.so.1"
"${lib.makeLibraryPath [libxkbfile]}/libxkbfile.so.1"
"$out/lib/vscode"
Expand All @@ -47,8 +48,8 @@ in
};

buildInputs = if stdenv.system == "x86_64-darwin"
then [ unzip makeWrapper libXScrnSaver ]
else [ makeWrapper libXScrnSaver libxkbfile ];
then [ unzip makeWrapper libXScrnSaver libsecret ]
else [ makeWrapper libXScrnSaver libxkbfile libsecret ];

installPhase =
if stdenv.system == "x86_64-darwin" then ''
Expand All @@ -75,6 +76,12 @@ in
--set-interpreter "$(cat $NIX_CC/nix-support/dynamic-linker)" \
--set-rpath "${rpath}" \
$out/lib/vscode/code
patchelf \
--set-rpath "${rpath}" \
$out/lib/vscode/resources/app/node_modules/keytar/build/Release/keytar.node
ln -s ${lib.makeLibraryPath [libsecret]}/libsecret-1.so.0 $out/lib/vscode/libsecret-1.so.0
'';

meta = with stdenv.lib; {
Expand Down
Loading

0 comments on commit dab3272

Please sign in to comment.