diff --git a/lib/deprecated.nix b/lib/deprecated.nix
index ddce69f160ccd..ed14e04bbd68d 100644
--- a/lib/deprecated.nix
+++ b/lib/deprecated.nix
@@ -157,7 +157,36 @@ rec {
}
);
- closePropagation = list: (uniqList {inputList = (innerClosePropagation [] list);});
+ closePropagationSlow = list: (uniqList {inputList = (innerClosePropagation [] list);});
+
+ # This is an optimisation of lib.closePropagation which avoids the O(n^2) behavior
+ # Using a list of derivations, it generates the full closure of the propagatedXXXBuildInputs
+ # The ordering / sorting / comparison is done based on the `outPath`
+ # attribute of each derivation.
+ # On some benchmarks, it performs up to 15 times faster than lib.closePropagation.
+ # See https://github.com/NixOS/nixpkgs/pull/194391 for details.
+ closePropagationFast = list:
+ builtins.map (x: x.val) (builtins.genericClosure {
+ startSet = builtins.map (x: {
+ key = x.outPath;
+ val = x;
+ }) (builtins.filter (x: x != null) list);
+ operator = item:
+ if !builtins.isAttrs item.val then
+ [ ]
+ else
+ builtins.concatMap (x:
+ if x != null then [{
+ key = x.outPath;
+ val = x;
+ }] else
+ [ ]) ((item.val.propagatedBuildInputs or [ ])
+ ++ (item.val.propagatedNativeBuildInputs or [ ]));
+ });
+
+ closePropagation = if builtins ? genericClosure
+ then closePropagationFast
+ else closePropagationSlow;
# calls a function (f attr value ) for each record item. returns a list
mapAttrsFlatten = f: r: map (attr: f attr r.${attr}) (attrNames r);
diff --git a/nixos/doc/manual/administration/declarative-containers.section.md b/nixos/doc/manual/administration/declarative-containers.section.md
index 00fd244bb91fb..eaa50d3c663d4 100644
--- a/nixos/doc/manual/administration/declarative-containers.section.md
+++ b/nixos/doc/manual/administration/declarative-containers.section.md
@@ -9,7 +9,7 @@ containers.database =
{ config =
{ config, pkgs, ... }:
{ services.postgresql.enable = true;
- services.postgresql.package = pkgs.postgresql_10;
+ services.postgresql.package = pkgs.postgresql_14;
};
};
```
diff --git a/nixos/doc/manual/configuration/config-file.section.md b/nixos/doc/manual/configuration/config-file.section.md
index f21ba113bf8c6..efd231fd1f4e4 100644
--- a/nixos/doc/manual/configuration/config-file.section.md
+++ b/nixos/doc/manual/configuration/config-file.section.md
@@ -166,7 +166,7 @@ Packages
pkgs.emacs
];
- services.postgresql.package = pkgs.postgresql_10;
+ services.postgresql.package = pkgs.postgresql_14;
```
The latter option definition changes the default PostgreSQL package
diff --git a/nixos/doc/manual/from_md/administration/declarative-containers.section.xml b/nixos/doc/manual/from_md/administration/declarative-containers.section.xml
index b8179dca1f8bd..4831c9c74e848 100644
--- a/nixos/doc/manual/from_md/administration/declarative-containers.section.xml
+++ b/nixos/doc/manual/from_md/administration/declarative-containers.section.xml
@@ -11,7 +11,7 @@ containers.database =
{ config =
{ config, pkgs, ... }:
{ services.postgresql.enable = true;
- services.postgresql.package = pkgs.postgresql_10;
+ services.postgresql.package = pkgs.postgresql_14;
};
};
diff --git a/nixos/doc/manual/from_md/configuration/config-file.section.xml b/nixos/doc/manual/from_md/configuration/config-file.section.xml
index 952c6e6003021..9792116eb08d5 100644
--- a/nixos/doc/manual/from_md/configuration/config-file.section.xml
+++ b/nixos/doc/manual/from_md/configuration/config-file.section.xml
@@ -217,7 +217,7 @@ environment.systemPackages =
pkgs.emacs
];
-services.postgresql.package = pkgs.postgresql_10;
+services.postgresql.package = pkgs.postgresql_14;
The latter option definition changes the default PostgreSQL
diff --git a/nixos/doc/manual/from_md/release-notes/rl-2211.section.xml b/nixos/doc/manual/from_md/release-notes/rl-2211.section.xml
index bdd55a59370bb..2d5197b2e100b 100644
--- a/nixos/doc/manual/from_md/release-notes/rl-2211.section.xml
+++ b/nixos/doc/manual/from_md/release-notes/rl-2211.section.xml
@@ -130,6 +130,15 @@
certificates by default.
+
+
+ Improved performances of
+ lib.closePropagation which was previously
+ quadratic. This is used in e.g.
+ ghcWithPackages. Please see backward
+ incompatibilities notes below.
+
+
Cinnamon has been updated to 5.4. While at it, the cinnamon
@@ -459,6 +468,16 @@
future Git update without notice.
+
+
+ openssh was updated to version 9.1,
+ disabling the generation of DSA keys when using
+ ssh-keygen -A as they are insecure. Also,
+ SetEnv directives in
+ ssh_config and
+ sshd_config are now first-match-wins
+
+
bsp-layout no longer uses the command
@@ -565,6 +584,12 @@
notes.
+
+
+ lib.closePropagation now needs that all
+ gathered sets have an outPath attribute.
+
+
lemmy module option
diff --git a/nixos/doc/manual/release-notes/rl-2211.section.md b/nixos/doc/manual/release-notes/rl-2211.section.md
index 69e0cbd2ad513..341ae7c9c2d40 100644
--- a/nixos/doc/manual/release-notes/rl-2211.section.md
+++ b/nixos/doc/manual/release-notes/rl-2211.section.md
@@ -52,6 +52,8 @@ In addition to numerous new and upgraded packages, this release has the followin
- Perl has been updated to 5.36, and its core module `HTTP::Tiny` was patched to verify SSL/TLS certificates by default.
+- Improved performances of `lib.closePropagation` which was previously quadratic. This is used in e.g. `ghcWithPackages`. Please see backward incompatibilities notes below.
+
- Cinnamon has been updated to 5.4. While at it, the cinnamon module now defaults to
blueman as bluetooth manager and slick-greeter as lightdm greeter to match upstream.
@@ -153,6 +155,8 @@ Available as [services.patroni](options.html#opt-services.patroni.enable).
- The `fetchgit` fetcher now uses [cone mode](https://www.git-scm.com/docs/git-sparse-checkout/2.37.0#_internalscone_mode_handling) by default for sparse checkouts. [Non-cone mode](https://www.git-scm.com/docs/git-sparse-checkout/2.37.0#_internalsnon_cone_problems) can be enabled by passing `nonConeMode = true`, but note that non-cone mode is deprecated and this option may be removed alongside a future Git update without notice.
+- `openssh` was updated to version 9.1, disabling the generation of DSA keys when using `ssh-keygen -A` as they are insecure. Also, `SetEnv` directives in `ssh_config` and `sshd_config` are now first-match-wins
+
- `bsp-layout` no longer uses the command `cycle` to switch to other window layouts, as it got replaced by the commands `previous` and `next`.
- The Barco ClickShare driver/client package `pkgs.clickshare-csc1` and the option `programs.clickshare-csc1.enable` have been removed,
@@ -186,6 +190,8 @@ Available as [services.patroni](options.html#opt-services.patroni.enable).
- `teleport` has been upgraded to major version 10. Please see upstream [upgrade instructions](https://goteleport.com/docs/ver/10.0/management/operations/upgrading/) and [release notes](https://goteleport.com/docs/ver/10.0/changelog/#1000).
+- `lib.closePropagation` now needs that all gathered sets have an `outPath` attribute.
+
- lemmy module option `services.lemmy.settings.database.createLocally`
moved to `services.lemmy.database.createLocally`.
diff --git a/nixos/lib/make-options-doc/default.nix b/nixos/lib/make-options-doc/default.nix
index 6a1bb868c20de..9a75956b0d695 100644
--- a/nixos/lib/make-options-doc/default.nix
+++ b/nixos/lib/make-options-doc/default.nix
@@ -122,7 +122,7 @@ in rec {
optionsJSON = pkgs.runCommand "options.json"
{ meta.description = "List of NixOS options in JSON format";
- buildInputs = [
+ nativeBuildInputs = [
pkgs.brotli
(let
self = (pkgs.python3Minimal.override {
diff --git a/nixos/modules/config/users-groups.nix b/nixos/modules/config/users-groups.nix
index dae2fde0b4e76..b538a0119c06d 100644
--- a/nixos/modules/config/users-groups.nix
+++ b/nixos/modules/config/users-groups.nix
@@ -697,7 +697,7 @@ in {
value = "[a-zA-Z0-9/+.-]+";
options = "${id}(=${value})?(,${id}=${value})*";
scheme = "${id}(${sep}${options})?";
- content = "${base64}${sep}${base64}";
+ content = "${base64}${sep}${base64}(${sep}${base64})?";
mcf = "^${sep}${scheme}${sep}${content}$";
in
if (allowsLogin user.hashedPassword
diff --git a/nixos/modules/services/desktops/pipewire/daemon/filter-chain.conf.json b/nixos/modules/services/desktops/pipewire/daemon/filter-chain.conf.json
new file mode 100644
index 0000000000000..689fca88359ba
--- /dev/null
+++ b/nixos/modules/services/desktops/pipewire/daemon/filter-chain.conf.json
@@ -0,0 +1,28 @@
+{
+ "context.properties": {
+ "log.level": 0
+ },
+ "context.spa-libs": {
+ "audio.convert.*": "audioconvert/libspa-audioconvert",
+ "support.*": "support/libspa-support"
+ },
+ "context.modules": [
+ {
+ "name": "libpipewire-module-rt",
+ "args": {},
+ "flags": [
+ "ifexists",
+ "nofail"
+ ]
+ },
+ {
+ "name": "libpipewire-module-protocol-native"
+ },
+ {
+ "name": "libpipewire-module-client-node"
+ },
+ {
+ "name": "libpipewire-module-adapter"
+ }
+ ]
+}
diff --git a/nixos/modules/services/desktops/pipewire/daemon/pipewire-avb.conf.json b/nixos/modules/services/desktops/pipewire/daemon/pipewire-avb.conf.json
new file mode 100644
index 0000000000000..4f669895d87b6
--- /dev/null
+++ b/nixos/modules/services/desktops/pipewire/daemon/pipewire-avb.conf.json
@@ -0,0 +1,38 @@
+{
+ "context.properties": {},
+ "context.spa-libs": {
+ "audio.convert.*": "audioconvert/libspa-audioconvert",
+ "support.*": "support/libspa-support"
+ },
+ "context.modules": [
+ {
+ "name": "libpipewire-module-rt",
+ "args": {
+ "nice.level": -11
+ },
+ "flags": [
+ "ifexists",
+ "nofail"
+ ]
+ },
+ {
+ "name": "libpipewire-module-protocol-native"
+ },
+ {
+ "name": "libpipewire-module-client-node"
+ },
+ {
+ "name": "libpipewire-module-adapter"
+ },
+ {
+ "name": "libpipewire-module-avb",
+ "args": {}
+ }
+ ],
+ "context.exec": [],
+ "stream.properties": {},
+ "avb.properties": {
+ "ifname": "enp3s0",
+ "vm.overrides": {}
+ }
+}
diff --git a/nixos/modules/system/boot/luksroot.nix b/nixos/modules/system/boot/luksroot.nix
index 38f8b6fd87c21..b0c841f4fe592 100644
--- a/nixos/modules/system/boot/luksroot.nix
+++ b/nixos/modules/system/boot/luksroot.nix
@@ -905,9 +905,11 @@ in
{ assertion = config.boot.initrd.systemd.enable -> !luks.gpgSupport;
message = "systemd stage 1 does not support GPG smartcards yet.";
}
- # TODO
{ assertion = config.boot.initrd.systemd.enable -> !luks.fido2Support;
- message = "systemd stage 1 does not support FIDO2 yet.";
+ message = ''
+ systemd stage 1 does not support configuring FIDO2 unlocking through `boot.initrd.luks.devices..fido2`.
+ Use systemd-cryptenroll(1) to configure FIDO2 support.
+ '';
}
# TODO
{ assertion = config.boot.initrd.systemd.enable -> !luks.yubikeySupport;
diff --git a/nixos/modules/system/boot/systemd.nix b/nixos/modules/system/boot/systemd.nix
index 8f2044a0985eb..d28e6ed0e2770 100644
--- a/nixos/modules/system/boot/systemd.nix
+++ b/nixos/modules/system/boot/systemd.nix
@@ -151,6 +151,9 @@ let
] ++ optionals cfg.package.withHostnamed [
"dbus-org.freedesktop.hostname1.service"
"systemd-hostnamed.service"
+ ] ++ optionals cfg.package.withPortabled [
+ "dbus-org.freedesktop.portable1.service"
+ "systemd-portabled.service"
] ++ [
"systemd-exit.service"
"systemd-update-done.service"
diff --git a/nixos/modules/system/boot/systemd/initrd.nix b/nixos/modules/system/boot/systemd/initrd.nix
index 03f94c426cb09..31702499b0f14 100644
--- a/nixos/modules/system/boot/systemd/initrd.nix
+++ b/nixos/modules/system/boot/systemd/initrd.nix
@@ -332,7 +332,10 @@ in {
config = mkIf (config.boot.initrd.enable && cfg.enable) {
system.build = { inherit initialRamdisk; };
- boot.initrd.availableKernelModules = [ "autofs4" ]; # systemd needs this for some features
+ boot.initrd.availableKernelModules = [
+ "autofs4" # systemd needs this for some features
+ "tpm-tis" "tpm-crb" # systemd-cryptenroll
+ ];
boot.initrd.systemd = {
initrdBin = [pkgs.bash pkgs.coreutils cfg.package.kmod cfg.package] ++ config.system.fsPackages;
@@ -403,6 +406,17 @@ in {
# so NSS can look up usernames
"${pkgs.glibc}/lib/libnss_files.so.2"
+ ] ++ optionals cfg.package.withCryptsetup [
+ # tpm2 support
+ "${cfg.package}/lib/cryptsetup/libcryptsetup-token-systemd-tpm2.so"
+ pkgs.tpm2-tss
+
+ # fido2 support
+ "${cfg.package}/lib/cryptsetup/libcryptsetup-token-systemd-fido2.so"
+ "${pkgs.libfido2}/lib/libfido2.so.1"
+
+ # the unwrapped systemd-cryptsetup executable
+ "${cfg.package}/lib/systemd/.systemd-cryptsetup-wrapped"
] ++ jobScripts;
targets.initrd.aliases = ["default.target"];
diff --git a/nixos/modules/system/boot/systemd/logind.nix b/nixos/modules/system/boot/systemd/logind.nix
index 5980160321367..b0c927f19f9d7 100644
--- a/nixos/modules/system/boot/systemd/logind.nix
+++ b/nixos/modules/system/boot/systemd/logind.nix
@@ -82,6 +82,8 @@ in
"dbus-org.freedesktop.import1.service"
] ++ optionals config.systemd.package.withMachined [
"dbus-org.freedesktop.machine1.service"
+ ] ++ optionals config.systemd.package.withPortabled [
+ "dbus-org.freedesktop.portable1.service"
] ++ [
"dbus-org.freedesktop.login1.service"
"user@.service"
diff --git a/nixos/modules/system/boot/systemd/tmpfiles.nix b/nixos/modules/system/boot/systemd/tmpfiles.nix
index e990e953b0572..32b9b275d3587 100644
--- a/nixos/modules/system/boot/systemd/tmpfiles.nix
+++ b/nixos/modules/system/boot/systemd/tmpfiles.nix
@@ -79,6 +79,7 @@ in
ln -s "${systemd}/example/tmpfiles.d/home.conf"
ln -s "${systemd}/example/tmpfiles.d/journal-nocow.conf"
+ ln -s "${systemd}/example/tmpfiles.d/portables.conf"
ln -s "${systemd}/example/tmpfiles.d/static-nodes-permissions.conf"
ln -s "${systemd}/example/tmpfiles.d/systemd.conf"
ln -s "${systemd}/example/tmpfiles.d/systemd-nologin.conf"
diff --git a/nixos/modules/virtualisation/nixos-containers.nix b/nixos/modules/virtualisation/nixos-containers.nix
index 22be1d5bff92e..6cb21913b2197 100644
--- a/nixos/modules/virtualisation/nixos-containers.nix
+++ b/nixos/modules/virtualisation/nixos-containers.nix
@@ -720,7 +720,7 @@ in
{ config =
{ config, pkgs, ... }:
{ services.postgresql.enable = true;
- services.postgresql.package = pkgs.postgresql_10;
+ services.postgresql.package = pkgs.postgresql_14;
system.stateVersion = "21.05";
};
diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix
index e699b3b462617..8c74290aaf71e 100644
--- a/nixos/tests/all-tests.nix
+++ b/nixos/tests/all-tests.nix
@@ -596,8 +596,10 @@ in {
systemd-cryptenroll = handleTest ./systemd-cryptenroll.nix {};
systemd-escaping = handleTest ./systemd-escaping.nix {};
systemd-initrd-btrfs-raid = handleTest ./systemd-initrd-btrfs-raid.nix {};
+ systemd-initrd-luks-fido2 = handleTest ./systemd-initrd-luks-fido2.nix {};
systemd-initrd-luks-keyfile = handleTest ./systemd-initrd-luks-keyfile.nix {};
systemd-initrd-luks-password = handleTest ./systemd-initrd-luks-password.nix {};
+ systemd-initrd-luks-tpm2 = handleTest ./systemd-initrd-luks-tpm2.nix {};
systemd-initrd-modprobe = handleTest ./systemd-initrd-modprobe.nix {};
systemd-initrd-shutdown = handleTest ./systemd-shutdown.nix { systemdStage1 = true; };
systemd-initrd-simple = handleTest ./systemd-initrd-simple.nix {};
@@ -609,8 +611,10 @@ in {
systemd-networkd-dhcpserver-static-leases = handleTest ./systemd-networkd-dhcpserver-static-leases.nix {};
systemd-networkd-ipv6-prefix-delegation = handleTest ./systemd-networkd-ipv6-prefix-delegation.nix {};
systemd-networkd-vrf = handleTest ./systemd-networkd-vrf.nix {};
+ systemd-no-tainted = handleTest ./systemd-no-tainted.nix {};
systemd-nspawn = handleTest ./systemd-nspawn.nix {};
systemd-oomd = handleTest ./systemd-oomd.nix {};
+ systemd-portabled = handleTest ./systemd-portabled.nix {};
systemd-shutdown = handleTest ./systemd-shutdown.nix {};
systemd-timesyncd = handleTest ./systemd-timesyncd.nix {};
systemd-misc = handleTest ./systemd-misc.nix {};
diff --git a/nixos/tests/shadow.nix b/nixos/tests/shadow.nix
index 50a9f71246469..baa2e5945c05d 100644
--- a/nixos/tests/shadow.nix
+++ b/nixos/tests/shadow.nix
@@ -3,6 +3,8 @@ let
password2 = "helloworld";
password3 = "bazqux";
password4 = "asdf123";
+ hashed_bcrypt = "$2b$05$8xIEflrk2RxQtcVXbGIxs.Vl0x7dF1/JSv3cyX6JJt0npzkTCWvxK"; # fnord
+ hashed_yeshash = "$y$j9T$d8Z4EAf8P1SvM/aDFbxMS0$VnTXMp/Hnc7QdCBEaLTq5ZFOAFo2/PM0/xEAFuOE88."; # fnord
in import ./make-test-python.nix ({ pkgs, ... }: {
name = "shadow";
meta = with pkgs.lib.maintainers; { maintainers = [ nequissimus ]; };
@@ -27,6 +29,16 @@ in import ./make-test-python.nix ({ pkgs, ... }: {
password = password4;
shell = pkgs.bash;
};
+ users.berta = {
+ isNormalUser = true;
+ hashedPassword = hashed_bcrypt;
+ shell = pkgs.bash;
+ };
+ users.yesim = {
+ isNormalUser = true;
+ hashedPassword = hashed_yeshash;
+ shell = pkgs.bash;
+ };
};
};
@@ -115,5 +127,23 @@ in import ./make-test-python.nix ({ pkgs, ... }: {
shadow.wait_until_succeeds("pgrep login")
shadow.send_chars("${password2}\n")
shadow.wait_until_tty_matches("5", "login:")
+
+ with subtest("check alternate password hashes"):
+ shadow.send_key("alt-f6")
+ shadow.wait_until_succeeds("[ $(fgconsole) = 6 ]")
+ for u in ["berta", "yesim"]:
+ shadow.wait_for_unit("getty@tty6.service")
+ shadow.wait_until_succeeds("pgrep -f 'agetty.*tty6'")
+ shadow.wait_until_tty_matches("6", "login: ")
+ shadow.send_chars(f"{u}\n")
+ shadow.wait_until_tty_matches("6", f"login: {u}")
+ shadow.wait_until_succeeds("pgrep login")
+ shadow.sleep(2)
+ shadow.send_chars("fnord\n")
+ shadow.send_chars(f"whoami > /tmp/{u}\n")
+ shadow.wait_for_file(f"/tmp/{u}")
+ print(shadow.succeed(f"cat /tmp/{u}"))
+ assert u in shadow.succeed(f"cat /tmp/{u}")
+ shadow.send_chars("logout\n")
'';
})
diff --git a/nixos/tests/systemd-initrd-luks-fido2.nix b/nixos/tests/systemd-initrd-luks-fido2.nix
new file mode 100644
index 0000000000000..133e552a3dc99
--- /dev/null
+++ b/nixos/tests/systemd-initrd-luks-fido2.nix
@@ -0,0 +1,45 @@
+import ./make-test-python.nix ({ lib, pkgs, ... }: {
+ name = "systemd-initrd-luks-fido2";
+
+ nodes.machine = { pkgs, config, ... }: {
+ # Use systemd-boot
+ virtualisation = {
+ emptyDiskImages = [ 512 ];
+ useBootLoader = true;
+ useEFIBoot = true;
+ qemu.package = lib.mkForce (pkgs.qemu_test.override { canokeySupport = true; });
+ qemu.options = [ "-device canokey,file=/tmp/canokey-file" ];
+ };
+ boot.loader.systemd-boot.enable = true;
+
+ boot.initrd.systemd.enable = true;
+
+ environment.systemPackages = with pkgs; [ cryptsetup ];
+
+ specialisation.boot-luks.configuration = {
+ boot.initrd.luks.devices = lib.mkVMOverride {
+ cryptroot = {
+ device = "/dev/vdc";
+ crypttabExtraOpts = [ "fido2-device=auto" ];
+ };
+ };
+ virtualisation.bootDevice = "/dev/mapper/cryptroot";
+ };
+ };
+
+ testScript = ''
+ # Create encrypted volume
+ machine.wait_for_unit("multi-user.target")
+ machine.succeed("echo -n supersecret | cryptsetup luksFormat -q --iter-time=1 /dev/vdc -")
+ machine.succeed("PASSWORD=supersecret SYSTEMD_LOG_LEVEL=debug systemd-cryptenroll --fido2-device=auto /dev/vdc |& systemd-cat")
+
+ # Boot from the encrypted disk
+ machine.succeed("bootctl set-default nixos-generation-1-specialisation-boot-luks.conf")
+ machine.succeed("sync")
+ machine.crash()
+
+ # Boot and decrypt the disk
+ machine.wait_for_unit("multi-user.target")
+ assert "/dev/mapper/cryptroot on / type ext4" in machine.succeed("mount")
+ '';
+})
diff --git a/nixos/tests/systemd-initrd-luks-tpm2.nix b/nixos/tests/systemd-initrd-luks-tpm2.nix
new file mode 100644
index 0000000000000..085088d2ee25e
--- /dev/null
+++ b/nixos/tests/systemd-initrd-luks-tpm2.nix
@@ -0,0 +1,72 @@
+import ./make-test-python.nix ({ lib, pkgs, ... }: {
+ name = "systemd-initrd-luks-tpm2";
+
+ nodes.machine = { pkgs, ... }: {
+ # Use systemd-boot
+ virtualisation = {
+ emptyDiskImages = [ 512 ];
+ useBootLoader = true;
+ useEFIBoot = true;
+ qemu.options = ["-chardev socket,id=chrtpm,path=/tmp/mytpm1/swtpm-sock -tpmdev emulator,id=tpm0,chardev=chrtpm -device tpm-tis,tpmdev=tpm0"];
+ };
+ boot.loader.systemd-boot.enable = true;
+
+ boot.initrd.availableKernelModules = [ "tpm_tis" ];
+
+ environment.systemPackages = with pkgs; [ cryptsetup ];
+ boot.initrd.systemd = {
+ enable = true;
+ };
+
+ specialisation.boot-luks.configuration = {
+ boot.initrd.luks.devices = lib.mkVMOverride {
+ cryptroot = {
+ device = "/dev/vdc";
+ crypttabExtraOpts = [ "tpm2-device=auto" ];
+ };
+ };
+ virtualisation.bootDevice = "/dev/mapper/cryptroot";
+ };
+ };
+
+ testScript = ''
+ import subprocess
+ import os
+ import time
+
+
+ class Tpm:
+ def __init__(self):
+ os.mkdir("/tmp/mytpm1")
+ self.start()
+
+ def start(self):
+ self.proc = subprocess.Popen(["${pkgs.swtpm}/bin/swtpm", "socket", "--tpmstate", "dir=/tmp/mytpm1", "--ctrl", "type=unixio,path=/tmp/mytpm1/swtpm-sock", "--log", "level=20", "--tpm2"])
+
+ def wait_for_death_then_restart(self):
+ while self.proc.poll() is None:
+ print("waiting for tpm to die")
+ time.sleep(1)
+ assert self.proc.returncode == 0
+ self.start()
+
+ tpm = Tpm()
+
+
+ # Create encrypted volume
+ machine.wait_for_unit("multi-user.target")
+ machine.succeed("echo -n supersecret | cryptsetup luksFormat -q --iter-time=1 /dev/vdc -")
+ machine.succeed("PASSWORD=supersecret SYSTEMD_LOG_LEVEL=debug systemd-cryptenroll --tpm2-pcrs= --tpm2-device=auto /dev/vdc |& systemd-cat")
+
+ # Boot from the encrypted disk
+ machine.succeed("bootctl set-default nixos-generation-1-specialisation-boot-luks.conf")
+ machine.succeed("sync")
+ machine.crash()
+
+ tpm.wait_for_death_then_restart()
+
+ # Boot and decrypt the disk
+ machine.wait_for_unit("multi-user.target")
+ assert "/dev/mapper/cryptroot on / type ext4" in machine.succeed("mount")
+ '';
+})
diff --git a/nixos/tests/systemd-no-tainted.nix b/nixos/tests/systemd-no-tainted.nix
new file mode 100644
index 0000000000000..f0504065f2a48
--- /dev/null
+++ b/nixos/tests/systemd-no-tainted.nix
@@ -0,0 +1,14 @@
+import ./make-test-python.nix ({ pkgs, ... }: {
+ name = "systemd-no-tainted";
+
+ nodes.machine = { };
+
+ testScript = ''
+ machine.wait_for_unit("multi-user.target")
+ with subtest("systemctl should not report tainted with unmerged-usr"):
+ output = machine.succeed("systemctl status")
+ print(output)
+ assert "Tainted" not in output
+ assert "unmerged-usr" not in output
+ '';
+})
diff --git a/nixos/tests/systemd-portabled.nix b/nixos/tests/systemd-portabled.nix
new file mode 100644
index 0000000000000..ef38258b0d866
--- /dev/null
+++ b/nixos/tests/systemd-portabled.nix
@@ -0,0 +1,51 @@
+import ./make-test-python.nix ({pkgs, lib, ...}: let
+ demo-program = pkgs.writeShellScriptBin "demo" ''
+ while ${pkgs.coreutils}/bin/sleep 3; do
+ echo Hello World > /dev/null
+ done
+ '';
+ demo-service = pkgs.writeText "demo.service" ''
+ [Unit]
+ Description=demo service
+ Requires=demo.socket
+ After=demo.socket
+
+ [Service]
+ Type=simple
+ ExecStart=${demo-program}/bin/demo
+ Restart=always
+
+ [Install]
+ WantedBy=multi-user.target
+ Also=demo.socket
+ '';
+ demo-socket = pkgs.writeText "demo.socket" ''
+ [Unit]
+ Description=demo socket
+
+ [Socket]
+ ListenStream=/run/demo.sock
+ SocketMode=0666
+
+ [Install]
+ WantedBy=sockets.target
+ '';
+ demo-portable = pkgs.portableService {
+ pname = "demo";
+ version = "1.0";
+ description = ''A demo "Portable Service" for a shell program built with nix'';
+ units = [ demo-service demo-socket ];
+ };
+in {
+
+ name = "systemd-portabled";
+ nodes.machine = {};
+ testScript = ''
+ machine.succeed("portablectl")
+ machine.wait_for_unit("systemd-portabled.service")
+ machine.succeed("portablectl attach --now --runtime ${demo-portable}/demo_1.0.raw")
+ machine.wait_for_unit("demo.service")
+ machine.succeed("portablectl detach --now --runtime demo_1.0")
+ machine.fail("systemctl status demo.service")
+ '';
+})
diff --git a/pkgs/applications/audio/flac/default.nix b/pkgs/applications/audio/flac/default.nix
index c9e3b946dd19f..bebb35f45009e 100644
--- a/pkgs/applications/audio/flac/default.nix
+++ b/pkgs/applications/audio/flac/default.nix
@@ -1,4 +1,12 @@
-{ lib, stdenv, fetchurl, fetchpatch, libogg }:
+{ lib
+, stdenv
+, fetchurl
+, cmake
+, pkg-config
+, doxygen
+, graphviz
+, libogg
+}:
stdenv.mkDerivation rec {
pname = "flac";
@@ -10,9 +18,25 @@ stdenv.mkDerivation rec {
sha256 = "91303c3e5dfde52c3e94e75976c0ab3ee14ced278ab8f60033a3a12db9209ae6";
};
- buildInputs = [ libogg ];
+ nativeBuildInputs = [
+ cmake
+ pkg-config
+ doxygen
+ graphviz
+ ];
- #doCheck = true; # takes lots of time
+ buildInputs = [
+ libogg
+ ];
+
+ cmakeFlags = lib.optionals (!stdenv.hostPlatform.isStatic) [
+ "-DBUILD_SHARED_LIBS=ON"
+ ];
+
+ CFLAGS = [ "-O3" "-funroll-loops" ];
+ CXXFLAGS = [ "-O3" ];
+
+ # doCheck = true; # takes lots of time
outputs = [ "bin" "dev" "out" "man" "doc" ];
diff --git a/pkgs/applications/audio/muse/default.nix b/pkgs/applications/audio/muse/default.nix
index 89ccf00c6d38f..065c943764ea1 100644
--- a/pkgs/applications/audio/muse/default.nix
+++ b/pkgs/applications/audio/muse/default.nix
@@ -1,6 +1,6 @@
{ lib, stdenv, fetchFromGitHub, cmake, pkg-config, qttools, wrapQtAppsHook
, alsa-lib, dssi, fluidsynth, ladspaH, lash, libinstpatch, libjack2, liblo
-, libsamplerate, libsndfile, lilv, lrdf, lv2, qtsvg, rtaudio, rubberband, sord
+, libsamplerate, libsndfile, lilv, lrdf, lv2, qtsvg, rtaudio, rubberband, sord, serd
}:
stdenv.mkDerivation rec {
@@ -25,6 +25,8 @@ stdenv.mkDerivation rec {
libsamplerate libsndfile lilv lrdf lv2 qtsvg rtaudio rubberband sord
];
+ NIX_CFLAGS_COMPILE = [ "-I${lib.getDev serd}/include/serd-0" ];
+
meta = with lib; {
homepage = "https://muse-sequencer.github.io/";
description = "MIDI/Audio sequencer with recording and editing capabilities";
diff --git a/pkgs/applications/editors/neovim/build-neovim-plugin.nix b/pkgs/applications/editors/neovim/build-neovim-plugin.nix
index f89d36741e943..b99733523b87c 100644
--- a/pkgs/applications/editors/neovim/build-neovim-plugin.nix
+++ b/pkgs/applications/editors/neovim/build-neovim-plugin.nix
@@ -1,8 +1,6 @@
{ lib
, stdenv
-, buildVimPluginFrom2Nix
-, buildLuarocksPackage
-, lua51Packages
+, lua
, toVimPlugin
}:
let
@@ -19,16 +17,21 @@ in
, ...
}@attrs:
let
- originalLuaDrv = lua51Packages.${luaAttr};
- luaDrv = lua51Packages.luaLib.overrideLuarocks originalLuaDrv (drv: {
+ originalLuaDrv = lua.pkgs.${luaAttr};
+
+ luaDrv = (lua.pkgs.luaLib.overrideLuarocks originalLuaDrv (drv: {
extraConfig = ''
-- to create a flat hierarchy
lua_modules_path = "lua"
'';
+ })).overrideAttrs (drv: {
+ version = attrs.version;
+ rockspecVersion = drv.rockspecVersion;
});
- finalDrv = toVimPlugin (luaDrv.overrideAttrs(oa: {
+
+ finalDrv = toVimPlugin (luaDrv.overrideAttrs(oa: attrs // {
nativeBuildInputs = oa.nativeBuildInputs or [] ++ [
- lua51Packages.luarocksMoveDataFolder
+ lua.pkgs.luarocksMoveDataFolder
];
}));
in
diff --git a/pkgs/applications/editors/neovim/utils.nix b/pkgs/applications/editors/neovim/utils.nix
index d5845ac4a66a0..05037eafcb871 100644
--- a/pkgs/applications/editors/neovim/utils.nix
+++ b/pkgs/applications/editors/neovim/utils.nix
@@ -1,11 +1,11 @@
{ lib
-, buildLuarocksPackage
, callPackage
, vimUtils
, nodejs
, neovim-unwrapped
, bundlerEnv
, ruby
+, lua
, python3Packages
, writeText
, wrapNeovimUnstable
@@ -193,7 +193,7 @@ in
inherit legacyWrapper;
buildNeovimPluginFrom2Nix = callPackage ./build-neovim-plugin.nix {
- inherit (vimUtils) buildVimPluginFrom2Nix toVimPlugin;
- inherit buildLuarocksPackage;
+ inherit (vimUtils) toVimPlugin;
+ inherit lua;
};
}
diff --git a/pkgs/applications/editors/vim/plugins/build-vim-plugin.nix b/pkgs/applications/editors/vim/plugins/build-vim-plugin.nix
index 9e7bb1be2d5c8..66234c2c198e1 100644
--- a/pkgs/applications/editors/vim/plugins/build-vim-plugin.nix
+++ b/pkgs/applications/editors/vim/plugins/build-vim-plugin.nix
@@ -8,6 +8,12 @@
}:
rec {
+ addRtp = drv:
+ drv // {
+ rtp = lib.warn "`rtp` attribute is deprecated, use `outPath` instead." drv.outPath;
+ overrideAttrs = f: addRtp (drv.overrideAttrs f);
+ };
+
buildVimPlugin = attrs@{
name ? "${attrs.pname}-${attrs.version}",
namePrefix ? "vimplugin-",
@@ -36,9 +42,7 @@ rec {
runHook postInstall
'';
});
- in toVimPlugin(drv.overrideAttrs(oa: {
- rtp = "${drv}";
- }));
+ in addRtp (toVimPlugin drv);
buildVimPluginFrom2Nix = attrs: buildVimPlugin ({
# vim plugins may override this
diff --git a/pkgs/applications/editors/vim/plugins/overrides.nix b/pkgs/applications/editors/vim/plugins/overrides.nix
index 850f82f7018ca..e7842669eeb44 100644
--- a/pkgs/applications/editors/vim/plugins/overrides.nix
+++ b/pkgs/applications/editors/vim/plugins/overrides.nix
@@ -668,8 +668,6 @@ self: super: {
inherit parinfer-rust;
- # plenary-nvim = super.toVimPlugin(luaPackages.plenary-nvim);
-
plenary-nvim = super.plenary-nvim.overrideAttrs (old: {
postPatch = ''
sed -Ei lua/plenary/curl.lua \
diff --git a/pkgs/applications/editors/vim/plugins/vim-utils.nix b/pkgs/applications/editors/vim/plugins/vim-utils.nix
index 2e482cdf7df5b..09c5527cd0ec2 100644
--- a/pkgs/applications/editors/vim/plugins/vim-utils.nix
+++ b/pkgs/applications/editors/vim/plugins/vim-utils.nix
@@ -243,10 +243,10 @@ let
*/
plugImpl =
''
- source ${vimPlugins.vim-plug.rtp}/plug.vim
+ source ${vimPlugins.vim-plug}/plug.vim
silent! call plug#begin('/dev/null')
- '' + (lib.concatMapStringsSep "\n" (pkg: "Plug '${pkg.rtp}'") plug.plugins) + ''
+ '' + (lib.concatMapStringsSep "\n" (pkg: "Plug '${pkg}'") plug.plugins) + ''
call plug#end()
'';
diff --git a/pkgs/applications/editors/vim/vimacs.nix b/pkgs/applications/editors/vim/vimacs.nix
index 6eb995f86e068..f8a087cbe6ee0 100644
--- a/pkgs/applications/editors/vim/vimacs.nix
+++ b/pkgs/applications/editors/vim/vimacs.nix
@@ -17,7 +17,7 @@ stdenv.mkDerivation rec {
--replace '-gvim}' '-@bin@/bin/vim -g}' \
--replace '--cmd "let g:VM_Enabled = 1"' \
'--cmd "let g:VM_Enabled = 1" --cmd "set rtp^=@rtp@" ${vimacsExtraArgs}' \
- --replace @rtp@ ${vimPlugins.vimacs.rtp} \
+ --replace @rtp@ ${vimPlugins.vimacs} \
--replace @bin@ ${vimPackage}
for prog in vm gvm gvimacs vmdiff vimacsdiff
do
diff --git a/pkgs/development/python-modules/notifymuch/default.nix b/pkgs/applications/misc/notifymuch/default.nix
similarity index 88%
rename from pkgs/development/python-modules/notifymuch/default.nix
rename to pkgs/applications/misc/notifymuch/default.nix
index bc1610e2ca94e..e94b6f2f156b7 100644
--- a/pkgs/development/python-modules/notifymuch/default.nix
+++ b/pkgs/applications/misc/notifymuch/default.nix
@@ -1,19 +1,16 @@
{ lib
-, buildPythonApplication
-, isPy3k
, fetchFromGitHub
-, notmuch
-, pygobject3
, gobject-introspection
, libnotify
, wrapGAppsHook
, gtk3
+, python3
}:
-buildPythonApplication rec {
+python3.pkgs.buildPythonApplication rec {
pname = "notifymuch";
version = "0.1";
- disabled = !isPy3k;
+ format = "setuptools";
src = fetchFromGitHub {
owner = "kspi";
@@ -24,11 +21,12 @@ buildPythonApplication rec {
};
propagatedBuildInputs = [
- notmuch
- pygobject3
libnotify
gtk3
- ];
+ ] ++ (with python3.pkgs; [
+ notmuch
+ pygobject3
+ ]);
nativeBuildInputs = [
gobject-introspection
diff --git a/pkgs/applications/networking/browsers/ladybird/default.nix b/pkgs/applications/networking/browsers/ladybird/default.nix
index e5d7b8524a135..0bd3cc79df257 100644
--- a/pkgs/applications/networking/browsers/ladybird/default.nix
+++ b/pkgs/applications/networking/browsers/ladybird/default.nix
@@ -5,6 +5,7 @@
, ninja
, unzip
, wrapQtAppsHook
+, libxcrypt
, qtbase
, qttools
, nixosTests
@@ -37,6 +38,7 @@ in gcc11Stdenv.mkDerivation {
];
buildInputs = [
+ libxcrypt
qtbase
];
diff --git a/pkgs/applications/networking/irc/epic5/default.nix b/pkgs/applications/networking/irc/epic5/default.nix
index 9b096eb72e9b0..969a9da46b15c 100644
--- a/pkgs/applications/networking/irc/epic5/default.nix
+++ b/pkgs/applications/networking/irc/epic5/default.nix
@@ -1,4 +1,4 @@
-{ lib, stdenv, fetchurl, openssl, ncurses, libiconv, tcl, coreutils, fetchpatch }:
+{ lib, stdenv, fetchurl, openssl, ncurses, libiconv, tcl, coreutils, fetchpatch, libxcrypt }:
stdenv.mkDerivation rec {
pname = "epic5";
@@ -10,7 +10,7 @@ stdenv.mkDerivation rec {
};
# Darwin needs libiconv, tcl; while Linux build don't
- buildInputs = [ openssl ncurses ]
+ buildInputs = [ openssl ncurses libxcrypt ]
++ lib.optionals stdenv.isDarwin [ libiconv tcl ];
patches = [
diff --git a/pkgs/applications/networking/mailreaders/alpine/default.nix b/pkgs/applications/networking/mailreaders/alpine/default.nix
index 04f1732f7a5b8..7c168340b1ce7 100644
--- a/pkgs/applications/networking/mailreaders/alpine/default.nix
+++ b/pkgs/applications/networking/mailreaders/alpine/default.nix
@@ -1,5 +1,5 @@
{lib, stdenv, fetchurl, ncurses, tcl, openssl, pam, libkrb5
-, openldap
+, openldap, libxcrypt
}:
stdenv.mkDerivation rec {
@@ -12,7 +12,7 @@ stdenv.mkDerivation rec {
};
buildInputs = [
- ncurses tcl openssl pam libkrb5 openldap
+ ncurses tcl openssl pam libkrb5 openldap libxcrypt
];
hardeningDisable = [ "format" ];
diff --git a/pkgs/applications/networking/nntp-proxy/default.nix b/pkgs/applications/networking/nntp-proxy/default.nix
index 626913cd60a43..a3a136a32695c 100644
--- a/pkgs/applications/networking/nntp-proxy/default.nix
+++ b/pkgs/applications/networking/nntp-proxy/default.nix
@@ -1,4 +1,4 @@
-{ lib, stdenv, fetchFromGitHub, libconfig, pkg-config, libevent, openssl }:
+{ lib, stdenv, fetchFromGitHub, libconfig, pkg-config, libevent, openssl, libxcrypt }:
stdenv.mkDerivation {
pname = "nntp-proxy";
@@ -12,7 +12,7 @@ stdenv.mkDerivation {
};
nativeBuildInputs = [ pkg-config ];
- buildInputs = [ libconfig libevent openssl ];
+ buildInputs = [ libconfig libevent openssl libxcrypt ];
installFlags = [ "INSTALL_DIR=$(out)/bin/" ];
diff --git a/pkgs/applications/networking/shellhub-agent/default.nix b/pkgs/applications/networking/shellhub-agent/default.nix
index a04e9a82e8c49..86242b5641e99 100644
--- a/pkgs/applications/networking/shellhub-agent/default.nix
+++ b/pkgs/applications/networking/shellhub-agent/default.nix
@@ -4,6 +4,7 @@
, gitUpdater
, makeWrapper
, openssh
+, libxcrypt
}:
buildGoModule rec {
@@ -31,6 +32,7 @@ buildGoModule rec {
};
nativeBuildInputs = [ makeWrapper ];
+ buildInputs = [ libxcrypt ];
postInstall = ''
wrapProgram $out/bin/agent --prefix PATH : ${lib.makeBinPath [ openssh ]}
diff --git a/pkgs/applications/networking/sync/rsync/default.nix b/pkgs/applications/networking/sync/rsync/default.nix
index bdddfe4f86773..f172a7fc420b6 100644
--- a/pkgs/applications/networking/sync/rsync/default.nix
+++ b/pkgs/applications/networking/sync/rsync/default.nix
@@ -20,12 +20,12 @@
stdenv.mkDerivation rec {
pname = "rsync";
- version = "3.2.5";
+ version = "3.2.6";
src = fetchurl {
# signed with key 0048 C8B0 26D4 C96F 0E58 9C2F 6C85 9FB1 4B96 A8C5
url = "mirror://samba/rsync/src/rsync-${version}.tar.gz";
- sha256 = "sha256-KsTSFjXN95GGe8N3w1ym3af1DZGaWL5FBX/VFgDGmro=";
+ sha256 = "sha256-+zNlurJ4N9Qf6vQulnxXvTpHvI8Qdlo2ce/Wo4NUVNM=";
};
nativeBuildInputs = [ perl ];
diff --git a/pkgs/applications/science/misc/root/5.nix b/pkgs/applications/science/misc/root/5.nix
index 84443645865e8..1b4d6bcd04867 100644
--- a/pkgs/applications/science/misc/root/5.nix
+++ b/pkgs/applications/science/misc/root/5.nix
@@ -14,6 +14,7 @@
, libGL
, zlib
, libxml2
+, libxcrypt
, lz4
, xz
, gsl_1
@@ -33,7 +34,7 @@ stdenv.mkDerivation rec {
};
nativeBuildInputs = [ cmake pkg-config ];
- buildInputs = [ pcre python2 zlib libxml2 lz4 xz gsl_1 xxHash ]
+ buildInputs = [ pcre python2 zlib libxml2 lz4 xz gsl_1 xxHash libxcrypt ]
++ lib.optionals (!stdenv.isDarwin) [ libX11 libXpm libXft libXext libGLU libGL ]
++ lib.optionals (stdenv.isDarwin) [ Cocoa OpenGL ]
;
diff --git a/pkgs/applications/science/misc/root/default.nix b/pkgs/applications/science/misc/root/default.nix
index 457b571be922a..5ae80c745bdce 100644
--- a/pkgs/applications/science/misc/root/default.nix
+++ b/pkgs/applications/science/misc/root/default.nix
@@ -16,6 +16,7 @@
, libXext
, libGLU
, libGL
+, libxcrypt
, libxml2
, llvm_9
, lz4
@@ -72,6 +73,7 @@ stdenv.mkDerivation rec {
zlib
zstd
lapack
+ libxcrypt
libxml2
_llvm_9
lz4
diff --git a/pkgs/applications/science/networking/sumo/default.nix b/pkgs/applications/science/networking/sumo/default.nix
index 9cdf576b9c682..7c5794eb8e831 100644
--- a/pkgs/applications/science/networking/sumo/default.nix
+++ b/pkgs/applications/science/networking/sumo/default.nix
@@ -1,7 +1,7 @@
{ lib, bzip2, cmake, eigen, fetchFromGitHub, ffmpeg, fox_1_6, gdal,
git, gl2ps, gpp , gtest, jdk, libGL, libGLU, libX11, libjpeg,
- libpng, libtiff, openscenegraph , proj, python3, python37Packages,
- stdenv, swig, xercesc, xorg, zlib }:
+ libpng, libtiff, libxcrypt, openscenegraph , proj, python3,
+ python37Packages, stdenv, swig, xercesc, xorg, zlib }:
stdenv.mkDerivation rec {
pname = "sumo";
@@ -36,6 +36,7 @@ stdenv.mkDerivation rec {
libjpeg
libpng
libtiff
+ libxcrypt
openscenegraph
proj
python37Packages.setuptools
diff --git a/pkgs/applications/version-management/git-and-tools/git/default.nix b/pkgs/applications/version-management/git-and-tools/git/default.nix
index 9b2c755b1091a..441727ad5bccb 100644
--- a/pkgs/applications/version-management/git-and-tools/git/default.nix
+++ b/pkgs/applications/version-management/git-and-tools/git/default.nix
@@ -28,7 +28,7 @@ assert sendEmailSupport -> perlSupport;
assert svnSupport -> perlSupport;
let
- version = "2.37.3";
+ version = "2.38.0";
svn = subversionClient.override { perlBindings = perlSupport; };
gitwebPerlLibs = with perlPackages; [ CGI HTMLParser CGIFast FCGI FCGIProcManager HTMLTagCloud ];
in
@@ -41,7 +41,7 @@ stdenv.mkDerivation (finalAttrs: {
src = fetchurl {
url = "https://www.kernel.org/pub/software/scm/git/git-${version}.tar.xz";
- sha256 = "sha256-gUZB1/YWWc+8F4JdBGJJnKFAPjn/U9dqhRIFDmSD6Ho=";
+ sha256 = "sha256-kj6t4msYFN540GvajgqfXai3xLMEs/kFD/tGTwMQMgo=";
};
outputs = [ "out" ] ++ lib.optional withManual "doc";
diff --git a/pkgs/applications/video/kodi/unwrapped.nix b/pkgs/applications/video/kodi/unwrapped.nix
index a37e5c92e241f..a272f90bd3334 100644
--- a/pkgs/applications/video/kodi/unwrapped.nix
+++ b/pkgs/applications/video/kodi/unwrapped.nix
@@ -1,6 +1,6 @@
{ stdenv, lib, fetchFromGitHub, autoconf, automake, libtool, makeWrapper
, pkg-config, cmake, yasm, python3Packages
-, libgcrypt, libgpg-error, libunistring
+, libxcrypt, libgcrypt, libgpg-error, libunistring
, boost, avahi, lame
, gettext, pcre-cpp, yajl, fribidi, which
, openssl, gperf, tinyxml2, taglib, libssh, swig, jre_headless
@@ -131,7 +131,7 @@ in stdenv.mkDerivation {
sqlite libmysqlclient avahi lame
curl bzip2 zip unzip glxinfo
libcec libcec_platform dcadec libuuid
- libgcrypt libgpg-error libunistring
+ libxcrypt libgcrypt libgpg-error libunistring
libcrossguid libplist
bluez giflib glib harfbuzz lcms2 libpthreadstubs
ffmpeg flatbuffers fstrcmp rapidjson
diff --git a/pkgs/applications/virtualization/open-vm-tools/default.nix b/pkgs/applications/virtualization/open-vm-tools/default.nix
index d62964d109599..7755795306a67 100644
--- a/pkgs/applications/virtualization/open-vm-tools/default.nix
+++ b/pkgs/applications/virtualization/open-vm-tools/default.nix
@@ -1,6 +1,6 @@
{ stdenv, lib, fetchFromGitHub, makeWrapper, autoreconfHook
, bash, fuse3, libmspack, openssl, pam, xercesc, icu, libdnet, procps, libtirpc, rpcsvc-proto
-, libX11, libXext, libXinerama, libXi, libXrender, libXrandr, libXtst
+, libX11, libXext, libXinerama, libXi, libXrender, libXrandr, libXtst, libxcrypt
, pkg-config, glib, gdk-pixbuf-xlib, gtk3, gtkmm3, iproute2, dbus, systemd, which
, libdrm, udev, util-linux
, withX ? true
@@ -22,7 +22,7 @@ stdenv.mkDerivation rec {
outputs = [ "out" "dev" ];
nativeBuildInputs = [ autoreconfHook makeWrapper pkg-config ];
- buildInputs = [ fuse3 glib icu libdnet libdrm libmspack libtirpc openssl pam procps rpcsvc-proto udev xercesc ]
+ buildInputs = [ fuse3 glib icu libdnet libdrm libmspack libtirpc libxcrypt openssl pam procps rpcsvc-proto udev xercesc ]
++ lib.optionals withX [ gdk-pixbuf-xlib gtk3 gtkmm3 libX11 libXext libXinerama libXi libXrender libXrandr libXtst ];
postPatch = ''
diff --git a/pkgs/applications/window-managers/sawfish/default.nix b/pkgs/applications/window-managers/sawfish/default.nix
index f75d7ec5d1bd7..ef001787a596f 100644
--- a/pkgs/applications/window-managers/sawfish/default.nix
+++ b/pkgs/applications/window-managers/sawfish/default.nix
@@ -8,6 +8,7 @@
, imlib
, libICE
, libSM
+, libxcrypt
, libXinerama
, libXrandr
, libXtst
@@ -44,6 +45,7 @@ stdenv.mkDerivation rec {
imlib
libICE
libSM
+ libxcrypt
libXinerama
libXrandr
libXtst
diff --git a/pkgs/build-support/cc-wrapper/add-hardening.sh b/pkgs/build-support/cc-wrapper/add-hardening.sh
index e5d296f6c9c52..b23fda1fed756 100644
--- a/pkgs/build-support/cc-wrapper/add-hardening.sh
+++ b/pkgs/build-support/cc-wrapper/add-hardening.sh
@@ -38,7 +38,9 @@ for flag in "${!hardeningEnableMap[@]}"; do
case $flag in
fortify)
if (( "${NIX_DEBUG:-0}" >= 1 )); then echo HARDENING: enabling fortify >&2; fi
- hardeningCFlags+=('-O2' '-D_FORTIFY_SOURCE=2')
+ # Use -U_FORTIFY_SOURCE to avoid warnings on toolchains that explicitly
+ # set -D_FORTIFY_SOURCE=0 (like 'clang -fsanitize=address').
+ hardeningCFlags+=('-O2' '-U_FORTIFY_SOURCE' '-D_FORTIFY_SOURCE=2')
;;
stackprotector)
if (( "${NIX_DEBUG:-0}" >= 1 )); then echo HARDENING: enabling stackprotector >&2; fi
diff --git a/pkgs/build-support/cc-wrapper/setup-hook.sh b/pkgs/build-support/cc-wrapper/setup-hook.sh
index 6a913cc4eac72..94ca721cd914c 100644
--- a/pkgs/build-support/cc-wrapper/setup-hook.sh
+++ b/pkgs/build-support/cc-wrapper/setup-hook.sh
@@ -69,10 +69,12 @@ ccWrapper_addCVars () {
getHostRoleEnvHook
if [ -d "$1/include" ]; then
+ (! echo "$NIX_CFLAGS_COMPILE" | grep -q -F "$1/include") &&
export NIX_CFLAGS_COMPILE${role_post}+=" -isystem $1/include"
fi
if [ -d "$1/Library/Frameworks" ]; then
+ (! echo "$NIX_CFLAGS_COMPILE" | grep -q -F "$1/Library/Frameworks") &&
export NIX_CFLAGS_COMPILE${role_post}+=" -iframework $1/Library/Frameworks"
fi
}
diff --git a/pkgs/build-support/setup-hooks/auto-patchelf.py b/pkgs/build-support/setup-hooks/auto-patchelf.py
index 861d772698d04..efb65a809962d 100644
--- a/pkgs/build-support/setup-hooks/auto-patchelf.py
+++ b/pkgs/build-support/setup-hooks/auto-patchelf.py
@@ -5,6 +5,7 @@
import pprint
import subprocess
import sys
+from fnmatch import fnmatch
from collections import defaultdict
from contextlib import contextmanager
from dataclasses import dataclass
@@ -265,8 +266,10 @@ def auto_patchelf(
print(f"auto-patchelf: {len(missing)} dependencies could not be satisfied")
failure = False
for dep in missing:
- if dep.name.name in ignore_missing or "*" in ignore_missing:
- print(f"warn: auto-patchelf ignoring missing {dep.name} wanted by {dep.file}")
+ for pattern in ignore_missing:
+ if fnmatch(dep.name.name, pattern):
+ print(f"warn: auto-patchelf ignoring missing {dep.name} wanted by {dep.file}")
+ break
else:
print(f"error: auto-patchelf could not satisfy dependency {dep.name} wanted by {dep.file}")
failure = True
diff --git a/pkgs/build-support/setup-hooks/auto-patchelf.sh b/pkgs/build-support/setup-hooks/auto-patchelf.sh
index b56f9ce2dbf4c..7f5ff146e30b6 100644
--- a/pkgs/build-support/setup-hooks/auto-patchelf.sh
+++ b/pkgs/build-support/setup-hooks/auto-patchelf.sh
@@ -53,7 +53,7 @@ autoPatchelf() {
esac
done
- local ignoreMissingDepsArray=($autoPatchelfIgnoreMissingDeps)
+ readarray -td' ' ignoreMissingDepsArray < <(echo -n "$autoPatchelfIgnoreMissingDeps")
if [ "$autoPatchelfIgnoreMissingDeps" == "1" ]; then
echo "autoPatchelf: WARNING: setting 'autoPatchelfIgnoreMissingDeps" \
"= true;' is deprecated and will be removed in a future release." \
diff --git a/pkgs/desktops/cdesktopenv/default.nix b/pkgs/desktops/cdesktopenv/default.nix
index acb423f44bd35..2eb54d018bc69 100644
--- a/pkgs/desktops/cdesktopenv/default.nix
+++ b/pkgs/desktops/cdesktopenv/default.nix
@@ -3,7 +3,7 @@
, xorgproto, libX11, bison, ksh, perl, gnum4
, libXinerama, libXt, libXext, libtirpc, motif, libXft, xbitmaps
, libjpeg, libXmu, libXdmcp, libXScrnSaver, symlinkJoin, bdftopcf
-, ncompress, mkfontdir, tcl, libXaw, gcc, glibcLocales
+, ncompress, mkfontdir, tcl, libXaw, libxcrypt, gcc, glibcLocales
, autoPatchelfHook, libredirect, makeWrapper, xset, xrdb, fakeroot
, rpcsvc-proto }:
@@ -40,7 +40,7 @@ in stdenv.mkDerivation rec {
buildInputs = [
libX11 libXinerama libXt libXext libtirpc motif libXft xbitmaps
- libjpeg libXmu libXdmcp libXScrnSaver tcl libXaw ksh
+ libjpeg libXmu libXdmcp libXScrnSaver tcl libXaw ksh libxcrypt
];
nativeBuildInputs = [
bison ncompress autoPatchelfHook makeWrapper fakeroot
diff --git a/pkgs/desktops/gnome-2/platform/libgnomeui/default.nix b/pkgs/desktops/gnome-2/platform/libgnomeui/default.nix
index f59bee32929bc..29ed44431c31d 100644
--- a/pkgs/desktops/gnome-2/platform/libgnomeui/default.nix
+++ b/pkgs/desktops/gnome-2/platform/libgnomeui/default.nix
@@ -1,4 +1,4 @@
-{ lib, stdenv, fetchurl, fetchpatch, pkg-config, libxml2, xlibsWrapper, glib, pango
+{ lib, stdenv, fetchurl, fetchpatch, pkg-config, libxml2, xorg, glib, pango
, intltool, libgnome, libgnomecanvas, libbonoboui, GConf, libtool
, gnome_vfs, libgnome-keyring, libglade }:
@@ -23,7 +23,7 @@ stdenv.mkDerivation rec {
nativeBuildInputs = [ pkg-config intltool ];
buildInputs =
- [ xlibsWrapper libxml2 GConf pango glib libgnome-keyring libglade libtool ];
+ [ xorg.libX11 xorg.libSM xorg.libICE libxml2 GConf pango glib libgnome-keyring libglade libtool ];
propagatedBuildInputs = [ libgnome libbonoboui libgnomecanvas gnome_vfs ];
}
diff --git a/pkgs/development/compilers/gcc/10/default.nix b/pkgs/development/compilers/gcc/10/default.nix
index 78728c3c592b0..207860b90c0ec 100644
--- a/pkgs/development/compilers/gcc/10/default.nix
+++ b/pkgs/development/compilers/gcc/10/default.nix
@@ -26,6 +26,7 @@
, gnused ? null
, cloog # unused; just for compat with gcc4, as we override the parameter on some places
, buildPackages
+, libxcrypt
}:
# Make sure we get GNU sed.
@@ -172,7 +173,7 @@ stdenv.mkDerivation ({
++ optional targetPlatform.isLinux patchelf;
buildInputs = [
- gmp mpfr libmpc
+ gmp mpfr libmpc libxcrypt
targetPackages.stdenv.cc.bintools # For linking code at run-time
] ++ (optional (isl != null) isl)
++ (optional (zlib != null) zlib)
@@ -182,10 +183,12 @@ stdenv.mkDerivation ({
NIX_LDFLAGS = lib.optionalString hostPlatform.isSunOS "-lm -ldl";
- preConfigure = import ../common/pre-configure.nix {
+ preConfigure = (import ../common/pre-configure.nix {
inherit lib;
inherit version targetPlatform hostPlatform gnatboot langAda langGo langJit crossStageStatic enableMultilib;
- };
+ }) + ''
+ ln -sf ${libxcrypt}/include/crypt.h libsanitizer/sanitizer_common/crypt.h
+ '';
dontDisableStatic = true;
diff --git a/pkgs/development/compilers/gcc/11/default.nix b/pkgs/development/compilers/gcc/11/default.nix
index 3a61c5820b111..3b03e185dd86f 100644
--- a/pkgs/development/compilers/gcc/11/default.nix
+++ b/pkgs/development/compilers/gcc/11/default.nix
@@ -26,6 +26,7 @@
, gnused ? null
, cloog # unused; just for compat with gcc4, as we override the parameter on some places
, buildPackages
+, libxcrypt
}:
# Make sure we get GNU sed.
@@ -180,7 +181,7 @@ stdenv.mkDerivation ({
++ optional targetPlatform.isLinux patchelf;
buildInputs = [
- gmp mpfr libmpc
+ gmp mpfr libmpc libxcrypt
targetPackages.stdenv.cc.bintools # For linking code at run-time
] ++ (optional (isl != null) isl)
++ (optional (zlib != null) zlib)
@@ -190,10 +191,12 @@ stdenv.mkDerivation ({
NIX_LDFLAGS = lib.optionalString hostPlatform.isSunOS "-lm -ldl";
- preConfigure = import ../common/pre-configure.nix {
+ preConfigure = (import ../common/pre-configure.nix {
inherit lib;
inherit version targetPlatform hostPlatform gnatboot langAda langGo langJit crossStageStatic enableMultilib;
- };
+ }) + ''
+ ln -sf ${libxcrypt}/include/crypt.h libsanitizer/sanitizer_common/crypt.h
+ '';
dontDisableStatic = true;
diff --git a/pkgs/development/compilers/gcc/12/default.nix b/pkgs/development/compilers/gcc/12/default.nix
index 10ce704382a79..c7fcd5475ade6 100644
--- a/pkgs/development/compilers/gcc/12/default.nix
+++ b/pkgs/development/compilers/gcc/12/default.nix
@@ -26,6 +26,7 @@
, gnused ? null
, cloog # unused; just for compat with gcc4, as we override the parameter on some places
, buildPackages
+, libxcrypt
}:
# Make sure we get GNU sed.
@@ -173,7 +174,7 @@ stdenv.mkDerivation ({
++ optional targetPlatform.isLinux patchelf;
buildInputs = [
- gmp mpfr libmpc
+ gmp mpfr libmpc libxcrypt
targetPackages.stdenv.cc.bintools # For linking code at run-time
] ++ (optional (isl != null) isl)
++ (optional (zlib != null) zlib)
@@ -183,10 +184,13 @@ stdenv.mkDerivation ({
NIX_LDFLAGS = lib.optionalString hostPlatform.isSunOS "-lm -ldl";
- preConfigure = import ../common/pre-configure.nix {
+
+ preConfigure = (import ../common/pre-configure.nix {
inherit lib;
inherit version targetPlatform hostPlatform gnatboot langAda langGo langJit crossStageStatic enableMultilib;
- };
+ }) + ''
+ ln -sf ${libxcrypt}/include/crypt.h libsanitizer/sanitizer_common/crypt.h
+ '';
dontDisableStatic = true;
diff --git a/pkgs/development/compilers/go/1.18.nix b/pkgs/development/compilers/go/1.18.nix
index c3ec8ceac009d..7490aa8a2484e 100644
--- a/pkgs/development/compilers/go/1.18.nix
+++ b/pkgs/development/compilers/go/1.18.nix
@@ -45,11 +45,11 @@ let
in
stdenv.mkDerivation rec {
pname = "go";
- version = "1.18.6";
+ version = "1.18.7";
src = fetchurl {
url = "https://go.dev/dl/go${version}.src.tar.gz";
- sha256 = "sha256-p/HVBCQ1XavOZtERKxyuQ5tu5eTxXtum8QTApLFz6JU=";
+ sha256 = "sha256-lGfjO4Gfcb67IfsO4d1nlP0iRK6UkHqYQoZxL5g5qUQ=";
};
strictDeps = true;
diff --git a/pkgs/development/compilers/llvm/10/compiler-rt/default.nix b/pkgs/development/compilers/llvm/10/compiler-rt/default.nix
index d74aa519b769e..4ae59a4317705 100644
--- a/pkgs/development/compilers/llvm/10/compiler-rt/default.nix
+++ b/pkgs/development/compilers/llvm/10/compiler-rt/default.nix
@@ -1,4 +1,4 @@
-{ lib, stdenv, llvm_meta, version, fetch, cmake, python3, libllvm, libcxxabi }:
+{ lib, stdenv, llvm_meta, version, fetch, cmake, python3, libllvm, libcxxabi, libxcrypt }:
let
@@ -25,6 +25,8 @@ stdenv.mkDerivation {
"-DCOMPILER_RT_DEFAULT_TARGET_ONLY=ON"
"-DCMAKE_C_COMPILER_TARGET=${stdenv.hostPlatform.config}"
"-DCMAKE_ASM_COMPILER_TARGET=${stdenv.hostPlatform.config}"
+ ] ++ lib.optionals (haveLibc && !isMusl) [
+ "-DSANITIZER_COMMON_CFLAGS=-I${libxcrypt}/include"
] ++ lib.optionals (useLLVM || bareMetal || isMusl) [
"-DCOMPILER_RT_BUILD_SANITIZERS=OFF"
"-DCOMPILER_RT_BUILD_XRAY=OFF"
diff --git a/pkgs/development/compilers/llvm/10/libcxxabi/default.nix b/pkgs/development/compilers/llvm/10/libcxxabi/default.nix
index 482ced8e0c3fc..c61f48485580f 100644
--- a/pkgs/development/compilers/llvm/10/libcxxabi/default.nix
+++ b/pkgs/development/compilers/llvm/10/libcxxabi/default.nix
@@ -42,11 +42,21 @@ stdenv.mkDerivation {
preInstall = lib.optionalString stdenv.isDarwin ''
for file in lib/*.dylib; do
+ # Fix up the install name. Preserve the basename, just replace the path.
+ installName="$out/lib/$(basename $(otool -D $file | tail -n 1))"
+
# this should be done in CMake, but having trouble figuring out
# the magic combination of necessary CMake variables
# if you fancy a try, take a look at
# https://gitlab.kitware.com/cmake/community/-/wikis/doc/cmake/RPATH-handling
- install_name_tool -id $out/$file $file
+ ${stdenv.cc.targetPrefix}install_name_tool -id $installName $file
+
+ # cc-wrapper passes '-lc++abi' to all c++ link steps, but that causes
+ # libcxxabi to sometimes link against a different version of itself.
+ # Here we simply make that second reference point to ourselves.
+ for other in $(otool -L $file | awk '$1 ~ "/libc\\+\\+abi" { print $1 }'); do
+ ${stdenv.cc.targetPrefix}install_name_tool -change $other $installName $file
+ done
done
'';
diff --git a/pkgs/development/compilers/llvm/11/compiler-rt/default.nix b/pkgs/development/compilers/llvm/11/compiler-rt/default.nix
index 4968c8bcfbd8e..6790910ee8304 100644
--- a/pkgs/development/compilers/llvm/11/compiler-rt/default.nix
+++ b/pkgs/development/compilers/llvm/11/compiler-rt/default.nix
@@ -1,4 +1,4 @@
-{ lib, stdenv, llvm_meta, version, fetch, cmake, python3, libllvm, libcxxabi }:
+{ lib, stdenv, llvm_meta, version, fetch, cmake, python3, xcbuild, libllvm, libcxxabi, libxcrypt }:
let
@@ -15,7 +15,8 @@ stdenv.mkDerivation {
inherit version;
src = fetch "compiler-rt" "0x1j8ngf1zj63wlnns9vlibafq48qcm72p4jpaxkmkb4qw0grwfy";
- nativeBuildInputs = [ cmake python3 libllvm.dev ];
+ nativeBuildInputs = [ cmake python3 libllvm.dev ]
+ ++ lib.optional stdenv.isDarwin xcbuild.xcrun;
NIX_CFLAGS_COMPILE = [
"-DSCUDO_DEFAULT_OPTIONS=DeleteSizeMismatch=0:DeallocationTypeMismatch=0"
@@ -25,6 +26,8 @@ stdenv.mkDerivation {
"-DCOMPILER_RT_DEFAULT_TARGET_ONLY=ON"
"-DCMAKE_C_COMPILER_TARGET=${stdenv.hostPlatform.config}"
"-DCMAKE_ASM_COMPILER_TARGET=${stdenv.hostPlatform.config}"
+ ] ++ lib.optionals (haveLibc && !isMusl) [
+ "-DSANITIZER_COMMON_CFLAGS=-I${libxcrypt}/include"
] ++ lib.optionals (useLLVM || bareMetal || isMusl || isNewDarwinBootstrap) [
"-DCOMPILER_RT_BUILD_SANITIZERS=OFF"
"-DCOMPILER_RT_BUILD_XRAY=OFF"
@@ -59,8 +62,9 @@ stdenv.mkDerivation {
# extra `/`.
./normalize-var.patch
../../common/compiler-rt/libsanitizer-no-cyclades-11.patch
- ] ++ lib.optional stdenv.hostPlatform.isAarch32 ./armv7l.patch;
-
+ ../../common/compiler-rt/darwin-plistbuddy-workaround.patch
+ ./armv7l.patch
+ ];
preConfigure = lib.optionalString stdenv.hostPlatform.isDarwin ''
cmakeFlagsArray+=("-DCMAKE_LIPO=$(command -v ${stdenv.cc.targetPrefix}lipo)")
@@ -75,8 +79,6 @@ stdenv.mkDerivation {
substituteInPlace cmake/builtin-config-ix.cmake \
--replace 'set(X86 i386)' 'set(X86 i386 i486 i586 i686)'
'' + lib.optionalString stdenv.isDarwin ''
- substituteInPlace cmake/builtin-config-ix.cmake \
- --replace 'foreach(arch ''${ARM64})' 'foreach(arch)'
substituteInPlace cmake/config-ix.cmake \
--replace 'set(COMPILER_RT_HAS_TSAN TRUE)' 'set(COMPILER_RT_HAS_TSAN FALSE)'
'' + lib.optionalString (useLLVM) ''
diff --git a/pkgs/development/compilers/llvm/11/libcxxabi/default.nix b/pkgs/development/compilers/llvm/11/libcxxabi/default.nix
index 6c4ca925ab116..2359820dddecd 100644
--- a/pkgs/development/compilers/llvm/11/libcxxabi/default.nix
+++ b/pkgs/development/compilers/llvm/11/libcxxabi/default.nix
@@ -46,11 +46,21 @@ stdenv.mkDerivation {
preInstall = lib.optionalString stdenv.isDarwin ''
for file in lib/*.dylib; do
+ # Fix up the install name. Preserve the basename, just replace the path.
+ installName="$out/lib/$(basename $(otool -D $file | tail -n 1))"
+
# this should be done in CMake, but having trouble figuring out
# the magic combination of necessary CMake variables
# if you fancy a try, take a look at
# https://gitlab.kitware.com/cmake/community/-/wikis/doc/cmake/RPATH-handling
- install_name_tool -id $out/$file $file
+ ${stdenv.cc.targetPrefix}install_name_tool -id $installName $file
+
+ # cc-wrapper passes '-lc++abi' to all c++ link steps, but that causes
+ # libcxxabi to sometimes link against a different version of itself.
+ # Here we simply make that second reference point to ourselves.
+ for other in $(otool -L $file | awk '$1 ~ "/libc\\+\\+abi" { print $1 }'); do
+ ${stdenv.cc.targetPrefix}install_name_tool -change $other $installName $file
+ done
done
'';
diff --git a/pkgs/development/compilers/llvm/12/compiler-rt/default.nix b/pkgs/development/compilers/llvm/12/compiler-rt/default.nix
index d1497e6db1e34..ed34d06ed9861 100644
--- a/pkgs/development/compilers/llvm/12/compiler-rt/default.nix
+++ b/pkgs/development/compilers/llvm/12/compiler-rt/default.nix
@@ -1,4 +1,4 @@
-{ lib, stdenv, llvm_meta, version, fetch, cmake, python3, libllvm, libcxxabi }:
+{ lib, stdenv, llvm_meta, version, fetch, cmake, python3, xcbuild, libllvm, libcxxabi, libxcrypt }:
let
@@ -14,7 +14,8 @@ stdenv.mkDerivation {
inherit version;
src = fetch "compiler-rt" "1950rg294izdwkaasi7yjrmadc9mzdd5paf0q63jjcq2m3rdbj5l";
- nativeBuildInputs = [ cmake python3 libllvm.dev ];
+ nativeBuildInputs = [ cmake python3 libllvm.dev ]
+ ++ lib.optional stdenv.isDarwin xcbuild.xcrun;
buildInputs = lib.optional stdenv.hostPlatform.isDarwin libcxxabi;
NIX_CFLAGS_COMPILE = [
@@ -25,6 +26,8 @@ stdenv.mkDerivation {
"-DCOMPILER_RT_DEFAULT_TARGET_ONLY=ON"
"-DCMAKE_C_COMPILER_TARGET=${stdenv.hostPlatform.config}"
"-DCMAKE_ASM_COMPILER_TARGET=${stdenv.hostPlatform.config}"
+ ] ++ lib.optionals (haveLibc && !isMusl) [
+ "-DSANITIZER_COMMON_CFLAGS=-I${libxcrypt}/include"
] ++ lib.optionals (useLLVM || bareMetal || isMusl) [
"-DCOMPILER_RT_BUILD_SANITIZERS=OFF"
"-DCOMPILER_RT_BUILD_XRAY=OFF"
@@ -59,7 +62,9 @@ stdenv.mkDerivation {
# ld-wrapper dislikes `-rpath-link //nix/store`, so we normalize away the
# extra `/`.
./normalize-var.patch
- ] ++ lib.optional stdenv.hostPlatform.isAarch32 ./armv7l.patch;
+ ../../common/compiler-rt/darwin-plistbuddy-workaround.patch
+ ./armv7l.patch
+ ];
# TSAN requires XPC on Darwin, which we have no public/free source files for. We can depend on the Apple frameworks
# to get it, but they're unfree. Since LLVM is rather central to the stdenv, we patch out TSAN support so that Hydra
@@ -70,8 +75,6 @@ stdenv.mkDerivation {
substituteInPlace cmake/builtin-config-ix.cmake \
--replace 'set(X86 i386)' 'set(X86 i386 i486 i586 i686)'
'' + lib.optionalString stdenv.isDarwin ''
- substituteInPlace cmake/builtin-config-ix.cmake \
- --replace 'set(ARM64 arm64 arm64e)' 'set(ARM64)'
substituteInPlace cmake/config-ix.cmake \
--replace 'set(COMPILER_RT_HAS_TSAN TRUE)' 'set(COMPILER_RT_HAS_TSAN FALSE)'
'' + lib.optionalString (useLLVM) ''
diff --git a/pkgs/development/compilers/llvm/12/libcxxabi/default.nix b/pkgs/development/compilers/llvm/12/libcxxabi/default.nix
index 89b56ad230d85..c130a6c1c3115 100644
--- a/pkgs/development/compilers/llvm/12/libcxxabi/default.nix
+++ b/pkgs/development/compilers/llvm/12/libcxxabi/default.nix
@@ -44,11 +44,21 @@ stdenv.mkDerivation {
preInstall = lib.optionalString stdenv.isDarwin ''
for file in lib/*.dylib; do
+ # Fix up the install name. Preserve the basename, just replace the path.
+ installName="$out/lib/$(basename $(otool -D $file | tail -n 1))"
+
# this should be done in CMake, but having trouble figuring out
# the magic combination of necessary CMake variables
# if you fancy a try, take a look at
# https://gitlab.kitware.com/cmake/community/-/wikis/doc/cmake/RPATH-handling
- install_name_tool -id $out/$file $file
+ ${stdenv.cc.targetPrefix}install_name_tool -id $installName $file
+
+ # cc-wrapper passes '-lc++abi' to all c++ link steps, but that causes
+ # libcxxabi to sometimes link against a different version of itself.
+ # Here we simply make that second reference point to ourselves.
+ for other in $(otool -L $file | awk '$1 ~ "/libc\\+\\+abi" { print $1 }'); do
+ ${stdenv.cc.targetPrefix}install_name_tool -change $other $installName $file
+ done
done
'';
diff --git a/pkgs/development/compilers/llvm/13/compiler-rt/default.nix b/pkgs/development/compilers/llvm/13/compiler-rt/default.nix
index 7b9312eecf247..9124686705ae7 100644
--- a/pkgs/development/compilers/llvm/13/compiler-rt/default.nix
+++ b/pkgs/development/compilers/llvm/13/compiler-rt/default.nix
@@ -1,4 +1,4 @@
-{ lib, stdenv, llvm_meta, version, src, cmake, python3, libllvm, libcxxabi }:
+{ lib, stdenv, llvm_meta, version, src, cmake, python3, xcbuild, libllvm, libcxxabi, libxcrypt }:
let
@@ -16,7 +16,8 @@ stdenv.mkDerivation {
inherit src;
sourceRoot = "source/compiler-rt";
- nativeBuildInputs = [ cmake python3 libllvm.dev ];
+ nativeBuildInputs = [ cmake python3 libllvm.dev ]
+ ++ lib.optional stdenv.isDarwin xcbuild.xcrun;
buildInputs = lib.optional stdenv.hostPlatform.isDarwin libcxxabi;
NIX_CFLAGS_COMPILE = [
@@ -27,6 +28,8 @@ stdenv.mkDerivation {
"-DCOMPILER_RT_DEFAULT_TARGET_ONLY=ON"
"-DCMAKE_C_COMPILER_TARGET=${stdenv.hostPlatform.config}"
"-DCMAKE_ASM_COMPILER_TARGET=${stdenv.hostPlatform.config}"
+ ] ++ lib.optionals (haveLibc && !isMusl) [
+ "-DSANITIZER_COMMON_CFLAGS=-I${libxcrypt}/include"
] ++ lib.optionals (useLLVM || bareMetal || isMusl || isAarch64) [
"-DCOMPILER_RT_BUILD_LIBFUZZER=OFF"
] ++ lib.optionals (useLLVM || bareMetal || isMusl) [
@@ -62,9 +65,11 @@ stdenv.mkDerivation {
# ld-wrapper dislikes `-rpath-link //nix/store`, so we normalize away the
# extra `/`.
./normalize-var.patch
- ] # Prevent a compilation error on darwin
- ++ lib.optional stdenv.hostPlatform.isDarwin ./darwin-targetconditionals.patch
- ++ lib.optional stdenv.hostPlatform.isAarch32 ./armv7l.patch;
+ # Prevent a compilation error on darwin
+ ./darwin-targetconditionals.patch
+ ../../common/compiler-rt/darwin-plistbuddy-workaround.patch
+ ./armv7l.patch
+ ];
# TSAN requires XPC on Darwin, which we have no public/free source files for. We can depend on the Apple frameworks
# to get it, but they're unfree. Since LLVM is rather central to the stdenv, we patch out TSAN support so that Hydra
@@ -75,8 +80,6 @@ stdenv.mkDerivation {
substituteInPlace cmake/builtin-config-ix.cmake \
--replace 'set(X86 i386)' 'set(X86 i386 i486 i586 i686)'
'' + lib.optionalString stdenv.isDarwin ''
- substituteInPlace cmake/builtin-config-ix.cmake \
- --replace 'set(ARM64 arm64 arm64e)' 'set(ARM64)'
substituteInPlace cmake/config-ix.cmake \
--replace 'set(COMPILER_RT_HAS_TSAN TRUE)' 'set(COMPILER_RT_HAS_TSAN FALSE)'
'' + lib.optionalString (useLLVM) ''
diff --git a/pkgs/development/compilers/llvm/13/libcxxabi/default.nix b/pkgs/development/compilers/llvm/13/libcxxabi/default.nix
index 16ea0b113c754..5da86b96d5a72 100644
--- a/pkgs/development/compilers/llvm/13/libcxxabi/default.nix
+++ b/pkgs/development/compilers/llvm/13/libcxxabi/default.nix
@@ -41,11 +41,21 @@ stdenv.mkDerivation rec {
preInstall = lib.optionalString stdenv.isDarwin ''
for file in lib/*.dylib; do
+ # Fix up the install name. Preserve the basename, just replace the path.
+ installName="$out/lib/$(basename $(otool -D $file | tail -n 1))"
+
# this should be done in CMake, but having trouble figuring out
# the magic combination of necessary CMake variables
# if you fancy a try, take a look at
# https://gitlab.kitware.com/cmake/community/-/wikis/doc/cmake/RPATH-handling
- install_name_tool -id $out/$file $file
+ ${stdenv.cc.targetPrefix}install_name_tool -id $installName $file
+
+ # cc-wrapper passes '-lc++abi' to all c++ link steps, but that causes
+ # libcxxabi to sometimes link against a different version of itself.
+ # Here we simply make that second reference point to ourselves.
+ for other in $(otool -L $file | awk '$1 ~ "/libc\\+\\+abi" { print $1 }'); do
+ ${stdenv.cc.targetPrefix}install_name_tool -change $other $installName $file
+ done
done
'';
diff --git a/pkgs/development/compilers/llvm/14/clang/add-nostdlibinc-flag.patch b/pkgs/development/compilers/llvm/14/clang/add-nostdlibinc-flag.patch
new file mode 100644
index 0000000000000..b73cd0185eb6c
--- /dev/null
+++ b/pkgs/development/compilers/llvm/14/clang/add-nostdlibinc-flag.patch
@@ -0,0 +1,18 @@
+diff --git a/lib/Driver/Driver.cpp b/lib/Driver/Driver.cpp
+index 3bfddeefc7b2..05b11d9e562d 100644
+--- a/lib/Driver/Driver.cpp
++++ b/lib/Driver/Driver.cpp
+@@ -482,6 +482,13 @@ DerivedArgList *Driver::TranslateInputArgs(const InputArgList &Args) const {
+ }
+ #endif
+
++ {
++ Arg *A = DAL->MakeFlagArg(/*BaseArg=*/nullptr,
++ Opts.getOption(options::OPT_nostdlibinc));
++ A->claim();
++ DAL->append(A);
++ }
++
+ return DAL;
+ }
+
diff --git a/pkgs/development/compilers/llvm/14/clang/default.nix b/pkgs/development/compilers/llvm/14/clang/default.nix
index 5ff02d68de426..6b775efcc039d 100644
--- a/pkgs/development/compilers/llvm/14/clang/default.nix
+++ b/pkgs/development/compilers/llvm/14/clang/default.nix
@@ -45,6 +45,7 @@ let
./purity.patch
# https://reviews.llvm.org/D51899
./gnu-install-dirs.patch
+ ./add-nostdlibinc-flag.patch
(substituteAll {
src = ../../clang-11-12-LLVMgold-path.patch;
libllvmLibdir = "${libllvm.lib}/lib";
@@ -54,10 +55,6 @@ let
postPatch = ''
(cd tools && ln -s ../../clang-tools-extra extra)
- sed -i -e 's/DriverArgs.hasArg(options::OPT_nostdlibinc)/true/' \
- -e 's/Args.hasArg(options::OPT_nostdlibinc)/true/' \
- lib/Driver/ToolChains/*.cpp
-
# Patch for standalone doc building
sed -i '1s,^,find_package(Sphinx REQUIRED)\n,' docs/CMakeLists.txt
'' + lib.optionalString stdenv.hostPlatform.isMusl ''
diff --git a/pkgs/development/compilers/llvm/14/compiler-rt/default.nix b/pkgs/development/compilers/llvm/14/compiler-rt/default.nix
index 28c77d5ffb39f..ef2495714e451 100644
--- a/pkgs/development/compilers/llvm/14/compiler-rt/default.nix
+++ b/pkgs/development/compilers/llvm/14/compiler-rt/default.nix
@@ -1,6 +1,6 @@
{ lib, stdenv, llvm_meta, version
, monorepoSrc, runCommand
-, cmake, python3, libllvm, libcxxabi
+, cmake, python3, xcbuild, libllvm, libcxxabi, libxcrypt
}:
let
@@ -26,7 +26,8 @@ stdenv.mkDerivation {
inherit src;
sourceRoot = "${src.name}/${baseName}";
- nativeBuildInputs = [ cmake python3 libllvm.dev ];
+ nativeBuildInputs = [ cmake python3 libllvm.dev ]
+ ++ lib.optional stdenv.isDarwin xcbuild.xcrun;
buildInputs = lib.optional stdenv.hostPlatform.isDarwin libcxxabi;
NIX_CFLAGS_COMPILE = [
@@ -37,6 +38,8 @@ stdenv.mkDerivation {
"-DCOMPILER_RT_DEFAULT_TARGET_ONLY=ON"
"-DCMAKE_C_COMPILER_TARGET=${stdenv.hostPlatform.config}"
"-DCMAKE_ASM_COMPILER_TARGET=${stdenv.hostPlatform.config}"
+ ] ++ lib.optionals (haveLibc && !isMusl) [
+ "-DSANITIZER_COMMON_CFLAGS=-I${libxcrypt}/include"
] ++ lib.optionals (useLLVM || bareMetal || isMusl) [
"-DCOMPILER_RT_BUILD_SANITIZERS=OFF"
"-DCOMPILER_RT_BUILD_XRAY=OFF"
@@ -73,9 +76,11 @@ stdenv.mkDerivation {
# ld-wrapper dislikes `-rpath-link //nix/store`, so we normalize away the
# extra `/`.
./normalize-var.patch
- ] # Prevent a compilation error on darwin
- ++ lib.optional stdenv.hostPlatform.isDarwin ./darwin-targetconditionals.patch
- ++ lib.optional stdenv.hostPlatform.isAarch32 ./armv7l.patch;
+ # Prevent a compilation error on darwin
+ ./darwin-targetconditionals.patch
+ ../../common/compiler-rt/darwin-plistbuddy-workaround.patch
+ ./armv7l.patch
+ ];
# TSAN requires XPC on Darwin, which we have no public/free source files for. We can depend on the Apple frameworks
# to get it, but they're unfree. Since LLVM is rather central to the stdenv, we patch out TSAN support so that Hydra
@@ -86,8 +91,6 @@ stdenv.mkDerivation {
substituteInPlace cmake/builtin-config-ix.cmake \
--replace 'set(X86 i386)' 'set(X86 i386 i486 i586 i686)'
'' + lib.optionalString stdenv.isDarwin ''
- substituteInPlace cmake/builtin-config-ix.cmake \
- --replace 'set(ARM64 arm64 arm64e)' 'set(ARM64)'
substituteInPlace cmake/config-ix.cmake \
--replace 'set(COMPILER_RT_HAS_TSAN TRUE)' 'set(COMPILER_RT_HAS_TSAN FALSE)'
'' + lib.optionalString (useLLVM) ''
diff --git a/pkgs/development/compilers/llvm/14/libcxxabi/default.nix b/pkgs/development/compilers/llvm/14/libcxxabi/default.nix
index d64708ab040ae..0487f1d0de83c 100644
--- a/pkgs/development/compilers/llvm/14/libcxxabi/default.nix
+++ b/pkgs/development/compilers/llvm/14/libcxxabi/default.nix
@@ -52,12 +52,23 @@ stdenv.mkDerivation rec {
installPhase = if stdenv.isDarwin
then ''
for file in lib/*.dylib; do
+ # Fix up the install name. Preserve the basename, just replace the path.
+ installName="$out/lib/$(basename $(otool -D $file | tail -n 1))"
+
# this should be done in CMake, but having trouble figuring out
# the magic combination of necessary CMake variables
# if you fancy a try, take a look at
# https://gitlab.kitware.com/cmake/community/-/wikis/doc/cmake/RPATH-handling
- install_name_tool -id $out/$file $file
+ ${stdenv.cc.targetPrefix}install_name_tool -id $installName $file
+
+ # cc-wrapper passes '-lc++abi' to all c++ link steps, but that causes
+ # libcxxabi to sometimes link against a different version of itself.
+ # Here we simply make that second reference point to ourselves.
+ for other in $(otool -L $file | awk '$1 ~ "/libc\\+\\+abi" { print $1 }'); do
+ ${stdenv.cc.targetPrefix}install_name_tool -change $other $installName $file
+ done
done
+
make install
install -d 755 $out/include
install -m 644 ../include/*.h $out/include
diff --git a/pkgs/development/compilers/llvm/5/libcxxabi/default.nix b/pkgs/development/compilers/llvm/5/libcxxabi/default.nix
index 60a41ab2d8303..f2f707ec445d0 100644
--- a/pkgs/development/compilers/llvm/5/libcxxabi/default.nix
+++ b/pkgs/development/compilers/llvm/5/libcxxabi/default.nix
@@ -27,11 +27,21 @@ stdenv.mkDerivation {
preInstall = lib.optionalString stdenv.isDarwin ''
for file in lib/*.dylib; do
+ # Fix up the install name. Preserve the basename, just replace the path.
+ installName="$out/lib/$(basename $(otool -D $file | tail -n 1))"
+
# this should be done in CMake, but having trouble figuring out
# the magic combination of necessary CMake variables
# if you fancy a try, take a look at
# https://gitlab.kitware.com/cmake/community/-/wikis/doc/cmake/RPATH-handling
- install_name_tool -id $out/$file $file
+ ${stdenv.cc.targetPrefix}install_name_tool -id $installName $file
+
+ # cc-wrapper passes '-lc++abi' to all c++ link steps, but that causes
+ # libcxxabi to sometimes link against a different version of itself.
+ # Here we simply make that second reference point to ourselves.
+ for other in $(otool -L $file | awk '$1 ~ "/libc\\+\\+abi" { print $1 }'); do
+ ${stdenv.cc.targetPrefix}install_name_tool -change $other $installName $file
+ done
done
'';
diff --git a/pkgs/development/compilers/llvm/6/libcxxabi/default.nix b/pkgs/development/compilers/llvm/6/libcxxabi/default.nix
index d7de130fbaaf6..63e6eee6f596c 100644
--- a/pkgs/development/compilers/llvm/6/libcxxabi/default.nix
+++ b/pkgs/development/compilers/llvm/6/libcxxabi/default.nix
@@ -27,11 +27,21 @@ stdenv.mkDerivation {
preInstall = lib.optionalString stdenv.isDarwin ''
for file in lib/*.dylib; do
+ # Fix up the install name. Preserve the basename, just replace the path.
+ installName="$out/lib/$(basename $(otool -D $file | tail -n 1))"
+
# this should be done in CMake, but having trouble figuring out
# the magic combination of necessary CMake variables
# if you fancy a try, take a look at
# https://gitlab.kitware.com/cmake/community/-/wikis/doc/cmake/RPATH-handling
- install_name_tool -id $out/$file $file
+ ${stdenv.cc.targetPrefix}install_name_tool -id $installName $file
+
+ # cc-wrapper passes '-lc++abi' to all c++ link steps, but that causes
+ # libcxxabi to sometimes link against a different version of itself.
+ # Here we simply make that second reference point to ourselves.
+ for other in $(otool -L $file | awk '$1 ~ "/libc\\+\\+abi" { print $1 }'); do
+ ${stdenv.cc.targetPrefix}install_name_tool -change $other $installName $file
+ done
done
'';
diff --git a/pkgs/development/compilers/llvm/7/libcxxabi/default.nix b/pkgs/development/compilers/llvm/7/libcxxabi/default.nix
index 1bc9444feda11..721200136a57b 100644
--- a/pkgs/development/compilers/llvm/7/libcxxabi/default.nix
+++ b/pkgs/development/compilers/llvm/7/libcxxabi/default.nix
@@ -46,11 +46,21 @@ stdenv.mkDerivation {
preInstall = lib.optionalString stdenv.isDarwin ''
for file in lib/*.dylib; do
+ # Fix up the install name. Preserve the basename, just replace the path.
+ installName="$out/lib/$(basename $(otool -D $file | tail -n 1))"
+
# this should be done in CMake, but having trouble figuring out
# the magic combination of necessary CMake variables
# if you fancy a try, take a look at
# https://gitlab.kitware.com/cmake/community/-/wikis/doc/cmake/RPATH-handling
- install_name_tool -id $out/$file $file
+ ${stdenv.cc.targetPrefix}install_name_tool -id $installName $file
+
+ # cc-wrapper passes '-lc++abi' to all c++ link steps, but that causes
+ # libcxxabi to sometimes link against a different version of itself.
+ # Here we simply make that second reference point to ourselves.
+ for other in $(otool -L $file | awk '$1 ~ "/libc\\+\\+abi" { print $1 }'); do
+ ${stdenv.cc.targetPrefix}install_name_tool -change $other $installName $file
+ done
done
'';
diff --git a/pkgs/development/compilers/llvm/8/libcxxabi/default.nix b/pkgs/development/compilers/llvm/8/libcxxabi/default.nix
index 50a5eabc17039..5ade8a5ae66f9 100644
--- a/pkgs/development/compilers/llvm/8/libcxxabi/default.nix
+++ b/pkgs/development/compilers/llvm/8/libcxxabi/default.nix
@@ -42,11 +42,21 @@ stdenv.mkDerivation {
preInstall = lib.optionalString stdenv.isDarwin ''
for file in lib/*.dylib; do
+ # Fix up the install name. Preserve the basename, just replace the path.
+ installName="$out/lib/$(basename $(otool -D $file | tail -n 1))"
+
# this should be done in CMake, but having trouble figuring out
# the magic combination of necessary CMake variables
# if you fancy a try, take a look at
# https://gitlab.kitware.com/cmake/community/-/wikis/doc/cmake/RPATH-handling
- install_name_tool -id $out/$file $file
+ ${stdenv.cc.targetPrefix}install_name_tool -id $installName $file
+
+ # cc-wrapper passes '-lc++abi' to all c++ link steps, but that causes
+ # libcxxabi to sometimes link against a different version of itself.
+ # Here we simply make that second reference point to ourselves.
+ for other in $(otool -L $file | awk '$1 ~ "/libc\\+\\+abi" { print $1 }'); do
+ ${stdenv.cc.targetPrefix}install_name_tool -change $other $installName $file
+ done
done
'';
diff --git a/pkgs/development/compilers/llvm/9/libcxxabi/default.nix b/pkgs/development/compilers/llvm/9/libcxxabi/default.nix
index ee6834affbcd3..4a235f5c2ef70 100644
--- a/pkgs/development/compilers/llvm/9/libcxxabi/default.nix
+++ b/pkgs/development/compilers/llvm/9/libcxxabi/default.nix
@@ -42,11 +42,21 @@ stdenv.mkDerivation {
preInstall = lib.optionalString stdenv.isDarwin ''
for file in lib/*.dylib; do
+ # Fix up the install name. Preserve the basename, just replace the path.
+ installName="$out/lib/$(basename $(otool -D $file | tail -n 1))"
+
# this should be done in CMake, but having trouble figuring out
# the magic combination of necessary CMake variables
# if you fancy a try, take a look at
# https://gitlab.kitware.com/cmake/community/-/wikis/doc/cmake/RPATH-handling
- install_name_tool -id $out/$file $file
+ ${stdenv.cc.targetPrefix}install_name_tool -id $installName $file
+
+ # cc-wrapper passes '-lc++abi' to all c++ link steps, but that causes
+ # libcxxabi to sometimes link against a different version of itself.
+ # Here we simply make that second reference point to ourselves.
+ for other in $(otool -L $file | awk '$1 ~ "/libc\\+\\+abi" { print $1 }'); do
+ ${stdenv.cc.targetPrefix}install_name_tool -change $other $installName $file
+ done
done
'';
diff --git a/pkgs/development/compilers/llvm/common/compiler-rt/darwin-plistbuddy-workaround.patch b/pkgs/development/compilers/llvm/common/compiler-rt/darwin-plistbuddy-workaround.patch
new file mode 100644
index 0000000000000..dae8b3a690ac3
--- /dev/null
+++ b/pkgs/development/compilers/llvm/common/compiler-rt/darwin-plistbuddy-workaround.patch
@@ -0,0 +1,25 @@
+CMake tries to read a list field from SDKSettings.plist, but the output of
+xcbuild PlistBuddy is incompatible with Apple's. (Plus we don't want it in our
+dependencies.)
+
+Simply assume ARM64 is supported by the SDK. We already limit the actual archs
+we build for by setting DARWIN_osx_BUILTIN_ARCHS explicitely.
+
+--- a/cmake/builtin-config-ix.cmake
++++ b/cmake/builtin-config-ix.cmake
+@@ -97,14 +97,7 @@ if(APPLE)
+ set(DARWIN_osx_BUILTIN_MIN_VER 10.5)
+ set(DARWIN_osx_BUILTIN_MIN_VER_FLAG
+ -mmacosx-version-min=${DARWIN_osx_BUILTIN_MIN_VER})
+- set(DARWIN_osx_BUILTIN_ALL_POSSIBLE_ARCHS ${X86} ${X86_64})
+- # Add support for arm64 macOS if available in SDK.
+- foreach(arch ${ARM64})
+- sdk_has_arch_support(${DARWIN_osx_SYSROOT} macosx ${arch} MACOS_ARM_SUPPORT)
+- if (MACOS_ARM_SUPPORT)
+- list(APPEND DARWIN_osx_BUILTIN_ALL_POSSIBLE_ARCHS ${arch})
+- endif()
+- endforeach(arch)
++ set(DARWIN_osx_BUILTIN_ALL_POSSIBLE_ARCHS ${X86} ${X86_64} ${ARM64})
+
+ if(COMPILER_RT_ENABLE_IOS)
+ list(APPEND DARWIN_EMBEDDED_PLATFORMS ios)
diff --git a/pkgs/development/compilers/llvm/git/clang/add-nostdlibinc-flag.patch b/pkgs/development/compilers/llvm/git/clang/add-nostdlibinc-flag.patch
new file mode 100644
index 0000000000000..80c2eb3623832
--- /dev/null
+++ b/pkgs/development/compilers/llvm/git/clang/add-nostdlibinc-flag.patch
@@ -0,0 +1,18 @@
+diff --git a/lib/Driver/Driver.cpp b/lib/Driver/Driver.cpp
+index 3f29afd35971..223d2769cdfc 100644
+--- a/lib/Driver/Driver.cpp
++++ b/lib/Driver/Driver.cpp
+@@ -491,6 +491,13 @@ DerivedArgList *Driver::TranslateInputArgs(const InputArgList &Args) const {
+ }
+ #endif
+
++ {
++ Arg *A = DAL->MakeFlagArg(/*BaseArg=*/nullptr,
++ Opts.getOption(options::OPT_nostdlibinc));
++ A->claim();
++ DAL->append(A);
++ }
++
+ return DAL;
+ }
+
diff --git a/pkgs/development/compilers/llvm/git/clang/default.nix b/pkgs/development/compilers/llvm/git/clang/default.nix
index 3110bef09e969..3df0e5042b8dc 100644
--- a/pkgs/development/compilers/llvm/git/clang/default.nix
+++ b/pkgs/development/compilers/llvm/git/clang/default.nix
@@ -46,6 +46,7 @@ let
./purity.patch
# https://reviews.llvm.org/D51899
./gnu-install-dirs.patch
+ ./add-nostdlibinc-flag.patch
(substituteAll {
src = ../../clang-11-12-LLVMgold-path.patch;
libllvmLibdir = "${libllvm.lib}/lib";
@@ -55,10 +56,6 @@ let
postPatch = ''
(cd tools && ln -s ../../clang-tools-extra extra)
- sed -i -e 's/DriverArgs.hasArg(options::OPT_nostdlibinc)/true/' \
- -e 's/Args.hasArg(options::OPT_nostdlibinc)/true/' \
- lib/Driver/ToolChains/*.cpp
-
# Patch for standalone doc building
sed -i '1s,^,find_package(Sphinx REQUIRED)\n,' docs/CMakeLists.txt
'' + lib.optionalString stdenv.hostPlatform.isMusl ''
diff --git a/pkgs/development/compilers/llvm/git/compiler-rt/default.nix b/pkgs/development/compilers/llvm/git/compiler-rt/default.nix
index 7ac3e3801ffb9..9fabce1895a8c 100644
--- a/pkgs/development/compilers/llvm/git/compiler-rt/default.nix
+++ b/pkgs/development/compilers/llvm/git/compiler-rt/default.nix
@@ -1,6 +1,6 @@
{ lib, stdenv, llvm_meta, version
, monorepoSrc, runCommand
-, cmake, python3, libllvm, libcxxabi
+, cmake, python3, xcbuild, libllvm, libcxxabi
}:
let
@@ -26,7 +26,8 @@ stdenv.mkDerivation {
inherit src;
sourceRoot = "${src.name}/${baseName}";
- nativeBuildInputs = [ cmake python3 libllvm.dev ];
+ nativeBuildInputs = [ cmake python3 libllvm.dev ]
+ ++ lib.optional stdenv.isDarwin xcbuild.xcrun;
buildInputs = lib.optional stdenv.hostPlatform.isDarwin libcxxabi;
NIX_CFLAGS_COMPILE = [
@@ -71,9 +72,11 @@ stdenv.mkDerivation {
# ld-wrapper dislikes `-rpath-link //nix/store`, so we normalize away the
# extra `/`.
./normalize-var.patch
- ] # Prevent a compilation error on darwin
- ++ lib.optional stdenv.hostPlatform.isDarwin ./darwin-targetconditionals.patch
- ++ lib.optional stdenv.hostPlatform.isAarch32 ./armv7l.patch;
+ # Prevent a compilation error on darwin
+ ./darwin-targetconditionals.patch
+ ../../common/compiler-rt/darwin-plistbuddy-workaround.patch
+ ./armv7l.patch
+ ];
# TSAN requires XPC on Darwin, which we have no public/free source files for. We can depend on the Apple frameworks
# to get it, but they're unfree. Since LLVM is rather central to the stdenv, we patch out TSAN support so that Hydra
@@ -84,8 +87,6 @@ stdenv.mkDerivation {
substituteInPlace cmake/builtin-config-ix.cmake \
--replace 'set(X86 i386)' 'set(X86 i386 i486 i586 i686)'
'' + lib.optionalString stdenv.isDarwin ''
- substituteInPlace cmake/builtin-config-ix.cmake \
- --replace 'set(ARM64 arm64 arm64e)' 'set(ARM64)'
substituteInPlace cmake/config-ix.cmake \
--replace 'set(COMPILER_RT_HAS_TSAN TRUE)' 'set(COMPILER_RT_HAS_TSAN FALSE)'
'' + lib.optionalString (useLLVM) ''
diff --git a/pkgs/development/compilers/llvm/git/libcxxabi/default.nix b/pkgs/development/compilers/llvm/git/libcxxabi/default.nix
index 2d4fe974c016b..b478668ebded9 100644
--- a/pkgs/development/compilers/llvm/git/libcxxabi/default.nix
+++ b/pkgs/development/compilers/llvm/git/libcxxabi/default.nix
@@ -70,11 +70,21 @@ stdenv.mkDerivation rec {
preInstall = lib.optionalString stdenv.isDarwin ''
for file in lib/*.dylib; do
+ # Fix up the install name. Preserve the basename, just replace the path.
+ installName="$out/lib/$(basename $(otool -D $file | tail -n 1))"
+
# this should be done in CMake, but having trouble figuring out
# the magic combination of necessary CMake variables
# if you fancy a try, take a look at
# https://gitlab.kitware.com/cmake/community/-/wikis/doc/cmake/RPATH-handling
- install_name_tool -id $out/$file $file
+ ${stdenv.cc.targetPrefix}install_name_tool -id $installName $file
+
+ # cc-wrapper passes '-lc++abi' to all c++ link steps, but that causes
+ # libcxxabi to sometimes link against a different version of itself.
+ # Here we simply make that second reference point to ourselves.
+ for other in $(otool -L $file | awk '$1 ~ "/libc\\+\\+abi" { print $1 }'); do
+ ${stdenv.cc.targetPrefix}install_name_tool -change $other $installName $file
+ done
done
'';
diff --git a/pkgs/development/compilers/llvm/rocm/llvm.nix b/pkgs/development/compilers/llvm/rocm/llvm.nix
index 557d194668606..c5ad96a6a1892 100644
--- a/pkgs/development/compilers/llvm/rocm/llvm.nix
+++ b/pkgs/development/compilers/llvm/rocm/llvm.nix
@@ -9,6 +9,7 @@
, libxml2
, libffi
, libbfd
+, libxcrypt
, ncurses
, zlib
, debugVersion ? false
@@ -32,7 +33,7 @@ in stdenv.mkDerivation rec {
nativeBuildInputs = [ cmake ninja python3 ];
- buildInputs = [ libxml2 ];
+ buildInputs = [ libxml2 libxcrypt ];
propagatedBuildInputs = [ ncurses zlib ];
diff --git a/pkgs/development/compilers/sbcl/2.0.8.nix b/pkgs/development/compilers/sbcl/2.0.8.nix
deleted file mode 100644
index bbc171a8d9863..0000000000000
--- a/pkgs/development/compilers/sbcl/2.0.8.nix
+++ /dev/null
@@ -1,4 +0,0 @@
-import ./common.nix {
- version = "2.0.8";
- sha256 = "1xwrwvps7drrpyw3wg5h3g2qajmkwqs9gz0fdw1ns9adp7vld390";
-}
diff --git a/pkgs/development/compilers/sbcl/2.0.9.nix b/pkgs/development/compilers/sbcl/2.0.9.nix
deleted file mode 100644
index 80b30ec87f487..0000000000000
--- a/pkgs/development/compilers/sbcl/2.0.9.nix
+++ /dev/null
@@ -1,4 +0,0 @@
-import ./common.nix {
- version = "2.0.9";
- sha256 = "17wvrcwgp45z9b6arik31fjnz7908qhr5ackxq1y0gqi1hsh1xy4";
-}
diff --git a/pkgs/development/compilers/sbcl/2.1.1.nix b/pkgs/development/compilers/sbcl/2.1.1.nix
deleted file mode 100644
index a32f8a4a28b38..0000000000000
--- a/pkgs/development/compilers/sbcl/2.1.1.nix
+++ /dev/null
@@ -1,4 +0,0 @@
-import ./common.nix {
- version = "2.1.1";
- sha256 = "15wa66sachhzgvg5n35vihmkpasg100lh561c1d1bdrql0p8kbd9";
-}
diff --git a/pkgs/development/compilers/sbcl/2.1.10.nix b/pkgs/development/compilers/sbcl/2.1.10.nix
deleted file mode 100644
index 8cf6f50b5869b..0000000000000
--- a/pkgs/development/compilers/sbcl/2.1.10.nix
+++ /dev/null
@@ -1,4 +0,0 @@
-import ./common.nix {
- version = "2.1.10";
- sha256 = "0f5ihj486m7ghh3nc0jlnqa656sbqcmhdv32syz2rjx5b47ky67b";
-}
diff --git a/pkgs/development/compilers/sbcl/2.1.11.nix b/pkgs/development/compilers/sbcl/2.1.11.nix
deleted file mode 100644
index abe48953a5736..0000000000000
--- a/pkgs/development/compilers/sbcl/2.1.11.nix
+++ /dev/null
@@ -1,4 +0,0 @@
-import ./common.nix {
- version = "2.1.11";
- sha256 = "1zgypmn19c58pv7j33ga7m1l7lzghj70w3xbybpgmggxwwflihdz";
-}
diff --git a/pkgs/development/compilers/sbcl/2.1.2.nix b/pkgs/development/compilers/sbcl/2.1.2.nix
deleted file mode 100644
index 4f4c85b286c7e..0000000000000
--- a/pkgs/development/compilers/sbcl/2.1.2.nix
+++ /dev/null
@@ -1,4 +0,0 @@
-import ./common.nix {
- version = "2.1.2";
- sha256 = "sha256:02scrqyp2izsd8xjm2k5j5lhn4pdhd202jlcb54ysmcqjd80awdp";
-}
diff --git a/pkgs/development/compilers/sbcl/2.1.9.nix b/pkgs/development/compilers/sbcl/2.1.9.nix
deleted file mode 100644
index da26a9aeffb70..0000000000000
--- a/pkgs/development/compilers/sbcl/2.1.9.nix
+++ /dev/null
@@ -1,4 +0,0 @@
-import ./common.nix {
- version = "2.1.9";
- sha256 = "189gjqzdz10xh3ybiy4ch1r98bsmkcb4hpnrmggd4y2g5kqnyx4y";
-}
diff --git a/pkgs/development/compilers/sbcl/2.2.4.nix b/pkgs/development/compilers/sbcl/2.2.4.nix
deleted file mode 100644
index 1be043f112eef..0000000000000
--- a/pkgs/development/compilers/sbcl/2.2.4.nix
+++ /dev/null
@@ -1,4 +0,0 @@
-import ./common.nix {
- version = "2.2.4";
- sha256 = "sha256-/N0lHLxl9/gI7QrXckaEjRvhZqppoX90mWABhLelcgI=";
-}
diff --git a/pkgs/development/compilers/sbcl/2.2.6.nix b/pkgs/development/compilers/sbcl/2.2.6.nix
deleted file mode 100644
index 6fb24da6abe5f..0000000000000
--- a/pkgs/development/compilers/sbcl/2.2.6.nix
+++ /dev/null
@@ -1,4 +0,0 @@
-import ./common.nix {
- version = "2.2.6";
- sha256 = "sha256-PiMEjI+oJvuRMiC+sqw2l9vFwM3y6J/tjbOe0XEjBKA=";
-}
diff --git a/pkgs/development/compilers/sbcl/common.nix b/pkgs/development/compilers/sbcl/2.x.nix
similarity index 83%
rename from pkgs/development/compilers/sbcl/common.nix
rename to pkgs/development/compilers/sbcl/2.x.nix
index 05fa6b390897d..cfc9d34a4da81 100644
--- a/pkgs/development/compilers/sbcl/common.nix
+++ b/pkgs/development/compilers/sbcl/2.x.nix
@@ -1,5 +1,3 @@
-{ version, sha256 }:
-
{ lib, stdenv, fetchurl, fetchpatch, writeText, sbclBootstrap, zstd
, sbclBootstrapHost ? "${sbclBootstrap}/bin/sbcl --disable-debugger --no-userinit --no-sysinit"
, threadSupport ? (stdenv.hostPlatform.isx86 || "aarch64-linux" == stdenv.hostPlatform.system || "aarch64-darwin" == stdenv.hostPlatform.system)
@@ -11,8 +9,54 @@
, purgeNixReferences ? false
, coreCompression ? lib.versionAtLeast version "2.2.6"
, texinfo
+, version
}:
+let
+ versionMap = {
+ "2.0.8" = {
+ sha256 = "1xwrwvps7drrpyw3wg5h3g2qajmkwqs9gz0fdw1ns9adp7vld390";
+ };
+
+ "2.0.9" = {
+ sha256 = "17wvrcwgp45z9b6arik31fjnz7908qhr5ackxq1y0gqi1hsh1xy4";
+ };
+
+ "2.1.1" = {
+ sha256 = "15wa66sachhzgvg5n35vihmkpasg100lh561c1d1bdrql0p8kbd9";
+ };
+
+ "2.1.2" = {
+ sha256 = "sha256:02scrqyp2izsd8xjm2k5j5lhn4pdhd202jlcb54ysmcqjd80awdp";
+ };
+
+ "2.1.9" = {
+ sha256 = "189gjqzdz10xh3ybiy4ch1r98bsmkcb4hpnrmggd4y2g5kqnyx4y";
+ };
+
+ "2.1.10" = {
+ sha256 = "0f5ihj486m7ghh3nc0jlnqa656sbqcmhdv32syz2rjx5b47ky67b";
+ };
+
+ "2.1.11" = {
+ sha256 = "1zgypmn19c58pv7j33ga7m1l7lzghj70w3xbybpgmggxwwflihdz";
+ };
+
+ "2.2.4" = {
+ sha256 = "sha256-/N0lHLxl9/gI7QrXckaEjRvhZqppoX90mWABhLelcgI=";
+ };
+
+ "2.2.6" = {
+ sha256 = "sha256-PiMEjI+oJvuRMiC+sqw2l9vFwM3y6J/tjbOe0XEjBKA=";
+ };
+
+ "2.2.9" = {
+ sha256 = "sha256-fr69bSAj//cHewNy+hFx+IBSm97GEE8gmDKXwv63wXI=";
+ };
+ };
+
+in with versionMap.${version};
+
stdenv.mkDerivation rec {
pname = "sbcl";
inherit version;
@@ -32,8 +76,8 @@ stdenv.mkDerivation rec {
url = "https://github.com/sbcl/sbcl/commit/8fa3f76fba2e8572e86ac6fc5754e6b2954fc774.patch";
sha256 = "1ic531pjnws1k3xd03a5ixbq8cn10dlh2nfln59k0vbm0253g3lv";
})
- ++ lib.optionals (lib.versionAtLeast version "2.1.10") [
- # Fix pending upstream inclusion on -fno-common toolchains:
+ ++ lib.optionals (lib.versionAtLeast version "2.1.10" && lib.versionOlder version "2.2.9") [
+ # Fix included in SBCL trunk since 2.2.9:
# https://bugs.launchpad.net/sbcl/+bug/1980570
(fetchpatch {
name = "darwin-fno-common.patch";
diff --git a/pkgs/development/compilers/sbcl/bootstrap.nix b/pkgs/development/compilers/sbcl/bootstrap.nix
index eaf1ff24d3e7a..b081df1572f52 100644
--- a/pkgs/development/compilers/sbcl/bootstrap.nix
+++ b/pkgs/development/compilers/sbcl/bootstrap.nix
@@ -8,9 +8,9 @@ let
sha256 = "sha256-H0ALigXcWIypdA+fTf7jERscwbb7QIAfcoxCtGDh0RU=";
};
x86_64-darwin = {
- version = "1.2.11";
+ version = "2.2.9";
system = "x86-64-darwin";
- sha256 = "0lh4gpvi8hl6g6b9321g5pwh8sk3218i7h4lx7p3vd9z0cf3lz85";
+ sha256 = "sha256-b1BLkoLIOELAYBYA9eBmMgm1OxMxJewzNP96C9ADfKY=";
};
x86_64-linux = {
version = "1.3.16";
diff --git a/pkgs/development/compilers/swi-prolog/default.nix b/pkgs/development/compilers/swi-prolog/default.nix
index d53d1426a94b2..a1eb060d6bab6 100644
--- a/pkgs/development/compilers/swi-prolog/default.nix
+++ b/pkgs/development/compilers/swi-prolog/default.nix
@@ -1,5 +1,5 @@
{ lib, stdenv, fetchFromGitHub, jdk, gmp, readline, openssl, unixODBC, zlib
-, libarchive, db, pcre, libedit, libossp_uuid, libXpm
+, libarchive, db, pcre, libedit, libossp_uuid, libxcrypt,libXpm
, libSM, libXt, freetype, pkg-config, fontconfig
, cmake, libyaml, Security
, libjpeg, libX11, libXext, libXft, libXinerama
@@ -59,7 +59,7 @@ stdenv.mkDerivation {
nativeBuildInputs = [ cmake pkg-config ];
buildInputs = [ gmp readline openssl
- libarchive libyaml db pcre libedit libossp_uuid
+ libarchive libyaml db pcre libedit libossp_uuid libxcrypt
zlib ]
++ lib.optionals (withGui && !stdenv.isDarwin) [ libXpm libX11 libXext libXft libXinerama libjpeg ]
++ extraLibraries
diff --git a/pkgs/development/compilers/swift/default.nix b/pkgs/development/compilers/swift/default.nix
index 4109d6ee6dac6..0ea6e7b075969 100644
--- a/pkgs/development/compilers/swift/default.nix
+++ b/pkgs/development/compilers/swift/default.nix
@@ -14,6 +14,7 @@
, python3
, ncurses
, libuuid
+, libxcrypt
, icu
, libgcc
, libblocksruntime
@@ -195,6 +196,7 @@ let
libedit
libgcc
libuuid
+ libxcrypt
libxml2
ncurses
sqlite
diff --git a/pkgs/development/haskell-modules/configuration-common.nix b/pkgs/development/haskell-modules/configuration-common.nix
index 1f056ac25ef3c..ccf0bdaeda855 100644
--- a/pkgs/development/haskell-modules/configuration-common.nix
+++ b/pkgs/development/haskell-modules/configuration-common.nix
@@ -2531,6 +2531,34 @@ self: super: {
# Restrictive upper bound on base.
# Remove once version 1.* is released
monad-bayes = doJailbreak super.monad-bayes;
+
+ crypt-sha512 = overrideCabal (drv: {
+ librarySystemDepends = [
+ pkgs.libxcrypt
+ ];
+ # Test failure after libxcrypt migration, reported upstrem at
+ # https://github.com/phadej/crypt-sha512/issues/13
+ doCheck = false;
+ }) super.crypt-sha512;
+
+ nano-cryptr = overrideCabal (drv: {
+ librarySystemDepends = [
+ pkgs.libxcrypt
+ ];
+ }) super.nano-cryptr;
+
+ Unixutils = overrideCabal (drv: {
+ librarySystemDepends = [
+ pkgs.libxcrypt
+ ];
+ }) super.Unixutils;
+
+ xmonad-utils = overrideCabal (drv: {
+ librarySystemDepends = [
+ pkgs.libxcrypt
+ ];
+ }) super.xmonad-utils;
+
} // import ./configuration-tensorflow.nix {inherit pkgs haskellLib;} self super // (let
# We need to build purescript with these dependencies and thus also its reverse
# dependencies to avoid version mismatches in their dependency closure.
diff --git a/pkgs/development/haskell-modules/hoogle.nix b/pkgs/development/haskell-modules/hoogle.nix
index 4c8bf8c2d2824..b5be7edb6e5a9 100644
--- a/pkgs/development/haskell-modules/hoogle.nix
+++ b/pkgs/development/haskell-modules/hoogle.nix
@@ -36,7 +36,6 @@ let
This index includes documentation for many Haskell modules.
'';
- # TODO: closePropagation is deprecated; replace
docPackages = lib.closePropagation
# we grab the doc outputs
(map (lib.getOutput "doc") packages);
diff --git a/pkgs/development/interpreters/lua-5/build-lua-package.nix b/pkgs/development/interpreters/lua-5/build-lua-package.nix
index b2f82ddb4694f..1cec03b4bebc2 100644
--- a/pkgs/development/interpreters/lua-5/build-lua-package.nix
+++ b/pkgs/development/interpreters/lua-5/build-lua-package.nix
@@ -8,9 +8,10 @@
, luaLib
}:
-{
-pname
+{ pname
, version
+# we need rockspecVersion to find the .rockspec even when version changes
+, rockspecVersion ? version
# by default prefix `name` e.g. "lua5.2-${name}"
, namePrefix ? "${lua.pname}${lua.sourceVersion.major}.${lua.sourceVersion.minor}-"
@@ -72,7 +73,7 @@ pname
# Keep extra attributes from `attrs`, e.g., `patchPhase', etc.
let
- generatedRockspecFilename = "${rockspecDir}/${pname}-${version}.rockspec";
+ generatedRockspecFilename = "${rockspecDir}/${pname}-${rockspecVersion}.rockspec";
# TODO fix warnings "Couldn't load rockspec for ..." during manifest
# construction -- from initial investigation, appears it will require
@@ -80,20 +81,6 @@ let
# luarocks only looks for rockspecs in the default/system tree instead of all
# configured trees)
luarocks_config = "luarocks-config.lua";
- luarocks_content = let
- generatedConfig = luaLib.generateLuarocksConfig {
- externalDeps = externalDeps ++ externalDepsGenerated;
- inherit extraVariables;
- inherit rocksSubdir;
- inherit requiredLuaRocks;
- };
- in
- ''
- ${generatedConfig}
- ${extraConfig}
- '';
-
- rocksSubdir = "${attrs.pname}-${version}-rocks";
# Filter out the lua derivation itself from the Lua module dependency
# closure, as it doesn't have a rock tree :)
@@ -106,15 +93,30 @@ let
);
externalDeps' = lib.filter (dep: !lib.isDerivation dep) externalDeps;
- luarocksDrv = luaLib.toLuaModule ( lua.stdenv.mkDerivation (
-builtins.removeAttrs attrs ["disabled" "checkInputs" "externalDeps" "extraVariables"] // {
-
- name = namePrefix + pname + "-" + version;
+ luarocksDrv = luaLib.toLuaModule ( lua.stdenv.mkDerivation (self: let
+
+ rocksSubdir = "${self.pname}-${self.version}-rocks";
+ luarocks_content = let
+ generatedConfig = luaLib.generateLuarocksConfig {
+ externalDeps = externalDeps ++ externalDepsGenerated;
+ inherit extraVariables;
+ inherit rocksSubdir;
+ inherit requiredLuaRocks;
+ };
+ in
+ ''
+ ${generatedConfig}
+ ${extraConfig}
+ '';
+ in builtins.removeAttrs attrs ["disabled" "externalDeps" "extraVariables"] // {
+
+ name = namePrefix + pname + "-" + self.version;
+ inherit rockspecVersion;
nativeBuildInputs = [
wrapLua
luarocks
- ] ++ lib.optionals doCheck ([ luarocksCheckHook ] ++ checkInputs);
+ ] ++ lib.optionals doCheck ([ luarocksCheckHook ] ++ self.checkInputs);
buildInputs = buildInputs
++ (map (d: d.dep) externalDeps');
diff --git a/pkgs/development/interpreters/lua-5/default.nix b/pkgs/development/interpreters/lua-5/default.nix
index 39de727854374..7a43b92b2051c 100644
--- a/pkgs/development/interpreters/lua-5/default.nix
+++ b/pkgs/development/interpreters/lua-5/default.nix
@@ -61,6 +61,7 @@ let
in rec {
buildEnv = callPackage ./wrapper.nix {
lua = self;
+ makeWrapper = makeBinaryWrapper;
inherit (luaPackages) requiredLuaModules;
};
withPackages = import ./with-packages.nix { inherit buildEnv luaPackages;};
diff --git a/pkgs/development/interpreters/lua-5/hooks/luarocks-move-data.sh b/pkgs/development/interpreters/lua-5/hooks/luarocks-move-data.sh
index f0b56178f01e7..9870c9976eae5 100644
--- a/pkgs/development/interpreters/lua-5/hooks/luarocks-move-data.sh
+++ b/pkgs/development/interpreters/lua-5/hooks/luarocks-move-data.sh
@@ -5,7 +5,7 @@ echo "Sourcing luarocks-move-data-hook.sh"
luarocksMoveDataHook () {
echo "Executing luarocksMoveDataHook"
if [ -d "$out/$rocksSubdir" ]; then
- cp -rfv "$out/$rocksSubdir/$pname/$version/." "$out"
+ cp -rfv "$out/$rocksSubdir/$pname/$rockspecVersion/." "$out"
fi
echo "Finished executing luarocksMoveDataHook"
diff --git a/pkgs/development/interpreters/perl/default.nix b/pkgs/development/interpreters/perl/default.nix
index 79e2bf84a0cdd..4d95ebf2052bf 100644
--- a/pkgs/development/interpreters/perl/default.nix
+++ b/pkgs/development/interpreters/perl/default.nix
@@ -1,9 +1,12 @@
{ config, lib, stdenv, fetchurl, fetchFromGitHub, pkgs, buildPackages
, callPackage
, enableThreading ? true, coreutils, makeWrapper
+, enableCrypt ? true, libxcrypt ? null
, zlib
}:
+assert (enableCrypt -> (libxcrypt != null));
+
# Note: this package is used for bootstrapping fetchurl, and thus
# cannot use fetchpatch! All mutable patches (generated by GitHub or
# cgit) that are needed here should be included directly in Nixpkgs as
@@ -33,6 +36,8 @@ let
optional crossCompiling "mini";
setOutputFlags = false;
+ propagatedBuildInputs = lib.optional enableCrypt libxcrypt;
+
disallowedReferences = [ stdenv.cc ];
patches =
@@ -82,6 +87,7 @@ let
++ optionals ((builtins.match ''5\.[0-9]*[13579]\..+'' version) != null) [ "-Dusedevel" "-Uversiononly" ]
++ optional stdenv.isSunOS "-Dcc=gcc"
++ optional enableThreading "-Dusethreads"
+ ++ optional (!enableCrypt) "-A clear:d_crypt_r"
++ optional stdenv.hostPlatform.isStatic "--all-static"
++ optionals (!crossCompiling) [
"-Dprefix=${placeholder "out"}"
diff --git a/pkgs/development/interpreters/python/cpython/default.nix b/pkgs/development/interpreters/python/cpython/default.nix
index ddf0a55484754..424258167150b 100644
--- a/pkgs/development/interpreters/python/cpython/default.nix
+++ b/pkgs/development/interpreters/python/cpython/default.nix
@@ -14,6 +14,7 @@
, bluez ? null, bluezSupport ? false
, zlib
, tzdata ? null
+, libxcrypt
, self
, configd
, autoreconfHook
@@ -353,6 +354,9 @@ in with passthru; stdenv.mkDerivation {
# Never even try to use lchmod on linux,
# don't rely on detecting glibc-isms.
"ac_cv_func_lchmod=no"
+ ] ++ optionals (libxcrypt != null) [
+ "CFLAGS=-I${libxcrypt}/include"
+ "LIBS=-L${libxcrypt}/lib"
] ++ optionals tzdataSupport [
"--with-tzpath=${tzdata}/share/zoneinfo"
] ++ optional static "LDFLAGS=-static";
@@ -388,7 +392,7 @@ in with passthru; stdenv.mkDerivation {
postInstall = let
# References *not* to nuke from (sys)config files
keep-references = concatMapStringsSep " " (val: "-e ${val}") ([
- (placeholder "out")
+ (placeholder "out") libxcrypt
] ++ optionals tzdataSupport [
tzdata
]);
diff --git a/pkgs/development/interpreters/python/hooks/python-relax-deps-hook.sh b/pkgs/development/interpreters/python/hooks/python-relax-deps-hook.sh
index 82231ee3adc6c..d404c6021f4f0 100644
--- a/pkgs/development/interpreters/python/hooks/python-relax-deps-hook.sh
+++ b/pkgs/development/interpreters/python/hooks/python-relax-deps-hook.sh
@@ -80,6 +80,9 @@ pythonRelaxDepsHook() {
@pythonInterpreter@ -m wheel pack "$unpack_dir/$pkg_name"
done
+ # Remove the folder since it will otherwise be in the dist output.
+ rm -rf "$unpack_dir"
+
popd
}
diff --git a/pkgs/development/interpreters/python/mk-python-derivation.nix b/pkgs/development/interpreters/python/mk-python-derivation.nix
index abb1ceb7879e1..bdb4969bf1642 100644
--- a/pkgs/development/interpreters/python/mk-python-derivation.nix
+++ b/pkgs/development/interpreters/python/mk-python-derivation.nix
@@ -109,7 +109,7 @@ else
let
inherit (python) stdenv;
- withDistOutput = lib.elem format ["pyproject" "setuptools" "flit"];
+ withDistOutput = lib.elem format ["pyproject" "setuptools" "flit" "wheel"];
name_ = name;
diff --git a/pkgs/development/interpreters/qnial/default.nix b/pkgs/development/interpreters/qnial/default.nix
index 74360daa87666..ae68c1ad6af3c 100644
--- a/pkgs/development/interpreters/qnial/default.nix
+++ b/pkgs/development/interpreters/qnial/default.nix
@@ -1,4 +1,4 @@
-{ lib, stdenv, fetchFromGitHub, unzip, pkg-config, makeWrapper, ncurses }:
+{ lib, stdenv, fetchFromGitHub, unzip, pkg-config, makeWrapper, ncurses, libxcrypt }:
stdenv.mkDerivation {
pname = "qnial";
@@ -26,6 +26,7 @@ stdenv.mkDerivation {
buildInputs = [
ncurses
+ libxcrypt
];
meta = {
diff --git a/pkgs/development/interpreters/ruby/default.nix b/pkgs/development/interpreters/ruby/default.nix
index 524734b5a5fac..dc7594da17d92 100644
--- a/pkgs/development/interpreters/ruby/default.nix
+++ b/pkgs/development/interpreters/ruby/default.nix
@@ -48,7 +48,7 @@ let
, buildEnv, bundler, bundix
, libiconv, libobjc, libunwind, Foundation
, makeWrapper, buildRubyGem, defaultGemConfig
- , baseRuby ? buildPackages.ruby.override {
+ , baseRuby ? buildPackages.ruby_3_1.override {
useRailsExpress = false;
docSupport = false;
rubygemsSupport = false;
diff --git a/pkgs/development/interpreters/unicon-lang/default.nix b/pkgs/development/interpreters/unicon-lang/default.nix
index 848c9541114e5..593a955c798bb 100644
--- a/pkgs/development/interpreters/unicon-lang/default.nix
+++ b/pkgs/development/interpreters/unicon-lang/default.nix
@@ -1,4 +1,4 @@
-{ lib, stdenv, fetchurl, unzip, libX11, libXt, libnsl }:
+{ lib, stdenv, fetchurl, unzip, libX11, libXt, libnsl, libxcrypt }:
stdenv.mkDerivation {
pname = "unicon-lang";
@@ -8,7 +8,7 @@ stdenv.mkDerivation {
sha256 = "1g9l2dfp99dqih2ir2limqfjgagh3v9aqly6x0l3qavx3qkkwf61";
};
nativeBuildInputs = [ unzip ];
- buildInputs = [ libnsl libX11 libXt ];
+ buildInputs = [ libnsl libX11 libXt libxcrypt ];
hardeningDisable = [ "fortify" ];
diff --git a/pkgs/development/libraries/accountsservice/default.nix b/pkgs/development/libraries/accountsservice/default.nix
index 4bd7a67871f9d..694aab16d1abd 100644
--- a/pkgs/development/libraries/accountsservice/default.nix
+++ b/pkgs/development/libraries/accountsservice/default.nix
@@ -16,6 +16,7 @@
, python3
, vala
, gettext
+, libxcrypt
}:
stdenv.mkDerivation rec {
@@ -66,6 +67,7 @@ stdenv.mkDerivation rec {
glib
polkit
systemd
+ libxcrypt
];
mesonFlags = [
diff --git a/pkgs/development/libraries/apr-util/default.nix b/pkgs/development/libraries/apr-util/default.nix
index 6f38bfa0d076d..909965bb06886 100644
--- a/pkgs/development/libraries/apr-util/default.nix
+++ b/pkgs/development/libraries/apr-util/default.nix
@@ -2,7 +2,7 @@
, sslSupport ? true, openssl
, bdbSupport ? true, db
, ldapSupport ? !stdenv.isCygwin, openldap
-, libiconv
+, libiconv, libxcrypt
, cyrus_sasl, autoreconfHook
}:
@@ -21,7 +21,10 @@ stdenv.mkDerivation rec {
sha256 = "0nq3s1yn13vplgl6qfm09f7n0wm08malff9s59bqf9nid9xjzqfk";
};
- patches = optional stdenv.isFreeBSD ./include-static-dependencies.patch;
+ patches = [ ./fix-libxcrypt-build.patch ]
+ ++ optional stdenv.isFreeBSD ./include-static-dependencies.patch;
+
+ NIX_CFLAGS_LINK = [ "-lcrypt" ];
outputs = [ "out" "dev" ];
outputBin = "dev";
@@ -38,15 +41,18 @@ stdenv.mkDerivation rec {
"--without-freetds" "--without-berkeley-db" "--without-crypto" ]
;
- # For some reason, db version 6.9 is selected when cross-compiling.
- # It's unclear as to why, it requires someone with more autotools / configure knowledge to go deeper into that.
- # Always replacing the link flag with a generic link flag seems to help though, so let's do that for now.
- postConfigure = lib.optionalString (stdenv.buildPlatform != stdenv.hostPlatform) ''
- substituteInPlace Makefile \
- --replace "-ldb-6.9" "-ldb"
+ postConfigure = ''
+ echo '#define APR_HAVE_CRYPT_H 1' >> confdefs.h
+ '' +
+ # For some reason, db version 6.9 is selected when cross-compiling.
+ # It's unclear as to why, it requires someone with more autotools / configure knowledge to go deeper into that.
+ # Always replacing the link flag with a generic link flag seems to help though, so let's do that for now.
+ lib.optionalString (stdenv.buildPlatform != stdenv.hostPlatform) ''
+ substituteInPlace Makefile \
+ --replace "-ldb-6.9" "-ldb"
'';
- propagatedBuildInputs = [ apr expat libiconv ]
+ propagatedBuildInputs = [ apr expat libiconv libxcrypt ]
++ optional sslSupport openssl
++ optional bdbSupport db
++ optional ldapSupport openldap
diff --git a/pkgs/development/libraries/apr-util/fix-libxcrypt-build.patch b/pkgs/development/libraries/apr-util/fix-libxcrypt-build.patch
new file mode 100644
index 0000000000000..2994e5de0f78b
--- /dev/null
+++ b/pkgs/development/libraries/apr-util/fix-libxcrypt-build.patch
@@ -0,0 +1,14 @@
+diff --git a/crypto/apr_passwd.c b/crypto/apr_passwd.c
+index c961de2..a397f27 100644
+--- a/crypto/apr_passwd.c
++++ b/crypto/apr_passwd.c
+@@ -24,9 +24,7 @@
+ #if APR_HAVE_STRING_H
+ #include
+ #endif
+-#if APR_HAVE_CRYPT_H
+ #include
+-#endif
+ #if APR_HAVE_UNISTD_H
+ #include
+ #endif
diff --git a/pkgs/development/libraries/avahi/default.nix b/pkgs/development/libraries/avahi/default.nix
index e24217434557f..fe9ce9a42dcbf 100644
--- a/pkgs/development/libraries/avahi/default.nix
+++ b/pkgs/development/libraries/avahi/default.nix
@@ -31,10 +31,16 @@ stdenv.mkDerivation rec {
};
patches = [
+ # CVE-2021-36217 / CVE-2021-3502
(fetchpatch {
url = "https://github.com/lathiat/avahi/commit/9d31939e55280a733d930b15ac9e4dda4497680c.patch";
sha256 = "sha256-BXWmrLWUvDxKPoIPRFBpMS3T4gijRw0J+rndp6iDybU=";
})
+ # CVE-2021-3468
+ (fetchpatch {
+ url = "https://github.com/lathiat/avahi/commit/447affe29991ee99c6b9732fc5f2c1048a611d3b.patch";
+ sha256 = "sha256-qWaCU1ZkCg2PmijNto7t8E3pYRN/36/9FrG8okd6Gu8=";
+ })
];
depsBuildBuild = [
diff --git a/pkgs/development/libraries/boost/generic.nix b/pkgs/development/libraries/boost/generic.nix
index 9c2072179b26d..38631d3242d32 100644
--- a/pkgs/development/libraries/boost/generic.nix
+++ b/pkgs/development/libraries/boost/generic.nix
@@ -1,4 +1,4 @@
-{ lib, stdenv, icu, expat, zlib, bzip2, python ? null, fixDarwinDylibNames, libiconv
+{ lib, stdenv, icu, expat, zlib, bzip2, python ? null, fixDarwinDylibNames, libiconv, libxcrypt
, boost-build
, fetchpatch
, which
@@ -214,7 +214,7 @@ stdenv.mkDerivation {
++ optional stdenv.hostPlatform.isDarwin fixDarwinDylibNames;
buildInputs = [ expat zlib bzip2 libiconv ]
++ optional (stdenv.hostPlatform == stdenv.buildPlatform) icu
- ++ optional enablePython python
+ ++ optionals enablePython [ libxcrypt python ]
++ optional enableNumpy python.pkgs.numpy;
configureScript = "./bootstrap.sh";
diff --git a/pkgs/development/libraries/cyrus-sasl/default.nix b/pkgs/development/libraries/cyrus-sasl/default.nix
index be20a9b1678df..170b9a0fba4a2 100644
--- a/pkgs/development/libraries/cyrus-sasl/default.nix
+++ b/pkgs/development/libraries/cyrus-sasl/default.nix
@@ -1,5 +1,5 @@
{ lib, stdenv, fetchurl, openssl, openldap, libkrb5, db, gettext
-, pam, fixDarwinDylibNames, autoreconfHook, enableLdap ? false
+, pam, libxcrypt, fixDarwinDylibNames, autoreconfHook, enableLdap ? false
, buildPackages, pruneLibtoolFiles, nixosTests }:
with lib;
@@ -27,7 +27,7 @@ stdenv.mkDerivation rec {
nativeBuildInputs = [ autoreconfHook pruneLibtoolFiles ]
++ lib.optional stdenv.hostPlatform.isDarwin fixDarwinDylibNames;
buildInputs =
- [ openssl db gettext libkrb5 ]
+ [ openssl db gettext libkrb5 libxcrypt ]
++ lib.optional enableLdap openldap
++ lib.optional stdenv.isLinux pam;
diff --git a/pkgs/development/libraries/dbus/default.nix b/pkgs/development/libraries/dbus/default.nix
index 075f2a67b70e6..2cd6463d5c21a 100644
--- a/pkgs/development/libraries/dbus/default.nix
+++ b/pkgs/development/libraries/dbus/default.nix
@@ -1,6 +1,5 @@
{ stdenv
, lib
-, fetchpatch
, fetchurl
, pkg-config
, expat
@@ -20,27 +19,16 @@
stdenv.mkDerivation rec {
pname = "dbus";
- version = "1.14.0";
+ version = "1.14.4";
src = fetchurl {
url = "https://dbus.freedesktop.org/releases/dbus/dbus-${version}.tar.xz";
- sha256 = "sha256-zNfM43WW4KGVWP1mSNEnKrQ/AR2AyGNa6o/QutWK69Q=";
+ sha256 = "sha256-fA+bjl7A/yR5OD5iwAhKOimvme3xUU6fZZuBsw1ONT4=";
};
- patches = [
- # Fix dbus-daemon crashing when running tests due to long XDG_DATA_DIRS.
- # https://gitlab.freedesktop.org/dbus/dbus/-/merge_requests/302
- (fetchpatch {
- url = "https://gitlab.freedesktop.org/dbus/dbus/-/commit/b551b3e9737958216a1a9d359150a4110a9d0549.patch";
- sha256 = "kOVjlklZzKvBZXmmrE1UiO4XWRoBLViGwdn6/eDH+DY=";
- })
- ] ++ (lib.optional stdenv.isSunOS ./implement-getgrouplist.patch);
+ patches = lib.optional stdenv.isSunOS ./implement-getgrouplist.patch;
postPatch = ''
- # We need to generate the file ourselves.
- # https://gitlab.freedesktop.org/dbus/dbus/-/merge_requests/317
- rm doc/catalog.xml
-
substituteInPlace bus/Makefile.am \
--replace 'install-data-hook:' 'disabled:' \
--replace '$(mkinstalldirs) $(DESTDIR)$(localstatedir)/run/dbus' ':'
diff --git a/pkgs/development/libraries/fcft/default.nix b/pkgs/development/libraries/fcft/default.nix
index 531276b90d792..ecc99092a905d 100644
--- a/pkgs/development/libraries/fcft/default.nix
+++ b/pkgs/development/libraries/fcft/default.nix
@@ -20,14 +20,14 @@ in
stdenv.mkDerivation rec {
pname = "fcft";
- version = "3.1.4";
+ version = "3.1.5";
src = fetchFromGitea {
domain = "codeberg.org";
owner = "dnkl";
repo = "fcft";
rev = version;
- sha256 = "sha256-kSzUZR/5PcYTxPWNh/zAwLQbfeW/44u2elEmGR3NYcM=";
+ sha256 = "sha256-3gsaXnflGiGOpIkqDQe5u6x8d18x67/dc4Hh1iU89+o=";
};
depsBuildBuild = [ pkg-config ];
diff --git a/pkgs/development/libraries/ffmpeg/4.nix b/pkgs/development/libraries/ffmpeg/4.nix
index b518b7527ac0d..e37e90d553a3b 100644
--- a/pkgs/development/libraries/ffmpeg/4.nix
+++ b/pkgs/development/libraries/ffmpeg/4.nix
@@ -1,17 +1,12 @@
-{ callPackage, fetchpatch
-# Darwin frameworks
-, Cocoa, CoreMedia, VideoToolbox
-, stdenv, lib
-, ...
-}@args:
+{ callPackage, fetchpatch, ... }@args:
callPackage ./generic.nix (rec {
version = "4.4.2";
branch = version;
sha256 = "sha256-+YpIJSDEdQdSGpB5FNqp77wThOBZG1r8PaGKqJfeKUg=";
- darwinFrameworks = [ Cocoa CoreMedia VideoToolbox ];
+
patches = [
- # sdl2 recently changed their versioning
+ # SDL2 recently changed their versioning
(fetchpatch {
url = "https://git.videolan.org/?p=ffmpeg.git;a=patch;h=e5163b1d34381a3319214a902ef1df923dd2eeba";
hash = "sha256-nLhP2+34cj5EgpnUrePZp60nYAxmbhZAEDfay4pBVk0=";
diff --git a/pkgs/development/libraries/ffmpeg/5.nix b/pkgs/development/libraries/ffmpeg/5.nix
index d09d7ccd1cece..b19c22a55f3a8 100644
--- a/pkgs/development/libraries/ffmpeg/5.nix
+++ b/pkgs/development/libraries/ffmpeg/5.nix
@@ -1,12 +1,7 @@
-{ callPackage
-# Darwin frameworks
-, Cocoa, CoreMedia, VideoToolbox
-, ...
-}@args:
+{ callPackage, ... }@args:
callPackage ./generic.nix (rec {
version = "5.1.2";
branch = version;
sha256 = "sha256-OaC8yNmFSfFsVwYkZ4JGpqxzbAZs69tAn5UC6RWyLys=";
- darwinFrameworks = [ Cocoa CoreMedia VideoToolbox ];
} // args)
diff --git a/pkgs/development/libraries/ffmpeg/generic.nix b/pkgs/development/libraries/ffmpeg/generic.nix
index 855586649b74c..594adc0463066 100644
--- a/pkgs/development/libraries/ffmpeg/generic.nix
+++ b/pkgs/development/libraries/ffmpeg/generic.nix
@@ -1,22 +1,23 @@
{ lib, stdenv, buildPackages, fetchurl, pkg-config, addOpenGLRunpath, perl, texinfo, yasm
, alsa-lib, bzip2, fontconfig, freetype, gnutls, libiconv, lame, libass, libogg
-, libssh, libtheora, libva, libdrm, libvorbis, libvpx, xz, soxr
+, libssh, libtheora, libva, libdrm, libvorbis, xz, soxr
, x264, x265, xvidcore, zimg, zlib, libopus, speex, nv-codec-headers, dav1d
-, srt ? null
-, openglSupport ? false, libGLU ? null, libGL ? null
-, libmfxSupport ? false, intel-media-sdk ? null
-, libaomSupport ? false, libaom ? null
+, vpxSupport ? !stdenv.isAarch32, libvpx
+, srtSupport ? true, srt
+, vaapiSupport ? ((stdenv.isLinux || stdenv.isFreeBSD) && !stdenv.isAarch32)
+, openglSupport ? false, libGLU, libGL
+, libmfxSupport ? false, intel-media-sdk
+, libaomSupport ? false, libaom
# Build options
, runtimeCpuDetectBuild ? true # Detect CPU capabilities at runtime
, multithreadBuild ? true # Multithreading via pthreads/win32 threads
-, sdlSupport ? !stdenv.isAarch32, SDL ? null, SDL2 ? null
-, vdpauSupport ? !stdenv.isAarch32, libvdpau ? null
+, sdlSupport ? !stdenv.isAarch32, SDL2
+, vdpauSupport ? !stdenv.isAarch32, libvdpau
# Developer options
, debugDeveloper ? false
, optimizationsDeveloper ? true
, extraWarningsDeveloper ? false
-# Darwin frameworks
-, Cocoa, darwinFrameworks ? [ Cocoa ]
+, Cocoa, CoreMedia, VideoToolbox
# Inherit generics
, branch, sha256, version, patches ? [], knownVulnerabilities ? []
, doCheck ? true
@@ -35,12 +36,6 @@
* pulseaudio
*
* Known issues:
- * 0.6 - fails to compile (unresolved) (so far, only disabling a number of
- * features works, but that is not a feasible solution)
- * 0.6.90 - mmx: compile errors (fix: disable for 0.6.90-rc0)
- * 1.1 - libsoxr: compile error (fix: disable for 1.1)
- * Support was initially added in 1.1 before soxr api change, fix
- * would probably be to add soxr-1.0
* ALL - Cross-compiling will disable features not present on host OS
* (e.g. dxva2 support [DirectX] will not be enabled unless natively
* compiled on Cygwin)
@@ -48,34 +43,16 @@
*/
let
- inherit (stdenv) isDarwin isFreeBSD isLinux isAarch32;
inherit (lib) optional optionals optionalString enableFeature filter;
- cmpVer = builtins.compareVersions;
- reqMin = requiredVersion: (cmpVer requiredVersion branch != 1);
- reqMatch = requiredVersion: (cmpVer requiredVersion branch == 0);
+ reqMin = requiredVersion: (builtins.compareVersions requiredVersion branch != 1);
ifMinVer = minVer: flag: if reqMin minVer then flag else null;
ifVerOlder = maxVer: flag: if (lib.versionOlder branch maxVer) then flag else null;
-
- # Version specific fix
- verFix = withoutFix: fixVer: withFix: if reqMatch fixVer then withFix else withoutFix;
-
- # Disable dependency that needs fixes before it will work on Darwin or Arm
- disDarwinOrArmFix = origArg: minVer: fixArg: if ((isDarwin || isAarch32) && reqMin minVer) then fixArg else origArg;
-
- vaapiSupport = reqMin "0.6" && ((isLinux || isFreeBSD) && !isAarch32);
-
- vpxSupport = reqMin "0.6" && !isAarch32;
in
-assert openglSupport -> libGL != null && libGLU != null;
-assert libmfxSupport -> intel-media-sdk != null;
-assert libaomSupport -> libaom != null;
-
stdenv.mkDerivation rec {
-
pname = "ffmpeg";
inherit version;
@@ -87,8 +64,7 @@ stdenv.mkDerivation rec {
postPatch = "patchShebangs .";
inherit patches;
- outputs = [ "bin" "dev" "out" "man" ]
- ++ optional (reqMin "1.0") "doc" ; # just dev-doc
+ outputs = [ "bin" "dev" "out" "man" "doc" ];
setOutputFlags = false; # doesn't accept all and stores configureFlags in libs!
configurePlatforms = [];
@@ -100,8 +76,8 @@ stdenv.mkDerivation rec {
"--enable-version3"
# Build flags
"--enable-shared"
- (ifMinVer "0.6" "--enable-pic")
- (ifMinVer "4.0" (enableFeature (srt != null) "libsrt"))
+ "--enable-pic"
+ (ifMinVer "4.0" (enableFeature srtSupport "libsrt"))
(enableFeature runtimeCpuDetectBuild "runtime-cpudetect")
"--enable-hardcoded-tables"
] ++
@@ -113,63 +89,61 @@ stdenv.mkDerivation rec {
else
["--disable-pthreads" "--disable-w32threads"])
++ [
- (ifMinVer "0.9" "--disable-os2threads") # We don't support OS/2
+ "--disable-os2threads" # We don't support OS/2
"--enable-network"
- (ifMinVer "2.4" "--enable-pixelutils")
+ "--enable-pixelutils"
# Executables
"--enable-ffmpeg"
"--disable-ffplay"
- (ifMinVer "0.6" "--enable-ffprobe")
- (if reqMin "4" then null else "--disable-ffserver")
+ "--enable-ffprobe"
+ (ifVerOlder "4" "--disable-ffserver")
# Libraries
- (ifMinVer "0.6" "--enable-avcodec")
- (ifMinVer "0.6" "--enable-avdevice")
+ "--enable-avcodec"
+ "--enable-avdevice"
"--enable-avfilter"
- (ifMinVer "0.6" "--enable-avformat")
- (ifMinVer "1.0" (ifVerOlder "5.0" "--enable-avresample"))
- (ifMinVer "1.1" "--enable-avutil")
+ "--enable-avformat"
+ (ifVerOlder "5.0" "--enable-avresample")
+ "--enable-avutil"
"--enable-postproc"
- (ifMinVer "0.9" "--enable-swresample")
+ "--enable-swresample"
"--enable-swscale"
# Docs
- (ifMinVer "0.6" "--disable-doc")
+ "--disable-doc"
# External Libraries
"--enable-libass"
"--enable-bzlib"
"--enable-gnutls"
- (ifMinVer "1.0" "--enable-fontconfig")
- (ifMinVer "0.7" "--enable-libfreetype")
+ "--enable-fontconfig"
+ "--enable-libfreetype"
"--enable-libmp3lame"
- (ifMinVer "1.2" "--enable-iconv")
+ "--enable-iconv"
"--enable-libtheora"
- (ifMinVer "2.1" "--enable-libssh")
- (ifMinVer "0.6" (enableFeature vaapiSupport "vaapi"))
- (ifMinVer "3.4" (enableFeature vaapiSupport "libdrm"))
+ "--enable-libssh"
+ (enableFeature vaapiSupport "vaapi")
+ (enableFeature vaapiSupport "libdrm")
(enableFeature vdpauSupport "vdpau")
"--enable-libvorbis"
- (ifMinVer "0.6" (enableFeature vpxSupport "libvpx"))
- (ifMinVer "2.4" "--enable-lzma")
- (ifMinVer "2.2" (enableFeature openglSupport "opengl"))
+ (enableFeature vpxSupport "libvpx")
+ "--enable-lzma"
+ (enableFeature openglSupport "opengl")
(ifMinVer "4.2" (enableFeature libmfxSupport "libmfx"))
(ifMinVer "4.2" (enableFeature libaomSupport "libaom"))
- (disDarwinOrArmFix (ifMinVer "0.9" (lib.optionalString pulseaudioSupport "--enable-libpulse")) "0.9" "--disable-libpulse")
- (ifMinVer "2.5" (if sdlSupport && reqMin "3.2" then "--enable-sdl2" else if sdlSupport then "--enable-sdl" else null)) # autodetected before 2.5, SDL1 support removed in 3.2 for SDL2
- (ifMinVer "1.2" "--enable-libsoxr")
+ (lib.optionalString pulseaudioSupport "--enable-libpulse")
+ (enableFeature sdlSupport "sdl2")
+ "--enable-libsoxr"
"--enable-libx264"
"--enable-libxvid"
"--enable-libzimg"
"--enable-zlib"
- (ifMinVer "2.8" "--enable-libopus")
+ "--enable-libopus"
"--enable-libspeex"
- (ifMinVer "2.8" "--enable-libx265")
- (ifMinVer "4.2" (enableFeature (dav1d != null) "libdav1d"))
+ "--enable-libx265"
+ (ifMinVer "4.2" (enableFeature (reqMin "4.2") "libdav1d"))
# Developer flags
(enableFeature debugDeveloper "debug")
(enableFeature optimizationsDeveloper "optimizations")
(enableFeature extraWarningsDeveloper "extra-warnings")
"--disable-stripping"
- # Disable mmx support for 0.6.90
- (verFix null "0.6.90" "--disable-mmx")
] ++ optionals (stdenv.hostPlatform != stdenv.buildPlatform) [
"--cross-prefix=${stdenv.cc.targetPrefix}"
"--enable-cross-compile"
@@ -180,18 +154,18 @@ stdenv.mkDerivation rec {
buildInputs = [
bzip2 fontconfig freetype gnutls libiconv lame libass libogg libssh libtheora
- libvorbis xz soxr x264 x265 xvidcore zimg zlib libopus speex srt nv-codec-headers
+ libvorbis xz soxr x264 x265 xvidcore zimg zlib libopus speex nv-codec-headers
] ++ optionals openglSupport [ libGL libGLU ]
++ optional libmfxSupport intel-media-sdk
++ optional libaomSupport libaom
++ optional vpxSupport libvpx
- ++ optionals (!isDarwin && !isAarch32 && pulseaudioSupport) [ libpulseaudio ] # Need to be fixed on Darwin and ARM
- ++ optional ((isLinux || isFreeBSD) && !isAarch32) libva
- ++ optional ((isLinux || isFreeBSD) && !isAarch32) libdrm
- ++ optional isLinux alsa-lib
- ++ optionals isDarwin darwinFrameworks
+ ++ optionals (!stdenv.isDarwin && !stdenv.isAarch32 && pulseaudioSupport) [ libpulseaudio ] # Need to be fixed on Darwin and ARM
+ ++ optionals vaapiSupport [ libva libdrm ]
+ ++ optional stdenv.isLinux alsa-lib
+ ++ optionals stdenv.isDarwin [ Cocoa CoreMedia VideoToolbox ]
++ optional vdpauSupport libvdpau
- ++ optional sdlSupport (if reqMin "3.2" then SDL2 else SDL)
+ ++ optional sdlSupport SDL2
+ ++ optional srtSupport srt
++ optional (reqMin "4.2") dav1d;
enableParallelBuilding = true;
diff --git a/pkgs/development/libraries/glibc/common.nix b/pkgs/development/libraries/glibc/common.nix
index 6ed0a4d4da0fe..83cde07749496 100644
--- a/pkgs/development/libraries/glibc/common.nix
+++ b/pkgs/development/libraries/glibc/common.nix
@@ -36,6 +36,7 @@
, withLinuxHeaders ? false
, profilingLibraries ? false
, withGd ? false
+, withLibcrypt ? false
, meta
, extraBuildInputs ? []
, extraNativeBuildInputs ? []
@@ -183,7 +184,9 @@ stdenv.mkDerivation ({
# To avoid linking with -lgcc_s (dynamic link)
# so the glibc does not depend on its compiler store path
"libc_cv_as_needed=no"
- ] ++ lib.optional withGd "--with-gd";
+ ]
+ ++ lib.optional withGd "--with-gd"
+ ++ lib.optional (!withLibcrypt) "--disable-crypt";
makeFlags = [
"OBJCOPY=${stdenv.cc.targetPrefix}objcopy"
diff --git a/pkgs/development/libraries/glibc/default.nix b/pkgs/development/libraries/glibc/default.nix
index 728b97d2f5f4e..8602498f01b94 100644
--- a/pkgs/development/libraries/glibc/default.nix
+++ b/pkgs/development/libraries/glibc/default.nix
@@ -2,6 +2,7 @@
, withLinuxHeaders ? true
, profilingLibraries ? false
, withGd ? false
+, withLibcrypt? false
, buildPackages
}:
@@ -16,7 +17,7 @@ in
callPackage ./common.nix { inherit stdenv; } {
pname = "glibc" + lib.optionalString withGd "-gd";
- inherit withLinuxHeaders profilingLibraries withGd;
+ inherit withLinuxHeaders profilingLibraries withGd withLibcrypt;
# Note:
# Things you write here override, and do not add to,
diff --git a/pkgs/development/libraries/gvm-libs/default.nix b/pkgs/development/libraries/gvm-libs/default.nix
index a141d36e33006..ba08fc61f5682 100644
--- a/pkgs/development/libraries/gvm-libs/default.nix
+++ b/pkgs/development/libraries/gvm-libs/default.nix
@@ -12,6 +12,7 @@
, libpcap
, libssh
, libuuid
+, libxcrypt
, libxml2
, pkg-config
, zlib
@@ -46,6 +47,7 @@ stdenv.mkDerivation rec {
libpcap
libssh
libuuid
+ libxcrypt
libxml2
zlib
];
diff --git a/pkgs/development/libraries/harfbuzz/default.nix b/pkgs/development/libraries/harfbuzz/default.nix
index c9f8f83f0f882..0bb6546543dc0 100644
--- a/pkgs/development/libraries/harfbuzz/default.nix
+++ b/pkgs/development/libraries/harfbuzz/default.nix
@@ -1,7 +1,6 @@
{ lib
, stdenv
-, fetchFromGitHub
-, fetchpatch
+, fetchurl
, pkg-config
, glib
, freetype
@@ -31,7 +30,7 @@
}:
let
- version = "5.1.0";
+ version = "5.2.0";
inherit (lib) optional optionals optionalString;
mesonFeatureFlag = opt: b:
"-D${opt}=${if b then "enabled" else "disabled"}";
@@ -41,21 +40,11 @@ stdenv.mkDerivation {
pname = "harfbuzz${optionalString withIcu "-icu"}";
inherit version;
- src = fetchFromGitHub {
- owner = "harfbuzz";
- repo = "harfbuzz";
- rev = version;
- sha256 = "sha256-K6iScmg1vNfwb1UYqtXsnijLVpcC+am2ZL+W5bLFzsI=";
+ src = fetchurl {
+ url = "https://github.com/harfbuzz/harfbuzz/releases/download/${version}/harfbuzz-${version}.tar.xz";
+ sha256 = "0b4lpkidwx0lf8slczjji652yll6g5zgmm5lmisnb4s7gf8r8nkk";
};
- patches = [
- (fetchpatch {
- name = "aarch64-test-narrowing.diff";
- url = "https://github.com/harfbuzz/harfbuzz/commit/04d28d94e576aab099891e6736fd0088dfac3366.diff";
- sha256 = "sha256-099GP8t1G0kyYl79A6xJhfyrs3WXYitvn+He7sEz+Oo=";
- })
- ];
-
postPatch = ''
patchShebangs src/*.py test
'' + lib.optionalString stdenv.isDarwin ''
diff --git a/pkgs/development/libraries/libcli/default.nix b/pkgs/development/libraries/libcli/default.nix
index 8aa06bfb19bc2..da076a590e19a 100644
--- a/pkgs/development/libraries/libcli/default.nix
+++ b/pkgs/development/libraries/libcli/default.nix
@@ -1,4 +1,4 @@
-{ lib, stdenv, fetchFromGitHub, fetchurl }:
+{ lib, stdenv, fetchFromGitHub, fetchurl, libxcrypt }:
stdenv.mkDerivation rec {
pname = "libcli";
@@ -18,6 +18,8 @@ stdenv.mkDerivation rec {
})
];
+ buildInputs = [ libxcrypt ];
+
enableParallelBuilding = true;
makeFlags = [ "CC=${stdenv.cc.targetPrefix}cc" "AR=${stdenv.cc.targetPrefix}ar" "PREFIX=$(out)" ];
diff --git a/pkgs/development/libraries/libfilezilla/default.nix b/pkgs/development/libraries/libfilezilla/default.nix
index 16c09b65ff1e8..bc70e1fde3aca 100644
--- a/pkgs/development/libraries/libfilezilla/default.nix
+++ b/pkgs/development/libraries/libfilezilla/default.nix
@@ -6,6 +6,7 @@
, nettle
, pkg-config
, libiconv
+, libxcrypt
, ApplicationServices
}:
@@ -20,7 +21,7 @@ stdenv.mkDerivation rec {
nativeBuildInputs = [ autoreconfHook pkg-config ];
- buildInputs = [ gettext gnutls nettle ]
+ buildInputs = [ gettext gnutls nettle libxcrypt ]
++ lib.optionals stdenv.isDarwin [ libiconv ApplicationServices ];
enableParallelBuilding = true;
diff --git a/pkgs/development/libraries/libguestfs/default.nix b/pkgs/development/libraries/libguestfs/default.nix
index e2da1a30ff146..745b1a180008c 100644
--- a/pkgs/development/libraries/libguestfs/default.nix
+++ b/pkgs/development/libraries/libguestfs/default.nix
@@ -4,6 +4,7 @@
, pkg-config
, autoreconfHook
, makeWrapper
+, libxcrypt
, ncurses
, cpio
, gperf
@@ -65,6 +66,7 @@ stdenv.mkDerivation rec {
] ++ (with perlPackages; [ perl libintl-perl GetoptLong ModuleBuild ])
++ (with ocamlPackages; [ ocaml findlib ]);
buildInputs = [
+ libxcrypt
ncurses
jansson
pcre2
diff --git a/pkgs/development/libraries/libical/default.nix b/pkgs/development/libraries/libical/default.nix
index 3fef461874c96..4dfb28108743d 100644
--- a/pkgs/development/libraries/libical/default.nix
+++ b/pkgs/development/libraries/libical/default.nix
@@ -19,7 +19,7 @@
stdenv.mkDerivation rec {
pname = "libical";
- version = "3.0.14";
+ version = "3.0.15";
outputs = [ "out" "dev" ]; # "devdoc" ];
@@ -27,7 +27,7 @@ stdenv.mkDerivation rec {
owner = "libical";
repo = "libical";
rev = "v${version}";
- sha256 = "sha256-gZ6IBjG5pNKJ+hWcTzXMP7yxL4he4LTklZGoC9vXra8=";
+ sha256 = "sha256-7M5GBteFKmKCB6556XXV4s6iIC/+3c3Ck17s/QX3Jus=";
};
strictDeps = true;
@@ -98,7 +98,6 @@ stdenv.mkDerivation rec {
'';
meta = with lib; {
- broken = stdenv.isDarwin;
homepage = "https://github.com/libical/libical";
description = "An Open Source implementation of the iCalendar protocols";
license = licenses.mpl20;
diff --git a/pkgs/development/libraries/liblc3/default.nix b/pkgs/development/libraries/liblc3/default.nix
new file mode 100644
index 0000000000000..d0d95fd47da76
--- /dev/null
+++ b/pkgs/development/libraries/liblc3/default.nix
@@ -0,0 +1,36 @@
+{ lib
+, stdenv
+, fetchFromGitHub
+, meson
+, ninja
+}:
+
+let
+ name = "liblc3";
+ version = "1.0.1";
+in
+stdenv.mkDerivation {
+ pname = name;
+ version = version;
+
+ src = fetchFromGitHub {
+ owner = "google";
+ repo = "liblc3";
+ rev = "v${version}";
+ sha256 = "sha256-W0pCfFmM+6N6+HdGdQ/GBNHjBspkwtlxZC2m2noKGx0=";
+ };
+
+ nativeBuildInputs = [
+ meson
+ ninja
+ ];
+
+ meta = with lib; {
+ description = "LC3 (Low Complexity Communication Codec) is an efficient low latency audio codec";
+ homepage = "https://github.com/google/liblc3";
+ license = licenses.asl20;
+ platforms = platforms.linux;
+ maintainers = with maintainers; [ jansol ];
+ };
+}
+
diff --git a/pkgs/development/libraries/libxcrypt/default.nix b/pkgs/development/libraries/libxcrypt/default.nix
index eadf6f91e1e07..db5f5026f2c15 100644
--- a/pkgs/development/libraries/libxcrypt/default.nix
+++ b/pkgs/development/libraries/libxcrypt/default.nix
@@ -1,44 +1,44 @@
-{ lib, stdenv, fetchFromGitHub, autoconf, automake, libtool, pkg-config, perl, fetchpatch }:
+{ lib, stdenv, fetchurl, perl, nixosTests }:
stdenv.mkDerivation rec {
pname = "libxcrypt";
version = "4.4.28";
- src = fetchFromGitHub {
- owner = "besser82";
- repo = "libxcrypt";
- rev = "v${version}";
- sha256 = "sha256-Ohf+RCOXnoCxAFnXXV9e2TCqpfZziQl+FGJTGDSQTF0=";
+ src = fetchurl {
+ url = "https://github.com/besser82/libxcrypt/releases/download/v${version}/libxcrypt-${version}.tar.xz";
+ sha256 = "sha256-npNoEfn60R28ozyhm9l8VcUus8oVkB8nreBGzHnmnoc=";
};
- patches = [
- # Fix for tests on musl is being upstreamed:
- # https://github.com/besser82/libxcrypt/pull/157
- # Applied in all environments to prevent patchrot
- (fetchpatch {
- url = "https://github.com/besser82/libxcrypt/commit/a4228faa0b96986abc076125cf97d352a063d92f.patch";
- sha256 = "sha256-iGNz8eer6OkA0yR74WisE6GbFTYyXKw7koXl/R7DhVE=";
- })
+ outputs = [
+ "out"
+ "man"
];
- preConfigure = ''
- patchShebangs autogen.sh
- ./autogen.sh
- '';
-
configureFlags = [
+ "--enable-hashes=all"
+ "--enable-obsolete-api=glibc"
+ "--disable-failure-tokens"
+ ] ++ lib.optionals stdenv.hostPlatform.isMusl [
"--disable-werror"
];
- nativeBuildInputs = [ autoconf automake libtool pkg-config perl ];
+ nativeBuildInputs = [
+ perl
+ ];
+
+ enableParallelBuilding = true;
- doCheck = true;
+ doCheck = !stdenv.hostPlatform.isMusl;
+
+ passthru.tests = {
+ inherit (nixosTests) login shadow;
+ };
meta = with lib; {
description = "Extended crypt library for descrypt, md5crypt, bcrypt, and others";
homepage = "https://github.com/besser82/libxcrypt/";
platforms = platforms.all;
- maintainers = with maintainers; [ dottedmag ];
+ maintainers = with maintainers; [ dottedmag hexa ];
license = licenses.lgpl21Plus;
};
}
diff --git a/pkgs/development/libraries/libxml2/default.nix b/pkgs/development/libraries/libxml2/default.nix
index 474afc4ba6ca2..3fe272591e109 100644
--- a/pkgs/development/libraries/libxml2/default.nix
+++ b/pkgs/development/libraries/libxml2/default.nix
@@ -12,7 +12,7 @@
, ncurses
, findXMLCatalogs
, libiconv
-, pythonSupport ? enableShared && stdenv.buildPlatform == stdenv.hostPlatform
+, pythonSupport ? enableShared
, icuSupport ? false
, icu
, enableShared ? stdenv.hostPlatform.libc != "msvcrt" && !stdenv.hostPlatform.isStatic
@@ -60,6 +60,8 @@ stdenv.mkDerivation rec {
})
];
+ strictDeps = true;
+
nativeBuildInputs = [
pkg-config
autoreconfHook
@@ -94,7 +96,8 @@ stdenv.mkDerivation rec {
(lib.enableFeature enableStatic "static")
(lib.enableFeature enableShared "shared")
(lib.withFeature icuSupport "icu")
- (lib.withFeatureAs pythonSupport "python" python)
+ (lib.withFeature pythonSupport "python")
+ (lib.optionalString pythonSupport "PYTHON=${python.pythonForBuild.interpreter}")
];
installFlags = lib.optionals pythonSupport [
diff --git a/pkgs/development/libraries/libxslt/default.nix b/pkgs/development/libraries/libxslt/default.nix
index 29c6938911622..a3bb7128c0f10 100644
--- a/pkgs/development/libraries/libxslt/default.nix
+++ b/pkgs/development/libraries/libxslt/default.nix
@@ -8,9 +8,10 @@
, gettext
, python
, ncurses
+, libxcrypt
, libgcrypt
, cryptoSupport ? false
-, pythonSupport ? stdenv.buildPlatform == stdenv.hostPlatform
+, pythonSupport ? true
, gnome
}:
@@ -26,13 +27,15 @@ stdenv.mkDerivation rec {
sha256 = "EoSPCkQI9ltTDTlizZ/2cLaueWGRz+/zdSK1dy3o3I4=";
};
+ strictDeps = true;
+
nativeBuildInputs = [
pkg-config
autoreconfHook
];
buildInputs = [
- libxml2.dev
+ libxml2.dev libxcrypt
] ++ lib.optional stdenv.isDarwin [
gettext
] ++ lib.optionals pythonSupport [
@@ -51,7 +54,8 @@ stdenv.mkDerivation rec {
"--without-debug"
"--without-mem-debug"
"--without-debugger"
- (lib.withFeatureAs pythonSupport "python" python)
+ (lib.withFeature pythonSupport "python")
+ (lib.optionalString pythonSupport "PYTHON=${python.pythonForBuild.interpreter}")
] ++ lib.optionals (!cryptoSupport) [
"--without-crypto"
];
diff --git a/pkgs/development/libraries/mesa/default.nix b/pkgs/development/libraries/mesa/default.nix
index 6b78a570cccb8..65dd547c6ab7a 100644
--- a/pkgs/development/libraries/mesa/default.nix
+++ b/pkgs/development/libraries/mesa/default.nix
@@ -86,6 +86,8 @@ self = stdenv.mkDerivation {
'DATADIR "/drirc.d"' '"${placeholder "out"}/share/drirc.d"'
substituteInPlace src/util/meson.build --replace \
"get_option('datadir')" "'${placeholder "out"}/share'"
+ substituteInPlace src/amd/vulkan/meson.build --replace \
+ "get_option('datadir')" "'${placeholder "out"}/share'"
'';
outputs = [ "out" "dev" "drivers" ]
diff --git a/pkgs/development/libraries/openldap/default.nix b/pkgs/development/libraries/openldap/default.nix
index f357b8d4b7208..64b6c8c234450 100644
--- a/pkgs/development/libraries/openldap/default.nix
+++ b/pkgs/development/libraries/openldap/default.nix
@@ -11,6 +11,7 @@
, libtool
, openssl
, systemdMinimal
+, libxcrypt
}:
stdenv.mkDerivation rec {
@@ -42,6 +43,7 @@ stdenv.mkDerivation rec {
libsodium
libtool
openssl
+ libxcrypt
] ++ lib.optionals (stdenv.isLinux) [
systemdMinimal
];
diff --git a/pkgs/development/libraries/openssl/3.0/openssl-disable-kernel-detection.patch b/pkgs/development/libraries/openssl/3.0/openssl-disable-kernel-detection.patch
index baf162e88d09f..04585565a331a 100644
--- a/pkgs/development/libraries/openssl/3.0/openssl-disable-kernel-detection.patch
+++ b/pkgs/development/libraries/openssl/3.0/openssl-disable-kernel-detection.patch
@@ -1,22 +1,25 @@
diff --git a/Configure b/Configure
-index f0ad787bc4..a48d2008c6 100755
+index a558e5ab1a..9a884f0b0f 100755
--- a/Configure
+++ b/Configure
-@@ -1688,17 +1688,6 @@ unless ($disabled{devcryptoeng}) {
+@@ -1714,20 +1714,6 @@ unless ($disabled{devcryptoeng}) {
+
unless ($disabled{ktls}) {
$config{ktls}="";
- if ($target =~ m/^linux/) {
-- my $usr = "/usr/$config{cross_compile_prefix}";
-- chop($usr);
-- if ($config{cross_compile_prefix} eq "") {
-- $usr = "/usr";
-- }
-- my $minver = (4 << 16) + (13 << 8) + 0;
-- my @verstr = split(" ",`cat $usr/include/linux/version.h | grep LINUX_VERSION_CODE`);
--
-- if ($verstr[2] < $minver) {
+- my $cc = $config{CROSS_COMPILE}.$config{CC};
+- if ($target =~ m/^linux/) {
+- system("printf '#include \n#include ' | $cc -E - >/dev/null 2>&1");
+- if ($? != 0) {
- disable('too-old-kernel', 'ktls');
- }
- } elsif ($target =~ m/^BSD/) {
- my $cc = $config{CROSS_COMPILE}.$config{CC};
- system("printf '#include \n#include ' | $cc -E - >/dev/null 2>&1");
+- } elsif ($target =~ m/^BSD/) {
+- system("printf '#include \n#include ' | $cc -E - >/dev/null 2>&1");
+- if ($? != 0) {
+- disable('too-old-freebsd', 'ktls');
+- }
+- } else {
+- disable('not-linux-or-freebsd', 'ktls');
+- }
+ }
+
+ push @{$config{openssl_other_defines}}, "OPENSSL_NO_KTLS" if ($disabled{ktls});
diff --git a/pkgs/development/libraries/openssl/default.nix b/pkgs/development/libraries/openssl/default.nix
index 78cc680c7be50..689f74ee5c517 100644
--- a/pkgs/development/libraries/openssl/default.nix
+++ b/pkgs/development/libraries/openssl/default.nix
@@ -16,14 +16,14 @@
# files.
let
- common = { version, sha256, patches ? [], withDocs ? false, extraMeta ? {} }:
+ common = { version, hash, patches ? [], withDocs ? false, extraMeta ? {} }:
stdenv.mkDerivation rec {
pname = "openssl";
inherit version;
src = fetchurl {
url = "https://www.openssl.org/source/${pname}-${version}.tar.gz";
- inherit sha256;
+ inherit hash;
};
inherit patches;
@@ -213,8 +213,8 @@ in {
openssl_1_1 = common rec {
- version = "1.1.1q";
- sha256 = "sha256-15Oc5hQCnN/wtsIPDi5XAxWKSJpyslB7i9Ub+Mj9EMo=";
+ version = "1.1.1r";
+ hash = "sha256-44k1KuPVrk04WXv4pU8dy2+zyLUPT+WKlLsb9/hdgqA=";
patches = [
./1.1/nix-ssl-cert-file.patch
@@ -228,8 +228,8 @@ in {
};
openssl_3 = common {
- version = "3.0.5";
- sha256 = "sha256-qn2Nm+9xrWUlxVuhHl9Dl4ic5Jwsk0nc6m0+TwsCSno=";
+ version = "3.0.6";
+ hash = "sha256-5KEKKYaUXj8aHy69aKx4BEmhdzuWtqF0/fZQ1ryWEfE=";
patches = [
./3.0/nix-ssl-cert-file.patch
diff --git a/pkgs/development/libraries/p11-kit/default.nix b/pkgs/development/libraries/p11-kit/default.nix
index fee4a2e8259fe..1f2646a03638d 100644
--- a/pkgs/development/libraries/p11-kit/default.nix
+++ b/pkgs/development/libraries/p11-kit/default.nix
@@ -63,6 +63,7 @@ stdenv.mkDerivation rec {
"/etc/ssl/certs/ca-certificates.crt" # NixOS + Debian/Ubuntu/Arch/Gentoo...
"/etc/pki/tls/certs/ca-bundle.crt" # Fedora/CentOS
"/var/lib/ca-certificates/ca-bundle.pem" # openSUSE
+ "/etc/ssl/cert.pem" # Darwin/macOS
]}"
];
diff --git a/pkgs/development/libraries/physics/cernlib/default.nix b/pkgs/development/libraries/physics/cernlib/default.nix
index 77ad6e201a32b..8eae6fcaad55c 100644
--- a/pkgs/development/libraries/physics/cernlib/default.nix
+++ b/pkgs/development/libraries/physics/cernlib/default.nix
@@ -1,4 +1,4 @@
-{ lib, stdenv, fetchurl, gfortran, imake, makedepend, motif, xorg }:
+{ lib, stdenv, fetchurl, gfortran, imake, makedepend, motif, xorg, libxcrypt }:
stdenv.mkDerivation rec {
version = "2006";
@@ -12,7 +12,7 @@ stdenv.mkDerivation rec {
sha256 = "0awla1rl96z82br7slcmg8ks1d2a7slk6dj79ywb871j2ksi3fky";
};
- buildInputs = with xorg; [ gfortran motif libX11 libXft libXt ];
+ buildInputs = with xorg; [ gfortran motif libX11 libXft libXt libxcrypt ];
nativeBuildInputs = [ imake makedepend ];
sourceRoot = ".";
diff --git a/pkgs/development/libraries/pipewire/default.nix b/pkgs/development/libraries/pipewire/default.nix
index a02ecc1e9b743..f2907afab0188 100644
--- a/pkgs/development/libraries/pipewire/default.nix
+++ b/pkgs/development/libraries/pipewire/default.nix
@@ -2,6 +2,7 @@
, lib
, buildPackages
, fetchFromGitLab
+, fetchpatch
, removeReferencesTo
, python3
, meson
@@ -45,6 +46,7 @@
, sbc
, libfreeaptx
, ldacbt
+, liblc3
, fdk_aac
, libopus
, nativeHspSupport ? true
@@ -70,7 +72,7 @@ let
self = stdenv.mkDerivation rec {
pname = "pipewire";
- version = "0.3.58";
+ version = "0.3.59";
outputs = [
"out"
@@ -88,7 +90,7 @@ let
owner = "pipewire";
repo = "pipewire";
rev = version;
- sha256 = "sha256-r8sDXyXwtA2o2xqglOI8XflttSScrqJ57cj1//k2tZ8=";
+ sha256 = "sha256-4wDtdgkjBRlthhwbI3cSQFnbr+gxPQP5j5YnrWiQVp4=";
};
patches = [
@@ -104,6 +106,12 @@ let
./0090-pipewire-config-template-paths.patch
# Place SPA data files in lib output to avoid dependency cycles
./0095-spa-data-dir.patch
+
+ # remove when updating to 0.3.60
+ (fetchpatch { # filter-chain: iterate the port correctly
+ url = "https://gitlab.freedesktop.org/pipewire/pipewire/-/commit/94a64268613adac8ef6f3e6c1f04468220540d00.patch";
+ sha256 = "sha256-IDTB7NgadgR3vKv97Nvd9pBfnOnMi21YsvLdD1Ew7HE=";
+ })
];
nativeBuildInputs = [
@@ -134,7 +142,7 @@ let
++ lib.optionals gstreamerSupport [ gst_all_1.gst-plugins-base gst_all_1.gstreamer ]
++ lib.optionals libcameraSupport [ libcamera libdrm ]
++ lib.optional ffmpegSupport ffmpeg
- ++ lib.optionals bluezSupport [ bluez libfreeaptx ldacbt sbc fdk_aac libopus ]
+ ++ lib.optionals bluezSupport [ bluez libfreeaptx ldacbt liblc3 sbc fdk_aac libopus ]
++ lib.optional pulseTunnelSupport libpulseaudio
++ lib.optional zeroconfSupport avahi
++ lib.optional raopSupport openssl
@@ -167,6 +175,7 @@ let
"-Dbluez5-backend-ofono=${mesonEnableFeature ofonoSupport}"
"-Dbluez5-backend-hsphfpd=${mesonEnableFeature hsphfpdSupport}"
"-Dbluez5-codec-lc3plus=disabled"
+ "-Dbluez5-codec-lc3=${mesonEnableFeature bluezSupport}"
"-Dsysconfdir=/etc"
"-Dpipewire_confdata_dir=${placeholder "lib"}/share/pipewire"
"-Draop=${mesonEnableFeature raopSupport}"
diff --git a/pkgs/development/libraries/sord/default.nix b/pkgs/development/libraries/sord/default.nix
index dee53bd3b2a7c..efb8bf0b89529 100644
--- a/pkgs/development/libraries/sord/default.nix
+++ b/pkgs/development/libraries/sord/default.nix
@@ -1,31 +1,42 @@
-{ lib, stdenv, fetchFromGitHub, pkg-config, python3, serd, pcre, wafHook }:
+{ lib
+, stdenv
+, doxygen
+, fetchFromGitHub
+, meson
+, ninja
+, pcre
+, pkg-config
+, python3
+, serd
+}:
stdenv.mkDerivation rec {
pname = "sord";
- version = "unstable-2021-01-12";
+ version = "0.16.14";
- # Commit picked in mitigation of #109729
src = fetchFromGitHub {
owner = "drobilla";
repo = pname;
- rev = "d2efdb2d026216449599350b55c2c85c0d3efb89";
- sha256 = "hHTwK+K6cj9MGO77a1IXiUZtEbXZ08cLGkYZ5eMOIVA=";
- fetchSubmodules = true;
+ rev = "v${version}";
+ hash = "sha256-S22Szpg6iXeana5t6EpbOtRstthgrJ4Z2cBrf7a9ZBk=";
};
- preConfigure = ''
- export PKGCONFIG="$PKG_CONFIG"
- '';
-
- nativeBuildInputs = [ pkg-config python3 wafHook ];
+ nativeBuildInputs = [
+ doxygen
+ meson
+ ninja
+ pkg-config
+ python3
+ ];
buildInputs = [ pcre ];
propagatedBuildInputs = [ serd ];
- dontAddWafCrossFlags = true;
+
+ doCheck = true;
meta = with lib; {
homepage = "http://drobilla.net/software/sord";
description = "A lightweight C library for storing RDF data in memory";
- license = licenses.mit;
+ license = with licenses; [ bsd0 isc ];
maintainers = [ maintainers.goibhniu ];
platforms = platforms.unix;
};
diff --git a/pkgs/development/libraries/sqlite/default.nix b/pkgs/development/libraries/sqlite/default.nix
index 786c3c9e313cb..085e330bed486 100644
--- a/pkgs/development/libraries/sqlite/default.nix
+++ b/pkgs/development/libraries/sqlite/default.nix
@@ -17,13 +17,13 @@ in
stdenv.mkDerivation rec {
pname = "sqlite${optionalString interactive "-interactive"}";
- version = "3.39.3";
+ version = "3.39.4";
# nixpkgs-update: no auto update
# NB! Make sure to update ./tools.nix src (in the same directory).
src = fetchurl {
url = "https://sqlite.org/2022/sqlite-autoconf-${archiveVersion version}.tar.gz";
- sha256 = "sha256-eGj7MIK+Pyz0SRxvum3ivdy8KTo1/vsGJO48E/AUIrk=";
+ sha256 = "sha256-8x1EW0jmfihM8gZxfMFwq2PL5P1/eagnk7dyKF54/bs=";
};
outputs = [ "bin" "dev" "out" ];
diff --git a/pkgs/development/libraries/sqlite/tools.nix b/pkgs/development/libraries/sqlite/tools.nix
index 92d521b1916c1..4467f38b0479b 100644
--- a/pkgs/development/libraries/sqlite/tools.nix
+++ b/pkgs/development/libraries/sqlite/tools.nix
@@ -4,12 +4,12 @@ let
archiveVersion = import ./archive-version.nix lib;
mkTool = { pname, makeTarget, description, homepage, mainProgram }: stdenv.mkDerivation rec {
inherit pname;
- version = "3.39.3";
+ version = "3.39.4";
# nixpkgs-update: no auto update
src = assert version == sqlite.version; fetchurl {
url = "https://sqlite.org/2022/sqlite-src-${archiveVersion version}.zip";
- sha256 = "sha256-GMEvLh2hEkIRc8hcT4rtQyYScsGwR0qgdZKI/TD6ufw=";
+ sha256 = "sha256-AtlsbM+BGrm2ORnvcX9+UqRQxCDga9Ep+0g81ww7O7o=";
};
nativeBuildInputs = [ unzip ];
diff --git a/pkgs/development/libraries/talloc/default.nix b/pkgs/development/libraries/talloc/default.nix
index cb7af61a63ed2..fb52f75f8c101 100644
--- a/pkgs/development/libraries/talloc/default.nix
+++ b/pkgs/development/libraries/talloc/default.nix
@@ -4,6 +4,7 @@
, pkg-config
, readline
, libxslt
+, libxcrypt
, docbook-xsl-nons
, docbook_xml_dtd_42
, fixDarwinDylibNames
@@ -33,6 +34,7 @@ stdenv.mkDerivation rec {
python3
readline
libxslt
+ libxcrypt
];
wafPath = "buildtools/bin/waf";
diff --git a/pkgs/development/libraries/tdb/default.nix b/pkgs/development/libraries/tdb/default.nix
index f040022cc91b8..9a534c4c14652 100644
--- a/pkgs/development/libraries/tdb/default.nix
+++ b/pkgs/development/libraries/tdb/default.nix
@@ -5,6 +5,7 @@
, python3
, readline
, libxslt
+, libxcrypt
, docbook-xsl-nons
, docbook_xml_dtd_45
}:
@@ -30,6 +31,7 @@ stdenv.mkDerivation rec {
buildInputs = [
python3
readline # required to build python
+ libxcrypt
];
wafPath = "buildtools/bin/waf";
diff --git a/pkgs/development/libraries/x264/default.nix b/pkgs/development/libraries/x264/default.nix
index df248f6b4d433..1537900023905 100644
--- a/pkgs/development/libraries/x264/default.nix
+++ b/pkgs/development/libraries/x264/default.nix
@@ -1,4 +1,4 @@
-{ stdenv, lib, fetchFromGitLab, nasm
+{ stdenv, lib, fetchFromGitLab, fetchpatch, nasm
, enableShared ? !stdenv.hostPlatform.isStatic
}:
@@ -16,7 +16,15 @@ stdenv.mkDerivation rec {
# Upstream ./configure greps for (-mcpu|-march|-mfpu) in CFLAGS, which in nix
# is put in the cc wrapper anyway.
- patches = [ ./disable-arm-neon-default.patch ];
+ patches = [
+ ./disable-arm-neon-default.patch
+ (fetchpatch {
+ # https://code.videolan.org/videolan/x264/-/merge_requests/114
+ name = "fix-parallelism.patch";
+ url = "https://code.videolan.org/videolan/x264/-/commit/e067ab0b530395f90b578f6d05ab0a225e2efdf9.patch";
+ hash = "sha256-16h2IUCRjYlKI2RXYq8QyXukAdfoQxyBKsK/nI6vhRI=";
+ })
+ ];
postPatch = ''
patchShebangs .
diff --git a/pkgs/development/libraries/zeroc-ice/default.nix b/pkgs/development/libraries/zeroc-ice/default.nix
index 4eef03c4a6193..3050525c2a29e 100644
--- a/pkgs/development/libraries/zeroc-ice/default.nix
+++ b/pkgs/development/libraries/zeroc-ice/default.nix
@@ -1,5 +1,5 @@
{ stdenv, lib, fetchFromGitHub
-, bzip2, expat, libedit, lmdb, openssl
+, bzip2, expat, libedit, lmdb, openssl, libxcrypt
, python3 # for tests only
, cpp11 ? false
}:
@@ -31,7 +31,7 @@ in stdenv.mkDerivation rec {
sha256 = "sha256-h455isEmnRyoasXhh1UaA5PICcEEM8/C3IJf5yHRl5g=";
};
- buildInputs = [ zeroc_mcpp bzip2 expat libedit lmdb openssl ];
+ buildInputs = [ zeroc_mcpp bzip2 expat libedit lmdb openssl libxcrypt ];
preBuild = ''
makeFlagsArray+=(
diff --git a/pkgs/development/lua-modules/overrides.nix b/pkgs/development/lua-modules/overrides.nix
index 1ff2101b14629..7f06652e66b3c 100644
--- a/pkgs/development/lua-modules/overrides.nix
+++ b/pkgs/development/lua-modules/overrides.nix
@@ -22,6 +22,7 @@
, libmysqlclient
, libuuid
, libuv
+, libxcrypt
, libyaml
, mariadb
, mpfr
@@ -336,6 +337,12 @@ with prev;
];
});
+ luaposix = prev.luaLib.overrideLuarocks prev.luaposix (drv: {
+ externalDeps = [
+ { name = "CRYPT"; dep = libxcrypt; }
+ ];
+ });
+
luasec = prev.luaLib.overrideLuarocks prev.luasec (drv: {
externalDeps = [
{ name = "OPENSSL"; dep = openssl_1_1; }
@@ -514,12 +521,6 @@ with prev;
'';
});
- # TODO just while testing, remove afterwards
- # toVimPlugin should do it instead
- gitsigns-nvim = prev.gitsigns-nvim.overrideAttrs (oa: {
- nativeBuildInputs = oa.nativeBuildInputs or [ ] ++ [ vimUtils.vimGenDocHook ];
- });
-
# aliases
cjson = prev.lua-cjson;
}
diff --git a/pkgs/development/node-packages/overrides.nix b/pkgs/development/node-packages/overrides.nix
index 7c5a408706e4e..a66eada91b48e 100644
--- a/pkgs/development/node-packages/overrides.nix
+++ b/pkgs/development/node-packages/overrides.nix
@@ -96,13 +96,13 @@ final: prev: {
nativeBuildInputs = with pkgs; [
pkg-config
] ++ lib.optionals stdenv.isDarwin [
- xcbuild
darwin.apple_sdk.frameworks.CoreText
];
buildInputs = with pkgs; [
pixman
cairo
pango
+ giflib
];
};
@@ -147,14 +147,13 @@ final: prev: {
# ../../applications/video/epgstation
epgstation = prev."epgstation-../../applications/video/epgstation".override (oldAttrs: {
buildInputs = [ pkgs.postgresql ];
- nativeBuildInputs = [ final.node-pre-gyp final.node-gyp-build pkgs.which ] ++ lib.optionals stdenv.isDarwin [ pkgs.xcbuild ];
+ nativeBuildInputs = [ final.node-pre-gyp final.node-gyp-build pkgs.which ];
meta = oldAttrs.meta // { platforms = lib.platforms.none; };
});
# NOTE: this is a stub package to fetch npm dependencies for
# ../../applications/video/epgstation/client
epgstation-client = prev."epgstation-client-../../applications/video/epgstation/client".override (oldAttrs: {
- nativeBuildInputs = lib.optionals stdenv.isDarwin [ pkgs.xcbuild ];
meta = oldAttrs.meta // { platforms = lib.platforms.none; };
});
@@ -222,11 +221,7 @@ final: prev: {
});
joplin = prev.joplin.override {
- nativeBuildInputs = with pkgs; [
- pkg-config
- ] ++ lib.optionals stdenv.isDarwin [
- xcbuild
- ];
+ nativeBuildInputs = [ pkgs.pkg-config ];
buildInputs = with pkgs; [
# required by sharp
# https://sharp.pixelplumbing.com/install
@@ -292,10 +287,6 @@ final: prev: {
'';
};
- mastodon-bot = prev.mastodon-bot.override {
- nativeBuildInputs = lib.optionals stdenv.isDarwin [ pkgs.xcbuild ];
- };
-
mermaid-cli = prev."@mermaid-js/mermaid-cli".override (
if stdenv.isDarwin
then {}
@@ -513,11 +504,7 @@ final: prev: {
};
thelounge-plugin-giphy = prev.thelounge-plugin-giphy.override {
- nativeBuildInputs = [
- final.node-pre-gyp
- ] ++ lib.optionals stdenv.isDarwin [
- pkgs.xcbuild
- ];
+ nativeBuildInputs = [ final.node-pre-gyp ];
};
thelounge-theme-flat-blue = prev.thelounge-theme-flat-blue.override {
diff --git a/pkgs/development/python-modules/behave/default.nix b/pkgs/development/python-modules/behave/default.nix
index 5254f79c4b2fd..1030e589a21df 100644
--- a/pkgs/development/python-modules/behave/default.nix
+++ b/pkgs/development/python-modules/behave/default.nix
@@ -1,11 +1,11 @@
{ lib, stdenv, fetchFromGitHub
-, buildPythonApplication, python
+, buildPythonPackage, python
, pytestCheckHook, mock, path, pyhamcrest, pytest-html
, glibcLocales
, colorama, cucumber-tag-expressions, parse, parse-type, six
}:
-buildPythonApplication rec {
+buildPythonPackage rec {
pname = "behave";
version = "1.2.7.dev2";
diff --git a/pkgs/development/python-modules/certifi/default.nix b/pkgs/development/python-modules/certifi/default.nix
index 674fc1183d8ef..ecf7ed49aa5c4 100644
--- a/pkgs/development/python-modules/certifi/default.nix
+++ b/pkgs/development/python-modules/certifi/default.nix
@@ -7,22 +7,24 @@
buildPythonPackage rec {
pname = "certifi";
- version = "2022.06.15";
+ version = "2022.09.24";
- disabled = pythonOlder "3.5";
+ disabled = pythonOlder "3.6";
src = fetchFromGitHub {
owner = pname;
repo = "python-certifi";
rev = version;
- sha256 = "sha256-CKO8wF5FMGLIZbTd7YrKE9OWV9MbfQ2+BMc5IPk1FFU=";
+ hash = "sha256-B6LO6AfG9cfpyNI7hj3VjmGTFsrrIkDYO4gPMkZY74w=";
};
checkInputs = [
pytestCheckHook
];
- pythonImportsCheck = [ "certifi" ];
+ pythonImportsCheck = [
+ "certifi"
+ ];
meta = with lib; {
homepage = "https://github.com/certifi/python-certifi";
diff --git a/pkgs/development/python-modules/clintermission/default.nix b/pkgs/development/python-modules/clintermission/default.nix
index a0e5dcb7142f1..b5df005978c4d 100644
--- a/pkgs/development/python-modules/clintermission/default.nix
+++ b/pkgs/development/python-modules/clintermission/default.nix
@@ -1,8 +1,15 @@
-{ lib, buildPythonApplication, fetchFromGitHub, isPy3k, prompt-toolkit }:
+{ lib
+, buildPythonPackage
+, fetchFromGitHub
+, isPy3k
+, prompt-toolkit }:
-buildPythonApplication rec {
+buildPythonPackage rec {
pname = "clintermission";
version = "0.2.0";
+ format = "setuptools";
+
+ disabled = !isPy3k;
src = fetchFromGitHub {
owner = "sebageek";
@@ -11,14 +18,16 @@ buildPythonApplication rec {
sha256 = "09wl0rpw6c9hab51rs957z64b0v9j4fcbqbn726wnapf4z5w6yxv";
};
- propagatedBuildInputs = [ prompt-toolkit ];
-
- disabled = !isPy3k;
+ propagatedBuildInputs = [
+ prompt-toolkit
+ ];
# repo contains no tests
doCheck = false;
- pythonImportsCheck = [ "clintermission" ];
+ pythonImportsCheck = [
+ "clintermission"
+ ];
meta = with lib; {
description = "Non-fullscreen command-line selection menu";
diff --git a/pkgs/development/python-modules/coconut/default.nix b/pkgs/development/python-modules/coconut/default.nix
index b7301cf1e73a7..dec024fa8385f 100644
--- a/pkgs/development/python-modules/coconut/default.nix
+++ b/pkgs/development/python-modules/coconut/default.nix
@@ -1,5 +1,5 @@
{ lib
-, buildPythonApplication
+, buildPythonPackage
, fetchFromGitHub
, cpyparsing
, ipykernel
@@ -12,7 +12,7 @@
, watchdog
}:
-buildPythonApplication rec {
+buildPythonPackage rec {
pname = "coconut";
version = "1.6.0";
diff --git a/pkgs/development/python-modules/drivelib/default.nix b/pkgs/development/python-modules/drivelib/default.nix
index 526e58d14340d..7b0a629e8a89b 100644
--- a/pkgs/development/python-modules/drivelib/default.nix
+++ b/pkgs/development/python-modules/drivelib/default.nix
@@ -1,5 +1,5 @@
{ lib
-, buildPythonApplication
+, buildPythonPackage
, fetchPypi
, expiringdict
, google-auth-httplib2
@@ -7,7 +7,7 @@
, google-api-python-client
}:
-buildPythonApplication rec {
+buildPythonPackage rec {
pname = "drivelib";
version = "0.3.0";
diff --git a/pkgs/development/python-modules/expiringdict/default.nix b/pkgs/development/python-modules/expiringdict/default.nix
index 942feff4513f6..9dfe60aca7e38 100644
--- a/pkgs/development/python-modules/expiringdict/default.nix
+++ b/pkgs/development/python-modules/expiringdict/default.nix
@@ -1,5 +1,5 @@
{ lib
-, buildPythonApplication
+, buildPythonPackage
, fetchFromGitHub
, dill
, coverage
@@ -8,16 +8,17 @@
, nose
}:
-buildPythonApplication rec {
+buildPythonPackage rec {
pname = "expiringdict";
version = "1.2.2";
+ format = "setuptools";
# use fetchFromGitHub instead of fetchPypi because the test suite of
# the package is not included into the PyPI tarball
src = fetchFromGitHub {
owner = "mailgun";
repo = pname;
- rev = "v${version}";
+ rev = "refs/tags/v${version}";
sha256 = "sha256-vRhJSHIqc51I+s/wndtfANM44CKW3QS1iajqyoSBf0I=";
};
@@ -30,14 +31,18 @@ buildPythonApplication rec {
];
checkPhase = ''
+ runHook preCheck
nosetests -v --with-coverage --cover-package=expiringdict
+ runHook postCheck
'';
- pythonImportsCheck = [ "expiringdict" ];
+ pythonImportsCheck = [
+ "expiringdict"
+ ];
meta = with lib; {
description = "Dictionary with auto-expiring values for caching purposes";
- homepage = "https://pypi.org/project/expiringdict/";
+ homepage = "https://github.com/mailgun/expiringdict";
license = licenses.asl20;
maintainers = with maintainers; [ gravndal ];
};
diff --git a/pkgs/development/python-modules/filecheck/default.nix b/pkgs/development/python-modules/filecheck/default.nix
index 2480c196881af..9cbd8bde2117d 100644
--- a/pkgs/development/python-modules/filecheck/default.nix
+++ b/pkgs/development/python-modules/filecheck/default.nix
@@ -1,10 +1,11 @@
{ lib
-, buildPythonApplication
+, buildPythonPackage
, fetchFromGitHub
-, poetry
+, poetry-core
+, pytestCheckHook
}:
-buildPythonApplication rec {
+buildPythonPackage rec {
pname = "filecheck";
version = "0.0.22";
format = "pyproject";
@@ -16,9 +17,23 @@ buildPythonApplication rec {
sha256 = "sha256-I2SypKkgcVuLyLiwNw5oWDb9qT56TbC6vbui8PEcziI=";
};
- nativeBuildInputs = [ poetry ];
+ postPatch = ''
+ substituteInPlace pyproject.toml \
+ --replace "poetry>=0.12" "poetry-core" \
+ --replace "poetry.masonry.api" "poetry.core.masonry.api"
+ '';
- pythonImportsCheck = [ "filecheck" ];
+ nativeBuildInputs = [
+ poetry-core
+ ];
+
+ checkInputs = [
+ pytestCheckHook
+ ];
+
+ pythonImportsCheck = [
+ "filecheck"
+ ];
meta = with lib; {
homepage = "https://github.com/mull-project/FileCheck.py";
diff --git a/pkgs/development/python-modules/gdown/default.nix b/pkgs/development/python-modules/gdown/default.nix
index 3368706c8c12f..bd29bec954337 100644
--- a/pkgs/development/python-modules/gdown/default.nix
+++ b/pkgs/development/python-modules/gdown/default.nix
@@ -1,6 +1,6 @@
{ lib
, beautifulsoup4
-, buildPythonApplication
+, buildPythonPackage
, fetchPypi
, filelock
, requests
@@ -9,7 +9,7 @@
, six
}:
-buildPythonApplication rec {
+buildPythonPackage rec {
pname = "gdown";
version = "4.5.1";
format = "setuptools";
diff --git a/pkgs/development/python-modules/gprof2dot/default.nix b/pkgs/development/python-modules/gprof2dot/default.nix
index 4eb3a79e5e87c..1536c5fcbdb36 100644
--- a/pkgs/development/python-modules/gprof2dot/default.nix
+++ b/pkgs/development/python-modules/gprof2dot/default.nix
@@ -1,13 +1,14 @@
{ lib
, fetchFromGitHub
-, buildPythonApplication
+, buildPythonPackage
, python
, graphviz
}:
-buildPythonApplication rec {
+buildPythonPackage rec {
pname = "gprof2dot";
version = "2021.02.21";
+ format = "setuptools";
src = fetchFromGitHub {
owner = "jrfonseca";
@@ -36,6 +37,6 @@ buildPythonApplication rec {
homepage = "https://github.com/jrfonseca/gprof2dot";
description = "Python script to convert the output from many profilers into a dot graph";
license = licenses.lgpl3Plus;
- maintainers = [ maintainers.pmiddend ];
+ maintainers = with maintainers; [ pmiddend ];
};
}
diff --git a/pkgs/development/python-modules/griffe/default.nix b/pkgs/development/python-modules/griffe/default.nix
index f7e9fd75855fd..43191ca0b8924 100644
--- a/pkgs/development/python-modules/griffe/default.nix
+++ b/pkgs/development/python-modules/griffe/default.nix
@@ -1,6 +1,6 @@
{ lib
, aiofiles
-, buildPythonApplication
+, buildPythonPackage
, cached-property
, fetchFromGitHub
, git
@@ -9,7 +9,7 @@
, pythonOlder
}:
-buildPythonApplication rec {
+buildPythonPackage rec {
pname = "griffe";
version = "0.22.0";
format = "pyproject";
diff --git a/pkgs/development/python-modules/iso8601/default.nix b/pkgs/development/python-modules/iso8601/default.nix
index 14cef7c62a8c0..e189e3778bc84 100644
--- a/pkgs/development/python-modules/iso8601/default.nix
+++ b/pkgs/development/python-modules/iso8601/default.nix
@@ -10,14 +10,14 @@
buildPythonPackage rec {
pname = "iso8601";
- version = "1.0.2";
+ version = "1.1.0";
format = "pyproject";
- disabled = pythonOlder "3.6";
+ disabled = pythonOlder "3.7";
src = fetchPypi {
inherit pname version;
- sha256 = "sha256-J/UDIg5oRdnblU+yErlbA2LYt+bBsjJqhwYcPek1lLE=";
+ hash = "sha256-MoEee4He7iBj6m0ulPiBmobR84EeSdI2I6QfqDK+8D8=";
};
nativeBuildInputs = [
diff --git a/pkgs/development/python-modules/jsbeautifier/default.nix b/pkgs/development/python-modules/jsbeautifier/default.nix
index 242b282d4dd2d..62ca71d52fdab 100644
--- a/pkgs/development/python-modules/jsbeautifier/default.nix
+++ b/pkgs/development/python-modules/jsbeautifier/default.nix
@@ -1,13 +1,13 @@
{ lib
, fetchPypi
-, buildPythonApplication
+, buildPythonPackage
, editorconfig
, pytestCheckHook
, pythonOlder
, six
}:
-buildPythonApplication rec {
+buildPythonPackage rec {
pname = "jsbeautifier";
version = "1.14.6";
format = "setuptools";
diff --git a/pkgs/development/python-modules/language-data/default.nix b/pkgs/development/python-modules/language-data/default.nix
index 803df3abaea59..ff04b036dc05c 100644
--- a/pkgs/development/python-modules/language-data/default.nix
+++ b/pkgs/development/python-modules/language-data/default.nix
@@ -1,5 +1,5 @@
{ lib
-, buildPythonApplication
+, buildPythonPackage
, fetchFromGitHub
, marisa-trie
, poetry-core
@@ -7,7 +7,7 @@
, setuptools
}:
-buildPythonApplication rec {
+buildPythonPackage rec {
pname = "language-data";
version = "1.0.1";
format = "pyproject";
diff --git a/pkgs/development/python-modules/mkdocs-autorefs/default.nix b/pkgs/development/python-modules/mkdocs-autorefs/default.nix
index ea1dffdf0db02..dd88bd332e0e8 100644
--- a/pkgs/development/python-modules/mkdocs-autorefs/default.nix
+++ b/pkgs/development/python-modules/mkdocs-autorefs/default.nix
@@ -1,5 +1,5 @@
{ lib
-, buildPythonApplication
+, buildPythonPackage
, fetchFromGitHub
, markdown
, mkdocs
@@ -8,7 +8,7 @@
, pythonOlder
}:
-buildPythonApplication rec {
+buildPythonPackage rec {
pname = "mkdocs-autorefs";
version = "0.4.1";
format = "pyproject";
diff --git a/pkgs/development/python-modules/mkdocs-material/default.nix b/pkgs/development/python-modules/mkdocs-material/default.nix
index f58bbf2e69d63..d82c1a654362e 100644
--- a/pkgs/development/python-modules/mkdocs-material/default.nix
+++ b/pkgs/development/python-modules/mkdocs-material/default.nix
@@ -1,6 +1,6 @@
{ lib
, callPackage
-, buildPythonApplication
+, buildPythonPackage
, fetchFromGitHub
, jinja2
, markdown
@@ -11,7 +11,7 @@
, pythonOlder
}:
-buildPythonApplication rec {
+buildPythonPackage rec {
pname = "mkdocs-material";
version = "8.4.3";
format = "setuptools";
diff --git a/pkgs/development/python-modules/mkdocs-minify/default.nix b/pkgs/development/python-modules/mkdocs-minify/default.nix
index 0beeb51641600..ee6765d31751d 100644
--- a/pkgs/development/python-modules/mkdocs-minify/default.nix
+++ b/pkgs/development/python-modules/mkdocs-minify/default.nix
@@ -1,14 +1,15 @@
{ lib
, callPackage
-, buildPythonApplication
+, buildPythonPackage
, fetchFromGitHub
, mkdocs
, csscompressor
, htmlmin
, jsmin
+, pytestCheckHook
}:
-buildPythonApplication rec {
+buildPythonPackage rec {
pname = "mkdocs-minify";
version = "0.5.0";
@@ -26,6 +27,11 @@ buildPythonApplication rec {
mkdocs
];
+ checkInputs = [
+ mkdocs
+ pytestCheckHook
+ ];
+
pythonImportsCheck = [ "mkdocs" ];
meta = with lib; {
diff --git a/pkgs/development/python-modules/mkdocs-redirects/default.nix b/pkgs/development/python-modules/mkdocs-redirects/default.nix
index 94bf504a76b67..9394692fc5cfe 100644
--- a/pkgs/development/python-modules/mkdocs-redirects/default.nix
+++ b/pkgs/development/python-modules/mkdocs-redirects/default.nix
@@ -1,11 +1,12 @@
{ lib
, callPackage
-, buildPythonApplication
+, buildPythonPackage
, fetchFromGitHub
, mkdocs
+, pytestCheckHook
}:
-buildPythonApplication rec {
+buildPythonPackage rec {
pname = "mkdocs-redirects";
version = "1.2.0";
@@ -20,7 +21,13 @@ buildPythonApplication rec {
mkdocs
];
- pythonImportsCheck = [ "mkdocs" ];
+ checkInputs = [
+ pytestCheckHook
+ ];
+
+ pythonImportsCheck = [
+ "mkdocs_redirects"
+ ];
meta = with lib; {
description = "Open source plugin for Mkdocs page redirects";
diff --git a/pkgs/development/python-modules/mkdocstrings-python/default.nix b/pkgs/development/python-modules/mkdocstrings-python/default.nix
index 4e10c4287d8cb..58ead57744960 100644
--- a/pkgs/development/python-modules/mkdocstrings-python/default.nix
+++ b/pkgs/development/python-modules/mkdocstrings-python/default.nix
@@ -1,5 +1,5 @@
{ lib
-, buildPythonApplication
+, buildPythonPackage
, fetchFromGitHub
, griffe
, mkdocs-material
@@ -9,7 +9,7 @@
, pythonOlder
}:
-buildPythonApplication rec {
+buildPythonPackage rec {
pname = "mkdocstrings-python";
version = "0.7.1";
format = "pyproject";
diff --git a/pkgs/development/python-modules/mkdocstrings/default.nix b/pkgs/development/python-modules/mkdocstrings/default.nix
index b151727a8fbd3..5d20ea1a6e97b 100644
--- a/pkgs/development/python-modules/mkdocstrings/default.nix
+++ b/pkgs/development/python-modules/mkdocstrings/default.nix
@@ -1,5 +1,5 @@
{ lib
-, buildPythonApplication
+, buildPythonPackage
, fetchFromGitHub
, jinja2
, markdown
@@ -12,7 +12,7 @@
, pythonOlder
}:
-buildPythonApplication rec {
+buildPythonPackage rec {
pname = "mkdocstrings";
version = "0.19.0";
format = "pyproject";
diff --git a/pkgs/development/python-modules/mypy-protobuf/default.nix b/pkgs/development/python-modules/mypy-protobuf/default.nix
index 007fd2fd015f2..c63910abc56c0 100644
--- a/pkgs/development/python-modules/mypy-protobuf/default.nix
+++ b/pkgs/development/python-modules/mypy-protobuf/default.nix
@@ -1,6 +1,14 @@
-{ lib, fetchPypi, buildPythonApplication, protobuf, types-protobuf, grpcio-tools, pythonOlder }:
+{ lib
+, fetchPypi
+, buildPythonPackage
+, protobuf
+, types-protobuf
+, grpcio-tools
+, pytestCheckHook
+, pythonOlder
+}:
-buildPythonApplication rec {
+buildPythonPackage rec {
pname = "mypy-protobuf";
version = "3.3.0";
format = "pyproject";
@@ -12,7 +20,21 @@ buildPythonApplication rec {
sha256 = "sha256-JPOwrssGZW6YP1jgfHMqkFd7nXrz4QZvwrZju/A3Akg=";
};
- propagatedBuildInputs = [ protobuf types-protobuf grpcio-tools ];
+ propagatedBuildInputs = [
+ protobuf
+ types-protobuf
+ grpcio-tools
+ ];
+
+ doCheck = false; # ModuleNotFoundError: No module named 'testproto'
+
+ checkInputs = [
+ pytestCheckHook
+ ];
+
+ pythonImportsCheck = [
+ "mypy_protobuf"
+ ];
meta = with lib; {
description = "Generate mypy stub files from protobuf specs";
diff --git a/pkgs/development/python-modules/phonemizer/default.nix b/pkgs/development/python-modules/phonemizer/default.nix
index 550a4fefd25a5..38e5f8533eb32 100644
--- a/pkgs/development/python-modules/phonemizer/default.nix
+++ b/pkgs/development/python-modules/phonemizer/default.nix
@@ -1,7 +1,7 @@
{ lib
, stdenv
, substituteAll
-, buildPythonApplication
+, buildPythonPackage
, fetchPypi
, joblib
, segments
@@ -13,17 +13,18 @@
, pytest-cov
}:
-buildPythonApplication rec {
+buildPythonPackage rec {
pname = "phonemizer";
version = "3.2.1";
+ format = "setuptools";
src = fetchPypi {
inherit pname version;
- sha256 = "sha256-Bo+F+FqKmtxjijeHrqyvcaU+R1eLEtdzwJdDNQDNiSs=";
+ hash = "sha256-Bo+F+FqKmtxjijeHrqyvcaU+R1eLEtdzwJdDNQDNiSs=";
};
postPatch = ''
- sed -i -e '/\'pytest-runner\'/d setup.py
+ sed -i '/pytest-runner/d setup.py
'';
patches = [
diff --git a/pkgs/development/python-modules/pillow-simd/default.nix b/pkgs/development/python-modules/pillow-simd/default.nix
index e856c2f578528..b39a86a7fbfcc 100644
--- a/pkgs/development/python-modules/pillow-simd/default.nix
+++ b/pkgs/development/python-modules/pillow-simd/default.nix
@@ -1,5 +1,5 @@
{ lib, stdenv, buildPythonPackage, fetchFromGitHub, isPyPy, isPy3k
-, olefile, freetype, libjpeg, zlib, libtiff, libwebp, tcl, lcms2
+, olefile, freetype, libjpeg, zlib, libtiff, libwebp, libxcrypt, tcl, lcms2
, libxcb, tk, libX11, openjpeg, libimagequant, pyroma, numpy, defusedxml
, pytestCheckHook
}@args:
diff --git a/pkgs/development/python-modules/pillow/default.nix b/pkgs/development/python-modules/pillow/default.nix
index 017069a7dd2d4..6e50be53f99d0 100644
--- a/pkgs/development/python-modules/pillow/default.nix
+++ b/pkgs/development/python-modules/pillow/default.nix
@@ -4,7 +4,7 @@
, pythonOlder
, fetchPypi
, isPyPy
-, defusedxml, olefile, freetype, libjpeg, zlib, libtiff, libwebp, tcl, lcms2, tk, libX11
+, defusedxml, olefile, freetype, libjpeg, zlib, libtiff, libwebp, libxcrypt, tcl, lcms2, tk, libX11
, libxcb, openjpeg, libimagequant, pyroma, numpy, pytestCheckHook
# for passthru.tests
, imageio, matplotlib, pilkit, pydicom, reportlab
diff --git a/pkgs/development/python-modules/pillow/generic.nix b/pkgs/development/python-modules/pillow/generic.nix
index ec4f052638206..54f730751076e 100644
--- a/pkgs/development/python-modules/pillow/generic.nix
+++ b/pkgs/development/python-modules/pillow/generic.nix
@@ -38,7 +38,7 @@ buildPythonPackage rec {
checkInputs = [ pytestCheckHook pyroma numpy ];
- buildInputs = [ freetype libjpeg openjpeg libimagequant zlib libtiff libwebp tcl lcms2 ]
+ buildInputs = [ freetype libjpeg openjpeg libimagequant zlib libtiff libwebp libxcrypt tcl lcms2 ]
++ lib.optionals (lib.versionAtLeast version "7.1.0") [ libxcb ]
++ lib.optionals (isPyPy) [ tk libX11 ];
diff --git a/pkgs/development/python-modules/poetry-core/default.nix b/pkgs/development/python-modules/poetry-core/default.nix
index 737985ece249f..b009ec945724e 100644
--- a/pkgs/development/python-modules/poetry-core/default.nix
+++ b/pkgs/development/python-modules/poetry-core/default.nix
@@ -15,15 +15,16 @@
buildPythonPackage rec {
pname = "poetry-core";
- version = "1.1.0";
+ version = "1.2.0";
format = "pyproject";
+
disabled = pythonOlder "3.7";
src = fetchFromGitHub {
owner = "python-poetry";
repo = pname;
rev = version;
- sha256 = "sha256-WUgBrO9h1E7N2SVFD47UPv39DMx1yQviV5tcNPmR+/g=";
+ hash = "sha256-d/VhnG+6qabgLMb8ki46R9+lpCwZNlS8QpM8u3VYmWs=";
};
propagatedBuildInputs = lib.optionals (pythonOlder "3.8") [
@@ -41,13 +42,20 @@ buildPythonPackage rec {
virtualenv
];
- # requires git history to work correctly
- disabledTests = [ "default_with_excluded_data" "default_src_with_excluded_data" ];
+ # Requires git history to work correctly
+ disabledTests = [
+ "default_with_excluded_data"
+ "default_src_with_excluded_data"
+ ];
- pythonImportsCheck = [ "poetry.core" ];
+ pythonImportsCheck = [
+ "poetry.core"
+ ];
- # allow for package to use pep420's native namespaces
- pythonNamespaces = [ "poetry" ];
+ # Allow for package to use pep420's native namespaces
+ pythonNamespaces = [
+ "poetry"
+ ];
meta = with lib; {
description = "Core utilities for Poetry";
diff --git a/pkgs/development/python-modules/pypass/default.nix b/pkgs/development/python-modules/pypass/default.nix
index 85d6c9d49bb0a..f70e40029992e 100644
--- a/pkgs/development/python-modules/pypass/default.nix
+++ b/pkgs/development/python-modules/pypass/default.nix
@@ -18,10 +18,8 @@
, xclip
}:
-# NOTE: pypass can also be used as an application, but probably the most
-# important usecase is as a library. So, let's use buildPythonPackage and
-# support any Python version instead of defining it as an application with
-# buildPythonApplication.
+# Use the `pypass` top-level attribute, if you're interested in the
+# application
buildPythonPackage rec {
pname = "pypass";
version = "0.2.1";
diff --git a/pkgs/development/python-modules/pytest-xdist/setup-hook.sh b/pkgs/development/python-modules/pytest-xdist/setup-hook.sh
index 5523a7f360f5f..61d0f64d1a4da 100644
--- a/pkgs/development/python-modules/pytest-xdist/setup-hook.sh
+++ b/pkgs/development/python-modules/pytest-xdist/setup-hook.sh
@@ -3,6 +3,14 @@ pytestXdistHook() {
"--numprocesses=$NIX_BUILD_CORES"
"--forked"
)
+
+ # Using --forked on darwin leads to crashes when fork safety is
+ # enabled. This often happens when urllib tries to request proxy
+ # settings on MacOS through `urllib.request.getproxies()`
+ # - https://github.com/python/cpython/issues/77906
+ if [[ "$OSTYPE" == "darwin"* ]]; then
+ export OBJC_DISABLE_INITIALIZE_FORK_SAFETY=YES
+ fi
}
# the flags should be added before pytestCheckHook runs so
diff --git a/pkgs/development/python-modules/python-glanceclient/default.nix b/pkgs/development/python-modules/python-glanceclient/default.nix
index 4f63cca8a8b10..390aad8b55cd5 100644
--- a/pkgs/development/python-modules/python-glanceclient/default.nix
+++ b/pkgs/development/python-modules/python-glanceclient/default.nix
@@ -1,5 +1,5 @@
{ lib
-, buildPythonApplication
+, buildPythonPackage
, fetchPypi
, coreutils
, pbr
@@ -18,7 +18,7 @@
, requests-mock
}:
-buildPythonApplication rec {
+buildPythonPackage rec {
pname = "python-glanceclient";
version = "4.1.0";
format = "setuptools";
diff --git a/pkgs/development/python-modules/python-heatclient/default.nix b/pkgs/development/python-modules/python-heatclient/default.nix
index c51c222dd6fa9..df1fc0dc45970 100644
--- a/pkgs/development/python-modules/python-heatclient/default.nix
+++ b/pkgs/development/python-modules/python-heatclient/default.nix
@@ -1,6 +1,6 @@
{ lib
, babel
-, buildPythonApplication
+, buildPythonPackage
, cliff
, fetchPypi
, iso8601
@@ -20,7 +20,7 @@
, testscenarios
}:
-buildPythonApplication rec {
+buildPythonPackage rec {
pname = "python-heatclient";
version = "3.1.0";
format = "setuptools";
diff --git a/pkgs/development/python-modules/python-ironicclient/default.nix b/pkgs/development/python-modules/python-ironicclient/default.nix
index 5f0f1d8dea532..bf41e95739e9c 100644
--- a/pkgs/development/python-modules/python-ironicclient/default.nix
+++ b/pkgs/development/python-modules/python-ironicclient/default.nix
@@ -1,5 +1,5 @@
{ lib
-, buildPythonApplication
+, buildPythonPackage
, fetchPypi
, pbr
, appdirs
@@ -18,7 +18,7 @@
, oslotest
}:
-buildPythonApplication rec {
+buildPythonPackage rec {
pname = "python-ironicclient";
version = "5.0.1";
diff --git a/pkgs/development/python-modules/python-manilaclient/default.nix b/pkgs/development/python-modules/python-manilaclient/default.nix
index 9a9e01ff4be75..301ce42f0c776 100644
--- a/pkgs/development/python-modules/python-manilaclient/default.nix
+++ b/pkgs/development/python-modules/python-manilaclient/default.nix
@@ -1,5 +1,5 @@
{ lib
-, buildPythonApplication
+, buildPythonPackage
, fetchPypi
, installShellFiles
, pbr
@@ -21,7 +21,7 @@
, pythonOlder
}:
-buildPythonApplication rec {
+buildPythonPackage rec {
pname = "python-manilaclient";
version = "4.1.0";
format = "setuptools";
diff --git a/pkgs/development/python-modules/python-swiftclient/default.nix b/pkgs/development/python-modules/python-swiftclient/default.nix
index 3329753d63342..f5a15a34f0ca5 100644
--- a/pkgs/development/python-modules/python-swiftclient/default.nix
+++ b/pkgs/development/python-modules/python-swiftclient/default.nix
@@ -1,5 +1,5 @@
{ lib
-, buildPythonApplication
+, buildPythonPackage
, fetchPypi
, installShellFiles
, mock
@@ -10,7 +10,7 @@
, stestr
}:
-buildPythonApplication rec {
+buildPythonPackage rec {
pname = "python-swiftclient";
version = "4.1.0";
format = "setuptools";
diff --git a/pkgs/development/python-modules/remarshal/default.nix b/pkgs/development/python-modules/remarshal/default.nix
index 99c868eb0b804..2b7a20a2dd004 100644
--- a/pkgs/development/python-modules/remarshal/default.nix
+++ b/pkgs/development/python-modules/remarshal/default.nix
@@ -1,5 +1,5 @@
{ lib
-, buildPythonApplication
+, buildPythonPackage
, fetchFromGitHub
# build deps
@@ -16,7 +16,7 @@
, pytestCheckHook
}:
-buildPythonApplication rec {
+buildPythonPackage rec {
pname = "remarshal";
version = "0.14.0";
format = "pyproject";
diff --git a/pkgs/development/python-modules/rfc-bibtex/default.nix b/pkgs/development/python-modules/rfc-bibtex/default.nix
deleted file mode 100644
index b9b7cdb76c4f3..0000000000000
--- a/pkgs/development/python-modules/rfc-bibtex/default.nix
+++ /dev/null
@@ -1,20 +0,0 @@
-{ lib, buildPythonApplication, fetchPypi, isPy3k }:
-
-buildPythonApplication rec {
- pname = "rfc-bibtex";
- version = "0.3.2";
-
- src = fetchPypi {
- inherit pname version;
- sha256 = "60419a2043ef37ac2438f3eae7a3207d0a4cb2dd56ab21697f874a35ee52927f";
- };
-
- disabled = !isPy3k;
-
- meta = with lib; {
- homepage = "https://github.com/iluxonchik/rfc-bibtex/";
- description = "Generate Bibtex entries for IETF RFCs and Internet-Drafts";
- license = licenses.mit;
- maintainers = with maintainers; [ teto ];
- };
-}
diff --git a/pkgs/development/python-modules/scipy/default.nix b/pkgs/development/python-modules/scipy/default.nix
index aa578d21d257e..e791454b9018f 100644
--- a/pkgs/development/python-modules/scipy/default.nix
+++ b/pkgs/development/python-modules/scipy/default.nix
@@ -54,6 +54,7 @@ buildPythonPackage rec {
checkPhase = ''
runHook preCheck
pushd "$out"
+ export OMP_NUM_THREADS=$(( $NIX_BUILD_CORES / 4 ))
${python.interpreter} -c "import scipy; scipy.test('fast', verbose=10, parallel=$NIX_BUILD_CORES)"
popd
runHook postCheck
diff --git a/pkgs/development/python-modules/screeninfo/default.nix b/pkgs/development/python-modules/screeninfo/default.nix
index f67d68b0ddddf..574d3159494ac 100644
--- a/pkgs/development/python-modules/screeninfo/default.nix
+++ b/pkgs/development/python-modules/screeninfo/default.nix
@@ -1,6 +1,6 @@
{ stdenv
, lib
-, buildPythonApplication
+, buildPythonPackage
, dataclasses
, fetchFromGitHub
, libX11
@@ -11,7 +11,7 @@
, pythonOlder
}:
-buildPythonApplication rec {
+buildPythonPackage rec {
pname = "screeninfo";
version = "0.8.1";
format = "pyproject";
diff --git a/pkgs/development/python-modules/sybil/default.nix b/pkgs/development/python-modules/sybil/default.nix
index 41baf697fff36..2667f0af54647 100644
--- a/pkgs/development/python-modules/sybil/default.nix
+++ b/pkgs/development/python-modules/sybil/default.nix
@@ -1,11 +1,11 @@
{ lib
-, buildPythonApplication
+, buildPythonPackage
, fetchPypi
, pytestCheckHook
, pythonOlder
}:
-buildPythonApplication rec {
+buildPythonPackage rec {
pname = "sybil";
version = "3.0.1";
format = "setuptools";
diff --git a/pkgs/development/python-modules/tempest/default.nix b/pkgs/development/python-modules/tempest/default.nix
index 7f50fc8f30231..654c8a9e2ab0b 100644
--- a/pkgs/development/python-modules/tempest/default.nix
+++ b/pkgs/development/python-modules/tempest/default.nix
@@ -1,5 +1,5 @@
{ lib
-, buildPythonApplication
+, buildPythonPackage
, fetchPypi
, pbr
, cliff
@@ -26,7 +26,7 @@
, python
}:
-buildPythonApplication rec {
+buildPythonPackage rec {
pname = "tempest";
version = "32.0.0";
diff --git a/pkgs/development/python-modules/twisted/default.nix b/pkgs/development/python-modules/twisted/default.nix
index fa6c4726222c9..fae5ef8cf1039 100644
--- a/pkgs/development/python-modules/twisted/default.nix
+++ b/pkgs/development/python-modules/twisted/default.nix
@@ -97,6 +97,9 @@ buildPythonPackage rec {
echo 'MulticastTests.test_multicast.skip = "Reactor was unclean"'>> src/twisted/test/test_udp.py
echo 'MulticastTests.test_multiListen.skip = "No such device"'>> src/twisted/test/test_udp.py
+ # fails since migrating to libxcrypt
+ echo 'HelperTests.test_refuteCryptedPassword.skip = "OSError: Invalid argument"' >> src/twisted/conch/test/test_checkers.py
+
# not packaged
substituteInPlace src/twisted/test/test_failure.py \
--replace "from cython_test_exception_raiser import raiser # type: ignore[import]" "raiser = None"
diff --git a/pkgs/development/python-modules/yolk/default.nix b/pkgs/development/python-modules/yolk/default.nix
deleted file mode 100644
index d241e3f8edc03..0000000000000
--- a/pkgs/development/python-modules/yolk/default.nix
+++ /dev/null
@@ -1,23 +0,0 @@
-{ lib, fetchurl, buildPythonApplication, pythonPackages }:
-
-with lib;
-
-buildPythonApplication rec {
- pname = "yolk";
- version = "0.4.3";
-
- src = fetchurl {
- url = "mirror://pypi/y/yolk/yolk-${version}.tar.gz";
- sha256 = "1f6xwx210jnl5nq0m3agh2p1cxmaizawaf3fwq43q4yw050fn1qw";
- };
-
- buildInputs = with pythonPackages; [ nose ];
-
- meta = {
- description = "Command-line tool for querying PyPI and Python packages installed on your system";
- homepage = "https://github.com/cakebread/yolk";
- maintainers = with maintainers; [];
- license = licenses.bsd3;
- };
-}
-
diff --git a/pkgs/development/ruby-modules/bundler-app/default.nix b/pkgs/development/ruby-modules/bundler-app/default.nix
index 826ce9e59379c..5bb9e47cf5a68 100644
--- a/pkgs/development/ruby-modules/bundler-app/default.nix
+++ b/pkgs/development/ruby-modules/bundler-app/default.nix
@@ -35,7 +35,9 @@
}@args:
let
- basicEnv = (callPackage ../bundled-common {}) args;
+ basicEnv = (callPackage ../bundled-common {
+ inherit ruby;
+ }) args;
cmdArgs = removeAttrs args [ "pname" "postBuild" "gemConfig" "passthru" "gemset" "gemdir" ] // {
inherit preferLocalBuild allowSubstitutes; # pass the defaults
diff --git a/pkgs/development/ruby-modules/bundler/default.nix b/pkgs/development/ruby-modules/bundler/default.nix
index 4961173658ed0..13848a602dcfb 100644
--- a/pkgs/development/ruby-modules/bundler/default.nix
+++ b/pkgs/development/ruby-modules/bundler/default.nix
@@ -4,8 +4,8 @@ buildRubyGem rec {
inherit ruby;
name = "${gemName}-${version}";
gemName = "bundler";
- version = "2.3.22";
- source.sha256 = "sha256-vOfZB6poOsiYPULaGhUXD9aSxlBGeK2ghF70ouz0IJ4=";
+ version = "2.3.23";
+ source.sha256 = "sha256-xYrUhtzNfN3X9r8GqGj9d1aeZkcPozFrk/2c9oVkKx8=";
dontPatchShebangs = true;
passthru.updateScript = writeScript "gem-update-script" ''
diff --git a/pkgs/development/python-modules/codespell/default.nix b/pkgs/development/tools/codespell/default.nix
similarity index 82%
rename from pkgs/development/python-modules/codespell/default.nix
rename to pkgs/development/tools/codespell/default.nix
index e8be4644910c8..07b1b4c96c3e7 100644
--- a/pkgs/development/python-modules/codespell/default.nix
+++ b/pkgs/development/tools/codespell/default.nix
@@ -1,8 +1,13 @@
-{ lib, buildPythonApplication, fetchFromGitHub, pytestCheckHook, pytest-dependency, aspell-python, aspellDicts, chardet }:
+{ lib
+, fetchFromGitHub
+, aspellDicts
+, python3
+}:
-buildPythonApplication rec {
+python3.pkgs.buildPythonApplication rec {
pname = "codespell";
version = "2.2.1";
+ format = "setuptools";
src = fetchFromGitHub {
owner = "codespell-project";
@@ -17,7 +22,12 @@ buildPythonApplication rec {
--replace "--cov-report=" ""
'';
- checkInputs = [ aspell-python chardet pytestCheckHook pytest-dependency ];
+ checkInputs = with python3.pkgs; [
+ aspell-python
+ chardet
+ pytestCheckHook
+ pytest-dependency
+ ];
preCheck = ''
export ASPELL_CONF="dict-dir ${aspellDicts.en}/lib/aspell"
diff --git a/pkgs/development/tools/libsigrokdecode/default.nix b/pkgs/development/tools/libsigrokdecode/default.nix
index 06b5f5c35bbad..672dddfc5ca22 100644
--- a/pkgs/development/tools/libsigrokdecode/default.nix
+++ b/pkgs/development/tools/libsigrokdecode/default.nix
@@ -1,4 +1,4 @@
-{ lib, stdenv, fetchurl, pkg-config, glib, python3, check }:
+{ lib, stdenv, fetchurl, pkg-config, glib, python3, check, libxcrypt }:
stdenv.mkDerivation rec {
pname = "libsigrokdecode";
@@ -10,7 +10,7 @@ stdenv.mkDerivation rec {
};
nativeBuildInputs = [ pkg-config ];
- buildInputs = [ glib python3 ];
+ buildInputs = [ glib python3 libxcrypt ];
checkInputs = [ check ];
doCheck = true;
diff --git a/pkgs/development/tools/misc/luarocks/default.nix b/pkgs/development/tools/misc/luarocks/default.nix
index 01b0f39567eb6..da61e1f8a41d0 100644
--- a/pkgs/development/tools/misc/luarocks/default.nix
+++ b/pkgs/development/tools/misc/luarocks/default.nix
@@ -1,23 +1,30 @@
-{lib, stdenv, fetchFromGitHub, buildPackages
+{ lib
+, stdenv
+, fetchFromGitHub
, fetchpatch
-, curl, makeWrapper, which, unzip
+, curl
+, makeWrapper
+, which
+, unzip
, lua
-# for 'luarocks pack'
+, file
+, nix-prefetch-git
+ # for 'luarocks pack'
, zip
, nix-update-script
-# some packages need to be compiled with cmake
+ # some packages need to be compiled with cmake
, cmake
, installShellFiles
}:
-stdenv.mkDerivation rec {
+stdenv.mkDerivation (self: {
pname = "luarocks";
version = "3.9.1";
src = fetchFromGitHub {
owner = "luarocks";
repo = "luarocks";
- rev = "v${version}";
+ rev = "v${self.version}";
sha256 = "sha256-G6HDap3pspeQtGDBq+ukN7kftDaT/CozMVdYM60F6HI=";
};
@@ -67,12 +74,16 @@ stdenv.mkDerivation rec {
--suffix LUA_PATH ";" "$(echo "$out"/share/lua/*/)?.lua" \
--suffix LUA_PATH ";" "$(echo "$out"/share/lua/*/)?/init.lua" \
--suffix LUA_CPATH ";" "$(echo "$out"/lib/lua/*/)?.so" \
- --suffix LUA_CPATH ";" "$(echo "$out"/share/lua/*/)?/init.lua"
+ --suffix LUA_CPATH ";" "$(echo "$out"/share/lua/*/)?/init.lua" \
+ --suffix PATH : ${lib.makeBinPath ([ unzip ] ++
+ lib.optionals (self.pname == "luarocks-nix") [ file nix-prefetch-git ])}
}
done
'' + lib.optionalString (stdenv.buildPlatform.canExecute stdenv.hostPlatform) ''
- installShellCompletion --cmd luarocks --bash <($out/bin/luarocks completion bash)
- installShellCompletion --cmd luarocks --zsh <($out/bin/luarocks completion zsh)
+ installShellCompletion --cmd luarocks \
+ --bash <($out/bin/luarocks completion bash) \
+ --fish <($out/bin/luarocks completion fish) \
+ --zsh <($out/bin/luarocks completion zsh)
'';
propagatedBuildInputs = [ zip unzip cmake ];
@@ -94,15 +105,15 @@ stdenv.mkDerivation rec {
passthru = {
updateScript = nix-update-script {
- attrPath = pname;
+ attrPath = self.pname;
};
};
meta = with lib; {
description = "A package manager for Lua";
- license = licenses.mit ;
- maintainers = with maintainers; [raskin teto];
+ license = licenses.mit;
+ maintainers = with maintainers; [ raskin teto ];
platforms = platforms.linux ++ platforms.darwin;
downloadPage = "http://luarocks.org/releases/";
};
-}
+})
diff --git a/pkgs/development/tools/misc/texinfo/common.nix b/pkgs/development/tools/misc/texinfo/common.nix
index df3b12ea5b688..036e992e97316 100644
--- a/pkgs/development/tools/misc/texinfo/common.nix
+++ b/pkgs/development/tools/misc/texinfo/common.nix
@@ -58,7 +58,7 @@ stdenv.mkDerivation {
&& !stdenv.isDarwin
&& !stdenv.isSunOS; # flaky
- checkFlagsArray = [
+ checkFlags = lib.optionals (!stdenv.hostPlatform.isMusl) [
# Test is known to fail on various locales on texinfo-6.8:
# https://lists.gnu.org/r/bug-texinfo/2021-07/msg00012.html
"XFAIL_TESTS=test_scripts/layout_formatting_fr_icons.sh"
diff --git a/pkgs/development/python-modules/mutmut/default.nix b/pkgs/development/tools/mutmut/default.nix
similarity index 86%
rename from pkgs/development/python-modules/mutmut/default.nix
rename to pkgs/development/tools/mutmut/default.nix
index 626c768f2a81c..4b40930c646d1 100644
--- a/pkgs/development/python-modules/mutmut/default.nix
+++ b/pkgs/development/tools/mutmut/default.nix
@@ -1,16 +1,9 @@
{ lib
, fetchFromGitHub
-, buildPythonApplication
-, click
-, glob2
-, parso
-, pony
-, junit-xml
-, pythonOlder
-, testers
+, python3
}:
-let self = buildPythonApplication rec {
+let self = with python3.pkgs; buildPythonApplication rec {
pname = "mutmut";
version = "2.2.0";
diff --git a/pkgs/development/web/nodejs/bypass-darwin-xcrun-node16.patch b/pkgs/development/web/nodejs/bypass-darwin-xcrun-node16.patch
new file mode 100644
index 0000000000000..e86fcc4d2973d
--- /dev/null
+++ b/pkgs/development/web/nodejs/bypass-darwin-xcrun-node16.patch
@@ -0,0 +1,41 @@
+Avoids needing xcrun or xcodebuild in PATH for native package builds
+
+diff --git a/deps/npm/node_modules/node-gyp/gyp/pylib/gyp/xcode_emulation.py b/deps/npm/node_modules/node-gyp/gyp/pylib/gyp/xcode_emulation.py
+index a75d8ee..476440d 100644
+--- a/deps/npm/node_modules/node-gyp/gyp/pylib/gyp/xcode_emulation.py
++++ b/deps/npm/node_modules/node-gyp/gyp/pylib/gyp/xcode_emulation.py
+@@ -522,7 +522,13 @@ class XcodeSettings:
+ # Since the CLT has no SDK paths anyway, returning None is the
+ # most sensible route and should still do the right thing.
+ try:
+- return GetStdoutQuiet(["xcrun", "--sdk", sdk, infoitem])
++ #return GetStdoutQuiet(["xcrun", "--sdk", sdk, infoitem])
++ return {
++ "--show-sdk-platform-path": "/Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform",
++ "--show-sdk-path": "/Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.15.sdk",
++ "--show-sdk-build-version": "19A547",
++ "--show-sdk-version": "10.15"
++ }[infoitem]
+ except GypError:
+ pass
+
+@@ -1499,7 +1505,8 @@ def XcodeVersion():
+ version = ""
+ build = ""
+ try:
+- version_list = GetStdoutQuiet(["xcodebuild", "-version"]).splitlines()
++ #version_list = GetStdoutQuiet(["xcodebuild", "-version"]).splitlines()
++ version_list = []
+ # In some circumstances xcodebuild exits 0 but doesn't return
+ # the right results; for example, a user on 10.7 or 10.8 with
+ # a bogus path set via xcode-select
+@@ -1510,7 +1517,8 @@ def XcodeVersion():
+ version = version_list[0].split()[-1] # Last word on first line
+ build = version_list[-1].split()[-1] # Last word on last line
+ except GypError: # Xcode not installed so look for XCode Command Line Tools
+- version = CLTVersion() # macOS Catalina returns 11.0.0.0.1.1567737322
++ #version = CLTVersion() # macOS Catalina returns 11.0.0.0.1.1567737322
++ version = "11.0.0.0.1.1567737322"
+ if not version:
+ raise GypError("No Xcode or CLT version detected!")
+ # Be careful to convert "4.2.3" to "0423" and "11.0.0" to "1100":
diff --git a/pkgs/development/web/nodejs/nodejs.nix b/pkgs/development/web/nodejs/nodejs.nix
index ab9a8b95d1a04..6d9a3392a7a92 100644
--- a/pkgs/development/web/nodejs/nodejs.nix
+++ b/pkgs/development/web/nodejs/nodejs.nix
@@ -123,7 +123,6 @@ let
--replace "/usr/bin/env" "${coreutils}/bin/env"
done
'' + optionalString stdenv.isDarwin ''
- sed -i 's/raise.*No Xcode or CLT version detected.*/version = "7.0.0"/' tools/gyp/pylib/gyp/xcode_emulation.py
sed -i -e "s|tr1/type_traits|type_traits|g" \
-e "s|std::tr1|std|" src/util.h
'';
@@ -176,8 +175,6 @@ let
Libs: -L$libv8/lib -lv8 -pthread -licui18n
Cflags: -I$libv8/include
EOF
- '' + optionalString (stdenv.isDarwin && enableNpm) ''
- sed -i 's/raise.*No Xcode or CLT version detected.*/version = "7.0.0"/' $out/lib/node_modules/npm/node_modules/node-gyp/gyp/pylib/gyp/xcode_emulation.py
'';
passthru.updateScript = import ./update.nix {
diff --git a/pkgs/development/web/nodejs/v16.nix b/pkgs/development/web/nodejs/v16.nix
index 0b6a127bd2693..5e0ea0a996cce 100644
--- a/pkgs/development/web/nodejs/v16.nix
+++ b/pkgs/development/web/nodejs/v16.nix
@@ -12,6 +12,7 @@ in
sha256 = "sha256-ZyH+tBUtVtLGs1jOOXq9Wn8drwnuLiXFAhubTT+GozA=";
patches = [
./disable-darwin-v8-system-instrumentation.patch
+ ./bypass-darwin-xcrun-node16.patch
# Fix npm silently fail without a HOME directory https://github.com/npm/cli/issues/4996
(fetchpatch {
url = "https://github.com/npm/cli/commit/9905d0e24c162c3f6cc006fa86b4c9d0205a4c6f.patch";
diff --git a/pkgs/development/web/nodejs/v18.nix b/pkgs/development/web/nodejs/v18.nix
index c4050087cfe7d..9cb626a93d98b 100644
--- a/pkgs/development/web/nodejs/v18.nix
+++ b/pkgs/development/web/nodejs/v18.nix
@@ -8,8 +8,8 @@ let
in
buildNodejs {
inherit enableNpm;
- version = "18.9.1";
- sha256 = "sha256-84GWPUNWi6aZkVyIYp3G2koZY4BNzTey5uHRDZI91dk=";
+ version = "18.10.0";
+ sha256 = "17z8081bqsldx4dl7399dp9gdsmd04lgnwvwycj7sjmyw9a1nwdd";
patches = [
(fetchpatch {
# Fixes cross compilation to aarch64-linux by reverting https://github.com/nodejs/node/pull/43200
@@ -20,5 +20,6 @@ buildNodejs {
})
./disable-darwin-v8-system-instrumentation.patch
+ ./bypass-darwin-xcrun-node16.patch
];
}
diff --git a/pkgs/games/snis/default.nix b/pkgs/games/snis/default.nix
index ed09ed46eff54..b74fef4518208 100644
--- a/pkgs/games/snis/default.nix
+++ b/pkgs/games/snis/default.nix
@@ -18,6 +18,7 @@
, sox
, libopus
, openscad
+, libxcrypt
}:
stdenv.mkDerivation {
@@ -46,7 +47,7 @@ stdenv.mkDerivation {
'';
nativeBuildInputs = [ pkg-config openscad makeWrapper ];
- buildInputs = [ coreutils portaudio libbsd libpng libvorbis SDL2 lua5_2 glew openssl picotts sox alsa-utils libopus ];
+ buildInputs = [ coreutils portaudio libbsd libpng libvorbis SDL2 lua5_2 glew openssl picotts sox alsa-utils libopus libxcrypt ];
postBuild = ''
make models -j$NIX_BUILD_CORES
diff --git a/pkgs/misc/ghostscript/default.nix b/pkgs/misc/ghostscript/default.nix
index 28344c3fc5a3e..922941c55e8d9 100644
--- a/pkgs/misc/ghostscript/default.nix
+++ b/pkgs/misc/ghostscript/default.nix
@@ -2,7 +2,7 @@
, libjpeg, libpng, libtiff, freetype, fontconfig, libpaper, jbig2dec
, libiconv, ijs, lcms2, callPackage, bash, buildPackages, openjpeg
, cupsSupport ? config.ghostscript.cups or (!stdenv.isDarwin), cups
-, x11Support ? cupsSupport, xlibsWrapper # with CUPS, X11 only adds very little
+, x11Support ? cupsSupport, xorg # with CUPS, X11 only adds very little
}:
let
@@ -58,7 +58,7 @@ stdenv.mkDerivation rec {
libjpeg libpng libtiff freetype fontconfig libpaper jbig2dec
libiconv ijs lcms2 bash openjpeg
]
- ++ lib.optional x11Support xlibsWrapper
+ ++ lib.optionals x11Support [ xorg.libICE xorg.libX11 xorg.libXext xorg.libXt ]
++ lib.optional cupsSupport cups
;
diff --git a/pkgs/misc/screensavers/slock/default.nix b/pkgs/misc/screensavers/slock/default.nix
index 9f364ba520cd2..c23b5fdc249b8 100644
--- a/pkgs/misc/screensavers/slock/default.nix
+++ b/pkgs/misc/screensavers/slock/default.nix
@@ -1,5 +1,5 @@
{ lib, stdenv, fetchurl, writeText
-, xorgproto, libX11, libXext, libXrandr
+, xorgproto, libX11, libXext, libXrandr, libxcrypt
# default header can be obtained from
# https://git.suckless.org/slock/tree/config.def.h
, conf ? null }:
@@ -14,7 +14,7 @@ stdenv.mkDerivation rec {
sha256 = "0sif752303dg33f14k6pgwq2jp1hjyhqv6x4sy3sj281qvdljf5m";
};
- buildInputs = [ xorgproto libX11 libXext libXrandr ];
+ buildInputs = [ xorgproto libX11 libXext libXrandr libxcrypt ];
installFlags = [ "PREFIX=$(out)" ];
diff --git a/pkgs/os-specific/bsd/netbsd/compat-cxx-safe-header.patch b/pkgs/os-specific/bsd/netbsd/compat-cxx-safe-header.patch
index f67ca2e507915..2aaa90b76146b 100644
--- a/pkgs/os-specific/bsd/netbsd/compat-cxx-safe-header.patch
+++ b/pkgs/os-specific/bsd/netbsd/compat-cxx-safe-header.patch
@@ -1,6 +1,6 @@
diff -u -r1.35.2.1 nbtool_config.h.in
---- a/nbtool_config.h.in 22 Apr 2015 07:18:58 -0000 1.35.2.1
-+++ b/nbtool_config.h.in 31 May 2018 01:46:53 -0000
+--- a/tools/compat/nbtool_config.h.in 22 Apr 2015 07:18:58 -0000 1.35.2.1
++++ b/tools/compat/nbtool_config.h.in 31 May 2018 01:46:53 -0000
@@ -680,5 +680,14 @@
/* Define if you have u_int8_t, but not uint8_t. */
#undef uint8_t
diff --git a/pkgs/os-specific/bsd/netbsd/compat-dont-configure-twice.patch b/pkgs/os-specific/bsd/netbsd/compat-dont-configure-twice.patch
index 1a69e73e255fc..2758e256a6168 100644
--- a/pkgs/os-specific/bsd/netbsd/compat-dont-configure-twice.patch
+++ b/pkgs/os-specific/bsd/netbsd/compat-dont-configure-twice.patch
@@ -6,8 +6,8 @@ Date: Wed Sep 1 15:38:56 2021 +0000
diff --git a/Makefile b/Makefile
index b5adb8a5f2e9..1a914ef16739 100644
---- a/Makefile
-+++ b/Makefile
+--- a/tools/compat/Makefile
++++ b/tools/compat/Makefile
@@ -76,11 +76,6 @@ _CURDIR:= ${.CURDIR}
SRCS:= ${SRCS:M*.c}
diff --git a/pkgs/os-specific/bsd/netbsd/compat-no-force-native.patch b/pkgs/os-specific/bsd/netbsd/compat-no-force-native.patch
index cd442d95f412a..117fb7e042982 100644
--- a/pkgs/os-specific/bsd/netbsd/compat-no-force-native.patch
+++ b/pkgs/os-specific/bsd/netbsd/compat-no-force-native.patch
@@ -8,8 +8,8 @@ Date: Wed Sep 1 15:38:56 2021 +0000
diff --git a/Makefile b/Makefile
index 4bcf227f0e75..9ed1d6eea6ff 100644
---- a/Makefile
-+++ b/Makefile
+--- a/tools/compat/Makefile
++++ b/tools/compat/Makefile
@@ -1,6 +1,6 @@
# $NetBSD: Makefile,v 1.87 2019/05/08 02:25:50 thorpej Exp $
diff --git a/pkgs/os-specific/bsd/netbsd/default.nix b/pkgs/os-specific/bsd/netbsd/default.nix
index ae93d42b67657..c90de5067dc3f 100644
--- a/pkgs/os-specific/bsd/netbsd/default.nix
+++ b/pkgs/os-specific/bsd/netbsd/default.nix
@@ -3,7 +3,7 @@
, buildPackages, splicePackages, newScope
, bsdSetupHook, makeSetupHook, fetchcvs, groff, mandoc, byacc, flex
, zlib
-, writeText, symlinkJoin
+, writeShellScript, writeText, runtimeShell, symlinkJoin
}:
let
@@ -94,7 +94,7 @@ in lib.makeScopeWithSplicing
}.${stdenv'.hostPlatform.parsed.cpu.name}
or stdenv'.hostPlatform.parsed.cpu.name;
- BSD_PATH = attrs.path;
+ COMPONENT_PATH = attrs.path;
makeFlags = defaultMakeFlags;
@@ -121,12 +121,12 @@ in lib.makeScopeWithSplicing
installPhase = "includesPhase";
dontBuild = true;
} // attrs // {
+ # Files that use NetBSD-specific macros need to have nbtool_config.h
+ # included ahead of them on non-NetBSD platforms.
postPatch = lib.optionalString (!stdenv'.hostPlatform.isNetBSD) ''
- # Files that use NetBSD-specific macros need to have nbtool_config.h
- # included ahead of them on non-NetBSD platforms.
set +e
grep -Zlr "^__RCSID
- ^__BEGIN_DECLS" | xargs -0r grep -FLZ nbtool_config.h |
+ ^__BEGIN_DECLS" $COMPONENT_PATH | xargs -0r grep -FLZ nbtool_config.h |
xargs -0tr sed -i '0,/^#/s//#include \n\0/'
set -e
'' + attrs.postPatch or "";
@@ -146,7 +146,7 @@ in lib.makeScopeWithSplicing
skipIncludesPhase = true;
postPatch = ''
- patchShebangs configure
+ patchShebangs $COMPONENT_PATH/configure
${self.make.postPatch}
'';
@@ -281,11 +281,11 @@ in lib.makeScopeWithSplicing
# HACK: to ensure parent directories exist. This emulates GNU
# install’s -D option. No alternative seems to exist in BSD install.
- install = let binstall = writeText "binstall" ''
- #!${stdenv.shell}
- for last in $@; do true; done
+ install = let binstall = writeShellScript "binstall" ''
+ set -eu
+ for last in "$@"; do true; done
mkdir -p $(dirname $last)
- xinstall "$@"
+ @out@/bin/xinstall "$@"
''; in mkDerivation {
path = "usr.bin/xinstall";
version = "9.2";
@@ -297,13 +297,14 @@ in lib.makeScopeWithSplicing
mandoc groff rsync
];
skipIncludesPhase = true;
- buildInputs = with self; compatIfNeeded ++ [ fts ];
+ buildInputs = with self; compatIfNeeded;
installPhase = ''
runHook preInstall
install -D install.1 $out/share/man/man1/install.1
install -D xinstall $out/bin/xinstall
install -D -m 0550 ${binstall} $out/bin/binstall
+ substituteInPlace $out/bin/binstall --subst-var out
ln -s $out/bin/binstall $out/bin/install
runHook postInstall
@@ -391,6 +392,7 @@ in lib.makeScopeWithSplicing
install mandoc groff rsync
];
};
+
##
## END BOOTSTRAPPING
##
@@ -705,10 +707,10 @@ in lib.makeScopeWithSplicing
SHLIBINSTALLDIR = "$(out)/lib";
makeFlags = defaultMakeFlags ++ [ "LIBDO.terminfo=${self.libterminfo}/lib" ];
postPatch = ''
- sed -i '1i #undef bool_t' el.h
- substituteInPlace config.h \
+ sed -i '1i #undef bool_t' $COMPONENT_PATH/el.h
+ substituteInPlace $COMPONENT_PATH/config.h \
--replace "#define HAVE_STRUCT_DIRENT_D_NAMLEN 1" ""
- substituteInPlace readline/Makefile --replace /usr/include "$out/include"
+ substituteInPlace $COMPONENT_PATH/readline/Makefile --replace /usr/include "$out/include"
'';
NIX_CFLAGS_COMPILE = [
"-D__noinline="
@@ -728,8 +730,8 @@ in lib.makeScopeWithSplicing
buildInputs = with self; compatIfNeeded;
SHLIBINSTALLDIR = "$(out)/lib";
postPatch = ''
- substituteInPlace term.c --replace /usr/share $out/share
- substituteInPlace setupterm.c \
+ substituteInPlace $COMPONENT_PATH/term.c --replace /usr/share $out/share
+ substituteInPlace $COMPONENT_PATH/setupterm.c \
--replace '#include ' 'void use_env(bool);'
'';
postBuild = ''
@@ -757,10 +759,10 @@ in lib.makeScopeWithSplicing
MKDOC = "no"; # missing vfontedpr
makeFlags = defaultMakeFlags ++ [ "LIBDO.terminfo=${self.libterminfo}/lib" ];
postPatch = lib.optionalString (!stdenv.isDarwin) ''
- substituteInPlace printw.c \
+ substituteInPlace $COMPONENT_PATH/printw.c \
--replace "funopen(win, NULL, __winwrite, NULL, NULL)" NULL \
--replace "__strong_alias(vwprintw, vw_printw)" 'extern int vwprintw(WINDOW*, const char*, va_list) __attribute__ ((alias ("vw_printw")));'
- substituteInPlace scanw.c \
+ substituteInPlace $COMPONENT_PATH/scanw.c \
--replace "__strong_alias(vwscanw, vw_scanw)" 'extern int vwscanw(WINDOW*, const char*, va_list) __attribute__ ((alias ("vw_scanw")));'
'';
};
@@ -985,7 +987,7 @@ in lib.makeScopeWithSplicing
# man0 generates a man.pdf using ps2pdf, but doesn't install it later,
# so we can avoid the dependency on ghostscript
postPatch = ''
- substituteInPlace man0/Makefile --replace "ps2pdf" "echo noop "
+ substituteInPlace $COMPONENT_PATH/man0/Makefile --replace "ps2pdf" "echo noop "
'';
makeFlags = defaultMakeFlags ++ [
"FILESDIR=$(out)/share"
diff --git a/pkgs/os-specific/bsd/netbsd/getent.patch b/pkgs/os-specific/bsd/netbsd/getent.patch
index e9e34d19a315b..18258b6486186 100644
--- a/pkgs/os-specific/bsd/netbsd/getent.patch
+++ b/pkgs/os-specific/bsd/netbsd/getent.patch
@@ -1,8 +1,8 @@
Author: Matthew Bauer
Description: Remove unavailable getent databases
Version: 7.1.2
---- a/getent.c 2018-04-16 13:33:49.000000000 -0500
-+++ b/getent.c 2018-04-16 13:29:30.000000000 -0500
+--- a/usr.bin/getent/getent.c 2018-04-16 13:33:49.000000000 -0500
++++ b/usr.bin/getent/getent.c 2018-04-16 13:29:30.000000000 -0500
@@ -42,7 +42,6 @@
#include
#include
diff --git a/pkgs/os-specific/bsd/netbsd/locale.patch b/pkgs/os-specific/bsd/netbsd/locale.patch
index 1df9eb385625c..4b7f478552879 100644
--- a/pkgs/os-specific/bsd/netbsd/locale.patch
+++ b/pkgs/os-specific/bsd/netbsd/locale.patch
@@ -1,5 +1,5 @@
---- a/locale.c 2018-06-11 14:39:06.449762000 -0400
-+++ b/locale.c 2018-06-11 14:42:28.461122899 -0400
+--- a/usr.bin/locale/locale.c 2018-06-11 14:39:06.449762000 -0400
++++ b/usr.bin/locale/locale.c 2018-06-11 14:42:28.461122899 -0400
@@ -56,14 +56,8 @@
#include
#include
diff --git a/pkgs/os-specific/bsd/netbsd/no-dynamic-linker.patch b/pkgs/os-specific/bsd/netbsd/no-dynamic-linker.patch
index 5a2b9092a5c56..b3e9f3c88a13c 100644
--- a/pkgs/os-specific/bsd/netbsd/no-dynamic-linker.patch
+++ b/pkgs/os-specific/bsd/netbsd/no-dynamic-linker.patch
@@ -4,8 +4,8 @@ rcsdiff: /ftp/cvs/cvsroot/src/sys/arch/i386/stand/efiboot/Makefile.efiboot,v: wa
retrieving revision 1.16
retrieving revision 1.17
diff -u -p -r1.16 -r1.17
---- sys/arch/i386/stand/efiboot/Makefile.efiboot 2019/09/13 02:19:45 1.16
-+++ sys/arch/i386/stand/efiboot/Makefile.efiboot 2020/04/04 15:30:46 1.17
+--- a/sys/arch/i386/stand/efiboot/Makefile.efiboot 2019/09/13 02:19:45 1.16
++++ b/sys/arch/i386/stand/efiboot/Makefile.efiboot 2020/04/04 15:30:46 1.17
@@ -41,6 +41,7 @@ BINMODE=444
.PATH: ${.CURDIR}/../../libsa
diff --git a/pkgs/os-specific/bsd/netbsd/sys-headers-incsdir.patch b/pkgs/os-specific/bsd/netbsd/sys-headers-incsdir.patch
index ed85f8ea5b0cf..5cfb2a54c8db2 100644
--- a/pkgs/os-specific/bsd/netbsd/sys-headers-incsdir.patch
+++ b/pkgs/os-specific/bsd/netbsd/sys-headers-incsdir.patch
@@ -1,7 +1,7 @@
diff --git a/Makefile b/Makefile
index 3f1e18dc659d..163362b82f94 100644
---- a/Makefile
-+++ b/Makefile
+--- a/sys/Makefile
++++ b/sys/Makefile
@@ -2,6 +2,8 @@
.include
diff --git a/pkgs/os-specific/bsd/setup-hook.sh b/pkgs/os-specific/bsd/setup-hook.sh
index 4bdfde68b62e7..e0afefcd73f71 100644
--- a/pkgs/os-specific/bsd/setup-hook.sh
+++ b/pkgs/os-specific/bsd/setup-hook.sh
@@ -48,6 +48,7 @@ addMakeFlags() {
makeFlags="BINDIR=${!outputBin}/bin $makeFlags"
makeFlags="LIBDIR=${!outputLib}/lib $makeFlags"
makeFlags="SHLIBDIR=${!outputLib}/lib $makeFlags"
+ makeFlags="SHAREDIR=${!outputLib}/share $makeFlags"
makeFlags="MANDIR=${!outputMan}/share/man $makeFlags"
makeFlags="INFODIR=${!outputInfo}/share/info $makeFlags"
makeFlags="DOCDIR=${!outputDoc}/share/doc $makeFlags"
@@ -61,10 +62,13 @@ setBSDSourceDir() {
sourceRoot=$PWD/$sourceRoot
export BSDSRCDIR=$sourceRoot
export _SRC_TOP_=$BSDSRCDIR
-
cd $sourceRoot
- if [ -d "$BSD_PATH" ]
- then sourceRoot=$sourceRoot/$BSD_PATH
+}
+
+cdBSDPath() {
+ if [ -d "$COMPONENT_PATH" ]
+ then sourceRoot=$sourceRoot/$COMPONENT_PATH
+ cd $COMPONENT_PATH
fi
}
@@ -104,6 +108,7 @@ moveUsrDir() {
}
postUnpackHooks+=(setBSDSourceDir)
+postPatchHooks+=(cdBSDPath)
preConfigureHooks+=(addMakeFlags)
preInstallHooks+=(includesPhase)
fixupOutputHooks+=(moveUsrDir)
diff --git a/pkgs/os-specific/darwin/cctools/darwin-no-memstream.patch b/pkgs/os-specific/darwin/cctools/darwin-no-memstream.patch
new file mode 100644
index 0000000000000..bb8a4ad68f3b2
--- /dev/null
+++ b/pkgs/os-specific/darwin/cctools/darwin-no-memstream.patch
@@ -0,0 +1,21 @@
+MacOS SDKs before 10.13 don't support open_memstream. This is already replaced
+by a runtime check in cctools-port, but because we build with SDK 10.12 by
+default, linking still fails for us. Disable it entirely here.
+
+--- a/cctools/include/stuff/diagnostics.h
++++ b/cctools/include/stuff/diagnostics.h
+@@ -60,13 +60,6 @@ void diagnostics_log_msg(enum diagnostic_level level, const char* message);
+ */
+ void diagnostics_write(void);
+
+-#if defined(__APPLE__ ) && defined(__has_builtin)
+-# if __has_builtin(__builtin_available)
+-# define HAVE_OPENMEMSTREAM_RUNTIME __builtin_available(macOS 10.13, *)
+-# endif
+-#endif
+-#ifndef HAVE_OPENMEMSTREAM_RUNTIME
+-# define HAVE_OPENMEMSTREAM_RUNTIME 1
+-#endif
++#define HAVE_OPENMEMSTREAM_RUNTIME 0
+
+ #endif /* diagnostics_h */
diff --git a/pkgs/os-specific/darwin/cctools/port.nix b/pkgs/os-specific/darwin/cctools/port.nix
index bace6f0689d9e..3c48c3ebc0c46 100644
--- a/pkgs/os-specific/darwin/cctools/port.nix
+++ b/pkgs/os-specific/darwin/cctools/port.nix
@@ -19,13 +19,17 @@ assert (!stdenv.hostPlatform.isDarwin) -> maloader != null;
stdenv.mkDerivation {
pname = "${targetPrefix}cctools-port";
- version = "949.0.1";
+ version = "973.0.1";
src = fetchFromGitHub {
owner = "tpoechtrager";
repo = "cctools-port";
- rev = "43f32a4c61b5ba7fde011e816136c550b1b3146f";
- sha256 = "10yc5smiczzm62q6ijqccc58bwmfhc897f3bwa5i9j98csqsjj0k";
+ # This is the commit before: https://github.com/tpoechtrager/cctools-port/pull/114
+ # That specific change causes trouble for us (see the PR discussion), but
+ # is also currently the last commit on master at the time of writing, so we
+ # can just go back one step.
+ rev = "457dc6ddf5244ebf94f28e924e3a971f1566bd66";
+ sha256 = "0ns12q7vg9yand4dmdsps1917cavfbw67yl5q7bm6kb4ia5kkx13";
};
outputs = [ "out" "dev" "man" ];
@@ -35,7 +39,11 @@ stdenv.mkDerivation {
++ lib.optionals stdenv.isDarwin [ libobjc ]
++ lib.optional enableTapiSupport libtapi;
- patches = [ ./ld-ignore-rpath-link.patch ./ld-rpath-nonfinal.patch ];
+ patches = [
+ ./ld-ignore-rpath-link.patch
+ ./ld-rpath-nonfinal.patch
+ ]
+ ++ lib.optional stdenv.isDarwin ./darwin-no-memstream.patch;
__propagatedImpureHostDeps = [
# As far as I can tell, otool from cctools is the only thing that depends on these two, and we should fix them
@@ -64,32 +72,99 @@ stdenv.mkDerivation {
--replace "-isystem /usr/local/include -isystem /usr/pkg/include" "" \
--replace "-L/usr/local/lib" "" \
- substituteInPlace cctools/include/Makefile \
- --replace "/bin/" ""
+ # Appears to use new libdispatch API not available in macOS SDK 10.12.
+ substituteInPlace cctools/ld64/src/ld/libcodedirectory.c \
+ --replace "#define LIBCD_PARALLEL 1" ""
patchShebangs tools
sed -i -e 's/which/type -P/' tools/*.sh
- # Workaround for https://www.sourceware.org/bugzilla/show_bug.cgi?id=11157
- cat > cctools/include/unistd.h <
+Date: Sun, 4 Sep 2022 11:15:02 -0600
+Subject: [PATCH] Allow loading token handlers from the default search path
+
+Since [1] landed in cryptsetup, token handlers (libcryptsetup-token-*.so)
+are loaded from a fixed path defined at compile-time. This is
+problematic with NixOS since it introduces a dependency cycle
+between cryptsetup and systemd.
+
+This downstream patch [2] allows loading token plugins from the
+default library search path. This approach is not accepted upstream [3]
+due to security concerns, but the potential attack vectors require
+root access and they are sufficiently addressed:
+
+* cryptsetup could be used as a setuid binary (not used in NixOS).
+ In this case, LD_LIBRARY_PATH is ignored because of secure-execution
+ mode.
+* cryptsetup running as root could lead to a malicious token handler
+ being loaded through LD_LIBRARY_PATH. However, fixing the path
+ doesn't prevent the same malicious .so being loaded through LD_PRELOAD.
+
+[1] https://gitlab.com/cryptsetup/cryptsetup/-/commit/5b9e98f94178d3cd179d9f6e2a0a68c7d9eb6507
+[2] https://github.com/NixOS/nixpkgs/issues/167994#issuecomment-1094249369
+[3] https://gitlab.com/cryptsetup/cryptsetup/-/issues/733
+---
+ lib/luks2/luks2_token.c | 4 +---
+ 1 file changed, 1 insertion(+), 3 deletions(-)
+
+diff --git a/lib/luks2/luks2_token.c b/lib/luks2/luks2_token.c
+index 26467253..6f8329f0 100644
+--- a/lib/luks2/luks2_token.c
++++ b/lib/luks2/luks2_token.c
+@@ -151,12 +151,10 @@ crypt_token_load_external(struct crypt_device *cd, const char *name, struct cryp
+
+ token = &ret->u.v2;
+
+- r = snprintf(buf, sizeof(buf), "%s/libcryptsetup-token-%s.so", crypt_token_external_path(), name);
++ r = snprintf(buf, sizeof(buf), "libcryptsetup-token-%s.so", name);
+ if (r < 0 || (size_t)r >= sizeof(buf))
+ return -EINVAL;
+
+- assert(*buf == '/');
+-
+ log_dbg(cd, "Trying to load %s.", buf);
+
+ h = dlopen(buf, RTLD_LAZY);
+--
+2.37.2
+
diff --git a/pkgs/os-specific/linux/kernel-headers/default.nix b/pkgs/os-specific/linux/kernel-headers/default.nix
index daa8c1ae2019f..7e148b9145c65 100644
--- a/pkgs/os-specific/linux/kernel-headers/default.nix
+++ b/pkgs/os-specific/linux/kernel-headers/default.nix
@@ -84,12 +84,12 @@ let
in {
inherit makeLinuxHeaders;
- linuxHeaders = let version = "5.19"; in
+ linuxHeaders = let version = "6.0"; in
makeLinuxHeaders {
inherit version;
src = fetchurl {
- url = "mirror://kernel/linux/kernel/v5.x/linux-${version}.tar.xz";
- sha256 = "1a05a3hw4w3k530mxhns96xw7hag743xw5w967yazqcykdbhq97z";
+ url = "mirror://kernel/linux/kernel/v${lib.versions.major version}.x/linux-${version}.tar.xz";
+ sha256 = "sha256-XCRDpVON5SaI77VcJ6sFOcH161jAz9FqK5+7CP2BeI4=";
};
patches = [
./no-relocs.patch # for building x86 kernel headers on non-ELF platforms
diff --git a/pkgs/os-specific/linux/kernel/common-config.nix b/pkgs/os-specific/linux/kernel/common-config.nix
index 3a71563593ef3..0c5cb6b73a5aa 100644
--- a/pkgs/os-specific/linux/kernel/common-config.nix
+++ b/pkgs/os-specific/linux/kernel/common-config.nix
@@ -411,6 +411,7 @@ let
XFS_QUOTA = option yes;
XFS_POSIX_ACL = option yes;
XFS_RT = option yes; # XFS Realtime subvolume support
+ XFS_ONLINE_SCRUB = option yes;
OCFS2_DEBUG_MASKLOG = option no;
diff --git a/pkgs/os-specific/linux/kexec-tools/default.nix b/pkgs/os-specific/linux/kexec-tools/default.nix
index 6faa401eccc56..e10f3e4defb85 100644
--- a/pkgs/os-specific/linux/kexec-tools/default.nix
+++ b/pkgs/os-specific/linux/kexec-tools/default.nix
@@ -2,14 +2,14 @@
stdenv.mkDerivation rec {
pname = "kexec-tools";
- version = "2.0.23";
+ version = "2.0.25";
src = fetchurl {
urls = [
"mirror://kernel/linux/utils/kernel/kexec/${pname}-${version}.tar.xz"
"http://horms.net/projects/kexec/kexec-tools/${pname}-${version}.tar.xz"
];
- sha256 = "qmPNbH3ZWwbOumJAp/3GeSeJytp1plXmcUmHF1IkJBs=";
+ sha256 = "sha256-fOLl3vOOwE95/rEH0CJD3VhvvGhWnszwL0S606E+wH0=";
};
patches = [
diff --git a/pkgs/os-specific/linux/numactl/default.nix b/pkgs/os-specific/linux/numactl/default.nix
index ac17a18273a77..28157ffe1677a 100644
--- a/pkgs/os-specific/linux/numactl/default.nix
+++ b/pkgs/os-specific/linux/numactl/default.nix
@@ -2,13 +2,13 @@
stdenv.mkDerivation rec {
pname = "numactl";
- version = "2.0.15";
+ version = "2.0.16";
src = fetchFromGitHub {
owner = pname;
repo = pname;
rev = "v${version}";
- sha256 = "sha256-mowDqCkAHDEV9AWCgAEWL0//sNMUk/K8w3eO7Wg+AwQ=";
+ sha256 = "sha256-aDKzkmvrPDzQl4n0KgeiU5LOLhQA0tmwzGiXvJDp7ZI=";
};
nativeBuildInputs = [ autoreconfHook ];
diff --git a/pkgs/os-specific/linux/otpw/default.nix b/pkgs/os-specific/linux/otpw/default.nix
index 14381ac68c164..6c53bf16efc19 100644
--- a/pkgs/os-specific/linux/otpw/default.nix
+++ b/pkgs/os-specific/linux/otpw/default.nix
@@ -1,4 +1,4 @@
-{ lib, stdenv, fetchurl, pam }:
+{ lib, stdenv, fetchurl, pam, libxcrypt }:
stdenv.mkDerivation rec {
pname = "otpw";
@@ -23,7 +23,7 @@ stdenv.mkDerivation rec {
cp *.8 $out/share/man/man8
'';
- buildInputs = [ pam ];
+ buildInputs = [ pam libxcrypt ];
hardeningDisable = [ "stackprotector" ];
diff --git a/pkgs/os-specific/linux/pam/default.nix b/pkgs/os-specific/linux/pam/default.nix
index 72f91e89c7454..22e7057e343f7 100644
--- a/pkgs/os-specific/linux/pam/default.nix
+++ b/pkgs/os-specific/linux/pam/default.nix
@@ -1,6 +1,6 @@
{ lib, stdenv, buildPackages, fetchurl, flex, cracklib, db4, gettext, audit
, nixosTests
-, withLibxcrypt ? false, libxcrypt
+, withLibxcrypt ? true, libxcrypt
}:
stdenv.mkDerivation rec {
diff --git a/pkgs/os-specific/linux/pam_mysql/default.nix b/pkgs/os-specific/linux/pam_mysql/default.nix
index 807899cf2b28c..036d4b20cb4c5 100644
--- a/pkgs/os-specific/linux/pam_mysql/default.nix
+++ b/pkgs/os-specific/linux/pam_mysql/default.nix
@@ -1,4 +1,4 @@
-{ lib, stdenv, fetchFromGitHub, meson, ninja, pam, pkg-config, libmysqlclient, mariadb }:
+{ lib, stdenv, fetchFromGitHub, meson, ninja, pam, pkg-config, libmysqlclient, mariadb, libxcrypt }:
stdenv.mkDerivation rec {
pname = "pam_mysql";
@@ -12,7 +12,7 @@ stdenv.mkDerivation rec {
};
nativeBuildInputs = [ meson pkg-config ninja ];
- buildInputs = [ pam libmysqlclient mariadb ];
+ buildInputs = [ pam libmysqlclient mariadb libxcrypt ];
meta = with lib; {
description = "PAM authentication module against a MySQL database";
diff --git a/pkgs/os-specific/linux/pam_pgsql/default.nix b/pkgs/os-specific/linux/pam_pgsql/default.nix
index 3cfa6733efa84..2eabcefe584c6 100644
--- a/pkgs/os-specific/linux/pam_pgsql/default.nix
+++ b/pkgs/os-specific/linux/pam_pgsql/default.nix
@@ -1,4 +1,4 @@
-{ lib, stdenv, fetchFromGitHub, autoreconfHook, pkg-config, postgresql, libgcrypt, pam }:
+{ lib, stdenv, fetchFromGitHub, autoreconfHook, pkg-config, postgresql, libgcrypt, pam, libxcrypt }:
stdenv.mkDerivation rec {
pname = "pam_pgsql";
@@ -12,7 +12,7 @@ stdenv.mkDerivation rec {
};
nativeBuildInputs = [ autoreconfHook pkg-config ];
- buildInputs = [ libgcrypt pam postgresql ];
+ buildInputs = [ libgcrypt pam postgresql libxcrypt ];
meta = with lib; {
description = "Support to authenticate against PostgreSQL for PAM-enabled appliations";
diff --git a/pkgs/os-specific/linux/policycoreutils/default.nix b/pkgs/os-specific/linux/policycoreutils/default.nix
index c066dd4c4c5c5..33875049747dd 100644
--- a/pkgs/os-specific/linux/policycoreutils/default.nix
+++ b/pkgs/os-specific/linux/policycoreutils/default.nix
@@ -1,4 +1,4 @@
-{ lib, stdenv, fetchurl, gettext, libsepol, libselinux, libsemanage }:
+{ lib, stdenv, fetchurl, gettext, libsepol, libselinux, libsemanage, libxcrypt }:
stdenv.mkDerivation rec {
pname = "policycoreutils";
@@ -20,7 +20,7 @@ stdenv.mkDerivation rec {
'';
nativeBuildInputs = [ gettext ];
- buildInputs = [ libsepol libselinux libsemanage ];
+ buildInputs = [ libsepol libselinux libsemanage libxcrypt ];
makeFlags = [
"PREFIX=$(out)"
diff --git a/pkgs/os-specific/linux/shadow/default.nix b/pkgs/os-specific/linux/shadow/default.nix
index 5537f9f6aacb0..c6fd417d0d6fa 100644
--- a/pkgs/os-specific/linux/shadow/default.nix
+++ b/pkgs/os-specific/linux/shadow/default.nix
@@ -1,6 +1,6 @@
{ lib, stdenv, nixosTests, fetchpatch, fetchFromGitHub, autoreconfHook, libxslt
, libxml2 , docbook_xml_dtd_45, docbook_xsl, itstool, flex, bison, runtimeShell
-, pam ? null, glibcCross ? null
+, libxcrypt, pam ? null, glibcCross ? null
}:
let
@@ -28,7 +28,8 @@ stdenv.mkDerivation rec {
sha256 = "sha256-PxLX5V0t18JftT5wT41krNv18Ew7Kz3MfZkOi/80ODA=";
};
- buildInputs = lib.optional (pam != null && stdenv.isLinux) pam;
+ buildInputs = [ libxcrypt ]
+ ++ lib.optional (pam != null && stdenv.isLinux) pam;
nativeBuildInputs = [autoreconfHook libxslt libxml2
docbook_xml_dtd_45 docbook_xsl flex bison itstool
];
@@ -62,6 +63,8 @@ stdenv.mkDerivation rec {
configureFlags = [
"--enable-man"
"--with-group-name-max-length=32"
+ "--with-bcrypt"
+ "--with-yescrypt"
] ++ lib.optional (stdenv.hostPlatform.libc != "glibc") "--disable-nscd";
preBuild = lib.optionalString (stdenv.hostPlatform.libc == "glibc")
diff --git a/pkgs/os-specific/linux/systemd/0018-core-don-t-taint-on-unmerged-usr.patch b/pkgs/os-specific/linux/systemd/0018-core-don-t-taint-on-unmerged-usr.patch
new file mode 100644
index 0000000000000..1cd3c2105e1a2
--- /dev/null
+++ b/pkgs/os-specific/linux/systemd/0018-core-don-t-taint-on-unmerged-usr.patch
@@ -0,0 +1,33 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: oxalica
+Date: Tue, 4 Oct 2022 09:18:07 +0800
+Subject: [PATCH] core: don't taint on unmerged /usr
+
+NixOS has very different approach towards /bin and /sbin - they don't
+really exist (except for /bin/sh and /usr/bin/env, because these are used
+heavily in shebangs around the world). The concept of merged or unmerged
+usr doesn't really apply here at all, it's neither of the two.
+Users don't execute things from /bin or /sbin, there's nothing else in
+there. In all cases, systemd doesn't look things up from /usr/bin or /bin,
+so showing the taint isn't really helpful.
+
+See also: https://github.com/systemd/systemd/issues/24191
+---
+ src/core/manager.c | 4 ----
+ 1 file changed, 4 deletions(-)
+
+diff --git a/src/core/manager.c b/src/core/manager.c
+index 33ded94a7c..8847479799 100644
+--- a/src/core/manager.c
++++ b/src/core/manager.c
+@@ -4488,10 +4488,6 @@ char* manager_taint_string(const Manager *m) {
+ if (m->taint_usr)
+ stage[n++] = "split-usr";
+
+- _cleanup_free_ char *usrbin = NULL;
+- if (readlink_malloc("/bin", &usrbin) < 0 || !PATH_IN_SET(usrbin, "usr/bin", "/usr/bin"))
+- stage[n++] = "unmerged-usr";
+-
+ if (access("/proc/cgroups", F_OK) < 0)
+ stage[n++] = "cgroups-missing";
+
diff --git a/pkgs/os-specific/linux/systemd/default.nix b/pkgs/os-specific/linux/systemd/default.nix
index 5b417369a5584..8c1532c2a7b24 100644
--- a/pkgs/os-specific/linux/systemd/default.nix
+++ b/pkgs/os-specific/linux/systemd/default.nix
@@ -7,6 +7,7 @@
, fetchpatch
, fetchzip
, buildPackages
+, makeBinaryWrapper
, ninja
, meson
, m4
@@ -27,6 +28,7 @@
, util-linux
, kbd
, kmod
+, libxcrypt
# Optional dependencies
, pam
@@ -92,7 +94,7 @@
, withOomd ? true
, withPCRE2 ? true
, withPolkit ? true
-, withPortabled ? false
+, withPortabled ? true
, withRemote ? !stdenv.hostPlatform.isMusl
, withResolved ? true
, withShellCompletions ? true
@@ -120,7 +122,7 @@ assert withHomed -> withCryptsetup;
let
wantCurl = withRemote || withImportd;
wantGcrypt = withResolved || withImportd;
- version = "251.4";
+ version = "251.5";
# Bump this variable on every (major) version change. See below (in the meson options list) for why.
# command:
@@ -137,7 +139,7 @@ stdenv.mkDerivation {
owner = "systemd";
repo = "systemd-stable";
rev = "v${version}";
- sha256 = "sha256-lfG6flT1k8LZBAdDK+cF9RjmJMkHMJquMjQK3MINFd8=";
+ sha256 = "sha256-2MEmvFT1D+9v8OazBwjnKc7i/x7i196Eoi8bODk1cM4=";
};
# On major changes, or when otherwise required, you *must* reformat the patches,
@@ -163,6 +165,7 @@ stdenv.mkDerivation {
./0015-path-util.h-add-placeholder-for-DEFAULT_PATH_NORMAL.patch
./0016-pkg-config-derive-prefix-from-prefix.patch
./0017-inherit-systemd-environment-when-calling-generators.patch
+ ./0018-core-don-t-taint-on-unmerged-usr.patch
] ++ lib.optional stdenv.hostPlatform.isMusl (
let
oe-core = fetchzip {
@@ -331,6 +334,7 @@ stdenv.mkDerivation {
nativeBuildInputs =
[
pkg-config
+ makeBinaryWrapper
gperf
ninja
meson
@@ -359,6 +363,7 @@ stdenv.mkDerivation {
acl
audit
kmod
+ libxcrypt
libcap
libidn2
libuuid
@@ -571,21 +576,22 @@ stdenv.mkDerivation {
];
# { replacement, search, where } -> List[str]
- mkSubstitute = { replacement, search, where, ignore ? [] }:
+ mkSubstitute = { replacement, search, where, ignore ? [ ] }:
map (path: "substituteInPlace ${path} --replace '${search}' \"${replacement}\"") where;
- mkEnsureSubstituted = { replacement, search, where, ignore ? [] }:
- let
- ignore' = lib.concatStringsSep "|" (ignore ++ ["^test" "NEWS"]);
- in ''
- set +e
- search=$(grep '${search}' -r | grep -v "${replacement}" | grep -Ev "${ignore'}")
- set -e
- if [[ -n "$search" ]]; then
- echo "Not all references to '${search}' have been replaced. Found the following matches:"
- echo "$search"
- exit 1
- fi
- '';
+ mkEnsureSubstituted = { replacement, search, where, ignore ? [ ] }:
+ let
+ ignore' = lib.concatStringsSep "|" (ignore ++ [ "^test" "NEWS" ]);
+ in
+ ''
+ set +e
+ search=$(grep '${search}' -r | grep -v "${replacement}" | grep -Ev "${ignore'}")
+ set -e
+ if [[ -n "$search" ]]; then
+ echo "Not all references to '${search}' have been replaced. Found the following matches:"
+ echo "$search"
+ exit 1
+ fi
+ '';
in
''
mesonFlagsArray+=(-Dntp-servers="0.nixos.pool.ntp.org 1.nixos.pool.ntp.org 2.nixos.pool.ntp.org 3.nixos.pool.ntp.org")
@@ -664,7 +670,14 @@ stdenv.mkDerivation {
preFixup = lib.optionalString withEfi ''
mv $out/lib/systemd/boot/efi $out/dont-strip-me
'';
- postFixup = lib.optionalString withEfi ''
+
+ # Wrap in the correct path for LUKS2 tokens.
+ postFixup = lib.optionalString withCryptsetup ''
+ for f in lib/systemd/systemd-cryptsetup bin/systemd-cryptenroll; do
+ # This needs to be in LD_LIBRARY_PATH because rpath on a binary is not propagated to libraries using dlopen, in this case `libcryptsetup.so`
+ wrapProgram $out/$f --prefix LD_LIBRARY_PATH : ${placeholder "out"}/lib/cryptsetup
+ done
+ '' + lib.optionalString withEfi ''
mv $out/dont-strip-me $out/lib/systemd/boot/efi
'';
@@ -677,7 +690,7 @@ stdenv.mkDerivation {
# runtime; otherwise we can't and we need to reboot.
interfaceVersion = 2;
- inherit withCryptsetup withHostnamed withImportd withLocaled withMachined withTimedated withUtmp util-linux kmod kbd;
+ inherit withCryptsetup withHostnamed withImportd withLocaled withMachined withPortabled withTimedated withUtmp util-linux kmod kbd;
tests = {
inherit (nixosTests) switchTest;
diff --git a/pkgs/os-specific/linux/sysvinit/default.nix b/pkgs/os-specific/linux/sysvinit/default.nix
index 87b5b81066c20..c8ba3164ab09d 100644
--- a/pkgs/os-specific/linux/sysvinit/default.nix
+++ b/pkgs/os-specific/linux/sysvinit/default.nix
@@ -1,4 +1,4 @@
-{ lib, stdenv, fetchurl, withoutInitTools ? false }:
+{ lib, stdenv, fetchurl, libxcrypt, withoutInitTools ? false }:
stdenv.mkDerivation rec {
pname = if withoutInitTools then "sysvtools" else "sysvinit";
@@ -14,6 +14,8 @@ stdenv.mkDerivation rec {
sed -i -e "s,/sbin/,$out/sbin/," src/halt.c src/init.c src/paths.h
'';
+ buildInputs = [ libxcrypt ];
+
makeFlags = [ "SULOGINLIBS=-lcrypt" "ROOT=$(out)" "MANDIR=/share/man" ];
preInstall =
diff --git a/pkgs/os-specific/linux/util-linux/default.nix b/pkgs/os-specific/linux/util-linux/default.nix
index d57fdba7310be..8df231c961e22 100644
--- a/pkgs/os-specific/linux/util-linux/default.nix
+++ b/pkgs/os-specific/linux/util-linux/default.nix
@@ -1,6 +1,7 @@
{ lib, stdenv, fetchurl, pkg-config, zlib, shadow
, capabilitiesSupport ? true
, libcap_ng
+, libxcrypt
, ncursesSupport ? true
, ncurses
, pamSupport ? true
@@ -68,7 +69,7 @@ stdenv.mkDerivation rec {
nativeBuildInputs = [ pkg-config ]
++ lib.optionals translateManpages [ po4a ];
- buildInputs = [ zlib ]
+ buildInputs = [ zlib libxcrypt ]
++ lib.optionals pamSupport [ pam ]
++ lib.optionals capabilitiesSupport [ libcap_ng ]
++ lib.optionals ncursesSupport [ ncurses ]
diff --git a/pkgs/os-specific/linux/wiringpi/default.nix b/pkgs/os-specific/linux/wiringpi/default.nix
index a06e25b9eb8eb..eed71188eb075 100644
--- a/pkgs/os-specific/linux/wiringpi/default.nix
+++ b/pkgs/os-specific/linux/wiringpi/default.nix
@@ -2,6 +2,7 @@
, stdenv
, symlinkJoin
, fetchFromGitHub
+, libxcrypt
}:
let
@@ -35,6 +36,9 @@ let
inherit mkSubProject;
wiringPi = mkSubProject {
subprj = "wiringPi";
+ buildInputs = [
+ libxcrypt
+ ];
};
devLib = mkSubProject {
subprj = "devLib";
@@ -45,6 +49,7 @@ let
wiringPiD = mkSubProject {
subprj = "wiringPiD";
buildInputs = [
+ libxcrypt
passthru.wiringPi
passthru.devLib
];
@@ -52,6 +57,7 @@ let
gpio = mkSubProject {
subprj = "gpio";
buildInputs = [
+ libxcrypt
passthru.wiringPi
passthru.devLib
];
diff --git a/pkgs/servers/dante/default.nix b/pkgs/servers/dante/default.nix
index dd5967a2407b8..742ee2a0e684c 100644
--- a/pkgs/servers/dante/default.nix
+++ b/pkgs/servers/dante/default.nix
@@ -1,4 +1,5 @@
-{ lib, stdenv, fetchurl, fetchpatch, pam, libkrb5, cyrus_sasl, miniupnpc, autoreconfHook }:
+{ lib, stdenv, fetchurl, fetchpatch, autoreconfHook
+, pam, libkrb5, cyrus_sasl, miniupnpc, libxcrypt }:
stdenv.mkDerivation rec {
pname = "dante";
@@ -10,7 +11,7 @@ stdenv.mkDerivation rec {
};
nativeBuildInputs = lib.optional stdenv.hostPlatform.isMips64 autoreconfHook;
- buildInputs = [ pam libkrb5 cyrus_sasl miniupnpc ];
+ buildInputs = [ pam libkrb5 cyrus_sasl miniupnpc libxcrypt ];
configureFlags = if !stdenv.isDarwin
then [ "--with-libc=libc.so.6" ]
diff --git a/pkgs/servers/dico/default.nix b/pkgs/servers/dico/default.nix
index 0275046aa2526..e372ffe9bad8f 100644
--- a/pkgs/servers/dico/default.nix
+++ b/pkgs/servers/dico/default.nix
@@ -1,5 +1,5 @@
{ fetchurl, lib, stdenv, libtool, gettext, zlib, readline, gsasl
-, guile, python3, pcre, libffi, groff }:
+, guile, python3, pcre, libffi, groff, libxcrypt }:
stdenv.mkDerivation rec {
pname = "dico";
@@ -15,7 +15,7 @@ stdenv.mkDerivation rec {
nativeBuildInputs = [ groff ];
buildInputs =
- [ libtool gettext zlib readline gsasl guile python3 pcre libffi ];
+ [ libtool gettext zlib readline gsasl guile python3 pcre libffi libxcrypt ];
strictDeps = true;
diff --git a/pkgs/servers/ftp/bftpd/default.nix b/pkgs/servers/ftp/bftpd/default.nix
index 6bedb469f4d47..73edd94a34935 100644
--- a/pkgs/servers/ftp/bftpd/default.nix
+++ b/pkgs/servers/ftp/bftpd/default.nix
@@ -1,4 +1,4 @@
-{ lib, stdenv, fetchurl }:
+{ lib, stdenv, fetchurl, libxcrypt }:
stdenv.mkDerivation rec {
pname = "bftpd";
@@ -9,6 +9,8 @@ stdenv.mkDerivation rec {
sha256 = "sha256-lyHQYU4aXQ/muAyaigStqO/ULL393SOelagFmuKDqm8=";
};
+ buildInputs = [ libxcrypt ];
+
preConfigure = ''
sed -re 's/-[og] 0//g' -i Makefile*
'';
diff --git a/pkgs/servers/ftp/pure-ftpd/default.nix b/pkgs/servers/ftp/pure-ftpd/default.nix
index 15f1520b80708..fe82f1c4679d6 100644
--- a/pkgs/servers/ftp/pure-ftpd/default.nix
+++ b/pkgs/servers/ftp/pure-ftpd/default.nix
@@ -1,4 +1,4 @@
-{ lib, stdenv, fetchurl, openssl, pam, fetchpatch }:
+{ lib, stdenv, fetchurl, openssl, pam, libxcrypt }:
stdenv.mkDerivation rec {
pname = "pure-ftpd";
@@ -9,7 +9,7 @@ stdenv.mkDerivation rec {
sha256 = "sha256-QWD2a3ZhXuojl+rE6j8KFGt5KCB7ebxMwvma17e9lRM=";
};
- buildInputs = [ openssl pam ];
+ buildInputs = [ openssl pam libxcrypt ];
configureFlags = [ "--with-tls" ];
diff --git a/pkgs/servers/ftp/vsftpd/default.nix b/pkgs/servers/ftp/vsftpd/default.nix
index 3a3517f4f2307..601d14d342a17 100644
--- a/pkgs/servers/ftp/vsftpd/default.nix
+++ b/pkgs/servers/ftp/vsftpd/default.nix
@@ -1,4 +1,4 @@
-{ lib, stdenv, fetchurl, libcap, libseccomp, openssl, pam, nixosTests }:
+{ lib, stdenv, fetchurl, libcap, libseccomp, openssl, pam, libxcrypt, nixosTests }:
stdenv.mkDerivation rec {
pname = "vsftpd";
@@ -9,7 +9,7 @@ stdenv.mkDerivation rec {
sha256 = "sha256-JrYCrkVLC6bZnvRKCba54N+n9nIoEGc23x8njHC8kdM=";
};
- buildInputs = [ libcap openssl libseccomp pam ];
+ buildInputs = [ libcap openssl libseccomp pam libxcrypt ];
patches = [ ./CVE-2015-1419.patch ];
diff --git a/pkgs/servers/http/apache-httpd/2.4.nix b/pkgs/servers/http/apache-httpd/2.4.nix
index 72ad91d017e10..ec8b3e5c6fa24 100644
--- a/pkgs/servers/http/apache-httpd/2.4.nix
+++ b/pkgs/servers/http/apache-httpd/2.4.nix
@@ -1,4 +1,4 @@
-{ lib, stdenv, fetchurl, perl, zlib, apr, aprutil, pcre2, libiconv, lynx, which
+{ lib, stdenv, fetchurl, perl, zlib, apr, aprutil, pcre2, libiconv, lynx, which, libxcrypt
, nixosTests
, proxySupport ? true
, sslSupport ? true, openssl
@@ -24,7 +24,7 @@ stdenv.mkDerivation rec {
nativeBuildInputs = [ which ];
- buildInputs = [ perl ] ++
+ buildInputs = [ perl libxcrypt ] ++
lib.optional brotliSupport brotli ++
lib.optional sslSupport openssl ++
lib.optional ldapSupport openldap ++ # there is no --with-ldap flag
diff --git a/pkgs/servers/http/bozohttpd/default.nix b/pkgs/servers/http/bozohttpd/default.nix
index 1574a953b174c..b236e1f2621f9 100644
--- a/pkgs/servers/http/bozohttpd/default.nix
+++ b/pkgs/servers/http/bozohttpd/default.nix
@@ -6,6 +6,7 @@
, inetutils
, wget
, openssl
+, libxcrypt
, minimal ? false
, userSupport ? !minimal
, cgiSupport ? !minimal
@@ -42,7 +43,7 @@ stdenv.mkDerivation rec {
];
patchFlags = [ "-p3" ];
- buildInputs = [ openssl ] ++ optional (luaSupport) lua;
+ buildInputs = [ openssl libxcrypt ] ++ optional (luaSupport) lua;
nativeBuildInputs = [ bmake groff ];
COPTS = [
diff --git a/pkgs/servers/http/hiawatha/default.nix b/pkgs/servers/http/hiawatha/default.nix
index 950faf89bedb8..2ab0b12c483fb 100644
--- a/pkgs/servers/http/hiawatha/default.nix
+++ b/pkgs/servers/http/hiawatha/default.nix
@@ -4,6 +4,7 @@
, cmake
, ninja
, mbedtls
+, libxcrypt
, enableCache ? true # Internal cache support.
, enableIpV6 ? true
@@ -27,7 +28,7 @@ stdenv.mkDerivation rec {
};
nativeBuildInputs = [ cmake ninja ];
- buildInputs = [ mbedtls ] ++ lib.optionals enableXslt [ libxslt libxml2 ];
+ buildInputs = [ mbedtls libxcrypt ] ++ lib.optionals enableXslt [ libxslt libxml2 ];
prePatch = ''
substituteInPlace CMakeLists.txt --replace SETUID ""
diff --git a/pkgs/servers/http/tengine/default.nix b/pkgs/servers/http/tengine/default.nix
index d7c8ea226febf..d464f7aa3e5f2 100644
--- a/pkgs/servers/http/tengine/default.nix
+++ b/pkgs/servers/http/tengine/default.nix
@@ -1,4 +1,4 @@
-{ lib, stdenv, fetchFromGitHub, openssl, zlib, pcre, libxml2, libxslt
+{ lib, stdenv, fetchFromGitHub, openssl, zlib, pcre, libxcrypt, libxml2, libxslt
, substituteAll, gd, geoip, gperftools, jemalloc, nixosTests
, withDebug ? false
, withMail ? false
@@ -21,7 +21,7 @@ stdenv.mkDerivation rec {
};
buildInputs =
- [ openssl zlib pcre libxml2 libxslt gd geoip gperftools jemalloc ]
+ [ openssl zlib pcre libxcrypt libxml2 libxslt gd geoip gperftools jemalloc ]
++ concatMap (mod: mod.inputs or []) modules;
patches = singleton (substituteAll {
diff --git a/pkgs/servers/http/thttpd/default.nix b/pkgs/servers/http/thttpd/default.nix
index 64e7309bc9bf2..c7a92bbf5f1ca 100644
--- a/pkgs/servers/http/thttpd/default.nix
+++ b/pkgs/servers/http/thttpd/default.nix
@@ -1,4 +1,4 @@
-{ lib, stdenv, fetchurl }:
+{ lib, stdenv, fetchurl, libxcrypt }:
stdenv.mkDerivation rec {
pname = "thttpd";
@@ -14,6 +14,10 @@ stdenv.mkDerivation rec {
sed -i -e 's/chmod 2755/chmod 755/' extras/Makefile.in
'';
+ buildInputs = [
+ libxcrypt
+ ];
+
preInstall = ''
mkdir -p "$out/man/man1"
sed -i -e 's/-o bin -g bin *//' Makefile
diff --git a/pkgs/servers/hylafaxplus/default.nix b/pkgs/servers/hylafaxplus/default.nix
index d02f1b5a7e376..c1a8cdc26d8e3 100644
--- a/pkgs/servers/hylafaxplus/default.nix
+++ b/pkgs/servers/hylafaxplus/default.nix
@@ -13,6 +13,7 @@
, gnugrep
, gnused
, libtiff
+, libxcrypt
, openssl
, psmisc
, sharutils
@@ -79,6 +80,7 @@ stdenv.mkDerivation {
file # for `file` command
ghostscript
libtiff
+ libxcrypt
openssl
psmisc # for `fuser` command
sharutils # for `uuencode` command
diff --git a/pkgs/servers/irc/atheme/default.nix b/pkgs/servers/irc/atheme/default.nix
index 9db7ef3aaca89..3df18bbe0c978 100644
--- a/pkgs/servers/irc/atheme/default.nix
+++ b/pkgs/servers/irc/atheme/default.nix
@@ -1,4 +1,4 @@
-{ lib, stdenv, fetchgit, libmowgli, pkg-config, git, gettext, pcre, libidn, cracklib, openssl }:
+{ lib, stdenv, fetchgit, libmowgli, pkg-config, git, gettext, pcre, libidn, libxcrypt, cracklib, openssl }:
stdenv.mkDerivation rec {
pname = "atheme";
@@ -12,7 +12,7 @@ stdenv.mkDerivation rec {
};
nativeBuildInputs = [ pkg-config git gettext ];
- buildInputs = [ libmowgli pcre libidn cracklib openssl ];
+ buildInputs = [ libmowgli pcre libidn libxcrypt cracklib openssl ];
configureFlags = [
"--with-pcre"
diff --git a/pkgs/servers/irc/ircd-hybrid/default.nix b/pkgs/servers/irc/ircd-hybrid/default.nix
index 346555cf5d7a1..cda989b8bef9c 100644
--- a/pkgs/servers/irc/ircd-hybrid/default.nix
+++ b/pkgs/servers/irc/ircd-hybrid/default.nix
@@ -1,4 +1,4 @@
-{ lib, stdenv, fetchurl, openssl, zlib }:
+{ lib, stdenv, fetchurl, openssl, zlib, libxcrypt }:
stdenv.mkDerivation rec {
pname = "ircd-hybrid";
@@ -9,7 +9,7 @@ stdenv.mkDerivation rec {
sha256 = "sha256-vQNzx4DjCMGm9piQFf8o4cIpme92S3toY2tihXPCUe8=";
};
- buildInputs = [ openssl zlib ];
+ buildInputs = [ openssl zlib libxcrypt ];
configureFlags = [
"--with-nicklen=100"
diff --git a/pkgs/servers/mail/opensmtpd/default.nix b/pkgs/servers/mail/opensmtpd/default.nix
index 5f36b139781b9..3bac9e0c6ef60 100644
--- a/pkgs/servers/mail/opensmtpd/default.nix
+++ b/pkgs/servers/mail/opensmtpd/default.nix
@@ -1,5 +1,5 @@
{ lib, stdenv, fetchurl, autoconf, automake, libtool, bison
-, libasr, libevent, zlib, libressl, db, pam, nixosTests
+, libasr, libevent, zlib, libressl, db, pam, libxcrypt, nixosTests
}:
stdenv.mkDerivation rec {
@@ -7,7 +7,7 @@ stdenv.mkDerivation rec {
version = "6.8.0p2";
nativeBuildInputs = [ autoconf automake libtool bison ];
- buildInputs = [ libasr libevent zlib libressl db pam ];
+ buildInputs = [ libasr libevent zlib libressl db pam libxcrypt ];
src = fetchurl {
url = "https://www.opensmtpd.org/archives/${pname}-${version}.tar.gz";
diff --git a/pkgs/servers/mail/popa3d/default.nix b/pkgs/servers/mail/popa3d/default.nix
index 9678bfe3fa28a..d36d26b5d520a 100644
--- a/pkgs/servers/mail/popa3d/default.nix
+++ b/pkgs/servers/mail/popa3d/default.nix
@@ -1,4 +1,4 @@
-{ lib, stdenv, fetchurl, openssl }:
+{ lib, stdenv, fetchurl, openssl, libxcrypt }:
stdenv.mkDerivation rec {
pname = "popa3d";
@@ -9,7 +9,7 @@ stdenv.mkDerivation rec {
sha256 = "1g48cd74sqhl496wmljhq44iyfpghaz363a1ip8nyhpjz7d57f03";
};
- buildInputs = [ openssl ];
+ buildInputs = [ openssl libxcrypt ];
patches = [
./fix-mail-spool-path.patch
diff --git a/pkgs/servers/monitoring/plugins/wmic-bin.nix b/pkgs/servers/monitoring/plugins/wmic-bin.nix
index 00e76624d102b..7ce7802eaf4a7 100644
--- a/pkgs/servers/monitoring/plugins/wmic-bin.nix
+++ b/pkgs/servers/monitoring/plugins/wmic-bin.nix
@@ -1,4 +1,4 @@
-{ stdenv, lib, fetchFromGitHub, autoPatchelfHook, popt }:
+{ stdenv, lib, fetchFromGitHub, autoPatchelfHook, popt, libxcrypt }:
stdenv.mkDerivation rec {
pname = "wmic-bin";
@@ -11,7 +11,7 @@ stdenv.mkDerivation rec {
sha256 = "1w1mdbiwz37wzry1q38h8dyjaa6iggmsb9wcyhhlawwm1vj50w48";
};
- buildInputs = [ popt ];
+ buildInputs = [ popt libxcrypt ];
nativeBuildInputs = [ autoPatchelfHook ];
diff --git a/pkgs/servers/news/leafnode/default.nix b/pkgs/servers/news/leafnode/default.nix
index 03aea95177a4d..32c59aea2bd37 100644
--- a/pkgs/servers/news/leafnode/default.nix
+++ b/pkgs/servers/news/leafnode/default.nix
@@ -1,4 +1,4 @@
-{ lib, stdenv, fetchurl, pcre }:
+{ lib, stdenv, fetchurl, pcre, libxcrypt }:
stdenv.mkDerivation {
pname = "leafnode";
@@ -27,7 +27,7 @@ stdenv.mkDerivation {
sed -i validatefqdn.c -e 's/int is_validfqdn(const char \*f) {/int is_validfqdn(const char *f) { return 1;/;'
'';
- buildInputs = [ pcre];
+ buildInputs = [ pcre libxcrypt ];
meta = {
homepage = "http://leafnode.sourceforge.net/";
diff --git a/pkgs/servers/pies/default.nix b/pkgs/servers/pies/default.nix
index d96835c94978f..9f5dfafcbea1d 100644
--- a/pkgs/servers/pies/default.nix
+++ b/pkgs/servers/pies/default.nix
@@ -1,4 +1,4 @@
-{ fetchurl, lib, stdenv }:
+{ fetchurl, lib, stdenv, libxcrypt }:
stdenv.mkDerivation rec {
pname = "pies";
@@ -9,6 +9,8 @@ stdenv.mkDerivation rec {
sha256 = "12r7rjjyibjdj08dvwbp0iflfpzl4s0zhn6cr6zj3hwf9gbzgl1g";
};
+ buildInputs = [ libxcrypt ];
+
configureFlags = ["--sysconfdir=/etc"];
hardeningDisable = [ "format" ];
diff --git a/pkgs/servers/pleroma/default.nix b/pkgs/servers/pleroma/default.nix
index e4204f28f1d5c..cb2d57112f332 100644
--- a/pkgs/servers/pleroma/default.nix
+++ b/pkgs/servers/pleroma/default.nix
@@ -1,6 +1,7 @@
{ lib, beamPackages
, fetchFromGitHub, fetchFromGitLab
, file, cmake
+, libxcrypt
, nixosTests, writeText
, ...
}:
@@ -129,6 +130,8 @@ beamPackages.mixRelease rec {
postInstall = "mv $out/lib/erlang/lib/crypt-${version}/priv/{source,crypt}.so";
beamDeps = with final; [ elixir_make ];
+
+ buildInputs = [ libxcrypt ];
};
web_push_encryption = beamPackages.buildMix rec {
name = "web_push_encryption";
diff --git a/pkgs/servers/pounce/default.nix b/pkgs/servers/pounce/default.nix
index 0d01f9cb7c493..e03d6e6827a15 100644
--- a/pkgs/servers/pounce/default.nix
+++ b/pkgs/servers/pounce/default.nix
@@ -1,4 +1,4 @@
-{ lib, stdenv, libressl, fetchzip, pkg-config }:
+{ lib, stdenv, libressl, fetchzip, pkg-config, libxcrypt }:
stdenv.mkDerivation rec {
pname = "pounce";
@@ -9,7 +9,7 @@ stdenv.mkDerivation rec {
sha256 = "17vmbfr7ika6kmq9jqa3rpd4cr71arapav7hlmggnj7a9yw5b9mg";
};
- buildInputs = [ libressl ];
+ buildInputs = [ libressl libxcrypt ];
nativeBuildInputs = [ pkg-config ];
diff --git a/pkgs/servers/pulseaudio/default.nix b/pkgs/servers/pulseaudio/default.nix
index 6b09105ef20a1..f1fc2a3573b7c 100644
--- a/pkgs/servers/pulseaudio/default.nix
+++ b/pkgs/servers/pulseaudio/default.nix
@@ -1,6 +1,6 @@
{ lib, stdenv, fetchurl, fetchpatch, pkg-config
, libsndfile, libtool, makeWrapper, perlPackages
-, xlibsWrapper, xorg, libcap, alsa-lib, glib, dconf
+, xorg, libcap, alsa-lib, glib, dconf
, avahi, libjack2, libasyncns, lirc, dbus
, sbc, bluez5, udev, openssl, fftwFloat
, soxr, speexdsp, systemd, webrtc-audio-processing
@@ -76,7 +76,7 @@ stdenv.mkDerivation rec {
++ lib.optionals (!libOnly) (
[ libasyncns webrtc-audio-processing ]
++ lib.optional jackaudioSupport libjack2
- ++ lib.optionals x11Support [ xlibsWrapper xorg.libXtst xorg.libXi ]
+ ++ lib.optionals x11Support [ xorg.libICE xorg.libSM xorg.libX11 xorg.libXi xorg.libXtst ]
++ lib.optional useSystemd systemd
++ lib.optionals stdenv.isLinux [ alsa-lib udev ]
++ lib.optional airtunesSupport openssl
diff --git a/pkgs/servers/search/groonga/default.nix b/pkgs/servers/search/groonga/default.nix
index ffe9f901df582..7b7717828e17e 100644
--- a/pkgs/servers/search/groonga/default.nix
+++ b/pkgs/servers/search/groonga/default.nix
@@ -1,4 +1,4 @@
-{ lib, stdenv, fetchurl, autoreconfHook, mecab, kytea, libedit, pkg-config
+{ lib, stdenv, fetchurl, autoreconfHook, mecab, kytea, libedit, pkg-config, libxcrypt
, suggestSupport ? false, zeromq, libevent, msgpack, openssl
, lz4Support ? false, lz4
, zlibSupport ? true, zlib
@@ -20,7 +20,7 @@ stdenv.mkDerivation rec {
'';
buildInputs = with lib;
- [ mecab kytea libedit openssl ]
+ [ mecab kytea libedit openssl libxcrypt ]
++ optional lz4Support lz4
++ optional zlibSupport zlib
++ optionals suggestSupport [ zeromq libevent msgpack ];
diff --git a/pkgs/servers/sip/freeswitch/default.nix b/pkgs/servers/sip/freeswitch/default.nix
index 66c294f5d4a89..2eb7e24ab380e 100644
--- a/pkgs/servers/sip/freeswitch/default.nix
+++ b/pkgs/servers/sip/freeswitch/default.nix
@@ -1,7 +1,7 @@
{ fetchFromGitHub, stdenv, lib, pkg-config, autoreconfHook
, ncurses, gnutls, readline
, openssl, perl, sqlite, libjpeg, speex, pcre, libuuid
-, ldns, libedit, yasm, which, libsndfile, libtiff
+, ldns, libedit, yasm, which, libsndfile, libtiff, libxcrypt
, callPackage
@@ -116,7 +116,7 @@ stdenv.mkDerivation rec {
openssl ncurses gnutls readline libjpeg
sqlite pcre speex ldns libedit
libsndfile libtiff
- libuuid
+ libuuid libxcrypt
]
++ lib.unique (lib.concatMap (mod: mod.inputs) enabledModules)
++ lib.optionals stdenv.isDarwin [ SystemConfiguration ];
diff --git a/pkgs/servers/sql/pgpool/default.nix b/pkgs/servers/sql/pgpool/default.nix
index 436217f2e63e5..10b8871c57861 100644
--- a/pkgs/servers/sql/pgpool/default.nix
+++ b/pkgs/servers/sql/pgpool/default.nix
@@ -3,6 +3,7 @@
, fetchurl
, postgresql
, openssl
+, libxcrypt
, withPam ? stdenv.isLinux
, pam
}:
@@ -20,6 +21,7 @@ stdenv.mkDerivation rec {
buildInputs = [
postgresql
openssl
+ libxcrypt
] ++ lib.optional withPam pam;
configureFlags = [
diff --git a/pkgs/servers/sql/postgresql/default.nix b/pkgs/servers/sql/postgresql/default.nix
index 942ede6270696..cc311c079cb81 100644
--- a/pkgs/servers/sql/postgresql/default.nix
+++ b/pkgs/servers/sql/postgresql/default.nix
@@ -21,7 +21,6 @@ let
}:
let
atLeast = lib.versionAtLeast version;
- icuEnabled = atLeast "10";
lz4Enabled = atLeast "14";
in stdenv.mkDerivation rec {
@@ -39,14 +38,13 @@ let
setOutputFlags = false; # $out retains configureFlags :-/
buildInputs =
- [ zlib readline openssl libxml2 ]
- ++ lib.optionals icuEnabled [ icu ]
+ [ zlib readline openssl libxml2 icu ]
++ lib.optionals lz4Enabled [ lz4 ]
++ lib.optionals enableSystemd [ systemd ]
++ lib.optionals gssSupport [ libkrb5 ]
++ lib.optionals (!stdenv.isDarwin) [ libossp_uuid ];
- nativeBuildInputs = [ makeWrapper ] ++ lib.optionals icuEnabled [ pkg-config ];
+ nativeBuildInputs = [ makeWrapper pkg-config ];
enableParallelBuilding = !stdenv.isDarwin;
@@ -62,14 +60,14 @@ let
configureFlags = [
"--with-openssl"
"--with-libxml"
+ "--with-icu"
"--sysconfdir=/etc"
"--libdir=$(lib)/lib"
"--with-system-tzdata=${tzdata}/share/zoneinfo"
"--enable-debug"
(lib.optionalString enableSystemd "--with-systemd")
(if stdenv.isDarwin then "--with-uuid=e2fs" else "--with-ossp-uuid")
- ] ++ lib.optionals icuEnabled [ "--with-icu" ]
- ++ lib.optionals lz4Enabled [ "--with-lz4" ]
+ ] ++ lib.optionals lz4Enabled [ "--with-lz4" ]
++ lib.optionals gssSupport [ "--with-gssapi" ]
++ lib.optionals stdenv.hostPlatform.isRiscV [ "--disable-spinlocks" ];
@@ -200,16 +198,6 @@ let
in self: {
- postgresql_10 = self.callPackage generic {
- version = "10.22";
- psqlSchema = "10.0"; # should be 10, but changing it is invasive
- hash = "sha256-lVl3VVxp3xpk9EuB1KGYfrdKu9GHBXn1rZ2UYTPdjk0=";
- this = self.postgresql_10;
- thisAttr = "postgresql_10";
- inherit self;
- icu = self.icu67;
- };
-
postgresql_11 = self.callPackage generic {
version = "11.17";
psqlSchema = "11.1"; # should be 11, but changing it is invasive
diff --git a/pkgs/servers/uwsgi/default.nix b/pkgs/servers/uwsgi/default.nix
index d24c482a8895a..2dc2c3230a82c 100644
--- a/pkgs/servers/uwsgi/default.nix
+++ b/pkgs/servers/uwsgi/default.nix
@@ -1,4 +1,4 @@
-{ stdenv, nixosTests, lib, fetchurl, pkg-config, jansson, pcre
+{ stdenv, nixosTests, lib, fetchurl, pkg-config, jansson, pcre, libxcrypt
# plugins: list of strings, eg. [ "python2" "python3" ]
, plugins ? []
, pam, withPAM ? stdenv.isLinux
@@ -74,7 +74,7 @@ stdenv.mkDerivation rec {
nativeBuildInputs = [ python3 pkg-config ];
- buildInputs = [ jansson pcre ]
+ buildInputs = [ jansson pcre libxcrypt ]
++ lib.optional withPAM pam
++ lib.optional withSystemd systemd
++ lib.optional withCap libcap
diff --git a/pkgs/servers/web-apps/sogo/default.nix b/pkgs/servers/web-apps/sogo/default.nix
index 286883722f64d..6517ad1a60011 100644
--- a/pkgs/servers/web-apps/sogo/default.nix
+++ b/pkgs/servers/web-apps/sogo/default.nix
@@ -1,4 +1,4 @@
-{ gnustep, lib, fetchFromGitHub, fetchpatch, makeWrapper, python3, lndir
+{ gnustep, lib, fetchFromGitHub, fetchpatch, makeWrapper, python3, lndir, libxcrypt
, openssl, openldap, sope, libmemcached, curl, libsodium, libytnef, libzip, pkg-config, nixosTests
, oath-toolkit
, enableActiveSync ? false
@@ -15,7 +15,7 @@ gnustep.stdenv.mkDerivation rec {
};
nativeBuildInputs = [ gnustep.make makeWrapper python3 pkg-config ];
- buildInputs = [ gnustep.base sope openssl libmemcached curl libsodium libytnef libzip openldap oath-toolkit ]
+ buildInputs = [ gnustep.base sope openssl libmemcached curl libsodium libytnef libzip openldap oath-toolkit libxcrypt ]
++ lib.optional enableActiveSync libwbxml;
patches = lib.optional enableActiveSync ./enable-activesync.patch;
diff --git a/pkgs/servers/x11/xorg/default.nix b/pkgs/servers/x11/xorg/default.nix
index 77d68e1d9aab7..b1a8c8eccacc9 100644
--- a/pkgs/servers/x11/xorg/default.nix
+++ b/pkgs/servers/x11/xorg/default.nix
@@ -1992,7 +1992,7 @@ lib.makeScope newScope (self: with self; {
}) {};
# THIS IS A GENERATED FILE. DO NOT EDIT!
- xdm = callPackage ({ stdenv, pkg-config, fetchurl, libX11, libXau, libXaw, libXdmcp, libXext, libXft, libXinerama, libXmu, libXpm, xorgproto, libXrender, libXt }: stdenv.mkDerivation {
+ xdm = callPackage ({ stdenv, pkg-config, fetchurl, libX11, libXau, libXaw, libXdmcp, libXext, libXft, libXinerama, libXmu, libXpm, libxcrypt, xorgproto, libXrender, libXt }: stdenv.mkDerivation {
pname = "xdm";
version = "1.1.12";
builder = ./builder.sh;
@@ -2003,7 +2003,7 @@ lib.makeScope newScope (self: with self; {
hardeningDisable = [ "bindnow" "relro" ];
strictDeps = true;
nativeBuildInputs = [ pkg-config ];
- buildInputs = [ libX11 libXau libXaw libXdmcp libXext libXft libXinerama libXmu libXpm xorgproto libXrender libXt ];
+ buildInputs = [ libX11 libXau libXaw libXdmcp libXext libXft libXinerama libXmu libXpm xorgproto libXrender libXt libxcrypt ];
meta.platforms = lib.platforms.unix;
}) {};
diff --git a/pkgs/shells/tcsh/default.nix b/pkgs/shells/tcsh/default.nix
index 4fac6eb13d640..8ca3eb5a9ee1b 100644
--- a/pkgs/shells/tcsh/default.nix
+++ b/pkgs/shells/tcsh/default.nix
@@ -2,6 +2,7 @@
, stdenv
, fetchurl
, fetchpatch
+, libxcrypt
, ncurses
}:
@@ -16,6 +17,7 @@ stdenv.mkDerivation rec {
strictDeps = true;
buildInputs = [
+ libxcrypt
ncurses
];
diff --git a/pkgs/stdenv/linux/default.nix b/pkgs/stdenv/linux/default.nix
index 03856d5c07111..dbaff342fb1af 100644
--- a/pkgs/stdenv/linux/default.nix
+++ b/pkgs/stdenv/linux/default.nix
@@ -221,7 +221,7 @@ in
# This is not an issue for the final stdenv, because this perl
# won't be included in the final stdenv and won't be exported to
# top-level pkgs as an override either.
- perl = super.perl.override { enableThreading = false; };
+ perl = super.perl.override { enableThreading = false; enableCrypt = false; };
};
})
diff --git a/pkgs/tools/backup/partimage/default.nix b/pkgs/tools/backup/partimage/default.nix
index afb8489e1f429..d5a2863d968d8 100644
--- a/pkgs/tools/backup/partimage/default.nix
+++ b/pkgs/tools/backup/partimage/default.nix
@@ -7,6 +7,7 @@
, openssl
, pkg-config
, slang
+, libxcrypt
, autoreconfHook
}:
stdenv.mkDerivation rec {
@@ -23,7 +24,7 @@ stdenv.mkDerivation rec {
configureFlags = [ "--with-ssl-headers=${openssl.dev}/include/openssl" ];
nativeBuildInputs = [ pkg-config autoreconfHook ];
- buildInputs = [ bzip2 zlib newt newt openssl slang ];
+ buildInputs = [ bzip2 zlib newt newt openssl slang libxcrypt ];
patches = [
./gentoos-zlib.patch
diff --git a/pkgs/tools/compression/xz/default.nix b/pkgs/tools/compression/xz/default.nix
index 86df04c266919..1f898dbdef4bc 100644
--- a/pkgs/tools/compression/xz/default.nix
+++ b/pkgs/tools/compression/xz/default.nix
@@ -10,11 +10,11 @@
stdenv.mkDerivation rec {
pname = "xz";
- version = "5.2.6";
+ version = "5.2.7";
src = fetchurl {
url = "https://tukaani.org/xz/xz-${version}.tar.bz2";
- sha256 = "E+NALjAbYBj2px7w5Jf3FMbRHiFK6C2rFWuBwqZKyyU=";
+ sha256 = "tl8dDCcI5XcW9N0iFpiac4R6xv20Fo/86xVXZ+Irg0s=";
};
strictDeps = true;
diff --git a/pkgs/tools/misc/conserver/default.nix b/pkgs/tools/misc/conserver/default.nix
index d8bb437404d41..30ac050ee0d33 100644
--- a/pkgs/tools/misc/conserver/default.nix
+++ b/pkgs/tools/misc/conserver/default.nix
@@ -3,6 +3,7 @@
, fetchFromGitHub
, fetchpatch
, autoreconfHook
+, libxcrypt
, gssapiSupport ? false
, libkrb5
, freeipmiSupport ? false
@@ -36,7 +37,7 @@ stdenv.mkDerivation rec {
nativeBuildInputs = [ autoreconfHook ];
- buildInputs = [ ]
+ buildInputs = [ libxcrypt ]
++ lib.optionals freeipmiSupport [ freeipmi ]
++ lib.optionals gssapiSupport [ libkrb5 ]
++ lib.optionals opensslSupport [ openssl ];
diff --git a/pkgs/development/python-modules/gigalixir/default.nix b/pkgs/tools/misc/gigalixir/default.nix
similarity index 76%
rename from pkgs/development/python-modules/gigalixir/default.nix
rename to pkgs/tools/misc/gigalixir/default.nix
index c32c98fb3dd26..c3710ca944871 100644
--- a/pkgs/development/python-modules/gigalixir/default.nix
+++ b/pkgs/tools/misc/gigalixir/default.nix
@@ -1,34 +1,26 @@
{ stdenv
, lib
-, buildPythonApplication
-, click
-, fetchPypi
+, python3
, git
-, httpretty
-, qrcode
-, pygments
-, pyopenssl
-, pytestCheckHook
-, requests
-, rollbar
-, stripe
-, pythonOlder
-, sure
}:
-buildPythonApplication rec {
+python3.pkgs.buildPythonApplication rec {
pname = "gigalixir";
version = "1.3.0";
format = "setuptools";
- disabled = pythonOlder "3.7";
-
- src = fetchPypi {
+ src = python3.pkgs.fetchPypi {
inherit pname version;
hash = "sha256-kNtybgv8j7t1tl6R5ZuC4vj5fnEcEenuNt0twA1kAh0=";
};
- propagatedBuildInputs = [
+ postPatch = ''
+ substituteInPlace setup.py \
+ --replace "'pytest-runner'," "" \
+ --replace "cryptography==" "cryptography>="
+ '';
+
+ propagatedBuildInputs = with python3.pkgs; [
click
pygments
pyopenssl
@@ -40,16 +32,11 @@ buildPythonApplication rec {
checkInputs = [
git
+ ] ++ (with python3.pkgs; [
httpretty
pytestCheckHook
sure
- ];
-
- postPatch = ''
- substituteInPlace setup.py \
- --replace "'pytest-runner'," "" \
- --replace "cryptography==" "cryptography>="
- '';
+ ]);
disabledTests = [
# Test requires network access
diff --git a/pkgs/tools/misc/kermit/default.nix b/pkgs/tools/misc/kermit/default.nix
index 33644e911c635..bccecde01cc75 100644
--- a/pkgs/tools/misc/kermit/default.nix
+++ b/pkgs/tools/misc/kermit/default.nix
@@ -1,4 +1,4 @@
-{ lib, stdenv, fetchurl, ncurses, glibc }:
+{ lib, stdenv, fetchurl, ncurses, libxcrypt }:
stdenv.mkDerivation {
pname = "kermit";
@@ -9,7 +9,7 @@ stdenv.mkDerivation {
sha256 = "0487mh6s99ijqf1pfmbm302pa5i4pzmm8s439hdl1ffs5g8jqpqd";
};
- buildInputs = [ ncurses glibc ];
+ buildInputs = [ ncurses libxcrypt ];
unpackPhase = ''
mkdir -p src
diff --git a/pkgs/tools/misc/ldapvi/default.nix b/pkgs/tools/misc/ldapvi/default.nix
index f8862cfa56774..dd0d34f50fe57 100644
--- a/pkgs/tools/misc/ldapvi/default.nix
+++ b/pkgs/tools/misc/ldapvi/default.nix
@@ -1,4 +1,4 @@
-{ lib, stdenv, fetchgit, openldap, openssl, popt, glib, ncurses, readline, pkg-config, cyrus_sasl, autoconf, automake }:
+{ lib, stdenv, fetchgit, openldap, openssl, popt, glib, libxcrypt, ncurses, readline, pkg-config, cyrus_sasl, autoconf, automake }:
stdenv.mkDerivation {
pname = "ldapvi";
@@ -11,7 +11,7 @@ stdenv.mkDerivation {
};
nativeBuildInputs = [ pkg-config autoconf automake ];
- buildInputs = [ openldap openssl popt glib ncurses readline cyrus_sasl ];
+ buildInputs = [ openldap openssl popt glib libxcrypt ncurses readline cyrus_sasl ];
preConfigure = ''
cd ldapvi
diff --git a/pkgs/tools/misc/screen/default.nix b/pkgs/tools/misc/screen/default.nix
index b5b3f2b189b69..f9d546a30fe35 100644
--- a/pkgs/tools/misc/screen/default.nix
+++ b/pkgs/tools/misc/screen/default.nix
@@ -1,4 +1,4 @@
-{ lib, stdenv, fetchurl, autoreconfHook, ncurses, utmp, pam ? null }:
+{ lib, stdenv, fetchurl, autoreconfHook, ncurses, libxcrypt, utmp, pam ? null }:
stdenv.mkDerivation rec {
pname = "screen";
@@ -22,6 +22,7 @@ stdenv.mkDerivation rec {
];
buildInputs = [
ncurses
+ libxcrypt
] ++ lib.optional stdenv.isLinux pam
++ lib.optional stdenv.isDarwin utmp;
diff --git a/pkgs/tools/misc/toybox/default.nix b/pkgs/tools/misc/toybox/default.nix
index fc9465f35cdc1..c94537c0bfd24 100644
--- a/pkgs/tools/misc/toybox/default.nix
+++ b/pkgs/tools/misc/toybox/default.nix
@@ -1,6 +1,6 @@
{
stdenv, lib, fetchFromGitHub, which,
- buildPackages,
+ buildPackages, libxcrypt,
enableStatic ? stdenv.hostPlatform.isStatic,
enableMinimal ? false,
extraConfig ? ""
@@ -18,8 +18,12 @@ stdenv.mkDerivation rec {
};
depsBuildBuild = [ buildPackages.stdenv.cc ]; # needed for cross
- buildInputs = lib.optionals (enableStatic && stdenv.cc.libc ? static)
- [ stdenv.cc.libc stdenv.cc.libc.static ];
+ buildInputs = [
+ libxcrypt
+ ] ++lib.optionals (enableStatic && stdenv.cc.libc ? static) [
+ stdenv.cc.libc
+ stdenv.cc.libc.static
+ ];
postPatch = "patchShebangs .";
diff --git a/pkgs/tools/networking/dcap/default.nix b/pkgs/tools/networking/dcap/default.nix
index f606c3f6cd6a8..3ee1a389ef946 100644
--- a/pkgs/tools/networking/dcap/default.nix
+++ b/pkgs/tools/networking/dcap/default.nix
@@ -6,6 +6,7 @@
, libtool
, zlib
, cunit
+, libxcrypt
}:
stdenv.mkDerivation rec {
pname = "dcap";
@@ -19,7 +20,7 @@ stdenv.mkDerivation rec {
};
nativeBuildInputs = [ autoconf automake libtool ];
- buildInputs = [ zlib ];
+ buildInputs = [ zlib libxcrypt ];
preConfigure = ''
patchShebangs bootstrap.sh
diff --git a/pkgs/tools/networking/dnsmasq/default.nix b/pkgs/tools/networking/dnsmasq/default.nix
index ba17f10e96c78..1eb8b85166fe5 100644
--- a/pkgs/tools/networking/dnsmasq/default.nix
+++ b/pkgs/tools/networking/dnsmasq/default.nix
@@ -2,6 +2,7 @@
, libidn, libnetfilter_conntrack, buildPackages
, dbusSupport ? stdenv.isLinux
, dbus
+, nixosTests
}:
with lib;
@@ -17,11 +18,11 @@ let
in
stdenv.mkDerivation rec {
pname = "dnsmasq";
- version = "2.86";
+ version = "2.87";
src = fetchurl {
url = "https://www.thekelleys.org.uk/dnsmasq/${pname}-${version}.tar.xz";
- sha256 = "sha256-KNUs/J4gBKxPhSdPUrMuFke028l2G4Ln3h5BxJkH6wg=";
+ sha256 = "sha256-AijANkp/I1b9fn8VSZN8vzCZp407LrG6W7DDHiuJ3no=";
};
postPatch = lib.optionalString stdenv.hostPlatform.isLinux ''
@@ -77,6 +78,15 @@ stdenv.mkDerivation rec {
++ optionals dbusSupport [ dbus ]
++ optionals stdenv.isLinux [ libnetfilter_conntrack ];
+ passthru.tests = {
+ prometheus-exporter = nixosTests.prometheus-exporters.dnsmasq;
+
+ # these tests use dnsmasq incidentally
+ inherit (nixosTests) dnscrypt-proxy2;
+ kubernetes-dns-single = nixosTests.kubernetes.dns-single-node;
+ kubernetes-dns-multi = nixosTests.kubernetes.dns-multi-node;
+ };
+
meta = {
description = "An integrated DNS, DHCP and TFTP server for small networks";
homepage = "https://www.thekelleys.org.uk/dnsmasq/doc.html";
diff --git a/pkgs/tools/networking/dropbear/default.nix b/pkgs/tools/networking/dropbear/default.nix
index 30efbcc508d0b..e15b0072be769 100644
--- a/pkgs/tools/networking/dropbear/default.nix
+++ b/pkgs/tools/networking/dropbear/default.nix
@@ -1,4 +1,4 @@
-{ lib, stdenv, fetchurl, glibc, zlib
+{ lib, stdenv, fetchurl, glibc, zlib, libxcrypt
, enableStatic ? stdenv.hostPlatform.isStatic
, enableSCP ? false
, sftpPath ? "/run/current-system/sw/libexec/sftp-server"
@@ -49,7 +49,7 @@ stdenv.mkDerivation rec {
./pass-path.patch
];
- buildInputs = [ zlib ] ++ lib.optionals enableStatic [ glibc.static zlib.static ];
+ buildInputs = [ zlib libxcrypt ] ++ lib.optionals enableStatic [ glibc.static zlib.static ];
meta = with lib; {
homepage = "https://matt.ucc.asn.au/dropbear/dropbear.html";
diff --git a/pkgs/tools/networking/haproxy/default.nix b/pkgs/tools/networking/haproxy/default.nix
index e43c58d78d489..7928905762e55 100644
--- a/pkgs/tools/networking/haproxy/default.nix
+++ b/pkgs/tools/networking/haproxy/default.nix
@@ -2,7 +2,7 @@
, usePcre ? true
, withPrometheusExporter ? true
, stdenv, lib, fetchurl, nixosTests
-, openssl, zlib
+, openssl, zlib, libxcrypt
, lua5_3 ? null, pcre ? null, systemd ? null
}:
@@ -18,7 +18,7 @@ stdenv.mkDerivation rec {
sha256 = "sha256-0MgMkMBK55WYtYuXSdU3h/APe1FRdefYID8nluamWU0=";
};
- buildInputs = [ openssl zlib ]
+ buildInputs = [ openssl zlib libxcrypt ]
++ lib.optional useLua lua5_3
++ lib.optional usePcre pcre
++ lib.optional stdenv.isLinux systemd;
diff --git a/pkgs/tools/networking/libreswan/default.nix b/pkgs/tools/networking/libreswan/default.nix
index 25ad29b1cfe71..01ac1af23ef0d 100644
--- a/pkgs/tools/networking/libreswan/default.nix
+++ b/pkgs/tools/networking/libreswan/default.nix
@@ -11,6 +11,7 @@
, pam
, libevent
, libcap_ng
+, libxcrypt
, curl
, nspr
, bash
@@ -66,7 +67,7 @@ stdenv.mkDerivation rec {
buildInputs = [
systemd coreutils
gnused gawk gmp unbound pam libevent
- libcap_ng curl nspr nss ldns
+ libcap_ng libxcrypt curl nspr nss ldns
# needed to patch shebangs
python3 bash
] ++ lib.optional stdenv.isLinux libselinux;
diff --git a/pkgs/tools/networking/lsh/default.nix b/pkgs/tools/networking/lsh/default.nix
index 07f0524d5f4fa..7c5e09b950ae1 100644
--- a/pkgs/tools/networking/lsh/default.nix
+++ b/pkgs/tools/networking/lsh/default.nix
@@ -1,5 +1,5 @@
{ lib, stdenv, fetchurl, gperf, guile, gmp, zlib, liboop, readline, gnum4, pam
-, nettools, lsof, procps }:
+, nettools, lsof, procps, libxcrypt }:
stdenv.mkDerivation rec {
pname = "lsh";
@@ -38,7 +38,7 @@ stdenv.mkDerivation rec {
# Should be present in upcoming 2.1 release.
NIX_CFLAGS_COMPILE = "-std=gnu90 -fcommon";
- buildInputs = [ gperf guile gmp zlib liboop readline gnum4 pam ];
+ buildInputs = [ gperf guile gmp zlib liboop readline gnum4 pam libxcrypt ];
meta = {
description = "GPL'd implementation of the SSH protocol";
diff --git a/pkgs/tools/networking/mailutils/default.nix b/pkgs/tools/networking/mailutils/default.nix
index faccef57697a0..225b208822a3a 100644
--- a/pkgs/tools/networking/mailutils/default.nix
+++ b/pkgs/tools/networking/mailutils/default.nix
@@ -22,6 +22,7 @@
, python3
, sasl
, system-sendmail
+, libxcrypt
}:
stdenv.mkDerivation rec {
@@ -63,6 +64,7 @@ stdenv.mkDerivation rec {
python3
readline
sasl
+ libxcrypt
] ++ lib.optionals stdenv.isLinux [ nettools ];
patches = [
diff --git a/pkgs/tools/networking/ocserv/default.nix b/pkgs/tools/networking/ocserv/default.nix
index 067c614f58509..29801eebbd78d 100644
--- a/pkgs/tools/networking/ocserv/default.nix
+++ b/pkgs/tools/networking/ocserv/default.nix
@@ -1,6 +1,6 @@
{ lib, stdenv, fetchFromGitLab, autoreconfHook, pkg-config, nettle, gnutls
, libev, protobufc, guile, geoip, libseccomp, gperf, readline
-, lz4, libgssglue, ronn, pam
+, lz4, libgssglue, ronn, pam, libxcrypt
}:
stdenv.mkDerivation rec {
@@ -15,7 +15,7 @@ stdenv.mkDerivation rec {
};
nativeBuildInputs = [ autoreconfHook gperf pkg-config ronn ];
- buildInputs = [ nettle gnutls libev protobufc guile geoip libseccomp readline lz4 libgssglue pam ];
+ buildInputs = [ nettle gnutls libev protobufc guile geoip libseccomp readline lz4 libgssglue pam libxcrypt ];
meta = with lib; {
homepage = "https://gitlab.com/openconnect/ocserv";
diff --git a/pkgs/tools/networking/openssh/default.nix b/pkgs/tools/networking/openssh/default.nix
index 55aec86bee57e..7a2be129b8ddd 100644
--- a/pkgs/tools/networking/openssh/default.nix
+++ b/pkgs/tools/networking/openssh/default.nix
@@ -6,11 +6,11 @@ in
openssh = common rec {
pname = "openssh";
- version = "9.0p1";
+ version = "9.1p1";
src = fetchurl {
url = "mirror://openbsd/OpenSSH/portable/openssh-${version}.tar.gz";
- sha256 = "12m2f9czvgmi7akp7xah6y7mrrpi280a3ksk47iwr7hy2q1475q3";
+ hash = "sha256-GfhQCcfj4jeH8CNvuxV4OSq01L+fjsX+a8HNfov90og=";
};
extraPatches = [ ./ssh-keysign-8.5.patch ];
diff --git a/pkgs/tools/networking/ppp/default.nix b/pkgs/tools/networking/ppp/default.nix
index d39607338e74f..be50397bf1d0a 100644
--- a/pkgs/tools/networking/ppp/default.nix
+++ b/pkgs/tools/networking/ppp/default.nix
@@ -3,8 +3,10 @@
, fetchFromGitHub
, substituteAll
, libpcap
+, libxcrypt
, openssl
, bash
+, nixosTests
}:
stdenv.mkDerivation rec {
@@ -31,6 +33,7 @@ stdenv.mkDerivation rec {
buildInputs = [
libpcap
+ libxcrypt
openssl
bash
];
@@ -48,6 +51,8 @@ stdenv.mkDerivation rec {
"CC=${stdenv.cc.targetPrefix}cc"
];
+ NIX_LDFLAGS = "-lcrypt";
+
installPhase = ''
runHook preInstall
mkdir -p $out/bin
@@ -60,6 +65,10 @@ stdenv.mkDerivation rec {
substituteInPlace "$out/bin/pon" --replace "/usr/sbin" "$out/bin"
'';
+ passthru.tests = {
+ inherit (nixosTests) pppd;
+ };
+
meta = with lib; {
homepage = "https://ppp.samba.org";
description = "Point-to-point implementation to provide Internet connections over serial lines";
diff --git a/pkgs/tools/networking/srelay/default.nix b/pkgs/tools/networking/srelay/default.nix
index da09395fc7a8a..709e4f9594a48 100644
--- a/pkgs/tools/networking/srelay/default.nix
+++ b/pkgs/tools/networking/srelay/default.nix
@@ -1,4 +1,4 @@
-{ lib, stdenv, fetchurl }:
+{ lib, stdenv, fetchurl, libxcrypt }:
stdenv.mkDerivation rec {
pname = "srelay";
@@ -11,6 +11,8 @@ stdenv.mkDerivation rec {
patches = [ ./arm.patch ];
+ buildInputs = [ libxcrypt ];
+
installPhase = "install -D srelay $out/bin/srelay";
meta = {
diff --git a/pkgs/tools/networking/xrootd/default.nix b/pkgs/tools/networking/xrootd/default.nix
index 24354f3ec7c1c..454ee09446209 100644
--- a/pkgs/tools/networking/xrootd/default.nix
+++ b/pkgs/tools/networking/xrootd/default.nix
@@ -9,6 +9,7 @@
, fuse
, libkrb5
, libuuid
+, libxcrypt
, libxml2
, openssl
, readline
@@ -48,6 +49,7 @@ stdenv.mkDerivation rec {
curl
libkrb5
libuuid
+ libxcrypt
libxml2
openssl
readline
diff --git a/pkgs/tools/package-management/cde/default.nix b/pkgs/tools/package-management/cde/default.nix
index 5e86e2affb32f..43a32eccda16d 100644
--- a/pkgs/tools/package-management/cde/default.nix
+++ b/pkgs/tools/package-management/cde/default.nix
@@ -1,4 +1,4 @@
-{ lib, stdenv, fetchFromGitHub }:
+{ lib, stdenv, fetchFromGitHub, libxcrypt }:
stdenv.mkDerivation rec {
pname = "cde";
@@ -17,6 +17,8 @@ stdenv.mkDerivation rec {
# useful.
preferLocalBuild = true;
+ buildInputs = [ libxcrypt ];
+
patchBuild = ''
sed -i -e '/install/d' $src/Makefile
'';
diff --git a/pkgs/development/python-modules/poetry2conda/default.nix b/pkgs/tools/package-management/poetry2conda/default.nix
similarity index 84%
rename from pkgs/development/python-modules/poetry2conda/default.nix
rename to pkgs/tools/package-management/poetry2conda/default.nix
index 7f5268a23dc46..1e570156f8c96 100644
--- a/pkgs/development/python-modules/poetry2conda/default.nix
+++ b/pkgs/tools/package-management/poetry2conda/default.nix
@@ -1,15 +1,9 @@
{ lib
-, buildPythonApplication
, fetchFromGitHub
-, pytest-mock
-, pytestCheckHook
-, toml
-, poetry
-, poetry-semver
-, pyyaml
+, python3
}:
-buildPythonApplication rec {
+with python3.pkgs; buildPythonApplication rec {
pname = "poetry2conda";
version = "0.3.0";
diff --git a/pkgs/tools/security/bitwarden/default.nix b/pkgs/tools/security/bitwarden/default.nix
index 842eb758c3002..752cd7076ea26 100644
--- a/pkgs/tools/security/bitwarden/default.nix
+++ b/pkgs/tools/security/bitwarden/default.nix
@@ -14,11 +14,11 @@
stdenv.mkDerivation rec {
pname = "bitwarden";
- version = "2022.8.1";
+ version = "2022.9.1";
src = fetchurl {
url = "https://github.com/bitwarden/clients/releases/download/desktop-v${version}/Bitwarden-${version}-amd64.deb";
- sha256 = "sha256-MmhHs1Gp6H1CkLO/yCBhsF0KMiYXz37D6QP26fS+/u0=";
+ sha256 = "sha256-KauvzxLzTVKu2kdfqErjm5QLfTI1uaYLBSUcNDCsJT0=";
};
desktopItem = makeDesktopItem {
diff --git a/pkgs/tools/security/ibm-sw-tpm2/default.nix b/pkgs/tools/security/ibm-sw-tpm2/default.nix
index c5b738678aa2c..012d492aacad6 100644
--- a/pkgs/tools/security/ibm-sw-tpm2/default.nix
+++ b/pkgs/tools/security/ibm-sw-tpm2/default.nix
@@ -1,23 +1,14 @@
-{ stdenv, fetchurl, fetchpatch, lib, openssl }:
+{ stdenv, fetchurl, lib, openssl }:
stdenv.mkDerivation rec {
pname = "ibm-sw-tpm2";
- version = "1661";
+ version = "1682";
src = fetchurl {
url = "mirror://sourceforge/ibmswtpm2/ibmtpm${version}.tar.gz";
- sha256 = "sha256-VRRZKK0rJPNL5qDqz5+0kuEODqkZuEKMch+pcOhdYUc=";
+ hash = "sha256-PLZC+HGheyPVCwRuX5X0ScIodBX8HnrrS9u4kg28s48=";
};
- patches = [
- (fetchpatch {
- url = "https://github.com/kgoldman/ibmswtpm2/commit/e6684009aff9c1bad38875e3319c2e02ef791424.patch";
- sha256 = "1flzlri807c88agmpb0w8xvh5f16mmqv86xw4ic4z272iynzd40j";
- })
- ];
-
- patchFlags = [ "-p2" ];
-
buildInputs = [ openssl ];
sourceRoot = "src";
diff --git a/pkgs/tools/security/mokutil/default.nix b/pkgs/tools/security/mokutil/default.nix
index b408e4d2c80eb..5a597b73a7cec 100644
--- a/pkgs/tools/security/mokutil/default.nix
+++ b/pkgs/tools/security/mokutil/default.nix
@@ -6,6 +6,7 @@
, openssl
, efivar
, keyutils
+, libxcrypt
}:
stdenv.mkDerivation rec {
@@ -28,6 +29,7 @@ stdenv.mkDerivation rec {
openssl
efivar
keyutils
+ libxcrypt
];
meta = with lib; {
diff --git a/pkgs/tools/security/super/default.nix b/pkgs/tools/security/super/default.nix
index eba7def957ce3..1c2e9cbd4ab4e 100644
--- a/pkgs/tools/security/super/default.nix
+++ b/pkgs/tools/security/super/default.nix
@@ -1,4 +1,4 @@
-{ lib, stdenv, fetchurl, fetchpatch }:
+{ lib, stdenv, fetchurl, fetchpatch, libxcrypt }:
stdenv.mkDerivation rec {
pname = "super";
@@ -37,6 +37,8 @@ stdenv.mkDerivation rec {
"--localstatedir=/var"
];
+ buildInputs = [ libxcrypt ];
+
installFlags = [ "sysconfdir=$(out)/etc" "localstatedir=$(TMPDIR)" ];
meta = {
diff --git a/pkgs/tools/system/monit/default.nix b/pkgs/tools/system/monit/default.nix
index b338f6a80d6af..07b0163b5ac99 100644
--- a/pkgs/tools/system/monit/default.nix
+++ b/pkgs/tools/system/monit/default.nix
@@ -4,6 +4,7 @@
, bison
, flex
, zlib
+, libxcrypt
, usePAM ? stdenv.hostPlatform.isLinux
, pam
, useSSL ? true
@@ -20,7 +21,7 @@ stdenv.mkDerivation rec {
};
nativeBuildInputs = [ bison flex ];
- buildInputs = [ zlib.dev ] ++
+ buildInputs = [ zlib.dev libxcrypt ] ++
lib.optionals useSSL [ openssl ] ++
lib.optionals usePAM [ pam ];
diff --git a/pkgs/tools/typesetting/rfc-bibtex/default.nix b/pkgs/tools/typesetting/rfc-bibtex/default.nix
new file mode 100644
index 0000000000000..de38b4cd29c26
--- /dev/null
+++ b/pkgs/tools/typesetting/rfc-bibtex/default.nix
@@ -0,0 +1,33 @@
+{ lib
+, fetchFromGitHub
+, python3
+}:
+
+with python3.pkgs; buildPythonApplication rec {
+ pname = "rfc-bibtex";
+ version = "0.3.2";
+ format = "setuptools";
+
+ src = fetchFromGitHub {
+ owner = "iluxonchik";
+ repo = pname;
+ rev = "refs/tags/${version}";
+ hash = "sha256-bPCNQqiG50vWVFA6J2kyxftwsXunHTNBdSkoIRYkb0s=";
+ };
+
+ checkInputs = [
+ pytestCheckHook
+ vcrpy
+ ];
+
+ pythonImportsCheck = [
+ "rfc_bibtex"
+ ];
+
+ meta = with lib; {
+ homepage = "https://github.com/iluxonchik/rfc-bibtex/";
+ description = "Generate Bibtex entries for IETF RFCs and Internet-Drafts";
+ license = licenses.mit;
+ maintainers = with maintainers; [ teto ];
+ };
+}
diff --git a/pkgs/top-level/aliases.nix b/pkgs/top-level/aliases.nix
index 2e2e4bf5c79ee..3831f61aca7e3 100644
--- a/pkgs/top-level/aliases.nix
+++ b/pkgs/top-level/aliases.nix
@@ -924,6 +924,7 @@ mapAliases ({
# postgresql
postgresql96 = throw "'postgresql96' has been renamed to/replaced by 'postgresql_9_6'"; # Converted to throw 2022-09-24
postgresql_9_6 = throw "postgresql_9_6 has been removed from nixpkgs, as this version is no longer supported by upstream"; # Added 2021-12-03
+ postgresql_10 = throw "postgresql_10 has been removed from nixpkgs, as this version went EOL on 2022-11-10"; # Added 2022-08-01
# postgresql plugins
cstore_fdw = throw "'cstore_fdw' has been renamed to/replaced by 'postgresqlPackages.cstore_fdw'"; # Converted to throw 2022-09-24
diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
index a63f783a98e02..d52732ae104d3 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -745,6 +745,8 @@ with pkgs;
owl = callPackage ../tools/networking/owl { };
+ mutmut = callPackage ../development/tools/mutmut { };
+
packcc = callPackage ../development/tools/packcc { };
packer = callPackage ../development/tools/packer { };
@@ -2425,7 +2427,7 @@ with pkgs;
cod = callPackage ../tools/misc/cod { };
- codespell = with python3Packages; toPythonApplication codespell;
+ codespell = callPackage ../development/tools/codespell { };
coolreader = libsForQt5.callPackage ../applications/misc/coolreader {};
@@ -3106,6 +3108,8 @@ with pkgs;
tezos-rust-libs = callPackage ../development/libraries/tezos-rust-libs { };
+ behave = with python3Packages; toPythonApplication behave;
+
behdad-fonts = callPackage ../data/fonts/behdad-fonts { };
bfetch = callPackage ../tools/misc/bfetch { };
@@ -4553,6 +4557,8 @@ with pkgs;
notify = callPackage ../tools/misc/notify { };
+ notifymuch = callPackage ../applications/misc/notifymuch { };
+
npins = callPackage ../tools/nix/npins { };
nrsc5 = callPackage ../applications/misc/nrsc5 { };
@@ -4938,7 +4944,13 @@ with pkgs;
enableExtraPlugins = true;
};
- asciidoctor = callPackage ../tools/typesetting/asciidoctor { };
+ asciidoctor = callPackage ../tools/typesetting/asciidoctor {
+ bundlerApp = bundlerApp.override {
+ # asciidoc supports both ruby 2 and 3,
+ # but we don't want to be stuck on it:
+ ruby = ruby_3_1;
+ };
+ };
asciidoctor-with-extensions = callPackage ../tools/typesetting/asciidoctor-with-extensions { };
@@ -7296,6 +7308,8 @@ with pkgs;
hamlib = hamlib_4;
};
+ gprof2dot = with python3Packages; toPythonApplication gprof2dot;
+
gprojector = callPackage ../applications/science/astronomy/gprojector { };
gptfdisk = callPackage ../tools/system/gptfdisk { };
@@ -7747,9 +7761,7 @@ with pkgs;
jamulus = libsForQt5.callPackage ../applications/audio/jamulus { };
- ibm-sw-tpm2 = callPackage ../tools/security/ibm-sw-tpm2 {
- openssl = openssl_1_1;
- };
+ ibm-sw-tpm2 = callPackage ../tools/security/ibm-sw-tpm2 { };
ibniz = callPackage ../tools/graphics/ibniz { };
@@ -8075,6 +8087,8 @@ with pkgs;
jsawk = callPackage ../tools/text/jsawk { };
+ jsbeautifier = with python3Packages; toPythonApplication jsbeautifier;
+
jscoverage = callPackage ../development/tools/misc/jscoverage { };
jsduck = callPackage ../development/tools/jsduck { };
@@ -10465,6 +10479,8 @@ with pkgs;
pyocd = python3Packages.callPackage ../development/embedded/pyocd { };
+ pypass = with python3Packages; toPythonApplication pypass;
+
pyspread = libsForQt5.callPackage ../applications/office/pyspread { };
teapot = callPackage ../applications/office/teapot { };
@@ -13487,6 +13503,8 @@ with pkgs;
fasmg = callPackage ../development/compilers/fasmg { };
+ filecheck = with python3Packages; toPythonApplication filecheck;
+
firrtl = callPackage ../development/compilers/firrtl { };
flasm = callPackage ../development/compilers/flasm { };
@@ -14946,16 +14964,17 @@ with pkgs;
sagittarius-scheme = callPackage ../development/compilers/sagittarius-scheme {};
sbclBootstrap = callPackage ../development/compilers/sbcl/bootstrap.nix {};
- sbcl_2_0_8 = callPackage ../development/compilers/sbcl/2.0.8.nix {};
- sbcl_2_0_9 = callPackage ../development/compilers/sbcl/2.0.9.nix {};
- sbcl_2_1_1 = callPackage ../development/compilers/sbcl/2.1.1.nix {};
- sbcl_2_1_2 = callPackage ../development/compilers/sbcl/2.1.2.nix {};
- sbcl_2_1_9 = callPackage ../development/compilers/sbcl/2.1.9.nix {};
- sbcl_2_1_10 = callPackage ../development/compilers/sbcl/2.1.10.nix {};
- sbcl_2_1_11 = callPackage ../development/compilers/sbcl/2.1.11.nix {};
- sbcl_2_2_4 = callPackage ../development/compilers/sbcl/2.2.4.nix {};
- sbcl_2_2_6 = callPackage ../development/compilers/sbcl/2.2.6.nix {};
- sbcl = sbcl_2_2_6;
+ sbcl_2_0_8 = callPackage ../development/compilers/sbcl/2.x.nix { version = "2.0.8"; };
+ sbcl_2_0_9 = callPackage ../development/compilers/sbcl/2.x.nix { version = "2.0.9"; };
+ sbcl_2_1_1 = callPackage ../development/compilers/sbcl/2.x.nix { version = "2.1.1"; };
+ sbcl_2_1_2 = callPackage ../development/compilers/sbcl/2.x.nix { version = "2.1.2"; };
+ sbcl_2_1_9 = callPackage ../development/compilers/sbcl/2.x.nix { version = "2.1.9"; };
+ sbcl_2_1_10 = callPackage ../development/compilers/sbcl/2.x.nix { version = "2.1.10"; };
+ sbcl_2_1_11 = callPackage ../development/compilers/sbcl/2.x.nix { version = "2.1.11"; };
+ sbcl_2_2_4 = callPackage ../development/compilers/sbcl/2.x.nix { version = "2.2.4"; };
+ sbcl_2_2_6 = callPackage ../development/compilers/sbcl/2.x.nix { version = "2.2.6"; };
+ sbcl_2_2_9 = callPackage ../development/compilers/sbcl/2.x.nix { version = "2.2.9"; };
+ sbcl = sbcl_2_2_9;
roswell = callPackage ../development/tools/roswell { };
@@ -15610,7 +15629,7 @@ with pkgs;
inherit pkgs lib;
};
- poetry2conda = python3Packages.callPackage ../development/python-modules/poetry2conda { };
+ poetry2conda = callPackage ../tools/package-management/poetry2conda { };
pip-audit = callPackage ../development/tools/pip-audit {};
@@ -16803,6 +16822,8 @@ with pkgs;
graphene = callPackage ../development/libraries/graphene { };
+ griffe = with python3Packages; toPythonApplication griffe;
+
gtk-doc = callPackage ../development/tools/documentation/gtk-doc { };
gtkdialog = callPackage ../development/tools/misc/gtkdialog { };
@@ -17739,6 +17760,8 @@ with pkgs;
mypy = with python3Packages; toPythonApplication mypy;
+ mypy-protobuf = with python3Packages; toPythonApplication mypy-protobuf;
+
nsis = callPackage ../development/tools/nsis { };
tockloader = callPackage ../development/tools/misc/tockloader { };
@@ -19385,8 +19408,6 @@ with pkgs;
krb5 = callPackage ../development/libraries/kerberos/krb5.nix {
inherit (buildPackages.darwin) bootstrap_cmds;
- # TODO: can be removed once we have 1.20
- openssl = openssl_1_1;
};
krb5Full = krb5;
libkrb5 = krb5.override { type = "lib"; };
@@ -20035,6 +20056,8 @@ with pkgs;
liblcf = callPackage ../development/libraries/liblcf { };
+ liblc3 = callPackage ../development/libraries/liblc3 { };
+
libliftoff = callPackage ../development/libraries/libliftoff { };
liblqr1 = callPackage ../development/libraries/liblqr-1 {
@@ -20705,7 +20728,13 @@ with pkgs;
libx86 = callPackage ../development/libraries/libx86 {};
- libxcrypt = callPackage ../development/libraries/libxcrypt { };
+ libxcrypt = callPackage ../development/libraries/libxcrypt {
+ fetchurl = stdenv.fetchurlBoot;
+ perl = buildPackages.perl.override {
+ enableCrypt = false;
+ fetchurl = stdenv.fetchurlBoot;
+ };
+ };
libxdg_basedir = callPackage ../development/libraries/libxdg-basedir { };
@@ -21292,6 +21321,10 @@ with pkgs;
openslp = callPackage ../development/libraries/openslp {};
openstackclient = with python3Packages; toPythonApplication python-openstackclient;
+ glanceclient = with python3Packages; toPythonApplication python-glanceclient;
+ heatclient = with python3Packages; toPythonApplication python-heatclient;
+ ironicclient = with python3Packages; toPythonApplication python-ironicclient;
+ manilaclient = with python3Packages; toPythonApplication python-manilaclient;
openvdb = callPackage ../development/libraries/openvdb {};
@@ -22063,7 +22096,7 @@ with pkgs;
sope = callPackage ../development/libraries/sope { };
- sord = callPackage ../development/libraries/sord {};
+ sord = callPackage ../development/libraries/sord { };
soundtouch = callPackage ../development/libraries/soundtouch {};
@@ -23873,7 +23906,6 @@ with pkgs;
timescaledb-tune = callPackage ../development/tools/database/timescaledb-tune { };
inherit (import ../servers/sql/postgresql pkgs)
- postgresql_10
postgresql_11
postgresql_12
postgresql_13
@@ -25419,6 +25451,7 @@ with pkgs;
withOomd = false;
withPCRE2 = false;
withPolkit = false;
+ withPortabled = false;
withRemote = false;
withResolved = false;
withShellCompletions = false;
@@ -27823,7 +27856,7 @@ with pkgs;
gg-scm = callPackage ../applications/version-management/git-and-tools/gg { };
- gigalixir = with python3Packages; toPythonApplication gigalixir;
+ gigalixir = callPackage ../tools/misc/gigalixir { };
go-libp2p-daemon = callPackage ../servers/go-libp2p-daemon { };
@@ -32214,7 +32247,7 @@ with pkgs;
};
neovimUtils = callPackage ../applications/editors/neovim/utils.nix {
- inherit (lua51Packages) buildLuarocksPackage;
+ lua = lua5_1;
};
neovim = wrapNeovim neovim-unwrapped { };
@@ -33285,6 +33318,8 @@ with pkgs;
nux = callPackage ../tools/misc/nux { };
+ phonemizer = with python3Packages; toPythonApplication phonemizer;
+
tts = callPackage ../tools/audio/tts { };
### GAMES
@@ -36604,7 +36639,7 @@ with pkgs;
renderizer = callPackage ../development/tools/renderizer {};
- rfc-bibtex = python3Packages.callPackage ../development/python-modules/rfc-bibtex { };
+ rfc-bibtex = callPackage ../tools/typesetting/rfc-bibtex { };
pick-colour-picker = python3Packages.callPackage ../applications/graphics/pick-colour-picker {
inherit glib gtk3 gobject-introspection wrapGAppsHook;
diff --git a/pkgs/top-level/python-aliases.nix b/pkgs/top-level/python-aliases.nix
index e41b075ce7103..79231ed51b078 100644
--- a/pkgs/top-level/python-aliases.nix
+++ b/pkgs/top-level/python-aliases.nix
@@ -43,6 +43,7 @@ mapAliases ({
bt_proximity = throw "'bt_proximity' has been renamed to/replaced by 'bt-proximity'"; # Converted to throw 2022-09-24
carrot = throw "carrot has been removed, as its development was discontinued in 2012"; # added 2022-01-18
class-registry = phx-class-registry; # added 2021-10-05
+ codespell = throw "codespell has been promoted to a top-level attribute"; # Added 2022-10-02
ConfigArgParse = throw "'ConfigArgParse' has been renamed to/replaced by 'configargparse'"; # Converted to throw 2022-09-24
cozy = throw "cozy was removed because it was not actually https://pypi.org/project/Cozy/."; # added 2022-01-14
cryptography_vectors = "cryptography_vectors is no longer exposed in python*Packages because it is used for testing cryptography only."; # Added 2022-03-23
@@ -73,6 +74,7 @@ mapAliases ({
flask_testing = flask-testing; # added 2022-04-25
flask_wtf = flask-wtf; # added 2022-05-24
garminconnect-ha = garminconnect; # added 2022-02-05
+ gigalixir = throw "gigalixir has been promoted to a top-level attribute"; # Added 2022-10-02
glances = throw "glances has moved to pkgs.glances"; # added 2020-20-28
google_api_python_client = throw "'google_api_python_client' has been renamed to/replaced by 'google-api-python-client'"; # Converted to throw 2022-09-24
googleapis_common_protos = throw "'googleapis_common_protos' has been renamed to/replaced by 'googleapis-common-protos'"; # Converted to throw 2022-09-24
@@ -101,14 +103,17 @@ mapAliases ({
mailman-web = throw "Please use pkgs.mailman-web"; # added 2022-04-29
mistune_0_8 = throw "mistune_0_8 was removed because it was outdated and insecure"; # added 2022-08-12
mistune_2_0 = mistune; # added 2022-08-12
+ mutmut = throw "mutmut has been promoted to a top-level attribute"; # added 2022-10-02
net2grid = gridnet; # add 2022-04-22
nose-cover3 = throw "nose-cover3 has been removed, it was using setuptools 2to3 translation feature, which has been removed in setuptools 58"; # added 2022-02-16
+ notifymuch = throw "notifymuch has been promoted to a top-level attribute"; # added 2022-10-02
ordereddict = throw "ordereddict has been removed because it is only useful on unsupported python versions."; # added 2022-05-28
pam = python-pam; # added 2020-09-07.
PasteDeploy = pastedeploy; # added 2021-10-07
pathpy = path; # added 2022-04-12
pdfminer = pdfminer-six; # added 2022-05-25
pep257 = pydocstyle; # added 2022-04-12
+ poetry2conda = throw "poetry2conda was promoted to a top-level attribute"; # Added 2022-10-02
poster3 = throw "poster3 is unmaintained and source is no longer available"; # added 2023-05-29
postorius = throw "Please use pkgs.mailmanPackages.postorius"; # added 2022-04-29
powerlineMemSegment = powerline-mem-segment; # added 2021-10-08
diff --git a/pkgs/top-level/python-packages.nix b/pkgs/top-level/python-packages.nix
index 879ffec6287a5..f163008d1923f 100644
--- a/pkgs/top-level/python-packages.nix
+++ b/pkgs/top-level/python-packages.nix
@@ -1966,8 +1966,6 @@ in {
codepy = callPackage ../development/python-modules/codepy { };
- codespell = callPackage ../development/python-modules/codespell { };
-
cogapp = callPackage ../development/python-modules/cogapp { };
coinmetrics-api-client = callPackage ../development/python-modules/coinmetrics-api-client { };
@@ -3807,8 +3805,6 @@ in {
gidgethub = callPackage ../development/python-modules/gidgethub { };
- gigalixir = callPackage ../development/python-modules/gigalixir { };
-
gin-config = callPackage ../development/python-modules/gin-config { };
gios = callPackage ../development/python-modules/gios { };
@@ -6033,8 +6029,6 @@ in {
mutf8 = callPackage ../development/python-modules/mutf8 { };
- mutmut = callPackage ../development/python-modules/mutmut { };
-
mujson = callPackage ../development/python-modules/mujson { };
mwclient = callPackage ../development/python-modules/mwclient { };
@@ -6335,8 +6329,6 @@ in {
notify2 = callPackage ../development/python-modules/notify2 { };
- notifymuch = callPackage ../development/python-modules/notifymuch {};
-
notmuch = callPackage ../development/python-modules/notmuch {
inherit (pkgs) notmuch;
};
@@ -7244,8 +7236,6 @@ in {
poetry-semver = callPackage ../development/python-modules/poetry-semver { };
- poetry2conda = callPackage ../development/python-modules/poetry2conda { };
-
poezio = callPackage ../applications/networking/instant-messengers/poezio { };
polars = callPackage ../development/python-modules/polars { };