diff --git a/doc/stdenv/stdenv.chapter.md b/doc/stdenv/stdenv.chapter.md
index d5d27cbf086..b57698cb90b 100644
--- a/doc/stdenv/stdenv.chapter.md
+++ b/doc/stdenv/stdenv.chapter.md
@@ -869,7 +869,7 @@ makeWrapper $out/bin/foo $wrapperfile --set FOOBAR baz
makeWrapper $out/bin/foo $wrapperfile --prefix PATH : ${lib.makeBinPath [ hello git ]}
```
-There’s many more kinds of arguments, they are documented in `nixpkgs/pkgs/build-support/setup-hooks/make-wrapper.sh` for the `makeWrapper` implementation and in `nixpkgs/pkgs/build-support/setup-hooks/make-binary-wrapper.sh` for the `makeBinaryWrapper` implementation.
+There’s many more kinds of arguments, they are documented in `nixpkgs/pkgs/build-support/setup-hooks/make-wrapper.sh` for the `makeWrapper` implementation and in `nixpkgs/pkgs/build-support/setup-hooks/make-binary-wrapper/make-binary-wrapper.sh` for the `makeBinaryWrapper` implementation.
`wrapProgram` is a convenience function you probably want to use most of the time, implemented by both `makeWrapper` and `makeBinaryWrapper`.
diff --git a/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml b/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml
index 35ac6bc6860..cebb90bf32c 100644
--- a/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml
+++ b/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml
@@ -116,6 +116,11 @@
have been removed.
+
+
+ PostgreSQL now defaults to major version 14.
+
+
The new
@@ -698,6 +703,18 @@
the IPv6 loopback address (::1).
+
+
+ openldap (and therefore the slapd LDAP
+ server) were updated to version 2.6.2. The project introduced
+ backwards-incompatible changes, namely the removal of the bdb,
+ hdb, ndb, and shell backends in slapd. Therefore before
+ updating, dump your database slapcat -n 1
+ in LDIF format, and reimport it after updating your
+ services.openldap.settings, which
+ represents your cn=config.
+
+
openssh has been update to 8.9p1, changing
diff --git a/nixos/doc/manual/release-notes/rl-2205.section.md b/nixos/doc/manual/release-notes/rl-2205.section.md
index 29429df05fc..3136a9607b6 100644
--- a/nixos/doc/manual/release-notes/rl-2205.section.md
+++ b/nixos/doc/manual/release-notes/rl-2205.section.md
@@ -45,6 +45,8 @@ In addition to numerous new and upgraded packages, this release has the followin
- Pulseaudio has been upgraded to version 15.0 and now optionally [supports additional Bluetooth audio codecs](https://www.freedesktop.org/wiki/Software/PulseAudio/Notes/15.0/#supportforldacandaptxbluetoothcodecsplussbcxqsbcwithhigher-qualityparameters) like aptX or LDAC, with codec switching support being available in `pavucontrol`. This feature is disabled by default but can be enabled by using `hardware.pulseaudio.package = pkgs.pulseaudioFull;`.
Existing 3rd party modules that provided similar functionality, like `pulseaudio-modules-bt` or `pulseaudio-hsphfpd` are deprecated and have been removed.
+- PostgreSQL now defaults to major version 14.
+
- The new [`postgresqlTestHook`](https://nixos.org/manual/nixpkgs/stable/#sec-postgresqlTestHook) runs a PostgreSQL server for the duration of package checks.
- [`kops`](https://kops.sigs.k8s.io) defaults to 1.22.4, which will enable [Instance Metadata Service Version 2](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/configuring-instance-metadata-service.html) and require tokens on new clusters with Kubernetes 1.22. This will increase security by default, but may break some types of workloads. See the [release notes](https://kops.sigs.k8s.io/releases/1.22-notes/) for details.
@@ -246,6 +248,8 @@ In addition to numerous new and upgraded packages, this release has the followin
- In the ncdns module, the default value of `services.ncdns.address` has been changed to the IPv6 loopback address (`::1`).
+- `openldap` (and therefore the slapd LDAP server) were updated to version 2.6.2. The project introduced backwards-incompatible changes, namely the removal of the bdb, hdb, ndb, and shell backends in slapd. Therefore before updating, dump your database `slapcat -n 1` in LDIF format, and reimport it after updating your `services.openldap.settings`, which represents your `cn=config`.
+
- `openssh` has been update to 8.9p1, changing the FIDO security key middleware interface.
- `git` no longer hardcodes the path to openssh' ssh binary to reduce the amount of rebuilds. If you are using git with ssh remotes and do not have a ssh binary in your enviroment consider adding `openssh` to it or switching to `gitFull`.
diff --git a/nixos/modules/services/databases/openldap.nix b/nixos/modules/services/databases/openldap.nix
index 2c1e25d4308..1967a2371bd 100644
--- a/nixos/modules/services/databases/openldap.nix
+++ b/nixos/modules/services/databases/openldap.nix
@@ -268,9 +268,14 @@ in {
};
systemd.services.openldap = {
- description = "LDAP server";
+ description = "OpenLDAP Server Daemon";
+ documentation = [
+ "man:slapd"
+ "man:slapd-config"
+ "man:slapd-mdb"
+ ];
wantedBy = [ "multi-user.target" ];
- after = [ "network.target" ];
+ after = [ "network-online.target" ];
preStart = let
settingsFile = pkgs.writeText "config.ldif" (lib.concatStringsSep "\n" (attrsToLdif "cn=config" cfg.settings));
@@ -306,7 +311,7 @@ in {
"${openldap}/libexec/slapd" "-u" cfg.user "-g" cfg.group "-F" configDir
"-h" (lib.concatStringsSep " " cfg.urlList)
]);
- Type = "forking";
+ Type = "notify";
PIDFile = cfg.settings.attrs.olcPidFile;
};
};
diff --git a/nixos/modules/services/databases/postgresql.nix b/nixos/modules/services/databases/postgresql.nix
index 2919022496a..550bd36efff 100644
--- a/nixos/modules/services/databases/postgresql.nix
+++ b/nixos/modules/services/databases/postgresql.nix
@@ -295,7 +295,8 @@ in
# Note: when changing the default, make it conditional on
# ‘system.stateVersion’ to maintain compatibility with existing
# systems!
- mkDefault (if versionAtLeast config.system.stateVersion "21.11" then pkgs.postgresql_13
+ mkDefault (if versionAtLeast config.system.stateVersion "22.05" then pkgs.postgresql_14
+ else if versionAtLeast config.system.stateVersion "21.11" then pkgs.postgresql_13
else if versionAtLeast config.system.stateVersion "20.03" then pkgs.postgresql_11
else if versionAtLeast config.system.stateVersion "17.09" then mkThrow "9_6"
else mkThrow "9_5");
diff --git a/pkgs/applications/editors/neovim/utils.nix b/pkgs/applications/editors/neovim/utils.nix
index e721457f2df..ee0abb58289 100644
--- a/pkgs/applications/editors/neovim/utils.nix
+++ b/pkgs/applications/editors/neovim/utils.nix
@@ -108,7 +108,7 @@ let
hostprog_check_table);
in
[
- "--argv0" "$0" "--add-flags" (lib.escapeShellArgs flags)
+ "--inherit-argv0" "--add-flags" (lib.escapeShellArgs flags)
] ++ lib.optionals withRuby [
"--set" "GEM_HOME" "${rubyEnv}/${rubyEnv.ruby.gemPath}"
] ++ lib.optionals (binPath != "") [
diff --git a/pkgs/applications/editors/vscode/generic.nix b/pkgs/applications/editors/vscode/generic.nix
index e1003180050..b4731b5701c 100644
--- a/pkgs/applications/editors/vscode/generic.nix
+++ b/pkgs/applications/editors/vscode/generic.nix
@@ -72,7 +72,7 @@ let
++ lib.optionals stdenv.isLinux [
autoPatchelfHook
nodePackages.asar
- (wrapGAppsHook.override { makeBinaryWrapper = makeWrapper; })
+ (wrapGAppsHook.override { inherit makeWrapper; })
];
dontBuild = true;
diff --git a/pkgs/applications/emulators/wine/base.nix b/pkgs/applications/emulators/wine/base.nix
index 47852d69e3b..7788b13b4ec 100644
--- a/pkgs/applications/emulators/wine/base.nix
+++ b/pkgs/applications/emulators/wine/base.nix
@@ -175,9 +175,7 @@ stdenv.mkDerivation ((lib.optionalAttrs (buildScript != null) {
done
'';
- # Until https://github.com/NixOS/nixpkgs/pull/172617 is applied,
- # parallel builds do not always work because of a bug in dlltool.
- enableParallelBuilding = false;
+ enableParallelBuilding = true;
# https://bugs.winehq.org/show_bug.cgi?id=43530
# https://github.com/NixOS/nixpkgs/issues/31989
diff --git a/pkgs/applications/networking/browsers/brave/default.nix b/pkgs/applications/networking/browsers/brave/default.nix
index a0f15253d6a..2983ced459f 100644
--- a/pkgs/applications/networking/browsers/brave/default.nix
+++ b/pkgs/applications/networking/browsers/brave/default.nix
@@ -104,7 +104,7 @@ stdenv.mkDerivation rec {
nativeBuildInputs = [
dpkg
- (wrapGAppsHook.override { makeBinaryWrapper = makeWrapper; })
+ (wrapGAppsHook.override { inherit makeWrapper; })
];
buildInputs = [
diff --git a/pkgs/applications/networking/browsers/firefox/common.nix b/pkgs/applications/networking/browsers/firefox/common.nix
index b2008a201d3..217b4e32388 100644
--- a/pkgs/applications/networking/browsers/firefox/common.nix
+++ b/pkgs/applications/networking/browsers/firefox/common.nix
@@ -68,6 +68,7 @@
, xorg
, zip
, zlib
+, pkgsBuildBuild
# optionals
@@ -142,16 +143,21 @@ let
# Target the LLVM version that rustc is built with for LTO.
llvmPackages0 = rustc.llvmPackages;
+ llvmPackagesBuildBuild0 = pkgsBuildBuild.rustc.llvmPackages;
# Force the use of lld and other llvm tools for LTO
llvmPackages = llvmPackages0.override {
bootBintoolsNoLibc = null;
bootBintools = null;
};
+ llvmPackagesBuildBuild = llvmPackagesBuildBuild0.override {
+ bootBintoolsNoLibc = null;
+ bootBintools = null;
+ };
# LTO requires LLVM bintools including ld.lld and llvm-ar.
buildStdenv = overrideCC llvmPackages.stdenv (llvmPackages.stdenv.cc.override {
- inherit (llvmPackages) bintools;
+ bintools = if ltoSupport then buildPackages.rustc.llvmPackages.bintools else stdenv.cc.bintools;
});
# Compile the wasm32 sysroot to build the RLBox Sandbox
@@ -217,10 +223,15 @@ buildStdenv.mkDerivation ({
# two patches.
patchFlags = [ "-p1" "-l" ];
+ # if not explicitly set, wrong cc from buildStdenv would be used
+ HOST_CC = "${llvmPackagesBuildBuild.stdenv.cc}/bin/cc";
+ HOST_CXX = "${llvmPackagesBuildBuild.stdenv.cc}/bin/c++";
+
nativeBuildInputs = [
autoconf
cargo
- llvmPackages.llvm # llvm-objdump
+ gnum4
+ llvmPackagesBuildBuild.bintools
makeWrapper
nodejs
perl
@@ -302,6 +313,9 @@ buildStdenv.mkDerivation ({
export MOZILLA_OFFICIAL=1
'';
+ # firefox has a different definition of configurePlatforms from nixpkgs, see configureFlags
+ configurePlatforms = [ ];
+
configureFlags = [
"--disable-tests"
"--disable-updater"
@@ -309,7 +323,7 @@ buildStdenv.mkDerivation ({
"--enable-default-toolkit=cairo-gtk3${lib.optionalString waylandSupport "-wayland"}"
"--enable-system-pixman"
"--with-distribution-id=org.nixos"
- "--with-libclang-path=${llvmPackages.libclang.lib}/lib"
+ "--with-libclang-path=${llvmPackagesBuildBuild.libclang.lib}/lib"
"--with-system-ffi"
"--with-system-icu"
"--with-system-jpeg"
@@ -320,6 +334,9 @@ buildStdenv.mkDerivation ({
"--with-system-png" # needs APNG support
"--with-system-webp"
"--with-system-zlib"
+ # for firefox, host is buildPlatform, target is hostPlatform
+ "--host=${buildStdenv.buildPlatform.config}"
+ "--target=${buildStdenv.hostPlatform.config}"
]
# LTO is done using clang and lld on Linux.
++ lib.optionals ltoSupport [
@@ -362,7 +379,6 @@ buildStdenv.mkDerivation ({
fontconfig
freetype
glib
- gnum4
gtk3
icu
libffi
diff --git a/pkgs/applications/networking/browsers/firefox/wrapper.nix b/pkgs/applications/networking/browsers/firefox/wrapper.nix
index 2efd9422328..6d93629e718 100644
--- a/pkgs/applications/networking/browsers/firefox/wrapper.nix
+++ b/pkgs/applications/networking/browsers/firefox/wrapper.nix
@@ -1,4 +1,4 @@
-{ stdenv, lib, makeDesktopItem, makeWrapper, lndir, config
+{ stdenv, lib, makeDesktopItem, makeWrapper, makeBinaryWrapper, lndir, config
, fetchurl, zip, unzip, jq, xdg-utils, writeText
## various stuff that can be plugged in
@@ -231,7 +231,7 @@ let
# Symbolic link: wrap the link's target.
oldExe="$(readlink -v --canonicalize-existing "$executablePath")"
rm "$executablePath"
- elif wrapperCmd=$(strings -dw "$executablePath" | sed -n '/^makeCWrapper/,/^$/ p'); [[ $wrapperCmd ]]; then
+ elif wrapperCmd=$(${makeBinaryWrapper.extractCmd} "$executablePath"); [[ $wrapperCmd ]]; then
# If the executable is a binary wrapper, we need to update its target to
# point to $out, but we can't just edit the binary in-place because of length
# issues. So we extract the command used to create the wrapper and add the
@@ -239,10 +239,7 @@ let
parseMakeCWrapperCall() {
shift # makeCWrapper
oldExe=$1; shift
- for arg do case $arg in
- --inherit-argv0) oldWrapperArgs+=(--argv0 '$0');; # makeWrapper doesn't understand --inherit-argv0
- *) oldWrapperArgs+=("$arg");;
- esac done
+ oldWrapperArgs=("$@")
}
eval "parseMakeCWrapperCall ''${wrapperCmd//"${browser}"/"$out"}"
rm "$executablePath"
diff --git a/pkgs/applications/networking/instant-messengers/discord/linux.nix b/pkgs/applications/networking/instant-messengers/discord/linux.nix
index f5d984bf3a6..b960caa64d8 100644
--- a/pkgs/applications/networking/instant-messengers/discord/linux.nix
+++ b/pkgs/applications/networking/instant-messengers/discord/linux.nix
@@ -1,5 +1,5 @@
{ pname, version, src, meta, binaryName, desktopName, autoPatchelfHook
-, makeDesktopItem, lib, stdenv, wrapGAppsHook, makeWrapper, alsa-lib, at-spi2-atk
+, makeDesktopItem, lib, stdenv, wrapGAppsHook, makeShellWrapper, alsa-lib, at-spi2-atk
, at-spi2-core, atk, cairo, cups, dbus, expat, fontconfig, freetype, gdk-pixbuf
, glib, gtk3, libcxx, libdrm, libnotify, libpulseaudio, libuuid, libX11
, libXScrnSaver, libXcomposite, libXcursor, libXdamage, libXext, libXfixes
@@ -24,7 +24,8 @@ stdenv.mkDerivation rec {
libxshmfence
mesa
nss
- (wrapGAppsHook.override { makeBinaryWrapper = makeWrapper; })
+ wrapGAppsHook
+ makeShellWrapper
];
dontWrapGApps = true;
@@ -78,7 +79,7 @@ stdenv.mkDerivation rec {
patchelf --set-interpreter ${stdenv.cc.bintools.dynamicLinker} \
$out/opt/${binaryName}/${binaryName}
- wrapProgram $out/opt/${binaryName}/${binaryName} \
+ wrapProgramShell $out/opt/${binaryName}/${binaryName} \
"''${gappsWrapperArgs[@]}" \
--add-flags "\''${NIXOS_OZONE_WL:+\''${WAYLAND_DISPLAY:+--enable-features=UseOzonePlatform --ozone-platform=wayland}}" \
--prefix XDG_DATA_DIRS : "${gtk3}/share/gsettings-schemas/${gtk3.name}/" \
diff --git a/pkgs/applications/networking/instant-messengers/signal-desktop/default.nix b/pkgs/applications/networking/instant-messengers/signal-desktop/default.nix
index d63c87ee5da..537f78fbcad 100644
--- a/pkgs/applications/networking/instant-messengers/signal-desktop/default.nix
+++ b/pkgs/applications/networking/instant-messengers/signal-desktop/default.nix
@@ -40,7 +40,7 @@ in stdenv.mkDerivation rec {
nativeBuildInputs = [
autoPatchelfHook
dpkg
- (wrapGAppsHook.override { makeBinaryWrapper = makeWrapper; })
+ (wrapGAppsHook.override { inherit makeWrapper; })
];
buildInputs = [
diff --git a/pkgs/applications/science/logic/tlaplus/toolbox.nix b/pkgs/applications/science/logic/tlaplus/toolbox.nix
index d84f0b2abf6..3c53e66c8bd 100644
--- a/pkgs/applications/science/logic/tlaplus/toolbox.nix
+++ b/pkgs/applications/science/logic/tlaplus/toolbox.nix
@@ -1,6 +1,6 @@
{ lib
, fetchzip
-, makeWrapper
+, makeShellWrapper
, makeDesktopItem
, stdenv
, gtk3
@@ -35,8 +35,8 @@ stdenv.mkDerivation rec {
buildInputs = [ gtk3 ];
nativeBuildInputs = [
- makeWrapper
- (wrapGAppsHook.override { makeBinaryWrapper = makeWrapper; })
+ makeShellWrapper
+ wrapGAppsHook
];
dontWrapGApps = true;
@@ -64,7 +64,7 @@ stdenv.mkDerivation rec {
--set-interpreter $(cat $NIX_CC/nix-support/dynamic-linker) \
"$(find "$out/toolbox" -name jspawnhelper)"
- makeWrapper $out/toolbox/toolbox $out/bin/tla-toolbox \
+ makeShellWrapper $out/toolbox/toolbox $out/bin/tla-toolbox \
--chdir "$out/toolbox" \
--add-flags "-data ~/.tla-toolbox" \
--prefix LD_LIBRARY_PATH : "${lib.makeLibraryPath [ gtk3 libXtst glib zlib ]}" \
diff --git a/pkgs/applications/video/mpv/wrapper.nix b/pkgs/applications/video/mpv/wrapper.nix
index 28414c3756d..3dfe83e2449 100644
--- a/pkgs/applications/video/mpv/wrapper.nix
+++ b/pkgs/applications/video/mpv/wrapper.nix
@@ -32,7 +32,7 @@ let
# All arguments besides the input and output binaries (${mpv}/bin/mpv and
# $out/bin/mpv). These are used by the darwin specific makeWrapper call
# used to wrap $out/Applications/mpv.app/Contents/MacOS/mpv as well.
- mostMakeWrapperArgs = lib.strings.escapeShellArgs ([ "--argv0" "'$0'"
+ mostMakeWrapperArgs = lib.strings.escapeShellArgs ([ "--inherit-argv0"
# These are always needed (TODO: Explain why)
"--prefix" "LUA_CPATH" ";" "${mpv.luaEnv}/lib/lua/${mpv.lua.luaversion}/?.so"
"--prefix" "LUA_PATH" ";" "${mpv.luaEnv}/share/lua/${mpv.lua.luaversion}/?.lua"
@@ -53,7 +53,7 @@ let
)) ++ extraMakeWrapperArgs)
;
umpvWrapperArgs = lib.strings.escapeShellArgs ([
- "--argv0" "'$0'"
+ "--inherit-argv0"
"--set" "MPV" "${placeholder "out"}/bin/mpv"
] ++ extraUmpvWrapperArgs)
;
diff --git a/pkgs/build-support/bintools-wrapper/default.nix b/pkgs/build-support/bintools-wrapper/default.nix
index 6b15aa0ddaf..4c2a13da015 100644
--- a/pkgs/build-support/bintools-wrapper/default.nix
+++ b/pkgs/build-support/bintools-wrapper/default.nix
@@ -184,40 +184,6 @@ stdenv.mkDerivation {
done
'';
- emulation = let
- fmt =
- /**/ if targetPlatform.isDarwin then "mach-o"
- else if targetPlatform.isWindows then "pe"
- else "elf" + toString targetPlatform.parsed.cpu.bits;
- endianPrefix = if targetPlatform.isBigEndian then "big" else "little";
- sep = optionalString (!targetPlatform.isMips && !targetPlatform.isPower && !targetPlatform.isRiscV) "-";
- arch =
- /**/ if targetPlatform.isAarch64 then endianPrefix + "aarch64"
- else if targetPlatform.isAarch32 then endianPrefix + "arm"
- else if targetPlatform.isx86_64 then "x86-64"
- else if targetPlatform.isx86_32 then "i386"
- else if targetPlatform.isMips then {
- mips = "btsmipn32"; # n32 variant
- mipsel = "ltsmipn32"; # n32 variant
- mips64 = "btsmip";
- mips64el = "ltsmip";
- }.${targetPlatform.parsed.cpu.name}
- else if targetPlatform.isMmix then "mmix"
- else if targetPlatform.isPower then if targetPlatform.isBigEndian then "ppc" else "lppc"
- else if targetPlatform.isSparc then "sparc"
- else if targetPlatform.isMsp430 then "msp430"
- else if targetPlatform.isAvr then "avr"
- else if targetPlatform.isAlpha then "alpha"
- else if targetPlatform.isVc4 then "vc4"
- else if targetPlatform.isOr1k then "or1k"
- else if targetPlatform.isM68k then "m68k"
- else if targetPlatform.isS390 then "s390"
- else if targetPlatform.isRiscV then "lriscv"
- else if targetPlatform.isRx then "rx"
- else throw "unknown emulation for platform: ${targetPlatform.config}";
- in if targetPlatform.useLLVM or false then ""
- else targetPlatform.bfdEmulation or (fmt + sep + arch);
-
strictDeps = true;
depsTargetTargetPropagated = extraPackages;
diff --git a/pkgs/build-support/bintools-wrapper/ld-wrapper.sh b/pkgs/build-support/bintools-wrapper/ld-wrapper.sh
index fb01c5096d5..f8bddabbc68 100644
--- a/pkgs/build-support/bintools-wrapper/ld-wrapper.sh
+++ b/pkgs/build-support/bintools-wrapper/ld-wrapper.sh
@@ -93,11 +93,6 @@ if [ -e @out@/nix-support/add-local-ldflags-before.sh ]; then
fi
-# Specify the target emulation if nothing is passed in ("-m" overrides this
-# environment variable). Ensures we never blindly fallback on targeting the host
-# platform.
-: ${LDEMULATION:=@emulation@}
-
# Three tasks:
#
# 1. Find all -L... switches for rpath
diff --git a/pkgs/build-support/cc-wrapper/default.nix b/pkgs/build-support/cc-wrapper/default.nix
index 3738f628b18..ac6257220fd 100644
--- a/pkgs/build-support/cc-wrapper/default.nix
+++ b/pkgs/build-support/cc-wrapper/default.nix
@@ -14,6 +14,7 @@
, nativeTools, noLibc ? false, nativeLibc, nativePrefix ? ""
, propagateDoc ? cc != null && cc ? man
, extraTools ? [], extraPackages ? [], extraBuildCommands ? ""
+, nixSupport ? {}
, isGNU ? false, isClang ? cc.isClang or false, gnugrep ? null
, buildPackages ? {}
, libcxx ? null
@@ -155,6 +156,8 @@ stdenv.mkDerivation {
(setenv "NIX_CFLAGS_COMPILE_${suffixSalt}" (concat (getenv "NIX_CFLAGS_COMPILE_${suffixSalt}") " -isystem " arg "/include"))))
'(${concatStringsSep " " (map (pkg: "\"${pkg}\"") pkgs)}))
'';
+
+ inherit nixSupport;
};
dontBuild = true;
@@ -521,7 +524,11 @@ stdenv.mkDerivation {
##
## Extra custom steps
##
- + extraBuildCommands;
+ + extraBuildCommands
+ + lib.strings.concatStringsSep "; "
+ (lib.attrsets.mapAttrsToList
+ (name: value: "echo ${toString value} >> $out/nix-support/${name}")
+ nixSupport);
inherit expand-response-params;
diff --git a/pkgs/build-support/setup-hooks/make-binary-wrapper/default.nix b/pkgs/build-support/setup-hooks/make-binary-wrapper/default.nix
new file mode 100644
index 00000000000..34bed3bb297
--- /dev/null
+++ b/pkgs/build-support/setup-hooks/make-binary-wrapper/default.nix
@@ -0,0 +1,26 @@
+{ stdenv
+, lib
+, makeSetupHook
+, dieHook
+, writeShellScript
+, tests
+, cc ? stdenv.cc
+, sanitizers ? []
+}:
+
+makeSetupHook {
+ deps = [ dieHook ]
+ # https://github.com/NixOS/nixpkgs/issues/148189
+ ++ lib.optional (stdenv.isDarwin && stdenv.isAarch64) cc;
+
+ substitutions = {
+ cc = "${cc}/bin/cc ${lib.escapeShellArgs (map (s: "-fsanitize=${s}") sanitizers)}";
+
+ # Extract the function call used to create a binary wrapper from its embedded docstring
+ passthru.extractCmd = writeShellScript "extract-binary-wrapper-cmd" ''
+ strings -dw "$1" | sed -n '/^makeCWrapper/,/^$/ p'
+ '';
+
+ passthru.tests = tests.makeBinaryWrapper;
+ };
+} ./make-binary-wrapper.sh
diff --git a/pkgs/build-support/setup-hooks/make-binary-wrapper.sh b/pkgs/build-support/setup-hooks/make-binary-wrapper/make-binary-wrapper.sh
similarity index 96%
rename from pkgs/build-support/setup-hooks/make-binary-wrapper.sh
rename to pkgs/build-support/setup-hooks/make-binary-wrapper/make-binary-wrapper.sh
index 3931b37c242..6b8f5d60eb6 100644
--- a/pkgs/build-support/setup-hooks/make-binary-wrapper.sh
+++ b/pkgs/build-support/setup-hooks/make-binary-wrapper/make-binary-wrapper.sh
@@ -15,24 +15,25 @@ assertExecutable() {
# makeWrapper EXECUTABLE OUT_PATH ARGS
# ARGS:
-# --argv0 NAME : set name of executed process to NAME
-# (otherwise it’s called …-wrapped)
+# --argv0 NAME : set the name of the executed process to NAME
+# (if unset or empty, defaults to EXECUTABLE)
# --inherit-argv0 : the executable inherits argv0 from the wrapper.
# (use instead of --argv0 '$0')
-# --set VAR VAL : add VAR with value VAL to the executable’s
-# environment
+# --set VAR VAL : add VAR with value VAL to the executable's environment
# --set-default VAR VAL : like --set, but only adds VAR if not already set in
# the environment
# --unset VAR : remove VAR from the environment
# --chdir DIR : change working directory (use instead of --run "cd DIR")
# --add-flags FLAGS : add FLAGS to invocation of executable
+# TODO(@ncfavier): --append-flags
# --prefix ENV SEP VAL : suffix/prefix ENV with VAL, separated by SEP
# --suffix
# To troubleshoot a binary wrapper after you compiled it,
# use the `strings` command or open the binary file in a text editor.
-makeWrapper() {
+makeWrapper() { makeBinaryWrapper "$@"; }
+makeBinaryWrapper() {
local NIX_CFLAGS_COMPILE= NIX_CFLAGS_LINK=
local original="$1"
local wrapper="$2"
@@ -43,7 +44,7 @@ makeWrapper() {
mkdir -p "$(dirname "$wrapper")"
makeDocumentedCWrapper "$original" "$@" | \
- @CC@ \
+ @cc@ \
-Wall -Werror -Wpedantic \
-Wno-overlength-strings \
-Os \
@@ -52,7 +53,8 @@ makeWrapper() {
}
# Syntax: wrapProgram
-wrapProgram() {
+wrapProgram() { wrapProgramBinary "$@"; }
+wrapProgramBinary() {
local prog="$1"
local hidden
@@ -63,8 +65,6 @@ wrapProgram() {
hidden="${hidden}_"
done
mv "$prog" "$hidden"
- # Silence warning about unexpanded $0:
- # shellcheck disable=SC2016
makeWrapper "$hidden" "$prog" --inherit-argv0 "${@:2}"
}
@@ -311,8 +311,9 @@ void set_env_suffix(char *env, char *sep, char *suffix) {
"
}
-# Embed a C string which shows up as readable text in the compiled binary wrapper
-# documentationString ARGS
+# Embed a C string which shows up as readable text in the compiled binary wrapper,
+# giving instructions for recreating the wrapper.
+# Keep in sync with makeBinaryWrapper.extractCmd
docstring() {
printf '%s' "const char * DOCSTRING = \"$(escapeStringLiteral "
@@ -333,7 +334,7 @@ makeCWrapper $(formatArgs "$@")
# formatArgs EXECUTABLE ARGS
formatArgs() {
- printf '%s' "$1"
+ printf '%s' "${1@Q}"
shift
while [ $# -gt 0 ]; do
case "$1" in
diff --git a/pkgs/build-support/setup-hooks/make-wrapper.sh b/pkgs/build-support/setup-hooks/make-wrapper.sh
index 7d598956168..8a38c39efc4 100644
--- a/pkgs/build-support/setup-hooks/make-wrapper.sh
+++ b/pkgs/build-support/setup-hooks/make-wrapper.sh
@@ -11,16 +11,18 @@ assertExecutable() {
# makeWrapper EXECUTABLE OUT_PATH ARGS
# ARGS:
-# --argv0 NAME : set name of executed process to NAME
-# (otherwise it’s called …-wrapped)
-# --set VAR VAL : add VAR with value VAL to the executable’s
-# environment
+# --argv0 NAME : set the name of the executed process to NAME
+# (if unset or empty, defaults to EXECUTABLE)
+# --inherit-argv0 : the executable inherits argv0 from the wrapper.
+# (use instead of --argv0 '$0')
+# --set VAR VAL : add VAR with value VAL to the executable's environment
# --set-default VAR VAL : like --set, but only adds VAR if not already set in
# the environment
# --unset VAR : remove VAR from the environment
# --chdir DIR : change working directory (use instead of --run "cd DIR")
# --run COMMAND : run command before the executable
# --add-flags FLAGS : add FLAGS to invocation of executable
+# TODO(@ncfavier): --append-flags
# --prefix ENV SEP VAL : suffix/prefix ENV with VAL, separated by SEP
# --suffix
@@ -29,7 +31,8 @@ assertExecutable() {
# --prefix-contents ENV SEP FILES : like --suffix-each, but contents of FILES
# are read first and used as VALS
# --suffix-contents
-makeWrapper() {
+makeWrapper() { makeShellWrapper "$@"; }
+makeShellWrapper() {
local original="$1"
local wrapper="$2"
local params varName value command separator n fileNames
@@ -165,6 +168,9 @@ makeWrapper() {
elif [[ "$p" == "--argv0" ]]; then
argv0="${params[$((n + 1))]}"
n=$((n + 1))
+ elif [[ "$p" == "--inherit-argv0" ]]; then
+ # Whichever comes last of --argv0 and --inherit-argv0 wins
+ argv0='$0'
else
die "makeWrapper doesn't understand the arg $p"
fi
@@ -193,7 +199,8 @@ filterExisting() {
}
# Syntax: wrapProgram
-wrapProgram() {
+wrapProgram() { wrapProgramShell "$@"; }
+wrapProgramShell() {
local prog="$1"
local hidden
@@ -204,7 +211,5 @@ wrapProgram() {
hidden="${hidden}_"
done
mv "$prog" "$hidden"
- # Silence warning about unexpanded $0:
- # shellcheck disable=SC2016
- makeWrapper "$hidden" "$prog" --argv0 '$0' "${@:2}"
+ makeWrapper "$hidden" "$prog" --inherit-argv0 "${@:2}"
}
diff --git a/pkgs/build-support/setup-hooks/wrap-gapps-hook/default.nix b/pkgs/build-support/setup-hooks/wrap-gapps-hook/default.nix
index 8c10f67c152..d7699b2557f 100644
--- a/pkgs/build-support/setup-hooks/wrap-gapps-hook/default.nix
+++ b/pkgs/build-support/setup-hooks/wrap-gapps-hook/default.nix
@@ -1,7 +1,7 @@
{ stdenv
, lib
, makeSetupHook
-, makeBinaryWrapper
+, makeWrapper
, gobject-introspection
, isGraphical ? true
, gtk3
@@ -34,7 +34,7 @@ makeSetupHook {
] ++ [
# We use the wrapProgram function.
- makeBinaryWrapper
+ makeWrapper
];
substitutions = {
passthru.tests = let
diff --git a/pkgs/development/compilers/llvm/14/default.nix b/pkgs/development/compilers/llvm/14/default.nix
index 4e5e85684a2..b18b558d5b8 100644
--- a/pkgs/development/compilers/llvm/14/default.nix
+++ b/pkgs/development/compilers/llvm/14/default.nix
@@ -158,16 +158,17 @@ let
] ++ lib.optionals (!stdenv.targetPlatform.isWasm) [
targetLlvmLibraries.libunwind
];
- extraBuildCommands = ''
- echo "-rtlib=compiler-rt -Wno-unused-command-line-argument" >> $out/nix-support/cc-cflags
- echo "-B${targetLlvmLibraries.compiler-rt}/lib" >> $out/nix-support/cc-cflags
- '' + lib.optionalString (!stdenv.targetPlatform.isWasm) ''
- echo "--unwindlib=libunwind" >> $out/nix-support/cc-cflags
- '' + lib.optionalString (!stdenv.targetPlatform.isWasm && stdenv.targetPlatform.useLLVM or false) ''
- echo "-lunwind" >> $out/nix-support/cc-ldflags
- '' + lib.optionalString stdenv.targetPlatform.isWasm ''
- echo "-fno-exceptions" >> $out/nix-support/cc-cflags
- '' + mkExtraBuildCommands cc;
+ extraBuildCommands = mkExtraBuildCommands cc;
+ nixSupport.cc-cflags =
+ [ "-rtlib=compiler-rt"
+ "-Wno-unused-command-line-argument"
+ "-B${targetLlvmLibraries.compiler-rt}/lib"
+ ]
+ ++ lib.optional (!stdenv.targetPlatform.isWasm) "--unwindlib=libunwind"
+ ++ lib.optional
+ (!stdenv.targetPlatform.isWasm && stdenv.targetPlatform.useLLVM or false)
+ "-lunwind"
+ ++ lib.optional stdenv.targetPlatform.isWasm "-fno-exceptions";
};
clangNoLibcxx = wrapCCWith rec {
@@ -177,11 +178,12 @@ let
extraPackages = [
targetLlvmLibraries.compiler-rt
];
- extraBuildCommands = ''
- echo "-rtlib=compiler-rt" >> $out/nix-support/cc-cflags
- echo "-B${targetLlvmLibraries.compiler-rt}/lib" >> $out/nix-support/cc-cflags
- echo "-nostdlib++" >> $out/nix-support/cc-cflags
- '' + mkExtraBuildCommands cc;
+ extraBuildCommands = mkExtraBuildCommands cc;
+ nixSupport.cc-cflags = [
+ "-rtlib=compiler-rt"
+ "-B${targetLlvmLibraries.compiler-rt}/lib"
+ "-nostdlib++"
+ ];
};
clangNoLibc = wrapCCWith rec {
@@ -191,10 +193,11 @@ let
extraPackages = [
targetLlvmLibraries.compiler-rt
];
- extraBuildCommands = ''
- echo "-rtlib=compiler-rt" >> $out/nix-support/cc-cflags
- echo "-B${targetLlvmLibraries.compiler-rt}/lib" >> $out/nix-support/cc-cflags
- '' + mkExtraBuildCommands cc;
+ extraBuildCommands = mkExtraBuildCommands cc;
+ nixSupport.cc-cflags = [
+ "-rtlib=compiler-rt"
+ "-B${targetLlvmLibraries.compiler-rt}/lib"
+ ];
};
clangNoCompilerRt = wrapCCWith rec {
@@ -202,9 +205,8 @@ let
libcxx = null;
bintools = bintoolsNoLibc';
extraPackages = [ ];
- extraBuildCommands = ''
- echo "-nostartfiles" >> $out/nix-support/cc-cflags
- '' + mkExtraBuildCommands0 cc;
+ extraBuildCommands = mkExtraBuildCommands0 cc;
+ nixSupport.cc-cflags = [ "-nostartfiles" ];
};
clangNoCompilerRtWithLibc = wrapCCWith rec {
diff --git a/pkgs/development/compilers/rust/1_60.nix b/pkgs/development/compilers/rust/1_60.nix
index 0153b5d23a9..16f8512952d 100644
--- a/pkgs/development/compilers/rust/1_60.nix
+++ b/pkgs/development/compilers/rust/1_60.nix
@@ -33,7 +33,7 @@ import ./default.nix {
llvmShared = llvm_14.override { enableSharedLibraries = true; };
# Expose llvmPackages used for rustc from rustc via passthru for LTO in Firefox
- llvmPackagesForBuild = pkgsBuildBuild.llvmPackages_14;
+ llvmPackages = llvmPackages_14;
# Note: the version MUST be one version prior to the version we're
# building
diff --git a/pkgs/development/compilers/rust/default.nix b/pkgs/development/compilers/rust/default.nix
index 6dfc8a49063..6c579373f5d 100644
--- a/pkgs/development/compilers/rust/default.nix
+++ b/pkgs/development/compilers/rust/default.nix
@@ -10,7 +10,7 @@
, llvmSharedForBuild
, llvmSharedForHost
, llvmSharedForTarget
-, llvmPackagesForBuild # Exposed through rustc for LTO in Firefox
+, llvmPackages # Exposed through rustc for LTO in Firefox
}:
{ stdenv, lib
, buildPackages
@@ -64,7 +64,7 @@ in
version = rustcVersion;
sha256 = rustcSha256;
inherit enableRustcDev;
- inherit llvmShared llvmSharedForBuild llvmSharedForHost llvmSharedForTarget llvmPackagesForBuild;
+ inherit llvmShared llvmSharedForBuild llvmSharedForHost llvmSharedForTarget llvmPackages;
patches = rustcPatches;
diff --git a/pkgs/development/compilers/rust/rustc.nix b/pkgs/development/compilers/rust/rustc.nix
index 1087ac05908..d167cf91c36 100644
--- a/pkgs/development/compilers/rust/rustc.nix
+++ b/pkgs/development/compilers/rust/rustc.nix
@@ -1,5 +1,5 @@
{ lib, stdenv, removeReferencesTo, pkgsBuildBuild, pkgsBuildHost, pkgsBuildTarget
-, llvmShared, llvmSharedForBuild, llvmSharedForHost, llvmSharedForTarget, llvmPackagesForBuild
+, llvmShared, llvmSharedForBuild, llvmSharedForHost, llvmSharedForTarget, llvmPackages
, fetchurl, file, python3
, darwin, cmake, rust, rustPlatform
, pkg-config, openssl
@@ -179,7 +179,7 @@ in stdenv.mkDerivation rec {
passthru = {
llvm = llvmShared;
- llvmPackages = llvmPackagesForBuild;
+ inherit llvmPackages;
};
meta = with lib; {
diff --git a/pkgs/development/interpreters/lua-5/default.nix b/pkgs/development/interpreters/lua-5/default.nix
index 3e36f77dab4..5230a46afef 100644
--- a/pkgs/development/interpreters/lua-5/default.nix
+++ b/pkgs/development/interpreters/lua-5/default.nix
@@ -1,10 +1,11 @@
# similar to interpreters/python/default.nix
-{ stdenv, lib, callPackage, fetchurl, fetchpatch }:
+{ stdenv, lib, callPackage, fetchurl, fetchpatch, makeBinaryWrapper }:
rec {
lua5_4 = callPackage ./interpreter.nix {
sourceVersion = { major = "5"; minor = "4"; patch = "3"; };
hash = "1yxvjvnbg4nyrdv10bq42gz6dr66pyan28lgzfygqfwy2rv24qgq";
+ makeWrapper = makeBinaryWrapper;
patches = lib.optional stdenv.isDarwin ./5.4.darwin.patch;
};
@@ -16,6 +17,7 @@ rec {
lua5_3 = callPackage ./interpreter.nix {
sourceVersion = { major = "5"; minor = "3"; patch = "6"; };
hash = "0q3d8qhd7p0b7a4mh9g7fxqksqfs6mr1nav74vq26qvkp2dxcpzw";
+ makeWrapper = makeBinaryWrapper;
patches =
lib.optionals stdenv.isDarwin [ ./5.2.darwin.patch ];
@@ -29,6 +31,7 @@ rec {
lua5_2 = callPackage ./interpreter.nix {
sourceVersion = { major = "5"; minor = "2"; patch = "4"; };
hash = "0jwznq0l8qg9wh5grwg07b5cy3lzngvl5m2nl1ikp6vqssmf9qmr";
+ makeWrapper = makeBinaryWrapper;
patches = lib.optional stdenv.isDarwin ./5.2.darwin.patch;
};
@@ -40,6 +43,7 @@ rec {
lua5_1 = callPackage ./interpreter.nix {
sourceVersion = { major = "5"; minor = "1"; patch = "5"; };
hash = "2640fc56a795f29d28ef15e13c34a47e223960b0240e8cb0a82d9b0738695333";
+ makeWrapper = makeBinaryWrapper;
patches = (lib.optional stdenv.isDarwin ./5.1.darwin.patch)
++ [ ./CVE-2014-5461.patch ];
};
diff --git a/pkgs/development/interpreters/lua-5/interpreter.nix b/pkgs/development/interpreters/lua-5/interpreter.nix
index de61714f242..1fb56851ce5 100644
--- a/pkgs/development/interpreters/lua-5/interpreter.nix
+++ b/pkgs/development/interpreters/lua-5/interpreter.nix
@@ -126,6 +126,7 @@ self = stdenv.mkDerivation rec {
passthru = rec {
buildEnv = callPackage ./wrapper.nix {
lua = self;
+ inherit makeWrapper;
inherit (luaPackages) requiredLuaModules;
};
withPackages = import ./with-packages.nix { inherit buildEnv luaPackages;};
diff --git a/pkgs/development/libraries/gtk/3.x.nix b/pkgs/development/libraries/gtk/3.x.nix
index 5e0dcf6ce03..a2b4aed108b 100644
--- a/pkgs/development/libraries/gtk/3.x.nix
+++ b/pkgs/development/libraries/gtk/3.x.nix
@@ -1,7 +1,7 @@
{ lib
, stdenv
, substituteAll
-, fetchurl
+, fetchzip
, pkg-config
, gettext
, docbook-xsl-nons
@@ -60,7 +60,7 @@ in
stdenv.mkDerivation rec {
pname = "gtk+3";
- version = "3.24.33";
+ version = "3.24.33-2022-03-11";
outputs = [ "out" "dev" ] ++ lib.optional withGtkDoc "devdoc";
outputBin = "dev";
@@ -70,9 +70,9 @@ stdenv.mkDerivation rec {
gtkCleanImmodulesCache
];
- src = fetchurl {
- url = "mirror://gnome/sources/gtk+/${lib.versions.majorMinor version}/gtk+-${version}.tar.xz";
- sha256 = "sha256-WIsGUi4l0VeemJtvnYob2/L+E83gGgTpBP80aiJeeAE=";
+ src = fetchzip {
+ url = "https://gitlab.gnome.org/GNOME/gtk/-/archive/9d1d2f0a6643570274121fc1473e46a6edc2e32d/gtk-9d1d2f0a6643570274121fc1473e46a6edc2e32d.tar.gz";
+ sha256 = "sha256-+K1Kp3Sklrj/Ly0pSktfQwfcrIKpbf05NQbMDhWJZNI=";
};
patches = [
@@ -201,6 +201,8 @@ stdenv.mkDerivation rec {
for f in $dev/bin/gtk-encode-symbolic-svg; do
wrapProgram $f --prefix XDG_DATA_DIRS : "${shared-mime-info}/share"
done
+ '' + lib.optionalString (stdenv.buildPlatform == stdenv.hostPlatform) ''
+ GTK_PATH="''${out:?}/lib/gtk-3.0/3.0.0/immodules/" ''${dev:?}/bin/gtk-query-immodules-3.0 > "''${out:?}/lib/gtk-3.0/3.0.0/immodules.cache"
'';
# Wrap demos
diff --git a/pkgs/development/libraries/libqrtr-glib/default.nix b/pkgs/development/libraries/libqrtr-glib/default.nix
index 29097710a69..aefc61f1ccf 100644
--- a/pkgs/development/libraries/libqrtr-glib/default.nix
+++ b/pkgs/development/libraries/libqrtr-glib/default.nix
@@ -20,6 +20,12 @@ stdenv.mkDerivation rec {
sha256 = "MNh5sq3m+PRh3vOmd3VdtcAji6v2iNXIPAOz5qvjXO4=";
};
+ strictDeps = true;
+
+ depsBuildBuild = [
+ pkg-config
+ ];
+
nativeBuildInputs = [
pkg-config
gobject-introspection
@@ -32,7 +38,7 @@ stdenv.mkDerivation rec {
glib
];
- configureFlags = [
+ configureFlags = lib.optionals (stdenv.buildPlatform == stdenv.hostPlatform) [
"--enable-gtk-doc"
];
diff --git a/pkgs/development/libraries/openldap/default.nix b/pkgs/development/libraries/openldap/default.nix
index 4ecfc569ae1..c57aa560fc2 100644
--- a/pkgs/development/libraries/openldap/default.nix
+++ b/pkgs/development/libraries/openldap/default.nix
@@ -1,33 +1,48 @@
-{ lib, stdenv, fetchurl, openssl, db, groff, libtool, libsodium
-, withCyrusSasl ? true
+{ lib
+, stdenv
+, fetchurl
+
+# dependencies
, cyrus_sasl
+, db
+, groff
+, libsodium
+, libtool
+, openssl
+, systemdMinimal
}:
stdenv.mkDerivation rec {
pname = "openldap";
- version = "2.4.58";
+ version = "2.6.2";
src = fetchurl {
url = "https://www.openldap.org/software/download/OpenLDAP/openldap-release/${pname}-${version}.tgz";
- sha256 = "sha256-V7WSVL4V0L9qmrPVFMHAV3ewISMpFTMTSofJRGj49Hs=";
+ hash = "sha256-gdCTRSMutiSG7PWsrNLFbAxFtKbIwGZhLn9CGiOhz4c";
};
# TODO: separate "out" and "bin"
- outputs = [ "out" "dev" "man" "devdoc" ];
+ outputs = [
+ "out"
+ "dev"
+ "man"
+ "devdoc"
+ ];
enableParallelBuilding = true;
- nativeBuildInputs = [ groff ];
-
- buildInputs = [ openssl cyrus_sasl db libsodium libtool ];
+ nativeBuildInputs = [
+ groff
+ ];
- # Disable install stripping as it breaks cross-compiling.
- # We strip binaries anyway in fixupPhase.
- makeFlags= [
- "STRIP="
- "prefix=$(out)"
- "moduledir=$(out)/lib/modules"
- "CC=${stdenv.cc.targetPrefix}cc"
+ buildInputs = [
+ cyrus_sasl
+ db
+ libsodium
+ libtool
+ openssl
+ ] ++ lib.optionals (stdenv.isLinux) [
+ systemdMinimal
];
preConfigure = lib.optionalString (lib.versionAtLeast stdenv.hostPlatform.darwinMinVersion "11") ''
@@ -35,56 +50,64 @@ stdenv.mkDerivation rec {
'';
configureFlags = [
- "--enable-overlays"
- "--disable-dependency-tracking" # speeds up one-time build
- "--enable-modules"
- "--sysconfdir=/etc"
- "--localstatedir=/var"
+ "--enable-argon2"
"--enable-crypt"
+ "--enable-modules"
+ "--enable-overlays"
] ++ lib.optionals (stdenv.hostPlatform != stdenv.buildPlatform) [
"--with-yielding_select=yes"
"ac_cv_func_memcmp_working=yes"
- ] ++ lib.optional (!withCyrusSasl) "--without-cyrus-sasl"
- ++ lib.optional stdenv.isFreeBSD "--with-pic";
+ ] ++ lib.optional stdenv.isFreeBSD "--with-pic";
+
+ makeFlags= [
+ "CC=${stdenv.cc.targetPrefix}cc"
+ "STRIP=" # Disable install stripping as it breaks cross-compiling. We strip binaries anyway in fixupPhase.
+ "prefix=${placeholder "out"}"
+ "sysconfdir=${placeholder "out"}/etc"
+ "systemdsystemunitdir=${placeholder "out"}/lib/systemd/system"
+ # contrib modules require these
+ "moduledir=${placeholder "out"}/lib/modules"
+ "mandir=${placeholder "out"}/share/man"
+ ] ++ lib.optionals (stdenv.buildPlatform != stdenv.hostPlatform) [
+ # Can be unconditional, doing it like this to prevent a mass rebuild.
+ "STRIP_OPTS="
+ ];
+
+ extraContribModules = [
+ # https://git.openldap.org/openldap/openldap/-/tree/master/contrib/slapd-modules
+ "passwd/sha2"
+ "passwd/pbkdf2"
+ "passwd/totp"
+ ];
postBuild = ''
- make $makeFlags CC=$CC -C contrib/slapd-modules/passwd/sha2
- make $makeFlags CC=$CC -C contrib/slapd-modules/passwd/pbkdf2
- make $makeFlags CC=$CC -C contrib/slapd-modules/passwd/argon2
+ for module in ${lib.concatStringsSep " " extraContribModules}; do
+ make $makeFlags CC=$CC -C contrib/slapd-modules/$module
+ done
'';
- doCheck = false; # needs a running LDAP server
+ preCheck = ''
+ substituteInPlace tests/scripts/all \
+ --replace "/bin/rm" "rm"
+ '';
- installFlags = [
- "sysconfdir=$(out)/etc"
- "localstatedir=$(out)/var"
- "moduledir=$(out)/lib/modules"
- # The argon2 module hardcodes /usr/bin/install as the path for the
- # `install` binary, which is overridden here.
- "INSTALL=install"
- ];
+ doCheck = true;
- # 1. Libraries left in the build location confuse `patchelf --shrink-rpath`
- # Delete these to let patchelf discover the right path instead.
- # FIXME: that one can be removed when https://github.com/NixOS/patchelf/pull/98
- # is in Nixpkgs patchelf.
- # 2. Fixup broken libtool for openssl and cyrus_sasl (if it is not disabled)
+ # The directory is empty and serve no purpose.
preFixup = ''
rm -r $out/var
- rm -r libraries/*/.libs
- rm -r contrib/slapd-modules/passwd/*/.libs
- for f in $out/lib/libldap.la $out/lib/libldap_r.la; do
- substituteInPlace "$f" --replace '-lssl' '-L${lib.getLib openssl}/lib -lssl'
- '' + lib.optionalString withCyrusSasl ''
- substituteInPlace "$f" --replace '-lsasl2' '-L${cyrus_sasl.out}/lib -lsasl2'
- '' + ''
- done
'';
+ installFlags = [
+ "prefix=${placeholder "out"}"
+ "moduledir=${placeholder "out"}/lib/modules"
+ "INSTALL=install"
+ ];
+
postInstall = ''
- make $installFlags install -C contrib/slapd-modules/passwd/sha2
- make $installFlags install -C contrib/slapd-modules/passwd/pbkdf2
- make $installFlags install-lib -C contrib/slapd-modules/passwd/argon2
+ for module in ${lib.concatStringsSep " " extraContribModules}; do
+ make $installFlags install -C contrib/slapd-modules/$module
+ done
chmod +x "$out"/lib/*.{so,dylib}
'';
@@ -92,7 +115,7 @@ stdenv.mkDerivation rec {
homepage = "https://www.openldap.org/";
description = "An open source implementation of the Lightweight Directory Access Protocol";
license = licenses.openldap;
- maintainers = with maintainers; [ lovek323 ];
+ maintainers = with maintainers; [ ajs124 das_j hexa ];
platforms = platforms.unix;
};
}
diff --git a/pkgs/development/python-modules/ldap/0001-Check-whether-libldap-is-threadsafe-on-startup.patch b/pkgs/development/python-modules/ldap/0001-Check-whether-libldap-is-threadsafe-on-startup.patch
new file mode 100644
index 00000000000..f2b7812cf70
--- /dev/null
+++ b/pkgs/development/python-modules/ldap/0001-Check-whether-libldap-is-threadsafe-on-startup.patch
@@ -0,0 +1,94 @@
+From 3593e2c299c0ac0402f23d44cdbe8e6ff3687b68 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Ond=C5=99ej=20Kuzn=C3=ADk?=
+Date: Thu, 27 Jan 2022 10:35:56 +0000
+Subject: [PATCH] Check whether libldap is threadsafe on startup.
+
+Closes #432
+---
+ Lib/ldap/constants.py | 2 --
+ Modules/constants.c | 10 ++++++++++
+ setup.cfg | 6 ++++--
+ setup.py | 1 -
+ 4 files changed, 14 insertions(+), 5 deletions(-)
+
+diff --git a/Lib/ldap/constants.py b/Lib/ldap/constants.py
+index 1c1d76a..f76609b 100644
+--- a/Lib/ldap/constants.py
++++ b/Lib/ldap/constants.py
+@@ -341,9 +341,7 @@ CONSTANTS = (
+ # XXX - these should be errors
+ Int('URL_ERR_BADSCOPE'),
+ Int('URL_ERR_MEM'),
+- # Int('LIBLDAP_R'),
+
+- Feature('LIBLDAP_R', 'HAVE_LIBLDAP_R'),
+ Feature('SASL_AVAIL', 'HAVE_SASL'),
+ Feature('TLS_AVAIL', 'HAVE_TLS'),
+ Feature('INIT_FD_AVAIL', 'HAVE_LDAP_INIT_FD'),
+diff --git a/Modules/constants.c b/Modules/constants.c
+index 07d6065..8d6f63b 100644
+--- a/Modules/constants.c
++++ b/Modules/constants.c
+@@ -197,6 +197,8 @@ int
+ LDAPinit_constants(PyObject *m)
+ {
+ PyObject *exc, *nobj;
++ struct ldap_apifeature_info info = { 1, "X_OPENLDAP_THREAD_SAFE", 0 };
++ int thread_safe = 0;
+
+ /* simple constants */
+
+@@ -221,6 +223,14 @@ LDAPinit_constants(PyObject *m)
+ return -1;
+ Py_INCREF(LDAPexception_class);
+
++#ifdef LDAP_API_FEATURE_X_OPENLDAP_THREAD_SAFE
++ if (ldap_get_option(NULL, LDAP_OPT_API_FEATURE_INFO, &info) == LDAP_SUCCESS) {
++ thread_safe = (info.ldapaif_version == 1);
++ }
++#endif
++ if (PyModule_AddIntConstant(m, "LIBLDAP_R", thread_safe) != 0)
++ return -1;
++
+ /* Generated constants -- see Lib/ldap/constants.py */
+
+ #define add_err(n) do { \
+diff --git a/setup.cfg b/setup.cfg
+index 2e372ba..a75f186 100644
+--- a/setup.cfg
++++ b/setup.cfg
+@@ -5,7 +5,9 @@ license_file = LICENCE
+ defines = HAVE_SASL HAVE_TLS HAVE_LIBLDAP_R
+ extra_compile_args =
+ extra_objects =
+-libs = ldap_r lber
++# Uncomment this if your libldap is not thread-safe and you need libldap_r
++# instead
++#libs = ldap_r lber
+
+ [install]
+ compile = 1
+@@ -13,7 +15,7 @@ optimize = 1
+
+ [bdist_rpm]
+ provides = python-ldap
+-requires = python libldap-2_4
++requires = python libldap-2
+ vendor = python-ldap project
+ packager = python-ldap team
+ distribution_name = openSUSE 11.x
+diff --git a/setup.py b/setup.py
+index 119b571..b193957 100644
+--- a/setup.py
++++ b/setup.py
+@@ -132,7 +132,6 @@ setup(
+ extra_objects = LDAP_CLASS.extra_objects,
+ runtime_library_dirs = (not sys.platform.startswith("win"))*LDAP_CLASS.library_dirs,
+ define_macros = LDAP_CLASS.defines + \
+- ('ldap_r' in LDAP_CLASS.libs or 'oldap_r' in LDAP_CLASS.libs)*[('HAVE_LIBLDAP_R',None)] + \
+ ('sasl' in LDAP_CLASS.libs or 'sasl2' in LDAP_CLASS.libs or 'libsasl' in LDAP_CLASS.libs)*[('HAVE_SASL',None)] + \
+ ('ssl' in LDAP_CLASS.libs and 'crypto' in LDAP_CLASS.libs)*[('HAVE_TLS',None)] + \
+ [
+--
+2.36.0
+
diff --git a/pkgs/development/python-modules/ldap/default.nix b/pkgs/development/python-modules/ldap/default.nix
index f9acc0a7674..b58f6bafed5 100644
--- a/pkgs/development/python-modules/ldap/default.nix
+++ b/pkgs/development/python-modules/ldap/default.nix
@@ -12,6 +12,10 @@ buildPythonPackage rec {
sha256 = "60464c8fc25e71e0fd40449a24eae482dcd0fb7fcf823e7de627a6525b3e0d12";
};
+ patches = [
+ ./0001-Check-whether-libldap-is-threadsafe-on-startup.patch
+ ];
+
propagatedBuildInputs = [ pyasn1 pyasn1-modules ];
checkInputs = [ pytestCheckHook ];
diff --git a/pkgs/development/python-modules/pandas/default.nix b/pkgs/development/python-modules/pandas/default.nix
index 38173eb4fe0..54ad2eaf724 100644
--- a/pkgs/development/python-modules/pandas/default.nix
+++ b/pkgs/development/python-modules/pandas/default.nix
@@ -93,6 +93,10 @@ buildPythonPackage rec {
] ++ lib.optionals stdenv.isDarwin [
"test_locale"
"test_clipboard"
+ # ValueError: cannot reindex on an axis with duplicate labels
+ #
+ # Attempts to reproduce this problem outside of Hydra failed.
+ "test_reindex_timestamp_with_fold"
];
# Tests have relative paths, and need to reference compiled C extensions
diff --git a/pkgs/development/python-modules/python-mimeparse/default.nix b/pkgs/development/python-modules/python-mimeparse/default.nix
index ccc8dc78f44..ab91a5d5e2e 100644
--- a/pkgs/development/python-modules/python-mimeparse/default.nix
+++ b/pkgs/development/python-modules/python-mimeparse/default.nix
@@ -1,6 +1,7 @@
{ lib
, buildPythonPackage
, fetchPypi
+, pytestCheckHook
}:
buildPythonPackage rec {
@@ -12,8 +13,9 @@ buildPythonPackage rec {
sha256 = "76e4b03d700a641fd7761d3cd4fdbbdcd787eade1ebfac43f877016328334f78";
};
- # error: invalid command 'test'
- doCheck = false;
+ checkInputs = [
+ pytestCheckHook
+ ];
meta = with lib; {
description = "A module provides basic functions for parsing mime-type names and matching them against a list of media-ranges";
diff --git a/pkgs/development/tools/analysis/valgrind/default.nix b/pkgs/development/tools/analysis/valgrind/default.nix
index 6e736df235f..fa29eae2db6 100644
--- a/pkgs/development/tools/analysis/valgrind/default.nix
+++ b/pkgs/development/tools/analysis/valgrind/default.nix
@@ -1,26 +1,18 @@
{ lib, stdenv, fetchurl, fetchpatch
, autoreconfHook, perl
, gdb, cctools, xnu, bootstrap_cmds
+, writeScript
}:
stdenv.mkDerivation rec {
pname = "valgrind";
- version = "3.18.1";
+ version = "3.19.0";
src = fetchurl {
url = "https://sourceware.org/pub/${pname}/${pname}-${version}.tar.bz2";
- sha256 = "sha256-AIWaoTp3Lt33giIl9LRu4NOa++Bx0yd42k2ZmECB9/U=";
+ sha256 = "sha256-3V40SG8aSD/3vnMAzBa01rJGkJh4d8MnjXl1NNZzjwI=";
};
- patches = [
- # Fix tests on Musl.
- # https://bugs.kde.org/show_bug.cgi?id=445300
- (fetchpatch {
- url = "https://bugsfiles.kde.org/attachment.cgi?id=143535";
- sha256 = "036zyk30rixjvpylw3c7n171n4gpn6zcp7h6ya2dz4h5r478l9i6";
- })
- ];
-
outputs = [ "out" "dev" "man" "doc" ];
hardeningDisable = [ "pie" "stackprotector" ];
@@ -59,9 +51,6 @@ stdenv.mkDerivation rec {
--replace /usr/bin/ld ${cctools}/bin/ld
'');
- # To prevent rebuild on linux when moving darwin's postPatch fixes to preConfigure
- postPatch = "";
-
configureFlags =
lib.optional (stdenv.hostPlatform.system == "x86_64-linux" || stdenv.hostPlatform.system == "x86_64-darwin") "--enable-only64bit"
++ lib.optional stdenv.hostPlatform.isDarwin "--with-xcodedir=${xnu}/include";
@@ -77,6 +66,21 @@ stdenv.mkDerivation rec {
done
'';
+ passthru = {
+ updateScript = writeScript "update-valgrind" ''
+ #!/usr/bin/env nix-shell
+ #!nix-shell -i bash -p curl pcre common-updater-scripts
+
+ set -eu -o pipefail
+
+ # Expect the text in format of:
+ # 'Current release: valgrind-3.19.0'
+ new_version="$(curl -s https://valgrind.org/ |
+ pcregrep -o1 'Current release: .*>valgrind-([0-9.]+)')"
+ update-source-version ${pname} "$new_version"
+ '';
+ };
+
meta = {
homepage = "http://www.valgrind.org/";
description = "Debugging and profiling tool suite";
diff --git a/pkgs/development/tools/misc/binutils/default.nix b/pkgs/development/tools/misc/binutils/default.nix
index da2b4864552..88b6d3a705e 100644
--- a/pkgs/development/tools/misc/binutils/default.nix
+++ b/pkgs/development/tools/misc/binutils/default.nix
@@ -82,6 +82,12 @@ stdenv.mkDerivation {
# override this behavior, forcing ld to search DT_RPATH even when
# cross-compiling.
./always-search-rpath.patch
+
+ # Fixed in 2.39
+ # https://sourceware.org/bugzilla/show_bug.cgi?id=28885
+ # https://sourceware.org/git/?p=binutils-gdb.git;a=patch;h=99852365513266afdd793289813e8e565186c9e6
+ # https://github.com/NixOS/nixpkgs/issues/170946
+ ./deterministic-temp-prefixes.patch
]
++ lib.optional targetPlatform.isiOS ./support-ios.patch
# This patch was suggested by Nick Clifton to fix
diff --git a/pkgs/development/tools/misc/binutils/deterministic-temp-prefixes.patch b/pkgs/development/tools/misc/binutils/deterministic-temp-prefixes.patch
new file mode 100644
index 00000000000..3c27340b9c0
--- /dev/null
+++ b/pkgs/development/tools/misc/binutils/deterministic-temp-prefixes.patch
@@ -0,0 +1,36 @@
+From 99852365513266afdd793289813e8e565186c9e6 Mon Sep 17 00:00:00 2001
+From: Nick Clifton
+Date: Wed, 23 Mar 2022 11:39:49 +0000
+Subject: [PATCH] dlltool: Use the output name as basis for deterministic temp
+ prefixes
+
+ PR 28885
+ * dlltool.c (main): use imp_name rather than dll_name when
+ generating a temporary file name.
+---
+ binutils/ChangeLog | 9 +++++++++
+ binutils/dlltool.c | 7 ++++---
+ 2 files changed, 13 insertions(+), 3 deletions(-)
+
+diff --git a/binutils/dlltool.c b/binutils/dlltool.c
+index d95bf3f5470..89871510b45 100644
+--- a/binutils/dlltool.c
++++ b/binutils/dlltool.c
+@@ -3992,10 +3992,11 @@ main (int ac, char **av)
+ if (tmp_prefix == NULL)
+ {
+ /* If possible use a deterministic prefix. */
+- if (dll_name)
++ if (imp_name || delayimp_name)
+ {
+- tmp_prefix = xmalloc (strlen (dll_name) + 2);
+- sprintf (tmp_prefix, "%s_", dll_name);
++ const char *input = imp_name ? imp_name : delayimp_name;
++ tmp_prefix = xmalloc (strlen (input) + 2);
++ sprintf (tmp_prefix, "%s_", input);
+ for (i = 0; tmp_prefix[i]; i++)
+ if (!ISALNUM (tmp_prefix[i]))
+ tmp_prefix[i] = '_';
+--
+2.31.1
+
diff --git a/pkgs/development/tools/misc/gdb/32-bit-BFD_VMA-format.patch b/pkgs/development/tools/misc/gdb/32-bit-BFD_VMA-format.patch
new file mode 100644
index 00000000000..41ce4540d2d
--- /dev/null
+++ b/pkgs/development/tools/misc/gdb/32-bit-BFD_VMA-format.patch
@@ -0,0 +1,68 @@
+Fix iWerror=format build for 32-bit systems.
+https://sourceware.org/pipermail/gdb-patches/2022-May/189288.html
+--- a/sim/cris/sim-if.c
++++ b/sim/cris/sim-if.c
+@@ -257,7 +257,8 @@ cris_load_elf_file (SIM_DESC sd, struct bfd *abfd, sim_write_fn do_write)
+
+ if (verbose)
+ sim_io_printf (sd,
+- "Loading segment at 0x%" BFD_VMA_FMT "x, size 0x%lx\n",
++ "Loading segment at 0x%" BFD_VMA_FMT "x, "
++ "size 0x%" BFD_VMA_FMT "x\n",
+ lma, phdr[i].p_filesz);
+
+ if (bfd_seek (abfd, phdr[i].p_offset, SEEK_SET) != 0
+@@ -265,7 +266,7 @@ cris_load_elf_file (SIM_DESC sd, struct bfd *abfd, sim_write_fn do_write)
+ {
+ sim_io_eprintf (sd,
+ "%s: could not read segment at 0x%" BFD_VMA_FMT "x, "
+- "size 0x%lx\n",
++ "size 0x%" BFD_VMA_FMT "x\n",
+ STATE_MY_NAME (sd), lma, phdr[i].p_filesz);
+ free (buf);
+ return FALSE;
+@@ -275,7 +276,7 @@ cris_load_elf_file (SIM_DESC sd, struct bfd *abfd, sim_write_fn do_write)
+ {
+ sim_io_eprintf (sd,
+ "%s: could not load segment at 0x%" BFD_VMA_FMT "x, "
+- "size 0x%lx\n",
++ "size 0x%" BFD_VMA_FMT "x\n",
+ STATE_MY_NAME (sd), lma, phdr[i].p_filesz);
+ free (buf);
+ return FALSE;
+@@ -572,7 +573,8 @@ cris_handle_interpreter (SIM_DESC sd, struct bfd *abfd)
+ memory area, so we go via a temporary area. Luckily, the
+ interpreter is supposed to be small, less than 0x40000
+ bytes. */
+- sim_do_commandf (sd, "memory region 0x%" BFD_VMA_FMT "x,0x%lx",
++ sim_do_commandf (sd, "memory region 0x%" BFD_VMA_FMT "x,"
++ "0x%" BFD_VMA_FMT "x",
+ interp_load_addr, interpsiz);
+
+ /* Now that memory for the interpreter is defined, load it. */
+--- a/sim/m32c/syscalls.c
++++ b/sim/m32c/syscalls.c
+@@ -299,8 +299,8 @@ m32c_syscall (int id)
+
+ rv = gettimeofday (&tv, 0);
+ if (trace)
+- printf ("gettimeofday: %ld sec %ld usec to 0x%x\n", tv.tv_sec,
+- tv.tv_usec, tvaddr);
++ printf ("gettimeofday: %lld sec %lld usec to 0x%x\n",
++ (long long)tv.tv_sec, (long long)tv.tv_usec, tvaddr);
+ mem_put_si (tvaddr, tv.tv_sec);
+ mem_put_si (tvaddr + 4, tv.tv_usec);
+ put_reg (r0, rv);
+--- a/sim/rx/syscalls.c
++++ b/sim/rx/syscalls.c
+@@ -270,8 +270,8 @@ rx_syscall (int id)
+
+ rv = gettimeofday (&tv, 0);
+ if (trace)
+- printf ("gettimeofday: %ld sec %ld usec to 0x%x\n", tv.tv_sec,
+- tv.tv_usec, tvaddr);
++ printf ("gettimeofday: %lld sec %lld usec to 0x%x\n",
++ (long long)tv.tv_sec, (long long)tv.tv_usec, tvaddr);
+ mem_put_si (tvaddr, tv.tv_sec);
+ mem_put_si (tvaddr + 4, tv.tv_usec);
+ put_reg (1, rv);
diff --git a/pkgs/development/tools/misc/gdb/debug-info-from-env.patch b/pkgs/development/tools/misc/gdb/debug-info-from-env.patch
index de59bd2d17b..7a3d78da077 100644
--- a/pkgs/development/tools/misc/gdb/debug-info-from-env.patch
+++ b/pkgs/development/tools/misc/gdb/debug-info-from-env.patch
@@ -1,24 +1,17 @@
-diff -ur a/gdb/main.c b/gdb/main.c
---- a/gdb/main.c 2020-02-08 13:50:14.000000000 +0100
-+++ b/gdb/main.c 2020-02-24 10:02:07.731806739 +0100
-@@ -567,9 +567,17 @@
- gdb_sysroot = xstrdup (TARGET_SYSROOT_PREFIX);
- }
+--- a/gdb/main.c
++++ b/gdb/main.c
+@@ -708,8 +708,12 @@ captured_main_1 (struct captured_main_args *context)
+ if (gdb_sysroot.empty ())
+ gdb_sysroot = TARGET_SYSROOT_PREFIX;
- debug_file_directory
-- = xstrdup (relocate_gdb_directory (DEBUGDIR,
-- DEBUGDIR_RELOCATABLE).c_str ());
-+ debug_file_directory = getenv ("NIX_DEBUG_INFO_DIRS");
-+ if (debug_file_directory != NULL)
-+ // This might be updated later using
-+ // $ set debug-file-directory /to/some/path
-+ // which will use xfree. We must then have a xmallocated
-+ // copy of the string that can be xfeed later.
-+ debug_file_directory = xstrdup (debug_file_directory);
+- = relocate_gdb_directory (DEBUGDIR, DEBUGDIR_RELOCATABLE);
++ const char * nix_debug = getenv ("NIX_DEBUG_INFO_DIRS");
++ if (nix_debug != NULL)
++ debug_file_directory = nix_debug;
+ else
+ debug_file_directory
-+ = xstrdup (relocate_gdb_directory (DEBUGDIR,
-+ DEBUGDIR_RELOCATABLE).c_str ());
++ = relocate_gdb_directory (DEBUGDIR, DEBUGDIR_RELOCATABLE);
gdb_datadir = relocate_gdb_directory (GDB_DATADIR,
GDB_DATADIR_RELOCATABLE);
diff --git a/pkgs/development/tools/misc/gdb/default.nix b/pkgs/development/tools/misc/gdb/default.nix
index f21808b1bf7..d9b56428f5c 100644
--- a/pkgs/development/tools/misc/gdb/default.nix
+++ b/pkgs/development/tools/misc/gdb/default.nix
@@ -1,7 +1,7 @@
{ lib, stdenv, targetPackages
# Build time
-, fetchurl, fetchpatch, pkg-config, perl, texinfo, setupDebugInfoDirs, buildPackages
+, fetchurl, pkg-config, perl, texinfo, setupDebugInfoDirs, buildPackages
# Run time
, ncurses, readline, gmp, mpfr, expat, libipt, zlib, dejagnu, sourceHighlight
@@ -15,6 +15,7 @@
# targetPackages so we get the right libc when cross-compiling and using buildPackages.gdb
targetPackages.stdenv.cc.cc.lib
]
+, writeScript
}:
let
@@ -27,36 +28,32 @@ assert pythonSupport -> python3 != null;
stdenv.mkDerivation rec {
pname = targetPrefix + basename;
- version = "11.2";
+ version = "12.1";
src = fetchurl {
url = "mirror://gnu/gdb/${basename}-${version}.tar.xz";
- hash = "sha256-FJfDanGIG4ZxqahKDuQPqreIyjDXuhnYRjw8x4cVLjI=";
+ hash = "sha256-DheTv48rVNU/Rt6oTM/URvSPgbKXsoxPf8AXuBjWn+0=";
};
- postPatch = if stdenv.isDarwin then ''
+ postPatch = lib.optionalString stdenv.isDarwin ''
substituteInPlace gdb/darwin-nat.c \
--replace '#include "bfd/mach-o.h"' '#include "mach-o.h"'
- '' else if stdenv.hostPlatform.isMusl then ''
+ '' + lib.optionalString stdenv.hostPlatform.isMusl ''
+ substituteInPlace sim/erc32/erc32.c --replace sys/fcntl.h fcntl.h
+ substituteInPlace sim/erc32/interf.c --replace sys/fcntl.h fcntl.h
+ substituteInPlace sim/erc32/sis.c --replace sys/fcntl.h fcntl.h
substituteInPlace sim/ppc/emul_unix.c --replace sys/termios.h termios.h
- '' else null;
+ '';
patches = [
./debug-info-from-env.patch
-
- # Pull upstream fix for gcc-12. Will be included in gdb-12.
- (fetchpatch {
- name = "gcc-12.patch";
- url = "https://sourceware.org/git/?p=binutils-gdb.git;a=patch;h=e97436b1b789dcdb6ffb502263f4c86f8bc22996";
- sha256 = "1mpgw6s9qgnwhwyg3hagc6vhqhvia0l1s8nr22bcahwqxi3wvzcw";
- })
] ++ lib.optionals stdenv.isDarwin [
./darwin-target-match.patch
- ] ++ lib.optional stdenv.hostPlatform.isMusl (fetchpatch {
- name = "musl-fix-pagesize-page_size.patch";
- url = "https://sourceware.org/git/?p=binutils-gdb.git;a=patch;h=fd0975b96b16d96010dce439af9620d3dfb65426";
- hash = "sha256-M3U7uIIFJnYu0g8/sMLJPhm02q7cGOi6pLjgsUUjeKI=";
- });
+ # Does not nave to be conditional. We apply it conditionally
+ # to speed up inclusion to nearby nixos release.
+ ] ++ lib.optionals stdenv.is32bit [
+ ./32-bit-BFD_VMA-format.patch
+ ];
nativeBuildInputs = [ pkg-config texinfo perl setupDebugInfoDirs ];
@@ -115,6 +112,20 @@ stdenv.mkDerivation rec {
# TODO: Investigate & fix the test failures.
doCheck = false;
+ passthru = {
+ updateScript = writeScript "update-gdb" ''
+ #!/usr/bin/env nix-shell
+ #!nix-shell -i bash -p curl pcre common-updater-scripts
+
+ set -eu -o pipefail
+
+ # Expect the text in format of 'GDB version 12.1
'
+ new_version="$(curl -s https://www.sourceware.org/gdb/ |
+ pcregrep -o1 'GDB version ([0-9.]+)
')"
+ update-source-version ${pname} "$new_version"
+ '';
+ };
+
meta = with lib; {
description = "The GNU Project debugger";
diff --git a/pkgs/misc/sndio/default.nix b/pkgs/misc/sndio/default.nix
index 7b5774d8054..ea2229f264e 100644
--- a/pkgs/misc/sndio/default.nix
+++ b/pkgs/misc/sndio/default.nix
@@ -11,6 +11,7 @@ stdenv.mkDerivation rec {
nativeBuildInputs = lib.optional stdenv.hostPlatform.isDarwin fixDarwinDylibNames;
buildInputs = lib.optional stdenv.hostPlatform.isLinux alsa-lib;
+ configurePlatforms = [];
postInstall = ''
install -Dm644 contrib/sndiod.service $out/lib/systemd/system/sndiod.service
diff --git a/pkgs/servers/sql/postgresql/default.nix b/pkgs/servers/sql/postgresql/default.nix
index 0998ddb573d..bfbac087bc3 100644
--- a/pkgs/servers/sql/postgresql/default.nix
+++ b/pkgs/servers/sql/postgresql/default.nix
@@ -202,9 +202,9 @@ let
in self: {
postgresql_10 = self.callPackage generic {
- version = "10.20";
+ version = "10.21";
psqlSchema = "10.0"; # should be 10, but changing it is invasive
- sha256 = "sha256-h94W1ZvP5C+mBcMSxZvl4pToo+astlXdetR8u5MKZZ8=";
+ sha256 = "sha256-0yGYhW1Sqab11QZC74ZoesBYvW78pcntV754CElvRdE=";
this = self.postgresql_10;
thisAttr = "postgresql_10";
inherit self;
@@ -212,36 +212,36 @@ in self: {
};
postgresql_11 = self.callPackage generic {
- version = "11.15";
+ version = "11.16";
psqlSchema = "11.1"; # should be 11, but changing it is invasive
- sha256 = "sha256-yPWOjr1PRWf0+boQMus+meAlHYfL4+VktIVZDjeoeeM=";
+ sha256 = "sha256-LdnhEfCllJ7nyswGXOoPshCSkpuuMQzgW/AbT/xRA6U=";
this = self.postgresql_11;
thisAttr = "postgresql_11";
inherit self;
};
postgresql_12 = self.callPackage generic {
- version = "12.10";
+ version = "12.11";
psqlSchema = "12";
- sha256 = "sha256-g90ZLmA0lRGSuahtwZzzcXqLghIOLxGgo2cjyCDSslc=";
+ sha256 = "sha256-ECYkil/Svur0PkxyNqyBflbVi2gaM1hWRl37x1s+gwI=";
this = self.postgresql_12;
thisAttr = "postgresql_12";
inherit self;
};
postgresql_13 = self.callPackage generic {
- version = "13.6";
+ version = "13.7";
psqlSchema = "13";
- sha256 = "sha256-uvx/o9nU2o/nG4TGO6i9/oCSk1wwwKqFwkssCFCPZ/w=";
+ sha256 = "sha256-G5Bb9PPYNhSjk7PFH9NFkQ/SYeT1Ekpo2aH906KkY5k=";
this = self.postgresql_13;
thisAttr = "postgresql_13";
inherit self;
};
postgresql_14 = self.callPackage generic {
- version = "14.2";
+ version = "14.3";
psqlSchema = "14";
- sha256 = "sha256-LPeLLkaJEvgQHWldtTQM8xPC6faKYS+3FCdSToyal3o=";
+ sha256 = "sha256-J5BXNov1mpGcBa2o+VxeBKu0PnS5oqacPUaiDgeprzg=";
this = self.postgresql_14;
thisAttr = "postgresql_14";
inherit self;
diff --git a/pkgs/servers/sql/postgresql/ext/pg_safeupdate.nix b/pkgs/servers/sql/postgresql/ext/pg_safeupdate.nix
index b2a58b6bc3e..5e9976c014d 100644
--- a/pkgs/servers/sql/postgresql/ext/pg_safeupdate.nix
+++ b/pkgs/servers/sql/postgresql/ext/pg_safeupdate.nix
@@ -2,7 +2,7 @@
stdenv.mkDerivation rec {
pname = "pg-safeupdate";
- version = "1.2";
+ version = "1.4";
buildInputs = [ postgresql ];
@@ -10,7 +10,7 @@ stdenv.mkDerivation rec {
owner = "eradman";
repo = pname;
rev = version;
- sha256 = "010m57jcv5v8pyfm1cqs3a306y750lvnvla9m5d98v5vdx3349jg";
+ sha256 = "sha256-1cyvVEC9MQGMr7Tg6EUbsVBrMc8ahdFS3+CmDkmAq4Y=";
};
installPhase = ''
diff --git a/pkgs/test/default.nix b/pkgs/test/default.nix
index d6e4c545a08..ab235d61002 100644
--- a/pkgs/test/default.nix
+++ b/pkgs/test/default.nix
@@ -72,7 +72,15 @@ with pkgs;
dhall = callPackage ./dhall { };
- makeWrapper = callPackage ./make-wrapper {};
+ makeWrapper = callPackage ./make-wrapper { };
+ makeBinaryWrapper = callPackage ./make-binary-wrapper {
+ makeBinaryWrapper = pkgs.makeBinaryWrapper.override {
+ # Enable sanitizers in the tests only, to avoid the performance cost in regular usage.
+ # The sanitizers cause errors on aarch64-darwin, see https://github.com/NixOS/nixpkgs/pull/150079#issuecomment-994132734
+ sanitizers = pkgs.lib.optionals (! (pkgs.stdenv.isDarwin && pkgs.stdenv.isAarch64))
+ [ "undefined" "address" ];
+ };
+ };
pkgs-lib = recurseIntoAttrs (import ../pkgs-lib/tests { inherit pkgs; });
}
diff --git a/pkgs/tools/filesystems/e2fsprogs/default.nix b/pkgs/tools/filesystems/e2fsprogs/default.nix
index d4c4738be75..7273d805a32 100644
--- a/pkgs/tools/filesystems/e2fsprogs/default.nix
+++ b/pkgs/tools/filesystems/e2fsprogs/default.nix
@@ -23,15 +23,20 @@ stdenv.mkDerivation rec {
++ lib.optionals stdenv.isLinux [ fuse ];
# Only use glibc's __GNUC_PREREQ(X,Y) (checks if compiler is gcc version >= X.Y) when using glibc
- patches = if stdenv.hostPlatform.libc == "glibc" then null
- else [
- (fetchpatch {
+ patches = [
+ (fetchpatch {
+ name = "CVE-2022-1304.patch";
+ url = "https://git.kernel.org/pub/scm/fs/ext2/e2fsprogs.git/patch/?id=ab51d587bb9b229b1fade1afd02e1574c1ba5c76";
+ sha256 = "sha256-YEEow34/81NBOc6F6FS6i505FCQ7GHeIz0a0qWNs7Fg=";
+ })
+ ] ++ lib.optionals (stdenv.hostPlatform.libc == "glibc") [
+ (fetchpatch {
url = "https://raw.githubusercontent.com/void-linux/void-packages/9583597eb3e6e6b33f61dbc615d511ce030bc443/srcpkgs/e2fsprogs/patches/fix-glibcism.patch";
sha256 = "1gfcsr0i3q8q2f0lqza8na0iy4l4p3cbii51ds6zmj0y4hz2dwhb";
excludes = [ "lib/ext2fs/hashmap.h" ];
extraPrefix = "";
- })
- ];
+ })
+ ];
postPatch = ''
# Remove six failing tests
diff --git a/pkgs/tools/security/cryptomator/default.nix b/pkgs/tools/security/cryptomator/default.nix
index 5a1886e49e5..ccd5318ffb6 100644
--- a/pkgs/tools/security/cryptomator/default.nix
+++ b/pkgs/tools/security/cryptomator/default.nix
@@ -1,7 +1,7 @@
{ lib, stdenv, fetchFromGitHub
, autoPatchelfHook
, fuse, jffi
-, maven, jdk, jre, makeWrapper, glib, wrapGAppsHook
+, maven, jdk, jre, makeShellWrapper, glib, wrapGAppsHook
}:
let
@@ -65,7 +65,7 @@ in stdenv.mkDerivation rec {
rm $out/share/cryptomator/libs/jff*.jar
cp -f ${jffi}/share/java/jffi-complete.jar $out/share/cryptomator/libs/
- makeWrapper ${jre}/bin/java $out/bin/cryptomator \
+ makeShellWrapper ${jre}/bin/java $out/bin/cryptomator \
--add-flags "--class-path '$out/share/cryptomator/libs/*'" \
--add-flags "--module-path '$out/share/cryptomator/mods'" \
--add-flags "-Dcryptomator.logDir='~/.local/share/Cryptomator/logs'" \
@@ -101,8 +101,8 @@ in stdenv.mkDerivation rec {
nativeBuildInputs = [
autoPatchelfHook
maven
- makeWrapper
- (wrapGAppsHook.override { makeBinaryWrapper = makeWrapper; })
+ makeShellWrapper
+ wrapGAppsHook
jdk
];
buildInputs = [ fuse jre glib jffi ];
diff --git a/pkgs/tools/typesetting/sile/default.nix b/pkgs/tools/typesetting/sile/default.nix
index 32374149190..7aca12e341c 100644
--- a/pkgs/tools/typesetting/sile/default.nix
+++ b/pkgs/tools/typesetting/sile/default.nix
@@ -114,7 +114,6 @@ stdenv.mkDerivation rec {
homepage = "https://sile-typesetter.org";
changelog = "https://github.com/sile-typesetter/sile/raw/v${version}/CHANGELOG.md";
platforms = platforms.unix;
- broken = stdenv.isDarwin; # https://github.com/NixOS/nixpkgs/issues/23018
maintainers = with maintainers; [ doronbehar alerque ];
license = licenses.mit;
};
diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
index 78d4ca310ee..281b0fd328d 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -781,7 +781,9 @@ with pkgs;
makeInitrdNG = callPackage ../build-support/kernel/make-initrd-ng.nix;
makeInitrdNGTool = callPackage ../build-support/kernel/make-initrd-ng-tool.nix {};
- makeWrapper = makeSetupHook
+ makeWrapper = makeShellWrapper;
+
+ makeShellWrapper = makeSetupHook
{ deps = [ dieHook ];
substitutions = {
shell = targetPackages.runtimeShell;
@@ -790,30 +792,7 @@ with pkgs;
}
../build-support/setup-hooks/make-wrapper.sh;
- makeBinaryWrapper = let
- f = { cc, sanitizers }: let
- san = lib.concatMapStringsSep " " (s: "-fsanitize=${s}") sanitizers;
- script = runCommand "make-binary-wrapper.sh" {} ''
- substitute ${../build-support/setup-hooks/make-binary-wrapper.sh} $out \
- --replace " @CC@ " " ${cc}/bin/cc ${san} "
- '';
- in
- makeSetupHook {
- deps = [ dieHook cc ];
- substitutions.passthru.tests = callPackage ../test/make-binary-wrapper {
- makeBinaryWrapper = makeBinaryWrapper.override {
- sanitizers = (if stdenv.isDarwin && stdenv.isAarch64
- then [ ]
- else [ "undefined" "address" ]
- );
- };
- };
- } script;
- in
- lib.makeOverridable f {
- cc = stdenv.cc;
- sanitizers = [ ];
- };
+ makeBinaryWrapper = callPackage ../build-support/setup-hooks/make-binary-wrapper { };
compressFirmwareXz = callPackage ../build-support/kernel/compress-firmware-xz.nix { };
@@ -912,7 +891,9 @@ with pkgs;
findXMLCatalogs = makeSetupHook { } ../build-support/setup-hooks/find-xml-catalogs.sh;
- wrapGAppsHook = callPackage ../build-support/setup-hooks/wrap-gapps-hook { };
+ wrapGAppsHook = callPackage ../build-support/setup-hooks/wrap-gapps-hook {
+ makeWrapper = makeBinaryWrapper;
+ };
wrapGAppsHook4 = wrapGAppsHook.override { gtk3 = gtk4; };
@@ -14055,6 +14036,7 @@ with pkgs;
# default.
libcxx ? null
, extraPackages ? lib.optional (cc.isGNU or false && stdenv.targetPlatform.isMinGW) threadsCross
+ , nixSupport ? {}
, ...
} @ extraArgs:
callPackage ../build-support/cc-wrapper (let self = {
@@ -14066,7 +14048,7 @@ with pkgs;
isGNU = cc.isGNU or false;
isClang = cc.isClang or false;
- inherit cc bintools libc libcxx extraPackages zlib;
+ inherit cc bintools libc libcxx extraPackages nixSupport zlib;
} // extraArgs; in self);
wrapCC = cc: wrapCCWith {
@@ -22350,12 +22332,12 @@ with pkgs;
postgresql_13
postgresql_14
;
- postgresql = postgresql_13.override { this = postgresql; };
+ postgresql = postgresql_14.override { this = postgresql; };
postgresqlPackages = recurseIntoAttrs postgresql.pkgs;
postgresql11Packages = recurseIntoAttrs postgresql_11.pkgs;
postgresql12Packages = recurseIntoAttrs postgresql_12.pkgs;
- postgresql13Packages = postgresqlPackages;
- postgresql14Packages = recurseIntoAttrs postgresql_14.pkgs;
+ postgresql13Packages = recurseIntoAttrs postgresql_13.pkgs;
+ postgresql14Packages = postgresqlPackages;
postgresql_jdbc = callPackage ../development/java-modules/postgresql_jdbc { };
@@ -26450,11 +26432,7 @@ with pkgs;
filezilla = callPackage ../applications/networking/ftp/filezilla { };
- buildMozillaMach =
- let callPackage = newScope {
- inherit (rustPackages) cargo rustc;
- };
- in opts: callPackage (import ../applications/networking/browsers/firefox/common.nix opts) {};
+ buildMozillaMach = opts: callPackage (import ../applications/networking/browsers/firefox/common.nix opts) {};
firefoxPackages = recurseIntoAttrs (callPackage ../applications/networking/browsers/firefox/packages.nix {});