nordic-dev.net/nixpkgs
nordic-dev.net/nixpkgs
2
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2024-12-12 16:53:21 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'staging' into staging-next

Browse Source
This commit is contained in:
Vladimír Čunát 2024-08-06 18:52:03 +02:00
commit 2b92ddc12f
No known key found for this signature in database
GPG Key ID: E747DF1F9575A3AA
162 changed files with 2304 additions and 1513 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
doc/stdenv/stdenv.chapter.md
View File

@ -1538,6 +1538,16 @@ Adds the `-fPIE` compiler and `-pie` linker options. Position Independent Execut
Static libraries need to be compiled with `-fPIE` so that executables can link them in with the `-pie` linker option.
If the libraries lack `-fPIE`, you will get the error `recompile with -fPIE`.
#### `shadowstack` {#shadowstack}
Adds the `-fcf-protection=return` compiler option. This enables the Shadow Stack feature supported by some newer processors, which maintains a user-inaccessible copy of the program's stack containing only return-addresses. When returning from a function, the processor compares the return-address value on the two stacks and throws an error if they do not match, considering it a sign of corruption and possible tampering. This should significantly increase the difficulty of ROP attacks.
For the Shadow Stack to be enabled at runtime, all code linked into a process must be built with Shadow Stack enabled, so this is probably only useful to enable on a wide scale, so that all of a packages dependencies also have the feature enabled.
This is currently only supported on some newer Intel and AMD processors as part of the Intel CET set of features. However, the generated code should continue to work on older processors which will simply omit any of this checking.
This breaks some code that does advanced stack management or exception handling. If enabling this hardening flag it is important to test the result on a system that has known working and enabled CET support, so that any such breakage can be discovered.
#### `trivialautovarinit` {#trivialautovarinit}
Adds the `-ftrivial-auto-var-init=pattern` compiler option. This causes "trivially-initializable" uninitialized stack variables to be forcibly initialized with a nonzero value that is likely to cause a crash (and therefore be noticed). Uninitialized variables generally take on their values based on fragments of previous program state, and attackers can carefully manipulate that state to craft malicious initial values for these variables.
@ -1554,6 +1564,14 @@ sorry, unimplemented: __builtin_clear_padding not supported for variable length
This flag adds the `-fstack-clash-protection` compiler option, which causes growth of a program's stack to access each successive page in order. This should force the guard page to be accessed and cause an attempt to "jump over" this guard page to crash.
#### `pacret` {#pacret}
This flag adds the `-mbranch-protection=pac-ret` compiler option on aarch64-linux targets. This uses ARM v8.3's Pointer Authentication feature to sign function return pointers before adding them to the stack. The pointer's authenticity is then validated before returning to its destination. This dramatically increases the difficulty of ROP exploitation techniques.
This may cause problems with code that does advanced stack manipulation, and debugging/stack-unwinding tools need to be pac-ret aware to work correctly when these features are in operation.
Pre-ARM v8.3 processors will ignore Pointer Authentication instructions, so code built with this flag will continue to work on older processors, though without any of the intended protections. If enabling this flag, it is recommended to ensure the resultant packages are tested against an ARM v8.3+ linux system with known-working Pointer Authentication support so that any breakage caused by this feature is actually detected.
[^footnote-stdenv-ignored-build-platform]: The build platform is ignored because it is a mere implementation detail of the package satisfying the dependency: As a general programming principle, dependencies are always *specified* as interfaces, not concrete implementation.
[^footnote-stdenv-native-dependencies-in-path]: Currently, this means for native builds all dependencies are put on the `PATH`. But in the future that may not be the case for sake of matching cross: the platforms would be assumed to be unique for native and cross builds alike, so only the `depsBuild*` and `nativeBuildInputs` would be added to the `PATH`.
[^footnote-stdenv-propagated-dependencies]: Nix itself already takes a packages transitive dependencies into account, but this propagation ensures nixpkgs-specific infrastructure like [setup hooks](#ssec-setup-hooks) also are run as if it were a propagated dependency.

9
nixos/doc/manual/release-notes/rl-2411.section.md
View File

@ -10,6 +10,8 @@
This also allows configuring runtime settings of AMDVLK and enabling experimental features.
- The `moonlight-qt` package ([Moonlight game streaming](https://moonlight-stream.org/)) now has HDR support on Linux systems.
- PostgreSQL now defaults to major version 16.
- `authelia` has been upgraded to version 4.38. This version brings several features and improvements which are detailed in the [release blog post](https://www.authelia.com/blog/4.38-release-notes/).
This release also deprecates some configuration keys, which are likely to be removed in future version 5.0, but they are still supported and expected to be working in the current version.
@ -288,6 +290,8 @@
- The `stackclashprotection` hardening flag has been added, though disabled by default.
- The `pacret` hardening flag has been added, though disabled by default.
- `cargoSha256` in `rustPlatform.buildRustPackage` has been deprecated in favor
of `cargoHash` which supports SRI hashes. See
[buildRustPackage: Compiling Rust applications with Cargo](https://nixos.org/manual/nixpkgs/unstable/#compiling-rust-applications-with-cargo)
@ -307,6 +311,9 @@
The derivation now installs "impl" headers selectively instead of by a wildcard.
Use `imgui.src` if you just want to access the unpacked sources.
- Unprivileged access to the kernel syslog via `dmesg` is now restricted by default. Users wanting to keep an
unrestricted access to it can set `boot.kernel.sysctl."kernel.dmesg_restrict" = false`.
- The `i18n.inputMethod` module introduces two new properties:
`enable` and `type`, for declaring whether to enable an alternative input method and defining which input method respectfully. The options available in `type` are the same as the existing `enabled` option. `enabled` is now deprecated, and will be removed in a future release.
@ -322,6 +329,8 @@
- Nemo is now built with gtk-layer-shell support, note that for now it will be expected to see nemo-desktop
listed as a regular entry in Cinnamon Wayland session's window list applet.
- The `shadowstack` hardening flag has been added, though disabled by default.
- `restic` module now has an option for inhibiting system sleep while backups are running, defaulting to off (not inhibiting sleep), available as [`services.restic.backups.<name>.inhibitsSleep`](#opt-services.restic.backups._name_.inhibitsSleep).
- Support for *runner registration tokens* has been [deprecated](https://gitlab.com/gitlab-org/gitlab/-/issues/380872)

3
nixos/modules/services/databases/postgresql.nix
View File

@ -483,7 +483,8 @@ in
services.postgresql.package = let
mkThrow = ver: throw "postgresql_${ver} was removed, please upgrade your postgresql version.";
base = if versionAtLeast config.system.stateVersion "23.11" then pkgs.postgresql_15
base = if versionAtLeast config.system.stateVersion "24.11" then pkgs.postgresql_16
else if versionAtLeast config.system.stateVersion "23.11" then pkgs.postgresql_15
else if versionAtLeast config.system.stateVersion "22.05" then pkgs.postgresql_14
else if versionAtLeast config.system.stateVersion "21.11" then pkgs.postgresql_13
else if versionAtLeast config.system.stateVersion "20.03" then mkThrow "11"

29
nixos/tests/systemd-boot.nix
View File

@ -244,18 +244,31 @@ rec {
testScript = ''
machine.succeed("mount -o remount,rw /boot")
# Replace version inside sd-boot with something older. See magic[] string in systemd src/boot/efi/boot.c
machine.succeed(
"""
find /boot -iname '*boot*.efi' -print0 | \
xargs -0 -I '{}' sed -i 's/#### LoaderInfo: systemd-boot .* ####/#### LoaderInfo: systemd-boot 000.0-1-notnixos ####/' '{}'
"""
)
def switch():
# Replace version inside sd-boot with something older. See magic[] string in systemd src/boot/efi/boot.c
machine.succeed(
"""
find /boot -iname '*boot*.efi' -print0 | \
xargs -0 -I '{}' sed -i 's/#### LoaderInfo: systemd-boot .* ####/#### LoaderInfo: systemd-boot 000.0-1-notnixos ####/' '{}'
"""
)
return machine.succeed("/run/current-system/bin/switch-to-configuration boot 2>&1")
output = machine.succeed("/run/current-system/bin/switch-to-configuration boot 2>&1")
output = switch()
assert "updating systemd-boot from 000.0-1-notnixos to " in output, "Couldn't find systemd-boot update message"
assert 'to "/boot/EFI/systemd/systemd-bootx64.efi"' in output, "systemd-boot not copied to to /boot/EFI/systemd/systemd-bootx64.efi"
assert 'to "/boot/EFI/BOOT/BOOTX64.EFI"' in output, "systemd-boot not copied to to /boot/EFI/BOOT/BOOTX64.EFI"
with subtest("Test that updating works with lowercase bootx64.efi"):
machine.succeed(
# Move to tmp file name first, otherwise mv complains the new location is the same
"mv /boot/EFI/BOOT/BOOTX64.EFI /boot/EFI/BOOT/bootx64.efi.new",
"mv /boot/EFI/BOOT/bootx64.efi.new /boot/EFI/BOOT/bootx64.efi",
)
output = switch()
assert "updating systemd-boot from 000.0-1-notnixos to " in output, "Couldn't find systemd-boot update message"
assert 'to "/boot/EFI/systemd/systemd-bootx64.efi"' in output, "systemd-boot not copied to to /boot/EFI/systemd/systemd-bootx64.efi"
assert 'to "/boot/EFI/BOOT/BOOTX64.EFI"' in output, "systemd-boot not copied to to /boot/EFI/BOOT/BOOTX64.EFI"
'';
};

4
pkgs/applications/editors/emacs/build-support/elpa.nix
View File

@ -1,10 +1,10 @@
# builder for Emacs packages built for packages.el
{ lib, stdenv, emacs, texinfo, writeText, gcc }:
{ lib, stdenv, emacs, texinfo, writeText }:
let
handledArgs = [ "meta" ];
genericBuild = import ./generic.nix { inherit lib stdenv emacs texinfo writeText gcc; };
genericBuild = import ./generic.nix { inherit lib stdenv emacs texinfo writeText; };
in

15
pkgs/applications/editors/emacs/build-support/generic.nix
View File

@ -1,11 +1,11 @@
# generic builder for Emacs packages
{ lib, stdenv, emacs, texinfo, writeText, gcc, ... }:
{ lib, stdenv, emacs, texinfo, writeText, ... }:
let
inherit (lib) optionalAttrs getLib;
handledArgs = [ "buildInputs" "packageRequires" "propagatedUserEnvPkgs" "meta" ]
++ lib.optionals (emacs.withNativeCompilation or false) [ "nativeBuildInputs" "postInstall" ];
inherit (lib) optionalAttrs;
handledArgs = [ "buildInputs" "nativeBuildInputs" "packageRequires" "propagatedUserEnvPkgs" "meta" ]
++ lib.optionals (emacs.withNativeCompilation or false) [ "postInstall" ];
setupHook = writeText "setup-hook.sh" ''
source ${./emacs-funcs.sh}
@ -55,7 +55,8 @@ stdenv.mkDerivation (finalAttrs: ({
esac
'';
buildInputs = [emacs texinfo] ++ packageRequires ++ buildInputs;
buildInputs = packageRequires ++ buildInputs;
nativeBuildInputs = [ emacs texinfo ] ++ nativeBuildInputs;
propagatedBuildInputs = packageRequires;
propagatedUserEnvPkgs = packageRequires ++ propagatedUserEnvPkgs;
@ -73,10 +74,6 @@ stdenv.mkDerivation (finalAttrs: ({
// optionalAttrs (emacs.withNativeCompilation or false) {
LIBRARY_PATH = "${getLib stdenv.cc.libc}/lib";
nativeBuildInputs = [ gcc ] ++ nativeBuildInputs;
addEmacsNativeLoadPath = true;
inherit turnCompilationWarningToError ignoreCompilationError;

4
pkgs/applications/editors/emacs/build-support/melpa.nix
View File

@ -1,11 +1,11 @@
# builder for Emacs packages built for packages.el
# using MELPA package-build.el
{ lib, stdenv, fetchFromGitHub, emacs, texinfo, writeText, gcc }:
{ lib, stdenv, fetchFromGitHub, emacs, texinfo, writeText }:
let
handledArgs = [ "meta" "preUnpack" "postUnpack" ];
genericBuild = import ./generic.nix { inherit lib stdenv emacs texinfo writeText gcc; };
genericBuild = import ./generic.nix { inherit lib stdenv emacs texinfo writeText; };
packageBuild = stdenv.mkDerivation {
name = "package-build";

3
pkgs/applications/editors/emacs/build-support/wrapper.nix
View File

@ -32,7 +32,7 @@ in customEmacsPackages.withPackages (epkgs: [ epkgs.evil epkgs.magit ])
*/
{ lib, lndir, makeBinaryWrapper, runCommand, gcc }:
{ lib, lndir, makeBinaryWrapper, runCommand }:
self:
let
inherit (self) emacs;
@ -60,7 +60,6 @@ runCommand
deps = runCommand "emacs-packages-deps"
({
inherit explicitRequires lndir emacs;
nativeBuildInputs = lib.optional withNativeCompilation gcc;
} // lib.optionalAttrs withNativeCompilation {
inherit (emacs) LIBRARY_PATH;
})

4
pkgs/applications/graphics/darktable/default.nix
View File

@ -53,8 +53,6 @@
, libaom
, portmidi
, lua
, dav1d
, libyuv
}:
stdenv.mkDerivation rec {
@ -108,8 +106,6 @@ stdenv.mkDerivation rec {
libaom
portmidi
lua
dav1d
libyuv
] ++ lib.optionals stdenv.isLinux [
colord
colord-gtk

6
pkgs/applications/networking/browsers/w3m/default.nix
View File

@ -5,7 +5,7 @@
, x11Support ? graphicsSupport, libX11
, mouseSupport ? !stdenv.isDarwin, gpm-ncurses
, perl, man, pkg-config, buildPackages, w3m
, testers
, testers, updateAutotoolsGnuConfigScriptsHook
}:
let
@ -53,7 +53,9 @@ in stdenv.mkDerivation rec {
sed -ie 's!mktable.*:.*!mktable:!' Makefile.in
'';
nativeBuildInputs = [ pkg-config gettext ];
# updateAutotoolsGnuConfigScriptsHook necessary to build on FreeBSD native pending inclusion of
# https://git.savannah.gnu.org/cgit/config.git/commit/?id=e4786449e1c26716e3f9ea182caf472e4dbc96e0
nativeBuildInputs = [ pkg-config gettext updateAutotoolsGnuConfigScriptsHook ];
buildInputs = [ ncurses boehmgc zlib ]
++ lib.optional sslSupport openssl
++ lib.optional mouseSupport gpm-ncurses

6
pkgs/applications/version-management/mercurial/default.nix
View File

@ -21,11 +21,11 @@ let
self = python3Packages.buildPythonApplication rec {
pname = "mercurial${lib.optionalString fullBuild "-full"}";
version = "6.8";
version = "6.8.1";
src = fetchurl {
url = "https://mercurial-scm.org/release/mercurial-${version}.tar.gz";
hash = "sha256-COTQ5dqK8RMrUea8M1AYCtV63Nk18Je20LwRmiwsChA=";
hash = "sha256-Aw6Kem1ZDk6utAPuJWdWFc2A0jbzq4oLVtzIQYEViwU=";
};
format = "other";
@ -35,7 +35,7 @@ let
cargoDeps = if rustSupport then rustPlatform.fetchCargoTarball {
inherit src;
name = "mercurial-${version}";
hash = "sha256-mP82UtASD0Fh8ilDDCB6ubY7/MGPoRP6hg6/xRwzwAw=";
hash = "sha256-i5AVyi9m7qLLubhV8fBhhZ6/RYOjMdwmv9Bek9pT/xo=";
sourceRoot = "mercurial-${version}/rust";
} else null;
cargoRoot = if rustSupport then "rust" else null;

6
pkgs/build-support/bintools-wrapper/ld-wrapper.sh
View File

@ -226,12 +226,6 @@ if [[ "$NIX_DONT_SET_RPATH_@suffixSalt@" != 1 && "$linkType" != static-pie ]]; t
fi
# This is outside the DONT_SET_RPATH branch because it's more targeted and we
# usually want it (on Darwin) even if DONT_SET_RPATH is set.
if [ -n "${NIX_COREFOUNDATION_RPATH:-}" ]; then
extraAfter+=(-rpath $NIX_COREFOUNDATION_RPATH)
fi
# Only add --build-id if this is a final link. FIXME: should build gcc
# with --enable-linker-build-id instead?
#

2
pkgs/build-support/cc-wrapper/add-clang-cc-cflags-before.sh
View File

@ -6,6 +6,6 @@ for p in "${params[@]}"; do
esac
done
if $needsTarget; then
if $needsTarget && [[ $0 != *cpp ]]; then
extraBefore+=(-target @defaultTarget@ @machineFlags@)
fi

7
pkgs/build-support/cc-wrapper/add-flags.sh
View File

@ -27,8 +27,11 @@ for var in "${var_templates_bool[@]}"; do
mangleVarBool "$var" ${role_suffixes[@]+"${role_suffixes[@]}"}
done
# `-B@out@/bin' forces cc to use ld-wrapper.sh when calling ld.
NIX_CFLAGS_COMPILE_@suffixSalt@="-B@out@/bin/ $NIX_CFLAGS_COMPILE_@suffixSalt@"
# Arocc does not support "-B"
if [[ -z "@isArocc@" ]]; then
# `-B@bintools@/bin' forces cc to use ld-wrapper.sh when calling ld.
NIX_CFLAGS_COMPILE_@suffixSalt@="-B@bintools@/bin/ $NIX_CFLAGS_COMPILE_@suffixSalt@"
fi
# Export and assign separately in order that a failing $(..) will fail
# the script.

10
pkgs/build-support/cc-wrapper/add-hardening.sh
View File

@ -32,7 +32,7 @@ if [[ -n "${hardeningEnableMap[fortify3]-}" ]]; then
fi
if (( "${NIX_DEBUG:-0}" >= 1 )); then
declare -a allHardeningFlags=(fortify fortify3 stackprotector stackclashprotection pie pic strictoverflow format trivialautovarinit zerocallusedregs)
declare -a allHardeningFlags=(fortify fortify3 shadowstack stackprotector stackclashprotection pacret pie pic strictoverflow format trivialautovarinit zerocallusedregs)
declare -A hardeningDisableMap=()
# Determine which flags were effectively disabled so we can report below.
@ -75,6 +75,14 @@ for flag in "${!hardeningEnableMap[@]}"; do
;;
esac
;;
shadowstack)
if (( "${NIX_DEBUG:-0}" >= 1 )); then echo HARDENING: enabling shadowstack >&2; fi
hardeningCFlagsBefore+=('-fcf-protection=return')
;;
pacret)
if (( "${NIX_DEBUG:-0}" >= 1 )); then echo HARDENING: enabling pacret >&2; fi
hardeningCFlagsBefore+=('-mbranch-protection=pac-ret')
;;
stackprotector)
if (( "${NIX_DEBUG:-0}" >= 1 )); then echo HARDENING: enabling stackprotector >&2; fi
hardeningCFlagsBefore+=('-fstack-protector-strong' '--param' 'ssp-buffer-size=4')

5
pkgs/build-support/cc-wrapper/cc-wrapper.sh
View File

@ -79,6 +79,11 @@ if [ "$nonFlagArgs" = 0 ]; then
dontLink=1
fi
# Arocc does not link
if [ "@isArocc@" = 1 ]; then
dontLink=1
fi
# Optionally filter out paths not refering to the store.
if [[ "${NIX_ENFORCE_PURITY:-}" = 1 && -n "$NIX_STORE" ]]; then
kept=()

32
pkgs/build-support/cc-wrapper/default.nix
View File

@ -15,7 +15,9 @@
, propagateDoc ? cc != null && cc ? man
, extraTools ? [], extraPackages ? [], extraBuildCommands ? ""
, nixSupport ? {}
, isGNU ? false, isClang ? cc.isClang or false, isCcache ? cc.isCcache or false, gnugrep ? null
, isGNU ? false, isClang ? cc.isClang or false, isZig ? cc.isZig or false
, isArocc ? cc.isArocc or false, isCcache ? cc.isCcache or false
, gnugrep ? null
, expand-response-params
, libcxx ? null
@ -304,6 +306,9 @@ stdenvNoCC.mkDerivation {
outputs = [ "out" ] ++ optionals propagateDoc [ "man" "info" ];
# Cannot be in "passthru" due to "substituteAll"
inherit isArocc;
passthru = {
inherit targetPrefix suffixSalt;
# "cc" is the generic name for a C compiler, but there is no one for package
@ -311,7 +316,7 @@ stdenvNoCC.mkDerivation {
# Binutils, and Apple's "cctools"; "bintools" as an attempt to find an
# unused middle-ground name that evokes both.
inherit bintools;
inherit cc libc libcxx nativeTools nativeLibc nativePrefix isGNU isClang;
inherit cc libc libcxx nativeTools nativeLibc nativePrefix isGNU isClang isZig;
emacsBufferSetup = pkgs: ''
; We should handle propagation here too
@ -391,6 +396,10 @@ stdenvNoCC.mkDerivation {
ln -s ${targetPrefix}clang $out/bin/${targetPrefix}cc
export named_cc=${targetPrefix}clang
export named_cxx=${targetPrefix}clang++
elif [ -e $ccPath/arocc ]; then
wrap ${targetPrefix}arocc $wrapper $ccPath/arocc
ln -s ${targetPrefix}arocc $out/bin/${targetPrefix}cc
export named_cc=${targetPrefix}arocc
fi
if [ -e $ccPath/${targetPrefix}g++ ]; then
@ -475,7 +484,7 @@ stdenvNoCC.mkDerivation {
#
# TODO(@Ericson2314): Remove this after stable release and force
# everyone to refer to bintools-wrapper directly.
+ ''
+ optionalString (!isArocc) ''
if [[ -f "$bintools/nix-support/dynamic-linker" ]]; then
ln -s "$bintools/nix-support/dynamic-linker" "$out/nix-support"
fi
@ -491,7 +500,7 @@ stdenvNoCC.mkDerivation {
echo "-B${gccForLibs}/lib/gcc/${targetPlatform.config}/${gccForLibs.version}" >> $out/nix-support/cc-cflags
''
+ optionalString useGccForLibs ''
+ optionalString (useGccForLibs && !isArocc) ''
echo "-L${gccForLibs}/lib/gcc/${targetPlatform.config}/${gccForLibs.version}" >> $out/nix-support/cc-ldflags
echo "-L${gccForLibs_solib}/lib" >> $out/nix-support/cc-ldflags
''
@ -517,9 +526,9 @@ stdenvNoCC.mkDerivation {
''
# this ensures that when clang passes -lgcc_s to lld (as it does
# when building e.g. firefox), lld is able to find libgcc_s.so
+ concatMapStrings (libgcc: ''
+ optionals (!isArocc) (concatMapStrings (libgcc: ''
echo "-L${libgcc}/lib" >> $out/nix-support/cc-ldflags
'') (toList (gccForLibs.libgcc or [])))
'') (toList (gccForLibs.libgcc or []))))
##
## General libc support
@ -539,9 +548,10 @@ stdenvNoCC.mkDerivation {
+ optionalString (libc != null) (''
touch "$out/nix-support/libc-cflags"
touch "$out/nix-support/libc-ldflags"
'' + optionalString (!isArocc) ''
echo "-B${libc_lib}${libc.libdir or "/lib/"}" >> $out/nix-support/libc-crt1-cflags
'' + optionalString (!(cc.langD or false)) ''
echo "-idirafter ${libc_dev}${libc.incdir or "/include"}" >> $out/nix-support/libc-cflags
echo "-${if isArocc then "I" else "idirafter"} ${libc_dev}${libc.incdir or "/include"}" >> $out/nix-support/libc-cflags
'' + optionalString (isGNU && (!(cc.langD or false))) ''
for dir in "${cc}"/lib/gcc/*/*/include-fixed; do
echo '-idirafter' ''${dir} >> $out/nix-support/libc-cflags
@ -597,7 +607,7 @@ stdenvNoCC.mkDerivation {
# ${cc_solib}/lib64 (even though it does actually search there...)..
# This confuses libtool. So add it to the compiler tool search
# path explicitly.
+ optionalString (!nativeTools) ''
+ optionalString (!nativeTools && !isArocc) ''
if [ -e "${cc_solib}/lib64" -a ! -L "${cc_solib}/lib64" ]; then
ccLDFlags+=" -L${cc_solib}/lib64"
ccCFlags+=" -B${cc_solib}/lib64"
@ -605,7 +615,7 @@ stdenvNoCC.mkDerivation {
ccLDFlags+=" -L${cc_solib}/lib"
ccCFlags+=" -B${cc_solib}/lib"
'' + optionalString cc.langAda or false ''
'' + optionalString (cc.langAda or false && !isArocc) ''
touch "$out/nix-support/gnat-cflags"
touch "$out/nix-support/gnat-ldflags"
basePath=$(echo $cc/lib/*/*/*)
@ -626,7 +636,7 @@ stdenvNoCC.mkDerivation {
+ optionalString propagateDoc ''
ln -s ${cc.man} $man
ln -s ${cc.info} $info
'' + optionalString (cc.langD or cc.langJava or false) ''
'' + optionalString (cc.langD or cc.langJava or false && !isArocc) ''
echo "-B${zlib}${zlib.libdir or "/lib/"}" >> $out/nix-support/libc-cflags
''
@ -667,7 +677,7 @@ stdenvNoCC.mkDerivation {
hardening_unsupported_flags+=" stackprotector"
''
+ optionalString (libc != null && targetPlatform.isAvr) ''
+ optionalString (libc != null && targetPlatform.isAvr && !isArocc) ''
for isa in avr5 avr3 avr4 avr6 avr25 avr31 avr35 avr51 avrxmega2 avrxmega4 avrxmega5 avrxmega6 avrxmega7 tiny-stack; do
echo "-B${getLib libc}/avr/lib/$isa" >> $out/nix-support/libc-crt1-cflags
done

28
pkgs/by-name/cm/cmake/000-nixpkgs-cmake-prefix-path.diff Normal file
View File

@ -0,0 +1,28 @@
diff --git a/Source/cmFindBase.cxx b/Source/cmFindBase.cxx
index 8840cdcb..c34b7ee9 100644
--- a/Source/cmFindBase.cxx
+++ b/Source/cmFindBase.cxx
@@ -280,6 +280,11 @@ void cmFindBase::FillCMakeEnvironmentPath()
// Add CMAKE_*_PATH environment variables
std::string var = cmStrCat("CMAKE_", this->CMakePathName, "_PATH");
paths.AddEnvPrefixPath("CMAKE_PREFIX_PATH");
+ if (this->CMakePathName != "PROGRAM") {
+ // Like CMAKE_PREFIX_PATH except when searching for programs. Programs need
+ // to be located via PATH
+ paths.AddEnvPrefixPath("NIXPKGS_CMAKE_PREFIX_PATH");
+ }
paths.AddEnvPath(var);
if (this->CMakePathName == "PROGRAM") {
diff --git a/Source/cmFindPackageCommand.cxx b/Source/cmFindPackageCommand.cxx
index 9b51b1ad..6acc676c 100644
--- a/Source/cmFindPackageCommand.cxx
+++ b/Source/cmFindPackageCommand.cxx
@@ -2039,6 +2039,7 @@ void cmFindPackageCommand::FillPrefixesCMakeEnvironment()
// And now the general CMake environment variables
paths.AddEnvPath("CMAKE_PREFIX_PATH");
+ paths.AddEnvPath("NIXPKGS_CMAKE_PREFIX_PATH");
if (this->DebugMode) {
debugBuffer = cmStrCat(debugBuffer,
"CMAKE_PREFIX_PATH env variable "

3
pkgs/by-name/cm/cmake/package.nix
View File

@ -56,6 +56,9 @@ stdenv.mkDerivation (finalAttrs: {
};
patches = [
# Add NIXPKGS_CMAKE_PREFIX_PATH to cmake which is like CMAKE_PREFIX_PATH
# except it is not searched for programs
./000-nixpkgs-cmake-prefix-path.diff
# Don't search in non-Nix locations such as /usr, but do search in our libc.
./001-search-path.diff
# Don't depend on frameworks.

14
pkgs/by-name/cm/cmake/setup-hook.sh
View File

@ -1,5 +1,7 @@
addCMakeParams() {
addToSearchPath CMAKE_PREFIX_PATH $1
# NIXPKGS_CMAKE_PREFIX_PATH is like CMAKE_PREFIX_PATH except cmake
# will not search it for programs
addToSearchPath NIXPKGS_CMAKE_PREFIX_PATH $1
}
fixCmakeFiles() {
@ -151,22 +153,22 @@ makeCmakeFindLibs(){
for flag in ${NIX_CFLAGS_COMPILE-} ${NIX_LDFLAGS-}; do
if test -n "$isystem_seen" && test -d "$flag"; then
isystem_seen=
export CMAKE_INCLUDE_PATH="${CMAKE_INCLUDE_PATH-}${CMAKE_INCLUDE_PATH:+:}${flag}"
addToSearchPath CMAKE_INCLUDE_PATH "${flag}"
elif test -n "$iframework_seen" && test -d "$flag"; then
iframework_seen=
export CMAKE_FRAMEWORK_PATH="${CMAKE_FRAMEWORK_PATH-}${CMAKE_FRAMEWORK_PATH:+:}${flag}"
addToSearchPath CMAKE_FRAMEWORK_PATH "${flag}"
else
isystem_seen=
iframework_seen=
case $flag in
-I*)
export CMAKE_INCLUDE_PATH="${CMAKE_INCLUDE_PATH-}${CMAKE_INCLUDE_PATH:+:}${flag:2}"
addToSearchPath CMAKE_INCLUDE_PATH "${flag:2}"
;;
-L*)
export CMAKE_LIBRARY_PATH="${CMAKE_LIBRARY_PATH-}${CMAKE_LIBRARY_PATH:+:}${flag:2}"
addToSearchPath CMAKE_LIBRARY_PATH "${flag:2}"
;;
-F*)
export CMAKE_FRAMEWORK_PATH="${CMAKE_FRAMEWORK_PATH-}${CMAKE_FRAMEWORK_PATH:+:}${flag:2}"
addToSearchPath CMAKE_FRAMEWORK_PATH "${flag:2}"
;;
-isystem)
isystem_seen=1

89
pkgs/by-name/gd/gdbm/package.nix Normal file
View File

@ -0,0 +1,89 @@
{
lib,
fetchurl,
stdenv,
testers,
updateAutotoolsGnuConfigScriptsHook,
}:
stdenv.mkDerivation (finalAttrs: {
pname = "gdbm";
version = "1.24";
src = fetchurl {
url = "mirror://gnu/gdbm/gdbm-${finalAttrs.version}.tar.gz";
hash = "sha256-aV6YJ/33Y1E/EzkQvH5s/bkYeUOk/slD5XRJcj0rjb8=";
};
nativeBuildInputs = [ updateAutotoolsGnuConfigScriptsHook ];
configureFlags = [ (lib.enableFeature true "libgdbm-compat") ];
outputs = [
"out"
"dev"
"info"
"lib"
"man"
];
doCheck = true;
enableParallelBuilding = true;
# 1. Linking static stubs on cygwin requires correct ordering. Consider
# upstreaming this.
#
# 2. Disable dbmfetch03.at test because it depends on unlink() failing on a
# link in a chmod -w directory, which cygwin apparently allows.
postPatch = lib.optionalString stdenv.buildPlatform.isCygwin ''
substituteInPlace tests/Makefile.in \
--replace-fail '_LDADD = ../src/libgdbm.la ../compat/libgdbm_compat.la' \
'_LDADD = ../compat/libgdbm_compat.la ../src/libgdbm.la'
substituteInPlace tests/testsuite.at
--replace-fail 'm4_include([dbmfetch03.at])' ""
'';
# create symlinks for compatibility
postInstall = ''
install -dm755 ''${!outputDev}/include/gdbm
pushd ''${!outputDev}/include/gdbm
ln -s ../dbm.h dbm.h
ln -s ../gdbm.h gdbm.h
ln -s ../ndbm.h ndbm.h
popd
'';
passthru = {
tests.version = testers.testVersion {
package = finalAttrs.finalPackage;
command = "gdbmtool --version";
};
};
meta = {
homepage = "https://www.gnu.org/software/gdbm/";
description = "GNU dbm key/value database library";
longDescription = ''
GNU dbm (or GDBM, for short) is a library of database functions that use
extensible hashing and work similar to the standard UNIX dbm. These
routines are provided to a programmer needing to create and manipulate a
hashed database.
The basic use of GDBM is to store key/data pairs in a data file. Each
key must be unique and each key is paired with only one data item.
The library provides primitives for storing key/data pairs, searching and
retrieving the data by its key and deleting a key along with its data.
It also support sequential iteration over all key/data pairs in a
database.
For compatibility with programs using old UNIX dbm function, the package
also provides traditional dbm and ndbm interfaces.
'';
license = lib.licenses.gpl3Plus;
mainProgram = "gdbmtool";
maintainers = with lib.maintainers; [ AndersonTorres ];
platforms = lib.platforms.all;
};
})

0
pkgs/development/libraries/libtheora/mingw-remove-export.patch → pkgs/by-name/li/libtheora/mingw-remove-export.patch
View File

69
pkgs/by-name/li/libtheora/package.nix Normal file
View File

@ -0,0 +1,69 @@
{
lib,
stdenv,
fetchurl,
fetchpatch,
autoreconfHook,
libogg,
libvorbis,
pkg-config,
testers,
validatePkgConfig,
}:
stdenv.mkDerivation (finalAttrs: {
pname = "libtheora";
version = "1.1.1";
src = fetchurl {
url = "https://downloads.xiph.org/releases/theora/libtheora-${finalAttrs.version}.tar.gz";
hash = "sha256-QJUpVsR4EZKNHnkizaO8H0J+t1aAw8NySckelJBUkWs=";
};
patches = [
# fix error in autoconf scripts
(fetchpatch {
url = "https://github.com/xiph/theora/commit/28cc6dbd9b2a141df94f60993256a5fca368fa54.diff";
hash = "sha256-M/UULkiklvEay7LyOuCamxWCSvt37QSMzHOsAAnOWJo=";
})
] ++ lib.optionals stdenv.hostPlatform.isMinGW [ ./mingw-remove-export.patch ];
configureFlags = [ "--disable-examples" ];
outputs = [
"out"
"dev"
"devdoc"
];
outputDoc = "devdoc";
nativeBuildInputs = [
autoreconfHook
pkg-config
validatePkgConfig
];
propagatedBuildInputs = [
libogg
libvorbis
];
passthru = {
tests.pkg-config = testers.hasPkgConfigModules {
package = finalAttrs.finalPackage;
moduleNames = [
"theora"
"theoradec"
"theoraenc"
];
};
};
meta = {
description = "Library for Theora, a free and open video compression format";
homepage = "https://www.theora.org/";
license = lib.licenses.bsd3;
maintainers = with lib.maintainers; [ getchoo ];
platforms = lib.platforms.unix ++ lib.platforms.windows;
};
})

12
pkgs/by-name/me/meson/000-nixpkgs-cmake-prefix-path.patch Normal file
View File

@ -0,0 +1,12 @@
diff --git a/mesonbuild/dependencies/data/CMakePathInfo.txt b/mesonbuild/dependencies/data/CMakePathInfo.txt
index 662ec58..4d5f4e4 100644
--- a/mesonbuild/dependencies/data/CMakePathInfo.txt
+++ b/mesonbuild/dependencies/data/CMakePathInfo.txt
@@ -5,6 +5,7 @@ list(APPEND TMP_PATHS_LIST ${CMAKE_PREFIX_PATH})
list(APPEND TMP_PATHS_LIST ${CMAKE_FRAMEWORK_PATH})
list(APPEND TMP_PATHS_LIST ${CMAKE_APPBUNDLE_PATH})
list(APPEND TMP_PATHS_LIST $ENV{CMAKE_PREFIX_PATH})
+list(APPEND TMP_PATHS_LIST $ENV{NIXPKGS_CMAKE_PREFIX_PATH})
list(APPEND TMP_PATHS_LIST $ENV{CMAKE_FRAMEWORK_PATH})
list(APPEND TMP_PATHS_LIST $ENV{CMAKE_APPBUNDLE_PATH})
list(APPEND TMP_PATHS_LIST ${CMAKE_SYSTEM_PREFIX_PATH})

87
pkgs/by-name/me/meson/007-case-sensitive-fs.patch Normal file
View File

@ -0,0 +1,87 @@
From a6fb2c165cda4bbf315424c96165ec9cc7052363 Mon Sep 17 00:00:00 2001
From: Randy Eckenrode <randy@largeandhighquality.com>
Date: Wed, 3 Apr 2024 17:35:56 -0400
Subject: [PATCH] dependencies: find extraframeworks on case-sensitive
filesystems
Fixes a test failure on case-sensitive filesystems when a CMake
dependency is turned into an Apple framework.
---
mesonbuild/dependencies/framework.py | 9 +++++++--
test cases/osx/11 case sensitive apfs/meson.build | 5 +++++
test cases/osx/11 case sensitive apfs/prog.c | 3 +++
test cases/osx/11 case sensitive apfs/test.json | 5 +++++
4 files changed, 20 insertions(+), 2 deletions(-)
create mode 100644 test cases/osx/11 case sensitive apfs/meson.build
create mode 100644 test cases/osx/11 case sensitive apfs/prog.c
create mode 100644 test cases/osx/11 case sensitive apfs/test.json
diff --git a/mesonbuild/dependencies/framework.py b/mesonbuild/dependencies/framework.py
index 3c880c7430af..1fbd628235ba 100644
--- a/mesonbuild/dependencies/framework.py
+++ b/mesonbuild/dependencies/framework.py
@@ -47,6 +47,7 @@ def detect(self, name: str, paths: T.List[str]) -> None:
framework_path = self._get_framework_path(p, name)
if framework_path is None:
continue
+ framework_name = framework_path.stem
# We want to prefer the specified paths (in order) over the system
# paths since these are "extra" frameworks.
# For example, Python2's framework is in /System/Library/Frameworks and
@@ -54,11 +55,15 @@ def detect(self, name: str, paths: T.List[str]) -> None:
# Python.framework. We need to know for sure that the framework was
# found in the path we expect.
allow_system = p in self.system_framework_paths
- args = self.clib_compiler.find_framework(name, self.env, [p], allow_system)
+ args = self.clib_compiler.find_framework(framework_name, self.env, [p], allow_system)
if args is None:
continue
self.link_args = args
self.framework_path = framework_path.as_posix()
+ # The search is done case-insensitively, so the found name may differ
+ # from the one that was requested. Setting the name ensures the correct
+ # one is used when linking on case-sensitive filesystems.
+ self.name = framework_name
self.compile_args = ['-F' + self.framework_path]
# We need to also add -I includes to the framework because all
# cross-platform projects such as OpenGL, Python, Qt, GStreamer,
@@ -74,7 +79,7 @@ def _get_framework_path(self, path: str, name: str) -> T.Optional[Path]:
p = Path(path)
lname = name.lower()
for d in p.glob('*.framework/'):
- if lname == d.name.rsplit('.', 1)[0].lower():
+ if lname == d.stem.lower():
return d
return None
diff --git a/test cases/osx/11 case sensitive apfs/meson.build b/test cases/osx/11 case sensitive apfs/meson.build
new file mode 100644
index 000000000000..dd566b185f28
--- /dev/null
+++ b/test cases/osx/11 case sensitive apfs/meson.build
@@ -0,0 +1,5 @@
+project('case-sensitive APFS with extra frameworks test', 'c')
+
+dep = dependency('FoUnDaTiOn')
+
+exe = executable('prog', 'prog.c', install : true, dependencies: dep)
diff --git a/test cases/osx/11 case sensitive apfs/prog.c b/test cases/osx/11 case sensitive apfs/prog.c
new file mode 100644
index 000000000000..9b6bdc2ec2f0
--- /dev/null
+++ b/test cases/osx/11 case sensitive apfs/prog.c
@@ -0,0 +1,3 @@
+int main(void) {
+ return 0;
+}
diff --git a/test cases/osx/11 case sensitive apfs/test.json b/test cases/osx/11 case sensitive apfs/test.json
new file mode 100644
index 000000000000..a883714eaa27
--- /dev/null
+++ b/test cases/osx/11 case sensitive apfs/test.json
@@ -0,0 +1,5 @@
+{
+ "installed": [
+ {"type": "file", "file": "usr/bin/prog"}
+ ]
+}

32
pkgs/by-name/me/meson/package.nix
View File

@ -21,16 +21,19 @@ let
in
python3.pkgs.buildPythonApplication rec {
pname = "meson";
version = "1.4.1";
version = "1.5.1";
src = fetchFromGitHub {
owner = "mesonbuild";
repo = "meson";
rev = "refs/tags/${version}";
hash = "sha256-RBE4AUF5fymUA87JEDWtpUFXmVPFzdhZgDI7/kscTx4=";
hash = "sha256-BqsEO1a93a8d7/UH232buSPBt+WSNJbw1DGYA2nm9rs=";
};
patches = [
# Nixpkgs cmake uses NIXPKGS_CMAKE_PREFIX_PATH for the search path
./000-nixpkgs-cmake-prefix-path.patch
# In typical distributions, RPATH is only needed for internal libraries so
# meson removes everything else. With Nix, the locations of libraries
# are not as predictable, therefore we need to keep them in the RPATH.
@ -72,14 +75,22 @@ python3.pkgs.buildPythonApplication rec {
# This edge case is explicitly part of meson but is wrong for nix
./007-freebsd-pkgconfig-path.patch
# Find boost via pkg-config
# https://github.com/NixOS/nixpkgs/issues/86131
# Already merged upstream PR: https://github.com/mesonbuild/meson/pull/13272
# FIXME: Will be in meson 1.5.0
(fetchpatch {
name = "find-boost-pkg-config.patch";
url = "https://github.com/mesonbuild/meson/commit/c21b886ba8a60cce7fa56e4be40bd7547129fb00.patch";
hash = "sha256-uSilNuSx9yd1cxs0XVLcLw4MOXEd2uIe2g+wk+SBqeU=";
name = "tests-skip-framework-recasting-if-CMake-unavailable.patch";
url = "https://github.com/mesonbuild/meson/commit/8a8a3a0578fd8d5a8720a7a706f6f3b99e857f9c.patch";
hash = "sha256-XkwNQ5eg/fVekhsFg/V2/S2LbIVGz3H0wsSFlUT3ZZE=";
})
# Fix extraframework lookup on case-sensitive APFS.
# https://github.com/mesonbuild/meson/pull/13038
./007-case-sensitive-fs.patch
# Fix meson's detection for zig's linker
# https://github.com/mesonbuild/meson/pull/12293
(fetchpatch {
name = "linker-support-zig-cc.patch";
url = "https://github.com/mesonbuild/meson/pull/12293/commits/2baae244c995794d9addfe6ed924dfa72f01be82.patch";
hash = "sha256-dDOmSRBKl/gs7I3kmLXIyQk3zsOdlaYov72pPSel4+I=";
})
];
@ -133,6 +144,9 @@ python3.pkgs.buildPythonApplication rec {
''test cases/linuxlike/14 static dynamic linkage''
# Nixpkgs cctools does not have bitcode support.
''test cases/osx/7 bitcode''
] ++ lib.optionals stdenv.isDarwin [
# requires llvmPackages.openmp, creating cyclic dependency
''test cases/common/184 openmp''
] ++ lib.optionals stdenv.isFreeBSD [
# pch doesn't work quite right on FreeBSD, I think
''test cases/common/13 pch''

5
pkgs/by-name/pa/pahole/package.nix
View File

@ -36,6 +36,11 @@ stdenv.mkDerivation rec {
url = "https://github.com/acmel/dwarves/commit/6a2b27c0f512619b0e7a769a18a0fb05bb3789a5.patch";
hash = "sha256-Le1BAew/a/QKkYNLgSQxEvZ9mEEglUw8URwz1kiheeE=";
})
(fetchpatch {
name = "fix-clang-btf-generation-bug-2.patch";
url = "https://github.com/acmel/dwarves/commit/94a01bde592c555b3eb526aeb4c2ad695c5660d8.patch";
hash = "sha256-SMIxLEBjBkprAqVNX1h7nXxAsgbwvCD/Bz7c1ekwg5w=";
})
];
# Put libraries in "lib" subdirectory, not top level of $out

4
pkgs/by-name/wa/waf/package.nix
View File

@ -10,13 +10,13 @@
stdenv.mkDerivation (finalAttrs: {
pname = "waf";
version = "2.1.1";
version = "2.1.2";
src = fetchFromGitLab {
owner = "ita1024";
repo = "waf";
rev = "waf-${finalAttrs.version}";
hash = "sha256-38u8DJ1KLkb7FfeCr+1e5UBE3Qkx1q2FBsm5HDXnunQ=";
hash = "sha256-/7V+GA3YBhdaJkDlZ1k4IUYkgh0yuTG09G+frnnMoIw=";
};
nativeBuildInputs = [

10
pkgs/data/misc/publicsuffix-list/default.nix
View File

@ -1,14 +1,14 @@
{ lib, stdenvNoCC, fetchFromGitHub }:
{ lib, stdenvNoCC, fetchFromGitHub, unstableGitUpdater }:
stdenvNoCC.mkDerivation {
pname = "publicsuffix-list";
version = "0-unstable-2024-01-07";
version = "0-unstable-2024-06-19";
src = fetchFromGitHub {
owner = "publicsuffix";
repo = "list";
rev = "5db9b65997e3c9230ac4353b01994c2ae9667cb9";
hash = "sha256-kIJVS2ETAXQa1MMG8cjRUSFUn+jm9jBWH8go3L+lqHE=";
rev = "92c74a6cde6092a5e80531c0662e1055abeb975e";
hash = "sha256-fkfjR2A2nf3/F16Pn0hCwXtAd26TbUVA5gIv+J4DOjc=";
};
dontBuild = true;
@ -21,6 +21,8 @@ stdenvNoCC.mkDerivation {
runHook postInstall
'';
passthru.updateScript = unstableGitUpdater { };
meta = with lib; {
homepage = "https://publicsuffix.org/";
description = "Cross-vendor public domain suffix database";

44
pkgs/development/compilers/arocc/default.nix Normal file
View File

@ -0,0 +1,44 @@
{
lib,
fetchFromGitHub,
callPackage,
zig_0_13,
}:
let
versions = [
{
zig = zig_0_13;
version = "0-unstable-06-01";
src = fetchFromGitHub {
owner = "Vexu";
repo = "arocc";
rev = "55cb6d1b682b83f75ad4f60e34c6fcd2336e8531";
hash = "sha256-xs3zNQIC5drrQYT4nxL7Q69xSEdbdMv5+3hQpsX3q5A=";
};
}
];
mkPackage =
{
zig,
version,
src,
}:
callPackage ./package.nix { inherit zig version src; };
pkgsList = lib.map mkPackage versions;
pkgsAttrsUnwrapped = lib.listToAttrs (
lib.map (pkg: lib.nameValuePair "${pkg.version}-unwrapped" pkg) pkgsList
);
pkgsAttrsWrapped = lib.listToAttrs (
lib.map (pkg: lib.nameValuePair pkg.version pkg.wrapped) pkgsList
);
pkgsAttrs = pkgsAttrsWrapped // pkgsAttrsUnwrapped;
in
{
latest-unwrapped = lib.last pkgsList;
latest = (lib.last pkgsList).wrapped;
}
// pkgsAttrs

33
pkgs/development/compilers/arocc/package.nix Normal file
View File

@ -0,0 +1,33 @@
{
lib,
stdenv,
wrapCCWith,
overrideCC,
zig,
version,
src,
}:
stdenv.mkDerivation (finalAttrs: {
pname = "arocc";
inherit version src;
nativeBuildInputs = [ zig.hook ];
passthru = {
inherit zig;
isArocc = true;
wrapped = wrapCCWith { cc = finalAttrs.finalPackage; };
stdenv = overrideCC stdenv finalAttrs.passthru.wrapped;
};
meta = {
description = "C compiler written in Zig.";
homepage = "http://aro.vexu.eu/";
license = with lib.licenses; [
mit
unicode-30
];
maintainers = with lib.maintainers; [ RossComputerGuy ];
mainProgram = "arocc";
};
})

7
pkgs/development/compilers/gcc/default.nix
View File

@ -431,6 +431,13 @@ pipe ((callFile ./common/builder.nix {}) ({
) "stackclashprotection"
++ optional (!atLeast11) "zerocallusedregs"
++ optionals (!atLeast12) [ "fortify3" "trivialautovarinit" ]
++ optional (!(
atLeast8
&& targetPlatform.isLinux
&& targetPlatform.isx86_64
&& targetPlatform.libc == "glibc"
)) "shadowstack"
++ optional (!(atLeast9 && targetPlatform.isLinux && targetPlatform.isAarch64)) "pacret"
++ optionals (langFortran) [ "fortify" "format" ];
};

13
pkgs/development/compilers/glslang/default.nix
View File

@ -18,6 +18,8 @@ stdenv.mkDerivation rec {
hash = "sha256-slKBFq6NyWHQmJq/YR3LmbGnHyZgRg0hej90tZDOGzA=";
};
outputs = [ "bin" "out" "dev" ];
# These get set at all-packages, keep onto them for child drvs
passthru = {
spirv-tools = spirv-tools;
@ -33,16 +35,19 @@ stdenv.mkDerivation rec {
# This is a dirty fix for lib/cmake/SPIRVTargets.cmake:51 which includes this directory
postInstall = ''
mkdir $out/include/External
mkdir -p $dev/include/External
moveToOutput lib/pkgconfig "''${!outputDev}"
moveToOutput lib/cmake "''${!outputDev}"
'';
# Fix the paths in .pc, even though it's unclear if these .pc are really useful.
postFixup = ''
substituteInPlace $out/lib/pkgconfig/*.pc \
--replace '=''${prefix}//' '=/'
substituteInPlace $dev/lib/pkgconfig/*.pc \
--replace-fail '=''${prefix}//' '=/' \
--replace-fail "includedir=$dev/$dev" "includedir=$dev"
# add a symlink for backwards compatibility
ln -s $out/bin/glslang $out/bin/glslangValidator
ln -s $bin/bin/glslang $bin/bin/glslangValidator
'';
meta = with lib; {

10
pkgs/development/compilers/llvm/common/clang/default.nix
View File

@ -138,6 +138,16 @@ let
isClang = true;
hardeningUnsupportedFlagsByTargetPlatform = targetPlatform:
[ "fortify3" ]
++ lib.optional (
(lib.versionOlder release_version "7")
|| !targetPlatform.isLinux
|| !targetPlatform.isx86_64
) "shadowstack"
++ lib.optional (
(lib.versionOlder release_version "8")
|| !targetPlatform.isAarch64
|| !targetPlatform.isLinux
) "pacret"
++ lib.optional (
(lib.versionOlder release_version "11")
|| (targetPlatform.isAarch64 && (lib.versionOlder release_version "18.1"))

1
pkgs/development/compilers/llvm/common/llvm/default.nix
View File

@ -104,6 +104,7 @@ stdenv.mkDerivation (rec {
hardeningDisable = [
"trivialautovarinit"
"shadowstack"
];
nativeBuildInputs = [ cmake ]

157
pkgs/development/compilers/rust/1_79.nix
View File

@ -9,52 +9,129 @@
# https://github.com/rust-lang/rust/blob/<version-tag>/.gitmodules
# 3. Firefox and Thunderbird should still build on x86_64-linux.
{ stdenv, lib
, newScope, callPackage
, CoreFoundation, Security, SystemConfiguration
, pkgsBuildTarget, pkgsBuildBuild, pkgsBuildHost, pkgsTargetTarget
, makeRustPlatform
, wrapRustcWith
, llvmPackages_18, llvm_18
} @ args:
{
stdenv,
lib,
newScope,
callPackage,
CoreFoundation,
Security,
SystemConfiguration,
pkgsBuildTarget,
pkgsBuildBuild,
pkgsBuildHost,
pkgsTargetTarget,
makeRustPlatform,
wrapRustcWith,
llvmPackages_18,
llvm_18,
wrapCCWith,
overrideCC,
}@args:
let
llvmSharedFor =
pkgSet:
pkgSet.llvmPackages_18.libllvm.override (
{
enableSharedLibraries = true;
}
// lib.optionalAttrs (stdenv.targetPlatform.useLLVM or false) {
# Force LLVM to compile using clang + LLVM libs when targeting pkgsLLVM
stdenv = pkgSet.stdenv.override {
allowedRequisites = null;
cc = pkgSet.llvmPackages_18.clangUseLLVM;
};
}
);
in
import ./default.nix
{
rustcVersion = "1.79.0";
rustcSha256 = "sha256-Fy7PPH0fnZ+xbNKmKIaXgmcEFt7QEp5SSoZ1H5YUSMA=";
import ./default.nix {
rustcVersion = "1.79.0";
rustcSha256 = "sha256-Fy7PPH0fnZ+xbNKmKIaXgmcEFt7QEp5SSoZ1H5YUSMA=";
llvmSharedForBuild = llvmSharedFor pkgsBuildBuild;
llvmSharedForHost = llvmSharedFor pkgsBuildHost;
llvmSharedForTarget = llvmSharedFor pkgsBuildTarget;
llvmSharedForBuild = pkgsBuildBuild.llvmPackages_18.libllvm.override { enableSharedLibraries = true; };
llvmSharedForHost = pkgsBuildHost.llvmPackages_18.libllvm.override { enableSharedLibraries = true; };
llvmSharedForTarget = pkgsBuildTarget.llvmPackages_18.libllvm.override { enableSharedLibraries = true; };
# For use at runtime
llvmShared = llvmSharedFor { inherit llvmPackages_18 stdenv; };
# For use at runtime
llvmShared = llvm_18.override { enableSharedLibraries = true; };
# Expose llvmPackages used for rustc from rustc via passthru for LTO in Firefox
llvmPackages =
if (stdenv.targetPlatform.useLLVM or false) then
callPackage (
{
pkgs,
bootBintoolsNoLibc ? if stdenv.targetPlatform.linker == "lld" then null else pkgs.bintoolsNoLibc,
bootBintools ? if stdenv.targetPlatform.linker == "lld" then null else pkgs.bintools,
}:
let
llvmPackages = llvmPackages_18;
# Expose llvmPackages used for rustc from rustc via passthru for LTO in Firefox
llvmPackages = llvmPackages_18;
setStdenv =
pkg:
pkg.override {
stdenv = stdenv.override {
allowedRequisites = null;
cc = llvmPackages.clangUseLLVM;
};
};
in
rec {
inherit (llvmPackages) bintools;
# Note: the version MUST be one version prior to the version we're
# building
bootstrapVersion = "1.78.0";
libunwind = setStdenv llvmPackages.libunwind;
llvm = setStdenv llvmPackages.llvm;
# fetch hashes by running `print-hashes.sh ${bootstrapVersion}`
bootstrapHashes = {
i686-unknown-linux-gnu = "8f3f5d2ab7b609ab30d584cfb5cecc3d8b16d2620fffb7643383c8a0a3881e21";
x86_64-unknown-linux-gnu = "1307747915e8bd925f4d5396ab2ae3d8d9c7fad564afbc358c081683d0f22e87";
x86_64-unknown-linux-musl = "c11ab908cbffbe98097d99ed62f5db00aa98496520b1e09583a151d36df7fca4";
arm-unknown-linux-gnueabihf = "2a2b1cf93b31e429624380e5b0d2bcce327274f8593b63657b863e38831f6421";
armv7-unknown-linux-gnueabihf = "fcce5ddb4f55bbdc9a1359a4cb6e65f2ff790d59ad228102cd472112ea65d3fe";
aarch64-unknown-linux-gnu = "131eda738cd977fff2c912e5838e8e9b9c260ecddc1247c0fe5473bf09c594af";
aarch64-unknown-linux-musl = "f328bcf109bf3eae01559b53939a9afbdb70ef30429f95109f7ea21030d60dfa";
x86_64-apple-darwin = "6c91ed3bd90253961fcb4a2991b8b22e042e2aaa9aba9f389f1e17008171d898";
aarch64-apple-darwin = "3be74c31ee8dc4f1d49e2f2888228de374138eaeca1876d0c1b1a61df6023b3b";
powerpc64le-unknown-linux-gnu = "c5aedb12c552daa18072e386697205fb7b91cef1e8791fe6fb74834723851388";
riscv64gc-unknown-linux-gnu = "847a925ace172d4c0a8d3da8d755b8678071ef73e659886128a3103bb896dcd9";
x86_64-unknown-freebsd = "b9cc84c60deb8da08a6c876426f8721758f4c7e7c553b4554385752ad37c63df";
};
libcxx = llvmPackages.libcxx.override {
stdenv = stdenv.override {
allowedRequisites = null;
cc = llvmPackages.clangNoLibcxx;
hostPlatform = stdenv.hostPlatform // {
useLLVM = !stdenv.isDarwin;
};
};
inherit libunwind;
};
selectRustPackage = pkgs: pkgs.rust_1_79;
clangUseLLVM = llvmPackages.clangUseLLVM.override { inherit libcxx; };
rustcPatches = [ ];
}
stdenv = overrideCC args.stdenv clangUseLLVM;
}
) { }
else
llvmPackages_18;
(builtins.removeAttrs args [ "llvmPackages_18" "llvm_18"])
# Note: the version MUST be one version prior to the version we're
# building
bootstrapVersion = "1.78.0";
# fetch hashes by running `print-hashes.sh ${bootstrapVersion}`
bootstrapHashes = {
i686-unknown-linux-gnu = "8f3f5d2ab7b609ab30d584cfb5cecc3d8b16d2620fffb7643383c8a0a3881e21";
x86_64-unknown-linux-gnu = "1307747915e8bd925f4d5396ab2ae3d8d9c7fad564afbc358c081683d0f22e87";
x86_64-unknown-linux-musl = "c11ab908cbffbe98097d99ed62f5db00aa98496520b1e09583a151d36df7fca4";
arm-unknown-linux-gnueabihf = "2a2b1cf93b31e429624380e5b0d2bcce327274f8593b63657b863e38831f6421";
armv7-unknown-linux-gnueabihf = "fcce5ddb4f55bbdc9a1359a4cb6e65f2ff790d59ad228102cd472112ea65d3fe";
aarch64-unknown-linux-gnu = "131eda738cd977fff2c912e5838e8e9b9c260ecddc1247c0fe5473bf09c594af";
aarch64-unknown-linux-musl = "f328bcf109bf3eae01559b53939a9afbdb70ef30429f95109f7ea21030d60dfa";
x86_64-apple-darwin = "6c91ed3bd90253961fcb4a2991b8b22e042e2aaa9aba9f389f1e17008171d898";
aarch64-apple-darwin = "3be74c31ee8dc4f1d49e2f2888228de374138eaeca1876d0c1b1a61df6023b3b";
powerpc64le-unknown-linux-gnu = "c5aedb12c552daa18072e386697205fb7b91cef1e8791fe6fb74834723851388";
riscv64gc-unknown-linux-gnu = "847a925ace172d4c0a8d3da8d755b8678071ef73e659886128a3103bb896dcd9";
x86_64-unknown-freebsd = "b9cc84c60deb8da08a6c876426f8721758f4c7e7c553b4554385752ad37c63df";
};
selectRustPackage = pkgs: pkgs.rust_1_79;
rustcPatches = [ ];
}
(
builtins.removeAttrs args [
"llvmPackages_18"
"llvm_18"
"wrapCCWith"
"overrideCC"
]
)

29
pkgs/development/compilers/rust/rustc.nix
View File

@ -1,6 +1,6 @@
{ lib, stdenv, removeReferencesTo, pkgsBuildBuild, pkgsBuildHost, pkgsBuildTarget, targetPackages
, llvmShared, llvmSharedForBuild, llvmSharedForHost, llvmSharedForTarget, llvmPackages
, fetchurl, file, python3
, runCommandLocal, fetchurl, file, python3
, darwin, cargo, cmake, rustc, rustfmt
, pkg-config, openssl, xz
, libiconv
@ -24,6 +24,7 @@
let
inherit (lib) optionals optional optionalString concatStringsSep;
inherit (darwin.apple_sdk.frameworks) Security;
useLLVM = stdenv.targetPlatform.useLLVM or false;
in stdenv.mkDerivation (finalAttrs: {
pname = "${targetPackages.stdenv.cc.targetPrefix}rustc";
inherit version;
@ -66,14 +67,16 @@ in stdenv.mkDerivation (finalAttrs: {
# when linking stage1 libstd: cc: undefined reference to `__cxa_begin_catch'
# This doesn't apply to cross-building for FreeBSD because the host
# uses libstdc++, but the target (used for building std) uses libc++
optional (stdenv.isLinux && !withBundledLLVM && !stdenv.targetPlatform.isFreeBSD) "--push-state --as-needed -lstdc++ --pop-state"
optional (stdenv.isLinux && !withBundledLLVM && !stdenv.targetPlatform.isFreeBSD && !useLLVM)
"--push-state --as-needed -lstdc++ --pop-state"
++ optional (stdenv.isLinux && !withBundledLLVM && !stdenv.targetPlatform.isFreeBSD && useLLVM)
"--push-state --as-needed -L${llvmPackages.libcxx}/lib -lc++ -lc++abi -lLLVM-${lib.versions.major llvmPackages.llvm.version} --pop-state"
++ optional (stdenv.isDarwin && !withBundledLLVM) "-lc++ -lc++abi"
++ optional stdenv.isFreeBSD "-rpath ${llvmPackages.libunwind}/lib"
++ optional stdenv.isDarwin "-rpath ${llvmSharedForHost}/lib");
++ optional stdenv.isDarwin "-rpath ${llvmSharedForHost.lib}/lib");
# Increase codegen units to introduce parallelism within the compiler.
RUSTFLAGS = "-Ccodegen-units=10";
RUSTDOCFLAGS = "-A rustdoc::broken-intra-doc-links";
# We need rust to build rust. If we don't provide it, configure will try to download it.
@ -152,7 +155,7 @@ in stdenv.mkDerivation (finalAttrs: {
# Since fastCross only builds std, it doesn't make sense (and
# doesn't work) to build a linker.
"--disable-llvm-bitcode-linker"
] ++ optionals (stdenv.isLinux && !stdenv.targetPlatform.isRedox) [
] ++ optionals (stdenv.isLinux && !stdenv.targetPlatform.isRedox && !(stdenv.targetPlatform.useLLVM or false)) [
"--enable-profiler" # build libprofiler_builtins
] ++ optionals stdenv.buildPlatform.isMusl [
"${setBuild}.musl-root=${pkgsBuildBuild.targetPackages.stdenv.cc.libc}"
@ -165,6 +168,10 @@ in stdenv.mkDerivation (finalAttrs: {
] ++ optionals (stdenv.isDarwin && stdenv.isx86_64) [
# https://github.com/rust-lang/rust/issues/92173
"--set rust.jemalloc"
] ++ optionals useLLVM [
# https://github.com/NixOS/nixpkgs/issues/311930
"--llvm-libunwind=${if withBundledLLVM then "in-tree" else "system"}"
"--enable-use-libcxx"
];
# if we already have a rust compiler for build just compile the target std
@ -189,6 +196,7 @@ in stdenv.mkDerivation (finalAttrs: {
python ./x.py --keep-stage=0 --stage=1 install library/std
mkdir -v $out/bin $doc $man
ln -s ${rustc.unwrapped}/bin/{rustc,rustdoc} $out/bin
rm -rf -v $out/lib/rustlib/{manifest-rust-std-,}${stdenv.hostPlatform.rust.rustcTargetSpec}
ln -s ${rustc.unwrapped}/lib/rustlib/{manifest-rust-std-,}${stdenv.hostPlatform.rust.rustcTargetSpec} $out/lib/rustlib/
echo rust-std-${stdenv.hostPlatform.rust.rustcTargetSpec} >> $out/lib/rustlib/components
lndir ${rustc.doc} $doc
@ -248,7 +256,16 @@ in stdenv.mkDerivation (finalAttrs: {
buildInputs = [ openssl ]
++ optionals stdenv.isDarwin [ libiconv Security ]
++ optional (!withBundledLLVM) llvmShared;
++ optional (!withBundledLLVM) llvmShared.lib
++ optional (useLLVM && !withBundledLLVM) [
llvmPackages.libunwind
# Hack which is used upstream https://github.com/gentoo/gentoo/blob/master/dev-lang/rust/rust-1.78.0.ebuild#L284
(runCommandLocal "libunwind-libgcc" {} ''
mkdir -p $out/lib
ln -s ${llvmPackages.libunwind}/lib/libunwind.so $out/lib/libgcc_s.so
ln -s ${llvmPackages.libunwind}/lib/libunwind.so $out/lib/libgcc_s.so.1
'')
];
outputs = [ "out" "man" "doc" ];
setOutputFlags = false;

9
pkgs/development/compilers/vala/setup-hook.sh
View File

@ -7,15 +7,6 @@ make_vala_find_vapi_files() {
addEnvHooks "$targetOffset" make_vala_find_vapi_files
disable_incompabile_pointer_conversion_warning() {
# Work around incompatible function pointer conversion errors with clang 16
# by setting ``-Wno-incompatible-function-pointer-types` in an env hook.
# See https://gitlab.gnome.org/GNOME/vala/-/issues/1413.
NIX_CFLAGS_COMPILE+=" -Wno-incompatible-function-pointer-types"
}
addEnvHooks "$hostOffset" disable_incompabile_pointer_conversion_warning
_multioutMoveVapiDirs() {
moveToOutput share/vala/vapi "${!outputDev}"
moveToOutput share/vala-@apiVersion@/vapi "${!outputDev}"

2
pkgs/development/compilers/zig/0.10/default.nix
View File

@ -89,6 +89,8 @@ stdenv.mkDerivation (finalAttrs: {
passthru = {
hook = callPackage ./hook.nix { zig = finalAttrs.finalPackage; };
cc = callPackage ../cc.nix { zig = finalAttrs.finalPackage; };
stdenv = callPackage ../stdenv.nix { zig = finalAttrs.finalPackage; };
tests = {
version = testers.testVersion {
package = finalAttrs.finalPackage;

2
pkgs/development/compilers/zig/0.11/default.nix
View File

@ -83,6 +83,8 @@ stdenv.mkDerivation (finalAttrs: {
passthru = {
hook = callPackage ./hook.nix { zig = finalAttrs.finalPackage; };
cc = callPackage ../cc.nix { zig = finalAttrs.finalPackage; };
stdenv = callPackage ../stdenv.nix { zig = finalAttrs.finalPackage; };
tests = {
version = testers.testVersion {
package = finalAttrs.finalPackage;

2
pkgs/development/compilers/zig/0.12/default.nix
View File

@ -95,6 +95,8 @@ stdenv.mkDerivation (finalAttrs: {
passthru = {
hook = callPackage ./hook.nix { zig = finalAttrs.finalPackage; };
cc = callPackage ../cc.nix { zig = finalAttrs.finalPackage; };
stdenv = callPackage ../stdenv.nix { zig = finalAttrs.finalPackage; };
tests = {
version = testers.testVersion {
package = finalAttrs.finalPackage;

2
pkgs/development/compilers/zig/0.13/default.nix
View File

@ -95,6 +95,8 @@ stdenv.mkDerivation (finalAttrs: {
passthru = {
hook = callPackage ./hook.nix { zig = finalAttrs.finalPackage; };
cc = callPackage ../cc.nix { zig = finalAttrs.finalPackage; };
stdenv = callPackage ../stdenv.nix { zig = finalAttrs.finalPackage; };
tests = {
version = testers.testVersion {
package = finalAttrs.finalPackage;

2
pkgs/development/compilers/zig/0.9/default.nix
View File

@ -91,6 +91,8 @@ stdenv.mkDerivation (finalAttrs: {
passthru = {
hook = callPackage ./hook.nix { zig = finalAttrs.finalPackage; };
cc = callPackage ../cc.nix { zig = finalAttrs.finalPackage; };
stdenv = callPackage ../stdenv.nix { zig = finalAttrs.finalPackage; };
tests = {
version = testers.testVersion {
package = finalAttrs.finalPackage;

42
pkgs/development/compilers/zig/cc.nix Normal file
View File

@ -0,0 +1,42 @@
{
lib,
wrapCCWith,
makeWrapper,
runCommand,
targetPlatform,
targetPackages,
zig,
}:
wrapCCWith {
cc =
runCommand "zig-cc-${zig.version}"
{
pname = "zig-cc";
inherit (zig) version meta;
nativeBuildInputs = [ makeWrapper ];
passthru.isZig = true;
inherit zig;
}
''
mkdir -p $out/bin
for tool in ar cc c++ objcopy; do
makeWrapper "$zig/bin/zig" "$out/bin/$tool" \
--add-flags "$tool" \
--run "export ZIG_GLOBAL_CACHE_DIR=\$(mktemp -d)"
done
mv $out/bin/c++ $out/bin/clang++
mv $out/bin/cc $out/bin/clang
'';
nixSupport.cc-cflags =
[
"-target"
"${targetPlatform.parsed.cpu.name}-${targetPlatform.parsed.kernel.name}-${targetPlatform.parsed.abi.name}"
]
++ lib.optional (
targetPlatform.isLinux && !(targetPackages.isStatic or false)
) "-Wl,-dynamic-linker=${targetPackages.stdenv.cc.bintools.dynamicLinker}";
}

6
pkgs/development/compilers/zig/generic.nix
View File

@ -71,6 +71,12 @@ stdenv.mkDerivation (finalAttrs: {
hook = callPackage ./hook.nix {
zig = finalAttrs.finalPackage;
};
cc = callPackage ./cc.nix {
zig = finalAttrs.finalPackage;
};
stdenv = callPackage ./stdenv.nix {
zig = finalAttrs.finalPackage;
};
};
meta = {

6
pkgs/development/compilers/zig/stdenv.nix Normal file
View File

@ -0,0 +1,6 @@
{
stdenv,
overrideCC,
zig,
}:
overrideCC stdenv zig.cc

32
pkgs/development/haskell-modules/generic-builder.nix
View File

@ -150,35 +150,6 @@ assert stdenv.hostPlatform.isWasm -> enableStaticLibraries == false;
let
# This is a workaround for the 2024-07-20 staging-next cycle to avoid causing mass rebuilds.
# todo(@reckenrode) Remove this workaround and remove `NIX_COREFOUNDATION_RPATH`, the related hooks, and ld-wrapper support.
nixCoreFoundationRpathWorkaround = stdenv.mkDerivation {
name = "nix-corefoundation-rpath-workaround";
buildCommand = ''
mkdir -p "$out/nix-support"
cat <<-EOF > "$out/nix-support/setup-hook"
removeUseSystemCoreFoundationFrameworkHook() {
unset NIX_COREFOUNDATION_RPATH
local _hook
for _hook in envBuildBuildHooks envBuildHostHooks envBuildTargetHooks envHostHostHooks envHostTargetHooks envTargetTargetHooks; do
local _index=0
local _var="\$_hook[@]"
for _var in "\''${!_var}"; do
if [ "\$_var" = "useSystemCoreFoundationFramework" ]; then
unset "\$_hook[\$_index]"
fi
((++_index))
done
unset _index
unset _var
done
unset _hook
}
addEnvHooks "\$hostOffset" removeUseSystemCoreFoundationFrameworkHook
EOF
'';
};
inherit (lib) optional optionals optionalString versionAtLeast
concatStringsSep enableFeature optionalAttrs;
@ -459,8 +430,7 @@ stdenv.mkDerivation ({
inherit depsBuildBuild nativeBuildInputs;
buildInputs = otherBuildInputs ++ optionals (!isLibrary) propagatedBuildInputs
# For patchShebangsAuto in fixupPhase
++ optionals stdenv.hostPlatform.isGhcjs [ nodejs ]
++ optionals (stdenv.isDarwin && stdenv.isx86_64) [ nixCoreFoundationRpathWorkaround ];
++ optionals stdenv.hostPlatform.isGhcjs [ nodejs ];
propagatedBuildInputs = optionals isLibrary propagatedBuildInputs;
LANG = "en_US.UTF-8"; # GHC needs the locale configured during the Haddock phase.

8
pkgs/development/interpreters/ruby/default.nix
View File

@ -173,14 +173,6 @@ let
export HOME=$TMPDIR
'';
# Work around useSystemCoreFoundationFramework hook causing issues with the ld64 upgrade.
# This will be fixed on staging in https://github.com/NixOS/nixpkgs/pull/329529
preBuild =
if lib.versionAtLeast ver.majMin "3.3" && stdenv.isDarwin && stdenv.isx86_64 then
"unset NIX_COREFOUNDATION_RPATH"
else
null;
# fails with "16993 tests, 2229489 assertions, 105 failures, 14 errors, 89 skips"
# mostly TZ- and patch-related tests
# TZ- failures are caused by nix sandboxing, I didn't investigate others

192
pkgs/development/libraries/SDL2/default.nix
View File

@ -1,56 +1,57 @@
{ lib
, stdenv
, config
, fetchFromGitHub
, nix-update-script
, pkg-config
, libGLSupported ? lib.elem stdenv.hostPlatform.system lib.platforms.mesaPlatforms
, openglSupport ? libGLSupported
, libGL
, alsaSupport ? stdenv.isLinux && !stdenv.hostPlatform.isAndroid
, alsa-lib
, x11Support ? !stdenv.hostPlatform.isWindows && !stdenv.hostPlatform.isAndroid
, libX11
, xorgproto
, libICE
, libXi
, libXScrnSaver
, libXcursor
, libXinerama
, libXext
, libXxf86vm
, libXrandr
, waylandSupport ? stdenv.isLinux && !stdenv.hostPlatform.isAndroid
, wayland
, wayland-protocols
, wayland-scanner
, drmSupport ? false
, libdrm
, mesa
, libxkbcommon
, dbusSupport ? stdenv.isLinux && !stdenv.hostPlatform.isAndroid
, dbus
, udevSupport ? stdenv.isLinux && !stdenv.hostPlatform.isAndroid
, udev
, ibusSupport ? false
, ibus
, libdecorSupport ? stdenv.isLinux && !stdenv.hostPlatform.isAndroid
, libdecor
, pipewireSupport ? stdenv.isLinux && !stdenv.hostPlatform.isAndroid
, pipewire # NOTE: must be built with SDL2 without pipewire support
, pulseaudioSupport ? config.pulseaudio or stdenv.isLinux && !stdenv.hostPlatform.isAndroid
, libpulseaudio
, AudioUnit
, Cocoa
, CoreAudio
, CoreServices
, ForceFeedback
, OpenGL
, audiofile
, libiconv
, withStatic ? stdenv.hostPlatform.isMinGW
{
lib,
stdenv,
config,
fetchFromGitHub,
nix-update-script,
pkg-config,
libGLSupported ? lib.elem stdenv.hostPlatform.system lib.platforms.mesaPlatforms,
openglSupport ? libGLSupported,
libGL,
alsaSupport ? stdenv.isLinux && !stdenv.hostPlatform.isAndroid,
alsa-lib,
x11Support ? !stdenv.hostPlatform.isWindows && !stdenv.hostPlatform.isAndroid,
libX11,
xorgproto,
libICE,
libXi,
libXScrnSaver,
libXcursor,
libXinerama,
libXext,
libXxf86vm,
libXrandr,
waylandSupport ? stdenv.isLinux && !stdenv.hostPlatform.isAndroid,
wayland,
wayland-protocols,
wayland-scanner,
drmSupport ? false,
libdrm,
mesa,
libxkbcommon,
dbusSupport ? stdenv.isLinux && !stdenv.hostPlatform.isAndroid,
dbus,
udevSupport ? stdenv.isLinux && !stdenv.hostPlatform.isAndroid,
udev,
ibusSupport ? false,
ibus,
libdecorSupport ? stdenv.isLinux && !stdenv.hostPlatform.isAndroid,
libdecor,
pipewireSupport ? stdenv.isLinux && !stdenv.hostPlatform.isAndroid,
pipewire, # NOTE: must be built with SDL2 without pipewire support
pulseaudioSupport ? config.pulseaudio or stdenv.isLinux && !stdenv.hostPlatform.isAndroid,
libpulseaudio,
AudioUnit,
Cocoa,
CoreAudio,
CoreServices,
ForceFeedback,
OpenGL,
audiofile,
libiconv,
withStatic ? stdenv.hostPlatform.isMinGW,
# passthru.tests
, testers
testers,
}:
# NOTE: When editing this expression see if the same change applies to
@ -58,16 +59,19 @@
stdenv.mkDerivation (finalAttrs: {
pname = "SDL2";
version = "2.30.4";
version = "2.30.5";
src = fetchFromGitHub {
owner = "libsdl-org";
repo = "SDL";
rev = "release-${finalAttrs.version}";
hash = "sha256-RhqbmS+mPVlXlo4/jrqPqtyGzvfaPTozlUEeAjHUBoA=";
hash = "sha256-ZonlvXAAWCTfDYf/w5RxP1Av67v89kex4H43xkbPYEA=";
};
dontDisableStatic = if withStatic then 1 else 0;
outputs = [ "out" "dev" ];
outputs = [
"out"
"dev"
];
outputBin = "dev"; # sdl-config
patches = [
@ -89,41 +93,74 @@ stdenv.mkDerivation (finalAttrs: {
depsBuildBuild = [ pkg-config ];
nativeBuildInputs = [ pkg-config ] ++ lib.optionals waylandSupport [ wayland wayland-scanner ];
nativeBuildInputs =
[ pkg-config ]
++ lib.optionals waylandSupport [
wayland
wayland-scanner
];
dlopenPropagatedBuildInputs = [ ]
dlopenPropagatedBuildInputs =
[ ]
# Propagated for #include <GLES/gl.h> in SDL_opengles.h.
++ lib.optional (openglSupport && !stdenv.isDarwin) libGL
# Propagated for #include <X11/Xlib.h> and <X11/Xatom.h> in SDL_syswm.h.
++ lib.optionals x11Support [ libX11 ];
propagatedBuildInputs = lib.optionals x11Support [ xorgproto ]
++ finalAttrs.dlopenPropagatedBuildInputs;
propagatedBuildInputs =
lib.optionals x11Support [ xorgproto ] ++ finalAttrs.dlopenPropagatedBuildInputs;
dlopenBuildInputs = lib.optionals alsaSupport [ alsa-lib audiofile ]
dlopenBuildInputs =
lib.optionals alsaSupport [
alsa-lib
audiofile
]
++ lib.optional dbusSupport dbus
++ lib.optional libdecorSupport libdecor
++ lib.optional pipewireSupport pipewire
++ lib.optional pulseaudioSupport libpulseaudio
++ lib.optional udevSupport udev
++ lib.optionals waylandSupport [ wayland libxkbcommon ]
++ lib.optionals x11Support [ libICE libXi libXScrnSaver libXcursor libXinerama libXext libXrandr libXxf86vm ]
++ lib.optionals drmSupport [ libdrm mesa ];
++ lib.optionals waylandSupport [
wayland
libxkbcommon
]
++ lib.optionals x11Support [
libICE
libXi
libXScrnSaver
libXcursor
libXinerama
libXext
libXrandr
libXxf86vm
]
++ lib.optionals drmSupport [
libdrm
mesa
];
buildInputs = [ libiconv ]
buildInputs =
[ libiconv ]
++ finalAttrs.dlopenBuildInputs
++ lib.optional ibusSupport ibus
++ lib.optionals waylandSupport [ wayland-protocols ]
++ lib.optionals stdenv.isDarwin [ AudioUnit Cocoa CoreAudio CoreServices ForceFeedback OpenGL ];
++ lib.optionals stdenv.isDarwin [
AudioUnit
Cocoa
CoreAudio
CoreServices
ForceFeedback
OpenGL
];
enableParallelBuilding = true;
configureFlags = [
"--disable-oss"
] ++ lib.optional (!x11Support) "--without-x"
++ lib.optional alsaSupport "--with-alsa-prefix=${alsa-lib.out}/lib"
++ lib.optional stdenv.hostPlatform.isWindows "--disable-video-opengles"
++ lib.optional stdenv.isDarwin "--disable-sdltest";
configureFlags =
[ "--disable-oss" ]
++ lib.optional (!x11Support) "--without-x"
++ lib.optional alsaSupport "--with-alsa-prefix=${alsa-lib.out}/lib"
++ lib.optional stdenv.hostPlatform.isWindows "--disable-video-opengles"
++ lib.optional stdenv.isDarwin "--disable-sdltest";
# We remove libtool .la files when static libs are requested,
# because they make the builds of downstream libs like `SDL_tff`
@ -158,7 +195,9 @@ stdenv.mkDerivation (finalAttrs: {
# list the symbols used in this way.
postFixup =
let
rpath = lib.makeLibraryPath (finalAttrs.dlopenPropagatedBuildInputs ++ finalAttrs.dlopenBuildInputs);
rpath = lib.makeLibraryPath (
finalAttrs.dlopenPropagatedBuildInputs ++ finalAttrs.dlopenBuildInputs
);
in
lib.optionalString (stdenv.hostPlatform.extensions.sharedLibrary == ".so") ''
for lib in $out/lib/*.so* ; do
@ -172,10 +211,13 @@ stdenv.mkDerivation (finalAttrs: {
passthru = {
inherit openglSupport;
updateScript = nix-update-script { extraArgs = [ "--version-regex" "release-(.*)" ]; };
tests.pkg-config = testers.hasPkgConfigModules {
package = finalAttrs.finalPackage;
updateScript = nix-update-script {
extraArgs = [
"--version-regex"
"release-(.*)"
];
};
tests.pkg-config = testers.hasPkgConfigModules { package = finalAttrs.finalPackage; };
};
meta = with lib; {

12
pkgs/development/libraries/abseil-cpp/202401.nix → pkgs/development/libraries/abseil-cpp/202407.nix
View File

@ -9,13 +9,13 @@
stdenv.mkDerivation (finalAttrs: {
pname = "abseil-cpp";
version = "20240116.2";
version = "20240722.0";
src = fetchFromGitHub {
owner = "abseil";
repo = "abseil-cpp";
rev = "refs/tags/${finalAttrs.version}";
hash = "sha256-eA2/dZpNOlex1O5PNa3XSZhpMB3AmaIoHzVDI9TD/cg=";
hash = "sha256-51jpDhdZ0n+KLmxh8KVaTz53pZAB0dHjmILFX+OLud4=";
};
cmakeFlags = [
@ -32,11 +32,11 @@ stdenv.mkDerivation (finalAttrs: {
buildInputs = [ gtest ];
meta = with lib; {
meta = {
description = "Open-source collection of C++ code designed to augment the C++ standard library";
homepage = "https://abseil.io/";
license = licenses.asl20;
platforms = platforms.all;
maintainers = [ maintainers.GaetanLepage ];
license = lib.licenses.asl20;
platforms = lib.platforms.all;
maintainers = [ lib.maintainers.GaetanLepage ];
};
})

4
pkgs/development/libraries/audio/libopenmpt/default.nix
View File

@ -16,13 +16,13 @@
stdenv.mkDerivation rec {
pname = "libopenmpt";
version = "0.7.8";
version = "0.7.9";
outputs = [ "out" "dev" "bin" ];
src = fetchurl {
url = "https://lib.openmpt.org/files/libopenmpt/src/libopenmpt-${version}+release.autotools.tar.gz";
hash = "sha256-h3eMgEaiJsbL+xFPTI4+J8Eht7PczOXLfeRYmSUCdMw=";
hash = "sha256-A4bpGNddeX551bFO3QhHFl2LNZ6YEe9XZSwKNWot/PQ=";
};
enableParallelBuilding = true;

4
pkgs/development/libraries/aws-c-auth/default.nix
View File

@ -14,13 +14,13 @@
stdenv.mkDerivation rec {
pname = "aws-c-auth";
version = "0.7.22";
version = "0.7.23";
src = fetchFromGitHub {
owner = "awslabs";
repo = "aws-c-auth";
rev = "v${version}";
hash = "sha256-8+SFag3hRQ+1aOK2vuHOV/gXE1qUIlAW5LNJDmUORLs=";
hash = "sha256-WQ5mJrPGsjsBGUHGott0wiDbgMbPMgOEt0TkHOvAR9w=";
};
nativeBuildInputs = [

26
pkgs/development/libraries/db/clang-4.8.patch
View File

@ -153,22 +153,42 @@ diff -ur a/dist/aclocal/clock.m4 b/dist/aclocal/clock.m4
diff -ur a/dist/aclocal/mutex.m4 b/dist/aclocal/mutex.m4
--- a/dist/aclocal/mutex.m4 1969-12-31 19:00:01.000000000 -0500
+++ b/dist/aclocal/mutex.m4 2023-06-05 19:14:47.214158196 -0400
@@ -4,6 +4,7 @@
@@ -3,7 +3,9 @@
# POSIX pthreads tests: inter-process safe and intra-process only.
AC_DEFUN(AM_PTHREADS_SHARED, [
AC_TRY_RUN([
+#include <stdlib.h>
#include <pthread.h>
+int
main() {
pthread_cond_t cond;
pthread_mutex_t mutex;
@@ -46,6 +47,7 @@
@@ -24,6 +26,7 @@ main() {
pthread_mutexattr_destroy(&mutexattr));
}], [db_cv_mutex="$1"],,
AC_TRY_LINK([
+#include <stdlib.h>
#include <pthread.h>],[
pthread_cond_t cond;
pthread_mutex_t mutex;
@@ -45,7 +48,9 @@ AC_TRY_LINK([
], [db_cv_mutex="$1"]))])
AC_DEFUN(AM_PTHREADS_PRIVATE, [
AC_TRY_RUN([
+#include <stdlib.h>
#include <pthread.h>
+int
main() {
pthread_cond_t cond;
pthread_mutex_t mutex;
@@ -64,6 +69,7 @@ main() {
pthread_mutexattr_destroy(&mutexattr));
}], [db_cv_mutex="$1"],,
AC_TRY_LINK([
+#include <stdlib.h>
#include <pthread.h>],[
pthread_cond_t cond;
pthread_mutex_t mutex;
diff -ur a/dist/aclocal/sequence.m4 b/dist/aclocal/sequence.m4
--- a/dist/aclocal/sequence.m4 1969-12-31 19:00:01.000000000 -0500
+++ b/dist/aclocal/sequence.m4 2023-06-05 19:14:02.007869956 -0400
@ -183,7 +203,7 @@ diff -ur a/dist/aclocal/sequence.m4 b/dist/aclocal/sequence.m4
$db_cv_seq_type l;
unsigned $db_cv_seq_type u;
@@ -59,7 +62,9 @@
return (1);
return (1);
return (0);
}],, [db_cv_build_sequence="no"],
- AC_TRY_LINK(,[

6
pkgs/development/libraries/db/db-4.8.nix
View File

@ -1,6 +1,6 @@
{ lib, stdenv, fetchurl, autoreconfHook, targetPlatform, ... } @ args:
{ lib, stdenv, fetchurl, autoreconfHook, ... } @ args:
import ./generic.nix (builtins.removeAttrs args ["targetPlatform"] // {
import ./generic.nix (args // {
version = "4.8.30";
sha256 = "0ampbl2f0hb1nix195kz1syrqqxpmvnvnfvphambj7xjrl3iljg0";
extraPatches = [
@ -9,8 +9,6 @@ import ./generic.nix (builtins.removeAttrs args ["targetPlatform"] // {
./darwin-mutexes-4.8.patch
];
drvArgs.configureFlags = lib.optional (targetPlatform.useLLVM or false) "--with-mutex=POSIX/pthreads";
drvArgs.hardeningDisable = [ "format" ];
drvArgs.doCheck = false;
})

5
pkgs/development/libraries/db/generic.nix
View File

@ -67,8 +67,7 @@ stdenv.mkDerivation (rec {
(if compat185 then "--enable-compat185" else "--disable-compat185")
]
++ lib.optional dbmSupport "--enable-dbm"
++ lib.optional stdenv.isFreeBSD "--with-pic"
++ (drvArgs.configureFlags or []);
++ lib.optional stdenv.isFreeBSD "--with-pic";
preConfigure = ''
cd build_unix
@ -93,4 +92,4 @@ stdenv.mkDerivation (rec {
license = license;
platforms = platforms.unix;
};
} // builtins.removeAttrs drvArgs [ "configureFlags" ])
} // drvArgs)

4
pkgs/development/libraries/ffmpeg/default.nix
View File

@ -18,8 +18,8 @@ let
);
v4 = {
version = "4.4.4";
hash = "sha256-Q8bkuF/1uJfqttJJoObnnLX3BEduv+qxsvOrVhMvRjA=";
version = "4.4.5";
hash = "sha256-GrKNGYI8kO47Yoi82dMV30ymuXSjxo4gH+yB8jIUa2A=";
};
v6 = {

38
pkgs/development/libraries/ffmpeg/generic.nix
View File

@ -34,7 +34,7 @@
# Feature flags
, withAlsa ? withHeadlessDeps && stdenv.isLinux # Alsa in/output supporT
, withAom ? withFullDeps # AV1 reference encoder
, withAom ? withHeadlessDeps # AV1 reference encoder
, withAppKit ? withHeadlessDeps && stdenv.isDarwin # Apple AppKit framework
, withAribcaption ? withFullDeps && lib.versionAtLeast version "6.1" # ARIB STD-B24 Caption Decoder/Renderer
, withAss ? withHeadlessDeps && stdenv.hostPlatform == stdenv.buildPlatform # (Advanced) SubStation Alpha subtitle rendering
@ -45,7 +45,7 @@
, withBs2b ? withFullDeps # bs2b DSP library
, withBzlib ? withHeadlessDeps
, withCaca ? withFullDeps # Textual display (ASCII art)
, withCelt ? withFullDeps # CELT decoder
, withCelt ? withHeadlessDeps # CELT decoder
, withChromaprint ? withFullDeps # Audio fingerprinting
, withCodec2 ? withFullDeps # codec2 en/decoding
, withCoreImage ? withHeadlessDeps && stdenv.isDarwin # Apple CoreImage framework
@ -88,7 +88,7 @@
, withOpencoreAmrwb ? withFullDeps && withVersion3 # AMR-WB decoder
, withOpengl ? withFullDeps && !stdenv.isDarwin # OpenGL rendering
, withOpenh264 ? withFullDeps # H.264/AVC encoder
, withOpenjpeg ? withFullDeps # JPEG 2000 de/encoder
, withOpenjpeg ? withHeadlessDeps # JPEG 2000 de/encoder
, withOpenmpt ? withFullDeps # Tracked music files decoder
, withOpus ? withHeadlessDeps # Opus de/encoder
, withPlacebo ? withFullDeps && !stdenv.isDarwin # libplacebo video processing library
@ -121,7 +121,7 @@
, withVpl ? false # Hardware acceleration via intel libvpl
, withVpx ? withHeadlessDeps && stdenv.buildPlatform == stdenv.hostPlatform # VP8 & VP9 de/encoding
, withVulkan ? withSmallDeps && !stdenv.isDarwin
, withWebp ? withFullDeps # WebP encoder
, withWebp ? withHeadlessDeps # WebP encoder
, withX264 ? withHeadlessDeps && withGPL # H.264/AVC encoder
, withX265 ? withHeadlessDeps && withGPL # H.265/HEVC encoder
, withXavs ? withFullDeps && withGPL # AVS encoder
@ -402,36 +402,6 @@ stdenv.mkDerivation (finalAttrs: {
'';
patches = []
++ optionals (versionOlder version "5") [
(fetchpatch2 {
name = "libsvtav1-1.5.0-compat-compressed_ten_bit_format.patch";
url = "https://git.ffmpeg.org/gitweb/ffmpeg.git/patch/031f1561cd286596cdb374da32f8aa816ce3b135";
hash = "sha256-agJgzIzrBTQBAypuCmGXXFo7vw6Iodw5Ny5O5QCKCn8=";
})
(fetchpatch2 {
# Backport fix for binutils-2.41.
name = "binutils-2.41.patch";
url = "https://git.ffmpeg.org/gitweb/ffmpeg.git/patch/effadce6c756247ea8bae32dc13bb3e6f464f0eb";
hash = "sha256-vLSltvZVMcQ0CnkU0A29x6fJSywE8/aU+Mp9os8DZYY=";
})
# The upstream patch isnt for ffmpeg 4, but it will apply with a few tweaks.
# Fixes a crash when built with clang 16 due to UB in ff_seek_frame_binary.
(fetchpatch2 {
name = "utils-fix_crash_in_ff_seek_frame_binary.patch";
url = "https://git.ffmpeg.org/gitweb/ffmpeg.git/patch/ab792634197e364ca1bb194f9abe36836e42f12d";
hash = "sha256-vqqVACjbCcGL9Qvmg1QArSKqVmOqr8BEr+OxTBDt6mA=";
postFetch = ''
substituteInPlace "$out" \
--replace libavformat/seek.c libavformat/utils.c \
--replace 'const AVInputFormat *const ' 'const AVInputFormat *'
'';
})
(fetchpatch2 {
name = "CVE-2023-51794.patch";
url = "https://git.ffmpeg.org/gitweb/ffmpeg.git/patch/50f0f8c53c818f73fe2d752708e2fa9d2a2d8a07";
hash = "sha256-5G9lmKjMEa0+vqbA8EEiNIr6QG+PeEoIL+uZP4Hlo28=";
})
]
++ optionals (lib.versionAtLeast version "6.1" && lib.versionOlder version "6.2") [
(fetchpatch2 { # this can be removed post 6.1
name = "fix_build_failure_due_to_PropertyKey_EncoderID";

4
pkgs/development/libraries/fribidi/default.nix
View File

@ -11,14 +11,14 @@
stdenv.mkDerivation (finalAttrs: {
pname = "fribidi";
version = "1.0.14";
version = "1.0.15";
outputs = [ "out" "dev" "devdoc" ];
# NOTE: Only URL tarball has "Have pre-generated man pages: true", which works-around upstream usage of some rare ancient `c2man` fossil application.
src = fetchurl {
url = with finalAttrs; "https://github.com/fribidi/fribidi/releases/download/v${version}/${pname}-${version}.tar.xz";
sha256 = "sha256-dq4gSnAnZSrDmBufpYF8CDuiMRQ0AoTFjnVrJZzSJZo=";
sha256 = "sha256-C7x/9jO/ogiuMtfjac9afSDV0lV6CwZ8mqmLy/mWdYc=";
};
postPatch = ''

69
pkgs/development/libraries/gdbm/default.nix
View File

@ -1,69 +0,0 @@
{ stdenv, lib, fetchurl, updateAutotoolsGnuConfigScriptsHook }:
stdenv.mkDerivation rec {
pname = "gdbm";
version = "1.23";
src = fetchurl {
url = "mirror://gnu/gdbm/${pname}-${version}.tar.gz";
sha256 = "sha256-dLEIHSH/8TrkvXwW5dblBKTCb3zeHcoNljpIQXS7ys0=";
};
nativeBuildInputs = [ updateAutotoolsGnuConfigScriptsHook ];
doCheck = true; # not cross;
# Linking static stubs on cygwin requires correct ordering.
# Consider upstreaming this.
# Disable dbmfetch03.at test because it depends on unlink()
# failing on a link in a chmod -w directory, which cygwin
# apparently allows.
postPatch = lib.optionalString stdenv.buildPlatform.isCygwin ''
substituteInPlace tests/Makefile.in --replace \
'_LDADD = ../src/libgdbm.la ../compat/libgdbm_compat.la' \
'_LDADD = ../compat/libgdbm_compat.la ../src/libgdbm.la'
substituteInPlace tests/testsuite.at --replace \
'm4_include([dbmfetch03.at])' ""
'';
enableParallelBuilding = true;
configureFlags = [ "--enable-libgdbm-compat" ];
# create symlinks for compatibility
postInstall = ''
install -dm755 $out/include/gdbm
(
cd $out/include/gdbm
ln -s ../gdbm.h gdbm.h
ln -s ../ndbm.h ndbm.h
ln -s ../dbm.h dbm.h
)
'';
meta = with lib; {
description = "GNU dbm key/value database library";
longDescription = ''
GNU dbm (or GDBM, for short) is a library of database functions that
use extensible hashing and work similar to the standard UNIX dbm.
These routines are provided to a programmer needing to create and
manipulate a hashed database.
The basic use of GDBM is to store key/data pairs in a data file.
Each key must be unique and each key is paired with only one data
item.
The library provides primitives for storing key/data pairs,
searching and retrieving the data by its key and deleting a key
along with its data. It also support sequential iteration over all
key/data pairs in a database.
For compatibility with programs using old UNIX dbm function, the
package also provides traditional dbm and ndbm interfaces.
'';
homepage = "https://www.gnu.org/software/gdbm/";
license = licenses.gpl3Plus;
platforms = platforms.all;
maintainers = [ maintainers.vrthra ];
};
}

49
pkgs/development/libraries/glibc/2.39-revert-cet-default-disable.patch Normal file
View File

@ -0,0 +1,49 @@
Revert 55d63e731253de82e96ed4ddca2e294076cd0bc5
--- b/sysdeps/x86/cpu-features.c
+++ a/sysdeps/x86/cpu-features.c
@@ -110,7 +110,7 @@
if (!CPU_FEATURES_CPU_P (cpu_features, RTM_ALWAYS_ABORT))
CPU_FEATURE_SET_ACTIVE (cpu_features, RTM);
+#if CET_ENABLED
-#if CET_ENABLED && 0
CPU_FEATURE_SET_ACTIVE (cpu_features, IBT);
CPU_FEATURE_SET_ACTIVE (cpu_features, SHSTK);
#endif
reverted:
--- b/sysdeps/x86/cpu-tunables.c
+++ a/sysdeps/x86/cpu-tunables.c
@@ -35,17 +35,6 @@
break; \
}
-#define CHECK_GLIBC_IFUNC_CPU_BOTH(f, cpu_features, name, len) \
- _Static_assert (sizeof (#name) - 1 == len, #name " != " #len); \
- if (tunable_str_comma_strcmp_cte (&f, #name)) \
- { \
- if (f.disable) \
- CPU_FEATURE_UNSET (cpu_features, name) \
- else \
- CPU_FEATURE_SET_ACTIVE (cpu_features, name) \
- break; \
- }
-
/* Disable a preferred feature NAME. We don't enable a preferred feature
which isn't available. */
#define CHECK_GLIBC_IFUNC_PREFERRED_OFF(f, cpu_features, name, len) \
@@ -142,13 +131,11 @@
}
break;
case 5:
- {
- CHECK_GLIBC_IFUNC_CPU_BOTH (n, cpu_features, SHSTK, 5);
- }
if (n.disable)
{
CHECK_GLIBC_IFUNC_CPU_OFF (n, cpu_features, LZCNT, 5);
CHECK_GLIBC_IFUNC_CPU_OFF (n, cpu_features, MOVBE, 5);
+ CHECK_GLIBC_IFUNC_CPU_OFF (n, cpu_features, SHSTK, 5);
CHECK_GLIBC_IFUNC_CPU_OFF (n, cpu_features, SSSE3, 5);
CHECK_GLIBC_IFUNC_CPU_OFF (n, cpu_features, XSAVE, 5);
}

5
pkgs/development/libraries/glibc/common.nix
View File

@ -37,6 +37,7 @@
, profilingLibraries ? false
, withGd ? false
, enableCET ? false
, enableCETRuntimeDefault ? false
, extraBuildInputs ? []
, extraNativeBuildInputs ? []
, ...
@ -50,6 +51,7 @@ in
assert withLinuxHeaders -> linuxHeaders != null;
assert withGd -> gd != null && libpng != null;
assert enableCET == false -> !enableCETRuntimeDefault;
stdenv.mkDerivation ({
version = version + patchSuffix;
@ -114,7 +116,8 @@ stdenv.mkDerivation ({
lib.optional (isAarch64 && isLinux) ./0001-aarch64-math-vector.h-add-NVCC-include-guard.patch
)
++ lib.optional stdenv.hostPlatform.isMusl ./fix-rpc-types-musl-conflicts.patch
++ lib.optional stdenv.buildPlatform.isDarwin ./darwin-cross-build.patch;
++ lib.optional stdenv.buildPlatform.isDarwin ./darwin-cross-build.patch
++ lib.optional enableCETRuntimeDefault ./2.39-revert-cet-default-disable.patch;
postPatch =
''

6
pkgs/development/libraries/glibc/default.nix
View File

@ -3,6 +3,7 @@
, profilingLibraries ? false
, withGd ? false
, enableCET ? if stdenv.hostPlatform.isx86_64 then "permissive" else false
, enableCETRuntimeDefault ? false
, pkgsBuildBuild
, libgcc
}:
@ -16,7 +17,7 @@ let
in
(callPackage ./common.nix { inherit stdenv; } {
inherit withLinuxHeaders withGd profilingLibraries enableCET;
inherit withLinuxHeaders withGd profilingLibraries enableCET enableCETRuntimeDefault;
pname = "glibc" + lib.optionalString withGd "-gd" + lib.optionalString (stdenv.cc.isGNU && libgcc==null) "-nolibgcc";
}).overrideAttrs(previousAttrs: {
@ -41,9 +42,6 @@ in
# Apparently --bindir is not respected.
makeFlagsArray+=("bindir=$bin/bin" "sbindir=$bin/sbin" "rootsbindir=$bin/sbin")
'' + lib.optionalString stdenv.buildPlatform.isDarwin ''
# ld-wrapper will otherwise attempt to inject CoreFoundation into ld-linux's RUNPATH
export NIX_COREFOUNDATION_RPATH=
'';
# The pie, stackprotector and fortify hardening flags are autodetected by

1257
pkgs/development/libraries/gstreamer/rs/Cargo.lock generated
View File

File diff suppressed because it is too large Load Diff

10
pkgs/development/libraries/gstreamer/rs/default.nix
View File

@ -144,7 +144,7 @@ in
stdenv.mkDerivation (finalAttrs: {
pname = "gst-plugins-rs";
version = "0.12.4";
version = "0.12.8";
outputs = [ "out" "dev" ];
@ -153,7 +153,7 @@ stdenv.mkDerivation (finalAttrs: {
owner = "gstreamer";
repo = "gst-plugins-rs";
rev = finalAttrs.version;
hash = "sha256-Qnp+e1Vww2kWjDG0x2tcigwDdG67I4xnm8+QrBI+o08=";
hash = "sha256-AGXKI/0Y2BdaSnpQAt3T/rkYlM8UpQpKm4kMAGd6Dyk=";
# TODO: temporary workaround for case-insensitivity problems with color-name crate - https://github.com/annymosse/color-name/pull/2
postFetch = ''
sedSearch="$(cat <<\EOF | sed -ze 's/\n/\\n/g'
@ -178,12 +178,12 @@ stdenv.mkDerivation (finalAttrs: {
cargoDeps = rustPlatform.importCargoLock {
lockFile = ./Cargo.lock;
outputHashes = {
"cairo-rs-0.19.3" = "sha256-TjVXdnlYEfPLbUx1pC84rCC2MlNecECMK2Yo9XKwz9M=";
"cairo-rs-0.19.8" = "sha256-AdIUcxxuZVAWQ+KOBTrtsvTu4KtFiXkQPYWT9Avt7Z0=";
"color-name-1.1.0" = "sha256-RfMStbe2wX5qjPARHIFHlSDKjzx8DwJ+RjzyltM5K7A=";
"ffv1-0.0.0" = "sha256-af2VD00tMf/hkfvrtGrHTjVJqbl+VVpLaR0Ry+2niJE=";
"flavors-0.2.0" = "sha256-zBa0X75lXnASDBam9Kk6w7K7xuH9fP6rmjWZBUB5hxk=";
"gdk4-0.8.1" = "sha256-VPmegFZ/bC8x1vkl3YU208jQ8FCEKLwe6ZDatz4mIvM=";
"gstreamer-0.22.4" = "sha256-r5+wOEhTVztDMEu6t47yJ9HIlbXyjdvswUND4l7kPl8=";
"gdk4-0.8.2" = "sha256-DZjHlhzrELZ8M5YUM5kSeOphjF7863DmywFgGbZL4Jo=";
"gstreamer-0.22.7" = "sha256-vTEDqmyqhj9e7r7N0QfG4uTNBizrU0gTUfLOJ8kU1JE=";
};
};

4
pkgs/development/libraries/kde-frameworks/kimageformats.nix
View File

@ -1,7 +1,7 @@
{
mkDerivation, lib,
extra-cmake-modules,
ilmbase, karchive, openexr, dav1d, libaom, libavif, libheif, libjxl, libraw, libyuv, qtbase
ilmbase, karchive, openexr, libavif, libheif, libjxl, libraw, qtbase
}:
let inherit (lib) getDev; in
@ -10,7 +10,7 @@ mkDerivation {
pname = "kimageformats";
nativeBuildInputs = [ extra-cmake-modules ];
buildInputs = [ karchive openexr libaom libavif dav1d libheif libjxl libraw libyuv qtbase ];
buildInputs = [ karchive openexr libavif libheif libjxl libraw qtbase ];
outputs = [ "out" ]; # plugins only
CXXFLAGS = "-I${getDev ilmbase}/include/OpenEXR";
cmakeFlags = [

5
pkgs/development/libraries/libavif/default.nix
View File

@ -48,11 +48,14 @@ stdenv.mkDerivation rec {
buildInputs = [
gdk-pixbuf
libaom
zlib
libpng
libjpeg
];
propagatedBuildInputs = [
dav1d
libaom
libyuv
];

10
pkgs/development/libraries/libgit2-glib/default.nix
View File

@ -13,6 +13,7 @@
, libgit2
, glib
, python3
, fetchpatch
}:
stdenv.mkDerivation rec {
@ -26,6 +27,15 @@ stdenv.mkDerivation rec {
sha256 = "EzHa2oOPTh9ZGyZFnUQSajJd52LcPNJhU6Ma+9/hgZA=";
};
patches = [
(fetchpatch {
name = "support-libgit2-1.8.patch";
# https://gitlab.gnome.org/GNOME/libgit2-glib/-/merge_requests/40
url = "https://gitlab.gnome.org/GNOME/libgit2-glib/-/commit/a76fdf96c3af9ce9d21a3985c4be8a1aa6eea661.patch";
hash = "sha256-ysU8pAixyftensfEC9bE0RUFMPMei0jYT26WKN5uOFE=";
})
];
nativeBuildInputs = [
meson
ninja

20
pkgs/development/libraries/libgit2/default.nix
View File

@ -8,7 +8,6 @@
, libssh2
, openssl
, pcre
, http-parser
, libiconv
, Security
, staticBuild ? stdenv.hostPlatform.isStatic
@ -16,11 +15,14 @@
, libgit2-glib
, python3Packages
, gitstatus
, llhttp
, withGssapi ? false
, krb5
}:
stdenv.mkDerivation rec {
stdenv.mkDerivation (finalAttrs: {
pname = "libgit2";
version = "1.7.2";
version = "1.8.1";
# also check the following packages for updates: python3Packages.pygit2 and libgit2-glib
outputs = ["lib" "dev" "out"];
@ -28,13 +30,14 @@ stdenv.mkDerivation rec {
src = fetchFromGitHub {
owner = "libgit2";
repo = "libgit2";
rev = "v${version}";
hash = "sha256-fVPY/byE2/rxmv/bUykcAbmUFMlF3UZogVuTzjOXJUU=";
rev = "v${finalAttrs.version}";
hash = "sha256-J2rCxTecyLbbDdsyBWn9w7r3pbKRMkI9E7RvRgAqBdY=";
};
cmakeFlags = [
"-DUSE_HTTP_PARSER=system"
"-DUSE_SSH=ON"
(lib.cmakeBool "USE_GSSAPI" withGssapi)
"-DBUILD_SHARED_LIBS=${if staticBuild then "OFF" else "ON"}"
] ++ lib.optionals stdenv.hostPlatform.isWindows [
"-DDLLTOOL=${stdenv.cc.bintools.targetPrefix}dlltool"
@ -44,7 +47,8 @@ stdenv.mkDerivation rec {
nativeBuildInputs = [ cmake python3 pkg-config ];
buildInputs = [ zlib libssh2 openssl pcre http-parser ]
buildInputs = [ zlib libssh2 openssl pcre llhttp ]
++ lib.optional withGssapi krb5
++ lib.optional stdenv.isDarwin Security;
propagatedBuildInputs = lib.optional (!stdenv.isLinux) libiconv;
@ -66,7 +70,7 @@ stdenv.mkDerivation rec {
)
'';
passthru.tests = {
passthru.tests = lib.mapAttrs (_: v: v.override { libgit2 = finalAttrs.finalPackage; }) {
inherit libgit2-glib;
inherit (python3Packages) pygit2;
inherit gitstatus;
@ -80,4 +84,4 @@ stdenv.mkDerivation rec {
platforms = platforms.all;
maintainers = with maintainers; [ SuperSandro2000 ];
};
}
})

1
pkgs/development/libraries/libical/default.nix
View File

@ -41,6 +41,7 @@ stdenv.mkDerivation rec {
nativeBuildInputs = [
cmake
icu
ninja
perl
pkg-config

3
pkgs/development/libraries/libipt/default.nix
View File

@ -1,4 +1,4 @@
{ lib, stdenv, fetchFromGitHub, cmake }:
{ lib, stdenv, fetchFromGitHub, cmake, freebsd }:
stdenv.mkDerivation rec {
pname = "libipt";
@ -12,6 +12,7 @@ stdenv.mkDerivation rec {
};
nativeBuildInputs = [ cmake ];
buildInputs = lib.optional stdenv.isFreeBSD freebsd.libstdthreads;
meta = with lib; {
description = "Intel Processor Trace decoder library";

22
pkgs/development/libraries/libjodycode/default.nix
View File

@ -1,24 +1,34 @@
{ lib
, stdenv
, fetchFromGitea
{
lib,
stdenv,
fetchFromGitea,
jdupes,
}:
stdenv.mkDerivation rec {
pname = "libjodycode";
version = "3.1";
version = "3.1.1";
outputs = [ "out" "man" "dev" ];
outputs = [
"out"
"man"
"dev"
];
src = fetchFromGitea {
domain = "codeberg.org";
owner = "jbruchon";
repo = "libjodycode";
rev = "v${version}";
hash = "sha256-uhWQh5YwLwYRm34nY5HvcEepqlTSDt9s3PSoD403kQM=";
hash = "sha256-sVEa2gNvgRJK1Ycmv4inbViTBPQFjzcZ8XHlAdsNzOk=";
};
env.PREFIX = placeholder "out";
passthru.tests = {
inherit jdupes;
};
meta = with lib; {
description = "Shared code used by several utilities written by Jody Bruchon";
homepage = "https://github.com/jbruchon/libjodycode";

4
pkgs/development/libraries/libksba/default.nix
View File

@ -2,11 +2,11 @@
stdenv.mkDerivation rec {
pname = "libksba";
version = "1.6.6";
version = "1.6.7";
src = fetchurl {
url = "mirror://gnupg/libksba/libksba-${version}.tar.bz2";
hash = "sha256-XewDPSEVWTOIOMDElXxz39w+6G9zl31ieWQMnNCM5qQ=";
hash = "sha256-z3JRC467TrZpPu92V0nYNnegPHkpGjEQQKW/15uqt2M=";
};
outputs = [ "out" "dev" "info" ];

6
pkgs/development/libraries/libpipeline/default.nix
View File

@ -1,4 +1,4 @@
{ lib, stdenv, fetchurl }:
{ lib, stdenv, fetchurl, updateAutotoolsGnuConfigScriptsHook }:
stdenv.mkDerivation rec {
pname = "libpipeline";
@ -11,6 +11,10 @@ stdenv.mkDerivation rec {
patches = lib.optionals stdenv.isDarwin [ ./fix-on-osx.patch ];
# necessary to build on FreeBSD native pending inclusion of
# https://git.savannah.gnu.org/cgit/config.git/commit/?id=e4786449e1c26716e3f9ea182caf472e4dbc96e0
nativeBuildInputs = [ updateAutotoolsGnuConfigScriptsHook ];
meta = with lib; {
homepage = "http://libpipeline.nongnu.org";
description = "C library for manipulating pipelines of subprocesses in a flexible and convenient way";

4
pkgs/development/libraries/libproxy/default.nix
View File

@ -20,7 +20,7 @@
stdenv.mkDerivation (finalAttrs: {
pname = "libproxy";
version = "0.5.6";
version = "0.5.7";
outputs = [ "out" "dev" "devdoc" ];
@ -28,7 +28,7 @@ stdenv.mkDerivation (finalAttrs: {
owner = "libproxy";
repo = "libproxy";
rev = finalAttrs.version;
hash = "sha256-2uDlKjxzrKlyZKV0BSUDzmLSo2voJKDerbZZkamgNYk=";
hash = "sha256-VKVazLkmm1BZeGxrQmkpHors27bki0l8US3ZGI6OR0w=";
};
patches = [

6
pkgs/development/libraries/libproxy/hardcode-gsettings.patch
View File

@ -1,8 +1,8 @@
diff --git a/src/backend/plugins/config-gnome/config-gnome.c b/src/backend/plugins/config-gnome/config-gnome.c
index 820827b..338e269 100644
index 52e812e..a1141c5 100644
--- a/src/backend/plugins/config-gnome/config-gnome.c
+++ b/src/backend/plugins/config-gnome/config-gnome.c
@@ -85,11 +85,60 @@ px_config_gnome_init (PxConfigGnome *self)
@@ -83,11 +83,60 @@ px_config_gnome_init (PxConfigGnome *self)
if (!self->available)
return;
@ -69,7 +69,7 @@ index 820827b..338e269 100644
static void
diff --git a/tests/config-gnome-test.c b/tests/config-gnome-test.c
index f80914a..118d429 100644
index 677a3e9..a28d277 100644
--- a/tests/config-gnome-test.c
+++ b/tests/config-gnome-test.c
@@ -60,11 +60,60 @@ static void

4
pkgs/development/libraries/libpsl/default.nix
View File

@ -10,6 +10,7 @@
, libxslt
, pkg-config
, python3
, buildPackages
, publicsuffix-list
}:
@ -32,7 +33,6 @@ stdenv.mkDerivation rec {
gtk-doc
lzip
pkg-config
python3
libxslt
];
@ -40,6 +40,7 @@ stdenv.mkDerivation rec {
libidn2
libunistring
libxslt
python3
];
propagatedBuildInputs = [
@ -60,6 +61,7 @@ stdenv.mkDerivation rec {
"--with-psl-distfile=${publicsuffix-list}/share/publicsuffix/public_suffix_list.dat"
"--with-psl-file=${publicsuffix-list}/share/publicsuffix/public_suffix_list.dat"
"--with-psl-testfile=${publicsuffix-list}/share/publicsuffix/test_psl.txt"
"PYTHON=${lib.getExe buildPackages.python3}"
];
enableParallelBuilding = true;

37
pkgs/development/libraries/libtheora/default.nix
View File

@ -1,37 +0,0 @@
{ lib, stdenv, fetchurl, libogg, libvorbis, pkg-config, autoreconfHook, fetchpatch }:
stdenv.mkDerivation rec {
pname = "libtheora";
version = "1.1.1";
src = fetchurl {
url = "https://downloads.xiph.org/releases/theora/${pname}-${version}.tar.gz";
sha256 = "0swiaj8987n995rc7hw0asvpwhhzpjiws8kr3s6r44bqqib2k5a0";
};
patches = [
# fix error in autoconf scripts
(fetchpatch {
url = "https://github.com/xiph/theora/commit/28cc6dbd9b2a141df94f60993256a5fca368fa54.diff";
sha256 = "16jqrq4h1b3krj609vbpzd5845cvkbh3mwmjrcdg35m490p19x9k";
})
] ++ lib.optionals stdenv.hostPlatform.isMinGW [
./mingw-remove-export.patch
];
configureFlags = [ "--disable-examples" ];
outputs = [ "out" "dev" "devdoc" ];
outputDoc = "devdoc";
nativeBuildInputs = [ pkg-config autoreconfHook ];
propagatedBuildInputs = [ libogg libvorbis ];
meta = with lib; {
homepage = "https://www.theora.org/";
description = "Library for Theora, a free and open video compression format";
license = licenses.bsd3;
maintainers = [ ];
platforms = platforms.unix ++ platforms.windows;
};
}

1
pkgs/development/libraries/libwacom/default.nix
View File

@ -50,6 +50,7 @@ stdenv.mkDerivation rec {
mesonFlags = [
"-Dtests=${if doCheck then "enabled" else "disabled"}"
"--sysconfdir=/etc"
];
nativeCheckInputs = [

24
pkgs/development/libraries/libxml2/default.nix
View File

@ -1,7 +1,6 @@
{ stdenv
, lib
, fetchurl
, fetchpatch
, pkg-config
, autoreconfHook
, libintl
@ -25,7 +24,7 @@
stdenv.mkDerivation (finalAttrs: {
pname = "libxml2";
version = "2.13.2";
version = "2.13.3";
outputs = [ "bin" "dev" "out" "devdoc" ]
++ lib.optional pythonSupport "py"
@ -34,28 +33,9 @@ stdenv.mkDerivation (finalAttrs: {
src = fetchurl {
url = "mirror://gnome/sources/libxml2/${lib.versions.majorMinor finalAttrs.version}/libxml2-${finalAttrs.version}.tar.xz";
hash = "sha256-58j14LVUIVng3cQJwiyRZDBLWB6qmTBlOnb7hFsWkmM=";
hash = "sha256-CAXXwYDPCcqtcWZsekWKdPBBVhpTKQJFTaUEfYOUgTg=";
};
patches = [
# Fix XInclude failing too aggresively.
# https://gitlab.gnome.org/GNOME/libxml2/-/issues/772
(fetchpatch {
url = "https://gitlab.gnome.org/GNOME/libxml2/-/commit/a0330b53c8034bb79220e403e8d4ad8c23ef088f.patch";
hash = "sha256-iVAgX8qNF0fw8GYUKsWduudjEuRMEOTAENAIFTjyRjU=";
})
# Fix error handling
(fetchpatch {
url = "https://gitlab.gnome.org/GNOME/libxml2/-/commit/ed8b4264f65b1ced1e3b13967dd1cf90102cfa40.patch";
hash = "sha256-EvxoUcr+VXBbYvK1PBV+KWcWTDk9rMWf+GXCYvXWDMI=";
})
# Fix more error handling
(fetchpatch {
url = "https://gitlab.gnome.org/GNOME/libxml2/-/commit/e30cb632e734394ddbd7bd62b57cee3586424352.patch";
hash = "sha256-C0ef17wTRC9rH0dKua/LJwwqTRI5W8sKWmvL7JxzT4o=";
})
];
strictDeps = true;
nativeBuildInputs = [

4
pkgs/development/libraries/mesa/common.nix
View File

@ -5,14 +5,14 @@
# nix build .#legacyPackages.x86_64-darwin.mesa .#legacyPackages.aarch64-darwin.mesa
rec {
pname = "mesa";
version = "24.1.4";
version = "24.1.5";
src = fetchurl {
urls = [
"https://archive.mesa3d.org/mesa-${version}.tar.xz"
"https://mesa.freedesktop.org/archive/mesa-${version}.tar.xz"
];
hash = "sha256-fPfG9mUmOtASKInB1LB2ZUwe7ep6LzjGnIxRV5k3reE=";
hash = "sha256-AnYf/ZZd1kuVQh6/yhGR1zckq6APMANACSN1ZPNM+XY=";
};
meta = {

10
pkgs/development/libraries/mesa/default.nix
View File

@ -139,12 +139,10 @@ in stdenv.mkDerivation {
patches = [
./opencl.patch
# https://gitlab.freedesktop.org/mesa/mesa/-/issues/11533
(fetchpatch {
name = "ffmpeg.patch";
url = "https://gitlab.freedesktop.org/mesa/mesa/-/commit/241f70e5a13bb9c13a168282446ad074e16c3d74.patch";
hash = "sha256-Cx7OL8iXGAOuDbCQReCCxSrWYvfZVrGoP0txIKSLTvs=";
})
# Manual backport of https://gitlab.freedesktop.org/mesa/mesa/-/merge_requests/30510
# Fixes video corruption / crashes when decoding video on AMD iGPUs
# FIXME: remove when merged
./vcn-pagefault.patch
];
postPatch = ''

10
pkgs/development/libraries/mesa/vcn-pagefault.patch Normal file
View File

@ -0,0 +1,10 @@
--- a/src/gallium/drivers/radeonsi/radeon_vcn_dec.c
+++ b/src/gallium/drivers/radeonsi/radeon_vcn_dec.c
@@ -1390,6 +1390,7 @@ static unsigned rvcn_dec_dynamic_dpb_t2_message(struct radeon_decoder *dec, rvcn
dummy->dpb.res;
addr = dec->ws->buffer_get_virtual_address(dummy_res->buf);
}
+ dec->ws->cs_add_buffer(&dec->cs, d->dpb.res->buf, RADEON_USAGE_READWRITE | RADEON_USAGE_SYNCHRONIZED, RADEON_DOMAIN_VRAM);
dynamic_dpb_t2->dpbAddrLo[i] = addr;
dynamic_dpb_t2->dpbAddrHi[i] = addr >> 32;
++dynamic_dpb_t2->dpbArraySize;

4
pkgs/development/libraries/mpfr/default.nix
View File

@ -3,6 +3,7 @@
, fetchurl
, gmp
, writeScript
, updateAutotoolsGnuConfigScriptsHook
}:
# Note: this package is used for bootstrapping fetchurl, and thus
@ -25,6 +26,9 @@ stdenv.mkDerivation rec {
outputs = [ "out" "dev" "doc" "info" ];
strictDeps = true;
# necessary to build on FreeBSD native pending inclusion of
# https://git.savannah.gnu.org/cgit/config.git/commit/?id=e4786449e1c26716e3f9ea182caf472e4dbc96e0
nativeBuildInputs = [ updateAutotoolsGnuConfigScriptsHook ];
# mpfr.h requires gmp.h
propagatedBuildInputs = [ gmp ];

4
pkgs/development/libraries/nss/esr.nix
View File

@ -1,4 +1,4 @@
import ./generic.nix {
version = "3.101.1";
hash = "sha256-KcRiOUbdFnH618MFM6uxmRn+/Jn4QMHtv1BELXrCAX4=";
version = "3.101.2";
hash = "sha256-i5K47pzQYOiD4vFHBN6VeqXEdPBOM7U1oSK0qSi2M2Y=";
}

15
pkgs/development/libraries/pcre/default.nix
View File

@ -1,5 +1,7 @@
{ lib, stdenv, fetchurl, fetchpatch
{ lib, stdenv, fetchurl, fetchpatch, updateAutotoolsGnuConfigScriptsHook
, pcre, windows ? null
# Disable jit on Apple Silicon, https://github.com/zherczeg/sljit/issues/51
, enableJit ? !(stdenv.hostPlatform.isDarwin && stdenv.hostPlatform.isAarch64)
, variant ? null
}:
@ -18,11 +20,12 @@ stdenv.mkDerivation rec {
outputs = [ "bin" "dev" "out" "doc" "man" ];
# Disable jit on Apple Silicon, https://github.com/zherczeg/sljit/issues/51
configureFlags = lib.optional (!(stdenv.hostPlatform.isDarwin && stdenv.hostPlatform.isAarch64)) "--enable-jit=auto" ++ [
hardeningDisable = lib.optional enableJit "shadowstack";
configureFlags = [
"--enable-unicode-properties"
"--disable-cpp"
]
] ++ lib.optional enableJit "--enable-jit=auto"
++ lib.optional (variant != null) "--enable-${variant}";
patches = [
@ -37,6 +40,10 @@ stdenv.mkDerivation rec {
})
];
# necessary to build on FreeBSD native pending inclusion of
# https://git.savannah.gnu.org/cgit/config.git/commit/?id=e4786449e1c26716e3f9ea182caf472e4dbc96e0
nativeBuildInputs = [ updateAutotoolsGnuConfigScriptsHook ];
preCheck = ''
patchShebangs RunGrepTest
'';

79
pkgs/development/libraries/pipewire/default.nix
View File

@ -5,7 +5,7 @@
, meson
, ninja
, systemd
, enableSystemd ? true
, enableSystemd ? true # enableSystemd=false maintained by maintainers.qyliss.
, pkg-config
, docutils
, doxygen
@ -27,55 +27,38 @@
, lilv
, makeFontsConf
, nixosTests
, withValgrind ? lib.meta.availableOn stdenv.hostPlatform valgrind
, valgrind
, libcameraSupport ? true
, libcamera
, libdrm
, gstreamerSupport ? true
, gst_all_1
, ffmpegSupport ? true
, ffmpeg
, bluezSupport ? true
, bluez
, sbc
, libfreeaptx
, liblc3
, fdk_aac
, libopus
, ldacbtSupport ? bluezSupport && lib.meta.availableOn stdenv.hostPlatform ldacbt
, ldacbt
, nativeHspSupport ? true
, nativeHfpSupport ? true
, nativeModemManagerSupport ? true
, modemmanager
, ofonoSupport ? true
, hsphfpdSupport ? true
, pulseTunnelSupport ? true
, libpulseaudio
, zeroconfSupport ? true
, avahi
, raopSupport ? true
, openssl
, opusSupport ? true
, rocSupport ? true
, roc-toolkit
, x11Support ? true
, libcanberra
, xorg
, mysofaSupport ? true
, libmysofa
, ffadoSupport ? x11Support && lib.systems.equals stdenv.buildPlatform stdenv.hostPlatform
, ffado
, libselinux
}:
# Bluetooth codec only makes sense if general bluetooth enabled
assert ldacbtSupport -> bluezSupport;
stdenv.mkDerivation(finalAttrs: {
pname = "pipewire";
version = "1.2.1";
version = "1.2.2";
outputs = [
"out"
@ -91,7 +74,7 @@ stdenv.mkDerivation(finalAttrs: {
owner = "pipewire";
repo = "pipewire";
rev = finalAttrs.version;
sha256 = "sha256-CkxsVD813LbWpuZhJkNLJnqjLF6jmEn+CajXb2XTCsY=";
sha256 = "sha256-neLQ41p2f2QyOS3r2VxanaHbiVj6nnnkT7kx/On0azM=";
};
patches = [
@ -115,35 +98,40 @@ stdenv.mkDerivation(finalAttrs: {
buildInputs = [
alsa-lib
bluez
dbus
fdk_aac
ffmpeg
glib
gst_all_1.gst-plugins-base
gst_all_1.gstreamer
libcamera
libjack2
libfreeaptx
liblc3
libmysofa
libopus
libpulseaudio
libusb1
libselinux
libsndfile
lilv
modemmanager
ncurses
readline
sbc
] ++ (if enableSystemd then [ systemd ] else [ udev ])
++ (if lib.meta.availableOn stdenv.hostPlatform webrtc-audio-processing_1 then [ webrtc-audio-processing_1 ] else [ webrtc-audio-processing ])
++ lib.optionals gstreamerSupport [ gst_all_1.gst-plugins-base gst_all_1.gstreamer ]
++ lib.optionals libcameraSupport [ libcamera ]
++ lib.optional ffmpegSupport ffmpeg
++ lib.optionals bluezSupport [ bluez libfreeaptx liblc3 sbc fdk_aac libopus ]
++ lib.optional ldacbtSupport ldacbt
++ lib.optional nativeModemManagerSupport modemmanager
++ lib.optional opusSupport libopus
++ lib.optional pulseTunnelSupport libpulseaudio
++ lib.optional (lib.meta.availableOn stdenv.hostPlatform ldacbt) ldacbt
++ lib.optional zeroconfSupport avahi
++ lib.optional raopSupport openssl
++ lib.optional rocSupport roc-toolkit
++ lib.optionals vulkanSupport [ libdrm vulkan-headers vulkan-loader ]
++ lib.optionals x11Support [ libcanberra xorg.libX11 xorg.libXfixes ]
++ lib.optional mysofaSupport libmysofa
++ lib.optional ffadoSupport ffado;
# Valgrind binary is required for running one optional test.
nativeCheckInputs = lib.optional withValgrind valgrind;
nativeCheckInputs = lib.optional (lib.meta.availableOn stdenv.hostPlatform valgrind) valgrind;
mesonFlags = [
(lib.mesonEnable "docs" true)
@ -151,28 +139,29 @@ stdenv.mkDerivation(finalAttrs: {
(lib.mesonEnable "installed_tests" true)
(lib.mesonOption "installed_test_prefix" (placeholder "installedTests"))
(lib.mesonOption "libjack-path" "${placeholder "jack"}/lib")
(lib.mesonEnable "libcamera" libcameraSupport)
(lib.mesonEnable "libcamera" true)
(lib.mesonEnable "libffado" ffadoSupport)
(lib.mesonEnable "roc" rocSupport)
(lib.mesonEnable "libpulse" pulseTunnelSupport)
(lib.mesonEnable "libpulse" true)
(lib.mesonEnable "avahi" zeroconfSupport)
(lib.mesonEnable "gstreamer" gstreamerSupport)
(lib.mesonEnable "gstreamer" true)
(lib.mesonEnable "gstreamer-device-provider" true)
(lib.mesonEnable "systemd" enableSystemd)
(lib.mesonEnable "systemd-system-service" enableSystemd)
(lib.mesonEnable "udev" (!enableSystemd))
(lib.mesonEnable "ffmpeg" ffmpegSupport)
(lib.mesonEnable "pw-cat-ffmpeg" ffmpegSupport)
(lib.mesonEnable "bluez5" bluezSupport)
(lib.mesonEnable "bluez5-backend-hsp-native" nativeHspSupport)
(lib.mesonEnable "bluez5-backend-hfp-native" nativeHfpSupport)
(lib.mesonEnable "bluez5-backend-native-mm" nativeModemManagerSupport)
(lib.mesonEnable "bluez5-backend-ofono" ofonoSupport)
(lib.mesonEnable "bluez5-backend-hsphfpd" hsphfpdSupport)
(lib.mesonEnable "ffmpeg" true)
(lib.mesonEnable "pw-cat-ffmpeg" true)
(lib.mesonEnable "bluez5" true)
(lib.mesonEnable "bluez5-backend-hsp-native" true)
(lib.mesonEnable "bluez5-backend-hfp-native" true)
(lib.mesonEnable "bluez5-backend-native-mm" true)
(lib.mesonEnable "bluez5-backend-ofono" true)
(lib.mesonEnable "bluez5-backend-hsphfpd" true)
# source code is not easily obtainable
(lib.mesonEnable "bluez5-codec-lc3plus" false)
(lib.mesonEnable "bluez5-codec-lc3" bluezSupport)
(lib.mesonEnable "bluez5-codec-ldac" ldacbtSupport)
(lib.mesonEnable "opus" opusSupport)
(lib.mesonEnable "bluez5-codec-lc3" true)
(lib.mesonEnable "bluez5-codec-ldac" true)
(lib.mesonEnable "opus" true)
(lib.mesonOption "sysconfdir" "/etc")
(lib.mesonEnable "raop" raopSupport)
(lib.mesonOption "session-managers" "")
@ -180,7 +169,7 @@ stdenv.mkDerivation(finalAttrs: {
(lib.mesonEnable "x11" x11Support)
(lib.mesonEnable "x11-xfixes" x11Support)
(lib.mesonEnable "libcanberra" x11Support)
(lib.mesonEnable "libmysofa" mysofaSupport)
(lib.mesonEnable "libmysofa" true)
(lib.mesonEnable "sdl2" false) # required only to build examples, causes dependency loop
(lib.mesonBool "rlimits-install" false) # installs to /etc, we won't use this anyway
(lib.mesonEnable "compress-offload" true)

4
pkgs/development/libraries/protobuf/25.nix
View File

@ -1,6 +1,6 @@
{ callPackage, ... } @ args:
callPackage ./generic.nix ({
version = "25.3";
hash = "sha256-N/mO9a6NyC0GwxY3/u1fbFbkfH7NTkyuIti6L3bc+7k=";
version = "25.4";
hash = "sha256-dIouv6QaX6Tlahjrdz250DJkKjZ74/EwoQjTs3vBS/U=";
} // args)

1
pkgs/development/libraries/qt-6/modules/qtwayland.nix
View File

@ -10,6 +10,7 @@
qtModule {
pname = "qtwayland";
propagatedBuildInputs = [ qtbase qtdeclarative ];
propagatedNativeBuildInputs = [ wayland ];
buildInputs = [ wayland libdrm ];
nativeBuildInputs = [ pkg-config ];

2
pkgs/development/libraries/sqlite/default.nix
View File

@ -72,7 +72,7 @@ stdenv.mkDerivation rec {
fi
# Necessary for FTS5 on Linux
export NIX_LDFLAGS="$NIX_LDFLAGS -lm"
export NIX_CFLAGS_LINK="$NIX_CFLAGS_LINK -lm"
echo ""
echo "NIX_CFLAGS_COMPILE = $NIX_CFLAGS_COMPILE"

34
pkgs/development/libraries/x265/default.nix
View File

@ -2,7 +2,6 @@
, gccStdenv
, stdenv
, fetchurl
, fetchpatch
, cmake
, nasm
@ -31,7 +30,7 @@ in
stdenv.mkDerivation rec {
pname = "x265";
version = "3.5";
version = "3.6";
outputs = [ "out" "dev" ];
@ -39,40 +38,11 @@ stdenv.mkDerivation rec {
# whether we fetch a source tarball or a tag from the git repo
src = fetchurl {
url = "https://bitbucket.org/multicoreware/x265_git/downloads/x265_${version}.tar.gz";
hash = "sha256-5wozNcrKy7oLOiDsb+zWeDkyKI68gWOtdLzJYGR3yug=";
hash = "sha256-ZjUx80HFOJ9GDXMOYuEKT8yjQoyiyhCWk4Z7xf4uKAc=";
};
sourceRoot = "x265_${version}/source";
patches = [
# More aliases for ARM platforms + do not force CLFAGS for ARM :
(fetchpatch {
url = "https://gitweb.gentoo.org/repo/gentoo.git/plain/media-libs/x265/files/arm-r1.patch?id=1d1de341e1404a46b15ae3e84bc400d474cf1a2c";
sha256 = "1hgzq5vxkwh0nyikxjfz8gz3jvx2nq3yy12mz3fn13qvzdlb5ilp";
})
# use proper check to avoid undefined symbols when enabling assembly on ARM :
(fetchpatch {
url = "https://gitweb.gentoo.org/repo/gentoo.git/plain/media-libs/x265/files/neon.patch?id=1d1de341e1404a46b15ae3e84bc400d474cf1a2c";
sha256 = "1mmshpbyldrfqxfmdajqal4l647zvlrwdai8pxw99qg4v8gajfii";
})
# More complete PPC64 matches :
(fetchpatch {
url = "https://gitweb.gentoo.org/repo/gentoo.git/plain/media-libs/x265/files/x265-3.3-ppc64.patch?id=1d1de341e1404a46b15ae3e84bc400d474cf1a2c";
sha256 = "1mvw678xfm0vr59n5jilq56qzcgk1gmcip2afyafkqiv21nbms8c";
})
# Namespace functions for multi-bitdepth builds so that libraries are self-contained (and tests succeeds) :
(fetchpatch {
url = "https://gitweb.gentoo.org/repo/gentoo.git/plain/media-libs/x265/files/test-ns.patch?id=1d1de341e1404a46b15ae3e84bc400d474cf1a2c";
sha256 = "0zg3g53l07yh7ar5c241x50y5zp7g8nh8rh63ad4bdpchpc2f52d";
})
# Fix detection of NEON (and armv6 build) :
./fix-neon-detection.patch
]
# CMake files require a bit of patching to support CMAKE_ASM_COMPILER.
# Made by @RossComputerGuy for x265 v3.5.
# https://mailman.videolan.org/pipermail/x265-devel/2024-July/013734.html
++ lib.optional (stdenv.cc.isClang && !stdenv.targetPlatform.isDarwin) ./fix-clang-asm.patch;
postPatch = ''
substituteInPlace cmake/Version.cmake \
--replace "unknown" "${version}" \

28
pkgs/development/libraries/x265/fix-neon-detection.patch
View File

@ -1,28 +0,0 @@
commit 72489cd0a1c229258abe4f20e4fdfd414dfa88da
Author: rnhmjoj <rnhmjoj@inventati.org>
Date: Sun Oct 2 00:15:24 2022 +0200
Fix NEON detection
diff --git a/cmake/FindNeon.cmake b/cmake/FindNeon.cmake
index 0062449..9c436d9 100644
--- a/cmake/FindNeon.cmake
+++ b/cmake/FindNeon.cmake
@@ -1,10 +1,11 @@
include(FindPackageHandleStandardArgs)
# Check the version of neon supported by the ARM CPU
-execute_process(COMMAND cat /proc/cpuinfo | grep Features | grep neon
- OUTPUT_VARIABLE neon_version
- ERROR_QUIET
- OUTPUT_STRIP_TRAILING_WHITESPACE)
-if(neon_version)
- set(CPU_HAS_NEON 1)
+message(STATUS "Detecting NEON support")
+execute_process(COMMAND sed -n "/Features.* neon/q 1" /proc/cpuinfo
+ RESULT_VARIABLE CPU_HAS_NEON)
+if(CPU_HAS_NEON)
+ message(STATUS "Detecting NEON support - supported")
+else()
+ message(STATUS "Detecting NEON support - not supported" )
endif()

9
pkgs/development/libraries/xapian/default.nix
View File

@ -7,6 +7,9 @@
# tests
, mu
, perlPackages
, python3
, xapian-omega
}:
let
@ -43,7 +46,9 @@ let
'';
passthru.tests = {
inherit mu;
inherit mu xapian-omega;
inherit (perlPackages) SearchXapian;
python-xapian = python3.pkgs.xapian;
};
meta = with lib; {
@ -59,5 +64,5 @@ in {
# Don't forget to change the hashes in xapian-omega and
# python3Packages.xapian. They inherit the version from this package, and
# should always be built with the equivalent xapian version.
xapian_1_4 = generic "1.4.25" "sha256-DJnf3YF1cctWibxBKn4CFAeTgxPzjqOnD6O/hkEGCO4=";
xapian_1_4 = generic "1.4.26" "sha256-nmp5A4BpZtFs4iC0k3fJyPrWZ8jw/8sjo0QpRiaTY6c=";
}

2
pkgs/development/libraries/xapian/tools/omega/default.nix
View File

@ -6,7 +6,7 @@ stdenv.mkDerivation rec {
src = fetchurl {
url = "https://oligarchy.co.uk/xapian/${version}/xapian-omega-${version}.tar.xz";
hash = "sha256-L8C1BeYG1eHc3h8iNitvAjfZ6Ef8m2r1OPmbyavR/Ms=";
hash = "sha256-pbI4bhsE34TRFJqenFvPxeRyammmnaZBuGxo15ln2uQ=";
};
buildInputs = [ xapian perl pcre2 zlib libmagic ];

7
pkgs/development/libraries/xxHash/default.nix
View File

@ -22,10 +22,6 @@ stdenv.mkDerivation rec {
# Using unofficial CMake build script to install CMake module files.
cmakeDir = "../cmake_unofficial";
cmakeFlags = [
"-DBUILD_SHARED_LIBS=${if stdenv.hostPlatform.isStatic then "OFF" else "ON"}"
];
meta = with lib; {
description = "Extremely fast hash algorithm";
longDescription = ''
@ -40,5 +36,8 @@ stdenv.mkDerivation rec {
mainProgram = "xxhsum";
maintainers = with maintainers; [ orivej ];
platforms = platforms.all;
pkgConfigModules = [
"libxxhash"
];
};
}

37
pkgs/development/python-modules/cryptography/default.nix
View File

@ -3,12 +3,12 @@
stdenv,
buildPythonPackage,
callPackage,
cargo,
setuptools,
bcrypt,
certifi,
cffi,
cryptography-vectors ? (callPackage ./vectors.nix { }),
fetchPypi,
fetchpatch2,
isPyPy,
libiconv,
libxcrypt,
@ -18,39 +18,29 @@
pytest-xdist,
pytestCheckHook,
pythonOlder,
rustc,
rustPlatform,
Security,
setuptoolsRustBuildHook,
}:
buildPythonPackage rec {
pname = "cryptography";
version = "42.0.8"; # Also update the hash in vectors.nix
version = "43.0.0"; # Also update the hash in vectors.nix
pyproject = true;
disabled = pythonOlder "3.7";
src = fetchPypi {
inherit pname version;
hash = "sha256-jQnQVDnOe6qOnpWwfsW2yIb1SN634Pae8l9ks7zoQvI=";
hash = "sha256-uIB1raLVGqnxgoNTLJ9g5yFwBBu6iNfzfknLsQJ1KZ4=";
};
cargoDeps = rustPlatform.fetchCargoTarball {
inherit src;
sourceRoot = "${pname}-${version}/${cargoRoot}";
name = "${pname}-${version}";
hash = "sha256-PgxPcFocEhnQyrsNtCN8YHiMptBmk1PUhEDQFdUR1nU=";
hash = "sha256-TEQy8PrIaZshiBFTqR/OJp3e/bVM1USjcmpDYcjPJPM=";
};
patches = [
(fetchpatch2 {
# skip overflowing tests on 32 bit; https://github.com/pyca/cryptography/pull/10366
url = "https://github.com/pyca/cryptography/commit/d741901dddd731895346636c0d3556c6fa51fbe6.patch";
hash = "sha256-eC+MZg5O8Ia5CbjRE4y+JhaFs3Q5c62QtPHr3x9T+zw=";
})
];
postPatch = ''
substituteInPlace pyproject.toml \
--replace-fail "--benchmark-disable" ""
@ -58,12 +48,11 @@ buildPythonPackage rec {
cargoRoot = "src/rust";
nativeBuildInputs = [
build-system = [
rustPlatform.cargoSetupHook
setuptoolsRustBuildHook
cargo
rustc
rustPlatform.maturinBuildHook
pkg-config
setuptools
] ++ lib.optionals (!isPyPy) [ cffi ];
buildInputs =
@ -74,7 +63,9 @@ buildPythonPackage rec {
]
++ lib.optionals (pythonOlder "3.9") [ libxcrypt ];
propagatedBuildInputs = lib.optionals (!isPyPy) [ cffi ];
dependencies = lib.optionals (!isPyPy) [ cffi ];
optional-dependencies.ssh = [ bcrypt ];
nativeCheckInputs = [
certifi
@ -82,7 +73,7 @@ buildPythonPackage rec {
pretend
pytestCheckHook
pytest-xdist
];
] ++ optional-dependencies.ssh;
pytestFlagsArray = [ "--disable-pytest-warnings" ];
@ -91,6 +82,10 @@ buildPythonPackage rec {
"tests/bench"
];
passthru = {
vectors = cryptography-vectors;
};
meta = with lib; {
description = "Package which provides cryptographic recipes and primitives";
longDescription = ''

2
pkgs/development/python-modules/cryptography/vectors.nix
View File

@ -15,7 +15,7 @@ buildPythonPackage rec {
src = fetchPypi {
pname = "cryptography_vectors";
inherit version;
hash = "sha256-31ZXNnvAqQw3QwnLJhAJosU8rpGkWHgTOaD3JPgZpGo=";
hash = "sha256-XJ0JpzLVQzzt4VQqluzXCoDhIq8EfudAS83x88y45wI=";
};
nativeBuildInputs = [ flit-core ];

6
pkgs/development/python-modules/email-validator/default.nix
View File

@ -10,7 +10,7 @@
buildPythonPackage rec {
pname = "email-validator";
version = "2.1.2";
version = "2.2.0";
format = "setuptools";
disabled = pythonOlder "3.8";
@ -18,10 +18,10 @@ buildPythonPackage rec {
src = fetchPypi {
pname = "email_validator";
inherit version;
hash = "sha256-FMDz00PEvto3QAQhs5+kEbvjOnXfIIJd9zrVPgap8Ew=";
hash = "sha256-y2kPNExhenFPIuZq53FEWhzrRoIRUt+OFlxfmjZFgrc=";
};
propagatedBuildInputs = [
dependencies = [
dnspython
idna
];

23
pkgs/development/python-modules/motor/default.nix
View File

@ -2,6 +2,8 @@
lib,
buildPythonPackage,
fetchFromGitHub,
hatchling,
hatch-requirements-txt,
mockupdb,
pymongo,
pythonOlder,
@ -9,19 +11,24 @@
buildPythonPackage rec {
pname = "motor";
version = "3.4.0";
format = "setuptools";
version = "3.5.1";
pyproject = true;
disabled = pythonOlder "3.7";
src = fetchFromGitHub {
owner = "mongodb";
repo = pname;
repo = "motor";
rev = "refs/tags/${version}";
hash = "sha256-Rj8eYZxmw/cn/vkhLunmHgxMMHIQe80Zhc2p0q3b/AY=";
hash = "sha256-mg31FzMF0xEEhfLKAdF2pzEkULESFFGaXnE0uospXqE=";
};
propagatedBuildInputs = [ pymongo ];
build-system = [
hatchling
hatch-requirements-txt
];
dependencies = [ pymongo ];
nativeCheckInputs = [ mockupdb ];
@ -30,10 +37,10 @@ buildPythonPackage rec {
pythonImportsCheck = [ "motor" ];
meta = with lib; {
meta = {
description = "Non-blocking MongoDB driver for Tornado or asyncio";
license = licenses.asl20;
license = lib.licenses.asl20;
homepage = "https://github.com/mongodb/motor";
maintainers = with maintainers; [ globin ];
maintainers = with lib.maintainers; [ globin ];
};
}

7
pkgs/development/python-modules/passlib/default.nix
View File

@ -28,6 +28,13 @@ buildPythonPackage rec {
totp = [ cryptography ];
};
# Fix for https://foss.heptapod.net/python-libs/passlib/-/issues/190
postPatch = ''
substituteInPlace passlib/handlers/bcrypt.py \
--replace-fail "version = _bcrypt.__about__.__version__" \
"version = getattr(getattr(_bcrypt, '__about__', _bcrypt), '__version__', '<unknown>')"
'';
nativeCheckInputs =
[
pytestCheckHook

4
pkgs/development/python-modules/pikepdf/default.nix
View File

@ -25,7 +25,7 @@
buildPythonPackage rec {
pname = "pikepdf";
version = "9.0.0";
version = "9.1.0";
pyproject = true;
disabled = pythonOlder "3.8";
@ -40,7 +40,7 @@ buildPythonPackage rec {
postFetch = ''
rm "$out/.git_archival.txt"
'';
hash = "sha256-dTEYI3dGu3Q/80lijp0ooApveSL1VWVHwLw7covnYYc=";
hash = "sha256-rcL4kwF8aBHy/sxZiQsQGvN3i1geiPFyrv8nRSXUZSA=";
};
patches = [

Some files were not shown because too many files have changed in this diff Show More