Merge master into staging-next

This commit is contained in:
Frederik Rietdijk 2019-01-06 09:36:23 +01:00
commit e5381cdece
55 changed files with 500 additions and 1342 deletions

View File

@ -307,23 +307,19 @@ packageOverrides = pkgs: {
</screen> </screen>
</para> </para>
</section> </section>
<section xml:id="sec-elm"> <section xml:id="sec-elm">
<title>Elm</title> <title>Elm</title>
<para> <para>
The Nix expressions for Elm reside in To update Elm compiler, see <filename>nixpkgs/pkgs/development/compilers/elm/README.md</filename>.
<filename>pkgs/development/compilers/elm</filename>. They are generated </para>
automatically by <command>update-elm.rb</command> script. One should specify
versions of Elm packages inside the script, clear the <para>
<filename>packages</filename> directory and run the script from inside it. To package Elm applications, <link xlink:href="https://github.com/hercules-ci/elm2nix#elm2nix">read about elm2nix</link>.
<literal>elm-reactor</literal> is special because it also has Elm package
dependencies. The process is not automated very much for now -- you should
get the <literal>elm-reactor</literal> source tree (e.g. with
<command>nix-shell</command>) and run <command>elm2nix.rb</command> inside
it. Place the resulting <filename>package.nix</filename> file into
<filename>packages/elm-reactor-elm.nix</filename>.
</para> </para>
</section> </section>
<section xml:id="sec-shell-helpers"> <section xml:id="sec-shell-helpers">
<title>Interactive shell helpers</title> <title>Interactive shell helpers</title>

View File

@ -29,11 +29,20 @@ with lib;
security.apparmor.enable = mkDefault true; security.apparmor.enable = mkDefault true;
boot.kernelParams = [ boot.kernelParams = [
# Slab/slub sanity checks, redzoning, and poisoning
"slub_debug=FZP"
# Disable slab merging to make certain heap overflow attacks harder
"slab_nomerge"
# Overwrite free'd memory # Overwrite free'd memory
"page_poison=1" "page_poison=1"
# Disable legacy virtual syscalls # Disable legacy virtual syscalls
"vsyscall=none" "vsyscall=none"
# Enable PTI even if CPU claims to be safe from meltdown
"pti=on"
]; ];
boot.blacklistedKernelModules = [ boot.blacklistedKernelModules = [

View File

@ -9,7 +9,8 @@ in
options.programs.xss-lock = { options.programs.xss-lock = {
enable = mkEnableOption "xss-lock"; enable = mkEnableOption "xss-lock";
lockerCommand = mkOption { lockerCommand = mkOption {
example = "xlock"; default = "${pkgs.i3lock}/bin/i3lock";
example = literalExample ''''${pkgs.i3lock-fancy}/bin/i3lock-fancy'';
type = types.string; type = types.string;
description = "Locker to be used with xsslock"; description = "Locker to be used with xsslock";
}; };

View File

@ -32,7 +32,6 @@ in {
default = []; default = [];
description = "Extra arguments to lircd."; description = "Extra arguments to lircd.";
}; };
}; };
}; };
@ -43,14 +42,15 @@ in {
# Note: LIRC executables raises a warning, if lirc_options.conf do not exists # Note: LIRC executables raises a warning, if lirc_options.conf do not exists
environment.etc."lirc/lirc_options.conf".text = cfg.options; environment.etc."lirc/lirc_options.conf".text = cfg.options;
passthru.lirc.socket = "/run/lirc/lircd";
environment.systemPackages = [ pkgs.lirc ]; environment.systemPackages = [ pkgs.lirc ];
systemd.sockets.lircd = { systemd.sockets.lircd = {
description = "LIRC daemon socket"; description = "LIRC daemon socket";
wantedBy = [ "sockets.target" ]; wantedBy = [ "sockets.target" ];
socketConfig = { socketConfig = {
# default search path ListenStream = config.passthru.lirc.socket;
ListenStream = "/run/lirc/lircd";
SocketUser = "lirc"; SocketUser = "lirc";
SocketMode = "0660"; SocketMode = "0660";
}; };

View File

@ -33,12 +33,14 @@ in {
default = []; default = [];
description = "Additional command line arguments to pass to VDR."; description = "Additional command line arguments to pass to VDR.";
}; };
enableLirc = mkEnableOption "enable LIRC";
}; };
}; };
###### implementation ###### implementation
config = mkIf cfg.enable { config = mkIf cfg.enable (mkMerge [{
systemd.tmpfiles.rules = [ systemd.tmpfiles.rules = [
"d ${cfg.videoDir} 0755 vdr vdr -" "d ${cfg.videoDir} 0755 vdr vdr -"
"Z ${cfg.videoDir} - vdr vdr -" "Z ${cfg.videoDir} - vdr vdr -"
@ -67,5 +69,13 @@ in {
}; };
users.groups.vdr = {}; users.groups.vdr = {};
}; }
(mkIf cfg.enableLirc {
services.lirc.enable = true;
users.users.vdr.extraGroups = [ "lirc" ];
services.vdr.extraArguments = [
"--lirc=${config.passthru.lirc.socket}"
];
})]);
} }

View File

@ -9,7 +9,6 @@ with lib;
machine = { machine = {
imports = [ ./common/x11.nix ./common/user-account.nix ]; imports = [ ./common/x11.nix ./common/user-account.nix ];
programs.xss-lock.enable = true; programs.xss-lock.enable = true;
programs.xss-lock.lockerCommand = "${pkgs.xlockmore}/bin/xlock";
services.xserver.displayManager.auto.user = "alice"; services.xserver.displayManager.auto.user = "alice";
}; };
@ -20,6 +19,6 @@ with lib;
$machine->fail("pgrep xlock"); $machine->fail("pgrep xlock");
$machine->succeed("su -l alice -c 'xset dpms force standby'"); $machine->succeed("su -l alice -c 'xset dpms force standby'");
$machine->waitUntilSucceeds("pgrep xlock"); $machine->waitUntilSucceeds("pgrep i3lock");
''; '';
}) })

View File

@ -5,13 +5,13 @@
with stdenv.lib; with stdenv.lib;
stdenv.mkDerivation rec{ stdenv.mkDerivation rec{
name = "bitcoin" + (toString (optional (!withGui) "d")) + "-" + version; name = "bitcoin" + (toString (optional (!withGui) "d")) + "-" + version;
version = "0.17.0"; version = "0.17.1";
src = fetchurl { src = fetchurl {
urls = [ "https://bitcoincore.org/bin/bitcoin-core-${version}/bitcoin-${version}.tar.gz" urls = [ "https://bitcoincore.org/bin/bitcoin-core-${version}/bitcoin-${version}.tar.gz"
"https://bitcoin.org/bin/bitcoin-core-${version}/bitcoin-${version}.tar.gz" "https://bitcoin.org/bin/bitcoin-core-${version}/bitcoin-${version}.tar.gz"
]; ];
sha256 = "0pkq28d2dj22qrxyyg9kh0whmhj7ghyabnhyqldbljv4a7l3kvwq"; sha256 = "0am4pnaf2cisv172jqx6jdpzx770agm8777163lkjbw3ryslymiy";
}; };
nativeBuildInputs = [ pkgconfig autoreconfHook ] nativeBuildInputs = [ pkgconfig autoreconfHook ]

View File

@ -3,7 +3,7 @@
with stdenv.lib; with stdenv.lib;
let let
version = "1.34"; version = "1.34.1";
in in
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
@ -11,7 +11,7 @@ stdenv.mkDerivation rec {
src = fetchurl { src = fetchurl {
url = "https://download.geany.org/${name}.tar.bz2"; url = "https://download.geany.org/${name}.tar.bz2";
sha256 = "63b93d25d037eaffa77895ae6dd29c91bca570e4053eff5cc8490f87e6021f8e"; sha256 = "e765efd89e759defe3fd797d8a2052afbb4b23522efbcc72e3a72b7f1093ec11";
}; };
nativeBuildInputs = [ pkgconfig intltool libintl ]; nativeBuildInputs = [ pkgconfig intltool libintl ];

View File

@ -1,12 +1,12 @@
{ stdenv, curl, fetchFromGitHub, cjson, olm, luaffi }: { stdenv, curl, fetchFromGitHub, cjson, olm, luaffi }:
stdenv.mkDerivation { stdenv.mkDerivation {
name = "weechat-matrix-bridge-2018-05-29"; name = "weechat-matrix-bridge-2018-11-19";
src = fetchFromGitHub { src = fetchFromGitHub {
owner = "torhve"; owner = "torhve";
repo = "weechat-matrix-protocol-script"; repo = "weechat-matrix-protocol-script";
rev = "ace3fefc0e35a627f8a528032df2e3111e41eb1b"; rev = "8d32e90d864a8f3f09ecc2857cd5dd6e39a8c3f7";
sha256 = "1snf8vn5n9wzrnqnvdrcli4199s5p114jbjlgrj5c27i53173wqw"; sha256 = "0qqd6qmkrdc0r3rnl53c3yp93fbcz7d3mdw3vq5gmdqxyym4s9lj";
}; };
patches = [ patches = [

View File

@ -1,24 +1,18 @@
{ stdenv, fetchFromGitHub, fetchpatch, cmake, python, xxd }: { stdenv, fetchFromGitHub, fetchpatch, cmake, python3, xxd, boost }:
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
name = "cryptominisat-${version}"; name = "cryptominisat-${version}";
version = "5.0.1"; version = "5.6.6";
src = fetchFromGitHub { src = fetchFromGitHub {
owner = "msoos"; owner = "msoos";
repo = "cryptominisat"; repo = "cryptominisat";
rev = version; rev = version;
sha256 = "0cpw5d9vplxvv3aaplhnga55gz1hy29p7s4pkw1306knkbhlzvkb"; sha256 = "1a1494gj4j73yij0hjbzsn2hglk9zy5c5wfwgig3j67cis28saf5";
}; };
buildInputs = [ python xxd ]; buildInputs = [ python3 boost ];
nativeBuildInputs = [ cmake ]; nativeBuildInputs = [ cmake xxd ];
patches = [(fetchpatch rec {
name = "fix-exported-library-name.patch";
url = "https://github.com/msoos/cryptominisat/commit/7a47795cbe5ad5a899731102d297f234bcade077.patch";
sha256 = "11hf3cfqs4cykn7rlgjglq29lzqfxvlm0f20qasi0kdrz01cr30f";
})];
meta = with stdenv.lib; { meta = with stdenv.lib; {
description = "An advanced SAT Solver"; description = "An advanced SAT Solver";

View File

@ -91,6 +91,6 @@ in stdenv.mkDerivation rec {
homepage = https://obsproject.com; homepage = https://obsproject.com;
maintainers = with maintainers; [ jb55 MP2E ]; maintainers = with maintainers; [ jb55 MP2E ];
license = licenses.gpl2; license = licenses.gpl2;
platforms = with platforms; linux; platforms = [ "x86_64-linux" "i686-linux" ];
}; };
} }

View File

@ -21,11 +21,11 @@ assert (withQt5 -> qtbase != null && qtsvg != null && qtx11extras != null);
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
name = "vlc-${version}"; name = "vlc-${version}";
version = "3.0.4"; version = "3.0.5";
src = fetchurl { src = fetchurl {
url = "http://get.videolan.org/vlc/${version}/${name}.tar.xz"; url = "http://get.videolan.org/vlc/${version}/${name}.tar.xz";
sha256 = "17jsq0zqpqyxw4ckvjba0hf6zk8ywc4wf8sy3z03hh3ij0vxpwq1"; sha256 = "1nvj00khy08sing0mdnw6virmiq579mrk5rvpx9710nlxggqgh7m";
}; };
# VLC uses a *ton* of libraries for various pieces of functionality, many of # VLC uses a *ton* of libraries for various pieces of functionality, many of

View File

@ -0,0 +1,24 @@
# To update Elm:
Modify revision in ./update.sh and run it
# Notes about the build process:
The elm binary embeds a piece of pre-compiled elm code, used by 'elm
reactor'. This means that the build process for 'elm' effectively
executes 'elm make'. that in turn expects to retrieve the elm
dependencies of that code (elm/core, etc.) from
package.elm-lang.org, as well as a cached bit of metadata
(versions.dat).
The makeDotElm function lets us retrieve these dependencies in the
standard nix way. we have to copy them in (rather than symlink) and
make them writable because the elm compiler writes other .dat files
alongside the source code. versions.dat was produced during an
impure build of this same code; the build complains that it can't
update this cache, but continues past that warning.
Finally, we set ELM_HOME to point to these pre-fetched artifacts so
that the default of ~/.elm isn't used.
More: https://blog.hercules-ci.com/elm/2019/01/03/elm2nix-0.1/

View File

@ -2,95 +2,40 @@
, haskell, nodejs , haskell, nodejs
, fetchurl, fetchpatch, makeWrapper, git }: , fetchurl, fetchpatch, makeWrapper, git }:
# To update:
# 1) Modify ./update.sh and run it
# 2) to generate versions.dat:
# 2.1) git clone https://github.com/elm/compiler.git
# 2.2) cd compiler
# 2.3) cabal2nix --shell . | sed 's/"default",/"ghc822",/' > shell.nix
# 2.4) nix-shell
# 2.5) mkdir .elm
# 2.6) export ELM_HOME=$(pwd)/.elm
# 2.7) cabal build
# 2.8) cp .elm/0.19.0/package/versions.dat ...
# 3) generate a template for elm-elm.nix with:
# (
# echo "{";
# jq '.dependencies | .direct, .indirect | to_entries | .[] | { (.key) : { version : .value, sha256: "" } } ' \
# < ui/browser/elm.json \
# | sed 's/:/ =/' \
# | sed 's/^[{}]//' \
# | sed -E 's/(["}]),?$/\1;/' \
# | sed -E 's/"(version|sha256)"/\1/' \
# | grep -v '^$';
# echo "}"
# )
#
# ... then fill in the sha256s
# Notes:
# the elm binary embeds a piece of pre-compiled elm code, used by 'elm
# reactor'. this means that the build process for 'elm' effectively
# executes 'elm make'. that in turn expects to retrieve the elm
# dependencies of that code (elm/core, etc.) from
# package.elm-lang.org, as well as a cached bit of metadata
# (versions.dat).
# the makeDotElm function lets us retrieve these dependencies in the
# standard nix way. we have to copy them in (rather than symlink) and
# make them writable because the elm compiler writes other .dat files
# alongside the source code. versions.dat was produced during an
# impure build of this same code; the build complains that it can't
# update this cache, but continues past that warning.
# finally, we set ELM_HOME to point to these pre-fetched artifacts so
# that the default of ~/.elm isn't used.
let let
fetchElmDeps = import ./fetchElmDeps.nix { inherit stdenv lib fetchurl; }; fetchElmDeps = import ./fetchElmDeps.nix { inherit stdenv lib fetchurl; };
hsPkgs = haskell.packages.ghc822.override { hsPkgs = haskell.packages.ghc863.override {
overrides = self: super: with haskell.lib; overrides = self: super: with haskell.lib;
let elmPkgs = { let elmPkgs = {
elm = overrideCabal (self.callPackage ./packages/elm.nix { }) (drv: { elm = overrideCabal (self.callPackage ./packages/elm.nix { }) (drv: {
# sadly with parallelism most of the time breaks compilation # sadly with parallelism most of the time breaks compilation
enableParallelBuilding = false; enableParallelBuilding = false;
preConfigure = fetchElmDeps { preConfigure = self.fetchElmDeps {
elmPackages = (import ./packages/elm-elm.nix); elmPackages = (import ./packages/elm-srcs.nix);
versionsDat = ./versions.dat; versionsDat = ./versions.dat;
}; };
buildTools = drv.buildTools or [] ++ [ makeWrapper ]; buildTools = drv.buildTools or [] ++ [ makeWrapper ];
patches = [ jailbreak = true;
(fetchpatch {
url = "https://github.com/elm/compiler/pull/1784/commits/78d2d8eab310552b1b877a3e90e1e57e7a09ddec.patch";
sha256 = "0vdhk16xqm2hxw12s1b91a0bmi8w4wsxc086qlzglgnjxrl5b3w4";
})
];
postInstall = '' postInstall = ''
wrapProgram $out/bin/elm \ wrapProgram $out/bin/elm \
--prefix PATH ':' ${lib.makeBinPath [ nodejs ]} --prefix PATH ':' ${lib.makeBinPath [ nodejs ]}
''; '';
}); });
/* /*
The elm-format expression is updated via a script in the https://github.com/avh4/elm-format repo: The elm-format expression is updated via a script in the https://github.com/avh4/elm-format repo:
`pacakge/nix/build.sh` `pacakge/nix/build.sh`
*/ */
elm-format = self.callPackage ./packages/elm-format.nix {}; elm-format = justStaticExecutables (doJailbreak (self.callPackage ./packages/elm-format.nix {}));
inherit fetchElmDeps; inherit fetchElmDeps;
elmVersion = elmPkgs.elm.version;
}; };
in elmPkgs // { in elmPkgs // {
inherit elmPkgs; inherit elmPkgs;
elmVersion = elmPkgs.elm.version;
# Needed for elm-format # Needed for elm-format
indents = self.callPackage ./packages/indents.nix {}; indents = self.callPackage ./packages/indents.nix {};
tasty-quickcheck = self.callPackage ./packages/tasty-quickcheck.nix {};
}; };
}; };
in hsPkgs.elmPkgs in hsPkgs.elmPkgs

View File

@ -1,26 +0,0 @@
#!/usr/bin/env ruby
require 'json'
system("elm-package install -y")
depsSrc = JSON.parse(File.read("elm-stuff/exact-dependencies.json"))
deps = Hash[ depsSrc.map { |pkg, ver|
url = "https://github.com/#{pkg}/archive/#{ver}.tar.gz"
sha256 = `nix-prefetch-url #{url}`
[ pkg, { version: ver,
sha256: sha256.strip
}
]
} ]
File.open("package.nix", 'w') do |file|
file.puts "{"
for pkg, info in deps
file.puts " \"#{pkg}\" = {"
file.puts " version = \"#{info[:version]}\";"
file.puts " sha256 = \"#{info[:sha256]}\";"
file.puts " };"
end
file.puts "}"
end

View File

@ -1,50 +0,0 @@
{
"elm/browser" = {
version = "1.0.0";
sha256 = "1apmvyax93nvmagwj00y16zx10kfv640cxpi64xgqbgy7d2wphy4";
};
"elm/core" = {
version = "1.0.0";
sha256 = "10kr86h4v5h4p0586q406a5wbl8xvr1jyrf6097zp2wb8sv21ylw";
};
"elm/html" = {
version = "1.0.0";
sha256 = "1n3gpzmpqqdsldys4ipgyl1zacn0kbpc3g4v3hdpiyfjlgh8bf3k";
};
"elm/http" = {
version = "1.0.0";
sha256 = "1igmm89ialzrjib1j8xagkxalq1x2gj4l0hfxcd66mpwmvg7psl8";
};
"elm/json" = {
version = "1.0.0";
sha256 = "1g0hafkqf2q633r7ir9wxpb1lnlzskhpsyi0h5bkzj0gl072zfnb";
};
"elm/project-metadata-utils" = {
version = "1.0.0";
sha256 = "1d4rd4grrnbdvj9gf00h7dr6hbkjzawgkzpizfrkp1z1pyr3mvq9";
};
"elm/svg" = {
version = "1.0.0";
sha256 = "08x0v8p9wm699jjmsnbq69pxv3jh60j4f6fg7y6hyr7xxj85y390";
};
"elm-explorations/markdown" = {
version = "1.0.0";
sha256 = "0k3110ixa4wwf3vkkdplagwah9ypr965qxr1y147rnsc1xsxmr6y";
};
"elm/parser" = {
version = "1.0.0";
sha256 = "0k4zlq30lrvawqvzwbvsl0hrmwf9s832mb41z7fdspm4549dj7wc";
};
"elm/time" = {
version = "1.0.0";
sha256 = "0vch7i86vn0x8b850w1p69vplll1bnbkp8s383z7pinyg94cm2z1";
};
"elm/url" = {
version = "1.0.0";
sha256 = "0av8x5syid40sgpl5vd7pry2rq0q4pga28b4yykn9gd9v12rs3l4";
};
"elm/virtual-dom" = {
version = "1.0.0";
sha256 = "0hm8g92h7z39km325dlnhk8n00nlyjkqp3r3jppr37k2k13md6aq";
};
}

View File

@ -0,0 +1,62 @@
{
"elm-explorations/markdown" = {
sha256 = "0k3110ixa4wwf3vkkdplagwah9ypr965qxr1y147rnsc1xsxmr6y";
version = "1.0.0";
};
"elm/json" = {
sha256 = "1g0hafkqf2q633r7ir9wxpb1lnlzskhpsyi0h5bkzj0gl072zfnb";
version = "1.0.0";
};
"elm/html" = {
sha256 = "1n3gpzmpqqdsldys4ipgyl1zacn0kbpc3g4v3hdpiyfjlgh8bf3k";
version = "1.0.0";
};
"elm/svg" = {
sha256 = "08x0v8p9wm699jjmsnbq69pxv3jh60j4f6fg7y6hyr7xxj85y390";
version = "1.0.0";
};
"elm/project-metadata-utils" = {
sha256 = "1d4rd4grrnbdvj9gf00h7dr6hbkjzawgkzpizfrkp1z1pyr3mvq9";
version = "1.0.0";
};
"elm/browser" = {
sha256 = "1apmvyax93nvmagwj00y16zx10kfv640cxpi64xgqbgy7d2wphy4";
version = "1.0.0";
};
"elm/core" = {
sha256 = "10kr86h4v5h4p0586q406a5wbl8xvr1jyrf6097zp2wb8sv21ylw";
version = "1.0.0";
};
"elm/http" = {
sha256 = "1igmm89ialzrjib1j8xagkxalq1x2gj4l0hfxcd66mpwmvg7psl8";
version = "1.0.0";
};
"elm/parser" = {
sha256 = "0k4zlq30lrvawqvzwbvsl0hrmwf9s832mb41z7fdspm4549dj7wc";
version = "1.0.0";
};
"elm/url" = {
sha256 = "0av8x5syid40sgpl5vd7pry2rq0q4pga28b4yykn9gd9v12rs3l4";
version = "1.0.0";
};
"elm/time" = {
sha256 = "0vch7i86vn0x8b850w1p69vplll1bnbkp8s383z7pinyg94cm2z1";
version = "1.0.0";
};
"elm/virtual-dom" = {
sha256 = "0hm8g92h7z39km325dlnhk8n00nlyjkqp3r3jppr37k2k13md6aq";
version = "1.0.0";
};
}

View File

@ -13,6 +13,7 @@ mkDerivation {
url = "https://github.com/elm/compiler"; url = "https://github.com/elm/compiler";
sha256 = "13jks6c6i80z71mjjfg46ri570g5ini0k3xw3857v6z66zcl56x4"; sha256 = "13jks6c6i80z71mjjfg46ri570g5ini0k3xw3857v6z66zcl56x4";
rev = "d5cbc41aac23da463236bbc250933d037da4055a"; rev = "d5cbc41aac23da463236bbc250933d037da4055a";
fetchSubmodules = true;
}; };
isLibrary = false; isLibrary = false;
isExecutable = true; isExecutable = true;

View File

@ -1,14 +0,0 @@
{ mkDerivation, base, pcre-light, QuickCheck, random, stdenv
, tagged, tasty, tasty-hunit
}:
mkDerivation {
pname = "tasty-quickcheck";
version = "0.9.2";
sha256 = "c5920adeab6e283d5e3ab45f3c80a1b011bedfbe4a3246a52606da2e1da95873";
libraryHaskellDepends = [ base QuickCheck random tagged tasty ];
testHaskellDepends = [ base pcre-light tasty tasty-hunit ];
doCheck = false;
homepage = "https://github.com/feuerbach/tasty";
description = "QuickCheck support for the Tasty test framework";
license = stdenv.lib.licenses.mit;
}

View File

@ -1 +1,8 @@
cabal2nix https://github.com/elm/compiler --revision 32059a289d27e303fa1665e9ada0a52eb688f302 > packages/elm.nix #!/usr/bin/env nix-shell
#!nix-shell -p cabal2nix elm2nix -i bash ../../..
cabal2nix https://github.com/elm/compiler --revision d5cbc41aac23da463236bbc250933d037da4055a > packages/elm.nix
elm2nix snapshot > versions.dat
pushd "$(nix-build -A elmPackages.elm.src --no-out-link ../../../..)/ui/browser"
elm2nix convert > $OLDPWD/packages/elm-srcs.nix
popd

View File

@ -517,6 +517,10 @@ self: super: {
# generic-deriving bound is too tight # generic-deriving bound is too tight
aeson = doJailbreak super.aeson; aeson = doJailbreak super.aeson;
# containers >=0.4 && <0.6 is too tight
# https://github.com/RaphaelJ/friday/issues/34
friday = doJailbreak super.friday;
# Won't compile with recent versions of QuickCheck. # Won't compile with recent versions of QuickCheck.
inilist = dontCheck super.inilist; inilist = dontCheck super.inilist;
MissingH = dontCheck super.MissingH; MissingH = dontCheck super.MissingH;

View File

@ -55,6 +55,8 @@ self: super: {
unicode-transforms = dontCheck super.unicode-transforms; unicode-transforms = dontCheck super.unicode-transforms;
RSA = dontCheck super.RSA; # https://github.com/GaloisInc/RSA/issues/14 RSA = dontCheck super.RSA; # https://github.com/GaloisInc/RSA/issues/14
monad-par = dontCheck super.monad-par; # https://github.com/simonmar/monad-par/issues/66 monad-par = dontCheck super.monad-par; # https://github.com/simonmar/monad-par/issues/66
github = dontCheck super.github; # hspec upper bound exceeded; https://github.com/phadej/github/pull/341
binary-orphans = dontCheck super.binary-orphans; # tasty upper bound exceeded; https://github.com/phadej/binary-orphans/commit/8ce857226595dd520236ff4c51fa1a45d8387b33
# https://github.com/jgm/skylighting/issues/55 # https://github.com/jgm/skylighting/issues/55
skylighting-core = dontCheck super.skylighting-core; skylighting-core = dontCheck super.skylighting-core;

View File

@ -4,11 +4,11 @@
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
pname = "getdns"; pname = "getdns";
name = "${pname}-${version}"; name = "${pname}-${version}";
version = "1.4.2"; version = "1.5.0";
src = fetchurl { src = fetchurl {
url = "https://getdnsapi.net/releases/${pname}-1-4-2/${pname}-${version}.tar.gz"; url = "https://getdnsapi.net/releases/${pname}-1-5-0/${pname}-${version}.tar.gz";
sha256 = "100fzjpvajvnv0kym8g5lkwyv8w8vhy7g2p0pb2gyz19zqnvi18n"; sha256 = "577182c3ace919ee70cee5629505581a10dc530bd53fe5c241603ea91c84fa84";
}; };
nativeBuildInputs = [ libtool m4 autoreconfHook automake file ]; nativeBuildInputs = [ libtool m4 autoreconfHook automake file ];

View File

@ -0,0 +1,28 @@
{ lib
, fetchPypi
, buildPythonPackage
, watchdog
}:
buildPythonPackage rec {
pname = "easywatch";
version = "0.0.5";
src = fetchPypi {
inherit pname version;
sha256 = "1b40cjigv7s9qj8hxxy6yhwv0320z7qywrigwgkasgh80q0xgphc";
};
propagatedBuildInputs = [ watchdog ];
# There are no tests
doCheck = false;
meta = with lib; {
description = "Dead-simple way to watch a directory";
homepage = https://github.com/Ceasar/easywatch;
license = licenses.mit;
maintainers = with maintainers; [ fgaz ];
};
}

View File

@ -1,41 +0,0 @@
{ stdenv
, buildPythonPackage
, fetchurl
, gflags
, iso8601
, ipaddr
, httplib2
, google_apputils
, google_api_python_client
, isPy3k
}:
buildPythonPackage rec {
name = "gcutil-1.16.1";
disabled = isPy3k;
src = fetchurl {
url = https://dl.google.com/dl/cloudsdk/release/artifacts/gcutil-1.16.1.tar.gz;
sha256 = "00jaf7x1ji9y46fbkww2sg6r6almrqfsprydz3q2swr4jrnrsx9x";
};
propagatedBuildInputs = [ gflags iso8601 ipaddr httplib2 google_apputils google_api_python_client ];
prePatch = ''
sed -i -e "s|google-apputils==0.4.0|google-apputils==0.4.1|g" setup.py
substituteInPlace setup.py \
--replace "httplib2==0.8" "httplib2" \
--replace "iso8601==0.1.4" "iso8601" \
--replace "ipaddr==2.1.10" "ipaddr" \
--replace "google-api-python-client==1.2" "google-api-python-client" \
--replace "python-gflags==2.0" "python-gflags"
'';
meta = with stdenv.lib; {
description = "Command-line tool for interacting with Google Compute Engine";
homepage = "https://cloud.google.com/compute/docs/gcutil/";
license = licenses.asl20;
maintainers = with maintainers; [ phreedom ];
};
}

View File

@ -1,13 +1,14 @@
{ lib, buildPythonPackage, fetchPypi { lib, buildPythonPackage, fetchPypi, isPy3k
, httplib2, google_auth, google-auth-httplib2, six, uritemplate, oauth2client }: , httplib2, google_auth, google-auth-httplib2, six, uritemplate, oauth2client }:
buildPythonPackage rec { buildPythonPackage rec {
pname = "google-api-python-client"; pname = "google-api-python-client";
version = "1.7.4"; version = "1.7.7";
#disabled = !isPy3k; # TODO: Python 2.7 was deprecated but weboob still depends on it.
src = fetchPypi { src = fetchPypi {
inherit pname version; inherit pname version;
sha256 = "5d5cb02c6f3112c68eed51b74891a49c0e35263380672d662f8bfe85b8114d7c"; sha256 = "1nlsp8cll6v9w4649j98xw545bfnqa2xs7m9faa9mxc0kp8ff1li";
}; };
# No tests included in archive # No tests included in archive

View File

@ -1,12 +1,20 @@
{ stdenv, fetchPypi, buildPythonPackage, gssapi, pyasn1 }: { stdenv, fetchPypi, fetchFromGitHub, buildPythonPackage, gssapi, pyasn1 }:
buildPythonPackage rec { buildPythonPackage rec {
version = "2.5.2"; version = "2.5.2";
pname = "ldap3"; pname = "ldap3";
src = fetchPypi { ## This should work, but 2.5.2 has a weird tarball with empty source files
inherit pname version; ## where upstream repository has non-empty ones
sha256 = "063dacy01mphc3n7z2qc2avykjavqm1gllkbvy7xzw5ihlqwhrrz"; # src = fetchPypi {
# inherit pname version;
# sha256 = "063dacy01mphc3n7z2qc2avykjavqm1gllkbvy7xzw5ihlqwhrrz";
# };
src = fetchFromGitHub {
owner = "cannatag";
repo = pname;
rev = "v${version}";
sha256 = "0p5l4bhy6j2nvvlxz5zvznbaqb72x791v9la2jr2wpwr60mzz9hw";
}; };
buildInputs = [ gssapi ]; buildInputs = [ gssapi ];

View File

@ -33,7 +33,7 @@ buildPythonPackage rec {
default, encoding is done in an encoding neutral fashion (plain default, encoding is done in an encoding neutral fashion (plain
ASCII with \uXXXX escapes for unicode characters). ASCII with \uXXXX escapes for unicode characters).
''; '';
homepage = http://code.google.com/p/simplejson/; homepage = https://github.com/simplejson/simplejson;
license = lib.licenses.mit; license = with lib.licenses; [ mit afl21 ];
}; };
} }

View File

@ -0,0 +1,30 @@
{ lib
, fetchPypi
, buildPythonPackage
, docopt
, easywatch
, jinja2
}:
buildPythonPackage rec {
pname = "staticjinja";
version = "0.3.4";
src = fetchPypi {
inherit pname version;
sha256 = "1mxv7yy35657mfxx9xhbzihh10m5lb29fmscfh9q455zd4ikr032";
};
propagatedBuildInputs = [ jinja2 docopt easywatch ];
# There are no tests on pypi
doCheck = false;
meta = with lib; {
description = "A library and cli tool that makes it easy to build static sites using Jinja2";
homepage = https://staticjinja.readthedocs.io/en/latest/;
license = licenses.mit;
maintainers = with maintainers; [ fgaz ];
};
}

View File

@ -1,4 +1,4 @@
{ buildPythonPackage, fetchurl, stdenv, isPy27 { buildPythonPackage, fetchurl, fetchPypi, stdenv, isPy27
, nose, pillow, prettytable, pyyaml, dateutil, gdata , nose, pillow, prettytable, pyyaml, dateutil, gdata
, requests, mechanize, feedparser, lxml, gnupg, pyqt5 , requests, mechanize, feedparser, lxml, gnupg, pyqt5
, libyaml, simplejson, cssselect, futures, pdfminer , libyaml, simplejson, cssselect, futures, pdfminer
@ -6,7 +6,18 @@
, unidecode , unidecode
}: }:
buildPythonPackage rec { let
# Support for Python 2.7 was dropped in 1.7.7
google_api_python_client_python27 = google_api_python_client.overrideDerivation
(oldAttrs: rec {
pname = "google-api-python-client";
version = "1.7.6";
src = fetchPypi {
inherit pname version;
sha256 = "14w5sdrp0bk9n0r2lmpqmrbf2zclpfq6q7giyahnskkfzdkb165z";
};
});
in buildPythonPackage rec {
pname = "weboob"; pname = "weboob";
version = "1.3"; version = "1.3";
disabled = ! isPy27; disabled = ! isPy27;
@ -35,8 +46,8 @@ buildPythonPackage rec {
propagatedBuildInputs = [ pillow prettytable pyyaml dateutil propagatedBuildInputs = [ pillow prettytable pyyaml dateutil
gdata requests mechanize feedparser lxml gnupg pyqt5 libyaml gdata requests mechanize feedparser lxml gnupg pyqt5 libyaml
simplejson cssselect futures pdfminer termcolor google_api_python_client simplejson cssselect futures pdfminer termcolor
html2text unidecode ]; google_api_python_client_python27 html2text unidecode ];
checkPhase = '' checkPhase = ''
nosetests nosetests

View File

@ -2,7 +2,7 @@
buildGoPackage rec { buildGoPackage rec {
name = "gllvm-${version}"; name = "gllvm-${version}";
version = "1.2.2"; version = "1.2.3";
goPackagePath = "github.com/SRI-CSL/gllvm"; goPackagePath = "github.com/SRI-CSL/gllvm";
@ -10,7 +10,7 @@ buildGoPackage rec {
owner = "SRI-CSL"; owner = "SRI-CSL";
repo = "gllvm"; repo = "gllvm";
rev = "v${version}"; rev = "v${version}";
sha256 = "1k6081frnc6i6h3fa8d796cirhbf5kkshw7qyarz5wi3fcgijn4s"; sha256 = "12kdgsma62nzksvw266qm3ivkbz62ma93dd25wy0p19789v4fi7s";
}; };
meta = with stdenv.lib; { meta = with stdenv.lib; {

View File

@ -0,0 +1,42 @@
{ stdenv, fetchFromGitHub, qtbase, qtwebengine, qtwebkit, qmake, makeWrapper, minizinc }:
let
version = "2.2.3";
in
stdenv.mkDerivation {
name = "minizinc-ide-${version}";
nativeBuildInputs = [ qmake makeWrapper ];
buildInputs = [ qtbase qtwebengine qtwebkit ];
src = fetchFromGitHub {
owner = "MiniZinc";
repo = "MiniZincIDE";
rev = version;
sha256 = "1hanq7c6li59awlwghgvpd8w93a7zb6iw7p4062nphnbd1dmg92f";
};
sourceRoot = "source/MiniZincIDE";
enableParallelBuilding = true;
postInstall = ''
wrapProgram $out/bin/MiniZincIDE --prefix PATH ":" ${stdenv.lib.makeBinPath [ minizinc ]}
'';
meta = with stdenv.lib; {
homepage = https://www.minizinc.org/;
description = "IDE for MiniZinc, a medium-level constraint modelling language";
longDescription = ''
MiniZinc is a medium-level constraint modelling
language. It is high-level enough to express most
constraint problems easily, but low-level enough
that it can be mapped onto existing solvers easily and consistently.
It is a subset of the higher-level language Zinc.
'';
license = licenses.mpl20;
platforms = platforms.linux;
maintainers = [ maintainers.dtzWill ];
};
}

View File

@ -20,13 +20,14 @@
, glibcLocales , glibcLocales
, nose , nose
, send2trash , send2trash
, CoreAudio
# This little flag adds a huge number of dependencies, but we assume that # This little flag adds a huge number of dependencies, but we assume that
# everyone wants Anki to draw plots with statistics by default. # everyone wants Anki to draw plots with statistics by default.
, plotsSupport ? true , plotsSupport ? true
}: }:
buildPythonApplication rec { buildPythonApplication rec {
version = "2.1.7"; version = "2.1.8";
name = "anki-${version}"; name = "anki-${version}";
src = fetchurl { src = fetchurl {
@ -36,12 +37,16 @@ buildPythonApplication rec {
# "http://ankisrs.net/download/mirror/${name}.tgz" # "http://ankisrs.net/download/mirror/${name}.tgz"
# "http://ankisrs.net/download/mirror/archive/${name}.tgz" # "http://ankisrs.net/download/mirror/archive/${name}.tgz"
]; ];
sha256 = "0cvlimfxb7kficlf20hg7a345pahvr093b7yqvssww15h4y4va9d"; sha256 = "08wb9hwpmbq7636h7sinim33qygdwwlh3frqqh2gfgm49f46di2p";
}; };
propagatedBuildInputs = [ pyqt5 sqlalchemy propagatedBuildInputs = [
beautifulsoup4 send2trash pyaudio requests decorator markdown ] pyqt5 sqlalchemy beautifulsoup4 send2trash pyaudio requests decorator
++ lib.optional plotsSupport matplotlib; markdown
]
++ lib.optional plotsSupport matplotlib
++ lib.optional stdenv.isDarwin [ CoreAudio ]
;
checkInputs = [ pytest glibcLocales nose ]; checkInputs = [ pytest glibcLocales nose ];

View File

@ -59,7 +59,7 @@ stdenv.mkDerivation ((lib.optionalAttrs (! isNull buildScript) {
++ lib.optionals stdenv.isLinux (with pkgs.xorg; [ ++ lib.optionals stdenv.isLinux (with pkgs.xorg; [
libXi libXcursor libXrandr libXrender libXxf86vm libXcomposite libXext libXi libXcursor libXrandr libXrender libXxf86vm libXcomposite libXext
]) ])
++ [ pkgs.xorg.libX11 ])); ++ [ pkgs.xorg.libX11 pkgs.perl ]));
# Wine locates a lot of libraries dynamically through dlopen(). Add # Wine locates a lot of libraries dynamically through dlopen(). Add
# them to the RPATH so that the user doesn't have to set them in # them to the RPATH so that the user doesn't have to set them in

View File

@ -2,22 +2,23 @@
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
name = "i2c-tools-${version}"; name = "i2c-tools-${version}";
version = "4.0"; version = "4.1";
src = fetchurl { src = fetchurl {
url = "https://www.kernel.org/pub/software/utils/i2c-tools/${name}.tar.xz"; url = "https://www.kernel.org/pub/software/utils/i2c-tools/${name}.tar.xz";
sha256 = "1mi8mykvl89y6liinc9jv1x8m2q093wrdc2hm86a47n524fcl06r"; sha256 = "1m97hpwqfaqjl9xvr4pvz2vdrsdvxbcn0nnx8pamnyc3s7pikcjp";
}; };
buildInputs = [ perl ]; buildInputs = [ perl ];
patchPhase = '' postPatch = ''
substituteInPlace eeprom/decode-edid --replace "/usr/sbin/parse-edid" "${read-edid}/bin/parse-edid" substituteInPlace eeprom/decode-edid --replace "/usr/sbin/parse-edid" "${read-edid}/bin/parse-edid"
substituteInPlace stub/i2c-stub-from-dump --replace "/sbin/" "" substituteInPlace stub/i2c-stub-from-dump --replace "/sbin/" ""
''; '';
installPhase = '' makeFlags = [ "PREFIX=${placeholder "out"}" ];
make install prefix=$out
postInstall = ''
rm -rf $out/include # Installs include/linux/i2c-dev.h that conflics with kernel headers rm -rf $out/include # Installs include/linux/i2c-dev.h that conflics with kernel headers
''; '';

View File

@ -28,9 +28,9 @@ ${optionalString (stdenv.hostPlatform.platform.kernelArch == "x86_64") ''
# Reduce attack surface by disabling various emulations # Reduce attack surface by disabling various emulations
IA32_EMULATION n IA32_EMULATION n
X86_X32 n X86_X32 n
${optionalString (versionOlder version "4.17") '' # Note: this config depends on EXPERT y and so will not take effect, hence
MODIFY_LDT_SYSCALL? n # it is left "optional" for now.
''} MODIFY_LDT_SYSCALL? n
VMAP_STACK y # Catch kernel stack overflows VMAP_STACK y # Catch kernel stack overflows
@ -52,18 +52,23 @@ ${optionalString (versionOlder version "4.11") ''
DEBUG_SET_MODULE_RONX y DEBUG_SET_MODULE_RONX y
''} ''}
# Mark LSM hooks read-only after init. Conflicts with SECURITY_SELINUX_DISABLE # Mark LSM hooks read-only after init. SECURITY_WRITABLE_HOOKS n
# (disabling SELinux at runtime); hence, SELinux can only be disabled at boot # conflicts with SECURITY_SELINUX_DISABLE y; disabling the latter
# via the selinux=0 boot parameter. # implicitly marks LSM hooks read-only after init.
#
# SELinux can only be disabled at boot via selinux=0
#
# We set SECURITY_WRITABLE_HOOKS n primarily for documentation purposes; the
# config builder fails to detect that it has indeed been unset.
${optionalString (versionAtLeast version "4.12") '' ${optionalString (versionAtLeast version "4.12") ''
SECURITY_SELINUX_DISABLE n SECURITY_SELINUX_DISABLE n
''} SECURITY_WRITABLE_HOOKS? n
${optionalString ((versionAtLeast version "4.12") && (versionOlder version "4.17")) ''
SECURITY_WRITABLE_HOOKS n
''} ''}
DEBUG_WX y # boot-time warning on RWX mappings DEBUG_WX y # boot-time warning on RWX mappings
${optionalString (versionAtLeast version "4.11") ''
STRICT_KERNEL_RWX y
''}
# Stricter /dev/mem # Stricter /dev/mem
STRICT_DEVMEM? y STRICT_DEVMEM? y
@ -84,7 +89,7 @@ ${optionalString (versionAtLeast version "4.13") ''
# Perform usercopy bounds checking. # Perform usercopy bounds checking.
HARDENED_USERCOPY y HARDENED_USERCOPY y
${optionalString (versionAtLeast version "4.16") '' ${optionalString (versionAtLeast version "4.16") ''
HARDENED_USERCOPY_FALLBACK n HARDENED_USERCOPY_FALLBACK n # for full whitelist enforcement
''} ''}
# Randomize allocator freelists. # Randomize allocator freelists.
@ -94,6 +99,9 @@ ${optionalString (versionAtLeast version "4.14") ''
SLAB_FREELIST_HARDENED y SLAB_FREELIST_HARDENED y
''} ''}
# Allow enabling slub/slab free poisoning with slub_debug=P
SLUB_DEBUG y
# Wipe higher-level memory allocations on free() with page_poison=1 # Wipe higher-level memory allocations on free() with page_poison=1
PAGE_POISONING y PAGE_POISONING y
PAGE_POISONING_NO_SANITY y PAGE_POISONING_NO_SANITY y
@ -117,6 +125,11 @@ ${optionalString (versionAtLeast version "4.20") ''
GCC_PLUGIN_STACKLEAK y # A port of the PaX stackleak plugin GCC_PLUGIN_STACKLEAK y # A port of the PaX stackleak plugin
''} ''}
${optionalString (versionAtLeast version "4.13") ''
GCC_PLUGIN_RANDSTRUCT y # A port of the PaX randstruct plugin
GCC_PLUGIN_RANDSTRUCT_PERFORMANCE y
''}
# Disable various dangerous settings # Disable various dangerous settings
ACPI_CUSTOM_METHOD n # Allows writing directly to physical memory ACPI_CUSTOM_METHOD n # Allows writing directly to physical memory
PROC_KCORE n # Exposes kernel text image layout PROC_KCORE n # Exposes kernel text image layout

View File

@ -1,11 +1,11 @@
{ stdenv, fetchurl, gettext, bzip2 }: { stdenv, fetchurl, gettext, bzip2 }:
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
name = "sysstat-12.1.1"; name = "sysstat-12.1.2";
src = fetchurl { src = fetchurl {
url = "http://perso.orange.fr/sebastien.godard/${name}.tar.xz"; url = "http://perso.orange.fr/sebastien.godard/${name}.tar.xz";
sha256 = "0drrlv2fr64g5zf0a2bkla2rql4nmq4n192wvcr9r4zppg58d8k4"; sha256 = "0xiv70x4n24fcycvlq95lqgb3jwjxfzq61bnyqai57x54hhn46yp";
}; };
buildInputs = [ gettext ]; buildInputs = [ gettext ];

View File

@ -1,5 +1,5 @@
{ stdenv, fetchFromGitHub, python2Packages, { stdenv, fetchFromGitHub, python2Packages,
asciidoc, libxml2, libxslt, docbook_xsl }: asciidoc, cacert, libxml2, libxslt, docbook_xsl }:
python2Packages.buildPythonApplication rec { python2Packages.buildPythonApplication rec {
version = "7.2.2"; version = "7.2.2";
@ -15,6 +15,9 @@ python2Packages.buildPythonApplication rec {
postPatch = '' postPatch = ''
# Skip xmllint to stop failures due to no network access # Skip xmllint to stop failures due to no network access
sed -i docs/Makefile -e "s|a2x -v -d |a2x -L -v -d |" sed -i docs/Makefile -e "s|a2x -v -d |a2x -L -v -d |"
# Provide CA certificates (Used when "sslcacertfile = OS-DEFAULT" is configured")
sed -i offlineimap/utils/distro.py -e '/def get_os_sslcertfile():/a\ \ \ \ return "${cacert}/etc/ssl/certs/ca-bundle.crt"'
''; '';
doCheck = false; doCheck = false;

View File

@ -4,13 +4,13 @@
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
pname = "stubby"; pname = "stubby";
name = "${pname}-${version}"; name = "${pname}-${version}";
version = "0.2.3"; version = "0.2.4";
src = fetchFromGitHub { src = fetchFromGitHub {
owner = "getdnsapi"; owner = "getdnsapi";
repo = pname; repo = pname;
rev = "v${version}"; rev = "v${version}";
sha256 = "1n02dj1hvh0aml54asxj42f0j9wfgiyavbh0gr0j9lm4f2xcd60w"; sha256 = "1c0jqbxcrwc8kvpx7v0bmdladf20myyi2672r2r87m2q0jvsmgpr";
}; };
nativeBuildInputs = [ libtool m4 libbsd libyaml autoreconfHook ]; nativeBuildInputs = [ libtool m4 libbsd libyaml autoreconfHook ];

View File

@ -3,79 +3,73 @@
}: }:
let let
afl-qemu = callPackage ./qemu.nix {}; afl-qemu = callPackage ./qemu.nix { inherit afl; };
qemu-exe-name = if stdenv.hostPlatform.system == "x86_64-linux" then "qemu-x86_64" qemu-exe-name = if stdenv.hostPlatform.system == "x86_64-linux" then "qemu-x86_64"
else if stdenv.hostPlatform.system == "i686-linux" then "qemu-i386" else if stdenv.hostPlatform.system == "i686-linux" then "qemu-i386"
else throw "afl: no support for ${stdenv.hostPlatform.system}!"; else throw "afl: no support for ${stdenv.hostPlatform.system}!";
in afl = stdenv.mkDerivation rec {
name = "afl-${version}";
version = "2.52b";
stdenv.mkDerivation rec { src = fetchurl {
name = "afl-${version}"; url = "http://lcamtuf.coredump.cx/afl/releases/${name}.tgz";
version = "2.52b"; sha256 = "0ig0ij4n1pwry5dw1hk4q88801jzzy2cric6y2gd6560j55lnqa3";
};
enableParallelBuilding = true;
src = fetchurl { # Note: libcgroup isn't needed for building, just for the afl-cgroup
url = "http://lcamtuf.coredump.cx/afl/releases/${name}.tgz"; # script.
sha256 = "0ig0ij4n1pwry5dw1hk4q88801jzzy2cric6y2gd6560j55lnqa3"; nativeBuildInputs = [ makeWrapper which ];
}; buildInputs = [ llvm ];
# Note: libcgroup isn't needed for building, just for the afl-cgroup makeFlags = [ "PREFIX=$(out)" ];
# script. postBuild = ''
buildInputs = [ makeWrapper llvm which ]; make -C llvm_mode $makeFlags -j$NIX_BUILD_CORES
buildPhase = ''
make PREFIX=$out
cd llvm_mode
make PREFIX=$out
cd ..
'';
installPhase = ''
# Do the normal installation
make install PREFIX=$out
# Install the custom QEMU emulator for binary blob fuzzing.
cp ${afl-qemu}/bin/${qemu-exe-name} $out/bin/afl-qemu-trace
# Install the cgroups wrapper for asan-based fuzzing.
cp experimental/asan_cgroups/limit_memory.sh $out/bin/afl-cgroup
chmod +x $out/bin/afl-cgroup
substituteInPlace $out/bin/afl-cgroup \
--replace "cgcreate" "${libcgroup}/bin/cgcreate" \
--replace "cgexec" "${libcgroup}/bin/cgexec" \
--replace "cgdelete" "${libcgroup}/bin/cgdelete"
# Patch shebangs before wrapping
patchShebangs $out/bin
# Wrap afl-clang-fast(++) with a *different* AFL_PATH, because it
# has totally different semantics in that case(?) - and also set a
# proper AFL_CC and AFL_CXX so we don't pick up the wrong one out
# of $PATH.
for x in $out/bin/afl-clang-fast $out/bin/afl-clang-fast++; do
wrapProgram $x \
--prefix AFL_PATH : "$out/lib/afl" \
--run 'export AFL_CC=''${AFL_CC:-${clang}/bin/clang} AFL_CXX=''${AFL_CXX:-${clang}/bin/clang++}'
done
'';
passthru = {
qemu = afl-qemu;
};
meta = {
description = "Powerful fuzzer via genetic algorithms and instrumentation";
longDescription = ''
American fuzzy lop is a fuzzer that employs a novel type of
compile-time instrumentation and genetic algorithms to
automatically discover clean, interesting test cases that
trigger new internal states in the targeted binary. This
substantially improves the functional coverage for the fuzzed
code. The compact synthesized corpora produced by the tool are
also useful for seeding other, more labor or resource-intensive
testing regimes down the road.
''; '';
homepage = "http://lcamtuf.coredump.cx/afl/"; postInstall = ''
license = stdenv.lib.licenses.asl20; # Install the custom QEMU emulator for binary blob fuzzing.
platforms = ["x86_64-linux" "i686-linux"]; cp ${afl-qemu}/bin/${qemu-exe-name} $out/bin/afl-qemu-trace
maintainers = [ stdenv.lib.maintainers.thoughtpolice ];
# Install the cgroups wrapper for asan-based fuzzing.
cp experimental/asan_cgroups/limit_memory.sh $out/bin/afl-cgroup
chmod +x $out/bin/afl-cgroup
substituteInPlace $out/bin/afl-cgroup \
--replace "cgcreate" "${libcgroup}/bin/cgcreate" \
--replace "cgexec" "${libcgroup}/bin/cgexec" \
--replace "cgdelete" "${libcgroup}/bin/cgdelete"
# Patch shebangs before wrapping
patchShebangs $out/bin
# Wrap afl-clang-fast(++) with a *different* AFL_PATH, because it
# has totally different semantics in that case(?) - and also set a
# proper AFL_CC and AFL_CXX so we don't pick up the wrong one out
# of $PATH.
for x in $out/bin/afl-clang-fast $out/bin/afl-clang-fast++; do
wrapProgram $x \
--prefix AFL_PATH : "$out/lib/afl" \
--run 'export AFL_CC=''${AFL_CC:-${clang}/bin/clang} AFL_CXX=''${AFL_CXX:-${clang}/bin/clang++}'
done
'';
passthru.qemu = afl-qemu;
meta = {
description = "Powerful fuzzer via genetic algorithms and instrumentation";
longDescription = ''
American fuzzy lop is a fuzzer that employs a novel type of
compile-time instrumentation and genetic algorithms to
automatically discover clean, interesting test cases that
trigger new internal states in the targeted binary. This
substantially improves the functional coverage for the fuzzed
code. The compact synthesized corpora produced by the tool are
also useful for seeding other, more labor or resource-intensive
testing regimes down the road.
'';
homepage = "http://lcamtuf.coredump.cx/afl/";
license = stdenv.lib.licenses.asl20;
platforms = ["x86_64-linux" "i686-linux"];
maintainers = [ stdenv.lib.maintainers.thoughtpolice ];
};
}; };
} in afl

View File

@ -1,335 +0,0 @@
/*
american fuzzy lop - vaguely configurable bits
----------------------------------------------
Written and maintained by Michal Zalewski <lcamtuf@google.com>
Copyright 2013, 2014, 2015 Google Inc. All rights reserved.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at:
http://www.apache.org/licenses/LICENSE-2.0
*/
#ifndef _HAVE_CONFIG_H
#define _HAVE_CONFIG_H
#include "afl-types.h"
/******************************************************
* *
* Settings that may be of interest to power users: *
* *
******************************************************/
/* Comment out to disable terminal colors: */
#define USE_COLOR
/* Comment out to disable fancy ANSI boxes and use poor man's 7-bit UI: */
#define FANCY_BOXES
/* Default timeout for fuzzed code (milliseconds): */
#define EXEC_TIMEOUT 1000
/* Timeout rounding factor when auto-scaling (milliseconds): */
#define EXEC_TM_ROUND 20
/* Default memory limit for child process (MB): */
#ifndef __x86_64__
# define MEM_LIMIT 25
#else
# define MEM_LIMIT 50
#endif /* ^!__x86_64__ */
/* Default memory limit when running in QEMU mode (MB): */
#define MEM_LIMIT_QEMU 200
/* Number of calibration cycles per every new test case (and for test
cases that show variable behavior): */
#define CAL_CYCLES 10
#define CAL_CYCLES_LONG 40
/* The same, but when AFL_NO_VAR_CHECK is set in the environment: */
#define CAL_CYCLES_NO_VAR 4
/* Number of subsequent hangs before abandoning an input file: */
#define HANG_LIMIT 250
/* Maximum number of unique hangs or crashes to record: */
#define KEEP_UNIQUE_HANG 500
#define KEEP_UNIQUE_CRASH 5000
/* Baseline number of random tweaks during a single 'havoc' stage: */
#define HAVOC_CYCLES 5000
/* Maximum multiplier for the above (should be a power of two, beware
of 32-bit int overflows): */
#define HAVOC_MAX_MULT 16
/* Absolute minimum number of havoc cycles (after all adjustments): */
#define HAVOC_MIN 10
/* Maximum stacking for havoc-stage tweaks. The actual value is calculated
like this:
n = random between 1 and HAVOC_STACK_POW2
stacking = 2^n
In other words, the default (n = 7) produces 2, 4, 8, 16, 32, 64, or
128 stacked tweaks: */
#define HAVOC_STACK_POW2 7
/* Caps on block sizes for cloning and deletion operations. Each of these
ranges has a 33% probability of getting picked, except for the first
two cycles where smaller blocks are favored: */
#define HAVOC_BLK_SMALL 32
#define HAVOC_BLK_MEDIUM 128
#define HAVOC_BLK_LARGE 1500
/* Probabilities of skipping non-favored entries in the queue, expressed as
percentages: */
#define SKIP_TO_NEW_PROB 99 /* ...when there are new, pending favorites */
#define SKIP_NFAV_OLD_PROB 95 /* ...no new favs, cur entry already fuzzed */
#define SKIP_NFAV_NEW_PROB 75 /* ...no new favs, cur entry not fuzzed yet */
/* Splicing cycle count: */
#define SPLICE_CYCLES 20
/* Nominal per-splice havoc cycle length: */
#define SPLICE_HAVOC 500
/* Maximum offset for integer addition / subtraction stages: */
#define ARITH_MAX 35
/* Limits for the test case trimmer. The absolute minimum chunk size; and
the starting and ending divisors for chopping up the input file: */
#define TRIM_MIN_BYTES 4
#define TRIM_START_STEPS 16
#define TRIM_END_STEPS 1024
/* Maximum size of input file, in bytes (keep under 100MB): */
#define MAX_FILE (1 * 1024 * 1024)
/* The same, for the test case minimizer: */
#define TMIN_MAX_FILE (10 * 1024 * 1024)
/* Block normalization steps for afl-tmin: */
#define TMIN_SET_MIN_SIZE 4
#define TMIN_SET_STEPS 128
/* Maximum dictionary token size (-x), in bytes: */
#define MAX_DICT_FILE 128
/* Length limits for auto-detected dictionary tokens: */
#define MIN_AUTO_EXTRA 3
#define MAX_AUTO_EXTRA 32
/* Maximum number of user-specified dictionary tokens to use in deterministic
steps; past this point, the "extras/user" step will be still carried out,
but with proportionally lower odds: */
#define MAX_DET_EXTRAS 200
/* Maximum number of auto-extracted dictionary tokens to actually use in fuzzing
(first value), and to keep in memory as candidates. The latter should be much
higher than the former. */
#define USE_AUTO_EXTRAS 50
#define MAX_AUTO_EXTRAS (USE_AUTO_EXTRAS * 10)
/* Scaling factor for the effector map used to skip some of the more
expensive deterministic steps. The actual divisor is set to
2^EFF_MAP_SCALE2 bytes: */
#define EFF_MAP_SCALE2 3
/* Minimum input file length at which the effector logic kicks in: */
#define EFF_MIN_LEN 128
/* Maximum effector density past which everything is just fuzzed
unconditionally (%): */
#define EFF_MAX_PERC 90
/* UI refresh frequency (Hz): */
#define UI_TARGET_HZ 5
/* Fuzzer stats file and plot update intervals (sec): */
#define STATS_UPDATE_SEC 60
#define PLOT_UPDATE_SEC 5
/* Smoothing divisor for CPU load and exec speed stats (1 - no smoothing). */
#define AVG_SMOOTHING 16
/* Sync interval (every n havoc cycles): */
#define SYNC_INTERVAL 5
/* Output directory reuse grace period (minutes): */
#define OUTPUT_GRACE 25
/* Uncomment to use simple file names (id_NNNNNN): */
// #define SIMPLE_FILES
/* List of interesting values to use in fuzzing. */
#define INTERESTING_8 \
-128, /* Overflow signed 8-bit when decremented */ \
-1, /* */ \
0, /* */ \
1, /* */ \
16, /* One-off with common buffer size */ \
32, /* One-off with common buffer size */ \
64, /* One-off with common buffer size */ \
100, /* One-off with common buffer size */ \
127 /* Overflow signed 8-bit when incremented */
#define INTERESTING_16 \
-32768, /* Overflow signed 16-bit when decremented */ \
-129, /* Overflow signed 8-bit */ \
128, /* Overflow signed 8-bit */ \
255, /* Overflow unsig 8-bit when incremented */ \
256, /* Overflow unsig 8-bit */ \
512, /* One-off with common buffer size */ \
1000, /* One-off with common buffer size */ \
1024, /* One-off with common buffer size */ \
4096, /* One-off with common buffer size */ \
32767 /* Overflow signed 16-bit when incremented */
#define INTERESTING_32 \
-2147483648LL, /* Overflow signed 32-bit when decremented */ \
-100663046, /* Large negative number (endian-agnostic) */ \
-32769, /* Overflow signed 16-bit */ \
32768, /* Overflow signed 16-bit */ \
65535, /* Overflow unsig 16-bit when incremented */ \
65536, /* Overflow unsig 16 bit */ \
100663045, /* Large positive number (endian-agnostic) */ \
2147483647 /* Overflow signed 32-bit when incremented */
/***********************************************************
* *
* Really exotic stuff you probably don't want to touch: *
* *
***********************************************************/
/* Call count interval between reseeding the libc PRNG from /dev/urandom: */
#define RESEED_RNG 10000
/* Maximum line length passed from GCC to 'as' and used for parsing
configuration files: */
#define MAX_LINE 8192
/* Environment variable used to pass SHM ID to the called program. */
#define SHM_ENV_VAR "__AFL_SHM_ID"
/* Other less interesting, internal-only variables. */
#define CLANG_ENV_VAR "__AFL_CLANG_MODE"
#define AS_LOOP_ENV_VAR "__AFL_AS_LOOPCHECK"
/* Distinctive bitmap signature used to indicate failed execution: */
#define EXEC_FAIL_SIG 0xfee1dead
/* Distinctive exit code used to indicate MSAN trip condition: */
#define MSAN_ERROR 86
/* Designated file descriptors for forkserver commands (the application will
use FORKSRV_FD and FORKSRV_FD + 1): */
#define FORKSRV_FD 198
/* Fork server init timeout multiplier: we'll wait the user-selected
timeout plus this much for the fork server to spin up. */
#define FORK_WAIT_MULT 10
/* Calibration timeout adjustments, to be a bit more generous when resuming
fuzzing sessions or trying to calibrate already-added internal finds.
The first value is a percentage, the other is in milliseconds: */
#define CAL_TMOUT_PERC 125
#define CAL_TMOUT_ADD 50
/* Number of chances to calibrate a case before giving up: */
#define CAL_CHANCES 3
/* Map size for the traced binary (2^MAP_SIZE_POW2). Must be greater than
2; you probably want to keep it under 18 or so for performance reasons
(adjusting AFL_INST_RATIO when compiling is probably a better way to solve
problems with complex programs). You need to recompile the target binary
after changing this - otherwise, SEGVs may ensue. */
#define MAP_SIZE_POW2 16
#define MAP_SIZE (1 << MAP_SIZE_POW2)
/* Maximum allocator request size (keep well under INT_MAX): */
#define MAX_ALLOC 0x40000000
/* A made-up hashing seed: */
#define HASH_CONST 0xa5b35705
/* Constants for afl-gotcpu to control busy loop timing: */
#define CTEST_TARGET_MS 5000
#define CTEST_BUSY_CYCLES (10 * 1000 * 1000)
/* Uncomment this to use inferior block-coverage-based instrumentation. Note
that you need to recompile the target binary for this to have any effect: */
// #define COVERAGE_ONLY
/* Uncomment this to ignore hit counts and output just one bit per tuple.
As with the previous setting, you will need to recompile the target
binary: */
// #define SKIP_COUNTS
/* Uncomment this to use instrumentation data to record newly discovered paths,
but do not use them as seeds for fuzzing. This is useful for conveniently
measuring coverage that could be attained by a "dumb" fuzzing algorithm: */
// #define IGNORE_FINDS
#endif /* ! _HAVE_CONFIG_H */

View File

@ -1,296 +0,0 @@
/*
american fuzzy lop - high-performance binary-only instrumentation
-----------------------------------------------------------------
Written by Andrew Griffiths <agriffiths@google.com> and
Michal Zalewski <lcamtuf@google.com>
Idea & design very much by Andrew Griffiths.
Copyright 2015 Google Inc. All rights reserved.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at:
http://www.apache.org/licenses/LICENSE-2.0
This code is a shim patched into the separately-distributed source
code of QEMU 2.2.0. It leverages the built-in QEMU tracing functionality
to implement AFL-style instrumentation and to take care of the remaining
parts of the AFL fork server logic.
The resulting QEMU binary is essentially a standalone instrumentation
tool; for an example of how to leverage it for other purposes, you can
have a look at afl-showmap.c.
*/
#include <sys/shm.h>
#include "afl-config.h"
/***************************
* VARIOUS AUXILIARY STUFF *
***************************/
/* A snippet patched into tb_find_slow to inform the parent process that
we have hit a new block that hasn't been translated yet, and to tell
it to translate within its own context, too (this avoids translation
overhead in the next forked-off copy). */
#define AFL_QEMU_CPU_SNIPPET1 do { \
afl_request_tsl(pc, cs_base, flags); \
} while (0)
/* This snippet kicks in when the instruction pointer is positioned at
_start and does the usual forkserver stuff, not very different from
regular instrumentation injected via afl-as.h. */
#define AFL_QEMU_CPU_SNIPPET2 do { \
if(tb->pc == afl_entry_point) { \
afl_setup(); \
afl_forkserver(env); \
} \
afl_maybe_log(tb->pc); \
} while (0)
/* We use one additional file descriptor to relay "needs translation"
messages between the child and the fork server. */
#define TSL_FD (FORKSRV_FD - 1)
/* This is equivalent to afl-as.h: */
static unsigned char *afl_area_ptr;
/* Exported variables populated by the code patched into elfload.c: */
abi_ulong afl_entry_point, /* ELF entry point (_start) */
afl_start_code, /* .text start pointer */
afl_end_code; /* .text end pointer */
/* Set in the child process in forkserver mode: */
static unsigned char afl_fork_child;
unsigned int afl_forksrv_pid;
/* Instrumentation ratio: */
static unsigned int afl_inst_rms = MAP_SIZE;
/* Function declarations. */
static void afl_setup(void);
static void afl_forkserver(CPUArchState*);
static inline void afl_maybe_log(abi_ulong);
static void afl_wait_tsl(CPUArchState*, int);
static void afl_request_tsl(target_ulong, target_ulong, uint64_t);
static TranslationBlock *tb_find_slow(CPUArchState*, target_ulong,
target_ulong, uint64_t);
/* Data structure passed around by the translate handlers: */
struct afl_tsl {
target_ulong pc;
target_ulong cs_base;
uint64_t flags;
};
/*************************
* ACTUAL IMPLEMENTATION *
*************************/
/* Set up SHM region and initialize other stuff. */
static void afl_setup(void) {
char *id_str = getenv(SHM_ENV_VAR),
*inst_r = getenv("AFL_INST_RATIO");
int shm_id;
if (inst_r) {
unsigned int r;
r = atoi(inst_r);
if (r > 100) r = 100;
if (!r) r = 1;
afl_inst_rms = MAP_SIZE * r / 100;
}
if (id_str) {
shm_id = atoi(id_str);
afl_area_ptr = shmat(shm_id, NULL, 0);
if (afl_area_ptr == (void*)-1) exit(1);
/* With AFL_INST_RATIO set to a low value, we want to touch the bitmap
so that the parent doesn't give up on us. */
if (inst_r) afl_area_ptr[0] = 1;
}
if (getenv("AFL_INST_LIBS")) {
afl_start_code = 0;
afl_end_code = (abi_ulong)-1;
}
}
/* Fork server logic, invoked once we hit _start. */
static void afl_forkserver(CPUArchState *env) {
static unsigned char tmp[4];
if (!afl_area_ptr) return;
/* Tell the parent that we're alive. If the parent doesn't want
to talk, assume that we're not running in forkserver mode. */
if (write(FORKSRV_FD + 1, tmp, 4) != 4) return;
afl_forksrv_pid = getpid();
/* All right, let's await orders... */
while (1) {
pid_t child_pid;
int status, t_fd[2];
/* Whoops, parent dead? */
if (read(FORKSRV_FD, tmp, 4) != 4) exit(2);
/* Establish a channel with child to grab translation commands. We'll
read from t_fd[0], child will write to TSL_FD. */
if (pipe(t_fd) || dup2(t_fd[1], TSL_FD) < 0) exit(3);
close(t_fd[1]);
child_pid = fork();
if (child_pid < 0) exit(4);
if (!child_pid) {
/* Child process. Close descriptors and run free. */
afl_fork_child = 1;
close(FORKSRV_FD);
close(FORKSRV_FD + 1);
close(t_fd[0]);
return;
}
/* Parent. */
close(TSL_FD);
if (write(FORKSRV_FD + 1, &child_pid, 4) != 4) exit(5);
/* Collect translation requests until child dies and closes the pipe. */
afl_wait_tsl(env, t_fd[0]);
/* Get and relay exit status to parent. */
if (waitpid(child_pid, &status, WUNTRACED) < 0) exit(6);
if (write(FORKSRV_FD + 1, &status, 4) != 4) exit(7);
}
}
/* The equivalent of the tuple logging routine from afl-as.h. */
static inline void afl_maybe_log(abi_ulong cur_loc) {
static abi_ulong prev_loc;
/* Optimize for cur_loc > afl_end_code, which is the most likely case on
Linux systems. */
if (cur_loc > afl_end_code || cur_loc < afl_start_code || !afl_area_ptr)
return;
/* Looks like QEMU always maps to fixed locations, so we can skip this:
cur_loc -= afl_start_code; */
/* Instruction addresses may be aligned. Let's mangle the value to get
something quasi-uniform. */
cur_loc = (cur_loc >> 4) ^ (cur_loc << 8);
cur_loc &= MAP_SIZE - 1;
/* Implement probabilistic instrumentation by looking at scrambled block
address. This keeps the instrumented locations stable across runs. */
if (cur_loc >= afl_inst_rms) return;
afl_area_ptr[cur_loc ^ prev_loc]++;
prev_loc = cur_loc >> 1;
}
/* This code is invoked whenever QEMU decides that it doesn't have a
translation of a particular block and needs to compute it. When this happens,
we tell the parent to mirror the operation, so that the next fork() has a
cached copy. */
static void afl_request_tsl(target_ulong pc, target_ulong cb, uint64_t flags) {
struct afl_tsl t;
if (!afl_fork_child) return;
t.pc = pc;
t.cs_base = cb;
t.flags = flags;
if (write(TSL_FD, &t, sizeof(struct afl_tsl)) != sizeof(struct afl_tsl))
return;
}
/* This is the other side of the same channel. Since timeouts are handled by
afl-fuzz simply killing the child, we can just wait until the pipe breaks. */
static void afl_wait_tsl(CPUArchState *env, int fd) {
struct afl_tsl t;
while (1) {
/* Broken pipe means it's time to return to the fork server routine. */
if (read(fd, &t, sizeof(struct afl_tsl)) != sizeof(struct afl_tsl))
break;
tb_find_slow(env, t.pc, t.cs_base, t.flags);
}
close(fd);
}

View File

@ -1,79 +0,0 @@
/*
american fuzzy lop - type definitions and minor macros
------------------------------------------------------
Written and maintained by Michal Zalewski <lcamtuf@google.com>
Copyright 2013, 2014, 2015 Google Inc. All rights reserved.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at:
http://www.apache.org/licenses/LICENSE-2.0
*/
#ifndef _HAVE_TYPES_H
#define _HAVE_TYPES_H
#include <stdint.h>
#include <stdlib.h>
typedef uint8_t u8;
typedef uint16_t u16;
typedef uint32_t u32;
/*
Ugh. There is an unintended compiler / glibc #include glitch caused by
combining the u64 type an %llu in format strings, necessitating a workaround.
In essence, the compiler is always looking for 'unsigned long long' for %llu.
On 32-bit systems, the u64 type (aliased to uint64_t) is expanded to
'unsigned long long' in <bits/types.h>, so everything checks out.
But on 64-bit systems, it is #ifdef'ed in the same file as 'unsigned long'.
Now, it only happens in circumstances where the type happens to have the
expected bit width, *but* the compiler does not know that... and complains
about 'unsigned long' being unsafe to pass to %llu.
*/
#ifdef __x86_64__
typedef unsigned long long u64;
#else
typedef uint64_t u64;
#endif /* ^sizeof(...) */
typedef int8_t s8;
typedef int16_t s16;
typedef int32_t s32;
typedef int64_t s64;
#ifndef MIN
# define MIN(_a,_b) ((_a) > (_b) ? (_b) : (_a))
# define MAX(_a,_b) ((_a) > (_b) ? (_a) : (_b))
#endif /* !MIN */
#define SWAP16(_x) ({ \
u16 _ret = (_x); \
(u16)((_ret << 8) | (_ret >> 8)); \
})
#define SWAP32(_x) ({ \
u32 _ret = (_x); \
(u32)((_ret << 24) | (_ret >> 24) | \
((_ret << 8) & 0x00FF0000) | \
((_ret >> 8) & 0x0000FF00)); \
})
#define R(x) (random() % (x))
#define STRINGIFY_INTERNAL(x) #x
#define STRINGIFY(x) STRINGIFY_INTERNAL(x)
#define MEM_BARRIER() \
asm volatile("" ::: "memory")
#endif /* ! _HAVE_TYPES_H */

View File

@ -1,33 +0,0 @@
--- qemu-2.3.0/cpu-exec.c.orig 2014-12-09 14:45:40.000000000 +0000
+++ qemu-2.3.0/cpu-exec.c 2015-02-20 22:07:02.966000000 +0000
@@ -28,6 +28,8 @@
#include "exec/memory-internal.h"
#include "qemu/rcu.h"
+#include "afl-qemu-cpu-inl.h"
+
/* -icount align implementation. */
typedef struct SyncClocks {
@@ -296,8 +298,11 @@
}
not_found:
/* if no translated code available, then translate it now */
+
tb = tb_gen_code(cpu, pc, cs_base, flags, 0);
+ AFL_QEMU_CPU_SNIPPET1;
+
found:
/* Move the last found TB to the head of the list */
if (likely(*ptb1)) {
@@ -492,6 +497,9 @@
next_tb = 0;
tcg_ctx.tb_ctx.tb_invalidated_flag = 0;
}
+
+ AFL_QEMU_CPU_SNIPPET2;
+
if (qemu_loglevel_mask(CPU_LOG_EXEC)) {
qemu_log("Trace %p [" TARGET_FMT_lx "] %s\n",
tb->tc_ptr, tb->pc, lookup_symbol(tb->pc));

View File

@ -1,32 +0,0 @@
--- qemu-2.3.0/linux-user/elfload.c.orig 2014-12-09 14:45:42.000000000 +0000
+++ qemu-2.3.0/linux-user/elfload.c 2015-01-28 02:51:23.719000000 +0000
@@ -28,6 +28,8 @@
#define ELF_OSABI ELFOSABI_SYSV
+extern abi_ulong afl_entry_point, afl_start_code, afl_end_code;
+
/* from personality.h */
/*
@@ -1889,6 +1891,8 @@
info->brk = 0;
info->elf_flags = ehdr->e_flags;
+ if (!afl_entry_point) afl_entry_point = info->entry;
+
for (i = 0; i < ehdr->e_phnum; i++) {
struct elf_phdr *eppnt = phdr + i;
if (eppnt->p_type == PT_LOAD) {
@@ -1922,9 +1926,11 @@
if (elf_prot & PROT_EXEC) {
if (vaddr < info->start_code) {
info->start_code = vaddr;
+ if (!afl_start_code) afl_start_code = vaddr;
}
if (vaddr_ef > info->end_code) {
info->end_code = vaddr_ef;
+ if (!afl_end_code) afl_end_code = vaddr_ef;
}
}
if (elf_prot & PROT_WRITE) {

View File

@ -2,13 +2,12 @@ diff --git a/Makefile b/Makefile
index d6b9dc1..ce7c493 100644 index d6b9dc1..ce7c493 100644
--- a/Makefile --- a/Makefile
+++ b/Makefile +++ b/Makefile
@@ -384,8 +384,7 @@ install-confdir: @@ -601,7 +601,7 @@ install-localstatedir:
install-sysconfig: install-datadir install-confdir endif
$(INSTALL_DATA) $(SRC_PATH)/sysconfigs/target/target-x86_64.conf "$(DESTDIR)$(qemu_confdir)"
-install: all $(if $(BUILD_DOCS),install-doc) install-sysconfig \
-install-datadir install-localstatedir -install: all $(if $(BUILD_DOCS),install-doc) install-datadir install-localstatedir
+install: all $(if $(BUILD_DOCS),install-doc) install-datadir +install: all $(if $(BUILD_DOCS),install-doc) install-datadir
ifneq ($(TOOLS),) ifneq ($(TOOLS),)
$(call install-prog,$(TOOLS),$(DESTDIR)$(bindir)) $(call install-prog,$(subst qemu-ga,qemu-ga$(EXESUF),$(TOOLS)),$(DESTDIR)$(bindir))
endif endif

View File

@ -0,0 +1,28 @@
A modified version of qemu commit 75e5b70e6b5dcc4f2219992d7cffa462aa406af0
diff --git a/configure b/configure
index 9c8aa5a..99ccc17 100755
--- a/configure
+++ b/configure
@@ -3855,7 +3855,7 @@ fi
# check if memfd is supported
memfd=no
cat > $TMPC << EOF
-#include <sys/memfd.h>
+#include <sys/mman.h>
int main(void)
{
diff --git a/util/memfd.c b/util/memfd.c
index 4571d1a..412e94a 100644
--- a/util/memfd.c
+++ b/util/memfd.c
@@ -31,9 +31,7 @@
#include "qemu/memfd.h"
-#ifdef CONFIG_MEMFD
-#include <sys/memfd.h>
-#elif defined CONFIG_LINUX
+#if defined CONFIG_LINUX && !defined CONFIG_MEMFD
#include <sys/syscall.h>
#include <asm/unistd.h>

View File

@ -1,121 +0,0 @@
diff --git a/user-exec.c b/user-exec.c
index 8f57e8a..957f9f7 100644
--- a/user-exec.c
+++ b/user-exec.c
@@ -57,7 +57,7 @@ static void exception_action(CPUState *cpu)
void cpu_resume_from_signal(CPUState *cpu, void *puc)
{
#ifdef __linux__
- struct ucontext *uc = puc;
+ ucontext_t *uc = puc;
#elif defined(__OpenBSD__)
struct sigcontext *uc = puc;
#endif
@@ -171,7 +171,7 @@ int cpu_signal_handler(int host_signum, void *pinfo,
#elif defined(__OpenBSD__)
struct sigcontext *uc = puc;
#else
- struct ucontext *uc = puc;
+ ucontext_t *uc = puc;
#endif
unsigned long pc;
int trapno;
@@ -226,7 +226,7 @@ int cpu_signal_handler(int host_signum, void *pinfo,
#elif defined(__OpenBSD__)
struct sigcontext *uc = puc;
#else
- struct ucontext *uc = puc;
+ ucontext_t *uc = puc;
#endif
pc = PC_sig(uc);
@@ -288,7 +288,7 @@ int cpu_signal_handler(int host_signum, void *pinfo,
#ifdef __APPLE__
#include <sys/ucontext.h>
-typedef struct ucontext SIGCONTEXT;
+typedef ucontext_t SIGCONTEXT;
/* All Registers access - only for local access */
#define REG_sig(reg_name, context) \
((context)->uc_mcontext->ss.reg_name)
@@ -331,7 +331,7 @@ int cpu_signal_handler(int host_signum, void *pinfo,
#if defined(__FreeBSD__) || defined(__FreeBSD_kernel__)
ucontext_t *uc = puc;
#else
- struct ucontext *uc = puc;
+ ucontext_t *uc = puc;
#endif
unsigned long pc;
int is_write;
@@ -358,7 +358,7 @@ int cpu_signal_handler(int host_signum, void *pinfo,
void *puc)
{
siginfo_t *info = pinfo;
- struct ucontext *uc = puc;
+ ucontext_t *uc = puc;
uint32_t *pc = uc->uc_mcontext.sc_pc;
uint32_t insn = *pc;
int is_write = 0;
@@ -456,7 +456,7 @@ int cpu_signal_handler(int host_signum, void *pinfo,
#if defined(__NetBSD__)
ucontext_t *uc = puc;
#else
- struct ucontext *uc = puc;
+ ucontext_t *uc = puc;
#endif
unsigned long pc;
int is_write;
@@ -483,7 +483,7 @@ int cpu_signal_handler(int host_signum, void *pinfo,
int cpu_signal_handler(int host_signum, void *pinfo, void *puc)
{
siginfo_t *info = pinfo;
- struct ucontext *uc = puc;
+ ucontext_t *uc = puc;
uintptr_t pc = uc->uc_mcontext.pc;
uint32_t insn = *(uint32_t *)pc;
bool is_write;
@@ -512,7 +512,7 @@ int cpu_signal_handler(int host_signum, void *pinfo,
void *puc)
{
siginfo_t *info = pinfo;
- struct ucontext *uc = puc;
+ ucontext_t *uc = puc;
unsigned long pc;
int is_write;
@@ -534,7 +534,7 @@ int cpu_signal_handler(int host_signum, void *pinfo,
int cpu_signal_handler(int host_signum, void *pinfo, void *puc)
{
siginfo_t *info = pinfo;
- struct ucontext *uc = puc;
+ ucontext_t *uc = puc;
unsigned long ip;
int is_write = 0;
@@ -565,7 +565,7 @@ int cpu_signal_handler(int host_signum, void *pinfo,
void *puc)
{
siginfo_t *info = pinfo;
- struct ucontext *uc = puc;
+ ucontext_t *uc = puc;
unsigned long pc;
uint16_t *pinsn;
int is_write = 0;
@@ -618,7 +618,7 @@ int cpu_signal_handler(int host_signum, void *pinfo,
void *puc)
{
siginfo_t *info = pinfo;
- struct ucontext *uc = puc;
+ ucontext_t *uc = puc;
greg_t pc = uc->uc_mcontext.pc;
int is_write;
@@ -634,7 +634,7 @@ int cpu_signal_handler(int host_signum, void *pinfo,
void *puc)
{
siginfo_t *info = pinfo;
- struct ucontext *uc = puc;
+ ucontext_t *uc = puc;
unsigned long pc = uc->uc_mcontext.sc_iaoq[0];
uint32_t insn = *(uint32_t *)pc;
int is_write = 0;

View File

@ -1,25 +0,0 @@
--- qemu-2.3.0/linux-user/syscall.c.orig 2014-12-09 14:45:43.000000000 +0000
+++ qemu-2.3.0/linux-user/syscall.c 2015-03-27 06:33:00.736000000 +0000
@@ -227,7 +227,21 @@
_syscall3(int,sys_rt_sigqueueinfo,int,pid,int,sig,siginfo_t *,uinfo)
_syscall3(int,sys_syslog,int,type,char*,bufp,int,len)
#if defined(TARGET_NR_tgkill) && defined(__NR_tgkill)
-_syscall3(int,sys_tgkill,int,tgid,int,pid,int,sig)
+
+extern unsigned int afl_forksrv_pid;
+
+static int sys_tgkill(int tgid, int pid, int sig) {
+
+ /* Workaround for -lpthread to make abort() work properly, without
+ killing the forkserver due to a prematurely cached PID. */
+
+ if (afl_forksrv_pid && afl_forksrv_pid == pid && sig == SIGABRT)
+ pid = tgid = getpid();
+
+ return syscall(__NR_sys_tgkill, pid, tgid, sig);
+
+}
+
#endif
#if defined(TARGET_NR_tkill) && defined(__NR_tkill)
_syscall2(int,sys_tkill,int,tid,int,sig)

View File

@ -1,18 +0,0 @@
--- qemu-2.3.0/translate-all.c.orig 2014-12-09 14:45:46.000000000 +0000
+++ qemu-2.3.0/translate-all.c 2015-01-28 22:37:42.383000000 +0000
@@ -393,8 +393,13 @@
/* We can't use g_malloc because it may recurse into a locked mutex. */
# define ALLOC(P, SIZE) \
do { \
- P = mmap(NULL, SIZE, PROT_READ | PROT_WRITE, \
- MAP_PRIVATE | MAP_ANONYMOUS, -1, 0); \
+ void* _tmp = mmap(NULL, SIZE, PROT_READ | PROT_WRITE, \
+ MAP_PRIVATE | MAP_ANONYMOUS, -1, 0); \
+ if (_tmp == (void*)-1) { \
+ qemu_log(">>> Out of memory for stack, bailing out. <<<\n"); \
+ exit(1); \
+ } \
+ (P) = _tmp; \
} while (0)
#else
# define ALLOC(P, SIZE) \

View File

@ -1,4 +1,4 @@
{ stdenv, fetchurl, python2, zlib, pkgconfig, glib, ncurses, perl { stdenv, fetchurl, afl, python2, zlib, pkgconfig, glib, ncurses, perl
, attr, libcap, vde2, texinfo, libuuid, flex, bison, lzo, snappy , attr, libcap, vde2, texinfo, libuuid, flex, bison, lzo, snappy
, libaio, libcap_ng, gnutls, pixman, autoconf , libaio, libcap_ng, gnutls, pixman, autoconf
, writeText , writeText
@ -7,59 +7,65 @@
with stdenv.lib; with stdenv.lib;
let let
n = "qemu-2.3.0"; qemuName = "qemu-2.10.0";
aflName = afl.name;
aflHeaderFile = writeText "afl-qemu-cpu-inl.h"
(builtins.readFile ./qemu-patches/afl-qemu-cpu-inl.h);
aflConfigFile = writeText "afl-config.h"
(builtins.readFile ./qemu-patches/afl-config.h);
aflTypesFile = writeText "afl-types.h"
(builtins.readFile ./qemu-patches/afl-types.h);
cpuTarget = if stdenv.hostPlatform.system == "x86_64-linux" then "x86_64-linux-user" cpuTarget = if stdenv.hostPlatform.system == "x86_64-linux" then "x86_64-linux-user"
else if stdenv.hostPlatform.system == "i686-linux" then "i386-linux-user" else if stdenv.hostPlatform.system == "i686-linux" then "i386-linux-user"
else throw "afl: no support for ${stdenv.hostPlatform.system}!"; else throw "afl: no support for ${stdenv.hostPlatform.system}!";
in in
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
name = "afl-${n}"; name = "afl-${qemuName}";
src = fetchurl { srcs = [
url = "http://wiki.qemu.org/download/${n}.tar.bz2"; (fetchurl {
sha256 = "120m53c3p28qxmfzllicjzr8syjv6v4d9rsyrgkp7gnmcgvvgfmn"; url = "http://wiki.qemu.org/download/${qemuName}.tar.bz2";
}; sha256 = "0j3dfxzrzdp1w21k21fjvmakzc6lcha1rsclaicwqvbf63hkk7vy";
})
afl.src
];
buildInputs = sourceRoot = qemuName;
[ python2 zlib pkgconfig glib pixman ncurses perl attr libcap
vde2 texinfo libuuid flex bison lzo snappy autoconf postUnpack = ''
libcap_ng gnutls cp ${aflName}/types.h $sourceRoot/afl-types.h
] substitute ${aflName}/config.h $sourceRoot/afl-config.h \
++ optionals (hasSuffix "linux" stdenv.hostPlatform.system) [ libaio ]; --replace "types.h" "afl-types.h"
substitute ${aflName}/qemu_mode/patches/afl-qemu-cpu-inl.h $sourceRoot/afl-qemu-cpu-inl.h \
--replace "../../config.h" "afl-config.h"
substituteInPlace ${aflName}/qemu_mode/patches/cpu-exec.diff \
--replace "../patches/afl-qemu-cpu-inl.h" "afl-qemu-cpu-inl.h"
'';
nativeBuildInputs = [
python2 perl pkgconfig flex bison autoconf texinfo
];
buildInputs = [
zlib glib pixman ncurses attr libcap
vde2 libuuid lzo snappy libcap_ng gnutls
] ++ optionals (stdenv.isLinux) [ libaio ];
enableParallelBuilding = true; enableParallelBuilding = true;
patches = patches = [
[ ./qemu-patches/elfload.patch # patches extracted from afl source
./qemu-patches/cpu-exec.patch "../${aflName}/qemu_mode/patches/cpu-exec.diff"
./qemu-patches/no-etc-install.patch "../${aflName}/qemu_mode/patches/elfload.diff"
./qemu-patches/translate-all.patch "../${aflName}/qemu_mode/patches/syscall.diff"
./qemu-patches/syscall.patch # nix-specific patches to make installation more well-behaved
./qemu-patches/qemu-2.3.0-glibc-2.26.patch ./qemu-patches/no-etc-install.patch
]; ./qemu-patches/qemu-2.10.0-glibc-2.27.patch
];
preConfigure = ''
cp ${aflTypesFile} afl-types.h
cp ${aflConfigFile} afl-config.h
cp ${aflHeaderFile} afl-qemu-cpu-inl.h
'';
configureFlags = configureFlags =
[ "--disable-system" [ "--disable-system"
"--enable-linux-user" "--enable-linux-user"
"--enable-guest-base"
"--disable-gtk" "--disable-gtk"
"--disable-sdl" "--disable-sdl"
"--disable-vnc" "--disable-vnc"
"--target-list=${cpuTarget}" "--target-list=${cpuTarget}"
"--enable-pie"
"--enable-kvm"
"--sysconfdir=/etc" "--sysconfdir=/etc"
"--localstatedir=/var" "--localstatedir=/var"
]; ];

View File

@ -1,23 +1,17 @@
{ stdenv, fetchFromGitHub, bash }: { stdenv, fetchFromGitHub, libcap, acl }:
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
name = "bfs-${version}"; name = "bfs-${version}";
version = "1.2.4"; version = "1.3.1";
src = fetchFromGitHub { src = fetchFromGitHub {
repo = "bfs"; repo = "bfs";
owner = "tavianator"; owner = "tavianator";
rev = version; rev = version;
sha256 = "0nxx2njjp04ik6msfmf07hprw0j88wg04m0q1sf17mhkliw2d78s"; sha256 = "0gv9hrcsz7miv40v6wmkmb1a58ji5d1dlgwq6gwczd8rzlmhddmc";
}; };
postPatch = '' buildInputs = stdenv.lib.optionals stdenv.isLinux [ libcap acl ];
# Patch tests (both shebangs and usage in scripts)
for f in $(find -type f -name '*.sh'); do
substituteInPlace $f --replace "/bin/bash" "${bash}/bin/bash"
done
'';
doCheck = true;
makeFlags = [ "PREFIX=$(out)" ]; makeFlags = [ "PREFIX=$(out)" ];
buildFlags = [ "release" ]; # "release" enables compiler optimizations buildFlags = [ "release" ]; # "release" enables compiler optimizations
@ -30,7 +24,7 @@ stdenv.mkDerivation rec {
''; '';
homepage = https://github.com/tavianator/bfs; homepage = https://github.com/tavianator/bfs;
license = licenses.bsd0; license = licenses.bsd0;
platforms = platforms.linux; platforms = platforms.unix;
maintainers = with maintainers; [ yesbox ]; maintainers = with maintainers; [ yesbox ];
}; };
} }

View File

@ -8837,6 +8837,7 @@ in
minify = callPackage ../development/web/minify { }; minify = callPackage ../development/web/minify { };
minizinc = callPackage ../development/tools/minizinc { }; minizinc = callPackage ../development/tools/minizinc { };
minizincide = qt5.callPackage ../development/tools/minizinc/ide.nix { };
mk = callPackage ../development/tools/build-managers/mk { }; mk = callPackage ../development/tools/build-managers/mk { };
@ -13475,7 +13476,7 @@ in
clamsmtp = callPackage ../servers/mail/clamsmtp { }; clamsmtp = callPackage ../servers/mail/clamsmtp { };
clickhouse = callPackage ../servers/clickhouse { clickhouse = callPackage ../servers/clickhouse {
inherit (llvmPackages_6) clang-unwrapped lld llvm; inherit (llvmPackages_latest) clang-unwrapped lld llvm;
}; };
couchdb = callPackage ../servers/http/couchdb { couchdb = callPackage ../servers/http/couchdb {
@ -20402,7 +20403,9 @@ in
angband = callPackage ../games/angband { }; angband = callPackage ../games/angband { };
anki = python3Packages.callPackage ../games/anki { }; anki = python3Packages.callPackage ../games/anki {
inherit (darwin.apple_sdk.frameworks) CoreAudio;
};
armagetronad = callPackage ../games/armagetronad { }; armagetronad = callPackage ../games/armagetronad { };

View File

@ -1732,7 +1732,11 @@ in {
gateone = callPackage ../development/python-modules/gateone { }; gateone = callPackage ../development/python-modules/gateone { };
gcutil = callPackage ../development/python-modules/gcutil { }; # TODO: Remove after 19.03 is branched off:
gcutil = throw ''
pythonPackages.gcutil is deprecated and can be replaced with "gcloud
compute" from the package google-cloud-sdk.
'';
GeoIP = callPackage ../development/python-modules/GeoIP { }; GeoIP = callPackage ../development/python-modules/GeoIP { };
@ -2295,6 +2299,8 @@ in {
dtopt = callPackage ../development/python-modules/dtopt { }; dtopt = callPackage ../development/python-modules/dtopt { };
easywatch = callPackage ../development/python-modules/easywatch { };
ecdsa = callPackage ../development/python-modules/ecdsa { }; ecdsa = callPackage ../development/python-modules/ecdsa { };
effect = callPackage ../development/python-modules/effect {}; effect = callPackage ../development/python-modules/effect {};
@ -4000,6 +4006,8 @@ in {
sqlalchemy_migrate = callPackage ../development/python-modules/sqlalchemy-migrate { }; sqlalchemy_migrate = callPackage ../development/python-modules/sqlalchemy-migrate { };
staticjinja = callPackage ../development/python-modules/staticjinja { };
statsmodels = callPackage ../development/python-modules/statsmodels { }; statsmodels = callPackage ../development/python-modules/statsmodels { };
structlog = callPackage ../development/python-modules/structlog { }; structlog = callPackage ../development/python-modules/structlog { };