The indentation stripping semantics of strings are fairly bad and have a
few gotchas where the resulting string has not the intended indentation.
This commit fixes most if not all such instances in Nixpkgs.
I tried to strive a balance between keeping the diff small and
reformatting/refactoring the code to look better. In general,
reformatting should be left to Nixfmt.
Note that this causes a lot of rebuilds by design. All changes need to
be thoroughly vetted and reviewed for correctness. There is no automatic
way to prove correctness.
List of files to fix generated by running
https://gerrit.lix.systems/c/lix/+/2092 on Nixpkgs and looking at the
warnings.
The nixpkgs-unstable channel's programs.sqlite was used to identify
packages producing exactly one binary, and these automatically added
to their package definitions wherever possible.
checkInputs used to be added to nativeBuildInputs. Now we have
nativeCheckInputs to do that instead. Doing this treewide change allows
to keep hashes identical to before the introduction of
nativeCheckInputs.
cgit cannot serve patches with stable hashes, so store these patches
in-tree. cgit community discussion about this problem:
https://lists.zx2c4.com/pipermail/cgit/2017-February/003470.html
We pull the patches in-tree rather than strip cgit footers with fetchpatch
because per https://github.com/NixOS/nixpkgs/pull/61471#issuecomment-493218587
dependencies of fetchpatch cannot use fetchpatch.
Verification that the only difference between the live page, the
patch committed here, and the version cached under the old hash at
tarballs.nixos.org is the cgit version footer:
$ curl -s -L http://tarballs.nixos.org/sha256/"$(nix-hash --type sha256 --to-base16 0iw0lk0yhnhvfjzal48ij6zdr92mgb84jq7fwryy1hdhi47hhq64)" > Allow_input_files_to_be_missing_for_ed-style_patches.patch
$ diff -U0 --label cgit-live <( curl -s -L https://git.savannah.gnu.org/cgit/patch.git/patch/?id=b5a91a01e5d0897facdd0f49d64b76b0f02b43e1 ) Allow_input_files_to_be_missing_for_ed-style_patches.patch
--- cgit-live
+++ Allow_input_files_to_be_missing_for_ed-style_patches.patch 2020-01-29 17:22:00.077312937 -0800
@@ -32 +32 @@
-cgit v1.2.1
+cgit v1.0-41-gc330
$ curl -s -L http://tarballs.nixos.org/sha256/"$(nix-hash --type sha256 --to-base16 1bpy16n3hm5nv9xkrn6c4wglzsdzj3ss1biq16w9kfv48p4hx2vg)" > CVE-2018-1000156.patch
$ diff -U0 --label cgit-live <( curl -s -L https://git.savannah.gnu.org/cgit/patch.git/patch/?id=123eaff0d5d1aebe128295959435b9ca5909c26d ) CVE-2018-1000156.patch
--- cgit-live
+++ CVE-2018-1000156.patch 2020-01-29 17:23:41.021116969 -0800
@@ -210 +210 @@
-cgit v1.2.1
+cgit v1.0-41-gc330
In anticipation of what I outline in #33599, I only simplify exactly those
`doCheck`s which are equal to `hostPlatform != buildPlatform`. I also stick a
comment next to them so I can grep for them later.
at the time of building the stdenv (because there !(stdenv ? glibc)).
I changed that to stdenv.isDarwin, in a guess that it may work for those who
experienced problems with the last patch release.
svn path=/nixpkgs/branches/stdenv-updates/; revision=24171
URLs to http://nix.cs.uu.nl/dist/tarballs. With content-addressable
mirror support (r9190, NIXPKGS-70) this is no longer necessary:
fetchurl will try to download from that location automatically. So
we can keep the original URLs.
svn path=/nixpkgs/trunk/; revision=9192
