we've skipped a bunch of upstream releases because they were mostly
targeting the google spanner database backend, debian docker images
that needed updates, or fixes for bugs introduced in any of the two
other things. 0.17.0 ships an update to the cryptograpy module deps
we have anyway due to how our packages are built, but we also don't
want to get picked up by vuln scanners that do not know about this.
Nixos policy is not to ping home by default, so make the update check
default to false.
It can still be re-enabled by config or env var if required:
- `check-for-app-update: true` in a `.syft.yaml`
- SYFT_CHECK_FOR_APP_UPDATE=true
This can be verified by checking for network connections when
trying to scan a non-existing file (or `toolbox-data.anchore.io` dns
requests):
`strace -f -e connect syft scan a 2>&1 | grep AF_INET`
https://github.com/bergercookie/syncall
Bi-directional synchronization between services such as Taskwarrior, Google Calendar, Notion, Asana, and more
tooling.
- merge libcxxabi into libcxx for LLVM 12, 13, 14, 15, 16, 17, and git.
- remove the link time workaround `-lc++ -lc++abi` from 58 packages as it is no longer required.
- fixes https://github.com/NixOS/nixpkgs/issues/166205
- provides alternative fixes for. https://github.com/NixOS/nixpkgs/issues/269548https://github.com/NixOS/nix/issues/9640
- pkgsCross.x86_64-freebsd builds work again
This change can be represented in 3 stages
1. merge libcxxabi into libcxx -- files: pkgs/development/compilers/llvm/[12, git]/{libcxx, libcxxabi}
2. update stdenv to account for merge -- files: stdenv.{adapters, cc.wrapper, darwin}
3. remove all references to libcxxabi outside of llvm (about 58 packages modified)
### merging libcxxabi into libcxx
- take the union of the libcxxabi and libcxx cmake flags
- eliminate the libcxx-headers-only package - it was only needed to break libcxx <-> libcxxabi circular dependency
- libcxx.cxxabi is removed. external cxxabi (freebsd) will symlink headers / libs into libcxx.
- darwin will re-export the libcxxabi symbols into libcxx so linking `-lc++` is sufficient.
- linux/freebsd `libc++.so` is a linker script `LINK(libc++.so.1, -lc++abi)` making `-lc++` sufficient.
- libcxx/default.nix [12, 17] are identical except for patches and `LIBCXX_ADDITIONAL_LIBRARIES` (only used in 16+)
- git/libcxx/defaul.nix does not link with -nostdlib when useLLVM is true so flag is removed. this is not much different than before as libcxxabi used -nostdlib where libcxx did not, so libc was linked in anyway.
### stdenv changes
- darwin bootstrap, remove references to libcxxabi and cxxabi
- cc-wrapper: remove c++ link workaround when libcxx.cxxabi doesn't exist (still exists for LLVM pre 12)
- adapter: update overrideLibcxx to account for a pkgs.stdenv that only has libcxx
### 58 package updates
- remove `NIX_LDFLAGS = "-l${stdenv.cc.libcxx.cxxabi.libName}` as no longer needed
- swift, nodejs_v8 remove libcxxabi references in the clang override
https://github.com/NixOS/nixpkgs/pull/292043
According to Nixpkgs manual[1] and NixOS 23.11 Release Note[2], the
`sourceRoot` attribute passed to `stdenv.mkDerivation` should be
specified as `"${src.name}"` or `"${src.name}/subdir"` when `src` is
produced using `fetchgit`-based fetchers.
`sourceRoot = "source"` or `sourceRoot = "source/subdir"` is based on
the assumption that the `name` attribute of these pre-unpacked fetchers
are always `"source"`, which is not the case. Expecting constant `name`
also makes the source FODs prone to irrelevent hashes during version
bumps.
[1]: https://nixos.org/manual/nixpkgs/unstable/#var-stdenv-sourceRoot
[2]: https://nixos.org/manual/nixos/stable/release-notes#sec-release-23.11
Reverts NixOS/nixpkgs#269620
- eab0837b68 caused a mass-rebuild on master
- self-merge on a critical package without review and not waiting for the active owner team
Below are the reverts of the commits from that PR
Revert "systemd: migrate to by-name"
This reverts commit 33d2a40d67.
Revert "systemd: add meta.longDescription"
This reverts commit 7c588d141d.
Revert "systemd: cosmetic rewording of code"
This reverts commit d91b8d9fcb.
Revert "systemd: cosmetic rewording of comments"
This reverts commit bc563998c0.
Revert "systemd: remove some redundancy on mesonFlags"
This reverts commit eab0837b68.
Revert "systemd: use lib.meson* functions"
This reverts commit 1129756b1a.
