In preparation for the deprecation of `stdenv.isX`.
These shorthands are not conducive to cross-compilation because they
hide the platforms.
Darwin might get cross-compilation for which the continued usage of `stdenv.isDarwin` will get in the way
One example of why this is bad and especially affects compiler packages
https://www.github.com/NixOS/nixpkgs/pull/343059
There are too many files to go through manually but a treewide should
get users thinking when they see a `hostPlatform.isX` in a place where it
doesn't make sense.
```
fd --type f "\.nix" | xargs sd --fixed-strings "stdenv.is" "stdenv.hostPlatform.is"
fd --type f "\.nix" | xargs sd --fixed-strings "stdenv'.is" "stdenv'.hostPlatform.is"
fd --type f "\.nix" | xargs sd --fixed-strings "clangStdenv.is" "clangStdenv.hostPlatform.is"
fd --type f "\.nix" | xargs sd --fixed-strings "gccStdenv.is" "gccStdenv.hostPlatform.is"
fd --type f "\.nix" | xargs sd --fixed-strings "stdenvNoCC.is" "stdenvNoCC.hostPlatform.is"
fd --type f "\.nix" | xargs sd --fixed-strings "inherit (stdenv) is" "inherit (stdenv.hostPlatform) is"
fd --type f "\.nix" | xargs sd --fixed-strings "buildStdenv.is" "buildStdenv.hostPlatform.is"
fd --type f "\.nix" | xargs sd --fixed-strings "effectiveStdenv.is" "effectiveStdenv.hostPlatform.is"
fd --type f "\.nix" | xargs sd --fixed-strings "originalStdenv.is" "originalStdenv.hostPlatform.is"
```
since the repo at gitlab.fredesktop.org is archived, it's likely safer
to pull down this patch into nixpkgs directly. in case the archived repo
vanishes in the future.
in the new release the meson option `systemdsystemunitdir` is broken by
the new `sysusers.d` code in `meson.build`. we fix this by setting both
of these pkg-config variables through environment variables.
Changes: https://github.com/polkit-org/polkit/compare/123...124
It the polkit post-install, the files that are supposed to live under /etc and
/run/current-system/sw/share have to be merged into the package at the correct
location. Previously, rsync was used for this job. By being a bit careful about
the ordering, it is possible to use plain mv instead. The main advantage is
that the number of transitive reverse dependencies of rsync is reduced
significantly, so rsync changes will no longer need to go through staging.
This makes gsettings-desktop-schemas, harfbuzz, json-glib, and
libsecret buildable statically, and is still the right thing to do
everywhere else even where it's not a complete fix.
Since b2f9cd34e7 ("gobject-introspection: use wrapper.nix for the
native package too so we can propagate the dev output"),
gobject-introspection doesn't need to be included in buildInputs when
it's in nativeBuildInputs, as it's propagated from the setup hook.
Removing the build input fixes evaluation in buildPackages when
cross-compiling to platforms that gobject-introspection is unsupported
on, like ghcjs.
Tested building natively on x86_64-linux, in
pkgsCross.aarch64-multiplatform, and in pkgsCross.ghcjs.buildPackages.
Many packages have some kind of flag indicating whether or not to build with
systemd support. Most of these default to `stdenv.isLinux`, but systemd does
not build on (and is marked `broken` for) `isStatic`. Only a few packages have
the needed `&& !isStatic` in the default value for their parameter.
This commit moves the logic for the default value of these flags into
`systemd.meta.{platforms,badPlatforms}` and evaluates those conditions using
`lib.meta.availableOn`.
This provides three benefits:
1. The default values are set correctly (i.e. including `&& isStatic`)
2. The default values are set consistently
3. The way is paved for any future non-Linux systemd platforms (FreeBSD is
reported to have experimental systemd support)
checkInputs used to be added to nativeBuildInputs. Now we have
nativeCheckInputs to do that instead. Doing this treewide change allows
to keep hashes identical to before the introduction of
nativeCheckInputs.
I got this error when setting doCheck=false:
chmod: cannot access 'subprojects/mocklibc-1.0/bin/mocklibc': No such file or directory
The chmod only happens when not building under pkgsMusl, but it doesn't
seem to be related to musl. Instead, it seems that mocklibc only gets
unpacked when -Dtests=true?
This would explain why under musl the same error would happen (since under
musl, tests are disabled).
Co-authored-by: Robin Gloster <mail@glob.in>
stdenv: print message if structuredAttrs is enabled
stdenv: add _append
reduces the chance of a user doing it wrong
fix nix develop issue
output hooks don't work yet in nix develop though
making $outputs be the same on non-structuredAttrs and structuredAttrs
is too much trouble.
lets instead make a function that gets the output names
reading environment file '/nix/store/2x7m69a2sm2kh0r6v0q5s9z1dh41m4xf-xz-5.2.5-env-bin'
nix: src/nix/develop.cc:299: std::string Common::makeRcScript(nix::ref<nix::Store>, const BuildEnvironment&, const Path&): Assertion `outputs != buildEnvironment.vars.end()' failed.
use a function to get all output names instead of using $outputs
copy env functionality from https://github.com/NixOS/nixpkgs/pull/76732/commits
While polkit is supposedly cross-platform, the test suite requires
a Linux-specific package (to test the D-Bus functionality). Since the
build fails when disabling the test, this effectively limits the
platform to just Linux.
> We discovered a Local Privilege Escalation (from any user to root) in
> polkit's pkexec, a SUID-root program that is installed by default on
> every major Linux distribution
https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt
Fixes: CVE-2021-4034
(It was requested by them.)
I left one case due to fetching from their personal repo:
pkgs/desktops/pantheon/desktop/extra-elementary-contracts/default.nix
continuation of #109595
pkgconfig was aliased in 2018, however, it remained in
all-packages.nix due to its wide usage. This cleans
up the remaining references to pkgs.pkgsconfig and
moves the entry to aliases.nix.
python3Packages.pkgconfig remained unchanged because
it's the canonical name of the upstream package
on pypi.
gobject-introspection doesn't currently cross-compile (see
https://github.com/NixOS/nixpkgs/pull/88222), but polkit is somewhat
essential for many system components.
By disabling gobject-introspection when cross-compiling, we get it to
build.
