The build for this package was failing due to failing tests that were caused by a breaking change in a dependency. The requirements.txt for this package does not pin specific versions so it was trying to build with the new version of the dependency and failing. This commit overrides the version of the dependency that is used to build the package.
This fixes the build:
```
ERROR: Could not find a version that satisfies the requirement img2pdf<0.4,>=0.3.0 (from ocrmypdf==10.3.0) (from versions: none)
ERROR: No matching distribution found for img2pdf<0.4,>=0.3.0 (from ocrmypdf==10.3.0)
builder for '/nix/store/1ggj5wwl92xickc7w5hfl3zrjfscxnf1-ocrmypdf-10.3.0.drv' failed with exit code 1
error: build of '/nix/store/1ggj5wwl92xickc7w5hfl3zrjfscxnf1-ocrmypdf-10.3.0.drv' failed
```
Related:
- 9fc5e7e473
- 593e11fd94
- 508ae42a0f
Since the last time I ran this script, the Repology API changed, so I had to
adapt the script used in the previous PR. The new API should be more robust, so
overall this is a positive (no more grepping the error messages for our relevant
data but just a nice json structure).
Here's the new script I used:
```sh
curl https://repology.org/api/v1/repository/nix_unstable/problems \
| jq -r '.[] | select(.type == "homepage_permanent_https_redirect") | .data | "s@\(.url)@\(.target)@"' \
| sort | uniq | tee script.sed
find -name '*.nix' | xargs -P4 -- sed -f script.sed -i
```
I will also add this script to `maintainers/scripts`.
This removes the spidermonkey alias and renames it in the packages still
using it
Not sure if we need it in aliases.nix since just about nothing depends
on it anymore
Additionally considering removal should be a good choice, it's at least
insecure so it should get tagged as such
After making `ffmpeg` point to the latest `ffmpeg_4`, all packages that
used `ffmpeg` without requiring a specific version now use ffmpeg_3
explicitly so they shouldn't change.
This package was added in 2017, then never updated, and no longer builds.
While upstream does have a newer release at version 0.1.9, this doesn't build
with the latest rustc either, and was last released in 2018:
https://github.com/tshlabs/staccato/releases
Since the upstream package just has 1 contributor, and the package in Nix has no
maintainer and is not building or updated, let's just delete it.
Switch from buildGoPackage to buildGoModule
According to documentation, buildGoPackage is designed for legacy Go
packages which do not support go.mod, while "vale" do support it.
Includes some bugfixes/cleanups to the scripts and packaging, a run of the
updater, a bump of the version, an upgrade to the newer cargo fetcher in #79975,
and gets the web assembly portion to compile successfully.
Fixes#75863
Changes the default fetcher in the Rust Platform to be the newer
`fetchCargoTarball`, and changes every application using the current default to
instead opt out.
This commit does not change any hashes or cause any rebuilds. Once integrated,
we will start deleting the opt-outs and recomputing hashes.
See #79975 for details.
LD_LIBRARY_PATH isn't expanded properly in makeFlags, so move it to
preBuild.
Fixes: 3cd8ce3bce ("treewide: Fix unsafe concatenation of $LD_LIBRARY_PATH")
cgit cannot serve patches with stable hashes, so store these patches
in-tree. cgit community discussion about this problem:
https://lists.zx2c4.com/pipermail/cgit/2017-February/003470.html
We pull the patches in-tree rather than strip cgit footers with fetchpatch
because per https://github.com/NixOS/nixpkgs/pull/61471#issuecomment-493218587
dependencies of fetchpatch cannot use fetchpatch.
Verification that the only difference between the live page, the
patch committed here, and the version cached under the old hash at
tarballs.nixos.org is the cgit version footer:
$ curl -s -L http://tarballs.nixos.org/sha256/"$(nix-hash --type sha256 --to-base16 0iw0lk0yhnhvfjzal48ij6zdr92mgb84jq7fwryy1hdhi47hhq64)" > Allow_input_files_to_be_missing_for_ed-style_patches.patch
$ diff -U0 --label cgit-live <( curl -s -L https://git.savannah.gnu.org/cgit/patch.git/patch/?id=b5a91a01e5d0897facdd0f49d64b76b0f02b43e1 ) Allow_input_files_to_be_missing_for_ed-style_patches.patch
--- cgit-live
+++ Allow_input_files_to_be_missing_for_ed-style_patches.patch 2020-01-29 17:22:00.077312937 -0800
@@ -32 +32 @@
-cgit v1.2.1
+cgit v1.0-41-gc330
$ curl -s -L http://tarballs.nixos.org/sha256/"$(nix-hash --type sha256 --to-base16 1bpy16n3hm5nv9xkrn6c4wglzsdzj3ss1biq16w9kfv48p4hx2vg)" > CVE-2018-1000156.patch
$ diff -U0 --label cgit-live <( curl -s -L https://git.savannah.gnu.org/cgit/patch.git/patch/?id=123eaff0d5d1aebe128295959435b9ca5909c26d ) CVE-2018-1000156.patch
--- cgit-live
+++ CVE-2018-1000156.patch 2020-01-29 17:23:41.021116969 -0800
@@ -210 +210 @@
-cgit v1.2.1
+cgit v1.0-41-gc330
Upstream announcement:
https://lists.gnu.org/archive/html/info-gnu/2020-01/msg00002.html
For the lazy:
> * Noteworthy changes in release 4.8 (2020-01-14) [stable]
>
> ** Bug fixes
>
> "sed -i" now creates temporary files with correct umask (limited to u=rwx).
> Previously sed would incorrectly set umask on temporary files, resulting
> in problems under certain fuse-like file systems.
> [bug introduced in sed 4.2.1]
>
> ** Release
>
> distribute gzip-compressed tarballs once again
>
> ** Improvements
>
> a year's worth of gnulib development, including improved DFA performance
Signed-off-by: Matthias Beyer <mail@beyermatthias.de>
Change the source from dag.wieers.com to github, which seems to
officially host the source code of the project now.
Update unoconv from 0.6 to 0.8.2, which includes several important
changes.
Delete the patch, since it has already become part of the project.
Naive concatenation of $LD_LIBRARY_PATH can result in an empty
colon-delimited segment; this tells glibc to load libraries from the
current directory, which is definitely wrong, and may be a security
vulnerability if the current directory is untrusted. (See #67234, for
example.) Fix this throughout the tree.
Signed-off-by: Anders Kaseorg <andersk@mit.edu>
https://hydra.nixos.org/build/108321871https://hydra.nixos.org/build/108556036
Things done:
* SSE2 isn't available for the aarch64-target of GCC (the package builds
on aarch64 without those flags and works fine as well).
* Added missing darwin libraries.
* Applied a darwin-specific patch which disables i386 as target platform
(breaks at least on MacOS catalina otherwise).
Idea shamelessly stolen from 4e60b0efae.
I realized that I don't really know anymore where I'm listed as maintainer and what
I'm actually (co)-maintaining which means that I can't proactively take
care of packages I officially maintain.
As I don't have the time, energy and motivation to take care of stuff I
was interested in 1 or 2 years ago (or packaged for someone else in the
past), I decided that I make this explicit by removing myself from several
packages and adding myself in some other stuff I'm now interested in.
I've seen it several times now that people remove themselves from a
package without removing the package if it's unmaintained after that
which is why I figured that it's fine in my case as the affected pkgs
are rather low-prio and were pretty easy to maintain.