Commit Graph

222272 Commits

Author SHA1 Message Date
Matthew Bauer
fcf33e2499 scs: breaks on 64bit blas 2020-04-17 16:24:31 -05:00
Matthew Bauer
98fb0ede70 arrayfire: remove mkl
This is unfree.
2020-04-17 16:24:30 -05:00
Matthew Bauer
d83e9c9573 setup-hooks/audit-blas.sh: init
Add a simple hook that makes sure blas and lapack are linked to the
right place.
2020-04-17 16:24:25 -05:00
Matthew Bauer
7841b4290f pkgs/release-alternatives.nix: create
Add some ability to test the different BLAS/LAPACK implementations
together.
2020-04-17 16:24:16 -05:00
Matthew Bauer
1c8aba8334 treewide: use blas and lapack
This makes packages use lapack and blas, which can wrap different
BLAS/LAPACK implementations.

treewide: cleanup from blas/lapack changes

A few issues in the original treewide:

- can’t assume blas64 is a bool
- unused commented code
2020-04-17 16:24:09 -05:00
Matthew Bauer
43873351ff blas/lapack: add wrapper for “alternative”s of BLAS/LAPACK provider
This is based on previous work for switching between BLAS and LAPACK
implementation in Debian[1] and Gentoo[2]. The goal is to have one way
to depend on the BLAS/LAPACK libraries that all packages must use. The
attrs “blas” and “lapack” are used to represent a wrapped BLAS/LAPACK
provider. Derivations that don’t care how BLAS and LAPACK are
implemented can just use blas and lapack directly. If you do care what
you get (perhaps for some CPP), you should verify that blas and lapack
match what you expect with an assertion.

The “blas” package collides with the old “blas” reference
implementation. This has been renamed to “blas-reference”. In
addition, “lapack-reference” is also included, corresponding to
“liblapack” from Netlib.org.

Currently, there are 3 providers of the BLAS and LAPACK interfaces:

- lapack-reference: the BLAS/LAPACK implementation maintained by netlib.org
- OpenBLAS: an optimized version of BLAS and LAPACK
- MKL: Intel’s unfree but highly optimized BLAS/LAPACK implementation

By default, the above implementations all use the “LP64” BLAS and
LAPACK ABI. This corresponds to “openblasCompat” and is the safest way
to use BLAS/LAPACK. You may received some benefits from “ILP64” or
8-byte integer BLAS at the expense of breaking compatibility with some
packages.

This can be switched at build time with an override like:

    import <nixpkgs> {
        config.allowUnfree = true;
        overlays = [(self: super: {
          lapack = super.lapack.override {
            lapackProvider = super.lapack-reference;
          };
          blas = super.blas.override {
            blasProvider = super.lapack-reference;
          };
        })];
      }

or, switched at runtime via LD_LIBRARY_PATH like:

    $ LD_LIBRARY_PATH=$(nix-build -E '(with import <nixpkgs> {}).lapack.override { lapackProvider = pkgs.mkl; is64bit = true; })')/lib:$(nix-build -E '(with import <nixpkgs> {}).blas.override { blasProvider = pkgs.mkl; is64bit = true; })')/lib ./your-blas-linked-binary

By default, we use OpenBLAS LP64 also known in Nixpkgs as
openblasCompat.

[1]: https://wiki.debian.org/DebianScience/LinearAlgebraLibraries
[2]: https://wiki.gentoo.org/wiki/Blas-lapack-switch
2020-04-17 16:23:55 -05:00
Matthew Bauer
90326ba624 lapack: enable shared libraries, cblas, and tests 2020-04-17 16:17:12 -05:00
adisbladis
04afb68ad7
systemfd: init at 0.3.0 2020-04-17 22:10:18 +01:00
Peter Simons
10100a97c8 ghc-8.10.x: add plenty of overrides to fix builds 2020-04-17 22:50:43 +02:00
Ismaël Bouya
8e88b8dce2
nixos/acme: Fix postRun in acme certificate being ran at every run 2020-04-17 22:16:50 +02:00
Maximilian Bosch
135ae45d24
grocy: 2.7.0 -> 2.7.1
https://github.com/grocy/grocy/releases/tag/v2.7.1
2020-04-17 22:02:28 +02:00
Mario Rodas
2f33062f53 flow: 0.122.0 -> 0.123.0
Changelog: https://github.com/facebook/flow/releases/tag/v0.123.0
2020-04-17 22:00:54 +02:00
Graham Christensen
e42312e354
Merge pull request #85183 from Xe/zig-0.6.0
zig: upgrade to 0.6.0
2020-04-17 15:17:45 -04:00
Peter Simons
e9687df24a
Merge pull request #85178 from NixOS/haskell-updates
Update Haskell package set to LTS 15.8 (plus other fixes)
2020-04-17 21:02:58 +02:00
Matthieu Coudron
839263d558 termpdf.py: init at 2019-09-30
This is a pdf reader for the terminal kitty.
2020-04-17 21:01:17 +02:00
Matthieu Coudron
c881dd5e68 pythonPackages.pagelabels: init at 1.2.0
Used in termpdf I want to package.
2020-04-17 21:01:17 +02:00
Matthieu Coudron
c0a498b5d5 pythonPackages.pdfrw: init at 0.4.0 2020-04-17 21:01:17 +02:00
Anders Kaseorg
4fdc455543
mesa-demos: init at 8.4.0 (#74310)
* mesa-demos: init at 8.4.0

Signed-off-by: Anders Kaseorg <andersk@mit.edu>

* Update pkgs/tools/graphics/mesa-demos/default.nix

Co-Authored-By: Doron Behar <doron.behar@gmail.com>
2020-04-17 14:00:48 -05:00
Peter Simons
783af05bbb all-cabal-hashes: update to Hackage at 2020-04-17T17:47:53Z 2020-04-17 20:56:52 +02:00
Peter Simons
d6aedf7bcd haskell-ghc-lib-parser-ex: fix build with GHC versions prior to 8.8.x 2020-04-17 20:50:48 +02:00
Guillaume Bouchard
abc4f961b4 haskellPackages.ghcWithPackages: fix for GHC 8.10
This closes #79441.

ghcWithPackages is using `ghc-pkg recache` to build its package
database. By doing so, it overrides the `package.cache[.lock]` files.

Details are unclear, but GHC 8.10 changed a bit the behavior.
Previously, it was unconditionally replacing the files by new ones. Now
it tries to open (for modification) the files. These files are symlinks
to another nix derivation, which is hence read-only.

This commit removes the files before running `ghc-pkg recache`, hence it
will just write the new files.

Tested with `haskellPackages.ghcWithPackages` (i.e. GHC 8.8) and
`haskell.packages.ghc8101.ghcWithPackages` (i.e GHC 8.10) with the
following nix file, at the root of the nixpkgs repository:

```
with import ./. {
  overlays = [
    (
      self: super: {
        haskellPackages = super.haskell.packages.ghc8101.override {
          overrides = selfh: superh: {
             th-lift-instances = super.haskell.lib.doJailbreak superh.th-lift-instances;
             th-expand-syns    = super.haskell.lib.doJailbreak superh.th-expand-syns;
             th-reify-many     = super.haskell.lib.doJailbreak superh.th-reify-many;
             th-orphans        = super.haskell.lib.doJailbreak superh.th-orphans;
             haskell-src-meta  = super.haskell.lib.doJailbreak superh.haskell-src-meta;
          };
        };
      }
  )
  ];
};
haskellPackages.ghcWithPackages(p:[p.PyF])
```

This will test with GHC 8.10. Comment out the `overlays` to test with
GHC 8.8.
2020-04-17 20:50:48 +02:00
Mike Sperber
53cfd1d132 haskell-tensorflow: unbreak
- get the current Git head of haskell-tensorflow
- adjust dependencies
2020-04-17 20:50:48 +02:00
Michael Alan Dorman
d59d157ad9 cabal-install-parsers: update Cabal dependency
This also unbreaks `haskell-ci`.
2020-04-17 20:50:48 +02:00
Jappie Klooster
b95534aaea cut-the-crap: init at 1.0.0 2020-04-17 20:50:48 +02:00
Manuel Bärenz
a762316e72 haskell simple-affine-space: Disable test suite 2020-04-17 20:50:48 +02:00
Troels Henriksen
802dfc8bd7 futhark: stop wrapping the executable 2020-04-17 20:50:48 +02:00
(cdep)illabout
a0612c2a06 spago: 0.14.0 -> 0.15.1 2020-04-17 20:50:48 +02:00
Gabor Greif
7932fb22cb ghcHEAD: bump to 8.11.20200403 (#84217)
* ghcHEAD: bump to 8.11.20200403

* ghcHead: reduce diff vs. 8.10.1

dontAddExtraLibs was removed by accident (IMO) in ea19a8ed1e

* ghcHEAD: add ability to use system libffi

- enable nixpkgs' libffi
- minimise diffs against 8.10.1
- remove patching

* remove configure warning about --with-curses-includes

configure: WARNING: unrecognized options: --with-curses-includes
2020-04-17 20:50:48 +02:00
Peter Simons
fd1103227d hackage-packages.nix: automatic Haskell package set update
This update was generated by hackage2nix v2.15.1 from Hackage revision
fcda2563cd.
2020-04-17 20:50:40 +02:00
Peter Simons
fd63776ff4 hackage2nix: update list of broken builds to fix evaluation errors 2020-04-17 20:50:26 +02:00
Remo
83d84e6233 hackage2nix: unbreak postgrest 2020-04-17 20:50:07 +02:00
Remo
629af9f518 hackage2nix: unbreak hasql-pool 2020-04-17 20:49:49 +02:00
Peter Simons
572e8f6008 LTS Haskell 15.8 2020-04-17 20:49:10 +02:00
Graham Christensen
be9cc04925
Merge pull request #85453 from bqv/patch-1
sv-kalendar: fix meta
2020-04-17 14:16:34 -04:00
Tony O
39b1de0fbf
sv-kalendar: fix meta 2020-04-17 19:03:26 +01:00
Maximilian Bosch
192485f8fa
neomutt: 20200320 -> 20200417
https://github.com/neomutt/neomutt/releases/tag/20200417

To fix the tests, I had to copy the recently created
`neomutt-test-files`[1] repository into the build-environment.

Also applied a patch from master[2] which ensures that the
`change-folder` macro actually switches to the specified folder.

[1] https://github.com/neomutt/neomutt-test-files
[2] 9e7537cadd
2020-04-17 19:35:20 +02:00
worldofpeace
40f3faedbd nixos/manual: 19.09 -> 20.03 2020-04-17 12:41:24 -04:00
Jan Tojnar
42f2d370a5
Merge pull request #81955 from r-ryantm/auto-update/poppler-glib 2020-04-17 18:38:20 +02:00
Michele Guerini Rocco
8afc0daa29
Merge pull request #85431 from rnhmjoj/vapoursynth
vapoursynth: R48 -> R49
2020-04-17 18:20:46 +02:00
Peter Simons
464d1861ee
Merge pull request #81307 from jabranham/r-pkgs
R: Update R, CRAN, & Bioconductor
2020-04-17 17:43:38 +02:00
Benjamin Hipple
ba8c116519 mesa-glu: use HTTPS instead of FTP
FTP is often blocked by firewalls and is generally slower and less secure than HTTPS.

No change to `src` hash.
2020-04-17 11:35:16 -04:00
Emily
2e31fb407e nixos/release-combined: add {,latestKernel.}hardened
These now depend on an external patch set; add them to the release tests
to ensure that the build doesn't break silently as new kernel updates
are merged.
2020-04-17 16:13:39 +01:00
Emily
e133e396df nixos/release-{small,combined}: add latestKernel.login
Seems like a good idea to ensure that you can always use the latest
stable upstream kernel.
2020-04-17 16:13:39 +01:00
Emily
fe031d07f8 nixos/tests/hardened: add latestKernel argument 2020-04-17 16:13:39 +01:00
Emily
b0d5032ee4 nixos/hardened: add emily to maintainers 2020-04-17 16:13:39 +01:00
Emily
ad9bfe2254 nixos/hardened: enable user namespaces for root
linux-hardened sets kernel.unprivileged_userns_clone=0 by default; see
anthraxx/linux-hardened@104f44058f.

This allows the Nix sandbox to function while reducing the attack
surface posed by user namespaces, which allow unprivileged code to
exercise lots of root-only code paths and have lead to privilege
escalation vulnerabilities in the past.

We can safely leave user namespaces on for privileged users, as root
already has root privileges, but if you're not running builds on your
machine and really want to minimize the kernel attack surface then you
can set security.allowUserNamespaces to false.

Note that Chrome's sandbox requires either unprivileged CLONE_NEWUSER or
setuid, and Firefox's silently reduces the security level if it isn't
allowed (see about:support), so desktop users may want to set:

    boot.kernel.sysctl."kernel.unprivileged_userns_clone" = true;
2020-04-17 16:13:39 +01:00
Emily
84f258bf09 nixos/hardened: don't set vm.unprivileged_userfaultfd
Upstreamed in anthraxx/linux-hardened@a712392b88.
2020-04-17 16:13:39 +01:00
Emily
cc28d51237 nixos/hardened: don't set vm.mmap_min_addr
Upstreamed in anthraxx/linux-hardened@f1fe0a64dd.
2020-04-17 16:13:39 +01:00
Emily
46d12cca56 nixos/hardened: don't set vm.mmap_rnd{,_compat}_bits
Upstreamed in anthraxx/linux-hardened@ae6d85f437.
2020-04-17 16:13:39 +01:00
Emily
af4f57b2c4 nixos/hardened: don't set net.core.bpf_jit_harden
Upstreamed in anthraxx/linux-hardened@82e384401d.
2020-04-17 16:13:39 +01:00