Originally, we switched to bsdtar from libarchive to solve a reproducibility issue related to hardlinks
As of gnu cpio 2.14 the --ignore-dirnlink option is introduced and now included in --reproducible, which solves this issue
By switching back, we are in turn solving an issue in libarchive >=3.7.5 erroring out with "Error reading archive -: (null)"
Change-Id: Ib6140d599b6547d8e941b0251ce996e303c41fa6
(cherry picked from commit 0f216e2578)
This make sure the credentials cannot be leaked in a MITM attack.
Note that this change might break some existing deployments if the users
tries to fetch resources on endpoints with invalid certificates.
The impacted users will have the following choices:
* fix the endpoint providing the resource
* override SSL_CERT_FILE to either disable the verification (not
recommended) or to set it to a path including their CA certificate.
(cherry picked from commit a169553f7e)
Fix remaining sdkVer and ndkVer references
1144d46 renamed sdkVer and ndkVer, but forgot one reference and
incorrectly replaced another
(cherry picked from commit a99c334965)
We no longer use fetchzip because nc4nix no longer unpacks the tarball
before computing the hash.
Based on 2c1d58e90c, but regenerated
the apps to resolve merge conflicts.
There's no point generating debug info if the compiler immediately
strips it before we get a chance to do anything with it.
This is especially important since Cargo 1.77, which asks rustc to
strip by default.
(cherry picked from commit f03d6497cb)
I've had better luck creating statically-linked binaries that work than
dynamically-linked ones, so this is needed quite practically.
(cherry picked from commit 676df1cf2d)
The current DLL linker only links direct dependencies of the derivation. Indirect dependencies are sometimes missed.
(cherry picked from commit e72b347c1d)
GStreamer searches for plugins relative to its binary's location.
However, since bd97973ce0, it uses its *real* binary location, breaking the FHS.
Fixes#311004 (tested on Heroic and Lutris too).
(cherry picked from commit 525636fec9)
I decided to avoid the use of `buildComposerProject because it requires `composer-local-repo-plugin` which is going to be refactored.
(cherry picked from commit 450e9396fd)
Some packages rely on `uname` to configure the host target which breaks cross-compilation.
We can have more control over the evaluation of `uname` by placing `deterministic-uname` into the package's `nativeBuildInputs`.
However the current `deterministic-uname` is hardcoded to `buildPlatform`.
This PR introduces a build argument `forPlatform` to `deterministic-uname` which allows you to override the platform it reports.
Example:
```nix
deterministic-uname.override { forPlatform = stdenv.hostPlatform; }
```
(cherry picked from commit 2ed51a3ff0)
Increase the default RAM size for image-building QEMU VM.
Make singularity.tests.image-hello-cowsay build on aarch64-linux.
(cherry picked from commit d09aedb1a0)
https://github.com/NixOS/nixpkgs/pull/246164 but for hardlinks.
Mesa, among other packages, has binaries that are linked together and
can end up corrupted when the same binary is stripped through two
different names.
To resolve this, print out the device and inode number before each file
name, sort/uniq based on that, then cut it back out before stripping.
The symlink resolution logic is removed as the same file accessed
through two different links in `$paths` will necessarily have the same
numbers. File/directory within the paths listed in `$paths` are
correctly not (and were never) processed due to the `-type f` predicate
and (implied) `-P` option to `find`.
(cherry picked from commit 4d6d293fad)
The $DISPLAY variable has a format of [host]:num[.screen]. Previously,
the number would only be extracted properly if it had the form :num.
Allow all forms but correctly discard the unused parts.
