Commit Graph

7036 Commits

Author SHA1 Message Date
ajs124
831148bf27 testers.testMetaPkgConfig: fix warning
follow-up to feabc3db0f
2023-09-19 16:11:42 +02:00
Pol Dellaiera
6e55577f33 build-support/php/composer-local-repo-plugin: 1.0.0 -> 1.0.2
Also fix https://github.com/NixOS/nixpkgs/issues/255860
2023-09-18 14:21:26 +02:00
Artturi
9466d15361
Merge pull request #255188 from NickCao/make-binary-wrapper
makeBinaryWrapper.extractCmd: fix use in cross compilation
2023-09-17 17:31:00 +03:00
Nick Cao
c6e11d15ce
makeBinaryWrapper.extractCmd: fix use in cross compilation 2023-09-16 22:17:22 -04:00
Atemu
88a0ff46e5
Merge pull request #253982 from rnhmjoj/pr-fhs
buildFHSEnv: disable security features by default
2023-09-16 21:09:24 +02:00
Elis Hirwing
28fd868e47
Merge pull request #255156 from NixOS/build-support/php/update-install-procedure
build-support/php: prevent the creation of symlinks
2023-09-15 08:39:55 +02:00
Pol Dellaiera
a2f8623363
build-support/php: prevent the creation of symlinks
Using symbolic links create issues on Darwin, therefore, using `makeWrapper` fix this.
2023-09-14 21:40:33 +02:00
Weijia Wang
0cfc319f83 fetchDebianPatch: Require patch names with extensions
Otherwise the fetcher is unuseable with patches
whose filename (in Debian) doesn't end in `.patch`.
2023-09-14 18:55:30 +00:00
toonn
924efe5313
Merge pull request #249268 from Enzime/remmina-bundle
writeDarwinBundle: use binary wrapper
2023-09-14 15:05:13 +02:00
Elis Hirwing
350cac13cf
Merge pull request #248184 from NixOS/php/add-new-builder-only
php: add new Composer builder
2023-09-14 07:50:27 +02:00
Pol Dellaiera
3eb168da92
build-support/php: add composerNoDev, composerNoPlugins and composerNoScripts attributes 2023-09-13 17:08:04 +02:00
Pol Dellaiera
1173a34d15
build-support/php: move internal tools in php/build-support/php/pkgs 2023-09-13 17:07:48 +02:00
Elis Hirwing
1e238b8afe
php: Fix shellcheck string warnings in composer-install-hook 2023-09-13 15:00:04 +02:00
Elis Hirwing
2160ed2bcc
composer: Stop exposing composer built from a phar file 2023-09-13 15:00:04 +02:00
Elis Hirwing
9e701e6328
composer-local-repo-plugin: Stop exposing this internal tool 2023-09-13 15:00:03 +02:00
Pol Dellaiera
b36ad2f517
php: add new builder buildComposerProject 2023-09-13 15:00:03 +02:00
Pol Dellaiera
27e3b694e7
composer-local-repo-plugin: init at 1.0.0 2023-09-13 15:00:03 +02:00
Jan Tojnar
1cd6d30f2f Merge branch 'master' into staging-next 2023-09-13 12:03:35 +02:00
Artturi
edada48556
Merge pull request #254815 from johannwagner/fix-leading-hyphens-for-testVersion 2023-09-13 01:23:09 +03:00
Robert Scott
9e64f794d1
Merge pull request #208944 from risicle/ris-dockertools-makeoverridable
dockerTools: use makeOverridable for buildImage family of functions
2023-09-12 23:16:06 +01:00
Johann Wagner
da073295d0 testers.testVersion: Fix usage of hyphens within the version argument 2023-09-12 21:54:10 +02:00
Vladimír Čunát
300eaad172
Merge branch 'master' into staging-next 2023-09-12 19:06:44 +02:00
Rick van Schijndel
a31a3eca58
Merge pull request #251066 from lilyinstarlight/feature/prefetch-npm-deps-tokens
prefetch-npm-deps: add support for NIX_NPM_TOKENS env var
2023-09-12 17:31:26 +02:00
Anderson Torres
3fc613c5ba
Merge branch 'master' into staging-next 2023-09-11 23:25:38 +00:00
Lily Foster
7f76ac6e09
fetchNpmDeps: pass NIX_NPM_TOKENS as an impure env var 2023-09-11 16:50:17 -04:00
Lily Foster
e271266179
prefetch-npm-deps: add support for NIX_NPM_TOKENS env var 2023-09-11 16:49:36 -04:00
Robert Scott
38c1400f67 dockerTools: use makeOverridable for buildImage family of functions
this allows nix users to modify existing images without having
to rely on container image inheritance mechanisms via fromImage
2023-09-11 21:10:37 +01:00
Artturi
bb446a19f7
Merge pull request #247682 from minijackson/fix-ppc64be-linker 2023-09-11 22:13:42 +03:00
Minijackson
5581c0677c
bintools-wrapper: fix dynamic linker for powerpc64 big-endian
fixes #245162
2023-09-11 13:55:43 +02:00
github-actions[bot]
66c722f52f
Merge master into staging-next 2023-09-09 18:01:05 +00:00
sternenseemann
bd374243c0 npmHooks: use adjacent packages, not buildPackages
Hooks are essentially implemented as special shell packages that run on
their respective host platform. When they are used, they appear as
nativeBuildInputs (as they need to be executed as part of the build of a
package using them) so are taken from buildPackages relative to the
derivation using them.

Since the override in buildNpmPackage nullifies splicing, we take
npmHooks from buildPackages manually.

Fixes pkgsCross.ghcjs.buildPackages.emscripten and thus
pkgsCross.ghcjs.haskellPackages.ghc.
2023-09-09 17:55:37 +02:00
github-actions[bot]
a376e04925
Merge master into staging-next 2023-09-09 00:02:10 +00:00
Maciej Krüger
6146406653
Merge pull request #252343 from nbraud/fetchurl/hashValidation 2023-09-09 00:55:19 +02:00
rnhmjoj
c945723356
buildFHSEnv: disable security features by default
The implicit contract of buildFHSUserEnv was that it allows to run
software built for a typical GNU/Linux distribution (not NixOS) without
patching it (patchelf, autoPatchelfHook, etc.). Note that this does not
inherently imply running untrusted programs.

buildFHSUserEnv was implemented by using chroot and assembling a
standard-compliant FHS environment in the new root. As expected, this
did not provide any kind of isolation between the system and the
programs.

However, when it was later reimplemented using bubblewrap
(PR #225748), which *is* a security tool, several isolation features
involving detaches Linux namespaces were turned on by default.
This decision has introduced a number of breakages that are very
difficult to debug and trace back to this change.
For example: `unshareIPC` breaks software audio mixing in programs using
ALSA (dmix) and `unsharePID` breaks gdb,

Since:

  1. the security features were enable without any clear threat model;
  2. `buildFHSEnvBubblewrap` is supposed to be a drop-in replacement of
     `buildFHSEnvChrootenv` (see the release notes for NixOS 23.05);
  3. the change is breaking in several common cases (security does not
     come for free);
  4. the contract was not changed, or at least communicated in a clear
     way to the users;

all security features should be turned off by default.

P.S. It would be useful to create a variant of buildFHSEnv that does
provide some isolation. This could unshare some namespaces and mount
only limited parts of the filesystem.
Note that buildFHSEnv mounts every directory in / under the new root, so
again, very little is gained by unsharing alone.
2023-09-08 09:15:50 +02:00
Artturi
fa3a4a18c0
Merge pull request #192459 from danielfullmer/fix-cc-wrapper-libdir 2023-09-07 01:58:51 +03:00
github-actions[bot]
aba6d8043f
Merge staging-next into staging 2023-09-06 18:01:28 +00:00
Silvan Mosberger
7cbc8215fd
Merge pull request #252865 from emily-is-my-username/fix/fetchgit-deepclone
`fetchgit`: don't shallow clone if `deepClone` is requested
2023-09-06 14:08:06 +02:00
github-actions[bot]
848091ac53
Merge staging-next into staging 2023-09-06 06:01:30 +00:00
github-actions[bot]
82535bc9c1
Merge master into staging-next 2023-09-06 06:00:55 +00:00
Lin Jian
cae7f23ed8 build-support/emacs: fix name when overrideAttrs is used
Before:

nix-repl> (pkgs.emacs.pkgs.eglot.overrideAttrs { version = "6.0"; }).name
"emacs-eglot-1.15"

After:

nix-repl> (pkgs.emacs.pkgs.eglot.overrideAttrs { version = "6.0"; }).name
"emacs-eglot-6.0"
2023-09-06 02:24:07 +00:00
Lin Jian
35ccb9db3f build-support/emacs: make version non-optional
I do not think there is a good reason for it to be optional.

There were only two packages without a version attr.  The version attr
is added to them in this patch.
2023-09-06 02:24:07 +00:00
github-actions[bot]
1a5c2acd74
Merge staging-next into staging 2023-09-05 00:02:47 +00:00
github-actions[bot]
77a8486bb3
Merge master into staging-next 2023-09-05 00:02:14 +00:00
Artturi
b80a27d04f
Merge pull request #249567 from antonmosich/typo 2023-09-05 00:38:52 +03:00
Artturi
31c9deb4f7
Merge pull request #218783 from timbertson/stripExcludeExtensions 2023-09-05 00:37:17 +03:00
Artturi
d5139e3017
Merge pull request #245909 from Artturin/setupshchanges2 2023-09-04 20:41:16 +03:00
Artturin
fa98c56f75 setup-hooks/separate-debug-info.sh: Warn if necessary variables are not set
`$OBJCOPY` is not available in bootstrap tools
`stdenv.__bootPackages.stdenv.__bootPackages.stdenv.__bootPackages.stdenv.__bootPackages.stdenv.__bootPackages.bash.stdenv.cc.bintools`
2023-09-03 23:02:45 +03:00
Tim Cuthbertson
0bffcc3f3c setup-hooks/strip: add stripExclude 2023-09-03 20:18:10 +03:00
Artturin
1db1e3c467 stdenv: Fix possible issues discovered with
```
set -o errexit -o nounset -o pipefail
shopt -s inherit_errexit
```

in `stdenv/default-builder.sh`
2023-09-02 03:25:36 +03:00
github-actions[bot]
14f4a764c5
Merge master into staging-next 2023-09-02 00:02:17 +00:00