librdimon.a is only available on ARM architectures, therefore building
newlib-nano for other architectures (e.g. RISC-V) fails presently.
This commit fixes this issue by only copying the library files that
actually exist in the for loop body. Alternatively, it would be
theoretically feasible to change the libraries iterated over based
on the targeted architecture.
One of resholve's passthru tests depended on getting `script` from
util-linux, but it's no longer there on macos after #232713.
This change just tracks upstream change to use unixtools.script, which
is what I should have used in the first place. Upstream commit for
reference:
3407150949
apply patch from gentoo because there's no libstdc++.a libsupc++.a or
their nano versions
this matches upstream arm more
https://developer.arm.com/downloads/-/arm-gnu-toolchain-downloads
-lc_nano is used in nano.specs but 'libc_nano.a' is not installed without these changes
with structuredAttrs lists will be bash arrays which cannot be exported
which will be a issue with some patches and some wrappers like cc-wrapper
this makes it clearer that NIX_CFLAGS_COMPILE must be a string as lists
in env cause a eval failure
This release gets resholve caught up to the latest release of oil/osh.
Since the update was already somewhat involved, I used the opportunity
to also figure out how to patch out some C extensions and external
dependencies that shouldn't be necessary just to use the parser.
- update README.md
- github.com/abathur/resholve/blob/master/CHANGELOG.md#v090-jan-29-2023
- github.com/abathur/nix-py-dev-oil/compare/v0.8.12.3...v0.14.0.0
checkInputs used to be added to nativeBuildInputs. Now we have
nativeCheckInputs to do that instead. Doing this treewide change allows
to keep hashes identical to before the introduction of
nativeCheckInputs.
Bump to the latest relase. The current version is outdated and doesn't
seem to be able to boot my CM4 to mass storage device mode. This version
does, and according to
https://github.com/raspberrypi/usbboot/releases/tag/20221215-105525, it
"works on all current Raspberry Pi models and uses the default
bootloader that is signed with the secure-boot ROM key".
We are marking `resholve` itself with `meta.knownVulnerabilities`, and
overriding `resholve-utils` functions's `resholve` with
`meta.knownVulnerabilities = [ ]`.
This way, we can still use `resholve` at build-time without triggering
security warnings, however we can't instantiate `resholve` itself. See:
```
$ nix-build -A resholve
error: Package ‘resholve-0.8.4’ in /.../nixpkgs/pkgs/development/misc/resholve/resholve.nix:48 is marked as insecure, refusing to evaluate.
$ nix-build -A ix
/nix/store/k8cvj1bfxkjj8zdg6kgm7r8942bbj7w7-ix-20190815
```
For debugging purposes, you can still bypass the security checks and
instantiate `resholve` by:
```
$ NIXPKGS_ALLOW_INSECURE=1 nix-build -A resholve
/nix/store/77s87hhqymc6x9wpclb04zg5jwm6fsij-resholve-0.8.4
```