Commit Graph

7339 Commits

Author SHA1 Message Date
Artturi
187f681cb4
Merge pull request #258608 from aherrmann/macos-mktemp
MacOS compatible mktemp in cc-wrapper
2023-10-08 11:38:14 +03:00
Fabián Heredia Montiel
7f16b623fc Merge remote-tracking branch 'origin/master' into staging-next 2023-10-08 00:18:22 -06:00
Sandro Jäckel
d09cd1d7d1 fetchgit: use $NIX_BUILD_TOP instead of hardcoding /build/
Co-authored-by: Bjørn Forsman <133602+bjornfor@users.noreply.github.com>
2023-10-08 00:10:59 +02:00
Lily Foster
57087b8346
Merge pull request #255984 from SuperSandro2000/patch-1
build-npm-package: give a hint when npm prune fails
2023-10-07 17:51:52 -04:00
Sandro
30992a8c51
buildNpmPackage: give a hint when npm prune fails
Co-authored-by: Lily Foster <lily@lily.flowers>
2023-10-07 21:53:56 +02:00
Alyssa Ross
182718fecc
Merge remote-tracking branch 'origin/staging-next' into staging
Conflicts:
	pkgs/top-level/linux-kernels.nix
2023-10-07 19:52:18 +00:00
Doron Behar
fc96f6d0fd buildNpmPackage: support makeWrapperArgs 2023-10-07 14:09:05 +03:00
Jan Tojnar
76a7aa445a Merge branch 'master' into staging-next
Conflicts:
- pkgs/development/python-modules/xdot/default.nix
  between 2f244e3647 and 1a9a257cf7
2023-10-06 23:18:00 +02:00
Elis Hirwing
f0987a05a9
php.packages.composer: Make sure that both composers use the same version
So in php we have a bootstrapping composer (that lives in
composer-phar.nix) that downloads the binary distribution of composer
to be able to bootstrap and build a composer built from source.

However, it's desirable to keep composer updated at all time, and this
includes the phar one that isn't used by users directly. So this makes
sure we don't "forget" about the phar one since it now borrows the
version from the source version. However, then it also made sense to
move the hash for the phar to the same file as the source
composer. Then we can control the full upgrade life cycle of both the
phar and source versions of composer from the same file.
2023-10-06 20:09:48 +02:00
Elis Hirwing
13441fc1f5
Merge pull request #259349 from NixOS/php/bump-composer-2-6-5
phpPackages.composer: 2.6.4 -> 2.6.5
2023-10-06 19:51:30 +02:00
Bjørn Forsman
55e30da2eb buildFHSEnvBubblewrap: preserve pname, version
It's useful to have access to these attributes from packages built with
buildFHSEnvBubblewrap, and it reduces the difference between FHS and
non-FHS packages.

'name' is already handled by runCommandLocal.
2023-10-06 19:37:39 +02:00
Pol Dellaiera
3360cb0bb0 phpPackages.composer: 2.6.4 -> 2.6.5 2023-10-06 10:30:07 +02:00
github-actions[bot]
2c70ec4a27
Merge staging-next into staging 2023-10-05 18:01:34 +00:00
github-actions[bot]
ca639e401e
Merge master into staging-next 2023-10-05 18:01:05 +00:00
Sandro Jäckel
025a028c47 fetchgit: fix private fetching via netrc
This fixes a regression introduced in https://github.com/NixOS/nixpkgs/pull/256628
which broke fetching with private = true through a netrc file.
Tested locally with a really special github enterprise.
2023-10-05 13:54:00 +00:00
Linus Heckemann
81f6dc0864
Merge pull request #257919 from Ma27/structured-attrs-env-vars
structured attrs: prefer `NIX_ATTRS_*_FILE` over `.attrs.*`
2023-10-05 12:48:00 +02:00
Andreas Herrmann
13a4690d0d cc-wrapper: Use MacOS compatible mktemp command
The commit 6f2b3ba027 introduced a
`mktemp` invokation that uses the `--tmpdir` flag, which is not
available on MacOS.

This changes the invokation to a portable one based on the following
StackOverflow answer https://stackoverflow.com/a/31397073/841562 .
2023-10-05 10:44:34 +02:00
github-actions[bot]
d4ed9dd5cd
Merge staging-next into staging 2023-10-05 00:02:58 +00:00
Vladimír Čunát
fa7835846a
Merge branch 'master' into staging-next 2023-10-04 22:40:54 +02:00
Maximilian Bosch
c8f5c30c37
pkgs/build-support: refactor drvs using __structuredAttrs = true
Derivations affected by this patch set `__structuredAttrs = true;` and
provide their own `builder`, i.e. it's necessary to `source .attrs.sh`.

Rather than adding even more `if`-`source` monstrums, I decided to
modify all of those derivations to use `buildCommand` or `runCommand`,
without `builder` being set.

Then, `$stdenv/setup` is sourced already and as a result it's safe to
assume that `NIX_ATTRS_JSON_FILE`/`NIX_ATTRS_SH_FILE` point to a usable
location both in a build and a shell session.
2023-10-04 18:37:00 +02:00
Maximilian Bosch
8bc5104a6e
treewide: refactor .attrs.sh detection
When specifying the `builder` attribute in `stdenv.mkDerivation`, this
will be effectively transformed into

    builtins.derivation {
      builder = stdenv.shell;
      args = [ "-e" builder ];
    }

This also means that `default-builder.sh` is never sourced and as a
result it's not guaranteed that `$NIX_ATTRS_SH_FILE` is set to a correct
location[1].

Also, we need to source `.attrs.sh` to source `$stdenv`. So, the
following is done now:

* If `$NIX_ATTRS_SH_FILE` points to a correct location, then use it.
  Directly using `.attrs.sh` is problematic for `nix-shell(1)` usage
  (see previous commit for more context), so prefer the environment
  variable if possible.

* Otherwise, if `.attrs.sh` exists, then use it. See [1] for when this
  can happen.

* If neither applies, it can be assumed that `__structuredAttrs` is
  turned off and thus nothing needs to be done.

[1] It's possible that it doesn't exist at all - in case of Nix 2.3 or
    it can point to a wrong location on older Nix versions with a bug in
    `__structuredAttrs`.
2023-10-04 18:36:57 +02:00
Pol Dellaiera
2b12e3efe3 php.buildComposerProject: improve workflow in case of missing composer.lock file 2023-10-04 15:12:08 +02:00
Yureka
dd104a90a8 php.buildComposerProject: warn about outdated vendorHash 2023-10-04 15:12:08 +02:00
Yureka
7d2c531f28 php.buildComposerProject: don't allow use without lockfile 2023-10-04 15:12:08 +02:00
github-actions[bot]
c020c1ab3c
Merge staging-next into staging 2023-10-03 18:01:51 +00:00
Alyssa Ross
1cbe5c3e8b rust.toRustTargetForUseInEnvVars: support custom targets
> If using a target spec JSON file, the <triple> value is the filename
> stem. For example --target foo/bar.json would match [target.bar].

- https://doc.rust-lang.org/cargo/reference/config.html#target

I've also exposed toRustTargetSpecShort as a public function, because
it's useful to be able to know what the target subdirectory will be.
2023-10-03 12:30:04 +00:00
K900
03fddbfb87
Merge pull request #256525 from K900/auto-patchelf-flags
autoPatchelfHook: add `patchelfFlags` option
2023-10-02 08:07:03 +03:00
Alyssa Ross
d4a1009f5a
Merge remote-tracking branch 'origin/master' into staging-next 2023-10-01 13:53:00 +00:00
Weijia Wang
f4098e348c
Merge pull request #257122 from bjornfor/fix-buildfhsenv-pname
buildFHSEnvBubblewrap: allow being passed 'pname'
2023-10-01 13:55:09 +02:00
github-actions[bot]
c3098253b5
Merge master into staging-next 2023-09-30 12:01:05 +00:00
mdarocha
8318df5b63 buildDotnetModule: fix running fetch-deps with no nugetDeps defined.
This eases the initial setup when creating a package
2023-09-30 13:21:12 +02:00
Artturi
bf25d8782b
Merge pull request #249069 from amjoseph-nixpkgs/pr/lib/systems/ubootArch
lib.systems: add ubootArch
2023-09-30 10:45:36 +03:00
K900
10cb2bd443 autoPatchelfHook: add patchelfFlags option
This may be useful. Eventually. Maybe.
2023-09-30 10:26:35 +03:00
figsoda
14d44173e4
Merge pull request #256949 from andresilva/build-rust-package-profiles
buildRustPackage: support custom cargo profiles
2023-09-29 15:54:49 -04:00
github-actions[bot]
c1a6c05aa7
Merge master into staging-next 2023-09-29 12:01:16 +00:00
Elis Hirwing
a7f6f0b654
Merge pull request #258005 from NixOS/php/composer/bump-2-6-4
phpPackages.composer: 2.6.3 -> 2.6.4
2023-09-29 13:18:47 +02:00
Pol Dellaiera
a39417a673 phpPackages.composer: 2.6.3 -> 2.6.4
Security release: To be mitigated since we are not using a publicly accessible composer.phar (GHSA-jm6m-4632-36hf / CVE-2023-43655).

Changelog: https://github.com/composer/composer/releases/tag/2.6.4
2023-09-29 12:25:04 +02:00
Thiago Kenji Okada
88c5afe153
Merge pull request #257433 from thiagokokada/graalvm-bump
graalvm-ce: 22.3.1 -> 21.0.0
2023-09-29 11:12:22 +01:00
Robert Scott
4c6fd59fcd cc-wrapper: ensure NIX_HARDENING_ENABLE fortify3 implies fortify too
even if fortify3 is in hardening_unsupported_flags
2023-09-28 21:49:14 +01:00
github-actions[bot]
bd2b03a095
Merge master into staging-next 2023-09-28 18:00:54 +00:00
Evils
ef1b2ae152 appimage-run: add pciutils for FreeCAD 2023-09-28 19:15:01 +02:00
Jules Aguillon
187d777aad ocamlPackages.buildTopkgPackage: Added
This function helps building an OCaml package that builds with topkg.
There are currently many such packages in nixpkgs and this function
would greatly simplify adding more.

This is heavily inspired by `ocamlPackages.buildDunePackage`.
2023-09-28 12:03:20 +02:00
github-actions[bot]
6626399ea9
Merge staging-next into staging 2023-09-27 12:01:37 +00:00
github-actions[bot]
81ae4e07a3
Merge master into staging-next 2023-09-27 12:01:06 +00:00
Thiago Kenji Okada
45eff9d9c7 graalvm-ce: 22.3.1 -> 21.0.0
This initially may look like a downgrade, but this is caused by how
upstream is tagging versions.

Before they would have the GraalVM having its own version (e.g. 22.3.1),
and each version would support multiple JVM versions (e.g. 11, 17, 19).
Now each release supports only one JVM version (e.g.: 21), and they
track the same version as the JVM.

They also changed packaging, making all sub-products (e.g.: GraalPy,
GraalRuby, etc.) standalone, so they do not depend in GraalVM anymore
and have their own version. Thanks to this change, we will need to
repackage everything.

To simplify, this commit will remove all sub-products and only care
about the GraalVM/Native Image (that is back to GraalVM itself) part.
Other commits will re-added each sub-product.

Fix (partial): https://github.com/NixOS/nixpkgs/issues/257292
2023-09-27 10:25:44 +01:00
Dan Buch
14f76a96e8
fetch-yarn-deps: warn on undefined expected hash
instead of rejecting, given that the expected hash may not be known/provided.
2023-09-27 00:17:40 +00:00
Adam Joseph
67a4f828b4 rust: hooks: fix cross compilation
Currently there is a state of severe confusion in
pkgs/build-support/rust/hooks/ regarding host vs target; right now
there is only "host" defined, but whether it means "host" or
"target" seems to fluctuate.

This commit corrects that, ensuring that all variables come in all
three flavors (build, host, target) and are used consistently with
the nixpkgs convention.

This also fixes the cross-compilation of packages which use
`maturinBuildHook` -- hooks go in `nativeBuildInputs` and are
phase-shifted backwards by one platform, so they need to be careful
about distinguishing between build and host.

Closes #247441
2023-09-26 06:30:44 +00:00
Adam Joseph
c1df604e9f rust: add rust.envVars 2023-09-26 06:30:44 +00:00
github-actions[bot]
aa53f32537
Merge staging-next into staging 2023-09-26 06:01:27 +00:00
github-actions[bot]
3bfcfd7eef
Merge master into staging-next 2023-09-26 06:01:00 +00:00
Pol Dellaiera
f0dc8516ed
build-support/php/hooks: add cacert 2023-09-25 22:10:28 +02:00
github-actions[bot]
a09f7f5b08
Merge staging-next into staging 2023-09-25 18:01:43 +00:00
github-actions[bot]
fc1f757bf6
Merge master into staging-next 2023-09-25 18:01:06 +00:00
Yureka
5d20a2b99a buildPecl: pass hash attr to fetchurl 2023-09-25 19:24:40 +02:00
Pol Dellaiera
a7b3106959
Merge pull request #256628 from alyssais/nix-prefetch-git-config
nix-prefetch-git: ignore global and user git config
2023-09-25 18:40:40 +02:00
github-actions[bot]
38723050e6
Merge staging-next into staging 2023-09-25 00:02:40 +00:00
github-actions[bot]
680b13891d
Merge master into staging-next 2023-09-25 00:02:13 +00:00
Hraban Luyat
1b26fc011a emacs: allow using as shebang on darwin 2023-09-24 19:50:52 -03:00
Hraban Luyat
949ea0426d emacs: remove unused makeWrapper dependency
As far as I can tell this is unused. The wrapper script is fully custom.
2023-09-24 19:50:52 -03:00
Bjørn Forsman
70b5588b4e buildFHSEnvBubblewrap: allow being passed 'pname'
`buildFHSEnvBubblewrap { pname = ...; }` currently results in eval error
because args.name doesn't exist then. Fix it by only using args.name if
it exists.
2023-09-24 19:57:21 +02:00
André Silva
8674922276
buildRustPackage: support custom cargo profiles 2023-09-24 18:40:24 +01:00
github-actions[bot]
655d301f37
Merge staging-next into staging 2023-09-24 12:01:43 +00:00
github-actions[bot]
b6d5fc29bc
Merge master into staging-next 2023-09-24 12:01:00 +00:00
Atemu
aa827460ae
Merge pull request #257049 from alyssais/buildFHSEnv-passthru
buildFHSEnv: add base paths to passthru
2023-09-24 11:41:22 +02:00
Alyssa Ross
00a28d0ed9
buildFHSEnv: add base paths to passthru
It's useful to be able to introspect all packages which are available
in the fhsenv.  I've renamed basePkgs and baseMultiPkgs to be
consistent with the naming scheme used for the bits that were
previously public — names ending in "Pkgs" are for functions, and
names ending in "Paths" are the results of those functions.
2023-09-24 08:43:20 +00:00
Pol Dellaiera
bd3d5995d9
Merge pull request #256557 from NixOS/bump/build-support/php/composer-local-repo-plugin-1-0-3
build-support/php/composer-local-repo-plugin: 1.0.2 -> 1.0.3
2023-09-24 09:16:08 +02:00
github-actions[bot]
035c6df194
Merge staging-next into staging 2023-09-24 00:03:26 +00:00
github-actions[bot]
0e6413dbff
Merge master into staging-next 2023-09-24 00:02:23 +00:00
Silvan Mosberger
390a4247e0
Merge pull request #255512 from nbraud/sha512-to-hash
treewide: sha512 → hash
2023-09-24 00:03:31 +02:00
Bouke van der Bijl
352ff3f226
Update pkgs/build-support/rust/build-rust-crate/default.nix
Co-authored-by: Sandro <sandro.jaeckel@gmail.com>
2023-09-23 10:19:03 +02:00
nicoo
fab52fca51 treewide: sha512 → hash 2023-09-22 18:37:42 +02:00
Alyssa Ross
7d40fbbc04
nix-prefetch-git: ignore global and user git config
nix-prefetch-git is either run as part of a build, usually sandboxed,
or outside a build, unsandboxed, to prefetch something that will later
be used in a build.  It's important that the latter use produces
hashes that can be reproduced by the former.

One way that they can differ is if the user's git config does
something that changes the result of git clone.  I ran into this,
because my global git config automatically enables git-lfs, whereas
nix-prefetch-git otherwise only uses git-lfs if specifically
requested.  This led to very confusing hash mismatches.
2023-09-22 06:59:40 +00:00
Pol Dellaiera
9675e82ea1
build-support/php/composer-local-repo-plugin: 1.0.2 -> 1.0.3 2023-09-21 21:15:57 +02:00
github-actions[bot]
e939ee5495
Merge staging-next into staging 2023-09-21 12:01:49 +00:00
github-actions[bot]
4c610adf95
Merge master into staging-next 2023-09-21 12:01:19 +00:00
Jörg Thalheim
53204fe466
Merge pull request #256423 from Artturin/fixwritecbin
writers.writeCBin: fix binary name when cross-compiling
2023-09-21 08:36:09 +02:00
github-actions[bot]
8530ff3965
Merge staging-next into staging 2023-09-21 06:01:35 +00:00
github-actions[bot]
743d7baa31
Merge master into staging-next 2023-09-21 06:01:07 +00:00
Elis Hirwing
edd1e27480
Merge pull request #256315 from NixOS/php/bump-composer-2-6-3
phpPackages.composer: 2.6.2 -> 2.6.3
2023-09-21 07:56:44 +02:00
Artturin
8a77757b7e writers.writeCBin: fix binary name when cross-compiling
`$name` contains cross-compilation info `bin/wrapped-argv0-aarch64-unknown-linux-gnu`

name should not be set directly.
2023-09-21 04:13:45 +03:00
github-actions[bot]
0c130bfad2
Merge staging-next into staging 2023-09-21 00:02:39 +00:00
github-actions[bot]
2b20c287ac
Merge master into staging-next 2023-09-21 00:02:13 +00:00
Maciej Krüger
6cecfa12b5
Merge pull request #239570 from hacker1024/feature/flutter-wrapper-gapps
flutter: Use wrapGAppsHook
2023-09-20 23:34:26 +02:00
Fabián Heredia Montiel
b2f85dbf28 Merge remote-tracking branch 'origin/master' into staging-next 2023-09-20 15:08:16 -06:00
Pol Dellaiera
c8b9e229e1
phpPackages.composer: 2.6.2 -> 2.6.3 2023-09-20 16:53:03 +02:00
Artturi
6096abb008
Merge pull request #255208 from rhendric/rhendric/make-binary-wrapper 2023-09-20 09:41:44 +03:00
Artturi
6f27ba80ea
Merge pull request #255488 from natto1784/libcxxabi 2023-09-20 09:12:51 +03:00
github-actions[bot]
d55e56f8ac
Merge staging-next into staging 2023-09-19 18:01:57 +00:00
ajs124
831148bf27 testers.testMetaPkgConfig: fix warning
follow-up to feabc3db0f
2023-09-19 16:11:42 +02:00
github-actions[bot]
e22ad0ef4c
Merge master into staging-next 2023-09-19 12:01:22 +00:00
Artturi
f36165c2f1
Merge pull request #253116 from pwaller/fix-static-linktype 2023-09-19 11:41:44 +03:00
Bouke van der Bijl
4270524d3f build-rust-crate: add stripExclude for .rlib 2023-09-18 16:03:04 +02:00
Pol Dellaiera
6e55577f33 build-support/php/composer-local-repo-plugin: 1.0.0 -> 1.0.2
Also fix https://github.com/NixOS/nixpkgs/issues/255860
2023-09-18 14:21:26 +02:00
Ryan Hendrickson
df8b425f89 makeBinaryWrapper: protect wildcards in flags 2023-09-18 02:49:33 -04:00
Amneesh Singh
accafc0ed3
cc-wrapper: add libcxxabi include flag for LLVM
Removed workaround from llvm 16.

Fixes including cxxabi.h on llvm >=15 libcxxStdenv.

```c
int main() {}
```

```
/nix/store/qwnvng0cbyx0bijm654jpmpl0516hfhx-libcxxabi-15.0.7-dev/include/cxxabi.h:20:10: fatal error: '__cxxabi_config.h' file not found
```

Before llvm 15 this used to work because `libcxx` copied the headers
from `cxxabi` to it's own `include`, which was then picked up by the
line above this one

Alternative fix would be to copy all files from `${cxxabi.dev}/include/c++/v1` to `${cxxabi.dev}/include` so the cc-wrapper setup hook would pick them up, but that would depend on in cxxabi being in buildInputs.

Signed-off-by: Amneesh Singh <natto@weirdnatto.in>
2023-09-18 06:43:32 +05:30
github-actions[bot]
d2fdbb7e40
Merge master into staging-next 2023-09-17 18:00:59 +00:00
Artturi
9466d15361
Merge pull request #255188 from NickCao/make-binary-wrapper
makeBinaryWrapper.extractCmd: fix use in cross compilation
2023-09-17 17:31:00 +03:00
Nick Cao
c6e11d15ce
makeBinaryWrapper.extractCmd: fix use in cross compilation 2023-09-16 22:17:22 -04:00
Artturi
9acebc35f9
Merge pull request #235473 from szlend/fix-deterministic-uname-getops 2023-09-17 04:46:44 +03:00
Simon Žlender
b485dd0036 deterministic-uname: fix default output 2023-09-17 00:08:43 +03:00
Atemu
88a0ff46e5
Merge pull request #253982 from rnhmjoj/pr-fhs
buildFHSEnv: disable security features by default
2023-09-16 21:09:24 +02:00
Elis Hirwing
28fd868e47
Merge pull request #255156 from NixOS/build-support/php/update-install-procedure
build-support/php: prevent the creation of symlinks
2023-09-15 08:39:55 +02:00
Pol Dellaiera
a2f8623363
build-support/php: prevent the creation of symlinks
Using symbolic links create issues on Darwin, therefore, using `makeWrapper` fix this.
2023-09-14 21:40:33 +02:00
Weijia Wang
0cfc319f83 fetchDebianPatch: Require patch names with extensions
Otherwise the fetcher is unuseable with patches
whose filename (in Debian) doesn't end in `.patch`.
2023-09-14 18:55:30 +00:00
toonn
924efe5313
Merge pull request #249268 from Enzime/remmina-bundle
writeDarwinBundle: use binary wrapper
2023-09-14 15:05:13 +02:00
Elis Hirwing
350cac13cf
Merge pull request #248184 from NixOS/php/add-new-builder-only
php: add new Composer builder
2023-09-14 07:50:27 +02:00
Pol Dellaiera
3eb168da92
build-support/php: add composerNoDev, composerNoPlugins and composerNoScripts attributes 2023-09-13 17:08:04 +02:00
Pol Dellaiera
1173a34d15
build-support/php: move internal tools in php/build-support/php/pkgs 2023-09-13 17:07:48 +02:00
Elis Hirwing
1e238b8afe
php: Fix shellcheck string warnings in composer-install-hook 2023-09-13 15:00:04 +02:00
Elis Hirwing
2160ed2bcc
composer: Stop exposing composer built from a phar file 2023-09-13 15:00:04 +02:00
Elis Hirwing
9e701e6328
composer-local-repo-plugin: Stop exposing this internal tool 2023-09-13 15:00:03 +02:00
Pol Dellaiera
b36ad2f517
php: add new builder buildComposerProject 2023-09-13 15:00:03 +02:00
Pol Dellaiera
27e3b694e7
composer-local-repo-plugin: init at 1.0.0 2023-09-13 15:00:03 +02:00
Jan Tojnar
1cd6d30f2f Merge branch 'master' into staging-next 2023-09-13 12:03:35 +02:00
Artturi
edada48556
Merge pull request #254815 from johannwagner/fix-leading-hyphens-for-testVersion 2023-09-13 01:23:09 +03:00
Robert Scott
9e64f794d1
Merge pull request #208944 from risicle/ris-dockertools-makeoverridable
dockerTools: use makeOverridable for buildImage family of functions
2023-09-12 23:16:06 +01:00
Johann Wagner
da073295d0 testers.testVersion: Fix usage of hyphens within the version argument 2023-09-12 21:54:10 +02:00
Vladimír Čunát
300eaad172
Merge branch 'master' into staging-next 2023-09-12 19:06:44 +02:00
Rick van Schijndel
a31a3eca58
Merge pull request #251066 from lilyinstarlight/feature/prefetch-npm-deps-tokens
prefetch-npm-deps: add support for NIX_NPM_TOKENS env var
2023-09-12 17:31:26 +02:00
Anderson Torres
3fc613c5ba
Merge branch 'master' into staging-next 2023-09-11 23:25:38 +00:00
Lily Foster
7f76ac6e09
fetchNpmDeps: pass NIX_NPM_TOKENS as an impure env var 2023-09-11 16:50:17 -04:00
Lily Foster
e271266179
prefetch-npm-deps: add support for NIX_NPM_TOKENS env var 2023-09-11 16:49:36 -04:00
Robert Scott
38c1400f67 dockerTools: use makeOverridable for buildImage family of functions
this allows nix users to modify existing images without having
to rely on container image inheritance mechanisms via fromImage
2023-09-11 21:10:37 +01:00
Artturi
bb446a19f7
Merge pull request #247682 from minijackson/fix-ppc64be-linker 2023-09-11 22:13:42 +03:00
Minijackson
5581c0677c
bintools-wrapper: fix dynamic linker for powerpc64 big-endian
fixes #245162
2023-09-11 13:55:43 +02:00
Lily Foster
9b2ca17abc
npmHooks.npmInstallHook: avoid script output in npm pack command 2023-09-10 10:31:41 -04:00
github-actions[bot]
66c722f52f
Merge master into staging-next 2023-09-09 18:01:05 +00:00
sternenseemann
bd374243c0 npmHooks: use adjacent packages, not buildPackages
Hooks are essentially implemented as special shell packages that run on
their respective host platform. When they are used, they appear as
nativeBuildInputs (as they need to be executed as part of the build of a
package using them) so are taken from buildPackages relative to the
derivation using them.

Since the override in buildNpmPackage nullifies splicing, we take
npmHooks from buildPackages manually.

Fixes pkgsCross.ghcjs.buildPackages.emscripten and thus
pkgsCross.ghcjs.haskellPackages.ghc.
2023-09-09 17:55:37 +02:00
github-actions[bot]
a376e04925
Merge master into staging-next 2023-09-09 00:02:10 +00:00
Maciej Krüger
6146406653
Merge pull request #252343 from nbraud/fetchurl/hashValidation 2023-09-09 00:55:19 +02:00
rnhmjoj
c945723356
buildFHSEnv: disable security features by default
The implicit contract of buildFHSUserEnv was that it allows to run
software built for a typical GNU/Linux distribution (not NixOS) without
patching it (patchelf, autoPatchelfHook, etc.). Note that this does not
inherently imply running untrusted programs.

buildFHSUserEnv was implemented by using chroot and assembling a
standard-compliant FHS environment in the new root. As expected, this
did not provide any kind of isolation between the system and the
programs.

However, when it was later reimplemented using bubblewrap
(PR #225748), which *is* a security tool, several isolation features
involving detaches Linux namespaces were turned on by default.
This decision has introduced a number of breakages that are very
difficult to debug and trace back to this change.
For example: `unshareIPC` breaks software audio mixing in programs using
ALSA (dmix) and `unsharePID` breaks gdb,

Since:

  1. the security features were enable without any clear threat model;
  2. `buildFHSEnvBubblewrap` is supposed to be a drop-in replacement of
     `buildFHSEnvChrootenv` (see the release notes for NixOS 23.05);
  3. the change is breaking in several common cases (security does not
     come for free);
  4. the contract was not changed, or at least communicated in a clear
     way to the users;

all security features should be turned off by default.

P.S. It would be useful to create a variant of buildFHSEnv that does
provide some isolation. This could unshare some namespaces and mount
only limited parts of the filesystem.
Note that buildFHSEnv mounts every directory in / under the new root, so
again, very little is gained by unsharing alone.
2023-09-08 09:15:50 +02:00
Artturi
fa3a4a18c0
Merge pull request #192459 from danielfullmer/fix-cc-wrapper-libdir 2023-09-07 01:58:51 +03:00
github-actions[bot]
aba6d8043f
Merge staging-next into staging 2023-09-06 18:01:28 +00:00
Silvan Mosberger
7cbc8215fd
Merge pull request #252865 from emily-is-my-username/fix/fetchgit-deepclone
`fetchgit`: don't shallow clone if `deepClone` is requested
2023-09-06 14:08:06 +02:00
github-actions[bot]
848091ac53
Merge staging-next into staging 2023-09-06 06:01:30 +00:00
github-actions[bot]
82535bc9c1
Merge master into staging-next 2023-09-06 06:00:55 +00:00
Lin Jian
cae7f23ed8 build-support/emacs: fix name when overrideAttrs is used
Before:

nix-repl> (pkgs.emacs.pkgs.eglot.overrideAttrs { version = "6.0"; }).name
"emacs-eglot-1.15"

After:

nix-repl> (pkgs.emacs.pkgs.eglot.overrideAttrs { version = "6.0"; }).name
"emacs-eglot-6.0"
2023-09-06 02:24:07 +00:00
Lin Jian
35ccb9db3f build-support/emacs: make version non-optional
I do not think there is a good reason for it to be optional.

There were only two packages without a version attr.  The version attr
is added to them in this patch.
2023-09-06 02:24:07 +00:00
github-actions[bot]
1a5c2acd74
Merge staging-next into staging 2023-09-05 00:02:47 +00:00
github-actions[bot]
77a8486bb3
Merge master into staging-next 2023-09-05 00:02:14 +00:00
Artturi
b80a27d04f
Merge pull request #249567 from antonmosich/typo 2023-09-05 00:38:52 +03:00
Artturi
31c9deb4f7
Merge pull request #218783 from timbertson/stripExcludeExtensions 2023-09-05 00:37:17 +03:00
Artturi
d5139e3017
Merge pull request #245909 from Artturin/setupshchanges2 2023-09-04 20:41:16 +03:00
Artturin
fa98c56f75 setup-hooks/separate-debug-info.sh: Warn if necessary variables are not set
`$OBJCOPY` is not available in bootstrap tools
`stdenv.__bootPackages.stdenv.__bootPackages.stdenv.__bootPackages.stdenv.__bootPackages.stdenv.__bootPackages.bash.stdenv.cc.bintools`
2023-09-03 23:02:45 +03:00
Tim Cuthbertson
0bffcc3f3c setup-hooks/strip: add stripExclude 2023-09-03 20:18:10 +03:00
Peter Waller
e08ce498f0 cc-wrapper: Account for NIX_LDFLAGS and NIX_CFLAGS_LINK in linkType
Without this, pkgsStatic.pkgsLLVM.hello fails with segfaulting binaries
because of the issue described at [0].

In summary, llvm's linker has a different behaviour to GCC's when
supplied with both -static and -Wl,-dynamic-linker=...; GCC copes with
it, but LLVM produces a binary which segfaults on startup. It appears to
be necessary to omit the dynamic linker in this case.

nixpkgs' static adaptor passes -static via NIX_CFLAGS_LINK which was not
accounted for prior to this commit in the checkLinkType logic. For good
measure I put the other NIX_ flags affecting link in the same logic.

Additionally, $NIX_CFLAGS_LINK_@suffixSalt@ is not available until later
than it was originally set, so set $linkType close to its point of use.
I checked for earlier uses by studying the shell trace output and
couldn't find any.

[0] https://github.com/NixOS/nixpkgs/issues/111010#issuecomment-1536424163

Signed-off-by: Peter Waller <p@pwaller.net>
2023-09-03 13:49:50 +01:00
Artturin
1db1e3c467 stdenv: Fix possible issues discovered with
```
set -o errexit -o nounset -o pipefail
shopt -s inherit_errexit
```

in `stdenv/default-builder.sh`
2023-09-02 03:25:36 +03:00
github-actions[bot]
14f4a764c5
Merge master into staging-next 2023-09-02 00:02:17 +00:00
figsoda
eee0a82ee0
Merge pull request #251369 from srid/writeShellApplication-meta 2023-09-01 16:53:49 -04:00
Vladimír Čunát
e1b1a251f7
Merge #252459: win-dll-links: also copy dll from dependencies
...into staging-next.  It's a topologically earlier remerge.
2023-09-01 07:17:35 +02:00
brano543
1086f093a9 win-dll-links: also copy dll from dependencies
Fixes running `pkgsCross.mingwW64._7zz` in wine.

Fixes issue 38451

```
tree result/bin
result/bin
├── 7zz.exe
└── mcfgthread-12.dll -> ../../wmgj476qjfw26f9aij1d64lxrjfv6kk0-mcfgthreads-x86_64-w64-mingw32-git/bin/mcfgthread-12.dll
```

Co-authored-by: marius david <marius@mariusdavid.fr>
2023-08-31 21:47:48 +03:00
Atemu
4867914ee3
Merge pull request #250500 from trofi/fix-buildFHSEnv-BINTOOLS-wrapper
buildFHSEnv: fix `NIX_LDFLAGS` propagation to `ld` wrapper
2023-08-31 18:58:34 +02:00
aleksana
981754aba8 nix-prefetch-git: fix make_deterministic_repo in submodules 2023-08-31 18:25:06 +08:00
Maciej Krüger
b9ab9a92b9
Merge pull request #251409 from gilice/flutter-313 2023-08-30 22:00:14 +02:00
nicoo
af5682b3e1 fetchurl: Correctly handle { outputHash != ""; outputHashAlgo = "" }
Previously, the error that would be thrown would have been confusing:
```
fetchurl requires a hash for fixed-output derivation
```
2023-08-30 09:51:22 +00:00
nicoo
a59f03079c fetchurl: Validate that a single hash was passed 2023-08-30 09:51:22 +00:00
nicoo
76aedfaaee fetchDebianPatch: Handle the case of lib* packages 2023-08-30 08:28:45 +00:00
nicoo
e4162c9e7b fetchDebianPatch: add test 2023-08-30 07:55:07 +00:00
nicoo
d4e265327f fetchDebianPatch: Rename patch parameter, make name overrideable
This allows using the fetcher with `invalidateFetcherByDrvHash` for testing.
2023-08-30 07:53:05 +00:00
nicoo
741ed30e77 fetchDebianPatch: init 2023-08-30 07:53:04 +00:00
Artturi
bacceeba12
Merge pull request #252067 from lucasew/fix-buildFlutterApplication-passthru 2023-08-29 17:48:06 +03:00
hacker1024
1dcba055e5 buildDartApplication: Supply CA bundle to Dart in FOD
DART_VM_OPTIONS is not effective.
2023-08-29 13:12:15 +02:00
hacker1024
41bbc2c311 flutter: Supply CA bundle in sandbox 2023-08-29 13:12:01 +02:00
lucasew
acafc8e76e flutter.buildFlutterApplication: fix passthru being ignored
Signed-off-by: lucasew <lucas59356@gmail.com>
2023-08-28 22:54:36 -03:00
Lin Jian
6505082e72 emacsWithPackages: load compiled site-start.el of $emacs if possible
The first log in *Message* before this patch:

  Loading /nix/store/bikm18vy6v07hmrvrll501i68440w9iw-emacs-29.1-rc1/share/emacs/site-lisp/site-start.el (source)...done

and after this patch:

  Loading /nix/store/bikm18vy6v07hmrvrll501i68440w9iw-emacs-29.1-rc1/share/emacs/site-lisp/site-start (native compiled elisp)...done
2023-08-28 15:46:04 +00:00
Lin Jian
e8f6a5ce34 emacsWithPackages: do not symlink $emacs/share/emacs
I see no reason to symlink this dir.

Doing so may shadow unwanted libraries since the site-start.el of
Emacs adds paths under NIX_PROFILES to load-path.

It is added in [1] to fix "building emacs".  However, I have no issue
in building and using Emacs after removing it.

[1]: https://github.com/NixOS/nixpkgs/pull/89351
2023-08-28 15:46:04 +00:00
Lin Jian
f5fbea9761 emacsWithPackages: do not add the wrapper path twice
"$out/share/emacs/site-lisp" is added to load-path in wrapper.sh[1]
using EMACSLOADPATH and "$out/share/emacs/native-lisp/" is added to
native-comp-eln-load-path in wrapper.sh[2] using
EMACSNATIVELOADPATH. There is no point to add them again here.

Additionally, the trailing "/" in "$out/share/emacs/native-lisp/"
causes duplicate entries in native-comp-eln-load-path:

("/nix/store/hash1-emacs-packages-deps/share/emacs/native-lisp/" ; [3]
 "/home/user/.emacs.d/eln-cache/"
 "/nix/store/hash1-emacs-packages-deps/share/emacs/native-lisp"  ; [2]
 "/nix/store/hash2-emacs-29.1-rc1/lib/emacs/29.1/native-lisp/")

load-path does not change with this patch applied.

[1]: 1476c13422/pkgs/build-support/emacs/wrapper.sh (L47)
[2]: 1476c13422/pkgs/build-support/emacs/wrapper.sh (L50)
[3]: 1476c13422/pkgs/build-support/emacs/wrapper.nix (L166)
2023-08-28 15:46:04 +00:00
Robert Scott
df02fcb79b cc-wrapper: don't use fortify-headers for non-gcc compilers 2023-08-28 15:06:44 +01:00
hacker1024
84347c2195 flutter: Use wrapGAppsHook
Flutter's Linux desktop embedding uses GTK. wrapGAppsHook should be used.
2023-08-28 11:59:44 +10:00
github-actions[bot]
4cdbb53d13
Merge master into staging-next 2023-08-26 12:01:05 +00:00
Ryan Lahfa
3506ce32c5
Merge pull request #238407 from RaitoBezarius/licenses-for-nc-plugins 2023-08-26 13:38:21 +02:00
Adam Joseph
52374770b0
Merge pull request #251534 from amjoseph-nixpkgs/pr/default-crate-overrides/libseat-sys
default-crate-overrides: add libseat-sys
2023-08-26 10:52:14 +00:00
markuskowa
212d454c2a
Merge pull request #246867 from markuskowa/add-mpi-hook
add mpiCheckPhaseHook
2023-08-26 11:54:56 +02:00
Adam Joseph
2ea678ed48 default-crate-overrides: add libseat-sys
This is needed for building `cosmic-comp` using `crate2nix` instead
of `buildRustPackage` (like
https://github.com/NixOS/nixpkgs/pull/251365/ does).
2023-08-26 01:08:29 -07:00
github-actions[bot]
e79f8fd118
Merge master into staging-next 2023-08-25 18:00:58 +00:00
Lin Jian
3e025f1393 emacsWithPackages: add a note for EMACSNATIVELOADPATH 2023-08-25 17:42:21 +00:00
Lin Jian
7f8cd3d8f9 emacsWithPackages: remove redundant colons 2023-08-25 17:42:21 +00:00
Lin Jian
d380784357 emacsWithPackages: fix logic of adding EMACSNATIVELOADPATH
Without this change, EMACSNATIVELOADPATH will not be added if
EMACSLOADPATH is added.
2023-08-25 17:42:21 +00:00
Sridhar Ratnakumar
250d324776
trivial-builders: add meta to writeShellApplication 2023-08-25 09:38:21 -04:00
github-actions[bot]
abaaf09a76
Merge master into staging-next 2023-08-24 18:00:52 +00:00
Shea Levy
c7417f5a3c
Merge pull request #250577 from shlevy/nix-buffer-new-emacs
nixBufferBuilders fixes
2023-08-24 08:53:56 -04:00
github-actions[bot]
4328391132
Merge master into staging-next 2023-08-24 12:01:05 +00:00
Brian McGee
9aa91ec7b5 build-support/vm: fix makeImageTestScript
`qemu-img create` now requires an additional `-F <second_image_format>` flag.

https://github.com/qemu/qemu/blob/master/docs/about/removed-features.rst#qemu-img-backing-file-without-format-removed-in-61
2023-08-24 09:09:43 +01:00
Yueh-Shun Li
7ccd495465 apptainer, singularity: drop obsolete LOCALSTATEDIR dirs
Leave only the SESSIONDIR, which is "$LOCALSTATEDIR/$projectName/mnt/session"
2023-08-23 18:20:25 +08:00
github-actions[bot]
b179570bca
Merge master into staging-next 2023-08-23 06:01:21 +00:00
Adam Joseph
be547cb31f
Merge pull request #247527 from oxij/metrics/fetchzip
fetchzip: cleanup and improve metrics
2023-08-23 05:12:47 +00:00
OTABI Tomoya
ccaca85500
Merge pull request #249091 from TomaSajt/dotnet-fix
Fix useDotnetFromEnv's DOTNET_ROOT detection
2023-08-23 14:04:47 +09:00
OTABI Tomoya
55e2339423
Merge pull request #249176 from TomaSajt/build-dotnet-global-tool-fix
buildDotnetGlobalTool: fix typo
2023-08-23 13:57:55 +09:00
Markus Kowalewski
587a19e43c mpiCheckPhaseHook: add new setup hook for MPI aware check phases
Add this hook to checkPhase to allow for running MPI application in
the sandbox. It detects the MPI implementations and sets the respective
environment variables.
2023-08-22 23:27:47 +02:00
github-actions[bot]
1f6fb14d17
Merge staging-next into staging 2023-08-22 00:02:25 +00:00
zowoq
9b562802e0 Revert "buildGoModule: set GOPROXY to go default"
This reverts commit 3392d56b72.

Fixed in cbc976a97c
2023-08-22 09:20:22 +10:00
Sergei Trofimovich
2da0307220 buildFHSEnv: fix NIX_LDFLAGS propagation to ld wrapper
Before the change the following command did not work:

    $ nix develop -i --impure --expr 'with import <nixpkgs> { system = "i686-linux"; }; (buildFHSUserEnv { name = "t"; targetPkgs = ps: with ps; [ libmpc stdenv.cc ]; }).env'
    $ ld -lmpc -o a
    ld: cannot find -lmpc: No such file or directory

It is expected to work as `NIX_LDFLAGS` does contain valid values:

    $ echo $NIX_LDFLAGS
    -L/usr/lib -L/usr/lib32

Note that for `gcc` it does work:

    $ printf "int main(){}" |  gcc -x c - -lmpc -o a

It happens because `HOST` role is enabled for `cc`:

    $ echo $NIX_CC_WRAPPER_TARGET_HOST_i686_unknown_linux_gnu
    1

But not for `BINTOOLS`:

    $ echo $NIX_BINTOOLS_WRAPPER_TARGET_HOST_i686_unknown_linux_gnu
    <empty>

The change adds BINTOOLS role and fixes linking:

    $ nix develop -i --impure --expr 'with import ~/nm { system = "i686-linux"; }; (buildFHSUserEnv { name = "t"; targetPkgs = ps: with ps; [ libmpc stdenv.cc ]; }).env'
    $ printf "int main(){}" |  gcc -x c - -lmpc -o a
    $ ld -lmpc -o a
    ld: warning: cannot find entry symbol _start; not setting start address
2023-08-21 07:50:37 +01:00
Michael Hoang
66884a4912 writeDarwinBundle: use binary wrapper
Previously `writeDarwinBundle` used a handcrafted shell wrapper, however
this causes issues on Apple Silicon Macs as script-only application
bundles are always run under Rosetta[0][1].

Replacing the handcrafted shell wrapper with a binary wrapper allows
apps to run natively instead of requiring Rosetta. However, this means
we can no longer use `$1` and `$@`.

After checking nearly every current usage of `desktopToDarwinBundle`,
there were no apps that used `%[fFuU]` before the last argument, meaning
removing them naively is good enough for the current apps.

[0]: https://developer.apple.com/documentation/apple-silicon/building-a-universal-macos-binary
[1]: https://stackoverflow.com/a/68208374
2023-08-21 13:29:12 +10:00
Maximilian Bosch
9a62a46874
fetchNextcloudApp: remove backwards compat for old interface
The `name` & `version` attributes only existed in a previous form of
the API before it was switched over to using `fetchzip` &
`applyPatches`[1]. The attributes existed to be able to throw an
evaluation error with upgrade instructions when this was used. However,
this was before 22.11, so this shouldn't be in use anymore (and if
somebody is doing a migration from a very old NixOS, this is still
documented in the 22.11 release-notes[2]).

Anyways, this simplifies the code a little bit and also having both
`appName`/`appVersion` and `name`/`version` in there is quite confusing. But
still, I figured it's less confusing to not re-use attributes that were
deprecated in the past, hence the alternative naming.

[1] 3ca9b9a8ad
[2] d41b381310
2023-08-20 13:41:43 +02:00
Maximilian Bosch
c317dcec0d
nextcloud*Packages: expose proper license information
This change makes sure that each Nextcloud plugin installed provides a
`meta` section with proper license information.

Unfortunately, the metadata from the appstore is useless for this
purpose since it doesn't differentiate between e.g. AGPL 3.x and AGPL
3.x or any later version. In fact, this isn't consistent between their
software, e.g. `bookmarks` has `agpl3Plus` according to the files'
headers[1] whereas `twofactor_nextcloud_notification` is AGPL 3 only[2].

I don't think there's any trivial and reasonable way to retrieve this
information programatically, so I decided to change the format of
`nextcloud-apps.json`[3] to also contain the license in the form of the
license attribute we have in `lib/licenses.nix`, i.e. GNU AGPL 3 or
later is `agpl3Plus`.

I retrieved the information using the following approach:

* go to the source code of $app at the revision we currently have
  packaged
* check for a license identifier (does it specify the license only or
  the license "or any later version")?
  * first in `src/main.js` because most apps from Nextcloud itself used
    actual spdx identifiers in the frontend's source-code.
  * then in `lib/AppInfo/Application.php` which each Nextcloud app has.

License changes should be updated accordingly when updating the apps. As
with any other package in nixpkgs as well, this currently needs to be
done manually (or as part of the review process)[4].

Also, I decided to change the `name` of the `applyPatches` derivation
from `source-patched` to `nextcloud-app-${appName}-${appVersion}`. When
deploying a lot of apps (and probably displaying the diff using
`nix store diff-closures` on deploy), the current output isn't very
helpful. This is purely optional because I didn't want to break the
interface of `fetchNextcloudApp` again.

[1] https://github.com/nextcloud/bookmarks/blob/v13.1.0/lib/AppInfo/Application.php#L6
[2] https://github.com/nextcloud/twofactor_nextcloud_notification/blob/v3.7.0/lib/AppInfo/Application.php
[3] This isn't really well-defined since it's preprocessed with `jq(1)`
    before passing the apps to nc4nix.
[4] Though notable license changes (e.g. agpl -> gpl) would also pop up
    in the diff of <nextcloudversion>.json, so this is pretty easy to
    catch.
2023-08-20 13:39:44 +02:00
Maximilian Bosch
850af44435
applyPatches: fix adding meta information 2023-08-20 11:51:21 +02:00
Raito Bezarius
b4b1ce2443
fetchNextcloudApp: meta propagation for licenses, etc.
This improves the metadata propgation for nc4nix-generated packages.

Adds:

- licenses (best effort given spdxId doesn't seem guaranteed here)
- homepage
- longDescription
2023-08-20 11:49:15 +02:00
Raito Bezarius
ccbd98db50
trivial-builders/applyPatches: carry meta information to the patched source
There is no reason to not carry licenses and other information to any patched source.

This should improve our metadata in those situations.
2023-08-20 11:49:14 +02:00
github-actions[bot]
f6d3a09e06
Merge staging-next into staging 2023-08-20 06:01:25 +00:00
github-actions[bot]
1bb285561e
Merge master into staging-next 2023-08-20 06:00:56 +00:00
Robert Schütz
cf970f13ab
Merge pull request #249879 from dotlambda/carto-buildNpmPackage
carto: use buildNpmPackage
2023-08-20 04:11:43 +00:00
github-actions[bot]
8a62479e06
Merge staging-next into staging 2023-08-20 00:03:24 +00:00
github-actions[bot]
f6a4c6f912
Merge master into staging-next 2023-08-20 00:02:29 +00:00
Adam Joseph
af0400c500
Merge pull request #193086 from Atry/stdenv.cc.libcxx
clang-wrapper and gcc-wrapper: add `stdenv.cc.libcxx` to detect the standard C++ library
2023-08-19 21:11:51 +00:00
github-actions[bot]
9145b3fd81
Merge staging-next into staging 2023-08-19 18:01:22 +00:00
github-actions[bot]
b34f222b02
Merge master into staging-next 2023-08-19 18:00:51 +00:00
Robert Schütz
96e5dce777 buildNpmPackage: use installManPage 2023-08-19 10:04:00 -07:00
Robert Hensing
65d41fb588
Merge pull request #248735 from considerate/considerate/merge-docker
dockerTools: replace --no-clobber with --update=none
2023-08-19 17:58:40 +02:00
Viktor Kronvall
ca072c08a2 dockerTools: replace fakechroot with proot
The command `fakechroot` errored with buffer overflows. The `proot`
command doesn't seem to suffer from the same problem. The tar command
creating the layer errors with "permission denied" on a bunch of paths
in /proc but the layer seems to get built anyway.
2023-08-19 23:34:21 +09:00
Robert Scott
658ab4b45b cc-wrapper: add fortify flags after invocation args, not before
this splits hardeningCFlags into hardeningCFlagsAfter and
hardeningCFlagsBefore (where most flags still remain) to allow
us to *append* `-D_FORTIFY_SOURCE=` values to the command-line,
forcing our choice of fortify level and avoiding potential
redefinition warnings/errors through use of `-U_FORTIFY_SOURCE`
2023-08-19 14:59:06 +01:00
github-actions[bot]
c9e2cfa3f4
Merge staging-next into staging 2023-08-19 06:01:31 +00:00
github-actions[bot]
1e271fd42a
Merge master into staging-next 2023-08-19 06:01:05 +00:00
aszlig
8e6c0c14a4
libredirect: Fix segfault handling null paths
While using libredirect in conjunction with geckodriver, I stumbled on
odd segfaults that happened when running the wrapped statx() call from
libredirect:

  0x00007ffff7ddd541 in __strncmp_avx2 () from .../lib/libc.so.6
  0x00007ffff7f6fe57 in statx () from .../lib/libredirect.so
  0x00005555558d35bd in std::sys::unix::fs::try_statx::h2045d39b0c66d4e8 ()
  0x00005555558d2230 in std::sys::unix::fs::stat::ha063998dfb361520 ()
  0x0000555555714019 in mozversion::firefox_version::hdc3b57eb04947426 ()
  0x00005555556a603c in geckodriver::capabilities::FirefoxCapabilities::version::h58e289917bd3c721 ()
  0x00005555556a77f5 in <geckodriver::capabilities::FirefoxCapabilities as webdriver::capabilities::BrowserCapabilities>::validate_custom::h62d23cf9fd63b719 ()
  0x000055555562a7c8 in webdriver::capabilities::SpecNewSessionParameters::validate::h60da250d33f0989f ()
  0x00005555556d7a13 in <core::iter::adapters::map::Map<I,F> as core::iter::traits::iterator::Iterator>::try_fold::h9427a360a3d0bf8f ()
  0x0000555555669d85 in <alloc::vec::Vec<T> as alloc::vec::spec_from_iter::SpecFromIter<T,I>>::from_iter::hd274d536ea29bb33 ()
  0x00005555555c05ef in core::iter::adapters::try_process::hdf96a01ec1f9b8bd ()
  0x000055555561768d in <webdriver::capabilities::SpecNewSessionParameters as webdriver::capabilities::CapabilitiesMatching>::match_browser::hfbd8c38f6db17e9f ()
  0x00005555555ca6ef in <geckodriver::marionette::MarionetteHandler as webdriver::server::WebDriverHandler<geckodriver::command::GeckoExtensionRoute>>::handle_command::h13b98b9cb87a69d6 ()
  0x00005555555e859e in webdriver::server::Dispatcher<T,U>::run::h746a8bf2f0bc24fd ()
  0x000055555569ff0f in std::sys_common::backtrace::__rust_begin_short_backtrace::h3b920773bd467d2a ()
  0x00005555555dbc99 in core::ops::function::FnOnce::call_once{{vtable.shim}}::h81ba7228877515f7 ()
  0x00005555558d31a3 in std::sys::unix:🧵:Thread:🆕:thread_start::h4514580219a899c5 ()
  0x00007ffff7d0ce24 in start_thread () from .../lib/libc.so.6
  0x00007ffff7d8e9b0 in clone3 () from .../lib/libc.so.6

The reason why I found this odd was because it happens in the following
piece of code (shortened a bit):

   1 static const char * rewrite(const char * path, char * buf)
   2 {
   3   if (path == NULL) return path;
   4   for (int n = 0; n < nrRedirects; ++n) {
   5     int len = strlen(from[n]);
   6     if (strncmp(path, from[n], len) != 0) continue;
   7     if (snprintf(buf, PATH_MAX, "%s%s", to[n], path + len) >= PATH_MAX)
   8       abort();
   9     return buf;
  10   }
  11   return path;
  12 }

When inspecting the assembly, I found that the check for the null
pointer in line 3 was completely missing and the code was directly
entering the loop and then eventually segfault when running strncmp()
with a null pointer as its first argument.

I confirmed that indeed that check was missing by compiling libredirect
with "-O0" and comparing the generated assembly with the optimized one.
The one compiled with "-O0" had that check while the optimized one did
not and indeed when running geckodriver with the unoptimized version it
worked fine.

Digging in the Git history, I found 5677ce2008,
which actually introduced the null pointer check. Going back to that
commit however, the check actually was still in the generated assembly.

So I bisected between that commit and the most recent one and ended up
with commit ca8aa5dc87, which moved
everything to use GCC 7.

I haven't found out why *exactly* GCC was optimizing the check away, but
playing around on Godbolt with various other compilers seems that other
compilers such as Clang are doing it as well. Additionally, given that
passing NULL to stat() is UB, my guess is that compilers tend to assume
that such an argument can't be NULL. My assumption is based on the fact
that GCC warns with "argument 1 null where non-null expected" when
passing NULL to eg. stat().

To address this for now, I marked the path argument of the rewrite()
volatile and also added a test that should cause a segfault in case this
would regress again as it already did.

Signed-off-by: aszlig <aszlig@nix.build>
2023-08-19 00:58:43 +02:00
Pierre Bourdon
28693fb1c3
buildNpmPackage: symlink manpages to the correct output directory 2023-08-18 12:41:05 +02:00
Shea Levy
bf7a81d8dd
nixBufferBuilders: Don't assume the user has used eshell 2023-08-18 04:49:33 -04:00
Shea Levy
994f2560d0
Fix nixBufferBuilders for newer emacs 2023-08-17 10:38:37 -04:00
Viktor Kronvall
b35440bfcf dockerTools: replace --no-clobber with --update=none
Since coreutils v9.2 the `--no-clobber` flag results in a non-zero exit
code when the destination files exist. Using `--update=none` will now
reproduce the old behavior of `--no-clobber`.

However, the `--update=none` flag was introduced in coreutils v9.3 and
thus `mergeImages` will fail if you have an older version than v9.3 in
stdenv after applying this commit.

[coreutils v9.3 changelog](f386722dc0/NEWS (L48))
2023-08-17 01:37:07 +09:00
Anton Mosich
04df8d6442 make-startupitem: fix typo in comment 2023-08-16 18:03:02 +02:00
TomaSajt
9646cb5c49
buildDotnetGlobalTool: fix typo 2023-08-14 20:56:27 +02:00
github-actions[bot]
674c2b1920
Merge master into staging-next 2023-08-14 18:01:03 +00:00
Artturin
b93da3f4b7 treewide: overrideScope' -> overrideScope
`lib.makeScope` `overrideScope'` has been renamed to `overrideScope`

`fd --type f | xargs sd --string-mode "overrideScope'" "overrideScope"`
2023-08-14 18:46:47 +03:00
Adam Joseph
a97e8fc272 make-initrd-ng: use hostPlatform.ubootArch for uinitrdArch
This allows make-initrd-ng to pick up the few cases where Linux and
u-boot disagree.
2023-08-14 01:34:08 -07:00
Yang, Bo
1b8ca87a83
Merge branch 'master' into stdenv.cc.libcxx 2023-08-12 14:19:01 -07:00
github-actions[bot]
9cc6a98540
Merge master into staging-next 2023-08-11 18:00:55 +00:00
Charlie Moog
0b4c5d23cd
trivial-builders: add meta.mainProgram to writeShellScriptBin
Derivations built with `writeShellScriptBin`
should always be runnable with `nix run`. At present,
the derivation is missing both `meta.mainProgram`
and `pname`– this means that `nix run` falls back
to inferring the bin path from `name`. This is
unreliable and depends on faulty heuristics.

For context, reference the following snippet from
`nix run --help`:

    If installable evaluates to a derivation, it will try to execute the
    program <out>/bin/<name>, where out is the primary output store path
    of the derivation, and name is the first of the following that exists:

      · The meta.mainProgram attribute of the derivation.
      · The pname attribute of the derivation.
      · The name part of the value of the name attribute of the derivation.
2023-08-11 00:40:37 -05:00
Artturi
442314b689
Merge pull request #247759 from Artturin/stripmktempdir 2023-08-10 15:18:58 +03:00
Lily Foster
785ed11d0a
prefetch-npm-deps: fix error typo and unnecessary name qualifier 2023-08-09 19:13:26 -04:00
github-actions[bot]
37cdcaae78
Merge staging-next into staging 2023-08-09 12:01:51 +00:00
Francesco Gazzetta
b2e987dd16
Merge pull request #240348 from fgaz/write-shell-application/check-platforms
writeShellApplication: use shellcheck only where supported
2023-08-09 12:17:46 +02:00
github-actions[bot]
792f4d7934
Merge staging-next into staging 2023-08-08 18:01:27 +00:00
sternenseemann
af60e68744 testers.hasPkgConfigModules: allow checking multiple pkg-config mods
This is very useful in conjunction with meta.pkgConfigModules, as the
new tester can use the list provided by this meta attribute as a default
value for moduleNames, making its usage in passthru.tests very
convenient.

For backwards compatibility, a shim under the old name is maintained
with a warning.
2023-08-08 19:16:48 +02:00
Jan Malakhovski
9437e4da35 fetchurl: cleanup a bit by moving the warning into assert 2023-08-08 13:38:11 +00:00
Jan Malakhovski
9dcecbdb31 fetchzip: cleanup and improve metrics a bit 2023-08-08 13:25:28 +00:00
github-actions[bot]
f19f490d4e
Merge staging-next into staging 2023-08-08 12:01:54 +00:00
Nick Cao
b98f6d9072
Merge pull request #246712 from NickCao/jax-rework
python3Packages.{jax,jaxlib}: update to 0.4.14
2023-08-08 01:58:03 -06:00
TomaSajt
ed60ed3562
Fix useDotnetFromEnv's DOTNET_ROOT detection 2023-08-08 00:37:49 +02:00
Artturin
520a544ee5 setup-hooks/strip: Create the log file in '$TMDPIR'
vcunat said

> This invocation of mktemp creates the file in the current directory, which is bad practice. We should add "--tmpdir=$TMPDIR" or make the template absolute.

> I noticed because one package did cd $src during installing, which is a read-only path...
2023-08-07 18:20:56 +03:00
Robert Scott
0865f1f4d7
Merge pull request #219421 from risicle/ris-fortify-headers-auto
cc-wrapper: include fortify-headers before libc includes for musl
2023-08-06 22:50:48 +01:00
github-actions[bot]
bbf876fefa
Merge staging-next into staging 2023-08-06 18:01:26 +00:00
github-actions[bot]
191e60634e
Merge master into staging-next 2023-08-06 18:01:04 +00:00
Robert Scott
95c4a1fe96 cc-wrapper: include fortify-headers before libc includes for musl 2023-08-06 17:52:28 +01:00
Weijia Wang
b3e14fbf79
Merge pull request #247501 from oxij/fix/fetchrepoproject
fetchrepoproject: fix a bug
2023-08-06 16:32:48 +02:00
Jan Malakhovski
2c50e3491e fetchrepoproject: fix a bug that was there since bef6bef0d2 2023-08-06 12:17:09 +00:00
github-actions[bot]
0031ae7742
Merge staging-next into staging 2023-08-06 00:03:36 +00:00
github-actions[bot]
c90f3611dc
Merge master into staging-next 2023-08-06 00:02:21 +00:00
Francesco Gazzetta
2c5990f03a writeShellApplication: use shellcheck only where supported 2023-08-05 18:31:20 +02:00
Naïm Favier
ec2efb7476
Merge pull request #247164 from tjni/make-wrapper-dependencies
makeBinaryWrapper: remove cc dependency on aarch64-darwin
2023-08-05 10:30:54 +02:00
Vladimír Čunát
d5732d9669
Merge branch 'staging-next' into staging 2023-08-05 07:45:29 +02:00
Theodore Ni
ca73fb024a
makeBinaryWrapper: remove cc dependency on aarch64-darwin 2023-08-04 14:12:56 -07:00
K900
8bd0cd850b requireFile: fix error message with SRI hashes 2023-08-04 15:34:30 +03:00