mirror of
https://github.com/NixOS/nixpkgs.git
synced 2025-01-14 17:04:42 +00:00
aac197ee00
Fixes CVE-2023-28856. https://github.com/redis/redis/releases/tag/7.0.11
84 lines
3.0 KiB
Nix
84 lines
3.0 KiB
Nix
{ lib, stdenv, fetchurl, fetchpatch, lua, pkg-config, nixosTests
|
|
, tcl, which, ps, getconf
|
|
, withSystemd ? lib.meta.availableOn stdenv.hostPlatform systemd, systemd
|
|
# dependency ordering is broken at the moment when building with openssl
|
|
, tlsSupport ? !stdenv.hostPlatform.isStatic, openssl
|
|
}:
|
|
|
|
stdenv.mkDerivation rec {
|
|
pname = "redis";
|
|
version = "7.0.11";
|
|
|
|
src = fetchurl {
|
|
url = "https://download.redis.io/releases/${pname}-${version}.tar.gz";
|
|
hash = "sha256-ziUNH7oELGE944oV1AiJt498ttVGGifjUBe6ObByIeM=";
|
|
};
|
|
|
|
patches = [
|
|
# Fix flaky test tests/unit/memefficiency.tcl
|
|
(fetchpatch {
|
|
url = "https://github.com/redis/redis/commit/bfe50a30edff6837897964ac3374c082b0d9e5da.patch";
|
|
sha256 = "sha256-0GMiygbO7LbL1rnuOByOJYE2BKUSI+yy6YH781E2zBw=";
|
|
})
|
|
];
|
|
|
|
nativeBuildInputs = [ pkg-config ];
|
|
|
|
buildInputs = [ lua ]
|
|
++ lib.optional withSystemd systemd
|
|
++ lib.optionals tlsSupport [ openssl ];
|
|
# More cross-compiling fixes.
|
|
# Note: this enables libc malloc as a temporary fix for cross-compiling.
|
|
# Due to hardcoded configure flags in jemalloc, we can't cross-compile vendored jemalloc properly, and so we're forced to use libc allocator.
|
|
# It's weird that the build isn't failing because of failure to compile dependencies, it's from failure to link them!
|
|
makeFlags = [ "PREFIX=${placeholder "out"}" ]
|
|
++ lib.optionals (stdenv.buildPlatform != stdenv.hostPlatform) [ "AR=${stdenv.cc.targetPrefix}ar" "RANLIB=${stdenv.cc.targetPrefix}ranlib" "MALLOC=libc" ]
|
|
++ lib.optionals withSystemd [ "USE_SYSTEMD=yes" ]
|
|
++ lib.optionals tlsSupport [ "BUILD_TLS=yes" ];
|
|
|
|
enableParallelBuilding = true;
|
|
|
|
hardeningEnable = [ "pie" ];
|
|
|
|
env.NIX_CFLAGS_COMPILE = toString (lib.optionals stdenv.cc.isClang [ "-std=c11" ]);
|
|
|
|
# darwin currently lacks a pure `pgrep` which is extensively used here
|
|
doCheck = !stdenv.isDarwin;
|
|
nativeCheckInputs = [ which tcl ps ] ++ lib.optionals stdenv.hostPlatform.isStatic [ getconf ];
|
|
checkPhase = ''
|
|
runHook preCheck
|
|
|
|
# disable test "Connect multiple replicas at the same time": even
|
|
# upstream find this test too timing-sensitive
|
|
substituteInPlace tests/integration/replication.tcl \
|
|
--replace 'foreach mdl {no yes}' 'foreach mdl {}'
|
|
|
|
substituteInPlace tests/support/server.tcl \
|
|
--replace 'exec /usr/bin/env' 'exec env'
|
|
|
|
sed -i '/^proc wait_load_handlers_disconnected/{n ; s/wait_for_condition 50 100/wait_for_condition 50 500/; }' \
|
|
tests/support/util.tcl
|
|
|
|
./runtest \
|
|
--no-latency \
|
|
--timeout 2000 \
|
|
--clients $NIX_BUILD_CORES \
|
|
--tags -leaks \
|
|
--skipunit integration/failover # flaky and slow
|
|
|
|
runHook postCheck
|
|
'';
|
|
|
|
passthru.tests.redis = nixosTests.redis;
|
|
|
|
meta = with lib; {
|
|
homepage = "https://redis.io";
|
|
description = "An open source, advanced key-value store";
|
|
license = licenses.bsd3;
|
|
platforms = platforms.all;
|
|
changelog = "https://github.com/redis/redis/raw/${version}/00-RELEASENOTES";
|
|
maintainers = with maintainers; [ berdario globin marsam ];
|
|
mainProgram = "redis-cli";
|
|
};
|
|
}
|