All the programs provided by ncurses were being installed to the $dev
output, but several of them are intended for runtime use, e.g. to
operate on the running terminal. These user-facing programs are moved to
the $bin output.
Several packages referred to "${ncurses}/bin" or "${ncurses.dev}/bin" at
runtime; these paths are also updated to refer to "${ncurses.bin}/bin".
The $lib output refers to the terminfo database in $out, which is about
10x larger than the ncurses shared library. Splitting these outputs
saves a small amount of space for any derivations that use the terminfo
database but not the ncurses library, but we do not have evidence that
any such exist.
The 'runtime-link=' feature must not be set in addition to 'link='
for boost-1.55 when building only the statically linked libraries.
Fixes errors that targets were defined multiple times.
It segfaults when built with GCC 5. I could try to fix it, but it's
not clear if anybody still cares about this package. Disabling it
until somebody complains.
http://hydra.nixos.org/build/32612811
So far only .la files get correctly converted to absolute paths in the
GIR file. However if there are .so files which depend on a particular
library using GI, they still get only the basename of the .so file.
This improves on the existing absolute_shlib_path.patch not only
figuring out the absolute path of .so files but also falling back on the
absolute path of $out/lib (or $lib/lib with multiple outputs) of the
current build.
With this, we should no longer need to resort to setting LD_LIBRARY_PATH
for all programs that use GI libraries.
I'm merging this because after more than a month no issues came up so
far.
Provided that not too much breaks, we should probably cherry-pick this
to 16.03, since the end of the 1.0.1 support window is a bit too close
to the expected lifetime of 16.0.3. @domenkozar
The importance of glibc makes it worthwhile to provide debug
symbols. However, this revealed an issue with separateDebugInfo: it
was indiscriminately adding --build-id to all ld invocations, while in
fact it should only do that for final links. Glibc also uses non-final
("relocatable") links, leading to subsequent failure to apply a build
ID ("Cannot create .note.gnu.build-id section, --build-id
ignored"). So now ld-wrapper.sh only passes --build-id for final
links.
This package takes an excessive amount of time to build (e.g., right
now Hydra is showing eight concurrent builds of webkitgtk, some of
them running for more than 6 hours). This may also delay channel
updates.
This release includes the following changes:
o libssh2_session_set_last_error: Add function
o mac: Add support for HMAC-SHA-256 and HMAC-SHA-512
o WinCNG: support for SHA256/512 HMAC
o kex: Added diffie-hellman-group-exchange-sha256 support
o OS/400 crypto library QC3 support
This release includes the following security advisory:
o diffie_hellman_sha256: convert bytes to bits
CVE-2016-0787: http://www.libssh2.org/adv_20160223.html
This release includes the following bugfixes:
o SFTP: Increase speed and datasize in SFTP read
o openssl: make libssh2_sha1 return error code
o openssl: fix memleak in _libssh2_dsa_sha1_verify()
o cmake: include CMake files in the release tarballs
o Fix builds with Visual Studio 2015
o hostkey.c: Fix compiling error when OPENSSL_NO_MD5 is defined
o GNUmakefile: add support for LIBSSH2_LDFLAG_EXTRAS
o GNUmakefile: add -m64 CFLAGS when targeting mingw64
o kex: free server host key before allocating it (again)
o SCP: add libssh2_scp_recv2 to support large (> 2GB) files on windows
o channel: Detect bad usage of libssh2_channel_process_startup
o userauth: Fix off by one error when reading public key file
o kex: removed dupe entry from libssh2_kex_methods
o _libssh2_error: Support allocating the error message
o hostkey: fix invalid memory access if libssh2_dsa_new fails
o hostkey: align code path of ssh_rsa_init to ssh_dss_init
o libssh2.pc.in: fix the output of pkg-config --libs
o wincng: fixed possible memory leak in _libssh2_wincng_hash
o wincng: fixed _libssh2_wincng_hash_final return value
o add OpenSSL 1.1.0-pre2 compatibility
o agent_disconnect_unix: unset the agent fd after closing it
o sftp: stop reading when buffer is full
o sftp: Send at least one read request before reading
o sftp: Don't return EAGAIN if data was written to buffer
o sftp: Check read packet file offset
o configure: build "silent" if possible
o openssl: add OpenSSL 1.1.0-pre3-dev compatibility
o GNUmakefile: list system libs after user libs
The included patch from upstream fixes the issue described here:
https://bugreports.qt.io/browse/QTBUG-48321
The backing store of certain widgets was being improperly invalidated,
leading to display bugs in, e.g. VLC.
This patch is included in Qt 5.6, so we should remove it when we
upgrade.
This package was failing to build on wendy:
lt-linux-libnuma: linux-libnuma.c:70: main: Assertion `numa_bitmask_equal(bitmask, numa_all_nodes_ptr)' failed.
Since we shouldn't run tests that depend on the hardware
characteristics of the build machine, I've disabled these.
The glibc DNS client side resolver is vulnerable to a stack-based buffer
overflow when the getaddrinfo() library function is used. Software using
this function may be exploited with attacker-controlled domain names,
attacker-controlled DNS servers, or through a man-in-the-middle attack.
https://googleonlinesecurity.blogspot.co.uk/2016/02/cve-2015-7547-glibc-getaddrinfo-stack.html
Built and tested locally.
From the changelog:
```
Version 0.7.82, 2016-01-27
+ Matroska: CRC-32 validation
+ Matroska: support of padding/junk at the start of a segment
+ Matroska: trace is activated for all elements (but report is still
based on the first element met)
+ Matroska: add an intermediate level in the trace for the raw stream
parser
x FLV: potential infinite loop fixed
x #B966, DTS: DTS-HD HR 3840 not detected anymore
x AC-3: wrong sample rate with 32 kHz streams
x #B948, EBUCore 1.6: invalid output due to position of
containerEncoding element
x #B957, MPEG-7 output: No XML encoded value output
```
Some of the original URLs were broken now.
It seems that set of mirrors is preferred and faster than the others.
In the x264 case the source isn't there so http://download.videolan.org
is used instead.
It's the same as openalSoft (same package source and version). I suppose it
contained original Creative open-source OpenAL implementation some time ago, but
then it changed and nobody noticed. It's referenced nowhere, anyway.
CipherScan is a simple way to find out which SSL ciphersuites are
supported by a target.
It can take advantage of the extra features in Peter Mosmans' openssl
fork (which is also included in this commit).
Doing it in an openssl setup hook only works if packages have openssl
as a build input - it doesn't work if they're using a program linked
against openssl.
The rewrite achieves three goals. First, all the installation paths are
set correctly for multiple outputs. Second, the correct search paths are
set for all types of shared data. Third, packages are installed through
propagatedUserEnvPkgs as required.
The included patch from upstream fixes the issue described here:
https://bugreports.qt.io/browse/QTBUG-48321
The backing store of certain widgets was being improperly invalidated,
leading to display bugs in, e.g. VLC.
This patch is included in Qt 5.6, so we should remove it when we
upgrade.
The documentation cannot be built as part of the split-module build
anyway. After all the modules are built, we could build the
documentation as a separate package.
The documentation cannot be built as part of the split-module build
anyway. After all the modules are built, we could build the
documentation as a separate package.
This will probably be mandatory soon, and is a step in the right
direction. Removes the deprecated meta.version, and move some meta
sections to the end of the file where I should have put them in
the first place.
Once #7701 gets merged, we have another environment variable called
$outputLib, which then points to another environment variable which is
the final library output.
This was brought up in discussion with @lethalman and @vcunat in:
https://github.com/NixOS/nixpkgs/pull/12558#discussion_r50599813
The closure-size branch is not yet merged into master, so this is only
a preparation and we're still falling back to $out and $lib whenever
$outputLib isn't available.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
As the comment needed explanation, that it's about temporary build
files, this should do better.
Thanks again to @lethalman for pointing that out.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
If no config.nix.storeDir has been set, don't fall back to "/nix/store"
but use builtins.storeDir instead so we always should end up with the
correct store path no matter whether config.nix.storeDir has been set.
Thanks to @lethalman for pointing this out.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
After patching up the shared libraries in c420de6 to use absolute paths,
there are still some libraries left which do not get an absolute paths
assigned.
Those libraries are the ones which have an absolute path outside of the
Nix store, so we assume that they're build products of the current build
and make them absolute by prepending "$out/lib" or "$lib/lib" (depending
on whether it's a multiple output derivation or not) to its basename.
So for my test case, the resulting library paths now look like this:
/nix/store/...-libblockdev-1.3/lib/libblockdev.so.0
/nix/store/...-glibc-2.21/lib/libm.so.6
/nix/store/...-dmraid-1.0.0.rc16/lib/libdmraid.so.1.0.0.rc16
/nix/store/...-libblockdev-1.3/lib/libbd_utils.so.0
Which is perfectly fine and everything gets resolved correctly after
importing the library using GI.
However, I didn't test it against other libraries and programs, so this
still needs testing, especially for Darwin.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
The gi-r-scanner is generating a list of shared libraries that are
referenced in the shared-library attribute of the <namespace/> element
of the GIR file. However, this attribute only contains the names of the
libraries and not the full store paths, like for example while preparing
to package libblockdev, the following items were included in the
shared-library attribute:
/nix/store/...-libblockdev-1.3/lib/libblockdev.so.0
libm.so.6
libdmraid.so.1.0.0.rc16
libbd_utils.so.0
Unfortunately, loading such a library without setting LD_LIBRARY_PATH is
going to fail finding libm.so.6 and libdmraid.so.1.0.0.rc16.
Now the first attempt at solving this was to put absolute paths of all
the libraries referenced in the shared-library attribute, but this also
led up to including paths of build-time shared objects into that
attribute:
/nix/store/...-libblockdev-1.3/lib/libblockdev.so.0
/nix/store/...-glibc-2.21/lib/libm.so.6
/nix/store/...-dmraid-1.0.0.rc16/lib/libdmraid.so.1.0.0.rc16
/tmp/nix-build-libblockdev-1.3.drv-0/.../utils/.libs/libbd_utils.so.0
This of course is not what we want, so the final solution is to only
use the absolute path whenever it is a Nix path and leave the library
name as-is if the path doesn't reside within the store, like this:
/nix/store/...-libblockdev-1.3/lib/libblockdev.so.0
/nix/store/...-glibc-2.21/lib/libm.so.6
/nix/store/...-dmraid-1.0.0.rc16/lib/libdmraid.so.1.0.0.rc16
libbd_utils.so.0
The downside of this approach is that if not even the output path of the
library is in LD_LIBRARY_PATH, even loading of libbd_utils.so.0 could
fail, so we need to patch the loader as well.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
By default, GPGME tries to search in $PATH for the gpg and gpgconf
binaries. This has the downside, that the library won't work by its own
and needs to have GnuPG in systemPackages or the user environment.
I've stumbled on this while working on one of the dependencies of
nixos-assimilate and nixpart (volume_key), where the testing environment
didn't come with GnuPG in $PATH and thus the tests have failed.
After testing this with a few programs using GPGME, I haven't found any
weird behavior in conjunction with the GnuPG agent.
However one possible implication could be that if the GnuPG used in
$PATH (and the config files in the user's home directory) should be
vastly incompatible, it could lead to failures.
In practice however, the GnuPG1/2 versions pretty much seem to stay
compatible within their major releases so it shouldn't pose a problem.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
This patch is directly taken from easytag. id3lib is not maintained any longer
and the last release is 13 years old.
This patch fixes some unicode issues.
Recent illumos includes a linux-incompatible `inotify.h` header, which configure detects: compilation fails.
Also, a newer `dtrace` on SmartOS fails creating the probes ELF linkable object (with `dtrace -G`). Disable for now.
Remove old configure option `--disable-modular-tests`.
Recent illumos includes a linux-incompatible `inotify.h` header, which configure detects: compilation fails.
Also, a newer `dtrace` on SmartOS fails creating the probes ELF linkable object (with `dtrace -G`). Disable for now.
Remove old configure option `--disable-modular-tests`.
Also split out gmock's source so that it can be copied into protobuf's
source. Hopefull this hack can be removed again once gmock is replaced
by gtest.
This does not include python bindings.
Eelco showed alternative way of building static libraries via
stdenv adapter in a conversation several days ago and expressed
concern about adding new enableStatic flags.
Modifies libvirt package to search for configs in /var/lib and changes
libvirtd service to copy the default configs to the new location.
This enables the user to change e.g. the networking configuration with
virsh or virt-manager and keep those settings.
ktexteditor-5.18.0 needs its patches updated. An optional dependency on
`libgit2` was also added. `makeQtWrapper` was added to
`nativeBuildInputs` to set `XDG_DATA_DIRS` correctly.
Add Twisted as build input so that we can continue to have Python
support. (./configure disables Python support unless it finds the
'trial' program, from Twisted.) I don't know whether upstream intended
that, because it seems perfectly fine to run thrift + Python without
Twisted. (Only the TTwisted transport uses Twisted...)
Ah, Thrift use Twisted in its unit tests. Even when we pass
--enable-tests=no to ./configure :-D
Upstream bug: https://bugzilla.redhat.com/show_bug.cgi?id=1293060
This patch is based on the one attached to that bug report, but
instead of patching the .x files (parsing of which apparently
fails as well) it modifies the pre-generated .c files directly.
This ought to fix#12139.
Built and run locally.
From the Changelog:
```
Version 0.7.81, 2015-12-31
+ Acquisition Metadata: support of all SMPTE RDD18 elements
+ Matroska: cover presence and content of the cover, thanks to Max Pozdeev
+ #F446, Matroska: Handling of cropping values, thanks to Max Pozdeev
+ Improvement of Python binding: Mac Os X support, Python2 and Python3
can use same MediaInfoDLL.py
+ #F484, AVI: OpenDML Interlaced / Progressive scan type detection
+ MP4: support of AtomicParsley imdb tag
x #B959, MPEG-TS: MPEG-1 Video appeared as MPEG-2 Video
x #B914, Matroska: Undefined number of chapters in some M4V with Timed
Text, thanks to Max Pozdeev
x #B962, Matroska: negative timecodes were not correctly handled
x #B964, FLV: was hanging trying to open some FLV files
x JPEG in AVI or MOV: better handling of buggy APP0/AVI1, avoiding some
false positives about interlacement
x DVCPRO HD: some containers consider DVCPRO HD as with width 1920
despite the fact it is 1280 or 1440, using 1280 or 1440 in all cases
```
http://hydra.nixos.org/eval/1234895
The mass errors on Hydra seem transient; I verified ghc on i686-linux.
Only darwin jobs are queued ATM. There's a libpng security update
included in this merge, so I don't want to wait too long.
This improves our Bundler integration (i.e. `bundlerEnv`).
Before describing the implementation differences, I'd like to point a
breaking change: buildRubyGem now expects `gemName` and `version` as
arguments, rather than a `name` attribute in the form of
"<gem-name>-<version>".
Now for the differences in implementation.
The previous implementation installed all gems at once in a single
derivation. This was made possible by using a set of monkey-patches to
prevent Bundler from downloading gems impurely, and to help Bundler
find and activate all required gems prior to installation. This had
several downsides:
* The patches were really hard to understand, and required subtle
interaction with the rest of the build environment.
* A single install failure would cause the entire derivation to fail.
The new implementation takes a different approach: we install gems into
separate derivations, and then present Bundler with a symlink forest
thereof. This has a couple benefits over the existing approach:
* Fewer patches are required, with less interplay with the rest of the
build environment.
* Changes to one gem no longer cause a rebuild of the entire dependency
graph.
* Builds take 20% less time (using gitlab as a reference).
It's unfortunate that we still have to muck with Bundler's internals,
though it's unavoidable with the way that Bundler is currently designed.
There are a number improvements that could be made in Bundler that would
simplify our packaging story:
* Bundler requires all installed gems reside within the same prefix
(GEM_HOME), unlike RubyGems which allows for multiple prefixes to
be specified through GEM_PATH. It would be ideal if Bundler allowed
for packages to be installed and sourced from multiple prefixes.
* Bundler installs git sources very differently from how RubyGems
installs gem packages, and, unlike RubyGems, it doesn't provide a
public interface (CLI or programmatic) to guide the installation of a
single gem. We are presented with the options of either
reimplementing a considerable portion Bundler, or patch and use parts
of its internals; I choose the latter. Ideally, there would be a way
to install gems from git sources in a manner similar to how we drive
`gem` to install gem packages.
* When a bundled program is executed (via `bundle exec` or a
binstub that does `require 'bundler/setup'`), the setup process reads
the Gemfile.lock, activates the dependencies, re-serializes the lock
file it read earlier, and then attempts to overwrite the Gemfile.lock
if the contents aren't bit-identical. I think the reasoning is that
by merely running an application with a newer version of Bundler, you'll
automatically keep the Gemfile.lock up-to-date with any changes in the
format. Unfortunately, that doesn't play well with any form of
packaging, because bundler will immediately cause the application to
abort when it attempts to write to the read-only Gemfile.lock in the
store. We work around this by normalizing the Gemfile.lock with the
version of Bundler that we'll use at runtime before we copy it into
the store. This feels fragile, but it's the best we can do without
changes upstream, or resorting to more delicate hacks.
With all of the challenges in using Bundler, one might wonder why we
can't just cut Bundler out of the picture and use RubyGems. After all,
Nix provides most of the isolation that Bundler is used for anyway.
The problem, however, is that almost every Rails application calls
`Bundler::require` at startup (by way of the default project templates).
Because bundler will then, by default, `require` each gem listed in the
Gemfile, Rails applications are almost always written such that none of
the source files explicitly require their dependencies. That leaves us
with two options: support and use Bundler, or maintain massive patches
for every Rails application that we package.
Closes#8612
Previously, the native libvirt package was making an assertion that
the dependent Python package had a compatible version. This commit
switches that so that the Python package makes the assertion, since
it makes more sense to me to have a child package making an
assertion about its parent than vice versa.
It is better to specify data-dir in the environmental variable since
then both the language description files and the dictionaries will be
found. Since dict-dir defaults to data-dir only the latter needs to be
set. See for example https://github.com/NixOS/nixpkgs/issues/1000
vcunat did some cosmetic changes, such as joining lines
because we seem to rarely use one-identifier-per-line style,
or fixing hyena description to conform to our rules.
