This reverts commit 6ff886e539 because it
doesn't work when chroot builds are enabled (nix.useChroot = true):
$ nix-build -A arduino
these derivations will be built:
/nix/store/xjv1j3mww4jx1vccfc0p1inlcrlgx2if-arduino-1.6.6.drv
building path(s) ‘/nix/store/58sdiphd4pm3811gir0b8j718pgq8zvk-arduino-1.6.6’
...
untar-unzip-download:
[get] Getting: http://downloads.arduino.cc/reference-1.6.6-3.zip
[get] To: /tmp/nix-build-arduino-1.6.6.drv-0/Arduino-1.6.6-src/build/shared/reference-1.6.6-3.zip
[get] Error getting http://downloads.arduino.cc/reference-1.6.6-3.zip to /tmp/nix-build-arduino-1.6.6.drv-0/Arduino-1.6.6-src/build/shared/reference-1.6.6-3.zip
untar-unzip-checksum:
[echo] Testing checksum of "shared/reference-1.6.6-3.zip"
[checksum] Could not find file /tmp/nix-build-arduino-1.6.6.drv-0/Arduino-1.6.6-src/build/shared/reference-1.6.6-3.zip to generate checksum for.
BUILD FAILED
Reasoning: without a revert, the build farm cannot produce binaries and
users that build from source, without chroot, cannot trust that they get
a working result (non-deterministic build, depending on how pure the
arduino builder is).
The current URL is broken, upstream has moved the download from .../files/ to
.../files_legacy/. But after fixing that, starting hashcat results in:
$ ./result/bin/hashcat
ERROR: this copy of hashcat is outdated. Get a more recent version.
So just update to latest.
New releases are on github, the license is now MIT and there are build
system changes.
not part of nixpkgs/nixos jobsets in 16.03+ since ccd1029f58. Until
it gets added again, adding some python packages that take really
long to build.
(cherry picked from commit 713c24056397fef46717d2f0eae1940f348941e6)
The chroot caps restriction disallows chroot'ed processes from running
any command that requires `CAP_SYS_ADMIN`, breaking `nixos-rebuild`. See
e.g., https://github.com/NixOS/nixpkgs/issues/15293
This significantly weakens chroot protections, but to break
nixos-rebuild out of the box is too severe.