This commit exposes support for compilation without systemd,
controlled by the global systemdSupport argument. This argument is
understood by many other nixpkgs expressions and can be set globally
in ~/.config/nixpkgs/config.nix.
The problem with enableGeoLocation was that it didn't compose well with
.overrideAttrs and setting geoclue2=null at the overlay level
because of the assert statement.
Thus, when combined with disabling libsecret, the resulting override code was:
avahi = null;
geoclue2 = { outPath = throw "geoclue is disabled"; };
webkitgtk = prev.lib.pipe prev.webkitgtk [
(x: x.override { enableGeoLocation = false; geoclue2 = prev.geoclue2; })
(x: x.overrideAttrs (old: { cmakeFlags = old.cmakeFlags ++ [ "-DUSE_LIBSECRET=OFF" ]; }))
(x: x.override { enableGeoLocation = false; geoclue2 = null; libsecret = null; })
];
It works, but is unnecessarily complex.
: detailed motviation
libsecret and geoclue2 are actually completely independent,
the real conflict is between assert and override/overrideAttrs which
don't work as expected; e.g. you can pass an updated parameter, but the
original parameter at callPackage "calltime" after recusion through overlays
gets used, so when globally setting "geoclue2=null;" in an overlay,
the assert is always hit without any way to work around that
If `/run/opengl-driver/lib` is in `LD_LIBRARY_PATH`, bwrap will try to
mount it into the already bind mounted `/run/opengl-driver`. To
prevent this, we instead specify the subpaths of `/run/opengl-driver`
we're interested in.
Also, use the correct path for i686 builds.
- Libmanette and systemd features need to be disabled since they depend on systemd.
- FastMalloc for some reason does not include <malloc/malloc.h> so we added that.
- <CommonCrypto/CommonRandom.h> depends on a type from <CommonCrypto/CommonCryptor.h> but does not include it for some reason, resulting in the following error:
In file included from ../Source/WTF/wtf/RandomDevice.cpp:44:
/nix/store/wd30p2pq4lci8fk9fqldkgk1hgmwpapj-Libsystem-1238.60.2/include/CommonCrypto/CommonRandom.h:35:9: error: unknown type name 'CCCryptorStatus'
typedef CCCryptorStatus CCRNGStatus;
- The GL-related flags were renamed and removed (in previous releases as well) so we switched to the new ones so that GL is still disabled.
- Unrelatedly, `with` statement at the top of the expression is abomination so we narrowed its scope to just meta.
I hope this will improve the situation on aarch64-linux.
I don't think it could make anything worse.
Recent staging-next timeouts:
https://hydra.nixos.org/build/141551270https://hydra.nixos.org/build/141547098
For now let's not touch meta.timeout, as there's less consensus and the
setting seems less reliable in practice, too.
The package could not compile because it did not know the meaning of
TRUE and FALSE [1]. So we have to make sure our build environment
provides reasonable, sensible definitions to make the build succeed.
[1] https://hydra.nixos.org/build/137292531
continuation of #109595
pkgconfig was aliased in 2018, however, it remained in
all-packages.nix due to its wide usage. This cleans
up the remaining references to pkgs.pkgsconfig and
moves the entry to aliases.nix.
python3Packages.pkgconfig remained unchanged because
it's the canonical name of the upstream package
on pypi.
Without access to the `/run/opengl-driver` directory, webkit fails to
create an EGL context, since it can't identify a suitable EGL
vendor. This results in a blank window and the following error output:
Cannot get default EGL display: EGL_BAD_PARAMETER
Cannot create EGL context: invalid display (last error: EGL_SUCCESS)
Fixes processing of malicousliy crafted web content which could lead to
- CVE-2020-13584: arbitrary code execution due to a use after free issue
- CVE-2020-9983: code execution due to an out-of-bounds write issue
Advisory at https://webkitgtk.org/security/WSA-2020-0008.html
Fixes: CVE-2090-13584, CVE-2020-9983
