Some packages don’t work correctly with pie. Here I disable it for:
- busybox
- linux kernel
- kexectools
I also get rid of the Musl conditional for disabling pie in GCC and
Binutils. Some day we might want to enable PIE without Musl and it
will be useful to have the *just* work with our compiler and linkers.
These don’t like having -fPIE set for them. We should disable
hardening all the time, but in the interest of not changing hashes,
this only disables it for Musl (where it is now the default).
(cherry picked from commit a3a6884649354a660326acd68c1bd08ffd2dcfa2)
These packages should in theory work with our GCC toolchains, but
there are some definite breakages that need to be tracked down.
Comparing output of these to old gcc-arm-embedded is important.
Affected packages include:
- axolooti
- avrdudess
- opentx
- microscheme
- betaflight
- inav
- blackmagic
- simavr
- gnuk
* circleci-cli: 0.1.0 -> 0.1.2307
We are also building from source now, instead of using a pre-packaged
version. This means we need Go. Also did minor refactors.
* circleci-cli: removed unneeded dependencies
This has been not touched in 6 years. Let's remove it to cause less
problems when adding new cross-compiling infrastructure.
This also simplify gcc significantly.
Useful update-- adds support for accepting multiple files as arguments
and fixes handling of large executables (>2Gb).
While touching this, modify version to include more info.
Preserving version format previously used, although not usual style.
This bumps Hydra to the latest revision available. As Hydra doesn't have
a release model (and therefore no tags) ATM, the derivation will pin
against the actual git revision and the date of the commit in the
derivation name.
Additionally the following changes have been made:
* Dropped `postUnpack` phase. It is useful when working with the Hydra
source (and no dirty changes shall be used in `release.nix`, but is has
no use in `nixpkgs`).
* Added myself as maintainer to have more folks available in case of
future breakage.
* Implemented support for Nix 2.0 and `unstable` (currently 2.1):
Since 1672bcd230447f1ce0c3291950bdd9a662cee974 in NixOS/nix the
evaluator differentiates between `settings` and `evalSettings`.
Previously `restrictEval` in `hydra-eval-jobs.cc` has been set in
`settings`, this doesn't work anymore in Nix 2.1 and is therefore
incompatible to Nix 2.0 on an API level.
To resolve this, the flag `isGreaterNix20` parses the version string
of `pkgs.nix` and applies a patch if nix.version<=2.0.
Furthermore the Hydra build with Nix 2.1 requires `boost` as build input
which is not needed for Nix 2.0. To avoid unnecessary increase in the
closure size this library will only used as build input for
nix.version>2.0.
* Fixed the NixOS test for `hydra`:
disabled binary cache to allow sandbox builds (otherwise it would
query `cache.nixos.org` during the Hydra build inside the test).
Additionally the trivial.nix jobset required simplification (as done
in NixOS/hydra, e.g. tests/api-test.nix) as bash is not available in
the build sandbox as builder (even when adding pkgs.bash to
systemPackages).
The easiest workaround to confirm a the functionality of a jobset
without importing nixpkgs is to use the default shell /bin/sh which
is mounted from `pkgs.busybox` into the build env
(https://github.com/NixOS/nixpkgs/pull/44841#discussion_r209751972) in the
VM and a named pipe to create $out.
Closes#44044
* The ELK stack is upgraded to 6.3.2.
* `elasticsearch6`, `logstash6` and `kibana6` now come with X-Pack which is
a suite of additional features. These are however licensed under the unfree
"Elastic License".
* Fortunately they also provide OSS versions which are now packaged
under: `elasticsearch6-oss`, `logstash6-oss` and `kibana6-oss`.
Note that the naming of the attributes is consistent with upstream.
* The test `nix-build nixos/tests/elk.nix -A ELK-6` will test the OSS
version by default. You can also run the test on the unfree ELK using:
`NIXPKGS_ALLOW_UNFREE=1 nix-build nixos/tests/elk.nix -A ELK-6 --arg enableUnfree true`
In 3027bca, binutils was upgraded from 2.28.1 to 2.30. However, in 2.30,
the ldmain.c file within binutils, which the nixpkgs new-dtags.patch
file is meant to modify, was changed in such a way that the patch no
longer works. As a result, the new dtags are not actually enabled, and
binaries are built with RPATH set instead of RUNPATH, thereby preventing
LD_LIBRARY_PATH from overriding this built-in path. This change corrects
this. The patch file is no longer necessary because binutils's ldmain.c
now sets link_info.new_dtags based on the configuration flags.
This was probably not noticed immediately because, when the derivation
is built with nix-build, the fixupPhase runs patchelf --shrink-rpath.
patchelf converts any RPATH in the binary into RUNPATH (unless
--force-rpath is specified). Of course, if the binary is built without
nix-build (such as in a nix-shell), this never occurs, and any RPATH in
the binary is left in place.
Since years I'm not maintaining anything of the list below other
than some updates when I needed them for some reason. Other people
is doing that maintenance on my behalf so I better take me out but
for very few packages. Finally!
Semi-automatic update generated by https://github.com/ryantm/nixpkgs-update tools.
This update was made based on information from https://repology.org/metapackage/elfutils/versions.
These checks were done:
- built on NixOS
- /nix/store/nmml2vhzia58ji531a4q1j97rrj308yj-elfutils-0.173/bin/eu-readelf passed the binary check.
- /nix/store/nmml2vhzia58ji531a4q1j97rrj308yj-elfutils-0.173/bin/eu-nm passed the binary check.
- /nix/store/nmml2vhzia58ji531a4q1j97rrj308yj-elfutils-0.173/bin/eu-size passed the binary check.
- /nix/store/nmml2vhzia58ji531a4q1j97rrj308yj-elfutils-0.173/bin/eu-strip passed the binary check.
- /nix/store/nmml2vhzia58ji531a4q1j97rrj308yj-elfutils-0.173/bin/eu-elflint passed the binary check.
- /nix/store/nmml2vhzia58ji531a4q1j97rrj308yj-elfutils-0.173/bin/eu-findtextrel passed the binary check.
- /nix/store/nmml2vhzia58ji531a4q1j97rrj308yj-elfutils-0.173/bin/eu-addr2line passed the binary check.
- /nix/store/nmml2vhzia58ji531a4q1j97rrj308yj-elfutils-0.173/bin/eu-elfcmp passed the binary check.
- /nix/store/nmml2vhzia58ji531a4q1j97rrj308yj-elfutils-0.173/bin/eu-objdump passed the binary check.
- /nix/store/nmml2vhzia58ji531a4q1j97rrj308yj-elfutils-0.173/bin/eu-ranlib passed the binary check.
- /nix/store/nmml2vhzia58ji531a4q1j97rrj308yj-elfutils-0.173/bin/eu-strings passed the binary check.
- /nix/store/nmml2vhzia58ji531a4q1j97rrj308yj-elfutils-0.173/bin/eu-ar passed the binary check.
- /nix/store/nmml2vhzia58ji531a4q1j97rrj308yj-elfutils-0.173/bin/eu-unstrip passed the binary check.
- /nix/store/nmml2vhzia58ji531a4q1j97rrj308yj-elfutils-0.173/bin/eu-stack passed the binary check.
- /nix/store/nmml2vhzia58ji531a4q1j97rrj308yj-elfutils-0.173/bin/eu-elfcompress passed the binary check.
- /nix/store/nmml2vhzia58ji531a4q1j97rrj308yj-elfutils-0.173/bin/eu-make-debug-archive passed the binary check.
- 16 of 16 passed binary check by having a zero exit code.
- 0 of 16 passed binary check by having the new version present in output.
- found 0.173 with grep in /nix/store/nmml2vhzia58ji531a4q1j97rrj308yj-elfutils-0.173
- directory tree listing: https://gist.github.com/f0b855207a6f13446e77907717da40dd
- du listing: https://gist.github.com/1275237e95e19d1956769a304945cc37
Semi-automatic update generated by https://github.com/ryantm/nixpkgs-update tools.
This update was made based on information from https://repology.org/metapackage/sysbench/versions.
<details><summary>Version release notes (from GitHub)</summary>
* version 1.0.15
* CI/build/packaging: add Fedora 28
* CI/build/packaging: add Ubuntu Bionic
* CI/build/packaging: remove Fedora 26 (EOL)
* CI/build/packaging: remove Debian Wheezy (EOL)
* fileio: fix GH-229 (--file-fsync-freq=0 seems to prevent
fsync() at the end of the test)
* command line: improve parsing of boolean command line options
* tests: fix GH-220 (Testsuite api_sql_mysql.t failed ...)
* tests: fix GH-223 (test failure on ppc64)
* tests: fix opt_help.t to pass when the binary is not
configured with MySQL support
* MySQL driver: use it by default in DB benchmarks
</details>
These checks were done:
- built on NixOS
- /nix/store/jfyhnvp5696s1cjn64fxp5ir072m7h35-sysbench-1.0.15/bin/sysbench passed the binary check.
- 1 of 1 passed binary check by having a zero exit code.
- 1 of 1 passed binary check by having the new version present in output.
- found 1.0.15 with grep in /nix/store/jfyhnvp5696s1cjn64fxp5ir072m7h35-sysbench-1.0.15
- directory tree listing: https://gist.github.com/2d15615806f49f153b03e6495af3654b
- du listing: https://gist.github.com/6d323aaf15bf22506caed9176fe9b034
* treewide: http -> https sources
This updates the source urls of all top-level packages from http to
https where possible.
* buildtorrent: fix url and tab -> spaces
Semi-automatic update generated by https://github.com/ryantm/nixpkgs-update tools.
This update was made based on information from https://repology.org/metapackage/doclifter/versions.
These checks were done:
- built on NixOS
- Warning: no invocation of /nix/store/qzimyzp6c58i4jmqkmijzicyxzbn3j0x-doclifter-2.18/bin/manlifter had a zero exit code or showed the expected version
- /nix/store/qzimyzp6c58i4jmqkmijzicyxzbn3j0x-doclifter-2.18/bin/doclifter passed the binary check.
- 1 of 2 passed binary check by having a zero exit code.
- 1 of 2 passed binary check by having the new version present in output.
- found 2.18 with grep in /nix/store/qzimyzp6c58i4jmqkmijzicyxzbn3j0x-doclifter-2.18
- directory tree listing: https://gist.github.com/5f26018de7c8c2bbf86953b19997143a
- du listing: https://gist.github.com/b556716e68094c4f1457bbbbe6467d55
In particular, this contains Firefox-related and libgcrypt updates.
Other larger rebuilds would apparently need lots of time to catch up
on Hydra, due to nontrivial rebuilds in other branches than staging.
This fails for me:
> compressed_output.cc:320:20: error: format string is not a string literal (potentially insecure) [-Werror,-Wformat-security]
> gold_warning(_("not compressing section data: zlib error"));
> ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> ./system.h:40:20: note: expanded from macro '_'
> # define _(String) gettext (String)
> ^~~~~~~~~~~~~~~~
> compressed_output.cc:320:20: note: treat the string as an argument to avoid this
> gold_warning(_("not compressing section data: zlib error"));
> ^
> "%s",
> ./system.h:40:20: note: expanded from macro '_'
> # define _(String) gettext (String)
^
Disabling format hardening should hopefully be harmless here. If it's a problem we can also make it conditional.
/cc @Ericson2314