Commit Graph

2442 Commits

Author SHA1 Message Date
John Ericson
cd6c452ade cc-wrapper: Don't hardcode MacOS min version for delegates 2017-08-03 16:37:27 -04:00
John Ericson
2e61d8b71c cc-wrapper: Handle more -l.... gotchas 2017-08-03 16:37:27 -04:00
John Ericson
f1d48ca6ba Merge pull request #27859 from adisbladis/revert_27427
Revert "buildenv: read propagated-user-env-packages line-by-line"
2017-08-03 11:17:34 -04:00
mimadrid
09e0cc7cc7
Update homepage attributes: http -> https
Homepage link "http://.../" is a permanent redirect to "https://.../" and should be updated
https://repology.org/repository/nix_stable/problems
2017-08-03 11:56:15 +02:00
Mathias Schreck
86d9b09c9b dockerTools: fix image json and manifest
The image json is not exactly the same as the layer json, therefore I
changed the implementation to use the `baseJson` which doesn’t include
layer specific details like `id`, `size` or the checksum of the layer.

Also the `history` entry was missing in the image json. I’m not totally
sure if this field is required, but a I got an error from a docker
registry when I’ve tried to receive the distribution manifest of an
image without those `history` entry:

GET: `http://<registry-host>/v2/<imageName>/manifests/<imageTag>`

```json
{
  "errors": [
    {
      "code": "MANIFEST_INVALID",
      "message": "manifest invalid",
      "detail": {}
    }
  ]
}
```

I’ve also used a while loop to iterate over all layers which should make
sure that the order of the layers is correct. Previously `find` was
used and I’m not sure if the order was always correct.
2017-08-03 11:52:03 +02:00
tilpner
77f1c7d5bc
buildenv: Make buildEnv overridable
callPackage already calls makeOverridable, but that just
makes the function that evaluates to buildEnv overridable,
not buildEnv itself.
If no overridable version of buildEnv is used during construction,
users can't override e.g. `paths` at all
2017-08-02 11:56:37 +02:00
Sergey Mironov
f49c2fbf7a
trivial-builders.nix: add writeShellScriptBin builder 2017-08-01 20:23:08 -04:00
Frederik Rietdijk
f74759450b Merge remote-tracking branch 'upstream/master' into HEAD 2017-08-01 16:28:48 +02:00
Orivej Desh
07674788d6 Respect NIX_DONT_SET_RPATH when .so appears in the command line
Unified processing of command line arguments in ld-wrapper broke support for
`NIX_DONT_SET_RPATH` and revealed that ld-wrapper adds the directory of its
`-plugin` argument to runpath. This pull request fixes that. It treats
`dir/libname.so` as `-L dir -l name`, because this is how `ld.so` interprets
resulting binary: with `dir` in `RUNPATH` and the bare `libname.so` (without
`dir`) in `NEEDED`, it looks for `libname.so` in each `RUNPATH` and chooses the
first, even when the linker was invoked with an absolute path to `.so`.
2017-08-01 11:57:33 +02:00
adisbladis
283364a2fe
Revert "buildenv: read propagated-user-env-packages line-by-line"
This reverts commit dce958ac39.
2017-08-01 15:41:06 +08:00
John Ericson
1cd74ac70a cc-wrapper: Make sure symbol tables of child delegators is not empty
As described in https://github.com/NixOS/nixpkgs/issues/18461, MacOS no
longer accepts dylibs which only reexport other dylibs, because their
symbol tables are empty. To get around this, we define an object file
with a single "private extern" symbol, which hopefully won't clobber
anything.
2017-07-31 17:02:56 -04:00
John Ericson
9242c8b331 cc-wrapper: Use two scripts instead of patch 2017-07-31 17:02:56 -04:00
John Ericson
0c37778c2c cc-wrapper: WIP linking hack for mac OS
Probably best to override Haskell packages set, or anything else
linking a lot of libraries, with this.
2017-07-31 17:02:56 -04:00
Domen Kožar
61b5b7fd2f Merge pull request #27657 from orivej/optimize-rpath
ld-wrapper: Optimize expanding rpath
2017-07-31 14:43:48 +02:00
Antoine Eiche
9082b66096 dockerTools: fix permissions on base image
If the base image has been built with nixpkgs.dockerTools, the image
configuration and manifest are readonly so we first need to change
their permissions before removing them.

Fix #27632.
2017-07-31 13:52:35 +02:00
Frederik Rietdijk
740d76371e Merge commit 'ba68231273bea4cba01413fd2a0e56d68db9234c' into HEAD 2017-07-31 09:12:15 +02:00
Peter Hoeg
7aedfc1df8 Merge pull request #27775 from rvl/bower2nix-issue-13
fetchbower: handle packages with slashes in their name
2017-07-31 01:02:29 +08:00
Orivej Desh
4964b104b9 ld-wrapper: Optimize expanding rpath
The time to expand rpath was proportional to the number of -L flags times the
number of -l flags.  Now it is proportional to their sum (assuming constant
number of files in each directory in an -L flag).

Issue reported by @nh2 at https://github.com/NixOS/nixpkgs/issues/27609#issuecomment-317916623
2017-07-28 20:50:30 +00:00
Frederik Rietdijk
55357de67a Merge remote-tracking branch 'upstream/master' into HEAD 2017-07-28 19:37:36 +02:00
Eelco Dolstra
5c5b71df5e
Add a setup hook to fill NIX_DEBUG_INFO_DIRS
This setup hook is propagated by gdb. Thus, a typical use is:

  $ nix-shell -p gdb nix nix.debug sqlite.debug ...

and gdb will be able find the debug symbols of nix etc. automatically.
2017-07-28 16:38:26 +02:00
Franz Pletz
b116fa5ff2
Merge branch 'master' into staging 2017-07-28 16:08:30 +02:00
Rodney Lorrimar
efaec90f60 fetchbower: handle packages with slashes in their name
Packages from github repos have slashes in their name. Nix store names
shouldn't have slashes.

Fixes rvl/bower2nix#13
2017-07-27 21:18:43 +01:00
Eelco Dolstra
63d7b6ee29
makeImageFromDebDist: Add extraDebs arguments
This allows adding packages that are not part of the distribution, e.g.g

  extraDebs = [
    (pkgs.fetchurl {
      name = "openjdk.deb";
      url = http://ppa.launchpad.net/openjdk-r/ppa/ubuntu/pool/main/o/openjdk-8/openjdk-8-jdk-headless_8u111-b14-3~14.04.1_amd64.deb;
      sha256 = "1n5ibpkx9pjmc4nr052rls1yqbq7ckav2rabixjhd4yxbyhjl0ap";
    })
  ];
2017-07-27 20:34:24 +02:00
Antoine Eiche
9ee7e8b67e docker: generate the image configuration and manifest
This is required to push images to the Docker registry v2.
2017-07-26 23:05:29 +02:00
Antoine Eiche
8a431e13b5 docker: Remove ./ pattern when packing an image
Elements in images tar.gz generated by docker don't start by './'.
2017-07-26 23:05:29 +02:00
Eelco Dolstra
a7c8f5e419
debian: 8.8 -> 8.9 2017-07-26 20:02:17 +02:00
Antoine Eiche
0a4c43065c docker: do not import configuration and manifest from the base image
Fix #27632.
2017-07-26 20:01:41 +02:00
John Ericson
9be40841ea Merge remote-tracking branch 'upstream/master' into staging-base
Conflicts:
	pkgs/build-support/cc-wrapper/default.nix
	pkgs/build-support/gcc-wrapper-old/builder.sh
	pkgs/build-support/trivial-builders.nix
	pkgs/desktops/kde-4.14/kde-package/default.nix
	pkgs/development/compilers/openjdk-darwin/8.nix
	pkgs/development/compilers/openjdk-darwin/default.nix
	pkgs/development/compilers/openjdk/7.nix
	pkgs/development/compilers/openjdk/8.nix
	pkgs/development/compilers/oraclejdk/jdk-linux-base.nix
	pkgs/development/compilers/zulu/default.nix
	pkgs/development/haskell-modules/generic-builder.nix
	pkgs/misc/misc.nix
	pkgs/stdenv/generic/builder.sh
	pkgs/stdenv/generic/setup.sh
2017-07-26 13:46:04 -04:00
John Ericson
ea7d13cf1a stdenv-setup and misc hooks: Work with bash-3.4 for MacOS nix-shell
This is a temporary measure until this impurity is removed from Nix.
2017-07-26 09:08:01 -04:00
John Ericson
f6f40e3fe5 stdenv-setup and misc pkgs: Revert to space-deliminated propagated-* files
We cannot switch to line-delimited yet, because certain Nix commands do
not read in the entire file, but just the first line.
2017-07-26 09:07:55 -04:00
Robin Gloster
100107a3cd fetchpatch: add excludes parameter 2017-07-26 13:32:59 +02:00
Eelco Dolstra
47821f1cf0
cc-wrapper: More quadratic performance fixes
This eliminates the slow lookup of whether we've already seen an rpath
/ library path entry.

Issue #27609.
2017-07-25 18:46:49 +02:00
Eelco Dolstra
70d4d22806
cc-wrapper: Add a "man" output
... and propagate cc.man from there.
2017-07-25 16:12:58 +02:00
Eelco Dolstra
b9c403c531
stdenvLinux: Remove bootstrapTools from closure
The "expand-response-params" program had an unnecessary reference to
bootstrapTools, bloating the closure from 205 to 314 MiB.
2017-07-25 14:21:17 +02:00
Antoine Eiche
e28d817c9a docker: lowercase image name and tag
The docker loading (docker 1.12.6) of an image with uppercase in the
name fails with the following message:
invalid reference format: repository name must be lowercase
2017-07-25 10:47:51 +02:00
Eelco Dolstra
aa4a92d2df
cc-wrapper/ld-wrapper: Minor speedup in string concatenation
There is still a O(n) pattern match in ld-wrapper, so we should
probably rewrite that code to use associative arrays.
2017-07-24 14:48:26 +02:00
John Ericson
b087618ac0 Revert "stdenv: Store one package per line in nix-support/propagated-*"
As @oxij points out in [1], this breakage is especially serious because
it changes the contents of built environments without a corresonding
change in their hashes. Also, the revert is easier than I thought.

This reverts commit 3cb745d5a6.

[1]: https://github.com/NixOS/nixpkgs/pull/27427#issuecomment-317293040
2017-07-24 01:05:30 -04:00
Frederik Rietdijk
29f91c107f Merge remote-tracking branch 'upstream/master' into HEAD 2017-07-23 11:23:43 +02:00
Thomas Tuegel
6a004bf9c8
Merge branch 'master' into bugfix/staging/stdenv 2017-07-21 20:36:34 -05:00
Thomas Tuegel
c25199f697
fetchurl: remove unpaired call to `stopNest'
Fixes #27406.

Commit 5d4efb2c81 added an assertion to `stopNest'
which requires it be correctly paired with `startNest'. `fetchurl' calls
`stopNest', but never calls `startNest'; the former calls are removed.
2017-07-21 15:45:29 -05:00
Shea Levy
1ea9a69376 Merge branch 'll-fix-fetchzip-darwin' of https://github.com/obsidiansystems/nixpkgs 2017-07-18 09:06:11 -04:00
Jamey Sharp
09bae7cb70 build-fhs-userenv: Propagate $XAUTHORITY
The `DISPLAY` environment variable is propagated into chroots built with
`buildFHSUserEnv`, but currently the `XAUTHORITY` variable is not. When
the latter is set, its value is usually necessary in order to connect to
the X server identified by the former.

This matters for users running gdm3, for example, who have `XAUTHORITY`
set to something like `/run/user/1000/gdm/Xauthority` instead of the X
default of `~/.Xauthority`, which doesn't exist in that setup.

Fixes #21532.
2017-07-18 00:03:22 -07:00
Thomas Tuegel
54520fce77 Merge pull request #27427 from ttuegel/bugfix/buildenv-propagated
buildenv: read propagated-user-env-packages line-by-line
2017-07-17 16:20:36 -05:00
luigy
eb6c45bcae Fix #27448 argument list too long in fetchzip for darwin.
Paired with @Ericson2314
2017-07-17 11:23:20 -04:00
Frederik Rietdijk
3eceecb90d Merge remote-tracking branch 'upstream/master' into HEAD 2017-07-17 13:52:01 +02:00
Thomas Tuegel
dce958ac39
buildenv: read propagated-user-env-packages line-by-line
Since 3cb745d5a6, the format of
propagated-user-env-packages has changed and propagated packages have not been
included by buildenv, including in the system environment.

The buildenv builder is modified to read propagated-user-env-packages
line-by-line, instead of expecting all packages on one line.
2017-07-16 16:06:06 -05:00
John Ericson
21136311c4 Merge pull request #27415 from obsidiansystems/cc-wrapper-prefix-binutils
cc-wrapper: Always export environment variables for binutils
2017-07-16 11:21:39 -04:00
John Ericson
3739858571 cc-wrapper: Use new bash uppercase subsitution syntax in setup hook
While this requires newer bash, stdenv's setup.sh now does across the
board anyways. This way is more concise.
2017-07-15 20:33:10 -04:00
John Ericson
093cc00cdd cc-wrapper: Always export environment variables for binutils
Before, this only happened when cross compiling.
2017-07-15 16:01:03 -04:00
Daiderd Jordan
90ff6b1d03 Merge pull request #27017 from LnL7/docker-pure-layer
docker-tools: set user/group when creating a pure layer
2017-07-15 12:22:53 +02:00
Vladimír Čunát
e2b7b09960
Merge branch 'master' into staging 2017-07-15 12:15:56 +02:00
John Ericson
aca5ba405e cc-wrapper: Unify and improve dynamic linker flag logic
Besides deduplicating overlapping logic, clear warning messages were
added for:

 - No glob/path for dynamic linker provided (use default glob)

 - Glob did not expand to anything (don't append flag)

 - glob expanded to multiple things (take first, like before)
2017-07-14 15:21:34 -04:00
Jörg Thalheim
ce39a9c837 Merge pull request #27160 from bkchr/makeautostartitem_fix
make-autostartitem: Use the right path for storing the desktop files
2017-07-14 13:47:13 +01:00
Domen Kožar
0eb4f6fd25
Merge commit 'a889454869e4f7d5ba6067ebcc0ba7fcd26e4417'
Merge staging. It includes fixes for cc-wrapper parsing speed and
some other minor things.

http://hydra.nixos.org/eval/1375094
2017-07-14 11:55:41 +02:00
Sarah Brofeldt
9e61958399 tarsum: Fix source path in docker.src 2017-07-13 23:09:04 +02:00
John Ericson
3cb745d5a6 stdenv: Store one package per line in nix-support/propagated-*
This makes those files a bit easier to read. Also, for what it's worth,
it brings us one baby step closer to handling spaces in store paths.

Also, I optimized handling of many transitive deps with read. Probably,
not very beneficial, but nice to enforce the pkg-per-line structure.
Doing so let me find much dubious code and fix it.

Two misc notes:

 - `propagated-user-env-packages` also needed to be adjusted as
   sometimes it is copied to/from the propagated input files.

 - `local fd` should ensure that file descriptors aren't clobbered
   during recursion.
2017-07-10 13:32:13 -04:00
Vladimír Čunát
986c17727e
Merge: more compatibility for git* fetchers
They're additional commits from #26877.
Changing names of the fetched stuff was changing very many hashes,
and I think it's better to avoid that for the moment to reduce work
needed by nixpkgs users.  The fetchers are expected to be commonly
used even outside nixpkgs, and the current naming wasn't that bad
usually.

(commit analogical to d10c3cc5eedf58e80e2; I haven't noticed the part of
the PR has already got to master)
2017-07-09 10:31:24 +02:00
Daiderd Jordan
980346592c
Merge branch 'staging' into master 2017-07-08 22:22:17 +02:00
Daiderd Jordan
83fbc0f035
docker-tools: fixup permssions for extraCommands 2017-07-08 13:57:04 +02:00
John Ericson
a302d7360f top-level: {build,host,target}Platform are defined in the stdenv instead
See #27069 for a discussion of this
2017-07-07 12:55:02 -04:00
Bastian Köcher
6bf72482eb make-autostartitem: Use the right path for storing the desktop files
The freedesktop specification says that the autostart folder is located at $XDG_CONFIG_DIRS/autostart.
Nixos defines XDG_CONFIG_DIRS as /etc/xdg. So we need to copy the desktop files into the right folder
with make-startupitem.
2017-07-06 00:44:41 +02:00
Ryan Trinkle
7004641566 Merge pull request #26974 from obsidiansystems/response-file-parsing-speed
cc-wrapper: improve response file parsing speed
2017-07-05 16:18:22 -04:00
Volth
ab8dd33e5c support old naming, just add escaping of unsafe chars 2017-07-05 16:01:26 +00:00
Vladimír Čunát
9e1c7ddaae
Merge branch 'master' into staging 2017-07-05 09:53:53 +02:00
Vladimír Čunát
5328aac7be
Merge branch 'staging'
Comparison looks OK; I'll try some fixes on master directly.
http://hydra.nixos.org/eval/1372577?compare=1372497
2017-07-05 08:55:26 +02:00
Volth
e7521e289c gitRepoToName: make it compatible with old fetchFromGitHub's "${repo}-${rev}-scr" to avoid mass rebuild 2017-07-04 20:22:13 +00:00
Volth
535a6c3520 fetchFromGitHub: fix fetchSubmodules=true when revision is not hexadecimal 2017-07-04 20:22:13 +00:00
Ryan Trinkle
aad0ebb194 cc-wrapper: expand-response-params: fix parsing of quotes that are quoted and escaped 2017-07-03 23:16:10 -04:00
Orivej Desh
2bc7b4e134 cc-wrapper: simplify expandResponseParams parser
Import from b2446902fe
2017-07-03 21:51:23 +00:00
Harmen
6dab2c72df nix-prefetch-git: add --quiet to --help 2017-07-03 11:44:33 +02:00
Vladimír Čunát
d1a89ae9d7
Merge branch 'master' into staging 2017-07-03 09:48:58 +02:00
Joachim F
d88f83de6b Merge pull request #17681 from ericsagnes/feat/releaseTools.channel
releaseTools: add channel function
2017-07-02 09:46:17 +01:00
Daiderd Jordan
dde5865140
docker-tools: set group/owner when creating a pure layer 2017-07-01 17:08:48 +02:00
Ryan Trinkle
d07f30f628 cc-wrapper: improve response file parsing speed 2017-06-30 15:20:53 -04:00
Vladimír Čunát
ddf864f8aa
Merge branch 'master' into staging
Mass rebuilds from master (>7k on x86_64-linux).
2017-06-30 18:16:58 +02:00
John Ericson
16be434b0b Merge accepted cross compilation PRs into staging 2017-06-28 23:17:21 -04:00
John Ericson
e1faeb574a Merge pull request #26884 from obsidiansystems/purge-stdenv-cross
Purge stdenv cross
2017-06-28 21:39:16 -04:00
hsloan
49347667a8 gcc-wrapper-old: Don't use stdenv.cross
Take the dynamic linker logic for cc-wrapper for now
2017-06-28 18:42:00 -04:00
John Ericson
c23028bdad cc-wrapper: Also export env var for windres, when it is present 2017-06-28 18:31:37 -04:00
John Ericson
deb8fae4c0 make-initrd: Don't use stdenv.cross 2017-06-28 18:21:05 -04:00
Michael Fellinger
54419f3016 using inherited instead 2017-06-27 22:22:08 +02:00
Michael Fellinger
704e04b108 dockerTools.buildImage: configurable timestamp
This way not all images have to be from 47 years ago, making it much easier to find the one you're looking for.
2017-06-27 22:11:17 +02:00
David McFarland
63a1a2ac63 stdenv: disable -fPIC on cygwin
It's always on, and you get a warning if you specify it
2017-06-26 09:33:44 -03:00
David McFarland
dd8d0e3000 cygwin: force native symlinks for libraries
This will override the existing winsymlinks setting.  nativestrict
will cause ln to fail if it's unable to create a native symlink.
Native symlinks are required for the windows dll loader to find the
libraries.

This script is also used for cross-mingw, but setting CYGWIN
shouldn't cause a problem.
2017-06-26 09:26:10 -03:00
Franz Pletz
40a04291c9
Merge branch 'master' into staging 2017-06-26 02:23:38 +02:00
Franz Pletz
d42f502c84
Revert "cc-wrapper: add stackcheck hardening (stack clash)"
This reverts commit 4150f5e8ba.

The stack protector hardening breaks the llvm_4 build.
2017-06-26 01:12:38 +02:00
Franz Pletz
a4252649bf
Revert "cc-wrapper: fix darwin"
This reverts commit c3a8595276.

The stack protector hardening breaks the llvm_4 build.
2017-06-26 01:12:11 +02:00
Jörg Thalheim
7a10cc84a0 rustRegistry: switch to mkDerivation
fixes #26582
2017-06-25 11:56:29 +01:00
tilpner
c610f99d8f Expose custom Rust registry versions
This allows users to specify a custom registry src,
because currently every packager would need to create
an outdated Cargo.lock just to be compatible with the
probably outdated rustRegistry in nixpkgs.

Currently there is no easy way to convince cargo to
do that, so this makes that workaround unnecessary.
2017-06-25 11:56:15 +01:00
Bjørn Forsman
b8658f629b fetchgit: support "git@server:repo" URLs
Update the code that extracts the base name from a git repo URL so that
it can deal with URLs like "git@server:repo".
2017-06-24 14:34:08 +02:00
John Ericson
87fab3d6a5 Merge some merged cross-compilation PRs into into staging 2017-06-23 20:24:27 -04:00
John Ericson
12795a7068 misc: Remove almost all uses of stdenv.{ccCross,binutils} 2017-06-22 17:53:52 -04:00
John Ericson
c2e2152afc cc-wrapper: Port over finding of dynamic linker from gcc-cross-wrapper
At the next break, we can deduplicate and go for the best of both
worlds.
2017-06-22 17:53:36 -04:00
John Ericson
0aee847858 cc-wrapper: Make the cross compiler use a crossEnvHook
This is a hack until stdenv's setup.hs gets overhauled
2017-06-22 17:52:29 -04:00
Ross MacLeod
c1fb71b74a cc-wrapper: when cross building, wedge in setting AR, AS, and LD env vars to their cross building versions
I think it's ok to export things which aren't wrapped. The cc-wrapper
can be thought of as responsible for all of binutils and the c
compiler, only wrapping those binaries which are necessary to
interposition---as opposed to all binaries it thinks are relevaant.

Conversely, adding the setup hook to the unwrapped compilers would be
unforunate as hooks are ugly hacks and the compilers themselves take
a long time to rebuild. Better to wholely separate "pure packages" from
hacks.
2017-06-22 17:52:28 -04:00
John Ericson
121e7d9335 gcc-cross-wrapper: Remove in favor of newly-cross-supporting cc-wrapper 2017-06-22 17:52:28 -04:00
John Ericson
8a7433fca4 cc-wrapper: Temporarily got to great lengths to avoid mass-rebuild
Eventually we should avoid this "pre-wrapping" and just update those
files in nixpkgs. This mass-rebuild change is best done along with
those needed to reduce the disparity between native and cross (i.e.
making native the "identity cross").
2017-06-22 17:52:28 -04:00
John Ericson
0f0383394d cc-wrapper: Salt environment variables with LLVM triples
We now (on cross) require per-target flag interposition by putting the
triple in the names of the relevant environment variables, e.g:

export NIX_arm_unknown_linux_gnu_CFLAGS_COMPILE=...

The wrapper also has a `infixSalt` attribute (and "_" prefixed and
suffixed variants) to assist downstream packages.

Note how that the dashes are replaced to keep the identifier valid.
Using names like this allows us to keep the settings for different
compilers seperate.

I think it might be even better to use names like `NIX_{BUILD,HOST}...`
using the platform's role rather than the platform itself, but this
would be more work as the previous stages' tools would have to be re-
wrapped to take on their new role. I therefore didn't do this for now,
but that route should be thoroughly explored in the future.
2017-06-22 17:52:28 -04:00
John Ericson
04a3cad968 cc-wrapper: Add support for no libc whatsoever 2017-06-22 17:52:27 -04:00
John Ericson
d70e7263f4 cc-wrapper: Simplify and correct logic to chose dynamic linker library 2017-06-22 17:52:27 -04:00
John Ericson
459f1c60f5 cc-wrapper: Learn about target prefixes
This is first step towards getting rid of gcc-wrapper-cross
2017-06-22 17:52:27 -04:00
John Ericson
c4ba2e3ef6 cc-wrapper: Remove stdenv.is* for targetPlatform.is*
Modify bootstrapping stdenvs to make sure `targetPlatform` also passed.
2017-06-22 17:52:27 -04:00
Franz Pletz
c3a8595276
cc-wrapper: fix darwin
Clang doesn't support -fstack-check=specific, only -fstack-check. Still a
noop, though.
2017-06-22 02:44:04 +02:00
Franz Pletz
4150f5e8ba
cc-wrapper: add stackcheck hardening (stack clash)
This fixes the Stack Clash issue rediscovered by Qualys. See
https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt
for more information on the topic, specifically section III.

We don't have the kernel mitigation available because it is a Grsecurity
feature which we don't support anymore. Other distributions like Gentoo
Hardened and Arch already have `-fstack-check` enabled by default.

See the Gentoo page on Stack Clash for more information on this solution:
https://wiki.gentoo.org/wiki/Hardened/Gentoo_Hardened_and_Stack_Clash

This unfortunately doesn't apply to clang because `-fstack-check` is a
noop there. Note that the GCC implementation also has problems that could
be exploited to circumvent these checks but it is still better than
keeping it disabled.
2017-06-22 00:41:53 +02:00
Franz Pletz
6338c50a84
Merge branch 'master' into staging 2017-06-22 00:41:25 +02:00
Domen Kožar
55616ad938 Merge pull request #26554 from orivej/rsp
Speed up parsing @args.rsp compiler arguments
2017-06-19 11:39:17 +02:00
Thomas Tuegel
be7b7d908f
Remove kdeWrapper 2017-06-18 08:43:39 -05:00
Thomas Tuegel
7b6f8dc77f
qt5: move kdeDerivation to qt5.mkDerivation 2017-06-18 08:42:19 -05:00
Orivej Desh
5413bfa8e3 Speed up parsing @args.rsp compiler arguments
Improves upon #25205

https://gist.github.com/pbogdan/9d6986bf931b58a70d75e14eb40ee8a1 parsing time is
reduced from one minute to one second
2017-06-14 18:56:44 +00:00
Profpatsch
79dd4deda5 Ultrastar (#26524)
* ultrastardx-beta: init at 1.3.5

* libbass, libbass_fx: init at 24

* ultrastar-creator: init at 2017-04-12

* buildSupport/plugins.nix: add diffPlugins

Helper function to compare expected plugin lists to the found plugins.

* ultrastar-manager: init at 2017-05-24

The plugins are built in their own derivations, speeding up (re-)compilation.
The `diffPlugins` function from `beets` is reused to test for changes in the
plugin list on updates.

* beets: switch to diffPlugins

The function is basically just extracted for better reusability.
2017-06-14 11:29:31 +02:00
Jörg Thalheim
557cc2cb63 Merge pull request #26372 from risicle/fetchsvn-unicode
fetchsvn: set LC_ALL in builder to allow svn to handle unicode filenames
2017-06-10 12:00:03 +01:00
Jörg Thalheim
e2197465c1
cc-wrapper: externalize default_cxx_stdlib_compile
This value is require to get c++ std include path for libclang based tools (vim plugins in my case).
I currently extract it this with this rather command:

```
eval echo $(nix-instantiate --eval --expr 'with (import <nixpkgs>) {}; clang.default_cxx_stdlib_compile')
```

it did not trigger any recompilation on my system.
2017-06-08 19:50:40 +01:00
Jan Malakhovski
d73ef2636f fetchurl: add some https ImageMagick mirrors 2017-06-07 15:27:03 +02:00
Eelco Dolstra
0996ea8a68
NixOS VM tests: Don't create a setgid group in vde_switch
Nix no longer allows this for security reasons.

http://hydra.nixos.org/build/53993125
2017-06-07 11:57:36 +02:00
Robert Scott
60dcb9cc01 fetchsvn: set LC_ALL in builder to allow svn to handle unicode filenames 2017-06-04 13:41:28 +01:00
Jörg Thalheim
ee22e3de08 Merge pull request #26358 from LnL7/fetchgit-postfetch
fetchgit: add postFetch argument
2017-06-04 11:14:03 +01:00
Joe Hermaszewski
a81f45386b fetchdarcs: Use NIX_SSL_CERT_FILE
`SSL_CERT_FILE` has been replaced with `NIX_SSL_CERT_FILE`.

Before this change using `fetchdarcs` resulted in an error message like:

```
Identifying repository http://hub.darcs.net/scravy/easyplot inventory

darcs failed:  Not a repository: http://hub.darcs.net/scravy/easyplot (Peer certificate cannot be authenticated with given CA certificates)

HINT: Do you have the right URI for the repository?

builder for ‘/nix/store/imyvcs6lvb5yva66krc5wk39931sam8v-fetchdarcs.drv’ failed with exit code 2
```
2017-06-03 20:35:37 +01:00
Daiderd Jordan
7567c5c1ee
fetchgit: add postFetch argument 2017-06-03 20:51:01 +02:00
Rodney Lorrimar
9e56cddf13 emacsWithPackages: support installing larger packages
I was getting the following error building tide from Melpa:

    nix-build  -E '(import <nixpkgs> {}).emacs25WithPackages (p: [p.melpaPackages.tide])'

    File tide-20170509.1134.tar is large (10.2M), really open? (y or n) Error reading from stdin
    builder for ‘/nix/store/gs9ik7yf8iilsikkfing74i70m0diax3-emacs-tide-20170509.1134.drv’ failed with exit code 255
    cannot build derivation ‘/nix/store/m3p080aani4rw82llp8nqk93cw2nvirk-emacs-with-packages-25.2.drv’: 1 dependencies couldn't be built

Solution was to disable the large file warning threshold when
installing packages.
2017-05-29 12:56:09 +01:00
Ryan Trinkle
0916c26ed6 symlinkJoin: eliminate lndir spam
By default lndir outputs the name of each subdirectory as it descends into it; this commit gives it the -silent flag to disable this behavior
2017-05-27 16:19:34 -04:00
Jaka Hudoklin
112f5229d8 Merge pull request #26131 from matejc/pkgs/build-support/docker/pull
docker tools: fix pull image function
2017-05-27 12:44:34 +02:00
Matej Cotman
8d3cb0af9e docker tools: fix pull image function 2017-05-26 18:48:16 +02:00
Vladimír Čunát
00672dec8a
Merge older staging
This still causes some uncached rebuilds, but master(!) and staging
move too fast forward rebuild-wise, so Hydra might never catch up.
(There are also other occasional problems.)
Therefore I merge at this point where the rebuild isn't that bad.
2017-05-26 15:45:43 +02:00
Eelco Dolstra
dc4e2cd70f Merge pull request #26062 from cleverca22/libredirect
libredirect: allow null paths
2017-05-24 18:09:55 +02:00
Mateusz Naściszewski
00572d595c
ipfs: 0.4.6 -> 0.4.9 2017-05-24 16:31:17 +02:00
michael bishop
5677ce2008
libredirect: allow null paths 2017-05-24 11:29:06 -03:00
Vladimír Čunát
8004e79415
Merge branch 'master' into staging 2017-05-24 03:24:06 +02:00
Benno Fünfstück
19d3cf81d3 rust: fix fetch-cargo-deps for git dependencies
We need to make sure that `$revs` ends with a space, since files must always
end with newlines. The previous code ignored the last entry in `$revs`, because
read already returns non-zero exit code for the last entry, as it does not end
with a space.
2017-05-23 10:01:33 +02:00
Frederik Rietdijk
99cfab07b9 Merge remote-tracking branch 'upstream/master' into HEAD 2017-05-22 09:21:40 +02:00
Matthew Bauer
2c0006521b
emacsWithPackages: wrap MacOS app
fixes #22893
2017-05-20 18:51:32 -05:00
Shea Levy
b71b7ee622 fetchFromGitHub: Allow private repos, hosted githubs 2017-05-19 15:38:01 -04:00
Vladimír Čunát
8b01ec9a9e
Merge branch 'master' into staging 2017-05-10 00:54:53 +02:00
Eelco Dolstra
31c2d20621
debian: 8.7 -> 8.8 2017-05-08 16:02:38 +02:00
Eelco Dolstra
94d164dd7f
Add a setup hook for detecting $TMPDIR references in RPATHs and wrapper scripts 2017-05-04 20:23:57 +02:00
Linus Heckemann
33962a4420 stdenv: fix "grep: invalid range" 2017-05-04 16:54:01 +01:00
Frederik Rietdijk
c520e79842 Merge remote-tracking branch 'upstream/master' into HEAD 2017-05-03 09:59:49 +02:00
Vladimír Čunát
1bcd56b6e6
Merge branch 'master' into staging
There's been a very large rebuild on master, unfortunately.
pytestcov conflict: I'm not really sure what should be propagated.
2017-05-02 16:01:48 +02:00
Utku Demir
5a78bed2bb Fix documentation of emacsWithPackages
After [this change](901a778c77), it should be `overrideScope` instead of `override`.
2017-05-02 09:52:04 +12:00
Michael Raskin
f3b45f83b5 Merge pull request #25205 from orivej/rsp
Fix parsing @args.rsp compiler arguments
2017-05-01 18:48:11 +02:00
Shea Levy
8a1707ad0d nixBufferBuilders: Add haskellMonoRepo builder 2017-05-01 11:44:21 -04:00
rht
5628cebcf0 /bin/sh -> ${stdenv.shell} 2017-04-30 17:01:07 +02:00
Thomas Tuegel
4e0d21edd1 Merge pull request #25285 from ttuegel/qt--fix-plugin-paths
Qt: purify plugin paths, unify Linux and Darwin builders
2017-04-30 07:33:50 -05:00
Joachim Fasting
ab4fa1cce4
tree-wide: prune some dead grsec leaves
The beginning of pruning grsecurity/PaX from the tree.
2017-04-30 12:05:41 +02:00
Peter Simons
d1008a9a5f Merge pull request #25299 from ahmedtd/fix-wrap-gapps-hook
wrapGAppsHook: Correct `wrapProgram` invocations
2017-04-29 10:33:52 +02:00
Taahir Ahmed
2cd342cfb3 wrapGAppsHook: Correct wrapProgram invocations
This change fixes several defects in the way `wrapGAppsHook` selected
the executable to wrap.

Previously, it would wrap any top-level files in the target `/bin` and
`/libexec` directories, including directories and non-executable
files.  In addition, it failed to wrap files in subdirectories.

Now, it uses `find` to iterate over these directory hierarchies,
selecting only executable files for wrapping.
2017-04-28 15:24:50 -05:00
Peter Simons
5c25c33a05 wrapGAppsHook: Revert "Correct wrapProgram invocations"
This reverts commit 8b9f153bb9 of
https://github.com/NixOS/nixpkgs/pull/25183 because it breaks builds of
packages that don't install both a "bin" and a "libexec" directory. See
https://github.com/NixOS/nixpkgs/pull/25183#issuecomment-298064769 for more
details.
2017-04-28 20:01:33 +02:00
Thomas Tuegel
394885daec
kdeWrapper: prefix Qt search paths 2017-04-28 05:54:20 -05:00
Peter Simons
edcff000d4 Merge pull request #25183 from ahmedtd/fix-wrap-gapps-hook
wrapGAppsHook: Correct `wrapProgram` invocations
2017-04-28 11:13:12 +02:00
Renzo Carbonara
d3bf2afc54 fetchdarcs: add SSL_CERT_FILE environment variable 2017-04-26 22:23:00 +02:00
Dan Peebles
9e764af72f fetchs3: init simple S3 downloader 2017-04-25 22:01:32 -04:00