This file was removed in 6f0b538044, but sufficient care was not taken
to remove all references to it. Without this change, trying to
rebuild nixos fails.
Fixes a number of CVEs:
- a DNS request hijacking vulnerability. (CVE-2017-0902)
- an ANSI escape sequence vulnerability. (CVE-2017-0899)
- a DoS vulnerability in the query command. (CVE-2017-0900)
- a vulnerability in the gem installer that allowed a malicious gem to overwrite arbitrary files. (CVE-2017-0901)
Set LD=$CC to fix this build error:
...
ExtUtils::Mkbootstrap::Mkbootstrap('blib/arch/auto/Boost/Geometry/Utils/Utils.bs')
ld -shared -O2 -L/nix/store/sgjc1147vi5hd57ck9xgck5xjkydg5lz-glibc-2.25/lib -fstack-protector-strong -o blib/arch/auto/Boost/Geometry/Utils/Utils.so buildtmp/Utils.o -lstdc++
buildtmp/Utils.o: In function `_GLOBAL__sub_I_Utils.c':
Utils.c:(.text.startup+0x1a): undefined reference to `__dso_handle'
/nix/store/yf4p5w2v4h4i8rja9zw1akp007av624j-binutils-2.28.1/bin/ld: buildtmp/Utils.o: relocation R_X86_64_PC32 against undefined hidden symbol `__dso_handle' can not be used when making a shared object
/nix/store/yf4p5w2v4h4i8rja9zw1akp007av624j-binutils-2.28.1/bin/ld: final link failed: Bad value
error building blib/arch/auto/Boost/Geometry/Utils/Utils.so from buildtmp/Utils.o at /nix/store/7q2hps69zkj501lsmvnd2ry95mmdbh80-perl-5.24.2/lib/perl5/5.24.2/ExtUtils/CBuilder/Base.pm line 321.
builder for ‘/nix/store/bdwqvgxlgcqsmlqfh0d74jkpw96p78kh-perl-Boost-Geometry-Utils-0.15.drv’ failed with exit code 2
error: build of ‘/nix/store/bdwqvgxlgcqsmlqfh0d74jkpw96p78kh-perl-Boost-Geometry-Utils-0.15.drv’ failed
I realize that advanced users like to configure services with Nix
attrsets, but I don't think we should remove the option to use the
(configuration) language provided by upstream.
While we tell pip not to fetch (with the `--no-index` option),
`setuptools` can do so itself. In the past we used a `distutils.cfg`
with `allow-hosts = None` to prevent setuptools from fetching itself.
This was removed when we started building wheels in
2562f94de4e4fd2ddc677187fa2e2848L69.
The `dist-utils.cfg` code was still there, and adding it to
`buildInputs` is sufficient.
Tested with python.pkgs.passlib by removing the `checkInputs` / `nose`.
Otherwise if you try to listing all available packages, you will get a
hard error on platforms not supported by this package. Consequently the
tarball job was broken.