Commit Graph

2737 Commits

Author SHA1 Message Date
Charles Strahan
806edaa0a2
hardening: ld wrapper changes, setup-hook, etc 2018-03-06 19:21:10 -05:00
Charles Strahan
634c748050
hardening: initial cross support 2018-03-06 18:03:13 -05:00
Charles Strahan
fc46895e86
hardening: allow user supplied flags to override
Put hardening flags before user supplied flags.
2018-03-06 00:30:09 -05:00
Charles Strahan
cc7ce57f86
hardening: clarify the whitelist logic
Per @Ericson2314's suggestion [1], make it more clear that the active
hardenings are decided via whitelist; the blacklist is merely for the
debug messages.

1: 36d5ce41d4 (r133279731)
2018-03-06 00:30:09 -05:00
Charles Strahan
9920923cde
hardening: fix careless bugs
I got a substitution backwards (used '+' instead of '-').

Also, this now works under `set -u` (had to fix a couple unbound
variable references).
2018-03-06 00:30:08 -05:00
Charles Strahan
0937df463f
hardening: fix bug/typo 2018-03-06 00:30:08 -05:00
Charles Strahan
9fe17b2153
hardening: fix #18995 2018-03-06 00:30:00 -05:00
Vladimír Čunát
a373fe8322
makeInitrd: explain why we don't use closureInfo
/cc #36268.
2018-03-05 13:04:55 +01:00
Eelco Dolstra
165b32d386
Revert "makeInitrd: Use closureInfo"
This reverts commit 776a5e6ebf.

Fixes #36268.
2018-03-05 12:49:59 +01:00
Franz Pletz
0f78afdf25
Merge pull request #32248 from awakesecurity/parnell/fetchdocker
Support fetching docker images from V2 registries
2018-03-04 17:10:27 +00:00
Vladimír Čunát
b70c93f211
Merge branch 'master' into nix-2.0 2018-03-03 18:02:35 +01:00
Shea Levy
95579af5ec
Merge remote-tracking branch 'origin/staging' into cross-nixos 2018-03-01 14:56:58 -05:00
Tuomas Tynkkynen
b8b2225f6b Merge remote-tracking branch 'upstream/master' into staging 2018-03-01 06:09:20 +02:00
Shea Levy
6a32291523
makeModulesClosure: Fix cross-compilation 2018-02-28 15:01:32 -05:00
Shea Levy
7f623cfa45
callCabal2nix: Fix filtering for non-cleanSourceable sources.
What was here before wasn't correct anyway, and now it works in
restricted mode.

Fixes #35207
2018-02-28 14:22:19 -05:00
Tuomas Tynkkynen
34f95d92a2 Merge remote-tracking branch 'upstream/master' into staging
Conflicts:
	pkgs/applications/misc/pytrainer/default.nix
	pkgs/development/tools/pew/default.nix
	pkgs/tools/misc/you-get/default.nix
2018-02-28 20:52:49 +02:00
Will Dietz
f14ff86ec9 bintools-wrapper: fix breakage on aarch64, where "isArm" is false
Unintentionally changed in #35247
2018-02-28 09:42:13 -06:00
John Ericson
dfc5d7835d
Merge pull request #35247 from telent/mips32
lib, treewide: Add missing MIPS arches, and fix existing usage
2018-02-27 14:01:15 -05:00
Eelco Dolstra
0d00215880
Cleanup 2018-02-27 19:59:26 +01:00
John Ericson
4a29081a94
Merge pull request #35071 from oxij/stdenv/infopages
stdenv, bash: fixing info pages and stuff
2018-02-26 18:06:11 -05:00
Jan Malakhovski
f1074211ce cc-wrapper: allow building without documentation, propagate info pages 2018-02-26 22:42:33 +00:00
Jan Malakhovski
0ab1067d12 bintools-wrapper: allow building without documentation 2018-02-26 22:42:32 +00:00
Vladimír Čunát
f5ce8f86df
Revert "Merge staging at '8d490ca9934d0' into master"
This reverts commit fc23242220, reversing
changes made to 754816b84b.
We don't have many binaries yet.  Comment on the original merge commit.
2018-02-26 22:53:18 +01:00
Frederik Rietdijk
fc23242220 Merge staging at '8d490ca9934d0c01e1e9ade455657e54e2e843c0' into master 2018-02-26 13:05:32 +01:00
Frederik Rietdijk
4f08b0fbac Merge remote-tracking branch 'upstream/master' into HEAD 2018-02-26 10:50:18 +01:00
Jan Tojnar
a31d98f312
tree-wide: autorename gnome packages to use dashes 2018-02-25 17:41:16 +01:00
Jörg Thalheim
de87c0348c
Merge pull request #35176 from abbradar/update-vm
vmTools: update distributions
2018-02-24 10:08:17 +00:00
Daniel Barlow
9c50ae6898 lib, treewide: Add missing MIPS arches, and fix existing usage
Existing "mips64el" should be "mipsel".

This is just the barest minimum so that nixpkgs can recognize them as
systems - although required for building individual derivations onto
MIPS boards, it is not sufficient if you want to actually build nixos on
those targets
2018-02-23 20:43:42 -05:00
Eelco Dolstra
8c6f9223d0
Merge pull request #35402 from shlevy/closure-info-total-size
closureInfo: Report the total closure size.
2018-02-23 17:02:33 +01:00
Shea Levy
adf8074abe
closureInfo: Report the total closure size.
This can be useful for e.g. preallocating disk image sizes.
2018-02-23 10:52:37 -05:00
Nikolay Amiantov
a984be41ab Merge branch 'master' into staging 2018-02-23 18:51:08 +03:00
Eelco Dolstra
776a5e6ebf
makeInitrd: Use closureInfo 2018-02-23 16:41:31 +01:00
Yurii Rashkovskii
e1aecec4cd
build-support/rust: make use of abandoned cargoUpdateHook
Previously, cargoUpdateHook was meaningful as it was used
in
[`cargo-fetch-deps`](19d3cf81d3/pkgs/build-support/rust/fetch-cargo-deps (L71)).

However, this entire file was removed in
5f8cf0048e. As far as I can
tell, nothing in the code is using it, but it is still
being passed around:
https://github.com/NixOS/nixpkgs/search?q=cargoUpdateHook&type=Code&utf8=%E2%9C%93

There are, however, legitimate use cases for it. For example,
in some software, some dependencies are not locked in Cargo.toml
and this causes Cargo to try fetching another version of them.
This doesn't work well with vendoring crates.

This hook allows to inject patching or whatever necessary workarounds
in the crate vendoring process. I suppose that's what it was for
in there in the first place.

This patch restores this hook and makes it usable again.
2018-02-23 11:17:03 +07:00
Eelco Dolstra
d12c9911df
Merge remote-tracking branch 'origin/master' into nix-2.0 2018-02-22 17:28:51 +01:00
John Ericson
e42e6d2f0e
Merge pull request #35266 from abbradar/cc-bools
cc-wrapper: fix bool handling for empty and zero values
2018-02-21 17:00:42 -05:00
Nikolay Amiantov
9a9c2e6579 cc-wrapper: fix bool handling for empty and zero values
Before the code would fail silently for zero values and with some output for
empties. We now currently handle both via defaulting value to zero and making
`let` return success error code when there's no syntax error.
2018-02-21 23:54:31 +03:00
Nikolay Amiantov
c811c35b9c vmTools: update distributions
Drop currently unsupported releases.
Add Fedora 26 and 27.
Update CentOS.
Add Debian 9.
Add Ubuntu 17.10.
2018-02-21 15:41:46 +03:00
Nikolay Amiantov
430e0f4a80 buildBazelPackage: init
A separate function for building Bazel-bazed packages. Internally it splits the
build into two phases, fetching and building.

Users are expected to provide `fetchArgs.sha256` -- checksum of fetched
dependencies. Local dependencies should be removed in `fetchArgs.preInstall`.
Overall `fetchArgs` and `buildArgs` can be used to add specific steps to fetch
and build.
2018-02-20 20:39:49 +03:00
Jörg Thalheim
c7aa4fd65b
Merge pull request #35177 from abbradar/fix-debbuild
debBuild: install all packages at once to avoid dependency management
2018-02-20 11:07:44 +00:00
Jörg Thalheim
f61e8d98ff
rust: 1.22.1 -> 1.24.0 2018-02-20 09:59:26 +00:00
Pierre-Etienne Meunier
8e5ab6e7ac BuildRustCrate: more general overrides, and handling the "dylib" crate type (#35171)
* buildRustCrate: adding a symlink from libblah-xxxxx.so to libblah.so
* BuildRustCrate: overriding phases
* Carnix: 0.6.5 -> 0.6.6
* Fixing symlink_dependencies --buildDep
* Shorter symlink_dependencies
* running `runHook postBuild` *after* the build
2018-02-20 08:55:04 +01:00
Nikolay Amiantov
c55b2fa7cd debBuild: install all packages at once to avoid dependency management 2018-02-19 16:07:40 +03:00
Jan Malakhovski
a89899ce4e fetchurl: cleanup, better errors
Also fix what seems like bugs in uncommon `stdenv`s.
2018-02-18 14:24:53 +00:00
Vladimír Čunát
b5aaaf87a7
Merge staging and PR #35021
It's the last staging commit (mostly) built on Hydra,
and a minimal fix for Darwin regression in pysqlite.
2018-02-16 09:13:12 +01:00
Matthew Justin Bauer
a5e28a554e
nix-buffer: make eshell-path-env be inherited 2018-02-15 17:30:59 -06:00
Nikolay Amiantov
56e0943b08 makeModulesClosure: support firmware
Link it in stage 1.
2018-02-16 00:11:07 +02:00
Frederik Rietdijk
672bb6b4ab Merge remote-tracking branch 'upstream/master' into HEAD 2018-02-14 21:30:08 +01:00
Antoine Eiche
ce838e52b9 dockerTools.buildImage: do not add /nix/store in the tar stream
Since the /nix/store directory is not immutable, tar can fails if it
has to push it into the layer archive.

Fixes #34137.
2018-02-14 06:40:41 +01:00
Parnell Springmeyer
0a603ee165
Merge remote-tracking branch 'upstream/master' into parnell/fetchdocker 2018-02-13 17:28:45 -06:00
Stewart Mackenzie
a5cabdb6b1 buildRustCrate: add a postInstall phase (#34906) 2018-02-13 17:28:32 +01:00
Will Dietz
d5916a84cf bintools-wrapper: teach about musl dynamic linkers 2018-02-13 09:44:33 -06:00
Shea Levy
038b893338
Merge branch 'patch-9' of git://github.com/matthewbauer/nixpkgs 2018-02-12 09:33:25 -05:00
Peter Hoeg
8016f9b4c9
Merge pull request #34611 from peterhoeg/p/descent
descent 1 & 2: use assets from gog.com with the dxx-rebirth project
2018-02-12 22:31:41 +08:00
Peter Hoeg
126cc690ac build-support gogUnpackHook: support for unpacking games from gog.com 2018-02-12 22:28:06 +08:00
Matthew Justin Bauer
5b59084e00
Filter nix-buffer packages
Null packages cause an error
2018-02-11 21:52:16 -06:00
pe@pijul.org
113591c803 defaultCrateOverrides: add pq-sys
fixes #34228
2018-02-10 06:59:56 -06:00
pe@pijul.org
508bf1b318 defaultCrateOverrides: add thrussh-libsodium 2018-02-10 06:59:56 -06:00
aszlig
1cba74dfc1
setup-hooks: Add autoPatchelfHook
I originally wrote this for packaging proprietary games in Vuizvui[1]
but I thought it would be generally useful as we have a fair amount of
proprietary software lurking around in nixpkgs, which are a bit tedious
to maintain, especially when the library dependencies change after an
update.

So this setup hook searches for all ELF executables and libraries in the
resulting output paths after install phase and uses patchelf to set the
RPATH and interpreter according to what dependencies are available
inside the builder.

For example consider something like this:

stdenv.mkDerivation {
  ...
  nativeBuildInputs = [ autoPatchelfHook ];
  buildInputs = [ mesa zlib ];
  ...
}

Whenever for example an executable requires mesa or zlib, the RPATH will
automatically be set to the lib dir of the corresponding dependency.

If the library dependency is required at runtime, an attribute called
runtimeDependencies can be used to list dependencies that are added to
all executables that are discovered unconditionally.

Beside this, it also makes initial packaging of proprietary software
easier, because one no longer has to manually figure out the
dependencies in the first place.

[1]: https://github.com/openlab-aux/vuizvui

Signed-off-by: aszlig <aszlig@nix.build>
Closes: #34506
2018-02-10 00:27:24 +05:30
Eelco Dolstra
5193807750
VM tests: Initialize the Nix database with correct NAR hashes/sizes 2018-02-07 15:49:02 +01:00
gnidorah
810a19bab3 way-cooler: 0.6.2 -> 0.8.0 2018-02-04 05:17:53 +03:00
Jörg Thalheim
2a2c8eab26 rust: fix evaluation 2018-02-04 00:09:00 +00:00
Jörg Thalheim
6580b18d3f cargo-vendor: move to all-packages 2018-02-03 22:35:27 +00:00
pe@pijul.org
8f20e7ce3a carnix: 0.6.0 -> 0.6.5 2018-02-03 22:31:54 +00:00
Jörg Thalheim
8ee54334e9
Merge pull request #33980 from thefloweringash/cargo-vendor-carnix
cargo-vendor: Build from source using carnix
2018-02-03 10:28:57 +00:00
Tuomas Tynkkynen
10c8e6d0c5 Merge remote-tracking branch 'upstream/master' into staging 2018-02-03 02:50:21 +02:00
Vladimír Čunát
2fb4606f38
Merge branch 'master' into staging
Haskell rebuild.
Hydra: ?compare=1430378
2018-02-01 09:36:23 +01:00
Shea Levy
943592f698
Add setFunctionArgs lib function.
Among other things, this will allow *2nix tools to output plain data
while still being composable with the traditional
callPackage/.override interfaces.
2018-01-31 14:02:19 -05:00
Tuomas Tynkkynen
71631a922b runInLinuxVM: Use QEMU command line that works on other architectures
... by moving the existing definition to qemu-flags.nix and reusing
that.
2018-01-30 16:57:27 +02:00
Tuomas Tynkkynen
8c4f8c51a6 runInLinuxVM: Don't hardcode x86-specific serial device 2018-01-30 16:57:27 +02:00
Vladimír Čunát
2d2dbe083f
Merge branch 'master' into staging
Hydra: ?compare=1429281
2018-01-27 09:14:22 +01:00
John Ericson
57b01b1bcf lib, openssl: Get rid of openssl.system
We compute it on the fly, careful to avoid any mass rebuilds for now.
2018-01-26 21:22:00 -05:00
Pierre-Etienne Meunier
6fbaa05dd1 Carnix 0.6 (#34238) 2018-01-26 10:53:18 +00:00
Will Dietz
0e95bed017 nix-prefetch-git: fix extraction of submodule hashes on latest git
Summary:

According to git-submodule manpage,
"git submodule status" prefixes the hash with a '-' if it is not
initialized, and other chars in other circumstances.
(this is consistent on the various git versions tested)

nix-prefetch-git runs "git submodule init" which does you'd think,
but apparently despite this earlier versions of git before 2.16
would still give the hash the '-' suffix.
In particular this is the behavior when using 2.15 and 2.14.1
from the nixos-17.09 and nixos-17.03 channels respectively.

The script then used awk to drop the first char of the first field
which does the wrong thing when there is no prefix emitted:
while there is a space character before the hash, this is not
part of the field and so we ended up eating the first character
of the hash.

To fix this in a way that also works with the previous behavior,
this commit instead uses awk to grab the hash field
and uses tr to delete any '-' chars should they be present.

This seems to work in my testing, and for example can now
successfully fetch the source for "nginxModules.brotli"
where previously it would generate an error:

fatal: '22564a95d9ab58865a096b8d9f7324ea5f2e03e' is not a commit and a branch 'fetchgit' cannot be created from it

(we dropped a '2' from the beginning of the hash)
2018-01-24 20:18:59 +02:00
Frederik Rietdijk
6b0873440b Merge remote-tracking branch 'upstream/master' into HEAD 2018-01-22 16:09:11 +01:00
Tuomas Tynkkynen
95880aaf06 nixos/initrd: Don't include some x86-specific modules unconditionally 2018-01-22 12:53:33 +02:00
Tuomas Tynkkynen
44326993f4 build-support/vm: Autodetect kernel filename
It's 'Image' on AArch64.
2018-01-22 12:53:24 +02:00
Yegor Timoshenko
4b1b6ee6d1
patchShebangs: preserve times, resolves #33084
Close #33281.  Edits by vcunat:
 - use Eelco's idea: empty file instead of full copy
 - use longer name suffix to decrease the likelihood of collision
2018-01-21 12:09:07 +01:00
John Ericson
5708396f47
Merge pull request #34018 from obsidiansystems/fetchpatch
fetchpatch: Add support for an arbitrary extra prefix
2018-01-18 12:39:39 -05:00
John Ericson
9bd437d4b4 fetchpatch: Add support for an arbitrary extra prefix
We still ensure the old and new ones start, respectfully, with `a/` and
`b/`. Use with `stripLen` to ensure tha the old `a/` and `/b` are gone
if a new prefix is added.
2018-01-18 12:19:49 -05:00
Andrew Childs
be797f7e1c cargo-vendor: Build from source using carnix
Removes a binary bootstrap, and enables cargo-vendor on aarch64.
2018-01-18 20:44:42 +09:00
Andrew Childs
62dcb3d5d0 buildRustCrate: Allow arbitrary attributes in crateOverrides 2018-01-18 20:42:00 +09:00
Tuomas Tynkkynen
6ed0fe7e45 Merge remote-tracking branch 'upstream/master' into staging
Conflicts:
	pkgs/build-support/fetchbower/default.nix
	pkgs/build-support/fetchdarcs/default.nix
	pkgs/build-support/fetchgx/default.nix
	pkgs/development/python-modules/botocore/default.nix
	pkgs/os-specific/linux/firmware/firmware-linux-nonfree/default.nix
	pkgs/tools/admin/awscli/default.nix
2018-01-14 21:18:27 +02:00
Shea Levy
4e78aeb441
callCabal2nix: Fix calling with a path in the store. 2018-01-11 10:17:56 -05:00
John Ericson
e017a027d5
Merge pull request #33681 from obsidiansystems/fixed-output-deps
Fixed output deps
2018-01-10 14:28:10 -05:00
Parnell Springmeyer
e4ec980e9c
Merge remote-tracking branch 'upstream/master' into parnell/fetchdocker 2018-01-10 10:13:49 -08:00
John Ericson
888404f11b treewide: Fix deps in a few other fixed output derivations 2018-01-10 11:18:44 -05:00
John Ericson
940c4fa3f5 treewide: Fetchers should use stdenvNoCC. 2018-01-10 11:18:44 -05:00
John Ericson
3d59b4d285 treewide: Fixed output fetch* derivations should use nativeBuildInputs 2018-01-09 20:14:46 -05:00
Robin Gloster
7c5430c27c
Revert "rust: store the cargo-vendor config"
This reverts commit 0af2c5891b.

See 0af2c5891b (commitcomment-26737983)
This breaks the cargoSha256 hashes.
2018-01-09 15:03:03 +01:00
Will Dietz
9721ed22e8 schedulingPriority should be an int, fix check-meta type and in-tree use 2018-01-09 07:25:24 -06:00
zimbatm
0af2c5891b rust: store the cargo-vendor config
cargo-vendor generates almost the right cargo config. Store it with the
vendored files and patch it on use.

This allows to re-use the generated config when using git dependencies.
2018-01-09 03:37:53 +01:00
Vladimír Čunát
5837d1a070
Merge branch 'master' into staging 2018-01-08 17:33:31 +01:00
Will Dietz
21f7b2b3f2 vmTools: omit '-drive ...' entirely instead of using /dev/null
Fixes #33378.
2018-01-07 17:50:44 +02:00
Daiderd Jordan
5a02143c20
Merge pull request #33010 from LnL7/cacert-hook
cacert: add hook that sets SSL_CERT_FILE
2018-01-07 09:55:15 +01:00
dywedir
10e22d53ad carnix: 0.5.0 -> 0.5.2 2018-01-06 13:53:23 +01:00
Will Dietz
40b2647b69 gcc-wrapper-old: grab name of dynamicLinker for bintools 2018-01-05 18:55:13 -06:00
Shea Levy
0f925943fd
Fix emacsWithPackages after 7f3ca3e21a.
This is hacky but it does the job, resurrects findInputs from before staging merge
2018-01-04 12:15:55 -05:00
Frederik Rietdijk
1869e7e5b0 Merge remote-tracking branch 'upstream/master' into HEAD 2018-01-01 15:09:55 +01:00
Wei-Ming Yang
70e9b60b33
dockerTools.examples: correct a typo in comments
This commit is for correcting a typo in comments.
2018-01-01 16:13:40 +08:00
Vladimír Čunát
1fcd92ce92
Merge branch 'master' into staging
A few thousand rebuilds from master, again.
Hydra: ?compare=1422362
2017-12-31 09:53:49 +01:00