To mitigate Spectre Variant 2, GCC needs to have retpoline
support (-mindirect-branch and -mfunction-return arguments on amd64
and i386).
Patches were pulled from H.J. Lu's backport branch to
4.9 (hjl/indirect/gcc-4_9-branch), available at
https://github.com/hjl-tools/gcc/tree/hjl/indirect/gcc-4_9-branch/master. Upstream
GCC does not apply patches to anything older than the
gcc-6-branch. H.J. Lu is the author of the upstream retpoline commits
as well.
Several Linux distributions already backported these patches to GCC 4
branches and some old kernels (3.13 for instance) have been recompiled
with these GCC patches. These kernels only allow to load kernel
modules that are compiled with the retpoline support.
References:
- Ubuntu bug: https://bugs.launchpad.net/ubuntu/+source/gcc-4.8/+bug/1749261
- Ubuntu package: https://launchpad.net/ubuntu/+source/gcc-4.8/4.8.4-2ubuntu1~14.04.4Fixes#38394
Semi-automatic update generated by https://github.com/ryantm/nixpkgs-update tools.
This update was made based on information from https://repology.org/metapackage/go/versions.
These checks were done:
- built on NixOS
- ran ‘/nix/store/w2wgdl5ljbx1fq6iwlavrl4nzbchq954-go-1.10.2/bin/.go-wrapped help’ got 0 exit code
- ran ‘/nix/store/w2wgdl5ljbx1fq6iwlavrl4nzbchq954-go-1.10.2/bin/go help’ got 0 exit code
- found 1.10.2 with grep in /nix/store/w2wgdl5ljbx1fq6iwlavrl4nzbchq954-go-1.10.2
- directory tree listing: https://gist.github.com/249bfa4dc4d10281576f20de902e501a
Semi-automatic update generated by https://github.com/ryantm/nixpkgs-update tools.
This update was made based on information from https://repology.org/metapackage/kotlin/versions.
These checks were done:
- built on NixOS
- ran ‘/nix/store/5byxycv5j3gvwvr87qpv08a7347fxv9q-kotlin-1.2.41/bin/kotlin -h’ got 0 exit code
- ran ‘/nix/store/5byxycv5j3gvwvr87qpv08a7347fxv9q-kotlin-1.2.41/bin/.kotlin-wrapped -h’ got 0 exit code
- found 1.2.41 with grep in /nix/store/5byxycv5j3gvwvr87qpv08a7347fxv9q-kotlin-1.2.41
- directory tree listing: https://gist.github.com/927e0c1e045ca7c165603ae8b1961beb
Following legacy packing conventions, `isArm` was defined just for
32-bit ARM instruction set. This is confusing to non packagers though,
because Aarch64 is an ARM instruction set.
The official ARM overview for ARMv8[1] is surprisingly not confusing,
given the overall state of affairs for ARM naming conventions, and
offers us a solution. It divides the nomenclature into three levels:
```
ISA: ARMv8 {-A, -R, -M}
/ \
Mode: Aarch32 Aarch64
| / \
Encoding: A64 A32 T32
```
At the top is the overall v8 instruction set archicture. Second are the
two modes, defined by bitwidth but differing in other semantics too, and
buttom are the encodings, (hopefully?) isomorphic if they encode the
same mode.
The 32 bit encodings are mostly backwards compatible with previous
non-Thumb and Thumb encodings, and if so we can pun the mode names to
instead mean "sets of compatable or isomorphic encodings", and then
voilà we have nice names for 32-bit and 64-bit arm instruction sets
which do not use the word ARM so as to not confused either laymen or
experienced ARM packages.
[1]: https://developer.arm.com/products/architecture/a-profile
(cherry picked from commit ba52ae5048)
Following legacy packing conventions, `isArm` was defined just for
32-bit ARM instruction set. This is confusing to non packagers though,
because Aarch64 is an ARM instruction set.
The official ARM overview for ARMv8[1] is surprisingly not confusing,
given the overall state of affairs for ARM naming conventions, and
offers us a solution. It divides the nomenclature into three levels:
```
ISA: ARMv8 {-A, -R, -M}
/ \
Mode: Aarch32 Aarch64
| / \
Encoding: A64 A32 T32
```
At the top is the overall v8 instruction set archicture. Second are the
two modes, defined by bitwidth but differing in other semantics too, and
buttom are the encodings, (hopefully?) isomorphic if they encode the
same mode.
The 32 bit encodings are mostly backwards compatible with previous
non-Thumb and Thumb encodings, and if so we can pun the mode names to
instead mean "sets of compatable or isomorphic encodings", and then
voilà we have nice names for 32-bit and 64-bit arm instruction sets
which do not use the word ARM so as to not confused either laymen or
experienced ARM packages.
[1]: https://developer.arm.com/products/architecture/a-profile
Semi-automatic update generated by https://github.com/ryantm/nixpkgs-update tools.
This update was made based on information from https://repology.org/metapackage/kotlin/versions.
These checks were done:
- built on NixOS
- ran ‘/nix/store/w1k17lqv3cc8sszxnmzg8g6lcc1pxkk8-kotlin-1.2.40/bin/kotlin -h’ got 0 exit code
- ran ‘/nix/store/w1k17lqv3cc8sszxnmzg8g6lcc1pxkk8-kotlin-1.2.40/bin/.kotlin-wrapped -h’ got 0 exit code
- found 1.2.40 with grep in /nix/store/w1k17lqv3cc8sszxnmzg8g6lcc1pxkk8-kotlin-1.2.40
- directory tree listing: https://gist.github.com/886158de7b36d9a61fcbc13d2638779a
The version bump in c727e7e7d6 (pull
request #35153) didn't actually take into account that Haxe has changed
the way they search for the stdlib. Instead of a hardcoded list of paths
it now searches based on a common prefix.
So when running Haxe, it errored out because it couldn't find its own
standard library. This is now fixed by changing the sed expression
accordingly.
Apart from fixing the actual issue, I've added a small test in
installCheckPhase to make sure something like this won't happen again in
future updates.
Signed-off-by: aszlig <aszlig@nix.build>
Cc: @volth, @joachifm
As of Nix 2.0, building the `user-environment` package on macOS (Darwin)
fails because LLVMgold.so is a broken symlink. Fix the issue by not
creating the symlink in the first place, since it wouldn't be used on
Darwin anyway.
Throughout the evolution of the Clang packages, some comments have
become misplaced. Put some of Clang's postInstall comments next to the
lines they refer to.
This reverts commit ff1e372849.
We only want to build GCC once. Cross compilation infrastructure means
this should not be needed.
Revert "arm-frc-linux-gnueabi-gcc: init at 4.9.4"
This reverts commit ff1e372849.
symlink shared libraries from LD_LIBRARY_PATH into lib/julia,
as using a wrapper with LD_LIBRARY_PATH causes segmentation
faults when program returns an error:
$ julia -e 'throw(Error())'
only applied for 0.6, which is the current julia version. Will
see if we can remove the older versions in master.
(cherry picked from commit 41f3a4e0030a1b0233de6ca7f5208c44eb370313)
Since at least d7bddc27b2, we've had a
situation where one should depend on:
- `stdenv.cc.bintools`: for executables at build time
- `libbfd` or `libiberty`: for those libraries
- `targetPackages.cc.bintools`: for exectuables at *run* time
- `binutils`: only for specifically GNU Binutils's executables,
regardless of the host platform, at run time.
and that commit cleaned up this usage to reflect that. This PR flips the
switch so that:
- `binutils` is indeed unconditionally GNU Binutils
- `binutils-raw`, which previously served that role, is gone.
so that the correct usage will be enforced going forward and everything
is simple.
N.B. In a few cases `binutils-unwrapped` (which before and now was
unconditionally actual GNU binutils), rather than `binutils` was used to
replace old `binutils-raw` as it is friendly towards some cross
compilation usage by avoiding a reference to the next bootstrapping
change.
http://openjdk.java.net/jeps/283 "Enable GTK 3 on Linux" was included
in OpenJDK 9.
nothing else currently in nixpkgs is using 10, so this just lets us
establish a good baseline as things are ported onto it. if needed,
the build could be parameterized so that any packages that turn out to
need gtk2 could still use it.
Semi-automatic update generated by https://github.com/ryantm/nixpkgs-update tools.
This update was made based on information from https://repology.org/metapackage/icedtea-web/versions.
These checks were done:
- built on NixOS
- ran `/nix/store/v9maiya65b10q73b3fb5zf02gqyn11jg-icedtea-web-1.7.1/bin/javaws --help` got 0 exit code
- ran `/nix/store/v9maiya65b10q73b3fb5zf02gqyn11jg-icedtea-web-1.7.1/bin/javaws help` got 0 exit code
- ran `/nix/store/v9maiya65b10q73b3fb5zf02gqyn11jg-icedtea-web-1.7.1/bin/javaws --version` and found version 1.7.1
- ran `/nix/store/v9maiya65b10q73b3fb5zf02gqyn11jg-icedtea-web-1.7.1/bin/javaws version` and found version 1.7.1
- ran `/nix/store/v9maiya65b10q73b3fb5zf02gqyn11jg-icedtea-web-1.7.1/bin/itweb-settings --help` got 0 exit code
- ran `/nix/store/v9maiya65b10q73b3fb5zf02gqyn11jg-icedtea-web-1.7.1/bin/itweb-settings help` got 0 exit code
- ran `/nix/store/v9maiya65b10q73b3fb5zf02gqyn11jg-icedtea-web-1.7.1/bin/policyeditor --help` got 0 exit code
- ran `/nix/store/v9maiya65b10q73b3fb5zf02gqyn11jg-icedtea-web-1.7.1/bin/policyeditor help` got 0 exit code
- found 1.7.1 with grep in /nix/store/v9maiya65b10q73b3fb5zf02gqyn11jg-icedtea-web-1.7.1
- directory tree listing: https://gist.github.com/0e5014eea224d7b6d3648167d610e4f0
JDK 7 was technically EOL'd a while ago, although RedHat etc are still
doing updates I believe. However, JDK 8 is the default in the tree and
really used everywhere, and JDK 7 isn't seeing many updates by current maintainers, so dropping it seems appropriate.
Signed-off-by: Austin Seipp <aseipp@pobox.com>
./bin/java now apparently requires zlib.so, otherwise the whole
thing is busted. This is even required in the minimal configuration.
Unfortunately this impiles a rebuild of *all* OpenJDK packages and
their downstream dependencies.
Signed-off-by: Austin Seipp <aseipp@pobox.com>
Semi-automatic update generated by https://github.com/ryantm/nixpkgs-update tools.
This update was made based on information from https://repology.org/metapackage/closure-compiler/versions.
These checks were done:
- built on NixOS
- ran `/nix/store/5cwv2kws2j74bchi3gd1fknaxglrplmi-closure-compiler-20180319/bin/closure-compiler --help` got 0 exit code
- ran `/nix/store/5cwv2kws2j74bchi3gd1fknaxglrplmi-closure-compiler-20180319/bin/closure-compiler --version` and found version 20180319
- found 20180319 with grep in /nix/store/5cwv2kws2j74bchi3gd1fknaxglrplmi-closure-compiler-20180319
- found 20180319 in filename of file in /nix/store/5cwv2kws2j74bchi3gd1fknaxglrplmi-closure-compiler-20180319
- directory tree listing: https://gist.github.com/f4c40a73ba5b7b3b9eeb7c65db12a641
Semi-automatic update generated by https://github.com/ryantm/nix-update tools.
This update was made based on information from https://repology.org/metapackage/polyml/versions.
These checks were done:
- built on NixOS
- ran `/nix/store/ac6iwd3ixncb9cqjg59fbj2nzcfmsqgn-polyml-5.7.1/bin/poly --help` got 0 exit code
- ran `/nix/store/ac6iwd3ixncb9cqjg59fbj2nzcfmsqgn-polyml-5.7.1/bin/poly -v` and found version 5.7.1
- ran `/nix/store/ac6iwd3ixncb9cqjg59fbj2nzcfmsqgn-polyml-5.7.1/bin/poly --help` and found version 5.7.1
- ran `/nix/store/ac6iwd3ixncb9cqjg59fbj2nzcfmsqgn-polyml-5.7.1/bin/polyc --help` got 0 exit code
- ran `/nix/store/ac6iwd3ixncb9cqjg59fbj2nzcfmsqgn-polyml-5.7.1/bin/polyc --help` and found version 5.7.1
- found 5.7.1 with grep in /nix/store/ac6iwd3ixncb9cqjg59fbj2nzcfmsqgn-polyml-5.7.1
- directory tree listing: https://gist.github.com/e23988ea219cf9deddb7b7c0578cfd89
* with only one source bundle (per JEP-296), we can use src instead of
srcs, and avoid the need to cd in prePatch
* fetch sources from jdk10u instead of jdk10, to make it easier to
grab updates when they start coming.
* removed commented-out code that became irrelevant in the 8 -> 9
transition (*.pf files, infinality font rendering)
* create jdk10, jre10, and jre10_headless attributes in
all-packages.nix
Semi-automatic update generated by https://github.com/ryantm/nix-update tools.
This update was made based on information from https://repology.org/metapackage/kotlin/versions.
These checks were done:
- built on NixOS
- ran `/nix/store/c8gxcm1qd27rc1q7m164vwys12rr7kzj-kotlin-1.2.31/bin/kotlin -h` got 0 exit code
- ran `/nix/store/c8gxcm1qd27rc1q7m164vwys12rr7kzj-kotlin-1.2.31/bin/kotlin-dce-js -h` got 0 exit code
- ran `/nix/store/c8gxcm1qd27rc1q7m164vwys12rr7kzj-kotlin-1.2.31/bin/kotlinc -h` got 0 exit code
- ran `/nix/store/c8gxcm1qd27rc1q7m164vwys12rr7kzj-kotlin-1.2.31/bin/kotlinc-js -h` got 0 exit code
- ran `/nix/store/c8gxcm1qd27rc1q7m164vwys12rr7kzj-kotlin-1.2.31/bin/kotlinc-jvm -h` got 0 exit code
- ran `/nix/store/c8gxcm1qd27rc1q7m164vwys12rr7kzj-kotlin-1.2.31/bin/.kotlin-wrapped -h` got 0 exit code
- ran `/nix/store/c8gxcm1qd27rc1q7m164vwys12rr7kzj-kotlin-1.2.31/bin/.kotlin-dce-js-wrapped -h` got 0 exit code
- ran `/nix/store/c8gxcm1qd27rc1q7m164vwys12rr7kzj-kotlin-1.2.31/bin/.kotlinc-js-wrapped -h` got 0 exit code
- ran `/nix/store/c8gxcm1qd27rc1q7m164vwys12rr7kzj-kotlin-1.2.31/bin/.kotlinc-jvm-wrapped -h` got 0 exit code
- found 1.2.31 with grep in /nix/store/c8gxcm1qd27rc1q7m164vwys12rr7kzj-kotlin-1.2.31
- directory tree listing: https://gist.github.com/2abc86ffb8a29b93e0ee8cdc45c72125
Uses the HTTPS url for cases where the existing URL has a permanent
redirect. For each domain, at least one fixed derivation URL was
downloaded to test the domain is properly serving downloads.
Also fixes jbake source URL, which was broken.
For some reason compiling the proper GHC from the binary one eventually
segfaults at some point.
Since it has never worked, just disable it and investigate later.
And also build in parallel.
I don't understand why we manually tediously link every single directory
from the source, but I don't want to investigate too much.
- Have only one sed expression per line
- Put the important stuff closer to the command and not hidden in some
continuation line. That is, don't do:
sed \
<boring stuff> \
<boring stuff> \
<boring stuff> \
<boring stuff> \
<boring stuff> \
<IMPORTANT STUFF>
but:
sed <IMPORTANT STUFF> \
<boring stuff> \
<boring stuff> \
<boring stuff> \
<boring stuff> \
<boring stuff>