In Arch Linux, many of the certs in /etc/ssl/certs/ are symlinks to
/etc/ca-certificates/extracted/. These symlinks are broken in the FHS
env.
This commit adds ca-certificates to the list of bind mounts, which fixes
connection issues with Steam, wget, etc on Arch Linux hosts.
Since the included package set is determined at build time we can also
generate the `subdirs.el` file at build time. This improves startup
time somewhat since we don't have to traverse the directory to add to
`load-path`.
For example,
``` sh-session
$ bench './emacs-old -Q --batch --kill' './emacs-new -Q --batch --kill'
benchmarking bench/./emacs-old -Q --batch --kill
time 72.77 ms (71.66 ms .. 73.65 ms)
1.000 R² (0.999 R² .. 1.000 R²)
mean 72.49 ms (72.06 ms .. 72.92 ms)
std dev 746.5 μs (582.4 μs .. 1.008 ms)
benchmarking bench/./emacs-new -Q --batch --kill
time 40.56 ms (40.24 ms .. 40.86 ms)
1.000 R² (0.999 R² .. 1.000 R²)
mean 40.30 ms (40.12 ms .. 40.51 ms)
std dev 401.9 μs (311.1 μs .. 555.8 μs)
```
The change does not actually affect the content of `load-path`:
``` sh-session
$ diff -s <(./emacs-old --batch --eval '(prin1 load-path)' | sed -E 's!/nix/store/[[:alnum:]]{32}-!!g') \
<(./emacs-new --batch --eval '(prin1 load-path)' | sed -E 's!/nix/store/[[:alnum:]]{32}-!!g')
Files /dev/fd/63 and /dev/fd/62 are identical
```
So in principle the only observable effect should be the improved
startup time.
the nativeBuildInputs of the derivation that uses buildDotnetPackage overshadowed the nativeBuildInputs of buildDotnetPackage
so pkg-config wasn't getting added to the path
dotnet-packages: remove unused arg
* pkgs/build-support: Quote variable name
* pkgs/build-support: Quote variable reference
* pkgs/build-support: Quote variable references
Leads to a minor behavior change: there's no trailing space in the
output when `[[ "$linkType" == "static-pie" ]]` is true.
- `toRustTarget` and friends pulled out from rust tools into rust
library. Since they don't depend on any packages they can be more
widely useable.
- `build-rust-package` gets its own directory
- `fetch-cargo-tarball` gets its own directory
mach-o executables we produce in writers are not always fully valid for
some reason. In normal derivation this is fixed in fixupPhase and we can
replicate this behavior here easily.
Resolves#132660.
bintools points to the default bintools (e. g. cctools, binutils,
llvmPackages.bintools) for the next stage. So instead of using GNU
binutils' strip which may not support the current platform, we need to
use buildPackages.bintools-unwrapped.
Additionally we need to use `-S` over `--strip-unneeded` as the latter
is a GNU binutils-specific flag and not supported by cctools.
Also add the correct targetPrefix in order to support cross-compilation
correctly here at least.
Add writeStringReferencesToFile, a builder which extracts a string's
references to derivations and paths and writes them to a text file,
removing the input string itself from the dependency graph. This is
useful when you want to make a derivation depend on the string's
references, but not its content (to avoid unnecessary rebuilds, for
example).
The sole consumer in Nixpkgs of `releaseTools.antBuild` is
`pkgs/development/libraries/junit`, which has been broken since
2015-09-08. The sole consumer in Nixpkgs of `junit` is
`pkgs/development/libraries/junixsocket`, which hasn't built due to
`junit` since 2015-09-08. All three are removed due to their obvious
lack of use.
All other packages in Nixpkgs depending on junit consume
`pkgs/development/java-modules/junit`, which is not broken.
Any downstreams that have kept using these `junit` or `junixsocket`
packages since 2015-09-08 have basically already vendored the packages
via patching them, so no aliases are provided.
the fix to extendDerivation in #140051 unwittingly worsened eval performance by
quite a bit. set elements alone needed over 1GB extra after the change, which
seems disproportionate to how small it was. if we flip the logic used to
determine which outputs to install around and keep a "this one exactly" flag in
the specific outputs instead of a "all of them" in the root we can avoid most
of that cost.
Somewhere after #110628, which replaced stdenv.lib with lib, up to
bug #134572, lib got removed from the argument list, breaking any
invocations of debBuild. This adds it back.
A few minor changes to get #119638 - nextcloud: add option to set
datadir and extensions - ready:
* `cfg.datadir` now gets `cfg.home` as default to make the type
non-nullable.
* Enhanced the `basic` test to check the behavior with a custom datadir
that's not `/var/lib/nextcloud`.
* Fix hashes for apps in option example.
* Simplify if/else for `appstoreenable` in override config.
* Simplify a few `mapAttrsToList`-expressions in
`nextcloud-setup.service`.
Note the appstoreEnable which will prevent nextcloud form updating
nix-managed apps. This is needed because nextcloud will store an other
version of the app in /var/lib/nextcloud/store-apps and it will
no longer be manageable.
Manually remove trailing white spaces
in `pkgs/**.nix` with the help of an editor
Auto-generated nix expressions containing trailing whitespaces:
* pkgs/development/haskell-modules/hackage-packages.nix
* See issue https://github.com/NixOS/cabal2nix/issues/208
* pkgs/**/eggs.nix
* I don't know how they are generated,
but they seems to be Python-related.
Maintainers Notes below.
~~~
Hello,
New versions of all the skarnet.org packages are available.
skalibs has undergone a major update, with a few APIs having disappeared,
and others having changed. Compatibility with previous versions is *not*
assured.
Consequently, all the rest of the skarnet.org software has undergone
at least a release bump, in order to build with the new skalibs. But
some packages also have new functionality added (hence, a minor bump),
and others also have their own incompatible changes (hence, a major bump).
The new versions are the following:
skalibs-2.11.0.0 (major)
nsss-0.2.0.0 (major)
utmps-0.1.0.3 (release)
execline-2.8.1.0 (minor)
s6-2.11.0.0 (major)
s6-rc-0.5.2.3 (release)
s6-portable-utils-2.2.3.3 (release)
s6-linux-utils-2.5.1.6 (release)
s6-linux-init-1.0.6.4 (release)
s6-dns-2.3.5.2 (release)
s6-networking-2.5.0.0 (major)
mdevd-0.1.5.0 (minor)
bcnm-0.0.1.4 (release)
dnsfunnel-0.0.1.2 (release)
Additionally, a new package has been released:
smtpd-starttls-proxy-0.0.1.0
Dependencies have all been updated to the latest versions. They are,
this time, partially strict: libraries and binaries may build with older
releases of their dependencies, but not across major version bumps. The
safest approach is to upgrade everything at the same time.
You do not need to recompile your s6-rc service databases or recreate
your s6-linux-init run-images.
You should restart your supervision tree after upgrading skalibs and s6,
as soon as is convenient for you.
Details of major and minor package changes follow.
* skalibs-2.11.0.0
----------------
- A lot of obsolete or useless functionality has been removed:
libbiguint, rc4, md5, iobuffer, skasigaction, environ.h and
getpeereid.h headers, various functions that have not proven their
value in a while.
- Some functions changed signatures or changed names, or both.
- All custom types ending in _t have been renamed, to avoid treading on
POSIX namespace. (The same change has not been done yet in other
packages, but skalibs was the biggest offender by far.)
- Signal functions have been deeply reworked.
- cdb has been reworked, the API is now more user-friendly.
- New functions have been added.
The deletion of significant portions of code has made skalibs leaner.
libskarnet.so has dropped under 190 kB on x86_64.
The cdb rewrite on its own has helped reduce an important amount of
boilerplate in cdb-using code.
All in all, code linked against the new skalibs should be slightly
smaller and use a tiny bit less RAM.
https://skarnet.org/software/skalibs/
git://git.skarnet.org/skalibs
* nsss-0.2.0.0
------------
- Bugfixes.
- nsss-switch wire protocol slightly modified, which is enough to
warrant a major version bump.
- _r functions are now entirely thread-safe.
- Spawned nsssd programs are now persistent and only expire after a
timeout on non-enumeration queries. This saves a lot of forking with
applications that can call primitives such as getpwnam() repeatedly, as
e.g. mdevd does when initially parsing its configuration file.
- New nsssd-switch program, implementing real nsswitch functionality
by dispatching queries to various backends according to a script.
It does not dlopen a single library or read a single config file.
https://skarnet.org/software/nsss/
git://git.skarnet.org/nsss
* execline-2.8.1.0
----------------
- Bugfixes.
- New binary: case. It compares a value against a series of regular
expressions, executing into another command line on the first match.
https://skarnet.org/software/execline/
git://git.skarnet.org/execline
* s6-2.11.0.0
-----------
- Bugfixes.
- Some libs6 header names have been simplified.
- s6-svwait now accepts -r and -R options.
- s6-supervise now reads an optional lock-fd file in the service
directory; if it finds one, the first action of the service is to take
a blocking lock. This prevents confusion when a controller process dies
while still leaving workers holding resources; it also prevents log
spamming on user mistakes (autobackgrounding services, notably).
- New binaries: s6-socklog, s6-svlink, s6-svunlink. The former is a
rewrite of smarden.org's socklog program, in order to implement a fully
functional syslogd with only s6 programs. The latter are tools that start
and stop services by symlinking/unlinking service directories from a
scan directory, in order to make it easier to integrate s6-style services
in boot scripts for sequential service managers such as OpenRC.
https://skarnet.org/software/s6/
git://git.skarnet.org/s6
* s6-networking-2.5.0.0
---------------------
- Bugfixes.
- minidentd has been removed. It was an old and somehow still buggy
piece of code that was only hanging around for nostalgia reasons.
- Full support for client certificates. Details of the client
certificate are transmitted to the application via environment
variables (or via an environment string in the case of opportunistic
TLS).
- Full SNI support, including server-side. (That involved a deep dive
into the bearssl internals, which is why it took so long.) The filenames
containing secret keys and certificates for <domain> are read in the
environment variables KEYFILE:<domain> and CERTFILE:<domain>.
Complete client certificate and SNI support now make the TLS part of
s6-networking a fully viable replacement of stunnel and other similar
TLS tunneling tools. This is most interesting when s6-networking is
built against bearssl, which uses about 1/9 of the resources that OpenSSL
needs.
https://skarnet.org/software/s6-networking/
git://git.skarnet.org/s6-networking
* mdevd-0.1.5.0
-------------
- A new option to mdevd is available: -O <nlgroups>.
This option makes mdevd rebroadcast uevents to a netlink group (or set
of netlink groups) once they have been handled. This allows applications
to read uevents from a netlink group *after* the device manager is done
with them. This is useful, for instance, when pairing mdevd with
libudev-zero for full udev emulation.
- The * and & directives, which previously were only triggered by
"add" and "remove" actions, are now triggered by *all* action types.
This gives users full scripting access to any event, which can be
used to implement complex rules similar to udev ones.
These two changes make it possible to now build a full-featured desktop
system based on mdevd + libudev-zero, without running systemd-udevd or
eudev.
https://skarnet.org/software/mdevd/
git://git.skarnet.org/mdevd
* smtpd-starttls-proxy-0.0.1.0
----------------------------
This new package, in conjunction with the latest s6-networking,
implements the STARTTLS functionality for inetd-like mail servers that
do not already support it. (Currently only tested with qmail-smtpd.)
If you have noticed that sending mail to skarnet.org supports STARTTLS
now, it is thanks to this little piece of software.
https://skarnet.org/software/smtpd-starttls-proxy/
git://git.skarnet.org/smtpd-starttls-proxy
Enjoy,
Bug-reports welcome.
Laurent
fixes e.g.:
pkgsMusl.libfsm
pkgsMusl.libiscsi
pkgsMusl.nsjail
pkgsMusl.pv
match strings have whitespace on either side, which wasn't
matching leading/trailing arguments previously
fixes:
pkgsMusl.bulletml
pkgsMusl.proot
pkgsMusl.python3
Debian explains this issue well in the dpkg-buildflags manpage:
-fPIE
Can be linked into any program, but not a shared library (recommended).
-fPIC
Can be linked into any program and shared library.
On projects that build both programs and shared libraries you might need to
make sure that when building the shared libraries -fPIC is always passed last
(so that it overrides any previous -PIE) to compilation flags such as CFLAGS.
(from https://manpages.debian.org/bullseye/dpkg-dev/dpkg-buildflags.1.en.html#hardening)
In restricted mode (and therefore with flakes) `builtins.readFile` may not be the result of `builtins.toFile`,
making it impossible to use a generated lockFile (with or without IFD),
and thereby causing evaluation to fail if `system != builtins.currentSystem` on Hydra
so the jobs are not delegated to eligible build machines that support that system.
This is done in a way that avoids rebuilds.
autoPatchelfHook actually doesn't depend on stdenv and only needs
bintools (with its wrapper). This change uses $NIX_BINTOOLS instead of
$NIX_CC and makes the dependency on bintools explicit.
Fully enabling crossSystem support for autoPatchelfHook came with some
perhaps unintended consequences of being a bit more aggressive about
patching ELF files from architectures/ABIs that differ from the target
(previously, those files would be ignored because ldd usually couldn't
handle them).
This change adds architecture and rough OS ABI detection to the script
so that it doesn't try to blindly replace the interpreter of files that
can't possibly use that interpreter, and also makes sure it doesn't
accidentally use libraries of other architectures/ABIs.
The current name is misleading: it doesn't contain cli arguments,
but several constants and utility functions related to qemu.
This commit also removes the use of `with import ...` for clarity.
`--enable-deterministic-archives` is a GNU specific strip flag and
causes other strip implementations (for example LLVM's, see #138013)
to fail. Since strip failures are ignored, this means that stripping
doesn't work at all in certain situation (causing unnecessary
dependencies etc.).
To fix this, no longer pass `--enable-deterministic-archives`
unconditionally, but instead add it in a GNU binutils specific strip
wrapper only.
`commonStripFlags` was only used for this flag, so we can remove
it altogether.
Future work could be to make a generic strip wrapper, with support for
nix-support/strip-flags-{before,after} and NIX_STRIP_FLAGS_{BEFORE,AFTER}.
This possibly overkill and unnecessary though -- also with the
additional challenge of incorporating the darwin strip wrapper somehow.
In #84415, autoPatchelfHook was taught to use the correct path to the
readelf binary when a crossSystem is specified. Unfortunately, the
remainder of the functionality in the script depended on ldd, which only
reads ELF files of its own architecture. It has the further unfortunate
quality of not reporting any useful error, but rather that the file is
not a dynamic executable.
This change uses patchelf to directly analyze the DT_NEEDED tags in the
target files instead, which correctly works across architectures. It
also updates the use of objdump to be prefix-aware $OBJDUMP (which would
have been required in the PR mentioned above, but we never made it that
far into the script execution).
I currently do not have much time to work on nixpkgs. Remove
myself as a maintainer from a bunch of packages to avoid that
people are waiting on me for a review.
Conflicts:
pkgs/development/compilers/ghc/8.10.7.nix
pkgs/development/compilers/ghc/8.8.4.nix
I've removed the isWindows check from useLdGold in ghc, since that should
be covered by the new hasGold check.
I somehow accidentally left out the lib.flatten from mergeInputs. Without it, subtractLists won't ever remove anything from the inputs since the inputs will be a list of lists.