stdenv.system should be almost always used instead of builtins.currentSystem
or cross-evaluation (e.g. evaluating a i686 NixOS system on a 64-bit nix)
will be subtly broken.
This makes pythonPackages.sqlalchemy the most up to date revision (it
was called sqlalchemy_1_0 before), and maintains the various “legacy”
versions available as pythonPackages.sqlalchemyX for X in {7,8,9}.
All derivations that required `sqlalchemy_1_0` now require `sqlalchemy`
while those that required `sqlalchemy` now require `sqlalchemy7`.
The derivations are not changed, only the attribute names they are
bound to.
No changes in functionality, but to make future source updates a bit
easier on the eyes when viewing the diff.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
The update.sh shell script now is only a call to nix-build, which does
all the hard work of updating the Chromium source channels and the
plugins. It results in a store path with the new sources.nix that
replaces the already existing sources.nix.
Along the way, this has led to a quite massive workaround, which abuses
MD5 collisions to detect whether an URL is existing, because something
like builtins.tryEval (builtins.fetchurl url) unfortunately doesn't
work. Further explanations and implementation details are documented in
the actual implementation.
The drawback of this is that we don't have nice status messages anymore,
but on the upside we have a more robust generation of the sources.nix
file, which now also should work properly on missing upstream
sources/binaries.
This also makes it much easier to implement fetching non-GNU/Linux
versions of Chromium and we have all values from omahaproxy available as
an attribute set (see the csv2nix and channels attributes in the update
attribute).
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
This fixes the previous attempt (in commit 46d1dd5) to make ctags' ctags
override emacs' ctags. The higher the value of the priority attribute,
the higher the priority (see the definition of `buildEnv`).
As stated in the parent commit, the 32bit Chrome package is not
available upstream, so let's at least provide the SHA256 hash for the
64bit package.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Until now, if we have a failure to fetch either the 32bit Debian package
or the 64bit Debian package, neither of these will be put into
sources.nix.
Unfortunately the beta/dev channels do not have a 32bit Debian package,
so even though there is a 64bit Debian package available we don't get
plugins *at* *all*.
This also introduces a nicer error message rather than just failing with
an assertion in fetchurl because we did not provide url/urls.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Updates gitlab to the current stable version and fixes a lot of features that
were broken, at least with the current version and our configuration.
Quite a lot of sweat and tears has gone into testing nearly all features and
reading/patching the Gitlab source as we're about to deploy gitlab for our
whole company.
Things to note:
* The gitlab config is now written as a nix attribute set and will be
converted to JSON. Gitlab uses YAML but JSON is a subset of YAML.
The `extraConfig` opition is also an attribute set that will be merged
with the default config. This way *all* Gitlab options are supported.
* Some paths like uploads and configs are hardcoded in rails (at least
after my study of the Gitlab source). This is why they are linked from
the Gitlab root to /run/gitlab and then linked to the configurable
`statePath`.
* Backup & restore should work out of the box from another Gitlab instance.
* gitlab-git-http-server has been replaced by gitlab-workhorse upstream.
Push & pull over HTTPS works perfectly. Communication to gitlab is done
over unix sockets. An HTTP server is required to proxy requests to
gitlab-workhorse over another unix socket at
`/run/gitlab/gitlab-workhorse.socket`.
* The user & group running gitlab are now configurable. These can even be
changed for live instances.
* The initial email address & password of the root user can be configured.
Fixes#8598.
By default all plugins from pkgs.gimpPlugins set are enabled.
Default location of plugins changed from $out/${gimp.name} to
$out/lib/gimp/${majorVersion}. Resulting derivation for gimp+plugins
is set as search path for plugins by default (additional tweaking in
gimprc done for old plugin scheme should be removed)
From the debian security mailing list:
Several vulnerabilities have been discovered in the chromium web browser.
CVE-2016-1622
It was discovered that a maliciously crafted extension could bypass
the Same Origin Policy.
CVE-2016-1623
Mariusz Mlynski discovered a way to bypass the Same Origin Policy.
CVE-2016-1624
lukezli discovered a buffer overflow issue in the Brotli library.
CVE-2016-1625
Jann Horn discovered a way to cause the Chrome Instant feature to
navigate to unintended destinations.
CVE-2016-1626
An out-of-bounds read issue was discovered in the openjpeg library.
CVE-2016-1627
It was discovered that the Developer Tools did not validate URLs.
CVE-2016-1628
An out-of-bounds read issue was discovered in the pdfium library.
CVE-2016-1629
A way to bypass the Same Origin Policy was discovered in Blink/WebKit,
along with a way to escape the chromium sandbox.
A better implementation of 5273dbf530
Fixes https://github.com/NixOS/nixpkgs/issues/13150
The attached patch removes a whole swath of unnecessary runtime gettext
detection. It also adds gettext on the PATH so that git-rebase can find it.
They're still enabled by default, but now can be disabled.
Python has not been made optional due to the additional complexity of:
- python2 vs python3
- pync support on Darwin
Making Python support optional should be revisited at another time.
Fixes: #12840
Related to: 61042a561042a5 changes the replaced token from $something to @something@. This
commit repeats that change in one additional location used by the
WideVine plugin
We don't need to wrap twice, because we can actually pass the additional
XDG_DATA_DIRS via makeWrapperArgs.
The reason why I'm doing this within the patchPhase is because we can't
add shell variables from the current builder to makeWrapperArgs as that
content is going to end up in the wrapper verbatim.
In addition to this, gpodder was trying to search for its own directory
using the current program name, which I guess was another reason for the
double-wrap. We fix this now by setting gpodder_dir explicitly in the
main script.
Another main change is that we no longer set the "pythonX.Y-" prefix, so
the derivation name now is just "gpodder-3.9.0".
Last but not least, we enable the unit tests for gpodder in checkPhase.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Cc: @svenkeidel
Changes in 3.8.5 (without bug IDs):
* vimeo: Fix vimeo feed discovery
* vimeo: Allow both http and https URLs
* youtube: Improve channel migration code
* youtube: Fix cover art downloading
* Make the YouTube key button link to the gPodder Wiki
* Add pattern to YouTube feed URL list
* CLI: Cleanup old downloads on CLI startup
* Gtk UI: Fix model column data types
* Device sync: Handle sync failure when no space left
* model: Limit filenames to 120 characters for eCryptFS
* rename_download: Add add_sortdate and add_podcast_title option
* Remove the unused 'pipe' IPC module
* Fix coverage usage
* Use Travis CI for running basic sanity tests
* Various small code improvements and fixes
Release announcement for 3.8.5:
http://blog.gpodder.org/2015/12/gpodder-385-casting-agents-and-cowgirls.html
Changes in 3.9.0 (without bug IDs):
* Added Korean translation
* Device sync: Only fail if we can determine free disk space
* Enqueue episodes after download
* Ubuntu AppIndicator extension: 'visible' config option
* gpodder.download: Ignore non-ASCII content-disposition header
* Win32-launcher: Remove download feature (works around Norton warning)
* Remove WebUI, QML UI and MeeGo 1.2 Harmattan support
* Remove broken Flattr integration (use gpodder.net's Flattr support)
* Redesign about dialog
* Preferences: Move video services to separate tab
* Vimeo: Fix Vimeo integration
Release announcement for 3.9.0:
http://blog.gpodder.org/2016/02/gpodder-390-helium-levitator-released.html
Built and tested locally on my machine.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Cc: @svenkeidel