Commit Graph

1912 Commits

Author SHA1 Message Date
Franz Pletz
f8d481754c
Merge remote-tracking branch 'origin/master' into hardened-stdenv 2016-05-18 17:10:02 +02:00
Domen Kožar
a01b6a0d07 fetchzip: improve error message 2016-05-17 17:32:53 +01:00
Vladimír Čunát
af364c0f77 fetchurl mirrors: fix gnupg URLs
Some mirrors were missing /gcrypt. Now they should be consistent.
Fixes 15510. Closes 15511.
2016-05-17 11:35:49 +02:00
Eelco Dolstra
a5fa7c25cb Merge pull request #15469 from NixOS/fetchgit
fetchgit: remove only .git folder
2016-05-16 16:44:55 +02:00
Domen Kožar
64a072e357 fetchgit: remove only .git
Source of this change goes back to 2009 and original version of
fetchgit at 205fb0c87e.

The nondeterminism is really caused by changing .git so leave other
files alone as they might be interesting.

Note: this causes a hash mismatch with Hydra's version of Git Plugin
which we should fix to comply.
2016-05-15 00:24:04 +01:00
Thomas Tuegel
21efdd8003 Merge pull request #15420 from samuelrivas/emacs-wrapper
emacs: hide wrapper dependencies
2016-05-13 11:58:24 -05:00
Samuel Rivas
67394f9152 emacs: hide wrapper dependencies
Move all the dependencies to their own derivation, so that we don't publish all
of them if the wrapper is installed in a profile.

The previous solution just moved them to a custom directory to avoid conflicts,
this refactors that and completely hides them, while preserving the desired
improvement of adding only one directory to each of the emacs search paths
2016-05-12 22:43:30 +02:00
Vladimír Čunát
6c2fbfbd77 Merge branch 'master' into staging 2016-05-12 04:53:38 +02:00
Carles Pagès
e7ab828da1 makeImageFromDebDist: accept additional parameters for vm, as in rpm version. 2016-05-11 15:43:24 +02:00
Joachim Fasting
d4d7bfe07b
grsecurity: add option to disable chroot caps restriction
The chroot caps restriction disallows chroot'ed processes from running
any command that requires `CAP_SYS_ADMIN`, breaking `nixos-rebuild`. See
e.g., https://github.com/NixOS/nixpkgs/issues/15293

This significantly weakens chroot protections, but to break
nixos-rebuild out of the box is too severe.
2016-05-10 16:17:08 +02:00
Eelco Dolstra
cb37ab146b Add mirror://mozilla scheme 2016-05-09 19:37:22 +02:00
Vladimír Čunát
65a9fa8cdc Merge branch 'master' into staging 2016-05-08 21:24:48 +02:00
zimbatm
4ba7767d91 Merge pull request #14722 from puffnfresh/bug/dockertools-postmount
dockerTools: only add "/nix" if it exists
2016-05-06 17:40:23 +01:00
Joachim Fasting
50d915c758
grsecurity: optionally disable features for redistributed kernels 2016-05-06 16:37:25 +02:00
Vladimír Čunát
1dc36904d8 Merge #14920: windows improvements, mainly mingw 2016-05-05 08:30:19 +02:00
Vladimír Čunát
7a005601d4 Merge branch 'master' to resolve conflicts 2016-05-05 08:25:38 +02:00
Vladimír Čunát
2cbb7bf9d1 cc-wrapper: add -B flag with cc.lib
This fixes `gcc --print-file-name=libstdc++.so`
and thus it should fix #14967.
2016-05-04 14:23:54 +02:00
Peter Simons
397c75aeb4 Revert "Just strip everything by default"
This reverts commit 2362891dc8. The patch
is broken. :-(
2016-05-04 13:40:53 +02:00
Joachim Fasting
da767356f2
grsecurity: support disabling TCP simultaneous connect
Defaults to OFF because disabling TCP simultaneous connect breaks some
legitimate use cases, notably WebRTC [1], but it's nice to provide the
option for deployments where those features are unneeded anyway.

This is an alternative to https://github.com/NixOS/nixpkgs/pull/4937

[1]: http://article.gmane.org/gmane.linux.documentation/9425
2016-05-04 03:53:24 +02:00
Tuomas Tynkkynen
aadaa91379 Merge remote-tracking branch 'upstream/master' into staging
Conflicts:
	pkgs/applications/networking/browsers/vivaldi/default.nix
	pkgs/misc/emulators/wine/base.nix
2016-05-03 23:12:48 +03:00
Guillaume Maudoux
2362891dc8 Just strip everything by default
Run strip of each file and discard expected failure types.
Also default to stripping the entire output.
2016-05-03 11:04:34 +02:00
Robin Gloster
c92bca56f8 Merge remote-tracking branch 'upstream/master' into hardened-stdenv 2016-05-02 22:58:02 +00:00
Joachim Fasting
39db90eaf6
grsecurity: simplify preConfigure 2016-05-02 11:28:06 +02:00
Joachim Fasting
a69501a936
grsecurity: ensure that PaX ELF markings are enabled
The upstream default is to enable only xattr markings, breaking the
paxmarks facility.
2016-05-02 11:28:06 +02:00
Maxim Ivanov
dea920bfdc Remove obsolete scatter output hook
There are no users of it in main tree and recent merge
of multiple outputs branch makes it obsolete for private trees
too.

At the time hook was created, recently merged multiple output
branch was relying on passing flags to autotools to split
outputs, which obviously wasn't working for other build systems

Scatter output was taking different approach where files were
moved out from a build tree based on known  paths, which is more
or less what current multiple-outputs.sh hook is able to do too.
2016-04-30 22:05:33 +01:00
Domen Kožar
8a3b70791c vmTools.diskImages: add ubuntu 16.04 2016-04-29 11:50:27 +01:00
Tuomas Tynkkynen
4ff8f377af Merge remote-tracking branch 'upstream/master' into staging 2016-04-28 00:13:53 +03:00
Nikolay Amiantov
f6eb686222 Merge pull request #15002 from abbradar/symlink-join-wrappers
Use symlinkJoin for wrappers
2016-04-26 16:47:43 +04:00
Frederik Rietdijk
d5e6a4494a Python: use PyPI mirror (#15001)
* mirrors: add pypi

* Python: Use pypi mirror for all PyPI packages
2016-04-26 13:38:03 +01:00
Nikolay Amiantov
dfe608c8a2 symlinkJoin: accept set as an argument with additional options 2016-04-26 15:37:42 +03:00
Nikolay Amiantov
62616ec5e2 Merge commit 'refs/pull/14907/head' of git://github.com/NixOS/nixpkgs into staging 2016-04-25 18:02:47 +03:00
Nikolay Amiantov
5e85760ff1 Merge commit 'refs/pull/14909/head' of git://github.com/NixOS/nixpkgs into staging 2016-04-25 18:02:32 +03:00
Nikolay Amiantov
5f19542581 Merge commit 'refs/pull/14694/head' of git://github.com/NixOS/nixpkgs into staging 2016-04-25 18:02:23 +03:00
Nikolay Amiantov
69a072484d gcc-wrapper-old: fix binutils and coreutils' paths 2016-04-25 14:27:51 +03:00
jraygauthier
ddc401ed0a icon-conv-tools: init at 0.0.0 (#13905)
A nix specific set of tools for converting icon files
that are not in a freedesktop ready format.

I plan on using these tools for both `keepass` and
`retroarch` packages. It may benifit many other packages.
2016-04-25 13:16:47 +02:00
Nikolay Amiantov
5ff40ddedf add get* helper functions and mass-replace manual outputs search with them 2016-04-25 13:24:39 +03:00
Profpatsch
a2d38bc7fc doc/stdenv.xml document substitution env variables
The filtering of environment variables that start with an uppercase
letter is documented in the manual.
2016-04-23 21:41:35 +02:00
Tuomas Tynkkynen
bd18cc3cdc Merge pull request #14888 from dezgeg/pr-kill-module-init-tools
Delete all usages of module_init_tools and remove the package
2016-04-23 14:29:41 +03:00
Vladimír Čunát
6e7787e666 stdenv for windows: auto-link dependency DLLs
For every *.{exe,dll} in $output/bin/ we try to find all (potential)
transitive dependencies and symlink those DLLs into $output/bin
so they are found on invocation.
(DLLs are first searched in the directory of the running exe file.)

The links are relative, so relocating whole /nix/store won't break them.
The hook is activated on cygwin and when cross-compiling to mingw.
2016-04-23 10:52:00 +02:00
Guido Zgraggen
6ea0ae58af nix-prefetch-git: create parent directories 2016-04-22 16:51:49 -07:00
Tuomas Tynkkynen
01854a850a treewide: Replace module_init_tools -> kmod
The former is deprecated and doesn't handle compressed kernel modules,
so all current usages of it are broken.
2016-04-22 10:40:57 +03:00
Vladimír Čunát
57474b7d4a Merge branch 'master' into staging
Compare to Hydra nixpkgs job 1260021.
2016-04-20 16:49:52 +02:00
Vladimír Čunát
f6dfbb692c stdenv multiple-outputs: fix cross-build propagation
Fixes #14817. The outputs weren't propagated correctly when
cross-building.
2016-04-20 16:37:23 +02:00
Vladimír Čunát
9f8751528c stdenv multiple-outputs: fix #14782 --docdir location
- the default --docdir is typically DATAROOTDIR/doc/pkgName
- I saw no other way than to employ some magic to guess this `pkgName`
- user can override it by setting $shareDocName
2016-04-20 16:36:10 +02:00
Eelco Dolstra
21a2f2ba3b nix: Add a "dev" output
This gets rid of boehm-dev in the closure (as well as Nix's own
headers).
2016-04-18 21:13:18 +02:00
Robin Gloster
d020caa5b2 Merge remote-tracking branch 'upstream/master' into hardened-stdenv 2016-04-18 13:49:22 +00:00
Vladimír Čunát
f57c6449dc buildEnv: fix #14682 evaluation in some edge cases
I supplied meta.outputsToInstall automatically in all
mkDerivation products, but some packages still don't use it.
The reported case: jekyll -> bundlerEnv -> buildEnv -> runCommand.
2016-04-17 08:57:17 +02:00
Brian McKenna
0167b61ef4 dockerTools: only add "/nix" if it exists
The /nix path in 4d200538 of the layer tar didn't exist for some
packages, such as cacert. This is because cacert just creates an /etc
directory and doesn't depend on any other /nix paths. If we tried
putting this directory in the tar and using overlayfs with it, we'd get
"Invalid argument" when trying to remove the directory.

We now check whether the closure is non-empty before telling tar to
store the /nix directory.

Fixes #14710.
2016-04-16 01:16:49 +10:00
Brian McKenna
bc2f314f73 dockerTools: make tars deterministic
There were two sources of non-determinisim coming into the images. The
first was tar mtimes, the second was pigz/gzip times.

An example image now passes with the --check flag.
2016-04-15 09:29:15 +10:00
Domen Kožar
0f9268e52c fetchurl: assert required Nix version for sha512 2016-04-14 12:50:21 +01:00