97 lines
3.0 KiB
Nix
97 lines
3.0 KiB
Nix
{ rev, sha256, version }:
|
|
|
|
{ lib, stdenv, fetchFromGitLab, autoreconfHook, pkg-config, cairo, expat, flex
|
|
, fontconfig, gd, gettext, gts, libdevil, libjpeg, libpng, libtool, pango
|
|
, bison, fetchpatch, xorg ? null, ApplicationServices }:
|
|
|
|
let
|
|
inherit (lib) optional optionals optionalString;
|
|
raw_patch =
|
|
# https://gitlab.com/graphviz/graphviz/issues/1367 CVE-2018-10196
|
|
fetchpatch {
|
|
name = "CVE-2018-10196.patch";
|
|
url = "https://gitlab.com/graphviz/graphviz/uploads/30f8f0b00e357c112ac35fb20241604a/p.diff";
|
|
sha256 = "074qx6ch9blrnlilmz7p96fkiz2va84x2fbqdza5k4808rngirc7";
|
|
excludes = ["tests/*"]; # we don't run them and they don't apply
|
|
};
|
|
# the patch needs a small adaption for older versions
|
|
patchToUse = if lib.versionAtLeast version "2.37" then raw_patch else
|
|
stdenv.mkDerivation {
|
|
inherit (raw_patch) name;
|
|
buildCommand = "sed s/dot_root/agroot/g ${raw_patch} > $out";
|
|
};
|
|
# 2.42 has the patch included
|
|
patches = optional (lib.versionOlder version "2.42") patchToUse
|
|
++ optionals (lib.versionOlder version "2.46.0") [
|
|
(fetchpatch {
|
|
name = "CVE-2020-18032.patch";
|
|
url = "https://gitlab.com/graphviz/graphviz/-/commit/784411ca3655c80da0f6025ab20634b2a6ff696b.patch";
|
|
sha256 = "1nkw9ism8lkfvxsp5fh95i2l5s5cbjsidbb3g1kjfv10rxkyb41m";
|
|
})
|
|
];
|
|
in
|
|
|
|
stdenv.mkDerivation {
|
|
pname = "graphviz";
|
|
inherit version;
|
|
|
|
src = fetchFromGitLab {
|
|
owner = "graphviz";
|
|
repo = "graphviz";
|
|
inherit sha256 rev;
|
|
};
|
|
|
|
nativeBuildInputs = [ autoreconfHook pkg-config ];
|
|
|
|
buildInputs = [
|
|
libpng libjpeg expat bison libtool fontconfig gd gts libdevil flex pango
|
|
gettext
|
|
] ++ optionals (xorg != null) (with xorg; [ libXrender libXaw libXpm ])
|
|
++ optionals (stdenv.isDarwin) [ ApplicationServices ];
|
|
|
|
hardeningDisable = [ "fortify" ];
|
|
|
|
CPPFLAGS = lib.optionalString (xorg != null && stdenv.isDarwin)
|
|
"-I${cairo.dev}/include/cairo";
|
|
|
|
configureFlags = [
|
|
"--with-ltdl-lib=${libtool.lib}/lib"
|
|
"--with-ltdl-include=${libtool}/include"
|
|
] ++ lib.optional (xorg == null) "--without-x";
|
|
|
|
inherit patches;
|
|
|
|
postPatch = ''
|
|
for f in $(find . -name Makefile.in); do
|
|
substituteInPlace $f --replace "-lstdc++" "-lc++"
|
|
done
|
|
'';
|
|
|
|
# ''
|
|
# substituteInPlace rtest/rtest.sh \
|
|
# --replace "/bin/ksh" "${mksh}/bin/mksh"
|
|
# '';
|
|
|
|
doCheck = false; # fails with "Graphviz test suite requires ksh93" which is not in nixpkgs
|
|
|
|
preAutoreconf = "./autogen.sh";
|
|
|
|
postFixup = optionalString (xorg != null) ''
|
|
substituteInPlace $out/bin/dotty --replace '`which lefty`' $out/bin/lefty
|
|
substituteInPlace $out/bin/vimdot \
|
|
--replace /usr/bin/vi '$(command -v vi)' \
|
|
--replace /usr/bin/vim '$(command -v vim)' \
|
|
--replace /usr/bin/vimdot $out/bin/vimdot \
|
|
'';
|
|
|
|
enableParallelBuilding = true;
|
|
|
|
meta = with lib; {
|
|
homepage = "https://graphviz.org";
|
|
description = "Graph visualization tools";
|
|
license = licenses.epl10;
|
|
platforms = platforms.unix;
|
|
maintainers = with maintainers; [ bjornfor raskin ];
|
|
};
|
|
}
|