diff options
102 files changed, 2371 insertions, 1168 deletions
diff --git a/nixos/modules/config/no-x-libs.nix b/nixos/modules/config/no-x-libs.nix index 676d2abda08f1..f8622be59a1b0 100644 --- a/nixos/modules/config/no-x-libs.nix +++ b/nixos/modules/config/no-x-libs.nix @@ -26,7 +26,12 @@ with lib; fonts.fontconfig.enable = false; - nixpkgs.overlays = singleton (const (super: { + nixpkgs.overlays = singleton (self: super: let + packageOverrides = const (python-prev: { + # tk feature requires wayland which fails to compile + matplotlib = python-prev.matplotlib.override { enableGtk3 = false; enableTk = false; enableQt = false; }; + }); + in { beam = super.beam_nox; cairo = super.cairo.override { x11Support = false; }; dbus = super.dbus.override { x11Support = false; }; @@ -62,6 +67,8 @@ with lib; pango = super.pango.override { x11Support = false; }; pinentry = super.pinentry.override { enabledFlavors = [ "curses" "tty" "emacs" ]; withLibsecret = false; }; pipewire = super.pipewire.override { x11Support = false; }; + python3 = super.python3.override { inherit packageOverrides; }; + python3Packages = self.python3.pkgs; # required otherwise overlays from above are not forwarded qemu = super.qemu.override { gtkSupport = false; spiceSupport = false; sdlSupport = false; }; qrencode = super.qrencode.overrideAttrs (_: { doCheck = false; }); qt5 = super.qt5.overrideScope (const (super': { @@ -72,6 +79,6 @@ with lib; util-linux = super.util-linux.override { translateManpages = false; }; vim-full = super.vim-full.override { guiSupport = false; }; zbar = super.zbar.override { enableVideo = false; withXorg = false; }; - })); + }); }; } diff --git a/pkgs/applications/audio/flac/default.nix b/pkgs/applications/audio/flac/default.nix index be987fccd66e2..cadf0c829d44f 100644 --- a/pkgs/applications/audio/flac/default.nix +++ b/pkgs/applications/audio/flac/default.nix @@ -10,12 +10,12 @@ stdenv.mkDerivation rec { pname = "flac"; - version = "1.4.2"; + version = "1.4.3"; src = fetchurl { url = "http://downloads.xiph.org/releases/flac/${pname}-${version}.tar.xz"; # Official checksum is published at https://github.com/xiph/flac/releases/tag/${version} - sha256 = "sha256-4yLVih9I0j2d049DJnKGX2955zpvnMWl9X/KqD61qOQ="; + hash = "sha256-bFjmnNIjSPRBuGEJK4JeWR0Lgi4QbebrDuTQXScgW3A="; }; nativeBuildInputs = [ diff --git a/pkgs/applications/audio/mympd/default.nix b/pkgs/applications/audio/mympd/default.nix index 06d241988864d..5d2030b6385bc 100644 --- a/pkgs/applications/audio/mympd/default.nix +++ b/pkgs/applications/audio/mympd/default.nix @@ -51,8 +51,12 @@ stdenv.mkDerivation rec { # similarly here "-DCMAKE_INSTALL_LOCALSTATEDIR=/var/lib/mympd" ]; - # See https://github.com/jcorporation/myMPD/issues/315 - hardeningDisable = [ "strictoverflow" ]; + hardeningDisable = [ + # See https://github.com/jcorporation/myMPD/issues/315 + "strictoverflow" + # causes redefinition of _FORTIFY_SOURCE + "fortify3" + ]; meta = { homepage = "https://jcorporation.github.io/myMPD"; diff --git a/pkgs/applications/editors/vim/common.nix b/pkgs/applications/editors/vim/common.nix index 11509795b546d..728ab5eb54c9f 100644 --- a/pkgs/applications/editors/vim/common.nix +++ b/pkgs/applications/editors/vim/common.nix @@ -1,12 +1,12 @@ { lib, fetchFromGitHub }: rec { - version = "9.0.1562"; + version = "9.0.1642"; src = fetchFromGitHub { owner = "vim"; repo = "vim"; rev = "v${version}"; - hash = "sha256-+QKh3CxSjwcJ+Rj9RHYHRKSZixkfA1ZCAPDIyV/Npt8="; + hash = "sha256-WWj8lZZtnGrv3pxu77otBKixS3ciLcznCyPk/iGryg4="; }; enableParallelBuilding = true; diff --git a/pkgs/applications/misc/pot/Cargo.lock b/pkgs/applications/misc/pot/Cargo.lock index be864c40e44f7..7772f9927ede5 100644 --- a/pkgs/applications/misc/pot/Cargo.lock +++ b/pkgs/applications/misc/pot/Cargo.lock @@ -3802,7 +3802,7 @@ dependencies = [ [[package]] name = "tauri-plugin-single-instance" version = "0.0.0" -source = "git+https://github.com/tauri-apps/plugins-workspace?branch=v1#c4d2c8c693a8e0da627f4c845486dbe1b1e32c64" +source = "git+https://github.com/tauri-apps/plugins-workspace?branch=dev#dce0f02bc571128308c30278cde3233f341e6a50" dependencies = [ "log", "serde", diff --git a/pkgs/applications/misc/pot/default.nix b/pkgs/applications/misc/pot/default.nix index e029d365bfa99..cad203519f70d 100644 --- a/pkgs/applications/misc/pot/default.nix +++ b/pkgs/applications/misc/pot/default.nix @@ -34,11 +34,6 @@ stdenv.mkDerivation rec { sourceRoot = "source/src-tauri"; - postUnpack = '' - sed -i -e 's/dev/v1/' source/src-tauri/Cargo.toml - cp ${./Cargo.lock} source/src-tauri/Cargo.lock - ''; - postPatch = '' substituteInPlace $cargoDepsCopy/libappindicator-sys-*/src/lib.rs \ --replace "libayatana-appindicator3.so.1" "${libayatana-appindicator}/lib/libayatana-appindicator3.so.1" @@ -81,7 +76,7 @@ stdenv.mkDerivation rec { cargoDeps = rustPlatform.importCargoLock { lockFile = ./Cargo.lock; outputHashes = { - "tauri-plugin-single-instance-0.0.0" = "sha256-9eclolp+Gb8qF/KYIRiOoCJbMJLI8LyWLQu82npI7mQ="; + "tauri-plugin-single-instance-0.0.0" = "sha256-M6uGcf4UWAU+494wAK/r2ta1c3IZ07iaURLwJJR9F3U="; "tauri-plugin-autostart-0.0.0" = "sha256-9eclolp+Gb8qF/KYIRiOoCJbMJLI8LyWLQu82npI7mQ="; "enigo-0.1.2" = "sha256-99VJ0WYD8jV6CYUZ1bpYJBwIE2iwOZ9SjOvyA2On12Q="; "selection-0.1.0" = "sha256-85NUACRi7TjyMNKVz93G+W1EXKIVZZge/h/HtDwiW/Q="; diff --git a/pkgs/applications/networking/nextcloud-client/default.nix b/pkgs/applications/networking/nextcloud-client/default.nix index 322f97f48031f..820bfa8b4efe9 100644 --- a/pkgs/applications/networking/nextcloud-client/default.nix +++ b/pkgs/applications/networking/nextcloud-client/default.nix @@ -87,6 +87,9 @@ mkDerivation rec { "-DNO_SHIBBOLETH=1" # allows to compile without qtwebkit ]; + # causes redefinition of _FORTIFY_SOURCE + hardeningDisable = [ "fortify3" ]; + postBuild = '' make doc-man ''; diff --git a/pkgs/applications/science/misc/root/5.nix b/pkgs/applications/science/misc/root/5.nix index ef7037eea3adc..4a8411cd34f98 100644 --- a/pkgs/applications/science/misc/root/5.nix +++ b/pkgs/applications/science/misc/root/5.nix @@ -66,6 +66,9 @@ stdenv.mkDerivation rec { }) ]; + # https://github.com/root-project/root/issues/13216 + hardeningDisable = [ "fortify3" ]; + preConfigure = '' # binutils 2.37 fixes fixupList=( diff --git a/pkgs/applications/terminal-emulators/xterm/default.nix b/pkgs/applications/terminal-emulators/xterm/default.nix index 958f87a6c311b..f037867aee43b 100644 --- a/pkgs/applications/terminal-emulators/xterm/default.nix +++ b/pkgs/applications/terminal-emulators/xterm/default.nix @@ -4,14 +4,14 @@ stdenv.mkDerivation rec { pname = "xterm"; - version = "382"; + version = "383"; src = fetchurl { urls = [ "ftp://ftp.invisible-island.net/xterm/${pname}-${version}.tgz" "https://invisible-mirror.net/archives/xterm/${pname}-${version}.tgz" ]; - hash = "sha256-DNC889CqdGqEDqPxNm6imnQmNpTVNbXHd/J+tl1/zu0="; + hash = "sha256-oGYTvNpQjCob/21CMIldp0p5h5mi45ojusggide5qZg="; }; strictDeps = true; diff --git a/pkgs/applications/version-management/mercurial/default.nix b/pkgs/applications/version-management/mercurial/default.nix index b9f77d83ddef4..c5dd09eb1970e 100644 --- a/pkgs/applications/version-management/mercurial/default.nix +++ b/pkgs/applications/version-management/mercurial/default.nix @@ -21,11 +21,11 @@ let self = python3Packages.buildPythonApplication rec { pname = "mercurial${lib.optionalString fullBuild "-full"}"; - version = "6.4.3"; + version = "6.4.5"; src = fetchurl { url = "https://mercurial-scm.org/release/mercurial-${version}.tar.gz"; - sha256 = "sha256-p3+2LTJZNKg6ALL8bbEJ9ExnuGdo/EBJA2b1E2QMf2Q="; + sha256 = "sha256-sLSwC4smOci+OHOUeW8EJb6zOTFN9+cpN/jd0qQbG4o="; }; format = "other"; @@ -35,7 +35,7 @@ let cargoDeps = if rustSupport then rustPlatform.fetchCargoTarball { inherit src; name = "mercurial-${version}"; - sha256 = "sha256-nm9RZZHtmPfeJ7StHZmfxcFqKeJHACQQeA/Evv3wYD8="; + sha256 = "sha256-shB2MRGATTg4l6pJ9FVYfBtnrX/eEHRvPhc8GZTA9ns="; sourceRoot = "mercurial-${version}/rust"; } else null; cargoRoot = if rustSupport then "rust" else null; diff --git a/pkgs/applications/virtualization/singularity/generic.nix b/pkgs/applications/virtualization/singularity/generic.nix index ab9f1d1ce710a..8da3610ac065b 100644 --- a/pkgs/applications/virtualization/singularity/generic.nix +++ b/pkgs/applications/virtualization/singularity/generic.nix @@ -149,6 +149,9 @@ in ++ extraConfigureFlags ; + # causes redefinition of _FORTIFY_SOURCE + hardeningDisable = [ "fortify3" ]; + # Packages to prefix to the Apptainer/Singularity container runtime default PATH # Use overrideAttrs to override defaultPathInputs = [ diff --git a/pkgs/build-support/bintools-wrapper/add-hardening.sh b/pkgs/build-support/bintools-wrapper/add-hardening.sh index 0a2b2509a8265..db9553c3fc76c 100644 --- a/pkgs/build-support/bintools-wrapper/add-hardening.sh +++ b/pkgs/build-support/bintools-wrapper/add-hardening.sh @@ -37,11 +37,11 @@ fi for flag in "${!hardeningEnableMap[@]}"; do case $flag in pie) - if [[ ! (" $* " =~ " -shared " \ - || " $* " =~ " -static " \ - || " $* " =~ " -r " \ - || " $* " =~ " -Ur " \ - || " $* " =~ " -i ") ]]; then + if [[ ! (" ${params[*]} " =~ " -shared " \ + || " ${params[*]} " =~ " -static " \ + || " ${params[*]} " =~ " -r " \ + || " ${params[*]} " =~ " -Ur " \ + || " ${params[*]} " =~ " -i ") ]]; then if (( "${NIX_DEBUG:-0}" >= 1 )); then echo HARDENING: enabling LDFlags -pie >&2; fi hardeningLDFlags+=('-pie') fi diff --git a/pkgs/build-support/cc-wrapper/add-hardening.sh b/pkgs/build-support/cc-wrapper/add-hardening.sh index b1aa01355b137..07ac6737f39da 100644 --- a/pkgs/build-support/cc-wrapper/add-hardening.sh +++ b/pkgs/build-support/cc-wrapper/add-hardening.sh @@ -71,7 +71,7 @@ for flag in "${!hardeningEnableMap[@]}"; do # NB: we do not use `+=` here, because PIE flags must occur before any PIC flags if (( "${NIX_DEBUG:-0}" >= 1 )); then echo HARDENING: enabling CFlags -fPIE >&2; fi hardeningCFlags=('-fPIE' "${hardeningCFlags[@]}") - if [[ ! (" $* " =~ " -shared " || " $* " =~ " -static ") ]]; then + if [[ ! (" ${params[*]} " =~ " -shared " || " ${params[*]} " =~ " -static ") ]]; then if (( "${NIX_DEBUG:-0}" >= 1 )); then echo HARDENING: enabling LDFlags -pie >&2; fi hardeningCFlags=('-pie' "${hardeningCFlags[@]}") fi diff --git a/pkgs/build-support/cc-wrapper/setup-hook.sh b/pkgs/build-support/cc-wrapper/setup-hook.sh index be01c51a71ffd..9326d76e2a8ff 100644 --- a/pkgs/build-support/cc-wrapper/setup-hook.sh +++ b/pkgs/build-support/cc-wrapper/setup-hook.sh @@ -111,7 +111,7 @@ export CC${role_post}=@named_cc@ export CXX${role_post}=@named_cxx@ # If unset, assume the default hardening flags. -: ${NIX_HARDENING_ENABLE="fortify stackprotector pic strictoverflow format relro bindnow"} +: ${NIX_HARDENING_ENABLE="fortify fortify3 stackprotector pic strictoverflow format relro bindnow"} export NIX_HARDENING_ENABLE # No local scope in sourced file diff --git a/pkgs/build-support/rust/import-cargo-lock.nix b/pkgs/build-support/rust/import-cargo-lock.nix index f4daf3540531a..c17b0e41cca8e 100644 --- a/pkgs/build-support/rust/import-cargo-lock.nix +++ b/pkgs/build-support/rust/import-cargo-lock.nix @@ -201,7 +201,7 @@ let # Set up configuration for the vendor directory. cat > $out/.cargo-config <<EOF - [source."${gitParts.url}"] + [source."${gitParts.url}${lib.optionalString (gitParts ? type) "?${gitParts.type}=${gitParts.value}"}"] git = "${gitParts.url}" ${lib.optionalString (gitParts ? type) "${gitParts.type} = \"${gitParts.value}\""} replace-with = "vendored-sources" diff --git a/pkgs/development/compilers/intel-graphics-compiler/default.nix b/pkgs/development/compilers/intel-graphics-compiler/default.nix index b5a5f0671ab86..d2093ccb6c68e 100644 --- a/pkgs/development/compilers/intel-graphics-compiler/default.nix +++ b/pkgs/development/compilers/intel-graphics-compiler/default.nix @@ -86,6 +86,9 @@ stdenv.mkDerivation rec { "-DIGC_PREFERRED_LLVM_VERSION=${lib.getVersion llvm}" ]; + # causes redefinition of _FORTIFY_SOURCE + hardeningDisable = [ "fortify3" ]; + meta = with lib; { homepage = "https://github.com/intel/intel-graphics-compiler"; description = "LLVM-based compiler for OpenCL targeting Intel Gen graphics hardware"; diff --git a/pkgs/development/compilers/orc/default.nix b/pkgs/development/compilers/orc/default.nix index e36eb28d465e5..dd1ce9d146726 100644 --- a/pkgs/development/compilers/orc/default.nix +++ b/pkgs/development/compilers/orc/default.nix @@ -18,11 +18,11 @@ inherit (lib) optional optionals; in stdenv.mkDerivation rec { pname = "orc"; - version = "0.4.33"; + version = "0.4.34"; src = fetchurl { url = "https://gstreamer.freedesktop.org/src/orc/${pname}-${version}.tar.xz"; - sha256 = "sha256-hE5tfbgIb3k/V2GNPUto0p2ZsWA05xQw3zwhz9PDVCo="; + sha256 = "sha256-j0ers/CXFx5E64B63Nq9hg+6Lv/TfY08T71fNByt1B8="; }; postPatch = lib.optionalString stdenv.isAarch32 '' @@ -58,6 +58,7 @@ in stdenv.mkDerivation rec { meta = with lib; { description = "The Oil Runtime Compiler"; homepage = "https://gstreamer.freedesktop.org/projects/orc.html"; + changelog = "https://cgit.freedesktop.org/gstreamer/orc/plain/RELEASE?h=${version}"; # The source code implementing the Marsenne Twister algorithm is licensed # under the 3-clause BSD license. The rest is 2-clause BSD license. license = with licenses; [ bsd3 bsd2 ]; diff --git a/pkgs/development/compilers/rust/rustc.nix b/pkgs/development/compilers/rust/rustc.nix index 4cf4bdfb3e501..7b924b9f8d4f6 100644 --- a/pkgs/development/compilers/rust/rustc.nix +++ b/pkgs/development/compilers/rust/rustc.nix @@ -53,7 +53,7 @@ in stdenv.mkDerivation rec { NIX_LDFLAGS = toString ( # when linking stage1 libstd: cc: undefined reference to `__cxa_begin_catch' optional (stdenv.isLinux && !withBundledLLVM) "--push-state --as-needed -lstdc++ --pop-state" - ++ optional (stdenv.isDarwin && !withBundledLLVM) "-lc++" + ++ optional (stdenv.isDarwin && !withBundledLLVM) "-lc++ -lc++abi" ++ optional stdenv.isDarwin "-rpath ${llvmSharedForHost}/lib"); # Increase codegen units to introduce parallelism within the compiler. diff --git a/pkgs/development/interpreters/ruby/rubygems/default.nix b/pkgs/development/interpreters/ruby/rubygems/default.nix index 4eef42a15149d..54293b376883f 100644 --- a/pkgs/development/interpreters/ruby/rubygems/default.nix +++ b/pkgs/development/interpreters/ruby/rubygems/default.nix @@ -2,11 +2,11 @@ stdenv.mkDerivation rec { pname = "rubygems"; - version = "3.4.14"; + version = "3.4.16"; src = fetchurl { url = "https://rubygems.org/rubygems/rubygems-${version}.tgz"; - hash = "sha256-l5sYQoSKOb5NkO/J05nClKygtuZ9RfgAsmyTzCLQOYM="; + hash = "sha256-T58wDLMOCPPwoPuXdZvpXeF7yERXvW1lPxVqe8zFs6M="; }; patches = [ diff --git a/pkgs/development/libraries/SDL2/default.nix b/pkgs/development/libraries/SDL2/default.nix index 0430a8dae01f5..aa1cd1d809f0f 100644 --- a/pkgs/development/libraries/SDL2/default.nix +++ b/pkgs/development/libraries/SDL2/default.nix @@ -55,11 +55,11 @@ stdenv.mkDerivation rec { pname = "SDL2"; - version = "2.28.0"; + version = "2.28.1"; src = fetchurl { url = "https://www.libsdl.org/release/${pname}-${version}.tar.gz"; - sha256 = "sha256-0hWuRUHmnWKJU3EUls17DouNXI2BHVsPmP3H/RQimYo="; + sha256 = "sha256-SXfOulwAVNvmwvEUZBrO1DzjvytB6mS2o3LWuhKcsV0="; }; dontDisableStatic = if withStatic then 1 else 0; outputs = [ "out" "dev" ]; diff --git a/pkgs/development/libraries/boost/generic.nix b/pkgs/development/libraries/boost/generic.nix index 228536a9ecfd5..cad0f3aaed690 100644 --- a/pkgs/development/libraries/boost/generic.nix +++ b/pkgs/development/libraries/boost/generic.nix @@ -112,7 +112,29 @@ stdenv.mkDerivation { url = "https://github.com/boostorg/math/commit/7d482f6ebc356e6ec455ccb5f51a23971bf6ce5b.patch"; relative = "include"; sha256 = "sha256-KlmIbixcds6GyKYt1fx5BxDIrU7msrgDdYo9Va/KJR4="; - }); + }) + # This fixes another issue regarding ill-formed constant expressions, which is a default error + # in clang 16 and will be a hard error in clang 17. + ++ lib.optional (lib.versionOlder version "1.80") (fetchpatch { + url = "https://github.com/boostorg/log/commit/77f1e20bd69c2e7a9e25e6a9818ae6105f7d070c.patch"; + relative = "include"; + hash = "sha256-6qOiGJASm33XzwoxVZfKJd7sTlQ5yd+MMFQzegXm5RI="; + }) + ++ lib.optionals (lib.versionOlder version "1.81") [ + # libc++ 15 dropped support for `std::unary_function` and `std::binary_function` in C++17+. + # C++17 is the default for clang 16, but clang 15 is also affected in that language mode. + # This patch is for Boost 1.80, but it also applies to earlier versions. + (fetchpatch { + url = "https://www.boost.org/patches/1_80_0/0005-config-libcpp15.patch"; + hash = "sha256-ULFMzKphv70unvPZ3o4vSP/01/xbSM9a2TlIV67eXDQ="; + }) + # This fixes another ill-formed contant expressions issue flagged by clang 16. + (fetchpatch { + url = "https://github.com/boostorg/numeric_conversion/commit/50a1eae942effb0a9b90724323ef8f2a67e7984a.patch"; + relative = "include"; + hash = "sha256-dq4SVgxkPJSC7Fvr59VGnXkM4Lb09kYDaBksCHo9C0s="; + }) + ]; meta = with lib; { homepage = "http://boost.org/"; diff --git a/pkgs/development/libraries/dav1d/default.nix b/pkgs/development/libraries/dav1d/default.nix index d456f1d43ba67..8476860f1e797 100644 --- a/pkgs/development/libraries/dav1d/default.nix +++ b/pkgs/development/libraries/dav1d/default.nix @@ -10,13 +10,13 @@ assert useVulkan -> withExamples; stdenv.mkDerivation rec { pname = "dav1d"; - version = "1.2.0"; + version = "1.2.1"; src = fetchFromGitHub { owner = "videolan"; repo = pname; rev = version; - hash = "sha256-Y9wqa6lIs0eKT+q+95gjzfHIc3pglXzLNaDjsWy1gok="; + hash = "sha256-RrEim3HXXjx2RUU7K3wPH3QbhNTRN9ZX/oAcyE9aV8I="; }; outputs = [ "out" "dev" ]; diff --git a/pkgs/development/libraries/db/clang-4.8.patch b/pkgs/development/libraries/db/clang-4.8.patch index aa46b8500b5a7..0aff876820373 100644 --- a/pkgs/development/libraries/db/clang-4.8.patch +++ b/pkgs/development/libraries/db/clang-4.8.patch @@ -139,3 +139,67 @@ index f3922e0..e40fcdf 100644 } else { DB_ASSERT(env, sharecount > 0); MEMBAR_EXIT(); +diff -ur a/dist/aclocal/clock.m4 b/dist/aclocal/clock.m4 +--- a/dist/aclocal/clock.m4 1969-12-31 19:00:01.000000000 -0500 ++++ b/dist/aclocal/clock.m4 2023-06-05 19:14:02.007080500 -0400 +@@ -21,6 +21,7 @@ + AC_CACHE_CHECK([for clock_gettime monotonic clock], db_cv_clock_monotonic, [ + AC_TRY_RUN([ + #include <sys/time.h> ++int + main() { + struct timespec t; + return (clock_gettime(CLOCK_MONOTONIC, &t) != 0); +diff -ur a/dist/aclocal/mutex.m4 b/dist/aclocal/mutex.m4 +--- a/dist/aclocal/mutex.m4 1969-12-31 19:00:01.000000000 -0500 ++++ b/dist/aclocal/mutex.m4 2023-06-05 19:14:47.214158196 -0400 +@@ -4,6 +4,7 @@ + AC_DEFUN(AM_PTHREADS_SHARED, [ + AC_TRY_RUN([ + #include <pthread.h> ++int + main() { + pthread_cond_t cond; + pthread_mutex_t mutex; +@@ -46,6 +47,7 @@ + AC_DEFUN(AM_PTHREADS_PRIVATE, [ + AC_TRY_RUN([ + #include <pthread.h> ++int + main() { + pthread_cond_t cond; + pthread_mutex_t mutex; +diff -ur a/dist/aclocal/sequence.m4 b/dist/aclocal/sequence.m4 +--- a/dist/aclocal/sequence.m4 1969-12-31 19:00:01.000000000 -0500 ++++ b/dist/aclocal/sequence.m4 2023-06-05 19:14:02.007869956 -0400 +@@ -43,6 +43,9 @@ + # test, which won't test for the appropriate printf format strings. + if test "$db_cv_build_sequence" = "yes"; then + AC_TRY_RUN([ ++ #include <string.h> ++ #include <stdio.h> ++ int + main() { + $db_cv_seq_type l; + unsigned $db_cv_seq_type u; +@@ -59,7 +62,9 @@ + return (1); + return (0); + }],, [db_cv_build_sequence="no"], +- AC_TRY_LINK(,[ ++ AC_TRY_LINK([ ++ #include <string.h> ++ #include <stdio.h>],[ + $db_cv_seq_type l; + unsigned $db_cv_seq_type u; + char buf@<:@100@:>@; +diff -ur a/dist/RELEASE b/dist/RELEASE +--- a/dist/RELEASE 1969-12-31 19:00:01.000000000 -0500 ++++ b/dist/RELEASE 2023-07-02 17:32:34.703953049 -0400 +@@ -7,5 +7,5 @@ + + DB_VERSION_UNIQUE_NAME=`printf "_%d%03d" $DB_VERSION_MAJOR $DB_VERSION_MINOR` + +-DB_RELEASE_DATE=`date "+%B %e, %Y"` ++DB_RELEASE_DATE="April 9, 2010" + DB_VERSION_STRING="Berkeley DB $DB_VERSION: ($DB_RELEASE_DATE)" diff --git a/pkgs/development/libraries/db/clang-5.3.patch b/pkgs/development/libraries/db/clang-5.3.patch index caf19ffeb92bf..823a71d6532f5 100644 --- a/pkgs/development/libraries/db/clang-5.3.patch +++ b/pkgs/development/libraries/db/clang-5.3.patch @@ -139,3 +139,111 @@ index 106b161..fc4de9d 100644 } else { DB_ASSERT(env, sharecount > 0); MEMBAR_EXIT(); +diff -ur a/dist/aclocal/clock.m4 b/dist/aclocal/clock.m4 +--- a/dist/aclocal/clock.m4 1969-12-31 19:00:01.000000000 -0500 ++++ b/dist/aclocal/clock.m4 2023-06-05 19:14:02.007080500 -0400 +@@ -21,6 +21,7 @@ + AC_CACHE_CHECK([for clock_gettime monotonic clock], db_cv_clock_monotonic, [ + AC_TRY_RUN([ + #include <sys/time.h> ++int + main() { + struct timespec t; + return (clock_gettime(CLOCK_MONOTONIC, &t) != 0); +diff -ur a/dist/aclocal/mmap.m4 b/dist/aclocal/mmap.m4 +--- a/dist/aclocal/mmap.m4 1969-12-31 19:00:01.000000000 -0500 ++++ b/dist/aclocal/mmap.m4 2023-06-05 19:14:02.007323624 -0400 +@@ -29,6 +29,8 @@ + * system to system. + */ + #include <stdio.h> ++ #include <stdlib.h> ++ #include <unistd.h> + #include <string.h> + #include <sys/types.h> + #include <sys/stat.h> +@@ -42,12 +44,13 @@ + #define MAP_FAILED (-1) + #endif + +- int catch_sig(sig) ++ void catch_sig(sig) + int sig; + { + exit(1); + } + ++ int + main() { + const char *underlying; + unsigned gapsize; +@@ -88,8 +91,8 @@ + return (4); + } + +- (void) signal(SIGSEGV, catch_sig); +- (void) signal(SIGBUS, catch_sig); ++ (void) signal(SIGSEGV, &catch_sig); ++ (void) signal(SIGBUS, &catch_sig); + + for (i = sizeof(buf); i < total_size; i += gapsize) + base[i] = 'A'; +diff -ur a/dist/aclocal/mutex.m4 b/dist/aclocal/mutex.m4 +--- a/dist/aclocal/mutex.m4 1969-12-31 19:00:01.000000000 -0500 ++++ b/dist/aclocal/mutex.m4 2023-06-05 19:14:47.214158196 -0400 +@@ -5,6 +5,7 @@ + AC_TRY_RUN([ + #include <stdlib.h> + #include <pthread.h> ++int + main() { + pthread_cond_t cond; + pthread_mutex_t mutex; +@@ -49,6 +50,7 @@ + AC_TRY_RUN([ + #include <stdlib.h> + #include <pthread.h> ++int + main() { + pthread_cond_t cond; + pthread_mutex_t mutex; +@@ -89,6 +91,7 @@ + AC_TRY_RUN([ + #include <stdlib.h> + #include <pthread.h> ++int + main() { + pthread_cond_t cond; + pthread_condattr_t condattr; +@@ -110,6 +113,7 @@ + AC_TRY_RUN([ + #include <stdlib.h> + #include <pthread.h> ++int + main() { + pthread_rwlock_t rwlock; + pthread_rwlockattr_t rwlockattr; +diff -ur a/dist/aclocal/sequence.m4 b/dist/aclocal/sequence.m4 +--- a/dist/aclocal/sequence.m4 1969-12-31 19:00:01.000000000 -0500 ++++ b/dist/aclocal/sequence.m4 2023-06-05 19:14:02.007869956 -0400 +@@ -43,6 +43,9 @@ + # test, which won't test for the appropriate printf format strings. + if test "$db_cv_build_sequence" = "yes"; then + AC_TRY_RUN([ ++ #include <string.h> ++ #include <stdio.h> ++ int + main() { + $db_cv_seq_type l; + unsigned $db_cv_seq_type u; +@@ -59,7 +62,9 @@ + return (1); + return (0); + }],, [db_cv_build_sequence="no"], +- AC_TRY_LINK(,[ ++ AC_TRY_LINK([ ++ #include <string.h> ++ #include <stdio.h>],[ + $db_cv_seq_type l; + unsigned $db_cv_seq_type u; + char buf@<:@100@:>@; diff --git a/pkgs/development/libraries/db/darwin-mutexes-4.8.patch b/pkgs/development/libraries/db/darwin-mutexes-4.8.patch new file mode 100644 index 0000000000000..09d5b814f1619 --- /dev/null +++ b/pkgs/development/libraries/db/darwin-mutexes-4.8.patch @@ -0,0 +1,55 @@ +diff -ur a/dist/aclocal/mutex.m4 b/dist/aclocal/mutex.m4 +--- a/dist/aclocal/mutex.m4 1969-12-31 19:00:01.000000000 -0500 ++++ b/dist/aclocal/mutex.m4 2023-06-05 19:14:47.214158196 -0400 +@@ -372,10 +376,11 @@ + + # _spin_lock_try/_spin_unlock: Apple/Darwin + if test "$db_cv_mutex" = no; then +-AC_TRY_LINK(,[ +- int x; +- _spin_lock_try(&x); +- _spin_unlock(&x); ++AC_TRY_LINK([ ++#include <os/lock.h>],[ ++ os_unfair_lock x = OS_UNFAIR_LOCK_INIT; ++ bool _ = os_unfair_lock_trylock(&x); ++ os_unfair_lock_unlock(&x); + ], [db_cv_mutex=Darwin/_spin_lock_try]) + fi + +diff -ur a/dbinc/mutex_int.h b/dbinc/mutex_int.h +--- a/dbinc/mutex_int.h 1969-12-31 19:00:01.000000000 -0500 ++++ b/dbinc/mutex_int.h 2023-06-05 19:15:37.510514745 -0400 +@@ -154,14 +154,13 @@ + * Apple/Darwin library functions. + *********************************************************************/ + #ifdef HAVE_MUTEX_DARWIN_SPIN_LOCK_TRY +-typedef u_int32_t tsl_t; ++#include <os/lock.h> ++typedef os_unfair_lock tsl_t; + + #ifdef LOAD_ACTUAL_MUTEX_CODE +-extern int _spin_lock_try(tsl_t *); +-extern void _spin_unlock(tsl_t *); +-#define MUTEX_SET(tsl) _spin_lock_try(tsl) +-#define MUTEX_UNSET(tsl) _spin_unlock(tsl) +-#define MUTEX_INIT(tsl) (MUTEX_UNSET(tsl), 0) ++#define MUTEX_SET(tsl) os_unfair_lock_trylock(tsl) ++#define MUTEX_UNSET(tsl) os_unfair_lock_unlock(tsl) ++#define MUTEX_INIT(tsl) ({ *(tsl) = OS_UNFAIR_LOCK_INIT; tsl; }) + #endif + #endif + +diff -ur a/dbinc/mutex_int.h b/dbinc/mutex_int.h +--- a/dbinc_auto/mutex_ext.h 1969-12-31 19:00:01.000000000 -0500 ++++ b/dbinc_auto/mutex_ext.h 2023-07-01 22:38:20.749201366 -0400 +@@ -34,6 +34,9 @@ + #if !defined(HAVE_ATOMIC_SUPPORT) && defined(HAVE_MUTEX_SUPPORT) + atomic_value_t __atomic_dec __P((ENV *, db_atomic_t *)); + #endif ++#if !defined(HAVE_ATOMIC_SUPPORT) && defined(HAVE_MUTEX_SUPPORT) ++int atomic_compare_exchange __P((ENV *, db_atomic_t *, atomic_value_t, atomic_value_t)); ++#endif + int __db_pthread_mutex_init __P((ENV *, db_mutex_t, u_int32_t)); + int __db_pthread_mutex_lock __P((ENV *, db_mutex_t)); + #if defined(HAVE_SHARED_LATCHES) diff --git a/pkgs/development/libraries/db/darwin-mutexes.patch b/pkgs/development/libraries/db/darwin-mutexes.patch new file mode 100644 index 0000000000000..c0616fda7f7fa --- /dev/null +++ b/pkgs/development/libraries/db/darwin-mutexes.patch @@ -0,0 +1,42 @@ +diff -ur a/dist/aclocal/mutex.m4 b/dist/aclocal/mutex.m4 +--- a/dist/aclocal/mutex.m4 1969-12-31 19:00:01.000000000 -0500 ++++ b/dist/aclocal/mutex.m4 2023-06-05 19:14:47.214158196 -0400 +@@ -441,10 +445,11 @@ + + # _spin_lock_try/_spin_unlock: Apple/Darwin + if test "$db_cv_mutex" = no; then +-AC_TRY_LINK(,[ +- int x; +- _spin_lock_try(&x); +- _spin_unlock(&x); ++AC_TRY_LINK([ ++#include <os/lock.h>],[ ++ os_unfair_lock x = OS_UNFAIR_LOCK_INIT; ++ bool _ = os_unfair_lock_trylock(&x); ++ os_unfair_lock_unlock(&x); + ], [db_cv_mutex=Darwin/_spin_lock_try]) + fi + +diff -ur a/src/dbinc/mutex_int.h b/src/dbinc/mutex_int.h +--- a/src/dbinc/mutex_int.h 1969-12-31 19:00:01.000000000 -0500 ++++ b/src/dbinc/mutex_int.h 2023-06-05 19:15:37.510514745 -0400 +@@ -154,14 +154,13 @@ + * Apple/Darwin library functions. + *********************************************************************/ + #ifdef HAVE_MUTEX_DARWIN_SPIN_LOCK_TRY +-typedef u_int32_t tsl_t; ++#include <os/lock.h> ++typedef os_unfair_lock tsl_t; + + #ifdef LOAD_ACTUAL_MUTEX_CODE +-extern int _spin_lock_try(tsl_t *); +-extern void _spin_unlock(tsl_t *); +-#define MUTEX_SET(tsl) _spin_lock_try(tsl) +-#define MUTEX_UNSET(tsl) _spin_unlock(tsl) +-#define MUTEX_INIT(tsl) (MUTEX_UNSET(tsl), 0) ++#define MUTEX_SET(tsl) os_unfair_lock_trylock(tsl) ++#define MUTEX_UNSET(tsl) os_unfair_lock_unlock(tsl) ++#define MUTEX_INIT(tsl) ({ *(tsl) = OS_UNFAIR_LOCK_INIT; tsl; }) + #endif + #endif + diff --git a/pkgs/development/libraries/db/db-4.8.nix b/pkgs/development/libraries/db/db-4.8.nix index 5cf9200a9ab97..9f2a916317e4c 100644 --- a/pkgs/development/libraries/db/db-4.8.nix +++ b/pkgs/development/libraries/db/db-4.8.nix @@ -1,9 +1,10 @@ -{ lib, stdenv, fetchurl, ... } @ args: +{ lib, stdenv, fetchurl, autoreconfHook, ... } @ args: import ./generic.nix (args // { version = "4.8.30"; sha256 = "0ampbl2f0hb1nix195kz1syrqqxpmvnvnfvphambj7xjrl3iljg0"; - extraPatches = [ ./clang-4.8.patch ./CVE-2017-10140-4.8-cwd-db_config.patch ]; + extraPatches = [ ./clang-4.8.patch ./CVE-2017-10140-4.8-cwd-db_config.patch ] + ++ lib.optionals stdenv.isDarwin [ ./darwin-mutexes-4.8.patch ]; drvArgs.hardeningDisable = [ "format" ]; drvArgs.doCheck = false; diff --git a/pkgs/development/libraries/db/db-5.3.nix b/pkgs/development/libraries/db/db-5.3.nix index 0bb5c4cd6a4a1..3fd08c510c275 100644 --- a/pkgs/development/libraries/db/db-5.3.nix +++ b/pkgs/development/libraries/db/db-5.3.nix @@ -1,7 +1,8 @@ -{ lib, stdenv, fetchurl, ... } @ args: +{ lib, stdenv, fetchurl, autoreconfHook, ... } @ args: import ./generic.nix (args // { version = "5.3.28"; sha256 = "0a1n5hbl7027fbz5lm0vp0zzfp1hmxnz14wx3zl9563h83br5ag0"; - extraPatches = [ ./clang-5.3.patch ./CVE-2017-10140-cwd-db_config.patch ]; + extraPatches = [ ./clang-5.3.patch ./CVE-2017-10140-cwd-db_config.patch ] + ++ lib.optionals stdenv.isDarwin [ ./darwin-mutexes.patch ]; }) diff --git a/pkgs/development/libraries/db/db-6.0.nix b/pkgs/development/libraries/db/db-6.0.nix index 49935dd2399bd..a9b748e349058 100644 --- a/pkgs/development/libraries/db/db-6.0.nix +++ b/pkgs/development/libraries/db/db-6.0.nix @@ -1,8 +1,9 @@ -{ lib, stdenv, fetchurl, ... } @ args: +{ lib, stdenv, fetchurl, autoreconfHook, ... } @ args: import ./generic.nix (args // { version = "6.0.20"; sha256 = "00r2aaglq625y8r9xd5vw2y070plp88f1mb2gbq3kqsl7128lsl0"; license = lib.licenses.agpl3; - extraPatches = [ ./clang-6.0.patch ./CVE-2017-10140-cwd-db_config.patch ]; + extraPatches = [ ./clang-6.0.patch ./CVE-2017-10140-cwd-db_config.patch ] + ++ lib.optionals stdenv.isDarwin [ ./darwin-mutexes.patch ]; }) diff --git a/pkgs/development/libraries/db/db-6.2.nix b/pkgs/development/libraries/db/db-6.2.nix index b2c0fd7ac8fc6..4b3a3c6129a7f 100644 --- a/pkgs/development/libraries/db/db-6.2.nix +++ b/pkgs/development/libraries/db/db-6.2.nix @@ -1,8 +1,9 @@ -{ lib, stdenv, fetchurl, ... } @ args: +{ lib, stdenv, fetchurl, autoreconfHook, ... } @ args: import ./generic.nix (args // { version = "6.2.23"; sha256 = "1isxx4jfmnh913jzhp8hhfngbk6dsg46f4kjpvvc56maj64jqqa7"; license = lib.licenses.agpl3; - extraPatches = [ ./clang-6.0.patch ./CVE-2017-10140-cwd-db_config.patch ]; + extraPatches = [ ./clang-6.0.patch ./CVE-2017-10140-cwd-db_config.patch ] + ++ lib.optionals stdenv.isDarwin [ ./darwin-mutexes.patch ]; }) diff --git a/pkgs/development/libraries/db/generic.nix b/pkgs/development/libraries/db/generic.nix index 59df0e8469cbc..5bd5ed44b343c 100644 --- a/pkgs/development/libraries/db/generic.nix +++ b/pkgs/development/libraries/db/generic.nix @@ -1,4 +1,4 @@ -{ lib, stdenv, fetchurl +{ lib, stdenv, fetchurl, autoreconfHook , cxxSupport ? true , compat185 ? true , dbmSupport ? false @@ -10,6 +10,9 @@ , drvArgs ? {} }: +let + shouldReconfigure = stdenv.cc.isClang; +in stdenv.mkDerivation (rec { pname = "db"; inherit version; @@ -19,10 +22,48 @@ stdenv.mkDerivation (rec { sha256 = sha256; }; + # The provided configure script features `main` returning implicit `int`, which causes + # configure checks to work incorrectly with clang 16. + nativeBuildInputs = lib.optionals stdenv.cc.isClang [ autoreconfHook ]; + patches = extraPatches; outputs = [ "bin" "out" "dev" ]; + # Required when regenerated the configure script to make sure the vendored macros are found. + autoreconfFlags = lib.optionalString shouldReconfigure [ "-fi" "-Iaclocal" "-Iaclocal_java" ]; + + preAutoreconf = lib.optionalString shouldReconfigure '' + pushd dist + # Upstream’s `dist/s_config` cats everything into `aclocal.m4`, but that doesn’t work with + # autoreconfHook, so cat `config.m4` to another file. Otherwise, it won’t be found by `aclocal`. + cat aclocal/config.m4 >> aclocal/options.m4 + ''; + + # This isn’t pretty. The version information is kept separate from the configure script. + # After the configure script is regenerated, the version information has to be replaced with the + # contents of `dist/RELEASE`. + postAutoreconf = lib.optionalString shouldReconfigure '' + ( + declare -a vars=( + "DB_VERSION_FAMILY" + "DB_VERSION_RELEASE" + "DB_VERSION_MAJOR" + "DB_VERSION_MINOR" + "DB_VERSION_PATCH" + "DB_VERSION_STRING" + "DB_VERSION_FULL_STRING" + "DB_VERSION_UNIQUE_NAME" + "DB_VERSION" + ) + source RELEASE + for var in "''${vars[@]}"; do + sed -e "s/__EDIT_''${var}__/''${!var}/g" -i configure + done + ) + popd + ''; + configureFlags = [ (if cxxSupport then "--enable-cxx" else "--disable-cxx") diff --git a/pkgs/development/libraries/gvm-libs/default.nix b/pkgs/development/libraries/gvm-libs/default.nix index 6d09784427028..5d676de5c4817 100644 --- a/pkgs/development/libraries/gvm-libs/default.nix +++ b/pkgs/development/libraries/gvm-libs/default.nix @@ -60,6 +60,9 @@ stdenv.mkDerivation rec { "-DGVM_RUN_DIR=${placeholder "out"}/run/gvm" ]; + # causes redefinition of _FORTIFY_SOURCE + hardeningDisable = [ "fortify3" ]; + meta = with lib; { description = "Libraries module for the Greenbone Vulnerability Management Solution"; homepage = "https://github.com/greenbone/gvm-libs"; diff --git a/pkgs/development/libraries/libfido2/default.nix b/pkgs/development/libraries/libfido2/default.nix index 6904177567b16..c14c30c273354 100644 --- a/pkgs/development/libraries/libfido2/default.nix +++ b/pkgs/development/libraries/libfido2/default.nix @@ -44,6 +44,9 @@ stdenv.mkDerivation rec { "-DUSE_PCSC=1" ]; + # causes possible redefinition of _FORTIFY_SOURCE? + hardeningDisable = [ "fortify3" ]; + meta = with lib; { description = '' Provides library functionality for FIDO 2.0, including communication with a device over USB. diff --git a/pkgs/development/libraries/libtiff/default.nix b/pkgs/development/libraries/libtiff/default.nix index 06dc76d92328c..4fc6449230dcf 100644 --- a/pkgs/development/libraries/libtiff/default.nix +++ b/pkgs/development/libraries/libtiff/default.nix @@ -1,7 +1,6 @@ { lib , stdenv , fetchFromGitLab -, fetchpatch , nix-update-script , autoreconfHook @@ -25,13 +24,13 @@ stdenv.mkDerivation rec { pname = "libtiff"; - version = "4.5.0"; + version = "4.5.1"; src = fetchFromGitLab { owner = "libtiff"; repo = "libtiff"; rev = "v${version}"; - hash = "sha256-KG6rB940JMjFUTAgtkzg+Zh75gylPY6Q7/4gEbL0Hcs="; + hash = "sha256-qQEthy6YhNAQmdDMyoCIvK8f3Tx25MgqhJZW74CB93E="; }; patches = [ @@ -40,32 +39,6 @@ stdenv.mkDerivation rec { # libc++abi 11 has an `#include <version>`, this picks up files name # `version` in the project's include paths ./rename-version.patch - (fetchpatch { - name = "CVE-2022-48281.patch"; - url = "https://gitlab.com/libtiff/libtiff/-/commit/d1b6b9c1b3cae2d9e37754506c1ad8f4f7b646b5.diff"; - sha256 = "sha256-FWUlyJyHXac6fuM5f9PG33kcF5Bm4fyFmYnaDal46iM="; - }) - (fetchpatch { - name = "CVE-2023-0800.CVE-2023-0801.CVE-2023-0802.CVE-2023-0803.CVE-2023-0804.patch"; - url = "https://gitlab.com/libtiff/libtiff/-/commit/33aee1275d9d1384791d2206776eb8152d397f00.patch"; - sha256 = "sha256-wNSa1D9EWObTs331utjIKgo9p9PUWqTM54qG+1Hhm1A="; - }) - (fetchpatch { - name = "CVE-2023-0795.CVE-2023-0796.CVE-2023-0797.CVE-2023-0798.CVE-2023-0799.prerequisite-0.patch"; - url = "https://gitlab.com/libtiff/libtiff/-/commit/9c22495e5eeeae9e00a1596720c969656bb8d678.patch"; - sha256 = "sha256-NTs+dCUweKddQDzJLqbdIdvNbaSweGG0cSVt57tntoI="; - }) - (fetchpatch { - name = "CVE-2023-0795.CVE-2023-0796.CVE-2023-0797.CVE-2023-0798.CVE-2023-0799.prerequisite-1.patch"; - url = "https://gitlab.com/libtiff/libtiff/-/commit/d63de61b1ec3385f6383ef9a1f453e4b8b11d536.patch"; - includes = [ "tools/tiffcrop.c" ]; - sha256 = "sha256-VHg5aAcHKwRkDFDyC1rLjCjj1rMzcq/2SUR/r1fQubQ="; - }) - (fetchpatch { - name = "CVE-2023-0795.CVE-2023-0796.CVE-2023-0797.CVE-2023-0798.CVE-2023-0799.patch"; - url = "https://gitlab.com/libtiff/libtiff/-/commit/afaabc3e50d4e5d80a94143f7e3c997e7e410f68.patch"; - sha256 = "sha256-9+oXKVJEeaIuMBdtvhNlUBNpw9uzg31s+zxt4GJo6Lo="; - }) ]; postPatch = '' diff --git a/pkgs/development/libraries/libuv/default.nix b/pkgs/development/libraries/libuv/default.nix index 3f9a0e6f4bb93..113f83c1fc924 100644 --- a/pkgs/development/libraries/libuv/default.nix +++ b/pkgs/development/libraries/libuv/default.nix @@ -23,14 +23,14 @@ }: stdenv.mkDerivation (finalAttrs: { - version = "1.45.0"; + version = "1.46.0"; pname = "libuv"; src = fetchFromGitHub { owner = "libuv"; repo = "libuv"; rev = "v${finalAttrs.version}"; - sha256 = "sha256-qKw9QFR24Uw7pVA9isPH8Va+9/5DYuqXz6l6jWcXn+4="; + sha256 = "sha256-Lrsyh4qd3OkTw1cSPfahzfSGNt6+pRN1X21iiv1SsFo="; }; outputs = [ "out" "dev" ]; @@ -62,7 +62,7 @@ stdenv.mkDerivation (finalAttrs: { "tcp_create_early" "tcp_close" "tcp_bind_error_inval" "tcp_bind_error_addrinuse" "tcp_shutdown_after_write" "tcp_open" "tcp_write_queue_order" "tcp_try_write" "tcp_writealot" - "multiple_listen" "delayed_accept" + "multiple_listen" "delayed_accept" "udp_recv_in_a_row" "shutdown_close_tcp" "shutdown_eof" "shutdown_twice" "callback_stack" "tty_pty" "condvar_5" "hrtime" "udp_multicast_join" # Tests that fail when sandboxing is enabled. diff --git a/pkgs/development/libraries/libva/default.nix b/pkgs/development/libraries/libva/default.nix index a271c24d9dabb..8d602a8c70b1c 100644 --- a/pkgs/development/libraries/libva/default.nix +++ b/pkgs/development/libraries/libva/default.nix @@ -1,6 +1,6 @@ { stdenv, lib, fetchFromGitHub, meson, pkg-config, ninja, wayland-scanner , libdrm -, minimal ? false, libva-minimal +, minimal ? false , libX11, libXext, libXfixes, wayland, libffi, libGL , mesa # for passthru.tests @@ -26,11 +26,11 @@ stdenv.mkDerivation rec { depsBuildBuild = [ pkg-config ]; - nativeBuildInputs = [ meson pkg-config ninja wayland-scanner ]; + nativeBuildInputs = [ meson pkg-config ninja ] + ++ lib.optional (!minimal) wayland-scanner; buildInputs = [ libdrm ] - ++ lib.optionals (!minimal) [ libva-minimal libX11 libXext libXfixes wayland libffi libGL ]; - # TODO: share libs between minimal and !minimal - perhaps just symlink them + ++ lib.optionals (!minimal) [ libX11 libXext libXfixes wayland libffi libGL ]; mesonFlags = [ # Add FHS and Debian paths for non-NixOS applications diff --git a/pkgs/development/libraries/libwebp/default.nix b/pkgs/development/libraries/libwebp/default.nix index 65fa55a787e15..39a7ab3ba45ba 100644 --- a/pkgs/development/libraries/libwebp/default.nix +++ b/pkgs/development/libraries/libwebp/default.nix @@ -1,5 +1,4 @@ { lib, stdenv, fetchFromGitHub, autoreconfHook, libtool -, fetchpatch , threadingSupport ? true # multi-threading , openglSupport ? false, freeglut, libGL, libGLU # OpenGL (required for vwebp) , pngSupport ? true, libpng # PNG image format @@ -28,24 +27,15 @@ stdenv.mkDerivation rec { pname = "libwebp"; - version = "1.3.0"; + version = "1.3.1"; src = fetchFromGitHub { owner = "webmproject"; repo = pname; rev = "v${version}"; - hash = "sha256-nhXkq+qKpaa75YQB/W/cRozslTIFPdXeqj1y6emQeHk="; + hash = "sha256-Q94avvKjPdwdGt5ADo30cf2V4T7MCTubDHJxTtbG4xQ="; }; - patches = [ - # https://www.mozilla.org/en-US/security/advisories/mfsa2023-13/#MFSA-TMP-2023-0001 - (fetchpatch { - url = "https://github.com/webmproject/libwebp/commit/a486d800b60d0af4cc0836bf7ed8f21e12974129.patch"; - name = "fix-msfa-tmp-2023-0001.patch"; - hash = "sha256-TRKXpNkYVzftBw09mX+WeQRhRoOzBgXFTNZBzSdCKvc="; - }) - ]; - configureFlags = [ (lib.enableFeature threadingSupport "threading") (lib.enableFeature openglSupport "gl") diff --git a/pkgs/development/libraries/libxcrypt/default.nix b/pkgs/development/libraries/libxcrypt/default.nix index 60e8168f7fd4b..e45e36b0b5fbc 100644 --- a/pkgs/development/libraries/libxcrypt/default.nix +++ b/pkgs/development/libraries/libxcrypt/default.nix @@ -24,7 +24,7 @@ stdenv.mkDerivation (finalAttrs: { "--enable-hashes=${enableHashes}" "--enable-obsolete-api=glibc" "--disable-failure-tokens" - ] ++ lib.optionals (stdenv.hostPlatform.isMusl || stdenv.hostPlatform.libc == "bionic") [ + # required for musl, android, march=native "--disable-werror" ]; diff --git a/pkgs/development/libraries/linbox/default.nix b/pkgs/development/libraries/linbox/default.nix index 0f650e7474ff4..6367b93b1a213 100644 --- a/pkgs/development/libraries/linbox/default.nix +++ b/pkgs/development/libraries/linbox/default.nix @@ -52,6 +52,9 @@ stdenv.mkDerivation rec { "--enable-sage" ]; + # https://github.com/linbox-team/linbox/issues/304 + hardeningDisable = [ "fortify3" ]; + doCheck = true; enableParallelBuilding = true; diff --git a/pkgs/development/libraries/mesa/default.nix b/pkgs/development/libraries/mesa/default.nix index 1bc0e1d566982..75649eabaede7 100644 --- a/pkgs/development/libraries/mesa/default.nix +++ b/pkgs/development/libraries/mesa/default.nix @@ -30,6 +30,7 @@ ] ++ lib.optionals stdenv.hostPlatform.isx86 [ "iris" # new Intel, could work on non-x86 with PCIe cards, but doesn't build as of 22.3.4 "crocus" # Intel legacy, x86 only + "i915" # Intel extra legacy, x86 only ] else [ "auto" ] , vulkanDrivers ? diff --git a/pkgs/development/libraries/nss/85_security_load_3.77+.patch b/pkgs/development/libraries/nss/85_security_load_3.77+.patch deleted file mode 100644 index bae86c9d26ade..0000000000000 --- a/pkgs/development/libraries/nss/85_security_load_3.77+.patch +++ /dev/null @@ -1,76 +0,0 @@ -diff --git nss/cmd/shlibsign/shlibsign.c nss/cmd/shlibsign/shlibsign.c -index ad8f3b84e..74676d039 100644 ---- nss/cmd/shlibsign/shlibsign.c -+++ nss/cmd/shlibsign/shlibsign.c -@@ -875,6 +875,8 @@ main(int argc, char **argv) - goto cleanup; - } - lib = PR_LoadLibrary(libname); -+ if (!lib) -+ lib = PR_LoadLibrary(NIX_NSS_LIBDIR"libsoftokn3.so"); - assert(lib != NULL); - if (!lib) { - PR_fprintf(PR_STDERR, "loading softokn3 failed"); -diff --git nss/lib/pk11wrap/pk11load.c nss/lib/pk11wrap/pk11load.c -index 119c8c512..720d39ccc 100644 ---- nss/lib/pk11wrap/pk11load.c -+++ nss/lib/pk11wrap/pk11load.c -@@ -486,6 +486,15 @@ secmod_LoadPKCS11Module(SECMODModule *mod, SECMODModule **oldModule) - #else - library = PR_LoadLibrary(mod->dllName); - #endif // defined(_WIN32) -+#ifndef NSS_STATIC_SOFTOKEN -+ if ((library == NULL) && -+ !rindex(mod->dllName, PR_GetDirectorySeparator())) { -+ library = PORT_LoadLibraryFromOrigin(my_shlib_name, -+ (PRFuncPtr) &softoken_LoadDSO, -+ mod->dllName); -+ } -+#endif -+ - mod->library = (void *)library; - - if (library == NULL) { -diff --git nss/lib/util/secload.c nss/lib/util/secload.c -index 12efd2f75..8b74478f6 100644 ---- nss/lib/util/secload.c -+++ nss/lib/util/secload.c -@@ -70,9 +70,14 @@ loader_LoadLibInReferenceDir(const char* referencePath, const char* name) - - /* Remove the trailing filename from referencePath and add the new one */ - c = strrchr(referencePath, PR_GetDirectorySeparator()); -+ if (!c) { /* referencePath doesn't contain a / means that dladdr gave us argv[0] -+ * and program was called from $PATH. Hack to get libs from NIX_NSS_LIBDIR */ -+ referencePath = NIX_NSS_LIBDIR; -+ c = (char*) &referencePath[sizeof(NIX_NSS_LIBDIR) - 1]; /* last / */ -+ } - if (c) { - size_t referencePathSize = 1 + c - referencePath; -- fullName = (char*)PORT_Alloc(strlen(name) + referencePathSize + 1); -+ fullName = (char*) PORT_Alloc(strlen(name) + referencePathSize + 5); - if (fullName) { - memcpy(fullName, referencePath, referencePathSize); - strcpy(fullName + referencePathSize, name); -@@ -82,6 +87,11 @@ loader_LoadLibInReferenceDir(const char* referencePath, const char* name) - #endif - libSpec.type = PR_LibSpec_Pathname; - libSpec.value.pathname = fullName; -+ if ((referencePathSize >= 4) && -+ (strncmp(fullName + referencePathSize - 4, "bin", 3) == 0)) { -+ memcpy(fullName + referencePathSize -4, "lib", 3); -+ } -+ strcpy(fullName + referencePathSize, name); - dlh = PR_LoadLibraryWithFlags(libSpec, PR_LD_NOW | PR_LD_LOCAL - #ifdef PR_LD_ALT_SEARCH_PATH - /* allow library's dependencies to be found in the same directory -@@ -89,6 +99,10 @@ loader_LoadLibInReferenceDir(const char* referencePath, const char* name) - | PR_LD_ALT_SEARCH_PATH - #endif - ); -+ if (! dlh) { -+ strcpy(fullName + referencePathSize, name); -+ dlh = PR_LoadLibraryWithFlags(libSpec, PR_LD_NOW | PR_LD_LOCAL); -+ } - PORT_Free(fullName); - } - } diff --git a/pkgs/development/libraries/nss/esr.nix b/pkgs/development/libraries/nss/esr.nix index d9103f75399af..fe3cc87192af6 100644 --- a/pkgs/development/libraries/nss/esr.nix +++ b/pkgs/development/libraries/nss/esr.nix @@ -1,4 +1,4 @@ import ./generic.nix { - version = "3.79.4"; - hash = "sha256-Skcdv6Wzo7fsB4U8b8CijNBmn2mEEp4k9VQeLOFdcdU="; + version = "3.90"; + hash = "sha256-ms1lNMQdjq0Z/Kb8s//+0vnwnEN8PXn+5qTuZoqqk7Y="; } diff --git a/pkgs/development/libraries/nss/gcc-13-esr.patch b/pkgs/development/libraries/nss/gcc-13-esr.patch deleted file mode 100644 index 547ee0bd37618..0000000000000 --- a/pkgs/development/libraries/nss/gcc-13-esr.patch +++ /dev/null @@ -1,44 +0,0 @@ -https://bugzilla.mozilla.org/show_bug.cgi?id=1771273 -https://hg.mozilla.org/projects/nss/raw-rev/21e7aaa1f7d94bca15d997e5b4c2329b32fad21a - -# HG changeset patch -# User Sergei Trofimovich <slyich@gmail.com> -# Date 1653552519 0 -# Node ID 21e7aaa1f7d94bca15d997e5b4c2329b32fad21a -# Parent ad1046e9eee5f5dc17dac7c9343e2f7f0da44b4e -Bug 1771273 - cpputil/databuffer.h: add missing <cstdint> include r=nss-reviewers,mt - -Without the change build fails on this week's gcc-13 snapshot as: - - ../../cpputil/databuffer.h:20:20: error: 'uint8_t' does not name a type - 20 | DataBuffer(const uint8_t* d, size_t l) : data_(nullptr), len_(0) { - | ^~~~~~~ - ../../cpputil/databuffer.h:14:1: note: 'uint8_t' is defined in header '<cstdint>'; did you forget to '#include <cstdint>'? - 13 | #include <iostream> - +++ |+#include <cstdint> - 14 | - -Differential Revision: https://phabricator.services.mozilla.com/D147404 - -diff --git a/cpputil/databuffer.h b/cpputil/databuffer.h ---- nss/cpputil/databuffer.h -+++ nss/cpputil/databuffer.h -@@ -6,16 +6,17 @@ - - #ifndef databuffer_h__ - #define databuffer_h__ - - #include <algorithm> - #include <cstring> - #include <iomanip> - #include <iostream> -+#include <cstdint> - - namespace nss_test { - - class DataBuffer { - public: - DataBuffer() : data_(nullptr), len_(0) {} - DataBuffer(const uint8_t* d, size_t l) : data_(nullptr), len_(0) { - Assign(d, l); - diff --git a/pkgs/development/libraries/nss/generic.nix b/pkgs/development/libraries/nss/generic.nix index 338efc3da9681..b4330796e52ce 100644 --- a/pkgs/development/libraries/nss/generic.nix +++ b/pkgs/development/libraries/nss/generic.nix @@ -42,18 +42,9 @@ stdenv.mkDerivation rec { patches = [ # Based on http://patch-tracker.debian.org/patch/series/dl/nss/2:3.15.4-1/85_security_load.patch - (if (lib.versionOlder version "3.84") then - ./85_security_load_3.77+.patch - else - ./85_security_load_3.85+.patch - ) + ./85_security_load_3.85+.patch ./fix-cross-compilation.patch - ] ++ lib.optionals (lib.versionOlder version "3.89") [ - # Backport gcc-13 build fix: - # https://bugzilla.mozilla.org/show_bug.cgi?id=1771273 - # https://hg.mozilla.org/projects/nss/raw-rev/21e7aaa1f7d94bca15d997e5b4c2329b32fad21a - ./gcc-13-esr.patch - ] ++ lib.optionals (lib.versionAtLeast version "3.90" && lib.versionOlder version "3.91") [ + ] ++ lib.optionals (lib.versionOlder version "3.91") [ # https://bugzilla.mozilla.org/show_bug.cgi?id=1836925 # https://phabricator.services.mozilla.com/D180068 ./remove-c25519-support.patch diff --git a/pkgs/development/libraries/openexr/default.nix b/pkgs/development/libraries/openexr/default.nix index 38e0fadd07389..048d91432b53f 100644 --- a/pkgs/development/libraries/openexr/default.nix +++ b/pkgs/development/libraries/openexr/default.nix @@ -48,7 +48,9 @@ stdenv.mkDerivation rec { done ''; - cmakeFlags = lib.optional stdenv.hostPlatform.isStatic "-DCMAKE_SKIP_RPATH=ON"; + cmakeFlags = [ + "-DCMAKE_CTEST_ARGUMENTS=--timeout;3600" + ] ++ lib.optional stdenv.hostPlatform.isStatic "-DCMAKE_SKIP_RPATH=ON"; nativeBuildInputs = [ cmake ]; propagatedBuildInputs = [ ilmbase zlib ]; diff --git a/pkgs/development/libraries/pipewire/default.nix b/pkgs/development/libraries/pipewire/default.nix index 2e60f72a40d51..3f58975cf3b42 100644 --- a/pkgs/development/libraries/pipewire/default.nix +++ b/pkgs/development/libraries/pipewire/default.nix @@ -66,6 +66,8 @@ , mysofaSupport ? true , libmysofa , tinycompress +, ffadoSupport ? stdenv.buildPlatform.canExecute stdenv.hostPlatform +, ffado }: let @@ -73,7 +75,7 @@ let self = stdenv.mkDerivation rec { pname = "pipewire"; - version = "0.3.71"; + version = "0.3.74"; outputs = [ "out" @@ -91,7 +93,7 @@ let owner = "pipewire"; repo = "pipewire"; rev = version; - sha256 = "sha256-NPYWl+WeI/z70gNHX1BAKslGFX634D7XrV04vuJgGOo="; + sha256 = "sha256-ZV66niKeR4PDaqUuVqiosY7LSDLmIjrDsmCZyQkR72Y="; }; patches = [ @@ -149,7 +151,8 @@ let ++ lib.optional raopSupport openssl ++ lib.optional rocSupport roc-toolkit ++ lib.optionals x11Support [ libcanberra xorg.libX11 xorg.libXfixes ] - ++ lib.optional mysofaSupport libmysofa; + ++ lib.optional mysofaSupport libmysofa + ++ lib.optional ffadoSupport ffado; # Valgrind binary is required for running one optional test. nativeCheckInputs = lib.optional withValgrind valgrind; @@ -163,6 +166,7 @@ let "-Dlibjack-path=${placeholder "jack"}/lib" "-Dlibv4l2-path=${placeholder "out"}/lib" "-Dlibcamera=${mesonEnableFeature libcameraSupport}" + "-Dlibffado=${mesonEnableFeature ffadoSupport}" "-Droc=${mesonEnableFeature rocSupport}" "-Dlibpulse=${mesonEnableFeature pulseTunnelSupport}" "-Davahi=${mesonEnableFeature zeroconfSupport}" @@ -221,6 +225,7 @@ let meta = with lib; { description = "Server and user space API to deal with multimedia pipelines"; + changelog = "https://gitlab.freedesktop.org/pipewire/pipewire/-/releases/${version}"; homepage = "https://pipewire.org/"; license = licenses.mit; platforms = platforms.linux; diff --git a/pkgs/development/libraries/s2n-tls/default.nix b/pkgs/development/libraries/s2n-tls/default.nix index be49af907cbf1..7655c4db254ce 100644 --- a/pkgs/development/libraries/s2n-tls/default.nix +++ b/pkgs/development/libraries/s2n-tls/default.nix @@ -8,13 +8,13 @@ stdenv.mkDerivation rec { pname = "s2n-tls"; - version = "1.3.45"; + version = "1.3.46"; src = fetchFromGitHub { owner = "aws"; repo = pname; rev = "v${version}"; - sha256 = "sha256-ZipZXCwat3H0NoUX9T6XB7/qMRvViB2QrYpgj0U41nU="; + sha256 = "sha256-X+ZwM53ensCeUoxNa8cBO4KcWxWbb7iKxIRysImvKxw="; }; nativeBuildInputs = [ cmake ]; diff --git a/pkgs/development/libraries/srt/default.nix b/pkgs/development/libraries/srt/default.nix index 97e55a03033a6..73bf5c25ae542 100644 --- a/pkgs/development/libraries/srt/default.nix +++ b/pkgs/development/libraries/srt/default.nix @@ -3,13 +3,13 @@ stdenv.mkDerivation rec { pname = "srt"; - version = "1.5.1"; + version = "1.5.2"; src = fetchFromGitHub { owner = "Haivision"; repo = "srt"; rev = "v${version}"; - sha256 = "sha256-qVvoHtROtJjrUd+YpjN/0I6KmiH7c24+pQ4xYTUGPXk="; + sha256 = "sha256-HW5l26k9w4F6IJrtiahU/8/CPY6M/cKn8AgESsntC6A="; }; nativeBuildInputs = [ cmake ]; diff --git a/pkgs/development/libraries/tpm2-tss/default.nix b/pkgs/development/libraries/tpm2-tss/default.nix index c611031a8007e..9d7cb73cc539c 100644 --- a/pkgs/development/libraries/tpm2-tss/default.nix +++ b/pkgs/development/libraries/tpm2-tss/default.nix @@ -1,8 +1,8 @@ -{ stdenv, lib, fetchFromGitHub +{ stdenv, lib, fetchFromGitHub, fetchurl , autoreconfHook, autoconf-archive, pkg-config, doxygen, perl , openssl, json_c, curl, libgcrypt , cmocka, uthash, ibm-sw-tpm2, iproute2, procps, which -, shadow +, shadow, libuuid }: let # Avoid a circular dependency on Linux systems (systemd depends on tpm2-tss, @@ -15,13 +15,13 @@ in stdenv.mkDerivation rec { pname = "tpm2-tss"; - version = "3.2.0"; + version = "4.0.1"; src = fetchFromGitHub { owner = "tpm2-software"; repo = pname; rev = version; - sha256 = "1jijxnvjcsgz5yw4i9fj7ycdnnz90r3l0zicpwinswrw47ac3yy5"; + sha256 = "sha256-75yiKVZrR1vcCwKp4tDO4A9JB0KDM0MXPJ1N85kAaRk="; }; outputs = [ "out" "man" "dev" ]; @@ -33,7 +33,7 @@ stdenv.mkDerivation rec { # cmocka is checked / used(?) in the configure script # when unit and/or integration testing is enabled - buildInputs = [ openssl json_c curl libgcrypt uthash ] + buildInputs = [ openssl json_c curl libgcrypt uthash libuuid ] # cmocka doesn't build with pkgsStatic, and we don't need it anyway # when tests are not run ++ lib.optionals (stdenv.buildPlatform == stdenv.hostPlatform) [ @@ -53,6 +53,11 @@ stdenv.mkDerivation rec { # Do not rely on dynamic loader path # TCTI loader relies on dlopen(), this patch prefixes all calls with the output directory ./no-dynamic-loader-path.patch + (fetchurl { + name = "skip-test-fapi-fix-provisioning-with template-if-no-certificate-available.patch"; + url = "https://github.com/tpm2-software/tpm2-tss/commit/218c0da8d9f675766b1de502a52e23a3aa52648e.patch"; + sha256 = "sha256-dnl9ZAknCdmvix2TdQvF0fHoYeWp+jfCTg8Uc7h0voA="; + }) ]; postPatch = '' @@ -61,8 +66,8 @@ stdenv.mkDerivation rec { --replace '@PREFIX@' $out/lib/ substituteInPlace ./test/unit/tctildr-dl.c \ --replace '@PREFIX@' $out/lib - substituteInPlace ./configure.ac \ - --replace 'm4_esyscmd_s([git describe --tags --always --dirty])' '${version}' + substituteInPlace ./bootstrap \ + --replace 'git describe --tags --always --dirty' 'echo "${version}"' ''; configureFlags = lib.optionals (stdenv.buildPlatform == stdenv.hostPlatform) [ diff --git a/pkgs/development/libraries/tpm2-tss/no-dynamic-loader-path.patch b/pkgs/development/libraries/tpm2-tss/no-dynamic-loader-path.patch index fc905885f5060..60f8c91bae852 100644 --- a/pkgs/development/libraries/tpm2-tss/no-dynamic-loader-path.patch +++ b/pkgs/development/libraries/tpm2-tss/no-dynamic-loader-path.patch @@ -1,8 +1,17 @@ diff --git a/src/tss2-tcti/tctildr-dl.c b/src/tss2-tcti/tctildr-dl.c -index b364695c..d026de71 100644 +index 622637dc..88fc3d8f 100644 --- a/src/tss2-tcti/tctildr-dl.c +++ b/src/tss2-tcti/tctildr-dl.c -@@ -116,6 +116,50 @@ handle_from_name(const char *file, +@@ -92,7 +92,7 @@ handle_from_name(const char *file, + LOG_DEBUG("Could not load TCTI file: \"%s\": %s", file, dlerror()); + } + +- len = snprintf(NULL, 0, TCTI_NAME_TEMPLATE_0, file); ++ len = snprintf(NULL, 0, "@PREFIX@" TCTI_NAME_TEMPLATE_0, file); + if (len >= PATH_MAX) { + LOG_ERROR("TCTI name truncated in transform."); + return TSS2_TCTI_RC_BAD_VALUE; +@@ -129,6 +129,50 @@ handle_from_name(const char *file, return TSS2_TCTI_RC_BAD_VALUE; } *handle = dlopen(file_xfrm, RTLD_NOW); @@ -12,10 +21,10 @@ index b364695c..d026de71 100644 + LOG_DEBUG("Failed to load TCTI for name \"%s\": %s", file, dlerror()); + } + size = snprintf(file_xfrm, -+ sizeof (file_xfrm), ++ len + 1, + "@PREFIX@%s", + file); -+ if (size >= sizeof (file_xfrm)) { ++ if (size >= len + 1) { + LOG_ERROR("TCTI name truncated in transform."); + return TSS2_TCTI_RC_BAD_VALUE; + } @@ -27,10 +36,10 @@ index b364695c..d026de71 100644 + } + /* 'name' alone didn't work, try libtss2-tcti-<name>.so.0 */ + size = snprintf(file_xfrm, -+ sizeof (file_xfrm), ++ len + 1, + "@PREFIX@" TCTI_NAME_TEMPLATE_0, + file); -+ if (size >= sizeof (file_xfrm)) { ++ if (size >= len + 1) { + LOG_ERROR("TCTI name truncated in transform."); + return TSS2_TCTI_RC_BAD_VALUE; + } @@ -42,22 +51,22 @@ index b364695c..d026de71 100644 + } + /* libtss2-tcti-<name>.so.0 didn't work, try libtss2-tcti-<name>.so */ + size = snprintf(file_xfrm, -+ sizeof (file_xfrm), ++ len + 1, + "@PREFIX@" TCTI_NAME_TEMPLATE, + file); -+ if (size >= sizeof (file_xfrm)) { ++ if (size >= len + 1) { + LOG_ERROR("TCTI name truncated in transform."); + return TSS2_TCTI_RC_BAD_VALUE; + } + *handle = dlopen(file_xfrm, RTLD_NOW); if (*handle == NULL) { LOG_DEBUG("Failed to load TCTI for name \"%s\": %s", file, dlerror()); - return TSS2_TCTI_RC_NOT_SUPPORTED; + SAFE_FREE(file_xfrm); diff --git a/test/unit/tctildr-dl.c b/test/unit/tctildr-dl.c -index 873a4531..c17b939e 100644 +index 4279baee..6685c811 100644 --- a/test/unit/tctildr-dl.c +++ b/test/unit/tctildr-dl.c -@@ -223,6 +223,18 @@ test_get_info_default_success (void **state) +@@ -229,6 +229,18 @@ test_get_info_default_success (void **state) expect_value(__wrap_dlopen, flags, RTLD_NOW); will_return(__wrap_dlopen, NULL); @@ -76,7 +85,7 @@ index 873a4531..c17b939e 100644 expect_string(__wrap_dlopen, filename, "libtss2-tcti-tabrmd.so.0"); expect_value(__wrap_dlopen, flags, RTLD_NOW); will_return(__wrap_dlopen, HANDLE); -@@ -255,6 +267,18 @@ test_get_info_default_info_fail (void **state) +@@ -261,6 +273,18 @@ test_get_info_default_info_fail (void **state) expect_value(__wrap_dlopen, flags, RTLD_NOW); will_return(__wrap_dlopen, NULL); @@ -95,7 +104,7 @@ index 873a4531..c17b939e 100644 expect_string(__wrap_dlopen, filename, "libtss2-tcti-tabrmd.so.0"); expect_value(__wrap_dlopen, flags, RTLD_NOW); will_return(__wrap_dlopen, HANDLE); -@@ -407,6 +431,15 @@ test_tcti_fail_all (void **state) +@@ -413,6 +437,15 @@ test_tcti_fail_all (void **state) expect_string(__wrap_dlopen, filename, "libtss2-tcti-libtss2-tcti-default.so.so"); expect_value(__wrap_dlopen, flags, RTLD_NOW); will_return(__wrap_dlopen, NULL); @@ -111,7 +120,7 @@ index 873a4531..c17b939e 100644 /* Skip over libtss2-tcti-tabrmd.so */ expect_string(__wrap_dlopen, filename, "libtss2-tcti-tabrmd.so.0"); -@@ -418,6 +451,15 @@ test_tcti_fail_all (void **state) +@@ -424,6 +457,15 @@ test_tcti_fail_all (void **state) expect_string(__wrap_dlopen, filename, "libtss2-tcti-libtss2-tcti-tabrmd.so.0.so"); expect_value(__wrap_dlopen, flags, RTLD_NOW); will_return(__wrap_dlopen, NULL); @@ -127,7 +136,7 @@ index 873a4531..c17b939e 100644 /* Skip over libtss2-tcti-device.so, /dev/tpmrm0 */ expect_string(__wrap_dlopen, filename, "libtss2-tcti-device.so.0"); -@@ -429,6 +471,15 @@ test_tcti_fail_all (void **state) +@@ -435,6 +477,15 @@ test_tcti_fail_all (void **state) expect_string(__wrap_dlopen, filename, "libtss2-tcti-libtss2-tcti-device.so.0.so"); expect_value(__wrap_dlopen, flags, RTLD_NOW); will_return(__wrap_dlopen, NULL); @@ -143,7 +152,7 @@ index 873a4531..c17b939e 100644 /* Skip over libtss2-tcti-device.so, /dev/tpm0 */ expect_string(__wrap_dlopen, filename, "libtss2-tcti-device.so.0"); -@@ -440,6 +491,15 @@ test_tcti_fail_all (void **state) +@@ -446,6 +497,15 @@ test_tcti_fail_all (void **state) expect_string(__wrap_dlopen, filename, "libtss2-tcti-libtss2-tcti-device.so.0.so"); expect_value(__wrap_dlopen, flags, RTLD_NOW); will_return(__wrap_dlopen, NULL); @@ -159,7 +168,7 @@ index 873a4531..c17b939e 100644 /* Skip over libtss2-tcti-swtpm.so */ expect_string(__wrap_dlopen, filename, "libtss2-tcti-swtpm.so.0"); -@@ -451,6 +511,15 @@ test_tcti_fail_all (void **state) +@@ -457,6 +517,15 @@ test_tcti_fail_all (void **state) expect_string(__wrap_dlopen, filename, "libtss2-tcti-libtss2-tcti-swtpm.so.0.so"); expect_value(__wrap_dlopen, flags, RTLD_NOW); will_return(__wrap_dlopen, NULL); @@ -175,7 +184,7 @@ index 873a4531..c17b939e 100644 /* Skip over libtss2-tcti-mssim.so */ expect_string(__wrap_dlopen, filename, "libtss2-tcti-mssim.so.0"); -@@ -462,6 +531,15 @@ test_tcti_fail_all (void **state) +@@ -468,6 +537,15 @@ test_tcti_fail_all (void **state) expect_string(__wrap_dlopen, filename, "libtss2-tcti-libtss2-tcti-mssim.so.0.so"); expect_value(__wrap_dlopen, flags, RTLD_NOW); will_return(__wrap_dlopen, NULL); @@ -191,7 +200,7 @@ index 873a4531..c17b939e 100644 TSS2_RC r; TSS2_TCTI_CONTEXT *tcti; -@@ -490,6 +568,15 @@ test_info_from_name_handle_fail (void **state) +@@ -496,6 +574,15 @@ test_info_from_name_handle_fail (void **state) expect_string(__wrap_dlopen, filename, "libtss2-tcti-foo.so"); expect_value(__wrap_dlopen, flags, RTLD_NOW); will_return(__wrap_dlopen, NULL); @@ -207,7 +216,7 @@ index 873a4531..c17b939e 100644 TSS2_RC rc = info_from_name ("foo", &info, &data); assert_int_equal (rc, TSS2_TCTI_RC_NOT_SUPPORTED); -@@ -606,6 +693,15 @@ test_tctildr_get_info_from_name (void **state) +@@ -612,6 +699,15 @@ test_tctildr_get_info_from_name (void **state) expect_string(__wrap_dlopen, filename, "libtss2-tcti-foo.so"); expect_value(__wrap_dlopen, flags, RTLD_NOW); will_return(__wrap_dlopen, NULL); diff --git a/pkgs/development/libraries/zimg/default.nix b/pkgs/development/libraries/zimg/default.nix index 60a20bf8a5dc0..dbd6c9582dd71 100644 --- a/pkgs/development/libraries/zimg/default.nix +++ b/pkgs/development/libraries/zimg/default.nix @@ -2,13 +2,13 @@ stdenv.mkDerivation rec { pname = "zimg"; - version = "3.0.4"; + version = "3.0.5"; src = fetchFromGitHub { owner = "sekrit-twc"; repo = "zimg"; rev = "release-${version}"; - sha256 = "1069x49l7kh1mqcq1h3f0m5j0h832jp5x230bh4c613ymgg5kn00"; + sha256 = "sha256-DCSqHCnOyIvKtIAfprb8tgtzLn67Ix6BWyeIliu0HO4="; }; outputs = [ "out" "dev" "doc" ]; diff --git a/pkgs/development/python-modules/asgiref/default.nix b/pkgs/development/python-modules/asgiref/default.nix index dca0cfff0e485..b9275db05d921 100644 --- a/pkgs/development/python-modules/asgiref/default.nix +++ b/pkgs/development/python-modules/asgiref/default.nix @@ -9,7 +9,7 @@ }: buildPythonPackage rec { - version = "3.6.0"; + version = "3.7.2"; pname = "asgiref"; format = "setuptools"; @@ -19,7 +19,7 @@ buildPythonPackage rec { owner = "django"; repo = "asgiref"; rev = "refs/tags/${version}"; - hash = "sha256-Kl4483rfuFKbnD7pBSTND1QAtBsZP6jKsrDlpVCZLDs="; + hash = "sha256-VW1PBh6+nLMD7qxmL83ymuxCPYKVY3qGKsB7ZiMqMu8="; }; propagatedBuildInputs = [ diff --git a/pkgs/development/python-modules/cryptography/default.nix b/pkgs/development/python-modules/cryptography/default.nix index 02a960ac48f4c..2ebcb9efffe2a 100644 --- a/pkgs/development/python-modules/cryptography/default.nix +++ b/pkgs/development/python-modules/cryptography/default.nix @@ -52,14 +52,14 @@ buildPythonPackage rec { cargoRoot = "src/rust"; - nativeBuildInputs = lib.optionals (!isPyPy) [ - cffi - pkg-config - ] ++ [ + nativeBuildInputs = [ rustPlatform.cargoSetupHook setuptools-rust cargo rustc + pkg-config + ] ++ lib.optionals (!isPyPy) [ + cffi ]; buildInputs = [ openssl ] diff --git a/pkgs/development/python-modules/django/3.nix b/pkgs/development/python-modules/django/3.nix index cd07c13358d50..9c8e13842422f 100644 --- a/pkgs/development/python-modules/django/3.nix +++ b/pkgs/development/python-modules/django/3.nix @@ -15,14 +15,14 @@ buildPythonPackage rec { pname = "django"; - version = "3.2.19"; + version = "3.2.20"; disabled = pythonOlder "3.7"; src = fetchPypi { pname = "Django"; inherit version; - hash = "sha256-AxNluuloFNoZwQcGIYxE3/O2VMxN4gqYvS0pub3kafA="; + hash = "sha256-3sKhFnh7jhSWIBS/eOEgu6RUE1EI4a+em5Gt57KWTEA="; }; patches = [ diff --git a/pkgs/development/python-modules/execnet/default.nix b/pkgs/development/python-modules/execnet/default.nix index a7ad4cf4ed5db..528e849290db9 100644 --- a/pkgs/development/python-modules/execnet/default.nix +++ b/pkgs/development/python-modules/execnet/default.nix @@ -27,13 +27,14 @@ buildPythonPackage rec { }) ]; - # remove vbox tests postPatch = '' - rm -v testing/test_termination.py - rm -v testing/test_channel.py - rm -v testing/test_xspec.py - rm -v testing/test_gateway.py - ${lib.optionalString isPyPy "rm -v testing/test_multi.py"} + # remove vbox tests + rm testing/test_termination.py + rm testing/test_channel.py + rm testing/test_xspec.py + rm testing/test_gateway.py + '' + lib.optionalString isPyPy '' + rm testing/test_multi.py ''; nativeBuildInputs = [ @@ -44,8 +45,11 @@ buildPythonPackage rec { apipkg ]; + # sometimes crashes with: OSError: [Errno 9] Bad file descriptor + doCheck = !isPyPy; + nativeCheckInputs = [ - py + py # no longer required with 1.10.0 pytestCheckHook ]; @@ -62,5 +66,4 @@ buildPythonPackage rec { license = licenses.mit; maintainers = with maintainers; [ ]; }; - } diff --git a/pkgs/development/python-modules/matplotlib/default.nix b/pkgs/development/python-modules/matplotlib/default.nix index a61a1ae559cda..dbc8c1da31d42 100644 --- a/pkgs/development/python-modules/matplotlib/default.nix +++ b/pkgs/development/python-modules/matplotlib/default.nix @@ -10,6 +10,7 @@ # build-system , pkg-config , pybind11 +, setuptools , setuptools-scm # native libraries @@ -117,6 +118,7 @@ buildPythonPackage rec { nativeBuildInputs = [ pkg-config pybind11 + setuptools setuptools-scm numpy ]; diff --git a/pkgs/development/python-modules/sqlalchemy/default.nix b/pkgs/development/python-modules/sqlalchemy/default.nix index a65eec40d9ef2..9b15ae3ddf342 100644 --- a/pkgs/development/python-modules/sqlalchemy/default.nix +++ b/pkgs/development/python-modules/sqlalchemy/default.nix @@ -41,7 +41,7 @@ buildPythonPackage rec { pname = "SQLAlchemy"; - version = "2.0.15"; + version = "2.0.17"; format = "pyproject"; disabled = pythonOlder "3.7"; @@ -50,7 +50,7 @@ buildPythonPackage rec { owner = "sqlalchemy"; repo = "sqlalchemy"; rev = "refs/tags/rel_${lib.replaceStrings [ "." ] [ "_" ] version}"; - hash = "sha256-05GhFearTA9At8MgmEfeXfbS3MAZ0Rmx8jER18q7fmI="; + hash = "sha256-thwPqyxhojyHZpo7LK6nl69Z1B1Z6+WR1dAdlVrgiaY="; }; nativeBuildInputs =[ @@ -113,6 +113,9 @@ buildPythonPackage rec { postgresql_psycopg = [ psycopg ]; + postgresql_psycopgbinary = [ + psycopg + ]; pymysql = [ pymysql ]; diff --git a/pkgs/development/python-modules/torch/default.nix b/pkgs/development/python-modules/torch/default.nix index c61601808273a..5e0c56800073d 100644 --- a/pkgs/development/python-modules/torch/default.nix +++ b/pkgs/development/python-modules/torch/default.nix @@ -208,6 +208,9 @@ in buildPythonPackage rec { # Use pytorch's custom configurations dontUseCmakeConfigure = true; + # causes possible redefinition of _FORTIFY_SOURCE + hardeningDisable = [ "fortify3" ]; + BUILD_NAMEDTENSOR = setBool true; BUILD_DOCS = setBool buildDocs; diff --git a/pkgs/development/python-modules/zstd/default.nix b/pkgs/development/python-modules/zstd/default.nix index d528f423972cd..bc233a6555b7c 100644 --- a/pkgs/development/python-modules/zstd/default.nix +++ b/pkgs/development/python-modules/zstd/default.nix @@ -1,14 +1,19 @@ -{ lib, pkg-config, fetchPypi, buildPythonPackage +{ lib +, pkg-config +, fetchPypi +, buildPythonPackage , buildPackages -, zstd, pytest }: +, zstd +, pytest +}: buildPythonPackage rec { pname = "zstd"; - version = "1.5.4.0"; + version = "1.5.5.1"; src = fetchPypi { inherit pname version; - hash = "sha256-oNEd9wqXhSk0G1duaaTwsqI+dGaG4k+bkCYKM85JBC0="; + hash = "sha256-HvmAq/Dh4HKwKNLXbvlbR2YyZRyWIlzzC2Gcbu9iVnI="; }; postPatch = '' diff --git a/pkgs/development/ruby-modules/bundler/default.nix b/pkgs/development/ruby-modules/bundler/default.nix index 39f54636c3989..bcfd2ff6c49d5 100644 --- a/pkgs/development/ruby-modules/bundler/default.nix +++ b/pkgs/development/ruby-modules/bundler/default.nix @@ -4,8 +4,8 @@ buildRubyGem rec { inherit ruby; name = "${gemName}-${version}"; gemName = "bundler"; - version = "2.4.14"; - source.sha256 = "sha256-lIJKzVEK30D43O5q0YwJ+FcSyJxGij2uWlxH+mlIfHI="; + version = "2.4.16"; + source.sha256 = "sha256-FjRuBn1YnZUgCoDzPFEbMLii6JASiFJbLTKS4hdenWk="; dontPatchShebangs = true; postFixup = '' diff --git a/pkgs/development/tools/jq/default.nix b/pkgs/development/tools/jq/default.nix index 6b41cc9862b9b..9c3d3c09ea5f7 100644 --- a/pkgs/development/tools/jq/default.nix +++ b/pkgs/development/tools/jq/default.nix @@ -2,6 +2,7 @@ , stdenv , fetchurl , autoreconfHook +, bison , onigurumaSupport ? true , oniguruma }: @@ -38,7 +39,16 @@ stdenv.mkDerivation rec { ''; buildInputs = lib.optionals onigurumaSupport [ oniguruma ]; - nativeBuildInputs = [ autoreconfHook ]; + nativeBuildInputs = [ autoreconfHook bison ]; + + # Darwin requires _REENTRANT be defined to use functions like `lgamma_r`. + # Otherwise, configure will detect that they’re in libm, but the build will fail + # with clang 16+ due to calls to undeclared functions. + # This is fixed upstream and can be removed once jq is updated (to 1.7 or an unstable release). + env.NIX_CFLAGS_COMPILE = lib.optionalString stdenv.isDarwin (toString [ + "-D_REENTRANT=1" + "-D_DARWIN_C_SOURCE=1" + ]); configureFlags = [ "--bindir=\${bin}/bin" diff --git a/pkgs/development/tools/rust/bindgen/unwrapped.nix b/pkgs/development/tools/rust/bindgen/unwrapped.nix index 95c220e2d4d93..a6aeb98546970 100644 --- a/pkgs/development/tools/rust/bindgen/unwrapped.nix +++ b/pkgs/development/tools/rust/bindgen/unwrapped.nix @@ -7,15 +7,15 @@ let rustfmt-nightly = rustfmt.override { asNightly = true; }; in rustPlatform.buildRustPackage rec { pname = "rust-bindgen-unwrapped"; - version = "0.66.0"; + version = "0.66.1"; src = fetchCrate { pname = "bindgen-cli"; inherit version; - sha256 = "sha256-Or5gaYXqfRcxAzBf4nOjmM9CQMvfwb8KbpD8hDJJQ4o="; + sha256 = "sha256-xVTVC3dNGIJeFm/v3swekzuJ2RQOe+wSh05vuWYTDRs="; }; - cargoHash = "sha256-rsowGeBSuqHyz90qozeCi5dXsH4EHKhIUQbDaNJKabI="; + cargoHash = "sha256-eIvl0RSKErNPip0r6iz7JVHm5YvuY3ke/6aMgkryRcI="; buildInputs = [ clang.cc.lib ]; diff --git a/pkgs/misc/beep/default.nix b/pkgs/misc/beep/default.nix index fe04d28aa9de0..31fbb82cc3573 100644 --- a/pkgs/misc/beep/default.nix +++ b/pkgs/misc/beep/default.nix @@ -16,6 +16,9 @@ stdenv.mkDerivation rec { makeFlags = [ "prefix=${placeholder "out"}"]; + # causes redefinition of _FORTIFY_SOURCE + hardeningDisable = [ "fortify3" ]; + meta = with lib; { description = "The advanced PC speaker beeper"; homepage = "https://github.com/spkr-beep/beep"; diff --git a/pkgs/misc/cups/default.nix b/pkgs/misc/cups/default.nix index 7c809f0c964ce..99d56af97c3d0 100644 --- a/pkgs/misc/cups/default.nix +++ b/pkgs/misc/cups/default.nix @@ -23,11 +23,11 @@ stdenv.mkDerivation rec { pname = "cups"; - version = "2.4.5"; + version = "2.4.6"; src = fetchurl { url = "https://github.com/OpenPrinting/cups/releases/download/v${version}/cups-${version}-source.tar.gz"; - sha256 = "sha256-mkBN5V90UlsKaFHfDP3r+hIVrsDnwve+a5sJtpFvsAA="; + sha256 = "sha256-WOlwzxlV4cyH0IR8MlJtnCzO4zXl8OOIKygxOLoOcmI="; }; outputs = [ "out" "lib" "dev" "man" ]; diff --git a/pkgs/misc/ghostscript/default.nix b/pkgs/misc/ghostscript/default.nix index ad1f3e8e1e44a..e37797d499cbe 100644 --- a/pkgs/misc/ghostscript/default.nix +++ b/pkgs/misc/ghostscript/default.nix @@ -141,6 +141,7 @@ stdenv.mkDerivation rec { dylib_version = lib.versions.majorMinor version; preFixup = lib.optionalString stdenv.isDarwin '' install_name_tool -change libgs.dylib.$dylib_version $out/lib/libgs.dylib.$dylib_version $out/bin/gs + install_name_tool -change libgs.dylib.$dylib_version $out/lib/libgs.dylib.$dylib_version $out/bin/gsx ''; # validate dynamic linkage @@ -149,6 +150,7 @@ stdenv.mkDerivation rec { runHook preInstallCheck $out/bin/gs --version + $out/bin/gsx --version pushd examples for f in *.{ps,eps,pdf}; do echo "Rendering $f" diff --git a/pkgs/os-specific/darwin/apple-source-releases/configd/default.nix b/pkgs/os-specific/darwin/apple-source-releases/configd/default.nix index d17db5a345a89..38b13f784a328 100644 --- a/pkgs/os-specific/darwin/apple-source-releases/configd/default.nix +++ b/pkgs/os-specific/darwin/apple-source-releases/configd/default.nix @@ -13,6 +13,7 @@ appleDerivation' stdenv { NIX_CFLAGS_COMPILE = toString [ "-ISystemConfiguration.framework/Headers" "-I${xnu}/Library/Frameworks/System.framework/Versions/B/PrivateHeaders" + "-D_DNS_SD_LIBDISPATCH" # Needed for DNSServiceSetDispatchQueue to be available ]; }; diff --git a/pkgs/os-specific/darwin/cctools/darwin-no-memstream.patch b/pkgs/os-specific/darwin/cctools/darwin-memstream.patch index bb8a4ad68f3b2..3e0d0a43ba8d0 100644 --- a/pkgs/os-specific/darwin/cctools/darwin-no-memstream.patch +++ b/pkgs/os-specific/darwin/cctools/darwin-memstream.patch @@ -1,7 +1,3 @@ -MacOS SDKs before 10.13 don't support open_memstream. This is already replaced -by a runtime check in cctools-port, but because we build with SDK 10.12 by -default, linking still fails for us. Disable it entirely here. - --- a/cctools/include/stuff/diagnostics.h +++ b/cctools/include/stuff/diagnostics.h @@ -60,13 +60,6 @@ void diagnostics_log_msg(enum diagnostic_level level, const char* message); @@ -16,6 +12,6 @@ default, linking still fails for us. Disable it entirely here. -#ifndef HAVE_OPENMEMSTREAM_RUNTIME -# define HAVE_OPENMEMSTREAM_RUNTIME 1 -#endif -+#define HAVE_OPENMEMSTREAM_RUNTIME 0 ++#define HAVE_OPENMEMSTREAM_RUNTIME 1 #endif /* diagnostics_h */ diff --git a/pkgs/os-specific/darwin/cctools/llvm.nix b/pkgs/os-specific/darwin/cctools/llvm.nix index 290ded7920c1b..f2986bf872f76 100644 --- a/pkgs/os-specific/darwin/cctools/llvm.nix +++ b/pkgs/os-specific/darwin/cctools/llvm.nix @@ -1,9 +1,11 @@ # Create a cctools-compatible bintools that uses equivalent tools from LLVM in place of the ones # from cctools when possible. -{ lib, stdenv, makeWrapper, cctools-port, llvmPackages, enableManpages ? true }: +{ lib, stdenv, makeWrapper, cctools-port, llvmPackages, enableManpages ? stdenv.targetPlatform == stdenv.hostPlatform }: let + inherit (stdenv) targetPlatform hostPlatform; + cctoolsVersion = lib.getVersion cctools-port; llvmVersion = llvmPackages.release_version; @@ -18,6 +20,10 @@ let # not appear to have issues, but the source is not available yet (as of June 2023). useLLVMStrip = lib.versionAtLeast llvmVersion "15" || lib.versionAtLeast cctoolsVersion "1005.2"; + # Clang 11 performs an optimization on x86_64 that is sensitive to the presence of debug info. + # This causes GCC to fail to bootstrap due to object file differences between stages 2 and 3. + useClangAssembler = lib.versionAtLeast llvmVersion "12" || !stdenv.isx86_64; + llvm_bins = [ "dwarfdump" "nm" @@ -50,9 +56,10 @@ let ] ++ lib.optional (!useLLVMBitcodeStrip) "bitcode_strip" ++ lib.optional (!useLLVMOtool) "otool" - ++ lib.optional (!useLLVMStrip) "strip"; + ++ lib.optional (!useLLVMStrip) "strip" + ++ lib.optional (!useClangAssembler) "as"; - inherit (stdenv.cc) targetPrefix; + targetPrefix = lib.optionalString (targetPlatform != hostPlatform) "${targetPlatform.config}-"; linkManPages = pkg: source: target: lib.optionalString enableManpages '' sourcePath=${pkg}/share/man/man1/${source}.1.gz @@ -77,11 +84,13 @@ stdenv.mkDerivation { mkdir -p "$out/bin" "$man" ln -s ${lib.getDev cctools-port} "$dev" + '' + lib.optionalString useClangAssembler '' # Use the clang-integrated assembler instead of using `as` from cctools. makeWrapper "${lib.getBin llvmPackages.clang-unwrapped}/bin/clang" "$out/bin/${targetPrefix}as" \ --add-flags "-x assembler -integrated-as -c" - ln -s "${lib.getBin llvmPackages.bintools-unwrapped}/bin/llvm-ar" "$out/bin/${targetPrefix}ar" + '' + '' + ln -s "${lib.getBin llvmPackages.bintools-unwrapped}/bin/${targetPrefix}llvm-ar" "$out/bin/${targetPrefix}ar" ${linkManPages llvmPackages.llvm-manpages "llvm-ar" "ar"} for tool in ${toString llvm_bins}; do diff --git a/pkgs/os-specific/darwin/cctools/port.nix b/pkgs/os-specific/darwin/cctools/port.nix index 4d8079977513a..c9b11ee20155e 100644 --- a/pkgs/os-specific/darwin/cctools/port.nix +++ b/pkgs/os-specific/darwin/cctools/port.nix @@ -1,4 +1,4 @@ -{ lib, stdenv, fetchFromGitHub, autoconf, automake, libtool, autoreconfHook +{ lib, stdenv, fetchFromGitHub, autoconf, automake, libtool, autoreconfHook, memstreamHook , installShellFiles , libuuid , libobjc ? null, maloader ? null @@ -35,7 +35,8 @@ stdenv.mkDerivation { outputs = [ "out" "dev" "man" ]; - nativeBuildInputs = [ autoconf automake libtool autoreconfHook installShellFiles ]; + nativeBuildInputs = [ autoconf automake libtool autoreconfHook installShellFiles ] + ++ lib.optionals (stdenv.isDarwin && stdenv.isx86_64) [ memstreamHook ]; buildInputs = [ libuuid ] ++ lib.optionals stdenv.isDarwin [ libobjc ] ++ lib.optional enableTapiSupport libtapi; @@ -51,8 +52,9 @@ stdenv.mkDerivation { url = "https://github.com/MercuryTechnologies/cctools-port/commit/025899b7b3593dedb0c681e689e57c0e7bbd9b80.patch"; hash = "sha256-SWVUzFaJHH2fu9y8RcU3Nx/QKx60hPE5zFx0odYDeQs="; }) - ] - ++ lib.optional stdenv.isDarwin ./darwin-no-memstream.patch; + # Always use `open_memstream`. This is provided by memstream via hook on x86_64-darwin. + ./darwin-memstream.patch + ]; __propagatedImpureHostDeps = [ # As far as I can tell, otool from cctools is the only thing that depends on these two, and we should fix them diff --git a/pkgs/os-specific/darwin/swift-corelibs/0002-Add-missing-launchd-header.patch b/pkgs/os-specific/darwin/swift-corelibs/0002-Add-missing-launchd-header.patch new file mode 100644 index 0000000000000..b1187c56587e0 --- /dev/null +++ b/pkgs/os-specific/darwin/swift-corelibs/0002-Add-missing-launchd-header.patch @@ -0,0 +1,11 @@ +--- a/CoreFoundation/RunLoop.subproj/CFMessagePort.c 1969-12-31 19:00:01.000000000 -0500 ++++ b/CoreFoundation/RunLoop.subproj/CFMessagePort.c 2023-06-09 20:25:28.599209755 -0400 +@@ -28,6 +28,8 @@ + #endif + #endif + ++#include <bootstrap.h> ++ + extern pid_t getpid(void); + + #define __kCFMessagePortMaxNameLengthMax 255 diff --git a/pkgs/os-specific/darwin/swift-corelibs/0003-Fix-incompatible-pointer-conversion.patch b/pkgs/os-specific/darwin/swift-corelibs/0003-Fix-incompatible-pointer-conversion.patch new file mode 100644 index 0000000000000..910b622ed3ce2 --- /dev/null +++ b/pkgs/os-specific/darwin/swift-corelibs/0003-Fix-incompatible-pointer-conversion.patch @@ -0,0 +1,25 @@ +diff -u a/CoreFoundation/URL.subproj/CFURLComponents.c b/CoreFoundation/URL.subproj/CFURLComponents.c +--- a/CoreFoundation/URL.subproj/CFURLComponents.c 1969-12-31 19:00:01.000000000 -0500 ++++ b/CoreFoundation/URL.subproj/CFURLComponents.c 2023-06-09 20:36:52.995514573 -0400 +@@ -66,7 +66,8 @@ + return CFRetain(CFSTR("A really nice CFURLComponents object")); + } + +-CF_CROSS_PLATFORM_EXPORT void __CFURLComponentsDeallocate(CFURLComponentsRef instance) { ++CF_CROSS_PLATFORM_EXPORT void __CFURLComponentsDeallocate(CFTypeRef cf) { ++ CFURLComponentsRef instance = (CFURLComponentsRef)cf; + __CFGenericValidateType(instance, _CFURLComponentsGetTypeID()); + + if (instance->_urlString) CFRelease(instance->_urlString); +diff -u a/CoreFoundation/URL.subproj/CFURLComponents.h b/CoreFoundation/URL.subproj/CFURLComponents.h +--- a/CoreFoundation/URL.subproj/CFURLComponents.h 1969-12-31 19:00:01.000000000 -0500 ++++ b/CoreFoundation/URL.subproj/CFURLComponents.h 2023-06-09 20:39:36.967857713 -0400 +@@ -38,7 +38,7 @@ + + CF_EXPORT CFTypeID _CFURLComponentsGetTypeID(void); + +-CF_CROSS_PLATFORM_EXPORT void __CFURLComponentsDeallocate(CFURLComponentsRef); ++CF_CROSS_PLATFORM_EXPORT void __CFURLComponentsDeallocate(CFTypeRef); + + // URLComponents are always mutable. + CF_EXPORT _Nullable CFURLComponentsRef _CFURLComponentsCreate(CFAllocatorRef alloc); diff --git a/pkgs/os-specific/darwin/swift-corelibs/0004-Fix-Darwin-cmake-build.patch b/pkgs/os-specific/darwin/swift-corelibs/0004-Fix-Darwin-cmake-build.patch new file mode 100644 index 0000000000000..afffa1abc8e02 --- /dev/null +++ b/pkgs/os-specific/darwin/swift-corelibs/0004-Fix-Darwin-cmake-build.patch @@ -0,0 +1,66 @@ +--- a/CoreFoundation/CMakeLists.txt 1969-12-31 19:00:01.000000000 -0500 ++++ b/CoreFoundation/CMakeLists.txt 2023-06-29 18:52:49.096019700 -0400 +@@ -129,7 +129,7 @@ + Base.subproj/CFByteOrder.h + Base.subproj/CFUUID.h + Base.subproj/CFUtilities.h +- Base.subproj/SwiftRuntime/CoreFoundation.h ++ Base.subproj/CoreFoundation.h # The SwiftRuntime version of this file causes linker errors and is not correct for standalone CF. + Base.subproj/SwiftRuntime/TargetConditionals.h + # Collections + Collections.subproj/CFArray.h +@@ -245,6 +245,8 @@ + # RunLoop + RunLoop.subproj/CFRunLoop.c + RunLoop.subproj/CFSocket.c ++ RunLoop.subproj/CFMachPort.c # These files are missing from the upstream `CMakeLists.txt` but required to build on Darwin. ++ RunLoop.subproj/CFMessagePort.c + # Stream + Stream.subproj/CFConcreteStreams.c + Stream.subproj/CFSocketStream.c +@@ -336,6 +338,11 @@ + target_include_directories(CoreFoundation + PRIVATE + ${CURL_INCLUDE_DIRS}) ++elseif(CMAKE_SYSTEM_NAME STREQUAL Darwin) ++ find_package(CURL REQUIRED) ++ target_include_directories(CoreFoundation PRIVATE ${CURL_INCLUDE_DIRS}) ++ find_package(LibXml2 REQUIRED) ++ target_include_directories(CoreFoundation PRIVATE ${LIBXML2_INCLUDE_DIR}) + else() + target_include_directories(CoreFoundation + PRIVATE +@@ -365,6 +372,10 @@ + PRIVATE + ${CURL_LIBRARIES} + ${LIBXML2_LIBRARIES}) ++elseif(CMAKE_SYSTEM_NAME STREQUAL Darwin) ++ target_link_libraries(CoreFoundation PRIVATE ++ ${CURL_LIBRARIES} ++ ${LIBXML2_LIBRARIES}) + else() + target_link_libraries(CoreFoundation + PRIVATE +@@ -398,9 +400,19 @@ + target_link_libraries(CoreFoundation + PRIVATE + icucore) +- set_target_properties(CoreFoundation +- PROPERTIES LINK_FLAGS +- -Xlinker;-alias_list;-Xlinker;Base.subproj/DarwinSymbolAliases;-twolevel_namespace;-sectcreate;__UNICODE;__csbitmaps;CharacterSets/CFCharacterSetBitmaps.bitmap;-sectcreate;__UNICODE;__properties;CharacterSets/CFUniCharPropertyDatabase.data;-sectcreate;__UNICODE;__data;CharacterSets/CFUnicodeData-L.mapping;-segprot;__UNICODE;r;r) ++ target_link_options(CoreFoundation ++ PUBLIC ++ "LINKER:-alias_list,../Base.subproj/DarwinSymbolAliases" ++ "LINKER:-twolevel_namespace" ++ "LINKER:-sectcreate,__UNICODE,__csbitmaps,../CharacterSets/CFCharacterSetBitmaps.bitmap" ++ "LINKER:-sectcreate,__UNICODE,__properties,../CharacterSets/CFUniCharPropertyDatabase.data" ++ "LINKER:-sectcreate,__UNICODE,__data,../CharacterSets/CFUnicodeData-L.mapping" ++ "LINKER:-segprot,__UNICODE,r,r" ++ "LINKER:-current_version,1454.90.0" ++ "LINKER:-compatibility_version,150.0.0" ++ "LINKER:-init,___CFInitialize") ++ set(CMAKE_SHARED_LIBRARY_PREFIX "") ++ set(CMAKE_SHARED_LIBRARY_SUFFIX "") + endif() + + install(TARGETS diff --git a/pkgs/os-specific/darwin/swift-corelibs/0005-Fix-framework-installation-path.patch b/pkgs/os-specific/darwin/swift-corelibs/0005-Fix-framework-installation-path.patch new file mode 100644 index 0000000000000..e771ab3c66f29 --- /dev/null +++ b/pkgs/os-specific/darwin/swift-corelibs/0005-Fix-framework-installation-path.patch @@ -0,0 +1,23 @@ +diff -u aa/CoreFoundation/CMakeLists.txt b/CoreFoundation/CMakeLists.txt +--- a/CoreFoundation/CMakeLists.txt 1969-12-31 19:00:01.000000000 -0500 ++++ b/CoreFoundation/CMakeLists.txt 2023-06-29 18:59:19.492601179 -0400 + +@@ -424,16 +424,11 @@ + set(CMAKE_SHARED_LIBRARY_SUFFIX "") + endif() + +-install(TARGETS +- CoreFoundation +- DESTINATION +- "${CMAKE_INSTALL_FULL_LIBDIR}") + install(DIRECTORY + ${CoreFoundation_FRAMEWORK_DIRECTORY} + DESTINATION +- ${CMAKE_INSTALL_PREFIX}/System/Library/Frameworks +- USE_SOURCE_PERMISSIONS +- PATTERN PrivateHeaders EXCLUDE) ++ ${CMAKE_INSTALL_PREFIX}/Library/Frameworks ++ USE_SOURCE_PERMISSIONS) + + + # TODO(compnerd) formalize this diff --git a/pkgs/os-specific/darwin/swift-corelibs/0006-System-CF-framework-compatibility.patch b/pkgs/os-specific/darwin/swift-corelibs/0006-System-CF-framework-compatibility.patch new file mode 100644 index 0000000000000..248cb5f600370 --- /dev/null +++ b/pkgs/os-specific/darwin/swift-corelibs/0006-System-CF-framework-compatibility.patch @@ -0,0 +1,84 @@ +diff -u a/CoreFoundation/CMakeLists.txt b/CoreFoundation/CMakeLists.txt +--- a/CoreFoundation/CMakeLists.txt 1969-12-31 19:00:01.000000000 -0500 ++++ b/CoreFoundation/CMakeLists.txt 2023-06-29 18:59:08.659632504 -0400 +@@ -1,5 +1,5 @@ + +-cmake_minimum_required(VERSION 3.4.3) ++cmake_minimum_required(VERSION 3.14) + list(APPEND CMAKE_MODULE_PATH + "${CMAKE_CURRENT_SOURCE_DIR}/cmake/modules") + +@@ -45,6 +45,8 @@ + ${FRAMEWORK_LIBRARY_TYPE} + FRAMEWORK_DIRECTORY + CoreFoundation_FRAMEWORK_DIRECTORY ++ VERSION ++ A + MODULE_MAP + Base.subproj/module.modulemap + PRIVATE_HEADERS +diff -u a/CoreFoundation/cmake/modules/CoreFoundationAddFramework.cmake b/CoreFoundation/cmake/modules/CoreFoundationAddFramework.cmake +--- a/CoreFoundation/cmake/modules/CoreFoundationAddFramework.cmake 1969-12-31 19:00:01.000000000 -0500 ++++ b/CoreFoundation/cmake/modules/CoreFoundationAddFramework.cmake 2023-06-29 18:57:55.792860996 -0400 +@@ -3,7 +3,7 @@ + + function(add_framework NAME) + set(options STATIC SHARED) +- set(single_value_args MODULE_MAP FRAMEWORK_DIRECTORY) ++ set(single_value_args MODULE_MAP FRAMEWORK_DIRECTORY VERSION) + set(multiple_value_args PRIVATE_HEADERS PUBLIC_HEADERS SOURCES) + cmake_parse_arguments(AF "${options}" "${single_value_args}" "${multiple_value_args}" ${ARGN}) + +@@ -14,26 +14,32 @@ + set(AF_TYPE SHARED) + endif() + ++ file(MAKE_DIRECTORY ${CMAKE_BINARY_DIR}/${NAME}.framework/Versions/${AF_VERSION}) ++ file(CREATE_LINK ${AF_VERSION} ${CMAKE_BINARY_DIR}/${NAME}.framework/Versions/Current SYMBOLIC) ++ + if(AF_MODULE_MAP) + file(COPY + ${AF_MODULE_MAP} + DESTINATION +- ${CMAKE_BINARY_DIR}/${NAME}.framework/Modules ++ ${CMAKE_BINARY_DIR}/${NAME}.framework/Versions/Current/Modules + NO_SOURCE_PERMISSIONS) ++ file(CREATE_LINK Versions/Current/Modules ${CMAKE_BINARY_DIR}/${NAME}.framework/Modules SYMBOLIC) + endif() + if(AF_PUBLIC_HEADERS) + file(COPY + ${AF_PUBLIC_HEADERS} + DESTINATION +- ${CMAKE_BINARY_DIR}/${NAME}.framework/Headers ++ ${CMAKE_BINARY_DIR}/${NAME}.framework/Versions/Current/Headers + NO_SOURCE_PERMISSIONS) ++ file(CREATE_LINK Versions/Current/Headers ${CMAKE_BINARY_DIR}/${NAME}.framework/Headers SYMBOLIC) + endif() + if(AF_PRIVATE_HEADERS) + file(COPY + ${AF_PRIVATE_HEADERS} + DESTINATION +- ${CMAKE_BINARY_DIR}/${NAME}.framework/PrivateHeaders ++ ${CMAKE_BINARY_DIR}/${NAME}.framework/Versions/Current/PrivateHeaders + NO_SOURCE_PERMISSIONS) ++ file(CREATE_LINK Versions/Current/PrivateHeaders ${CMAKE_BINARY_DIR}/${NAME}.framework/PrivateHeaders SYMBOLIC) + endif() + add_custom_target(${NAME}_POPULATE_HEADERS + DEPENDS +@@ -51,13 +57,15 @@ + set_target_properties(${NAME} + PROPERTIES + LIBRARY_OUTPUT_DIRECTORY +- ${CMAKE_BINARY_DIR}/${NAME}.framework) ++ ${CMAKE_BINARY_DIR}/${NAME}.framework/Versions/Current) + target_compile_options(${NAME} + PRIVATE + -F;${CMAKE_BINARY_DIR} + -I;${CMAKE_BINARY_DIR}/${NAME}.framework/PrivateHeaders) + add_dependencies(${NAME} ${NAME}_POPULATE_HEADERS) + ++ file(CREATE_LINK Versions/Current/${NAME} ${CMAKE_BINARY_DIR}/${NAME}.framework/${NAME} SYMBOLIC) ++ + if(AF_FRAMEWORK_DIRECTORY) + set(${AF_FRAMEWORK_DIRECTORY} ${CMAKE_BINARY_DIR}/${NAME}.framework PARENT_SCOPE) + endif() diff --git a/pkgs/os-specific/darwin/swift-corelibs/0007-Use-nixpkgs-icu.patch b/pkgs/os-specific/darwin/swift-corelibs/0007-Use-nixpkgs-icu.patch new file mode 100644 index 0000000000000..78fa517ce76d6 --- /dev/null +++ b/pkgs/os-specific/darwin/swift-corelibs/0007-Use-nixpkgs-icu.patch @@ -0,0 +1,31 @@ +diff -ur d/CoreFoundation/CMakeLists.txt e/CoreFoundation/CMakeLists.txt +--- d/CoreFoundation/CMakeLists.txt 1969-12-31 19:00:01.000000000 -0500 ++++ e/CoreFoundation/CMakeLists.txt 2023-06-29 19:13:15.561253229 -0400 +@@ -343,6 +343,7 @@ + elseif(CMAKE_SYSTEM_NAME STREQUAL Darwin) + find_package(CURL REQUIRED) + target_include_directories(CoreFoundation PRIVATE ${CURL_INCLUDE_DIRS}) ++ find_package(ICU COMPONENTS uc i18n data REQUIRED) + find_package(LibXml2 REQUIRED) + target_include_directories(CoreFoundation PRIVATE ${LIBXML2_INCLUDE_DIR}) + else() +@@ -377,6 +378,9 @@ + elseif(CMAKE_SYSTEM_NAME STREQUAL Darwin) + target_link_libraries(CoreFoundation PRIVATE + ${CURL_LIBRARIES} ++ ICU::uc ++ ICU::i18n ++ ICU::data + ${LIBXML2_LIBRARIES}) + else() + target_link_libraries(CoreFoundation +@@ -408,9 +412,6 @@ + PROPERTIES LINK_FLAGS + -Xlinker;@${CMAKE_SOURCE_DIR}/linux.ld;-Bsymbolic) + elseif(CMAKE_SYSTEM_NAME STREQUAL Darwin) +- target_link_libraries(CoreFoundation +- PRIVATE +- icucore) + target_link_options(CoreFoundation + PUBLIC + "LINKER:-alias_list,../Base.subproj/DarwinSymbolAliases" diff --git a/pkgs/os-specific/darwin/swift-corelibs/0008-Dont-link-libcurl.patch b/pkgs/os-specific/darwin/swift-corelibs/0008-Dont-link-libcurl.patch new file mode 100644 index 0000000000000..4207bf1a82f59 --- /dev/null +++ b/pkgs/os-specific/darwin/swift-corelibs/0008-Dont-link-libcurl.patch @@ -0,0 +1,46 @@ +diff -u a/CoreFoundation/CMakeLists.txt b/CoreFoundation/CMakeLists.txt +--- a/CoreFoundation/CMakeLists.txt 1969-12-31 19:00:01.000000000 -0500 ++++ b/CoreFoundation/CMakeLists.txt 2023-06-29 19:39:30.074449222 -0400 +@@ -104,7 +104,6 @@ + # URL + URL.subproj/CFURL.inc.h + URL.subproj/CFURLPriv.h +- URL.subproj/CFURLSessionInterface.h + PUBLIC_HEADERS + # FIXME: PrivateHeaders referenced by public headers + Base.subproj/CFKnownLocations.h +@@ -120,7 +119,6 @@ + String.subproj/CFRegularExpression.h + String.subproj/CFRunArray.h + URL.subproj/CFURLPriv.h +- URL.subproj/CFURLSessionInterface.h + + # AppServices + AppServices.subproj/CFNotificationCenter.h +@@ -280,8 +278,7 @@ + URL.subproj/CFURL.c + URL.subproj/CFURLAccess.c + URL.subproj/CFURLComponents.c +- URL.subproj/CFURLComponents_URIParser.c +- URL.subproj/CFURLSessionInterface.c) ++ URL.subproj/CFURLComponents_URIParser.c) + if(CMAKE_SYSTEM_NAME STREQUAL Linux OR CMAKE_SYSTEM_NAME STREQUAL Android) + target_compile_definitions(CoreFoundation + PRIVATE +@@ -341,8 +338,6 @@ + PRIVATE + ${CURL_INCLUDE_DIRS}) + elseif(CMAKE_SYSTEM_NAME STREQUAL Darwin) +- find_package(CURL REQUIRED) +- target_include_directories(CoreFoundation PRIVATE ${CURL_INCLUDE_DIRS}) + find_package(ICU COMPONENTS uc i18n data REQUIRED) + find_package(LibXml2 REQUIRED) + target_include_directories(CoreFoundation PRIVATE ${LIBXML2_INCLUDE_DIR}) +@@ -377,7 +372,6 @@ + ${LIBXML2_LIBRARIES}) + elseif(CMAKE_SYSTEM_NAME STREQUAL Darwin) + target_link_libraries(CoreFoundation PRIVATE +- ${CURL_LIBRARIES} + ICU::uc + ICU::i18n + ICU::data diff --git a/pkgs/os-specific/darwin/swift-corelibs/corefoundation.nix b/pkgs/os-specific/darwin/swift-corelibs/corefoundation.nix index 1e7aeb3689ea9..d77976773c66d 100644 --- a/pkgs/os-specific/darwin/swift-corelibs/corefoundation.nix +++ b/pkgs/os-specific/darwin/swift-corelibs/corefoundation.nix @@ -1,4 +1,4 @@ -{ lib, stdenv, fetchFromGitHub, fetchurl, makeSetupHook, ninja, python3, curl, libxml2, objc4, ICU }: +{ lib, stdenv, fetchFromGitHub, fetchurl, makeSetupHook, cmake, ninja, pkg-config, launchd, libdispatch, python3, libxml2, objc4, icu }: let # 10.12 adds a new sysdir.h that our version of CF in the main derivation depends on, but @@ -21,29 +21,39 @@ stdenv.mkDerivation { sha256 = "17kpql0f27xxz4jjw84vpas5f5sn4vdqwv10g151rc3rswbwln1z"; }; - nativeBuildInputs = [ ninja python3 ]; - buildInputs = [ curl libxml2 objc4 ICU ]; - - patches = [ ./0001-Add-missing-TARGET_OS_-defines.patch ]; + nativeBuildInputs = [ cmake ninja pkg-config python3 ]; + buildInputs = [ (lib.getDev launchd) libdispatch libxml2 objc4 icu ]; + + patches = [ + ./0001-Add-missing-TARGET_OS_-defines.patch + # CFMessagePort.h uses `bootstrap_check_in` without declaring it, which is defined in the launchd headers. + ./0002-Add-missing-launchd-header.patch + # CFURLComponents fails to build with clang 16 due to an invalid pointer conversion. This is fixed upstream. + ./0003-Fix-incompatible-pointer-conversion.patch + # Fix `CMakeLists.txt` to allow it to be used instead of `build.py` to build on Darwin. + ./0004-Fix-Darwin-cmake-build.patch + # Install CF framework in `$out/Library/Frameworks` instead of `$out/System/Frameworks`. + ./0005-Fix-framework-installation-path.patch + # Build a framework that matches the contents of the system CoreFoundation. This patch adds + # versioning and drops the prefix and suffix, so the dynamic library is named `CoreFoundation` + # instead of `libCoreFoundation.dylib`. + ./0006-System-CF-framework-compatibility.patch + # Link against the nixpkgs ICU instead of using Apple’s vendored version. + ./0007-Use-nixpkgs-icu.patch + # Don’t link against libcurl. This breaks a cycle between CF and curl, which depends on CF and + # uses the SystemConfiguration framework to support NAT64. + # This is safe because the symbols provided in CFURLSessionInterface are not provided by the + # system CoreFoundation. They are meant to be used by the implementation of `NSURLSession` in + # swift-corelibs-foundation, which is not built because it is not fully compatible with the + # system Foundation used on Darwin. + ./0008-Dont-link-libcurl.patch + ]; postPatch = '' cd CoreFoundation cp ${sysdir-free-system-directories} Base.subproj/CFSystemDirectories.c - # In order, since I can't comment individual lines: - # 1. Disable dispatch support for now - # 2. For the linker too - # 3. Use the legit CoreFoundation.h, not the one telling you not to use it because of Swift - substituteInPlace build.py \ - --replace "cf.CFLAGS += '-DDEPLOYMENT" '#' \ - --replace "cf.LDFLAGS += '-ldispatch" '#' - - # Fix sandbox impurities. - substituteInPlace ../lib/script.py \ - --replace '/bin/cp' cp - patchShebangs --build ../configure - # Includes xpc for some initialization routine that they don't define anyway, so no harm here substituteInPlace PlugIn.subproj/CFBundlePriv.h \ --replace '#if (TARGET_OS_MAC' '#if (0' @@ -55,55 +65,27 @@ stdenv.mkDerivation { # The MIN macro doesn't seem to be defined sensibly for us. Not sure if our stdenv or their bug substituteInPlace Base.subproj/CoreFoundation_Prefix.h \ --replace '#if DEPLOYMENT_TARGET_WINDOWS || DEPLOYMENT_TARGET_LINUX' '#if 1' - - # Somehow our ICU doesn't have this, probably because it's too old (we'll update it soon when we update the rest of the SDK) - substituteInPlace Locale.subproj/CFLocale.c \ - --replace '#if U_ICU_VERSION_MAJOR_NUM' '#if 0 //' ''; - BUILD_DIR = "./Build"; - CFLAGS = "-DINCLUDE_OBJC -I${libxml2.dev}/include/libxml2"; # They seem to assume we include objc in some places and not in others, make a PR; also not sure why but libxml2 include path isn't getting picked up from buildInputs + env.NIX_CFLAGS_COMPILE = toString [ + # Silence warnings regarding other targets + "-Wno-error=undef-prefix" + # Avoid redefinitions when including objc headers + "-DINCLUDE_OBJC=1" + ]; - # I'm guessing at the version here. https://github.com/apple/swift-corelibs-foundation/commit/df3ec55fe6c162d590a7653d89ad669c2b9716b1 imported "high sierra" - # and this version is a version from there. No idea how accurate it is. - LDFLAGS = "-current_version 1454.90.0 -compatibility_version 150.0.0 -init ___CFInitialize"; - - configurePhase = '' - ../configure release --sysroot UNUSED - ''; + cmakeFlags = [ + "-DBUILD_SHARED_LIBS=ON" + "-DCF_ENABLE_LIBDISPATCH=OFF" + ]; enableParallelBuilding = true; - buildPhase = '' - runHook preBuild + postInstall = '' + install_name_tool -id '@rpath/CoreFoundation.framework/Versions/A/CoreFoundation' \ + "$out/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation" - ninja -j $NIX_BUILD_CORES - - runHook postBuild + mkdir -p "$out/nix-support" + substituteAll ${./pure-corefoundation-hook.sh} "$out/nix-support/setup-hook" ''; - - # TODO: their build system sorta kinda can do this, but it doesn't seem to work right now - # Also, this includes a bunch of private headers in the framework, which is not what we want - installPhase = '' - base="$out/Library/Frameworks/CoreFoundation.framework" - mkdir -p $base/Versions/A/{Headers,PrivateHeaders,Modules} - - cp ./Build/CoreFoundation/libCoreFoundation.dylib $base/Versions/A/CoreFoundation - - # Note that this could easily live in the ldflags above as `-install_name @rpath/...` but - # https://github.com/NixOS/nixpkgs/issues/46434 thwarts that, so for now I'm hacking it up - # after the fact. - install_name_tool -id '@rpath/CoreFoundation.framework/Versions/A/CoreFoundation' $base/Versions/A/CoreFoundation - - cp ./Build/CoreFoundation/usr/include/CoreFoundation/*.h $base/Versions/A/Headers - cp ./Build/CoreFoundation/usr/include/CoreFoundation/module.modulemap $base/Versions/A/Modules - - ln -s A $base/Versions/Current - - for i in CoreFoundation Headers Modules; do - ln -s Versions/Current/$i $base/$i - done - ''; - - darwinEnvHook = makeSetupHook { name = "darwin-env-hook"; } ./pure-corefoundation-hook.sh; } diff --git a/pkgs/os-specific/linux/apparmor/default.nix b/pkgs/os-specific/linux/apparmor/default.nix index f579c00eb5c91..1a2aa29430556 100644 --- a/pkgs/os-specific/linux/apparmor/default.nix +++ b/pkgs/os-specific/linux/apparmor/default.nix @@ -22,13 +22,13 @@ }: let - apparmor-version = "3.1.5"; + apparmor-version = "3.1.6"; apparmor-meta = component: with lib; { homepage = "https://apparmor.net/"; description = "A mandatory access control system - ${component}"; - license = licenses.gpl2; - maintainers = with maintainers; [ julm thoughtpolice ]; + license = with licenses; [ gpl2Only lgpl21Only ]; + maintainers = with maintainers; [ julm thoughtpolice ajs124 ]; platforms = platforms.linux; }; @@ -36,7 +36,7 @@ let owner = "apparmor"; repo = "apparmor"; rev = "v${apparmor-version}"; - hash = "sha256-nqIRs2REbSQNKglEEjAO/YSZc6r2ks128sUNq61gRWE="; + hash = "sha256-VPgRmmQv+kgLduc6RTu9gotyjT6OImUXsPeatgG7m9E="; }; aa-teardown = writeShellScript "aa-teardown" '' diff --git a/pkgs/os-specific/linux/bluez/default.nix b/pkgs/os-specific/linux/bluez/default.nix index 303eb801478c4..acb484ba6b6a7 100644 --- a/pkgs/os-specific/linux/bluez/default.nix +++ b/pkgs/os-specific/linux/bluez/default.nix @@ -85,7 +85,6 @@ in stdenv.mkDerivation rec { "--enable-mesh" "--enable-midi" "--enable-nfc" - "--enable-sap" "--enable-sixaxis" "--enable-btpclient" "--enable-hid2hci" diff --git a/pkgs/os-specific/linux/iproute/default.nix b/pkgs/os-specific/linux/iproute/default.nix index 18b314067961b..83ff3fd4cc3b5 100644 --- a/pkgs/os-specific/linux/iproute/default.nix +++ b/pkgs/os-specific/linux/iproute/default.nix @@ -6,11 +6,11 @@ stdenv.mkDerivation rec { pname = "iproute2"; - version = "6.3.0"; + version = "6.4.0"; src = fetchurl { url = "mirror://kernel/linux/utils/net/${pname}/${pname}-${version}.tar.xz"; - sha256 = "sha256-37KpjbluemU8/8ZpMzWhpGbimjS2rFKL5I814dJ2ZzI="; + sha256 = "sha256-TFG43svH5NoVn/sGb1kM+5Pb+a9/+GsWR85Ct8F5onI="; }; patches = [ @@ -22,8 +22,8 @@ stdenv.mkDerivation rec { # fix build on musl. applied anywhere to prevent patchrot. (fetchpatch { - url = "https://git.alpinelinux.org/aports/plain/main/iproute2/min.patch?id=4b78dbe29d18151402052c56af43cc12d04b1a69"; - sha256 = "sha256-0ROZQAN3mUPPgggictr23jyA4JDG7m9vmBUhgRp4ExY="; + url = "https://git.alpinelinux.org/aports/plain/main/iproute2/include.patch?id=bd46efb8a8da54948639cebcfa5b37bd608f1069"; + sha256 = "sha256-NpNnSXQntuzzpjswE42yzo7nqmrQgI5YcHR2kp9NEwA="; }) ]; diff --git a/pkgs/os-specific/linux/kernel-headers/default.nix b/pkgs/os-specific/linux/kernel-headers/default.nix index 83ad463239a1e..b1c0d3ba50db6 100644 --- a/pkgs/os-specific/linux/kernel-headers/default.nix +++ b/pkgs/os-specific/linux/kernel-headers/default.nix @@ -111,12 +111,12 @@ let in { inherit makeLinuxHeaders; - linuxHeaders = let version = "6.3"; in + linuxHeaders = let version = "6.4"; in makeLinuxHeaders { inherit version; src = fetchurl { url = "mirror://kernel/linux/kernel/v${lib.versions.major version}.x/linux-${version}.tar.xz"; - hash = "sha256-ujSR9e1r0nCjcMRAQ049aQhfzdUoki+gHnPXZX23Ox4="; + hash = "sha256-j6BYjwws7KRMrHeg45ukjJ8AprncaXYcAqXT76yNp/M="; }; patches = [ ./no-relocs.patch # for building x86 kernel headers on non-ELF platforms diff --git a/pkgs/os-specific/linux/libevdevc/default.nix b/pkgs/os-specific/linux/libevdevc/default.nix index 4998ee3e6b57a..5e6b7cd47815a 100644 --- a/pkgs/os-specific/linux/libevdevc/default.nix +++ b/pkgs/os-specific/linux/libevdevc/default.nix @@ -19,6 +19,9 @@ stdenv.mkDerivation rec { makeFlags = [ "DESTDIR=$(out)" "LIBDIR=/lib" ]; + # causes redefinition of _FORTIFY_SOURCE + hardeningDisable = [ "fortify3" ]; + meta = with lib; { description = "ChromiumOS libevdev. Renamed to avoid conflicts with the standard libevdev found in Linux distros"; license = licenses.bsd3; diff --git a/pkgs/os-specific/linux/systemd/default.nix b/pkgs/os-specific/linux/systemd/default.nix index ab64c9f9c4837..53244a5a91472 100644 --- a/pkgs/os-specific/linux/systemd/default.nix +++ b/pkgs/os-specific/linux/systemd/default.nix @@ -515,9 +515,10 @@ stdenv.mkDerivation (finalAttrs: { "-Dsysvinit-path=" "-Dsysvrcnd-path=" - "-Dsulogin-path=${util-linux}/bin/sulogin" - "-Dmount-path=${util-linux}/bin/mount" - "-Dumount-path=${util-linux}/bin/umount" + "-Dsulogin-path=${util-linux.login}/bin/sulogin" + "-Dnologin-path=${util-linux.login}/bin/nologin" + "-Dmount-path=${util-linux.mount}/bin/mount" + "-Dumount-path=${util-linux.mount}/bin/umount" "-Dcreate-log-dirs=false" # Use cgroupsv2. This is already the upstream default, but better be explicit. @@ -568,8 +569,8 @@ stdenv.mkDerivation (finalAttrs: { "man/systemd-makefs@.service.xml" ]; } - { search = "/sbin/swapon"; replacement = "${lib.getBin util-linux}/sbin/swapon"; where = [ "src/core/swap.c" "src/basic/unit-def.h" ]; } - { search = "/sbin/swapoff"; replacement = "${lib.getBin util-linux}/sbin/swapoff"; where = [ "src/core/swap.c" ]; } + { search = "/sbin/swapon"; replacement = "${util-linux.swap}/sbin/swapon"; where = [ "src/core/swap.c" "src/basic/unit-def.h" ]; } + { search = "/sbin/swapoff"; replacement = "${util-linux.swap}/sbin/swapoff"; where = [ "src/core/swap.c" ]; } { search = "/bin/echo"; replacement = "${coreutils}/bin/echo"; diff --git a/pkgs/os-specific/linux/util-linux/default.nix b/pkgs/os-specific/linux/util-linux/default.nix index 7b4ef6ed01433..bd87c07879c39 100644 --- a/pkgs/os-specific/linux/util-linux/default.nix +++ b/pkgs/os-specific/linux/util-linux/default.nix @@ -50,7 +50,12 @@ stdenv.mkDerivation rec { }) ]; - outputs = [ "bin" "dev" "out" "lib" "man" ]; + # We separate some of the utilities into their own outputs. This + # allows putting together smaller systems depending on only part of + # the greater util-linux toolset. + # Compatibility is maintained by symlinking the binaries from the + # smaller outputs in the bin output. + outputs = [ "bin" "dev" "out" "lib" "man" "mount" "login" "swap" ]; separateDebugInfo = true; postPatch = '' @@ -106,6 +111,20 @@ stdenv.mkDerivation rec { enableParallelBuilding = true; postInstall = '' + moveToOutput bin/mount "$mount" + moveToOutput bin/umount "$mount" + ln -svf "$mount/bin/"* $bin/bin/ + + moveToOutput sbin/nologin "$login" + moveToOutput sbin/sulogin "$login" + prefix=$login _moveSbin + ln -svf "$login/bin/"* $bin/bin/ + + moveToOutput sbin/swapon "$swap" + moveToOutput sbin/swapoff "$swap" + prefix=$swap _moveSbin + ln -svf "$swap/bin/"* $bin/bin/ + installShellCompletion --bash bash-completion/* ''; diff --git a/pkgs/servers/mqtt/nanomq/default.nix b/pkgs/servers/mqtt/nanomq/default.nix index 06fec792f32a9..902b5369df07c 100644 --- a/pkgs/servers/mqtt/nanomq/default.nix +++ b/pkgs/servers/mqtt/nanomq/default.nix @@ -35,6 +35,9 @@ let }; nativeBuildInputs = [ cmake ninja flex bison ]; + + # https://github.com/nanomq/idl-serial/issues/36 + hardeningDisable = [ "fortify3" ]; }; in stdenv.mkDerivation (finalAttrs: { diff --git a/pkgs/servers/x11/xorg/default.nix b/pkgs/servers/x11/xorg/default.nix index 9e3f338a08be5..d1a25c9e3dcd7 100644 --- a/pkgs/servers/x11/xorg/default.nix +++ b/pkgs/servers/x11/xorg/default.nix @@ -814,11 +814,11 @@ self: with self; { # THIS IS A GENERATED FILE. DO NOT EDIT! imake = callPackage ({ stdenv, pkg-config, fetchurl, xorgproto }: stdenv.mkDerivation { pname = "imake"; - version = "1.0.8"; + version = "1.0.9"; builder = ./builder.sh; src = fetchurl { - url = "mirror://xorg/individual/util/imake-1.0.8.tar.bz2"; - sha256 = "00m7l90ws72k1qm101sd2rx92ckd50cszyng5d4dd77jncbf9lmq"; + url = "mirror://xorg/individual/util/imake-1.0.9.tar.xz"; + sha256 = "10wgw3l0rsnvc2191awyg5j24n3g552xgc671qr5vnbliwkrvpkj"; }; hardeningDisable = [ "bindnow" "relro" ]; strictDeps = true; @@ -846,11 +846,11 @@ self: with self; { # THIS IS A GENERATED FILE. DO NOT EDIT! libFS = callPackage ({ stdenv, pkg-config, fetchurl, xorgproto, xtrans }: stdenv.mkDerivation { pname = "libFS"; - version = "1.0.8"; + version = "1.0.9"; builder = ./builder.sh; src = fetchurl { - url = "mirror://xorg/individual/lib/libFS-1.0.8.tar.bz2"; - sha256 = "03xxyvpfa3rhqcld4p2chkil482jn9cp80hj17jdybcv2hkkgqf8"; + url = "mirror://xorg/individual/lib/libFS-1.0.9.tar.xz"; + sha256 = "12i0zh1v5zlba617nam8sjhfqi68qqnl7z5hsz3wqhijid1pjwsr"; }; hardeningDisable = [ "bindnow" "relro" ]; strictDeps = true; @@ -862,11 +862,11 @@ self: with self; { # THIS IS A GENERATED FILE. DO NOT EDIT! libICE = callPackage ({ stdenv, pkg-config, fetchurl, xorgproto, xtrans }: stdenv.mkDerivation { pname = "libICE"; - version = "1.0.10"; + version = "1.1.1"; builder = ./builder.sh; src = fetchurl { - url = "mirror://xorg/individual/lib/libICE-1.0.10.tar.bz2"; - sha256 = "0j638yvmyna2k4mz465jywgdybgdchdqppfx6xfazg7l5khxr1kg"; + url = "mirror://xorg/individual/lib/libICE-1.1.1.tar.xz"; + sha256 = "0lg4sddalwmmzsnxv3fgdm2hzqp66j8b3syc0ancfhi9yzx7mrq3"; }; hardeningDisable = [ "bindnow" "relro" ]; strictDeps = true; @@ -878,11 +878,11 @@ self: with self; { # THIS IS A GENERATED FILE. DO NOT EDIT! libSM = callPackage ({ stdenv, pkg-config, fetchurl, libICE, libuuid, xorgproto, xtrans }: stdenv.mkDerivation { pname = "libSM"; - version = "1.2.3"; + version = "1.2.4"; builder = ./builder.sh; src = fetchurl { - url = "mirror://xorg/individual/lib/libSM-1.2.3.tar.bz2"; - sha256 = "1fwwfq9v3sqmpzpscymswxn76xhxnysa24pfim1mcpxhvjcl89id"; + url = "mirror://xorg/individual/lib/libSM-1.2.4.tar.xz"; + sha256 = "113vx53k6pyxf84v5kqb7qhcldx1fi78lym77lcb2xhj9lgfbjzx"; }; hardeningDisable = [ "bindnow" "relro" ]; strictDeps = true; @@ -926,11 +926,11 @@ self: with self; { # THIS IS A GENERATED FILE. DO NOT EDIT! libXScrnSaver = callPackage ({ stdenv, pkg-config, fetchurl, xorgproto, libX11, libXext }: stdenv.mkDerivation { pname = "libXScrnSaver"; - version = "1.2.3"; + version = "1.2.4"; builder = ./builder.sh; src = fetchurl { - url = "mirror://xorg/individual/lib/libXScrnSaver-1.2.3.tar.bz2"; - sha256 = "1y4vx1vabg7j9hamp0vrfrax5b0lmgm3h0lbgbb3hnkv3dd0f5zr"; + url = "mirror://xorg/individual/lib/libXScrnSaver-1.2.4.tar.xz"; + sha256 = "1zi0r6mqa1g0hhsp02cdsjcxmsbipiv0v65c1h4pl84fydcjikbm"; }; hardeningDisable = [ "bindnow" "relro" ]; strictDeps = true; @@ -958,11 +958,11 @@ self: with self; { # THIS IS A GENERATED FILE. DO NOT EDIT! libXau = callPackage ({ stdenv, pkg-config, fetchurl, xorgproto }: stdenv.mkDerivation { pname = "libXau"; - version = "1.0.9"; + version = "1.0.11"; builder = ./builder.sh; src = fetchurl { - url = "mirror://xorg/individual/lib/libXau-1.0.9.tar.bz2"; - sha256 = "1v3krc6x0zliaa66qq1bf9j60x5nqfy68v8axaiglxpnvgqcpy6c"; + url = "mirror://xorg/individual/lib/libXau-1.0.11.tar.xz"; + sha256 = "1sxv56rql3vsb14za0hgr07mipgvvcw48910srmky32pyn135ypk"; }; hardeningDisable = [ "bindnow" "relro" ]; strictDeps = true; @@ -974,11 +974,11 @@ self: with self; { # THIS IS A GENERATED FILE. DO NOT EDIT! libXaw = callPackage ({ stdenv, pkg-config, fetchurl, libX11, libXext, xorgproto, libXmu, libXpm, libXt }: stdenv.mkDerivation { pname = "libXaw"; - version = "1.0.14"; + version = "1.0.15"; builder = ./builder.sh; src = fetchurl { - url = "mirror://xorg/individual/lib/libXaw-1.0.14.tar.bz2"; - sha256 = "13kg59r3086383g1dyhnwxanhp2frssh9062mrgn34nzlf7gkbkn"; + url = "mirror://xorg/individual/lib/libXaw-1.0.15.tar.xz"; + sha256 = "0jkm2ards3nj08y7185k9jvjhhx78r46abrl3g3jrc4zvq7zfddb"; }; hardeningDisable = [ "bindnow" "relro" ]; strictDeps = true; @@ -990,11 +990,11 @@ self: with self; { # THIS IS A GENERATED FILE. DO NOT EDIT! libXcomposite = callPackage ({ stdenv, pkg-config, fetchurl, xorgproto, libX11, libXfixes }: stdenv.mkDerivation { pname = "libXcomposite"; - version = "0.4.5"; + version = "0.4.6"; builder = ./builder.sh; src = fetchurl { - url = "mirror://xorg/individual/lib/libXcomposite-0.4.5.tar.bz2"; - sha256 = "13sfcglvz87vl58hd9rszwr73z0z4nwga3c12rfh7f5s2ln8l8dk"; + url = "mirror://xorg/individual/lib/libXcomposite-0.4.6.tar.xz"; + sha256 = "11rcvk380l5540gfqy9p8mbzw3l1p5g8l214p870f28smvqbqh7y"; }; hardeningDisable = [ "bindnow" "relro" ]; strictDeps = true; @@ -1006,11 +1006,11 @@ self: with self; { # THIS IS A GENERATED FILE. DO NOT EDIT! libXcursor = callPackage ({ stdenv, pkg-config, fetchurl, xorgproto, libX11, libXfixes, libXrender }: stdenv.mkDerivation { pname = "libXcursor"; - version = "1.2.0"; + version = "1.2.1"; builder = ./builder.sh; src = fetchurl { - url = "mirror://xorg/individual/lib/libXcursor-1.2.0.tar.bz2"; - sha256 = "10l7c9fm0jmpkm9ab9dz8r6m1pr87vvgqjnbx1psz50h4pwfklrs"; + url = "mirror://xorg/individual/lib/libXcursor-1.2.1.tar.xz"; + sha256 = "011195an3w4xld3x0dr534kar1xjf52q96hmf0hgvfhh2rrl7ha6"; }; hardeningDisable = [ "bindnow" "relro" ]; strictDeps = true; @@ -1022,11 +1022,11 @@ self: with self; { # THIS IS A GENERATED FILE. DO NOT EDIT! libXdamage = callPackage ({ stdenv, pkg-config, fetchurl, xorgproto, libX11, libXfixes }: stdenv.mkDerivation { pname = "libXdamage"; - version = "1.1.5"; + version = "1.1.6"; builder = ./builder.sh; src = fetchurl { - url = "mirror://xorg/individual/lib/libXdamage-1.1.5.tar.bz2"; - sha256 = "0igaw2akjf712y3rv7lx473jigxmcv9rs9y8sbrvbhya8f30cd5p"; + url = "mirror://xorg/individual/lib/libXdamage-1.1.6.tar.xz"; + sha256 = "04axzdx75w0wcb4na7lfpa0ai0fddw60dmg7cigs7z32a8gkqwsj"; }; hardeningDisable = [ "bindnow" "relro" ]; strictDeps = true; @@ -1038,11 +1038,11 @@ self: with self; { # THIS IS A GENERATED FILE. DO NOT EDIT! libXdmcp = callPackage ({ stdenv, pkg-config, fetchurl, xorgproto }: stdenv.mkDerivation { pname = "libXdmcp"; - version = "1.1.3"; + version = "1.1.4"; builder = ./builder.sh; src = fetchurl { - url = "mirror://xorg/individual/lib/libXdmcp-1.1.3.tar.bz2"; - sha256 = "0ab53h0rkq721ihk5hi469x500f3pgbkm1wy01yf24x5m923nli0"; + url = "mirror://xorg/individual/lib/libXdmcp-1.1.4.tar.xz"; + sha256 = "005dsry6nfqrv32i7gbqn7mxnb2m3pc8fz9lxj2b9w7q2z1mrkid"; }; hardeningDisable = [ "bindnow" "relro" ]; strictDeps = true; @@ -1054,11 +1054,11 @@ self: with self; { # THIS IS A GENERATED FILE. DO NOT EDIT! libXext = callPackage ({ stdenv, pkg-config, fetchurl, libX11, xorgproto }: stdenv.mkDerivation { pname = "libXext"; - version = "1.3.4"; + version = "1.3.5"; builder = ./builder.sh; src = fetchurl { - url = "mirror://xorg/individual/lib/libXext-1.3.4.tar.bz2"; - sha256 = "0azqxllcsfxc3ilhz6kwc6x7m8wc477p59ir9p0yrsldx766zbar"; + url = "mirror://xorg/individual/lib/libXext-1.3.5.tar.xz"; + sha256 = "1jkv7l9qm4vms6af4faax916rirxp6r8rpjrhlxa6zn5jp4c056v"; }; hardeningDisable = [ "bindnow" "relro" ]; strictDeps = true; @@ -1070,11 +1070,11 @@ self: with self; { # THIS IS A GENERATED FILE. DO NOT EDIT! libXfixes = callPackage ({ stdenv, pkg-config, fetchurl, xorgproto, libX11 }: stdenv.mkDerivation { pname = "libXfixes"; - version = "6.0.0"; + version = "6.0.1"; builder = ./builder.sh; src = fetchurl { - url = "mirror://xorg/individual/lib/libXfixes-6.0.0.tar.bz2"; - sha256 = "0k2v4i4r24y3kdr5ici1qqhp69djnja919xfqp54c2rylm6s5hd7"; + url = "mirror://xorg/individual/lib/libXfixes-6.0.1.tar.xz"; + sha256 = "0n1dq2mi60i0c06i7j6lq64cq335ir2l89yj0amj3529s8ygk5dn"; }; hardeningDisable = [ "bindnow" "relro" ]; strictDeps = true; @@ -1102,11 +1102,11 @@ self: with self; { # THIS IS A GENERATED FILE. DO NOT EDIT! libXfont2 = callPackage ({ stdenv, pkg-config, fetchurl, libfontenc, xorgproto, freetype, xtrans, zlib }: stdenv.mkDerivation { pname = "libXfont2"; - version = "2.0.5"; + version = "2.0.6"; builder = ./builder.sh; src = fetchurl { - url = "mirror://xorg/individual/lib/libXfont2-2.0.5.tar.bz2"; - sha256 = "0gmm20p3qq23pd2bhc5rsxil60wqvj9xi7l1nh55q8gp3hhnyz5a"; + url = "mirror://xorg/individual/lib/libXfont2-2.0.6.tar.xz"; + sha256 = "1x5f4w6f94dq9hfcd11xzzjqbz30yn2hdrnmv1b3zyxhgq0j1jkl"; }; hardeningDisable = [ "bindnow" "relro" ]; strictDeps = true; @@ -1118,11 +1118,11 @@ self: with self; { # THIS IS A GENERATED FILE. DO NOT EDIT! libXft = callPackage ({ stdenv, pkg-config, fetchurl, fontconfig, freetype, libX11, xorgproto, libXrender }: stdenv.mkDerivation { pname = "libXft"; - version = "2.3.6"; + version = "2.3.8"; builder = ./builder.sh; src = fetchurl { - url = "mirror://xorg/individual/lib/libXft-2.3.6.tar.xz"; - sha256 = "08ihq0in7iy5bwrx71nhnlkj7k1ic34brjcqs2wbnf69kwqyg9k0"; + url = "mirror://xorg/individual/lib/libXft-2.3.8.tar.xz"; + sha256 = "0jfxqsqhjl2b2ll6b7x21mj02hxp5znkhjvbxw5a9h6lq95kr32y"; }; hardeningDisable = [ "bindnow" "relro" ]; strictDeps = true; @@ -1134,11 +1134,11 @@ self: with self; { # THIS IS A GENERATED FILE. DO NOT EDIT! libXi = callPackage ({ stdenv, pkg-config, fetchurl, xorgproto, libX11, libXext, libXfixes }: stdenv.mkDerivation { pname = "libXi"; - version = "1.8"; + version = "1.8.1"; builder = ./builder.sh; src = fetchurl { - url = "mirror://xorg/individual/lib/libXi-1.8.tar.bz2"; - sha256 = "005sicls6faddkcj449858i9xz1nafy70y26frsk7iv1d9283l9f"; + url = "mirror://xorg/individual/lib/libXi-1.8.1.tar.xz"; + sha256 = "19snjrsdib2y2iq8c1zbrp78qy1b6sdmyvif422gg27j2klc1gw9"; }; hardeningDisable = [ "bindnow" "relro" ]; strictDeps = true; @@ -1150,11 +1150,11 @@ self: with self; { # THIS IS A GENERATED FILE. DO NOT EDIT! libXinerama = callPackage ({ stdenv, pkg-config, fetchurl, libX11, libXext, xorgproto }: stdenv.mkDerivation { pname = "libXinerama"; - version = "1.1.4"; + version = "1.1.5"; builder = ./builder.sh; src = fetchurl { - url = "mirror://xorg/individual/lib/libXinerama-1.1.4.tar.bz2"; - sha256 = "086p0axqj57nvkaqa6r00dnr9kyrn1m8blgf0zjy25zpxkbxn200"; + url = "mirror://xorg/individual/lib/libXinerama-1.1.5.tar.xz"; + sha256 = "0p08q8q1wg0sixhizl2l1i935bk6x3ckj3bdd6qqr0n1zkqd352h"; }; hardeningDisable = [ "bindnow" "relro" ]; strictDeps = true; @@ -1166,11 +1166,11 @@ self: with self; { # THIS IS A GENERATED FILE. DO NOT EDIT! libXmu = callPackage ({ stdenv, pkg-config, fetchurl, libX11, libXext, xorgproto, libXt }: stdenv.mkDerivation { pname = "libXmu"; - version = "1.1.3"; + version = "1.1.4"; builder = ./builder.sh; src = fetchurl { - url = "mirror://xorg/individual/lib/libXmu-1.1.3.tar.bz2"; - sha256 = "0cdpqnx6258i4l6qhphvkdiyspysg0i5caqjy820kp63wwjk4d4w"; + url = "mirror://xorg/individual/lib/libXmu-1.1.4.tar.xz"; + sha256 = "0i42fng5gizablqziib25ipcwm5830jprl955ibq54rykjmy6391"; }; hardeningDisable = [ "bindnow" "relro" ]; strictDeps = true; @@ -1182,11 +1182,11 @@ self: with self; { # THIS IS A GENERATED FILE. DO NOT EDIT! libXp = callPackage ({ stdenv, pkg-config, fetchurl, xorgproto, libX11, libXau, libXext }: stdenv.mkDerivation { pname = "libXp"; - version = "1.0.3"; + version = "1.0.4"; builder = ./builder.sh; src = fetchurl { - url = "mirror://xorg/individual/lib/libXp-1.0.3.tar.bz2"; - sha256 = "0mwc2jwmq03b1m9ihax5c6gw2ln8rc70zz4fsj3kb7440nchqdkz"; + url = "mirror://xorg/individual/lib/libXp-1.0.4.tar.xz"; + sha256 = "197iklxwyd4naryc6mzv0g5qi1dy1apxk9w9k3yshd1ax2wf668z"; }; hardeningDisable = [ "bindnow" "relro" ]; strictDeps = true; @@ -1198,11 +1198,11 @@ self: with self; { # THIS IS A GENERATED FILE. DO NOT EDIT! libXpm = callPackage ({ stdenv, pkg-config, fetchurl, libX11, libXext, xorgproto, libXt, gettext }: stdenv.mkDerivation { pname = "libXpm"; - version = "3.5.15"; + version = "3.5.16"; builder = ./builder.sh; src = fetchurl { - url = "mirror://xorg/individual/lib/libXpm-3.5.15.tar.xz"; - sha256 = "1hfivygzrzpq81vg9z2l46pd5nrzm326k6z3cfw6syiibin91fv0"; + url = "mirror://xorg/individual/lib/libXpm-3.5.16.tar.xz"; + sha256 = "0lczckznwbzsf5pca487g8bzbqjgj3a96z78cz69pgcxlskmvg76"; }; hardeningDisable = [ "bindnow" "relro" ]; strictDeps = true; @@ -1212,29 +1212,29 @@ self: with self; { }) {}; # THIS IS A GENERATED FILE. DO NOT EDIT! - libXpresent = callPackage ({ stdenv, pkg-config, fetchurl, xorgproto, libX11 }: stdenv.mkDerivation { + libXpresent = callPackage ({ stdenv, pkg-config, fetchurl, xorgproto, libX11, libXext, libXfixes, libXrandr }: stdenv.mkDerivation { pname = "libXpresent"; - version = "1.0.0"; + version = "1.0.1"; builder = ./builder.sh; src = fetchurl { - url = "mirror://xorg/individual/lib/libXpresent-1.0.0.tar.bz2"; - sha256 = "12kvvar3ihf6sw49h6ywfdiwmb8i1gh8wasg1zhzp6hs2hay06n1"; + url = "mirror://xorg/individual/lib/libXpresent-1.0.1.tar.xz"; + sha256 = "06r34v7z3jb0x7l5ghlc1g82gjjp5ilq5p6j11galv86bagdyr5r"; }; hardeningDisable = [ "bindnow" "relro" ]; strictDeps = true; nativeBuildInputs = [ pkg-config ]; - buildInputs = [ xorgproto libX11 ]; + buildInputs = [ xorgproto libX11 libXext libXfixes libXrandr ]; meta.platforms = lib.platforms.unix; }) {}; # THIS IS A GENERATED FILE. DO NOT EDIT! libXrandr = callPackage ({ stdenv, pkg-config, fetchurl, xorgproto, libX11, libXext, libXrender }: stdenv.mkDerivation { pname = "libXrandr"; - version = "1.5.2"; + version = "1.5.3"; builder = ./builder.sh; src = fetchurl { - url = "mirror://xorg/individual/lib/libXrandr-1.5.2.tar.bz2"; - sha256 = "08z0mqywrm7ij8bxlfrx0d2wy6kladdmkva1nw5k6qix82z0xsla"; + url = "mirror://xorg/individual/lib/libXrandr-1.5.3.tar.xz"; + sha256 = "0a5l9q37c9m6gfdchlj43a9j3mw2avfwasfn0ivlkqbq980kjxl9"; }; hardeningDisable = [ "bindnow" "relro" ]; strictDeps = true; @@ -1246,11 +1246,11 @@ self: with self; { # THIS IS A GENERATED FILE. DO NOT EDIT! libXrender = callPackage ({ stdenv, pkg-config, fetchurl, xorgproto, libX11 }: stdenv.mkDerivation { pname = "libXrender"; - version = "0.9.10"; + version = "0.9.11"; builder = ./builder.sh; src = fetchurl { - url = "mirror://xorg/individual/lib/libXrender-0.9.10.tar.bz2"; - sha256 = "0j89cnb06g8x79wmmnwzykgkkfdhin9j7hjpvsxwlr3fz1wmjvf0"; + url = "mirror://xorg/individual/lib/libXrender-0.9.11.tar.xz"; + sha256 = "096whakny5h16nlwz80z0l2nxigpsarl35mm5xqgzlc37ad7alxw"; }; hardeningDisable = [ "bindnow" "relro" ]; strictDeps = true; @@ -1262,11 +1262,11 @@ self: with self; { # THIS IS A GENERATED FILE. DO NOT EDIT! libXres = callPackage ({ stdenv, pkg-config, fetchurl, xorgproto, libX11, libXext }: stdenv.mkDerivation { pname = "libXres"; - version = "1.2.1"; + version = "1.2.2"; builder = ./builder.sh; src = fetchurl { - url = "mirror://xorg/individual/lib/libXres-1.2.1.tar.bz2"; - sha256 = "049b7dk6hx47161hg47ryjrm6pwsp27r5pby05b0wqb1pcggprmn"; + url = "mirror://xorg/individual/lib/libXres-1.2.2.tar.xz"; + sha256 = "0pvlzahqd8fcyq10wi7ipbxvgrg93hn0vqsymhw7b6sb93rlcx4s"; }; hardeningDisable = [ "bindnow" "relro" ]; strictDeps = true; @@ -1278,11 +1278,11 @@ self: with self; { # THIS IS A GENERATED FILE. DO NOT EDIT! libXt = callPackage ({ stdenv, pkg-config, fetchurl, libICE, xorgproto, libSM, libX11 }: stdenv.mkDerivation { pname = "libXt"; - version = "1.2.1"; + version = "1.3.0"; builder = ./builder.sh; src = fetchurl { - url = "mirror://xorg/individual/lib/libXt-1.2.1.tar.bz2"; - sha256 = "0q1x7842r8rcn2m0q4q9f69h4qa097fyizs8brzx5ns62s7w1737"; + url = "mirror://xorg/individual/lib/libXt-1.3.0.tar.xz"; + sha256 = "14dz66rp66ar2a5q0fbsnlcqkbd34801pzdxj3f0hzc2vcy0p0jj"; }; hardeningDisable = [ "bindnow" "relro" ]; strictDeps = true; @@ -1294,11 +1294,11 @@ self: with self; { # THIS IS A GENERATED FILE. DO NOT EDIT! libXtst = callPackage ({ stdenv, pkg-config, fetchurl, xorgproto, libX11, libXext, libXi }: stdenv.mkDerivation { pname = "libXtst"; - version = "1.2.3"; + version = "1.2.4"; builder = ./builder.sh; src = fetchurl { - url = "mirror://xorg/individual/lib/libXtst-1.2.3.tar.bz2"; - sha256 = "012jpyj7xfm653a9jcfqbzxyywdmwb2b5wr1dwylx14f3f54jma6"; + url = "mirror://xorg/individual/lib/libXtst-1.2.4.tar.xz"; + sha256 = "1j1kr90b7vmpqniqd0pd786kn5924q799c5m2kpgzd2lj85z7xc4"; }; hardeningDisable = [ "bindnow" "relro" ]; strictDeps = true; @@ -1310,11 +1310,11 @@ self: with self; { # THIS IS A GENERATED FILE. DO NOT EDIT! libXv = callPackage ({ stdenv, pkg-config, fetchurl, xorgproto, libX11, libXext }: stdenv.mkDerivation { pname = "libXv"; - version = "1.0.11"; + version = "1.0.12"; builder = ./builder.sh; src = fetchurl { - url = "mirror://xorg/individual/lib/libXv-1.0.11.tar.bz2"; - sha256 = "125hn06bd3d8y97hm2pbf5j55gg4r2hpd3ifad651i4sr7m16v6j"; + url = "mirror://xorg/individual/lib/libXv-1.0.12.tar.xz"; + sha256 = "0j1qqrhbhdi3kqz0am5i1lhs31ql9pbc14z41w0a5xw9yq4zmxxa"; }; hardeningDisable = [ "bindnow" "relro" ]; strictDeps = true; @@ -1342,11 +1342,11 @@ self: with self; { # THIS IS A GENERATED FILE. DO NOT EDIT! libXxf86dga = callPackage ({ stdenv, pkg-config, fetchurl, libX11, libXext, xorgproto }: stdenv.mkDerivation { pname = "libXxf86dga"; - version = "1.1.5"; + version = "1.1.6"; builder = ./builder.sh; src = fetchurl { - url = "mirror://xorg/individual/lib/libXxf86dga-1.1.5.tar.bz2"; - sha256 = "00vjvcdlc1sga251jkxn6gkxmx9h5n290ffxxpa40qbca1gvr61b"; + url = "mirror://xorg/individual/lib/libXxf86dga-1.1.6.tar.xz"; + sha256 = "03wqsxbgyrdbrhw8fk3fxc9nk8jnwz5537ym2yif73w0g5sl4i5y"; }; hardeningDisable = [ "bindnow" "relro" ]; strictDeps = true; @@ -1390,11 +1390,11 @@ self: with self; { # THIS IS A GENERATED FILE. DO NOT EDIT! libdmx = callPackage ({ stdenv, pkg-config, fetchurl, xorgproto, libX11, libXext }: stdenv.mkDerivation { pname = "libdmx"; - version = "1.1.4"; + version = "1.1.5"; builder = ./builder.sh; src = fetchurl { - url = "mirror://xorg/individual/lib/libdmx-1.1.4.tar.bz2"; - sha256 = "0hvjfhrcym770cr0zpqajdy3cda30aiwbjzv16iafkqkbl090gr5"; + url = "mirror://xorg/individual/lib/libdmx-1.1.5.tar.xz"; + sha256 = "0kzprd1ak3m3042m5hra50nsagswciis9p21ckilyaqbidmf591m"; }; hardeningDisable = [ "bindnow" "relro" ]; strictDeps = true; @@ -1406,11 +1406,11 @@ self: with self; { # THIS IS A GENERATED FILE. DO NOT EDIT! libfontenc = callPackage ({ stdenv, pkg-config, fetchurl, xorgproto, zlib }: stdenv.mkDerivation { pname = "libfontenc"; - version = "1.1.4"; + version = "1.1.7"; builder = ./builder.sh; src = fetchurl { - url = "mirror://xorg/individual/lib/libfontenc-1.1.4.tar.bz2"; - sha256 = "0y90170dp8wsidr1dzza0grxr1lfh30ji3b5vkjz4j6x1n0wxz1c"; + url = "mirror://xorg/individual/lib/libfontenc-1.1.7.tar.xz"; + sha256 = "1hpy7kvppzy36fl8gbnzbv0cvglpdqk9jpdgvcfma1pfza8nkly0"; }; hardeningDisable = [ "bindnow" "relro" ]; strictDeps = true; @@ -1422,11 +1422,11 @@ self: with self; { # THIS IS A GENERATED FILE. DO NOT EDIT! libpciaccess = callPackage ({ stdenv, pkg-config, fetchurl, hwdata, zlib }: stdenv.mkDerivation { pname = "libpciaccess"; - version = "0.16"; + version = "0.17"; builder = ./builder.sh; src = fetchurl { - url = "mirror://xorg/individual/lib/libpciaccess-0.16.tar.bz2"; - sha256 = "12glp4w1kgvmqn89lk19cgr6jccd3awxra4dxisp7pagi06rsk11"; + url = "mirror://xorg/individual/lib/libpciaccess-0.17.tar.xz"; + sha256 = "0wsvv5d05maqbidvnavka7n0fnql55m4jix5wwlk14blr6ikna3l"; }; hardeningDisable = [ "bindnow" "relro" ]; strictDeps = true; @@ -1455,11 +1455,11 @@ self: with self; { # THIS IS A GENERATED FILE. DO NOT EDIT! libxcb = callPackage ({ stdenv, pkg-config, fetchurl, libxslt, libpthreadstubs, libXau, xcbproto, libXdmcp, python3 }: stdenv.mkDerivation { pname = "libxcb"; - version = "1.14"; + version = "1.15"; builder = ./builder.sh; src = fetchurl { - url = "mirror://xorg/individual/lib/libxcb-1.14.tar.xz"; - sha256 = "0d2chjgyn5lr9sfhacfvqgnj9l9faz11vn322a06jd6lk3dxcpm5"; + url = "mirror://xorg/individual/lib/libxcb-1.15.tar.xz"; + sha256 = "0nd035rf83xf531cnjzsf9ykb5w9rdzz6bbyhi683xkwh57p8f6c"; }; hardeningDisable = [ "bindnow" "relro" ]; strictDeps = true; @@ -1487,11 +1487,11 @@ self: with self; { # THIS IS A GENERATED FILE. DO NOT EDIT! libxkbfile = callPackage ({ stdenv, pkg-config, fetchurl, xorgproto, libX11 }: stdenv.mkDerivation { pname = "libxkbfile"; - version = "1.1.0"; + version = "1.1.2"; builder = ./builder.sh; src = fetchurl { - url = "mirror://xorg/individual/lib/libxkbfile-1.1.0.tar.bz2"; - sha256 = "1irq9crvscd3yb8sr802dhvvfr35jdy1n2yz094xplmd42mbv3bm"; + url = "mirror://xorg/individual/lib/libxkbfile-1.1.2.tar.xz"; + sha256 = "1ca4crhzc5a2gdkc4r0m92wyirsy5mngnz0430bj02s2mi7pi8xq"; }; hardeningDisable = [ "bindnow" "relro" ]; strictDeps = true; @@ -1503,11 +1503,11 @@ self: with self; { # THIS IS A GENERATED FILE. DO NOT EDIT! libxshmfence = callPackage ({ stdenv, pkg-config, fetchurl, xorgproto }: stdenv.mkDerivation { pname = "libxshmfence"; - version = "1.3"; + version = "1.3.2"; builder = ./builder.sh; src = fetchurl { - url = "mirror://xorg/individual/lib/libxshmfence-1.3.tar.bz2"; - sha256 = "1ir0j92mnd1nk37mrv9bz5swnccqldicgszvfsh62jd14q6k115q"; + url = "mirror://xorg/individual/lib/libxshmfence-1.3.2.tar.xz"; + sha256 = "0vv0c7rjf6nd1afbal4c4ralallarak1v3ss3gcjdca0pibz43c7"; }; hardeningDisable = [ "bindnow" "relro" ]; strictDeps = true; @@ -1567,11 +1567,11 @@ self: with self; { # THIS IS A GENERATED FILE. DO NOT EDIT! makedepend = callPackage ({ stdenv, pkg-config, fetchurl, xorgproto }: stdenv.mkDerivation { pname = "makedepend"; - version = "1.0.6"; + version = "1.0.8"; builder = ./builder.sh; src = fetchurl { - url = "mirror://xorg/individual/util/makedepend-1.0.6.tar.bz2"; - sha256 = "072h9nzh8s5vqfz35dli4fba36fnr219asjrb7p89n8ph0paan6m"; + url = "mirror://xorg/individual/util/makedepend-1.0.8.tar.xz"; + sha256 = "0nxs5ibrghym3msbnh0b8i3yd3xgqandmrkc500jm6qq4n06zcmz"; }; hardeningDisable = [ "bindnow" "relro" ]; strictDeps = true; @@ -1695,11 +1695,11 @@ self: with self; { # THIS IS A GENERATED FILE. DO NOT EDIT! utilmacros = callPackage ({ stdenv, pkg-config, fetchurl }: stdenv.mkDerivation { pname = "util-macros"; - version = "1.19.3"; + version = "1.20.0"; builder = ./builder.sh; src = fetchurl { - url = "mirror://xorg/individual/util/util-macros-1.19.3.tar.bz2"; - sha256 = "0w8ryfqylprz37zj9grl4jzdsqq67ibfwq5raj7vm1i7kmp2x08g"; + url = "mirror://xorg/individual/util/util-macros-1.20.0.tar.xz"; + sha256 = "1nrh8kmbix5pspva6y7h14fj97xdvxqc6fr3zysfswg9vdib51hb"; }; hardeningDisable = [ "bindnow" "relro" ]; strictDeps = true; @@ -1775,11 +1775,11 @@ self: with self; { # THIS IS A GENERATED FILE. DO NOT EDIT! xbitmaps = callPackage ({ stdenv, pkg-config, fetchurl }: stdenv.mkDerivation { pname = "xbitmaps"; - version = "1.1.2"; + version = "1.1.3"; builder = ./builder.sh; src = fetchurl { - url = "mirror://xorg/individual/data/xbitmaps-1.1.2.tar.bz2"; - sha256 = "1vh73sc13s7w5r6gnc6irca56s7998bja7wgdivkfn8jccawgw5r"; + url = "mirror://xorg/individual/data/xbitmaps-1.1.3.tar.xz"; + sha256 = "0yhgrllia3lbqx9b21w31w4sppx1a9ggrk62hrys2ckqi1aasv5d"; }; hardeningDisable = [ "bindnow" "relro" ]; strictDeps = true; @@ -1807,11 +1807,11 @@ self: with self; { # THIS IS A GENERATED FILE. DO NOT EDIT! xcbproto = callPackage ({ stdenv, pkg-config, fetchurl, python3 }: stdenv.mkDerivation { pname = "xcb-proto"; - version = "1.14.1"; + version = "1.15.2"; builder = ./builder.sh; src = fetchurl { - url = "mirror://xorg/individual/proto/xcb-proto-1.14.1.tar.xz"; - sha256 = "1hzwazgyywd9mz4mjj1yv8ski27qqx7ypmyr27m39hrajyddsjph"; + url = "mirror://xorg/individual/proto/xcb-proto-1.15.2.tar.xz"; + sha256 = "1vak6q53abwxnkfn6by7j24m48kd2iy7jnskkqzzx8l0ysqvwwkh"; }; hardeningDisable = [ "bindnow" "relro" ]; strictDeps = true; @@ -1839,11 +1839,11 @@ self: with self; { # THIS IS A GENERATED FILE. DO NOT EDIT! xcbutilcursor = callPackage ({ stdenv, pkg-config, fetchurl, gperf, libxcb, xcbutilimage, xcbutilrenderutil, xorgproto, m4 }: stdenv.mkDerivation { pname = "xcb-util-cursor"; - version = "0.1.3"; + version = "0.1.4"; builder = ./builder.sh; src = fetchurl { - url = "mirror://xorg/individual/xcb/xcb-util-cursor-0.1.3.tar.bz2"; - sha256 = "0krr4rcw6r42cncinzvzzdqnmxk3nrgpnadyg2h8k9x10q3hm885"; + url = "mirror://xorg/individual/xcb/xcb-util-cursor-0.1.4.tar.xz"; + sha256 = "1yria9h0vqpblkgzqhpygk3rraijd3mmipg0mdhkayxbpj8gxp18"; }; hardeningDisable = [ "bindnow" "relro" ]; strictDeps = true; @@ -2015,11 +2015,11 @@ self: with self; { # THIS IS A GENERATED FILE. DO NOT EDIT! xcursorthemes = callPackage ({ stdenv, pkg-config, fetchurl, libXcursor }: stdenv.mkDerivation { pname = "xcursor-themes"; - version = "1.0.6"; + version = "1.0.7"; builder = ./builder.sh; src = fetchurl { - url = "mirror://xorg/individual/data/xcursor-themes-1.0.6.tar.bz2"; - sha256 = "16a96li0s0ggg60v7f6ywxmsrmxdfizcw55ccv7sp4qjfisca7pf"; + url = "mirror://xorg/individual/data/xcursor-themes-1.0.7.tar.xz"; + sha256 = "1j3qfga5llp8g702n7mivvdvfjk7agsgnbglbfh99n13i3sfiflm"; }; hardeningDisable = [ "bindnow" "relro" ]; strictDeps = true; @@ -3133,18 +3133,18 @@ self: with self; { }) {}; # THIS IS A GENERATED FILE. DO NOT EDIT! - xkeyboardconfig = callPackage ({ stdenv, pkg-config, fetchurl, libX11, xorgproto, python3 }: stdenv.mkDerivation { + xkeyboardconfig = callPackage ({ stdenv, pkg-config, fetchurl }: stdenv.mkDerivation { pname = "xkeyboard-config"; - version = "2.33"; + version = "2.39"; builder = ./builder.sh; src = fetchurl { - url = "mirror://xorg/individual/data/xkeyboard-config/xkeyboard-config-2.33.tar.bz2"; - sha256 = "1g6kn7l0mixw50kgn7d97gwv1990c5rczr2x776q3xywss8dfzv5"; + url = "mirror://xorg/individual/data/xkeyboard-config/xkeyboard-config-2.39.tar.xz"; + sha256 = "10m6mbjymi7qf30g5yd400kqijdjg7ym9qjzh0bc3c7pxwrzbias"; }; hardeningDisable = [ "bindnow" "relro" ]; strictDeps = true; - nativeBuildInputs = [ pkg-config python3 ]; - buildInputs = [ libX11 xorgproto ]; + nativeBuildInputs = [ pkg-config ]; + buildInputs = [ ]; meta.platforms = lib.platforms.unix; }) {}; @@ -3295,11 +3295,11 @@ self: with self; { # THIS IS A GENERATED FILE. DO NOT EDIT! xorgcffiles = callPackage ({ stdenv, pkg-config, fetchurl }: stdenv.mkDerivation { pname = "xorg-cf-files"; - version = "1.0.7"; + version = "1.0.8"; builder = ./builder.sh; src = fetchurl { - url = "mirror://xorg/individual/util/xorg-cf-files-1.0.7.tar.bz2"; - sha256 = "0233jyjxjkhlar03vp8l5sm3iq6354izm3crk41h5291pgap39vl"; + url = "mirror://xorg/individual/util/xorg-cf-files-1.0.8.tar.xz"; + sha256 = "1f8primgb6qw3zy7plbsj4a1kdhdqb04xpdys520zaygxxfra23l"; }; hardeningDisable = [ "bindnow" "relro" ]; strictDeps = true; @@ -3311,11 +3311,11 @@ self: with self; { # THIS IS A GENERATED FILE. DO NOT EDIT! xorgdocs = callPackage ({ stdenv, pkg-config, fetchurl }: stdenv.mkDerivation { pname = "xorg-docs"; - version = "1.7.1"; + version = "1.7.2"; builder = ./builder.sh; src = fetchurl { - url = "mirror://xorg/individual/doc/xorg-docs-1.7.1.tar.bz2"; - sha256 = "0jrc4jmb4raqawx0j9jmhgasr0k6sxv0bm2hrxjh9hb26iy6gf14"; + url = "mirror://xorg/individual/doc/xorg-docs-1.7.2.tar.gz"; + sha256 = "0xrncq9dkl6h03gfsj89zagi2vkhgvcgy8l6pjjva350d24027hc"; }; hardeningDisable = [ "bindnow" "relro" ]; strictDeps = true; @@ -3327,11 +3327,11 @@ self: with self; { # THIS IS A GENERATED FILE. DO NOT EDIT! xorgproto = callPackage ({ stdenv, pkg-config, fetchurl, libXt, python3 }: stdenv.mkDerivation { pname = "xorgproto"; - version = "2021.5"; + version = "2023.2"; builder = ./builder.sh; src = fetchurl { - url = "mirror://xorg/individual/proto/xorgproto-2021.5.tar.bz2"; - sha256 = "05d0kib351qmnlfimaznaw0220fr0ym7fx2gn9h2jqxxilxncbxa"; + url = "mirror://xorg/individual/proto/xorgproto-2023.2.tar.xz"; + sha256 = "0b4c27aq25w1fccks49p020avf9jzh75kaq5qwnww51bp1yvq7xn"; }; hardeningDisable = [ "bindnow" "relro" ]; strictDeps = true; @@ -3359,11 +3359,11 @@ self: with self; { # THIS IS A GENERATED FILE. DO NOT EDIT! xorgsgmldoctools = callPackage ({ stdenv, pkg-config, fetchurl }: stdenv.mkDerivation { pname = "xorg-sgml-doctools"; - version = "1.11"; + version = "1.12"; builder = ./builder.sh; src = fetchurl { - url = "mirror://xorg/individual/doc/xorg-sgml-doctools-1.11.tar.bz2"; - sha256 = "0k5pffyi5bx8dmfn033cyhgd3gf6viqj3x769fqixifwhbgy2777"; + url = "mirror://xorg/individual/doc/xorg-sgml-doctools-1.12.tar.gz"; + sha256 = "1nsb8kn6nipc09yv19wdpd94pav6hx7xby0psmmdvnm6wqlh6nlq"; }; hardeningDisable = [ "bindnow" "relro" ]; strictDeps = true; @@ -3519,11 +3519,11 @@ self: with self; { # THIS IS A GENERATED FILE. DO NOT EDIT! xtrans = callPackage ({ stdenv, pkg-config, fetchurl }: stdenv.mkDerivation { pname = "xtrans"; - version = "1.4.0"; + version = "1.5.0"; builder = ./builder.sh; src = fetchurl { - url = "mirror://xorg/individual/lib/xtrans-1.4.0.tar.bz2"; - sha256 = "0wyp0yc6gi72hwc3kjmvm3vkj9p6s407cb6dxx37jh9wb68l8z1p"; + url = "mirror://xorg/individual/lib/xtrans-1.5.0.tar.xz"; + sha256 = "1gdiiw64p279a1x033w7i002myry9v75pwmc1gsdpzbbd41vg90v"; }; hardeningDisable = [ "bindnow" "relro" ]; strictDeps = true; diff --git a/pkgs/servers/x11/xorg/overrides.nix b/pkgs/servers/x11/xorg/overrides.nix index 08eb42d0cb334..142163b22112f 100644 --- a/pkgs/servers/x11/xorg/overrides.nix +++ b/pkgs/servers/x11/xorg/overrides.nix @@ -1,7 +1,7 @@ { abiCompat ? null, callPackage, lib, stdenv, makeWrapper, fetchurl, fetchpatch, fetchFromGitLab, buildPackages, - automake, autoconf, libiconv, libtool, intltool, + automake, autoconf, libiconv, libtool, intltool, gettext, python3, perl, freetype, tradcpp, fontconfig, meson, ninja, ed, fontforge, libGL, spice-protocol, zlib, libGLU, dbus, libunwind, libdrm, netbsd, ncompress, @@ -419,7 +419,11 @@ self: super: }; }); - xf86inputkeyboard = brokenOnDarwin super.xf86inputkeyboard; # never worked: https://hydra.nixos.org/job/nixpkgs/trunk/xorg.xf86inputkeyboard.x86_64-darwin + xf86inputkeyboard = super.xf86inputkeyboard.overrideAttrs (attrs: { + meta = attrs.meta // { + platforms = lib.platforms.freebsd ++ lib.platforms.netbsd ++ lib.platforms.openbsd; + }; + }); xf86inputlibinput = super.xf86inputlibinput.overrideAttrs (attrs: { outputs = [ "out" "dev" ]; @@ -538,10 +542,20 @@ self: super: }); xkeyboardconfig = super.xkeyboardconfig.overrideAttrs (attrs: { - prePatch = "patchShebangs rules/merge.py"; - nativeBuildInputs = attrs.nativeBuildInputs ++ [ intltool libxslt ]; - configureFlags = [ "--with-xkb-rules-symlink=xorg" ]; - + prePatch = '' + patchShebangs rules/merge.py rules/compat/map-variants.py rules/xml2lst.pl + ''; + nativeBuildInputs = attrs.nativeBuildInputs ++ [ + meson + ninja + python3 + perl + libxslt # xsltproc + gettext # msgfmt + ]; + mesonFlags = [ + (lib.mesonBool "xorg-rules-symlinks" true) + ]; # 1: compatibility for X11/xkb location # 2: I think pkg-config/ is supposed to be in /lib/ postInstall = '' @@ -923,13 +937,6 @@ self: super: }); xorgcffiles = super.xorgcffiles.overrideAttrs (attrs: { - patches = [ - (fetchpatch { - name = "add-aarch64-darwin-support.patch"; - url = "https://gitlab.freedesktop.org/xorg/util/cf/-/commit/8d88c559b177e832b581c8ac0aa383b6cf79e0d0.patch"; - sha256 = "sha256-wCijdmlUtVgOh9Rp/LJrg1ObYm4OPTke5Xwu0xC0ap4="; - }) - ]; postInstall = lib.optionalString stdenv.isDarwin '' substituteInPlace $out/lib/X11/config/darwin.cf --replace "/usr/bin/" "" ''; diff --git a/pkgs/servers/x11/xorg/tarballs.list b/pkgs/servers/x11/xorg/tarballs.list index 5ea9f2d85c7f3..76a0d46247df7 100644 --- a/pkgs/servers/x11/xorg/tarballs.list +++ b/pkgs/servers/x11/xorg/tarballs.list @@ -1,7 +1,7 @@ https://invisible-mirror.net/archives/luit/luit-20190106.tgz mirror://xorg/individual/xcb/libpthread-stubs-0.4.tar.bz2 mirror://xorg/individual/xcb/xcb-util-0.4.1.tar.xz -mirror://xorg/individual/xcb/xcb-util-cursor-0.1.3.tar.bz2 +mirror://xorg/individual/xcb/xcb-util-cursor-0.1.4.tar.xz mirror://xorg/individual/xcb/xcb-util-errors-1.0.1.tar.xz mirror://xorg/individual/xcb/xcb-util-image-0.4.1.tar.xz mirror://xorg/individual/xcb/xcb-util-keysyms-0.4.1.tar.xz @@ -72,11 +72,11 @@ mirror://xorg/individual/app/xvinfo-1.1.5.tar.xz mirror://xorg/individual/app/xwd-1.0.9.tar.xz mirror://xorg/individual/app/xwininfo-1.1.6.tar.xz mirror://xorg/individual/app/xwud-1.0.6.tar.xz -mirror://xorg/individual/data/xbitmaps-1.1.2.tar.bz2 -mirror://xorg/individual/data/xcursor-themes-1.0.6.tar.bz2 -mirror://xorg/individual/data/xkeyboard-config/xkeyboard-config-2.33.tar.bz2 -mirror://xorg/individual/doc/xorg-docs-1.7.1.tar.bz2 -mirror://xorg/individual/doc/xorg-sgml-doctools-1.11.tar.bz2 +mirror://xorg/individual/data/xbitmaps-1.1.3.tar.xz +mirror://xorg/individual/data/xcursor-themes-1.0.7.tar.xz +mirror://xorg/individual/data/xkeyboard-config/xkeyboard-config-2.39.tar.xz +mirror://xorg/individual/doc/xorg-docs-1.7.2.tar.gz +mirror://xorg/individual/doc/xorg-sgml-doctools-1.12.tar.gz mirror://xorg/individual/driver/xf86-input-evdev-2.10.6.tar.bz2 mirror://xorg/individual/driver/xf86-input-joystick-1.6.4.tar.xz mirror://xorg/individual/driver/xf86-input-keyboard-2.0.0.tar.xz @@ -167,55 +167,55 @@ mirror://xorg/individual/font/font-util-1.4.0.tar.xz mirror://xorg/individual/font/font-winitzki-cyrillic-1.0.4.tar.xz mirror://xorg/individual/font/font-xfree86-type1-1.0.5.tar.xz mirror://xorg/individual/lib/libAppleWM-1.4.1.tar.bz2 -mirror://xorg/individual/lib/libdmx-1.1.4.tar.bz2 -mirror://xorg/individual/lib/libfontenc-1.1.4.tar.bz2 -mirror://xorg/individual/lib/libFS-1.0.8.tar.bz2 -mirror://xorg/individual/lib/libICE-1.0.10.tar.bz2 -mirror://xorg/individual/lib/libpciaccess-0.16.tar.bz2 -mirror://xorg/individual/lib/libSM-1.2.3.tar.bz2 +mirror://xorg/individual/lib/libdmx-1.1.5.tar.xz +mirror://xorg/individual/lib/libfontenc-1.1.7.tar.xz +mirror://xorg/individual/lib/libFS-1.0.9.tar.xz +mirror://xorg/individual/lib/libICE-1.1.1.tar.xz +mirror://xorg/individual/lib/libpciaccess-0.17.tar.xz +mirror://xorg/individual/lib/libSM-1.2.4.tar.xz mirror://xorg/individual/lib/libWindowsWM-1.0.1.tar.bz2 mirror://xorg/individual/lib/libX11-1.8.6.tar.xz -mirror://xorg/individual/lib/libXau-1.0.9.tar.bz2 -mirror://xorg/individual/lib/libXaw-1.0.14.tar.bz2 -mirror://xorg/individual/lib/libxcb-1.14.tar.xz -mirror://xorg/individual/lib/libXcomposite-0.4.5.tar.bz2 -mirror://xorg/individual/lib/libXcursor-1.2.0.tar.bz2 +mirror://xorg/individual/lib/libXau-1.0.11.tar.xz +mirror://xorg/individual/lib/libXaw-1.0.15.tar.xz +mirror://xorg/individual/lib/libxcb-1.15.tar.xz +mirror://xorg/individual/lib/libXcomposite-0.4.6.tar.xz +mirror://xorg/individual/lib/libXcursor-1.2.1.tar.xz mirror://xorg/individual/lib/libxcvt-0.1.2.tar.xz -mirror://xorg/individual/lib/libXdamage-1.1.5.tar.bz2 -mirror://xorg/individual/lib/libXdmcp-1.1.3.tar.bz2 -mirror://xorg/individual/lib/libXext-1.3.4.tar.bz2 -mirror://xorg/individual/lib/libXfixes-6.0.0.tar.bz2 +mirror://xorg/individual/lib/libXdamage-1.1.6.tar.xz +mirror://xorg/individual/lib/libXdmcp-1.1.4.tar.xz +mirror://xorg/individual/lib/libXext-1.3.5.tar.xz +mirror://xorg/individual/lib/libXfixes-6.0.1.tar.xz mirror://xorg/individual/lib/libXfont-1.5.4.tar.bz2 -mirror://xorg/individual/lib/libXfont2-2.0.5.tar.bz2 -mirror://xorg/individual/lib/libXft-2.3.6.tar.xz -mirror://xorg/individual/lib/libXi-1.8.tar.bz2 -mirror://xorg/individual/lib/libXinerama-1.1.4.tar.bz2 -mirror://xorg/individual/lib/libxkbfile-1.1.0.tar.bz2 -mirror://xorg/individual/lib/libXmu-1.1.3.tar.bz2 -mirror://xorg/individual/lib/libXp-1.0.3.tar.bz2 -mirror://xorg/individual/lib/libXpm-3.5.15.tar.xz -mirror://xorg/individual/lib/libXpresent-1.0.0.tar.bz2 -mirror://xorg/individual/lib/libXrandr-1.5.2.tar.bz2 -mirror://xorg/individual/lib/libXrender-0.9.10.tar.bz2 -mirror://xorg/individual/lib/libXres-1.2.1.tar.bz2 -mirror://xorg/individual/lib/libXScrnSaver-1.2.3.tar.bz2 -mirror://xorg/individual/lib/libxshmfence-1.3.tar.bz2 +mirror://xorg/individual/lib/libXfont2-2.0.6.tar.xz +mirror://xorg/individual/lib/libXft-2.3.8.tar.xz +mirror://xorg/individual/lib/libXi-1.8.1.tar.xz +mirror://xorg/individual/lib/libXinerama-1.1.5.tar.xz +mirror://xorg/individual/lib/libxkbfile-1.1.2.tar.xz +mirror://xorg/individual/lib/libXmu-1.1.4.tar.xz +mirror://xorg/individual/lib/libXp-1.0.4.tar.xz +mirror://xorg/individual/lib/libXpm-3.5.16.tar.xz +mirror://xorg/individual/lib/libXpresent-1.0.1.tar.xz +mirror://xorg/individual/lib/libXrandr-1.5.3.tar.xz +mirror://xorg/individual/lib/libXrender-0.9.11.tar.xz +mirror://xorg/individual/lib/libXres-1.2.2.tar.xz +mirror://xorg/individual/lib/libXScrnSaver-1.2.4.tar.xz +mirror://xorg/individual/lib/libxshmfence-1.3.2.tar.xz mirror://xorg/individual/lib/libXTrap-1.0.1.tar.bz2 -mirror://xorg/individual/lib/libXt-1.2.1.tar.bz2 -mirror://xorg/individual/lib/libXtst-1.2.3.tar.bz2 -mirror://xorg/individual/lib/libXv-1.0.11.tar.bz2 +mirror://xorg/individual/lib/libXt-1.3.0.tar.xz +mirror://xorg/individual/lib/libXtst-1.2.4.tar.xz +mirror://xorg/individual/lib/libXv-1.0.12.tar.xz mirror://xorg/individual/lib/libXvMC-1.0.13.tar.xz -mirror://xorg/individual/lib/libXxf86dga-1.1.5.tar.bz2 +mirror://xorg/individual/lib/libXxf86dga-1.1.6.tar.xz mirror://xorg/individual/lib/libXxf86misc-1.0.4.tar.bz2 mirror://xorg/individual/lib/libXxf86vm-1.1.5.tar.xz -mirror://xorg/individual/lib/xtrans-1.4.0.tar.bz2 -mirror://xorg/individual/proto/xcb-proto-1.14.1.tar.xz -mirror://xorg/individual/proto/xorgproto-2021.5.tar.bz2 +mirror://xorg/individual/lib/xtrans-1.5.0.tar.xz +mirror://xorg/individual/proto/xcb-proto-1.15.2.tar.xz +mirror://xorg/individual/proto/xorgproto-2023.2.tar.xz mirror://xorg/individual/util/bdftopcf-1.1.1.tar.xz mirror://xorg/individual/util/gccmakedep-1.0.3.tar.bz2 -mirror://xorg/individual/util/imake-1.0.8.tar.bz2 +mirror://xorg/individual/util/imake-1.0.9.tar.xz mirror://xorg/individual/util/lndir-1.0.4.tar.xz -mirror://xorg/individual/util/makedepend-1.0.6.tar.bz2 -mirror://xorg/individual/util/util-macros-1.19.3.tar.bz2 -mirror://xorg/individual/util/xorg-cf-files-1.0.7.tar.bz2 +mirror://xorg/individual/util/makedepend-1.0.8.tar.xz +mirror://xorg/individual/util/util-macros-1.20.0.tar.xz +mirror://xorg/individual/util/xorg-cf-files-1.0.8.tar.xz mirror://xorg/individual/xserver/xorg-server-21.1.8.tar.xz diff --git a/pkgs/stdenv/darwin/README.md b/pkgs/stdenv/darwin/README.md new file mode 100644 index 0000000000000..75d30b96a7f6b --- /dev/null +++ b/pkgs/stdenv/darwin/README.md @@ -0,0 +1,26 @@ +# Darwin stdenv design goals + +There are two more goals worth calling out explicitly: + +1. The standard environment should build successfully with sandboxing enabled on Darwin. It is + fine if a package requires a `sandboxProfile` to build, but it should not be necessary to + disable the sandbox to build the stdenv successfully; and +2. The output should depend weakly on the bootstrap tools. Historically, Darwin required updating + the bootstrap tools prior to updating the version of LLVM used in the standard environment. + By not depending on a specific version, the LLVM used on Darwin can be updated simply by + bumping the definition of llvmPackages in `all-packages.nix`. + +# Updating the stdenv + +There are effectively two steps when updating the standard environment: + +1. Update the definition of llvmPackages in `all-packages.nix` for Darwin to match the value of + llvmPackages.latest in `all-packages.nix`. Timing-wise, this done currently using the spring + release of LLVM and once llvmPackages.latest has been updated to match. If the LLVM project + has announced a release schedule of patch updates, wait until those are in nixpkgs. Otherwise, + the LLVM updates will have to go through staging instead of being merged into master; and +2. Fix the resulting breakage. Most things break due to additional warnings being turned into + errors or additional strictness applied by LLVM. Fixes may come in the form of disabling those + new warnings or by fixing the actual source (e.g., with a patch or update upstream). If the + fix is trivial (e.g., adding a missing int to an implicit declaration), it is better to fix + the problem instead of silencing the warning. diff --git a/pkgs/stdenv/darwin/default.nix b/pkgs/stdenv/darwin/default.nix index 1e7945d816ab1..7e6a707776305 100644 --- a/pkgs/stdenv/darwin/default.nix +++ b/pkgs/stdenv/darwin/default.nix @@ -1,10 +1,18 @@ +# This file contains the standard build environment for Darwin. It is based on LLVM and is patterned +# after the Linux stdenv. It shares similar goals to the Linux standard environment in that the +# resulting environment should be built purely and not contain any references to it. +# +# For more on the design of the stdenv and updating it, see `README.md`. +# +# See also the top comments of the Linux stdenv `../linux/default.nix` for a good overview of +# the bootstrap process and working with it. + { lib , localSystem , crossSystem , config , overlays , crossOverlays ? [ ] -, bootstrapLlvmVersion ? "11.1.0" # Allow passing in bootstrap files directly so we can test the stdenv bootstrap process when changing the bootstrap tools , bootstrapFiles ? if localSystem.isAarch64 then let @@ -42,11 +50,6 @@ let inherit (localSystem) system; useAppleSDKLibs = localSystem.isAarch64; - haveKRB5 = localSystem.isx86_64; - - # final toolchain is injected into llvmPackages_${finalLlvmVersion} - finalLlvmVersion = lib.versions.major bootstrapLlvmVersion; - finalLlvmPackages = "llvmPackages_${finalLlvmVersion}"; commonImpureHostDeps = [ "/bin/sh" @@ -54,16 +57,23 @@ let "/usr/lib/system/libunc.dylib" # This dependency is "hidden", so our scanning code doesn't pick it up ]; -in -rec { - commonPreHook = '' + isFromNixpkgs = pkg: !(isFromBootstrapFiles pkg); + isFromBootstrapFiles = + pkg: pkg.passthru.isFromBootstrapFiles or false; + isBuiltByNixpkgsCompiler = + pkg: isFromNixpkgs pkg && isFromNixpkgs pkg.stdenv.cc.cc; + isBuiltByBootstrapFilesCompiler = + pkg: isFromNixpkgs pkg && isFromBootstrapFiles pkg.stdenv.cc.cc; + + commonPreHook = pkgs: lib.optionalString (pkgs.darwin.system_cmds != null) '' + # Only use a response file on older systems with a small ARG_MAX (less than 1 MiB). + export NIX_CC_USE_RESPONSE_FILE=$(( "$("${lib.getBin pkgs.darwin.system_cmds}/bin/getconf" ARG_MAX)" < 1048576 )) + export NIX_LD_USE_RESPONSE_FILE=$NIX_CC_USE_RESPONSE_FILE + '' + '' export NIX_ENFORCE_NO_NATIVE=''${NIX_ENFORCE_NO_NATIVE-1} export NIX_ENFORCE_PURITY=''${NIX_ENFORCE_PURITY-1} export NIX_IGNORE_LD_THROUGH_GCC=1 unset SDKROOT - - stripAllFlags=" " # the Darwin "strip" command doesn't know "-s" - stripDebugFlags="-S" # the Darwin "strip" command does something odd with "-p" ''; bootstrapTools = derivation ({ @@ -80,122 +90,104 @@ rec { __contentAddressed = true; outputHashAlgo = "sha256"; outputHashMode = "recursive"; - }); - - stageFun = step: last: { shell ? "${bootstrapTools}/bin/bash" - , overrides ? (self: super: { }) - , extraPreHook ? "" - , extraNativeBuildInputs - , extraBuildInputs - , libcxx - , allowedRequisites ? null - }: - let - name = "bootstrap-stage${toString step}"; + }) // { passthru.isFromBootstrapFiles = true; }; - buildPackages = lib.optionalAttrs (last ? stdenv) { - inherit (last) stdenv; - }; - - doSign = localSystem.isAarch64 && last != null; - doUpdateAutoTools = localSystem.isAarch64 && last != null; + stageFun = prevStage: + { name, overrides ? (self: super: { }), extraNativeBuildInputs ? [ ], extraPreHook ? "" }: - mkExtraBuildCommands = cc: '' - rsrc="$out/resource-root" - mkdir "$rsrc" - ln -s "${cc.lib or cc}/lib/clang/${cc.version}/include" "$rsrc" - ln -s "${last.pkgs."${finalLlvmPackages}".compiler-rt.out}/lib" "$rsrc/lib" - echo "-resource-dir=$rsrc" >> $out/nix-support/cc-cflags - ''; + let + cc = if prevStage.llvmPackages.clang-unwrapped == null + then null else + lib.makeOverridable (import ../../build-support/cc-wrapper) { + name = "${name}-clang-wrapper"; - mkCC = overrides: import ../../build-support/cc-wrapper ( - let args = { - inherit lib shell; - inherit (last) stdenvNoCC; + nativeTools = false; + nativeLibc = false; - nativeTools = false; - nativeLibc = false; - inherit buildPackages libcxx; - inherit (last.pkgs) coreutils gnugrep; - bintools = last.pkgs.darwin.binutils; - libc = last.pkgs.darwin.Libsystem; - isClang = true; - cc = last.pkgs."${finalLlvmPackages}".clang-unwrapped; - }; in args // (overrides args) - ); + buildPackages = lib.optionalAttrs (prevStage ? stdenv) { + inherit (prevStage) stdenv; + }; - cc = if last == null then "/dev/null" else - mkCC ({ cc, ... }: { extraPackages = [ - last.pkgs."${finalLlvmPackages}".libcxxabi - last.pkgs."${finalLlvmPackages}".compiler-rt + prevStage.llvmPackages.libcxxabi + prevStage.llvmPackages.compiler-rt ]; - extraBuildCommands = mkExtraBuildCommands cc; - }); - ccNoLibcxx = if last == null then "/dev/null" else - mkCC ({ cc, ... }: { - libcxx = null; - extraPackages = [ - last.pkgs."${finalLlvmPackages}".compiler-rt - ]; - extraBuildCommands = '' - echo "-rtlib=compiler-rt" >> $out/nix-support/cc-cflags - echo "-B${last.pkgs."${finalLlvmPackages}".compiler-rt}/lib" >> $out/nix-support/cc-cflags - echo "-nostdlib++" >> $out/nix-support/cc-cflags - '' + mkExtraBuildCommands cc; - }); + extraBuildCommands = + let + inherit (prevStage.llvmPackages) clang-unwrapped compiler-rt release_version; + in + '' + function clangResourceRootIncludePath() { + clangLib="$1/lib/clang" + if (( $(ls "$clangLib" | wc -l) > 1 )); then + echo "Multiple LLVM versions were found at "$clangLib", but there must only be one used when building the stdenv." >&2 + exit 1 + fi + echo "$clangLib/$(ls -1 "$clangLib")/include" + } + + rsrc="$out/resource-root" + mkdir "$rsrc" + ln -s "$(clangResourceRootIncludePath "${clang-unwrapped.lib}")" "$rsrc" + ln -s "${compiler-rt.out}/lib" "$rsrc/lib" + ln -s "${compiler-rt.out}/share" "$rsrc/share" + echo "-resource-dir=$rsrc" >> $out/nix-support/cc-cflags + ''; - thisStdenv = import ../generic { - name = "${name}-stdenv-darwin"; + cc = prevStage.llvmPackages.clang-unwrapped; + bintools = prevStage.darwin.binutils; - inherit config shell extraBuildInputs; + isClang = true; + libc = prevStage.darwin.Libsystem; + inherit (prevStage.llvmPackages) libcxx; - extraNativeBuildInputs = extraNativeBuildInputs ++ lib.optionals doUpdateAutoTools [ - last.pkgs.updateAutotoolsGnuConfigScriptsHook - last.pkgs.gnu-config - ]; + inherit lib; + inherit (prevStage) coreutils gnugrep; - allowedRequisites = if allowedRequisites == null then null else allowedRequisites ++ [ - cc.expand-response-params - cc.bintools - ] ++ lib.optionals doUpdateAutoTools [ - last.pkgs.updateAutotoolsGnuConfigScriptsHook - last.pkgs.gnu-config - ] ++ lib.optionals doSign [ - last.pkgs.darwin.postLinkSignHook - last.pkgs.darwin.sigtool - last.pkgs.darwin.signingUtils - ]; + stdenvNoCC = prevStage.ccWrapperStdenv; + }; + + bash = prevStage.bash or bootstrapTools; + + thisStdenv = import ../generic { + name = "${name}-stdenv-darwin"; buildPlatform = localSystem; hostPlatform = localSystem; targetPlatform = localSystem; - inherit cc; + inherit config extraNativeBuildInputs; - preHook = lib.optionalString (shell == "${bootstrapTools}/bin/bash") '' + extraBuildInputs = [ prevStage.darwin.CF ]; + + preHook = lib.optionalString (!isBuiltByNixpkgsCompiler bash) '' # Don't patch #!/interpreter because it leads to retained # dependencies on the bootstrapTools in the final stdenv. dontPatchShebangs=1 '' + '' - ${commonPreHook} + ${commonPreHook prevStage} ${extraPreHook} + '' + lib.optionalString (prevStage.darwin ? locale) '' + export PATH_LOCALE=${prevStage.darwin.locale}/share/locale ''; - initialPath = [ bootstrapTools ]; + + shell = bash + "/bin/bash"; + initialPath = [ bash bootstrapTools ]; fetchurlBoot = import ../../build-support/fetchurl { inherit lib; - stdenvNoCC = stage0.stdenv; + stdenvNoCC = prevStage.ccWrapperStdenv or thisStdenv; curl = bootstrapTools; }; + inherit cc; + # The stdenvs themselves don't use mkDerivation, so I need to specify this here __stdenvImpureHostDeps = commonImpureHostDeps; __extraImpureHostDeps = commonImpureHostDeps; overrides = self: super: (overrides self super) // { - inherit ccNoLibcxx; fetchurl = thisStdenv.fetchurlBoot; }; }; @@ -205,94 +197,141 @@ rec { inherit config overlays; stdenv = thisStdenv; }; +in + assert bootstrapTools.passthru.isFromBootstrapFiles or false; # sanity check +[ + ({}: { + __raw = true; + + coreutils = null; + gnugrep = null; + + pbzx = null; + cpio = null; + + darwin = { + binutils = null; + binutils-unwrapped = null; + cctools = null; + print-reexports = null; + rewrite-tbd = null; + sigtool = null; + system_cmds = null; + CF = null; + Libsystem = null; + }; - stage0 = stageFun 0 null { - overrides = self: super: with stage0; { - coreutils = stdenv.mkDerivation { - name = "bootstrap-stage0-coreutils"; - buildCommand = '' - mkdir -p $out - ln -s ${bootstrapTools}/bin $out/bin - ''; - }; - - gnugrep = stdenv.mkDerivation { - name = "bootstrap-stage0-gnugrep"; + llvmPackages = { + clang-unwrapped = null; + libllvm = null; + libcxx = null; + libcxxabi = null; + compiler-rt = null; + }; + }) + + # Create a stage with the bootstrap tools. This will be used to build the subsequent stages and + # build up the standard environment. + # + # Note: Each stage depends only on the the packages in `prevStage`. If a package is not to be + # rebuilt, it should be passed through by inheriting it. + (prevStage: stageFun prevStage { + name = "bootstrap-stage0"; + + overrides = self: super: { + # We thread stage0's stdenv through under this name so downstream stages + # can use it for wrapping gcc too. This way, downstream stages don't need + # to refer to this stage directly, which violates the principle that each + # stage should only access the stage that came before it. + ccWrapperStdenv = self.stdenv; + + bash = bootstrapTools; + + coreutils = bootstrapTools; + gnugrep = bootstrapTools; + + pbzx = bootstrapTools; + cpio = self.stdenv.mkDerivation { + name = "bootstrap-stage0-cpio"; buildCommand = '' - mkdir -p $out - ln -s ${bootstrapTools}/bin $out/bin + mkdir -p $out/bin + ln -s ${bootstrapFiles.cpio} $out/bin/cpio ''; + passthru.isFromBootstrapFiles = true; }; - pbzx = self.runCommandLocal "bootstrap-stage0-pbzx" { } '' - mkdir -p $out/bin - ln -s ${bootstrapTools}/bin/pbzx $out/bin - ''; - - cpio = self.runCommandLocal "bootstrap-stage0-cpio" { } '' - mkdir -p $out/bin - ln -s ${bootstrapFiles.cpio} $out/bin/cpio - ''; + darwin = super.darwin.overrideScope (selfDarwin: _: { + binutils-unwrapped = bootstrapTools // { + version = "boot"; + }; - darwin = super.darwin.overrideScope (selfDarwin: superDarwin: { - darwin-stubs = superDarwin.darwin-stubs.override { inherit (self) stdenvNoCC fetchurl; }; + binutils = (import ../../build-support/bintools-wrapper) { + name = "bootstrap-stage0-binutils-wrapper"; - dyld = { - name = "bootstrap-stage0-dyld"; - buildCommand = '' - mkdir -p $out - ln -s ${bootstrapTools}/lib $out/lib - ln -s ${bootstrapTools}/include $out/include - ''; - }; + nativeTools = false; + nativeLibc = false; - sigtool = self.runCommandLocal "bootstrap-stage0-sigtool" { } '' - mkdir -p $out/bin - ln -s ${bootstrapTools}/bin/sigtool $out/bin - ln -s ${bootstrapTools}/bin/codesign $out/bin - ''; + buildPackages = { }; + libc = selfDarwin.Libsystem; - print-reexports = self.runCommandLocal "bootstrap-stage0-print-reexports" { } '' - mkdir -p $out/bin - ln -s ${bootstrapTools}/bin/print-reexports $out/bin - ''; + inherit lib; + inherit (self) stdenvNoCC coreutils gnugrep; - rewrite-tbd = self.runCommandLocal "bootstrap-stage0-rewrite-tbd" { } '' - mkdir -p $out/bin - ln -s ${bootstrapTools}/bin/rewrite-tbd $out/bin - ''; + bintools = selfDarwin.binutils-unwrapped; - binutils-unwrapped = bootstrapTools // { - name = "bootstrap-stage0-binutils"; + inherit (selfDarwin) postLinkSignHook signingUtils; }; cctools = bootstrapTools // { - name = "bootstrap-stage0-cctools"; targetPrefix = ""; + version = "boot"; + man = bootstrapTools; }; - binutils = lib.makeOverridable (import ../../build-support/bintools-wrapper) { - shell = "${bootstrapTools}/bin/bash"; - inherit lib; - inherit (self) stdenvNoCC; + locale = self.stdenv.mkDerivation { + name = "bootstrap-stage0-locale"; + buildCommand = '' + mkdir -p $out/share/locale + ''; + }; - nativeTools = false; - nativeLibc = false; - inherit (self) buildPackages coreutils gnugrep; - libc = selfDarwin.Libsystem; - bintools = selfDarwin.binutils-unwrapped; - inherit (selfDarwin) postLinkSignHook signingUtils; + print-reexports = bootstrapTools; + + rewrite-tbd = bootstrapTools; + + sigtool = bootstrapTools; + + # The bootstrap only needs `getconf` from system_cmds, and it only needs to be able to + # query `ARG_MAX`. Using a small value here should be fine for the initial stage 1 build. + system_cmds = self.stdenv.mkDerivation { + name = "bootstrap-stage0-system_cmds"; + buildCommand = '' + mkdir -p "$out/bin" + cat <<block > "$out/bin/getconf" + #!${bootstrapTools}/bin/bash + case "\$1" in + ARG_MAX) + echo "262144" + ;; + *) + exit 1 + esac + block + chmod a+x "$out/bin/getconf" + ''; + passthru.isFromBootstrapFiles = true; }; } // lib.optionalAttrs (! useAppleSDKLibs) { - CF = stdenv.mkDerivation { + CF = self.stdenv.mkDerivation { name = "bootstrap-stage0-CF"; buildCommand = '' mkdir -p $out/Library/Frameworks ln -s ${bootstrapTools}/Library/Frameworks/CoreFoundation.framework $out/Library/Frameworks ''; + passthru.isFromBootstrapFiles = true; }; - Libsystem = stdenv.mkDerivation { + Libsystem = self.stdenv.mkDerivation { name = "bootstrap-stage0-Libsystem"; buildCommand = '' mkdir -p $out @@ -314,495 +353,1035 @@ rec { ln -s ${bootstrapTools}/include-Libsystem $out/include ''; + passthru.isFromBootstrapFiles = true; }; }); - "${finalLlvmPackages}" = { - clang-unwrapped = stdenv.mkDerivation { - name = "bootstrap-stage0-clang"; - version = bootstrapLlvmVersion; - buildCommand = '' - mkdir -p $out/lib - ln -s ${bootstrapTools}/bin $out/bin - ln -s ${bootstrapTools}/lib/clang $out/lib/clang - ln -s ${bootstrapTools}/include $out/include - ''; - }; + llvmPackages = super.llvmPackages // ( + let + tools = super.llvmPackages.tools.extend (selfTools: _: { + libclang = self.stdenv.mkDerivation { + name = "bootstrap-stage0-clang"; + version = "boot"; + outputs = [ "out" "lib" ]; + buildCommand = '' + mkdir -p $out/lib + ln -s $out $lib + ln -s ${bootstrapTools}/bin $out/bin + ln -s ${bootstrapTools}/lib/clang $out/lib + ln -s ${bootstrapTools}/include $out + ''; + passthru.isFromBootstrapFiles = true; + }; + clang-unwrapped = selfTools.libclang; + libllvm = self.stdenv.mkDerivation { + name = "bootstrap-stage0-llvm"; + outputs = [ "out" "lib" ]; + buildCommand = '' + mkdir -p $out/bin $out/lib + ln -s $out $lib + ln -s ${bootstrapTools}/bin/strip $out/bin/llvm-strip + ln -s ${bootstrapTools}/lib/libLLVM* $out/lib + ''; + passthru.isFromBootstrapFiles = true; + }; + llvm = selfTools.libllvm; + }); + libraries = super.llvmPackages.libraries.extend (_: _: { + libcxx = self.stdenv.mkDerivation { + name = "bootstrap-stage0-libcxx"; + buildCommand = '' + mkdir -p $out/lib $out/include + ln -s ${bootstrapTools}/lib/libc++.dylib $out/lib + ln -s ${bootstrapTools}/include/c++ $out/include + ''; + passthru = { + isLLVM = true; + cxxabi = self.llvmPackages.libcxxabi; + isFromBootstrapFiles = true; + }; + }; + libcxxabi = self.stdenv.mkDerivation { + name = "bootstrap-stage0-libcxxabi"; + buildCommand = '' + mkdir -p $out/lib + ln -s ${bootstrapTools}/lib/libc++abi.dylib $out/lib + ''; + passthru = { + libName = "c++abi"; + isFromBootstrapFiles = true; + }; + }; + compiler-rt = self.stdenv.mkDerivation { + name = "bootstrap-stage0-compiler-rt"; + buildCommand = '' + mkdir -p $out/lib $out/share + ln -s ${bootstrapTools}/lib/libclang_rt* $out/lib + ln -s ${bootstrapTools}/lib/darwin $out/lib + ''; + passthru.isFromBootstrapFiles = true; + }; + }); + in + { inherit tools libraries; } // tools // libraries + ); + }; - libcxx = stdenv.mkDerivation { - name = "bootstrap-stage0-libcxx"; - dontUnpack = true; - installPhase = '' - mkdir -p $out/lib $out/include - ln -s ${bootstrapTools}/lib/libc++.dylib $out/lib/libc++.dylib - ln -s ${bootstrapTools}/include/c++ $out/include/c++ - ''; - passthru = { - isLLVM = true; - cxxabi = self."${finalLlvmPackages}".libcxxabi; - }; + # The bootstrap tools may use `strip` from cctools, so use a compatible set of flags until LLVM + # is rebuilt, and darwin.binutils can use its implementation instead. + extraPreHook = '' + stripAllFlags=" " # the cctools "strip" command doesn't know "-s" + stripDebugFlags="-S" # the cctools "strip" command does something odd with "-p" + ''; + }) + + # This stage is primarily responsible for building the linker and setting up versions of + # certain dependencies needed by the rest of the build process. It is necessary to rebuild the + # linker because the `compiler-rt` build process checks the version and attempts to manually + # run `codesign` if it detects a version of `ld64` it considers too old. If that happens, the + # build process will fail for a few different reasons: + # - sigtool is too old and does not accept the `--sign` argument; + # - sigtool is new enough to accept the `--sign` argument, but it aborts when it is invoked on a + # binary that is already signed; or + # - compiler-rt attempts to invoke `codesign` on x86_64-darwin, but `sigtool` is not currently + # part of the x86_64-darwin bootstrap tools. + # + # This stage also builds CF and Libsystem to simplify assertions and assumptions for later by + # making sure both packages are present on x86_64-darwin and aarch64-darwin. + (prevStage: + # previous stage0 stdenv: + assert lib.all isFromBootstrapFiles (with prevStage; [ bash coreutils cpio gnugrep pbzx ]); + + assert lib.all isFromBootstrapFiles (with prevStage.darwin; [ + binutils-unwrapped cctools print-reexports rewrite-tbd sigtool system_cmds + ]); + + assert (! useAppleSDKLibs) -> lib.all isFromBootstrapFiles (with prevStage.darwin; [ CF Libsystem ]); + assert useAppleSDKLibs -> lib.all isFromNixpkgs (with prevStage.darwin; [ CF Libsystem ]); + assert lib.all isFromNixpkgs (with prevStage.darwin; [ dyld launchd xnu ]); + + assert lib.all isFromBootstrapFiles (with prevStage.llvmPackages; [ + clang-unwrapped libclang libllvm llvm compiler-rt libcxx libcxxabi + ]); + + stageFun prevStage { + name = "bootstrap-stage1"; + + overrides = self: super: { + inherit (prevStage) ccWrapperStdenv + coreutils gnugrep; + + cmake = super.cmakeMinimal; + + curl = super.curlMinimal; + + # Disable tests because they use dejagnu, which fails to run. + libffi = super.libffi.override { doCheck = false; }; + + # Avoid pulling in a full python and its extra dependencies for the llvm/clang builds. + libxml2 = super.libxml2.override { pythonSupport = false; }; + + ninja = super.ninja.override { buildDocs = false; }; + + python3 = super.python3Minimal; + + darwin = super.darwin.overrideScope (selfDarwin: superDarwin: { + inherit (prevStage.darwin) system_cmds; + + signingUtils = prevStage.darwin.signingUtils.override { + inherit (selfDarwin) sigtool; }; - libcxxabi = stdenv.mkDerivation { - name = "bootstrap-stage0-libcxxabi"; - buildCommand = '' - mkdir -p $out/lib - ln -s ${bootstrapTools}/lib/libc++abi.dylib $out/lib/libc++abi.dylib - ''; - passthru = { - libName = "c++abi"; - }; + binutils = superDarwin.binutils.override { + inherit (self) coreutils; + inherit (selfDarwin) postLinkSignHook signingUtils; + + bintools = selfDarwin.binutils-unwrapped; + libc = selfDarwin.Libsystem; }; - compiler-rt = stdenv.mkDerivation { - name = "bootstrap-stage0-compiler-rt"; - buildCommand = '' - mkdir -p $out/lib - ln -s ${bootstrapTools}/lib/libclang_rt* $out/lib - ln -s ${bootstrapTools}/lib/darwin $out/lib/darwin - ''; + binutils-unwrapped = superDarwin.binutils-unwrapped.override { + inherit (selfDarwin) cctools; }; - }; + + cctools = selfDarwin.cctools-port; + }); + + llvmPackages = super.llvmPackages // ( + let + tools = super.llvmPackages.tools.extend (_: _: { + inherit (prevStage.llvmPackages) clang-unwrapped libclang libllvm llvm; + }); + libraries = super.llvmPackages.libraries.extend (_: _: { + inherit (prevStage.llvmPackages) compiler-rt libcxx libcxxabi; + }); + in + { inherit tools libraries; inherit (prevStage.llvmPackages) release_version; } // tools // libraries + ); }; - extraNativeBuildInputs = [ ]; - extraBuildInputs = [ ]; - libcxx = null; - }; + extraNativeBuildInputs = lib.optionals localSystem.isAarch64 [ + prevStage.updateAutotoolsGnuConfigScriptsHook + prevStage.gnu-config + ]; + + # The bootstrap tools may use `strip` from cctools, so use a compatible set of flags until LLVM + # is rebuilt, and darwin.binutils can use its implementation instead. + extraPreHook = '' + stripAllFlags=" " # the cctools "strip" command doesn't know "-s" + stripDebugFlags="-S" # the cctools "strip" command does something odd with "-p" + + # Don’t assume the ld64 in bootstrap tools supports response files. Only recent versions do. + export NIX_LD_USE_RESPONSE_FILE=0 + ''; + }) + + # Build sysctl, system_cmds and Python for use by LLVM’s check phase. These must be built in their + # own stage, or an infinite recursion results on x86_64-darwin when using the source-based SDK. + (prevStage: + # previous stage1 stdenv: + assert lib.all isFromBootstrapFiles (with prevStage; [ coreutils gnugrep ]); + + assert lib.all isBuiltByBootstrapFilesCompiler (with prevStage; [ + autoconf automake bash binutils-unwrapped bison brotli cmake cpio curl cyrus_sasl db + ed expat flex gettext gmp groff icu libedit libffi libiconv libidn2 libkrb5 libssh2 + libtool libunistring libxml2 m4 ncurses nghttp2 ninja openldap openssh openssl + patchutils pbzx perl pkg-config.pkg-config python3 python3Minimal scons serf sqlite + subversion texinfo unzip which xz zlib zstd + ]); + + assert lib.all isBuiltByBootstrapFilesCompiler (with prevStage.darwin; [ + binutils-unwrapped cctools locale libtapi print-reexports rewrite-tbd sigtool + ]); + assert lib.all isFromBootstrapFiles (with prevStage.darwin; [ system_cmds ]); + + assert (! useAppleSDKLibs) -> lib.all isBuiltByBootstrapFilesCompiler (with prevStage.darwin; [ CF Libsystem configd ]); + assert useAppleSDKLibs -> lib.all isFromNixpkgs (with prevStage.darwin; [ CF Libsystem libobjc]); + assert lib.all isFromNixpkgs (with prevStage.darwin; [ dyld launchd xnu ]); + + assert lib.all isFromBootstrapFiles (with prevStage.llvmPackages; [ + clang-unwrapped libclang libllvm llvm compiler-rt libcxx libcxxabi + ]); + + assert lib.getVersion prevStage.stdenv.cc.bintools.bintools == "boot"; + + stageFun prevStage { + name = "bootstrap-stage1-sysctl"; + + overrides = self: super: { + inherit (prevStage) ccWrapperStdenv + autoconf automake bash binutils binutils-unwrapped bison brotli cmake cmakeMinimal + coreutils cpio curl cyrus_sasl db ed expat flex gettext gmp gnugrep groff icu + libedit libffi libiconv libidn2 libkrb5 libssh2 libtool libunistring libxml2 m4 + ncurses nghttp2 ninja openldap openssh openssl patchutils pbzx perl pkg-config + python3Minimal scons sed serf sharutils sqlite subversion texinfo unzip which xz + zlib zstd; + + # Support for the SystemConfiguration framework is required to run the LLVM tests, but trying + # to override python3Minimal does not appear to work. + python3 = (super.python3.override { + inherit (self) libffi; + inherit (self.darwin) configd; + openssl = null; + readline = null; + ncurses = null; + gdbm = null; + sqlite = null; + tzdata = null; + stripConfig = true; + stripIdlelib = true; + stripTests = true; + stripTkinter = true; + rebuildBytecode = false; + stripBytecode = true; + includeSiteCustomize = false; + enableOptimizations = false; + enableLTO = false; + mimetypesSupport = false; + }).overrideAttrs (_: { pname = "python3-minimal-scproxy"; }); + + darwin = super.darwin.overrideScope (_: superDarwin: { + inherit (prevStage.darwin) + CF Libsystem binutils-unwrapped cctools cctools-port configd darwin-stubs dyld + launchd libclosure libdispatch libobjc locale objc4 postLinkSignHook + print-reexports rewrite-tbd signingUtils sigtool; + }); - stage1 = prevStage: - let - persistent = self: super: with prevStage; { - cmake = super.cmakeMinimal; + llvmPackages = super.llvmPackages // ( + let + tools = super.llvmPackages.tools.extend (_: _: { + inherit (prevStage.llvmPackages) clang-unwrapped libclang libllvm llvm; + clang = prevStage.stdenv.cc; + }); + libraries = super.llvmPackages.libraries.extend (_: _: { + inherit (prevStage.llvmPackages) compiler-rt libcxx libcxxabi; + }); + in + { inherit tools libraries; inherit (prevStage.llvmPackages) release_version; } // tools // libraries + ); + }; - curl = super.curlMinimal; + extraNativeBuildInputs = lib.optionals localSystem.isAarch64 [ + prevStage.updateAutotoolsGnuConfigScriptsHook + prevStage.gnu-config + ]; + + # Until LLVM is rebuilt, assume `strip` is the one from cctools. + extraPreHook = '' + stripAllFlags=" " # the cctools "strip" command doesn't know "-s" + stripDebugFlags="-S" # the cctools "strip" command does something odd with "-p" + ''; + }) + + # First rebuild of LLVM. While this LLVM is linked to a bunch of junk from the bootstrap tools, + # the libc++ and libc++abi it produces are not. The compiler will be rebuilt in a later stage, + # but those libraries will be used in the final stdenv. + # + # Rebuild coreutils and gnugrep to avoid unwanted references to the bootstrap tools on `PATH`. + (prevStage: + # previous stage-sysctl stdenv: + assert lib.all isFromBootstrapFiles (with prevStage; [ coreutils gnugrep ]); + + assert lib.all isBuiltByBootstrapFilesCompiler (with prevStage; [ + autoconf automake bash binutils-unwrapped bison brotli cmake cpio curl cyrus_sasl db + ed expat flex gettext gmp groff icu libedit libffi libiconv libidn2 libkrb5 libssh2 + libtool libunistring libxml2 m4 ncurses nghttp2 ninja openldap openssh openssl + patchutils pbzx perl pkg-config.pkg-config python3 python3Minimal scons serf sqlite + subversion sysctl.provider texinfo unzip which xz zlib zstd + ]); + + assert lib.all isBuiltByBootstrapFilesCompiler (with prevStage.darwin; [ + binutils-unwrapped cctools locale libtapi print-reexports rewrite-tbd sigtool system_cmds + ]); + + assert (! useAppleSDKLibs) -> lib.all isBuiltByBootstrapFilesCompiler (with prevStage.darwin; [ CF Libsystem configd ]); + assert useAppleSDKLibs -> lib.all isFromNixpkgs (with prevStage.darwin; [ CF Libsystem libobjc ]); + assert lib.all isFromNixpkgs (with prevStage.darwin; [ dyld launchd xnu ]); + + assert lib.all isFromBootstrapFiles (with prevStage.llvmPackages; [ + clang-unwrapped libclang libllvm llvm compiler-rt libcxx libcxxabi + ]); + + assert lib.getVersion prevStage.stdenv.cc.bintools.bintools == lib.getVersion prevStage.darwin.cctools-port; + + stageFun prevStage { + name = "bootstrap-stage-xclang"; + + overrides = self: super: { + inherit (prevStage) ccWrapperStdenv + autoconf automake bash binutils binutils-unwrapped bison brotli cmake cmakeMinimal + cpio curl cyrus_sasl db ed expat flex gettext gmp groff icu libedit libffi libiconv + libidn2 libkrb5 libssh2 libtool libunistring libxml2 m4 ncurses nghttp2 ninja + openldap openssh openssl patchutils pbzx perl pkg-config python3 python3Minimal + scons sed serf sharutils sqlite subversion sysctl texinfo unzip which xz zlib zstd; + + # Switch from cctools-port to cctools-llvm now that LLVM has been built. + darwin = super.darwin.overrideScope (_: superDarwin: { + inherit (prevStage.darwin) + CF Libsystem configd darwin-stubs dyld launchd libclosure libdispatch libobjc + locale objc4 postLinkSignHook print-reexports rewrite-tbd signingUtils sigtool + system_cmds; + + # Avoid building unnecessary Python dependencies due to building LLVM manpages. + cctools-llvm = superDarwin.cctools-llvm.override { enableManpages = false; }; + }); - inherit pbzx cpio; + llvmPackages = super.llvmPackages // ( + let + llvmMajor = lib.versions.major super.llvmPackages.release_version; - python3 = super.python3Minimal; + # libc++, and libc++abi do not need CoreFoundation. Avoid propagating the CF from prior + # stages to the final stdenv via rpath by dropping it from `extraBuildInputs`. + stdenvNoCF = self.stdenv.override { + extraBuildInputs = [ ]; + }; - ninja = super.ninja.override { buildDocs = false; }; + libcxxBootstrapStdenv = self.overrideCC stdenvNoCF (self.llvmPackages.clangNoCompilerRtWithLibc.override { + nixSupport.cc-cflags = [ "-nostdlib" ]; + nixSupport.cc-ldflags = [ "-lSystem" ]; + }); - "${finalLlvmPackages}" = super."${finalLlvmPackages}" // ( - let - tools = super."${finalLlvmPackages}".tools.extend (_: _: { - inherit (pkgs."${finalLlvmPackages}") clang-unwrapped; - }); - libraries = super."${finalLlvmPackages}".libraries.extend (_: _: { - inherit (pkgs."${finalLlvmPackages}") compiler-rt libcxx libcxxabi; + libraries = super.llvmPackages.libraries.extend (selfLib: superLib: { + compiler-rt = null; + libcxx = superLib.libcxx.override ({ + inherit (selfLib) libcxxabi; + stdenv = libcxxBootstrapStdenv; }); - in - { inherit tools libraries; } // tools // libraries - ); + libcxxabi = superLib.libcxxabi.override { + stdenv = libcxxBootstrapStdenv; + } + # Setting `standalone = true` is only needed with older verions of LLVM. Newer ones + # automatically do what is necessary to bootstrap lib++abi. + // lib.optionalAttrs (builtins.any (v: llvmMajor == v) [ "7" "11" "12" "13" ]) { + standalone = true; + }; + }); + in + { inherit libraries; } // libraries + ); + }; - darwin = super.darwin.overrideScope (selfDarwin: _: { - inherit (darwin) rewrite-tbd binutils-unwrapped; + extraNativeBuildInputs = lib.optionals localSystem.isAarch64 [ + prevStage.updateAutotoolsGnuConfigScriptsHook + prevStage.gnu-config + ]; + + extraPreHook = '' + stripAllFlags=" " # the cctools "strip" command doesn't know "-s" + stripDebugFlags="-S" # the cctools "strip" command does something odd with "-p" + ''; + }) + + # This stage rebuilds Libsystem. It also rebuilds bash, which will be needed in later stages + # to use in patched shebangs (e.g., to make sure `icu-config` uses bash from nixpkgs). + (prevStage: + # previous stage-xclang stdenv: + assert lib.all isBuiltByBootstrapFilesCompiler (with prevStage; [ + autoconf automake bash binutils-unwrapped bison cmake cmakeMinimal coreutils cpio + cyrus_sasl db ed expat flex gettext gmp gnugrep groff icu libedit libtool m4 ninja + openbsm openldap openpam openssh patchutils pbzx perl pkg-config.pkg-config python3 + python3Minimal scons serf sqlite subversion sysctl.provider texinfo unzip which xz + ]); + + assert lib.all isBuiltByBootstrapFilesCompiler (with prevStage; [ + brotli curl libffi libiconv libidn2 libkrb5 libssh2 libunistring libxml2 ncurses + nghttp2 openssl zlib zstd + ]); + + assert lib.all isBuiltByBootstrapFilesCompiler (with prevStage.darwin; [ + binutils-unwrapped cctools locale libtapi print-reexports rewrite-tbd sigtool system_cmds + ]); + + assert (! useAppleSDKLibs) -> lib.all isBuiltByBootstrapFilesCompiler (with prevStage.darwin; [ CF Libsystem configd ]); + assert useAppleSDKLibs -> lib.all isFromNixpkgs (with prevStage.darwin; [ CF Libsystem libobjc ]); + assert lib.all isFromNixpkgs (with prevStage.darwin; [ dyld launchd libclosure libdispatch xnu ]); + + assert lib.all isBuiltByBootstrapFilesCompiler (with prevStage.llvmPackages; [ + clang-unwrapped libclang libllvm llvm + ]); + assert lib.all isBuiltByNixpkgsCompiler (with prevStage.llvmPackages; [ libcxx libcxxabi ]); + assert prevStage.llvmPackages.compiler-rt == null; + + assert lib.getVersion prevStage.stdenv.cc.bintools.bintools == lib.getVersion prevStage.darwin.cctools-port; + + stageFun prevStage { + + name = "bootstrap-stage2-Libsystem"; + + overrides = self: super: { + inherit (prevStage) ccWrapperStdenv + autoconf automake binutils-unwrapped bison brotli cmake cmakeMinimal coreutils + cpio curl cyrus_sasl db ed expat flex gettext gmp gnugrep groff icu libedit libffi + libiconv libidn2 libkrb5 libssh2 libtool libunistring libxml2 m4 ncurses nghttp2 + ninja openbsm openldap openpam openssh openssl patchutils pbzx perl pkg-config + python3 python3Minimal scons serf sqlite subversion sysctl texinfo unzip which xz + zlib zstd; + + # Bash must be linked against the system CoreFoundation instead of the open-source one. + # Otherwise, there will be a dependency cycle: bash -> CF -> icu -> bash (for icu^dev). + bash = super.bash.overrideAttrs (super: { + buildInputs = super.buildInputs ++ [ self.darwin.apple_sdk.frameworks.CoreFoundation ]; + }); - signingUtils = darwin.signingUtils.override { - inherit (selfDarwin) sigtool; - }; + darwin = super.darwin.overrideScope (selfDarwin: superDarwin: { + inherit (prevStage.darwin) + CF binutils-unwrapped cctools configd darwin-stubs launchd libobjc libtapi locale + objc4 print-reexports rewrite-tbd signingUtils sigtool system_cmds; + }); + + llvmPackages = super.llvmPackages // ( + let + tools = super.llvmPackages.tools.extend (_: _: { + inherit (prevStage.llvmPackages) clang-unwrapped clangNoCompilerRtWithLibc libclang libllvm llvm; + }); + + libraries = super.llvmPackages.libraries.extend (selfLib: superLib: { + inherit (prevStage.llvmPackages) compiler-rt libcxx libcxxabi; + }); + in + { inherit tools libraries; inherit (prevStage.llvmPackages) release_version; } // tools // libraries + ); - binutils = darwin.binutils.override { - coreutils = self.coreutils; - libc = selfDarwin.Libsystem; - inherit (selfDarwin) postLinkSignHook signingUtils; + # Don’t link anything in this stage against CF to prevent propagating CF from prior stages to + # the final stdenv, which happens because of the rpath hook. + stdenv = + let + stdenvNoCF = super.stdenv.override { + extraBuildInputs = [ ]; }; + in + self.overrideCC stdenvNoCF (self.llvmPackages.clangNoCompilerRtWithLibc.override { + inherit (self.llvmPackages) libcxx; + extraPackages = [ self.llvmPackages.libcxxabi ]; }); - }; - in - with prevStage; stageFun 1 prevStage { - extraPreHook = "export NIX_CFLAGS_COMPILE+=\" -F${bootstrapTools}/Library/Frameworks\""; - extraNativeBuildInputs = [ ]; - extraBuildInputs = [ pkgs.darwin.CF ]; - libcxx = pkgs."${finalLlvmPackages}".libcxx; - - allowedRequisites = - [ bootstrapTools ] ++ - (with pkgs; [ coreutils gnugrep ]) ++ - (with pkgs."${finalLlvmPackages}"; [ libcxx libcxxabi compiler-rt clang-unwrapped ]) ++ - (with pkgs.darwin; [ Libsystem CF ] ++ lib.optional useAppleSDKLibs objc4); - - overrides = persistent; }; - stage2 = prevStage: - let - persistent = self: super: with prevStage; { - inherit - zlib patchutils m4 scons flex perl bison unifdef unzip openssl python3 - libxml2 gettext sharutils gmp libarchive ncurses pkg-config libedit groff - openssh sqlite sed serf openldap db cyrus-sasl expat apr-util subversion xz - findfreetype libssh curl cmake autoconf automake libtool ed cpio coreutils - libssh2 nghttp2 libkrb5 ninja brotli libiconv; - - "${finalLlvmPackages}" = super."${finalLlvmPackages}" // ( - let - tools = super."${finalLlvmPackages}".tools.extend (_: _: { - inherit (pkgs."${finalLlvmPackages}") clang-unwrapped; - }); - libraries = super."${finalLlvmPackages}".libraries.extend (_: libSuper: { - inherit (pkgs."${finalLlvmPackages}") compiler-rt; - libcxx = libSuper.libcxx.override { - stdenv = overrideCC self.stdenv self.ccNoLibcxx; + extraNativeBuildInputs = lib.optionals localSystem.isAarch64 [ + prevStage.updateAutotoolsGnuConfigScriptsHook + prevStage.gnu-config + ]; + + extraPreHook = '' + stripDebugFlags="-S" # llvm-strip does not support "-p" for Mach-O + ''; + }) + + # This stage rebuilds CF and compiler-rt. + # + # CF requires: + # - aarch64-darwin: libobjc (due to being apple_sdk.frameworks.CoreFoundation instead of swift-corefoundation) + # - x86_64-darwin: libiconv libxml2 icu zlib + (prevStage: + # previous stage2-Libsystem stdenv: + assert lib.all isBuiltByBootstrapFilesCompiler (with prevStage; [ + autoconf automake binutils-unwrapped bison brotli cmake cmakeMinimal coreutils + cpio curl cyrus_sasl db ed expat flex gettext gmp gnugrep groff icu libedit libidn2 + libkrb5 libssh2 libtool libunistring m4 nghttp2 ninja openbsm openldap openpam openssh + openssl patchutils pbzx perl pkg-config.pkg-config python3 python3Minimal scons serf + sqlite subversion sysctl.provider texinfo unzip which xz zstd + ]); + + assert lib.all isBuiltByNixpkgsCompiler (with prevStage; [ bash ]); + + assert lib.all isBuiltByBootstrapFilesCompiler (with prevStage; [ + libffi libiconv libxml2 ncurses zlib zstd + ]); + + assert lib.all isBuiltByBootstrapFilesCompiler (with prevStage.darwin; [ + binutils-unwrapped cctools locale libtapi print-reexports rewrite-tbd sigtool system_cmds + ]); + + assert (! useAppleSDKLibs) -> lib.all isBuiltByBootstrapFilesCompiler (with prevStage.darwin; [ CF configd ]); + assert (! useAppleSDKLibs) -> lib.all isBuiltByNixpkgsCompiler (with prevStage.darwin; [ Libsystem ]); + assert useAppleSDKLibs -> lib.all isFromNixpkgs (with prevStage.darwin; [ CF Libsystem libobjc ]); + assert lib.all isFromNixpkgs (with prevStage.darwin; [ dyld launchd libclosure libdispatch xnu ]); + + assert lib.all isBuiltByBootstrapFilesCompiler (with prevStage.llvmPackages; [ + clang-unwrapped libclang libllvm llvm + ]); + assert lib.all isBuiltByNixpkgsCompiler (with prevStage.llvmPackages; [ libcxx libcxxabi ]); + assert prevStage.llvmPackages.compiler-rt == null; + + assert lib.getVersion prevStage.stdenv.cc.bintools.bintools == lib.getVersion prevStage.darwin.cctools-llvm; + + stageFun prevStage { + + name = "bootstrap-stage2-CF"; + + overrides = self: super: { + inherit (prevStage) ccWrapperStdenv + autoconf automake bash bison brotli cmake cmakeMinimal coreutils cpio curl + cyrus_sasl db ed expat flex gettext gmp gnugrep groff libedit libidn2 libkrb5 + libssh2 libtool libunistring m4 ncurses nghttp2 ninja openbsm openldap openpam + openssh openssl patchutils pbzx perl pkg-config python3 python3Minimal scons serf + sqlite subversion sysctl texinfo unzip which xz zstd; + + # Avoid pulling in a full python and its extra dependencies for the llvm/clang builds. + libxml2 = super.libxml2.override { pythonSupport = false; }; + + darwin = super.darwin.overrideScope (selfDarwin: superDarwin: { + inherit (prevStage.darwin) + Libsystem configd darwin-stubs launchd locale print-reexports rewrite-tbd + signingUtils sigtool system_cmds; + + # Rewrap binutils so it uses the rebuilt Libsystem. + binutils = superDarwin.binutils.override { + buildPackages = { + inherit (prevStage) stdenv; + }; + libc = selfDarwin.Libsystem; + } // { + passthru = { inherit (prevStage.bintools.passthru) isFromBootstrapFiles; }; + }; + + # Avoid building unnecessary Python dependencies due to building LLVM manpages. + cctools-llvm = superDarwin.cctools-llvm.override { enableManpages = false; }; + }); + + llvmPackages = super.llvmPackages // ( + let + tools = super.llvmPackages.tools.extend (_: _: { + inherit (prevStage.llvmPackages) clang-unwrapped clangNoCompilerRtWithLibc libclang libllvm llvm; + clang = prevStage.stdenv.cc; + }); + + libraries = super.llvmPackages.libraries.extend (selfLib: superLib: { + inherit (prevStage.llvmPackages) libcxx libcxxabi; + + # Make sure compiler-rt is linked against the CF from this stage, which can be + # propagated to the final stdenv. CF is required by ASAN. + compiler-rt = superLib.compiler-rt.override ({ + inherit (selfLib) libcxxabi; + inherit (self.llvmPackages) libllvm; + stdenv = self.stdenv.override { + extraBuildInputs = [ self.darwin.CF ]; }; - libcxxabi = libSuper.libcxxabi.override ({ - stdenv = overrideCC self.stdenv self.ccNoLibcxx; - } // lib.optionalAttrs (builtins.any (v: finalLlvmVersion == v) [ 7 11 12 13 ]) { - # TODO: the bootstrapping of llvm packages isn't consistent. - # `standalone` may be redundant if darwin behaves like useLLVM (or - # has useLLVM = true). - standalone = true; - }); }); - in - { inherit tools libraries; } // tools // libraries - ); + }); + in + { inherit tools libraries; inherit (prevStage.llvmPackages) release_version; } // tools // libraries + ); - darwin = super.darwin.overrideScope (_: _: { - inherit (darwin) - binutils dyld Libsystem xnu configd ICU libdispatch libclosure - launchd CF objc4 darwin-stubs sigtool postLinkSignHook signingUtils; - }); - }; - in - with prevStage; stageFun 2 prevStage { - extraPreHook = '' - export PATH_LOCALE=${pkgs.darwin.locale}/share/locale - ''; + # Don’t link anything in this stage against CF to prevent propagating CF from prior stages to + # the final stdenv, which happens because of the rpath hook. Also don’t use a stdenv with + # compiler-rt because it needs to be built in this stage. + stdenv = + let + stdenvNoCF = super.stdenv.override { + extraBuildInputs = [ ]; + }; + in + self.overrideCC stdenvNoCF (self.llvmPackages.clangNoCompilerRtWithLibc.override { + inherit (self.llvmPackages) libcxx; + + # Make sure the stdenv is using the Libsystem that will be propagated to the final stdenv. + libc = self.darwin.Libsystem; + bintools = self.llvmPackages.clangNoCompilerRtWithLibc.bintools.override { + libc = self.darwin.Libsystem; + }; - extraNativeBuildInputs = [ pkgs.xz ]; - extraBuildInputs = [ pkgs.darwin.CF ]; - libcxx = pkgs."${finalLlvmPackages}".libcxx; - - allowedRequisites = - [ bootstrapTools ] ++ - (with pkgs; [ - xz.bin - xz.out - zlib - libxml2.out - curl.out - openssl.out - libssh2.out - nghttp2.lib - coreutils - gnugrep - gnugrep.pcre2.out - gmp - libiconv - brotli.lib - file - ] ++ lib.optional haveKRB5 libkrb5) ++ - (with pkgs."${finalLlvmPackages}"; [ - libcxx - libcxxabi - compiler-rt - clang-unwrapped - ]) ++ - (with pkgs.darwin; [ dyld Libsystem CF ICU locale ] ++ lib.optional useAppleSDKLibs objc4); - - overrides = persistent; + extraPackages = [ self.llvmPackages.libcxxabi ]; + }); }; - stage3 = prevStage: - let - persistent = self: super: with prevStage; { - inherit - patchutils m4 scons flex perl bison unifdef unzip openssl python3 - gettext sharutils libarchive pkg-config groff bash subversion - openssh sqlite sed serf openldap db cyrus-sasl expat apr-util - findfreetype libssh curl cmake autoconf automake libtool cpio - libssh2 nghttp2 libkrb5 ninja; - - # Avoid pulling in a full python and its extra dependencies for the llvm/clang builds. - libxml2 = super.libxml2.override { pythonSupport = false; }; - - "${finalLlvmPackages}" = super."${finalLlvmPackages}" // ( - let - libraries = super."${finalLlvmPackages}".libraries.extend (_: _: { - inherit (pkgs."${finalLlvmPackages}") libcxx libcxxabi; - }); - in - { inherit libraries; } // libraries - ); + extraNativeBuildInputs = lib.optionals localSystem.isAarch64 [ + prevStage.updateAutotoolsGnuConfigScriptsHook + prevStage.gnu-config + ]; + + extraPreHook = '' + stripDebugFlags="-S" # llvm-strip does not support "-p" for Mach-O + ''; + }) + + # Rebuild LLVM with LLVM. This stage also rebuilds certain dependencies needed by LLVM. + # + # LLVM requires: libcxx libcxxabi libffi libiconv libxml2 ncurses zlib + (prevStage: + # previous stage2-CF stdenv: + assert lib.all isBuiltByBootstrapFilesCompiler (with prevStage; [ + autoconf automake bison brotli cmake cmakeMinimal coreutils cpio curl cyrus_sasl + db ed expat flex gettext gmp gnugrep groff libedit libidn2 libkrb5 libssh2 libtool + libunistring m4 ncurses nghttp2 ninja openbsm openldap openpam openssh openssl + patchutils pbzx perl pkg-config.pkg-config python3 python3Minimal scons serf sqlite + subversion sysctl.provider texinfo unzip which xz zstd + ]); + assert lib.all isBuiltByNixpkgsCompiler (with prevStage; [ + bash binutils-unwrapped icu libffi libiconv libxml2 zlib + ]); + + assert lib.all isBuiltByBootstrapFilesCompiler (with prevStage.darwin; [ + locale print-reexports rewrite-tbd sigtool system_cmds + ]); + assert lib.all isBuiltByNixpkgsCompiler (with prevStage.darwin; [ + binutils-unwrapped cctools libtapi + ]); + + assert (! useAppleSDKLibs) -> lib.all isBuiltByBootstrapFilesCompiler (with prevStage.darwin; [ configd ]); + assert (! useAppleSDKLibs) -> lib.all isBuiltByNixpkgsCompiler (with prevStage.darwin; [ CF Libsystem ]); + assert useAppleSDKLibs -> lib.all isFromNixpkgs (with prevStage.darwin; [ CF Libsystem libobjc ]); + assert lib.all isFromNixpkgs (with prevStage.darwin; [ dyld launchd libclosure libdispatch xnu ]); + + assert lib.all isBuiltByBootstrapFilesCompiler (with prevStage.llvmPackages; [ + clang-unwrapped libclang libllvm llvm + ]); + assert lib.all isBuiltByNixpkgsCompiler (with prevStage.llvmPackages; [ libcxx libcxxabi ]); + + assert lib.getVersion prevStage.stdenv.cc.bintools.bintools == lib.getVersion prevStage.darwin.cctools-llvm; + + stageFun prevStage { + + name = "bootstrap-stage3"; + + overrides = self: super: { + inherit (prevStage) ccWrapperStdenv + autoconf automake bash binutils binutils-unwrapped bison brotli cmake cmakeMinimal + coreutils cpio curl cyrus_sasl db ed expat flex gettext gmp gnugrep groff libedit + libidn2 libkrb5 libssh2 libtool libunistring m4 nghttp2 ninja openbsm openldap + openpam openssh openssl patchutils pbzx perl pkg-config python3 python3Minimal scons + sed serf sharutils sqlite subversion sysctl texinfo unzip which xz zstd + + # CF dependencies - don’t rebuild them. + icu libiconv libxml2 zlib; + + # Disable tests because they use dejagnu, which fails to run. + libffi = super.libffi.override { doCheck = false; }; - darwin = super.darwin.overrideScope (_: _: { - inherit (darwin) - dyld Libsystem xnu configd libdispatch libclosure launchd libiconv - locale darwin-stubs sigtool; - }); - }; - in - with prevStage; stageFun 3 prevStage { - shell = "${pkgs.bash}/bin/bash"; - - # We have a valid shell here (this one has no bootstrap-tools runtime deps) so stageFun - # enables patchShebangs above. Unfortunately, patchShebangs ignores our $SHELL setting - # and instead goes by $PATH, which happens to contain bootstrapTools. So it goes and - # patches our shebangs back to point at bootstrapTools. This makes sure bash comes first. - extraNativeBuildInputs = with pkgs; [ xz ]; - extraBuildInputs = [ pkgs.darwin.CF pkgs.bash ]; - libcxx = pkgs."${finalLlvmPackages}".libcxx; - - extraPreHook = '' - export PATH=${pkgs.bash}/bin:$PATH - export PATH_LOCALE=${pkgs.darwin.locale}/share/locale - ''; + darwin = super.darwin.overrideScope (selfDarwin: superDarwin: { + inherit (prevStage.darwin) + CF Libsystem binutils binutils-unwrapped cctools cctools-llvm cctools-port configd + darwin-stubs dyld launchd libclosure libdispatch libobjc libtapi locale objc4 + postLinkSignHook print-reexports rewrite-tbd signingUtils sigtool system_cmds; + }); - allowedRequisites = - [ bootstrapTools ] ++ - (with pkgs; [ - xz.bin - xz.out - bash - zlib - libxml2.out - curl.out - openssl.out - libssh2.out - nghttp2.lib - coreutils - gnugrep - gnugrep.pcre2.out - gmp - libiconv - brotli.lib - file - ] ++ lib.optional haveKRB5 libkrb5) ++ - (with pkgs."${finalLlvmPackages}"; [ - libcxx - libcxx.dev - libcxxabi - libcxxabi.dev - compiler-rt - clang-unwrapped - ]) ++ - (with pkgs.darwin; [ dyld ICU Libsystem locale ] ++ lib.optional useAppleSDKLibs objc4); - - overrides = persistent; + llvmPackages = super.llvmPackages // ( + let + libraries = super.llvmPackages.libraries.extend (_: _: { + inherit (prevStage.llvmPackages) compiler-rt libcxx libcxxabi; + }); + in + { inherit libraries; } // libraries + ); }; - stage4 = prevStage: - let - persistent = self: super: with prevStage; { - inherit - gnumake gzip gnused bzip2 ed xz patch bash python3 - ncurses libffi zlib gmp gnugrep cmake - coreutils findutils diffutils patchutils ninja libxml2; - inherit (gnugrep) pcre2; - - # Hack to make sure we don't link ncurses in bootstrap tools. The proper - # solution is to avoid passing -L/nix-store/...-bootstrap-tools/lib, - # quite a sledgehammer just to get the C runtime. - gettext = super.gettext.overrideAttrs (drv: { - configureFlags = drv.configureFlags ++ [ - "--disable-curses" - ]; - }); + extraNativeBuildInputs = lib.optionals localSystem.isAarch64 [ + prevStage.updateAutotoolsGnuConfigScriptsHook + prevStage.gnu-config + ]; + + extraPreHook = '' + stripDebugFlags="-S" # llvm-strip does not support "-p" for Mach-O + ''; + }) + + # Construct a standard environment with the new clang. Also use the new compiler to rebuild + # everything that will be part of the final stdenv and isn’t required by it, CF, or Libsystem. + (prevStage: + # previous stage3 stdenv: + assert lib.all isBuiltByBootstrapFilesCompiler (with prevStage; [ + autoconf automake bison brotli cmake cmakeMinimal coreutils cpio curl cyrus_sasl + db ed expat flex gettext gmp gnugrep groff libedit libidn2 libkrb5 libssh2 libtool + libunistring m4 nghttp2 ninja openbsm openldap openpam openssh openssl patchutils pbzx + perl pkg-config.pkg-config python3 python3Minimal scons serf sqlite subversion + sysctl.provider texinfo unzip which xz zstd + ]); + + assert lib.all isBuiltByNixpkgsCompiler (with prevStage; [ + bash binutils-unwrapped icu libffi libiconv libxml2 zlib + ]); + + assert lib.all isBuiltByBootstrapFilesCompiler (with prevStage.darwin; [ + locale print-reexports rewrite-tbd sigtool system_cmds + ]); + assert lib.all isBuiltByNixpkgsCompiler (with prevStage.darwin; [ + binutils-unwrapped cctools libtapi + ]); + + assert (! useAppleSDKLibs) -> lib.all isBuiltByBootstrapFilesCompiler (with prevStage.darwin; [ configd ]); + assert (! useAppleSDKLibs) -> lib.all isBuiltByNixpkgsCompiler (with prevStage.darwin; [ CF Libsystem ]); + assert useAppleSDKLibs -> lib.all isFromNixpkgs (with prevStage.darwin; [ CF Libsystem libobjc ]); + assert lib.all isFromNixpkgs (with prevStage.darwin; [ dyld launchd libclosure libdispatch xnu ]); + + assert lib.all isBuiltByNixpkgsCompiler (with prevStage.llvmPackages; [ + clang-unwrapped libclang libllvm llvm compiler-rt libcxx libcxxabi + ]); + + assert lib.getVersion prevStage.stdenv.cc.bintools.bintools == lib.getVersion prevStage.darwin.cctools-llvm; + + stageFun prevStage { + + name = "bootstrap-stage4"; + + overrides = self: super: { + inherit (prevStage) ccWrapperStdenv + autoconf automake bash bison cmake cmakeMinimal cpio cyrus_sasl db expat flex groff + libedit libtool m4 ninja openldap openssh patchutils pbzx perl pkg-config python3 + python3Minimal scons serf sqlite subversion sysctl texinfo unzip which + + # CF dependencies - don’t rebuild them. + icu + + # LLVM dependencies - don’t rebuild them. + libffi libiconv libxml2 ncurses zlib; - "${finalLlvmPackages}" = super."${finalLlvmPackages}" // ( - let - tools = super."${finalLlvmPackages}".tools.extend (llvmSelf: _: { - clang-unwrapped-all-outputs = pkgs."${finalLlvmPackages}".clang-unwrapped-all-outputs.override { llvm = llvmSelf.llvm; }; - libllvm = pkgs."${finalLlvmPackages}".libllvm.override { inherit libxml2; }; - }); - libraries = super."${finalLlvmPackages}".libraries.extend (llvmSelf: _: { - inherit (pkgs."${finalLlvmPackages}") libcxx libcxxabi compiler-rt; - }); - in - { inherit tools libraries; } // tools // libraries - ); + darwin = super.darwin.overrideScope (selfDarwin: superDarwin: { + inherit (prevStage.darwin) dyld CF Libsystem darwin-stubs + # CF dependencies - don’t rebuild them. + libobjc objc4; + + signingUtils = superDarwin.signingUtils.override { + inherit (selfDarwin) sigtool; + }; - darwin = super.darwin.overrideScope (_: superDarwin: { - inherit (darwin) dyld Libsystem libiconv locale darwin-stubs; + binutils = superDarwin.binutils.override { + shell = self.bash + "/bin/bash"; - # See useAppleSDKLibs in darwin-packages.nix - CF = if useAppleSDKLibs then super.darwin.CF else - superDarwin.CF.override { - inherit libxml2; - python3 = prevStage.python3; + buildPackages = { + inherit (prevStage) stdenv; }; - }); - }; - in - with prevStage; stageFun 4 prevStage { - shell = "${pkgs.bash}/bin/bash"; - extraNativeBuildInputs = with pkgs; [ xz ]; - extraBuildInputs = [ pkgs.darwin.CF pkgs.bash ]; - libcxx = pkgs."${finalLlvmPackages}".libcxx; - - extraPreHook = '' - export PATH_LOCALE=${pkgs.darwin.locale}/share/locale - ''; - overrides = persistent; + + bintools = selfDarwin.binutils-unwrapped; + libc = selfDarwin.Libsystem; + }; + }); + + llvmPackages = super.llvmPackages // ( + let + tools = super.llvmPackages.tools.extend (_: _: { + inherit (prevStage.llvmPackages) clang-unwrapped libclang libllvm llvm; + libcxxClang = lib.makeOverridable (import ../../build-support/cc-wrapper) { + nativeTools = false; + nativeLibc = false; + + buildPackages = { + inherit (prevStage) stdenv; + }; + + extraPackages = [ + self.llvmPackages.libcxxabi + self.llvmPackages.compiler-rt + ]; + + extraBuildCommands = + let + inherit (self.llvmPackages) clang-unwrapped compiler-rt release_version; + + # Clang 16+ uses only the major version in resource-root, but older versions use the complete one. + clangResourceRootIncludePath = clangLib: clangRelease: + let + clangVersion = + if lib.versionAtLeast clangRelease "16" + then lib.versions.major clangRelease + else clangRelease; + in + "${clangLib}/lib/clang/${clangVersion}/include"; + in + '' + rsrc="$out/resource-root" + mkdir "$rsrc" + ln -s "${clangResourceRootIncludePath clang-unwrapped.lib release_version}" "$rsrc" + ln -s "${compiler-rt.out}/lib" "$rsrc/lib" + ln -s "${compiler-rt.out}/share" "$rsrc/share" + echo "-resource-dir=$rsrc" >> $out/nix-support/cc-cflags + ''; + + cc = self.llvmPackages.clang-unwrapped; + bintools = self.darwin.binutils; + + isClang = true; + libc = self.darwin.Libsystem; + inherit (self.llvmPackages) libcxx; + + inherit lib; + inherit (self) stdenvNoCC coreutils gnugrep; + + shell = self.bash + "/bin/bash"; + }; + }); + libraries = super.llvmPackages.libraries.extend (_: _:{ + inherit (prevStage.llvmPackages) compiler-rt libcxx libcxxabi; + }); + in + { inherit tools libraries; } // tools // libraries + ); }; - stdenvDarwin = prevStage: + extraNativeBuildInputs = lib.optionals localSystem.isAarch64 [ + prevStage.updateAutotoolsGnuConfigScriptsHook + prevStage.gnu-config + ]; + + extraPreHook = '' + stripDebugFlags="-S" # llvm-strip does not support "-p" for Mach-O + ''; + }) + + # Construct the final stdenv. The version of LLVM provided should match the one defined in + # `all-packages.nix` for Darwin. Nothing should depend on the bootstrap tools or originate from + # the bootstrap tools. + # + # When updating the Darwin stdenv, make sure that the result has no dependency (`nix-store -qR`) + # on `bootstrapTools` or the binutils built in stage 1. + (prevStage: + # previous stage4 stdenv: + assert lib.all isBuiltByNixpkgsCompiler (with prevStage; [ + bash binutils-unwrapped brotli bzip2 curl diffutils ed file findutils gawk gettext gmp + gnugrep gnumake gnused gnutar gzip icu libffi libiconv libidn2 libkrb5 libssh2 + libunistring libxml2 ncurses nghttp2 openbsm openpam openssl patch pcre xz zlib zstd + ]); + + assert lib.all isBuiltByNixpkgsCompiler (with prevStage.darwin; [ + binutils-unwrapped cctools libtapi locale print-reexports rewrite-tbd sigtool system_cmds + ]); + + assert (! useAppleSDKLibs) -> lib.all isBuiltByNixpkgsCompiler (with prevStage.darwin; [ CF Libsystem configd ]); + assert useAppleSDKLibs -> lib.all isFromNixpkgs (with prevStage.darwin; [ CF Libsystem libobjc ]); + assert lib.all isFromNixpkgs (with prevStage.darwin; [ dyld launchd libclosure libdispatch xnu ]); + + assert lib.all isBuiltByNixpkgsCompiler (with prevStage.llvmPackages; [ + clang-unwrapped libclang libllvm llvm compiler-rt libcxx libcxxabi + ]); + + assert lib.all isBuiltByBootstrapFilesCompiler (with prevStage; [ + autoconf automake bison cmake cmakeMinimal cpio cyrus_sasl db expat flex groff libedit + libtool m4 ninja openldap openssh patchutils pbzx perl pkg-config.pkg-config python3 + python3Minimal scons serf sqlite subversion sysctl.provider texinfo unzip which + ]); + + assert prevStage.darwin.cctools == prevStage.darwin.cctools-llvm; + let doSign = localSystem.isAarch64; - pkgs = prevStage; - persistent = self: super: with prevStage; { - inherit - gnumake gzip gnused bzip2 gawk ed xz patch bash - ncurses libffi zlib gmp gnugrep - coreutils findutils diffutils patchutils pbzx; - inherit (gnugrep) pcre2; - - darwin = super.darwin.overrideScope (_: _: { - inherit (darwin) dyld ICU Libsystem Csu libiconv rewrite-tbd; - } // lib.optionalAttrs (super.stdenv.targetPlatform == localSystem) { - inherit (darwin) binutils binutils-unwrapped cctools-port; - }); - } // lib.optionalAttrs (super.stdenv.targetPlatform == localSystem) { - inherit llvm; - - # Need to get rid of these when cross-compiling. - "${finalLlvmPackages}" = super."${finalLlvmPackages}" // ( - let - tools = super."${finalLlvmPackages}".tools.extend (_: super: { - inherit (pkgs."${finalLlvmPackages}") llvm clang-unwrapped; - }); - libraries = super."${finalLlvmPackages}".libraries.extend (_: _: { - inherit (pkgs."${finalLlvmPackages}") compiler-rt libcxx libcxxabi; - }); - in - { inherit tools libraries; } // tools // libraries - ); - inherit binutils binutils-unwrapped; - }; + cc = prevStage.llvmPackages.clang; in - import ../generic rec { + { + inherit config overlays; + stdenv = import ../generic { name = "stdenv-darwin"; - inherit config; - inherit (pkgs.stdenv) fetchurlBoot; - buildPlatform = localSystem; hostPlatform = localSystem; targetPlatform = localSystem; - preHook = commonPreHook + '' - export PATH_LOCALE=${pkgs.darwin.locale}/share/locale - ''; - - __stdenvImpureHostDeps = commonImpureHostDeps; - __extraImpureHostDeps = commonImpureHostDeps; + inherit config; - initialPath = import ../generic/common-path.nix { inherit pkgs; }; - shell = "${pkgs.bash}/bin/bash"; + preHook = (commonPreHook prevStage) + '' + stripDebugFlags="-S" # llvm-strip does not support "-p" for Mach-O + export PATH_LOCALE=${prevStage.darwin.locale}/share/locale + ''; - cc = pkgs."${finalLlvmPackages}".libcxxClang; + initialPath = ((import ../generic/common-path.nix) { pkgs = prevStage; }); extraNativeBuildInputs = lib.optionals localSystem.isAarch64 [ - pkgs.updateAutotoolsGnuConfigScriptsHook + prevStage.updateAutotoolsGnuConfigScriptsHook ]; - extraBuildInputs = [ pkgs.darwin.CF ]; + extraBuildInputs = [ prevStage.darwin.CF ]; + + inherit cc; + + shell = cc.shell; + + inherit (prevStage.stdenv) fetchurlBoot; extraAttrs = { - libc = pkgs.darwin.Libsystem; - shellPackage = pkgs.bash; inherit bootstrapTools; + libc = prevStage.darwin.Libsystem; + shellPackage = prevStage.bash; } // lib.optionalAttrs useAppleSDKLibs { # This objc4 will be propagated to all builds using the final stdenv, # and we shouldn't mix different builds, because they would be # conflicting LLVM modules. Export it here so we can grab it later. - inherit (pkgs.darwin) objc4; + inherit (prevStage.darwin) objc4; }; - allowedRequisites = (with pkgs; [ - xz.out - xz.bin - gmp.out - gnumake - findutils - bzip2.out + disallowedRequisites = [ bootstrapTools.out ]; + + allowedRequisites = (with prevStage; [ + bash + binutils.bintools + binutils.bintools.lib bzip2.bin - zlib.out - zlib.dev - libffi.out + bzip2.out + cc.expand-response-params coreutils - ed + darwin.binutils + darwin.binutils.bintools diffutils - gnutar - gzip - ncurses.out - ncurses.dev - ncurses.man - gnused - bash + ed + file + findutils gawk + gettext + gmp.out gnugrep - patch gnugrep.pcre2.out - gettext - binutils.bintools - binutils.bintools.lib - darwin.binutils - darwin.binutils.bintools - curl.out - zstd.out - libidn2.out + gnumake + gnused + gnutar + gzip + icu.out + libffi.out + libiconv libunistring.out - openssl.out - libssh2.out - nghttp2.lib - brotli.lib - cc.expand-response-params libxml2.out - file - ] ++ lib.optional haveKRB5 libkrb5 + ncurses.dev + ncurses.man + ncurses.out + openbsm + openpam + patch + xz.bin + xz.out + zlib.dev + zlib.out + ] + ++ lib.optionals doSign [ openssl.out ]) ++ lib.optionals localSystem.isAarch64 [ - pkgs.updateAutotoolsGnuConfigScriptsHook - pkgs.gnu-config - ]) - ++ (with pkgs."${finalLlvmPackages}"; [ + prevStage.updateAutotoolsGnuConfigScriptsHook + prevStage.gnu-config + ] + ++ (with prevStage.llvmPackages; [ + bintools-unwrapped + clang-unwrapped + clang-unwrapped.lib + compiler-rt + compiler-rt.dev libcxx libcxx.dev libcxxabi libcxxabi.dev + lld llvm llvm.lib - compiler-rt - compiler-rt.dev - clang-unwrapped - libclang.dev - libclang.lib ]) - ++ (with pkgs.darwin; [ - dyld - Libsystem + ++ (with prevStage.darwin; [ CF - cctools - ICU - libiconv - locale + Libsystem + cctools-llvm + cctools-port + dyld libtapi - ] ++ lib.optional useAppleSDKLibs objc4 + locale + system_cmds + ] + ++ lib.optional useAppleSDKLibs [ objc4 ] ++ lib.optionals doSign [ postLinkSignHook sigtool signingUtils ]); - overrides = lib.composeExtensions persistent (self: super: { - darwin = super.darwin.overrideScope (_: superDarwin: { - inherit (prevStage.darwin) CF darwin-stubs; - xnu = superDarwin.xnu.override { inherit (prevStage) python3; }; + __stdenvImpureHostDeps = commonImpureHostDeps; + __extraImpureHostDeps = commonImpureHostDeps; + + overrides = self: super: { + inherit (prevStage) + bash binutils brotli bzip2 coreutils curl diffutils ed file findutils gawk gettext + gmp gnugrep gnumake gnused gnutar gzip icu libffi libiconv libidn2 libssh2 + libunistring libxml2 ncurses nghttp2 openbsm openpam openssl patch pcre xz zlib + zstd; + + darwin = super.darwin.overrideScope (_: _: { + inherit (prevStage.darwin) + CF ICU Libsystem darwin-stubs dyld locale libobjc libtapi system_cmds xnu; + } // lib.optionalAttrs (super.stdenv.targetPlatform == localSystem) { + inherit (prevStage.darwin) binutils binutils-unwrapped cctools-llvm cctools-port; }); } // lib.optionalAttrs (super.stdenv.targetPlatform == localSystem) { - clang = cc; - llvmPackages = super.llvmPackages // { clang = cc; }; - inherit cc; - }); - }; + inherit (prevStage.llvmPackages) clang llvm; - stagesDarwin = [ - ({}: stage0) - stage1 - stage2 - stage3 - stage4 - (prevStage: { - inherit config overlays; - stdenv = stdenvDarwin prevStage; - }) - ]; -} + # Need to get rid of these when cross-compiling. + llvmPackages = super.llvmPackages // ( + let + tools = super.llvmPackages.tools.extend (_: _: { + inherit (prevStage.llvmPackages) clang clang-unwrapped libclang libllvm llvm; + }); + libraries = super.llvmPackages.libraries.extend (_: _: { + inherit (prevStage.llvmPackages) compiler-rt libcxx libcxxabi; + }); + in + { inherit tools libraries; } // tools // libraries + ); + + inherit (prevStage) binutils binutils-unwrapped; + }; + }; + }) + + # This "no-op" stage is just a place to put the assertions about stage6. + (prevStage: + # previous final stage stdenv: + assert isBuiltByNixpkgsCompiler prevStage.darwin.sigtool; + assert isBuiltByNixpkgsCompiler prevStage.darwin.binutils-unwrapped; + assert isBuiltByNixpkgsCompiler prevStage.darwin.print-reexports; + assert isBuiltByNixpkgsCompiler prevStage.darwin.rewrite-tbd; + assert isBuiltByNixpkgsCompiler prevStage.darwin.cctools; + + assert isFromNixpkgs prevStage.darwin.CF; + assert isFromNixpkgs prevStage.darwin.Libsystem; + + assert isBuiltByNixpkgsCompiler prevStage.llvmPackages.clang-unwrapped; + assert isBuiltByNixpkgsCompiler prevStage.llvmPackages.libllvm; + assert isBuiltByNixpkgsCompiler prevStage.llvmPackages.libcxx; + assert isBuiltByNixpkgsCompiler prevStage.llvmPackages.libcxxabi; + assert isBuiltByNixpkgsCompiler prevStage.llvmPackages.compiler-rt; + { inherit (prevStage) config overlays stdenv; }) +] diff --git a/pkgs/stdenv/default.nix b/pkgs/stdenv/default.nix index 7a2ad665e09d7..6cc1339752afd 100644 --- a/pkgs/stdenv/default.nix +++ b/pkgs/stdenv/default.nix @@ -28,7 +28,7 @@ let # the GNU C compiler, and so on. stagesLinux = import ./linux args; - inherit (import ./darwin args) stagesDarwin; + stagesDarwin = import ./darwin args; stagesCross = import ./cross args; diff --git a/pkgs/stdenv/generic/make-derivation.nix b/pkgs/stdenv/generic/make-derivation.nix index 7454269159870..0799ca685f50b 100644 --- a/pkgs/stdenv/generic/make-derivation.nix +++ b/pkgs/stdenv/generic/make-derivation.nix @@ -195,16 +195,13 @@ let # Musl-based platforms will keep "pie", other platforms will not. # If you change this, make sure to update section `{#sec-hardening-in-nixpkgs}` # in the nixpkgs manual to inform users about the defaults. - defaultHardeningFlags = let - # not ready for this by default - supportedHardeningFlags' = lib.remove "fortify3" supportedHardeningFlags; - in if stdenv.hostPlatform.isMusl && + defaultHardeningFlags = if stdenv.hostPlatform.isMusl && # Except when: # - static aarch64, where compilation works, but produces segfaulting dynamically linked binaries. # - static armv7l, where compilation fails. !(stdenv.hostPlatform.isAarch && stdenv.hostPlatform.isStatic) - then supportedHardeningFlags' - else lib.remove "pie" supportedHardeningFlags'; + then supportedHardeningFlags + else lib.remove "pie" supportedHardeningFlags; enabledHardeningOptions = if builtins.elem "all" hardeningDisable' then [] diff --git a/pkgs/tools/graphics/graphviz/default.nix b/pkgs/tools/graphics/graphviz/default.nix index 5ecb8642c5b04..ab6a5110db45d 100644 --- a/pkgs/tools/graphics/graphviz/default.nix +++ b/pkgs/tools/graphics/graphviz/default.nix @@ -29,13 +29,13 @@ let in stdenv.mkDerivation rec { pname = "graphviz"; - version = "7.1.0"; + version = "8.0.5"; src = fetchFromGitLab { owner = "graphviz"; repo = "graphviz"; rev = version; - hash = "sha256-y91YiBJT45slK266UGfow7MFdrdMXZQm3FYBWs1YuuE="; + hash = "sha256-s3AUOLZhehxs2GcDCsq87RVvsDli1NvvQtwI0AyUs4k="; }; nativeBuildInputs = [ diff --git a/pkgs/tools/security/gnupg/24.nix b/pkgs/tools/security/gnupg/24.nix index de8fd8ce15087..2f5c6e2ce428e 100644 --- a/pkgs/tools/security/gnupg/24.nix +++ b/pkgs/tools/security/gnupg/24.nix @@ -13,11 +13,11 @@ assert guiSupport -> enableMinimal == false; stdenv.mkDerivation rec { pname = "gnupg"; - version = "2.4.0"; + version = "2.4.1"; src = fetchurl { url = "mirror://gnupg/gnupg/${pname}-${version}.tar.bz2"; - hash = "sha256-HXkVjdAdmSQx3S4/rLif2slxJ/iXhOosthDGAPsMFIM="; + hash = "sha256-drceWutEO/2RDOnLyCgbYXyDQWh6+2e65FWHeXK1neg="; }; depsBuildBuild = [ buildPackages.stdenv.cc ]; @@ -63,12 +63,6 @@ stdenv.mkDerivation rec { rm $f done '' else '' - mkdir -p $out/lib/systemd/user - for f in doc/examples/systemd-user/*.{service,socket} ; do - substitute $f $out/lib/systemd/user/$(basename $f) \ - --replace /usr/bin $out/bin - done - # add gpg2 symlink to make sure git does not break when signing commits ln -s $out/bin/gpg $out/bin/gpg2 diff --git a/pkgs/tools/security/hash_extender/default.nix b/pkgs/tools/security/hash_extender/default.nix index 9ddc16c9b27ea..b90dff6cd17cb 100644 --- a/pkgs/tools/security/hash_extender/default.nix +++ b/pkgs/tools/security/hash_extender/default.nix @@ -16,6 +16,9 @@ stdenv.mkDerivation { doCheck = true; checkPhase = "./hash_extender --test"; + # https://github.com/iagox86/hash_extender/issues/26 + hardeningDisable = [ "fortify3" ]; + env.NIX_CFLAGS_COMPILE = "-Wno-error=deprecated-declarations"; installPhase = '' diff --git a/pkgs/tools/security/yubihsm-shell/default.nix b/pkgs/tools/security/yubihsm-shell/default.nix index 77b6b86ffd6e1..650224dd03b1a 100644 --- a/pkgs/tools/security/yubihsm-shell/default.nix +++ b/pkgs/tools/security/yubihsm-shell/default.nix @@ -58,6 +58,9 @@ stdenv.mkDerivation rec { "-DDISABLE_LTO=ON" ]; + # causes redefinition of _FORTIFY_SOURCE + hardeningDisable = [ "fortify3" ]; + meta = with lib; { description = "yubihsm-shell and libyubihsm"; homepage = "https://github.com/Yubico/yubihsm-shell"; diff --git a/pkgs/tools/system/minijail/default.nix b/pkgs/tools/system/minijail/default.nix index 73f8cad580a5c..ab237dd307279 100644 --- a/pkgs/tools/system/minijail/default.nix +++ b/pkgs/tools/system/minijail/default.nix @@ -19,6 +19,9 @@ stdenv.mkDerivation rec { patchShebangs platform2_preinstall.sh ''; + # causes redefinition of _FORTIFY_SOURCE + hardeningDisable = [ "fortify3" ]; + installPhase = '' ./platform2_preinstall.sh ${version} $out/include/chromeos diff --git a/pkgs/tools/text/diffutils/default.nix b/pkgs/tools/text/diffutils/default.nix index 7b2660a711492..040f363fa55d8 100644 --- a/pkgs/tools/text/diffutils/default.nix +++ b/pkgs/tools/text/diffutils/default.nix @@ -20,6 +20,13 @@ stdenv.mkDerivation rec { /* If no explicit coreutils is given, use the one from stdenv. */ buildInputs = [ coreutils ]; + # Disable stack-related gnulib tests on x86_64-darwin because they have problems running under + # Rosetta 2: test-c-stack hangs, test-sigsegv-catch-stackoverflow fails. + postPatch = if (stdenv.hostPlatform.isDarwin && stdenv.hostPlatform.isx86_64) then '' + sed -i -E 's:test-c-stack2?\.sh::g' gnulib-tests/Makefile.in + sed -i -E 's:test-sigsegv-catch-stackoverflow[12]::g' gnulib-tests/Makefile.in + '' else null; + configureFlags = # "pr" need not be on the PATH as a run-time dep, so we need to tell # configure where it is. Covers the cross and native case alike. diff --git a/pkgs/tools/text/sgml/opensp/default.nix b/pkgs/tools/text/sgml/opensp/default.nix index 848bd5ce82eba..836a07b63e739 100644 --- a/pkgs/tools/text/sgml/opensp/default.nix +++ b/pkgs/tools/text/sgml/opensp/default.nix @@ -1,5 +1,6 @@ { lib, stdenv, fetchurl, fetchpatch, xmlto, docbook_xml_dtd_412 , libxslt, docbook_xsl, autoconf, automake, gettext, libiconv, libtool +, autoreconfHook }: stdenv.mkDerivation rec { @@ -21,6 +22,8 @@ stdenv.mkDerivation rec { url = "https://gitweb.gentoo.org/repo/gentoo.git/plain/app-text/opensp/files/opensp-1.5.2-c11-using.patch?id=688d9675782dfc162d4e6cff04c668f7516118d0"; sha256 = "04q14s8qsad0bkjmj067dn831i0r6v7742rafdlnbfm5y249m2q6"; }) + # Clang 16 defaults to C++17, which does not allow `register` as a storage class specifier. + ./fix-register-storage-class.patch ]; setupHook = ./setup-hook.sh; @@ -41,7 +44,11 @@ stdenv.mkDerivation rec { xmlto docbook_xml_dtd_412 docbook_xsl - ] ++ lib.optionals stdenv.isCygwin [ autoconf automake libtool ]; + ] + # Clang 16 fails to build due to inappropriate definitions in the `config.h` generated by the + # existing configure scripts. Regenerate them to make sure they detect its features correctly. + ++ lib.optional stdenv.cc.isClang autoreconfHook + ++ lib.optionals stdenv.isCygwin [ autoconf automake libtool ]; doCheck = false; # fails diff --git a/pkgs/tools/text/sgml/opensp/fix-register-storage-class.patch b/pkgs/tools/text/sgml/opensp/fix-register-storage-class.patch new file mode 100644 index 0000000000000..ce1aba32437bd --- /dev/null +++ b/pkgs/tools/text/sgml/opensp/fix-register-storage-class.patch @@ -0,0 +1,11 @@ +--- a/lib/Recognizer.cxx 2005-11-05 04:05:20.000000000 -0500 ++++ b/lib/Recognizer.cxx 2023-06-03 11:45:04.497116217 -0400 +@@ -39,7 +39,7 @@ + } + else + in->startTokenNoMulticode(); +- register const Trie *pos = trie_.pointer(); ++ const Trie *pos = trie_.pointer(); + do { + pos = pos->next(map_[in->tokenChar(mgr)]); + } while (pos->hasNext()); diff --git a/pkgs/tools/typesetting/xmlto/default.nix b/pkgs/tools/typesetting/xmlto/default.nix index 5c34ff7554d31..09597be8540df 100644 --- a/pkgs/tools/typesetting/xmlto/default.nix +++ b/pkgs/tools/typesetting/xmlto/default.nix @@ -1,5 +1,5 @@ -{ fetchurl, lib, stdenv, libxml2, libxslt -, docbook_xml_dtd_45, docbook_xsl, w3m +{ fetchurl, fetchpatch, lib, stdenv, libxml2, libxslt +, docbook_xml_dtd_45, docbook_xsl, flex, w3m , bash, getopt, makeWrapper }: stdenv.mkDerivation rec { @@ -10,6 +10,20 @@ stdenv.mkDerivation rec { sha256 = "0xhj8b2pwp4vhl9y16v3dpxpsakkflfamr191mprzsspg4xdyc0i"; }; + # Note: These patches modify `xmlif/xmlif.l`, which requires `flex` to be rerun. + patches = [ + # Fixes implicit `int` on `main`, which is an error with clang 16. + (fetchpatch { + url = "https://pagure.io/xmlto/c/8e34f087bf410bcc5fe445933d6ad9bae54f24b5.patch"; + hash = "sha256-z5riDBZBVuFeBcjI++dAl3nTIgOPau4Gag0MJbYt+cc="; + }) + # Fixes implicit `int` on `ifsense`, which is also an error with clang 16. + (fetchpatch { + url = "https://pagure.io/xmlto/c/1375e2df75530cd198bd16ac3de38e2b0d126276.patch"; + hash = "sha256-fM6ZdTigrcC9cbXiKu6oa5Hs71mrREockB1wRlw6nDk="; + }) + ]; + postPatch = '' patchShebangs xmlif/test/run-test @@ -23,7 +37,7 @@ stdenv.mkDerivation rec { # `libxml2' provides `xmllint', needed at build-time and run-time. # `libxslt' provides `xsltproc', used by `xmlto' at run-time. - nativeBuildInputs = [ makeWrapper getopt ]; + nativeBuildInputs = [ makeWrapper flex getopt ]; buildInputs = [ libxml2 libxslt docbook_xml_dtd_45 docbook_xsl ]; postInstall = '' diff --git a/pkgs/top-level/darwin-packages.nix b/pkgs/top-level/darwin-packages.nix index f1d48814ebe22..ef4240955b9c6 100644 --- a/pkgs/top-level/darwin-packages.nix +++ b/pkgs/top-level/darwin-packages.nix @@ -101,7 +101,7 @@ impure-cmds // appleSourcePackages // chooseLibs // { bintools = self.binutils-unwrapped; }; - cctools = self.cctools-port; + cctools = self.cctools-llvm; cctools-apple = callPackage ../os-specific/darwin/cctools/apple.nix { stdenv = if stdenv.isDarwin then stdenv else pkgs.libcxxStdenv; |