diff options
Diffstat (limited to 'pkgs/development/tools/analysis')
28 files changed, 268 insertions, 285 deletions
diff --git a/pkgs/development/tools/analysis/binlore/default.nix b/pkgs/development/tools/analysis/binlore/default.nix index f8a88b4ce6793..53a024766576b 100644 --- a/pkgs/development/tools/analysis/binlore/default.nix +++ b/pkgs/development/tools/analysis/binlore/default.nix @@ -56,58 +56,169 @@ let # in here, but I'm erring on the side of flexibility # since this form will make it easier to pilot other # uses of binlore. - callback = lore: drv: overrides: '' + callback = lore: drv: '' if [[ -d "${drv}/bin" ]] || [[ -d "${drv}/lib" ]] || [[ -d "${drv}/libexec" ]]; then echo generating binlore for $drv by running: echo "${yara}/bin/yara --scan-list --recursive ${lore.rules} <(printf '%s\n' ${drv}/{bin,lib,libexec}) | ${yallback}/bin/yallback ${lore.yallback}" else echo "failed to generate binlore for $drv (none of ${drv}/{bin,lib,libexec} exist)" fi - '' + - /* - Override lore for some packages. Unsure, but for now: - 1. start with the ~name (pname-version) - 2. remove characters from the end until we find a match - in overrides/ - 3. execute the override script with the list of expected - lore types - */ - '' - i=''${#identifier} - filter= - while [[ $i > 0 ]] && [[ -z "$filter" ]]; do - if [[ -f "${overrides}/''${identifier:0:$i}" ]]; then - filter="${overrides}/''${identifier:0:$i}" - echo using "${overrides}/''${identifier:0:$i}" to generate overriden binlore for $drv - break - fi - ((i--)) || true # don't break build - done # || true # don't break build + if [[ -d "${drv}/bin" ]] || [[ -d "${drv}/lib" ]] || [[ -d "${drv}/libexec" ]]; then - ${yara}/bin/yara --scan-list --recursive ${lore.rules} <(printf '%s\n' ${drv}/{bin,lib,libexec}) | ${yallback}/bin/yallback ${lore.yallback} "$filter" + ${yara}/bin/yara --scan-list --recursive ${lore.rules} <(printf '%s\n' ${drv}/{bin,lib,libexec}) | ${yallback}/bin/yallback ${lore.yallback} fi ''; }; - overrides = (src + "/overrides"); in rec { + /* + Output a directory containing lore for multiple drvs. + + This will `make` lore for drv in drvs and then combine lore + of the same type across all packages into a single file. + + When drvs are also specified in the strip argument, corresponding + lore is made relative by stripping the path of each drv from + matching entries. (This is mainly useful in a build process that + uses a chain of two or more derivations where the output of one + is the source for the next. See resholve for an example.) + */ collect = { lore ? loreDef, drvs, strip ? [ ] }: (runCommand "more-binlore" { } '' mkdir $out for lorefile in ${toString lore.types}; do cat ${lib.concatMapStrings (x: x + "/$lorefile ") (map (make lore) (map lib.getBin (builtins.filter lib.isDerivation drvs)))} > $out/$lorefile - substituteInPlace $out/$lorefile ${lib.concatMapStrings (x: "--replace '${x}/' '' ") strip} + substituteInPlace $out/$lorefile ${lib.concatMapStrings (x: "--replace-quiet '${x}/' '' ") strip} done ''); - # TODO: echo for debug, can be removed at some point + + /* + Output a directory containing lore for a single drv. + + This produces lore for the derivation (via lore.callback) and + appends any lore that the derivation itself wrote to nix-support + or which was overridden in drv.binlore.<outputName> (passthru). + + > *Note*: Since the passthru is attached to all outputs, binlore + > is an attrset namespaced by outputName to support packages with + > executables in more than one output. + + Since the last entry wins, the effective priority is: + drv.binlore.<outputName> > $drv/nix-support > lore generated here by callback + */ make = lore: drv: runCommand "${drv.name}-binlore" { - identifier = drv.name; drv = drv; } ('' mkdir $out touch $out/{${builtins.concatStringsSep "," lore.types}} - ${lore.callback lore drv overrides} + ${lore.callback lore drv} + '' + + # append lore from package's $out and drv.binlore.${drv.outputName} (last entry wins) + '' + for lore_type in ${builtins.toString lore.types}; do + if [[ -f "${drv}/nix-support/$lore_type" ]]; then + cat "${drv}/nix-support/$lore_type" >> "$out/$lore_type" + fi + '' + lib.optionalString (builtins.hasAttr "binlore" drv && builtins.hasAttr drv.outputName drv.binlore) '' + if [[ -f "${drv.binlore."${drv.outputName}"}/$lore_type" ]]; then + cat "${drv.binlore."${drv.outputName}"}/$lore_type" >> "$out/$lore_type" + fi + '' + '' + done echo binlore for $drv written to $out ''); + + /* + Utility function for creating override lore for drv. + + We normally attach this lore to `drv.passthru.binlore.<outputName>`. + + > *Notes*: + > - Since the passthru is attached to all outputs, binlore is an + > attrset namespaced by outputName to support packages with + > executables in more than one output. You'll generally just use + > `out` or `bin`. + > - We can reconsider the passthru attr name if someone adds + > a new lore provider. We settled on `.binlore` for now to make it + > easier for people to figure out what this is for. + + The lore argument should be a Shell script (string) that generates + the necessary lore. You can use arbitrary Shell, but this function + includes a shell DSL you can use to declare/generate lore in most + cases. It has the following functions: + + - `execer <verdict> [<path>...]` + - `wrapper <wrapper_path> <original_path>` + + Writing every override explicitly in a Nix list would be tedious + for large packages, but this small shell DSL enables us to express + many overrides efficiently via pathname expansion/globbing. + + Here's a very general example of both functions: + + passthru.binlore.out = binlore.synthesize finalAttrs.finalPackage '' + execer can bin/hello bin/{a,b,c} + wrapper bin/hello bin/.hello-wrapped + ''; + + And here's a specific example of how pathname expansion enables us + to express lore for the single-binary variant of coreutils while + being both explicit and (somewhat) efficient: + + passthru = {} // optionalAttrs (singleBinary != false) { + binlore.out = binlore.synthesize coreutils '' + execer can bin/{chroot,env,install,nice,nohup,runcon,sort,split,stdbuf,timeout} + execer cannot bin/{[,b2sum,base32,base64,basename,basenc,cat,chcon,chgrp,chmod,chown,cksum,comm,cp,csplit,cut,date,dd,df,dir,dircolors,dirname,du,echo,expand,expr,factor,false,fmt,fold,groups,head,hostid,id,join,kill,link,ln,logname,ls,md5sum,mkdir,mkfifo,mknod,mktemp,mv,nl,nproc,numfmt,od,paste,pathchk,pinky,pr,printenv,printf,ptx,pwd,readlink,realpath,rm,rmdir,seq,sha1sum,sha224sum,sha256sum,sha384sum,sha512sum,shred,shuf,sleep,stat,stty,sum,sync,tac,tail,tee,test,touch,tr,true,truncate,tsort,tty,uname,unexpand,uniq,unlink,uptime,users,vdir,wc,who,whoami,yes} + ''; + }; + + Caution: Be thoughtful about using a bare wildcard (*) glob here. + We should generally override lore only when a human understands if + the executable will exec arbitrary user-passed executables. A bare + glob can match new executables added in future package versions + before anyone can audit them. + */ + synthesize = drv: loreSynthesizingScript: runCommand "${drv.name}-lore-override" { + drv = drv; + } ('' + execer(){ + local verdict="$1" + + shift + + for path in "$@"; do + if [[ -f "$PWD/$path" ]]; then + echo "$verdict:$PWD/$path" + else + echo "error: Tried to synthesize execer lore for missing file: $PWD/$path" >&2 + exit 2 + fi + done + } >> $out/execers + + wrapper(){ + local wrapper="$1" + local original="$2" + + if [[ ! -f "$wrapper" ]]; then + echo "error: Tried to synthesize wrapper lore for missing wrapper: $PWD/$wrapper" >&2 + exit 2 + fi + + if [[ ! -f "$original" ]]; then + echo "error: Tried to synthesize wrapper lore for missing original: $PWD/$original" >&2 + exit 2 + fi + + echo "$PWD/$wrapper:$PWD/$original" + + } >> $out/wrappers + + mkdir $out + + # lore override commands are relative to the drv root + cd $drv + + '' + loreSynthesizingScript); } diff --git a/pkgs/development/tools/analysis/cargo-tarpaulin/default.nix b/pkgs/development/tools/analysis/cargo-tarpaulin/default.nix index 88968be7b40e8..f5511adb78918 100644 --- a/pkgs/development/tools/analysis/cargo-tarpaulin/default.nix +++ b/pkgs/development/tools/analysis/cargo-tarpaulin/default.nix @@ -10,16 +10,16 @@ rustPlatform.buildRustPackage rec { pname = "cargo-tarpaulin"; - version = "0.30.0"; + version = "0.31.1"; src = fetchFromGitHub { owner = "xd009642"; repo = "tarpaulin"; rev = version; - hash = "sha256-RtkW2FDey049URmr0WGNYcz5sTZXIQ7dZL/OlIaKX20="; + hash = "sha256-JD+seB8gvDFjT/O32bOba1VTzj1Kpj3zNhbN7Hstz7Q="; }; - cargoHash = "sha256-HBpEMjc2FQvFqvvcCtxHJBj2waFau77t+m+1ZfomguA="; + cargoHash = "sha256-d/MVdZWwpre5H6GHZbX9Z9jqWtAUmm8BcCFTG2m09F0="; nativeBuildInputs = [ pkg-config diff --git a/pkgs/development/tools/analysis/checkov/default.nix b/pkgs/development/tools/analysis/checkov/default.nix index 414771b2773ba..a98cf542e9e39 100644 --- a/pkgs/development/tools/analysis/checkov/default.nix +++ b/pkgs/development/tools/analysis/checkov/default.nix @@ -6,14 +6,14 @@ python3.pkgs.buildPythonApplication rec { pname = "checkov"; - version = "3.2.144"; + version = "3.2.219"; pyproject = true; src = fetchFromGitHub { owner = "bridgecrewio"; repo = "checkov"; rev = "refs/tags/${version}"; - hash = "sha256-BF2xeHoVb6uSqRB9kTj6QX4pDUkj49xdBOC2SbZ0qjE="; + hash = "sha256-PNWOT4vnlruRPoGSPcBy4GPxmuflVbF+UheIpBo14kE="; }; patches = [ ./flake8-compat-5.x.patch ]; @@ -33,6 +33,7 @@ python3.pkgs.buildPythonApplication rec { "packaging" "pycep-parser" "rustworkx" + "schema" "termcolor" "urllib3" ]; @@ -46,10 +47,6 @@ python3.pkgs.buildPythonApplication rec { setuptools-scm ]; - nativeBuildInputs = with python3.pkgs; [ - pythonRelaxDepsHook - ]; - dependencies = with python3.pkgs; [ aiodns aiohttp @@ -126,6 +123,8 @@ python3.pkgs.buildPythonApplication rec { "test_get_cyclonedx_report" # Test fails on Hydra "test_sast_js_filtered_files_by_ts" + # Timing sensitive + "test_non_multiline_pair_time_limit_creating_report" ]; disabledTestPaths = [ diff --git a/pkgs/development/tools/analysis/clazy/default.nix b/pkgs/development/tools/analysis/clazy/default.nix index 10c61bf888817..8f92ab15150b6 100644 --- a/pkgs/development/tools/analysis/clazy/default.nix +++ b/pkgs/development/tools/analysis/clazy/default.nix @@ -9,13 +9,13 @@ stdenv.mkDerivation rec { pname = "clazy"; - version = "1.11"; + version = "1.12"; src = fetchFromGitHub { owner = "KDE"; repo = "clazy"; rev = "v${version}"; - sha256 = "sha256-kcl4dUg84fNdizKUS4kpvIKFfajtTRdz+MYUbKcMFvg="; + sha256 = "sha256-Fex0BAmCZUYcNJriHHt/QPi5IgSH/yhnpGCFFZMMD/g="; }; buildInputs = [ diff --git a/pkgs/development/tools/analysis/codeql/default.nix b/pkgs/development/tools/analysis/codeql/default.nix index fa5881a1cb0c2..27c11ffb2eaa9 100644 --- a/pkgs/development/tools/analysis/codeql/default.nix +++ b/pkgs/development/tools/analysis/codeql/default.nix @@ -2,7 +2,7 @@ stdenv.mkDerivation rec { pname = "codeql"; - version = "2.17.5"; + version = "2.18.1"; dontConfigure = true; dontBuild = true; @@ -10,7 +10,7 @@ stdenv.mkDerivation rec { src = fetchzip { url = "https://github.com/github/codeql-cli-binaries/releases/download/v${version}/codeql.zip"; - hash = "sha256-Ay+8NOYq1sBIDhCoju2/L8Ghegmxz5NmtpBLb0hqH/E="; + hash = "sha256-X/Sg5+UGl0DJ5LL42tlQt3NIfTJc4nH1AySeLJQsZkk="; }; nativeBuildInputs = [ diff --git a/pkgs/development/tools/analysis/coz/default.nix b/pkgs/development/tools/analysis/coz/default.nix deleted file mode 100644 index 2938a60b46de5..0000000000000 --- a/pkgs/development/tools/analysis/coz/default.nix +++ /dev/null @@ -1,57 +0,0 @@ -{ lib, stdenv -, fetchFromGitHub -, libelfin -, ncurses -, python3 -, python3Packages -, makeWrapper -}: -stdenv.mkDerivation rec { - pname = "coz"; - version = "0.2.1"; - - src = fetchFromGitHub { - owner = "plasma-umass"; - repo = "coz"; - rev = version; - sha256 = "0val36yw987b1558iiyk3nqg0yy5k9y5wh49v91zj3cs58mmfyhc"; - }; - - postPatch = '' - sed -i -e '/pid_t gettid/,+2d' libcoz/ccutil/thread.h - ''; - - postConfigure = '' - # This is currently hard-coded. Will be fixed in the next release. - sed -e "s|/usr/lib/|$out/lib/|" -i ./coz - ''; - - nativeBuildInputs = [ - ncurses - makeWrapper - python3Packages.wrapPython - ]; - - buildInputs = [ - libelfin - (python3.withPackages (p: [ p.docutils ])) - ]; - - installPhase = '' - mkdir -p $out/share/man/man1 - make install prefix=$out - - # fix executable includes - chmod -x $out/include/coz.h - - wrapPythonPrograms - ''; - - meta = { - homepage = "https://github.com/plasma-umass/coz"; - description = "Profiler based on casual profiling"; - mainProgram = "coz"; - license = lib.licenses.bsd2; - maintainers = with lib.maintainers; [ zimbatm ]; - }; -} diff --git a/pkgs/development/tools/analysis/cppcheck/default.nix b/pkgs/development/tools/analysis/cppcheck/default.nix deleted file mode 100644 index bf30b47d54ee1..0000000000000 --- a/pkgs/development/tools/analysis/cppcheck/default.nix +++ /dev/null @@ -1,85 +0,0 @@ -{ lib -, stdenv -, fetchFromGitHub - -, docbook_xml_dtd_45 -, docbook_xsl -, installShellFiles -, libxslt -, pcre -, pkg-config -, python3 -, which -}: - -stdenv.mkDerivation (finalAttrs: { - pname = "cppcheck"; - version = "2.14.1"; - - outputs = [ "out" "man" ]; - - src = fetchFromGitHub { - owner = "danmar"; - repo = "cppcheck"; - rev = finalAttrs.version; - hash = "sha256-KXE3zmhaTweQhs0Qh7Xd5ILiuGVewtrvOkRkt8hjU58="; - }; - - nativeBuildInputs = [ - docbook_xml_dtd_45 - docbook_xsl - installShellFiles - libxslt - pkg-config - python3 - which - ]; - - buildInputs = [ - pcre - (python3.withPackages (ps: [ ps.pygments ])) - ]; - - makeFlags = [ "PREFIX=$(out)" "MATCHCOMPILER=yes" "FILESDIR=$(out)/share/cppcheck" "HAVE_RULES=yes" ]; - - enableParallelBuilding = true; - strictDeps = true; - - # test/testcondition.cpp:4949(TestCondition::alwaysTrueContainer): Assertion failed. - doCheck = !(stdenv.isLinux && stdenv.isAarch64); - doInstallCheck = true; - - postPatch = '' - substituteInPlace Makefile \ - --replace 'PCRE_CONFIG = $(shell which pcre-config)' 'PCRE_CONFIG = $(PKG_CONFIG) libpcre' - ''; - - postBuild = '' - make DB2MAN=${docbook_xsl}/xml/xsl/docbook/manpages/docbook.xsl man - ''; - - postInstall = '' - installManPage cppcheck.1 - ''; - - installCheckPhase = '' - runHook preInstallCheck - - echo 'int main() {}' > ./installcheck.cpp - $out/bin/cppcheck ./installcheck.cpp > /dev/null - - runHook postInstallCheck - ''; - - meta = { - description = "Static analysis tool for C/C++ code"; - homepage = "http://cppcheck.sourceforge.net"; - license = lib.licenses.gpl3Plus; - longDescription = '' - Check C/C++ code for memory leaks, mismatching allocation-deallocation, - buffer overruns and more. - ''; - maintainers = with lib.maintainers; [ joachifm paveloom ]; - platforms = lib.platforms.unix; - }; -}) diff --git a/pkgs/development/tools/analysis/cpplint/0001-Remove-pytest-runner-version-pin.patch b/pkgs/development/tools/analysis/cpplint/0001-Remove-pytest-runner-version-pin.patch deleted file mode 100644 index 3b602421d100b..0000000000000 --- a/pkgs/development/tools/analysis/cpplint/0001-Remove-pytest-runner-version-pin.patch +++ /dev/null @@ -1,16 +0,0 @@ -diff --git a/setup.py b/setup.py -index aef5c4e..030ea14 100755 ---- a/setup.py -+++ b/setup.py -@@ -73,7 +73,7 @@ setup(name='cpplint', - long_description=open('README.rst').read(), - license='BSD-3-Clause', - setup_requires=[ -- "pytest-runner==5.2" -+ "pytest-runner" - ], - tests_require=test_required, - # extras_require allow pip install .[dev] --- -2.31.1 - diff --git a/pkgs/development/tools/analysis/cpplint/default.nix b/pkgs/development/tools/analysis/cpplint/default.nix index f380f7086e820..f4dcd71f0b3c7 100644 --- a/pkgs/development/tools/analysis/cpplint/default.nix +++ b/pkgs/development/tools/analysis/cpplint/default.nix @@ -1,49 +1,46 @@ -{ lib, python3Packages, fetchFromGitHub, fetchpatch }: +{ lib, python3Packages, fetchFromGitHub }: python3Packages.buildPythonApplication rec { pname = "cpplint"; - version = "1.5.5"; - format = "setuptools"; + version = "1.6.1"; + pyproject = true; # Fetch from github instead of pypi, since the test cases are not in the pypi archive src = fetchFromGitHub { - owner = pname; - repo = pname; - rev = version; - hash = "sha256-JXz2Ufo7JSceZVqYwCRkuAsOR08znZlIUk8GCLAyiI4="; + owner = "cpplint"; + repo = "cpplint"; + rev = "refs/tags/${version}"; + hash = "sha256-N5YrlhEXQGYxhsJ4M5dGYZUzA81GKRSI83goaqbtCkI="; }; - patches = [ - ./0001-Remove-pytest-runner-version-pin.patch - - # The patch below stops using the sre_compile module, which was deprecated - # in Python 3.11 and replaces it with re.compile. Upstream is unsure if it - # should use re.compile or re._compiler.compile, so we should monitor the - # thread for updates. - # - # https://github.com/cpplint/cpplint/pull/214 - # - (fetchpatch { - name = "python-3.11-compatibility.patch"; - url = "https://github.com/cpplint/cpplint/commit/e84e84f53915ae2a9214e756cf89c573a73bbcd3.patch"; - hash = "sha256-u57AFWaVmGFSsvSGq1x9gZmTsuZPqXvTC7mTfyb2164="; - }) - ]; - postPatch = '' + substituteInPlace setup.py \ + --replace-fail '"pytest-runner==5.2"' "" + patchShebangs cpplint_unittest.py + + substituteInPlace cpplint_unittest.py \ + --replace-fail "assertEquals" "assertEqual" ''; - nativeCheckInputs = with python3Packages; [ pytest pytest-runner ]; + build-system = with python3Packages; [ + setuptools + ]; + + nativeCheckInputs = with python3Packages; [ + pytest + pytest-runner + ]; + checkPhase = '' ./cpplint_unittest.py ''; - meta = with lib; { + meta = { homepage = "https://github.com/cpplint/cpplint"; description = "Static code checker for C++"; mainProgram = "cpplint"; - maintainers = [ maintainers.bhipple ]; - license = [ licenses.bsd3 ]; + maintainers = [ lib.maintainers.bhipple ]; + license = [ lib.licenses.bsd3 ]; }; } diff --git a/pkgs/development/tools/analysis/dotenv-linter/default.nix b/pkgs/development/tools/analysis/dotenv-linter/default.nix index 75745be0148f7..603cc1d1ccbb7 100644 --- a/pkgs/development/tools/analysis/dotenv-linter/default.nix +++ b/pkgs/development/tools/analysis/dotenv-linter/default.nix @@ -16,7 +16,7 @@ rustPlatform.buildRustPackage rec { sha256 = "sha256-HCP1OUWm/17e73TbinmDxYUi18/KXxppstyUSixjlSo="; }; - cargoSha256 = "sha256-4r4NTq2rLnpmm/nwxJ9RoN2+JrUI6XKGfYFI78NY710="; + cargoHash = "sha256-4r4NTq2rLnpmm/nwxJ9RoN2+JrUI6XKGfYFI78NY710="; buildInputs = lib.optional stdenv.isDarwin Security; diff --git a/pkgs/development/tools/analysis/flow/default.nix b/pkgs/development/tools/analysis/flow/default.nix index 0ae0c3559300c..956e460deca39 100644 --- a/pkgs/development/tools/analysis/flow/default.nix +++ b/pkgs/development/tools/analysis/flow/default.nix @@ -2,13 +2,13 @@ stdenv.mkDerivation rec { pname = "flow"; - version = "0.237.2"; + version = "0.238.3"; src = fetchFromGitHub { owner = "facebook"; repo = "flow"; rev = "v${version}"; - hash = "sha256-VL547H8cGxuhx5Ho5gRVl60CUQ5EcBuH+xoE0zM5m7A="; + hash = "sha256-WlHta/wXTULehopXeIUdNAQb12Lf0SJnm1HIVHTDshA="; }; postPatch = '' diff --git a/pkgs/development/tools/analysis/frama-c/default.nix b/pkgs/development/tools/analysis/frama-c/default.nix index 87234ba584dbe..f682196a458f0 100644 --- a/pkgs/development/tools/analysis/frama-c/default.nix +++ b/pkgs/development/tools/analysis/frama-c/default.nix @@ -37,12 +37,12 @@ in stdenv.mkDerivation rec { pname = "frama-c"; - version = "28.1"; - slang = "Nickel"; + version = "29.0"; + slang = "Copper"; src = fetchurl { url = "https://frama-c.com/download/frama-c-${version}-${slang}.tar.gz"; - hash = "sha256-AiC8dDt9okaM65JvMx7cfd+qfGA7pHli3j4zyOHj9ZM="; + hash = "sha256-0vuzuND/g5RYcunm+iWOk0pwY2DmmNrjtNX5ca3fdJM="; }; preConfigure = '' diff --git a/pkgs/development/tools/analysis/hopper/default.nix b/pkgs/development/tools/analysis/hopper/default.nix index 8fcaa144ab8c1..a3ceed9c43e0e 100644 --- a/pkgs/development/tools/analysis/hopper/default.nix +++ b/pkgs/development/tools/analysis/hopper/default.nix @@ -3,7 +3,6 @@ , lib , autoPatchelfHook , wrapQtAppsHook -, gmpxx , gnustep , libbsd , libffi_3_3 diff --git a/pkgs/development/tools/analysis/kcov/default.nix b/pkgs/development/tools/analysis/kcov/default.nix index 473dc9d7a4bb1..efb0bba4a1b2f 100644 --- a/pkgs/development/tools/analysis/kcov/default.nix +++ b/pkgs/development/tools/analysis/kcov/default.nix @@ -17,13 +17,13 @@ let self = stdenv.mkDerivation rec { pname = "kcov"; - version = "42"; + version = "43"; src = fetchFromGitHub { owner = "SimonKagstrom"; repo = "kcov"; rev = "v${version}"; - sha256 = "sha256-8/182RjuNuyFzSyCgyyximGaveDyhStwIQg29S5U/pI="; + sha256 = "sha256-hRJYuHNSXyRoUDBF/yIPXPcBBxZoTO5cgoB2tBhKPwY="; }; preConfigure = "patchShebangs src/bin-to-c-source.py"; diff --git a/pkgs/development/tools/analysis/lcov/default.nix b/pkgs/development/tools/analysis/lcov/default.nix index c5e3b43eea061..0ed0ef816f092 100644 --- a/pkgs/development/tools/analysis/lcov/default.nix +++ b/pkgs/development/tools/analysis/lcov/default.nix @@ -16,9 +16,8 @@ let perlPackages.DevelCover perlPackages.GD perlPackages.JSONXS - perlPackages.MemoryProcess perlPackages.PathTools - ]; + ] ++ lib.optionals (!stdenv.isDarwin) [ perlPackages.MemoryProcess ]; in stdenv.mkDerivation rec { pname = "lcov"; diff --git a/pkgs/development/tools/analysis/panopticon/default.nix b/pkgs/development/tools/analysis/panopticon/default.nix index 08dd8d397f984..01ba9da439a48 100644 --- a/pkgs/development/tools/analysis/panopticon/default.nix +++ b/pkgs/development/tools/analysis/panopticon/default.nix @@ -1,4 +1,4 @@ -{ stdenv, lib, fetchFromGitHub, rustPlatform, qt5, git, cmake +{ lib, fetchFromGitHub, rustPlatform, qt5, git, cmake , pkg-config, makeWrapper }: rustPlatform.buildRustPackage rec { @@ -24,7 +24,7 @@ rustPlatform.buildRustPackage rec { dontWrapQtApps = true; - cargoSha256 = "0vhcb3kw1zgchx3nrk8lyrz8p5071y99vsysxvi71klv7dcvn0am"; + cargoHash = "sha256-VQG7WTubznDi7trrnZIPB5SLfvYUzWxHh+z9wOdYDG4="; doCheck = false; postInstall = '' diff --git a/pkgs/development/tools/analysis/pev/default.nix b/pkgs/development/tools/analysis/pev/default.nix index 75cdc15cdca0c..56b72c24c421e 100644 --- a/pkgs/development/tools/analysis/pev/default.nix +++ b/pkgs/development/tools/analysis/pev/default.nix @@ -8,7 +8,7 @@ stdenv.mkDerivation { owner = "merces"; repo = "pev"; rev = "beec2b4f09585fea919ed41ce466dee06be0b6bf"; - sha256 = "sha256-HrMbk9YbuqkoBBM7+rfXpqVEnd1rDl2rMePdcfU1WDg="; + hash = "sha256-HrMbk9YbuqkoBBM7+rfXpqVEnd1rDl2rMePdcfU1WDg="; fetchSubmodules = true; }; diff --git a/pkgs/development/tools/analysis/retdec/default.nix b/pkgs/development/tools/analysis/retdec/default.nix index 2448556aa62cc..c562479eb0522 100644 --- a/pkgs/development/tools/analysis/retdec/default.nix +++ b/pkgs/development/tools/analysis/retdec/default.nix @@ -230,7 +230,7 @@ stdenv.mkDerivation (self: { description = "Retargetable machine-code decompiler based on LLVM"; homepage = "https://retdec.com"; license = licenses.mit; - maintainers = with maintainers; [ dtzWill katrinafyi ]; + maintainers = with maintainers; [ katrinafyi ]; platforms = [ "x86_64-linux" ]; }; }) diff --git a/pkgs/development/tools/analysis/rr/default.nix b/pkgs/development/tools/analysis/rr/default.nix index 3a2ecc4c6d48e..3c10f4cc5716d 100644 --- a/pkgs/development/tools/analysis/rr/default.nix +++ b/pkgs/development/tools/analysis/rr/default.nix @@ -1,26 +1,34 @@ -{ lib, stdenv, fetchFromGitHub -, cmake, pkg-config, which, makeWrapper -, libpfm, zlib, python3Packages, procps, gdb, capnproto +{ + lib, + stdenv, + fetchFromGitHub, + bash, + capnproto, + cmake, + gdb, + libpfm, + makeWrapper, + pkg-config, + procps, + python3, + which, + zlib, }: -stdenv.mkDerivation rec { +stdenv.mkDerivation (finalAttrs: { version = "5.8.0"; pname = "rr"; src = fetchFromGitHub { owner = "mozilla"; repo = "rr"; - rev = version; + rev = finalAttrs.version; hash = "sha256-FudAAkWIe6gv4NYFoe9E0hlgTM70lymBE5Fw/vbehps="; }; - patches = [ ]; - postPatch = '' substituteInPlace src/Command.cc --replace '_BSD_SOURCE' '_DEFAULT_SOURCE' - sed '7i#include <math.h>' -i src/Scheduler.cc - sed '1i#include <ctime>' -i src/test-monitor/test-monitor.cc - patchShebangs . + patchShebangs src ''; # With LTO enabled, linking fails with the following message: @@ -31,14 +39,34 @@ stdenv.mkDerivation rec { # collect2: error: ld returned 1 exit status # # See also https://github.com/NixOS/nixpkgs/pull/110846 - preConfigure = ''substituteInPlace CMakeLists.txt --replace "-flto" ""''; + preConfigure = '' + substituteInPlace CMakeLists.txt --replace "-flto" "" + ''; + + strictDeps = true; + + nativeBuildInputs = [ + capnproto + cmake + makeWrapper + pkg-config + python3.pythonOnBuildForHost + which + ]; - nativeBuildInputs = [ cmake pkg-config which makeWrapper ]; buildInputs = [ - libpfm zlib python3Packages.python python3Packages.pexpect procps gdb capnproto + bash + capnproto + gdb + libpfm + procps + python3 + zlib ]; + cmakeFlags = [ - "-Ddisable32bit=ON" + (lib.cmakeBool "disable32bit" true) + (lib.cmakeBool "BUILD_TESTS" finalAttrs.finalPackage.doCheck) ]; # we turn on additional warnings due to hardening @@ -54,9 +82,7 @@ stdenv.mkDerivation rec { # needs GDB to replay programs at runtime preFixup = '' wrapProgram "$out/bin/rr" \ - --prefix PATH ":" "${lib.makeBinPath [ - gdb - ]}"; + --prefix PATH ":" "${lib.makeBinPath [ gdb ]}"; ''; meta = { @@ -69,8 +95,18 @@ stdenv.mkDerivation rec { time the same execution is replayed. ''; - license = with lib.licenses; [ mit bsd2 ]; - maintainers = with lib.maintainers; [ pierron thoughtpolice ]; - platforms = [ "i686-linux" "x86_64-linux" "aarch64-linux" ]; + license = with lib.licenses; [ + mit + bsd2 + ]; + maintainers = with lib.maintainers; [ + pierron + thoughtpolice + ]; + platforms = [ + "aarch64-linux" + "i686-linux" + "x86_64-linux" + ]; }; -} +}) diff --git a/pkgs/development/tools/analysis/smatch/default.nix b/pkgs/development/tools/analysis/smatch/default.nix index 93a74f2b4a6a7..b55e8c5bcfa41 100644 --- a/pkgs/development/tools/analysis/smatch/default.nix +++ b/pkgs/development/tools/analysis/smatch/default.nix @@ -32,7 +32,7 @@ stdenv.mkDerivation rec { meta = with lib; { description = "Semantic analysis tool for C"; homepage = "https://sparse.docs.kernel.org/"; - maintainers = with maintainers; [ ]; + maintainers = [ ]; license = licenses.gpl2Plus; platforms = platforms.all; }; diff --git a/pkgs/development/tools/analysis/snowman/default.nix b/pkgs/development/tools/analysis/snowman/default.nix index 870f084580b8f..706d3f6b8edb0 100644 --- a/pkgs/development/tools/analysis/snowman/default.nix +++ b/pkgs/development/tools/analysis/snowman/default.nix @@ -25,7 +25,7 @@ mkDerivation rec { # https://github.com/yegord/snowman/blob/master/doc/licenses.asciidoc license = licenses.gpl3Plus; - maintainers = with maintainers; [ dtzWill ]; + maintainers = [ ]; platforms = platforms.all; }; } diff --git a/pkgs/development/tools/analysis/snyk/default.nix b/pkgs/development/tools/analysis/snyk/default.nix index 1c983d6bfd6dd..1bbdcb9e73cf9 100644 --- a/pkgs/development/tools/analysis/snyk/default.nix +++ b/pkgs/development/tools/analysis/snyk/default.nix @@ -8,16 +8,16 @@ buildNpmPackage rec { pname = "snyk"; - version = "1.1291.0"; + version = "1.1292.2"; src = fetchFromGitHub { owner = "snyk"; repo = "cli"; rev = "refs/tags/v${version}"; - hash = "sha256-m70XujX2KOTvObjeBtoAbrYddi/+pLDLPXf/o+/DtmU="; + hash = "sha256-r7yQNxmvQ2RUUTX3zxEqnf7fgYJI/0kFqoPg60jI4ns="; }; - npmDepsHash = "sha256-f7sY7eCF8k28UnGyKqOP/exhsZQzUC70nIIjEOXEeC4="; + npmDepsHash = "sha256-hS1TYrqyYiixKtZoxWU10hj1ZC2RqrZ7gndU5B195/M="; postPatch = '' substituteInPlace package.json \ @@ -39,7 +39,7 @@ buildNpmPackage rec { homepage = "https://snyk.io"; changelog = "https://github.com/snyk/cli/releases/tag/v${version}"; license = licenses.asl20; - maintainers = with maintainers; [ ]; + maintainers = [ ]; mainProgram = "snyk"; }; } diff --git a/pkgs/development/tools/analysis/stylelint/default.nix b/pkgs/development/tools/analysis/stylelint/default.nix index c2a216afea9a9..23cb2bfc5173f 100644 --- a/pkgs/development/tools/analysis/stylelint/default.nix +++ b/pkgs/development/tools/analysis/stylelint/default.nix @@ -2,16 +2,16 @@ buildNpmPackage rec { pname = "stylelint"; - version = "16.6.1"; + version = "16.8.1"; src = fetchFromGitHub { owner = "stylelint"; repo = "stylelint"; rev = version; - hash = "sha256-wt9EVE3AAnOVJsDHG+qIXSqZ1I2MSITHjGpEGLPWOBY="; + hash = "sha256-LhLA1JxaTtdoXfylaDLiyW2gi0xy2l5Rm3B67+z1Wdc="; }; - npmDepsHash = "sha256-+74oklREFCDEa8E0QDBlIzfW943AStJxfXkQDqRGFyo="; + npmDepsHash = "sha256-xi6we8XOGaLqwTLrF0Enpx7jQgbHOSItuqzlvvNNBWQ="; dontNpmBuild = true; @@ -20,6 +20,6 @@ buildNpmPackage rec { mainProgram = "stylelint"; homepage = "https://stylelint.io"; license = licenses.mit; - maintainers = with maintainers; [ ]; + maintainers = [ ]; }; } diff --git a/pkgs/development/tools/analysis/svlint/default.nix b/pkgs/development/tools/analysis/svlint/default.nix index ef859f2a66a29..b4fb2512596ae 100644 --- a/pkgs/development/tools/analysis/svlint/default.nix +++ b/pkgs/development/tools/analysis/svlint/default.nix @@ -9,7 +9,7 @@ rustPlatform.buildRustPackage rec { src = fetchCrate { inherit pname version; - sha256 = "sha256-u61gmkO7eij7r1A1RPk0ro+pml7ZmMsg0ukJLCFNaD0="; + hash = "sha256-u61gmkO7eij7r1A1RPk0ro+pml7ZmMsg0ukJLCFNaD0="; }; cargoHash = "sha256-HBfCTOETQ1hHzLFDw12W58omRmliiWDFGSrmr3PELD8="; diff --git a/pkgs/development/tools/analysis/tflint-plugins/tflint-ruleset-aws.nix b/pkgs/development/tools/analysis/tflint-plugins/tflint-ruleset-aws.nix index a765966e35cb8..d9a851d09824f 100644 --- a/pkgs/development/tools/analysis/tflint-plugins/tflint-ruleset-aws.nix +++ b/pkgs/development/tools/analysis/tflint-plugins/tflint-ruleset-aws.nix @@ -5,16 +5,16 @@ buildGoModule rec { pname = "tflint-ruleset-aws"; - version = "0.31.0"; + version = "0.32.0"; src = fetchFromGitHub { owner = "terraform-linters"; repo = pname; rev = "v${version}"; - hash = "sha256-1ttqSRz++xJdpJIQ+rSCiGFhN5EJwW6tbAporc8J0LU="; + hash = "sha256-sgAr4kUBjKIH+DgI5XqH/Zs3uL0yiYwlBa6vO0m++xM="; }; - vendorHash = "sha256-4QH/KehKBSNQhW8z/tk5ExAXKQNQ5Rl3RKyj+0jm/eI="; + vendorHash = "sha256-B2QFjJKwfQYZP8ypiv7bNkFNr3ejP42WA/bmv4Jz46c="; # upstream Makefile also does a go test $(go list ./... | grep -v integration) preCheck = '' diff --git a/pkgs/development/tools/analysis/tflint-plugins/tflint-ruleset-google.nix b/pkgs/development/tools/analysis/tflint-plugins/tflint-ruleset-google.nix index 5fa8efd23a1c6..7dfeea873ac29 100644 --- a/pkgs/development/tools/analysis/tflint-plugins/tflint-ruleset-google.nix +++ b/pkgs/development/tools/analysis/tflint-plugins/tflint-ruleset-google.nix @@ -5,16 +5,16 @@ buildGoModule rec { pname = "tflint-ruleset-google"; - version = "0.29.0"; + version = "0.30.0"; src = fetchFromGitHub { owner = "terraform-linters"; repo = pname; rev = "v${version}"; - hash = "sha256-cflmuvILMJX7jsz6OKPcaN/KezvWiqiv20Sw4vJ/mUk="; + hash = "sha256-eE1KSfbMbNuHlzEi7+zTRdxq548+pB8p01iIWoE2NAQ="; }; - vendorHash = "sha256-xxSOjnzqESCOWtXsAGuTwVEoinvBNuJFaxDrIVc1O08="; + vendorHash = "sha256-nuucBbqS+D12JEPoS/QHHTcPKaTjsD4oxnVLDMmLwNA="; # upstream Makefile also does a go test $(go list ./... | grep -v integration) preCheck = '' diff --git a/pkgs/development/tools/analysis/tflint/default.nix b/pkgs/development/tools/analysis/tflint/default.nix index 93dbe645220a2..c3a7b65b051d5 100644 --- a/pkgs/development/tools/analysis/tflint/default.nix +++ b/pkgs/development/tools/analysis/tflint/default.nix @@ -10,16 +10,16 @@ buildGoModule rec { pname = "tflint"; - version = "0.51.1"; + version = "0.52.0"; src = fetchFromGitHub { owner = "terraform-linters"; repo = pname; rev = "v${version}"; - hash = "sha256-f2U/DK2yaJI0t125k0N4SHjNvSUYPtqTjR91EJnimGQ="; + hash = "sha256-H27krznCX00F0EZ4ahdsMVh+wcAAUC/ErQac9Y4QaJs="; }; - vendorHash = "sha256-xx/WF/yR++oB+7az9i/JkhYuOZsPoCBgYITqBR1Gv5c="; + vendorHash = "sha256-jTwzheC/BtcuLGwtLanOccbidOPCHmqxJ4Mwhsid6jY="; doCheck = false; diff --git a/pkgs/development/tools/analysis/tfsec/default.nix b/pkgs/development/tools/analysis/tfsec/default.nix index 28aa1e39e89e1..3a97b63216b59 100644 --- a/pkgs/development/tools/analysis/tfsec/default.nix +++ b/pkgs/development/tools/analysis/tfsec/default.nix @@ -6,13 +6,13 @@ buildGoModule rec { pname = "tfsec"; - version = "1.28.6"; + version = "1.28.9"; src = fetchFromGitHub { owner = "aquasecurity"; repo = "tfsec"; rev = "refs/tags/v${version}"; - hash = "sha256-Dc6eXw1qGr2KxRoG3Odfa07s2SYdnxVbJHeVQdETBIs="; + hash = "sha256-Dulbo5ZTw4+1XxjpnZ1aIsVPLVEqwQKdNMv+L9/j1wc="; }; ldflags = [ @@ -23,7 +23,7 @@ buildGoModule rec { # "-extldflags '-fno-PIC -static'" ]; - vendorHash = "sha256-RxsoTNj/V1UgcMq7vbjGlkJCMEVyvfmSz2IPncs53hY="; + vendorHash = "sha256-Hu530cBJWGtvMmQ6gbROXf5JBfkOfc4nwznsKBTegUk="; subPackages = [ "cmd/tfsec" |