From 8826b550a0d519c9adfd5d024ec8557170d34dc5 Mon Sep 17 00:00:00 2001 From: Mario Rodas Date: Thu, 30 Mar 2023 04:20:00 +0000 Subject: ruby: update default version to `ruby_3_1` --- pkgs/top-level/all-packages.nix | 12 +++--------- 1 file changed, 3 insertions(+), 9 deletions(-) (limited to 'pkgs/top-level') diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 73b601bbb8e9a..ec246059a6cd5 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -5864,13 +5864,7 @@ with pkgs; enableExtraPlugins = true; }; - asciidoctor = callPackage ../tools/typesetting/asciidoctor { - bundlerApp = bundlerApp.override { - # asciidoc supports both ruby 2 and 3, - # but we don't want to be stuck on it: - ruby = ruby_3_1; - }; - }; + asciidoctor = callPackage ../tools/typesetting/asciidoctor { }; asciidoctor-with-extensions = callPackage ../tools/typesetting/asciidoctor-with-extensions { }; @@ -17012,8 +17006,8 @@ with pkgs; ruby_3_1 ruby_3_2; - ruby = ruby_2_7; - rubyPackages = rubyPackages_2_7; + ruby = ruby_3_1; + rubyPackages = rubyPackages_3_1; rubyPackages_2_7 = recurseIntoAttrs ruby_2_7.gems; rubyPackages_3_0 = recurseIntoAttrs ruby_3_0.gems; -- cgit 1.4.1 From 7d2235a9ca7294d9df4602f3fed751a3f9029861 Mon Sep 17 00:00:00 2001 From: Garry Filakhtov Date: Mon, 3 Apr 2023 10:33:40 +1000 Subject: systemdMinimal: re-enable kmod integration My previous attempt to slim things down for systemdMinimal ended up breaking the Mobile NixOS use case, as it uses udevd from the systemdMinimal package. Re-enabling the `withKmod` attribute to address this problem. --- pkgs/top-level/all-packages.nix | 1 - 1 file changed, 1 deletion(-) (limited to 'pkgs/top-level') diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index cf1638eada07e..4d4ccc1d01ade 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -27242,7 +27242,6 @@ with pkgs; withHomed = false; withHwdb = false; withImportd = false; - withKmod = false; withLibBPF = false; withLibidn2 = false; withLocaled = false; -- cgit 1.4.1 From ea67874c07959f79e63752510453257173750277 Mon Sep 17 00:00:00 2001 From: Hraban Luyat Date: Wed, 15 Mar 2023 00:18:45 +0000 Subject: sbcl: 2.3.0 -> 2.3.2 --- pkgs/development/compilers/sbcl/2.x.nix | 4 ++++ pkgs/top-level/all-packages.nix | 6 +++++- 2 files changed, 9 insertions(+), 1 deletion(-) (limited to 'pkgs/top-level') diff --git a/pkgs/development/compilers/sbcl/2.x.nix b/pkgs/development/compilers/sbcl/2.x.nix index 4fcccbf970410..901d2c9e388cb 100644 --- a/pkgs/development/compilers/sbcl/2.x.nix +++ b/pkgs/development/compilers/sbcl/2.x.nix @@ -65,6 +65,10 @@ let "2.3.0" = { sha256 = "sha256-v3Q5SXEq4Cy3ST87i1fOJBlIv2ETHjaGDdszTaFDnJc="; }; + + "2.3.2" = { + sha256 = "sha256-RMwWLPpjMqmojHoSHRkDiCikuk9r/7d+8cexdAfLHqo="; + }; }; in with versionMap.${version}; diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 26467839117bb..4946b3e8d2767 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -24622,7 +24622,11 @@ with pkgs; pkg = callPackage ../development/compilers/sbcl/2.x.nix { version = "2.3.0"; }; faslExt = "fasl"; }; - sbcl = sbcl_2_3_0; + sbcl_2_3_2 = wrapLisp { + pkg = callPackage ../development/compilers/sbcl/2.x.nix { version = "2.3.2"; }; + faslExt = "fasl"; + }; + sbcl = sbcl_2_3_2; sbclPackages = recurseIntoAttrs sbcl.pkgs; -- cgit 1.4.1 From b1d4dfddaf961fe8eab1207fb840fe9a67a3b72d Mon Sep 17 00:00:00 2001 From: Artturin Date: Mon, 10 Apr 2023 21:37:31 +0300 Subject: Revert "julia{18,19,}: fix build by a temporary hack" This reverts commit e2691227cdc424c643511d40fd6234acdf77372e. --- pkgs/build-support/cc-wrapper/default.nix | 7 +------ pkgs/development/compilers/gcc/12/default.nix | 2 +- pkgs/top-level/all-packages.nix | 17 ++--------------- 3 files changed, 4 insertions(+), 22 deletions(-) (limited to 'pkgs/top-level') diff --git a/pkgs/build-support/cc-wrapper/default.nix b/pkgs/build-support/cc-wrapper/default.nix index 24680754c8d5d..597e8105fa1dd 100644 --- a/pkgs/build-support/cc-wrapper/default.nix +++ b/pkgs/build-support/cc-wrapper/default.nix @@ -17,7 +17,6 @@ , isGNU ? false, isClang ? cc.isClang or false, gnugrep ? null , buildPackages ? {} , libcxx ? null -, grossHackForStagingNext ? false # Whether or not to add `-B` and `-L` to `nix-support/cc-{c,ld}flags` , useCcForLibs ? @@ -408,11 +407,7 @@ stdenv.mkDerivation { touch "$out/nix-support/libcxx-cxxflags" touch "$out/nix-support/libcxx-ldflags" '' - # Adding -isystem flags should be done only for clang; gcc - # already knows how to find its own libstdc++, and adding - # additional -isystem flags will confuse gfortran (see - # https://github.com/NixOS/nixpkgs/pull/209870#issuecomment-1500550903) - + optionalString (libcxx == null && (if grossHackForStagingNext then isClang else true) && (useGccForLibs && gccForLibs.langCC or false)) '' + + optionalString (libcxx == null && (useGccForLibs && gccForLibs.langCC or false)) '' for dir in ${gccForLibs}${lib.optionalString (hostPlatform != targetPlatform) "/${targetPlatform.config}"}/include/c++/*; do echo "-isystem $dir" >> $out/nix-support/libcxx-cxxflags done diff --git a/pkgs/development/compilers/gcc/12/default.nix b/pkgs/development/compilers/gcc/12/default.nix index bf1c6e2ffae84..ffe94eab3ce39 100644 --- a/pkgs/development/compilers/gcc/12/default.nix +++ b/pkgs/development/compilers/gcc/12/default.nix @@ -29,7 +29,6 @@ , buildPackages , libxcrypt , disableGdbPlugin ? !enablePlugin -, disableBootstrap ? !stdenv.hostPlatform.isDarwin , nukeReferences , callPackage }: @@ -57,6 +56,7 @@ with builtins; let majorVersion = "12"; version = "${majorVersion}.2.0"; + disableBootstrap = !stdenv.hostPlatform.isDarwin; inherit (stdenv) buildPlatform hostPlatform targetPlatform; diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 3bec8181f2107..f0c79e15cf554 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -14855,15 +14855,6 @@ with pkgs; profiledCompiler = false; }); - gfortran-tmp-noisystem = wrapCCWith { grossHackForStagingNext = true; cc = (gcc.cc.override { - name = "gfortran"; - langFortran = true; - langCC = false; - langC = false; - profiledCompiler = false; - disableBootstrap = false; - }); }; - gfortran48 = wrapCC (gcc48.cc.override { name = "gfortran"; langFortran = true; @@ -15345,12 +15336,8 @@ with pkgs; julia_16-bin = callPackage ../development/compilers/julia/1.6-bin.nix { }; julia_18-bin = callPackage ../development/compilers/julia/1.8-bin.nix { }; - julia_18 = callPackage ../development/compilers/julia/1.8.nix { - gfortran = gfortran-tmp-noisystem; - }; - julia_19 = callPackage ../development/compilers/julia/1.9.nix { - gfortran = gfortran-tmp-noisystem; - }; + julia_18 = callPackage ../development/compilers/julia/1.8.nix { }; + julia_19 = callPackage ../development/compilers/julia/1.9.nix { }; julia-lts-bin = julia_16-bin; julia-stable-bin = julia_18-bin; -- cgit 1.4.1 From 15e2a735f817d77f06139cd99ce52b3ec5272ccb Mon Sep 17 00:00:00 2001 From: Adam Joseph Date: Wed, 12 Apr 2023 08:15:45 -0700 Subject: Revert "cc-wrapper: add optional temporary hack for -B" This reverts commit ac3acd956f730fa9870d4488c91699c8e2892a39. --- pkgs/build-support/cc-wrapper/default.nix | 5 +---- pkgs/development/compilers/llvm/13/default.nix | 3 +-- pkgs/development/compilers/llvm/rocm/default.nix | 3 --- pkgs/top-level/all-packages.nix | 3 --- 4 files changed, 2 insertions(+), 12 deletions(-) (limited to 'pkgs/top-level') diff --git a/pkgs/build-support/cc-wrapper/default.nix b/pkgs/build-support/cc-wrapper/default.nix index 25aa558638fb9..fdc1457cc469b 100644 --- a/pkgs/build-support/cc-wrapper/default.nix +++ b/pkgs/build-support/cc-wrapper/default.nix @@ -51,7 +51,6 @@ # the derivation at which the `-B` and `-L` flags added by `useCcForLibs` will point , gccForLibs ? if useCcForLibs then cc else null -, tmpDropB ? false # temporary hack; see PR #225846 }: with lib; @@ -335,11 +334,9 @@ stdenv.mkDerivation { ## ## GCC libs for non-GCC support ## - + optionalString (useGccForLibs && !tmpDropB) '' + + optionalString useGccForLibs '' echo "-B${gccForLibs}/lib/gcc/${targetPlatform.config}/${gccForLibs.version}" >> $out/nix-support/cc-cflags - '' - + optionalString useGccForLibs '' echo "-L${gccForLibs}/lib/gcc/${targetPlatform.config}/${gccForLibs.version}" >> $out/nix-support/cc-ldflags echo "-L${gccForLibs.lib}/${targetPlatform.config}/lib" >> $out/nix-support/cc-ldflags '' diff --git a/pkgs/development/compilers/llvm/13/default.nix b/pkgs/development/compilers/llvm/13/default.nix index 528bfbe5314a4..e7ae839a6e5f2 100644 --- a/pkgs/development/compilers/llvm/13/default.nix +++ b/pkgs/development/compilers/llvm/13/default.nix @@ -1,5 +1,4 @@ { lowPrio, newScope, pkgs, lib, stdenv, cmake -, stdenv-tmpDropB , gccForLibs, preLibcCrossHeaders , libxml2, python3, isl, fetchFromGitHub, overrideCC, wrapCCWith, wrapBintoolsWith , buildLlvmTools # tools, but from the previous stage, for cross @@ -244,7 +243,7 @@ let inherit llvm_meta; stdenv = if stdenv.hostPlatform.useLLVM or false then overrideCC stdenv buildLlvmTools.clangNoCompilerRt - else stdenv-tmpDropB; + else stdenv; }; # N.B. condition is safe because without useLLVM both are the same. diff --git a/pkgs/development/compilers/llvm/rocm/default.nix b/pkgs/development/compilers/llvm/rocm/default.nix index e47b69c56b874..7c82cc4330b96 100644 --- a/pkgs/development/compilers/llvm/rocm/default.nix +++ b/pkgs/development/compilers/llvm/rocm/default.nix @@ -1,6 +1,5 @@ { lib , stdenv -, stdenv-tmpDropB , callPackage , overrideCC , wrapCCWith @@ -79,8 +78,6 @@ let # Runtimes runtimes = callPackage ./llvm.nix { - stdenv = stdenv-tmpDropB; - buildDocs = false; buildMan = false; buildTests = false; diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index a172ed16314a5..34084c54a833c 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -15545,9 +15545,6 @@ with pkgs; llvmPackages_rocm = recurseIntoAttrs (callPackage ../development/compilers/llvm/rocm { }); - # temporary hack; see PR #225846 - stdenv-tmpDropB = overrideCC stdenv (wrapCCWith { tmpDropB = true; inherit (stdenv.cc) cc; }); - lorri = callPackage ../tools/misc/lorri { inherit (darwin.apple_sdk.frameworks) CoreServices Security; }; -- cgit 1.4.1 From 6be78e28b446703b80e83724b3cf14c44b9bbca7 Mon Sep 17 00:00:00 2001 From: Alexis Hildebrandt Date: Tue, 7 Feb 2023 12:17:48 +0100 Subject: libgcrypt: 1.5.6 -> 1.8.10 --- pkgs/development/libraries/libgcrypt/1.5.nix | 53 -------------------- pkgs/development/libraries/libgcrypt/1.8.nix | 75 ++++++++++++++++++++++++++++ pkgs/top-level/all-packages.nix | 2 +- 3 files changed, 76 insertions(+), 54 deletions(-) delete mode 100644 pkgs/development/libraries/libgcrypt/1.5.nix create mode 100644 pkgs/development/libraries/libgcrypt/1.8.nix (limited to 'pkgs/top-level') diff --git a/pkgs/development/libraries/libgcrypt/1.5.nix b/pkgs/development/libraries/libgcrypt/1.5.nix deleted file mode 100644 index 918ed20efaaf6..0000000000000 --- a/pkgs/development/libraries/libgcrypt/1.5.nix +++ /dev/null @@ -1,53 +0,0 @@ -{ lib, stdenv, fetchpatch, fetchurl, libgpg-error, enableCapabilities ? false, libcap }: - -assert enableCapabilities -> stdenv.isLinux; - -stdenv.mkDerivation rec { - pname = "libgcrypt"; - version = "1.5.6"; - - src = fetchurl { - url = "mirror://gnupg/libgcrypt/libgcrypt-${version}.tar.bz2"; - sha256 = "0ydy7bgra5jbq9mxl5x031nif3m6y3balc6ndw2ngj11wnsjc61h"; - }; - - patches = lib.optionals stdenv.isDarwin [ - (fetchpatch { - name = "fix-x86_64-apple-darwin.patch"; - sha256 = "138sfwl1avpy19320dbd63mskspc1khlc93j1f1zmylxx3w19csi"; - url = "https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=patch;h=71939faa7c54e7b4b28d115e748a85f134876a02"; - }) - ]; - - buildInputs = - [ libgpg-error ] - ++ lib.optional enableCapabilities libcap; - - # Make sure libraries are correct for .pc and .la files - # Also make sure includes are fixed for callers who don't use libgpgcrypt-config - postInstall = '' - sed -i 's,#include ,#include "${libgpg-error.dev}/include/gpg-error.h",g' $out/include/gcrypt.h - '' + lib.optionalString enableCapabilities '' - sed -i 's,\(-lcap\),-L${libcap.lib}/lib \1,' $out/lib/libgcrypt.la - ''; - - doCheck = true; - - meta = with lib; { - homepage = "https://www.gnu.org/software/libgcrypt/"; - description = "General-pupose cryptographic library"; - license = licenses.lgpl2Plus; - platforms = platforms.all; - knownVulnerabilities = [ - "CVE-2014-3591" - "CVE-2015-0837" - "CVE-2015-7511" - "CVE-2017-0379" - "CVE-2017-7526" - "CVE-2017-9526" - "CVE-2018-0495" - "CVE-2018-6829" - "CVE-2018-12437" - ]; - }; -} diff --git a/pkgs/development/libraries/libgcrypt/1.8.nix b/pkgs/development/libraries/libgcrypt/1.8.nix new file mode 100644 index 0000000000000..cce79780f1cbe --- /dev/null +++ b/pkgs/development/libraries/libgcrypt/1.8.nix @@ -0,0 +1,75 @@ +{ lib +, stdenv +, fetchurl +, libgpg-error +, enableCapabilities ? false, libcap +, buildPackages +# for passthru.tests +, gnupg +, libotr +, rsyslog +}: + +assert enableCapabilities -> stdenv.isLinux; + +stdenv.mkDerivation rec { + pname = "libgcrypt"; + version = "1.8.10"; + + src = fetchurl { + url = "mirror://gnupg/libgcrypt/libgcrypt-${version}.tar.bz2"; + sha256 = "sha256-aJaRVQH5UeI9AtywRTRpwswiqk13oAH/c6JkfC0p590="; + }; + + outputs = [ "out" "dev" "info" ]; + outputBin = "dev"; + + # The CPU Jitter random number generator must not be compiled with + # optimizations and the optimize -O0 pragma only works for gcc. + # The build enables -O2 by default for everything else. + hardeningDisable = lib.optional stdenv.cc.isClang "fortify"; + + depsBuildBuild = [ buildPackages.stdenv.cc ]; + + buildInputs = [ libgpg-error ] + ++ lib.optional enableCapabilities libcap; + + strictDeps = true; + + configureFlags = [ "--with-libgpg-error-prefix=${libgpg-error.dev}" ] + ++ lib.optional (stdenv.hostPlatform.isMusl || (stdenv.hostPlatform.isDarwin && stdenv.hostPlatform.isAarch64)) "--disable-asm"; # for darwin see https://dev.gnupg.org/T5157 + + # Necessary to generate correct assembly when compiling for aarch32 on + # aarch64 + configurePlatforms = [ "host" "build" ]; + + postConfigure = '' + sed -i configure \ + -e 's/NOEXECSTACK_FLAGS=$/NOEXECSTACK_FLAGS="-Wa,--noexecstack"/' + ''; + + # Make sure libraries are correct for .pc and .la files + # Also make sure includes are fixed for callers who don't use libgpgcrypt-config + postFixup = '' + sed -i 's,#include ,#include "${libgpg-error.dev}/include/gpg-error.h",g' "$dev/include/gcrypt.h" + '' + lib.optionalString enableCapabilities '' + sed -i 's,\(-lcap\),-L${libcap.lib}/lib \1,' $out/lib/libgcrypt.la + ''; + + doCheck = true; + + passthru.tests = { + inherit gnupg libotr rsyslog; + }; + + meta = with lib; { + homepage = "https://www.gnu.org/software/libgcrypt/"; + changelog = "https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=blob;f=NEWS;hb=refs/tags/${pname}-${version}"; + description = "General-purpose cryptographic library"; + license = licenses.lgpl2Plus; + platforms = platforms.all; + knownVulnerabilities = [ + "CVE-2018-12437" # CVE is about LibTomCrypt + ]; + }; +} diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 9013115d95303..6e59fa26be576 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -21519,7 +21519,7 @@ with pkgs; libgcrypt = callPackage ../development/libraries/libgcrypt { }; - libgcrypt_1_5 = callPackage ../development/libraries/libgcrypt/1.5.nix { }; + libgcrypt_1_8 = callPackage ../development/libraries/libgcrypt/1.8.nix { }; libgdiplus = callPackage ../development/libraries/libgdiplus { inherit (darwin.apple_sdk.frameworks) Carbon; -- cgit 1.4.1 From 6f635e39af3e6ac03db4032258b28666e103051e Mon Sep 17 00:00:00 2001 From: Alexis Hildebrandt Date: Tue, 7 Feb 2023 12:18:33 +0100 Subject: gnupg: Add LTS version 2.2.41 --- ...-of-previously-known-keys-even-without-UI.patch | 107 +++++++++++++++++++ pkgs/tools/security/gnupg/22.nix | 113 +++++++++++++++++++++ ...-of-previously-known-keys-even-without-UI.patch | 107 +++++++++++++++++++ pkgs/tools/security/gnupg/24.nix | 54 ++++++---- ...-of-previously-known-keys-even-without-UI.patch | 107 ------------------- pkgs/top-level/all-packages.nix | 7 +- 6 files changed, 367 insertions(+), 128 deletions(-) create mode 100644 pkgs/tools/security/gnupg/22-allow-import-of-previously-known-keys-even-without-UI.patch create mode 100644 pkgs/tools/security/gnupg/22.nix create mode 100644 pkgs/tools/security/gnupg/24-allow-import-of-previously-known-keys-even-without-UI.patch delete mode 100644 pkgs/tools/security/gnupg/allow-import-of-previously-known-keys-even-without-UI.patch (limited to 'pkgs/top-level') diff --git a/pkgs/tools/security/gnupg/22-allow-import-of-previously-known-keys-even-without-UI.patch b/pkgs/tools/security/gnupg/22-allow-import-of-previously-known-keys-even-without-UI.patch new file mode 100644 index 0000000000000..e8fbe1688402d --- /dev/null +++ b/pkgs/tools/security/gnupg/22-allow-import-of-previously-known-keys-even-without-UI.patch @@ -0,0 +1,107 @@ +From: Vincent Breitmoser +Date: Thu, 13 Jun 2019 21:27:42 +0200 +Subject: gpg: allow import of previously known keys, even without UIDs + +* g10/import.c (import_one): Accept an incoming OpenPGP certificate that +has no user id, as long as we already have a local variant of the cert +that matches the primary key. + +-- + +This fixes two of the three broken tests in import-incomplete.scm. + +GnuPG-Bug-id: 4393 +Signed-off-by: Daniel Kahn Gillmor +--- + g10/import.c | 44 +++++++++++--------------------------------- + 1 file changed, 11 insertions(+), 33 deletions(-) + + +diff --git a/g10/import.c b/g10/import.c +index cd3363fc7..8f10771db 100644 +--- a/g10/import.c ++++ b/g10/import.c +@@ -1858,7 +1858,6 @@ import_one_real (ctrl_t ctrl, + size_t an; + char pkstrbuf[PUBKEY_STRING_SIZE]; + int merge_keys_done = 0; +- int any_filter = 0; + KEYDB_HANDLE hd = NULL; + + if (r_valid) +@@ -1896,13 +1895,6 @@ import_one_real (ctrl_t ctrl, + } + + +- if (!uidnode ) +- { +- if (!silent) +- log_error( _("key %s: no user ID\n"), keystr_from_pk(pk)); +- return 0; +- } +- + if (screener && screener (keyblock, screener_arg)) + { + log_error (_("key %s: %s\n"), keystr_from_pk (pk), +@@ -1977,18 +1969,10 @@ import_one_real (ctrl_t ctrl, + } + } + +- /* Delete invalid parts and bail out if there are no user ids left. */ +- if (!delete_inv_parts (ctrl, keyblock, keyid, options, otherrevsigs)) +- { +- if (!silent) +- { +- log_error( _("key %s: no valid user IDs\n"), keystr_from_pk(pk)); +- if (!opt.quiet ) +- log_info(_("this may be caused by a missing self-signature\n")); +- } +- stats->no_user_id++; +- return 0; +- } ++ /* Delete invalid parts, and note if we have any valid ones left. ++ * We will later abort import if this key is new but contains ++ * no valid uids. */ ++ delete_inv_parts (ctrl, keyblock, keyid, options, otherrevsigs); + + /* Get rid of deleted nodes. */ + commit_kbnode (&keyblock); +@@ -1998,24 +1982,11 @@ import_one_real (ctrl_t ctrl, + { + apply_keep_uid_filter (ctrl, keyblock, import_filter.keep_uid); + commit_kbnode (&keyblock); +- any_filter = 1; + } + if (import_filter.drop_sig) + { + apply_drop_sig_filter (ctrl, keyblock, import_filter.drop_sig); + commit_kbnode (&keyblock); +- any_filter = 1; +- } +- +- /* If we ran any filter we need to check that at least one user id +- * is left in the keyring. Note that we do not use log_error in +- * this case. */ +- if (any_filter && !any_uid_left (keyblock)) +- { +- if (!opt.quiet ) +- log_info ( _("key %s: no valid user IDs\n"), keystr_from_pk (pk)); +- stats->no_user_id++; +- return 0; + } + + /* The keyblock is valid and ready for real import. */ +@@ -2073,6 +2044,13 @@ import_one_real (ctrl_t ctrl, + err = 0; + stats->skipped_new_keys++; + } ++ else if (err && !any_uid_left (keyblock)) ++ { ++ if (!silent) ++ log_info( _("key %s: new key but contains no user ID - skipped\n"), keystr(keyid)); ++ err = 0; ++ stats->no_user_id++; ++ } + else if (err) /* Insert this key. */ + { + /* Note: ERR can only be NO_PUBKEY or UNUSABLE_PUBKEY. */ diff --git a/pkgs/tools/security/gnupg/22.nix b/pkgs/tools/security/gnupg/22.nix new file mode 100644 index 0000000000000..7c93e1c70f2c8 --- /dev/null +++ b/pkgs/tools/security/gnupg/22.nix @@ -0,0 +1,113 @@ +{ lib, stdenv, fetchurl, buildPackages +, pkg-config, texinfo +, gettext, libassuan, libgcrypt, libgpg-error, libiconv, libksba, npth +, adns, bzip2, gnutls, libusb1, openldap, readline, sqlite, zlib +, enableMinimal ? false +, withPcsc ? !enableMinimal, pcsclite +, guiSupport ? stdenv.isDarwin, pinentry +}: + +let + pinentryBinaryPath = pinentry.binaryPath or "bin/pinentry"; +in + +assert guiSupport -> enableMinimal == false; + +stdenv.mkDerivation rec { + pname = "gnupg"; + version = "2.2.41"; + + src = fetchurl { + url = "mirror://gnupg/gnupg/${pname}-${version}.tar.bz2"; + hash = "sha256-E/MpEAel6FRvy3vAxmEM5EqqmzmVBZ1PgUW6Cf1b4+E="; + }; + + depsBuildBuild = [ buildPackages.stdenv.cc ]; + nativeBuildInputs = [ pkg-config texinfo ]; + buildInputs = [ + gettext libassuan libgcrypt libgpg-error libiconv libksba npth + ] ++ lib.optionals (!enableMinimal) [ + adns bzip2 gnutls libusb1 openldap readline sqlite zlib + ]; + + patches = [ + ./fix-libusb-include-path.patch + ./tests-add-test-cases-for-import-without-uid.patch + ./accept-subkeys-with-a-good-revocation-but-no-self-sig.patch + + # The following patch has no effect as the code is + # "[d]isabled for 2.2.19 to due problems with the standard hkps pool." + #./0001-dirmngr-Only-use-SKS-pool-CA-for-SKS-pool.patch + + ./22-allow-import-of-previously-known-keys-even-without-UI.patch + ]; + + postPatch = '' + sed -i 's,hkps://hkps.pool.sks-keyservers.net,hkps://keys.openpgp.org,g' configure doc/dirmngr.texi doc/gnupg.info-1 + # Fix broken SOURCE_DATE_EPOCH usage - remove on the next upstream update + sed -i 's/$SOURCE_DATE_EPOCH/''${SOURCE_DATE_EPOCH}/' doc/Makefile.am + sed -i 's/$SOURCE_DATE_EPOCH/''${SOURCE_DATE_EPOCH}/' doc/Makefile.in + '' + lib.optionalString (stdenv.isLinux && withPcsc) '' + sed -i 's,"libpcsclite\.so[^"]*","${lib.getLib pcsclite}/lib/libpcsclite.so",g' scd/scdaemon.c + ''; + + configureFlags = [ + "--with-libgpg-error-prefix=${libgpg-error.dev}" + "--with-libgcrypt-prefix=${libgcrypt.dev}" + "--with-libassuan-prefix=${libassuan.dev}" + "--with-ksba-prefix=${libksba.dev}" + "--with-npth-prefix=${npth}" + ] + ++ lib.optional guiSupport "--with-pinentry-pgm=${pinentry}/${pinentryBinaryPath}" + ++ lib.optional stdenv.isDarwin "--disable-ccid-driver"; + + postInstall = if enableMinimal + then '' + rm -r $out/{libexec,sbin,share} + for f in $(find $out/bin -type f -not -name gpg) + do + rm $f + done + '' else '' + mkdir -p $out/lib/systemd/user + for f in doc/examples/systemd-user/*.{service,socket} ; do + substitute $f $out/lib/systemd/user/$(basename $f) \ + --replace /usr/bin $out/bin + done + + # add gpg2 symlink to make sure git does not break when signing commits + ln -s $out/bin/gpg $out/bin/gpg2 + + # Make libexec tools available in PATH + for f in $out/libexec/; do + if [[ "$(basename $f)" == "gpg-wks-client" ]]; then continue; fi + ln -s $f $out/bin/$(basename $f) + done + + ln -s -t $out/bin $out/libexec/* + ''; + + enableParallelBuilding = true; + + passthru.tests.connman = lib.nixosTests.gnupg; + + meta = with lib; { + homepage = "https://gnupg.org"; + description = "LTS release of the GNU Privacy Guard, a GPL OpenPGP implementation"; + license = licenses.gpl3Plus; + longDescription = '' + The GNU Privacy Guard is the GNU project's complete and free + implementation of the OpenPGP standard as defined by RFC4880. GnuPG + "modern" (2.1) is the latest development with a lot of new features. + GnuPG allows to encrypt and sign your data and communication, features a + versatile key management system as well as access modules for all kind of + public key directories. GnuPG, also known as GPG, is a command line tool + with features for easy integration with other applications. A wealth of + frontend applications and libraries are available. Version 2 of GnuPG + also provides support for S/MIME. + ''; + maintainers = with maintainers; [ fpletz vrthra ]; + platforms = platforms.all; + mainProgram = "gpg"; + }; +} diff --git a/pkgs/tools/security/gnupg/24-allow-import-of-previously-known-keys-even-without-UI.patch b/pkgs/tools/security/gnupg/24-allow-import-of-previously-known-keys-even-without-UI.patch new file mode 100644 index 0000000000000..8d4f703a3dd14 --- /dev/null +++ b/pkgs/tools/security/gnupg/24-allow-import-of-previously-known-keys-even-without-UI.patch @@ -0,0 +1,107 @@ +From: Vincent Breitmoser +Date: Thu, 13 Jun 2019 21:27:42 +0200 +Subject: gpg: allow import of previously known keys, even without UIDs + +* g10/import.c (import_one): Accept an incoming OpenPGP certificate that +has no user id, as long as we already have a local variant of the cert +that matches the primary key. + +-- + +This fixes two of the three broken tests in import-incomplete.scm. + +GnuPG-Bug-id: 4393 +Signed-off-by: Daniel Kahn Gillmor +--- + g10/import.c | 44 +++++++++++--------------------------------- + 1 file changed, 11 insertions(+), 33 deletions(-) + + +diff --git a/g10/import.c b/g10/import.c +index 9fab46ca6..61896a6bf 100644 +--- a/g10/import.c ++++ b/g10/import.c +@@ -1954,7 +1954,6 @@ import_one_real (ctrl_t ctrl, + size_t an; + char pkstrbuf[PUBKEY_STRING_SIZE]; + int merge_keys_done = 0; +- int any_filter = 0; + KEYDB_HANDLE hd = NULL; + + if (r_valid) +@@ -1992,13 +1991,6 @@ import_one_real (ctrl_t ctrl, + } + + +- if (!uidnode) +- { +- if (!silent) +- log_error( _("key %s: no user ID\n"), keystr_from_pk(pk)); +- return 0; +- } +- + if (screener && screener (keyblock, screener_arg)) + { + log_error (_("key %s: %s\n"), keystr_from_pk (pk), +@@ -2078,18 +2070,10 @@ import_one_real (ctrl_t ctrl, + } + } + +- /* Delete invalid parts and bail out if there are no user ids left. */ +- if (!delete_inv_parts (ctrl, keyblock, keyid, options, otherrevsigs)) +- { +- if (!silent) +- { +- log_error ( _("key %s: no valid user IDs\n"), keystr_from_pk(pk)); +- if (!opt.quiet) +- log_info(_("this may be caused by a missing self-signature\n")); +- } +- stats->no_user_id++; +- return 0; +- } ++ /* Delete invalid parts, and note if we have any valid ones left. ++ * We will later abort import if this key is new but contains ++ * no valid uids. */ ++ delete_inv_parts (ctrl, keyblock, keyid, options, otherrevsigs); + + /* Get rid of deleted nodes. */ + commit_kbnode (&keyblock); +@@ -2099,24 +2083,11 @@ import_one_real (ctrl_t ctrl, + { + apply_keep_uid_filter (ctrl, keyblock, import_filter.keep_uid); + commit_kbnode (&keyblock); +- any_filter = 1; + } + if (import_filter.drop_sig) + { + apply_drop_sig_filter (ctrl, keyblock, import_filter.drop_sig); + commit_kbnode (&keyblock); +- any_filter = 1; +- } +- +- /* If we ran any filter we need to check that at least one user id +- * is left in the keyring. Note that we do not use log_error in +- * this case. */ +- if (any_filter && !any_uid_left (keyblock)) +- { +- if (!opt.quiet ) +- log_info ( _("key %s: no valid user IDs\n"), keystr_from_pk (pk)); +- stats->no_user_id++; +- return 0; + } + + /* The keyblock is valid and ready for real import. */ +@@ -2174,6 +2145,13 @@ import_one_real (ctrl_t ctrl, + err = 0; + stats->skipped_new_keys++; + } ++ else if (err && !any_uid_left (keyblock)) ++ { ++ if (!silent) ++ log_info( _("key %s: new key but contains no user ID - skipped\n"), keystr(keyid)); ++ err = 0; ++ stats->no_user_id++; ++ } + else if (err) /* Insert this key. */ + { + /* Note: ERR can only be NO_PUBKEY or UNUSABLE_PUBKEY. */ diff --git a/pkgs/tools/security/gnupg/24.nix b/pkgs/tools/security/gnupg/24.nix index 8b83fe53e69d7..a6815e1d06792 100644 --- a/pkgs/tools/security/gnupg/24.nix +++ b/pkgs/tools/security/gnupg/24.nix @@ -1,13 +1,17 @@ -{ fetchurl, fetchpatch, lib, stdenv, pkg-config, libgcrypt, libassuan, libksba -, libgpg-error, libiconv, npth, gettext, texinfo, buildPackages -, nixosTests -, guiSupport ? stdenv.isDarwin, enableMinimal ? false -, adns, bzip2, gnutls, libusb1, openldap -, pinentry, readline, sqlite, zlib +{ lib, stdenv, fetchurl, buildPackages +, pkg-config, texinfo +, gettext, libassuan, libgcrypt, libgpg-error, libiconv, libksba, npth +, adns, bzip2, gnutls, libusb1, openldap, readline, sqlite, zlib +, enableMinimal ? false , withPcsc ? !enableMinimal, pcsclite +, guiSupport ? stdenv.isDarwin, pinentry , withTpm2Tss ? !stdenv.isDarwin && !enableMinimal, tpm2-tss }: +let + pinentryBinaryPath = pinentry.binaryPath or "bin/pinentry"; +in + assert guiSupport -> enableMinimal == false; stdenv.mkDerivation rec { @@ -16,35 +20,38 @@ stdenv.mkDerivation rec { src = fetchurl { url = "mirror://gnupg/gnupg/${pname}-${version}.tar.bz2"; - sha256 = "sha256-HXkVjdAdmSQx3S4/rLif2slxJ/iXhOosthDGAPsMFIM="; + hash = "sha256-HXkVjdAdmSQx3S4/rLif2slxJ/iXhOosthDGAPsMFIM="; }; depsBuildBuild = [ buildPackages.stdenv.cc ]; nativeBuildInputs = [ pkg-config texinfo ]; buildInputs = [ - libgcrypt libassuan libksba libiconv npth gettext - ] ++ lib.optionals (!enableMinimal) ([ - readline libusb1 gnutls adns openldap zlib bzip2 sqlite - ] ++ lib.optional withTpm2Tss tpm2-tss); + gettext libassuan libgcrypt libgpg-error libiconv libksba npth + ] ++ lib.optionals (!enableMinimal) [ + adns bzip2 gnutls libusb1 openldap readline sqlite zlib + ] ++ lib.optionals withTpm2Tss [ tpm2-tss ]; patches = [ ./fix-libusb-include-path.patch ./tests-add-test-cases-for-import-without-uid.patch - # TODO: Refresh patch? Doesn't apply on 2.4.0 - #./allow-import-of-previously-known-keys-even-without-UI.patch ./accept-subkeys-with-a-good-revocation-but-no-self-sig.patch + # The following patch has no effect as the code is + # "[d]isabled for 2.3.2 to due problems with the standard hkps pool." + #./0001-dirmngr-Only-use-SKS-pool-CA-for-SKS-pool.patch + + ./24-allow-import-of-previously-known-keys-even-without-UI.patch + # Patch for DoS vuln from https://seclists.org/oss-sec/2022/q3/27 ./v3-0001-Disallow-compressed-signatures-and-certificates.patch - ]; + postPatch = '' sed -i 's,\(hkps\|https\)://keyserver.ubuntu.com,hkps://keys.openpgp.org,g' configure configure.ac doc/dirmngr.texi doc/gnupg.info-1 - '' + lib.optionalString (stdenv.isLinux && withPcsc) '' - sed -i 's,"libpcsclite\.so[^"]*","${lib.getLib pcsclite}/lib/libpcsclite.so",g' scd/scdaemon.c - ''; + '' + lib.optionalString (stdenv.isLinux && withPcsc) '' + sed -i 's,"libpcsclite\.so[^"]*","${lib.getLib pcsclite}/lib/libpcsclite.so",g' scd/scdaemon.c + ''; - pinentryBinaryPath = pinentry.binaryPath or "bin/pinentry"; configureFlags = [ "--sysconfdir=/etc" "--with-libgpg-error-prefix=${libgpg-error.dev}" @@ -52,9 +59,11 @@ stdenv.mkDerivation rec { "--with-libassuan-prefix=${libassuan.dev}" "--with-ksba-prefix=${libksba.dev}" "--with-npth-prefix=${npth}" - ] ++ lib.optional guiSupport "--with-pinentry-pgm=${pinentry}/${pinentryBinaryPath}" + ] + ++ lib.optional guiSupport "--with-pinentry-pgm=${pinentry}/${pinentryBinaryPath}" ++ lib.optional withTpm2Tss "--with-tss=intel" ++ lib.optional stdenv.isDarwin "--disable-ccid-driver"; + postInstall = if enableMinimal then '' rm -r $out/{libexec,sbin,share} @@ -77,11 +86,16 @@ stdenv.mkDerivation rec { if [[ "$(basename $f)" == "gpg-wks-client" ]]; then continue; fi ln -s $f $out/bin/$(basename $f) done + + for f in $out/libexec/; do + if [[ "$(basename $f)" == "gpg-wks-client" ]]; then continue; fi + ln -s $f $out/bin/$(basename $f) + done ''; enableParallelBuilding = true; - passthru.tests.connman = nixosTests.gnupg; + passthru.tests.connman = lib.nixosTests.gnupg; meta = with lib; { homepage = "https://gnupg.org"; diff --git a/pkgs/tools/security/gnupg/allow-import-of-previously-known-keys-even-without-UI.patch b/pkgs/tools/security/gnupg/allow-import-of-previously-known-keys-even-without-UI.patch deleted file mode 100644 index 98dda54fc7fa3..0000000000000 --- a/pkgs/tools/security/gnupg/allow-import-of-previously-known-keys-even-without-UI.patch +++ /dev/null @@ -1,107 +0,0 @@ -From: Vincent Breitmoser -Date: Thu, 13 Jun 2019 21:27:42 +0200 -Subject: gpg: allow import of previously known keys, even without UIDs - -* g10/import.c (import_one): Accept an incoming OpenPGP certificate that -has no user id, as long as we already have a local variant of the cert -that matches the primary key. - --- - -This fixes two of the three broken tests in import-incomplete.scm. - -GnuPG-Bug-id: 4393 -Signed-off-by: Daniel Kahn Gillmor ---- - g10/import.c | 44 +++++++++++--------------------------------- - 1 file changed, 11 insertions(+), 33 deletions(-) - -diff --git a/g10/import.c b/g10/import.c -index 5d3162c..f9acf95 100644 ---- a/g10/import.c -+++ b/g10/import.c -@@ -1788,7 +1788,6 @@ import_one_real (ctrl_t ctrl, - size_t an; - char pkstrbuf[PUBKEY_STRING_SIZE]; - int merge_keys_done = 0; -- int any_filter = 0; - KEYDB_HANDLE hd = NULL; - - if (r_valid) -@@ -1825,14 +1824,6 @@ import_one_real (ctrl_t ctrl, - log_printf ("\n"); - } - -- -- if (!uidnode) -- { -- if (!silent) -- log_error( _("key %s: no user ID\n"), keystr_from_pk(pk)); -- return 0; -- } -- - if (screener && screener (keyblock, screener_arg)) - { - log_error (_("key %s: %s\n"), keystr_from_pk (pk), -@@ -1907,18 +1898,10 @@ import_one_real (ctrl_t ctrl, - } - } - -- /* Delete invalid parts and bail out if there are no user ids left. */ -- if (!delete_inv_parts (ctrl, keyblock, keyid, options)) -- { -- if (!silent) -- { -- log_error ( _("key %s: no valid user IDs\n"), keystr_from_pk(pk)); -- if (!opt.quiet) -- log_info(_("this may be caused by a missing self-signature\n")); -- } -- stats->no_user_id++; -- return 0; -- } -+ /* Delete invalid parts, and note if we have any valid ones left. -+ * We will later abort import if this key is new but contains -+ * no valid uids. */ -+ delete_inv_parts (ctrl, keyblock, keyid, options); - - /* Get rid of deleted nodes. */ - commit_kbnode (&keyblock); -@@ -1927,24 +1911,11 @@ import_one_real (ctrl_t ctrl, - { - apply_keep_uid_filter (ctrl, keyblock, import_filter.keep_uid); - commit_kbnode (&keyblock); -- any_filter = 1; - } - if (import_filter.drop_sig) - { - apply_drop_sig_filter (ctrl, keyblock, import_filter.drop_sig); - commit_kbnode (&keyblock); -- any_filter = 1; -- } -- -- /* If we ran any filter we need to check that at least one user id -- * is left in the keyring. Note that we do not use log_error in -- * this case. */ -- if (any_filter && !any_uid_left (keyblock)) -- { -- if (!opt.quiet ) -- log_info ( _("key %s: no valid user IDs\n"), keystr_from_pk (pk)); -- stats->no_user_id++; -- return 0; - } - - /* The keyblock is valid and ready for real import. */ -@@ -2002,6 +1973,13 @@ import_one_real (ctrl_t ctrl, - err = 0; - stats->skipped_new_keys++; - } -+ else if (err && !any_uid_left (keyblock)) -+ { -+ if (!silent) -+ log_info( _("key %s: new key but contains no user ID - skipped\n"), keystr(keyid)); -+ err = 0; -+ stats->no_user_id++; -+ } - else if (err) /* Insert this key. */ - { - /* Note: ERR can only be NO_PUBKEY or UNUSABLE_PUBKEY. */ diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 6e59fa26be576..18071bee0de89 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -7883,8 +7883,13 @@ with pkgs; gnupg1orig = callPackage ../tools/security/gnupg/1.nix { }; gnupg1compat = callPackage ../tools/security/gnupg/1compat.nix { }; gnupg1 = gnupg1compat; # use config.packageOverrides if you prefer original gnupg1 + + gnupg22 = callPackage ../tools/security/gnupg/22.nix { + pinentry = if stdenv.isDarwin then pinentry_mac else pinentry-gtk2; + libgcrypt = libgcrypt_1_8; + }; + gnupg24 = callPackage ../tools/security/gnupg/24.nix { - guiSupport = stdenv.isDarwin; pinentry = if stdenv.isDarwin then pinentry_mac else pinentry-gtk2; }; gnupg = gnupg24; -- cgit 1.4.1 From a9709b3d9d99e76111e0410cca97038d4abd16f8 Mon Sep 17 00:00:00 2001 From: K900 Date: Sun, 16 Apr 2023 10:47:20 +0300 Subject: mesa: have one attribute per major version (Mesa release versions are [year].[release].[patch]) --- pkgs/development/libraries/mesa/22.3.7.nix | 4 ---- pkgs/development/libraries/mesa/22.3.nix | 4 ++++ pkgs/development/libraries/mesa/23.0.1.nix | 4 ---- pkgs/development/libraries/mesa/23.0.nix | 4 ++++ pkgs/top-level/all-packages.nix | 20 +++++--------------- 5 files changed, 13 insertions(+), 23 deletions(-) delete mode 100644 pkgs/development/libraries/mesa/22.3.7.nix create mode 100644 pkgs/development/libraries/mesa/22.3.nix delete mode 100644 pkgs/development/libraries/mesa/23.0.1.nix create mode 100644 pkgs/development/libraries/mesa/23.0.nix (limited to 'pkgs/top-level') diff --git a/pkgs/development/libraries/mesa/22.3.7.nix b/pkgs/development/libraries/mesa/22.3.7.nix deleted file mode 100644 index 1a1127dae508e..0000000000000 --- a/pkgs/development/libraries/mesa/22.3.7.nix +++ /dev/null @@ -1,4 +0,0 @@ -import ./generic.nix { - version = "22.3.7"; - hash = "sha256-iUzi9KHC52F3zdIoRiAZLQ2jBmskPuwvux18838TBCw="; -} diff --git a/pkgs/development/libraries/mesa/22.3.nix b/pkgs/development/libraries/mesa/22.3.nix new file mode 100644 index 0000000000000..1a1127dae508e --- /dev/null +++ b/pkgs/development/libraries/mesa/22.3.nix @@ -0,0 +1,4 @@ +import ./generic.nix { + version = "22.3.7"; + hash = "sha256-iUzi9KHC52F3zdIoRiAZLQ2jBmskPuwvux18838TBCw="; +} diff --git a/pkgs/development/libraries/mesa/23.0.1.nix b/pkgs/development/libraries/mesa/23.0.1.nix deleted file mode 100644 index 0c44d72da7dc9..0000000000000 --- a/pkgs/development/libraries/mesa/23.0.1.nix +++ /dev/null @@ -1,4 +0,0 @@ -import ./generic.nix { - version = "23.0.1"; - hash = "sha256-6OWGhWtViTq66b3NuYtBwIHZCbsfrzcubnJiMHvzSt8="; -} diff --git a/pkgs/development/libraries/mesa/23.0.nix b/pkgs/development/libraries/mesa/23.0.nix new file mode 100644 index 0000000000000..0c44d72da7dc9 --- /dev/null +++ b/pkgs/development/libraries/mesa/23.0.nix @@ -0,0 +1,4 @@ +import ./generic.nix { + version = "23.0.1"; + hash = "sha256-6OWGhWtViTq66b3NuYtBwIHZCbsfrzcubnJiMHvzSt8="; +} diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 30f7094503a40..bbd6054652fe7 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -22563,27 +22563,17 @@ with pkgs; # Default libGLU libGLU = mesa_glu; - # When a new patch is out, add a new mesa attribute with the exact patch version - # Remove old mesa attributes when they're unused. - # Try to keep the previous version around for a bit in case there are new bugs. - mesa_22_3_7 = darwin.apple_sdk_11_0.callPackage ../development/libraries/mesa/22.3.7.nix { + # Keep Mesa 22.3 for now because 23.0 does not build on Darwin. + # FIXME: remove, also investigate why we even need Mesa on Darwin. + mesa_22_3 = darwin.apple_sdk_11_0.callPackage ../development/libraries/mesa/22.3.nix { inherit (darwin.apple_sdk_11_0.frameworks) OpenGL; inherit (darwin.apple_sdk_11_0.libs) Xplugin; }; - mesa_23_0_1 = darwin.apple_sdk_11_0.callPackage ../development/libraries/mesa/23.0.1.nix { + mesa_23_0 = darwin.apple_sdk_11_0.callPackage ../development/libraries/mesa/23.0.nix { inherit (darwin.apple_sdk_11_0.frameworks) OpenGL; inherit (darwin.apple_sdk_11_0.libs) Xplugin; }; - # Bump this immediately on patches; wait a bit for minor versions - mesa_22 = mesa_22_3_7; - mesa_23 = mesa_23_0_1; - # Bump on staging only, tonnes of packages depend on it. - # See https://github.com/NixOS/nixpkgs/issues/218232 - # Major versions should be bumped when they have proven to be reasonably stable - # FIXME: split up libgbm properly - # darwin: deferred until stabilized; e.g. see around: - # https://gitlab.freedesktop.org/mesa/mesa/-/merge_requests/21859 - mesa = if stdenv.isDarwin then mesa_22_3_7 else mesa_23_0_1; + mesa = if stdenv.isDarwin then mesa_22_3 else mesa_23_0; mesa_glu = callPackage ../development/libraries/mesa-glu { inherit (darwin.apple_sdk.frameworks) ApplicationServices; -- cgit 1.4.1 From 1a828c711aed776f2698ff3249c7b9a74d1a61aa Mon Sep 17 00:00:00 2001 From: Lily Foster Date: Thu, 23 Mar 2023 16:19:45 -0400 Subject: python3Packages.dbus-deviation: init at 0.6.1 --- .../python-modules/dbus-deviation/default.nix | 35 ++++++++++++++++++++++ pkgs/top-level/python-packages.nix | 2 ++ 2 files changed, 37 insertions(+) create mode 100644 pkgs/development/python-modules/dbus-deviation/default.nix (limited to 'pkgs/top-level') diff --git a/pkgs/development/python-modules/dbus-deviation/default.nix b/pkgs/development/python-modules/dbus-deviation/default.nix new file mode 100644 index 0000000000000..016b18f25081f --- /dev/null +++ b/pkgs/development/python-modules/dbus-deviation/default.nix @@ -0,0 +1,35 @@ +{ lib +, buildPythonPackage +, fetchPypi +, lxml +, setuptools-git +, sphinx +}: + +buildPythonPackage rec { + pname = "dbus-deviation"; + version = "0.6.1"; + + src = fetchPypi { + inherit pname version; + hash = "sha256-4GuI7+IjiF0nJd9Rz3ybe0Y9HG8E6knUaQh0MY0Ot6M="; + }; + + nativeBuildInputs = [ + setuptools-git + sphinx + ]; + + propagatedBuildInputs = [ + lxml + ]; + + pythonImportsCheck = [ "dbusdeviation" ]; + + meta = with lib; { + homepage = "https://tecnocode.co.uk/dbus-deviation/"; + description = "A project for parsing D-Bus introspection XML and processing it in various ways"; + license = licenses.lgpl21Plus; + maintainers = with maintainers; [ lilyinstarlight ]; + }; +} diff --git a/pkgs/top-level/python-packages.nix b/pkgs/top-level/python-packages.nix index 329a14efaa8b2..999fe6e437e24 100644 --- a/pkgs/top-level/python-packages.nix +++ b/pkgs/top-level/python-packages.nix @@ -2320,6 +2320,8 @@ self: super: with self; { dbus-client-gen = callPackage ../development/python-modules/dbus-client-gen { }; + dbus-deviation = callPackage ../development/python-modules/dbus-deviation { }; + dbus-fast = callPackage ../development/python-modules/dbus-fast { }; dbus-next = callPackage ../development/python-modules/dbus-next { }; -- cgit 1.4.1 From 935974daa05eeedd4009e2971196650d0de9afd7 Mon Sep 17 00:00:00 2001 From: Lily Foster Date: Thu, 23 Mar 2023 16:20:28 -0400 Subject: python3Packages.wheezy-template: init at 3.1.0 --- .../python-modules/wheezy-template/default.nix | 23 ++++++++++++++++++++++ pkgs/top-level/python-packages.nix | 2 ++ 2 files changed, 25 insertions(+) create mode 100644 pkgs/development/python-modules/wheezy-template/default.nix (limited to 'pkgs/top-level') diff --git a/pkgs/development/python-modules/wheezy-template/default.nix b/pkgs/development/python-modules/wheezy-template/default.nix new file mode 100644 index 0000000000000..ef70345c1a180 --- /dev/null +++ b/pkgs/development/python-modules/wheezy-template/default.nix @@ -0,0 +1,23 @@ +{ lib +, buildPythonPackage +, fetchPypi +}: + +buildPythonPackage rec { + pname = "wheezy.template"; + version = "3.1.0"; + + src = fetchPypi { + inherit pname version; + hash = "sha256-4RAHysczaNzhKZjjS2bEdgFrtGFHH/weTVboQALslg8="; + }; + + pythonImportsCheck = [ "wheezy.template" ]; + + meta = with lib; { + homepage = "https://wheezytemplate.readthedocs.io/en/latest/"; + description = "A lightweight template library"; + license = licenses.mit; + maintainers = with maintainers; [ lilyinstarlight ]; + }; +} diff --git a/pkgs/top-level/python-packages.nix b/pkgs/top-level/python-packages.nix index 999fe6e437e24..08a18d9572118 100644 --- a/pkgs/top-level/python-packages.nix +++ b/pkgs/top-level/python-packages.nix @@ -12636,6 +12636,8 @@ self: super: with self; { wheel-inspect = callPackage ../development/python-modules/wheel-inspect { }; + wheezy-template = callPackage ../development/python-modules/wheezy-template { }; + whichcraft = callPackage ../development/python-modules/whichcraft { }; whirlpool-sixth-sense = callPackage ../development/python-modules/whirlpool-sixth-sense { }; -- cgit 1.4.1 From 188be504d7bf6fb8a3743a2d5e2aafe0d0a81805 Mon Sep 17 00:00:00 2001 From: Lily Foster Date: Fri, 14 Apr 2023 13:13:15 -0400 Subject: hotdoc: init at 0.13.7 --- pkgs/development/tools/hotdoc/default.nix | 112 ++++++++++++++++++++++++++++++ pkgs/top-level/all-packages.nix | 2 + 2 files changed, 114 insertions(+) create mode 100644 pkgs/development/tools/hotdoc/default.nix (limited to 'pkgs/top-level') diff --git a/pkgs/development/tools/hotdoc/default.nix b/pkgs/development/tools/hotdoc/default.nix new file mode 100644 index 0000000000000..1b3f7d5f414df --- /dev/null +++ b/pkgs/development/tools/hotdoc/default.nix @@ -0,0 +1,112 @@ +{ lib +, buildPythonApplication +, fetchPypi +, pytestCheckHook +, pkg-config +, cmake +, flex +, glib +, json-glib +, libxml2 +, appdirs +, dbus-deviation +, faust-cchardet +, feedgen +, lxml +, networkx +, pkgconfig +, pyyaml +, schema +, setuptools +, toposort +, wheezy-template +, libclang +, gst_all_1 +}: + +buildPythonApplication rec { + pname = "hotdoc"; + version = "0.13.7"; + + src = fetchPypi { + inherit pname version; + hash = "sha256-ESOmWeLJSXLDKBPsMBGR0zPbJHEqg/fj0G3VjUfPAJg="; + }; + + nativeBuildInputs = [ + pkg-config + cmake + flex + ]; + + buildInputs = [ + glib + json-glib + libxml2.dev + ]; + + propagatedBuildInputs = [ + appdirs + dbus-deviation + faust-cchardet + feedgen + lxml + networkx + pkgconfig + pyyaml + schema + setuptools # for pkg_resources + toposort + wheezy-template + ]; + + nativeCheckInputs = [ + pytestCheckHook + ]; + + # CMake is used to build CMARK, but the build system is still python + dontUseCmakeConfigure = true; + + # Ensure C+GI+GST extensions are built and can be imported + pythonImportsCheck = [ + "hotdoc.extensions.c.c_extension" + "hotdoc.extensions.gi.gi_extension" + "hotdoc.extensions.gst.gst_extension" + ]; + + # Run the tests by package instead of current dir + pytestFlagsArray = [ "--pyargs" "hotdoc" ]; + + disabledTests = [ + # Test does not correctly handle path normalization for test comparison + "test_cli_overrides" + ]; + + # Hardcode libclang paths + postPatch = '' + substituteInPlace hotdoc/extensions/c/c_extension.py \ + --replace "shutil.which('llvm-config')" 'True' \ + --replace "subprocess.check_output(['llvm-config', '--version']).strip().decode()" '"${libclang.version}"' \ + --replace "subprocess.check_output(['llvm-config', '--prefix']).strip().decode()" '"${libclang.lib}"' \ + --replace "subprocess.check_output(['llvm-config', '--libdir']).strip().decode()" '"${libclang.lib}/lib"' + ''; + + # Make pytest run from a temp dir to have it pick up installed package for cmark + preCheck = '' + pushd $TMPDIR + ''; + postCheck = '' + popd + ''; + + passthru.tests = { + inherit (gst_all_1) gstreamer gst-plugins-base; + }; + + meta = with lib; { + description = "The tastiest API documentation system"; + homepage = "https://hotdoc.github.io/"; + license = [ licenses.lgpl21Plus ]; + maintainers = with maintainers; [ lilyinstarlight ]; + }; +} diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index cd5ee91fa1f9a..ddb004e1296b9 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -8416,6 +8416,8 @@ with pkgs; hostname-debian = callPackage ../tools/networking/hostname-debian { }; + hotdoc = python3Packages.callPackage ../development/tools/hotdoc { }; + hotpatch = callPackage ../development/libraries/hotpatch { }; hotspot = libsForQt5.callPackage ../development/tools/analysis/hotspot { }; -- cgit 1.4.1 From 77af1018937b2f6af8d4a12a44d59f05241c1b0e Mon Sep 17 00:00:00 2001 From: Lily Foster Date: Fri, 21 Apr 2023 11:43:40 -0400 Subject: fluidsynth: fix darwin build for 2.3.2 --- pkgs/applications/audio/fluidsynth/default.nix | 4 ++-- pkgs/top-level/all-packages.nix | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) (limited to 'pkgs/top-level') diff --git a/pkgs/applications/audio/fluidsynth/default.nix b/pkgs/applications/audio/fluidsynth/default.nix index a76aa6e048ca4..a49b683363b85 100644 --- a/pkgs/applications/audio/fluidsynth/default.nix +++ b/pkgs/applications/audio/fluidsynth/default.nix @@ -1,6 +1,6 @@ { stdenv, lib, fetchFromGitHub, buildPackages, pkg-config, cmake , alsa-lib, glib, libjack2, libsndfile, libpulseaudio -, AudioUnit, CoreAudio, CoreMIDI, CoreServices +, AppKit, AudioUnit, CoreAudio, CoreMIDI, CoreServices }: stdenv.mkDerivation rec { @@ -18,7 +18,7 @@ stdenv.mkDerivation rec { buildInputs = [ glib libsndfile libjack2 ] ++ lib.optionals stdenv.isLinux [ alsa-lib libpulseaudio ] - ++ lib.optionals stdenv.isDarwin [ AudioUnit CoreAudio CoreMIDI CoreServices ]; + ++ lib.optionals stdenv.isDarwin [ AppKit AudioUnit CoreAudio CoreMIDI CoreServices ]; cmakeFlags = [ "-Denable-framework=off" diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 798d122e268ce..41af9231716af 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -29986,7 +29986,7 @@ with pkgs; flwrap = callPackage ../applications/radio/flwrap { stdenv = gcc10StdenvCompat; }; fluidsynth = callPackage ../applications/audio/fluidsynth { - inherit (darwin.apple_sdk.frameworks) AudioUnit CoreAudio CoreMIDI CoreServices; + inherit (darwin.apple_sdk.frameworks) AppKit AudioUnit CoreAudio CoreMIDI CoreServices; }; fmit = libsForQt5.callPackage ../applications/audio/fmit { }; -- cgit 1.4.1 From 5c0aa8190905e4945c407d258d0a3fb369a65def Mon Sep 17 00:00:00 2001 From: K900 Date: Tue, 25 Apr 2023 10:08:48 +0300 Subject: xvfb-run: use a minimal xserver build This should get us in the range of 500 rebuilds for Mesa, which is easily mergeable into master. Hype. --- pkgs/top-level/all-packages.nix | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) (limited to 'pkgs/top-level') diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 70b4042528ab4..897168c28c969 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -13976,7 +13976,23 @@ with pkgs; xxv = callPackage ../tools/misc/xxv { }; - xvfb-run = callPackage ../tools/misc/xvfb-run { inherit (texFunctions) fontsConf; }; + xvfb-run = callPackage ../tools/misc/xvfb-run { + inherit (texFunctions) fontsConf; + + # xvfb-run is used by a bunch of things to run tests + # and doesn't support hardware accelerated rendering + # so remove it from the rebuild heavy path for mesa + xorgserver = xorg.xorgserver.overrideAttrs(old: { + buildInputs = lib.filter (pkg: lib.getName pkg != "mesa") old.buildInputs; + configureFlags = old.configureFlags ++ [ + "--disable-glamor" + "--disable-glx" + "--disable-dri" + "--disable-dri2" + "--disable-dri3" + ]; + }); + }; xvkbd = callPackage ../tools/X11/xvkbd { }; -- cgit 1.4.1