From e8a766883fe0061ef60e5f0b70a95844957ec777 Mon Sep 17 00:00:00 2001 From: Jan Tojnar Date: Wed, 5 Feb 2020 23:50:47 +0100 Subject: [PATCH 01/16] libgit2: 0.27.8 -> 0.28.4 * https://github.com/libgit2/libgit2/releases/tag/v0.28.0 * https://github.com/libgit2/libgit2/releases/tag/v0.28.1 * https://github.com/libgit2/libgit2/releases/tag/v0.28.2 * https://github.com/libgit2/libgit2/releases/tag/v0.28.3 * https://github.com/libgit2/libgit2/releases/tag/v0.28.4 --- pkgs/development/libraries/git2/default.nix | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/pkgs/development/libraries/git2/default.nix b/pkgs/development/libraries/git2/default.nix index 2d89355cffe0..ed32f68635b0 100644 --- a/pkgs/development/libraries/git2/default.nix +++ b/pkgs/development/libraries/git2/default.nix @@ -1,25 +1,25 @@ { stdenv, fetchFromGitHub, cmake, pkgconfig, python3 -, zlib, libssh2, openssl, http-parser, curl +, zlib, libssh2, openssl, http-parser , libiconv, Security }: stdenv.mkDerivation rec { pname = "libgit2"; - version = "0.27.8"; - # keep the version in sync with pythonPackages.pygit2 and libgit2-glib + version = "0.28.4"; + # keep the version in sync with python3.pkgs.pygit2 and libgit2-glib src = fetchFromGitHub { owner = "libgit2"; repo = "libgit2"; rev = "v${version}"; - sha256 = "0wzx8nkyy9m7mx6cks58chjd4289vjsw97mxm9w6f1ggqsfnmbr9"; + sha256 = "171b25aym4q88bidc4c76y4l6jmdwifm3q9zjqsll0wjhlkycfy1"; }; cmakeFlags = [ "-DTHREADSAFE=ON" ]; nativeBuildInputs = [ cmake python3 pkgconfig ]; - buildInputs = [ zlib libssh2 openssl http-parser curl ] + buildInputs = [ zlib libssh2 openssl http-parser ] ++ stdenv.lib.optional stdenv.isDarwin Security; propagatedBuildInputs = stdenv.lib.optional (!stdenv.isLinux) libiconv; From 02f17407449598e36b95dd3add77307fffa294d9 Mon Sep 17 00:00:00 2001 From: Jan Tojnar Date: Thu, 6 Feb 2020 00:20:47 +0100 Subject: [PATCH 02/16] gitfs: Switch to Python 3 Supported since 0.5 at least --- pkgs/tools/filesystems/gitfs/default.nix | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/pkgs/tools/filesystems/gitfs/default.nix b/pkgs/tools/filesystems/gitfs/default.nix index 5b3794146665..7c36e37b33fd 100644 --- a/pkgs/tools/filesystems/gitfs/default.nix +++ b/pkgs/tools/filesystems/gitfs/default.nix @@ -1,6 +1,6 @@ -{ stdenv, fetchFromGitHub, python2Packages }: +{ stdenv, fetchFromGitHub, python3Packages }: -python2Packages.buildPythonApplication rec { +python3Packages.buildPythonApplication rec { pname = "gitfs"; version = "0.5.2"; @@ -16,8 +16,8 @@ python2Packages.buildPythonApplication rec { echo > requirements.txt ''; - buildInputs = with python2Packages; [ pytest pytestcov mock ]; - propagatedBuildInputs = with python2Packages; [ atomiclong fusepy pygit2 ]; + checkInputs = with python3Packages; [ pytest pytestcov mock ]; + propagatedBuildInputs = with python3Packages; [ atomiclong fusepy pygit2 six ]; checkPhase = "py.test"; doCheck = false; From 5308a8694e838539b52f7c1e9a36d999f1839c55 Mon Sep 17 00:00:00 2001 From: Jan Tojnar Date: Thu, 6 Feb 2020 00:11:28 +0100 Subject: [PATCH 03/16] =?UTF-8?q?python3.pkgs.pygit2:=200.27.2=20=E2=86=92?= =?UTF-8?q?=201.0.3?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Removes Python 2 support. https://github.com/libgit2/pygit2/blob/v1.0.3/CHANGELOG.rst --- .../python-modules/pygit2/default.nix | 28 +++++++++++++------ 1 file changed, 19 insertions(+), 9 deletions(-) diff --git a/pkgs/development/python-modules/pygit2/default.nix b/pkgs/development/python-modules/pygit2/default.nix index 313a3e5ab189..cd2994a4dc0f 100644 --- a/pkgs/development/python-modules/pygit2/default.nix +++ b/pkgs/development/python-modules/pygit2/default.nix @@ -1,25 +1,21 @@ -{ stdenv, lib, buildPythonPackage, fetchPypi, fetchpatch, isPyPy, libgit2, six, cffi }: +{ stdenv, lib, buildPythonPackage, fetchPypi, isPyPy, isPy3k, libgit2, pytestCheckHook, cffi, cacert }: buildPythonPackage rec { pname = "pygit2"; - version = "0.27.2"; + version = "1.0.3"; src = fetchPypi { inherit pname version; - sha256 = "0d9bgxd6ch5jxz0j5cmx7c4kw933g8pgm2zxf3id1a6w9g2r7hpw"; + sha256 = "1ql7hkcxrh8yszglrg7d3y0ivh1l56xdc3j34j2fjy4qq06ifv6y"; }; preConfigure = lib.optionalString stdenv.isDarwin '' export DYLD_LIBRARY_PATH="${libgit2}/lib" ''; - patches = [ (fetchpatch { - name = "dont-require-old-pycparser"; # https://github.com/libgit2/pygit2/issues/819 - url = https://github.com/libgit2/pygit2/commit/1eaba181577de206d3d43ec7886d0353fc0c9f2a.patch; - sha256 = "18x1fpmywhjjr4lvakwmy34zpxfqi8pqqj48g1wcib39lh3s7l4f"; - }) ]; + propagatedBuildInputs = [ libgit2 ] ++ lib.optional (!isPyPy) cffi; - propagatedBuildInputs = [ libgit2 six ] ++ lib.optional (!isPyPy) cffi; + checkInputs = [ pytestCheckHook ]; preCheck = '' # disable tests that require networking @@ -28,6 +24,20 @@ buildPythonPackage rec { rm test/test_submodule.py ''; + # Tests require certificates + # https://github.com/NixOS/nixpkgs/pull/72544#issuecomment-582674047 + SSL_CERT_FILE = "${cacert}/etc/ssl/certs/ca-bundle.crt"; + + # setup.py check is broken + # https://github.com/libgit2/pygit2/issues/868 + dontUseSetuptoolsCheck = true; + + # TODO: Test collection is failing + # https://github.com/NixOS/nixpkgs/pull/72544#issuecomment-582681068 + doCheck = false; + + disabled = !isPy3k; + meta = with lib; { description = "A set of Python bindings to the libgit2 shared library"; homepage = https://pypi.python.org/pypi/pygit2; From 3a39ea06d20fb062658c36afa70eba700dfb4b36 Mon Sep 17 00:00:00 2001 From: Tobias Mayer Date: Tue, 28 Jan 2020 15:30:23 +0100 Subject: [PATCH 04/16] ninja: 1.9.0 -> 1.10.0 --- .../tools/build-managers/ninja/default.nix | 20 ++----------------- 1 file changed, 2 insertions(+), 18 deletions(-) diff --git a/pkgs/development/tools/build-managers/ninja/default.nix b/pkgs/development/tools/build-managers/ninja/default.nix index 7001510d52d6..9702a1979030 100644 --- a/pkgs/development/tools/build-managers/ninja/default.nix +++ b/pkgs/development/tools/build-managers/ninja/default.nix @@ -4,31 +4,15 @@ with stdenv.lib; stdenv.mkDerivation rec { pname = "ninja"; - version = "1.9.0"; + version = "1.10.0"; src = fetchFromGitHub { owner = "ninja-build"; repo = "ninja"; rev = "v${version}"; - sha256 = "1q0nld3g0d210zmdjyjzjz2xb2bw1s58gj6zsx7p8q30yh0wg610"; + sha256 = "1fbzl7mrcrwp527sgkc1npfl3k6bbpydpiq98xcf1a1hkrx0z5x4"; }; - patches = [ - # Make builds reproducible by generating the same IDs from the same inputs. - (fetchpatch { - name = "consistent-doc-ids"; - url = "https://github.com/ninja-build/ninja/commit/9aa947471fcfc607bec6d92a1a6eed5c692edbaf.patch"; - sha256 = "0zsg46jflsh644jccrcgyfalr7fkzrv041kyi8644nyk923gcrl9"; - }) - # https://github.com/ninja-build/ninja/issues/1510 - fix w/musl, possibly BSDs? - # - (fetchpatch { - name = "fix-issue-1510.patch"; - url = https://github.com/makepost/ninja/commit/567815df38a2ff54ad7478a90bd75c91e434236a.patch; - sha256 = "0zd0xyi7h2066nw1dsk76c7yf71b0f7v4p5nljda7jxi01vpdh69"; - }) - ]; - nativeBuildInputs = [ python3 re2c ] ++ optionals buildDocs [ asciidoc docbook_xml_dtd_45 docbook_xsl libxslt.bin ]; buildPhase = '' From 5ca385e1e9f2db0caa93721d147f89c0d9ea0f0d Mon Sep 17 00:00:00 2001 From: Jonathan Ringer Date: Wed, 22 Jan 2020 18:02:39 -0800 Subject: [PATCH 05/16] python3Packages.pip: 19.3.1 -> 20.0.2 --- pkgs/development/python-modules/pip/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/python-modules/pip/default.nix b/pkgs/development/python-modules/pip/default.nix index e1af281b9e91..d1ffd0931b8b 100644 --- a/pkgs/development/python-modules/pip/default.nix +++ b/pkgs/development/python-modules/pip/default.nix @@ -14,14 +14,14 @@ buildPythonPackage rec { pname = "pip"; - version = "19.3.1"; + version = "20.0.2"; format = "other"; src = fetchFromGitHub { owner = "pypa"; repo = pname; rev = version; - sha256 = "079gz0v37ah1l4i5iwyfb0d3mni422yv5ynnxa0wcqpnvkc7sfnw"; + sha256 = "1jj0qa47d7pqn2r379p434hxk14ij2qgmr83x65w9ib9l8092fhg"; name = "${pname}-${version}-source"; }; From 2115a2037cb8337ccb09798c175733f1fc747ee3 Mon Sep 17 00:00:00 2001 From: Benjamin Hipple Date: Sun, 12 Jan 2020 11:21:23 -0500 Subject: [PATCH 06/16] fetchcargo: use flat tar.gz file for vendored src instead of recursive hash dir This has several advantages: 1. It takes up less space on disk in-between builds in the nix store. 2. It uses less space in the binary cache for vendor derivation packages. 3. It uses less network traffic downloading from the binary cache. 4. It plays nicely with hashed mirrors like tarballs.nixos.org, which only substitute --flat hashes on single files (not recursive directory hashes). 5. It's consistent with how simple `fetchurl` src derivations work. 6. It provides a stronger abstraction between input src-package and output package, e.g., it's harder to accidentally depend on the src derivation at runtime by referencing something like `${src}/etc/index.html`. Likewise, in the store it's harder to get confused with something that is just there as a build-time dependency vs. a runtime dependency, since the build-time src dependencies are tarred up. Disadvantages are: 1. It takes slightly longer to untar at the start of a build. As currently implemented, this attaches the compacted vendor.tar.gz feature as a rider on `verifyCargoDeps`, since both of them are relatively newly implemented behavior that change the `cargoSha256`. If this PR is accepted, I will push forward the remaining rust packages with a series of treewide PRs to update the `cargoSha256`s. --- doc/languages-frameworks/rust.section.md | 21 +++-- pkgs/applications/editors/hexdino/default.nix | 4 +- .../git-and-tools/git-workspace/default.nix | 4 +- pkgs/build-support/rust/README.md | 45 +++++++++++ pkgs/build-support/rust/default.nix | 41 ++++++---- pkgs/build-support/rust/fetchCargoTarball.nix | 81 +++++++++++++++++++ pkgs/development/compilers/rust/default.nix | 8 +- .../tools/documentation/mdsh/default.nix | 4 +- pkgs/tools/misc/broot/default.nix | 4 +- pkgs/tools/misc/wagyu/default.nix | 4 +- .../package-management/nix-du/default.nix | 4 +- pkgs/tools/security/fido2luks/default.nix | 4 +- pkgs/tools/system/tre-command/default.nix | 4 +- 13 files changed, 190 insertions(+), 38 deletions(-) create mode 100644 pkgs/build-support/rust/README.md create mode 100644 pkgs/build-support/rust/fetchCargoTarball.nix diff --git a/doc/languages-frameworks/rust.section.md b/doc/languages-frameworks/rust.section.md index 3332dff1eb07..6f0ec7c05144 100644 --- a/doc/languages-frameworks/rust.section.md +++ b/doc/languages-frameworks/rust.section.md @@ -37,7 +37,7 @@ rustPlatform.buildRustPackage rec { }; cargoSha256 = "17ldqr3asrdcsh4l29m3b5r37r5d0b3npq1lrgjmxb6vlx6a36qh"; - verifyCargoDeps = true; + legacyCargoFetcher = false; meta = with stdenv.lib; { description = "A fast line-oriented regex search tool, similar to ag and ack"; @@ -59,12 +59,19 @@ When the `Cargo.lock`, provided by upstream, is not in sync with the added in `cargoPatches` will also be prepended to the patches in `patches` at build-time. -When `verifyCargoDeps` is set to `true`, the build will also verify that the -`cargoSha256` is not out of date by comparing the `Cargo.lock` file in both the -`cargoDeps` and `src`. Note that this option changes the value of `cargoSha256` -since it also copies the `Cargo.lock` in it. To avoid breaking -backward-compatibility this option is not enabled by default but hopefully will -be in the future. +Setting `legacyCargoFetcher` to `false` enables the following behavior: + +1. The `Cargo.lock` file is copied into the cargo vendor directory. +2. At buildtime, `buildRustPackage` will ensure that the `src` and `cargoSha256` + are consistent. This avoids errors where one but not the other is updated. +3. The builder will compress the vendored cargo src directory into a tar.gz file + for storage after vendoring, and decompress it before the build. This saves + disk space and enables hashed mirrors for Rust dependencies. + +Note that this option changes the value of `cargoSha256`, so it is currently +defaulted to `false`. When updating a Rust package, please set it to `true`; +eventually we will default this to true and update the remaining Rust packages, +then delete the option from all individual Rust package expressions. ### Building a crate for a different target diff --git a/pkgs/applications/editors/hexdino/default.nix b/pkgs/applications/editors/hexdino/default.nix index eee5a6965558..91f048320a72 100644 --- a/pkgs/applications/editors/hexdino/default.nix +++ b/pkgs/applications/editors/hexdino/default.nix @@ -11,8 +11,8 @@ rustPlatform.buildRustPackage { sha256 = "11mz07735gxqfamjcjjmxya6swlvr1p77sgd377zjcmd6z54gwyf"; }; - cargoSha256 = "0qa8ypp5a7sf1gic482zh3i6s94w6k6bgmk5ynfvwi7g49ql7c4z"; - verifyCargoDeps = true; + cargoSha256 = "06ghcd4j751mdkzwb88nqwk8la4zdb137y0iqrkpykkfx0as43x3"; + legacyCargoFetcher = false; buildInputs = [ ncurses ]; diff --git a/pkgs/applications/version-management/git-and-tools/git-workspace/default.nix b/pkgs/applications/version-management/git-and-tools/git-workspace/default.nix index 2ceac55bf5ca..61e3e1e3eef0 100644 --- a/pkgs/applications/version-management/git-and-tools/git-workspace/default.nix +++ b/pkgs/applications/version-management/git-and-tools/git-workspace/default.nix @@ -15,9 +15,9 @@ rustPlatform.buildRustPackage rec { sha256 = "0pl5z0gx2ypkrgq7vj1cxj5iwj06vcd06x3b3nh0g7w7q7nl8pr4"; }; - cargoSha256 = "0jbsz7r9n3jcgb9sd6pdjwzjf1b35qpfqw8ba8fjjmzfvs9qn6ld"; + cargoSha256 = "1z4cb7rcb7ldj16xxynrjh4hg872rj39rbbp0vy15kdp3ifyi466"; - verifyCargoDeps = true; + legacyCargoFetcher = false; buildInputs = with stdenv; lib.optional isDarwin Security; diff --git a/pkgs/build-support/rust/README.md b/pkgs/build-support/rust/README.md new file mode 100644 index 000000000000..0e0ddb9648de --- /dev/null +++ b/pkgs/build-support/rust/README.md @@ -0,0 +1,45 @@ +# Updated fetchCargo behavior + +Changes to the `fetchcargo.nix` behavior that cause changes to the `cargoSha256` +are somewhat disruptive, so historically we've added conditionals to provide +backwards compatibility. We've now accumulated enough of these that it makes +sense to do a clean sweep updating hashes, and delete the conditionals in the +fetcher to simplify maintenance and implementation complexity. These +conditionals are: + +1. When cargo vendors dependencies, it generates a config. Previously, we were + hard-coding our own config, but this fails if there are git dependencies. We + have conditional logic to sometimes copy the vendored cargo config in, and + sometimes not. + +2. When a user updates the src package, they may forget to update the + `cargoSha256`. We have an opt-in conditional flag to add the `Cargo.lock` + into the vendor dir for inspection and compare at build-time, but it defaults + to false. + +3. We were previously vendoring into a directory with a recursive hash, but + would like to vendor into a compressed tar.gz file instead, for the reasons + specified in the git commit message adding this feature. + + +## Migration plan + +1. (DONE in this PR) Implement `fetchCargoTarball` as a separate, clean fetcher + implementation along-side `fetchcargo`. Rename `verifyCargoDeps` (default + false) to `legacyCargoFetcher` (default true), which switches the fetcher + implementation used. Replace `verifyCargoDeps = true;` with + `legacyCargoFetcher = false;` in Rust applications. + +2. Send a treewide Rust PR that sets `legacyCargoFetcher = true;` in all Rust + applications not using this (which is ~200 of them), with a note to + maintainers to delete if updating the package. Change the default in + `buildRustPackage` to false. + +3. Go through all Rust src packages deleting the `legacyCargoFetcher = false;` + line and re-computing the `cargoSha256`, merging as we go. + +4. Delete the `fetchcargo.nix` implementation entirely and also remove: + - All overrides in application-level packages + - The `fetchcargo-default-config.toml` and conditionals around using it when + no `$CARGO_CONFIG` exists + - This README.md file diff --git a/pkgs/build-support/rust/default.nix b/pkgs/build-support/rust/default.nix index 4089436c0e0b..ac0a8d3ae464 100644 --- a/pkgs/build-support/rust/default.nix +++ b/pkgs/build-support/rust/default.nix @@ -1,4 +1,4 @@ -{ stdenv, cacert, git, rust, cargo, rustc, fetchcargo, buildPackages, windows }: +{ stdenv, cacert, git, rust, cargo, rustc, fetchcargo, fetchCargoTarball, buildPackages, windows }: { name ? "${args.pname}-${args.version}" , cargoSha256 ? "unset" @@ -14,13 +14,13 @@ , cargoUpdateHook ? "" , cargoDepsHook ? "" , cargoBuildFlags ? [] -, # Set to true to verify if the cargo dependencies are up to date. - # This will change the value of cargoSha256. - verifyCargoDeps ? false + # Please set to true on any Rust package updates. Once all packages set this + # to true, we will delete and make it the default. For details, see the Rust + # section on the manual and ./README.md. +, legacyCargoFetcher ? true , buildType ? "release" , meta ? {} , target ? null - , cargoVendorDir ? null , ... } @ args: @@ -28,20 +28,27 @@ assert cargoVendorDir == null -> cargoSha256 != "unset"; assert buildType == "release" || buildType == "debug"; let + + cargoFetcher = if legacyCargoFetcher + then fetchcargo + else fetchCargoTarball; + cargoDeps = if cargoVendorDir == null - then fetchcargo { + then cargoFetcher { inherit name src srcs sourceRoot unpackPhase cargoUpdateHook; - copyLockfile = verifyCargoDeps; patches = cargoPatches; sha256 = cargoSha256; } else null; + # If we're using the modern fetcher that always preserves the original Cargo.lock + # and have vendored deps, check them against the src attr for consistency. + validateCargoDeps = cargoSha256 != "unset" && !legacyCargoFetcher; + setupVendorDir = if cargoVendorDir == null then '' unpackFile "$cargoDeps" - cargoDepsCopy=$(stripHash $(basename $cargoDeps)) - chmod -R +w "$cargoDepsCopy" + cargoDepsCopy=$(stripHash $cargoDeps) '' else '' cargoDepsCopy="$sourceRoot/${cargoVendorDir}" @@ -54,9 +61,14 @@ let ccForHost="${stdenv.cc}/bin/${stdenv.cc.targetPrefix}cc"; cxxForHost="${stdenv.cc}/bin/${stdenv.cc.targetPrefix}c++"; releaseDir = "target/${rustTarget}/${buildType}"; + + # Fetcher implementation choice should not be part of the hash in final + # derivation; only the cargoSha256 input matters. + filteredArgs = builtins.removeAttrs args [ "legacyCargoFetcher" ]; + in -stdenv.mkDerivation (args // { +stdenv.mkDerivation (filteredArgs // { inherit cargoDeps; patchRegistryDeps = ./patch-registry-deps; @@ -95,14 +107,13 @@ stdenv.mkDerivation (args // { ''} EOF - unset cargoDepsCopy export RUST_LOG=${logLevel} - '' + stdenv.lib.optionalString verifyCargoDeps '' - if ! diff source/Cargo.lock $cargoDeps/Cargo.lock ; then + '' + stdenv.lib.optionalString validateCargoDeps '' + if ! diff source/Cargo.lock $cargoDepsCopy/Cargo.lock ; then echo echo "ERROR: cargoSha256 is out of date" echo - echo "Cargo.lock is not the same in $cargoDeps" + echo "Cargo.lock is not the same in $cargoDepsCopy" echo echo "To fix the issue:" echo '1. Use "1111111111111111111111111111111111111111111111111111" as the cargoSha256 value' @@ -112,6 +123,8 @@ stdenv.mkDerivation (args // { exit 1 fi + '' + '' + unset cargoDepsCopy '' + (args.postUnpack or ""); configurePhase = args.configurePhase or '' diff --git a/pkgs/build-support/rust/fetchCargoTarball.nix b/pkgs/build-support/rust/fetchCargoTarball.nix new file mode 100644 index 000000000000..dff5d99da9eb --- /dev/null +++ b/pkgs/build-support/rust/fetchCargoTarball.nix @@ -0,0 +1,81 @@ +{ stdenv, cacert, git, cargo, python3 }: +let cargo-vendor-normalise = stdenv.mkDerivation { + name = "cargo-vendor-normalise"; + src = ./cargo-vendor-normalise.py; + nativeBuildInputs = [ python3.pkgs.wrapPython ]; + dontUnpack = true; + installPhase = "install -D $src $out/bin/cargo-vendor-normalise"; + pythonPath = [ python3.pkgs.toml ]; + postFixup = "wrapPythonPrograms"; + doInstallCheck = true; + installCheckPhase = '' + # check that ./fetchcargo-default-config.toml is a fix point + reference=${./fetchcargo-default-config.toml} + < $reference $out/bin/cargo-vendor-normalise > test; + cmp test $reference + ''; + preferLocalBuild = true; +}; +in +{ name ? "cargo-deps" +, src ? null +, srcs ? [] +, patches ? [] +, sourceRoot +, sha256 +, cargoUpdateHook ? "" +, ... +} @ args: +stdenv.mkDerivation ({ + name = "${name}-vendor.tar.gz"; + nativeBuildInputs = [ cacert git cargo-vendor-normalise cargo ]; + + phases = "unpackPhase patchPhase buildPhase installPhase"; + + buildPhase = '' + # Ensure deterministic Cargo vendor builds + export SOURCE_DATE_EPOCH=1 + + if [[ ! -f Cargo.lock ]]; then + echo + echo "ERROR: The Cargo.lock file doesn't exist" + echo + echo "Cargo.lock is needed to make sure that cargoSha256 doesn't change" + echo "when the registry is updated." + echo + + exit 1 + fi + + # Keep the original around for copyLockfile + cp Cargo.lock Cargo.lock.orig + + export CARGO_HOME=$(mktemp -d cargo-home.XXX) + CARGO_CONFIG=$(mktemp cargo-config.XXXX) + + ${cargoUpdateHook} + + cargo vendor $name | cargo-vendor-normalise > $CARGO_CONFIG + + # Add the Cargo.lock to allow hash invalidation + cp Cargo.lock.orig $name/Cargo.lock + + # Packages with git dependencies generate non-default cargo configs, so + # always install it rather than trying to write a standard default template. + install -D $CARGO_CONFIG $name/.cargo/config; + ''; + + # Build a reproducible tar, per instructions at https://reproducible-builds.org/docs/archives/ + installPhase = '' + tar --owner=0 --group=0 --numeric-owner --format=gnu \ + --sort=name --mtime="@$SOURCE_DATE_EPOCH" \ + -czf $out $name + ''; + + outputHashAlgo = "sha256"; + outputHash = sha256; + + impureEnvVars = stdenv.lib.fetchers.proxyImpureEnvVars; +} // (builtins.removeAttrs args [ + "name" "sha256" "cargoUpdateHook" +])) diff --git a/pkgs/development/compilers/rust/default.nix b/pkgs/development/compilers/rust/default.nix index da3421a987da..af7f63b6f8a0 100644 --- a/pkgs/development/compilers/rust/default.nix +++ b/pkgs/development/compilers/rust/default.nix @@ -25,12 +25,18 @@ inherit rustc cargo; }; + fetchCargoTarball = buildPackages.callPackage ../../../build-support/rust/fetchCargoTarball.nix { + inherit cargo; + }; + + # N.B. This is a legacy fetcher implementation that is being phased out and deleted. + # See ../../../build-support/rust/README.md for details. fetchcargo = buildPackages.callPackage ../../../build-support/rust/fetchcargo.nix { inherit cargo; }; buildRustPackage = callPackage ../../../build-support/rust { - inherit rustc cargo fetchcargo; + inherit rustc cargo fetchcargo fetchCargoTarball; }; rustcSrc = callPackage ./rust-src.nix { diff --git a/pkgs/development/tools/documentation/mdsh/default.nix b/pkgs/development/tools/documentation/mdsh/default.nix index 2ca2ef29dd26..ddce5bc29a43 100644 --- a/pkgs/development/tools/documentation/mdsh/default.nix +++ b/pkgs/development/tools/documentation/mdsh/default.nix @@ -11,8 +11,8 @@ rustPlatform.buildRustPackage rec { sha256 = "1a9i6h8fzrrfzjyfxaps73lxgkz92k0bnmwbjbwdmiwci4qgi9ms"; }; - cargoSha256 = "0rarpzfigyxr6s0ba13z00kvnms29qkjfbfjkay72mb6xn7f1059"; - verifyCargoDeps = true; + cargoSha256 = "1fxajh1n0qvcdas6w7dy3g92wilhfldy90pyk3779mrnh57fa6n5"; + legacyCargoFetcher = false; meta = with stdenv.lib; { description = "Markdown shell pre-processor"; diff --git a/pkgs/tools/misc/broot/default.nix b/pkgs/tools/misc/broot/default.nix index 45b26b250558..df26423c6331 100644 --- a/pkgs/tools/misc/broot/default.nix +++ b/pkgs/tools/misc/broot/default.nix @@ -11,8 +11,8 @@ rustPlatform.buildRustPackage rec { sha256 = "13b1w9g68aj3r70w9bmrmdc772y959n77ajbdm2cpjs5f4kgfpak"; }; - cargoSha256 = "0vzpyymylzxjm613lf5xr6hd21ijkl3vwq4y6h1q3as41phw2sqb"; - verifyCargoDeps = true; + cargoSha256 = "0zrwpmsrzwnjml0964zky8w222zmlargha3z0n6hf8cfshx23s4k"; + legacyCargoFetcher = false; nativeBuildInputs = [ installShellFiles ]; diff --git a/pkgs/tools/misc/wagyu/default.nix b/pkgs/tools/misc/wagyu/default.nix index d56d21b15166..53e098495226 100644 --- a/pkgs/tools/misc/wagyu/default.nix +++ b/pkgs/tools/misc/wagyu/default.nix @@ -11,8 +11,8 @@ rustPlatform.buildRustPackage rec { sha256 = "1646j0lgg3hhznifvbkvr672p3yqlcavswijawaxq7n33ll8vmcn"; }; - cargoSha256 = "10b96l0b32zxq0xrnhivv3gihmi5y31rllbizv67hrg1axz095vn"; - verifyCargoDeps = true; + cargoSha256 = "16d1b3pamkg29nq80n6cbzc4zl9z3cgfvdxjkr2z4xrnzmkn1ysi"; + legacyCargoFetcher = false; meta = with lib; { description = "Rust library for generating cryptocurrency wallets"; diff --git a/pkgs/tools/package-management/nix-du/default.nix b/pkgs/tools/package-management/nix-du/default.nix index 74543cef83b1..908f31b93abe 100644 --- a/pkgs/tools/package-management/nix-du/default.nix +++ b/pkgs/tools/package-management/nix-du/default.nix @@ -9,8 +9,8 @@ rustPlatform.buildRustPackage rec { rev = "v${version}"; sha256 = "149d60mid29s5alv5m3d7jrhyzc6cj7b6hpiq399gsdwzgxr00wq"; }; - cargoSha256 = "18kb4car5nzch3vpl6z1499silhs3fyn8c6xj3rzk94mm2m9srg4"; - verifyCargoDeps = true; + cargoSha256 = "1a6svl89dcdb5fpvs2i32i6agyhl0sx7kkkw70rqr17fyzl5psai"; + legacyCargoFetcher = false; doCheck = true; checkInputs = [ graphviz ]; diff --git a/pkgs/tools/security/fido2luks/default.nix b/pkgs/tools/security/fido2luks/default.nix index 4682a09acf5c..ea911e467340 100644 --- a/pkgs/tools/security/fido2luks/default.nix +++ b/pkgs/tools/security/fido2luks/default.nix @@ -19,8 +19,8 @@ rustPlatform.buildRustPackage rec { buildInputs = [ cryptsetup ]; nativeBuildInputs = [ pkg-config ]; - cargoSha256 = "1i37k4ih6118z3wip2qh4jqk7ja2z0v1w8dri1lwqwlciqw17zi9"; - verifyCargoDeps = true; + cargoSha256 = "0rp4f6xnwmvf3pv6h0qwsg01jrndf77yn67675ac39kxzmrzfy2f"; + legacyCargoFetcher = false; meta = with stdenv.lib; { description = "Decrypt your LUKS partition using a FIDO2 compatible authenticator"; diff --git a/pkgs/tools/system/tre-command/default.nix b/pkgs/tools/system/tre-command/default.nix index 6050b2a709eb..b8925dcfa42e 100644 --- a/pkgs/tools/system/tre-command/default.nix +++ b/pkgs/tools/system/tre-command/default.nix @@ -11,8 +11,8 @@ rustPlatform.buildRustPackage rec { sha256 = "1fazw2wn738iknbv54gv7qll7d4q2gy9bq1s3f3cv21cdv6bqral"; }; - cargoSha256 = "0m82zbi610zgvcza6n03xl80g31x6bfkjyrfxcxa6fyf2l5cj9pv"; - verifyCargoDeps = true; + cargoSha256 = "1m3ccp5ncafkifg8sxyxczsg3ja1gvq8wmgni68bgzm2lwxh2qgw"; + legacyCargoFetcher = false; meta = with stdenv.lib; { description = "Tree command, improved"; From 4682b29aad054b4ead15135c1d59db063497eafb Mon Sep 17 00:00:00 2001 From: Christian Kauhaus Date: Mon, 10 Feb 2020 16:39:24 +0100 Subject: [PATCH 07/16] libssh2-1.9.0: apply patch for CVE-2019-17498 No upstream release yet, but https://github.com/libssh2/libssh2/pull/402 has been accepted by upstream devs. Original advisory: https://blog.semmle.com/libssh2-integer-overflow-CVE-2019-17498/ Re #73662 --- pkgs/development/libraries/libssh2/default.nix | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/pkgs/development/libraries/libssh2/default.nix b/pkgs/development/libraries/libssh2/default.nix index d4205981499c..365c836c9fdb 100644 --- a/pkgs/development/libraries/libssh2/default.nix +++ b/pkgs/development/libraries/libssh2/default.nix @@ -14,6 +14,15 @@ stdenv.mkDerivation rec { buildInputs = [ openssl zlib ] ++ stdenv.lib.optional stdenv.hostPlatform.isMinGW windows.mingw_w64; + patches = [ + # not able to use fetchpatch here: infinite recursion + (fetchurl { + name = "CVE-2019-17498.patch"; + url = "https://github.com/libssh2/libssh2/pull/402.patch"; + sha256 = "1n9s2mcz5dkw0xpm3c5x4hzj8bar4i6z0pr1rmqjplhfg888vdvc"; + }) + ]; + meta = with stdenv.lib; { description = "A client-side C library implementing the SSH2 protocol"; homepage = https://www.libssh2.org; From 4fce9a6ca291c513278245fd0b34eebdac88d6a6 Mon Sep 17 00:00:00 2001 From: "R. RyanTM" Date: Sat, 8 Feb 2020 17:12:02 +0000 Subject: [PATCH 08/16] libmtp: 1.1.16 -> 1.1.17 --- pkgs/development/libraries/libmtp/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/libraries/libmtp/default.nix b/pkgs/development/libraries/libmtp/default.nix index e750c2c6c70e..c8c34eb1c9c5 100644 --- a/pkgs/development/libraries/libmtp/default.nix +++ b/pkgs/development/libraries/libmtp/default.nix @@ -1,11 +1,11 @@ { stdenv, fetchurl, pkgconfig, libusb1, libiconv }: stdenv.mkDerivation rec { - name = "libmtp-1.1.16"; + name = "libmtp-1.1.17"; src = fetchurl { url = "mirror://sourceforge/libmtp/${name}.tar.gz"; - sha256 = "185vh9bds6dcy00ycggg69g4v7m3api40zv8vrcfb3fk3vfzjs2v"; + sha256 = "1p3r38nvdip40ab1h4scj3mzfjkx6kd14szjqyw9r6wz5pslr8zq"; }; outputs = [ "bin" "dev" "out" ]; From ccc54f0fc3ef6defa99de5035e06bd3871bca5ac Mon Sep 17 00:00:00 2001 From: "R. RyanTM" Date: Mon, 6 Jan 2020 03:35:43 -0800 Subject: [PATCH 09/16] drumkv1: 0.9.11 -> 0.9.12 --- pkgs/applications/audio/drumkv1/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/applications/audio/drumkv1/default.nix b/pkgs/applications/audio/drumkv1/default.nix index b926ff09d22b..d3399315376f 100644 --- a/pkgs/applications/audio/drumkv1/default.nix +++ b/pkgs/applications/audio/drumkv1/default.nix @@ -2,11 +2,11 @@ mkDerivation rec { pname = "drumkv1"; - version = "0.9.11"; + version = "0.9.12"; src = fetchurl { url = "mirror://sourceforge/drumkv1/${pname}-${version}.tar.gz"; - sha256 = "1wnjn175l0mz51k9pjf3pdzv54c4jlh63saavld9lm6zfgfs13d7"; + sha256 = "0hmnmk9vvi43wl6say0dg7j088h7mmwmfdwjhsq89c7i7cpg78da"; }; buildInputs = [ libjack2 alsaLib libsndfile liblo lv2 qt5.qtbase qt5.qttools ]; From bcdc90a3a7dba95a56db91dcd53b4b9f0e6d35aa Mon Sep 17 00:00:00 2001 From: zimbatm Date: Sat, 28 Dec 2019 12:29:24 +0100 Subject: [PATCH 10/16] ruby_2_4: remove According to https://endoflife.software/programming-languages/server-side-scripting/ruby ruby 2.4 will go end-of-life in march, where the new release of nixpkgs will be cut. We won't be able to support it for security updates. Remove all references to ruby_2_4 and add ruby_2_7 instead where missing. Mark packages that depend on ruby 2.4 as broken: * chefdk * sonic-pi --- pkgs/applications/audio/sonic-pi/default.nix | 2 ++ .../development/interpreters/ruby/default.nix | 21 +++---------------- .../ruby-modules/with-packages/test.nix | 1 - pkgs/development/tools/chefdk/default.nix | 6 ++++-- pkgs/servers/http/unit/default.nix | 3 --- pkgs/top-level/aliases.nix | 6 ++++-- pkgs/top-level/all-packages.nix | 6 +----- 7 files changed, 14 insertions(+), 31 deletions(-) diff --git a/pkgs/applications/audio/sonic-pi/default.nix b/pkgs/applications/audio/sonic-pi/default.nix index ac72a26b0eec..534ea1358803 100644 --- a/pkgs/applications/audio/sonic-pi/default.nix +++ b/pkgs/applications/audio/sonic-pi/default.nix @@ -105,5 +105,7 @@ mkDerivation rec { license = lib.licenses.mit; maintainers = with lib.maintainers; [ Phlogistique kamilchm ]; platforms = lib.platforms.linux; + # sonic-pi depends on ruby 2.4 which we don't support anymore + broken = true; }; } diff --git a/pkgs/development/interpreters/ruby/default.nix b/pkgs/development/interpreters/ruby/default.nix index 8b8e7ccc8bb0..8ddd19bb40cc 100644 --- a/pkgs/development/interpreters/ruby/default.nix +++ b/pkgs/development/interpreters/ruby/default.nix @@ -26,7 +26,6 @@ let generic = { version, sha256 }: let ver = version; tag = ver.gitTag; - atLeast25 = lib.versionAtLeast ver.majMin "2.5"; atLeast27 = lib.versionAtLeast ver.majMin "2.7"; baseruby = self.override { useRailsExpress = false; @@ -77,14 +76,13 @@ let nativeBuildInputs = [ autoreconfHook bison ] ++ (op docSupport groff) ++ op (stdenv.buildPlatform != stdenv.hostPlatform) buildPackages.ruby; - buildInputs = - (op fiddleSupport libffi) + buildInputs = [ autoconf ] + ++ (op fiddleSupport libffi) ++ (ops cursesSupport [ ncurses readline ]) ++ (op zlibSupport zlib) ++ (op opensslSupport openssl) ++ (op gdbmSupport gdbm) ++ (op yamlSupport libyaml) - ++ (op atLeast25 autoconf) # Looks like ruby fails to build on darwin without readline even if curses # support is not enabled, so add readline to the build inputs if curses # support is disabled (if it's enabled, we already have it) and we're @@ -106,15 +104,10 @@ let cp -r ${rubygems}/test/rubygems $sourceRoot/test ''; - postPatch = if atLeast25 then '' + postPatch = '' sed -i configure.ac -e '/config.guess/d' cp --remove-destination ${config}/config.guess tool/ cp --remove-destination ${config}/config.sub tool/ - '' - else opString useRailsExpress '' - sed -i configure.in -e '/config.guess/d' - cp ${config}/config.guess tool/ - cp ${config}/config.sub tool/ ''; # Force the revision.h generation. Somehow `revision.tmp` is an empty @@ -230,14 +223,6 @@ let ) args; in self; in { - ruby_2_4 = generic { - version = rubyVersion "2" "4" "9" ""; - sha256 = { - src = "1bn6n5b920qy3lsx99jr8495jkc3sg89swgb96d5fgd579g6p6zr"; - git = "066kb1iki7mx7qkm10xhj5b6v8s47wg68v43l3nc36y2hyim1w2c"; - }; - }; - ruby_2_5 = generic { version = rubyVersion "2" "5" "7" ""; sha256 = { diff --git a/pkgs/development/ruby-modules/with-packages/test.nix b/pkgs/development/ruby-modules/with-packages/test.nix index dc1da3de4924..946854e4545f 100644 --- a/pkgs/development/ruby-modules/with-packages/test.nix +++ b/pkgs/development/ruby-modules/with-packages/test.nix @@ -6,7 +6,6 @@ let stdenv = pkgs.stdenv; rubyVersions = with pkgs; [ - ruby_2_4 ruby_2_5 ruby_2_6 ruby_2_7 diff --git a/pkgs/development/tools/chefdk/default.nix b/pkgs/development/tools/chefdk/default.nix index d30c0aaeb496..5f6c2b156f36 100644 --- a/pkgs/development/tools/chefdk/default.nix +++ b/pkgs/development/tools/chefdk/default.nix @@ -1,9 +1,9 @@ -{ lib, bundlerEnv, bundlerUpdateScript, ruby_2_4, perl, autoconf }: +{ lib, bundlerEnv, bundlerUpdateScript, ruby, perl, autoconf }: bundlerEnv { name = "chef-dk-2.4.17"; - ruby = ruby_2_4; + inherit ruby; gemdir = ./.; buildInputs = [ perl autoconf ]; @@ -16,5 +16,7 @@ bundlerEnv { license = licenses.asl20; maintainers = with maintainers; [ offline nicknovitski ]; platforms = platforms.unix; + # chefdk depends on ruby 2.4 which we don't support anymore + broken = true; }; } diff --git a/pkgs/servers/http/unit/default.nix b/pkgs/servers/http/unit/default.nix index c3af0d555438..ab11481ccf32 100644 --- a/pkgs/servers/http/unit/default.nix +++ b/pkgs/servers/http/unit/default.nix @@ -6,7 +6,6 @@ , withPerl528 ? false, perl528 , withPerl530 ? true, perl530 , withPerldevel ? false, perldevel -, withRuby_2_4 ? false, ruby_2_4 , withRuby_2_5 ? false, ruby_2_5 , withRuby_2_6 ? true, ruby_2_6 , withRuby_2_7 ? true, ruby_2_7 @@ -43,7 +42,6 @@ stdenv.mkDerivation rec { ++ optional withPerl528 perl528 ++ optional withPerl530 perl530 ++ optional withPerldevel perldevel - ++ optional withRuby_2_4 ruby_2_4 ++ optional withRuby_2_5 ruby_2_5 ++ optional withRuby_2_6 ruby_2_6 ++ optional withRuby_2_7 ruby_2_7 @@ -66,7 +64,6 @@ stdenv.mkDerivation rec { ${optionalString withPerl528 "./configure perl --module=perl528 --perl=${perl528}/bin/perl"} ${optionalString withPerl530 "./configure perl --module=perl530 --perl=${perl530}/bin/perl"} ${optionalString withPerldevel "./configure perl --module=perldev --perl=${perldevel}/bin/perl"} - ${optionalString withRuby_2_4 "./configure ruby --module=ruby24 --ruby=${ruby_2_4}/bin/ruby"} ${optionalString withRuby_2_5 "./configure ruby --module=ruby25 --ruby=${ruby_2_5}/bin/ruby"} ${optionalString withRuby_2_6 "./configure ruby --module=ruby26 --ruby=${ruby_2_6}/bin/ruby"} ${optionalString withRuby_2_7 "./configure ruby --module=ruby27 --ruby=${ruby_2_7}/bin/ruby"} diff --git a/pkgs/top-level/aliases.nix b/pkgs/top-level/aliases.nix index 2d5bee58b7ff..f8748b2df9b1 100644 --- a/pkgs/top-level/aliases.nix +++ b/pkgs/top-level/aliases.nix @@ -378,8 +378,10 @@ mapAliases ({ ruby_2_2_9 = throw "deprecated 2018-0213: use a newer version of ruby"; ruby_2_3_6 = throw "deprecated 2018-0213: use a newer version of ruby"; ruby_2_3 = throw "deprecated 2019-09-06: use a newer version of ruby"; - ruby_2_4_3 = throw "deprecated 2018-0213: use ruby_2_4 instead"; - ruby_2_5_0 = throw "deprecated 2018-0213: use ruby_2_5 instead"; + ruby_2_4_3 = throw "deprecated 2018-0213: use a newer version of ruby"; + ruby_2_4 = throw "deprecated 2019-12: use a newer version of ruby"; + ruby_2_5_0 = throw "deprecated 2018-0213: use a newer version of ruby"; + rubyPackages_2_4 = throw "deprecated 2019-12: use a newer version of rubyPackages instead"; rubygems = throw "deprecated 2016-03-02: rubygems is now bundled with ruby"; rxvt_unicode_with-plugins = rxvt_unicode-with-plugins; # added 2015-04-02 s6Dns = s6-dns; # added 2018-07-23 diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index bf601b9a6079..e42e53235391 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -9424,7 +9424,6 @@ in inherit (darwin) libiconv libobjc libunwind; inherit (darwin.apple_sdk.frameworks) Foundation; }) - ruby_2_4 ruby_2_5 ruby_2_6 ruby_2_7; @@ -9445,7 +9444,6 @@ in ruby = ruby_2_6; rubyPackages = rubyPackages_2_6; - rubyPackages_2_4 = recurseIntoAttrs ruby_2_4.gems; rubyPackages_2_5 = recurseIntoAttrs ruby_2_5.gems; rubyPackages_2_6 = recurseIntoAttrs ruby_2_6.gems; rubyPackages_2_7 = recurseIntoAttrs ruby_2_7.gems; @@ -21363,9 +21361,7 @@ in wavebox = callPackage ../applications/networking/instant-messengers/wavebox { }; - sonic-pi = libsForQt5.callPackage ../applications/audio/sonic-pi { - ruby = ruby_2_4; # sonic-pi build breaks with ruby 2.5 and 2.6 - }; + sonic-pi = libsForQt5.callPackage ../applications/audio/sonic-pi { }; st = callPackage ../applications/misc/st { conf = config.st.conf or null; From 35b13b52cd701e613ffb341977e3aa9efed1b9fc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Vladim=C3=ADr=20=C4=8Cun=C3=A1t?= Date: Mon, 10 Feb 2020 21:30:50 +0100 Subject: [PATCH 11/16] lz4: do the refactoring forgotten after PR #51965 --- pkgs/tools/compression/lz4/default.nix | 15 ++++----------- 1 file changed, 4 insertions(+), 11 deletions(-) diff --git a/pkgs/tools/compression/lz4/default.nix b/pkgs/tools/compression/lz4/default.nix index 3ce0eac3fc5c..81cb1ad9811a 100644 --- a/pkgs/tools/compression/lz4/default.nix +++ b/pkgs/tools/compression/lz4/default.nix @@ -31,15 +31,10 @@ stdenv.mkDerivation rec { makeFlags = [ "PREFIX=$(out)" "INCLUDEDIR=$(dev)/include" - # TODO do this instead - #"BUILD_STATIC=${if enableStatic then "yes" else "no"}" - #"BUILD_SHARED=${if enableShared then "yes" else "no"}" - #"WINDRES:=${stdenv.cc.bintools.targetPrefix}windres" + "BUILD_STATIC=${if enableStatic then "yes" else "no"}" + "BUILD_SHARED=${if enableShared then "yes" else "no"}" + "WINDRES:=${stdenv.cc.bintools.targetPrefix}windres" ] - # TODO delete and do above - ++ stdenv.lib.optional (enableStatic) "BUILD_STATIC=yes" - ++ stdenv.lib.optional (!enableShared) "BUILD_SHARED=no" - ++ stdenv.lib.optional stdenv.hostPlatform.isMinGW "WINDRES:=${stdenv.cc.bintools.targetPrefix}windres" # TODO make full dictionary ++ stdenv.lib.optional stdenv.hostPlatform.isMinGW "TARGET_OS=MINGW" ; @@ -52,9 +47,7 @@ stdenv.mkDerivation rec { stdenv.lib.optionalString stdenv.hostPlatform.isWindows '' mv $out/bin/*.dll $out/lib ln -s $out/lib/*.dll - '' - # TODO remove - + stdenv.lib.optionalString (!enableStatic) "rm $out/lib/*.a"; + ''; meta = with stdenv.lib; { description = "Extremely fast compression algorithm"; From cfa1f136dbf470baa95743acbe5ee2f9296b1fb8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Vladim=C3=ADr=20=C4=8Cun=C3=A1t?= Date: Mon, 10 Feb 2020 21:31:48 +0100 Subject: [PATCH 12/16] lz4: split binaries into a separate output It's a little suspicious that the binaries are (apparently) linked statically, but I assume upstream has some reasons (e.g. speed). --- pkgs/tools/compression/lz4/default.nix | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/pkgs/tools/compression/lz4/default.nix b/pkgs/tools/compression/lz4/default.nix index 81cb1ad9811a..fd967fce9c6c 100644 --- a/pkgs/tools/compression/lz4/default.nix +++ b/pkgs/tools/compression/lz4/default.nix @@ -22,7 +22,7 @@ stdenv.mkDerivation rec { ]; # TODO(@Ericson2314): Separate binaries and libraries - outputs = [ "out" "dev" ]; + outputs = [ "bin" "out" "dev" ]; buildInputs = stdenv.lib.optional doCheck valgrind; @@ -47,6 +47,9 @@ stdenv.mkDerivation rec { stdenv.lib.optionalString stdenv.hostPlatform.isWindows '' mv $out/bin/*.dll $out/lib ln -s $out/lib/*.dll + '' + + '' + moveToOutput bin "$bin" ''; meta = with stdenv.lib; { From 3668d993a32d69b40e3784c60d27b68e74a25ba6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Vladim=C3=ADr=20=C4=8Cun=C3=A1t?= Date: Mon, 10 Feb 2020 21:34:46 +0100 Subject: [PATCH 13/16] gnutls: move some docs that don't seem useful normally --- pkgs/development/libraries/gnutls/default.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/pkgs/development/libraries/gnutls/default.nix b/pkgs/development/libraries/gnutls/default.nix index 869db46ede0c..cde8587acc37 100644 --- a/pkgs/development/libraries/gnutls/default.nix +++ b/pkgs/development/libraries/gnutls/default.nix @@ -28,7 +28,9 @@ stdenv.mkDerivation { }; outputs = [ "bin" "dev" "out" "man" "devdoc" ]; + # Not normally useful docs. outputInfo = "devdoc"; + outputDoc = "devdoc"; patches = [ ./nix-ssl-cert-file.patch ] # Disable native add_system_trust. From c7eee5ddac2b351d20418e69e3738e6829e893d7 Mon Sep 17 00:00:00 2001 From: Jonathan Ringer Date: Mon, 10 Feb 2020 13:53:19 -0800 Subject: [PATCH 14/16] python3Packages.lxml: 4.4.2 -> 4.5.0 --- pkgs/development/python-modules/lxml/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/python-modules/lxml/default.nix b/pkgs/development/python-modules/lxml/default.nix index db3bf6925561..67c338b58c72 100644 --- a/pkgs/development/python-modules/lxml/default.nix +++ b/pkgs/development/python-modules/lxml/default.nix @@ -7,13 +7,13 @@ buildPythonPackage rec { pname = "lxml"; - version = "4.4.2"; + version = "4.5.0"; src = fetchFromGitHub { owner = pname; repo = pname; rev = "${pname}-${version}"; - sha256 = "0h4axgcghshcvh1nn39l64xxhylglm3b00hh2rbi1ifvly5mx24f"; + sha256 = "1i3bhg8xb502afq4ar3kgvvi1hy83l4af2gznfwqvb5b221fr7ak"; }; # setuptoolsBuildPhase needs dependencies to be passed through nativeBuildInputs From 92f660e2542fe9b3b4babe8c80e1d282a31aa779 Mon Sep 17 00:00:00 2001 From: Andreas Rammhold Date: Mon, 10 Feb 2020 16:29:02 +0100 Subject: [PATCH 15/16] nss: 3.48 -> 3.49.2 --- pkgs/development/libraries/nss/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/libraries/nss/default.nix b/pkgs/development/libraries/nss/default.nix index 2e611c8975d7..fc2763486d1e 100644 --- a/pkgs/development/libraries/nss/default.nix +++ b/pkgs/development/libraries/nss/default.nix @@ -5,7 +5,7 @@ let url = http://dev.gentoo.org/~polynomial-c/mozilla/nss-3.15.4-pem-support-20140109.patch.xz; sha256 = "10ibz6y0hknac15zr6dw4gv9nb5r5z9ym6gq18j3xqx7v7n3vpdw"; }; - version = "3.48"; + version = "3.49.2"; underscoreVersion = builtins.replaceStrings ["."] ["_"] version; in stdenv.mkDerivation rec { @@ -14,7 +14,7 @@ in stdenv.mkDerivation rec { src = fetchurl { url = "mirror://mozilla/security/nss/releases/NSS_${underscoreVersion}_RTM/src/${pname}-${version}.tar.gz"; - sha256 = "1b7qs1q7jqhw9dvkdznanzhc5dyq4bwx0biywszy3qx4hqm8571z"; + sha256 = "1ck0c4ikr0d747pn63h62b2iqzfgi0yzd25aw95hs9797hn519zs"; }; depsBuildBuild = [ buildPackages.stdenv.cc ]; From 4959c970ee991a5c1b049649ccd392a9c2a2ca79 Mon Sep 17 00:00:00 2001 From: "Markus S. Wamser" Date: Wed, 22 Jan 2020 21:22:12 +0100 Subject: [PATCH 16/16] sqlite: 3.30.1 -> 3.31.0 (security) --- pkgs/development/libraries/sqlite/analyzer.nix | 6 +++--- pkgs/development/libraries/sqlite/default.nix | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/pkgs/development/libraries/sqlite/analyzer.nix b/pkgs/development/libraries/sqlite/analyzer.nix index 6de71d066ade..2b287c7cc617 100644 --- a/pkgs/development/libraries/sqlite/analyzer.nix +++ b/pkgs/development/libraries/sqlite/analyzer.nix @@ -6,11 +6,11 @@ in stdenv.mkDerivation rec { pname = "sqlite-analyzer"; - version = "3.30.0"; + version = "3.31.0"; src = assert version == sqlite.version; fetchurl { - url = "https://sqlite.org/2019/sqlite-src-${archiveVersion version}.zip"; - sha256 = "0d4i87q0f618pmrgax0mr5x7m8bywikrwjvixag3biyhgl5rx7fd"; + url = "https://sqlite.org/2020/sqlite-src-${archiveVersion version}.zip"; + sha256 = "1dz3s3q9gsxxfj9wp4lqndzpwd1hcvm42yqn02p0l0bs6bw0mp5l"; }; nativeBuildInputs = [ unzip ]; diff --git a/pkgs/development/libraries/sqlite/default.nix b/pkgs/development/libraries/sqlite/default.nix index d904637fcd38..fe0eb54cf114 100644 --- a/pkgs/development/libraries/sqlite/default.nix +++ b/pkgs/development/libraries/sqlite/default.nix @@ -10,12 +10,12 @@ in stdenv.mkDerivation rec { pname = "sqlite"; - version = "3.30.1"; + version = "3.31.0"; # NB! Make sure to update analyzer.nix src (in the same directory). src = fetchurl { - url = "https://sqlite.org/2019/sqlite-autoconf-${archiveVersion version}.tar.gz"; - sha256 = "0q4f57a5995wz9c7dfiqy9zwl0kn0b900nxwinqa3llv13dm0nlc"; + url = "https://sqlite.org/2020/sqlite-autoconf-${archiveVersion version}.tar.gz"; + sha256 = "1w7i954349sjd5a6rvy118prra43k07y9hy8rpajs6vmjmnnx7bw"; }; outputs = [ "bin" "dev" "out" ];