From 65592837b6e62fb555d6e8c891f347428886c4f2 Mon Sep 17 00:00:00 2001 From: Thomas Tuegel Date: Sun, 5 Mar 2017 17:39:38 -0600 Subject: [PATCH 01/20] freetype: 2.6.5 -> 2.7.1 The Infinality bytecode interpreter is removed in favor of the new v40 TrueType interpreter. In the past, the Infinality interpreter provided support for ClearType-style hinting instructions while the default interpreter (then v35) provided support only for original TrueType-style instructions. The v40 interpreter corrects this deficiency, so the Infinality interpreter is no longer necessary. To understand why the Infinality interpreter is no longer necessary, we should understand how ClearType differs from TrueType and how the v40 interpreter works. The following is a summary of information available on the FreeType website [1] mixed with my own editorializing. TrueType instructions use horizontal and vertical hints to improve glyph rendering. Before TrueType, fonts were only vertically hinted; horizontal hints improved rendering by snapping stems to pixel boundaries. Horizontal hinting is a risk because it can significantly distort glyph shapes and kerning. Extensive testing at different resolutions is needed to perfect the TrueType hints. Microsoft invested significant effort to do this with its "Core fonts for the Web" project, but few other typefaces have seen this level of attention. With the advent of subpixel rendering, the effective horizontal resolution of most displays increased significantly. ClearType eschews horizontal hinting in favor of horizontal supersampling. Most fonts are designed for the Microsoft bytecode interpreter, which implements a compatibility mode with TrueType-style (horizontal and vertical) instructions. However, applying the full horizontal hints to subpixel-rendered fonts leads to color fringes and inconsistent stem widths. The Infinality interpreter implements several techniques to mitigate these problems, going so far as to embed font- and glyph-specific hacks in the interpreter. On the other hand, the v40 interpreter ignores the horizontal hinting instructions so that glyphs render as they are intended to on the Microsoft interpreter. Without the horizontal hints, the problems of glyph and kerning distortion, color fringes, and inconsistent stem widths--the problems the Infinality interpreter was created to solve--simply don't occur in the first place. There are also security concerns which motivate removing the Infinality patches. Although there is an updated version of the Infinality interpreter for FreeType 2.7, the lack of a consistent upstream maintainer is a security concern. The interpreter is a Turing-complete virtual machine which has had security vulnerabilities in the past. While the default interpreter is used in billions of devices and is maintained by an active developer, the Infinality interpreter is neither scrutinized nor maintained. We will probably never know if there are defects in the Infinality interpreter, and if they were discovered they would likely never be fixed. I do not think that is an acceptable situtation for a core library like FreeType. Dropping the Infinality patches means that font rendering will be less customizable. I think this is an acceptable trade-off. The Infinality interpreter made many compromises to mitigate the problems with horizontal hinting; the main purpose of customization is to tailor these compromises to the user's preferences. The new interpreter does not have to make these compromises because it renders fonts as their designers intended, so this level of customization is not necessary. The Infinality-associated patches are also removed from cairo. These patches only set the default rendering options in case they aren't set though Fontconfig. On NixOS, the rendering options are always set in Fontconfig, so these patches never actually did anything for us! The Fontconfig test suite is patched to account for a quirk in the way PCF fonts are named. The fontconfig option `hintstyle` is no longer configurable in NixOS. This option selects the TrueType interpreter; the v40 interpreter is `hintslight` and the older v35 interpreter is `hintmedium` or `hintfull` (which have actually always been the same thing). The setting may still be changed through the `localConf` option or by creating a user Fontconfig file. Users with HiDPI displays should probably disable hinting and antialiasing: at best they have no visible effect. The fontconfig-ultimate settings are still available in NixOS, but they are no longer the default. They still work, but their main purpose is to set rendering quirks which are no longer necessary and may actually be detrimental (e.g. setting `hintfull` for some fonts). Also, the vast array of font substitutions provided is not an appropriate default; the default setting should be to give the user the font they asked for. [1]. https://www.freetype.org/freetype2/docs/subpixel-hinting.html --- .../config/fonts/fontconfig-ultimate.nix | 12 +-- nixos/modules/config/fonts/fontconfig.nix | 41 ++++---- nixos/modules/rename.nix | 4 +- .../services/x11/display-managers/default.nix | 2 +- pkgs/development/libraries/cairo/default.nix | 11 --- .../development/libraries/fontconfig/2.10.nix | 16 +--- .../libraries/fontconfig/default.nix | 4 + .../test-pcf-family-names-freetype-2.7.patch | 18 ++++ .../libraries/freetype/default.nix | 96 +++++++------------ .../freetype/enable-subpixel-rendering.patch | 13 +++ .../freetype/enable-table-validation.patch | 22 +++++ 11 files changed, 125 insertions(+), 114 deletions(-) create mode 100644 pkgs/development/libraries/fontconfig/test-pcf-family-names-freetype-2.7.patch create mode 100644 pkgs/development/libraries/freetype/enable-subpixel-rendering.patch create mode 100644 pkgs/development/libraries/freetype/enable-table-validation.patch diff --git a/nixos/modules/config/fonts/fontconfig-ultimate.nix b/nixos/modules/config/fonts/fontconfig-ultimate.nix index a3f52fbd9199..acfdcbd26574 100644 --- a/nixos/modules/config/fonts/fontconfig-ultimate.nix +++ b/nixos/modules/config/fonts/fontconfig-ultimate.nix @@ -104,7 +104,7 @@ in ultimate = { enable = mkOption { type = types.bool; - default = true; + default = false; description = '' Enable fontconfig-ultimate settings (formerly known as Infinality). Besides the customizable settings in this NixOS @@ -163,15 +163,6 @@ in none disables the substitutions. ''; }; - - preset = mkOption { - type = types.enum ["ultimate1" "ultimate2" "ultimate3" "ultimate4" "ultimate5" "osx" "windowsxp"]; - default = "ultimate3"; - description = '' - FreeType rendering settings preset. Any of the presets may be - customized by setting environment variables. - ''; - }; }; }; }; @@ -181,7 +172,6 @@ in config = mkIf (config.fonts.fontconfig.enable && cfg.enable) { fonts.fontconfig.confPackages = [ confPkg ]; - environment.variables."INFINALITY_FT" = cfg.preset; }; diff --git a/nixos/modules/config/fonts/fontconfig.nix b/nixos/modules/config/fonts/fontconfig.nix index 52ad1e714fb9..aa9c59ec551b 100644 --- a/nixos/modules/config/fonts/fontconfig.nix +++ b/nixos/modules/config/fonts/fontconfig.nix @@ -83,7 +83,7 @@ let cfg = config.fonts.fontconfig; ${fcBool cfg.hinting.autohint} - hint${cfg.hinting.style} + hintslight ${fcBool cfg.antialias} @@ -233,7 +233,11 @@ in antialias = mkOption { type = types.bool; default = true; - description = "Enable font antialiasing."; + description = '' + Enable font antialiasing. At high resolution (> 200 DPI), + antialiasing has no visible effect; users of such displays may want + to disable this option. + ''; }; dpi = mkOption { @@ -249,7 +253,7 @@ in type = types.lines; default = ""; description = '' - System-wide customization file contents, has higher priority than + System-wide customization file contents, has higher priority than defaultFonts settings. ''; }; @@ -287,7 +291,12 @@ in enable = mkOption { type = types.bool; default = true; - description = "Enable TrueType hinting."; + description = '' + Enable font hinting. Hinting aligns glyphs to pixel boundaries to + improve rendering sharpness at low resolution. At high resolution + (> 200 dpi) hinting will do nothing (at best); users of such + displays may want to disable this option. + ''; }; autohint = mkOption { @@ -299,16 +308,6 @@ in correctly-hinted fonts. ''; }; - - style = mkOption { - type = types.enum ["none" "slight" "medium" "full"]; - default = "full"; - description = '' - TrueType hinting style, one of none, - slight, medium, or - full. - ''; - }; }; includeUserConf = mkOption { @@ -327,7 +326,15 @@ in default = "rgb"; type = types.enum ["rgb" "bgr" "vrgb" "vbgr" "none"]; description = '' - Subpixel order. + Subpixel order. The overwhelming majority of displays are + rgb in their normal orientation. Select + vrgb for mounting such a display 90 degrees + clockwise from its normal orientation or vbgr + for mounting 90 degrees counter-clockwise. Select + bgr in the unlikely event of mounting 180 + degrees from the normal orientation. Reverse these directions in + the improbable event that the display's native subpixel order is + bgr. ''; }; @@ -335,7 +342,9 @@ in default = "default"; type = types.enum ["none" "default" "light" "legacy"]; description = '' - FreeType LCD filter. + FreeType LCD filter. At high resolution (> 200 DPI), LCD filtering + has no visible effect; users of such displays may want to select + none. ''; }; diff --git a/nixos/modules/rename.nix b/nixos/modules/rename.nix index ff3654737afd..02d875b26748 100644 --- a/nixos/modules/rename.nix +++ b/nixos/modules/rename.nix @@ -141,9 +141,6 @@ with lib; # Unity3D (mkRenamedOptionModule [ "programs" "unity3d" "enable" ] [ "security" "chromiumSuidSandbox" "enable" ]) - # fontconfig-ultimate - (mkRenamedOptionModule [ "fonts" "fontconfig" "ultimate" "rendering" ] [ "fonts" "fontconfig" "ultimate" "preset" ]) - # murmur (mkRenamedOptionModule [ "services" "murmur" "welcome" ] [ "services" "murmur" "welcometext" ]) @@ -195,5 +192,6 @@ with lib; "See the 16.09 release notes for more information.") (mkRemovedOptionModule [ "services" "phpfpm" "phpIni" ] "") (mkRemovedOptionModule [ "services" "dovecot2" "package" ] "") + (mkRemovedOptionModule [ "fonts" "fontconfig" "hinting" "style" ] "") ]; } diff --git a/nixos/modules/services/x11/display-managers/default.nix b/nixos/modules/services/x11/display-managers/default.nix index e8b897fb6050..4e2c0e01ca03 100644 --- a/nixos/modules/services/x11/display-managers/default.nix +++ b/nixos/modules/services/x11/display-managers/default.nix @@ -24,7 +24,7 @@ let Xft.lcdfilter: lcd${fontconfig.subpixel.lcdfilter} Xft.hinting: ${if fontconfig.hinting.enable then "1" else "0"} Xft.autohint: ${if fontconfig.hinting.autohint then "1" else "0"} - Xft.hintstyle: hint${fontconfig.hinting.style} + Xft.hintstyle: hintslight ''; # file provided by services.xserver.displayManager.session.script diff --git a/pkgs/development/libraries/cairo/default.nix b/pkgs/development/libraries/cairo/default.nix index 7df72bc05605..e1b87fafd8e8 100644 --- a/pkgs/development/libraries/cairo/default.nix +++ b/pkgs/development/libraries/cairo/default.nix @@ -19,13 +19,6 @@ stdenv.mkDerivation rec { sha1 = "c6f7b99986f93c9df78653c3e6a3b5043f65145e"; }; - infinality = fetchFromGitHub { - owner = "bohoomil"; - repo = "fontconfig-ultimate"; - rev = "730f5e77580677e86522c1f2119aa78803741759"; - sha256 = "1hbrdpm6xcczs2c2iid7by8h7dsd0jcf7an88s150njyqnjzxjg7"; - }; - patches = [ # from https://bugs.freedesktop.org/show_bug.cgi?id=98165 (fetchpatch { @@ -35,10 +28,6 @@ stdenv.mkDerivation rec { }) ]; - prePatch = '' - patches="$patches $(echo $infinality/*_cairo-iu/*.patch)" - ''; - outputs = [ "out" "dev" "devdoc" ]; outputBin = "dev"; # very small diff --git a/pkgs/development/libraries/fontconfig/2.10.nix b/pkgs/development/libraries/fontconfig/2.10.nix index 2705339adbfb..222dfc27256c 100644 --- a/pkgs/development/libraries/fontconfig/2.10.nix +++ b/pkgs/development/libraries/fontconfig/2.10.nix @@ -8,13 +8,11 @@ stdenv.mkDerivation rec { sha256 = "0llraqw86jmw4vzv7inskp3xxm2gc64my08iwq5mzncgfdbfza4f"; }; - infinality_patch = - let subvers = "1"; - in fetchurl { - url = http://www.infinality.net/fedora/linux/zips/fontconfig-infinality-1-20130104_1.tar.bz2; - sha256 = "1fm5xx0mx2243jrq5rxk4v0ajw2nawpj23399h710bx6hd1rviq7"; - } - ; + patches = [ + # FreeType 2.7 prefixes PCF font family names with the foundry name. + # The output of fc-list and fc-query change which breaks the tests. + ./test-pcf-family-names-freetype-2.7.patch + ]; outputs = [ "bin" "dev" "lib" "out" ]; # $out contains all the config @@ -44,10 +42,6 @@ stdenv.mkDerivation rec { # Don't try to write to /var/cache/fontconfig at install time. installFlags = "sysconfdir=$(out)/etc fc_cachedir=$(TMPDIR)/dummy RUN_FC_CACHE_TEST=false"; - postInstall = '' - cd "$out/etc/fonts" && tar xvf ${infinality_patch} - ''; - passthru = { # Empty for backward compatibility, there was no versioning before 2.11 configVersion = ""; diff --git a/pkgs/development/libraries/fontconfig/default.nix b/pkgs/development/libraries/fontconfig/default.nix index 14983b744df9..c44373625e0f 100644 --- a/pkgs/development/libraries/fontconfig/default.nix +++ b/pkgs/development/libraries/fontconfig/default.nix @@ -33,6 +33,10 @@ stdenv.mkDerivation rec { url = "https://cgit.freedesktop.org/fontconfig/patch/?id=1ab5258f7c"; sha256 = "0x2a4qx51j3gqcp1kp4lisdzmhrkw1zw0r851d82ksgjlc0vkbaz"; }) + + # FreeType 2.7 prefixes PCF font family names with the foundry name. + # The output of fc-list and fc-query change which breaks the tests. + ./test-pcf-family-names-freetype-2.7.patch ]; # additionally required for the glibc-2.25 patch; avoid requiring gperf postPatch = '' diff --git a/pkgs/development/libraries/fontconfig/test-pcf-family-names-freetype-2.7.patch b/pkgs/development/libraries/fontconfig/test-pcf-family-names-freetype-2.7.patch new file mode 100644 index 000000000000..24aa6e5aaa1e --- /dev/null +++ b/pkgs/development/libraries/fontconfig/test-pcf-family-names-freetype-2.7.patch @@ -0,0 +1,18 @@ +diff -Nuar fontconfig-2.10.2-orig/test/out.expected fontconfig-2.10.2/test/out.expected +--- fontconfig-2.10.2-orig/test/out.expected 2017-03-06 06:45:50.876053093 -0600 ++++ fontconfig-2.10.2/test/out.expected 2017-03-06 06:48:18.012514337 -0600 +@@ -1,8 +1,8 @@ +-Fixed:pixelsize=16 +-Fixed:pixelsize=6 ++Misc Fixed:pixelsize=6 ++Sony Fixed:pixelsize=16 + = +-Fixed:pixelsize=16 +-Fixed:pixelsize=6 ++Misc Fixed:pixelsize=6 ++Sony Fixed:pixelsize=16 + = +-Fixed:pixelsize=16 +-Fixed:pixelsize=6 ++Misc Fixed:pixelsize=6 ++Sony Fixed:pixelsize=16 diff --git a/pkgs/development/libraries/freetype/default.nix b/pkgs/development/libraries/freetype/default.nix index adf48df2494e..f966965fa5fa 100644 --- a/pkgs/development/libraries/freetype/default.nix +++ b/pkgs/development/libraries/freetype/default.nix @@ -1,64 +1,53 @@ -{ stdenv, fetchurl, fetchFromGitHub, pkgconfig, which, zlib, bzip2, libpng, gnumake -, glib /* passthru only */ +{ + stdenv, lib, fetchurl, copyPathsToStore, + pkgconfig, which, + zlib, bzip2, libpng, gnumake, glib, - # FreeType supports sub-pixel rendering. This is patented by - # Microsoft, so it is disabled by default. This option allows it to - # be enabled. See http://www.freetype.org/patents.html. -, useEncumberedCode ? true -, useInfinality ? true + # FreeType supports LCD filtering (colloquially referred to as sub-pixel rendering). + # LCD filtering is also known as ClearType and covered by several Microsoft patents. + # This option allows it to be disabled. See http://www.freetype.org/patents.html. + useEncumberedCode ? true, }: -assert useInfinality -> useEncumberedCode; - -let - version = "2.6.5"; - - infinality = fetchFromGitHub { - owner = "archfan"; - repo = "infinality_bundle"; - rev = "5c0949a477bf43d2ac4e57b4fc39bcc3331002ee"; - sha256 = "17389aqm6rlxl4b5mv1fx4b22x2v2n60hfhixfxqxpd8ialsdi6l"; - }; - -in with { inherit (stdenv.lib) optional optionals optionalString; }; -stdenv.mkDerivation rec { - name = "freetype-${version}"; + +let version = "2.7.1"; name = "freetype-" + version; in + +stdenv.mkDerivation { + inherit name; + + meta = with stdenv.lib; { + description = "A font rendering engine"; + longDescription = '' + FreeType is a portable and efficient library for rendering fonts. It + supports TrueType, Type 1, CFF fonts, and WOFF, PCF, FNT, BDF and PFR + fonts. It has a bytecode interpreter and has an automatic hinter called + autofit which can be used instead of hinting instructions included in + fonts. + ''; + homepage = https://www.freetype.org/; + license = licenses.gpl2Plus; # or the FreeType License (BSD + advertising clause) + platforms = platforms.all; + maintainers = with maintainers; [ ttuegel ]; + }; src = fetchurl { url = "mirror://savannah/freetype/${name}.tar.bz2"; - sha256 = "1w5c87s4rpx9af5b3mk5cjd1yny3c4dq5p9iv3ixb3vr00a6w2p2"; + sha256 = "121gm15ayfg3rglby8ifh8384mcjb9dhmx9j40zl7yszw72b4frs"; }; - patches = [ - # Patch for validation of OpenType and GX/AAT tables. - (fetchurl { - name = "freetype-2.2.1-enable-valid.patch"; - url = "http://pkgs.fedoraproject.org/cgit/rpms/freetype.git/plain/freetype-2.2.1-enable-valid.patch?id=9a81147af83b1166a5f301e379f85927cc610990"; - sha256 = "0zkgqhws2s0j8ywksclf391iijhidb1a406zszd7xbdjn28kmj2l"; - }) - ] ++ optionals (!useInfinality && useEncumberedCode) [ - # Patch to enable subpixel rendering. - # See https://www.freetype.org/freetype2/docs/reference/ft2-lcd_filtering.html. - (fetchurl { - name = "freetype-2.3.0-enable-spr.patch"; - url = http://pkgs.fedoraproject.org/cgit/rpms/freetype.git/plain/freetype-2.3.0-enable-spr.patch?id=9a81147af83b1166a5f301e379f85927cc610990; - sha256 = "13ni9n5q3nla38wjmxd4f8cy29gp62kjx2l6y6nqhdyiqp8fz8nd"; - }) - ]; - - prePatch = optionalString useInfinality '' - patches="$patches $(ls ${infinality}/*_freetype2-iu/*-infinality-*.patch)" - ''; - - outputs = [ "out" "dev" ]; - propagatedBuildInputs = [ zlib bzip2 libpng ]; # needed when linking against freetype # dependence on harfbuzz is looser than the reverse dependence nativeBuildInputs = [ pkgconfig which ] # FreeType requires GNU Make, which is not part of stdenv on FreeBSD. ++ optional (!stdenv.isLinux) gnumake; + patches = + [ ./enable-table-validation.patch ] + ++ optional useEncumberedCode ./enable-subpixel-rendering.patch; + + outputs = [ "out" "dev" ]; + configureFlags = [ "--disable-static" "--bindir=$(dev)/bin" ]; # The asm for armel is written with the 'asm' keyword. @@ -76,19 +65,4 @@ stdenv.mkDerivation rec { # know why it's on the PATH. configureFlags = "--disable-static CC_BUILD=gcc"; }; - - meta = with stdenv.lib; { - description = "A font rendering engine"; - longDescription = '' - FreeType is a portable and efficient library for rendering fonts. It - supports TrueType, Type 1, CFF fonts, and WOFF, PCF, FNT, BDF and PFR - fonts. It has a bytecode interpreter and has an automatic hinter called - autofit which can be used instead of hinting instructions included in - fonts. - ''; - homepage = https://www.freetype.org/; - license = licenses.gpl2Plus; # or the FreeType License (BSD + advertising clause) - #ToDo: encumbered = useEncumberedCode; - platforms = platforms.all; - }; } diff --git a/pkgs/development/libraries/freetype/enable-subpixel-rendering.patch b/pkgs/development/libraries/freetype/enable-subpixel-rendering.patch new file mode 100644 index 000000000000..4f908343e8c1 --- /dev/null +++ b/pkgs/development/libraries/freetype/enable-subpixel-rendering.patch @@ -0,0 +1,13 @@ +Index: freetype-2.7.1/include/freetype/config/ftoption.h +=================================================================== +--- freetype-2.7.1.orig/include/freetype/config/ftoption.h ++++ freetype-2.7.1/include/freetype/config/ftoption.h +@@ -122,7 +122,7 @@ FT_BEGIN_HEADER + /* This is done to allow FreeType clients to run unmodified, forcing */ + /* them to display normal gray-level anti-aliased glyphs. */ + /* */ +-/* #define FT_CONFIG_OPTION_SUBPIXEL_RENDERING */ ++#define FT_CONFIG_OPTION_SUBPIXEL_RENDERING + + + /*************************************************************************/ diff --git a/pkgs/development/libraries/freetype/enable-table-validation.patch b/pkgs/development/libraries/freetype/enable-table-validation.patch new file mode 100644 index 000000000000..37419f14f40f --- /dev/null +++ b/pkgs/development/libraries/freetype/enable-table-validation.patch @@ -0,0 +1,22 @@ +Index: freetype-2.7.1/modules.cfg +=================================================================== +--- freetype-2.7.1.orig/modules.cfg ++++ freetype-2.7.1/modules.cfg +@@ -120,7 +120,7 @@ AUX_MODULES += cache + # TrueType GX/AAT table validation. Needs ftgxval.c below. + # + # No FT_CONFIG_OPTION_PIC support. +-# AUX_MODULES += gxvalid ++AUX_MODULES += gxvalid + + # Support for streams compressed with gzip (files with suffix .gz). + # +@@ -143,7 +143,7 @@ AUX_MODULES += bzip2 + # OpenType table validation. Needs ftotval.c below. + # + # No FT_CONFIG_OPTION_PIC support. +-# AUX_MODULES += otvalid ++AUX_MODULES += otvalid + + # Auxiliary PostScript driver component to share common code. + # From 5f89c9e92df754c108a57c5b691e7a00bfd37482 Mon Sep 17 00:00:00 2001 From: Renaud Date: Thu, 16 Mar 2017 00:55:13 +0100 Subject: [PATCH 02/20] nghttp2: 1.19.0 -> 1.20.0 Corrected c-ares attribute name Full changelog : https://nghttp2.org/blog/2017/02/26/nghttp2-v1-20-0/ --- pkgs/development/libraries/nghttp2/default.nix | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/pkgs/development/libraries/nghttp2/default.nix b/pkgs/development/libraries/nghttp2/default.nix index aee0b3d7116c..5fb9cc36e962 100644 --- a/pkgs/development/libraries/nghttp2/default.nix +++ b/pkgs/development/libraries/nghttp2/default.nix @@ -1,7 +1,7 @@ { stdenv, fetchurl, pkgconfig # Optional Dependencies -, openssl ? null, libev ? null, zlib ? null, libcares ? null +, openssl ? null, libev ? null, zlib ? null, c-ares ? null , enableHpack ? false, jansson ? null , enableAsioLib ? false, boost ? null , enableGetAssets ? false, libxml2 ? null @@ -17,18 +17,18 @@ with { inherit (stdenv.lib) optional; }; stdenv.mkDerivation rec { name = "nghttp2-${version}"; - version = "1.19.0"; + version = "1.20.0"; # Don't use fetchFromGitHub since this needs a bootstrap curl src = fetchurl { url = "https://github.com/nghttp2/nghttp2/releases/download/v${version}/nghttp2-${version}.tar.bz2"; - sha256 = "477466eee27158d37b4478d9335dd091497cae4d7f2375fc6657beab67db9e7a"; + sha256 = "fb29d0500b194f11680203aed21aafab241063ec1397cc51ab5cc0957341141b"; }; outputs = [ "out" "dev" "lib" ]; nativeBuildInputs = [ pkgconfig ]; - buildInputs = [ openssl libev zlib libcares ] + buildInputs = [ openssl libev zlib c-ares ] ++ optional enableHpack jansson ++ optional enableAsioLib boost ++ optional enableGetAssets libxml2 @@ -36,8 +36,14 @@ stdenv.mkDerivation rec { enableParallelBuilding = true; + configureFlags = [ "--with-spdylay=no" "--disable-examples" "--disable-python-bindings" ] + ++ optional enableAsioLib "--enable-asio-lib --with-boost-libdir=${boost}/lib"; + + #doCheck = true; # requires CUnit ; currently failing at test_util_localtime_date in util_test.cc + + meta = with stdenv.lib; { - homepage = http://nghttp2.org/; + homepage = https://nghttp2.org/; description = "A C implementation of HTTP/2"; license = licenses.mit; platforms = platforms.all; From a4c68ace9cae9948ddd1a7ab7ef20e12ac8bb48e Mon Sep 17 00:00:00 2001 From: Renaud Date: Wed, 15 Mar 2017 23:23:57 +0100 Subject: [PATCH 03/20] jemalloc: 4.3.1 -> 4.5.0 --- pkgs/development/libraries/jemalloc/default.nix | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/pkgs/development/libraries/jemalloc/default.nix b/pkgs/development/libraries/jemalloc/default.nix index 84638bc01ea6..8c8c181409d4 100644 --- a/pkgs/development/libraries/jemalloc/default.nix +++ b/pkgs/development/libraries/jemalloc/default.nix @@ -2,11 +2,11 @@ stdenv.mkDerivation rec { name = "jemalloc-${version}"; - version = "4.3.1"; + version = "4.5.0"; src = fetchurl { url = "https://github.com/jemalloc/jemalloc/releases/download/${version}/${name}.tar.bz2"; - sha256 = "12r71i8nm3vwz21fc16rwbb0pwcg5s05n1qg3rwl2s85v0x1ifzp"; + sha256 = "9409d85664b4f135b77518b0b118c549009dc10f6cba14557d170476611f6780"; }; # By default, jemalloc puts a je_ prefix onto all its symbols on OSX, which @@ -14,6 +14,9 @@ stdenv.mkDerivation rec { # option should remove the prefix and give us a working jemalloc. configureFlags = stdenv.lib.optional stdenv.isDarwin "--with-jemalloc-prefix="; + doCheck = true; + + meta = with stdenv.lib; { homepage = http://jemalloc.net; description = "General purpose malloc(3) implementation"; From 354ea69ae42d2a1b691a4f3cb771e59141bd0dcd Mon Sep 17 00:00:00 2001 From: Thomas Tuegel Date: Sun, 12 Mar 2017 17:06:44 -0500 Subject: [PATCH 04/20] fontconfig-penultimate: init at 0.2 Also provides a NixOS module. --- .../config/fonts/fontconfig-penultimate.nix | 57 +++++++++++++++++++ nixos/modules/module-list.nix | 3 +- .../fonts/fontconfig-penultimate/default.nix | 18 ++++++ pkgs/top-level/all-packages.nix | 2 + 4 files changed, 79 insertions(+), 1 deletion(-) create mode 100644 nixos/modules/config/fonts/fontconfig-penultimate.nix create mode 100644 pkgs/data/fonts/fontconfig-penultimate/default.nix diff --git a/nixos/modules/config/fonts/fontconfig-penultimate.nix b/nixos/modules/config/fonts/fontconfig-penultimate.nix new file mode 100644 index 000000000000..8e41d3421173 --- /dev/null +++ b/nixos/modules/config/fonts/fontconfig-penultimate.nix @@ -0,0 +1,57 @@ +{ config, pkgs, lib, ... }: + +with lib; + +let + cfg = config.fonts.fontconfig.penultimate; + + latestVersion = pkgs.fontconfig.configVersion; + + # The configuration to be included in /etc/font/ + confPkg = pkgs.runCommand "font-penultimate-conf" {} '' + support_folder=$out/etc/fonts/conf.d + latest_folder=$out/etc/fonts/${latestVersion}/conf.d + + mkdir -p $support_folder + mkdir -p $latest_folder + + # fontconfig ultimate various configuration files + ln -s ${pkgs.fontconfig-penultimate}/etc/fonts/conf.d/*.conf \ + $support_folder + ln -s ${pkgs.fontconfig-penultimate}/etc/fonts/conf.d/*.conf \ + $latest_folder + ''; + +in +{ + + options = { + + fonts = { + + fontconfig = { + + penultimate = { + enable = mkOption { + type = types.bool; + default = true; + description = '' + Enable fontconfig-penultimate settings to supplement the + NixOS defaults by providing per-font rendering defaults and + metric aliases. + ''; + }; + }; + + }; + }; + + }; + + config = mkIf (config.fonts.fontconfig.enable && cfg.enable) { + + fonts.fontconfig.confPackages = [ confPkg ]; + + }; + +} diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index 7d2ae4a571c4..a938ba6d0069 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -1,8 +1,9 @@ [ ./config/debug-info.nix ./config/fonts/corefonts.nix - ./config/fonts/fontconfig-ultimate.nix ./config/fonts/fontconfig.nix + ./config/fonts/fontconfig-penultimate.nix + ./config/fonts/fontconfig-ultimate.nix ./config/fonts/fontdir.nix ./config/fonts/fonts.nix ./config/fonts/ghostscript.nix diff --git a/pkgs/data/fonts/fontconfig-penultimate/default.nix b/pkgs/data/fonts/fontconfig-penultimate/default.nix new file mode 100644 index 000000000000..aea3365aba4b --- /dev/null +++ b/pkgs/data/fonts/fontconfig-penultimate/default.nix @@ -0,0 +1,18 @@ +{ stdenv, fetchFromGitHub }: + +let version = "0.2"; in +stdenv.mkDerivation { + name = "fontconfig-penultimate-${version}"; + + src = fetchFromGitHub { + owner = "ttuegel"; + repo = "fontconfig-penultimate"; + rev = version; + sha256 = "106sjfmxdn2cachgsg0ky3wi676x6nd14y5fcl16n82kghi3d9yf"; + }; + + installPhase = '' + mkdir -p $out/etc/fonts/conf.d + cp *.conf $out/etc/fonts/conf.d + ''; +} diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index f2eb80ec01d1..962506444fc6 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -7330,6 +7330,8 @@ with pkgs; fontconfig = callPackage ../development/libraries/fontconfig { }; + fontconfig-penultimate = callPackage ../data/fonts/fontconfig-penultimate {}; + fontconfig-ultimate = callPackage ../development/libraries/fontconfig-ultimate {}; folly = callPackage ../development/libraries/folly { }; From a6fce585e4c7acbd3fbb045199ef39a2f71df4ec Mon Sep 17 00:00:00 2001 From: Thomas Tuegel Date: Sun, 12 Mar 2017 17:08:02 -0500 Subject: [PATCH 05/20] nixos/fontconfig: set rendering defaults, not overrides --- nixos/modules/config/fonts/fontconfig.nix | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/nixos/modules/config/fonts/fontconfig.nix b/nixos/modules/config/fonts/fontconfig.nix index aa9c59ec551b..a137eab35344 100644 --- a/nixos/modules/config/fonts/fontconfig.nix +++ b/nixos/modules/config/fonts/fontconfig.nix @@ -75,23 +75,23 @@ let cfg = config.fonts.fontconfig; - - + + ${fcBool cfg.hinting.enable} - + ${fcBool cfg.hinting.autohint} - + hintslight - + ${fcBool cfg.antialias} - + ${cfg.subpixel.rgba} - + lcd${cfg.subpixel.lcdfilter} From f3aeb3b0ab3e8da1dcdce567e1e608e4268f49a2 Mon Sep 17 00:00:00 2001 From: Dan Peebles Date: Sat, 18 Mar 2017 15:05:55 -0400 Subject: [PATCH 06/20] llvm-39: a couple of improvements Splits outputs in clang like we do in 3.8 and 4.0 to avoid runtime dependency on Python in the main derivation. I also disable TSAN on Darwin to maintain consistency with 4.0, which disables it because it forces an unfree dependency in the stdenv. --- .../compilers/llvm/3.9/clang/default.nix | 11 +++++++++++ pkgs/development/compilers/llvm/3.9/llvm.nix | 16 +++++++++------- 2 files changed, 20 insertions(+), 7 deletions(-) diff --git a/pkgs/development/compilers/llvm/3.9/clang/default.nix b/pkgs/development/compilers/llvm/3.9/clang/default.nix index 677c4a526ea4..55938ca016e6 100644 --- a/pkgs/development/compilers/llvm/3.9/clang/default.nix +++ b/pkgs/development/compilers/llvm/3.9/clang/default.nix @@ -29,12 +29,23 @@ let sed -i -e 's/DriverArgs.hasArg(options::OPT_nostdlibinc)/true/' lib/Driver/ToolChains.cpp ''; + outputs = [ "out" "python" ]; + # Clang expects to find LLVMgold in its own prefix # Clang expects to find sanitizer libraries in its own prefix postInstall = '' ln -sv ${llvm}/lib/LLVMgold.so $out/lib ln -sv ${llvm}/lib/clang/${version}/lib $out/lib/clang/${version}/ ln -sv $out/bin/clang $out/bin/cpp + + mkdir -p $python/bin $python/share/clang/ + mv $out/bin/{git-clang-format,scan-view} $python/bin + if [ -e $out/bin/set-xcode-analyzer ]; then + mv $out/bin/set-xcode-analyzer $python/bin + fi + mv $out/share/clang/*.py $python/share/clang + + rm $out/bin/c-index-test ''; enableParallelBuilding = true; diff --git a/pkgs/development/compilers/llvm/3.9/llvm.nix b/pkgs/development/compilers/llvm/3.9/llvm.nix index 62f1514e2315..2c47ec5127f9 100644 --- a/pkgs/development/compilers/llvm/3.9/llvm.nix +++ b/pkgs/development/compilers/llvm/3.9/llvm.nix @@ -40,8 +40,7 @@ in stdenv.mkDerivation rec { outputs = [ "out" ] ++ stdenv.lib.optional enableSharedLibraries "lib"; buildInputs = [ perl groff cmake libxml2 python libffi ] - ++ stdenv.lib.optionals stdenv.isDarwin - [ libcxxabi darwin.cctools darwin.apple_sdk.libs.xpc ]; + ++ stdenv.lib.optionals stdenv.isDarwin [ libcxxabi ]; propagatedBuildInputs = [ ncurses zlib ]; @@ -53,11 +52,15 @@ in stdenv.mkDerivation rec { sha256 = "11sq86spw41v72f676igksapdlsgh7fiqp5qkkmgfj0ndqcn9skf"; }} '' - # hacky fix: New LLVM releases require a newer OS X SDK than - # 10.9. This is a temporary measure until nixpkgs darwin support is - # updated. + # TSAN requires XPC on Darwin, which we have no public/free source files for. We can depend on the Apple frameworks + # to get it, but they're unfree. Since LLVM is rather central to the stdenv, we patch out TSAN support so that Hydra + # can build this. If we didn't do it, basically the entire nixpkgs on Darwin would have an unfree dependency and we'd + # get no binary cache for the entire platform. If you really find yourself wanting the TSAN, make this controllable by + # a flag and turn the flag off during the stdenv build. I realize that this LLVM isn't used in the stdenv but I want to + # keep it consistent with 4.0. We really shouldn't be copying and pasting all this code around... + stdenv.lib.optionalString stdenv.isDarwin '' - sed -i 's/os_trace(\(.*\)");$/printf(\1\\n");/g' ./projects/compiler-rt/lib/sanitizer_common/sanitizer_mac.cc + substituteInPlace ./projects/compiler-rt/cmake/config-ix.cmake \ + --replace 'set(COMPILER_RT_HAS_TSAN TRUE)' 'set(COMPILER_RT_HAS_TSAN FALSE)' '' # Patch llvm-config to return correct library path based on --link-{shared,static}. + stdenv.lib.optionalString (enableSharedLibraries) '' @@ -85,7 +88,6 @@ in stdenv.mkDerivation rec { ++ stdenv.lib.optionals (isDarwin) [ "-DLLVM_ENABLE_LIBCXX=ON" "-DCAN_TARGET_i386=false" - "-DCMAKE_LIBTOOL=${darwin.cctools}/bin/libtool" ]; postBuild = '' From ef0eb3866071b5fa61e70f92577cd7b84e3d1882 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Vladim=C3=ADr=20=C4=8Cun=C3=A1t?= Date: Sun, 19 Mar 2017 20:41:19 +0100 Subject: [PATCH 07/20] autogen: 5.18.7 -> 5.18.12 --- pkgs/development/tools/misc/autogen/default.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/development/tools/misc/autogen/default.nix b/pkgs/development/tools/misc/autogen/default.nix index 251387e7bd51..28034f9d5492 100644 --- a/pkgs/development/tools/misc/autogen/default.nix +++ b/pkgs/development/tools/misc/autogen/default.nix @@ -2,11 +2,11 @@ stdenv.mkDerivation rec { name = "autogen-${version}"; - version = "5.18.7"; + version = "5.18.12"; src = fetchurl { - url = "mirror://gnu/autogen/autogen-${version}.tar.xz"; - sha256 = "01d4m8ckww12sy50vgyxlnz83z9dxqpyqp153cscncc9w6jq19d7"; + url = "mirror://gnu/autogen/rel${version}/autogen-${version}.tar.xz"; + sha256 = "1n5zq4872sakvz9c7ncsdcfp0z8rsybsxvbmhkpbd19ii0pacfxy"; }; outputs = [ "bin" "dev" "lib" "out" "man" "info" ]; From 972f51a2daadfaff74db08cb1ac2061da31b9b3f Mon Sep 17 00:00:00 2001 From: Dan Peebles Date: Sun, 19 Mar 2017 17:37:03 -0400 Subject: [PATCH 08/20] llvmPackages_37.libcxxabi: fix with more recent versions of libc++ The build breaks on libc++ 3.8 and above, which hinders our upgrade to LLVM 4 for the Darwin stdenv. --- .../compilers/llvm/3.7/libc++abi.nix | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) diff --git a/pkgs/development/compilers/llvm/3.7/libc++abi.nix b/pkgs/development/compilers/llvm/3.7/libc++abi.nix index 6a62a6256b4f..d2be57b1a5fa 100644 --- a/pkgs/development/compilers/llvm/3.7/libc++abi.nix +++ b/pkgs/development/compilers/llvm/3.7/libc++abi.nix @@ -1,6 +1,12 @@ -{ stdenv, cmake, fetch, libcxx, libunwind, llvm, version }: +{ stdenv, cmake, fetch, fetchpatch, libcxx, libunwind, llvm, version }: -stdenv.mkDerivation { +let + # Newer LLVMs (3.8 onwards) have changed how some basic C++ stuff works, which breaks builds of this older version + llvm38-and-above = fetchpatch { + url = "https://trac.macports.org/raw-attachment/ticket/50304/0005-string-Fix-exception-declaration.patch"; + sha256 = "1lm38n7s0l5dbl7kp4i49pvzxz1mcvlr2vgsnj47agnwhhm63jvr"; + }; +in stdenv.mkDerivation { name = "libc++abi-${version}"; src = fetch "libcxxabi" "0ambfcmr2nh88hx000xb7yjm9lsqjjz49w5mlf6dlxzmj3nslzx4"; @@ -16,6 +22,13 @@ stdenv.mkDerivation { export TRIPLE=x86_64-apple-darwin ''; + # I can't use patches directly because this is actually a patch for libc++'s source, which we manually extract + # into the libc++abi build environment above. + prePatch = ''( + cd ../libcxx-* + patch -p1 < ${llvm38-and-above} + )''; + installPhase = if stdenv.isDarwin then '' for file in lib/*.dylib; do From c3c9412c7d6513091295f4e253d416ddbd17fe55 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Domen=20Ko=C5=BEar?= Date: Mon, 20 Mar 2017 14:11:20 +0100 Subject: [PATCH 09/20] git, openssl, curl: Respect $NIX_SSL_CERT_FILE Slightly modified version of 942dbf89c6120cb5b52fb2ab456855d1fbf2994e --- .../git-and-tools/git/ssl-cert-file.patch | 7 +++++-- pkgs/development/libraries/openssl/default.nix | 1 + .../libraries/openssl/nix-ssl-cert-file.patch | 14 ++++++++++++++ pkgs/tools/networking/curl/default.nix | 2 +- pkgs/tools/networking/curl/nix-ssl-cert-file.patch | 14 ++++++++++++++ 5 files changed, 35 insertions(+), 3 deletions(-) create mode 100644 pkgs/development/libraries/openssl/nix-ssl-cert-file.patch create mode 100644 pkgs/tools/networking/curl/nix-ssl-cert-file.patch diff --git a/pkgs/applications/version-management/git-and-tools/git/ssl-cert-file.patch b/pkgs/applications/version-management/git-and-tools/git/ssl-cert-file.patch index bafd65e8c93e..0e0697dfb211 100644 --- a/pkgs/applications/version-management/git-and-tools/git/ssl-cert-file.patch +++ b/pkgs/applications/version-management/git-and-tools/git/ssl-cert-file.patch @@ -1,11 +1,14 @@ diff -ru git-2.7.4-orig/http.c git-2.7.4/http.c --- git-2.7.4-orig/http.c 2016-03-17 21:47:59.000000000 +0100 +++ git-2.7.4/http.c 2016-04-12 11:38:33.187070848 +0200 -@@ -544,6 +544,7 @@ +@@ -544,6 +544,10 @@ #if LIBCURL_VERSION_NUM >= 0x070908 set_from_env(&ssl_capath, "GIT_SSL_CAPATH"); #endif -+ set_from_env(&ssl_cainfo, "SSL_CERT_FILE"); ++ if (getenv("NIX_SSL_CERT_FILE")) ++ set_from_env(&ssl_cainfo, "NIX_SSL_CERT_FILE"); ++ else ++ set_from_env(&ssl_cainfo, "SSL_CERT_FILE"); set_from_env(&ssl_cainfo, "GIT_SSL_CAINFO"); set_from_env(&user_agent, "GIT_HTTP_USER_AGENT"); diff --git a/pkgs/development/libraries/openssl/default.nix b/pkgs/development/libraries/openssl/default.nix index 2591a43f1d47..947c0e30f993 100644 --- a/pkgs/development/libraries/openssl/default.nix +++ b/pkgs/development/libraries/openssl/default.nix @@ -19,6 +19,7 @@ let patches = (args.patches or []) + ++ [ ./nix-ssl-cert-file.patch ] ++ optional (versionOlder version "1.1.0") ./use-etc-ssl-certs.patch ++ optional stdenv.isCygwin ./1.0.1-cygwin64.patch ++ optional diff --git a/pkgs/development/libraries/openssl/nix-ssl-cert-file.patch b/pkgs/development/libraries/openssl/nix-ssl-cert-file.patch new file mode 100644 index 000000000000..b615f1482b7c --- /dev/null +++ b/pkgs/development/libraries/openssl/nix-ssl-cert-file.patch @@ -0,0 +1,14 @@ +diff -ru -x '*~' openssl-1.0.2j-orig/crypto/x509/by_file.c openssl-1.0.2j/crypto/x509/by_file.c +--- openssl-1.0.2j-orig/crypto/x509/by_file.c 2016-09-26 11:49:07.000000000 +0200 ++++ openssl-1.0.2j/crypto/x509/by_file.c 2016-10-13 16:54:31.400288302 +0200 +@@ -97,7 +97,9 @@ + switch (cmd) { + case X509_L_FILE_LOAD: + if (argl == X509_FILETYPE_DEFAULT) { +- file = (char *)getenv(X509_get_default_cert_file_env()); ++ file = (char *)getenv("NIX_SSL_CERT_FILE"); ++ if (!file) ++ file = (char *)getenv(X509_get_default_cert_file_env()); + if (file) + ok = (X509_load_cert_crl_file(ctx, file, + X509_FILETYPE_PEM) != 0); diff --git a/pkgs/tools/networking/curl/default.nix b/pkgs/tools/networking/curl/default.nix index bb9316512ecd..f8d1506cca34 100644 --- a/pkgs/tools/networking/curl/default.nix +++ b/pkgs/tools/networking/curl/default.nix @@ -28,7 +28,7 @@ stdenv.mkDerivation rec { sha256 = "1s1hyndva0yp62xy96pcp4anzrvw6cl0abjajim17sbmdp00fwhw"; }; - patches = [ ]; + patches = [ ./nix-ssl-cert-file.patch ]; outputs = [ "bin" "dev" "out" "man" "devdoc" ]; diff --git a/pkgs/tools/networking/curl/nix-ssl-cert-file.patch b/pkgs/tools/networking/curl/nix-ssl-cert-file.patch new file mode 100644 index 000000000000..20c408bfae23 --- /dev/null +++ b/pkgs/tools/networking/curl/nix-ssl-cert-file.patch @@ -0,0 +1,14 @@ +diff -ru -x '*~' curl-7.50.3-orig/src/tool_operate.c curl-7.50.3/src/tool_operate.c +--- curl-7.50.3-orig/src/tool_operate.c 2016-09-06 23:25:06.000000000 +0200 ++++ curl-7.50.3/src/tool_operate.c 2016-10-14 11:51:48.999943142 +0200 +@@ -269,7 +269,9 @@ + capath_from_env = true; + } + else { +- env = curlx_getenv("SSL_CERT_FILE"); ++ env = curlx_getenv("NIX_SSL_CERT_FILE"); ++ if(!env) ++ env = curlx_getenv("SSL_CERT_FILE"); + if(env) { + config->cacert = strdup(env); + if(!config->cacert) { From d458b5401a36dd87cfd2bd071f634330f095cf5d Mon Sep 17 00:00:00 2001 From: Thomas Tuegel Date: Mon, 20 Mar 2017 10:34:52 -0500 Subject: [PATCH 10/20] nixos/fontconfig: add Changelog message about FreeType update --- nixos/doc/manual/release-notes/rl-1709.xml | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/nixos/doc/manual/release-notes/rl-1709.xml b/nixos/doc/manual/release-notes/rl-1709.xml index 3705fd468f61..66b88eab09bc 100644 --- a/nixos/doc/manual/release-notes/rl-1709.xml +++ b/nixos/doc/manual/release-notes/rl-1709.xml @@ -49,6 +49,18 @@ following incompatible changes: rest of the system on a stable release. + + + Updated to FreeType 2.7.1, including a new TrueType engine. + The new engine replaces the Infinality engine which was the default in + NixOS. The default font rendering settings are now provided by + fontconfig-penultimate, replacing fontconfig-ultimate; the new defaults + are less invasive and provide rendering that is more consistent with + other systems and hopefully with each font designer's intent. Some + system-wide configuration has been removed from the Fontconfig NixOS + module where user Fontconfig settings are available. + + From 48bc3cf9f497f38d0bfcf0ac6a808a1cd411a855 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Mon, 20 Mar 2017 16:47:13 +0100 Subject: [PATCH 11/20] bash: 4.4p5 -> 4.4p12 --- pkgs/shells/bash/4.4.nix | 7 ------- pkgs/shells/bash/bash-4.4-patches.nix | 7 +++++++ 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/pkgs/shells/bash/4.4.nix b/pkgs/shells/bash/4.4.nix index 682123d924e0..988b4f711cb3 100644 --- a/pkgs/shells/bash/4.4.nix +++ b/pkgs/shells/bash/4.4.nix @@ -52,13 +52,6 @@ stdenv.mkDerivation rec { patchFlags = "-p0"; patches = upstreamPatches - ++ [ (fetchurl { - # https://security.gentoo.org/glsa/201701-02 - url = "https://gitweb.gentoo.org/repo/gentoo.git/plain/app-shells" - + "/bash/files/bash-4.4-popd-offset-overflow.patch" - + "?id=1bf1ceeb04a2f57e1e5e1636a8c288c4d0db6682"; - sha256 = "02n08lw5spvsc2b1bll0gr6mg4qxcg7pzfjkw7ji5w7bjcikccbm"; - }) ] ++ optional stdenv.isCygwin ./cygwin-bash-4.3.33-1.src.patch; crossAttrs = { diff --git a/pkgs/shells/bash/bash-4.4-patches.nix b/pkgs/shells/bash/bash-4.4-patches.nix index c3ef5470aebf..741fb675d614 100644 --- a/pkgs/shells/bash/bash-4.4-patches.nix +++ b/pkgs/shells/bash/bash-4.4-patches.nix @@ -6,4 +6,11 @@ patch: [ (patch "003" "1chqww2rj6g42b8s60q5zlzy0jzp684jkpsbrbfy1vzxja8mmpsi") (patch "004" "1cy8abf96hkrjhw921ndr0shlcnc52bg45rn6xri4v5clhq0l25d") (patch "005" "0a8515kyk4zsgmvlqvlganjfr7pq0j6kzpr4d6xx02kpbdr4n7i2") +(patch "006" "1f24wgqngmj2mrj9yibwvc2zvlmn5xi53mnw777g3l40c4m2x3ka") +(patch "007" "1bzdsnqaf05gdbqpsixhan8vygjxpcxlz1dd8d9f5jdznw3wq76y") +(patch "008" "1firw915mjm03hbbw9a70ch3cpgrgnvqjpllgdnn6csr8q04f546") +(patch "009" "0g1l56kvw61rpw7dqa9fcl9llkl693h73g631hrhxlm030ddssqb") +(patch "010" "01lfhrkdsdkdz8ypzapr614ras23x7ckjnr60aa5bzkaqprccrc4") +(patch "011" "038p7mhnq9m65g505hi3827jkf9f35nd1cy00w8mwafpyxp44mnx") +(patch "012" "0gh6lbb1rwpk44pvbamm6vzdfi50xnwkqd9v7s8cjwk3pz973hps") ] From 3760c8c7fde6e8b15d19b063579d05018fc2d8b3 Mon Sep 17 00:00:00 2001 From: Frederik Rietdijk Date: Tue, 21 Mar 2017 13:01:17 +0100 Subject: [PATCH 12/20] Python: replace mkPythonDerivation with buildPythonPackage and format="other"; This way all Python packages use the same function, `buildPythonPackage`. --- .../version-management/mercurial/default.nix | 3 ++- pkgs/development/python-modules/dbus/default.nix | 5 +++-- pkgs/development/python-modules/koji/default.nix | 5 +++-- .../python-modules/libsexy/default.nix | 5 +++-- .../python-modules/pycairo/default.nix | 5 +++-- pkgs/development/python-modules/pygobject/3.nix | 5 +++-- .../python-modules/pygobject/default.nix | 4 ++-- .../python-modules/pygtksourceview/default.nix | 5 +++-- pkgs/development/python-modules/pyqt/4.x.nix | 5 +++-- pkgs/development/python-modules/pyqt/5.x.nix | 5 +++-- .../development/python-modules/pyside/default.nix | 5 +++-- pkgs/development/python-modules/pyxml/default.nix | 5 +++-- pkgs/development/python-modules/sip/default.nix | 5 +++-- .../documentation/gnome-doc-utils/default.nix | 3 ++- pkgs/development/tools/misc/d-feet/default.nix | 4 ++-- pkgs/misc/drivers/hplip/default.nix | 3 ++- pkgs/os-specific/linux/dstat/default.nix | 3 ++- pkgs/top-level/python-packages.nix | 15 ++++++++++----- 18 files changed, 55 insertions(+), 35 deletions(-) diff --git a/pkgs/applications/version-management/mercurial/default.nix b/pkgs/applications/version-management/mercurial/default.nix index 034eb5344234..1c97f7252f56 100644 --- a/pkgs/applications/version-management/mercurial/default.nix +++ b/pkgs/applications/version-management/mercurial/default.nix @@ -7,8 +7,9 @@ let version = "3.9.2"; name = "mercurial-${version}"; inherit (python2Packages) docutils hg-git dulwich python; -in python2Packages.mkPythonDerivation { +in python2Packages.buildPythonApplication { inherit name; + format = "other"; src = fetchurl { url = "https://mercurial-scm.org/release/${name}.tar.gz"; diff --git a/pkgs/development/python-modules/dbus/default.nix b/pkgs/development/python-modules/dbus/default.nix index f3f897ac9e79..d2e1d2dc86fd 100644 --- a/pkgs/development/python-modules/dbus/default.nix +++ b/pkgs/development/python-modules/dbus/default.nix @@ -1,8 +1,9 @@ -{ lib, fetchurl, mkPythonDerivation, python, pkgconfig, dbus, dbus_glib, dbus_tools, isPyPy +{ lib, fetchurl, buildPythonPackage, python, pkgconfig, dbus, dbus_glib, dbus_tools, isPyPy , ncurses, pygobject3 }: -if isPyPy then throw "dbus-python not supported for interpreter ${python.executable}" else mkPythonDerivation rec { +if isPyPy then throw "dbus-python not supported for interpreter ${python.executable}" else buildPythonPackage rec { name = "dbus-python-1.2.4"; + format = "other"; src = fetchurl { url = "http://dbus.freedesktop.org/releases/dbus-python/${name}.tar.gz"; diff --git a/pkgs/development/python-modules/koji/default.nix b/pkgs/development/python-modules/koji/default.nix index 262ea74d4a34..28b5e11223ff 100644 --- a/pkgs/development/python-modules/koji/default.nix +++ b/pkgs/development/python-modules/koji/default.nix @@ -1,7 +1,8 @@ -{ stdenv, fetchurl, mkPythonDerivation, pycurl }: +{ stdenv, fetchurl, buildPythonPackage, pycurl }: -mkPythonDerivation rec { +buildPythonPackage rec { name = "koji-1.8"; + format = "other"; src = fetchurl { url = "https://fedorahosted.org/released/koji/koji-1.8.0.tar.bz2"; diff --git a/pkgs/development/python-modules/libsexy/default.nix b/pkgs/development/python-modules/libsexy/default.nix index fa79cfa3be5c..79eb8ab2f83c 100644 --- a/pkgs/development/python-modules/libsexy/default.nix +++ b/pkgs/development/python-modules/libsexy/default.nix @@ -1,8 +1,9 @@ -{ stdenv, fetchurl, mkPythonDerivation, libsexy, pkgconfig, libxml2, pygtk, pango, gtk2, glib }: +{ stdenv, fetchurl, buildPythonPackage, libsexy, pkgconfig, libxml2, pygtk, pango, gtk2, glib }: -mkPythonDerivation rec { +buildPythonPackage rec { name = "libsexy-${version}"; version = "0.1.9"; + format = "other"; src = fetchurl { url = "http://releases.chipx86.com/libsexy/sexy-python/sexy-python-${version}.tar.gz"; diff --git a/pkgs/development/python-modules/pycairo/default.nix b/pkgs/development/python-modules/pycairo/default.nix index e7cf3b4c4489..5d002c096239 100644 --- a/pkgs/development/python-modules/pycairo/default.nix +++ b/pkgs/development/python-modules/pycairo/default.nix @@ -1,8 +1,9 @@ -{ lib, fetchurl, fetchpatch, python, mkPythonDerivation, pkgconfig, cairo, xlibsWrapper, isPyPy, isPy35, isPy3k }: +{ lib, fetchurl, fetchpatch, python, buildPythonPackage, pkgconfig, cairo, xlibsWrapper, isPyPy, isPy35, isPy3k }: -if (isPyPy) then throw "pycairo not supported for interpreter ${python.executable}" else mkPythonDerivation rec { +if (isPyPy) then throw "pycairo not supported for interpreter ${python.executable}" else buildPythonPackage rec { version = "1.10.0"; name = "pycairo-${version}"; + format = "other"; src = if isPy3k then fetchurl { url = "http://cairographics.org/releases/pycairo-${version}.tar.bz2"; diff --git a/pkgs/development/python-modules/pygobject/3.nix b/pkgs/development/python-modules/pygobject/3.nix index 33bb1d5a4cab..984b11844342 100644 --- a/pkgs/development/python-modules/pygobject/3.nix +++ b/pkgs/development/python-modules/pygobject/3.nix @@ -1,9 +1,10 @@ -{ stdenv, fetchurl, mkPythonDerivation, python, pkgconfig, glib, gobjectIntrospection, pycairo, cairo, which, ncurses}: +{ stdenv, fetchurl, buildPythonPackage, python, pkgconfig, glib, gobjectIntrospection, pycairo, cairo, which, ncurses}: -mkPythonDerivation rec { +buildPythonPackage rec { major = "3.22"; minor = "0"; name = "pygobject-${major}.${minor}"; + format = "other"; src = fetchurl { url = "mirror://gnome/sources/pygobject/${major}/${name}.tar.xz"; diff --git a/pkgs/development/python-modules/pygobject/default.nix b/pkgs/development/python-modules/pygobject/default.nix index 6723ba6b6a58..a3658a96bf3d 100644 --- a/pkgs/development/python-modules/pygobject/default.nix +++ b/pkgs/development/python-modules/pygobject/default.nix @@ -1,6 +1,6 @@ -{ stdenv, fetchurl, python, mkPythonDerivation, pkgconfig, glib }: +{ stdenv, fetchurl, python, buildPythonPackage, pkgconfig, glib }: -mkPythonDerivation rec { +buildPythonPackage rec { name = "pygobject-${version}"; version = "2.28.6"; diff --git a/pkgs/development/python-modules/pygtksourceview/default.nix b/pkgs/development/python-modules/pygtksourceview/default.nix index 133cbdb34fd2..499634236acd 100644 --- a/pkgs/development/python-modules/pygtksourceview/default.nix +++ b/pkgs/development/python-modules/pygtksourceview/default.nix @@ -1,9 +1,10 @@ -{ lib, fetchurl, python, mkPythonDerivation, pkgconfig, pygobject2, glib, pygtk, gnome2 }: +{ lib, fetchurl, python, buildPythonPackage, pkgconfig, pygobject2, glib, pygtk, gnome2 }: let version = "2.10.1"; in -mkPythonDerivation { +buildPythonPackage { name = "pygtksourceview-${version}"; + format = "other"; src = fetchurl { url = "http://ftp.gnome.org/pub/gnome/sources/pygtksourceview/2.10/pygtksourceview-${version}.tar.bz2"; diff --git a/pkgs/development/python-modules/pyqt/4.x.nix b/pkgs/development/python-modules/pyqt/4.x.nix index dc3dd69ac02e..a5ae0aaa137d 100644 --- a/pkgs/development/python-modules/pyqt/4.x.nix +++ b/pkgs/development/python-modules/pyqt/4.x.nix @@ -2,9 +2,10 @@ let version = "4.12"; - inherit (pythonPackages) mkPythonDerivation python dbus-python sip; -in mkPythonDerivation { + inherit (pythonPackages) buildPythonPackage python dbus-python sip; +in buildPythonPackage { name = "PyQt-x11-gpl-${version}"; + format = "other"; src = fetchurl { url = "mirror://sourceforge/pyqt/PyQt4_gpl_x11-${version}.tar.gz"; diff --git a/pkgs/development/python-modules/pyqt/5.x.nix b/pkgs/development/python-modules/pyqt/5.x.nix index ee3419eed0e9..880edfbab079 100644 --- a/pkgs/development/python-modules/pyqt/5.x.nix +++ b/pkgs/development/python-modules/pyqt/5.x.nix @@ -3,9 +3,10 @@ let version = "5.8.1"; - inherit (pythonPackages) mkPythonDerivation python dbus-python sip; -in mkPythonDerivation { + inherit (pythonPackages) buildPythonPackage python dbus-python sip; +in buildPythonPackage { name = "PyQt-${version}"; + format = "other"; meta = with lib; { description = "Python bindings for Qt5"; diff --git a/pkgs/development/python-modules/pyside/default.nix b/pkgs/development/python-modules/pyside/default.nix index 6473ebf22b13..4aff09b8f8f5 100644 --- a/pkgs/development/python-modules/pyside/default.nix +++ b/pkgs/development/python-modules/pyside/default.nix @@ -1,8 +1,9 @@ -{ lib, fetchurl, cmake, python, mkPythonDerivation, pysideGeneratorrunner, pysideShiboken, qt4 }: +{ lib, fetchurl, cmake, python, buildPythonPackage, pysideGeneratorrunner, pysideShiboken, qt4 }: -mkPythonDerivation rec { +buildPythonPackage rec { name = "pyside-${version}"; version = "1.2.4"; + format = "other"; src = fetchurl { url = "https://github.com/PySide/PySide/archive/${version}.tar.gz"; diff --git a/pkgs/development/python-modules/pyxml/default.nix b/pkgs/development/python-modules/pyxml/default.nix index abea143d11da..b85b20423697 100644 --- a/pkgs/development/python-modules/pyxml/default.nix +++ b/pkgs/development/python-modules/pyxml/default.nix @@ -1,7 +1,8 @@ -{lib, fetchurl, python, mkPythonDerivation, makeWrapper}: +{lib, fetchurl, python, buildPythonPackage, makeWrapper}: -mkPythonDerivation rec { +buildPythonPackage rec { name = "PyXML-0.8.4"; + format = "other"; src = fetchurl { url = "mirror://sourceforge/pyxml/${name}.tar.gz"; sha256 = "04wc8i7cdkibhrldy6j65qp5l75zjxf5lx6qxdxfdf2gb3wndawz"; diff --git a/pkgs/development/python-modules/sip/default.nix b/pkgs/development/python-modules/sip/default.nix index 99d3c89e1f9d..29295de66b7e 100644 --- a/pkgs/development/python-modules/sip/default.nix +++ b/pkgs/development/python-modules/sip/default.nix @@ -1,7 +1,8 @@ -{ lib, fetchurl, mkPythonDerivation, python, isPyPy }: +{ lib, fetchurl, buildPythonPackage, python, isPyPy }: -if isPyPy then throw "sip not supported for interpreter ${python.executable}" else mkPythonDerivation rec { +if isPyPy then throw "sip not supported for interpreter ${python.executable}" else buildPythonPackage rec { name = "sip-4.19.1"; + format = "other"; src = fetchurl { url = "mirror://sourceforge/pyqt/sip/${name}/${name}.tar.gz"; diff --git a/pkgs/development/tools/documentation/gnome-doc-utils/default.nix b/pkgs/development/tools/documentation/gnome-doc-utils/default.nix index 18933426db0a..ef339d47ea05 100644 --- a/pkgs/development/tools/documentation/gnome-doc-utils/default.nix +++ b/pkgs/development/tools/documentation/gnome-doc-utils/default.nix @@ -1,8 +1,9 @@ {stdenv, fetchurl, pkgconfig, libxml2Python, libxslt, intltool , makeWrapper, python2Packages }: -python2Packages.mkPythonDerivation { +python2Packages.buildPythonApplication { name = "gnome-doc-utils-0.20.10"; + format = "other"; src = fetchurl { url = mirror://gnome/sources/gnome-doc-utils/0.20/gnome-doc-utils-0.20.10.tar.xz; diff --git a/pkgs/development/tools/misc/d-feet/default.nix b/pkgs/development/tools/misc/d-feet/default.nix index 2ada782563e5..4fec00a2fd7e 100644 --- a/pkgs/development/tools/misc/d-feet/default.nix +++ b/pkgs/development/tools/misc/d-feet/default.nix @@ -4,9 +4,9 @@ let version = "${major}.11"; major = "0.3"; -in pythonPackages.mkPythonDerivation rec { +in pythonPackages.buildPythonApplication rec { name = "d-feet-${version}"; - namePrefix = ""; + format = "other"; src = fetchurl { url = "mirror://gnome/sources/d-feet/${major}/d-feet-${version}.tar.xz"; diff --git a/pkgs/misc/drivers/hplip/default.nix b/pkgs/misc/drivers/hplip/default.nix index c0a6c0a9baa0..1c40493e4ae9 100644 --- a/pkgs/misc/drivers/hplip/default.nix +++ b/pkgs/misc/drivers/hplip/default.nix @@ -47,8 +47,9 @@ in assert withPlugin -> builtins.elem hplipArch pluginArches || throw "HPLIP plugin not supported on ${stdenv.system}"; -pythonPackages.mkPythonDerivation { +pythonPackages.buildPythonApplication { inherit name src; + format = "other"; buildInputs = [ libjpeg diff --git a/pkgs/os-specific/linux/dstat/default.nix b/pkgs/os-specific/linux/dstat/default.nix index ccedc381504f..366cc9787f28 100644 --- a/pkgs/os-specific/linux/dstat/default.nix +++ b/pkgs/os-specific/linux/dstat/default.nix @@ -1,7 +1,8 @@ { stdenv, fetchurl, python2Packages }: -python2Packages.mkPythonDerivation rec { +python2Packages.buildPythonApplication rec { name = "dstat-${version}"; + format = "other"; version = "0.7.3"; src = fetchurl { diff --git a/pkgs/top-level/python-packages.nix b/pkgs/top-level/python-packages.nix index cf06f64421e1..d80c36842352 100644 --- a/pkgs/top-level/python-packages.nix +++ b/pkgs/top-level/python-packages.nix @@ -7035,9 +7035,10 @@ in { buildInputs = with self; [ fudge_9 nose ]; }; - fedora_cert = mkPythonDerivation rec { + fedora_cert = buildPythonPackage rec { name = "fedora-cert-0.5.9.2"; meta.maintainers = with maintainers; [ mornfall ]; + format = "other"; src = pkgs.fetchurl { url = "https://fedorahosted.org/releases/f/e/fedora-packager/fedora-packager-0.5.9.2.tar.bz2"; @@ -21809,8 +21810,9 @@ in { }; - pysvn = mkPythonDerivation rec { + pysvn = buildPythonPackage rec { name = "pysvn-1.8.0"; + format = "other"; src = pkgs.fetchurl { url = "http://pysvn.barrys-emacs.org/source_kits/${name}.tar.gz"; @@ -21965,9 +21967,10 @@ in { }); - pywebkitgtk = mkPythonDerivation rec { + pywebkitgtk = buildPythonPackage rec { name = "pywebkitgtk-${version}"; version = "1.1.8"; + format = "other"; src = pkgs.fetchurl { url = "http://pywebkitgtk.googlecode.com/files/${name}.tar.bz2"; @@ -22300,10 +22303,11 @@ in { qscintilla = if isPy3k || isPyPy then throw "qscintilla-${pkgs.qscintilla.version} not supported for interpreter ${python.executable}" - else mkPythonDerivation rec { + else buildPythonPackage rec { # TODO: Qt5 support name = "qscintilla-${version}"; version = pkgs.qscintilla.version; + format = "other"; src = pkgs.qscintilla.src; @@ -25833,9 +25837,10 @@ in { # Python package. tkinter = let py = python.override{x11Support=true;}; - in mkPythonDerivation rec { + in buildPythonPackage rec { name = "tkinter-${python.version}"; src = py; + format = "other"; disabled = isPy26 || isPyPy; From 261d7caed794c4e7e8346455e53a2f3a464e7935 Mon Sep 17 00:00:00 2001 From: Nikolay Amiantov Date: Tue, 21 Mar 2017 15:51:35 +0300 Subject: [PATCH 13/20] mesa: enable texture floats by default --- pkgs/development/libraries/mesa/default.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/pkgs/development/libraries/mesa/default.nix b/pkgs/development/libraries/mesa/default.nix index 1987bbd323ee..d79d9b2859e8 100644 --- a/pkgs/development/libraries/mesa/default.nix +++ b/pkgs/development/libraries/mesa/default.nix @@ -5,7 +5,8 @@ , libelf, libvdpau, python2 , grsecEnabled ? false , enableRadv ? false -, enableTextureFloats ? false # Texture floats are patented, see docs/patents.txt +# Texture floats are patented, see docs/patents.txt, but Debian enables them. +, enableTextureFloats ? true , galliumDrivers ? null , driDrivers ? null , vulkanDrivers ? null From 7299db431a700768d0b5a6c80ae6e82b748ad0db Mon Sep 17 00:00:00 2001 From: Thomas Tuegel Date: Tue, 21 Mar 2017 11:22:07 -0500 Subject: [PATCH 14/20] fontconfig-penultimate: 0.2 -> 0.2.1 Added package metadata, including license. --- pkgs/data/fonts/fontconfig-penultimate/default.nix | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/pkgs/data/fonts/fontconfig-penultimate/default.nix b/pkgs/data/fonts/fontconfig-penultimate/default.nix index aea3365aba4b..f9d60d6600dc 100644 --- a/pkgs/data/fonts/fontconfig-penultimate/default.nix +++ b/pkgs/data/fonts/fontconfig-penultimate/default.nix @@ -1,6 +1,6 @@ { stdenv, fetchFromGitHub }: -let version = "0.2"; in +let version = "0.2.1"; in stdenv.mkDerivation { name = "fontconfig-penultimate-${version}"; @@ -8,11 +8,19 @@ stdenv.mkDerivation { owner = "ttuegel"; repo = "fontconfig-penultimate"; rev = version; - sha256 = "106sjfmxdn2cachgsg0ky3wi676x6nd14y5fcl16n82kghi3d9yf"; + sha256 = "14arpalmpn7ig2myxslk4jdg6lm0cnmwsxy7zl0j7yr417k1kprf"; }; installPhase = '' mkdir -p $out/etc/fonts/conf.d cp *.conf $out/etc/fonts/conf.d ''; + + meta = with stdenv.lib; { + homepage = https://github.com/ttuegel/fontconfig-penultimate; + description = "Sensible defaults for Fontconfig"; + license = licenses.asl20; + maintainers = [ maintainers.ttuegel ]; + platforms = platforms.all; + }; } From 328bcdae252319bacdac9e9e20d0125af9969e20 Mon Sep 17 00:00:00 2001 From: Nikolay Amiantov Date: Tue, 21 Mar 2017 21:56:40 +0300 Subject: [PATCH 15/20] mesa: enable texture floats only for drivers To be on more safe side. This shouldn't matter theoretically as nothing in core Mesa depends on them. --- pkgs/development/libraries/mesa/default.nix | 5 +++-- pkgs/top-level/all-packages.nix | 1 + 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/pkgs/development/libraries/mesa/default.nix b/pkgs/development/libraries/mesa/default.nix index d79d9b2859e8..6a5c72f04c3a 100644 --- a/pkgs/development/libraries/mesa/default.nix +++ b/pkgs/development/libraries/mesa/default.nix @@ -5,8 +5,9 @@ , libelf, libvdpau, python2 , grsecEnabled ? false , enableRadv ? false -# Texture floats are patented, see docs/patents.txt, but Debian enables them. -, enableTextureFloats ? true +# Texture floats are patented, see docs/patents.txt, so we don't enable them for full Mesa. +# It's overridden for mesa_drivers. +, enableTextureFloats ? false , galliumDrivers ? null , driDrivers ? null , vulkanDrivers ? null diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 458858cfeb01..fcfdd22630cf 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -8991,6 +8991,7 @@ with pkgs; mesa_drivers = mesaDarwinOr ( let mo = mesa_noglu.override { grsecEnabled = config.grsecurity or false; + enableTextureFloats = true; }; in mo.drivers ); From 39eda57d2a2abd0d80828ff94541ff342764aad8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Vladim=C3=ADr=20=C4=8Cun=C3=A1t?= Date: Tue, 21 Mar 2017 20:11:31 +0100 Subject: [PATCH 16/20] mesa: maintenance 17.0.1 -> 17.0.2 --- pkgs/development/libraries/mesa/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/libraries/mesa/default.nix b/pkgs/development/libraries/mesa/default.nix index 6a5c72f04c3a..eac07ddbfb19 100644 --- a/pkgs/development/libraries/mesa/default.nix +++ b/pkgs/development/libraries/mesa/default.nix @@ -65,7 +65,7 @@ let in let - version = "17.0.1"; + version = "17.0.2"; branch = head (splitString "." version); driverLink = "/run/opengl-driver" + optionalString stdenv.isi686 "-32"; in @@ -80,7 +80,7 @@ stdenv.mkDerivation { "ftp://ftp.freedesktop.org/pub/mesa/older-versions/${branch}.x/${version}/mesa-${version}.tar.xz" "https://launchpad.net/mesa/trunk/${version}/+download/mesa-${version}.tar.xz" ]; - sha256 = "96fd70ef5f31d276a17e424e7e1bb79447ccbbe822b56844213ef932e7ad1b0c"; + sha256 = "f8f191f909e01e65de38d5bdea5fb057f21649a3aed20948be02348e77a689d4"; }; prePatch = "patchShebangs ."; From 8143413e590cf249b50047906d61eab2ce983c12 Mon Sep 17 00:00:00 2001 From: Frederik Rietdijk Date: Tue, 21 Mar 2017 21:58:57 +0100 Subject: [PATCH 17/20] pythonPackages.pygobject2: fixup conversation to buildPythonPackage --- pkgs/development/python-modules/pygobject/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/pkgs/development/python-modules/pygobject/default.nix b/pkgs/development/python-modules/pygobject/default.nix index a3658a96bf3d..b72bd8b9b529 100644 --- a/pkgs/development/python-modules/pygobject/default.nix +++ b/pkgs/development/python-modules/pygobject/default.nix @@ -3,6 +3,7 @@ buildPythonPackage rec { name = "pygobject-${version}"; version = "2.28.6"; + format = "other"; src = fetchurl { url = "mirror://gnome/sources/pygobject/2.28/${name}.tar.xz"; From 525a6631747597cd108bed21c26286637038b6a6 Mon Sep 17 00:00:00 2001 From: Guillaume Maudoux Date: Tue, 21 Mar 2017 10:28:44 +0100 Subject: [PATCH 18/20] curl, git: Fix curl default CA, let git use it Improve patching of curl to use NIX_SSL_CERT_FILE as default CA Remove patches from git, as git uses curl and passes its environment variables to curl. --- .../git-and-tools/git/default.nix | 1 - .../git-and-tools/git/ssl-cert-file.patch | 14 --------- .../networking/curl/nix-ssl-cert-file.patch | 31 ++++++++++++++++--- 3 files changed, 27 insertions(+), 19 deletions(-) delete mode 100644 pkgs/applications/version-management/git-and-tools/git/ssl-cert-file.patch diff --git a/pkgs/applications/version-management/git-and-tools/git/default.nix b/pkgs/applications/version-management/git-and-tools/git/default.nix index af5fc8a8be46..d6cc205bbae4 100644 --- a/pkgs/applications/version-management/git-and-tools/git/default.nix +++ b/pkgs/applications/version-management/git-and-tools/git/default.nix @@ -30,7 +30,6 @@ stdenv.mkDerivation { ./symlinks-in-bin.patch ./git-sh-i18n.patch ./ssh-path.patch - ./ssl-cert-file.patch ]; postPatch = '' diff --git a/pkgs/applications/version-management/git-and-tools/git/ssl-cert-file.patch b/pkgs/applications/version-management/git-and-tools/git/ssl-cert-file.patch deleted file mode 100644 index 0e0697dfb211..000000000000 --- a/pkgs/applications/version-management/git-and-tools/git/ssl-cert-file.patch +++ /dev/null @@ -1,14 +0,0 @@ -diff -ru git-2.7.4-orig/http.c git-2.7.4/http.c ---- git-2.7.4-orig/http.c 2016-03-17 21:47:59.000000000 +0100 -+++ git-2.7.4/http.c 2016-04-12 11:38:33.187070848 +0200 -@@ -544,6 +544,10 @@ - #if LIBCURL_VERSION_NUM >= 0x070908 - set_from_env(&ssl_capath, "GIT_SSL_CAPATH"); - #endif -+ if (getenv("NIX_SSL_CERT_FILE")) -+ set_from_env(&ssl_cainfo, "NIX_SSL_CERT_FILE"); -+ else -+ set_from_env(&ssl_cainfo, "SSL_CERT_FILE"); - set_from_env(&ssl_cainfo, "GIT_SSL_CAINFO"); - - set_from_env(&user_agent, "GIT_HTTP_USER_AGENT"); diff --git a/pkgs/tools/networking/curl/nix-ssl-cert-file.patch b/pkgs/tools/networking/curl/nix-ssl-cert-file.patch index 20c408bfae23..14eaea7071bf 100644 --- a/pkgs/tools/networking/curl/nix-ssl-cert-file.patch +++ b/pkgs/tools/networking/curl/nix-ssl-cert-file.patch @@ -1,7 +1,30 @@ -diff -ru -x '*~' curl-7.50.3-orig/src/tool_operate.c curl-7.50.3/src/tool_operate.c ---- curl-7.50.3-orig/src/tool_operate.c 2016-09-06 23:25:06.000000000 +0200 -+++ curl-7.50.3/src/tool_operate.c 2016-10-14 11:51:48.999943142 +0200 -@@ -269,7 +269,9 @@ +diff --git a/lib/url.c b/lib/url.c +index 03feaa20f..43d3baa80 100644 +--- a/lib/url.c ++++ b/lib/url.c +@@ -574,11 +574,15 @@ CURLcode Curl_init_userdefined(struct UserDefined *set) + + /* This is our preferred CA cert bundle/path since install time */ + #if defined(CURL_CA_BUNDLE) +- result = setstropt(&set->str[STRING_SSL_CAFILE_ORIG], CURL_CA_BUNDLE); ++ char* env = curl_getenv("NIX_SSL_CERT_FILE"); ++ if (!env) ++ env = CURL_CA_BUNDLE; ++ ++ result = setstropt(&set->str[STRING_SSL_CAFILE_ORIG], env); + if(result) + return result; + +- result = setstropt(&set->str[STRING_SSL_CAFILE_PROXY], CURL_CA_BUNDLE); ++ result = setstropt(&set->str[STRING_SSL_CAFILE_PROXY], env); + if(result) + return result; + #endif +diff --git a/src/tool_operate.c b/src/tool_operate.c +index 572c8d0cc..ca4fb31cb 100644 +--- a/src/tool_operate.c ++++ b/src/tool_operate.c +@@ -265,7 +265,9 @@ static CURLcode operate_do(struct GlobalConfig *global, capath_from_env = true; } else { From 8ecb94bb97842f95ca3fb780fc2977ee43b7d554 Mon Sep 17 00:00:00 2001 From: Guillaume Maudoux Date: Wed, 22 Mar 2017 11:48:06 +0100 Subject: [PATCH 19/20] curl: Use default trust store of TLS backend Having curl fall back to openssl's CA means that we need not patch curl to respect NIX_SSL_CERT_FILE. It will work in all the cases. This reverts commit fb4c43dd8adbd7a10d1c52539b36e2da269f3f7f "curl: Use CA bundle in nix default profile by default" If we want to reintroduce that feature, this needs to go inside openssl --- pkgs/tools/networking/curl/default.nix | 6 +-- .../networking/curl/nix-ssl-cert-file.patch | 37 ------------------- 2 files changed, 1 insertion(+), 42 deletions(-) delete mode 100644 pkgs/tools/networking/curl/nix-ssl-cert-file.patch diff --git a/pkgs/tools/networking/curl/default.nix b/pkgs/tools/networking/curl/default.nix index f8d1506cca34..4f8daf38d467 100644 --- a/pkgs/tools/networking/curl/default.nix +++ b/pkgs/tools/networking/curl/default.nix @@ -28,8 +28,6 @@ stdenv.mkDerivation rec { sha256 = "1s1hyndva0yp62xy96pcp4anzrvw6cl0abjajim17sbmdp00fwhw"; }; - patches = [ ./nix-ssl-cert-file.patch ]; - outputs = [ "bin" "dev" "out" "man" "devdoc" ]; enableParallelBuilding = true; @@ -57,9 +55,7 @@ stdenv.mkDerivation rec { ''; configureFlags = [ - # OS X does not have a default system bundle, so we assume cacerts is installed in the default nix-env profile - # This sucks. We should probably just include the latest cacerts in the darwin bootstrap. - "--with-ca-bundle=${if stdenv.isDarwin then "/nix/var/nix/profiles/default" else ""}/etc/ssl/certs/ca-${if stdenv.isDarwin then "bundle" else "certificates"}.crt" + "--with-ca-fallback" "--disable-manual" ( if sslSupport then "--with-ssl=${openssl.dev}" else "--without-ssl" ) ( if gnutlsSupport then "--with-gnutls=${gnutls.dev}" else "--without-gnutls" ) diff --git a/pkgs/tools/networking/curl/nix-ssl-cert-file.patch b/pkgs/tools/networking/curl/nix-ssl-cert-file.patch deleted file mode 100644 index 14eaea7071bf..000000000000 --- a/pkgs/tools/networking/curl/nix-ssl-cert-file.patch +++ /dev/null @@ -1,37 +0,0 @@ -diff --git a/lib/url.c b/lib/url.c -index 03feaa20f..43d3baa80 100644 ---- a/lib/url.c -+++ b/lib/url.c -@@ -574,11 +574,15 @@ CURLcode Curl_init_userdefined(struct UserDefined *set) - - /* This is our preferred CA cert bundle/path since install time */ - #if defined(CURL_CA_BUNDLE) -- result = setstropt(&set->str[STRING_SSL_CAFILE_ORIG], CURL_CA_BUNDLE); -+ char* env = curl_getenv("NIX_SSL_CERT_FILE"); -+ if (!env) -+ env = CURL_CA_BUNDLE; -+ -+ result = setstropt(&set->str[STRING_SSL_CAFILE_ORIG], env); - if(result) - return result; - -- result = setstropt(&set->str[STRING_SSL_CAFILE_PROXY], CURL_CA_BUNDLE); -+ result = setstropt(&set->str[STRING_SSL_CAFILE_PROXY], env); - if(result) - return result; - #endif -diff --git a/src/tool_operate.c b/src/tool_operate.c -index 572c8d0cc..ca4fb31cb 100644 ---- a/src/tool_operate.c -+++ b/src/tool_operate.c -@@ -265,7 +265,9 @@ static CURLcode operate_do(struct GlobalConfig *global, - capath_from_env = true; - } - else { -- env = curlx_getenv("SSL_CERT_FILE"); -+ env = curlx_getenv("NIX_SSL_CERT_FILE"); -+ if(!env) -+ env = curlx_getenv("SSL_CERT_FILE"); - if(env) { - config->cacert = strdup(env); - if(!config->cacert) { From c86f05e7ce13e64238960ebf3ee9706142db961b Mon Sep 17 00:00:00 2001 From: Guillaume Maudoux Date: Wed, 22 Mar 2017 12:09:09 +0100 Subject: [PATCH 20/20] openssl: default to default profile CA on darwin --- pkgs/development/libraries/openssl/default.nix | 3 ++- .../openssl/use-etc-ssl-certs-darwin.patch | 13 +++++++++++++ 2 files changed, 15 insertions(+), 1 deletion(-) create mode 100644 pkgs/development/libraries/openssl/use-etc-ssl-certs-darwin.patch diff --git a/pkgs/development/libraries/openssl/default.nix b/pkgs/development/libraries/openssl/default.nix index 947c0e30f993..a9f8c32dde9b 100644 --- a/pkgs/development/libraries/openssl/default.nix +++ b/pkgs/development/libraries/openssl/default.nix @@ -20,7 +20,8 @@ let patches = (args.patches or []) ++ [ ./nix-ssl-cert-file.patch ] - ++ optional (versionOlder version "1.1.0") ./use-etc-ssl-certs.patch + ++ optional (versionOlder version "1.1.0") + (if stdenv.isDarwin then ./use-etc-ssl-certs-darwin.patch else ./use-etc-ssl-certs.patch) ++ optional stdenv.isCygwin ./1.0.1-cygwin64.patch ++ optional (versionOlder version "1.0.2" && (stdenv.isDarwin || (stdenv ? cross && stdenv.cross.libc == "libSystem"))) diff --git a/pkgs/development/libraries/openssl/use-etc-ssl-certs-darwin.patch b/pkgs/development/libraries/openssl/use-etc-ssl-certs-darwin.patch new file mode 100644 index 000000000000..3d9ee7e6a822 --- /dev/null +++ b/pkgs/development/libraries/openssl/use-etc-ssl-certs-darwin.patch @@ -0,0 +1,13 @@ +diff -ru -x '*~' openssl-1.0.1r-orig/crypto/cryptlib.h openssl-1.0.1r/crypto/cryptlib.h +--- openssl-1.0.1r-orig/crypto/cryptlib.h 2016-01-28 14:38:30.000000000 +0100 ++++ openssl-1.0.1r/crypto/cryptlib.h 2016-02-03 12:54:29.193165176 +0100 +@@ -81,8 +81,8 @@ + + # ifndef OPENSSL_SYS_VMS + # define X509_CERT_AREA OPENSSLDIR + # define X509_CERT_DIR OPENSSLDIR "/certs" +-# define X509_CERT_FILE OPENSSLDIR "/cert.pem" ++# define X509_CERT_FILE "/nix/var/nix/profiles/default/etc/ssl/certs/ca-bundle.crt" + # define X509_PRIVATE_DIR OPENSSLDIR "/private" + # else + # define X509_CERT_AREA "SSLROOT:[000000]"