From 0e4c444cfecb83b294b27518c43dbcaab28b920e Mon Sep 17 00:00:00 2001 From: Will Dietz Date: Fri, 30 Nov 2018 19:59:55 -0600 Subject: [PATCH 01/49] minizincide: init at 2.2.3 * wrap so minizinc on PATH (to ensure it's avail/found) --- pkgs/development/tools/minizinc/ide.nix | 42 +++++++++++++++++++++++++ pkgs/top-level/all-packages.nix | 1 + 2 files changed, 43 insertions(+) create mode 100644 pkgs/development/tools/minizinc/ide.nix diff --git a/pkgs/development/tools/minizinc/ide.nix b/pkgs/development/tools/minizinc/ide.nix new file mode 100644 index 000000000000..1bfb0726d6a2 --- /dev/null +++ b/pkgs/development/tools/minizinc/ide.nix @@ -0,0 +1,42 @@ +{ stdenv, fetchFromGitHub, qtbase, qtwebengine, qtwebkit, qmake, makeWrapper, minizinc }: +let + version = "2.2.3"; +in +stdenv.mkDerivation { + name = "minizinc-ide-${version}"; + + nativeBuildInputs = [ qmake makeWrapper ]; + buildInputs = [ qtbase qtwebengine qtwebkit ]; + + src = fetchFromGitHub { + owner = "MiniZinc"; + repo = "MiniZincIDE"; + rev = version; # XXX chance it//revisit: "3d66971a0cad6edbe797f4dd940229d38e5bfe3d"; # tags on the repo are disappearing: See https://github.com/MiniZinc/libminizinc/issues/257 + sha256 = "1hanq7c6li59awlwghgvpd8w93a7zb6iw7p4062nphnbd1dmg92f"; + }; + + postUnpack = ''export sourceRoot="$sourceRoot/MiniZincIDE"''; + + enableParallelBuilding = true; + + postInstall = '' + wrapProgram $out/bin/MiniZincIDE --prefix PATH ":" ${stdenv.lib.makeBinPath [ minizinc ]} + ''; + + meta = with stdenv.lib; { + homepage = http://www.minizinc.org/; + description = "IDE for MiniZinc, a medium-level constraint modelling language."; + + longDescription = '' + MiniZinc is a medium-level constraint modelling + language. It is high-level enough to express most + constraint problems easily, but low-level enough + that it can be mapped onto existing solvers easily and consistently. + It is a subset of the higher-level language Zinc. + ''; + + license = licenses.mpl20; + platforms = platforms.linux; + maintainers = [ maintainers.sheenobu ]; + }; +} diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index cc18e0a06111..9e1c190aa313 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -8725,6 +8725,7 @@ with pkgs; minify = callPackage ../development/web/minify { }; minizinc = callPackage ../development/tools/minizinc { }; + minizincide = qt5.callPackage ../development/tools/minizinc/ide.nix { }; mk = callPackage ../development/tools/build-managers/mk { }; From 3d5ee8648846b3f36038d1197a2882fd9cca8538 Mon Sep 17 00:00:00 2001 From: Will Dietz Date: Sun, 2 Dec 2018 12:14:43 -0600 Subject: [PATCH 02/49] minizincide: https, touchup, don't volunteer others to maintain haha :P --- pkgs/development/tools/minizinc/ide.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/development/tools/minizinc/ide.nix b/pkgs/development/tools/minizinc/ide.nix index 1bfb0726d6a2..9e4edc236df9 100644 --- a/pkgs/development/tools/minizinc/ide.nix +++ b/pkgs/development/tools/minizinc/ide.nix @@ -11,7 +11,7 @@ stdenv.mkDerivation { src = fetchFromGitHub { owner = "MiniZinc"; repo = "MiniZincIDE"; - rev = version; # XXX chance it//revisit: "3d66971a0cad6edbe797f4dd940229d38e5bfe3d"; # tags on the repo are disappearing: See https://github.com/MiniZinc/libminizinc/issues/257 + rev = version; sha256 = "1hanq7c6li59awlwghgvpd8w93a7zb6iw7p4062nphnbd1dmg92f"; }; @@ -24,7 +24,7 @@ stdenv.mkDerivation { ''; meta = with stdenv.lib; { - homepage = http://www.minizinc.org/; + homepage = https://www.minizinc.org/; description = "IDE for MiniZinc, a medium-level constraint modelling language."; longDescription = '' @@ -37,6 +37,6 @@ stdenv.mkDerivation { license = licenses.mpl20; platforms = platforms.linux; - maintainers = [ maintainers.sheenobu ]; + maintainers = [ maintainers.dtzWill ]; }; } From 8b4d458ccd7f4e96c5cab8373b28316de9b802a1 Mon Sep 17 00:00:00 2001 From: Will Dietz Date: Wed, 5 Dec 2018 18:19:19 -0600 Subject: [PATCH 03/49] i2c-tools: 4.0 -> 4.1 https://marc.info/?l=linux-i2c&m=154383448901807&w=2 --- pkgs/os-specific/linux/i2c-tools/default.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/os-specific/linux/i2c-tools/default.nix b/pkgs/os-specific/linux/i2c-tools/default.nix index 3f90b91f10d8..b3fd34f665ed 100644 --- a/pkgs/os-specific/linux/i2c-tools/default.nix +++ b/pkgs/os-specific/linux/i2c-tools/default.nix @@ -2,11 +2,11 @@ stdenv.mkDerivation rec { name = "i2c-tools-${version}"; - version = "4.0"; + version = "4.1"; src = fetchurl { url = "https://www.kernel.org/pub/software/utils/i2c-tools/${name}.tar.xz"; - sha256 = "1mi8mykvl89y6liinc9jv1x8m2q093wrdc2hm86a47n524fcl06r"; + sha256 = "1m97hpwqfaqjl9xvr4pvz2vdrsdvxbcn0nnx8pamnyc3s7pikcjp"; }; buildInputs = [ perl ]; @@ -17,7 +17,7 @@ stdenv.mkDerivation rec { ''; installPhase = '' - make install prefix=$out + make install PREFIX=$out rm -rf $out/include # Installs include/linux/i2c-dev.h that conflics with kernel headers ''; From 5a09820a13c2cd742f9db4b19388400a954ca00f Mon Sep 17 00:00:00 2001 From: Robert Scott Date: Sun, 2 Dec 2018 16:26:31 +0000 Subject: [PATCH 04/49] afl-qemu: update to qemu 2.10.0, as specified by afl 2.52b refresh patches & configure options directly from afl 2.52b to make installation as vanilla as possible --- pkgs/tools/security/afl/default.nix | 137 +++---- .../security/afl/qemu-patches/afl-config.h | 335 ------------------ .../afl/qemu-patches/afl-qemu-cpu-inl.h | 296 ---------------- .../security/afl/qemu-patches/afl-types.h | 79 ----- .../security/afl/qemu-patches/cpu-exec.patch | 33 -- .../security/afl/qemu-patches/elfload.patch | 32 -- .../afl/qemu-patches/no-etc-install.patch | 11 +- .../qemu-patches/qemu-2.10.0-glibc-2.27.patch | 28 ++ .../qemu-patches/qemu-2.3.0-glibc-2.26.patch | 121 ------- .../security/afl/qemu-patches/syscall.patch | 25 -- .../afl/qemu-patches/translate-all.patch | 18 - pkgs/tools/security/afl/qemu.nix | 64 ++-- 12 files changed, 136 insertions(+), 1043 deletions(-) delete mode 100644 pkgs/tools/security/afl/qemu-patches/afl-config.h delete mode 100644 pkgs/tools/security/afl/qemu-patches/afl-qemu-cpu-inl.h delete mode 100644 pkgs/tools/security/afl/qemu-patches/afl-types.h delete mode 100644 pkgs/tools/security/afl/qemu-patches/cpu-exec.patch delete mode 100644 pkgs/tools/security/afl/qemu-patches/elfload.patch create mode 100644 pkgs/tools/security/afl/qemu-patches/qemu-2.10.0-glibc-2.27.patch delete mode 100644 pkgs/tools/security/afl/qemu-patches/qemu-2.3.0-glibc-2.26.patch delete mode 100644 pkgs/tools/security/afl/qemu-patches/syscall.patch delete mode 100644 pkgs/tools/security/afl/qemu-patches/translate-all.patch diff --git a/pkgs/tools/security/afl/default.nix b/pkgs/tools/security/afl/default.nix index 3476606049d1..067d355fb901 100644 --- a/pkgs/tools/security/afl/default.nix +++ b/pkgs/tools/security/afl/default.nix @@ -3,79 +3,80 @@ }: let - afl-qemu = callPackage ./qemu.nix {}; + afl-qemu = callPackage ./qemu.nix { inherit afl; }; qemu-exe-name = if stdenv.hostPlatform.system == "x86_64-linux" then "qemu-x86_64" else if stdenv.hostPlatform.system == "i686-linux" then "qemu-i386" else throw "afl: no support for ${stdenv.hostPlatform.system}!"; -in + afl = stdenv.mkDerivation rec { + name = "afl-${version}"; + version = "2.52b"; -stdenv.mkDerivation rec { - name = "afl-${version}"; - version = "2.52b"; + src = fetchurl { + url = "http://lcamtuf.coredump.cx/afl/releases/${name}.tgz"; + sha256 = "0ig0ij4n1pwry5dw1hk4q88801jzzy2cric6y2gd6560j55lnqa3"; + }; - src = fetchurl { - url = "http://lcamtuf.coredump.cx/afl/releases/${name}.tgz"; - sha256 = "0ig0ij4n1pwry5dw1hk4q88801jzzy2cric6y2gd6560j55lnqa3"; - }; + # Note: libcgroup isn't needed for building, just for the afl-cgroup + # script. + buildInputs = [ makeWrapper llvm which ]; - # Note: libcgroup isn't needed for building, just for the afl-cgroup - # script. - buildInputs = [ makeWrapper llvm which ]; - - buildPhase = '' - make PREFIX=$out - cd llvm_mode - make PREFIX=$out - cd .. - ''; - installPhase = '' - # Do the normal installation - make install PREFIX=$out - - # Install the custom QEMU emulator for binary blob fuzzing. - cp ${afl-qemu}/bin/${qemu-exe-name} $out/bin/afl-qemu-trace - - # Install the cgroups wrapper for asan-based fuzzing. - cp experimental/asan_cgroups/limit_memory.sh $out/bin/afl-cgroup - chmod +x $out/bin/afl-cgroup - substituteInPlace $out/bin/afl-cgroup \ - --replace "cgcreate" "${libcgroup}/bin/cgcreate" \ - --replace "cgexec" "${libcgroup}/bin/cgexec" \ - --replace "cgdelete" "${libcgroup}/bin/cgdelete" - - # Patch shebangs before wrapping - patchShebangs $out/bin - - # Wrap afl-clang-fast(++) with a *different* AFL_PATH, because it - # has totally different semantics in that case(?) - and also set a - # proper AFL_CC and AFL_CXX so we don't pick up the wrong one out - # of $PATH. - for x in $out/bin/afl-clang-fast $out/bin/afl-clang-fast++; do - wrapProgram $x \ - --prefix AFL_PATH : "$out/lib/afl" \ - --run 'export AFL_CC=''${AFL_CC:-${clang}/bin/clang} AFL_CXX=''${AFL_CXX:-${clang}/bin/clang++}' - done - ''; - - passthru = { - qemu = afl-qemu; - }; - - meta = { - description = "Powerful fuzzer via genetic algorithms and instrumentation"; - longDescription = '' - American fuzzy lop is a fuzzer that employs a novel type of - compile-time instrumentation and genetic algorithms to - automatically discover clean, interesting test cases that - trigger new internal states in the targeted binary. This - substantially improves the functional coverage for the fuzzed - code. The compact synthesized corpora produced by the tool are - also useful for seeding other, more labor or resource-intensive - testing regimes down the road. + buildPhase = '' + make PREFIX=$out + cd llvm_mode + make PREFIX=$out + cd .. ''; - homepage = "http://lcamtuf.coredump.cx/afl/"; - license = stdenv.lib.licenses.asl20; - platforms = ["x86_64-linux" "i686-linux"]; - maintainers = [ stdenv.lib.maintainers.thoughtpolice ]; + installPhase = '' + # Do the normal installation + make install PREFIX=$out + + # Install the custom QEMU emulator for binary blob fuzzing. + cp ${afl-qemu}/bin/${qemu-exe-name} $out/bin/afl-qemu-trace + + # Install the cgroups wrapper for asan-based fuzzing. + cp experimental/asan_cgroups/limit_memory.sh $out/bin/afl-cgroup + chmod +x $out/bin/afl-cgroup + substituteInPlace $out/bin/afl-cgroup \ + --replace "cgcreate" "${libcgroup}/bin/cgcreate" \ + --replace "cgexec" "${libcgroup}/bin/cgexec" \ + --replace "cgdelete" "${libcgroup}/bin/cgdelete" + + # Patch shebangs before wrapping + patchShebangs $out/bin + + # Wrap afl-clang-fast(++) with a *different* AFL_PATH, because it + # has totally different semantics in that case(?) - and also set a + # proper AFL_CC and AFL_CXX so we don't pick up the wrong one out + # of $PATH. + for x in $out/bin/afl-clang-fast $out/bin/afl-clang-fast++; do + wrapProgram $x \ + --prefix AFL_PATH : "$out/lib/afl" \ + --run 'export AFL_CC=''${AFL_CC:-${clang}/bin/clang} AFL_CXX=''${AFL_CXX:-${clang}/bin/clang++}' + done + ''; + + passthru = { + qemu = afl-qemu; + }; + + meta = { + description = "Powerful fuzzer via genetic algorithms and instrumentation"; + longDescription = '' + American fuzzy lop is a fuzzer that employs a novel type of + compile-time instrumentation and genetic algorithms to + automatically discover clean, interesting test cases that + trigger new internal states in the targeted binary. This + substantially improves the functional coverage for the fuzzed + code. The compact synthesized corpora produced by the tool are + also useful for seeding other, more labor or resource-intensive + testing regimes down the road. + ''; + homepage = "http://lcamtuf.coredump.cx/afl/"; + license = stdenv.lib.licenses.asl20; + platforms = ["x86_64-linux" "i686-linux"]; + maintainers = [ stdenv.lib.maintainers.thoughtpolice ]; + }; }; -} +in afl + + diff --git a/pkgs/tools/security/afl/qemu-patches/afl-config.h b/pkgs/tools/security/afl/qemu-patches/afl-config.h deleted file mode 100644 index cbf48881ade2..000000000000 --- a/pkgs/tools/security/afl/qemu-patches/afl-config.h +++ /dev/null @@ -1,335 +0,0 @@ -/* - american fuzzy lop - vaguely configurable bits - ---------------------------------------------- - - Written and maintained by Michal Zalewski - - Copyright 2013, 2014, 2015 Google Inc. All rights reserved. - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at: - - http://www.apache.org/licenses/LICENSE-2.0 - - */ - -#ifndef _HAVE_CONFIG_H -#define _HAVE_CONFIG_H - -#include "afl-types.h" - -/****************************************************** - * * - * Settings that may be of interest to power users: * - * * - ******************************************************/ - -/* Comment out to disable terminal colors: */ - -#define USE_COLOR - -/* Comment out to disable fancy ANSI boxes and use poor man's 7-bit UI: */ - -#define FANCY_BOXES - -/* Default timeout for fuzzed code (milliseconds): */ - -#define EXEC_TIMEOUT 1000 - -/* Timeout rounding factor when auto-scaling (milliseconds): */ - -#define EXEC_TM_ROUND 20 - -/* Default memory limit for child process (MB): */ - -#ifndef __x86_64__ -# define MEM_LIMIT 25 -#else -# define MEM_LIMIT 50 -#endif /* ^!__x86_64__ */ - -/* Default memory limit when running in QEMU mode (MB): */ - -#define MEM_LIMIT_QEMU 200 - -/* Number of calibration cycles per every new test case (and for test - cases that show variable behavior): */ - -#define CAL_CYCLES 10 -#define CAL_CYCLES_LONG 40 - -/* The same, but when AFL_NO_VAR_CHECK is set in the environment: */ - -#define CAL_CYCLES_NO_VAR 4 - -/* Number of subsequent hangs before abandoning an input file: */ - -#define HANG_LIMIT 250 - -/* Maximum number of unique hangs or crashes to record: */ - -#define KEEP_UNIQUE_HANG 500 -#define KEEP_UNIQUE_CRASH 5000 - -/* Baseline number of random tweaks during a single 'havoc' stage: */ - -#define HAVOC_CYCLES 5000 - -/* Maximum multiplier for the above (should be a power of two, beware - of 32-bit int overflows): */ - -#define HAVOC_MAX_MULT 16 - -/* Absolute minimum number of havoc cycles (after all adjustments): */ - -#define HAVOC_MIN 10 - -/* Maximum stacking for havoc-stage tweaks. The actual value is calculated - like this: - - n = random between 1 and HAVOC_STACK_POW2 - stacking = 2^n - - In other words, the default (n = 7) produces 2, 4, 8, 16, 32, 64, or - 128 stacked tweaks: */ - -#define HAVOC_STACK_POW2 7 - -/* Caps on block sizes for cloning and deletion operations. Each of these - ranges has a 33% probability of getting picked, except for the first - two cycles where smaller blocks are favored: */ - -#define HAVOC_BLK_SMALL 32 -#define HAVOC_BLK_MEDIUM 128 -#define HAVOC_BLK_LARGE 1500 - -/* Probabilities of skipping non-favored entries in the queue, expressed as - percentages: */ - -#define SKIP_TO_NEW_PROB 99 /* ...when there are new, pending favorites */ -#define SKIP_NFAV_OLD_PROB 95 /* ...no new favs, cur entry already fuzzed */ -#define SKIP_NFAV_NEW_PROB 75 /* ...no new favs, cur entry not fuzzed yet */ - -/* Splicing cycle count: */ - -#define SPLICE_CYCLES 20 - -/* Nominal per-splice havoc cycle length: */ - -#define SPLICE_HAVOC 500 - -/* Maximum offset for integer addition / subtraction stages: */ - -#define ARITH_MAX 35 - -/* Limits for the test case trimmer. The absolute minimum chunk size; and - the starting and ending divisors for chopping up the input file: */ - -#define TRIM_MIN_BYTES 4 -#define TRIM_START_STEPS 16 -#define TRIM_END_STEPS 1024 - -/* Maximum size of input file, in bytes (keep under 100MB): */ - -#define MAX_FILE (1 * 1024 * 1024) - -/* The same, for the test case minimizer: */ - -#define TMIN_MAX_FILE (10 * 1024 * 1024) - -/* Block normalization steps for afl-tmin: */ - -#define TMIN_SET_MIN_SIZE 4 -#define TMIN_SET_STEPS 128 - -/* Maximum dictionary token size (-x), in bytes: */ - -#define MAX_DICT_FILE 128 - -/* Length limits for auto-detected dictionary tokens: */ - -#define MIN_AUTO_EXTRA 3 -#define MAX_AUTO_EXTRA 32 - -/* Maximum number of user-specified dictionary tokens to use in deterministic - steps; past this point, the "extras/user" step will be still carried out, - but with proportionally lower odds: */ - -#define MAX_DET_EXTRAS 200 - -/* Maximum number of auto-extracted dictionary tokens to actually use in fuzzing - (first value), and to keep in memory as candidates. The latter should be much - higher than the former. */ - -#define USE_AUTO_EXTRAS 50 -#define MAX_AUTO_EXTRAS (USE_AUTO_EXTRAS * 10) - -/* Scaling factor for the effector map used to skip some of the more - expensive deterministic steps. The actual divisor is set to - 2^EFF_MAP_SCALE2 bytes: */ - -#define EFF_MAP_SCALE2 3 - -/* Minimum input file length at which the effector logic kicks in: */ - -#define EFF_MIN_LEN 128 - -/* Maximum effector density past which everything is just fuzzed - unconditionally (%): */ - -#define EFF_MAX_PERC 90 - -/* UI refresh frequency (Hz): */ - -#define UI_TARGET_HZ 5 - -/* Fuzzer stats file and plot update intervals (sec): */ - -#define STATS_UPDATE_SEC 60 -#define PLOT_UPDATE_SEC 5 - -/* Smoothing divisor for CPU load and exec speed stats (1 - no smoothing). */ - -#define AVG_SMOOTHING 16 - -/* Sync interval (every n havoc cycles): */ - -#define SYNC_INTERVAL 5 - -/* Output directory reuse grace period (minutes): */ - -#define OUTPUT_GRACE 25 - -/* Uncomment to use simple file names (id_NNNNNN): */ - -// #define SIMPLE_FILES - -/* List of interesting values to use in fuzzing. */ - -#define INTERESTING_8 \ - -128, /* Overflow signed 8-bit when decremented */ \ - -1, /* */ \ - 0, /* */ \ - 1, /* */ \ - 16, /* One-off with common buffer size */ \ - 32, /* One-off with common buffer size */ \ - 64, /* One-off with common buffer size */ \ - 100, /* One-off with common buffer size */ \ - 127 /* Overflow signed 8-bit when incremented */ - -#define INTERESTING_16 \ - -32768, /* Overflow signed 16-bit when decremented */ \ - -129, /* Overflow signed 8-bit */ \ - 128, /* Overflow signed 8-bit */ \ - 255, /* Overflow unsig 8-bit when incremented */ \ - 256, /* Overflow unsig 8-bit */ \ - 512, /* One-off with common buffer size */ \ - 1000, /* One-off with common buffer size */ \ - 1024, /* One-off with common buffer size */ \ - 4096, /* One-off with common buffer size */ \ - 32767 /* Overflow signed 16-bit when incremented */ - -#define INTERESTING_32 \ - -2147483648LL, /* Overflow signed 32-bit when decremented */ \ - -100663046, /* Large negative number (endian-agnostic) */ \ - -32769, /* Overflow signed 16-bit */ \ - 32768, /* Overflow signed 16-bit */ \ - 65535, /* Overflow unsig 16-bit when incremented */ \ - 65536, /* Overflow unsig 16 bit */ \ - 100663045, /* Large positive number (endian-agnostic) */ \ - 2147483647 /* Overflow signed 32-bit when incremented */ - -/*********************************************************** - * * - * Really exotic stuff you probably don't want to touch: * - * * - ***********************************************************/ - -/* Call count interval between reseeding the libc PRNG from /dev/urandom: */ - -#define RESEED_RNG 10000 - -/* Maximum line length passed from GCC to 'as' and used for parsing - configuration files: */ - -#define MAX_LINE 8192 - -/* Environment variable used to pass SHM ID to the called program. */ - -#define SHM_ENV_VAR "__AFL_SHM_ID" - -/* Other less interesting, internal-only variables. */ - -#define CLANG_ENV_VAR "__AFL_CLANG_MODE" -#define AS_LOOP_ENV_VAR "__AFL_AS_LOOPCHECK" - -/* Distinctive bitmap signature used to indicate failed execution: */ - -#define EXEC_FAIL_SIG 0xfee1dead - -/* Distinctive exit code used to indicate MSAN trip condition: */ - -#define MSAN_ERROR 86 - -/* Designated file descriptors for forkserver commands (the application will - use FORKSRV_FD and FORKSRV_FD + 1): */ - -#define FORKSRV_FD 198 - -/* Fork server init timeout multiplier: we'll wait the user-selected - timeout plus this much for the fork server to spin up. */ - -#define FORK_WAIT_MULT 10 - -/* Calibration timeout adjustments, to be a bit more generous when resuming - fuzzing sessions or trying to calibrate already-added internal finds. - The first value is a percentage, the other is in milliseconds: */ - -#define CAL_TMOUT_PERC 125 -#define CAL_TMOUT_ADD 50 - -/* Number of chances to calibrate a case before giving up: */ - -#define CAL_CHANCES 3 - -/* Map size for the traced binary (2^MAP_SIZE_POW2). Must be greater than - 2; you probably want to keep it under 18 or so for performance reasons - (adjusting AFL_INST_RATIO when compiling is probably a better way to solve - problems with complex programs). You need to recompile the target binary - after changing this - otherwise, SEGVs may ensue. */ - -#define MAP_SIZE_POW2 16 -#define MAP_SIZE (1 << MAP_SIZE_POW2) - -/* Maximum allocator request size (keep well under INT_MAX): */ - -#define MAX_ALLOC 0x40000000 - -/* A made-up hashing seed: */ - -#define HASH_CONST 0xa5b35705 - -/* Constants for afl-gotcpu to control busy loop timing: */ - -#define CTEST_TARGET_MS 5000 -#define CTEST_BUSY_CYCLES (10 * 1000 * 1000) - -/* Uncomment this to use inferior block-coverage-based instrumentation. Note - that you need to recompile the target binary for this to have any effect: */ - -// #define COVERAGE_ONLY - -/* Uncomment this to ignore hit counts and output just one bit per tuple. - As with the previous setting, you will need to recompile the target - binary: */ - -// #define SKIP_COUNTS - -/* Uncomment this to use instrumentation data to record newly discovered paths, - but do not use them as seeds for fuzzing. This is useful for conveniently - measuring coverage that could be attained by a "dumb" fuzzing algorithm: */ - -// #define IGNORE_FINDS - -#endif /* ! _HAVE_CONFIG_H */ diff --git a/pkgs/tools/security/afl/qemu-patches/afl-qemu-cpu-inl.h b/pkgs/tools/security/afl/qemu-patches/afl-qemu-cpu-inl.h deleted file mode 100644 index e4a470b55230..000000000000 --- a/pkgs/tools/security/afl/qemu-patches/afl-qemu-cpu-inl.h +++ /dev/null @@ -1,296 +0,0 @@ -/* - american fuzzy lop - high-performance binary-only instrumentation - ----------------------------------------------------------------- - - Written by Andrew Griffiths and - Michal Zalewski - - Idea & design very much by Andrew Griffiths. - - Copyright 2015 Google Inc. All rights reserved. - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at: - - http://www.apache.org/licenses/LICENSE-2.0 - - This code is a shim patched into the separately-distributed source - code of QEMU 2.2.0. It leverages the built-in QEMU tracing functionality - to implement AFL-style instrumentation and to take care of the remaining - parts of the AFL fork server logic. - - The resulting QEMU binary is essentially a standalone instrumentation - tool; for an example of how to leverage it for other purposes, you can - have a look at afl-showmap.c. - - */ - -#include -#include "afl-config.h" - -/*************************** - * VARIOUS AUXILIARY STUFF * - ***************************/ - -/* A snippet patched into tb_find_slow to inform the parent process that - we have hit a new block that hasn't been translated yet, and to tell - it to translate within its own context, too (this avoids translation - overhead in the next forked-off copy). */ - -#define AFL_QEMU_CPU_SNIPPET1 do { \ - afl_request_tsl(pc, cs_base, flags); \ - } while (0) - -/* This snippet kicks in when the instruction pointer is positioned at - _start and does the usual forkserver stuff, not very different from - regular instrumentation injected via afl-as.h. */ - -#define AFL_QEMU_CPU_SNIPPET2 do { \ - if(tb->pc == afl_entry_point) { \ - afl_setup(); \ - afl_forkserver(env); \ - } \ - afl_maybe_log(tb->pc); \ - } while (0) - -/* We use one additional file descriptor to relay "needs translation" - messages between the child and the fork server. */ - -#define TSL_FD (FORKSRV_FD - 1) - -/* This is equivalent to afl-as.h: */ - -static unsigned char *afl_area_ptr; - -/* Exported variables populated by the code patched into elfload.c: */ - -abi_ulong afl_entry_point, /* ELF entry point (_start) */ - afl_start_code, /* .text start pointer */ - afl_end_code; /* .text end pointer */ - -/* Set in the child process in forkserver mode: */ - -static unsigned char afl_fork_child; -unsigned int afl_forksrv_pid; - -/* Instrumentation ratio: */ - -static unsigned int afl_inst_rms = MAP_SIZE; - -/* Function declarations. */ - -static void afl_setup(void); -static void afl_forkserver(CPUArchState*); -static inline void afl_maybe_log(abi_ulong); - -static void afl_wait_tsl(CPUArchState*, int); -static void afl_request_tsl(target_ulong, target_ulong, uint64_t); - -static TranslationBlock *tb_find_slow(CPUArchState*, target_ulong, - target_ulong, uint64_t); - - -/* Data structure passed around by the translate handlers: */ - -struct afl_tsl { - target_ulong pc; - target_ulong cs_base; - uint64_t flags; -}; - - -/************************* - * ACTUAL IMPLEMENTATION * - *************************/ - - -/* Set up SHM region and initialize other stuff. */ - -static void afl_setup(void) { - - char *id_str = getenv(SHM_ENV_VAR), - *inst_r = getenv("AFL_INST_RATIO"); - - int shm_id; - - if (inst_r) { - - unsigned int r; - - r = atoi(inst_r); - - if (r > 100) r = 100; - if (!r) r = 1; - - afl_inst_rms = MAP_SIZE * r / 100; - - } - - if (id_str) { - - shm_id = atoi(id_str); - afl_area_ptr = shmat(shm_id, NULL, 0); - - if (afl_area_ptr == (void*)-1) exit(1); - - /* With AFL_INST_RATIO set to a low value, we want to touch the bitmap - so that the parent doesn't give up on us. */ - - if (inst_r) afl_area_ptr[0] = 1; - - - } - - if (getenv("AFL_INST_LIBS")) { - - afl_start_code = 0; - afl_end_code = (abi_ulong)-1; - - } - -} - - -/* Fork server logic, invoked once we hit _start. */ - -static void afl_forkserver(CPUArchState *env) { - - static unsigned char tmp[4]; - - if (!afl_area_ptr) return; - - /* Tell the parent that we're alive. If the parent doesn't want - to talk, assume that we're not running in forkserver mode. */ - - if (write(FORKSRV_FD + 1, tmp, 4) != 4) return; - - afl_forksrv_pid = getpid(); - - /* All right, let's await orders... */ - - while (1) { - - pid_t child_pid; - int status, t_fd[2]; - - /* Whoops, parent dead? */ - - if (read(FORKSRV_FD, tmp, 4) != 4) exit(2); - - /* Establish a channel with child to grab translation commands. We'll - read from t_fd[0], child will write to TSL_FD. */ - - if (pipe(t_fd) || dup2(t_fd[1], TSL_FD) < 0) exit(3); - close(t_fd[1]); - - child_pid = fork(); - if (child_pid < 0) exit(4); - - if (!child_pid) { - - /* Child process. Close descriptors and run free. */ - - afl_fork_child = 1; - close(FORKSRV_FD); - close(FORKSRV_FD + 1); - close(t_fd[0]); - return; - - } - - /* Parent. */ - - close(TSL_FD); - - if (write(FORKSRV_FD + 1, &child_pid, 4) != 4) exit(5); - - /* Collect translation requests until child dies and closes the pipe. */ - - afl_wait_tsl(env, t_fd[0]); - - /* Get and relay exit status to parent. */ - - if (waitpid(child_pid, &status, WUNTRACED) < 0) exit(6); - if (write(FORKSRV_FD + 1, &status, 4) != 4) exit(7); - - } - -} - - -/* The equivalent of the tuple logging routine from afl-as.h. */ - -static inline void afl_maybe_log(abi_ulong cur_loc) { - - static abi_ulong prev_loc; - - /* Optimize for cur_loc > afl_end_code, which is the most likely case on - Linux systems. */ - - if (cur_loc > afl_end_code || cur_loc < afl_start_code || !afl_area_ptr) - return; - - /* Looks like QEMU always maps to fixed locations, so we can skip this: - cur_loc -= afl_start_code; */ - - /* Instruction addresses may be aligned. Let's mangle the value to get - something quasi-uniform. */ - - cur_loc = (cur_loc >> 4) ^ (cur_loc << 8); - cur_loc &= MAP_SIZE - 1; - - /* Implement probabilistic instrumentation by looking at scrambled block - address. This keeps the instrumented locations stable across runs. */ - - if (cur_loc >= afl_inst_rms) return; - - afl_area_ptr[cur_loc ^ prev_loc]++; - prev_loc = cur_loc >> 1; - -} - - -/* This code is invoked whenever QEMU decides that it doesn't have a - translation of a particular block and needs to compute it. When this happens, - we tell the parent to mirror the operation, so that the next fork() has a - cached copy. */ - -static void afl_request_tsl(target_ulong pc, target_ulong cb, uint64_t flags) { - - struct afl_tsl t; - - if (!afl_fork_child) return; - - t.pc = pc; - t.cs_base = cb; - t.flags = flags; - - if (write(TSL_FD, &t, sizeof(struct afl_tsl)) != sizeof(struct afl_tsl)) - return; - -} - - -/* This is the other side of the same channel. Since timeouts are handled by - afl-fuzz simply killing the child, we can just wait until the pipe breaks. */ - -static void afl_wait_tsl(CPUArchState *env, int fd) { - - struct afl_tsl t; - - while (1) { - - /* Broken pipe means it's time to return to the fork server routine. */ - - if (read(fd, &t, sizeof(struct afl_tsl)) != sizeof(struct afl_tsl)) - break; - - tb_find_slow(env, t.pc, t.cs_base, t.flags); - - } - - close(fd); - -} - diff --git a/pkgs/tools/security/afl/qemu-patches/afl-types.h b/pkgs/tools/security/afl/qemu-patches/afl-types.h deleted file mode 100644 index 58d6be51e2d0..000000000000 --- a/pkgs/tools/security/afl/qemu-patches/afl-types.h +++ /dev/null @@ -1,79 +0,0 @@ -/* - american fuzzy lop - type definitions and minor macros - ------------------------------------------------------ - - Written and maintained by Michal Zalewski - - Copyright 2013, 2014, 2015 Google Inc. All rights reserved. - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at: - - http://www.apache.org/licenses/LICENSE-2.0 - - */ - -#ifndef _HAVE_TYPES_H -#define _HAVE_TYPES_H - -#include -#include - -typedef uint8_t u8; -typedef uint16_t u16; -typedef uint32_t u32; - -/* - - Ugh. There is an unintended compiler / glibc #include glitch caused by - combining the u64 type an %llu in format strings, necessitating a workaround. - - In essence, the compiler is always looking for 'unsigned long long' for %llu. - On 32-bit systems, the u64 type (aliased to uint64_t) is expanded to - 'unsigned long long' in , so everything checks out. - - But on 64-bit systems, it is #ifdef'ed in the same file as 'unsigned long'. - Now, it only happens in circumstances where the type happens to have the - expected bit width, *but* the compiler does not know that... and complains - about 'unsigned long' being unsafe to pass to %llu. - - */ - -#ifdef __x86_64__ -typedef unsigned long long u64; -#else -typedef uint64_t u64; -#endif /* ^sizeof(...) */ - -typedef int8_t s8; -typedef int16_t s16; -typedef int32_t s32; -typedef int64_t s64; - -#ifndef MIN -# define MIN(_a,_b) ((_a) > (_b) ? (_b) : (_a)) -# define MAX(_a,_b) ((_a) > (_b) ? (_a) : (_b)) -#endif /* !MIN */ - -#define SWAP16(_x) ({ \ - u16 _ret = (_x); \ - (u16)((_ret << 8) | (_ret >> 8)); \ - }) - -#define SWAP32(_x) ({ \ - u32 _ret = (_x); \ - (u32)((_ret << 24) | (_ret >> 24) | \ - ((_ret << 8) & 0x00FF0000) | \ - ((_ret >> 8) & 0x0000FF00)); \ - }) - -#define R(x) (random() % (x)) - -#define STRINGIFY_INTERNAL(x) #x -#define STRINGIFY(x) STRINGIFY_INTERNAL(x) - -#define MEM_BARRIER() \ - asm volatile("" ::: "memory") - -#endif /* ! _HAVE_TYPES_H */ diff --git a/pkgs/tools/security/afl/qemu-patches/cpu-exec.patch b/pkgs/tools/security/afl/qemu-patches/cpu-exec.patch deleted file mode 100644 index 75a7ea450eff..000000000000 --- a/pkgs/tools/security/afl/qemu-patches/cpu-exec.patch +++ /dev/null @@ -1,33 +0,0 @@ ---- qemu-2.3.0/cpu-exec.c.orig 2014-12-09 14:45:40.000000000 +0000 -+++ qemu-2.3.0/cpu-exec.c 2015-02-20 22:07:02.966000000 +0000 -@@ -28,6 +28,8 @@ - #include "exec/memory-internal.h" - #include "qemu/rcu.h" - -+#include "afl-qemu-cpu-inl.h" -+ - /* -icount align implementation. */ - - typedef struct SyncClocks { -@@ -296,8 +298,11 @@ - } - not_found: - /* if no translated code available, then translate it now */ -+ - tb = tb_gen_code(cpu, pc, cs_base, flags, 0); - -+ AFL_QEMU_CPU_SNIPPET1; -+ - found: - /* Move the last found TB to the head of the list */ - if (likely(*ptb1)) { -@@ -492,6 +497,9 @@ - next_tb = 0; - tcg_ctx.tb_ctx.tb_invalidated_flag = 0; - } -+ -+ AFL_QEMU_CPU_SNIPPET2; -+ - if (qemu_loglevel_mask(CPU_LOG_EXEC)) { - qemu_log("Trace %p [" TARGET_FMT_lx "] %s\n", - tb->tc_ptr, tb->pc, lookup_symbol(tb->pc)); diff --git a/pkgs/tools/security/afl/qemu-patches/elfload.patch b/pkgs/tools/security/afl/qemu-patches/elfload.patch deleted file mode 100644 index 325c917d15a3..000000000000 --- a/pkgs/tools/security/afl/qemu-patches/elfload.patch +++ /dev/null @@ -1,32 +0,0 @@ ---- qemu-2.3.0/linux-user/elfload.c.orig 2014-12-09 14:45:42.000000000 +0000 -+++ qemu-2.3.0/linux-user/elfload.c 2015-01-28 02:51:23.719000000 +0000 -@@ -28,6 +28,8 @@ - - #define ELF_OSABI ELFOSABI_SYSV - -+extern abi_ulong afl_entry_point, afl_start_code, afl_end_code; -+ - /* from personality.h */ - - /* -@@ -1889,6 +1891,8 @@ - info->brk = 0; - info->elf_flags = ehdr->e_flags; - -+ if (!afl_entry_point) afl_entry_point = info->entry; -+ - for (i = 0; i < ehdr->e_phnum; i++) { - struct elf_phdr *eppnt = phdr + i; - if (eppnt->p_type == PT_LOAD) { -@@ -1922,9 +1926,11 @@ - if (elf_prot & PROT_EXEC) { - if (vaddr < info->start_code) { - info->start_code = vaddr; -+ if (!afl_start_code) afl_start_code = vaddr; - } - if (vaddr_ef > info->end_code) { - info->end_code = vaddr_ef; -+ if (!afl_end_code) afl_end_code = vaddr_ef; - } - } - if (elf_prot & PROT_WRITE) { diff --git a/pkgs/tools/security/afl/qemu-patches/no-etc-install.patch b/pkgs/tools/security/afl/qemu-patches/no-etc-install.patch index 81d29feea3de..5dfbfd780f1c 100644 --- a/pkgs/tools/security/afl/qemu-patches/no-etc-install.patch +++ b/pkgs/tools/security/afl/qemu-patches/no-etc-install.patch @@ -2,13 +2,12 @@ diff --git a/Makefile b/Makefile index d6b9dc1..ce7c493 100644 --- a/Makefile +++ b/Makefile -@@ -384,8 +384,7 @@ install-confdir: - install-sysconfig: install-datadir install-confdir - $(INSTALL_DATA) $(SRC_PATH)/sysconfigs/target/target-x86_64.conf "$(DESTDIR)$(qemu_confdir)" +@@ -601,7 +601,7 @@ install-localstatedir: + endif --install: all $(if $(BUILD_DOCS),install-doc) install-sysconfig \ --install-datadir install-localstatedir + +-install: all $(if $(BUILD_DOCS),install-doc) install-datadir install-localstatedir +install: all $(if $(BUILD_DOCS),install-doc) install-datadir ifneq ($(TOOLS),) - $(call install-prog,$(TOOLS),$(DESTDIR)$(bindir)) + $(call install-prog,$(subst qemu-ga,qemu-ga$(EXESUF),$(TOOLS)),$(DESTDIR)$(bindir)) endif diff --git a/pkgs/tools/security/afl/qemu-patches/qemu-2.10.0-glibc-2.27.patch b/pkgs/tools/security/afl/qemu-patches/qemu-2.10.0-glibc-2.27.patch new file mode 100644 index 000000000000..6cc663dc1fb9 --- /dev/null +++ b/pkgs/tools/security/afl/qemu-patches/qemu-2.10.0-glibc-2.27.patch @@ -0,0 +1,28 @@ +A modified version of qemu commit 75e5b70e6b5dcc4f2219992d7cffa462aa406af0 +diff --git a/configure b/configure +index 9c8aa5a..99ccc17 100755 +--- a/configure ++++ b/configure +@@ -3855,7 +3855,7 @@ fi + # check if memfd is supported + memfd=no + cat > $TMPC << EOF +-#include ++#include + + int main(void) + { +diff --git a/util/memfd.c b/util/memfd.c +index 4571d1a..412e94a 100644 +--- a/util/memfd.c ++++ b/util/memfd.c +@@ -31,9 +31,7 @@ + + #include "qemu/memfd.h" + +-#ifdef CONFIG_MEMFD +-#include +-#elif defined CONFIG_LINUX ++#if defined CONFIG_LINUX && !defined CONFIG_MEMFD + #include + #include diff --git a/pkgs/tools/security/afl/qemu-patches/qemu-2.3.0-glibc-2.26.patch b/pkgs/tools/security/afl/qemu-patches/qemu-2.3.0-glibc-2.26.patch deleted file mode 100644 index 1c447c4051e8..000000000000 --- a/pkgs/tools/security/afl/qemu-patches/qemu-2.3.0-glibc-2.26.patch +++ /dev/null @@ -1,121 +0,0 @@ -diff --git a/user-exec.c b/user-exec.c -index 8f57e8a..957f9f7 100644 ---- a/user-exec.c -+++ b/user-exec.c -@@ -57,7 +57,7 @@ static void exception_action(CPUState *cpu) - void cpu_resume_from_signal(CPUState *cpu, void *puc) - { - #ifdef __linux__ -- struct ucontext *uc = puc; -+ ucontext_t *uc = puc; - #elif defined(__OpenBSD__) - struct sigcontext *uc = puc; - #endif -@@ -171,7 +171,7 @@ int cpu_signal_handler(int host_signum, void *pinfo, - #elif defined(__OpenBSD__) - struct sigcontext *uc = puc; - #else -- struct ucontext *uc = puc; -+ ucontext_t *uc = puc; - #endif - unsigned long pc; - int trapno; -@@ -226,7 +226,7 @@ int cpu_signal_handler(int host_signum, void *pinfo, - #elif defined(__OpenBSD__) - struct sigcontext *uc = puc; - #else -- struct ucontext *uc = puc; -+ ucontext_t *uc = puc; - #endif - - pc = PC_sig(uc); -@@ -288,7 +288,7 @@ int cpu_signal_handler(int host_signum, void *pinfo, - - #ifdef __APPLE__ - #include --typedef struct ucontext SIGCONTEXT; -+typedef ucontext_t SIGCONTEXT; - /* All Registers access - only for local access */ - #define REG_sig(reg_name, context) \ - ((context)->uc_mcontext->ss.reg_name) -@@ -331,7 +331,7 @@ int cpu_signal_handler(int host_signum, void *pinfo, - #if defined(__FreeBSD__) || defined(__FreeBSD_kernel__) - ucontext_t *uc = puc; - #else -- struct ucontext *uc = puc; -+ ucontext_t *uc = puc; - #endif - unsigned long pc; - int is_write; -@@ -358,7 +358,7 @@ int cpu_signal_handler(int host_signum, void *pinfo, - void *puc) - { - siginfo_t *info = pinfo; -- struct ucontext *uc = puc; -+ ucontext_t *uc = puc; - uint32_t *pc = uc->uc_mcontext.sc_pc; - uint32_t insn = *pc; - int is_write = 0; -@@ -456,7 +456,7 @@ int cpu_signal_handler(int host_signum, void *pinfo, - #if defined(__NetBSD__) - ucontext_t *uc = puc; - #else -- struct ucontext *uc = puc; -+ ucontext_t *uc = puc; - #endif - unsigned long pc; - int is_write; -@@ -483,7 +483,7 @@ int cpu_signal_handler(int host_signum, void *pinfo, - int cpu_signal_handler(int host_signum, void *pinfo, void *puc) - { - siginfo_t *info = pinfo; -- struct ucontext *uc = puc; -+ ucontext_t *uc = puc; - uintptr_t pc = uc->uc_mcontext.pc; - uint32_t insn = *(uint32_t *)pc; - bool is_write; -@@ -512,7 +512,7 @@ int cpu_signal_handler(int host_signum, void *pinfo, - void *puc) - { - siginfo_t *info = pinfo; -- struct ucontext *uc = puc; -+ ucontext_t *uc = puc; - unsigned long pc; - int is_write; - -@@ -534,7 +534,7 @@ int cpu_signal_handler(int host_signum, void *pinfo, - int cpu_signal_handler(int host_signum, void *pinfo, void *puc) - { - siginfo_t *info = pinfo; -- struct ucontext *uc = puc; -+ ucontext_t *uc = puc; - unsigned long ip; - int is_write = 0; - -@@ -565,7 +565,7 @@ int cpu_signal_handler(int host_signum, void *pinfo, - void *puc) - { - siginfo_t *info = pinfo; -- struct ucontext *uc = puc; -+ ucontext_t *uc = puc; - unsigned long pc; - uint16_t *pinsn; - int is_write = 0; -@@ -618,7 +618,7 @@ int cpu_signal_handler(int host_signum, void *pinfo, - void *puc) - { - siginfo_t *info = pinfo; -- struct ucontext *uc = puc; -+ ucontext_t *uc = puc; - greg_t pc = uc->uc_mcontext.pc; - int is_write; - -@@ -634,7 +634,7 @@ int cpu_signal_handler(int host_signum, void *pinfo, - void *puc) - { - siginfo_t *info = pinfo; -- struct ucontext *uc = puc; -+ ucontext_t *uc = puc; - unsigned long pc = uc->uc_mcontext.sc_iaoq[0]; - uint32_t insn = *(uint32_t *)pc; - int is_write = 0; diff --git a/pkgs/tools/security/afl/qemu-patches/syscall.patch b/pkgs/tools/security/afl/qemu-patches/syscall.patch deleted file mode 100644 index 75d39386164e..000000000000 --- a/pkgs/tools/security/afl/qemu-patches/syscall.patch +++ /dev/null @@ -1,25 +0,0 @@ ---- qemu-2.3.0/linux-user/syscall.c.orig 2014-12-09 14:45:43.000000000 +0000 -+++ qemu-2.3.0/linux-user/syscall.c 2015-03-27 06:33:00.736000000 +0000 -@@ -227,7 +227,21 @@ - _syscall3(int,sys_rt_sigqueueinfo,int,pid,int,sig,siginfo_t *,uinfo) - _syscall3(int,sys_syslog,int,type,char*,bufp,int,len) - #if defined(TARGET_NR_tgkill) && defined(__NR_tgkill) --_syscall3(int,sys_tgkill,int,tgid,int,pid,int,sig) -+ -+extern unsigned int afl_forksrv_pid; -+ -+static int sys_tgkill(int tgid, int pid, int sig) { -+ -+ /* Workaround for -lpthread to make abort() work properly, without -+ killing the forkserver due to a prematurely cached PID. */ -+ -+ if (afl_forksrv_pid && afl_forksrv_pid == pid && sig == SIGABRT) -+ pid = tgid = getpid(); -+ -+ return syscall(__NR_sys_tgkill, pid, tgid, sig); -+ -+} -+ - #endif - #if defined(TARGET_NR_tkill) && defined(__NR_tkill) - _syscall2(int,sys_tkill,int,tid,int,sig) diff --git a/pkgs/tools/security/afl/qemu-patches/translate-all.patch b/pkgs/tools/security/afl/qemu-patches/translate-all.patch deleted file mode 100644 index 180b3a55ab25..000000000000 --- a/pkgs/tools/security/afl/qemu-patches/translate-all.patch +++ /dev/null @@ -1,18 +0,0 @@ ---- qemu-2.3.0/translate-all.c.orig 2014-12-09 14:45:46.000000000 +0000 -+++ qemu-2.3.0/translate-all.c 2015-01-28 22:37:42.383000000 +0000 -@@ -393,8 +393,13 @@ - /* We can't use g_malloc because it may recurse into a locked mutex. */ - # define ALLOC(P, SIZE) \ - do { \ -- P = mmap(NULL, SIZE, PROT_READ | PROT_WRITE, \ -- MAP_PRIVATE | MAP_ANONYMOUS, -1, 0); \ -+ void* _tmp = mmap(NULL, SIZE, PROT_READ | PROT_WRITE, \ -+ MAP_PRIVATE | MAP_ANONYMOUS, -1, 0); \ -+ if (_tmp == (void*)-1) { \ -+ qemu_log(">>> Out of memory for stack, bailing out. <<<\n"); \ -+ exit(1); \ -+ } \ -+ (P) = _tmp; \ - } while (0) - #else - # define ALLOC(P, SIZE) \ diff --git a/pkgs/tools/security/afl/qemu.nix b/pkgs/tools/security/afl/qemu.nix index 82de6474e598..769b89ec4c50 100644 --- a/pkgs/tools/security/afl/qemu.nix +++ b/pkgs/tools/security/afl/qemu.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchurl, python2, zlib, pkgconfig, glib, ncurses, perl +{ stdenv, fetchurl, afl, python2, zlib, pkgconfig, glib, ncurses, perl , attr, libcap, vde2, texinfo, libuuid, flex, bison, lzo, snappy , libaio, libcap_ng, gnutls, pixman, autoconf , writeText @@ -7,26 +7,34 @@ with stdenv.lib; let - n = "qemu-2.3.0"; - - aflHeaderFile = writeText "afl-qemu-cpu-inl.h" - (builtins.readFile ./qemu-patches/afl-qemu-cpu-inl.h); - aflConfigFile = writeText "afl-config.h" - (builtins.readFile ./qemu-patches/afl-config.h); - aflTypesFile = writeText "afl-types.h" - (builtins.readFile ./qemu-patches/afl-types.h); - + qemuName = "qemu-2.10.0"; + aflName = afl.name; cpuTarget = if stdenv.hostPlatform.system == "x86_64-linux" then "x86_64-linux-user" else if stdenv.hostPlatform.system == "i686-linux" then "i386-linux-user" else throw "afl: no support for ${stdenv.hostPlatform.system}!"; in stdenv.mkDerivation rec { - name = "afl-${n}"; + name = "afl-${qemuName}"; - src = fetchurl { - url = "http://wiki.qemu.org/download/${n}.tar.bz2"; - sha256 = "120m53c3p28qxmfzllicjzr8syjv6v4d9rsyrgkp7gnmcgvvgfmn"; - }; + srcs = [ + (fetchurl { + url = "http://wiki.qemu.org/download/${qemuName}.tar.bz2"; + sha256 = "0j3dfxzrzdp1w21k21fjvmakzc6lcha1rsclaicwqvbf63hkk7vy"; + }) + afl.src + ]; + + sourceRoot = qemuName; + + postUnpack = '' + cp ${aflName}/types.h $sourceRoot/afl-types.h + substitute ${aflName}/config.h $sourceRoot/afl-config.h \ + --replace "types.h" "afl-types.h" + substitute ${aflName}/qemu_mode/patches/afl-qemu-cpu-inl.h $sourceRoot/afl-qemu-cpu-inl.h \ + --replace "../../config.h" "afl-config.h" + substituteInPlace ${aflName}/qemu_mode/patches/cpu-exec.diff \ + --replace "../patches/afl-qemu-cpu-inl.h" "afl-qemu-cpu-inl.h" + ''; buildInputs = [ python2 zlib pkgconfig glib pixman ncurses perl attr libcap @@ -37,29 +45,25 @@ stdenv.mkDerivation rec { enableParallelBuilding = true; - patches = - [ ./qemu-patches/elfload.patch - ./qemu-patches/cpu-exec.patch - ./qemu-patches/no-etc-install.patch - ./qemu-patches/translate-all.patch - ./qemu-patches/syscall.patch - ./qemu-patches/qemu-2.3.0-glibc-2.26.patch - ]; - - preConfigure = '' - cp ${aflTypesFile} afl-types.h - cp ${aflConfigFile} afl-config.h - cp ${aflHeaderFile} afl-qemu-cpu-inl.h - ''; + patches = [ + # patches extracted from afl source + "../${aflName}/qemu_mode/patches/cpu-exec.diff" + "../${aflName}/qemu_mode/patches/elfload.diff" + "../${aflName}/qemu_mode/patches/syscall.diff" + # nix-specific patches to make installation more well-behaved + ./qemu-patches/no-etc-install.patch + ./qemu-patches/qemu-2.10.0-glibc-2.27.patch + ]; configureFlags = [ "--disable-system" "--enable-linux-user" - "--enable-guest-base" "--disable-gtk" "--disable-sdl" "--disable-vnc" "--target-list=${cpuTarget}" + "--enable-pie" + "--enable-kvm" "--sysconfdir=/etc" "--localstatedir=/var" ]; From 9af59a6878a9b9455a351051fcc97bf9e13ee951 Mon Sep 17 00:00:00 2001 From: Russell O'Connor Date: Tue, 25 Dec 2018 16:31:16 -0500 Subject: [PATCH 05/49] Bitcoin: 0.17.0 -> 0.17.1 --- pkgs/applications/altcoins/bitcoin.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/applications/altcoins/bitcoin.nix b/pkgs/applications/altcoins/bitcoin.nix index c266fa2fef25..b50508342bf9 100644 --- a/pkgs/applications/altcoins/bitcoin.nix +++ b/pkgs/applications/altcoins/bitcoin.nix @@ -5,13 +5,13 @@ with stdenv.lib; stdenv.mkDerivation rec{ name = "bitcoin" + (toString (optional (!withGui) "d")) + "-" + version; - version = "0.17.0"; + version = "0.17.1"; src = fetchurl { urls = [ "https://bitcoincore.org/bin/bitcoin-core-${version}/bitcoin-${version}.tar.gz" "https://bitcoin.org/bin/bitcoin-core-${version}/bitcoin-${version}.tar.gz" ]; - sha256 = "0pkq28d2dj22qrxyyg9kh0whmhj7ghyabnhyqldbljv4a7l3kvwq"; + sha256 = "0am4pnaf2cisv172jqx6jdpzx770agm8777163lkjbw3ryslymiy"; }; nativeBuildInputs = [ pkgconfig autoreconfHook ] From 987fdea1a8f8c0e1c0052646cfacf463e8a80e28 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20K=C3=B6gler?= Date: Wed, 26 Dec 2018 22:10:04 +0100 Subject: [PATCH 06/49] nixos vdr: introduce option enableLirc also introduce option socket for lirc, to have access to socket path --- nixos/modules/services/hardware/lirc.nix | 10 ++++++++-- nixos/modules/services/hardware/vdr.nix | 14 ++++++++++++-- 2 files changed, 20 insertions(+), 4 deletions(-) diff --git a/nixos/modules/services/hardware/lirc.nix b/nixos/modules/services/hardware/lirc.nix index 0072406a438c..ece38bd1e1cd 100644 --- a/nixos/modules/services/hardware/lirc.nix +++ b/nixos/modules/services/hardware/lirc.nix @@ -33,6 +33,13 @@ in { description = "Extra arguments to lircd."; }; + socket = mkOption { + type = types.path; + # default search path of many applications + default = "/run/lirc/lircd"; + description = "Socket path"; + }; + }; }; @@ -49,8 +56,7 @@ in { description = "LIRC daemon socket"; wantedBy = [ "sockets.target" ]; socketConfig = { - # default search path - ListenStream = "/run/lirc/lircd"; + ListenStream = cfg.socket; SocketUser = "lirc"; SocketMode = "0660"; }; diff --git a/nixos/modules/services/hardware/vdr.nix b/nixos/modules/services/hardware/vdr.nix index 75136a2f7964..695f0cbab1fc 100644 --- a/nixos/modules/services/hardware/vdr.nix +++ b/nixos/modules/services/hardware/vdr.nix @@ -33,12 +33,14 @@ in { default = []; description = "Additional command line arguments to pass to VDR."; }; + + enableLirc = mkEnableOption "enable LIRC"; }; }; ###### implementation - config = mkIf cfg.enable { + config = mkIf cfg.enable (mkMerge [{ systemd.tmpfiles.rules = [ "d ${cfg.videoDir} 0755 vdr vdr -" "Z ${cfg.videoDir} - vdr vdr -" @@ -67,5 +69,13 @@ in { }; users.groups.vdr = {}; - }; + } + + (mkIf cfg.enableLirc { + services.lirc.enable = true; + users.users.vdr.extraGroups = [ "lirc" ]; + services.vdr.extraArguments = [ + "--lirc=${config.services.lirc.socket}" + ]; + })]); } From d60806b90bef359a8e654147e7f8c0d39ccd5476 Mon Sep 17 00:00:00 2001 From: Will Dietz Date: Mon, 31 Dec 2018 11:26:07 -0600 Subject: [PATCH 07/49] i2c-toools: touchups, NFCI. (reviewer suggestions, thanks!) --- pkgs/os-specific/linux/i2c-tools/default.nix | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/pkgs/os-specific/linux/i2c-tools/default.nix b/pkgs/os-specific/linux/i2c-tools/default.nix index b3fd34f665ed..5b061183356c 100644 --- a/pkgs/os-specific/linux/i2c-tools/default.nix +++ b/pkgs/os-specific/linux/i2c-tools/default.nix @@ -11,13 +11,14 @@ stdenv.mkDerivation rec { buildInputs = [ perl ]; - patchPhase = '' + postPatch = '' substituteInPlace eeprom/decode-edid --replace "/usr/sbin/parse-edid" "${read-edid}/bin/parse-edid" substituteInPlace stub/i2c-stub-from-dump --replace "/sbin/" "" ''; - installPhase = '' - make install PREFIX=$out + makeFlags = [ "PREFIX=${placeholder "out"}" ]; + + postInstall = '' rm -rf $out/include # Installs include/linux/i2c-dev.h that conflics with kernel headers ''; From a07c7548563849a7f86f4c7a9d611d1459762873 Mon Sep 17 00:00:00 2001 From: Ryan Mulligan Date: Tue, 1 Jan 2019 14:54:08 -0800 Subject: [PATCH 08/49] haskellPackages.github: dontCheck --- pkgs/development/haskell-modules/configuration-ghc-8.6.x.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/pkgs/development/haskell-modules/configuration-ghc-8.6.x.nix b/pkgs/development/haskell-modules/configuration-ghc-8.6.x.nix index c780564d8017..4ed5bfe9a88d 100644 --- a/pkgs/development/haskell-modules/configuration-ghc-8.6.x.nix +++ b/pkgs/development/haskell-modules/configuration-ghc-8.6.x.nix @@ -93,6 +93,7 @@ self: super: { # https://github.com/jgm/skylighting/issues/55 skylighting-core = dontCheck super.skylighting-core; + github = dontCheck super.github; # hspec upper bound exceeded; https://github.com/phadej/github/pull/341 # Break out of "yaml >=0.10.4.0 && <0.11". stack = doJailbreak super.stack; From 8acd7a9ab70364cc4ac4c3cabb013dff73dd9166 Mon Sep 17 00:00:00 2001 From: "R. RyanTM" Date: Tue, 1 Jan 2019 16:36:45 -0800 Subject: [PATCH 09/49] libsForQt5.vlc: 3.0.4 -> 3.0.5 Semi-automatic update generated by https://github.com/ryantm/nixpkgs-update tools. This update was made based on information from https://repology.org/metapackage/vlc/versions --- pkgs/applications/video/vlc/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/applications/video/vlc/default.nix b/pkgs/applications/video/vlc/default.nix index cbf3c4917c35..8dee15206f49 100644 --- a/pkgs/applications/video/vlc/default.nix +++ b/pkgs/applications/video/vlc/default.nix @@ -21,11 +21,11 @@ assert (withQt5 -> qtbase != null && qtsvg != null && qtx11extras != null); stdenv.mkDerivation rec { name = "vlc-${version}"; - version = "3.0.4"; + version = "3.0.5"; src = fetchurl { url = "http://get.videolan.org/vlc/${version}/${name}.tar.xz"; - sha256 = "17jsq0zqpqyxw4ckvjba0hf6zk8ywc4wf8sy3z03hh3ij0vxpwq1"; + sha256 = "1nvj00khy08sing0mdnw6virmiq579mrk5rvpx9710nlxggqgh7m"; }; # VLC uses a *ton* of libraries for various pieces of functionality, many of From 6da4584acf4478b04457d57f3881b3aca7d3f7b6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Domen=20Ko=C5=BEar?= Date: Thu, 3 Jan 2019 16:31:00 +0000 Subject: [PATCH 10/49] Elm: automate packaging with elm2nix - rewrite documentation - automate whole process into update.sh - remove all legacy snippets --- doc/package-notes.xml | 18 ++--- pkgs/development/compilers/elm/README.md | 24 +++++++ pkgs/development/compilers/elm/default.nix | 54 +-------------- pkgs/development/compilers/elm/elm2nix.rb | 26 -------- .../compilers/elm/packages/elm-elm.nix | 50 -------------- .../compilers/elm/packages/elm-srcs.nix | 62 ++++++++++++++++++ .../compilers/elm/packages/elm.nix | 1 + pkgs/development/compilers/elm/update.sh | 9 ++- pkgs/development/compilers/elm/versions.dat | Bin 83377 -> 94810 bytes 9 files changed, 104 insertions(+), 140 deletions(-) create mode 100644 pkgs/development/compilers/elm/README.md delete mode 100755 pkgs/development/compilers/elm/elm2nix.rb delete mode 100644 pkgs/development/compilers/elm/packages/elm-elm.nix create mode 100644 pkgs/development/compilers/elm/packages/elm-srcs.nix diff --git a/doc/package-notes.xml b/doc/package-notes.xml index 803d343aa096..e23593107d8d 100644 --- a/doc/package-notes.xml +++ b/doc/package-notes.xml @@ -307,23 +307,19 @@ packageOverrides = pkgs: { +
Elm - The Nix expressions for Elm reside in - pkgs/development/compilers/elm. They are generated - automatically by update-elm.rb script. One should specify - versions of Elm packages inside the script, clear the - packages directory and run the script from inside it. - elm-reactor is special because it also has Elm package - dependencies. The process is not automated very much for now -- you should - get the elm-reactor source tree (e.g. with - nix-shell) and run elm2nix.rb inside - it. Place the resulting package.nix file into - packages/elm-reactor-elm.nix. + To update Elm compiler, see nixpkgs/pkgs/development/compilers/elm/README.md. + + + + To package Elm applications, read about elm2nix.
+
Interactive shell helpers diff --git a/pkgs/development/compilers/elm/README.md b/pkgs/development/compilers/elm/README.md new file mode 100644 index 000000000000..f0254d0f9547 --- /dev/null +++ b/pkgs/development/compilers/elm/README.md @@ -0,0 +1,24 @@ +# To update Elm: + +Modify revision in ./update.sh and run it + +# Notes about the build process: + +The elm binary embeds a piece of pre-compiled elm code, used by 'elm +reactor'. This means that the build process for 'elm' effectively +executes 'elm make'. that in turn expects to retrieve the elm +dependencies of that code (elm/core, etc.) from +package.elm-lang.org, as well as a cached bit of metadata +(versions.dat). + +The makeDotElm function lets us retrieve these dependencies in the +standard nix way. we have to copy them in (rather than symlink) and +make them writable because the elm compiler writes other .dat files +alongside the source code. versions.dat was produced during an +impure build of this same code; the build complains that it can't +update this cache, but continues past that warning. + +Finally, we set ELM_HOME to point to these pre-fetched artifacts so +that the default of ~/.elm isn't used. + +More: https://blog.hercules-ci.com/elm/2019/01/03/elm2nix-0.1/ diff --git a/pkgs/development/compilers/elm/default.nix b/pkgs/development/compilers/elm/default.nix index 47a0d459a93d..3c8ae70981e6 100644 --- a/pkgs/development/compilers/elm/default.nix +++ b/pkgs/development/compilers/elm/default.nix @@ -2,54 +2,6 @@ , haskell, nodejs , fetchurl, fetchpatch, makeWrapper, git }: -# To update: - -# 1) Modify ./update.sh and run it - -# 2) to generate versions.dat: -# 2.1) git clone https://github.com/elm/compiler.git -# 2.2) cd compiler -# 2.3) cabal2nix --shell . | sed 's/"default",/"ghc822",/' > shell.nix -# 2.4) nix-shell -# 2.5) mkdir .elm -# 2.6) export ELM_HOME=$(pwd)/.elm -# 2.7) cabal build -# 2.8) cp .elm/0.19.0/package/versions.dat ... - -# 3) generate a template for elm-elm.nix with: -# ( -# echo "{"; -# jq '.dependencies | .direct, .indirect | to_entries | .[] | { (.key) : { version : .value, sha256: "" } } ' \ -# < ui/browser/elm.json \ -# | sed 's/:/ =/' \ -# | sed 's/^[{}]//' \ -# | sed -E 's/(["}]),?$/\1;/' \ -# | sed -E 's/"(version|sha256)"/\1/' \ -# | grep -v '^$'; -# echo "}" -# ) -# -# ... then fill in the sha256s - -# Notes: - -# the elm binary embeds a piece of pre-compiled elm code, used by 'elm -# reactor'. this means that the build process for 'elm' effectively -# executes 'elm make'. that in turn expects to retrieve the elm -# dependencies of that code (elm/core, etc.) from -# package.elm-lang.org, as well as a cached bit of metadata -# (versions.dat). - -# the makeDotElm function lets us retrieve these dependencies in the -# standard nix way. we have to copy them in (rather than symlink) and -# make them writable because the elm compiler writes other .dat files -# alongside the source code. versions.dat was produced during an -# impure build of this same code; the build complains that it can't -# update this cache, but continues past that warning. - -# finally, we set ELM_HOME to point to these pre-fetched artifacts so -# that the default of ~/.elm isn't used. - let fetchElmDeps = import ./fetchElmDeps.nix { inherit stdenv lib fetchurl; }; hsPkgs = haskell.packages.ghc822.override { @@ -58,8 +10,8 @@ let elm = overrideCabal (self.callPackage ./packages/elm.nix { }) (drv: { # sadly with parallelism most of the time breaks compilation enableParallelBuilding = false; - preConfigure = fetchElmDeps { - elmPackages = (import ./packages/elm-elm.nix); + preConfigure = self.fetchElmDeps { + elmPackages = (import ./packages/elm-srcs.nix); versionsDat = ./versions.dat; }; buildTools = drv.buildTools or [] ++ [ makeWrapper ]; @@ -75,8 +27,6 @@ let ''; }); - - /* The elm-format expression is updated via a script in the https://github.com/avh4/elm-format repo: `pacakge/nix/build.sh` diff --git a/pkgs/development/compilers/elm/elm2nix.rb b/pkgs/development/compilers/elm/elm2nix.rb deleted file mode 100755 index fab5551ca158..000000000000 --- a/pkgs/development/compilers/elm/elm2nix.rb +++ /dev/null @@ -1,26 +0,0 @@ -#!/usr/bin/env ruby - -require 'json' - -system("elm-package install -y") -depsSrc = JSON.parse(File.read("elm-stuff/exact-dependencies.json")) -deps = Hash[ depsSrc.map { |pkg, ver| - url = "https://github.com/#{pkg}/archive/#{ver}.tar.gz" - sha256 = `nix-prefetch-url #{url}` - - [ pkg, { version: ver, - sha256: sha256.strip - } - ] -} ] - -File.open("package.nix", 'w') do |file| - file.puts "{" - for pkg, info in deps - file.puts " \"#{pkg}\" = {" - file.puts " version = \"#{info[:version]}\";" - file.puts " sha256 = \"#{info[:sha256]}\";" - file.puts " };" - end - file.puts "}" -end diff --git a/pkgs/development/compilers/elm/packages/elm-elm.nix b/pkgs/development/compilers/elm/packages/elm-elm.nix deleted file mode 100644 index a38e21daa06d..000000000000 --- a/pkgs/development/compilers/elm/packages/elm-elm.nix +++ /dev/null @@ -1,50 +0,0 @@ -{ - "elm/browser" = { - version = "1.0.0"; - sha256 = "1apmvyax93nvmagwj00y16zx10kfv640cxpi64xgqbgy7d2wphy4"; - }; - "elm/core" = { - version = "1.0.0"; - sha256 = "10kr86h4v5h4p0586q406a5wbl8xvr1jyrf6097zp2wb8sv21ylw"; - }; - "elm/html" = { - version = "1.0.0"; - sha256 = "1n3gpzmpqqdsldys4ipgyl1zacn0kbpc3g4v3hdpiyfjlgh8bf3k"; - }; - "elm/http" = { - version = "1.0.0"; - sha256 = "1igmm89ialzrjib1j8xagkxalq1x2gj4l0hfxcd66mpwmvg7psl8"; - }; - "elm/json" = { - version = "1.0.0"; - sha256 = "1g0hafkqf2q633r7ir9wxpb1lnlzskhpsyi0h5bkzj0gl072zfnb"; - }; - "elm/project-metadata-utils" = { - version = "1.0.0"; - sha256 = "1d4rd4grrnbdvj9gf00h7dr6hbkjzawgkzpizfrkp1z1pyr3mvq9"; - }; - "elm/svg" = { - version = "1.0.0"; - sha256 = "08x0v8p9wm699jjmsnbq69pxv3jh60j4f6fg7y6hyr7xxj85y390"; - }; - "elm-explorations/markdown" = { - version = "1.0.0"; - sha256 = "0k3110ixa4wwf3vkkdplagwah9ypr965qxr1y147rnsc1xsxmr6y"; - }; - "elm/parser" = { - version = "1.0.0"; - sha256 = "0k4zlq30lrvawqvzwbvsl0hrmwf9s832mb41z7fdspm4549dj7wc"; - }; - "elm/time" = { - version = "1.0.0"; - sha256 = "0vch7i86vn0x8b850w1p69vplll1bnbkp8s383z7pinyg94cm2z1"; - }; - "elm/url" = { - version = "1.0.0"; - sha256 = "0av8x5syid40sgpl5vd7pry2rq0q4pga28b4yykn9gd9v12rs3l4"; - }; - "elm/virtual-dom" = { - version = "1.0.0"; - sha256 = "0hm8g92h7z39km325dlnhk8n00nlyjkqp3r3jppr37k2k13md6aq"; - }; -} diff --git a/pkgs/development/compilers/elm/packages/elm-srcs.nix b/pkgs/development/compilers/elm/packages/elm-srcs.nix new file mode 100644 index 000000000000..e1f941626dd7 --- /dev/null +++ b/pkgs/development/compilers/elm/packages/elm-srcs.nix @@ -0,0 +1,62 @@ +{ + + "elm-explorations/markdown" = { + sha256 = "0k3110ixa4wwf3vkkdplagwah9ypr965qxr1y147rnsc1xsxmr6y"; + version = "1.0.0"; + }; + + "elm/json" = { + sha256 = "1g0hafkqf2q633r7ir9wxpb1lnlzskhpsyi0h5bkzj0gl072zfnb"; + version = "1.0.0"; + }; + + "elm/html" = { + sha256 = "1n3gpzmpqqdsldys4ipgyl1zacn0kbpc3g4v3hdpiyfjlgh8bf3k"; + version = "1.0.0"; + }; + + "elm/svg" = { + sha256 = "08x0v8p9wm699jjmsnbq69pxv3jh60j4f6fg7y6hyr7xxj85y390"; + version = "1.0.0"; + }; + + "elm/project-metadata-utils" = { + sha256 = "1d4rd4grrnbdvj9gf00h7dr6hbkjzawgkzpizfrkp1z1pyr3mvq9"; + version = "1.0.0"; + }; + + "elm/browser" = { + sha256 = "1apmvyax93nvmagwj00y16zx10kfv640cxpi64xgqbgy7d2wphy4"; + version = "1.0.0"; + }; + + "elm/core" = { + sha256 = "10kr86h4v5h4p0586q406a5wbl8xvr1jyrf6097zp2wb8sv21ylw"; + version = "1.0.0"; + }; + + "elm/http" = { + sha256 = "1igmm89ialzrjib1j8xagkxalq1x2gj4l0hfxcd66mpwmvg7psl8"; + version = "1.0.0"; + }; + + "elm/parser" = { + sha256 = "0k4zlq30lrvawqvzwbvsl0hrmwf9s832mb41z7fdspm4549dj7wc"; + version = "1.0.0"; + }; + + "elm/url" = { + sha256 = "0av8x5syid40sgpl5vd7pry2rq0q4pga28b4yykn9gd9v12rs3l4"; + version = "1.0.0"; + }; + + "elm/time" = { + sha256 = "0vch7i86vn0x8b850w1p69vplll1bnbkp8s383z7pinyg94cm2z1"; + version = "1.0.0"; + }; + + "elm/virtual-dom" = { + sha256 = "0hm8g92h7z39km325dlnhk8n00nlyjkqp3r3jppr37k2k13md6aq"; + version = "1.0.0"; + }; +} diff --git a/pkgs/development/compilers/elm/packages/elm.nix b/pkgs/development/compilers/elm/packages/elm.nix index 41998f4c9b3d..67e63ea2b8e8 100644 --- a/pkgs/development/compilers/elm/packages/elm.nix +++ b/pkgs/development/compilers/elm/packages/elm.nix @@ -13,6 +13,7 @@ mkDerivation { url = "https://github.com/elm/compiler"; sha256 = "13jks6c6i80z71mjjfg46ri570g5ini0k3xw3857v6z66zcl56x4"; rev = "d5cbc41aac23da463236bbc250933d037da4055a"; + fetchSubmodules = true; }; isLibrary = false; isExecutable = true; diff --git a/pkgs/development/compilers/elm/update.sh b/pkgs/development/compilers/elm/update.sh index 2b5d85feeb28..920b95e5ad95 100755 --- a/pkgs/development/compilers/elm/update.sh +++ b/pkgs/development/compilers/elm/update.sh @@ -1 +1,8 @@ -cabal2nix https://github.com/elm/compiler --revision 32059a289d27e303fa1665e9ada0a52eb688f302 > packages/elm.nix +#!/usr/bin/env nix-shell +#!nix-shell -p cabal2nix elm2nix -i bash ../../.. + +cabal2nix https://github.com/elm/compiler --revision d5cbc41aac23da463236bbc250933d037da4055a > packages/elm.nix +elm2nix snapshot > versions.dat +pushd "$(nix-build -A elmPackages.elm.src --no-out-link ../../../..)/ui/browser" + elm2nix convert > $OLDPWD/packages/elm-srcs.nix +popd diff --git a/pkgs/development/compilers/elm/versions.dat b/pkgs/development/compilers/elm/versions.dat index 824ab383057f2138d4dcd431b52851a2e6b8b127..9dcfd8a2808f666b0cff1a54b79a6543e46451d9 100644 GIT binary patch delta 11082 zcmZu%34B!5)qi*PC9`Gr%p@TTgaif>wy>xW0gWuOSpiqx%)HDDnVA=7CJDg>v?_{P zjR&~2g@Qs`5i8KqFN&WFT9qFvf_tk~saEZ$veczYRlalYdlRrWzk%evci&yl`Jey! zpV@Pp{x2WuodW-SLl2RV_eC~$JN!w6sTRfK%vkOyEQC1td zSfjX>V~S4I%KLWh8j# z`{206V9*L0ogl#1c}0SYprw}@C*mvRgSSZ%&H?6EuJi4 zKN@H$+YSTPa+qlI!@tXX!)<52qrutYFj}I~YH%=(jwrq0J!rP|!iL%QM!s+AVVlmA zbMZN1G_PJe*pB53VlIMP#PK zpx;qXjF7R{7GHPFA$0CEVuu%Q47cDvMjK9lLHZZTU(b-;p^ZfxX(+uif#S=!q! zjI=G95t*U-jbQJ}rQ}?y&=1zjfOug~b7qz*(2(FP{$PSpxjqP$e)1B{B zTN|V_>`MmWZTAis$oPxvJp+U|V6Lx8YZeIH_pts_7qn$Ouoo&0#hkxR_aYSY55DY!U?c=S`Ms7Rr zhJDZnb4-9o;=XzsKPN$<{4h|g+u_c%}!so>v3EFOFD|Ep3HM4;}?1jbE z4*1>1N;-8kj)mRoIXJ>u{|rK^-Ogv+Tx$Tib|HL2-S9+pC7UW7uN@6UOn=hzcYo%NovNa)SA6{Pkq9LU< zJ36Jls4V8cjKe*!AmY{KlVS@qqrt~;(ow~Y7@xvB!ATi%YuWck|7Pg2MPK~+6Ydk$E z!WjkzK>_xS^TDpM6$}T#Kh9qKbnNXKgt`?I#%e9-v0KLb;pqvtvensbVlA zJekTt|CS&${;UiZw+@3PIwu_4Yk+yUsC!#m;gVLH-Nt;6!x7qe9^|DVxVY7&-j>o* z26;gqt~|$UDgg$2-D>5pb)=+poROU3>#hH%f%aM#9GJY^Y(fiKfq^RvKdcMF4^LXp zxO3$jO~JwEB`ZwJVqA=-CD?MKcNs355R9y)ho#QcYgZQ@b|Qxuz=BOKHHdI$1ZW0s zM5DnF&G1b@aHAj?1!BYi9hnlY=LnmL$I#fjlA_wR>U20XhI68WkyFkITG;TNaxN;C zaM;+LiZP=-fw5`%l#yo{#dKQAid||a+~1eyicP(VW~l7}725c)8Ib6+@QM z_JtodOer@QVq#YA;$e2f6gTOh*HS)67b=yj)Pr7tTDcuEayZ!L`^m6Dv*8#UK_Q2#BHrR6RAEEne_awf=(=4d8 z1!7L_ovU7OY)%$3=}2#?kmN?f2;u^h7w$f{9DY9iN(U!0NH_Bc`H0Kl9O+}R97kOM z!(Vm6d-E(fYRaUrT{#2y&j`c%8N;|EJ~v}126V?uKG4kc;E5HzGtbq)d+mB{Oin|~ zpF9w1N6S6`eF%*7!|e9?U_RRg*7M7X54Yby;HwLQ&~||z9{t=3t+Vdn!3bWN)!N{U zBGZbpV=3fgNm)*->v5zqVnT|3$|bQ9$aw0(|bC` zDWHLA9sCNX7M6X z;IA&2@56X{_9InZ3_!{VN-$weSkUq|Tj$GGZW9SfPRlWPN{>S+L(ors#Dm$@Vnol? z3%p*Ppgogg7zB+$?PS-2Fh@F^n^Q3`Oei89-PtTs!mUfaFzXRJ+_0zujxG4(PZsmq z!kHL=E71Dv^nV?gO0X3M7y0PnIvk!|ELyY%b}i74?UkZ=8Ocf^5=*BL=1M1a8i6@Y z8eAhwDsT&ne_6Cwg8_N{#qxAaAe}^T34)6V<$_R-{}bXC1h+sug5YHz;uSPrBKQRS z5FZizf)EgdAbyBYAqW-Fyto3wi?6SdI(m+=#kEvWf-;2pZq%$k`!k+nV z*u3~F?me5A{29LewGFmTwZM|4HlR!IfRENY5%r4Amtd-Ag9(>bnUT0E$Oji)dZXFI zPFRvwq&W+gFLT0Mm(HV$+lZSbhT`Qxn0HxEDUs4K0u1k6)?5loKSCPb+|CJuVz$2aqZ>L8ez+h036(BF1ATeDN#O<*pFy% zB+;ZrQvhqS6#;O1vdN(l(AbPf2sDCOBUp-=q@KVh$L;nXpAOuXdNJ6M$|n=<&q*c3=Se|_EJMw6Znz{}UhG&tN?UHmb{R1j6QgQB zcDigB@zS$~Av>waI$&GoLi(=&al-0lUf6Zmh&QX*l;DSt3`n#Yvg39x%(m9+<03+k z+KoX0O7-eATev>kU)o{?I~0?{xL+l2Q=Xg-8Q8NHxx%zAU-2Jun!w8a7CpYD72wcS zVYu(NZk*$Sa<@&-A}HH={1Eo6*n8F0q|_T5hk*jdTE;JQc^Q*k7hIQbq%TZF2R)j1 z6!+y{)7X@RA9FhlwLG`c>*BqAX_iLA&Yr95Oj11Fmlm@nc;gt-kxq3*#4N%shq31N zFf{b$ed(B7+6tQ*GmsX+;d{L>b%nk7+uk>HFl)Enr9~@MH%TAuV`1gecN*ZnYsxS# zAZouIWPfW)H1NJ_CUJi_a7~$x#a();f`q_+Z4fq9+F{JK{XApAH{dVV{tR|}<$}rA z)mE}VtZag!ASgMNx*^3YuG4DZ&7&TewAu@6R(sHyHm$BlO3=Kz3f@^=j)r<{brYuk z(6YJ`#$O+xcQhcnu+|S(xp=zz>+5G}5q&KESCS>eN!Fmz17uU^uXv_eDKd( z&$pPPQZ|-E7wF`{zGm$xXl?gE&DsFu)=s5$GcXR|g+Y%Hnn;6q$I#+;Yd_O+iRSBH zG{TOPc4)eDM%W@{x(aOm_NXgZN8#>=P)f7CVqGKr7#6t6-K6p;UTKW zZ_9RPP#}xsyE{PM;4L~}oTiktb1Xq%xp2J*8{hZ9zt-8|;QBZ5sIECLWJRK96tqS` zXB6PrIv>2ZVIEBRva;AtS89zM22%x|eLwiCi>o**<9nn)9Oq^l#*kP*hw!hzw3T&8 zVj+o6fSG%~KU@Lp*SR3{Ycn`EHE}&jAqRtd46`;ZuXS{!I*>Rq#@e06{J6BLn4DoG zopF#|pL^lX&EevqO^*{eH|>X;x47Y<-^}C^7wfGQz~SZJ1fhD%d_T+N@qvO77W7+p z)>$nqL}bLSsJsID-$yCqo+e^}m+uLou?X;g_e>8N6LB%Ke2@=wDxG5bVJZe~JsybM zTf^OK>Ae%fmIQLJZj`oSrN#69F?WT)*TNOgmm~Hi#@M?%o3m0!|fRjNBG|#ZW^V=M-dD|{Ty}8?~a5Lb^ZDF{1`$UW$ zPi~JitGmOcM0NX3iBt?{n=8$TLtGE)6=_5{sCm`TS?d?uw~Z=G$fXT9|w_Kfp zm1hPDj&sp#_zp+$@%zS+;E!ZHD-(r~)ru&HQ!*Mc@7RuNRDPZC)P9tA2~^$xEYBPp zc6vawb1pn@;;{?YUcEC6y*o#go(BAERY)u|QX$tD>B>ntWT_b8;qd!D_;jZm{;r+rjN9aQeOM zfhfQOF2yaF)8_hMYS0VUEi<7*XyEn-0!Dro`6Lrsicde#tEsf6GRtKti2~p0>{RSX zWwVi%3FEj?)u{zQI= zc{$Q~JRrH`{JO4Gx_tl?qWXg=;m;27f zGh(Vk0rTB_zlfM$>%v(L-ckop?(~T1ZVC47JAklx`_lmG1quFwkQKs|OC9s(`v@s!J)ex_2!9W4NUVHxPcN0+v0q6C1j%7UupDlnrtsETaK- z&t_xyR?1mS#ZjKT;v64z-0vt_|1^yt%+GnY#;j+e4Jz-NV&>U);^a1f#gY>6z>yPf z7#-D{8EL~XhU7Jjj z$d*xD9n^?Q)Io0)3`W6--3N=o=jUkY`Z2_>=Lrd1cVHB+lYD%@4*L%v=|lef@qtDg zmaRCFbN__*4|rkp3vQm-cxlE-%F4`wfCUVTAfR+tOuTRf!9#fNMbtcz);GTtf>SRJ zkQK#&mn1^MFzTf$nE3MZByjhkb9GGrg+Cnj!{S4I)DS|(`9Fv4aO}_wSo(yY|Gn_= z_sA!a|D$F>c+mn=b#_YpwPT0$A(l+4`@m$4Go2Q;zEU6Lg#tzsd1(#FDx(@)K6v4k z(L6%yU#(*)Bi5X@n_$YTjY=`{)e*ka+NH9=O7#SeVMIOf>TL=dFMDmpL^B>np^sJL z)QRvUzk`)TdZj$V`x*1&i4UI&A;rV5%_1&C8l{mzV=&|;I=7Yhi{UqF2n0?#Ve1n* z6X$Jss>O@n43jhbmPKZT)4lwbuXy)cqe;yWF&2~Z`4oerGqf(0fD6c8SxKQ~uNyYK z?JDm3v;9mAQ2N4sD!%j1g@hC274Q0C;kyC2_H`Gmc()P$e9Bea_3j^0s(Qdv%)S42 zG6;rmeo$V#_HPzaqFcGn?k?Kp!RUCfsSNNbtoh)6MON=lK}*pGZ++l`n}+&O^=NX_w|gD7a#xoPJ+xY^>Ikc_~DHo$6)UdR&Xpd!#5va#LFXVKXIy}5revH z9MuXYx^cK0@reTxpPZ+tl>8KNt5myy>p#JH)3ym%pJsa26Q2Mp50w`$|Hp6*s^WGh z=BxrsYdJ+lT!96jR>0m*zpgZ83P~}Zmip9%s1zojj3Bu!+Od7;kCIKAz=Lq^eChIz5Rxb1hs^IZ9D=hiKS#0>? zQa$MZ?8Kztu5T{+4?z0zn#XI#aaf3HBl9BG5l{g$u^cWEWo zxl6moEt9GLscZsHd|3rIfA5B;zVjGSC}SWBTcch${vDICcnKD9Y}NOu?R~$7%!b|H zzl+9y?f0m9{80X50cDVcJom#qh0v*A$M6)5r{60@)GA@=pN$YhHpStxX2wIbh1 zkLZYZ{W+v;{f*dh@?)n}jS{R5x;{&M4?m6Q0UHk6kvgESpd_!=(z~>zl76N|$5dBI zH)>HVs=>Z62A2<d9lw{A@%^*BQyXG#p$F9~ zdWnlPz_&@4(SZDLJeHrfY^>)MMY_O5jx%AR!k9}(I+U+HzoUnO>K1ADCGMGf|Iot@NRMG^~?)M>|kdCX2;t+VB@ z4vF6oNXuQ)%9uK1PAgDjh(&m%Zr__hdZ&X_b1@Qmgof^Okc-(y(ftnMQaAt>=G3?A z>2xQF86AS)AcB(~caRGDgp)kOqauHUZg!DM1F!L6N!#GzH#gvtVG}rD<1P=CTX4l@ z)N=HU{s{Cb2MG=|my>%4`@YX*>?SXRt3#S|ePT9}m$D^sB2Y@QQdlsJNV%MhLPZ{< zN$CYOyt3%Y9RCbsq93?PGdo9G?;*8{f}^Duc*xO897ZmP%@f9qD{U03tn=baP6pSr zp}JgOuCG~r$Q=kp5++Qjx6o|_+UzCgT6n6>sDGX%b~NE75mzReFO(L*Q!}{k-@$=? zFZr7mzWLHWuqH@W5tvYIx0Yfk9wtqPNRW;U5eH_5XN5?!o|C14&Ja0^@VHJN4wD9s zBnrwi9O3(iDIVtR1OEtpt}68Vrb7HfMj>721f^8~ol(HpW-916wQZEoJ28^ePi^Q@j@`ArgZzq=!lv zp<8Q671h_0CrJ%`wwAQ>aytKB2O8{uP(Ny`BNB_>^zU^TsqU&HZ6(sp6g1u=eYcJ@ zx|oHjBPgtrzEg*rHL4yVbM5mU<^9Xq)kS?ytlKmFmR?^^I-qa8hkjE}mf;%r?Dx{_ zP!d6VWmSDTZ5T?JCVODu;83zm3m+%TvC36OKOau)bW|hx0RA@14d49WpxP!ff_{eB zqSy6_8I<)K+;nsksZ)yEJWEt|7VTSXBIA|AN;RRY?r9=_rK9jKlM%xM*@? z1UZObU3hYPfQk{~r#Fs7oUqajBT1DOLxXbjg^{=^7{8qK(~+2?AP(~TD%7H*!-)+D zI1%Dh1Z2kbks$Q3w2mh6Hnm3Z`v`k~@F-W)*%doz_6l8rbp+ zsdDH~%4A^D&0(dN;}PQHwK~-XnXpBdMM%J8DoA346)2b=uwHFtDCVIv7YdQI*a70l zSbx+&SC?nNGl~o+P=OnL{%8`X&oyBvSQa-!!%I$j81MY#YXe$gU`8_;t*N)6o|lvQ z#6m2E^j7soCmScqs?}HyPGu+w6A#UgA+;Dsk4$n~k>&7263v3{8AC2&X#{nTC5!Qd zI>(ZFEk38Narn}ZavV=H*-3aULgj%?sC`qg;i z(izzy9C7;SyzwN#_n6%d>k^m`sxwxr;DdWekB%qHOUD1By8*g#0!9<&sp}_@gZ1W~ zi&LGr3G?TuUGa2(c`7F|_{u6pS1c$J&A_FtWH+8m4+=9(5mwvtL@zF9xP(7ookT`5 z#%zPBc^eH(CS`Q-WGtbT(d=XrI-MlaTPKr7E>qBFCX*4BW=vM2$!FAqIV&&Yy~> z^7%RBvr!m>N-1ASuH~E0iosasWM5=N9htDN3F^?hKblIW8V!BTN&L`o85v23P9wLQ zI9#KG04)_hx_ug{fm{-JLq<)P>f6XdtajQ_&}XQ|LJC4AO}CK|=rbGJNE0vE z(GzXxJ%QO?`dJ$}>D8}H$jMUX%=b5z@8J}oaVFaMSLc$GV3_8i!)Ic2cg(Rso2=)L_sJaG0od!M!TTJL(_wa<4y8MZGr zI5g@{`0e0-!=$B-HW>DpV`+|ksY6+MOVc((m zX>qCAj8R4xQjN25(dblHD@!%hwAvhU4?eZlmIl>QR$d8dB#!Zh8b2U9H$^azPID;k0S9x_*OsHX3Us zWLR3`n_nE5Xt9VvLn#D{_{J@}8DzZ^!u#S^5<+e3(KyY93cDMh+akz>tF~yA+MDsn zfQRhEEgUe#xauo9x?tl55xQKKo}JWXRO zdPzm1v4mr{(e1)vX_y+fjczL*@eB})3dn|ZuNRv%7cM=^yoKvKmICP&S z+ELfafFp4^NXv0zdK(AU#Sa&K^2w@KFbZcv9u_66c@TU?i4Kzz{K#wPrcNkrw*r$B zd~#yq48nKq`;uR@u#q2KIwYgM!yu85JwX_NW4 zQ?Oh#reFxL^m22#-^1C23!nS2;gKSwx3OSjilnb7FP(_eY`>h9I$VeP&dsoQn+*#( z`!Fmc3j3Fs)oYOvfkkA-p^OYUrOQKv+G;DREMZvK^(j{qeuMR-(`a;r*lx*qvnNNU zn@yhHZHbmsrti@SoqN<_^$jzcWwjMW{TPeyzGUKo6E#_>@{pbvv|?jdw$eAJ5|?_X zU~r#A{ME-Tck6puCmiAALss5MycQ+NyYjvu5jTmrkOo_^ZD1Ml21y7#Wyd!IEto%O z2VTBoun;l8(DF�M%Fgl(e@SXts!x#PeXJ2DzgxKJ`5Yf2|d zYDuWv$B9yqs04?~V^BE8r$TkWXg7Wyqr|TTFLL9=*k0-ji_4rME|S52vBZU%asyVC z&6jJ+_i3p$5-MtNreX!Qj{hTw|Lv9E;AobFy2n?l2ydcVt(-f-K+T&l87#=48wQQW zpdo|8GaAgOdJ^%~1I6%;oRW4!!my~ui8rdB_&eG8tDPvQ@di<#%=o0nk6OPqRIAfy zb)0p~s|j})#?_3SHl?W;n6c%!iHAev$l4u*f(Ab>%{am~w$Dt!nVG44<(-uv?&z6H z3ufIF`Y>{fenUC3(`O&X>N$4&HrF6;|DSjrEb~TjdMf9|AakA<{#1uDSz=*P8E&R>P^HZ?=x0ypl=Fv)K%7)7F4C7ZhV4+%%Ua?0W#l@u(Ypd=~CQA)_W zutufIGwPRiK)TJWUPmmmsO7BO&sk=BumV-fp2FUp!ATYrAikp+QxMAxVaC80ee#z$ zPdF~x;LJ-B8@c{cE3{Y>iIn9o-bLT#3F>IsazBbDGBFE}{MGWwI*v}x${6+0Q!8Ee zze}zb@4pl!YV(-T8dlDaHU|ahK1euw8m(TVRnedgLFw8SShwm$HuikE9|Kpr&}mgv z*o5&@rna9lal&|Pe=S@wi~Xx}{|;|1d>t{@c3c&WE^7{|P6R=xD7Wea;$P{ny!c}; z7QZ5)d~GBSzS0ZnZ##5cWvctV*D}u5w86Z!eU{aEF(Z=OfjU33>N10^0bg&bvmza4 z6s>c}U)NpLsao~YdLJ&W=eB?;H0aiFhlX$Ak*G93EGDXtV!n7m@^OdYbeXNldN*yqDLT-dbzDo*W4 z5PgP`jhPOTT!|NUM#^8v?+{XXL*{@Bfn7POmG5@3a_t@@p0;q@#qPC=GcL>xIPhq| zqgOfroC|nVQBVKcg-d|~meuZi{Oa9_dtOAw-f(6irx@)dgOQs8G7_fj?TMfF#;Bn2 z?MuU)eUS)DvfJGGk?_d;uIN(IuJDV{3pbuRSaOVKCJo{h~VZ?h* zB)s=2R=+<)I|@zLy= z11(OPAdX8oe>`5%3AyDbP7=O6@?idn)?(WL-tW~DZX7$2ugb`-6O!Ef(-ow`;M!+% zb-}iC|5thcA-$vZHYC^QJm@!7ZqX9Mw%&tR>K)2VACA_)fLmX0R;t;I9VZJ^x$vHf z61SSO&A=%u=A3egOXFE7cb|$@RYm^s)JdHJ86QmF+i~vuYHT>|z;makApVC>RVqk2 zW0T!yj3k~{D!yGqJEV=0P}R^%X{)iJAq6>ScQHEt@2nq#&P5{q+*pL3ckA_KrBhY% z>HDJ_ZGYS>=bi6P?AUWZ#mIYp>O<&vp-k>^F;_>S;$9SacsHXjhvU7=KHSc>4Nzb_bVMncYgu zpvVy!D2Q`1;@a-N|V#Bw^U@&f4*ri^%-tK;L z&-Wh)F6wUh(DTM(wH0c(Q7bS1qbKdS8B0oGJ5heiiN6}H5HrJ3)%Yti{&eEVExWwn zRuaiKZ`*WeyG+9HyEeJ~-E>l`YUaHp6<7Q2#jD~X-?+yD$9+d&AJNaGv@s%8Pp-gm z9hpdY4YW!8(?DKw3a;c%B3V!2VyKbA$u6pm)LvXNQaqLn4TYoLs5BQAkrYDD;n*&x zxD`Uyz?l$wg+y&@a){=B3SoNZUPi16qp>Qh2)BvymC6!ZOjMxs4Nft{OhEs5bKp-i z#cNs1t(g0UF*HcXI!&OfjT|I)+UZNx-3kYr+2kOuS#Bi79w)cJRu@$TK6O#1x@)oC zOB7;HH}hr;Eu?-TDVEMCHxjwS@Q9+8loL4Kk|Ig`HIfr` zycIVrH*fnzL~Du_6`Ue}XwZ$I_5UBM8{B#F>?cDf;s6@d?0$|ymNPIf${ zlUScXeH5SvZYR+GU_w4gq@ChMd-@$k7o4K810yFTiNe*~-A(4vtRyB-G{$OW3P&_X z%uHdNu1n_--%X)Ie6VSHd?A&h)UP$8flR>9MQ5VV(?{uNqfTb%n=#=I-pzT3( zNvUNKnnf;0Ncn`S_LbA8Hub6waVU$D1!Ylqz}1stNjYwaUfI+ZH#bXxCE0XUE8gf$ zgUKfvds8p5v^OWPxDO{pN#M)9*>qK3);K=4iJ$sX`~N^cy-GL=mFHXY=?AfID1C-weQntG zi%Gm(z*yQljGSDI$A?k0c%guNQfTS4sTJ)x%1segssfX`d&D}HLh)t+7nstR3u_^7 z`ez<0?YC$?oJUcGoLlopP0xlEQn=Ewb3xxfU@9j$@pd6~P)^T*alV8q*WrOZMdZ~A<0#H?n5v4R!N=PgFpBb&FE?V#C@N$y z>5I8=wiWaCGmGib`=>sO2o!S)`Q$716!WZW#nfA^_h5pX#IcEU#E8+fT&)IEDeo%1 zgbMJ>Yj$yWG&v0V$0kfG$KbUQBCM3r|8ofqQENdRjV|RX;6_T!DWwyEXU8yD0u^PH zNZ9*Zvp~xV2<$-pO(U)2gS4lJRVu~aV zRMIUh7$=F#k5if$Hi4E1OBM5jg5|{%I4hY|ObCjzl~pvDKR>t?Dn407?f99tni2vJ zRZ}Yx6DD!$pRb|Yiu#Gfi9Fgekz=MxP#5Llg^5(J_TeIKGFQy`NvwKiac2_qLd;}J F|2Mqsjt~F< From 47250ec683cc7f28b717cadb906124d6e7bb35c2 Mon Sep 17 00:00:00 2001 From: Mario Rodas Date: Thu, 3 Jan 2019 22:36:49 -0500 Subject: [PATCH 11/49] bfs: 1.2.4 -> 1.3.1 --- pkgs/tools/system/bfs/default.nix | 16 +++++----------- 1 file changed, 5 insertions(+), 11 deletions(-) diff --git a/pkgs/tools/system/bfs/default.nix b/pkgs/tools/system/bfs/default.nix index 3734fefe60a2..3e9210d5b350 100644 --- a/pkgs/tools/system/bfs/default.nix +++ b/pkgs/tools/system/bfs/default.nix @@ -1,23 +1,17 @@ -{ stdenv, fetchFromGitHub, bash }: +{ stdenv, fetchFromGitHub, libcap, acl }: stdenv.mkDerivation rec { name = "bfs-${version}"; - version = "1.2.4"; + version = "1.3.1"; src = fetchFromGitHub { repo = "bfs"; owner = "tavianator"; rev = version; - sha256 = "0nxx2njjp04ik6msfmf07hprw0j88wg04m0q1sf17mhkliw2d78s"; + sha256 = "0gv9hrcsz7miv40v6wmkmb1a58ji5d1dlgwq6gwczd8rzlmhddmc"; }; - postPatch = '' - # Patch tests (both shebangs and usage in scripts) - for f in $(find -type f -name '*.sh'); do - substituteInPlace $f --replace "/bin/bash" "${bash}/bin/bash" - done - ''; - doCheck = true; + buildInputs = stdenv.lib.optionals stdenv.isLinux [ libcap acl ]; makeFlags = [ "PREFIX=$(out)" ]; buildFlags = [ "release" ]; # "release" enables compiler optimizations @@ -30,7 +24,7 @@ stdenv.mkDerivation rec { ''; homepage = https://github.com/tavianator/bfs; license = licenses.bsd0; - platforms = platforms.linux; + platforms = platforms.unix; maintainers = with maintainers; [ yesbox ]; }; } From fb0e49a9a7af13fd52edba4c51bda191604d10ca Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Domen=20Ko=C5=BEar?= Date: Fri, 4 Jan 2019 13:03:24 +0000 Subject: [PATCH 12/49] elm: get to compile on GHC 8.6.3 --- pkgs/development/compilers/elm/default.nix | 15 +++++---------- .../compilers/elm/packages/tasty-quickcheck.nix | 14 -------------- 2 files changed, 5 insertions(+), 24 deletions(-) delete mode 100644 pkgs/development/compilers/elm/packages/tasty-quickcheck.nix diff --git a/pkgs/development/compilers/elm/default.nix b/pkgs/development/compilers/elm/default.nix index 3c8ae70981e6..ba35e093f6af 100644 --- a/pkgs/development/compilers/elm/default.nix +++ b/pkgs/development/compilers/elm/default.nix @@ -4,7 +4,7 @@ let fetchElmDeps = import ./fetchElmDeps.nix { inherit stdenv lib fetchurl; }; - hsPkgs = haskell.packages.ghc822.override { + hsPkgs = haskell.packages.ghc863.override { overrides = self: super: with haskell.lib; let elmPkgs = { elm = overrideCabal (self.callPackage ./packages/elm.nix { }) (drv: { @@ -15,12 +15,7 @@ let versionsDat = ./versions.dat; }; buildTools = drv.buildTools or [] ++ [ makeWrapper ]; - patches = [ - (fetchpatch { - url = "https://github.com/elm/compiler/pull/1784/commits/78d2d8eab310552b1b877a3e90e1e57e7a09ddec.patch"; - sha256 = "0vdhk16xqm2hxw12s1b91a0bmi8w4wsxc086qlzglgnjxrl5b3w4"; - }) - ]; + jailbreak = true; postInstall = '' wrapProgram $out/bin/elm \ --prefix PATH ':' ${lib.makeBinPath [ nodejs ]} @@ -31,16 +26,16 @@ let The elm-format expression is updated via a script in the https://github.com/avh4/elm-format repo: `pacakge/nix/build.sh` */ - elm-format = self.callPackage ./packages/elm-format.nix {}; + elm-format = doJailbreak (self.callPackage ./packages/elm-format.nix {}); + inherit fetchElmDeps; + elmVersion = elmPkgs.elm.version; }; in elmPkgs // { inherit elmPkgs; - elmVersion = elmPkgs.elm.version; # Needed for elm-format indents = self.callPackage ./packages/indents.nix {}; - tasty-quickcheck = self.callPackage ./packages/tasty-quickcheck.nix {}; }; }; in hsPkgs.elmPkgs diff --git a/pkgs/development/compilers/elm/packages/tasty-quickcheck.nix b/pkgs/development/compilers/elm/packages/tasty-quickcheck.nix deleted file mode 100644 index 54235489edfa..000000000000 --- a/pkgs/development/compilers/elm/packages/tasty-quickcheck.nix +++ /dev/null @@ -1,14 +0,0 @@ -{ mkDerivation, base, pcre-light, QuickCheck, random, stdenv -, tagged, tasty, tasty-hunit -}: -mkDerivation { - pname = "tasty-quickcheck"; - version = "0.9.2"; - sha256 = "c5920adeab6e283d5e3ab45f3c80a1b011bedfbe4a3246a52606da2e1da95873"; - libraryHaskellDepends = [ base QuickCheck random tagged tasty ]; - testHaskellDepends = [ base pcre-light tasty tasty-hunit ]; - doCheck = false; - homepage = "https://github.com/feuerbach/tasty"; - description = "QuickCheck support for the Tasty test framework"; - license = stdenv.lib.licenses.mit; -} From 28293fb169ac78df15360c6d98da5022bda8f25a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Domen=20Ko=C5=BEar?= Date: Fri, 4 Jan 2019 13:55:06 +0000 Subject: [PATCH 13/49] fix #52118 --- pkgs/development/compilers/elm/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/development/compilers/elm/default.nix b/pkgs/development/compilers/elm/default.nix index ba35e093f6af..aa8d9da9faaf 100644 --- a/pkgs/development/compilers/elm/default.nix +++ b/pkgs/development/compilers/elm/default.nix @@ -26,7 +26,7 @@ let The elm-format expression is updated via a script in the https://github.com/avh4/elm-format repo: `pacakge/nix/build.sh` */ - elm-format = doJailbreak (self.callPackage ./packages/elm-format.nix {}); + elm-format = justStaticExecutables (doJailbreak (self.callPackage ./packages/elm-format.nix {})); inherit fetchElmDeps; elmVersion = elmPkgs.elm.version; From 6acde263185d4e057495aceb7d5e839ce5b093d0 Mon Sep 17 00:00:00 2001 From: Frank Lanitz Date: Fri, 4 Jan 2019 16:58:22 +0100 Subject: [PATCH 14/49] Geany: 1.34 -> 1.34.1 --- pkgs/applications/editors/geany/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/applications/editors/geany/default.nix b/pkgs/applications/editors/geany/default.nix index caead872eb27..9f33bd084890 100644 --- a/pkgs/applications/editors/geany/default.nix +++ b/pkgs/applications/editors/geany/default.nix @@ -3,7 +3,7 @@ with stdenv.lib; let - version = "1.34"; + version = "1.34.1"; in stdenv.mkDerivation rec { @@ -11,7 +11,7 @@ stdenv.mkDerivation rec { src = fetchurl { url = "https://download.geany.org/${name}.tar.bz2"; - sha256 = "63b93d25d037eaffa77895ae6dd29c91bca570e4053eff5cc8490f87e6021f8e"; + sha256 = "e765efd89e759defe3fd797d8a2052afbb4b23522efbcc72e3a72b7f1093ec11"; }; nativeBuildInputs = [ pkgconfig intltool libintl ]; From 7ce548ef4f6b062ec83d3344df2bd431c639f3d0 Mon Sep 17 00:00:00 2001 From: Will Dietz Date: Fri, 4 Jan 2019 14:08:53 -0600 Subject: [PATCH 15/49] getdns: 1.4.2 -> 1.5.0 https://getdnsapi.net/releases/getdns-1-5-0/ --- pkgs/development/libraries/getdns/default.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/development/libraries/getdns/default.nix b/pkgs/development/libraries/getdns/default.nix index 66fc0138ef9b..002c9bc0748f 100644 --- a/pkgs/development/libraries/getdns/default.nix +++ b/pkgs/development/libraries/getdns/default.nix @@ -4,11 +4,11 @@ stdenv.mkDerivation rec { pname = "getdns"; name = "${pname}-${version}"; - version = "1.4.2"; + version = "1.5.0"; src = fetchurl { - url = "https://getdnsapi.net/releases/${pname}-1-4-2/${pname}-${version}.tar.gz"; - sha256 = "100fzjpvajvnv0kym8g5lkwyv8w8vhy7g2p0pb2gyz19zqnvi18n"; + url = "https://getdnsapi.net/releases/${pname}-1-5-0/${pname}-${version}.tar.gz"; + sha256 = "577182c3ace919ee70cee5629505581a10dc530bd53fe5c241603ea91c84fa84"; }; nativeBuildInputs = [ libtool m4 autoreconfHook automake file ]; From c1eb0e8ad94b8be9ac842dac195a2bc0413c8795 Mon Sep 17 00:00:00 2001 From: Will Dietz Date: Fri, 4 Jan 2019 14:09:01 -0600 Subject: [PATCH 16/49] stubby: 0.2.3 -> 0.2.4 --- pkgs/tools/networking/stubby/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/tools/networking/stubby/default.nix b/pkgs/tools/networking/stubby/default.nix index 2882ba217398..d8088918f449 100644 --- a/pkgs/tools/networking/stubby/default.nix +++ b/pkgs/tools/networking/stubby/default.nix @@ -4,13 +4,13 @@ stdenv.mkDerivation rec { pname = "stubby"; name = "${pname}-${version}"; - version = "0.2.3"; + version = "0.2.4"; src = fetchFromGitHub { owner = "getdnsapi"; repo = pname; rev = "v${version}"; - sha256 = "1n02dj1hvh0aml54asxj42f0j9wfgiyavbh0gr0j9lm4f2xcd60w"; + sha256 = "1c0jqbxcrwc8kvpx7v0bmdladf20myyi2672r2r87m2q0jvsmgpr"; }; nativeBuildInputs = [ libtool m4 libbsd libyaml autoreconfHook ]; From 4a4d1d64979e3ad80aaa03a2b2a526e50cead3a9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Fri, 4 Jan 2019 11:40:39 +0100 Subject: [PATCH 17/49] cryptominisat: 5.0.1 -> 5.6.6 --- .../science/logic/cryptominisat/default.nix | 16 +++++----------- 1 file changed, 5 insertions(+), 11 deletions(-) diff --git a/pkgs/applications/science/logic/cryptominisat/default.nix b/pkgs/applications/science/logic/cryptominisat/default.nix index 4d96339149af..25027841ab8b 100644 --- a/pkgs/applications/science/logic/cryptominisat/default.nix +++ b/pkgs/applications/science/logic/cryptominisat/default.nix @@ -1,24 +1,18 @@ -{ stdenv, fetchFromGitHub, fetchpatch, cmake, python, xxd }: +{ stdenv, fetchFromGitHub, fetchpatch, cmake, python, xxd, boost }: stdenv.mkDerivation rec { name = "cryptominisat-${version}"; - version = "5.0.1"; + version = "5.6.6"; src = fetchFromGitHub { owner = "msoos"; repo = "cryptominisat"; rev = version; - sha256 = "0cpw5d9vplxvv3aaplhnga55gz1hy29p7s4pkw1306knkbhlzvkb"; + sha256 = "1a1494gj4j73yij0hjbzsn2hglk9zy5c5wfwgig3j67cis28saf5"; }; - buildInputs = [ python xxd ]; - nativeBuildInputs = [ cmake ]; - - patches = [(fetchpatch rec { - name = "fix-exported-library-name.patch"; - url = "https://github.com/msoos/cryptominisat/commit/7a47795cbe5ad5a899731102d297f234bcade077.patch"; - sha256 = "11hf3cfqs4cykn7rlgjglq29lzqfxvlm0f20qasi0kdrz01cr30f"; - })]; + buildInputs = [ python boost ]; + nativeBuildInputs = [ cmake xxd ]; meta = with stdenv.lib; { description = "An advanced SAT Solver"; From 3b152247eadbf3257e684525d49549b55f26c87d Mon Sep 17 00:00:00 2001 From: Michael Raskin <7c6f434c@mail.ru> Date: Sat, 5 Jan 2019 13:17:50 +0100 Subject: [PATCH 18/49] weechatScripts.weechat-matrix-bridge: 2018-05-29 -> 2018-11-19 (HTTP/2 support fix) --- .../irc/weechat/scripts/weechat-matrix-bridge/default.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/applications/networking/irc/weechat/scripts/weechat-matrix-bridge/default.nix b/pkgs/applications/networking/irc/weechat/scripts/weechat-matrix-bridge/default.nix index d2960ae93a99..137a32f9364f 100644 --- a/pkgs/applications/networking/irc/weechat/scripts/weechat-matrix-bridge/default.nix +++ b/pkgs/applications/networking/irc/weechat/scripts/weechat-matrix-bridge/default.nix @@ -1,12 +1,12 @@ { stdenv, curl, fetchFromGitHub, cjson, olm, luaffi }: stdenv.mkDerivation { - name = "weechat-matrix-bridge-2018-05-29"; + name = "weechat-matrix-bridge-2018-11-19"; src = fetchFromGitHub { owner = "torhve"; repo = "weechat-matrix-protocol-script"; - rev = "ace3fefc0e35a627f8a528032df2e3111e41eb1b"; - sha256 = "1snf8vn5n9wzrnqnvdrcli4199s5p114jbjlgrj5c27i53173wqw"; + rev = "8d32e90d864a8f3f09ecc2857cd5dd6e39a8c3f7"; + sha256 = "0qqd6qmkrdc0r3rnl53c3yp93fbcz7d3mdw3vq5gmdqxyym4s9lj"; }; patches = [ From 9b2f0fbcdd4cbb4acac3f894cb93d0efdd5fcd26 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Sat, 5 Jan 2019 13:22:39 +0100 Subject: [PATCH 19/49] nixos/lirc: expose socket path via passthru --- nixos/modules/services/hardware/lirc.nix | 12 +++--------- nixos/modules/services/hardware/vdr.nix | 2 +- 2 files changed, 4 insertions(+), 10 deletions(-) diff --git a/nixos/modules/services/hardware/lirc.nix b/nixos/modules/services/hardware/lirc.nix index ece38bd1e1cd..826e512c75d1 100644 --- a/nixos/modules/services/hardware/lirc.nix +++ b/nixos/modules/services/hardware/lirc.nix @@ -32,14 +32,6 @@ in { default = []; description = "Extra arguments to lircd."; }; - - socket = mkOption { - type = types.path; - # default search path of many applications - default = "/run/lirc/lircd"; - description = "Socket path"; - }; - }; }; @@ -50,13 +42,15 @@ in { # Note: LIRC executables raises a warning, if lirc_options.conf do not exists environment.etc."lirc/lirc_options.conf".text = cfg.options; + passthru.lirc.socket = "/run/lirc/lircd"; + environment.systemPackages = [ pkgs.lirc ]; systemd.sockets.lircd = { description = "LIRC daemon socket"; wantedBy = [ "sockets.target" ]; socketConfig = { - ListenStream = cfg.socket; + ListenStream = config.passthru.lirc.socket; SocketUser = "lirc"; SocketMode = "0660"; }; diff --git a/nixos/modules/services/hardware/vdr.nix b/nixos/modules/services/hardware/vdr.nix index 695f0cbab1fc..4822506a899b 100644 --- a/nixos/modules/services/hardware/vdr.nix +++ b/nixos/modules/services/hardware/vdr.nix @@ -75,7 +75,7 @@ in { services.lirc.enable = true; users.users.vdr.extraGroups = [ "lirc" ]; services.vdr.extraArguments = [ - "--lirc=${config.services.lirc.socket}" + "--lirc=${config.passthru.lirc.socket}" ]; })]); } From c68e8b05f005381ac1caf51bb28282b70242b77b Mon Sep 17 00:00:00 2001 From: Joachim Fasting Date: Sat, 5 Jan 2019 13:10:05 +0100 Subject: [PATCH 20/49] Revert "linux-hardened: Disable GCC_PLUGIN_RANDSTRUCT" This reverts commit 5dda1324be421c1a2afd5a559a87f97691287003. Presumably this was done to work around build errors or something but it works fine now. --- pkgs/os-specific/linux/kernel/hardened-config.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/pkgs/os-specific/linux/kernel/hardened-config.nix b/pkgs/os-specific/linux/kernel/hardened-config.nix index 9d28b3edf855..a6a835c1fe9f 100644 --- a/pkgs/os-specific/linux/kernel/hardened-config.nix +++ b/pkgs/os-specific/linux/kernel/hardened-config.nix @@ -117,6 +117,11 @@ ${optionalString (versionAtLeast version "4.20") '' GCC_PLUGIN_STACKLEAK y # A port of the PaX stackleak plugin ''} +${optionalString (versionAtLeast version "4.13") '' + GCC_PLUGIN_RANDSTRUCT y # A port of the PaX randstruct plugin + GCC_PLUGIN_RANDSTRUCT_PERFORMANCE y +''} + # Disable various dangerous settings ACPI_CUSTOM_METHOD n # Allows writing directly to physical memory PROC_KCORE n # Exposes kernel text image layout From abc8ed3fcae60ad2586307c854bdb21f993592f0 Mon Sep 17 00:00:00 2001 From: Joachim Fasting Date: Sat, 5 Jan 2019 13:20:09 +0100 Subject: [PATCH 21/49] hardened-config: clarify readonly LSM hooks config SECURITY_WRITABLE_HOOKS is implicitly controlled by SECURITY_SELINUX_DISABLE; explicitly unsetting results in an error because the configfile builder fails to detect that it has in fact been unset (reporting it as an unused option). For now, leave WRITABLE_HOOKS as an "optional" config for documentation purposes. --- .../os-specific/linux/kernel/hardened-config.nix | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/pkgs/os-specific/linux/kernel/hardened-config.nix b/pkgs/os-specific/linux/kernel/hardened-config.nix index a6a835c1fe9f..13db3873e628 100644 --- a/pkgs/os-specific/linux/kernel/hardened-config.nix +++ b/pkgs/os-specific/linux/kernel/hardened-config.nix @@ -52,15 +52,17 @@ ${optionalString (versionOlder version "4.11") '' DEBUG_SET_MODULE_RONX y ''} -# Mark LSM hooks read-only after init. Conflicts with SECURITY_SELINUX_DISABLE -# (disabling SELinux at runtime); hence, SELinux can only be disabled at boot -# via the selinux=0 boot parameter. +# Mark LSM hooks read-only after init. SECURITY_WRITABLE_HOOKS n +# conflicts with SECURITY_SELINUX_DISABLE y; disabling the latter +# implicitly marks LSM hooks read-only after init. +# +# SELinux can only be disabled at boot via selinux=0 +# +# We set SECURITY_WRITABLE_HOOKS n primarily for documentation purposes; the +# config builder fails to detect that it has indeed been unset. ${optionalString (versionAtLeast version "4.12") '' SECURITY_SELINUX_DISABLE n -''} - -${optionalString ((versionAtLeast version "4.12") && (versionOlder version "4.17")) '' - SECURITY_WRITABLE_HOOKS n + SECURITY_WRITABLE_HOOKS? n ''} DEBUG_WX y # boot-time warning on RWX mappings From 1801aad7b889e1acd3b2f41046852ae78f61a32d Mon Sep 17 00:00:00 2001 From: Joachim Fasting Date: Sat, 5 Jan 2019 13:24:54 +0100 Subject: [PATCH 22/49] hardened-config: clarify MODIFY_LDT_SYSCALL This likely never worked; MODIFY_LDT_SYSCALL depends on EXPERT; enabling EXPERT however seems to introduce quite a few changes that would need to be properly vetted. The version guard is unnecessary, however, as this config has been supported since 4.3. --- pkgs/os-specific/linux/kernel/hardened-config.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/os-specific/linux/kernel/hardened-config.nix b/pkgs/os-specific/linux/kernel/hardened-config.nix index 13db3873e628..6ae0108b3f0f 100644 --- a/pkgs/os-specific/linux/kernel/hardened-config.nix +++ b/pkgs/os-specific/linux/kernel/hardened-config.nix @@ -28,9 +28,9 @@ ${optionalString (stdenv.hostPlatform.platform.kernelArch == "x86_64") '' # Reduce attack surface by disabling various emulations IA32_EMULATION n X86_X32 n - ${optionalString (versionOlder version "4.17") '' - MODIFY_LDT_SYSCALL? n - ''} + # Note: this config depends on EXPERT y and so will not take effect, hence + # it is left "optional" for now. + MODIFY_LDT_SYSCALL? n VMAP_STACK y # Catch kernel stack overflows From dfd77a046de192d8dfa5f9534552c299c3da26ac Mon Sep 17 00:00:00 2001 From: Joachim Fasting Date: Sat, 5 Jan 2019 13:43:42 +0100 Subject: [PATCH 23/49] hardened-config: ensure STRICT_KERNEL_RWX This is y in the default config, but enable it explicitly here to catch situations where it has been disabled (explicitly or implicitly). --- pkgs/os-specific/linux/kernel/hardened-config.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/pkgs/os-specific/linux/kernel/hardened-config.nix b/pkgs/os-specific/linux/kernel/hardened-config.nix index 6ae0108b3f0f..90856d593dd9 100644 --- a/pkgs/os-specific/linux/kernel/hardened-config.nix +++ b/pkgs/os-specific/linux/kernel/hardened-config.nix @@ -66,6 +66,9 @@ ${optionalString (versionAtLeast version "4.12") '' ''} DEBUG_WX y # boot-time warning on RWX mappings +${optionalString (versionAtLeast version "4.11") '' + STRICT_KERNEL_RWX y +''} # Stricter /dev/mem STRICT_DEVMEM? y From 11840f5c7071d1d687dc69a2585844a8c97b01a3 Mon Sep 17 00:00:00 2001 From: Joachim Fasting Date: Sat, 5 Jan 2019 13:44:33 +0100 Subject: [PATCH 24/49] hardened-config: explain HARDENED_USERCOPY_FALLBACK n --- pkgs/os-specific/linux/kernel/hardened-config.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/os-specific/linux/kernel/hardened-config.nix b/pkgs/os-specific/linux/kernel/hardened-config.nix index 90856d593dd9..62bd4945a665 100644 --- a/pkgs/os-specific/linux/kernel/hardened-config.nix +++ b/pkgs/os-specific/linux/kernel/hardened-config.nix @@ -89,7 +89,7 @@ ${optionalString (versionAtLeast version "4.13") '' # Perform usercopy bounds checking. HARDENED_USERCOPY y ${optionalString (versionAtLeast version "4.16") '' - HARDENED_USERCOPY_FALLBACK n + HARDENED_USERCOPY_FALLBACK n # for full whitelist enforcement ''} # Randomize allocator freelists. From d62086e6fc2fdf8d5f5d45e697edac418e6bad0f Mon Sep 17 00:00:00 2001 From: Joachim Fasting Date: Sat, 5 Jan 2019 13:44:54 +0100 Subject: [PATCH 25/49] hardened-config: allow slub/slab free poisoning --- pkgs/os-specific/linux/kernel/hardened-config.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/pkgs/os-specific/linux/kernel/hardened-config.nix b/pkgs/os-specific/linux/kernel/hardened-config.nix index 62bd4945a665..ed540a9e7518 100644 --- a/pkgs/os-specific/linux/kernel/hardened-config.nix +++ b/pkgs/os-specific/linux/kernel/hardened-config.nix @@ -99,6 +99,9 @@ ${optionalString (versionAtLeast version "4.14") '' SLAB_FREELIST_HARDENED y ''} +# Allow enabling slub/slab free poisoning with slub_debug=P +SLUB_DEBUG y + # Wipe higher-level memory allocations on free() with page_poison=1 PAGE_POISONING y PAGE_POISONING_NO_SANITY y From 3f1f44312536ef93b3591cabe141166cac23b8db Mon Sep 17 00:00:00 2001 From: Joachim Fasting Date: Sat, 5 Jan 2019 13:47:25 +0100 Subject: [PATCH 26/49] nixos/hardened profile: slab/slub hardening slab_nomerge may reduce surface somewhat slub_debug is used to enable additional sanity checks and "red zones" around allocations to detect read/writes beyond the allocated area, as well as poisoning to overwrite free'd data. The cost is yet more memory fragmentation ... --- nixos/modules/profiles/hardened.nix | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/nixos/modules/profiles/hardened.nix b/nixos/modules/profiles/hardened.nix index a588943fe710..aa9ea2c9a357 100644 --- a/nixos/modules/profiles/hardened.nix +++ b/nixos/modules/profiles/hardened.nix @@ -29,6 +29,12 @@ with lib; security.apparmor.enable = mkDefault true; boot.kernelParams = [ + # Slab/slub sanity checks, redzoning, and poisoning + "slub_debug=FZP" + + # Disable slab merging to make certain heap overflow attacks harder + "slab_nomerge" + # Overwrite free'd memory "page_poison=1" From 167578163a5031e8d7519b010824499db73fa62f Mon Sep 17 00:00:00 2001 From: Joachim Fasting Date: Sat, 5 Jan 2019 13:50:36 +0100 Subject: [PATCH 27/49] nixos/hardened profile: always enable pti --- nixos/modules/profiles/hardened.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/nixos/modules/profiles/hardened.nix b/nixos/modules/profiles/hardened.nix index aa9ea2c9a357..9ab2ee87a19e 100644 --- a/nixos/modules/profiles/hardened.nix +++ b/nixos/modules/profiles/hardened.nix @@ -40,6 +40,9 @@ with lib; # Disable legacy virtual syscalls "vsyscall=none" + + # Enable PTI even if CPU claims to be safe from meltdown + "pti=on" ]; boot.blacklistedKernelModules = [ From 8358ffc7081091c52a39bd468c39658f0f336c6c Mon Sep 17 00:00:00 2001 From: Matt McHenry Date: Fri, 4 Jan 2019 23:08:53 -0500 Subject: [PATCH 28/49] haskellPackages.friday: jailbreak --- pkgs/development/haskell-modules/configuration-common.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/pkgs/development/haskell-modules/configuration-common.nix b/pkgs/development/haskell-modules/configuration-common.nix index 7bd540c8578e..c55ddf833d7b 100644 --- a/pkgs/development/haskell-modules/configuration-common.nix +++ b/pkgs/development/haskell-modules/configuration-common.nix @@ -520,6 +520,10 @@ self: super: { # generic-deriving bound is too tight aeson = doJailbreak super.aeson; + # containers >=0.4 && <0.6 is too tight + # https://github.com/RaphaelJ/friday/issues/34 + friday = doJailbreak super.friday; + # Won't compile with recent versions of QuickCheck. inilist = dontCheck super.inilist; MissingH = dontCheck super.MissingH; From df834ee56d8c2ba5f75eae872e4dedc037874a61 Mon Sep 17 00:00:00 2001 From: "R. RyanTM" Date: Sat, 5 Jan 2019 05:47:25 -0800 Subject: [PATCH 29/49] sysstat: 12.1.1 -> 12.1.2 (#52675) Semi-automatic update generated by https://github.com/ryantm/nixpkgs-update tools. This update was made based on information from https://repology.org/metapackage/sysstat/versions --- pkgs/os-specific/linux/sysstat/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/os-specific/linux/sysstat/default.nix b/pkgs/os-specific/linux/sysstat/default.nix index d3a9d7834cdc..27b27ebffdd8 100644 --- a/pkgs/os-specific/linux/sysstat/default.nix +++ b/pkgs/os-specific/linux/sysstat/default.nix @@ -1,11 +1,11 @@ { stdenv, fetchurl, gettext, bzip2 }: stdenv.mkDerivation rec { - name = "sysstat-12.1.1"; + name = "sysstat-12.1.2"; src = fetchurl { url = "http://perso.orange.fr/sebastien.godard/${name}.tar.xz"; - sha256 = "0drrlv2fr64g5zf0a2bkla2rql4nmq4n192wvcr9r4zppg58d8k4"; + sha256 = "0xiv70x4n24fcycvlq95lqgb3jwjxfzq61bnyqai57x54hhn46yp"; }; buildInputs = [ gettext ]; From 37fe593d486f006173e91df2cfc1429db7fb06e0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Sat, 5 Jan 2019 16:38:10 +0100 Subject: [PATCH 30/49] cryptominisat: switch to python3 --- pkgs/applications/science/logic/cryptominisat/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/applications/science/logic/cryptominisat/default.nix b/pkgs/applications/science/logic/cryptominisat/default.nix index 25027841ab8b..18af6f0a618b 100644 --- a/pkgs/applications/science/logic/cryptominisat/default.nix +++ b/pkgs/applications/science/logic/cryptominisat/default.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchFromGitHub, fetchpatch, cmake, python, xxd, boost }: +{ stdenv, fetchFromGitHub, fetchpatch, cmake, python3, xxd, boost }: stdenv.mkDerivation rec { name = "cryptominisat-${version}"; @@ -11,7 +11,7 @@ stdenv.mkDerivation rec { sha256 = "1a1494gj4j73yij0hjbzsn2hglk9zy5c5wfwgig3j67cis28saf5"; }; - buildInputs = [ python boost ]; + buildInputs = [ python3 boost ]; nativeBuildInputs = [ cmake xxd ]; meta = with stdenv.lib; { From 2614c8a6c564d7eb5b693975b3c1ff9771f5753f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Fri, 4 Jan 2019 15:41:51 +0100 Subject: [PATCH 31/49] nixos/xss-lock: specify a default locker Having a default locker is less error-prone and more convenient. Incorrect values might leave the machine vulnerable since there is no fallback. --- nixos/modules/programs/xss-lock.nix | 3 ++- nixos/tests/xss-lock.nix | 3 +-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/nixos/modules/programs/xss-lock.nix b/nixos/modules/programs/xss-lock.nix index 49d522c604f5..c290df01b960 100644 --- a/nixos/modules/programs/xss-lock.nix +++ b/nixos/modules/programs/xss-lock.nix @@ -9,7 +9,8 @@ in options.programs.xss-lock = { enable = mkEnableOption "xss-lock"; lockerCommand = mkOption { - example = "xlock"; + default = "${pkgs.i3lock}/bin/i3lock"; + example = literalExample ''''${pkgs.i3lock-fancy}/bin/i3lock-fancy''; type = types.string; description = "Locker to be used with xsslock"; }; diff --git a/nixos/tests/xss-lock.nix b/nixos/tests/xss-lock.nix index 045667bdcdec..b46bb1a8f6e9 100644 --- a/nixos/tests/xss-lock.nix +++ b/nixos/tests/xss-lock.nix @@ -9,7 +9,6 @@ with lib; machine = { imports = [ ./common/x11.nix ./common/user-account.nix ]; programs.xss-lock.enable = true; - programs.xss-lock.lockerCommand = "${pkgs.xlockmore}/bin/xlock"; services.xserver.displayManager.auto.user = "alice"; }; @@ -20,6 +19,6 @@ with lib; $machine->fail("pgrep xlock"); $machine->succeed("su -l alice -c 'xset dpms force standby'"); - $machine->waitUntilSucceeds("pgrep xlock"); + $machine->waitUntilSucceeds("pgrep i3lock"); ''; }) From 5da3d039d4b6b5d46c39b3cd22223f02bb02bf3f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Sat, 5 Jan 2019 17:01:50 +0100 Subject: [PATCH 32/49] qemu-afl: various cleanups --- pkgs/tools/security/afl/qemu.nix | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/pkgs/tools/security/afl/qemu.nix b/pkgs/tools/security/afl/qemu.nix index 769b89ec4c50..a007eb3913db 100644 --- a/pkgs/tools/security/afl/qemu.nix +++ b/pkgs/tools/security/afl/qemu.nix @@ -36,12 +36,14 @@ stdenv.mkDerivation rec { --replace "../patches/afl-qemu-cpu-inl.h" "afl-qemu-cpu-inl.h" ''; - buildInputs = - [ python2 zlib pkgconfig glib pixman ncurses perl attr libcap - vde2 texinfo libuuid flex bison lzo snappy autoconf - libcap_ng gnutls - ] - ++ optionals (hasSuffix "linux" stdenv.hostPlatform.system) [ libaio ]; + nativeBuildInputs = [ + python2 perl pkgconfig flex bison autoconf texinfo + ]; + + buildInputs = [ + zlib glib pixman ncurses attr libcap + vde2 libuuid lzo snappy libcap_ng gnutls + ] ++ optionals (stdenv.isLinux) [ libaio ]; enableParallelBuilding = true; From e2b79b10b57ac5b4484a94f4e54e87297d7c9591 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Sat, 5 Jan 2019 16:58:51 +0100 Subject: [PATCH 33/49] afl: various cleanups --- pkgs/tools/security/afl/default.nix | 23 ++++++++--------------- 1 file changed, 8 insertions(+), 15 deletions(-) diff --git a/pkgs/tools/security/afl/default.nix b/pkgs/tools/security/afl/default.nix index 067d355fb901..c90d031e989b 100644 --- a/pkgs/tools/security/afl/default.nix +++ b/pkgs/tools/security/afl/default.nix @@ -15,21 +15,18 @@ let url = "http://lcamtuf.coredump.cx/afl/releases/${name}.tgz"; sha256 = "0ig0ij4n1pwry5dw1hk4q88801jzzy2cric6y2gd6560j55lnqa3"; }; + enableParallelBuilding = true; # Note: libcgroup isn't needed for building, just for the afl-cgroup # script. - buildInputs = [ makeWrapper llvm which ]; + nativeBuildInputs = [ makeWrapper which ]; + buildInputs = [ llvm ]; - buildPhase = '' - make PREFIX=$out - cd llvm_mode - make PREFIX=$out - cd .. + makeFlags = [ "PREFIX=$(out)" ]; + postBuild = '' + make -C llvm_mode $makeFlags -j$NIX_BUILD_CORES ''; - installPhase = '' - # Do the normal installation - make install PREFIX=$out - + postInstall = '' # Install the custom QEMU emulator for binary blob fuzzing. cp ${afl-qemu}/bin/${qemu-exe-name} $out/bin/afl-qemu-trace @@ -55,9 +52,7 @@ let done ''; - passthru = { - qemu = afl-qemu; - }; + passthru.qemu = afl-qemu; meta = { description = "Powerful fuzzer via genetic algorithms and instrumentation"; @@ -78,5 +73,3 @@ let }; }; in afl - - From 8a7d9e6dd09d6db119ccfb34b8cb52157e61e7bc Mon Sep 17 00:00:00 2001 From: Dmitry Kalinkin Date: Sat, 5 Jan 2019 11:38:10 -0500 Subject: [PATCH 34/49] offlineimap: provide "OS-DEFAULT" CA certificates (#53268) --- pkgs/tools/networking/offlineimap/default.nix | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/pkgs/tools/networking/offlineimap/default.nix b/pkgs/tools/networking/offlineimap/default.nix index 50ed107bc20d..5ac64d36eaf9 100644 --- a/pkgs/tools/networking/offlineimap/default.nix +++ b/pkgs/tools/networking/offlineimap/default.nix @@ -1,5 +1,5 @@ { stdenv, fetchFromGitHub, python2Packages, - asciidoc, libxml2, libxslt, docbook_xsl }: + asciidoc, cacert, libxml2, libxslt, docbook_xsl }: python2Packages.buildPythonApplication rec { version = "7.2.2"; @@ -15,6 +15,9 @@ python2Packages.buildPythonApplication rec { postPatch = '' # Skip xmllint to stop failures due to no network access sed -i docs/Makefile -e "s|a2x -v -d |a2x -L -v -d |" + + # Provide CA certificates (Used when "sslcacertfile = OS-DEFAULT" is configured") + sed -i offlineimap/utils/distro.py -e '/def get_os_sslcertfile():/a\ \ \ \ return "${cacert}/etc/ssl/certs/ca-bundle.crt"' ''; doCheck = false; From 0d99389a6d7335daea2443fe5b7949acb0aa052d Mon Sep 17 00:00:00 2001 From: Tadeo Kondrak Date: Sat, 5 Jan 2019 10:10:27 -0700 Subject: [PATCH 35/49] wine: add perl to buildInputs to fix winemaker --- pkgs/misc/emulators/wine/base.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/misc/emulators/wine/base.nix b/pkgs/misc/emulators/wine/base.nix index 94cf4a774569..2b9d048f77e6 100644 --- a/pkgs/misc/emulators/wine/base.nix +++ b/pkgs/misc/emulators/wine/base.nix @@ -59,7 +59,7 @@ stdenv.mkDerivation ((lib.optionalAttrs (! isNull buildScript) { ++ lib.optionals stdenv.isLinux (with pkgs.xorg; [ libXi libXcursor libXrandr libXrender libXxf86vm libXcomposite libXext ]) - ++ [ pkgs.xorg.libX11 ])); + ++ [ pkgs.xorg.libX11 pkgs.perl ])); # Wine locates a lot of libraries dynamically through dlopen(). Add # them to the RPATH so that the user doesn't have to set them in From f706777f5b19e0af6b5552ce3fdcf782e399f882 Mon Sep 17 00:00:00 2001 From: Ryan Mulligan Date: Tue, 1 Jan 2019 14:51:01 -0800 Subject: [PATCH 36/49] haskellPackages.binary-orphans: dontCheck --- pkgs/development/haskell-modules/configuration-ghc-8.6.x.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/pkgs/development/haskell-modules/configuration-ghc-8.6.x.nix b/pkgs/development/haskell-modules/configuration-ghc-8.6.x.nix index d5c1fadc5a2e..4d258a5490b2 100644 --- a/pkgs/development/haskell-modules/configuration-ghc-8.6.x.nix +++ b/pkgs/development/haskell-modules/configuration-ghc-8.6.x.nix @@ -56,6 +56,7 @@ self: super: { RSA = dontCheck super.RSA; # https://github.com/GaloisInc/RSA/issues/14 monad-par = dontCheck super.monad-par; # https://github.com/simonmar/monad-par/issues/66 github = dontCheck super.github; # hspec upper bound exceeded; https://github.com/phadej/github/pull/341 + binary-orphans = dontCheck super.binary-orphans; # tasty upper bound exceeded; https://github.com/phadej/binary-orphans/commit/8ce857226595dd520236ff4c51fa1a45d8387b33 # https://github.com/jgm/skylighting/issues/55 skylighting-core = dontCheck super.skylighting-core; From 5adde64416b6f4fce41e1152efe9902a28ace26b Mon Sep 17 00:00:00 2001 From: Will Dietz Date: Sat, 5 Jan 2019 13:35:10 -0600 Subject: [PATCH 37/49] minizincide: minor touchups per reviewer suggestion (sourceRoot needed a "source/" prefix, FWIW) --- pkgs/development/tools/minizinc/ide.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/tools/minizinc/ide.nix b/pkgs/development/tools/minizinc/ide.nix index 9e4edc236df9..ab2af43979a6 100644 --- a/pkgs/development/tools/minizinc/ide.nix +++ b/pkgs/development/tools/minizinc/ide.nix @@ -15,7 +15,7 @@ stdenv.mkDerivation { sha256 = "1hanq7c6li59awlwghgvpd8w93a7zb6iw7p4062nphnbd1dmg92f"; }; - postUnpack = ''export sourceRoot="$sourceRoot/MiniZincIDE"''; + sourceRoot = "source/MiniZincIDE"; enableParallelBuilding = true; @@ -25,7 +25,7 @@ stdenv.mkDerivation { meta = with stdenv.lib; { homepage = https://www.minizinc.org/; - description = "IDE for MiniZinc, a medium-level constraint modelling language."; + description = "IDE for MiniZinc, a medium-level constraint modelling language"; longDescription = '' MiniZinc is a medium-level constraint modelling From 6f886ca7aaa1948b58640915f4a350fcb85d3155 Mon Sep 17 00:00:00 2001 From: Will Dietz Date: Sat, 5 Jan 2019 13:39:17 -0600 Subject: [PATCH 38/49] gllvm: 1.2.2 -> 1.2.3 https://github.com/SRI-CSL/gllvm/releases/tag/v1.2.3 --- pkgs/development/tools/gllvm/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/tools/gllvm/default.nix b/pkgs/development/tools/gllvm/default.nix index cae6d2255bf2..b581e71129ca 100644 --- a/pkgs/development/tools/gllvm/default.nix +++ b/pkgs/development/tools/gllvm/default.nix @@ -2,7 +2,7 @@ buildGoPackage rec { name = "gllvm-${version}"; - version = "1.2.2"; + version = "1.2.3"; goPackagePath = "github.com/SRI-CSL/gllvm"; @@ -10,7 +10,7 @@ buildGoPackage rec { owner = "SRI-CSL"; repo = "gllvm"; rev = "v${version}"; - sha256 = "1k6081frnc6i6h3fa8d796cirhbf5kkshw7qyarz5wi3fcgijn4s"; + sha256 = "12kdgsma62nzksvw266qm3ivkbz62ma93dd25wy0p19789v4fi7s"; }; meta = with stdenv.lib; { From f27fe449b10c65830a2f27cae5d3213077b6f07e Mon Sep 17 00:00:00 2001 From: Michael Raskin <7c6f434c@mail.ru> Date: Sat, 5 Jan 2019 22:37:00 +0100 Subject: [PATCH 39/49] pythonPackages.ldap3: switch src to fetchFromGitHub PyPI links to a source tarball at PythonHosted that has an empty ldap3/protocol/sasl/digestMd5.py while the linked egg file has a non-empty file (and the upstream GitHub repository has a non-empty file that hasn't even had a non-comment change for some time. --- .../development/python-modules/ldap3/default.nix | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/pkgs/development/python-modules/ldap3/default.nix b/pkgs/development/python-modules/ldap3/default.nix index 22d725fac617..73957df1d9d6 100644 --- a/pkgs/development/python-modules/ldap3/default.nix +++ b/pkgs/development/python-modules/ldap3/default.nix @@ -1,12 +1,20 @@ -{ stdenv, fetchPypi, buildPythonPackage, gssapi, pyasn1 }: +{ stdenv, fetchPypi, fetchFromGitHub, buildPythonPackage, gssapi, pyasn1 }: buildPythonPackage rec { version = "2.5.2"; pname = "ldap3"; - src = fetchPypi { - inherit pname version; - sha256 = "063dacy01mphc3n7z2qc2avykjavqm1gllkbvy7xzw5ihlqwhrrz"; +## This should work, but 2.5.2 has a weird tarball with empty source files +## where upstream repository has non-empty ones +# src = fetchPypi { +# inherit pname version; +# sha256 = "063dacy01mphc3n7z2qc2avykjavqm1gllkbvy7xzw5ihlqwhrrz"; +# }; + src = fetchFromGitHub { + owner = "cannatag"; + repo = pname; + rev = "v${version}"; + sha256 = "0p5l4bhy6j2nvvlxz5zvznbaqb72x791v9la2jr2wpwr60mzz9hw"; }; buildInputs = [ gssapi ]; From 8d9c2fc3ffdd6079d141e833d6b28c6397ecbd21 Mon Sep 17 00:00:00 2001 From: Michael Weiss Date: Sat, 5 Jan 2019 21:23:09 +0100 Subject: [PATCH 40/49] python37Packages.google_api_python_client: 1.7.4 -> 1.7.7 --- .../python-modules/google-api-python-client/default.nix | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/pkgs/development/python-modules/google-api-python-client/default.nix b/pkgs/development/python-modules/google-api-python-client/default.nix index c8dd5ea84aec..1a335ad6bb1c 100644 --- a/pkgs/development/python-modules/google-api-python-client/default.nix +++ b/pkgs/development/python-modules/google-api-python-client/default.nix @@ -1,13 +1,14 @@ -{ lib, buildPythonPackage, fetchPypi +{ lib, buildPythonPackage, fetchPypi, isPy3k , httplib2, google_auth, google-auth-httplib2, six, uritemplate, oauth2client }: buildPythonPackage rec { pname = "google-api-python-client"; - version = "1.7.4"; + version = "1.7.7"; + #disabled = !isPy3k; # TODO: Python 2.7 was deprecated but weboob still depends on it. src = fetchPypi { inherit pname version; - sha256 = "5d5cb02c6f3112c68eed51b74891a49c0e35263380672d662f8bfe85b8114d7c"; + sha256 = "1nlsp8cll6v9w4649j98xw545bfnqa2xs7m9faa9mxc0kp8ff1li"; }; # No tests included in archive From 2acda72b859fe7fc5f8e0301b922e3fbf4c294af Mon Sep 17 00:00:00 2001 From: Michael Weiss Date: Sat, 5 Jan 2019 22:30:09 +0100 Subject: [PATCH 41/49] python27Packages.weboob: Override google_api_python_client --- .../python-modules/weboob/default.nix | 19 +++++++++++++++---- 1 file changed, 15 insertions(+), 4 deletions(-) diff --git a/pkgs/development/python-modules/weboob/default.nix b/pkgs/development/python-modules/weboob/default.nix index 73a70a65c380..93a17ea4425d 100644 --- a/pkgs/development/python-modules/weboob/default.nix +++ b/pkgs/development/python-modules/weboob/default.nix @@ -1,4 +1,4 @@ -{ buildPythonPackage, fetchurl, stdenv, isPy27 +{ buildPythonPackage, fetchurl, fetchPypi, stdenv, isPy27 , nose, pillow, prettytable, pyyaml, dateutil, gdata , requests, mechanize, feedparser, lxml, gnupg, pyqt5 , libyaml, simplejson, cssselect, futures, pdfminer @@ -6,7 +6,18 @@ , unidecode }: -buildPythonPackage rec { +let + # Support for Python 2.7 was dropped in 1.7.7 + google_api_python_client_python27 = google_api_python_client.overrideDerivation + (oldAttrs: rec { + pname = "google-api-python-client"; + version = "1.7.6"; + src = fetchPypi { + inherit pname version; + sha256 = "14w5sdrp0bk9n0r2lmpqmrbf2zclpfq6q7giyahnskkfzdkb165z"; + }; + }); +in buildPythonPackage rec { pname = "weboob"; version = "1.3"; disabled = ! isPy27; @@ -35,8 +46,8 @@ buildPythonPackage rec { propagatedBuildInputs = [ pillow prettytable pyyaml dateutil gdata requests mechanize feedparser lxml gnupg pyqt5 libyaml - simplejson cssselect futures pdfminer termcolor google_api_python_client - html2text unidecode ]; + simplejson cssselect futures pdfminer termcolor + google_api_python_client_python27 html2text unidecode ]; checkPhase = '' nosetests From a68ae2c2056b1fe286e0d07c0c9ded1ca6e4e994 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Vladim=C3=ADr=20=C4=8Cun=C3=A1t?= Date: Sat, 5 Jan 2019 22:51:21 +0100 Subject: [PATCH 42/49] obs-studio: restrict meta.platforms Hydra has been trying to build it on aarch64-linux, but never succeeded: https://hydra.nixos.org/job/nixpkgs/trunk/obs-studio.aarch64-linux/all (It tries to feed compiler x86-specific options.) I didn't test i686-linux, due to a transitive dependency not building (libupnp), but there it might likely work. --- pkgs/applications/video/obs-studio/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/applications/video/obs-studio/default.nix b/pkgs/applications/video/obs-studio/default.nix index 9fc9c5871086..c98acda9eea0 100644 --- a/pkgs/applications/video/obs-studio/default.nix +++ b/pkgs/applications/video/obs-studio/default.nix @@ -91,6 +91,6 @@ in stdenv.mkDerivation rec { homepage = https://obsproject.com; maintainers = with maintainers; [ jb55 MP2E ]; license = licenses.gpl2; - platforms = with platforms; linux; + platforms = [ "x86_64-linux" "i686-linux" ]; }; } From 35bee29824bba254f84fa6ccfcfae8eec940e47c Mon Sep 17 00:00:00 2001 From: Michael Weiss Date: Sat, 5 Jan 2019 22:40:24 +0100 Subject: [PATCH 43/49] pythonPackages.simplejson: Update the metadata The old homepage URL returns a 404 and the project is dual-licensed. --- pkgs/development/python-modules/simplejson/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/python-modules/simplejson/default.nix b/pkgs/development/python-modules/simplejson/default.nix index 4adf7083a0b6..cc60e81a59ee 100644 --- a/pkgs/development/python-modules/simplejson/default.nix +++ b/pkgs/development/python-modules/simplejson/default.nix @@ -33,7 +33,7 @@ buildPythonPackage rec { default, encoding is done in an encoding neutral fashion (plain ASCII with \uXXXX escapes for unicode characters). ''; - homepage = http://code.google.com/p/simplejson/; - license = lib.licenses.mit; + homepage = https://github.com/simplejson/simplejson; + license = with lib.licenses; [ mit afl21 ]; }; } From 46dd27e02594bf868922f16d5aba8cbb661382b9 Mon Sep 17 00:00:00 2001 From: Michael Weiss Date: Sat, 5 Jan 2019 22:42:48 +0100 Subject: [PATCH 44/49] pythonPackages.gcutil: Deprecate the package The package doesn't exist anymore (even the deprecation notice is gone [0]) and the build is currently broken: Collecting google-apputils==0.4.1 (from gcutil==1.16.1) Could not find a version that satisfies the requirement google-apputils==0.4.1 (from gcutil==1.16.1) (from versions: ) No matching distribution found for google-apputils==0.4.1 (from gcutil==1.16.1) [0]: https://download.huihoo.com/google/gdgdevkit/DVD1/developers.google.com/compute/docs/gcutil.1.html > "Warning: gcutil is deprecated. We encourage you to transition to > using gcloud compute ." --- .../python-modules/gcutil/default.nix | 41 ------------------- pkgs/top-level/python-packages.nix | 6 ++- 2 files changed, 5 insertions(+), 42 deletions(-) delete mode 100644 pkgs/development/python-modules/gcutil/default.nix diff --git a/pkgs/development/python-modules/gcutil/default.nix b/pkgs/development/python-modules/gcutil/default.nix deleted file mode 100644 index 85c0fbb4d609..000000000000 --- a/pkgs/development/python-modules/gcutil/default.nix +++ /dev/null @@ -1,41 +0,0 @@ -{ stdenv -, buildPythonPackage -, fetchurl -, gflags -, iso8601 -, ipaddr -, httplib2 -, google_apputils -, google_api_python_client -, isPy3k -}: - -buildPythonPackage rec { - name = "gcutil-1.16.1"; - disabled = isPy3k; - - src = fetchurl { - url = https://dl.google.com/dl/cloudsdk/release/artifacts/gcutil-1.16.1.tar.gz; - sha256 = "00jaf7x1ji9y46fbkww2sg6r6almrqfsprydz3q2swr4jrnrsx9x"; - }; - - propagatedBuildInputs = [ gflags iso8601 ipaddr httplib2 google_apputils google_api_python_client ]; - - prePatch = '' - sed -i -e "s|google-apputils==0.4.0|google-apputils==0.4.1|g" setup.py - substituteInPlace setup.py \ - --replace "httplib2==0.8" "httplib2" \ - --replace "iso8601==0.1.4" "iso8601" \ - --replace "ipaddr==2.1.10" "ipaddr" \ - --replace "google-api-python-client==1.2" "google-api-python-client" \ - --replace "python-gflags==2.0" "python-gflags" - ''; - - meta = with stdenv.lib; { - description = "Command-line tool for interacting with Google Compute Engine"; - homepage = "https://cloud.google.com/compute/docs/gcutil/"; - license = licenses.asl20; - maintainers = with maintainers; [ phreedom ]; - }; - -} diff --git a/pkgs/top-level/python-packages.nix b/pkgs/top-level/python-packages.nix index 665c0a59f7cd..697ebc3b5084 100644 --- a/pkgs/top-level/python-packages.nix +++ b/pkgs/top-level/python-packages.nix @@ -1732,7 +1732,11 @@ in { gateone = callPackage ../development/python-modules/gateone { }; - gcutil = callPackage ../development/python-modules/gcutil { }; + # TODO: Remove after 19.03 is branched off: + gcutil = throw '' + pythonPackages.gcutil is deprecated and can be replaced with "gcloud + compute" from the package google-cloud-sdk. + ''; GeoIP = callPackage ../development/python-modules/GeoIP { }; From 779e916c3b8907ae6e0353c92c18b8c78ce880a4 Mon Sep 17 00:00:00 2001 From: Francesco Gazzetta Date: Fri, 21 Dec 2018 18:25:04 +0100 Subject: [PATCH 45/49] pythonPackages.easywatch: init at 0.0.5 --- .../python-modules/easywatch/default.nix | 28 +++++++++++++++++++ pkgs/top-level/python-packages.nix | 2 ++ 2 files changed, 30 insertions(+) create mode 100644 pkgs/development/python-modules/easywatch/default.nix diff --git a/pkgs/development/python-modules/easywatch/default.nix b/pkgs/development/python-modules/easywatch/default.nix new file mode 100644 index 000000000000..96301996fe8d --- /dev/null +++ b/pkgs/development/python-modules/easywatch/default.nix @@ -0,0 +1,28 @@ +{ lib +, fetchPypi +, buildPythonPackage +, watchdog +}: + +buildPythonPackage rec { + pname = "easywatch"; + version = "0.0.5"; + + src = fetchPypi { + inherit pname version; + sha256 = "1b40cjigv7s9qj8hxxy6yhwv0320z7qywrigwgkasgh80q0xgphc"; + }; + + propagatedBuildInputs = [ watchdog ]; + + # There are no tests + doCheck = false; + + meta = with lib; { + description = "Dead-simple way to watch a directory"; + homepage = https://github.com/Ceasar/easywatch; + license = licenses.mit; + maintainers = with maintainers; [ fgaz ]; + }; +} + diff --git a/pkgs/top-level/python-packages.nix b/pkgs/top-level/python-packages.nix index 697ebc3b5084..716f0a85d2f1 100644 --- a/pkgs/top-level/python-packages.nix +++ b/pkgs/top-level/python-packages.nix @@ -2299,6 +2299,8 @@ in { dtopt = callPackage ../development/python-modules/dtopt { }; + easywatch = callPackage ../development/python-modules/easywatch { }; + ecdsa = callPackage ../development/python-modules/ecdsa { }; effect = callPackage ../development/python-modules/effect {}; From e7551acb7b70862561d7c3a6d9ad6408fc0cbfe7 Mon Sep 17 00:00:00 2001 From: Francesco Gazzetta Date: Fri, 21 Dec 2018 18:25:29 +0100 Subject: [PATCH 46/49] pythonPackages.staticjinja: init at 0.3.4 --- .../python-modules/staticjinja/default.nix | 30 +++++++++++++++++++ pkgs/top-level/python-packages.nix | 2 ++ 2 files changed, 32 insertions(+) create mode 100644 pkgs/development/python-modules/staticjinja/default.nix diff --git a/pkgs/development/python-modules/staticjinja/default.nix b/pkgs/development/python-modules/staticjinja/default.nix new file mode 100644 index 000000000000..a5b3b4fe8d49 --- /dev/null +++ b/pkgs/development/python-modules/staticjinja/default.nix @@ -0,0 +1,30 @@ +{ lib +, fetchPypi +, buildPythonPackage +, docopt +, easywatch +, jinja2 +}: + +buildPythonPackage rec { + pname = "staticjinja"; + version = "0.3.4"; + + src = fetchPypi { + inherit pname version; + sha256 = "1mxv7yy35657mfxx9xhbzihh10m5lb29fmscfh9q455zd4ikr032"; + }; + + propagatedBuildInputs = [ jinja2 docopt easywatch ]; + + # There are no tests on pypi + doCheck = false; + + meta = with lib; { + description = "A library and cli tool that makes it easy to build static sites using Jinja2"; + homepage = https://staticjinja.readthedocs.io/en/latest/; + license = licenses.mit; + maintainers = with maintainers; [ fgaz ]; + }; +} + diff --git a/pkgs/top-level/python-packages.nix b/pkgs/top-level/python-packages.nix index 716f0a85d2f1..d9295c58a22c 100644 --- a/pkgs/top-level/python-packages.nix +++ b/pkgs/top-level/python-packages.nix @@ -4006,6 +4006,8 @@ in { sqlalchemy_migrate = callPackage ../development/python-modules/sqlalchemy-migrate { }; + staticjinja = callPackage ../development/python-modules/staticjinja { }; + statsmodels = callPackage ../development/python-modules/statsmodels { }; structlog = callPackage ../development/python-modules/structlog { }; From 90c68f650d1c7d187c30505b820af2796af75f67 Mon Sep 17 00:00:00 2001 From: Lorenzo Manacorda Date: Sun, 6 Jan 2019 00:09:10 +0100 Subject: [PATCH 47/49] anki: 2.1.7 -> 2.1.8 --- pkgs/games/anki/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/games/anki/default.nix b/pkgs/games/anki/default.nix index b662b5b8e3bd..6dd4473a3e7f 100644 --- a/pkgs/games/anki/default.nix +++ b/pkgs/games/anki/default.nix @@ -26,7 +26,7 @@ }: buildPythonApplication rec { - version = "2.1.7"; + version = "2.1.8"; name = "anki-${version}"; src = fetchurl { @@ -36,7 +36,7 @@ buildPythonApplication rec { # "http://ankisrs.net/download/mirror/${name}.tgz" # "http://ankisrs.net/download/mirror/archive/${name}.tgz" ]; - sha256 = "0cvlimfxb7kficlf20hg7a345pahvr093b7yqvssww15h4y4va9d"; + sha256 = "08wb9hwpmbq7636h7sinim33qygdwwlh3frqqh2gfgm49f46di2p"; }; propagatedBuildInputs = [ pyqt5 sqlalchemy From d2cfddd3b593922c97650455a67a75454cf2382e Mon Sep 17 00:00:00 2001 From: Dmitry Kalinkin Date: Sat, 5 Jan 2019 18:51:25 -0500 Subject: [PATCH 48/49] anki: fix build on darwin Runtime doesn't work: ModuleNotFoundError: No module named 'PyQt5.QtWebEngineWidgets' This is probably because qtwebengine is broken on darwin, but doesn't fail the build (#40149) --- pkgs/games/anki/default.nix | 11 ++++++++--- pkgs/top-level/all-packages.nix | 4 +++- 2 files changed, 11 insertions(+), 4 deletions(-) diff --git a/pkgs/games/anki/default.nix b/pkgs/games/anki/default.nix index 6dd4473a3e7f..ad202c6ad8cc 100644 --- a/pkgs/games/anki/default.nix +++ b/pkgs/games/anki/default.nix @@ -20,6 +20,7 @@ , glibcLocales , nose , send2trash +, CoreAudio # This little flag adds a huge number of dependencies, but we assume that # everyone wants Anki to draw plots with statistics by default. , plotsSupport ? true @@ -39,9 +40,13 @@ buildPythonApplication rec { sha256 = "08wb9hwpmbq7636h7sinim33qygdwwlh3frqqh2gfgm49f46di2p"; }; - propagatedBuildInputs = [ pyqt5 sqlalchemy - beautifulsoup4 send2trash pyaudio requests decorator markdown ] - ++ lib.optional plotsSupport matplotlib; + propagatedBuildInputs = [ + pyqt5 sqlalchemy beautifulsoup4 send2trash pyaudio requests decorator + markdown + ] + ++ lib.optional plotsSupport matplotlib + ++ lib.optional stdenv.isDarwin [ CoreAudio ] + ; checkInputs = [ pytest glibcLocales nose ]; diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 47e87091d972..dc7f61d4005f 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -20430,7 +20430,9 @@ in angband = callPackage ../games/angband { }; - anki = python3Packages.callPackage ../games/anki { }; + anki = python3Packages.callPackage ../games/anki { + inherit (darwin.apple_sdk.frameworks) CoreAudio; + }; armagetronad = callPackage ../games/armagetronad { }; From 7d864c6bd6391baa516118051ec5fb7e9836280e Mon Sep 17 00:00:00 2001 From: Orivej Desh Date: Sun, 6 Jan 2019 02:46:58 +0000 Subject: [PATCH 49/49] clickhouse: build with llvmPackages_latest This will simplify updates since the upstream tracks the latest llvm. --- pkgs/top-level/all-packages.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index dc7f61d4005f..2ffb41b2ffc5 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -13474,7 +13474,7 @@ in clamsmtp = callPackage ../servers/mail/clamsmtp { }; clickhouse = callPackage ../servers/clickhouse { - inherit (llvmPackages_6) clang-unwrapped lld llvm; + inherit (llvmPackages_latest) clang-unwrapped lld llvm; }; couchdb = callPackage ../servers/http/couchdb {