Merge master into staging-next
This commit is contained in:
commit
5dd750a09a
.github/workflows
basic-eval.ymlcheck-by-name.ymlcheck-cherry-picks.ymlcheck-maintainers-sorted.yamlcheck-nix-format.ymlcheck-nixf-tidy.ymlcheck-shell.ymleditorconfig.ymllabels.ymlmanual-nixos.ymlmanual-nixpkgs.ymlnix-parse.ymlofborg-pending.yml
maintainers
nixos
pkgs
applications
audio/lsp-plugins
editors/android-studio
networking
qubes/qubes-core-vchan-xen
science/logic/bitwuzla
virtualization/xen
by-name
ar/art
ay/ayatana-indicator-messages
bn/bngblaster
cp/cppitertools
di/digikam
ei/eiwd
fo
gf/gfal2
in/influxdb-cxx
li/libdict
ne/neovim-unwrapped
pa
se
wa/wakatime-cli
desktops
lomiri
applications
lomiri-system-settings
lomiri
morph-browser
development
qml/lomiri-settings-components
services
biometryd
lomiri-indicator-network
lomiri-thumbnailer
mediascanner2
pantheon/artwork/elementary-gtk-theme
development/compilers
1
.github/workflows/basic-eval.yml
vendored
1
.github/workflows/basic-eval.yml
vendored
@ -15,6 +15,7 @@ permissions:
|
||||
|
||||
jobs:
|
||||
tests:
|
||||
name: basic-eval-checks
|
||||
runs-on: ubuntu-latest
|
||||
# we don't limit this action to only NixOS repo since the checks are cheap and useful developer feedback
|
||||
steps:
|
||||
|
1
.github/workflows/check-by-name.yml
vendored
1
.github/workflows/check-by-name.yml
vendored
@ -27,6 +27,7 @@ permissions: {}
|
||||
|
||||
jobs:
|
||||
check:
|
||||
name: pkgs-by-name-check
|
||||
# This needs to be x86_64-linux, because we depend on the tooling being pre-built in the GitHub releases
|
||||
runs-on: ubuntu-latest
|
||||
# This should take 1 minute at most, but let's be generous.
|
||||
|
1
.github/workflows/check-cherry-picks.yml
vendored
1
.github/workflows/check-cherry-picks.yml
vendored
@ -10,6 +10,7 @@ permissions: {}
|
||||
|
||||
jobs:
|
||||
check:
|
||||
name: cherry-pick-check
|
||||
runs-on: ubuntu-latest
|
||||
if: github.repository_owner == 'NixOS'
|
||||
steps:
|
||||
|
@ -9,6 +9,7 @@ permissions:
|
||||
|
||||
jobs:
|
||||
nixos:
|
||||
name: maintainer-list-check
|
||||
runs-on: ubuntu-latest
|
||||
if: github.repository_owner == 'NixOS'
|
||||
steps:
|
||||
|
1
.github/workflows/check-nix-format.yml
vendored
1
.github/workflows/check-nix-format.yml
vendored
@ -14,6 +14,7 @@ permissions:
|
||||
|
||||
jobs:
|
||||
nixos:
|
||||
name: nixfmt-check
|
||||
runs-on: ubuntu-latest
|
||||
if: "!contains(github.event.pull_request.title, '[skip treewide]')"
|
||||
steps:
|
||||
|
1
.github/workflows/check-nixf-tidy.yml
vendored
1
.github/workflows/check-nixf-tidy.yml
vendored
@ -8,6 +8,7 @@ permissions:
|
||||
|
||||
jobs:
|
||||
nixos:
|
||||
name: exp-nixf-tidy-check
|
||||
runs-on: ubuntu-latest
|
||||
if: "!contains(github.event.pull_request.title, '[skip treewide]')"
|
||||
steps:
|
||||
|
2
.github/workflows/check-shell.yml
vendored
2
.github/workflows/check-shell.yml
vendored
@ -7,6 +7,7 @@ permissions: {}
|
||||
|
||||
jobs:
|
||||
x86_64-linux:
|
||||
name: shell-check-x86_64-linux
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
|
||||
@ -18,6 +19,7 @@ jobs:
|
||||
run: nix-build shell.nix
|
||||
|
||||
aarch64-darwin:
|
||||
name: shell-check-aarch64-darwin
|
||||
runs-on: macos-latest
|
||||
steps:
|
||||
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
|
||||
|
1
.github/workflows/editorconfig.yml
vendored
1
.github/workflows/editorconfig.yml
vendored
@ -10,6 +10,7 @@ on:
|
||||
|
||||
jobs:
|
||||
tests:
|
||||
name: editorconfig-check
|
||||
runs-on: ubuntu-latest
|
||||
if: "github.repository_owner == 'NixOS' && !contains(github.event.pull_request.title, '[skip treewide]')"
|
||||
steps:
|
||||
|
1
.github/workflows/labels.yml
vendored
1
.github/workflows/labels.yml
vendored
@ -15,6 +15,7 @@ permissions:
|
||||
|
||||
jobs:
|
||||
labels:
|
||||
name: label-pr
|
||||
runs-on: ubuntu-latest
|
||||
if: "github.repository_owner == 'NixOS' && !contains(github.event.pull_request.title, '[skip treewide]')"
|
||||
steps:
|
||||
|
1
.github/workflows/manual-nixos.yml
vendored
1
.github/workflows/manual-nixos.yml
vendored
@ -11,6 +11,7 @@ on:
|
||||
|
||||
jobs:
|
||||
nixos:
|
||||
name: nixos-manual-build
|
||||
runs-on: ubuntu-latest
|
||||
if: github.repository_owner == 'NixOS'
|
||||
steps:
|
||||
|
1
.github/workflows/manual-nixpkgs.yml
vendored
1
.github/workflows/manual-nixpkgs.yml
vendored
@ -13,6 +13,7 @@ on:
|
||||
|
||||
jobs:
|
||||
nixpkgs:
|
||||
name: nixpkgs-manual-build
|
||||
runs-on: ubuntu-latest
|
||||
if: github.repository_owner == 'NixOS'
|
||||
steps:
|
||||
|
1
.github/workflows/nix-parse.yml
vendored
1
.github/workflows/nix-parse.yml
vendored
@ -10,6 +10,7 @@ on:
|
||||
|
||||
jobs:
|
||||
tests:
|
||||
name: nix-files-parseable-check
|
||||
runs-on: ubuntu-latest
|
||||
if: "github.repository_owner == 'NixOS' && !contains(github.event.pull_request.title, '[skip treewide]')"
|
||||
steps:
|
||||
|
1
.github/workflows/ofborg-pending.yml
vendored
1
.github/workflows/ofborg-pending.yml
vendored
@ -16,6 +16,7 @@ permissions:
|
||||
|
||||
jobs:
|
||||
action:
|
||||
name: set-ofborg-pending
|
||||
if: github.repository_owner == 'NixOS'
|
||||
permissions:
|
||||
statuses: write
|
||||
|
@ -8435,6 +8435,12 @@
|
||||
githubId = 19296926;
|
||||
keys = [ { fingerprint = "DF12 23B1 A9FD C5BE 3DA5 B6F7 904A F1C7 CDF6 95C3"; } ];
|
||||
};
|
||||
hxtmdev = {
|
||||
email = "daniel@hxtm.dev";
|
||||
name = "Daniel Höxtermann";
|
||||
github = "hxtmdev";
|
||||
githubId = 7771007;
|
||||
};
|
||||
hypersw = {
|
||||
email = "baltic@hypersw.net";
|
||||
github = "hypersw";
|
||||
|
@ -16,6 +16,7 @@ let
|
||||
set -g default-terminal "${cfg.terminal}"
|
||||
set -g base-index ${toString cfg.baseIndex}
|
||||
setw -g pane-base-index ${toString cfg.baseIndex}
|
||||
set -g history-limit ${toString cfg.historyLimit}
|
||||
|
||||
${optionalString cfg.newSession "new-session"}
|
||||
|
||||
@ -50,7 +51,6 @@ let
|
||||
setw -g aggressive-resize ${boolToStr cfg.aggressiveResize}
|
||||
setw -g clock-mode-style ${if cfg.clock24 then "24" else "12"}
|
||||
set -s escape-time ${toString cfg.escapeTime}
|
||||
set -g history-limit ${toString cfg.historyLimit}
|
||||
|
||||
${cfg.extraConfigBeforePlugins}
|
||||
|
||||
@ -230,4 +230,6 @@ in {
|
||||
imports = [
|
||||
(lib.mkRenamedOptionModule [ "programs" "tmux" "extraTmuxConf" ] [ "programs" "tmux" "extraConfig" ])
|
||||
];
|
||||
|
||||
meta.maintainers = with lib.maintainers; [ hxtmdev ];
|
||||
}
|
||||
|
@ -66,7 +66,7 @@ in
|
||||
services.forgejo = {
|
||||
enable = mkEnableOption "Forgejo, a software forge";
|
||||
|
||||
package = mkPackageOption pkgs "forgejo" { };
|
||||
package = mkPackageOption pkgs "forgejo-lts" { };
|
||||
|
||||
useWizard = mkOption {
|
||||
default = false;
|
||||
|
@ -14,7 +14,7 @@ in
|
||||
{
|
||||
options.services.deconz = {
|
||||
|
||||
enable = lib.mkEnableOption "deCONZ, a Zigbee gateway for use with ConBee hardware (https://phoscon.de/en/conbee2)";
|
||||
enable = lib.mkEnableOption "deCONZ, a Zigbee gateway for use with ConBee/RaspBee hardware (https://phoscon.de/)";
|
||||
|
||||
package = lib.mkOption {
|
||||
type = lib.types.package;
|
||||
|
@ -342,7 +342,8 @@ in {
|
||||
fluentd = handleTest ./fluentd.nix {};
|
||||
fluidd = handleTest ./fluidd.nix {};
|
||||
fontconfig-default-fonts = handleTest ./fontconfig-default-fonts.nix {};
|
||||
forgejo = handleTest ./forgejo.nix { };
|
||||
forgejo = handleTest ./forgejo.nix { forgejoPackage = pkgs.forgejo; };
|
||||
forgejo-lts = handleTest ./forgejo.nix { forgejoPackage = pkgs.forgejo-lts; };
|
||||
freenet = handleTest ./freenet.nix {};
|
||||
freeswitch = handleTest ./freeswitch.nix {};
|
||||
freetube = discoverTests (import ./freetube.nix);
|
||||
|
@ -1,6 +1,7 @@
|
||||
{ system ? builtins.currentSystem
|
||||
, config ? { }
|
||||
, pkgs ? import ../.. { inherit system config; }
|
||||
, forgejoPackage ? pkgs.forgejo
|
||||
}:
|
||||
|
||||
with import ../lib/testing-python.nix { inherit system pkgs; };
|
||||
@ -53,6 +54,7 @@ let
|
||||
virtualisation.memorySize = 2047;
|
||||
services.forgejo = {
|
||||
enable = true;
|
||||
package = forgejoPackage;
|
||||
database = { inherit type; };
|
||||
settings.service.DISABLE_REGISTRATION = true;
|
||||
settings."repository.signing".SIGNING_KEY = signingPrivateKeyId;
|
||||
@ -145,7 +147,7 @@ let
|
||||
assert "BEGIN PGP PUBLIC KEY BLOCK" in server.succeed("curl http://localhost:3000/api/v1/signing-key.gpg")
|
||||
|
||||
api_version = json.loads(server.succeed("curl http://localhost:3000/api/forgejo/v1/version")).get("version")
|
||||
assert "development" != api_version and "${pkgs.forgejo.version}+gitea-" in api_version, (
|
||||
assert "development" != api_version and "${forgejoPackage.version}+gitea-" in api_version, (
|
||||
"/api/forgejo/v1/version should not return 'development' "
|
||||
+ f"but should contain a forgejo+gitea compatibility version string. Got '{api_version}' instead."
|
||||
)
|
||||
|
@ -8,13 +8,13 @@ stdenv.mkDerivation rec {
|
||||
version = "1.2.16";
|
||||
|
||||
src = fetchurl {
|
||||
url = "https://github.com/sadko4u/${pname}/releases/download/${version}/${pname}-src-${version}.tar.gz";
|
||||
url = "https://github.com/lsp-plugins/lsp-plugins/releases/download/${version}/lsp-plugins-src-${version}.tar.gz";
|
||||
sha256 = "sha256-w2BUIF44z78syLroQk2asVXA5bt9P9POiuwxpnlkc8o=";
|
||||
};
|
||||
|
||||
outputs = [ "out" "dev" "doc" ];
|
||||
|
||||
nativeBuildInputs = [ pkg-config php makeWrapper ];
|
||||
nativeBuildInputs = [ pkg-config (php.withExtensions (_: [])) makeWrapper ];
|
||||
buildInputs = [ jack2 libsndfile libGLU libGL lv2 cairo ladspaH libXrandr ];
|
||||
|
||||
makeFlags = [
|
||||
|
@ -13,12 +13,12 @@ let
|
||||
sha256Hash = "sha256-Qvi/Mc4NEk3dERlfZiowBk2Pmqsgbl5mg56HamvG7aI=";
|
||||
};
|
||||
betaVersion = {
|
||||
version = "2024.1.2.9"; # "Android Studio Koala Feature Drop | 2024.1.2 Beta 1"
|
||||
sha256Hash = "sha256-eTnpU9KrquW4nMRqde9PUmVQ05kf6kFy1yr+Ima9M50=";
|
||||
version = "2024.1.2.10"; # "Android Studio Koala Feature Drop | 2024.1.2 Beta 2"
|
||||
sha256Hash = "sha256-/LrHYyrOPfnSliM5XUOzENjJ+G+M1Ajw31tFAOsbfnQ=";
|
||||
};
|
||||
latestVersion = {
|
||||
version = "2024.1.3.1"; # "Android Studio Ladybug | 2024.1.3 Canary 1"
|
||||
sha256Hash = "sha256-BSrcPdkK4dU5/bV29NGKcCR10XYMJrPvC91fcJs5Vq8=";
|
||||
version = "2024.1.3.3"; # "Android Studio Ladybug | 2024.1.3 Canary 3"
|
||||
sha256Hash = "sha256-Ps3jMtNAdfPitFeXIFKpjSyM4si4tp4MrS3r5VURFh4=";
|
||||
};
|
||||
in {
|
||||
# Attributes are named by their corresponding release channels
|
||||
|
@ -1,11 +1,11 @@
|
||||
{
|
||||
stable = {
|
||||
chromedriver = {
|
||||
hash_darwin = "sha256-c/lMkOdoW/tX57opl/weJGh/iyUeTTF5Xejs7IpA+Qg=";
|
||||
hash_darwin = "sha256-BW83pgPJiKxdQ1K4+8KMDGBqvR+J3i+8AZmKfnYSmWk=";
|
||||
hash_darwin_aarch64 =
|
||||
"sha256-sst73OxUsrs2yWA72qdonARGi/W0FYObNfolidCiXio=";
|
||||
hash_linux = "sha256-p5cQmMdte7TfTPohg+rpIsyyYk1OKSNb0BwaMWmHuCo=";
|
||||
version = "127.0.6533.72";
|
||||
"sha256-ZGZy4VDNRXJBMLtAhRUybssWRXSfEUWVRsF+etfhdzQ=";
|
||||
hash_linux = "sha256-1gM4KqzacJ13X5NmBn2hW6L/a7zN21rSZBk6a0IjCow=";
|
||||
version = "127.0.6533.88";
|
||||
};
|
||||
deps = {
|
||||
gn = {
|
||||
@ -15,8 +15,8 @@
|
||||
version = "2024-06-06";
|
||||
};
|
||||
};
|
||||
hash = "sha256-m99HaGCuIihDdbVnmu6xatnC/QDxgLVby2TWY/L+RHk=";
|
||||
version = "127.0.6533.72";
|
||||
hash = "sha256-nZZ2yrVu+0TloMaM455bmyeoeVnfeGR3EGubAf8snNU=";
|
||||
version = "127.0.6533.88";
|
||||
};
|
||||
ungoogled-chromium = {
|
||||
deps = {
|
||||
@ -27,11 +27,11 @@
|
||||
version = "2024-06-06";
|
||||
};
|
||||
ungoogled-patches = {
|
||||
hash = "sha256-IBdOV+eFJWD+kCxnhSWWjiBgMbP/DxF+gUVIIpWf4rc=";
|
||||
rev = "127.0.6533.72-1";
|
||||
hash = "sha256-4LfYBqFQ/e/ePaOTSFBpELt0ilo/Vohwnwp8FvkfavU=";
|
||||
rev = "127.0.6533.88-1";
|
||||
};
|
||||
};
|
||||
hash = "sha256-m99HaGCuIihDdbVnmu6xatnC/QDxgLVby2TWY/L+RHk=";
|
||||
version = "127.0.6533.72";
|
||||
hash = "sha256-nZZ2yrVu+0TloMaM455bmyeoeVnfeGR3EGubAf8snNU=";
|
||||
version = "127.0.6533.88";
|
||||
};
|
||||
}
|
||||
|
@ -2,16 +2,16 @@
|
||||
|
||||
buildGoModule rec {
|
||||
pname = "helm-unittest";
|
||||
version = "0.5.1";
|
||||
version = "0.5.2";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = pname;
|
||||
repo = pname;
|
||||
rev = "v${version}";
|
||||
hash = "sha256-YWzjv1/I+LX3AMeQenI36AsNJkZ6IzbMhM/f5/Kxs2M=";
|
||||
hash = "sha256-xA0dA8q7ZDQk35VjyIsJFbm3OlagnIbJ/iz5z2KsxjU=";
|
||||
};
|
||||
|
||||
vendorHash = "sha256-A2izHBh58yPd2XPm4GKVosPtahUtQ35GbyBdr/L13CQ=";
|
||||
vendorHash = "sha256-hSnTjEvi1Lexp7wAogqeoXWDCg/bvblw0bt1/lX9iR0=";
|
||||
|
||||
# NOTE: Remove the install and upgrade hooks.
|
||||
postPatch = ''
|
||||
|
@ -8,16 +8,16 @@
|
||||
|
||||
buildGoModule rec {
|
||||
pname = "helmfile";
|
||||
version = "0.166.0";
|
||||
version = "0.167.0";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "helmfile";
|
||||
repo = "helmfile";
|
||||
rev = "v${version}";
|
||||
hash = "sha256-TZskvZyNihklCJB0yMFXk1bLEuhetQvJ+6uLnYiLBs0=";
|
||||
hash = "sha256-a3HkpnO54NtaYhQsCXye2aWKhMq8mRj1nnevwK/4RZs=";
|
||||
};
|
||||
|
||||
vendorHash = "sha256-Ny7r9G3Y5SuigIKkXra5Xn08QIlhzFASXGMMc+g1S/E=";
|
||||
vendorHash = "sha256-2d0B/qq0uERCFgTJDxvhc2FWQ/ffODbD1Z6aFWHX0Ew=";
|
||||
|
||||
proxyVendor = true; # darwin/linux hash mismatch
|
||||
|
||||
|
@ -28,8 +28,9 @@ stdenv.mkDerivation rec {
|
||||
description = "Libraries required for the higher-level Qubes daemons and tools";
|
||||
homepage = "https://qubes-os.org";
|
||||
license = licenses.gpl2Plus;
|
||||
maintainers = with maintainers; [ _0x4A6F ];
|
||||
maintainers = [ ];
|
||||
platforms = platforms.linux;
|
||||
broken = true;
|
||||
};
|
||||
|
||||
}
|
||||
|
@ -43,7 +43,7 @@ stdenv.mkDerivation (finalAttrs: {
|
||||
# but setting it to shared works even in pkgsStatic
|
||||
"-Ddefault_library=shared"
|
||||
|
||||
(lib.strings.mesonEnable "testing" finalAttrs.doCheck)
|
||||
(lib.strings.mesonEnable "testing" finalAttrs.finalPackage.doCheck)
|
||||
];
|
||||
|
||||
nativeCheckInputs = [ python3 ];
|
||||
|
@ -1,16 +0,0 @@
|
||||
tools/python/install-wrap script brakes shebangs patching, disable
|
||||
|
||||
diff --git a/tools/Rules.mk b/tools/Rules.mk
|
||||
index 444e5bacdd..c99ea959ff 100644
|
||||
--- a/tools/Rules.mk
|
||||
+++ b/tools/Rules.mk
|
||||
@@ -135,8 +135,7 @@ CFLAGS += $(CFLAGS-y)
|
||||
|
||||
CFLAGS += $(EXTRA_CFLAGS_XEN_TOOLS)
|
||||
|
||||
-INSTALL_PYTHON_PROG = \
|
||||
- $(XEN_ROOT)/tools/python/install-wrap "$(PYTHON_PATH)" $(INSTALL_PROG)
|
||||
+INSTALL_PYTHON_PROG = $(INSTALL_PROG)
|
||||
|
||||
%.opic: %.c
|
||||
$(CC) $(CPPFLAGS) -DPIC $(CFLAGS) $(CFLAGS_$*.opic) -fPIC -c -o $@ $< $(APPEND_CFLAGS)
|
@ -1,19 +0,0 @@
|
||||
diff -uNr a/src/Kconfig b/src/Kconfig
|
||||
--- a/src/Kconfig 2015-08-31 10:15:13.231134858 +0200
|
||||
+++ b/src/Kconfig 2015-08-31 10:14:24.039180178 +0200
|
||||
@@ -144,13 +144,13 @@
|
||||
config ATA_DMA
|
||||
depends on ATA
|
||||
bool "ATA DMA"
|
||||
- default n
|
||||
+ default y
|
||||
help
|
||||
Detect and try to use ATA bus mastering DMA controllers.
|
||||
config ATA_PIO32
|
||||
depends on ATA
|
||||
bool "ATA 32bit PIO"
|
||||
- default n
|
||||
+ default y
|
||||
help
|
||||
Use 32bit PIO accesses on ATA (minor optimization on PCI transfers).
|
||||
config AHCI
|
@ -1,42 +0,0 @@
|
||||
diff --git a/xen/arch/x86/Makefile b/xen/arch/x86/Makefile
|
||||
index b6567c4127..83defeee95 100644
|
||||
--- a/xen/arch/x86/Makefile
|
||||
+++ b/xen/arch/x86/Makefile
|
||||
@@ -124,11 +124,11 @@ ifneq ($(efi-y),)
|
||||
export XEN_BUILD_EFI := $(shell $(CC) $(XEN_CFLAGS) -c efi/check.c -o efi/check.o 2>/dev/null && echo y)
|
||||
# Check if the linker supports PE.
|
||||
EFI_LDFLAGS = $(patsubst -m%,-mi386pep,$(XEN_LDFLAGS)) --subsystem=10 --strip-debug
|
||||
-XEN_BUILD_PE := $(if $(XEN_BUILD_EFI),$(shell $(LD) $(EFI_LDFLAGS) -o efi/check.efi efi/check.o 2>/dev/null && echo y))
|
||||
+XEN_BUILD_PE := $(if $(XEN_BUILD_EFI),$(shell $(EFI_LD) $(EFI_LDFLAGS) -o efi/check.efi efi/check.o 2>/dev/null && echo y))
|
||||
CFLAGS-$(XEN_BUILD_EFI) += -DXEN_BUILD_EFI
|
||||
# Check if the linker produces fixups in PE by default (we need to disable it doing so for now).
|
||||
XEN_NO_PE_FIXUPS := $(if $(XEN_BUILD_EFI), \
|
||||
- $(shell $(LD) $(EFI_LDFLAGS) --disable-reloc-section -o efi/check.efi efi/check.o 2>/dev/null && \
|
||||
+ $(shell $(EFI_LD) $(EFI_LDFLAGS) --disable-reloc-section -o efi/check.efi efi/check.o 2>/dev/null && \
|
||||
echo --disable-reloc-section))
|
||||
endif
|
||||
|
||||
@@ -217,20 +217,20 @@ note_file_option ?= $(note_file)
|
||||
ifeq ($(XEN_BUILD_PE),y)
|
||||
$(TARGET).efi: prelink-efi.o $(note_file) efi.lds efi/relocs-dummy.o efi/mkreloc
|
||||
$(foreach base, $(VIRT_BASE) $(ALT_BASE), \
|
||||
- $(LD) $(call EFI_LDFLAGS,$(base)) -T efi.lds -N $< efi/relocs-dummy.o \
|
||||
+ $(EFI_LD) $(call EFI_LDFLAGS,$(base)) -T efi.lds -N $< efi/relocs-dummy.o \
|
||||
$(BASEDIR)/common/symbols-dummy.o $(note_file_option) -o $(@D)/.$(@F).$(base).0 &&) :
|
||||
efi/mkreloc $(foreach base,$(VIRT_BASE) $(ALT_BASE),$(@D)/.$(@F).$(base).0) >$(@D)/.$(@F).0r.S
|
||||
$(NM) -pa --format=sysv $(@D)/.$(@F).$(VIRT_BASE).0 \
|
||||
| $(BASEDIR)/tools/symbols $(all_symbols) --sysv --sort >$(@D)/.$(@F).0s.S
|
||||
$(MAKE) -f $(BASEDIR)/Rules.mk $(@D)/.$(@F).0r.o $(@D)/.$(@F).0s.o
|
||||
$(foreach base, $(VIRT_BASE) $(ALT_BASE), \
|
||||
- $(LD) $(call EFI_LDFLAGS,$(base)) -T efi.lds -N $< \
|
||||
+ $(EFI_LD) $(call EFI_LDFLAGS,$(base)) -T efi.lds -N $< \
|
||||
$(@D)/.$(@F).0r.o $(@D)/.$(@F).0s.o $(note_file_option) -o $(@D)/.$(@F).$(base).1 &&) :
|
||||
efi/mkreloc $(foreach base,$(VIRT_BASE) $(ALT_BASE),$(@D)/.$(@F).$(base).1) >$(@D)/.$(@F).1r.S
|
||||
$(NM) -pa --format=sysv $(@D)/.$(@F).$(VIRT_BASE).1 \
|
||||
| $(BASEDIR)/tools/symbols $(all_symbols) --sysv --sort >$(@D)/.$(@F).1s.S
|
||||
$(MAKE) -f $(BASEDIR)/Rules.mk $(@D)/.$(@F).1r.o $(@D)/.$(@F).1s.o
|
||||
- $(LD) $(call EFI_LDFLAGS,$(VIRT_BASE)) -T efi.lds -N $< \
|
||||
+ $(EFI_LD) $(call EFI_LDFLAGS,$(VIRT_BASE)) -T efi.lds -N $< \
|
||||
$(@D)/.$(@F).1r.o $(@D)/.$(@F).1s.o $(note_file_option) -o $@
|
||||
$(NM) -pa --format=sysv $(@D)/$(@F) \
|
||||
| $(BASEDIR)/tools/symbols --all-symbols --xensyms --sysv --sort >$(@D)/$(@F).map
|
@ -1,37 +0,0 @@
|
||||
EFI_MOUNTPOINT is conventionally /boot/efi or /boot/EFI or something
|
||||
like that, and (on my machine) has directories within that called
|
||||
{Boot, nixos, gummiboot}.
|
||||
|
||||
This patch does two things:
|
||||
|
||||
1) Xen apparently wants to put files in
|
||||
$(EFI_MOUNTPOINT)/efi/$(EFI_VENDOR) - we remove the duplicate 'efi' name
|
||||
because I can't see why we have it
|
||||
|
||||
2) Ensures the said directory exists
|
||||
|
||||
|
||||
diff --git a/xen/Makefile b/xen/Makefile
|
||||
index acb2d28891..d0763fbbe7 100644
|
||||
--- a/xen/Makefile
|
||||
+++ b/xen/Makefile
|
||||
@@ -289,7 +289,9 @@ _install: $(TARGET)$(CONFIG_XEN_INSTALL_SUFFIX)
|
||||
ln -sf $(T)-$(XEN_FULLVERSION).efi $(D)$(EFI_DIR)/$(T)-$(XEN_VERSION).efi; \
|
||||
ln -sf $(T)-$(XEN_FULLVERSION).efi $(D)$(EFI_DIR)/$(T).efi; \
|
||||
if [ -n '$(EFI_MOUNTPOINT)' -a -n '$(EFI_VENDOR)' ]; then \
|
||||
- $(INSTALL_DATA) $(TARGET).efi $(D)$(EFI_MOUNTPOINT)/efi/$(EFI_VENDOR)/$(T)-$(XEN_FULLVERSION).efi; \
|
||||
+ [ -d $(D)$(EFI_MOUNTPOINT)/$(EFI_VENDOR) ] || \
|
||||
+ $(INSTALL_DIR) $(D)$(EFI_MOUNTPOINT)/$(EFI_VENDOR) ;\
|
||||
+ $(INSTALL_DATA) $(TARGET).efi $(D)$(EFI_MOUNTPOINT)/$(EFI_VENDOR)/$(T)-$(XEN_FULLVERSION).efi; \
|
||||
elif [ "$(D)" = "$(patsubst $(shell cd $(XEN_ROOT) && pwd)/%,%,$(D))" ]; then \
|
||||
echo 'EFI installation only partially done (EFI_VENDOR not set)' >&2; \
|
||||
fi; \
|
||||
@@ -319,7 +321,7 @@ _uninstall:
|
||||
rm -f $(D)$(DEBUG_DIR)/$(T)-$(XEN_FULLVERSION).efi.map
|
||||
rm -f $(D)$(EFI_DIR)/$(T)-$(XEN_VERSION).efi
|
||||
rm -f $(D)$(EFI_DIR)/$(T).efi
|
||||
- rm -f $(D)$(EFI_MOUNTPOINT)/efi/$(EFI_VENDOR)/$(T)-$(XEN_FULLVERSION).efi
|
||||
+ rm -f $(D)$(EFI_MOUNTPOINT)/$(EFI_VENDOR)/$(T)-$(XEN_FULLVERSION).efi
|
||||
|
||||
.PHONY: _debug
|
||||
_debug:
|
@ -1,183 +0,0 @@
|
||||
{ lib, callPackage, fetchurl, fetchpatch, fetchgit
|
||||
, ocaml-ng
|
||||
, withInternalQemu ? true
|
||||
, withInternalTraditionalQemu ? true
|
||||
, withInternalSeabios ? true
|
||||
, withSeabios ? !withInternalSeabios, seabios
|
||||
, withInternalOVMF ? false # FIXME: tricky to build
|
||||
, withOVMF ? false, OVMF
|
||||
, withLibHVM ? false
|
||||
|
||||
# xen
|
||||
, python3Packages
|
||||
|
||||
# qemu
|
||||
, udev, pciutils, xorg, SDL, pixman, acl, glusterfs, spice-protocol, usbredir
|
||||
, alsa-lib, glib, python3
|
||||
, ... } @ args:
|
||||
|
||||
assert withInternalSeabios -> !withSeabios;
|
||||
assert withInternalOVMF -> !withOVMF;
|
||||
assert !withLibHVM;
|
||||
|
||||
with lib;
|
||||
|
||||
# Patching XEN? Check the XSAs at
|
||||
# https://xenbits.xen.org/xsa/
|
||||
# and try applying all the ones we don't have yet.
|
||||
|
||||
let
|
||||
xsa = import ./xsa-patches.nix { inherit fetchpatch; };
|
||||
|
||||
qemuMemfdBuildFix = fetchpatch {
|
||||
name = "xen-4.8-memfd-build-fix.patch";
|
||||
url = "https://github.com/qemu/qemu/commit/75e5b70e6b5dcc4f2219992d7cffa462aa406af0.patch";
|
||||
sha256 = "0gaz93kb33qc0jx6iphvny0yrd17i8zhcl3a9ky5ylc2idz0wiwa";
|
||||
};
|
||||
|
||||
qemuDeps = [
|
||||
udev pciutils xorg.libX11 SDL pixman acl glusterfs spice-protocol usbredir
|
||||
alsa-lib glib python3
|
||||
];
|
||||
in
|
||||
|
||||
callPackage (import ./generic.nix (rec {
|
||||
version = "4.15.1";
|
||||
|
||||
src = fetchurl {
|
||||
url = "https://downloads.xenproject.org/release/xen/${version}/xen-${version}.tar.gz";
|
||||
sha256 = "1rmc7gb72xwhr3h9rc3bkac41s8kjjzz45miwdq6yalyq7j7vss5";
|
||||
};
|
||||
|
||||
# Sources needed to build tools and firmwares.
|
||||
xenfiles = optionalAttrs withInternalQemu {
|
||||
qemu-xen = {
|
||||
src = fetchgit {
|
||||
url = "https://xenbits.xen.org/git-http/qemu-xen.git";
|
||||
# rev = "refs/tags/qemu-xen-${version}";
|
||||
# use revision hash - reproducible but must be updated with each new version
|
||||
rev = "e2af2d050338c99e8436e251ad67aafb3ebbd501";
|
||||
sha256 = "sha256-gVykPtzAA7tmpe6iVvnulaW+b0jD3gwL1JXC5yeIA7M=";
|
||||
};
|
||||
buildInputs = qemuDeps;
|
||||
postPatch = ''
|
||||
# needed in build but /usr/bin/env is not available in sandbox
|
||||
substituteInPlace scripts/tracetool.py \
|
||||
--replace "/usr/bin/env python" "${python3}/bin/python"
|
||||
'';
|
||||
meta.description = "Xen's fork of upstream Qemu";
|
||||
};
|
||||
} // optionalAttrs withInternalTraditionalQemu {
|
||||
# TODO 4.15: something happened with traditional in this release?
|
||||
qemu-xen-traditional = {
|
||||
src = fetchgit {
|
||||
url = "https://xenbits.xen.org/git-http/qemu-xen-traditional.git";
|
||||
# rev = "refs/tags/xen-${version}";
|
||||
# use revision hash - reproducible but must be updated with each new version
|
||||
rev = "3d273dd05e51e5a1ffba3d98c7437ee84e8f8764";
|
||||
sha256 = "1dc6dhjp4y2irmi9yiyw1kzmm1habyy8j1s2zkf6qyak850krqj7";
|
||||
};
|
||||
buildInputs = qemuDeps;
|
||||
patches = [
|
||||
];
|
||||
postPatch = ''
|
||||
substituteInPlace xen-hooks.mak \
|
||||
--replace /usr/include/pci ${pciutils}/include/pci
|
||||
'';
|
||||
meta.description = "Xen's fork of upstream Qemu that uses old device model";
|
||||
};
|
||||
} // optionalAttrs withInternalSeabios {
|
||||
"firmware/seabios-dir-remote" = {
|
||||
src = fetchgit {
|
||||
url = "https://xenbits.xen.org/git-http/seabios.git";
|
||||
rev = "155821a1990b6de78dde5f98fa5ab90e802021e0";
|
||||
sha256 = "sha256-F3lzr00CMAObJtpz0eZFT/rwjFx+bvlI37/JtHXP5Eo=";
|
||||
};
|
||||
patches = [ ./0000-qemu-seabios-enable-ATA_DMA.patch ];
|
||||
meta.description = "Xen's fork of Seabios";
|
||||
};
|
||||
} // optionalAttrs withInternalOVMF {
|
||||
"firmware/ovmf-dir-remote" = {
|
||||
src = fetchgit {
|
||||
url = "https://xenbits.xen.org/git-http/ovmf.git";
|
||||
rev = "a3741780fe3535e19e02efa869a7cac481891129";
|
||||
sha256 = "0000000000000000000000000000000000000000000000000000";
|
||||
};
|
||||
meta.description = "Xen's fork of OVMF";
|
||||
};
|
||||
} // {
|
||||
# TODO: patch Xen to make this optional?
|
||||
"firmware/etherboot/ipxe.git" = {
|
||||
src = fetchgit {
|
||||
url = "https://git.ipxe.org/ipxe.git";
|
||||
rev = "988d2c13cdf0f0b4140685af35ced70ac5b3283c";
|
||||
sha256 = "1pkf1n1c0rdlzfls8fvjvi1sd9xjd9ijqlyz3wigr70ijcv6x8i9";
|
||||
};
|
||||
meta.description = "Xen's fork of iPXE";
|
||||
};
|
||||
};
|
||||
|
||||
configureFlags = []
|
||||
++ optional (!withInternalQemu) "--with-system-qemu" # use qemu from PATH
|
||||
++ optional (withInternalTraditionalQemu) "--enable-qemu-traditional"
|
||||
++ optional (!withInternalTraditionalQemu) "--disable-qemu-traditional"
|
||||
|
||||
++ optional (withSeabios) "--with-system-seabios=${seabios}/share/seabios"
|
||||
++ optional (!withInternalSeabios && !withSeabios) "--disable-seabios"
|
||||
|
||||
++ optional (withOVMF) "--with-system-ovmf=${OVMF.firmware}"
|
||||
++ optional (withInternalOVMF) "--enable-ovmf";
|
||||
|
||||
NIX_CFLAGS_COMPILE = toString [
|
||||
# TODO 4.15: drop unneeded ones
|
||||
# Fix build on Glibc 2.24.
|
||||
"-Wno-error=deprecated-declarations"
|
||||
# Fix build with GCC 8
|
||||
"-Wno-error=maybe-uninitialized"
|
||||
"-Wno-error=stringop-truncation"
|
||||
"-Wno-error=format-truncation"
|
||||
"-Wno-error=array-bounds"
|
||||
# Fix build with GCC 9
|
||||
"-Wno-error=address-of-packed-member"
|
||||
"-Wno-error=format-overflow"
|
||||
"-Wno-error=absolute-value"
|
||||
# Fix build with GCC 10
|
||||
"-Wno-error=enum-conversion"
|
||||
"-Wno-error=zero-length-bounds"
|
||||
# Fix build with GCC 12
|
||||
# xentoollog_stubs.c:57: error: "Some_val" redefined [-Werror]
|
||||
"-Wno-error"
|
||||
];
|
||||
|
||||
patches = with xsa; flatten [
|
||||
./0000-fix-ipxe-src.4.15.patch
|
||||
./0000-fix-install-python.4.15.patch
|
||||
./0004-makefile-use-efi-ld.4.15.patch
|
||||
./0005-makefile-fix-efi-mountdir-use.4.15.patch
|
||||
|
||||
XSA_386
|
||||
];
|
||||
|
||||
postPatch = ''
|
||||
# Avoid a glibc >= 2.25 deprecation warnings that get fatal via -Werror.
|
||||
sed 1i'#include <sys/sysmacros.h>' \
|
||||
-i tools/libs/light/libxl_device.c
|
||||
|
||||
# Fix missing pkg-config dir
|
||||
mkdir -p tools/pkg-config
|
||||
'';
|
||||
|
||||
preBuild = ''
|
||||
# PKG_CONFIG env var collides with variables used in tools Makefiles.
|
||||
unset PKG_CONFIG
|
||||
'';
|
||||
|
||||
passthru = {
|
||||
qemu-system-i386 = if withInternalQemu
|
||||
then "lib/xen/bin/qemu-system-i386"
|
||||
else throw "this xen has no qemu builtin";
|
||||
};
|
||||
|
||||
})) ({
|
||||
ocamlPackages = ocaml-ng.ocamlPackages_4_14;
|
||||
} // args)
|
@ -1,21 +1,21 @@
|
||||
hack to make etherboot use prefetched ipxe
|
||||
Hack to make etherboot use pre-fetched iPXE.
|
||||
|
||||
diff --git a/tools/firmware/etherboot/Makefile b/tools/firmware/etherboot/Makefile
|
||||
index ed9e11305f..979a3acea8 100644
|
||||
--- a/tools/firmware/etherboot/Makefile
|
||||
+++ b/tools/firmware/etherboot/Makefile
|
||||
@@ -16,6 +16,7 @@ IPXE_TARBALL_URL ?= $(XEN_EXTFILES_URL)/ipxe-git-$(IPXE_GIT_TAG).tar.gz
|
||||
|
||||
|
||||
D=ipxe
|
||||
T=ipxe.tar.gz
|
||||
+G=ipxe.git
|
||||
|
||||
|
||||
ROMS = $(addprefix $D/src/bin/, $(addsuffix .rom, $(ETHERBOOT_NICS)))
|
||||
ROM = $D/src/bin/ipxe.bin
|
||||
@@ -41,9 +42,9 @@ $T:
|
||||
fi
|
||||
mv _$T $T
|
||||
|
||||
|
||||
-$D/src/arch/i386/Makefile: $T Config
|
||||
- rm -rf $D
|
||||
- gzip -dc $T | tar xf -
|
49
pkgs/applications/virtualization/xen/4.16/default.nix
Normal file
49
pkgs/applications/virtualization/xen/4.16/default.nix
Normal file
@ -0,0 +1,49 @@
|
||||
{
|
||||
lib,
|
||||
fetchpatch,
|
||||
callPackage,
|
||||
ocaml-ng,
|
||||
...
|
||||
}@genericDefinition:
|
||||
|
||||
let
|
||||
upstreamPatches = import ../patches.nix {
|
||||
inherit lib;
|
||||
inherit fetchpatch;
|
||||
};
|
||||
|
||||
upstreamPatchList = lib.lists.flatten [ upstreamPatches.XSA_458 ];
|
||||
in
|
||||
|
||||
callPackage (import ../generic.nix {
|
||||
branch = "4.16";
|
||||
version = "4.16.6";
|
||||
latest = false;
|
||||
pkg = {
|
||||
xen = {
|
||||
rev = "4b33780de790bd438dd7cbb6143b410d94f0f049";
|
||||
hash = "sha256-2kcmfKwBo3w1U5CSxLSYSteqvzcJaB+cA7keVb3amyA=";
|
||||
patches = [ ./0000-xen-ipxe-src-4.16.patch ] ++ upstreamPatchList;
|
||||
};
|
||||
qemu = {
|
||||
rev = "c02cb236b5e4a76cf74e641cc35a0e3ebd3e52f3";
|
||||
hash = "sha256-LwlPry04az9QQowaDG2la8PYlGOUMbZaQAsCHxj+pwM=";
|
||||
patches = [ ];
|
||||
};
|
||||
seaBIOS = {
|
||||
rev = "d239552ce7220e448ae81f41515138f7b9e3c4db";
|
||||
hash = "sha256-UKMceJhIprN4/4Xe4EG2EvKlanxVcEi5Qcrrk3Ogiik=";
|
||||
patches = [ ];
|
||||
};
|
||||
ovmf = {
|
||||
rev = "7b4a99be8a39c12d3a7fc4b8db9f0eab4ac688d5";
|
||||
hash = "sha256-Qq2RgktCkJZBsq6Ch+6tyRHhme4lfcN7d2oQfxwhQt8=";
|
||||
patches = [ ];
|
||||
};
|
||||
ipxe = {
|
||||
rev = "3c040ad387099483102708bb1839110bc788cefb";
|
||||
hash = "sha256-y2QdZEoGsGUQjrrvD8YRa8VoqcZSr4tjLM//I/MrsLI=";
|
||||
patches = [ ];
|
||||
};
|
||||
};
|
||||
}) ({ ocamlPackages = ocaml-ng.ocamlPackages_4_14; } // genericDefinition)
|
@ -0,0 +1,27 @@
|
||||
Hack to make etherboot use pre-fetched iPXE.
|
||||
|
||||
diff --git a/tools/firmware/etherboot/Makefile b/tools/firmware/etherboot/Makefile
|
||||
index ed9e11305f..979a3acea8 100644
|
||||
--- a/tools/firmware/etherboot/Makefile
|
||||
+++ b/tools/firmware/etherboot/Makefile
|
||||
@@ -16,6 +16,7 @@ IPXE_TARBALL_URL ?= $(XEN_EXTFILES_URL)/ipxe-git-$(IPXE_GIT_TAG).tar.gz
|
||||
|
||||
D=ipxe
|
||||
T=ipxe.tar.gz
|
||||
+G=ipxe.git
|
||||
|
||||
ROMS = $(addprefix $D/src/bin/, $(addsuffix .rom, $(ETHERBOOT_NICS)))
|
||||
ROM = $D/src/bin/ipxe.bin
|
||||
@@ -41,9 +42,9 @@ $T:
|
||||
fi
|
||||
mv _$T $T
|
||||
|
||||
-$D/src/arch/i386/Makefile: $T Config
|
||||
- rm -rf $D
|
||||
- gzip -dc $T | tar xf -
|
||||
+$D/src/arch/i386/Makefile: $G Config
|
||||
+ mkdir $D
|
||||
+ cp -a $G/* $D
|
||||
for i in $$(cat patches/series) ; do \
|
||||
patch -d $D -p1 --quiet <patches/$$i || exit 1 ; \
|
||||
done
|
52
pkgs/applications/virtualization/xen/4.17/default.nix
Normal file
52
pkgs/applications/virtualization/xen/4.17/default.nix
Normal file
@ -0,0 +1,52 @@
|
||||
{
|
||||
lib,
|
||||
fetchpatch,
|
||||
callPackage,
|
||||
ocaml-ng,
|
||||
...
|
||||
}@genericDefinition:
|
||||
|
||||
let
|
||||
upstreamPatches = import ../patches.nix {
|
||||
inherit lib;
|
||||
inherit fetchpatch;
|
||||
};
|
||||
|
||||
upstreamPatchList = lib.lists.flatten [
|
||||
upstreamPatches.QUBES_REPRODUCIBLE_BUILDS
|
||||
upstreamPatches.XSA_458
|
||||
];
|
||||
in
|
||||
|
||||
callPackage (import ../generic.nix {
|
||||
branch = "4.17";
|
||||
version = "4.17.4";
|
||||
latest = false;
|
||||
pkg = {
|
||||
xen = {
|
||||
rev = "d530627aaa9b6e03c7f911434bb342fca3d13300";
|
||||
hash = "sha256-4ltQUzo4XPzGT/7fGt1hnNMqBQBVF7VP+WXD9ZaJcGo=";
|
||||
patches = [ ./0000-xen-ipxe-src-4.17.patch ] ++ upstreamPatchList;
|
||||
};
|
||||
qemu = {
|
||||
rev = "ffb451126550b22b43b62fb8731a0d78e3376c03";
|
||||
hash = "sha256-G0hMPid9d3fd1jAY7CiZ33xUZf1hdy96T1VUKFGeHSk=";
|
||||
patches = [ ];
|
||||
};
|
||||
seaBIOS = {
|
||||
rev = "d239552ce7220e448ae81f41515138f7b9e3c4db";
|
||||
hash = "sha256-UKMceJhIprN4/4Xe4EG2EvKlanxVcEi5Qcrrk3Ogiik=";
|
||||
patches = [ ];
|
||||
};
|
||||
ovmf = {
|
||||
rev = "7b4a99be8a39c12d3a7fc4b8db9f0eab4ac688d5";
|
||||
hash = "sha256-Qq2RgktCkJZBsq6Ch+6tyRHhme4lfcN7d2oQfxwhQt8=";
|
||||
patches = [ ];
|
||||
};
|
||||
ipxe = {
|
||||
rev = "1d1cf74a5e58811822bee4b3da3cff7282fcdfca";
|
||||
hash = "sha256-8pwoPrmkpL6jIM+Y/C0xSvyrBM/Uv0D1GuBwNm+0DHU=";
|
||||
patches = [ ];
|
||||
};
|
||||
};
|
||||
}) ({ ocamlPackages = ocaml-ng.ocamlPackages_4_14; } // genericDefinition)
|
@ -0,0 +1,27 @@
|
||||
Hack to make etherboot use pre-fetched iPXE.
|
||||
|
||||
diff --git a/tools/firmware/etherboot/Makefile b/tools/firmware/etherboot/Makefile
|
||||
index ed9e11305f..979a3acea8 100644
|
||||
--- a/tools/firmware/etherboot/Makefile
|
||||
+++ b/tools/firmware/etherboot/Makefile
|
||||
@@ -16,6 +16,7 @@ IPXE_TARBALL_URL ?= $(XEN_EXTFILES_URL)/ipxe-git-$(IPXE_GIT_TAG).tar.gz
|
||||
|
||||
D=ipxe
|
||||
T=ipxe.tar.gz
|
||||
+G=ipxe.git
|
||||
|
||||
ROMS = $(addprefix $D/src/bin/, $(addsuffix .rom, $(ETHERBOOT_NICS)))
|
||||
ROM = $D/src/bin/ipxe.bin
|
||||
@@ -41,9 +42,9 @@ $T:
|
||||
fi
|
||||
mv _$T $T
|
||||
|
||||
-$D/src/arch/i386/Makefile: $T Config
|
||||
- rm -rf $D
|
||||
- gzip -dc $T | tar xf -
|
||||
+$D/src/arch/i386/Makefile: $G Config
|
||||
+ mkdir $D
|
||||
+ cp -a $G/* $D
|
||||
for i in $$(cat patches/series) ; do \
|
||||
patch -d $D -p1 --quiet <patches/$$i || exit 1 ; \
|
||||
done
|
52
pkgs/applications/virtualization/xen/4.18/default.nix
Normal file
52
pkgs/applications/virtualization/xen/4.18/default.nix
Normal file
@ -0,0 +1,52 @@
|
||||
{
|
||||
lib,
|
||||
fetchpatch,
|
||||
callPackage,
|
||||
ocaml-ng,
|
||||
...
|
||||
}@genericDefinition:
|
||||
|
||||
let
|
||||
upstreamPatches = import ../patches.nix {
|
||||
inherit lib;
|
||||
inherit fetchpatch;
|
||||
};
|
||||
|
||||
upstreamPatchList = lib.lists.flatten [
|
||||
upstreamPatches.QUBES_REPRODUCIBLE_BUILDS
|
||||
upstreamPatches.XSA_458
|
||||
];
|
||||
in
|
||||
|
||||
callPackage (import ../generic.nix {
|
||||
branch = "4.18";
|
||||
version = "4.18.2";
|
||||
latest = false;
|
||||
pkg = {
|
||||
xen = {
|
||||
rev = "d152a0424677d8b78e00ed1270a583c5dafff16f";
|
||||
hash = "sha256-pHCjj+Bcy4xQfB9xHU9fccFwVdP2DXrUhdszwGvrdmY=";
|
||||
patches = [ ./0000-xen-ipxe-src-4.18.patch ] ++ upstreamPatchList;
|
||||
};
|
||||
qemu = {
|
||||
rev = "0df9387c8983e1b1e72d8c574356f572342c03e6";
|
||||
hash = "sha256-BX+LXfNzwdUMALwwI1ZDW12dJ357oynjnrboLHREDGQ=";
|
||||
patches = [ ];
|
||||
};
|
||||
seaBIOS = {
|
||||
rev = "ea1b7a0733906b8425d948ae94fba63c32b1d425";
|
||||
hash = "sha256-J2FuT+FXn9YoFLSfxDOxyKZvKrys59a6bP1eYvEXVNU=";
|
||||
patches = [ ];
|
||||
};
|
||||
ovmf = {
|
||||
rev = "ba91d0292e593df8528b66f99c1b0b14fadc8e16";
|
||||
hash = "sha256-htOvV43Hw5K05g0SF3po69HncLyma3BtgpqYSdzRG4s=";
|
||||
patches = [ ];
|
||||
};
|
||||
ipxe = {
|
||||
rev = "1d1cf74a5e58811822bee4b3da3cff7282fcdfca";
|
||||
hash = "sha256-8pwoPrmkpL6jIM+Y/C0xSvyrBM/Uv0D1GuBwNm+0DHU=";
|
||||
patches = [ ];
|
||||
};
|
||||
};
|
||||
}) ({ ocamlPackages = ocaml-ng.ocamlPackages_4_14; } // genericDefinition)
|
@ -0,0 +1,27 @@
|
||||
Hack to make etherboot use pre-fetched iPXE.
|
||||
|
||||
diff --git a/tools/firmware/etherboot/Makefile b/tools/firmware/etherboot/Makefile
|
||||
index ed9e11305f..979a3acea8 100644
|
||||
--- a/tools/firmware/etherboot/Makefile
|
||||
+++ b/tools/firmware/etherboot/Makefile
|
||||
@@ -16,6 +16,7 @@ IPXE_TARBALL_URL ?= $(XEN_EXTFILES_URL)/ipxe-git-$(IPXE_GIT_TAG).tar.gz
|
||||
|
||||
D=ipxe
|
||||
T=ipxe.tar.gz
|
||||
+G=ipxe.git
|
||||
|
||||
ROMS = $(addprefix $D/src/bin/, $(addsuffix .rom, $(ETHERBOOT_NICS)))
|
||||
ROM = $D/src/bin/ipxe.bin
|
||||
@@ -41,9 +42,9 @@ $T:
|
||||
fi
|
||||
mv _$T $T
|
||||
|
||||
-$D/src/arch/i386/Makefile: $T Config
|
||||
- rm -rf $D
|
||||
- gzip -dc $T | tar xf -
|
||||
+$D/src/arch/i386/Makefile: $G Config
|
||||
+ mkdir $D
|
||||
+ cp -a $G/* $D
|
||||
for i in $$(cat patches/series) ; do \
|
||||
patch -d $D -p1 --quiet <patches/$$i || exit 1 ; \
|
||||
done
|
49
pkgs/applications/virtualization/xen/4.19/default.nix
Normal file
49
pkgs/applications/virtualization/xen/4.19/default.nix
Normal file
@ -0,0 +1,49 @@
|
||||
{
|
||||
lib,
|
||||
fetchpatch,
|
||||
callPackage,
|
||||
ocaml-ng,
|
||||
...
|
||||
}@genericDefinition:
|
||||
|
||||
let
|
||||
upstreamPatches = import ../patches.nix {
|
||||
inherit lib;
|
||||
inherit fetchpatch;
|
||||
};
|
||||
|
||||
upstreamPatchList = lib.lists.flatten [ upstreamPatches.QUBES_REPRODUCIBLE_BUILDS ];
|
||||
in
|
||||
|
||||
callPackage (import ../generic.nix {
|
||||
branch = "4.19";
|
||||
version = "4.19.0";
|
||||
latest = true;
|
||||
pkg = {
|
||||
xen = {
|
||||
rev = "026c9fa29716b0ff0f8b7c687908e71ba29cf239";
|
||||
hash = "sha256-Q6x+2fZ4ITBz6sKICI0NHGx773Rc919cl+wzI89UY+Q=";
|
||||
patches = [ ./0000-xen-ipxe-src-4.19.patch ] ++ upstreamPatchList;
|
||||
};
|
||||
qemu = {
|
||||
rev = "0df9387c8983e1b1e72d8c574356f572342c03e6";
|
||||
hash = "sha256-BX+LXfNzwdUMALwwI1ZDW12dJ357oynjnrboLHREDGQ=";
|
||||
patches = [ ];
|
||||
};
|
||||
seaBIOS = {
|
||||
rev = "a6ed6b701f0a57db0569ab98b0661c12a6ec3ff8";
|
||||
hash = "sha256-hWemj83cxdY8p+Jhkh5GcPvI0Sy5aKYZJCsKDjHTUUk=";
|
||||
patches = [ ];
|
||||
};
|
||||
ovmf = {
|
||||
rev = "ba91d0292e593df8528b66f99c1b0b14fadc8e16";
|
||||
hash = "sha256-htOvV43Hw5K05g0SF3po69HncLyma3BtgpqYSdzRG4s=";
|
||||
patches = [ ];
|
||||
};
|
||||
ipxe = {
|
||||
rev = "1d1cf74a5e58811822bee4b3da3cff7282fcdfca";
|
||||
hash = "sha256-8pwoPrmkpL6jIM+Y/C0xSvyrBM/Uv0D1GuBwNm+0DHU=";
|
||||
patches = [ ];
|
||||
};
|
||||
};
|
||||
}) ({ ocamlPackages = ocaml-ng.ocamlPackages_4_14; } // genericDefinition)
|
195
pkgs/applications/virtualization/xen/README.md
Normal file
195
pkgs/applications/virtualization/xen/README.md
Normal file
@ -0,0 +1,195 @@
|
||||
<p align="center">
|
||||
<a href="https://xenproject.org/">
|
||||
<picture>
|
||||
<source
|
||||
media="(prefers-color-scheme: light)"
|
||||
srcset="https://downloads.xenproject.org/Branding/Logos/Green+Black/xen_project_logo_dualcolor_2000x832.png">
|
||||
<source
|
||||
media="(prefers-color-scheme: dark)"
|
||||
srcset="https://xenproject.org/wp-content/uploads/sites/79/2018/09/logo_xenproject.png">
|
||||
<img
|
||||
src="https://downloads.xenproject.org/Branding/Logos/Green+Black/xen_project_logo_dualcolor_2000x832.png"
|
||||
width="512px"
|
||||
alt="Xen Project Logo">
|
||||
</picture>
|
||||
</a>
|
||||
</p>
|
||||
|
||||
# Xen Hypervisor <a href="https://xenproject.org/"><img src="https://downloads.xenproject.org/Branding/Mascots/Xen-Fu-Panda-2000px.png" width="48px" align="top" alt="Xen Fu Panda"></a>
|
||||
|
||||
This directory includes the build recipes for the [Xen Hypervisor](https://xenproject.org/).
|
||||
|
||||
Some other notable packages that compose the Xen Ecosystem include:
|
||||
|
||||
- `ocamlPackages.xenstore`: Mirage's `oxenstore` implementation.
|
||||
- `ocamlPackages.vchan`: Mirage's `xen-vchan` implementation.
|
||||
- `ocamlPackages.xenstore-tool`: XAPI's `oxenstore` utilities.
|
||||
- `xen-guest-agent`: Guest drivers for UNIX domUs.
|
||||
- `win-pvdrivers`: Guest drivers for Windows domUs.
|
||||
|
||||
## Updating
|
||||
|
||||
### Automatically
|
||||
|
||||
An automated update script is available in this directory. To produce up-to-date
|
||||
files for all supported Xen branches, simply run `./update.sh`, and follow the
|
||||
instructions given to you by the script. Notably, it will request that you verify
|
||||
the Xen Project code signing PGP key. This README understands that the fingerprint
|
||||
of that key is [`23E3 222C 145F 4475 FA80 60A7 83FE 14C9 57E8 2BD9`](https://keys.openpgp.org/search?q=pgp%40xen.org),
|
||||
but you should verify this information by seeking the fingerprint from other trusted
|
||||
sources, as this document may be compromised. Once the PGP key is verified, it will
|
||||
use `git verify-tag` to ascertain the validity of the cloned Xen sources.
|
||||
|
||||
After the script is done, follow the steps in [**For Both Update Methods**](#for-both-update-methods) below.
|
||||
|
||||
#### Downstream Patch Names
|
||||
|
||||
The script expects local patch names to follow a certain specification.
|
||||
Please name any required patches using the template below:
|
||||
|
||||
```console
|
||||
0000-project-description-branch.patch
|
||||
```
|
||||
|
||||
Where:
|
||||
|
||||
1. The first four numbers define the patch order.
|
||||
**0001** will be applied after **0000**, and so on.
|
||||
1. `project` means the name of the source the patch should be applied to.
|
||||
- If you are applying patches to the main Xen sources, use `xen`.
|
||||
- For the pre-fetched QEMU, use `qemu`.
|
||||
- For SeaBIOS, use `seabios`.
|
||||
- For OVMF, use `ovmf`.
|
||||
- For iPXE, use `ipxe`.
|
||||
1. `description` is a string with uppercase and lowercase letters, numbers and
|
||||
dashes. It describes the patch name and what it does to the upstream code.
|
||||
1. `branch` is the branch for which this patch is supposed to patch.
|
||||
It should match the name of the directory it is in.
|
||||
|
||||
For example, a patch fixing `xentop`'s output in the 4.15 branch should have
|
||||
the following name: `0000-xen-xentop-output-4.15.patch`, and it should be added
|
||||
to the `4.15/` directory.
|
||||
|
||||
### Manually
|
||||
|
||||
The script is not infallible, and it may break in the future. If that happens,
|
||||
open a PR fixing the script, and update Xen manually:
|
||||
|
||||
1. Check the support matrix to see which branches are security-supported.
|
||||
1. Create one directory per branch.
|
||||
1. [Update](https://xenbits.xenproject.org/gitweb/) the `default.nix` files for
|
||||
the branches that already exist and copy a new one to any branches that do
|
||||
not yet exist in Nixpkgs.
|
||||
- Do not forget to set the `branch`, `version`, and `latest` attributes for
|
||||
each of the `default.nix` files.
|
||||
- The revisions are preferably commit hashes, but tag names are acceptable
|
||||
as well.
|
||||
|
||||
### For Both Update Methods
|
||||
|
||||
1. Make sure all branches build. (Both the `standard` and `slim` versions)
|
||||
1. Use the NixOS module to test if dom0 boots successfully on all new versions.
|
||||
1. Clean up your changes and commit them, making sure to follow the
|
||||
[Nixpkgs Contribution Guidelines](../../../../CONTRIBUTING.md).
|
||||
1. Open a PR and await a review from the current maintainers.
|
||||
|
||||
## Features
|
||||
|
||||
### Pre-fetched Sources
|
||||
|
||||
On a typical Xen build, the Xen Makefiles will fetch more required sources with
|
||||
`git` and `wget`. Due to the Nix Sandbox, build-time fetching will fail, so we
|
||||
pre-fetch the required sources before building.[^1] To accomplish this, we have
|
||||
a `prefetchedSources` attribute that contains the required derivations, if they
|
||||
are requested by the main Xen build.
|
||||
|
||||
### EFI
|
||||
|
||||
Building `xen.efi` requires an `ld` with PE support.[^2]
|
||||
|
||||
We use a `makeFlag` to override the `$LD` environment variable to point to our
|
||||
patched `efiBinutils`. For more information, see the comment in `./generic.nix`.
|
||||
|
||||
> [!TIP]
|
||||
> If you are certain you will not be running Xen in an x86 EFI environment, disable
|
||||
the `withEFI` flag with an [override](https://nixos.org/manual/nixpkgs/stable/#chap-overrides)
|
||||
to save you the need to compile `efiBinutils`.
|
||||
|
||||
### Default Overrides
|
||||
|
||||
By default, Xen also builds
|
||||
[QEMU](https://www.qemu.org/),
|
||||
[SeaBIOS](https://www.seabios.org/SeaBIOS),
|
||||
[OVMF](https://github.com/tianocore/tianocore.github.io/wiki/OVMF) and
|
||||
[iPXE](https://ipxe.org/).
|
||||
|
||||
- QEMU is used for stubdomains and handling devices.
|
||||
- SeaBIOS is the default legacy BIOS ROM for HVM domains.
|
||||
- OVMF is the default UEFI ROM for HVM domains.
|
||||
- iPXE provides a PXE boot environment for HVMs.
|
||||
|
||||
However, those packages are already available on Nixpkgs, and Xen does not
|
||||
necessarily need to build them into the main hypervisor build. For this reason,
|
||||
we also have the `withInternal<Component>` flags, which enables and disables
|
||||
building those built-in components. The two most popular Xen configurations will
|
||||
be the default build, with all built-in components, and a `slim` build, with none
|
||||
of those components. To simplify this process, the `./packages.nix` file includes
|
||||
the `xen-slim` package overrides that have all `withInternal<Component>` flags
|
||||
disabled. See the `meta.longDescription` attribute for the `xen-slim` packages
|
||||
for more information.
|
||||
|
||||
## Security
|
||||
|
||||
We aim to support all **security-supported** versions of Xen at any given time.
|
||||
See the [Xen Support Matrix](https://xenbits.xen.org/docs/unstable/support-matrix.html)
|
||||
for a list of versions. As soon as a version is no longer **security-supported**,
|
||||
it should be removed from Nixpkgs.
|
||||
|
||||
> [!CAUTION]
|
||||
> Pull requests that introduce XSA patches
|
||||
should have the `1.severity: security` label.
|
||||
|
||||
### Maintainers
|
||||
|
||||
Xen is a particularly complex piece of software, so we are always looking for new
|
||||
maintainers. Help out by [making and triaging issues](https://github.com/NixOS/nixpkgs/issues/new/choose),
|
||||
[sending build fixes and improvements through PRs](https://github.com/NixOS/nixpkgs/compare),
|
||||
updating the branches, and [patching security flaws](https://xenbits.xenproject.org/xsa/).
|
||||
|
||||
We are also looking for testers, particularly those who can test Xen on AArch64
|
||||
machines. Open issues for any build failures or runtime errors you find!
|
||||
|
||||
## Tests
|
||||
|
||||
So far, we only have had one simple automated test that checks for
|
||||
the correct `pkg-config` output files.
|
||||
|
||||
Due to Xen's nature as a type-1 hypervisor, it is not a trivial matter to design
|
||||
new tests, as even basic functionality requires a machine booted in a dom0
|
||||
kernel. For this reason, most testing done with this package must be done
|
||||
manually in a NixOS machine with `virtualisation.xen.enable` set to `true`.
|
||||
|
||||
Another unfortunate thing is that none of the Xen commands have a `--version`
|
||||
flag. This means that `testers.testVersion` cannot ascertain the Xen version.
|
||||
The only way to verify that you have indeed built the correct version is to
|
||||
boot into the freshly built Xen kernel and run `xl info`.
|
||||
|
||||
<p align="center">
|
||||
<a href="https://xenproject.org/">
|
||||
<img
|
||||
src="https://downloads.xenproject.org/Branding/Mascots/Xen%20Big%20Panda%204242x3129.png"
|
||||
width="96px"
|
||||
alt="Xen Fu Panda">
|
||||
</a>
|
||||
</p>
|
||||
|
||||
[^1]: We also produce fake `git`, `wget` and `hostname` binaries that do nothing,
|
||||
to prevent the build from failing because Xen cannot fetch the sources that
|
||||
were already fetched by Nix.
|
||||
[^2]: From the [Xen Documentation](https://xenbits.xenproject.org/docs/unstable/misc/efi.html):
|
||||
> For x86, building `xen.efi` requires `gcc` 4.5.x or above (4.6.x or newer
|
||||
recommended, as 4.5.x was probably never really tested for this purpose)
|
||||
and `binutils` 2.22 or newer. Additionally, the `binutils` build must be
|
||||
configured to include support for the x86_64-pep emulation (i.e.
|
||||
`--enable-targets=x86_64-pep` or an option of equivalent effect should be
|
||||
passed to the configure script).
|
@ -1,265 +1,687 @@
|
||||
config:
|
||||
{ lib, stdenv, cmake, pkg-config, which
|
||||
versionDefinition:
|
||||
{
|
||||
lib,
|
||||
stdenv,
|
||||
autoPatchelfHook,
|
||||
cmake,
|
||||
ninja,
|
||||
pkg-config,
|
||||
testers,
|
||||
which,
|
||||
|
||||
# Xen
|
||||
, bison, bzip2, checkpolicy, dev86, figlet, flex, gettext, glib
|
||||
, acpica-tools, libaio, libiconv, libuuid, ncurses, openssl, perl
|
||||
, xz, yajl, zlib
|
||||
, python3Packages
|
||||
fetchgit,
|
||||
fetchFromGitHub,
|
||||
|
||||
# Xen Optional
|
||||
, ocamlPackages
|
||||
# Xen
|
||||
acpica-tools,
|
||||
bison,
|
||||
bzip2,
|
||||
dev86,
|
||||
e2fsprogs,
|
||||
flex,
|
||||
libnl,
|
||||
libuuid,
|
||||
lzo,
|
||||
ncurses,
|
||||
ocamlPackages,
|
||||
perl,
|
||||
python311Packages,
|
||||
systemdMinimal,
|
||||
xz,
|
||||
yajl,
|
||||
zlib,
|
||||
zstd,
|
||||
|
||||
# Scripts
|
||||
, coreutils, gawk, gnused, gnugrep, diffutils, multipath-tools
|
||||
, iproute2, inetutils, iptables, bridge-utils, openvswitch, nbd, drbd
|
||||
, util-linux, procps, systemd
|
||||
# Xen Optional
|
||||
withInternalQEMU ? true,
|
||||
pixman,
|
||||
glib,
|
||||
|
||||
# Documentation
|
||||
# python3Packages.markdown
|
||||
, fig2dev, ghostscript, texinfo, pandoc
|
||||
withInternalSeaBIOS ? true,
|
||||
withSeaBIOS ? !withInternalSeaBIOS,
|
||||
seabios,
|
||||
|
||||
, binutils-unwrapped
|
||||
withInternalOVMF ? true,
|
||||
withOVMF ? !withInternalOVMF,
|
||||
OVMF,
|
||||
nasm,
|
||||
|
||||
, ...} @ args:
|
||||
withInternalIPXE ? true,
|
||||
withIPXE ? !withInternalIPXE,
|
||||
ipxe,
|
||||
|
||||
with lib;
|
||||
withFlask ? false,
|
||||
checkpolicy,
|
||||
|
||||
efiVendor ? "nixos", # Allow downstreams with custom branding to quickly override the EFI Vendor string.
|
||||
withEFI ? true,
|
||||
binutils-unwrapped,
|
||||
|
||||
# Documentation
|
||||
fig2dev,
|
||||
pandoc,
|
||||
|
||||
# Scripts
|
||||
bridge-utils,
|
||||
coreutils,
|
||||
diffutils,
|
||||
gawk,
|
||||
gnugrep,
|
||||
gnused,
|
||||
inetutils,
|
||||
iproute2,
|
||||
iptables,
|
||||
multipath-tools,
|
||||
nbd,
|
||||
openvswitch,
|
||||
util-linux,
|
||||
...
|
||||
}@packageDefinition:
|
||||
|
||||
let
|
||||
#TODO: fix paths instead
|
||||
scriptEnvPath = concatMapStringsSep ":" (x: "${x}/bin") [
|
||||
which perl
|
||||
coreutils gawk gnused gnugrep diffutils util-linux multipath-tools
|
||||
iproute2 inetutils iptables bridge-utils openvswitch nbd drbd
|
||||
#TODO: fix paths instead.
|
||||
scriptEnvPath = lib.strings.concatMapStringsSep ":" (x: "${x}/bin") [
|
||||
bridge-utils
|
||||
coreutils
|
||||
diffutils
|
||||
gawk
|
||||
gnugrep
|
||||
gnused
|
||||
inetutils
|
||||
iproute2
|
||||
iptables
|
||||
multipath-tools
|
||||
nbd
|
||||
openvswitch
|
||||
perl
|
||||
util-linux
|
||||
which
|
||||
];
|
||||
|
||||
withXenfiles = f: concatStringsSep "\n" (mapAttrsToList f config.xenfiles);
|
||||
inherit (versionDefinition) branch;
|
||||
inherit (versionDefinition) version;
|
||||
inherit (versionDefinition) latest;
|
||||
inherit (versionDefinition) pkg;
|
||||
pname = "xen";
|
||||
|
||||
withTools = a: f: withXenfiles (name: x: optionalString (hasAttr a x) ''
|
||||
echo "processing ${name}"
|
||||
__do() {
|
||||
cd "tools/${name}"
|
||||
${f name x}
|
||||
# Sources needed to build tools and firmwares.
|
||||
prefetchedSources =
|
||||
lib.attrsets.optionalAttrs withInternalQEMU {
|
||||
qemu-xen = {
|
||||
src = fetchgit {
|
||||
url = "https://xenbits.xen.org/git-http/qemu-xen.git";
|
||||
fetchSubmodules = true;
|
||||
inherit (pkg.qemu) rev;
|
||||
inherit (pkg.qemu) hash;
|
||||
};
|
||||
patches = lib.lists.optionals (lib.attrsets.hasAttrByPath [ "patches" ] pkg.qemu) pkg.qemu.patches;
|
||||
postPatch = ''
|
||||
substituteInPlace scripts/tracetool.py \
|
||||
--replace-fail "/usr/bin/env python" "${python311Packages.python}/bin/python"
|
||||
'';
|
||||
};
|
||||
}
|
||||
( __do )
|
||||
'');
|
||||
// lib.attrsets.optionalAttrs withInternalSeaBIOS {
|
||||
"firmware/seabios-dir-remote" = {
|
||||
src = fetchgit {
|
||||
url = "https://xenbits.xen.org/git-http/seabios.git";
|
||||
inherit (pkg.seaBIOS) rev;
|
||||
inherit (pkg.seaBIOS) hash;
|
||||
};
|
||||
patches = lib.lists.optionals (lib.attrsets.hasAttrByPath [
|
||||
"patches"
|
||||
] pkg.seaBIOS) pkg.seaBIOS.patches;
|
||||
};
|
||||
}
|
||||
// lib.attrsets.optionalAttrs withInternalOVMF {
|
||||
"firmware/ovmf-dir-remote" = {
|
||||
src = fetchgit {
|
||||
url = "https://xenbits.xen.org/git-http/ovmf.git";
|
||||
fetchSubmodules = true;
|
||||
inherit (pkg.ovmf) rev;
|
||||
inherit (pkg.ovmf) hash;
|
||||
};
|
||||
patches = lib.lists.optionals (lib.attrsets.hasAttrByPath [ "patches" ] pkg.ovmf) pkg.ovmf.patches;
|
||||
postPatch = ''
|
||||
substituteInPlace \
|
||||
OvmfPkg/build.sh BaseTools/BinWrappers/PosixLike/{AmlToC,BrotliCompress,build,GenFfs,GenFv,GenFw,GenSec,LzmaCompress,TianoCompress,Trim,VfrCompile} \
|
||||
--replace-fail "/usr/bin/env bash" ${stdenv.shell}
|
||||
'';
|
||||
};
|
||||
}
|
||||
// lib.attrsets.optionalAttrs withInternalIPXE {
|
||||
"firmware/etherboot/ipxe.git" = {
|
||||
src = fetchFromGitHub {
|
||||
owner = "ipxe";
|
||||
repo = "ipxe";
|
||||
inherit (pkg.ipxe) rev;
|
||||
inherit (pkg.ipxe) hash;
|
||||
};
|
||||
patches = lib.lists.optionals (lib.attrsets.hasAttrByPath [ "patches" ] pkg.ipxe) pkg.ipxe.patches;
|
||||
};
|
||||
};
|
||||
withPrefetchedSources =
|
||||
sourcePkg: lib.strings.concatLines (lib.attrsets.mapAttrsToList sourcePkg prefetchedSources);
|
||||
|
||||
# We don't want to use the wrapped version, because this version of ld is
|
||||
# only used for linking the Xen EFI binary, and the build process really
|
||||
# needs control over the LDFLAGS used
|
||||
# Sometimes patches are sourced through a path, like ./0000-xen.patch.
|
||||
# This would break the patch attribute parser functions, so we normalise
|
||||
# all patches sourced through paths by setting them to a { type = "path"; }
|
||||
# attribute set.
|
||||
# Patches from fetchpatch are already attribute sets.
|
||||
normalisedPatchList = builtins.map (
|
||||
patch:
|
||||
if !builtins.isAttrs patch then
|
||||
if builtins.isPath patch then
|
||||
{ type = "path"; }
|
||||
else
|
||||
throw "xen/generic.nix: normalisedPatchList attempted to normalise something that is not a Path or an Attribute Set."
|
||||
else
|
||||
patch
|
||||
) pkg.xen.patches;
|
||||
|
||||
# Simple counter for the number of attrsets (patches) in the patches list after normalisation.
|
||||
numberOfPatches = lib.lists.count (patch: builtins.isAttrs patch) normalisedPatchList;
|
||||
|
||||
# builtins.elemAt's index begins at 0, so we subtract 1 from the number of patches in order to
|
||||
# produce the range that will be used in the following builtin.map calls.
|
||||
availablePatchesToTry = lib.lists.range 0 (numberOfPatches - 1);
|
||||
|
||||
# Takes in an attrByPath input, and outputs the attribute value for each patch in a list.
|
||||
# If a patch does not have a given attribute, returns `null`. Use lib.lists.remove null
|
||||
# to remove these junk values, if necessary.
|
||||
retrievePatchAttributes =
|
||||
attributeName:
|
||||
builtins.map (
|
||||
x: lib.attrsets.attrByPath attributeName null (builtins.elemAt normalisedPatchList x)
|
||||
) availablePatchesToTry;
|
||||
|
||||
# Produces a list of newline-separated strings that lists the vulnerabilities this
|
||||
# Xen is NOT affected by, due to the applied Xen Security Advisory patches. This is
|
||||
# then used in meta.longDescription, to let users know their Xen is patched against
|
||||
# known vulnerabilities, as the package version isn't always the best indicator.
|
||||
#
|
||||
# Produces something like this: (one string for each XSA)
|
||||
# * [Xen Security Advisory #1](https://xenbits.xenproject.org/xsa/advisory-1.html): **Title for XSA.**
|
||||
# >Description of issue in XSA
|
||||
#Extra lines
|
||||
#are not indented,
|
||||
#but markdown should be
|
||||
#fine with it.
|
||||
# Fixes:
|
||||
# * [CVE-1999-00001](https://www.cve.org/CVERecord?id=CVE-1999-00001)
|
||||
# * [CVE-1999-00002](https://www.cve.org/CVERecord?id=CVE-1999-00002)
|
||||
# * [CVE-1999-00003](https://www.cve.org/CVERecord?id=CVE-1999-00003)
|
||||
writeAdvisoryDescription =
|
||||
if (lib.lists.remove null (retrievePatchAttributes [ "xsa" ]) != [ ]) then
|
||||
lib.lists.zipListsWith (a: b: a + b)
|
||||
(lib.lists.zipListsWith (a: b: a + "**" + b + ".**\n >")
|
||||
(lib.lists.zipListsWith (a: b: "* [Xen Security Advisory #" + a + "](" + b + "): ")
|
||||
(lib.lists.remove null (retrievePatchAttributes [ "xsa" ]))
|
||||
(
|
||||
lib.lists.remove null (retrievePatchAttributes [
|
||||
"meta"
|
||||
"homepage"
|
||||
])
|
||||
)
|
||||
)
|
||||
(
|
||||
lib.lists.remove null (retrievePatchAttributes [
|
||||
"meta"
|
||||
"description"
|
||||
])
|
||||
)
|
||||
)
|
||||
(
|
||||
lib.lists.remove null (retrievePatchAttributes [
|
||||
"meta"
|
||||
"longDescription"
|
||||
])
|
||||
)
|
||||
else
|
||||
[ ];
|
||||
|
||||
withTools =
|
||||
attr: file:
|
||||
withPrefetchedSources (
|
||||
name: source:
|
||||
lib.strings.optionalString (builtins.hasAttr attr source) ''
|
||||
echo "processing ${name}"
|
||||
__do() {
|
||||
cd "tools/${name}"
|
||||
${file name source}
|
||||
}
|
||||
( __do )
|
||||
''
|
||||
);
|
||||
|
||||
# Originally, there were two versions of binutils being used: the standard one and
|
||||
# this patched one. Unfortunately, that required patches to the Xen Makefiles, and
|
||||
# quickly became too complex to maintain. The new solution is to simply build this
|
||||
# efi-binutils derivation and use it for the whole build process, except if
|
||||
# enableEFI is disabled; it'll then use `binutils`.
|
||||
efiBinutils = binutils-unwrapped.overrideAttrs (oldAttrs: {
|
||||
name = "efi-binutils";
|
||||
configureFlags = oldAttrs.configureFlags ++ [
|
||||
"--enable-targets=x86_64-pep"
|
||||
];
|
||||
doInstallCheck = false; # We get a spurious failure otherwise, due to host/target mis-match
|
||||
configureFlags = oldAttrs.configureFlags ++ [ "--enable-targets=x86_64-pep" ];
|
||||
doInstallCheck = false; # We get a spurious failure otherwise, due to a host/target mismatch.
|
||||
});
|
||||
in
|
||||
|
||||
stdenv.mkDerivation (rec {
|
||||
inherit (config) version;
|
||||
stdenv.mkDerivation (finalAttrs: {
|
||||
inherit pname;
|
||||
inherit version;
|
||||
|
||||
name = "xen-${version}";
|
||||
outputs = [
|
||||
"out" # TODO: Split $out in $bin for binaries and $lib for libraries.
|
||||
"man" # Manual pages for Xen userspace utilities.
|
||||
"dev" # Development headers.
|
||||
"boot" # xen.gz kernel, policy file if Flask is enabled, xen.efi if EFI is enabled.
|
||||
];
|
||||
|
||||
dontUseCmakeConfigure = true;
|
||||
# Main Xen source.
|
||||
src = fetchgit {
|
||||
url = "https://xenbits.xen.org/git-http/xen.git";
|
||||
inherit (pkg.xen) rev;
|
||||
inherit (pkg.xen) hash;
|
||||
};
|
||||
|
||||
hardeningDisable = [ "stackprotector" "fortify" "pic" ];
|
||||
# Gets the patches from the pkg.xen.patches attribute from the versioned files.
|
||||
patches = lib.lists.optionals (lib.attrsets.hasAttrByPath [ "patches" ] pkg.xen) pkg.xen.patches;
|
||||
|
||||
nativeBuildInputs = [ pkg-config cmake ];
|
||||
buildInputs = [
|
||||
which
|
||||
nativeBuildInputs =
|
||||
[
|
||||
autoPatchelfHook
|
||||
bison
|
||||
cmake
|
||||
fig2dev
|
||||
flex
|
||||
pandoc
|
||||
pkg-config
|
||||
]
|
||||
++ lib.lists.optionals withInternalQEMU [
|
||||
ninja
|
||||
python311Packages.sphinx
|
||||
];
|
||||
buildInputs =
|
||||
[
|
||||
# Xen
|
||||
acpica-tools
|
||||
bzip2
|
||||
dev86
|
||||
e2fsprogs.dev
|
||||
libnl
|
||||
libuuid
|
||||
lzo
|
||||
ncurses
|
||||
perl
|
||||
python311Packages.python
|
||||
xz
|
||||
yajl
|
||||
zlib
|
||||
zstd
|
||||
|
||||
# Xen
|
||||
bison bzip2 checkpolicy dev86 figlet flex gettext glib acpica-tools libaio
|
||||
libiconv libuuid ncurses openssl perl python3Packages.python xz yajl zlib
|
||||
# oxenstored
|
||||
ocamlPackages.findlib
|
||||
ocamlPackages.ocaml
|
||||
systemdMinimal
|
||||
|
||||
# oxenstored
|
||||
ocamlPackages.findlib ocamlPackages.ocaml systemd
|
||||
# Python Fixes
|
||||
python311Packages.wrapPython
|
||||
]
|
||||
++ lib.lists.optionals withInternalQEMU [
|
||||
glib
|
||||
pixman
|
||||
]
|
||||
++ lib.lists.optional withInternalOVMF nasm
|
||||
++ lib.lists.optional withFlask checkpolicy;
|
||||
|
||||
# Python fixes
|
||||
python3Packages.wrapPython
|
||||
configureFlags =
|
||||
[ "--enable-systemd" ]
|
||||
++ lib.lists.optional (!withInternalQEMU) "--with-system-qemu"
|
||||
|
||||
# Documentation
|
||||
python3Packages.markdown fig2dev ghostscript texinfo pandoc
|
||||
++ lib.lists.optional withSeaBIOS "--with-system-seabios=${seabios}/share/seabios"
|
||||
++ lib.lists.optional (!withInternalSeaBIOS && !withSeaBIOS) "--disable-seabios"
|
||||
|
||||
# Others
|
||||
] ++ (concatMap (x: x.buildInputs or []) (attrValues config.xenfiles))
|
||||
++ (config.buildInputs or []);
|
||||
++ lib.lists.optional withOVMF "--with-system-ovmf=${OVMF.firmware}"
|
||||
++ lib.lists.optional withInternalOVMF "--enable-ovmf"
|
||||
|
||||
prePatch = ''
|
||||
### Generic fixes
|
||||
++ lib.lists.optional withIPXE "--with-system-ipxe=${ipxe}"
|
||||
++ lib.lists.optional withInternalIPXE "--enable-ipxe";
|
||||
|
||||
# Xen's stubdoms, tools and firmwares need various sources that
|
||||
# are usually fetched at build time using wget and git. We can't
|
||||
# have that, so we prefetch them in nix-expression and setup
|
||||
# fake wget and git for debugging purposes.
|
||||
makeFlags =
|
||||
[
|
||||
"PREFIX=$(out)"
|
||||
"CONFIG_DIR=/etc"
|
||||
"XEN_EXTFILES_URL=\\$(XEN_ROOT)/xen_ext_files"
|
||||
"XEN_SCRIPT_DIR=$(CONFIG_DIR)/xen/scripts"
|
||||
"BASH_COMPLETION_DIR=$(PREFIX)/share/bash-completion/completions"
|
||||
]
|
||||
++ lib.lists.optionals withEFI [
|
||||
"EFI_VENDOR=${efiVendor}"
|
||||
"INSTALL_EFI_STRIP=1"
|
||||
"LD=${efiBinutils}/bin/ld" # See the comment in the efiBinutils definition above.
|
||||
]
|
||||
# These flags set the CONFIG_* options in /boot/xen.config
|
||||
# and define if the default policy file is built. However,
|
||||
# the Flask binaries always get compiled by default.
|
||||
++ lib.lists.optionals withFlask [
|
||||
"XSM_ENABLE=y"
|
||||
"FLASK_ENABLE=y"
|
||||
]
|
||||
++ (pkg.xen.makeFlags or [ ]);
|
||||
|
||||
mkdir fake-bin
|
||||
|
||||
# Fake git: just print what it wants and die
|
||||
cat > fake-bin/wget << EOF
|
||||
#!${stdenv.shell} -e
|
||||
echo ===== FAKE WGET: Not fetching \$*
|
||||
[ -e \$3 ]
|
||||
EOF
|
||||
|
||||
# Fake git: just print what it wants and die
|
||||
cat > fake-bin/git << EOF
|
||||
#!${stdenv.shell}
|
||||
echo ===== FAKE GIT: Not cloning \$*
|
||||
[ -e \$3 ]
|
||||
EOF
|
||||
|
||||
chmod +x fake-bin/*
|
||||
export PATH=$PATH:$PWD/fake-bin
|
||||
|
||||
# Remove in-tree qemu stuff in case we build from a tar-ball
|
||||
rm -rf tools/qemu-xen tools/qemu-xen-traditional
|
||||
|
||||
# Fix shebangs, mainly for build-scripts
|
||||
# We want to do this before getting prefetched stuff to speed things up
|
||||
# (prefetched stuff has lots of files)
|
||||
find . -type f | xargs sed -i 's@/usr/bin/\(python\|perl\)@/usr/bin/env \1@g'
|
||||
find . -type f -not -path "./tools/hotplug/Linux/xendomains.in" \
|
||||
| xargs sed -i 's@/bin/bash@${stdenv.shell}@g'
|
||||
|
||||
# Get prefetched stuff
|
||||
${withXenfiles (name: x: ''
|
||||
echo "${x.src} -> tools/${name}"
|
||||
cp -r ${x.src} tools/${name}
|
||||
chmod -R +w tools/${name}
|
||||
'')}
|
||||
'';
|
||||
|
||||
patches = [
|
||||
] ++ (config.patches or []);
|
||||
|
||||
postPatch = ''
|
||||
### Hacks
|
||||
|
||||
# Work around a bug in our GCC wrapper: `gcc -MF foo -v' doesn't
|
||||
# print the GCC version number properly.
|
||||
substituteInPlace xen/Makefile \
|
||||
--replace '$(CC) $(CFLAGS) -v' '$(CC) -v'
|
||||
|
||||
# Hack to get `gcc -m32' to work without having 32-bit Glibc headers.
|
||||
mkdir -p tools/include/gnu
|
||||
touch tools/include/gnu/stubs-32.h
|
||||
|
||||
### Fixing everything else
|
||||
|
||||
substituteInPlace tools/libfsimage/common/fsimage_plugin.c \
|
||||
--replace /usr $out
|
||||
|
||||
substituteInPlace tools/misc/xenpvnetboot \
|
||||
--replace /usr/sbin/mount ${util-linux}/bin/mount \
|
||||
--replace /usr/sbin/umount ${util-linux}/bin/umount
|
||||
|
||||
substituteInPlace tools/xenmon/xenmon.py \
|
||||
--replace /usr/bin/pkill ${procps}/bin/pkill
|
||||
|
||||
${optionalString (builtins.compareVersions config.version "4.8" >= 0) ''
|
||||
substituteInPlace tools/hotplug/Linux/launch-xenstore.in \
|
||||
--replace /bin/mkdir mkdir
|
||||
''}
|
||||
|
||||
${optionalString (builtins.compareVersions config.version "4.6" < 0) ''
|
||||
# TODO: use this as a template and support our own if-up scripts instead?
|
||||
substituteInPlace tools/hotplug/Linux/xen-backend.rules.in \
|
||||
--replace "@XEN_SCRIPT_DIR@" $out/etc/xen/scripts
|
||||
|
||||
# blktap is not provided by xen, but by xapi
|
||||
sed -i '/blktap/d' tools/hotplug/Linux/xen-backend.rules.in
|
||||
''}
|
||||
|
||||
${withTools "patches" (name: x: ''
|
||||
${concatMapStringsSep "\n" (p: ''
|
||||
echo "# Patching with ${p}"
|
||||
patch -p1 < ${p}
|
||||
'') x.patches}
|
||||
'')}
|
||||
|
||||
${withTools "postPatch" (name: x: x.postPatch)}
|
||||
|
||||
${config.postPatch or ""}
|
||||
'';
|
||||
|
||||
postConfigure = ''
|
||||
substituteInPlace tools/hotplug/Linux/xendomains \
|
||||
--replace /bin/ls ls
|
||||
'';
|
||||
|
||||
EFI_LD = "${efiBinutils}/bin/ld";
|
||||
EFI_VENDOR = "nixos";
|
||||
|
||||
# TODO: Flask needs more testing before enabling it by default.
|
||||
#makeFlags = [ "XSM_ENABLE=y" "FLASK_ENABLE=y" "PREFIX=$(out)" "CONFIG_DIR=/etc" "XEN_EXTFILES_URL=\\$(XEN_ROOT)/xen_ext_files" ];
|
||||
makeFlags = [ "PREFIX=$(out) CONFIG_DIR=/etc" "XEN_SCRIPT_DIR=/etc/xen/scripts" ]
|
||||
++ (config.makeFlags or []);
|
||||
|
||||
preBuild = ''
|
||||
${config.preBuild or ""}
|
||||
'';
|
||||
|
||||
buildFlags = [ "xen" "tools" ];
|
||||
|
||||
postBuild = ''
|
||||
make -C docs man-pages
|
||||
|
||||
${withTools "buildPhase" (name: x: x.buildPhase)}
|
||||
'';
|
||||
|
||||
installPhase = ''
|
||||
mkdir -p $out $out/share $out/share/man
|
||||
cp -prvd dist/install/nix/store/*/* $out/
|
||||
cp -prvd dist/install/boot $out/boot
|
||||
cp -prvd dist/install/etc $out
|
||||
cp -dR docs/man1 docs/man5 $out/share/man/
|
||||
|
||||
${withTools "installPhase" (name: x: x.installPhase)}
|
||||
|
||||
# Hack
|
||||
substituteInPlace $out/etc/xen/scripts/hotplugpath.sh \
|
||||
--replace SBINDIR=\"$out/sbin\" SBINDIR=\"$out/bin\"
|
||||
|
||||
wrapPythonPrograms
|
||||
# We also need to wrap pygrub, which lies in lib
|
||||
wrapPythonProgramsIn "$out/lib" "$out $pythonPath"
|
||||
|
||||
shopt -s extglob
|
||||
for i in $out/etc/xen/scripts/!(*.sh); do
|
||||
sed -i "2s@^@export PATH=$out/bin:${scriptEnvPath}\n@" $i
|
||||
done
|
||||
'';
|
||||
buildFlags = [
|
||||
"xen" # Build the Xen Hypervisor.
|
||||
"tools" # Build the userspace tools, such as `xl`.
|
||||
"docs" # Build the Xen Documentation
|
||||
# TODO: Enable the Stubdomains target. This requires another pre-fetched source: mini-os. Currently, Xen appears to build a limited version of stubdomains which does not include mini-os.
|
||||
# "stubdom"
|
||||
];
|
||||
|
||||
enableParallelBuilding = true;
|
||||
|
||||
# TODO(@oxij): Stop referencing args here
|
||||
env.NIX_CFLAGS_COMPILE = builtins.toString (
|
||||
[
|
||||
"-Wno-error=maybe-uninitialized"
|
||||
"-Wno-error=array-bounds"
|
||||
]
|
||||
++ lib.lists.optionals withInternalOVMF [
|
||||
"-Wno-error=format-security"
|
||||
"-Wno-error=use-after-free"
|
||||
"-Wno-error=vla-parameter"
|
||||
"-Wno-error=dangling-pointer"
|
||||
"-Wno-error=stringop-overflow"
|
||||
]
|
||||
);
|
||||
|
||||
dontUseCmakeConfigure = true;
|
||||
dontUseNinjaBuild = withInternalQEMU;
|
||||
|
||||
prePatch =
|
||||
# Xen's stubdoms, tools and firmwares need various sources that
|
||||
# are usually fetched at build time using wget and git. We can't
|
||||
# have that, so we pre-fetch them in the versioned Nix expressions,
|
||||
# and produce fake wget and git executables for debugging purposes.
|
||||
#
|
||||
# We also produce a fake hostname executable to prevent spurious
|
||||
# command-not-found errors during compilation.
|
||||
#
|
||||
# The snippet below produces executables that simply print in stdout
|
||||
# what they were supposed to fetch, and exit gracefully.
|
||||
''
|
||||
mkdir fake-bin
|
||||
|
||||
cat > fake-bin/wget << EOF
|
||||
#!${stdenv.shell} -e
|
||||
echo ===== FAKE WGET: Not fetching \$*
|
||||
[ -e \$3 ]
|
||||
EOF
|
||||
|
||||
cat > fake-bin/git << EOF
|
||||
#!${stdenv.shell}
|
||||
echo ===== FAKE GIT: Not cloning \$*
|
||||
[ -e \$3 ]
|
||||
EOF
|
||||
|
||||
cat > fake-bin/hostname << EOF
|
||||
#!${stdenv.shell}
|
||||
echo ${efiVendor}
|
||||
[ -e \$3 ]
|
||||
EOF
|
||||
|
||||
chmod +x fake-bin/*
|
||||
export PATH=$PATH:$PWD/fake-bin
|
||||
''
|
||||
|
||||
# Remove in-tree QEMU sources, as we either pre-fetch them through
|
||||
# the versioned Nix expressions if withInternalQEMU is true, or we
|
||||
# don't build QEMU at all if withInternalQEMU is false.
|
||||
+ ''
|
||||
rm --recursive --force tools/qemu-xen tools/qemu-xen-traditional
|
||||
''
|
||||
|
||||
# The following expression moves the sources we fetched in the
|
||||
# versioned Nix expressions to their correct locations inside
|
||||
# the Xen source tree.
|
||||
+ ''
|
||||
${withPrefetchedSources (
|
||||
name: source: ''
|
||||
echo "Copying pre-fetched source: ${source.src} -> tools/${name}"
|
||||
cp --recursive ${source.src} tools/${name}
|
||||
chmod --recursive +w tools/${name}
|
||||
''
|
||||
)}
|
||||
'';
|
||||
|
||||
postPatch =
|
||||
# The following patch forces Xen to install xen.efi on $out/boot
|
||||
# instead of $out/boot/efi/efi/nixos, as the latter directory
|
||||
# would otherwise need to be created manually. This also creates
|
||||
# a more consistent output for downstreams who override the
|
||||
# efiVendor attribute above.
|
||||
''
|
||||
substituteInPlace xen/Makefile \
|
||||
--replace-fail "\$(D)\$(EFI_MOUNTPOINT)/efi/\$(EFI_VENDOR)/\$(T)-\$(XEN_FULLVERSION).efi" \
|
||||
"\$(D)\$(BOOT_DIR)/\$(T)-\$(XEN_FULLVERSION).efi"
|
||||
''
|
||||
|
||||
# The following patch fixes the call to /bin/mkdir on the
|
||||
# launch_xenstore.sh helper script.
|
||||
+ ''
|
||||
substituteInPlace tools/hotplug/Linux/launch-xenstore.in \
|
||||
--replace-fail "/bin/mkdir" "${coreutils}/bin/mkdir"
|
||||
''
|
||||
|
||||
# The following expression fixes the paths called by Xen's systemd
|
||||
# units, so we can use them in the NixOS module.
|
||||
+ ''
|
||||
substituteInPlace \
|
||||
tools/hotplug/Linux/systemd/{xen-init-dom0,xen-qemu-dom0-disk-backend,xenconsoled,xendomains,xenstored}.service.in \
|
||||
--replace-fail /bin/grep ${gnugrep}/bin/grep
|
||||
substituteInPlace \
|
||||
tools/hotplug/Linux/systemd/{xen-qemu-dom0-disk-backend,xenconsoled}.service.in \
|
||||
--replace-fail "/bin/mkdir" "${coreutils}/bin/mkdir"
|
||||
''
|
||||
|
||||
# The following expression applies the patches defined on each
|
||||
# prefetchedSources attribute.
|
||||
+ ''
|
||||
${withTools "patches" (
|
||||
name: source: ''
|
||||
${lib.strings.concatMapStringsSep "\n" (patch: ''
|
||||
echo "Patching with ${patch}"
|
||||
patch --strip 1 < ${patch}
|
||||
'') source.patches}
|
||||
''
|
||||
)}
|
||||
|
||||
${withTools "postPatch" (name: source: source.postPatch)}
|
||||
|
||||
${pkg.xen.postPatch or ""}
|
||||
'';
|
||||
|
||||
preBuild = lib.lists.optionals (lib.attrsets.hasAttrByPath [ "preBuild" ] pkg.xen) pkg.xen.preBuild;
|
||||
|
||||
postBuild = ''
|
||||
${withTools "buildPhase" (name: source: source.buildPhase)}
|
||||
|
||||
${pkg.xen.postBuild or ""}
|
||||
'';
|
||||
|
||||
installPhase =
|
||||
let
|
||||
cpFlags = builtins.toString [
|
||||
"--preserve=mode,ownership,timestamps,link"
|
||||
"--recursive"
|
||||
"--verbose"
|
||||
"--no-dereference"
|
||||
];
|
||||
in
|
||||
# Run the preInstall tasks.
|
||||
''
|
||||
runHook preInstall
|
||||
''
|
||||
|
||||
# Create $out directories and copy build output.
|
||||
+ ''
|
||||
mkdir --parents $out $out/share $boot
|
||||
cp ${cpFlags} dist/install/nix/store/*/* $out/
|
||||
cp ${cpFlags} dist/install/etc $out
|
||||
cp ${cpFlags} dist/install/boot $boot
|
||||
''
|
||||
|
||||
# Run the postInstall tasks.
|
||||
+ ''
|
||||
runHook postInstall
|
||||
'';
|
||||
|
||||
postInstall =
|
||||
# Wrap xencov_split, xenmon and xentrace_format.
|
||||
''
|
||||
wrapPythonPrograms
|
||||
''
|
||||
|
||||
# We also need to wrap pygrub, which lies in $out/libexec/xen/bin.
|
||||
+ ''
|
||||
wrapPythonProgramsIn "$out/libexec/xen/bin" "$out $pythonPath"
|
||||
''
|
||||
|
||||
# Fix shebangs in Xen's various scripts.
|
||||
#TODO: Remove any and all usage of `sed` and replace these complicated magic runes with readable code.
|
||||
+ ''
|
||||
shopt -s extglob
|
||||
for i in $out/etc/xen/scripts/!(*.sh); do
|
||||
sed --in-place "2s@^@export PATH=$out/bin:${scriptEnvPath}\n@" $i
|
||||
done
|
||||
''
|
||||
|
||||
+ ''
|
||||
${withTools "installPhase" (name: source: source.installPhase)}
|
||||
|
||||
${pkg.xen.installPhase or ""}
|
||||
'';
|
||||
|
||||
postFixup =
|
||||
# Fix binaries in $out/lib/xen/bin.
|
||||
''
|
||||
addAutoPatchelfSearchPath $out/lib
|
||||
autoPatchelf $out/libexec/xen/bin/
|
||||
''
|
||||
# Flask is particularly hard to disable. Even after
|
||||
# setting the make flags to `n`, it still gets compiled.
|
||||
# If withFlask is disabled, delete the extra binaries.
|
||||
+ lib.strings.optionalString (!withFlask) ''
|
||||
rm -f $out/bin/flask-*
|
||||
'';
|
||||
|
||||
passthru = {
|
||||
efi =
|
||||
if withEFI then "boot/xen-${version}.efi" else throw "This Xen was compiled without an EFI binary.";
|
||||
flaskPolicy =
|
||||
if withFlask then
|
||||
"boot/xenpolicy-${version}"
|
||||
else
|
||||
throw "This Xen was compiled without FLASK support.";
|
||||
qemu-system-i386 =
|
||||
if withInternalQEMU then
|
||||
"libexec/xen/bin/qemu-system-i386"
|
||||
else
|
||||
throw "This Xen was compiled without a built-in QEMU.";
|
||||
# This test suite is very simple, as Xen's userspace
|
||||
# utilities require the hypervisor to be booted.
|
||||
tests = {
|
||||
pkg-config = testers.hasPkgConfigModules {
|
||||
package = finalAttrs.finalPackage;
|
||||
moduleNames = [
|
||||
"xencall"
|
||||
"xencontrol"
|
||||
"xendevicemodel"
|
||||
"xenevtchn"
|
||||
"xenforeignmemory"
|
||||
"xengnttab"
|
||||
"xenguest"
|
||||
"xenhypfs"
|
||||
"xenlight"
|
||||
"xenstat"
|
||||
"xenstore"
|
||||
"xentoolcore"
|
||||
"xentoollog"
|
||||
"xenvchan"
|
||||
"xlutil"
|
||||
];
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
meta = {
|
||||
homepage = "http://www.xen.org/";
|
||||
description = "Xen hypervisor and related components"
|
||||
+ optionalString (args ? meta && args.meta ? description)
|
||||
" (${args.meta.description})";
|
||||
longDescription = (args.meta.longDescription or "")
|
||||
+ "\nIncludes:\n"
|
||||
+ withXenfiles (name: x: "* ${name}: ${x.meta.description or "(No description)"}.");
|
||||
platforms = [ "x86_64-linux" ];
|
||||
maintainers = [ ];
|
||||
license = lib.licenses.gpl2;
|
||||
knownVulnerabilities = [
|
||||
# https://www.openwall.com/lists/oss-security/2023/03/21/1
|
||||
# Affects 3.2 (at *least*) - 4.17
|
||||
"CVE-2022-42332"
|
||||
# https://www.openwall.com/lists/oss-security/2023/03/21/2
|
||||
# Affects 4.11 - 4.17
|
||||
"CVE-2022-42333"
|
||||
"CVE-2022-42334"
|
||||
# https://www.openwall.com/lists/oss-security/2023/03/21/3
|
||||
# Affects 4.15 - 4.17
|
||||
"CVE-2022-42331"
|
||||
# https://xenbits.xen.org/docs/unstable/support-matrix.html
|
||||
] ++ lib.optionals (lib.versionOlder version "4.15") [
|
||||
"This version of Xen has reached its end of life. See https://xenbits.xen.org/docs/unstable/support-matrix.html"
|
||||
inherit branch;
|
||||
# Short description for Xen.
|
||||
description =
|
||||
"Xen Hypervisor"
|
||||
# The "and related components" addition is automatically hidden if said components aren't being built.
|
||||
+ lib.strings.optionalString (prefetchedSources != { }) " and related components"
|
||||
# To alter the description inside the paranthesis, edit ./packages.nix.
|
||||
+ lib.strings.optionalString (lib.attrsets.hasAttrByPath [
|
||||
"meta"
|
||||
"description"
|
||||
] packageDefinition) " (${packageDefinition.meta.description})";
|
||||
# Long description for Xen.
|
||||
longDescription =
|
||||
# Starts with the longDescription from ./packages.nix.
|
||||
(packageDefinition.meta.longDescription or "")
|
||||
+
|
||||
lib.strings.optionalString (!withInternalQEMU)
|
||||
"\nUse with `qemu_xen_${lib.stringAsChars (x: if x == "." then "_" else x) branch}`"
|
||||
+ lib.strings.optionalString latest "or `qemu_xen`"
|
||||
+ "."
|
||||
# Then, if any of the optional with* components are being built, add the "Includes:" string.
|
||||
+
|
||||
lib.strings.optionalString
|
||||
(
|
||||
withInternalQEMU
|
||||
|| withInternalSeaBIOS
|
||||
|| withInternalOVMF
|
||||
|| withInternalIPXE
|
||||
|| withEFI
|
||||
|| withFlask
|
||||
)
|
||||
(
|
||||
"\nIncludes:\n"
|
||||
# Originally, this was a call for the complicated withPrefetchedSources. Since there aren't
|
||||
# that many optional components, we just use lib.strings.optionalString, because it's simpler.
|
||||
# Optional components that aren't being built are automatically hidden.
|
||||
+ lib.strings.optionalString withEFI "* `xen.efi`: Xen's [EFI binary](https://xenbits.xenproject.org/docs/${branch}-testing/misc/efi.html), available on the `boot` output of this package.\n"
|
||||
+ lib.strings.optionalString withFlask "* `xsm-flask`: The [FLASK Xen Security Module](https://wiki.xenproject.org/wiki/Xen_Security_Modules_:_XSM-FLASK). The `xenpolicy-${version}` file is available on the `boot` output of this package.\n"
|
||||
+ lib.strings.optionalString withInternalQEMU "* `qemu-xen`: Xen's mirror of [QEMU](https://www.qemu.org/).\n"
|
||||
+ lib.strings.optionalString withInternalSeaBIOS "* `seabios-xen`: Xen's mirror of [SeaBIOS](https://www.seabios.org/SeaBIOS).\n"
|
||||
+ lib.strings.optionalString withInternalOVMF "* `ovmf-xen`: Xen's mirror of [OVMF](https://github.com/tianocore/tianocore.github.io/wiki/OVMF).\n"
|
||||
+ lib.strings.optionalString withInternalIPXE "* `ipxe-xen`: Xen's pinned version of [iPXE](https://ipxe.org/).\n"
|
||||
)
|
||||
# Finally, we write a notice explaining which vulnerabilities this Xen is NOT vulnerable to.
|
||||
# This will hopefully give users the peace of mind that their Xen is secure, without needing
|
||||
# to search the source code for the XSA patches.
|
||||
+ lib.strings.optionalString (writeAdvisoryDescription != [ ]) (
|
||||
"\nThis Xen (${version}) has been patched against the following known security vulnerabilities:\n"
|
||||
+ lib.strings.removeSuffix "\n" (lib.strings.concatLines writeAdvisoryDescription)
|
||||
);
|
||||
homepage = "https://xenproject.org/";
|
||||
downloadPage = "https://downloads.xenproject.org/release/xen/${version}/";
|
||||
changelog = "https://wiki.xenproject.org/wiki/Xen_Project_${branch}_Release_Notes";
|
||||
license = with lib.licenses; [
|
||||
# Documentation.
|
||||
cc-by-40
|
||||
# Most of Xen is licensed under the GPL v2.0.
|
||||
gpl2Only
|
||||
# Xen Libraries and the `xl` command-line utility.
|
||||
lgpl21Only
|
||||
# Development headers in $dev/include.
|
||||
mit
|
||||
];
|
||||
} // (config.meta or {});
|
||||
} // removeAttrs config [ "xenfiles" "buildInputs" "patches" "postPatch" "meta" ])
|
||||
maintainers = [ lib.maintainers.sigmasquadron ];
|
||||
mainProgram = "xl";
|
||||
# Evaluates to x86_64-linux.
|
||||
platforms = lib.lists.intersectLists lib.platforms.linux lib.platforms.x86_64;
|
||||
knownVulnerabilities = lib.lists.optionals (lib.strings.versionOlder version "4.16") [
|
||||
"Xen ${version} is no longer supported by the Xen Security Team. See https://xenbits.xenproject.org/docs/unstable/support-matrix.html"
|
||||
];
|
||||
};
|
||||
})
|
||||
|
@ -1,58 +1,68 @@
|
||||
{ callPackage
|
||||
|
||||
}:
|
||||
|
||||
# TODO(@oxij) on new Xen version: generalize this to generate [vanilla slim
|
||||
# light] for each ./<version>.nix.
|
||||
|
||||
{ callPackage }:
|
||||
let
|
||||
standard = {
|
||||
meta = {
|
||||
description = "Standard Xen";
|
||||
longDescription = ''
|
||||
Standard version of Xen. Uses forks of QEMU, SeaBIOS, OVMF and iPXE provided
|
||||
by the Xen Project. This provides the vanilla Xen experince, but wastes space
|
||||
and build time. A typical NixOS setup that runs lots of VMs will usually need
|
||||
to build two different versions of QEMU when using this Xen derivation (one
|
||||
fork and upstream).
|
||||
'';
|
||||
};
|
||||
};
|
||||
slim = {
|
||||
meta = {
|
||||
description = "Without Internal Components";
|
||||
longDescription = ''
|
||||
Slimmed-down version of Xen that reuses nixpkgs packages as much as possible.
|
||||
Instead of using the Xen forks for various internal components, this version uses
|
||||
`seabios`, `ovmf` and `ipxe` from nixpkgs. These components may ocasionally get
|
||||
out of sync with the hypervisor itself, but this builds faster and uses less space
|
||||
than the default derivation.
|
||||
'';
|
||||
};
|
||||
};
|
||||
in
|
||||
# TODO: generalise this to automatically generate both Xen variants for each ./<version>/default.nix.
|
||||
rec {
|
||||
xen_4_15-vanilla = callPackage ./4.15.nix {
|
||||
meta = {
|
||||
description = "vanilla";
|
||||
longDescription = ''
|
||||
Vanilla version of Xen. Uses forks of Qemu and Seabios bundled
|
||||
with Xen. This gives vanilla experince, but wastes space and
|
||||
build time: typical NixOS setup that runs lots of VMs will
|
||||
build three different versions of Qemu when using this (two
|
||||
forks and upstream).
|
||||
'';
|
||||
};
|
||||
xen_4_19 = callPackage ./4.19/default.nix { inherit (standard) meta; };
|
||||
xen_4_19-slim = xen_4_19.override {
|
||||
withInternalQEMU = false;
|
||||
withInternalSeaBIOS = false;
|
||||
withInternalOVMF = false;
|
||||
withInternalIPXE = false;
|
||||
inherit (slim) meta;
|
||||
};
|
||||
|
||||
xen_4_15-slim = xen_4_15-vanilla.override {
|
||||
withInternalQemu = false;
|
||||
withInternalTraditionalQemu = true;
|
||||
withInternalSeabios = false;
|
||||
withSeabios = true;
|
||||
|
||||
meta = {
|
||||
description = "slim";
|
||||
longDescription = ''
|
||||
Slimmed-down version of Xen that reuses nixpkgs packages as
|
||||
much as possible. Different parts may get out of sync, but
|
||||
this builds faster and uses less space than vanilla. Use with
|
||||
`qemu_xen` from nixpkgs.
|
||||
'';
|
||||
};
|
||||
xen_4_18 = callPackage ./4.18/default.nix { inherit (standard) meta; };
|
||||
xen_4_18-slim = xen_4_18.override {
|
||||
withInternalQEMU = false;
|
||||
withInternalSeaBIOS = false;
|
||||
withInternalOVMF = false;
|
||||
withInternalIPXE = false;
|
||||
inherit (slim) meta;
|
||||
};
|
||||
|
||||
xen_4_15-light = xen_4_15-vanilla.override {
|
||||
withInternalQemu = false;
|
||||
withInternalTraditionalQemu = false;
|
||||
withInternalSeabios = false;
|
||||
withSeabios = true;
|
||||
|
||||
meta = {
|
||||
description = "light";
|
||||
longDescription = ''
|
||||
Slimmed-down version of Xen without `qemu-traditional` (you
|
||||
don't need it if you don't know what it is). Use with
|
||||
`qemu_xen-light` from nixpkgs.
|
||||
'';
|
||||
};
|
||||
xen_4_17 = callPackage ./4.17/default.nix { inherit (standard) meta; };
|
||||
xen_4_17-slim = xen_4_17.override {
|
||||
withInternalQEMU = false;
|
||||
withInternalSeaBIOS = false;
|
||||
withInternalOVMF = false;
|
||||
withInternalIPXE = false;
|
||||
inherit (slim) meta;
|
||||
};
|
||||
|
||||
xen-vanilla = xen_4_15-vanilla;
|
||||
xen-slim = xen_4_15-slim;
|
||||
xen-light = xen_4_15-light;
|
||||
xen_4_16 = callPackage ./4.16/default.nix { inherit (standard) meta; };
|
||||
xen_4_16-slim = xen_4_16.override {
|
||||
withInternalQEMU = false;
|
||||
withInternalSeaBIOS = false;
|
||||
withInternalOVMF = false;
|
||||
withInternalIPXE = false;
|
||||
inherit (slim) meta;
|
||||
};
|
||||
|
||||
xen = xen_4_19;
|
||||
xen-slim = xen_4_19-slim;
|
||||
}
|
||||
|
114
pkgs/applications/virtualization/xen/patches.nix
Normal file
114
pkgs/applications/virtualization/xen/patches.nix
Normal file
@ -0,0 +1,114 @@
|
||||
# Patching Xen? Check the XSAs at https://xenbits.xen.org/xsa/
|
||||
# and try applying all the ones we haven't gotten around to
|
||||
# yet, if any are necessary. Patches from other downstreams
|
||||
# are also welcome if they fix important issues with vanilla Xen.
|
||||
|
||||
{ lib, fetchpatch }:
|
||||
|
||||
let
|
||||
xsaPatch =
|
||||
{
|
||||
id,
|
||||
title,
|
||||
description,
|
||||
type ? "xsa",
|
||||
hash ? "",
|
||||
cve ? null,
|
||||
}:
|
||||
(fetchpatch {
|
||||
name =
|
||||
"XSA-" + id + lib.strings.optionalString (cve != null) ("-" + builtins.concatStringsSep "+" cve);
|
||||
url = "https://xenbits.xen.org/xsa/xsa${id}.patch";
|
||||
inherit hash;
|
||||
passthru = {
|
||||
xsa = id;
|
||||
inherit type;
|
||||
};
|
||||
meta = {
|
||||
description = title;
|
||||
longDescription =
|
||||
description
|
||||
+ "\n"
|
||||
+ (
|
||||
if (cve == null) then
|
||||
# Why the two spaces preceding these CVE messages?
|
||||
# This is parsed by writeAdvisoryDescription in generic.nix,
|
||||
# and doing this was easier than messing with lib.strings even more.
|
||||
" _No CVE was assigned to this XSA._"
|
||||
else
|
||||
" Fixes:${
|
||||
lib.strings.concatMapStrings (
|
||||
x: "\n * [" + x + "](https://www.cve.org/CVERecord?id=" + x + ")"
|
||||
) cve
|
||||
}"
|
||||
);
|
||||
homepage = "https://xenbits.xenproject.org/xsa/advisory-${id}.html";
|
||||
};
|
||||
});
|
||||
qubesPatch =
|
||||
{
|
||||
name,
|
||||
tag,
|
||||
type ? "qubes",
|
||||
hash ? "",
|
||||
}:
|
||||
(fetchpatch {
|
||||
inherit name;
|
||||
url = "https://raw.githubusercontent.com/QubesOS/qubes-vmm-xen/v${tag}/${name}.patch";
|
||||
inherit hash;
|
||||
passthru.type = type;
|
||||
});
|
||||
in
|
||||
{
|
||||
# Example patches:
|
||||
#
|
||||
# "XSA_100" = xsaPatch {
|
||||
# id = "100";
|
||||
# name = "Verbatim Title of XSA";
|
||||
# cve = [ "CVE-1999-0001" "CVE-1999-0002" ]; # Not all XSAs have CVEs. This attribute is optional.
|
||||
# hash = "sha256-0000000000000000000000000000000000000000000000000000";
|
||||
# };
|
||||
#
|
||||
# "QUBES_libxl-fix-all-issues" = qubesPatch {
|
||||
# name = "1000-libxl-fix-all-issues";
|
||||
# tag = "4.20.0-1";
|
||||
# hash = "sha256-0000000000000000000000000000000000000000000000000000";
|
||||
# };
|
||||
|
||||
# Build reproducibility patches for Xen.
|
||||
# Qubes OS has not updated them to later versions of Xen yet,
|
||||
# but they appear to work on Xen 4.17.4 - 4.19.0.
|
||||
QUBES_REPRODUCIBLE_BUILDS = [
|
||||
(qubesPatch {
|
||||
name = "1100-Define-build-dates-time-based-on-SOURCE_DATE_EPOCH";
|
||||
tag = "4.17.4-5";
|
||||
hash = "sha256-OwKA9oPTwhRcSmiOb+PxzifbO/IG8IHWlvddFh/nP6s=";
|
||||
})
|
||||
(qubesPatch {
|
||||
name = "1101-docs-rename-DATE-to-PANDOC_REL_DATE-and-allow-to-spe";
|
||||
tag = "4.17.4-5";
|
||||
hash = "sha256-BUtYt0mM3bURVaGv4oDznzxx1Wo4sfOpGV5GB8qc5Ns=";
|
||||
})
|
||||
(qubesPatch {
|
||||
name = "1102-docs-xen-headers-use-alphabetical-sorting-for-incont";
|
||||
tag = "4.17.4-5";
|
||||
hash = "sha256-mQUp2w9lUb7KDq5MuPQjs6y7iuMDeXoZjDjlXfa5z44=";
|
||||
})
|
||||
];
|
||||
|
||||
# Xen Security Advisory #458: (4.16 - 4.19-rc3)
|
||||
"XSA_458" = xsaPatch {
|
||||
id = "458";
|
||||
title = "Double unlock in x86 guest IRQ handling";
|
||||
description = ''
|
||||
An optional feature of PCI MSI called "Multiple Message" allows a device
|
||||
to use multiple consecutive interrupt vectors. Unlike for MSI-X, the
|
||||
setting up of these consecutive vectors needs to happen all in one go.
|
||||
In this handling an error path could be taken in different situations,
|
||||
with or without a particular lock held. This error path wrongly releases
|
||||
the lock even when it is not currently held.
|
||||
'';
|
||||
cve = [ "CVE-2024-31143" ];
|
||||
hash = "sha256-yHI9Sp/7Ed40iIYQ/HOOIULlfzAzL0c0MGqdF+GR+AQ=";
|
||||
};
|
||||
}
|
194
pkgs/applications/virtualization/xen/update.sh
Executable file
194
pkgs/applications/virtualization/xen/update.sh
Executable file
@ -0,0 +1,194 @@
|
||||
#!/usr/bin/env nix-shell
|
||||
#!nix-shell -i bash -p gitMinimal curl gnupg nix-prefetch-git nixfmt-rfc-style
|
||||
# shellcheck disable=SC2206,SC2207 shell=bash
|
||||
set -e
|
||||
|
||||
# Set a temporary $HOME in /tmp for GPG.
|
||||
HOME=/tmp/xenUpdateScript
|
||||
|
||||
# This script expects to be called in an interactive terminal somewhere inside Nixpkgs.
|
||||
echo "Preparing..."
|
||||
nixpkgs=$(git rev-parse --show-toplevel)
|
||||
xenPath="$nixpkgs/pkgs/applications/virtualization/xen"
|
||||
rm -rf /tmp/xenUpdateScript
|
||||
mkdir /tmp/xenUpdateScript
|
||||
|
||||
# Import and verify PGP key.
|
||||
curl --silent --output /tmp/xenUpdateScript/xen.asc https://keys.openpgp.org/vks/v1/by-fingerprint/23E3222C145F4475FA8060A783FE14C957E82BD9
|
||||
gpg --quiet --import /tmp/xenUpdateScript/xen.asc
|
||||
fingerprint="$(gpg --with-colons --fingerprint "pgp@xen.org" 2>/dev/null | awk -F: '/^pub:.*/ { getline; print $10}')"
|
||||
echo -e "Please ascertain through multiple external sources that the \e[1;32mXen Project PGP Key Fingerprint\e[0m is indeed \e[1;33m$fingerprint\e[0m. If that is not the case, \e[1;31mexit immediately\e[0m."
|
||||
read -r -p $'Press \e[1;34menter\e[0m to continue with a pre-filled expected fingerprint, or input an arbitrary PGP fingerprint to match with the key\'s fingerprint: ' userInputFingerprint
|
||||
userInputFingerprint=${userInputFingerprint:-"23E3222C145F4475FA8060A783FE14C957E82BD9"}
|
||||
|
||||
# Clone xen.git.
|
||||
echo -e "Cloning \e[1;34mxen.git\e[0m..."
|
||||
git clone --quiet https://xenbits.xen.org/git-http/xen.git /tmp/xenUpdateScript/xen
|
||||
cd /tmp/xenUpdateScript/xen
|
||||
|
||||
# Get list of versions and branches.
|
||||
versionList="$(git tag --list "RELEASE-*" | sed s/RELEASE-//g | sed s/4.1.6.1//g | sort --numeric-sort)"
|
||||
latestVersion=$(echo "$versionList" | tr ' ' '\n' | tail --lines=1)
|
||||
branchList=($(echo "$versionList" | tr ' ' '\n' | sed s/\.[0-9]*$//g | awk '!seen[$0]++'))
|
||||
|
||||
# Figure out which versions we're actually going to install.
|
||||
minSupportedBranch="$(grep " knownVulnerabilities = lib.lists.optionals (lib.strings.versionOlder version " "$xenPath"/generic.nix | sed s/' knownVulnerabilities = lib.lists.optionals (lib.strings.versionOlder version "'//g | sed s/'") \['//g)"
|
||||
supportedBranches=($(for version in "${branchList[@]}"; do if [ "$(printf '%s\n' "$minSupportedBranch" "$version" | sort -V | head -n1)" = "$minSupportedBranch" ]; then echo "$version"; fi; done))
|
||||
supportedVersions=($(for version in "${supportedBranches[@]}"; do echo "$versionList" | tr ' ' '\n' | grep "$version" | tail --lines=1; done))
|
||||
|
||||
# Main loop that installs every supportedVersion.
|
||||
for version in "${supportedVersions[@]}"; do
|
||||
echo -e "\n------------------------------------------------"
|
||||
branch=${version/%.[0-9]/}
|
||||
if [[ "$version" == "$latestVersion" ]]; then
|
||||
latest=true
|
||||
echo -e "\nFound \e[1;34mlatest\e[0m release: \e[1;32mXen $version\e[0m in branch \e[1;36m$branch\e[0m."
|
||||
else
|
||||
latest=false
|
||||
echo -e "\nFound \e[1;33msecurity-supported\e[0m release: \e[1;32mXen $version\e[0m in branch \e[1;36m$branch\e[0m."
|
||||
fi
|
||||
|
||||
# Verify PGP key automatically. If the fingerprint matches what the user specified, or the default fingerprint, then we consider it trusted.
|
||||
cd /tmp/xenUpdateScript/xen
|
||||
if [[ "$fingerprint" = "$userInputFingerprint" ]]; then
|
||||
echo "$fingerprint:6:" | gpg --quiet --import-ownertrust
|
||||
(git verify-tag RELEASE-"$version" 2>/dev/null && echo -e "\n\e[1;32mSuccessfully authenticated Xen $version.\e[0m") || (echo -e "\e[1;31merror:\e[0m Unable to verify tag \e[1;32mRELEASE-$version\e[0m.\n- It is possible that \e[1;33mthis script has broken\e[0m, the Xen Project has \e[1;33mcycled their PGP keys\e[0m, or a \e[1;31msupply chain attack is in progress\e[0m.\n\n\e[1;31mPlease update manually.\e[0m" && exit 1)
|
||||
else
|
||||
echo -e "\e[1;31merror:\e[0m Unable to verify \e[1;34mpgp@xen.org\e[0m's fingerprint.\n- It is possible that \e[1;33mthis script has broken\e[0m, the Xen Project has \e[1;33mcycled their PGP keys\e[0m, or an \e[1;31mimpersonation attack is in progress\e[0m.\n\n\e[1;31mPlease update manually.\e[0m" && exit 1
|
||||
fi
|
||||
|
||||
git switch --quiet --detach RELEASE-"$version"
|
||||
|
||||
# Originally we told people to go check the Makefile themselves.
|
||||
echo -e "\nDetermining source versions from Xen Makefiles..."
|
||||
qemuVersion="$(grep -ie "QEMU_UPSTREAM_REVISION ?=" /tmp/xenUpdateScript/xen/Config.mk | sed s/"QEMU_UPSTREAM_REVISION ?= "//g)"
|
||||
seaBIOSVersion="$(grep -ie "SEABIOS_UPSTREAM_REVISION ?= rel-" /tmp/xenUpdateScript/xen/Config.mk | sed s/"SEABIOS_UPSTREAM_REVISION ?= "//g)"
|
||||
ovmfVersion="$(grep -ie "OVMF_UPSTREAM_REVISION ?=" /tmp/xenUpdateScript/xen/Config.mk | sed s/"OVMF_UPSTREAM_REVISION ?= "//g)"
|
||||
ipxeVersion="$(grep -ie "IPXE_GIT_TAG :=" /tmp/xenUpdateScript/xen/tools/firmware/etherboot/Makefile | sed s/"IPXE_GIT_TAG := "//g)"
|
||||
|
||||
# Use `nix-prefetch-git` to fetch `rev`s and `hash`es.
|
||||
echo "Pre-fetching sources and determining hashes..."
|
||||
echo -e -n " \e[1;32mXen\e[0m..."
|
||||
fetchXen=$(nix-prefetch-git --url https://xenbits.xen.org/git-http/xen.git --rev RELEASE-"$version" --quiet)
|
||||
finalVersion="$(echo "$fetchXen" | tr ', ' '\n ' | grep -ie rev | sed s/' "rev": "'//g | sed s/'"'//g)"
|
||||
hash="$(echo "$fetchXen" | tr ', ' '\n ' | grep -ie hash | sed s/' "hash": "'//g | sed s/'"'//g)"
|
||||
echo "done!"
|
||||
echo -e -n " \e[1;36mQEMU\e[0m..."
|
||||
fetchQEMU=$(nix-prefetch-git --url https://xenbits.xen.org/git-http/qemu-xen.git --rev "$qemuVersion" --quiet --fetch-submodules)
|
||||
finalQEMUVersion="$(echo "$fetchQEMU" | tr ', ' '\n ' | grep -ie rev | sed s/' "rev": "'//g | sed s/'"'//g)"
|
||||
qemuHash="$(echo "$fetchQEMU" | tr ', ' '\n ' | grep -ie hash | sed s/' "hash": "'//g | sed s/'"'//g)"
|
||||
echo "done!"
|
||||
echo -e -n " \e[1;36mSeaBIOS\e[0m..."
|
||||
fetchSeaBIOS=$(nix-prefetch-git --url https://xenbits.xen.org/git-http/seabios.git --rev "$seaBIOSVersion" --quiet)
|
||||
finalSeaBIOSVersion="$(echo "$fetchSeaBIOS" | tr ', ' '\n ' | grep -ie rev | sed s/' "rev": "'//g | sed s/'"'//g)"
|
||||
seaBIOSHash="$(echo "$fetchSeaBIOS" | tr ', ' '\n ' | grep -ie hash | sed s/' "hash": "'//g | sed s/'"'//g)"
|
||||
echo "done!"
|
||||
echo -e -n " \e[1;36mOVMF\e[0m..."
|
||||
ovmfHash="$(nix-prefetch-git --url https://xenbits.xen.org/git-http/ovmf.git --rev "$ovmfVersion" --quiet --fetch-submodules | grep -ie hash | sed s/' "hash": "'//g | sed s/'",'//g)"
|
||||
echo "done!"
|
||||
echo -e -n " \e[1;36miPXE\e[0m..."
|
||||
ipxeHash="$(nix-prefetch-git --url https://github.com/ipxe/ipxe.git --rev "$ipxeVersion" --quiet | grep -ie hash | sed s/' "hash": "'//g | sed s/'",'//g)"
|
||||
echo "done!"
|
||||
|
||||
cd "$xenPath"
|
||||
|
||||
echo -e "\nFound the following revisions:\n \e[1;32mXen\e[0m: \e[1;33m$finalVersion\e[0m (\e[1;33m$hash\e[0m)\n \e[1;36mQEMU\e[0m: \e[1;33m$finalQEMUVersion\e[0m (\e[1;33m$qemuHash\e[0m)\n \e[1;36mSeaBIOS\e[0m: \e[1;33m$finalSeaBIOSVersion\e[0m (\e[1;33m$seaBIOSHash\e[0m)\n \e[1;36mOVMF\e[0m: \e[1;33m$ovmfVersion\e[0m (\e[1;33m$ovmfHash\e[0m)\n \e[1;36miPXE\e[0m: \e[1;33m$ipxeVersion\e[0m (\e[1;33m$ipxeHash\e[0m)"
|
||||
|
||||
# Set OCaml Version
|
||||
read -r -p $'\nEnter the corresponding \e[1;33mOCaml\e[0m version for \e[1;32mXen '"$version"$'\e[0m, or press \e[1;34menter\e[0m for the default value of \e[1;32m4_14\e[0m: ' ocamlVersion
|
||||
ocamlVersion=${ocamlVersion:-"4_14"}
|
||||
|
||||
mkdir -p "$branch"/
|
||||
rm -f "$branch"/default.nix
|
||||
|
||||
# Prepare any .patch files that are called by Nix through a path value.
|
||||
echo -e "\nPlease add any required patches to version \e[1;32m$branch\e[0m in \e[1;34m$branch/\e[0m, and press \e[1;34menter\e[0m when done."
|
||||
read -r -p $'Remember to follow the naming specification as defined in \e[1;34m./README.md\e[0m.'
|
||||
|
||||
echo -e "\nDiscovering patches..."
|
||||
discoveredXenPatches="$(find "$branch"/ -type f -name "[0-9][0-9][0-9][0-9]-xen-*-$branch.patch" -printf "./%f ")"
|
||||
discoveredQEMUPatches="$(find "$branch"/ -type f -name "[0-9][0-9][0-9][0-9]-qemu-*-$branch.patch" -printf "./%f ")"
|
||||
discoveredSeaBIOSPatches="$(find "$branch"/ -type f -name "[0-9][0-9][0-9][0-9]-seabios-*-$branch.patch" -printf "./%f ")"
|
||||
discoveredOVMFPatches="$(find "$branch"/ -type f -name "[0-9][0-9][0-9][0-9]-ovmf-*-$branch.patch" -printf "./%f ")"
|
||||
discoveredIPXEPatches="$(find "$branch"/ -type f -name "[0-9][0-9][0-9][0-9]-ipxe-*-$branch.patch" -printf "./%f ")"
|
||||
|
||||
discoveredXenPatchesEcho=${discoveredXenPatches:-"\e[1;31mNone found!\e[0m"}
|
||||
discoveredQEMUPatchesEcho=${discoveredQEMUPatches:-"\e[1;31mNone found!\e[0m"}
|
||||
discoveredSeaBIOSPatchesEcho=${discoveredSeaBIOSPatches:-"\e[1;31mNone found!\e[0m"}
|
||||
discoveredOVMFPatchesEcho=${discoveredOVMFPatches:-"\e[1;31mNone found!\e[0m"}
|
||||
discoveredIPXEPatchesEcho=${discoveredIPXEPatches:-"\e[1;31mNone found!\e[0m"}
|
||||
|
||||
echo -e "Found the following patches:\n \e[1;32mXen\e[0m: \e[1;33m$discoveredXenPatchesEcho\e[0m\n \e[1;36mQEMU\e[0m: \e[1;33m$discoveredQEMUPatchesEcho\e[0m\n \e[1;36mSeaBIOS\e[0m: \e[1;33m$discoveredSeaBIOSPatchesEcho\e[0m\n \e[1;36mOVMF\e[0m: \e[1;33m$discoveredOVMFPatchesEcho\e[0m\n \e[1;36miPXE\e[0m: \e[1;33m$discoveredIPXEPatchesEcho\e[0m"
|
||||
|
||||
# Prepare patches that are called in ./patches.nix.
|
||||
defaultPatchListInit=("QUBES_REPRODUCIBLE_BUILDS" "XSA_458")
|
||||
read -r -a defaultPatchList -p $'\nWould you like to override the \e[1;34mupstreamPatches\e[0m list for \e[1;32mXen '"$version"$'\e[0m? If no, press \e[1;34menter\e[0m to use the default patch list: [ \e[1;34m'"${defaultPatchListInit[*]}"$' \e[0m]: '
|
||||
defaultPatchList=(${defaultPatchList[@]:-${defaultPatchListInit[@]}})
|
||||
spaceSeparatedPatchList=${defaultPatchList[*]}
|
||||
upstreamPatches="upstreamPatches.${spaceSeparatedPatchList// / upstreamPatches.}"
|
||||
|
||||
# Write and format default.nix file.
|
||||
echo -e "\nWriting updated \e[1;34mversionDefinition\e[0m..."
|
||||
cat >"$branch"/default.nix <<EOF
|
||||
{
|
||||
lib,
|
||||
fetchpatch,
|
||||
callPackage,
|
||||
ocaml-ng,
|
||||
...
|
||||
}@genericDefinition:
|
||||
|
||||
let
|
||||
upstreamPatches = import ../patches.nix {
|
||||
inherit lib;
|
||||
inherit fetchpatch;
|
||||
};
|
||||
|
||||
upstreamPatchList = lib.lists.flatten [
|
||||
$upstreamPatches
|
||||
];
|
||||
in
|
||||
|
||||
callPackage (import ../generic.nix {
|
||||
branch = "$branch";
|
||||
version = "$version";
|
||||
latest = $latest;
|
||||
pkg = {
|
||||
xen = {
|
||||
rev = "$finalVersion";
|
||||
hash = "$hash";
|
||||
patches = [ $discoveredXenPatches ] ++ upstreamPatchList;
|
||||
};
|
||||
qemu = {
|
||||
rev = "$finalQEMUVersion";
|
||||
hash = "$qemuHash";
|
||||
patches = [ $discoveredQEMUPatches ];
|
||||
};
|
||||
seaBIOS = {
|
||||
rev = "$finalSeaBIOSVersion";
|
||||
hash = "$seaBIOSHash";
|
||||
patches = [ $discoveredSeaBIOSPatches ];
|
||||
};
|
||||
ovmf = {
|
||||
rev = "$ovmfVersion";
|
||||
hash = "$ovmfHash";
|
||||
patches = [ $discoveredOVMFPatches ];
|
||||
};
|
||||
ipxe = {
|
||||
rev = "$ipxeVersion";
|
||||
hash = "$ipxeHash";
|
||||
patches = [ $discoveredIPXEPatches ];
|
||||
};
|
||||
};
|
||||
}) ({ ocamlPackages = ocaml-ng.ocamlPackages_$ocamlVersion; } // genericDefinition)
|
||||
EOF
|
||||
|
||||
echo "Formatting..."
|
||||
nixfmt "$branch"/default.nix
|
||||
|
||||
echo -e "\n\e[1;32mSuccessfully produced $branch/default.nix.\e[0m"
|
||||
done
|
||||
|
||||
echo -e -n "\nCleaning up..."
|
||||
rm -rf /tmp/xenUpdateScript
|
||||
echo done!
|
@ -1,493 +0,0 @@
|
||||
{ fetchpatch }:
|
||||
|
||||
let
|
||||
xsaPatch = { name , sha256 }: (fetchpatch {
|
||||
url = "https://xenbits.xen.org/xsa/xsa${name}.patch";
|
||||
inherit sha256;
|
||||
});
|
||||
in {
|
||||
# 4.5
|
||||
XSA_190 = (xsaPatch {
|
||||
name = "190-4.5";
|
||||
sha256 = "0f8pw38kkxky89ny3ic5h26v9zsjj9id89lygx896zc3w1klafqm";
|
||||
});
|
||||
|
||||
# 4.5
|
||||
XSA_191 = (xsaPatch {
|
||||
name = "191-4.6";
|
||||
sha256 = "1wl1ndli8rflmc44pkp8cw4642gi8z7j7gipac8mmlavmn3wdqhg";
|
||||
});
|
||||
|
||||
# 4.5
|
||||
XSA_192 = (xsaPatch {
|
||||
name = "192-4.5";
|
||||
sha256 = "0m8cv0xqvx5pdk7fcmaw2vv43xhl62plyx33xqj48y66x5z9lxpm";
|
||||
});
|
||||
|
||||
# 4.5
|
||||
XSA_193 = (xsaPatch {
|
||||
name = "193-4.5";
|
||||
sha256 = "0k9mykhrpm4rbjkhv067f6s05lqmgnldcyb3vi8cl0ndlyh66lvr";
|
||||
});
|
||||
|
||||
# 4.5
|
||||
XSA_195 = (xsaPatch {
|
||||
name = "195";
|
||||
sha256 = "0m0g953qnjy2knd9qnkdagpvkkgjbk3ydgajia6kzs499dyqpdl7";
|
||||
});
|
||||
|
||||
# 4.5
|
||||
XSA_196 = [
|
||||
(xsaPatch {
|
||||
name = "196-0001-x86-emul-Correct-the-IDT-entry-calculation-in-inject";
|
||||
sha256 = "0z53nzrjvc745y26z1qc8jlg3blxp7brawvji1hx3s74n346ssl6";
|
||||
})
|
||||
(xsaPatch {
|
||||
name = "196-0002-x86-svm-Fix-injection-of-software-interrupts";
|
||||
sha256 = "11cqvr5jn2s92wsshpilx9qnfczrd9hnyb5aim6qwmz3fq3hrrkz";
|
||||
})
|
||||
];
|
||||
|
||||
# 4.5
|
||||
XSA_198 = (xsaPatch {
|
||||
name = "198";
|
||||
sha256 = "0d1nndn4p520c9xa87ixnyks3mrvzcri7c702d6mm22m8ansx6d9";
|
||||
});
|
||||
|
||||
# 4.5
|
||||
XSA_200 = (xsaPatch {
|
||||
name = "200-4.6";
|
||||
sha256 = "0k918ja83470iz5k4vqi15293zjvz2dipdhgc9sy9rrhg4mqncl7";
|
||||
});
|
||||
|
||||
# 4.5
|
||||
XSA_202_45 = (xsaPatch {
|
||||
name = "202-4.6";
|
||||
sha256 = "0nnznkrvfbbc8z64dr9wvbdijd4qbpc0wz2j5vpmx6b32sm7932f";
|
||||
});
|
||||
|
||||
# 4.5
|
||||
XSA_204_45 = (xsaPatch {
|
||||
name = "204-4.5";
|
||||
sha256 = "083z9pbdz3f532fnzg7n2d5wzv6rmqc0f4mvc3mnmkd0rzqw8vcp";
|
||||
});
|
||||
|
||||
# 4.5
|
||||
XSA_206_45 = [
|
||||
(xsaPatch {
|
||||
name = "206-4.5/0001-xenstored-apply-a-write-transaction-rate-limit";
|
||||
sha256 = "07vsm8mlbxh2s01ny2xywnm1bqhhxas1az31fzwb6f1g14vkzwm4";
|
||||
})
|
||||
(xsaPatch {
|
||||
name = "206-4.5/0002-xenstored-Log-when-the-write-transaction-rate-limit-";
|
||||
sha256 = "17pnvxjmhny22abwwivacfig4vfsy5bqlki07z236whc2y7yzbsx";
|
||||
})
|
||||
(xsaPatch {
|
||||
name = "206-4.5/0003-oxenstored-refactor-putting-response-on-wire";
|
||||
sha256 = "0xf566yicnisliy82cydb2s9k27l3bxc43qgmv6yr2ir3ixxlw5s";
|
||||
})
|
||||
(xsaPatch {
|
||||
name = "206-4.5/0004-oxenstored-remove-some-unused-parameters";
|
||||
sha256 = "16cqx9i0w4w3x06qqdk9rbw4z96yhm0kbc32j40spfgxl82d1zlk";
|
||||
})
|
||||
(xsaPatch {
|
||||
name = "206-4.5/0005-oxenstored-refactor-request-processing";
|
||||
sha256 = "1g2hzlv7w03sqnifbzda85mwlz3bw37rk80l248180sv3k7k6bgv";
|
||||
})
|
||||
(xsaPatch {
|
||||
name = "206-4.5/0006-oxenstored-keep-track-of-each-transaction-s-operatio";
|
||||
sha256 = "0n65yfxvpfd4cz95dpbwqj3nablyzq5g7a0klvi2y9zybhch9cmg";
|
||||
})
|
||||
(xsaPatch {
|
||||
name = "206-4.5/0007-oxenstored-move-functions-that-process-simple-operat";
|
||||
sha256 = "0qllvbc9rnj7jhhlslxxs35gvphvih0ywz52jszj4irm23ka5vnz";
|
||||
})
|
||||
(xsaPatch {
|
||||
name = "206-4.5/0008-oxenstored-replay-transaction-upon-conflict";
|
||||
sha256 = "0lixkxjfzciy9l0f980cmkr8mcsx14c289kg0mn5w1cscg0hb46g";
|
||||
})
|
||||
(xsaPatch {
|
||||
name = "206-4.5/0009-oxenstored-log-request-and-response-during-transacti";
|
||||
sha256 = "09ph8ddcx0k7rndd6hx6kszxh3fhxnvdjsq13p97n996xrpl1x7b";
|
||||
})
|
||||
(xsaPatch {
|
||||
name = "206-4.5/0010-oxenstored-allow-compilation-prior-to-OCaml-3.12.0";
|
||||
sha256 = "1y0m7sqdz89z2vs4dfr45cyvxxas323rxar0xdvvvivgkgxawvxj";
|
||||
})
|
||||
(xsaPatch {
|
||||
name = "206-4.5/0011-oxenstored-comments-explaining-some-variables";
|
||||
sha256 = "1d3n0y9syya4kaavrvqn01d3wsn85gmw7qrbylkclznqgkwdsr2p";
|
||||
})
|
||||
(xsaPatch {
|
||||
name = "206-4.5/0012-oxenstored-handling-of-domain-conflict-credit";
|
||||
sha256 = "12zgid5y9vrhhpk2syxp0x01lzzr6447fa76n6rjmzi1xgdzpaf8";
|
||||
})
|
||||
(xsaPatch {
|
||||
name = "206-4.5/0013-oxenstored-ignore-domains-with-no-conflict-credit";
|
||||
sha256 = "0v3g9pm60w6qi360hdqjcw838s0qcyywz9qpl8gzmhrg7a35avxl";
|
||||
})
|
||||
(xsaPatch {
|
||||
name = "206-4.5/0014-oxenstored-add-transaction-info-relevant-to-history-";
|
||||
sha256 = "0vv3w0h5xh554i9v2vbc8gzm8wabjf2vzya3dyv5yzvly6ygv0sb";
|
||||
})
|
||||
(xsaPatch {
|
||||
name = "206-4.5/0015-oxenstored-support-commit-history-tracking";
|
||||
sha256 = "1iv2vy29g437vj73x9p33rdcr5ln2q0kx1b3pgxq202ghbc1x1zj";
|
||||
})
|
||||
(xsaPatch {
|
||||
name = "206-4.5/0016-oxenstored-only-record-operations-with-side-effects-";
|
||||
sha256 = "1cjkw5ganbg6lq78qsg0igjqvbgph3j349faxgk1p5d6nr492zzy";
|
||||
})
|
||||
(xsaPatch {
|
||||
name = "206-4.5/0017-oxenstored-discard-old-commit-history-on-txn-end";
|
||||
sha256 = "0lm15lq77403qqwpwcqvxlzgirp6ffh301any9g401hs98f9y4ps";
|
||||
})
|
||||
(xsaPatch {
|
||||
name = "206-4.5/0018-oxenstored-track-commit-history";
|
||||
sha256 = "1jh92p6vjhkm3bn5vz260npvsjji63g2imsxflxs4f3r69sz1nkd";
|
||||
})
|
||||
(xsaPatch {
|
||||
name = "206-4.5/0019-oxenstored-blame-the-connection-that-caused-a-transa";
|
||||
sha256 = "17k264pk0fvsamj85578msgpx97mw63nmj0j9v5hbj4bgfazvj4h";
|
||||
})
|
||||
(xsaPatch {
|
||||
name = "206-4.5/0020-oxenstored-allow-self-conflicts";
|
||||
sha256 = "15z3rd49q0pa72si0s8wjsy2zvbm613d0hjswp4ikc6nzsnsh4qy";
|
||||
})
|
||||
(xsaPatch {
|
||||
name = "206-4.5/0021-oxenstored-do-not-commit-read-only-transactions";
|
||||
sha256 = "04wpzazhv90lg3228z5i6vnh1z4lzd08z0d0fvc4br6pkd0w4va8";
|
||||
})
|
||||
(xsaPatch {
|
||||
name = "206-4.5/0022-oxenstored-don-t-wake-to-issue-no-conflict-credit";
|
||||
sha256 = "1shbrn0w68rlywcc633zcgykfccck1a77igmg8ydzwjsbwxsmsjy";
|
||||
})
|
||||
(xsaPatch {
|
||||
name = "206-4.5/0023-oxenstored-transaction-conflicts-improve-logging";
|
||||
sha256 = "1086y268yh8047k1vxnxs2nhp6izp7lfmq01f1gq5n7jiy1sxcq7";
|
||||
})
|
||||
(xsaPatch {
|
||||
name = "206-4.5/0024-oxenstored-trim-history-in-the-frequent_ops-function";
|
||||
sha256 = "014zs6i4gzrimn814k5i7gz66vbb0adkzr2qyai7i4fxc9h9r7w8";
|
||||
})
|
||||
];
|
||||
|
||||
# 4.5 - 4.8
|
||||
XSA_207 = (xsaPatch {
|
||||
name = "207";
|
||||
sha256 = "0wdlhijmw9mdj6a82pyw1rwwiz605dwzjc392zr3fpb2jklrvibc";
|
||||
});
|
||||
|
||||
# 4.5 - 4.8
|
||||
XSA_212 = (xsaPatch {
|
||||
name = "212";
|
||||
sha256 = "1ggjbbym5irq534a3zc86md9jg8imlpc9wx8xsadb9akgjrr1r8d";
|
||||
});
|
||||
|
||||
# 4.5
|
||||
XSA_213_45 = (xsaPatch {
|
||||
name = "213-4.5";
|
||||
sha256 = "1vnqf89ydacr5bq3d6z2r33xb2sn5vsd934rncyc28ybc9rvj6wm";
|
||||
});
|
||||
|
||||
# 4.5 - 4.8
|
||||
XSA_214 = (xsaPatch {
|
||||
name = "214";
|
||||
sha256 = "0qapzx63z0yl84phnpnglpkxp6b9sy1y7cilhwjhxyigpfnm2rrk";
|
||||
});
|
||||
|
||||
# 4.5
|
||||
XSA_215 = (xsaPatch {
|
||||
name = "215";
|
||||
sha256 = "0sv8ccc5xp09f1w1gj5a9n3mlsdsh96sdb1n560vh31f4kkd61xs";
|
||||
});
|
||||
|
||||
# 4.5
|
||||
XSA_217_45 = (xsaPatch {
|
||||
name = "217-4.5";
|
||||
sha256 = "067pgsfrb9py2dhm1pk9g8f6fs40vyfrcxhj8c12vzamb6svzmn4";
|
||||
});
|
||||
|
||||
# 4.5
|
||||
XSA_218_45 = [
|
||||
(xsaPatch {
|
||||
name = "218-4.5/0001-IOMMU-handle-IOMMU-mapping-and-unmapping-failures";
|
||||
sha256 = "00y6j3yjxw0igpldsavikmhlxw711k2jsj1qx0s05w2k608gadkq";
|
||||
})
|
||||
(xsaPatch {
|
||||
name = "218-4.5/0002-gnttab-fix-unmap-pin-accounting-race";
|
||||
sha256 = "0qbbfnnjlpdcd29mzmacfmi859k92c213l91q7w1rg2k6pzx928k";
|
||||
})
|
||||
(xsaPatch {
|
||||
name = "218-4.5/0003-gnttab-Avoid-potential-double-put-of-maptrack-entry";
|
||||
sha256 = "1cndzvyhf41mk4my6vh3bk9jvh2y4gpmqdhvl9zhxhmppszslqkc";
|
||||
})
|
||||
(xsaPatch {
|
||||
name = "218-4.5/0004-gnttab-correct-maptrack-table-accesses";
|
||||
sha256 = "02zpb0ffigijacqvyyjylwx3qpgibwslrka7mbxwnclf4s9c03a2";
|
||||
})
|
||||
];
|
||||
|
||||
# 4.5
|
||||
XSA_219_45 = (xsaPatch {
|
||||
name = "219-4.5";
|
||||
sha256 = "003msr5vhsc66scmdpgn0lp3p01g4zfw5vj86y5lw9ajkbaywdsm";
|
||||
});
|
||||
|
||||
# 4.5
|
||||
XSA_220_45 = (xsaPatch {
|
||||
name = "220-4.5";
|
||||
sha256 = "1dj9nn6lzxlipjb3nb7b9m4337fl6yn2bd7ap1lqrjn8h9zkk1pp";
|
||||
});
|
||||
|
||||
# 4.5 - 4.8
|
||||
XSA_221 = (xsaPatch {
|
||||
name = "221";
|
||||
sha256 = "1mcr1nqgxyjrkywdg7qhlfwgz7vj2if1dhic425vgd41p9cdgl26";
|
||||
});
|
||||
|
||||
# 4.5
|
||||
XSA_222_45 = [
|
||||
(xsaPatch {
|
||||
name = "222-1-4.6";
|
||||
sha256 = "1g4dqm5qx4wqlv1520jpfiscph95vllcp4gqp1rdfailk8xi0mcf";
|
||||
})
|
||||
(xsaPatch {
|
||||
name = "222-2-4.5";
|
||||
sha256 = "1hw8rhc7q4v309f4w11gxfsn5x1pirvxkg7s4kr711fnmvp9hkzd";
|
||||
})
|
||||
];
|
||||
|
||||
# 4.5 - 4.8
|
||||
XSA_223 = (xsaPatch {
|
||||
name = "223";
|
||||
sha256 = "0803gjgcbq9vaz2mq0v5finf1fq8iik1g4hqsjqhjxvspn8l70c5";
|
||||
});
|
||||
|
||||
# 4.5
|
||||
XSA_224_45 = [
|
||||
(xsaPatch {
|
||||
name = "224-4.5/0001-gnttab-Fix-handling-of-dev_bus_addr-during-unmap";
|
||||
sha256 = "1aislj66ss4cb3v2bh12mrqsyrf288d4h54rj94jjq7h1hnycw7h";
|
||||
})
|
||||
(xsaPatch {
|
||||
name = "224-4.5/0002-gnttab-never-create-host-mapping-unless-asked-to";
|
||||
sha256 = "1j6fgm1ccb07gg0mi5qmdr0vqwwc3n12z433g1jrija2gbk1x8aq";
|
||||
})
|
||||
(xsaPatch {
|
||||
name = "224-4.5/0003-gnttab-correct-logic-to-get-page-references-during-m";
|
||||
sha256 = "166kmicwx280fjqjvgigbmhabjksa0hhvqx5h4v6kjlcjpmxqy08";
|
||||
})
|
||||
(xsaPatch {
|
||||
name = "224-4.5/0004-gnttab-__gnttab_unmap_common_complete-is-all-or-noth";
|
||||
sha256 = "1skc0yj1zsn8xgyq1y57bdc0scvvlmd0ynrjwwf1zkias1wlilav";
|
||||
})
|
||||
];
|
||||
|
||||
# 4.5
|
||||
XSA_226_45 = [
|
||||
(xsaPatch {
|
||||
name = "226-4.5/0001-gnttab-dont-use-possibly-unbounded-tail-calls";
|
||||
sha256 = "1hx47ppv5q33cw4dwp82lgvv4fp28gx7rxijw0iaczsv8bvb8vcg";
|
||||
})
|
||||
(xsaPatch {
|
||||
name = "226-4.5/0002-gnttab-fix-transitive-grant-handling";
|
||||
sha256 = "1gzp8m2zfihwlk71c3lqyd0ajh9h11pvkhzhw0mawckxy0qksvlc";
|
||||
})
|
||||
];
|
||||
|
||||
# 4.5
|
||||
XSA_227_45 = (xsaPatch {
|
||||
name = "227-4.5";
|
||||
sha256 = "1qfjfisgqm4x98qw54x2qrvgjnvvzizx9p1pjhcnsps9q6g1y3x8";
|
||||
});
|
||||
|
||||
# 4.5 - 4.9
|
||||
XSA_230 = (xsaPatch {
|
||||
name = "230";
|
||||
sha256 = "10x0j7wmzkrwycs1ng89fgjzvzh8vsdd4c5nb68b3j1azdx4ld83";
|
||||
});
|
||||
|
||||
# 4.5
|
||||
XSA_231_45 = (xsaPatch {
|
||||
name = "231-4.5";
|
||||
sha256 = "06gwx2f1lg51dfk2b4zxp7wv9c4pxdi87pg2asvmxqc78ir7l5s6";
|
||||
});
|
||||
|
||||
# 4.5 - 4.9
|
||||
XSA_232 = (xsaPatch {
|
||||
name = "232";
|
||||
sha256 = "0n6irjpmraa3hbxxm64a1cplc6y6g07x7v2fmlpvn70ql3fs0220";
|
||||
});
|
||||
|
||||
# 4.5 - 4.9
|
||||
XSA_233 = (xsaPatch {
|
||||
name = "233";
|
||||
sha256 = "1w3m8349cqav56av63w6jzvlsv4jw5rimwvskr9pq2rcbk2dx8kf";
|
||||
});
|
||||
|
||||
# 4.5
|
||||
XSA_234_45 = (xsaPatch {
|
||||
name = "234-4.5";
|
||||
sha256 = "1ji6hbgybb4gbgz5l5fis9midnvjbddzam8d63377rkzdyb3yz9f";
|
||||
});
|
||||
|
||||
# 4.5
|
||||
XSA_235_45 = (xsaPatch {
|
||||
name = "235-4.5";
|
||||
sha256 = "0hhgnql2gji111020z4wiyzg23wqs6ymanb67rg11p4qad1fp3ff";
|
||||
});
|
||||
|
||||
# 4.5
|
||||
XSA_236_45 = (xsaPatch {
|
||||
name = "236-4.5";
|
||||
sha256 = "0hcla86x81wykssd2967gblp7fzx61290p4ls4v0hcyxdg2bs2yz";
|
||||
});
|
||||
|
||||
# 4.5
|
||||
XSA_237_45 = [
|
||||
(xsaPatch {
|
||||
name = "237-4.5/0001-x86-dont-allow-MSI-pIRQ-mapping-on-unowned-device";
|
||||
sha256 = "0hjxs20jhls4i0iph45a0qpw4znkm04gv74jmwhw84gy4hrhzq3b";
|
||||
})
|
||||
(xsaPatch {
|
||||
name = "237-4.5/0002-x86-enforce-proper-privilege-when-mapping-pIRQ-s";
|
||||
sha256 = "0ki8nmbc2g1l9wnqsph45a2k4c6dk5s7jvdlxg3zznyiyxjcv8yn";
|
||||
})
|
||||
(xsaPatch {
|
||||
name = "237-4.5/0003-x86-MSI-disallow-redundant-enabling";
|
||||
sha256 = "1hdz83qrjaqnihz8ji186dypxiblbfpgyb01j9m5alhk4whjqvp1";
|
||||
})
|
||||
(xsaPatch {
|
||||
name = "237-4.5/0004-x86-IRQ-conditionally-preserve-irq-pirq-mapping-on-error";
|
||||
sha256 = "0csdfn9kzn1k94pg3fcwsgqw14wcd4myi1jkcq5alj1fmkhw4wmk";
|
||||
})
|
||||
(xsaPatch {
|
||||
name = "237-4.5/0005-x86-FLASK-fix-unmap-domain-IRQ-XSM-hook";
|
||||
sha256 = "14b73rkvbkd1a2gh9kp0zrvv2d3kfwkiv24fg9agh4hrf2w3nx7y";
|
||||
})
|
||||
];
|
||||
|
||||
# 4.5
|
||||
XSA_238_45 = (xsaPatch {
|
||||
name = "238-4.5";
|
||||
sha256 = "1x2fg5vfv5jc084h5gjm6fq0nxjpzvi96px3sqzz4pvsvy4y4i1z";
|
||||
});
|
||||
|
||||
# 4.5
|
||||
XSA_239_45 = (xsaPatch {
|
||||
name = "239-4.5";
|
||||
sha256 = "06bi8q3973yajxsdj7pcqarvb56q2gisxdiy0cpbyffbmpkfv3h6";
|
||||
});
|
||||
|
||||
# 4.5
|
||||
XSA_240_45 = [
|
||||
(xsaPatch {
|
||||
name = "240-4.5/0001-x86-limit-linear-page-table-use-to-a-single-level";
|
||||
sha256 = "0pmf10mbnmb88y7mly8s2l0j88cg0ayhkcnmj1zbjrkjmpccv395";
|
||||
})
|
||||
(xsaPatch {
|
||||
name = "240-4.5/0002-x86-mm-Disable-PV-linear-pagetables-by-default";
|
||||
sha256 = "19f096ra3xndvzkjjasx73p2g25hfkm905px0p3yakwll0qzd029";
|
||||
})
|
||||
];
|
||||
|
||||
# 4.5 - 4.8
|
||||
XSA_241 = (xsaPatch {
|
||||
name = "241-4.8";
|
||||
sha256 = "16zb75kzs98f4mdxhbyczk5mbh9dvn6j3yhfafki34x1dfdnq4pj";
|
||||
});
|
||||
|
||||
# 4.5 - 4.9
|
||||
XSA_242 = (xsaPatch {
|
||||
name = "242-4.9";
|
||||
sha256 = "0yx3x0i2wybsm7lzdffxa2mm866bjl4ipbb9vipnw77dyg705zpr";
|
||||
});
|
||||
|
||||
# 4.5
|
||||
XSA_243_45 = [
|
||||
(xsaPatch {
|
||||
name = "243-4.6-1";
|
||||
sha256 = "1cqanpyysa7px0j645z4jw9yqsvv6cbh7yq1b86ap134axfifcan";
|
||||
})
|
||||
(xsaPatch {
|
||||
name = "243-4.5-2";
|
||||
sha256 = "0wbcgw4m0nzm2902jnda2020l7bd5adkq8j5myi1zmsfzbq03hwn";
|
||||
})
|
||||
];
|
||||
|
||||
# 4.5
|
||||
XSA_244_45 = (xsaPatch {
|
||||
name = "244-4.5";
|
||||
sha256 = "05ci3vdl1ywfjpzcvsy1k52whxjk8pxzj7dh3r94yqasr56i5v2l";
|
||||
});
|
||||
|
||||
# 4.5 - 4.9
|
||||
XSA_245 = [
|
||||
(xsaPatch {
|
||||
name = "245/0001-xen-page_alloc-Cover-memory-unreserved-after-boot-in";
|
||||
sha256 = "12brsgbn7xwakalsn10afykgqmx119mqg6vjj3v2b1pnmf4ss0w8";
|
||||
})
|
||||
(xsaPatch {
|
||||
name = "245/0002-xen-arm-Correctly-report-the-memory-region-in-the-du";
|
||||
sha256 = "1k6z5r7wnrswsczn2j3a1mc4nvxqm4ydj6n6rvgqizk2pszdkqg8";
|
||||
})
|
||||
];
|
||||
|
||||
# 4.5 - 4.7
|
||||
XSA_246_45 = [
|
||||
(xsaPatch {
|
||||
name = "246-4.7";
|
||||
sha256 = "13rad4k8z3bq15d67dhgy96kdbrjiq9sy8px0jskbpx9ygjdahkn";
|
||||
})
|
||||
];
|
||||
|
||||
# 4.5
|
||||
XSA_247_45 = [
|
||||
(xsaPatch {
|
||||
name = "247-4.5/0001-p2m-Always-check-to-see-if-removing-a-p2m-entry-actu";
|
||||
sha256 = "0h1mp5s9si8aw2gipds317f27h9pi7bgnhj0bcmw11p0ch98sg1m";
|
||||
})
|
||||
(xsaPatch {
|
||||
name = "247-4.5/0002-p2m-Check-return-value-of-p2m_set_entry-when-decreas";
|
||||
sha256 = "0vjjybxbcm4xl26wbqvcqfiyvvlayswm4f98i1fr5a9abmljn5sb";
|
||||
})
|
||||
];
|
||||
|
||||
# 4.5
|
||||
XSA_248_45 = [
|
||||
(xsaPatch {
|
||||
name = "248-4.5";
|
||||
sha256 = "0csxg6h492ddsa210b45av28iqf7cn2dfdqk4zx10zwf1pv2shyn";
|
||||
})
|
||||
];
|
||||
|
||||
# 4.5 .. 4.9
|
||||
XSA_249 = [
|
||||
(xsaPatch {
|
||||
name = "249";
|
||||
sha256 = "0v6ngzqhkz7yv4n83xlpxfbkr2qyg5b1cds7ikkinm86hiqy6agl";
|
||||
})
|
||||
];
|
||||
|
||||
# 4.5
|
||||
XSA_250_45 = [
|
||||
(xsaPatch {
|
||||
name = "250-4.5";
|
||||
sha256 = "0pqldl6qnl834gvfp90z247q9xcjh3835s2iffnajz7jhjb2145d";
|
||||
})
|
||||
];
|
||||
|
||||
# 4.5
|
||||
XSA_251_45 = [
|
||||
(xsaPatch {
|
||||
name = "251-4.5";
|
||||
sha256 = "0lc94cx271z09r0mhxaypyd9d4740051p28idf5calx5228dqjgm";
|
||||
})
|
||||
];
|
||||
|
||||
XSA_386 = (xsaPatch {
|
||||
name = "386";
|
||||
sha256 = "sha256-pAuLgt3sDeL73NSDqZCWxRGZk1tWaYlDbh7cUcJ4s+w=";
|
||||
});
|
||||
}
|
84
pkgs/by-name/ar/art/package.nix
Normal file
84
pkgs/by-name/ar/art/package.nix
Normal file
@ -0,0 +1,84 @@
|
||||
{ lib
|
||||
, stdenv
|
||||
, fetchFromBitbucket
|
||||
, cmake
|
||||
, pkg-config
|
||||
, wrapGAppsHook3
|
||||
, makeWrapper
|
||||
, pixman
|
||||
, libpthreadstubs
|
||||
, gtkmm3
|
||||
, libXau
|
||||
, libXdmcp
|
||||
, lcms2
|
||||
, libiptcdata
|
||||
, fftw
|
||||
, expat
|
||||
, pcre
|
||||
, libsigcxx
|
||||
, lensfun
|
||||
, librsvg
|
||||
, libcanberra-gtk3
|
||||
, exiv2
|
||||
, exiftool
|
||||
, mimalloc
|
||||
}:
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "art";
|
||||
version = "1.22.1";
|
||||
|
||||
src = fetchFromBitbucket {
|
||||
owner = "agriggio";
|
||||
repo = "art";
|
||||
rev = version;
|
||||
hash = "sha256-f6SnTvMelJaPGNeGboI34RvWXcJatEi1G6vfAdDFy8A=";
|
||||
};
|
||||
|
||||
nativeBuildInputs = [
|
||||
cmake
|
||||
pkg-config
|
||||
wrapGAppsHook3
|
||||
];
|
||||
|
||||
buildInputs = [
|
||||
pixman
|
||||
libpthreadstubs
|
||||
gtkmm3
|
||||
libXau
|
||||
libXdmcp
|
||||
lcms2
|
||||
libiptcdata
|
||||
fftw
|
||||
expat
|
||||
pcre
|
||||
libsigcxx
|
||||
lensfun
|
||||
librsvg
|
||||
exiv2
|
||||
exiftool
|
||||
libcanberra-gtk3
|
||||
mimalloc
|
||||
];
|
||||
|
||||
cmakeFlags = [
|
||||
"-DPROC_TARGET_NUMBER=2"
|
||||
"-DCACHE_NAME_SUFFIX=\"\""
|
||||
];
|
||||
|
||||
CMAKE_CXX_FLAGS = toString [
|
||||
"-std=c++11"
|
||||
"-Wno-deprecated-declarations"
|
||||
"-Wno-unused-result"
|
||||
];
|
||||
env.CXXFLAGS = "-include cstdint"; # needed at least with gcc13 on aarch64-linux
|
||||
|
||||
meta = {
|
||||
description = "A raw converter based on RawTherapee";
|
||||
homepage = "https://bitbucket.org/agriggio/art/";
|
||||
license = lib.licenses.gpl3Only;
|
||||
maintainers = with lib.maintainers; [ paperdigits ];
|
||||
mainProgram = "art";
|
||||
platforms = lib.platforms.linux;
|
||||
};
|
||||
}
|
@ -95,7 +95,7 @@ stdenv.mkDerivation (finalAttrs: {
|
||||
];
|
||||
|
||||
cmakeFlags = [
|
||||
"-DENABLE_TESTS=${lib.boolToString finalAttrs.doCheck}"
|
||||
"-DENABLE_TESTS=${lib.boolToString finalAttrs.finalPackage.doCheck}"
|
||||
"-DGSETTINGS_LOCALINSTALL=ON"
|
||||
"-DGSETTINGS_COMPILE=ON"
|
||||
];
|
||||
|
@ -30,10 +30,10 @@ stdenv.mkDerivation (finalAttrs: {
|
||||
jansson
|
||||
openssl
|
||||
cmocka
|
||||
] ++ lib.optionals finalAttrs.doCheck [ libpcap ];
|
||||
] ++ lib.optionals finalAttrs.finalPackage.doCheck [ libpcap ];
|
||||
|
||||
cmakeFlags = [
|
||||
"-DBNGBLASTER_TESTS=${if finalAttrs.doCheck then "ON" else "OFF"}"
|
||||
"-DBNGBLASTER_TESTS=${if finalAttrs.finalPackage.doCheck then "ON" else "OFF"}"
|
||||
"-DBNGBLASTER_VERSION=${finalAttrs.version}"
|
||||
];
|
||||
|
||||
|
@ -64,7 +64,7 @@ stdenv.mkDerivation (finalAttrs: {
|
||||
substituteInPlace CMakeLists.txt \
|
||||
--replace-fail " DIRECTORY ." " DIRECTORY . EXCLUDE_FROM_ALL"
|
||||
''
|
||||
+ lib.optionalString finalAttrs.doCheck ''
|
||||
+ lib.optionalString finalAttrs.finalPackage.doCheck ''
|
||||
# Required for tests.
|
||||
cp ${lib.getDev catch2}/include/catch2/catch.hpp test/
|
||||
'';
|
||||
|
@ -149,7 +149,7 @@ stdenv.mkDerivation (finalAttrs: {
|
||||
|
||||
checkInputs = [ kdePackages.qtdeclarative ];
|
||||
|
||||
postConfigure = lib.optionalString finalAttrs.doCheck ''
|
||||
postConfigure = lib.optionalString finalAttrs.finalPackage.doCheck ''
|
||||
ln -s ${testData} $cmakeDir/test-data
|
||||
'';
|
||||
|
||||
|
@ -69,7 +69,7 @@ stdenv.mkDerivation (finalAttrs: {
|
||||
mkdir -p $doc/share/doc
|
||||
cp -a doc $doc/share/doc/iwd
|
||||
cp -a README AUTHORS TODO $doc/share/doc/iwd
|
||||
'' + lib.optionalString finalAttrs.doCheck ''
|
||||
'' + lib.optionalString finalAttrs.finalPackage.doCheck ''
|
||||
mkdir -p $test/bin
|
||||
cp -a test/* $test/bin/
|
||||
'';
|
||||
|
@ -41,7 +41,7 @@ stdenv.mkDerivation (finalAttrs: {
|
||||
];
|
||||
|
||||
cmakeFlags = [
|
||||
(lib.cmakeBool "BUILD_TESTING" (finalAttrs.doCheck or false))
|
||||
(lib.cmakeBool "BUILD_TESTING" finalAttrs.finalPackage.doCheck)
|
||||
# we need INSTALL_FHS to be true as the various artifacts are otherwise just dumped in the root
|
||||
# of $out and the fixupPhase cleans things up anyway
|
||||
(lib.cmakeBool "INSTALL_FHS" true)
|
||||
|
169
pkgs/by-name/fo/forgejo/generic.nix
Normal file
169
pkgs/by-name/fo/forgejo/generic.nix
Normal file
@ -0,0 +1,169 @@
|
||||
{ lts ? false
|
||||
, version
|
||||
, hash
|
||||
, npmDepsHash
|
||||
, vendorHash
|
||||
}:
|
||||
|
||||
{ bash
|
||||
, brotli
|
||||
, buildGoModule
|
||||
, forgejo
|
||||
, git
|
||||
, gzip
|
||||
, lib
|
||||
, makeWrapper
|
||||
, nix-update-script
|
||||
, nixosTests
|
||||
, openssh
|
||||
, pam
|
||||
, pamSupport ? true
|
||||
, sqliteSupport ? true
|
||||
, xorg
|
||||
, runCommand
|
||||
, stdenv
|
||||
, fetchFromGitea
|
||||
, buildNpmPackage
|
||||
}:
|
||||
|
||||
let
|
||||
src = fetchFromGitea {
|
||||
domain = "codeberg.org";
|
||||
owner = "forgejo";
|
||||
repo = "forgejo";
|
||||
rev = "v${version}";
|
||||
inherit hash;
|
||||
};
|
||||
|
||||
frontend = buildNpmPackage {
|
||||
pname = "forgejo-frontend";
|
||||
inherit src version npmDepsHash;
|
||||
|
||||
patches = [
|
||||
./package-json-npm-build-frontend.patch
|
||||
];
|
||||
|
||||
# override npmInstallHook
|
||||
installPhase = ''
|
||||
mkdir $out
|
||||
cp -R ./public $out/
|
||||
'';
|
||||
};
|
||||
in
|
||||
buildGoModule rec {
|
||||
pname = "forgejo" + lib.optionalString lts "-lts";
|
||||
|
||||
inherit
|
||||
version
|
||||
src
|
||||
vendorHash
|
||||
;
|
||||
|
||||
subPackages = [ "." "contrib/environment-to-ini" ];
|
||||
|
||||
outputs = [ "out" "data" ];
|
||||
|
||||
nativeBuildInputs = [
|
||||
makeWrapper
|
||||
];
|
||||
|
||||
buildInputs = lib.optional pamSupport pam;
|
||||
|
||||
nativeCheckInputs = [
|
||||
git
|
||||
openssh
|
||||
];
|
||||
|
||||
patches = [
|
||||
./static-root-path.patch
|
||||
];
|
||||
|
||||
postPatch = ''
|
||||
substituteInPlace modules/setting/server.go --subst-var data
|
||||
'';
|
||||
|
||||
tags = lib.optional pamSupport "pam"
|
||||
++ lib.optionals sqliteSupport [ "sqlite" "sqlite_unlock_notify" ];
|
||||
|
||||
ldflags = [
|
||||
"-s"
|
||||
"-w"
|
||||
"-X main.Version=${version}"
|
||||
"-X 'main.Tags=${lib.concatStringsSep " " tags}'"
|
||||
];
|
||||
|
||||
preConfigure = ''
|
||||
export ldflags+=" -X main.ForgejoVersion=$(GITEA_VERSION=${version} make show-version-api)"
|
||||
'';
|
||||
|
||||
preCheck = ''
|
||||
# $HOME is required for ~/.ssh/authorized_keys and such
|
||||
export HOME="$TMPDIR/home"
|
||||
|
||||
# expose and use the GO_TEST_PACKAGES var from the Makefile
|
||||
# instead of manually copying over the entire list:
|
||||
# https://codeberg.org/forgejo/forgejo/src/tag/v7.0.4/Makefile#L124
|
||||
echo -e 'show-backend-tests:\n\t@echo ''${GO_TEST_PACKAGES}' >> Makefile
|
||||
getGoDirs() {
|
||||
make show-backend-tests
|
||||
}
|
||||
'';
|
||||
|
||||
checkFlags =
|
||||
let
|
||||
skippedTests = [
|
||||
"Test_SSHParsePublicKey/dsa-1024/SSHKeygen" # dsa-1024 is deprecated in openssh and requires opting-in at compile time
|
||||
"Test_calcFingerprint/dsa-1024/SSHKeygen" # dsa-1024 is deprecated in openssh and requires opting-in at compile time
|
||||
"TestPamAuth" # we don't have PAM set up in the build sandbox
|
||||
"TestPassword" # requires network: api.pwnedpasswords.com
|
||||
"TestCaptcha" # requires network: hcaptcha.com
|
||||
"TestDNSUpdate" # requires network: release.forgejo.org
|
||||
"TestMigrateWhiteBlocklist" # requires network: gitlab.com (DNS)
|
||||
];
|
||||
in
|
||||
[ "-skip=^${builtins.concatStringsSep "$|^" skippedTests}$" ];
|
||||
|
||||
postInstall = ''
|
||||
mkdir $data
|
||||
cp -R ./{templates,options} ${frontend}/public $data
|
||||
mkdir -p $out
|
||||
cp -R ./options/locale $out/locale
|
||||
wrapProgram $out/bin/gitea \
|
||||
--prefix PATH : ${lib.makeBinPath [ bash git gzip openssh ]}
|
||||
'';
|
||||
|
||||
# $data is not available in goModules.drv
|
||||
overrideModAttrs = (_: {
|
||||
postPatch = null;
|
||||
});
|
||||
|
||||
passthru = {
|
||||
# allow nix-update to handle npmDepsHash
|
||||
inherit (frontend) npmDeps;
|
||||
|
||||
data-compressed = runCommand "forgejo-data-compressed" {
|
||||
nativeBuildInputs = [ brotli xorg.lndir ];
|
||||
} ''
|
||||
mkdir $out
|
||||
lndir ${forgejo.data}/ $out/
|
||||
|
||||
# Create static gzip and brotli files
|
||||
find -L $out -type f -regextype posix-extended -iregex '.*\.(css|html|js|svg|ttf|txt)' \
|
||||
-exec gzip --best --keep --force {} ';' \
|
||||
-exec brotli --best --keep --no-copy-stat {} ';'
|
||||
'';
|
||||
|
||||
tests = if lts then nixosTests.forgejo-lts else nixosTests.forgejo;
|
||||
updateScript = nix-update-script { };
|
||||
};
|
||||
|
||||
meta = {
|
||||
description = "Self-hosted lightweight software forge";
|
||||
homepage = "https://forgejo.org";
|
||||
changelog = "https://codeberg.org/forgejo/forgejo/releases/tag/${src.rev}";
|
||||
license = lib.licenses.mit;
|
||||
maintainers = with lib.maintainers; [ emilylange urandom bendlas adamcstephens ];
|
||||
broken = stdenv.isDarwin;
|
||||
mainProgram = "gitea";
|
||||
};
|
||||
}
|
7
pkgs/by-name/fo/forgejo/lts.nix
Normal file
7
pkgs/by-name/fo/forgejo/lts.nix
Normal file
@ -0,0 +1,7 @@
|
||||
import ./generic.nix {
|
||||
version = "7.0.6";
|
||||
hash = "sha256-Y8H85HMKnzNSXnrLOxhzOBSfedivGvcQ3MOAp31Kvno=";
|
||||
npmDepsHash = "sha256-OqtYRjftwGxgW1JgMxyWd+9DndpEkd3LdQHSECc40yU=";
|
||||
vendorHash = "sha256-hfbNyCQMQzDzJxFc2MPAR4+v/qNcnORiQNbwbbIA4Nw=";
|
||||
lts = true;
|
||||
}
|
@ -1,14 +1,12 @@
|
||||
diff --git a/package.json b/package.json
|
||||
index b50c52cf43..d6aafb8775 100644
|
||||
index 0abf6fe8b9..9d6ae0fdff 100644
|
||||
--- a/package.json
|
||||
+++ b/package.json
|
||||
@@ -98,5 +98,8 @@
|
||||
},
|
||||
"browserslist": [
|
||||
"defaults"
|
||||
- ]
|
||||
+ ],
|
||||
@@ -1,4 +1,7 @@
|
||||
{
|
||||
+ "scripts": {
|
||||
+ "build": "node_modules/.bin/webpack"
|
||||
+ }
|
||||
}
|
||||
+ },
|
||||
"type": "module",
|
||||
"engines": {
|
||||
"node": ">= 18.0.0"
|
||||
|
@ -1,157 +1,7 @@
|
||||
{ bash
|
||||
, brotli
|
||||
, buildGoModule
|
||||
, forgejo
|
||||
, git
|
||||
, gzip
|
||||
, lib
|
||||
, makeWrapper
|
||||
, nix-update-script
|
||||
, nixosTests
|
||||
, openssh
|
||||
, pam
|
||||
, pamSupport ? true
|
||||
, sqliteSupport ? true
|
||||
, xorg
|
||||
, runCommand
|
||||
, stdenv
|
||||
, fetchFromGitea
|
||||
, buildNpmPackage
|
||||
}:
|
||||
|
||||
let
|
||||
frontend = buildNpmPackage {
|
||||
pname = "forgejo-frontend";
|
||||
inherit (forgejo) src version;
|
||||
|
||||
npmDepsHash = "sha256-Nu9aOjJpEAuCWWnJfZXy/GayiUDiyc3hOu6Bx7GxfxA=";
|
||||
|
||||
patches = [
|
||||
./package-json-npm-build-frontend.patch
|
||||
];
|
||||
|
||||
# override npmInstallHook
|
||||
installPhase = ''
|
||||
mkdir $out
|
||||
cp -R ./public $out/
|
||||
'';
|
||||
};
|
||||
in
|
||||
buildGoModule rec {
|
||||
pname = "forgejo";
|
||||
version = "7.0.5";
|
||||
|
||||
src = fetchFromGitea {
|
||||
domain = "codeberg.org";
|
||||
owner = "forgejo";
|
||||
repo = "forgejo";
|
||||
rev = "v${version}";
|
||||
hash = "sha256-Y/Ita5dr3COACffAIAjcqHHcdKiUWWEb/f/MPzMG200=";
|
||||
};
|
||||
|
||||
vendorHash = "sha256-hfbNyCQMQzDzJxFc2MPAR4+v/qNcnORiQNbwbbIA4Nw=";
|
||||
|
||||
subPackages = [ "." "contrib/environment-to-ini" ];
|
||||
|
||||
outputs = [ "out" "data" ];
|
||||
|
||||
nativeBuildInputs = [
|
||||
makeWrapper
|
||||
git # checkPhase
|
||||
openssh # checkPhase
|
||||
];
|
||||
buildInputs = lib.optional pamSupport pam;
|
||||
|
||||
patches = [
|
||||
./static-root-path.patch
|
||||
];
|
||||
|
||||
postPatch = ''
|
||||
substituteInPlace modules/setting/server.go --subst-var data
|
||||
'';
|
||||
|
||||
tags = lib.optional pamSupport "pam"
|
||||
++ lib.optionals sqliteSupport [ "sqlite" "sqlite_unlock_notify" ];
|
||||
|
||||
ldflags = [
|
||||
"-s"
|
||||
"-w"
|
||||
"-X main.Version=${version}"
|
||||
"-X 'main.Tags=${lib.concatStringsSep " " tags}'"
|
||||
];
|
||||
|
||||
preConfigure = ''
|
||||
export ldflags+=" -X main.ForgejoVersion=$(GITEA_VERSION=${version} make show-version-api)"
|
||||
'';
|
||||
|
||||
preCheck = ''
|
||||
# $HOME is required for ~/.ssh/authorized_keys and such
|
||||
export HOME="$TMPDIR/home"
|
||||
|
||||
# expose and use the GO_TEST_PACKAGES var from the Makefile
|
||||
# instead of manually copying over the entire list:
|
||||
# https://codeberg.org/forgejo/forgejo/src/tag/v7.0.4/Makefile#L124
|
||||
echo -e 'show-backend-tests:\n\t@echo ''${GO_TEST_PACKAGES}' >> Makefile
|
||||
getGoDirs() {
|
||||
make show-backend-tests
|
||||
}
|
||||
'';
|
||||
|
||||
checkFlags =
|
||||
let
|
||||
skippedTests = [
|
||||
"Test_SSHParsePublicKey/dsa-1024/SSHKeygen" # dsa-1024 is deprecated in openssh and requires opting-in at compile time
|
||||
"Test_calcFingerprint/dsa-1024/SSHKeygen" # dsa-1024 is deprecated in openssh and requires opting-in at compile time
|
||||
"TestPamAuth" # we don't have PAM set up in the build sandbox
|
||||
"TestPassword" # requires network: api.pwnedpasswords.com
|
||||
"TestCaptcha" # requires network: hcaptcha.com
|
||||
"TestDNSUpdate" # requires network: release.forgejo.org
|
||||
"TestMigrateWhiteBlocklist" # requires network: gitlab.com (DNS)
|
||||
];
|
||||
in
|
||||
[ "-skip=^${builtins.concatStringsSep "$|^" skippedTests}$" ];
|
||||
|
||||
postInstall = ''
|
||||
mkdir $data
|
||||
cp -R ./{templates,options} ${frontend}/public $data
|
||||
mkdir -p $out
|
||||
cp -R ./options/locale $out/locale
|
||||
wrapProgram $out/bin/gitea \
|
||||
--prefix PATH : ${lib.makeBinPath [ bash git gzip openssh ]}
|
||||
'';
|
||||
|
||||
# $data is not available in goModules.drv
|
||||
overrideModAttrs = (_: {
|
||||
postPatch = null;
|
||||
});
|
||||
|
||||
passthru = {
|
||||
# allow nix-update to handle npmDepsHash
|
||||
inherit (frontend) npmDeps;
|
||||
|
||||
data-compressed = runCommand "forgejo-data-compressed" {
|
||||
nativeBuildInputs = [ brotli xorg.lndir ];
|
||||
} ''
|
||||
mkdir $out
|
||||
lndir ${forgejo.data}/ $out/
|
||||
|
||||
# Create static gzip and brotli files
|
||||
find -L $out -type f -regextype posix-extended -iregex '.*\.(css|html|js|svg|ttf|txt)' \
|
||||
-exec gzip --best --keep --force {} ';' \
|
||||
-exec brotli --best --keep --no-copy-stat {} ';'
|
||||
'';
|
||||
|
||||
tests = nixosTests.forgejo;
|
||||
updateScript = nix-update-script { };
|
||||
};
|
||||
|
||||
meta = {
|
||||
description = "Self-hosted lightweight software forge";
|
||||
homepage = "https://forgejo.org";
|
||||
changelog = "https://codeberg.org/forgejo/forgejo/releases/tag/${src.rev}";
|
||||
license = lib.licenses.mit;
|
||||
maintainers = with lib.maintainers; [ emilylange urandom bendlas adamcstephens ];
|
||||
broken = stdenv.isDarwin;
|
||||
mainProgram = "gitea";
|
||||
};
|
||||
import ./generic.nix {
|
||||
version = "8.0.0";
|
||||
hash = "sha256-ol/2D+zMieERVDHOKlu+wm3WKkQNjbIw0sc0KLUTwzI=";
|
||||
npmDepsHash = "sha256-6AMaZadgcTvOBsIXJjZQB6Q1rkdn+R82pclXdVvtdWY=";
|
||||
vendorHash = "sha256-tNb0tCf+gjUmUqrjkzt7Wqqz21hW9WRh8CEdX8rv8Do=";
|
||||
lts = false;
|
||||
}
|
||||
|
@ -98,8 +98,8 @@ stdenv.mkDerivation (finalAttrs: {
|
||||
(pluginName: "-DPLUGIN_${lib.toUpper pluginName}=${lib.toUpper (lib.boolToString finalAttrs.passthru.enablePluginStatus.${pluginName})}")
|
||||
(lib.attrNames finalAttrs.passthru.enablePluginStatus)
|
||||
)
|
||||
++ [ "-DSKIP_TESTS=${lib.toUpper (lib.boolToString (!finalAttrs.doCheck))}" ]
|
||||
++ lib.optionals finalAttrs.doCheck [ "-DGTEST_INCLUDE_DIR=${gtest.dev}/include" ]
|
||||
++ [ "-DSKIP_TESTS=${lib.toUpper (lib.boolToString (!finalAttrs.finalPackage.doCheck))}" ]
|
||||
++ lib.optionals finalAttrs.finalPackage.doCheck [ "-DGTEST_INCLUDE_DIR=${gtest.dev}/include" ]
|
||||
++ lib.optionals finalAttrs.passthru.enablePluginStatus.http [ "-DCRYPTOPP_INCLUDE_DIRS=${cryptopp.dev}/include/cryptopp" ]
|
||||
++ lib.optionals finalAttrs.passthru.enablePluginStatus.xrootd [ "-DXROOTD_INCLUDE_DIR=${xrootd.dev}/include/xrootd" ]
|
||||
;
|
||||
|
@ -26,10 +26,10 @@ stdenv.mkDerivation (finalAttrs: {
|
||||
nativeBuildInputs = [ cmake ];
|
||||
|
||||
buildInputs = [ boost libcpr ]
|
||||
++ lib.optionals finalAttrs.doCheck [ catch2_3 trompeloeil ];
|
||||
++ lib.optionals finalAttrs.finalPackage.doCheck [ catch2_3 trompeloeil ];
|
||||
|
||||
cmakeFlags = [
|
||||
(lib.cmakeBool "INFLUXCXX_TESTING" finalAttrs.doCheck)
|
||||
(lib.cmakeBool "INFLUXCXX_TESTING" finalAttrs.finalPackage.doCheck)
|
||||
(lib.cmakeFeature "CMAKE_CTEST_ARGUMENTS" "-E;BoostSupportTest") # requires network access
|
||||
];
|
||||
|
||||
|
@ -24,7 +24,7 @@ stdenv.mkDerivation (finalAttrs: {
|
||||
];
|
||||
|
||||
cmakeFlags = [
|
||||
"-DLIBDICT_TESTS=${if finalAttrs.doCheck then "ON" else "OFF"}"
|
||||
"-DLIBDICT_TESTS=${if finalAttrs.finalPackage.doCheck then "ON" else "OFF"}"
|
||||
"-DLIBDICT_SHARED=${if stdenv.hostPlatform.isStatic then "OFF" else "ON"}"
|
||||
];
|
||||
|
||||
|
@ -41,7 +41,7 @@ stdenv.mkDerivation (finalAttrs:
|
||||
(nvim-lpeg-dylib ps)
|
||||
luabitop
|
||||
mpack
|
||||
] ++ lib.optionals finalAttrs.doCheck [
|
||||
] ++ lib.optionals finalAttrs.finalPackage.doCheck [
|
||||
luv
|
||||
coxpcall
|
||||
busted
|
||||
@ -105,7 +105,7 @@ in {
|
||||
tree-sitter
|
||||
unibilium
|
||||
] ++ lib.optionals stdenv.isDarwin [ libiconv CoreServices ]
|
||||
++ lib.optionals finalAttrs.doCheck [ glibcLocales procps ]
|
||||
++ lib.optionals finalAttrs.finalPackage.doCheck [ glibcLocales procps ]
|
||||
;
|
||||
|
||||
doCheck = false;
|
||||
|
@ -6,13 +6,13 @@
|
||||
|
||||
buildGoModule rec {
|
||||
pname = "packer";
|
||||
version = "1.11.1";
|
||||
version = "1.11.2";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "hashicorp";
|
||||
repo = "packer";
|
||||
rev = "v${version}";
|
||||
hash = "sha256-GjC8nc8gpYQ3v0IYJc6vz0809PD6kTWx/HE1UOhTYc0=";
|
||||
hash = "sha256-xi5CWL+KQd9nZSd0EscdH+lfw+WLtteSxtEos0lCNcA=";
|
||||
};
|
||||
|
||||
vendorHash = "sha256-Xmmc30W1ZfMc7YSQswyCjw1KyDA5qi8W+kZ1L7cM3cQ=";
|
||||
|
@ -28,7 +28,7 @@ stdenv.mkDerivation (finalAttrs: {
|
||||
];
|
||||
|
||||
cmakeFlags = [
|
||||
"-DPHMAP_BUILD_TESTS=${if finalAttrs.doCheck then "ON" else "OFF"}"
|
||||
"-DPHMAP_BUILD_TESTS=${if finalAttrs.finalPackage.doCheck then "ON" else "OFF"}"
|
||||
"-DPHMAP_BUILD_EXAMPLES=OFF"
|
||||
];
|
||||
|
||||
|
@ -1,6 +1,5 @@
|
||||
{ stdenv
|
||||
, fetchFromGitLab
|
||||
, fetchpatch
|
||||
, lib
|
||||
, darwin
|
||||
, nettle
|
||||
@ -15,24 +14,16 @@
|
||||
|
||||
rustPlatform.buildRustPackage rec {
|
||||
pname = "sequoia-sq";
|
||||
version = "0.34.0";
|
||||
version = "0.37.0";
|
||||
|
||||
src = fetchFromGitLab {
|
||||
owner = "sequoia-pgp";
|
||||
repo = "sequoia-sq";
|
||||
rev = "v${version}";
|
||||
hash = "sha256-voFektWZnkmIQzI7s5nKzVVWQtEhzk2GKtxX926RtxU=";
|
||||
hash = "sha256-D22ECJvbGbnyvusWXfU5F1aLF/ETuMyhAStT5HPWR2U=";
|
||||
};
|
||||
patches = [
|
||||
# Fixes test failing on Darwin, see:
|
||||
# https://gitlab.com/sequoia-pgp/sequoia-sq/-/issues/211
|
||||
(fetchpatch {
|
||||
url = "https://gitlab.com/sequoia-pgp/sequoia-sq/-/commit/21221a935e0d058ed269ae6c8f45c5fa7ea0d598.patch";
|
||||
hash = "sha256-ZjTl3EumeFwMJUl+qMpX+P2maYz4Ow/Tn9KwYbHDbes=";
|
||||
})
|
||||
];
|
||||
|
||||
cargoHash = "sha256-3ncBpRi0v6g6wwPkSASDwt0d8cOOAUv9BwZaYvnif1U=";
|
||||
cargoHash = "sha256-jFpqZKyRCMkMtOezsYJy3Fy1WXUPyn709wZxuwKlSYI=";
|
||||
|
||||
nativeBuildInputs = [
|
||||
pkg-config
|
||||
@ -47,13 +38,16 @@ rustPlatform.buildRustPackage rec {
|
||||
nettle
|
||||
] ++ lib.optionals stdenv.isDarwin (with darwin.apple_sdk.frameworks; [ Security SystemConfiguration ]);
|
||||
|
||||
# Sometimes, tests fail on CI (ofborg) & hydra without this
|
||||
checkFlags = [
|
||||
# doctest for sequoia-ipc fail for some reason
|
||||
"--skip=macros::assert_send_and_sync"
|
||||
"--skip=macros::time_it"
|
||||
# https://gitlab.com/sequoia-pgp/sequoia-sq/-/issues/297
|
||||
"--skip=sq_autocrypt_import"
|
||||
];
|
||||
|
||||
# Needed for tests to be able to create a ~/.local/share/sequoia directory
|
||||
preCheck = ''
|
||||
export HOME=$(mktemp -d)
|
||||
'';
|
||||
|
||||
env.ASSET_OUT_DIR = "/tmp/";
|
||||
|
||||
doCheck = true;
|
||||
@ -69,12 +63,12 @@ rustPlatform.buildRustPackage rec {
|
||||
|
||||
passthru.updateScript = nix-update-script { };
|
||||
|
||||
meta = with lib; {
|
||||
meta = {
|
||||
description = "Cool new OpenPGP implementation";
|
||||
homepage = "https://sequoia-pgp.org/";
|
||||
changelog = "https://gitlab.com/sequoia-pgp/sequoia-sq/-/blob/v${version}/NEWS";
|
||||
license = licenses.gpl2Plus;
|
||||
maintainers = with maintainers; [ minijackson doronbehar ];
|
||||
license = lib.licenses.gpl2Plus;
|
||||
maintainers = with lib.maintainers; [ minijackson doronbehar ];
|
||||
mainProgram = "sq";
|
||||
};
|
||||
}
|
||||
|
@ -13,16 +13,16 @@
|
||||
}:
|
||||
rustPlatform.buildRustPackage rec {
|
||||
pname = "sequoia-wot";
|
||||
version = "0.11.0";
|
||||
version = "0.12.0";
|
||||
|
||||
src = fetchFromGitLab {
|
||||
owner = "sequoia-pgp";
|
||||
repo = "sequoia-wot";
|
||||
rev = "v${version}";
|
||||
hash = "sha256-qSf2uESsMGUEvAiRefpwxHKyizbq5Sst3SpjKaMIWTQ=";
|
||||
hash = "sha256-Xbj1XLZQxyEYf/+R5e6EJMmL0C5ohfwZMZPVK5PwmUU=";
|
||||
};
|
||||
|
||||
cargoHash = "sha256-vGseKdHqyncScS57UF3SR3EVdUGKVMue8fnRftefSY0=";
|
||||
cargoHash = "sha256-BidSKnsIEEEU8UarbhqALcp44L0pes6O4m2mSEL1r4Q=";
|
||||
|
||||
nativeBuildInputs = [
|
||||
pkg-config
|
||||
@ -80,11 +80,11 @@ rustPlatform.buildRustPackage rec {
|
||||
target/*/release/build/sequoia-wot-*/out/sq-wot-path.1
|
||||
'';
|
||||
|
||||
meta = with lib; {
|
||||
meta = {
|
||||
description = "Rust CLI tool for authenticating bindings and exploring a web of trust";
|
||||
homepage = "https://gitlab.com/sequoia-pgp/sequoia-wot";
|
||||
license = licenses.gpl2Only;
|
||||
maintainers = with maintainers; [ Cryolitia ];
|
||||
license = lib.licenses.gpl2Only;
|
||||
maintainers = with lib.maintainers; [ doronbehar Cryolitia ];
|
||||
mainProgram = "sq-wot";
|
||||
};
|
||||
}
|
||||
|
@ -8,13 +8,13 @@
|
||||
|
||||
buildGoModule rec {
|
||||
pname = "wakatime-cli";
|
||||
version = "1.95.0";
|
||||
version = "1.98.3";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "wakatime";
|
||||
repo = "wakatime-cli";
|
||||
rev = "v${version}";
|
||||
hash = "sha256-dTT4+lvxB6WjDWdYznYBOs/cIa7mJudyN4P4TF67hRY=";
|
||||
hash = "sha256-AoefP/hWdflCOjZtmKyjcjUfst3SXF+EHfJyPcACWPE=";
|
||||
};
|
||||
|
||||
vendorHash = "sha256-+9zdEIaKQlLcBwFaY5Fe5mpHWQDqfV+j1TPmDkdRjyk=";
|
||||
|
@ -2,6 +2,7 @@
|
||||
, lib
|
||||
, fetchFromGitLab
|
||||
, fetchpatch
|
||||
, fetchpatch2
|
||||
, gitUpdater
|
||||
, testers
|
||||
, accountsservice
|
||||
@ -80,6 +81,12 @@ stdenv.mkDerivation (finalAttrs: {
|
||||
url = "https://gitlab.com/ubports/development/core/lomiri-system-settings/-/commit/67d9e28ebab8bdb9473d5bf8da2b7573e6848fa2.patch";
|
||||
hash = "sha256-pFWNne2UH3R5Fz9ayHvIpDXDQbXPs0k4b/oRg0fzi+s=";
|
||||
})
|
||||
|
||||
(fetchpatch2 {
|
||||
name = "0004-lomiri-system-settings-QOfono-namespace-change.patch";
|
||||
url = "https://gitlab.com/ubports/development/core/lomiri-system-settings/-/commit/c0b5b007d77993fabdd95be5ccbbba5151f0f165.patch";
|
||||
hash = "sha256-HB7qdlbY0AVG6X3hL3IHf0Z7rm1G0wfdqo5MXtY7bfE=";
|
||||
})
|
||||
] ++ [
|
||||
|
||||
./2000-Support-wrapping-for-Nixpkgs.patch
|
||||
@ -94,6 +101,13 @@ stdenv.mkDerivation (finalAttrs: {
|
||||
];
|
||||
|
||||
postPatch = ''
|
||||
# Part of 0004-lomiri-system-settings-QOfono-namespace-change.patch, fetchpatch2 cannot handle rename-only changes
|
||||
for unmovedThing in tests/mocks/MeeGo/QOfono/*; do
|
||||
mv "$unmovedThing" "tests/mocks/QOfono/$(basename "$unmovedThing")"
|
||||
done
|
||||
rmdir tests/mocks/MeeGo/QOfono
|
||||
rmdir tests/mocks/MeeGo
|
||||
|
||||
substituteInPlace CMakeLists.txt \
|
||||
--replace-fail "\''${CMAKE_INSTALL_LIBDIR}/qt5/qml" "\''${CMAKE_INSTALL_PREFIX}/${qtbase.qtQmlPrefix}" \
|
||||
|
||||
|
@ -33,6 +33,10 @@ stdenv.mkDerivation (finalAttrs: {
|
||||
substituteInPlace CMakeLists.txt \
|
||||
--replace-fail "pkg_get_variable($pcvarname LomiriSystemSettings $pcvar)" "set($pcvarname $(pkg-config LomiriSystemSettings --define-variable=prefix=$out --define-variable=libdir=$out/lib --variable=$pcvar))"
|
||||
done
|
||||
|
||||
# Compatibility with newer libqofono
|
||||
substituteInPlace plugins/security-privacy/{Ofono,PageComponent,SimPin}.qml \
|
||||
--replace-fail 'import MeeGo.QOfono' 'import QOfono'
|
||||
'';
|
||||
|
||||
strictDeps = true;
|
||||
|
@ -116,6 +116,14 @@ stdenv.mkDerivation (finalAttrs: {
|
||||
hash = "sha256-guq/Ykcq4WcuXxNKO1eA4sJFyGSpZo0gtyFTdeK/GeE=";
|
||||
})
|
||||
|
||||
# fetchpatch2 for renames
|
||||
# Remove when version > 0.2.1
|
||||
(fetchpatch2 {
|
||||
name = "1010-lomiri-QOfono-namespace.patch";
|
||||
url = "https://gitlab.com/ubports/development/core/lomiri/-/commit/d0397dadb5f05097f916c5b39e6d9b95d4ab9e4d.patch";
|
||||
hash = "sha256-wIkHlz2vYxF9eeH/sYYEdD9f8m4ylHEXXnX/DFG3HXg=";
|
||||
})
|
||||
|
||||
./9901-lomiri-Disable-Wizard.patch
|
||||
./9902-lomiri-Check-NIXOS_XKB_LAYOUTS.patch
|
||||
];
|
||||
@ -126,6 +134,13 @@ stdenv.mkDerivation (finalAttrs: {
|
||||
--replace-fail '@CMAKE_INSTALL_FULL_BINDIR@/lomiri-greeter-wrapper @CMAKE_INSTALL_FULL_BINDIR@/lomiri --mode=greeter' '@CMAKE_INSTALL_FULL_BINDIR@/lomiri --mode=greeter' \
|
||||
--replace-fail 'X-LightDM-Session-Type=mir' 'X-LightDM-Session-Type=wayland'
|
||||
|
||||
# Part of QOfono namespace patch, fetchpatch2 cannot handle rename-only changes
|
||||
for unmovedThing in tests/mocks/MeeGo/QOfono/*; do
|
||||
mv "$unmovedThing" "tests/mocks/QOfono/$(basename "$unmovedThing")"
|
||||
done
|
||||
rmdir tests/mocks/MeeGo/QOfono
|
||||
rmdir tests/mocks/MeeGo
|
||||
|
||||
# Need to replace prefix
|
||||
substituteInPlace data/systemd-user/CMakeLists.txt \
|
||||
--replace-fail 'pkg_get_variable(SYSTEMD_USERUNITDIR systemd systemduserunitdir)' 'pkg_get_variable(SYSTEMD_USERUNITDIR systemd systemduserunitdir DEFINE_VARIABLES prefix=''${CMAKE_INSTALL_PREFIX})'
|
||||
|
@ -63,7 +63,7 @@ stdenv.mkDerivation (finalAttrs: {
|
||||
substituteInPlace src/app/webbrowser/morph-browser.desktop.in.in \
|
||||
--replace 'Icon=@CMAKE_INSTALL_FULL_DATADIR@/morph-browser/morph-browser.svg' 'Icon=/run/current-system/sw/share/icons/hicolor/scalable/apps/morph-browser.svg' \
|
||||
--replace 'X-Lomiri-Splash-Image=@CMAKE_INSTALL_FULL_DATADIR@/morph-browser/morph-browser-splash.svg' 'X-Lomiri-Splash-Image=lomiri-app-launch/splash/morph-browser.svg'
|
||||
'' + lib.optionalString (!finalAttrs.doCheck) ''
|
||||
'' + lib.optionalString (!finalAttrs.finalPackage.doCheck) ''
|
||||
substituteInPlace CMakeLists.txt \
|
||||
--replace 'add_subdirectory(tests)' ""
|
||||
'';
|
||||
|
@ -49,7 +49,7 @@ stdenv.mkDerivation (finalAttrs: {
|
||||
|
||||
substituteInPlace src/core/trust/terminal_agent.h \
|
||||
--replace-fail '/bin/whiptail' '${lib.getExe' newt "whiptail"}'
|
||||
'' + lib.optionalString (!finalAttrs.doCheck) ''
|
||||
'' + lib.optionalString (!finalAttrs.finalPackage.doCheck) ''
|
||||
substituteInPlace CMakeLists.txt \
|
||||
--replace-fail 'add_subdirectory(tests)' ""
|
||||
'';
|
||||
|
@ -48,7 +48,7 @@ stdenv.mkDerivation (finalAttrs: {
|
||||
# For our automatic pkg-config output patcher to work, prefix must be used here
|
||||
substituteInPlace libu1db-qt.pc.in \
|
||||
--replace-fail 'libdir=''${exec_prefix}/lib' 'libdir=''${prefix}/lib'
|
||||
'' + lib.optionalString (!finalAttrs.doCheck) ''
|
||||
'' + lib.optionalString (!finalAttrs.finalPackage.doCheck) ''
|
||||
# Other locations add dependencies to custom check target from tests
|
||||
substituteInPlace CMakeLists.txt \
|
||||
--replace-fail 'add_subdirectory(tests)' 'add_custom_target(check COMMAND "echo check dummy")'
|
||||
|
@ -26,7 +26,7 @@ stdenv.mkDerivation (finalAttrs: {
|
||||
|
||||
substituteInPlace CMakeLists.txt \
|
||||
--replace "\''${CMAKE_INSTALL_LIBDIR}/qt5/qml" '${placeholder "out"}/${qtbase.qtQmlPrefix}'
|
||||
'' + lib.optionalString (!finalAttrs.doCheck) ''
|
||||
'' + lib.optionalString (!finalAttrs.finalPackage.doCheck) ''
|
||||
sed -i CMakeLists.txt \
|
||||
-e '/add_subdirectory(tests)/d'
|
||||
'';
|
||||
|
@ -48,7 +48,7 @@ stdenv.mkDerivation (finalAttrs: {
|
||||
substituteInPlace data/biometryd.pc.in \
|
||||
--replace-fail 'libdir=''${exec_prefix}' 'libdir=''${prefix}' \
|
||||
--replace-fail 'includedir=''${exec_prefix}' 'includedir=''${prefix}' \
|
||||
'' + lib.optionalString (!finalAttrs.doCheck) ''
|
||||
'' + lib.optionalString (!finalAttrs.finalPackage.doCheck) ''
|
||||
sed -i -e '/add_subdirectory(tests)/d' CMakeLists.txt
|
||||
'';
|
||||
|
||||
|
@ -96,7 +96,7 @@ stdenv.mkDerivation (finalAttrs: {
|
||||
cmakeFlags = [
|
||||
(lib.cmakeBool "GSETTINGS_LOCALINSTALL" true)
|
||||
(lib.cmakeBool "GSETTINGS_COMPILE" true)
|
||||
(lib.cmakeBool "ENABLE_TESTS" finalAttrs.doCheck)
|
||||
(lib.cmakeBool "ENABLE_TESTS" finalAttrs.finalPackage.doCheck)
|
||||
(lib.cmakeBool "ENABLE_UBUNTU_COMPAT" true) # just in case something needs it
|
||||
(lib.cmakeBool "BUILD_DOC" true) # lacks QML docs, needs qdoc: https://github.com/NixOS/nixpkgs/pull/245379
|
||||
];
|
||||
|
@ -124,7 +124,7 @@ stdenv.mkDerivation (finalAttrs: {
|
||||
doxygen
|
||||
gdk-pixbuf # setup hook
|
||||
pkg-config
|
||||
(python3.withPackages (ps: with ps; lib.optionals finalAttrs.doCheck [
|
||||
(python3.withPackages (ps: with ps; lib.optionals finalAttrs.finalPackage.doCheck [
|
||||
python-dbusmock
|
||||
tornado
|
||||
]))
|
||||
|
@ -86,7 +86,7 @@ stdenv.mkDerivation (finalAttrs: {
|
||||
];
|
||||
|
||||
cmakeFlags = [
|
||||
"-DENABLE_TESTS=${lib.boolToString finalAttrs.doCheck}"
|
||||
"-DENABLE_TESTS=${lib.boolToString finalAttrs.finalPackage.doCheck}"
|
||||
];
|
||||
|
||||
doCheck = stdenv.buildPlatform.canExecute stdenv.hostPlatform;
|
||||
|
@ -11,13 +11,13 @@
|
||||
|
||||
stdenvNoCC.mkDerivation rec {
|
||||
pname = "elementary-gtk-theme";
|
||||
version = "8.0.0";
|
||||
version = "8.1.0";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "elementary";
|
||||
repo = "stylesheet";
|
||||
rev = version;
|
||||
sha256 = "sha256-O0Zu/ZxVANfWKcCkOF7jeJa3oG1ut56px7jeFK7LdKA=";
|
||||
sha256 = "sha256-ZhqgvTbZN0lVAZ1nWy/Pvg7EdMYZIn8B5h1nmWo5E8E=";
|
||||
};
|
||||
|
||||
nativeBuildInputs = [
|
||||
|
@ -1,25 +0,0 @@
|
||||
{ fetchFromGitHub
|
||||
, gradle_7
|
||||
, jdk19
|
||||
, lib
|
||||
, stdenv
|
||||
, rsync
|
||||
, runCommand
|
||||
, testers
|
||||
}:
|
||||
|
||||
let
|
||||
corretto = import ./mk-corretto.nix rec {
|
||||
inherit lib stdenv rsync runCommand testers;
|
||||
jdk = jdk19;
|
||||
gradle = gradle_7;
|
||||
version = "19.0.2.7.1";
|
||||
src = fetchFromGitHub {
|
||||
owner = "corretto";
|
||||
repo = "corretto-19";
|
||||
rev = version;
|
||||
sha256 = "sha256-mEj/MIbdXU0+fF5RhqjPuSeyclstesGaXB0e48YlKuw=";
|
||||
};
|
||||
};
|
||||
in
|
||||
corretto
|
@ -24,6 +24,8 @@ ocamlPackages.buildDunePackage rec {
|
||||
fetchSubmodules = true;
|
||||
};
|
||||
|
||||
patches = [ ./make-compatible-with-linol-0_6.patch ];
|
||||
|
||||
# The build picks this up for ligo --version
|
||||
LIGO_VERSION = version;
|
||||
|
||||
|
@ -0,0 +1,13 @@
|
||||
diff --git a/src/bin/cli.ml b/src/bin/cli.ml
|
||||
index 36ee98cbec..960bfc85a0 100644
|
||||
--- a/src/bin/cli.ml
|
||||
+++ b/src/bin/cli.ml
|
||||
@@ -3537,7 +3537,7 @@ module Lsp_server = struct
|
||||
~session_id
|
||||
~skip_analytics
|
||||
in
|
||||
- let server = Linol_lwt.Jsonrpc2.create_stdio (s :> Linol_lwt.Jsonrpc2.server) in
|
||||
+ let server = Linol_lwt.Jsonrpc2.create_stdio ~env:() (s :> Linol_lwt.Jsonrpc2.server) in
|
||||
let shutdown () = Poly.(s#get_status = `ReceivedExit) in
|
||||
let task = Linol_lwt.Jsonrpc2.run ~shutdown server in
|
||||
let analytics_job =
|
@ -1,191 +0,0 @@
|
||||
{ stdenv, lib, fetchurl, fetchpatch, fetchFromGitHub, bash, pkg-config, autoconf, cpio
|
||||
, file, which, unzip, zip, perl, cups, freetype, harfbuzz, alsa-lib, libjpeg, giflib
|
||||
, libpng, zlib, lcms2, libX11, libICE, libXrender, libXext, libXt, libXtst
|
||||
, libXi, libXinerama, libXcursor, libXrandr, fontconfig, openjdk18-bootstrap
|
||||
, setJavaClassPath
|
||||
, headless ? false
|
||||
, enableJavaFX ? false, openjfx
|
||||
, enableGtk ? true, gtk3, glib
|
||||
}:
|
||||
|
||||
let
|
||||
version = {
|
||||
feature = "18";
|
||||
interim = ".0.2.1";
|
||||
build = "1";
|
||||
};
|
||||
|
||||
# when building a headless jdk, also bootstrap it with a headless jdk
|
||||
openjdk-bootstrap = openjdk18-bootstrap.override { gtkSupport = !headless; };
|
||||
|
||||
openjdk = stdenv.mkDerivation {
|
||||
pname = "openjdk" + lib.optionalString headless "-headless";
|
||||
version = "${version.feature}${version.interim}+${version.build}";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "openjdk";
|
||||
repo = "jdk${version.feature}u";
|
||||
rev = "jdk-${version.feature}${version.interim}+${version.build}";
|
||||
sha256 = "sha256-L6dsN0kqWcfemM8LBg62qtHQdymwRQoV1ndc8r+0qn8=";
|
||||
};
|
||||
|
||||
nativeBuildInputs = [ pkg-config autoconf unzip ];
|
||||
buildInputs = [
|
||||
cpio file which zip perl zlib cups freetype harfbuzz alsa-lib libjpeg giflib
|
||||
libpng zlib lcms2 libX11 libICE libXrender libXext libXtst libXt libXtst
|
||||
libXi libXinerama libXcursor libXrandr fontconfig openjdk-bootstrap
|
||||
] ++ lib.optionals (!headless && enableGtk) [
|
||||
gtk3 glib
|
||||
];
|
||||
|
||||
patches = [
|
||||
./fix-java-home-jdk10.patch
|
||||
./read-truststore-from-env-jdk10.patch
|
||||
./currency-date-range-jdk10.patch
|
||||
./increase-javadoc-heap-jdk13.patch
|
||||
./ignore-LegalNoticeFilePlugin-jdk18.patch
|
||||
|
||||
# -Wformat etc. are stricter in newer gccs, per
|
||||
# https://gcc.gnu.org/bugzilla/show_bug.cgi?id=79677
|
||||
# so grab the work-around from
|
||||
# https://src.fedoraproject.org/rpms/java-openjdk/pull-request/24
|
||||
(fetchurl {
|
||||
url = "https://src.fedoraproject.org/rpms/java-openjdk/raw/06c001c7d87f2e9fe4fedeef2d993bcd5d7afa2a/f/rh1673833-remove_removal_of_wformat_during_test_compilation.patch";
|
||||
sha256 = "082lmc30x64x583vqq00c8y0wqih3y4r0mp1c4bqq36l22qv6b6r";
|
||||
})
|
||||
|
||||
# Patch borrowed from Alpine to fix build errors with musl libc and recent gcc.
|
||||
# This is applied anywhere to prevent patchrot.
|
||||
(fetchpatch {
|
||||
url = "https://git.alpinelinux.org/aports/plain/testing/openjdk18/FixNullPtrCast.patch?id=b93d1fc37fcf106144958d957bb97c7db67bd41f";
|
||||
hash = "sha256-nvO8RcmKwMcPdzq28mZ4If1XJ6FQ76CYWqRIozPCk5U=";
|
||||
})
|
||||
] ++ lib.optionals (!headless && enableGtk) [
|
||||
./swing-use-gtk-jdk13.patch
|
||||
];
|
||||
|
||||
postPatch = ''
|
||||
chmod +x configure
|
||||
patchShebangs --build configure
|
||||
'';
|
||||
|
||||
# JDK's build system attempts to specifically detect
|
||||
# and special-case WSL, and we don't want it to do that,
|
||||
# so pass the correct platform names explicitly
|
||||
configurePlatforms = ["build" "host"];
|
||||
|
||||
configureFlags = [
|
||||
"--with-boot-jdk=${openjdk-bootstrap.home}"
|
||||
"--with-version-build=${version.build}"
|
||||
"--with-version-opt=nixos"
|
||||
"--with-version-pre="
|
||||
"--enable-unlimited-crypto"
|
||||
"--with-native-debug-symbols=internal"
|
||||
"--with-freetype=system"
|
||||
"--with-harfbuzz=system"
|
||||
"--with-libjpeg=system"
|
||||
"--with-giflib=system"
|
||||
"--with-libpng=system"
|
||||
"--with-zlib=system"
|
||||
"--with-lcms=system"
|
||||
"--with-stdc++lib=dynamic"
|
||||
] ++ lib.optional headless "--enable-headless-only"
|
||||
++ lib.optional (!headless && enableJavaFX) "--with-import-modules=${openjfx}";
|
||||
|
||||
separateDebugInfo = true;
|
||||
|
||||
env.NIX_CFLAGS_COMPILE = "-Wno-error";
|
||||
|
||||
NIX_LDFLAGS = toString (lib.optionals (!headless) [
|
||||
"-lfontconfig" "-lcups" "-lXinerama" "-lXrandr" "-lmagic"
|
||||
] ++ lib.optionals (!headless && enableGtk) [
|
||||
"-lgtk-3" "-lgio-2.0"
|
||||
]);
|
||||
|
||||
# -j flag is explicitly rejected by the build system:
|
||||
# Error: 'make -jN' is not supported, use 'make JOBS=N'
|
||||
# Note: it does not make build sequential. Build system
|
||||
# still runs in parallel.
|
||||
enableParallelBuilding = false;
|
||||
|
||||
buildFlags = [ "images" ];
|
||||
|
||||
postBuild = ''
|
||||
cd build/linux*
|
||||
make images
|
||||
cd -
|
||||
'';
|
||||
|
||||
installPhase = ''
|
||||
mkdir -p $out/lib
|
||||
|
||||
mv build/*/images/jdk $out/lib/openjdk
|
||||
|
||||
# Remove some broken manpages.
|
||||
rm -rf $out/lib/openjdk/man/ja*
|
||||
|
||||
# Mirror some stuff in top-level.
|
||||
mkdir -p $out/share
|
||||
ln -s $out/lib/openjdk/include $out/include
|
||||
ln -s $out/lib/openjdk/man $out/share/man
|
||||
|
||||
# IDEs use the provided src.zip to navigate the Java codebase (https://github.com/NixOS/nixpkgs/pull/95081)
|
||||
ln -s $out/lib/openjdk/lib/src.zip $out/lib/src.zip
|
||||
|
||||
# jni.h expects jni_md.h to be in the header search path.
|
||||
ln -s $out/include/linux/*_md.h $out/include/
|
||||
|
||||
# Remove crap from the installation.
|
||||
rm -rf $out/lib/openjdk/demo
|
||||
${lib.optionalString headless ''
|
||||
rm $out/lib/openjdk/lib/{libjsound,libfontmanager}.so
|
||||
''}
|
||||
|
||||
ln -s $out/lib/openjdk/bin $out/bin
|
||||
'';
|
||||
|
||||
preFixup = ''
|
||||
# Propagate the setJavaClassPath setup hook so that any package
|
||||
# that depends on the JDK has $CLASSPATH set up properly.
|
||||
mkdir -p $out/nix-support
|
||||
#TODO or printWords? cf https://github.com/NixOS/nixpkgs/pull/27427#issuecomment-317293040
|
||||
echo -n "${setJavaClassPath}" > $out/nix-support/propagated-build-inputs
|
||||
|
||||
# Set JAVA_HOME automatically.
|
||||
mkdir -p $out/nix-support
|
||||
cat <<EOF > $out/nix-support/setup-hook
|
||||
if [ -z "\''${JAVA_HOME-}" ]; then export JAVA_HOME=$out/lib/openjdk; fi
|
||||
EOF
|
||||
'';
|
||||
|
||||
postFixup = ''
|
||||
# Build the set of output library directories to rpath against
|
||||
LIBDIRS=""
|
||||
for output in $(getAllOutputNames); do
|
||||
if [ "$output" = debug ]; then continue; fi
|
||||
LIBDIRS="$(find $(eval echo \$$output) -name \*.so\* -exec dirname {} \+ | sort -u | tr '\n' ':'):$LIBDIRS"
|
||||
done
|
||||
# Add the local library paths to remove dependencies on the bootstrap
|
||||
for output in $(getAllOutputNames); do
|
||||
if [ "$output" = debug ]; then continue; fi
|
||||
OUTPUTDIR=$(eval echo \$$output)
|
||||
BINLIBS=$(find $OUTPUTDIR/bin/ -type f; find $OUTPUTDIR -name \*.so\*)
|
||||
echo "$BINLIBS" | while read i; do
|
||||
patchelf --set-rpath "$LIBDIRS:$(patchelf --print-rpath "$i")" "$i" || true
|
||||
patchelf --shrink-rpath "$i" || true
|
||||
done
|
||||
done
|
||||
'';
|
||||
|
||||
disallowedReferences = [ openjdk-bootstrap ];
|
||||
|
||||
pos = builtins.unsafeGetAttrPos "feature" version;
|
||||
meta = import ./meta.nix lib version.feature;
|
||||
|
||||
passthru = {
|
||||
architecture = "";
|
||||
home = "${openjdk}/lib/openjdk";
|
||||
inherit gtk3;
|
||||
};
|
||||
};
|
||||
in openjdk
|
@ -1,203 +0,0 @@
|
||||
{ stdenv, lib, fetchurl, fetchpatch, fetchFromGitHub, bash, pkg-config, autoconf, cpio
|
||||
, file, which, unzip, zip, perl, cups, freetype, alsa-lib, libjpeg, giflib
|
||||
, libpng, zlib, lcms2, libX11, libICE, libXrender, libXext, libXt, libXtst
|
||||
, libXi, libXinerama, libXcursor, libXrandr, fontconfig, openjdk19-bootstrap
|
||||
, ensureNewerSourcesForZipFilesHook
|
||||
, setJavaClassPath
|
||||
# TODO(@sternenseemann): gtk3 fails to evaluate in pkgsCross.ghcjs.buildPackages
|
||||
# which should be fixable, this is a no-rebuild workaround for GHC.
|
||||
, headless ? stdenv.targetPlatform.isGhcjs
|
||||
, enableJavaFX ? false, openjfx
|
||||
, enableGtk ? true, gtk3, glib
|
||||
}:
|
||||
|
||||
let
|
||||
version = {
|
||||
feature = "19";
|
||||
interim = "-ga";
|
||||
build = "";
|
||||
};
|
||||
|
||||
# when building a headless jdk, also bootstrap it with a headless jdk
|
||||
openjdk-bootstrap = openjdk19-bootstrap.override { gtkSupport = !headless; };
|
||||
|
||||
openjdk = stdenv.mkDerivation {
|
||||
pname = "openjdk" + lib.optionalString headless "-headless";
|
||||
version = "${version.feature}${version.interim}";
|
||||
# version = "${version.feature}${version.interim}+${version.build}";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "openjdk";
|
||||
repo = "jdk${version.feature}u";
|
||||
rev = "jdk-${version.feature}${version.interim}";
|
||||
# rev = "jdk-${version.feature}${version.interim}+${version.build}";
|
||||
hash = "sha256-XbYTku/nWF+maBvYz2rJYIUBEgOmqICKjk9wufHqyj0=";
|
||||
};
|
||||
|
||||
nativeBuildInputs = [ pkg-config autoconf unzip ensureNewerSourcesForZipFilesHook ];
|
||||
buildInputs = [
|
||||
cpio file which zip perl zlib cups freetype alsa-lib libjpeg giflib
|
||||
libpng zlib lcms2 libX11 libICE libXrender libXext libXtst libXt libXtst
|
||||
libXi libXinerama libXcursor libXrandr fontconfig openjdk-bootstrap
|
||||
] ++ lib.optionals (!headless && enableGtk) [
|
||||
gtk3 glib
|
||||
];
|
||||
|
||||
patches = [
|
||||
./fix-java-home-jdk10.patch
|
||||
./read-truststore-from-env-jdk10.patch
|
||||
./currency-date-range-jdk10.patch
|
||||
./increase-javadoc-heap-jdk13.patch
|
||||
./ignore-LegalNoticeFilePlugin-jdk18.patch
|
||||
|
||||
# -Wformat etc. are stricter in newer gccs, per
|
||||
# https://gcc.gnu.org/bugzilla/show_bug.cgi?id=79677
|
||||
# so grab the work-around from
|
||||
# https://src.fedoraproject.org/rpms/java-openjdk/pull-request/24
|
||||
(fetchurl {
|
||||
url = "https://src.fedoraproject.org/rpms/java-openjdk/raw/06c001c7d87f2e9fe4fedeef2d993bcd5d7afa2a/f/rh1673833-remove_removal_of_wformat_during_test_compilation.patch";
|
||||
sha256 = "082lmc30x64x583vqq00c8y0wqih3y4r0mp1c4bqq36l22qv6b6r";
|
||||
})
|
||||
|
||||
# Patch borrowed from Alpine to fix build errors with musl libc and recent gcc.
|
||||
# This is applied anywhere to prevent patchrot.
|
||||
(fetchpatch {
|
||||
url = "https://git.alpinelinux.org/aports/plain/testing/openjdk19/FixNullPtrCast.patch?id=93dc07f97ff716b647c5f57c6224901ea06da560";
|
||||
hash = "sha256-H4X3Yip5bCpXMH7MSu9BgXIOYRVUBMZPZW8EvZSWI5k=";
|
||||
})
|
||||
|
||||
# Fix build for gnumake-4.4.1:
|
||||
# https://github.com/openjdk/jdk/pull/12992
|
||||
(fetchpatch {
|
||||
name = "gnumake-4.4.1";
|
||||
url = "https://github.com/openjdk/jdk/commit/9341d135b855cc208d48e47d30cd90aafa354c36.patch";
|
||||
hash = "sha256-Qcm3ZmGCOYLZcskNjj7DYR85R4v07vYvvavrVOYL8vg=";
|
||||
})
|
||||
] ++ lib.optionals (!headless && enableGtk) [
|
||||
./swing-use-gtk-jdk13.patch
|
||||
];
|
||||
|
||||
postPatch = ''
|
||||
chmod +x configure
|
||||
patchShebangs --build configure
|
||||
'';
|
||||
|
||||
# JDK's build system attempts to specifically detect
|
||||
# and special-case WSL, and we don't want it to do that,
|
||||
# so pass the correct platform names explicitly
|
||||
configurePlatforms = ["build" "host"];
|
||||
|
||||
configureFlags = [
|
||||
"--with-boot-jdk=${openjdk-bootstrap.home}"
|
||||
"--with-version-build=${version.build}"
|
||||
"--with-version-opt=nixos"
|
||||
"--with-version-pre="
|
||||
"--enable-unlimited-crypto"
|
||||
"--with-native-debug-symbols=internal"
|
||||
"--with-libjpeg=system"
|
||||
"--with-giflib=system"
|
||||
"--with-libpng=system"
|
||||
"--with-zlib=system"
|
||||
"--with-lcms=system"
|
||||
"--with-stdc++lib=dynamic"
|
||||
]
|
||||
++ lib.optionals stdenv.cc.isClang [
|
||||
"--with-toolchain-type=clang"
|
||||
# Explicitly tell Clang to compile C++ files as C++, see
|
||||
# https://github.com/NixOS/nixpkgs/issues/150655#issuecomment-1935304859
|
||||
"--with-extra-cxxflags=-xc++"
|
||||
]
|
||||
++ lib.optional headless "--enable-headless-only"
|
||||
++ lib.optional (!headless && enableJavaFX) "--with-import-modules=${openjfx}";
|
||||
|
||||
separateDebugInfo = true;
|
||||
|
||||
env.NIX_CFLAGS_COMPILE = "-Wno-error";
|
||||
|
||||
NIX_LDFLAGS = toString (lib.optionals (!headless) [
|
||||
"-lfontconfig" "-lcups" "-lXinerama" "-lXrandr" "-lmagic"
|
||||
] ++ lib.optionals (!headless && enableGtk) [
|
||||
"-lgtk-3" "-lgio-2.0"
|
||||
]);
|
||||
|
||||
# -j flag is explicitly rejected by the build system:
|
||||
# Error: 'make -jN' is not supported, use 'make JOBS=N'
|
||||
# Note: it does not make build sequential. Build system
|
||||
# still runs in parallel.
|
||||
enableParallelBuilding = false;
|
||||
|
||||
buildFlags = [ "images" ];
|
||||
|
||||
installPhase = ''
|
||||
mkdir -p $out/lib
|
||||
|
||||
mv build/*/images/jdk $out/lib/openjdk
|
||||
|
||||
# Remove some broken manpages.
|
||||
rm -rf $out/lib/openjdk/man/ja*
|
||||
|
||||
# Mirror some stuff in top-level.
|
||||
mkdir -p $out/share
|
||||
ln -s $out/lib/openjdk/include $out/include
|
||||
ln -s $out/lib/openjdk/man $out/share/man
|
||||
|
||||
# IDEs use the provided src.zip to navigate the Java codebase (https://github.com/NixOS/nixpkgs/pull/95081)
|
||||
ln -s $out/lib/openjdk/lib/src.zip $out/lib/src.zip
|
||||
|
||||
# jni.h expects jni_md.h to be in the header search path.
|
||||
ln -s $out/include/linux/*_md.h $out/include/
|
||||
|
||||
# Remove crap from the installation.
|
||||
rm -rf $out/lib/openjdk/demo
|
||||
${lib.optionalString headless ''
|
||||
rm $out/lib/openjdk/lib/{libjsound,libfontmanager}.so
|
||||
''}
|
||||
|
||||
ln -s $out/lib/openjdk/bin $out/bin
|
||||
'';
|
||||
|
||||
preFixup = ''
|
||||
# Propagate the setJavaClassPath setup hook so that any package
|
||||
# that depends on the JDK has $CLASSPATH set up properly.
|
||||
mkdir -p $out/nix-support
|
||||
#TODO or printWords? cf https://github.com/NixOS/nixpkgs/pull/27427#issuecomment-317293040
|
||||
echo -n "${setJavaClassPath}" > $out/nix-support/propagated-build-inputs
|
||||
|
||||
# Set JAVA_HOME automatically.
|
||||
mkdir -p $out/nix-support
|
||||
cat <<EOF > $out/nix-support/setup-hook
|
||||
if [ -z "\''${JAVA_HOME-}" ]; then export JAVA_HOME=$out/lib/openjdk; fi
|
||||
EOF
|
||||
'';
|
||||
|
||||
postFixup = ''
|
||||
# Build the set of output library directories to rpath against
|
||||
LIBDIRS=""
|
||||
for output in $(getAllOutputNames); do
|
||||
if [ "$output" = debug ]; then continue; fi
|
||||
LIBDIRS="$(find $(eval echo \$$output) -name \*.so\* -exec dirname {} \+ | sort -u | tr '\n' ':'):$LIBDIRS"
|
||||
done
|
||||
# Add the local library paths to remove dependencies on the bootstrap
|
||||
for output in $(getAllOutputNames); do
|
||||
if [ "$output" = debug ]; then continue; fi
|
||||
OUTPUTDIR=$(eval echo \$$output)
|
||||
BINLIBS=$(find $OUTPUTDIR/bin/ -type f; find $OUTPUTDIR -name \*.so\*)
|
||||
echo "$BINLIBS" | while read i; do
|
||||
patchelf --set-rpath "$LIBDIRS:$(patchelf --print-rpath "$i")" "$i" || true
|
||||
patchelf --shrink-rpath "$i" || true
|
||||
done
|
||||
done
|
||||
'';
|
||||
|
||||
disallowedReferences = [ openjdk-bootstrap ];
|
||||
|
||||
pos = builtins.unsafeGetAttrPos "feature" version;
|
||||
meta = import ./meta.nix lib version.feature;
|
||||
|
||||
passthru = {
|
||||
architecture = "";
|
||||
home = "${openjdk}/lib/openjdk";
|
||||
inherit gtk3;
|
||||
};
|
||||
};
|
||||
in openjdk
|
@ -1,201 +0,0 @@
|
||||
{ stdenv, lib, fetchurl, fetchpatch, fetchFromGitHub, bash, pkg-config, autoconf, cpio
|
||||
, file, which, unzip, zip, perl, cups, freetype, alsa-lib, libjpeg, giflib
|
||||
, libpng, zlib, lcms2, libX11, libICE, libXrender, libXext, libXt, libXtst
|
||||
, libXi, libXinerama, libXcursor, libXrandr, fontconfig, openjdk20-bootstrap
|
||||
, ensureNewerSourcesForZipFilesHook
|
||||
, setJavaClassPath
|
||||
# TODO(@sternenseemann): gtk3 fails to evaluate in pkgsCross.ghcjs.buildPackages
|
||||
# which should be fixable, this is a no-rebuild workaround for GHC.
|
||||
, headless ? stdenv.targetPlatform.isGhcjs
|
||||
, enableJavaFX ? false, openjfx
|
||||
, enableGtk ? true, gtk3, glib
|
||||
}:
|
||||
|
||||
let
|
||||
version = {
|
||||
feature = "20";
|
||||
interim = ".0.2";
|
||||
build = "9";
|
||||
};
|
||||
|
||||
# when building a headless jdk, also bootstrap it with a headless jdk
|
||||
openjdk-bootstrap = openjdk20-bootstrap.override { gtkSupport = !headless; };
|
||||
|
||||
openjdk = stdenv.mkDerivation {
|
||||
pname = "openjdk" + lib.optionalString headless "-headless";
|
||||
version = "${version.feature}${version.interim}+${version.build}";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "openjdk";
|
||||
repo = "jdk${version.feature}u";
|
||||
rev = "jdk-${version.feature}${version.interim}+${version.build}";
|
||||
hash = "sha256-CZH2JwR+MrkTlLdcVYuFRB3McdrM0A+1YaSjNpjYwak=";
|
||||
};
|
||||
|
||||
nativeBuildInputs = [ pkg-config autoconf unzip ensureNewerSourcesForZipFilesHook ];
|
||||
buildInputs = [
|
||||
cpio file which zip perl zlib cups freetype alsa-lib libjpeg giflib
|
||||
libpng zlib lcms2 libX11 libICE libXrender libXext libXtst libXt libXtst
|
||||
libXi libXinerama libXcursor libXrandr fontconfig openjdk-bootstrap
|
||||
] ++ lib.optionals (!headless && enableGtk) [
|
||||
gtk3 glib
|
||||
];
|
||||
|
||||
patches = [
|
||||
./fix-java-home-jdk10.patch
|
||||
./read-truststore-from-env-jdk10.patch
|
||||
./currency-date-range-jdk10.patch
|
||||
./increase-javadoc-heap-jdk13.patch
|
||||
./ignore-LegalNoticeFilePlugin-jdk18.patch
|
||||
|
||||
# -Wformat etc. are stricter in newer gccs, per
|
||||
# https://gcc.gnu.org/bugzilla/show_bug.cgi?id=79677
|
||||
# so grab the work-around from
|
||||
# https://src.fedoraproject.org/rpms/java-openjdk/pull-request/24
|
||||
(fetchurl {
|
||||
url = "https://src.fedoraproject.org/rpms/java-openjdk/raw/06c001c7d87f2e9fe4fedeef2d993bcd5d7afa2a/f/rh1673833-remove_removal_of_wformat_during_test_compilation.patch";
|
||||
sha256 = "082lmc30x64x583vqq00c8y0wqih3y4r0mp1c4bqq36l22qv6b6r";
|
||||
})
|
||||
|
||||
# Patch borrowed from Alpine to fix build errors with musl libc and recent gcc.
|
||||
# This is applied anywhere to prevent patchrot.
|
||||
(fetchpatch {
|
||||
url = "https://git.alpinelinux.org/aports/plain/testing/openjdk19/FixNullPtrCast.patch?id=93dc07f97ff716b647c5f57c6224901ea06da560";
|
||||
hash = "sha256-H4X3Yip5bCpXMH7MSu9BgXIOYRVUBMZPZW8EvZSWI5k=";
|
||||
})
|
||||
|
||||
# Fix build for gnumake-4.4.1:
|
||||
# https://github.com/openjdk/jdk/pull/12992
|
||||
(fetchpatch {
|
||||
name = "gnumake-4.4.1";
|
||||
url = "https://github.com/openjdk/jdk/commit/9341d135b855cc208d48e47d30cd90aafa354c36.patch";
|
||||
hash = "sha256-Qcm3ZmGCOYLZcskNjj7DYR85R4v07vYvvavrVOYL8vg=";
|
||||
})
|
||||
] ++ lib.optionals (!headless && enableGtk) [
|
||||
./swing-use-gtk-jdk13.patch
|
||||
];
|
||||
|
||||
postPatch = ''
|
||||
chmod +x configure
|
||||
patchShebangs --build configure
|
||||
'';
|
||||
|
||||
# JDK's build system attempts to specifically detect
|
||||
# and special-case WSL, and we don't want it to do that,
|
||||
# so pass the correct platform names explicitly
|
||||
configurePlatforms = ["build" "host"];
|
||||
|
||||
configureFlags = [
|
||||
"--with-boot-jdk=${openjdk-bootstrap.home}"
|
||||
"--with-version-build=${version.build}"
|
||||
"--with-version-opt=nixos"
|
||||
"--with-version-pre="
|
||||
"--enable-unlimited-crypto"
|
||||
"--with-native-debug-symbols=internal"
|
||||
"--with-libjpeg=system"
|
||||
"--with-giflib=system"
|
||||
"--with-libpng=system"
|
||||
"--with-zlib=system"
|
||||
"--with-lcms=system"
|
||||
"--with-stdc++lib=dynamic"
|
||||
]
|
||||
++ lib.optionals stdenv.cc.isClang [
|
||||
"--with-toolchain-type=clang"
|
||||
# Explicitly tell Clang to compile C++ files as C++, see
|
||||
# https://github.com/NixOS/nixpkgs/issues/150655#issuecomment-1935304859
|
||||
"--with-extra-cxxflags=-xc++"
|
||||
]
|
||||
++ lib.optional headless "--enable-headless-only"
|
||||
++ lib.optional (!headless && enableJavaFX) "--with-import-modules=${openjfx}";
|
||||
|
||||
separateDebugInfo = true;
|
||||
|
||||
env.NIX_CFLAGS_COMPILE = "-Wno-error";
|
||||
|
||||
NIX_LDFLAGS = toString (lib.optionals (!headless) [
|
||||
"-lfontconfig" "-lcups" "-lXinerama" "-lXrandr" "-lmagic"
|
||||
] ++ lib.optionals (!headless && enableGtk) [
|
||||
"-lgtk-3" "-lgio-2.0"
|
||||
]);
|
||||
|
||||
# -j flag is explicitly rejected by the build system:
|
||||
# Error: 'make -jN' is not supported, use 'make JOBS=N'
|
||||
# Note: it does not make build sequential. Build system
|
||||
# still runs in parallel.
|
||||
enableParallelBuilding = false;
|
||||
|
||||
buildFlags = [ "images" ];
|
||||
|
||||
installPhase = ''
|
||||
mkdir -p $out/lib
|
||||
|
||||
mv build/*/images/jdk $out/lib/openjdk
|
||||
|
||||
# Remove some broken manpages.
|
||||
rm -rf $out/lib/openjdk/man/ja*
|
||||
|
||||
# Mirror some stuff in top-level.
|
||||
mkdir -p $out/share
|
||||
ln -s $out/lib/openjdk/include $out/include
|
||||
ln -s $out/lib/openjdk/man $out/share/man
|
||||
|
||||
# IDEs use the provided src.zip to navigate the Java codebase (https://github.com/NixOS/nixpkgs/pull/95081)
|
||||
ln -s $out/lib/openjdk/lib/src.zip $out/lib/src.zip
|
||||
|
||||
# jni.h expects jni_md.h to be in the header search path.
|
||||
ln -s $out/include/linux/*_md.h $out/include/
|
||||
|
||||
# Remove crap from the installation.
|
||||
rm -rf $out/lib/openjdk/demo
|
||||
${lib.optionalString headless ''
|
||||
rm $out/lib/openjdk/lib/{libjsound,libfontmanager}.so
|
||||
''}
|
||||
|
||||
ln -s $out/lib/openjdk/bin $out/bin
|
||||
'';
|
||||
|
||||
preFixup = ''
|
||||
# Propagate the setJavaClassPath setup hook so that any package
|
||||
# that depends on the JDK has $CLASSPATH set up properly.
|
||||
mkdir -p $out/nix-support
|
||||
#TODO or printWords? cf https://github.com/NixOS/nixpkgs/pull/27427#issuecomment-317293040
|
||||
echo -n "${setJavaClassPath}" > $out/nix-support/propagated-build-inputs
|
||||
|
||||
# Set JAVA_HOME automatically.
|
||||
mkdir -p $out/nix-support
|
||||
cat <<EOF > $out/nix-support/setup-hook
|
||||
if [ -z "\''${JAVA_HOME-}" ]; then export JAVA_HOME=$out/lib/openjdk; fi
|
||||
EOF
|
||||
'';
|
||||
|
||||
postFixup = ''
|
||||
# Build the set of output library directories to rpath against
|
||||
LIBDIRS=""
|
||||
for output in $(getAllOutputNames); do
|
||||
if [ "$output" = debug ]; then continue; fi
|
||||
LIBDIRS="$(find $(eval echo \$$output) -name \*.so\* -exec dirname {} \+ | sort -u | tr '\n' ':'):$LIBDIRS"
|
||||
done
|
||||
# Add the local library paths to remove dependencies on the bootstrap
|
||||
for output in $(getAllOutputNames); do
|
||||
if [ "$output" = debug ]; then continue; fi
|
||||
OUTPUTDIR=$(eval echo \$$output)
|
||||
BINLIBS=$(find $OUTPUTDIR/bin/ -type f; find $OUTPUTDIR -name \*.so\*)
|
||||
echo "$BINLIBS" | while read i; do
|
||||
patchelf --set-rpath "$LIBDIRS:$(patchelf --print-rpath "$i")" "$i" || true
|
||||
patchelf --shrink-rpath "$i" || true
|
||||
done
|
||||
done
|
||||
'';
|
||||
|
||||
disallowedReferences = [ openjdk-bootstrap ];
|
||||
|
||||
pos = builtins.unsafeGetAttrPos "feature" version;
|
||||
meta = import ./meta.nix lib version.feature;
|
||||
|
||||
passthru = {
|
||||
architecture = "";
|
||||
home = "${openjdk}/lib/openjdk";
|
||||
inherit gtk3;
|
||||
};
|
||||
};
|
||||
in openjdk
|
@ -1,5 +1,5 @@
|
||||
{ stdenv, lib, pkgs, fetchFromGitHub, writeText, gradle_7, pkg-config, perl, cmake
|
||||
, gperf, gtk2, gtk3, libXtst, libXxf86vm, glib, alsa-lib, ffmpeg_4-headless, python3, ruby
|
||||
, gperf, gtk2, gtk3, libXtst, libXxf86vm, glib, alsa-lib, ffmpeg_6-headless, python3, ruby
|
||||
, openjdk11-bootstrap
|
||||
, withMedia ? true
|
||||
, withWebKit ? false
|
||||
@ -25,7 +25,11 @@ in stdenv.mkDerivation {
|
||||
sha256 = "sha256-BbBP2DiPZTSn1SBYMCgyiNdF9GD+NqR6YjeVNOQHHn4=";
|
||||
};
|
||||
|
||||
buildInputs = [ gtk2 gtk3 libXtst libXxf86vm glib alsa-lib ffmpeg_4-headless ];
|
||||
patches = [
|
||||
../backport-ffmpeg-6-support-jfx11.patch
|
||||
];
|
||||
|
||||
buildInputs = [ gtk2 gtk3 libXtst libXxf86vm glib alsa-lib ffmpeg_6-headless ];
|
||||
nativeBuildInputs = [ gradle perl pkg-config cmake gperf python3 ruby ];
|
||||
|
||||
dontUseCmakeConfigure = true;
|
||||
|
@ -1,94 +0,0 @@
|
||||
{ stdenv, lib, pkgs, fetchFromGitHub, writeText, openjdk11_headless, gradle_6
|
||||
, pkg-config, perl, cmake, gperf, gtk2, gtk3, libXtst, libXxf86vm, glib, alsa-lib
|
||||
, ffmpeg_4-headless, python3, ruby
|
||||
, withMedia ? true
|
||||
, withWebKit ? false
|
||||
}:
|
||||
|
||||
let
|
||||
pname = "openjfx-modular-sdk";
|
||||
major = "15";
|
||||
update = ".0.1";
|
||||
build = "+1";
|
||||
repover = "${major}${update}${build}";
|
||||
jdk = openjdk11_headless;
|
||||
gradle = gradle_6;
|
||||
|
||||
in stdenv.mkDerivation {
|
||||
inherit pname;
|
||||
version = "${major}${update}${build}";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "openjdk";
|
||||
repo = "jfx";
|
||||
rev = repover;
|
||||
sha256 = "019glq8rhn6amy3n5jc17vi2wpf1pxpmmywvyz1ga8n09w7xscq1";
|
||||
};
|
||||
|
||||
buildInputs = [ gtk2 gtk3 libXtst libXxf86vm glib alsa-lib ffmpeg_4-headless ];
|
||||
nativeBuildInputs = [ gradle perl pkg-config cmake gperf python3 ruby ];
|
||||
|
||||
dontUseCmakeConfigure = true;
|
||||
|
||||
config = writeText "gradle.properties" ''
|
||||
CONF = Release
|
||||
JDK_HOME = ${jdk.home}
|
||||
COMPILE_MEDIA = ${lib.boolToString withMedia}
|
||||
COMPILE_WEBKIT = ${lib.boolToString withWebKit}
|
||||
'';
|
||||
|
||||
postPatch = ''
|
||||
ln -s $config gradle.properties
|
||||
'';
|
||||
|
||||
mitmCache = gradle.fetchDeps {
|
||||
attrPath = "openjfx${major}";
|
||||
pkg = pkgs."openjfx${major}".override { withWebKit = true; };
|
||||
data = ./deps.json;
|
||||
};
|
||||
|
||||
__darwinAllowLocalNetworking = true;
|
||||
|
||||
preBuild = ''
|
||||
export NUMBER_OF_PROCESSORS=$NIX_BUILD_CORES
|
||||
export NIX_CFLAGS_COMPILE="$(pkg-config --cflags glib-2.0) $NIX_CFLAGS_COMPILE"
|
||||
# avoids errors about deprecation of GTypeDebugFlags, GTimeVal, etc.
|
||||
export NIX_CFLAGS_COMPILE="-DGLIB_DISABLE_DEPRECATION_WARNINGS $NIX_CFLAGS_COMPILE"
|
||||
# gstreamer workaround for -fno-common toolchains:
|
||||
# ld: gsttypefindelement.o:(.bss._gst_disable_registry_cache+0x0): multiple definition of
|
||||
# `_gst_disable_registry_cache'; gst.o:(.bss._gst_disable_registry_cache+0x0): first defined here
|
||||
export NIX_CFLAGS_COMPILE="-fcommon $NIX_CFLAGS_COMPILE"
|
||||
'';
|
||||
|
||||
enableParallelBuilding = false;
|
||||
|
||||
gradleBuildTask = "sdk";
|
||||
|
||||
installPhase = ''
|
||||
cp -r build/modular-sdk $out
|
||||
'';
|
||||
|
||||
stripDebugList = [ "." ];
|
||||
|
||||
postFixup = ''
|
||||
# Remove references to bootstrap.
|
||||
export openjdkOutPath='${jdk.outPath}'
|
||||
find "$out" -name \*.so | while read lib; do
|
||||
new_refs="$(patchelf --print-rpath "$lib" | perl -pe 's,:?\Q$ENV{openjdkOutPath}\E[^:]*,,')"
|
||||
patchelf --set-rpath "$new_refs" "$lib"
|
||||
done
|
||||
'';
|
||||
|
||||
disallowedReferences = [ jdk gradle.jdk ];
|
||||
|
||||
meta = with lib; {
|
||||
homepage = "http://openjdk.java.net/projects/openjfx/";
|
||||
license = licenses.gpl2;
|
||||
description = "Next-generation Java client toolkit";
|
||||
maintainers = with maintainers; [ abbradar ];
|
||||
knownVulnerabilities = [
|
||||
"This OpenJFX version has reached its end of life."
|
||||
];
|
||||
platforms = [ "x86_64-linux" ];
|
||||
};
|
||||
}
|
@ -1,92 +0,0 @@
|
||||
{
|
||||
"!comment": "This is a nixpkgs Gradle dependency lockfile. For more details, refer to the Gradle section in the nixpkgs manual.",
|
||||
"!version": 1,
|
||||
"https://download.eclipse.org": {
|
||||
"eclipse/updates/4.6/R-4.6.3-201703010400/plugins/org.eclipse.swt.gtk.linux.x86_64_3.105.3.v20170228-0512": {
|
||||
"jar": "sha256-qWM1HV97griQxJlOFY2AVV2uOLAK87jXPzh1wh/zmLw="
|
||||
}
|
||||
},
|
||||
"https://repo.maven.apache.org/maven2": {
|
||||
"com/ibm/icu#icu4j/61.1": {
|
||||
"jar": "sha256-VcmOsYOLKku5oH3Da9N4Uy1k0M3LfO7pFCNoZqfeRGQ=",
|
||||
"pom": "sha256-E7h6QHnOsFUVsZrHoVIDlHB1YB1JQj9xk1ikmACYBWs="
|
||||
},
|
||||
"junit#junit/4.8.2": {
|
||||
"jar": "sha256-oqosO7K3LadsPmpxUx8e79w1BJSBm68rHYDXFG4CD54=",
|
||||
"pom": "sha256-3znTTR9YMLLYqSeQxmtXmDWLCz4BRS3IWzciqIGtkj4="
|
||||
},
|
||||
"net/java#jvnet-parent/3": {
|
||||
"pom": "sha256-MPV4nvo53b+WCVqto/wSYMRWH68vcUaGcXyy3FBJR1o="
|
||||
},
|
||||
"org/abego/treelayout#org.abego.treelayout.core/1.0.3": {
|
||||
"jar": "sha256-+l4xOVw5wufUasoPgfcgYJMWB7L6Qb02A46yy2+5MyY=",
|
||||
"pom": "sha256-o7KyI3lDcDVeeSQzrwEvyZNmfAMxviusrYTbwJrOSgw="
|
||||
},
|
||||
"org/antlr#ST4/4.1": {
|
||||
"jar": "sha256-ixzK7Z7cVc0lXZwZxNjaR1bZtvy0NWcSkrQ0cLFtddg=",
|
||||
"pom": "sha256-cz5r2XyjTMbfk6QkPlEeVnPLm4jHSxiETgQqRdUWmHw="
|
||||
},
|
||||
"org/antlr#antlr-master/3.5.2": {
|
||||
"pom": "sha256-QtkaUx6lEA6wm1QaoALDuQjo8oK9c7bi9S83HvEzG9Y="
|
||||
},
|
||||
"org/antlr#antlr-runtime/3.5.2": {
|
||||
"jar": "sha256-zj/I7LEPOemjzdy7LONQ0nLZzT0LHhjm/nPDuTichzQ=",
|
||||
"pom": "sha256-RqnCIAu4sSvXEkqnpQl/9JCZkIMpyFGgTLIFFCCqfyU="
|
||||
},
|
||||
"org/antlr#antlr4-master/4.7.2": {
|
||||
"pom": "sha256-upnLJdI5DzhoDHUChCoO4JWdHmQD4BPM/2mP1YVu6tE="
|
||||
},
|
||||
"org/antlr#antlr4-runtime/4.7.2": {
|
||||
"jar": "sha256-TFGLh9S9/4tEzYy8GvgW6US2Kj/luAt4FQHPH0dZu8Q=",
|
||||
"pom": "sha256-3AnLqYwl08BuSuxRaIXUw68DBiulX0/mKD/JzxdqYPs="
|
||||
},
|
||||
"org/antlr#antlr4/4.7.2": {
|
||||
"pom": "sha256-z56zaUD6xEiBA4wb4/LFjgbmjRq/v9SmjTS72LrFV3E="
|
||||
},
|
||||
"org/antlr#antlr4/4.7.2/complete": {
|
||||
"jar": "sha256-aFI4bXl17/KRcdrgAswiMlFRDTXyka4neUjzgaezgLQ="
|
||||
},
|
||||
"org/apache#apache/13": {
|
||||
"pom": "sha256-/1E9sDYf1BI3vvR4SWi8FarkeNTsCpSW+BEHLMrzhB0="
|
||||
},
|
||||
"org/apache/lucene#lucene-core/7.7.2": {
|
||||
"jar": "sha256-gUOKydZ4BQxUbSqEEsxyg6XSD9hcNxQhhEfHWBZZT10=",
|
||||
"pom": "sha256-MPuqRu1exVS+3nILqReeEqTnQVHh+IaSBJbYREuwVZE="
|
||||
},
|
||||
"org/apache/lucene#lucene-grouping/7.7.2": {
|
||||
"jar": "sha256-nKhrWw/YSbq50xpk7RvP8cdTGrHP1z/E/tJDBmX7rUo=",
|
||||
"pom": "sha256-UezgO9APIm2uObABf5OZPPfXbSju8LQl+MzborrBs3w="
|
||||
},
|
||||
"org/apache/lucene#lucene-parent/7.7.2": {
|
||||
"pom": "sha256-fXiTJSgZw4Sx0lvUA6Go85DYUF+VQOHigRcZymjP7zQ="
|
||||
},
|
||||
"org/apache/lucene#lucene-queries/7.7.2": {
|
||||
"jar": "sha256-n8XsO17OwtKV0/xM+Dc5LfuWntYegaMr0/3SH4DbfHk=",
|
||||
"pom": "sha256-D4rAB9QDQb6gD3/s7m1Ewu7ZXQTi66KEf2CBJJLOcoQ="
|
||||
},
|
||||
"org/apache/lucene#lucene-queryparser/7.7.2": {
|
||||
"jar": "sha256-v9lKUL8FAf0H5prk9J28FJzjaUoFZrsWTXxui+VeK9Q=",
|
||||
"pom": "sha256-DmVV70KT9yjEqJhOuuNUK+N7KThK/gcQjPy+R/AS3Us="
|
||||
},
|
||||
"org/apache/lucene#lucene-sandbox/7.7.2": {
|
||||
"jar": "sha256-dqY72JMAjr7tJJeePyUIXIkJ/0vEEv33iAJfntoKvhE=",
|
||||
"pom": "sha256-zwJCiBB2rdYRwEPZZPtrduPRnAQn7/r/Qhc6ZQ+Bk5s="
|
||||
},
|
||||
"org/apache/lucene#lucene-solr-grandparent/7.7.2": {
|
||||
"pom": "sha256-a0oZeEo3uKoSdf5mCEZKHZvSlLVv6WgRIgfkDEKETqc="
|
||||
},
|
||||
"org/glassfish#javax.json/1.0.4": {
|
||||
"jar": "sha256-Dh3sQKHt6WWUElHtqWiu7gUsxPUDeLwxbMSOgVm9vrQ=",
|
||||
"pom": "sha256-a6+Dg/+pi2bqls1b/B7H8teUY7uYrJgFKWSxIcIhLVQ="
|
||||
},
|
||||
"org/glassfish#json/1.0.4": {
|
||||
"pom": "sha256-bXxoQjEV+SFxjZRPhZkktMaFIX7AOkn3BFWossqpcuY="
|
||||
},
|
||||
"org/sonatype/oss#oss-parent/7": {
|
||||
"pom": "sha256-tR+IZ8kranIkmVV/w6H96ne9+e9XRyL+kM5DailVlFQ="
|
||||
},
|
||||
"org/sonatype/oss#oss-parent/9": {
|
||||
"pom": "sha256-+0AmX5glSCEv+C42LllzKyGH7G8NgBgohcFO8fmCgno="
|
||||
}
|
||||
}
|
||||
}
|
@ -1,6 +1,6 @@
|
||||
{ stdenv, lib, pkgs, fetchFromGitHub, writeText, openjdk17_headless, gradle_7
|
||||
, pkg-config, perl, cmake, gperf, gtk2, gtk3, libXtst, libXxf86vm, glib, alsa-lib
|
||||
, ffmpeg_4-headless, python3, ruby
|
||||
, ffmpeg_6-headless, python3, ruby
|
||||
, withMedia ? true
|
||||
, withWebKit ? false
|
||||
}:
|
||||
@ -25,7 +25,11 @@ in stdenv.mkDerivation {
|
||||
sha256 = "sha256-9VfXk2EfMebMyVKPohPRP2QXRFf8XemUtfY0JtBCHyw=";
|
||||
};
|
||||
|
||||
buildInputs = [ gtk2 gtk3 libXtst libXxf86vm glib alsa-lib ffmpeg_4-headless ];
|
||||
patches = [
|
||||
../backport-ffmpeg-6-support-jfx11.patch
|
||||
];
|
||||
|
||||
buildInputs = [ gtk2 gtk3 libXtst libXxf86vm glib alsa-lib ffmpeg_6-headless ];
|
||||
nativeBuildInputs = [ gradle perl pkg-config cmake gperf python3 ruby ];
|
||||
|
||||
dontUseCmakeConfigure = true;
|
||||
|
@ -1,106 +0,0 @@
|
||||
{ stdenv, lib, pkgs, fetchFromGitHub, fetchpatch, writeText
|
||||
, openjdk19_headless, gradle_7, pkg-config, perl, cmake, gperf, gtk2, gtk3, libXtst
|
||||
, libXxf86vm, glib, alsa-lib, ffmpeg_4, python3, ruby
|
||||
, withMedia ? true
|
||||
, withWebKit ? false
|
||||
}:
|
||||
|
||||
let
|
||||
pname = "openjfx-modular-sdk";
|
||||
major = "19";
|
||||
update = ".0.2.1";
|
||||
build = "+1";
|
||||
repover = "${major}${update}${build}";
|
||||
jdk = openjdk19_headless;
|
||||
gradle = gradle_7;
|
||||
|
||||
in stdenv.mkDerivation {
|
||||
inherit pname;
|
||||
version = "${major}${update}${build}";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "openjdk";
|
||||
repo = "jfx";
|
||||
rev = repover;
|
||||
hash = "sha256-A08GhCGpzWlUG1+f6mcjvkJmMNaOReacQKPEmNpUvLs=";
|
||||
};
|
||||
|
||||
patches = [
|
||||
# 8295962: Reference to State in Task.java is ambiguous when building with JDK 19
|
||||
(fetchpatch {
|
||||
url = "https://github.com/openjdk/jfx/pull/933/commits/cfaee2a52350eff39dd4352484c892716076d3de.patch";
|
||||
hash = "sha256-hzJMenhvtmHs/6BJj8GfaLp14myV8VCXCLLC8n32yEw=";
|
||||
})
|
||||
# ditto
|
||||
(fetchpatch {
|
||||
url = "https://github.com/openjdk/jfx/pull/933/commits/bd46ce12df0a93a56fe0d58d3653d08e58409b7f.patch";
|
||||
hash = "sha256-o9908uw9vYvULmAh/lbfyHhgxz6jpgPq2fcAltWsYoU=";
|
||||
})
|
||||
];
|
||||
|
||||
buildInputs = [ gtk2 gtk3 libXtst libXxf86vm glib alsa-lib ffmpeg_4 ];
|
||||
nativeBuildInputs = [ gradle perl pkg-config cmake gperf python3 ruby ];
|
||||
|
||||
dontUseCmakeConfigure = true;
|
||||
|
||||
config = writeText "gradle.properties" ''
|
||||
CONF = Release
|
||||
JDK_HOME = ${jdk.home}
|
||||
COMPILE_MEDIA = ${lib.boolToString withMedia}
|
||||
COMPILE_WEBKIT = ${lib.boolToString withWebKit}
|
||||
'';
|
||||
|
||||
postPatch = ''
|
||||
# Add missing includes for gcc-13 for webkit build:
|
||||
sed -e '1i #include <cstdio>' \
|
||||
-i modules/javafx.web/src/main/native/Source/bmalloc/bmalloc/Heap.cpp \
|
||||
modules/javafx.web/src/main/native/Source/bmalloc/bmalloc/IsoSharedPageInlines.h
|
||||
|
||||
ln -s $config gradle.properties
|
||||
'';
|
||||
|
||||
mitmCache = gradle.fetchDeps {
|
||||
attrPath = "openjfx${major}";
|
||||
pkg = pkgs."openjfx${major}".override { withWebKit = true; };
|
||||
data = ./deps.json;
|
||||
};
|
||||
|
||||
__darwinAllowLocalNetworking = true;
|
||||
|
||||
preBuild = ''
|
||||
export NUMBER_OF_PROCESSORS=$NIX_BUILD_CORES
|
||||
export NIX_CFLAGS_COMPILE="$(pkg-config --cflags glib-2.0) $NIX_CFLAGS_COMPILE"
|
||||
'';
|
||||
|
||||
enableParallelBuilding = false;
|
||||
|
||||
gradleBuildTask = "sdk";
|
||||
|
||||
installPhase = ''
|
||||
cp -r build/modular-sdk $out
|
||||
'';
|
||||
|
||||
stripDebugList = [ "." ];
|
||||
|
||||
postFixup = ''
|
||||
# Remove references to bootstrap.
|
||||
export openjdkOutPath='${jdk.outPath}'
|
||||
find "$out" -name \*.so | while read lib; do
|
||||
new_refs="$(patchelf --print-rpath "$lib" | perl -pe 's,:?\Q$ENV{openjdkOutPath}\E[^:]*,,')"
|
||||
patchelf --set-rpath "$new_refs" "$lib"
|
||||
done
|
||||
'';
|
||||
|
||||
disallowedReferences = [ jdk gradle.jdk ];
|
||||
|
||||
meta = with lib; {
|
||||
homepage = "https://openjdk.org/projects/openjfx/";
|
||||
license = licenses.gpl2Classpath;
|
||||
description = "Next-generation Java client toolkit";
|
||||
maintainers = with maintainers; [ abbradar ];
|
||||
platforms = platforms.unix;
|
||||
knownVulnerabilities = [
|
||||
"This OpenJFX version has reached its end of life."
|
||||
];
|
||||
};
|
||||
}
|
152
pkgs/development/compilers/openjdk/openjfx/19/deps.json
generated
152
pkgs/development/compilers/openjdk/openjfx/19/deps.json
generated
@ -1,152 +0,0 @@
|
||||
{
|
||||
"!comment": "This is a nixpkgs Gradle dependency lockfile. For more details, refer to the Gradle section in the nixpkgs manual.",
|
||||
"!version": 1,
|
||||
"https://download.eclipse.org": {
|
||||
"eclipse/updates/4.6/R-4.6.3-201703010400/plugins/org.eclipse.swt.gtk.linux.x86_64_3.105.3.v20170228-0512": {
|
||||
"jar": "sha256-qWM1HV97griQxJlOFY2AVV2uOLAK87jXPzh1wh/zmLw="
|
||||
}
|
||||
},
|
||||
"https://github.com": {
|
||||
"unicode-org/icu/releases/download/release-68-2/icu4c-68.2-data-bin-l": {
|
||||
"zip": "sha256-ieQCLBTNrskuf8j3IUQS3QLIAQzLom/O58muMP363Lw="
|
||||
}
|
||||
},
|
||||
"https://repo.maven.apache.org/maven2": {
|
||||
"com/ibm/icu#icu4j/61.1": {
|
||||
"jar": "sha256-VcmOsYOLKku5oH3Da9N4Uy1k0M3LfO7pFCNoZqfeRGQ=",
|
||||
"pom": "sha256-E7h6QHnOsFUVsZrHoVIDlHB1YB1JQj9xk1ikmACYBWs="
|
||||
},
|
||||
"junit#junit/4.13.2": {
|
||||
"jar": "sha256-jklbY0Rp1k+4rPo0laBly6zIoP/1XOHjEAe+TBbcV9M=",
|
||||
"pom": "sha256-Vptpd+5GA8llwcRsMFj6bpaSkbAWDraWTdCSzYnq3ZQ="
|
||||
},
|
||||
"net/java#jvnet-parent/3": {
|
||||
"pom": "sha256-MPV4nvo53b+WCVqto/wSYMRWH68vcUaGcXyy3FBJR1o="
|
||||
},
|
||||
"org/abego/treelayout#org.abego.treelayout.core/1.0.3": {
|
||||
"jar": "sha256-+l4xOVw5wufUasoPgfcgYJMWB7L6Qb02A46yy2+5MyY=",
|
||||
"pom": "sha256-o7KyI3lDcDVeeSQzrwEvyZNmfAMxviusrYTbwJrOSgw="
|
||||
},
|
||||
"org/antlr#ST4/4.1": {
|
||||
"jar": "sha256-ixzK7Z7cVc0lXZwZxNjaR1bZtvy0NWcSkrQ0cLFtddg=",
|
||||
"pom": "sha256-cz5r2XyjTMbfk6QkPlEeVnPLm4jHSxiETgQqRdUWmHw="
|
||||
},
|
||||
"org/antlr#antlr-master/3.5.2": {
|
||||
"pom": "sha256-QtkaUx6lEA6wm1QaoALDuQjo8oK9c7bi9S83HvEzG9Y="
|
||||
},
|
||||
"org/antlr#antlr-runtime/3.5.2": {
|
||||
"jar": "sha256-zj/I7LEPOemjzdy7LONQ0nLZzT0LHhjm/nPDuTichzQ=",
|
||||
"pom": "sha256-RqnCIAu4sSvXEkqnpQl/9JCZkIMpyFGgTLIFFCCqfyU="
|
||||
},
|
||||
"org/antlr#antlr4-master/4.7.2": {
|
||||
"pom": "sha256-upnLJdI5DzhoDHUChCoO4JWdHmQD4BPM/2mP1YVu6tE="
|
||||
},
|
||||
"org/antlr#antlr4-runtime/4.7.2": {
|
||||
"jar": "sha256-TFGLh9S9/4tEzYy8GvgW6US2Kj/luAt4FQHPH0dZu8Q=",
|
||||
"pom": "sha256-3AnLqYwl08BuSuxRaIXUw68DBiulX0/mKD/JzxdqYPs="
|
||||
},
|
||||
"org/antlr#antlr4/4.7.2": {
|
||||
"pom": "sha256-z56zaUD6xEiBA4wb4/LFjgbmjRq/v9SmjTS72LrFV3E="
|
||||
},
|
||||
"org/antlr#antlr4/4.7.2/complete": {
|
||||
"jar": "sha256-aFI4bXl17/KRcdrgAswiMlFRDTXyka4neUjzgaezgLQ="
|
||||
},
|
||||
"org/apache#apache/13": {
|
||||
"pom": "sha256-/1E9sDYf1BI3vvR4SWi8FarkeNTsCpSW+BEHLMrzhB0="
|
||||
},
|
||||
"org/apache/lucene#lucene-core/7.7.3": {
|
||||
"jar": "sha256-jrAzNcGjxqixiN9012G6qDVplTWCq0QLU0yIRJ6o4N4=",
|
||||
"pom": "sha256-gvilIoHGyLp5dKy6rESzLXbiYAgvP0u+FlwPbkuJFCo="
|
||||
},
|
||||
"org/apache/lucene#lucene-grouping/7.7.3": {
|
||||
"jar": "sha256-L1vNY7JXQ9MMMTmGIk0Qf3XFKThxSVQlNRDFfT9nvrg=",
|
||||
"pom": "sha256-HwStk+IETUCP2SXu4K6ktKHvjAdXe0Jme7U2BgKCImU="
|
||||
},
|
||||
"org/apache/lucene#lucene-parent/7.7.3": {
|
||||
"pom": "sha256-6PrdU9XwBMQN3SNdQ4ZI5yxyVZn+4VQ+ViTV+1AQcwU="
|
||||
},
|
||||
"org/apache/lucene#lucene-queries/7.7.3": {
|
||||
"jar": "sha256-PLWS2wpulWnGrMvbiKmtex2nQo28p5Ia0cWlhl1bQiY=",
|
||||
"pom": "sha256-rkBsiiuw12SllERCefRiihl2vQlB551CzmTgmHxYnFA="
|
||||
},
|
||||
"org/apache/lucene#lucene-queryparser/7.7.3": {
|
||||
"jar": "sha256-F3XJ/o7dlobTt6ZHd4+kTqqW8cwMSZMVCHEz4amDnoQ=",
|
||||
"pom": "sha256-z2klkhWscjC5+tYKXInKDp9bm6rM7dFGlY/76Q9OsNI="
|
||||
},
|
||||
"org/apache/lucene#lucene-sandbox/7.7.3": {
|
||||
"jar": "sha256-VfG38J2uKwytMhw00Vw8/FmgIRviM/Yp0EbEK/FwErc=",
|
||||
"pom": "sha256-1vbdxsz1xvymRH1HD1BJ4WN6xje/HbWuDV8WaP34EiI="
|
||||
},
|
||||
"org/apache/lucene#lucene-solr-grandparent/7.7.3": {
|
||||
"pom": "sha256-Oig3WAynavNq99/i3B0zT8b/XybRDySJnbd3CtfP2f4="
|
||||
},
|
||||
"org/apiguardian#apiguardian-api/1.1.2": {
|
||||
"jar": "sha256-tQlEisUG1gcxnxglN/CzXXEAdYLsdBgyofER5bW3Czg=",
|
||||
"module": "sha256-4IAoExN1s1fR0oc06aT7QhbahLJAZByz7358fWKCI/w=",
|
||||
"pom": "sha256-MjVQgdEJCVw9XTdNWkO09MG3XVSemD71ByPidy5TAqA="
|
||||
},
|
||||
"org/glassfish#javax.json/1.0.4": {
|
||||
"jar": "sha256-Dh3sQKHt6WWUElHtqWiu7gUsxPUDeLwxbMSOgVm9vrQ=",
|
||||
"pom": "sha256-a6+Dg/+pi2bqls1b/B7H8teUY7uYrJgFKWSxIcIhLVQ="
|
||||
},
|
||||
"org/glassfish#json/1.0.4": {
|
||||
"pom": "sha256-bXxoQjEV+SFxjZRPhZkktMaFIX7AOkn3BFWossqpcuY="
|
||||
},
|
||||
"org/hamcrest#hamcrest-core/1.3": {
|
||||
"jar": "sha256-Zv3vkelzk0jfeglqo4SlaF9Oh1WEzOiThqekclHE2Ok=",
|
||||
"pom": "sha256-/eOGp5BRc6GxA95quCBydYS1DQ4yKC4nl3h8IKZP+pM="
|
||||
},
|
||||
"org/hamcrest#hamcrest-parent/1.3": {
|
||||
"pom": "sha256-bVNflO+2Y722gsnyelAzU5RogAlkK6epZ3UEvBvkEps="
|
||||
},
|
||||
"org/junit#junit-bom/5.8.1": {
|
||||
"module": "sha256-a4LLpSoTSxPBmC8M+WIsbUhTcdQLmJJG8xJOOwpbGFQ=",
|
||||
"pom": "sha256-733Ef45KFoZPR3lyjofteFOYGeT7iSdoqdprjvkD+GM="
|
||||
},
|
||||
"org/junit/jupiter#junit-jupiter-api/5.8.1": {
|
||||
"jar": "sha256-zjN0p++6YF4tK2mj/vkBNAMrqz7MPthXmkhxscLEcpw=",
|
||||
"module": "sha256-DWnbwja33Kq0ynNpqlYOmwqbvvf5WIgv+0hTPLunwJ0=",
|
||||
"pom": "sha256-d61+1KYwutH8h0agpuZ1wj+2lAsnq2LMyzTk/Pz+Ob8="
|
||||
},
|
||||
"org/junit/jupiter#junit-jupiter-engine/5.8.1": {
|
||||
"jar": "sha256-Rom8kCJVoZ/pgndoO6MjHAlNEHxUyNNfK2+cl9ImQY4=",
|
||||
"module": "sha256-aHkP7DP5ew7IQM9HrEDuDHLgVvEiyg88ZkZ0M0mTdpk=",
|
||||
"pom": "sha256-qjIKMYpyceMyYsSA/POZZbmobap2Zm63dTQrgOnN1F4="
|
||||
},
|
||||
"org/junit/jupiter#junit-jupiter-params/5.8.1": {
|
||||
"jar": "sha256-OJuNE6jYhy/L1PDrp7LEavxihBn5obKjqfkyQaBqchg=",
|
||||
"module": "sha256-Ek1gPG2AMzZtjKRxY2tEbji5zBvQEPMpVCNYGHr6hl4=",
|
||||
"pom": "sha256-OrrKWfvfJTMg9yRCwQPjnOQDjcEf6MSJ28ScwjoHHws="
|
||||
},
|
||||
"org/junit/jupiter#junit-jupiter/5.8.1": {
|
||||
"jar": "sha256-jxBJ7iSzShC2DNgQBICZ94HCZYzeIYHoMUlqswqYKYU=",
|
||||
"module": "sha256-LjS6TIWMOM0KNlr//syTKnGWzpOF4utUBZQuWBwV/1w=",
|
||||
"pom": "sha256-rssFDSMtOT9Az/EfjMMPUrZslQpB+IOSXIEULt7l9PU="
|
||||
},
|
||||
"org/junit/platform#junit-platform-commons/1.8.1": {
|
||||
"jar": "sha256-+k+mjIvVTdDLScP8vpsuQvTaa+2+fnzPKgXxoeYJtZM=",
|
||||
"module": "sha256-aY/QVBrLfv/GZZhI/Qx91QEKSfFfDBy6Q+U1gH+Q9ms=",
|
||||
"pom": "sha256-4ZcoLlLnANEriJie3FSJh0aTUC5KqJB6zwgpgBq6bUQ="
|
||||
},
|
||||
"org/junit/platform#junit-platform-engine/1.8.1": {
|
||||
"jar": "sha256-cCho7X6GubRnLt4PHhhekFusqa+rV3RqfGUL48e8oEc=",
|
||||
"module": "sha256-2fQgpkU5o+32D4DfDG/XIrdQcldEx5ykD30lrlbKS6Q=",
|
||||
"pom": "sha256-hqrU5ld1TkOgDfIm3VTIrsHsarZTP1ASGQfkZi3i5fI="
|
||||
},
|
||||
"org/junit/vintage#junit-vintage-engine/5.8.1": {
|
||||
"jar": "sha256-F2tTzRvb+SM+lsiwx6nluGQoL7veukO1zq/e2ymkkVY=",
|
||||
"module": "sha256-nOn6Lk7mp0DWEBAlMEYqcc4PqdLxQYUi5LK9tgcvZ5o=",
|
||||
"pom": "sha256-Ndc3M08dvouMVnZ/oVCKwbVEsB1P5cmXl76QA+5YGxI="
|
||||
},
|
||||
"org/opentest4j#opentest4j/1.2.0": {
|
||||
"jar": "sha256-WIEt5giY2Xb7ge87YtoFxmBMGP1KJJ9QRCgkefwoavI=",
|
||||
"pom": "sha256-qW5nGBbB/4gDvex0ySQfAlvfsnfaXStO4CJmQFk2+ZQ="
|
||||
},
|
||||
"org/sonatype/oss#oss-parent/7": {
|
||||
"pom": "sha256-tR+IZ8kranIkmVV/w6H96ne9+e9XRyL+kM5DailVlFQ="
|
||||
},
|
||||
"org/sonatype/oss#oss-parent/9": {
|
||||
"pom": "sha256-+0AmX5glSCEv+C42LllzKyGH7G8NgBgohcFO8fmCgno="
|
||||
}
|
||||
}
|
||||
}
|
@ -1,93 +0,0 @@
|
||||
{ stdenv, lib, pkgs, fetchFromGitHub, writeText
|
||||
, openjdk20_headless, gradle_7, pkg-config, perl, cmake, gperf, gtk2, gtk3, libXtst
|
||||
, libXxf86vm, glib, alsa-lib, ffmpeg_4, python3, ruby
|
||||
, withMedia ? true
|
||||
, withWebKit ? false
|
||||
}:
|
||||
|
||||
let
|
||||
pname = "openjfx-modular-sdk";
|
||||
major = "20";
|
||||
update = ".0.2";
|
||||
build = "-ga";
|
||||
repover = "${major}${update}${build}";
|
||||
jdk = openjdk20_headless;
|
||||
gradle = gradle_7;
|
||||
|
||||
in stdenv.mkDerivation {
|
||||
inherit pname;
|
||||
version = "${major}${update}${build}";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "openjdk";
|
||||
repo = "jfx20u";
|
||||
rev = repover;
|
||||
hash = "sha256-3Hhz4i8fPU2yowb4roylCXzuO9HkW7ZWF9TMA3HIH9o=";
|
||||
};
|
||||
|
||||
buildInputs = [ gtk2 gtk3 libXtst libXxf86vm glib alsa-lib ffmpeg_4 ];
|
||||
nativeBuildInputs = [ gradle perl pkg-config cmake gperf python3 ruby ];
|
||||
|
||||
dontUseCmakeConfigure = true;
|
||||
|
||||
config = writeText "gradle.properties" ''
|
||||
CONF = Release
|
||||
JDK_HOME = ${jdk.home}
|
||||
COMPILE_MEDIA = ${lib.boolToString withMedia}
|
||||
COMPILE_WEBKIT = ${lib.boolToString withWebKit}
|
||||
'';
|
||||
|
||||
postPatch = ''
|
||||
# Add missing includes for gcc-13 for webkit build:
|
||||
sed -e '1i #include <cstdio>' \
|
||||
-i modules/javafx.web/src/main/native/Source/bmalloc/bmalloc/Heap.cpp \
|
||||
modules/javafx.web/src/main/native/Source/bmalloc/bmalloc/IsoSharedPageInlines.h
|
||||
|
||||
ln -s $config gradle.properties
|
||||
'';
|
||||
|
||||
mitmCache = gradle.fetchDeps {
|
||||
attrPath = "openjfx${major}";
|
||||
pkg = pkgs."openjfx${major}".override { withWebKit = true; };
|
||||
data = ./deps.json;
|
||||
};
|
||||
|
||||
__darwinAllowLocalNetworking = true;
|
||||
|
||||
preBuild = ''
|
||||
export NUMBER_OF_PROCESSORS=$NIX_BUILD_CORES
|
||||
export NIX_CFLAGS_COMPILE="$(pkg-config --cflags glib-2.0) $NIX_CFLAGS_COMPILE"
|
||||
'';
|
||||
|
||||
enableParallelBuilding = false;
|
||||
|
||||
gradleBuildTask = "sdk";
|
||||
|
||||
installPhase = ''
|
||||
cp -r build/modular-sdk $out
|
||||
'';
|
||||
|
||||
stripDebugList = [ "." ];
|
||||
|
||||
postFixup = ''
|
||||
# Remove references to bootstrap.
|
||||
export openjdkOutPath='${jdk.outPath}'
|
||||
find "$out" -name \*.so | while read lib; do
|
||||
new_refs="$(patchelf --print-rpath "$lib" | perl -pe 's,:?\Q$ENV{openjdkOutPath}\E[^:]*,,')"
|
||||
patchelf --set-rpath "$new_refs" "$lib"
|
||||
done
|
||||
'';
|
||||
|
||||
disallowedReferences = [ jdk gradle.jdk ];
|
||||
|
||||
meta = with lib; {
|
||||
homepage = "https://openjdk.org/projects/openjfx/";
|
||||
license = licenses.gpl2Classpath;
|
||||
description = "Next-generation Java client toolkit";
|
||||
maintainers = with maintainers; [ abbradar ];
|
||||
platforms = platforms.unix;
|
||||
knownVulnerabilities = [
|
||||
"This OpenJFX version has reached its end of life."
|
||||
];
|
||||
};
|
||||
}
|
152
pkgs/development/compilers/openjdk/openjfx/20/deps.json
generated
152
pkgs/development/compilers/openjdk/openjfx/20/deps.json
generated
@ -1,152 +0,0 @@
|
||||
{
|
||||
"!comment": "This is a nixpkgs Gradle dependency lockfile. For more details, refer to the Gradle section in the nixpkgs manual.",
|
||||
"!version": 1,
|
||||
"https://download.eclipse.org": {
|
||||
"eclipse/updates/4.6/R-4.6.3-201703010400/plugins/org.eclipse.swt.gtk.linux.x86_64_3.105.3.v20170228-0512": {
|
||||
"jar": "sha256-qWM1HV97griQxJlOFY2AVV2uOLAK87jXPzh1wh/zmLw="
|
||||
}
|
||||
},
|
||||
"https://github.com": {
|
||||
"unicode-org/icu/releases/download/release-71-1/icu4c-71_1-data-bin-l": {
|
||||
"zip": "sha256-pVWIy0BkICsthA5mxhR9SJQHleMNnaEcGl/AaLi5qZM="
|
||||
}
|
||||
},
|
||||
"https://repo.maven.apache.org/maven2": {
|
||||
"com/ibm/icu#icu4j/61.1": {
|
||||
"jar": "sha256-VcmOsYOLKku5oH3Da9N4Uy1k0M3LfO7pFCNoZqfeRGQ=",
|
||||
"pom": "sha256-E7h6QHnOsFUVsZrHoVIDlHB1YB1JQj9xk1ikmACYBWs="
|
||||
},
|
||||
"junit#junit/4.13.2": {
|
||||
"jar": "sha256-jklbY0Rp1k+4rPo0laBly6zIoP/1XOHjEAe+TBbcV9M=",
|
||||
"pom": "sha256-Vptpd+5GA8llwcRsMFj6bpaSkbAWDraWTdCSzYnq3ZQ="
|
||||
},
|
||||
"net/java#jvnet-parent/3": {
|
||||
"pom": "sha256-MPV4nvo53b+WCVqto/wSYMRWH68vcUaGcXyy3FBJR1o="
|
||||
},
|
||||
"org/abego/treelayout#org.abego.treelayout.core/1.0.3": {
|
||||
"jar": "sha256-+l4xOVw5wufUasoPgfcgYJMWB7L6Qb02A46yy2+5MyY=",
|
||||
"pom": "sha256-o7KyI3lDcDVeeSQzrwEvyZNmfAMxviusrYTbwJrOSgw="
|
||||
},
|
||||
"org/antlr#ST4/4.1": {
|
||||
"jar": "sha256-ixzK7Z7cVc0lXZwZxNjaR1bZtvy0NWcSkrQ0cLFtddg=",
|
||||
"pom": "sha256-cz5r2XyjTMbfk6QkPlEeVnPLm4jHSxiETgQqRdUWmHw="
|
||||
},
|
||||
"org/antlr#antlr-master/3.5.2": {
|
||||
"pom": "sha256-QtkaUx6lEA6wm1QaoALDuQjo8oK9c7bi9S83HvEzG9Y="
|
||||
},
|
||||
"org/antlr#antlr-runtime/3.5.2": {
|
||||
"jar": "sha256-zj/I7LEPOemjzdy7LONQ0nLZzT0LHhjm/nPDuTichzQ=",
|
||||
"pom": "sha256-RqnCIAu4sSvXEkqnpQl/9JCZkIMpyFGgTLIFFCCqfyU="
|
||||
},
|
||||
"org/antlr#antlr4-master/4.7.2": {
|
||||
"pom": "sha256-upnLJdI5DzhoDHUChCoO4JWdHmQD4BPM/2mP1YVu6tE="
|
||||
},
|
||||
"org/antlr#antlr4-runtime/4.7.2": {
|
||||
"jar": "sha256-TFGLh9S9/4tEzYy8GvgW6US2Kj/luAt4FQHPH0dZu8Q=",
|
||||
"pom": "sha256-3AnLqYwl08BuSuxRaIXUw68DBiulX0/mKD/JzxdqYPs="
|
||||
},
|
||||
"org/antlr#antlr4/4.7.2": {
|
||||
"pom": "sha256-z56zaUD6xEiBA4wb4/LFjgbmjRq/v9SmjTS72LrFV3E="
|
||||
},
|
||||
"org/antlr#antlr4/4.7.2/complete": {
|
||||
"jar": "sha256-aFI4bXl17/KRcdrgAswiMlFRDTXyka4neUjzgaezgLQ="
|
||||
},
|
||||
"org/apache#apache/13": {
|
||||
"pom": "sha256-/1E9sDYf1BI3vvR4SWi8FarkeNTsCpSW+BEHLMrzhB0="
|
||||
},
|
||||
"org/apache/lucene#lucene-core/7.7.3": {
|
||||
"jar": "sha256-jrAzNcGjxqixiN9012G6qDVplTWCq0QLU0yIRJ6o4N4=",
|
||||
"pom": "sha256-gvilIoHGyLp5dKy6rESzLXbiYAgvP0u+FlwPbkuJFCo="
|
||||
},
|
||||
"org/apache/lucene#lucene-grouping/7.7.3": {
|
||||
"jar": "sha256-L1vNY7JXQ9MMMTmGIk0Qf3XFKThxSVQlNRDFfT9nvrg=",
|
||||
"pom": "sha256-HwStk+IETUCP2SXu4K6ktKHvjAdXe0Jme7U2BgKCImU="
|
||||
},
|
||||
"org/apache/lucene#lucene-parent/7.7.3": {
|
||||
"pom": "sha256-6PrdU9XwBMQN3SNdQ4ZI5yxyVZn+4VQ+ViTV+1AQcwU="
|
||||
},
|
||||
"org/apache/lucene#lucene-queries/7.7.3": {
|
||||
"jar": "sha256-PLWS2wpulWnGrMvbiKmtex2nQo28p5Ia0cWlhl1bQiY=",
|
||||
"pom": "sha256-rkBsiiuw12SllERCefRiihl2vQlB551CzmTgmHxYnFA="
|
||||
},
|
||||
"org/apache/lucene#lucene-queryparser/7.7.3": {
|
||||
"jar": "sha256-F3XJ/o7dlobTt6ZHd4+kTqqW8cwMSZMVCHEz4amDnoQ=",
|
||||
"pom": "sha256-z2klkhWscjC5+tYKXInKDp9bm6rM7dFGlY/76Q9OsNI="
|
||||
},
|
||||
"org/apache/lucene#lucene-sandbox/7.7.3": {
|
||||
"jar": "sha256-VfG38J2uKwytMhw00Vw8/FmgIRviM/Yp0EbEK/FwErc=",
|
||||
"pom": "sha256-1vbdxsz1xvymRH1HD1BJ4WN6xje/HbWuDV8WaP34EiI="
|
||||
},
|
||||
"org/apache/lucene#lucene-solr-grandparent/7.7.3": {
|
||||
"pom": "sha256-Oig3WAynavNq99/i3B0zT8b/XybRDySJnbd3CtfP2f4="
|
||||
},
|
||||
"org/apiguardian#apiguardian-api/1.1.2": {
|
||||
"jar": "sha256-tQlEisUG1gcxnxglN/CzXXEAdYLsdBgyofER5bW3Czg=",
|
||||
"module": "sha256-4IAoExN1s1fR0oc06aT7QhbahLJAZByz7358fWKCI/w=",
|
||||
"pom": "sha256-MjVQgdEJCVw9XTdNWkO09MG3XVSemD71ByPidy5TAqA="
|
||||
},
|
||||
"org/glassfish#javax.json/1.0.4": {
|
||||
"jar": "sha256-Dh3sQKHt6WWUElHtqWiu7gUsxPUDeLwxbMSOgVm9vrQ=",
|
||||
"pom": "sha256-a6+Dg/+pi2bqls1b/B7H8teUY7uYrJgFKWSxIcIhLVQ="
|
||||
},
|
||||
"org/glassfish#json/1.0.4": {
|
||||
"pom": "sha256-bXxoQjEV+SFxjZRPhZkktMaFIX7AOkn3BFWossqpcuY="
|
||||
},
|
||||
"org/hamcrest#hamcrest-core/1.3": {
|
||||
"jar": "sha256-Zv3vkelzk0jfeglqo4SlaF9Oh1WEzOiThqekclHE2Ok=",
|
||||
"pom": "sha256-/eOGp5BRc6GxA95quCBydYS1DQ4yKC4nl3h8IKZP+pM="
|
||||
},
|
||||
"org/hamcrest#hamcrest-parent/1.3": {
|
||||
"pom": "sha256-bVNflO+2Y722gsnyelAzU5RogAlkK6epZ3UEvBvkEps="
|
||||
},
|
||||
"org/junit#junit-bom/5.8.1": {
|
||||
"module": "sha256-a4LLpSoTSxPBmC8M+WIsbUhTcdQLmJJG8xJOOwpbGFQ=",
|
||||
"pom": "sha256-733Ef45KFoZPR3lyjofteFOYGeT7iSdoqdprjvkD+GM="
|
||||
},
|
||||
"org/junit/jupiter#junit-jupiter-api/5.8.1": {
|
||||
"jar": "sha256-zjN0p++6YF4tK2mj/vkBNAMrqz7MPthXmkhxscLEcpw=",
|
||||
"module": "sha256-DWnbwja33Kq0ynNpqlYOmwqbvvf5WIgv+0hTPLunwJ0=",
|
||||
"pom": "sha256-d61+1KYwutH8h0agpuZ1wj+2lAsnq2LMyzTk/Pz+Ob8="
|
||||
},
|
||||
"org/junit/jupiter#junit-jupiter-engine/5.8.1": {
|
||||
"jar": "sha256-Rom8kCJVoZ/pgndoO6MjHAlNEHxUyNNfK2+cl9ImQY4=",
|
||||
"module": "sha256-aHkP7DP5ew7IQM9HrEDuDHLgVvEiyg88ZkZ0M0mTdpk=",
|
||||
"pom": "sha256-qjIKMYpyceMyYsSA/POZZbmobap2Zm63dTQrgOnN1F4="
|
||||
},
|
||||
"org/junit/jupiter#junit-jupiter-params/5.8.1": {
|
||||
"jar": "sha256-OJuNE6jYhy/L1PDrp7LEavxihBn5obKjqfkyQaBqchg=",
|
||||
"module": "sha256-Ek1gPG2AMzZtjKRxY2tEbji5zBvQEPMpVCNYGHr6hl4=",
|
||||
"pom": "sha256-OrrKWfvfJTMg9yRCwQPjnOQDjcEf6MSJ28ScwjoHHws="
|
||||
},
|
||||
"org/junit/jupiter#junit-jupiter/5.8.1": {
|
||||
"jar": "sha256-jxBJ7iSzShC2DNgQBICZ94HCZYzeIYHoMUlqswqYKYU=",
|
||||
"module": "sha256-LjS6TIWMOM0KNlr//syTKnGWzpOF4utUBZQuWBwV/1w=",
|
||||
"pom": "sha256-rssFDSMtOT9Az/EfjMMPUrZslQpB+IOSXIEULt7l9PU="
|
||||
},
|
||||
"org/junit/platform#junit-platform-commons/1.8.1": {
|
||||
"jar": "sha256-+k+mjIvVTdDLScP8vpsuQvTaa+2+fnzPKgXxoeYJtZM=",
|
||||
"module": "sha256-aY/QVBrLfv/GZZhI/Qx91QEKSfFfDBy6Q+U1gH+Q9ms=",
|
||||
"pom": "sha256-4ZcoLlLnANEriJie3FSJh0aTUC5KqJB6zwgpgBq6bUQ="
|
||||
},
|
||||
"org/junit/platform#junit-platform-engine/1.8.1": {
|
||||
"jar": "sha256-cCho7X6GubRnLt4PHhhekFusqa+rV3RqfGUL48e8oEc=",
|
||||
"module": "sha256-2fQgpkU5o+32D4DfDG/XIrdQcldEx5ykD30lrlbKS6Q=",
|
||||
"pom": "sha256-hqrU5ld1TkOgDfIm3VTIrsHsarZTP1ASGQfkZi3i5fI="
|
||||
},
|
||||
"org/junit/vintage#junit-vintage-engine/5.8.1": {
|
||||
"jar": "sha256-F2tTzRvb+SM+lsiwx6nluGQoL7veukO1zq/e2ymkkVY=",
|
||||
"module": "sha256-nOn6Lk7mp0DWEBAlMEYqcc4PqdLxQYUi5LK9tgcvZ5o=",
|
||||
"pom": "sha256-Ndc3M08dvouMVnZ/oVCKwbVEsB1P5cmXl76QA+5YGxI="
|
||||
},
|
||||
"org/opentest4j#opentest4j/1.2.0": {
|
||||
"jar": "sha256-WIEt5giY2Xb7ge87YtoFxmBMGP1KJJ9QRCgkefwoavI=",
|
||||
"pom": "sha256-qW5nGBbB/4gDvex0ySQfAlvfsnfaXStO4CJmQFk2+ZQ="
|
||||
},
|
||||
"org/sonatype/oss#oss-parent/7": {
|
||||
"pom": "sha256-tR+IZ8kranIkmVV/w6H96ne9+e9XRyL+kM5DailVlFQ="
|
||||
},
|
||||
"org/sonatype/oss#oss-parent/9": {
|
||||
"pom": "sha256-+0AmX5glSCEv+C42LllzKyGH7G8NgBgohcFO8fmCgno="
|
||||
}
|
||||
}
|
||||
}
|
@ -1,6 +1,6 @@
|
||||
{ stdenv, lib, pkgs, fetchFromGitHub, writeText
|
||||
, openjdk21_headless, gradle_7, pkg-config, perl, cmake, gperf, gtk2, gtk3, libXtst
|
||||
, libXxf86vm, glib, alsa-lib, ffmpeg_4, python3, ruby
|
||||
, libXxf86vm, glib, alsa-lib, ffmpeg_6, python3, ruby
|
||||
, withMedia ? true
|
||||
, withWebKit ? false
|
||||
}:
|
||||
@ -25,7 +25,7 @@ in stdenv.mkDerivation {
|
||||
hash = "sha256-7z0GIbkQwG9mXY9dssaicqaKpMo3FkNEpyAvkswoQQ4=";
|
||||
};
|
||||
|
||||
buildInputs = [ gtk2 gtk3 libXtst libXxf86vm glib alsa-lib ffmpeg_4 ];
|
||||
buildInputs = [ gtk2 gtk3 libXtst libXxf86vm glib alsa-lib ffmpeg_6 ];
|
||||
nativeBuildInputs = [ gradle perl pkg-config cmake gperf python3 ruby ];
|
||||
|
||||
dontUseCmakeConfigure = true;
|
||||
|
@ -15,7 +15,7 @@
|
||||
, libXxf86vm
|
||||
, glib
|
||||
, alsa-lib
|
||||
, ffmpeg_4
|
||||
, ffmpeg_6
|
||||
, python3
|
||||
, ruby
|
||||
, withMedia ? true
|
||||
@ -41,7 +41,7 @@ in stdenv.mkDerivation {
|
||||
hash = "sha256-VoEufSO+LciUCvoAM86MG1iMjCA3FSb60Ik4OP2Rk/Q=";
|
||||
};
|
||||
|
||||
buildInputs = [ gtk2 gtk3 libXtst libXxf86vm glib alsa-lib ffmpeg_4 ];
|
||||
buildInputs = [ gtk2 gtk3 libXtst libXxf86vm glib alsa-lib ffmpeg_6 ];
|
||||
nativeBuildInputs = [ gradle perl pkg-config cmake gperf python3 ruby ];
|
||||
|
||||
dontUseCmakeConfigure = true;
|
||||
|
@ -0,0 +1,70 @@
|
||||
Backported from <https://github.com/openjdk/jfx/pull/1259>.
|
||||
|
||||
Original author: Alexander Matveev <alexander.matveev@oracle.com>
|
||||
|
||||
diff --git a/build.gradle b/build.gradle
|
||||
index 82dc7a7fa9..d1ae3b401f 100644
|
||||
--- a/build.gradle
|
||||
+++ b/build.gradle
|
||||
@@ -3342,6 +3342,7 @@
|
||||
media name: "ffmpeg-3.3.3", ext: "tar.gz"
|
||||
media name: "ffmpeg-4.0.2", ext: "tar.gz"
|
||||
media name: "ffmpeg-5.1.2", ext: "tar.gz"
|
||||
+ media name: "ffmpeg-6.0", ext: "tar.gz"
|
||||
}
|
||||
implementation project(":base")
|
||||
implementation project(":graphics")
|
||||
@@ -3484,7 +3485,7 @@
|
||||
if (t.name == "linux") {
|
||||
// Pre-defined command line arguments
|
||||
def cfgCMDArgs = ["sh", "configure"]
|
||||
- def commonCfgArgs = ["--enable-shared", "--disable-debug", "--disable-static", "--disable-yasm", "--disable-doc", "--disable-programs", "--disable-everything"]
|
||||
+ def commonCfgArgs = ["--enable-shared", "--disable-debug", "--disable-static", "--disable-asm", "--disable-doc", "--disable-programs", "--disable-everything"]
|
||||
def codecsCfgArgs = ["--enable-decoder=aac,mp3,mp3float,h264", "--enable-parser=aac,h264", "--enable-demuxer=aac,h264,mpegts,mpegtsraw"]
|
||||
|
||||
def copyLibAVStubs = {String fromDir, String toDir ->
|
||||
@@ -3688,8 +3689,8 @@
|
||||
doLast {
|
||||
project.ext.libav = [:]
|
||||
project.ext.libav.basedir = "${buildDir}/native/linux/ffmpeg"
|
||||
- project.ext.libav.versions = [ "3.3.3", "4.0.2", "5.1.2" ]
|
||||
- project.ext.libav.versionmap = [ "3.3.3" : "57", "4.0.2" : "58", "5.1.2" : "59" ]
|
||||
+ project.ext.libav.versions = [ "3.3.3", "4.0.2", "5.1.2", "6.0" ]
|
||||
+ project.ext.libav.versionmap = [ "3.3.3" : "57", "4.0.2" : "58", "5.1.2" : "59", "6.0" : "60" ]
|
||||
|
||||
libav.versions.each { version ->
|
||||
def libavDir = "${libav.basedir}/ffmpeg-${version}"
|
||||
@@ -3769,7 +3770,7 @@
|
||||
project.ext.libav.libavffmpeg.versions = [ "56" ]
|
||||
project.ext.libav.ffmpeg = [:]
|
||||
project.ext.libav.ffmpeg.basedir = "${buildDir}/native/linux/ffmpeg/ffmpeg"
|
||||
- project.ext.libav.ffmpeg.versions = [ "57", "58", "59" ]
|
||||
+ project.ext.libav.ffmpeg.versions = [ "57", "58", "59", "60" ]
|
||||
|
||||
project.ext.libav.versions.each { version ->
|
||||
def libavDir = "${project.ext.libav.basedir}-${version}"
|
||||
diff --git a/modules/javafx.media/src/main/java/com/sun/media/jfxmediaimpl/NativeMediaManager.java b/modules/javafx.media/src/main/java/com/sun/media/jfxmediaimpl/NativeMediaManager.java
|
||||
index 05f98ad3d1..b05bb68341 100644
|
||||
--- a/modules/javafx.media/src/main/java/com/sun/media/jfxmediaimpl/NativeMediaManager.java
|
||||
+++ b/modules/javafx.media/src/main/java/com/sun/media/jfxmediaimpl/NativeMediaManager.java
|
||||
@@ -125,6 +125,7 @@
|
||||
dependencies.add("avplugin-ffmpeg-57");
|
||||
dependencies.add("avplugin-ffmpeg-58");
|
||||
dependencies.add("avplugin-ffmpeg-59");
|
||||
+ dependencies.add("avplugin-ffmpeg-60");
|
||||
}
|
||||
if (HostUtils.isMacOSX()) {
|
||||
dependencies.add("fxplugins");
|
||||
diff --git a/modules/javafx.media/src/main/native/gstreamer/gstreamer-lite/gstreamer/gst/gstregistry.c b/modules/javafx.media/src/main/native/gstreamer/gstreamer-lite/gstreamer/gst/gstregistry.c
|
||||
index 9f67de9062..ee64e4bafd 100644
|
||||
--- a/modules/javafx.media/src/main/native/gstreamer/gstreamer-lite/gstreamer/gst/gstregistry.c
|
||||
+++ b/modules/javafx.media/src/main/native/gstreamer/gstreamer-lite/gstreamer/gst/gstregistry.c
|
||||
@@ -146,7 +146,7 @@
|
||||
// For ffmpeg (libavcodec-ffmpeg.so)
|
||||
static const int AVCODEC_FFMPEG_EXPLICIT_VERSIONS[] = { 56 };
|
||||
// For libav or ffmpeg (libavcodec.so)
|
||||
-static const int AVCODEC_EXPLICIT_VERSIONS[] = { 57, 58, 59 };
|
||||
+static const int AVCODEC_EXPLICIT_VERSIONS[] = { 57, 58, 59, 60 };
|
||||
|
||||
/*
|
||||
* Callback passed to dl_iterate_phdr(): finds the path of
|
@ -6,7 +6,7 @@ import re
|
||||
import requests
|
||||
import sys
|
||||
|
||||
feature_versions = (8, 11, 16, 17, 21)
|
||||
feature_versions = (8, 11, 17, 21)
|
||||
oses = ("mac", "linux")
|
||||
types = ("jre", "jdk")
|
||||
impls = ("openj9",)
|
||||
|
@ -4,15 +4,13 @@ let
|
||||
sources = (lib.importJSON ./sources.json).openj9.mac;
|
||||
common = opts: callPackage (import ./jdk-darwin-base.nix opts) {};
|
||||
|
||||
EOL = [ "This JDK/JRE version has reached End of Life." ];
|
||||
# EOL = [ "This JDK/JRE version has reached End of Life." ];
|
||||
in
|
||||
{
|
||||
jdk-8 = common { sourcePerArch = sources.jdk.openjdk8; };
|
||||
jre-8 = common { sourcePerArch = sources.jre.openjdk8; };
|
||||
jdk-11 = common { sourcePerArch = sources.jdk.openjdk11; };
|
||||
jre-11 = common { sourcePerArch = sources.jre.openjdk11; };
|
||||
jdk-16 = common { sourcePerArch = sources.jdk.openjdk16; knownVulnerabilities = EOL; };
|
||||
jre-16 = common { sourcePerArch = sources.jre.openjdk16; knownVulnerabilities = EOL; };
|
||||
jdk-17 = common { sourcePerArch = sources.jdk.openjdk17; };
|
||||
jre-17 = common { sourcePerArch = sources.jre.openjdk17; };
|
||||
jdk-21 = common { sourcePerArch = sources.jdk.openjdk21; };
|
||||
|
@ -4,15 +4,13 @@ let
|
||||
sources = (lib.importJSON ./sources.json).openj9.linux;
|
||||
common = opts: callPackage (import ./jdk-linux-base.nix opts) {};
|
||||
|
||||
EOL = [ "This JDK/JRE version has reached End of Life." ];
|
||||
# EOL = [ "This JDK/JRE version has reached End of Life." ];
|
||||
in
|
||||
{
|
||||
jdk-8 = common { sourcePerArch = sources.jdk.openjdk8; };
|
||||
jre-8 = common { sourcePerArch = sources.jre.openjdk8; };
|
||||
jdk-11 = common { sourcePerArch = sources.jdk.openjdk11; };
|
||||
jre-11 = common { sourcePerArch = sources.jre.openjdk11; };
|
||||
jdk-16 = common { sourcePerArch = sources.jdk.openjdk16; knownVulnerabilities = EOL; };
|
||||
jre-16 = common { sourcePerArch = sources.jre.openjdk16; knownVulnerabilities = EOL; };
|
||||
jdk-17 = common { sourcePerArch = sources.jdk.openjdk17; };
|
||||
jre-17 = common { sourcePerArch = sources.jre.openjdk17; };
|
||||
jdk-21 = common { sourcePerArch = sources.jdk.openjdk21; };
|
||||
|
@ -6,7 +6,7 @@ import re
|
||||
import requests
|
||||
import sys
|
||||
|
||||
feature_versions = (8, 11, 16, 17, 18, 19, 20, 21, 22)
|
||||
feature_versions = (8, 11, 17, 21, 22)
|
||||
oses = ("mac", "linux", "alpine-linux")
|
||||
types = ("jre", "jdk")
|
||||
impls = ("hotspot",)
|
||||
|
@ -4,7 +4,7 @@ let
|
||||
sources = (lib.importJSON ./sources.json).hotspot.mac;
|
||||
common = opts: callPackage (import ./jdk-darwin-base.nix opts) { };
|
||||
|
||||
EOL = [ "This JDK version has reached End of Life." ];
|
||||
# EOL = [ "This JDK version has reached End of Life." ];
|
||||
in
|
||||
{
|
||||
jdk-8 = common { sourcePerArch = sources.jdk.openjdk8; };
|
||||
@ -13,20 +13,9 @@ in
|
||||
jdk-11 = common { sourcePerArch = sources.jdk.openjdk11; };
|
||||
jre-11 = common { sourcePerArch = sources.jre.openjdk11; };
|
||||
|
||||
jdk-16 = common { sourcePerArch = sources.jdk.openjdk16; knownVulnerabilities = EOL; };
|
||||
|
||||
jdk-17 = common { sourcePerArch = sources.jdk.openjdk17; };
|
||||
jre-17 = common { sourcePerArch = sources.jre.openjdk17; };
|
||||
|
||||
jdk-18 = common { sourcePerArch = sources.jdk.openjdk18; knownVulnerabilities = EOL; };
|
||||
jre-18 = common { sourcePerArch = sources.jre.openjdk18; knownVulnerabilities = EOL; };
|
||||
|
||||
jdk-19 = common { sourcePerArch = sources.jdk.openjdk19; knownVulnerabilities = EOL; };
|
||||
jre-19 = common { sourcePerArch = sources.jre.openjdk19; knownVulnerabilities = EOL; };
|
||||
|
||||
jdk-20 = common { sourcePerArch = sources.jdk.openjdk20; knownVulnerabilities = EOL; };
|
||||
jre-20 = common { sourcePerArch = sources.jre.openjdk20; knownVulnerabilities = EOL; };
|
||||
|
||||
jdk-21 = common { sourcePerArch = sources.jdk.openjdk21; };
|
||||
jre-21 = common { sourcePerArch = sources.jre.openjdk21; };
|
||||
|
||||
|
@ -5,7 +5,7 @@ let
|
||||
sources = (lib.importJSON ./sources.json).hotspot.${variant};
|
||||
common = opts: callPackage (import ./jdk-linux-base.nix opts) { };
|
||||
|
||||
EOL = [ "This JDK version has reached End of Life." ];
|
||||
# EOL = [ "This JDK version has reached End of Life." ];
|
||||
in
|
||||
{
|
||||
jdk-8 = common { sourcePerArch = sources.jdk.openjdk8; };
|
||||
@ -14,20 +14,9 @@ in
|
||||
jdk-11 = common { sourcePerArch = sources.jdk.openjdk11; };
|
||||
jre-11 = common { sourcePerArch = sources.jre.openjdk11; };
|
||||
|
||||
jdk-16 = common { sourcePerArch = sources.jdk.openjdk16; knownVulnerabilities = EOL; };
|
||||
|
||||
jdk-17 = common { sourcePerArch = sources.jdk.openjdk17; };
|
||||
jre-17 = common { sourcePerArch = sources.jre.openjdk17; };
|
||||
|
||||
jdk-18 = common { sourcePerArch = sources.jdk.openjdk18; knownVulnerabilities = EOL; };
|
||||
jre-18 = common { sourcePerArch = sources.jre.openjdk18; knownVulnerabilities = EOL; };
|
||||
|
||||
jdk-19 = common { sourcePerArch = sources.jdk.openjdk19; knownVulnerabilities = EOL; };
|
||||
jre-19 = common { sourcePerArch = sources.jre.openjdk19; knownVulnerabilities = EOL; };
|
||||
|
||||
jdk-20 = common { sourcePerArch = sources.jdk.openjdk20; knownVulnerabilities = EOL; };
|
||||
jre-20 = common { sourcePerArch = sources.jre.openjdk20; knownVulnerabilities = EOL; };
|
||||
|
||||
jdk-21 = common { sourcePerArch = sources.jdk.openjdk21; };
|
||||
jre-21 = common { sourcePerArch = sources.jre.openjdk21; };
|
||||
|
||||
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue
Block a user