dev/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Actions2 Packages Projects Releases Wiki Activity

Merge master into staging-next

Browse Source
This commit is contained in:
github-actions[bot] 2024-08-01 18:01:06 +00:00 committed by GitHub
commit 5dd750a09a
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
138 changed files with 3397 additions and 3236 deletions
.github/workflows
basic-eval.ymlcheck-by-name.ymlcheck-cherry-picks.ymlcheck-maintainers-sorted.yamlcheck-nix-format.ymlcheck-nixf-tidy.ymlcheck-shell.ymleditorconfig.ymllabels.ymlmanual-nixos.ymlmanual-nixpkgs.ymlnix-parse.ymlofborg-pending.yml
maintainers
maintainer-list.nix
nixos
modules
programs
tmux.nix
services
misc
forgejo.nix
networking
deconz.nix
tests
all-tests.nixforgejo.nix
pkgs
applications
audio/lsp-plugins
default.nix
editors/android-studio
default.nix
networking
browsers/chromium
upstream-info.nix
cluster
helm/plugins
helm-unittest.nix
helmfile
default.nix
qubes/qubes-core-vchan-xen
default.nix
science/logic/bitwuzla
default.nix
virtualization/xen
0000-fix-install-python.4.15.patch0000-qemu-seabios-enable-ATA_DMA.patch0004-makefile-use-efi-ld.4.15.patch0005-makefile-fix-efi-mountdir-use.4.15.patch4.15.nix
4.16
0000-xen-ipxe-src-4.16.patchdefault.nix
4.17
0000-xen-ipxe-src-4.17.patchdefault.nix
4.18
0000-xen-ipxe-src-4.18.patchdefault.nix
4.19
0000-xen-ipxe-src-4.19.patchdefault.nix
README.mdgeneric.nixpackages.nixpatches.nixupdate.shxsa-patches.nix
by-name
ar/art
package.nix
ay/ayatana-indicator-messages
package.nix
bn/bngblaster
package.nix
cp/cppitertools
package.nix
di/digikam
package.nix
ei/eiwd
package.nix
fo
fooyin
package.nix
forgejo
generic.nixlts.nixpackage-json-npm-build-frontend.patchpackage.nix
gf/gfal2
package.nix
in/influxdb-cxx
package.nix
li/libdict
package.nix
ne/neovim-unwrapped
package.nix
pa
packer
package.nix
parallel-hashmap
package.nix
se
sequoia-sq
package.nix
sequoia-wot
package.nix
wa/wakatime-cli
package.nix
desktops
lomiri
applications
lomiri-system-settings
default.nix
plugins
lomiri-system-settings-security-privacy.nix
lomiri
default.nix
morph-browser
default.nix
development
trust-store
default.nix
u1db-qt
default.nix
qml/lomiri-settings-components
default.nix
services
biometryd
default.nix
lomiri-indicator-network
default.nix
lomiri-thumbnailer
default.nix
mediascanner2
default.nix
pantheon/artwork/elementary-gtk-theme
default.nix
development/compilers
corretto
19.nix
ligo
default.nixmake-compatible-with-linol-0_6.patch
openjdk
18.nix19.nix20.nix
openjfx
11
default.nix
15
default.nixdeps.json
17
default.nix
19
default.nixdeps.json
20
default.nixdeps.json
21
default.nix
22
default.nix
backport-ffmpeg-6-support-jfx11.patch
semeru-bin
generate-sources.pyjdk-darwin.nixjdk-linux.nix
temurin-bin
generate-sources.pyjdk-darwin.nixjdk-linux.nix
Show More

1
.github/workflows/basic-eval.yml vendored
View File

@ -15,6 +15,7 @@ permissions:
jobs:
tests:
name: basic-eval-checks
runs-on: ubuntu-latest
# we don't limit this action to only NixOS repo since the checks are cheap and useful developer feedback
steps:

1
.github/workflows/check-by-name.yml vendored
View File

@ -27,6 +27,7 @@ permissions: {}
jobs:
check:
name: pkgs-by-name-check
# This needs to be x86_64-linux, because we depend on the tooling being pre-built in the GitHub releases
runs-on: ubuntu-latest
# This should take 1 minute at most, but let's be generous.

1
.github/workflows/check-cherry-picks.yml vendored
View File

@ -10,6 +10,7 @@ permissions: {}
jobs:
check:
name: cherry-pick-check
runs-on: ubuntu-latest
if: github.repository_owner == 'NixOS'
steps:

1
.github/workflows/check-maintainers-sorted.yaml vendored
View File

@ -9,6 +9,7 @@ permissions:
jobs:
nixos:
name: maintainer-list-check
runs-on: ubuntu-latest
if: github.repository_owner == 'NixOS'
steps:

1
.github/workflows/check-nix-format.yml vendored
View File

@ -14,6 +14,7 @@ permissions:
jobs:
nixos:
name: nixfmt-check
runs-on: ubuntu-latest
if: "!contains(github.event.pull_request.title, '[skip treewide]')"
steps:

1
.github/workflows/check-nixf-tidy.yml vendored
View File

@ -8,6 +8,7 @@ permissions:
jobs:
nixos:
name: exp-nixf-tidy-check
runs-on: ubuntu-latest
if: "!contains(github.event.pull_request.title, '[skip treewide]')"
steps:

2
.github/workflows/check-shell.yml vendored
View File

@ -7,6 +7,7 @@ permissions: {}
jobs:
x86_64-linux:
name: shell-check-x86_64-linux
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
@ -18,6 +19,7 @@ jobs:
run: nix-build shell.nix
aarch64-darwin:
name: shell-check-aarch64-darwin
runs-on: macos-latest
steps:
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7

1
.github/workflows/editorconfig.yml vendored
View File

@ -10,6 +10,7 @@ on:
jobs:
tests:
name: editorconfig-check
runs-on: ubuntu-latest
if: "github.repository_owner == 'NixOS' && !contains(github.event.pull_request.title, '[skip treewide]')"
steps:

1
.github/workflows/labels.yml vendored
View File

@ -15,6 +15,7 @@ permissions:
jobs:
labels:
name: label-pr
runs-on: ubuntu-latest
if: "github.repository_owner == 'NixOS' && !contains(github.event.pull_request.title, '[skip treewide]')"
steps:

1
.github/workflows/manual-nixos.yml vendored
View File

@ -11,6 +11,7 @@ on:
jobs:
nixos:
name: nixos-manual-build
runs-on: ubuntu-latest
if: github.repository_owner == 'NixOS'
steps:

1
.github/workflows/manual-nixpkgs.yml vendored
View File

@ -13,6 +13,7 @@ on:
jobs:
nixpkgs:
name: nixpkgs-manual-build
runs-on: ubuntu-latest
if: github.repository_owner == 'NixOS'
steps:

1
.github/workflows/nix-parse.yml vendored
View File

@ -10,6 +10,7 @@ on:
jobs:
tests:
name: nix-files-parseable-check
runs-on: ubuntu-latest
if: "github.repository_owner == 'NixOS' && !contains(github.event.pull_request.title, '[skip treewide]')"
steps:

1
.github/workflows/ofborg-pending.yml vendored
View File

@ -16,6 +16,7 @@ permissions:
jobs:
action:
name: set-ofborg-pending
if: github.repository_owner == 'NixOS'
permissions:
statuses: write

6
maintainers/maintainer-list.nix
View File

@ -8435,6 +8435,12 @@
githubId = 19296926;
keys = [ { fingerprint = "DF12 23B1 A9FD C5BE 3DA5 B6F7 904A F1C7 CDF6 95C3"; } ];
};
hxtmdev = {
email = "daniel@hxtm.dev";
name = "Daniel Höxtermann";
github = "hxtmdev";
githubId = 7771007;
};
hypersw = {
email = "baltic@hypersw.net";
github = "hypersw";

4
nixos/modules/programs/tmux.nix
View File

@ -16,6 +16,7 @@ let
set -g default-terminal "${cfg.terminal}"
set -g base-index ${toString cfg.baseIndex}
setw -g pane-base-index ${toString cfg.baseIndex}
set -g history-limit ${toString cfg.historyLimit}
${optionalString cfg.newSession "new-session"}
@ -50,7 +51,6 @@ let
setw -g aggressive-resize ${boolToStr cfg.aggressiveResize}
setw -g clock-mode-style ${if cfg.clock24 then "24" else "12"}
set -s escape-time ${toString cfg.escapeTime}
set -g history-limit ${toString cfg.historyLimit}
${cfg.extraConfigBeforePlugins}
@ -230,4 +230,6 @@ in {
imports = [
(lib.mkRenamedOptionModule [ "programs" "tmux" "extraTmuxConf" ] [ "programs" "tmux" "extraConfig" ])
];
meta.maintainers = with lib.maintainers; [ hxtmdev ];
}

2
nixos/modules/services/misc/forgejo.nix
View File

@ -66,7 +66,7 @@ in
services.forgejo = {
enable = mkEnableOption "Forgejo, a software forge";
package = mkPackageOption pkgs "forgejo" { };
package = mkPackageOption pkgs "forgejo-lts" { };
useWizard = mkOption {
default = false;

2
nixos/modules/services/networking/deconz.nix
View File

@ -14,7 +14,7 @@ in
{
options.services.deconz = {
enable = lib.mkEnableOption "deCONZ, a Zigbee gateway for use with ConBee hardware (https://phoscon.de/en/conbee2)";
enable = lib.mkEnableOption "deCONZ, a Zigbee gateway for use with ConBee/RaspBee hardware (https://phoscon.de/)";
package = lib.mkOption {
type = lib.types.package;

3
nixos/tests/all-tests.nix
View File

@ -342,7 +342,8 @@ in {
fluentd = handleTest ./fluentd.nix {};
fluidd = handleTest ./fluidd.nix {};
fontconfig-default-fonts = handleTest ./fontconfig-default-fonts.nix {};
forgejo = handleTest ./forgejo.nix { };
forgejo = handleTest ./forgejo.nix { forgejoPackage = pkgs.forgejo; };
forgejo-lts = handleTest ./forgejo.nix { forgejoPackage = pkgs.forgejo-lts; };
freenet = handleTest ./freenet.nix {};
freeswitch = handleTest ./freeswitch.nix {};
freetube = discoverTests (import ./freetube.nix);

4
nixos/tests/forgejo.nix
View File

@ -1,6 +1,7 @@
{ system ? builtins.currentSystem
, config ? { }
, pkgs ? import ../.. { inherit system config; }
, forgejoPackage ? pkgs.forgejo
}:
with import ../lib/testing-python.nix { inherit system pkgs; };
@ -53,6 +54,7 @@ let
virtualisation.memorySize = 2047;
services.forgejo = {
enable = true;
package = forgejoPackage;
database = { inherit type; };
settings.service.DISABLE_REGISTRATION = true;
settings."repository.signing".SIGNING_KEY = signingPrivateKeyId;
@ -145,7 +147,7 @@ let
assert "BEGIN PGP PUBLIC KEY BLOCK" in server.succeed("curl http://localhost:3000/api/v1/signing-key.gpg")
api_version = json.loads(server.succeed("curl http://localhost:3000/api/forgejo/v1/version")).get("version")
assert "development" != api_version and "${pkgs.forgejo.version}+gitea-" in api_version, (
assert "development" != api_version and "${forgejoPackage.version}+gitea-" in api_version, (
"/api/forgejo/v1/version should not return 'development' "
+ f"but should contain a forgejo+gitea compatibility version string. Got '{api_version}' instead."
)

4
pkgs/applications/audio/lsp-plugins/default.nix
View File

@ -8,13 +8,13 @@ stdenv.mkDerivation rec {
version = "1.2.16";
src = fetchurl {
url = "https://github.com/sadko4u/${pname}/releases/download/${version}/${pname}-src-${version}.tar.gz";
url = "https://github.com/lsp-plugins/lsp-plugins/releases/download/${version}/lsp-plugins-src-${version}.tar.gz";
sha256 = "sha256-w2BUIF44z78syLroQk2asVXA5bt9P9POiuwxpnlkc8o=";
};
outputs = [ "out" "dev" "doc" ];
nativeBuildInputs = [ pkg-config php makeWrapper ];
nativeBuildInputs = [ pkg-config (php.withExtensions (_: [])) makeWrapper ];
buildInputs = [ jack2 libsndfile libGLU libGL lv2 cairo ladspaH libXrandr ];
makeFlags = [

8
pkgs/applications/editors/android-studio/default.nix
View File

@ -13,12 +13,12 @@ let
sha256Hash = "sha256-Qvi/Mc4NEk3dERlfZiowBk2Pmqsgbl5mg56HamvG7aI=";
};
betaVersion = {
version = "2024.1.2.9"; # "Android Studio Koala Feature Drop | 2024.1.2 Beta 1"
sha256Hash = "sha256-eTnpU9KrquW4nMRqde9PUmVQ05kf6kFy1yr+Ima9M50=";
version = "2024.1.2.10"; # "Android Studio Koala Feature Drop | 2024.1.2 Beta 2"
sha256Hash = "sha256-/LrHYyrOPfnSliM5XUOzENjJ+G+M1Ajw31tFAOsbfnQ=";
};
latestVersion = {
version = "2024.1.3.1"; # "Android Studio Ladybug | 2024.1.3 Canary 1"
sha256Hash = "sha256-BSrcPdkK4dU5/bV29NGKcCR10XYMJrPvC91fcJs5Vq8=";
version = "2024.1.3.3"; # "Android Studio Ladybug | 2024.1.3 Canary 3"
sha256Hash = "sha256-Ps3jMtNAdfPitFeXIFKpjSyM4si4tp4MrS3r5VURFh4=";
};
in {
# Attributes are named by their corresponding release channels

20
pkgs/applications/networking/browsers/chromium/upstream-info.nix
View File

@ -1,11 +1,11 @@
{
stable = {
chromedriver = {
hash_darwin = "sha256-c/lMkOdoW/tX57opl/weJGh/iyUeTTF5Xejs7IpA+Qg=";
hash_darwin = "sha256-BW83pgPJiKxdQ1K4+8KMDGBqvR+J3i+8AZmKfnYSmWk=";
hash_darwin_aarch64 =
"sha256-sst73OxUsrs2yWA72qdonARGi/W0FYObNfolidCiXio=";
hash_linux = "sha256-p5cQmMdte7TfTPohg+rpIsyyYk1OKSNb0BwaMWmHuCo=";
version = "127.0.6533.72";
"sha256-ZGZy4VDNRXJBMLtAhRUybssWRXSfEUWVRsF+etfhdzQ=";
hash_linux = "sha256-1gM4KqzacJ13X5NmBn2hW6L/a7zN21rSZBk6a0IjCow=";
version = "127.0.6533.88";
};
deps = {
gn = {
@ -15,8 +15,8 @@
version = "2024-06-06";
};
};
hash = "sha256-m99HaGCuIihDdbVnmu6xatnC/QDxgLVby2TWY/L+RHk=";
version = "127.0.6533.72";
hash = "sha256-nZZ2yrVu+0TloMaM455bmyeoeVnfeGR3EGubAf8snNU=";
version = "127.0.6533.88";
};
ungoogled-chromium = {
deps = {
@ -27,11 +27,11 @@
version = "2024-06-06";
};
ungoogled-patches = {
hash = "sha256-IBdOV+eFJWD+kCxnhSWWjiBgMbP/DxF+gUVIIpWf4rc=";
rev = "127.0.6533.72-1";
hash = "sha256-4LfYBqFQ/e/ePaOTSFBpELt0ilo/Vohwnwp8FvkfavU=";
rev = "127.0.6533.88-1";
};
};
hash = "sha256-m99HaGCuIihDdbVnmu6xatnC/QDxgLVby2TWY/L+RHk=";
version = "127.0.6533.72";
hash = "sha256-nZZ2yrVu+0TloMaM455bmyeoeVnfeGR3EGubAf8snNU=";
version = "127.0.6533.88";
};
}

6
pkgs/applications/networking/cluster/helm/plugins/helm-unittest.nix
View File

@ -2,16 +2,16 @@
buildGoModule rec {
pname = "helm-unittest";
version = "0.5.1";
version = "0.5.2";
src = fetchFromGitHub {
owner = pname;
repo = pname;
rev = "v${version}";
hash = "sha256-YWzjv1/I+LX3AMeQenI36AsNJkZ6IzbMhM/f5/Kxs2M=";
hash = "sha256-xA0dA8q7ZDQk35VjyIsJFbm3OlagnIbJ/iz5z2KsxjU=";
};
vendorHash = "sha256-A2izHBh58yPd2XPm4GKVosPtahUtQ35GbyBdr/L13CQ=";
vendorHash = "sha256-hSnTjEvi1Lexp7wAogqeoXWDCg/bvblw0bt1/lX9iR0=";
# NOTE: Remove the install and upgrade hooks.
postPatch = ''

6
pkgs/applications/networking/cluster/helmfile/default.nix
View File

@ -8,16 +8,16 @@
buildGoModule rec {
pname = "helmfile";
version = "0.166.0";
version = "0.167.0";
src = fetchFromGitHub {
owner = "helmfile";
repo = "helmfile";
rev = "v${version}";
hash = "sha256-TZskvZyNihklCJB0yMFXk1bLEuhetQvJ+6uLnYiLBs0=";
hash = "sha256-a3HkpnO54NtaYhQsCXye2aWKhMq8mRj1nnevwK/4RZs=";
};
vendorHash = "sha256-Ny7r9G3Y5SuigIKkXra5Xn08QIlhzFASXGMMc+g1S/E=";
vendorHash = "sha256-2d0B/qq0uERCFgTJDxvhc2FWQ/ffODbD1Z6aFWHX0Ew=";
proxyVendor = true; # darwin/linux hash mismatch

3
pkgs/applications/qubes/qubes-core-vchan-xen/default.nix
View File

@ -28,8 +28,9 @@ stdenv.mkDerivation rec {
description = "Libraries required for the higher-level Qubes daemons and tools";
homepage = "https://qubes-os.org";
license = licenses.gpl2Plus;
maintainers = with maintainers; [ _0x4A6F ];
maintainers = [ ];
platforms = platforms.linux;
broken = true;
};
}

2
pkgs/applications/science/logic/bitwuzla/default.nix
View File

@ -43,7 +43,7 @@ stdenv.mkDerivation (finalAttrs: {
# but setting it to shared works even in pkgsStatic
"-Ddefault_library=shared"
(lib.strings.mesonEnable "testing" finalAttrs.doCheck)
(lib.strings.mesonEnable "testing" finalAttrs.finalPackage.doCheck)
];
nativeCheckInputs = [ python3 ];

16
pkgs/applications/virtualization/xen/0000-fix-install-python.4.15.patch
View File

@ -1,16 +0,0 @@
tools/python/install-wrap script brakes shebangs patching, disable
diff --git a/tools/Rules.mk b/tools/Rules.mk
index 444e5bacdd..c99ea959ff 100644
--- a/tools/Rules.mk
+++ b/tools/Rules.mk
@@ -135,8 +135,7 @@ CFLAGS += $(CFLAGS-y)
CFLAGS += $(EXTRA_CFLAGS_XEN_TOOLS)
-INSTALL_PYTHON_PROG = \
- $(XEN_ROOT)/tools/python/install-wrap "$(PYTHON_PATH)" $(INSTALL_PROG)
+INSTALL_PYTHON_PROG = $(INSTALL_PROG)
%.opic: %.c
$(CC) $(CPPFLAGS) -DPIC $(CFLAGS) $(CFLAGS_$*.opic) -fPIC -c -o $@ $< $(APPEND_CFLAGS)

19
pkgs/applications/virtualization/xen/0000-qemu-seabios-enable-ATA_DMA.patch
View File

@ -1,19 +0,0 @@
diff -uNr a/src/Kconfig b/src/Kconfig
--- a/src/Kconfig 2015-08-31 10:15:13.231134858 +0200
+++ b/src/Kconfig 2015-08-31 10:14:24.039180178 +0200
@@ -144,13 +144,13 @@
config ATA_DMA
depends on ATA
bool "ATA DMA"
- default n
+ default y
help
Detect and try to use ATA bus mastering DMA controllers.
config ATA_PIO32
depends on ATA
bool "ATA 32bit PIO"
- default n
+ default y
help
Use 32bit PIO accesses on ATA (minor optimization on PCI transfers).
config AHCI

42
pkgs/applications/virtualization/xen/0004-makefile-use-efi-ld.4.15.patch
View File

@ -1,42 +0,0 @@
diff --git a/xen/arch/x86/Makefile b/xen/arch/x86/Makefile
index b6567c4127..83defeee95 100644
--- a/xen/arch/x86/Makefile
+++ b/xen/arch/x86/Makefile
@@ -124,11 +124,11 @@ ifneq ($(efi-y),)
export XEN_BUILD_EFI := $(shell $(CC) $(XEN_CFLAGS) -c efi/check.c -o efi/check.o 2>/dev/null && echo y)
# Check if the linker supports PE.
EFI_LDFLAGS = $(patsubst -m%,-mi386pep,$(XEN_LDFLAGS)) --subsystem=10 --strip-debug
-XEN_BUILD_PE := $(if $(XEN_BUILD_EFI),$(shell $(LD) $(EFI_LDFLAGS) -o efi/check.efi efi/check.o 2>/dev/null && echo y))
+XEN_BUILD_PE := $(if $(XEN_BUILD_EFI),$(shell $(EFI_LD) $(EFI_LDFLAGS) -o efi/check.efi efi/check.o 2>/dev/null && echo y))
CFLAGS-$(XEN_BUILD_EFI) += -DXEN_BUILD_EFI
# Check if the linker produces fixups in PE by default (we need to disable it doing so for now).
XEN_NO_PE_FIXUPS := $(if $(XEN_BUILD_EFI), \
- $(shell $(LD) $(EFI_LDFLAGS) --disable-reloc-section -o efi/check.efi efi/check.o 2>/dev/null && \
+ $(shell $(EFI_LD) $(EFI_LDFLAGS) --disable-reloc-section -o efi/check.efi efi/check.o 2>/dev/null && \
echo --disable-reloc-section))
endif
@@ -217,20 +217,20 @@ note_file_option ?= $(note_file)
ifeq ($(XEN_BUILD_PE),y)
$(TARGET).efi: prelink-efi.o $(note_file) efi.lds efi/relocs-dummy.o efi/mkreloc
$(foreach base, $(VIRT_BASE) $(ALT_BASE), \
- $(LD) $(call EFI_LDFLAGS,$(base)) -T efi.lds -N $< efi/relocs-dummy.o \
+ $(EFI_LD) $(call EFI_LDFLAGS,$(base)) -T efi.lds -N $< efi/relocs-dummy.o \
$(BASEDIR)/common/symbols-dummy.o $(note_file_option) -o $(@D)/.$(@F).$(base).0 &&) :
efi/mkreloc $(foreach base,$(VIRT_BASE) $(ALT_BASE),$(@D)/.$(@F).$(base).0) >$(@D)/.$(@F).0r.S
$(NM) -pa --format=sysv $(@D)/.$(@F).$(VIRT_BASE).0 \
| $(BASEDIR)/tools/symbols $(all_symbols) --sysv --sort >$(@D)/.$(@F).0s.S
$(MAKE) -f $(BASEDIR)/Rules.mk $(@D)/.$(@F).0r.o $(@D)/.$(@F).0s.o
$(foreach base, $(VIRT_BASE) $(ALT_BASE), \
- $(LD) $(call EFI_LDFLAGS,$(base)) -T efi.lds -N $< \
+ $(EFI_LD) $(call EFI_LDFLAGS,$(base)) -T efi.lds -N $< \
$(@D)/.$(@F).0r.o $(@D)/.$(@F).0s.o $(note_file_option) -o $(@D)/.$(@F).$(base).1 &&) :
efi/mkreloc $(foreach base,$(VIRT_BASE) $(ALT_BASE),$(@D)/.$(@F).$(base).1) >$(@D)/.$(@F).1r.S
$(NM) -pa --format=sysv $(@D)/.$(@F).$(VIRT_BASE).1 \
| $(BASEDIR)/tools/symbols $(all_symbols) --sysv --sort >$(@D)/.$(@F).1s.S
$(MAKE) -f $(BASEDIR)/Rules.mk $(@D)/.$(@F).1r.o $(@D)/.$(@F).1s.o
- $(LD) $(call EFI_LDFLAGS,$(VIRT_BASE)) -T efi.lds -N $< \
+ $(EFI_LD) $(call EFI_LDFLAGS,$(VIRT_BASE)) -T efi.lds -N $< \
$(@D)/.$(@F).1r.o $(@D)/.$(@F).1s.o $(note_file_option) -o $@
$(NM) -pa --format=sysv $(@D)/$(@F) \
| $(BASEDIR)/tools/symbols --all-symbols --xensyms --sysv --sort >$(@D)/$(@F).map

37
pkgs/applications/virtualization/xen/0005-makefile-fix-efi-mountdir-use.4.15.patch
View File

@ -1,37 +0,0 @@
EFI_MOUNTPOINT is conventionally /boot/efi or /boot/EFI or something
like that, and (on my machine) has directories within that called
{Boot, nixos, gummiboot}.
This patch does two things:
1) Xen apparently wants to put files in
$(EFI_MOUNTPOINT)/efi/$(EFI_VENDOR) - we remove the duplicate 'efi' name
because I can't see why we have it
2) Ensures the said directory exists
diff --git a/xen/Makefile b/xen/Makefile
index acb2d28891..d0763fbbe7 100644
--- a/xen/Makefile
+++ b/xen/Makefile
@@ -289,7 +289,9 @@ _install: $(TARGET)$(CONFIG_XEN_INSTALL_SUFFIX)
ln -sf $(T)-$(XEN_FULLVERSION).efi $(D)$(EFI_DIR)/$(T)-$(XEN_VERSION).efi; \
ln -sf $(T)-$(XEN_FULLVERSION).efi $(D)$(EFI_DIR)/$(T).efi; \
if [ -n '$(EFI_MOUNTPOINT)' -a -n '$(EFI_VENDOR)' ]; then \
- $(INSTALL_DATA) $(TARGET).efi $(D)$(EFI_MOUNTPOINT)/efi/$(EFI_VENDOR)/$(T)-$(XEN_FULLVERSION).efi; \
+ [ -d $(D)$(EFI_MOUNTPOINT)/$(EFI_VENDOR) ] || \
+ $(INSTALL_DIR) $(D)$(EFI_MOUNTPOINT)/$(EFI_VENDOR) ;\
+ $(INSTALL_DATA) $(TARGET).efi $(D)$(EFI_MOUNTPOINT)/$(EFI_VENDOR)/$(T)-$(XEN_FULLVERSION).efi; \
elif [ "$(D)" = "$(patsubst $(shell cd $(XEN_ROOT) && pwd)/%,%,$(D))" ]; then \
echo 'EFI installation only partially done (EFI_VENDOR not set)' >&2; \
fi; \
@@ -319,7 +321,7 @@ _uninstall:
rm -f $(D)$(DEBUG_DIR)/$(T)-$(XEN_FULLVERSION).efi.map
rm -f $(D)$(EFI_DIR)/$(T)-$(XEN_VERSION).efi
rm -f $(D)$(EFI_DIR)/$(T).efi
- rm -f $(D)$(EFI_MOUNTPOINT)/efi/$(EFI_VENDOR)/$(T)-$(XEN_FULLVERSION).efi
+ rm -f $(D)$(EFI_MOUNTPOINT)/$(EFI_VENDOR)/$(T)-$(XEN_FULLVERSION).efi
.PHONY: _debug
_debug:

183
pkgs/applications/virtualization/xen/4.15.nix
View File

@ -1,183 +0,0 @@
{ lib, callPackage, fetchurl, fetchpatch, fetchgit
, ocaml-ng
, withInternalQemu ? true
, withInternalTraditionalQemu ? true
, withInternalSeabios ? true
, withSeabios ? !withInternalSeabios, seabios
, withInternalOVMF ? false # FIXME: tricky to build
, withOVMF ? false, OVMF
, withLibHVM ? false
# xen
, python3Packages
# qemu
, udev, pciutils, xorg, SDL, pixman, acl, glusterfs, spice-protocol, usbredir
, alsa-lib, glib, python3
, ... } @ args:
assert withInternalSeabios -> !withSeabios;
assert withInternalOVMF -> !withOVMF;
assert !withLibHVM;
with lib;
# Patching XEN? Check the XSAs at
# https://xenbits.xen.org/xsa/
# and try applying all the ones we don't have yet.
let
xsa = import ./xsa-patches.nix { inherit fetchpatch; };
qemuMemfdBuildFix = fetchpatch {
name = "xen-4.8-memfd-build-fix.patch";
url = "https://github.com/qemu/qemu/commit/75e5b70e6b5dcc4f2219992d7cffa462aa406af0.patch";
sha256 = "0gaz93kb33qc0jx6iphvny0yrd17i8zhcl3a9ky5ylc2idz0wiwa";
};
qemuDeps = [
udev pciutils xorg.libX11 SDL pixman acl glusterfs spice-protocol usbredir
alsa-lib glib python3
];
in
callPackage (import ./generic.nix (rec {
version = "4.15.1";
src = fetchurl {
url = "https://downloads.xenproject.org/release/xen/${version}/xen-${version}.tar.gz";
sha256 = "1rmc7gb72xwhr3h9rc3bkac41s8kjjzz45miwdq6yalyq7j7vss5";
};
# Sources needed to build tools and firmwares.
xenfiles = optionalAttrs withInternalQemu {
qemu-xen = {
src = fetchgit {
url = "https://xenbits.xen.org/git-http/qemu-xen.git";
# rev = "refs/tags/qemu-xen-${version}";
# use revision hash - reproducible but must be updated with each new version
rev = "e2af2d050338c99e8436e251ad67aafb3ebbd501";
sha256 = "sha256-gVykPtzAA7tmpe6iVvnulaW+b0jD3gwL1JXC5yeIA7M=";
};
buildInputs = qemuDeps;
postPatch = ''
# needed in build but /usr/bin/env is not available in sandbox
substituteInPlace scripts/tracetool.py \
--replace "/usr/bin/env python" "${python3}/bin/python"
'';
meta.description = "Xen's fork of upstream Qemu";
};
} // optionalAttrs withInternalTraditionalQemu {
# TODO 4.15: something happened with traditional in this release?
qemu-xen-traditional = {
src = fetchgit {
url = "https://xenbits.xen.org/git-http/qemu-xen-traditional.git";
# rev = "refs/tags/xen-${version}";
# use revision hash - reproducible but must be updated with each new version
rev = "3d273dd05e51e5a1ffba3d98c7437ee84e8f8764";
sha256 = "1dc6dhjp4y2irmi9yiyw1kzmm1habyy8j1s2zkf6qyak850krqj7";
};
buildInputs = qemuDeps;
patches = [
];
postPatch = ''
substituteInPlace xen-hooks.mak \
--replace /usr/include/pci ${pciutils}/include/pci
'';
meta.description = "Xen's fork of upstream Qemu that uses old device model";
};
} // optionalAttrs withInternalSeabios {
"firmware/seabios-dir-remote" = {
src = fetchgit {
url = "https://xenbits.xen.org/git-http/seabios.git";
rev = "155821a1990b6de78dde5f98fa5ab90e802021e0";
sha256 = "sha256-F3lzr00CMAObJtpz0eZFT/rwjFx+bvlI37/JtHXP5Eo=";
};
patches = [ ./0000-qemu-seabios-enable-ATA_DMA.patch ];
meta.description = "Xen's fork of Seabios";
};
} // optionalAttrs withInternalOVMF {
"firmware/ovmf-dir-remote" = {
src = fetchgit {
url = "https://xenbits.xen.org/git-http/ovmf.git";
rev = "a3741780fe3535e19e02efa869a7cac481891129";
sha256 = "0000000000000000000000000000000000000000000000000000";
};
meta.description = "Xen's fork of OVMF";
};
} // {
# TODO: patch Xen to make this optional?
"firmware/etherboot/ipxe.git" = {
src = fetchgit {
url = "https://git.ipxe.org/ipxe.git";
rev = "988d2c13cdf0f0b4140685af35ced70ac5b3283c";
sha256 = "1pkf1n1c0rdlzfls8fvjvi1sd9xjd9ijqlyz3wigr70ijcv6x8i9";
};
meta.description = "Xen's fork of iPXE";
};
};
configureFlags = []
++ optional (!withInternalQemu) "--with-system-qemu" # use qemu from PATH
++ optional (withInternalTraditionalQemu) "--enable-qemu-traditional"
++ optional (!withInternalTraditionalQemu) "--disable-qemu-traditional"
++ optional (withSeabios) "--with-system-seabios=${seabios}/share/seabios"
++ optional (!withInternalSeabios && !withSeabios) "--disable-seabios"
++ optional (withOVMF) "--with-system-ovmf=${OVMF.firmware}"
++ optional (withInternalOVMF) "--enable-ovmf";
NIX_CFLAGS_COMPILE = toString [
# TODO 4.15: drop unneeded ones
# Fix build on Glibc 2.24.
"-Wno-error=deprecated-declarations"
# Fix build with GCC 8
"-Wno-error=maybe-uninitialized"
"-Wno-error=stringop-truncation"
"-Wno-error=format-truncation"
"-Wno-error=array-bounds"
# Fix build with GCC 9
"-Wno-error=address-of-packed-member"
"-Wno-error=format-overflow"
"-Wno-error=absolute-value"
# Fix build with GCC 10
"-Wno-error=enum-conversion"
"-Wno-error=zero-length-bounds"
# Fix build with GCC 12
# xentoollog_stubs.c:57: error: "Some_val" redefined [-Werror]
"-Wno-error"
];
patches = with xsa; flatten [
./0000-fix-ipxe-src.4.15.patch
./0000-fix-install-python.4.15.patch
./0004-makefile-use-efi-ld.4.15.patch
./0005-makefile-fix-efi-mountdir-use.4.15.patch
XSA_386
];
postPatch = ''
# Avoid a glibc >= 2.25 deprecation warnings that get fatal via -Werror.
sed 1i'#include <sys/sysmacros.h>' \
-i tools/libs/light/libxl_device.c
# Fix missing pkg-config dir
mkdir -p tools/pkg-config
'';
preBuild = ''
# PKG_CONFIG env var collides with variables used in tools Makefiles.
unset PKG_CONFIG
'';
passthru = {
qemu-system-i386 = if withInternalQemu
then "lib/xen/bin/qemu-system-i386"
else throw "this xen has no qemu builtin";
};
})) ({
ocamlPackages = ocaml-ng.ocamlPackages_4_14;
} // args)

8
pkgs/applications/virtualization/xen/0000-fix-ipxe-src.4.15.patch → pkgs/applications/virtualization/xen/4.16/0000-xen-ipxe-src-4.16.patch
View File

@ -1,21 +1,21 @@
hack to make etherboot use prefetched ipxe
Hack to make etherboot use pre-fetched iPXE.
diff --git a/tools/firmware/etherboot/Makefile b/tools/firmware/etherboot/Makefile
index ed9e11305f..979a3acea8 100644
--- a/tools/firmware/etherboot/Makefile
+++ b/tools/firmware/etherboot/Makefile
@@ -16,6 +16,7 @@ IPXE_TARBALL_URL ?= $(XEN_EXTFILES_URL)/ipxe-git-$(IPXE_GIT_TAG).tar.gz
D=ipxe
T=ipxe.tar.gz
+G=ipxe.git
ROMS = $(addprefix $D/src/bin/, $(addsuffix .rom, $(ETHERBOOT_NICS)))
ROM = $D/src/bin/ipxe.bin
@@ -41,9 +42,9 @@ $T:
fi
mv _$T $T
-$D/src/arch/i386/Makefile: $T Config
- rm -rf $D
- gzip -dc $T | tar xf -

49
pkgs/applications/virtualization/xen/4.16/default.nix Normal file
View File

@ -0,0 +1,49 @@
{
lib,
fetchpatch,
callPackage,
ocaml-ng,
...
}@genericDefinition:
let
upstreamPatches = import ../patches.nix {
inherit lib;
inherit fetchpatch;
};
upstreamPatchList = lib.lists.flatten [ upstreamPatches.XSA_458 ];
in
callPackage (import ../generic.nix {
branch = "4.16";
version = "4.16.6";
latest = false;
pkg = {
xen = {
rev = "4b33780de790bd438dd7cbb6143b410d94f0f049";
hash = "sha256-2kcmfKwBo3w1U5CSxLSYSteqvzcJaB+cA7keVb3amyA=";
patches = [ ./0000-xen-ipxe-src-4.16.patch ] ++ upstreamPatchList;
};
qemu = {
rev = "c02cb236b5e4a76cf74e641cc35a0e3ebd3e52f3";
hash = "sha256-LwlPry04az9QQowaDG2la8PYlGOUMbZaQAsCHxj+pwM=";
patches = [ ];
};
seaBIOS = {
rev = "d239552ce7220e448ae81f41515138f7b9e3c4db";
hash = "sha256-UKMceJhIprN4/4Xe4EG2EvKlanxVcEi5Qcrrk3Ogiik=";
patches = [ ];
};
ovmf = {
rev = "7b4a99be8a39c12d3a7fc4b8db9f0eab4ac688d5";
hash = "sha256-Qq2RgktCkJZBsq6Ch+6tyRHhme4lfcN7d2oQfxwhQt8=";
patches = [ ];
};
ipxe = {
rev = "3c040ad387099483102708bb1839110bc788cefb";
hash = "sha256-y2QdZEoGsGUQjrrvD8YRa8VoqcZSr4tjLM//I/MrsLI=";
patches = [ ];
};
};
}) ({ ocamlPackages = ocaml-ng.ocamlPackages_4_14; } // genericDefinition)

27
pkgs/applications/virtualization/xen/4.17/0000-xen-ipxe-src-4.17.patch Normal file
View File

@ -0,0 +1,27 @@
Hack to make etherboot use pre-fetched iPXE.
diff --git a/tools/firmware/etherboot/Makefile b/tools/firmware/etherboot/Makefile
index ed9e11305f..979a3acea8 100644
--- a/tools/firmware/etherboot/Makefile
+++ b/tools/firmware/etherboot/Makefile
@@ -16,6 +16,7 @@ IPXE_TARBALL_URL ?= $(XEN_EXTFILES_URL)/ipxe-git-$(IPXE_GIT_TAG).tar.gz
D=ipxe
T=ipxe.tar.gz
+G=ipxe.git
ROMS = $(addprefix $D/src/bin/, $(addsuffix .rom, $(ETHERBOOT_NICS)))
ROM = $D/src/bin/ipxe.bin
@@ -41,9 +42,9 @@ $T:
fi
mv _$T $T
-$D/src/arch/i386/Makefile: $T Config
- rm -rf $D
- gzip -dc $T | tar xf -
+$D/src/arch/i386/Makefile: $G Config
+ mkdir $D
+ cp -a $G/* $D
for i in $$(cat patches/series) ; do \
patch -d $D -p1 --quiet <patches/$$i || exit 1 ; \
done

52
pkgs/applications/virtualization/xen/4.17/default.nix Normal file
View File

@ -0,0 +1,52 @@
{
lib,
fetchpatch,
callPackage,
ocaml-ng,
...
}@genericDefinition:
let
upstreamPatches = import ../patches.nix {
inherit lib;
inherit fetchpatch;
};
upstreamPatchList = lib.lists.flatten [
upstreamPatches.QUBES_REPRODUCIBLE_BUILDS
upstreamPatches.XSA_458
];
in
callPackage (import ../generic.nix {
branch = "4.17";
version = "4.17.4";
latest = false;
pkg = {
xen = {
rev = "d530627aaa9b6e03c7f911434bb342fca3d13300";
hash = "sha256-4ltQUzo4XPzGT/7fGt1hnNMqBQBVF7VP+WXD9ZaJcGo=";
patches = [ ./0000-xen-ipxe-src-4.17.patch ] ++ upstreamPatchList;
};
qemu = {
rev = "ffb451126550b22b43b62fb8731a0d78e3376c03";
hash = "sha256-G0hMPid9d3fd1jAY7CiZ33xUZf1hdy96T1VUKFGeHSk=";
patches = [ ];
};
seaBIOS = {
rev = "d239552ce7220e448ae81f41515138f7b9e3c4db";
hash = "sha256-UKMceJhIprN4/4Xe4EG2EvKlanxVcEi5Qcrrk3Ogiik=";
patches = [ ];
};
ovmf = {
rev = "7b4a99be8a39c12d3a7fc4b8db9f0eab4ac688d5";
hash = "sha256-Qq2RgktCkJZBsq6Ch+6tyRHhme4lfcN7d2oQfxwhQt8=";
patches = [ ];
};
ipxe = {
rev = "1d1cf74a5e58811822bee4b3da3cff7282fcdfca";
hash = "sha256-8pwoPrmkpL6jIM+Y/C0xSvyrBM/Uv0D1GuBwNm+0DHU=";
patches = [ ];
};
};
}) ({ ocamlPackages = ocaml-ng.ocamlPackages_4_14; } // genericDefinition)

27
pkgs/applications/virtualization/xen/4.18/0000-xen-ipxe-src-4.18.patch Normal file
View File

@ -0,0 +1,27 @@
Hack to make etherboot use pre-fetched iPXE.
diff --git a/tools/firmware/etherboot/Makefile b/tools/firmware/etherboot/Makefile
index ed9e11305f..979a3acea8 100644
--- a/tools/firmware/etherboot/Makefile
+++ b/tools/firmware/etherboot/Makefile
@@ -16,6 +16,7 @@ IPXE_TARBALL_URL ?= $(XEN_EXTFILES_URL)/ipxe-git-$(IPXE_GIT_TAG).tar.gz
D=ipxe
T=ipxe.tar.gz
+G=ipxe.git
ROMS = $(addprefix $D/src/bin/, $(addsuffix .rom, $(ETHERBOOT_NICS)))
ROM = $D/src/bin/ipxe.bin
@@ -41,9 +42,9 @@ $T:
fi
mv _$T $T
-$D/src/arch/i386/Makefile: $T Config
- rm -rf $D
- gzip -dc $T | tar xf -
+$D/src/arch/i386/Makefile: $G Config
+ mkdir $D
+ cp -a $G/* $D
for i in $$(cat patches/series) ; do \
patch -d $D -p1 --quiet <patches/$$i || exit 1 ; \
done

52
pkgs/applications/virtualization/xen/4.18/default.nix Normal file
View File

@ -0,0 +1,52 @@
{
lib,
fetchpatch,
callPackage,
ocaml-ng,
...
}@genericDefinition:
let
upstreamPatches = import ../patches.nix {
inherit lib;
inherit fetchpatch;
};
upstreamPatchList = lib.lists.flatten [
upstreamPatches.QUBES_REPRODUCIBLE_BUILDS
upstreamPatches.XSA_458
];
in
callPackage (import ../generic.nix {
branch = "4.18";
version = "4.18.2";
latest = false;
pkg = {
xen = {
rev = "d152a0424677d8b78e00ed1270a583c5dafff16f";
hash = "sha256-pHCjj+Bcy4xQfB9xHU9fccFwVdP2DXrUhdszwGvrdmY=";
patches = [ ./0000-xen-ipxe-src-4.18.patch ] ++ upstreamPatchList;
};
qemu = {
rev = "0df9387c8983e1b1e72d8c574356f572342c03e6";
hash = "sha256-BX+LXfNzwdUMALwwI1ZDW12dJ357oynjnrboLHREDGQ=";
patches = [ ];
};
seaBIOS = {
rev = "ea1b7a0733906b8425d948ae94fba63c32b1d425";
hash = "sha256-J2FuT+FXn9YoFLSfxDOxyKZvKrys59a6bP1eYvEXVNU=";
patches = [ ];
};
ovmf = {
rev = "ba91d0292e593df8528b66f99c1b0b14fadc8e16";
hash = "sha256-htOvV43Hw5K05g0SF3po69HncLyma3BtgpqYSdzRG4s=";
patches = [ ];
};
ipxe = {
rev = "1d1cf74a5e58811822bee4b3da3cff7282fcdfca";
hash = "sha256-8pwoPrmkpL6jIM+Y/C0xSvyrBM/Uv0D1GuBwNm+0DHU=";
patches = [ ];
};
};
}) ({ ocamlPackages = ocaml-ng.ocamlPackages_4_14; } // genericDefinition)

27
pkgs/applications/virtualization/xen/4.19/0000-xen-ipxe-src-4.19.patch Normal file
View File

@ -0,0 +1,27 @@
Hack to make etherboot use pre-fetched iPXE.
diff --git a/tools/firmware/etherboot/Makefile b/tools/firmware/etherboot/Makefile
index ed9e11305f..979a3acea8 100644
--- a/tools/firmware/etherboot/Makefile
+++ b/tools/firmware/etherboot/Makefile
@@ -16,6 +16,7 @@ IPXE_TARBALL_URL ?= $(XEN_EXTFILES_URL)/ipxe-git-$(IPXE_GIT_TAG).tar.gz
D=ipxe
T=ipxe.tar.gz
+G=ipxe.git
ROMS = $(addprefix $D/src/bin/, $(addsuffix .rom, $(ETHERBOOT_NICS)))
ROM = $D/src/bin/ipxe.bin
@@ -41,9 +42,9 @@ $T:
fi
mv _$T $T
-$D/src/arch/i386/Makefile: $T Config
- rm -rf $D
- gzip -dc $T | tar xf -
+$D/src/arch/i386/Makefile: $G Config
+ mkdir $D
+ cp -a $G/* $D
for i in $$(cat patches/series) ; do \
patch -d $D -p1 --quiet <patches/$$i || exit 1 ; \
done

49
pkgs/applications/virtualization/xen/4.19/default.nix Normal file
View File

@ -0,0 +1,49 @@
{
lib,
fetchpatch,
callPackage,
ocaml-ng,
...
}@genericDefinition:
let
upstreamPatches = import ../patches.nix {
inherit lib;
inherit fetchpatch;
};
upstreamPatchList = lib.lists.flatten [ upstreamPatches.QUBES_REPRODUCIBLE_BUILDS ];
in
callPackage (import ../generic.nix {
branch = "4.19";
version = "4.19.0";
latest = true;
pkg = {
xen = {
rev = "026c9fa29716b0ff0f8b7c687908e71ba29cf239";
hash = "sha256-Q6x+2fZ4ITBz6sKICI0NHGx773Rc919cl+wzI89UY+Q=";
patches = [ ./0000-xen-ipxe-src-4.19.patch ] ++ upstreamPatchList;
};
qemu = {
rev = "0df9387c8983e1b1e72d8c574356f572342c03e6";
hash = "sha256-BX+LXfNzwdUMALwwI1ZDW12dJ357oynjnrboLHREDGQ=";
patches = [ ];
};
seaBIOS = {
rev = "a6ed6b701f0a57db0569ab98b0661c12a6ec3ff8";
hash = "sha256-hWemj83cxdY8p+Jhkh5GcPvI0Sy5aKYZJCsKDjHTUUk=";
patches = [ ];
};
ovmf = {
rev = "ba91d0292e593df8528b66f99c1b0b14fadc8e16";
hash = "sha256-htOvV43Hw5K05g0SF3po69HncLyma3BtgpqYSdzRG4s=";
patches = [ ];
};
ipxe = {
rev = "1d1cf74a5e58811822bee4b3da3cff7282fcdfca";
hash = "sha256-8pwoPrmkpL6jIM+Y/C0xSvyrBM/Uv0D1GuBwNm+0DHU=";
patches = [ ];
};
};
}) ({ ocamlPackages = ocaml-ng.ocamlPackages_4_14; } // genericDefinition)

195
pkgs/applications/virtualization/xen/README.md Normal file
View File

@ -0,0 +1,195 @@
<p align="center">
<a href="https://xenproject.org/">
<picture>
<source
media="(prefers-color-scheme: light)"
srcset="https://downloads.xenproject.org/Branding/Logos/Green+Black/xen_project_logo_dualcolor_2000x832.png">
<source
media="(prefers-color-scheme: dark)"
srcset="https://xenproject.org/wp-content/uploads/sites/79/2018/09/logo_xenproject.png">
<img
src="https://downloads.xenproject.org/Branding/Logos/Green+Black/xen_project_logo_dualcolor_2000x832.png"
width="512px"
alt="Xen Project Logo">
</picture>
</a>
</p>
# Xen Hypervisor <a href="https://xenproject.org/"><img src="https://downloads.xenproject.org/Branding/Mascots/Xen-Fu-Panda-2000px.png" width="48px" align="top" alt="Xen Fu Panda"></a>
This directory includes the build recipes for the [Xen Hypervisor](https://xenproject.org/).
Some other notable packages that compose the Xen Ecosystem include:
- `ocamlPackages.xenstore`: Mirage's `oxenstore` implementation.
- `ocamlPackages.vchan`: Mirage's `xen-vchan` implementation.
- `ocamlPackages.xenstore-tool`: XAPI's `oxenstore` utilities.
- `xen-guest-agent`: Guest drivers for UNIX domUs.
- `win-pvdrivers`: Guest drivers for Windows domUs.
## Updating
### Automatically
An automated update script is available in this directory. To produce up-to-date
files for all supported Xen branches, simply run `./update.sh`, and follow the
instructions given to you by the script. Notably, it will request that you verify
the Xen Project code signing PGP key. This README understands that the fingerprint
of that key is [`23E3 222C 145F 4475 FA80 60A7 83FE 14C9 57E8 2BD9`](https://keys.openpgp.org/search?q=pgp%40xen.org),
but you should verify this information by seeking the fingerprint from other trusted
sources, as this document may be compromised. Once the PGP key is verified, it will
use `git verify-tag` to ascertain the validity of the cloned Xen sources.
After the script is done, follow the steps in [**For Both Update Methods**](#for-both-update-methods) below.
#### Downstream Patch Names
The script expects local patch names to follow a certain specification.
Please name any required patches using the template below:
```console
0000-project-description-branch.patch
```
Where:
1. The first four numbers define the patch order.
**0001** will be applied after **0000**, and so on.
1. `project` means the name of the source the patch should be applied to.
- If you are applying patches to the main Xen sources, use `xen`.
- For the pre-fetched QEMU, use `qemu`.
- For SeaBIOS, use `seabios`.
- For OVMF, use `ovmf`.
- For iPXE, use `ipxe`.
1. `description` is a string with uppercase and lowercase letters, numbers and
dashes. It describes the patch name and what it does to the upstream code.
1. `branch` is the branch for which this patch is supposed to patch.
It should match the name of the directory it is in.
For example, a patch fixing `xentop`'s output in the 4.15 branch should have
the following name: `0000-xen-xentop-output-4.15.patch`, and it should be added
to the `4.15/` directory.
### Manually
The script is not infallible, and it may break in the future. If that happens,
open a PR fixing the script, and update Xen manually:
1. Check the support matrix to see which branches are security-supported.
1. Create one directory per branch.
1. [Update](https://xenbits.xenproject.org/gitweb/) the `default.nix` files for
the branches that already exist and copy a new one to any branches that do
not yet exist in Nixpkgs.
- Do not forget to set the `branch`, `version`, and `latest` attributes for
each of the `default.nix` files.
- The revisions are preferably commit hashes, but tag names are acceptable
as well.
### For Both Update Methods
1. Make sure all branches build. (Both the `standard` and `slim` versions)
1. Use the NixOS module to test if dom0 boots successfully on all new versions.
1. Clean up your changes and commit them, making sure to follow the
[Nixpkgs Contribution Guidelines](../../../../CONTRIBUTING.md).
1. Open a PR and await a review from the current maintainers.
## Features
### Pre-fetched Sources
On a typical Xen build, the Xen Makefiles will fetch more required sources with
`git` and `wget`. Due to the Nix Sandbox, build-time fetching will fail, so we
pre-fetch the required sources before building.[^1] To accomplish this, we have
a `prefetchedSources` attribute that contains the required derivations, if they
are requested by the main Xen build.
### EFI
Building `xen.efi` requires an `ld` with PE support.[^2]
We use a `makeFlag` to override the `$LD` environment variable to point to our
patched `efiBinutils`. For more information, see the comment in `./generic.nix`.
> [!TIP]
> If you are certain you will not be running Xen in an x86 EFI environment, disable
the `withEFI` flag with an [override](https://nixos.org/manual/nixpkgs/stable/#chap-overrides)
to save you the need to compile `efiBinutils`.
### Default Overrides
By default, Xen also builds
[QEMU](https://www.qemu.org/),
[SeaBIOS](https://www.seabios.org/SeaBIOS),
[OVMF](https://github.com/tianocore/tianocore.github.io/wiki/OVMF) and
[iPXE](https://ipxe.org/).
- QEMU is used for stubdomains and handling devices.
- SeaBIOS is the default legacy BIOS ROM for HVM domains.
- OVMF is the default UEFI ROM for HVM domains.
- iPXE provides a PXE boot environment for HVMs.
However, those packages are already available on Nixpkgs, and Xen does not
necessarily need to build them into the main hypervisor build. For this reason,
we also have the `withInternal<Component>` flags, which enables and disables
building those built-in components. The two most popular Xen configurations will
be the default build, with all built-in components, and a `slim` build, with none
of those components. To simplify this process, the `./packages.nix` file includes
the `xen-slim` package overrides that have all `withInternal<Component>` flags
disabled. See the `meta.longDescription` attribute for the `xen-slim` packages
for more information.
## Security
We aim to support all **security-supported** versions of Xen at any given time.
See the [Xen Support Matrix](https://xenbits.xen.org/docs/unstable/support-matrix.html)
for a list of versions. As soon as a version is no longer **security-supported**,
it should be removed from Nixpkgs.
> [!CAUTION]
> Pull requests that introduce XSA patches
should have the `1.severity: security` label.
### Maintainers
Xen is a particularly complex piece of software, so we are always looking for new
maintainers. Help out by [making and triaging issues](https://github.com/NixOS/nixpkgs/issues/new/choose),
[sending build fixes and improvements through PRs](https://github.com/NixOS/nixpkgs/compare),
updating the branches, and [patching security flaws](https://xenbits.xenproject.org/xsa/).
We are also looking for testers, particularly those who can test Xen on AArch64
machines. Open issues for any build failures or runtime errors you find!
## Tests
So far, we only have had one simple automated test that checks for
the correct `pkg-config` output files.
Due to Xen's nature as a type-1 hypervisor, it is not a trivial matter to design
new tests, as even basic functionality requires a machine booted in a dom0
kernel. For this reason, most testing done with this package must be done
manually in a NixOS machine with `virtualisation.xen.enable` set to `true`.
Another unfortunate thing is that none of the Xen commands have a `--version`
flag. This means that `testers.testVersion` cannot ascertain the Xen version.
The only way to verify that you have indeed built the correct version is to
boot into the freshly built Xen kernel and run `xl info`.
<p align="center">
<a href="https://xenproject.org/">
<img
src="https://downloads.xenproject.org/Branding/Mascots/Xen%20Big%20Panda%204242x3129.png"
width="96px"
alt="Xen Fu Panda">
</a>
</p>
[^1]: We also produce fake `git`, `wget` and `hostname` binaries that do nothing,
to prevent the build from failing because Xen cannot fetch the sources that
were already fetched by Nix.
[^2]: From the [Xen Documentation](https://xenbits.xenproject.org/docs/unstable/misc/efi.html):
> For x86, building `xen.efi` requires `gcc` 4.5.x or above (4.6.x or newer
recommended, as 4.5.x was probably never really tested for this purpose)
and `binutils` 2.22 or newer. Additionally, the `binutils` build must be
configured to include support for the x86_64-pep emulation (i.e.
`--enable-targets=x86_64-pep` or an option of equivalent effect should be
passed to the configure script).

880
pkgs/applications/virtualization/xen/generic.nix
View File

@ -1,265 +1,687 @@
config:
{ lib, stdenv, cmake, pkg-config, which
versionDefinition:
{
lib,
stdenv,
autoPatchelfHook,
cmake,
ninja,
pkg-config,
testers,
which,
# Xen
, bison, bzip2, checkpolicy, dev86, figlet, flex, gettext, glib
, acpica-tools, libaio, libiconv, libuuid, ncurses, openssl, perl
, xz, yajl, zlib
, python3Packages
fetchgit,
fetchFromGitHub,
# Xen Optional
, ocamlPackages
# Xen
acpica-tools,
bison,
bzip2,
dev86,
e2fsprogs,
flex,
libnl,
libuuid,
lzo,
ncurses,
ocamlPackages,
perl,
python311Packages,
systemdMinimal,
xz,
yajl,
zlib,
zstd,
# Scripts
, coreutils, gawk, gnused, gnugrep, diffutils, multipath-tools
, iproute2, inetutils, iptables, bridge-utils, openvswitch, nbd, drbd
, util-linux, procps, systemd
# Xen Optional
withInternalQEMU ? true,
pixman,
glib,
# Documentation
# python3Packages.markdown
, fig2dev, ghostscript, texinfo, pandoc
withInternalSeaBIOS ? true,
withSeaBIOS ? !withInternalSeaBIOS,
seabios,
, binutils-unwrapped
withInternalOVMF ? true,
withOVMF ? !withInternalOVMF,
OVMF,
nasm,
, ...} @ args:
withInternalIPXE ? true,
withIPXE ? !withInternalIPXE,
ipxe,
with lib;
withFlask ? false,
checkpolicy,
efiVendor ? "nixos", # Allow downstreams with custom branding to quickly override the EFI Vendor string.
withEFI ? true,
binutils-unwrapped,
# Documentation
fig2dev,
pandoc,
# Scripts
bridge-utils,
coreutils,
diffutils,
gawk,
gnugrep,
gnused,
inetutils,
iproute2,
iptables,
multipath-tools,
nbd,
openvswitch,
util-linux,
...
}@packageDefinition:
let
#TODO: fix paths instead
scriptEnvPath = concatMapStringsSep ":" (x: "${x}/bin") [
which perl
coreutils gawk gnused gnugrep diffutils util-linux multipath-tools
iproute2 inetutils iptables bridge-utils openvswitch nbd drbd
#TODO: fix paths instead.
scriptEnvPath = lib.strings.concatMapStringsSep ":" (x: "${x}/bin") [
bridge-utils
coreutils
diffutils
gawk
gnugrep
gnused
inetutils
iproute2
iptables
multipath-tools
nbd
openvswitch
perl
util-linux
which
];
withXenfiles = f: concatStringsSep "\n" (mapAttrsToList f config.xenfiles);
inherit (versionDefinition) branch;
inherit (versionDefinition) version;
inherit (versionDefinition) latest;
inherit (versionDefinition) pkg;
pname = "xen";
withTools = a: f: withXenfiles (name: x: optionalString (hasAttr a x) ''
echo "processing ${name}"
__do() {
cd "tools/${name}"
${f name x}
# Sources needed to build tools and firmwares.
prefetchedSources =
lib.attrsets.optionalAttrs withInternalQEMU {
qemu-xen = {
src = fetchgit {
url = "https://xenbits.xen.org/git-http/qemu-xen.git";
fetchSubmodules = true;
inherit (pkg.qemu) rev;
inherit (pkg.qemu) hash;
};
patches = lib.lists.optionals (lib.attrsets.hasAttrByPath [ "patches" ] pkg.qemu) pkg.qemu.patches;
postPatch = ''
substituteInPlace scripts/tracetool.py \
--replace-fail "/usr/bin/env python" "${python311Packages.python}/bin/python"
'';
};
}
( __do )
'');
// lib.attrsets.optionalAttrs withInternalSeaBIOS {
"firmware/seabios-dir-remote" = {
src = fetchgit {
url = "https://xenbits.xen.org/git-http/seabios.git";
inherit (pkg.seaBIOS) rev;
inherit (pkg.seaBIOS) hash;
};
patches = lib.lists.optionals (lib.attrsets.hasAttrByPath [
"patches"
] pkg.seaBIOS) pkg.seaBIOS.patches;
};
}
// lib.attrsets.optionalAttrs withInternalOVMF {
"firmware/ovmf-dir-remote" = {
src = fetchgit {
url = "https://xenbits.xen.org/git-http/ovmf.git";
fetchSubmodules = true;
inherit (pkg.ovmf) rev;
inherit (pkg.ovmf) hash;
};
patches = lib.lists.optionals (lib.attrsets.hasAttrByPath [ "patches" ] pkg.ovmf) pkg.ovmf.patches;
postPatch = ''
substituteInPlace \
OvmfPkg/build.sh BaseTools/BinWrappers/PosixLike/{AmlToC,BrotliCompress,build,GenFfs,GenFv,GenFw,GenSec,LzmaCompress,TianoCompress,Trim,VfrCompile} \
--replace-fail "/usr/bin/env bash" ${stdenv.shell}
'';
};
}
// lib.attrsets.optionalAttrs withInternalIPXE {
"firmware/etherboot/ipxe.git" = {
src = fetchFromGitHub {
owner = "ipxe";
repo = "ipxe";
inherit (pkg.ipxe) rev;
inherit (pkg.ipxe) hash;
};
patches = lib.lists.optionals (lib.attrsets.hasAttrByPath [ "patches" ] pkg.ipxe) pkg.ipxe.patches;
};
};
withPrefetchedSources =
sourcePkg: lib.strings.concatLines (lib.attrsets.mapAttrsToList sourcePkg prefetchedSources);
# We don't want to use the wrapped version, because this version of ld is
# only used for linking the Xen EFI binary, and the build process really
# needs control over the LDFLAGS used
# Sometimes patches are sourced through a path, like ./0000-xen.patch.
# This would break the patch attribute parser functions, so we normalise
# all patches sourced through paths by setting them to a { type = "path"; }
# attribute set.
# Patches from fetchpatch are already attribute sets.
normalisedPatchList = builtins.map (
patch:
if !builtins.isAttrs patch then
if builtins.isPath patch then
{ type = "path"; }
else
throw "xen/generic.nix: normalisedPatchList attempted to normalise something that is not a Path or an Attribute Set."
else
patch
) pkg.xen.patches;
# Simple counter for the number of attrsets (patches) in the patches list after normalisation.
numberOfPatches = lib.lists.count (patch: builtins.isAttrs patch) normalisedPatchList;
# builtins.elemAt's index begins at 0, so we subtract 1 from the number of patches in order to
# produce the range that will be used in the following builtin.map calls.
availablePatchesToTry = lib.lists.range 0 (numberOfPatches - 1);
# Takes in an attrByPath input, and outputs the attribute value for each patch in a list.
# If a patch does not have a given attribute, returns `null`. Use lib.lists.remove null
# to remove these junk values, if necessary.
retrievePatchAttributes =
attributeName:
builtins.map (
x: lib.attrsets.attrByPath attributeName null (builtins.elemAt normalisedPatchList x)
) availablePatchesToTry;
# Produces a list of newline-separated strings that lists the vulnerabilities this
# Xen is NOT affected by, due to the applied Xen Security Advisory patches. This is
# then used in meta.longDescription, to let users know their Xen is patched against
# known vulnerabilities, as the package version isn't always the best indicator.
#
# Produces something like this: (one string for each XSA)
# * [Xen Security Advisory #1](https://xenbits.xenproject.org/xsa/advisory-1.html): **Title for XSA.**
# >Description of issue in XSA
#Extra lines
#are not indented,
#but markdown should be
#fine with it.
# Fixes:
# * [CVE-1999-00001](https://www.cve.org/CVERecord?id=CVE-1999-00001)
# * [CVE-1999-00002](https://www.cve.org/CVERecord?id=CVE-1999-00002)
# * [CVE-1999-00003](https://www.cve.org/CVERecord?id=CVE-1999-00003)
writeAdvisoryDescription =
if (lib.lists.remove null (retrievePatchAttributes [ "xsa" ]) != [ ]) then
lib.lists.zipListsWith (a: b: a + b)
(lib.lists.zipListsWith (a: b: a + "**" + b + ".**\n >")
(lib.lists.zipListsWith (a: b: "* [Xen Security Advisory #" + a + "](" + b + "): ")
(lib.lists.remove null (retrievePatchAttributes [ "xsa" ]))
(
lib.lists.remove null (retrievePatchAttributes [
"meta"
"homepage"
])
)
)
(
lib.lists.remove null (retrievePatchAttributes [
"meta"
"description"
])
)
)
(
lib.lists.remove null (retrievePatchAttributes [
"meta"
"longDescription"
])
)
else
[ ];
withTools =
attr: file:
withPrefetchedSources (
name: source:
lib.strings.optionalString (builtins.hasAttr attr source) ''
echo "processing ${name}"
__do() {
cd "tools/${name}"
${file name source}
}
( __do )
''
);
# Originally, there were two versions of binutils being used: the standard one and
# this patched one. Unfortunately, that required patches to the Xen Makefiles, and
# quickly became too complex to maintain. The new solution is to simply build this
# efi-binutils derivation and use it for the whole build process, except if
# enableEFI is disabled; it'll then use `binutils`.
efiBinutils = binutils-unwrapped.overrideAttrs (oldAttrs: {
name = "efi-binutils";
configureFlags = oldAttrs.configureFlags ++ [
"--enable-targets=x86_64-pep"
];
doInstallCheck = false; # We get a spurious failure otherwise, due to host/target mis-match
configureFlags = oldAttrs.configureFlags ++ [ "--enable-targets=x86_64-pep" ];
doInstallCheck = false; # We get a spurious failure otherwise, due to a host/target mismatch.
});
in
stdenv.mkDerivation (rec {
inherit (config) version;
stdenv.mkDerivation (finalAttrs: {
inherit pname;
inherit version;
name = "xen-${version}";
outputs = [
"out" # TODO: Split $out in $bin for binaries and $lib for libraries.
"man" # Manual pages for Xen userspace utilities.
"dev" # Development headers.
"boot" # xen.gz kernel, policy file if Flask is enabled, xen.efi if EFI is enabled.
];
dontUseCmakeConfigure = true;
# Main Xen source.
src = fetchgit {
url = "https://xenbits.xen.org/git-http/xen.git";
inherit (pkg.xen) rev;
inherit (pkg.xen) hash;
};
hardeningDisable = [ "stackprotector" "fortify" "pic" ];
# Gets the patches from the pkg.xen.patches attribute from the versioned files.
patches = lib.lists.optionals (lib.attrsets.hasAttrByPath [ "patches" ] pkg.xen) pkg.xen.patches;
nativeBuildInputs = [ pkg-config cmake ];
buildInputs = [
which
nativeBuildInputs =
[
autoPatchelfHook
bison
cmake
fig2dev
flex
pandoc
pkg-config
]
++ lib.lists.optionals withInternalQEMU [
ninja
python311Packages.sphinx
];
buildInputs =
[
# Xen
acpica-tools
bzip2
dev86
e2fsprogs.dev
libnl
libuuid
lzo
ncurses
perl
python311Packages.python
xz
yajl
zlib
zstd
# Xen
bison bzip2 checkpolicy dev86 figlet flex gettext glib acpica-tools libaio
libiconv libuuid ncurses openssl perl python3Packages.python xz yajl zlib
# oxenstored
ocamlPackages.findlib
ocamlPackages.ocaml
systemdMinimal
# oxenstored
ocamlPackages.findlib ocamlPackages.ocaml systemd
# Python Fixes
python311Packages.wrapPython
]
++ lib.lists.optionals withInternalQEMU [
glib
pixman
]
++ lib.lists.optional withInternalOVMF nasm
++ lib.lists.optional withFlask checkpolicy;
# Python fixes
python3Packages.wrapPython
configureFlags =
[ "--enable-systemd" ]
++ lib.lists.optional (!withInternalQEMU) "--with-system-qemu"
# Documentation
python3Packages.markdown fig2dev ghostscript texinfo pandoc
++ lib.lists.optional withSeaBIOS "--with-system-seabios=${seabios}/share/seabios"
++ lib.lists.optional (!withInternalSeaBIOS && !withSeaBIOS) "--disable-seabios"
# Others
] ++ (concatMap (x: x.buildInputs or []) (attrValues config.xenfiles))
++ (config.buildInputs or []);
++ lib.lists.optional withOVMF "--with-system-ovmf=${OVMF.firmware}"
++ lib.lists.optional withInternalOVMF "--enable-ovmf"
prePatch = ''
### Generic fixes
++ lib.lists.optional withIPXE "--with-system-ipxe=${ipxe}"
++ lib.lists.optional withInternalIPXE "--enable-ipxe";
# Xen's stubdoms, tools and firmwares need various sources that
# are usually fetched at build time using wget and git. We can't
# have that, so we prefetch them in nix-expression and setup
# fake wget and git for debugging purposes.
makeFlags =
[
"PREFIX=$(out)"
"CONFIG_DIR=/etc"
"XEN_EXTFILES_URL=\\$(XEN_ROOT)/xen_ext_files"
"XEN_SCRIPT_DIR=$(CONFIG_DIR)/xen/scripts"
"BASH_COMPLETION_DIR=$(PREFIX)/share/bash-completion/completions"
]
++ lib.lists.optionals withEFI [
"EFI_VENDOR=${efiVendor}"
"INSTALL_EFI_STRIP=1"
"LD=${efiBinutils}/bin/ld" # See the comment in the efiBinutils definition above.
]
# These flags set the CONFIG_* options in /boot/xen.config
# and define if the default policy file is built. However,
# the Flask binaries always get compiled by default.
++ lib.lists.optionals withFlask [
"XSM_ENABLE=y"
"FLASK_ENABLE=y"
]
++ (pkg.xen.makeFlags or [ ]);
mkdir fake-bin
# Fake git: just print what it wants and die
cat > fake-bin/wget << EOF
#!${stdenv.shell} -e
echo ===== FAKE WGET: Not fetching \$*
[ -e \$3 ]
EOF
# Fake git: just print what it wants and die
cat > fake-bin/git << EOF
#!${stdenv.shell}
echo ===== FAKE GIT: Not cloning \$*
[ -e \$3 ]
EOF
chmod +x fake-bin/*
export PATH=$PATH:$PWD/fake-bin
# Remove in-tree qemu stuff in case we build from a tar-ball
rm -rf tools/qemu-xen tools/qemu-xen-traditional
# Fix shebangs, mainly for build-scripts
# We want to do this before getting prefetched stuff to speed things up
# (prefetched stuff has lots of files)
find . -type f | xargs sed -i 's@/usr/bin/\(python\|perl\)@/usr/bin/env \1@g'
find . -type f -not -path "./tools/hotplug/Linux/xendomains.in" \
| xargs sed -i 's@/bin/bash@${stdenv.shell}@g'
# Get prefetched stuff
${withXenfiles (name: x: ''
echo "${x.src} -> tools/${name}"
cp -r ${x.src} tools/${name}
chmod -R +w tools/${name}
'')}
'';
patches = [
] ++ (config.patches or []);
postPatch = ''
### Hacks
# Work around a bug in our GCC wrapper: `gcc -MF foo -v' doesn't
# print the GCC version number properly.
substituteInPlace xen/Makefile \
--replace '$(CC) $(CFLAGS) -v' '$(CC) -v'
# Hack to get `gcc -m32' to work without having 32-bit Glibc headers.
mkdir -p tools/include/gnu
touch tools/include/gnu/stubs-32.h
### Fixing everything else
substituteInPlace tools/libfsimage/common/fsimage_plugin.c \
--replace /usr $out
substituteInPlace tools/misc/xenpvnetboot \
--replace /usr/sbin/mount ${util-linux}/bin/mount \
--replace /usr/sbin/umount ${util-linux}/bin/umount
substituteInPlace tools/xenmon/xenmon.py \
--replace /usr/bin/pkill ${procps}/bin/pkill
${optionalString (builtins.compareVersions config.version "4.8" >= 0) ''
substituteInPlace tools/hotplug/Linux/launch-xenstore.in \
--replace /bin/mkdir mkdir
''}
${optionalString (builtins.compareVersions config.version "4.6" < 0) ''
# TODO: use this as a template and support our own if-up scripts instead?
substituteInPlace tools/hotplug/Linux/xen-backend.rules.in \
--replace "@XEN_SCRIPT_DIR@" $out/etc/xen/scripts
# blktap is not provided by xen, but by xapi
sed -i '/blktap/d' tools/hotplug/Linux/xen-backend.rules.in
''}
${withTools "patches" (name: x: ''
${concatMapStringsSep "\n" (p: ''
echo "# Patching with ${p}"
patch -p1 < ${p}
'') x.patches}
'')}
${withTools "postPatch" (name: x: x.postPatch)}
${config.postPatch or ""}
'';
postConfigure = ''
substituteInPlace tools/hotplug/Linux/xendomains \
--replace /bin/ls ls
'';
EFI_LD = "${efiBinutils}/bin/ld";
EFI_VENDOR = "nixos";
# TODO: Flask needs more testing before enabling it by default.
#makeFlags = [ "XSM_ENABLE=y" "FLASK_ENABLE=y" "PREFIX=$(out)" "CONFIG_DIR=/etc" "XEN_EXTFILES_URL=\\$(XEN_ROOT)/xen_ext_files" ];
makeFlags = [ "PREFIX=$(out) CONFIG_DIR=/etc" "XEN_SCRIPT_DIR=/etc/xen/scripts" ]
++ (config.makeFlags or []);
preBuild = ''
${config.preBuild or ""}
'';
buildFlags = [ "xen" "tools" ];
postBuild = ''
make -C docs man-pages
${withTools "buildPhase" (name: x: x.buildPhase)}
'';
installPhase = ''
mkdir -p $out $out/share $out/share/man
cp -prvd dist/install/nix/store/*/* $out/
cp -prvd dist/install/boot $out/boot
cp -prvd dist/install/etc $out
cp -dR docs/man1 docs/man5 $out/share/man/
${withTools "installPhase" (name: x: x.installPhase)}
# Hack
substituteInPlace $out/etc/xen/scripts/hotplugpath.sh \
--replace SBINDIR=\"$out/sbin\" SBINDIR=\"$out/bin\"
wrapPythonPrograms
# We also need to wrap pygrub, which lies in lib
wrapPythonProgramsIn "$out/lib" "$out $pythonPath"
shopt -s extglob
for i in $out/etc/xen/scripts/!(*.sh); do
sed -i "2s@^@export PATH=$out/bin:${scriptEnvPath}\n@" $i
done
'';
buildFlags = [
"xen" # Build the Xen Hypervisor.
"tools" # Build the userspace tools, such as `xl`.
"docs" # Build the Xen Documentation
# TODO: Enable the Stubdomains target. This requires another pre-fetched source: mini-os. Currently, Xen appears to build a limited version of stubdomains which does not include mini-os.
# "stubdom"
];
enableParallelBuilding = true;
# TODO(@oxij): Stop referencing args here
env.NIX_CFLAGS_COMPILE = builtins.toString (
[
"-Wno-error=maybe-uninitialized"
"-Wno-error=array-bounds"
]
++ lib.lists.optionals withInternalOVMF [
"-Wno-error=format-security"
"-Wno-error=use-after-free"
"-Wno-error=vla-parameter"
"-Wno-error=dangling-pointer"
"-Wno-error=stringop-overflow"
]
);
dontUseCmakeConfigure = true;
dontUseNinjaBuild = withInternalQEMU;
prePatch =
# Xen's stubdoms, tools and firmwares need various sources that
# are usually fetched at build time using wget and git. We can't
# have that, so we pre-fetch them in the versioned Nix expressions,
# and produce fake wget and git executables for debugging purposes.
#
# We also produce a fake hostname executable to prevent spurious
# command-not-found errors during compilation.
#
# The snippet below produces executables that simply print in stdout
# what they were supposed to fetch, and exit gracefully.
''
mkdir fake-bin
cat > fake-bin/wget << EOF
#!${stdenv.shell} -e
echo ===== FAKE WGET: Not fetching \$*
[ -e \$3 ]
EOF
cat > fake-bin/git << EOF
#!${stdenv.shell}
echo ===== FAKE GIT: Not cloning \$*
[ -e \$3 ]
EOF
cat > fake-bin/hostname << EOF
#!${stdenv.shell}
echo ${efiVendor}
[ -e \$3 ]
EOF
chmod +x fake-bin/*
export PATH=$PATH:$PWD/fake-bin
''
# Remove in-tree QEMU sources, as we either pre-fetch them through
# the versioned Nix expressions if withInternalQEMU is true, or we
# don't build QEMU at all if withInternalQEMU is false.
+ ''
rm --recursive --force tools/qemu-xen tools/qemu-xen-traditional
''
# The following expression moves the sources we fetched in the
# versioned Nix expressions to their correct locations inside
# the Xen source tree.
+ ''
${withPrefetchedSources (
name: source: ''
echo "Copying pre-fetched source: ${source.src} -> tools/${name}"
cp --recursive ${source.src} tools/${name}
chmod --recursive +w tools/${name}
''
)}
'';
postPatch =
# The following patch forces Xen to install xen.efi on $out/boot
# instead of $out/boot/efi/efi/nixos, as the latter directory
# would otherwise need to be created manually. This also creates
# a more consistent output for downstreams who override the
# efiVendor attribute above.
''
substituteInPlace xen/Makefile \
--replace-fail "\$(D)\$(EFI_MOUNTPOINT)/efi/\$(EFI_VENDOR)/\$(T)-\$(XEN_FULLVERSION).efi" \
"\$(D)\$(BOOT_DIR)/\$(T)-\$(XEN_FULLVERSION).efi"
''
# The following patch fixes the call to /bin/mkdir on the
# launch_xenstore.sh helper script.
+ ''
substituteInPlace tools/hotplug/Linux/launch-xenstore.in \
--replace-fail "/bin/mkdir" "${coreutils}/bin/mkdir"
''
# The following expression fixes the paths called by Xen's systemd
# units, so we can use them in the NixOS module.
+ ''
substituteInPlace \
tools/hotplug/Linux/systemd/{xen-init-dom0,xen-qemu-dom0-disk-backend,xenconsoled,xendomains,xenstored}.service.in \
--replace-fail /bin/grep ${gnugrep}/bin/grep
substituteInPlace \
tools/hotplug/Linux/systemd/{xen-qemu-dom0-disk-backend,xenconsoled}.service.in \
--replace-fail "/bin/mkdir" "${coreutils}/bin/mkdir"
''
# The following expression applies the patches defined on each
# prefetchedSources attribute.
+ ''
${withTools "patches" (
name: source: ''
${lib.strings.concatMapStringsSep "\n" (patch: ''
echo "Patching with ${patch}"
patch --strip 1 < ${patch}
'') source.patches}
''
)}
${withTools "postPatch" (name: source: source.postPatch)}
${pkg.xen.postPatch or ""}
'';
preBuild = lib.lists.optionals (lib.attrsets.hasAttrByPath [ "preBuild" ] pkg.xen) pkg.xen.preBuild;
postBuild = ''
${withTools "buildPhase" (name: source: source.buildPhase)}
${pkg.xen.postBuild or ""}
'';
installPhase =
let
cpFlags = builtins.toString [
"--preserve=mode,ownership,timestamps,link"
"--recursive"
"--verbose"
"--no-dereference"
];
in
# Run the preInstall tasks.
''
runHook preInstall
''
# Create $out directories and copy build output.
+ ''
mkdir --parents $out $out/share $boot
cp ${cpFlags} dist/install/nix/store/*/* $out/
cp ${cpFlags} dist/install/etc $out
cp ${cpFlags} dist/install/boot $boot
''
# Run the postInstall tasks.
+ ''
runHook postInstall
'';
postInstall =
# Wrap xencov_split, xenmon and xentrace_format.
''
wrapPythonPrograms
''
# We also need to wrap pygrub, which lies in $out/libexec/xen/bin.
+ ''
wrapPythonProgramsIn "$out/libexec/xen/bin" "$out $pythonPath"
''
# Fix shebangs in Xen's various scripts.
#TODO: Remove any and all usage of `sed` and replace these complicated magic runes with readable code.
+ ''
shopt -s extglob
for i in $out/etc/xen/scripts/!(*.sh); do
sed --in-place "2s@^@export PATH=$out/bin:${scriptEnvPath}\n@" $i
done
''
+ ''
${withTools "installPhase" (name: source: source.installPhase)}
${pkg.xen.installPhase or ""}
'';
postFixup =
# Fix binaries in $out/lib/xen/bin.
''
addAutoPatchelfSearchPath $out/lib
autoPatchelf $out/libexec/xen/bin/
''
# Flask is particularly hard to disable. Even after
# setting the make flags to `n`, it still gets compiled.
# If withFlask is disabled, delete the extra binaries.
+ lib.strings.optionalString (!withFlask) ''
rm -f $out/bin/flask-*
'';
passthru = {
efi =
if withEFI then "boot/xen-${version}.efi" else throw "This Xen was compiled without an EFI binary.";
flaskPolicy =
if withFlask then
"boot/xenpolicy-${version}"
else
throw "This Xen was compiled without FLASK support.";
qemu-system-i386 =
if withInternalQEMU then
"libexec/xen/bin/qemu-system-i386"
else
throw "This Xen was compiled without a built-in QEMU.";
# This test suite is very simple, as Xen's userspace
# utilities require the hypervisor to be booted.
tests = {
pkg-config = testers.hasPkgConfigModules {
package = finalAttrs.finalPackage;
moduleNames = [
"xencall"
"xencontrol"
"xendevicemodel"
"xenevtchn"
"xenforeignmemory"
"xengnttab"
"xenguest"
"xenhypfs"
"xenlight"
"xenstat"
"xenstore"
"xentoolcore"
"xentoollog"
"xenvchan"
"xlutil"
];
};
};
};
meta = {
homepage = "http://www.xen.org/";
description = "Xen hypervisor and related components"
+ optionalString (args ? meta && args.meta ? description)
" (${args.meta.description})";
longDescription = (args.meta.longDescription or "")
+ "\nIncludes:\n"
+ withXenfiles (name: x: "* ${name}: ${x.meta.description or "(No description)"}.");
platforms = [ "x86_64-linux" ];
maintainers = [ ];
license = lib.licenses.gpl2;
knownVulnerabilities = [
# https://www.openwall.com/lists/oss-security/2023/03/21/1
# Affects 3.2 (at *least*) - 4.17
"CVE-2022-42332"
# https://www.openwall.com/lists/oss-security/2023/03/21/2
# Affects 4.11 - 4.17
"CVE-2022-42333"
"CVE-2022-42334"
# https://www.openwall.com/lists/oss-security/2023/03/21/3
# Affects 4.15 - 4.17
"CVE-2022-42331"
# https://xenbits.xen.org/docs/unstable/support-matrix.html
] ++ lib.optionals (lib.versionOlder version "4.15") [
"This version of Xen has reached its end of life. See https://xenbits.xen.org/docs/unstable/support-matrix.html"
inherit branch;
# Short description for Xen.
description =
"Xen Hypervisor"
# The "and related components" addition is automatically hidden if said components aren't being built.
+ lib.strings.optionalString (prefetchedSources != { }) " and related components"
# To alter the description inside the paranthesis, edit ./packages.nix.
+ lib.strings.optionalString (lib.attrsets.hasAttrByPath [
"meta"
"description"
] packageDefinition) " (${packageDefinition.meta.description})";
# Long description for Xen.
longDescription =
# Starts with the longDescription from ./packages.nix.
(packageDefinition.meta.longDescription or "")
+
lib.strings.optionalString (!withInternalQEMU)
"\nUse with `qemu_xen_${lib.stringAsChars (x: if x == "." then "_" else x) branch}`"
+ lib.strings.optionalString latest "or `qemu_xen`"
+ "."
# Then, if any of the optional with* components are being built, add the "Includes:" string.
+
lib.strings.optionalString
(
withInternalQEMU
|| withInternalSeaBIOS
|| withInternalOVMF
|| withInternalIPXE
|| withEFI
|| withFlask
)
(
"\nIncludes:\n"
# Originally, this was a call for the complicated withPrefetchedSources. Since there aren't
# that many optional components, we just use lib.strings.optionalString, because it's simpler.
# Optional components that aren't being built are automatically hidden.
+ lib.strings.optionalString withEFI "* `xen.efi`: Xen's [EFI binary](https://xenbits.xenproject.org/docs/${branch}-testing/misc/efi.html), available on the `boot` output of this package.\n"
+ lib.strings.optionalString withFlask "* `xsm-flask`: The [FLASK Xen Security Module](https://wiki.xenproject.org/wiki/Xen_Security_Modules_:_XSM-FLASK). The `xenpolicy-${version}` file is available on the `boot` output of this package.\n"
+ lib.strings.optionalString withInternalQEMU "* `qemu-xen`: Xen's mirror of [QEMU](https://www.qemu.org/).\n"
+ lib.strings.optionalString withInternalSeaBIOS "* `seabios-xen`: Xen's mirror of [SeaBIOS](https://www.seabios.org/SeaBIOS).\n"
+ lib.strings.optionalString withInternalOVMF "* `ovmf-xen`: Xen's mirror of [OVMF](https://github.com/tianocore/tianocore.github.io/wiki/OVMF).\n"
+ lib.strings.optionalString withInternalIPXE "* `ipxe-xen`: Xen's pinned version of [iPXE](https://ipxe.org/).\n"
)
# Finally, we write a notice explaining which vulnerabilities this Xen is NOT vulnerable to.
# This will hopefully give users the peace of mind that their Xen is secure, without needing
# to search the source code for the XSA patches.
+ lib.strings.optionalString (writeAdvisoryDescription != [ ]) (
"\nThis Xen (${version}) has been patched against the following known security vulnerabilities:\n"
+ lib.strings.removeSuffix "\n" (lib.strings.concatLines writeAdvisoryDescription)
);
homepage = "https://xenproject.org/";
downloadPage = "https://downloads.xenproject.org/release/xen/${version}/";
changelog = "https://wiki.xenproject.org/wiki/Xen_Project_${branch}_Release_Notes";
license = with lib.licenses; [
# Documentation.
cc-by-40
# Most of Xen is licensed under the GPL v2.0.
gpl2Only
# Xen Libraries and the `xl` command-line utility.
lgpl21Only
# Development headers in $dev/include.
mit
];
} // (config.meta or {});
} // removeAttrs config [ "xenfiles" "buildInputs" "patches" "postPatch" "meta" ])
maintainers = [ lib.maintainers.sigmasquadron ];
mainProgram = "xl";
# Evaluates to x86_64-linux.
platforms = lib.lists.intersectLists lib.platforms.linux lib.platforms.x86_64;
knownVulnerabilities = lib.lists.optionals (lib.strings.versionOlder version "4.16") [
"Xen ${version} is no longer supported by the Xen Security Team. See https://xenbits.xenproject.org/docs/unstable/support-matrix.html"
];
};
})

110
pkgs/applications/virtualization/xen/packages.nix
View File

@ -1,58 +1,68 @@
{ callPackage
}:
# TODO(@oxij) on new Xen version: generalize this to generate [vanilla slim
# light] for each ./<version>.nix.
{ callPackage }:
let
standard = {
meta = {
description = "Standard Xen";
longDescription = ''
Standard version of Xen. Uses forks of QEMU, SeaBIOS, OVMF and iPXE provided
by the Xen Project. This provides the vanilla Xen experince, but wastes space
and build time. A typical NixOS setup that runs lots of VMs will usually need
to build two different versions of QEMU when using this Xen derivation (one
fork and upstream).
'';
};
};
slim = {
meta = {
description = "Without Internal Components";
longDescription = ''
Slimmed-down version of Xen that reuses nixpkgs packages as much as possible.
Instead of using the Xen forks for various internal components, this version uses
`seabios`, `ovmf` and `ipxe` from nixpkgs. These components may ocasionally get
out of sync with the hypervisor itself, but this builds faster and uses less space
than the default derivation.
'';
};
};
in
# TODO: generalise this to automatically generate both Xen variants for each ./<version>/default.nix.
rec {
xen_4_15-vanilla = callPackage ./4.15.nix {
meta = {
description = "vanilla";
longDescription = ''
Vanilla version of Xen. Uses forks of Qemu and Seabios bundled
with Xen. This gives vanilla experince, but wastes space and
build time: typical NixOS setup that runs lots of VMs will
build three different versions of Qemu when using this (two
forks and upstream).
'';
};
xen_4_19 = callPackage ./4.19/default.nix { inherit (standard) meta; };
xen_4_19-slim = xen_4_19.override {
withInternalQEMU = false;
withInternalSeaBIOS = false;
withInternalOVMF = false;
withInternalIPXE = false;
inherit (slim) meta;
};
xen_4_15-slim = xen_4_15-vanilla.override {
withInternalQemu = false;
withInternalTraditionalQemu = true;
withInternalSeabios = false;
withSeabios = true;
meta = {
description = "slim";
longDescription = ''
Slimmed-down version of Xen that reuses nixpkgs packages as
much as possible. Different parts may get out of sync, but
this builds faster and uses less space than vanilla. Use with
`qemu_xen` from nixpkgs.
'';
};
xen_4_18 = callPackage ./4.18/default.nix { inherit (standard) meta; };
xen_4_18-slim = xen_4_18.override {
withInternalQEMU = false;
withInternalSeaBIOS = false;
withInternalOVMF = false;
withInternalIPXE = false;
inherit (slim) meta;
};
xen_4_15-light = xen_4_15-vanilla.override {
withInternalQemu = false;
withInternalTraditionalQemu = false;
withInternalSeabios = false;
withSeabios = true;
meta = {
description = "light";
longDescription = ''
Slimmed-down version of Xen without `qemu-traditional` (you
don't need it if you don't know what it is). Use with
`qemu_xen-light` from nixpkgs.
'';
};
xen_4_17 = callPackage ./4.17/default.nix { inherit (standard) meta; };
xen_4_17-slim = xen_4_17.override {
withInternalQEMU = false;
withInternalSeaBIOS = false;
withInternalOVMF = false;
withInternalIPXE = false;
inherit (slim) meta;
};
xen-vanilla = xen_4_15-vanilla;
xen-slim = xen_4_15-slim;
xen-light = xen_4_15-light;
xen_4_16 = callPackage ./4.16/default.nix { inherit (standard) meta; };
xen_4_16-slim = xen_4_16.override {
withInternalQEMU = false;
withInternalSeaBIOS = false;
withInternalOVMF = false;
withInternalIPXE = false;
inherit (slim) meta;
};
xen = xen_4_19;
xen-slim = xen_4_19-slim;
}

114
pkgs/applications/virtualization/xen/patches.nix Normal file
View File

@ -0,0 +1,114 @@
# Patching Xen? Check the XSAs at https://xenbits.xen.org/xsa/
# and try applying all the ones we haven't gotten around to
# yet, if any are necessary. Patches from other downstreams
# are also welcome if they fix important issues with vanilla Xen.
{ lib, fetchpatch }:
let
xsaPatch =
{
id,
title,
description,
type ? "xsa",
hash ? "",
cve ? null,
}:
(fetchpatch {
name =
"XSA-" + id + lib.strings.optionalString (cve != null) ("-" + builtins.concatStringsSep "+" cve);
url = "https://xenbits.xen.org/xsa/xsa${id}.patch";
inherit hash;
passthru = {
xsa = id;
inherit type;
};
meta = {
description = title;
longDescription =
description
+ "\n"
+ (
if (cve == null) then
# Why the two spaces preceding these CVE messages?
# This is parsed by writeAdvisoryDescription in generic.nix,
# and doing this was easier than messing with lib.strings even more.
" _No CVE was assigned to this XSA._"
else
" Fixes:${
lib.strings.concatMapStrings (
x: "\n * [" + x + "](https://www.cve.org/CVERecord?id=" + x + ")"
) cve
}"
);
homepage = "https://xenbits.xenproject.org/xsa/advisory-${id}.html";
};
});
qubesPatch =
{
name,
tag,
type ? "qubes",
hash ? "",
}:
(fetchpatch {
inherit name;
url = "https://raw.githubusercontent.com/QubesOS/qubes-vmm-xen/v${tag}/${name}.patch";
inherit hash;
passthru.type = type;
});
in
{
# Example patches:
#
# "XSA_100" = xsaPatch {
# id = "100";
# name = "Verbatim Title of XSA";
# cve = [ "CVE-1999-0001" "CVE-1999-0002" ]; # Not all XSAs have CVEs. This attribute is optional.
# hash = "sha256-0000000000000000000000000000000000000000000000000000";
# };
#
# "QUBES_libxl-fix-all-issues" = qubesPatch {
# name = "1000-libxl-fix-all-issues";
# tag = "4.20.0-1";
# hash = "sha256-0000000000000000000000000000000000000000000000000000";
# };
# Build reproducibility patches for Xen.
# Qubes OS has not updated them to later versions of Xen yet,
# but they appear to work on Xen 4.17.4 - 4.19.0.
QUBES_REPRODUCIBLE_BUILDS = [
(qubesPatch {
name = "1100-Define-build-dates-time-based-on-SOURCE_DATE_EPOCH";
tag = "4.17.4-5";
hash = "sha256-OwKA9oPTwhRcSmiOb+PxzifbO/IG8IHWlvddFh/nP6s=";
})
(qubesPatch {
name = "1101-docs-rename-DATE-to-PANDOC_REL_DATE-and-allow-to-spe";
tag = "4.17.4-5";
hash = "sha256-BUtYt0mM3bURVaGv4oDznzxx1Wo4sfOpGV5GB8qc5Ns=";
})
(qubesPatch {
name = "1102-docs-xen-headers-use-alphabetical-sorting-for-incont";
tag = "4.17.4-5";
hash = "sha256-mQUp2w9lUb7KDq5MuPQjs6y7iuMDeXoZjDjlXfa5z44=";
})
];
# Xen Security Advisory #458: (4.16 - 4.19-rc3)
"XSA_458" = xsaPatch {
id = "458";
title = "Double unlock in x86 guest IRQ handling";
description = ''
An optional feature of PCI MSI called "Multiple Message" allows a device
to use multiple consecutive interrupt vectors. Unlike for MSI-X, the
setting up of these consecutive vectors needs to happen all in one go.
In this handling an error path could be taken in different situations,
with or without a particular lock held. This error path wrongly releases
the lock even when it is not currently held.
'';
cve = [ "CVE-2024-31143" ];
hash = "sha256-yHI9Sp/7Ed40iIYQ/HOOIULlfzAzL0c0MGqdF+GR+AQ=";
};
}

194
pkgs/applications/virtualization/xen/update.sh Executable file
View File

@ -0,0 +1,194 @@
#!/usr/bin/env nix-shell
#!nix-shell -i bash -p gitMinimal curl gnupg nix-prefetch-git nixfmt-rfc-style
# shellcheck disable=SC2206,SC2207 shell=bash
set -e
# Set a temporary $HOME in /tmp for GPG.
HOME=/tmp/xenUpdateScript
# This script expects to be called in an interactive terminal somewhere inside Nixpkgs.
echo "Preparing..."
nixpkgs=$(git rev-parse --show-toplevel)
xenPath="$nixpkgs/pkgs/applications/virtualization/xen"
rm -rf /tmp/xenUpdateScript
mkdir /tmp/xenUpdateScript
# Import and verify PGP key.
curl --silent --output /tmp/xenUpdateScript/xen.asc https://keys.openpgp.org/vks/v1/by-fingerprint/23E3222C145F4475FA8060A783FE14C957E82BD9
gpg --quiet --import /tmp/xenUpdateScript/xen.asc
fingerprint="$(gpg --with-colons --fingerprint "pgp@xen.org" 2>/dev/null | awk -F: '/^pub:.*/ { getline; print $10}')"
echo -e "Please ascertain through multiple external sources that the \e[1;32mXen Project PGP Key Fingerprint\e[0m is indeed \e[1;33m$fingerprint\e[0m. If that is not the case, \e[1;31mexit immediately\e[0m."
read -r -p $'Press \e[1;34menter\e[0m to continue with a pre-filled expected fingerprint, or input an arbitrary PGP fingerprint to match with the key\'s fingerprint: ' userInputFingerprint
userInputFingerprint=${userInputFingerprint:-"23E3222C145F4475FA8060A783FE14C957E82BD9"}
# Clone xen.git.
echo -e "Cloning \e[1;34mxen.git\e[0m..."
git clone --quiet https://xenbits.xen.org/git-http/xen.git /tmp/xenUpdateScript/xen
cd /tmp/xenUpdateScript/xen
# Get list of versions and branches.
versionList="$(git tag --list "RELEASE-*" | sed s/RELEASE-//g | sed s/4.1.6.1//g | sort --numeric-sort)"
latestVersion=$(echo "$versionList" | tr ' ' '\n' | tail --lines=1)
branchList=($(echo "$versionList" | tr ' ' '\n' | sed s/\.[0-9]*$//g | awk '!seen[$0]++'))
# Figure out which versions we're actually going to install.
minSupportedBranch="$(grep " knownVulnerabilities = lib.lists.optionals (lib.strings.versionOlder version " "$xenPath"/generic.nix | sed s/' knownVulnerabilities = lib.lists.optionals (lib.strings.versionOlder version "'//g | sed s/'") \['//g)"
supportedBranches=($(for version in "${branchList[@]}"; do if [ "$(printf '%s\n' "$minSupportedBranch" "$version" | sort -V | head -n1)" = "$minSupportedBranch" ]; then echo "$version"; fi; done))
supportedVersions=($(for version in "${supportedBranches[@]}"; do echo "$versionList" | tr ' ' '\n' | grep "$version" | tail --lines=1; done))
# Main loop that installs every supportedVersion.
for version in "${supportedVersions[@]}"; do
echo -e "\n------------------------------------------------"
branch=${version/%.[0-9]/}
if [[ "$version" == "$latestVersion" ]]; then
latest=true
echo -e "\nFound \e[1;34mlatest\e[0m release: \e[1;32mXen $version\e[0m in branch \e[1;36m$branch\e[0m."
else
latest=false
echo -e "\nFound \e[1;33msecurity-supported\e[0m release: \e[1;32mXen $version\e[0m in branch \e[1;36m$branch\e[0m."
fi
# Verify PGP key automatically. If the fingerprint matches what the user specified, or the default fingerprint, then we consider it trusted.
cd /tmp/xenUpdateScript/xen
if [[ "$fingerprint" = "$userInputFingerprint" ]]; then
echo "$fingerprint:6:" | gpg --quiet --import-ownertrust
(git verify-tag RELEASE-"$version" 2>/dev/null && echo -e "\n\e[1;32mSuccessfully authenticated Xen $version.\e[0m") || (echo -e "\e[1;31merror:\e[0m Unable to verify tag \e[1;32mRELEASE-$version\e[0m.\n- It is possible that \e[1;33mthis script has broken\e[0m, the Xen Project has \e[1;33mcycled their PGP keys\e[0m, or a \e[1;31msupply chain attack is in progress\e[0m.\n\n\e[1;31mPlease update manually.\e[0m" && exit 1)
else
echo -e "\e[1;31merror:\e[0m Unable to verify \e[1;34mpgp@xen.org\e[0m's fingerprint.\n- It is possible that \e[1;33mthis script has broken\e[0m, the Xen Project has \e[1;33mcycled their PGP keys\e[0m, or an \e[1;31mimpersonation attack is in progress\e[0m.\n\n\e[1;31mPlease update manually.\e[0m" && exit 1
fi
git switch --quiet --detach RELEASE-"$version"
# Originally we told people to go check the Makefile themselves.
echo -e "\nDetermining source versions from Xen Makefiles..."
qemuVersion="$(grep -ie "QEMU_UPSTREAM_REVISION ?=" /tmp/xenUpdateScript/xen/Config.mk | sed s/"QEMU_UPSTREAM_REVISION ?= "//g)"
seaBIOSVersion="$(grep -ie "SEABIOS_UPSTREAM_REVISION ?= rel-" /tmp/xenUpdateScript/xen/Config.mk | sed s/"SEABIOS_UPSTREAM_REVISION ?= "//g)"
ovmfVersion="$(grep -ie "OVMF_UPSTREAM_REVISION ?=" /tmp/xenUpdateScript/xen/Config.mk | sed s/"OVMF_UPSTREAM_REVISION ?= "//g)"
ipxeVersion="$(grep -ie "IPXE_GIT_TAG :=" /tmp/xenUpdateScript/xen/tools/firmware/etherboot/Makefile | sed s/"IPXE_GIT_TAG := "//g)"
# Use `nix-prefetch-git` to fetch `rev`s and `hash`es.
echo "Pre-fetching sources and determining hashes..."
echo -e -n " \e[1;32mXen\e[0m..."
fetchXen=$(nix-prefetch-git --url https://xenbits.xen.org/git-http/xen.git --rev RELEASE-"$version" --quiet)
finalVersion="$(echo "$fetchXen" | tr ', ' '\n ' | grep -ie rev | sed s/' "rev": "'//g | sed s/'"'//g)"
hash="$(echo "$fetchXen" | tr ', ' '\n ' | grep -ie hash | sed s/' "hash": "'//g | sed s/'"'//g)"
echo "done!"
echo -e -n " \e[1;36mQEMU\e[0m..."
fetchQEMU=$(nix-prefetch-git --url https://xenbits.xen.org/git-http/qemu-xen.git --rev "$qemuVersion" --quiet --fetch-submodules)
finalQEMUVersion="$(echo "$fetchQEMU" | tr ', ' '\n ' | grep -ie rev | sed s/' "rev": "'//g | sed s/'"'//g)"
qemuHash="$(echo "$fetchQEMU" | tr ', ' '\n ' | grep -ie hash | sed s/' "hash": "'//g | sed s/'"'//g)"
echo "done!"
echo -e -n " \e[1;36mSeaBIOS\e[0m..."
fetchSeaBIOS=$(nix-prefetch-git --url https://xenbits.xen.org/git-http/seabios.git --rev "$seaBIOSVersion" --quiet)
finalSeaBIOSVersion="$(echo "$fetchSeaBIOS" | tr ', ' '\n ' | grep -ie rev | sed s/' "rev": "'//g | sed s/'"'//g)"
seaBIOSHash="$(echo "$fetchSeaBIOS" | tr ', ' '\n ' | grep -ie hash | sed s/' "hash": "'//g | sed s/'"'//g)"
echo "done!"
echo -e -n " \e[1;36mOVMF\e[0m..."
ovmfHash="$(nix-prefetch-git --url https://xenbits.xen.org/git-http/ovmf.git --rev "$ovmfVersion" --quiet --fetch-submodules | grep -ie hash | sed s/' "hash": "'//g | sed s/'",'//g)"
echo "done!"
echo -e -n " \e[1;36miPXE\e[0m..."
ipxeHash="$(nix-prefetch-git --url https://github.com/ipxe/ipxe.git --rev "$ipxeVersion" --quiet | grep -ie hash | sed s/' "hash": "'//g | sed s/'",'//g)"
echo "done!"
cd "$xenPath"
echo -e "\nFound the following revisions:\n \e[1;32mXen\e[0m: \e[1;33m$finalVersion\e[0m (\e[1;33m$hash\e[0m)\n \e[1;36mQEMU\e[0m: \e[1;33m$finalQEMUVersion\e[0m (\e[1;33m$qemuHash\e[0m)\n \e[1;36mSeaBIOS\e[0m: \e[1;33m$finalSeaBIOSVersion\e[0m (\e[1;33m$seaBIOSHash\e[0m)\n \e[1;36mOVMF\e[0m: \e[1;33m$ovmfVersion\e[0m (\e[1;33m$ovmfHash\e[0m)\n \e[1;36miPXE\e[0m: \e[1;33m$ipxeVersion\e[0m (\e[1;33m$ipxeHash\e[0m)"
# Set OCaml Version
read -r -p $'\nEnter the corresponding \e[1;33mOCaml\e[0m version for \e[1;32mXen '"$version"$'\e[0m, or press \e[1;34menter\e[0m for the default value of \e[1;32m4_14\e[0m: ' ocamlVersion
ocamlVersion=${ocamlVersion:-"4_14"}
mkdir -p "$branch"/
rm -f "$branch"/default.nix
# Prepare any .patch files that are called by Nix through a path value.
echo -e "\nPlease add any required patches to version \e[1;32m$branch\e[0m in \e[1;34m$branch/\e[0m, and press \e[1;34menter\e[0m when done."
read -r -p $'Remember to follow the naming specification as defined in \e[1;34m./README.md\e[0m.'
echo -e "\nDiscovering patches..."
discoveredXenPatches="$(find "$branch"/ -type f -name "[0-9][0-9][0-9][0-9]-xen-*-$branch.patch" -printf "./%f ")"
discoveredQEMUPatches="$(find "$branch"/ -type f -name "[0-9][0-9][0-9][0-9]-qemu-*-$branch.patch" -printf "./%f ")"
discoveredSeaBIOSPatches="$(find "$branch"/ -type f -name "[0-9][0-9][0-9][0-9]-seabios-*-$branch.patch" -printf "./%f ")"
discoveredOVMFPatches="$(find "$branch"/ -type f -name "[0-9][0-9][0-9][0-9]-ovmf-*-$branch.patch" -printf "./%f ")"
discoveredIPXEPatches="$(find "$branch"/ -type f -name "[0-9][0-9][0-9][0-9]-ipxe-*-$branch.patch" -printf "./%f ")"
discoveredXenPatchesEcho=${discoveredXenPatches:-"\e[1;31mNone found!\e[0m"}
discoveredQEMUPatchesEcho=${discoveredQEMUPatches:-"\e[1;31mNone found!\e[0m"}
discoveredSeaBIOSPatchesEcho=${discoveredSeaBIOSPatches:-"\e[1;31mNone found!\e[0m"}
discoveredOVMFPatchesEcho=${discoveredOVMFPatches:-"\e[1;31mNone found!\e[0m"}
discoveredIPXEPatchesEcho=${discoveredIPXEPatches:-"\e[1;31mNone found!\e[0m"}
echo -e "Found the following patches:\n \e[1;32mXen\e[0m: \e[1;33m$discoveredXenPatchesEcho\e[0m\n \e[1;36mQEMU\e[0m: \e[1;33m$discoveredQEMUPatchesEcho\e[0m\n \e[1;36mSeaBIOS\e[0m: \e[1;33m$discoveredSeaBIOSPatchesEcho\e[0m\n \e[1;36mOVMF\e[0m: \e[1;33m$discoveredOVMFPatchesEcho\e[0m\n \e[1;36miPXE\e[0m: \e[1;33m$discoveredIPXEPatchesEcho\e[0m"
# Prepare patches that are called in ./patches.nix.
defaultPatchListInit=("QUBES_REPRODUCIBLE_BUILDS" "XSA_458")
read -r -a defaultPatchList -p $'\nWould you like to override the \e[1;34mupstreamPatches\e[0m list for \e[1;32mXen '"$version"$'\e[0m? If no, press \e[1;34menter\e[0m to use the default patch list: [ \e[1;34m'"${defaultPatchListInit[*]}"$' \e[0m]: '
defaultPatchList=(${defaultPatchList[@]:-${defaultPatchListInit[@]}})
spaceSeparatedPatchList=${defaultPatchList[*]}
upstreamPatches="upstreamPatches.${spaceSeparatedPatchList// / upstreamPatches.}"
# Write and format default.nix file.
echo -e "\nWriting updated \e[1;34mversionDefinition\e[0m..."
cat >"$branch"/default.nix <<EOF
{
lib,
fetchpatch,
callPackage,
ocaml-ng,
...
}@genericDefinition:
let
upstreamPatches = import ../patches.nix {
inherit lib;
inherit fetchpatch;
};
upstreamPatchList = lib.lists.flatten [
$upstreamPatches
];
in
callPackage (import ../generic.nix {
branch = "$branch";
version = "$version";
latest = $latest;
pkg = {
xen = {
rev = "$finalVersion";
hash = "$hash";
patches = [ $discoveredXenPatches ] ++ upstreamPatchList;
};
qemu = {
rev = "$finalQEMUVersion";
hash = "$qemuHash";
patches = [ $discoveredQEMUPatches ];
};
seaBIOS = {
rev = "$finalSeaBIOSVersion";
hash = "$seaBIOSHash";
patches = [ $discoveredSeaBIOSPatches ];
};
ovmf = {
rev = "$ovmfVersion";
hash = "$ovmfHash";
patches = [ $discoveredOVMFPatches ];
};
ipxe = {
rev = "$ipxeVersion";
hash = "$ipxeHash";
patches = [ $discoveredIPXEPatches ];
};
};
}) ({ ocamlPackages = ocaml-ng.ocamlPackages_$ocamlVersion; } // genericDefinition)
EOF
echo "Formatting..."
nixfmt "$branch"/default.nix
echo -e "\n\e[1;32mSuccessfully produced $branch/default.nix.\e[0m"
done
echo -e -n "\nCleaning up..."
rm -rf /tmp/xenUpdateScript
echo done!

493
pkgs/applications/virtualization/xen/xsa-patches.nix
View File

@ -1,493 +0,0 @@
{ fetchpatch }:
let
xsaPatch = { name , sha256 }: (fetchpatch {
url = "https://xenbits.xen.org/xsa/xsa${name}.patch";
inherit sha256;
});
in {
# 4.5
XSA_190 = (xsaPatch {
name = "190-4.5";
sha256 = "0f8pw38kkxky89ny3ic5h26v9zsjj9id89lygx896zc3w1klafqm";
});
# 4.5
XSA_191 = (xsaPatch {
name = "191-4.6";
sha256 = "1wl1ndli8rflmc44pkp8cw4642gi8z7j7gipac8mmlavmn3wdqhg";
});
# 4.5
XSA_192 = (xsaPatch {
name = "192-4.5";
sha256 = "0m8cv0xqvx5pdk7fcmaw2vv43xhl62plyx33xqj48y66x5z9lxpm";
});
# 4.5
XSA_193 = (xsaPatch {
name = "193-4.5";
sha256 = "0k9mykhrpm4rbjkhv067f6s05lqmgnldcyb3vi8cl0ndlyh66lvr";
});
# 4.5
XSA_195 = (xsaPatch {
name = "195";
sha256 = "0m0g953qnjy2knd9qnkdagpvkkgjbk3ydgajia6kzs499dyqpdl7";
});
# 4.5
XSA_196 = [
(xsaPatch {
name = "196-0001-x86-emul-Correct-the-IDT-entry-calculation-in-inject";
sha256 = "0z53nzrjvc745y26z1qc8jlg3blxp7brawvji1hx3s74n346ssl6";
})
(xsaPatch {
name = "196-0002-x86-svm-Fix-injection-of-software-interrupts";
sha256 = "11cqvr5jn2s92wsshpilx9qnfczrd9hnyb5aim6qwmz3fq3hrrkz";
})
];
# 4.5
XSA_198 = (xsaPatch {
name = "198";
sha256 = "0d1nndn4p520c9xa87ixnyks3mrvzcri7c702d6mm22m8ansx6d9";
});
# 4.5
XSA_200 = (xsaPatch {
name = "200-4.6";
sha256 = "0k918ja83470iz5k4vqi15293zjvz2dipdhgc9sy9rrhg4mqncl7";
});
# 4.5
XSA_202_45 = (xsaPatch {
name = "202-4.6";
sha256 = "0nnznkrvfbbc8z64dr9wvbdijd4qbpc0wz2j5vpmx6b32sm7932f";
});
# 4.5
XSA_204_45 = (xsaPatch {
name = "204-4.5";
sha256 = "083z9pbdz3f532fnzg7n2d5wzv6rmqc0f4mvc3mnmkd0rzqw8vcp";
});
# 4.5
XSA_206_45 = [
(xsaPatch {
name = "206-4.5/0001-xenstored-apply-a-write-transaction-rate-limit";
sha256 = "07vsm8mlbxh2s01ny2xywnm1bqhhxas1az31fzwb6f1g14vkzwm4";
})
(xsaPatch {
name = "206-4.5/0002-xenstored-Log-when-the-write-transaction-rate-limit-";
sha256 = "17pnvxjmhny22abwwivacfig4vfsy5bqlki07z236whc2y7yzbsx";
})
(xsaPatch {
name = "206-4.5/0003-oxenstored-refactor-putting-response-on-wire";
sha256 = "0xf566yicnisliy82cydb2s9k27l3bxc43qgmv6yr2ir3ixxlw5s";
})
(xsaPatch {
name = "206-4.5/0004-oxenstored-remove-some-unused-parameters";
sha256 = "16cqx9i0w4w3x06qqdk9rbw4z96yhm0kbc32j40spfgxl82d1zlk";
})
(xsaPatch {
name = "206-4.5/0005-oxenstored-refactor-request-processing";
sha256 = "1g2hzlv7w03sqnifbzda85mwlz3bw37rk80l248180sv3k7k6bgv";
})
(xsaPatch {
name = "206-4.5/0006-oxenstored-keep-track-of-each-transaction-s-operatio";
sha256 = "0n65yfxvpfd4cz95dpbwqj3nablyzq5g7a0klvi2y9zybhch9cmg";
})
(xsaPatch {
name = "206-4.5/0007-oxenstored-move-functions-that-process-simple-operat";
sha256 = "0qllvbc9rnj7jhhlslxxs35gvphvih0ywz52jszj4irm23ka5vnz";
})
(xsaPatch {
name = "206-4.5/0008-oxenstored-replay-transaction-upon-conflict";
sha256 = "0lixkxjfzciy9l0f980cmkr8mcsx14c289kg0mn5w1cscg0hb46g";
})
(xsaPatch {
name = "206-4.5/0009-oxenstored-log-request-and-response-during-transacti";
sha256 = "09ph8ddcx0k7rndd6hx6kszxh3fhxnvdjsq13p97n996xrpl1x7b";
})
(xsaPatch {
name = "206-4.5/0010-oxenstored-allow-compilation-prior-to-OCaml-3.12.0";
sha256 = "1y0m7sqdz89z2vs4dfr45cyvxxas323rxar0xdvvvivgkgxawvxj";
})
(xsaPatch {
name = "206-4.5/0011-oxenstored-comments-explaining-some-variables";
sha256 = "1d3n0y9syya4kaavrvqn01d3wsn85gmw7qrbylkclznqgkwdsr2p";
})
(xsaPatch {
name = "206-4.5/0012-oxenstored-handling-of-domain-conflict-credit";
sha256 = "12zgid5y9vrhhpk2syxp0x01lzzr6447fa76n6rjmzi1xgdzpaf8";
})
(xsaPatch {
name = "206-4.5/0013-oxenstored-ignore-domains-with-no-conflict-credit";
sha256 = "0v3g9pm60w6qi360hdqjcw838s0qcyywz9qpl8gzmhrg7a35avxl";
})
(xsaPatch {
name = "206-4.5/0014-oxenstored-add-transaction-info-relevant-to-history-";
sha256 = "0vv3w0h5xh554i9v2vbc8gzm8wabjf2vzya3dyv5yzvly6ygv0sb";
})
(xsaPatch {
name = "206-4.5/0015-oxenstored-support-commit-history-tracking";
sha256 = "1iv2vy29g437vj73x9p33rdcr5ln2q0kx1b3pgxq202ghbc1x1zj";
})
(xsaPatch {
name = "206-4.5/0016-oxenstored-only-record-operations-with-side-effects-";
sha256 = "1cjkw5ganbg6lq78qsg0igjqvbgph3j349faxgk1p5d6nr492zzy";
})
(xsaPatch {
name = "206-4.5/0017-oxenstored-discard-old-commit-history-on-txn-end";
sha256 = "0lm15lq77403qqwpwcqvxlzgirp6ffh301any9g401hs98f9y4ps";
})
(xsaPatch {
name = "206-4.5/0018-oxenstored-track-commit-history";
sha256 = "1jh92p6vjhkm3bn5vz260npvsjji63g2imsxflxs4f3r69sz1nkd";
})
(xsaPatch {
name = "206-4.5/0019-oxenstored-blame-the-connection-that-caused-a-transa";
sha256 = "17k264pk0fvsamj85578msgpx97mw63nmj0j9v5hbj4bgfazvj4h";
})
(xsaPatch {
name = "206-4.5/0020-oxenstored-allow-self-conflicts";
sha256 = "15z3rd49q0pa72si0s8wjsy2zvbm613d0hjswp4ikc6nzsnsh4qy";
})
(xsaPatch {
name = "206-4.5/0021-oxenstored-do-not-commit-read-only-transactions";
sha256 = "04wpzazhv90lg3228z5i6vnh1z4lzd08z0d0fvc4br6pkd0w4va8";
})
(xsaPatch {
name = "206-4.5/0022-oxenstored-don-t-wake-to-issue-no-conflict-credit";
sha256 = "1shbrn0w68rlywcc633zcgykfccck1a77igmg8ydzwjsbwxsmsjy";
})
(xsaPatch {
name = "206-4.5/0023-oxenstored-transaction-conflicts-improve-logging";
sha256 = "1086y268yh8047k1vxnxs2nhp6izp7lfmq01f1gq5n7jiy1sxcq7";
})
(xsaPatch {
name = "206-4.5/0024-oxenstored-trim-history-in-the-frequent_ops-function";
sha256 = "014zs6i4gzrimn814k5i7gz66vbb0adkzr2qyai7i4fxc9h9r7w8";
})
];
# 4.5 - 4.8
XSA_207 = (xsaPatch {
name = "207";
sha256 = "0wdlhijmw9mdj6a82pyw1rwwiz605dwzjc392zr3fpb2jklrvibc";
});
# 4.5 - 4.8
XSA_212 = (xsaPatch {
name = "212";
sha256 = "1ggjbbym5irq534a3zc86md9jg8imlpc9wx8xsadb9akgjrr1r8d";
});
# 4.5
XSA_213_45 = (xsaPatch {
name = "213-4.5";
sha256 = "1vnqf89ydacr5bq3d6z2r33xb2sn5vsd934rncyc28ybc9rvj6wm";
});
# 4.5 - 4.8
XSA_214 = (xsaPatch {
name = "214";
sha256 = "0qapzx63z0yl84phnpnglpkxp6b9sy1y7cilhwjhxyigpfnm2rrk";
});
# 4.5
XSA_215 = (xsaPatch {
name = "215";
sha256 = "0sv8ccc5xp09f1w1gj5a9n3mlsdsh96sdb1n560vh31f4kkd61xs";
});
# 4.5
XSA_217_45 = (xsaPatch {
name = "217-4.5";
sha256 = "067pgsfrb9py2dhm1pk9g8f6fs40vyfrcxhj8c12vzamb6svzmn4";
});
# 4.5
XSA_218_45 = [
(xsaPatch {
name = "218-4.5/0001-IOMMU-handle-IOMMU-mapping-and-unmapping-failures";
sha256 = "00y6j3yjxw0igpldsavikmhlxw711k2jsj1qx0s05w2k608gadkq";
})
(xsaPatch {
name = "218-4.5/0002-gnttab-fix-unmap-pin-accounting-race";
sha256 = "0qbbfnnjlpdcd29mzmacfmi859k92c213l91q7w1rg2k6pzx928k";
})
(xsaPatch {
name = "218-4.5/0003-gnttab-Avoid-potential-double-put-of-maptrack-entry";
sha256 = "1cndzvyhf41mk4my6vh3bk9jvh2y4gpmqdhvl9zhxhmppszslqkc";
})
(xsaPatch {
name = "218-4.5/0004-gnttab-correct-maptrack-table-accesses";
sha256 = "02zpb0ffigijacqvyyjylwx3qpgibwslrka7mbxwnclf4s9c03a2";
})
];
# 4.5
XSA_219_45 = (xsaPatch {
name = "219-4.5";
sha256 = "003msr5vhsc66scmdpgn0lp3p01g4zfw5vj86y5lw9ajkbaywdsm";
});
# 4.5
XSA_220_45 = (xsaPatch {
name = "220-4.5";
sha256 = "1dj9nn6lzxlipjb3nb7b9m4337fl6yn2bd7ap1lqrjn8h9zkk1pp";
});
# 4.5 - 4.8
XSA_221 = (xsaPatch {
name = "221";
sha256 = "1mcr1nqgxyjrkywdg7qhlfwgz7vj2if1dhic425vgd41p9cdgl26";
});
# 4.5
XSA_222_45 = [
(xsaPatch {
name = "222-1-4.6";
sha256 = "1g4dqm5qx4wqlv1520jpfiscph95vllcp4gqp1rdfailk8xi0mcf";
})
(xsaPatch {
name = "222-2-4.5";
sha256 = "1hw8rhc7q4v309f4w11gxfsn5x1pirvxkg7s4kr711fnmvp9hkzd";
})
];
# 4.5 - 4.8
XSA_223 = (xsaPatch {
name = "223";
sha256 = "0803gjgcbq9vaz2mq0v5finf1fq8iik1g4hqsjqhjxvspn8l70c5";
});
# 4.5
XSA_224_45 = [
(xsaPatch {
name = "224-4.5/0001-gnttab-Fix-handling-of-dev_bus_addr-during-unmap";
sha256 = "1aislj66ss4cb3v2bh12mrqsyrf288d4h54rj94jjq7h1hnycw7h";
})
(xsaPatch {
name = "224-4.5/0002-gnttab-never-create-host-mapping-unless-asked-to";
sha256 = "1j6fgm1ccb07gg0mi5qmdr0vqwwc3n12z433g1jrija2gbk1x8aq";
})
(xsaPatch {
name = "224-4.5/0003-gnttab-correct-logic-to-get-page-references-during-m";
sha256 = "166kmicwx280fjqjvgigbmhabjksa0hhvqx5h4v6kjlcjpmxqy08";
})
(xsaPatch {
name = "224-4.5/0004-gnttab-__gnttab_unmap_common_complete-is-all-or-noth";
sha256 = "1skc0yj1zsn8xgyq1y57bdc0scvvlmd0ynrjwwf1zkias1wlilav";
})
];
# 4.5
XSA_226_45 = [
(xsaPatch {
name = "226-4.5/0001-gnttab-dont-use-possibly-unbounded-tail-calls";
sha256 = "1hx47ppv5q33cw4dwp82lgvv4fp28gx7rxijw0iaczsv8bvb8vcg";
})
(xsaPatch {
name = "226-4.5/0002-gnttab-fix-transitive-grant-handling";
sha256 = "1gzp8m2zfihwlk71c3lqyd0ajh9h11pvkhzhw0mawckxy0qksvlc";
})
];
# 4.5
XSA_227_45 = (xsaPatch {
name = "227-4.5";
sha256 = "1qfjfisgqm4x98qw54x2qrvgjnvvzizx9p1pjhcnsps9q6g1y3x8";
});
# 4.5 - 4.9
XSA_230 = (xsaPatch {
name = "230";
sha256 = "10x0j7wmzkrwycs1ng89fgjzvzh8vsdd4c5nb68b3j1azdx4ld83";
});
# 4.5
XSA_231_45 = (xsaPatch {
name = "231-4.5";
sha256 = "06gwx2f1lg51dfk2b4zxp7wv9c4pxdi87pg2asvmxqc78ir7l5s6";
});
# 4.5 - 4.9
XSA_232 = (xsaPatch {
name = "232";
sha256 = "0n6irjpmraa3hbxxm64a1cplc6y6g07x7v2fmlpvn70ql3fs0220";
});
# 4.5 - 4.9
XSA_233 = (xsaPatch {
name = "233";
sha256 = "1w3m8349cqav56av63w6jzvlsv4jw5rimwvskr9pq2rcbk2dx8kf";
});
# 4.5
XSA_234_45 = (xsaPatch {
name = "234-4.5";
sha256 = "1ji6hbgybb4gbgz5l5fis9midnvjbddzam8d63377rkzdyb3yz9f";
});
# 4.5
XSA_235_45 = (xsaPatch {
name = "235-4.5";
sha256 = "0hhgnql2gji111020z4wiyzg23wqs6ymanb67rg11p4qad1fp3ff";
});
# 4.5
XSA_236_45 = (xsaPatch {
name = "236-4.5";
sha256 = "0hcla86x81wykssd2967gblp7fzx61290p4ls4v0hcyxdg2bs2yz";
});
# 4.5
XSA_237_45 = [
(xsaPatch {
name = "237-4.5/0001-x86-dont-allow-MSI-pIRQ-mapping-on-unowned-device";
sha256 = "0hjxs20jhls4i0iph45a0qpw4znkm04gv74jmwhw84gy4hrhzq3b";
})
(xsaPatch {
name = "237-4.5/0002-x86-enforce-proper-privilege-when-mapping-pIRQ-s";
sha256 = "0ki8nmbc2g1l9wnqsph45a2k4c6dk5s7jvdlxg3zznyiyxjcv8yn";
})
(xsaPatch {
name = "237-4.5/0003-x86-MSI-disallow-redundant-enabling";
sha256 = "1hdz83qrjaqnihz8ji186dypxiblbfpgyb01j9m5alhk4whjqvp1";
})
(xsaPatch {
name = "237-4.5/0004-x86-IRQ-conditionally-preserve-irq-pirq-mapping-on-error";
sha256 = "0csdfn9kzn1k94pg3fcwsgqw14wcd4myi1jkcq5alj1fmkhw4wmk";
})
(xsaPatch {
name = "237-4.5/0005-x86-FLASK-fix-unmap-domain-IRQ-XSM-hook";
sha256 = "14b73rkvbkd1a2gh9kp0zrvv2d3kfwkiv24fg9agh4hrf2w3nx7y";
})
];
# 4.5
XSA_238_45 = (xsaPatch {
name = "238-4.5";
sha256 = "1x2fg5vfv5jc084h5gjm6fq0nxjpzvi96px3sqzz4pvsvy4y4i1z";
});
# 4.5
XSA_239_45 = (xsaPatch {
name = "239-4.5";
sha256 = "06bi8q3973yajxsdj7pcqarvb56q2gisxdiy0cpbyffbmpkfv3h6";
});
# 4.5
XSA_240_45 = [
(xsaPatch {
name = "240-4.5/0001-x86-limit-linear-page-table-use-to-a-single-level";
sha256 = "0pmf10mbnmb88y7mly8s2l0j88cg0ayhkcnmj1zbjrkjmpccv395";
})
(xsaPatch {
name = "240-4.5/0002-x86-mm-Disable-PV-linear-pagetables-by-default";
sha256 = "19f096ra3xndvzkjjasx73p2g25hfkm905px0p3yakwll0qzd029";
})
];
# 4.5 - 4.8
XSA_241 = (xsaPatch {
name = "241-4.8";
sha256 = "16zb75kzs98f4mdxhbyczk5mbh9dvn6j3yhfafki34x1dfdnq4pj";
});
# 4.5 - 4.9
XSA_242 = (xsaPatch {
name = "242-4.9";
sha256 = "0yx3x0i2wybsm7lzdffxa2mm866bjl4ipbb9vipnw77dyg705zpr";
});
# 4.5
XSA_243_45 = [
(xsaPatch {
name = "243-4.6-1";
sha256 = "1cqanpyysa7px0j645z4jw9yqsvv6cbh7yq1b86ap134axfifcan";
})
(xsaPatch {
name = "243-4.5-2";
sha256 = "0wbcgw4m0nzm2902jnda2020l7bd5adkq8j5myi1zmsfzbq03hwn";
})
];
# 4.5
XSA_244_45 = (xsaPatch {
name = "244-4.5";
sha256 = "05ci3vdl1ywfjpzcvsy1k52whxjk8pxzj7dh3r94yqasr56i5v2l";
});
# 4.5 - 4.9
XSA_245 = [
(xsaPatch {
name = "245/0001-xen-page_alloc-Cover-memory-unreserved-after-boot-in";
sha256 = "12brsgbn7xwakalsn10afykgqmx119mqg6vjj3v2b1pnmf4ss0w8";
})
(xsaPatch {
name = "245/0002-xen-arm-Correctly-report-the-memory-region-in-the-du";
sha256 = "1k6z5r7wnrswsczn2j3a1mc4nvxqm4ydj6n6rvgqizk2pszdkqg8";
})
];
# 4.5 - 4.7
XSA_246_45 = [
(xsaPatch {
name = "246-4.7";
sha256 = "13rad4k8z3bq15d67dhgy96kdbrjiq9sy8px0jskbpx9ygjdahkn";
})
];
# 4.5
XSA_247_45 = [
(xsaPatch {
name = "247-4.5/0001-p2m-Always-check-to-see-if-removing-a-p2m-entry-actu";
sha256 = "0h1mp5s9si8aw2gipds317f27h9pi7bgnhj0bcmw11p0ch98sg1m";
})
(xsaPatch {
name = "247-4.5/0002-p2m-Check-return-value-of-p2m_set_entry-when-decreas";
sha256 = "0vjjybxbcm4xl26wbqvcqfiyvvlayswm4f98i1fr5a9abmljn5sb";
})
];
# 4.5
XSA_248_45 = [
(xsaPatch {
name = "248-4.5";
sha256 = "0csxg6h492ddsa210b45av28iqf7cn2dfdqk4zx10zwf1pv2shyn";
})
];
# 4.5 .. 4.9
XSA_249 = [
(xsaPatch {
name = "249";
sha256 = "0v6ngzqhkz7yv4n83xlpxfbkr2qyg5b1cds7ikkinm86hiqy6agl";
})
];
# 4.5
XSA_250_45 = [
(xsaPatch {
name = "250-4.5";
sha256 = "0pqldl6qnl834gvfp90z247q9xcjh3835s2iffnajz7jhjb2145d";
})
];
# 4.5
XSA_251_45 = [
(xsaPatch {
name = "251-4.5";
sha256 = "0lc94cx271z09r0mhxaypyd9d4740051p28idf5calx5228dqjgm";
})
];
XSA_386 = (xsaPatch {
name = "386";
sha256 = "sha256-pAuLgt3sDeL73NSDqZCWxRGZk1tWaYlDbh7cUcJ4s+w=";
});
}

84
pkgs/by-name/ar/art/package.nix Normal file
View File

@ -0,0 +1,84 @@
{ lib
, stdenv
, fetchFromBitbucket
, cmake
, pkg-config
, wrapGAppsHook3
, makeWrapper
, pixman
, libpthreadstubs
, gtkmm3
, libXau
, libXdmcp
, lcms2
, libiptcdata
, fftw
, expat
, pcre
, libsigcxx
, lensfun
, librsvg
, libcanberra-gtk3
, exiv2
, exiftool
, mimalloc
}:
stdenv.mkDerivation rec {
pname = "art";
version = "1.22.1";
src = fetchFromBitbucket {
owner = "agriggio";
repo = "art";
rev = version;
hash = "sha256-f6SnTvMelJaPGNeGboI34RvWXcJatEi1G6vfAdDFy8A=";
};
nativeBuildInputs = [
cmake
pkg-config
wrapGAppsHook3
];
buildInputs = [
pixman
libpthreadstubs
gtkmm3
libXau
libXdmcp
lcms2
libiptcdata
fftw
expat
pcre
libsigcxx
lensfun
librsvg
exiv2
exiftool
libcanberra-gtk3
mimalloc
];
cmakeFlags = [
"-DPROC_TARGET_NUMBER=2"
"-DCACHE_NAME_SUFFIX=\"\""
];
CMAKE_CXX_FLAGS = toString [
"-std=c++11"
"-Wno-deprecated-declarations"
"-Wno-unused-result"
];
env.CXXFLAGS = "-include cstdint"; # needed at least with gcc13 on aarch64-linux
meta = {
description = "A raw converter based on RawTherapee";
homepage = "https://bitbucket.org/agriggio/art/";
license = lib.licenses.gpl3Only;
maintainers = with lib.maintainers; [ paperdigits ];
mainProgram = "art";
platforms = lib.platforms.linux;
};
}

2
pkgs/by-name/ay/ayatana-indicator-messages/package.nix
View File

@ -95,7 +95,7 @@ stdenv.mkDerivation (finalAttrs: {
];
cmakeFlags = [
"-DENABLE_TESTS=${lib.boolToString finalAttrs.doCheck}"
"-DENABLE_TESTS=${lib.boolToString finalAttrs.finalPackage.doCheck}"
"-DGSETTINGS_LOCALINSTALL=ON"
"-DGSETTINGS_COMPILE=ON"
];

4
pkgs/by-name/bn/bngblaster/package.nix
View File

@ -30,10 +30,10 @@ stdenv.mkDerivation (finalAttrs: {
jansson
openssl
cmocka
] ++ lib.optionals finalAttrs.doCheck [ libpcap ];
] ++ lib.optionals finalAttrs.finalPackage.doCheck [ libpcap ];
cmakeFlags = [
"-DBNGBLASTER_TESTS=${if finalAttrs.doCheck then "ON" else "OFF"}"
"-DBNGBLASTER_TESTS=${if finalAttrs.finalPackage.doCheck then "ON" else "OFF"}"
"-DBNGBLASTER_VERSION=${finalAttrs.version}"
];

2
pkgs/by-name/cp/cppitertools/package.nix
View File

@ -64,7 +64,7 @@ stdenv.mkDerivation (finalAttrs: {
substituteInPlace CMakeLists.txt \
--replace-fail " DIRECTORY ." " DIRECTORY . EXCLUDE_FROM_ALL"
''
+ lib.optionalString finalAttrs.doCheck ''
+ lib.optionalString finalAttrs.finalPackage.doCheck ''
# Required for tests.
cp ${lib.getDev catch2}/include/catch2/catch.hpp test/
'';

2
pkgs/by-name/di/digikam/package.nix
View File

@ -149,7 +149,7 @@ stdenv.mkDerivation (finalAttrs: {
checkInputs = [ kdePackages.qtdeclarative ];
postConfigure = lib.optionalString finalAttrs.doCheck ''
postConfigure = lib.optionalString finalAttrs.finalPackage.doCheck ''
ln -s ${testData} $cmakeDir/test-data
'';

2
pkgs/by-name/ei/eiwd/package.nix
View File

@ -69,7 +69,7 @@ stdenv.mkDerivation (finalAttrs: {
mkdir -p $doc/share/doc
cp -a doc $doc/share/doc/iwd
cp -a README AUTHORS TODO $doc/share/doc/iwd
'' + lib.optionalString finalAttrs.doCheck ''
'' + lib.optionalString finalAttrs.finalPackage.doCheck ''
mkdir -p $test/bin
cp -a test/* $test/bin/
'';

2
pkgs/by-name/fo/fooyin/package.nix
View File

@ -41,7 +41,7 @@ stdenv.mkDerivation (finalAttrs: {
];
cmakeFlags = [
(lib.cmakeBool "BUILD_TESTING" (finalAttrs.doCheck or false))
(lib.cmakeBool "BUILD_TESTING" finalAttrs.finalPackage.doCheck)
# we need INSTALL_FHS to be true as the various artifacts are otherwise just dumped in the root
# of $out and the fixupPhase cleans things up anyway
(lib.cmakeBool "INSTALL_FHS" true)

169
pkgs/by-name/fo/forgejo/generic.nix Normal file
View File

@ -0,0 +1,169 @@
{ lts ? false
, version
, hash
, npmDepsHash
, vendorHash
}:
{ bash
, brotli
, buildGoModule
, forgejo
, git
, gzip
, lib
, makeWrapper
, nix-update-script
, nixosTests
, openssh
, pam
, pamSupport ? true
, sqliteSupport ? true
, xorg
, runCommand
, stdenv
, fetchFromGitea
, buildNpmPackage
}:
let
src = fetchFromGitea {
domain = "codeberg.org";
owner = "forgejo";
repo = "forgejo";
rev = "v${version}";
inherit hash;
};
frontend = buildNpmPackage {
pname = "forgejo-frontend";
inherit src version npmDepsHash;
patches = [
./package-json-npm-build-frontend.patch
];
# override npmInstallHook
installPhase = ''
mkdir $out
cp -R ./public $out/
'';
};
in
buildGoModule rec {
pname = "forgejo" + lib.optionalString lts "-lts";
inherit
version
src
vendorHash
;
subPackages = [ "." "contrib/environment-to-ini" ];
outputs = [ "out" "data" ];
nativeBuildInputs = [
makeWrapper
];
buildInputs = lib.optional pamSupport pam;
nativeCheckInputs = [
git
openssh
];
patches = [
./static-root-path.patch
];
postPatch = ''
substituteInPlace modules/setting/server.go --subst-var data
'';
tags = lib.optional pamSupport "pam"
++ lib.optionals sqliteSupport [ "sqlite" "sqlite_unlock_notify" ];
ldflags = [
"-s"
"-w"
"-X main.Version=${version}"
"-X 'main.Tags=${lib.concatStringsSep " " tags}'"
];
preConfigure = ''
export ldflags+=" -X main.ForgejoVersion=$(GITEA_VERSION=${version} make show-version-api)"
'';
preCheck = ''
# $HOME is required for ~/.ssh/authorized_keys and such
export HOME="$TMPDIR/home"
# expose and use the GO_TEST_PACKAGES var from the Makefile
# instead of manually copying over the entire list:
# https://codeberg.org/forgejo/forgejo/src/tag/v7.0.4/Makefile#L124
echo -e 'show-backend-tests:\n\t@echo ''${GO_TEST_PACKAGES}' >> Makefile
getGoDirs() {
make show-backend-tests
}
'';
checkFlags =
let
skippedTests = [
"Test_SSHParsePublicKey/dsa-1024/SSHKeygen" # dsa-1024 is deprecated in openssh and requires opting-in at compile time
"Test_calcFingerprint/dsa-1024/SSHKeygen" # dsa-1024 is deprecated in openssh and requires opting-in at compile time
"TestPamAuth" # we don't have PAM set up in the build sandbox
"TestPassword" # requires network: api.pwnedpasswords.com
"TestCaptcha" # requires network: hcaptcha.com
"TestDNSUpdate" # requires network: release.forgejo.org
"TestMigrateWhiteBlocklist" # requires network: gitlab.com (DNS)
];
in
[ "-skip=^${builtins.concatStringsSep "$|^" skippedTests}$" ];
postInstall = ''
mkdir $data
cp -R ./{templates,options} ${frontend}/public $data
mkdir -p $out
cp -R ./options/locale $out/locale
wrapProgram $out/bin/gitea \
--prefix PATH : ${lib.makeBinPath [ bash git gzip openssh ]}
'';
# $data is not available in goModules.drv
overrideModAttrs = (_: {
postPatch = null;
});
passthru = {
# allow nix-update to handle npmDepsHash
inherit (frontend) npmDeps;
data-compressed = runCommand "forgejo-data-compressed" {
nativeBuildInputs = [ brotli xorg.lndir ];
} ''
mkdir $out
lndir ${forgejo.data}/ $out/
# Create static gzip and brotli files
find -L $out -type f -regextype posix-extended -iregex '.*\.(css|html|js|svg|ttf|txt)' \
-exec gzip --best --keep --force {} ';' \
-exec brotli --best --keep --no-copy-stat {} ';'
'';
tests = if lts then nixosTests.forgejo-lts else nixosTests.forgejo;
updateScript = nix-update-script { };
};
meta = {
description = "Self-hosted lightweight software forge";
homepage = "https://forgejo.org";
changelog = "https://codeberg.org/forgejo/forgejo/releases/tag/${src.rev}";
license = lib.licenses.mit;
maintainers = with lib.maintainers; [ emilylange urandom bendlas adamcstephens ];
broken = stdenv.isDarwin;
mainProgram = "gitea";
};
}

7
pkgs/by-name/fo/forgejo/lts.nix Normal file
View File

@ -0,0 +1,7 @@
import ./generic.nix {
version = "7.0.6";
hash = "sha256-Y8H85HMKnzNSXnrLOxhzOBSfedivGvcQ3MOAp31Kvno=";
npmDepsHash = "sha256-OqtYRjftwGxgW1JgMxyWd+9DndpEkd3LdQHSECc40yU=";
vendorHash = "sha256-hfbNyCQMQzDzJxFc2MPAR4+v/qNcnORiQNbwbbIA4Nw=";
lts = true;
}

16
pkgs/by-name/fo/forgejo/package-json-npm-build-frontend.patch
View File

@ -1,14 +1,12 @@
diff --git a/package.json b/package.json
index b50c52cf43..d6aafb8775 100644
index 0abf6fe8b9..9d6ae0fdff 100644
--- a/package.json
+++ b/package.json
@@ -98,5 +98,8 @@
},
"browserslist": [
"defaults"
- ]
+ ],
@@ -1,4 +1,7 @@
{
+ "scripts": {
+ "build": "node_modules/.bin/webpack"
+ }
}
+ },
"type": "module",
"engines": {
"node": ">= 18.0.0"

162
pkgs/by-name/fo/forgejo/package.nix
View File

@ -1,157 +1,7 @@
{ bash
, brotli
, buildGoModule
, forgejo
, git
, gzip
, lib
, makeWrapper
, nix-update-script
, nixosTests
, openssh
, pam
, pamSupport ? true
, sqliteSupport ? true
, xorg
, runCommand
, stdenv
, fetchFromGitea
, buildNpmPackage
}:
let
frontend = buildNpmPackage {
pname = "forgejo-frontend";
inherit (forgejo) src version;
npmDepsHash = "sha256-Nu9aOjJpEAuCWWnJfZXy/GayiUDiyc3hOu6Bx7GxfxA=";
patches = [
./package-json-npm-build-frontend.patch
];
# override npmInstallHook
installPhase = ''
mkdir $out
cp -R ./public $out/
'';
};
in
buildGoModule rec {
pname = "forgejo";
version = "7.0.5";
src = fetchFromGitea {
domain = "codeberg.org";
owner = "forgejo";
repo = "forgejo";
rev = "v${version}";
hash = "sha256-Y/Ita5dr3COACffAIAjcqHHcdKiUWWEb/f/MPzMG200=";
};
vendorHash = "sha256-hfbNyCQMQzDzJxFc2MPAR4+v/qNcnORiQNbwbbIA4Nw=";
subPackages = [ "." "contrib/environment-to-ini" ];
outputs = [ "out" "data" ];
nativeBuildInputs = [
makeWrapper
git # checkPhase
openssh # checkPhase
];
buildInputs = lib.optional pamSupport pam;
patches = [
./static-root-path.patch
];
postPatch = ''
substituteInPlace modules/setting/server.go --subst-var data
'';
tags = lib.optional pamSupport "pam"
++ lib.optionals sqliteSupport [ "sqlite" "sqlite_unlock_notify" ];
ldflags = [
"-s"
"-w"
"-X main.Version=${version}"
"-X 'main.Tags=${lib.concatStringsSep " " tags}'"
];
preConfigure = ''
export ldflags+=" -X main.ForgejoVersion=$(GITEA_VERSION=${version} make show-version-api)"
'';
preCheck = ''
# $HOME is required for ~/.ssh/authorized_keys and such
export HOME="$TMPDIR/home"
# expose and use the GO_TEST_PACKAGES var from the Makefile
# instead of manually copying over the entire list:
# https://codeberg.org/forgejo/forgejo/src/tag/v7.0.4/Makefile#L124
echo -e 'show-backend-tests:\n\t@echo ''${GO_TEST_PACKAGES}' >> Makefile
getGoDirs() {
make show-backend-tests
}
'';
checkFlags =
let
skippedTests = [
"Test_SSHParsePublicKey/dsa-1024/SSHKeygen" # dsa-1024 is deprecated in openssh and requires opting-in at compile time
"Test_calcFingerprint/dsa-1024/SSHKeygen" # dsa-1024 is deprecated in openssh and requires opting-in at compile time
"TestPamAuth" # we don't have PAM set up in the build sandbox
"TestPassword" # requires network: api.pwnedpasswords.com
"TestCaptcha" # requires network: hcaptcha.com
"TestDNSUpdate" # requires network: release.forgejo.org
"TestMigrateWhiteBlocklist" # requires network: gitlab.com (DNS)
];
in
[ "-skip=^${builtins.concatStringsSep "$|^" skippedTests}$" ];
postInstall = ''
mkdir $data
cp -R ./{templates,options} ${frontend}/public $data
mkdir -p $out
cp -R ./options/locale $out/locale
wrapProgram $out/bin/gitea \
--prefix PATH : ${lib.makeBinPath [ bash git gzip openssh ]}
'';
# $data is not available in goModules.drv
overrideModAttrs = (_: {
postPatch = null;
});
passthru = {
# allow nix-update to handle npmDepsHash
inherit (frontend) npmDeps;
data-compressed = runCommand "forgejo-data-compressed" {
nativeBuildInputs = [ brotli xorg.lndir ];
} ''
mkdir $out
lndir ${forgejo.data}/ $out/
# Create static gzip and brotli files
find -L $out -type f -regextype posix-extended -iregex '.*\.(css|html|js|svg|ttf|txt)' \
-exec gzip --best --keep --force {} ';' \
-exec brotli --best --keep --no-copy-stat {} ';'
'';
tests = nixosTests.forgejo;
updateScript = nix-update-script { };
};
meta = {
description = "Self-hosted lightweight software forge";
homepage = "https://forgejo.org";
changelog = "https://codeberg.org/forgejo/forgejo/releases/tag/${src.rev}";
license = lib.licenses.mit;
maintainers = with lib.maintainers; [ emilylange urandom bendlas adamcstephens ];
broken = stdenv.isDarwin;
mainProgram = "gitea";
};
import ./generic.nix {
version = "8.0.0";
hash = "sha256-ol/2D+zMieERVDHOKlu+wm3WKkQNjbIw0sc0KLUTwzI=";
npmDepsHash = "sha256-6AMaZadgcTvOBsIXJjZQB6Q1rkdn+R82pclXdVvtdWY=";
vendorHash = "sha256-tNb0tCf+gjUmUqrjkzt7Wqqz21hW9WRh8CEdX8rv8Do=";
lts = false;
}

4
pkgs/by-name/gf/gfal2/package.nix
View File

@ -98,8 +98,8 @@ stdenv.mkDerivation (finalAttrs: {
(pluginName: "-DPLUGIN_${lib.toUpper pluginName}=${lib.toUpper (lib.boolToString finalAttrs.passthru.enablePluginStatus.${pluginName})}")
(lib.attrNames finalAttrs.passthru.enablePluginStatus)
)
++ [ "-DSKIP_TESTS=${lib.toUpper (lib.boolToString (!finalAttrs.doCheck))}" ]
++ lib.optionals finalAttrs.doCheck [ "-DGTEST_INCLUDE_DIR=${gtest.dev}/include" ]
++ [ "-DSKIP_TESTS=${lib.toUpper (lib.boolToString (!finalAttrs.finalPackage.doCheck))}" ]
++ lib.optionals finalAttrs.finalPackage.doCheck [ "-DGTEST_INCLUDE_DIR=${gtest.dev}/include" ]
++ lib.optionals finalAttrs.passthru.enablePluginStatus.http [ "-DCRYPTOPP_INCLUDE_DIRS=${cryptopp.dev}/include/cryptopp" ]
++ lib.optionals finalAttrs.passthru.enablePluginStatus.xrootd [ "-DXROOTD_INCLUDE_DIR=${xrootd.dev}/include/xrootd" ]
;

4
pkgs/by-name/in/influxdb-cxx/package.nix
View File

@ -26,10 +26,10 @@ stdenv.mkDerivation (finalAttrs: {
nativeBuildInputs = [ cmake ];
buildInputs = [ boost libcpr ]
++ lib.optionals finalAttrs.doCheck [ catch2_3 trompeloeil ];
++ lib.optionals finalAttrs.finalPackage.doCheck [ catch2_3 trompeloeil ];
cmakeFlags = [
(lib.cmakeBool "INFLUXCXX_TESTING" finalAttrs.doCheck)
(lib.cmakeBool "INFLUXCXX_TESTING" finalAttrs.finalPackage.doCheck)
(lib.cmakeFeature "CMAKE_CTEST_ARGUMENTS" "-E;BoostSupportTest") # requires network access
];

2
pkgs/by-name/li/libdict/package.nix
View File

@ -24,7 +24,7 @@ stdenv.mkDerivation (finalAttrs: {
];
cmakeFlags = [
"-DLIBDICT_TESTS=${if finalAttrs.doCheck then "ON" else "OFF"}"
"-DLIBDICT_TESTS=${if finalAttrs.finalPackage.doCheck then "ON" else "OFF"}"
"-DLIBDICT_SHARED=${if stdenv.hostPlatform.isStatic then "OFF" else "ON"}"
];

4
pkgs/by-name/ne/neovim-unwrapped/package.nix
View File

@ -41,7 +41,7 @@ stdenv.mkDerivation (finalAttrs:
(nvim-lpeg-dylib ps)
luabitop
mpack
] ++ lib.optionals finalAttrs.doCheck [
] ++ lib.optionals finalAttrs.finalPackage.doCheck [
luv
coxpcall
busted
@ -105,7 +105,7 @@ in {
tree-sitter
unibilium
] ++ lib.optionals stdenv.isDarwin [ libiconv CoreServices ]
++ lib.optionals finalAttrs.doCheck [ glibcLocales procps ]
++ lib.optionals finalAttrs.finalPackage.doCheck [ glibcLocales procps ]
;
doCheck = false;

4
pkgs/by-name/pa/packer/package.nix
View File

@ -6,13 +6,13 @@
buildGoModule rec {
pname = "packer";
version = "1.11.1";
version = "1.11.2";
src = fetchFromGitHub {
owner = "hashicorp";
repo = "packer";
rev = "v${version}";
hash = "sha256-GjC8nc8gpYQ3v0IYJc6vz0809PD6kTWx/HE1UOhTYc0=";
hash = "sha256-xi5CWL+KQd9nZSd0EscdH+lfw+WLtteSxtEos0lCNcA=";
};
vendorHash = "sha256-Xmmc30W1ZfMc7YSQswyCjw1KyDA5qi8W+kZ1L7cM3cQ=";

2
pkgs/by-name/pa/parallel-hashmap/package.nix
View File

@ -28,7 +28,7 @@ stdenv.mkDerivation (finalAttrs: {
];
cmakeFlags = [
"-DPHMAP_BUILD_TESTS=${if finalAttrs.doCheck then "ON" else "OFF"}"
"-DPHMAP_BUILD_TESTS=${if finalAttrs.finalPackage.doCheck then "ON" else "OFF"}"
"-DPHMAP_BUILD_EXAMPLES=OFF"
];

32
pkgs/by-name/se/sequoia-sq/package.nix
View File

@ -1,6 +1,5 @@
{ stdenv
, fetchFromGitLab
, fetchpatch
, lib
, darwin
, nettle
@ -15,24 +14,16 @@
rustPlatform.buildRustPackage rec {
pname = "sequoia-sq";
version = "0.34.0";
version = "0.37.0";
src = fetchFromGitLab {
owner = "sequoia-pgp";
repo = "sequoia-sq";
rev = "v${version}";
hash = "sha256-voFektWZnkmIQzI7s5nKzVVWQtEhzk2GKtxX926RtxU=";
hash = "sha256-D22ECJvbGbnyvusWXfU5F1aLF/ETuMyhAStT5HPWR2U=";
};
patches = [
# Fixes test failing on Darwin, see:
# https://gitlab.com/sequoia-pgp/sequoia-sq/-/issues/211
(fetchpatch {
url = "https://gitlab.com/sequoia-pgp/sequoia-sq/-/commit/21221a935e0d058ed269ae6c8f45c5fa7ea0d598.patch";
hash = "sha256-ZjTl3EumeFwMJUl+qMpX+P2maYz4Ow/Tn9KwYbHDbes=";
})
];
cargoHash = "sha256-3ncBpRi0v6g6wwPkSASDwt0d8cOOAUv9BwZaYvnif1U=";
cargoHash = "sha256-jFpqZKyRCMkMtOezsYJy3Fy1WXUPyn709wZxuwKlSYI=";
nativeBuildInputs = [
pkg-config
@ -47,13 +38,16 @@ rustPlatform.buildRustPackage rec {
nettle
] ++ lib.optionals stdenv.isDarwin (with darwin.apple_sdk.frameworks; [ Security SystemConfiguration ]);
# Sometimes, tests fail on CI (ofborg) & hydra without this
checkFlags = [
# doctest for sequoia-ipc fail for some reason
"--skip=macros::assert_send_and_sync"
"--skip=macros::time_it"
# https://gitlab.com/sequoia-pgp/sequoia-sq/-/issues/297
"--skip=sq_autocrypt_import"
];
# Needed for tests to be able to create a ~/.local/share/sequoia directory
preCheck = ''
export HOME=$(mktemp -d)
'';
env.ASSET_OUT_DIR = "/tmp/";
doCheck = true;
@ -69,12 +63,12 @@ rustPlatform.buildRustPackage rec {
passthru.updateScript = nix-update-script { };
meta = with lib; {
meta = {
description = "Cool new OpenPGP implementation";
homepage = "https://sequoia-pgp.org/";
changelog = "https://gitlab.com/sequoia-pgp/sequoia-sq/-/blob/v${version}/NEWS";
license = licenses.gpl2Plus;
maintainers = with maintainers; [ minijackson doronbehar ];
license = lib.licenses.gpl2Plus;
maintainers = with lib.maintainers; [ minijackson doronbehar ];
mainProgram = "sq";
};
}

12
pkgs/by-name/se/sequoia-wot/package.nix
View File

@ -13,16 +13,16 @@
}:
rustPlatform.buildRustPackage rec {
pname = "sequoia-wot";
version = "0.11.0";
version = "0.12.0";
src = fetchFromGitLab {
owner = "sequoia-pgp";
repo = "sequoia-wot";
rev = "v${version}";
hash = "sha256-qSf2uESsMGUEvAiRefpwxHKyizbq5Sst3SpjKaMIWTQ=";
hash = "sha256-Xbj1XLZQxyEYf/+R5e6EJMmL0C5ohfwZMZPVK5PwmUU=";
};
cargoHash = "sha256-vGseKdHqyncScS57UF3SR3EVdUGKVMue8fnRftefSY0=";
cargoHash = "sha256-BidSKnsIEEEU8UarbhqALcp44L0pes6O4m2mSEL1r4Q=";
nativeBuildInputs = [
pkg-config
@ -80,11 +80,11 @@ rustPlatform.buildRustPackage rec {
target/*/release/build/sequoia-wot-*/out/sq-wot-path.1
'';
meta = with lib; {
meta = {
description = "Rust CLI tool for authenticating bindings and exploring a web of trust";
homepage = "https://gitlab.com/sequoia-pgp/sequoia-wot";
license = licenses.gpl2Only;
maintainers = with maintainers; [ Cryolitia ];
license = lib.licenses.gpl2Only;
maintainers = with lib.maintainers; [ doronbehar Cryolitia ];
mainProgram = "sq-wot";
};
}

4
pkgs/by-name/wa/wakatime-cli/package.nix
View File

@ -8,13 +8,13 @@
buildGoModule rec {
pname = "wakatime-cli";
version = "1.95.0";
version = "1.98.3";
src = fetchFromGitHub {
owner = "wakatime";
repo = "wakatime-cli";
rev = "v${version}";
hash = "sha256-dTT4+lvxB6WjDWdYznYBOs/cIa7mJudyN4P4TF67hRY=";
hash = "sha256-AoefP/hWdflCOjZtmKyjcjUfst3SXF+EHfJyPcACWPE=";
};
vendorHash = "sha256-+9zdEIaKQlLcBwFaY5Fe5mpHWQDqfV+j1TPmDkdRjyk=";

14
pkgs/desktops/lomiri/applications/lomiri-system-settings/default.nix
View File

@ -2,6 +2,7 @@
, lib
, fetchFromGitLab
, fetchpatch
, fetchpatch2
, gitUpdater
, testers
, accountsservice
@ -80,6 +81,12 @@ stdenv.mkDerivation (finalAttrs: {
url = "https://gitlab.com/ubports/development/core/lomiri-system-settings/-/commit/67d9e28ebab8bdb9473d5bf8da2b7573e6848fa2.patch";
hash = "sha256-pFWNne2UH3R5Fz9ayHvIpDXDQbXPs0k4b/oRg0fzi+s=";
})
(fetchpatch2 {
name = "0004-lomiri-system-settings-QOfono-namespace-change.patch";
url = "https://gitlab.com/ubports/development/core/lomiri-system-settings/-/commit/c0b5b007d77993fabdd95be5ccbbba5151f0f165.patch";
hash = "sha256-HB7qdlbY0AVG6X3hL3IHf0Z7rm1G0wfdqo5MXtY7bfE=";
})
] ++ [
./2000-Support-wrapping-for-Nixpkgs.patch
@ -94,6 +101,13 @@ stdenv.mkDerivation (finalAttrs: {
];
postPatch = ''
# Part of 0004-lomiri-system-settings-QOfono-namespace-change.patch, fetchpatch2 cannot handle rename-only changes
for unmovedThing in tests/mocks/MeeGo/QOfono/*; do
mv "$unmovedThing" "tests/mocks/QOfono/$(basename "$unmovedThing")"
done
rmdir tests/mocks/MeeGo/QOfono
rmdir tests/mocks/MeeGo
substituteInPlace CMakeLists.txt \
--replace-fail "\''${CMAKE_INSTALL_LIBDIR}/qt5/qml" "\''${CMAKE_INSTALL_PREFIX}/${qtbase.qtQmlPrefix}" \

4
pkgs/desktops/lomiri/applications/lomiri-system-settings/plugins/lomiri-system-settings-security-privacy.nix
View File

@ -33,6 +33,10 @@ stdenv.mkDerivation (finalAttrs: {
substituteInPlace CMakeLists.txt \
--replace-fail "pkg_get_variable($pcvarname LomiriSystemSettings $pcvar)" "set($pcvarname $(pkg-config LomiriSystemSettings --define-variable=prefix=$out --define-variable=libdir=$out/lib --variable=$pcvar))"
done
# Compatibility with newer libqofono
substituteInPlace plugins/security-privacy/{Ofono,PageComponent,SimPin}.qml \
--replace-fail 'import MeeGo.QOfono' 'import QOfono'
'';
strictDeps = true;

15
pkgs/desktops/lomiri/applications/lomiri/default.nix
View File

@ -116,6 +116,14 @@ stdenv.mkDerivation (finalAttrs: {
hash = "sha256-guq/Ykcq4WcuXxNKO1eA4sJFyGSpZo0gtyFTdeK/GeE=";
})
# fetchpatch2 for renames
# Remove when version > 0.2.1
(fetchpatch2 {
name = "1010-lomiri-QOfono-namespace.patch";
url = "https://gitlab.com/ubports/development/core/lomiri/-/commit/d0397dadb5f05097f916c5b39e6d9b95d4ab9e4d.patch";
hash = "sha256-wIkHlz2vYxF9eeH/sYYEdD9f8m4ylHEXXnX/DFG3HXg=";
})
./9901-lomiri-Disable-Wizard.patch
./9902-lomiri-Check-NIXOS_XKB_LAYOUTS.patch
];
@ -126,6 +134,13 @@ stdenv.mkDerivation (finalAttrs: {
--replace-fail '@CMAKE_INSTALL_FULL_BINDIR@/lomiri-greeter-wrapper @CMAKE_INSTALL_FULL_BINDIR@/lomiri --mode=greeter' '@CMAKE_INSTALL_FULL_BINDIR@/lomiri --mode=greeter' \
--replace-fail 'X-LightDM-Session-Type=mir' 'X-LightDM-Session-Type=wayland'
# Part of QOfono namespace patch, fetchpatch2 cannot handle rename-only changes
for unmovedThing in tests/mocks/MeeGo/QOfono/*; do
mv "$unmovedThing" "tests/mocks/QOfono/$(basename "$unmovedThing")"
done
rmdir tests/mocks/MeeGo/QOfono
rmdir tests/mocks/MeeGo
# Need to replace prefix
substituteInPlace data/systemd-user/CMakeLists.txt \
--replace-fail 'pkg_get_variable(SYSTEMD_USERUNITDIR systemd systemduserunitdir)' 'pkg_get_variable(SYSTEMD_USERUNITDIR systemd systemduserunitdir DEFINE_VARIABLES prefix=''${CMAKE_INSTALL_PREFIX})'

2
pkgs/desktops/lomiri/applications/morph-browser/default.nix
View File

@ -63,7 +63,7 @@ stdenv.mkDerivation (finalAttrs: {
substituteInPlace src/app/webbrowser/morph-browser.desktop.in.in \
--replace 'Icon=@CMAKE_INSTALL_FULL_DATADIR@/morph-browser/morph-browser.svg' 'Icon=/run/current-system/sw/share/icons/hicolor/scalable/apps/morph-browser.svg' \
--replace 'X-Lomiri-Splash-Image=@CMAKE_INSTALL_FULL_DATADIR@/morph-browser/morph-browser-splash.svg' 'X-Lomiri-Splash-Image=lomiri-app-launch/splash/morph-browser.svg'
'' + lib.optionalString (!finalAttrs.doCheck) ''
'' + lib.optionalString (!finalAttrs.finalPackage.doCheck) ''
substituteInPlace CMakeLists.txt \
--replace 'add_subdirectory(tests)' ""
'';

2
pkgs/desktops/lomiri/development/trust-store/default.nix
View File

@ -49,7 +49,7 @@ stdenv.mkDerivation (finalAttrs: {
substituteInPlace src/core/trust/terminal_agent.h \
--replace-fail '/bin/whiptail' '${lib.getExe' newt "whiptail"}'
'' + lib.optionalString (!finalAttrs.doCheck) ''
'' + lib.optionalString (!finalAttrs.finalPackage.doCheck) ''
substituteInPlace CMakeLists.txt \
--replace-fail 'add_subdirectory(tests)' ""
'';

2
pkgs/desktops/lomiri/development/u1db-qt/default.nix
View File

@ -48,7 +48,7 @@ stdenv.mkDerivation (finalAttrs: {
# For our automatic pkg-config output patcher to work, prefix must be used here
substituteInPlace libu1db-qt.pc.in \
--replace-fail 'libdir=''${exec_prefix}/lib' 'libdir=''${prefix}/lib'
'' + lib.optionalString (!finalAttrs.doCheck) ''
'' + lib.optionalString (!finalAttrs.finalPackage.doCheck) ''
# Other locations add dependencies to custom check target from tests
substituteInPlace CMakeLists.txt \
--replace-fail 'add_subdirectory(tests)' 'add_custom_target(check COMMAND "echo check dummy")'

2
pkgs/desktops/lomiri/qml/lomiri-settings-components/default.nix
View File

@ -26,7 +26,7 @@ stdenv.mkDerivation (finalAttrs: {
substituteInPlace CMakeLists.txt \
--replace "\''${CMAKE_INSTALL_LIBDIR}/qt5/qml" '${placeholder "out"}/${qtbase.qtQmlPrefix}'
'' + lib.optionalString (!finalAttrs.doCheck) ''
'' + lib.optionalString (!finalAttrs.finalPackage.doCheck) ''
sed -i CMakeLists.txt \
-e '/add_subdirectory(tests)/d'
'';

2
pkgs/desktops/lomiri/services/biometryd/default.nix
View File

@ -48,7 +48,7 @@ stdenv.mkDerivation (finalAttrs: {
substituteInPlace data/biometryd.pc.in \
--replace-fail 'libdir=''${exec_prefix}' 'libdir=''${prefix}' \
--replace-fail 'includedir=''${exec_prefix}' 'includedir=''${prefix}' \
'' + lib.optionalString (!finalAttrs.doCheck) ''
'' + lib.optionalString (!finalAttrs.finalPackage.doCheck) ''
sed -i -e '/add_subdirectory(tests)/d' CMakeLists.txt
'';

2
pkgs/desktops/lomiri/services/lomiri-indicator-network/default.nix
View File

@ -96,7 +96,7 @@ stdenv.mkDerivation (finalAttrs: {
cmakeFlags = [
(lib.cmakeBool "GSETTINGS_LOCALINSTALL" true)
(lib.cmakeBool "GSETTINGS_COMPILE" true)
(lib.cmakeBool "ENABLE_TESTS" finalAttrs.doCheck)
(lib.cmakeBool "ENABLE_TESTS" finalAttrs.finalPackage.doCheck)
(lib.cmakeBool "ENABLE_UBUNTU_COMPAT" true) # just in case something needs it
(lib.cmakeBool "BUILD_DOC" true) # lacks QML docs, needs qdoc: https://github.com/NixOS/nixpkgs/pull/245379
];

2
pkgs/desktops/lomiri/services/lomiri-thumbnailer/default.nix
View File

@ -124,7 +124,7 @@ stdenv.mkDerivation (finalAttrs: {
doxygen
gdk-pixbuf # setup hook
pkg-config
(python3.withPackages (ps: with ps; lib.optionals finalAttrs.doCheck [
(python3.withPackages (ps: with ps; lib.optionals finalAttrs.finalPackage.doCheck [
python-dbusmock
tornado
]))

2
pkgs/desktops/lomiri/services/mediascanner2/default.nix
View File

@ -86,7 +86,7 @@ stdenv.mkDerivation (finalAttrs: {
];
cmakeFlags = [
"-DENABLE_TESTS=${lib.boolToString finalAttrs.doCheck}"
"-DENABLE_TESTS=${lib.boolToString finalAttrs.finalPackage.doCheck}"
];
doCheck = stdenv.buildPlatform.canExecute stdenv.hostPlatform;

4
pkgs/desktops/pantheon/artwork/elementary-gtk-theme/default.nix
View File

@ -11,13 +11,13 @@
stdenvNoCC.mkDerivation rec {
pname = "elementary-gtk-theme";
version = "8.0.0";
version = "8.1.0";
src = fetchFromGitHub {
owner = "elementary";
repo = "stylesheet";
rev = version;
sha256 = "sha256-O0Zu/ZxVANfWKcCkOF7jeJa3oG1ut56px7jeFK7LdKA=";
sha256 = "sha256-ZhqgvTbZN0lVAZ1nWy/Pvg7EdMYZIn8B5h1nmWo5E8E=";
};
nativeBuildInputs = [

25
pkgs/development/compilers/corretto/19.nix
View File

@ -1,25 +0,0 @@
{ fetchFromGitHub
, gradle_7
, jdk19
, lib
, stdenv
, rsync
, runCommand
, testers
}:
let
corretto = import ./mk-corretto.nix rec {
inherit lib stdenv rsync runCommand testers;
jdk = jdk19;
gradle = gradle_7;
version = "19.0.2.7.1";
src = fetchFromGitHub {
owner = "corretto";
repo = "corretto-19";
rev = version;
sha256 = "sha256-mEj/MIbdXU0+fF5RhqjPuSeyclstesGaXB0e48YlKuw=";
};
};
in
corretto

2
pkgs/development/compilers/ligo/default.nix
View File

@ -24,6 +24,8 @@ ocamlPackages.buildDunePackage rec {
fetchSubmodules = true;
};
patches = [ ./make-compatible-with-linol-0_6.patch ];
# The build picks this up for ligo --version
LIGO_VERSION = version;

13
pkgs/development/compilers/ligo/make-compatible-with-linol-0_6.patch Normal file
View File

@ -0,0 +1,13 @@
diff --git a/src/bin/cli.ml b/src/bin/cli.ml
index 36ee98cbec..960bfc85a0 100644
--- a/src/bin/cli.ml
+++ b/src/bin/cli.ml
@@ -3537,7 +3537,7 @@ module Lsp_server = struct
~session_id
~skip_analytics
in
- let server = Linol_lwt.Jsonrpc2.create_stdio (s :> Linol_lwt.Jsonrpc2.server) in
+ let server = Linol_lwt.Jsonrpc2.create_stdio ~env:() (s :> Linol_lwt.Jsonrpc2.server) in
let shutdown () = Poly.(s#get_status = `ReceivedExit) in
let task = Linol_lwt.Jsonrpc2.run ~shutdown server in
let analytics_job =

191
pkgs/development/compilers/openjdk/18.nix
View File

@ -1,191 +0,0 @@
{ stdenv, lib, fetchurl, fetchpatch, fetchFromGitHub, bash, pkg-config, autoconf, cpio
, file, which, unzip, zip, perl, cups, freetype, harfbuzz, alsa-lib, libjpeg, giflib
, libpng, zlib, lcms2, libX11, libICE, libXrender, libXext, libXt, libXtst
, libXi, libXinerama, libXcursor, libXrandr, fontconfig, openjdk18-bootstrap
, setJavaClassPath
, headless ? false
, enableJavaFX ? false, openjfx
, enableGtk ? true, gtk3, glib
}:
let
version = {
feature = "18";
interim = ".0.2.1";
build = "1";
};
# when building a headless jdk, also bootstrap it with a headless jdk
openjdk-bootstrap = openjdk18-bootstrap.override { gtkSupport = !headless; };
openjdk = stdenv.mkDerivation {
pname = "openjdk" + lib.optionalString headless "-headless";
version = "${version.feature}${version.interim}+${version.build}";
src = fetchFromGitHub {
owner = "openjdk";
repo = "jdk${version.feature}u";
rev = "jdk-${version.feature}${version.interim}+${version.build}";
sha256 = "sha256-L6dsN0kqWcfemM8LBg62qtHQdymwRQoV1ndc8r+0qn8=";
};
nativeBuildInputs = [ pkg-config autoconf unzip ];
buildInputs = [
cpio file which zip perl zlib cups freetype harfbuzz alsa-lib libjpeg giflib
libpng zlib lcms2 libX11 libICE libXrender libXext libXtst libXt libXtst
libXi libXinerama libXcursor libXrandr fontconfig openjdk-bootstrap
] ++ lib.optionals (!headless && enableGtk) [
gtk3 glib
];
patches = [
./fix-java-home-jdk10.patch
./read-truststore-from-env-jdk10.patch
./currency-date-range-jdk10.patch
./increase-javadoc-heap-jdk13.patch
./ignore-LegalNoticeFilePlugin-jdk18.patch
# -Wformat etc. are stricter in newer gccs, per
# https://gcc.gnu.org/bugzilla/show_bug.cgi?id=79677
# so grab the work-around from
# https://src.fedoraproject.org/rpms/java-openjdk/pull-request/24
(fetchurl {
url = "https://src.fedoraproject.org/rpms/java-openjdk/raw/06c001c7d87f2e9fe4fedeef2d993bcd5d7afa2a/f/rh1673833-remove_removal_of_wformat_during_test_compilation.patch";
sha256 = "082lmc30x64x583vqq00c8y0wqih3y4r0mp1c4bqq36l22qv6b6r";
})
# Patch borrowed from Alpine to fix build errors with musl libc and recent gcc.
# This is applied anywhere to prevent patchrot.
(fetchpatch {
url = "https://git.alpinelinux.org/aports/plain/testing/openjdk18/FixNullPtrCast.patch?id=b93d1fc37fcf106144958d957bb97c7db67bd41f";
hash = "sha256-nvO8RcmKwMcPdzq28mZ4If1XJ6FQ76CYWqRIozPCk5U=";
})
] ++ lib.optionals (!headless && enableGtk) [
./swing-use-gtk-jdk13.patch
];
postPatch = ''
chmod +x configure
patchShebangs --build configure
'';
# JDK's build system attempts to specifically detect
# and special-case WSL, and we don't want it to do that,
# so pass the correct platform names explicitly
configurePlatforms = ["build" "host"];
configureFlags = [
"--with-boot-jdk=${openjdk-bootstrap.home}"
"--with-version-build=${version.build}"
"--with-version-opt=nixos"
"--with-version-pre="
"--enable-unlimited-crypto"
"--with-native-debug-symbols=internal"
"--with-freetype=system"
"--with-harfbuzz=system"
"--with-libjpeg=system"
"--with-giflib=system"
"--with-libpng=system"
"--with-zlib=system"
"--with-lcms=system"
"--with-stdc++lib=dynamic"
] ++ lib.optional headless "--enable-headless-only"
++ lib.optional (!headless && enableJavaFX) "--with-import-modules=${openjfx}";
separateDebugInfo = true;
env.NIX_CFLAGS_COMPILE = "-Wno-error";
NIX_LDFLAGS = toString (lib.optionals (!headless) [
"-lfontconfig" "-lcups" "-lXinerama" "-lXrandr" "-lmagic"
] ++ lib.optionals (!headless && enableGtk) [
"-lgtk-3" "-lgio-2.0"
]);
# -j flag is explicitly rejected by the build system:
# Error: 'make -jN' is not supported, use 'make JOBS=N'
# Note: it does not make build sequential. Build system
# still runs in parallel.
enableParallelBuilding = false;
buildFlags = [ "images" ];
postBuild = ''
cd build/linux*
make images
cd -
'';
installPhase = ''
mkdir -p $out/lib
mv build/*/images/jdk $out/lib/openjdk
# Remove some broken manpages.
rm -rf $out/lib/openjdk/man/ja*
# Mirror some stuff in top-level.
mkdir -p $out/share
ln -s $out/lib/openjdk/include $out/include
ln -s $out/lib/openjdk/man $out/share/man
# IDEs use the provided src.zip to navigate the Java codebase (https://github.com/NixOS/nixpkgs/pull/95081)
ln -s $out/lib/openjdk/lib/src.zip $out/lib/src.zip
# jni.h expects jni_md.h to be in the header search path.
ln -s $out/include/linux/*_md.h $out/include/
# Remove crap from the installation.
rm -rf $out/lib/openjdk/demo
${lib.optionalString headless ''
rm $out/lib/openjdk/lib/{libjsound,libfontmanager}.so
''}
ln -s $out/lib/openjdk/bin $out/bin
'';
preFixup = ''
# Propagate the setJavaClassPath setup hook so that any package
# that depends on the JDK has $CLASSPATH set up properly.
mkdir -p $out/nix-support
#TODO or printWords? cf https://github.com/NixOS/nixpkgs/pull/27427#issuecomment-317293040
echo -n "${setJavaClassPath}" > $out/nix-support/propagated-build-inputs
# Set JAVA_HOME automatically.
mkdir -p $out/nix-support
cat <<EOF > $out/nix-support/setup-hook
if [ -z "\''${JAVA_HOME-}" ]; then export JAVA_HOME=$out/lib/openjdk; fi
EOF
'';
postFixup = ''
# Build the set of output library directories to rpath against
LIBDIRS=""
for output in $(getAllOutputNames); do
if [ "$output" = debug ]; then continue; fi
LIBDIRS="$(find $(eval echo \$$output) -name \*.so\* -exec dirname {} \+ | sort -u | tr '\n' ':'):$LIBDIRS"
done
# Add the local library paths to remove dependencies on the bootstrap
for output in $(getAllOutputNames); do
if [ "$output" = debug ]; then continue; fi
OUTPUTDIR=$(eval echo \$$output)
BINLIBS=$(find $OUTPUTDIR/bin/ -type f; find $OUTPUTDIR -name \*.so\*)
echo "$BINLIBS" | while read i; do
patchelf --set-rpath "$LIBDIRS:$(patchelf --print-rpath "$i")" "$i" || true
patchelf --shrink-rpath "$i" || true
done
done
'';
disallowedReferences = [ openjdk-bootstrap ];
pos = builtins.unsafeGetAttrPos "feature" version;
meta = import ./meta.nix lib version.feature;
passthru = {
architecture = "";
home = "${openjdk}/lib/openjdk";
inherit gtk3;
};
};
in openjdk

203
pkgs/development/compilers/openjdk/19.nix
View File

@ -1,203 +0,0 @@
{ stdenv, lib, fetchurl, fetchpatch, fetchFromGitHub, bash, pkg-config, autoconf, cpio
, file, which, unzip, zip, perl, cups, freetype, alsa-lib, libjpeg, giflib
, libpng, zlib, lcms2, libX11, libICE, libXrender, libXext, libXt, libXtst
, libXi, libXinerama, libXcursor, libXrandr, fontconfig, openjdk19-bootstrap
, ensureNewerSourcesForZipFilesHook
, setJavaClassPath
# TODO(@sternenseemann): gtk3 fails to evaluate in pkgsCross.ghcjs.buildPackages
# which should be fixable, this is a no-rebuild workaround for GHC.
, headless ? stdenv.targetPlatform.isGhcjs
, enableJavaFX ? false, openjfx
, enableGtk ? true, gtk3, glib
}:
let
version = {
feature = "19";
interim = "-ga";
build = "";
};
# when building a headless jdk, also bootstrap it with a headless jdk
openjdk-bootstrap = openjdk19-bootstrap.override { gtkSupport = !headless; };
openjdk = stdenv.mkDerivation {
pname = "openjdk" + lib.optionalString headless "-headless";
version = "${version.feature}${version.interim}";
# version = "${version.feature}${version.interim}+${version.build}";
src = fetchFromGitHub {
owner = "openjdk";
repo = "jdk${version.feature}u";
rev = "jdk-${version.feature}${version.interim}";
# rev = "jdk-${version.feature}${version.interim}+${version.build}";
hash = "sha256-XbYTku/nWF+maBvYz2rJYIUBEgOmqICKjk9wufHqyj0=";
};
nativeBuildInputs = [ pkg-config autoconf unzip ensureNewerSourcesForZipFilesHook ];
buildInputs = [
cpio file which zip perl zlib cups freetype alsa-lib libjpeg giflib
libpng zlib lcms2 libX11 libICE libXrender libXext libXtst libXt libXtst
libXi libXinerama libXcursor libXrandr fontconfig openjdk-bootstrap
] ++ lib.optionals (!headless && enableGtk) [
gtk3 glib
];
patches = [
./fix-java-home-jdk10.patch
./read-truststore-from-env-jdk10.patch
./currency-date-range-jdk10.patch
./increase-javadoc-heap-jdk13.patch
./ignore-LegalNoticeFilePlugin-jdk18.patch
# -Wformat etc. are stricter in newer gccs, per
# https://gcc.gnu.org/bugzilla/show_bug.cgi?id=79677
# so grab the work-around from
# https://src.fedoraproject.org/rpms/java-openjdk/pull-request/24
(fetchurl {
url = "https://src.fedoraproject.org/rpms/java-openjdk/raw/06c001c7d87f2e9fe4fedeef2d993bcd5d7afa2a/f/rh1673833-remove_removal_of_wformat_during_test_compilation.patch";
sha256 = "082lmc30x64x583vqq00c8y0wqih3y4r0mp1c4bqq36l22qv6b6r";
})
# Patch borrowed from Alpine to fix build errors with musl libc and recent gcc.
# This is applied anywhere to prevent patchrot.
(fetchpatch {
url = "https://git.alpinelinux.org/aports/plain/testing/openjdk19/FixNullPtrCast.patch?id=93dc07f97ff716b647c5f57c6224901ea06da560";
hash = "sha256-H4X3Yip5bCpXMH7MSu9BgXIOYRVUBMZPZW8EvZSWI5k=";
})
# Fix build for gnumake-4.4.1:
# https://github.com/openjdk/jdk/pull/12992
(fetchpatch {
name = "gnumake-4.4.1";
url = "https://github.com/openjdk/jdk/commit/9341d135b855cc208d48e47d30cd90aafa354c36.patch";
hash = "sha256-Qcm3ZmGCOYLZcskNjj7DYR85R4v07vYvvavrVOYL8vg=";
})
] ++ lib.optionals (!headless && enableGtk) [
./swing-use-gtk-jdk13.patch
];
postPatch = ''
chmod +x configure
patchShebangs --build configure
'';
# JDK's build system attempts to specifically detect
# and special-case WSL, and we don't want it to do that,
# so pass the correct platform names explicitly
configurePlatforms = ["build" "host"];
configureFlags = [
"--with-boot-jdk=${openjdk-bootstrap.home}"
"--with-version-build=${version.build}"
"--with-version-opt=nixos"
"--with-version-pre="
"--enable-unlimited-crypto"
"--with-native-debug-symbols=internal"
"--with-libjpeg=system"
"--with-giflib=system"
"--with-libpng=system"
"--with-zlib=system"
"--with-lcms=system"
"--with-stdc++lib=dynamic"
]
++ lib.optionals stdenv.cc.isClang [
"--with-toolchain-type=clang"
# Explicitly tell Clang to compile C++ files as C++, see
# https://github.com/NixOS/nixpkgs/issues/150655#issuecomment-1935304859
"--with-extra-cxxflags=-xc++"
]
++ lib.optional headless "--enable-headless-only"
++ lib.optional (!headless && enableJavaFX) "--with-import-modules=${openjfx}";
separateDebugInfo = true;
env.NIX_CFLAGS_COMPILE = "-Wno-error";
NIX_LDFLAGS = toString (lib.optionals (!headless) [
"-lfontconfig" "-lcups" "-lXinerama" "-lXrandr" "-lmagic"
] ++ lib.optionals (!headless && enableGtk) [
"-lgtk-3" "-lgio-2.0"
]);
# -j flag is explicitly rejected by the build system:
# Error: 'make -jN' is not supported, use 'make JOBS=N'
# Note: it does not make build sequential. Build system
# still runs in parallel.
enableParallelBuilding = false;
buildFlags = [ "images" ];
installPhase = ''
mkdir -p $out/lib
mv build/*/images/jdk $out/lib/openjdk
# Remove some broken manpages.
rm -rf $out/lib/openjdk/man/ja*
# Mirror some stuff in top-level.
mkdir -p $out/share
ln -s $out/lib/openjdk/include $out/include
ln -s $out/lib/openjdk/man $out/share/man
# IDEs use the provided src.zip to navigate the Java codebase (https://github.com/NixOS/nixpkgs/pull/95081)
ln -s $out/lib/openjdk/lib/src.zip $out/lib/src.zip
# jni.h expects jni_md.h to be in the header search path.
ln -s $out/include/linux/*_md.h $out/include/
# Remove crap from the installation.
rm -rf $out/lib/openjdk/demo
${lib.optionalString headless ''
rm $out/lib/openjdk/lib/{libjsound,libfontmanager}.so
''}
ln -s $out/lib/openjdk/bin $out/bin
'';
preFixup = ''
# Propagate the setJavaClassPath setup hook so that any package
# that depends on the JDK has $CLASSPATH set up properly.
mkdir -p $out/nix-support
#TODO or printWords? cf https://github.com/NixOS/nixpkgs/pull/27427#issuecomment-317293040
echo -n "${setJavaClassPath}" > $out/nix-support/propagated-build-inputs
# Set JAVA_HOME automatically.
mkdir -p $out/nix-support
cat <<EOF > $out/nix-support/setup-hook
if [ -z "\''${JAVA_HOME-}" ]; then export JAVA_HOME=$out/lib/openjdk; fi
EOF
'';
postFixup = ''
# Build the set of output library directories to rpath against
LIBDIRS=""
for output in $(getAllOutputNames); do
if [ "$output" = debug ]; then continue; fi
LIBDIRS="$(find $(eval echo \$$output) -name \*.so\* -exec dirname {} \+ | sort -u | tr '\n' ':'):$LIBDIRS"
done
# Add the local library paths to remove dependencies on the bootstrap
for output in $(getAllOutputNames); do
if [ "$output" = debug ]; then continue; fi
OUTPUTDIR=$(eval echo \$$output)
BINLIBS=$(find $OUTPUTDIR/bin/ -type f; find $OUTPUTDIR -name \*.so\*)
echo "$BINLIBS" | while read i; do
patchelf --set-rpath "$LIBDIRS:$(patchelf --print-rpath "$i")" "$i" || true
patchelf --shrink-rpath "$i" || true
done
done
'';
disallowedReferences = [ openjdk-bootstrap ];
pos = builtins.unsafeGetAttrPos "feature" version;
meta = import ./meta.nix lib version.feature;
passthru = {
architecture = "";
home = "${openjdk}/lib/openjdk";
inherit gtk3;
};
};
in openjdk

201
pkgs/development/compilers/openjdk/20.nix
View File

@ -1,201 +0,0 @@
{ stdenv, lib, fetchurl, fetchpatch, fetchFromGitHub, bash, pkg-config, autoconf, cpio
, file, which, unzip, zip, perl, cups, freetype, alsa-lib, libjpeg, giflib
, libpng, zlib, lcms2, libX11, libICE, libXrender, libXext, libXt, libXtst
, libXi, libXinerama, libXcursor, libXrandr, fontconfig, openjdk20-bootstrap
, ensureNewerSourcesForZipFilesHook
, setJavaClassPath
# TODO(@sternenseemann): gtk3 fails to evaluate in pkgsCross.ghcjs.buildPackages
# which should be fixable, this is a no-rebuild workaround for GHC.
, headless ? stdenv.targetPlatform.isGhcjs
, enableJavaFX ? false, openjfx
, enableGtk ? true, gtk3, glib
}:
let
version = {
feature = "20";
interim = ".0.2";
build = "9";
};
# when building a headless jdk, also bootstrap it with a headless jdk
openjdk-bootstrap = openjdk20-bootstrap.override { gtkSupport = !headless; };
openjdk = stdenv.mkDerivation {
pname = "openjdk" + lib.optionalString headless "-headless";
version = "${version.feature}${version.interim}+${version.build}";
src = fetchFromGitHub {
owner = "openjdk";
repo = "jdk${version.feature}u";
rev = "jdk-${version.feature}${version.interim}+${version.build}";
hash = "sha256-CZH2JwR+MrkTlLdcVYuFRB3McdrM0A+1YaSjNpjYwak=";
};
nativeBuildInputs = [ pkg-config autoconf unzip ensureNewerSourcesForZipFilesHook ];
buildInputs = [
cpio file which zip perl zlib cups freetype alsa-lib libjpeg giflib
libpng zlib lcms2 libX11 libICE libXrender libXext libXtst libXt libXtst
libXi libXinerama libXcursor libXrandr fontconfig openjdk-bootstrap
] ++ lib.optionals (!headless && enableGtk) [
gtk3 glib
];
patches = [
./fix-java-home-jdk10.patch
./read-truststore-from-env-jdk10.patch
./currency-date-range-jdk10.patch
./increase-javadoc-heap-jdk13.patch
./ignore-LegalNoticeFilePlugin-jdk18.patch
# -Wformat etc. are stricter in newer gccs, per
# https://gcc.gnu.org/bugzilla/show_bug.cgi?id=79677
# so grab the work-around from
# https://src.fedoraproject.org/rpms/java-openjdk/pull-request/24
(fetchurl {
url = "https://src.fedoraproject.org/rpms/java-openjdk/raw/06c001c7d87f2e9fe4fedeef2d993bcd5d7afa2a/f/rh1673833-remove_removal_of_wformat_during_test_compilation.patch";
sha256 = "082lmc30x64x583vqq00c8y0wqih3y4r0mp1c4bqq36l22qv6b6r";
})
# Patch borrowed from Alpine to fix build errors with musl libc and recent gcc.
# This is applied anywhere to prevent patchrot.
(fetchpatch {
url = "https://git.alpinelinux.org/aports/plain/testing/openjdk19/FixNullPtrCast.patch?id=93dc07f97ff716b647c5f57c6224901ea06da560";
hash = "sha256-H4X3Yip5bCpXMH7MSu9BgXIOYRVUBMZPZW8EvZSWI5k=";
})
# Fix build for gnumake-4.4.1:
# https://github.com/openjdk/jdk/pull/12992
(fetchpatch {
name = "gnumake-4.4.1";
url = "https://github.com/openjdk/jdk/commit/9341d135b855cc208d48e47d30cd90aafa354c36.patch";
hash = "sha256-Qcm3ZmGCOYLZcskNjj7DYR85R4v07vYvvavrVOYL8vg=";
})
] ++ lib.optionals (!headless && enableGtk) [
./swing-use-gtk-jdk13.patch
];
postPatch = ''
chmod +x configure
patchShebangs --build configure
'';
# JDK's build system attempts to specifically detect
# and special-case WSL, and we don't want it to do that,
# so pass the correct platform names explicitly
configurePlatforms = ["build" "host"];
configureFlags = [
"--with-boot-jdk=${openjdk-bootstrap.home}"
"--with-version-build=${version.build}"
"--with-version-opt=nixos"
"--with-version-pre="
"--enable-unlimited-crypto"
"--with-native-debug-symbols=internal"
"--with-libjpeg=system"
"--with-giflib=system"
"--with-libpng=system"
"--with-zlib=system"
"--with-lcms=system"
"--with-stdc++lib=dynamic"
]
++ lib.optionals stdenv.cc.isClang [
"--with-toolchain-type=clang"
# Explicitly tell Clang to compile C++ files as C++, see
# https://github.com/NixOS/nixpkgs/issues/150655#issuecomment-1935304859
"--with-extra-cxxflags=-xc++"
]
++ lib.optional headless "--enable-headless-only"
++ lib.optional (!headless && enableJavaFX) "--with-import-modules=${openjfx}";
separateDebugInfo = true;
env.NIX_CFLAGS_COMPILE = "-Wno-error";
NIX_LDFLAGS = toString (lib.optionals (!headless) [
"-lfontconfig" "-lcups" "-lXinerama" "-lXrandr" "-lmagic"
] ++ lib.optionals (!headless && enableGtk) [
"-lgtk-3" "-lgio-2.0"
]);
# -j flag is explicitly rejected by the build system:
# Error: 'make -jN' is not supported, use 'make JOBS=N'
# Note: it does not make build sequential. Build system
# still runs in parallel.
enableParallelBuilding = false;
buildFlags = [ "images" ];
installPhase = ''
mkdir -p $out/lib
mv build/*/images/jdk $out/lib/openjdk
# Remove some broken manpages.
rm -rf $out/lib/openjdk/man/ja*
# Mirror some stuff in top-level.
mkdir -p $out/share
ln -s $out/lib/openjdk/include $out/include
ln -s $out/lib/openjdk/man $out/share/man
# IDEs use the provided src.zip to navigate the Java codebase (https://github.com/NixOS/nixpkgs/pull/95081)
ln -s $out/lib/openjdk/lib/src.zip $out/lib/src.zip
# jni.h expects jni_md.h to be in the header search path.
ln -s $out/include/linux/*_md.h $out/include/
# Remove crap from the installation.
rm -rf $out/lib/openjdk/demo
${lib.optionalString headless ''
rm $out/lib/openjdk/lib/{libjsound,libfontmanager}.so
''}
ln -s $out/lib/openjdk/bin $out/bin
'';
preFixup = ''
# Propagate the setJavaClassPath setup hook so that any package
# that depends on the JDK has $CLASSPATH set up properly.
mkdir -p $out/nix-support
#TODO or printWords? cf https://github.com/NixOS/nixpkgs/pull/27427#issuecomment-317293040
echo -n "${setJavaClassPath}" > $out/nix-support/propagated-build-inputs
# Set JAVA_HOME automatically.
mkdir -p $out/nix-support
cat <<EOF > $out/nix-support/setup-hook
if [ -z "\''${JAVA_HOME-}" ]; then export JAVA_HOME=$out/lib/openjdk; fi
EOF
'';
postFixup = ''
# Build the set of output library directories to rpath against
LIBDIRS=""
for output in $(getAllOutputNames); do
if [ "$output" = debug ]; then continue; fi
LIBDIRS="$(find $(eval echo \$$output) -name \*.so\* -exec dirname {} \+ | sort -u | tr '\n' ':'):$LIBDIRS"
done
# Add the local library paths to remove dependencies on the bootstrap
for output in $(getAllOutputNames); do
if [ "$output" = debug ]; then continue; fi
OUTPUTDIR=$(eval echo \$$output)
BINLIBS=$(find $OUTPUTDIR/bin/ -type f; find $OUTPUTDIR -name \*.so\*)
echo "$BINLIBS" | while read i; do
patchelf --set-rpath "$LIBDIRS:$(patchelf --print-rpath "$i")" "$i" || true
patchelf --shrink-rpath "$i" || true
done
done
'';
disallowedReferences = [ openjdk-bootstrap ];
pos = builtins.unsafeGetAttrPos "feature" version;
meta = import ./meta.nix lib version.feature;
passthru = {
architecture = "";
home = "${openjdk}/lib/openjdk";
inherit gtk3;
};
};
in openjdk

8
pkgs/development/compilers/openjdk/openjfx/11/default.nix
View File

@ -1,5 +1,5 @@
{ stdenv, lib, pkgs, fetchFromGitHub, writeText, gradle_7, pkg-config, perl, cmake
, gperf, gtk2, gtk3, libXtst, libXxf86vm, glib, alsa-lib, ffmpeg_4-headless, python3, ruby
, gperf, gtk2, gtk3, libXtst, libXxf86vm, glib, alsa-lib, ffmpeg_6-headless, python3, ruby
, openjdk11-bootstrap
, withMedia ? true
, withWebKit ? false
@ -25,7 +25,11 @@ in stdenv.mkDerivation {
sha256 = "sha256-BbBP2DiPZTSn1SBYMCgyiNdF9GD+NqR6YjeVNOQHHn4=";
};
buildInputs = [ gtk2 gtk3 libXtst libXxf86vm glib alsa-lib ffmpeg_4-headless ];
patches = [
../backport-ffmpeg-6-support-jfx11.patch
];
buildInputs = [ gtk2 gtk3 libXtst libXxf86vm glib alsa-lib ffmpeg_6-headless ];
nativeBuildInputs = [ gradle perl pkg-config cmake gperf python3 ruby ];
dontUseCmakeConfigure = true;

94
pkgs/development/compilers/openjdk/openjfx/15/default.nix
View File

@ -1,94 +0,0 @@
{ stdenv, lib, pkgs, fetchFromGitHub, writeText, openjdk11_headless, gradle_6
, pkg-config, perl, cmake, gperf, gtk2, gtk3, libXtst, libXxf86vm, glib, alsa-lib
, ffmpeg_4-headless, python3, ruby
, withMedia ? true
, withWebKit ? false
}:
let
pname = "openjfx-modular-sdk";
major = "15";
update = ".0.1";
build = "+1";
repover = "${major}${update}${build}";
jdk = openjdk11_headless;
gradle = gradle_6;
in stdenv.mkDerivation {
inherit pname;
version = "${major}${update}${build}";
src = fetchFromGitHub {
owner = "openjdk";
repo = "jfx";
rev = repover;
sha256 = "019glq8rhn6amy3n5jc17vi2wpf1pxpmmywvyz1ga8n09w7xscq1";
};
buildInputs = [ gtk2 gtk3 libXtst libXxf86vm glib alsa-lib ffmpeg_4-headless ];
nativeBuildInputs = [ gradle perl pkg-config cmake gperf python3 ruby ];
dontUseCmakeConfigure = true;
config = writeText "gradle.properties" ''
CONF = Release
JDK_HOME = ${jdk.home}
COMPILE_MEDIA = ${lib.boolToString withMedia}
COMPILE_WEBKIT = ${lib.boolToString withWebKit}
'';
postPatch = ''
ln -s $config gradle.properties
'';
mitmCache = gradle.fetchDeps {
attrPath = "openjfx${major}";
pkg = pkgs."openjfx${major}".override { withWebKit = true; };
data = ./deps.json;
};
__darwinAllowLocalNetworking = true;
preBuild = ''
export NUMBER_OF_PROCESSORS=$NIX_BUILD_CORES
export NIX_CFLAGS_COMPILE="$(pkg-config --cflags glib-2.0) $NIX_CFLAGS_COMPILE"
# avoids errors about deprecation of GTypeDebugFlags, GTimeVal, etc.
export NIX_CFLAGS_COMPILE="-DGLIB_DISABLE_DEPRECATION_WARNINGS $NIX_CFLAGS_COMPILE"
# gstreamer workaround for -fno-common toolchains:
# ld: gsttypefindelement.o:(.bss._gst_disable_registry_cache+0x0): multiple definition of
# `_gst_disable_registry_cache'; gst.o:(.bss._gst_disable_registry_cache+0x0): first defined here
export NIX_CFLAGS_COMPILE="-fcommon $NIX_CFLAGS_COMPILE"
'';
enableParallelBuilding = false;
gradleBuildTask = "sdk";
installPhase = ''
cp -r build/modular-sdk $out
'';
stripDebugList = [ "." ];
postFixup = ''
# Remove references to bootstrap.
export openjdkOutPath='${jdk.outPath}'
find "$out" -name \*.so | while read lib; do
new_refs="$(patchelf --print-rpath "$lib" | perl -pe 's,:?\Q$ENV{openjdkOutPath}\E[^:]*,,')"
patchelf --set-rpath "$new_refs" "$lib"
done
'';
disallowedReferences = [ jdk gradle.jdk ];
meta = with lib; {
homepage = "http://openjdk.java.net/projects/openjfx/";
license = licenses.gpl2;
description = "Next-generation Java client toolkit";
maintainers = with maintainers; [ abbradar ];
knownVulnerabilities = [
"This OpenJFX version has reached its end of life."
];
platforms = [ "x86_64-linux" ];
};
}

92
pkgs/development/compilers/openjdk/openjfx/15/deps.json generated
View File

@ -1,92 +0,0 @@
{
"!comment": "This is a nixpkgs Gradle dependency lockfile. For more details, refer to the Gradle section in the nixpkgs manual.",
"!version": 1,
"https://download.eclipse.org": {
"eclipse/updates/4.6/R-4.6.3-201703010400/plugins/org.eclipse.swt.gtk.linux.x86_64_3.105.3.v20170228-0512": {
"jar": "sha256-qWM1HV97griQxJlOFY2AVV2uOLAK87jXPzh1wh/zmLw="
}
},
"https://repo.maven.apache.org/maven2": {
"com/ibm/icu#icu4j/61.1": {
"jar": "sha256-VcmOsYOLKku5oH3Da9N4Uy1k0M3LfO7pFCNoZqfeRGQ=",
"pom": "sha256-E7h6QHnOsFUVsZrHoVIDlHB1YB1JQj9xk1ikmACYBWs="
},
"junit#junit/4.8.2": {
"jar": "sha256-oqosO7K3LadsPmpxUx8e79w1BJSBm68rHYDXFG4CD54=",
"pom": "sha256-3znTTR9YMLLYqSeQxmtXmDWLCz4BRS3IWzciqIGtkj4="
},
"net/java#jvnet-parent/3": {
"pom": "sha256-MPV4nvo53b+WCVqto/wSYMRWH68vcUaGcXyy3FBJR1o="
},
"org/abego/treelayout#org.abego.treelayout.core/1.0.3": {
"jar": "sha256-+l4xOVw5wufUasoPgfcgYJMWB7L6Qb02A46yy2+5MyY=",
"pom": "sha256-o7KyI3lDcDVeeSQzrwEvyZNmfAMxviusrYTbwJrOSgw="
},
"org/antlr#ST4/4.1": {
"jar": "sha256-ixzK7Z7cVc0lXZwZxNjaR1bZtvy0NWcSkrQ0cLFtddg=",
"pom": "sha256-cz5r2XyjTMbfk6QkPlEeVnPLm4jHSxiETgQqRdUWmHw="
},
"org/antlr#antlr-master/3.5.2": {
"pom": "sha256-QtkaUx6lEA6wm1QaoALDuQjo8oK9c7bi9S83HvEzG9Y="
},
"org/antlr#antlr-runtime/3.5.2": {
"jar": "sha256-zj/I7LEPOemjzdy7LONQ0nLZzT0LHhjm/nPDuTichzQ=",
"pom": "sha256-RqnCIAu4sSvXEkqnpQl/9JCZkIMpyFGgTLIFFCCqfyU="
},
"org/antlr#antlr4-master/4.7.2": {
"pom": "sha256-upnLJdI5DzhoDHUChCoO4JWdHmQD4BPM/2mP1YVu6tE="
},
"org/antlr#antlr4-runtime/4.7.2": {
"jar": "sha256-TFGLh9S9/4tEzYy8GvgW6US2Kj/luAt4FQHPH0dZu8Q=",
"pom": "sha256-3AnLqYwl08BuSuxRaIXUw68DBiulX0/mKD/JzxdqYPs="
},
"org/antlr#antlr4/4.7.2": {
"pom": "sha256-z56zaUD6xEiBA4wb4/LFjgbmjRq/v9SmjTS72LrFV3E="
},
"org/antlr#antlr4/4.7.2/complete": {
"jar": "sha256-aFI4bXl17/KRcdrgAswiMlFRDTXyka4neUjzgaezgLQ="
},
"org/apache#apache/13": {
"pom": "sha256-/1E9sDYf1BI3vvR4SWi8FarkeNTsCpSW+BEHLMrzhB0="
},
"org/apache/lucene#lucene-core/7.7.2": {
"jar": "sha256-gUOKydZ4BQxUbSqEEsxyg6XSD9hcNxQhhEfHWBZZT10=",
"pom": "sha256-MPuqRu1exVS+3nILqReeEqTnQVHh+IaSBJbYREuwVZE="
},
"org/apache/lucene#lucene-grouping/7.7.2": {
"jar": "sha256-nKhrWw/YSbq50xpk7RvP8cdTGrHP1z/E/tJDBmX7rUo=",
"pom": "sha256-UezgO9APIm2uObABf5OZPPfXbSju8LQl+MzborrBs3w="
},
"org/apache/lucene#lucene-parent/7.7.2": {
"pom": "sha256-fXiTJSgZw4Sx0lvUA6Go85DYUF+VQOHigRcZymjP7zQ="
},
"org/apache/lucene#lucene-queries/7.7.2": {
"jar": "sha256-n8XsO17OwtKV0/xM+Dc5LfuWntYegaMr0/3SH4DbfHk=",
"pom": "sha256-D4rAB9QDQb6gD3/s7m1Ewu7ZXQTi66KEf2CBJJLOcoQ="
},
"org/apache/lucene#lucene-queryparser/7.7.2": {
"jar": "sha256-v9lKUL8FAf0H5prk9J28FJzjaUoFZrsWTXxui+VeK9Q=",
"pom": "sha256-DmVV70KT9yjEqJhOuuNUK+N7KThK/gcQjPy+R/AS3Us="
},
"org/apache/lucene#lucene-sandbox/7.7.2": {
"jar": "sha256-dqY72JMAjr7tJJeePyUIXIkJ/0vEEv33iAJfntoKvhE=",
"pom": "sha256-zwJCiBB2rdYRwEPZZPtrduPRnAQn7/r/Qhc6ZQ+Bk5s="
},
"org/apache/lucene#lucene-solr-grandparent/7.7.2": {
"pom": "sha256-a0oZeEo3uKoSdf5mCEZKHZvSlLVv6WgRIgfkDEKETqc="
},
"org/glassfish#javax.json/1.0.4": {
"jar": "sha256-Dh3sQKHt6WWUElHtqWiu7gUsxPUDeLwxbMSOgVm9vrQ=",
"pom": "sha256-a6+Dg/+pi2bqls1b/B7H8teUY7uYrJgFKWSxIcIhLVQ="
},
"org/glassfish#json/1.0.4": {
"pom": "sha256-bXxoQjEV+SFxjZRPhZkktMaFIX7AOkn3BFWossqpcuY="
},
"org/sonatype/oss#oss-parent/7": {
"pom": "sha256-tR+IZ8kranIkmVV/w6H96ne9+e9XRyL+kM5DailVlFQ="
},
"org/sonatype/oss#oss-parent/9": {
"pom": "sha256-+0AmX5glSCEv+C42LllzKyGH7G8NgBgohcFO8fmCgno="
}
}
}

8
pkgs/development/compilers/openjdk/openjfx/17/default.nix
View File

@ -1,6 +1,6 @@
{ stdenv, lib, pkgs, fetchFromGitHub, writeText, openjdk17_headless, gradle_7
, pkg-config, perl, cmake, gperf, gtk2, gtk3, libXtst, libXxf86vm, glib, alsa-lib
, ffmpeg_4-headless, python3, ruby
, ffmpeg_6-headless, python3, ruby
, withMedia ? true
, withWebKit ? false
}:
@ -25,7 +25,11 @@ in stdenv.mkDerivation {
sha256 = "sha256-9VfXk2EfMebMyVKPohPRP2QXRFf8XemUtfY0JtBCHyw=";
};
buildInputs = [ gtk2 gtk3 libXtst libXxf86vm glib alsa-lib ffmpeg_4-headless ];
patches = [
../backport-ffmpeg-6-support-jfx11.patch
];
buildInputs = [ gtk2 gtk3 libXtst libXxf86vm glib alsa-lib ffmpeg_6-headless ];
nativeBuildInputs = [ gradle perl pkg-config cmake gperf python3 ruby ];
dontUseCmakeConfigure = true;

106
pkgs/development/compilers/openjdk/openjfx/19/default.nix
View File

@ -1,106 +0,0 @@
{ stdenv, lib, pkgs, fetchFromGitHub, fetchpatch, writeText
, openjdk19_headless, gradle_7, pkg-config, perl, cmake, gperf, gtk2, gtk3, libXtst
, libXxf86vm, glib, alsa-lib, ffmpeg_4, python3, ruby
, withMedia ? true
, withWebKit ? false
}:
let
pname = "openjfx-modular-sdk";
major = "19";
update = ".0.2.1";
build = "+1";
repover = "${major}${update}${build}";
jdk = openjdk19_headless;
gradle = gradle_7;
in stdenv.mkDerivation {
inherit pname;
version = "${major}${update}${build}";
src = fetchFromGitHub {
owner = "openjdk";
repo = "jfx";
rev = repover;
hash = "sha256-A08GhCGpzWlUG1+f6mcjvkJmMNaOReacQKPEmNpUvLs=";
};
patches = [
# 8295962: Reference to State in Task.java is ambiguous when building with JDK 19
(fetchpatch {
url = "https://github.com/openjdk/jfx/pull/933/commits/cfaee2a52350eff39dd4352484c892716076d3de.patch";
hash = "sha256-hzJMenhvtmHs/6BJj8GfaLp14myV8VCXCLLC8n32yEw=";
})
# ditto
(fetchpatch {
url = "https://github.com/openjdk/jfx/pull/933/commits/bd46ce12df0a93a56fe0d58d3653d08e58409b7f.patch";
hash = "sha256-o9908uw9vYvULmAh/lbfyHhgxz6jpgPq2fcAltWsYoU=";
})
];
buildInputs = [ gtk2 gtk3 libXtst libXxf86vm glib alsa-lib ffmpeg_4 ];
nativeBuildInputs = [ gradle perl pkg-config cmake gperf python3 ruby ];
dontUseCmakeConfigure = true;
config = writeText "gradle.properties" ''
CONF = Release
JDK_HOME = ${jdk.home}
COMPILE_MEDIA = ${lib.boolToString withMedia}
COMPILE_WEBKIT = ${lib.boolToString withWebKit}
'';
postPatch = ''
# Add missing includes for gcc-13 for webkit build:
sed -e '1i #include <cstdio>' \
-i modules/javafx.web/src/main/native/Source/bmalloc/bmalloc/Heap.cpp \
modules/javafx.web/src/main/native/Source/bmalloc/bmalloc/IsoSharedPageInlines.h
ln -s $config gradle.properties
'';
mitmCache = gradle.fetchDeps {
attrPath = "openjfx${major}";
pkg = pkgs."openjfx${major}".override { withWebKit = true; };
data = ./deps.json;
};
__darwinAllowLocalNetworking = true;
preBuild = ''
export NUMBER_OF_PROCESSORS=$NIX_BUILD_CORES
export NIX_CFLAGS_COMPILE="$(pkg-config --cflags glib-2.0) $NIX_CFLAGS_COMPILE"
'';
enableParallelBuilding = false;
gradleBuildTask = "sdk";
installPhase = ''
cp -r build/modular-sdk $out
'';
stripDebugList = [ "." ];
postFixup = ''
# Remove references to bootstrap.
export openjdkOutPath='${jdk.outPath}'
find "$out" -name \*.so | while read lib; do
new_refs="$(patchelf --print-rpath "$lib" | perl -pe 's,:?\Q$ENV{openjdkOutPath}\E[^:]*,,')"
patchelf --set-rpath "$new_refs" "$lib"
done
'';
disallowedReferences = [ jdk gradle.jdk ];
meta = with lib; {
homepage = "https://openjdk.org/projects/openjfx/";
license = licenses.gpl2Classpath;
description = "Next-generation Java client toolkit";
maintainers = with maintainers; [ abbradar ];
platforms = platforms.unix;
knownVulnerabilities = [
"This OpenJFX version has reached its end of life."
];
};
}

152
pkgs/development/compilers/openjdk/openjfx/19/deps.json generated
View File

@ -1,152 +0,0 @@
{
"!comment": "This is a nixpkgs Gradle dependency lockfile. For more details, refer to the Gradle section in the nixpkgs manual.",
"!version": 1,
"https://download.eclipse.org": {
"eclipse/updates/4.6/R-4.6.3-201703010400/plugins/org.eclipse.swt.gtk.linux.x86_64_3.105.3.v20170228-0512": {
"jar": "sha256-qWM1HV97griQxJlOFY2AVV2uOLAK87jXPzh1wh/zmLw="
}
},
"https://github.com": {
"unicode-org/icu/releases/download/release-68-2/icu4c-68.2-data-bin-l": {
"zip": "sha256-ieQCLBTNrskuf8j3IUQS3QLIAQzLom/O58muMP363Lw="
}
},
"https://repo.maven.apache.org/maven2": {
"com/ibm/icu#icu4j/61.1": {
"jar": "sha256-VcmOsYOLKku5oH3Da9N4Uy1k0M3LfO7pFCNoZqfeRGQ=",
"pom": "sha256-E7h6QHnOsFUVsZrHoVIDlHB1YB1JQj9xk1ikmACYBWs="
},
"junit#junit/4.13.2": {
"jar": "sha256-jklbY0Rp1k+4rPo0laBly6zIoP/1XOHjEAe+TBbcV9M=",
"pom": "sha256-Vptpd+5GA8llwcRsMFj6bpaSkbAWDraWTdCSzYnq3ZQ="
},
"net/java#jvnet-parent/3": {
"pom": "sha256-MPV4nvo53b+WCVqto/wSYMRWH68vcUaGcXyy3FBJR1o="
},
"org/abego/treelayout#org.abego.treelayout.core/1.0.3": {
"jar": "sha256-+l4xOVw5wufUasoPgfcgYJMWB7L6Qb02A46yy2+5MyY=",
"pom": "sha256-o7KyI3lDcDVeeSQzrwEvyZNmfAMxviusrYTbwJrOSgw="
},
"org/antlr#ST4/4.1": {
"jar": "sha256-ixzK7Z7cVc0lXZwZxNjaR1bZtvy0NWcSkrQ0cLFtddg=",
"pom": "sha256-cz5r2XyjTMbfk6QkPlEeVnPLm4jHSxiETgQqRdUWmHw="
},
"org/antlr#antlr-master/3.5.2": {
"pom": "sha256-QtkaUx6lEA6wm1QaoALDuQjo8oK9c7bi9S83HvEzG9Y="
},
"org/antlr#antlr-runtime/3.5.2": {
"jar": "sha256-zj/I7LEPOemjzdy7LONQ0nLZzT0LHhjm/nPDuTichzQ=",
"pom": "sha256-RqnCIAu4sSvXEkqnpQl/9JCZkIMpyFGgTLIFFCCqfyU="
},
"org/antlr#antlr4-master/4.7.2": {
"pom": "sha256-upnLJdI5DzhoDHUChCoO4JWdHmQD4BPM/2mP1YVu6tE="
},
"org/antlr#antlr4-runtime/4.7.2": {
"jar": "sha256-TFGLh9S9/4tEzYy8GvgW6US2Kj/luAt4FQHPH0dZu8Q=",
"pom": "sha256-3AnLqYwl08BuSuxRaIXUw68DBiulX0/mKD/JzxdqYPs="
},
"org/antlr#antlr4/4.7.2": {
"pom": "sha256-z56zaUD6xEiBA4wb4/LFjgbmjRq/v9SmjTS72LrFV3E="
},
"org/antlr#antlr4/4.7.2/complete": {
"jar": "sha256-aFI4bXl17/KRcdrgAswiMlFRDTXyka4neUjzgaezgLQ="
},
"org/apache#apache/13": {
"pom": "sha256-/1E9sDYf1BI3vvR4SWi8FarkeNTsCpSW+BEHLMrzhB0="
},
"org/apache/lucene#lucene-core/7.7.3": {
"jar": "sha256-jrAzNcGjxqixiN9012G6qDVplTWCq0QLU0yIRJ6o4N4=",
"pom": "sha256-gvilIoHGyLp5dKy6rESzLXbiYAgvP0u+FlwPbkuJFCo="
},
"org/apache/lucene#lucene-grouping/7.7.3": {
"jar": "sha256-L1vNY7JXQ9MMMTmGIk0Qf3XFKThxSVQlNRDFfT9nvrg=",
"pom": "sha256-HwStk+IETUCP2SXu4K6ktKHvjAdXe0Jme7U2BgKCImU="
},
"org/apache/lucene#lucene-parent/7.7.3": {
"pom": "sha256-6PrdU9XwBMQN3SNdQ4ZI5yxyVZn+4VQ+ViTV+1AQcwU="
},
"org/apache/lucene#lucene-queries/7.7.3": {
"jar": "sha256-PLWS2wpulWnGrMvbiKmtex2nQo28p5Ia0cWlhl1bQiY=",
"pom": "sha256-rkBsiiuw12SllERCefRiihl2vQlB551CzmTgmHxYnFA="
},
"org/apache/lucene#lucene-queryparser/7.7.3": {
"jar": "sha256-F3XJ/o7dlobTt6ZHd4+kTqqW8cwMSZMVCHEz4amDnoQ=",
"pom": "sha256-z2klkhWscjC5+tYKXInKDp9bm6rM7dFGlY/76Q9OsNI="
},
"org/apache/lucene#lucene-sandbox/7.7.3": {
"jar": "sha256-VfG38J2uKwytMhw00Vw8/FmgIRviM/Yp0EbEK/FwErc=",
"pom": "sha256-1vbdxsz1xvymRH1HD1BJ4WN6xje/HbWuDV8WaP34EiI="
},
"org/apache/lucene#lucene-solr-grandparent/7.7.3": {
"pom": "sha256-Oig3WAynavNq99/i3B0zT8b/XybRDySJnbd3CtfP2f4="
},
"org/apiguardian#apiguardian-api/1.1.2": {
"jar": "sha256-tQlEisUG1gcxnxglN/CzXXEAdYLsdBgyofER5bW3Czg=",
"module": "sha256-4IAoExN1s1fR0oc06aT7QhbahLJAZByz7358fWKCI/w=",
"pom": "sha256-MjVQgdEJCVw9XTdNWkO09MG3XVSemD71ByPidy5TAqA="
},
"org/glassfish#javax.json/1.0.4": {
"jar": "sha256-Dh3sQKHt6WWUElHtqWiu7gUsxPUDeLwxbMSOgVm9vrQ=",
"pom": "sha256-a6+Dg/+pi2bqls1b/B7H8teUY7uYrJgFKWSxIcIhLVQ="
},
"org/glassfish#json/1.0.4": {
"pom": "sha256-bXxoQjEV+SFxjZRPhZkktMaFIX7AOkn3BFWossqpcuY="
},
"org/hamcrest#hamcrest-core/1.3": {
"jar": "sha256-Zv3vkelzk0jfeglqo4SlaF9Oh1WEzOiThqekclHE2Ok=",
"pom": "sha256-/eOGp5BRc6GxA95quCBydYS1DQ4yKC4nl3h8IKZP+pM="
},
"org/hamcrest#hamcrest-parent/1.3": {
"pom": "sha256-bVNflO+2Y722gsnyelAzU5RogAlkK6epZ3UEvBvkEps="
},
"org/junit#junit-bom/5.8.1": {
"module": "sha256-a4LLpSoTSxPBmC8M+WIsbUhTcdQLmJJG8xJOOwpbGFQ=",
"pom": "sha256-733Ef45KFoZPR3lyjofteFOYGeT7iSdoqdprjvkD+GM="
},
"org/junit/jupiter#junit-jupiter-api/5.8.1": {
"jar": "sha256-zjN0p++6YF4tK2mj/vkBNAMrqz7MPthXmkhxscLEcpw=",
"module": "sha256-DWnbwja33Kq0ynNpqlYOmwqbvvf5WIgv+0hTPLunwJ0=",
"pom": "sha256-d61+1KYwutH8h0agpuZ1wj+2lAsnq2LMyzTk/Pz+Ob8="
},
"org/junit/jupiter#junit-jupiter-engine/5.8.1": {
"jar": "sha256-Rom8kCJVoZ/pgndoO6MjHAlNEHxUyNNfK2+cl9ImQY4=",
"module": "sha256-aHkP7DP5ew7IQM9HrEDuDHLgVvEiyg88ZkZ0M0mTdpk=",
"pom": "sha256-qjIKMYpyceMyYsSA/POZZbmobap2Zm63dTQrgOnN1F4="
},
"org/junit/jupiter#junit-jupiter-params/5.8.1": {
"jar": "sha256-OJuNE6jYhy/L1PDrp7LEavxihBn5obKjqfkyQaBqchg=",
"module": "sha256-Ek1gPG2AMzZtjKRxY2tEbji5zBvQEPMpVCNYGHr6hl4=",
"pom": "sha256-OrrKWfvfJTMg9yRCwQPjnOQDjcEf6MSJ28ScwjoHHws="
},
"org/junit/jupiter#junit-jupiter/5.8.1": {
"jar": "sha256-jxBJ7iSzShC2DNgQBICZ94HCZYzeIYHoMUlqswqYKYU=",
"module": "sha256-LjS6TIWMOM0KNlr//syTKnGWzpOF4utUBZQuWBwV/1w=",
"pom": "sha256-rssFDSMtOT9Az/EfjMMPUrZslQpB+IOSXIEULt7l9PU="
},
"org/junit/platform#junit-platform-commons/1.8.1": {
"jar": "sha256-+k+mjIvVTdDLScP8vpsuQvTaa+2+fnzPKgXxoeYJtZM=",
"module": "sha256-aY/QVBrLfv/GZZhI/Qx91QEKSfFfDBy6Q+U1gH+Q9ms=",
"pom": "sha256-4ZcoLlLnANEriJie3FSJh0aTUC5KqJB6zwgpgBq6bUQ="
},
"org/junit/platform#junit-platform-engine/1.8.1": {
"jar": "sha256-cCho7X6GubRnLt4PHhhekFusqa+rV3RqfGUL48e8oEc=",
"module": "sha256-2fQgpkU5o+32D4DfDG/XIrdQcldEx5ykD30lrlbKS6Q=",
"pom": "sha256-hqrU5ld1TkOgDfIm3VTIrsHsarZTP1ASGQfkZi3i5fI="
},
"org/junit/vintage#junit-vintage-engine/5.8.1": {
"jar": "sha256-F2tTzRvb+SM+lsiwx6nluGQoL7veukO1zq/e2ymkkVY=",
"module": "sha256-nOn6Lk7mp0DWEBAlMEYqcc4PqdLxQYUi5LK9tgcvZ5o=",
"pom": "sha256-Ndc3M08dvouMVnZ/oVCKwbVEsB1P5cmXl76QA+5YGxI="
},
"org/opentest4j#opentest4j/1.2.0": {
"jar": "sha256-WIEt5giY2Xb7ge87YtoFxmBMGP1KJJ9QRCgkefwoavI=",
"pom": "sha256-qW5nGBbB/4gDvex0ySQfAlvfsnfaXStO4CJmQFk2+ZQ="
},
"org/sonatype/oss#oss-parent/7": {
"pom": "sha256-tR+IZ8kranIkmVV/w6H96ne9+e9XRyL+kM5DailVlFQ="
},
"org/sonatype/oss#oss-parent/9": {
"pom": "sha256-+0AmX5glSCEv+C42LllzKyGH7G8NgBgohcFO8fmCgno="
}
}
}

93
pkgs/development/compilers/openjdk/openjfx/20/default.nix
View File

@ -1,93 +0,0 @@
{ stdenv, lib, pkgs, fetchFromGitHub, writeText
, openjdk20_headless, gradle_7, pkg-config, perl, cmake, gperf, gtk2, gtk3, libXtst
, libXxf86vm, glib, alsa-lib, ffmpeg_4, python3, ruby
, withMedia ? true
, withWebKit ? false
}:
let
pname = "openjfx-modular-sdk";
major = "20";
update = ".0.2";
build = "-ga";
repover = "${major}${update}${build}";
jdk = openjdk20_headless;
gradle = gradle_7;
in stdenv.mkDerivation {
inherit pname;
version = "${major}${update}${build}";
src = fetchFromGitHub {
owner = "openjdk";
repo = "jfx20u";
rev = repover;
hash = "sha256-3Hhz4i8fPU2yowb4roylCXzuO9HkW7ZWF9TMA3HIH9o=";
};
buildInputs = [ gtk2 gtk3 libXtst libXxf86vm glib alsa-lib ffmpeg_4 ];
nativeBuildInputs = [ gradle perl pkg-config cmake gperf python3 ruby ];
dontUseCmakeConfigure = true;
config = writeText "gradle.properties" ''
CONF = Release
JDK_HOME = ${jdk.home}
COMPILE_MEDIA = ${lib.boolToString withMedia}
COMPILE_WEBKIT = ${lib.boolToString withWebKit}
'';
postPatch = ''
# Add missing includes for gcc-13 for webkit build:
sed -e '1i #include <cstdio>' \
-i modules/javafx.web/src/main/native/Source/bmalloc/bmalloc/Heap.cpp \
modules/javafx.web/src/main/native/Source/bmalloc/bmalloc/IsoSharedPageInlines.h
ln -s $config gradle.properties
'';
mitmCache = gradle.fetchDeps {
attrPath = "openjfx${major}";
pkg = pkgs."openjfx${major}".override { withWebKit = true; };
data = ./deps.json;
};
__darwinAllowLocalNetworking = true;
preBuild = ''
export NUMBER_OF_PROCESSORS=$NIX_BUILD_CORES
export NIX_CFLAGS_COMPILE="$(pkg-config --cflags glib-2.0) $NIX_CFLAGS_COMPILE"
'';
enableParallelBuilding = false;
gradleBuildTask = "sdk";
installPhase = ''
cp -r build/modular-sdk $out
'';
stripDebugList = [ "." ];
postFixup = ''
# Remove references to bootstrap.
export openjdkOutPath='${jdk.outPath}'
find "$out" -name \*.so | while read lib; do
new_refs="$(patchelf --print-rpath "$lib" | perl -pe 's,:?\Q$ENV{openjdkOutPath}\E[^:]*,,')"
patchelf --set-rpath "$new_refs" "$lib"
done
'';
disallowedReferences = [ jdk gradle.jdk ];
meta = with lib; {
homepage = "https://openjdk.org/projects/openjfx/";
license = licenses.gpl2Classpath;
description = "Next-generation Java client toolkit";
maintainers = with maintainers; [ abbradar ];
platforms = platforms.unix;
knownVulnerabilities = [
"This OpenJFX version has reached its end of life."
];
};
}

152
pkgs/development/compilers/openjdk/openjfx/20/deps.json generated
View File

@ -1,152 +0,0 @@
{
"!comment": "This is a nixpkgs Gradle dependency lockfile. For more details, refer to the Gradle section in the nixpkgs manual.",
"!version": 1,
"https://download.eclipse.org": {
"eclipse/updates/4.6/R-4.6.3-201703010400/plugins/org.eclipse.swt.gtk.linux.x86_64_3.105.3.v20170228-0512": {
"jar": "sha256-qWM1HV97griQxJlOFY2AVV2uOLAK87jXPzh1wh/zmLw="
}
},
"https://github.com": {
"unicode-org/icu/releases/download/release-71-1/icu4c-71_1-data-bin-l": {
"zip": "sha256-pVWIy0BkICsthA5mxhR9SJQHleMNnaEcGl/AaLi5qZM="
}
},
"https://repo.maven.apache.org/maven2": {
"com/ibm/icu#icu4j/61.1": {
"jar": "sha256-VcmOsYOLKku5oH3Da9N4Uy1k0M3LfO7pFCNoZqfeRGQ=",
"pom": "sha256-E7h6QHnOsFUVsZrHoVIDlHB1YB1JQj9xk1ikmACYBWs="
},
"junit#junit/4.13.2": {
"jar": "sha256-jklbY0Rp1k+4rPo0laBly6zIoP/1XOHjEAe+TBbcV9M=",
"pom": "sha256-Vptpd+5GA8llwcRsMFj6bpaSkbAWDraWTdCSzYnq3ZQ="
},
"net/java#jvnet-parent/3": {
"pom": "sha256-MPV4nvo53b+WCVqto/wSYMRWH68vcUaGcXyy3FBJR1o="
},
"org/abego/treelayout#org.abego.treelayout.core/1.0.3": {
"jar": "sha256-+l4xOVw5wufUasoPgfcgYJMWB7L6Qb02A46yy2+5MyY=",
"pom": "sha256-o7KyI3lDcDVeeSQzrwEvyZNmfAMxviusrYTbwJrOSgw="
},
"org/antlr#ST4/4.1": {
"jar": "sha256-ixzK7Z7cVc0lXZwZxNjaR1bZtvy0NWcSkrQ0cLFtddg=",
"pom": "sha256-cz5r2XyjTMbfk6QkPlEeVnPLm4jHSxiETgQqRdUWmHw="
},
"org/antlr#antlr-master/3.5.2": {
"pom": "sha256-QtkaUx6lEA6wm1QaoALDuQjo8oK9c7bi9S83HvEzG9Y="
},
"org/antlr#antlr-runtime/3.5.2": {
"jar": "sha256-zj/I7LEPOemjzdy7LONQ0nLZzT0LHhjm/nPDuTichzQ=",
"pom": "sha256-RqnCIAu4sSvXEkqnpQl/9JCZkIMpyFGgTLIFFCCqfyU="
},
"org/antlr#antlr4-master/4.7.2": {
"pom": "sha256-upnLJdI5DzhoDHUChCoO4JWdHmQD4BPM/2mP1YVu6tE="
},
"org/antlr#antlr4-runtime/4.7.2": {
"jar": "sha256-TFGLh9S9/4tEzYy8GvgW6US2Kj/luAt4FQHPH0dZu8Q=",
"pom": "sha256-3AnLqYwl08BuSuxRaIXUw68DBiulX0/mKD/JzxdqYPs="
},
"org/antlr#antlr4/4.7.2": {
"pom": "sha256-z56zaUD6xEiBA4wb4/LFjgbmjRq/v9SmjTS72LrFV3E="
},
"org/antlr#antlr4/4.7.2/complete": {
"jar": "sha256-aFI4bXl17/KRcdrgAswiMlFRDTXyka4neUjzgaezgLQ="
},
"org/apache#apache/13": {
"pom": "sha256-/1E9sDYf1BI3vvR4SWi8FarkeNTsCpSW+BEHLMrzhB0="
},
"org/apache/lucene#lucene-core/7.7.3": {
"jar": "sha256-jrAzNcGjxqixiN9012G6qDVplTWCq0QLU0yIRJ6o4N4=",
"pom": "sha256-gvilIoHGyLp5dKy6rESzLXbiYAgvP0u+FlwPbkuJFCo="
},
"org/apache/lucene#lucene-grouping/7.7.3": {
"jar": "sha256-L1vNY7JXQ9MMMTmGIk0Qf3XFKThxSVQlNRDFfT9nvrg=",
"pom": "sha256-HwStk+IETUCP2SXu4K6ktKHvjAdXe0Jme7U2BgKCImU="
},
"org/apache/lucene#lucene-parent/7.7.3": {
"pom": "sha256-6PrdU9XwBMQN3SNdQ4ZI5yxyVZn+4VQ+ViTV+1AQcwU="
},
"org/apache/lucene#lucene-queries/7.7.3": {
"jar": "sha256-PLWS2wpulWnGrMvbiKmtex2nQo28p5Ia0cWlhl1bQiY=",
"pom": "sha256-rkBsiiuw12SllERCefRiihl2vQlB551CzmTgmHxYnFA="
},
"org/apache/lucene#lucene-queryparser/7.7.3": {
"jar": "sha256-F3XJ/o7dlobTt6ZHd4+kTqqW8cwMSZMVCHEz4amDnoQ=",
"pom": "sha256-z2klkhWscjC5+tYKXInKDp9bm6rM7dFGlY/76Q9OsNI="
},
"org/apache/lucene#lucene-sandbox/7.7.3": {
"jar": "sha256-VfG38J2uKwytMhw00Vw8/FmgIRviM/Yp0EbEK/FwErc=",
"pom": "sha256-1vbdxsz1xvymRH1HD1BJ4WN6xje/HbWuDV8WaP34EiI="
},
"org/apache/lucene#lucene-solr-grandparent/7.7.3": {
"pom": "sha256-Oig3WAynavNq99/i3B0zT8b/XybRDySJnbd3CtfP2f4="
},
"org/apiguardian#apiguardian-api/1.1.2": {
"jar": "sha256-tQlEisUG1gcxnxglN/CzXXEAdYLsdBgyofER5bW3Czg=",
"module": "sha256-4IAoExN1s1fR0oc06aT7QhbahLJAZByz7358fWKCI/w=",
"pom": "sha256-MjVQgdEJCVw9XTdNWkO09MG3XVSemD71ByPidy5TAqA="
},
"org/glassfish#javax.json/1.0.4": {
"jar": "sha256-Dh3sQKHt6WWUElHtqWiu7gUsxPUDeLwxbMSOgVm9vrQ=",
"pom": "sha256-a6+Dg/+pi2bqls1b/B7H8teUY7uYrJgFKWSxIcIhLVQ="
},
"org/glassfish#json/1.0.4": {
"pom": "sha256-bXxoQjEV+SFxjZRPhZkktMaFIX7AOkn3BFWossqpcuY="
},
"org/hamcrest#hamcrest-core/1.3": {
"jar": "sha256-Zv3vkelzk0jfeglqo4SlaF9Oh1WEzOiThqekclHE2Ok=",
"pom": "sha256-/eOGp5BRc6GxA95quCBydYS1DQ4yKC4nl3h8IKZP+pM="
},
"org/hamcrest#hamcrest-parent/1.3": {
"pom": "sha256-bVNflO+2Y722gsnyelAzU5RogAlkK6epZ3UEvBvkEps="
},
"org/junit#junit-bom/5.8.1": {
"module": "sha256-a4LLpSoTSxPBmC8M+WIsbUhTcdQLmJJG8xJOOwpbGFQ=",
"pom": "sha256-733Ef45KFoZPR3lyjofteFOYGeT7iSdoqdprjvkD+GM="
},
"org/junit/jupiter#junit-jupiter-api/5.8.1": {
"jar": "sha256-zjN0p++6YF4tK2mj/vkBNAMrqz7MPthXmkhxscLEcpw=",
"module": "sha256-DWnbwja33Kq0ynNpqlYOmwqbvvf5WIgv+0hTPLunwJ0=",
"pom": "sha256-d61+1KYwutH8h0agpuZ1wj+2lAsnq2LMyzTk/Pz+Ob8="
},
"org/junit/jupiter#junit-jupiter-engine/5.8.1": {
"jar": "sha256-Rom8kCJVoZ/pgndoO6MjHAlNEHxUyNNfK2+cl9ImQY4=",
"module": "sha256-aHkP7DP5ew7IQM9HrEDuDHLgVvEiyg88ZkZ0M0mTdpk=",
"pom": "sha256-qjIKMYpyceMyYsSA/POZZbmobap2Zm63dTQrgOnN1F4="
},
"org/junit/jupiter#junit-jupiter-params/5.8.1": {
"jar": "sha256-OJuNE6jYhy/L1PDrp7LEavxihBn5obKjqfkyQaBqchg=",
"module": "sha256-Ek1gPG2AMzZtjKRxY2tEbji5zBvQEPMpVCNYGHr6hl4=",
"pom": "sha256-OrrKWfvfJTMg9yRCwQPjnOQDjcEf6MSJ28ScwjoHHws="
},
"org/junit/jupiter#junit-jupiter/5.8.1": {
"jar": "sha256-jxBJ7iSzShC2DNgQBICZ94HCZYzeIYHoMUlqswqYKYU=",
"module": "sha256-LjS6TIWMOM0KNlr//syTKnGWzpOF4utUBZQuWBwV/1w=",
"pom": "sha256-rssFDSMtOT9Az/EfjMMPUrZslQpB+IOSXIEULt7l9PU="
},
"org/junit/platform#junit-platform-commons/1.8.1": {
"jar": "sha256-+k+mjIvVTdDLScP8vpsuQvTaa+2+fnzPKgXxoeYJtZM=",
"module": "sha256-aY/QVBrLfv/GZZhI/Qx91QEKSfFfDBy6Q+U1gH+Q9ms=",
"pom": "sha256-4ZcoLlLnANEriJie3FSJh0aTUC5KqJB6zwgpgBq6bUQ="
},
"org/junit/platform#junit-platform-engine/1.8.1": {
"jar": "sha256-cCho7X6GubRnLt4PHhhekFusqa+rV3RqfGUL48e8oEc=",
"module": "sha256-2fQgpkU5o+32D4DfDG/XIrdQcldEx5ykD30lrlbKS6Q=",
"pom": "sha256-hqrU5ld1TkOgDfIm3VTIrsHsarZTP1ASGQfkZi3i5fI="
},
"org/junit/vintage#junit-vintage-engine/5.8.1": {
"jar": "sha256-F2tTzRvb+SM+lsiwx6nluGQoL7veukO1zq/e2ymkkVY=",
"module": "sha256-nOn6Lk7mp0DWEBAlMEYqcc4PqdLxQYUi5LK9tgcvZ5o=",
"pom": "sha256-Ndc3M08dvouMVnZ/oVCKwbVEsB1P5cmXl76QA+5YGxI="
},
"org/opentest4j#opentest4j/1.2.0": {
"jar": "sha256-WIEt5giY2Xb7ge87YtoFxmBMGP1KJJ9QRCgkefwoavI=",
"pom": "sha256-qW5nGBbB/4gDvex0ySQfAlvfsnfaXStO4CJmQFk2+ZQ="
},
"org/sonatype/oss#oss-parent/7": {
"pom": "sha256-tR+IZ8kranIkmVV/w6H96ne9+e9XRyL+kM5DailVlFQ="
},
"org/sonatype/oss#oss-parent/9": {
"pom": "sha256-+0AmX5glSCEv+C42LllzKyGH7G8NgBgohcFO8fmCgno="
}
}
}

4
pkgs/development/compilers/openjdk/openjfx/21/default.nix
View File

@ -1,6 +1,6 @@
{ stdenv, lib, pkgs, fetchFromGitHub, writeText
, openjdk21_headless, gradle_7, pkg-config, perl, cmake, gperf, gtk2, gtk3, libXtst
, libXxf86vm, glib, alsa-lib, ffmpeg_4, python3, ruby
, libXxf86vm, glib, alsa-lib, ffmpeg_6, python3, ruby
, withMedia ? true
, withWebKit ? false
}:
@ -25,7 +25,7 @@ in stdenv.mkDerivation {
hash = "sha256-7z0GIbkQwG9mXY9dssaicqaKpMo3FkNEpyAvkswoQQ4=";
};
buildInputs = [ gtk2 gtk3 libXtst libXxf86vm glib alsa-lib ffmpeg_4 ];
buildInputs = [ gtk2 gtk3 libXtst libXxf86vm glib alsa-lib ffmpeg_6 ];
nativeBuildInputs = [ gradle perl pkg-config cmake gperf python3 ruby ];
dontUseCmakeConfigure = true;

4
pkgs/development/compilers/openjdk/openjfx/22/default.nix
View File

@ -15,7 +15,7 @@
, libXxf86vm
, glib
, alsa-lib
, ffmpeg_4
, ffmpeg_6
, python3
, ruby
, withMedia ? true
@ -41,7 +41,7 @@ in stdenv.mkDerivation {
hash = "sha256-VoEufSO+LciUCvoAM86MG1iMjCA3FSb60Ik4OP2Rk/Q=";
};
buildInputs = [ gtk2 gtk3 libXtst libXxf86vm glib alsa-lib ffmpeg_4 ];
buildInputs = [ gtk2 gtk3 libXtst libXxf86vm glib alsa-lib ffmpeg_6 ];
nativeBuildInputs = [ gradle perl pkg-config cmake gperf python3 ruby ];
dontUseCmakeConfigure = true;

70
pkgs/development/compilers/openjdk/openjfx/backport-ffmpeg-6-support-jfx11.patch Normal file
View File

@ -0,0 +1,70 @@
Backported from <https://github.com/openjdk/jfx/pull/1259>.
Original author: Alexander Matveev <alexander.matveev@oracle.com>
diff --git a/build.gradle b/build.gradle
index 82dc7a7fa9..d1ae3b401f 100644
--- a/build.gradle
+++ b/build.gradle
@@ -3342,6 +3342,7 @@
media name: "ffmpeg-3.3.3", ext: "tar.gz"
media name: "ffmpeg-4.0.2", ext: "tar.gz"
media name: "ffmpeg-5.1.2", ext: "tar.gz"
+ media name: "ffmpeg-6.0", ext: "tar.gz"
}
implementation project(":base")
implementation project(":graphics")
@@ -3484,7 +3485,7 @@
if (t.name == "linux") {
// Pre-defined command line arguments
def cfgCMDArgs = ["sh", "configure"]
- def commonCfgArgs = ["--enable-shared", "--disable-debug", "--disable-static", "--disable-yasm", "--disable-doc", "--disable-programs", "--disable-everything"]
+ def commonCfgArgs = ["--enable-shared", "--disable-debug", "--disable-static", "--disable-asm", "--disable-doc", "--disable-programs", "--disable-everything"]
def codecsCfgArgs = ["--enable-decoder=aac,mp3,mp3float,h264", "--enable-parser=aac,h264", "--enable-demuxer=aac,h264,mpegts,mpegtsraw"]
def copyLibAVStubs = {String fromDir, String toDir ->
@@ -3688,8 +3689,8 @@
doLast {
project.ext.libav = [:]
project.ext.libav.basedir = "${buildDir}/native/linux/ffmpeg"
- project.ext.libav.versions = [ "3.3.3", "4.0.2", "5.1.2" ]
- project.ext.libav.versionmap = [ "3.3.3" : "57", "4.0.2" : "58", "5.1.2" : "59" ]
+ project.ext.libav.versions = [ "3.3.3", "4.0.2", "5.1.2", "6.0" ]
+ project.ext.libav.versionmap = [ "3.3.3" : "57", "4.0.2" : "58", "5.1.2" : "59", "6.0" : "60" ]
libav.versions.each { version ->
def libavDir = "${libav.basedir}/ffmpeg-${version}"
@@ -3769,7 +3770,7 @@
project.ext.libav.libavffmpeg.versions = [ "56" ]
project.ext.libav.ffmpeg = [:]
project.ext.libav.ffmpeg.basedir = "${buildDir}/native/linux/ffmpeg/ffmpeg"
- project.ext.libav.ffmpeg.versions = [ "57", "58", "59" ]
+ project.ext.libav.ffmpeg.versions = [ "57", "58", "59", "60" ]
project.ext.libav.versions.each { version ->
def libavDir = "${project.ext.libav.basedir}-${version}"
diff --git a/modules/javafx.media/src/main/java/com/sun/media/jfxmediaimpl/NativeMediaManager.java b/modules/javafx.media/src/main/java/com/sun/media/jfxmediaimpl/NativeMediaManager.java
index 05f98ad3d1..b05bb68341 100644
--- a/modules/javafx.media/src/main/java/com/sun/media/jfxmediaimpl/NativeMediaManager.java
+++ b/modules/javafx.media/src/main/java/com/sun/media/jfxmediaimpl/NativeMediaManager.java
@@ -125,6 +125,7 @@
dependencies.add("avplugin-ffmpeg-57");
dependencies.add("avplugin-ffmpeg-58");
dependencies.add("avplugin-ffmpeg-59");
+ dependencies.add("avplugin-ffmpeg-60");
}
if (HostUtils.isMacOSX()) {
dependencies.add("fxplugins");
diff --git a/modules/javafx.media/src/main/native/gstreamer/gstreamer-lite/gstreamer/gst/gstregistry.c b/modules/javafx.media/src/main/native/gstreamer/gstreamer-lite/gstreamer/gst/gstregistry.c
index 9f67de9062..ee64e4bafd 100644
--- a/modules/javafx.media/src/main/native/gstreamer/gstreamer-lite/gstreamer/gst/gstregistry.c
+++ b/modules/javafx.media/src/main/native/gstreamer/gstreamer-lite/gstreamer/gst/gstregistry.c
@@ -146,7 +146,7 @@
// For ffmpeg (libavcodec-ffmpeg.so)
static const int AVCODEC_FFMPEG_EXPLICIT_VERSIONS[] = { 56 };
// For libav or ffmpeg (libavcodec.so)
-static const int AVCODEC_EXPLICIT_VERSIONS[] = { 57, 58, 59 };
+static const int AVCODEC_EXPLICIT_VERSIONS[] = { 57, 58, 59, 60 };
/*
* Callback passed to dl_iterate_phdr(): finds the path of

2
pkgs/development/compilers/semeru-bin/generate-sources.py
View File

@ -6,7 +6,7 @@ import re
import requests
import sys
feature_versions = (8, 11, 16, 17, 21)
feature_versions = (8, 11, 17, 21)
oses = ("mac", "linux")
types = ("jre", "jdk")
impls = ("openj9",)

4
pkgs/development/compilers/semeru-bin/jdk-darwin.nix
View File

@ -4,15 +4,13 @@ let
sources = (lib.importJSON ./sources.json).openj9.mac;
common = opts: callPackage (import ./jdk-darwin-base.nix opts) {};
EOL = [ "This JDK/JRE version has reached End of Life." ];
# EOL = [ "This JDK/JRE version has reached End of Life." ];
in
{
jdk-8 = common { sourcePerArch = sources.jdk.openjdk8; };
jre-8 = common { sourcePerArch = sources.jre.openjdk8; };
jdk-11 = common { sourcePerArch = sources.jdk.openjdk11; };
jre-11 = common { sourcePerArch = sources.jre.openjdk11; };
jdk-16 = common { sourcePerArch = sources.jdk.openjdk16; knownVulnerabilities = EOL; };
jre-16 = common { sourcePerArch = sources.jre.openjdk16; knownVulnerabilities = EOL; };
jdk-17 = common { sourcePerArch = sources.jdk.openjdk17; };
jre-17 = common { sourcePerArch = sources.jre.openjdk17; };
jdk-21 = common { sourcePerArch = sources.jdk.openjdk21; };

4
pkgs/development/compilers/semeru-bin/jdk-linux.nix
View File

@ -4,15 +4,13 @@ let
sources = (lib.importJSON ./sources.json).openj9.linux;
common = opts: callPackage (import ./jdk-linux-base.nix opts) {};
EOL = [ "This JDK/JRE version has reached End of Life." ];
# EOL = [ "This JDK/JRE version has reached End of Life." ];
in
{
jdk-8 = common { sourcePerArch = sources.jdk.openjdk8; };
jre-8 = common { sourcePerArch = sources.jre.openjdk8; };
jdk-11 = common { sourcePerArch = sources.jdk.openjdk11; };
jre-11 = common { sourcePerArch = sources.jre.openjdk11; };
jdk-16 = common { sourcePerArch = sources.jdk.openjdk16; knownVulnerabilities = EOL; };
jre-16 = common { sourcePerArch = sources.jre.openjdk16; knownVulnerabilities = EOL; };
jdk-17 = common { sourcePerArch = sources.jdk.openjdk17; };
jre-17 = common { sourcePerArch = sources.jre.openjdk17; };
jdk-21 = common { sourcePerArch = sources.jdk.openjdk21; };

2
pkgs/development/compilers/temurin-bin/generate-sources.py
View File

@ -6,7 +6,7 @@ import re
import requests
import sys
feature_versions = (8, 11, 16, 17, 18, 19, 20, 21, 22)
feature_versions = (8, 11, 17, 21, 22)
oses = ("mac", "linux", "alpine-linux")
types = ("jre", "jdk")
impls = ("hotspot",)

13
pkgs/development/compilers/temurin-bin/jdk-darwin.nix
View File

@ -4,7 +4,7 @@ let
sources = (lib.importJSON ./sources.json).hotspot.mac;
common = opts: callPackage (import ./jdk-darwin-base.nix opts) { };
EOL = [ "This JDK version has reached End of Life." ];
# EOL = [ "This JDK version has reached End of Life." ];
in
{
jdk-8 = common { sourcePerArch = sources.jdk.openjdk8; };
@ -13,20 +13,9 @@ in
jdk-11 = common { sourcePerArch = sources.jdk.openjdk11; };
jre-11 = common { sourcePerArch = sources.jre.openjdk11; };
jdk-16 = common { sourcePerArch = sources.jdk.openjdk16; knownVulnerabilities = EOL; };
jdk-17 = common { sourcePerArch = sources.jdk.openjdk17; };
jre-17 = common { sourcePerArch = sources.jre.openjdk17; };
jdk-18 = common { sourcePerArch = sources.jdk.openjdk18; knownVulnerabilities = EOL; };
jre-18 = common { sourcePerArch = sources.jre.openjdk18; knownVulnerabilities = EOL; };
jdk-19 = common { sourcePerArch = sources.jdk.openjdk19; knownVulnerabilities = EOL; };
jre-19 = common { sourcePerArch = sources.jre.openjdk19; knownVulnerabilities = EOL; };
jdk-20 = common { sourcePerArch = sources.jdk.openjdk20; knownVulnerabilities = EOL; };
jre-20 = common { sourcePerArch = sources.jre.openjdk20; knownVulnerabilities = EOL; };
jdk-21 = common { sourcePerArch = sources.jdk.openjdk21; };
jre-21 = common { sourcePerArch = sources.jre.openjdk21; };

13
pkgs/development/compilers/temurin-bin/jdk-linux.nix
View File

@ -5,7 +5,7 @@ let
sources = (lib.importJSON ./sources.json).hotspot.${variant};
common = opts: callPackage (import ./jdk-linux-base.nix opts) { };
EOL = [ "This JDK version has reached End of Life." ];
# EOL = [ "This JDK version has reached End of Life." ];
in
{
jdk-8 = common { sourcePerArch = sources.jdk.openjdk8; };
@ -14,20 +14,9 @@ in
jdk-11 = common { sourcePerArch = sources.jdk.openjdk11; };
jre-11 = common { sourcePerArch = sources.jre.openjdk11; };
jdk-16 = common { sourcePerArch = sources.jdk.openjdk16; knownVulnerabilities = EOL; };
jdk-17 = common { sourcePerArch = sources.jdk.openjdk17; };
jre-17 = common { sourcePerArch = sources.jre.openjdk17; };
jdk-18 = common { sourcePerArch = sources.jdk.openjdk18; knownVulnerabilities = EOL; };
jre-18 = common { sourcePerArch = sources.jre.openjdk18; knownVulnerabilities = EOL; };
jdk-19 = common { sourcePerArch = sources.jdk.openjdk19; knownVulnerabilities = EOL; };
jre-19 = common { sourcePerArch = sources.jre.openjdk19; knownVulnerabilities = EOL; };
jdk-20 = common { sourcePerArch = sources.jdk.openjdk20; knownVulnerabilities = EOL; };
jre-20 = common { sourcePerArch = sources.jre.openjdk20; knownVulnerabilities = EOL; };
jdk-21 = common { sourcePerArch = sources.jdk.openjdk21; };
jre-21 = common { sourcePerArch = sources.jre.openjdk21; };

Some files were not shown because too many files have changed in this diff Show More