dev/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

Merge #322145: staging-next 2024-06-24

Browse Source
This commit is contained in:
Vladimír Čunát 2024-07-06 09:03:01 +02:00
commit 91594d11a2
No known key found for this signature in database
GPG Key ID: E747DF1F9575A3AA
1397 changed files with 8024 additions and 5492 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
doc/languages-frameworks/python.section.md
View File

@ -1315,9 +1315,6 @@ we can do:
```nix
{
nativeBuildInputs = [
pythonRelaxDepsHook
];
pythonRelaxDeps = [
"pkg1"
"pkg3"
@ -1340,7 +1337,6 @@ example:
```nix
{
nativeBuildInputs = [ pythonRelaxDepsHook ];
pythonRelaxDeps = true;
}
```
@ -1362,8 +1358,11 @@ instead of a dev dependency).
Keep in mind that while the examples above are done with `requirements.txt`,
`pythonRelaxDepsHook` works by modifying the resulting wheel file, so it should
work with any of the [existing hooks](#setup-hooks).
It indicates that `pythonRelaxDepsHook` has no effect on build time dependencies, such as in `build-system`.
If a package requires incompatible build time dependencies, they should be removed in `postPatch` with `substituteInPlace` or something similar.
The `pythonRelaxDepsHook` has no effect on build time dependencies, such as
those specified in `build-system`. If a package requires incompatible build
time dependencies, they should be removed in `postPatch` through
`substituteInPlace` or similar.
#### Using unittestCheckHook {#using-unittestcheckhook}

3
doc/languages-frameworks/texlive.section.md
View File

@ -83,12 +83,13 @@ Release 23.11 ships with a new interface that will eventually replace `texlive.c
```nix
stdenvNoCC.mkDerivation rec {
src = texlive.pkgs.iwona;
dontUnpack = true;
inherit (src) pname version;
installPhase = ''
runHook preInstall
install -Dm644 fonts/opentype/nowacki/iwona/*.otf -t $out/share/fonts/opentype
install -Dm644 $src/fonts/opentype/nowacki/iwona/*.otf -t $out/share/fonts/opentype
runHook postInstall
'';
}

18
doc/stdenv/stdenv.chapter.md
View File

@ -1517,6 +1517,10 @@ This flag can break dynamic shared object loading. For instance, the module syst
intel_drv.so: undefined symbol: vgaHWFreeHWRec
```
#### `zerocallusedregs` {#zerocallusedregs}
Adds the `-fzero-call-used-regs=used-gpr` compiler option. This causes the general-purpose registers that an architecture's calling convention considers "call-used" to be zeroed on return from the function. This can make it harder for attackers to construct useful ROP gadgets and also reduces the chance of data leakage from a function call.
### Hardening flags disabled by default {#sec-hardening-flags-disabled-by-default}
The following flags are disabled by default and should be enabled with `hardeningEnable` for packages that take untrusted input like network services.
@ -1530,16 +1534,22 @@ Adds the `-fPIE` compiler and `-pie` linker options. Position Independent Execut
Static libraries need to be compiled with `-fPIE` so that executables can link them in with the `-pie` linker option.
If the libraries lack `-fPIE`, you will get the error `recompile with -fPIE`.
#### `zerocallusedregs` {#zerocallusedregs}
Adds the `-fzero-call-used-regs=used-gpr` compiler option. This causes the general-purpose registers that an architecture's calling convention considers "call-used" to be zeroed on return from the function. This can make it harder for attackers to construct useful ROP gadgets and also reduces the chance of data leakage from a function call.
#### `trivialautovarinit` {#trivialautovarinit}
Adds the `-ftrivial-auto-var-init=pattern` compiler option. This causes "trivially-initializable" uninitialized stack variables to be forcibly initialized with a nonzero value that is likely to cause a crash (and therefore be noticed). Uninitialized variables generally take on their values based on fragments of previous program state, and attackers can carefully manipulate that state to craft malicious initial values for these variables.
Use of this flag is controversial as it can prevent tools that detect uninitialized variable use (such as valgrind) from operating correctly.
This should be turned off or fixed for build errors such as:
```
sorry, unimplemented: __builtin_clear_padding not supported for variable length aggregates
```
#### `stackclashprotection` {#stackclashprotection}
This flag adds the `-fstack-clash-protection` compiler option, which causes growth of a program's stack to access each successive page in order. This should force the guard page to be accessed and cause an attempt to "jump over" this guard page to crash.
[^footnote-stdenv-ignored-build-platform]: The build platform is ignored because it is a mere implementation detail of the package satisfying the dependency: As a general programming principle, dependencies are always *specified* as interfaces, not concrete implementation.
[^footnote-stdenv-native-dependencies-in-path]: Currently, this means for native builds all dependencies are put on the `PATH`. But in the future that may not be the case for sake of matching cross: the platforms would be assumed to be unique for native and cross builds alike, so only the `depsBuild*` and `nativeBuildInputs` would be added to the `PATH`.
[^footnote-stdenv-propagated-dependencies]: Nix itself already takes a packages transitive dependencies into account, but this propagation ensures nixpkgs-specific infrastructure like [setup hooks](#ssec-setup-hooks) also are run as if it were a propagated dependency.

2
maintainers/scripts/luarocks-packages.csv
View File

@ -97,7 +97,7 @@ lua-utils.nvim,,,,,,mrcjkb
lua-yajl,,,,,,pstn
lua-iconv,,,,7.0.0,,
luuid,,,,20120509-2,,
luv,,,,1.44.2-1,,
luv,,,,1.48.0-2,,
lush.nvim,,,https://luarocks.org/dev,,,teto
lyaml,,,,,,lblasc
lz.n,,,,,,mrcjkb

1 name rockspec ref server version luaversion maintainers
97 lua-yajl pstn
98 lua-iconv 7.0.0
99 luuid 20120509-2
100 luv 1.44.2-1 1.48.0-2
101 lush.nvim https://luarocks.org/dev teto
102 lyaml lblasc
103 lz.n mrcjkb

4
nixos/doc/manual/release-notes/rl-2411.section.md
View File

@ -189,6 +189,10 @@
<!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. -->
- The `zerocallusedregs` hardening flag is enabled by default on compilers that support it.
- The `stackclashprotection` hardening flag has been added, though disabled by default.
- `hareHook` has been added as the language framework for Hare. From now on, it,
not the `hare` package, should be added to `nativeBuildInputs` when building
Hare programs.

2
nixos/modules/config/fonts/ghostscript.nix
View File

@ -18,6 +18,6 @@ with lib;
};
config = mkIf config.fonts.enableGhostscriptFonts {
fonts.packages = [ "${pkgs.ghostscript}/share/ghostscript/fonts" ];
fonts.packages = [ pkgs.ghostscript.fonts ];
};
}

3
nixos/tests/kernel-generic.nix
View File

@ -47,6 +47,9 @@ in mapAttrs (_: lP: testsForLinuxPackages lP) kernels // {
passthru = {
inherit testsForLinuxPackages;
# Useful for development testing of all Kernel configs without building full Kernel
configfiles = mapAttrs (_: lP: lP.kernel.configfile) kernels;
testsForKernel = kernel: testsForLinuxPackages (pkgs.linuxPackagesFor kernel);
};
}

1
pkgs/applications/audio/ledfx/default.nix
View File

@ -26,7 +26,6 @@ python3.pkgs.buildPythonPackage rec {
poetry-core
];
nativeBuildInputs = with python3.pkgs; [ pythonRelaxDepsHook ];
dependencies = with python3.pkgs; [
aiohttp

4
pkgs/applications/audio/pd-plugins/gem/default.nix
View File

@ -7,7 +7,7 @@
, libGL
, libGLU
, glew
, freeglut
, libglut
, libv4l
, libX11
, file
@ -36,7 +36,7 @@ stdenv.mkDerivation rec {
libGL
libGLU
glew
freeglut
libglut
libv4l
libX11
];

1
pkgs/applications/audio/puddletag/default.nix
View File

@ -45,7 +45,6 @@ python3.pkgs.buildPythonApplication rec {
];
nativeBuildInputs = [
python3.pkgs.pythonRelaxDepsHook
wrapQtAppsHook
];

4
pkgs/applications/audio/sndpeek/default.nix
View File

@ -1,4 +1,4 @@
{ lib, stdenv, fetchurl, libsndfile, freeglut, alsa-lib, mesa, libGLU, libX11, libXmu
{ lib, stdenv, fetchurl, libsndfile, libglut, alsa-lib, mesa, libGLU, libX11, libXmu
, libXext, libXi }:
stdenv.mkDerivation rec {
@ -16,7 +16,7 @@ stdenv.mkDerivation rec {
patches = [ ./pthread.patch ];
buildInputs = [
freeglut
libglut
alsa-lib
mesa
libGLU

1
pkgs/applications/backup/unifi-protect-backup/default.nix
View File

@ -40,7 +40,6 @@ python.pkgs.buildPythonApplication rec {
nativeBuildInputs = with python.pkgs; [
poetry-core
pythonRelaxDepsHook
];
propagatedBuildInputs = with python.pkgs; [

3
pkgs/applications/blockchains/polkadot/default.nix
View File

@ -92,8 +92,5 @@ rustPlatform.buildRustPackage rec {
maintainers = with maintainers; [ akru andresilva FlorianFranzen RaghavSood ];
# See Iso::from_arch in src/isa/mod.rs in cranelift-codegen-meta.
platforms = intersectLists platforms.unix (platforms.aarch64 ++ platforms.s390x ++ platforms.riscv64 ++ platforms.x86);
# See comment about wasm32-unknown-unknown in rustc.nix.
broken = lib.any (a: lib.hasAttr a stdenv.hostPlatform.gcc) [ "cpu" "float-abi" "fpu" ] ||
!stdenv.hostPlatform.gcc.thumb or true;
};
}

3
pkgs/applications/editors/emacs/elisp-packages/libgenerated.nix
View File

@ -79,7 +79,8 @@ in {
lib.nameValuePair ename (
self.callPackage ({ melpaBuild, fetchurl, ... }@pkgargs:
melpaBuild {
inherit pname ename commit;
inherit pname ename;
inherit (sourceArgs) commit;
version = lib.optionalString (version != null)
(lib.concatStringsSep "." (map toString
# Hack: Melpa archives contains versions with parse errors such as [ 4 4 -4 413 ] which should be 4.4-413

6
pkgs/applications/editors/emacs/sources.nix
View File

@ -104,10 +104,10 @@ in
emacs29 = import ./make-emacs.nix (mkArgs {
pname = "emacs";
version = "29.3";
version = "29.4";
variant = "mainline";
rev = "29.3";
hash = "sha256-4yN81djeKb9Hlr6MvaDdXqf4XOl0oolXEYGqkA+KUO0=";
rev = "29.4";
hash = "sha256-FCP6ySkN9mAdp2T09n6foS2OciqZXc/54guRZ0B4Z2s=";
});
emacs28-macport = import ./make-emacs.nix (mkArgs {

20
pkgs/applications/editors/neovim/tests/default.nix
View File

@ -43,6 +43,14 @@ let
'';
};
nvim-with-luasnip = wrapNeovim2 "-with-lua-packages" (makeNeovimConfig {
plugins = [ {
plugin = vimPlugins.luasnip;
}
];
});
nvimAutoDisableWrap = makeNeovimConfig { };
wrapNeovim2 = suffix: config:
@ -281,4 +289,16 @@ rec {
export HOME=$TMPDIR
${nvim_with_opt_plugin}/bin/nvim -i NONE +quit! -e
'';
inherit nvim-with-luasnip;
# check that bringing in one plugin with lua deps makes those deps visible from wrapper
# for instance luasnip has a dependency on jsregexp
can_require_transitive_deps =
runTest nvim-with-luasnip ''
export HOME=$TMPDIR
cat ${nvim-with-luasnip}/bin/nvim
${nvim-with-luasnip}/bin/nvim -i NONE --cmd "lua require'jsregexp'" -e
'';
})

24
pkgs/applications/editors/neovim/utils.nix
View File

@ -245,12 +245,36 @@ let
fi
'');
/*
Fork of vimUtils.packDir that additionnally generates a propagated-build-inputs-file that
can be used by the lua hooks to generate a proper LUA_PATH
Generates a packpath folder as expected by vim
Example:
packDir ( {myVimPackage = { start = [ vimPlugins.vim-fugitive ]; opt = []; }; })
=> "/nix/store/xxxxx-pack-dir"
*/
packDir = packages:
let
rawPackDir = vimUtils.packDir packages;
in
rawPackDir.override ({
postBuild = ''
mkdir $out/nix-support
for i in $(find -L $out -name propagated-build-inputs ); do
cat "$i" >> $out/nix-support/propagated-build-inputs
done
'';});
in
{
inherit makeNeovimConfig;
inherit generateProviderRc;
inherit legacyWrapper;
inherit grammarToPlugin;
inherit packDir;
inherit buildNeovimPlugin;
buildNeovimPluginFrom2Nix = lib.warn "buildNeovimPluginFrom2Nix was renamed to buildNeovimPlugin" buildNeovimPlugin;

27
pkgs/applications/editors/neovim/wrapper.nix
View File

@ -13,6 +13,9 @@
neovim-unwrapped:
let
# inherit interpreter from neovim
lua = neovim-unwrapped.lua;
wrapper = {
extraName ? ""
# should contain all args but the binary. Can be either a string or list
@ -24,6 +27,8 @@ let
, withNodeJs ? false
, withPerl ? false
, rubyEnv ? null
# wether to create symlinks in $out/bin/vi(m) -> $out/bin/nvim
, vimAlias ? false
, viAlias ? false
@ -45,6 +50,8 @@ let
stdenv.mkDerivation (finalAttrs:
let
finalPackdir = neovimUtils.packDir packpathDirs;
rcContent = ''
${luaRcContent}
'' + lib.optionalString (!isNull neovimRcContent) ''
@ -57,10 +64,10 @@ let
# vim accepts a limited number of commands so we join them all
[
"--add-flags" ''--cmd "lua ${providerLuaRc}"''
# (lib.intersperse "|" hostProviderViml)
] ++ lib.optionals (packpathDirs.myNeovimPackages.start != [] || packpathDirs.myNeovimPackages.opt != []) [
"--add-flags" ''--cmd "set packpath^=${vimUtils.packDir packpathDirs}"''
"--add-flags" ''--cmd "set rtp^=${vimUtils.packDir packpathDirs}"''
]
++ lib.optionals (packpathDirs.myNeovimPackages.start != [] || packpathDirs.myNeovimPackages.opt != []) [
"--add-flags" ''--cmd "set packpath^=${finalPackdir}"''
"--add-flags" ''--cmd "set rtp^=${finalPackdir}"''
]
;
@ -160,7 +167,17 @@ let
+ ''
rm $out/bin/nvim
touch $out/rplugin.vim
makeWrapper ${lib.escapeShellArgs finalMakeWrapperArgs} ${wrapperArgsStr}
echo "Looking for lua dependencies..."
source ${lua}/nix-support/utils.sh
_addToLuaPath "${finalPackdir}"
echo "LUA_PATH towards the end of packdir: $LUA_PATH"
makeWrapper ${lib.escapeShellArgs finalMakeWrapperArgs} ${wrapperArgsStr} \
--prefix LUA_PATH ';' "$LUA_PATH" \
--prefix LUA_CPATH ';' "$LUA_CPATH"
'';
buildPhase = ''

4
pkgs/applications/editors/vim/common.nix
View File

@ -1,6 +1,6 @@
{ lib, fetchFromGitHub }:
rec {
version = "9.1.0412";
version = "9.1.0509";
outputs = [ "out" "xxd" ];
@ -8,7 +8,7 @@ rec {
owner = "vim";
repo = "vim";
rev = "v${version}";
hash = "sha256-uLdXFZ8eW+iMXrvkaEkArZmRfAiyORaEZxFFPt0TrdI=";
hash = "sha256-CATjUalRjvVjEfWT5evFAk//Oj4iB1fDBsRU5MhDyn4=";
};
enableParallelBuilding = true;

2
pkgs/applications/emulators/wine/base.nix
View File

@ -176,7 +176,7 @@ lib.optionalAttrs (buildScript != null) { builder = buildScript; }
# https://bugs.winehq.org/show_bug.cgi?id=43530
# https://github.com/NixOS/nixpkgs/issues/31989
hardeningDisable = [ "bindnow" ]
hardeningDisable = [ "bindnow" "stackclashprotection" ]
++ lib.optional (stdenv.hostPlatform.isDarwin) "fortify"
++ lib.optional (supportFlags.mingwSupport) "format";

4
pkgs/applications/emulators/yabause/default.nix
View File

@ -1,5 +1,5 @@
{ mkDerivation, lib, fetchurl, cmake, pkg-config, qtbase, qt5, libGLU, libGL
, freeglut ? null, openal ? null, SDL2 ? null }:
, libglut ? null, openal ? null, SDL2 ? null }:
mkDerivation rec {
pname = "yabause";
@ -11,7 +11,7 @@ mkDerivation rec {
};
nativeBuildInputs = [ cmake pkg-config ];
buildInputs = [ qtbase qt5.qtmultimedia libGLU libGL freeglut openal SDL2 ];
buildInputs = [ qtbase qt5.qtmultimedia libGLU libGL libglut openal SDL2 ];
patches = [
./linkage-rwx-linux-elf.patch

1
pkgs/applications/file-managers/browsr/default.nix
View File

@ -18,7 +18,6 @@ python3.pkgs.buildPythonApplication rec {
nativeBuildInputs = with python3.pkgs; [
hatchling
pythonRelaxDepsHook
];
propagatedBuildInputs = with python3.pkgs; [

2
pkgs/applications/graphics/ImageMagick/6.x.nix
View File

@ -55,7 +55,7 @@ stdenv.mkDerivation (finalAttrs: {
(lib.withFeatureAs (arch != null) "gcc-arch" arch)
(lib.withFeature librsvgSupport "rsvg")
(lib.withFeature liblqr1Support "lqr")
(lib.withFeatureAs ghostscriptSupport "gs-font-dir" "${ghostscript}/share/ghostscript/fonts")
(lib.withFeatureAs ghostscriptSupport "gs-font-dir" "${ghostscript.fonts}/share/fonts")
(lib.withFeature ghostscriptSupport "gslib")
] ++ lib.optionals stdenv.hostPlatform.isMinGW [
# due to libxml2 being without DLLs ATM

2
pkgs/applications/graphics/ImageMagick/default.nix
View File

@ -76,7 +76,7 @@ stdenv.mkDerivation (finalAttrs: {
(lib.withFeature librsvgSupport "pango")
(lib.withFeature liblqr1Support "lqr")
(lib.withFeature libjxlSupport "jxl")
(lib.withFeatureAs ghostscriptSupport "gs-font-dir" "${ghostscript}/share/ghostscript/fonts")
(lib.withFeatureAs ghostscriptSupport "gs-font-dir" "${ghostscript.fonts}/share/fonts")
(lib.withFeature ghostscriptSupport "gslib")
] ++ lib.optionals stdenv.hostPlatform.isMinGW [
# due to libxml2 being without DLLs ATM

12
pkgs/applications/graphics/fluxus/default.nix
View File

@ -3,7 +3,7 @@
, fetchFromGitLab
, alsa-lib
, fftw
, freeglut
, libglut
, freetype
, glew
, libjack2
@ -33,17 +33,17 @@ stdenv.mkDerivation {
buildInputs = [
alsa-lib
fftw
freeglut.dev
libglut
freetype
glew
libjack2
libjpeg.dev
libjpeg
liblo
libsndfile.dev
libtiff.dev
libsndfile
libtiff
ode
openal
openssl.dev
openssl
racket_7_9
];
nativeBuildInputs = [ scons ];

4
pkgs/applications/graphics/freepv/default.nix
View File

@ -4,7 +4,7 @@
, libjpeg
, libGLU
, libGL
, freeglut
, libglut
, zlib
, cmake
, libX11
@ -23,7 +23,7 @@ stdenv.mkDerivation rec {
};
nativeBuildInputs = [ cmake ];
buildInputs = [ libjpeg libGLU libGL freeglut zlib libX11 libxml2 libpng libXxf86vm ];
buildInputs = [ libjpeg libGLU libGL libglut zlib libX11 libxml2 libpng libXxf86vm ];
postPatch = ''
sed -i -e '/GECKO/d' CMakeLists.txt

4
pkgs/applications/graphics/opentoonz/default.nix
View File

@ -1,7 +1,7 @@
{ boost
, cmake
, fetchFromGitHub
, freeglut
, libglut
, freetype
, glew
, libjpeg
@ -93,7 +93,7 @@ stdenv.mkDerivation {
buildInputs = [
boost
freeglut
libglut
freetype
glew
libjpeg

1
pkgs/applications/misc/archivy/default.nix
View File

@ -32,7 +32,6 @@ buildPythonApplication rec {
hash = "sha256-ns1Y0DqqnTAQMEt+oBJ/P2gqKqPsX9P3/Z4561qzuns";
};
nativeBuildInputs = [ pythonRelaxDepsHook ];
pythonRelaxDeps = true;

6
pkgs/applications/misc/blender/default.nix
View File

@ -342,10 +342,10 @@ stdenv.mkDerivation (finalAttrs: {
};
tests = {
render = runCommand "${finalAttrs.pname}-test" { } ''
render = runCommand "${finalAttrs.pname}-test" {
nativeBuildInputs = [ mesa.llvmpipeHook ];
} ''
set -euo pipefail
export LIBGL_DRIVERS_PATH=${mesa.drivers}/lib/dri
export __EGL_VENDOR_LIBRARY_FILENAMES=${mesa.drivers}/share/glvnd/egl_vendor.d/50_mesa.json
cat <<'PYTHON' > scene-config.py
import bpy
bpy.context.scene.eevee.taa_render_samples = 32

1
pkgs/applications/misc/dbx/default.nix
View File

@ -30,7 +30,6 @@ python.pkgs.buildPythonApplication rec {
build-system = with python.pkgs; [ setuptools ];
nativeBuildInputs = with python.pkgs; [ pythonRelaxDepsHook ];
propagatedBuildInputs =
with python.pkgs;

4
pkgs/applications/misc/icesl/default.nix
View File

@ -1,8 +1,8 @@
{ stdenv, lib, fetchzip, freeglut, libXmu, libXi, libX11, libICE, libGLU, libGL, libSM
{ stdenv, lib, fetchzip, libglut, libXmu, libXi, libX11, libICE, libGLU, libGL, libSM
, libXext, glibc, lua, luabind, glfw, libgccjit, dialog, makeWrapper
}:
let
lpath = lib.makeLibraryPath [ libXmu libXi libX11 freeglut libICE libGLU libGL libSM libXext glibc lua glfw luabind libgccjit ];
lpath = lib.makeLibraryPath [ libXmu libXi libX11 libglut libICE libGLU libGL libSM libXext glibc lua glfw luabind libgccjit ];
in
stdenv.mkDerivation rec {
pname = "iceSL";

2
pkgs/applications/misc/lutris/fhsenv.nix
View File

@ -62,7 +62,7 @@ in buildFHSEnv {
fontconfig SDL2_ttf
# Mednafen
freeglut mesa_glu
libglut mesa_glu
# MESS
expat

6
pkgs/applications/misc/mupdf/1.17/default.nix
View File

@ -2,7 +2,7 @@
, jbig2dec, libjpeg , darwin
, enableX11 ? true, libX11, libXext, libXi, libXrandr
, enableCurl ? true, curl, openssl
, enableGL ? true, freeglut, libGLU
, enableGL ? true, libglut, libGLU
}:
let
@ -33,14 +33,14 @@ in stdenv.mkDerivation rec {
makeFlags = [ "prefix=$(out) USE_SYSTEM_LIBS=yes" ];
nativeBuildInputs = [ pkg-config ];
buildInputs = [ freetype harfbuzz openjpeg jbig2dec libjpeg freeglut libGLU ]
buildInputs = [ freetype harfbuzz openjpeg jbig2dec libjpeg libglut libGLU ]
++ lib.optionals enableX11 [ libX11 libXext libXi libXrandr ]
++ lib.optionals enableCurl [ curl openssl ]
++ lib.optionals enableGL (
if stdenv.isDarwin then
with darwin.apple_sdk.frameworks; [ GLUT OpenGL ]
else
[ freeglut libGLU ])
[ libglut libGLU ])
;
outputs = [ "bin" "dev" "out" "man" "doc" ];

4
pkgs/applications/misc/pagefind/default.nix
View File

@ -8,7 +8,6 @@
, gzip
, nodejs
, rustc
, stdenv
, wasm-bindgen-cli
, wasm-pack
}:
@ -121,9 +120,6 @@ rustPlatform.buildRustPackage rec {
license = licenses.mit;
maintainers = with maintainers; [ pbsds ];
platforms = platforms.unix;
# See comment about wasm32-unknown-unknown in rustc.nix.
broken = lib.any (a: lib.hasAttr a stdenv.hostPlatform.gcc) [ "cpu" "float-abi" "fpu" ] ||
!stdenv.hostPlatform.gcc.thumb or true;
mainProgram = "pagefind";
};
}

1
pkgs/applications/misc/pysentation/default.nix
View File

@ -17,7 +17,6 @@ python3.pkgs.buildPythonApplication rec {
nativeBuildInputs = with python3.pkgs; [
setuptools
pythonRelaxDepsHook
];
pythonRelaxDeps = [

1
pkgs/applications/misc/rusty-psn/default.nix
View File

@ -56,7 +56,6 @@ rustPlatform.buildRustPackage rec {
xorg.libXi
xorg.libxcb
libGL
libGL.dev
];
buildNoDefaultFeatures = true;

4
pkgs/applications/misc/shell-genie/default.nix
View File

@ -25,10 +25,6 @@ buildPythonPackage rec {
poetry-core
];
nativeBuildInputs = [
pythonRelaxDepsHook
];
dependencies = [
colorama
openai

2
pkgs/applications/misc/snagboot/default.nix
View File

@ -1,7 +1,6 @@
{ lib
, stdenv
, fetchFromGitHub
, pythonRelaxDepsHook
, python3
, snagboot
, testers
@ -21,7 +20,6 @@ python3.pkgs.buildPythonApplication rec {
};
nativeBuildInputs = [
pythonRelaxDepsHook
];
pythonRemoveDeps = [

2
pkgs/applications/misc/yubioath-flutter/helper.nix
View File

@ -4,7 +4,6 @@
, zxing-cpp
, pillow
, poetry-core
, pythonRelaxDepsHook
, src
, version
@ -21,7 +20,6 @@ buildPythonApplication {
nativeBuildInputs = [
poetry-core
pythonRelaxDepsHook
];
pythonRelaxDeps = true;

4
pkgs/applications/networking/browsers/chromium/common.nix
View File

@ -199,7 +199,7 @@ let
pciutils protobuf speechd libXdamage at-spi2-core
pipewire
libva
libdrm wayland mesa.drivers libxkbcommon
libdrm wayland libxkbcommon
curl
libepoxy
libffi
@ -227,7 +227,7 @@ let
pciutils protobuf speechd libXdamage at-spi2-core
pipewire
libva
libdrm wayland mesa.drivers libxkbcommon
libdrm wayland libxkbcommon
curl
libepoxy
libffi

6
pkgs/applications/networking/browsers/firefox/common.nix
View File

@ -62,8 +62,8 @@ in
, glib
, gnum4
, gtk3
, icu
, icu72
, icu73
, libGL
, libGLU
, libevent
@ -487,7 +487,9 @@ buildStdenv.mkDerivation {
]
# icu73 changed how it follows symlinks which breaks in the firefox sandbox
# https://bugzilla.mozilla.org/show_bug.cgi?id=1839287
++ [ (if (lib.versionAtLeast version "115") then icu else icu72) ]
# icu74 fails to build on 127 and older
# https://bugzilla.mozilla.org/show_bug.cgi?id=1862601
++ [ (if (lib.versionAtLeast version "115") then icu73 else icu72) ]
++ [ (if (lib.versionAtLeast version "116") then nss_latest else nss_esr/*3.90*/) ]
++ lib.optional alsaSupport alsa-lib
++ lib.optional jackSupport libjack2

9
pkgs/applications/networking/browsers/firefox/packages.nix
View File

@ -1,4 +1,6 @@
{ stdenv, lib, callPackage, fetchurl, fetchpatch, nixosTests, buildMozillaMach }:
{ stdenv, lib, callPackage, fetchurl, fetchpatch, nixosTests, buildMozillaMach
, python311
}:
{
firefox = buildMozillaMach rec {
@ -92,7 +94,7 @@
};
};
firefox-esr-115 = buildMozillaMach rec {
firefox-esr-115 = (buildMozillaMach rec {
pname = "firefox-esr-115";
version = "115.12.0esr";
applicationName = "Mozilla Firefox ESR";
@ -119,5 +121,6 @@
versionPrefix = "115";
versionSuffix = "esr";
};
};
})
.override { python3 = python311; };
}

1
pkgs/applications/networking/cluster/tftui/default.nix
View File

@ -24,7 +24,6 @@ python3.pkgs.buildPythonApplication rec {
nativeBuildInputs = with python3.pkgs; [
makeWrapper
poetry-core
pythonRelaxDepsHook
];
propagatedBuildInputs = with python3.pkgs; [

1
pkgs/applications/networking/dyndns/dyndnsc/default.nix
View File

@ -24,7 +24,6 @@ python3Packages.buildPythonApplication rec {
build-system = with python3Packages; [ setuptools ];
nativeBuildInputs = with python3Packages; [ pythonRelaxDepsHook ];
dependencies = with python3Packages; [
daemonocle

4
pkgs/applications/networking/errbot/default.nix
View File

@ -16,10 +16,6 @@ python3.pkgs.buildPythonApplication rec {
hash = "sha256-BmHChLWWnrtg0p4WH8bANwpo+p4RTwjYbXfyPnz6mp8=";
};
nativeBuildInputs = with python3.pkgs; [
pythonRelaxDepsHook
];
pythonRelaxDeps = true;
propagatedBuildInputs = with python3.pkgs; [

3
pkgs/applications/networking/ids/suricata/default.nix
View File

@ -125,7 +125,8 @@ stdenv.mkDerivation rec {
sed -i 's|${builtins.storeDir}/\(.\{8\}\)[^-]*-|${builtins.storeDir}/\1...-|g' ./src/build-info.h
'';
hardeningDisable = [ "stackprotector" ];
# zerocallusedregs interferes during BPF compilation; TODO: perhaps improve
hardeningDisable = [ "stackprotector" "zerocallusedregs" ];
installFlags = [
"e_datadir=\${TMPDIR}"

1
pkgs/applications/networking/instant-messengers/pantalaimon/default.nix
View File

@ -24,7 +24,6 @@ python3Packages.buildPythonApplication rec {
installShellFiles
] ++ (with python3Packages; [
setuptools
pythonRelaxDepsHook
]);
pythonRelaxDeps = [

1
pkgs/applications/networking/instant-messengers/teamspeak/client5.nix
View File

@ -52,7 +52,6 @@ stdenv.mkDerivation rec {
libnotify
libpulseaudio
libxkbcommon
mesa.drivers
nss
xorg.libX11
xorg.libXScrnSaver

4
pkgs/applications/networking/mailreaders/alot/default.nix
View File

@ -1,5 +1,5 @@
{ lib
, python3
, python311
, fetchFromGitHub
, file
, gnupg
@ -9,7 +9,7 @@
, withManpage ? false
}:
with python3.pkgs; buildPythonApplication rec {
with python311.pkgs; buildPythonApplication rec {
pname = "alot";
version = "0.10";

4
pkgs/applications/networking/mailreaders/thunderbird/packages.nix
View File

@ -1,4 +1,4 @@
{ stdenv, lib, buildMozillaMach, callPackage, fetchurl, fetchpatch, nixosTests, icu, fetchpatch2, config }:
{ stdenv, lib, buildMozillaMach, callPackage, fetchurl, fetchpatch, nixosTests, icu73, fetchpatch2, config }:
rec {
thunderbird = thunderbird-115;
@ -40,7 +40,7 @@ rec {
pgoSupport = false; # console.warn: feeds: "downloadFeed: network connection unavailable"
icu = icu.overrideAttrs (attrs: {
icu73 = icu73.overrideAttrs (attrs: {
# standardize vtzone output
# Work around ICU-22132 https://unicode-org.atlassian.net/browse/ICU-22132
# https://bugzilla.mozilla.org/show_bug.cgi?id=1790071

1
pkgs/applications/networking/p2p/pyrosimple/default.nix
View File

@ -27,7 +27,6 @@ python3.pkgs.buildPythonApplication rec {
nativeBuildInputs = with python3.pkgs; [
poetry-core
pythonRelaxDepsHook
];
propagatedBuildInputs = with python3.pkgs; [

13
pkgs/applications/office/libreoffice/default.nix
View File

@ -1,8 +1,9 @@
{ stdenv
, fetchurl
, fetchpatch2
, lib
, pam
, python3
, python311
, libxslt
, perl
, perlPackages
@ -244,6 +245,11 @@ in stdenv.mkDerivation (finalAttrs: {
# - the remaining tests have notes in the patch
# FIXME: get rid of this ASAP
./skip-broken-tests.patch
(fetchpatch2 {
name = "icu74-compat.patch";
url = "https://gitlab.archlinux.org/archlinux/packaging/packages/libreoffice-fresh/-/raw/main/libreoffice-7.5.8.2-icu-74-compatibility.patch?ref_type=heads.patch";
hash = "sha256-OGBPIVQj8JTYlkKywt4QpH7ULAzKmet5jTLztGpIS0Y=";
})
] ++ lib.optionals (variant == "still") [
# Remove build config to reduce the amount of `-dev` outputs in the
# runtime closure. This behavior was introduced by upstream in commit
@ -268,6 +274,9 @@ in stdenv.mkDerivation (finalAttrs: {
substituteInPlace configure.ac --replace-fail \
'GPGMEPP_CFLAGS=-I/usr/include/gpgme++' \
'GPGMEPP_CFLAGS=-I${gpgme.dev}/include/gpgme++'
# Fix for Python 3.12
substituteInPlace configure.ac --replace-fail distutils.sysconfig sysconfig
'';
nativeBuildInputs = [
@ -372,7 +381,7 @@ in stdenv.mkDerivation (finalAttrs: {
perl
poppler
postgresql
python3
python311
sane-backends
unixODBC
unzip

4
pkgs/applications/science/astronomy/celestia/default.nix
View File

@ -1,4 +1,4 @@
{ lib, stdenv, fetchFromGitHub, pkg-config, freeglut, gtk2, gtkglext
{ lib, stdenv, fetchFromGitHub, pkg-config, libglut, gtk2, gtkglext
, libjpeg_turbo, libtheora, libXmu, lua, libGLU, libGL, perl, autoreconfHook
}:
@ -15,7 +15,7 @@ stdenv.mkDerivation rec {
nativeBuildInputs = [ pkg-config autoreconfHook ];
buildInputs = [
freeglut gtk2 gtkglext lua perl
libglut gtk2 gtkglext lua perl
libjpeg_turbo libtheora libXmu libGLU libGL
];

15
pkgs/applications/science/biology/macs2/default.nix
View File

@ -1,9 +1,11 @@
{ lib, python3, fetchpatch, fetchPypi }:
{ lib, python311, fetchpatch, fetchPypi }:
python3.pkgs.buildPythonPackage rec {
# pin python311 because macs2 does not support python 3.12
# https://github.com/macs3-project/MACS/issues/598#issuecomment-1812622572
python311.pkgs.buildPythonPackage rec {
pname = "macs2";
version = "2.2.9.1";
format = "pyproject";
pyproject = true;
src = fetchPypi {
pname = lib.toUpper pname;
@ -20,20 +22,19 @@ python3.pkgs.buildPythonPackage rec {
})
];
nativeBuildInputs = with python3.pkgs; [
build-system = with python311.pkgs; [
cython_0
numpy
setuptools
wheel
];
propagatedBuildInputs = with python3.pkgs; [
dependencies = with python311.pkgs; [
numpy
];
__darwinAllowLocalNetworking = true;
nativeCheckInputs = with python3.pkgs; [
nativeCheckInputs = with python311.pkgs; [
unittestCheckHook
];

4
pkgs/applications/science/geometry/antiprism/default.nix
View File

@ -4,7 +4,7 @@
, libX11
, libGL
, libGLU
, freeglut }:
, libglut }:
stdenv.mkDerivation rec {
pname = "antiprism";
@ -18,7 +18,7 @@ stdenv.mkDerivation rec {
};
nativeBuildInputs = [ autoreconfHook ];
buildInputs = [ libX11 libGLU libGL.dev freeglut.dev ];
buildInputs = [ libX11 libGLU libGL libglut ];
meta = with lib; {
homepage = "https://www.antiprism.com";

4
pkgs/applications/science/math/glsurf/default.nix
View File

@ -5,7 +5,7 @@
, makeWrapper
, libGLU
, libGL
, freeglut
, libglut
, mpfr
, gmp
, pkgsHostTarget
@ -32,7 +32,7 @@ stdenv.mkDerivation rec {
]);
buildInputs = [
freeglut
libglut
libGL
libGLU
mpfr

2
pkgs/applications/science/math/sage/sagelib.nix
View File

@ -6,7 +6,6 @@
, perl
, pkg-config
, sage-setup
, pythonRelaxDepsHook
, gd
, iml
, libpng
@ -103,7 +102,6 @@ buildPythonPackage rec {
pip # needed to query installed packages
pkg-config
sage-setup
pythonRelaxDepsHook
];
pythonRelaxDeps = [

4
pkgs/applications/science/misc/boinc/default.nix
View File

@ -10,7 +10,7 @@
, libGL
, libXmu
, libXi
, freeglut
, libglut
, libjpeg
, libtool
, wxGTK32
@ -48,7 +48,7 @@ stdenv.mkDerivation rec {
libGL
libXmu
libXi
freeglut
libglut
libjpeg
wxGTK32
gtk3

4
pkgs/applications/science/misc/foldingathome/viewer.nix
View File

@ -2,7 +2,7 @@
, autoPatchelfHook
, dpkg
, fetchurl
, freeglut
, libglut
, gcc-unwrapped
, libGL
, libGLU
@ -29,7 +29,7 @@ stdenv.mkDerivation rec {
];
buildInputs = [
freeglut
libglut
gcc-unwrapped.lib
libGL
libGLU

6
pkgs/applications/terminal-emulators/rio/default.nix
View File

@ -51,16 +51,16 @@ let
in
rustPlatform.buildRustPackage rec {
pname = "rio";
version = "0.0.39";
version = "0.1.0";
src = fetchFromGitHub {
owner = "raphamorim";
repo = "rio";
rev = "v${version}";
hash = "sha256-pnU2wxgopHMWgJ7JGdO2P/MCfxqCY7MTEE39qtD0XKw=";
hash = "sha256-Jp8f8u9CkY+pz6QaoWp6P6+OqsIjhzXH0eeoBiSDR0k=";
};
cargoHash = "sha256-GwI2zHX1YcR4pC+qtkDoxx2U+zipbqqxsCI8/XNg2BU=";
cargoHash = "sha256-3FirYpHxTRvXgRQACVvmwlaCNTyJ8dLbZ258qv5vbsc=";
nativeBuildInputs = [
ncurses

16
pkgs/applications/terminal-emulators/xterm/default.nix
View File

@ -1,19 +1,21 @@
{ lib, stdenv, fetchurl, fetchpatch, xorg, ncurses, freetype, fontconfig
{ lib, stdenv, fetchurl, xorg, ncurses, freetype, fontconfig
, pkg-config, makeWrapper, nixosTests, gitUpdater
, nix, gnused, coreutils, enableDecLocator ? true }:
stdenv.mkDerivation rec {
pname = "xterm";
version = "390";
version = "392";
src = fetchurl {
urls = [
"ftp://ftp.invisible-island.net/xterm/${pname}-${version}.tgz"
"https://invisible-mirror.net/archives/xterm/${pname}-${version}.tgz"
];
hash = "sha256-dRF8PMUXSgnEJe8QbmlATXL17wXgOl2gCq8VeS1vnA8=";
hash = "sha256-TVc3LvCOr6n7doLbjQe+D+BRPljoR4wuyOm2JIbn/l4=";
};
patches = [ ./sixel-256.support.patch ];
strictDeps = true;
nativeBuildInputs = [ makeWrapper pkg-config fontconfig ];
@ -32,14 +34,6 @@ stdenv.mkDerivation rec {
xorg.luit
];
patches = [ ./sixel-256.support.patch ]
++ lib.optional stdenv.hostPlatform.isMusl (fetchpatch {
name = "posix-ptys.patch";
url =
"https://git.alpinelinux.org/aports/plain/community/xterm/posix-ptys.patch?id=3aa532e77875fa1db18c7fcb938b16647031bcc1";
sha256 = "0czgnsxkkmkrk1idw69qxbprh0jb4sw3c24zpnqq2v76jkl7zvlr";
});
configureFlags = [
"--enable-wide-chars"
"--enable-256-color"

2
pkgs/applications/version-management/commitizen/default.nix
View File

@ -24,12 +24,12 @@ python3.pkgs.buildPythonApplication rec {
};
pythonRelaxDeps = [
"argcomplete"
"decli"
];
nativeBuildInputs = with python3.pkgs; [
poetry-core
pythonRelaxDepsHook
installShellFiles
];

4
pkgs/applications/version-management/git/default.nix
View File

@ -29,7 +29,7 @@ assert sendEmailSupport -> perlSupport;
assert svnSupport -> perlSupport;
let
version = "2.45.1";
version = "2.45.2";
svn = subversionClient.override { perlBindings = perlSupport; };
gitwebPerlLibs = with perlPackages; [ CGI HTMLParser CGIFast FCGI FCGIProcManager HTMLTagCloud ];
in
@ -42,7 +42,7 @@ stdenv.mkDerivation (finalAttrs: {
src = fetchurl {
url = "https://www.kernel.org/pub/software/scm/git/git-${version}.tar.xz";
hash = "sha256-5k00Co5ieuIs+4vMZRzKC0l88en99SNzVUT/SnMvEr8=";
hash = "sha256-Ub/ofrHAL+0UhAUYdTZe6rIpgx0w0M7F2JoU+eQOmts=";
};
outputs = [ "out" ] ++ lib.optional withManual "doc";

2
pkgs/applications/version-management/git/update.sh
View File

@ -4,7 +4,7 @@
set -eu -o pipefail
oldVersion="$(nix-instantiate --eval -E "with import ./. {}; lib.getVersion git" | tr -d '"')"
latestTag="$(git ls-remote --tags --sort="v:refname" https://github.com/git/git.git | grep -v '\{\}' | grep -v '\-rc' | tail -1 | sed 's|^.*/v\(.*\)|\1|')"
latestTag="$(git ls-remote --tags --sort="v:refname" https://github.com/git/git.git | grep -v '{}' | grep -v '\-rc' | tail -1 | sed 's|^.*/v\(.*\)|\1|')"
targetVersion="${1:-$latestTag}"
if [ ! "${oldVersion}" = "${targetVersion}" ]; then

1
pkgs/applications/version-management/gitless/default.nix
View File

@ -15,7 +15,6 @@ python3.pkgs.buildPythonApplication rec {
hash = "sha256-XDB1i2b1reMCM6i1uK3IzTnsoLXO7jldYtNlYUo1AoQ=";
};
nativeBuildInputs = [ python3.pkgs.pythonRelaxDepsHook ];
propagatedBuildInputs = with python3.pkgs; [
pygit2

6
pkgs/applications/version-management/mercurial/default.nix
View File

@ -23,11 +23,11 @@ let
self = python3Packages.buildPythonApplication rec {
pname = "mercurial${lib.optionalString fullBuild "-full"}";
version = "6.6.3";
version = "6.7.4";
src = fetchurl {
url = "https://mercurial-scm.org/release/mercurial-${version}.tar.gz";
hash = "sha256-911qSnWCOht9cTpJZ+yi9Zb0ZuWPxrwG1yZCky/X4wc=";
hash = "sha256-dHCPhzQFwSJy/sEWxt1Shi6O0RwQARx+V19eqBJj6l4=";
};
format = "other";
@ -37,7 +37,7 @@ let
cargoDeps = if rustSupport then rustPlatform.fetchCargoTarball {
inherit src;
name = "mercurial-${version}";
sha256 = "sha256-G5tzwoIGOgpVI35rYXDeelnBgTbAiq7BDcXCHQzqSrs=";
hash = "sha256-FRa7frX2z9jQGFBXS2TpOUANs0+xwegNETUAQIU0S4o=";
sourceRoot = "mercurial-${version}/rust";
} else null;
cargoRoot = if rustSupport then "rust" else null;

2
pkgs/applications/video/animdl/default.nix
View File

@ -2,7 +2,6 @@
buildPythonApplication,
fetchFromGitHub,
poetry-core,
pythonRelaxDepsHook,
anchor-kr,
anitopy,
click,
@ -47,7 +46,6 @@ buildPythonApplication {
nativeBuildInputs = [
poetry-core
pythonRelaxDepsHook
];
propagatedBuildInputs = [
anchor-kr

13
pkgs/applications/video/kodi/no-python-lib.patch Normal file
View File

@ -0,0 +1,13 @@
diff --git a/cmake/scripts/linux/Install.cmake b/cmake/scripts/linux/Install.cmake
index 9c45c91774..763d6acab4 100644
--- a/cmake/scripts/linux/Install.cmake
+++ b/cmake/scripts/linux/Install.cmake
@@ -199,8 +199,6 @@ install(FILES ${CMAKE_BINARY_DIR}/${CORE_BUILD_DIR}/scripts/${APP_NAME}Config.cm
if(ENABLE_EVENTCLIENTS)
find_package(PythonInterpreter REQUIRED)
- execute_process(COMMAND ${PYTHON_EXECUTABLE} -c "from distutils.sysconfig import get_python_lib; print(get_python_lib(prefix=''))"
- OUTPUT_VARIABLE PYTHON_LIB_PATH OUTPUT_STRIP_TRAILING_WHITESPACE)
# Install kodi-eventclients-common BT python files
install(PROGRAMS ${CMAKE_SOURCE_DIR}/tools/EventClients/lib/python/bt/__init__.py
${CMAKE_SOURCE_DIR}/tools/EventClients/lib/python/bt/bt.py

7
pkgs/applications/video/kodi/unwrapped.nix
View File

@ -1,4 +1,4 @@
{ stdenv, lib, fetchFromGitHub, fetchzip
{ stdenv, lib, fetchFromGitHub, fetchzip, fetchpatch
, autoconf, automake, libtool, makeWrapper
, pkg-config, cmake, yasm, python3Packages
, libxcrypt, libgcrypt, libgpg-error, libunistring
@ -97,6 +97,10 @@ in stdenv.mkDerivation (finalAttrs: {
hash = "sha256-xrFWqgwTkurEwt3/+/e4SCM6Uk9nxuW62SrCFWWqZO0=";
};
patches = [
./no-python-lib.patch
];
# make derivations declared in the let binding available here, so
# they can be overridden
inherit libdvdcss libdvdnav libdvdread groovy
@ -189,6 +193,7 @@ in stdenv.mkDerivation (finalAttrs: {
"-DSWIG_EXECUTABLE=${buildPackages.swig}/bin/swig"
"-DFLATBUFFERS_FLATC_EXECUTABLE=${buildPackages.flatbuffers}/bin/flatc"
"-DPYTHON_EXECUTABLE=${buildPackages.python3Packages.python}/bin/python"
"-DPYTHON_LIB_PATH=${python3Packages.python.sitePackages}"
# When wrapped KODI_HOME will likely contain symlinks to static assets
# that Kodi's built in webserver will cautiously refuse to serve up
# (because their realpaths are outside of KODI_HOME and the other

4
pkgs/applications/window-managers/herbstluftwm/default.nix
View File

@ -1,5 +1,5 @@
{ lib, stdenv, fetchurl, cmake, pkg-config, python3, libX11, libXext, libXinerama, libXrandr, libXft, libXrender, libXdmcp, libXfixes, freetype, asciidoc
, xdotool, xorgserver, xsetroot, xterm, runtimeShell
, xdotool, xorg, xsetroot, xterm, runtimeShell
, fetchpatch
, nixosTests }:
@ -78,7 +78,7 @@ stdenv.mkDerivation rec {
nativeCheckInputs = [
(python3.withPackages (ps: with ps; [ ewmh pytest xlib ]))
xdotool
xorgserver
xorg.xvfb
xsetroot
xterm
python3.pkgs.pytestCheckHook

4
pkgs/applications/window-managers/i3/default.nix
View File

@ -1,7 +1,7 @@
{ fetchurl, lib, stdenv, pkg-config, makeWrapper, meson, ninja, installShellFiles, libxcb, xcbutilkeysyms
, xcbutil, xcbutilwm, xcbutilxrm, libstartup_notification, libX11, pcre2, libev
, yajl, xcb-util-cursor, perl, pango, perlPackages, libxkbcommon
, xorgserver, xvfb-run
, xvfb-run
, asciidoc, xmlto, docbook_xml_dtd_45, docbook_xsl, findXMLCatalogs
}:
@ -29,7 +29,7 @@ stdenv.mkDerivation rec {
libstartup_notification libX11 pcre2 libev yajl xcb-util-cursor perl pango
perlPackages.AnyEventI3 perlPackages.X11XCB perlPackages.IPCRun
perlPackages.ExtUtilsPkgConfig perlPackages.InlineC
xorgserver xvfb-run
xvfb-run
];
configureFlags = [ "--disable-builddir" ];

2
pkgs/build-support/appimage/default.nix
View File

@ -162,7 +162,7 @@ rec {
vulkan-loader
flac
freeglut
libglut
libjpeg
libpng12
libpulseaudio

1
pkgs/build-support/bintools-wrapper/default.nix
View File

@ -45,6 +45,7 @@
"relro"
"stackprotector"
"strictoverflow"
"zerocallusedregs"
] ++ lib.optional (with stdenvNoCC;
# Musl-based platforms will keep "pie", other platforms will not.
# If you change this, make sure to update section `{#sec-hardening-in-nixpkgs}`

2
pkgs/build-support/cc-wrapper/add-clang-cc-cflags-before.sh
View File

@ -7,5 +7,5 @@ for p in "${params[@]}"; do
done
if $needsTarget; then
extraBefore+=(-target @defaultTarget@ @march@)
extraBefore+=(-target @defaultTarget@ @machineFlags@)
fi

6
pkgs/build-support/cc-wrapper/add-hardening.sh
View File

@ -32,7 +32,7 @@ if [[ -n "${hardeningEnableMap[fortify3]-}" ]]; then
fi
if (( "${NIX_DEBUG:-0}" >= 1 )); then
declare -a allHardeningFlags=(fortify fortify3 stackprotector pie pic strictoverflow format trivialautovarinit zerocallusedregs)
declare -a allHardeningFlags=(fortify fortify3 stackprotector stackclashprotection pie pic strictoverflow format trivialautovarinit zerocallusedregs)
declare -A hardeningDisableMap=()
# Determine which flags were effectively disabled so we can report below.
@ -79,6 +79,10 @@ for flag in "${!hardeningEnableMap[@]}"; do
if (( "${NIX_DEBUG:-0}" >= 1 )); then echo HARDENING: enabling stackprotector >&2; fi
hardeningCFlagsBefore+=('-fstack-protector-strong' '--param' 'ssp-buffer-size=4')
;;
stackclashprotection)
if (( "${NIX_DEBUG:-0}" >= 1 )); then echo HARDENING: enabling stack-clash-protection >&2; fi
hardeningCFlagsBefore+=('-fstack-clash-protection')
;;
pie)
# NB: we do not use `+=` here, because PIE flags must occur before any PIC flags
if (( "${NIX_DEBUG:-0}" >= 1 )); then echo HARDENING: enabling CFlags -fPIE >&2; fi

77
pkgs/build-support/cc-wrapper/default.nix
View File

@ -67,6 +67,7 @@ let
concatMapStrings
concatStringsSep
escapeShellArg
escapeShellArgs
getBin
getDev
getLib
@ -234,6 +235,32 @@ let
then guess
else null;
thumb = if targetPlatform.gcc.thumb then "thumb" else "arm";
tune = if targetPlatform ? gcc.tune
then findBestTuneApproximation targetPlatform.gcc.tune
else null;
# Machine flags. These are necessary to support
# TODO: We should make a way to support miscellaneous machine
# flags and other gcc flags as well.
machineFlags =
# Always add -march based on cpu in triple. Sometimes there is a
# discrepency (x86_64 vs. x86-64), so we provide an "arch" arg in
# that case.
optional (targetPlatform ? gcc.arch && !(targetPlatform.isDarwin && targetPlatform.isAarch64) && isGccArchSupported targetPlatform.gcc.arch) "-march=${targetPlatform.gcc.arch}" ++
# TODO: aarch64-darwin has mcpu incompatible with gcc
optional (targetPlatform ? gcc.cpu && !(targetPlatform.isDarwin && targetPlatform.isAarch64)) "-mcpu=${targetPlatform.gcc.cpu}" ++
# -mfloat-abi only matters on arm32 but we set it here
# unconditionally just in case. If the abi specifically sets hard
# vs. soft floats we use it here.
optional (targetPlatform ? gcc.float-abi) "-mfloat-abi=${targetPlatform.gcc.float-abi}" ++
optional (targetPlatform ? gcc.fpu) "-mfpu=${targetPlatform.gcc.fpu}" ++
optional (targetPlatform ? gcc.mode) "-mmode=${targetPlatform.gcc.mode}" ++
optional (targetPlatform ? gcc.thumb) "-m${thumb}" ++
optional (tune != null) "-mtune=${tune}";
defaultHardeningFlags = bintools.defaultHardeningFlags or [];
# if cc.hardeningUnsupportedFlagsByTargetPlatform exists, this is
@ -610,53 +637,11 @@ stdenvNoCC.mkDerivation {
export hardening_unsupported_flags="${concatStringsSep " " ccHardeningUnsupportedFlags}"
''
# Machine flags. These are necessary to support
# TODO: We should make a way to support miscellaneous machine
# flags and other gcc flags as well.
# Always add -march based on cpu in triple. Sometimes there is a
# discrepency (x86_64 vs. x86-64), so we provide an "arch" arg in
# that case.
#
# For clang, this is handled in add-clang-cc-cflags-before.sh
# TODO: aarch64-darwin has mcpu incompatible with gcc
+ optionalString ((targetPlatform ? gcc.arch) && !isClang && !(targetPlatform.isDarwin && targetPlatform.isAarch64) &&
isGccArchSupported targetPlatform.gcc.arch) ''
echo "-march=${targetPlatform.gcc.arch}" >> $out/nix-support/cc-cflags-before
+ lib.optionalString (!isClang && machineFlags != []) ''
printf "%s\n" ${lib.escapeShellArgs machineFlags} >> $out/nix-support/cc-cflags-before
''
# -mcpu is not very useful, except on PowerPC where it is used
# instead of march. On all other platforms you should use mtune
# and march instead.
# TODO: aarch64-darwin has mcpu incompatible with gcc
+ optionalString ((targetPlatform ? gcc.cpu) && (isClang || !(targetPlatform.isDarwin && targetPlatform.isAarch64))) ''
echo "-mcpu=${targetPlatform.gcc.cpu}" >> $out/nix-support/cc-cflags-before
''
# -mfloat-abi only matters on arm32 but we set it here
# unconditionally just in case. If the abi specifically sets hard
# vs. soft floats we use it here.
+ optionalString (targetPlatform ? gcc.float-abi) ''
echo "-mfloat-abi=${targetPlatform.gcc.float-abi}" >> $out/nix-support/cc-cflags-before
''
+ optionalString (targetPlatform ? gcc.fpu) ''
echo "-mfpu=${targetPlatform.gcc.fpu}" >> $out/nix-support/cc-cflags-before
''
+ optionalString (targetPlatform ? gcc.mode) ''
echo "-mmode=${targetPlatform.gcc.mode}" >> $out/nix-support/cc-cflags-before
''
+ optionalString (targetPlatform ? gcc.thumb) ''
echo "-m${if targetPlatform.gcc.thumb then "thumb" else "arm"}" >> $out/nix-support/cc-cflags-before
''
+ (let tune = if targetPlatform ? gcc.tune
then findBestTuneApproximation targetPlatform.gcc.tune
else null;
in optionalString (tune != null) ''
echo "-mtune=${tune}" >> $out/nix-support/cc-cflags-before
'')
# TODO: categorize these and figure out a better place for them
+ optionalString targetPlatform.isWindows ''
hardening_unsupported_flags+=" pic"
@ -718,9 +703,7 @@ stdenvNoCC.mkDerivation {
##
+ optionalString isClang ''
# Escape twice: once for this script, once for the one it gets substituted into.
export march=${escapeShellArg
(optionalString (targetPlatform ? gcc.arch)
(escapeShellArg "-march=${targetPlatform.gcc.arch}"))}
export machineFlags=${escapeShellArg (escapeShellArgs machineFlags)}
export defaultTarget=${targetPlatform.config}
substituteAll ${./add-clang-cc-cflags-before.sh} $out/nix-support/add-local-cc-cflags-before.sh
''

24
pkgs/build-support/emacs/melpa.nix
View File

@ -38,6 +38,11 @@ in
Default: pname
*/
, ename ? pname
/*
version: Either a stable version such as "1.2" or an unstable version.
An unstable version can use either Nix format (preferred) such as
"1.2-unstable-2024-06-01" or MELPA format such as "20240601.1230".
*/
, version
/*
commit: Optional package history commit.
@ -71,6 +76,19 @@ genericBuild ({
inherit packageBuild commit ename recipe;
melpaVersion =
let
parsed = lib.flip builtins.match version
# match <version>-unstable-YYYY-MM-DD format
"^.*-unstable-([[:digit:]]{4})-([[:digit:]]{2})-([[:digit:]]{2})$";
unstableVersionInNixFormat = parsed != null; # heuristics
date = builtins.concatStringsSep "" parsed;
time = "0"; # unstable version in nix format lacks this info
in
if unstableVersionInNixFormat
then date + "." + time
else version;
preUnpack = ''
mkdir -p "$NIX_BUILD_TOP/recipes"
if [ -n "$recipe" ]; then
@ -96,7 +114,7 @@ genericBuild ({
-L "$NIX_BUILD_TOP/package-build" \
-l "$melpa2nix" \
-f melpa2nix-build-package \
$ename $version $commit
$ename $melpaVersion $commit
runHook postBuild
'';
@ -104,9 +122,9 @@ genericBuild ({
installPhase = ''
runHook preInstall
archive="$NIX_BUILD_TOP/packages/$ename-$version.el"
archive="$NIX_BUILD_TOP/packages/$ename-$melpaVersion.el"
if [ ! -f "$archive" ]; then
archive="$NIX_BUILD_TOP/packages/$ename-$version.tar"
archive="$NIX_BUILD_TOP/packages/$ename-$melpaVersion.tar"
fi
emacs --batch -Q \

8
pkgs/build-support/go/module.nix
View File

@ -218,8 +218,7 @@ let
buildGoDir() {
local cmd="$1" dir="$2"
. $TMPDIR/buildFlagsArray
declare -ga buildFlagsArray
declare -a flags
flags+=($buildFlags "''${buildFlagsArray[@]}")
flags+=(''${tags:+-tags=''${tags// /,}})
@ -258,11 +257,6 @@ let
buildFlagsArray+=(-x)
fi
if [ ''${#buildFlagsArray[@]} -ne 0 ]; then
declare -p buildFlagsArray > $TMPDIR/buildFlagsArray
else
touch $TMPDIR/buildFlagsArray
fi
if [ -z "$enableParallelBuilding" ]; then
export NIX_BUILD_CORES=1
fi

8
pkgs/build-support/rust/hooks/maturin-build-hook.sh
View File

@ -3,6 +3,9 @@ maturinBuildHook() {
runHook preBuild
# Put the wheel to dist/ so that regular Python tooling can find it.
local dist="$PWD/dist"
if [ ! -z "${buildAndTestSubdir-}" ]; then
pushd "${buildAndTestSubdir}"
fi
@ -16,6 +19,7 @@ maturinBuildHook() {
--manylinux off \
--strip \
--release \
--out "$dist" \
${maturinBuildFlags-}
)
@ -23,10 +27,6 @@ maturinBuildHook() {
popd
fi
# Move the wheel to dist/ so that regular Python tooling can find it.
mkdir -p dist
mv ${cargoRoot:+$cargoRoot/}target/wheels/*.whl dist/
# These are python build hooks and may depend on ./dist
runHook postBuild

5
pkgs/build-support/setup-hooks/fix-darwin-dylib-names.sh
View File

@ -23,10 +23,13 @@ fixDarwinDylibNames() {
for fn in "$@"; do
if [ -L "$fn" ]; then continue; fi
echo "$fn: fixing dylib"
set +e
int_out=$(@targetPrefix@install_name_tool -id "$fn" "${flags[@]}" "$fn" 2>&1)
result=$?
set -e
if [ "$result" -ne 0 ] &&
! grep "shared library stub file and can't be changed" <<< "$out"
! grep -q -e "shared library stub file and can't be changed" \
-e "is not a Mach-O file" <<< "$int_out"
then
echo "$int_out" >&2
exit "$result"

5
pkgs/build-support/setup-hooks/install-shell-files.sh
View File

@ -219,6 +219,11 @@ installShellCompletion() {
else
install -Dm644 -T "$arg" "$outPath"
fi || return
if [ ! -s "$outPath" ]; then
echo "installShellCompletion: error: installed shell completion file \`$outPath' does not exist or has zero size" >&2
return 1
fi
# Clear the per-path flags
name=
done

4
pkgs/by-name/ad/ad-miner/package.nix
View File

@ -22,10 +22,6 @@ python3.pkgs.buildPythonApplication rec {
poetry-core
];
nativeBuildInputs = with python3.pkgs; [
pythonRelaxDepsHook
];
dependencies = with python3.pkgs; [
neo4j
numpy

1
pkgs/by-name/ai/airlift/package.nix
View File

@ -27,7 +27,6 @@ python3.pkgs.buildPythonApplication rec {
nativeBuildInputs = [
python3.pkgs.poetry-core
python3.pkgs.pythonRelaxDepsHook
];
buildInputs = [

4
pkgs/by-name/al/alsa-plugins/package.nix
View File

@ -2,11 +2,11 @@
stdenv.mkDerivation rec {
pname = "alsa-plugins";
version = "1.2.7.1";
version = "1.2.12";
src = fetchurl {
url = "mirror://alsa/plugins/${pname}-${version}.tar.bz2";
hash = "sha256-jDN4FJVLt8FnRWczpgRhQqKTHxLsy6PsKkrmGKNDJRE=";
hash = "sha256-e9ioPTBOji2GoliV2Nyw7wJFqN8y4nGVnNvcavObZvI=";
};
nativeBuildInputs = [ pkg-config ];

1
pkgs/by-name/au/audible-cli/package.nix
View File

@ -13,7 +13,6 @@ python3Packages.buildPythonApplication rec {
};
nativeBuildInputs = with python3Packages; [
pythonRelaxDepsHook
setuptools
] ++ [
installShellFiles

1
pkgs/by-name/au/audiness/package.nix
View File

@ -23,7 +23,6 @@ python3.pkgs.buildPythonApplication rec {
build-system = with python3.pkgs; [ poetry-core ];
nativeBuildInputs = with python3.pkgs; [ pythonRelaxDepsHook ];
dependencies =
with python3.pkgs;

1
pkgs/by-name/aw/aws-gate/package.nix
View File

@ -27,7 +27,6 @@ python3Packages.buildPythonApplication rec {
nativeBuildInputs = [
installShellFiles
python3Packages.pythonRelaxDepsHook
python3Packages.setuptools
python3Packages.wheel
];

2
pkgs/by-name/ba/backgroundremover/package.nix
View File

@ -32,7 +32,7 @@ let
--replace 'os.path.expanduser(os.path.join("~", ".u2net", model_name + ".pth"))' "os.path.join(\"$models\", model_name + \".pth\")"
'';
nativeBuildInputs = [ p.setuptools p.wheel p.pythonRelaxDepsHook ];
nativeBuildInputs = [ p.setuptools p.wheel ];
pythonRelaxDeps = [ "pillow" "torchvision" ];

1
pkgs/by-name/ch/charmcraft/package.nix
View File

@ -45,7 +45,6 @@ python3Packages.buildPythonApplication rec {
];
nativeBuildInputs = with python3Packages; [
pythonRelaxDepsHook
setuptools
];

4
pkgs/by-name/ch/chow-kick/package.nix
View File

@ -6,7 +6,7 @@
, dbus
, libepoxy
, fetchFromGitHub
, freeglut
, libglut
, freetype
, gtk2-x11
, lib
@ -58,7 +58,7 @@ stdenv.mkDerivation (finalAttrs: {
curl
dbus
libepoxy
freeglut
libglut
freetype
gtk2-x11
libGL

4
pkgs/by-name/ch/chow-phaser/package.nix
View File

@ -1,4 +1,4 @@
{ alsa-lib, at-spi2-core, cmake, curl, dbus, libepoxy, fetchFromGitHub, freeglut
{ alsa-lib, at-spi2-core, cmake, curl, dbus, libepoxy, fetchFromGitHub, libglut
, freetype, gcc-unwrapped, gtk3, lib, libGL, libXcursor, libXdmcp, libXext
, libXinerama, libXrandr, libXtst, libdatrie, libjack2, libpsl, libselinux
, libsepol, libsysprof-capture, libthai, libxkbcommon, pcre, pkg-config
@ -24,7 +24,7 @@ stdenv.mkDerivation (finalAttrs: {
curl
dbus
libepoxy
freeglut
libglut
freetype
gtk3
libGL

4
pkgs/by-name/ch/chow-tape-model/package.nix
View File

@ -5,7 +5,7 @@
, dbus
, libepoxy
, fetchFromGitHub
, freeglut
, libglut
, freetype
, gtk3
, lib
@ -59,7 +59,7 @@ stdenv.mkDerivation (finalAttrs: {
curl
dbus
libepoxy
freeglut
libglut
freetype
gtk3
libGL

6
pkgs/by-name/cm/cmake/package.nix
View File

@ -48,11 +48,11 @@ stdenv.mkDerivation (finalAttrs: {
+ lib.optionalString isMinimalBuild "-minimal"
+ lib.optionalString cursesUI "-cursesUI"
+ lib.optionalString qt5UI "-qt5UI";
version = "3.29.3";
version = "3.29.6";
src = fetchurl {
url = "https://cmake.org/files/v${lib.versions.majorMinor finalAttrs.version}/cmake-${finalAttrs.version}.tar.gz";
hash = "sha256-JSruFEjUnKoElU/V4n0YndUVcFVzE+eygWNnFqI4vMs=";
hash = "sha256-E5ExMAO4PUjiqxFai1JaVX942MFURhi0jR2QGEoQ8K8=";
};
patches = [
@ -115,7 +115,7 @@ stdenv.mkDerivation (finalAttrs: {
--subst-var-by libc_dev ${lib.getDev stdenv.cc.libc} \
--subst-var-by libc_lib ${lib.getLib stdenv.cc.libc}
# CC_FOR_BUILD and CXX_FOR_BUILD are used to bootstrap cmake
configureFlags="--parallel=''${NIX_BUILD_CORES:-1} CC=$CC_FOR_BUILD CXX=$CXX_FOR_BUILD $configureFlags"
configureFlags="--parallel=''${NIX_BUILD_CORES:-1} CC=$CC_FOR_BUILD CXX=$CXX_FOR_BUILD $configureFlags $cmakeFlags"
'';
# The configuration script is not autoconf-based, although being similar;

1
pkgs/by-name/co/corrscope/package.nix
View File

@ -26,7 +26,6 @@ python3Packages.buildPythonApplication rec {
wrapQtAppsHook
]) ++ (with python3Packages; [
poetry-core
pythonRelaxDepsHook
]);
buildInputs = [

2
pkgs/by-name/co/cosmic-edit/package.nix
View File

@ -97,7 +97,7 @@ rustPlatform.buildRustPackage rec {
wrapProgram "$out/bin/${pname}" \
--suffix XDG_DATA_DIRS : "${cosmic-icons}/share" \
--prefix LD_LIBRARY_PATH : ${lib.makeLibraryPath [
xorg.libX11 xorg.libXcursor xorg.libXi xorg.libXrandr vulkan-loader libxkbcommon mesa.drivers wayland
xorg.libX11 xorg.libXcursor xorg.libXi xorg.libXrandr vulkan-loader libxkbcommon wayland
]}
'';

1
pkgs/by-name/co/cosmic-store/package.nix
View File

@ -86,7 +86,6 @@ rustPlatform.buildRustPackage rec {
xorg.libXrandr
libxkbcommon
vulkan-loader
mesa.drivers
]
}
'';

1
pkgs/by-name/co/cosmic-term/package.nix
View File

@ -99,7 +99,6 @@ rustPlatform.buildRustPackage rec {
--suffix XDG_DATA_DIRS : "${cosmic-icons}/share" \
--prefix LD_LIBRARY_PATH : ${lib.makeLibraryPath [
libxkbcommon
mesa.drivers
vulkan-loader
xorg.libX11
xorg.libXcursor

1
pkgs/by-name/cu/cups-printers/package.nix
View File

@ -23,7 +23,6 @@ python3.pkgs.buildPythonApplication rec {
build-system = with python3.pkgs; [ poetry-core ];
nativeBuildInputs = with python3.pkgs; [ pythonRelaxDepsHook ];
dependencies =
with python3.pkgs;

1
pkgs/by-name/do/donpapi/package.nix
View File

@ -23,7 +23,6 @@ python3.pkgs.buildPythonApplication rec {
nativeBuildInputs = with python3.pkgs; [
poetry-core
pythonRelaxDepsHook
];
propagatedBuildInputs = with python3.pkgs; [

1
pkgs/by-name/do/dooit/package.nix
View File

@ -20,7 +20,6 @@ python3.pkgs.buildPythonApplication rec {
nativeBuildInputs = with python3.pkgs; [
poetry-core
pythonRelaxDepsHook
];
pythonRelaxDeps = [

Some files were not shown because too many files have changed in this diff Show More