diff --git a/pkgs/applications/version-management/git-and-tools/git/default.nix b/pkgs/applications/version-management/git-and-tools/git/default.nix index 6358a340bb6e..5e42992cbe22 100644 --- a/pkgs/applications/version-management/git-and-tools/git/default.nix +++ b/pkgs/applications/version-management/git-and-tools/git/default.nix @@ -53,9 +53,6 @@ stdenv.mkDerivation { NIX_LDFLAGS = stdenv.lib.optionalString (!stdenv.cc.isClang) "-lgcc_s" + stdenv.lib.optionalString (stdenv.isFreeBSD) "-lthr"; - # without this, git fails when trying to check for /etc/gitconfig existence - propagatedSandboxProfile = stdenv.lib.sandbox.allowDirectoryList "/etc"; - makeFlags = "prefix=\${out} PERL_PATH=${perl}/bin/perl SHELL_PATH=${stdenv.shell} " + (if pythonSupport then "PYTHON_PATH=${python}/bin/python" else "NO_PYTHON=1") + (if stdenv.isSunOS then " INSTALL=install NO_INET_NTOP= NO_INET_PTON=" else "") diff --git a/pkgs/data/misc/iana-etc/default.nix b/pkgs/data/misc/iana-etc/default.nix index 842b031c6bed..249f0e5dcb91 100644 --- a/pkgs/data/misc/iana-etc/default.nix +++ b/pkgs/data/misc/iana-etc/default.nix @@ -2,16 +2,15 @@ stdenv.mkDerivation rec { name = "iana-etc-${version}"; - version = "20170512"; + version = "20171106"; src = fetchurl { url = "https://github.com/Mic92/iana-etc/releases/download/${version}/iana-etc-${version}.tar.gz"; - sha256 = "0zx2ag894qldvrv8f4hs84644kdcp8a83gjg33xsw8rrn38gll2a"; + sha256 = "0pbmq95gdkp66cljwklv4gzh8lvl30l4k77hfwvrxz5mfqia6qdd"; }; installPhase = '' - mkdir -p $out/etc - cp services protocols $out/etc/ + install -D -t $out/etc services protocols ''; meta = with stdenv.lib; { diff --git a/pkgs/development/interpreters/python/cpython/2.7/default.nix b/pkgs/development/interpreters/python/cpython/2.7/default.nix index 4ac827db7cb6..eb2a46cb3b79 100644 --- a/pkgs/development/interpreters/python/cpython/2.7/default.nix +++ b/pkgs/development/interpreters/python/cpython/2.7/default.nix @@ -128,7 +128,7 @@ let ++ optional hostPlatform.isCygwin expat ++ [ db gdbm ncurses sqlite readline ] ++ optionals x11Support [ tcl tk xlibsWrapper libX11 ] - ++ optionals stdenv.isDarwin [ CF configd ]; + ++ optionals stdenv.isDarwin ([ CF ] ++ optional (configd != null) configd); mkPaths = paths: { C_INCLUDE_PATH = makeSearchPathOutput "dev" "include" paths; diff --git a/pkgs/development/libraries/webkitgtk/2.18.nix b/pkgs/development/libraries/webkitgtk/2.18.nix index e1b520eb10b1..d83da0402bab 100644 --- a/pkgs/development/libraries/webkitgtk/2.18.nix +++ b/pkgs/development/libraries/webkitgtk/2.18.nix @@ -12,7 +12,7 @@ assert enableGeoLocation -> geoclue2 != null; with stdenv.lib; stdenv.mkDerivation rec { name = "webkitgtk-${version}"; - version = "2.18.1"; + version = "2.18.2"; meta = { description = "Web content rendering engine, GTK+ port"; @@ -42,7 +42,7 @@ stdenv.mkDerivation rec { src = fetchurl { url = "http://webkitgtk.org/releases/${name}.tar.xz"; - sha256 = "15fp7szmkpannx7avsynf0nv3y343qwq0fvq3rz2m2mw5wq7pnww"; + sha256 = "1ry8zvv6k01g9p7agg326n0ziqpqjxd49h5w1b2is6rjnpqv6k5i"; }; # see if we can clean this up.... diff --git a/pkgs/os-specific/darwin/apple-sdk/default.nix b/pkgs/os-specific/darwin/apple-sdk/default.nix index 957b610f3a25..9a6624104f45 100644 --- a/pkgs/os-specific/darwin/apple-sdk/default.nix +++ b/pkgs/os-specific/darwin/apple-sdk/default.nix @@ -136,10 +136,13 @@ let # don't use pure CF for dylibs that depend on frameworks setupHook = ./framework-setup-hook.sh; - # allows building the symlink tree - __impureHostDeps = [ "/System/Library/Frameworks/${name}.framework" ]; - - __propagatedImpureHostDeps = stdenv.lib.optional (name != "Kernel") "/System/Library/Frameworks/${name}.framework/${name}"; + # Not going to be more specific than this for now + __propagatedImpureHostDeps = stdenv.lib.optionals (name != "Kernel") [ + # The setup-hook ensures that everyone uses the impure CoreFoundation who uses these SDK frameworks, so let's expose it + "/System/Library/Frameworks/CoreFoundation.framework" + "/System/Library/Frameworks/${name}.framework" + "/System/Library/Frameworks/${name}.framework/${name}" + ]; meta = with stdenv.lib; { description = "Apple SDK framework ${name}"; diff --git a/pkgs/os-specific/darwin/apple-source-releases/adv_cmds/default.nix b/pkgs/os-specific/darwin/apple-source-releases/adv_cmds/default.nix index ccbd8343e0d0..35608587c569 100644 --- a/pkgs/os-specific/darwin/apple-source-releases/adv_cmds/default.nix +++ b/pkgs/os-specific/darwin/apple-source-releases/adv_cmds/default.nix @@ -84,9 +84,6 @@ in appleDerivation { ]; setOutputFlags = false; - # ps uses this syscall to get process info - propagatedSandboxProfile = stdenv.lib.sandbox.allow "mach-priv-task-port"; - meta = { platforms = stdenv.lib.platforms.darwin; maintainers = with stdenv.lib.maintainers; [ gridaphobe ]; diff --git a/pkgs/tools/archivers/sharutils/default.nix b/pkgs/tools/archivers/sharutils/default.nix index 77ab8a1cb033..11072fc28dea 100644 --- a/pkgs/tools/archivers/sharutils/default.nix +++ b/pkgs/tools/archivers/sharutils/default.nix @@ -13,6 +13,16 @@ stdenv.mkDerivation rec { # GNU Gettext is needed on non-GNU platforms. buildInputs = [ coreutils gettext ]; + # These tests try to hit /etc/passwd to find out your username if pass in a submitter + # name on the command line. Since we block access to /etc/passwd on the Darwin sandbox + # that cause shar to just segfault. It isn't a problem on Linux because their sandbox + # remaps /etc/passwd to a trivial file, but we can't do that on Darwin so I do this + # instead. In this case, I pass in the very imaginative "submitter" as the submitter name + patchPhase = '' + substituteInPlace tests/shar-1 --replace '$''\{SHAR}' '$''\{SHAR} -s submitter' + substituteInPlace tests/shar-2 --replace '$''\{SHAR}' '$''\{SHAR} -s submitter' + ''; + doCheck = true; crossAttrs = { diff --git a/pkgs/tools/misc/parallel/default.nix b/pkgs/tools/misc/parallel/default.nix index 648d09b42654..676db3ab69c8 100644 --- a/pkgs/tools/misc/parallel/default.nix +++ b/pkgs/tools/misc/parallel/default.nix @@ -1,11 +1,11 @@ { fetchurl, stdenv, perl, makeWrapper, procps }: stdenv.mkDerivation rec { - name = "parallel-20170722"; + name = "parallel-20171022"; src = fetchurl { url = "mirror://gnu/parallel/${name}.tar.bz2"; - sha256 = "117g50bx1kcbrqix0f1539z5rzhvgsni2wddjv939wcxkrdb1idx"; + sha256 = "18pq10npl7g764ww7cy9r5n5s3kiy984jclf932qfgndcxsbpqpp"; }; nativeBuildInputs = [ makeWrapper perl ]; diff --git a/pkgs/tools/networking/openssh/default.nix b/pkgs/tools/networking/openssh/default.nix index 79f203f77470..663e7be7e5f3 100644 --- a/pkgs/tools/networking/openssh/default.nix +++ b/pkgs/tools/networking/openssh/default.nix @@ -13,11 +13,11 @@ assert withGssapiPatches -> withKerberos; let # **please** update this patch when you update to a new openssh release. - gssapiSrc = fetchpatch { + gssapiPatch = fetchpatch { name = "openssh-gssapi.patch"; url = "https://anonscm.debian.org/cgit/pkg-ssh/openssh.git/plain/debian" - + "/patches/gssapi.patch?id=db2122d97eb1ecdd8d99b7bf79b0dd2b5addfd92"; - sha256 = "1rw10pmvjw55521ys59x1kabvbvmla506znakwwjijggdsakvsjm"; + + "/patches/gssapi.patch?id=1e0d55f9163793742d20eaadd4784db16fd3459d"; + sha256 = "130phj87q87p9crigd6852nnaqsqkfg09h45a32lk4524h9kkxgb"; }; in @@ -26,7 +26,7 @@ stdenv.mkDerivation rec { # Please ensure that openssh_with_kerberos still builds when # bumping the version here! name = "openssh-${version}"; - version = "7.5p1"; + version = if hpnSupport then "7.5p1" else "7.6p1"; src = if hpnSupport then fetchurl { @@ -36,7 +36,7 @@ stdenv.mkDerivation rec { else fetchurl { url = "mirror://openbsd/OpenSSH/portable/${name}.tar.gz"; - sha256 = "1w7rb5gbrikxdkp8w7zxnci4549gk4bw1lml01s59w5rzb2y6ilq"; + sha256 = "08qpsb8mrzcx8wgvz9insiyvq7sbg26yj5nvl2m5n57yvppcl8x3"; }; patches = @@ -47,7 +47,7 @@ stdenv.mkDerivation rec { # See discussion in https://github.com/NixOS/nixpkgs/pull/16966 ./dont_create_privsep_path.patch ] - ++ optional withGssapiPatches gssapiSrc; + ++ optional withGssapiPatches gssapiPatch; postPatch = # On Hydra this makes installation fail (sometimes?),