mirror of
https://github.com/SebastianWendel/nixpkgs.git
synced 2024-09-21 12:59:04 +02:00
Merge #241951: staging-next 2023-07-06
This commit is contained in:
commit
3368e885d8
|
@ -26,7 +26,12 @@ with lib;
|
|||
|
||||
fonts.fontconfig.enable = false;
|
||||
|
||||
nixpkgs.overlays = singleton (const (super: {
|
||||
nixpkgs.overlays = singleton (self: super: let
|
||||
packageOverrides = const (python-prev: {
|
||||
# tk feature requires wayland which fails to compile
|
||||
matplotlib = python-prev.matplotlib.override { enableGtk3 = false; enableTk = false; enableQt = false; };
|
||||
});
|
||||
in {
|
||||
beam = super.beam_nox;
|
||||
cairo = super.cairo.override { x11Support = false; };
|
||||
dbus = super.dbus.override { x11Support = false; };
|
||||
|
@ -62,6 +67,8 @@ with lib;
|
|||
pango = super.pango.override { x11Support = false; };
|
||||
pinentry = super.pinentry.override { enabledFlavors = [ "curses" "tty" "emacs" ]; withLibsecret = false; };
|
||||
pipewire = super.pipewire.override { x11Support = false; };
|
||||
python3 = super.python3.override { inherit packageOverrides; };
|
||||
python3Packages = self.python3.pkgs; # required otherwise overlays from above are not forwarded
|
||||
qemu = super.qemu.override { gtkSupport = false; spiceSupport = false; sdlSupport = false; };
|
||||
qrencode = super.qrencode.overrideAttrs (_: { doCheck = false; });
|
||||
qt5 = super.qt5.overrideScope (const (super': {
|
||||
|
@ -72,6 +79,6 @@ with lib;
|
|||
util-linux = super.util-linux.override { translateManpages = false; };
|
||||
vim-full = super.vim-full.override { guiSupport = false; };
|
||||
zbar = super.zbar.override { enableVideo = false; withXorg = false; };
|
||||
}));
|
||||
});
|
||||
};
|
||||
}
|
||||
|
|
|
@ -25,6 +25,9 @@ stdenv.mkDerivation rec {
|
|||
nativeBuildInputs = [ pkg-config wrapGAppsHook4 ];
|
||||
buildInputs = [ gtk4 alsa-lib ];
|
||||
|
||||
# causes redefinition of _FORTIFY_SOURCE
|
||||
hardeningDisable = [ "fortify3" ];
|
||||
|
||||
meta = with lib; {
|
||||
description = "GUI for alsa controls presented by Focusrite Scarlett Gen 2/3 Mixer Driver";
|
||||
homepage = "https://github.com/geoffreybennett/alsa-scarlett-gui";
|
||||
|
|
|
@ -10,12 +10,12 @@
|
|||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "flac";
|
||||
version = "1.4.2";
|
||||
version = "1.4.3";
|
||||
|
||||
src = fetchurl {
|
||||
url = "http://downloads.xiph.org/releases/flac/${pname}-${version}.tar.xz";
|
||||
# Official checksum is published at https://github.com/xiph/flac/releases/tag/${version}
|
||||
sha256 = "sha256-4yLVih9I0j2d049DJnKGX2955zpvnMWl9X/KqD61qOQ=";
|
||||
hash = "sha256-bFjmnNIjSPRBuGEJK4JeWR0Lgi4QbebrDuTQXScgW3A=";
|
||||
};
|
||||
|
||||
nativeBuildInputs = [
|
||||
|
|
|
@ -51,8 +51,12 @@ stdenv.mkDerivation rec {
|
|||
# similarly here
|
||||
"-DCMAKE_INSTALL_LOCALSTATEDIR=/var/lib/mympd"
|
||||
];
|
||||
# See https://github.com/jcorporation/myMPD/issues/315
|
||||
hardeningDisable = [ "strictoverflow" ];
|
||||
hardeningDisable = [
|
||||
# See https://github.com/jcorporation/myMPD/issues/315
|
||||
"strictoverflow"
|
||||
# causes redefinition of _FORTIFY_SOURCE
|
||||
"fortify3"
|
||||
];
|
||||
|
||||
meta = {
|
||||
homepage = "https://jcorporation.github.io/myMPD";
|
||||
|
|
|
@ -1,12 +1,12 @@
|
|||
{ lib, fetchFromGitHub }:
|
||||
rec {
|
||||
version = "9.0.1562";
|
||||
version = "9.0.1642";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "vim";
|
||||
repo = "vim";
|
||||
rev = "v${version}";
|
||||
hash = "sha256-+QKh3CxSjwcJ+Rj9RHYHRKSZixkfA1ZCAPDIyV/Npt8=";
|
||||
hash = "sha256-WWj8lZZtnGrv3pxu77otBKixS3ciLcznCyPk/iGryg4=";
|
||||
};
|
||||
|
||||
enableParallelBuilding = true;
|
||||
|
|
|
@ -722,6 +722,10 @@ in
|
|||
# remove ccache
|
||||
substituteInPlace CMakeLists.txt --replace "ccache" ""
|
||||
'';
|
||||
|
||||
# causes redefinition of _FORTIFY_SOURCE
|
||||
hardeningDisable = [ "fortify3" ];
|
||||
|
||||
postBuild = "cd /build/source/build/pcsx2";
|
||||
meta = {
|
||||
description = "Port of PCSX2 to libretro";
|
||||
|
|
|
@ -51,6 +51,9 @@ stdenv.mkDerivation rec {
|
|||
"-Wno-error=array-bounds"
|
||||
];
|
||||
|
||||
# error: writing 1 byte into a region of size 0
|
||||
hardeningDisable = [ "fortify3" ];
|
||||
|
||||
installPhase = ''
|
||||
runHook preInstall
|
||||
|
||||
|
|
2
pkgs/applications/misc/pot/Cargo.lock
generated
2
pkgs/applications/misc/pot/Cargo.lock
generated
|
@ -3802,7 +3802,7 @@ dependencies = [
|
|||
[[package]]
|
||||
name = "tauri-plugin-single-instance"
|
||||
version = "0.0.0"
|
||||
source = "git+https://github.com/tauri-apps/plugins-workspace?branch=v1#c4d2c8c693a8e0da627f4c845486dbe1b1e32c64"
|
||||
source = "git+https://github.com/tauri-apps/plugins-workspace?branch=dev#dce0f02bc571128308c30278cde3233f341e6a50"
|
||||
dependencies = [
|
||||
"log",
|
||||
"serde",
|
||||
|
|
|
@ -34,11 +34,6 @@ stdenv.mkDerivation rec {
|
|||
|
||||
sourceRoot = "source/src-tauri";
|
||||
|
||||
postUnpack = ''
|
||||
sed -i -e 's/dev/v1/' source/src-tauri/Cargo.toml
|
||||
cp ${./Cargo.lock} source/src-tauri/Cargo.lock
|
||||
'';
|
||||
|
||||
postPatch = ''
|
||||
substituteInPlace $cargoDepsCopy/libappindicator-sys-*/src/lib.rs \
|
||||
--replace "libayatana-appindicator3.so.1" "${libayatana-appindicator}/lib/libayatana-appindicator3.so.1"
|
||||
|
@ -81,7 +76,7 @@ stdenv.mkDerivation rec {
|
|||
cargoDeps = rustPlatform.importCargoLock {
|
||||
lockFile = ./Cargo.lock;
|
||||
outputHashes = {
|
||||
"tauri-plugin-single-instance-0.0.0" = "sha256-9eclolp+Gb8qF/KYIRiOoCJbMJLI8LyWLQu82npI7mQ=";
|
||||
"tauri-plugin-single-instance-0.0.0" = "sha256-M6uGcf4UWAU+494wAK/r2ta1c3IZ07iaURLwJJR9F3U=";
|
||||
"tauri-plugin-autostart-0.0.0" = "sha256-9eclolp+Gb8qF/KYIRiOoCJbMJLI8LyWLQu82npI7mQ=";
|
||||
"enigo-0.1.2" = "sha256-99VJ0WYD8jV6CYUZ1bpYJBwIE2iwOZ9SjOvyA2On12Q=";
|
||||
"selection-0.1.0" = "sha256-85NUACRi7TjyMNKVz93G+W1EXKIVZZge/h/HtDwiW/Q=";
|
||||
|
|
|
@ -87,6 +87,9 @@ mkDerivation rec {
|
|||
"-DNO_SHIBBOLETH=1" # allows to compile without qtwebkit
|
||||
];
|
||||
|
||||
# causes redefinition of _FORTIFY_SOURCE
|
||||
hardeningDisable = [ "fortify3" ];
|
||||
|
||||
postBuild = ''
|
||||
make doc-man
|
||||
'';
|
||||
|
|
|
@ -28,6 +28,12 @@ stdenv.mkDerivation rec {
|
|||
|
||||
OMP_NUM_THREADS = 2; # required for check phase
|
||||
|
||||
# With "fortify3", there are test failures, such as:
|
||||
# Testing cnof CAMB3LYP/6-31G using FMM
|
||||
# *** buffer overflow detected ***: terminated
|
||||
# ./test_fmm_camb3lyp.sh: line 81: 1061289 Aborted (core dumped) ./ergo <<EOINPUT > /dev/null
|
||||
hardeningDisable = [ "fortify3" ];
|
||||
|
||||
doCheck = true;
|
||||
|
||||
meta = with lib; {
|
||||
|
|
|
@ -66,6 +66,9 @@ stdenv.mkDerivation rec {
|
|||
})
|
||||
];
|
||||
|
||||
# https://github.com/root-project/root/issues/13216
|
||||
hardeningDisable = [ "fortify3" ];
|
||||
|
||||
preConfigure = ''
|
||||
# binutils 2.37 fixes
|
||||
fixupList=(
|
||||
|
|
|
@ -99,8 +99,13 @@ buildPythonApplication rec {
|
|||
./disable-test_ssh_bootstrap_with_different_launchers.patch
|
||||
];
|
||||
|
||||
# Causes build failure due to warning
|
||||
hardeningDisable = lib.optional stdenv.cc.isClang "strictoverflow";
|
||||
hardeningDisable = [
|
||||
# causes redefinition of _FORTIFY_SOURCE
|
||||
"fortify3"
|
||||
] ++ lib.optionals stdenv.cc.isClang [
|
||||
# Causes build failure due to warning
|
||||
"strictoverflow"
|
||||
];
|
||||
|
||||
CGO_ENABLED = 0;
|
||||
GOFLAGS = "-trimpath";
|
||||
|
|
|
@ -4,14 +4,14 @@
|
|||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "xterm";
|
||||
version = "382";
|
||||
version = "383";
|
||||
|
||||
src = fetchurl {
|
||||
urls = [
|
||||
"ftp://ftp.invisible-island.net/xterm/${pname}-${version}.tgz"
|
||||
"https://invisible-mirror.net/archives/xterm/${pname}-${version}.tgz"
|
||||
];
|
||||
hash = "sha256-DNC889CqdGqEDqPxNm6imnQmNpTVNbXHd/J+tl1/zu0=";
|
||||
hash = "sha256-oGYTvNpQjCob/21CMIldp0p5h5mi45ojusggide5qZg=";
|
||||
};
|
||||
|
||||
strictDeps = true;
|
||||
|
|
|
@ -21,11 +21,11 @@ let
|
|||
|
||||
self = python3Packages.buildPythonApplication rec {
|
||||
pname = "mercurial${lib.optionalString fullBuild "-full"}";
|
||||
version = "6.4.3";
|
||||
version = "6.4.5";
|
||||
|
||||
src = fetchurl {
|
||||
url = "https://mercurial-scm.org/release/mercurial-${version}.tar.gz";
|
||||
sha256 = "sha256-p3+2LTJZNKg6ALL8bbEJ9ExnuGdo/EBJA2b1E2QMf2Q=";
|
||||
sha256 = "sha256-sLSwC4smOci+OHOUeW8EJb6zOTFN9+cpN/jd0qQbG4o=";
|
||||
};
|
||||
|
||||
format = "other";
|
||||
|
@ -35,7 +35,7 @@ let
|
|||
cargoDeps = if rustSupport then rustPlatform.fetchCargoTarball {
|
||||
inherit src;
|
||||
name = "mercurial-${version}";
|
||||
sha256 = "sha256-nm9RZZHtmPfeJ7StHZmfxcFqKeJHACQQeA/Evv3wYD8=";
|
||||
sha256 = "sha256-shB2MRGATTg4l6pJ9FVYfBtnrX/eEHRvPhc8GZTA9ns=";
|
||||
sourceRoot = "mercurial-${version}/rust";
|
||||
} else null;
|
||||
cargoRoot = if rustSupport then "rust" else null;
|
||||
|
|
|
@ -149,6 +149,9 @@ in
|
|||
++ extraConfigureFlags
|
||||
;
|
||||
|
||||
# causes redefinition of _FORTIFY_SOURCE
|
||||
hardeningDisable = [ "fortify3" ];
|
||||
|
||||
# Packages to prefix to the Apptainer/Singularity container runtime default PATH
|
||||
# Use overrideAttrs to override
|
||||
defaultPathInputs = [
|
||||
|
|
|
@ -37,11 +37,11 @@ fi
|
|||
for flag in "${!hardeningEnableMap[@]}"; do
|
||||
case $flag in
|
||||
pie)
|
||||
if [[ ! (" $* " =~ " -shared " \
|
||||
|| " $* " =~ " -static " \
|
||||
|| " $* " =~ " -r " \
|
||||
|| " $* " =~ " -Ur " \
|
||||
|| " $* " =~ " -i ") ]]; then
|
||||
if [[ ! (" ${params[*]} " =~ " -shared " \
|
||||
|| " ${params[*]} " =~ " -static " \
|
||||
|| " ${params[*]} " =~ " -r " \
|
||||
|| " ${params[*]} " =~ " -Ur " \
|
||||
|| " ${params[*]} " =~ " -i ") ]]; then
|
||||
if (( "${NIX_DEBUG:-0}" >= 1 )); then echo HARDENING: enabling LDFlags -pie >&2; fi
|
||||
hardeningLDFlags+=('-pie')
|
||||
fi
|
||||
|
|
|
@ -71,7 +71,7 @@ for flag in "${!hardeningEnableMap[@]}"; do
|
|||
# NB: we do not use `+=` here, because PIE flags must occur before any PIC flags
|
||||
if (( "${NIX_DEBUG:-0}" >= 1 )); then echo HARDENING: enabling CFlags -fPIE >&2; fi
|
||||
hardeningCFlags=('-fPIE' "${hardeningCFlags[@]}")
|
||||
if [[ ! (" $* " =~ " -shared " || " $* " =~ " -static ") ]]; then
|
||||
if [[ ! (" ${params[*]} " =~ " -shared " || " ${params[*]} " =~ " -static ") ]]; then
|
||||
if (( "${NIX_DEBUG:-0}" >= 1 )); then echo HARDENING: enabling LDFlags -pie >&2; fi
|
||||
hardeningCFlags=('-pie' "${hardeningCFlags[@]}")
|
||||
fi
|
||||
|
|
|
@ -111,7 +111,7 @@ export CC${role_post}=@named_cc@
|
|||
export CXX${role_post}=@named_cxx@
|
||||
|
||||
# If unset, assume the default hardening flags.
|
||||
: ${NIX_HARDENING_ENABLE="fortify stackprotector pic strictoverflow format relro bindnow"}
|
||||
: ${NIX_HARDENING_ENABLE="fortify fortify3 stackprotector pic strictoverflow format relro bindnow"}
|
||||
export NIX_HARDENING_ENABLE
|
||||
|
||||
# No local scope in sourced file
|
||||
|
|
|
@ -201,7 +201,7 @@ let
|
|||
|
||||
# Set up configuration for the vendor directory.
|
||||
cat > $out/.cargo-config <<EOF
|
||||
[source."${gitParts.url}"]
|
||||
[source."${gitParts.url}${lib.optionalString (gitParts ? type) "?${gitParts.type}=${gitParts.value}"}"]
|
||||
git = "${gitParts.url}"
|
||||
${lib.optionalString (gitParts ? type) "${gitParts.type} = \"${gitParts.value}\""}
|
||||
replace-with = "vendored-sources"
|
||||
|
|
|
@ -176,7 +176,8 @@ lib.pipe (stdenv.mkDerivation ({
|
|||
|
||||
libc_dev = stdenv.cc.libc_dev;
|
||||
|
||||
hardeningDisable = [ "format" "pie" ];
|
||||
hardeningDisable = [ "format" "pie" ]
|
||||
++ optional langAda "fortify3";
|
||||
|
||||
postPatch = ''
|
||||
configureScripts=$(find . -name configure)
|
||||
|
|
|
@ -385,6 +385,12 @@ stdenv.mkDerivation ({
|
|||
"--enable-dwarf-unwind"
|
||||
"--with-libdw-includes=${lib.getDev elfutils}/include"
|
||||
"--with-libdw-libraries=${lib.getLib elfutils}/lib"
|
||||
] ++ lib.optionals targetPlatform.isDarwin [
|
||||
# Darwin uses llvm-ar. GHC will try to use `-L` with `ar` when it is `llvm-ar`
|
||||
# but it doesn’t currently work because Cabal never uses `-L` on Darwin. See:
|
||||
# https://gitlab.haskell.org/ghc/ghc/-/issues/23188
|
||||
# https://github.com/haskell/cabal/issues/8882
|
||||
"fp_cv_prog_ar_supports_dash_l=no"
|
||||
];
|
||||
|
||||
# Make sure we never relax`$PATH` and hooks support for compatibility.
|
||||
|
|
|
@ -86,6 +86,9 @@ stdenv.mkDerivation rec {
|
|||
"-DIGC_PREFERRED_LLVM_VERSION=${lib.getVersion llvm}"
|
||||
];
|
||||
|
||||
# causes redefinition of _FORTIFY_SOURCE
|
||||
hardeningDisable = [ "fortify3" ];
|
||||
|
||||
meta = with lib; {
|
||||
homepage = "https://github.com/intel/intel-graphics-compiler";
|
||||
description = "LLVM-based compiler for OpenCL targeting Intel Gen graphics hardware";
|
||||
|
|
|
@ -18,11 +18,11 @@
|
|||
inherit (lib) optional optionals;
|
||||
in stdenv.mkDerivation rec {
|
||||
pname = "orc";
|
||||
version = "0.4.33";
|
||||
version = "0.4.34";
|
||||
|
||||
src = fetchurl {
|
||||
url = "https://gstreamer.freedesktop.org/src/orc/${pname}-${version}.tar.xz";
|
||||
sha256 = "sha256-hE5tfbgIb3k/V2GNPUto0p2ZsWA05xQw3zwhz9PDVCo=";
|
||||
sha256 = "sha256-j0ers/CXFx5E64B63Nq9hg+6Lv/TfY08T71fNByt1B8=";
|
||||
};
|
||||
|
||||
postPatch = lib.optionalString stdenv.isAarch32 ''
|
||||
|
@ -58,6 +58,7 @@ in stdenv.mkDerivation rec {
|
|||
meta = with lib; {
|
||||
description = "The Oil Runtime Compiler";
|
||||
homepage = "https://gstreamer.freedesktop.org/projects/orc.html";
|
||||
changelog = "https://cgit.freedesktop.org/gstreamer/orc/plain/RELEASE?h=${version}";
|
||||
# The source code implementing the Marsenne Twister algorithm is licensed
|
||||
# under the 3-clause BSD license. The rest is 2-clause BSD license.
|
||||
license = with licenses; [ bsd3 bsd2 ];
|
||||
|
|
|
@ -53,7 +53,7 @@ in stdenv.mkDerivation rec {
|
|||
NIX_LDFLAGS = toString (
|
||||
# when linking stage1 libstd: cc: undefined reference to `__cxa_begin_catch'
|
||||
optional (stdenv.isLinux && !withBundledLLVM) "--push-state --as-needed -lstdc++ --pop-state"
|
||||
++ optional (stdenv.isDarwin && !withBundledLLVM) "-lc++"
|
||||
++ optional (stdenv.isDarwin && !withBundledLLVM) "-lc++ -lc++abi"
|
||||
++ optional stdenv.isDarwin "-rpath ${llvmSharedForHost}/lib");
|
||||
|
||||
# Increase codegen units to introduce parallelism within the compiler.
|
||||
|
|
|
@ -2,11 +2,11 @@
|
|||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "rubygems";
|
||||
version = "3.4.14";
|
||||
version = "3.4.16";
|
||||
|
||||
src = fetchurl {
|
||||
url = "https://rubygems.org/rubygems/rubygems-${version}.tgz";
|
||||
hash = "sha256-l5sYQoSKOb5NkO/J05nClKygtuZ9RfgAsmyTzCLQOYM=";
|
||||
hash = "sha256-T58wDLMOCPPwoPuXdZvpXeF7yERXvW1lPxVqe8zFs6M=";
|
||||
};
|
||||
|
||||
patches = [
|
||||
|
|
|
@ -55,11 +55,11 @@
|
|||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "SDL2";
|
||||
version = "2.28.0";
|
||||
version = "2.28.1";
|
||||
|
||||
src = fetchurl {
|
||||
url = "https://www.libsdl.org/release/${pname}-${version}.tar.gz";
|
||||
sha256 = "sha256-0hWuRUHmnWKJU3EUls17DouNXI2BHVsPmP3H/RQimYo=";
|
||||
sha256 = "sha256-SXfOulwAVNvmwvEUZBrO1DzjvytB6mS2o3LWuhKcsV0=";
|
||||
};
|
||||
dontDisableStatic = if withStatic then 1 else 0;
|
||||
outputs = [ "out" "dev" ];
|
||||
|
|
|
@ -112,7 +112,29 @@ stdenv.mkDerivation {
|
|||
url = "https://github.com/boostorg/math/commit/7d482f6ebc356e6ec455ccb5f51a23971bf6ce5b.patch";
|
||||
relative = "include";
|
||||
sha256 = "sha256-KlmIbixcds6GyKYt1fx5BxDIrU7msrgDdYo9Va/KJR4=";
|
||||
});
|
||||
})
|
||||
# This fixes another issue regarding ill-formed constant expressions, which is a default error
|
||||
# in clang 16 and will be a hard error in clang 17.
|
||||
++ lib.optional (lib.versionOlder version "1.80") (fetchpatch {
|
||||
url = "https://github.com/boostorg/log/commit/77f1e20bd69c2e7a9e25e6a9818ae6105f7d070c.patch";
|
||||
relative = "include";
|
||||
hash = "sha256-6qOiGJASm33XzwoxVZfKJd7sTlQ5yd+MMFQzegXm5RI=";
|
||||
})
|
||||
++ lib.optionals (lib.versionOlder version "1.81") [
|
||||
# libc++ 15 dropped support for `std::unary_function` and `std::binary_function` in C++17+.
|
||||
# C++17 is the default for clang 16, but clang 15 is also affected in that language mode.
|
||||
# This patch is for Boost 1.80, but it also applies to earlier versions.
|
||||
(fetchpatch {
|
||||
url = "https://www.boost.org/patches/1_80_0/0005-config-libcpp15.patch";
|
||||
hash = "sha256-ULFMzKphv70unvPZ3o4vSP/01/xbSM9a2TlIV67eXDQ=";
|
||||
})
|
||||
# This fixes another ill-formed contant expressions issue flagged by clang 16.
|
||||
(fetchpatch {
|
||||
url = "https://github.com/boostorg/numeric_conversion/commit/50a1eae942effb0a9b90724323ef8f2a67e7984a.patch";
|
||||
relative = "include";
|
||||
hash = "sha256-dq4SVgxkPJSC7Fvr59VGnXkM4Lb09kYDaBksCHo9C0s=";
|
||||
})
|
||||
];
|
||||
|
||||
meta = with lib; {
|
||||
homepage = "http://boost.org/";
|
||||
|
|
|
@ -10,13 +10,13 @@ assert useVulkan -> withExamples;
|
|||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "dav1d";
|
||||
version = "1.2.0";
|
||||
version = "1.2.1";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "videolan";
|
||||
repo = pname;
|
||||
rev = version;
|
||||
hash = "sha256-Y9wqa6lIs0eKT+q+95gjzfHIc3pglXzLNaDjsWy1gok=";
|
||||
hash = "sha256-RrEim3HXXjx2RUU7K3wPH3QbhNTRN9ZX/oAcyE9aV8I=";
|
||||
};
|
||||
|
||||
outputs = [ "out" "dev" ];
|
||||
|
|
|
@ -139,3 +139,67 @@ index f3922e0..e40fcdf 100644
|
|||
} else {
|
||||
DB_ASSERT(env, sharecount > 0);
|
||||
MEMBAR_EXIT();
|
||||
diff -ur a/dist/aclocal/clock.m4 b/dist/aclocal/clock.m4
|
||||
--- a/dist/aclocal/clock.m4 1969-12-31 19:00:01.000000000 -0500
|
||||
+++ b/dist/aclocal/clock.m4 2023-06-05 19:14:02.007080500 -0400
|
||||
@@ -21,6 +21,7 @@
|
||||
AC_CACHE_CHECK([for clock_gettime monotonic clock], db_cv_clock_monotonic, [
|
||||
AC_TRY_RUN([
|
||||
#include <sys/time.h>
|
||||
+int
|
||||
main() {
|
||||
struct timespec t;
|
||||
return (clock_gettime(CLOCK_MONOTONIC, &t) != 0);
|
||||
diff -ur a/dist/aclocal/mutex.m4 b/dist/aclocal/mutex.m4
|
||||
--- a/dist/aclocal/mutex.m4 1969-12-31 19:00:01.000000000 -0500
|
||||
+++ b/dist/aclocal/mutex.m4 2023-06-05 19:14:47.214158196 -0400
|
||||
@@ -4,6 +4,7 @@
|
||||
AC_DEFUN(AM_PTHREADS_SHARED, [
|
||||
AC_TRY_RUN([
|
||||
#include <pthread.h>
|
||||
+int
|
||||
main() {
|
||||
pthread_cond_t cond;
|
||||
pthread_mutex_t mutex;
|
||||
@@ -46,6 +47,7 @@
|
||||
AC_DEFUN(AM_PTHREADS_PRIVATE, [
|
||||
AC_TRY_RUN([
|
||||
#include <pthread.h>
|
||||
+int
|
||||
main() {
|
||||
pthread_cond_t cond;
|
||||
pthread_mutex_t mutex;
|
||||
diff -ur a/dist/aclocal/sequence.m4 b/dist/aclocal/sequence.m4
|
||||
--- a/dist/aclocal/sequence.m4 1969-12-31 19:00:01.000000000 -0500
|
||||
+++ b/dist/aclocal/sequence.m4 2023-06-05 19:14:02.007869956 -0400
|
||||
@@ -43,6 +43,9 @@
|
||||
# test, which won't test for the appropriate printf format strings.
|
||||
if test "$db_cv_build_sequence" = "yes"; then
|
||||
AC_TRY_RUN([
|
||||
+ #include <string.h>
|
||||
+ #include <stdio.h>
|
||||
+ int
|
||||
main() {
|
||||
$db_cv_seq_type l;
|
||||
unsigned $db_cv_seq_type u;
|
||||
@@ -59,7 +62,9 @@
|
||||
return (1);
|
||||
return (0);
|
||||
}],, [db_cv_build_sequence="no"],
|
||||
- AC_TRY_LINK(,[
|
||||
+ AC_TRY_LINK([
|
||||
+ #include <string.h>
|
||||
+ #include <stdio.h>],[
|
||||
$db_cv_seq_type l;
|
||||
unsigned $db_cv_seq_type u;
|
||||
char buf@<:@100@:>@;
|
||||
diff -ur a/dist/RELEASE b/dist/RELEASE
|
||||
--- a/dist/RELEASE 1969-12-31 19:00:01.000000000 -0500
|
||||
+++ b/dist/RELEASE 2023-07-02 17:32:34.703953049 -0400
|
||||
@@ -7,5 +7,5 @@
|
||||
|
||||
DB_VERSION_UNIQUE_NAME=`printf "_%d%03d" $DB_VERSION_MAJOR $DB_VERSION_MINOR`
|
||||
|
||||
-DB_RELEASE_DATE=`date "+%B %e, %Y"`
|
||||
+DB_RELEASE_DATE="April 9, 2010"
|
||||
DB_VERSION_STRING="Berkeley DB $DB_VERSION: ($DB_RELEASE_DATE)"
|
||||
|
|
|
@ -139,3 +139,111 @@ index 106b161..fc4de9d 100644
|
|||
} else {
|
||||
DB_ASSERT(env, sharecount > 0);
|
||||
MEMBAR_EXIT();
|
||||
diff -ur a/dist/aclocal/clock.m4 b/dist/aclocal/clock.m4
|
||||
--- a/dist/aclocal/clock.m4 1969-12-31 19:00:01.000000000 -0500
|
||||
+++ b/dist/aclocal/clock.m4 2023-06-05 19:14:02.007080500 -0400
|
||||
@@ -21,6 +21,7 @@
|
||||
AC_CACHE_CHECK([for clock_gettime monotonic clock], db_cv_clock_monotonic, [
|
||||
AC_TRY_RUN([
|
||||
#include <sys/time.h>
|
||||
+int
|
||||
main() {
|
||||
struct timespec t;
|
||||
return (clock_gettime(CLOCK_MONOTONIC, &t) != 0);
|
||||
diff -ur a/dist/aclocal/mmap.m4 b/dist/aclocal/mmap.m4
|
||||
--- a/dist/aclocal/mmap.m4 1969-12-31 19:00:01.000000000 -0500
|
||||
+++ b/dist/aclocal/mmap.m4 2023-06-05 19:14:02.007323624 -0400
|
||||
@@ -29,6 +29,8 @@
|
||||
* system to system.
|
||||
*/
|
||||
#include <stdio.h>
|
||||
+ #include <stdlib.h>
|
||||
+ #include <unistd.h>
|
||||
#include <string.h>
|
||||
#include <sys/types.h>
|
||||
#include <sys/stat.h>
|
||||
@@ -42,12 +44,13 @@
|
||||
#define MAP_FAILED (-1)
|
||||
#endif
|
||||
|
||||
- int catch_sig(sig)
|
||||
+ void catch_sig(sig)
|
||||
int sig;
|
||||
{
|
||||
exit(1);
|
||||
}
|
||||
|
||||
+ int
|
||||
main() {
|
||||
const char *underlying;
|
||||
unsigned gapsize;
|
||||
@@ -88,8 +91,8 @@
|
||||
return (4);
|
||||
}
|
||||
|
||||
- (void) signal(SIGSEGV, catch_sig);
|
||||
- (void) signal(SIGBUS, catch_sig);
|
||||
+ (void) signal(SIGSEGV, &catch_sig);
|
||||
+ (void) signal(SIGBUS, &catch_sig);
|
||||
|
||||
for (i = sizeof(buf); i < total_size; i += gapsize)
|
||||
base[i] = 'A';
|
||||
diff -ur a/dist/aclocal/mutex.m4 b/dist/aclocal/mutex.m4
|
||||
--- a/dist/aclocal/mutex.m4 1969-12-31 19:00:01.000000000 -0500
|
||||
+++ b/dist/aclocal/mutex.m4 2023-06-05 19:14:47.214158196 -0400
|
||||
@@ -5,6 +5,7 @@
|
||||
AC_TRY_RUN([
|
||||
#include <stdlib.h>
|
||||
#include <pthread.h>
|
||||
+int
|
||||
main() {
|
||||
pthread_cond_t cond;
|
||||
pthread_mutex_t mutex;
|
||||
@@ -49,6 +50,7 @@
|
||||
AC_TRY_RUN([
|
||||
#include <stdlib.h>
|
||||
#include <pthread.h>
|
||||
+int
|
||||
main() {
|
||||
pthread_cond_t cond;
|
||||
pthread_mutex_t mutex;
|
||||
@@ -89,6 +91,7 @@
|
||||
AC_TRY_RUN([
|
||||
#include <stdlib.h>
|
||||
#include <pthread.h>
|
||||
+int
|
||||
main() {
|
||||
pthread_cond_t cond;
|
||||
pthread_condattr_t condattr;
|
||||
@@ -110,6 +113,7 @@
|
||||
AC_TRY_RUN([
|
||||
#include <stdlib.h>
|
||||
#include <pthread.h>
|
||||
+int
|
||||
main() {
|
||||
pthread_rwlock_t rwlock;
|
||||
pthread_rwlockattr_t rwlockattr;
|
||||
diff -ur a/dist/aclocal/sequence.m4 b/dist/aclocal/sequence.m4
|
||||
--- a/dist/aclocal/sequence.m4 1969-12-31 19:00:01.000000000 -0500
|
||||
+++ b/dist/aclocal/sequence.m4 2023-06-05 19:14:02.007869956 -0400
|
||||
@@ -43,6 +43,9 @@
|
||||
# test, which won't test for the appropriate printf format strings.
|
||||
if test "$db_cv_build_sequence" = "yes"; then
|
||||
AC_TRY_RUN([
|
||||
+ #include <string.h>
|
||||
+ #include <stdio.h>
|
||||
+ int
|
||||
main() {
|
||||
$db_cv_seq_type l;
|
||||
unsigned $db_cv_seq_type u;
|
||||
@@ -59,7 +62,9 @@
|
||||
return (1);
|
||||
return (0);
|
||||
}],, [db_cv_build_sequence="no"],
|
||||
- AC_TRY_LINK(,[
|
||||
+ AC_TRY_LINK([
|
||||
+ #include <string.h>
|
||||
+ #include <stdio.h>],[
|
||||
$db_cv_seq_type l;
|
||||
unsigned $db_cv_seq_type u;
|
||||
char buf@<:@100@:>@;
|
||||
|
|
55
pkgs/development/libraries/db/darwin-mutexes-4.8.patch
Normal file
55
pkgs/development/libraries/db/darwin-mutexes-4.8.patch
Normal file
|
@ -0,0 +1,55 @@
|
|||
diff -ur a/dist/aclocal/mutex.m4 b/dist/aclocal/mutex.m4
|
||||
--- a/dist/aclocal/mutex.m4 1969-12-31 19:00:01.000000000 -0500
|
||||
+++ b/dist/aclocal/mutex.m4 2023-06-05 19:14:47.214158196 -0400
|
||||
@@ -372,10 +376,11 @@
|
||||
|
||||
# _spin_lock_try/_spin_unlock: Apple/Darwin
|
||||
if test "$db_cv_mutex" = no; then
|
||||
-AC_TRY_LINK(,[
|
||||
- int x;
|
||||
- _spin_lock_try(&x);
|
||||
- _spin_unlock(&x);
|
||||
+AC_TRY_LINK([
|
||||
+#include <os/lock.h>],[
|
||||
+ os_unfair_lock x = OS_UNFAIR_LOCK_INIT;
|
||||
+ bool _ = os_unfair_lock_trylock(&x);
|
||||
+ os_unfair_lock_unlock(&x);
|
||||
], [db_cv_mutex=Darwin/_spin_lock_try])
|
||||
fi
|
||||
|
||||
diff -ur a/dbinc/mutex_int.h b/dbinc/mutex_int.h
|
||||
--- a/dbinc/mutex_int.h 1969-12-31 19:00:01.000000000 -0500
|
||||
+++ b/dbinc/mutex_int.h 2023-06-05 19:15:37.510514745 -0400
|
||||
@@ -154,14 +154,13 @@
|
||||
* Apple/Darwin library functions.
|
||||
*********************************************************************/
|
||||
#ifdef HAVE_MUTEX_DARWIN_SPIN_LOCK_TRY
|
||||
-typedef u_int32_t tsl_t;
|
||||
+#include <os/lock.h>
|
||||
+typedef os_unfair_lock tsl_t;
|
||||
|
||||
#ifdef LOAD_ACTUAL_MUTEX_CODE
|
||||
-extern int _spin_lock_try(tsl_t *);
|
||||
-extern void _spin_unlock(tsl_t *);
|
||||
-#define MUTEX_SET(tsl) _spin_lock_try(tsl)
|
||||
-#define MUTEX_UNSET(tsl) _spin_unlock(tsl)
|
||||
-#define MUTEX_INIT(tsl) (MUTEX_UNSET(tsl), 0)
|
||||
+#define MUTEX_SET(tsl) os_unfair_lock_trylock(tsl)
|
||||
+#define MUTEX_UNSET(tsl) os_unfair_lock_unlock(tsl)
|
||||
+#define MUTEX_INIT(tsl) ({ *(tsl) = OS_UNFAIR_LOCK_INIT; tsl; })
|
||||
#endif
|
||||
#endif
|
||||
|
||||
diff -ur a/dbinc/mutex_int.h b/dbinc/mutex_int.h
|
||||
--- a/dbinc_auto/mutex_ext.h 1969-12-31 19:00:01.000000000 -0500
|
||||
+++ b/dbinc_auto/mutex_ext.h 2023-07-01 22:38:20.749201366 -0400
|
||||
@@ -34,6 +34,9 @@
|
||||
#if !defined(HAVE_ATOMIC_SUPPORT) && defined(HAVE_MUTEX_SUPPORT)
|
||||
atomic_value_t __atomic_dec __P((ENV *, db_atomic_t *));
|
||||
#endif
|
||||
+#if !defined(HAVE_ATOMIC_SUPPORT) && defined(HAVE_MUTEX_SUPPORT)
|
||||
+int atomic_compare_exchange __P((ENV *, db_atomic_t *, atomic_value_t, atomic_value_t));
|
||||
+#endif
|
||||
int __db_pthread_mutex_init __P((ENV *, db_mutex_t, u_int32_t));
|
||||
int __db_pthread_mutex_lock __P((ENV *, db_mutex_t));
|
||||
#if defined(HAVE_SHARED_LATCHES)
|
42
pkgs/development/libraries/db/darwin-mutexes.patch
Normal file
42
pkgs/development/libraries/db/darwin-mutexes.patch
Normal file
|
@ -0,0 +1,42 @@
|
|||
diff -ur a/dist/aclocal/mutex.m4 b/dist/aclocal/mutex.m4
|
||||
--- a/dist/aclocal/mutex.m4 1969-12-31 19:00:01.000000000 -0500
|
||||
+++ b/dist/aclocal/mutex.m4 2023-06-05 19:14:47.214158196 -0400
|
||||
@@ -441,10 +445,11 @@
|
||||
|
||||
# _spin_lock_try/_spin_unlock: Apple/Darwin
|
||||
if test "$db_cv_mutex" = no; then
|
||||
-AC_TRY_LINK(,[
|
||||
- int x;
|
||||
- _spin_lock_try(&x);
|
||||
- _spin_unlock(&x);
|
||||
+AC_TRY_LINK([
|
||||
+#include <os/lock.h>],[
|
||||
+ os_unfair_lock x = OS_UNFAIR_LOCK_INIT;
|
||||
+ bool _ = os_unfair_lock_trylock(&x);
|
||||
+ os_unfair_lock_unlock(&x);
|
||||
], [db_cv_mutex=Darwin/_spin_lock_try])
|
||||
fi
|
||||
|
||||
diff -ur a/src/dbinc/mutex_int.h b/src/dbinc/mutex_int.h
|
||||
--- a/src/dbinc/mutex_int.h 1969-12-31 19:00:01.000000000 -0500
|
||||
+++ b/src/dbinc/mutex_int.h 2023-06-05 19:15:37.510514745 -0400
|
||||
@@ -154,14 +154,13 @@
|
||||
* Apple/Darwin library functions.
|
||||
*********************************************************************/
|
||||
#ifdef HAVE_MUTEX_DARWIN_SPIN_LOCK_TRY
|
||||
-typedef u_int32_t tsl_t;
|
||||
+#include <os/lock.h>
|
||||
+typedef os_unfair_lock tsl_t;
|
||||
|
||||
#ifdef LOAD_ACTUAL_MUTEX_CODE
|
||||
-extern int _spin_lock_try(tsl_t *);
|
||||
-extern void _spin_unlock(tsl_t *);
|
||||
-#define MUTEX_SET(tsl) _spin_lock_try(tsl)
|
||||
-#define MUTEX_UNSET(tsl) _spin_unlock(tsl)
|
||||
-#define MUTEX_INIT(tsl) (MUTEX_UNSET(tsl), 0)
|
||||
+#define MUTEX_SET(tsl) os_unfair_lock_trylock(tsl)
|
||||
+#define MUTEX_UNSET(tsl) os_unfair_lock_unlock(tsl)
|
||||
+#define MUTEX_INIT(tsl) ({ *(tsl) = OS_UNFAIR_LOCK_INIT; tsl; })
|
||||
#endif
|
||||
#endif
|
||||
|
|
@ -1,9 +1,10 @@
|
|||
{ lib, stdenv, fetchurl, ... } @ args:
|
||||
{ lib, stdenv, fetchurl, autoreconfHook, ... } @ args:
|
||||
|
||||
import ./generic.nix (args // {
|
||||
version = "4.8.30";
|
||||
sha256 = "0ampbl2f0hb1nix195kz1syrqqxpmvnvnfvphambj7xjrl3iljg0";
|
||||
extraPatches = [ ./clang-4.8.patch ./CVE-2017-10140-4.8-cwd-db_config.patch ];
|
||||
extraPatches = [ ./clang-4.8.patch ./CVE-2017-10140-4.8-cwd-db_config.patch ]
|
||||
++ lib.optionals stdenv.isDarwin [ ./darwin-mutexes-4.8.patch ];
|
||||
|
||||
drvArgs.hardeningDisable = [ "format" ];
|
||||
drvArgs.doCheck = false;
|
||||
|
|
|
@ -1,7 +1,8 @@
|
|||
{ lib, stdenv, fetchurl, ... } @ args:
|
||||
{ lib, stdenv, fetchurl, autoreconfHook, ... } @ args:
|
||||
|
||||
import ./generic.nix (args // {
|
||||
version = "5.3.28";
|
||||
sha256 = "0a1n5hbl7027fbz5lm0vp0zzfp1hmxnz14wx3zl9563h83br5ag0";
|
||||
extraPatches = [ ./clang-5.3.patch ./CVE-2017-10140-cwd-db_config.patch ];
|
||||
extraPatches = [ ./clang-5.3.patch ./CVE-2017-10140-cwd-db_config.patch ]
|
||||
++ lib.optionals stdenv.isDarwin [ ./darwin-mutexes.patch ];
|
||||
})
|
||||
|
|
|
@ -1,8 +1,9 @@
|
|||
{ lib, stdenv, fetchurl, ... } @ args:
|
||||
{ lib, stdenv, fetchurl, autoreconfHook, ... } @ args:
|
||||
|
||||
import ./generic.nix (args // {
|
||||
version = "6.0.20";
|
||||
sha256 = "00r2aaglq625y8r9xd5vw2y070plp88f1mb2gbq3kqsl7128lsl0";
|
||||
license = lib.licenses.agpl3;
|
||||
extraPatches = [ ./clang-6.0.patch ./CVE-2017-10140-cwd-db_config.patch ];
|
||||
extraPatches = [ ./clang-6.0.patch ./CVE-2017-10140-cwd-db_config.patch ]
|
||||
++ lib.optionals stdenv.isDarwin [ ./darwin-mutexes.patch ];
|
||||
})
|
||||
|
|
|
@ -1,8 +1,9 @@
|
|||
{ lib, stdenv, fetchurl, ... } @ args:
|
||||
{ lib, stdenv, fetchurl, autoreconfHook, ... } @ args:
|
||||
|
||||
import ./generic.nix (args // {
|
||||
version = "6.2.23";
|
||||
sha256 = "1isxx4jfmnh913jzhp8hhfngbk6dsg46f4kjpvvc56maj64jqqa7";
|
||||
license = lib.licenses.agpl3;
|
||||
extraPatches = [ ./clang-6.0.patch ./CVE-2017-10140-cwd-db_config.patch ];
|
||||
extraPatches = [ ./clang-6.0.patch ./CVE-2017-10140-cwd-db_config.patch ]
|
||||
++ lib.optionals stdenv.isDarwin [ ./darwin-mutexes.patch ];
|
||||
})
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
{ lib, stdenv, fetchurl
|
||||
{ lib, stdenv, fetchurl, autoreconfHook
|
||||
, cxxSupport ? true
|
||||
, compat185 ? true
|
||||
, dbmSupport ? false
|
||||
|
@ -10,6 +10,9 @@
|
|||
, drvArgs ? {}
|
||||
}:
|
||||
|
||||
let
|
||||
shouldReconfigure = stdenv.cc.isClang;
|
||||
in
|
||||
stdenv.mkDerivation (rec {
|
||||
pname = "db";
|
||||
inherit version;
|
||||
|
@ -19,10 +22,48 @@ stdenv.mkDerivation (rec {
|
|||
sha256 = sha256;
|
||||
};
|
||||
|
||||
# The provided configure script features `main` returning implicit `int`, which causes
|
||||
# configure checks to work incorrectly with clang 16.
|
||||
nativeBuildInputs = lib.optionals stdenv.cc.isClang [ autoreconfHook ];
|
||||
|
||||
patches = extraPatches;
|
||||
|
||||
outputs = [ "bin" "out" "dev" ];
|
||||
|
||||
# Required when regenerated the configure script to make sure the vendored macros are found.
|
||||
autoreconfFlags = lib.optionalString shouldReconfigure [ "-fi" "-Iaclocal" "-Iaclocal_java" ];
|
||||
|
||||
preAutoreconf = lib.optionalString shouldReconfigure ''
|
||||
pushd dist
|
||||
# Upstream’s `dist/s_config` cats everything into `aclocal.m4`, but that doesn’t work with
|
||||
# autoreconfHook, so cat `config.m4` to another file. Otherwise, it won’t be found by `aclocal`.
|
||||
cat aclocal/config.m4 >> aclocal/options.m4
|
||||
'';
|
||||
|
||||
# This isn’t pretty. The version information is kept separate from the configure script.
|
||||
# After the configure script is regenerated, the version information has to be replaced with the
|
||||
# contents of `dist/RELEASE`.
|
||||
postAutoreconf = lib.optionalString shouldReconfigure ''
|
||||
(
|
||||
declare -a vars=(
|
||||
"DB_VERSION_FAMILY"
|
||||
"DB_VERSION_RELEASE"
|
||||
"DB_VERSION_MAJOR"
|
||||
"DB_VERSION_MINOR"
|
||||
"DB_VERSION_PATCH"
|
||||
"DB_VERSION_STRING"
|
||||
"DB_VERSION_FULL_STRING"
|
||||
"DB_VERSION_UNIQUE_NAME"
|
||||
"DB_VERSION"
|
||||
)
|
||||
source RELEASE
|
||||
for var in "''${vars[@]}"; do
|
||||
sed -e "s/__EDIT_''${var}__/''${!var}/g" -i configure
|
||||
done
|
||||
)
|
||||
popd
|
||||
'';
|
||||
|
||||
configureFlags =
|
||||
[
|
||||
(if cxxSupport then "--enable-cxx" else "--disable-cxx")
|
||||
|
|
|
@ -60,6 +60,9 @@ stdenv.mkDerivation rec {
|
|||
"-DGVM_RUN_DIR=${placeholder "out"}/run/gvm"
|
||||
];
|
||||
|
||||
# causes redefinition of _FORTIFY_SOURCE
|
||||
hardeningDisable = [ "fortify3" ];
|
||||
|
||||
meta = with lib; {
|
||||
description = "Libraries module for the Greenbone Vulnerability Management Solution";
|
||||
homepage = "https://github.com/greenbone/gvm-libs";
|
||||
|
|
|
@ -29,6 +29,9 @@ stdenv.mkDerivation rec {
|
|||
"--disable-exec-static-tramp"
|
||||
];
|
||||
|
||||
# with fortify3, tests fail for some reason
|
||||
hardeningDisable = [ "fortify3" ];
|
||||
|
||||
preCheck = ''
|
||||
# The tests use -O0 which is not compatible with -D_FORTIFY_SOURCE.
|
||||
NIX_HARDENING_ENABLE=''${NIX_HARDENING_ENABLE/fortify/}
|
||||
|
|
|
@ -44,6 +44,9 @@ stdenv.mkDerivation rec {
|
|||
"-DUSE_PCSC=1"
|
||||
];
|
||||
|
||||
# causes possible redefinition of _FORTIFY_SOURCE?
|
||||
hardeningDisable = [ "fortify3" ];
|
||||
|
||||
meta = with lib; {
|
||||
description = ''
|
||||
Provides library functionality for FIDO 2.0, including communication with a device over USB.
|
||||
|
|
|
@ -1,7 +1,6 @@
|
|||
{ lib
|
||||
, stdenv
|
||||
, fetchFromGitLab
|
||||
, fetchpatch
|
||||
, nix-update-script
|
||||
|
||||
, autoreconfHook
|
||||
|
@ -25,13 +24,13 @@
|
|||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "libtiff";
|
||||
version = "4.5.0";
|
||||
version = "4.5.1";
|
||||
|
||||
src = fetchFromGitLab {
|
||||
owner = "libtiff";
|
||||
repo = "libtiff";
|
||||
rev = "v${version}";
|
||||
hash = "sha256-KG6rB940JMjFUTAgtkzg+Zh75gylPY6Q7/4gEbL0Hcs=";
|
||||
hash = "sha256-qQEthy6YhNAQmdDMyoCIvK8f3Tx25MgqhJZW74CB93E=";
|
||||
};
|
||||
|
||||
patches = [
|
||||
|
@ -40,32 +39,6 @@ stdenv.mkDerivation rec {
|
|||
# libc++abi 11 has an `#include <version>`, this picks up files name
|
||||
# `version` in the project's include paths
|
||||
./rename-version.patch
|
||||
(fetchpatch {
|
||||
name = "CVE-2022-48281.patch";
|
||||
url = "https://gitlab.com/libtiff/libtiff/-/commit/d1b6b9c1b3cae2d9e37754506c1ad8f4f7b646b5.diff";
|
||||
sha256 = "sha256-FWUlyJyHXac6fuM5f9PG33kcF5Bm4fyFmYnaDal46iM=";
|
||||
})
|
||||
(fetchpatch {
|
||||
name = "CVE-2023-0800.CVE-2023-0801.CVE-2023-0802.CVE-2023-0803.CVE-2023-0804.patch";
|
||||
url = "https://gitlab.com/libtiff/libtiff/-/commit/33aee1275d9d1384791d2206776eb8152d397f00.patch";
|
||||
sha256 = "sha256-wNSa1D9EWObTs331utjIKgo9p9PUWqTM54qG+1Hhm1A=";
|
||||
})
|
||||
(fetchpatch {
|
||||
name = "CVE-2023-0795.CVE-2023-0796.CVE-2023-0797.CVE-2023-0798.CVE-2023-0799.prerequisite-0.patch";
|
||||
url = "https://gitlab.com/libtiff/libtiff/-/commit/9c22495e5eeeae9e00a1596720c969656bb8d678.patch";
|
||||
sha256 = "sha256-NTs+dCUweKddQDzJLqbdIdvNbaSweGG0cSVt57tntoI=";
|
||||
})
|
||||
(fetchpatch {
|
||||
name = "CVE-2023-0795.CVE-2023-0796.CVE-2023-0797.CVE-2023-0798.CVE-2023-0799.prerequisite-1.patch";
|
||||
url = "https://gitlab.com/libtiff/libtiff/-/commit/d63de61b1ec3385f6383ef9a1f453e4b8b11d536.patch";
|
||||
includes = [ "tools/tiffcrop.c" ];
|
||||
sha256 = "sha256-VHg5aAcHKwRkDFDyC1rLjCjj1rMzcq/2SUR/r1fQubQ=";
|
||||
})
|
||||
(fetchpatch {
|
||||
name = "CVE-2023-0795.CVE-2023-0796.CVE-2023-0797.CVE-2023-0798.CVE-2023-0799.patch";
|
||||
url = "https://gitlab.com/libtiff/libtiff/-/commit/afaabc3e50d4e5d80a94143f7e3c997e7e410f68.patch";
|
||||
sha256 = "sha256-9+oXKVJEeaIuMBdtvhNlUBNpw9uzg31s+zxt4GJo6Lo=";
|
||||
})
|
||||
];
|
||||
|
||||
postPatch = ''
|
||||
|
|
|
@ -23,14 +23,14 @@
|
|||
}:
|
||||
|
||||
stdenv.mkDerivation (finalAttrs: {
|
||||
version = "1.45.0";
|
||||
version = "1.46.0";
|
||||
pname = "libuv";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "libuv";
|
||||
repo = "libuv";
|
||||
rev = "v${finalAttrs.version}";
|
||||
sha256 = "sha256-qKw9QFR24Uw7pVA9isPH8Va+9/5DYuqXz6l6jWcXn+4=";
|
||||
sha256 = "sha256-Lrsyh4qd3OkTw1cSPfahzfSGNt6+pRN1X21iiv1SsFo=";
|
||||
};
|
||||
|
||||
outputs = [ "out" "dev" ];
|
||||
|
@ -62,7 +62,7 @@ stdenv.mkDerivation (finalAttrs: {
|
|||
"tcp_create_early" "tcp_close" "tcp_bind_error_inval"
|
||||
"tcp_bind_error_addrinuse" "tcp_shutdown_after_write"
|
||||
"tcp_open" "tcp_write_queue_order" "tcp_try_write" "tcp_writealot"
|
||||
"multiple_listen" "delayed_accept"
|
||||
"multiple_listen" "delayed_accept" "udp_recv_in_a_row"
|
||||
"shutdown_close_tcp" "shutdown_eof" "shutdown_twice" "callback_stack"
|
||||
"tty_pty" "condvar_5" "hrtime" "udp_multicast_join"
|
||||
# Tests that fail when sandboxing is enabled.
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
{ stdenv, lib, fetchFromGitHub, meson, pkg-config, ninja, wayland-scanner
|
||||
, libdrm
|
||||
, minimal ? false, libva-minimal
|
||||
, minimal ? false
|
||||
, libX11, libXext, libXfixes, wayland, libffi, libGL
|
||||
, mesa
|
||||
# for passthru.tests
|
||||
|
@ -26,11 +26,11 @@ stdenv.mkDerivation rec {
|
|||
|
||||
depsBuildBuild = [ pkg-config ];
|
||||
|
||||
nativeBuildInputs = [ meson pkg-config ninja wayland-scanner ];
|
||||
nativeBuildInputs = [ meson pkg-config ninja ]
|
||||
++ lib.optional (!minimal) wayland-scanner;
|
||||
|
||||
buildInputs = [ libdrm ]
|
||||
++ lib.optionals (!minimal) [ libva-minimal libX11 libXext libXfixes wayland libffi libGL ];
|
||||
# TODO: share libs between minimal and !minimal - perhaps just symlink them
|
||||
++ lib.optionals (!minimal) [ libX11 libXext libXfixes wayland libffi libGL ];
|
||||
|
||||
mesonFlags = [
|
||||
# Add FHS and Debian paths for non-NixOS applications
|
||||
|
|
|
@ -1,5 +1,4 @@
|
|||
{ lib, stdenv, fetchFromGitHub, autoreconfHook, libtool
|
||||
, fetchpatch
|
||||
, threadingSupport ? true # multi-threading
|
||||
, openglSupport ? false, freeglut, libGL, libGLU # OpenGL (required for vwebp)
|
||||
, pngSupport ? true, libpng # PNG image format
|
||||
|
@ -28,24 +27,15 @@
|
|||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "libwebp";
|
||||
version = "1.3.0";
|
||||
version = "1.3.1";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "webmproject";
|
||||
repo = pname;
|
||||
rev = "v${version}";
|
||||
hash = "sha256-nhXkq+qKpaa75YQB/W/cRozslTIFPdXeqj1y6emQeHk=";
|
||||
hash = "sha256-Q94avvKjPdwdGt5ADo30cf2V4T7MCTubDHJxTtbG4xQ=";
|
||||
};
|
||||
|
||||
patches = [
|
||||
# https://www.mozilla.org/en-US/security/advisories/mfsa2023-13/#MFSA-TMP-2023-0001
|
||||
(fetchpatch {
|
||||
url = "https://github.com/webmproject/libwebp/commit/a486d800b60d0af4cc0836bf7ed8f21e12974129.patch";
|
||||
name = "fix-msfa-tmp-2023-0001.patch";
|
||||
hash = "sha256-TRKXpNkYVzftBw09mX+WeQRhRoOzBgXFTNZBzSdCKvc=";
|
||||
})
|
||||
];
|
||||
|
||||
configureFlags = [
|
||||
(lib.enableFeature threadingSupport "threading")
|
||||
(lib.enableFeature openglSupport "gl")
|
||||
|
|
|
@ -24,7 +24,7 @@ stdenv.mkDerivation (finalAttrs: {
|
|||
"--enable-hashes=${enableHashes}"
|
||||
"--enable-obsolete-api=glibc"
|
||||
"--disable-failure-tokens"
|
||||
] ++ lib.optionals (stdenv.hostPlatform.isMusl || stdenv.hostPlatform.libc == "bionic") [
|
||||
# required for musl, android, march=native
|
||||
"--disable-werror"
|
||||
];
|
||||
|
||||
|
|
|
@ -31,6 +31,9 @@ stdenv.mkDerivation rec {
|
|||
"USE_SYSTEM_MINIZIP=1"
|
||||
];
|
||||
|
||||
# TEST 428/429 worksheet:worksheet_table15 *** buffer overflow detected ***: terminated
|
||||
hardeningDisable = [ "fortify3" ];
|
||||
|
||||
doCheck = true;
|
||||
|
||||
checkTarget = "test";
|
||||
|
|
|
@ -52,6 +52,9 @@ stdenv.mkDerivation rec {
|
|||
"--enable-sage"
|
||||
];
|
||||
|
||||
# https://github.com/linbox-team/linbox/issues/304
|
||||
hardeningDisable = [ "fortify3" ];
|
||||
|
||||
doCheck = true;
|
||||
|
||||
enableParallelBuilding = true;
|
||||
|
|
|
@ -30,6 +30,7 @@
|
|||
] ++ lib.optionals stdenv.hostPlatform.isx86 [
|
||||
"iris" # new Intel, could work on non-x86 with PCIe cards, but doesn't build as of 22.3.4
|
||||
"crocus" # Intel legacy, x86 only
|
||||
"i915" # Intel extra legacy, x86 only
|
||||
]
|
||||
else [ "auto" ]
|
||||
, vulkanDrivers ?
|
||||
|
|
|
@ -1,76 +0,0 @@
|
|||
diff --git nss/cmd/shlibsign/shlibsign.c nss/cmd/shlibsign/shlibsign.c
|
||||
index ad8f3b84e..74676d039 100644
|
||||
--- nss/cmd/shlibsign/shlibsign.c
|
||||
+++ nss/cmd/shlibsign/shlibsign.c
|
||||
@@ -875,6 +875,8 @@ main(int argc, char **argv)
|
||||
goto cleanup;
|
||||
}
|
||||
lib = PR_LoadLibrary(libname);
|
||||
+ if (!lib)
|
||||
+ lib = PR_LoadLibrary(NIX_NSS_LIBDIR"libsoftokn3.so");
|
||||
assert(lib != NULL);
|
||||
if (!lib) {
|
||||
PR_fprintf(PR_STDERR, "loading softokn3 failed");
|
||||
diff --git nss/lib/pk11wrap/pk11load.c nss/lib/pk11wrap/pk11load.c
|
||||
index 119c8c512..720d39ccc 100644
|
||||
--- nss/lib/pk11wrap/pk11load.c
|
||||
+++ nss/lib/pk11wrap/pk11load.c
|
||||
@@ -486,6 +486,15 @@ secmod_LoadPKCS11Module(SECMODModule *mod, SECMODModule **oldModule)
|
||||
#else
|
||||
library = PR_LoadLibrary(mod->dllName);
|
||||
#endif // defined(_WIN32)
|
||||
+#ifndef NSS_STATIC_SOFTOKEN
|
||||
+ if ((library == NULL) &&
|
||||
+ !rindex(mod->dllName, PR_GetDirectorySeparator())) {
|
||||
+ library = PORT_LoadLibraryFromOrigin(my_shlib_name,
|
||||
+ (PRFuncPtr) &softoken_LoadDSO,
|
||||
+ mod->dllName);
|
||||
+ }
|
||||
+#endif
|
||||
+
|
||||
mod->library = (void *)library;
|
||||
|
||||
if (library == NULL) {
|
||||
diff --git nss/lib/util/secload.c nss/lib/util/secload.c
|
||||
index 12efd2f75..8b74478f6 100644
|
||||
--- nss/lib/util/secload.c
|
||||
+++ nss/lib/util/secload.c
|
||||
@@ -70,9 +70,14 @@ loader_LoadLibInReferenceDir(const char* referencePath, const char* name)
|
||||
|
||||
/* Remove the trailing filename from referencePath and add the new one */
|
||||
c = strrchr(referencePath, PR_GetDirectorySeparator());
|
||||
+ if (!c) { /* referencePath doesn't contain a / means that dladdr gave us argv[0]
|
||||
+ * and program was called from $PATH. Hack to get libs from NIX_NSS_LIBDIR */
|
||||
+ referencePath = NIX_NSS_LIBDIR;
|
||||
+ c = (char*) &referencePath[sizeof(NIX_NSS_LIBDIR) - 1]; /* last / */
|
||||
+ }
|
||||
if (c) {
|
||||
size_t referencePathSize = 1 + c - referencePath;
|
||||
- fullName = (char*)PORT_Alloc(strlen(name) + referencePathSize + 1);
|
||||
+ fullName = (char*) PORT_Alloc(strlen(name) + referencePathSize + 5);
|
||||
if (fullName) {
|
||||
memcpy(fullName, referencePath, referencePathSize);
|
||||
strcpy(fullName + referencePathSize, name);
|
||||
@@ -82,6 +87,11 @@ loader_LoadLibInReferenceDir(const char* referencePath, const char* name)
|
||||
#endif
|
||||
libSpec.type = PR_LibSpec_Pathname;
|
||||
libSpec.value.pathname = fullName;
|
||||
+ if ((referencePathSize >= 4) &&
|
||||
+ (strncmp(fullName + referencePathSize - 4, "bin", 3) == 0)) {
|
||||
+ memcpy(fullName + referencePathSize -4, "lib", 3);
|
||||
+ }
|
||||
+ strcpy(fullName + referencePathSize, name);
|
||||
dlh = PR_LoadLibraryWithFlags(libSpec, PR_LD_NOW | PR_LD_LOCAL
|
||||
#ifdef PR_LD_ALT_SEARCH_PATH
|
||||
/* allow library's dependencies to be found in the same directory
|
||||
@@ -89,6 +99,10 @@ loader_LoadLibInReferenceDir(const char* referencePath, const char* name)
|
||||
| PR_LD_ALT_SEARCH_PATH
|
||||
#endif
|
||||
);
|
||||
+ if (! dlh) {
|
||||
+ strcpy(fullName + referencePathSize, name);
|
||||
+ dlh = PR_LoadLibraryWithFlags(libSpec, PR_LD_NOW | PR_LD_LOCAL);
|
||||
+ }
|
||||
PORT_Free(fullName);
|
||||
}
|
||||
}
|
|
@ -1,4 +1,4 @@
|
|||
import ./generic.nix {
|
||||
version = "3.79.4";
|
||||
hash = "sha256-Skcdv6Wzo7fsB4U8b8CijNBmn2mEEp4k9VQeLOFdcdU=";
|
||||
version = "3.90";
|
||||
hash = "sha256-ms1lNMQdjq0Z/Kb8s//+0vnwnEN8PXn+5qTuZoqqk7Y=";
|
||||
}
|
||||
|
|
|
@ -1,44 +0,0 @@
|
|||
https://bugzilla.mozilla.org/show_bug.cgi?id=1771273
|
||||
https://hg.mozilla.org/projects/nss/raw-rev/21e7aaa1f7d94bca15d997e5b4c2329b32fad21a
|
||||
|
||||
# HG changeset patch
|
||||
# User Sergei Trofimovich <slyich@gmail.com>
|
||||
# Date 1653552519 0
|
||||
# Node ID 21e7aaa1f7d94bca15d997e5b4c2329b32fad21a
|
||||
# Parent ad1046e9eee5f5dc17dac7c9343e2f7f0da44b4e
|
||||
Bug 1771273 - cpputil/databuffer.h: add missing <cstdint> include r=nss-reviewers,mt
|
||||
|
||||
Without the change build fails on this week's gcc-13 snapshot as:
|
||||
|
||||
../../cpputil/databuffer.h:20:20: error: 'uint8_t' does not name a type
|
||||
20 | DataBuffer(const uint8_t* d, size_t l) : data_(nullptr), len_(0) {
|
||||
| ^~~~~~~
|
||||
../../cpputil/databuffer.h:14:1: note: 'uint8_t' is defined in header '<cstdint>'; did you forget to '#include <cstdint>'?
|
||||
13 | #include <iostream>
|
||||
+++ |+#include <cstdint>
|
||||
14 |
|
||||
|
||||
Differential Revision: https://phabricator.services.mozilla.com/D147404
|
||||
|
||||
diff --git a/cpputil/databuffer.h b/cpputil/databuffer.h
|
||||
--- nss/cpputil/databuffer.h
|
||||
+++ nss/cpputil/databuffer.h
|
||||
@@ -6,16 +6,17 @@
|
||||
|
||||
#ifndef databuffer_h__
|
||||
#define databuffer_h__
|
||||
|
||||
#include <algorithm>
|
||||
#include <cstring>
|
||||
#include <iomanip>
|
||||
#include <iostream>
|
||||
+#include <cstdint>
|
||||
|
||||
namespace nss_test {
|
||||
|
||||
class DataBuffer {
|
||||
public:
|
||||
DataBuffer() : data_(nullptr), len_(0) {}
|
||||
DataBuffer(const uint8_t* d, size_t l) : data_(nullptr), len_(0) {
|
||||
Assign(d, l);
|
||||
|
|
@ -42,18 +42,9 @@ stdenv.mkDerivation rec {
|
|||
|
||||
patches = [
|
||||
# Based on http://patch-tracker.debian.org/patch/series/dl/nss/2:3.15.4-1/85_security_load.patch
|
||||
(if (lib.versionOlder version "3.84") then
|
||||
./85_security_load_3.77+.patch
|
||||
else
|
||||
./85_security_load_3.85+.patch
|
||||
)
|
||||
./85_security_load_3.85+.patch
|
||||
./fix-cross-compilation.patch
|
||||
] ++ lib.optionals (lib.versionOlder version "3.89") [
|
||||
# Backport gcc-13 build fix:
|
||||
# https://bugzilla.mozilla.org/show_bug.cgi?id=1771273
|
||||
# https://hg.mozilla.org/projects/nss/raw-rev/21e7aaa1f7d94bca15d997e5b4c2329b32fad21a
|
||||
./gcc-13-esr.patch
|
||||
] ++ lib.optionals (lib.versionAtLeast version "3.90" && lib.versionOlder version "3.91") [
|
||||
] ++ lib.optionals (lib.versionOlder version "3.91") [
|
||||
# https://bugzilla.mozilla.org/show_bug.cgi?id=1836925
|
||||
# https://phabricator.services.mozilla.com/D180068
|
||||
./remove-c25519-support.patch
|
||||
|
|
|
@ -48,7 +48,9 @@ stdenv.mkDerivation rec {
|
|||
done
|
||||
'';
|
||||
|
||||
cmakeFlags = lib.optional stdenv.hostPlatform.isStatic "-DCMAKE_SKIP_RPATH=ON";
|
||||
cmakeFlags = [
|
||||
"-DCMAKE_CTEST_ARGUMENTS=--timeout;3600"
|
||||
] ++ lib.optional stdenv.hostPlatform.isStatic "-DCMAKE_SKIP_RPATH=ON";
|
||||
|
||||
nativeBuildInputs = [ cmake ];
|
||||
propagatedBuildInputs = [ ilmbase zlib ];
|
||||
|
|
|
@ -66,6 +66,8 @@
|
|||
, mysofaSupport ? true
|
||||
, libmysofa
|
||||
, tinycompress
|
||||
, ffadoSupport ? stdenv.buildPlatform.canExecute stdenv.hostPlatform
|
||||
, ffado
|
||||
}:
|
||||
|
||||
let
|
||||
|
@ -73,7 +75,7 @@ let
|
|||
|
||||
self = stdenv.mkDerivation rec {
|
||||
pname = "pipewire";
|
||||
version = "0.3.71";
|
||||
version = "0.3.74";
|
||||
|
||||
outputs = [
|
||||
"out"
|
||||
|
@ -91,7 +93,7 @@ let
|
|||
owner = "pipewire";
|
||||
repo = "pipewire";
|
||||
rev = version;
|
||||
sha256 = "sha256-NPYWl+WeI/z70gNHX1BAKslGFX634D7XrV04vuJgGOo=";
|
||||
sha256 = "sha256-ZV66niKeR4PDaqUuVqiosY7LSDLmIjrDsmCZyQkR72Y=";
|
||||
};
|
||||
|
||||
patches = [
|
||||
|
@ -149,7 +151,8 @@ let
|
|||
++ lib.optional raopSupport openssl
|
||||
++ lib.optional rocSupport roc-toolkit
|
||||
++ lib.optionals x11Support [ libcanberra xorg.libX11 xorg.libXfixes ]
|
||||
++ lib.optional mysofaSupport libmysofa;
|
||||
++ lib.optional mysofaSupport libmysofa
|
||||
++ lib.optional ffadoSupport ffado;
|
||||
|
||||
# Valgrind binary is required for running one optional test.
|
||||
nativeCheckInputs = lib.optional withValgrind valgrind;
|
||||
|
@ -163,6 +166,7 @@ let
|
|||
"-Dlibjack-path=${placeholder "jack"}/lib"
|
||||
"-Dlibv4l2-path=${placeholder "out"}/lib"
|
||||
"-Dlibcamera=${mesonEnableFeature libcameraSupport}"
|
||||
"-Dlibffado=${mesonEnableFeature ffadoSupport}"
|
||||
"-Droc=${mesonEnableFeature rocSupport}"
|
||||
"-Dlibpulse=${mesonEnableFeature pulseTunnelSupport}"
|
||||
"-Davahi=${mesonEnableFeature zeroconfSupport}"
|
||||
|
@ -221,6 +225,7 @@ let
|
|||
|
||||
meta = with lib; {
|
||||
description = "Server and user space API to deal with multimedia pipelines";
|
||||
changelog = "https://gitlab.freedesktop.org/pipewire/pipewire/-/releases/${version}";
|
||||
homepage = "https://pipewire.org/";
|
||||
license = licenses.mit;
|
||||
platforms = platforms.linux;
|
||||
|
|
|
@ -8,13 +8,13 @@
|
|||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "s2n-tls";
|
||||
version = "1.3.45";
|
||||
version = "1.3.46";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "aws";
|
||||
repo = pname;
|
||||
rev = "v${version}";
|
||||
sha256 = "sha256-ZipZXCwat3H0NoUX9T6XB7/qMRvViB2QrYpgj0U41nU=";
|
||||
sha256 = "sha256-X+ZwM53ensCeUoxNa8cBO4KcWxWbb7iKxIRysImvKxw=";
|
||||
};
|
||||
|
||||
nativeBuildInputs = [ cmake ];
|
||||
|
|
|
@ -3,13 +3,13 @@
|
|||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "srt";
|
||||
version = "1.5.1";
|
||||
version = "1.5.2";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "Haivision";
|
||||
repo = "srt";
|
||||
rev = "v${version}";
|
||||
sha256 = "sha256-qVvoHtROtJjrUd+YpjN/0I6KmiH7c24+pQ4xYTUGPXk=";
|
||||
sha256 = "sha256-HW5l26k9w4F6IJrtiahU/8/CPY6M/cKn8AgESsntC6A=";
|
||||
};
|
||||
|
||||
nativeBuildInputs = [ cmake ];
|
||||
|
|
|
@ -1,8 +1,8 @@
|
|||
{ stdenv, lib, fetchFromGitHub
|
||||
{ stdenv, lib, fetchFromGitHub, fetchurl
|
||||
, autoreconfHook, autoconf-archive, pkg-config, doxygen, perl
|
||||
, openssl, json_c, curl, libgcrypt
|
||||
, cmocka, uthash, ibm-sw-tpm2, iproute2, procps, which
|
||||
, shadow
|
||||
, shadow, libuuid
|
||||
}:
|
||||
let
|
||||
# Avoid a circular dependency on Linux systems (systemd depends on tpm2-tss,
|
||||
|
@ -15,13 +15,13 @@ in
|
|||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "tpm2-tss";
|
||||
version = "3.2.0";
|
||||
version = "4.0.1";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "tpm2-software";
|
||||
repo = pname;
|
||||
rev = version;
|
||||
sha256 = "1jijxnvjcsgz5yw4i9fj7ycdnnz90r3l0zicpwinswrw47ac3yy5";
|
||||
sha256 = "sha256-75yiKVZrR1vcCwKp4tDO4A9JB0KDM0MXPJ1N85kAaRk=";
|
||||
};
|
||||
|
||||
outputs = [ "out" "man" "dev" ];
|
||||
|
@ -33,7 +33,7 @@ stdenv.mkDerivation rec {
|
|||
|
||||
# cmocka is checked / used(?) in the configure script
|
||||
# when unit and/or integration testing is enabled
|
||||
buildInputs = [ openssl json_c curl libgcrypt uthash ]
|
||||
buildInputs = [ openssl json_c curl libgcrypt uthash libuuid ]
|
||||
# cmocka doesn't build with pkgsStatic, and we don't need it anyway
|
||||
# when tests are not run
|
||||
++ lib.optionals (stdenv.buildPlatform == stdenv.hostPlatform) [
|
||||
|
@ -53,6 +53,11 @@ stdenv.mkDerivation rec {
|
|||
# Do not rely on dynamic loader path
|
||||
# TCTI loader relies on dlopen(), this patch prefixes all calls with the output directory
|
||||
./no-dynamic-loader-path.patch
|
||||
(fetchurl {
|
||||
name = "skip-test-fapi-fix-provisioning-with template-if-no-certificate-available.patch";
|
||||
url = "https://github.com/tpm2-software/tpm2-tss/commit/218c0da8d9f675766b1de502a52e23a3aa52648e.patch";
|
||||
sha256 = "sha256-dnl9ZAknCdmvix2TdQvF0fHoYeWp+jfCTg8Uc7h0voA=";
|
||||
})
|
||||
];
|
||||
|
||||
postPatch = ''
|
||||
|
@ -61,8 +66,8 @@ stdenv.mkDerivation rec {
|
|||
--replace '@PREFIX@' $out/lib/
|
||||
substituteInPlace ./test/unit/tctildr-dl.c \
|
||||
--replace '@PREFIX@' $out/lib
|
||||
substituteInPlace ./configure.ac \
|
||||
--replace 'm4_esyscmd_s([git describe --tags --always --dirty])' '${version}'
|
||||
substituteInPlace ./bootstrap \
|
||||
--replace 'git describe --tags --always --dirty' 'echo "${version}"'
|
||||
'';
|
||||
|
||||
configureFlags = lib.optionals (stdenv.buildPlatform == stdenv.hostPlatform) [
|
||||
|
|
|
@ -1,8 +1,17 @@
|
|||
diff --git a/src/tss2-tcti/tctildr-dl.c b/src/tss2-tcti/tctildr-dl.c
|
||||
index b364695c..d026de71 100644
|
||||
index 622637dc..88fc3d8f 100644
|
||||
--- a/src/tss2-tcti/tctildr-dl.c
|
||||
+++ b/src/tss2-tcti/tctildr-dl.c
|
||||
@@ -116,6 +116,50 @@ handle_from_name(const char *file,
|
||||
@@ -92,7 +92,7 @@ handle_from_name(const char *file,
|
||||
LOG_DEBUG("Could not load TCTI file: \"%s\": %s", file, dlerror());
|
||||
}
|
||||
|
||||
- len = snprintf(NULL, 0, TCTI_NAME_TEMPLATE_0, file);
|
||||
+ len = snprintf(NULL, 0, "@PREFIX@" TCTI_NAME_TEMPLATE_0, file);
|
||||
if (len >= PATH_MAX) {
|
||||
LOG_ERROR("TCTI name truncated in transform.");
|
||||
return TSS2_TCTI_RC_BAD_VALUE;
|
||||
@@ -129,6 +129,50 @@ handle_from_name(const char *file,
|
||||
return TSS2_TCTI_RC_BAD_VALUE;
|
||||
}
|
||||
*handle = dlopen(file_xfrm, RTLD_NOW);
|
||||
|
@ -12,10 +21,10 @@ index b364695c..d026de71 100644
|
|||
+ LOG_DEBUG("Failed to load TCTI for name \"%s\": %s", file, dlerror());
|
||||
+ }
|
||||
+ size = snprintf(file_xfrm,
|
||||
+ sizeof (file_xfrm),
|
||||
+ len + 1,
|
||||
+ "@PREFIX@%s",
|
||||
+ file);
|
||||
+ if (size >= sizeof (file_xfrm)) {
|
||||
+ if (size >= len + 1) {
|
||||
+ LOG_ERROR("TCTI name truncated in transform.");
|
||||
+ return TSS2_TCTI_RC_BAD_VALUE;
|
||||
+ }
|
||||
|
@ -27,10 +36,10 @@ index b364695c..d026de71 100644
|
|||
+ }
|
||||
+ /* 'name' alone didn't work, try libtss2-tcti-<name>.so.0 */
|
||||
+ size = snprintf(file_xfrm,
|
||||
+ sizeof (file_xfrm),
|
||||
+ len + 1,
|
||||
+ "@PREFIX@" TCTI_NAME_TEMPLATE_0,
|
||||
+ file);
|
||||
+ if (size >= sizeof (file_xfrm)) {
|
||||
+ if (size >= len + 1) {
|
||||
+ LOG_ERROR("TCTI name truncated in transform.");
|
||||
+ return TSS2_TCTI_RC_BAD_VALUE;
|
||||
+ }
|
||||
|
@ -42,22 +51,22 @@ index b364695c..d026de71 100644
|
|||
+ }
|
||||
+ /* libtss2-tcti-<name>.so.0 didn't work, try libtss2-tcti-<name>.so */
|
||||
+ size = snprintf(file_xfrm,
|
||||
+ sizeof (file_xfrm),
|
||||
+ len + 1,
|
||||
+ "@PREFIX@" TCTI_NAME_TEMPLATE,
|
||||
+ file);
|
||||
+ if (size >= sizeof (file_xfrm)) {
|
||||
+ if (size >= len + 1) {
|
||||
+ LOG_ERROR("TCTI name truncated in transform.");
|
||||
+ return TSS2_TCTI_RC_BAD_VALUE;
|
||||
+ }
|
||||
+ *handle = dlopen(file_xfrm, RTLD_NOW);
|
||||
if (*handle == NULL) {
|
||||
LOG_DEBUG("Failed to load TCTI for name \"%s\": %s", file, dlerror());
|
||||
return TSS2_TCTI_RC_NOT_SUPPORTED;
|
||||
SAFE_FREE(file_xfrm);
|
||||
diff --git a/test/unit/tctildr-dl.c b/test/unit/tctildr-dl.c
|
||||
index 873a4531..c17b939e 100644
|
||||
index 4279baee..6685c811 100644
|
||||
--- a/test/unit/tctildr-dl.c
|
||||
+++ b/test/unit/tctildr-dl.c
|
||||
@@ -223,6 +223,18 @@ test_get_info_default_success (void **state)
|
||||
@@ -229,6 +229,18 @@ test_get_info_default_success (void **state)
|
||||
expect_value(__wrap_dlopen, flags, RTLD_NOW);
|
||||
will_return(__wrap_dlopen, NULL);
|
||||
|
||||
|
@ -76,7 +85,7 @@ index 873a4531..c17b939e 100644
|
|||
expect_string(__wrap_dlopen, filename, "libtss2-tcti-tabrmd.so.0");
|
||||
expect_value(__wrap_dlopen, flags, RTLD_NOW);
|
||||
will_return(__wrap_dlopen, HANDLE);
|
||||
@@ -255,6 +267,18 @@ test_get_info_default_info_fail (void **state)
|
||||
@@ -261,6 +273,18 @@ test_get_info_default_info_fail (void **state)
|
||||
expect_value(__wrap_dlopen, flags, RTLD_NOW);
|
||||
will_return(__wrap_dlopen, NULL);
|
||||
|
||||
|
@ -95,7 +104,7 @@ index 873a4531..c17b939e 100644
|
|||
expect_string(__wrap_dlopen, filename, "libtss2-tcti-tabrmd.so.0");
|
||||
expect_value(__wrap_dlopen, flags, RTLD_NOW);
|
||||
will_return(__wrap_dlopen, HANDLE);
|
||||
@@ -407,6 +431,15 @@ test_tcti_fail_all (void **state)
|
||||
@@ -413,6 +437,15 @@ test_tcti_fail_all (void **state)
|
||||
expect_string(__wrap_dlopen, filename, "libtss2-tcti-libtss2-tcti-default.so.so");
|
||||
expect_value(__wrap_dlopen, flags, RTLD_NOW);
|
||||
will_return(__wrap_dlopen, NULL);
|
||||
|
@ -111,7 +120,7 @@ index 873a4531..c17b939e 100644
|
|||
|
||||
/* Skip over libtss2-tcti-tabrmd.so */
|
||||
expect_string(__wrap_dlopen, filename, "libtss2-tcti-tabrmd.so.0");
|
||||
@@ -418,6 +451,15 @@ test_tcti_fail_all (void **state)
|
||||
@@ -424,6 +457,15 @@ test_tcti_fail_all (void **state)
|
||||
expect_string(__wrap_dlopen, filename, "libtss2-tcti-libtss2-tcti-tabrmd.so.0.so");
|
||||
expect_value(__wrap_dlopen, flags, RTLD_NOW);
|
||||
will_return(__wrap_dlopen, NULL);
|
||||
|
@ -127,7 +136,7 @@ index 873a4531..c17b939e 100644
|
|||
|
||||
/* Skip over libtss2-tcti-device.so, /dev/tpmrm0 */
|
||||
expect_string(__wrap_dlopen, filename, "libtss2-tcti-device.so.0");
|
||||
@@ -429,6 +471,15 @@ test_tcti_fail_all (void **state)
|
||||
@@ -435,6 +477,15 @@ test_tcti_fail_all (void **state)
|
||||
expect_string(__wrap_dlopen, filename, "libtss2-tcti-libtss2-tcti-device.so.0.so");
|
||||
expect_value(__wrap_dlopen, flags, RTLD_NOW);
|
||||
will_return(__wrap_dlopen, NULL);
|
||||
|
@ -143,7 +152,7 @@ index 873a4531..c17b939e 100644
|
|||
|
||||
/* Skip over libtss2-tcti-device.so, /dev/tpm0 */
|
||||
expect_string(__wrap_dlopen, filename, "libtss2-tcti-device.so.0");
|
||||
@@ -440,6 +491,15 @@ test_tcti_fail_all (void **state)
|
||||
@@ -446,6 +497,15 @@ test_tcti_fail_all (void **state)
|
||||
expect_string(__wrap_dlopen, filename, "libtss2-tcti-libtss2-tcti-device.so.0.so");
|
||||
expect_value(__wrap_dlopen, flags, RTLD_NOW);
|
||||
will_return(__wrap_dlopen, NULL);
|
||||
|
@ -159,7 +168,7 @@ index 873a4531..c17b939e 100644
|
|||
|
||||
/* Skip over libtss2-tcti-swtpm.so */
|
||||
expect_string(__wrap_dlopen, filename, "libtss2-tcti-swtpm.so.0");
|
||||
@@ -451,6 +511,15 @@ test_tcti_fail_all (void **state)
|
||||
@@ -457,6 +517,15 @@ test_tcti_fail_all (void **state)
|
||||
expect_string(__wrap_dlopen, filename, "libtss2-tcti-libtss2-tcti-swtpm.so.0.so");
|
||||
expect_value(__wrap_dlopen, flags, RTLD_NOW);
|
||||
will_return(__wrap_dlopen, NULL);
|
||||
|
@ -175,7 +184,7 @@ index 873a4531..c17b939e 100644
|
|||
|
||||
/* Skip over libtss2-tcti-mssim.so */
|
||||
expect_string(__wrap_dlopen, filename, "libtss2-tcti-mssim.so.0");
|
||||
@@ -462,6 +531,15 @@ test_tcti_fail_all (void **state)
|
||||
@@ -468,6 +537,15 @@ test_tcti_fail_all (void **state)
|
||||
expect_string(__wrap_dlopen, filename, "libtss2-tcti-libtss2-tcti-mssim.so.0.so");
|
||||
expect_value(__wrap_dlopen, flags, RTLD_NOW);
|
||||
will_return(__wrap_dlopen, NULL);
|
||||
|
@ -191,7 +200,7 @@ index 873a4531..c17b939e 100644
|
|||
|
||||
TSS2_RC r;
|
||||
TSS2_TCTI_CONTEXT *tcti;
|
||||
@@ -490,6 +568,15 @@ test_info_from_name_handle_fail (void **state)
|
||||
@@ -496,6 +574,15 @@ test_info_from_name_handle_fail (void **state)
|
||||
expect_string(__wrap_dlopen, filename, "libtss2-tcti-foo.so");
|
||||
expect_value(__wrap_dlopen, flags, RTLD_NOW);
|
||||
will_return(__wrap_dlopen, NULL);
|
||||
|
@ -207,7 +216,7 @@ index 873a4531..c17b939e 100644
|
|||
|
||||
TSS2_RC rc = info_from_name ("foo", &info, &data);
|
||||
assert_int_equal (rc, TSS2_TCTI_RC_NOT_SUPPORTED);
|
||||
@@ -606,6 +693,15 @@ test_tctildr_get_info_from_name (void **state)
|
||||
@@ -612,6 +699,15 @@ test_tctildr_get_info_from_name (void **state)
|
||||
expect_string(__wrap_dlopen, filename, "libtss2-tcti-foo.so");
|
||||
expect_value(__wrap_dlopen, flags, RTLD_NOW);
|
||||
will_return(__wrap_dlopen, NULL);
|
||||
|
|
|
@ -2,13 +2,13 @@
|
|||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "zimg";
|
||||
version = "3.0.4";
|
||||
version = "3.0.5";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "sekrit-twc";
|
||||
repo = "zimg";
|
||||
rev = "release-${version}";
|
||||
sha256 = "1069x49l7kh1mqcq1h3f0m5j0h832jp5x230bh4c613ymgg5kn00";
|
||||
sha256 = "sha256-DCSqHCnOyIvKtIAfprb8tgtzLn67Ix6BWyeIliu0HO4=";
|
||||
};
|
||||
|
||||
outputs = [ "out" "dev" "doc" ];
|
||||
|
|
|
@ -9,7 +9,7 @@
|
|||
}:
|
||||
|
||||
buildPythonPackage rec {
|
||||
version = "3.6.0";
|
||||
version = "3.7.2";
|
||||
pname = "asgiref";
|
||||
format = "setuptools";
|
||||
|
||||
|
@ -19,7 +19,7 @@ buildPythonPackage rec {
|
|||
owner = "django";
|
||||
repo = "asgiref";
|
||||
rev = "refs/tags/${version}";
|
||||
hash = "sha256-Kl4483rfuFKbnD7pBSTND1QAtBsZP6jKsrDlpVCZLDs=";
|
||||
hash = "sha256-VW1PBh6+nLMD7qxmL83ymuxCPYKVY3qGKsB7ZiMqMu8=";
|
||||
};
|
||||
|
||||
propagatedBuildInputs = [
|
||||
|
|
|
@ -52,14 +52,14 @@ buildPythonPackage rec {
|
|||
|
||||
cargoRoot = "src/rust";
|
||||
|
||||
nativeBuildInputs = lib.optionals (!isPyPy) [
|
||||
cffi
|
||||
pkg-config
|
||||
] ++ [
|
||||
nativeBuildInputs = [
|
||||
rustPlatform.cargoSetupHook
|
||||
setuptools-rust
|
||||
cargo
|
||||
rustc
|
||||
pkg-config
|
||||
] ++ lib.optionals (!isPyPy) [
|
||||
cffi
|
||||
];
|
||||
|
||||
buildInputs = [ openssl ]
|
||||
|
|
|
@ -15,14 +15,14 @@
|
|||
|
||||
buildPythonPackage rec {
|
||||
pname = "django";
|
||||
version = "3.2.19";
|
||||
version = "3.2.20";
|
||||
|
||||
disabled = pythonOlder "3.7";
|
||||
|
||||
src = fetchPypi {
|
||||
pname = "Django";
|
||||
inherit version;
|
||||
hash = "sha256-AxNluuloFNoZwQcGIYxE3/O2VMxN4gqYvS0pub3kafA=";
|
||||
hash = "sha256-3sKhFnh7jhSWIBS/eOEgu6RUE1EI4a+em5Gt57KWTEA=";
|
||||
};
|
||||
|
||||
patches = [
|
||||
|
|
|
@ -27,13 +27,14 @@ buildPythonPackage rec {
|
|||
})
|
||||
];
|
||||
|
||||
# remove vbox tests
|
||||
postPatch = ''
|
||||
rm -v testing/test_termination.py
|
||||
rm -v testing/test_channel.py
|
||||
rm -v testing/test_xspec.py
|
||||
rm -v testing/test_gateway.py
|
||||
${lib.optionalString isPyPy "rm -v testing/test_multi.py"}
|
||||
# remove vbox tests
|
||||
rm testing/test_termination.py
|
||||
rm testing/test_channel.py
|
||||
rm testing/test_xspec.py
|
||||
rm testing/test_gateway.py
|
||||
'' + lib.optionalString isPyPy ''
|
||||
rm testing/test_multi.py
|
||||
'';
|
||||
|
||||
nativeBuildInputs = [
|
||||
|
@ -44,8 +45,11 @@ buildPythonPackage rec {
|
|||
apipkg
|
||||
];
|
||||
|
||||
# sometimes crashes with: OSError: [Errno 9] Bad file descriptor
|
||||
doCheck = !isPyPy;
|
||||
|
||||
nativeCheckInputs = [
|
||||
py
|
||||
py # no longer required with 1.10.0
|
||||
pytestCheckHook
|
||||
];
|
||||
|
||||
|
@ -62,5 +66,4 @@ buildPythonPackage rec {
|
|||
license = licenses.mit;
|
||||
maintainers = with maintainers; [ ];
|
||||
};
|
||||
|
||||
}
|
||||
|
|
|
@ -10,6 +10,7 @@
|
|||
# build-system
|
||||
, pkg-config
|
||||
, pybind11
|
||||
, setuptools
|
||||
, setuptools-scm
|
||||
|
||||
# native libraries
|
||||
|
@ -117,6 +118,7 @@ buildPythonPackage rec {
|
|||
nativeBuildInputs = [
|
||||
pkg-config
|
||||
pybind11
|
||||
setuptools
|
||||
setuptools-scm
|
||||
numpy
|
||||
];
|
||||
|
|
|
@ -41,7 +41,7 @@
|
|||
|
||||
buildPythonPackage rec {
|
||||
pname = "SQLAlchemy";
|
||||
version = "2.0.15";
|
||||
version = "2.0.17";
|
||||
format = "pyproject";
|
||||
|
||||
disabled = pythonOlder "3.7";
|
||||
|
@ -50,7 +50,7 @@ buildPythonPackage rec {
|
|||
owner = "sqlalchemy";
|
||||
repo = "sqlalchemy";
|
||||
rev = "refs/tags/rel_${lib.replaceStrings [ "." ] [ "_" ] version}";
|
||||
hash = "sha256-05GhFearTA9At8MgmEfeXfbS3MAZ0Rmx8jER18q7fmI=";
|
||||
hash = "sha256-thwPqyxhojyHZpo7LK6nl69Z1B1Z6+WR1dAdlVrgiaY=";
|
||||
};
|
||||
|
||||
nativeBuildInputs =[
|
||||
|
@ -113,6 +113,9 @@ buildPythonPackage rec {
|
|||
postgresql_psycopg = [
|
||||
psycopg
|
||||
];
|
||||
postgresql_psycopgbinary = [
|
||||
psycopg
|
||||
];
|
||||
pymysql = [
|
||||
pymysql
|
||||
];
|
||||
|
|
|
@ -208,6 +208,9 @@ in buildPythonPackage rec {
|
|||
# Use pytorch's custom configurations
|
||||
dontUseCmakeConfigure = true;
|
||||
|
||||
# causes possible redefinition of _FORTIFY_SOURCE
|
||||
hardeningDisable = [ "fortify3" ];
|
||||
|
||||
BUILD_NAMEDTENSOR = setBool true;
|
||||
BUILD_DOCS = setBool buildDocs;
|
||||
|
||||
|
|
|
@ -1,14 +1,19 @@
|
|||
{ lib, pkg-config, fetchPypi, buildPythonPackage
|
||||
{ lib
|
||||
, pkg-config
|
||||
, fetchPypi
|
||||
, buildPythonPackage
|
||||
, buildPackages
|
||||
, zstd, pytest }:
|
||||
, zstd
|
||||
, pytest
|
||||
}:
|
||||
|
||||
buildPythonPackage rec {
|
||||
pname = "zstd";
|
||||
version = "1.5.4.0";
|
||||
version = "1.5.5.1";
|
||||
|
||||
src = fetchPypi {
|
||||
inherit pname version;
|
||||
hash = "sha256-oNEd9wqXhSk0G1duaaTwsqI+dGaG4k+bkCYKM85JBC0=";
|
||||
hash = "sha256-HvmAq/Dh4HKwKNLXbvlbR2YyZRyWIlzzC2Gcbu9iVnI=";
|
||||
};
|
||||
|
||||
postPatch = ''
|
||||
|
|
|
@ -4,8 +4,8 @@ buildRubyGem rec {
|
|||
inherit ruby;
|
||||
name = "${gemName}-${version}";
|
||||
gemName = "bundler";
|
||||
version = "2.4.14";
|
||||
source.sha256 = "sha256-lIJKzVEK30D43O5q0YwJ+FcSyJxGij2uWlxH+mlIfHI=";
|
||||
version = "2.4.16";
|
||||
source.sha256 = "sha256-FjRuBn1YnZUgCoDzPFEbMLii6JASiFJbLTKS4hdenWk=";
|
||||
dontPatchShebangs = true;
|
||||
|
||||
postFixup = ''
|
||||
|
|
|
@ -22,6 +22,14 @@ in stdenv.mkDerivation rec {
|
|||
doCheck = true;
|
||||
buildFlags = [ "GCC_BASE:=${GCC_BASE}" ];
|
||||
|
||||
# Test failures with "fortify3" on, such as:
|
||||
# +*** buffer overflow detected ***: terminated
|
||||
# +Aborted (core dumped)
|
||||
# error: Actual exit value does not match the expected one.
|
||||
# error: expected 0, got 134.
|
||||
# error: FAIL: test 'bool-float.c' failed
|
||||
hardeningDisable = [ "fortify3" ];
|
||||
|
||||
passthru.tests = {
|
||||
simple-execution = callPackage ./tests.nix { };
|
||||
};
|
||||
|
|
|
@ -1,6 +1,7 @@
|
|||
{ lib, stdenv
|
||||
, fetchurl
|
||||
, pkgs
|
||||
, buildPackages
|
||||
, fixDarwinDylibNames
|
||||
}:
|
||||
stdenv.mkDerivation rec {
|
||||
|
@ -25,6 +26,10 @@ stdenv.mkDerivation rec {
|
|||
|
||||
propagatedBuildInputs = lib.optionals stdenv.targetPlatform.isDarwin [
|
||||
fixDarwinDylibNames
|
||||
|
||||
# Build2 needs to use lld on Darwin because it creates thin archives when it detects `llvm-ar`,
|
||||
# which ld64 does not support.
|
||||
(lib.getBin buildPackages.llvmPackages_16.lld)
|
||||
];
|
||||
|
||||
doCheck = true;
|
||||
|
@ -40,5 +45,10 @@ stdenv.mkDerivation rec {
|
|||
runHook postInstall
|
||||
'';
|
||||
|
||||
postFixup = ''
|
||||
substituteInPlace $out/nix-support/setup-hook \
|
||||
--subst-var-by isTargetDarwin '${toString stdenv.targetPlatform.isDarwin}'
|
||||
'';
|
||||
|
||||
inherit (pkgs.build2) passthru;
|
||||
}
|
||||
|
|
|
@ -4,6 +4,7 @@
|
|||
, fixDarwinDylibNames
|
||||
, libbutl
|
||||
, libpkgconf
|
||||
, buildPackages
|
||||
, enableShared ? !stdenv.hostPlatform.isStatic
|
||||
, enableStatic ? !enableShared
|
||||
}:
|
||||
|
@ -57,6 +58,10 @@ stdenv.mkDerivation rec {
|
|||
# LC_LOAD_DYLIB entries containing @rpath, requiring manual fixup
|
||||
propagatedBuildInputs = lib.optionals stdenv.targetPlatform.isDarwin [
|
||||
fixDarwinDylibNames
|
||||
|
||||
# Build2 needs to use lld on Darwin because it creates thin archives when it detects `llvm-ar`,
|
||||
# which ld64 does not support.
|
||||
(lib.getBin buildPackages.llvmPackages_16.lld)
|
||||
];
|
||||
|
||||
postPatch = ''
|
||||
|
@ -73,6 +78,11 @@ stdenv.mkDerivation rec {
|
|||
install_name_tool -add_rpath "''${!outputLib}/lib" "''${!outputBin}/bin/b"
|
||||
'';
|
||||
|
||||
postFixup = ''
|
||||
substituteInPlace $dev/nix-support/setup-hook \
|
||||
--subst-var-by isTargetDarwin '${toString stdenv.targetPlatform.isDarwin}'
|
||||
'';
|
||||
|
||||
passthru = {
|
||||
bootstrap = build2;
|
||||
inherit configSharedStatic;
|
||||
|
|
|
@ -19,6 +19,12 @@ build2ConfigurePhase() {
|
|||
$build2ConfigureFlags "${build2ConfigureFlagsArray[@]}"
|
||||
)
|
||||
|
||||
if [ -n "@isTargetDarwin@" ]; then
|
||||
flagsArray+=("config.bin.ld=ld64-lld")
|
||||
flagsArray+=("config.cc.loptions+=-fuse-ld=lld")
|
||||
flagsArray+=("config.cc.loptions+=-headerpad_max_install_names")
|
||||
fi
|
||||
|
||||
echo 'configure flags' "${flagsArray[@]}"
|
||||
|
||||
b configure "${flagsArray[@]}"
|
||||
|
|
|
@ -2,6 +2,7 @@
|
|||
, stdenv
|
||||
, fetchurl
|
||||
, autoreconfHook
|
||||
, bison
|
||||
, onigurumaSupport ? true
|
||||
, oniguruma
|
||||
}:
|
||||
|
@ -38,7 +39,16 @@ stdenv.mkDerivation rec {
|
|||
'';
|
||||
|
||||
buildInputs = lib.optionals onigurumaSupport [ oniguruma ];
|
||||
nativeBuildInputs = [ autoreconfHook ];
|
||||
nativeBuildInputs = [ autoreconfHook bison ];
|
||||
|
||||
# Darwin requires _REENTRANT be defined to use functions like `lgamma_r`.
|
||||
# Otherwise, configure will detect that they’re in libm, but the build will fail
|
||||
# with clang 16+ due to calls to undeclared functions.
|
||||
# This is fixed upstream and can be removed once jq is updated (to 1.7 or an unstable release).
|
||||
env.NIX_CFLAGS_COMPILE = lib.optionalString stdenv.isDarwin (toString [
|
||||
"-D_REENTRANT=1"
|
||||
"-D_DARWIN_C_SOURCE=1"
|
||||
]);
|
||||
|
||||
configureFlags = [
|
||||
"--bindir=\${bin}/bin"
|
||||
|
|
|
@ -7,15 +7,15 @@ let
|
|||
rustfmt-nightly = rustfmt.override { asNightly = true; };
|
||||
in rustPlatform.buildRustPackage rec {
|
||||
pname = "rust-bindgen-unwrapped";
|
||||
version = "0.66.0";
|
||||
version = "0.66.1";
|
||||
|
||||
src = fetchCrate {
|
||||
pname = "bindgen-cli";
|
||||
inherit version;
|
||||
sha256 = "sha256-Or5gaYXqfRcxAzBf4nOjmM9CQMvfwb8KbpD8hDJJQ4o=";
|
||||
sha256 = "sha256-xVTVC3dNGIJeFm/v3swekzuJ2RQOe+wSh05vuWYTDRs=";
|
||||
};
|
||||
|
||||
cargoHash = "sha256-rsowGeBSuqHyz90qozeCi5dXsH4EHKhIUQbDaNJKabI=";
|
||||
cargoHash = "sha256-eIvl0RSKErNPip0r6iz7JVHm5YvuY3ke/6aMgkryRcI=";
|
||||
|
||||
buildInputs = [ clang.cc.lib ];
|
||||
|
||||
|
|
|
@ -50,6 +50,9 @@ stdenv.mkDerivation rec {
|
|||
protobuf
|
||||
];
|
||||
|
||||
# inlining failed in call to 'tinydir_open': --param max-inline-insns-single limit reached
|
||||
hardeningDisable = [ "fortify3" ];
|
||||
|
||||
meta = with lib; {
|
||||
homepage = "https://cxong.github.io/cdogs-sdl";
|
||||
description = "Open source classic overhead run-and-gun game";
|
||||
|
|
|
@ -59,6 +59,9 @@ stdenv.mkDerivation rec {
|
|||
"-DUSE_SYSTEM_ZLIB=ON"
|
||||
];
|
||||
|
||||
# it caused build failure
|
||||
hardeningDisable = [ "fortify3" ];
|
||||
|
||||
installPhase = ''
|
||||
runHook preInstall
|
||||
|
||||
|
|
|
@ -16,6 +16,9 @@ stdenv.mkDerivation rec {
|
|||
|
||||
makeFlags = [ "prefix=${placeholder "out"}"];
|
||||
|
||||
# causes redefinition of _FORTIFY_SOURCE
|
||||
hardeningDisable = [ "fortify3" ];
|
||||
|
||||
meta = with lib; {
|
||||
description = "The advanced PC speaker beeper";
|
||||
homepage = "https://github.com/spkr-beep/beep";
|
||||
|
|
|
@ -23,11 +23,11 @@
|
|||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "cups";
|
||||
version = "2.4.5";
|
||||
version = "2.4.6";
|
||||
|
||||
src = fetchurl {
|
||||
url = "https://github.com/OpenPrinting/cups/releases/download/v${version}/cups-${version}-source.tar.gz";
|
||||
sha256 = "sha256-mkBN5V90UlsKaFHfDP3r+hIVrsDnwve+a5sJtpFvsAA=";
|
||||
sha256 = "sha256-WOlwzxlV4cyH0IR8MlJtnCzO4zXl8OOIKygxOLoOcmI=";
|
||||
};
|
||||
|
||||
outputs = [ "out" "lib" "dev" "man" ];
|
||||
|
|
|
@ -61,11 +61,11 @@ let
|
|||
in
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "ghostscript${lib.optionalString x11Support "-with-X"}";
|
||||
version = "10.01.1";
|
||||
version = "10.01.2";
|
||||
|
||||
src = fetchurl {
|
||||
url = "https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs${lib.replaceStrings ["."] [""] version}/ghostscript-${version}.tar.xz";
|
||||
hash = "sha512-2US+norvaNEXbWTEDbb6htVdDJ4wBH8hR8AoBqthz+msLLANTlshj/PFHMbtR87/4brE3Z1MwXYLeXTzDGwnNQ==";
|
||||
hash = "sha512-7iDw4S9VOj0EV45xoNRd7+vHERfOTcLBQEOYW/5zSK1/iy/pj8m09bk17LMuUNw0C+Z9bvWBkFQuxtD52h3jgA==";
|
||||
};
|
||||
|
||||
patches = [
|
||||
|
@ -141,6 +141,7 @@ stdenv.mkDerivation rec {
|
|||
dylib_version = lib.versions.majorMinor version;
|
||||
preFixup = lib.optionalString stdenv.isDarwin ''
|
||||
install_name_tool -change libgs.dylib.$dylib_version $out/lib/libgs.dylib.$dylib_version $out/bin/gs
|
||||
install_name_tool -change libgs.dylib.$dylib_version $out/lib/libgs.dylib.$dylib_version $out/bin/gsx
|
||||
'';
|
||||
|
||||
# validate dynamic linkage
|
||||
|
@ -149,6 +150,7 @@ stdenv.mkDerivation rec {
|
|||
runHook preInstallCheck
|
||||
|
||||
$out/bin/gs --version
|
||||
$out/bin/gsx --version
|
||||
pushd examples
|
||||
for f in *.{ps,eps,pdf}; do
|
||||
echo "Rendering $f"
|
||||
|
|
|
@ -13,6 +13,7 @@ appleDerivation' stdenv {
|
|||
NIX_CFLAGS_COMPILE = toString [
|
||||
"-ISystemConfiguration.framework/Headers"
|
||||
"-I${xnu}/Library/Frameworks/System.framework/Versions/B/PrivateHeaders"
|
||||
"-D_DNS_SD_LIBDISPATCH" # Needed for DNSServiceSetDispatchQueue to be available
|
||||
];
|
||||
};
|
||||
|
||||
|
|
|
@ -1,7 +1,3 @@
|
|||
MacOS SDKs before 10.13 don't support open_memstream. This is already replaced
|
||||
by a runtime check in cctools-port, but because we build with SDK 10.12 by
|
||||
default, linking still fails for us. Disable it entirely here.
|
||||
|
||||
--- a/cctools/include/stuff/diagnostics.h
|
||||
+++ b/cctools/include/stuff/diagnostics.h
|
||||
@@ -60,13 +60,6 @@ void diagnostics_log_msg(enum diagnostic_level level, const char* message);
|
||||
|
@ -16,6 +12,6 @@ default, linking still fails for us. Disable it entirely here.
|
|||
-#ifndef HAVE_OPENMEMSTREAM_RUNTIME
|
||||
-# define HAVE_OPENMEMSTREAM_RUNTIME 1
|
||||
-#endif
|
||||
+#define HAVE_OPENMEMSTREAM_RUNTIME 0
|
||||
+#define HAVE_OPENMEMSTREAM_RUNTIME 1
|
||||
|
||||
#endif /* diagnostics_h */
|
|
@ -1,9 +1,11 @@
|
|||
# Create a cctools-compatible bintools that uses equivalent tools from LLVM in place of the ones
|
||||
# from cctools when possible.
|
||||
|
||||
{ lib, stdenv, makeWrapper, cctools-port, llvmPackages, enableManpages ? true }:
|
||||
{ lib, stdenv, makeWrapper, cctools-port, llvmPackages, enableManpages ? stdenv.targetPlatform == stdenv.hostPlatform }:
|
||||
|
||||
let
|
||||
inherit (stdenv) targetPlatform hostPlatform;
|
||||
|
||||
cctoolsVersion = lib.getVersion cctools-port;
|
||||
llvmVersion = llvmPackages.release_version;
|
||||
|
||||
|
@ -18,6 +20,10 @@ let
|
|||
# not appear to have issues, but the source is not available yet (as of June 2023).
|
||||
useLLVMStrip = lib.versionAtLeast llvmVersion "15" || lib.versionAtLeast cctoolsVersion "1005.2";
|
||||
|
||||
# Clang 11 performs an optimization on x86_64 that is sensitive to the presence of debug info.
|
||||
# This causes GCC to fail to bootstrap due to object file differences between stages 2 and 3.
|
||||
useClangAssembler = lib.versionAtLeast llvmVersion "12" || !stdenv.isx86_64;
|
||||
|
||||
llvm_bins = [
|
||||
"dwarfdump"
|
||||
"nm"
|
||||
|
@ -50,9 +56,10 @@ let
|
|||
]
|
||||
++ lib.optional (!useLLVMBitcodeStrip) "bitcode_strip"
|
||||
++ lib.optional (!useLLVMOtool) "otool"
|
||||
++ lib.optional (!useLLVMStrip) "strip";
|
||||
++ lib.optional (!useLLVMStrip) "strip"
|
||||
++ lib.optional (!useClangAssembler) "as";
|
||||
|
||||
inherit (stdenv.cc) targetPrefix;
|
||||
targetPrefix = lib.optionalString (targetPlatform != hostPlatform) "${targetPlatform.config}-";
|
||||
|
||||
linkManPages = pkg: source: target: lib.optionalString enableManpages ''
|
||||
sourcePath=${pkg}/share/man/man1/${source}.1.gz
|
||||
|
@ -77,11 +84,13 @@ stdenv.mkDerivation {
|
|||
mkdir -p "$out/bin" "$man"
|
||||
ln -s ${lib.getDev cctools-port} "$dev"
|
||||
|
||||
'' + lib.optionalString useClangAssembler ''
|
||||
# Use the clang-integrated assembler instead of using `as` from cctools.
|
||||
makeWrapper "${lib.getBin llvmPackages.clang-unwrapped}/bin/clang" "$out/bin/${targetPrefix}as" \
|
||||
--add-flags "-x assembler -integrated-as -c"
|
||||
|
||||
ln -s "${lib.getBin llvmPackages.bintools-unwrapped}/bin/llvm-ar" "$out/bin/${targetPrefix}ar"
|
||||
'' + ''
|
||||
ln -s "${lib.getBin llvmPackages.bintools-unwrapped}/bin/${targetPrefix}llvm-ar" "$out/bin/${targetPrefix}ar"
|
||||
${linkManPages llvmPackages.llvm-manpages "llvm-ar" "ar"}
|
||||
|
||||
for tool in ${toString llvm_bins}; do
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
{ lib, stdenv, fetchFromGitHub, autoconf, automake, libtool, autoreconfHook
|
||||
{ lib, stdenv, fetchFromGitHub, autoconf, automake, libtool, autoreconfHook, memstreamHook
|
||||
, installShellFiles
|
||||
, libuuid
|
||||
, libobjc ? null, maloader ? null
|
||||
|
@ -35,7 +35,8 @@ stdenv.mkDerivation {
|
|||
|
||||
outputs = [ "out" "dev" "man" ];
|
||||
|
||||
nativeBuildInputs = [ autoconf automake libtool autoreconfHook installShellFiles ];
|
||||
nativeBuildInputs = [ autoconf automake libtool autoreconfHook installShellFiles ]
|
||||
++ lib.optionals (stdenv.isDarwin && stdenv.isx86_64) [ memstreamHook ];
|
||||
buildInputs = [ libuuid ]
|
||||
++ lib.optionals stdenv.isDarwin [ libobjc ]
|
||||
++ lib.optional enableTapiSupport libtapi;
|
||||
|
@ -51,8 +52,9 @@ stdenv.mkDerivation {
|
|||
url = "https://github.com/MercuryTechnologies/cctools-port/commit/025899b7b3593dedb0c681e689e57c0e7bbd9b80.patch";
|
||||
hash = "sha256-SWVUzFaJHH2fu9y8RcU3Nx/QKx60hPE5zFx0odYDeQs=";
|
||||
})
|
||||
]
|
||||
++ lib.optional stdenv.isDarwin ./darwin-no-memstream.patch;
|
||||
# Always use `open_memstream`. This is provided by memstream via hook on x86_64-darwin.
|
||||
./darwin-memstream.patch
|
||||
];
|
||||
|
||||
__propagatedImpureHostDeps = [
|
||||
# As far as I can tell, otool from cctools is the only thing that depends on these two, and we should fix them
|
||||
|
|
|
@ -0,0 +1,11 @@
|
|||
--- a/CoreFoundation/RunLoop.subproj/CFMessagePort.c 1969-12-31 19:00:01.000000000 -0500
|
||||
+++ b/CoreFoundation/RunLoop.subproj/CFMessagePort.c 2023-06-09 20:25:28.599209755 -0400
|
||||
@@ -28,6 +28,8 @@
|
||||
#endif
|
||||
#endif
|
||||
|
||||
+#include <bootstrap.h>
|
||||
+
|
||||
extern pid_t getpid(void);
|
||||
|
||||
#define __kCFMessagePortMaxNameLengthMax 255
|
|
@ -0,0 +1,25 @@
|
|||
diff -u a/CoreFoundation/URL.subproj/CFURLComponents.c b/CoreFoundation/URL.subproj/CFURLComponents.c
|
||||
--- a/CoreFoundation/URL.subproj/CFURLComponents.c 1969-12-31 19:00:01.000000000 -0500
|
||||
+++ b/CoreFoundation/URL.subproj/CFURLComponents.c 2023-06-09 20:36:52.995514573 -0400
|
||||
@@ -66,7 +66,8 @@
|
||||
return CFRetain(CFSTR("A really nice CFURLComponents object"));
|
||||
}
|
||||
|
||||
-CF_CROSS_PLATFORM_EXPORT void __CFURLComponentsDeallocate(CFURLComponentsRef instance) {
|
||||
+CF_CROSS_PLATFORM_EXPORT void __CFURLComponentsDeallocate(CFTypeRef cf) {
|
||||
+ CFURLComponentsRef instance = (CFURLComponentsRef)cf;
|
||||
__CFGenericValidateType(instance, _CFURLComponentsGetTypeID());
|
||||
|
||||
if (instance->_urlString) CFRelease(instance->_urlString);
|
||||
diff -u a/CoreFoundation/URL.subproj/CFURLComponents.h b/CoreFoundation/URL.subproj/CFURLComponents.h
|
||||
--- a/CoreFoundation/URL.subproj/CFURLComponents.h 1969-12-31 19:00:01.000000000 -0500
|
||||
+++ b/CoreFoundation/URL.subproj/CFURLComponents.h 2023-06-09 20:39:36.967857713 -0400
|
||||
@@ -38,7 +38,7 @@
|
||||
|
||||
CF_EXPORT CFTypeID _CFURLComponentsGetTypeID(void);
|
||||
|
||||
-CF_CROSS_PLATFORM_EXPORT void __CFURLComponentsDeallocate(CFURLComponentsRef);
|
||||
+CF_CROSS_PLATFORM_EXPORT void __CFURLComponentsDeallocate(CFTypeRef);
|
||||
|
||||
// URLComponents are always mutable.
|
||||
CF_EXPORT _Nullable CFURLComponentsRef _CFURLComponentsCreate(CFAllocatorRef alloc);
|
|
@ -0,0 +1,66 @@
|
|||
--- a/CoreFoundation/CMakeLists.txt 1969-12-31 19:00:01.000000000 -0500
|
||||
+++ b/CoreFoundation/CMakeLists.txt 2023-06-29 18:52:49.096019700 -0400
|
||||
@@ -129,7 +129,7 @@
|
||||
Base.subproj/CFByteOrder.h
|
||||
Base.subproj/CFUUID.h
|
||||
Base.subproj/CFUtilities.h
|
||||
- Base.subproj/SwiftRuntime/CoreFoundation.h
|
||||
+ Base.subproj/CoreFoundation.h # The SwiftRuntime version of this file causes linker errors and is not correct for standalone CF.
|
||||
Base.subproj/SwiftRuntime/TargetConditionals.h
|
||||
# Collections
|
||||
Collections.subproj/CFArray.h
|
||||
@@ -245,6 +245,8 @@
|
||||
# RunLoop
|
||||
RunLoop.subproj/CFRunLoop.c
|
||||
RunLoop.subproj/CFSocket.c
|
||||
+ RunLoop.subproj/CFMachPort.c # These files are missing from the upstream `CMakeLists.txt` but required to build on Darwin.
|
||||
+ RunLoop.subproj/CFMessagePort.c
|
||||
# Stream
|
||||
Stream.subproj/CFConcreteStreams.c
|
||||
Stream.subproj/CFSocketStream.c
|
||||
@@ -336,6 +338,11 @@
|
||||
target_include_directories(CoreFoundation
|
||||
PRIVATE
|
||||
${CURL_INCLUDE_DIRS})
|
||||
+elseif(CMAKE_SYSTEM_NAME STREQUAL Darwin)
|
||||
+ find_package(CURL REQUIRED)
|
||||
+ target_include_directories(CoreFoundation PRIVATE ${CURL_INCLUDE_DIRS})
|
||||
+ find_package(LibXml2 REQUIRED)
|
||||
+ target_include_directories(CoreFoundation PRIVATE ${LIBXML2_INCLUDE_DIR})
|
||||
else()
|
||||
target_include_directories(CoreFoundation
|
||||
PRIVATE
|
||||
@@ -365,6 +372,10 @@
|
||||
PRIVATE
|
||||
${CURL_LIBRARIES}
|
||||
${LIBXML2_LIBRARIES})
|
||||
+elseif(CMAKE_SYSTEM_NAME STREQUAL Darwin)
|
||||
+ target_link_libraries(CoreFoundation PRIVATE
|
||||
+ ${CURL_LIBRARIES}
|
||||
+ ${LIBXML2_LIBRARIES})
|
||||
else()
|
||||
target_link_libraries(CoreFoundation
|
||||
PRIVATE
|
||||
@@ -398,9 +400,19 @@
|
||||
target_link_libraries(CoreFoundation
|
||||
PRIVATE
|
||||
icucore)
|
||||
- set_target_properties(CoreFoundation
|
||||
- PROPERTIES LINK_FLAGS
|
||||
- -Xlinker;-alias_list;-Xlinker;Base.subproj/DarwinSymbolAliases;-twolevel_namespace;-sectcreate;__UNICODE;__csbitmaps;CharacterSets/CFCharacterSetBitmaps.bitmap;-sectcreate;__UNICODE;__properties;CharacterSets/CFUniCharPropertyDatabase.data;-sectcreate;__UNICODE;__data;CharacterSets/CFUnicodeData-L.mapping;-segprot;__UNICODE;r;r)
|
||||
+ target_link_options(CoreFoundation
|
||||
+ PUBLIC
|
||||
+ "LINKER:-alias_list,../Base.subproj/DarwinSymbolAliases"
|
||||
+ "LINKER:-twolevel_namespace"
|
||||
+ "LINKER:-sectcreate,__UNICODE,__csbitmaps,../CharacterSets/CFCharacterSetBitmaps.bitmap"
|
||||
+ "LINKER:-sectcreate,__UNICODE,__properties,../CharacterSets/CFUniCharPropertyDatabase.data"
|
||||
+ "LINKER:-sectcreate,__UNICODE,__data,../CharacterSets/CFUnicodeData-L.mapping"
|
||||
+ "LINKER:-segprot,__UNICODE,r,r"
|
||||
+ "LINKER:-current_version,1454.90.0"
|
||||
+ "LINKER:-compatibility_version,150.0.0"
|
||||
+ "LINKER:-init,___CFInitialize")
|
||||
+ set(CMAKE_SHARED_LIBRARY_PREFIX "")
|
||||
+ set(CMAKE_SHARED_LIBRARY_SUFFIX "")
|
||||
endif()
|
||||
|
||||
install(TARGETS
|
|
@ -0,0 +1,23 @@
|
|||
diff -u aa/CoreFoundation/CMakeLists.txt b/CoreFoundation/CMakeLists.txt
|
||||
--- a/CoreFoundation/CMakeLists.txt 1969-12-31 19:00:01.000000000 -0500
|
||||
+++ b/CoreFoundation/CMakeLists.txt 2023-06-29 18:59:19.492601179 -0400
|
||||
|
||||
@@ -424,16 +424,11 @@
|
||||
set(CMAKE_SHARED_LIBRARY_SUFFIX "")
|
||||
endif()
|
||||
|
||||
-install(TARGETS
|
||||
- CoreFoundation
|
||||
- DESTINATION
|
||||
- "${CMAKE_INSTALL_FULL_LIBDIR}")
|
||||
install(DIRECTORY
|
||||
${CoreFoundation_FRAMEWORK_DIRECTORY}
|
||||
DESTINATION
|
||||
- ${CMAKE_INSTALL_PREFIX}/System/Library/Frameworks
|
||||
- USE_SOURCE_PERMISSIONS
|
||||
- PATTERN PrivateHeaders EXCLUDE)
|
||||
+ ${CMAKE_INSTALL_PREFIX}/Library/Frameworks
|
||||
+ USE_SOURCE_PERMISSIONS)
|
||||
|
||||
|
||||
# TODO(compnerd) formalize this
|
|
@ -0,0 +1,84 @@
|
|||
diff -u a/CoreFoundation/CMakeLists.txt b/CoreFoundation/CMakeLists.txt
|
||||
--- a/CoreFoundation/CMakeLists.txt 1969-12-31 19:00:01.000000000 -0500
|
||||
+++ b/CoreFoundation/CMakeLists.txt 2023-06-29 18:59:08.659632504 -0400
|
||||
@@ -1,5 +1,5 @@
|
||||
|
||||
-cmake_minimum_required(VERSION 3.4.3)
|
||||
+cmake_minimum_required(VERSION 3.14)
|
||||
list(APPEND CMAKE_MODULE_PATH
|
||||
"${CMAKE_CURRENT_SOURCE_DIR}/cmake/modules")
|
||||
|
||||
@@ -45,6 +45,8 @@
|
||||
${FRAMEWORK_LIBRARY_TYPE}
|
||||
FRAMEWORK_DIRECTORY
|
||||
CoreFoundation_FRAMEWORK_DIRECTORY
|
||||
+ VERSION
|
||||
+ A
|
||||
MODULE_MAP
|
||||
Base.subproj/module.modulemap
|
||||
PRIVATE_HEADERS
|
||||
diff -u a/CoreFoundation/cmake/modules/CoreFoundationAddFramework.cmake b/CoreFoundation/cmake/modules/CoreFoundationAddFramework.cmake
|
||||
--- a/CoreFoundation/cmake/modules/CoreFoundationAddFramework.cmake 1969-12-31 19:00:01.000000000 -0500
|
||||
+++ b/CoreFoundation/cmake/modules/CoreFoundationAddFramework.cmake 2023-06-29 18:57:55.792860996 -0400
|
||||
@@ -3,7 +3,7 @@
|
||||
|
||||
function(add_framework NAME)
|
||||
set(options STATIC SHARED)
|
||||
- set(single_value_args MODULE_MAP FRAMEWORK_DIRECTORY)
|
||||
+ set(single_value_args MODULE_MAP FRAMEWORK_DIRECTORY VERSION)
|
||||
set(multiple_value_args PRIVATE_HEADERS PUBLIC_HEADERS SOURCES)
|
||||
cmake_parse_arguments(AF "${options}" "${single_value_args}" "${multiple_value_args}" ${ARGN})
|
||||
|
||||
@@ -14,26 +14,32 @@
|
||||
set(AF_TYPE SHARED)
|
||||
endif()
|
||||
|
||||
+ file(MAKE_DIRECTORY ${CMAKE_BINARY_DIR}/${NAME}.framework/Versions/${AF_VERSION})
|
||||
+ file(CREATE_LINK ${AF_VERSION} ${CMAKE_BINARY_DIR}/${NAME}.framework/Versions/Current SYMBOLIC)
|
||||
+
|
||||
if(AF_MODULE_MAP)
|
||||
file(COPY
|
||||
${AF_MODULE_MAP}
|
||||
DESTINATION
|
||||
- ${CMAKE_BINARY_DIR}/${NAME}.framework/Modules
|
||||
+ ${CMAKE_BINARY_DIR}/${NAME}.framework/Versions/Current/Modules
|
||||
NO_SOURCE_PERMISSIONS)
|
||||
+ file(CREATE_LINK Versions/Current/Modules ${CMAKE_BINARY_DIR}/${NAME}.framework/Modules SYMBOLIC)
|
||||
endif()
|
||||
if(AF_PUBLIC_HEADERS)
|
||||
file(COPY
|
||||
${AF_PUBLIC_HEADERS}
|
||||
DESTINATION
|
||||
- ${CMAKE_BINARY_DIR}/${NAME}.framework/Headers
|
||||
+ ${CMAKE_BINARY_DIR}/${NAME}.framework/Versions/Current/Headers
|
||||
NO_SOURCE_PERMISSIONS)
|
||||
+ file(CREATE_LINK Versions/Current/Headers ${CMAKE_BINARY_DIR}/${NAME}.framework/Headers SYMBOLIC)
|
||||
endif()
|
||||
if(AF_PRIVATE_HEADERS)
|
||||
file(COPY
|
||||
${AF_PRIVATE_HEADERS}
|
||||
DESTINATION
|
||||
- ${CMAKE_BINARY_DIR}/${NAME}.framework/PrivateHeaders
|
||||
+ ${CMAKE_BINARY_DIR}/${NAME}.framework/Versions/Current/PrivateHeaders
|
||||
NO_SOURCE_PERMISSIONS)
|
||||
+ file(CREATE_LINK Versions/Current/PrivateHeaders ${CMAKE_BINARY_DIR}/${NAME}.framework/PrivateHeaders SYMBOLIC)
|
||||
endif()
|
||||
add_custom_target(${NAME}_POPULATE_HEADERS
|
||||
DEPENDS
|
||||
@@ -51,13 +57,15 @@
|
||||
set_target_properties(${NAME}
|
||||
PROPERTIES
|
||||
LIBRARY_OUTPUT_DIRECTORY
|
||||
- ${CMAKE_BINARY_DIR}/${NAME}.framework)
|
||||
+ ${CMAKE_BINARY_DIR}/${NAME}.framework/Versions/Current)
|
||||
target_compile_options(${NAME}
|
||||
PRIVATE
|
||||
-F;${CMAKE_BINARY_DIR}
|
||||
-I;${CMAKE_BINARY_DIR}/${NAME}.framework/PrivateHeaders)
|
||||
add_dependencies(${NAME} ${NAME}_POPULATE_HEADERS)
|
||||
|
||||
+ file(CREATE_LINK Versions/Current/${NAME} ${CMAKE_BINARY_DIR}/${NAME}.framework/${NAME} SYMBOLIC)
|
||||
+
|
||||
if(AF_FRAMEWORK_DIRECTORY)
|
||||
set(${AF_FRAMEWORK_DIRECTORY} ${CMAKE_BINARY_DIR}/${NAME}.framework PARENT_SCOPE)
|
||||
endif()
|
|
@ -0,0 +1,31 @@
|
|||
diff -ur d/CoreFoundation/CMakeLists.txt e/CoreFoundation/CMakeLists.txt
|
||||
--- d/CoreFoundation/CMakeLists.txt 1969-12-31 19:00:01.000000000 -0500
|
||||
+++ e/CoreFoundation/CMakeLists.txt 2023-06-29 19:13:15.561253229 -0400
|
||||
@@ -343,6 +343,7 @@
|
||||
elseif(CMAKE_SYSTEM_NAME STREQUAL Darwin)
|
||||
find_package(CURL REQUIRED)
|
||||
target_include_directories(CoreFoundation PRIVATE ${CURL_INCLUDE_DIRS})
|
||||
+ find_package(ICU COMPONENTS uc i18n data REQUIRED)
|
||||
find_package(LibXml2 REQUIRED)
|
||||
target_include_directories(CoreFoundation PRIVATE ${LIBXML2_INCLUDE_DIR})
|
||||
else()
|
||||
@@ -377,6 +378,9 @@
|
||||
elseif(CMAKE_SYSTEM_NAME STREQUAL Darwin)
|
||||
target_link_libraries(CoreFoundation PRIVATE
|
||||
${CURL_LIBRARIES}
|
||||
+ ICU::uc
|
||||
+ ICU::i18n
|
||||
+ ICU::data
|
||||
${LIBXML2_LIBRARIES})
|
||||
else()
|
||||
target_link_libraries(CoreFoundation
|
||||
@@ -408,9 +412,6 @@
|
||||
PROPERTIES LINK_FLAGS
|
||||
-Xlinker;@${CMAKE_SOURCE_DIR}/linux.ld;-Bsymbolic)
|
||||
elseif(CMAKE_SYSTEM_NAME STREQUAL Darwin)
|
||||
- target_link_libraries(CoreFoundation
|
||||
- PRIVATE
|
||||
- icucore)
|
||||
target_link_options(CoreFoundation
|
||||
PUBLIC
|
||||
"LINKER:-alias_list,../Base.subproj/DarwinSymbolAliases"
|
|
@ -0,0 +1,46 @@
|
|||
diff -u a/CoreFoundation/CMakeLists.txt b/CoreFoundation/CMakeLists.txt
|
||||
--- a/CoreFoundation/CMakeLists.txt 1969-12-31 19:00:01.000000000 -0500
|
||||
+++ b/CoreFoundation/CMakeLists.txt 2023-06-29 19:39:30.074449222 -0400
|
||||
@@ -104,7 +104,6 @@
|
||||
# URL
|
||||
URL.subproj/CFURL.inc.h
|
||||
URL.subproj/CFURLPriv.h
|
||||
- URL.subproj/CFURLSessionInterface.h
|
||||
PUBLIC_HEADERS
|
||||
# FIXME: PrivateHeaders referenced by public headers
|
||||
Base.subproj/CFKnownLocations.h
|
||||
@@ -120,7 +119,6 @@
|
||||
String.subproj/CFRegularExpression.h
|
||||
String.subproj/CFRunArray.h
|
||||
URL.subproj/CFURLPriv.h
|
||||
- URL.subproj/CFURLSessionInterface.h
|
||||
|
||||
# AppServices
|
||||
AppServices.subproj/CFNotificationCenter.h
|
||||
@@ -280,8 +278,7 @@
|
||||
URL.subproj/CFURL.c
|
||||
URL.subproj/CFURLAccess.c
|
||||
URL.subproj/CFURLComponents.c
|
||||
- URL.subproj/CFURLComponents_URIParser.c
|
||||
- URL.subproj/CFURLSessionInterface.c)
|
||||
+ URL.subproj/CFURLComponents_URIParser.c)
|
||||
if(CMAKE_SYSTEM_NAME STREQUAL Linux OR CMAKE_SYSTEM_NAME STREQUAL Android)
|
||||
target_compile_definitions(CoreFoundation
|
||||
PRIVATE
|
||||
@@ -341,8 +338,6 @@
|
||||
PRIVATE
|
||||
${CURL_INCLUDE_DIRS})
|
||||
elseif(CMAKE_SYSTEM_NAME STREQUAL Darwin)
|
||||
- find_package(CURL REQUIRED)
|
||||
- target_include_directories(CoreFoundation PRIVATE ${CURL_INCLUDE_DIRS})
|
||||
find_package(ICU COMPONENTS uc i18n data REQUIRED)
|
||||
find_package(LibXml2 REQUIRED)
|
||||
target_include_directories(CoreFoundation PRIVATE ${LIBXML2_INCLUDE_DIR})
|
||||
@@ -377,7 +372,6 @@
|
||||
${LIBXML2_LIBRARIES})
|
||||
elseif(CMAKE_SYSTEM_NAME STREQUAL Darwin)
|
||||
target_link_libraries(CoreFoundation PRIVATE
|
||||
- ${CURL_LIBRARIES}
|
||||
ICU::uc
|
||||
ICU::i18n
|
||||
ICU::data
|
|
@ -1,4 +1,4 @@
|
|||
{ lib, stdenv, fetchFromGitHub, fetchurl, makeSetupHook, ninja, python3, curl, libxml2, objc4, ICU }:
|
||||
{ lib, stdenv, fetchFromGitHub, fetchurl, makeSetupHook, cmake, ninja, pkg-config, launchd, libdispatch, python3, libxml2, objc4, icu }:
|
||||
|
||||
let
|
||||
# 10.12 adds a new sysdir.h that our version of CF in the main derivation depends on, but
|
||||
|
@ -21,29 +21,39 @@ stdenv.mkDerivation {
|
|||
sha256 = "17kpql0f27xxz4jjw84vpas5f5sn4vdqwv10g151rc3rswbwln1z";
|
||||
};
|
||||
|
||||
nativeBuildInputs = [ ninja python3 ];
|
||||
buildInputs = [ curl libxml2 objc4 ICU ];
|
||||
nativeBuildInputs = [ cmake ninja pkg-config python3 ];
|
||||
buildInputs = [ (lib.getDev launchd) libdispatch libxml2 objc4 icu ];
|
||||
|
||||
patches = [ ./0001-Add-missing-TARGET_OS_-defines.patch ];
|
||||
patches = [
|
||||
./0001-Add-missing-TARGET_OS_-defines.patch
|
||||
# CFMessagePort.h uses `bootstrap_check_in` without declaring it, which is defined in the launchd headers.
|
||||
./0002-Add-missing-launchd-header.patch
|
||||
# CFURLComponents fails to build with clang 16 due to an invalid pointer conversion. This is fixed upstream.
|
||||
./0003-Fix-incompatible-pointer-conversion.patch
|
||||
# Fix `CMakeLists.txt` to allow it to be used instead of `build.py` to build on Darwin.
|
||||
./0004-Fix-Darwin-cmake-build.patch
|
||||
# Install CF framework in `$out/Library/Frameworks` instead of `$out/System/Frameworks`.
|
||||
./0005-Fix-framework-installation-path.patch
|
||||
# Build a framework that matches the contents of the system CoreFoundation. This patch adds
|
||||
# versioning and drops the prefix and suffix, so the dynamic library is named `CoreFoundation`
|
||||
# instead of `libCoreFoundation.dylib`.
|
||||
./0006-System-CF-framework-compatibility.patch
|
||||
# Link against the nixpkgs ICU instead of using Apple’s vendored version.
|
||||
./0007-Use-nixpkgs-icu.patch
|
||||
# Don’t link against libcurl. This breaks a cycle between CF and curl, which depends on CF and
|
||||
# uses the SystemConfiguration framework to support NAT64.
|
||||
# This is safe because the symbols provided in CFURLSessionInterface are not provided by the
|
||||
# system CoreFoundation. They are meant to be used by the implementation of `NSURLSession` in
|
||||
# swift-corelibs-foundation, which is not built because it is not fully compatible with the
|
||||
# system Foundation used on Darwin.
|
||||
./0008-Dont-link-libcurl.patch
|
||||
];
|
||||
|
||||
postPatch = ''
|
||||
cd CoreFoundation
|
||||
|
||||
cp ${sysdir-free-system-directories} Base.subproj/CFSystemDirectories.c
|
||||
|
||||
# In order, since I can't comment individual lines:
|
||||
# 1. Disable dispatch support for now
|
||||
# 2. For the linker too
|
||||
# 3. Use the legit CoreFoundation.h, not the one telling you not to use it because of Swift
|
||||
substituteInPlace build.py \
|
||||
--replace "cf.CFLAGS += '-DDEPLOYMENT" '#' \
|
||||
--replace "cf.LDFLAGS += '-ldispatch" '#'
|
||||
|
||||
# Fix sandbox impurities.
|
||||
substituteInPlace ../lib/script.py \
|
||||
--replace '/bin/cp' cp
|
||||
patchShebangs --build ../configure
|
||||
|
||||
# Includes xpc for some initialization routine that they don't define anyway, so no harm here
|
||||
substituteInPlace PlugIn.subproj/CFBundlePriv.h \
|
||||
--replace '#if (TARGET_OS_MAC' '#if (0'
|
||||
|
@ -55,55 +65,27 @@ stdenv.mkDerivation {
|
|||
# The MIN macro doesn't seem to be defined sensibly for us. Not sure if our stdenv or their bug
|
||||
substituteInPlace Base.subproj/CoreFoundation_Prefix.h \
|
||||
--replace '#if DEPLOYMENT_TARGET_WINDOWS || DEPLOYMENT_TARGET_LINUX' '#if 1'
|
||||
|
||||
# Somehow our ICU doesn't have this, probably because it's too old (we'll update it soon when we update the rest of the SDK)
|
||||
substituteInPlace Locale.subproj/CFLocale.c \
|
||||
--replace '#if U_ICU_VERSION_MAJOR_NUM' '#if 0 //'
|
||||
'';
|
||||
|
||||
BUILD_DIR = "./Build";
|
||||
CFLAGS = "-DINCLUDE_OBJC -I${libxml2.dev}/include/libxml2"; # They seem to assume we include objc in some places and not in others, make a PR; also not sure why but libxml2 include path isn't getting picked up from buildInputs
|
||||
env.NIX_CFLAGS_COMPILE = toString [
|
||||
# Silence warnings regarding other targets
|
||||
"-Wno-error=undef-prefix"
|
||||
# Avoid redefinitions when including objc headers
|
||||
"-DINCLUDE_OBJC=1"
|
||||
];
|
||||
|
||||
# I'm guessing at the version here. https://github.com/apple/swift-corelibs-foundation/commit/df3ec55fe6c162d590a7653d89ad669c2b9716b1 imported "high sierra"
|
||||
# and this version is a version from there. No idea how accurate it is.
|
||||
LDFLAGS = "-current_version 1454.90.0 -compatibility_version 150.0.0 -init ___CFInitialize";
|
||||
|
||||
configurePhase = ''
|
||||
../configure release --sysroot UNUSED
|
||||
'';
|
||||
cmakeFlags = [
|
||||
"-DBUILD_SHARED_LIBS=ON"
|
||||
"-DCF_ENABLE_LIBDISPATCH=OFF"
|
||||
];
|
||||
|
||||
enableParallelBuilding = true;
|
||||
|
||||
buildPhase = ''
|
||||
runHook preBuild
|
||||
postInstall = ''
|
||||
install_name_tool -id '@rpath/CoreFoundation.framework/Versions/A/CoreFoundation' \
|
||||
"$out/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation"
|
||||
|
||||
ninja -j $NIX_BUILD_CORES
|
||||
|
||||
runHook postBuild
|
||||
mkdir -p "$out/nix-support"
|
||||
substituteAll ${./pure-corefoundation-hook.sh} "$out/nix-support/setup-hook"
|
||||
'';
|
||||
|
||||
# TODO: their build system sorta kinda can do this, but it doesn't seem to work right now
|
||||
# Also, this includes a bunch of private headers in the framework, which is not what we want
|
||||
installPhase = ''
|
||||
base="$out/Library/Frameworks/CoreFoundation.framework"
|
||||
mkdir -p $base/Versions/A/{Headers,PrivateHeaders,Modules}
|
||||
|
||||
cp ./Build/CoreFoundation/libCoreFoundation.dylib $base/Versions/A/CoreFoundation
|
||||
|
||||
# Note that this could easily live in the ldflags above as `-install_name @rpath/...` but
|
||||
# https://github.com/NixOS/nixpkgs/issues/46434 thwarts that, so for now I'm hacking it up
|
||||
# after the fact.
|
||||
install_name_tool -id '@rpath/CoreFoundation.framework/Versions/A/CoreFoundation' $base/Versions/A/CoreFoundation
|
||||
|
||||
cp ./Build/CoreFoundation/usr/include/CoreFoundation/*.h $base/Versions/A/Headers
|
||||
cp ./Build/CoreFoundation/usr/include/CoreFoundation/module.modulemap $base/Versions/A/Modules
|
||||
|
||||
ln -s A $base/Versions/Current
|
||||
|
||||
for i in CoreFoundation Headers Modules; do
|
||||
ln -s Versions/Current/$i $base/$i
|
||||
done
|
||||
'';
|
||||
|
||||
darwinEnvHook = makeSetupHook { name = "darwin-env-hook"; } ./pure-corefoundation-hook.sh;
|
||||
}
|
||||
|
|
|
@ -22,13 +22,13 @@
|
|||
}:
|
||||
|
||||
let
|
||||
apparmor-version = "3.1.5";
|
||||
apparmor-version = "3.1.6";
|
||||
|
||||
apparmor-meta = component: with lib; {
|
||||
homepage = "https://apparmor.net/";
|
||||
description = "A mandatory access control system - ${component}";
|
||||
license = licenses.gpl2;
|
||||
maintainers = with maintainers; [ julm thoughtpolice ];
|
||||
license = with licenses; [ gpl2Only lgpl21Only ];
|
||||
maintainers = with maintainers; [ julm thoughtpolice ajs124 ];
|
||||
platforms = platforms.linux;
|
||||
};
|
||||
|
||||
|
@ -36,7 +36,7 @@ let
|
|||
owner = "apparmor";
|
||||
repo = "apparmor";
|
||||
rev = "v${apparmor-version}";
|
||||
hash = "sha256-nqIRs2REbSQNKglEEjAO/YSZc6r2ks128sUNq61gRWE=";
|
||||
hash = "sha256-VPgRmmQv+kgLduc6RTu9gotyjT6OImUXsPeatgG7m9E=";
|
||||
};
|
||||
|
||||
aa-teardown = writeShellScript "aa-teardown" ''
|
||||
|
|
|
@ -85,7 +85,6 @@ in stdenv.mkDerivation rec {
|
|||
"--enable-mesh"
|
||||
"--enable-midi"
|
||||
"--enable-nfc"
|
||||
"--enable-sap"
|
||||
"--enable-sixaxis"
|
||||
"--enable-btpclient"
|
||||
"--enable-hid2hci"
|
||||
|
|
|
@ -35,6 +35,9 @@ stdenv.mkDerivation rec {
|
|||
|
||||
outputs = [ "out" "drivers" ];
|
||||
|
||||
# causes redefinition of _FORTIFY_SOURCE
|
||||
hardeningDisable = [ "fortify3" ];
|
||||
|
||||
postInstall = ''
|
||||
# Avoid clash with intel-ocl
|
||||
mv $out/etc/OpenCL/vendors/intel.icd $out/etc/OpenCL/vendors/intel-neo.icd
|
||||
|
|
|
@ -6,11 +6,11 @@
|
|||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "iproute2";
|
||||
version = "6.3.0";
|
||||
version = "6.4.0";
|
||||
|
||||
src = fetchurl {
|
||||
url = "mirror://kernel/linux/utils/net/${pname}/${pname}-${version}.tar.xz";
|
||||
sha256 = "sha256-37KpjbluemU8/8ZpMzWhpGbimjS2rFKL5I814dJ2ZzI=";
|
||||
sha256 = "sha256-TFG43svH5NoVn/sGb1kM+5Pb+a9/+GsWR85Ct8F5onI=";
|
||||
};
|
||||
|
||||
patches = [
|
||||
|
@ -22,8 +22,8 @@ stdenv.mkDerivation rec {
|
|||
|
||||
# fix build on musl. applied anywhere to prevent patchrot.
|
||||
(fetchpatch {
|
||||
url = "https://git.alpinelinux.org/aports/plain/main/iproute2/min.patch?id=4b78dbe29d18151402052c56af43cc12d04b1a69";
|
||||
sha256 = "sha256-0ROZQAN3mUPPgggictr23jyA4JDG7m9vmBUhgRp4ExY=";
|
||||
url = "https://git.alpinelinux.org/aports/plain/main/iproute2/include.patch?id=bd46efb8a8da54948639cebcfa5b37bd608f1069";
|
||||
sha256 = "sha256-NpNnSXQntuzzpjswE42yzo7nqmrQgI5YcHR2kp9NEwA=";
|
||||
})
|
||||
];
|
||||
|
||||
|
|
|
@ -111,12 +111,12 @@ let
|
|||
in {
|
||||
inherit makeLinuxHeaders;
|
||||
|
||||
linuxHeaders = let version = "6.3"; in
|
||||
linuxHeaders = let version = "6.4"; in
|
||||
makeLinuxHeaders {
|
||||
inherit version;
|
||||
src = fetchurl {
|
||||
url = "mirror://kernel/linux/kernel/v${lib.versions.major version}.x/linux-${version}.tar.xz";
|
||||
hash = "sha256-ujSR9e1r0nCjcMRAQ049aQhfzdUoki+gHnPXZX23Ox4=";
|
||||
hash = "sha256-j6BYjwws7KRMrHeg45ukjJ8AprncaXYcAqXT76yNp/M=";
|
||||
};
|
||||
patches = [
|
||||
./no-relocs.patch # for building x86 kernel headers on non-ELF platforms
|
||||
|
|
|
@ -19,6 +19,9 @@ stdenv.mkDerivation rec {
|
|||
|
||||
makeFlags = [ "DESTDIR=$(out)" "LIBDIR=/lib" ];
|
||||
|
||||
# causes redefinition of _FORTIFY_SOURCE
|
||||
hardeningDisable = [ "fortify3" ];
|
||||
|
||||
meta = with lib; {
|
||||
description = "ChromiumOS libevdev. Renamed to avoid conflicts with the standard libevdev found in Linux distros";
|
||||
license = licenses.bsd3;
|
||||
|
|
|
@ -12,6 +12,9 @@ stdenv.mkDerivation {
|
|||
|
||||
makeFlags = [ "CC=${stdenv.cc.targetPrefix}cc" "prefix=$(out)" ];
|
||||
|
||||
# causes redefinition of _FORTIFY_SOURCE
|
||||
hardeningDisable = [ "fortify3" ];
|
||||
|
||||
postInstall = ''
|
||||
mkdir -p $out/share/man/man1
|
||||
cp man/mmc.1 $out/share/man/man1/
|
||||
|
|
|
@ -59,7 +59,10 @@ stdenv.mkDerivation rec {
|
|||
protobuf
|
||||
];
|
||||
|
||||
hardeningDisable = lib.optionals debug [
|
||||
hardeningDisable = [
|
||||
# causes redefinition of _FORTIFY_SOURCE
|
||||
"fortify3"
|
||||
] ++ lib.optionals debug [
|
||||
"fortify"
|
||||
];
|
||||
|
||||
|
|
Some files were not shown because too many files have changed in this diff Show more
Loading…
Reference in a new issue