The nixpkgs-unstable channel's programs.sqlite was used to identify
packages producing exactly one binary, and these automatically added
to their package definitions wherever possible.
Fix dependencies that are required by checksec.
Previously, checksec would sanitiz PATH, removing the PATH set by
the wrapper. A patch was added to remove this behavior.
Also replacing tools referenced with an absolute path with their
store path.
Co-authored-by: Jonathan Cooper <jonathan@cooper.cafe>
checksec needs the readelf command to work properly, which is contained
in the binutils-unwrapped derivation but not in the normal binutils.
Before this commit, this tool wasn't working due to that.
* treewide: http -> https sources
This updates the source urls of all top-level packages from http to
https where possible.
* buildtorrent: fix url and tab -> spaces
readelf which makes most of checks should come from binutils package instead of elfutils
E.g. the PIE check from checksec, different readelf gives different result:
(elfutils)
$ /nix/store/rgrji20513g19ci0sa6jydm86gpf4j42-elfutils-0.158/bin/readelf -d /nix/store/q1sbn93v4k3166s091s9biygv9srv8qa-nginx-1.6.2/bin/nginx
2>/dev/null |grep -q '(DEBUG)' ; echo $?
1
(binutils)
$ /nix/store/b8qhjrwf8sf9ggkjxqqav7f1m6w83bh0-binutils-2.23.1/bin/readelf -d /nix/store/q1sbn93v4k3166s091s9biygv9srv8qa-nginx-1.6.2/bin/nginx
2>/dev/null | grep -q '(DEBUG)' ; echo $?
0