swendel/nixpkgs
1
0
Fork 0
mirror of https://github.com/SebastianWendel/nixpkgs.git synced 2024-09-20 20:39:04 +02:00
Code Issues Packages Projects Releases Wiki Activity
527901 commits 5 branches 0 tags 27 GiB
Commit graph

7050 commits

Author SHA1 Message Date
github-actions[bot] 4c610adf95
Merge master into staging-next 2023-09-21 12:01:19 +00:00
Jörg Thalheim 53204fe466
Merge pull request #256423 from Artturin/fixwritecbin 
writers.writeCBin: fix binary name when cross-compiling
 2023-09-21 08:36:09 +02:00
github-actions[bot] 743d7baa31
Merge master into staging-next 2023-09-21 06:01:07 +00:00
Elis Hirwing edd1e27480
Merge pull request #256315 from NixOS/php/bump-composer-2-6-3 
phpPackages.composer: 2.6.2 -> 2.6.3
 2023-09-21 07:56:44 +02:00
Artturin 8a77757b7e writers.writeCBin: fix binary name when cross-compiling 
`$name` contains cross-compilation info `bin/wrapped-argv0-aarch64-unknown-linux-gnu`

name should not be set directly.
 2023-09-21 04:13:45 +03:00
github-actions[bot] 2b20c287ac
Merge master into staging-next 2023-09-21 00:02:13 +00:00
Maciej Krüger 6cecfa12b5
Merge pull request #239570 from hacker1024/feature/flutter-wrapper-gapps 
flutter: Use wrapGAppsHook
 2023-09-20 23:34:26 +02:00
Fabián Heredia Montiel b2f85dbf28 Merge remote-tracking branch 'origin/master' into staging-next 2023-09-20 15:08:16 -06:00
Pol Dellaiera c8b9e229e1
phpPackages.composer: 2.6.2 -> 2.6.3 2023-09-20 16:53:03 +02:00
ajs124 831148bf27 testers.testMetaPkgConfig: fix warning 
follow-up to feabc3db0fa3c875a45116734aa4ae4751c6ef76
 2023-09-19 16:11:42 +02:00
github-actions[bot] e22ad0ef4c
Merge master into staging-next 2023-09-19 12:01:22 +00:00
Pol Dellaiera 6e55577f33 build-support/php/composer-local-repo-plugin: 1.0.0 -> 1.0.2 
Also fix https://github.com/NixOS/nixpkgs/issues/255860
 2023-09-18 14:21:26 +02:00
github-actions[bot] d2fdbb7e40
Merge master into staging-next 2023-09-17 18:00:59 +00:00
Artturi 9466d15361
Merge pull request #255188 from NickCao/make-binary-wrapper 
makeBinaryWrapper.extractCmd: fix use in cross compilation
 2023-09-17 17:31:00 +03:00
Nick Cao c6e11d15ce
makeBinaryWrapper.extractCmd: fix use in cross compilation 2023-09-16 22:17:22 -04:00
Artturi 9acebc35f9
Merge pull request #235473 from szlend/fix-deterministic-uname-getops 2023-09-17 04:46:44 +03:00
Simon Žlender b485dd0036 deterministic-uname: fix default output 2023-09-17 00:08:43 +03:00
Atemu 88a0ff46e5
Merge pull request #253982 from rnhmjoj/pr-fhs 
buildFHSEnv: disable security features by default
 2023-09-16 21:09:24 +02:00
Elis Hirwing 28fd868e47
Merge pull request #255156 from NixOS/build-support/php/update-install-procedure 
build-support/php: prevent the creation of symlinks
 2023-09-15 08:39:55 +02:00
Pol Dellaiera a2f8623363
build-support/php: prevent the creation of symlinks 
Using symbolic links create issues on Darwin, therefore, using `makeWrapper` fix this.
 2023-09-14 21:40:33 +02:00
Weijia Wang 0cfc319f83 fetchDebianPatch: Require patch names with extensions 
Otherwise the fetcher is unuseable with patches
whose filename (in Debian) doesn't end in `.patch`.
 2023-09-14 18:55:30 +00:00
toonn 924efe5313
Merge pull request #249268 from Enzime/remmina-bundle 
writeDarwinBundle: use binary wrapper
 2023-09-14 15:05:13 +02:00
Elis Hirwing 350cac13cf
Merge pull request #248184 from NixOS/php/add-new-builder-only 
php: add new Composer builder
 2023-09-14 07:50:27 +02:00
Pol Dellaiera 3eb168da92
build-support/php: add composerNoDev, composerNoPlugins and composerNoScripts attributes 2023-09-13 17:08:04 +02:00
Pol Dellaiera 1173a34d15
build-support/php: move internal tools in php/build-support/php/pkgs 2023-09-13 17:07:48 +02:00
Elis Hirwing 1e238b8afe
php: Fix shellcheck string warnings in composer-install-hook 2023-09-13 15:00:04 +02:00
Elis Hirwing 2160ed2bcc
composer: Stop exposing composer built from a phar file 2023-09-13 15:00:04 +02:00
Elis Hirwing 9e701e6328
composer-local-repo-plugin: Stop exposing this internal tool 2023-09-13 15:00:03 +02:00
Pol Dellaiera b36ad2f517
php: add new builder buildComposerProject 2023-09-13 15:00:03 +02:00
Pol Dellaiera 27e3b694e7
composer-local-repo-plugin: init at 1.0.0 2023-09-13 15:00:03 +02:00
Jan Tojnar 1cd6d30f2f Merge branch 'master' into staging-next 2023-09-13 12:03:35 +02:00
Artturi edada48556
Merge pull request #254815 from johannwagner/fix-leading-hyphens-for-testVersion 2023-09-13 01:23:09 +03:00
Robert Scott 9e64f794d1
Merge pull request #208944 from risicle/ris-dockertools-makeoverridable 
dockerTools: use makeOverridable for buildImage family of functions
 2023-09-12 23:16:06 +01:00
Johann Wagner da073295d0 testers.testVersion: Fix usage of hyphens within the version argument 2023-09-12 21:54:10 +02:00
Vladimír Čunát 300eaad172
Merge branch 'master' into staging-next 2023-09-12 19:06:44 +02:00
Rick van Schijndel a31a3eca58
Merge pull request #251066 from lilyinstarlight/feature/prefetch-npm-deps-tokens 
prefetch-npm-deps: add support for NIX_NPM_TOKENS env var
 2023-09-12 17:31:26 +02:00
Anderson Torres 3fc613c5ba
Merge branch 'master' into staging-next 2023-09-11 23:25:38 +00:00
Lily Foster 7f76ac6e09
fetchNpmDeps: pass NIX_NPM_TOKENS as an impure env var 2023-09-11 16:50:17 -04:00
Lily Foster e271266179
prefetch-npm-deps: add support for NIX_NPM_TOKENS env var 2023-09-11 16:49:36 -04:00
Robert Scott 38c1400f67 dockerTools: use makeOverridable for buildImage family of functions 
this allows nix users to modify existing images without having
to rely on container image inheritance mechanisms via fromImage
 2023-09-11 21:10:37 +01:00
Artturi bb446a19f7
Merge pull request #247682 from minijackson/fix-ppc64be-linker 2023-09-11 22:13:42 +03:00
Minijackson 5581c0677c
bintools-wrapper: fix dynamic linker for powerpc64 big-endian 
fixes #245162
 2023-09-11 13:55:43 +02:00
github-actions[bot] 66c722f52f
Merge master into staging-next 2023-09-09 18:01:05 +00:00
sternenseemann bd374243c0 npmHooks: use adjacent packages, not buildPackages 
Hooks are essentially implemented as special shell packages that run on
their respective host platform. When they are used, they appear as
nativeBuildInputs (as they need to be executed as part of the build of a
package using them) so are taken from buildPackages relative to the
derivation using them.

Since the override in buildNpmPackage nullifies splicing, we take
npmHooks from buildPackages manually.

Fixes pkgsCross.ghcjs.buildPackages.emscripten and thus
pkgsCross.ghcjs.haskellPackages.ghc.
 2023-09-09 17:55:37 +02:00
github-actions[bot] a376e04925
Merge master into staging-next 2023-09-09 00:02:10 +00:00
Maciej Krüger 6146406653
Merge pull request #252343 from nbraud/fetchurl/hashValidation 2023-09-09 00:55:19 +02:00
rnhmjoj c945723356
buildFHSEnv: disable security features by default 
The implicit contract of buildFHSUserEnv was that it allows to run
software built for a typical GNU/Linux distribution (not NixOS) without
patching it (patchelf, autoPatchelfHook, etc.). Note that this does not
inherently imply running untrusted programs.

buildFHSUserEnv was implemented by using chroot and assembling a
standard-compliant FHS environment in the new root. As expected, this
did not provide any kind of isolation between the system and the
programs.

However, when it was later reimplemented using bubblewrap
(PR #225748), which *is* a security tool, several isolation features
involving detaches Linux namespaces were turned on by default.
This decision has introduced a number of breakages that are very
difficult to debug and trace back to this change.
For example: `unshareIPC` breaks software audio mixing in programs using
ALSA (dmix) and `unsharePID` breaks gdb,

Since:

  1. the security features were enable without any clear threat model;
  2. `buildFHSEnvBubblewrap` is supposed to be a drop-in replacement of
     `buildFHSEnvChrootenv` (see the release notes for NixOS 23.05);
  3. the change is breaking in several common cases (security does not
     come for free);
  4. the contract was not changed, or at least communicated in a clear
     way to the users;

all security features should be turned off by default.

P.S. It would be useful to create a variant of buildFHSEnv that does
provide some isolation. This could unshare some namespaces and mount
only limited parts of the filesystem.
Note that buildFHSEnv mounts every directory in / under the new root, so
again, very little is gained by unsharing alone.
 2023-09-08 09:15:50 +02:00
Artturi fa3a4a18c0
Merge pull request #192459 from danielfullmer/fix-cc-wrapper-libdir 2023-09-07 01:58:51 +03:00
github-actions[bot] aba6d8043f
Merge staging-next into staging 2023-09-06 18:01:28 +00:00
Silvan Mosberger 7cbc8215fd
Merge pull request #252865 from emily-is-my-username/fix/fetchgit-deepclone 
`fetchgit`: don't shallow clone if `deepClone` is requested
 2023-09-06 14:08:06 +02:00