From bc8d6d8f968fcc37b6495526b805e0de18f9f849 Mon Sep 17 00:00:00 2001 From: Vincent Haupert Date: Sun, 9 Oct 2022 00:00:18 +0200 Subject: [PATCH 01/27] nixos/networkd: `DHCPv6PrefixDelegation` -> `DHCPPrefixDelegation` Adapt to changes introduced in Systemd 250: > The [DHCPv6PrefixDelegation] section in .network file is renamed to > [DHCPPrefixDelegation], as now the prefix delegation is also > supported with DHCPv4 protocol by enabling the Use6RD= setting. Replaces the `dhcpV6PrefixDelegationConfig` with `dhcpPrefixDelegationConfig` and throws an error if the old option is used. Also adapt the respective IPv6 prefix delegation test. --- nixos/modules/system/boot/networkd.nix | 26 +++++++++++++------ ...ystemd-networkd-ipv6-prefix-delegation.nix | 2 +- 2 files changed, 19 insertions(+), 9 deletions(-) diff --git a/nixos/modules/system/boot/networkd.nix b/nixos/modules/system/boot/networkd.nix index cb60117f0eb8..7b6739e62d6a 100644 --- a/nixos/modules/system/boot/networkd.nix +++ b/nixos/modules/system/boot/networkd.nix @@ -526,7 +526,7 @@ let "IPv6ProxyNDP" "IPv6ProxyNDPAddress" "IPv6SendRA" - "DHCPv6PrefixDelegation" + "DHCPPrefixDelegation" "IPv6MTUBytes" "Bridge" "Bond" @@ -569,7 +569,7 @@ let (assertValueOneOf "IPv4ProxyARP" boolValues) (assertValueOneOf "IPv6ProxyNDP" boolValues) (assertValueOneOf "IPv6SendRA" boolValues) - (assertValueOneOf "DHCPv6PrefixDelegation" boolValues) + (assertValueOneOf "DHCPPrefixDelegation" boolValues) (assertByteFormat "IPv6MTUBytes") (assertValueOneOf "ActiveSlave" boolValues) (assertValueOneOf "PrimarySlave" boolValues) @@ -766,15 +766,20 @@ let (assertInt "IAID") ]; - sectionDHCPv6PrefixDelegation = checkUnitConfig "DHCPv6PrefixDelegation" [ + sectionDHCPPrefixDelegation = checkUnitConfig "DHCPPrefixDelegation" [ (assertOnlyFields [ + "UplinkInterface" "SubnetId" "Announce" "Assign" "Token" + "ManageTemporaryAddress" + "RouteMetric" ]) (assertValueOneOf "Announce" boolValues) (assertValueOneOf "Assign" boolValues) + (assertValueOneOf "ManageTemporaryAddress" boolValues) + (assertRange "RouteMetric" 0 4294967295) ]; sectionIPv6AcceptRA = checkUnitConfig "IPv6AcceptRA" [ @@ -1338,12 +1343,17 @@ let }; dhcpV6PrefixDelegationConfig = mkOption { + visible = false; + apply = _: throw "The option `systemd.network.networks..dhcpV6PrefixDelegationConfig` has been renamed to `systemd.network.networks..dhcpPrefixDelegationConfig`."; + }; + + dhcpPrefixDelegationConfig = mkOption { default = {}; example = { SubnetId = "auto"; Announce = true; }; - type = types.addCheck (types.attrsOf unitOption) check.network.sectionDHCPv6PrefixDelegation; + type = types.addCheck (types.attrsOf unitOption) check.network.sectionDHCPPrefixDelegation; description = lib.mdDoc '' Each attribute in this set specifies an option in the - `[DHCPv6PrefixDelegation]` section of the unit. See + `[DHCPPrefixDelegation]` section of the unit. See {manpage}`systemd.network(5)` for details. ''; }; @@ -1789,9 +1799,9 @@ let [DHCPv6] ${attrsToSection def.dhcpV6Config} '' - + optionalString (def.dhcpV6PrefixDelegationConfig != { }) '' - [DHCPv6PrefixDelegation] - ${attrsToSection def.dhcpV6PrefixDelegationConfig} + + optionalString (def.dhcpPrefixDelegationConfig != { }) '' + [DHCPPrefixDelegation] + ${attrsToSection def.dhcpPrefixDelegationConfig} '' + optionalString (def.ipv6AcceptRAConfig != { }) '' [IPv6AcceptRA] diff --git a/nixos/tests/systemd-networkd-ipv6-prefix-delegation.nix b/nixos/tests/systemd-networkd-ipv6-prefix-delegation.nix index 37a89fc21e44..4e04617acd6e 100644 --- a/nixos/tests/systemd-networkd-ipv6-prefix-delegation.nix +++ b/nixos/tests/systemd-networkd-ipv6-prefix-delegation.nix @@ -176,7 +176,7 @@ import ./make-test-python.nix ({pkgs, ...}: { IPv6AcceptRA = false; # Delegate prefixes from the DHCPv6 PD pool. - DHCPv6PrefixDelegation = true; + DHCPPrefixDelegation = true; IPv6SendRA = true; }; From 036489ffaa477774a0cfad0377598aaf3120aa58 Mon Sep 17 00:00:00 2001 From: Vincent Haupert Date: Sun, 9 Oct 2022 00:14:53 +0200 Subject: [PATCH 02/27] nixos/networkd: adapt `dhcpV6Config` * Remove `ForceDHCPv6PDOtherInformation=` * Add a missing `WithoutRA=` option Systemd 250: > The ForceDHCPv6PDOtherInformation= setting in the [DHCPv6] section > has been removed. Please use the WithoutRA= and UseDelegatedPrefix= > settings in the [DHCPv6] section and the DHCPv6Client= setting in the > [IPv6AcceptRA] section to control when the DHCPv6 client is started > and how the delegated prefixes are handled by the DHCPv6 client. --- nixos/modules/system/boot/networkd.nix | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/nixos/modules/system/boot/networkd.nix b/nixos/modules/system/boot/networkd.nix index 7b6739e62d6a..ad6c95257ad1 100644 --- a/nixos/modules/system/boot/networkd.nix +++ b/nixos/modules/system/boot/networkd.nix @@ -745,7 +745,6 @@ let "MUDURL" "RequestOptions" "SendVendorOption" - "ForceDHCPv6PDOtherInformation" "PrefixDelegationHint" "WithoutRA" "SendOption" @@ -760,8 +759,7 @@ let (assertValueOneOf "UseNTP" boolValues) (assertInt "RouteMetric") (assertValueOneOf "RapidCommit" boolValues) - (assertValueOneOf "ForceDHCPv6PDOtherInformation" boolValues) - (assertValueOneOf "WithoutRA" ["solicit" "information-request"]) + (assertValueOneOf "WithoutRA" ["no" "solicit" "information-request"]) (assertRange "SendOption" 1 65536) (assertInt "IAID") ]; From 4367b782bc0371702ec398256d68a9e43b95decc Mon Sep 17 00:00:00 2001 From: Vincent Haupert Date: Sun, 9 Oct 2022 00:46:33 +0200 Subject: [PATCH 03/27] nixos/networkd: deprecate `IPv6Token=` > The IPv6Token= section in the [Network] section is deprecated, and >> the [IPv6AcceptRA] section gained the Token= setting for its >> replacement. The [IPv6Prefix] section also gained the Token= setting. >> The Token= setting gained 'eui64' mode to explicitly configure an >> address with the EUI64 algorithm based on the interface MAC address. >> The 'prefixstable' mode can now optionally take a secret key. The >> Token= setting in the [DHCPPrefixDelegation] section now supports all >> algorithms supported by the same settings in the other sections. --- nixos/modules/system/boot/networkd.nix | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/nixos/modules/system/boot/networkd.nix b/nixos/modules/system/boot/networkd.nix index ad6c95257ad1..2ec238d9275f 100644 --- a/nixos/modules/system/boot/networkd.nix +++ b/nixos/modules/system/boot/networkd.nix @@ -501,7 +501,6 @@ let "LinkLocalAddressing" "IPv4LLRoute" "DefaultRouteOnDevice" - "IPv6Token" "LLMNR" "MulticastDNS" "DNSOverTLS" @@ -795,6 +794,10 @@ let "RouteAllowList" "DHCPv6Client" "RouteMetric" + "UseMTU" + "UseGateway" + "UseRoutePrefix" + "Token" ]) (assertValueOneOf "UseDNS" boolValues) (assertValueOneOf "UseDomains" (boolValues ++ ["route"])) @@ -877,6 +880,7 @@ let "Prefix" "PreferredLifetimeSec" "ValidLifetimeSec" + "Token" ]) (assertValueOneOf "AddressAutoconfiguration" boolValues) (assertValueOneOf "OnLink" boolValues) From 4f442dde0ec8412d7eeb024dcb568620787901b3 Mon Sep 17 00:00:00 2001 From: Vincent Haupert Date: Sun, 9 Oct 2022 00:27:52 +0200 Subject: [PATCH 04/27] nixos/networkd: add new options Systemd 250: > DHCPv4 client support in systemd-networkd learnt a new Label= option > for configuring the address label to apply to configure IPv4 > addresses. > The [IPv6AcceptRA] section of .network files gained support for a new > UseMTU= setting that may be used to control whether to apply the > announced MTU settings to the local interface. > The [DHCPv4] section in .network file gained a new Use6RD= boolean > setting to control whether the DHCPv4 client request and process the > DHCP 6RD option. > The [DHCPv6] section in .network file gained a new setting > UseDelegatedPrefix= to control whether the delegated prefixes will be > propagated to the downstream interfaces. > The [IPv6AcceptRA] section of .network files now understands two new > settings UseGateway=/UseRoutePrefix= for explicitly configuring > whether to use the relevant fields from the IPv6 Router Advertisement > records. > The [RoutingPolicyRule] section of .network file gained a new > SuppressInterfaceGroup= setting. > The IgnoreCarrierLoss= setting in the [Network] section of .network > files now allows a duration to be specified, controlling how long to > wait before reacting to carrier loss. Systemd 246: > systemd-networkd's [DHCPv4] section gained a new setting UseGateway= > which may be used to turn off use of the gateway information provided > by the DHCP lease. A new FallbackLeaseLifetimeSec= setting may be > used to configure how to process leases that lack a lifetime option. --- nixos/modules/system/boot/networkd.nix | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/nixos/modules/system/boot/networkd.nix b/nixos/modules/system/boot/networkd.nix index 2ec238d9275f..a9b81dd116bb 100644 --- a/nixos/modules/system/boot/networkd.nix +++ b/nixos/modules/system/boot/networkd.nix @@ -573,7 +573,6 @@ let (assertValueOneOf "ActiveSlave" boolValues) (assertValueOneOf "PrimarySlave" boolValues) (assertValueOneOf "ConfigureWithoutCarrier" boolValues) - (assertValueOneOf "IgnoreCarrierLoss" boolValues) (assertValueOneOf "KeepConfiguration" (boolValues ++ ["static" "dhcp-on-stop" "dhcp"])) ]; @@ -618,6 +617,7 @@ let "User" "SuppressPrefixLength" "Type" + "SuppressInterfaceGroup" ]) (assertInt "TypeOfService") (assertRange "TypeOfService" 0 255) @@ -631,6 +631,7 @@ let (assertInt "SuppressPrefixLength") (assertRange "SuppressPrefixLength" 0 128) (assertValueOneOf "Type" ["blackhole" "unreachable" "prohibit"]) + (assertRange "SuppressInterfaceGroup" 0 2147483647) ]; sectionRoute = checkUnitConfig "Route" [ @@ -710,6 +711,9 @@ let "BlackList" "RequestOptions" "SendOption" + "FallbackLeaseLifetimeSec" + "Label" + "Use6RD" ]) (assertValueOneOf "UseDNS" boolValues) (assertValueOneOf "RoutesToDNS" boolValues) @@ -732,6 +736,8 @@ let (assertPort "ListenPort") (assertValueOneOf "SendRelease" boolValues) (assertValueOneOf "SendDecline" boolValues) + (assertValueOneOf "FallbackLeaseLifetimeSec" ["forever" "infinity"]) + (assertValueOneOf "Use6RD" boolValues) ]; sectionDHCPv6 = checkUnitConfig "DHCPv6" [ @@ -752,6 +758,7 @@ let "DUIDType" "DUIDRawData" "IAID" + "UseDelegatedPrefix" ]) (assertValueOneOf "UseAddress" boolValues) (assertValueOneOf "UseDNS" boolValues) @@ -761,6 +768,7 @@ let (assertValueOneOf "WithoutRA" ["no" "solicit" "information-request"]) (assertRange "SendOption" 1 65536) (assertInt "IAID") + (assertValueOneOf "UseDelegatedPrefix" boolValues) ]; sectionDHCPPrefixDelegation = checkUnitConfig "DHCPPrefixDelegation" [ @@ -805,6 +813,9 @@ let (assertValueOneOf "UseAutonomousPrefix" boolValues) (assertValueOneOf "UseOnLinkPrefix" boolValues) (assertValueOneOf "DHCPv6Client" (boolValues ++ ["always"])) + (assertValueOneOf "UseMTU" boolValues) + (assertValueOneOf "UseGateway" boolValues) + (assertValueOneOf "UseRoutePrefix" boolValues) ]; sectionDHCPServer = checkUnitConfig "DHCPServer" [ From bfed63047d0ec304c61a3f44197494aad23cb6c2 Mon Sep 17 00:00:00 2001 From: Vincent Haupert Date: Tue, 11 Oct 2022 19:00:49 +0200 Subject: [PATCH 05/27] release-notes: mention breaking changes w/r/t `systemd-networkd` 250 --- .../from_md/release-notes/rl-2211.section.xml | 41 +++++++++++++++++++ .../manual/release-notes/rl-2211.section.md | 6 +++ 2 files changed, 47 insertions(+) diff --git a/nixos/doc/manual/from_md/release-notes/rl-2211.section.xml b/nixos/doc/manual/from_md/release-notes/rl-2211.section.xml index 78bd6c6a22d8..aa79083d1065 100644 --- a/nixos/doc/manual/from_md/release-notes/rl-2211.section.xml +++ b/nixos/doc/manual/from_md/release-notes/rl-2211.section.xml @@ -578,6 +578,47 @@ instead. + + + systemd-networkd v250 deprecated, renamed, + and moved some sections and settings which leads to the + following breaking module changes: + + + + + systemd.network.networks.<name>.dhcpV6PrefixDelegationConfig + is renamed to + systemd.network.networks.<name>.dhcpPrefixDelegationConfig. + + + + + systemd.network.networks.<name>.dhcpV6Config + no longer accepts the + ForceDHCPv6PDOtherInformation= setting. + Please use the WithoutRA= and + UseDelegatedPrefix= settings in your + systemd.network.networks.<name>.dhcpV6Config + and the DHCPv6Client= setting in your + systemd.network.networks.<name>.ipv6AcceptRAConfig + to control when the DHCPv6 client is started and how the + delegated prefixes are handled by the DHCPv6 client. + + + + + systemd.network.networks.<name>.networkConfig + no longer accepts the IPv6Token= + setting. Use the Token= setting in your + systemd.network.networks.<name>.ipv6AcceptRAConfig + instead. The + systemd.network.networks.<name>.ipv6Prefixes.*.ipv6PrefixConfig + now also accepts the Token= setting. + + + + The meta.mainProgram attribute of packages diff --git a/nixos/doc/manual/release-notes/rl-2211.section.md b/nixos/doc/manual/release-notes/rl-2211.section.md index 37b0db8a8ce1..3c2560df713f 100644 --- a/nixos/doc/manual/release-notes/rl-2211.section.md +++ b/nixos/doc/manual/release-notes/rl-2211.section.md @@ -194,6 +194,12 @@ Available as [services.patroni](options.html#opt-services.patroni.enable). - The `aws` package has been removed due to being abandoned by the upstream. It is recommended to use `awscli` or `awscli2` instead. +- `systemd-networkd` v250 deprecated, renamed, and moved some sections and settings which leads to the following breaking module changes: + + * `systemd.network.networks..dhcpV6PrefixDelegationConfig` is renamed to `systemd.network.networks..dhcpPrefixDelegationConfig`. + * `systemd.network.networks..dhcpV6Config` no longer accepts the `ForceDHCPv6PDOtherInformation=` setting. Please use the `WithoutRA=` and `UseDelegatedPrefix=` settings in your `systemd.network.networks..dhcpV6Config` and the `DHCPv6Client=` setting in your `systemd.network.networks..ipv6AcceptRAConfig` to control when the DHCPv6 client is started and how the delegated prefixes are handled by the DHCPv6 client. + * `systemd.network.networks..networkConfig` no longer accepts the `IPv6Token=` setting. Use the `Token=` setting in your `systemd.network.networks..ipv6AcceptRAConfig` instead. The `systemd.network.networks..ipv6Prefixes.*.ipv6PrefixConfig` now also accepts the `Token=` setting. + - The `meta.mainProgram` attribute of packages in `wineWowPackages` now defaults to `"wine64"`. - The `paperless` module now defaults `PAPERLESS_TIME_ZONE` to your configured system timezone. From 45f2a5eea089ffdf8cc96fd10a81de81387f3317 Mon Sep 17 00:00:00 2001 From: figsoda Date: Tue, 11 Oct 2022 19:56:31 -0400 Subject: [PATCH 06/27] toml2nix: switch to rustPlatform.buildRustPackage --- pkgs/development/tools/toml2nix/Cargo.lock | 25 +++++++++++++++++++++ pkgs/development/tools/toml2nix/default.nix | 24 ++++++++++++++++++++ pkgs/tools/toml2nix/default.nix | 18 --------------- pkgs/top-level/all-packages.nix | 2 +- 4 files changed, 50 insertions(+), 19 deletions(-) create mode 100644 pkgs/development/tools/toml2nix/Cargo.lock create mode 100644 pkgs/development/tools/toml2nix/default.nix delete mode 100644 pkgs/tools/toml2nix/default.nix diff --git a/pkgs/development/tools/toml2nix/Cargo.lock b/pkgs/development/tools/toml2nix/Cargo.lock new file mode 100644 index 000000000000..f6b37fbc189d --- /dev/null +++ b/pkgs/development/tools/toml2nix/Cargo.lock @@ -0,0 +1,25 @@ +# This file is automatically @generated by Cargo. +# It is not intended for manual editing. +version = 3 + +[[package]] +name = "serde" +version = "1.0.145" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "728eb6351430bccb993660dfffc5a72f91ccc1295abaa8ce19b27ebe4f75568b" + +[[package]] +name = "toml" +version = "0.4.10" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "758664fc71a3a69038656bee8b6be6477d2a6c315a6b81f7081f591bffa4111f" +dependencies = [ + "serde", +] + +[[package]] +name = "toml2nix" +version = "0.1.1" +dependencies = [ + "toml", +] diff --git a/pkgs/development/tools/toml2nix/default.nix b/pkgs/development/tools/toml2nix/default.nix new file mode 100644 index 000000000000..6987619dbcb5 --- /dev/null +++ b/pkgs/development/tools/toml2nix/default.nix @@ -0,0 +1,24 @@ +{ lib, rustPlatform, fetchCrate }: + +rustPlatform.buildRustPackage rec { + pname = "toml2nix"; + version = "0.1.1"; + + src = fetchCrate { + inherit pname version; + sha256 = "sha256-YhluLS4tFMibFrDzgIvNtfjM5dAqJQvygeZocKn3+Jg="; + }; + + cargoLock.lockFile = ./Cargo.lock; + + postPatch = '' + ln -s ${./Cargo.lock} Cargo.lock + ''; + + meta = with lib; { + description = "A tool to convert TOML files to Nix expressions"; + homepage = "https://crates.io/crates/toml2nix"; + license = with licenses; [ mit /* or */ asl20 ]; + maintainers = with maintainers; [ figsoda ]; + }; +} diff --git a/pkgs/tools/toml2nix/default.nix b/pkgs/tools/toml2nix/default.nix deleted file mode 100644 index ac4de4eee144..000000000000 --- a/pkgs/tools/toml2nix/default.nix +++ /dev/null @@ -1,18 +0,0 @@ -# Generated by carnix 0.9.7: carnix generate-nix -{ lib, buildPlatform, buildRustCrate, buildRustCrateHelpers, cratesIO, fetchgit }: -with buildRustCrateHelpers; -let inherit (lib.lists) fold; - inherit (lib.attrsets) recursiveUpdate; -in -let crates = cratesIO; in -rec { - toml2nix = crates.crates.toml2nix."0.1.1" deps; - __all = [ (toml2nix {}) ]; - deps.serde."1.0.84" = {}; - deps.toml."0.4.10" = { - serde = "1.0.84"; - }; - deps.toml2nix."0.1.1" = { - toml = "0.4.10"; - }; -} diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 987f3341dc00..4a83bf434b3d 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -11890,7 +11890,7 @@ with pkgs; toml2json = callPackage ../development/tools/toml2json { }; - toml2nix = (callPackage ../tools/toml2nix { }).toml2nix { }; + toml2nix = callPackage ../development/tools/toml2nix { }; topgrade = callPackage ../tools/misc/topgrade { inherit (darwin.apple_sdk.frameworks) Cocoa Foundation; From 6302d8f8068a04c2886faa6bed95e3ffb98d45ff Mon Sep 17 00:00:00 2001 From: Maximilian Bosch Date: Wed, 12 Oct 2022 21:20:45 +0200 Subject: [PATCH 07/27] element-{web,desktop}: 1.11.8 -> 1.11.10 ChangeLog: https://github.com/vector-im/element-web/releases/tag/v1.11.10 & https://github.com/vector-im/element-web/releases/tag/v1.11.9 Nothing significant in element-desktop except for the element-web update. --- .../networking/instant-messengers/element/pin.json | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/pkgs/applications/networking/instant-messengers/element/pin.json b/pkgs/applications/networking/instant-messengers/element/pin.json index ce17529cd398..f5f38124ceb6 100644 --- a/pkgs/applications/networking/instant-messengers/element/pin.json +++ b/pkgs/applications/networking/instant-messengers/element/pin.json @@ -1,7 +1,7 @@ { - "version": "1.11.8", - "desktopSrcHash": "l6IwztPEPSo3WgdUBPO4ZNgfoLts8NaqvoHekAhfVGg=", - "desktopYarnHash": "105xj2xwc9g8cfiby0x93gy8w8w5c76mzzxck5mgvawcc6qpvmrc", - "webSrcHash": "Etxlq2TEaZM9Qz4ig5H00DsshJoFH6+wtt+RL1dR2n4=", - "webYarnHash": "1q05r2shv1c3kghwksjzrh9rl25ins6r2y46ng7smdml4f9vdcc0" + "version": "1.11.10", + "desktopSrcHash": "cywTZ5OgKaFkHh3i3KLfb8HH8ZlIAOY3Xn2WHyY0fNM=", + "desktopYarnHash": "1xwnw9hbbrr72xs2d43qwhbmhfk3w4z80cipyrmdj5y248y8sz84", + "webSrcHash": "r7WZUWgPDEBS9xpc1YmmPVGch7B2ouJOFAoKdcC/55Q=", + "webYarnHash": "0s8wxf13jc9x4zykhm4abgq3a38mjya7z43kjsags1fxhilf09bc" } From a580f2ed2151c74a6b46921a2db61d569338fab9 Mon Sep 17 00:00:00 2001 From: figsoda Date: Wed, 12 Oct 2022 13:27:54 -0400 Subject: [PATCH 08/27] ruff: 0.0.69 -> 0.0.72 --- pkgs/development/tools/ruff/default.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/development/tools/ruff/default.nix b/pkgs/development/tools/ruff/default.nix index a8c76f3e5e2e..55198659371c 100644 --- a/pkgs/development/tools/ruff/default.nix +++ b/pkgs/development/tools/ruff/default.nix @@ -8,16 +8,16 @@ rustPlatform.buildRustPackage rec { pname = "ruff"; - version = "0.0.69"; + version = "0.0.72"; src = fetchFromGitHub { owner = "charliermarsh"; repo = pname; rev = "v${version}"; - sha256 = "sha256-5TAuWBb4RJGO7prliR+c1wAOmTRaJ/erwK9ISQTiaNA="; + sha256 = "sha256-K2wrPDb0GcwhGzLFNGXMH7CKTleOHwe3FtA82BZk+Bo="; }; - cargoSha256 = "sha256-bv51Hj/JMfFr9SLGQxAoWDCeLr4cI6jpYxnnncAQ6kU="; + cargoSha256 = "sha256-acB8kcdItJyE2Mr+fU0yojpDJh02V21DZfqQ5q+Wn20="; buildInputs = lib.optionals stdenv.isDarwin [ CoreServices From 915e21c171827c5376ea8e35d89637719a7d31ac Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Thu, 13 Oct 2022 07:03:27 +0000 Subject: [PATCH 09/27] credhub-cli: 2.9.4 -> 2.9.5 --- pkgs/tools/admin/credhub-cli/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/tools/admin/credhub-cli/default.nix b/pkgs/tools/admin/credhub-cli/default.nix index 30c16e4676d8..ed87e44daf5e 100644 --- a/pkgs/tools/admin/credhub-cli/default.nix +++ b/pkgs/tools/admin/credhub-cli/default.nix @@ -2,13 +2,13 @@ buildGoModule rec { pname = "credhub-cli"; - version = "2.9.4"; + version = "2.9.5"; src = fetchFromGitHub { owner = "cloudfoundry-incubator"; repo = "credhub-cli"; rev = version; - sha256 = "sha256-vRzap9JiV6HzQJKVAByLPMCqADMufoool8Nuw2xu2L4="; + sha256 = "sha256-M2FIzLl1pQ/TJinG4UOh2VQWfZx4iT3Qw6pJhjv88cM="; }; # these tests require network access that we're not going to give them From fa90ccd7de3c44f4f44dc66245b785a453411b43 Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Thu, 13 Oct 2022 09:31:52 +0000 Subject: [PATCH 10/27] freerdpUnstable: 2.8.0 -> 2.8.1 --- pkgs/applications/networking/remote/freerdp/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/applications/networking/remote/freerdp/default.nix b/pkgs/applications/networking/remote/freerdp/default.nix index c769b7de6c86..89e952945c87 100644 --- a/pkgs/applications/networking/remote/freerdp/default.nix +++ b/pkgs/applications/networking/remote/freerdp/default.nix @@ -52,13 +52,13 @@ let in stdenv.mkDerivation rec { pname = "freerdp"; - version = "2.8.0"; + version = "2.8.1"; src = fetchFromGitHub { owner = "FreeRDP"; repo = "FreeRDP"; rev = version; - sha256 = "sha256-bVq/99jMkxTjckMjWoK4pBa0jD/AYezgKUPJziNSqI0="; + sha256 = "sha256-0heCwXFms6Ni/F1TaS5QEK+ePlR9DXUrzVj3vA5DvCk="; }; postPatch = '' From 5b055190e37d220b787b304e400391299bba022c Mon Sep 17 00:00:00 2001 From: Robert Hensing Date: Thu, 13 Oct 2022 13:36:47 +0200 Subject: [PATCH 11/27] doc/stdenv: Clarify status of the hooks --- doc/stdenv/stdenv.chapter.md | 68 +++++++++++++++++++----------------- 1 file changed, 35 insertions(+), 33 deletions(-) diff --git a/doc/stdenv/stdenv.chapter.md b/doc/stdenv/stdenv.chapter.md index e87ab4727077..a304c0e14657 100644 --- a/doc/stdenv/stdenv.chapter.md +++ b/doc/stdenv/stdenv.chapter.md @@ -1010,19 +1010,19 @@ The *existence* of setups hooks has long been documented and packages inside Nix First, let’s cover some setup hooks that are part of Nixpkgs default `stdenv`. This means that they are run for every package built using `stdenv.mkDerivation` or when using a custom builder that has `source $stdenv/setup`. Some of these are platform specific, so they may run on Linux but not Darwin or vice-versa. -### `move-docs.sh` {#move-docs.sh} +### Default hook `move-docs.sh` {#move-docs.sh} This setup hook moves any installed documentation to the `/share` subdirectory directory. This includes the man, doc and info directories. This is needed for legacy programs that do not know how to use the `share` subdirectory. -### `compress-man-pages.sh` {#compress-man-pages.sh} +### Default hook `compress-man-pages.sh` {#compress-man-pages.sh} This setup hook compresses any man pages that have been installed. The compression is done using the gzip program. This helps to reduce the installed size of packages. -### `strip.sh` {#strip.sh} +### Default hook `strip.sh` {#strip.sh} This runs the strip command on installed binaries and libraries. This removes unnecessary information like debug symbols when they are not needed. This also helps to reduce the installed size of packages. -### `patch-shebangs.sh` {#patch-shebangs.sh} +### Default hook `patch-shebangs.sh` {#patch-shebangs.sh} This setup hook patches installed scripts to add Nix store paths to their shebang interpreter as found in the build environment. The [shebang](https://en.wikipedia.org/wiki/Shebang_(Unix)) line tells a Unix-like operating system which interpreter to use to execute the script's contents. @@ -1089,27 +1089,29 @@ If you need to run `patchShebangs` at build time, it must be called explicitly w [patchShebangs]: https://github.com/NixOS/nixpkgs/blob/19d4f7dc485f74109bd66ef74231285ff797a823/pkgs/build-support/setup-hooks/patch-shebangs.sh#L24-L105 [patchShebangsAuto]: https://github.com/NixOS/nixpkgs/blob/19d4f7dc485f74109bd66ef74231285ff797a823/pkgs/build-support/setup-hooks/patch-shebangs.sh#L107-L119 -### `audit-tmpdir.sh` {#audit-tmpdir.sh} +### Default hook `audit-tmpdir.sh` {#audit-tmpdir.sh} This verifies that no references are left from the install binaries to the directory used to build those binaries. This ensures that the binaries do not need things outside the Nix store. This is currently supported in Linux only. -### `multiple-outputs.sh` {#multiple-outputs.sh} +### Default hook `multiple-outputs.sh` {#multiple-outputs.sh} This setup hook adds configure flags that tell packages to install files into any one of the proper outputs listed in `outputs`. This behavior can be turned off by setting `setOutputFlags` to false in the derivation environment. See [](#chap-multiple-output) for more information. -### `move-sbin.sh` {#move-sbin.sh} +### Default hook `move-sbin.sh` {#move-sbin.sh} This setup hook moves any binaries installed in the `sbin/` subdirectory into `bin/`. In addition, a link is provided from `sbin/` to `bin/` for compatibility. -### `move-lib64.sh` {#move-lib64.sh} +### Default hook `move-lib64.sh` {#move-lib64.sh} This setup hook moves any libraries installed in the `lib64/` subdirectory into `lib/`. In addition, a link is provided from `lib64/` to `lib/` for compatibility. -### `move-systemd-user-units.sh` {#move-systemd-user-units.sh} +### Default hook `move-systemd-user-units.sh` {#move-systemd-user-units.sh} This setup hook moves any systemd user units installed in the `lib/` subdirectory into `share/`. In addition, a link is provided from `share/` to `lib/` for compatibility. This is needed for systemd to find user services when installed into the user profile. -### `set-source-date-epoch-to-latest.sh` {#set-source-date-epoch-to-latest.sh} +This hook only runs when compiling for Linux. + +### Default hook `set-source-date-epoch-to-latest.sh` {#set-source-date-epoch-to-latest.sh} This sets `SOURCE_DATE_EPOCH` to the modification time of the most recent file. @@ -1133,51 +1135,51 @@ Similarly, the CC Wrapper follows the Bintools Wrapper in defining standard envi Here are some more packages that provide a setup hook. Since the list of hooks is extensible, this is not an exhaustive list. The mechanism is only to be used as a last resort, so it might cover most uses. -### Perl {#setup-hook-perl} +### Optional hook Perl {#setup-hook-perl} Adds the `lib/site_perl` subdirectory of each build input to the `PERL5LIB` environment variable. For instance, if `buildInputs` contains Perl, then the `lib/site_perl` subdirectory of each input is added to the `PERL5LIB` environment variable. -### Python {#setup-hook-python} +### Optional hook Python {#setup-hook-python} Adds the `lib/${python.libPrefix}/site-packages` subdirectory of each build input to the `PYTHONPATH` environment variable. -### pkg-config {#setup-hook-pkg-config} +### Optional hook pkg-config {#setup-hook-pkg-config} Adds the `lib/pkgconfig` and `share/pkgconfig` subdirectories of each build input to the `PKG_CONFIG_PATH` environment variable. -### Automake {#setup-hook-automake} +### Optional hook Automake {#setup-hook-automake} Adds the `share/aclocal` subdirectory of each build input to the `ACLOCAL_PATH` environment variable. -### Autoconf {#setup-hook-autoconf} +### Optional hook Autoconf {#setup-hook-autoconf} The `autoreconfHook` derivation adds `autoreconfPhase`, which runs autoreconf, libtoolize and automake, essentially preparing the configure script in autotools-based builds. Most autotools-based packages come with the configure script pre-generated, but this hook is necessary for a few packages and when you need to patch the package’s configure scripts. -### libxml2 {#setup-hook-libxml2} +### Optional hook libxml2 {#setup-hook-libxml2} Adds every file named `catalog.xml` found under the `xml/dtd` and `xml/xsl` subdirectories of each build input to the `XML_CATALOG_FILES` environment variable. -### teTeX / TeX Live {#tetex-tex-live} +### Optional hook teTeX / TeX Live {#tetex-tex-live} Adds the `share/texmf-nix` subdirectory of each build input to the `TEXINPUTS` environment variable. -### Qt 4 {#qt-4} +### Optional hook Qt 4 {#qt-4} Sets the `QTDIR` environment variable to Qt’s path. -### gdk-pixbuf {#setup-hook-gdk-pixbuf} +### Optional hook gdk-pixbuf {#setup-hook-gdk-pixbuf} Exports `GDK_PIXBUF_MODULE_FILE` environment variable to the builder. Add librsvg package to `buildInputs` to get svg support. See also the [setup hook description in GNOME platform docs](#ssec-gnome-hooks-gdk-pixbuf). -### GHC {#ghc} +### Optional hook GHC {#ghc} Creates a temporary package database and registers every Haskell build input in it (TODO: how?). -### GNOME platform {#gnome-platform} +### Optional hook GNOME platform {#gnome-platform} Hooks related to GNOME platform and related libraries like GLib, GTK and GStreamer are described in [](#sec-language-gnome). -### autoPatchelfHook {#setup-hook-autopatchelfhook} +### Optional hook autoPatchelfHook {#setup-hook-autopatchelfhook} This is a special setup hook which helps in packaging proprietary software in that it automatically tries to find missing shared library dependencies of ELF files based on the given `buildInputs` and `nativeBuildInputs`. @@ -1189,7 +1191,7 @@ By default `autoPatchelf` will fail as soon as any ELF file requires a dependenc The `autoPatchelf` command also recognizes a `--no-recurse` command line flag, which prevents it from recursing into subdirectories. -### breakpointHook {#breakpointhook} +### Optional hook breakpointHook {#breakpointhook} This hook will make a build pause instead of stopping when a failure happens. It prevents nix from cleaning up the build environment immediately and allows the user to attach to a build environment using the `cntr` command. Upon build error it will print instructions on how to use `cntr`, which can be used to enter the environment for debugging. Installing cntr and running the command will provide shell access to the build sandbox of failed build. At `/var/lib/cntr` the sandboxed filesystem is mounted. All commands and files of the system are still accessible within the shell. To execute commands from the sandbox use the cntr exec subcommand. `cntr` is only supported on Linux-based platforms. To use it first add `cntr` to your `environment.systemPackages` on NixOS or alternatively to the root user on non-NixOS systems. Then in the package that is supposed to be inspected, add `breakpointHook` to `nativeBuildInputs`. @@ -1207,7 +1209,7 @@ Caution with remote builds This won’t work with remote builds as the build environment is on a different machine and can’t be accessed by `cntr`. Remote builds can be turned off by setting `--option builders ''` for `nix-build` or `--builders ''` for `nix build`. ::: -### installShellFiles {#installshellfiles} +### Optional hook `installShellFiles` {#installshellfiles} This hook helps with installing manpages and shell completion files. It exposes 2 shell functions `installManPage` and `installShellCompletion` that can be used from your `postInstall` hook. @@ -1233,23 +1235,23 @@ postInstall = '' ''; ``` -### libiconv, libintl {#libiconv-libintl} +### Optional hook libiconv, libintl {#libiconv-libintl} A few libraries automatically add to `NIX_LDFLAGS` their library, making their symbols automatically available to the linker. This includes libiconv and libintl (gettext). This is done to provide compatibility between GNU Linux, where libiconv and libintl are bundled in, and other systems where that might not be the case. Sometimes, this behavior is not desired. To disable this behavior, set `dontAddExtraLibs`. -### validatePkgConfig {#validatepkgconfig} +### Optional hook validatePkgConfig {#validatepkgconfig} The `validatePkgConfig` hook validates all pkg-config (`.pc`) files in a package. This helps catching some common errors in pkg-config files, such as undefined variables. -### cmake {#cmake} +### Optional hook cmake {#cmake} Overrides the default configure phase to run the CMake command. By default, we use the Make generator of CMake. In addition, dependencies are added automatically to `CMAKE_PREFIX_PATH` so that packages are correctly detected by CMake. Some additional flags are passed in to give similar behavior to configure-based packages. You can disable this hook’s behavior by setting `configurePhase` to a custom value, or by setting `dontUseCmakeConfigure`. `cmakeFlags` controls flags passed only to CMake. By default, parallel building is enabled as CMake supports parallel building almost everywhere. When Ninja is also in use, CMake will detect that and use the ninja generator. -### xcbuildHook {#xcbuildhook} +### Optional hook xcbuildHook {#xcbuildhook} Overrides the build and install phases to run the "xcbuild" command. This hook is needed when a project only comes with build files for the XCode build system. You can disable this behavior by setting buildPhase and configurePhase to a custom value. xcbuildFlags controls flags passed only to xcbuild. -### Meson {#meson} +### Optional hook Meson {#meson} Overrides the configure phase to run meson to generate Ninja files. To run these files, you should accompany Meson with ninja. By default, `enableParallelBuilding` is enabled as Meson supports parallel building almost everywhere. @@ -1275,19 +1277,19 @@ What value to set [`-Dwrap_mode=`](https://mesonbuild.com/Builtin-options.html#c Disables using Meson’s `configurePhase`. -### ninja {#ninja} +### Optional hook ninja {#ninja} Overrides the build, install, and check phase to run ninja instead of make. You can disable this behavior with the `dontUseNinjaBuild`, `dontUseNinjaInstall`, and `dontUseNinjaCheck`, respectively. Parallel building is enabled by default in Ninja. -### unzip {#unzip} +### Optional hook unzip {#unzip} This setup hook will allow you to unzip .zip files specified in `$src`. There are many similar packages like `unrar`, `undmg`, etc. -### wafHook {#wafhook} +### Optional hook wafHook {#wafhook} Overrides the configure, build, and install phases. This will run the “waf” script used by many projects. If `wafPath` (default `./waf`) doesn’t exist, it will copy the version of waf available in Nixpkgs. `wafFlags` can be used to pass flags to the waf script. -### scons {#scons} +### Optional hook scons {#scons} Overrides the build, install, and check phases. This uses the scons build system as a replacement for make. scons does not provide a configure phase, so everything is managed at build and install time. From 2db8de920eebf9ef488c4725d579a2c3862d9a04 Mon Sep 17 00:00:00 2001 From: Robert Hensing Date: Thu, 13 Oct 2022 15:36:04 +0200 Subject: [PATCH 12/27] doc: Move non-stdenv hooks out of stdenv chapter --- doc/hooks/autoconf.section.md | 4 + doc/hooks/automake.section.md | 4 + doc/hooks/autopatchelf.section.md | 12 ++ doc/hooks/breakpoint.section.md | 18 +++ doc/hooks/cmake.section.md | 4 + doc/hooks/gdk-pixbuf.section.md | 4 + doc/hooks/ghc.section.md | 4 + doc/hooks/gnome.section.md | 4 + doc/hooks/index.xml | 26 ++++ doc/hooks/installShellFiles.section.md | 26 ++++ doc/hooks/libiconv.section.md | 4 + doc/hooks/libxml2.section.md | 4 + doc/hooks/meson.section.md | 26 ++++ doc/hooks/ninja.section.md | 4 + doc/hooks/perl.section.md | 4 + doc/hooks/pkg-config.section.md | 4 + doc/hooks/python.section.md | 4 + doc/hooks/qt-4.section.md | 4 + doc/hooks/scons.section.md | 4 + doc/hooks/tetex-tex-live.section.md | 4 + doc/hooks/unzip.section.md | 4 + doc/hooks/validatePkgConfig.section.md | 4 + doc/hooks/waf.section.md | 4 + doc/hooks/xcbuild.section.md | 4 + doc/stdenv/stdenv.chapter.md | 183 ++----------------------- 25 files changed, 199 insertions(+), 168 deletions(-) create mode 100644 doc/hooks/autoconf.section.md create mode 100644 doc/hooks/automake.section.md create mode 100644 doc/hooks/autopatchelf.section.md create mode 100644 doc/hooks/breakpoint.section.md create mode 100644 doc/hooks/cmake.section.md create mode 100644 doc/hooks/gdk-pixbuf.section.md create mode 100644 doc/hooks/ghc.section.md create mode 100644 doc/hooks/gnome.section.md create mode 100644 doc/hooks/installShellFiles.section.md create mode 100644 doc/hooks/libiconv.section.md create mode 100644 doc/hooks/libxml2.section.md create mode 100644 doc/hooks/meson.section.md create mode 100644 doc/hooks/ninja.section.md create mode 100644 doc/hooks/perl.section.md create mode 100644 doc/hooks/pkg-config.section.md create mode 100644 doc/hooks/python.section.md create mode 100644 doc/hooks/qt-4.section.md create mode 100644 doc/hooks/scons.section.md create mode 100644 doc/hooks/tetex-tex-live.section.md create mode 100644 doc/hooks/unzip.section.md create mode 100644 doc/hooks/validatePkgConfig.section.md create mode 100644 doc/hooks/waf.section.md create mode 100644 doc/hooks/xcbuild.section.md diff --git a/doc/hooks/autoconf.section.md b/doc/hooks/autoconf.section.md new file mode 100644 index 000000000000..13d75910f192 --- /dev/null +++ b/doc/hooks/autoconf.section.md @@ -0,0 +1,4 @@ + +### Autoconf {#setup-hook-autoconf} + +The `autoreconfHook` derivation adds `autoreconfPhase`, which runs autoreconf, libtoolize and automake, essentially preparing the configure script in autotools-based builds. Most autotools-based packages come with the configure script pre-generated, but this hook is necessary for a few packages and when you need to patch the package’s configure scripts. diff --git a/doc/hooks/automake.section.md b/doc/hooks/automake.section.md new file mode 100644 index 000000000000..562ac18fcd93 --- /dev/null +++ b/doc/hooks/automake.section.md @@ -0,0 +1,4 @@ + +### Automake {#setup-hook-automake} + +Adds the `share/aclocal` subdirectory of each build input to the `ACLOCAL_PATH` environment variable. diff --git a/doc/hooks/autopatchelf.section.md b/doc/hooks/autopatchelf.section.md new file mode 100644 index 000000000000..9c2852ccf279 --- /dev/null +++ b/doc/hooks/autopatchelf.section.md @@ -0,0 +1,12 @@ + +### autoPatchelfHook {#setup-hook-autopatchelfhook} + +This is a special setup hook which helps in packaging proprietary software in that it automatically tries to find missing shared library dependencies of ELF files based on the given `buildInputs` and `nativeBuildInputs`. + +You can also specify a `runtimeDependencies` variable which lists dependencies to be unconditionally added to rpath of all executables. This is useful for programs that use dlopen 3 to load libraries at runtime. + +In certain situations you may want to run the main command (`autoPatchelf`) of the setup hook on a file or a set of directories instead of unconditionally patching all outputs. This can be done by setting the `dontAutoPatchelf` environment variable to a non-empty value. + +By default `autoPatchelf` will fail as soon as any ELF file requires a dependency which cannot be resolved via the given build inputs. In some situations you might prefer to just leave missing dependencies unpatched and continue to patch the rest. This can be achieved by setting the `autoPatchelfIgnoreMissingDeps` environment variable to a non-empty value. `autoPatchelfIgnoreMissingDeps` can be set to a list like `autoPatchelfIgnoreMissingDeps = [ "libcuda.so.1" "libcudart.so.1" ];` or to simply `[ "*" ]` to ignore all missing dependencies. + +The `autoPatchelf` command also recognizes a `--no-recurse` command line flag, which prevents it from recursing into subdirectories. diff --git a/doc/hooks/breakpoint.section.md b/doc/hooks/breakpoint.section.md new file mode 100644 index 000000000000..41e50653e91d --- /dev/null +++ b/doc/hooks/breakpoint.section.md @@ -0,0 +1,18 @@ + +### breakpointHook {#breakpointhook} + +This hook will make a build pause instead of stopping when a failure happens. It prevents nix from cleaning up the build environment immediately and allows the user to attach to a build environment using the `cntr` command. Upon build error it will print instructions on how to use `cntr`, which can be used to enter the environment for debugging. Installing cntr and running the command will provide shell access to the build sandbox of failed build. At `/var/lib/cntr` the sandboxed filesystem is mounted. All commands and files of the system are still accessible within the shell. To execute commands from the sandbox use the cntr exec subcommand. `cntr` is only supported on Linux-based platforms. To use it first add `cntr` to your `environment.systemPackages` on NixOS or alternatively to the root user on non-NixOS systems. Then in the package that is supposed to be inspected, add `breakpointHook` to `nativeBuildInputs`. + +```nix +nativeBuildInputs = [ breakpointHook ]; +``` + +When a build failure happens there will be an instruction printed that shows how to attach with `cntr` to the build sandbox. + +::: {.note} +::: {.title} +Caution with remote builds +::: + +This won’t work with remote builds as the build environment is on a different machine and can’t be accessed by `cntr`. Remote builds can be turned off by setting `--option builders ''` for `nix-build` or `--builders ''` for `nix build`. +::: diff --git a/doc/hooks/cmake.section.md b/doc/hooks/cmake.section.md new file mode 100644 index 000000000000..58fbfa45a2e0 --- /dev/null +++ b/doc/hooks/cmake.section.md @@ -0,0 +1,4 @@ + +### cmake {#cmake} + +Overrides the default configure phase to run the CMake command. By default, we use the Make generator of CMake. In addition, dependencies are added automatically to `CMAKE_PREFIX_PATH` so that packages are correctly detected by CMake. Some additional flags are passed in to give similar behavior to configure-based packages. You can disable this hook’s behavior by setting `configurePhase` to a custom value, or by setting `dontUseCmakeConfigure`. `cmakeFlags` controls flags passed only to CMake. By default, parallel building is enabled as CMake supports parallel building almost everywhere. When Ninja is also in use, CMake will detect that and use the ninja generator. diff --git a/doc/hooks/gdk-pixbuf.section.md b/doc/hooks/gdk-pixbuf.section.md new file mode 100644 index 000000000000..565216560abc --- /dev/null +++ b/doc/hooks/gdk-pixbuf.section.md @@ -0,0 +1,4 @@ + +### gdk-pixbuf {#setup-hook-gdk-pixbuf} + +Exports `GDK_PIXBUF_MODULE_FILE` environment variable to the builder. Add librsvg package to `buildInputs` to get svg support. See also the [setup hook description in GNOME platform docs](#ssec-gnome-hooks-gdk-pixbuf). diff --git a/doc/hooks/ghc.section.md b/doc/hooks/ghc.section.md new file mode 100644 index 000000000000..a4b0841ea486 --- /dev/null +++ b/doc/hooks/ghc.section.md @@ -0,0 +1,4 @@ + +### GHC {#ghc} + +Creates a temporary package database and registers every Haskell build input in it (TODO: how?). diff --git a/doc/hooks/gnome.section.md b/doc/hooks/gnome.section.md new file mode 100644 index 000000000000..8c209d9b472c --- /dev/null +++ b/doc/hooks/gnome.section.md @@ -0,0 +1,4 @@ + +### GNOME platform {#gnome-platform} + +Hooks related to GNOME platform and related libraries like GLib, GTK and GStreamer are described in [](#sec-language-gnome). diff --git a/doc/hooks/index.xml b/doc/hooks/index.xml index 6a046eae2885..ed703c03d8b0 100644 --- a/doc/hooks/index.xml +++ b/doc/hooks/index.xml @@ -6,5 +6,31 @@ Nixpkgs has several hook packages that augment the stdenv phases. + + The stdenv built-in hooks are documented in . + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/doc/hooks/installShellFiles.section.md b/doc/hooks/installShellFiles.section.md new file mode 100644 index 000000000000..d27527503fed --- /dev/null +++ b/doc/hooks/installShellFiles.section.md @@ -0,0 +1,26 @@ + +### `installShellFiles` {#installshellfiles} + +This hook helps with installing manpages and shell completion files. It exposes 2 shell functions `installManPage` and `installShellCompletion` that can be used from your `postInstall` hook. + +The `installManPage` function takes one or more paths to manpages to install. The manpages must have a section suffix, and may optionally be compressed (with `.gz` suffix). This function will place them into the correct directory. + +The `installShellCompletion` function takes one or more paths to shell completion files. By default it will autodetect the shell type from the completion file extension, but you may also specify it by passing one of `--bash`, `--fish`, or `--zsh`. These flags apply to all paths listed after them (up until another shell flag is given). Each path may also have a custom installation name provided by providing a flag `--name NAME` before the path. If this flag is not provided, zsh completions will be renamed automatically such that `foobar.zsh` becomes `_foobar`. A root name may be provided for all paths using the flag `--cmd NAME`; this synthesizes the appropriate name depending on the shell (e.g. `--cmd foo` will synthesize the name `foo.bash` for bash and `_foo` for zsh). The path may also be a fifo or named fd (such as produced by `<(cmd)`), in which case the shell and name must be provided. + +```nix +nativeBuildInputs = [ installShellFiles ]; +postInstall = '' + installManPage doc/foobar.1 doc/barfoo.3 + # explicit behavior + installShellCompletion --bash --name foobar.bash share/completions.bash + installShellCompletion --fish --name foobar.fish share/completions.fish + installShellCompletion --zsh --name _foobar share/completions.zsh + # implicit behavior + installShellCompletion share/completions/foobar.{bash,fish,zsh} + # using named fd + installShellCompletion --cmd foobar \ + --bash <($out/bin/foobar --bash-completion) \ + --fish <($out/bin/foobar --fish-completion) \ + --zsh <($out/bin/foobar --zsh-completion) +''; +``` diff --git a/doc/hooks/libiconv.section.md b/doc/hooks/libiconv.section.md new file mode 100644 index 000000000000..c228fe339e14 --- /dev/null +++ b/doc/hooks/libiconv.section.md @@ -0,0 +1,4 @@ + +### libiconv, libintl {#libiconv-libintl} + +A few libraries automatically add to `NIX_LDFLAGS` their library, making their symbols automatically available to the linker. This includes libiconv and libintl (gettext). This is done to provide compatibility between GNU Linux, where libiconv and libintl are bundled in, and other systems where that might not be the case. Sometimes, this behavior is not desired. To disable this behavior, set `dontAddExtraLibs`. diff --git a/doc/hooks/libxml2.section.md b/doc/hooks/libxml2.section.md new file mode 100644 index 000000000000..770ef9ff3ffe --- /dev/null +++ b/doc/hooks/libxml2.section.md @@ -0,0 +1,4 @@ + +### libxml2 {#setup-hook-libxml2} + +Adds every file named `catalog.xml` found under the `xml/dtd` and `xml/xsl` subdirectories of each build input to the `XML_CATALOG_FILES` environment variable. diff --git a/doc/hooks/meson.section.md b/doc/hooks/meson.section.md new file mode 100644 index 000000000000..32804b5e32f2 --- /dev/null +++ b/doc/hooks/meson.section.md @@ -0,0 +1,26 @@ + +### Meson {#meson} + +Overrides the configure phase to run meson to generate Ninja files. To run these files, you should accompany Meson with ninja. By default, `enableParallelBuilding` is enabled as Meson supports parallel building almost everywhere. + +#### Variables controlling Meson {#variables-controlling-meson} + +##### `mesonFlags` {#mesonflags} + +Controls the flags passed to meson. + +##### `mesonBuildType` {#mesonbuildtype} + +Which [`--buildtype`](https://mesonbuild.com/Builtin-options.html#core-options) to pass to Meson. We default to `plain`. + +##### `mesonAutoFeatures` {#mesonautofeatures} + +What value to set [`-Dauto_features=`](https://mesonbuild.com/Builtin-options.html#core-options) to. We default to `enabled`. + +##### `mesonWrapMode` {#mesonwrapmode} + +What value to set [`-Dwrap_mode=`](https://mesonbuild.com/Builtin-options.html#core-options) to. We default to `nodownload` as we disallow network access. + +##### `dontUseMesonConfigure` {#dontusemesonconfigure} + +Disables using Meson’s `configurePhase`. diff --git a/doc/hooks/ninja.section.md b/doc/hooks/ninja.section.md new file mode 100644 index 000000000000..5ea1ee87070a --- /dev/null +++ b/doc/hooks/ninja.section.md @@ -0,0 +1,4 @@ + +### ninja {#ninja} + +Overrides the build, install, and check phase to run ninja instead of make. You can disable this behavior with the `dontUseNinjaBuild`, `dontUseNinjaInstall`, and `dontUseNinjaCheck`, respectively. Parallel building is enabled by default in Ninja. diff --git a/doc/hooks/perl.section.md b/doc/hooks/perl.section.md new file mode 100644 index 000000000000..403227a9bf18 --- /dev/null +++ b/doc/hooks/perl.section.md @@ -0,0 +1,4 @@ + +### Perl {#setup-hook-perl} + +Adds the `lib/site_perl` subdirectory of each build input to the `PERL5LIB` environment variable. For instance, if `buildInputs` contains Perl, then the `lib/site_perl` subdirectory of each input is added to the `PERL5LIB` environment variable. diff --git a/doc/hooks/pkg-config.section.md b/doc/hooks/pkg-config.section.md new file mode 100644 index 000000000000..969c81f6d18a --- /dev/null +++ b/doc/hooks/pkg-config.section.md @@ -0,0 +1,4 @@ + +### pkg-config {#setup-hook-pkg-config} + +Adds the `lib/pkgconfig` and `share/pkgconfig` subdirectories of each build input to the `PKG_CONFIG_PATH` environment variable. diff --git a/doc/hooks/python.section.md b/doc/hooks/python.section.md new file mode 100644 index 000000000000..a46a727e95b1 --- /dev/null +++ b/doc/hooks/python.section.md @@ -0,0 +1,4 @@ + +### Python {#setup-hook-python} + +Adds the `lib/${python.libPrefix}/site-packages` subdirectory of each build input to the `PYTHONPATH` environment variable. diff --git a/doc/hooks/qt-4.section.md b/doc/hooks/qt-4.section.md new file mode 100644 index 000000000000..f15d858e2377 --- /dev/null +++ b/doc/hooks/qt-4.section.md @@ -0,0 +1,4 @@ + +### Qt 4 {#qt-4} + +Sets the `QTDIR` environment variable to Qt’s path. diff --git a/doc/hooks/scons.section.md b/doc/hooks/scons.section.md new file mode 100644 index 000000000000..1392269e5d55 --- /dev/null +++ b/doc/hooks/scons.section.md @@ -0,0 +1,4 @@ + +### scons {#scons} + +Overrides the build, install, and check phases. This uses the scons build system as a replacement for make. scons does not provide a configure phase, so everything is managed at build and install time. diff --git a/doc/hooks/tetex-tex-live.section.md b/doc/hooks/tetex-tex-live.section.md new file mode 100644 index 000000000000..0ecdcc12e45a --- /dev/null +++ b/doc/hooks/tetex-tex-live.section.md @@ -0,0 +1,4 @@ + +### teTeX / TeX Live {#tetex-tex-live} + +Adds the `share/texmf-nix` subdirectory of each build input to the `TEXINPUTS` environment variable. diff --git a/doc/hooks/unzip.section.md b/doc/hooks/unzip.section.md new file mode 100644 index 000000000000..91dc072de662 --- /dev/null +++ b/doc/hooks/unzip.section.md @@ -0,0 +1,4 @@ + +### unzip {#unzip} + +This setup hook will allow you to unzip .zip files specified in `$src`. There are many similar packages like `unrar`, `undmg`, etc. diff --git a/doc/hooks/validatePkgConfig.section.md b/doc/hooks/validatePkgConfig.section.md new file mode 100644 index 000000000000..8719ae930fcb --- /dev/null +++ b/doc/hooks/validatePkgConfig.section.md @@ -0,0 +1,4 @@ + +### validatePkgConfig {#validatepkgconfig} + +The `validatePkgConfig` hook validates all pkg-config (`.pc`) files in a package. This helps catching some common errors in pkg-config files, such as undefined variables. diff --git a/doc/hooks/waf.section.md b/doc/hooks/waf.section.md new file mode 100644 index 000000000000..de65abde4502 --- /dev/null +++ b/doc/hooks/waf.section.md @@ -0,0 +1,4 @@ + +### wafHook {#wafhook} + +Overrides the configure, build, and install phases. This will run the “waf” script used by many projects. If `wafPath` (default `./waf`) doesn’t exist, it will copy the version of waf available in Nixpkgs. `wafFlags` can be used to pass flags to the waf script. diff --git a/doc/hooks/xcbuild.section.md b/doc/hooks/xcbuild.section.md new file mode 100644 index 000000000000..1426431f6dce --- /dev/null +++ b/doc/hooks/xcbuild.section.md @@ -0,0 +1,4 @@ + +### xcbuildHook {#xcbuildhook} + +Overrides the build and install phases to run the "xcbuild" command. This hook is needed when a project only comes with build files for the XCode build system. You can disable this behavior by setting buildPhase and configurePhase to a custom value. xcbuildFlags controls flags passed only to xcbuild. diff --git a/doc/stdenv/stdenv.chapter.md b/doc/stdenv/stdenv.chapter.md index a304c0e14657..12213d7ca5de 100644 --- a/doc/stdenv/stdenv.chapter.md +++ b/doc/stdenv/stdenv.chapter.md @@ -1010,19 +1010,19 @@ The *existence* of setups hooks has long been documented and packages inside Nix First, let’s cover some setup hooks that are part of Nixpkgs default `stdenv`. This means that they are run for every package built using `stdenv.mkDerivation` or when using a custom builder that has `source $stdenv/setup`. Some of these are platform specific, so they may run on Linux but not Darwin or vice-versa. -### Default hook `move-docs.sh` {#move-docs.sh} +### `move-docs.sh` {#move-docs.sh} This setup hook moves any installed documentation to the `/share` subdirectory directory. This includes the man, doc and info directories. This is needed for legacy programs that do not know how to use the `share` subdirectory. -### Default hook `compress-man-pages.sh` {#compress-man-pages.sh} +### `compress-man-pages.sh` {#compress-man-pages.sh} This setup hook compresses any man pages that have been installed. The compression is done using the gzip program. This helps to reduce the installed size of packages. -### Default hook `strip.sh` {#strip.sh} +### `strip.sh` {#strip.sh} This runs the strip command on installed binaries and libraries. This removes unnecessary information like debug symbols when they are not needed. This also helps to reduce the installed size of packages. -### Default hook `patch-shebangs.sh` {#patch-shebangs.sh} +### `patch-shebangs.sh` {#patch-shebangs.sh} This setup hook patches installed scripts to add Nix store paths to their shebang interpreter as found in the build environment. The [shebang](https://en.wikipedia.org/wiki/Shebang_(Unix)) line tells a Unix-like operating system which interpreter to use to execute the script's contents. @@ -1089,32 +1089,37 @@ If you need to run `patchShebangs` at build time, it must be called explicitly w [patchShebangs]: https://github.com/NixOS/nixpkgs/blob/19d4f7dc485f74109bd66ef74231285ff797a823/pkgs/build-support/setup-hooks/patch-shebangs.sh#L24-L105 [patchShebangsAuto]: https://github.com/NixOS/nixpkgs/blob/19d4f7dc485f74109bd66ef74231285ff797a823/pkgs/build-support/setup-hooks/patch-shebangs.sh#L107-L119 -### Default hook `audit-tmpdir.sh` {#audit-tmpdir.sh} +### `audit-tmpdir.sh` {#audit-tmpdir.sh} This verifies that no references are left from the install binaries to the directory used to build those binaries. This ensures that the binaries do not need things outside the Nix store. This is currently supported in Linux only. -### Default hook `multiple-outputs.sh` {#multiple-outputs.sh} +### `multiple-outputs.sh` {#multiple-outputs.sh} This setup hook adds configure flags that tell packages to install files into any one of the proper outputs listed in `outputs`. This behavior can be turned off by setting `setOutputFlags` to false in the derivation environment. See [](#chap-multiple-output) for more information. -### Default hook `move-sbin.sh` {#move-sbin.sh} +### `move-sbin.sh` {#move-sbin.sh} This setup hook moves any binaries installed in the `sbin/` subdirectory into `bin/`. In addition, a link is provided from `sbin/` to `bin/` for compatibility. -### Default hook `move-lib64.sh` {#move-lib64.sh} +### `move-lib64.sh` {#move-lib64.sh} This setup hook moves any libraries installed in the `lib64/` subdirectory into `lib/`. In addition, a link is provided from `lib64/` to `lib/` for compatibility. -### Default hook `move-systemd-user-units.sh` {#move-systemd-user-units.sh} +### `move-systemd-user-units.sh` {#move-systemd-user-units.sh} This setup hook moves any systemd user units installed in the `lib/` subdirectory into `share/`. In addition, a link is provided from `share/` to `lib/` for compatibility. This is needed for systemd to find user services when installed into the user profile. This hook only runs when compiling for Linux. -### Default hook `set-source-date-epoch-to-latest.sh` {#set-source-date-epoch-to-latest.sh} +### `set-source-date-epoch-to-latest.sh` {#set-source-date-epoch-to-latest.sh} This sets `SOURCE_DATE_EPOCH` to the modification time of the most recent file. +### Other hooks + +Many other packages provide hooks, that are not part of `stdenv`. You can find +these in the [Hooks Reference](#chap-hooks). + ### Bintools Wrapper {#bintools-wrapper} The Bintools Wrapper wraps the binary utilities for a bunch of miscellaneous purposes. These are GNU Binutils when targetting Linux, and a mix of cctools and GNU binutils for Darwin. \[The “Bintools” name is supposed to be a compromise between “Binutils” and “cctools” not denoting any specific implementation.\] Specifically, the underlying bintools package, and a C standard library (glibc or Darwin’s libSystem, just for the dynamic loader) are all fed in, and dependency finding, hardening (see below), and purity checks for each are handled by the Bintools Wrapper. Packages typically depend on CC Wrapper, which in turn (at run time) depends on the Bintools Wrapper. @@ -1135,164 +1140,6 @@ Similarly, the CC Wrapper follows the Bintools Wrapper in defining standard envi Here are some more packages that provide a setup hook. Since the list of hooks is extensible, this is not an exhaustive list. The mechanism is only to be used as a last resort, so it might cover most uses. -### Optional hook Perl {#setup-hook-perl} - -Adds the `lib/site_perl` subdirectory of each build input to the `PERL5LIB` environment variable. For instance, if `buildInputs` contains Perl, then the `lib/site_perl` subdirectory of each input is added to the `PERL5LIB` environment variable. - -### Optional hook Python {#setup-hook-python} - -Adds the `lib/${python.libPrefix}/site-packages` subdirectory of each build input to the `PYTHONPATH` environment variable. - -### Optional hook pkg-config {#setup-hook-pkg-config} - -Adds the `lib/pkgconfig` and `share/pkgconfig` subdirectories of each build input to the `PKG_CONFIG_PATH` environment variable. - -### Optional hook Automake {#setup-hook-automake} - -Adds the `share/aclocal` subdirectory of each build input to the `ACLOCAL_PATH` environment variable. - -### Optional hook Autoconf {#setup-hook-autoconf} - -The `autoreconfHook` derivation adds `autoreconfPhase`, which runs autoreconf, libtoolize and automake, essentially preparing the configure script in autotools-based builds. Most autotools-based packages come with the configure script pre-generated, but this hook is necessary for a few packages and when you need to patch the package’s configure scripts. - -### Optional hook libxml2 {#setup-hook-libxml2} - -Adds every file named `catalog.xml` found under the `xml/dtd` and `xml/xsl` subdirectories of each build input to the `XML_CATALOG_FILES` environment variable. - -### Optional hook teTeX / TeX Live {#tetex-tex-live} - -Adds the `share/texmf-nix` subdirectory of each build input to the `TEXINPUTS` environment variable. - -### Optional hook Qt 4 {#qt-4} - -Sets the `QTDIR` environment variable to Qt’s path. - -### Optional hook gdk-pixbuf {#setup-hook-gdk-pixbuf} - -Exports `GDK_PIXBUF_MODULE_FILE` environment variable to the builder. Add librsvg package to `buildInputs` to get svg support. See also the [setup hook description in GNOME platform docs](#ssec-gnome-hooks-gdk-pixbuf). - -### Optional hook GHC {#ghc} - -Creates a temporary package database and registers every Haskell build input in it (TODO: how?). - -### Optional hook GNOME platform {#gnome-platform} - -Hooks related to GNOME platform and related libraries like GLib, GTK and GStreamer are described in [](#sec-language-gnome). - -### Optional hook autoPatchelfHook {#setup-hook-autopatchelfhook} - -This is a special setup hook which helps in packaging proprietary software in that it automatically tries to find missing shared library dependencies of ELF files based on the given `buildInputs` and `nativeBuildInputs`. - -You can also specify a `runtimeDependencies` variable which lists dependencies to be unconditionally added to rpath of all executables. This is useful for programs that use dlopen 3 to load libraries at runtime. - -In certain situations you may want to run the main command (`autoPatchelf`) of the setup hook on a file or a set of directories instead of unconditionally patching all outputs. This can be done by setting the `dontAutoPatchelf` environment variable to a non-empty value. - -By default `autoPatchelf` will fail as soon as any ELF file requires a dependency which cannot be resolved via the given build inputs. In some situations you might prefer to just leave missing dependencies unpatched and continue to patch the rest. This can be achieved by setting the `autoPatchelfIgnoreMissingDeps` environment variable to a non-empty value. `autoPatchelfIgnoreMissingDeps` can be set to a list like `autoPatchelfIgnoreMissingDeps = [ "libcuda.so.1" "libcudart.so.1" ];` or to simply `[ "*" ]` to ignore all missing dependencies. - -The `autoPatchelf` command also recognizes a `--no-recurse` command line flag, which prevents it from recursing into subdirectories. - -### Optional hook breakpointHook {#breakpointhook} - -This hook will make a build pause instead of stopping when a failure happens. It prevents nix from cleaning up the build environment immediately and allows the user to attach to a build environment using the `cntr` command. Upon build error it will print instructions on how to use `cntr`, which can be used to enter the environment for debugging. Installing cntr and running the command will provide shell access to the build sandbox of failed build. At `/var/lib/cntr` the sandboxed filesystem is mounted. All commands and files of the system are still accessible within the shell. To execute commands from the sandbox use the cntr exec subcommand. `cntr` is only supported on Linux-based platforms. To use it first add `cntr` to your `environment.systemPackages` on NixOS or alternatively to the root user on non-NixOS systems. Then in the package that is supposed to be inspected, add `breakpointHook` to `nativeBuildInputs`. - -```nix -nativeBuildInputs = [ breakpointHook ]; -``` - -When a build failure happens there will be an instruction printed that shows how to attach with `cntr` to the build sandbox. - -::: {.note} -::: {.title} -Caution with remote builds -::: - -This won’t work with remote builds as the build environment is on a different machine and can’t be accessed by `cntr`. Remote builds can be turned off by setting `--option builders ''` for `nix-build` or `--builders ''` for `nix build`. -::: - -### Optional hook `installShellFiles` {#installshellfiles} - -This hook helps with installing manpages and shell completion files. It exposes 2 shell functions `installManPage` and `installShellCompletion` that can be used from your `postInstall` hook. - -The `installManPage` function takes one or more paths to manpages to install. The manpages must have a section suffix, and may optionally be compressed (with `.gz` suffix). This function will place them into the correct directory. - -The `installShellCompletion` function takes one or more paths to shell completion files. By default it will autodetect the shell type from the completion file extension, but you may also specify it by passing one of `--bash`, `--fish`, or `--zsh`. These flags apply to all paths listed after them (up until another shell flag is given). Each path may also have a custom installation name provided by providing a flag `--name NAME` before the path. If this flag is not provided, zsh completions will be renamed automatically such that `foobar.zsh` becomes `_foobar`. A root name may be provided for all paths using the flag `--cmd NAME`; this synthesizes the appropriate name depending on the shell (e.g. `--cmd foo` will synthesize the name `foo.bash` for bash and `_foo` for zsh). The path may also be a fifo or named fd (such as produced by `<(cmd)`), in which case the shell and name must be provided. - -```nix -nativeBuildInputs = [ installShellFiles ]; -postInstall = '' - installManPage doc/foobar.1 doc/barfoo.3 - # explicit behavior - installShellCompletion --bash --name foobar.bash share/completions.bash - installShellCompletion --fish --name foobar.fish share/completions.fish - installShellCompletion --zsh --name _foobar share/completions.zsh - # implicit behavior - installShellCompletion share/completions/foobar.{bash,fish,zsh} - # using named fd - installShellCompletion --cmd foobar \ - --bash <($out/bin/foobar --bash-completion) \ - --fish <($out/bin/foobar --fish-completion) \ - --zsh <($out/bin/foobar --zsh-completion) -''; -``` - -### Optional hook libiconv, libintl {#libiconv-libintl} - -A few libraries automatically add to `NIX_LDFLAGS` their library, making their symbols automatically available to the linker. This includes libiconv and libintl (gettext). This is done to provide compatibility between GNU Linux, where libiconv and libintl are bundled in, and other systems where that might not be the case. Sometimes, this behavior is not desired. To disable this behavior, set `dontAddExtraLibs`. - -### Optional hook validatePkgConfig {#validatepkgconfig} - -The `validatePkgConfig` hook validates all pkg-config (`.pc`) files in a package. This helps catching some common errors in pkg-config files, such as undefined variables. - -### Optional hook cmake {#cmake} - -Overrides the default configure phase to run the CMake command. By default, we use the Make generator of CMake. In addition, dependencies are added automatically to `CMAKE_PREFIX_PATH` so that packages are correctly detected by CMake. Some additional flags are passed in to give similar behavior to configure-based packages. You can disable this hook’s behavior by setting `configurePhase` to a custom value, or by setting `dontUseCmakeConfigure`. `cmakeFlags` controls flags passed only to CMake. By default, parallel building is enabled as CMake supports parallel building almost everywhere. When Ninja is also in use, CMake will detect that and use the ninja generator. - -### Optional hook xcbuildHook {#xcbuildhook} - -Overrides the build and install phases to run the "xcbuild" command. This hook is needed when a project only comes with build files for the XCode build system. You can disable this behavior by setting buildPhase and configurePhase to a custom value. xcbuildFlags controls flags passed only to xcbuild. - -### Optional hook Meson {#meson} - -Overrides the configure phase to run meson to generate Ninja files. To run these files, you should accompany Meson with ninja. By default, `enableParallelBuilding` is enabled as Meson supports parallel building almost everywhere. - -#### Variables controlling Meson {#variables-controlling-meson} - -##### `mesonFlags` {#mesonflags} - -Controls the flags passed to meson. - -##### `mesonBuildType` {#mesonbuildtype} - -Which [`--buildtype`](https://mesonbuild.com/Builtin-options.html#core-options) to pass to Meson. We default to `plain`. - -##### `mesonAutoFeatures` {#mesonautofeatures} - -What value to set [`-Dauto_features=`](https://mesonbuild.com/Builtin-options.html#core-options) to. We default to `enabled`. - -##### `mesonWrapMode` {#mesonwrapmode} - -What value to set [`-Dwrap_mode=`](https://mesonbuild.com/Builtin-options.html#core-options) to. We default to `nodownload` as we disallow network access. - -##### `dontUseMesonConfigure` {#dontusemesonconfigure} - -Disables using Meson’s `configurePhase`. - -### Optional hook ninja {#ninja} - -Overrides the build, install, and check phase to run ninja instead of make. You can disable this behavior with the `dontUseNinjaBuild`, `dontUseNinjaInstall`, and `dontUseNinjaCheck`, respectively. Parallel building is enabled by default in Ninja. - -### Optional hook unzip {#unzip} - -This setup hook will allow you to unzip .zip files specified in `$src`. There are many similar packages like `unrar`, `undmg`, etc. - -### Optional hook wafHook {#wafhook} - -Overrides the configure, build, and install phases. This will run the “waf” script used by many projects. If `wafPath` (default `./waf`) doesn’t exist, it will copy the version of waf available in Nixpkgs. `wafFlags` can be used to pass flags to the waf script. - -### Optional hook scons {#scons} - -Overrides the build, install, and check phases. This uses the scons build system as a replacement for make. scons does not provide a configure phase, so everything is managed at build and install time. - ## Purity in Nixpkgs {#sec-purity-in-nixpkgs} *Measures taken to prevent dependencies on packages outside the store, and what you can do to prevent them.* From 2f5fcda329757f9a3d58dca4842e075c7f14ee2d Mon Sep 17 00:00:00 2001 From: Koen Wilde Date: Wed, 12 Oct 2022 23:46:01 +0200 Subject: [PATCH 13/27] build-support: Fix error when building images with many layers When building a docker image using `dockertools.buildLayeredImage`, the resulting image layers are passed to `jq` through the command line. When building an image with too many layers this would exceed the maximum command line argument length. Hence, we store the list of layers in the Nix store and pass them to `jq` as a file argument using `--slurpfile`. Fixes #140908. --- pkgs/build-support/docker/default.nix | 21 +++++++++++---------- 1 file changed, 11 insertions(+), 10 deletions(-) diff --git a/pkgs/build-support/docker/default.nix b/pkgs/build-support/docker/default.nix index 47fd99c12f8e..7eb81623046a 100644 --- a/pkgs/build-support/docker/default.nix +++ b/pkgs/build-support/docker/default.nix @@ -935,33 +935,34 @@ rec { # following lines, double-check that your code behaves properly # when the number of layers equals: # maxLayers-1, maxLayers, and maxLayers+1, 0 - store_layers="$( - paths | - jq -sR ' - rtrimstr("\n") | split("\n") - | (.[:$maxLayers-1] | map([.])) + [ .[$maxLayers-1:] ] - | map(select(length > 0)) + paths | + jq -sR ' + rtrimstr("\n") | split("\n") + | (.[:$maxLayers-1] | map([.])) + [ .[$maxLayers-1:] ] + | map(select(length > 0)) ' \ - --argjson maxLayers "$availableLayers" - )" + --argjson maxLayers "$availableLayers" > store_layers.json + # The index on $store_layers is necessary because the --slurpfile + # automatically reads the file as an array. cat ${baseJson} | jq ' . + { "store_dir": $store_dir, "from_image": $from_image, - "store_layers": $store_layers, + "store_layers": $store_layers[0], "customisation_layer", $customisation_layer, "repo_tag": $repo_tag, "created": $created } ' --arg store_dir "${storeDir}" \ --argjson from_image ${if fromImage == null then "null" else "'\"${fromImage}\"'"} \ - --argjson store_layers "$store_layers" \ + --slurpfile store_layers store_layers.json \ --arg customisation_layer ${customisationLayer} \ --arg repo_tag "$imageName:$imageTag" \ --arg created "$created" | tee $out ''; + result = runCommand "stream-${baseName}" { inherit (conf) imageName; From da2258f9127392462f49ebd4f950c36124a63607 Mon Sep 17 00:00:00 2001 From: Adam Stephens Date: Thu, 13 Oct 2022 14:56:23 +0000 Subject: [PATCH 14/27] vscode: 1.71.2 -> 1.72.1 --- pkgs/applications/editors/vscode/vscode.nix | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/pkgs/applications/editors/vscode/vscode.nix b/pkgs/applications/editors/vscode/vscode.nix index 1ae65c1cbf4b..4c154ebf9cbe 100644 --- a/pkgs/applications/editors/vscode/vscode.nix +++ b/pkgs/applications/editors/vscode/vscode.nix @@ -18,17 +18,17 @@ let archive_fmt = if stdenv.isDarwin then "zip" else "tar.gz"; sha256 = { - x86_64-linux = "0ar8gpklaa0aa3k1934jyg2vh65hzncx0awl1f0wz8n4fjasfrpc"; - x86_64-darwin = "0jkpzyg2pk2d88w2ffrp2lr0qadss7ccycx4vpmjmw62d3sap8n1"; - aarch64-linux = "1g7lzqghagz63pljg4wy34z706j70vjmk49cl8v27jbnsgnva56a"; - aarch64-darwin = "132ml95xlyv5c343bfv0gpgr8rmk85xspsy9baninlmhnmy7mivv"; - armv7l-linux = "04anb6r7hkk3y3vahx32nxj5dz2i66rrnl0561xkcjr4cqvxykiw"; + x86_64-linux = "0hj6rpg65ivnnvzfjm16vjpjzzqbabpw5ldrr78x7ddrr06h02z6"; + x86_64-darwin = "01gskihfp5s0j4dw8nxmfsp0sav1zqlmylmvwhi1y2qqq4y9c3w9"; + aarch64-linux = "07n1svlkd2ji4b6yvhci6qvx429xipp8y418cqq3173gw8v59lws"; + aarch64-darwin = "0gr94l7lk54fhhhqbiv23hd7d25xilqlwla2dbs5c171nj9pz325"; + armv7l-linux = "0nxnjrzwfvma9zl4x11r45qwqq8mk91cxg47mg33qgr22lvbgz63"; }.${system} or throwSystem; in callPackage ./generic.nix rec { # Please backport all compatible updates to the stable release. # This is important for the extension ecosystem. - version = "1.71.2"; + version = "1.72.1"; pname = "vscode"; executableName = "code" + lib.optionalString isInsiders "-insiders"; From 7b30788245205f5e53543d6bfb315ea22b80b68e Mon Sep 17 00:00:00 2001 From: Linus Heckemann Date: Thu, 13 Oct 2022 18:15:01 +0200 Subject: [PATCH 15/27] qemu: add patch improving 9p performance This patch has been accepted by the upstream 9p subsystem maintainer and should improve the performance of NixOS tests massively. --- .../9pfs-use-GHashTable-for-fid-table.patch | 371 ++++++++++++++++++ .../virtualization/qemu/default.nix | 1 + 2 files changed, 372 insertions(+) create mode 100644 pkgs/applications/virtualization/qemu/9pfs-use-GHashTable-for-fid-table.patch diff --git a/pkgs/applications/virtualization/qemu/9pfs-use-GHashTable-for-fid-table.patch b/pkgs/applications/virtualization/qemu/9pfs-use-GHashTable-for-fid-table.patch new file mode 100644 index 000000000000..2e6f1699637b --- /dev/null +++ b/pkgs/applications/virtualization/qemu/9pfs-use-GHashTable-for-fid-table.patch @@ -0,0 +1,371 @@ +From 8ab70b8958a8f9cb9bd316eecd3ccbcf05c06614 Mon Sep 17 00:00:00 2001 +From: Linus Heckemann +Date: Tue, 4 Oct 2022 12:41:21 +0200 +Subject: [PATCH] 9pfs: use GHashTable for fid table +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +The previous implementation would iterate over the fid table for +lookup operations, resulting in an operation with O(n) complexity on +the number of open files and poor cache locality -- for every open, +stat, read, write, etc operation. + +This change uses a hashtable for this instead, significantly improving +the performance of the 9p filesystem. The runtime of NixOS's simple +installer test, which copies ~122k files totalling ~1.8GiB from 9p, +decreased by a factor of about 10. + +Signed-off-by: Linus Heckemann +Reviewed-by: Philippe Mathieu-Daudé +Reviewed-by: Greg Kurz +[CS: - Retain BUG_ON(f->clunked) in get_fid(). + - Add TODO comment in clunk_fid(). ] +Message-Id: <20221004104121.713689-1-git@sphalerite.org> +[CS: - Drop unnecessary goto and out: label. ] +Signed-off-by: Christian Schoenebeck +--- + hw/9pfs/9p.c | 194 +++++++++++++++++++++++++++++---------------------- + hw/9pfs/9p.h | 2 +- + 2 files changed, 112 insertions(+), 84 deletions(-) + +diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c +index aebadeaa03..9bf13133e5 100644 +--- a/hw/9pfs/9p.c ++++ b/hw/9pfs/9p.c +@@ -256,7 +256,8 @@ static size_t v9fs_string_size(V9fsString *str) + } + + /* +- * returns 0 if fid got re-opened, 1 if not, < 0 on error */ ++ * returns 0 if fid got re-opened, 1 if not, < 0 on error ++ */ + static int coroutine_fn v9fs_reopen_fid(V9fsPDU *pdu, V9fsFidState *f) + { + int err = 1; +@@ -282,33 +283,32 @@ static V9fsFidState *coroutine_fn get_fid(V9fsPDU *pdu, int32_t fid) + V9fsFidState *f; + V9fsState *s = pdu->s; + +- QSIMPLEQ_FOREACH(f, &s->fid_list, next) { ++ f = g_hash_table_lookup(s->fids, GINT_TO_POINTER(fid)); ++ if (f) { + BUG_ON(f->clunked); +- if (f->fid == fid) { +- /* +- * Update the fid ref upfront so that +- * we don't get reclaimed when we yield +- * in open later. +- */ +- f->ref++; +- /* +- * check whether we need to reopen the +- * file. We might have closed the fd +- * while trying to free up some file +- * descriptors. +- */ +- err = v9fs_reopen_fid(pdu, f); +- if (err < 0) { +- f->ref--; +- return NULL; +- } +- /* +- * Mark the fid as referenced so that the LRU +- * reclaim won't close the file descriptor +- */ +- f->flags |= FID_REFERENCED; +- return f; ++ /* ++ * Update the fid ref upfront so that ++ * we don't get reclaimed when we yield ++ * in open later. ++ */ ++ f->ref++; ++ /* ++ * check whether we need to reopen the ++ * file. We might have closed the fd ++ * while trying to free up some file ++ * descriptors. ++ */ ++ err = v9fs_reopen_fid(pdu, f); ++ if (err < 0) { ++ f->ref--; ++ return NULL; + } ++ /* ++ * Mark the fid as referenced so that the LRU ++ * reclaim won't close the file descriptor ++ */ ++ f->flags |= FID_REFERENCED; ++ return f; + } + return NULL; + } +@@ -317,12 +317,11 @@ static V9fsFidState *alloc_fid(V9fsState *s, int32_t fid) + { + V9fsFidState *f; + +- QSIMPLEQ_FOREACH(f, &s->fid_list, next) { ++ f = g_hash_table_lookup(s->fids, GINT_TO_POINTER(fid)); ++ if (f) { + /* If fid is already there return NULL */ + BUG_ON(f->clunked); +- if (f->fid == fid) { +- return NULL; +- } ++ return NULL; + } + f = g_new0(V9fsFidState, 1); + f->fid = fid; +@@ -333,7 +332,7 @@ static V9fsFidState *alloc_fid(V9fsState *s, int32_t fid) + * reclaim won't close the file descriptor + */ + f->flags |= FID_REFERENCED; +- QSIMPLEQ_INSERT_TAIL(&s->fid_list, f, next); ++ g_hash_table_insert(s->fids, GINT_TO_POINTER(fid), f); + + v9fs_readdir_init(s->proto_version, &f->fs.dir); + v9fs_readdir_init(s->proto_version, &f->fs_reclaim.dir); +@@ -424,12 +423,12 @@ static V9fsFidState *clunk_fid(V9fsState *s, int32_t fid) + { + V9fsFidState *fidp; + +- QSIMPLEQ_FOREACH(fidp, &s->fid_list, next) { +- if (fidp->fid == fid) { +- QSIMPLEQ_REMOVE(&s->fid_list, fidp, V9fsFidState, next); +- fidp->clunked = true; +- return fidp; +- } ++ /* TODO: Use g_hash_table_steal_extended() instead? */ ++ fidp = g_hash_table_lookup(s->fids, GINT_TO_POINTER(fid)); ++ if (fidp) { ++ g_hash_table_remove(s->fids, GINT_TO_POINTER(fid)); ++ fidp->clunked = true; ++ return fidp; + } + return NULL; + } +@@ -439,10 +438,15 @@ void coroutine_fn v9fs_reclaim_fd(V9fsPDU *pdu) + int reclaim_count = 0; + V9fsState *s = pdu->s; + V9fsFidState *f; ++ GHashTableIter iter; ++ gpointer fid; ++ ++ g_hash_table_iter_init(&iter, s->fids); ++ + QSLIST_HEAD(, V9fsFidState) reclaim_list = + QSLIST_HEAD_INITIALIZER(reclaim_list); + +- QSIMPLEQ_FOREACH(f, &s->fid_list, next) { ++ while (g_hash_table_iter_next(&iter, &fid, (gpointer *) &f)) { + /* + * Unlink fids cannot be reclaimed. Check + * for them and skip them. Also skip fids +@@ -514,72 +518,85 @@ void coroutine_fn v9fs_reclaim_fd(V9fsPDU *pdu) + } + } + ++/* ++ * This is used when a path is removed from the directory tree. Any ++ * fids that still reference it must not be closed from then on, since ++ * they cannot be reopened. ++ */ + static int coroutine_fn v9fs_mark_fids_unreclaim(V9fsPDU *pdu, V9fsPath *path) + { +- int err; ++ int err = 0; + V9fsState *s = pdu->s; +- V9fsFidState *fidp, *fidp_next; ++ V9fsFidState *fidp; ++ gpointer fid; ++ GHashTableIter iter; ++ /* ++ * The most common case is probably that we have exactly one ++ * fid for the given path, so preallocate exactly one. ++ */ ++ g_autoptr(GArray) to_reopen = g_array_sized_new(FALSE, FALSE, ++ sizeof(V9fsFidState *), 1); ++ gint i; + +- fidp = QSIMPLEQ_FIRST(&s->fid_list); +- if (!fidp) { +- return 0; +- } ++ g_hash_table_iter_init(&iter, s->fids); + + /* +- * v9fs_reopen_fid() can yield : a reference on the fid must be held +- * to ensure its pointer remains valid and we can safely pass it to +- * QSIMPLEQ_NEXT(). The corresponding put_fid() can also yield so +- * we must keep a reference on the next fid as well. So the logic here +- * is to get a reference on a fid and only put it back during the next +- * iteration after we could get a reference on the next fid. Start with +- * the first one. ++ * We iterate over the fid table looking for the entries we need ++ * to reopen, and store them in to_reopen. This is because ++ * v9fs_reopen_fid() and put_fid() yield. This allows the fid table ++ * to be modified in the meantime, invalidating our iterator. + */ +- for (fidp->ref++; fidp; fidp = fidp_next) { ++ while (g_hash_table_iter_next(&iter, &fid, (gpointer *) &fidp)) { + if (fidp->path.size == path->size && + !memcmp(fidp->path.data, path->data, path->size)) { +- /* Mark the fid non reclaimable. */ +- fidp->flags |= FID_NON_RECLAIMABLE; +- +- /* reopen the file/dir if already closed */ +- err = v9fs_reopen_fid(pdu, fidp); +- if (err < 0) { +- put_fid(pdu, fidp); +- return err; +- } +- } +- +- fidp_next = QSIMPLEQ_NEXT(fidp, next); +- +- if (fidp_next) { + /* +- * Ensure the next fid survives a potential clunk request during +- * put_fid() below and v9fs_reopen_fid() in the next iteration. ++ * Ensure the fid survives a potential clunk request during ++ * v9fs_reopen_fid or put_fid. + */ +- fidp_next->ref++; ++ fidp->ref++; ++ fidp->flags |= FID_NON_RECLAIMABLE; ++ g_array_append_val(to_reopen, fidp); + } ++ } + +- /* We're done with this fid */ +- put_fid(pdu, fidp); ++ for (i = 0; i < to_reopen->len; i++) { ++ fidp = g_array_index(to_reopen, V9fsFidState*, i); ++ /* reopen the file/dir if already closed */ ++ err = v9fs_reopen_fid(pdu, fidp); ++ if (err < 0) { ++ break; ++ } + } + +- return 0; ++ for (i = 0; i < to_reopen->len; i++) { ++ put_fid(pdu, g_array_index(to_reopen, V9fsFidState*, i)); ++ } ++ return err; + } + + static void coroutine_fn virtfs_reset(V9fsPDU *pdu) + { + V9fsState *s = pdu->s; + V9fsFidState *fidp; ++ GList *freeing; ++ /* ++ * Get a list of all the values (fid states) in the table, which ++ * we then... ++ */ ++ g_autoptr(GList) fids = g_hash_table_get_values(s->fids); + +- /* Free all fids */ +- while (!QSIMPLEQ_EMPTY(&s->fid_list)) { +- /* Get fid */ +- fidp = QSIMPLEQ_FIRST(&s->fid_list); +- fidp->ref++; ++ /* ... remove from the table, taking over ownership. */ ++ g_hash_table_steal_all(s->fids); + +- /* Clunk fid */ +- QSIMPLEQ_REMOVE(&s->fid_list, fidp, V9fsFidState, next); ++ /* ++ * This allows us to release our references to them asynchronously without ++ * iterating over the hash table and risking iterator invalidation ++ * through concurrent modifications. ++ */ ++ for (freeing = fids; freeing; freeing = freeing->next) { ++ fidp = freeing->data; ++ fidp->ref++; + fidp->clunked = true; +- + put_fid(pdu, fidp); + } + } +@@ -3205,6 +3222,8 @@ static int coroutine_fn v9fs_complete_rename(V9fsPDU *pdu, V9fsFidState *fidp, + V9fsFidState *tfidp; + V9fsState *s = pdu->s; + V9fsFidState *dirfidp = NULL; ++ GHashTableIter iter; ++ gpointer fid; + + v9fs_path_init(&new_path); + if (newdirfid != -1) { +@@ -3238,11 +3257,13 @@ static int coroutine_fn v9fs_complete_rename(V9fsPDU *pdu, V9fsFidState *fidp, + if (err < 0) { + goto out; + } ++ + /* + * Fixup fid's pointing to the old name to + * start pointing to the new name + */ +- QSIMPLEQ_FOREACH(tfidp, &s->fid_list, next) { ++ g_hash_table_iter_init(&iter, s->fids); ++ while (g_hash_table_iter_next(&iter, &fid, (gpointer *) &tfidp)) { + if (v9fs_path_is_ancestor(&fidp->path, &tfidp->path)) { + /* replace the name */ + v9fs_fix_path(&tfidp->path, &new_path, strlen(fidp->path.data)); +@@ -3320,6 +3341,8 @@ static int coroutine_fn v9fs_fix_fid_paths(V9fsPDU *pdu, V9fsPath *olddir, + V9fsPath oldpath, newpath; + V9fsState *s = pdu->s; + int err; ++ GHashTableIter iter; ++ gpointer fid; + + v9fs_path_init(&oldpath); + v9fs_path_init(&newpath); +@@ -3336,7 +3359,8 @@ static int coroutine_fn v9fs_fix_fid_paths(V9fsPDU *pdu, V9fsPath *olddir, + * Fixup fid's pointing to the old name to + * start pointing to the new name + */ +- QSIMPLEQ_FOREACH(tfidp, &s->fid_list, next) { ++ g_hash_table_iter_init(&iter, s->fids); ++ while (g_hash_table_iter_next(&iter, &fid, (gpointer *) &tfidp)) { + if (v9fs_path_is_ancestor(&oldpath, &tfidp->path)) { + /* replace the name */ + v9fs_fix_path(&tfidp->path, &newpath, strlen(oldpath.data)); +@@ -4226,7 +4250,7 @@ int v9fs_device_realize_common(V9fsState *s, const V9fsTransport *t, + s->ctx.fmode = fse->fmode; + s->ctx.dmode = fse->dmode; + +- QSIMPLEQ_INIT(&s->fid_list); ++ s->fids = g_hash_table_new(NULL, NULL); + qemu_co_rwlock_init(&s->rename_lock); + + if (s->ops->init(&s->ctx, errp) < 0) { +@@ -4286,6 +4310,10 @@ void v9fs_device_unrealize_common(V9fsState *s) + if (s->ctx.fst) { + fsdev_throttle_cleanup(s->ctx.fst); + } ++ if (s->fids) { ++ g_hash_table_destroy(s->fids); ++ s->fids = NULL; ++ } + g_free(s->tag); + qp_table_destroy(&s->qpd_table); + qp_table_destroy(&s->qpp_table); +diff --git a/hw/9pfs/9p.h b/hw/9pfs/9p.h +index 994f952600..10fd2076c2 100644 +--- a/hw/9pfs/9p.h ++++ b/hw/9pfs/9p.h +@@ -339,7 +339,7 @@ typedef struct { + struct V9fsState { + QLIST_HEAD(, V9fsPDU) free_list; + QLIST_HEAD(, V9fsPDU) active_list; +- QSIMPLEQ_HEAD(, V9fsFidState) fid_list; ++ GHashTable *fids; + FileOperations *ops; + FsContext ctx; + char *tag; +-- +2.36.2 + diff --git a/pkgs/applications/virtualization/qemu/default.nix b/pkgs/applications/virtualization/qemu/default.nix index 4f55b48bc540..5873c24f15a2 100644 --- a/pkgs/applications/virtualization/qemu/default.nix +++ b/pkgs/applications/virtualization/qemu/default.nix @@ -111,6 +111,7 @@ stdenv.mkDerivation rec { sha256 = "sha256-oC+bRjEHixv1QEFO9XAm4HHOwoiT+NkhknKGPydnZ5E="; revert = true; }) + ./9pfs-use-GHashTable-for-fid-table.patch ] ++ lib.optional nixosTestRunner ./force-uid0-on-9p.patch; From 989e8d85685e3a1d3d3aee1b74f3651c130bbd56 Mon Sep 17 00:00:00 2001 From: Martin Weinelt Date: Thu, 13 Oct 2022 18:21:29 +0200 Subject: [PATCH 16/27] nss: 3.83 -> 3.84 https://groups.google.com/a/mozilla.org/g/dev-tech-crypto/c/uV-FYp6SUr8/m/M5TvBj0eAQAJ --- pkgs/development/libraries/nss/latest.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/libraries/nss/latest.nix b/pkgs/development/libraries/nss/latest.nix index 825694aad889..09eaa64e600a 100644 --- a/pkgs/development/libraries/nss/latest.nix +++ b/pkgs/development/libraries/nss/latest.nix @@ -5,6 +5,6 @@ # Example: nix-shell ./maintainers/scripts/update.nix --argstr package cacert import ./generic.nix { - version = "3.83"; - hash = "sha256-qyPqZ/lkCQuLc8gKZ0CCVxw25fTrqSBXrGSMnB3vASg="; + version = "3.84"; + hash = "sha256-mjh//jUP8U8AHZQ/lswMBkiRVR1x4al6Xdv/5/EgeiU="; } From 1383ef43760e29c2f84f4d69c3916dbe1bd4e717 Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Thu, 13 Oct 2022 17:08:36 +0000 Subject: [PATCH 17/27] linuxkit: 0.8 -> 1.0.0 --- pkgs/development/tools/misc/linuxkit/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/tools/misc/linuxkit/default.nix b/pkgs/development/tools/misc/linuxkit/default.nix index da608ba5a061..94ae7f527125 100644 --- a/pkgs/development/tools/misc/linuxkit/default.nix +++ b/pkgs/development/tools/misc/linuxkit/default.nix @@ -2,7 +2,7 @@ buildGoPackage rec { pname = "linuxkit"; - version = "0.8"; + version = "1.0.0"; goPackagePath = "github.com/linuxkit/linuxkit"; @@ -10,7 +10,7 @@ buildGoPackage rec { owner = "linuxkit"; repo = "linuxkit"; rev = "v${version}"; - sha256 = "15jj60k8wz9cahjbdscnwyyfb1k1grjh7yrilb1cj4r8mby4sp2g"; + sha256 = "sha256-y/jsMr7HmrHjVMn4fyQ3MPHION8hQO2G4udX1AMx8bk="; }; subPackages = [ "src/cmd/linuxkit" ]; From 7d44e664ca57801509881a165e8b7ac2ce0c2c23 Mon Sep 17 00:00:00 2001 From: Jules Lamur Date: Wed, 5 Oct 2022 12:18:40 +0200 Subject: [PATCH 18/27] widevine-cdm: init at 4.10.2449.0 --- maintainers/maintainer-list.nix | 9 +++++++ .../networking/browsers/misc/widevine-cdm.nix | 26 +++++++++++++++++++ pkgs/top-level/all-packages.nix | 2 ++ 3 files changed, 37 insertions(+) create mode 100644 pkgs/applications/networking/browsers/misc/widevine-cdm.nix diff --git a/maintainers/maintainer-list.nix b/maintainers/maintainer-list.nix index 6019bf4d7117..3e5cefc356cd 100644 --- a/maintainers/maintainer-list.nix +++ b/maintainers/maintainer-list.nix @@ -6397,6 +6397,15 @@ githubId = 1204734; name = "Emil Karlson"; }; + jlamur = { + email = "contact@juleslamur.fr"; + github = "jlamur"; + githubId = 7054317; + name = "Jules Lamur"; + keys = [{ + fingerprint = "B768 6CD7 451A 650D 9C54 4204 6710 CF0C 1CBD 7762"; + }]; + }; jlesquembre = { email = "jl@lafuente.me"; github = "jlesquembre"; diff --git a/pkgs/applications/networking/browsers/misc/widevine-cdm.nix b/pkgs/applications/networking/browsers/misc/widevine-cdm.nix new file mode 100644 index 000000000000..41021cfdaa7c --- /dev/null +++ b/pkgs/applications/networking/browsers/misc/widevine-cdm.nix @@ -0,0 +1,26 @@ +{ lib, stdenv, fetchzip +}: + +stdenv.mkDerivation rec { + pname = "widevine-cdm"; + version = "4.10.2449.0"; + + src = fetchzip { + url = "https://dl.google.com/widevine-cdm/${version}-linux-x64.zip"; + sha256 = "sha256-f2kAkP+s3fB+krEZsiujEoI4oznkzSyaIB/CRJZWlXE="; + stripRoot = false; + }; + + installPhase = '' + install -vD libwidevinecdm.so $out/libwidevinecdm.so + ''; + + meta = with lib; { + description = "Widevine CDM"; + homepage = "https://www.widevine.com"; + sourceProvenance = with sourceTypes; [ binaryNativeCode ]; + license = licenses.unfree; + maintainers = with maintainers; [ jlamur ]; + platforms = [ "x86_64-linux" ]; + }; +} diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 55321d2458e8..cb963aee7d16 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -37651,4 +37651,6 @@ with pkgs; swaysettings = callPackage ../applications/misc/swaysettings { }; aitrack = libsForQt5.callPackage ../applications/misc/aitrack { }; + + widevine-cdm = callPackage ../applications/networking/browsers/misc/widevine-cdm.nix { }; } From ae83ba7b41afb0b193926d6795981c91602d114a Mon Sep 17 00:00:00 2001 From: Jules Lamur Date: Tue, 4 Oct 2022 19:03:11 +0200 Subject: [PATCH 19/27] qutebrowser: enable support for widevine-cdm --- .../applications/networking/browsers/qutebrowser/default.nix | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/pkgs/applications/networking/browsers/qutebrowser/default.nix b/pkgs/applications/networking/browsers/qutebrowser/default.nix index 27dd55fc787f..4f10e76d0e4f 100644 --- a/pkgs/applications/networking/browsers/qutebrowser/default.nix +++ b/pkgs/applications/networking/browsers/qutebrowser/default.nix @@ -12,6 +12,8 @@ , qtbase ? null , qtwebengine ? null , wrapGAppsHook ? null +, enableWideVine ? false +, widevine-cdm }: let isQt6 = mkDerivationWith == null; @@ -149,6 +151,7 @@ buildPythonApplication { --add-flags '--backend ${backend}' --set QUTE_QTWEBENGINE_VERSION_OVERRIDE "${lib.getVersion qtwebengine}" ${lib.optionalString (pipewireSupport && backend == "webengine") ''--prefix LD_LIBRARY_PATH : ${libPath}''} + ${lib.optionalString enableWideVine ''--add-flags "--qt-flag widevine-path=${widevine-cdm}/libwidevinecdm.so"''} ) ''; @@ -157,6 +160,6 @@ buildPythonApplication { description = "Keyboard-focused browser with a minimal GUI"; license = licenses.gpl3Plus; maintainers = with maintainers; [ jagajaga rnhmjoj ebzzry dotlambda ]; - inherit (backendPackage.meta) platforms; + platforms = if enableWideVine then [ "x86_64-linux" ] else backendPackage.meta.platforms; }; } From b0171888fbf267342b59f79e03659ae315311f76 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Janne=20He=C3=9F?= Date: Thu, 13 Oct 2022 20:26:46 +0200 Subject: [PATCH 20/27] perlPackages.perlldap: 0.66 -> 0.68 --- pkgs/top-level/perl-packages.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/top-level/perl-packages.nix b/pkgs/top-level/perl-packages.nix index 538488115928..6a1821896662 100644 --- a/pkgs/top-level/perl-packages.nix +++ b/pkgs/top-level/perl-packages.nix @@ -19411,10 +19411,10 @@ let perlldap = buildPerlPackage { pname = "perl-ldap"; - version = "0.66"; + version = "0.68"; src = fetchurl { - url = "mirror://cpan/authors/id/M/MA/MARSCHAP/perl-ldap-0.66.tar.gz"; - hash = "sha256-CSY85hZugMmNaJ1B0JmVuBM4n9Bpt4RgH23Ff44rQQI="; + url = "mirror://cpan/authors/id/M/MA/MARSCHAP/perl-ldap-0.68.tar.gz"; + hash = "sha256-4vOJ/j56nkthSIaSkZrXI7mPO0ebUoj2ENqownmVs1E="; }; # ldapi socket location should match the one compiled into the openldap package postPatch = '' From 5353c753884c20cc007f62eb477e567621fd32ba Mon Sep 17 00:00:00 2001 From: Weijia Wang <9713184+wegank@users.noreply.github.com> Date: Wed, 12 Oct 2022 04:45:41 +0200 Subject: [PATCH 21/27] qemu: add vmnet support --- pkgs/applications/virtualization/qemu/default.nix | 4 ++-- pkgs/top-level/all-packages.nix | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/applications/virtualization/qemu/default.nix b/pkgs/applications/virtualization/qemu/default.nix index 5873c24f15a2..410c3bf2d9e2 100644 --- a/pkgs/applications/virtualization/qemu/default.nix +++ b/pkgs/applications/virtualization/qemu/default.nix @@ -3,7 +3,7 @@ , bison, lzo, snappy, libaio, libtasn1, gnutls, nettle, curl, ninja, meson, sigtool , makeWrapper, runtimeShell, removeReferencesTo , attr, libcap, libcap_ng, socat -, CoreServices, Cocoa, Hypervisor, rez, setfile +, CoreServices, Cocoa, Hypervisor, rez, setfile, vmnet , guestAgentSupport ? with stdenv.hostPlatform; isLinux || isSunOS || isWindows , numaSupport ? stdenv.isLinux && !stdenv.isAarch32, numactl , seccompSupport ? stdenv.isLinux, libseccomp @@ -60,7 +60,7 @@ stdenv.mkDerivation rec { gnutls nettle curl ] ++ lib.optionals ncursesSupport [ ncurses ] - ++ lib.optionals stdenv.isDarwin [ CoreServices Cocoa Hypervisor rez setfile ] + ++ lib.optionals stdenv.isDarwin [ CoreServices Cocoa Hypervisor rez setfile vmnet ] ++ lib.optionals seccompSupport [ libseccomp ] ++ lib.optionals numaSupport [ numactl ] ++ lib.optionals alsaSupport [ alsa-lib ] diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 55321d2458e8..fd300e1e66cb 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -31057,7 +31057,7 @@ with pkgs; qdirstat = libsForQt5.callPackage ../applications/misc/qdirstat {}; qemu = callPackage ../applications/virtualization/qemu { - inherit (darwin.apple_sdk.frameworks) CoreServices Cocoa Hypervisor; + inherit (darwin.apple_sdk.frameworks) CoreServices Cocoa Hypervisor vmnet; inherit (darwin.stubs) rez setfile; inherit (darwin) sigtool; }; From f4c6286284caed47d8d18bdf3102674a14120070 Mon Sep 17 00:00:00 2001 From: Robert Hensing Date: Thu, 13 Oct 2022 21:14:04 +0200 Subject: [PATCH 22/27] doc/stdenv: Improve language a bit --- doc/stdenv/stdenv.chapter.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/doc/stdenv/stdenv.chapter.md b/doc/stdenv/stdenv.chapter.md index 12213d7ca5de..c19d25683295 100644 --- a/doc/stdenv/stdenv.chapter.md +++ b/doc/stdenv/stdenv.chapter.md @@ -1122,7 +1122,7 @@ these in the [Hooks Reference](#chap-hooks). ### Bintools Wrapper {#bintools-wrapper} -The Bintools Wrapper wraps the binary utilities for a bunch of miscellaneous purposes. These are GNU Binutils when targetting Linux, and a mix of cctools and GNU binutils for Darwin. \[The “Bintools” name is supposed to be a compromise between “Binutils” and “cctools” not denoting any specific implementation.\] Specifically, the underlying bintools package, and a C standard library (glibc or Darwin’s libSystem, just for the dynamic loader) are all fed in, and dependency finding, hardening (see below), and purity checks for each are handled by the Bintools Wrapper. Packages typically depend on CC Wrapper, which in turn (at run time) depends on the Bintools Wrapper. +The Bintools Wrapper wraps the binary utilities for a bunch of miscellaneous purposes. These are GNU Binutils when targeting Linux, and a mix of cctools and GNU binutils for Darwin. \[The “Bintools” name is supposed to be a compromise between “Binutils” and “cctools” not denoting any specific implementation.\] Specifically, the underlying bintools package, and a C standard library (glibc or Darwin’s libSystem, just for the dynamic loader) are all fed in, and dependency finding, hardening (see below), and purity checks for each are handled by the Bintools Wrapper. Packages typically depend on CC Wrapper, which in turn (at run time) depends on the Bintools Wrapper. The Bintools Wrapper was only just recently split off from CC Wrapper, so the division of labor is still being worked out. For example, it shouldn’t care about the C standard library, but just take a derivation with the dynamic loader (which happens to be the glibc on linux). Dependency finding however is a task both wrappers will continue to need to share, and probably the most important to understand. It is currently accomplished by collecting directories of host-platform dependencies (i.e. `buildInputs` and `nativeBuildInputs`) in environment variables. The Bintools Wrapper’s setup hook causes any `lib` and `lib64` subdirectories to be added to `NIX_LDFLAGS`. Since the CC Wrapper and the Bintools Wrapper use the same strategy, most of the Bintools Wrapper code is sparsely commented and refers to the CC Wrapper. But the CC Wrapper’s code, by contrast, has quite lengthy comments. The Bintools Wrapper merely cites those, rather than repeating them, to avoid falling out of sync. @@ -1134,7 +1134,7 @@ A problem with this final task is that the Bintools Wrapper is honest and define The CC Wrapper wraps a C toolchain for a bunch of miscellaneous purposes. Specifically, a C compiler (GCC or Clang), wrapped binary tools, and a C standard library (glibc or Darwin’s libSystem, just for the dynamic loader) are all fed in, and dependency finding, hardening (see below), and purity checks for each are handled by the CC Wrapper. Packages typically depend on the CC Wrapper, which in turn (at run-time) depends on the Bintools Wrapper. -Dependency finding is undoubtedly the main task of the CC Wrapper. This works just like the Bintools Wrapper, except that any `include` subdirectory of any relevant dependency is added to `NIX_CFLAGS_COMPILE`. The setup hook itself contains some lengthy comments describing the exact convoluted mechanism by which this is accomplished. +Dependency finding is undoubtedly the main task of the CC Wrapper. This works just like the Bintools Wrapper, except that any `include` subdirectory of any relevant dependency is added to `NIX_CFLAGS_COMPILE`. The setup hook itself contains elaborate comments describing the exact mechanism by which this is accomplished. Similarly, the CC Wrapper follows the Bintools Wrapper in defining standard environment variables with the names of the tools it wraps, for the same reasons described above. Importantly, while it includes a `cc` symlink to the c compiler for portability, the `CC` will be defined using the compiler’s “real name” (i.e. `gcc` or `clang`). This helps lousy build systems that inspect on the name of the compiler rather than run it. From 53088569de3a7b06b06f6ef2bd40cf0daa8272d2 Mon Sep 17 00:00:00 2001 From: Robert Hensing Date: Thu, 13 Oct 2022 21:14:21 +0200 Subject: [PATCH 23/27] doc/stdenv: Clarify that the wrappers come with hooks --- doc/stdenv/stdenv.chapter.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/doc/stdenv/stdenv.chapter.md b/doc/stdenv/stdenv.chapter.md index c19d25683295..8059fca5e5a7 100644 --- a/doc/stdenv/stdenv.chapter.md +++ b/doc/stdenv/stdenv.chapter.md @@ -1120,7 +1120,7 @@ This sets `SOURCE_DATE_EPOCH` to the modification time of the most recent file. Many other packages provide hooks, that are not part of `stdenv`. You can find these in the [Hooks Reference](#chap-hooks). -### Bintools Wrapper {#bintools-wrapper} +### Bintools Wrapper and hook {#bintools-wrapper} The Bintools Wrapper wraps the binary utilities for a bunch of miscellaneous purposes. These are GNU Binutils when targeting Linux, and a mix of cctools and GNU binutils for Darwin. \[The “Bintools” name is supposed to be a compromise between “Binutils” and “cctools” not denoting any specific implementation.\] Specifically, the underlying bintools package, and a C standard library (glibc or Darwin’s libSystem, just for the dynamic loader) are all fed in, and dependency finding, hardening (see below), and purity checks for each are handled by the Bintools Wrapper. Packages typically depend on CC Wrapper, which in turn (at run time) depends on the Bintools Wrapper. @@ -1130,7 +1130,7 @@ A final task of the setup hook is defining a number of standard environment vari A problem with this final task is that the Bintools Wrapper is honest and defines `LD` as `ld`. Most packages, however, firstly use the C compiler for linking, secondly use `LD` anyways, defining it as the C compiler, and thirdly, only so define `LD` when it is undefined as a fallback. This triple-threat means Bintools Wrapper will break those packages, as LD is already defined as the actual linker which the package won’t override yet doesn’t want to use. The workaround is to define, just for the problematic package, `LD` as the C compiler. A good way to do this would be `preConfigure = "LD=$CC"`. -### CC Wrapper {#cc-wrapper} +### CC Wrapper and hook {#cc-wrapper} The CC Wrapper wraps a C toolchain for a bunch of miscellaneous purposes. Specifically, a C compiler (GCC or Clang), wrapped binary tools, and a C standard library (glibc or Darwin’s libSystem, just for the dynamic loader) are all fed in, and dependency finding, hardening (see below), and purity checks for each are handled by the CC Wrapper. Packages typically depend on the CC Wrapper, which in turn (at run-time) depends on the Bintools Wrapper. From c1311d12237247e01b092e020563f34cfac8aa86 Mon Sep 17 00:00:00 2001 From: Robert Hensing Date: Thu, 13 Oct 2022 21:14:53 +0200 Subject: [PATCH 24/27] doc/stdenv: Move Other hooks after all hooks --- doc/stdenv/stdenv.chapter.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/doc/stdenv/stdenv.chapter.md b/doc/stdenv/stdenv.chapter.md index 8059fca5e5a7..166587d3284c 100644 --- a/doc/stdenv/stdenv.chapter.md +++ b/doc/stdenv/stdenv.chapter.md @@ -1115,11 +1115,6 @@ This hook only runs when compiling for Linux. This sets `SOURCE_DATE_EPOCH` to the modification time of the most recent file. -### Other hooks - -Many other packages provide hooks, that are not part of `stdenv`. You can find -these in the [Hooks Reference](#chap-hooks). - ### Bintools Wrapper and hook {#bintools-wrapper} The Bintools Wrapper wraps the binary utilities for a bunch of miscellaneous purposes. These are GNU Binutils when targeting Linux, and a mix of cctools and GNU binutils for Darwin. \[The “Bintools” name is supposed to be a compromise between “Binutils” and “cctools” not denoting any specific implementation.\] Specifically, the underlying bintools package, and a C standard library (glibc or Darwin’s libSystem, just for the dynamic loader) are all fed in, and dependency finding, hardening (see below), and purity checks for each are handled by the Bintools Wrapper. Packages typically depend on CC Wrapper, which in turn (at run time) depends on the Bintools Wrapper. @@ -1140,6 +1135,11 @@ Similarly, the CC Wrapper follows the Bintools Wrapper in defining standard envi Here are some more packages that provide a setup hook. Since the list of hooks is extensible, this is not an exhaustive list. The mechanism is only to be used as a last resort, so it might cover most uses. +### Other hooks + +Many other packages provide hooks, that are not part of `stdenv`. You can find +these in the [Hooks Reference](#chap-hooks). + ## Purity in Nixpkgs {#sec-purity-in-nixpkgs} *Measures taken to prevent dependencies on packages outside the store, and what you can do to prevent them.* From 272da6f68adb194362e2715ccd055f6b89a05b92 Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Thu, 13 Oct 2022 19:51:44 +0000 Subject: [PATCH 25/27] oh-my-posh: 12.1.0 -> 12.2.0 --- pkgs/development/tools/oh-my-posh/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/tools/oh-my-posh/default.nix b/pkgs/development/tools/oh-my-posh/default.nix index 832cfb102231..72d501935be0 100644 --- a/pkgs/development/tools/oh-my-posh/default.nix +++ b/pkgs/development/tools/oh-my-posh/default.nix @@ -2,13 +2,13 @@ buildGoModule rec { pname = "oh-my-posh"; - version = "12.1.0"; + version = "12.2.0"; src = fetchFromGitHub { owner = "jandedobbeleer"; repo = pname; rev = "v${version}"; - sha256 = "sha256-kVhdOx4+S0GLYcOIYMN9yzvDDL+/8oke69wqYJ/s5+Q="; + sha256 = "sha256-zWoM9STdyJbgNqX5FQ70T+0dbENW7aOjHV+BShAHi8I="; }; vendorSha256 = "sha256-zL5tkBkZa2Twc2FNNNUIycd/QvkpR1XEntpJ0j4z/xo="; From 5b8ac1bbdc94f2b3909e27f4bd1e20465e436f25 Mon Sep 17 00:00:00 2001 From: Vincent Laporte Date: Fri, 7 Oct 2022 09:37:29 +0200 Subject: [PATCH 26/27] coqPackages.relation-algebra: init at 1.7.8 for Coq 8.16 --- pkgs/development/coq-modules/relation-algebra/default.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/pkgs/development/coq-modules/relation-algebra/default.nix b/pkgs/development/coq-modules/relation-algebra/default.nix index 204be2931a50..d2124d56f3f5 100644 --- a/pkgs/development/coq-modules/relation-algebra/default.nix +++ b/pkgs/development/coq-modules/relation-algebra/default.nix @@ -10,6 +10,7 @@ mkCoqDerivation { then "v.${v}" else "v${v}"; + release."1.7.8".sha256 = "sha256-RITFd3G5TjY+rFzW073Ao1AGU+u6OGQyQeGHVodAXnA="; release."1.7.7".sha256 = "sha256:1dff3id6nypl2alhk9rcifj3dab0j78dym05blc525lawsmc26l2"; release."1.7.6".sha256 = "sha256:02gsj06zcy9zgd0h1ibqspwfiwm36pkkgg9cz37k4bxzcapxcr6w"; release."1.7.5".sha256 = "sha256-XdO8agoJmNXPv8Ho+KTlLCB4oRlQsb0w06aM9M16ZBU="; @@ -20,6 +21,7 @@ mkCoqDerivation { inherit version; defaultVersion = with versions; switch coq.coq-version [ + { case = isEq "8.16"; out = "1.7.8"; } { case = isEq "8.15"; out = "1.7.7"; } { case = isEq "8.14"; out = "1.7.6"; } { case = isEq "8.13"; out = "1.7.5"; } From e31262c3eef88eee80d950f0fd604f4ecaa634bb Mon Sep 17 00:00:00 2001 From: Rick van Schijndel Date: Thu, 13 Oct 2022 21:41:13 +0200 Subject: [PATCH 27/27] at-spi2-core: make introspection unconditional We don't need to make it conditional anymore, this added line broke the gtk3 build. With this the (cross) gtk3 build is working again. --- pkgs/development/libraries/at-spi2-core/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/development/libraries/at-spi2-core/default.nix b/pkgs/development/libraries/at-spi2-core/default.nix index 766877645869..3a2f446cf84f 100644 --- a/pkgs/development/libraries/at-spi2-core/default.nix +++ b/pkgs/development/libraries/at-spi2-core/default.nix @@ -58,7 +58,7 @@ stdenv.mkDerivation rec { doCheck = false; mesonFlags = [ - "-Dintrospection=${if stdenv.buildPlatform == stdenv.hostPlatform then "yes" else "no"}" + "-Dintrospection=yes" # Provide dbus-daemon fallback when it is not already running when # at-spi2-bus-launcher is executed. This allows us to avoid # including the entire dbus closure in libraries linked with