diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index 47adfa334eed..13924f7e507e 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -283,6 +283,7 @@ ./services/misc/etcd.nix ./services/misc/felix.nix ./services/misc/folding-at-home.nix + ./services/misc/fstrim.nix ./services/misc/gammu-smsd.nix ./services/misc/geoip-updater.nix #./services/misc/gitit.nix diff --git a/nixos/modules/services/misc/fstrim.nix b/nixos/modules/services/misc/fstrim.nix new file mode 100644 index 000000000000..e89366cbafed --- /dev/null +++ b/nixos/modules/services/misc/fstrim.nix @@ -0,0 +1,45 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + + cfg = config.services.fstrim; + +in { + + options = { + + services.fstrim = { + enable = mkEnableOption "periodic SSD TRIM of mounted partitions in background"; + + interval = mkOption { + type = types.string; + default = "weekly"; + description = '' + How often we run fstrim. For most desktop and server systems + a sufficient trimming frequency is once a week. + + The format is described in + systemd.time + 7. + ''; + }; + }; + + }; + + config = mkIf cfg.enable { + + systemd.packages = [ pkgs.utillinux ]; + + systemd.timers.fstrim = { + timerConfig = { + OnCalendar = cfg.interval; + }; + wantedBy = [ "timers.target" ]; + }; + + }; + +} diff --git a/pkgs/development/compilers/llvm/4/clang/default.nix b/pkgs/development/compilers/llvm/4/clang/default.nix index bc286eaf05e9..64dbaa21dd42 100644 --- a/pkgs/development/compilers/llvm/4/clang/default.nix +++ b/pkgs/development/compilers/llvm/4/clang/default.nix @@ -1,5 +1,6 @@ { stdenv, fetch, cmake, libxml2, libedit, llvm, version, release_version, clang-tools-extra_src, python , fixDarwinDylibNames +, enableManpages ? true }: let @@ -15,25 +16,28 @@ let mv clang-tools-extra-* $sourceRoot/tools/extra ''; - nativeBuildInputs = [ cmake python python.pkgs.sphinx ]; + nativeBuildInputs = [ cmake python ] + ++ stdenv.lib.optional enableManpages python.pkgs.sphinx; + buildInputs = [ libedit libxml2 llvm ] ++ stdenv.lib.optional stdenv.isDarwin fixDarwinDylibNames; cmakeFlags = [ "-DCMAKE_CXX_FLAGS=-std=c++11" + ] ++ stdenv.lib.optionals enableManpages [ "-DCLANG_INCLUDE_DOCS=ON" "-DLLVM_ENABLE_SPHINX=ON" "-DSPHINX_OUTPUT_MAN=ON" "-DSPHINX_OUTPUT_HTML=OFF" "-DSPHINX_WARNINGS_AS_ERRORS=OFF" - ] ++ + ] # Maybe with compiler-rt this won't be needed? - (stdenv.lib.optional stdenv.isLinux "-DGCC_INSTALL_PREFIX=${gcc}") ++ - (stdenv.lib.optional (stdenv.cc.libc != null) "-DC_INCLUDE_DIRS=${stdenv.cc.libc}/include"); + ++ stdenv.lib.optional stdenv.isLinux "-DGCC_INSTALL_PREFIX=${gcc}" + ++ stdenv.lib.optional (stdenv.cc.libc != null) "-DC_INCLUDE_DIRS=${stdenv.cc.libc}/include"; patches = [ ./purity.patch ]; - postBuild = '' + postBuild = stdenv.lib.optionalString enableManpages '' cmake --build . --target docs-clang-man ''; @@ -45,7 +49,8 @@ let sed -i '1s,^,find_package(Sphinx REQUIRED)\n,' docs/CMakeLists.txt ''; - outputs = [ "out" "man" "python" ]; + outputs = [ "out" "python" ] + ++ stdenv.lib.optional enableManpages "man"; # Clang expects to find LLVMgold in its own prefix # Clang expects to find sanitizer libraries in its own prefix @@ -62,7 +67,8 @@ let mv $out/share/clang/*.py $python/share/clang rm $out/bin/c-index-test - + '' + + stdenv.lib.optionalString enableManpages '' # Manually install clang manpage cp docs/man/*.1 $out/share/man/man1/ diff --git a/pkgs/development/compilers/llvm/4/llvm.nix b/pkgs/development/compilers/llvm/4/llvm.nix index 1a78d672bfef..98c24495355c 100644 --- a/pkgs/development/compilers/llvm/4/llvm.nix +++ b/pkgs/development/compilers/llvm/4/llvm.nix @@ -16,6 +16,7 @@ , compiler-rt_src , libcxxabi , debugVersion ? false +, enableManpages ? true , enableSharedLibraries ? true , darwin }: @@ -38,9 +39,13 @@ in stdenv.mkDerivation rec { mv compiler-rt-* $sourceRoot/projects/compiler-rt ''; - outputs = [ "out" "man" ] ++ stdenv.lib.optional enableSharedLibraries "lib"; + outputs = [ "out" ] + ++ stdenv.lib.optional enableSharedLibraries "lib" + ++ stdenv.lib.optional enableManpages "man"; + + nativeBuildInputs = [ perl groff cmake python ] + ++ stdenv.lib.optional enableManpages python.pkgs.sphinx; - nativeBuildInputs = [ perl groff cmake python python.pkgs.sphinx ]; buildInputs = [ libxml2 libffi ] ++ stdenv.lib.optionals stdenv.isDarwin [ libcxxabi ]; @@ -81,16 +86,19 @@ in stdenv.mkDerivation rec { "-DLLVM_ENABLE_FFI=ON" "-DLLVM_ENABLE_RTTI=ON" "-DCOMPILER_RT_INCLUDE_TESTS=OFF" # FIXME: requires clang source code + ] + ++ stdenv.lib.optional enableSharedLibraries + "-DLLVM_LINK_LLVM_DYLIB=ON" + ++ stdenv.lib.optionals enableManpages [ "-DLLVM_BUILD_DOCS=ON" "-DLLVM_ENABLE_SPHINX=ON" "-DSPHINX_OUTPUT_MAN=ON" "-DSPHINX_OUTPUT_HTML=OFF" "-DSPHINX_WARNINGS_AS_ERRORS=OFF" - ] ++ stdenv.lib.optional enableSharedLibraries [ - "-DLLVM_LINK_LLVM_DYLIB=ON" - ] ++ stdenv.lib.optional (!isDarwin) + ] + ++ stdenv.lib.optional (!isDarwin) "-DLLVM_BINUTILS_INCDIR=${binutils.dev}/include" - ++ stdenv.lib.optionals (isDarwin) [ + ++ stdenv.lib.optionals (isDarwin) [ "-DLLVM_ENABLE_LIBCXX=ON" "-DCAN_TARGET_i386=false" ]; @@ -109,10 +117,10 @@ in stdenv.mkDerivation rec { export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:$PWD/lib ''; - postInstall = '' + postInstall = stdenv.lib.optionalString enableManpages '' moveToOutput "share/man" "$man" '' - + stdenv.lib.optionalString (enableSharedLibraries) '' + + stdenv.lib.optionalString enableSharedLibraries '' moveToOutput "lib/libLLVM-*" "$lib" moveToOutput "lib/libLLVM.${shlib}" "$lib" substituteInPlace "$out/lib/cmake/llvm/LLVMExports-release.cmake" \ diff --git a/pkgs/development/libraries/gnutls/3.5.nix b/pkgs/development/libraries/gnutls/3.5.nix index 8071cd4b46be..bca23f2e748b 100644 --- a/pkgs/development/libraries/gnutls/3.5.nix +++ b/pkgs/development/libraries/gnutls/3.5.nix @@ -1,11 +1,11 @@ { callPackage, fetchurl, libunistring, ... } @ args: callPackage ./generic.nix (args // rec { - version = "3.5.12"; + version = "3.5.13"; src = fetchurl { url = "ftp://ftp.gnutls.org/gcrypt/gnutls/v3.5/gnutls-${version}.tar.xz"; - sha256 = "1jspvrmydqgz30c1ji94b55gr2dynz7p96p4y8fkhad0xajkkjv3"; + sha256 = "15ihq6p0hnnhs8cnjrkj40dmlcaa1jjg8xg0g2ydbnlqs454ixbr"; }; # Skip two tests introduced in 3.5.11. Probable reasons of failure: diff --git a/pkgs/development/libraries/icu/default.nix b/pkgs/development/libraries/icu/default.nix index b64d8c84e22c..fdf1c6dffe93 100644 --- a/pkgs/development/libraries/icu/default.nix +++ b/pkgs/development/libraries/icu/default.nix @@ -33,18 +33,9 @@ stdenv.mkDerivation ({ echo Source root reset to ''${sourceRoot} ''; - # This pre/postPatch shenanigans is to handle that the patches expect - # to be outside of `source`. - prePatch = '' - pushd .. - ''; - postPatch = '' - popd - patch -p4 < ${keywordFix} - ''; + patchFlags = "-p4"; - patches = [ - ]; + patches = [ keywordFix ]; preConfigure = '' sed -i -e "s|/bin/sh|${stdenv.shell}|" configure diff --git a/pkgs/development/libraries/libgcrypt/default.nix b/pkgs/development/libraries/libgcrypt/default.nix index fc2c859a5f87..1903787149c7 100644 --- a/pkgs/development/libraries/libgcrypt/default.nix +++ b/pkgs/development/libraries/libgcrypt/default.nix @@ -4,11 +4,11 @@ assert enableCapabilities -> stdenv.isLinux; stdenv.mkDerivation rec { name = "libgcrypt-${version}"; - version = "1.7.6"; + version = "1.7.7"; src = fetchurl { url = "mirror://gnupg/libgcrypt/${name}.tar.bz2"; - sha256 = "1g05prhgqw4ryd0w433q8nhds0h93kf47hfjagi2r7dghkpaysk2"; + sha256 = "16ndaj93asw122mwjz172x2ilpm03w1yp5mqcrp3xslk0yx5xf5r"; }; outputs = [ "out" "dev" "info" ]; diff --git a/pkgs/development/libraries/libtiff/default.nix b/pkgs/development/libraries/libtiff/default.nix index a23e37040352..595ec9d01ccf 100644 --- a/pkgs/development/libraries/libtiff/default.nix +++ b/pkgs/development/libraries/libtiff/default.nix @@ -1,21 +1,20 @@ { stdenv, fetchurl, fetchpatch, pkgconfig, zlib, libjpeg, xz }: let - version = "4.0.7"; + version = "4.0.8"; in stdenv.mkDerivation rec { name = "libtiff-${version}"; src = fetchurl { url = "http://download.osgeo.org/libtiff/tiff-${version}.tar.gz"; - sha256 = "06ghqhr4db1ssq0acyyz49gr8k41gzw6pqb6mbn5r7jqp77s4hwz"; + sha256 = "0419mh6kkhz5fkyl77gv0in8x4d2jpdpfs147y8mj86rrjlabmsr"; }; prePatch =let - # https://lwn.net/Vulnerabilities/711777/ and more patched in *-6 -> *-7 debian = fetchurl { - url = http://http.debian.net/debian/pool/main/t/tiff/tiff_4.0.7-6.debian.tar.xz; - sha256 = "9c9048c28205bdbeb5ba36c7a194d0cd604bd137c70961607bfc8a079be5fa31"; + url = http://http.debian.net/debian/pool/main/t/tiff/tiff_4.0.8-2.debian.tar.xz; + sha256 = "1ssjh6vn9rvl2jwm34i3p89g8lj0c7fj3cziva9rj4vasfps58ng"; }; in '' tar xf '${debian}' diff --git a/pkgs/development/libraries/openssl/default.nix b/pkgs/development/libraries/openssl/default.nix index 03d9aca5e6e9..8582c0a1833e 100644 --- a/pkgs/development/libraries/openssl/default.nix +++ b/pkgs/development/libraries/openssl/default.nix @@ -109,8 +109,8 @@ let in { openssl_1_0_2 = common { - version = "1.0.2k"; - sha256 = "1h6qi35w6hv6rd73p4cdgdzg732pdrfgpp37cgwz1v9a3z37ffbb"; + version = "1.0.2l"; + sha256 = "037kvpisc6qh5dkppcwbm5bg2q800xh2hma3vghz8xcycmdij1yf"; }; openssl_1_1_0 = common { diff --git a/pkgs/development/python-modules/bootstrapped-pip/default.nix b/pkgs/development/python-modules/bootstrapped-pip/default.nix index 0f8b6652c267..3e07806986b1 100644 --- a/pkgs/development/python-modules/bootstrapped-pip/default.nix +++ b/pkgs/development/python-modules/bootstrapped-pip/default.nix @@ -1,4 +1,4 @@ -{ stdenv, python, fetchPypi, makeWrapper, unzip }: +{ stdenv, python, fetchPypi, fetchurl, makeWrapper, unzip }: let wheel_source = fetchPypi { @@ -13,6 +13,15 @@ let format = "wheel"; sha256 = "f2900e560efc479938a219433c48f15a4ff4ecfe575a65de385eeb44f2425587"; }; + + # TODO: Shouldn't be necessary anymore for pip > 9.0.1! + # https://github.com/NixOS/nixpkgs/issues/26392 + # https://github.com/pypa/setuptools/issues/885 + pkg_resources = fetchurl { + url = https://raw.githubusercontent.com/pypa/setuptools/v36.0.1/pkg_resources/__init__.py; + sha256 = "1wdnq3mammk75mifkdmmjx7yhnpydvnvi804na8ym4mj934l2jkv"; + }; + in stdenv.mkDerivation rec { pname = "pip"; version = "9.0.1"; @@ -29,6 +38,8 @@ in stdenv.mkDerivation rec { unzip -d $out/${python.sitePackages} $src unzip -d $out/${python.sitePackages} ${setuptools_source} unzip -d $out/${python.sitePackages} ${wheel_source} + # TODO: Shouldn't be necessary anymore for pip > 9.0.1! + cp ${pkg_resources} $out/${python.sitePackages}/pip/_vendor/pkg_resources/__init__.py ''; patchPhase = '' diff --git a/pkgs/development/tools/build-managers/cmake/default.nix b/pkgs/development/tools/build-managers/cmake/default.nix index 00d76fbff9fe..d0a346038352 100644 --- a/pkgs/development/tools/build-managers/cmake/default.nix +++ b/pkgs/development/tools/build-managers/cmake/default.nix @@ -3,7 +3,7 @@ # darwin attributes , ps , isBootstrap ? false -, useSharedLibraries ? !stdenv.isCygwin +, useSharedLibraries ? (!isBootstrap && !stdenv.isCygwin) , useNcurses ? false, ncurses , useQt4 ? false, qt4 }: diff --git a/pkgs/os-specific/linux/nfs-utils/default.nix b/pkgs/os-specific/linux/nfs-utils/default.nix index 81ce7babba15..0db6c4ec67ef 100644 --- a/pkgs/os-specific/linux/nfs-utils/default.nix +++ b/pkgs/os-specific/linux/nfs-utils/default.nix @@ -39,6 +39,9 @@ in stdenv.mkDerivation rec { sed -i "s,^PATH=.*,PATH=$out/bin:${statdPath}," utils/statd/start-statd configureFlags="--with-start-statd=$out/bin/start-statd $configureFlags" + + substituteInPlace utils/mount/Makefile.in \ + --replace "chmod 4511" "chmod 0511" ''; makeFlags = [ diff --git a/pkgs/os-specific/linux/shadow/default.nix b/pkgs/os-specific/linux/shadow/default.nix index 54129c79b830..6d83c98a422e 100644 --- a/pkgs/os-specific/linux/shadow/default.nix +++ b/pkgs/os-specific/linux/shadow/default.nix @@ -41,6 +41,11 @@ stdenv.mkDerivation rec { }) ]; + # The nix daemon often forbids even creating set[ug]id files. + postPatch = + ''sed 's/^\(s[ug]idperms\) = [0-9]755/\1 = 0755/' -i src/Makefile.am + ''; + outputs = [ "out" "su" "man" ]; enableParallelBuilding = true; diff --git a/pkgs/os-specific/linux/util-linux/default.nix b/pkgs/os-specific/linux/util-linux/default.nix index 9126a1cdec3d..01bd8beea3d9 100644 --- a/pkgs/os-specific/linux/util-linux/default.nix +++ b/pkgs/os-specific/linux/util-linux/default.nix @@ -29,31 +29,30 @@ stdenv.mkDerivation rec { preConfigure = "export scanf_cv_type_modifier=ms"; }; + preConfigure = lib.optionalString (systemd != null) '' + configureFlags+=" --with-systemd --with-systemdsystemunitdir=$bin/lib/systemd/system/" + ''; + # !!! It would be better to obtain the path to the mount helpers # (/sbin/mount.*) through an environment variable, but that's # somewhat risky because we have to consider that mount can setuid # root... - configureFlags = '' - --enable-write - --enable-last - --enable-mesg - --disable-use-tty-group - --enable-fs-paths-default=/run/wrappers/bin:/var/run/current-system/sw/bin:/sbin - ${if ncurses == null then "--without-ncurses" else ""} - ${if systemd == null then "" else '' - --with-systemd - --with-systemdsystemunitdir=$out/lib/systemd/system/ - ''} - ''; + configureFlags = [ + "--enable-write" + "--enable-last" + "--enable-mesg" + "--disable-use-tty-group" + "--enable-fs-paths-default=/run/wrappers/bin:/var/run/current-system/sw/bin:/sbin" + "--disable-makeinstall-setuid" "--disable-makeinstall-chown" + ] + ++ lib.optional (ncurses == null) "--without-ncurses"; makeFlags = "usrbin_execdir=$(bin)/bin usrsbin_execdir=$(bin)/sbin"; nativeBuildInputs = [ pkgconfig ]; buildInputs = [ zlib pam ] - ++ lib.optional (ncurses != null) ncurses - ++ lib.optional (systemd != null) systemd - ++ lib.optional (perl != null) perl; + ++ lib.filter (p: p != null) [ ncurses systemd perl ]; postInstall = '' rm "$bin/bin/su" # su should be supplied by the su package (shadow) diff --git a/pkgs/stdenv/darwin/default.nix b/pkgs/stdenv/darwin/default.nix index b9592014b46b..fba5afd4f6ec 100644 --- a/pkgs/stdenv/darwin/default.nix +++ b/pkgs/stdenv/darwin/default.nix @@ -233,11 +233,11 @@ in rec { libcxxabi libcxx ncurses libffi zlib gmp pcre gnugrep coreutils findutils diffutils patchutils; - llvmPackages = let llvmOverride = llvmPackages.llvm.override { inherit libcxxabi; }; - in super.llvmPackages // { - llvm = llvmOverride; - clang-unwrapped = llvmPackages.clang-unwrapped.override { llvm = llvmOverride; }; - }; + llvmPackages = let llvmOverride = llvmPackages.llvm.override { enableManpages = false; inherit libcxxabi; }; in + super.llvmPackages // { + llvm = llvmOverride; + clang-unwrapped = llvmPackages.clang-unwrapped.override { enableManpages = false; llvm = llvmOverride; }; + }; darwin = super.darwin // { inherit (darwin) dyld Libsystem libiconv locale; @@ -313,7 +313,7 @@ in rec { xz.out xz.bin libcxx libcxxabi gmp.out gnumake findutils bzip2.out bzip2.bin llvmPackages.llvm llvmPackages.llvm.lib zlib.out zlib.dev libffi.out coreutils ed diffutils gnutar gzip ncurses.out ncurses.dev ncurses.man gnused bash gawk - gnugrep llvmPackages.clang-unwrapped llvmPackages.clang-unwrapped.man patch pcre.out binutils-raw.out + gnugrep llvmPackages.clang-unwrapped patch pcre.out binutils-raw.out binutils-raw.dev binutils gettext ]) ++ (with pkgs.darwin; [ dyld Libsystem CF cctools ICU libiconv locale diff --git a/pkgs/tools/networking/openssh/default.nix b/pkgs/tools/networking/openssh/default.nix index 0bcb0baaab8b..aaef2723da0c 100644 --- a/pkgs/tools/networking/openssh/default.nix +++ b/pkgs/tools/networking/openssh/default.nix @@ -49,6 +49,13 @@ stdenv.mkDerivation rec { ] ++ optional withGssapiPatches gssapiSrc; + postPatch = + # On Hydra this makes installation fail (sometimes?), + # and nix store doesn't allow such fancy permission bits anyway. + '' + substituteInPlace Makefile.in --replace '$(INSTALL) -m 4711' '$(INSTALL) -m 0711' + ''; + buildInputs = [ zlib openssl libedit pkgconfig pam ] ++ optional withKerberos kerberos ++ optional hpnSupport autoreconfHook; diff --git a/pkgs/tools/system/vboot_reference/default.nix b/pkgs/tools/system/vboot_reference/default.nix index 3d4f99fc1f0b..a9a034ebde91 100644 --- a/pkgs/tools/system/vboot_reference/default.nix +++ b/pkgs/tools/system/vboot_reference/default.nix @@ -12,11 +12,10 @@ stdenv.mkDerivation rec { sha256 = "14d3a93ha5k4al4ib43nyn1ppx7kgb12xw6mkflhx8nxmx8827nc"; }; - buildInputs = [ pkgconfig openssl stdenv.cc.libc.static ] ++ - (if libuuid == null - then [] - else [ (stdenv.lib.overrideDerivation libuuid - (args: { configureFlags = args.configureFlags + " --enable-static"; })) ]); + buildInputs = [ pkgconfig openssl stdenv.cc.libc.static ] + ++ stdenv.lib.optional (libuuid != null) + (libuuid.overrideAttrs (attrs: + { configureFlags = attrs.configureFlags ++ [ "--enable-static" ]; })); arch = if stdenv.system == "x86_64-linux" then "x86_64" else if stdenv.system == "i686-linux" then "x86" diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 8844fdd3f8b3..959f7f6ea038 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -5649,7 +5649,7 @@ with pkgs; llvmPackages_4 = callPackage ../development/compilers/llvm/4 ({ inherit (stdenvAdapters) overrideCC; } // stdenv.lib.optionalAttrs stdenv.isDarwin { - cmake = cmake.override { isBootstrap = true; useSharedLibraries = false; }; + cmake = cmake.override { isBootstrap = true; }; libxml2 = libxml2.override { pythonSupport = false; }; python2 = callPackage ../development/interpreters/python/cpython/2.7/boot.nix { inherit (darwin) CF configd; }; }); diff --git a/pkgs/top-level/python-packages.nix b/pkgs/top-level/python-packages.nix index 575e70e93972..87c469c937fc 100644 --- a/pkgs/top-level/python-packages.nix +++ b/pkgs/top-level/python-packages.nix @@ -12468,11 +12468,11 @@ in { }; ipaddress = if (pythonAtLeast "3.3") then null else buildPythonPackage rec { - name = "ipaddress-1.0.16"; + name = "ipaddress-1.0.18"; src = pkgs.fetchurl { url = "mirror://pypi/i/ipaddress/${name}.tar.gz"; - sha256 = "1c3imabdrw8nfksgjjflzg7h4ynjckqacb188rf541m74arq4cas"; + sha256 = "1q8klj9d84cmxgz66073x1j35cplr3r77vx1znhxiwl5w74391ax"; }; checkPhase = ''