Merge master into staging-next

This commit is contained in:
github-actions[bot] 2020-12-17 18:17:15 +00:00 committed by GitHub
commit 8c3e8bd4b9
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
59 changed files with 514 additions and 1531 deletions

View file

@ -0,0 +1,70 @@
# Fetchers {#chap-pkgs-fetchers}
When using Nix, you will frequently need to download source code and other files from the internet. Nixpkgs comes with a few helper functions that allow you to fetch fixed-output derivations in a structured way.
The two fetcher primitives are `fetchurl` and `fetchzip`. Both of these have two required arguments, a URL and a hash. The hash is typically `sha256`, although many more hash algorithms are supported. Nixpkgs contributors are currently recommended to use `sha256`. This hash will be used by Nix to identify your source. A typical usage of fetchurl is provided below.
```nix
{ stdenv, fetchurl }:
stdenv.mkDerivation {
name = "hello";
src = fetchurl {
url = "http://www.example.org/hello.tar.gz";
sha256 = "1111111111111111111111111111111111111111111111111111";
};
}
```
The main difference between `fetchurl` and `fetchzip` is in how they store the contents. `fetchurl` will store the unaltered contents of the URL within the Nix store. `fetchzip` on the other hand will decompress the archive for you, making files and directories directly accessible in the future. `fetchzip` can only be used with archives. Despite the name, `fetchzip` is not limited to .zip files and can also be used with any tarball.
`fetchpatch` works very similarly to `fetchurl` with the same arguments expected. It expects patch files as a source and and performs normalization on them before computing the checksum. For example it will remove comments or other unstable parts that are sometimes added by version control systems and can change over time.
Other fetcher functions allow you to add source code directly from a VCS such as subversion or git. These are mostly straightforward nambes based on the name of the command used with the VCS system. Because they give you a working repository, they act most like `fetchzip`.
## `fetchsvn`
Used with Subversion. Expects `url` to a Subversion directory, `rev`, and `sha256`.
## `fetchgit`
Used with Git. Expects `url` to a Git repo, `rev`, and `sha256`. `rev` in this case can be full the git commit id (SHA1 hash) or a tag name like `refs/tags/v1.0`.
## `fetchfossil`
Used with Fossil. Expects `url` to a Fossil archive, `rev`, and `sha256`.
## `fetchcvs`
Used with CVS. Expects `cvsRoot`, `tag`, and `sha256`.
## `fetchhg`
Used with Mercurial. Expects `url`, `rev`, and `sha256`.
A number of fetcher functions wrap part of `fetchurl` and `fetchzip`. They are mainly convenience functions intended for commonly used destinations of source code in Nixpkgs. These wrapper fetchers are listed below.
## `fetchFromGitHub`
`fetchFromGitHub` expects four arguments. `owner` is a string corresponding to the GitHub user or organization that controls this repository. `repo` corresponds to the name of the software repository. These are located at the top of every GitHub HTML page as `owner`/`repo`. `rev` corresponds to the Git commit hash or tag (e.g `v1.0`) that will be downloaded from Git. Finally, `sha256` corresponds to the hash of the extracted directory. Again, other hash algorithms are also available but `sha256` is currently preferred.
## `fetchFromGitLab`
This is used with GitLab repositories. The arguments expected are very similar to fetchFromGitHub above.
## `fetchFromGitiles`
This is used with Gitiles repositories. The arguments expected are similar to fetchgit.
## `fetchFromBitbucket`
This is used with BitBucket repositories. The arguments expected are very similar to fetchFromGitHub above.
## `fetchFromSavannah`
This is used with Savannah repositories. The arguments expected are very similar to fetchFromGitHub above.
## `fetchFromRepoOrCz`
This is used with repo.or.cz repositories. The arguments expected are very similar to fetchFromGitHub above.

View file

@ -1,150 +0,0 @@
<chapter xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude"
xml:id="chap-pkgs-fetchers">
<title>Fetchers</title>
<para>
When using Nix, you will frequently need to download source code and other files from the internet. Nixpkgs comes with a few helper functions that allow you to fetch fixed-output derivations in a structured way.
</para>
<para>
The two fetcher primitives are <function>fetchurl</function> and <function>fetchzip</function>. Both of these have two required arguments, a URL and a hash. The hash is typically <literal>sha256</literal>, although many more hash algorithms are supported. Nixpkgs contributors are currently recommended to use <literal>sha256</literal>. This hash will be used by Nix to identify your source. A typical usage of fetchurl is provided below.
</para>
<programlisting><![CDATA[
{ stdenv, fetchurl }:
stdenv.mkDerivation {
name = "hello";
src = fetchurl {
url = "http://www.example.org/hello.tar.gz";
sha256 = "1111111111111111111111111111111111111111111111111111";
};
}
]]></programlisting>
<para>
The main difference between <function>fetchurl</function> and <function>fetchzip</function> is in how they store the contents. <function>fetchurl</function> will store the unaltered contents of the URL within the Nix store. <function>fetchzip</function> on the other hand will decompress the archive for you, making files and directories directly accessible in the future. <function>fetchzip</function> can only be used with archives. Despite the name, <function>fetchzip</function> is not limited to .zip files and can also be used with any tarball.
</para>
<para>
<function>fetchpatch</function> works very similarly to <function>fetchurl</function> with the same arguments expected. It expects patch files as a source and and performs normalization on them before computing the checksum. For example it will remove comments or other unstable parts that are sometimes added by version control systems and can change over time.
</para>
<para>
Other fetcher functions allow you to add source code directly from a VCS such as subversion or git. These are mostly straightforward names based on the name of the command used with the VCS system. Because they give you a working repository, they act most like <function>fetchzip</function>.
</para>
<variablelist>
<varlistentry>
<term>
<literal>fetchsvn</literal>
</term>
<listitem>
<para>
Used with Subversion. Expects <literal>url</literal> to a Subversion directory, <literal>rev</literal>, and <literal>sha256</literal>.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<literal>fetchgit</literal>
</term>
<listitem>
<para>
Used with Git. Expects <literal>url</literal> to a Git repo, <literal>rev</literal>, and <literal>sha256</literal>. <literal>rev</literal> in this case can be full the git commit id (SHA1 hash) or a tag name like <literal>refs/tags/v1.0</literal>.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<literal>fetchfossil</literal>
</term>
<listitem>
<para>
Used with Fossil. Expects <literal>url</literal> to a Fossil archive, <literal>rev</literal>, and <literal>sha256</literal>.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<literal>fetchcvs</literal>
</term>
<listitem>
<para>
Used with CVS. Expects <literal>cvsRoot</literal>, <literal>tag</literal>, and <literal>sha256</literal>.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<literal>fetchhg</literal>
</term>
<listitem>
<para>
Used with Mercurial. Expects <literal>url</literal>, <literal>rev</literal>, and <literal>sha256</literal>.
</para>
</listitem>
</varlistentry>
</variablelist>
<para>
A number of fetcher functions wrap part of <function>fetchurl</function> and <function>fetchzip</function>. They are mainly convenience functions intended for commonly used destinations of source code in Nixpkgs. These wrapper fetchers are listed below.
</para>
<variablelist>
<varlistentry>
<term>
<literal>fetchFromGitHub</literal>
</term>
<listitem>
<para>
<function>fetchFromGitHub</function> expects four arguments. <literal>owner</literal> is a string corresponding to the GitHub user or organization that controls this repository. <literal>repo</literal> corresponds to the name of the software repository. These are located at the top of every GitHub HTML page as <literal>owner</literal>/<literal>repo</literal>. <literal>rev</literal> corresponds to the Git commit hash or tag (e.g <literal>v1.0</literal>) that will be downloaded from Git. Finally, <literal>sha256</literal> corresponds to the hash of the extracted directory. Again, other hash algorithms are also available but <literal>sha256</literal> is currently preferred.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<literal>fetchFromGitLab</literal>
</term>
<listitem>
<para>
This is used with GitLab repositories. The arguments expected are very similar to fetchFromGitHub above.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<literal>fetchFromGitiles</literal>
</term>
<listitem>
<para>
This is used with Gitiles repositories. The arguments expected
are similar to fetchgit.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<literal>fetchFromBitbucket</literal>
</term>
<listitem>
<para>
This is used with BitBucket repositories. The arguments expected are very similar to fetchFromGitHub above.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<literal>fetchFromSavannah</literal>
</term>
<listitem>
<para>
This is used with Savannah repositories. The arguments expected are very similar to fetchFromGitHub above.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<literal>fetchFromRepoOrCz</literal>
</term>
<listitem>
<para>
This is used with repo.or.cz repositories. The arguments expected are very similar to fetchFromGitHub above.
</para>
</listitem>
</varlistentry>
</variablelist>
</chapter>

View file

@ -14,7 +14,7 @@
<xi:include href="ibus.xml" />
<xi:include href="kakoune.section.xml" />
<xi:include href="linux.section.xml" />
<xi:include href="locales.xml" />
<xi:include href="locales.section.xml" />
<xi:include href="nginx.section.xml" />
<xi:include href="opengl.section.xml" />
<xi:include href="shell-helpers.section.xml" />

View file

@ -0,0 +1,5 @@
# Locales {#locales}
To allow simultaneous use of packages linked against different versions of `glibc` with different locale archive formats Nixpkgs patches `glibc` to rely on `LOCALE_ARCHIVE` environment variable.
On non-NixOS distributions this variable is obviously not set. This can cause regressions in language support or even crashes in some Nixpkgs-provided programs. The simplest way to mitigate this problem is exporting the `LOCALE_ARCHIVE` variable pointing to `${glibcLocales}/lib/locale/locale-archive`. The drawback (and the reason this is not the default) is the relatively large (a hundred MiB) size of the full set of locales. It is possible to build a custom set of locales by overriding parameters `allLocales` and `locales` of the package.

View file

@ -1,13 +0,0 @@
<section xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xml:id="locales">
<title>Locales</title>
<para>
To allow simultaneous use of packages linked against different versions of <literal>glibc</literal> with different locale archive formats Nixpkgs patches <literal>glibc</literal> to rely on <literal>LOCALE_ARCHIVE</literal> environment variable.
</para>
<para>
On non-NixOS distributions this variable is obviously not set. This can cause regressions in language support or even crashes in some Nixpkgs-provided programs. The simplest way to mitigate this problem is exporting the <literal>LOCALE_ARCHIVE</literal> variable pointing to <literal>${glibcLocales}/lib/locale/locale-archive</literal>. The drawback (and the reason this is not the default) is the relatively large (a hundred MiB) size of the full set of locales. It is possible to build a custom set of locales by overriding parameters <literal>allLocales</literal> and <literal>locales</literal> of the package.
</para>
</section>

View file

@ -5,6 +5,6 @@
<para>
This chapter describes several special builders.
</para>
<xi:include href="special/fhs-environments.xml" />
<xi:include href="special/mkshell.xml" />
<xi:include href="special/fhs-environments.section.xml" />
<xi:include href="special/mkshell.section.xml" />
</chapter>

View file

@ -0,0 +1,45 @@
# buildFHSUserEnv {#sec-fhs-environments}
`buildFHSUserEnv` provides a way to build and run FHS-compatible lightweight sandboxes. It creates an isolated root with bound `/nix/store`, so its footprint in terms of disk space needed is quite small. This allows one to run software which is hard or unfeasible to patch for NixOS -- 3rd-party source trees with FHS assumptions, games distributed as tarballs, software with integrity checking and/or external self-updated binaries. It uses Linux namespaces feature to create temporary lightweight environments which are destroyed after all child processes exit, without root user rights requirement. Accepted arguments are:
- `name`
Environment name.
- `targetPkgs`
Packages to be installed for the main host's architecture (i.e. x86_64 on x86_64 installations). Along with libraries binaries are also installed.
- `multiPkgs`
Packages to be installed for all architectures supported by a host (i.e. i686 and x86_64 on x86_64 installations). Only libraries are installed by default.
- `extraBuildCommands`
Additional commands to be executed for finalizing the directory structure.
- `extraBuildCommandsMulti`
Like `extraBuildCommands`, but executed only on multilib architectures.
- `extraOutputsToInstall`
Additional derivation outputs to be linked for both target and multi-architecture packages.
- `extraInstallCommands`
Additional commands to be executed for finalizing the derivation with runner script.
- `runScript`
A command that would be executed inside the sandbox and passed all the command line arguments. It defaults to `bash`.
One can create a simple environment using a `shell.nix` like that:
```nix
{ pkgs ? import <nixpkgs> {} }:
(pkgs.buildFHSUserEnv {
name = "simple-x11-env";
targetPkgs = pkgs: (with pkgs;
[ udev
alsaLib
]) ++ (with pkgs.xorg;
[ libX11
libXcursor
libXrandr
]);
multiPkgs = pkgs: (with pkgs;
[ udev
alsaLib
]);
runScript = "bash";
}).env
```
Running `nix-shell` would then drop you into a shell with these libraries and binaries available. You can use this to run closed-source applications which expect FHS structure without hassles: simply change `runScript` to the application path, e.g. `./bin/start.sh` -- relative paths are supported.

View file

@ -1,122 +0,0 @@
<section xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude"
xml:id="sec-fhs-environments">
<title>buildFHSUserEnv</title>
<para>
<function>buildFHSUserEnv</function> provides a way to build and run FHS-compatible lightweight sandboxes. It creates an isolated root with bound <filename>/nix/store</filename>, so its footprint in terms of disk space needed is quite small. This allows one to run software which is hard or unfeasible to patch for NixOS -- 3rd-party source trees with FHS assumptions, games distributed as tarballs, software with integrity checking and/or external self-updated binaries. It uses Linux namespaces feature to create temporary lightweight environments which are destroyed after all child processes exit, without root user rights requirement. Accepted arguments are:
</para>
<variablelist>
<varlistentry>
<term>
<literal>name</literal>
</term>
<listitem>
<para>
Environment name.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<literal>targetPkgs</literal>
</term>
<listitem>
<para>
Packages to be installed for the main host's architecture (i.e. x86_64 on x86_64 installations). Along with libraries binaries are also installed.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<literal>multiPkgs</literal>
</term>
<listitem>
<para>
Packages to be installed for all architectures supported by a host (i.e. i686 and x86_64 on x86_64 installations). Only libraries are installed by default.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<literal>extraBuildCommands</literal>
</term>
<listitem>
<para>
Additional commands to be executed for finalizing the directory structure.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<literal>extraBuildCommandsMulti</literal>
</term>
<listitem>
<para>
Like <literal>extraBuildCommands</literal>, but executed only on multilib architectures.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<literal>extraOutputsToInstall</literal>
</term>
<listitem>
<para>
Additional derivation outputs to be linked for both target and multi-architecture packages.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<literal>extraInstallCommands</literal>
</term>
<listitem>
<para>
Additional commands to be executed for finalizing the derivation with runner script.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<literal>runScript</literal>
</term>
<listitem>
<para>
A command that would be executed inside the sandbox and passed all the command line arguments. It defaults to <literal>bash</literal>.
</para>
</listitem>
</varlistentry>
</variablelist>
<para>
One can create a simple environment using a <literal>shell.nix</literal> like that:
</para>
<programlisting><![CDATA[
{ pkgs ? import <nixpkgs> {} }:
(pkgs.buildFHSUserEnv {
name = "simple-x11-env";
targetPkgs = pkgs: (with pkgs;
[ udev
alsaLib
]) ++ (with pkgs.xorg;
[ libX11
libXcursor
libXrandr
]);
multiPkgs = pkgs: (with pkgs;
[ udev
alsaLib
]);
runScript = "bash";
}).env
]]></programlisting>
<para>
Running <literal>nix-shell</literal> would then drop you into a shell with these libraries and binaries available. You can use this to run closed-source applications which expect FHS structure without hassles: simply change <literal>runScript</literal> to the application path, e.g. <filename>./bin/start.sh</filename> -- relative paths are supported.
</para>
</section>

View file

@ -0,0 +1,15 @@
# pkgs.mkShell {#sec-pkgs-mkShell}
`pkgs.mkShell` is a special kind of derivation that is only useful when using it combined with `nix-shell`. It will in fact fail to instantiate when invoked with `nix-build`.
## Usage {#sec-pkgs-mkShell-usage}
```nix
{ pkgs ? import <nixpkgs> {} }:
pkgs.mkShell {
# this will make all the build inputs from hello and gnutar
# available to the shell environment
inputsFrom = with pkgs; [ hello gnutar ];
buildInputs = [ pkgs.gnumake ];
}
```

View file

@ -1,24 +0,0 @@
<section xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude"
xml:id="sec-pkgs-mkShell">
<title>pkgs.mkShell</title>
<para>
<function>pkgs.mkShell</function> is a special kind of derivation that is only useful when using it combined with <command>nix-shell</command>. It will in fact fail to instantiate when invoked with <command>nix-build</command>.
</para>
<section xml:id="sec-pkgs-mkShell-usage">
<title>Usage</title>
<programlisting><![CDATA[
{ pkgs ? import <nixpkgs> {} }:
pkgs.mkShell {
# this will make all the build inputs from hello and gnutar
# available to the shell environment
inputsFrom = with pkgs; [ hello gnutar ];
buildInputs = [ pkgs.gnumake ];
}
]]></programlisting>
</section>
</section>

View file

@ -0,0 +1,52 @@
# Trivial builders {#chap-trivial-builders}
Nixpkgs provides a couple of functions that help with building derivations. The most important one, `stdenv.mkDerivation`, has already been documented above. The following functions wrap `stdenv.mkDerivation`, making it easier to use in certain cases.
## `runCommand` {#trivial-builder-runCommand}
This takes three arguments, `name`, `env`, and `buildCommand`. `name` is just the name that Nix will append to the store path in the same way that `stdenv.mkDerivation` uses its `name` attribute. `env` is an attribute set specifying environment variables that will be set for this derivation. These attributes are then passed to the wrapped `stdenv.mkDerivation`. `buildCommand` specifies the commands that will be run to create this derivation. Note that you will need to create `$out` for Nix to register the command as successful.
An example of using `runCommand` is provided below.
```nix
(import <nixpkgs> {}).runCommand "my-example" {} ''
echo My example command is running
mkdir $out
echo I can write data to the Nix store > $out/message
echo I can also run basic commands like:
echo ls
ls
echo whoami
whoami
echo date
date
''
```
## `runCommandCC` {#trivial-builder-runCommandCC}
This works just like `runCommand`. The only difference is that it also provides a C compiler in `buildCommand`'s environment. To minimize your dependencies, you should only use this if you are sure you will need a C compiler as part of running your command.
## `runCommandLocal` {#trivial-builder-runCommandLocal}
Variant of `runCommand` that forces the derivation to be built locally, it is not substituted. This is intended for very cheap commands (<1s execution time). It saves on the network roundrip and can speed up a build.
::: {.note}
This sets [`allowSubstitutes` to `false`](https://nixos.org/nix/manual/#adv-attr-allowSubstitutes), so only use `runCommandLocal` if you are certain the user will always have a builder for the `system` of the derivation. This should be true for most trivial use cases (e.g. just copying some files to a different location or adding symlinks), because there the `system` is usually the same as `builtins.currentSystem`.
:::
## `writeTextFile`, `writeText`, `writeTextDir`, `writeScript`, `writeScriptBin` {#trivial-builder-writeText}
These functions write `text` to the Nix store. This is useful for creating scripts from Nix expressions. `writeTextFile` takes an attribute set and expects two arguments, `name` and `text`. `name` corresponds to the name used in the Nix store path. `text` will be the contents of the file. You can also set `executable` to true to make this file have the executable bit set.
Many more commands wrap `writeTextFile` including `writeText`, `writeTextDir`, `writeScript`, and `writeScriptBin`. These are convenience functions over `writeTextFile`.
## `symlinkJoin` {#trivial-builder-symlinkJoin}
This can be used to put many derivations into the same directory structure. It works by creating a new derivation and adding symlinks to each of the paths listed. It expects two arguments, `name`, and `paths`. `name` is the name used in the Nix store path for the created derivation. `paths` is a list of paths that will be symlinked. These paths can be to Nix store derivations or any other subdirectory contained within.

View file

@ -1,90 +0,0 @@
<chapter xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude"
xml:id="chap-trivial-builders">
<title>Trivial builders</title>
<para>
Nixpkgs provides a couple of functions that help with building derivations. The most important one, <function>stdenv.mkDerivation</function>, has already been documented above. The following functions wrap <function>stdenv.mkDerivation</function>, making it easier to use in certain cases.
</para>
<variablelist>
<varlistentry xml:id="trivial-builder-runCommand">
<term>
<literal>runCommand</literal>
</term>
<listitem>
<para>
This takes three arguments, <literal>name</literal>, <literal>env</literal>, and <literal>buildCommand</literal>. <literal>name</literal> is just the name that Nix will append to the store path in the same way that <literal>stdenv.mkDerivation</literal> uses its <literal>name</literal> attribute. <literal>env</literal> is an attribute set specifying environment variables that will be set for this derivation. These attributes are then passed to the wrapped <literal>stdenv.mkDerivation</literal>. <literal>buildCommand</literal> specifies the commands that will be run to create this derivation. Note that you will need to create <literal>$out</literal> for Nix to register the command as successful.
</para>
<para>
An example of using <literal>runCommand</literal> is provided below.
</para>
<programlisting>
(import &lt;nixpkgs&gt; {}).runCommand "my-example" {} ''
echo My example command is running
mkdir $out
echo I can write data to the Nix store > $out/message
echo I can also run basic commands like:
echo ls
ls
echo whoami
whoami
echo date
date
''
</programlisting>
</listitem>
</varlistentry>
<varlistentry xml:id="trivial-builder-runCommandCC">
<term>
<literal>runCommandCC</literal>
</term>
<listitem>
<para>
This works just like <literal>runCommand</literal>. The only difference is that it also provides a C compiler in <literal>buildCommand</literal>s environment. To minimize your dependencies, you should only use this if you are sure you will need a C compiler as part of running your command.
</para>
</listitem>
</varlistentry>
<varlistentry xml:id="trivial-builder-runCommandLocal">
<term>
<literal>runCommandLocal</literal>
</term>
<listitem>
<para>
Variant of <literal>runCommand</literal> that forces the derivation to be built locally, it is not substituted. This is intended for very cheap commands (&lt;1s execution time). It saves on the network roundrip and can speed up a build.
</para>
<note><para>
This sets <link xlink:href="https://nixos.org/nix/manual/#adv-attr-allowSubstitutes"><literal>allowSubstitutes</literal> to <literal>false</literal></link>, so only use <literal>runCommandLocal</literal> if you are certain the user will always have a builder for the <literal>system</literal> of the derivation. This should be true for most trivial use cases (e.g. just copying some files to a different location or adding symlinks), because there the <literal>system</literal> is usually the same as <literal>builtins.currentSystem</literal>.
</para></note>
</listitem>
</varlistentry>
<varlistentry xml:id="trivial-builder-writeText">
<term>
<literal>writeTextFile</literal>, <literal>writeText</literal>, <literal>writeTextDir</literal>, <literal>writeScript</literal>, <literal>writeScriptBin</literal>
</term>
<listitem>
<para>
These functions write <literal>text</literal> to the Nix store. This is useful for creating scripts from Nix expressions. <literal>writeTextFile</literal> takes an attribute set and expects two arguments, <literal>name</literal> and <literal>text</literal>. <literal>name</literal> corresponds to the name used in the Nix store path. <literal>text</literal> will be the contents of the file. You can also set <literal>executable</literal> to true to make this file have the executable bit set.
</para>
<para>
Many more commands wrap <literal>writeTextFile</literal> including <literal>writeText</literal>, <literal>writeTextDir</literal>, <literal>writeScript</literal>, and <literal>writeScriptBin</literal>. These are convenience functions over <literal>writeTextFile</literal>.
</para>
</listitem>
</varlistentry>
<varlistentry xml:id="trivial-builder-symlinkJoin">
<term>
<literal>symlinkJoin</literal>
</term>
<listitem>
<para>
This can be used to put many derivations into the same directory structure. It works by creating a new derivation and adding symlinks to each of the paths listed. It expects two arguments, <literal>name</literal>, and <literal>paths</literal>. <literal>name</literal> is the name used in the Nix store path for the created derivation. <literal>paths</literal> is a list of paths that will be symlinked. These paths can be to Nix store derivations or any other subdirectory contained within.
</para>
</listitem>
</varlistentry>
</variablelist>
</chapter>

View file

@ -23,8 +23,8 @@
</part>
<part>
<title>Builders</title>
<xi:include href="builders/fetchers.xml" />
<xi:include href="builders/trivial-builders.xml" />
<xi:include href="builders/fetchers.chapter.xml" />
<xi:include href="builders/trivial-builders.chapter.xml" />
<xi:include href="builders/special.xml" />
<xi:include href="builders/images.xml" />
<xi:include href="languages-frameworks/index.xml" />

View file

@ -431,6 +431,13 @@
been dropped from upstream releases.
</para>
</listitem>
<listitem>
<para>
<xref linkend="opt-users.users._name_.createHome" /> now always ensures home directory permissions to be <literal>0700</literal>.
Permissions had previously been ignored for already existing home directories, possibly leaving them readable by others.
The option's description was incorrect regarding ownership management and has been simplified greatly.
</para>
</listitem>
</itemizedlist>
</section>
</section>

View file

@ -209,10 +209,11 @@ foreach my $u (@{$spec->{users}}) {
}
}
# Create a home directory.
# Ensure home directory incl. ownership and permissions.
if ($u->{createHome}) {
make_path($u->{home}, { mode => 0700 }) if ! -e $u->{home};
chown $u->{uid}, $u->{gid}, $u->{home};
chmod 0700, $u->{home};
}
if (defined $u->{passwordFile}) {

View file

@ -198,10 +198,8 @@ let
type = types.bool;
default = false;
description = ''
If true, the home directory will be created automatically. If this
option is true and the home directory already exists but is not
owned by the user, directory owner and group will be changed to
match the user.
Whether to create the home directory and ensure ownership as well as
permissions to match the user.
'';
};

View file

@ -21,7 +21,7 @@ import ./make-test-python.nix ({ pkgs, lib, ... }: {
in ''
client.wait_for_x()
client.execute("su - alice -c minecraft-launcher &")
client.wait_for_text("CONTINUE WITHOUT LOGIN")
client.wait_for_text("Create a new Microsoft account")
client.sleep(10)
client.screenshot("launcher")
'';

View file

@ -23,6 +23,6 @@ VSCODIUM_LINUX_URL="https://github.com/VSCodium/vscodium/releases/download/${VSC
VSCODIUM_LINUX_SHA256=$(nix-prefetch-url ${VSCODIUM_LINUX_URL})
sed -i "s/x86_64-linux = \".\{52\}\"/x86_64-linux = \"${VSCODIUM_LINUX_SHA256}\"/" "$ROOT/vscodium.nix"
VSCODIUM_DARWIN_URL="https://github.com/VSCodium/vscodium/releases/download/${VSCODIUM_VER}/VSCodium-darwin-${VSCODIUM_VER}.zip"
VSCODIUM_DARWIN_URL="https://github.com/VSCodium/vscodium/releases/download/${VSCODIUM_VER}/VSCodium-darwin-x64-${VSCODIUM_VER}.zip"
VSCODIUM_DARWIN_SHA256=$(nix-prefetch-url ${VSCODIUM_DARWIN_URL})
sed -i "s/x86_64-darwin = \".\{52\}\"/x86_64-darwin = \"${VSCODIUM_DARWIN_SHA256}\"/" "$ROOT/vscodium.nix"

View file

@ -1,4 +1,4 @@
{ stdenv, mkChromiumDerivation, channel, enableWideVine }:
{ stdenv, mkChromiumDerivation, channel, enableWideVine, ungoogled }:
with stdenv.lib;
@ -69,18 +69,25 @@ mkChromiumDerivation (base: rec {
requiredSystemFeatures = [ "big-parallel" ];
meta = {
description = "An open source web browser from Google";
description = "An open source web browser from Google"
+ optionalString ungoogled ", with dependencies on Google web services removed";
longDescription = ''
Chromium is an open source web browser from Google that aims to build a
safer, faster, and more stable way for all Internet users to experience
the web. It has a minimalist user interface and provides the vast majority
of source code for Google Chrome (which has some additional features).
'';
homepage = "https://www.chromium.org/";
maintainers = with maintainers; [ primeos thefloweringash bendlas ]; # See README.md
homepage = if ungoogled
then "https://github.com/Eloston/ungoogled-chromium"
else "https://www.chromium.org/";
maintainers = with maintainers; if ungoogled
then [ squalus primeos ]
else [ primeos thefloweringash bendlas ];
license = if enableWideVine then licenses.unfree else licenses.bsd3;
platforms = platforms.linux;
hydraPlatforms = if channel == "stable" then ["aarch64-linux" "x86_64-linux"] else [];
hydraPlatforms = if (channel == "stable" || channel == "ungoogled-chromium")
then ["aarch64-linux" "x86_64-linux"]
else [];
timeout = 172800; # 48 hours (increased from the Hydra default of 10h)
};
})

View file

@ -31,6 +31,7 @@
, proprietaryCodecs ? true
, cupsSupport ? true
, pulseSupport ? false, libpulseaudio ? null
, ungoogled ? false, ungoogled-chromium
, channel
, upstream-info
@ -109,6 +110,10 @@ let
result
else result;
ungoogler = ungoogled-chromium {
inherit (upstream-info.deps.ungoogled-patches) rev sha256;
};
base = rec {
name = "${packageName}-unwrapped-${version}";
inherit (upstream-info) version;
@ -208,6 +213,10 @@ let
'' + optionalString stdenv.isAarch64 ''
substituteInPlace build/toolchain/linux/BUILD.gn \
--replace 'toolprefix = "aarch64-linux-gnu-"' 'toolprefix = ""'
'' + optionalString ungoogled ''
${ungoogler}/utils/prune_binaries.py . ${ungoogler}/pruning.list || echo "some errors"
${ungoogler}/utils/patches.py . ${ungoogler}/patches
${ungoogler}/utils/domain_substitution.py apply -r ${ungoogler}/domain_regex.list -f ${ungoogler}/domain_substitution.list -c ./ungoogled-domsubcache.tar.gz .
'';
gnFlags = mkGnFlags ({
@ -260,6 +269,24 @@ let
use_system_minigbm = true;
use_system_libdrm = true;
system_wayland_scanner_path = "${wayland}/bin/wayland-scanner";
} // optionalAttrs ungoogled {
chrome_pgo_phase = 0;
enable_hangout_services_extension = false;
enable_js_type_check = false;
enable_mdns = false;
enable_nacl_nonsfi = false;
enable_one_click_signin = false;
enable_reading_list = false;
enable_remoting = false;
enable_reporting = false;
enable_service_discovery = false;
exclude_unwind_tables = true;
google_api_key = "";
google_default_client_id = "";
google_default_client_secret = "";
safe_browsing_mode = 0;
use_official_google_api_keys = false;
use_unofficial_version_number = false;
} // (extraAttrs.gnFlags or {}));
configurePhase = ''

View file

@ -15,6 +15,7 @@
, enablePepperFlash ? false
, enableWideVine ? false
, enableVaapi ? false # Disabled by default due to unofficial support
, ungoogled ? false # Whether to build chromium or ungoogled-chromium
, cupsSupport ? true
, pulseSupport ? config.pulseaudio or stdenv.isLinux
, commandLineArgs ? ""
@ -33,7 +34,7 @@ let
mkChromiumDerivation = callPackage ./common.nix ({
inherit channel gnome gnomeSupport gnomeKeyringSupport proprietaryCodecs
cupsSupport pulseSupport;
cupsSupport pulseSupport ungoogled;
gnChromium = gn.overrideAttrs (oldAttrs: {
inherit (upstream-info.deps.gn) version;
src = fetchgit {
@ -42,11 +43,13 @@ let
});
});
browser = callPackage ./browser.nix { inherit channel enableWideVine; };
browser = callPackage ./browser.nix { inherit channel enableWideVine ungoogled; };
plugins = callPackage ./plugins.nix {
inherit enablePepperFlash;
};
ungoogled-chromium = callPackage ./ungoogled.nix {};
};
pkgSuffix = if channel == "dev" then "unstable" else channel;
@ -113,7 +116,9 @@ let
};
};
suffix = if channel != "stable" then "-" + channel else "";
suffix = if (channel == "stable" || channel == "ungoogled-chromium")
then ""
else "-" + channel;
sandboxExecutableName = chromium.browser.passthru.sandboxExecutableName;
@ -133,7 +138,8 @@ let
else browser;
in stdenv.mkDerivation {
name = "chromium${suffix}-${version}";
name = lib.optionalString ungoogled "ungoogled-"
+ "chromium${suffix}-${version}";
inherit version;
buildInputs = [

View file

@ -113,9 +113,12 @@ with open(JSON_PATH, 'w') as out:
return 1
elif channel_name == 'dev':
return 2
elif channel_name == 'ungoogled-chromium':
return 3
else:
print(f'Error: Unexpected channel: {channel_name}', file=sys.stderr)
sys.exit(1)
channels['ungoogled-chromium'] = last_channels['ungoogled-chromium'] # Keep ungoogled-chromium unchanged
sorted_channels = OrderedDict(sorted(channels.items(), key=get_channel_key))
json.dump(sorted_channels, out, indent=2)
out.write('\n')

View file

@ -42,5 +42,21 @@
"sha256": "1xcm07qjk6m2czi150fiqqxql067i832adck6zxrishm70c9jbr9"
}
}
},
"ungoogled-chromium": {
"version": "87.0.4280.88",
"sha256": "1h09g9b2zxad85vd146ymvg3w2kpngpi78yig3dn1vrmhwr4aiiy",
"deps": {
"ungoogled-patches": {
"rev": "87.0.4280.88-1",
"sha256": "0w2137w8hfcgl6f938hqnb4ffp33v5r8vdzxrvs814w7dszkiqgg"
},
"gn": {
"version": "2020-09-09",
"url": "https://gn.googlesource.com/gn",
"rev": "e002e68a48d1c82648eadde2f6aafa20d08c36f2",
"sha256": "0x4c7amxwzxs39grqs3dnnz0531mpf1p75niq7zhinyfqm86i4dk"
}
}
}
}

View file

@ -1,86 +0,0 @@
{ stdenv, mkChromiumDerivation, channel, enableWideVine }:
with stdenv.lib;
mkChromiumDerivation (base: rec {
name = "chromium-browser";
packageName = "chromium";
buildTargets = [ "mksnapshot" "chrome_sandbox" "chrome" ];
outputs = ["out" "sandbox"];
sandboxExecutableName = "__chromium-suid-sandbox";
installPhase = ''
mkdir -p "$libExecPath"
cp -v "$buildPath/"*.so "$buildPath/"*.pak "$buildPath/"*.bin "$libExecPath/"
cp -v "$buildPath/icudtl.dat" "$libExecPath/"
cp -vLR "$buildPath/locales" "$buildPath/resources" "$libExecPath/"
cp -v "$buildPath/chrome" "$libExecPath/$packageName"
# Swiftshader
# See https://stackoverflow.com/a/4264351/263061 for the find invocation.
if [ -n "$(find "$buildPath/swiftshader/" -maxdepth 1 -name '*.so' -print -quit)" ]; then
echo "Swiftshader files found; installing"
mkdir -p "$libExecPath/swiftshader"
cp -v "$buildPath/swiftshader/"*.so "$libExecPath/swiftshader/"
else
echo "Swiftshader files not found"
fi
mkdir -p "$sandbox/bin"
cp -v "$buildPath/chrome_sandbox" "$sandbox/bin/${sandboxExecutableName}"
mkdir -vp "$out/share/man/man1"
cp -v "$buildPath/chrome.1" "$out/share/man/man1/$packageName.1"
for icon_file in chrome/app/theme/chromium/product_logo_*[0-9].png; do
num_and_suffix="''${icon_file##*logo_}"
icon_size="''${num_and_suffix%.*}"
expr "$icon_size" : "^[0-9][0-9]*$" || continue
logo_output_prefix="$out/share/icons/hicolor"
logo_output_path="$logo_output_prefix/''${icon_size}x''${icon_size}/apps"
mkdir -vp "$logo_output_path"
cp -v "$icon_file" "$logo_output_path/$packageName.png"
done
# Install Desktop Entry
install -D chrome/installer/linux/common/desktop.template \
$out/share/applications/chromium-browser.desktop
substituteInPlace $out/share/applications/chromium-browser.desktop \
--replace "@@MENUNAME@@" "Chromium" \
--replace "@@PACKAGE@@" "chromium" \
--replace "Exec=/usr/bin/@@USR_BIN_SYMLINK_NAME@@" "Exec=chromium"
# Append more mime types to the end
sed -i '/^MimeType=/ s,$,x-scheme-handler/webcal;x-scheme-handler/mailto;x-scheme-handler/about;x-scheme-handler/unknown,' \
$out/share/applications/chromium-browser.desktop
# See https://github.com/NixOS/nixpkgs/issues/12433
sed -i \
-e '/\[Desktop Entry\]/a\' \
-e 'StartupWMClass=chromium-browser' \
$out/share/applications/chromium-browser.desktop
'';
passthru = { inherit sandboxExecutableName; };
requiredSystemFeatures = [ "big-parallel" ];
meta = {
description = "An open source web browser from Google, with dependencies on Google web services removed";
longDescription = ''
Chromium is an open source web browser from Google that aims to build a
safer, faster, and more stable way for all Internet users to experience
the web. It has a minimalist user interface and provides the vast majority
of source code for Google Chrome (which has some additional features).
'';
homepage = "https://github.com/Eloston/ungoogled-chromium";
maintainers = with maintainers; [ squalus ];
license = if enableWideVine then licenses.unfree else licenses.bsd3;
platforms = platforms.linux;
hydraPlatforms = if channel == "stable" then ["aarch64-linux" "x86_64-linux"] else [];
timeout = 172800; # 48 hours (increased from the Hydra default of 10h)
};
})

View file

@ -1,345 +0,0 @@
{ stdenv, lib, llvmPackages, gnChromium, ninja, which, nodejs, fetchpatch, fetchurl
# default dependencies
, gnutar, bzip2, flac, speex, libopus
, libevent, expat, libjpeg, snappy
, libpng, libcap
, xdg_utils, yasm, nasm, minizip, libwebp
, libusb1, pciutils, nss, re2
, python2Packages, perl, pkgconfig
, nspr, systemd, kerberos
, util-linux, alsaLib
, bison, gperf
, glib, gtk3, dbus-glib
, glibc
, libXScrnSaver, libXcursor, libXtst, libGLU, libGL
, protobuf, speechd, libXdamage, cups
, ffmpeg, libxslt, libxml2, at-spi2-core
, jre8
, pipewire_0_2
, libva
# optional dependencies
, libgcrypt ? null # gnomeSupport || cupsSupport
, libdrm ? null, wayland ? null, mesa ? null, libxkbcommon ? null # useOzone
# package customization
, useOzone ? true
, gnomeSupport ? false, gnome ? null
, gnomeKeyringSupport ? false, libgnome-keyring3 ? null
, proprietaryCodecs ? true
, cupsSupport ? true
, pulseSupport ? false, libpulseaudio ? null
, ungoogled-chromium
, ungoogled ? false
, channel
, upstream-info
}:
buildFun:
with stdenv.lib;
let
jre = jre8; # TODO: remove override https://github.com/NixOS/nixpkgs/pull/89731
# The additional attributes for creating derivations based on the chromium
# source tree.
extraAttrs = buildFun base;
githubPatch = commit: sha256: fetchpatch {
url = "https://github.com/chromium/chromium/commit/${commit}.patch";
inherit sha256;
};
mkGnFlags =
let
# Serialize Nix types into GN types according to this document:
# https://source.chromium.org/gn/gn/+/master:docs/language.md
mkGnString = value: "\"${escape ["\"" "$" "\\"] value}\"";
sanitize = value:
if value == true then "true"
else if value == false then "false"
else if isList value then "[${concatMapStringsSep ", " sanitize value}]"
else if isInt value then toString value
else if isString value then mkGnString value
else throw "Unsupported type for GN value `${value}'.";
toFlag = key: value: "${key}=${sanitize value}";
in attrs: concatStringsSep " " (attrValues (mapAttrs toFlag attrs));
# https://source.chromium.org/chromium/chromium/src/+/master:build/linux/unbundle/replace_gn_files.py
gnSystemLibraries = [
"ffmpeg"
"flac"
"libjpeg"
"libpng"
"libwebp"
"libxslt"
"opus"
"snappy"
"zlib"
];
opusWithCustomModes = libopus.override {
withCustomModes = true;
};
defaultDependencies = [
bzip2 flac speex opusWithCustomModes
libevent expat libjpeg snappy
libpng libcap
xdg_utils minizip libwebp
libusb1 re2
ffmpeg libxslt libxml2
nasm
];
# build paths and release info
packageName = extraAttrs.packageName or extraAttrs.name;
buildType = "Release";
buildPath = "out/${buildType}";
libExecPath = "$out/libexec/${packageName}";
versionRange = min-version: upto-version:
let inherit (upstream-info) version;
result = versionAtLeast version min-version && versionOlder version upto-version;
stable-version = (importJSON ./upstream-info.json).stable.version;
in if versionAtLeast stable-version upto-version
then warn "chromium: stable version ${stable-version} is newer than a patchset bounded at ${upto-version}. You can safely delete it."
result
else result;
ungoogler =
let versionEntry = (import ./ungoogled-src.nix)."${upstream-info.version}";
in ungoogled-chromium {
inherit (versionEntry) rev sha256;
};
base = rec {
name = "${packageName}-unwrapped-${version}";
inherit (upstream-info) version;
inherit channel packageName buildType buildPath;
src = fetchurl {
url = "https://commondatastorage.googleapis.com/chromium-browser-official/chromium-${version}.tar.xz";
inherit (upstream-info) sha256;
};
nativeBuildInputs = [
llvmPackages.lldClang.bintools
ninja which python2Packages.python perl pkgconfig
python2Packages.ply python2Packages.jinja2 nodejs
gnutar python2Packages.setuptools
];
buildInputs = defaultDependencies ++ [
nspr nss systemd
util-linux alsaLib
bison gperf kerberos
glib gtk3 dbus-glib
libXScrnSaver libXcursor libXtst libGLU libGL
pciutils protobuf speechd libXdamage at-spi2-core
jre
pipewire_0_2
libva
] ++ optional gnomeKeyringSupport libgnome-keyring3
++ optionals gnomeSupport [ gnome.GConf libgcrypt ]
++ optionals cupsSupport [ libgcrypt cups ]
++ optional pulseSupport libpulseaudio
++ optionals useOzone [ libdrm wayland mesa.drivers libxkbcommon ];
patches = [
./patches/no-build-timestamps.patch # Optional patch to use SOURCE_DATE_EPOCH in compute_build_timestamp.py (should be upstreamed)
./patches/widevine-79.patch # For bundling Widevine (DRM), might be replaceable via bundle_widevine_cdm=true in gnFlags
# ++ optional (versionRange "68" "72") ( githubPatch "<patch>" "0000000000000000000000000000000000000000000000000000000000000000" )
];
postPatch = ''
# remove unused third-party
for lib in ${toString gnSystemLibraries}; do
if [ -d "third_party/$lib" ]; then
find "third_party/$lib" -type f \
\! -path "third_party/$lib/chromium/*" \
\! -path "third_party/$lib/google/*" \
\! -path "third_party/harfbuzz-ng/utils/hb_scoped.h" \
\! -regex '.*\.\(gn\|gni\|isolate\)' \
-delete
fi
done
# Required for patchShebangs (unsupported interpreter directive, basename: invalid option -- '*', etc.):
substituteInPlace native_client/SConstruct --replace "#! -*- python -*-" ""
if [ -e third_party/harfbuzz-ng/src/src/update-unicode-tables.make ]; then
substituteInPlace third_party/harfbuzz-ng/src/src/update-unicode-tables.make \
--replace "/usr/bin/env -S make -f" "/usr/bin/make -f"
fi
# We want to be able to specify where the sandbox is via CHROME_DEVEL_SANDBOX
substituteInPlace sandbox/linux/suid/client/setuid_sandbox_host.cc \
--replace \
'return sandbox_binary;' \
'return base::FilePath(GetDevelSandboxPath());'
substituteInPlace services/audio/audio_sandbox_hook_linux.cc \
--replace \
'/usr/share/alsa/' \
'${alsaLib}/share/alsa/' \
--replace \
'/usr/lib/x86_64-linux-gnu/gconv/' \
'${glibc}/lib/gconv/' \
--replace \
'/usr/share/locale/' \
'${glibc}/share/locale/'
sed -i -e 's@"\(#!\)\?.*xdg-@"\1${xdg_utils}/bin/xdg-@' \
chrome/browser/shell_integration_linux.cc
sed -i -e '/lib_loader.*Load/s!"\(libudev\.so\)!"${lib.getLib systemd}/lib/\1!' \
device/udev_linux/udev?_loader.cc
sed -i -e '/libpci_loader.*Load/s!"\(libpci\.so\)!"${pciutils}/lib/\1!' \
gpu/config/gpu_info_collector_linux.cc
# Allow to put extensions into the system-path.
sed -i -e 's,/usr,/run/current-system/sw,' chrome/common/chrome_paths.cc
patchShebangs .
# use our own nodejs
mkdir -p third_party/node/linux/node-linux-x64/bin
ln -s "$(command -v node)" third_party/node/linux/node-linux-x64/bin/node
# Allow building against system libraries in official builds
sed -i 's/OFFICIAL_BUILD/GOOGLE_CHROME_BUILD/' tools/generate_shim_headers/generate_shim_headers.py
'' + optionalString stdenv.isAarch64 ''
substituteInPlace build/toolchain/linux/BUILD.gn \
--replace 'toolprefix = "aarch64-linux-gnu-"' 'toolprefix = ""'
'' + optionalString ungoogled ''
${ungoogler}/utils/prune_binaries.py . ${ungoogler}/pruning.list || echo "some errors"
${ungoogler}/utils/patches.py . ${ungoogler}/patches
${ungoogler}/utils/domain_substitution.py apply -r ${ungoogler}/domain_regex.list -f ${ungoogler}/domain_substitution.list -c ./ungoogled-domsubcache.tar.gz .
'';
gnFlags = mkGnFlags ({
custom_toolchain = "//build/toolchain/linux/unbundle:default";
host_toolchain = "//build/toolchain/linux/unbundle:default";
is_official_build = true;
use_vaapi = !stdenv.isAarch64; # TODO: Remove once M88 is released
use_sysroot = false;
use_gnome_keyring = gnomeKeyringSupport;
use_gio = gnomeSupport;
# ninja: error: '../../native_client/toolchain/linux_x86/pnacl_newlib/bin/x86_64-nacl-objcopy',
# needed by 'nacl_irt_x86_64.nexe', missing and no known rule to make it
enable_nacl = false;
# Enabling the Widevine component here doesn't affect whether we can
# redistribute the chromium package; the Widevine component is either
# added later in the wrapped -wv build or downloaded from Google.
enable_widevine = true;
use_cups = cupsSupport;
# Provides the enable-webrtc-pipewire-capturer flag to support Wayland screen capture.
rtc_use_pipewire = true;
treat_warnings_as_errors = false;
clang_use_chrome_plugins = false;
blink_symbol_level = 0;
symbol_level = 0;
fieldtrial_testing_like_official_build = true;
# Google API keys, see:
# http://www.chromium.org/developers/how-tos/api-keys
# Note: These are for NixOS/nixpkgs use ONLY. For your own distribution,
# please get your own set of keys.
google_api_key = "AIzaSyDGi15Zwl11UNe6Y-5XW_upsfyw31qwZPI";
google_default_client_id = "404761575300.apps.googleusercontent.com";
google_default_client_secret = "9rIFQjfnkykEmqb6FfjJQD1D";
} // optionalAttrs proprietaryCodecs {
# enable support for the H.264 codec
proprietary_codecs = true;
enable_hangout_services_extension = true;
ffmpeg_branding = "Chrome";
} // optionalAttrs pulseSupport {
use_pulseaudio = true;
link_pulseaudio = true;
} // optionalAttrs useOzone {
use_ozone = true;
use_xkbcommon = true;
use_glib = true;
use_gtk = true;
use_system_libwayland = true;
use_system_minigbm = true;
use_system_libdrm = true;
system_wayland_scanner_path = "${wayland}/bin/wayland-scanner";
} // optionalAttrs ungoogled {
chrome_pgo_phase = 0;
enable_hangout_services_extension = false;
enable_js_type_check = false;
enable_mdns = false;
enable_nacl_nonsfi = false;
enable_one_click_signin = false;
enable_reading_list = false;
enable_remoting = false;
enable_reporting = false;
enable_service_discovery = false;
exclude_unwind_tables = true;
google_api_key = "";
google_default_client_id = "";
google_default_client_secret = "";
safe_browsing_mode = 0;
use_official_google_api_keys = false;
use_unofficial_version_number = false;
} // (extraAttrs.gnFlags or {}));
configurePhase = ''
runHook preConfigure
# This is to ensure expansion of $out.
libExecPath="${libExecPath}"
python build/linux/unbundle/replace_gn_files.py --system-libraries ${toString gnSystemLibraries}
${gnChromium}/bin/gn gen --args=${escapeShellArg gnFlags} out/Release | tee gn-gen-outputs.txt
# Fail if `gn gen` contains a WARNING.
grep -o WARNING gn-gen-outputs.txt && echo "Found gn WARNING, exiting nix build" && exit 1
runHook postConfigure
'';
# Don't spam warnings about unknown warning options. This is useful because
# our Clang is always older than Chromium's and the build logs have a size
# of approx. 25 MB without this option (and this saves e.g. 66 %).
NIX_CFLAGS_COMPILE = "-Wno-unknown-warning-option";
buildPhase = let
buildCommand = target: ''
ninja -C "${buildPath}" -j$NIX_BUILD_CORES -l$NIX_BUILD_CORES "${target}"
(
source chrome/installer/linux/common/installer.include
PACKAGE=$packageName
MENUNAME="Chromium"
process_template chrome/app/resources/manpage.1.in "${buildPath}/chrome.1"
)
'';
targets = extraAttrs.buildTargets or [];
commands = map buildCommand targets;
in concatStringsSep "\n" commands;
postFixup = ''
# Make sure that libGLESv2 is found by dlopen (if using EGL).
chromiumBinary="$libExecPath/$packageName"
origRpath="$(patchelf --print-rpath "$chromiumBinary")"
patchelf --set-rpath "${libGL}/lib:$origRpath" "$chromiumBinary"
'';
passthru = {
updateScript = ./update.py;
chromiumDeps = {
gn = gnChromium;
};
};
};
# Remove some extraAttrs we supplied to the base attributes already.
in stdenv.mkDerivation (base // removeAttrs extraAttrs [
"name" "gnFlags" "buildTargets"
] // { passthru = base.passthru // (extraAttrs.passthru or {}); })

View file

@ -1,214 +0,0 @@
{ newScope, config, stdenv, fetchurl, makeWrapper
, llvmPackages_11, ed, gnugrep, coreutils, xdg_utils
, glib, gtk3, gnome3, gsettings-desktop-schemas, gn, fetchgit
, libva ? null
, pipewire_0_2
, gcc, nspr, nss, runCommand
, lib
# package customization
# Note: enable* flags should not require full rebuilds (i.e. only affect the wrapper)
, channel ? "stable"
, gnomeSupport ? false, gnome ? null
, gnomeKeyringSupport ? false
, proprietaryCodecs ? true
, enablePepperFlash ? false
, enableWideVine ? false
, enableVaapi ? false # Disabled by default due to unofficial support
, ungoogled ? true
, cupsSupport ? true
, pulseSupport ? config.pulseaudio or stdenv.isLinux
, commandLineArgs ? ""
}:
let
llvmPackages = llvmPackages_11;
stdenv = llvmPackages.stdenv;
callPackage = newScope chromium;
chromium = rec {
inherit stdenv llvmPackages;
upstream-info = (lib.importJSON ./upstream-info.json).${channel};
mkChromiumDerivation = callPackage ./common.nix ({
inherit channel gnome gnomeSupport gnomeKeyringSupport proprietaryCodecs
cupsSupport pulseSupport;
inherit ungoogled;
gnChromium = gn.overrideAttrs (oldAttrs: {
inherit (upstream-info.deps.gn) version;
src = fetchgit {
inherit (upstream-info.deps.gn) url rev sha256;
};
});
});
browser = callPackage ./browser.nix { inherit channel enableWideVine; };
plugins = callPackage ./plugins.nix {
inherit enablePepperFlash;
};
ungoogled-chromium = callPackage ./ungoogled.nix {};
};
pkgSuffix = if channel == "dev" then "unstable" else channel;
pkgName = "google-chrome-${pkgSuffix}";
chromeSrc = fetchurl {
urls = map (repo: "${repo}/${pkgName}/${pkgName}_${version}-1_amd64.deb") [
"https://dl.google.com/linux/chrome/deb/pool/main/g"
"http://95.31.35.30/chrome/pool/main/g"
"http://mirror.pcbeta.com/google/chrome/deb/pool/main/g"
"http://repo.fdzh.org/chrome/deb/pool/main/g"
];
sha256 = chromium.upstream-info.sha256bin64;
};
mkrpath = p: "${lib.makeSearchPathOutput "lib" "lib64" p}:${lib.makeLibraryPath p}";
widevineCdm = stdenv.mkDerivation {
name = "chrome-widevine-cdm";
src = chromeSrc;
phases = [ "unpackPhase" "patchPhase" "installPhase" "checkPhase" ];
unpackCmd = let
widevineCdmPath =
if channel == "stable" then
"./opt/google/chrome/WidevineCdm"
else if channel == "beta" then
"./opt/google/chrome-beta/WidevineCdm"
else if channel == "dev" then
"./opt/google/chrome-unstable/WidevineCdm"
else
throw "Unknown chromium channel.";
in ''
# Extract just WidevineCdm from upstream's .deb file
ar p "$src" data.tar.xz | tar xJ "${widevineCdmPath}"
# Move things around so that we don't have to reference a particular
# chrome-* directory later.
mv "${widevineCdmPath}" ./
# unpackCmd wants a single output directory; let it take WidevineCdm/
rm -rf opt
'';
doCheck = true;
checkPhase = ''
! find -iname '*.so' -exec ldd {} + | grep 'not found'
'';
PATCH_RPATH = mkrpath [ gcc.cc glib nspr nss ];
patchPhase = ''
patchelf --set-rpath "$PATCH_RPATH" _platform_specific/linux_x64/libwidevinecdm.so
'';
installPhase = ''
mkdir -p $out/WidevineCdm
cp -a * $out/WidevineCdm/
'';
meta = {
platforms = [ "x86_64-linux" ];
license = lib.licenses.unfree;
};
};
suffix = if channel != "stable" then "-" + channel else "";
sandboxExecutableName = chromium.browser.passthru.sandboxExecutableName;
version = chromium.browser.version;
# We want users to be able to enableWideVine without rebuilding all of
# chromium, so we have a separate derivation here that copies chromium
# and adds the unfree WidevineCdm.
chromiumWV = let browser = chromium.browser; in if enableWideVine then
runCommand (browser.name + "-wv") { version = browser.version; }
''
mkdir -p $out
cp -a ${browser}/* $out/
chmod u+w $out/libexec/chromium
cp -a ${widevineCdm}/WidevineCdm $out/libexec/chromium/
''
else browser;
in stdenv.mkDerivation {
name = "ungoogled-chromium${suffix}-${version}";
inherit version;
buildInputs = [
makeWrapper ed
# needed for GSETTINGS_SCHEMAS_PATH
gsettings-desktop-schemas glib gtk3
# needed for XDG_ICON_DIRS
gnome3.adwaita-icon-theme
];
outputs = ["out" "sandbox"];
buildCommand = let
browserBinary = "${chromiumWV}/libexec/chromium/chromium";
getWrapperFlags = plugin: "$(< \"${plugin}/nix-support/wrapper-flags\")";
libPath = stdenv.lib.makeLibraryPath [ libva pipewire_0_2 ];
in with stdenv.lib; ''
mkdir -p "$out/bin"
eval makeWrapper "${browserBinary}" "$out/bin/chromium" \
--add-flags ${escapeShellArg (escapeShellArg commandLineArgs)} \
${lib.optionalString enableVaapi "--add-flags --enable-accelerated-video-decode"} \
${concatMapStringsSep " " getWrapperFlags chromium.plugins.enabled}
ed -v -s "$out/bin/chromium" << EOF
2i
if [ -x "/run/wrappers/bin/${sandboxExecutableName}" ]
then
export CHROME_DEVEL_SANDBOX="/run/wrappers/bin/${sandboxExecutableName}"
else
export CHROME_DEVEL_SANDBOX="$sandbox/bin/${sandboxExecutableName}"
fi
'' + lib.optionalString (libPath != "") ''
# To avoid loading .so files from cwd, LD_LIBRARY_PATH here must not
# contain an empty section before or after a colon.
export LD_LIBRARY_PATH="\$LD_LIBRARY_PATH\''${LD_LIBRARY_PATH:+:}${libPath}"
'' + ''
# libredirect causes chromium to deadlock on startup
export LD_PRELOAD="\$(echo -n "\$LD_PRELOAD" | ${coreutils}/bin/tr ':' '\n' | ${gnugrep}/bin/grep -v /lib/libredirect\\\\.so$ | ${coreutils}/bin/tr '\n' ':')"
export XDG_DATA_DIRS=$XDG_ICON_DIRS:$GSETTINGS_SCHEMAS_PATH\''${XDG_DATA_DIRS:+:}\$XDG_DATA_DIRS
# Mainly for xdg-open but also other xdg-* tools:
export PATH="${xdg_utils}/bin\''${PATH:+:}\$PATH"
.
w
EOF
ln -sv "${chromium.browser.sandbox}" "$sandbox"
ln -s "$out/bin/chromium" "$out/bin/chromium-browser"
mkdir -p "$out/share"
for f in '${chromium.browser}'/share/*; do # hello emacs */
ln -s -t "$out/share/" "$f"
done
'';
inherit (chromium.browser) packageName;
meta = chromium.browser.meta;
passthru = {
inherit (chromium) upstream-info browser;
mkDerivation = chromium.mkChromiumDerivation;
inherit chromeSrc sandboxExecutableName;
updateScript = ./update.py;
};
}

View file

@ -1,17 +0,0 @@
--- chromium-70.0.3538.67/build/compute_build_timestamp.py.orig 2018-11-02 16:00:34.368933077 +0200
+++ chromium-70.0.3538.67/build/compute_build_timestamp.py 2018-11-08 04:06:21.658105129 +0200
@@ -94,6 +94,14 @@
'build_type', help='The type of build', choices=('official', 'default'))
args = argument_parser.parse_args()
+ # I don't trust LASTCHANGE magic, and I definelly want something deterministic here
+ SOURCE_DATE_EPOCH = os.getenv("SOURCE_DATE_EPOCH", None)
+ if SOURCE_DATE_EPOCH is not None:
+ print(SOURCE_DATE_EPOCH)
+ return 0
+ else:
+ raise RuntimeError("SOURCE_DATE_EPOCH not set")
+
# The mtime of the revision in build/util/LASTCHANGE is stored in a file
# next to it. Read it, to get a deterministic time close to "now".
# That date is then modified as described at the top of the file so that

View file

@ -1,13 +0,0 @@
diff --git a/third_party/widevine/cdm/BUILD.gn b/third_party/widevine/cdm/BUILD.gn
index ed0e2f5208b..5b431a030d5 100644
--- a/third_party/widevine/cdm/BUILD.gn
+++ b/third_party/widevine/cdm/BUILD.gn
@@ -14,7 +14,7 @@ buildflag_header("buildflags") {
flags = [
"ENABLE_WIDEVINE=$enable_widevine",
- "BUNDLE_WIDEVINE_CDM=$bundle_widevine_cdm",
+ "BUNDLE_WIDEVINE_CDM=true",
"ENABLE_WIDEVINE_CDM_COMPONENT=$enable_widevine_cdm_component",
]
}

View file

@ -1,92 +0,0 @@
{ stdenv, gcc
, jshon
, glib
, nspr
, nss
, fetchzip
, enablePepperFlash ? false
, upstream-info
}:
with stdenv.lib;
let
mkrpath = p: "${makeSearchPathOutput "lib" "lib64" p}:${makeLibraryPath p}";
# Generate a shell fragment that emits flags appended to the
# final makeWrapper call for wrapping the browser's main binary.
#
# Note that this is shell-escaped so that only the variable specified
# by the "output" attribute is substituted.
mkPluginInfo = { output ? "out", allowedVars ? [ output ]
, flags ? [], envVars ? {}
}: let
shSearch = ["'"] ++ map (var: "@${var}@") allowedVars;
shReplace = ["'\\''"] ++ map (var: "'\"\${${var}}\"'") allowedVars;
# We need to triple-escape "val":
# * First because makeWrapper doesn't do any quoting of its arguments by
# itself.
# * Second because it's passed to the makeWrapper call separated by IFS but
# not by the _real_ arguments, for example the Widevine plugin flags
# contain spaces, so they would end up as separate arguments.
# * Third in order to be correctly quoted for the "echo" call below.
shEsc = val: "'${replaceStrings ["'"] ["'\\''"] val}'";
mkSh = val: "'${replaceStrings shSearch shReplace (shEsc val)}'";
mkFlag = flag: ["--add-flags" (shEsc flag)];
mkEnvVar = key: val: ["--set" (shEsc key) (shEsc val)];
envList = mapAttrsToList mkEnvVar envVars;
quoted = map mkSh (flatten ((map mkFlag flags) ++ envList));
in ''
mkdir -p "''$${output}/nix-support"
echo ${toString quoted} > "''$${output}/nix-support/wrapper-flags"
'';
flash = stdenv.mkDerivation rec {
pname = "flashplayer-ppapi";
version = "32.0.0.465";
src = fetchzip {
url = "https://fpdownload.adobe.com/pub/flashplayer/pdc/${version}/flash_player_ppapi_linux.x86_64.tar.gz";
sha256 = "16qbc2s8dg2rwggphf8f5665iccc6lrvgz45bdwskg9pwg87hlj1";
stripRoot = false;
};
patchPhase = ''
chmod +x libpepflashplayer.so
patchelf --set-rpath "${mkrpath [ gcc.cc ]}" libpepflashplayer.so
'';
doCheck = true;
checkPhase = ''
! find -iname '*.so' -exec ldd {} + | grep 'not found'
'';
installPhase = ''
flashVersion="$(
"${jshon}/bin/jshon" -F manifest.json -e version -u
)"
install -vD libpepflashplayer.so "$out/lib/libpepflashplayer.so"
${mkPluginInfo {
allowedVars = [ "out" "flashVersion" ];
flags = [
"--ppapi-flash-path=@out@/lib/libpepflashplayer.so"
"--ppapi-flash-version=@flashVersion@"
];
}}
'';
dontStrip = true;
meta = {
license = stdenv.lib.licenses.unfree;
maintainers = with stdenv.lib.maintainers; [ taku0 ];
platforms = platforms.x86_64;
};
};
in {
enabled = optional enablePepperFlash flash;
}

View file

@ -1,6 +0,0 @@
{
"87.0.4280.88" = {
rev = "87.0.4280.88-1";
sha256 = "0w2137w8hfcgl6f938hqnb4ffp33v5r8vdzxrvs814w7dszkiqgg";
};
}

View file

@ -1,121 +0,0 @@
#! /usr/bin/env nix-shell
#! nix-shell -i python -p python3 nix nix-prefetch-git
import csv
import json
import re
import subprocess
import sys
from codecs import iterdecode
from collections import OrderedDict
from datetime import datetime
from os.path import abspath, dirname
from urllib.request import urlopen
HISTORY_URL = 'https://omahaproxy.appspot.com/history?os=linux'
DEB_URL = 'https://dl.google.com/linux/chrome/deb/pool/main/g'
BUCKET_URL = 'https://commondatastorage.googleapis.com/chromium-browser-official'
JSON_PATH = dirname(abspath(__file__)) + '/upstream-info.json'
def load_json(path):
with open(path, 'r') as f:
return json.load(f)
def nix_prefetch_url(url, algo='sha256'):
print(f'nix-prefetch-url {url}')
out = subprocess.check_output(['nix-prefetch-url', '--type', algo, url])
return out.decode('utf-8').rstrip()
def nix_prefetch_git(url, rev):
print(f'nix-prefetch-git {url} {rev}')
out = subprocess.check_output(['nix-prefetch-git', '--quiet', '--url', url, '--rev', rev])
return json.loads(out)
def get_file_revision(revision, file_path):
url = f'https://raw.githubusercontent.com/chromium/chromium/{revision}/{file_path}'
with urlopen(url) as http_response:
return http_response.read()
def get_matching_chromedriver(version):
# See https://chromedriver.chromium.org/downloads/version-selection
build = re.sub('.[0-9]+$', '', version)
chromedriver_version_url = f'https://chromedriver.storage.googleapis.com/LATEST_RELEASE_{build}'
with urlopen(chromedriver_version_url) as http_response:
chromedriver_version = http_response.read().decode()
def get_chromedriver_url(system):
return f'https://chromedriver.storage.googleapis.com/{chromedriver_version}/chromedriver_{system}.zip'
return {
'version': chromedriver_version,
'sha256_linux': nix_prefetch_url(get_chromedriver_url('linux64')),
'sha256_darwin': nix_prefetch_url(get_chromedriver_url('mac64'))
}
def get_channel_dependencies(channel):
deps = get_file_revision(channel['version'], 'DEPS')
gn_pattern = b"'gn_version': 'git_revision:([0-9a-f]{40})'"
gn_commit = re.search(gn_pattern, deps).group(1).decode()
gn = nix_prefetch_git('https://gn.googlesource.com/gn', gn_commit)
return {
'gn': {
'version': datetime.fromisoformat(gn['date']).date().isoformat(),
'url': gn['url'],
'rev': gn['rev'],
'sha256': gn['sha256']
}
}
channels = {}
last_channels = load_json(JSON_PATH)
print(f'GET {HISTORY_URL}', file=sys.stderr)
with urlopen(HISTORY_URL) as resp:
builds = csv.DictReader(iterdecode(resp, 'utf-8'))
for build in builds:
channel_name = build['channel']
# If we've already found a newer build for this channel, we're
# no longer interested in it.
if channel_name in channels:
continue
# If we're back at the last build we used, we don't need to
# keep going -- there's no new version available, and we can
# just reuse the info from last time.
if build['version'] == last_channels[channel_name]['version']:
channels[channel_name] = last_channels[channel_name]
continue
channel = {'version': build['version']}
suffix = 'unstable' if channel_name == 'dev' else channel_name
try:
channel['sha256'] = nix_prefetch_url(f'{BUCKET_URL}/chromium-{build["version"]}.tar.xz')
channel['sha256bin64'] = nix_prefetch_url(f'{DEB_URL}/google-chrome-{suffix}/google-chrome-{suffix}_{build["version"]}-1_amd64.deb')
except subprocess.CalledProcessError:
# This build isn't actually available yet. Continue to
# the next one.
continue
channel['deps'] = get_channel_dependencies(channel)
if channel_name == 'stable':
channel['chromedriver'] = get_matching_chromedriver(channel['version'])
channels[channel_name] = channel
with open(JSON_PATH, 'w') as out:
def get_channel_key(item):
channel_name = item[0]
if channel_name == 'stable':
return 0
elif channel_name == 'beta':
return 1
elif channel_name == 'dev':
return 2
else:
print(f'Error: Unexpected channel: {channel_name}', file=sys.stderr)
sys.exit(1)
sorted_channels = OrderedDict(sorted(channels.items(), key=get_channel_key))
json.dump(sorted_channels, out, indent=2)
out.write('\n')

View file

@ -1,46 +0,0 @@
{
"stable": {
"version": "87.0.4280.88",
"sha256": "1h09g9b2zxad85vd146ymvg3w2kpngpi78yig3dn1vrmhwr4aiiy",
"sha256bin64": "0n3fm6wf8zfkv135d50xl8xxrnng3q55vyxkck1da8jyvh18bijb",
"deps": {
"gn": {
"version": "2020-09-09",
"url": "https://gn.googlesource.com/gn",
"rev": "e002e68a48d1c82648eadde2f6aafa20d08c36f2",
"sha256": "0x4c7amxwzxs39grqs3dnnz0531mpf1p75niq7zhinyfqm86i4dk"
}
},
"chromedriver": {
"version": "87.0.4280.88",
"sha256_linux": "141mr2jiy3nslwd3s43m4i6plkv9wv5fgi78cn7mz0ac9x6fpcgx",
"sha256_darwin": "048hsqp6575r980m769lzznvxypmfcwn89f1d3ik751ymzmb5r78"
}
},
"beta": {
"version": "88.0.4324.27",
"sha256": "0mciiyh3sn2zrl8g6znylc2pm9sb0wzsclgavf7mmlknri5sjblc",
"sha256bin64": "0qf2j1j3p94s724rwh8fydpjn88cs9yxxhjf5axvqwi7q3h35cfx",
"deps": {
"gn": {
"version": "2020-11-05",
"url": "https://gn.googlesource.com/gn",
"rev": "53d92014bf94c3893886470a1c7c1289f8818db0",
"sha256": "1xcm07qjk6m2czi150fiqqxql067i832adck6zxrishm70c9jbr9"
}
}
},
"dev": {
"version": "89.0.4343.0",
"sha256": "0jmc1l0lysl5zax98fjhzsfq3c1sqh3n3xscidafflx362wcfpwa",
"sha256bin64": "1v6xik8kf531y0g5xj0c8szjmak0qvh77kwkw7p7hqxqmnwwp06d",
"deps": {
"gn": {
"version": "2020-11-05",
"url": "https://gn.googlesource.com/gn",
"rev": "53d92014bf94c3893886470a1c7c1289f8818db0",
"sha256": "1xcm07qjk6m2czi150fiqqxql067i832adck6zxrishm70c9jbr9"
}
}
}
}

View file

@ -2,6 +2,6 @@
callPackage ./generic.nix {
inherit buildGoPackage;
version = "0.11.7";
sha256 = "sha256-wp1Je+I3iijD/pHHQtylMQhOiVhS6AT/y2/pUiLr0M4=";
version = "0.11.8";
sha256 = "1dhh07bifr02jh2lls8fv1d9ra67ymgh8qxqvpvm0cd0qdd469z1";
}

View file

@ -2,6 +2,6 @@
callPackage ./generic.nix {
inherit buildGoPackage;
version = "0.12.7";
sha256 = "0y1nwmpc4fqgjyb19n1f2w4y5k7fy4p68v2vnnry11nj3im7ia14";
version = "0.12.9";
sha256 = "1a0ig6pb0z3qp7zk4jgz3h241bifmjlyqsfikyy3sxdnzj7yha27";
}

View file

@ -47,13 +47,13 @@ in
stdenv.mkDerivation rec {
pname = "gdm";
version = "3.38.2";
version = "3.38.2.1";
outputs = [ "out" "dev" ];
src = fetchurl {
url = "mirror://gnome/sources/gdm/${stdenv.lib.versions.majorMinor version}/${pname}-${version}.tar.xz";
sha256 = "1k2k3rv10y9dppp6ffz6gqi2p6s3g03bxjyy8njvcjyxqdk6d8i5";
sha256 = "yliiBdXr/L2rVqEXFriY4Wrl3/Ia7nnQdgRkRGKOxNo=";
};
mesonFlags = [

View file

@ -1,23 +1,22 @@
{ stdenv, fetchFromGitHub, makeWrapper, arduino-cli, ruby, python3, patchelf }:
{ stdenv, fetchFromGitHub, makeWrapper, arduino-cli, ruby, python3 }:
let
runtimePath = stdenv.lib.makeBinPath [
arduino-cli
(python3.withPackages (ps: [ ps.pyserial ])) # required by esp32 core
patchelf # required by esp32 core
python3 # required by the esp8266 core
];
in
stdenv.mkDerivation rec {
pname = "arduino-ci";
version = "0.1.0";
version = "0.2.0";
src = fetchFromGitHub {
owner = "pololu";
repo = "arduino-ci";
rev = "v${version}";
sha256 = "sha256-uLCLupzJ446WcxXZtzJk1wnae+k1NTSy0cGHLqW7MZU=";
sha256 = "sha256-9RbBxgwsSQ7oGGKr1Vsn9Ug9AsacoRgvQgd9jbRQ034=";
};
nativeBuildInputs = [ makeWrapper ];

View file

@ -4,7 +4,7 @@
, curl
}:
let
version = "2020.1.3";
version = "2020.3.4";
shortVersion = builtins.substring 0 6 version;
in
stdenv.mkDerivation rec {
@ -13,7 +13,7 @@ stdenv.mkDerivation rec {
src = fetchurl {
url = "mirror://sourceforge/flightgear/release-${shortVersion}/${pname}-${version}.tar.bz2";
sha256 = "1l8kiicm0klbx0b05994vqd8a8wj7k0djbbg41a6i3q5d17jrnk6";
sha256 = "1laa8dllpvf2z0cjxx22ravdf1d7a18bm708gd2ny35fhjfibm0h";
};
nativeBuildInputs = [ cmake ];

View file

@ -1,34 +0,0 @@
{ lib
, buildPythonPackage
, fetchPypi
, numpy
, pandas
, pytestrunner
, pytest
, h5py
}:
buildPythonPackage rec {
pname = "awkward";
version = "0.14.0";
src = fetchPypi {
inherit pname version;
sha256 = "6a3878f46e8bc2acf28a0b9feb69d354ad2fee2a2a0f65c48c115aa74f245204";
};
nativeBuildInputs = [ pytestrunner ];
checkInputs = [ pandas pytest h5py ];
propagatedBuildInputs = [ numpy ];
checkPhase = ''
py.test
'';
meta = with lib; {
description = "Manipulate jagged, chunky, and/or bitmasked arrays as easily as Numpy";
homepage = "https://github.com/scikit-hep/awkward-array";
license = licenses.bsd3;
maintainers = [ maintainers.costrouc ];
};
}

View file

@ -0,0 +1,39 @@
{ lib
, buildPythonPackage
, fetchFromGitHub
, numpy
, pandas
, pytestrunner
, pytestCheckHook
}:
buildPythonPackage rec {
pname = "awkward0";
version = "0.15.1";
src = fetchFromGitHub {
owner = "scikit-hep";
repo = "awkward-0.x";
rev = version;
sha256 = "17zrw25h6g5m4ik1c5piqb7q2bxrshfm4hm3lzfz4s8gi0xjm5gz";
};
nativeBuildInputs = [ pytestrunner ];
propagatedBuildInputs = [ numpy ];
checkInputs = [ pandas pytestCheckHook ];
checkPhase = ''
# Almost all tests in this file fail
rm tests/test_persist.py
py.test
'';
meta = with lib; {
description = "Manipulate jagged, chunky, and/or bitmasked arrays as easily as Numpy";
homepage = "https://github.com/scikit-hep/awkward-array";
license = licenses.bsd3;
maintainers = with maintainers; [ costrouc SuperSandro2000 ];
};
}

View file

@ -13,11 +13,11 @@
buildPythonPackage rec {
pname = "boto3";
version = "1.16.37"; # N.B: if you change this, change botocore too
version = "1.16.38"; # N.B: if you change this, change botocore too
src = fetchPypi {
inherit pname version;
sha256 = "01d4mk1q37dc5l5jmsxm7fijmhq7678ka1bd4p8a8yj57mmw51pf";
sha256 = "1xxvpf0q8xiz1cr5q1m4pdpzbhjriw3j6afi5dwvrrq9sh3x7pqx";
};
propagatedBuildInputs = [ botocore jmespath s3transfer ] ++ lib.optionals (!isPy3k) [ futures ];

View file

@ -12,11 +12,11 @@
buildPythonPackage rec {
pname = "botocore";
version = "1.19.37"; # N.B: if you change this, change boto3 and awscli to a matching version
version = "1.19.38"; # N.B: if you change this, change boto3 and awscli to a matching version
src = fetchPypi {
inherit pname version;
sha256 = "14bl9sklilrz0fsch4zw1rx8zdq6h9va2786wxn36yax8n2i5gv7";
sha256 = "12ipyrm5180lf00q6v669mrfkpw6x4rhzd7fsp6qzz3g1hdwn7hz";
};
propagatedBuildInputs = [

View file

@ -1,6 +1,7 @@
{ stdenv
, buildPythonPackage
, fetchPypi
, isPy27
, six
, pytest_4
, hypothesis_4
@ -11,6 +12,8 @@ buildPythonPackage rec {
pname = "pyrsistent";
version = "0.17.3";
disabled = isPy27;
src = fetchPypi {
inherit pname version;
sha256 = "2e636185d9eb976a18a8a8e96efce62f2905fea90041958d8cc2a189756ebf3e";

View file

@ -1,28 +0,0 @@
{ stdenv
, buildPythonPackage
, fetchPypi
, numpy
, awkward
}:
buildPythonPackage rec {
version = "0.9.1";
pname = "uproot-methods";
src = fetchPypi {
inherit pname version;
sha256 = "accb4392c59a1485ce3ee6d78a6fd163731ade8b9b5208e7bde8fa1767aef097";
};
propagatedBuildInputs = [ numpy awkward ];
# No tests on PyPi
doCheck = false;
meta = with stdenv.lib; {
homepage = "https://github.com/scikit-hep/uproot-methods";
description = "Pythonic mix-ins for ROOT classes";
license = licenses.bsd3;
maintainers = [ maintainers.costrouc ];
};
}

View file

@ -1,59 +0,0 @@
{ lib, fetchPypi, buildPythonPackage, isPy27
, awkward
, backports_lzma
, cachetools
, lz4
, pandas
, pytestrunner
, pytest
, pkgconfig
, mock
, numpy
, requests
, uproot-methods
, xxhash
}:
buildPythonPackage rec {
pname = "uproot";
version = "3.13.1";
src = fetchPypi {
inherit pname version;
sha256 = "099b0b274dc000faf724df835579c76306e60200a5ba7b600a0c4b76dabbf344";
};
nativeBuildInputs = [ pytestrunner ];
checkInputs = [
lz4
mock
pandas
pkgconfig
pytest
requests
xxhash
] ++ lib.optional isPy27 backports_lzma;
propagatedBuildInputs = [
numpy
cachetools
uproot-methods
awkward
];
# skip tests which do network calls
# test_compression.py is missing zstandard package
checkPhase = ''
pytest tests -k 'not hist_in_tree \
and not branch_auto_interpretation' \
--ignore=tests/test_compression.py
'';
meta = with lib; {
homepage = "https://github.com/scikit-hep/uproot";
description = "ROOT I/O in pure Python and Numpy";
license = licenses.bsd3;
maintainers = with maintainers; [ ktf ];
};
}

View file

@ -0,0 +1,30 @@
{ stdenv
, buildPythonPackage
, fetchPypi
, numpy
, awkward0
}:
buildPythonPackage rec {
version = "0.10.0";
pname = "uproot3-methods";
src = fetchPypi {
inherit pname version;
sha256 = "1rk9i1ra3panli96ghz80ddpqk77xb1kpxs3wf8rw0jy5d88pc26";
};
nativeBuildInputs = [ awkward0 ];
propagatedBuildInputs = [ numpy awkward0 ];
# No tests on PyPi
doCheck = false;
meta = with stdenv.lib; {
homepage = "https://github.com/scikit-hep/uproot3-methods";
description = "Pythonic mix-ins for ROOT classes";
license = licenses.bsd3;
maintainers = with maintainers; [ costrouc SuperSandro2000 ];
};
}

View file

@ -0,0 +1,44 @@
{ lib, fetchFromGitHub, buildPythonPackage, isPy27
, awkward0, backports_lzma, cachetools, lz4, pandas
, pytestCheckHook, pytestrunner, pkgconfig, mock
, numpy, requests, uproot3-methods, xxhash, zstandard
}:
buildPythonPackage rec {
pname = "uproot3";
version = "3.14.1";
src = fetchFromGitHub {
owner = "scikit-hep";
repo = "uproot3";
rev = version;
sha256 = "1npwh4l96wg3m24jhfc8i84nfwfc18flrmymf80fx101wmpi2qz8";
};
nativeBuildInputs = [ pytestrunner ];
propagatedBuildInputs = [
awkward0
cachetools
lz4
numpy
uproot3-methods
xxhash
zstandard
] ++ lib.optional isPy27 backports_lzma;
checkInputs = [
mock
pandas
pkgconfig
pytestCheckHook
requests
] ++ lib.optional isPy27 backports_lzma;
meta = with lib; {
homepage = "https://github.com/scikit-hep/uproot3";
description = "ROOT I/O in pure Python and Numpy";
license = licenses.bsd3;
maintainers = with maintainers; [ ktf SuperSandro2000 ];
};
}

View file

@ -4,14 +4,14 @@
stdenv.mkDerivation rec {
pname = "sbt-extras";
rev = "be2f5d98f13884a18eaf5205458f985575dbe13a";
version = "2020-11-23";
rev = "32cf43b58f91bd3b7063baa9f2d75d4af45d9c4b";
version = "2020-12-17";
src = fetchFromGitHub {
owner = "paulp";
repo = "sbt-extras";
inherit rev;
sha256 = "00acnj357fcwx7w25axaj0l5ync97ixsixg8s55r7hwibkxn0fa7";
sha256 = "046xr3x73p63xnfakq981gvl299l5fahxgnn0bacvp7pa8g99dv2";
};
dontBuild = true;

View file

@ -2,16 +2,16 @@
rustPlatform.buildRustPackage rec {
pname = "wrangler";
version = "1.12.2";
version = "1.12.3";
src = fetchFromGitHub {
owner = "cloudflare";
repo = pname;
rev = "v${version}";
sha256 = "1w0j6if1fnih1036hlb9a3c6wgjw4p057llhjf0f3d568ah1244a";
sha256 = "1h9020yf5jsbilzn94h7qyxw9qnz3vw43g8a2415wvjqq6ihzfvm";
};
cargoSha256 = "0d9wvdjjakznz8dnqx4gqxh0xkxrh4229460hg6dr9qn492p7nfx";
cargoSha256 = "12azc41y2yx936ax9b1yylc0gy91k0m7ih6p0bkw7m928f762hpx";
nativeBuildInputs = [ perl ] ++ stdenv.lib.optionals stdenv.isLinux [ pkg-config ];

View file

@ -6,7 +6,7 @@
}:
let
version = "2020.1.2";
version = "2020.3.4";
shortVersion = builtins.substring 0 6 version;
data = stdenv.mkDerivation rec {
pname = "flightgear-data";
@ -14,7 +14,7 @@ let
src = fetchurl {
url = "mirror://sourceforge/flightgear/release-${shortVersion}/FlightGear-${version}-data.tar.bz2";
sha256 = "0ldsjb54k8nb99h6n4f4x20nawd2pa0a8skkwkrgckdpmdv0zwyk";
sha256 = "1cqikbqvidfaynml9bhqfr9yw5ga35gpqrbz62z94a1skdijkpkg";
};
phases = [ "installPhase" ];
@ -32,7 +32,7 @@ stdenv.mkDerivation rec {
src = fetchurl {
url = "mirror://sourceforge/flightgear/release-${shortVersion}/${pname}-${version}.tar.bz2";
sha256 = "1770kgwa7z70sx6da9x1q9cszpd3ywz6nn8jrb6xv8ldjqcpqpvb";
sha256 = "02d9h10p8hyn0a25csragj6pbwmrir1z8zb92023s9vi21j7bwy8";
};
# Of all the files in the source and data archives, there doesn't seem to be

View file

@ -0,0 +1,70 @@
{ stdenv
, fetchurl
, libarchive
, doxygen
, SDL
}:
let
pname = "dgen-sdl";
version = "1.33";
in stdenv.mkDerivation {
inherit pname version;
src = fetchurl {
url = "https://sourceforge.net/projects/dgen/files/dgen/${version}/${pname}-${version}.tar.gz";
hash = "sha256-meLAYBfCKHPHf4gYbrzAmGckTrbgQsdjuwlLArje9h4=";
};
buildInputs = [ SDL libarchive ];
configureFlags = [
"--enable-joystick"
"--enable-debugger"
"--enable-debug-vdp"
"--enable-pico" # experimental
"--enable-vgmdump"
"--with-star=no" # Needs ASM support
"--with-musa"
"--with-cyclone=no" # Needs ASM support
"--with-mz80"
"--with-cz80"
"--with-drz80=no" # Needs ASM support
"--with-dz80"
];
meta = with stdenv.lib; {
homepage = "https://dgen.sourceforge.net/";
description = "Sega Genesis/Mega Drive emulator";
longDescription = ''
DGen/SDL is a free, open source emulator for Sega Genesis/Mega Drive
systems. DGen was originally written by Dave, then ported to SDL by Joe
Groff and Phil K. Hornung in 1998.
It features:
- Game Genie/Hex codes support
- PAL/NTSC, fullscreen modes
- Joypad/joystick support
- Mouse support
- Highly configurable controls
- OpenGL textured video output
- Portable (64bit, endian safe), runs in Windows using MinGW
- Screenshots, demos recording and playback
- Musashi (generic) and StarScream (x86only) CPU cores
- Cyclone 68000 and DrZ80 (both ARMonly) CPU cores
- CZ80 (generic) and MZ80 (generic and x86only versions)
- 16bit, 8000 to 48000Hz sound output
- Support for 8, 15, 16, 24 and 32 bpp modes
- Archived/compressed ROMs support
- M68K debugger (contributed by Edd Barrett)
- Z80 debugger
- hqx and scale2x upscaling filters
- VGM dumping
'';
license = licenses.mit;
maintainers = with maintainers; [ AndersonTorres ];
platforms = with platforms; unix;
};
}
# TODO: implement configure options

View file

@ -10,13 +10,13 @@
"url": "https://github.com/anthraxx/linux-hardened/releases/download/4.19.163.a/linux-hardened-4.19.163.a.patch"
},
"5.4": {
"name": "linux-hardened-5.4.83.a.patch",
"sha256": "08srahgfzynv2bfd0ym6vgl1c0xjfqg6qvgzlq85y9pb7fain5yp",
"url": "https://github.com/anthraxx/linux-hardened/releases/download/5.4.83.a/linux-hardened-5.4.83.a.patch"
"name": "linux-hardened-5.4.84.a.patch",
"sha256": "1pwij0bxgf61ahi6fa8qwrr85yhx92z4sif71kdgxkbwcw9qwyzs",
"url": "https://github.com/anthraxx/linux-hardened/releases/download/5.4.84.a/linux-hardened-5.4.84.a.patch"
},
"5.9": {
"name": "linux-hardened-5.9.14.a.patch",
"sha256": "1rr61s9k7nmr27r4vkgpvvra7r8ksi6h6axf5kcbx7krbgdmwmfv",
"url": "https://github.com/anthraxx/linux-hardened/releases/download/5.9.14.a/linux-hardened-5.9.14.a.patch"
"name": "linux-hardened-5.9.15.a.patch",
"sha256": "1iqkw4mnr1p9wzfmjy5lawc6cn9wvg05xsak24fzbp1i22h4dfz4",
"url": "https://github.com/anthraxx/linux-hardened/releases/download/5.9.15.a/linux-hardened-5.9.15.a.patch"
}
}

View file

@ -6,7 +6,7 @@
, ... } @ args:
let
version = "5.10-rt17"; # updated by ./update-rt.sh
version = "5.10.1-rt19"; # updated by ./update-rt.sh
branch = lib.versions.majorMinor version;
kversion = builtins.elemAt (lib.splitString "-" version) 0;
in buildLinux (args // {
@ -18,14 +18,14 @@ in buildLinux (args // {
src = fetchurl {
url = "mirror://kernel/linux/kernel/v5.x/linux-${kversion}.tar.xz";
sha256 = "0hyav21vzz5v1kgb455pcz9ncg5qqzxmp60na290scwq7vj9kpyw";
sha256 = "0p2fl7kl4ckphq17xir7n7vgrzlhbdqmyd2yyp4yilwvih9625pd";
};
kernelPatches = let rt-patch = {
name = "rt";
patch = fetchurl {
url = "mirror://kernel/linux/kernel/projects/rt/${branch}/older/patch-${version}.patch.xz";
sha256 = "0baf7363f6h3smr4lgw88dbpf4977j6c1asifyhc8zhd7100ckhn";
sha256 = "0hihi7p866alh03ziz8q1l0p3sxi437h4a45c5dlv9lrg6f177qb";
};
}; in [ rt-patch ] ++ lib.remove rt-patch kernelPatches;

View file

@ -15,16 +15,16 @@
rustPlatform.buildRustPackage rec {
pname = "nushell";
version = "0.23.0";
version = "0.24.1";
src = fetchFromGitHub {
owner = pname;
repo = pname;
rev = version;
sha256 = "0rbg0jchg59x0g4h0xahdm9qah8l8g4i2s8lkaqzdkm4yv29gqx4";
sha256 = "0nza860gg9lnkld9c7is93fmfxl9yay8yf2f18h16cgjk3n686kd";
};
cargoSha256 = "1sbgn68n0rqh1m98dm3r2a3pqqqx4v7axw5djw8qlx4gv7xw1ql0";
cargoSha256 = "1mb6ws2zw089cx475c1vpvvxkzi8by6wmw4frans5lbl3a2lldl0";
nativeBuildInputs = [ pkg-config ]
++ lib.optionals (withStableFeatures && stdenv.isLinux) [ python3 ];

View file

@ -5,15 +5,15 @@
, nix, nixfmt, jq, coreutils, gnused, curl, cacert }:
stdenv.mkDerivation rec {
version = "2020-12-14";
version = "2020-12-16";
pname = "oh-my-zsh";
rev = "f2a4b2b17bbf9103dd90d23a73163e9b4e0e47f1";
rev = "b28665aebb4c1b07a57890eb59551bc51d0acf37";
src = fetchFromGitHub {
inherit rev;
owner = "ohmyzsh";
repo = "ohmyzsh";
sha256 = "1kcrdvasphlrxcx5yzhlb5nmnzbbybl9lzp85r6bscsjsmgi7ssc";
sha256 = "00m8d992jhbkd8mhm6zhirk9ga3dfzhh8idn2yp40yk7wdbzrd74";
};
installPhase = ''

View file

@ -28,11 +28,11 @@ let
in with py.pkgs; buildPythonApplication rec {
pname = "awscli";
version = "1.18.197"; # N.B: if you change this, change botocore to a matching version too
version = "1.18.198"; # N.B: if you change this, change botocore to a matching version too
src = fetchPypi {
inherit pname version;
sha256 = "0m73ks5ans135vrwmbd4fpbmi7mgiqj0dmlx4ximk0jh7hbl7rcb";
sha256 = "0zcjx2gh9s1mak9cc9bmydg0f68id4rwhhpcaqqkcd3p37swyr2b";
};
postPatch = ''

View file

@ -23,16 +23,16 @@ assert pythonSupport -> pythonPackages != null;
rustPlatform.buildRustPackage rec {
pname = "sequoia";
version = "0.20.0";
version = "1.0.0";
src = fetchFromGitLab {
owner = "sequoia-pgp";
repo = "sequoia";
rev = "v${version}";
sha256 = "sha256-br5GRzWprQTixNrE0WpNIB7Ayj5oEfyCg5JY4MnX5rA=";
sha256 = "0y80bl786m29ww3272qsl1ql0xc3pwd6iiqlkv3nmhnjsmygbn0d";
};
cargoSha256 = "sha256-SpCdoLCtvU9jpG/ivB/+4KhRdKZxN3/+7P/RlR6n9/c=";
cargoSha256 = "03ngywa5z0c7qmdmhynk13xcivhg8gpivvpzg2gxp34gfr7j438l";
nativeBuildInputs = [
pkg-config

View file

@ -2009,6 +2009,8 @@ in
dlx = callPackage ../misc/emulators/dlx { };
dgen-sdl = callPackage ../misc/emulators/dgen-sdl { };
doitlive = callPackage ../tools/misc/doitlive { };
dokuwiki = callPackage ../servers/web-apps/dokuwiki { };
@ -24471,7 +24473,10 @@ in
uefitoolPackages = recurseIntoAttrs (callPackage ../tools/system/uefitool/variants.nix {});
uefitool = uefitoolPackages.new-engine;
ungoogled-chromium = callPackage ../applications/networking/browsers/ungoogled-chromium (config.chromium or {});
ungoogled-chromium = callPackage ../applications/networking/browsers/chromium ((config.chromium or {}) // {
ungoogled = true;
channel = "ungoogled-chromium";
});
unigine-valley = callPackage ../applications/graphics/unigine-valley { };

View file

@ -504,7 +504,7 @@ in {
awesome-slugify = callPackage ../development/python-modules/awesome-slugify { };
awkward = callPackage ../development/python-modules/awkward { };
awkward0 = callPackage ../development/python-modules/awkward0 { };
awkward1 = callPackage ../development/python-modules/awkward1 { };
aws-adfs = callPackage ../development/python-modules/aws-adfs { };
@ -7628,9 +7628,9 @@ in {
update-dotdee = callPackage ../development/python-modules/update-dotdee { };
uproot = callPackage ../development/python-modules/uproot { };
uproot3 = callPackage ../development/python-modules/uproot3 { };
uproot-methods = callPackage ../development/python-modules/uproot-methods { };
uproot3-methods = callPackage ../development/python-modules/uproot3-methods { };
uptime = callPackage ../development/python-modules/uptime { };