diff --git a/doc/languages-frameworks/java.section.md b/doc/languages-frameworks/java.section.md index 371bdf6323fb..0ce1442cca68 100644 --- a/doc/languages-frameworks/java.section.md +++ b/doc/languages-frameworks/java.section.md @@ -4,12 +4,31 @@ Ant-based Java packages are typically built from source as follows: ```nix stdenv.mkDerivation { - name = "..."; + pname = "..."; + version = "..."; + src = fetchurl { ... }; - nativeBuildInputs = [ jdk ant ]; + nativeBuildInputs = [ + ant + jdk + stripJavaArchivesHook # removes timestamp metadata from jar files + ]; - buildPhase = "ant"; + buildPhase = '' + runHook preBuild + ant # build the project using ant + runHook postBuild + ''; + + installPhase = '' + runHook preInstall + + # copy generated jar file(s) to an appropriate location in $out + install -Dm644 build/foo.jar $out/share/java/foo.jar + + runHook postInstall + ''; } ``` @@ -17,6 +36,10 @@ Note that `jdk` is an alias for the OpenJDK (self-built where available, or pre-built via Zulu). Platforms with OpenJDK not (yet) in Nixpkgs (`Aarch32`, `Aarch64`) point to the (unfree) `oraclejdk`. +Also note that not using `stripJavaArchivesHook` will likely cause the +generated `.jar` files to be non-deterministic, which is not optimal. +Using it, however, does not always guarantee reproducibility. + JAR files that are intended to be used by other packages should be installed in `$out/share/java`. JDKs have a stdenv setup hook that add any JARs in the `share/java` directories of the build inputs to the diff --git a/pkgs/applications/blockchains/bisq-desktop/default.nix b/pkgs/applications/blockchains/bisq-desktop/default.nix index 8e6881f0d7e8..31c044f39c61 100644 --- a/pkgs/applications/blockchains/bisq-desktop/default.nix +++ b/pkgs/applications/blockchains/bisq-desktop/default.nix @@ -9,7 +9,7 @@ , dpkg , writeScript , bash -, strip-nondeterminism +, stripJavaArchivesHook , tor , zip , xz @@ -50,7 +50,7 @@ stdenv.mkDerivation rec { dpkg imagemagick makeWrapper - strip-nondeterminism + stripJavaArchivesHook xz zip findutils @@ -89,7 +89,6 @@ stdenv.mkDerivation rec { tar --sort=name --mtime="@$SOURCE_DATE_EPOCH" -cJf native/linux/x64/tor.tar.xz tor tor_jar_file=$(find ./opt/bisq/lib/app -name "tor-binary-linux64-*.jar") zip -r $tor_jar_file native - strip-nondeterminism ./opt/bisq/lib/app/*.jar ''; installPhase = '' diff --git a/pkgs/applications/misc/calcoo/default.nix b/pkgs/applications/misc/calcoo/default.nix index 5f90b4bb2363..462b56d50ce0 100644 --- a/pkgs/applications/misc/calcoo/default.nix +++ b/pkgs/applications/misc/calcoo/default.nix @@ -2,7 +2,7 @@ , stdenv , fetchzip , ant -, canonicalize-jars-hook +, stripJavaArchivesHook , jdk , makeWrapper }: @@ -18,7 +18,7 @@ stdenv.mkDerivation (finalAttrs: { nativeBuildInputs = [ ant - canonicalize-jars-hook + stripJavaArchivesHook jdk makeWrapper ]; diff --git a/pkgs/applications/misc/mkgmap/default.nix b/pkgs/applications/misc/mkgmap/default.nix index ee0c2043a6b4..7f97818c7452 100644 --- a/pkgs/applications/misc/mkgmap/default.nix +++ b/pkgs/applications/misc/mkgmap/default.nix @@ -6,6 +6,7 @@ , jre , ant , makeWrapper +, stripJavaArchivesHook , doCheck ? true , withExamples ? false }: @@ -30,10 +31,6 @@ stdenv.mkDerivation rec { ]; postPatch = with deps; '' - # Fix the output jar timestamps for reproducibility - substituteInPlace build.xml \ - --replace-fail ' build/classes/mkgmap-version.properties << EOF @@ -61,7 +58,7 @@ stdenv.mkDerivation rec { '') testInputs} ''; - nativeBuildInputs = [ jdk ant makeWrapper ]; + nativeBuildInputs = [ jdk ant makeWrapper stripJavaArchivesHook ]; buildPhase = '' runHook preBuild diff --git a/pkgs/applications/misc/mkgmap/splitter/default.nix b/pkgs/applications/misc/mkgmap/splitter/default.nix index 010b140e9bf9..801af789d47d 100644 --- a/pkgs/applications/misc/mkgmap/splitter/default.nix +++ b/pkgs/applications/misc/mkgmap/splitter/default.nix @@ -6,6 +6,7 @@ , jre , ant , makeWrapper +, stripJavaArchivesHook , doCheck ? true }: let @@ -30,10 +31,6 @@ stdenv.mkDerivation rec { ]; postPatch = with deps; '' - # Fix the output jar timestamps for reproducibility - substituteInPlace build.xml \ - --replace-fail ' build/classes/splitter-version.properties << EOF @@ -58,7 +55,7 @@ stdenv.mkDerivation rec { '') testInputs} ''; - nativeBuildInputs = [ jdk ant makeWrapper ]; + nativeBuildInputs = [ jdk ant makeWrapper stripJavaArchivesHook ]; buildPhase = '' runHook preBuild diff --git a/pkgs/applications/misc/pattypan/default.nix b/pkgs/applications/misc/pattypan/default.nix index aac0da8b4c40..c1f5aa84b0eb 100644 --- a/pkgs/applications/misc/pattypan/default.nix +++ b/pkgs/applications/misc/pattypan/default.nix @@ -7,7 +7,7 @@ , wrapGAppsHook , makeDesktopItem , copyDesktopItems -, canonicalize-jars-hook +, stripJavaArchivesHook }: stdenv.mkDerivation (finalAttrs: { @@ -27,7 +27,7 @@ stdenv.mkDerivation (finalAttrs: { makeWrapper wrapGAppsHook copyDesktopItems - canonicalize-jars-hook + stripJavaArchivesHook ]; dontWrapGApps = true; diff --git a/pkgs/applications/networking/remote/dayon/default.nix b/pkgs/applications/networking/remote/dayon/default.nix index a68a6eddd334..ea46ec131fbc 100644 --- a/pkgs/applications/networking/remote/dayon/default.nix +++ b/pkgs/applications/networking/remote/dayon/default.nix @@ -6,7 +6,7 @@ , jre , makeWrapper , copyDesktopItems -, canonicalize-jars-hook +, stripJavaArchivesHook }: stdenv.mkDerivation (finalAttrs: { @@ -25,7 +25,7 @@ stdenv.mkDerivation (finalAttrs: { jdk makeWrapper copyDesktopItems - canonicalize-jars-hook + stripJavaArchivesHook ]; buildPhase = '' diff --git a/pkgs/applications/office/jameica/default.nix b/pkgs/applications/office/jameica/default.nix index 683d51bf43f2..66d2a80c5555 100644 --- a/pkgs/applications/office/jameica/default.nix +++ b/pkgs/applications/office/jameica/default.nix @@ -4,6 +4,7 @@ , makeDesktopItem , makeWrapper , wrapGAppsHook +, stripJavaArchivesHook , ant , jdk , jre @@ -46,13 +47,7 @@ stdenv.mkDerivation rec { hash = "sha256-MSVSd5DyVL+dcfTDv1M99hxickPwT2Pt6QGNsu6DGZI="; }; - postPatch = '' - # Fix jar timestamps for reproducibility - substituteInPlace build/build.xml \ - --replace-fail '/dev/null - # -q|--quiet, -r|--recurse-paths - # -o|--latest-time: canonicalizes overall archive mtime - # -X|--no-extra: don't store platform-specific extra file attribute fields - @zip@ -qroX "$outer/tmp-out.jar" . 2> /dev/null - popd 2>/dev/null - rm -rf "$input-tmp" - mv "$outer/tmp-out.jar" "$input" -} - -# See also the Java specification's JAR requirements: -# https://docs.oracle.com/javase/8/docs/technotes/guides/jar/jar.html#Notes_on_Manifest_and_Signature_Files -canonicalizeJarManifest() { - local input='' - input="$(realpath -sm -- "$1")" - (head -n 1 "$input" && tail -n +2 "$input" | sort | grep -v '^\s*$') > "$input-tmp" - mv "$input-tmp" "$input" -} diff --git a/pkgs/build-support/setup-hooks/canonicalize-jars.sh b/pkgs/build-support/setup-hooks/canonicalize-jars.sh deleted file mode 100644 index 5137bfc94b01..000000000000 --- a/pkgs/build-support/setup-hooks/canonicalize-jars.sh +++ /dev/null @@ -1,16 +0,0 @@ -# This setup hook causes the fixup phase to repack all JAR files in a -# canonical & deterministic fashion, e.g. resetting mtimes (like with normal -# store files) and avoiding impure metadata. - -fixupOutputHooks+=('if [ -z "$dontCanonicalizeJars" -a -e "$prefix" ]; then canonicalizeJarsIn "$prefix"; fi') - -canonicalizeJarsIn() { - local dir="$1" - echo "canonicalizing jars in $dir" - dir="$(realpath -sm -- "$dir")" - while IFS= read -rd '' f; do - canonicalizeJar "$f" - done < <(find -- "$dir" -type f -name '*.jar' -print0) -} - -source @canonicalize_jar@ diff --git a/pkgs/build-support/setup-hooks/strip-java-archives.sh b/pkgs/build-support/setup-hooks/strip-java-archives.sh new file mode 100644 index 000000000000..22322468f76d --- /dev/null +++ b/pkgs/build-support/setup-hooks/strip-java-archives.sh @@ -0,0 +1,16 @@ +# This setup hook makes the fixup phase to repack all java archives in a +# deterministic fashion. The most important change being done is the resetting +# of the modification times of the archive entries + +fixupOutputHooks+=('stripJavaArchivesIn $prefix') + +stripJavaArchivesIn() { + local dir="$1" + echo "stripping java archives in $dir" + find $dir -type f -regextype posix-egrep -regex ".*\.(jar|war|hpi|apk)$" -print0 | + while IFS= read -rd '' f; do + echo "stripping java archive $f" + strip-nondeterminism --type jar "$f" + done +} + diff --git a/pkgs/by-name/jo/jogl/package.nix b/pkgs/by-name/jo/jogl/package.nix index 3919ee1e0e0f..5157fe679771 100644 --- a/pkgs/by-name/jo/jogl/package.nix +++ b/pkgs/by-name/jo/jogl/package.nix @@ -5,6 +5,7 @@ , jdk11 , git , xmlstarlet +, stripJavaArchivesHook , xcbuild , udev , xorg @@ -42,13 +43,6 @@ stdenv.mkDerivation { substituteInPlace gluegen/src/java/com/jogamp/common/util/IOUtil.java \ --replace-fail '#!/bin/true' '#!${coreutils}/bin/true' '' - # set timestamp of files in jar to a fixed point in time - + '' - xmlstarlet ed --inplace \ - --append //jar --type attr -n modificationtime --value 1980-01-01T00:00Z \ - gluegen/make/{build.xml,gluegen-cpptasks-base.xml} \ - jogl/make/{build.xml,build-nativewindow.xml,build-jogl.xml} - '' # prevent looking for native libraries in /usr/lib + '' substituteInPlace jogl/make/build-*.xml \ @@ -72,6 +66,7 @@ stdenv.mkDerivation { jdk11 git xmlstarlet + stripJavaArchivesHook ] ++ lib.optionals stdenv.isDarwin [ xcbuild ]; diff --git a/pkgs/by-name/pr/pre2k/package.nix b/pkgs/by-name/pr/pre2k/package.nix index 59353d9806ed..4865269b5565 100644 --- a/pkgs/by-name/pr/pre2k/package.nix +++ b/pkgs/by-name/pr/pre2k/package.nix @@ -5,14 +5,14 @@ python3.pkgs.buildPythonApplication rec { pname = "pre2k"; - version = "3.0-unstable-2024-03-14"; + version = "3.0"; pyproject = true; src = fetchFromGitHub { owner = "garrettfoster13"; repo = "pre2k"; - rev = "3baa7b73aedd45f52e417210081da3dd010c1b22"; - hash = "sha256-0lgH7Z9LuiZwODdFvKWcqS1TV02aVjzD9RgOhX0lU6s="; + rev = "refs/tags/${version}"; + hash = "sha256-z1ttuRos7x/zdWiYYozxWzRarFExd4W5rUYAEiUMugU="; }; pythonRelaxDeps = [ @@ -42,6 +42,7 @@ python3.pkgs.buildPythonApplication rec { meta = with lib; { description = "Tool to query for the existence of pre-windows 2000 computer objects"; homepage = "https://github.com/garrettfoster13/pre2k"; + changelog = "https://github.com/garrettfoster13/pre2k/releases/tag/${version}"; license = licenses.mit; maintainers = with maintainers; [ fab ]; mainProgram = "pre2k"; diff --git a/pkgs/by-name/uv/uv/Cargo.lock b/pkgs/by-name/uv/uv/Cargo.lock index 6c4862001d75..c9f0be4d721f 100644 --- a/pkgs/by-name/uv/uv/Cargo.lock +++ b/pkgs/by-name/uv/uv/Cargo.lock @@ -885,6 +885,15 @@ version = "0.1.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "63dfa964fe2a66f3fde91fc70b267fe193d822c7e603e2a675a49a7f46ad3f49" +[[package]] +name = "deranged" +version = "0.3.11" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b42b6fa04a440b495c8b04d0e71b707c585f83cb9cb28cf8cd0d976c315e31b4" +dependencies = [ + "powerfmt", +] + [[package]] name = "derivative" version = "2.2.0" @@ -1956,6 +1965,15 @@ dependencies = [ "vcpkg", ] +[[package]] +name = "line-wrap" +version = "0.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f30344350a2a51da54c1d53be93fade8a237e545dbcc4bdbe635413f2117cab9" +dependencies = [ + "safemem", +] + [[package]] name = "linked-hash-map" version = "0.5.6" @@ -2168,6 +2186,12 @@ dependencies = [ "windows-sys 0.48.0", ] +[[package]] +name = "num-conv" +version = "0.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "51d515d32fb182ee37cda2ccdcb92950d6a3c2893aa280e540671c2cd0f3b1d9" + [[package]] name = "num-traits" version = "0.2.18" @@ -2256,6 +2280,16 @@ version = "0.2.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "04744f49eae99ab78e0d5c0b603ab218f515ea8cfe5a456d7629ad883a3b6e7d" +[[package]] +name = "os_info" +version = "3.7.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "006e42d5b888366f1880eda20371fedde764ed2213dc8496f49622fa0c99cd5e" +dependencies = [ + "log", + "winapi", +] + [[package]] name = "overload" version = "0.1.1" @@ -2453,11 +2487,26 @@ dependencies = [ name = "platform-tags" version = "0.0.1" dependencies = [ + "insta", "rustc-hash", "serde", "thiserror", ] +[[package]] +name = "plist" +version = "1.6.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e5699cc8a63d1aa2b1ee8e12b9ad70ac790d65788cd36101fa37f87ea46c4cef" +dependencies = [ + "base64 0.21.7", + "indexmap 2.2.5", + "line-wrap", + "quick-xml", + "serde", + "time", +] + [[package]] name = "png" version = "0.17.13" @@ -2486,6 +2535,12 @@ version = "1.6.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "7170ef9988bc169ba16dd36a7fa041e5c4cbeb6a35b76d4c03daded371eae7c0" +[[package]] +name = "powerfmt" +version = "0.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "439ee305def115ba05938db6eb1644ff94165c5ab5e9420d1c1bcedbba909391" + [[package]] name = "ppv-lite86" version = "0.2.17" @@ -2683,6 +2738,15 @@ dependencies = [ "toml", ] +[[package]] +name = "quick-xml" +version = "0.31.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1004a344b30a54e2ee58d66a71b32d2db2feb0a31f9a2d302bf0536f15de2a33" +dependencies = [ + "memchr", +] + [[package]] name = "quote" version = "1.0.35" @@ -3209,6 +3273,12 @@ version = "1.0.17" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "e86697c916019a8588c99b5fac3cead74ec0b4b819707a682fd4d23fa0ce1ba1" +[[package]] +name = "safemem" +version = "0.3.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ef703b7cb59335eae2eb93ceb664c0eb7ea6bf567079d843e09420219668e072" + [[package]] name = "same-file" version = "1.0.6" @@ -3546,6 +3616,16 @@ version = "0.1.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "2047c6ded9c721764247e62cd3b03c09ffc529b2ba5b10ec482ae507a4a70160" +[[package]] +name = "sys-info" +version = "0.9.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0b3a0d0aba8bf96a0e1ddfdc352fc53b3df7f39318c71854910c3c4b024ae52c" +dependencies = [ + "cc", + "libc", +] + [[package]] name = "system-configuration" version = "0.5.1" @@ -3725,6 +3805,37 @@ dependencies = [ "tikv-jemalloc-sys", ] +[[package]] +name = "time" +version = "0.3.34" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c8248b6521bb14bc45b4067159b9b6ad792e2d6d754d6c41fb50e29fefe38749" +dependencies = [ + "deranged", + "itoa", + "num-conv", + "powerfmt", + "serde", + "time-core", + "time-macros", +] + +[[package]] +name = "time-core" +version = "0.1.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ef927ca75afb808a4d64dd374f00a2adf8d0fcff8e7b184af886c3c87ec4a3f3" + +[[package]] +name = "time-macros" +version = "0.2.17" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7ba3a3ef41e6672a2f0f001392bb5dcd3ff0a9992d618ca761a11c3121547774" +dependencies = [ + "num-conv", + "time-core", +] + [[package]] name = "tiny-skia" version = "0.8.4" @@ -4198,7 +4309,7 @@ checksum = "f00cc9702ca12d3c81455259621e676d0f7251cec66a21e98fe2e9a37db93b2a" [[package]] name = "uv" -version = "0.1.21" +version = "0.1.22" dependencies = [ "anstream", "anyhow", @@ -4301,6 +4412,7 @@ dependencies = [ "insta", "itertools 0.12.1", "once_cell", + "pep440_rs", "pep508_rs", "pypi-types", "pyproject-toml", @@ -4359,9 +4471,11 @@ dependencies = [ "hyper 0.14.28", "insta", "install-wheel-rs", + "os_info", "pep440_rs", "pep508_rs", "platform-tags", + "plist", "pypi-types", "reqwest", "reqwest-middleware", @@ -4374,6 +4488,7 @@ dependencies = [ "serde", "serde_json", "sha2", + "sys-info", "task-local-extensions", "tempfile", "thiserror", @@ -4386,6 +4501,7 @@ dependencies = [ "uv-auth", "uv-cache", "uv-fs", + "uv-interpreter", "uv-normalize", "uv-version", "uv-warnings", @@ -4719,7 +4835,7 @@ dependencies = [ [[package]] name = "uv-version" -version = "0.1.21" +version = "0.1.22" [[package]] name = "uv-virtualenv" diff --git a/pkgs/by-name/uv/uv/package.nix b/pkgs/by-name/uv/uv/package.nix index 57404bc33584..322a47bb761f 100644 --- a/pkgs/by-name/uv/uv/package.nix +++ b/pkgs/by-name/uv/uv/package.nix @@ -11,13 +11,13 @@ rustPlatform.buildRustPackage rec { pname = "uv"; - version = "0.1.21"; + version = "0.1.22"; src = fetchFromGitHub { owner = "astral-sh"; repo = "uv"; rev = version; - hash = "sha256-xc1+33BCycl7BJqqcQKLR9Sgg8xTRcF8P7gRIyeRIZ4="; + hash = "sha256-AbixSkwyhj3eBMLvGlodpz7XE3ln0IokNMdu5SOZjOE="; }; cargoLock = { diff --git a/pkgs/development/compilers/abcl/default.nix b/pkgs/development/compilers/abcl/default.nix index e36d8975e26b..317d0d92266d 100644 --- a/pkgs/development/compilers/abcl/default.nix +++ b/pkgs/development/compilers/abcl/default.nix @@ -6,7 +6,7 @@ , jdk , jre , makeWrapper -, canonicalize-jars-hook +, stripJavaArchivesHook }: let @@ -30,7 +30,7 @@ stdenv.mkDerivation (finalAttrs: { jdk fakeHostname makeWrapper - canonicalize-jars-hook + stripJavaArchivesHook ]; buildPhase = '' diff --git a/pkgs/development/compilers/jasmin/default.nix b/pkgs/development/compilers/jasmin/default.nix index db58f48b97bb..685e6aa9537e 100644 --- a/pkgs/development/compilers/jasmin/default.nix +++ b/pkgs/development/compilers/jasmin/default.nix @@ -5,7 +5,7 @@ , ant , jdk8 , makeWrapper -, canonicalize-jars-hook +, stripJavaArchivesHook , callPackage }: @@ -27,7 +27,7 @@ in stdenv.mkDerivation (finalAttrs: { ant jdk makeWrapper - canonicalize-jars-hook + stripJavaArchivesHook ]; buildPhase = '' diff --git a/pkgs/development/libraries/freetts/default.nix b/pkgs/development/libraries/freetts/default.nix index 698a7f6a28ac..ec948f1fdccc 100644 --- a/pkgs/development/libraries/freetts/default.nix +++ b/pkgs/development/libraries/freetts/default.nix @@ -4,6 +4,7 @@ , ant , jdk8 , sharutils +, stripJavaArchivesHook }: stdenv.mkDerivation (finalAttrs: { @@ -20,16 +21,11 @@ stdenv.mkDerivation (finalAttrs: { ant jdk8 sharutils + stripJavaArchivesHook ]; sourceRoot = "${finalAttrs.src.name}/freetts-${finalAttrs.version}"; - postPatch = '' - # Fix jar timestamps for reproducibility - substituteInPlace build.xml demo.xml \ - --replace-fail '