Commit graph

4163 commits

Author SHA1 Message Date
Jörg Thalheim
82115f0c4b
Merge pull request #107958 from ztzg/x-16304-ubuntu-determinism
vmTools.debClosureGenerator: Fix non-determinism in dependency graph
2021-01-10 12:37:15 +00:00
Cyril Cohen
9ffd16b385 coqPackages: refactor 2021-01-09 11:56:17 +01:00
Justin Humm
9038cc62fd
defaultCrateOverrides: override crates necessary for building sequoia
See https://git.sr.ht/~erictapen/sequoia for a flake using these
overrides.
2021-01-08 17:27:43 +01:00
Justin Humm
9df8a98fac
defaultCrateOverrides: pkgconfig -> pkg-config 2021-01-08 17:26:05 +01:00
Daniël de Kok
464633d5f7
Merge pull request #108581 from roberth/dockerTools-don't-apologize
dockerTools: Don't apologize
2021-01-08 13:58:46 +01:00
Alyssa Ross
0f06d94a20 emacs: fix accidental double wrapper (Darwin)
This was already fixed on non-Darwin, but the fix missed that it was
also reintroduced for the Darwin code path at the same time.

Fixes: dd5d2482c9 ("emacs: Fix accidental double wrapping")
2021-01-08 05:45:15 +00:00
Robert Hensing
a31607f904 dockerTools: Don't apologize
Warning about future breaking changes is wrong.

 - It suggests that the maintainers don't value backwards compatibility.
   They do.
 - It implies that other parts of Nixpkgs won't ever break. They will.
 - It implies that a well-defined "public" interface exists. It doesn't.
 - If the reasons above didn't apply, it should have been in the manual
   instead.

Breaking changes will come, especially to the interface. That can be the
only way we can make progress without breaking the image _contents_.

I don't think dockerTools is any different from most of Nixpkgs in
these regards.
2021-01-06 13:02:19 +01:00
Robert Hensing
5540dd9b9b
Merge pull request #108416 from srhb/streamlayeredimage-symlinked-storepaths
dockerTools: Fix streamLayeredImage for symlinks
2021-01-05 10:00:28 +01:00
Sarah Brofeldt
ffe5ff6009 dockerTools: Test buildLayeredImage with symlinks
This exercises layer creation in face of store path symlinks, ensuring
they are not dereferenced, which can lead to broken layer tarballs
2021-01-04 21:44:47 +01:00
Sarah Brofeldt
08b0d02944 dockerTools: Fix streamLayeredImage for symlinks
When archiving `/nix/store/foo` and `foo` is itself a symlink, we must
not traverse the symlink target, but archive the `foo` symlink itself
2021-01-04 19:47:34 +01:00
Kevin Cox
bfa497bc2b
Merge pull request #107715 from NixOS/revert-106172-nix-gitignore-perf
Reverts https://github.com/NixOS/nixpkgs/pull/106172 ef3ed45c12

This change causes issues with negative patterns. Reverting now until those can be resolved.
2021-01-03 08:01:02 -05:00
Daniël de Kok
67a10c88bb buildRustPackage: add cargoHash for SRI hashes of vendored deps
`buildRustPackage` currently accepts `cargoSha256` as a hash for
vendored dependencies. This change adds `cargoHash` which accepts SRI
hashes, setting `outputHashAlgo` to `null`.

The hash mismatch message still uses `cargoSha256` as an example,
which it probably should until we completely switch to SRI hashes.
2020-12-31 11:18:11 +01:00
Damien Diederen
3363377530 vmTools.debClosureGenerator: Fix non-determinism in dependency graph
By default, Perl versions since 5.8.1 use randomization to make hashes
resistant to complexity attacks.

That randomization makes building VM images such as ubuntu1804x86_64
non-deterministic because the (imported) derivations built by
deb/deb-closure.pl are not stable.

This can easily be observed by repeating the following sequence of
commands and noting the path of the image's .drv:

    nix-instantiate -E '(import <nixpkgs> {}).vmTools.diskImageFuns.ubuntu1804x86_64 {}'
    nix-store --delete /nix/store/*ubuntu-18.04-bionic-amd64.nix

One source of non-determinism is the handling of Provides/Replaces,
which depends on the order of iteration over %packages.  Here is a
diff showing the corresponding change in output:

     >>> awk
    -virtual awk: using original-awk
    -    original-awk: libc6 (>= 2.14)
    +virtual awk: using mawk
    +    mawk: libc6 (>= 2.14)

    -    mawk: libc6 (>= 2.14)
    ->>> libc6

This patch sorts packages by name for Provides/Replaces processing,
which seems to result in stable output.

(If the above turns out not to be sufficient, one could also set the
PERL_HASH_SEED and PERL_PERTURB_KEYS environment variables, documented
in 'perlrun', to disable Perl's built-in randomization.  Complexity
attacks are not an issue as we control and trust all inputs.)
2020-12-30 11:37:37 +01:00
Jörg Thalheim
66c16e12fa
buildFhsUserenv: don't downgrade root user 2020-12-27 17:19:49 +01:00
Kevin Cox
11e522cb6e
Revert "nix-gitignore: Optimise performance" 2020-12-27 08:04:16 -05:00
DavHau
2efcf6dc26 autoPatchelf: add comment why ignore failing ldd/sed 2020-12-25 12:13:03 +01:00
DavHau
2fde1e63ba autoPatchelfHook: fix shellcheck errors 2020-12-25 12:13:03 +01:00
DavHau
4ac5d22654 autoPatchelfHook: fix bug introduced by #101142 2020-12-25 12:13:03 +01:00
John Ericson
fb875dcf6f
Merge pull request #107507 from LibreCybernetics/add-zen-info
lib.systems: update processor architecture info
2020-12-24 10:23:10 -05:00
Florian Klink
8f5c939147
Merge pull request #107435 from flokli/gnats-cc-wrapper-format-unsupported
gnats: format hardened flag isn't supported
2020-12-24 02:25:27 +01:00
Fabián Heredia Montiel
2a9ac172c1 lib.systems: update processor architecture info 2020-12-23 18:57:59 -06:00
Florian Klink
07c4056179 gnats: format hardened flag isn't supported
When invoking a simple Ada program with `gcc` from `gnats10`, the
following warnings are shown:

```
$ gcc -c conftest.adb
gnat1: warning: command-line option ‘-Wformat=1’ is valid for C/C++/ObjC/ObjC++ but not for Ada
gnat1: warning: command-line option ‘-Wformat-security’ is valid for C/C++/ObjC/ObjC++ but not for Ada
gnat1: warning: ‘-Werror=’ argument ‘-Werror=format-security’ is not valid for Ada
$ echo $?
0
```

This is only spammy when compiling Ada programs inside a Nix derivation,
but certain configure scripts (such as the ./configure script from the
gcc that's built by coreboot's `make crossgcc` command) fail entirely
when getting that warning output.

https://nixos.wiki/wiki/Coreboot currently suggests manually running

> NIX_HARDENING_ENABLE="${NIX_HARDENING_ENABLE/ format/}" make crossgcc

… but actually teaching the nixpkgs-provided cc wrapper that `format`
isn't supported as a hardening flag seems to be the more canonical way
to do this in nixpgks.

After this, Ada programs still compile:

```
$ gcc -c conftest.adb
$ echo $?
0
```

And the compiler output is empty.
2020-12-23 01:51:14 +01:00
adisbladis
f475529d44
Merge pull request #107284 from r3v2d0g/emacs-wrapper-nativecomp
emacs: replace 'emacs.nativeComp' in wrapper with 'nativeComp'
2020-12-23 00:07:44 +01:00
Matthieu Le brazidec (r3v2d0g)
bfec6c34b4
emacs: replace 'emacs.nativeComp' in wrapper with 'nativeComp' 2020-12-20 21:15:18 +01:00
sternenseemann
640d92513d buildDunePackage: use dune install instead of opaline 2020-12-21 00:43:33 +01:00
John Ericson
ddeef0d322 tests.buildRustCrate: Fix after hashing method change
As @lopsided98 points out in #105305, since the hashes are now target
sensative, and until we find reason to actually care to test what they
are exactly, we are best just normalizing them away in the tests.
2020-12-19 19:05:07 +00:00
Linus Heckemann
14fbf575ec make-initrd: various improvements
- Generate a link to the initramfs file with an appropriate file
  extension, guessed based on the compressor by default
- Use correct metadata in u-boot images if generated, up to now this
  was hardcoded to gzip and would silently generate an erroneous image
  if another compressor was specified
- Document all the parameters
- Improve cross-building compatibility, by allowing passing either a
  string as before, or a function taking a package set and returning the
  path to a compressor in the "compressor" argument of the
  function.
- Support more compression algorithms
- Place compressor executable function and arguments in passthru, for
  reuse when appending initramfses

Co-Authored-By: Dominik Xaver Hörl <hoe.dom@gmx.de>
2020-12-17 11:37:04 +01:00
Linus Heckemann
3a3c9c9548 makeInitrd: include dotfiles at root 2020-12-17 11:10:37 +01:00
Linus Heckemann
85e0ae7827 makeInitrd: don't assume uImage => arm
mips for example might use uImages too
2020-12-17 11:10:37 +01:00
Linus Heckemann
a343ff7e14 makeInitrd: make uinitrd behaviour optional 2020-12-17 11:10:36 +01:00
aszlig
1152978cda
vm: Remove runInWindowsVM implementation
Originally this was meant to support other Windows versions than just
Windows XP, but before I actually got a chance to implement this I left
the project that I implemented this for.

The code has been broken for years now and I highly doubt anyone is
interested in resurrecting this (including me), so in order to make this
less of a maintenance burden for everybody, let's remove it.

Signed-off-by: aszlig <aszlig@nix.build>
2020-12-17 07:03:36 +01:00
adisbladis
dd5d2482c9
emacs: Fix accidental double wrapping
This makeWrapper invocation found it's way back via a rebase.
2020-12-17 02:44:37 +01:00
Tad Fisher
a7cb8e36ac
emacs: Add comp-eln-load-path infrastructure 2020-12-16 19:45:07 +01:00
Daniël de Kok
00941cd747
Merge pull request #105787 from danieldk/build-rust-crate-njobs
buildRustCrate: set NUM_JOBS to NIX_BUILD_CORES
2020-12-16 13:38:43 +01:00
Lassulus
00b8fa792b
Merge pull request #106000 from Luis-Hebendanz/firefoxWrapperAddonSettings
firefox: wrapper updating an addon perserves addon settings
2020-12-15 22:16:48 +01:00
Luis Hebendanz
1c8c134972 firefox: wrapper updating an addon perserves addon settings 2020-12-15 22:02:34 +01:00
Robert Hensing
5cacf0fcec dockerTools: use go.GOARCH as default arch 2020-12-15 02:15:35 -08:00
Terin Stock
8f66dc94a7 dockerTools: normalize arch to GOARCH
Docker (via containerd) and the the OCI Image Configuration imply and
suggest, respectfully, that the architecture set in images matches those
of GOARCH in the Go Language document.

This changeset updates the implimentation of getArch in dockerTools to
return GOARCH values, to satisfy Docker.

Fixes: #106695
2020-12-15 02:14:01 -08:00
Mario Rodas
eb9751c6d6 emacsWithPackages: fix application wrapper on darwin 2020-12-12 04:20:00 +00:00
Frederik Rietdijk
3b85d7d54f
Merge pull request #106321 from NixOS/staging-next
Staging next
2020-12-11 15:56:17 +01:00
Robert Hensing
ba5e222245 fetchMavenArtifact: fix generated url 2020-12-11 13:58:19 +01:00
Robert Hensing
f0568c2228 fetchMavenArtifact: switch mirrors to https
Maven repositories are disabling HTTP support for security.
Even though Nix adds some security with its own hash validation,
broken mirrors are a, well, suboptimal experience.
I don't know of any plans by sonatype, but it seems like a matter
of time.

https://www.lightbend.com/blog/lightbend-to-require-https-on-repos-starting-august-5-2020
2020-12-11 11:43:23 +01:00
github-actions[bot]
614876ef33
Merge master into staging-next 2020-12-11 00:40:21 +00:00
adisbladis
316094b8ab
Merge pull request #106606 from alyssais/elpa-meta
emacsPackages.elpaBuild: pass through meta
2020-12-11 00:22:42 +01:00
adisbladis
1ad3b14759
Merge pull request #106608 from alyssais/melpa-homepage
emacsPackages.melpaPackages: HTTPS for homepages
2020-12-11 00:10:01 +01:00
adisbladis
09e349206d
Merge pull request #106486 from alyssais/emacsWithPackages
emacsWithPackages: EMACSLOADPATH correctness fixes
2020-12-11 00:08:59 +01:00
Alyssa Ross
23d4bfb666
emacsWithPackages: don't tell sub-Emacs about pkgs
If I'm running an Emacs executable from emacsWithPackages as my main
programming environment, and I'm hacking on Emacs, or the Emacs
packaging in Nixpkgs, or whatever, I don't want the Emacs packages
from the wrapper to show up in the load path of that child Emacs.  It
results in differing behaviour depending on whether the child Emacs is
run from Emacs or from, for example, an external terminal emulator,
which is very surprising.

To avoid this, pass another environment variable containing the
wrapper site-lisp path, and use that value to remove the corresponding
entry in EMACSLOADPATH, so it won't be propagated to child Emacsen.
2020-12-10 22:52:31 +00:00
Alyssa Ross
0127013b0f
emacsWithPackages: mutate EMACSLOADPATH correctly
An empty entry in EMACSLOADPATH gets filled with the default value.
This is presumably why the wrapper inserted a colon after the entry it
added for the dependencies.  But this naive approach wasn't always
correct.

For example, if the user ran emacs with EMACSLOADPATH=foo, the wrapper
would insert the default value (by adding the trailing `:') even
though the user was trying to expressly opt out of it.

To do this correctly, here I've replaced makeWrapper with a bespoke
script that will actually parse the EMACSLOADPATH provided in the
environment (if given), and insert the wrapper's load path just before
the default value.  If EMACSLOADPATH is given but contains no default
value, we respect that and don't add the wrapped dependencies at all.
If no EMACSLOADPATH is given, we insert the wrapped dependencies
before the default value, just like before.  In this way, the wrapped
Emacs should now behave as if the wrapped dependencies were part of
Emacs's default load-path value.
2020-12-10 22:35:57 +00:00
Alyssa Ross
00a246c5ce
emacsPackages.melpaPackages: HTTPS for homepages 2020-12-10 22:15:21 +00:00
Alyssa Ross
5016fdb269
emacsPackages.elpaBuild: pass through meta
Previously, meta wasn't being passed through at all, because it's
removed from args without being used anywhere.  This made it so that
rcirc-menu wasn't being marked as broken even though it was supposed
to be.

This patch copies the meta handling from melpaBuild, including the
default home page (adapted for ELPA).
2020-12-10 22:03:20 +00:00