Previously unbound dev dependencies would leak into the unbound binary
through the embedded configure flags string in the binary.
Before this commit `unbound -V` would list something like this:
> Version 1.13.1
> Configure line: --disable-static --prefix=/nix/store/1892sms7ciiki99jra4qhmwysaipv1qz-unbound-1.13.1 --bindir=/nix/store/1892sms7ciiki99jra4qhmwysaipv1qz-unbound-1.13.1/bin --sbindir=/nix/store/1892sms7ciiki99jra4qhmwysaipv1qz-unbound-1.13.1/sbin --includedir=/nix/store/1892sms7ciiki99jra4qhmwysaipv1qz-unbound-1.13.1/include --oldincludedir=/nix/store/1892sms7ciiki99jra4qhmwysaipv1qz-unbound-1.13.1/include --mandir=/nix/store/n4kgsi87dxjm2ifpllh31grfcg7q3n8x-unbound-1.13.1-man/share/man --infodir=/nix/store/1892sms7ciiki99jra4qhmwysaipv1qz-unbound-1.13.1/share/info --docdir=/nix/store/1892sms7ciiki99jra4qhmwysaipv1qz-unbound-1.13.1/share/doc/unbound --libdir=/nix/store/ncpggv4bmdh22y6108qrdvnid6rqamlz-unbound-1.13.1-lib/lib --libexecdir=/nix/store/ncpggv4bmdh22y6108qrdvnid6rqamlz-unbound-1.13.1-lib/libexec --localedir=/nix/store/ncpggv4bmdh22y6108qrdvnid6rqamlz-unbound-1.13.1-lib/share/locale --with-ssl=/nix/store/dndqy1r8h0kcnd55895czs8lrpv8xqf4-openssl-1.1.1k-dev --with-libexpat=/nix/store/x5kjng6iha7kcdm3p12fxfvzg09wizwc-expat-2.2.10-dev --with-libevent=/nix/store/89i6mpzp1n866i86y07pxka1a58v4s1a-libevent-2.1.12-dev --localstatedir=/var --sysconfdir=/etc --sbindir=${out}/bin --with-rootkey-file=/nix/store/gyz4nxg9s1faqkhaqbasdxzldm8zial8-dns-root-data-2019-01-11/root.key --enable-pie --enable-relro-now
> Linked libs: libevent 2.1.12-stable (it uses epoll), OpenSSL 1.1.1k 25 Mar 2021
> Linked modules: dns64 respip validator iterator
After this commit:
> Version 1.13.1
> Configure line: --disable-static --prefix=/nix/store/eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee-unbound-1.13.1 --bindir=/nix/store/eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee-unbound-1.13.1/bin --sbindir=/nix/store/eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee-unbound-1.13.1/sbin --includedir=/nix/store/eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee-unbound-1.13.1/include --oldincludedir=/nix/store/eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee-unbound-1.13.1/include --mandir=/nix/store/eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee-unbound-1.13.1-man/share/man --infodir=/nix/store/eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee-unbound-1.13.1/share/info --docdir=/nix/store/eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee-unbound-1.13.1/share/doc/unbound --libdir=/nix/store/eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee-unbound-1.13.1-lib/lib --libexecdir=/nix/store/eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee-unbound-1.13.1-lib/libexec --localedir=/nix/store/eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee-unbound-1.13.1-lib/share/locale --with-ssl=/nix/store/eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee-openssl-1.1.1k-dev --with-libexpat=/nix/store/eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee-expat-2.2.10-dev --with-libevent=/nix/store/eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee-libevent-2.1.12-dev --localstatedir=/var --sysconfdir=/etc --sbindir=${out}/bin --with-rootkey-file=/nix/store/eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee-dns-root-data-2019-01-11/root.key --enable-pie --enable-relro-now
> Linked libs: libevent 2.1.12-stable (it uses epoll), OpenSSL 1.1.1k 25 Mar 2021
> Linked modules: dns64 respip validator iterator
Notice: All the paths are now invalid and thus do not produce a
reference in the output binaries.
This removes a total of 2MiB from the closure of unbound.
Systemd has to remain an optional (non-default) dependency as otherwise
we will have an unpleasant bootstrap cycle. Most (if not all) of the
(lib)unbound consumers will likely not care about unbound's systemd
integration that only affects the daemon mode, anyway.
I made a mistake merge. Reverting it in c778945806 undid the state
on master, but now I realize it crippled the git merge mechanism.
As the merge contained a mix of commits from `master..staging-next`
and other commits from `staging-next..staging`, it got the
`staging-next` branch into a state that was difficult to recover.
I reconstructed the "desired" state of staging-next tree by:
- checking out the last commit of the problematic range: 4effe769e2
- `git rebase -i --preserve-merges a8a018ddc0` - dropping the mistaken
merge commit and its revert from that range (while keeping
reapplication from 4effe769e2)
- merging the last unaffected staging-next commit (803ca85c20)
- fortunately no other commits have been pushed to staging-next yet
- applying a diff on staging-next to get it into that state
There ver very many conflicts, basically all due to
name -> pname+version. Fortunately, almost everything was auto-resolved
by kdiff3, and for now I just fixed up a couple evaluation problems,
as verified by the tarball job. There might be some fallback to these
conflicts, but I believe it should be minimal.
Hydra nixpkgs: ?compare=1538299
Drop `python.majorVersion`. For Python language version, use `python.pythonVersion`.
For implementation version, use `python.sourceVersion`.
Some expressions were broken. Those that were identified were fixed.
fixup major
Semi-automatic update generated by https://github.com/ryantm/nixpkgs-update tools.
This update was made based on information from https://repology.org/metapackage/unbound/versions.
These checks were done:
- built on NixOS
- Warning: no invocation of /nix/store/pka3ii26dp5xsxi7xs2rx3laxca2bv9l-unbound-1.7.2/bin/unbound had a zero exit code or showed the expected version
- Warning: no invocation of /nix/store/pka3ii26dp5xsxi7xs2rx3laxca2bv9l-unbound-1.7.2/bin/unbound-checkconf had a zero exit code or showed the expected version
- Warning: no invocation of /nix/store/pka3ii26dp5xsxi7xs2rx3laxca2bv9l-unbound-1.7.2/bin/unbound-control had a zero exit code or showed the expected version
- /nix/store/pka3ii26dp5xsxi7xs2rx3laxca2bv9l-unbound-1.7.2/bin/unbound-host passed the binary check.
- Warning: no invocation of /nix/store/pka3ii26dp5xsxi7xs2rx3laxca2bv9l-unbound-1.7.2/bin/unbound-anchor had a zero exit code or showed the expected version
- Warning: no invocation of /nix/store/pka3ii26dp5xsxi7xs2rx3laxca2bv9l-unbound-1.7.2/bin/unbound-control-setup had a zero exit code or showed the expected version
- 1 of 6 passed binary check by having a zero exit code.
- 0 of 6 passed binary check by having the new version present in output.
- found 1.7.2 with grep in /nix/store/pka3ii26dp5xsxi7xs2rx3laxca2bv9l-unbound-1.7.2
- directory tree listing: https://gist.github.com/24f2136689bd3209095feb3b71734811
- du listing: https://gist.github.com/9efb5b527b161e93a47f0237c7d556a8
Semi-automatic update generated by https://github.com/ryantm/nix-update tools. These checks were done:
- built on NixOS
- ran `/nix/store/p36fksfjzi9715cgx8s3kmngy51qfjki-unbound-1.7.0/bin/unbound-host help` got 0 exit code
- found 1.7.0 with grep in /nix/store/p36fksfjzi9715cgx8s3kmngy51qfjki-unbound-1.7.0
- directory tree listing: https://gist.github.com/bb22fcb9572c54b0464c82405bf26b56