This dependency has recently been added to chromium while we didn't notice it,
so let's avoid to use the bundled version.
It might make sense to remove the unneeded files in third_party/ based on a
whitelist, so that we notice future changes like this earlier.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
While libexif has been bundled with chromium for some months already, they only
recently added the GYP option to switch to using the system library. So, let's
enable it.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Version 22 is the current version of the stable channel, so we don't need to
carry around a patch for earlier versions.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
This removes the patch introduced in 949afcc0f2.
The reason behind this is because even though we patch in the legacy seccomp
sandbox by default, it won't be used anyway as both cannot coexist anymore.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
This is just a temporary fix and will only thrown away as soon as a proper fix
is included upstream, see http://crbug.com/149834 for more details about this.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
dev: 23.0.1271.10 -> 24.0.1284.2 (not tested, probably won't build?)
beta: 22.0.1229.91 -> 23.0.1271.17 (issues, see below)
While testing the beta release, I've been bitten by http://crbug.com/149834, so
as this is a beta release, I'm not sure if we should patch again to disable the
BPF seccomp sandbox.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
The BPF renderer sandbox is now the default in 23. But still, it is not regarded
as "adequately sandboxed" from Google so we still need the legacy seccomp
sandbox.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Well, after looking a bit more thoroughly through the zlib patch from the
Chromium team, it seams, that this really fix an issue that hasn't yet been
applied upstream. Unfortunately neither Chromium nor Zlib give more information
about that issue. Maybe they're waiting until its resolved upstream and thus the
temporary patch?
The bad news is, that the fix for the vulnerability is incomplete in Chromium
and covers only the use cases of Chromium itself, so we can't include that
patched version in nixpkgs zlib derivation.
Until the issue is fixed upstream we're hereby safer off turning it off in
Chromium and thus use the bundled and patched version.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
It seems the resulting output path has no reference to libxine, so it
does not get used. Probably it needs some hard-coded link-paths as
eaglemode wants to use dlopen for some things.
If anyone wants to use eaglemode's xine support and fix this issue,
please make it optional.
- big cleanup of optional dependency handling
I hope I didn't miss any cases.
- XVID
xvid support seams broken, both built-in as external.
I didn't notice any issues playing xvid video's though, as ffmpeg's
default mpeg4 decoder handles xvid-encoded files just fine.
It seems the only users affected by this are users who still encode
xvid with mencoder (instead of plain ffmpeg). If this really is an
issue to anyone, please let me know, so I can look into it some more,
or retain an older mplayer version next to this one.
dev: 23.0.1271.10
beta: 22.0.1229.91
stable: 22.0.1229.79
The revert for SVN revision 151720 is now obsolete in the current beta release
and is only needed for the stable version. So let's hope that >= 22.0.1229.91
will get stable soon.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Though upstream clearly recommends to not deactivate Pango, we currently can't
use Pango right now, as we are stuck at cairo-1.10.2. This version only has
experimental support for XCB which became stable in 1.12.x.
So we need to wait for 21bf5ef509 to be merged
into master before we can enable Pango.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
I missed this while checking the commit diffs before my last push. And it really
doesn't make sense to propagate ruby all the way up to whatever in the universe
may depend on this package.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
This consists of just one single ruby script, which runs shell commands assuming
that the current PATH has all dependencies set up correctly. Unfortunately, this
somewhat breaks functional purity as the command won't work correctly in
environments that do not contain git, darcs or diffutils.
During the patchPhase we replace all those dependencies directly in the ruby
source code, rather than creating a wrapper. Afterwards we run a checkPhase
which not only checks whether we caught all the dependencies (PATH=) but also
checks if the conversion has been done correctly.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
beta: 22.0.1229.56
dev: 23.0.1262.0
Patch for http://crbug.com/143623 still applies and is still not fixed upstream.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
This adds a small ASCII art drawing tool, which supports drawing with multiple
layers. Might be especially helpful for larger "images", which become quite
tedious to do using vim.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
A typical three-pane style hex editor, which is somewhat similar than bvi, but
smaller and without vi-like keybindings.
(Don't ask me why I use both, I just can't tell why I'm sometimes in bvi and
sometimes in hexedit mood... there simply is no rational explanation)
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
This introduces the following changes:
* Fixes libPrefix in Tcl libraries I fucked up a few months ago and adds
missing meta attributes.
* Correctly set TKABBER_SITE_PLUGINS so Tkabber is able to find plugins, if
present.
* Rely on OPENSSL_X509_CERT_FILE instead of depending on cacert directly.
* Introduces a new license called "Tcl/Tk", which applies to some Tcl libraries
and is a variation of the BSD license with restrictions regarding
governmental use.
* New package tclgpg for GPG support in Tkabber.
SVN revision 151720 breaks the build with system zlib, see:
http://src.chromium.org/viewvc/chrome?view=rev&revision=151720
The issue here is, that r151720 introduces changes directly in zlib, which
aren't upstream and unfortunately there is no more information stating the exact
reasons for this change, as all references to it are not publicly available:
http://crbug.com/139744https://chromiumcodereview.appspot.com/10837057
So for the moment, we're going to add a patch, which applies to v22 and higher,
which essentially reverts r151720, until either more information on the issue is
available or it is resolved upstream.
As someone has already reported the issue, we just need to track the following
issue:
http://crbug.com/143623
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Upstream changes are:
* VMM: fixed a potential host crash triggered by shutting down a VM when
another VM was running (only affected 32-bit hosts and 64-bit OS X
hosts, 4.1 regression)
* VMM: fixed a potential host crash under a high guest memory pressure (seen
with Windows 8 guests)
* VMM: respect RAM preallocation while restoring saved state.
* VMM: fixed handling of task gates if VT-x/AMD-V is disabled
* Storage: fixed audio CD passthrough for certain media players
* USB: don't crash if a USB device is plugged or unplugged when saving or
loading the VM state (SMP guests only)
* RTC: fixed a potential corruption of CMOS bank 1
* Mac OS X hosts: installer fixes for Leopard (4.1.20 regression)
* Windows Additions: fixed memory leak in VBoxTray
Full changelogs with bug ids and links to it can be found at:
https://www.virtualbox.org/wiki/Changelog
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
This is actually one of my own programs I've written some years ago, but as I'm
still using it on several systems, I'm adding it to nixpkgs. As it is an (at the
moment, fanotify looks like it's more suitable) inotify based scrobbler, it of
course requires the inotify feature to be enabled in the kernel.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
I'm personally not using mouse/gpm support for w3m, because I find it somewhat
too awkward when copy/pasting text. But maybe there are users out there who want
to have it.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
This builds the w3m image helper with fbcon support if the derivation is called
with graphicsSupport set to true. This change shouldn't break anything as
graphicsSupport is disabled by default, so in any case it could only break
things for users explicitly passing the attribute.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Picard is the official MusicBrainz audio tagger which is able to use audio
fingerprinting to tag your files.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
This gets rid of the dependency on cacert and ensures that Tkabber will read
OPENSSL_X509_CERT_FILE whenever the sslcacertstore is not set by the user in
Tkabber's options.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
This should now point to the path for the tkabber plugins package, which will be
used as soon as the tkabber-plugins derivation is available as a symlink in the
user's environment.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
The tkabber plugins really do not require a dependency on tkabber itself, so
let's drop it. In addition, this also removes creating a $out/bin dir, which was
left back then when creating the tkabber-plugins derivation by copy & pasting
stuff from the main tkabber derivation.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
This should make things a lot more DRY as we now can generalize library paths by
using the libPrefix attribute of each library. In addition this also cuts the
line length in wrapProgram.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
This ensures that Tkabber can now be used with GPG support, though as of gnupg
version 2, this requires gpg-agent as well. Only if all conditions are met, an
option to actually use GPG will show up in Tkabber's settings.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
This is what I forgot in the packages I have added a few months ago, so it's
time to revisit them and improve things, like for example set the right
libPrefix in order to stay consistent with other TCL libraries.
In addition this fixes some whitespace ugliness in the affected packages.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
* Use more system libraries
* Enable KDE4 desktop integration
* Split preparation between postUnpack, patchPhase and preConfigure
Viric, feel free to revert (parts of) this commit.
This enables legacy seccomp sandbox by default even on chromium 22, because the
BPF sandbox is still work in progress, please see:
http://crbug.com/139872http://crbug.com/130662
Because the BPF seccomp sandbox is used in case the legacy seccomp mode
initialization fails, we might need to patch this again, as soon as the BPF
sandbox is fully implemented to fall back to legacy seccomp and use BPF by
default.
We now have two patches for "default to seccomp" - one for Chromium 21 and one
for 22 or higher.
The patch doesn't apply in version 22 and newer, because mode 1 sandboxes are
connsidered "legacy" (well, apart from the fact that I'd personally prefer BPF
anyway), for reasons I wasn't able to find, yet. But let's proceed on BPF
integration and thus gain more insight on the exact reasons.
If you look at what changed, you'll surely notice that version 22 is now in
beta, so we have to expect things to break. And one thing that will break for
sure is the seccomp patch, because beginning with 22 the new BPF seccomp sandbox
is going to replace the mode 1 seccomp sandbox.
This commit doesn't add any feature and just fixes a small annoyance which
result in messages like this:
Checking if xxx applies...no.
See that there is no whitespace between "..." and "no"? Well, the world cares
for more important things, but for me personally those minor annoyances can turn
into major annoyances.
chromium: Improve update script and update to latest versions.
Previously, we had a single hash of the whole version response from
omahaproxy.
Unfortunately the dev version is released quite frequently, so the hash
is of no use at all (we could rather directly fetch rather than
executing the script, because it will fetch all channels anyway).
This pull request adds two methods of caching:
* First of all, if a perticular version/channel is already in the
previous version of the sources.nix file, don't download it again.
* And the second method is to check if the current sha256 is already
downloaded and reads the corresponding sha256 from the lookup table.
So, this should really help to avoid flooding the download servers and
to not stress impatient users too much.
So, now even Firefox can be built with our shiny new fixed up NSS derivation,
and as this is desired (especially if we want to support certificates from the
CA bundle), let's make it the default.
Hurray! This is the first time chromium is working with NSS _and_ is able to
verify certificates using the root certificates built in into NSS.
Optimally it would use certs from OPENSSL_X509_CERT_FILE, but at least it's
working, so let's add that at some later point.
virtualbox: Fix build for manual kernel.
This should fix building VirtualBox against kernels made using the new
manual kernel configuration system.
This has been tested with the standard nixpkgs kernel as well.
First of all, modules won't install when there is no "make modules" prior to it,
so we're doing this now with a new function called forEachModule, so we can
avoid duplication as much as possible.
In addition this sets $sourcedir to the current directory of the configurePhase,
so we're able to find the source tree later on, after several chdir()s.
The scripts/depmod.sh checks whether the path in $DEPMOD is executable and only
executes it if that's the case. So, by setting DEPMOD to "/do_not_use_depmod"
the destination path doesn't exist _and_ thus isn't executable aswell.
The for loop didn't find $curdir, because it was set _after_ the directory has
been changed. The variable is now called $srcroot and is set before the
installPhase is changing directories.
Don't rely on VirtualBox's in-tree build scripts to set include paths correctly
and use the official way of the Linux kernel to build the modules. That way we
don't need to make ugly symlinks in the kernel tree or heavily patch VirtualBox.
Until this commit we had a single hash of the whole version response from
omahaproxy. This worked well for not updating unnecessarily but only until one
single channel has a new version available.
Unfortunately the dev version is released quite frequently, so the hash is of no
use at all (we could rather directly fetch everything everytime we execute the
script).
This led to this commit, which adds two methods of caching:
First of all, if a perticular version/channel is already in the previous version
of the sources.nix file, don't download it again.
And the second method is to check if the current sha256 is already downloaded
and reads the corresponding sha256 from the lookup table.
So, this should really help to avoid flooding the download servers and to not
stress impatient users too much.
The reason is because unpacking debian packages requires fewer dependencies (ar,
gzip and tar, nothing more), and in addition we can explicitly reference a
version number from the apt repository.
Previous commit reverted Xen back to 4.0.3 because xend from 4.1.* and newer
hangs for unknown reasons.
The new "xl" toolstack from 4.1.* and unstable works, yet PCI passthrough is not
supported by xl in 4.1.* and is broken in the unstable.
With this patch I was able to passthrough ATI Radeon HD 6950 without 3D
acceleration, though, to both Linux and Windows guests. Which is the best
archived result with Xen PCI passthrough on NixOS after trying out all possible
Xen versions.
Same VGA card works fine if passed through into a guest with KVM (acceleration,
GPGPU, everything works). I should have tried KVM from the start.
This caused HTML5 video to not work because this shared library is loaded at
runtime.
Unfortunately we can't use system ffmpeg yet, because upgrading would break
builds of other packages, and it would result in a copy of ffmpeg laying around
aswell, so we can defer this until we have fixed ffmpeg.
Thanks to @bluescreen303 for the bug report.
The configure script picks up libbsd.so from the host machine.
It uses simple find command to locate the file, but the linker
can not use it.
The fix replace the search path to /no-such-path
I switch off the build of ocaml compilers to native code, and add
a 'passthru' that unison can use to see if it needs to call the native
or the bytecode compiler.
- The make variable PREFIX must be at build time because common.mk uses it to
decide where to expect $SYSCONFDIR.
- The make target "all" is run by default and needn't be set explicitly.
- Shebang paths in scripts are patched automatically be the default builder,
we don't have to do that manually.
Add lv2 support
All builds, and the only change that's not a pure addition is to
ardour3, which Cillian maintains.
If there are future lv2 plugins coming, it may make sense to group them
somehow in all-packages.
LV2 is a portable plugin standard for audio systems, similar in scope to LADSPA, VST, AU, and others. The Calf audio plugin pack uses LV2 and Ardour3 has also been updated to support LV2 Plugins
As already promised, the old single-channel source.nix is now obsolete as we're
using Omahaproxy now and the build of the stable version finishes successful and
the browser runs fine.
The previos update script just used the last version of chromium that showed up
at the bucket list at:
http://commondatastorage.googleapis.com/chromium-browser-official/
I'm not sure which channel this list actually holds, so I'm going to switch now
using the official release channels grabbed by omahaproxy. This also has the
advantage that we can provide different versions/flavors of chromium.
We now also write our data to sources.nix instead of source.nix, as we have more
than one source.
It failds to build with xine-lib, but it goes on as it's
not a strong requirement. Then, the final path is not dependant
on xine anymore. I hope next releases fix this.
- derive: updated to version 2.5.9
- ghc-mod: updated to version 1.11.0
- hamlet: updated to version 1.0.1.4
- http-conduit: updated to version 1.4.1.10
- leksah: updated to version 0.12.1.3
- mmap: updated to version 0.5.8
- mtl: added version 2.1.2
- prolog-graph-lib: updated to version 0.2.0.1
- prolog: updated to version 0.2.0.1
- reactive-banana-wx: updated to version 0.6.0.1
- resourcet: updated to version 0.3.3
- shelly: updated to version 0.12.0.2
- simple-sendfile: updated to version 0.2.4
- syb: added version 0.3.6.2
- wai-app-static: updated to version 1.2.0.4
- wai: updated to version 1.2.0.3
- warp: updated to version 1.2.2
- xml-types: updated to version 0.3.2
- zlib-conduit: updated to version 0.4.0.2
Always did this manually by putting -j8 into make flags, which i didn't commit,
as it obviously doesn't make sense to hardcode. However, this flag makes more
sense and obviously we need to avoid overriding buildPhase.
Which is enabled by default if neither pulseaudio or chromium.pulseaudio is
explicitly set. The reason is that chromium falls back to ALSA in case no
pulseaudio is available.
In addition it was necessary to patch media.gyp to ignore the array-out-of-
bounds warning.
This makes it easier to remember, as so far the naming wasn't quite consistent,
sometimes "use*", sometimes "enable*". So in using just use the feature name
itself, it should be pretty clear.
These libraries are heavily patched by the chromium project itself, so let's use
the bundled versions as those won't build anyway and also don't break functional
purity.
We also need to patch the compilation process, so it allows deprecated
declarations when building support for the cups backend. In addition, we also
need to add libgcrypt to dependencies as it's needed by the cups implementation.
This also separates gcrypt and gconf from the basic dependencies.
Unfortunately we cannot get rid of dbus_glib altogether, but maybe we want to
work on a patch to get rid of it? On the other hand it seems to be a TODO of the
chromium project itself, so let's wait and see.
Currently building fails with NSS, so we're using OpenSSL by default. And that's
why we want to make this configurable so if we manage to fix that build failure,
we could switch to using NSS by default.
This is mainly because of the patch to use OPENSSL_X509_CERT_FILE as a way to
specify the CA bundle. A browser which isn't able to verify SSL certificates
might be somewhat useless.
This is to make it more consistent with the naming of the package file and also
consistent with the build, as we're not using the Google branded version.
In addition the derivation attribute set now has a packageName value which can
be used to easily switch the binary names and paths, just in case we want to
switch to using "chrome" (or something entirely different) again.
There are still some libraries left, which we either need to patch or provide
more recent versions. Plus we're going to use openssl, as libnss doesn't want to
do proper SSL (let's debug this later).
If useSELinux is not set, enable seccomp mode by default and avoid building the
SUID helper sandbox at all. This involves a small patch which causes the
commandline arguments to be swapped: --disable-seccomp-sandbox to disable it,
while the option is active by default.
It fetches the latest version based on the bucketlist XML from
commondatastorage and generates a "source.nix" which contains an attribute set
about where to fetch the latest version.
The XML is parsed in a somewhat hackish way using sed, but as this is just an
updater, its okay and we don't want to break a fly on the wheel by employing a
full XML parser.
This only gets chromium to build so far, installation is missing by upstream, so
we need to manually copy the corresponding files. And I guess with nix, we also
need to patch a few paths on installation.
Another issue is that at the moment, a lot of dependencies are used from the
source tree, rather than from the system.
Also, it would be nice to build using LLVM, as it really speeds up compilation a
*LOT* and also has the side effect of resulting in smaller binaries.
Working unit tests would be nice, too. Unfortunately they're quite heavyweight
and take hours to run, so I guess "someday" would be the most appropriate time
to integrate.
Further todo's:
- Allow to disable GConf, GIO and CUPS.
- Option to disable the sandbox (for whatever reason the user might have).
- Integrate gold binutils.
- Pulseaudio support.
- Clearly separate Linux specific stuff.
- base64-bytestring: updated to version 0.1.2.0
- binary-shared: updated to version 0.8.2
- bson: updated to version 0.2.1
- leksah-server: updated to version 0.12.1.2
- leksah: updated to version 0.12.1.2
- MonadRandom: updated to version 0.1.7
- random-shuffle: updated to version 0.0.4
svn path=/nixpkgs/trunk/; revision=34569