Commit graph

20771 commits

Author SHA1 Message Date
Peter Simons
966b4c336d mirrors.nix: use GNU mirrors before hitting the master site
Our first download URL of choice is http://ftpmirror.gnu.org/, which is an
automatic re-director.
2012-08-22 14:28:50 +02:00
Peter Simons
30a36ad6e5 hadoop: add version 2.0.1-alpha 2012-08-22 14:13:40 +02:00
Shea Levy
f34225c440 Merge branch 'chromium-updater' of https://github.com/aszlig/nixpkgs
chromium: Improve update script and update to latest versions.

Previously, we had a single hash of the whole version response from
omahaproxy.

Unfortunately the dev version is released quite frequently, so the hash
is of no use at all (we could rather directly fetch rather than
executing the script, because it will fetch all channels anyway).

This pull request adds two methods of caching:

* First of all, if a perticular version/channel is already in the
previous version of the sources.nix file, don't download it again.

* And the second method is to check if the current sha256 is already
downloaded and reads the corresponding sha256 from the lookup table.

So, this should really help to avoid flooding the download servers and
to not stress impatient users too much.
2012-08-22 06:36:33 -04:00
Shea Levy
e375671437 Merge branch 'fix-nss' of https://github.com/aszlig/nixpkgs
Fix NSS library not finding root CA certificates.

This now uses more or less hardcoded CA certificates from Mozilla, which
is the case on Debian and Gentoo aswell. And it fixes the root CA
loading issue, as i discovered that firefox builds with the bundled
version of NSS. With this branch this is no longer the case.

My long-term plans are to integrate an automatic chainloader for
OPENSSL_X509_CERT_FILE, but I'm not sure if this is really a good idea
(hence not included in this branch), as the nss-pem module is still
somewhat experimental. Regardless of it's experimental nature i'm still
including it in order to make it possible for users to load custom PEM
encoded certificates into the NSS database.

This fixups also makes it possible to enable FIPS mode, in case someone
might be interested in that.

And finally, we have a Chromium without quirky bugs from the
experimental OpenSSL integration, which was my original motivation to do
this.

See #112 for further comments.
2012-08-22 06:24:09 -04:00
Michael Raskin
559f5be097 release.nix: use the freshest release GIMP version (2.8.0) 2012-08-22 13:08:49 +04:00
Michael Raskin
fc3c71cb04 Merge pull request #113 from aszlig/ncdu
ncdu: New package, starting at version 1.8.
2012-08-22 01:07:03 -07:00
aszlig
ec6926bf7e ncdu: New package, starting at version 1.8.
`ncdu` is a little ncurses tool to browse the filesystem tree sorted by disk
usage.
2012-08-22 10:02:19 +02:00
aszlig
5df4e12c92 firefox: Build against system NSS.
So, now even Firefox can be built with our shiny new fixed up NSS derivation,
and as this is desired (especially if we want to support certificates from the
CA bundle), let's make it the default.
2012-08-22 08:29:10 +02:00
aszlig
8b4fae76b3 chromium: Build with NSS by default.
Hurray! This is the first time chromium is working with NSS _and_ is able to
verify certificates using the root certificates built in into NSS.

Optimally it would use certs from OPENSSL_X509_CERT_FILE, but at least it's
working, so let's add that at some later point.
2012-08-22 08:29:10 +02:00
aszlig
808108105d nss: Just delete files if includeTools is false.
Before, the entire directory was deleted and recreated, which fails if we want
to sign libraries (shlibsign is obviously deleted in that step as well), so we
delete everything but "nss-config" on postFixup.
2012-08-22 08:29:10 +02:00
aszlig
c672997dc6 nss: Remove redundant nss-config.in.
This file is already contained in nss-3.12.5-gentoo-fixups.diff, so we don't
need to do all that cruft twice.
2012-08-22 08:29:10 +02:00
aszlig
38a4d77665 nss: Fix referencePath to security modules.
This adds a patch from Debian, as they're already have security modules from NSS
in it's own library directory rather than /usr/lib{,64}/ and patch in loading of
libsoftokn as well.

The patch and our own fix of the patch (well, they hardcode Debian specific
stuff in there) ensures that SECMOD_AddNewModule() will find the right module
from the derivation's output path, so the built-in CA root certificates are
recognized and verified correctly.
2012-08-22 08:29:09 +02:00
aszlig
9e0aaf30aa nss: Sign libraries after striping.
Running NSS in FIPS mode is only possible if the libraries are signed correctly,
so we're doing this in the postFixup hook, to insure nothing gets altered after
that phase.

For more information about FIPS mode, please see:
https://developer.mozilla.org/en-US/docs/NSS/FIPS_Mode_-_an_explanation
2012-08-22 08:29:09 +02:00
aszlig
29fce94665 nss: Clean up build/make flags.
First of all, let's remove that redundant BUILD_OPT variable.

This variable already is in makeFlags, so we really don't want it to be lurking
around in the attribute set of the derivation, and it annoys me for being there
for days.

We now state build targets explicitly rather than relying on "nss_build_all".
This makes NSPR_CONFIG_STATUS and the touch of build_nspr stamp obsolete, as
only nss_build_all includes build_nspr.

In addition, we don't need the -lz hack anymore, as this has been fixed in
recent NSS versions, so we can completly remove the postBuild hook.

And while we're at it, we're removing those outdated build instructions as well,
especially because we don't and can't follow official building guidelines
anymore, as those are difficult to apply to Nix.
2012-08-22 08:29:09 +02:00
aszlig
5f4ca8ec18 nss: Add nss-pem module from fedora.
This is a compatibility module which adds suport for PEM certificates used by
OpenSSL and compatible libraries. The module gets built but isn't used at the
moment, so we're going to work on integration of it later.
2012-08-22 08:29:09 +02:00
aszlig
485dcc9152 nss: Build using system libsqlite.
Let's use system SQLite library, which makes sense anyway. More importantly
because it conflicts with the sqlite package, as NSS is building this as a
shared library aswell.
2012-08-22 08:29:09 +02:00
aszlig
0e768ba98d nss: Update NSS to version 3.13.6.
So to begin with fixing NSS let's get to the latest upstream release and start
fixing, so we won't carry around historic crap we then will throw away anyway.
2012-08-22 08:29:09 +02:00
Eelco Dolstra
d7fc07705a Add latest patchelf prerelease 2012-08-21 15:57:41 -04:00
Eelco Dolstra
e3605e7e76 Merge branch 'master' of github.com:NixOS/nixpkgs 2012-08-21 14:27:18 -04:00
Eelco Dolstra
dc2f0f6474 gdb: Update to 7.5 2012-08-21 14:27:00 -04:00
Ludovic Courtès
45ce8c915d libiconvOrNull: Fix libc check. 2012-08-21 16:58:55 +02:00
Ludovic Courtès
11602dad82 glib: Use libiconvOrNull' instead of libiconv'. 2012-08-21 15:53:43 +02:00
Ludovic Courtès
f959a26e33 stdenv: Fix typo. 2012-08-21 15:30:50 +02:00
Ludovic Courtès
d53cb937f5 libiconvOrNull: Do not use an external libiconv on glibc systems. 2012-08-21 15:29:37 +02:00
Ludovic Courtès
6adc5cedae stdenv: Add `isGlibc' function. 2012-08-21 15:29:07 +02:00
Eelco Dolstra
606e6acd6f postgresql: Update to latest versions
Fixes CVE-2012-3488, CVE-2012-3489.
2012-08-21 08:42:44 -04:00
Eelco Dolstra
8b6edfe78d polkit: Update to 0.105 and enable systemd (logind) support
There are even newer polkit releases, but they have a spidermonkey
dependency which I don't want to bother with right now.
2012-08-21 08:42:44 -04:00
Eelco Dolstra
ab3788b382 upower: Update to 0.9.18 and enable systemd support 2012-08-21 08:42:44 -04:00
Eelco Dolstra
6121046a1c systemd: Set the path to pkttyagent
This allows commands like "systemctl reboot" to ask for authentication
when run by mere mortals.
2012-08-21 08:42:44 -04:00
Eelco Dolstra
1dadeaeb18 man-pages: Update to 3.42 2012-08-21 08:42:44 -04:00
Eelco Dolstra
c557db2d5c nix: Update to 1.2pre2793_d950cfe
Necessary for systemd.
2012-08-21 08:42:44 -04:00
Mathijs Kwik
00fa89e41f pv: upgrade to 1.3.4 2012-08-21 12:38:44 +02:00
Mathijs Kwik
a5663aee4d emacs: add "sunrise commander" 2012-08-21 10:33:20 +02:00
Mathijs Kwik
85c88d473b emacs: add "rect-mark" 2012-08-21 10:33:06 +02:00
Mathijs Kwik
192b29181b linux-3.4: upgrade to 3.4.9
- aufs patch: upgrade to latest stable 3.4
2012-08-21 10:27:13 +02:00
Mathijs Kwik
6e9a6a5924 linux-3.3: upgrade to 3.3.8
- aufs patch: upgrade to latest stable 3.3
2012-08-21 10:26:44 +02:00
Shea Levy
265b8c565b gptfdisk: Bump 2012-08-20 22:22:02 -04:00
Shea Levy
1b2acb25e6 xclip: Bump 2012-08-20 16:36:10 -04:00
Peter Simons
970a326ebb bash-completion: automatically source any completion files that the user might have installed in ~/.nix-profile/etc/bash_completion.d 2012-08-20 16:36:20 +02:00
Eelco Dolstra
e91a4fb1e4 linux: Update to 3.2.28 2012-08-20 09:56:39 -04:00
Peter Simons
a886d4f2ab bash-completion: update to version 2.0
Please note that this update changes the directory structure quite a bit. In
particular, the file "/etc/bash_completion" no longer exists, which means that
shell code which relies on that path must be updated. I'll commit appropriate
changes for NixOS in a moment.
2012-08-20 10:34:56 +02:00
Peter Simons
7f8246c76e haskell-hlint: update to version 1.8.31 2012-08-20 10:34:56 +02:00
Peter Simons
2731fd220f haskell-threadmanager: update to version 0.1.5 2012-08-20 10:34:56 +02:00
Peter Simons
490f8c4382 haskell-tagsoup: update to version 0.12.7 2012-08-20 10:34:56 +02:00
Peter Simons
5e19db2ce5 haskell-semigroups: update to version 0.8.4 2012-08-20 10:34:56 +02:00
Peter Simons
439ba01f0a haskell-io-choice: update to version 0.0.2 2012-08-20 10:34:56 +02:00
Peter Simons
f3ad914481 haskell-hoogle: update to version 4.2.13 2012-08-20 10:34:55 +02:00
Peter Simons
2f187b26ac haskell-case-insensitive: update to version 0.4.0.3 2012-08-20 10:34:55 +02:00
Peter Simons
46d8125a70 haskell-MonadCatchIO-mtl: update to version 0.3.0.5 2012-08-20 10:34:55 +02:00
Peter Simons
2879d112b0 haskell-network: update to version 2.3.1.0 2012-08-20 10:34:54 +02:00