Robin Gloster
f60c9df0ba
Merge remote-tracking branch 'upstream/master' into hardened-stdenv
2016-03-28 15:16:29 +00:00
Domen Kožar
b07e7bfc7b
Merge remote-tracking branch 'origin/staging'
2016-03-27 13:19:04 +01:00
Joachim Fasting
304c4a514e
grsecurity: fix gcc plugin
...
Also needs mpfr and libmpc
2016-03-26 21:01:21 +01:00
Nicolas B. Pierron
5d6a4a6fa9
Merge pull request #14000 from nbp/fix-extend
...
Use fix and extends functions for all-packages.nix
2016-03-24 20:54:20 +01:00
Nikolay Amiantov
119c287c71
cc-wrapper: use Bash arrays properly
2016-03-24 21:13:11 +03:00
Nikolay Amiantov
0c6db0ca48
cc-wrapper: add option to skip flags for native optimizations
2016-03-24 20:16:17 +03:00
Eelco Dolstra
89693e71b9
Merge pull request #13907 from abbradar/cpp-wrapper
...
cc-wrapper: add C++-specific paths if `-x cpp` is passed
2016-03-24 18:12:04 +01:00
zimbatm
40e9dff04a
nix-prefetch-git: fix url_to_name heuristic
...
The function wasn't checking that *all* of the characters where
[a-z0-9]. Fixes #13921
2016-03-23 11:22:51 +00:00
Ryan Trinkle
be30ba8e0e
nix-prefetch-scripts: make nix-prefetch-git report fetchSubmodules in its JSON output
...
Previously, nix-prefetch-git would report the same JSON whether submodules were being fetched or not; with this change, the --fetch-submodules option will cause the JSON output to include "fetchSubmodules": true, so that fetchgit (builtins.fromJSON (builtins.readFile ./path/to/output.json)) will work.
2016-03-21 23:26:18 -04:00
Nicolas B. Pierron
5cdaa7b907
Remove all-packages.nix helperFunctions dependency.
2016-03-20 16:41:20 +00:00
zimbatm
ae487615a6
nix-prefetch-git: fix url_to_name heuristic
...
The function wasn't checking that *all* of the characters where
[a-z0-9]. Fixes #13921
2016-03-18 21:58:52 +00:00
Sander van der Burg
27e23486bb
fetchbower: quote parameter to prevent ambigious redirects if version specifiers have wildcards
2016-03-18 12:06:01 +00:00
Peter Simons
af81505c00
wrap-gapps-hook.sh: fix double inclusion guard
...
The simple "return" would not override the non-zero error code set by the
preceding test command, therefore aborting scripts running with "set -e".
2016-03-18 07:52:36 +01:00
Nikolay Amiantov
11b69246e0
Merge pull request #13938 from abbradar/fhs-gcc-paths
...
buildFHSEnv: add standard paths for compilers
2016-03-16 15:44:34 +03:00
Nikolay Amiantov
9488fee869
buildFHSEnv: add standard paths for compilers
2016-03-15 19:44:42 +03:00
Robin Gloster
3f45f0948d
Merge remote-tracking branch 'upstream/master' into hardened-stdenv
2016-03-15 01:44:24 +00:00
zimbatm
9504992e1d
Merge pull request #13897 from nbp/fix-ocaml-pkgs-platform
...
Ensure that we can evaluate the platform attribute of ocaml packages.
2016-03-14 19:25:40 +00:00
Nikolay Amiantov
87607af7a1
cc-wrapper: add C++-specific paths if -x c++
is passed
2016-03-14 06:58:18 +03:00
Robin Gloster
a9b942c061
cc-wrapper: treat hardeningDisable as string
...
This fixes passing the env variable to the ld-wrapper through the gcc
call. Wtf?!
2016-03-14 00:26:52 +00:00
Nicolas B. Pierron
72c6f8a140
Ensure that we can evaluate the platform attribute of ocaml packages.
2016-03-13 19:08:26 +00:00
Nicolas B. Pierron
6313a5698a
Replace references to all-packages.nix, by references to the top-level of nixpkgs repository.
2016-03-13 18:25:52 +00:00
Vladimír Čunát
ab0bc1ecaf
symlinkJoin: preferLocalBuild && !allowSubstitutes
2016-03-11 15:59:18 +01:00
Tristan Helmich
1a5acdb695
cc-wrapper: Add additional NIX_DEBUG statements
2016-03-11 14:02:07 +01:00
Eelco Dolstra
2af1cb3aa6
Merge remote-tracking branch 'origin/binutils-2.26' into staging
...
This still breaks a few packages, but nothing really major:
http://hydra.nixos.org/eval/1241850?filter=x86_64-linux&compare=1237919&full=#tabs-now-fail
2016-03-11 11:58:49 +01:00
Tristan Helmich
7e2e0dfe7a
cc-wrapper: Use stderr for NIX_DEBUG output
...
Otherwise configure scripts might break when looking for the path to ld
2016-03-10 15:47:55 +01:00
Franz Pletz
514a478e61
cc-wrapper: Fix if syntax
2016-03-09 10:08:07 +01:00
Robin Gloster
9a5b070b45
hardening: debug with NIX_DEBUG
2016-03-08 20:51:35 +00:00
Franz Pletz
eb5a897161
Merge remote-tracking branch 'origin/pr/13505'
...
Fixes #13505 .
2016-03-08 01:01:44 +01:00
Franz Pletz
baee91ec60
cc-wrapper: Check if ld supports -z, fixes darwin
2016-03-07 21:40:20 +01:00
Franz Pletz
b2b499e6c4
cc-wrapper: Increase number of functions for stackprotector
2016-03-07 01:30:40 +01:00
Franz Pletz
ab1092875a
cc-wrapper: Disable pie for linking static libs
2016-03-07 01:30:39 +01:00
Franz Pletz
63f60b6a13
cc-wrapper: Disable pie when linking shared libraries
2016-03-07 01:30:39 +01:00
zimbatm
5e5494a852
make-wrapper.sh: add an --unset argument
...
`--set FOO ""` is not strictly equivalent to `--unset FOO`. In the former case
the environment variable still exists with an empty string as a value.
2016-03-06 22:48:14 +00:00
Franz Pletz
05a02c53a0
cc-wrapper: -pie is a ldflag
2016-03-06 00:14:55 +01:00
Franz Pletz
aff1f4ab94
Use general hardening flag toggle lists
...
The following parameters are now available:
* hardeningDisable
To disable specific hardening flags
* hardeningEnable
To enable specific hardening flags
Only the cc-wrapper supports this right now, but these may be reused by
other wrappers, builders or setup hooks.
cc-wrapper supports the following flags:
* fortify
* stackprotector
* pie (disabled by default)
* pic
* strictoverflow
* format
* relro
* bindnow
2016-03-05 18:55:26 +01:00
Profpatsch
82fa1a796b
lib/copyPathToStore: annotate docstring
2016-03-01 15:26:35 +01:00
zimbatm
0d2e437fc9
Merge pull request #13584 from zimbatm/nix-prefetch-git-json
...
nix-prefetch-git: change the default output to JSON
2016-03-01 10:07:00 +00:00
Lluís Batlle i Rossell
202ebf794c
vm/rpm/rpm-closure.pl: make it deterministic
...
Some recent perl version introduced "keys" to return the keys
in random order. As some of the packages are solved by "provides" and
based on the order, this randomness affects what packages get into the
closure.
This problem may be in other nix perl scripts.
2016-03-01 11:02:42 +01:00
zimbatm
90de261f33
nix-prefetch-git: change the default output to JSON
...
As discussed on the mailing list. The nix output was short-lived so it's
probably okay to change it.
2016-02-29 22:47:16 +00:00
Luca Bruno
5f8311775c
chromium: add StartupWMClass to desktop file. Fixes #12433
2016-02-29 20:42:58 +01:00
zimbatm
6d9cc54089
build-maven: use lib.importJSON
2016-02-29 13:49:29 +00:00
tg(x)
38614d3f6a
grsecurity: use kernel version instead of testing / stable
2016-02-28 04:10:59 +01:00
Eelco Dolstra
d5bb6a1f9c
glibc: Enable separate debug symbols
...
The importance of glibc makes it worthwhile to provide debug
symbols. However, this revealed an issue with separateDebugInfo: it
was indiscriminately adding --build-id to all ld invocations, while in
fact it should only do that for final links. Glibc also uses non-final
("relocatable") links, leading to subsequent failure to apply a build
ID ("Cannot create .note.gnu.build-id section, --build-id
ignored"). So now ld-wrapper.sh only passes --build-id for final
links.
2016-02-28 02:57:37 +01:00
Eelco Dolstra
69a337edae
separateDebugInfo: Compress debug sections at compile/link time
2016-02-28 01:54:55 +01:00
Eelco Dolstra
2040a9ac57
stdenv-linux: Ensure binutils comes before bootstrapTools in $PATH
...
Otherwise, when building glibc and other packages, the "strip" from
bootstrapTools is used, which doesn't recognise some tags produced by
the newer "ld" from binutils.
2016-02-28 01:13:15 +01:00
zimbatm
de124cfa79
Merge pull request #11671 from timbertson/fetchgit
...
fetchgit: output improvements
2016-02-27 22:45:07 +00:00
Eelco Dolstra
e6f61b4cf3
fetchurlBoot: Use Nix's builtin fetchurl function
...
This removes the need for curl in bootstrapTools, and enables https
for bootstrap tarballs.
2016-02-27 20:27:24 +01:00
tg(x)
4e3d6d3e90
grsecurity: separate fix patches for testing & stable
2016-02-27 19:54:55 +01:00
tg(x)
7547960546
grsecurity: move version information to one place
2016-02-27 18:36:12 +01:00
tg(x)
d95321b83e
grsecurity: 4.3.4 -> 4.4.2
2016-02-27 18:36:12 +01:00