diff options
author | Frederik Rietdijk <freddyrietdijk@fridh.nl> | 2020-12-11 15:56:17 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-12-11 15:56:17 +0100 |
commit | 3b85d7d54f083f46cf06eddcd7694a9078ad13d3 (patch) | |
tree | 3ca3aa73c4dff180850d9cec16db4c39a26ff3be /pkgs | |
parent | b9c76212fd8ea9e74ec9d8c288e16a2953eb25a6 (diff) | |
parent | 9fa8c7670dc7ddbd67f41d5effa7848962a1c36a (diff) |
Merge pull request #106321 from NixOS/staging-next
Staging next
Diffstat (limited to 'pkgs')
64 files changed, 464 insertions, 557 deletions
diff --git a/pkgs/applications/office/elementary-planner/default.nix b/pkgs/applications/office/elementary-planner/default.nix index 671613ddd32e..acade32d744d 100644 --- a/pkgs/applications/office/elementary-planner/default.nix +++ b/pkgs/applications/office/elementary-planner/default.nix @@ -21,13 +21,13 @@ stdenv.mkDerivation rec { pname = "elementary-planner"; - version = "2.5.4"; + version = "2.5.7"; src = fetchFromGitHub { owner = "alainm23"; repo = "planner"; rev = version; - sha256 = "0q5zmjh0d1mapgqb2a38spss280jkkc2n835kc7grzvs9jgq1k1k"; + sha256 = "0s2f9q7i31c2splflfnaiqviwnxbsp2zvibr70xafhbhnkmzlrsk"; }; nativeBuildInputs = [ diff --git a/pkgs/build-support/setup-hooks/auto-patchelf.sh b/pkgs/build-support/setup-hooks/auto-patchelf.sh index 4f7c0c14304c..49e84f84ceb3 100644 --- a/pkgs/build-support/setup-hooks/auto-patchelf.sh +++ b/pkgs/build-support/setup-hooks/auto-patchelf.sh @@ -1,9 +1,16 @@ declare -a autoPatchelfLibs +declare -Ag autoPatchelfFailedDeps gatherLibraries() { autoPatchelfLibs+=("$1/lib") } +# wrapper around patchelf to raise proper error messages +# containing the tried file name and command +runPatchelf() { + patchelf "$@" || (echo "Command failed: patchelf $*" && exit 1) +} + addEnvHooks "$targetOffset" gatherLibraries isExecutable() { @@ -23,14 +30,19 @@ isExecutable() { # We cache dependencies so that we don't need to search through all of them on # every consecutive call to findDependency. -declare -a cachedDependencies +declare -Ag autoPatchelfCachedDepsAssoc +declare -ag autoPatchelfCachedDeps + addToDepCache() { - local existing - for existing in "${cachedDependencies[@]}"; do - if [ "$existing" = "$1" ]; then return; fi - done - cachedDependencies+=("$1") + if [[ ${autoPatchelfCachedDepsAssoc[$1]+f} ]]; then return; fi + + # store deps in an assoc. array for efficient lookups + # otherwise findDependency would have quadratic complexity + autoPatchelfCachedDepsAssoc["$1"]="" + + # also store deps in normal array to maintain their order + autoPatchelfCachedDeps+=("$1") } declare -gi depCacheInitialised=0 @@ -43,9 +55,8 @@ getDepsFromSo() { populateCacheWithRecursiveDeps() { local so found foundso - for so in "${cachedDependencies[@]}"; do + for so in "${autoPatchelfCachedDeps[@]}"; do for found in $(getDepsFromSo "$so"); do - local libdir="${found%/*}" local base="${found##*/}" local soname="${base%.so*}" for foundso in "${found%/*}/$soname".so*; do @@ -76,7 +87,7 @@ findDependency() { depCacheInitialised=1 fi - for dep in "${cachedDependencies[@]}"; do + for dep in "${autoPatchelfCachedDeps[@]}"; do if [ "$filename" = "${dep##*/}" ]; then if [ "$(getSoArch "$dep")" = "$arch" ]; then foundDependency="$dep" @@ -101,9 +112,10 @@ findDependency() { autoPatchelfFile() { local dep rpath="" toPatch="$1" - local interpreter="$(< "$NIX_CC/nix-support/dynamic-linker")" + local interpreter + interpreter="$(< "$NIX_CC/nix-support/dynamic-linker")" if isExecutable "$toPatch"; then - patchelf --set-interpreter "$interpreter" "$toPatch" + runPatchelf --set-interpreter "$interpreter" "$toPatch" if [ -n "$runtimeDependencies" ]; then for dep in $runtimeDependencies; do rpath="$rpath${rpath:+:}$dep/lib" @@ -115,9 +127,10 @@ autoPatchelfFile() { # We're going to find all dependencies based on ldd output, so we need to # clear the RPATH first. - patchelf --remove-rpath "$toPatch" + runPatchelf --remove-rpath "$toPatch" - local missing="$( + local missing + missing="$( ldd "$toPatch" 2> /dev/null | \ sed -n -e 's/^[\t ]*\([^ ]\+\) => not found.*/\1/p' )" @@ -125,7 +138,6 @@ autoPatchelfFile() { # This ensures that we get the output of all missing dependencies instead # of failing at the first one, because it's more useful when working on a # new package where you don't yet know its dependencies. - local -i depNotFound=0 for dep in $missing; do echo -n " $dep -> " >&2 @@ -134,18 +146,13 @@ autoPatchelfFile() { echo "found: $foundDependency" >&2 else echo "not found!" >&2 - depNotFound=1 + autoPatchelfFailedDeps["$dep"]="$toPatch" fi done - # This makes sure the builder fails if we didn't find a dependency, because - # the stdenv setup script is run with set -e. The actual error is emitted - # earlier in the previous loop. - [ $depNotFound -eq 0 -o -n "$autoPatchelfIgnoreMissingDeps" ] - if [ -n "$rpath" ]; then echo "setting RPATH to: $rpath" >&2 - patchelf --set-rpath "$rpath" "$toPatch" + runPatchelf --set-rpath "$rpath" "$toPatch" fi } @@ -168,10 +175,10 @@ addAutoPatchelfSearchPath() { esac done - cachedDependencies+=( - $(find "$@" "${findOpts[@]}" \! -type d \ - \( -name '*.so' -o -name '*.so.*' \)) - ) + for file in \ + $(find "$@" "${findOpts[@]}" \! -type d \ + \( -name '*.so' -o -name '*.so.*' \)) + do addToDepCache "$file"; done } autoPatchelf() { @@ -197,14 +204,9 @@ autoPatchelf() { echo "automatically fixing dependencies for ELF files" >&2 # Add all shared objects of the current output path to the start of - # cachedDependencies so that it's choosen first in findDependency. + # autoPatchelfCachedDeps so that it's chosen first in findDependency. addAutoPatchelfSearchPath ${norecurse:+--no-recurse} -- "$@" - # Here we actually have a subshell, which also means that - # $cachedDependencies is final at this point, so whenever we want to run - # findDependency outside of this, the dependency cache needs to be rebuilt - # from scratch, so keep this in mind if you want to run findDependency - # outside of this function. while IFS= read -r -d $'\0' file; do isELF "$file" || continue segmentHeaders="$(LANG=C $READELF -l "$file")" @@ -215,8 +217,24 @@ autoPatchelf() { # Skip if the executable is statically linked. [ -n "$(echo "$segmentHeaders" | grep "^ *INTERP\\>")" ] || continue fi + # Jump file if patchelf is unable to parse it + # Some programs contain binary blobs for testing, + # which are identified as ELF but fail to be parsed by patchelf + patchelf "$file" || continue autoPatchelfFile "$file" done < <(find "$@" ${norecurse:+-maxdepth 1} -type f -print0) + + # fail if any dependencies were not found and + # autoPatchelfIgnoreMissingDeps is not set + local depsMissing=0 + for failedDep in "${!autoPatchelfFailedDeps[@]}"; do + echo "autoPatchelfHook could not satisfy dependency $failedDep wanted by ${autoPatchelfFailedDeps[$failedDep]}" + depsMissing=1 + done + if [[ $depsMissing == 1 && -z "$autoPatchelfIgnoreMissingDeps" ]]; then + echo "Add the missing dependencies to the build inputs or set autoPatchelfIgnoreMissingDeps=true" + exit 1 + fi } # XXX: This should ultimately use fixupOutputHooks but we currently don't have diff --git a/pkgs/build-support/setup-hooks/compress-man-pages.sh b/pkgs/build-support/setup-hooks/compress-man-pages.sh index 82e48cd8aa77..f5af76e8168f 100644 --- a/pkgs/build-support/setup-hooks/compress-man-pages.sh +++ b/pkgs/build-support/setup-hooks/compress-man-pages.sh @@ -21,6 +21,7 @@ compressManPages() { # Point symlinks to compressed manpages. find "$dir"/share/man/ -type l -a '!' -regex '.*\.\(bz2\|gz\)$' -print0 \ + | sort -z \ | while IFS= read -r -d $'\0' f do local target diff --git a/pkgs/build-support/setup-hooks/strip.sh b/pkgs/build-support/setup-hooks/strip.sh index f5fa9378fd7e..a7cdfd1d2767 100644 --- a/pkgs/build-support/setup-hooks/strip.sh +++ b/pkgs/build-support/setup-hooks/strip.sh @@ -51,7 +51,7 @@ stripDirs() { if [ -n "${dirs}" ]; then header "stripping (with command $cmd and flags $stripFlags) in$dirs" - find $dirs -type f -print0 | xargs -0 ${xargsFlags:--r} $cmd $commonStripFlags $stripFlags 2>/dev/null || true + find $dirs -type f -exec $cmd $commonStripFlags $stripFlags '{}' \; # stopNest fi } diff --git a/pkgs/data/misc/cacert/default.nix b/pkgs/data/misc/cacert/default.nix index 34e0ec132a9f..0545c0e5efae 100644 --- a/pkgs/data/misc/cacert/default.nix +++ b/pkgs/data/misc/cacert/default.nix @@ -1,6 +1,10 @@ { stdenv, fetchurl, nss, python3 , blacklist ? [] -, includeEmail ? false + +# Used for tests only +, runCommand +, cacert +, openssl }: with stdenv.lib; @@ -37,11 +41,6 @@ stdenv.mkDerivation { EOF cat ${certdata2pem} > certdata2pem.py - patch -p1 < ${./fix-unicode-ca-names.patch} - ${optionalString includeEmail '' - # Disable CAs used for mail signing - substituteInPlace certdata2pem.py --replace \[\'CKA_TRUST_EMAIL_PROTECTION\'\] ''' - ''} ''; buildPhase = '' @@ -66,12 +65,59 @@ stdenv.mkDerivation { setupHook = ./setup-hook.sh; passthru.updateScript = ./update.sh; + passthru.tests = { + # Test that building this derivation with a blacklist works, and that UTF-8 is supported. + blacklist-utf8 = let + blacklistCAToFingerprint = { + # "blacklist" uses the CA name from the NSS bundle, but we check for presence using the SHA256 fingerprint. + "CFCA EV ROOT" = "5C:C3:D7:8E:4E:1D:5E:45:54:7A:04:E6:87:3E:64:F9:0C:F9:53:6D:1C:CC:2E:F8:00:F3:55:C4:C5:FD:70:FD"; + "NetLock Arany (Class Gold) Főtanúsítvány" = "6C:61:DA:C3:A2:DE:F0:31:50:6B:E0:36:D2:A6:FE:40:19:94:FB:D1:3D:F9:C8:D4:66:59:92:74:C4:46:EC:98"; + }; + mapBlacklist = f: concatStringsSep "\n" (mapAttrsToList f blacklistCAToFingerprint); + in runCommand "verify-the-cacert-filter-output" { + cacert = cacert.unbundled; + cacertWithExcludes = (cacert.override { + blacklist = builtins.attrNames blacklistCAToFingerprint; + }).unbundled; + + nativeBuildInputs = [ openssl ]; + } '' + isPresent() { + # isPresent <unbundled-dir> <ca name> <ca sha256 fingerprint> + for f in $1/etc/ssl/certs/*.crt; do + fingerprint="$(openssl x509 -in "$f" -noout -fingerprint -sha256 | cut -f2 -d=)" + if [[ "x$fingerprint" == "x$3" ]]; then + return 0 + fi + done + return 1 + } + + # Ensure that each certificate is in the main "cacert". + ${mapBlacklist (caName: caFingerprint: '' + isPresent "$cacert" "${caName}" "${caFingerprint}" || ({ + echo "CA fingerprint ${caFingerprint} (${caName}) is missing from the CA bundle. Consider picking a different CA for the blacklist test." >&2 + exit 1 + }) + '')} + + # Ensure that each certificate is NOT in the "cacertWithExcludes". + ${mapBlacklist (caName: caFingerprint: '' + isPresent "$cacertWithExcludes" "${caName}" "${caFingerprint}" && ({ + echo "CA fingerprint ${caFingerprint} (${caName}) is present in the cacertWithExcludes bundle." >&2 + exit 1 + }) + '')} + + touch $out + ''; + }; meta = { homepage = "https://curl.haxx.se/docs/caextract.html"; description = "A bundle of X.509 certificates of public Certificate Authorities (CA)"; platforms = platforms.all; - maintainers = with maintainers; [ fpletz ]; + maintainers = with maintainers; [ andir fpletz lukegb ]; license = licenses.mpl20; }; } diff --git a/pkgs/data/misc/cacert/fix-unicode-ca-names.patch b/pkgs/data/misc/cacert/fix-unicode-ca-names.patch deleted file mode 100644 index 07d3629196a7..000000000000 --- a/pkgs/data/misc/cacert/fix-unicode-ca-names.patch +++ /dev/null @@ -1,20 +0,0 @@ ---- a/certdata2pem.py 2017-08-01 23:10:00.000000000 +0300 -+++ b/certdata2pem.py 2017-08-01 23:08:21.131297636 +0300 -@@ -88,7 +88,7 @@ - \# Read blacklist. - blacklist = [] - if os.path.exists('blacklist.txt'): -- for line in open('blacklist.txt', 'r'): -+ for line in io.open('blacklist.txt', 'r', encoding='utf-8'): - line = line.strip() - if line.startswith('#') or len(line) == 0: - continue -@@ -101,7 +101,7 @@ - if obj['CKA_CLASS'] != 'CKO_NSS_TRUST': - continue - if obj['CKA_LABEL'] in blacklist: -- print("Certificate %s blacklisted, ignoring." % obj['CKA_LABEL']) -+ print("Certificate %s blacklisted, ignoring." % unicode(obj['CKA_LABEL']).encode('utf-8')) - elif obj['CKA_TRUST_SERVER_AUTH'] == 'CKT_NSS_TRUSTED_DELEGATOR': - trust[obj['CKA_LABEL']] = True - elif obj['CKA_TRUST_EMAIL_PROTECTION'] == 'CKT_NSS_TRUSTED_DELEGATOR': diff --git a/pkgs/development/interpreters/guile/setup-hook-2.0.sh b/pkgs/development/interpreters/guile/setup-hook-2.0.sh index 6bb3910aaff4..288f7e242f98 100644 --- a/pkgs/development/interpreters/guile/setup-hook-2.0.sh +++ b/pkgs/development/interpreters/guile/setup-hook-2.0.sh @@ -8,6 +8,16 @@ addGuileLibPath () { export GUILE_LOAD_PATH="${GUILE_LOAD_PATH-}${GUILE_LOAD_PATH:+:}$1/share/guile/site" export GUILE_LOAD_COMPILED_PATH="${GUILE_LOAD_COMPILED_PATH-}${GUILE_LOAD_COMPILED_PATH:+:}$1/share/guile/site" fi + + if test -d "$1/lib/guile/2.0/ccache" + then + export GUILE_LOAD_COMPILED_PATH="${GUILE_LOAD_COMPILED_PATH-}${GUILE_LOAD_COMPILED_PATH:+:}$1/lib/guile/2.0/ccache" + fi + + if test -d "$1/lib/guile/2.0/site-ccache" + then + export GUILE_LOAD_COMPILED_PATH="${GUILE_LOAD_COMPILED_PATH-}${GUILE_LOAD_COMPILED_PATH:+:}$1/lib/guile/2.0/site-ccache" + fi } addEnvHooks "$hostOffset" addGuileLibPath diff --git a/pkgs/development/interpreters/guile/setup-hook-2.2.sh b/pkgs/development/interpreters/guile/setup-hook-2.2.sh index 4b3541fcc7f0..1430dbe07205 100644 --- a/pkgs/development/interpreters/guile/setup-hook-2.2.sh +++ b/pkgs/development/interpreters/guile/setup-hook-2.2.sh @@ -8,6 +8,16 @@ addGuileLibPath () { export GUILE_LOAD_PATH="${GUILE_LOAD_PATH-}${GUILE_LOAD_PATH:+:}$1/share/guile/site" export GUILE_LOAD_COMPILED_PATH="${GUILE_LOAD_COMPILED_PATH-}${GUILE_LOAD_COMPILED_PATH:+:}$1/share/guile/site" fi + + if test -d "$1/lib/guile/2.2/ccache" + then + export GUILE_LOAD_COMPILED_PATH="${GUILE_LOAD_COMPILED_PATH-}${GUILE_LOAD_COMPILED_PAT |