Commit graph

2786 commits

Author SHA1 Message Date
Charles Strahan
fc46895e86
hardening: allow user supplied flags to override
Put hardening flags before user supplied flags.
2018-03-06 00:30:09 -05:00
Charles Strahan
cc7ce57f86
hardening: clarify the whitelist logic
Per @Ericson2314's suggestion [1], make it more clear that the active
hardenings are decided via whitelist; the blacklist is merely for the
debug messages.

1: 36d5ce41d4 (r133279731)
2018-03-06 00:30:09 -05:00
Charles Strahan
9920923cde
hardening: fix careless bugs
I got a substitution backwards (used '+' instead of '-').

Also, this now works under `set -u` (had to fix a couple unbound
variable references).
2018-03-06 00:30:08 -05:00
Charles Strahan
0937df463f
hardening: fix bug/typo 2018-03-06 00:30:08 -05:00
Charles Strahan
9fe17b2153
hardening: fix #18995 2018-03-06 00:30:00 -05:00
Vladimír Čunát
a373fe8322
makeInitrd: explain why we don't use closureInfo
/cc #36268.
2018-03-05 13:04:55 +01:00
Eelco Dolstra
165b32d386
Revert "makeInitrd: Use closureInfo"
This reverts commit 776a5e6ebf.

Fixes #36268.
2018-03-05 12:49:59 +01:00
Franz Pletz
0f78afdf25
Merge pull request #32248 from awakesecurity/parnell/fetchdocker
Support fetching docker images from V2 registries
2018-03-04 17:10:27 +00:00
Vladimír Čunát
b70c93f211
Merge branch 'master' into nix-2.0 2018-03-03 18:02:35 +01:00
Shea Levy
95579af5ec
Merge remote-tracking branch 'origin/staging' into cross-nixos 2018-03-01 14:56:58 -05:00
Tuomas Tynkkynen
b8b2225f6b Merge remote-tracking branch 'upstream/master' into staging 2018-03-01 06:09:20 +02:00
Shea Levy
6a32291523
makeModulesClosure: Fix cross-compilation 2018-02-28 15:01:32 -05:00
Shea Levy
7f623cfa45
callCabal2nix: Fix filtering for non-cleanSourceable sources.
What was here before wasn't correct anyway, and now it works in
restricted mode.

Fixes #35207
2018-02-28 14:22:19 -05:00
Tuomas Tynkkynen
34f95d92a2 Merge remote-tracking branch 'upstream/master' into staging
Conflicts:
	pkgs/applications/misc/pytrainer/default.nix
	pkgs/development/tools/pew/default.nix
	pkgs/tools/misc/you-get/default.nix
2018-02-28 20:52:49 +02:00
Will Dietz
f14ff86ec9 bintools-wrapper: fix breakage on aarch64, where "isArm" is false
Unintentionally changed in #35247
2018-02-28 09:42:13 -06:00
John Ericson
dfc5d7835d
Merge pull request #35247 from telent/mips32
lib, treewide: Add missing MIPS arches, and fix existing usage
2018-02-27 14:01:15 -05:00
Eelco Dolstra
0d00215880
Cleanup 2018-02-27 19:59:26 +01:00
John Ericson
4a29081a94
Merge pull request #35071 from oxij/stdenv/infopages
stdenv, bash: fixing info pages and stuff
2018-02-26 18:06:11 -05:00
Jan Malakhovski
f1074211ce cc-wrapper: allow building without documentation, propagate info pages 2018-02-26 22:42:33 +00:00
Jan Malakhovski
0ab1067d12 bintools-wrapper: allow building without documentation 2018-02-26 22:42:32 +00:00
Vladimír Čunát
f5ce8f86df
Revert "Merge staging at '8d490ca9934d0' into master"
This reverts commit fc23242220, reversing
changes made to 754816b84b.
We don't have many binaries yet.  Comment on the original merge commit.
2018-02-26 22:53:18 +01:00
Frederik Rietdijk
fc23242220 Merge staging at '8d490ca9934d0c01e1e9ade455657e54e2e843c0' into master 2018-02-26 13:05:32 +01:00
Frederik Rietdijk
4f08b0fbac Merge remote-tracking branch 'upstream/master' into HEAD 2018-02-26 10:50:18 +01:00
Jan Tojnar
a31d98f312
tree-wide: autorename gnome packages to use dashes 2018-02-25 17:41:16 +01:00
Jörg Thalheim
de87c0348c
Merge pull request #35176 from abbradar/update-vm
vmTools: update distributions
2018-02-24 10:08:17 +00:00
Daniel Barlow
9c50ae6898 lib, treewide: Add missing MIPS arches, and fix existing usage
Existing "mips64el" should be "mipsel".

This is just the barest minimum so that nixpkgs can recognize them as
systems - although required for building individual derivations onto
MIPS boards, it is not sufficient if you want to actually build nixos on
those targets
2018-02-23 20:43:42 -05:00
Eelco Dolstra
8c6f9223d0
Merge pull request #35402 from shlevy/closure-info-total-size
closureInfo: Report the total closure size.
2018-02-23 17:02:33 +01:00
Shea Levy
adf8074abe
closureInfo: Report the total closure size.
This can be useful for e.g. preallocating disk image sizes.
2018-02-23 10:52:37 -05:00
Nikolay Amiantov
a984be41ab Merge branch 'master' into staging 2018-02-23 18:51:08 +03:00
Eelco Dolstra
776a5e6ebf
makeInitrd: Use closureInfo 2018-02-23 16:41:31 +01:00
Yurii Rashkovskii
e1aecec4cd
build-support/rust: make use of abandoned cargoUpdateHook
Previously, cargoUpdateHook was meaningful as it was used
in
[`cargo-fetch-deps`](19d3cf81d3/pkgs/build-support/rust/fetch-cargo-deps (L71)).

However, this entire file was removed in
5f8cf0048e. As far as I can
tell, nothing in the code is using it, but it is still
being passed around:
https://github.com/NixOS/nixpkgs/search?q=cargoUpdateHook&type=Code&utf8=%E2%9C%93

There are, however, legitimate use cases for it. For example,
in some software, some dependencies are not locked in Cargo.toml
and this causes Cargo to try fetching another version of them.
This doesn't work well with vendoring crates.

This hook allows to inject patching or whatever necessary workarounds
in the crate vendoring process. I suppose that's what it was for
in there in the first place.

This patch restores this hook and makes it usable again.
2018-02-23 11:17:03 +07:00
Eelco Dolstra
d12c9911df
Merge remote-tracking branch 'origin/master' into nix-2.0 2018-02-22 17:28:51 +01:00
John Ericson
e42e6d2f0e
Merge pull request #35266 from abbradar/cc-bools
cc-wrapper: fix bool handling for empty and zero values
2018-02-21 17:00:42 -05:00
Nikolay Amiantov
9a9c2e6579 cc-wrapper: fix bool handling for empty and zero values
Before the code would fail silently for zero values and with some output for
empties. We now currently handle both via defaulting value to zero and making
`let` return success error code when there's no syntax error.
2018-02-21 23:54:31 +03:00
Nikolay Amiantov
c811c35b9c vmTools: update distributions
Drop currently unsupported releases.
Add Fedora 26 and 27.
Update CentOS.
Add Debian 9.
Add Ubuntu 17.10.
2018-02-21 15:41:46 +03:00
Nikolay Amiantov
430e0f4a80 buildBazelPackage: init
A separate function for building Bazel-bazed packages. Internally it splits the
build into two phases, fetching and building.

Users are expected to provide `fetchArgs.sha256` -- checksum of fetched
dependencies. Local dependencies should be removed in `fetchArgs.preInstall`.
Overall `fetchArgs` and `buildArgs` can be used to add specific steps to fetch
and build.
2018-02-20 20:39:49 +03:00
Jörg Thalheim
c7aa4fd65b
Merge pull request #35177 from abbradar/fix-debbuild
debBuild: install all packages at once to avoid dependency management
2018-02-20 11:07:44 +00:00
Jörg Thalheim
f61e8d98ff
rust: 1.22.1 -> 1.24.0 2018-02-20 09:59:26 +00:00
Pierre-Etienne Meunier
8e5ab6e7ac BuildRustCrate: more general overrides, and handling the "dylib" crate type (#35171)
* buildRustCrate: adding a symlink from libblah-xxxxx.so to libblah.so
* BuildRustCrate: overriding phases
* Carnix: 0.6.5 -> 0.6.6
* Fixing symlink_dependencies --buildDep
* Shorter symlink_dependencies
* running `runHook postBuild` *after* the build
2018-02-20 08:55:04 +01:00
Nikolay Amiantov
c55b2fa7cd debBuild: install all packages at once to avoid dependency management 2018-02-19 16:07:40 +03:00
Jan Malakhovski
a89899ce4e fetchurl: cleanup, better errors
Also fix what seems like bugs in uncommon `stdenv`s.
2018-02-18 14:24:53 +00:00
Vladimír Čunát
b5aaaf87a7
Merge staging and PR #35021
It's the last staging commit (mostly) built on Hydra,
and a minimal fix for Darwin regression in pysqlite.
2018-02-16 09:13:12 +01:00
Matthew Justin Bauer
a5e28a554e
nix-buffer: make eshell-path-env be inherited 2018-02-15 17:30:59 -06:00
Nikolay Amiantov
56e0943b08 makeModulesClosure: support firmware
Link it in stage 1.
2018-02-16 00:11:07 +02:00
Frederik Rietdijk
672bb6b4ab Merge remote-tracking branch 'upstream/master' into HEAD 2018-02-14 21:30:08 +01:00
Timo Kaufmann
dc53518dc3 buildRustPackage: Restrict find to files
`find -executable` finds everything with the executable bit set,
including directories. Thats not harmful in this scenario as `cp` won't
copy those directories, but it does result in a few warning messages.
2018-02-14 17:27:03 +01:00
Antoine Eiche
ce838e52b9 dockerTools.buildImage: do not add /nix/store in the tar stream
Since the /nix/store directory is not immutable, tar can fails if it
has to push it into the layer archive.

Fixes #34137.
2018-02-14 06:40:41 +01:00
Parnell Springmeyer
0a603ee165
Merge remote-tracking branch 'upstream/master' into parnell/fetchdocker 2018-02-13 17:28:45 -06:00
Stewart Mackenzie
a5cabdb6b1 buildRustCrate: add a postInstall phase (#34906) 2018-02-13 17:28:32 +01:00
Will Dietz
d5916a84cf bintools-wrapper: teach about musl dynamic linkers 2018-02-13 09:44:33 -06:00
Shea Levy
038b893338
Merge branch 'patch-9' of git://github.com/matthewbauer/nixpkgs 2018-02-12 09:33:25 -05:00
Peter Hoeg
8016f9b4c9
Merge pull request #34611 from peterhoeg/p/descent
descent 1 & 2: use assets from gog.com with the dxx-rebirth project
2018-02-12 22:31:41 +08:00
Peter Hoeg
126cc690ac build-support gogUnpackHook: support for unpacking games from gog.com 2018-02-12 22:28:06 +08:00
Matthew Justin Bauer
5b59084e00
Filter nix-buffer packages
Null packages cause an error
2018-02-11 21:52:16 -06:00
pe@pijul.org
113591c803 defaultCrateOverrides: add pq-sys
fixes #34228
2018-02-10 06:59:56 -06:00
pe@pijul.org
508bf1b318 defaultCrateOverrides: add thrussh-libsodium 2018-02-10 06:59:56 -06:00
aszlig
1cba74dfc1
setup-hooks: Add autoPatchelfHook
I originally wrote this for packaging proprietary games in Vuizvui[1]
but I thought it would be generally useful as we have a fair amount of
proprietary software lurking around in nixpkgs, which are a bit tedious
to maintain, especially when the library dependencies change after an
update.

So this setup hook searches for all ELF executables and libraries in the
resulting output paths after install phase and uses patchelf to set the
RPATH and interpreter according to what dependencies are available
inside the builder.

For example consider something like this:

stdenv.mkDerivation {
  ...
  nativeBuildInputs = [ autoPatchelfHook ];
  buildInputs = [ mesa zlib ];
  ...
}

Whenever for example an executable requires mesa or zlib, the RPATH will
automatically be set to the lib dir of the corresponding dependency.

If the library dependency is required at runtime, an attribute called
runtimeDependencies can be used to list dependencies that are added to
all executables that are discovered unconditionally.

Beside this, it also makes initial packaging of proprietary software
easier, because one no longer has to manually figure out the
dependencies in the first place.

[1]: https://github.com/openlab-aux/vuizvui

Signed-off-by: aszlig <aszlig@nix.build>
Closes: #34506
2018-02-10 00:27:24 +05:30
Eelco Dolstra
5193807750
VM tests: Initialize the Nix database with correct NAR hashes/sizes 2018-02-07 15:49:02 +01:00
gnidorah
810a19bab3 way-cooler: 0.6.2 -> 0.8.0 2018-02-04 05:17:53 +03:00
Jörg Thalheim
2a2c8eab26 rust: fix evaluation 2018-02-04 00:09:00 +00:00
Jörg Thalheim
6580b18d3f cargo-vendor: move to all-packages 2018-02-03 22:35:27 +00:00
pe@pijul.org
8f20e7ce3a carnix: 0.6.0 -> 0.6.5 2018-02-03 22:31:54 +00:00
Jörg Thalheim
8ee54334e9
Merge pull request #33980 from thefloweringash/cargo-vendor-carnix
cargo-vendor: Build from source using carnix
2018-02-03 10:28:57 +00:00
Tuomas Tynkkynen
10c8e6d0c5 Merge remote-tracking branch 'upstream/master' into staging 2018-02-03 02:50:21 +02:00
Vladimír Čunát
2fb4606f38
Merge branch 'master' into staging
Haskell rebuild.
Hydra: ?compare=1430378
2018-02-01 09:36:23 +01:00
Shea Levy
943592f698
Add setFunctionArgs lib function.
Among other things, this will allow *2nix tools to output plain data
while still being composable with the traditional
callPackage/.override interfaces.
2018-01-31 14:02:19 -05:00
Tuomas Tynkkynen
71631a922b runInLinuxVM: Use QEMU command line that works on other architectures
... by moving the existing definition to qemu-flags.nix and reusing
that.
2018-01-30 16:57:27 +02:00
Tuomas Tynkkynen
8c4f8c51a6 runInLinuxVM: Don't hardcode x86-specific serial device 2018-01-30 16:57:27 +02:00
Vladimír Čunát
2d2dbe083f
Merge branch 'master' into staging
Hydra: ?compare=1429281
2018-01-27 09:14:22 +01:00
John Ericson
57b01b1bcf lib, openssl: Get rid of openssl.system
We compute it on the fly, careful to avoid any mass rebuilds for now.
2018-01-26 21:22:00 -05:00
Pierre-Etienne Meunier
6fbaa05dd1 Carnix 0.6 (#34238) 2018-01-26 10:53:18 +00:00
Will Dietz
0e95bed017 nix-prefetch-git: fix extraction of submodule hashes on latest git
Summary:

According to git-submodule manpage,
"git submodule status" prefixes the hash with a '-' if it is not
initialized, and other chars in other circumstances.
(this is consistent on the various git versions tested)

nix-prefetch-git runs "git submodule init" which does you'd think,
but apparently despite this earlier versions of git before 2.16
would still give the hash the '-' suffix.
In particular this is the behavior when using 2.15 and 2.14.1
from the nixos-17.09 and nixos-17.03 channels respectively.

The script then used awk to drop the first char of the first field
which does the wrong thing when there is no prefix emitted:
while there is a space character before the hash, this is not
part of the field and so we ended up eating the first character
of the hash.

To fix this in a way that also works with the previous behavior,
this commit instead uses awk to grab the hash field
and uses tr to delete any '-' chars should they be present.

This seems to work in my testing, and for example can now
successfully fetch the source for "nginxModules.brotli"
where previously it would generate an error:

fatal: '22564a95d9ab58865a096b8d9f7324ea5f2e03e' is not a commit and a branch 'fetchgit' cannot be created from it

(we dropped a '2' from the beginning of the hash)
2018-01-24 20:18:59 +02:00
Frederik Rietdijk
6b0873440b Merge remote-tracking branch 'upstream/master' into HEAD 2018-01-22 16:09:11 +01:00
Tuomas Tynkkynen
95880aaf06 nixos/initrd: Don't include some x86-specific modules unconditionally 2018-01-22 12:53:33 +02:00
Tuomas Tynkkynen
44326993f4 build-support/vm: Autodetect kernel filename
It's 'Image' on AArch64.
2018-01-22 12:53:24 +02:00
Yegor Timoshenko
4b1b6ee6d1
patchShebangs: preserve times, resolves #33084
Close #33281.  Edits by vcunat:
 - use Eelco's idea: empty file instead of full copy
 - use longer name suffix to decrease the likelihood of collision
2018-01-21 12:09:07 +01:00
John Ericson
5708396f47
Merge pull request #34018 from obsidiansystems/fetchpatch
fetchpatch: Add support for an arbitrary extra prefix
2018-01-18 12:39:39 -05:00
John Ericson
9bd437d4b4 fetchpatch: Add support for an arbitrary extra prefix
We still ensure the old and new ones start, respectfully, with `a/` and
`b/`. Use with `stripLen` to ensure tha the old `a/` and `/b` are gone
if a new prefix is added.
2018-01-18 12:19:49 -05:00
Andrew Childs
be797f7e1c cargo-vendor: Build from source using carnix
Removes a binary bootstrap, and enables cargo-vendor on aarch64.
2018-01-18 20:44:42 +09:00
Andrew Childs
62dcb3d5d0 buildRustCrate: Allow arbitrary attributes in crateOverrides 2018-01-18 20:42:00 +09:00
Tuomas Tynkkynen
6ed0fe7e45 Merge remote-tracking branch 'upstream/master' into staging
Conflicts:
	pkgs/build-support/fetchbower/default.nix
	pkgs/build-support/fetchdarcs/default.nix
	pkgs/build-support/fetchgx/default.nix
	pkgs/development/python-modules/botocore/default.nix
	pkgs/os-specific/linux/firmware/firmware-linux-nonfree/default.nix
	pkgs/tools/admin/awscli/default.nix
2018-01-14 21:18:27 +02:00
Shea Levy
4e78aeb441
callCabal2nix: Fix calling with a path in the store. 2018-01-11 10:17:56 -05:00
John Ericson
e017a027d5
Merge pull request #33681 from obsidiansystems/fixed-output-deps
Fixed output deps
2018-01-10 14:28:10 -05:00
Parnell Springmeyer
e4ec980e9c
Merge remote-tracking branch 'upstream/master' into parnell/fetchdocker 2018-01-10 10:13:49 -08:00
John Ericson
888404f11b treewide: Fix deps in a few other fixed output derivations 2018-01-10 11:18:44 -05:00
John Ericson
940c4fa3f5 treewide: Fetchers should use stdenvNoCC. 2018-01-10 11:18:44 -05:00
John Ericson
3d59b4d285 treewide: Fixed output fetch* derivations should use nativeBuildInputs 2018-01-09 20:14:46 -05:00
Robin Gloster
7c5430c27c
Revert "rust: store the cargo-vendor config"
This reverts commit 0af2c5891b.

See 0af2c5891b (commitcomment-26737983)
This breaks the cargoSha256 hashes.
2018-01-09 15:03:03 +01:00
Will Dietz
9721ed22e8 schedulingPriority should be an int, fix check-meta type and in-tree use 2018-01-09 07:25:24 -06:00
zimbatm
0af2c5891b rust: store the cargo-vendor config
cargo-vendor generates almost the right cargo config. Store it with the
vendored files and patch it on use.

This allows to re-use the generated config when using git dependencies.
2018-01-09 03:37:53 +01:00
Vladimír Čunát
5837d1a070
Merge branch 'master' into staging 2018-01-08 17:33:31 +01:00
Will Dietz
21f7b2b3f2 vmTools: omit '-drive ...' entirely instead of using /dev/null
Fixes #33378.
2018-01-07 17:50:44 +02:00
Daiderd Jordan
5a02143c20
Merge pull request #33010 from LnL7/cacert-hook
cacert: add hook that sets SSL_CERT_FILE
2018-01-07 09:55:15 +01:00
dywedir
10e22d53ad carnix: 0.5.0 -> 0.5.2 2018-01-06 13:53:23 +01:00
Will Dietz
40b2647b69 gcc-wrapper-old: grab name of dynamicLinker for bintools 2018-01-05 18:55:13 -06:00
Shea Levy
0f925943fd
Fix emacsWithPackages after 7f3ca3e21a.
This is hacky but it does the job, resurrects findInputs from before staging merge
2018-01-04 12:15:55 -05:00
Frederik Rietdijk
1869e7e5b0 Merge remote-tracking branch 'upstream/master' into HEAD 2018-01-01 15:09:55 +01:00
Wei-Ming Yang
70e9b60b33
dockerTools.examples: correct a typo in comments
This commit is for correcting a typo in comments.
2018-01-01 16:13:40 +08:00
Vladimír Čunát
1fcd92ce92
Merge branch 'master' into staging
A few thousand rebuilds from master, again.
Hydra: ?compare=1422362
2017-12-31 09:53:49 +01:00
John Ericson
64965e8224
Merge pull request #29483 from veprbl/hardening_unsupported_flags
cc-wrapper: allow compilers to specify unsupported hardening modes
2017-12-30 23:25:43 -05:00
Yegor Timoshenko
60a133f9d0
Merge pull request #33139 from yegortimoshenko/20171228.053707/chrootenv
chrootenv: rewrite on top of GLib
2017-12-31 06:59:31 +03:00
John Ericson
4d2b763817
Merge pull request #26805 from obsidiansystems/cross-elegant
Make cross compilation elegant
2017-12-30 22:58:02 -05:00
John Ericson
469fd89832 stdenv-setup: Ease the transition with native builds
- All deps go on the PATH

 - CC and Bintools wrappers with their host != depender's host still get their
   setup hooks run.

 - Environment hooks get applied to all packages

This isn't so elegent, but eases the transition on a very significant
PR.
2017-12-30 22:04:23 -05:00
John Ericson
046f091e0d treewide: Don't use envHook anymore
This commits needs a MAJOR audit as I oftentimes just guessed which of
`$hostOffset`, `$targetOffset`, or a fixed offset should be used.
2017-12-30 22:04:22 -05:00
John Ericson
a1cdc2011e strip setup hook: Learn about only stripping host/target binaries alone
`dontStrip` is still a catch-all, but `dontStripHost` and
`dontStripTarget` are also now available for finer-grained disabling.
2017-12-30 22:04:22 -05:00
John Ericson
3a50395ef2 {bintools,cc}-wrapper: extraPackages should be depsTargetTargetPropagated
They are libraries used by programs built with these tools, not used by the
tools themselves.
2017-12-30 22:04:21 -05:00
John Ericson
a036473a0a {bintools,cc}-wrapper: Fix setup hook to respect the role of the cc-compiler
We now have the information to properly determine the role the
cc-wrapper dependency has, by taking advantage of `offset`. No longer
use the soon-to-be-deprecated crossConfig environment variable, the
temp hack used before this change.
2017-12-30 22:04:21 -05:00
Yegor Timoshenko
4b1cf5afb8
chrootenv: rewrite on top of GLib
Changes:

* doesn't handle root user separately
* doesn't chdir("/") which makes using it seamless
* only bind mounts, doesn't symlink (i.e. files)

Incidentally, fixes #33106.

It's about two times shorter than the previous version, and much
easier to read/follow through. It uses GLib quite heavily, along with
RAII (available in GCC/Clang).
2017-12-30 22:28:38 +00:00
Dmitry Kalinkin
6d9769663d
cc-wrapper: allow compilers to specify unsupported hardening modes
Fixes: 0fd7ef61b2 ('clang_34: Disable hardening bits (#28543)')
2017-12-30 12:23:25 -05:00
John Ericson
eb27be0731
Merge pull request #33186 from obsidiansystems/cross-binutils
binutils: Fix cross, again
2017-12-29 17:42:38 -05:00
John Ericson
cc44e04472 bintools-wrapper: Define fallback default emulation
This ensures we by-default cross-compile to the intended platform.
2017-12-29 17:32:28 -05:00
Jörg Thalheim
c333e9b348
Merge pull request #32302 from andir/uwimap-pollution
uwimap pollution of `include/`
2017-12-29 00:08:26 +01:00
Yegor Timoshenko
25b35f4ffb
chrootenv: resolve potential race condition 2017-12-28 00:25:02 +00:00
Daiderd Jordan
091c2b9f04
cacert: cleanup exporting SSL_CERT_FILE 2017-12-27 21:36:32 +01:00
Joachim F
e6542d0609
Merge pull request #32916 from jbedo/singularity-2.4
singularity: 2.2 -> 2.4
2017-12-25 13:30:42 +00:00
Orivej Desh
c4be328f98
Merge pull request #32814 from fahadsadah/patch-1
build-support: clean-up fetchSvn
2017-12-24 01:24:56 +00:00
Yegor Timoshenko
73a0d95b96 chrootenv: code review
* Wrap LEN macro in parantheses
* Drop env_filter in favor of stateful environ_blacklist_filter,
  use execvp instead of execvpe, don't explicitly use environ
* Add argument error logging wherever it makes sense
* Drop strjoin in favor of asprintf
* char* -> const char* where appropriate
* Handle stat errors
* Print user messages with fputs, not errorf
* Abstract away is_str_in (previously bind_blacklisted)
* Cleanup temporary directory on error
* Some minor syntactic and naming changes

Thanks to Jörg Thalheim and Tuomas Tynkkynen for the code review!
2017-12-22 18:56:13 +03:00
Yegor Timoshenko
710662be94 chrootenv: error on chrootenv-inside-chrootenv, resolves #32802 2017-12-22 18:56:13 +03:00
Yegor Timoshenko
0234cd41b4 chrootenv: replace env whitelist with blacklist, closes #32878 2017-12-22 18:56:13 +03:00
Yegor Timoshenko
c03663a145 chrootenv: bind-mount all dirs in /, symlink files, closes #32877 2017-12-22 18:56:13 +03:00
Yegor Timoshenko
ef1accae91 chrootenv: print sysctl command for Debian users, fixes #32876 2017-12-22 18:56:13 +03:00
Justin Bedo
db927ea35b
singularity: 2.2 -> 2.4 2017-12-21 10:50:06 +11:00
zimbatm
adc5c9b83d
mkShell: add builder (#30975) 2017-12-20 23:42:07 +00:00
Orivej Desh
e2c8655405 ld-is-cc-hook: init
This hook sets LD to CC, for use with software that works as if LD=$CC when LD
is unset, and does not work when LD=ld.
2017-12-19 01:45:42 +00:00
Orivej Desh
170a964815 makeSetupHook: make the default name "hook" overridable
for occasional convenience while looking at drv paths,
such as in the output of nix-build and nix-diff.
2017-12-19 01:41:31 +00:00
Fahad Sadah
60e937b8b2 build-support: tidy fetchSvn
Remove old workaround rendered unnecessary by af9db522cf
2017-12-18 15:56:53 +00:00
Orivej Desh
7c58e8dfc2 Merge branch 'master' into staging
* master: (125 commits)
  scummvm: fix eval
  tinycc: 0.9.27pre-20171016 -> 0.9.27
  Update terraform provider versions
  vscode: 1.18.1 -> 1.19.0
  linux: 4.14.6 -> 4.14.7
  scummvm: 1.9.0 -> 2.0.0
  cmst: 2017.03.18 -> 2017.09.19
  albert: 0.14.7 -> 0.14.14
  obs-studio: fix vlc plugin
  ffmpeg, ffmpeg-full: 3.4 -> 3.4.1
  uchiwa: 0.26.3 -> 1.1.0
  linux-testing: 4.15-rc3 -> 4.15-rc4
  steam: override nss, nspr, fixes #32781
  ponyc: 0.20.0 -> 0.21.0
  pythonPackages.pwntools: disable tests
  gnome3.gnome-tweak-tool: 3.26.3 → 3.26.4
  vim-rhubarb: init at 2017-06-28
  atom: depend on libsecret
  nvidia-settings: Make sure binary can find libXv.so
  backblaze-b2: 0.6.2 -> 1.1.0
  ...
2017-12-18 15:56:03 +00:00
Orivej Desh
eca6ab79f1
Merge pull request #32498 from dylex/patch-1
Don't set cxx_stdlib when nativeTools on linux
2017-12-17 04:24:19 +00:00
Dylan Simon
0c62b7cd74 cc-wrapper: don't set cxx_stdlib when nativeTools is true
There are no gcc paths on nativeTools, and cc isn't set.
2017-12-17 04:23:54 +00:00
Vladimír Čunát
24d81d6332
Merge branch 'master' into staging 2017-12-15 21:40:23 +01:00
Orivej Desh
76a97fdb31 libredirect: add description
Fixes #32675
2017-12-14 19:03:35 +00:00
John Ericson
a0b1ebeee9 Merge remote-tracking branch 'upstream/staging' into binutils-wrapper 2017-12-13 16:14:47 -05:00
John Ericson
7ef4448c97 Merge commit '9d8f9b2e531bf95a700a949d879927fb6996ffc9' into binutils-wrapper 2017-12-13 16:08:36 -05:00
John Ericson
99806c5e12 bintools-wrapper: Create man and info outputs propagated underlying ones
These will be installed if the wrappers are. The wrappers aren't very
good to install, but that's another matter.
2017-12-13 16:08:19 -05:00
John Ericson
ef178be597 bintools-wrapper: Support ld.ldd, along with ld.bfd and ld.gold
Also make the code more precise in the process
2017-12-13 16:08:18 -05:00
John Ericson
b8a21aa918 misc setup-hooks: Use env vars to refer to binutils programs
This is more robust for cross-compilation
2017-12-13 16:08:18 -05:00
John Ericson
2bba929062 bintools-wrapper: Import separately from cc-wrapper 2017-12-13 16:08:18 -05:00
John Ericson
8e557ed2c5 bintools-wrapper: Init
Factor a bintools (i.e. binutils / cctools) wrapper out of cc-wrapper. While
only LD is wrapped, the setup hook defines environment variables on behalf of
other utilites.
2017-12-13 16:08:18 -05:00
John Ericson
4f869bccc1 cc-wrapper: Don't treat "-" alone as a flag
It means stdin, and is morally equivalent to passing a file. e.g.

  $ echo 'int main(void) { return 0; }' | gcc -x c -

will compile and link a binary.
2017-12-13 16:08:17 -05:00
John Ericson
bdd6c037c0 cc-wrapper: Use separate mangler for "bool" variables
This avoids any `NIX_FOOBAR=1 1` not triggering conditions.
2017-12-13 16:08:17 -05:00
John Ericson
fc7ed86915 cc-wrapper: Pull variable mangler into utils.sh
In preparation for splitting out bintools-wrapper
2017-12-13 16:08:13 -05:00
Graham Christensen
105d9519c1
Merge remote-tracking branch 'origin/master' into staging 2017-12-12 20:06:36 -05:00
Graham Christensen
e5629dc51a
Merge pull request #32365 from vcunat/p/check-meta
check meta, treewide
2017-12-12 18:55:23 -05:00
Vladimír Čunát
3a110ea3f9
treewide platform checks: abort -> throw
They aren't meant to be critical (uncatchable) errors.
Tested with nix-env + checkMeta:
[ "x86_64-linux" "i686-linux" "x86_64-darwin" "aarch64-linux" ]
2017-12-12 18:08:10 -05:00
Vladimír Čunát
c2b679516f
Merge branch 'master' into staging 2017-12-12 21:08:16 +01:00
Tuomas Tynkkynen
0d27df280f build-support/vm: Use devtmpfs, not static device nodes
In 2017, there is no reason to create a static /dev.
2017-12-12 14:31:50 +02:00
Eelco Dolstra
2d4fdc1b9e
debian: 8.9 -> 8.10 2017-12-12 13:14:17 +01:00
Pierre-Étienne Meunier
4348b7f2d0 carnix: init at 0.5.0
fixes #31150
2017-12-12 04:59:12 -06:00
Pierre-Étienne Meunier
5a0d954156 add buildRustCrate function to build rust crates 2017-12-12 04:58:45 -06:00
Pierre-Étienne Meunier
ea232fe29d add fetchCrate function to fetch rust crates 2017-12-12 04:58:45 -06:00