diff --git a/doc/languages-frameworks/rust.section.md b/doc/languages-frameworks/rust.section.md index 3332dff1eb07..6f0ec7c05144 100644 --- a/doc/languages-frameworks/rust.section.md +++ b/doc/languages-frameworks/rust.section.md @@ -37,7 +37,7 @@ rustPlatform.buildRustPackage rec { }; cargoSha256 = "17ldqr3asrdcsh4l29m3b5r37r5d0b3npq1lrgjmxb6vlx6a36qh"; - verifyCargoDeps = true; + legacyCargoFetcher = false; meta = with stdenv.lib; { description = "A fast line-oriented regex search tool, similar to ag and ack"; @@ -59,12 +59,19 @@ When the `Cargo.lock`, provided by upstream, is not in sync with the added in `cargoPatches` will also be prepended to the patches in `patches` at build-time. -When `verifyCargoDeps` is set to `true`, the build will also verify that the -`cargoSha256` is not out of date by comparing the `Cargo.lock` file in both the -`cargoDeps` and `src`. Note that this option changes the value of `cargoSha256` -since it also copies the `Cargo.lock` in it. To avoid breaking -backward-compatibility this option is not enabled by default but hopefully will -be in the future. +Setting `legacyCargoFetcher` to `false` enables the following behavior: + +1. The `Cargo.lock` file is copied into the cargo vendor directory. +2. At buildtime, `buildRustPackage` will ensure that the `src` and `cargoSha256` + are consistent. This avoids errors where one but not the other is updated. +3. The builder will compress the vendored cargo src directory into a tar.gz file + for storage after vendoring, and decompress it before the build. This saves + disk space and enables hashed mirrors for Rust dependencies. + +Note that this option changes the value of `cargoSha256`, so it is currently +defaulted to `false`. When updating a Rust package, please set it to `true`; +eventually we will default this to true and update the remaining Rust packages, +then delete the option from all individual Rust package expressions. ### Building a crate for a different target diff --git a/pkgs/applications/audio/drumkv1/default.nix b/pkgs/applications/audio/drumkv1/default.nix index b926ff09d22b..d3399315376f 100644 --- a/pkgs/applications/audio/drumkv1/default.nix +++ b/pkgs/applications/audio/drumkv1/default.nix @@ -2,11 +2,11 @@ mkDerivation rec { pname = "drumkv1"; - version = "0.9.11"; + version = "0.9.12"; src = fetchurl { url = "mirror://sourceforge/drumkv1/${pname}-${version}.tar.gz"; - sha256 = "1wnjn175l0mz51k9pjf3pdzv54c4jlh63saavld9lm6zfgfs13d7"; + sha256 = "0hmnmk9vvi43wl6say0dg7j088h7mmwmfdwjhsq89c7i7cpg78da"; }; buildInputs = [ libjack2 alsaLib libsndfile liblo lv2 qt5.qtbase qt5.qttools ]; diff --git a/pkgs/applications/audio/sonic-pi/default.nix b/pkgs/applications/audio/sonic-pi/default.nix index ac72a26b0eec..534ea1358803 100644 --- a/pkgs/applications/audio/sonic-pi/default.nix +++ b/pkgs/applications/audio/sonic-pi/default.nix @@ -105,5 +105,7 @@ mkDerivation rec { license = lib.licenses.mit; maintainers = with lib.maintainers; [ Phlogistique kamilchm ]; platforms = lib.platforms.linux; + # sonic-pi depends on ruby 2.4 which we don't support anymore + broken = true; }; } diff --git a/pkgs/applications/editors/hexdino/default.nix b/pkgs/applications/editors/hexdino/default.nix index eee5a6965558..91f048320a72 100644 --- a/pkgs/applications/editors/hexdino/default.nix +++ b/pkgs/applications/editors/hexdino/default.nix @@ -11,8 +11,8 @@ rustPlatform.buildRustPackage { sha256 = "11mz07735gxqfamjcjjmxya6swlvr1p77sgd377zjcmd6z54gwyf"; }; - cargoSha256 = "0qa8ypp5a7sf1gic482zh3i6s94w6k6bgmk5ynfvwi7g49ql7c4z"; - verifyCargoDeps = true; + cargoSha256 = "06ghcd4j751mdkzwb88nqwk8la4zdb137y0iqrkpykkfx0as43x3"; + legacyCargoFetcher = false; buildInputs = [ ncurses ]; diff --git a/pkgs/applications/version-management/git-and-tools/git-workspace/default.nix b/pkgs/applications/version-management/git-and-tools/git-workspace/default.nix index 2ceac55bf5ca..61e3e1e3eef0 100644 --- a/pkgs/applications/version-management/git-and-tools/git-workspace/default.nix +++ b/pkgs/applications/version-management/git-and-tools/git-workspace/default.nix @@ -15,9 +15,9 @@ rustPlatform.buildRustPackage rec { sha256 = "0pl5z0gx2ypkrgq7vj1cxj5iwj06vcd06x3b3nh0g7w7q7nl8pr4"; }; - cargoSha256 = "0jbsz7r9n3jcgb9sd6pdjwzjf1b35qpfqw8ba8fjjmzfvs9qn6ld"; + cargoSha256 = "1z4cb7rcb7ldj16xxynrjh4hg872rj39rbbp0vy15kdp3ifyi466"; - verifyCargoDeps = true; + legacyCargoFetcher = false; buildInputs = with stdenv; lib.optional isDarwin Security; diff --git a/pkgs/build-support/rust/README.md b/pkgs/build-support/rust/README.md new file mode 100644 index 000000000000..0e0ddb9648de --- /dev/null +++ b/pkgs/build-support/rust/README.md @@ -0,0 +1,45 @@ +# Updated fetchCargo behavior + +Changes to the `fetchcargo.nix` behavior that cause changes to the `cargoSha256` +are somewhat disruptive, so historically we've added conditionals to provide +backwards compatibility. We've now accumulated enough of these that it makes +sense to do a clean sweep updating hashes, and delete the conditionals in the +fetcher to simplify maintenance and implementation complexity. These +conditionals are: + +1. When cargo vendors dependencies, it generates a config. Previously, we were + hard-coding our own config, but this fails if there are git dependencies. We + have conditional logic to sometimes copy the vendored cargo config in, and + sometimes not. + +2. When a user updates the src package, they may forget to update the + `cargoSha256`. We have an opt-in conditional flag to add the `Cargo.lock` + into the vendor dir for inspection and compare at build-time, but it defaults + to false. + +3. We were previously vendoring into a directory with a recursive hash, but + would like to vendor into a compressed tar.gz file instead, for the reasons + specified in the git commit message adding this feature. + + +## Migration plan + +1. (DONE in this PR) Implement `fetchCargoTarball` as a separate, clean fetcher + implementation along-side `fetchcargo`. Rename `verifyCargoDeps` (default + false) to `legacyCargoFetcher` (default true), which switches the fetcher + implementation used. Replace `verifyCargoDeps = true;` with + `legacyCargoFetcher = false;` in Rust applications. + +2. Send a treewide Rust PR that sets `legacyCargoFetcher = true;` in all Rust + applications not using this (which is ~200 of them), with a note to + maintainers to delete if updating the package. Change the default in + `buildRustPackage` to false. + +3. Go through all Rust src packages deleting the `legacyCargoFetcher = false;` + line and re-computing the `cargoSha256`, merging as we go. + +4. Delete the `fetchcargo.nix` implementation entirely and also remove: + - All overrides in application-level packages + - The `fetchcargo-default-config.toml` and conditionals around using it when + no `$CARGO_CONFIG` exists + - This README.md file diff --git a/pkgs/build-support/rust/default.nix b/pkgs/build-support/rust/default.nix index 4089436c0e0b..ac0a8d3ae464 100644 --- a/pkgs/build-support/rust/default.nix +++ b/pkgs/build-support/rust/default.nix @@ -1,4 +1,4 @@ -{ stdenv, cacert, git, rust, cargo, rustc, fetchcargo, buildPackages, windows }: +{ stdenv, cacert, git, rust, cargo, rustc, fetchcargo, fetchCargoTarball, buildPackages, windows }: { name ? "${args.pname}-${args.version}" , cargoSha256 ? "unset" @@ -14,13 +14,13 @@ , cargoUpdateHook ? "" , cargoDepsHook ? "" , cargoBuildFlags ? [] -, # Set to true to verify if the cargo dependencies are up to date. - # This will change the value of cargoSha256. - verifyCargoDeps ? false + # Please set to true on any Rust package updates. Once all packages set this + # to true, we will delete and make it the default. For details, see the Rust + # section on the manual and ./README.md. +, legacyCargoFetcher ? true , buildType ? "release" , meta ? {} , target ? null - , cargoVendorDir ? null , ... } @ args: @@ -28,20 +28,27 @@ assert cargoVendorDir == null -> cargoSha256 != "unset"; assert buildType == "release" || buildType == "debug"; let + + cargoFetcher = if legacyCargoFetcher + then fetchcargo + else fetchCargoTarball; + cargoDeps = if cargoVendorDir == null - then fetchcargo { + then cargoFetcher { inherit name src srcs sourceRoot unpackPhase cargoUpdateHook; - copyLockfile = verifyCargoDeps; patches = cargoPatches; sha256 = cargoSha256; } else null; + # If we're using the modern fetcher that always preserves the original Cargo.lock + # and have vendored deps, check them against the src attr for consistency. + validateCargoDeps = cargoSha256 != "unset" && !legacyCargoFetcher; + setupVendorDir = if cargoVendorDir == null then '' unpackFile "$cargoDeps" - cargoDepsCopy=$(stripHash $(basename $cargoDeps)) - chmod -R +w "$cargoDepsCopy" + cargoDepsCopy=$(stripHash $cargoDeps) '' else '' cargoDepsCopy="$sourceRoot/${cargoVendorDir}" @@ -54,9 +61,14 @@ let ccForHost="${stdenv.cc}/bin/${stdenv.cc.targetPrefix}cc"; cxxForHost="${stdenv.cc}/bin/${stdenv.cc.targetPrefix}c++"; releaseDir = "target/${rustTarget}/${buildType}"; + + # Fetcher implementation choice should not be part of the hash in final + # derivation; only the cargoSha256 input matters. + filteredArgs = builtins.removeAttrs args [ "legacyCargoFetcher" ]; + in -stdenv.mkDerivation (args // { +stdenv.mkDerivation (filteredArgs // { inherit cargoDeps; patchRegistryDeps = ./patch-registry-deps; @@ -95,14 +107,13 @@ stdenv.mkDerivation (args // { ''} EOF - unset cargoDepsCopy export RUST_LOG=${logLevel} - '' + stdenv.lib.optionalString verifyCargoDeps '' - if ! diff source/Cargo.lock $cargoDeps/Cargo.lock ; then + '' + stdenv.lib.optionalString validateCargoDeps '' + if ! diff source/Cargo.lock $cargoDepsCopy/Cargo.lock ; then echo echo "ERROR: cargoSha256 is out of date" echo - echo "Cargo.lock is not the same in $cargoDeps" + echo "Cargo.lock is not the same in $cargoDepsCopy" echo echo "To fix the issue:" echo '1. Use "1111111111111111111111111111111111111111111111111111" as the cargoSha256 value' @@ -112,6 +123,8 @@ stdenv.mkDerivation (args // { exit 1 fi + '' + '' + unset cargoDepsCopy '' + (args.postUnpack or ""); configurePhase = args.configurePhase or '' diff --git a/pkgs/build-support/rust/fetchCargoTarball.nix b/pkgs/build-support/rust/fetchCargoTarball.nix new file mode 100644 index 000000000000..dff5d99da9eb --- /dev/null +++ b/pkgs/build-support/rust/fetchCargoTarball.nix @@ -0,0 +1,81 @@ +{ stdenv, cacert, git, cargo, python3 }: +let cargo-vendor-normalise = stdenv.mkDerivation { + name = "cargo-vendor-normalise"; + src = ./cargo-vendor-normalise.py; + nativeBuildInputs = [ python3.pkgs.wrapPython ]; + dontUnpack = true; + installPhase = "install -D $src $out/bin/cargo-vendor-normalise"; + pythonPath = [ python3.pkgs.toml ]; + postFixup = "wrapPythonPrograms"; + doInstallCheck = true; + installCheckPhase = '' + # check that ./fetchcargo-default-config.toml is a fix point + reference=${./fetchcargo-default-config.toml} + < $reference $out/bin/cargo-vendor-normalise > test; + cmp test $reference + ''; + preferLocalBuild = true; +}; +in +{ name ? "cargo-deps" +, src ? null +, srcs ? [] +, patches ? [] +, sourceRoot +, sha256 +, cargoUpdateHook ? "" +, ... +} @ args: +stdenv.mkDerivation ({ + name = "${name}-vendor.tar.gz"; + nativeBuildInputs = [ cacert git cargo-vendor-normalise cargo ]; + + phases = "unpackPhase patchPhase buildPhase installPhase"; + + buildPhase = '' + # Ensure deterministic Cargo vendor builds + export SOURCE_DATE_EPOCH=1 + + if [[ ! -f Cargo.lock ]]; then + echo + echo "ERROR: The Cargo.lock file doesn't exist" + echo + echo "Cargo.lock is needed to make sure that cargoSha256 doesn't change" + echo "when the registry is updated." + echo + + exit 1 + fi + + # Keep the original around for copyLockfile + cp Cargo.lock Cargo.lock.orig + + export CARGO_HOME=$(mktemp -d cargo-home.XXX) + CARGO_CONFIG=$(mktemp cargo-config.XXXX) + + ${cargoUpdateHook} + + cargo vendor $name | cargo-vendor-normalise > $CARGO_CONFIG + + # Add the Cargo.lock to allow hash invalidation + cp Cargo.lock.orig $name/Cargo.lock + + # Packages with git dependencies generate non-default cargo configs, so + # always install it rather than trying to write a standard default template. + install -D $CARGO_CONFIG $name/.cargo/config; + ''; + + # Build a reproducible tar, per instructions at https://reproducible-builds.org/docs/archives/ + installPhase = '' + tar --owner=0 --group=0 --numeric-owner --format=gnu \ + --sort=name --mtime="@$SOURCE_DATE_EPOCH" \ + -czf $out $name + ''; + + outputHashAlgo = "sha256"; + outputHash = sha256; + + impureEnvVars = stdenv.lib.fetchers.proxyImpureEnvVars; +} // (builtins.removeAttrs args [ + "name" "sha256" "cargoUpdateHook" +])) diff --git a/pkgs/development/compilers/rust/default.nix b/pkgs/development/compilers/rust/default.nix index da3421a987da..af7f63b6f8a0 100644 --- a/pkgs/development/compilers/rust/default.nix +++ b/pkgs/development/compilers/rust/default.nix @@ -25,12 +25,18 @@ inherit rustc cargo; }; + fetchCargoTarball = buildPackages.callPackage ../../../build-support/rust/fetchCargoTarball.nix { + inherit cargo; + }; + + # N.B. This is a legacy fetcher implementation that is being phased out and deleted. + # See ../../../build-support/rust/README.md for details. fetchcargo = buildPackages.callPackage ../../../build-support/rust/fetchcargo.nix { inherit cargo; }; buildRustPackage = callPackage ../../../build-support/rust { - inherit rustc cargo fetchcargo; + inherit rustc cargo fetchcargo fetchCargoTarball; }; rustcSrc = callPackage ./rust-src.nix { diff --git a/pkgs/development/interpreters/ruby/default.nix b/pkgs/development/interpreters/ruby/default.nix index 8b8e7ccc8bb0..8ddd19bb40cc 100644 --- a/pkgs/development/interpreters/ruby/default.nix +++ b/pkgs/development/interpreters/ruby/default.nix @@ -26,7 +26,6 @@ let generic = { version, sha256 }: let ver = version; tag = ver.gitTag; - atLeast25 = lib.versionAtLeast ver.majMin "2.5"; atLeast27 = lib.versionAtLeast ver.majMin "2.7"; baseruby = self.override { useRailsExpress = false; @@ -77,14 +76,13 @@ let nativeBuildInputs = [ autoreconfHook bison ] ++ (op docSupport groff) ++ op (stdenv.buildPlatform != stdenv.hostPlatform) buildPackages.ruby; - buildInputs = - (op fiddleSupport libffi) + buildInputs = [ autoconf ] + ++ (op fiddleSupport libffi) ++ (ops cursesSupport [ ncurses readline ]) ++ (op zlibSupport zlib) ++ (op opensslSupport openssl) ++ (op gdbmSupport gdbm) ++ (op yamlSupport libyaml) - ++ (op atLeast25 autoconf) # Looks like ruby fails to build on darwin without readline even if curses # support is not enabled, so add readline to the build inputs if curses # support is disabled (if it's enabled, we already have it) and we're @@ -106,15 +104,10 @@ let cp -r ${rubygems}/test/rubygems $sourceRoot/test ''; - postPatch = if atLeast25 then '' + postPatch = '' sed -i configure.ac -e '/config.guess/d' cp --remove-destination ${config}/config.guess tool/ cp --remove-destination ${config}/config.sub tool/ - '' - else opString useRailsExpress '' - sed -i configure.in -e '/config.guess/d' - cp ${config}/config.guess tool/ - cp ${config}/config.sub tool/ ''; # Force the revision.h generation. Somehow `revision.tmp` is an empty @@ -230,14 +223,6 @@ let ) args; in self; in { - ruby_2_4 = generic { - version = rubyVersion "2" "4" "9" ""; - sha256 = { - src = "1bn6n5b920qy3lsx99jr8495jkc3sg89swgb96d5fgd579g6p6zr"; - git = "066kb1iki7mx7qkm10xhj5b6v8s47wg68v43l3nc36y2hyim1w2c"; - }; - }; - ruby_2_5 = generic { version = rubyVersion "2" "5" "7" ""; sha256 = { diff --git a/pkgs/development/libraries/git2/default.nix b/pkgs/development/libraries/git2/default.nix index 2d89355cffe0..ed32f68635b0 100644 --- a/pkgs/development/libraries/git2/default.nix +++ b/pkgs/development/libraries/git2/default.nix @@ -1,25 +1,25 @@ { stdenv, fetchFromGitHub, cmake, pkgconfig, python3 -, zlib, libssh2, openssl, http-parser, curl +, zlib, libssh2, openssl, http-parser , libiconv, Security }: stdenv.mkDerivation rec { pname = "libgit2"; - version = "0.27.8"; - # keep the version in sync with pythonPackages.pygit2 and libgit2-glib + version = "0.28.4"; + # keep the version in sync with python3.pkgs.pygit2 and libgit2-glib src = fetchFromGitHub { owner = "libgit2"; repo = "libgit2"; rev = "v${version}"; - sha256 = "0wzx8nkyy9m7mx6cks58chjd4289vjsw97mxm9w6f1ggqsfnmbr9"; + sha256 = "171b25aym4q88bidc4c76y4l6jmdwifm3q9zjqsll0wjhlkycfy1"; }; cmakeFlags = [ "-DTHREADSAFE=ON" ]; nativeBuildInputs = [ cmake python3 pkgconfig ]; - buildInputs = [ zlib libssh2 openssl http-parser curl ] + buildInputs = [ zlib libssh2 openssl http-parser ] ++ stdenv.lib.optional stdenv.isDarwin Security; propagatedBuildInputs = stdenv.lib.optional (!stdenv.isLinux) libiconv; diff --git a/pkgs/development/libraries/gnutls/default.nix b/pkgs/development/libraries/gnutls/default.nix index 869db46ede0c..cde8587acc37 100644 --- a/pkgs/development/libraries/gnutls/default.nix +++ b/pkgs/development/libraries/gnutls/default.nix @@ -28,7 +28,9 @@ stdenv.mkDerivation { }; outputs = [ "bin" "dev" "out" "man" "devdoc" ]; + # Not normally useful docs. outputInfo = "devdoc"; + outputDoc = "devdoc"; patches = [ ./nix-ssl-cert-file.patch ] # Disable native add_system_trust. diff --git a/pkgs/development/libraries/libmtp/default.nix b/pkgs/development/libraries/libmtp/default.nix index e750c2c6c70e..c8c34eb1c9c5 100644 --- a/pkgs/development/libraries/libmtp/default.nix +++ b/pkgs/development/libraries/libmtp/default.nix @@ -1,11 +1,11 @@ { stdenv, fetchurl, pkgconfig, libusb1, libiconv }: stdenv.mkDerivation rec { - name = "libmtp-1.1.16"; + name = "libmtp-1.1.17"; src = fetchurl { url = "mirror://sourceforge/libmtp/${name}.tar.gz"; - sha256 = "185vh9bds6dcy00ycggg69g4v7m3api40zv8vrcfb3fk3vfzjs2v"; + sha256 = "1p3r38nvdip40ab1h4scj3mzfjkx6kd14szjqyw9r6wz5pslr8zq"; }; outputs = [ "bin" "dev" "out" ]; diff --git a/pkgs/development/libraries/libssh2/default.nix b/pkgs/development/libraries/libssh2/default.nix index d4205981499c..365c836c9fdb 100644 --- a/pkgs/development/libraries/libssh2/default.nix +++ b/pkgs/development/libraries/libssh2/default.nix @@ -14,6 +14,15 @@ stdenv.mkDerivation rec { buildInputs = [ openssl zlib ] ++ stdenv.lib.optional stdenv.hostPlatform.isMinGW windows.mingw_w64; + patches = [ + # not able to use fetchpatch here: infinite recursion + (fetchurl { + name = "CVE-2019-17498.patch"; + url = "https://github.com/libssh2/libssh2/pull/402.patch"; + sha256 = "1n9s2mcz5dkw0xpm3c5x4hzj8bar4i6z0pr1rmqjplhfg888vdvc"; + }) + ]; + meta = with stdenv.lib; { description = "A client-side C library implementing the SSH2 protocol"; homepage = https://www.libssh2.org; diff --git a/pkgs/development/libraries/nss/default.nix b/pkgs/development/libraries/nss/default.nix index 2e611c8975d7..fc2763486d1e 100644 --- a/pkgs/development/libraries/nss/default.nix +++ b/pkgs/development/libraries/nss/default.nix @@ -5,7 +5,7 @@ let url = http://dev.gentoo.org/~polynomial-c/mozilla/nss-3.15.4-pem-support-20140109.patch.xz; sha256 = "10ibz6y0hknac15zr6dw4gv9nb5r5z9ym6gq18j3xqx7v7n3vpdw"; }; - version = "3.48"; + version = "3.49.2"; underscoreVersion = builtins.replaceStrings ["."] ["_"] version; in stdenv.mkDerivation rec { @@ -14,7 +14,7 @@ in stdenv.mkDerivation rec { src = fetchurl { url = "mirror://mozilla/security/nss/releases/NSS_${underscoreVersion}_RTM/src/${pname}-${version}.tar.gz"; - sha256 = "1b7qs1q7jqhw9dvkdznanzhc5dyq4bwx0biywszy3qx4hqm8571z"; + sha256 = "1ck0c4ikr0d747pn63h62b2iqzfgi0yzd25aw95hs9797hn519zs"; }; depsBuildBuild = [ buildPackages.stdenv.cc ]; diff --git a/pkgs/development/libraries/sqlite/analyzer.nix b/pkgs/development/libraries/sqlite/analyzer.nix index 6de71d066ade..2b287c7cc617 100644 --- a/pkgs/development/libraries/sqlite/analyzer.nix +++ b/pkgs/development/libraries/sqlite/analyzer.nix @@ -6,11 +6,11 @@ in stdenv.mkDerivation rec { pname = "sqlite-analyzer"; - version = "3.30.0"; + version = "3.31.0"; src = assert version == sqlite.version; fetchurl { - url = "https://sqlite.org/2019/sqlite-src-${archiveVersion version}.zip"; - sha256 = "0d4i87q0f618pmrgax0mr5x7m8bywikrwjvixag3biyhgl5rx7fd"; + url = "https://sqlite.org/2020/sqlite-src-${archiveVersion version}.zip"; + sha256 = "1dz3s3q9gsxxfj9wp4lqndzpwd1hcvm42yqn02p0l0bs6bw0mp5l"; }; nativeBuildInputs = [ unzip ]; diff --git a/pkgs/development/libraries/sqlite/default.nix b/pkgs/development/libraries/sqlite/default.nix index d904637fcd38..fe0eb54cf114 100644 --- a/pkgs/development/libraries/sqlite/default.nix +++ b/pkgs/development/libraries/sqlite/default.nix @@ -10,12 +10,12 @@ in stdenv.mkDerivation rec { pname = "sqlite"; - version = "3.30.1"; + version = "3.31.0"; # NB! Make sure to update analyzer.nix src (in the same directory). src = fetchurl { - url = "https://sqlite.org/2019/sqlite-autoconf-${archiveVersion version}.tar.gz"; - sha256 = "0q4f57a5995wz9c7dfiqy9zwl0kn0b900nxwinqa3llv13dm0nlc"; + url = "https://sqlite.org/2020/sqlite-autoconf-${archiveVersion version}.tar.gz"; + sha256 = "1w7i954349sjd5a6rvy118prra43k07y9hy8rpajs6vmjmnnx7bw"; }; outputs = [ "bin" "dev" "out" ]; diff --git a/pkgs/development/python-modules/lxml/default.nix b/pkgs/development/python-modules/lxml/default.nix index db3bf6925561..67c338b58c72 100644 --- a/pkgs/development/python-modules/lxml/default.nix +++ b/pkgs/development/python-modules/lxml/default.nix @@ -7,13 +7,13 @@ buildPythonPackage rec { pname = "lxml"; - version = "4.4.2"; + version = "4.5.0"; src = fetchFromGitHub { owner = pname; repo = pname; rev = "${pname}-${version}"; - sha256 = "0h4axgcghshcvh1nn39l64xxhylglm3b00hh2rbi1ifvly5mx24f"; + sha256 = "1i3bhg8xb502afq4ar3kgvvi1hy83l4af2gznfwqvb5b221fr7ak"; }; # setuptoolsBuildPhase needs dependencies to be passed through nativeBuildInputs diff --git a/pkgs/development/python-modules/pip/default.nix b/pkgs/development/python-modules/pip/default.nix index e1af281b9e91..d1ffd0931b8b 100644 --- a/pkgs/development/python-modules/pip/default.nix +++ b/pkgs/development/python-modules/pip/default.nix @@ -14,14 +14,14 @@ buildPythonPackage rec { pname = "pip"; - version = "19.3.1"; + version = "20.0.2"; format = "other"; src = fetchFromGitHub { owner = "pypa"; repo = pname; rev = version; - sha256 = "079gz0v37ah1l4i5iwyfb0d3mni422yv5ynnxa0wcqpnvkc7sfnw"; + sha256 = "1jj0qa47d7pqn2r379p434hxk14ij2qgmr83x65w9ib9l8092fhg"; name = "${pname}-${version}-source"; }; diff --git a/pkgs/development/python-modules/pygit2/default.nix b/pkgs/development/python-modules/pygit2/default.nix index 313a3e5ab189..cd2994a4dc0f 100644 --- a/pkgs/development/python-modules/pygit2/default.nix +++ b/pkgs/development/python-modules/pygit2/default.nix @@ -1,25 +1,21 @@ -{ stdenv, lib, buildPythonPackage, fetchPypi, fetchpatch, isPyPy, libgit2, six, cffi }: +{ stdenv, lib, buildPythonPackage, fetchPypi, isPyPy, isPy3k, libgit2, pytestCheckHook, cffi, cacert }: buildPythonPackage rec { pname = "pygit2"; - version = "0.27.2"; + version = "1.0.3"; src = fetchPypi { inherit pname version; - sha256 = "0d9bgxd6ch5jxz0j5cmx7c4kw933g8pgm2zxf3id1a6w9g2r7hpw"; + sha256 = "1ql7hkcxrh8yszglrg7d3y0ivh1l56xdc3j34j2fjy4qq06ifv6y"; }; preConfigure = lib.optionalString stdenv.isDarwin '' export DYLD_LIBRARY_PATH="${libgit2}/lib" ''; - patches = [ (fetchpatch { - name = "dont-require-old-pycparser"; # https://github.com/libgit2/pygit2/issues/819 - url = https://github.com/libgit2/pygit2/commit/1eaba181577de206d3d43ec7886d0353fc0c9f2a.patch; - sha256 = "18x1fpmywhjjr4lvakwmy34zpxfqi8pqqj48g1wcib39lh3s7l4f"; - }) ]; + propagatedBuildInputs = [ libgit2 ] ++ lib.optional (!isPyPy) cffi; - propagatedBuildInputs = [ libgit2 six ] ++ lib.optional (!isPyPy) cffi; + checkInputs = [ pytestCheckHook ]; preCheck = '' # disable tests that require networking @@ -28,6 +24,20 @@ buildPythonPackage rec { rm test/test_submodule.py ''; + # Tests require certificates + # https://github.com/NixOS/nixpkgs/pull/72544#issuecomment-582674047 + SSL_CERT_FILE = "${cacert}/etc/ssl/certs/ca-bundle.crt"; + + # setup.py check is broken + # https://github.com/libgit2/pygit2/issues/868 + dontUseSetuptoolsCheck = true; + + # TODO: Test collection is failing + # https://github.com/NixOS/nixpkgs/pull/72544#issuecomment-582681068 + doCheck = false; + + disabled = !isPy3k; + meta = with lib; { description = "A set of Python bindings to the libgit2 shared library"; homepage = https://pypi.python.org/pypi/pygit2; diff --git a/pkgs/development/ruby-modules/with-packages/test.nix b/pkgs/development/ruby-modules/with-packages/test.nix index dc1da3de4924..946854e4545f 100644 --- a/pkgs/development/ruby-modules/with-packages/test.nix +++ b/pkgs/development/ruby-modules/with-packages/test.nix @@ -6,7 +6,6 @@ let stdenv = pkgs.stdenv; rubyVersions = with pkgs; [ - ruby_2_4 ruby_2_5 ruby_2_6 ruby_2_7 diff --git a/pkgs/development/tools/build-managers/ninja/default.nix b/pkgs/development/tools/build-managers/ninja/default.nix index 7001510d52d6..9702a1979030 100644 --- a/pkgs/development/tools/build-managers/ninja/default.nix +++ b/pkgs/development/tools/build-managers/ninja/default.nix @@ -4,31 +4,15 @@ with stdenv.lib; stdenv.mkDerivation rec { pname = "ninja"; - version = "1.9.0"; + version = "1.10.0"; src = fetchFromGitHub { owner = "ninja-build"; repo = "ninja"; rev = "v${version}"; - sha256 = "1q0nld3g0d210zmdjyjzjz2xb2bw1s58gj6zsx7p8q30yh0wg610"; + sha256 = "1fbzl7mrcrwp527sgkc1npfl3k6bbpydpiq98xcf1a1hkrx0z5x4"; }; - patches = [ - # Make builds reproducible by generating the same IDs from the same inputs. - (fetchpatch { - name = "consistent-doc-ids"; - url = "https://github.com/ninja-build/ninja/commit/9aa947471fcfc607bec6d92a1a6eed5c692edbaf.patch"; - sha256 = "0zsg46jflsh644jccrcgyfalr7fkzrv041kyi8644nyk923gcrl9"; - }) - # https://github.com/ninja-build/ninja/issues/1510 - fix w/musl, possibly BSDs? - # - (fetchpatch { - name = "fix-issue-1510.patch"; - url = https://github.com/makepost/ninja/commit/567815df38a2ff54ad7478a90bd75c91e434236a.patch; - sha256 = "0zd0xyi7h2066nw1dsk76c7yf71b0f7v4p5nljda7jxi01vpdh69"; - }) - ]; - nativeBuildInputs = [ python3 re2c ] ++ optionals buildDocs [ asciidoc docbook_xml_dtd_45 docbook_xsl libxslt.bin ]; buildPhase = '' diff --git a/pkgs/development/tools/chefdk/default.nix b/pkgs/development/tools/chefdk/default.nix index d30c0aaeb496..5f6c2b156f36 100644 --- a/pkgs/development/tools/chefdk/default.nix +++ b/pkgs/development/tools/chefdk/default.nix @@ -1,9 +1,9 @@ -{ lib, bundlerEnv, bundlerUpdateScript, ruby_2_4, perl, autoconf }: +{ lib, bundlerEnv, bundlerUpdateScript, ruby, perl, autoconf }: bundlerEnv { name = "chef-dk-2.4.17"; - ruby = ruby_2_4; + inherit ruby; gemdir = ./.; buildInputs = [ perl autoconf ]; @@ -16,5 +16,7 @@ bundlerEnv { license = licenses.asl20; maintainers = with maintainers; [ offline nicknovitski ]; platforms = platforms.unix; + # chefdk depends on ruby 2.4 which we don't support anymore + broken = true; }; } diff --git a/pkgs/development/tools/documentation/mdsh/default.nix b/pkgs/development/tools/documentation/mdsh/default.nix index 2ca2ef29dd26..ddce5bc29a43 100644 --- a/pkgs/development/tools/documentation/mdsh/default.nix +++ b/pkgs/development/tools/documentation/mdsh/default.nix @@ -11,8 +11,8 @@ rustPlatform.buildRustPackage rec { sha256 = "1a9i6h8fzrrfzjyfxaps73lxgkz92k0bnmwbjbwdmiwci4qgi9ms"; }; - cargoSha256 = "0rarpzfigyxr6s0ba13z00kvnms29qkjfbfjkay72mb6xn7f1059"; - verifyCargoDeps = true; + cargoSha256 = "1fxajh1n0qvcdas6w7dy3g92wilhfldy90pyk3779mrnh57fa6n5"; + legacyCargoFetcher = false; meta = with stdenv.lib; { description = "Markdown shell pre-processor"; diff --git a/pkgs/servers/http/unit/default.nix b/pkgs/servers/http/unit/default.nix index 9077bc21654a..8b36e7de69fd 100644 --- a/pkgs/servers/http/unit/default.nix +++ b/pkgs/servers/http/unit/default.nix @@ -6,7 +6,6 @@ , withPerl528 ? false, perl528 , withPerl530 ? true, perl530 , withPerldevel ? false, perldevel -, withRuby_2_4 ? false, ruby_2_4 , withRuby_2_5 ? false, ruby_2_5 , withRuby_2_6 ? true, ruby_2_6 , withRuby_2_7 ? true, ruby_2_7 @@ -43,7 +42,6 @@ stdenv.mkDerivation rec { ++ optional withPerl528 perl528 ++ optional withPerl530 perl530 ++ optional withPerldevel perldevel - ++ optional withRuby_2_4 ruby_2_4 ++ optional withRuby_2_5 ruby_2_5 ++ optional withRuby_2_6 ruby_2_6 ++ optional withRuby_2_7 ruby_2_7 @@ -66,7 +64,6 @@ stdenv.mkDerivation rec { ${optionalString withPerl528 "./configure perl --module=perl528 --perl=${perl528}/bin/perl"} ${optionalString withPerl530 "./configure perl --module=perl530 --perl=${perl530}/bin/perl"} ${optionalString withPerldevel "./configure perl --module=perldev --perl=${perldevel}/bin/perl"} - ${optionalString withRuby_2_4 "./configure ruby --module=ruby24 --ruby=${ruby_2_4}/bin/ruby"} ${optionalString withRuby_2_5 "./configure ruby --module=ruby25 --ruby=${ruby_2_5}/bin/ruby"} ${optionalString withRuby_2_6 "./configure ruby --module=ruby26 --ruby=${ruby_2_6}/bin/ruby"} ${optionalString withRuby_2_7 "./configure ruby --module=ruby27 --ruby=${ruby_2_7}/bin/ruby"} diff --git a/pkgs/tools/compression/lz4/default.nix b/pkgs/tools/compression/lz4/default.nix index 3ce0eac3fc5c..fd967fce9c6c 100644 --- a/pkgs/tools/compression/lz4/default.nix +++ b/pkgs/tools/compression/lz4/default.nix @@ -22,7 +22,7 @@ stdenv.mkDerivation rec { ]; # TODO(@Ericson2314): Separate binaries and libraries - outputs = [ "out" "dev" ]; + outputs = [ "bin" "out" "dev" ]; buildInputs = stdenv.lib.optional doCheck valgrind; @@ -31,15 +31,10 @@ stdenv.mkDerivation rec { makeFlags = [ "PREFIX=$(out)" "INCLUDEDIR=$(dev)/include" - # TODO do this instead - #"BUILD_STATIC=${if enableStatic then "yes" else "no"}" - #"BUILD_SHARED=${if enableShared then "yes" else "no"}" - #"WINDRES:=${stdenv.cc.bintools.targetPrefix}windres" + "BUILD_STATIC=${if enableStatic then "yes" else "no"}" + "BUILD_SHARED=${if enableShared then "yes" else "no"}" + "WINDRES:=${stdenv.cc.bintools.targetPrefix}windres" ] - # TODO delete and do above - ++ stdenv.lib.optional (enableStatic) "BUILD_STATIC=yes" - ++ stdenv.lib.optional (!enableShared) "BUILD_SHARED=no" - ++ stdenv.lib.optional stdenv.hostPlatform.isMinGW "WINDRES:=${stdenv.cc.bintools.targetPrefix}windres" # TODO make full dictionary ++ stdenv.lib.optional stdenv.hostPlatform.isMinGW "TARGET_OS=MINGW" ; @@ -53,8 +48,9 @@ stdenv.mkDerivation rec { mv $out/bin/*.dll $out/lib ln -s $out/lib/*.dll '' - # TODO remove - + stdenv.lib.optionalString (!enableStatic) "rm $out/lib/*.a"; + + '' + moveToOutput bin "$bin" + ''; meta = with stdenv.lib; { description = "Extremely fast compression algorithm"; diff --git a/pkgs/tools/misc/broot/default.nix b/pkgs/tools/misc/broot/default.nix index 45b26b250558..df26423c6331 100644 --- a/pkgs/tools/misc/broot/default.nix +++ b/pkgs/tools/misc/broot/default.nix @@ -11,8 +11,8 @@ rustPlatform.buildRustPackage rec { sha256 = "13b1w9g68aj3r70w9bmrmdc772y959n77ajbdm2cpjs5f4kgfpak"; }; - cargoSha256 = "0vzpyymylzxjm613lf5xr6hd21ijkl3vwq4y6h1q3as41phw2sqb"; - verifyCargoDeps = true; + cargoSha256 = "0zrwpmsrzwnjml0964zky8w222zmlargha3z0n6hf8cfshx23s4k"; + legacyCargoFetcher = false; nativeBuildInputs = [ installShellFiles ]; diff --git a/pkgs/tools/misc/wagyu/default.nix b/pkgs/tools/misc/wagyu/default.nix index d56d21b15166..53e098495226 100644 --- a/pkgs/tools/misc/wagyu/default.nix +++ b/pkgs/tools/misc/wagyu/default.nix @@ -11,8 +11,8 @@ rustPlatform.buildRustPackage rec { sha256 = "1646j0lgg3hhznifvbkvr672p3yqlcavswijawaxq7n33ll8vmcn"; }; - cargoSha256 = "10b96l0b32zxq0xrnhivv3gihmi5y31rllbizv67hrg1axz095vn"; - verifyCargoDeps = true; + cargoSha256 = "16d1b3pamkg29nq80n6cbzc4zl9z3cgfvdxjkr2z4xrnzmkn1ysi"; + legacyCargoFetcher = false; meta = with lib; { description = "Rust library for generating cryptocurrency wallets"; diff --git a/pkgs/tools/package-management/nix-du/default.nix b/pkgs/tools/package-management/nix-du/default.nix index 74543cef83b1..908f31b93abe 100644 --- a/pkgs/tools/package-management/nix-du/default.nix +++ b/pkgs/tools/package-management/nix-du/default.nix @@ -9,8 +9,8 @@ rustPlatform.buildRustPackage rec { rev = "v${version}"; sha256 = "149d60mid29s5alv5m3d7jrhyzc6cj7b6hpiq399gsdwzgxr00wq"; }; - cargoSha256 = "18kb4car5nzch3vpl6z1499silhs3fyn8c6xj3rzk94mm2m9srg4"; - verifyCargoDeps = true; + cargoSha256 = "1a6svl89dcdb5fpvs2i32i6agyhl0sx7kkkw70rqr17fyzl5psai"; + legacyCargoFetcher = false; doCheck = true; checkInputs = [ graphviz ]; diff --git a/pkgs/tools/security/fido2luks/default.nix b/pkgs/tools/security/fido2luks/default.nix index 4682a09acf5c..ea911e467340 100644 --- a/pkgs/tools/security/fido2luks/default.nix +++ b/pkgs/tools/security/fido2luks/default.nix @@ -19,8 +19,8 @@ rustPlatform.buildRustPackage rec { buildInputs = [ cryptsetup ]; nativeBuildInputs = [ pkg-config ]; - cargoSha256 = "1i37k4ih6118z3wip2qh4jqk7ja2z0v1w8dri1lwqwlciqw17zi9"; - verifyCargoDeps = true; + cargoSha256 = "0rp4f6xnwmvf3pv6h0qwsg01jrndf77yn67675ac39kxzmrzfy2f"; + legacyCargoFetcher = false; meta = with stdenv.lib; { description = "Decrypt your LUKS partition using a FIDO2 compatible authenticator"; diff --git a/pkgs/tools/system/tre-command/default.nix b/pkgs/tools/system/tre-command/default.nix index 6050b2a709eb..b8925dcfa42e 100644 --- a/pkgs/tools/system/tre-command/default.nix +++ b/pkgs/tools/system/tre-command/default.nix @@ -11,8 +11,8 @@ rustPlatform.buildRustPackage rec { sha256 = "1fazw2wn738iknbv54gv7qll7d4q2gy9bq1s3f3cv21cdv6bqral"; }; - cargoSha256 = "0m82zbi610zgvcza6n03xl80g31x6bfkjyrfxcxa6fyf2l5cj9pv"; - verifyCargoDeps = true; + cargoSha256 = "1m3ccp5ncafkifg8sxyxczsg3ja1gvq8wmgni68bgzm2lwxh2qgw"; + legacyCargoFetcher = false; meta = with stdenv.lib; { description = "Tree command, improved"; diff --git a/pkgs/top-level/aliases.nix b/pkgs/top-level/aliases.nix index 43a0f8294160..8c7a728654ae 100644 --- a/pkgs/top-level/aliases.nix +++ b/pkgs/top-level/aliases.nix @@ -378,8 +378,10 @@ mapAliases ({ ruby_2_2_9 = throw "deprecated 2018-0213: use a newer version of ruby"; ruby_2_3_6 = throw "deprecated 2018-0213: use a newer version of ruby"; ruby_2_3 = throw "deprecated 2019-09-06: use a newer version of ruby"; - ruby_2_4_3 = throw "deprecated 2018-0213: use ruby_2_4 instead"; - ruby_2_5_0 = throw "deprecated 2018-0213: use ruby_2_5 instead"; + ruby_2_4_3 = throw "deprecated 2018-0213: use a newer version of ruby"; + ruby_2_4 = throw "deprecated 2019-12: use a newer version of ruby"; + ruby_2_5_0 = throw "deprecated 2018-0213: use a newer version of ruby"; + rubyPackages_2_4 = throw "deprecated 2019-12: use a newer version of rubyPackages instead"; rubygems = throw "deprecated 2016-03-02: rubygems is now bundled with ruby"; rxvt_unicode_with-plugins = rxvt-unicode; # added 2020-02-02 rxvt_unicode = rxvt-unicode-unwrapped; # added 2020-02-02 diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 23cffcdfaf88..ed414d1bb360 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -9432,7 +9432,6 @@ in inherit (darwin) libiconv libobjc libunwind; inherit (darwin.apple_sdk.frameworks) Foundation; }) - ruby_2_4 ruby_2_5 ruby_2_6 ruby_2_7; @@ -9453,7 +9452,6 @@ in ruby = ruby_2_6; rubyPackages = rubyPackages_2_6; - rubyPackages_2_4 = recurseIntoAttrs ruby_2_4.gems; rubyPackages_2_5 = recurseIntoAttrs ruby_2_5.gems; rubyPackages_2_6 = recurseIntoAttrs ruby_2_6.gems; rubyPackages_2_7 = recurseIntoAttrs ruby_2_7.gems; @@ -21357,9 +21355,7 @@ in wavebox = callPackage ../applications/networking/instant-messengers/wavebox { }; - sonic-pi = libsForQt5.callPackage ../applications/audio/sonic-pi { - ruby = ruby_2_4; # sonic-pi build breaks with ruby 2.5 and 2.6 - }; + sonic-pi = libsForQt5.callPackage ../applications/audio/sonic-pi { }; st = callPackage ../applications/misc/st { conf = config.st.conf or null;