Skip to content
Permalink
Browse files

Merge #2798: stdenv and a few other big updates

Stdenv-changing things:
    - gcc 4.8.2 -> 4.8.3
    - long-running grsecurity branch
Others:
    - pkgconfig update
    - CVE for libtasn1, dbus

Conflicts (simple):
    pkgs/development/compilers/ghc/7.6.3.nix
  • Loading branch information
vcunat committed Jun 16, 2014
2 parents 5e16c94 + 9757785 commit 1b78ca58bccd564350b52d00471399305e4eab23
Showing with 2,216 additions and 368 deletions.
  1. +2 −2 pkgs/applications/networking/browsers/chromium/browser.nix
  2. +17 −15 pkgs/applications/networking/browsers/chromium/common.nix
  3. +13 −2 pkgs/applications/networking/browsers/chromium/default.nix
  4. +9 −0 pkgs/applications/networking/browsers/firefox/default.nix
  5. +7 −2 pkgs/development/compilers/gcc/4.6/builder.sh
  6. +1 −1 pkgs/development/compilers/gcc/4.6/default.nix
  7. +0 −79 pkgs/development/compilers/gcc/4.8/bug-58800.patch
  8. +5 −0 pkgs/development/compilers/gcc/4.8/builder.sh
  9. +3 −3 pkgs/development/compilers/gcc/4.8/default.nix
  10. +2 −0 pkgs/development/compilers/ghc/6.10.4.nix
  11. +2 −0 pkgs/development/compilers/ghc/6.12.3.nix
  12. +2 −0 pkgs/development/compilers/ghc/7.0.4.nix
  13. +2 −0 pkgs/development/compilers/ghc/7.2.2.nix
  14. +29 −3 pkgs/development/compilers/ghc/7.6.3.nix
  15. +1 −1 pkgs/development/compilers/icedtea/default.nix
  16. +12 −1 pkgs/development/compilers/jdk/jdk7-linux.nix
  17. +9 −0 pkgs/development/compilers/llvm/3.3/llvm.nix
  18. +9 −1 pkgs/development/compilers/llvm/3.4/dragonegg.nix
  19. +11 −1 pkgs/development/compilers/llvm/3.4/llvm.nix
  20. +9 −1 pkgs/development/compilers/openjdk/bootstrap.nix
  21. +22 −3 pkgs/development/compilers/openjdk/default.nix
  22. +28 −0 pkgs/development/compilers/openjdk/paxctl.patch
  23. +2 −0 pkgs/development/interpreters/python/2.7/default.nix
  24. +2 −0 pkgs/development/interpreters/python/3.3/default.nix
  25. +2 −0 pkgs/development/interpreters/python/3.4/default.nix
  26. +6 −1 pkgs/development/interpreters/spidermonkey/17.0.nix
  27. +7 −1 pkgs/development/interpreters/spidermonkey/185-1.0.0.nix
  28. +2 −2 pkgs/development/libraries/dbus/default.nix
  29. +6 −2 pkgs/development/libraries/gstreamer/legacy/gstreamer/default.nix
  30. +5 −1 pkgs/development/libraries/libffi/default.nix
  31. +37 −0 pkgs/development/libraries/libffi/libffi-3.0.13-emutramp_pax_proc.patch
  32. +9 −8 pkgs/development/libraries/libshout/default.nix
  33. +2 −2 pkgs/development/libraries/libtasn1/default.nix
  34. +12 −5 pkgs/development/libraries/mesa/default.nix
  35. +13 −0 pkgs/development/libraries/mesa/dlopen-absolute-paths.diff
  36. +25 −0 pkgs/development/libraries/mesa/glx_ro_text_segm.patch
  37. +6 −0 pkgs/development/libraries/polkit/default.nix
  38. +4 −2 pkgs/development/libraries/qimageblitz/default.nix
  39. +11 −0 pkgs/development/libraries/qimageblitz/qimageblitz-9999-exec-stack.patch
  40. +5 −0 pkgs/development/tools/misc/binutils/default.nix
  41. +1,786 −0 pkgs/development/tools/misc/binutils/pt-pax-flags-20121023.patch
  42. +4 −2 pkgs/development/tools/misc/pkgconfig/default.nix
  43. +17 −221 pkgs/development/tools/misc/pkgconfig/requires-private.patch
  44. +3 −0 pkgs/misc/emulators/wine/stable.nix
  45. +13 −0 pkgs/os-specific/linux/spl/const.patch
  46. +2 −2 pkgs/os-specific/linux/spl/default.nix
  47. +1 −0 pkgs/stdenv/generic/builder.sh
  48. +10 −0 pkgs/stdenv/generic/default.nix
  49. +13 −0 pkgs/stdenv/generic/setup.sh
  50. +3 −2 pkgs/stdenv/linux/default.nix
  51. +4 −0 pkgs/tools/misc/grub/2.0x.nix
  52. +9 −2 pkgs/top-level/all-packages.nix
@@ -1,11 +1,11 @@
{ stdenv, mkChromiumDerivation }:
{ stdenv, mkChromiumDerivation, arch }:

with stdenv.lib;

mkChromiumDerivation (base: rec {
name = "chromium-browser";
packageName = "chromium";
buildTargets = [ "chrome" ];
buildTargets = [ "mksnapshot.${arch}" "chrome" ];

installPhase = ''
ensureDir "$libExecPath"
@@ -30,6 +30,7 @@

, source
, plugins
, archInfo
}:

buildFun:
@@ -172,13 +173,7 @@ let
# enable support for the H.264 codec
proprietary_codecs = true;
ffmpeg_branding = "Chrome";
} // optionalAttrs (stdenv.system == "x86_64-linux") {
target_arch = "x64";
python_arch = "x86-64";
} // optionalAttrs (stdenv.system == "i686-linux") {
target_arch = "ia32";
python_arch = "ia32";
} // (extraAttrs.gypFlags or {}));
} // archInfo // (extraAttrs.gypFlags or {}));

configurePhase = ''
# This is to ensure expansion of $out.
@@ -190,14 +185,21 @@ let
buildPhase = let
CC = "${gcc}/bin/gcc";
CXX = "${gcc}/bin/g++";
in ''
CC="${CC}" CC_host="${CC}" \
CXX="${CXX}" CXX_host="${CXX}" \
LINK_host="${CXX}" \
"${ninja}/bin/ninja" -C "${buildPath}" \
-j$NIX_BUILD_CORES -l$NIX_BUILD_CORES \
${concatStringsSep " " (extraAttrs.buildTargets or [])}
'';
buildCommand = target: ''
CC="${CC}" CC_host="${CC}" \
CXX="${CXX}" CXX_host="${CXX}" \
LINK_host="${CXX}" \
"${ninja}/bin/ninja" -C "${buildPath}" \
-j$NIX_BUILD_CORES -l$NIX_BUILD_CORES \
${target}
if [[ "${target}" == mksnapshot.* || "${target}" == "chrome" ]]; then
paxmark m "${buildPath}/${target}"
fi
'';
targets = extraAttrs.buildTargets or [];
commands = map buildCommand targets;
in concatStringsSep "\n" commands;
};

# Remove some extraAttrs we supplied to the base attributes already.
@@ -15,6 +15,14 @@
}:

let
archInfo = with stdenv.lib; optionalAttrs (stdenv.system == "i686-linux") {
target_arch = "ia32";
python_arch = "ia32";
} // optionalAttrs (stdenv.system == "x86_64-linux") {
target_arch = "x64";
python_arch = "x86-64";
};

callPackage = newScope chromium;

chromium = {
@@ -27,10 +35,13 @@ let
mkChromiumDerivation = callPackage ./common.nix {
inherit enableSELinux enableNaCl useOpenSSL gnomeSupport
gnomeKeyringSupport proprietaryCodecs cupsSupport
pulseSupport;
pulseSupport archInfo;
};

browser = callPackage ./browser.nix {
arch = archInfo.target_arch;
};

browser = callPackage ./browser.nix { };
sandbox = callPackage ./sandbox.nix { };

plugins = callPackage ./plugins.nix {
@@ -91,6 +91,11 @@ rec {

#installFlags = "SKIP_GRE_REGISTRATION=1";

preInstall = ''
# The following is needed for startup cache creation on grsecurity kernels
paxmark m ../objdir/dist/bin/xpcshell
'';

postInstall = ''
# Fix run-mozilla.sh search
libDir=$(cd $out/lib && ls -d xulrunner-[0-9]*)
@@ -109,6 +114,10 @@ rec {
for i in $out/lib/$libDir/*.so; do
patchelf --set-rpath "$(patchelf --print-rpath "$i"):$out/lib/$libDir" $i || true
done
# For grsecurity kernels
paxmark m $out/lib/$libDir/{plugin-container,xulrunner}
for i in $out/lib/$libDir/{plugin-container,xulrunner,xulrunner-stub}; do
wrapProgram $i --prefix LD_LIBRARY_PATH ':' "$out/lib/$libDir"
done
@@ -33,7 +33,7 @@ if test "$noSysDirs" = "1"; then

# The path to the Glibc binaries such as `crti.o'.
glibc_libdir="$(cat $NIX_GCC/nix-support/orig-libc)/lib"

else
# Hack: support impure environments.
extraFlags="-isystem /usr/include"
@@ -214,7 +214,7 @@ postInstall() {
# previous gcc.
rm -rf $out/libexec/gcc/*/*/install-tools
rm -rf $out/lib/gcc/*/*/install-tools

# More dependencies with the previous gcc or some libs (gccbug stores the build command line)
rm -rf $out/bin/gccbug
# Take out the bootstrap-tools from the rpath, as it's not needed at all having $out
@@ -240,6 +240,11 @@ postInstall() {
fi
done

# Disable RANDMMAP on grsec, which causes segfaults when using
# precompiled headers.
# See https://bugs.gentoo.org/show_bug.cgi?id=301299#c31
paxmark r $out/libexec/gcc/*/*/{cc1,cc1plus}

eval "$postInstallGhdl"
}

@@ -99,7 +99,7 @@ let version = "4.6.3";
withAbi = if gccAbi != null then " --with-abi=${gccAbi}" else "";
withFpu = if gccFpu != null then " --with-fpu=${gccFpu}" else "";
withFloat = if gccFloat != null then " --with-float=${gccFloat}" else "";
in
in
(withArch +
withCpu +
withAbi +

This file was deleted.

@@ -239,6 +239,11 @@ postInstall() {
fi
done

# Disable RANDMMAP on grsec, which causes segfaults when using
# precompiled headers.
# See https://bugs.gentoo.org/show_bug.cgi?id=301299#c31
paxmark r $out/libexec/gcc/*/*/{cc1,cc1plus}

eval "$postInstallGhdl"
}

@@ -54,7 +54,7 @@ assert langGo -> langCC;
with stdenv.lib;
with builtins;

let version = "4.8.2";
let version = "4.8.3";

# Whether building a cross-compiler for GNU/Hurd.
crossGNU = cross != null && cross.config == "i586-pc-gnu";
@@ -64,7 +64,7 @@ let version = "4.8.2";
*/
enableParallelBuilding = !profiledCompiler;

patches = [ ./bug-58800.patch ] # http://gcc.gnu.org/bugzilla/show_bug.cgi?id=58800
patches = []
++ optional enableParallelBuilding ./parallel-bconfig.patch
++ optional (cross != null) ./libstdc++-target.patch
# ++ optional noSysDirs ./no-sys-dirs.patch
@@ -212,7 +212,7 @@ stdenv.mkDerivation ({

src = fetchurl {
url = "mirror://gnu/gcc/gcc-${version}/gcc-${version}.tar.bz2";
sha256 = "1j6dwgby4g3p3lz7zkss32ghr45zpdidrg8xvazvn91lqxv25p09";
sha256 = "07hg10zs7gnqz58my10ch0zygizqh0z0bz6pv4pgxx45n48lz3ka";
};

inherit patches;
@@ -20,6 +20,8 @@ stdenv.mkDerivation rec {
"--with-gcc=${stdenv.gcc}/bin/gcc"
];

NIX_CFLAGS_COMPILE = "-fomit-frame-pointer";

meta = {
inherit homepage;
description = "The Glasgow Haskell Compiler";
@@ -25,6 +25,8 @@ stdenv.mkDerivation rec {
"--with-gcc=${stdenv.gcc}/bin/gcc"
];

NIX_CFLAGS_COMPILE = "-fomit-frame-pointer";

# required, because otherwise all symbols from HSffi.o are stripped, and
# that in turn causes GHCi to abort
stripDebugFlags=["-S" "--keep-file-symbols"];
@@ -25,6 +25,8 @@ stdenv.mkDerivation rec {
"--with-gcc=${stdenv.gcc}/bin/gcc"
];

NIX_CFLAGS_COMPILE = "-fomit-frame-pointer";

# required, because otherwise all symbols from HSffi.o are stripped, and
# that in turn causes GHCi to abort
stripDebugFlags=["-S" "--keep-file-symbols"];
@@ -25,6 +25,8 @@ stdenv.mkDerivation rec {
"--with-gcc=${stdenv.gcc}/bin/gcc"
];

NIX_CFLAGS_COMPILE = "-fomit-frame-pointer";

# required, because otherwise all symbols from HSffi.o are stripped, and
# that in turn causes GHCi to abort
stripDebugFlags=["-S" "--keep-file-symbols"];
@@ -1,6 +1,13 @@
{ stdenv, fetchurl, ghc, perl, gmp, ncurses }:
{ stdenv, fetchurl, ghc, perl, gmp, ncurses, binutils }:

stdenv.mkDerivation rec {
let
# The "-Wa,--noexecstack" options might be needed only with GNU ld (as opposed
# to the gold linker). It prevents binaries' stacks from being marked as
# executable, which fails to run on a grsecurity/PaX kernel.
ghcFlags = "-optc-Wa,--noexecstack -opta-Wa,--noexecstack";
cFlags = "-Wa,--noexecstack";

in stdenv.mkDerivation rec {
version = "7.6.3";

name = "ghc-${version}";
@@ -12,21 +19,40 @@ stdenv.mkDerivation rec {

buildInputs = [ ghc perl gmp ncurses ];


buildMK = ''
libraries/integer-gmp_CONFIGURE_OPTS += --configure-option=--with-gmp-libraries="${gmp}/lib"
libraries/integer-gmp_CONFIGURE_OPTS += --configure-option=--with-gmp-includes="${gmp}/include"
'' + stdenv.lib.optionalString stdenv.isLinux ''
# Set ghcFlags for building ghc itself
SRC_HC_OPTS += ${ghcFlags}
SRC_CC_OPTS += ${cFlags}
'';

preConfigure = ''
echo "${buildMK}" > mk/build.mk
sed -i -e 's|-isysroot /Developer/SDKs/MacOSX10.5.sdk||' configure
'' + stdenv.lib.optionalString stdenv.isLinux ''
# Set ghcFlags for binaries that ghc builds
sed -i -e 's|"\$topdir"|"\$topdir" ${ghcFlags}|' ghc/ghc.wrapper
'' + stdenv.lib.optionalString (!stdenv.isDarwin) ''
export NIX_LDFLAGS="$NIX_LDFLAGS -rpath $out/lib/ghc-${version}"
'';

configureFlags = "--with-gcc=${stdenv.gcc}/bin/gcc";

postInstall = ''
# ghci uses mmap with rwx protection at it implements dynamic
# linking on its own. See:
# - https://bugs.gentoo.org/show_bug.cgi?id=299709
# - https://ghc.haskell.org/trac/ghc/ticket/4244
# Therefore, we have to pax-mark the resulting binary.
# Haddock also seems to run with ghci, so mark it as well.
paxmark m $out/lib/${name}/{ghc,haddock}
'';

# required, because otherwise all symbols from HSffi.o are stripped, and
# that in turn causes GHCi to abort
stripDebugFlags=["-S" "--keep-file-symbols"];
@@ -59,7 +59,7 @@ with srcInfo; stdenv.mkDerivation {
"--disable-downloading"

"--without-rhino"
# Uncomment this when paxctl lands in stdenv: "--with-pax=paxctl"
"--with-pax=paxctl"
"--with-jdk-home=${jdkPath}"
];

0 comments on commit 1b78ca5

Please sign in to comment.
You can’t perform that action at this time.