···
7
-
src ? fetchFromGitHub {
14
-
knownVulnerabilities ? [ ],
16
-
lib.maintainers.lovesegfault
17
-
lib.maintainers.artturin
19
-
teams ? [ lib.teams.nix ],
20
-
self_attribute_name,
22
-
assert (hash == null) -> (src != null);
24
-
atLeast24 = lib.versionAtLeast version "2.4";
25
-
atLeast225 = lib.versionAtLeast version "2.25pre";
36
-
busybox-sandbox-shell,
58
-
lowdown-unsandboxed,
73
-
enableDocumentation ? stdenv.buildPlatform.canExecute stdenv.hostPlatform,
74
-
enableStatic ? stdenv.hostPlatform.isStatic,
76
-
lib.meta.availableOn stdenv.hostPlatform aws-c-common
78
-
&& (stdenv.hostPlatform.isLinux || stdenv.hostPlatform.isDarwin)
82
-
withLibseccomp ? lib.meta.availableOn stdenv.hostPlatform libseccomp,
96
-
self = stdenv.mkDerivation {
99
-
version = "${version}${suffix}";
100
-
VERSION_SUFFIX = suffix;
102
-
inherit src patches;
108
-
++ lib.optionals enableDocumentation [
113
-
hardeningEnable = lib.optionals (!stdenv.hostPlatform.isDarwin) [ "pie" ];
115
-
hardeningDisable = [
118
-
++ lib.optional stdenv.hostPlatform.isMusl "fortify";
120
-
nativeInstallCheckInputs = [
125
-
nativeBuildInputs = [
133
-
++ lib.optionals enableDocumentation [
134
-
(lib.getBin lowdown-unsandboxed)
138
-
++ lib.optionals stdenv.hostPlatform.isLinux [
159
-
++ lib.optionals (atLeast225 && enableDocumentation) [
162
-
++ lib.optionals (stdenv.hostPlatform.isx86_64) [
165
-
++ lib.optionals withLibseccomp [
168
-
++ lib.optionals withAWS [
172
-
propagatedBuildInputs = [
178
-
patchShebangs --build tests
182
-
# Copy libboost_context so we don't get all of Boost in our closure.
183
-
# https://github.com/NixOS/nixpkgs/issues/45462
184
-
lib.optionalString (!enableStatic) ''
186
-
cp -pd ${boost}/lib/{libboost_context*,libboost_thread*,libboost_system*} $out/lib
188
-
${lib.optionalString stdenv.hostPlatform.isLinux ''
189
-
chmod u+w $out/lib/*.so.*
190
-
patchelf --set-rpath $out/lib:${lib.getLib stdenv.cc.cc}/lib $out/lib/libboost_thread.so.*
195
-
"--with-store-dir=${storeDir}"
196
-
"--localstatedir=${stateDir}"
197
-
"--sysconfdir=${confDir}"
200
-
++ lib.optionals (!enableDocumentation) [
201
-
"--disable-doc-gen"
203
-
++ lib.optionals stdenv.hostPlatform.isLinux [
204
-
"--with-sandbox-shell=${busybox-sandbox-shell}/bin/busybox"
206
-
++ lib.optionals (stdenv.hostPlatform.isLinux && stdenv.hostPlatform.isStatic) [
207
-
"--enable-embedded-sandbox-shell"
212
-
stdenv.hostPlatform != stdenv.buildPlatform
213
-
&& stdenv.hostPlatform ? nix
214
-
&& stdenv.hostPlatform.nix ? system
217
-
"--with-system=${stdenv.hostPlatform.nix.system}"
219
-
++ lib.optionals (!withLibseccomp) [
220
-
# RISC-V support in progress https://github.com/seccomp/libseccomp/pull/50
221
-
"--disable-seccomp-sandboxing"
223
-
++ lib.optionals (stdenv.cc.isGNU && !enableStatic) [
227
-
env.CXXFLAGS = toString (
228
-
lib.optionals (lib.versionAtLeast lowdown.version "1.4.0") [
229
-
# Autotools based build system wasn't updated with the backport of
230
-
# https://github.com/NixOS/nix/pull/12115, so set the define explicitly.
231
-
"-DHAVE_LOWDOWN_1_4"
236
-
# gcc runs multi-threaded LTO using make and does not yet detect the new fifo:/path style
237
-
# of make jobserver. until gcc adds support for this we have to instruct make to use this
238
-
# old style or LTO builds will run their linking on only one thread, which takes forever.
239
-
"--jobserver-style=pipe"
240
-
"profiledir=$(out)/etc/profile.d"
242
-
++ lib.optional (stdenv.hostPlatform != stdenv.buildPlatform) "PRECOMPILE_HEADERS=0"
243
-
++ lib.optional (stdenv.hostPlatform.isDarwin) "PRECOMPILE_HEADERS=1";
245
-
installFlags = [ "sysconfdir=$(out)/etc" ];
247
-
doInstallCheck = true;
248
-
installCheckTarget = "installcheck";
250
-
# socket path becomes too long otherwise
252
-
lib.optionalString stdenv.hostPlatform.isDarwin ''
253
-
export TMPDIR=$NIX_BUILD_TOP
255
-
# Prevent crashes in libcurl due to invoking Objective-C `+initialize` methods after `fork`.
256
-
# See http://sealiesoftware.com/blog/archive/2017/6/5/Objective-C_and_fork_in_macOS_1013.html.
257
-
+ lib.optionalString stdenv.hostPlatform.isDarwin ''
258
-
export OBJC_DISABLE_INITIALIZE_FORK_SAFETY=YES
260
-
# See https://github.com/NixOS/nix/issues/5687
261
-
+ lib.optionalString (stdenv.hostPlatform.isDarwin) ''
262
-
echo "exit 99" > tests/gc-non-blocking.sh
263
-
'' # TODO: investigate why this broken
264
-
+ lib.optionalString (stdenv.hostPlatform.system == "aarch64-linux") ''
265
-
echo "exit 0" > tests/functional/flakes/show.sh
268
-
# nixStatic otherwise does not find its man pages in tests.
269
-
export MANPATH=$man/share/man:$MANPATH
272
-
separateDebugInfo = stdenv.hostPlatform.isLinux && !enableStatic;
274
-
enableParallelBuilding = true;
277
-
inherit aws-sdk-cpp boehmgc;
279
-
perl-bindings = perl.pkgs.toPerlModule (
280
-
callPackage ./nix-perl.nix {
285
-
tests = import ./tests.nix {
296
-
self_attribute_name
302
-
# point 'nix edit' and ofborg at the file that defines the attribute,
303
-
# not this common file.
304
-
pos = builtins.unsafeGetAttrPos "version" args;
306
-
description = "Powerful package manager that makes package management reliable and reproducible";
307
-
longDescription = ''
308
-
Nix is a powerful package manager for Linux and other Unix systems that
309
-
makes package management reliable and reproducible. It provides atomic
310
-
upgrades and rollbacks, side-by-side installation of multiple versions of
311
-
a package, multi-user package management and easy setup of build
314
-
homepage = "https://nixos.org/";
315
-
license = licenses.lgpl21Plus;
316
-
inherit knownVulnerabilities maintainers teams;
317
-
platforms = platforms.unix;
318
-
outputsToInstall = [ "out" ] ++ optional enableDocumentation "man";
319
-
mainProgram = "nix";
pyrox.dev