##// END OF EJS Templates
git: security/bumped git to 2.16.4 for security release update
marcink -
r456:3a2a7383 default
parent child Browse files
Show More
@@ -1,166 +1,166 b''
1 # Nix environment for the community edition
1 # Nix environment for the community edition
2 #
2 #
3 # This shall be as lean as possible, just producing the rhodecode-vcsserver
3 # This shall be as lean as possible, just producing the rhodecode-vcsserver
4 # derivation. For advanced tweaks to pimp up the development environment we use
4 # derivation. For advanced tweaks to pimp up the development environment we use
5 # "shell.nix" so that it does not have to clutter this file.
5 # "shell.nix" so that it does not have to clutter this file.
6
6
7 { pkgs ? (import <nixpkgs> {})
7 { pkgs ? (import <nixpkgs> {})
8 , pythonPackages ? "python27Packages"
8 , pythonPackages ? "python27Packages"
9 , pythonExternalOverrides ? self: super: {}
9 , pythonExternalOverrides ? self: super: {}
10 , doCheck ? true
10 , doCheck ? true
11 }:
11 }:
12
12
13 let pkgs_ = pkgs; in
13 let pkgs_ = pkgs; in
14
14
15 let
15 let
16 pkgs = pkgs_.overridePackages (self: super: {
16 pkgs = pkgs_.overridePackages (self: super: {
17 # bump GIT version
17 # bump GIT version
18 git = pkgs.lib.overrideDerivation pkgs_.git (oldAttrs: {
18 git = pkgs.lib.overrideDerivation pkgs_.git (oldAttrs: {
19 name = "git-2.16.3";
19 name = "git-2.16.4";
20 src = pkgs.fetchurl {
20 src = pkgs.fetchurl {
21 url = "https://www.kernel.org/pub/software/scm/git/git-2.16.3.tar.xz";
21 url = "https://www.kernel.org/pub/software/scm/git/git-2.16.4.tar.xz";
22 sha256 = "0j1dwvg5llnj3g0fp8hdgpms4hp90qw9f6509vqw30dhwplrjpfn";
22 sha256 = "0cnmidjvbdf81mybcvxvl0c2r2x2nvq2jj2dl59dmrc7qklv0sbf";
23 };
23 };
24
24
25 patches = [
25 patches = [
26 ./pkgs/git_patches/docbook2texi.patch
26 ./pkgs/git_patches/docbook2texi.patch
27 ./pkgs/git_patches/symlinks-in-bin.patch
27 ./pkgs/git_patches/symlinks-in-bin.patch
28 ./pkgs/git_patches/git-sh-i18n.patch
28 ./pkgs/git_patches/git-sh-i18n.patch
29 ./pkgs/git_patches/ssh-path.patch
29 ./pkgs/git_patches/ssh-path.patch
30 ];
30 ];
31
31
32 });
32 });
33
33
34 # Override subversion derivation to
34 # Override subversion derivation to
35 # - activate python bindings
35 # - activate python bindings
36 subversion = let
36 subversion = let
37 subversionWithPython = super.subversion.override {
37 subversionWithPython = super.subversion.override {
38 httpSupport = true;
38 httpSupport = true;
39 pythonBindings = true;
39 pythonBindings = true;
40 python = self.python27Packages.python;
40 python = self.python27Packages.python;
41 };
41 };
42
42
43 in
43 in
44
44
45 pkgs.lib.overrideDerivation subversionWithPython (oldAttrs: {
45 pkgs.lib.overrideDerivation subversionWithPython (oldAttrs: {
46 name = "subversion-1.9.7";
46 name = "subversion-1.9.7";
47 src = pkgs.fetchurl {
47 src = pkgs.fetchurl {
48 url = "https://www.apache.org/dist/subversion/subversion-1.9.7.tar.gz";
48 url = "https://www.apache.org/dist/subversion/subversion-1.9.7.tar.gz";
49 sha256 = "0g3cs2h008z8ymgkhbk54jp87bjh7y049rn42igj881yi2f20an7";
49 sha256 = "0g3cs2h008z8ymgkhbk54jp87bjh7y049rn42igj881yi2f20an7";
50 };
50 };
51
51
52 });
52 });
53
53
54 });
54 });
55
55
56 inherit (pkgs.lib) fix extends;
56 inherit (pkgs.lib) fix extends;
57 basePythonPackages = with builtins; if isAttrs pythonPackages
57 basePythonPackages = with builtins; if isAttrs pythonPackages
58 then pythonPackages
58 then pythonPackages
59 else getAttr pythonPackages pkgs;
59 else getAttr pythonPackages pkgs;
60
60
61 elem = builtins.elem;
61 elem = builtins.elem;
62 basename = path: with pkgs.lib; last (splitString "/" path);
62 basename = path: with pkgs.lib; last (splitString "/" path);
63 startsWith = prefix: full: let
63 startsWith = prefix: full: let
64 actualPrefix = builtins.substring 0 (builtins.stringLength prefix) full;
64 actualPrefix = builtins.substring 0 (builtins.stringLength prefix) full;
65 in actualPrefix == prefix;
65 in actualPrefix == prefix;
66
66
67 src-filter = path: type: with pkgs.lib;
67 src-filter = path: type: with pkgs.lib;
68 let
68 let
69 ext = last (splitString "." path);
69 ext = last (splitString "." path);
70 in
70 in
71 !elem (basename path) [".hg" ".git" "__pycache__" ".eggs"
71 !elem (basename path) [".hg" ".git" "__pycache__" ".eggs"
72 "node_modules" "build" "data" "tmp"] &&
72 "node_modules" "build" "data" "tmp"] &&
73 !elem ext ["egg-info" "pyc"] &&
73 !elem ext ["egg-info" "pyc"] &&
74 !startsWith "result" path;
74 !startsWith "result" path;
75
75
76 rhodecode-vcsserver-src = builtins.filterSource src-filter ./.;
76 rhodecode-vcsserver-src = builtins.filterSource src-filter ./.;
77
77
78 pythonGeneratedPackages = self: basePythonPackages.override (a: {
78 pythonGeneratedPackages = self: basePythonPackages.override (a: {
79 inherit self;
79 inherit self;
80 }) // (scopedImport {
80 }) // (scopedImport {
81 self = self;
81 self = self;
82 super = basePythonPackages;
82 super = basePythonPackages;
83 inherit pkgs;
83 inherit pkgs;
84 inherit (pkgs) fetchurl fetchgit;
84 inherit (pkgs) fetchurl fetchgit;
85 } ./pkgs/python-packages.nix);
85 } ./pkgs/python-packages.nix);
86
86
87 pythonOverrides = import ./pkgs/python-packages-overrides.nix {
87 pythonOverrides = import ./pkgs/python-packages-overrides.nix {
88 inherit basePythonPackages pkgs;
88 inherit basePythonPackages pkgs;
89 };
89 };
90
90
91 version = builtins.readFile ./vcsserver/VERSION;
91 version = builtins.readFile ./vcsserver/VERSION;
92
92
93 pythonLocalOverrides = self: super: {
93 pythonLocalOverrides = self: super: {
94 rhodecode-vcsserver = super.rhodecode-vcsserver.override (attrs: {
94 rhodecode-vcsserver = super.rhodecode-vcsserver.override (attrs: {
95 inherit doCheck version;
95 inherit doCheck version;
96
96
97 name = "rhodecode-vcsserver-${version}";
97 name = "rhodecode-vcsserver-${version}";
98 releaseName = "RhodeCodeVCSServer-${version}";
98 releaseName = "RhodeCodeVCSServer-${version}";
99 src = rhodecode-vcsserver-src;
99 src = rhodecode-vcsserver-src;
100 dontStrip = true; # prevent strip, we don't need it.
100 dontStrip = true; # prevent strip, we don't need it.
101
101
102 propagatedBuildInputs = attrs.propagatedBuildInputs ++ ([
102 propagatedBuildInputs = attrs.propagatedBuildInputs ++ ([
103 pkgs.git
103 pkgs.git
104 pkgs.subversion
104 pkgs.subversion
105 ]);
105 ]);
106
106
107 # TODO: johbo: Make a nicer way to expose the parts. Maybe
107 # TODO: johbo: Make a nicer way to expose the parts. Maybe
108 # pkgs/default.nix?
108 # pkgs/default.nix?
109 passthru = {
109 passthru = {
110 pythonPackages = self;
110 pythonPackages = self;
111 };
111 };
112
112
113 # Add VCSServer bin directory to path so that tests can find 'vcsserver'.
113 # Add VCSServer bin directory to path so that tests can find 'vcsserver'.
114 preCheck = ''
114 preCheck = ''
115 export PATH="$out/bin:$PATH"
115 export PATH="$out/bin:$PATH"
116 '';
116 '';
117
117
118 # put custom attrs here
118 # put custom attrs here
119 checkPhase = ''
119 checkPhase = ''
120 runHook preCheck
120 runHook preCheck
121 PYTHONHASHSEED=random py.test -p no:sugar -vv --cov-config=.coveragerc --cov=vcsserver --cov-report=term-missing vcsserver
121 PYTHONHASHSEED=random py.test -p no:sugar -vv --cov-config=.coveragerc --cov=vcsserver --cov-report=term-missing vcsserver
122 runHook postCheck
122 runHook postCheck
123 '';
123 '';
124
124
125 postInstall = ''
125 postInstall = ''
126 echo "Writing meta information for rccontrol to nix-support/rccontrol"
126 echo "Writing meta information for rccontrol to nix-support/rccontrol"
127 mkdir -p $out/nix-support/rccontrol
127 mkdir -p $out/nix-support/rccontrol
128 cp -v vcsserver/VERSION $out/nix-support/rccontrol/version
128 cp -v vcsserver/VERSION $out/nix-support/rccontrol/version
129 echo "DONE: Meta information for rccontrol written"
129 echo "DONE: Meta information for rccontrol written"
130
130
131 # python based programs need to be wrapped
131 # python based programs need to be wrapped
132 ln -s ${self.pyramid}/bin/* $out/bin/
132 ln -s ${self.pyramid}/bin/* $out/bin/
133 ln -s ${self.gunicorn}/bin/gunicorn $out/bin/
133 ln -s ${self.gunicorn}/bin/gunicorn $out/bin/
134
134
135 # Symlink version control utilities
135 # Symlink version control utilities
136 #
136 #
137 # We ensure that always the correct version is available as a symlink.
137 # We ensure that always the correct version is available as a symlink.
138 # So that users calling them via the profile path will always use the
138 # So that users calling them via the profile path will always use the
139 # correct version.
139 # correct version.
140 ln -s ${self.python}/bin/python $out/bin
140 ln -s ${self.python}/bin/python $out/bin
141 ln -s ${pkgs.git}/bin/git $out/bin
141 ln -s ${pkgs.git}/bin/git $out/bin
142 ln -s ${self.mercurial}/bin/hg $out/bin
142 ln -s ${self.mercurial}/bin/hg $out/bin
143 ln -s ${pkgs.subversion}/bin/svn* $out/bin
143 ln -s ${pkgs.subversion}/bin/svn* $out/bin
144
144
145 for file in $out/bin/*;
145 for file in $out/bin/*;
146 do
146 do
147 wrapProgram $file \
147 wrapProgram $file \
148 --set PATH $PATH \
148 --set PATH $PATH \
149 --set PYTHONPATH $PYTHONPATH \
149 --set PYTHONPATH $PYTHONPATH \
150 --set PYTHONHASHSEED random
150 --set PYTHONHASHSEED random
151 done
151 done
152
152
153 '';
153 '';
154
154
155 });
155 });
156 };
156 };
157
157
158 # Apply all overrides and fix the final package set
158 # Apply all overrides and fix the final package set
159 myPythonPackages =
159 myPythonPackages =
160 (fix
160 (fix
161 (extends pythonExternalOverrides
161 (extends pythonExternalOverrides
162 (extends pythonLocalOverrides
162 (extends pythonLocalOverrides
163 (extends pythonOverrides
163 (extends pythonOverrides
164 pythonGeneratedPackages))));
164 pythonGeneratedPackages))));
165
165
166 in myPythonPackages.rhodecode-vcsserver
166 in myPythonPackages.rhodecode-vcsserver
General Comments 0
You need to be logged in to leave comments. Login now