09cb41b7ac
point the SANDBOX_SHELL macro at the actual path to busybox on the build machine, or allow it to be configured at build-time with a cmake option. Change-Id: I044a1315ba9baa3bc9ceddf29f36d14f9f9ccd96 Reviewed-on: https://cl.tvl.fyi/c/depot/+/1632 Tested-by: BuildkiteCI Reviewed-by: tazjin <mail@tazj.in>
256 lines
5.8 KiB
Nix
256 lines
5.8 KiB
Nix
# This file controls the import of external dependencies (i.e.
|
|
# third-party code) into my package tree.
|
|
#
|
|
# This includes *all packages needed from nixpkgs*.
|
|
{ ... }:
|
|
|
|
let
|
|
# Tracking nixos-unstable as of 2020-06-10.
|
|
nixpkgsCommit = "467ce5a9f45aaf96110b41eb863a56866e1c2c3c";
|
|
nixpkgsSrc = fetchTarball {
|
|
url = "https://github.com/NixOS/nixpkgs-channels/archive/${nixpkgsCommit}.tar.gz";
|
|
sha256 = "0qz7wgi61pdb335n18xm8rfwddckwv0vg8n7fii5abrrx47vnqcj";
|
|
};
|
|
nixpkgs = import nixpkgsSrc {
|
|
config.allowUnfree = true;
|
|
config.allowBroken = true;
|
|
|
|
# Lutris depends on p7zip, which is considered insecure.
|
|
config.permittedInsecurePackages = [
|
|
"p7zip-16.02"
|
|
];
|
|
};
|
|
|
|
# Tracking nixos-20.03 as of 2020-05-22
|
|
stableCommit = "48723f48ab92381f0afd50143f38e45cf3080405";
|
|
stableNixpkgsSrc = fetchTarball {
|
|
url = "https://github.com/NixOS/nixpkgs-channels/archive/${stableCommit}.tar.gz";
|
|
sha256 = "0h3b3l867j3ybdgimfn76lw7w6yjhszd5x02pq5827l659ihcf53";
|
|
};
|
|
stableNixpkgs = import stableNixpkgsSrc {};
|
|
|
|
exposed = {
|
|
# Inherit the packages from nixos-unstable that should be available inside
|
|
# of the repo. They become available under `pkgs.third_party.<name>`
|
|
inherit (nixpkgs)
|
|
age
|
|
autoconf
|
|
autoreconfHook
|
|
avrdude
|
|
avrlibc
|
|
awscli
|
|
bashInteractive
|
|
bat
|
|
buildBazelPackage
|
|
buildFHSUserEnv
|
|
buildGoModule
|
|
buildGoPackage
|
|
buildPackages
|
|
buildkite-agent
|
|
busybox
|
|
bzip2
|
|
c-ares
|
|
cacert
|
|
cachix
|
|
cairo
|
|
cargo
|
|
cgit
|
|
clang-tools
|
|
clang_10
|
|
cmake
|
|
coreutils
|
|
cudatoolkit
|
|
darwin
|
|
dfu-programmer
|
|
dfu-util
|
|
diffutils
|
|
dockerTools
|
|
docker-compose
|
|
execline
|
|
fd
|
|
fetchFromGitHub
|
|
fetchgit
|
|
fetchurl
|
|
fetchzip
|
|
fira
|
|
fira-code
|
|
fira-mono
|
|
flamegraph
|
|
fontconfig
|
|
freetype
|
|
gettext
|
|
glibc
|
|
gmock
|
|
gnutar
|
|
google-cloud-sdk
|
|
graphviz
|
|
gzip
|
|
haskell
|
|
iana-etc
|
|
imagemagickBig
|
|
installShellFiles
|
|
jdk
|
|
jdk11
|
|
jetbrains-mono
|
|
jq
|
|
kontemplate
|
|
lib
|
|
libredirect
|
|
linuxPackages
|
|
luajit
|
|
lutris
|
|
makeFontsConf
|
|
makeWrapper
|
|
mdbook
|
|
meson
|
|
mime-types
|
|
mkShell
|
|
moreutils
|
|
nano
|
|
nginx
|
|
ninja
|
|
nix
|
|
openssh
|
|
openssl
|
|
overrideCC
|
|
pandoc
|
|
parallel
|
|
pkgconfig
|
|
pkgsCross
|
|
postgresql
|
|
pounce
|
|
pulseaudio
|
|
python3
|
|
python3Packages
|
|
remarshal
|
|
rink
|
|
ripgrep
|
|
rsync
|
|
runCommand
|
|
runCommandNoCC
|
|
runCommandLocal
|
|
rustPlatform
|
|
rustc
|
|
s6-portable-utils
|
|
sbcl
|
|
sqlite
|
|
stdenvNoCC
|
|
stern
|
|
symlinkJoin
|
|
systemd
|
|
tdlib
|
|
teensy-loader-cli
|
|
terraform_0_12
|
|
texlive
|
|
thttpd
|
|
tree
|
|
unzip
|
|
which
|
|
writeShellScript
|
|
writeShellScriptBin
|
|
writeText
|
|
xorg
|
|
xz
|
|
zlib
|
|
zstd;
|
|
|
|
# Inherit packages that should come from a stable channel
|
|
inherit (stableNixpkgs)
|
|
emacs26
|
|
emacs26-nox
|
|
emacsPackages
|
|
emacsPackagesGen;
|
|
|
|
# Required by //third_party/nix
|
|
inherit (nixpkgs)
|
|
aws-sdk-cpp
|
|
bison
|
|
boehmgc
|
|
boost # urgh
|
|
brotli
|
|
busybox-sandbox-shell
|
|
curl
|
|
docbook5
|
|
docbook_xsl_ns
|
|
editline
|
|
flex
|
|
libseccomp
|
|
libsodium
|
|
libxml2
|
|
libxslt
|
|
mercurial
|
|
perl
|
|
perlPackages
|
|
quassel
|
|
utillinuxMinimal;
|
|
|
|
haskellPackages = (nixpkgs.haskellPackages.override {
|
|
overrides = (import ./haskell_overlay { pkgs = nixpkgs; });
|
|
});
|
|
|
|
gradle_6 = (nixpkgs.gradleGen.override {
|
|
java = nixpkgs.jdk11;
|
|
jdk = nixpkgs.jdk11;
|
|
}).gradleGen rec {
|
|
name = "gradle-6.5.1";
|
|
nativeVersion = "0.22-milestone-3";
|
|
|
|
src = builtins.fetchurl {
|
|
url = "https://services.gradle.org/distributions/${name}-bin.zip";
|
|
sha256 = "0jmmipjh4fbsn92zpifa5cqg5ws2a4ha0s4jzqhrg4zs542x79sh";
|
|
};
|
|
};
|
|
};
|
|
|
|
in exposed.lib.fix(self: exposed // {
|
|
callPackage = nixpkgs.lib.callPackageWith self;
|
|
|
|
# Provide the source code of nixpkgs, but do not provide an imported
|
|
# version of it.
|
|
inherit nixpkgsCommit nixpkgsSrc stableNixpkgsSrc;
|
|
|
|
# Packages to be overridden
|
|
originals = {
|
|
inherit (nixpkgs) gtest openldap go grpc notmuch rr;
|
|
inherit (stableNixpkgs) git;
|
|
ffmpeg = nixpkgs.ffmpeg-full;
|
|
};
|
|
|
|
# Use LLVM 10
|
|
llvmPackages = nixpkgs.llvmPackages_10;
|
|
clangStdenv = nixpkgs.llvmPackages_10.stdenv;
|
|
stdenv = nixpkgs.llvmPackages_10.stdenv;
|
|
|
|
# The Go authors have released a version of Go (in alpha) that has a
|
|
# type system. This makes it available, specifically for use with
|
|
# //nix/buildTypedGo.
|
|
go = nixpkgs.go.overrideAttrs(old: {
|
|
version = "dev-go2go";
|
|
doCheck = false;
|
|
patches = []; # they all don't apply and are mostly about Darwin crap
|
|
|
|
src = nixpkgs.fetchgit {
|
|
url = "https://go.googlesource.com/go";
|
|
# You might think these hashes are trivial to update. It's just
|
|
# a branch in a git repository, right?
|
|
#
|
|
# Well, think again. Somehow I managed to get no fewer than 3
|
|
# (!) different commit hashes for the same branch by cloning
|
|
# this repository thrice. Only the third one (which you, the
|
|
# reader, can find below for your reading pleasure) actually
|
|
# gave me `go tool go2go`.
|
|
rev = "ad307489d41133f32c779cfa1b0db4a852ace047";
|
|
leaveDotGit = true;
|
|
sha256 = "1nxmqdlyfx7w3g5vhjfq24yrc9hwpsa2mjv58xrmhh8vvy50ziqq";
|
|
|
|
postFetch = ''
|
|
cd $out
|
|
${nixpkgs.git}/bin/git log -n 1 "--format=format:devel +%H %cd" HEAD > VERSION
|
|
rm -rf .git
|
|
'';
|
|
};
|
|
});
|
|
|
|
# Make NixOS available
|
|
nixos = import "${nixpkgsSrc}/nixos";
|
|
})
|