Includes some bugfixes/cleanups to the scripts and packaging, a run of the
updater, a bump of the version, an upgrade to the newer cargo fetcher in #79975,
and gets the web assembly portion to compile successfully.
Fixes#75863
Changes the default fetcher in the Rust Platform to be the newer
`fetchCargoTarball`, and changes every application using the current default to
instead opt out.
This commit does not change any hashes or cause any rebuilds. Once integrated,
we will start deleting the opt-outs and recomputing hashes.
See #79975 for details.
LD_LIBRARY_PATH isn't expanded properly in makeFlags, so move it to
preBuild.
Fixes: 3cd8ce3bce ("treewide: Fix unsafe concatenation of $LD_LIBRARY_PATH")
cgit cannot serve patches with stable hashes, so store these patches
in-tree. cgit community discussion about this problem:
https://lists.zx2c4.com/pipermail/cgit/2017-February/003470.html
We pull the patches in-tree rather than strip cgit footers with fetchpatch
because per https://github.com/NixOS/nixpkgs/pull/61471#issuecomment-493218587
dependencies of fetchpatch cannot use fetchpatch.
Verification that the only difference between the live page, the
patch committed here, and the version cached under the old hash at
tarballs.nixos.org is the cgit version footer:
$ curl -s -L http://tarballs.nixos.org/sha256/"$(nix-hash --type sha256 --to-base16 0iw0lk0yhnhvfjzal48ij6zdr92mgb84jq7fwryy1hdhi47hhq64)" > Allow_input_files_to_be_missing_for_ed-style_patches.patch
$ diff -U0 --label cgit-live <( curl -s -L https://git.savannah.gnu.org/cgit/patch.git/patch/?id=b5a91a01e5d0897facdd0f49d64b76b0f02b43e1 ) Allow_input_files_to_be_missing_for_ed-style_patches.patch
--- cgit-live
+++ Allow_input_files_to_be_missing_for_ed-style_patches.patch 2020-01-29 17:22:00.077312937 -0800
@@ -32 +32 @@
-cgit v1.2.1
+cgit v1.0-41-gc330
$ curl -s -L http://tarballs.nixos.org/sha256/"$(nix-hash --type sha256 --to-base16 1bpy16n3hm5nv9xkrn6c4wglzsdzj3ss1biq16w9kfv48p4hx2vg)" > CVE-2018-1000156.patch
$ diff -U0 --label cgit-live <( curl -s -L https://git.savannah.gnu.org/cgit/patch.git/patch/?id=123eaff0d5d1aebe128295959435b9ca5909c26d ) CVE-2018-1000156.patch
--- cgit-live
+++ CVE-2018-1000156.patch 2020-01-29 17:23:41.021116969 -0800
@@ -210 +210 @@
-cgit v1.2.1
+cgit v1.0-41-gc330
Upstream announcement:
https://lists.gnu.org/archive/html/info-gnu/2020-01/msg00002.html
For the lazy:
> * Noteworthy changes in release 4.8 (2020-01-14) [stable]
>
> ** Bug fixes
>
> "sed -i" now creates temporary files with correct umask (limited to u=rwx).
> Previously sed would incorrectly set umask on temporary files, resulting
> in problems under certain fuse-like file systems.
> [bug introduced in sed 4.2.1]
>
> ** Release
>
> distribute gzip-compressed tarballs once again
>
> ** Improvements
>
> a year's worth of gnulib development, including improved DFA performance
Signed-off-by: Matthias Beyer <mail@beyermatthias.de>