apply patch from gentoo because there's no libstdc++.a libsupc++.a or
their nano versions
this matches upstream arm more
https://developer.arm.com/downloads/-/arm-gnu-toolchain-downloads
-lc_nano is used in nano.specs but 'libc_nano.a' is not installed without these changes
with structuredAttrs lists will be bash arrays which cannot be exported
which will be a issue with some patches and some wrappers like cc-wrapper
this makes it clearer that NIX_CFLAGS_COMPILE must be a string as lists
in env cause a eval failure
This release gets resholve caught up to the latest release of oil/osh.
Since the update was already somewhat involved, I used the opportunity
to also figure out how to patch out some C extensions and external
dependencies that shouldn't be necessary just to use the parser.
- update README.md
- github.com/abathur/resholve/blob/master/CHANGELOG.md#v090-jan-29-2023
- github.com/abathur/nix-py-dev-oil/compare/v0.8.12.3...v0.14.0.0
checkInputs used to be added to nativeBuildInputs. Now we have
nativeCheckInputs to do that instead. Doing this treewide change allows
to keep hashes identical to before the introduction of
nativeCheckInputs.
Bump to the latest relase. The current version is outdated and doesn't
seem to be able to boot my CM4 to mass storage device mode. This version
does, and according to
https://github.com/raspberrypi/usbboot/releases/tag/20221215-105525, it
"works on all current Raspberry Pi models and uses the default
bootloader that is signed with the secure-boot ROM key".
We are marking `resholve` itself with `meta.knownVulnerabilities`, and
overriding `resholve-utils` functions's `resholve` with
`meta.knownVulnerabilities = [ ]`.
This way, we can still use `resholve` at build-time without triggering
security warnings, however we can't instantiate `resholve` itself. See:
```
$ nix-build -A resholve
error: Package ‘resholve-0.8.4’ in /.../nixpkgs/pkgs/development/misc/resholve/resholve.nix:48 is marked as insecure, refusing to evaluate.
$ nix-build -A ix
/nix/store/k8cvj1bfxkjj8zdg6kgm7r8942bbj7w7-ix-20190815
```
For debugging purposes, you can still bypass the security checks and
instantiate `resholve` by:
```
$ NIXPKGS_ALLOW_INSECURE=1 nix-build -A resholve
/nix/store/77s87hhqymc6x9wpclb04zg5jwm6fsij-resholve-0.8.4
```
Forgot to port this resholve Nix API fix in the course of #184292.
Same change as:
github.com/abathur/resholve/commit/b743d2eb12d82e35c567733a7a884174e3606641
This PR strips down the modified `python27` derivation used by `resholve`. The
idea is to reduce the possible security issues, and also to make it easier to
bootstrap.
