snix/third_party/default.nix
Griffin Smith 09cb41b7ac fix(3p/nix): Properly configure SANDBOX_SHELL
point the SANDBOX_SHELL macro at the actual path to busybox on the build
machine, or allow it to be configured at build-time with a cmake option.

Change-Id: I044a1315ba9baa3bc9ceddf29f36d14f9f9ccd96
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1632
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
2020-08-04 02:15:10 +00:00

256 lines
5.8 KiB
Nix

# This file controls the import of external dependencies (i.e.
# third-party code) into my package tree.
#
# This includes *all packages needed from nixpkgs*.
{ ... }:
let
# Tracking nixos-unstable as of 2020-06-10.
nixpkgsCommit = "467ce5a9f45aaf96110b41eb863a56866e1c2c3c";
nixpkgsSrc = fetchTarball {
url = "https://github.com/NixOS/nixpkgs-channels/archive/${nixpkgsCommit}.tar.gz";
sha256 = "0qz7wgi61pdb335n18xm8rfwddckwv0vg8n7fii5abrrx47vnqcj";
};
nixpkgs = import nixpkgsSrc {
config.allowUnfree = true;
config.allowBroken = true;
# Lutris depends on p7zip, which is considered insecure.
config.permittedInsecurePackages = [
"p7zip-16.02"
];
};
# Tracking nixos-20.03 as of 2020-05-22
stableCommit = "48723f48ab92381f0afd50143f38e45cf3080405";
stableNixpkgsSrc = fetchTarball {
url = "https://github.com/NixOS/nixpkgs-channels/archive/${stableCommit}.tar.gz";
sha256 = "0h3b3l867j3ybdgimfn76lw7w6yjhszd5x02pq5827l659ihcf53";
};
stableNixpkgs = import stableNixpkgsSrc {};
exposed = {
# Inherit the packages from nixos-unstable that should be available inside
# of the repo. They become available under `pkgs.third_party.<name>`
inherit (nixpkgs)
age
autoconf
autoreconfHook
avrdude
avrlibc
awscli
bashInteractive
bat
buildBazelPackage
buildFHSUserEnv
buildGoModule
buildGoPackage
buildPackages
buildkite-agent
busybox
bzip2
c-ares
cacert
cachix
cairo
cargo
cgit
clang-tools
clang_10
cmake
coreutils
cudatoolkit
darwin
dfu-programmer
dfu-util
diffutils
dockerTools
docker-compose
execline
fd
fetchFromGitHub
fetchgit
fetchurl
fetchzip
fira
fira-code
fira-mono
flamegraph
fontconfig
freetype
gettext
glibc
gmock
gnutar
google-cloud-sdk
graphviz
gzip
haskell
iana-etc
imagemagickBig
installShellFiles
jdk
jdk11
jetbrains-mono
jq
kontemplate
lib
libredirect
linuxPackages
luajit
lutris
makeFontsConf
makeWrapper
mdbook
meson
mime-types
mkShell
moreutils
nano
nginx
ninja
nix
openssh
openssl
overrideCC
pandoc
parallel
pkgconfig
pkgsCross
postgresql
pounce
pulseaudio
python3
python3Packages
remarshal
rink
ripgrep
rsync
runCommand
runCommandNoCC
runCommandLocal
rustPlatform
rustc
s6-portable-utils
sbcl
sqlite
stdenvNoCC
stern
symlinkJoin
systemd
tdlib
teensy-loader-cli
terraform_0_12
texlive
thttpd
tree
unzip
which
writeShellScript
writeShellScriptBin
writeText
xorg
xz
zlib
zstd;
# Inherit packages that should come from a stable channel
inherit (stableNixpkgs)
emacs26
emacs26-nox
emacsPackages
emacsPackagesGen;
# Required by //third_party/nix
inherit (nixpkgs)
aws-sdk-cpp
bison
boehmgc
boost # urgh
brotli
busybox-sandbox-shell
curl
docbook5
docbook_xsl_ns
editline
flex
libseccomp
libsodium
libxml2
libxslt
mercurial
perl
perlPackages
quassel
utillinuxMinimal;
haskellPackages = (nixpkgs.haskellPackages.override {
overrides = (import ./haskell_overlay { pkgs = nixpkgs; });
});
gradle_6 = (nixpkgs.gradleGen.override {
java = nixpkgs.jdk11;
jdk = nixpkgs.jdk11;
}).gradleGen rec {
name = "gradle-6.5.1";
nativeVersion = "0.22-milestone-3";
src = builtins.fetchurl {
url = "https://services.gradle.org/distributions/${name}-bin.zip";
sha256 = "0jmmipjh4fbsn92zpifa5cqg5ws2a4ha0s4jzqhrg4zs542x79sh";
};
};
};
in exposed.lib.fix(self: exposed // {
callPackage = nixpkgs.lib.callPackageWith self;
# Provide the source code of nixpkgs, but do not provide an imported
# version of it.
inherit nixpkgsCommit nixpkgsSrc stableNixpkgsSrc;
# Packages to be overridden
originals = {
inherit (nixpkgs) gtest openldap go grpc notmuch rr;
inherit (stableNixpkgs) git;
ffmpeg = nixpkgs.ffmpeg-full;
};
# Use LLVM 10
llvmPackages = nixpkgs.llvmPackages_10;
clangStdenv = nixpkgs.llvmPackages_10.stdenv;
stdenv = nixpkgs.llvmPackages_10.stdenv;
# The Go authors have released a version of Go (in alpha) that has a
# type system. This makes it available, specifically for use with
# //nix/buildTypedGo.
go = nixpkgs.go.overrideAttrs(old: {
version = "dev-go2go";
doCheck = false;
patches = []; # they all don't apply and are mostly about Darwin crap
src = nixpkgs.fetchgit {
url = "https://go.googlesource.com/go";
# You might think these hashes are trivial to update. It's just
# a branch in a git repository, right?
#
# Well, think again. Somehow I managed to get no fewer than 3
# (!) different commit hashes for the same branch by cloning
# this repository thrice. Only the third one (which you, the
# reader, can find below for your reading pleasure) actually
# gave me `go tool go2go`.
rev = "ad307489d41133f32c779cfa1b0db4a852ace047";
leaveDotGit = true;
sha256 = "1nxmqdlyfx7w3g5vhjfq24yrc9hwpsa2mjv58xrmhh8vvy50ziqq";
postFetch = ''
cd $out
${nixpkgs.git}/bin/git log -n 1 "--format=format:devel +%H %cd" HEAD > VERSION
rm -rf .git
'';
};
});
# Make NixOS available
nixos = import "${nixpkgsSrc}/nixos";
})