ghostfox/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

push sheeet
Some checks failed
Periodic Merges (6h) / master → staging-nixos (push) Failing after 12m50s
Details
Periodic Merges (6h) / master → staging-next (push) Failing after 12m54s
Details
Periodic Merges (24h) / merge-base(master,staging) → haskell-updates (push) Failing after 11m54s
Details
Periodic Merges (6h) / staging-next → staging (push) Failing after 12m13s
Details
Periodic Merges (24h) / staging-next-25.05 → staging-25.05 (push) Failing after 13m24s
Details
Periodic Merges (24h) / release-25.05 → staging-next-25.05 (push) Failing after 14m28s
Details

Browse Source
This commit is contained in:
Dark Steveneq
2025-10-09 14:15:47 +02:00
commit 646b892680
49168 changed files with 5897842 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

257
pkgs/development/tools/analysis/binlore/default.nix Normal file
View File

@@ -0,0 +1,257 @@
{
lib,
fetchFromGitHub,
runCommand,
yallback,
yara,
}:
/*
TODO/CAUTION:
I don't want to discourage use, but I'm not sure how stable
the API is. Have fun, but be prepared to track changes! :)
For _now_, binlore is basically a thin wrapper around
`<invoke yara> | <postprocess with yallback>` with support
for running it on a derivation, saving the result in the
store, and aggregating results from a set of packages.
In the longer term, I suspect there are more uses for this
general pattern (i.e., run some analysis tool that produces
a deterministic output and cache the result per package...).
I'm not sure how that'll look and if it'll be the case that
binlore automatically collects all of them, or if you'll be
configuring which "kind(s)" of lore it generates. Nailing
that down will almost certainly mean reworking the API.
*/
let
src = fetchFromGitHub {
owner = "abathur";
repo = "binlore";
rev = "v0.3.0";
hash = "sha256-4Fs6HThfDhKRskuDJx2+hucl8crMRm10K6949JdIwPY=";
};
/*
binlore has one one more yallbacks responsible for
routing the appropriate lore to a named file in the
appropriate format. At some point I might try to do
something fancy with this, but for now the answer to
*all* questions about the lore are: the bare minimum
to get resholve over the next feature hump in time to
hopefully slip this feature in before the branch-off.
*/
# TODO: feeling really uninspired on the API
loreDef = {
# YARA rule file
rules = (src + "/execers.yar");
# output filenames; "types" of lore
types = [
"execers"
"wrappers"
];
# shell rule callbacks; see github.com/abathur/yallback
yallback = (src + "/execers.yall");
# TODO:
# - echo for debug, can be removed at some point
# - I really just wanted to put the bit after the pipe
# in here, but I'm erring on the side of flexibility
# since this form will make it easier to pilot other
# uses of binlore.
callback = lore: drv: ''
if [[ -d "${drv}/bin" ]] || [[ -d "${drv}/lib" ]] || [[ -d "${drv}/libexec" ]]; then
echo generating binlore for $drv by running:
echo "${yara}/bin/yara --scan-list --recursive ${lore.rules} <(printf '%s\n' ${drv}/{bin,lib,libexec}) | ${yallback}/bin/yallback ${lore.yallback}"
else
echo "failed to generate binlore for $drv (none of ${drv}/{bin,lib,libexec} exist)"
fi
if [[ -d "${drv}/bin" ]] || [[ -d "${drv}/lib" ]] || [[ -d "${drv}/libexec" ]]; then
${yara}/bin/yara --scan-list --recursive ${lore.rules} <(printf '%s\n' ${drv}/{bin,lib,libexec}) | ${yallback}/bin/yallback ${lore.yallback}
fi
'';
};
in
rec {
/*
Output a directory containing lore for multiple drvs.
This will `make` lore for drv in drvs and then combine lore
of the same type across all packages into a single file.
When drvs are also specified in the strip argument, corresponding
lore is made relative by stripping the path of each drv from
matching entries. (This is mainly useful in a build process that
uses a chain of two or more derivations where the output of one
is the source for the next. See resholve for an example.)
*/
collect =
{
lore ? loreDef,
drvs,
strip ? [ ],
}:
(runCommand "more-binlore" { } ''
mkdir $out
for lorefile in ${toString lore.types}; do
cat ${
lib.concatMapStrings (x: x + "/$lorefile ") (
map (make lore) (map lib.getBin (builtins.filter lib.isDerivation drvs))
)
} > $out/$lorefile
substituteInPlace $out/$lorefile ${lib.concatMapStrings (x: "--replace-quiet '${x}/' '' ") strip}
done
'');
/*
Output a directory containing lore for a single drv.
This produces lore for the derivation (via lore.callback) and
appends any lore that the derivation itself wrote to nix-support
or which was overridden in drv.binlore.<outputName> (passthru).
> *Note*: Since the passthru is attached to all outputs, binlore
> is an attrset namespaced by outputName to support packages with
> executables in more than one output.
Since the last entry wins, the effective priority is:
drv.binlore.<outputName> > $drv/nix-support > lore generated here by callback
*/
make =
lore: drv:
runCommand "${drv.name}-binlore"
{
drv = drv;
}
(
''
mkdir $out
touch $out/{${builtins.concatStringsSep "," lore.types}}
${lore.callback lore drv}
''
+
# append lore from package's $out and drv.binlore.${drv.outputName} (last entry wins)
''
for lore_type in ${toString lore.types}; do
if [[ -f "${drv}/nix-support/$lore_type" ]]; then
cat "${drv}/nix-support/$lore_type" >> "$out/$lore_type"
fi
''
+
lib.optionalString (builtins.hasAttr "binlore" drv && builtins.hasAttr drv.outputName drv.binlore)
''
if [[ -f "${drv.binlore."${drv.outputName}"}/$lore_type" ]]; then
cat "${drv.binlore."${drv.outputName}"}/$lore_type" >> "$out/$lore_type"
fi
''
+ ''
done
echo binlore for $drv written to $out
''
);
/*
Utility function for creating override lore for drv.
We normally attach this lore to `drv.passthru.binlore.<outputName>`.
> *Notes*:
> - Since the passthru is attached to all outputs, binlore is an
> attrset namespaced by outputName to support packages with
> executables in more than one output. You'll generally just use
> `out` or `bin`.
> - We can reconsider the passthru attr name if someone adds
> a new lore provider. We settled on `.binlore` for now to make it
> easier for people to figure out what this is for.
The lore argument should be a Shell script (string) that generates
the necessary lore. You can use arbitrary Shell, but this function
includes a shell DSL you can use to declare/generate lore in most
cases. It has the following functions:
- `execer <verdict> [<path>...]`
- `wrapper <wrapper_path> <original_path>`
Writing every override explicitly in a Nix list would be tedious
for large packages, but this small shell DSL enables us to express
many overrides efficiently via pathname expansion/globbing.
Here's a very general example of both functions:
passthru.binlore.out = binlore.synthesize finalAttrs.finalPackage ''
execer can bin/hello bin/{a,b,c}
wrapper bin/hello bin/.hello-wrapped
'';
And here's a specific example of how pathname expansion enables us
to express lore for the single-binary variant of coreutils while
being both explicit and (somewhat) efficient:
passthru = {} // optionalAttrs (singleBinary != false) {
binlore.out = binlore.synthesize coreutils ''
execer can bin/{chroot,env,install,nice,nohup,runcon,sort,split,stdbuf,timeout}
execer cannot bin/{[,b2sum,base32,base64,basename,basenc,cat,chcon,chgrp,chmod,chown,cksum,comm,cp,csplit,cut,date,dd,df,dir,dircolors,dirname,du,echo,expand,expr,factor,false,fmt,fold,groups,head,hostid,id,join,kill,link,ln,logname,ls,md5sum,mkdir,mkfifo,mknod,mktemp,mv,nl,nproc,numfmt,od,paste,pathchk,pinky,pr,printenv,printf,ptx,pwd,readlink,realpath,rm,rmdir,seq,sha1sum,sha224sum,sha256sum,sha384sum,sha512sum,shred,shuf,sleep,stat,stty,sum,sync,tac,tail,tee,test,touch,tr,true,truncate,tsort,tty,uname,unexpand,uniq,unlink,uptime,users,vdir,wc,who,whoami,yes}
'';
};
Caution: Be thoughtful about using a bare wildcard (*) glob here.
We should generally override lore only when a human understands if
the executable will exec arbitrary user-passed executables. A bare
glob can match new executables added in future package versions
before anyone can audit them.
*/
synthesize =
drv: loreSynthesizingScript:
runCommand "${drv.name}-lore-override"
{
drv = drv;
}
(
''
execer(){
local verdict="$1"
shift
for path in "$@"; do
if [[ -f "$PWD/$path" ]]; then
echo "$verdict:$PWD/$path"
else
echo "error: Tried to synthesize execer lore for missing file: $PWD/$path" >&2
exit 2
fi
done
} >> $out/execers
wrapper(){
local wrapper="$1"
local original="$2"
if [[ ! -f "$wrapper" ]]; then
echo "error: Tried to synthesize wrapper lore for missing wrapper: $PWD/$wrapper" >&2
exit 2
fi
if [[ ! -f "$original" ]]; then
echo "error: Tried to synthesize wrapper lore for missing original: $PWD/$original" >&2
exit 2
fi
echo "$PWD/$wrapper:$PWD/$original"
} >> $out/wrappers
mkdir $out
# lore override commands are relative to the drv root
cd $drv
''
+ loreSynthesizingScript
);
}

35
pkgs/development/tools/analysis/clang-analyzer/0001-Fix-scan-build-to-use-NIX_CFLAGS_COMPILE.patch Normal file
View File

@@ -0,0 +1,35 @@
From 99a7e55a60c8d96e160f9104a3dd31b7914d3488 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= <joerg@thalheim.io>
Date: Fri, 31 Jul 2020 09:22:03 +0100
Subject: [PATCH] Fix scan-build to use NIX_CFLAGS_COMPILE
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Signed-off-by: Jörg Thalheim <joerg@thalheim.io>
---
clang/tools/scan-build/libexec/ccc-analyzer | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/clang/tools/scan-build/libexec/ccc-analyzer
b/clang/tools/scan-build/libexec/ccc-analyzer
index ed0d4d3d73f3..2d5113435ca5 100755
--- a/clang/tools/scan-build/libexec/ccc-analyzer
+++ b/clang/tools/scan-build/libexec/ccc-analyzer
@@ -249,6 +249,14 @@ sub Analyze {
push @Args, "-target", $AnalyzerTarget;
}
+ # Add Nix flags to analysis
+ if (defined $ENV{'NIX_CFLAGS_COMPILE'}) {
+ my @nixArgs = split(/\s+/, $ENV{'NIX_CFLAGS_COMPILE'});
+ foreach my $nixArg (@nixArgs) {
+ push @Args, $nixArg;
+ }
+ }
+
my $AnalysisArgs = GetCCArgs($HtmlDir, "--analyze", \@Args);
@CmdArgs = @$AnalysisArgs;
}
--
2.33.0

51
pkgs/development/tools/analysis/clang-analyzer/default.nix Normal file
View File

@@ -0,0 +1,51 @@
{
lib,
stdenv,
clang,
llvmPackages,
perl,
makeWrapper,
python3,
}:
stdenv.mkDerivation {
pname = "clang-analyzer";
inherit (llvmPackages.clang-unwrapped) src version;
patches = [ ./0001-Fix-scan-build-to-use-NIX_CFLAGS_COMPILE.patch ];
buildInputs = [
clang
llvmPackages.clang
perl
python3
];
nativeBuildInputs = [ makeWrapper ];
dontBuild = true;
installPhase = ''
mkdir -p $out/share/scan-view $out/bin
cp -R clang/tools/scan-view/share/* $out/share/scan-view
cp -R clang/tools/scan-view/bin/* $out/bin/scan-view
cp -R clang/tools/scan-build/* $out
rm $out/bin/*.bat $out/libexec/*.bat $out/CMakeLists.txt
wrapProgram $out/bin/scan-build \
--add-flags "--use-cc=${clang}/bin/clang" \
--add-flags "--use-c++=${clang}/bin/clang++" \
--add-flags "--use-analyzer='${llvmPackages.clang}/bin/clang'"
'';
meta = {
description = "Clang Static Analyzer";
longDescription = ''
The Clang Static Analyzer is a source code analysis tool that finds bugs
in C, C++, and Objective-C programs.
'';
homepage = "https://clang-analyzer.llvm.org/";
license = lib.licenses.bsd3;
platforms = lib.platforms.unix;
maintainers = [ lib.maintainers.thoughtpolice ];
};
}

68
pkgs/development/tools/analysis/clazy/default.nix Normal file
View File

@@ -0,0 +1,68 @@
{
lib,
stdenv,
fetchFromGitHub,
llvmPackages,
cmake,
makeWrapper,
versionCheckHook,
gitUpdater,
}:
stdenv.mkDerivation (finalAttrs: {
pname = "clazy";
version = "1.15";
src = fetchFromGitHub {
owner = "KDE";
repo = "clazy";
tag = finalAttrs.version;
hash = "sha256-i/tqH2RHU+LwvMFI8ft92j0i04mQxLVIyrGXlqzMGWs=";
};
buildInputs = [
llvmPackages.llvm
llvmPackages.libclang
];
nativeBuildInputs = [
cmake
makeWrapper
];
postInstall = ''
wrapProgram $out/bin/clazy \
--suffix PATH : "${llvmPackages.clang}/bin/" \
--suffix CPATH : "$(<${llvmPackages.clang}/nix-support/libc-cflags)" \
--suffix CPATH : "${llvmPackages.clang}/resource-root/include" \
--suffix CPLUS_INCLUDE_PATH : "$(<${llvmPackages.clang}/nix-support/libcxx-cxxflags)" \
--suffix CPLUS_INCLUDE_PATH : "$(<${llvmPackages.clang}/nix-support/libc-cflags)" \
--suffix CPLUS_INCLUDE_PATH : "${llvmPackages.clang}/resource-root/include"
wrapProgram $out/bin/clazy-standalone \
--suffix CPATH : "$(<${llvmPackages.clang}/nix-support/libc-cflags)" \
--suffix CPATH : "${llvmPackages.clang}/resource-root/include" \
--suffix CPLUS_INCLUDE_PATH : "$(<${llvmPackages.clang}/nix-support/libcxx-cxxflags)" \
--suffix CPLUS_INCLUDE_PATH : "$(<${llvmPackages.clang}/nix-support/libc-cflags)" \
--suffix CPLUS_INCLUDE_PATH : "${llvmPackages.clang}/resource-root/include"
'';
nativeInstallCheckInputs = [
versionCheckHook
];
versionCheckProgramArg = "--version";
doInstallCheck = true;
passthru = {
updateScript = gitUpdater { };
};
meta = {
description = "Qt-oriented static code analyzer based on the Clang framework";
homepage = "https://github.com/KDE/clazy";
changelog = "https://github.com/KDE/clazy/blob/${finalAttrs.version}/Changelog";
license = lib.licenses.lgpl2Plus;
maintainers = [ lib.maintainers.cadkin ];
platforms = lib.platforms.linux;
};
})

63
pkgs/development/tools/analysis/flow/default.nix Normal file
View File

@@ -0,0 +1,63 @@
{
lib,
stdenv,
fetchFromGitHub,
ocamlPackages,
}:
stdenv.mkDerivation rec {
pname = "flow";
version = "0.281.0";
src = fetchFromGitHub {
owner = "facebook";
repo = "flow";
tag = "v${version}";
hash = "sha256-YttdOu5zJo/I0e2hV5vrBSWvUMOZgfhf3RmEC8fRWlI=";
};
makeFlags = [ "FLOW_RELEASE=1" ];
installPhase = ''
install -Dm755 bin/flow $out/bin/flow
install -Dm644 resources/shell/bash-completion $out/share/bash-completion/completions/flow
'';
strictDeps = true;
nativeBuildInputs = with ocamlPackages; [
ocaml
dune_3
findlib
ocamlbuild
];
buildInputs = (
with ocamlPackages;
[
camlp-streams
dtoa
fileutils
lwt_log
lwt_ppx
lwt
ppx_deriving
ppx_gen_rec
ppx_let
sedlex
visitors
wtf8
]
++ lib.optionals stdenv.hostPlatform.isLinux [ inotify ]
);
meta = with lib; {
description = "Static type checker for JavaScript";
mainProgram = "flow";
homepage = "https://flow.org/";
changelog = "https://github.com/facebook/flow/blob/v${version}/Changelog.md";
license = licenses.mit;
platforms = ocamlPackages.ocaml.meta.platforms;
maintainers = with maintainers; [ puffnfresh ];
};
}

78
pkgs/development/tools/analysis/hopper/default.nix Normal file
View File

@@ -0,0 +1,78 @@
{
lib,
stdenv,
fetchurl,
autoPatchelfHook,
wrapQtAppsHook,
gnustep-libobjc,
libbsd,
libffi_3_3,
libxml2,
ncurses6,
}:
stdenv.mkDerivation (finalAttrs: {
pname = "hopper";
version = "5.19.4";
rev = "v4";
src = fetchurl {
url = "https://www.hopperapp.com/downloader/public/Hopper-${finalAttrs.rev}-${finalAttrs.version}-Linux-demo.pkg.tar.xz";
curlOptsList = [
"--user-agent"
"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36"
"--referer"
"https://www.hopperapp.com"
];
hash = "sha256-NYnMJK9F3YxspjriyiLM+vV1HpEunGvznOesQ/FpTl4=";
};
sourceRoot = ".";
nativeBuildInputs = [
autoPatchelfHook
wrapQtAppsHook
];
buildInputs = [
gnustep-libobjc
libbsd
libffi_3_3
ncurses6
];
installPhase = ''
runHook preInstall
mkdir -p $out/bin $out/lib
install -Dm755 opt/hopper-${finalAttrs.rev}/bin/Hopper $out/bin/hopper
cp --archive \
opt/hopper-${finalAttrs.rev}/lib/libBlocksRuntime.so* \
opt/hopper-${finalAttrs.rev}/lib/libdispatch.so* \
opt/hopper-${finalAttrs.rev}/lib/libgnustep-base.so* \
opt/hopper-${finalAttrs.rev}/lib/libHopperCore.so* \
opt/hopper-${finalAttrs.rev}/lib/libkqueue.so* \
opt/hopper-${finalAttrs.rev}/lib/libobjcxx.so* \
opt/hopper-${finalAttrs.rev}/lib/libpthread_workqueue.so* \
$out/lib
cp -r usr/share $out/share
substituteInPlace $out/share/applications/hopper-${finalAttrs.rev}.desktop \
--replace-fail "Exec=/opt/hopper-${finalAttrs.rev}/bin/Hopper" "Exec=hopper"
runHook postInstall
'';
preFixup = ''
# Fix libxml2 breakage. See https://github.com/NixOS/nixpkgs/pull/396195#issuecomment-2881757108
mkdir -p "$out/lib"
ln -s "${lib.getLib libxml2}/lib/libxml2.so" "$out/lib/libxml2.so.2"
'';
meta = {
homepage = "https://www.hopperapp.com/index.html";
description = "MacOS and Linux Disassembler";
license = lib.licenses.unfree;
maintainers = with lib.maintainers; [ Enteee ];
platforms = lib.platforms.linux;
};
})

71
pkgs/development/tools/analysis/include-what-you-use/default.nix Normal file
View File

@@ -0,0 +1,71 @@
{
lib,
stdenv,
fetchurl,
cmake,
llvmPackages,
python3,
}:
stdenv.mkDerivation rec {
pname = "include-what-you-use";
# Make sure to bump `llvmPackages` in "pkgs/top-level/all-packages.nix" to the supported version:
# https://github.com/include-what-you-use/include-what-you-use?tab=readme-ov-file#clang-compatibility
version = "0.25";
src = fetchurl {
url = "${meta.homepage}/downloads/${pname}-${version}.src.tar.gz";
hash = "sha256-voH51UmIgUYkZQYN3Ci1h8ASVCVccG05fRpJTWnrXv0=";
};
postPatch = ''
patchShebangs .
'';
nativeBuildInputs = with llvmPackages; [
cmake
llvm.dev
llvm
python3
];
buildInputs = with llvmPackages; [
libclang
clang-unwrapped
python3
];
clang = llvmPackages.clang;
cmakeFlags = [ "-DCMAKE_PREFIX_PATH=${llvmPackages.llvm.dev}" ];
postInstall = ''
substituteInPlace $out/bin/iwyu_tool.py \
--replace-fail "'include-what-you-use'" "'$out/bin/include-what-you-use'"
mv $out/bin/include-what-you-use $out/bin/.include-what-you-use-unwrapped
mv $out/bin/iwyu_tool.py $out/bin/.iwyu_tool.py-unwrapped
substituteAll ${./wrapper} $out/bin/include-what-you-use
ln -s $out/bin/include-what-you-use $out/bin/iwyu_tool.py
chmod +x $out/bin/include-what-you-use
patchShebangs $out/bin/include-what-you-use
'';
meta = with lib; {
description = "Analyze #includes in C/C++ source files with clang";
longDescription = ''
For every symbol (type, function variable, or macro) that you use in
foo.cc, either foo.cc or foo.h should #include a .h file that exports the
declaration of that symbol. The main goal of include-what-you-use is to
remove superfluous #includes, both by figuring out what #includes are not
actually needed for this file (for both .cc and .h files), and by
replacing #includes with forward-declares when possible.
'';
homepage = "https://include-what-you-use.org";
license = licenses.bsd3;
maintainers = [
maintainers.ja1den
];
platforms = platforms.unix;
};
}

26
pkgs/development/tools/analysis/include-what-you-use/wrapper Executable file
View File

@@ -0,0 +1,26 @@
#!/bin/sh
buildcpath() {
local path after
while (( $# )); do
case $1 in
-isystem)
shift
path=$path${path:+':'}$1
;;
-idirafter)
shift
after=$after${after:+':'}$1
;;
esac
shift
done
echo $path${after:+':'}$after
}
export CPATH=${CPATH}${CPATH:+':'}$(buildcpath ${NIX_CFLAGS_COMPILE} \
$(<@clang@/nix-support/libc-cflags)):@clang@/resource-root/include
export CPLUS_INCLUDE_PATH=${CPLUS_INCLUDE_PATH}${CPLUS_INCLUDE_PATH:+':'}$(buildcpath ${NIX_CFLAGS_COMPILE} \
$(<@clang@/nix-support/libcxx-cxxflags) \
$(<@clang@/nix-support/libc-cflags)):@clang@/resource-root/include
exec -a "$0" @out@/bin/.$(basename $0)-unwrapped "$@"

53
pkgs/development/tools/analysis/massif-visualizer/default.nix Normal file
View File

@@ -0,0 +1,53 @@
{
mkDerivation,
lib,
fetchurl,
extra-cmake-modules,
shared-mime-info,
qtsvg,
qtxmlpatterns,
karchive,
kconfig,
kcoreaddons,
kparts,
kio,
ki18n,
kdiagram,
kgraphviewer,
}:
mkDerivation rec {
pname = "massif-visualizer";
version = "0.7.0";
src = fetchurl {
url = "mirror://kde/stable/massif-visualizer/${version}/src/${pname}-${version}.tar.xz";
sha256 = "0v8z6r9gngzckvqyxjm9kp7hilwfqibyk2f9vag9l98ar0iwr97q";
};
nativeBuildInputs = [
extra-cmake-modules
shared-mime-info
];
buildInputs = [
qtsvg
qtxmlpatterns
karchive
kconfig
kcoreaddons
kparts
kio
ki18n
kdiagram
kgraphviewer
];
meta = with lib; {
description = "Tool that visualizes massif data generated by valgrind";
mainProgram = "massif-visualizer";
license = licenses.gpl2;
platforms = platforms.linux;
maintainers = with maintainers; [ zraexy ];
};
}

169
pkgs/development/tools/analysis/radare2/default.nix Normal file
View File

@@ -0,0 +1,169 @@
{
lib,
stdenv,
fetchFromGitHub,
buildPackages,
capstone,
file,
gtk2,
gtkdialog,
libewf,
libusb-compat-0_1,
libuv,
libzip,
lua,
lz4,
meson,
ninja,
openssl,
perl,
pkg-config,
python3,
readline,
ruby,
vte,
xxHash,
zlib,
useX11 ? false,
rubyBindings ? false,
luaBindings ? false,
}:
let
binaryninja = fetchFromGitHub {
owner = "Vector35";
repo = "binaryninja-api";
rev = "c40a5f04deec68d388b2072dc42b29141089f9ce"; # https://github.com/radareorg/radare2/blob/master/subprojects/binaryninja.wrap
hash = "sha256-IfuGgwVI51urQxhaYkYsE45NkScgxKmmEBV6Pllhwmo=";
};
sdb = fetchFromGitHub {
owner = "radare";
repo = "sdb";
tag = "2.2.0"; # https://github.com/radareorg/radare2/blob/master/subprojects/sdb.wrap
hash = "sha256-S/aL3F6+Z/rqelfIJaZaBF1IxSmhA1qE9ahFvKARoaE=";
};
qjs = fetchFromGitHub {
owner = "quickjs-ng";
repo = "quickjs";
rev = "7238ee64dbc2fbdea044555cda8cda78785a93ed"; # https://github.com/radareorg/radare2/blob/master/subprojects/qjs.wrap
hash = "sha256-1ZeLCTmbrlRrZB9El3L497gt3QUA5GIScrFVIBkxA88=";
};
in
stdenv.mkDerivation (finalAttrs: {
pname = "radare2";
version = "6.0.2";
src = fetchFromGitHub {
owner = "radare";
repo = "radare2";
tag = finalAttrs.version;
hash = "sha256-uCMf+pNqyjRLeNJlE8Kk6PQCIRBjidO/XGHeNV/F1lA=";
};
mesonFlags = [
(lib.mesonOption "use_sys_capstone" "true")
(lib.mesonOption "use_sys_lz4" "true")
(lib.mesonOption "use_sys_magic" "true")
(lib.mesonOption "use_sys_openssl" "true")
(lib.mesonOption "use_sys_xxhash" "true")
(lib.mesonOption "use_sys_zip" "true")
(lib.mesonOption "use_sys_zlib" "true")
(lib.mesonOption "r2_gittap" finalAttrs.version)
];
enableParallelBuilding = true;
depsBuildBuild = [ buildPackages.stdenv.cc ];
strictDeps = true;
nativeBuildInputs = [
pkg-config
meson
ninja
python3
];
buildInputs = [
capstone
file
libewf
libusb-compat-0_1
libuv
lz4
openssl
perl
readline
zlib
]
++ lib.optionals useX11 [
gtkdialog
vte
gtk2
]
++ lib.optionals rubyBindings [ ruby ]
++ lib.optionals luaBindings [ lua ];
propagatedBuildInputs = [
# radare2 exposes r_lib which depends on these libraries
file # for its list of magic numbers (`libmagic`)
libzip
xxHash
];
postUnpack = ''
pushd $sourceRoot/subprojects
cp -r ${binaryninja} binaryninja
chmod -R +w binaryninja
cp packagefiles/binaryninja/meson.build binaryninja
cp -r ${sdb} sdb
chmod -R +w sdb
cp -r ${qjs} qjs
chmod -R +w qjs
cp packagefiles/qjs/meson.build qjs
popd
'';
postFixup = lib.optionalString stdenv.hostPlatform.isDarwin ''
install_name_tool -add_rpath $out/lib $out/lib/libr_io.${finalAttrs.version}.dylib
'';
meta = {
description = "UNIX-like reverse engineering framework and command-line toolset";
longDescription = ''
r2 is a complete rewrite of radare. It provides a set of libraries, tools
and plugins to ease reverse engineering tasks. Distributed mostly under
LGPLv3, each plugin can have different licenses.
The radare project started as a simple command-line hexadecimal editor
focused on forensics. Today, r2 is a featureful low-level command-line
tool with support for scripting with the embedded JavaScript interpreter
or via r2pipe.
r2 can edit files on local hard drives, view kernel memory, and debug
programs locally or via a remote gdb/windbg servers. r2's wide
architecture support allows you to analyze, emulate, debug, modify, and
disassemble any binary.
'';
homepage = "https://radare.org";
changelog = "https://github.com/radareorg/radare2/releases/tag/${finalAttrs.version}";
license = with lib.licenses; [
gpl3Only
lgpl3Only
];
maintainers = with lib.maintainers; [
arkivm
azahi
makefu
mic92
raskin
];
mainProgram = "radare2";
platforms = lib.platforms.unix;
};
})

104
pkgs/development/tools/analysis/rizin/cutter.nix Normal file
View File

@@ -0,0 +1,104 @@
{
lib,
fetchFromGitHub,
fetchpatch,
stdenv,
# for passthru.plugins
pkgs,
# nativeBuildInputs
cmake,
pkg-config,
wrapQtAppsHook,
# Qt
qt5compat,
qtbase,
qtwayland,
qtsvg,
qttools,
qtwebengine,
# buildInputs
graphviz,
python3,
rizin,
}:
let
cutter = stdenv.mkDerivation rec {
pname = "cutter";
version = "2.4.1";
src = fetchFromGitHub {
owner = "rizinorg";
repo = "cutter";
rev = "v${version}";
hash = "sha256-fNOznaFzWJ4Dve9U1+E4xPaznnyxae2jHNaBCdJzDyQ=";
fetchSubmodules = true;
};
nativeBuildInputs = [
cmake
pkg-config
python3
wrapQtAppsHook
];
propagatedBuildInputs = [
python3.pkgs.pyside6
];
buildInputs = [
graphviz
python3
qt5compat
qtbase
qtsvg
qttools
qtwebengine
rizin
]
++ lib.optionals stdenv.hostPlatform.isLinux [
qtwayland
];
cmakeFlags = [
"-DCUTTER_USE_BUNDLED_RIZIN=OFF"
"-DCUTTER_ENABLE_PYTHON=ON"
"-DCUTTER_ENABLE_PYTHON_BINDINGS=ON"
"-DCUTTER_ENABLE_GRAPHVIZ=ON"
"-DCUTTER_QT6=ON"
];
preBuild = ''
qtWrapperArgs+=(--prefix PYTHONPATH : "$PYTHONPATH")
'';
passthru = rec {
plugins = rizin.plugins // {
rz-ghidra = rizin.plugins.rz-ghidra.override {
inherit cutter qtbase qtsvg;
enableCutterPlugin = true;
};
};
withPlugins =
filter:
pkgs.callPackage ./wrapper.nix {
inherit rizin cutter;
isCutter = true;
plugins = filter plugins;
};
};
meta = with lib; {
description = "Free and Open Source Reverse Engineering Platform powered by rizin";
homepage = src.meta.homepage;
license = licenses.gpl3;
mainProgram = "cutter";
maintainers = with maintainers; [
mic92
dtzWill
];
inherit (rizin.meta) platforms;
};
};
in
cutter

155
pkgs/development/tools/analysis/rizin/default.nix Normal file
View File

@@ -0,0 +1,155 @@
{
lib,
pkgs, # for passthru.plugins
stdenv,
fetchurl,
pkg-config,
libusb-compat-0_1,
readline,
libewf,
perl,
pcre2,
zlib,
openssl,
file,
libmspack,
libzip,
lz4,
xxHash,
xz,
meson,
python3,
cmake,
ninja,
capstone,
tree-sitter,
zstd,
}:
let
rizin = stdenv.mkDerivation rec {
pname = "rizin";
version = "0.8.1";
src = fetchurl {
url = "https://github.com/rizinorg/rizin/releases/download/v${version}/rizin-src-v${version}.tar.xz";
hash = "sha256-7yseZSXX3DasQ1JblWdJwcyge/F8H+2LZkAtggEKTsI=";
};
mesonFlags = [
"-Duse_sys_capstone=enabled"
"-Duse_sys_magic=enabled"
"-Duse_sys_libzip=enabled"
"-Duse_sys_zlib=enabled"
"-Duse_sys_lz4=enabled"
"-Duse_sys_libzstd=enabled"
"-Duse_sys_lzma=enabled"
"-Duse_sys_xxhash=enabled"
"-Duse_sys_openssl=enabled"
"-Duse_sys_libmspack=enabled"
"-Duse_sys_tree_sitter=enabled"
"-Duse_sys_pcre2=enabled"
# this is needed for wrapping (adding plugins) to work
"-Dportable=true"
];
patches = [
# Normally, Rizin only looks for files in the install prefix. With
# portable=true, it instead looks for files in relation to the parent
# of the directory of the binary file specified in /proc/self/exe,
# caching it. This patch replaces the entire logic to only look at
# the env var NIX_RZ_PREFIX
./librz-wrapper-support.patch
];
nativeBuildInputs = [
pkg-config
meson
(python3.withPackages (
pp: with pp; [
pyyaml
]
))
ninja
cmake
];
# meson's find_library seems to not use our compiler wrapper if static parameter
# is either true/false... We work around by also providing LIBRARY_PATH
preConfigure = ''
LIBRARY_PATH=""
for b in ${toString (map lib.getLib buildInputs)}; do
if [[ -d "$b/lib" ]]; then
LIBRARY_PATH="$b/lib''${LIBRARY_PATH:+:}$LIBRARY_PATH"
fi
done
export LIBRARY_PATH
''
+ lib.optionalString stdenv.hostPlatform.isDarwin ''
substituteInPlace binrz/rizin/macos_sign.sh \
--replace 'codesign' '# codesign'
'';
buildInputs = [
file
libzip
capstone
readline
libusb-compat-0_1
libewf
pcre2
perl
zlib
lz4
openssl
libmspack
tree-sitter
xxHash
xz
zstd
];
postPatch = ''
# find_installation without arguments uses Mesons Python interpreter,
# which does not have any extra modules.
# https://github.com/mesonbuild/meson/pull/9904
substituteInPlace meson.build \
--replace "import('python').find_installation()" "find_program('python3')"
'';
passthru = rec {
plugins = {
jsdec = pkgs.callPackage ./jsdec.nix {
inherit rizin openssl;
};
rz-ghidra = pkgs.qt6.callPackage ./rz-ghidra.nix {
inherit rizin openssl;
enableCutterPlugin = false;
};
# sigdb isn't a real plugin, but it's separated from the main rizin
# derivation so that only those who need it will download it
sigdb = pkgs.callPackage ./sigdb.nix { };
};
withPlugins =
filter:
pkgs.callPackage ./wrapper.nix {
inherit rizin;
plugins = filter plugins;
};
};
meta = {
description = "UNIX-like reverse engineering framework and command-line toolset";
homepage = "https://rizin.re/";
license = lib.licenses.gpl3Plus;
mainProgram = "rizin";
maintainers = with lib.maintainers; [
raskin
makefu
mic92
];
platforms = with lib.platforms; unix;
};
};
in
rizin

62
pkgs/development/tools/analysis/rizin/jsdec.nix Normal file
View File

@@ -0,0 +1,62 @@
{
lib,
stdenv,
fetchFromGitHub,
meson,
pkg-config,
ninja,
rizin,
openssl,
}:
let
version = "0.8.0";
libquickjs = fetchFromGitHub {
owner = "quickjs-ng";
repo = "quickjs";
tag = "v${version}";
hash = "sha256-o0Cpy+20EqNdNENaYlasJcKIGU7W4RYBcTMsQwFTUNc=";
};
in
stdenv.mkDerivation (finalAttrs: {
pname = "jsdec";
version = version;
src = fetchFromGitHub {
owner = "rizinorg";
repo = "jsdec";
rev = "v${version}";
hash = "sha256-Xc8FMKSGdjrp288u49R6YC0xiynwHeoZe2P/UqnfsFU=";
};
postUnpack = ''
cp -r --no-preserve=mode ${libquickjs} $sourceRoot/subprojects/libquickjs
'';
postPatch = ''
cp subprojects/packagefiles/libquickjs/* subprojects/libquickjs
'';
nativeBuildInputs = [
meson
ninja
pkg-config
];
buildInputs = [
openssl
rizin
];
meta = with lib; {
description = "Simple decompiler for Rizin";
homepage = finalAttrs.src.meta.homepage;
changelog = "${finalAttrs.src.meta.homepage}/releases/tag/${finalAttrs.src.rev}";
license = with licenses; [
asl20
bsd3
mit
];
maintainers = with maintainers; [ chayleaf ];
};
})

13
pkgs/development/tools/analysis/rizin/librz-wrapper-support.patch Normal file
View File

@@ -0,0 +1,13 @@
diff --git a/librz/util/path.c b/librz/util/path.c
index 8ea3d67..f4a8918 100644
--- a/librz/util/path.c
+++ b/librz/util/path.c
@@ -35,6 +35,8 @@ static void fini_portable_prefix(void) {
}
static char *set_portable_prefix(void) {
+ return rz_sys_getenv("NIX_RZ_PREFIX");
+
char *pid_to_path = rz_sys_pid_to_path(rz_sys_getpid());
if (!pid_to_path) {
return NULL;

63
pkgs/development/tools/analysis/rizin/rz-ghidra.nix Normal file
View File

@@ -0,0 +1,63 @@
{
lib,
stdenv,
fetchFromGitHub,
cmake,
# buildInputs
rizin,
openssl,
pugixml,
# optional buildInputs
enableCutterPlugin ? true,
cutter,
qt5compat,
qtbase,
qtsvg,
}:
stdenv.mkDerivation (finalAttrs: {
pname = "rz-ghidra";
version = "0.8.0";
src = fetchFromGitHub {
owner = "rizinorg";
repo = "rz-ghidra";
rev = "v${finalAttrs.version}";
hash = "sha256-uI0EnuHAuyrXYKDijh5Tg/WcQ/5yyZnW3d5MMHZxnqA=";
fetchSubmodules = true;
};
nativeBuildInputs = [ cmake ];
buildInputs = [
openssl
pugixml
rizin
]
++ lib.optionals enableCutterPlugin [
cutter
qt5compat
qtbase
qtsvg
];
dontWrapQtApps = true;
cmakeFlags = [
"-DUSE_SYSTEM_PUGIXML=ON"
]
++ lib.optionals enableCutterPlugin [
"-DBUILD_CUTTER_PLUGIN=ON"
"-DCUTTER_INSTALL_PLUGDIR=share/rizin/cutter/plugins/native"
];
meta = with lib; {
# errors out with undefined symbols from Cutter
broken = enableCutterPlugin && stdenv.hostPlatform.isDarwin;
description = "Deep ghidra decompiler and sleigh disassembler integration for rizin";
homepage = finalAttrs.src.meta.homepage;
changelog = "${finalAttrs.src.meta.homepage}/releases/tag/${finalAttrs.src.rev}";
license = licenses.lgpl3;
maintainers = with maintainers; [ chayleaf ];
inherit (rizin.meta) platforms;
};
})

37
pkgs/development/tools/analysis/rizin/sigdb.nix Normal file
View File

@@ -0,0 +1,37 @@
{
lib,
fetchFromGitHub,
stdenvNoCC,
}:
stdenvNoCC.mkDerivation rec {
pname = "rizin-sigdb";
version = "unstable-2023-08-23";
src = fetchFromGitHub {
owner = "rizinorg";
# sigdb-source: source files (.pat and etc), around 2.5gb total
# sigdb: built and deflated .sig files, around 50mb total
repo = "sigdb";
rev = "4addbed50cd3b50eeef5a41d72533d079ebbfbf8";
hash = "sha256-Fy92MTuLswEgQ/XEUExqdU1Z4a5MP2Ahzi/gGxd5BtA=";
};
buildPhase = ''
mkdir installdir
cp -r elf pe installdir
.scripts/verify-sigs-install.sh
'';
installPhase = ''
mkdir -p $out/share/rizin
mv installdir $out/share/rizin/sigdb
'';
meta = with lib; {
description = "Rizin FLIRT Signature Database";
homepage = src.meta.homepage;
license = licenses.lgpl3;
maintainers = with lib.maintainers; [ chayleaf ];
};
}

43
pkgs/development/tools/analysis/rizin/wrapper.nix Normal file
View File

@@ -0,0 +1,43 @@
{
lib,
makeWrapper,
symlinkJoin,
plugins,
rizin,
isCutter ? false,
cutter,
}:
let
unwrapped = if isCutter then cutter else rizin;
in
symlinkJoin {
name = "${unwrapped.pname}-with-plugins-${unwrapped.version}";
# NIX_RZ_PREFIX only changes where *Rizin* locates files (plugins,
# themes, etc). But we must change it even for wrapping Cutter, because
# Cutter plugins often have associated Rizin plugins. This means that
# $out (which NIX_RZ_PREFIX will be set to) must always contain Rizin
# files, even if we only wrap Cutter - so for Cutter, include Rizin to
# symlinkJoin paths.
paths = [ unwrapped ] ++ lib.optional isCutter rizin ++ plugins;
nativeBuildInputs = [ makeWrapper ];
passthru = {
inherit unwrapped;
};
postBuild = ''
rm $out/bin/*
wrapperArgs=(--set NIX_RZ_PREFIX $out${lib.optionalString isCutter " --prefix XDG_DATA_DIRS : $out/share"})
for binary in $(ls ${unwrapped}/bin); do
makeWrapper ${unwrapped}/bin/$binary $out/bin/$binary "''${wrapperArgs[@]}"
done
'';
meta = unwrapped.meta // {
# prefer wrapped over unwrapped
priority = (unwrapped.meta.priority or lib.meta.defaultPriority) - 1;
};
}

118
pkgs/development/tools/analysis/rr/default.nix Normal file
View File

@@ -0,0 +1,118 @@
{
lib,
stdenv,
fetchFromGitHub,
bash,
capnproto,
cmake,
gdb,
libpfm,
makeWrapper,
nix-update-script,
pkg-config,
procps,
python3,
which,
zlib,
zstd,
}:
stdenv.mkDerivation (finalAttrs: {
version = "5.9.0";
pname = "rr";
src = fetchFromGitHub {
owner = "rr-debugger";
repo = "rr";
rev = finalAttrs.version;
hash = "sha256-o+HXrgGXdsvjlNh70qsXRtp2yXOiZIT30ejfs1KEaqE=";
};
postPatch = ''
substituteInPlace src/Command.cc --replace '_BSD_SOURCE' '_DEFAULT_SOURCE'
patchShebangs src
'';
# With LTO enabled, linking fails with the following message:
#
# src/AddressSpace.cc:1666: undefined reference to `rr_syscall_addr'
# ld.bfd: bin/rr: hidden symbol `rr_syscall_addr' isn't defined
# ld.bfd: final link failed: bad value
# collect2: error: ld returned 1 exit status
#
# See also https://github.com/NixOS/nixpkgs/pull/110846
preConfigure = ''
substituteInPlace CMakeLists.txt --replace "-flto" ""
'';
strictDeps = true;
nativeBuildInputs = [
capnproto
cmake
makeWrapper
pkg-config
python3.pythonOnBuildForHost
which
];
buildInputs = [
bash
capnproto
gdb
libpfm
procps
python3
zlib
zstd
];
cmakeFlags = [
(lib.cmakeBool "disable32bit" true)
(lib.cmakeBool "BUILD_TESTS" finalAttrs.finalPackage.doCheck)
];
# we turn on additional warnings due to hardening
env.NIX_CFLAGS_COMPILE = "-Wno-error";
hardeningDisable = [ "fortify" ];
# FIXME
doCheck = false;
preCheck = "export HOME=$TMPDIR";
# needs GDB to replay programs at runtime
preFixup = ''
wrapProgram "$out/bin/rr" \
--prefix PATH ":" "${lib.makeBinPath [ gdb ]}";
'';
passthru.updateScript = nix-update-script { };
meta = {
homepage = "https://rr-project.org/";
description = "Records nondeterministic executions and debugs them deterministically";
longDescription = ''
rr aspires to be your primary debugging tool, replacing -- well,
enhancing -- gdb. You record a failure once, then debug the
recording, deterministically, as many times as you want. Every
time the same execution is replayed.
'';
license = with lib.licenses; [
mit
bsd2
];
maintainers = with lib.maintainers; [
pierron
thoughtpolice
lf-
];
platforms = [
"aarch64-linux"
"i686-linux"
"x86_64-linux"
];
};
})

59
pkgs/development/tools/analysis/rr/zen_workaround.nix Normal file
View File

@@ -0,0 +1,59 @@
{
stdenv,
lib,
fetchpatch,
kernel,
rr,
}:
/*
The python script shouldn't be needed for users of this kernel module.
https://github.com/rr-debugger/rr/blob/master/scripts/zen_workaround.py
The module itself is called "zen_workaround" (a bit generic unfortunately).
*/
stdenv.mkDerivation {
pname = "rr-zen_workaround";
inherit (rr) src version;
sourceRoot = "${rr.src.name}/third-party/zen-pmu-workaround";
patches = [
(fetchpatch {
name = "kernel-6.16.patch";
url = "https://github.com/rr-debugger/rr/commit/86aa1ebe03c6a7f60eb65249233f866fd3da8316.diff";
stripLen = 2;
hash = "sha256-zj5MNwlZmWnagu0tE5Jl5a48wEF0lqNTh4KcbhmOkOo=";
})
];
hardeningDisable = [ "pic" ];
nativeBuildInputs = kernel.moduleBuildDependencies;
makeFlags = [
"-C${kernel.dev}/lib/modules/${kernel.modDirVersion}/build"
];
postConfigure = ''
appendToVar makeFlags "M=$(pwd)"
'';
buildFlags = [ "modules" ];
installPhase =
let
modDestDir = "$out/lib/modules/${kernel.modDirVersion}/kernel"; # TODO: longer path?
in
''
runHook preInstall
mkdir -p "${modDestDir}"
cp *.ko "${modDestDir}/"
find ${modDestDir} -name '*.ko' -exec xz -f '{}' \;
runHook postInstall
'';
meta = with lib; {
description = "Kernel module supporting the rr debugger on (some) AMD Zen-based CPUs";
homepage = "https://github.com/rr-debugger/rr/wiki/Zen#kernel-module";
license = licenses.gpl2;
maintainers = [ maintainers.vcunat ];
platforms = [ "x86_64-linux" ];
broken = versionOlder kernel.version "4.19"; # 4.14 breaks and 4.19 works
};
}

41
pkgs/development/tools/analysis/snowman/default.nix Normal file
View File

@@ -0,0 +1,41 @@
{
lib,
mkDerivation,
fetchFromGitHub,
cmake,
boost,
qtbase,
}:
mkDerivation rec {
pname = "snowman";
version = "0.1.3";
src = fetchFromGitHub {
owner = "yegord";
repo = "snowman";
rev = "v${version}";
sha256 = "1mrmhj2nddi0d47c266vsg5vbapbqbcpj5ld4v1qcwnnk6z2zn0j";
};
nativeBuildInputs = [ cmake ];
buildInputs = [
boost
qtbase
];
postUnpack = ''
export sourceRoot=$sourceRoot/src
'';
meta = with lib; {
description = "Native code to C/C++ decompiler";
homepage = "http://derevenets.com/";
# https://github.com/yegord/snowman/blob/master/doc/licenses.asciidoc
license = licenses.gpl3Plus;
maintainers = [ ];
platforms = platforms.all;
};
}

13
pkgs/development/tools/analysis/splint/darwin.patch Normal file
View File

@@ -0,0 +1,13 @@
diff --git a/src/osd.c b/src/osd.c
index ebe214a..4ba81d5 100644
--- a/src/osd.c
+++ b/src/osd.c
@@ -516,7 +516,7 @@ osd_getPid ()
# if defined (WIN32) || defined (OS2) && defined (__IBMC__)
int pid = _getpid ();
# else
- __pid_t pid = getpid ();
+ pid_t pid = getpid ();
# endif
return (int) pid;

39
pkgs/development/tools/analysis/splint/default.nix Normal file
View File

@@ -0,0 +1,39 @@
{
fetchurl,
lib,
stdenv,
flex,
}:
stdenv.mkDerivation rec {
pname = "splint";
version = "3.1.2";
src = fetchurl {
url = "https://www.splint.org/downloads/${pname}-${version}.src.tgz";
sha256 = "02pv8kscsrkrzip9r08pfs9xs98q74c52mlxzbii6cv6vx1vd3f7";
};
patches = [ ./tmpdir.patch ] ++ lib.optional stdenv.hostPlatform.isDarwin ./darwin.patch;
buildInputs = [ flex ];
doCheck = true;
meta = with lib; {
homepage = "http://www.splint.org/";
description = "Annotation-assisted lightweight static analyzer for C";
mainProgram = "splint";
longDescription = ''
Splint is a tool for statically checking C programs for security
vulnerabilities and coding mistakes. With minimal effort, Splint
can be used as a better lint. If additional effort is invested
adding annotations to programs, Splint can perform stronger
checking than can be done by any standard lint.
'';
license = licenses.gpl2Plus;
platforms = platforms.unix;
};
}

16
pkgs/development/tools/analysis/splint/tmpdir.patch Normal file
View File

@@ -0,0 +1,16 @@
Have Splint honor $TMPDIR.
--- splint-3.1.2/src/context.c 2004-07-31 21:04:26.000000000 +0200
+++ splint-3.1.2/src/context.c 2008-07-11 10:55:16.000000000 +0200
@@ -801,7 +801,10 @@ context_resetAllFlags (void)
val = cstring_makeLiteral (env != NULL ? env : DEFAULT_TMPDIR);
}
# else
- val = cstring_makeLiteral (DEFAULT_TMPDIR);
+ {
+ char *env = getenv ("TMPDIR");
+ val = cstring_makeLiteral (env != NULL ? env : DEFAULT_TMPDIR);
+ }
# endif /* !defined(OS2) && !defined(MSDOS) */
break;

5
pkgs/development/tools/analysis/tflint-plugins/default.nix Normal file
View File

@@ -0,0 +1,5 @@
{ callPackage, ... }:
{
tflint-ruleset-aws = callPackage ./tflint-ruleset-aws.nix { };
tflint-ruleset-google = callPackage ./tflint-ruleset-google.nix { };
}

51
pkgs/development/tools/analysis/tflint-plugins/tflint-ruleset-aws.nix Normal file
View File

@@ -0,0 +1,51 @@
{
lib,
buildGoModule,
fetchFromGitHub,
}:
buildGoModule rec {
pname = "tflint-ruleset-aws";
version = "0.42.0";
src = fetchFromGitHub {
owner = "terraform-linters";
repo = pname;
rev = "v${version}";
hash = "sha256-R2Njm5RpjdSGMi9qdu8wTEEM5YyMaf/UAkdBVYPl9W0=";
};
vendorHash = "sha256-Sn7uze6uSI2O824UjG8pFMQ1KsnwdknRzOT9czpNnD4=";
postPatch = ''
# some automation for creating new releases on GitHub, which we don't need
rm -rf tools/release
'';
# upstream Makefile also does a go test $(go list ./... | grep -v integration)
preCheck = ''
rm integration/integration_test.go
'';
postInstall = ''
# allow use as a versioned dependency, i.e., with `source = ...` and
# `version = ...` in `.tflintrc`:
mkdir -p $out/github.com/terraform-linters/${pname}/${version}
mv $out/bin/${pname} $out/github.com/terraform-linters/${pname}/${version}/
# allow use as an unversioned dependency, e.g., if one wants `.tflintrc` to
# solely rely on Nix to pin versions:
ln -s $out/github.com/terraform-linters/${pname}/${version}/${pname} $out/
# remove other binaries from bin
rm -R $out/bin
'';
meta = with lib; {
homepage = "https://github.com/terraform-linters/tflint-ruleset-aws";
changelog = "https://github.com/terraform-linters/tflint-ruleset-aws/blob/v${version}/CHANGELOG.md";
description = "TFLint ruleset plugin for Terraform AWS Provider";
maintainers = with maintainers; [ flokli ];
license = with licenses; [ mpl20 ];
};
}

45
pkgs/development/tools/analysis/tflint-plugins/tflint-ruleset-google.nix Normal file
View File

@@ -0,0 +1,45 @@
{
lib,
buildGoModule,
fetchFromGitHub,
}:
buildGoModule rec {
pname = "tflint-ruleset-google";
version = "0.36.0";
src = fetchFromGitHub {
owner = "terraform-linters";
repo = pname;
rev = "v${version}";
hash = "sha256-1E+3z/ZVonhJgldIDToKhGxFdhq0t+yNep38G3ePOrw=";
};
vendorHash = "sha256-XKKQBpS2PCGBuoiz4G3BI6czVNndPjr+rTKrM5jlsaY=";
# upstream Makefile also does a go test $(go list ./... | grep -v integration)
preCheck = ''
rm integration/integration_test.go
'';
subPackages = [ "." ];
postInstall = ''
# allow use as a versioned dependency, i.e., with `source = ...` and
# `version = ...` in `.tflintrc`:
mkdir -p $out/github.com/terraform-linters/${pname}/${version}
mv $out/bin/${pname} $out/github.com/terraform-linters/${pname}/${version}/
# allow use as an unversioned dependency, e.g., if one wants `.tflintrc` to
# solely rely on Nix to pin versions:
ln -s $out/github.com/terraform-linters/${pname}/${version}/${pname} $out/
'';
meta = with lib; {
homepage = "https://github.com/terraform-linters/tflint-ruleset-google";
description = "TFLint ruleset plugin for Terraform Google Provider";
platforms = platforms.unix;
maintainers = with maintainers; [ john-rodewald ];
license = with licenses; [ mpl20 ];
};
}