This requires some small changes in the stdenv, then working around the
weird choice LLVM made to hardcode @rpath in its install name, and then
lets us remove a ton of annoying workaround hacks in many of our Go
packages. With any luck this will mean less hackery going forward.
* master: (81 commits)
Add NixOS 17.09 AMIs
gradle: 4.2 -> 4.2.1
maintainers.nix: use my GitHub handle as maintainer name
fcitx-engines.rime: init at 0.3.2
brise: init at 2017-09-16
librime: init at 1.2.9
marisa: init at 0.2.4
opencc: build shared library and programs
josm: 12712 -> 12914
exa: 0.7.0 -> 0.8.0
krb5: add deprecation date for old configuration
rustRegistry: 2017-09-10 -> 2017-10-03
go-ethereum: Fix libusb segmentation faults on Darwin
tor-browser-bundle-bin: 7.0.5 -> 7.0.6
libsodium: 1.0.13 -> 1.0.15
tor-browser-bundle: geoip support
tor-browser-bundle: support transports obfs2,obfs3
tor-browser-bundle: bump https-everywhere to 2017.9.12
tint2: limit platforms to Linux since macOS is not supported and fails the tests
eclipse-plugin-vrapper: init at 0.72.0
...
Some Git commands are implemented as Perl scripts. Some of these
scripts use Perl modules from CPAN. Without wrapping these programs to
set `GITPERLLIB`, these programs would not be fully functional because
some Perl libraries are found to be missing at runtime.
Fixes#29996
This was a problem when run inside a sandbox, e.g. via
"fetchRepoProject". The error message from repo seems unrelated:
fatal: Cannot get https://gerrit.googlesource.com/git-repo/clone.bundle
fatal: error no host given
But the exception is actually thrown due to missing certificates
(/etc/ssl/certs). It should be possible to provide another location via
environment variables (e.g. SSL_CERT_FILE, REQUESTS_CA_BUNDLE or
CURL_CA_BUNDLE) but apparently that doesn't actually work for some
reason (would have to study our Python packaging).
Now "fetchRepoProject" works without the "--no-clone-bundle" option.
The newer DEB packages have a setuid file, creating an error when
unpacking the source during the build phase.
As dpkg doesn't have a way to pass parameters to tar, dpkg is then
told to just extract the filesystem tar file and that is unpacked by
tar directly.
Fixes#28494
