From f29bdc105c3488dac3603d73b864e6a8cab4e21e Mon Sep 17 00:00:00 2001 From: ghpzin Date: Tue, 1 Apr 2025 11:50:11 +0300 Subject: [PATCH 1/2] pesign: fix build with gcc14 - add patch from upstream commit: https://github.com/rhboot/pesign/commit/1f9e2fa0b4d872fdd01ca3ba81b04dfb1211a187 that fixes `calloc-transposed-args` error with gcc14: ``` pesigcheck.c: In function 'check_signature': pesigcheck.c:243:34: error: 'calloc' sizes specified with 'sizeof' in the earlier argument and not in the later argument [-Werror=calloc-transposed-args] 243 | reasonps = calloc(sizeof(struct reason), 512); | ^~~~~~ pesigcheck.c:243:34: note: earlier argument should specify number of elements, later size of each element pesigcheck.c:284:53: error: 'calloc' sizes specified with 'sizeof' in the earlier argument and not in the later argument [-Werror=calloc-transposed-args] 284 | new_reasons = calloc(sizeof(struct reason), num_reasons); | ^~~~~~ pesigcheck.c:284:53: note: earlier argument should specify number of elements, later size of each element ``` --- pkgs/by-name/pe/pesign/package.nix | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/pkgs/by-name/pe/pesign/package.nix b/pkgs/by-name/pe/pesign/package.nix index a29bee3ba2b6..f76c98526e89 100644 --- a/pkgs/by-name/pe/pesign/package.nix +++ b/pkgs/by-name/pe/pesign/package.nix @@ -2,6 +2,7 @@ lib, stdenv, fetchFromGitHub, + fetchpatch2, pkg-config, nss, efivar, @@ -22,6 +23,15 @@ stdenv.mkDerivation rec { hash = "sha256-cuOSD/ZHkilgguDFJviIZCG8kceRWw2JgssQuWN02Do="; }; + patches = [ + # fix build with gcc14 + # https://github.com/rhboot/pesign/pull/119 + (fetchpatch2 { + url = "https://github.com/rhboot/pesign/commit/1f9e2fa0b4d872fdd01ca3ba81b04dfb1211a187.patch?full_index=1"; + hash = "sha256-viVM4Z0jAEAWC3EdJVHcWe21aQskH5XE85lOd6Xd/qU="; + }) + ]; + # nss-util is missing because it is already contained in nss # Red Hat seems to be shipping a separate nss-util: # https://centos.pkgs.org/7/centos-x86_64/nss-util-devel-3.44.0-4.el7_7.x86_64.rpm.html From 34dbfa42812348a19aac4c5b31b93955612116ee Mon Sep 17 00:00:00 2001 From: ghpzin Date: Tue, 1 Apr 2025 12:11:46 +0300 Subject: [PATCH 2/2] pesign: modernize - replace `rec` with `finalAttrs` - remove `with lib;` from `meta` - replace `rev` with `tag` in `src` --- pkgs/by-name/pe/pesign/package.nix | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/pkgs/by-name/pe/pesign/package.nix b/pkgs/by-name/pe/pesign/package.nix index f76c98526e89..5c25ee80dca8 100644 --- a/pkgs/by-name/pe/pesign/package.nix +++ b/pkgs/by-name/pe/pesign/package.nix @@ -12,14 +12,14 @@ mandoc, }: -stdenv.mkDerivation rec { +stdenv.mkDerivation (finalAttrs: { pname = "pesign"; version = "116"; src = fetchFromGitHub { owner = "rhboot"; repo = "pesign"; - rev = version; + tag = finalAttrs.version; hash = "sha256-cuOSD/ZHkilgguDFJviIZCG8kceRWw2JgssQuWN02Do="; }; @@ -59,12 +59,12 @@ stdenv.mkDerivation rec { rm -rf $out/run ''; - meta = with lib; { + meta = { description = "Signing tools for PE-COFF binaries. Compliant with the PE and Authenticode specifications"; homepage = "https://github.com/rhboot/pesign"; - license = licenses.gpl2Only; - maintainers = with maintainers; [ raitobezarius ]; + license = lib.licenses.gpl2Only; + maintainers = with lib.maintainers; [ raitobezarius ]; # efivar is currently Linux-only. - platforms = platforms.linux; + platforms = lib.platforms.linux; }; -} +})