Skip to content

macvim: 179 -> 181 #454837

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
emilazy merged 8 commits into from
Oct 23, 2025
Merged

macvim: 179 -> 181 #454837

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
636104f
macvim: work around Xcode 26.0 bug
lilyball Oct 23, 2025
427a98e
macvim: delete incorrect manpages
lilyball Oct 23, 2025
3693c2d
macvim: ensure we can change install names
lilyball Oct 23, 2025
f7c3c92
macvim: resign the binary on aarch64-darwin
lilyball Oct 23, 2025
c06af95
macvim: disable python support by default
lilyball Oct 23, 2025
5ece9f3
macvim: 179 -> 181
lilyball Oct 23, 2025
8b45a0a
maintainers: add lilyball
lilyball Oct 23, 2025
f20cb87
macvim: add lilyball as maintainer
lilyball Oct 23, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 7 additions & 0 deletions maintainers/maintainer-list.nix
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14728,6 +14728,13 @@
githubId = 54189319;
name = "Lilly Cham";
};
lilyball = {
email = "lily@ballards.net";
github = "lilyball";
githubId = 714;
matrix = "@esperlily:matrix.org";
name = "Lily Ballard";
};
limeytexan = {
email = "limeytexan@gmail.com";
github = "limeytexan";
Expand Down
85 changes: 46 additions & 39 deletions pkgs/applications/editors/vim/macvim.nix
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,20 +7,25 @@
gettext,
pkg-config,
cscope,
ruby,
ruby_3_4,
tcl,
perl,
luajit,
darwin,
libiconv,
python3,
enablePython ? false,
rcodesign,
}:

let
inherit (lib) optional optionals optionalString;
in

# Try to match MacVim's documented script interface compatibility
let
#perl = perl540;
# Ruby 3.3
#ruby = ruby_3_3;
# Ruby 3.4
ruby = ruby_3_4;

# Building requires a few system tools to be in PATH.
# Some of these we could patch into the relevant source files (such as xcodebuild and
Expand All @@ -35,21 +40,22 @@ in
stdenv.mkDerivation (finalAttrs: {
pname = "macvim";

version = "179";
version = "181";

src = fetchFromGitHub {
owner = "macvim-dev";
repo = "macvim";
rev = "release-${finalAttrs.version}";
Copy link
Member

@SuperSandro2000 SuperSandro2000 Oct 23, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
rev = "release-${finalAttrs.version}";
tag = "release-${finalAttrs.version}";

hash = "sha256-L9LVXyeA09aMtNf+b/Oo+eLpeVEKTD1/oNWCiFn5FbU=";
hash = "sha256-Wdq+eXSaGs+y+75ZbxoNAcyopRkWRHHRm05T0SHBrow=";
};

enableParallelBuilding = true;

nativeBuildInputs = [
pkg-config
buildSymlinks
];
]
++ optional stdenv.isAarch64 rcodesign;
buildInputs = [
gettext
ncurses
Expand All @@ -58,8 +64,8 @@ stdenv.mkDerivation (finalAttrs: {
ruby
tcl
perl
python3
];
]
++ optional enablePython python3;
Copy link
Member

@emilazy emilazy Oct 23, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Using the Nixpkgs toolchain would presumably fix this.


patches = [ ./macvim.patch ];

Expand All @@ -71,14 +77,22 @@ stdenv.mkDerivation (finalAttrs: {
"--enable-multibyte"
"--enable-nls"
"--enable-luainterp=dynamic"
]
++ optionals enablePython [
"--enable-python3interp=dynamic"
]
++ [
"--enable-perlinterp=dynamic"
"--enable-rubyinterp=dynamic"
"--enable-tclinterp=yes"
"--without-local-dir"
"--with-luajit"
"--with-lua-prefix=${luajit}"
]
++ optionals enablePython [
Comment on lines +81 to +92
Copy link
Member

@SuperSandro2000 SuperSandro2000 Oct 23, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe reorder things to only have one condition

"--with-python3-command=${python3}/bin/python3"
]
++ [
"--with-ruby-command=${ruby}/bin/ruby"
"--with-tclsh=${tcl}/bin/tclsh"
"--with-tlib=ncurses"
Expand All @@ -92,6 +106,13 @@ stdenv.mkDerivation (finalAttrs: {
postPatch = ''
echo "Patching file src/MacVim/MacVim.xcodeproj/project.pbxproj"
sed -e '/Sparkle\.framework/d' -i src/MacVim/MacVim.xcodeproj/project.pbxproj
''
# Xcode 26.0 sets *_DEPLOYMENT_TARGET env vars for all platforms in shell script build phases.
# This breaks invocations of clang in those phases, as they target the wrong platform.
# Note: The shell script build phase in question uses /bin/zsh.
+ ''
substituteInPlace src/MacVim/MacVim.xcodeproj/project.pbxproj \
--replace-fail 'make \' $'for x in ''${(k)parameters}; do if [[ $x = *_DEPLOYMENT_TARGET ]]; then [[ $x = MACOSX_DEPLOYMENT_TARGET ]] || unset $x; fi; done\nmake \\'
Copy link
Member

@SuperSandro2000 SuperSandro2000 Oct 23, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

At some point I would recommend doing a patch instead 😅

'';

# This is unfortunate, but we need to use the same compiler as Xcode, but Xcode doesn't provide a
Expand All @@ -101,7 +122,7 @@ stdenv.mkDerivation (finalAttrs: {
let
# ideally we'd recurse, but we don't need that right now
inputs = [ ncurses ] ++ perl.propagatedBuildInputs;
ldflags = map (drv: "-L${lib.getLib drv}/lib") inputs;
ldflags = map (drv: "-L${lib.getLib drv}/lib") inputs ++ [ "-headerpad_max_install_names" ];
cppflags = map (drv: "-isystem ${lib.getDev drv}/include") inputs;
in
''
Expand Down Expand Up @@ -131,7 +152,7 @@ stdenv.mkDerivation (finalAttrs: {
# as the scheme seems to have the wrong default.
+ ''
configureFlagsArray+=(
XCODEFLAGS="-scheme MacVim -derivedDataPath $NIX_BUILD_TOP/derivedData"
XCODEFLAGS="-scheme MacVim -derivedDataPath $NIX_BUILD_TOP/derivedData LDFLAGS='\$(inherited) -headerpad_max_install_names' ENABLE_CODE_COVERAGE=NO"
--with-xcodecfg="Release"
)
'';
Expand All @@ -149,9 +170,9 @@ stdenv.mkDerivation (finalAttrs: {
# Xcode project or pass it as a flag to xcodebuild as well.
postConfigure = ''
substituteInPlace src/auto/config.mk \
--replace " -L${stdenv.cc.libc}/lib" "" \
--replace " -L${darwin.libunwind}/lib" "" \
--replace " -L${libiconv}/lib" ""
--replace-warn " -L${stdenv.cc.libc}/lib" "" \
--replace-warn " -L${darwin.libunwind}/lib" "" \
--replace-warn " -L${libiconv}/lib" ""
Comment on lines +173 to +175
Copy link
Member

@SuperSandro2000 SuperSandro2000 Oct 23, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
--replace-warn " -L${stdenv.cc.libc}/lib" "" \
--replace-warn " -L${darwin.libunwind}/lib" "" \
--replace-warn " -L${libiconv}/lib" ""
--replace-fail " -L${stdenv.cc.libc}/lib" "" \
--replace-fail " -L${darwin.libunwind}/lib" "" \
--replace-fail " -L${libiconv}/lib" ""

we probably want to fail to build if anything about this changes

Copy link
Member

@emilazy emilazy Oct 23, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I basically don’t think these should be an issue at all these days. We do build our own libiconv, but I doubt it hurts anything – stdenv already propagates it, so it’s almost surely on the linker path even if we substitute this away. stdenv.cc.libc and darwin.libunwind are stub packages and we link against the system versions of those libraries using the stubs in the SDK. I can’t imagine these can’t just be removed without issue.

Copy link
Member Author

@lilyball lilyball Oct 23, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I just tweaked them to be --replace-warn since I noticed there was a warning about using bare --replace, but I didn't feel like checking if the replacements were actually still finding anything to replace (since this is a rather old hack and stuff has changed since then). I can try deleting them outright and seeing what happens, though if I'm going to end up actually switching over to the nixpkgs toolchain for building this (in a future PR) then this will all get replaced anyway.


# All the libraries we stripped have -osx- in their name as of this time.
# Assert now that this pattern no longer appears in config.mk.
Expand Down Expand Up @@ -191,12 +212,21 @@ stdenv.mkDerivation (finalAttrs: {
libperl=$(dirname $(find ${perl} -name "libperl.dylib"))
install_name_tool -add_rpath ${luajit}/lib $exe
install_name_tool -add_rpath ${tcl}/lib $exe
''
+ optionalString enablePython ''
install_name_tool -add_rpath ${python3}/lib $exe
''
+ ''
install_name_tool -add_rpath $libperl $exe
install_name_tool -add_rpath ${ruby}/lib $exe

# Remove manpages from tools we aren't providing
find $out/Applications/MacVim.app/Contents/man -name evim.1 -delete
find $out/Applications/MacVim.app/Contents/man \( -name evim.1 -or -name eview.1 \) -delete
rm $out/Applications/MacVim.app/Contents/man/man1/mvim.1
''
+ optionalString stdenv.isAarch64 ''
# Resign the binary and set the linker-signed flag.
rcodesign sign --code-signature-flags linker-signed $exe
Comment on lines +227 to +229
Copy link
Member

@emilazy emilazy Oct 23, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is there a reason not to use autoSignDarwinBinariesHook here?

Copy link
Member Author

@lilyball lilyball Oct 23, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The answer is that I didn't know about that hook. That said, we only need to resign one binary, and it looks like that hook is going to check every single file to see if it needs a signature, so that's going to end up doing a lot more work for the same effect.

Copy link
Member

@emilazy emilazy Oct 23, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fair enough. I’m surprised if install_name_tool is breaking the signature, as ours doesn’t, but maybe this is something weird with the Xcode toolchain being used here.

'';

# We rely on the user's Xcode install to build. It may be located in an arbitrary place, and
Expand All @@ -212,33 +242,10 @@ stdenv.mkDerivation (finalAttrs: {
description = "Vim - the text editor - for macOS";
homepage = "https://macvim.org/";
license = licenses.vim;
maintainers = [ ];
maintainers = with maintainers; [ lilyball ];
platforms = platforms.darwin;
hydraPlatforms = [ ]; # hydra can't build this as long as we rely on Xcode and sandboxProfile
# Needs updating to a newer MacVim for Python and Ruby version support
broken = true;
knownVulnerabilities = [
"CVE-2023-46246"
"CVE-2023-48231"
"CVE-2023-48232"
"CVE-2023-48233"
"CVE-2023-48234"
"CVE-2023-48235"
"CVE-2023-48236"
"CVE-2023-48237"
"CVE-2023-48706"
"CVE-2023-5344"
"CVE-2023-5441"
"CVE-2023-5535"
"CVE-2024-22667"
"CVE-2024-41957"
"CVE-2024-41965"
"CVE-2024-43374"
"CVE-2024-47814"
"CVE-2025-1215"
"CVE-2025-22134"
"CVE-2025-24014"
"CVE-2025-26603"
"CVE-2025-29768"
"CVE-2025-53905"
"CVE-2025-53906"
Expand Down
13 changes: 0 additions & 13 deletions pkgs/applications/editors/vim/macvim.patch
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -199,16 +199,3 @@ index 6e33142..6185f45 100644
#ifdef AMIGA
# include "os_amiga.h"
#endif
diff --git a/src/vimtutor b/src/vimtutor
index 3b154f2..e89f260 100755
--- a/src/vimtutor
+++ b/src/vimtutor
@@ -16,7 +16,7 @@ seq="vim vim81 vim80 vim8 vim74 vim73 vim72 vim71 vim70 vim7 vim6 vi"
if test "$1" = "-g"; then
# Try to use the GUI version of Vim if possible, it will fall back
# on Vim if Gvim is not installed.
- seq="gvim gvim81 gvim80 gvim8 gvim74 gvim73 gvim72 gvim71 gvim70 gvim7 gvim6 $seq"
+ seq="mvim gvim gvim81 gvim80 gvim8 gvim74 gvim73 gvim72 gvim71 gvim70 gvim7 gvim6 $seq"
shift
fi

Loading