From 87e35291a55c0069626ae991c1c45fce388e2437 Mon Sep 17 00:00:00 2001 From: Walter Franzini Date: Fri, 7 Jun 2019 10:07:18 +0200 Subject: [PATCH 1/8] disable stackprotector on target platform musl32 --- pkgs/build-support/cc-wrapper/default.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/pkgs/build-support/cc-wrapper/default.nix b/pkgs/build-support/cc-wrapper/default.nix index 341e2850437..3939b3efb64 100644 --- a/pkgs/build-support/cc-wrapper/default.nix +++ b/pkgs/build-support/cc-wrapper/default.nix @@ -451,7 +451,9 @@ stdenv.mkDerivation { hardening_unsupported_flags+=" stackprotector pic" '' + optionalString (targetPlatform.libc == "newlib") '' hardening_unsupported_flags+=" stackprotector fortify pie pic" - '' + optionalString targetPlatform.isNetBSD '' + '' + optionalString (targetPlatform.libc == "musl" && targetPlatform.isi686) '' + hardening_unsupported_flags+=" stackprotector" + '' + optionalString targetPlatform.isNetBSD '' hardening_unsupported_flags+=" stackprotector fortify" '' + optionalString cc.langAda or false '' hardening_unsupported_flags+=" format stackprotector strictoverflow" From 67c8584209d51d5dfbf7b561026f13052b77d631 Mon Sep 17 00:00:00 2001 From: Walter Franzini Date: Fri, 7 Jun 2019 10:08:29 +0200 Subject: [PATCH 2/8] libexecinfo: enables stackprotector through hardeningEnable The makefile patch pulled from alpinelinux used to enable stackprotector unconditionally. This change use the nixpkgs flag hardeningEnable. This is required to support platform where stackprotector has problems. --- .../libexecinfo/30-linux-makefile.patch | 44 +++++++++++++++++++ .../libraries/libexecinfo/default.nix | 7 +-- 2 files changed, 46 insertions(+), 5 deletions(-) create mode 100644 pkgs/development/libraries/libexecinfo/30-linux-makefile.patch diff --git a/pkgs/development/libraries/libexecinfo/30-linux-makefile.patch b/pkgs/development/libraries/libexecinfo/30-linux-makefile.patch new file mode 100644 index 00000000000..134c64441d3 --- /dev/null +++ b/pkgs/development/libraries/libexecinfo/30-linux-makefile.patch @@ -0,0 +1,44 @@ +--- Makefile.orig ++++ Makefile +@@ -23,24 +23,25 @@ + # SUCH DAMAGE. + # + # $Id: Makefile,v 1.3 2004/07/19 05:19:55 sobomax Exp $ ++# ++# Linux Makefile by Matt Smith , 2011/01/04 + +-LIB= execinfo ++CC=cc ++AR=ar ++EXECINFO_CFLAGS=$(CFLAGS) -O2 -pipe -fno-strict-aliasing -std=gnu99 -c ++EXECINFO_LDFLAGS=$(LDFLAGS) + +-SRCS= stacktraverse.c stacktraverse.h execinfo.c execinfo.h ++all: static dynamic + +-INCS= execinfo.h ++static: ++ $(CC) $(EXECINFO_CFLAGS) $(EXECINFO_LDFLAGS) stacktraverse.c ++ $(CC) $(EXECINFO_CFLAGS) $(EXECINFO_LDFLAGS) execinfo.c ++ $(AR) rcs libexecinfo.a stacktraverse.o execinfo.o + +-SHLIB_MAJOR= 1 +-SHLIB_MINOR= 0 ++dynamic: ++ $(CC) -fpic -DPIC $(EXECINFO_CFLAGS) $(EXECINFO_LDFLAGS) stacktraverse.c -o stacktraverse.So ++ $(CC) -fpic -DPIC $(EXECINFO_CFLAGS) $(EXECINFO_LDFLAGS) execinfo.c -o execinfo.So ++ $(CC) -shared -Wl,-soname,libexecinfo.so.1 -o libexecinfo.so.1 stacktraverse.So execinfo.So + +-NOPROFILE= yes +- +-DPADD= ${LIBM} +-LDADD= -lm +- +-#WARNS?= 4 +- +-#stacktraverse.c: gen.py +-# ./gen.py > stacktraverse.c +- +-.include ++clean: ++ rm -rf *.o *.So *.a *.so diff --git a/pkgs/development/libraries/libexecinfo/default.nix b/pkgs/development/libraries/libexecinfo/default.nix index f3f89209707..36f956e7772 100644 --- a/pkgs/development/libraries/libexecinfo/default.nix +++ b/pkgs/development/libraries/libexecinfo/default.nix @@ -23,14 +23,11 @@ stdenv.mkDerivation rec { url = "https://git.alpinelinux.org/aports/plain/main/libexecinfo/20-define-gnu-source.patch?id=730cdcef6901750f4029d4c3b8639ce02ee3ead1"; sha256 = "1mp8mc639b0h2s69m5z6s2h3q3n1zl298j9j0plzj7f979j76302"; }) - (fetchpatch { - name = "30-linux-makefile.patch"; - url = "https://git.alpinelinux.org/aports/plain/main/libexecinfo/30-linux-makefile.patch?id=730cdcef6901750f4029d4c3b8639ce02ee3ead1"; - sha256 = "1jwjz22z5cjy5h2bfghn62yl9ar8jiqhdvbwrcfavv17ihbhwcaf"; - }) + ./30-linux-makefile.patch ]; makeFlags = [ "CC:=$(CC)" "AR:=$(AR)" ]; + hardeningEnable = [ "stackprotector" ]; buildFlags = lib.optional enableStatic "static" From 92225849b0f5212bae46437494c4b22d4a257327 Mon Sep 17 00:00:00 2001 From: Walter Franzini Date: Fri, 7 Jun 2019 10:54:22 +0200 Subject: [PATCH 3/8] libsodium: disable stackprotector on musl32 --- pkgs/development/libraries/libsodium/default.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/pkgs/development/libraries/libsodium/default.nix b/pkgs/development/libraries/libsodium/default.nix index db2cd044592..e7f60aa4fc5 100644 --- a/pkgs/development/libraries/libsodium/default.nix +++ b/pkgs/development/libraries/libsodium/default.nix @@ -12,6 +12,11 @@ stdenv.mkDerivation rec { separateDebugInfo = stdenv.isLinux && stdenv.hostPlatform.libc != "musl"; enableParallelBuilding = true; + hardeningDisable = stdenv.lib.optional (stdenv.targetPlatform.isMusl && stdenv.targetPlatform.isi686) "stackprotector"; + + # FIXME: the hardeingDisable attr above does not seems effective, so + # the need to disable stackprotector via configureFlags + configureFlags = stdenv.lib.optional (stdenv.targetPlatform.isMusl && stdenv.targetPlatform.isi686) "--disable-ssp"; doCheck = true; From 42e689e5bddb852801bd1fd8acb11ceab758f67c Mon Sep 17 00:00:00 2001 From: Walter Franzini Date: Fri, 7 Jun 2019 18:01:26 +0200 Subject: [PATCH 4/8] sox: musl does not support pipe rewind Disable the pipe rewind related feature since musl has no support for it. --- .../0001-musl-rewind-pipe-workaround.patch | 24 +++++++++++++++++++ pkgs/applications/misc/audio/sox/default.nix | 2 ++ 2 files changed, 26 insertions(+) create mode 100644 pkgs/applications/misc/audio/sox/0001-musl-rewind-pipe-workaround.patch diff --git a/pkgs/applications/misc/audio/sox/0001-musl-rewind-pipe-workaround.patch b/pkgs/applications/misc/audio/sox/0001-musl-rewind-pipe-workaround.patch new file mode 100644 index 00000000000..6aacbcc65bc --- /dev/null +++ b/pkgs/applications/misc/audio/sox/0001-musl-rewind-pipe-workaround.patch @@ -0,0 +1,24 @@ +From e7446c9bcb47674c9d0ee3b5bab129e9b86eb1c9 Mon Sep 17 00:00:00 2001 +From: Walter Franzini +Date: Fri, 7 Jun 2019 17:57:11 +0200 +Subject: [PATCH] musl does not support rewind pipe, make it build anyway + +--- + src/formats.c | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/src/formats.c b/src/formats.c +index f3efe764..477bf451 100644 +--- a/src/formats.c ++++ b/src/formats.c +@@ -424,7 +424,6 @@ static void UNUSED rewind_pipe(FILE * fp) + /* To fix this #error, either simply remove the #error line and live without + * file-type detection with pipes, or add support for your compiler in the + * lines above. Test with cat monkey.wav | ./sox --info - */ +- #error FIX NEEDED HERE + #define NO_REWIND_PIPE + (void)fp; + #endif +-- +2.19.2 + diff --git a/pkgs/applications/misc/audio/sox/default.nix b/pkgs/applications/misc/audio/sox/default.nix index dd5dbde5286..946150d2b88 100644 --- a/pkgs/applications/misc/audio/sox/default.nix +++ b/pkgs/applications/misc/audio/sox/default.nix @@ -27,6 +27,8 @@ stdenv.mkDerivation rec { # configure.ac uses pkg-config only to locate libopusfile nativeBuildInputs = optional enableOpusfile pkg-config; + patches = [ ./0001-musl-rewind-pipe-workaround.patch ]; + buildInputs = optional (enableAlsa && stdenv.isLinux) alsaLib ++ optional enableLibao libao ++ From eabb56ac6c2458796714be527a790ca23de66f38 Mon Sep 17 00:00:00 2001 From: Walter Franzini Date: Sat, 8 Jun 2019 00:40:28 +0200 Subject: [PATCH 5/8] identify musl32 using x86_32 instead of i686 --- pkgs/build-support/cc-wrapper/default.nix | 4 ++-- pkgs/development/libraries/libsodium/default.nix | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/pkgs/build-support/cc-wrapper/default.nix b/pkgs/build-support/cc-wrapper/default.nix index 3939b3efb64..c8af8789fcc 100644 --- a/pkgs/build-support/cc-wrapper/default.nix +++ b/pkgs/build-support/cc-wrapper/default.nix @@ -451,9 +451,9 @@ stdenv.mkDerivation { hardening_unsupported_flags+=" stackprotector pic" '' + optionalString (targetPlatform.libc == "newlib") '' hardening_unsupported_flags+=" stackprotector fortify pie pic" - '' + optionalString (targetPlatform.libc == "musl" && targetPlatform.isi686) '' + '' + optionalString (targetPlatform.libc == "musl" && targetPlatform.isx86_32) '' hardening_unsupported_flags+=" stackprotector" - '' + optionalString targetPlatform.isNetBSD '' + '' + optionalString targetPlatform.isNetBSD '' hardening_unsupported_flags+=" stackprotector fortify" '' + optionalString cc.langAda or false '' hardening_unsupported_flags+=" format stackprotector strictoverflow" diff --git a/pkgs/development/libraries/libsodium/default.nix b/pkgs/development/libraries/libsodium/default.nix index e7f60aa4fc5..64ae1713fd4 100644 --- a/pkgs/development/libraries/libsodium/default.nix +++ b/pkgs/development/libraries/libsodium/default.nix @@ -12,11 +12,11 @@ stdenv.mkDerivation rec { separateDebugInfo = stdenv.isLinux && stdenv.hostPlatform.libc != "musl"; enableParallelBuilding = true; - hardeningDisable = stdenv.lib.optional (stdenv.targetPlatform.isMusl && stdenv.targetPlatform.isi686) "stackprotector"; + hardeningDisable = lib.optional (stdenv.targetPlatform.isMusl && stdenv.targetPlatform.isx86_32) "stackprotector"; # FIXME: the hardeingDisable attr above does not seems effective, so # the need to disable stackprotector via configureFlags - configureFlags = stdenv.lib.optional (stdenv.targetPlatform.isMusl && stdenv.targetPlatform.isi686) "--disable-ssp"; + configureFlags = lib.optional (stdenv.targetPlatform.isMusl && stdenv.targetPlatform.isx86_32) "--disable-ssp"; doCheck = true; From 733d24b50b63cef38c9d228e127c9d09865afc16 Mon Sep 17 00:00:00 2001 From: Walter Franzini Date: Fri, 23 Aug 2019 10:47:39 +0200 Subject: [PATCH 6/8] add stackprotector support on musl32 In order to support stackprotector on musl32, this change import a couple of patches from alpinelinux: 1. libssp_nonshared.a is built alongside musl's libc 2. the above library is automatically linked when compiling with gcc6 or gcc7 --- pkgs/development/compilers/gcc/6/default.nix | 6 +++++- pkgs/development/compilers/gcc/7/default.nix | 4 ++++ pkgs/os-specific/linux/musl/default.nix | 22 ++++++++++++++++++++ 3 files changed, 31 insertions(+), 1 deletion(-) diff --git a/pkgs/development/compilers/gcc/6/default.nix b/pkgs/development/compilers/gcc/6/default.nix index fa7881e398a..93c9dde61fc 100644 --- a/pkgs/development/compilers/gcc/6/default.nix +++ b/pkgs/development/compilers/gcc/6/default.nix @@ -78,7 +78,11 @@ let majorVersion = "6"; ++ optional (targetPlatform.libc == "musl") ../libgomp-dont-force-initial-exec.patch # Obtain latest patch with ../update-mcfgthread-patches.sh - ++ optional (!crossStageStatic && targetPlatform.isMinGW) ./Added-mcf-thread-model-support-from-mcfgthread.patch; + ++ optional (!crossStageStatic && targetPlatform.isMinGW) ./Added-mcf-thread-model-support-from-mcfgthread.patch + ++ optional (targetPlatform.libc == "musl" && targetPlatform.isx86_32) (fetchpatch { + url = "https://git.alpinelinux.org/aports/plain/main/gcc/gcc-6.1-musl-libssp.patch?id=5e4b96e23871ee28ef593b439f8c07ca7c7eb5bb"; + sha256 = "1jf1ciz4gr49lwyh8knfhw6l5gvfkwzjy90m7qiwkcbsf4a3fqn2"; + }); javaEcj = fetchurl { # The `$(top_srcdir)/ecj.jar' file is automatically picked up at diff --git a/pkgs/development/compilers/gcc/7/default.nix b/pkgs/development/compilers/gcc/7/default.nix index 2ea9033ba63..75d519c3107 100644 --- a/pkgs/development/compilers/gcc/7/default.nix +++ b/pkgs/development/compilers/gcc/7/default.nix @@ -72,6 +72,10 @@ let majorVersion = "7"; }) ++ optional langFortran ../gfortran-driving.patch ++ optional (targetPlatform.libc == "musl" && targetPlatform.isPower) ../ppc-musl.patch + ++ optional (targetPlatform.libc == "musl" && targetPlatform.isx86_32) (fetchpatch { + url = "https://git.alpinelinux.org/aports/plain/main/gcc/gcc-6.1-musl-libssp.patch"; + sha256 = "1jf1ciz4gr49lwyh8knfhw6l5gvfkwzjy90m7qiwkcbsf4a3fqn2"; + }) ++ optional (targetPlatform.libc == "musl") ../libgomp-dont-force-initial-exec.patch # Obtain latest patch with ../update-mcfgthread-patches.sh diff --git a/pkgs/os-specific/linux/musl/default.nix b/pkgs/os-specific/linux/musl/default.nix index 63d8114ac77..3310692b31d 100644 --- a/pkgs/os-specific/linux/musl/default.nix +++ b/pkgs/os-specific/linux/musl/default.nix @@ -16,6 +16,11 @@ let sha256 = "14igk6k00bnpfw660qhswagyhvr0gfqg4q55dxvaaq7ikfkrir71"; }; + stack_chk_fail_local_c = fetchurl { + url = "https://git.alpinelinux.org/aports/plain/main/musl/__stack_chk_fail_local.c?h=3.10-stable"; + sha256 = "1nhkzzy9pklgjcq2yg89d3l18jif331srd3z3vhy5qwxl1spv6i9"; + }; + # iconv tool, implemented by musl author. # Original: http://git.etalabs.net/cgit/noxcuse/plain/src/iconv.c?id=02d288d89683e99fd18fe9f54d4e731a6c474a4f # We use copy from Alpine which fixes error messages, see: @@ -87,6 +92,16 @@ stdenv.mkDerivation rec { NIX_DONT_SET_RPATH = true; + preBuild = '' + ${if (stdenv.targetPlatform.libc == "musl" && stdenv.targetPlatform.isx86_32) then + "# the -x c flag is required since the file extension confuses gcc + # that detect the file as a linker script. + $CC -x c -c ${stack_chk_fail_local_c} -o __stack_chk_fail_local.o + $AR r libssp_nonshared.a __stack_chk_fail_local.o" + else "" + } + ''; + postInstall = '' # Not sure why, but link in all but scsi directory as that's what uclibc/glibc do. # Apparently glibc provides scsi itself? @@ -96,6 +111,13 @@ stdenv.mkDerivation rec { $STRIP -S $out/lib/libc.a mkdir -p $out/bin + + ${if (stdenv.targetPlatform.libc == "musl" && stdenv.targetPlatform.isx86_32) then + "install -D libssp_nonshared.a $out/lib/libssp_nonshared.a + $STRIP -S $out/lib/libssp_nonshared.a" + else "" + } + # Create 'ldd' symlink, builtin ln -rs $out/lib/libc.so $out/bin/ldd From 756ace721e1bf5638b3bd8c3eb63f3a48fdfdeec Mon Sep 17 00:00:00 2001 From: Symphorien Gibol Date: Fri, 12 Feb 2021 12:23:37 +0100 Subject: [PATCH 7/8] libgcrypt: fix build on musl32 --- pkgs/development/libraries/libgcrypt/default.nix | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/pkgs/development/libraries/libgcrypt/default.nix b/pkgs/development/libraries/libgcrypt/default.nix index 081b67b1663..f3db8d8c03b 100644 --- a/pkgs/development/libraries/libgcrypt/default.nix +++ b/pkgs/development/libraries/libgcrypt/default.nix @@ -1,5 +1,5 @@ { lib, stdenv, fetchurl, gettext, libgpgerror, enableCapabilities ? false, libcap -, buildPackages +, buildPackages, fetchpatch }: assert enableCapabilities -> stdenv.isLinux; @@ -13,6 +13,15 @@ stdenv.mkDerivation rec { sha256 = "1nb50bgzp83q6r5cz4v40y1mcbhpqwqyxlay87xp1lrbkf5pm9n5"; }; + patches = [ + # fix build on 32bit musl + (fetchpatch { + name = "fix_building_with_disable-asm_on_x86.patch"; + url = "https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commitdiff_plain;h=af23ab5c5482d625ff52e60606cf044e2b0106c8"; + sha256 = "1m8apm8wra6fk89ggha4d0bba5absihm38zvb2khklqh9q5hj9jw"; + }) + ]; + outputs = [ "out" "dev" "info" ]; outputBin = "dev"; @@ -27,6 +36,8 @@ stdenv.mkDerivation rec { ++ lib.optional stdenv.isDarwin gettext ++ lib.optional enableCapabilities libcap; + strictDeps = true; + configureFlags = [ "--with-libgpg-error-prefix=${libgpgerror.dev}" ] ++ lib.optional stdenv.hostPlatform.isMusl "--disable-asm"; From d68dee04b7aa47c8eecf721ccdb4c269deea657c Mon Sep 17 00:00:00 2001 From: Symphorien Gibol Date: Fri, 12 Feb 2021 20:38:38 +0100 Subject: [PATCH 8/8] gcc: fix cross compilation to musl32 --- pkgs/development/compilers/gcc/7/default.nix | 2 +- .../development/compilers/gcc/common/configure-flags.nix | 6 +++--- pkgs/top-level/all-packages.nix | 9 +++++++++ 3 files changed, 13 insertions(+), 4 deletions(-) diff --git a/pkgs/development/compilers/gcc/7/default.nix b/pkgs/development/compilers/gcc/7/default.nix index 75d519c3107..d9b4c639b5a 100644 --- a/pkgs/development/compilers/gcc/7/default.nix +++ b/pkgs/development/compilers/gcc/7/default.nix @@ -73,7 +73,7 @@ let majorVersion = "7"; ++ optional langFortran ../gfortran-driving.patch ++ optional (targetPlatform.libc == "musl" && targetPlatform.isPower) ../ppc-musl.patch ++ optional (targetPlatform.libc == "musl" && targetPlatform.isx86_32) (fetchpatch { - url = "https://git.alpinelinux.org/aports/plain/main/gcc/gcc-6.1-musl-libssp.patch"; + url = "https://git.alpinelinux.org/aports/plain/main/gcc/gcc-6.1-musl-libssp.patch?id=5e4b96e23871ee28ef593b439f8c07ca7c7eb5bb"; sha256 = "1jf1ciz4gr49lwyh8knfhw6l5gvfkwzjy90m7qiwkcbsf4a3fqn2"; }) ++ optional (targetPlatform.libc == "musl") ../libgomp-dont-force-initial-exec.patch diff --git a/pkgs/development/compilers/gcc/common/configure-flags.nix b/pkgs/development/compilers/gcc/common/configure-flags.nix index 4bdec26fd99..443ed19235d 100644 --- a/pkgs/development/compilers/gcc/common/configure-flags.nix +++ b/pkgs/development/compilers/gcc/common/configure-flags.nix @@ -94,9 +94,6 @@ let # In uclibc cases, libgomp needs an additional '-ldl' # and as I don't know how to pass it, I disable libgomp. "--disable-libgomp" - ] ++ lib.optionals (targetPlatform.libc == "musl") [ - # musl at least, disable: https://git.buildroot.net/buildroot/commit/?id=873d4019f7fb00f6a80592224236b3ba7d657865 - "--disable-libmpx" ] ++ lib.optional (targetPlatform.libc == "newlib") "--with-newlib" ++ lib.optional (targetPlatform.libc == "avrlibc") "--with-avrlibc" ); @@ -181,6 +178,9 @@ let # On Illumos/Solaris GNU as is preferred "--with-gnu-as" "--without-gnu-ld" ] + ++ lib.optional (targetPlatform.libc == "musl") + # musl at least, disable: https://git.buildroot.net/buildroot/commit/?id=873d4019f7fb00f6a80592224236b3ba7d657865 + "--disable-libmpx" ++ lib.optionals (targetPlatform == hostPlatform && targetPlatform.libc == "musl") [ "--disable-libsanitizer" "--disable-symvers" diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 715aeed5813..9a8096eef62 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -9827,6 +9827,9 @@ in libcCross = if stdenv.targetPlatform != stdenv.buildPlatform then libcCross else null; threadsCross = if stdenv.targetPlatform != stdenv.buildPlatform then threadsCross else null; + # gcc 10 is too strict to cross compile gcc <= 8 + stdenv = if (stdenv.targetPlatform != stdenv.buildPlatform) && stdenv.cc.isGNU then gcc7Stdenv else stdenv; + isl = if stdenv.isDarwin then null else if stdenv.targetPlatform.isRedox @@ -9843,6 +9846,9 @@ in libcCross = if stdenv.targetPlatform != stdenv.buildPlatform then libcCross else null; threadsCross = if stdenv.targetPlatform != stdenv.buildPlatform then threadsCross else null; + # gcc 10 is too strict to cross compile gcc <= 8 + stdenv = if (stdenv.targetPlatform != stdenv.buildPlatform) && stdenv.cc.isGNU then gcc7Stdenv else stdenv; + isl = if !stdenv.isDarwin then isl_0_17 else null; })); @@ -9855,6 +9861,9 @@ in libcCross = if stdenv.targetPlatform != stdenv.buildPlatform then libcCross else null; threadsCross = if stdenv.targetPlatform != stdenv.buildPlatform then threadsCross else null; + # gcc 10 is too strict to cross compile gcc <= 8 + stdenv = if (stdenv.targetPlatform != stdenv.buildPlatform) && stdenv.cc.isGNU then gcc7Stdenv else stdenv; + isl = if !stdenv.isDarwin then isl_0_17 else null; }));