diff --git a/pkgs/development/compilers/ghc/7.6.3.nix b/pkgs/development/compilers/ghc/7.6.3.nix index 1839c982e99..f86d328ae0e 100644 --- a/pkgs/development/compilers/ghc/7.6.3.nix +++ b/pkgs/development/compilers/ghc/7.6.3.nix @@ -1,6 +1,13 @@ { stdenv, fetchurl, ghc, perl, gmp, ncurses }: -stdenv.mkDerivation rec { +let + # The "-Wa,--noexecstack" options might be needed only with GNU ld (as opposed + # to the gold linker). It prevents binaries' stacks from being marked as + # executable, which fails to run on a grsecurity/PaX kernel. + ghcFlags = "-optc-Wa,--noexecstack -opta-Wa,--noexecstack"; + cFlags = "-Wa,--noexecstack"; + +in stdenv.mkDerivation rec { version = "7.6.3"; name = "ghc-${version}"; @@ -12,21 +19,38 @@ stdenv.mkDerivation rec { buildInputs = [ ghc perl gmp ncurses ]; - buildMK = '' libraries/integer-gmp_CONFIGURE_OPTS += --configure-option=--with-gmp-libraries="${gmp}/lib" libraries/integer-gmp_CONFIGURE_OPTS += --configure-option=--with-gmp-includes="${gmp}/include" + + # Set ghcFlags for building ghc itself + SRC_HC_OPTS += ${ghcFlags} + SRC_CC_OPTS += ${cFlags} ''; preConfigure = '' echo "${buildMK}" > mk/build.mk sed -i -e 's|-isysroot /Developer/SDKs/MacOSX10.5.sdk||' configure + + # Set ghcFlags for binaries that ghc builds + sed -i -e 's|"\$topdir"|"\$topdir" ${ghcFlags}|' ghc/ghc.wrapper + '' + stdenv.lib.optionalString (!stdenv.isDarwin) '' export NIX_LDFLAGS="$NIX_LDFLAGS -rpath $out/lib/ghc-${version}" ''; configureFlags = "--with-gcc=${stdenv.gcc}/bin/gcc"; + postInstall = '' + # ghci uses mmap with rwx protection at it implements dynamic + # linking on its own. See: + # - https://bugs.gentoo.org/show_bug.cgi?id=299709 + # - https://ghc.haskell.org/trac/ghc/ticket/4244 + # Therefore, we have to pax-mark the resulting binary. + # Haddock also seems to run with ghci, so mark it as well. + paxmark m $out/lib/${name}/{ghc,haddock} + ''; + # required, because otherwise all symbols from HSffi.o are stripped, and # that in turn causes GHCi to abort stripDebugFlags=["-S" "--keep-file-symbols"];