From 5ba3972addac3dd56518da294d088c92a6fb9798 Mon Sep 17 00:00:00 2001 From: John Ericson Date: Mon, 26 Jun 2017 00:43:06 -0400 Subject: [PATCH 01/23] cc-wrapper: Stop preWrapping This is an ugly temp hack for cross compilation, but now we have something better on the way. Bind `infixSalt` as an environment variable as it will be used in it. --- pkgs/build-support/cc-wrapper/default.nix | 89 ++++++++--------------- 1 file changed, 30 insertions(+), 59 deletions(-) diff --git a/pkgs/build-support/cc-wrapper/default.nix b/pkgs/build-support/cc-wrapper/default.nix index e0cc1fc2669..01d1bbd7a5d 100644 --- a/pkgs/build-support/cc-wrapper/default.nix +++ b/pkgs/build-support/cc-wrapper/default.nix @@ -53,42 +53,13 @@ let "-isystem $(echo -n ${cc.gcc}/include/c++/*) -isystem $(echo -n ${cc.gcc}/include/c++/*)/$(${cc.gcc}/bin/gcc -dumpmachine)"; dashlessTarget = stdenv.lib.replaceStrings ["-"] ["_"] targetPlatform.config; - # TODO(@Ericson2314) Make unconditional - infixSalt = stdenv.lib.optionalString (targetPlatform != hostPlatform) dashlessTarget; - infixSalt_ = stdenv.lib.optionalString (targetPlatform != hostPlatform) (dashlessTarget + "_"); - _infixSalt = stdenv.lib.optionalString (targetPlatform != hostPlatform) ("_" + dashlessTarget); - # We want to prefix all NIX_ flags with the target triple - preWrap = textFile: - # TODO: Do even when not cross on next mass-rebuild - # TODO: use @target_tripple@ for consistency - if targetPlatform == hostPlatform - then textFile - else runCommand "sed-nix-env-vars" {} ('' - cp --no-preserve=mode ${textFile} $out - - sed -i $out \ - -e 's^NIX_^NIX_${infixSalt_}^g' \ - -e 's^addCVars^addCVars${_infixSalt}^g' \ - -e 's^\[ -z "\$crossConfig" \]^\[\[ "${builtins.toString (targetPlatform != hostPlatform)}" || -z "$crossConfig" \]\]^g' - - # NIX_ things which we don't both use and define, we revert them - #asymmetric=$( - # for pre in "" "\\$" - # do - # grep -E -ho $pre'NIX_[a-zA-Z_]*' ./* | sed 's/\$//' | sort | uniq - # done | sort | uniq -c | sort -nr | sed -n 's/^1 NIX_//gp') - - # hard-code for now - asymmetric=("CXXSTDLIB_COMPILE" "CC") - - # The ([^a-zA-Z_]|$) bussiness is to ensure environment variables that - # begin with `NIX_CC` don't also get blacklisted. - for var in "''${asymmetric[@]}" - do - sed -i $out -E -e "s~NIX_${infixSalt_}$var([^a-zA-Z_]|$)~NIX_$var\1~g" - done - ''); + # The "infix salt" is a arbitrary string added in the middle of env vars + # defined by cc-wrapper's hooks so that multiple cc-wrappers can be used + # without interfering. For the moment, it is defined as the target triple, + # adjusted to be a valid bash identifier. This should be considered an + # unstable implementation detail, however. + infixSalt = dashlessTarget; # The dynamic linker has different names on different platforms. This is a # shell glob that ought to match it. @@ -129,20 +100,21 @@ stdenv.mkDerivation { gnugrep_bin = if nativeTools then "" else gnugrep; binPrefix = prefix; + inherit infixSalt; passthru = { inherit libc nativeTools nativeLibc nativePrefix isGNU isClang default_cxx_stdlib_compile - prefix infixSalt infixSalt_ _infixSalt; + prefix; emacsBufferSetup = pkgs: '' ; We should handle propagation here too (mapc (lambda (arg) (when (file-directory-p (concat arg "/include")) - (setenv "NIX_${infixSalt_}CFLAGS_COMPILE" (concat (getenv "NIX_${infixSalt_}CFLAGS_COMPILE") " -isystem " arg "/include"))) + (setenv "NIX_${infixSalt}_CFLAGS_COMPILE" (concat (getenv "NIX_${infixSalt}_CFLAGS_COMPILE") " -isystem " arg "/include"))) (when (file-directory-p (concat arg "/lib")) - (setenv "NIX_${infixSalt_}LDFLAGS" (concat (getenv "NIX_${infixSalt_}LDFLAGS") " -L" arg "/lib"))) + (setenv "NIX_${infixSalt}_LDFLAGS" (concat (getenv "NIX_${infixSalt}_LDFLAGS") " -L" arg "/lib"))) (when (file-directory-p (concat arg "/lib64")) - (setenv "NIX_${infixSalt_}LDFLAGS" (concat (getenv "NIX_${infixSalt_}LDFLAGS") " -L" arg "/lib64")))) '(${concatStringsSep " " (map (pkg: "\"${pkg}\"") pkgs)})) + (setenv "NIX_${infixSalt}_LDFLAGS" (concat (getenv "NIX_${infixSalt}_LDFLAGS") " -L" arg "/lib64")))) '(${concatStringsSep " " (map (pkg: "\"${pkg}\"") pkgs)})) ''; }; @@ -268,7 +240,7 @@ stdenv.mkDerivation { # Solaris needs an additional ld wrapper. ldPath="${nativePrefix}/bin" exec="$ldPath/${prefix}ld" - wrap ld-solaris ${preWrap ./ld-solaris-wrapper.sh} + wrap ld-solaris ${./ld-solaris-wrapper.sh} '') + '' @@ -282,7 +254,6 @@ stdenv.mkDerivation { '' + (if !useMacosReexportHack then '' wrap ${prefix}ld ${./ld-wrapper.sh} ''${ld:-$ldPath/${prefix}ld} '' else '' - export binPrefix=${prefix} ldInner="${prefix}ld-reexport-delegate" wrap "$ldInner" ${./macos-sierra-reexport-hack.bash} ''${ld:-$ldPath/${prefix}ld} wrap "${prefix}ld" ${./ld-wrapper.sh} "$out/bin/$ldInner" @@ -290,11 +261,11 @@ stdenv.mkDerivation { '') + '' if [ -e ${binutils_bin}/bin/${prefix}ld.gold ]; then - wrap ${prefix}ld.gold ${preWrap ./ld-wrapper.sh} ${binutils_bin}/bin/${prefix}ld.gold + wrap ${prefix}ld.gold ${./ld-wrapper.sh} ${binutils_bin}/bin/${prefix}ld.gold fi if [ -e ${binutils_bin}/bin/ld.bfd ]; then - wrap ${prefix}ld.bfd ${preWrap ./ld-wrapper.sh} ${binutils_bin}/bin/${prefix}ld.bfd + wrap ${prefix}ld.bfd ${./ld-wrapper.sh} ${binutils_bin}/bin/${prefix}ld.bfd fi # We export environment variables pointing to the wrapped nonstandard @@ -306,49 +277,49 @@ stdenv.mkDerivation { export default_cxx_stdlib_compile="${default_cxx_stdlib_compile}" if [ -e $ccPath/${prefix}gcc ]; then - wrap ${prefix}gcc ${preWrap ./cc-wrapper.sh} $ccPath/${prefix}gcc + wrap ${prefix}gcc ${./cc-wrapper.sh} $ccPath/${prefix}gcc ln -s ${prefix}gcc $out/bin/${prefix}cc export named_cc=${prefix}gcc export named_cxx=${prefix}g++ elif [ -e $ccPath/clang ]; then - wrap ${prefix}clang ${preWrap ./cc-wrapper.sh} $ccPath/clang + wrap ${prefix}clang ${./cc-wrapper.sh} $ccPath/clang ln -s ${prefix}clang $out/bin/${prefix}cc export named_cc=${prefix}clang export named_cxx=${prefix}clang++ fi if [ -e $ccPath/${prefix}g++ ]; then - wrap ${prefix}g++ ${preWrap ./cc-wrapper.sh} $ccPath/${prefix}g++ + wrap ${prefix}g++ ${./cc-wrapper.sh} $ccPath/${prefix}g++ ln -s ${prefix}g++ $out/bin/${prefix}c++ elif [ -e $ccPath/clang++ ]; then - wrap ${prefix}clang++ ${preWrap ./cc-wrapper.sh} $ccPath/clang++ + wrap ${prefix}clang++ ${./cc-wrapper.sh} $ccPath/clang++ ln -s ${prefix}clang++ $out/bin/${prefix}c++ fi if [ -e $ccPath/cpp ]; then - wrap ${prefix}cpp ${preWrap ./cc-wrapper.sh} $ccPath/cpp + wrap ${prefix}cpp ${./cc-wrapper.sh} $ccPath/cpp fi '' + optionalString cc.langFortran or false '' - wrap ${prefix}gfortran ${preWrap ./cc-wrapper.sh} $ccPath/${prefix}gfortran + wrap ${prefix}gfortran ${./cc-wrapper.sh} $ccPath/${prefix}gfortran ln -sv ${prefix}gfortran $out/bin/${prefix}g77 ln -sv ${prefix}gfortran $out/bin/${prefix}f77 '' + optionalString cc.langJava or false '' - wrap ${prefix}gcj ${preWrap ./cc-wrapper.sh} $ccPath/${prefix}gcj + wrap ${prefix}gcj ${./cc-wrapper.sh} $ccPath/${prefix}gcj '' + optionalString cc.langGo or false '' - wrap ${prefix}gccgo ${preWrap ./cc-wrapper.sh} $ccPath/${prefix}gccgo + wrap ${prefix}gccgo ${./cc-wrapper.sh} $ccPath/${prefix}gccgo '' + optionalString cc.langAda or false '' - wrap ${prefix}gnatgcc ${preWrap ./cc-wrapper.sh} $ccPath/${prefix}gnatgcc - wrap ${prefix}gnatmake ${preWrap ./gnat-wrapper.sh} $ccPath/${prefix}gnatmake - wrap ${prefix}gnatbind ${preWrap ./gnat-wrapper.sh} $ccPath/${prefix}gnatbind - wrap ${prefix}gnatlink ${preWrap ./gnatlink-wrapper.sh} $ccPath/${prefix}gnatlink + wrap ${prefix}gnatgcc ${./cc-wrapper.sh} $ccPath/${prefix}gnatgcc + wrap ${prefix}gnatmake ${./gnat-wrapper.sh} $ccPath/${prefix}gnatmake + wrap ${prefix}gnatbind ${./gnat-wrapper.sh} $ccPath/${prefix}gnatbind + wrap ${prefix}gnatlink ${./gnatlink-wrapper.sh} $ccPath/${prefix}gnatlink '' + optionalString cc.langVhdl or false '' @@ -356,7 +327,7 @@ stdenv.mkDerivation { '' + '' - substituteAll ${preWrap ./setup-hook.sh} $out/nix-support/setup-hook.tmp + substituteAll ${./setup-hook.sh} $out/nix-support/setup-hook.tmp cat $out/nix-support/setup-hook.tmp >> $out/nix-support/setup-hook rm $out/nix-support/setup-hook.tmp @@ -375,9 +346,9 @@ stdenv.mkDerivation { '' + '' - substituteAll ${preWrap ./add-flags.sh} $out/nix-support/add-flags.sh - substituteAll ${preWrap ./add-hardening.sh} $out/nix-support/add-hardening.sh - substituteAll ${preWrap ./utils.sh} $out/nix-support/utils.sh + substituteAll ${./add-flags.sh} $out/nix-support/add-flags.sh + substituteAll ${./add-hardening.sh} $out/nix-support/add-hardening.sh + substituteAll ${./utils.sh} $out/nix-support/utils.sh '' + extraBuildCommands; From 9f1e009975dc2d58541de435c74a26afe011542a Mon Sep 17 00:00:00 2001 From: John Ericson Date: Mon, 26 Jun 2017 00:43:06 -0400 Subject: [PATCH 02/23] cc-wrapper: Unconditionally use @infixSalt@ accross the board This is basically a sed job, in preparation of the next commit. The rules are more or less: - s"NIX_(.._WRAPPER_)?([a-zA-Z0-9@]*)"NIX_\1@infixSalt@_\2"g - except for non-cc-wrapper-specific vars like `NIX_DEBUG` --- pkgs/build-support/cc-wrapper/add-flags.sh | 28 ++++++++--------- pkgs/build-support/cc-wrapper/cc-wrapper.sh | 30 +++++++++---------- pkgs/build-support/cc-wrapper/gnat-wrapper.sh | 24 +++++++-------- .../cc-wrapper/gnatlink-wrapper.sh | 12 ++++---- pkgs/build-support/cc-wrapper/ld-wrapper.sh | 28 ++++++++--------- pkgs/build-support/cc-wrapper/setup-hook.sh | 4 +-- 6 files changed, 63 insertions(+), 63 deletions(-) diff --git a/pkgs/build-support/cc-wrapper/add-flags.sh b/pkgs/build-support/cc-wrapper/add-flags.sh index 1edfe8bfc75..37b3b4cae86 100644 --- a/pkgs/build-support/cc-wrapper/add-flags.sh +++ b/pkgs/build-support/cc-wrapper/add-flags.sh @@ -1,37 +1,37 @@ # `-B@out@/bin' forces cc to use ld-wrapper.sh when calling ld. -export NIX_CFLAGS_COMPILE="-B@out@/bin/ $NIX_CFLAGS_COMPILE" +export NIX_@infixSalt@_CFLAGS_COMPILE="-B@out@/bin/ $NIX_@infixSalt@_CFLAGS_COMPILE" # Export and assign separately in order that a failing $(..) will fail # the script. if [ -e @out@/nix-support/libc-cflags ]; then - export NIX_CFLAGS_COMPILE - NIX_CFLAGS_COMPILE="$(< @out@/nix-support/libc-cflags) $NIX_CFLAGS_COMPILE" + export NIX_@infixSalt@_CFLAGS_COMPILE + NIX_@infixSalt@_CFLAGS_COMPILE="$(< @out@/nix-support/libc-cflags) $NIX_@infixSalt@_CFLAGS_COMPILE" fi if [ -e @out@/nix-support/cc-cflags ]; then - export NIX_CFLAGS_COMPILE - NIX_CFLAGS_COMPILE="$(< @out@/nix-support/cc-cflags) $NIX_CFLAGS_COMPILE" + export NIX_@infixSalt@_CFLAGS_COMPILE + NIX_@infixSalt@_CFLAGS_COMPILE="$(< @out@/nix-support/cc-cflags) $NIX_@infixSalt@_CFLAGS_COMPILE" fi if [ -e @out@/nix-support/gnat-cflags ]; then - export NIX_GNATFLAGS_COMPILE - NIX_GNATFLAGS_COMPILE="$(< @out@/nix-support/gnat-cflags) $NIX_GNATFLAGS_COMPILE" + export NIX_@infixSalt@_GNATFLAGS_COMPILE + NIX_@infixSalt@_GNATFLAGS_COMPILE="$(< @out@/nix-support/gnat-cflags) $NIX_@infixSalt@_GNATFLAGS_COMPILE" fi if [ -e @out@/nix-support/libc-ldflags ]; then - export NIX_LDFLAGS - NIX_LDFLAGS+=" $(< @out@/nix-support/libc-ldflags)" + export NIX_@infixSalt@_LDFLAGS + NIX_@infixSalt@_LDFLAGS+=" $(< @out@/nix-support/libc-ldflags)" fi if [ -e @out@/nix-support/cc-ldflags ]; then - export NIX_LDFLAGS - NIX_LDFLAGS+=" $(< @out@/nix-support/cc-ldflags)" + export NIX_@infixSalt@_LDFLAGS + NIX_@infixSalt@_LDFLAGS+=" $(< @out@/nix-support/cc-ldflags)" fi if [ -e @out@/nix-support/libc-ldflags-before ]; then - export NIX_LDFLAGS_BEFORE - NIX_LDFLAGS_BEFORE="$(< @out@/nix-support/libc-ldflags-before) $NIX_LDFLAGS_BEFORE" + export NIX_@infixSalt@_LDFLAGS_BEFORE + NIX_@infixSalt@_LDFLAGS_BEFORE="$(< @out@/nix-support/libc-ldflags-before) $NIX_@infixSalt@_LDFLAGS_BEFORE" fi -export NIX_CC_WRAPPER_FLAGS_SET=1 +export NIX_CC_WRAPPER_@infixSalt@_FLAGS_SET=1 diff --git a/pkgs/build-support/cc-wrapper/cc-wrapper.sh b/pkgs/build-support/cc-wrapper/cc-wrapper.sh index 96655656607..ef9df4f968d 100644 --- a/pkgs/build-support/cc-wrapper/cc-wrapper.sh +++ b/pkgs/build-support/cc-wrapper/cc-wrapper.sh @@ -11,11 +11,11 @@ if [[ -n "@coreutils_bin@" && -n "@gnugrep_bin@" ]]; then PATH="@coreutils_bin@/bin:@gnugrep_bin@/bin" fi -if [ -n "$NIX_CC_WRAPPER_START_HOOK" ]; then - source "$NIX_CC_WRAPPER_START_HOOK" +if [ -n "$NIX_CC_WRAPPER_@infixSalt@_START_HOOK" ]; then + source "$NIX_CC_WRAPPER_@infixSalt@_START_HOOK" fi -if [ -z "$NIX_CC_WRAPPER_FLAGS_SET" ]; then +if [ -z "$NIX_CC_WRAPPER_@infixSalt@_FLAGS_SET" ]; then source @out@/nix-support/add-flags.sh fi @@ -63,7 +63,7 @@ while [ "$n" -lt "$nParams" ]; do nonFlagArgs=1 elif [ "$p" = -m32 ]; then if [ -e @out@/nix-support/dynamic-linker-m32 ]; then - NIX_LDFLAGS+=" -dynamic-linker $(< @out@/nix-support/dynamic-linker-m32)" + NIX_@infixSalt@_LDFLAGS+=" -dynamic-linker $(< @out@/nix-support/dynamic-linker-m32)" fi fi n+=1 @@ -106,7 +106,7 @@ fi # Clear march/mtune=native -- they bring impurity. -if [ "$NIX_ENFORCE_NO_NATIVE" = 1 ]; then +if [ "$NIX_@infixSalt@_ENFORCE_NO_NATIVE" = 1 ]; then rest=() for p in "${params[@]}"; do if [[ "$p" = -m*=native ]]; then @@ -120,36 +120,36 @@ fi if [[ "$isCpp" = 1 ]]; then if [[ "$cppInclude" = 1 ]]; then - NIX_CFLAGS_COMPILE+=" ${NIX_CXXSTDLIB_COMPILE-@default_cxx_stdlib_compile@}" + NIX_@infixSalt@_CFLAGS_COMPILE+=" ${NIX_@infixSalt@_CXXSTDLIB_COMPILE-@default_cxx_stdlib_compile@}" fi - NIX_CFLAGS_LINK+=" $NIX_CXXSTDLIB_LINK" + NIX_@infixSalt@_CFLAGS_LINK+=" $NIX_@infixSalt@_CXXSTDLIB_LINK" fi source @out@/nix-support/add-hardening.sh # Add the flags for the C compiler proper. -extraAfter=($NIX_CFLAGS_COMPILE "${hardeningCFlags[@]}") +extraAfter=($NIX_@infixSalt@_CFLAGS_COMPILE "${hardeningCFlags[@]}") extraBefore=() if [ "$dontLink" != 1 ]; then # Add the flags that should only be passed to the compiler when # linking. - extraAfter+=($NIX_CFLAGS_LINK "${hardeningLDFlags[@]}") + extraAfter+=($NIX_@infixSalt@_CFLAGS_LINK "${hardeningLDFlags[@]}") # Add the flags that should be passed to the linker (and prevent - # `ld-wrapper' from adding NIX_LDFLAGS again). - for i in $NIX_LDFLAGS_BEFORE; do + # `ld-wrapper' from adding NIX_@infixSalt@_LDFLAGS again). + for i in $NIX_@infixSalt@_LDFLAGS_BEFORE; do extraBefore+=("-Wl,$i") done - for i in $NIX_LDFLAGS; do + for i in $NIX_@infixSalt@_LDFLAGS; do if [ "${i:0:3}" = -L/ ]; then extraAfter+=("$i") else extraAfter+=("-Wl,$i") fi done - export NIX_LDFLAGS_SET=1 + export NIX_@infixSalt@_LDFLAGS_SET=1 fi # As a very special hack, if the arguments are just `-v', then don't @@ -171,8 +171,8 @@ if [ -n "$NIX_DEBUG" ]; then printf " %q\n" "${extraAfter[@]}" >&2 fi -if [ -n "$NIX_CC_WRAPPER_EXEC_HOOK" ]; then - source "$NIX_CC_WRAPPER_EXEC_HOOK" +if [ -n "$NIX_CC_WRAPPER_@infixSalt@_EXEC_HOOK" ]; then + source "$NIX_CC_WRAPPER_@infixSalt@_EXEC_HOOK" fi PATH="$path_backup" diff --git a/pkgs/build-support/cc-wrapper/gnat-wrapper.sh b/pkgs/build-support/cc-wrapper/gnat-wrapper.sh index dd97a07bd19..33272ba5345 100644 --- a/pkgs/build-support/cc-wrapper/gnat-wrapper.sh +++ b/pkgs/build-support/cc-wrapper/gnat-wrapper.sh @@ -10,11 +10,11 @@ if [ -n "@coreutils_bin@" ]; then PATH="@coreutils_bin@/bin" fi -if [ -n "$NIX_GNAT_WRAPPER_START_HOOK" ]; then - source "$NIX_GNAT_WRAPPER_START_HOOK" +if [ -n "$NIX_@infixSalt@_GNAT_WRAPPER_START_HOOK" ]; then + source "$NIX_@infixSalt@_GNAT_WRAPPER_START_HOOK" fi -if [ -z "$NIX_GNAT_WRAPPER_FLAGS_SET" ]; then +if [ -z "$NIX_@infixSalt@_GNAT_WRAPPER_FLAGS_SET" ]; then source @out@/nix-support/add-flags.sh fi @@ -35,7 +35,7 @@ for i in "$@"; do nonFlagArgs=1 elif [ "$i" = -m32 ]; then if [ -e @out@/nix-support/dynamic-linker-m32 ]; then - NIX_LDFLAGS+=" -dynamic-linker $(< @out@/nix-support/dynamic-linker-m32)" + NIX_@infixSalt@_LDFLAGS+=" -dynamic-linker $(< @out@/nix-support/dynamic-linker-m32)" fi fi done @@ -72,7 +72,7 @@ fi # Clear march/mtune=native -- they bring impurity. -if [ "$NIX_ENFORCE_NO_NATIVE" = 1 ]; then +if [ "$NIX_@infixSalt@_ENFORCE_NO_NATIVE" = 1 ]; then rest=() for p in "${params[@]}"; do if [[ "$p" = -m*=native ]]; then @@ -86,7 +86,7 @@ fi # Add the flags for the GNAT compiler proper. -extraAfter=($NIX_GNATFLAGS_COMPILE) +extraAfter=($NIX_@infixSalt@_GNATFLAGS_COMPILE) extraBefore=() if [ "$(basename "$0")x" = "gnatmakex" ]; then @@ -95,18 +95,18 @@ fi #if [ "$dontLink" != 1 ]; then # # Add the flags that should be passed to the linker (and prevent -# # `ld-wrapper' from adding NIX_LDFLAGS again). -# for i in $NIX_LDFLAGS_BEFORE; do +# # `ld-wrapper' from adding NIX_@infixSalt@_LDFLAGS again). +# for i in $NIX_@infixSalt@_LDFLAGS_BEFORE; do # extraBefore+=("-largs" "$i") # done -# for i in $NIX_LDFLAGS; do +# for i in $NIX_@infixSalt@_LDFLAGS; do # if [ "${i:0:3}" = -L/ ]; then # extraAfter+=("$i") # else # extraAfter+=("-largs" "$i") # fi # done -# export NIX_LDFLAGS_SET=1 +# export NIX_@infixSalt@_LDFLAGS_SET=1 #fi # Optionally print debug info. @@ -119,8 +119,8 @@ if [ -n "$NIX_DEBUG" ]; then printf " %q\n" "${extraAfter[@]}" >&2 fi -if [ -n "$NIX_GNAT_WRAPPER_EXEC_HOOK" ]; then - source "$NIX_GNAT_WRAPPER_EXEC_HOOK" +if [ -n "$NIX_@infixSalt@_GNAT_WRAPPER_EXEC_HOOK" ]; then + source "$NIX_@infixSalt@_GNAT_WRAPPER_EXEC_HOOK" fi PATH="$path_backup" diff --git a/pkgs/build-support/cc-wrapper/gnatlink-wrapper.sh b/pkgs/build-support/cc-wrapper/gnatlink-wrapper.sh index 3c1a805c3fa..c8493302852 100644 --- a/pkgs/build-support/cc-wrapper/gnatlink-wrapper.sh +++ b/pkgs/build-support/cc-wrapper/gnatlink-wrapper.sh @@ -7,18 +7,18 @@ extraAfter=("--GCC=@out@/bin/gcc") extraBefore=() ## Add the flags that should be passed to the linker (and prevent -## `ld-wrapper' from adding NIX_LDFLAGS again). -#for i in $NIX_LDFLAGS_BEFORE; do +## `ld-wrapper' from adding NIX_@infixSalt@_LDFLAGS again). +#for i in $NIX_@infixSalt@_LDFLAGS_BEFORE; do # extraBefore+=("-largs" "$i") #done -#for i in $NIX_LDFLAGS; do +#for i in $NIX_@infixSalt@_LDFLAGS; do # if [ "${i:0:3}" = -L/ ]; then # extraAfter+=("$i") # else # extraAfter+=("-largs" "$i") # fi #done -#export NIX_LDFLAGS_SET=1 +#export NIX_@infixSalt@_LDFLAGS_SET=1 # Optionally print debug info. if [ -n "$NIX_DEBUG" ]; then @@ -30,8 +30,8 @@ if [ -n "$NIX_DEBUG" ]; then printf " %q\n" "${extraAfter[@]}" >&2 fi -if [ -n "$NIX_GNAT_WRAPPER_EXEC_HOOK" ]; then - source "$NIX_GNAT_WRAPPER_EXEC_HOOK" +if [ -n "$NIX_@infixSalt@_GNAT_WRAPPER_EXEC_HOOK" ]; then + source "$NIX_@infixSalt@_GNAT_WRAPPER_EXEC_HOOK" fi exec @prog@ "${extraBefore[@]}" "$@" "${extraAfter[@]}" diff --git a/pkgs/build-support/cc-wrapper/ld-wrapper.sh b/pkgs/build-support/cc-wrapper/ld-wrapper.sh index 6ee66b0e3f2..fa8875e00b6 100644 --- a/pkgs/build-support/cc-wrapper/ld-wrapper.sh +++ b/pkgs/build-support/cc-wrapper/ld-wrapper.sh @@ -1,5 +1,5 @@ #! @shell@ -set -e -o pipefail +set -eu -o pipefail shopt -s nullglob path_backup="$PATH" @@ -10,11 +10,11 @@ if [ -n "@coreutils_bin@" ]; then PATH="@coreutils_bin@/bin" fi -if [ -n "$NIX_LD_WRAPPER_START_HOOK" ]; then - source "$NIX_LD_WRAPPER_START_HOOK" +if [ -n "$NIX_LD_WRAPPER_@infixSalt@_START_HOOK" ]; then + source "$NIX_LD_WRAPPER_@infixSalt@_START_HOOK" fi -if [ -z "$NIX_CC_WRAPPER_FLAGS_SET" ]; then +if [ -z "$NIX_CC_WRAPPER_@infixSalt@_FLAGS_SET" ]; then source @out@/nix-support/add-flags.sh fi @@ -24,7 +24,7 @@ source @out@/nix-support/utils.sh # Optionally filter out paths not refering to the store. expandResponseParams "$@" if [[ "$NIX_ENFORCE_PURITY" = 1 && -n "$NIX_STORE" - && ( -z "$NIX_IGNORE_LD_THROUGH_GCC" || -z "$NIX_LDFLAGS_SET" ) ]]; then + && ( -z "$NIX_@infixSalt@_IGNORE_LD_THROUGH_GCC" || -z "$NIX_@infixSalt@_LDFLAGS_SET" ) ]]; then rest=() nParams=${#params[@]} declare -i n=0 @@ -59,19 +59,19 @@ source @out@/nix-support/add-hardening.sh extraAfter=("${hardeningLDFlags[@]}") extraBefore=() -if [ -z "$NIX_LDFLAGS_SET" ]; then - extraAfter+=($NIX_LDFLAGS) - extraBefore+=($NIX_LDFLAGS_BEFORE) +if [ -z "$NIX_@infixSalt@_LDFLAGS_SET" ]; then + extraAfter+=($NIX_@infixSalt@_LDFLAGS) + extraBefore+=($NIX_@infixSalt@_LDFLAGS_BEFORE) fi -extraAfter+=($NIX_LDFLAGS_AFTER $NIX_LDFLAGS_HARDEN) +extraAfter+=($NIX_@infixSalt@_LDFLAGS_AFTER $NIX_@infixSalt@_LDFLAGS_HARDEN) declare -a libDirs declare -A libs relocatable= # Find all -L... switches for rpath, and relocatable flags for build id. -if [ "$NIX_DONT_SET_RPATH" != 1 ] || [ "$NIX_SET_BUILD_ID" = 1 ]; then +if [ "$NIX_@infixSalt@_DONT_SET_RPATH" != 1 ] || [ "$NIX_@infixSalt@_SET_BUILD_ID" = 1 ]; then prev= for p in "${extraBefore[@]}" "${params[@]}" "${extraAfter[@]}"; do case "$prev" in @@ -108,7 +108,7 @@ fi # Add all used dynamic libraries to the rpath. -if [ "$NIX_DONT_SET_RPATH" != 1 ]; then +if [ "$NIX_@infixSalt@_DONT_SET_RPATH" != 1 ]; then # For each directory in the library search path (-L...), # see if it contains a dynamic library used by a -l... flag. If # so, add the directory to the rpath. @@ -141,7 +141,7 @@ fi # Only add --build-id if this is a final link. FIXME: should build gcc # with --enable-linker-build-id instead? -if [ "$NIX_SET_BUILD_ID" = 1 ] && [ ! "$relocatable" ]; then +if [ "$NIX_@infixSalt@_SET_BUILD_ID" = 1 ] && [ ! "$relocatable" ]; then extraAfter+=(--build-id) fi @@ -156,8 +156,8 @@ if [ -n "$NIX_DEBUG" ]; then printf " %q\n" "${extraAfter[@]}" >&2 fi -if [ -n "$NIX_LD_WRAPPER_EXEC_HOOK" ]; then - source "$NIX_LD_WRAPPER_EXEC_HOOK" +if [ -n "$NIX_LD_WRAPPER_@infixSalt@_EXEC_HOOK" ]; then + source "$NIX_LD_WRAPPER_@infixSalt@_EXEC_HOOK" fi PATH="$path_backup" diff --git a/pkgs/build-support/cc-wrapper/setup-hook.sh b/pkgs/build-support/cc-wrapper/setup-hook.sh index 2bf507ce8df..360a667a3a5 100644 --- a/pkgs/build-support/cc-wrapper/setup-hook.sh +++ b/pkgs/build-support/cc-wrapper/setup-hook.sh @@ -1,4 +1,4 @@ -addCVars () { +ccWrapper_addCVars () { if [[ -d "$1/include" ]]; then export NIX_CFLAGS_COMPILE+=" ${ccIncludeFlag:--isystem} $1/include" fi @@ -16,7 +16,7 @@ addCVars () { fi } -envHooks+=(addCVars) +envHooks+=(ccWrapper_addCVars) # Note 1: these come *after* $out in the PATH (see setup.sh). # Note 2: phase separation makes this look useless to shellcheck. From 42f35503b56e293759685e9fb2a66ba75a55c339 Mon Sep 17 00:00:00 2001 From: John Ericson Date: Thu, 6 Jul 2017 17:19:53 -0400 Subject: [PATCH 03/23] cc-wrapper: Make hygienic See the added comments for what exactly has been done. --- pkgs/build-support/cc-wrapper/add-flags.sh | 75 +++++++++++++ pkgs/build-support/cc-wrapper/setup-hook.sh | 116 +++++++++++++++++--- pkgs/stdenv/generic/setup.sh | 13 +++ 3 files changed, 189 insertions(+), 15 deletions(-) diff --git a/pkgs/build-support/cc-wrapper/add-flags.sh b/pkgs/build-support/cc-wrapper/add-flags.sh index 37b3b4cae86..b3a765d38e3 100644 --- a/pkgs/build-support/cc-wrapper/add-flags.sh +++ b/pkgs/build-support/cc-wrapper/add-flags.sh @@ -1,3 +1,77 @@ +# N.B. It may be a surprise that the derivation-specific variables are exported, +# since this is just sourced by the wrapped binaries---the end consumers. This +# is because one wrapper binary may invoke another (e.g. cc invoking ld). In +# that case, it is cheaper/better to not repeat this step and let the forked +# wrapped binary just inherit the work of the forker's wrapper script. + +# Accumulate prefixes for taking in the right input parameters. See setup-hook +# for details. +declare -a role_prefixes=() +if [[ -n "${NIX_CC_WRAPPER_@infixSalt@_TARGET_BUILD:-}" ]]; then + role_prefixes+=(_BUILD) +fi +if [[ -n "${NIX_CC_WRAPPER_@infixSalt@_TARGET_HOST:-}" ]]; then + role_prefixes+=('') +fi +if [[ -n "${NIX_CC_WRAPPER_@infixSalt@_TARGET_TARGET:-}" ]]; then + role_prefixes+=(_TARGET) +fi + +# For each role we serve, we accumulate the input parameters into our own +# cc-wrapper-derivation-specific environment variables. +for pre in "${role_prefixes[@]}"; do + # We need to mangle names for hygiene, but also take parameters/overrides + # from the environment. + slurpUnsalted () { + case "$1" in + CC_WRAPPER_*) + local firstPre=NIX_CC_WRAPPER_ + local varname="${1#CC_WRAPPER_}" + ;; + LD_WRAPPER_*) + local firstPre=NIX_LD_WRAPPER_ + local varname="${1#LD_WRAPPER_}" + ;; + *) + local firstPre=NIX_ + local varname="$1" + ;; + esac + local inputVar="${firstPre}${pre}${varname}" + local outputVar="${firstPre}@infixSalt@_${varname}" + local delimiter='' + if [[ -n "${!outputVar:-}" && -n "${!inputVar:-}" ]]; then + delimiter=' ' + fi + # Easiest to just do this to deal with either the input or (old) output. + set +u + export ${outputVar}+="${delimiter}${!inputVar}" + set -u + } + + slurpUnsalted CC_WRAPPER_START_HOOK + slurpUnsalted CC_WRAPPER_EXEC_HOOK + slurpUnsalted LD_WRAPPER_START_HOOK + slurpUnsalted LD_WRAPPER_EXEC_HOOK + + slurpUnsalted CFLAGS_COMPILE + slurpUnsalted CFLAGS_LINK + slurpUnsalted CXXSTDLIB_COMPILE + slurpUnsalted CXXSTDLIB_LINK + slurpUnsalted DONT_SET_RPATH + slurpUnsalted GNATFLAGS_COMPILE + slurpUnsalted IGNORE_LD_THROUGH_GCC + slurpUnsalted LDFLAGS + slurpUnsalted LDFLAGS_BEFORE + slurpUnsalted LDFLAGS_AFTER + slurpUnsalted LDFLAGS_HARDEN + + slurpUnsalted SET_BUILD_ID + slurpUnsalted DONT_SET_RPATH + slurpUnsalted ENFORCE_NO_NATIVE +done +unset -f slurpUnsalted + # `-B@out@/bin' forces cc to use ld-wrapper.sh when calling ld. export NIX_@infixSalt@_CFLAGS_COMPILE="-B@out@/bin/ $NIX_@infixSalt@_CFLAGS_COMPILE" @@ -34,4 +108,5 @@ if [ -e @out@/nix-support/libc-ldflags-before ]; then NIX_@infixSalt@_LDFLAGS_BEFORE="$(< @out@/nix-support/libc-ldflags-before) $NIX_@infixSalt@_LDFLAGS_BEFORE" fi +# That way forked processes don't againt extend these environment variables export NIX_CC_WRAPPER_@infixSalt@_FLAGS_SET=1 diff --git a/pkgs/build-support/cc-wrapper/setup-hook.sh b/pkgs/build-support/cc-wrapper/setup-hook.sh index 360a667a3a5..c6abd6281d2 100644 --- a/pkgs/build-support/cc-wrapper/setup-hook.sh +++ b/pkgs/build-support/cc-wrapper/setup-hook.sh @@ -1,21 +1,111 @@ +# CC Wrapper hygiene +# +# For at least cross compilation, we need to depend on multiple cc-wrappers at +# once---specifically up to one per sort of dependency. This follows from having +# different tools targeting different platforms, and different flags for those +# tools. For example: +# +# # Flags for compiling (whether or not linking) C code for the... +# NIX_BUILD_CFLAGS_COMPILE # ...build platform +# NIX_CFLAGS_COMPILE # ...host platform +# NIX_TARGET_CFLAGS_COMPILE # ...target platform +# +# Notice that these platforms are the 3 *relative* to the package using +# cc-wrapper, not absolute like `x86_64-pc-linux-gnu`. +# +# The simplest solution would be to have separate cc-wrappers per (3 intended +# use-cases * n absolute concrete platforms). For the use-case axis, we would +# @-splice in 'BUILD_' '' 'TARGET_' to use the write environment variables when +# building the cc-wrapper, and likewise prefix the binaries' names so they didn't +# clobber each other on the PATH. But the need for 3x cc-wrappers, along with +# non-standard name prefixes, is annoying and liable to break packages' build +# systems. +# +# Instead, we opt to have just one cc-wrapper per absolute platform. Matching +# convention, the binaries' names can just be prefixed with their target +# platform. On the other hand, that means packages will depend on not just +# multiple cc-wrappers, but the exact same cc-wrapper derivation multiple ways. +# That means the exact same cc-wrapper derivation must be able to avoid +# conflicting with itself, despite the fact that `setup-hook.sh`, the `addCvars` +# function, and `add-flags.sh` are all communicating with each other with +# environment variables. Yuck. +# +# The basic strategy is: +# +# - Everyone exclusively *adds information* to relative-platform-specific +# environment variables, like `NIX_TARGET_CFLAGS_COMPILE`, to communicate +# with the wrapped binaries. +# +# - The wrapped binaries will exclusively *read* cc-wrapper-derivation-specific +# environment variables distinguished with with `infixSalt`, like +# `NIX_@infixSalt@_CFLAGS_COMPILE`. +# +# - `add-flags`, beyond its old task of reading extra flags stuck inside the +# cc-wrapper derivation, will convert the relative-platform-specific +# variables to cc-wrapper-derivation-specific variables. This conversion is +# the only time all but one of the cc-wrapper-derivation-specific variables +# are set. +# +# This ensures the flow of information is exclusive from +# relative-platform-specific variables to cc-wrapper-derivation-specific +# variables. This allows us to support the general case of a many--many relation +# between relative platforms and cc-wrapper derivations. +# +# For more details, read the individual files where the mechanisms used to +# accomplish this will be individually documented. + + +# It's fine that any other cc-wrapper will redefine this. Bash functions close +# over no state, and there's no @-substitutions within, so any redefined +# function is guaranteed to be exactly the same. ccWrapper_addCVars () { + # The `depOffset` describes how the platforms of the dependencies are slid + # relative to the depending package. It is brought into scope of the + # environment hook defined as the role of the dependency being applied. + case $depOffset in + -1) local role='BUILD_' ;; + 0) local role='' ;; + 1) local role='TARGET_' ;; + *) echo "cc-wrapper: Error: Cannot be used with $depOffset-offset deps, " >2; + return 1 ;; + esac + if [[ -d "$1/include" ]]; then - export NIX_CFLAGS_COMPILE+=" ${ccIncludeFlag:--isystem} $1/include" + export NIX_${role}CFLAGS_COMPILE+=" ${ccIncludeFlag:--isystem} $1/include" fi if [[ -d "$1/lib64" && ! -L "$1/lib64" ]]; then - export NIX_LDFLAGS+=" -L$1/lib64" + export NIX_${role}LDFLAGS+=" -L$1/lib64" fi if [[ -d "$1/lib" ]]; then - export NIX_LDFLAGS+=" -L$1/lib" + export NIX_${role}LDFLAGS+=" -L$1/lib" fi if [[ -d "$1/Library/Frameworks" ]]; then - export NIX_CFLAGS_COMPILE+=" -F$1/Library/Frameworks" + export NIX_${role}CFLAGS_COMPILE+=" -F$1/Library/Frameworks" fi } +# Since the same cc-wrapper derivation can be depend on in multiple ways, we +# need to accumulate *each* role (i.e. target platform relative the depending +# derivation) in which the cc-wrapper derivation is used. +# `NIX_CC_WRAPPER_@infixSalt@_TARGET_*` tracks this (needs to be an exported env +# var so can't use fancier data structures). +# +# We also need to worry about what role is being added on *this* invocation of +# setup-hook, which `role` tracks. +if [ -n "${crossConfig:-}" ]; then + export NIX_CC_WRAPPER_@infixSalt@_TARGET_BUILD=1 + role="BUILD_" +else + export NIX_CC_WRAPPER_@infixSalt@_TARGET_HOST=1 + role="" +fi + +# Eventually the exact sort of env-hook we create will depend on the role. This +# is because based on what relative platform we are targeting, we use different +# dependencies. envHooks+=(ccWrapper_addCVars) # Note 1: these come *after* $out in the PATH (see setup.sh). @@ -41,16 +131,12 @@ if [ -n "@coreutils_bin@" ]; then addToSearchPath _PATH @coreutils_bin@/bin fi -if [ -z "${crossConfig:-}" ]; then - ENV_PREFIX="" -else - ENV_PREFIX="BUILD_" -fi +# Export tool environment variables so various build systems use the right ones. -export NIX_${ENV_PREFIX}CC=@out@ +export NIX_${role}CC=@out@ -export ${ENV_PREFIX}CC=@named_cc@ -export ${ENV_PREFIX}CXX=@named_cxx@ +export ${role}CC=@named_cc@ +export ${role}CXX=@named_cxx@ for CMD in \ cpp \ @@ -59,9 +145,9 @@ do if PATH=$_PATH type -p "@binPrefix@$CMD" > /dev/null then - export "${ENV_PREFIX}$(echo "$CMD" | tr "[:lower:]" "[:upper:]")=@binPrefix@${CMD}"; + export "${role}$(echo "$CMD" | tr "[:lower:]" "[:upper:]")=@binPrefix@${CMD}"; fi done -# No local scope available for sourced files -unset ENV_PREFIX +# No local scope in sourced file +unset role diff --git a/pkgs/stdenv/generic/setup.sh b/pkgs/stdenv/generic/setup.sh index dc3369f6611..81ed1c635e1 100644 --- a/pkgs/stdenv/generic/setup.sh +++ b/pkgs/stdenv/generic/setup.sh @@ -336,8 +336,20 @@ fi # Set the relevant environment variables to point to the build inputs # found above. +# +# These `depOffset`s tell the env hook what sort of dependency +# (ignoring propagatedness) is being passed to the env hook. In a real +# language, we'd append a closure with this information to the +# relevant env hook array, but bash doesn't have closures, so it's +# easier to just pass this in. + _addToNativeEnv() { local pkg="$1" + if [[ -n "${crossConfig:-}" ]]; then + local -i depOffset=-1 + else + local -i depOffset=0 + fi # Run the package-specific hooks set by the setup-hook scripts. runHook envHook "$pkg" @@ -349,6 +361,7 @@ done _addToCrossEnv() { local pkg="$1" + local -i depOffset=0 # Run the package-specific hooks set by the setup-hook scripts. runHook crossEnvHook "$pkg" From a8bd415fa06a100b29297db86aadb6f00da70bbf Mon Sep 17 00:00:00 2001 From: John Ericson Date: Thu, 3 Aug 2017 11:29:15 -0400 Subject: [PATCH 04/23] unzip: cc-wrapper has been fixed so don't need to be so clever --- pkgs/tools/archivers/unzip/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/tools/archivers/unzip/default.nix b/pkgs/tools/archivers/unzip/default.nix index a35e473ec36..7c4bb988b62 100644 --- a/pkgs/tools/archivers/unzip/default.nix +++ b/pkgs/tools/archivers/unzip/default.nix @@ -37,7 +37,7 @@ stdenv.mkDerivation { makefile = "unix/Makefile"; - ${"NIX_${stdenv.cc.infixSalt_}LDFLAGS"} = [ "-lbz2" ] ++ stdenv.lib.optional enableNLS "-lnatspec"; + NIX_LDFLAGS = [ "-lbz2" ] ++ stdenv.lib.optional enableNLS "-lnatspec"; buildFlags = "generic D_USE_BZ2=-DUSE_BZIP2 L_BZ2=-lbz2"; From 2493454e13c25ff990d06deb38b1024e4a0a99f8 Mon Sep 17 00:00:00 2001 From: John Ericson Date: Thu, 3 Aug 2017 15:34:23 -0400 Subject: [PATCH 05/23] cc-wrapper: Use `set -u` throughout Now is an opportune time to do this, as the infixSalt conversion in `add-flags.sh` ensures that all the relevant `NIX_*` vars will be defined even if empty. --- .../build-support/cc-wrapper/add-hardening.sh | 40 ++++++++++--------- pkgs/build-support/cc-wrapper/cc-wrapper.sh | 21 +++++----- pkgs/build-support/cc-wrapper/gnat-wrapper.sh | 17 ++++---- .../cc-wrapper/gnatlink-wrapper.sh | 7 +++- pkgs/build-support/cc-wrapper/ld-wrapper.sh | 31 ++++++++------ pkgs/build-support/cc-wrapper/utils.sh | 2 +- 6 files changed, 68 insertions(+), 50 deletions(-) diff --git a/pkgs/build-support/cc-wrapper/add-hardening.sh b/pkgs/build-support/cc-wrapper/add-hardening.sh index c91ff0a9d0b..aa8eb720486 100644 --- a/pkgs/build-support/cc-wrapper/add-hardening.sh +++ b/pkgs/build-support/cc-wrapper/add-hardening.sh @@ -1,67 +1,69 @@ hardeningFlags=(fortify stackprotector pic strictoverflow format relro bindnow) -# Intentionally word-split in case 'hardeningEnable' is defined in Nix. -hardeningFlags+=(${hardeningEnable[@]}) +# Intentionally word-split in case 'hardeningEnable' is defined in +# Nix. Also, our bootstrap tools version of bash is old enough that +# undefined arrays trip `set -u`. +if [[ -v hardeningEnable[@] ]]; then + hardeningFlags+=(${hardeningEnable[@]}) +fi hardeningCFlags=() hardeningLDFlags=() declare -A hardeningDisableMap -# Intentionally word-split in case 'hardeningDisable' is defined in Nix. The -# array expansion also prevents undefined variables from causing trouble with -# `set -u`. -for flag in ${hardeningDisable[@]} @hardening_unsupported_flags@ +# Intentionally word-split in case 'hardeningDisable' is defined in Nix. +for flag in ${hardeningDisable[@]:-IGNORED_KEY} @hardening_unsupported_flags@ do hardeningDisableMap[$flag]=1 done -if [[ -n "$NIX_DEBUG" ]]; then +if [[ -n "${NIX_DEBUG:-}" ]]; then printf 'HARDENING: disabled flags:' >&2 (( "${#hardeningDisableMap[@]}" )) && printf ' %q' "${!hardeningDisableMap[@]}" >&2 echo >&2 fi -if [[ -z "${hardeningDisableMap[all]}" ]]; then - if [[ -n "$NIX_DEBUG" ]]; then +if [[ -z "${hardeningDisableMap[all]:-}" ]]; then + if [[ -n "${NIX_DEBUG:-}" ]]; then echo 'HARDENING: Is active (not completely disabled with "all" flag)' >&2; fi for flag in "${hardeningFlags[@]}" do - if [[ -z "${hardeningDisableMap[$flag]}" ]]; then + if [[ -z "${hardeningDisableMap[$flag]:-}" ]]; then case $flag in fortify) - if [[ -n "$NIX_DEBUG" ]]; then echo HARDENING: enabling fortify >&2; fi + if [[ -n "${NIX_DEBUG:-}" ]]; then echo HARDENING: enabling fortify >&2; fi hardeningCFlags+=('-O2' '-D_FORTIFY_SOURCE=2') ;; stackprotector) - if [[ -n "$NIX_DEBUG" ]]; then echo HARDENING: enabling stackprotector >&2; fi + if [[ -n "${NIX_DEBUG:-}" ]]; then echo HARDENING: enabling stackprotector >&2; fi hardeningCFlags+=('-fstack-protector-strong' '--param' 'ssp-buffer-size=4') ;; pie) - if [[ -n "$NIX_DEBUG" ]]; then echo HARDENING: enabling CFlags -fPIE >&2; fi + if [[ -n "${NIX_DEBUG:-}" ]]; then echo HARDENING: enabling CFlags -fPIE >&2; fi hardeningCFlags+=('-fPIE') if [[ ! ("$*" =~ " -shared " || "$*" =~ " -static ") ]]; then - if [[ -n "$NIX_DEBUG" ]]; then echo HARDENING: enabling LDFlags -pie >&2; fi + if [[ -n "${NIX_DEBUG:-}" ]]; then echo HARDENING: enabling LDFlags -pie >&2; fi hardeningLDFlags+=('-pie') fi ;; pic) - if [[ -n "$NIX_DEBUG" ]]; then echo HARDENING: enabling pic >&2; fi + if [[ -n "${NIX_DEBUG:-}" ]]; then echo HARDENING: enabling pic >&2; fi hardeningCFlags+=('-fPIC') ;; strictoverflow) - if [[ -n "$NIX_DEBUG" ]]; then echo HARDENING: enabling strictoverflow >&2; fi + if [[ -n "${NIX_DEBUG:-}" ]]; then echo HARDENING: enabling strictoverflow >&2; fi hardeningCFlags+=('-fno-strict-overflow') ;; format) - if [[ -n "$NIX_DEBUG" ]]; then echo HARDENING: enabling format >&2; fi + if [[ -n "${NIX_DEBUG:-}" ]]; then echo HARDENING: enabling format >&2; fi hardeningCFlags+=('-Wformat' '-Wformat-security' '-Werror=format-security') ;; relro) - if [[ -n "$NIX_DEBUG" ]]; then echo HARDENING: enabling relro >&2; fi + if [[ -n "${NIX_DEBUG:-}" ]]; then echo HARDENING: enabling relro >&2; fi hardeningLDFlags+=('-z' 'relro') ;; bindnow) - if [[ -n "$NIX_DEBUG" ]]; then echo HARDENING: enabling bindnow >&2; fi + if [[ -n "${NIX_DEBUG:-}" ]]; then echo HARDENING: enabling bindnow >&2; fi hardeningLDFlags+=('-z' 'now') ;; *) diff --git a/pkgs/build-support/cc-wrapper/cc-wrapper.sh b/pkgs/build-support/cc-wrapper/cc-wrapper.sh index ef9df4f968d..e5a3a581851 100644 --- a/pkgs/build-support/cc-wrapper/cc-wrapper.sh +++ b/pkgs/build-support/cc-wrapper/cc-wrapper.sh @@ -1,5 +1,5 @@ #! @shell@ -set -e -o pipefail +set -eu -o pipefail shopt -s nullglob path_backup="$PATH" @@ -11,12 +11,12 @@ if [[ -n "@coreutils_bin@" && -n "@gnugrep_bin@" ]]; then PATH="@coreutils_bin@/bin:@gnugrep_bin@/bin" fi -if [ -n "$NIX_CC_WRAPPER_@infixSalt@_START_HOOK" ]; then - source "$NIX_CC_WRAPPER_@infixSalt@_START_HOOK" +if [ -z "${NIX_CC_WRAPPER_@infixSalt@_FLAGS_SET:-}" ]; then + source @out@/nix-support/add-flags.sh fi -if [ -z "$NIX_CC_WRAPPER_@infixSalt@_FLAGS_SET" ]; then - source @out@/nix-support/add-flags.sh +if [ -n "$NIX_CC_WRAPPER_@infixSalt@_START_HOOK" ]; then + source "$NIX_CC_WRAPPER_@infixSalt@_START_HOOK" fi source @out@/nix-support/utils.sh @@ -36,7 +36,7 @@ declare -i n=0 nParams=${#params[@]} while [ "$n" -lt "$nParams" ]; do p=${params[n]} - p2=${params[n+1]} + p2=${params[n+1]:-} # handle `p` being last one if [ "$p" = -c ]; then dontLink=1 elif [ "$p" = -S ]; then @@ -79,13 +79,13 @@ if [ "$nonFlagArgs" = 0 ]; then fi # Optionally filter out paths not refering to the store. -if [[ "$NIX_ENFORCE_PURITY" = 1 && -n "$NIX_STORE" ]]; then +if [[ "${NIX_ENFORCE_PURITY:-}" = 1 && -n "$NIX_STORE" ]]; then rest=() nParams=${#params[@]} declare -i n=0 while [ "$n" -lt "$nParams" ]; do p=${params[n]} - p2=${params[n+1]} + p2=${params[n+1]:-} # handle `p` being last one if [ "${p:0:3}" = -L/ ] && badPath "${p:2}"; then skip "${p:2}" elif [ "$p" = -L ] && badPath "$p2"; then @@ -162,13 +162,15 @@ if [ "$*" = -v ]; then fi # Optionally print debug info. -if [ -n "$NIX_DEBUG" ]; then +if [ -n "${NIX_DEBUG:-}" ]; then + set +u # Old bash workaround, see ld-wrapper for explanation. echo "extra flags before to @prog@:" >&2 printf " %q\n" "${extraBefore[@]}" >&2 echo "original flags to @prog@:" >&2 printf " %q\n" "${params[@]}" >&2 echo "extra flags after to @prog@:" >&2 printf " %q\n" "${extraAfter[@]}" >&2 + set -u fi if [ -n "$NIX_CC_WRAPPER_@infixSalt@_EXEC_HOOK" ]; then @@ -176,4 +178,5 @@ if [ -n "$NIX_CC_WRAPPER_@infixSalt@_EXEC_HOOK" ]; then fi PATH="$path_backup" +set +u # Old bash workaround, see above. exec @prog@ "${extraBefore[@]}" "${params[@]}" "${extraAfter[@]}" diff --git a/pkgs/build-support/cc-wrapper/gnat-wrapper.sh b/pkgs/build-support/cc-wrapper/gnat-wrapper.sh index 33272ba5345..1a09f484109 100644 --- a/pkgs/build-support/cc-wrapper/gnat-wrapper.sh +++ b/pkgs/build-support/cc-wrapper/gnat-wrapper.sh @@ -1,7 +1,10 @@ #! @shell@ -set -e -o pipefail +set -eu -o pipefail shopt -s nullglob +# N.B. Gnat is not used during bootstrapping, so we don't need to +# worry about the old bash empty array `set -u` workarounds. + path_backup="$PATH" # phase separation makes this look useless @@ -10,12 +13,12 @@ if [ -n "@coreutils_bin@" ]; then PATH="@coreutils_bin@/bin" fi -if [ -n "$NIX_@infixSalt@_GNAT_WRAPPER_START_HOOK" ]; then - source "$NIX_@infixSalt@_GNAT_WRAPPER_START_HOOK" +if [ -z "${NIX_@infixSalt@_GNAT_WRAPPER_FLAGS_SET:-}" ]; then + source @out@/nix-support/add-flags.sh fi -if [ -z "$NIX_@infixSalt@_GNAT_WRAPPER_FLAGS_SET" ]; then - source @out@/nix-support/add-flags.sh +if [ -n "$NIX_@infixSalt@_GNAT_WRAPPER_START_HOOK" ]; then + source "$NIX_@infixSalt@_GNAT_WRAPPER_START_HOOK" fi source @out@/nix-support/utils.sh @@ -52,7 +55,7 @@ fi # Optionally filter out paths not refering to the store. params=("$@") -if [[ "$NIX_ENFORCE_PURITY" = 1 && -n "$NIX_STORE" ]]; then +if [[ "${NIX_ENFORCE_PURITY:-}" = 1 && -n "$NIX_STORE" ]]; then rest=() for p in "${params[@]}"; do if [ "${p:0:3}" = -L/ ] && badPath "${p:2}"; then @@ -110,7 +113,7 @@ fi #fi # Optionally print debug info. -if [ -n "$NIX_DEBUG" ]; then +if [ -n "${NIX_DEBUG:-}" ]; then echo "extra flags before to @prog@:" >&2 printf " %q\n" "${extraBefore[@]}" >&2 echo "original flags to @prog@:" >&2 diff --git a/pkgs/build-support/cc-wrapper/gnatlink-wrapper.sh b/pkgs/build-support/cc-wrapper/gnatlink-wrapper.sh index c8493302852..ee973d3270f 100644 --- a/pkgs/build-support/cc-wrapper/gnatlink-wrapper.sh +++ b/pkgs/build-support/cc-wrapper/gnatlink-wrapper.sh @@ -1,7 +1,10 @@ #! @shell@ -set -e -o pipefail +set -eu -o pipefail shopt -s nullglob +# N.B. Gnat is not used during bootstrapping, so we don't need to +# worry about the old bash empty array `set -u` workarounds. + # Add the flags for the GNAT compiler proper. extraAfter=("--GCC=@out@/bin/gcc") extraBefore=() @@ -21,7 +24,7 @@ extraBefore=() #export NIX_@infixSalt@_LDFLAGS_SET=1 # Optionally print debug info. -if [ -n "$NIX_DEBUG" ]; then +if [ -n "${NIX_DEBUG:-}" ]; then echo "extra flags before to @prog@:" >&2 printf " %q\n" "${extraBefore[@]}" >&2 echo "original flags to @prog@:" >&2 diff --git a/pkgs/build-support/cc-wrapper/ld-wrapper.sh b/pkgs/build-support/cc-wrapper/ld-wrapper.sh index fa8875e00b6..e47a6bfec86 100644 --- a/pkgs/build-support/cc-wrapper/ld-wrapper.sh +++ b/pkgs/build-support/cc-wrapper/ld-wrapper.sh @@ -10,12 +10,12 @@ if [ -n "@coreutils_bin@" ]; then PATH="@coreutils_bin@/bin" fi -if [ -n "$NIX_LD_WRAPPER_@infixSalt@_START_HOOK" ]; then - source "$NIX_LD_WRAPPER_@infixSalt@_START_HOOK" +if [ -z "${NIX_CC_WRAPPER_@infixSalt@_FLAGS_SET:-}" ]; then + source @out@/nix-support/add-flags.sh fi -if [ -z "$NIX_CC_WRAPPER_@infixSalt@_FLAGS_SET" ]; then - source @out@/nix-support/add-flags.sh +if [ -n "$NIX_LD_WRAPPER_@infixSalt@_START_HOOK" ]; then + source "$NIX_LD_WRAPPER_@infixSalt@_START_HOOK" fi source @out@/nix-support/utils.sh @@ -23,14 +23,14 @@ source @out@/nix-support/utils.sh # Optionally filter out paths not refering to the store. expandResponseParams "$@" -if [[ "$NIX_ENFORCE_PURITY" = 1 && -n "$NIX_STORE" - && ( -z "$NIX_@infixSalt@_IGNORE_LD_THROUGH_GCC" || -z "$NIX_@infixSalt@_LDFLAGS_SET" ) ]]; then +if [[ "${NIX_ENFORCE_PURITY:-}" = 1 && -n "$NIX_STORE" + && ( -z "$NIX_@infixSalt@_IGNORE_LD_THROUGH_GCC" || -z "${NIX_@infixSalt@_LDFLAGS_SET:-}" ) ]]; then rest=() nParams=${#params[@]} declare -i n=0 while [ "$n" -lt "$nParams" ]; do p=${params[n]} - p2=${params[n+1]} + p2=${params[n+1]:-} # handle `p` being last one if [ "${p:0:3}" = -L/ ] && badPath "${p:2}"; then skip "${p:2}" elif [ "$p" = -L ] && badPath "$p2"; then @@ -59,7 +59,7 @@ source @out@/nix-support/add-hardening.sh extraAfter=("${hardeningLDFlags[@]}") extraBefore=() -if [ -z "$NIX_@infixSalt@_LDFLAGS_SET" ]; then +if [ -z "${NIX_@infixSalt@_LDFLAGS_SET:-}" ]; then extraAfter+=($NIX_@infixSalt@_LDFLAGS) extraBefore+=($NIX_@infixSalt@_LDFLAGS_BEFORE) fi @@ -73,7 +73,11 @@ relocatable= # Find all -L... switches for rpath, and relocatable flags for build id. if [ "$NIX_@infixSalt@_DONT_SET_RPATH" != 1 ] || [ "$NIX_@infixSalt@_SET_BUILD_ID" = 1 ]; then prev= + # Old bash thinks empty arrays are undefined, ugh, so temporarily disable + # `set -u`. + set +u for p in "${extraBefore[@]}" "${params[@]}" "${extraAfter[@]}"; do + set -u case "$prev" in -L) libDirs+=("$p") @@ -119,7 +123,7 @@ if [ "$NIX_@infixSalt@_DONT_SET_RPATH" != 1 ]; then if [[ "$dir" =~ [/.][/.] ]] && dir2=$(readlink -f "$dir"); then dir="$dir2" fi - if [ "${rpaths[$dir]}" ] || [[ "$dir" != "$NIX_STORE"/* ]]; then + if [ -n "${rpaths[$dir]:-}" ] || [[ "$dir" != "$NIX_STORE"/* ]]; then # If the path is not in the store, don't add it to the rpath. # This typically happens for libraries in /tmp that are later # copied to $out/lib. If not, we're screwed. @@ -127,9 +131,9 @@ if [ "$NIX_@infixSalt@_DONT_SET_RPATH" != 1 ]; then fi for path in "$dir"/lib*.so; do file="${path##*/}" - if [ "${libs[$file]}" ]; then + if [ "${libs[$file]:-}" ]; then libs["$file"]= - if [ ! "${rpaths[$dir]}" ]; then + if [ -z "${rpaths[$dir]:-}" ]; then rpaths["$dir"]=1 extraAfter+=(-rpath "$dir") fi @@ -147,13 +151,15 @@ fi # Optionally print debug info. -if [ -n "$NIX_DEBUG" ]; then +if [ -n "${NIX_DEBUG:-}" ]; then + set +u # Old bash workaround, see above. echo "extra flags before to @prog@:" >&2 printf " %q\n" "${extraBefore[@]}" >&2 echo "original flags to @prog@:" >&2 printf " %q\n" "${params[@]}" >&2 echo "extra flags after to @prog@:" >&2 printf " %q\n" "${extraAfter[@]}" >&2 + set -u fi if [ -n "$NIX_LD_WRAPPER_@infixSalt@_EXEC_HOOK" ]; then @@ -161,4 +167,5 @@ if [ -n "$NIX_LD_WRAPPER_@infixSalt@_EXEC_HOOK" ]; then fi PATH="$path_backup" +set +u # Old bash workaround, see above. exec @prog@ "${extraBefore[@]}" "${params[@]}" "${extraAfter[@]}" diff --git a/pkgs/build-support/cc-wrapper/utils.sh b/pkgs/build-support/cc-wrapper/utils.sh index 267044b2c4f..5a70c2d9ccf 100644 --- a/pkgs/build-support/cc-wrapper/utils.sh +++ b/pkgs/build-support/cc-wrapper/utils.sh @@ -1,5 +1,5 @@ skip () { - if [ -n "$NIX_DEBUG" ]; then + if [ -n "${NIX_DEBUG:-}" ]; then echo "skipping impure path $1" >&2 fi } From 810fb0c9682053dcaa3eadfff4f52128f9cb5c4f Mon Sep 17 00:00:00 2001 From: John Ericson Date: Mon, 7 Aug 2017 11:04:19 -0400 Subject: [PATCH 06/23] cc-wrapper: Don't slurp `NIX_DONT_SET_RPATH` twice Otherwise we end with a definition like `1 1`, which doesn't trigger the right conditional. --- pkgs/build-support/cc-wrapper/add-flags.sh | 1 - 1 file changed, 1 deletion(-) diff --git a/pkgs/build-support/cc-wrapper/add-flags.sh b/pkgs/build-support/cc-wrapper/add-flags.sh index b3a765d38e3..3d01dba6476 100644 --- a/pkgs/build-support/cc-wrapper/add-flags.sh +++ b/pkgs/build-support/cc-wrapper/add-flags.sh @@ -58,7 +58,6 @@ for pre in "${role_prefixes[@]}"; do slurpUnsalted CFLAGS_LINK slurpUnsalted CXXSTDLIB_COMPILE slurpUnsalted CXXSTDLIB_LINK - slurpUnsalted DONT_SET_RPATH slurpUnsalted GNATFLAGS_COMPILE slurpUnsalted IGNORE_LD_THROUGH_GCC slurpUnsalted LDFLAGS From 12354b8eb55fd76db73df6efab82aa083c7cfae4 Mon Sep 17 00:00:00 2001 From: Taahir Ahmed Date: Thu, 13 Apr 2017 02:43:50 -0500 Subject: [PATCH 07/23] dieHook: Add `die` utility function Calling `die "Error message"` causes the current script to exit with an error, printing a backtrace --- pkgs/build-support/setup-hooks/die.sh | 21 +++++++++++++++++++++ pkgs/top-level/all-packages.nix | 5 ++++- 2 files changed, 25 insertions(+), 1 deletion(-) create mode 100644 pkgs/build-support/setup-hooks/die.sh diff --git a/pkgs/build-support/setup-hooks/die.sh b/pkgs/build-support/setup-hooks/die.sh new file mode 100644 index 00000000000..0db41e030f4 --- /dev/null +++ b/pkgs/build-support/setup-hooks/die.sh @@ -0,0 +1,21 @@ +# Exit with backtrace and error message +# +# Usage: die "Error message" +die() { + # Let us be a little sloppy with errors, because otherwise the final + # invocation of `caller` below will cause the script to exit. + set +e + + # Print our error message + printf "\nBuilder called die: %b\n" "$*" + printf "Backtrace:\n" + + # Print a backtrace. + local frame=0 + while caller $frame; do + ((frame++)); + done + printf "\n" + + exit 1 +} diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 971c939957a..8235f494c6a 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -100,6 +100,8 @@ with pkgs; diffPlugins = (callPackage ../build-support/plugins.nix {}).diffPlugins; + dieHook = makeSetupHook {} ../build-support/setup-hooks/die.sh; + dockerTools = callPackage ../build-support/docker { }; docker_compose = pythonPackages.docker_compose; @@ -287,7 +289,8 @@ with pkgs; inherit contents compressor prepend; }; - makeWrapper = makeSetupHook { } ../build-support/setup-hooks/make-wrapper.sh; + makeWrapper = makeSetupHook { deps = [ dieHook ]; } + ../build-support/setup-hooks/make-wrapper.sh; makeModulesClosure = { kernel, rootModules, allowMissing ? false }: callPackage ../build-support/kernel/modules-closure.nix { From ece5387b09704be1335c9c32279507a76fcf23c1 Mon Sep 17 00:00:00 2001 From: Taahir Ahmed Date: Thu, 13 Apr 2017 22:49:05 -0500 Subject: [PATCH 08/23] makeWrapper: Die on unsupported arguments Previously, makeWrapper would accept arguments it didn't recognize, potentially allowing argument misspellings or broken callers. Now, makeWrapper dies with a backtrace if it is called incorrectly. Also changes `wrapProgram` so that it doesn't pass through the first argument twice --- this was tripping up the argument checking. --- .../build-support/setup-hooks/make-wrapper.sh | 34 ++++++------------- 1 file changed, 11 insertions(+), 23 deletions(-) diff --git a/pkgs/build-support/setup-hooks/make-wrapper.sh b/pkgs/build-support/setup-hooks/make-wrapper.sh index eebde886a88..ec32cd800e0 100644 --- a/pkgs/build-support/setup-hooks/make-wrapper.sh +++ b/pkgs/build-support/setup-hooks/make-wrapper.sh @@ -32,26 +32,20 @@ makeWrapper() { for ((n = 2; n < ${#params[*]}; n += 1)); do p="${params[$n]}" - if test "$p" = "--set"; then + if [[ "$p" == "--set" ]]; then varName="${params[$((n + 1))]}" value="${params[$((n + 2))]}" n=$((n + 2)) echo "export $varName=\"$value\"" >> "$wrapper" - fi - - if test "$p" = "--unset"; then + elif [[ "$p" == "--unset" ]]; then varName="${params[$((n + 1))]}" n=$((n + 1)) echo "unset $varName" >> "$wrapper" - fi - - if test "$p" = "--run"; then + elif [[ "$p" == "--run" ]]; then command="${params[$((n + 1))]}" n=$((n + 1)) echo "$command" >> "$wrapper" - fi - - if test "$p" = "--suffix" -o "$p" = "--prefix"; then + elif [[ ("$p" == "--suffix") || ("$p" == "--prefix") ]]; then varName="${params[$((n + 1))]}" separator="${params[$((n + 2))]}" value="${params[$((n + 3))]}" @@ -63,9 +57,7 @@ makeWrapper() { echo "export $varName=$value\${$varName:+$separator}\$$varName" >> "$wrapper" fi fi - fi - - if test "$p" = "--suffix-each"; then + elif [[ "$p" == "--suffix-each" ]]; then varName="${params[$((n + 1))]}" separator="${params[$((n + 2))]}" values="${params[$((n + 3))]}" @@ -73,9 +65,7 @@ makeWrapper() { for value in $values; do echo "export $varName=\$$varName\${$varName:+$separator}$value" >> "$wrapper" done - fi - - if test "$p" = "--suffix-contents" -o "$p" = "--prefix-contents"; then + elif [[ ("$p" == "--suffix-contents") || ("$p" == "--prefix-contents") ]]; then varName="${params[$((n + 1))]}" separator="${params[$((n + 2))]}" fileNames="${params[$((n + 3))]}" @@ -87,17 +77,15 @@ makeWrapper() { echo "export $varName=$(cat "$fileName")\${$varName:+$separator}\$$varName" >> "$wrapper" fi done - fi - - if test "$p" = "--add-flags"; then + elif [[ "$p" == "--add-flags" ]]; then flags="${params[$((n + 1))]}" n=$((n + 1)) flagsBefore="$flagsBefore $flags" - fi - - if test "$p" = "--argv0"; then + elif [[ "$p" == "--argv0" ]]; then argv0="${params[$((n + 1))]}" n=$((n + 1)) + else + die "makeWrapper doesn't understand the arg $p" fi done @@ -138,5 +126,5 @@ wrapProgram() { mv "$prog" "$hidden" # Silence warning about unexpanded $0: # shellcheck disable=SC2016 - makeWrapper "$hidden" "$prog" --argv0 '$0' "$@" + makeWrapper "$hidden" "$prog" --argv0 '$0' "${@:2}" } From 67a41eafe9c92269c9f6788f5f54a4b0d282cb96 Mon Sep 17 00:00:00 2001 From: Robin Gloster Date: Tue, 8 Aug 2017 10:14:54 +0200 Subject: [PATCH 09/23] cc-wrapper: fix set -u errors cc @Ericson2314 --- pkgs/build-support/cc-wrapper/add-flags.sh | 7 ++++--- pkgs/build-support/cc-wrapper/ld-wrapper.sh | 5 +++++ 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/pkgs/build-support/cc-wrapper/add-flags.sh b/pkgs/build-support/cc-wrapper/add-flags.sh index 3d01dba6476..7af2ae58f3a 100644 --- a/pkgs/build-support/cc-wrapper/add-flags.sh +++ b/pkgs/build-support/cc-wrapper/add-flags.sh @@ -10,12 +10,13 @@ declare -a role_prefixes=() if [[ -n "${NIX_CC_WRAPPER_@infixSalt@_TARGET_BUILD:-}" ]]; then role_prefixes+=(_BUILD) fi -if [[ -n "${NIX_CC_WRAPPER_@infixSalt@_TARGET_HOST:-}" ]]; then - role_prefixes+=('') -fi if [[ -n "${NIX_CC_WRAPPER_@infixSalt@_TARGET_TARGET:-}" ]]; then role_prefixes+=(_TARGET) fi +# use this as default if no role is inferred +if [[ -n "${NIX_CC_WRAPPER_@infixSalt@_TARGET_HOST:-}" || ${#role_prefixes[@]} -eq 0 ]]; then + role_prefixes+=('') +fi # For each role we serve, we accumulate the input parameters into our own # cc-wrapper-derivation-specific environment variables. diff --git a/pkgs/build-support/cc-wrapper/ld-wrapper.sh b/pkgs/build-support/cc-wrapper/ld-wrapper.sh index e47a6bfec86..afa7798e49f 100644 --- a/pkgs/build-support/cc-wrapper/ld-wrapper.sh +++ b/pkgs/build-support/cc-wrapper/ld-wrapper.sh @@ -20,6 +20,11 @@ fi source @out@/nix-support/utils.sh +# make set -u happy if the outside environment is unset +# this should never happen, but does in an LLVM test +if [ -z "${NIX_STORE:-}" ]; then + NIX_STORE=/nix/store +fi # Optionally filter out paths not refering to the store. expandResponseParams "$@" From 3e981b9e33141ec8bafd8ecf36cde9cbafaac180 Mon Sep 17 00:00:00 2001 From: Robin Gloster Date: Tue, 8 Aug 2017 10:20:00 +0200 Subject: [PATCH 10/23] Revert "cc-wrapper: fix set -u errors" This reverts commit 67a41eafe9c92269c9f6788f5f54a4b0d282cb96. see #28021 for discussion --- pkgs/build-support/cc-wrapper/add-flags.sh | 7 +++---- pkgs/build-support/cc-wrapper/ld-wrapper.sh | 5 ----- 2 files changed, 3 insertions(+), 9 deletions(-) diff --git a/pkgs/build-support/cc-wrapper/add-flags.sh b/pkgs/build-support/cc-wrapper/add-flags.sh index 7af2ae58f3a..3d01dba6476 100644 --- a/pkgs/build-support/cc-wrapper/add-flags.sh +++ b/pkgs/build-support/cc-wrapper/add-flags.sh @@ -10,13 +10,12 @@ declare -a role_prefixes=() if [[ -n "${NIX_CC_WRAPPER_@infixSalt@_TARGET_BUILD:-}" ]]; then role_prefixes+=(_BUILD) fi +if [[ -n "${NIX_CC_WRAPPER_@infixSalt@_TARGET_HOST:-}" ]]; then + role_prefixes+=('') +fi if [[ -n "${NIX_CC_WRAPPER_@infixSalt@_TARGET_TARGET:-}" ]]; then role_prefixes+=(_TARGET) fi -# use this as default if no role is inferred -if [[ -n "${NIX_CC_WRAPPER_@infixSalt@_TARGET_HOST:-}" || ${#role_prefixes[@]} -eq 0 ]]; then - role_prefixes+=('') -fi # For each role we serve, we accumulate the input parameters into our own # cc-wrapper-derivation-specific environment variables. diff --git a/pkgs/build-support/cc-wrapper/ld-wrapper.sh b/pkgs/build-support/cc-wrapper/ld-wrapper.sh index afa7798e49f..e47a6bfec86 100644 --- a/pkgs/build-support/cc-wrapper/ld-wrapper.sh +++ b/pkgs/build-support/cc-wrapper/ld-wrapper.sh @@ -20,11 +20,6 @@ fi source @out@/nix-support/utils.sh -# make set -u happy if the outside environment is unset -# this should never happen, but does in an LLVM test -if [ -z "${NIX_STORE:-}" ]; then - NIX_STORE=/nix/store -fi # Optionally filter out paths not refering to the store. expandResponseParams "$@" From e1d46c0c4d3bdb0aa42a04bc2bfcadc641b4ac05 Mon Sep 17 00:00:00 2001 From: Taahir Ahmed Date: Sun, 30 Jul 2017 13:42:20 -0500 Subject: [PATCH 11/23] makeWrapper: Only wrap normal executable files `makeWrapper` and `wrapProgram` are being invoked on all kinds of wacky things (usually with the help of bash globs or other machine assistance). So far, I have come across `wrapProgram` being invoked on a directory, as well as on the empty string. As far as I can tell, it's only valid to invoke these utilities on a normal (non-directory, non-device) executable file. This commit enforces that precondition. --- pkgs/build-support/setup-hooks/make-wrapper.sh | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/pkgs/build-support/setup-hooks/make-wrapper.sh b/pkgs/build-support/setup-hooks/make-wrapper.sh index eebde886a88..5429bc41272 100644 --- a/pkgs/build-support/setup-hooks/make-wrapper.sh +++ b/pkgs/build-support/setup-hooks/make-wrapper.sh @@ -1,3 +1,12 @@ +# Assert that FILE exists and is executable +# +# assertExecutable FILE +assertExecutable() { + local file="$1" + [[ -f "${file}" && -x "${file}" ]] || \ + die "Cannot wrap ${file} because it is not an executable file" +} + # construct an executable file that wraps the actual executable # makeWrapper EXECUTABLE ARGS @@ -24,6 +33,8 @@ makeWrapper() { local params varName value command separator n fileNames local argv0 flagsBefore flags + assertExecutable "${file}" + mkdir -p "$(dirname "$wrapper")" echo "#! $SHELL -e" > "$wrapper" @@ -131,6 +142,9 @@ filterExisting() { wrapProgram() { local prog="$1" local hidden + + assertExecutable "${prog}" + hidden="$(dirname "$prog")/.$(basename "$prog")"-wrapped while [ -e "$hidden" ]; do hidden="${hidden}_" From c8f7f18e69c01907f52634bb6b926a99b030cb95 Mon Sep 17 00:00:00 2001 From: Orivej Desh Date: Mon, 7 Aug 2017 15:06:44 +0000 Subject: [PATCH 12/23] cc-wrapper: Fix adding directories to rpath This fixes a bug introduced in #27831: `for path in "$dir"/lib*.so` assumed that all libs match `lib*.so`, but 07674788d6932fe702117649b4cd16512d2da8a9 started adding libs that match `*.so` and `*.so.*`. --- pkgs/build-support/cc-wrapper/ld-wrapper.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/build-support/cc-wrapper/ld-wrapper.sh b/pkgs/build-support/cc-wrapper/ld-wrapper.sh index e47a6bfec86..028f2d4f548 100644 --- a/pkgs/build-support/cc-wrapper/ld-wrapper.sh +++ b/pkgs/build-support/cc-wrapper/ld-wrapper.sh @@ -129,7 +129,7 @@ if [ "$NIX_@infixSalt@_DONT_SET_RPATH" != 1 ]; then # copied to $out/lib. If not, we're screwed. continue fi - for path in "$dir"/lib*.so; do + for path in "$dir"/*; do file="${path##*/}" if [ "${libs[$file]:-}" ]; then libs["$file"]= From c8e9dcc8a44e95fc7aab436587049b5c95e4e86a Mon Sep 17 00:00:00 2001 From: Orivej Desh Date: Tue, 8 Aug 2017 00:15:10 +0000 Subject: [PATCH 13/23] cc-wrapper: Fix standalone gcc This ensures that all salted variables are defined even if the wrapped program is invoked outside nix-build environment. --- pkgs/build-support/cc-wrapper/add-flags.sh | 111 ++++++++------------- 1 file changed, 44 insertions(+), 67 deletions(-) diff --git a/pkgs/build-support/cc-wrapper/add-flags.sh b/pkgs/build-support/cc-wrapper/add-flags.sh index 3d01dba6476..4d28ba08d10 100644 --- a/pkgs/build-support/cc-wrapper/add-flags.sh +++ b/pkgs/build-support/cc-wrapper/add-flags.sh @@ -4,108 +4,85 @@ # that case, it is cheaper/better to not repeat this step and let the forked # wrapped binary just inherit the work of the forker's wrapper script. -# Accumulate prefixes for taking in the right input parameters. See setup-hook +var_templates=( + NIX_CC_WRAPPER+START_HOOK + NIX_CC_WRAPPER+EXEC_HOOK + NIX_LD_WRAPPER+START_HOOK + NIX_LD_WRAPPER+EXEC_HOOK + + NIX+CFLAGS_COMPILE + NIX+CFLAGS_LINK + NIX+CXXSTDLIB_COMPILE + NIX+CXXSTDLIB_LINK + NIX+GNATFLAGS_COMPILE + NIX+IGNORE_LD_THROUGH_GCC + NIX+LDFLAGS + NIX+LDFLAGS_BEFORE + NIX+LDFLAGS_AFTER + NIX+LDFLAGS_HARDEN + + NIX+SET_BUILD_ID + NIX+DONT_SET_RPATH + NIX+ENFORCE_NO_NATIVE +) + +# Accumulate infixes for taking in the right input parameters. See setup-hook # for details. -declare -a role_prefixes=() -if [[ -n "${NIX_CC_WRAPPER_@infixSalt@_TARGET_BUILD:-}" ]]; then - role_prefixes+=(_BUILD) +declare -a role_infixes=() +if [ "${NIX_CC_WRAPPER_@infixSalt@_TARGET_BUILD:-}" ]; then + role_infixes+=(_BUILD_) fi -if [[ -n "${NIX_CC_WRAPPER_@infixSalt@_TARGET_HOST:-}" ]]; then - role_prefixes+=('') +if [ "${NIX_CC_WRAPPER_@infixSalt@_TARGET_HOST:-}" ]; then + role_infixes+=(_) fi -if [[ -n "${NIX_CC_WRAPPER_@infixSalt@_TARGET_TARGET:-}" ]]; then - role_prefixes+=(_TARGET) +if [ "${NIX_CC_WRAPPER_@infixSalt@_TARGET_TARGET:-}" ]; then + role_infixes+=(_TARGET_) fi -# For each role we serve, we accumulate the input parameters into our own -# cc-wrapper-derivation-specific environment variables. -for pre in "${role_prefixes[@]}"; do - # We need to mangle names for hygiene, but also take parameters/overrides - # from the environment. - slurpUnsalted () { - case "$1" in - CC_WRAPPER_*) - local firstPre=NIX_CC_WRAPPER_ - local varname="${1#CC_WRAPPER_}" - ;; - LD_WRAPPER_*) - local firstPre=NIX_LD_WRAPPER_ - local varname="${1#LD_WRAPPER_}" - ;; - *) - local firstPre=NIX_ - local varname="$1" - ;; - esac - local inputVar="${firstPre}${pre}${varname}" - local outputVar="${firstPre}@infixSalt@_${varname}" - local delimiter='' - if [[ -n "${!outputVar:-}" && -n "${!inputVar:-}" ]]; then - delimiter=' ' +# We need to mangle names for hygiene, but also take parameters/overrides +# from the environment. +for var in "${var_templates[@]}"; do + outputVar="${var/+/_@infixSalt@_}" + export ${outputVar}+='' + # For each role we serve, we accumulate the input parameters into our own + # cc-wrapper-derivation-specific environment variables. + for infix in "${role_infixes[@]}"; do + inputVar="${var/+/${infix}}" + if [ -v "$inputVar" ]; then + export ${outputVar}+="${!outputVar:+ }${!inputVar}" fi - # Easiest to just do this to deal with either the input or (old) output. - set +u - export ${outputVar}+="${delimiter}${!inputVar}" - set -u - } - - slurpUnsalted CC_WRAPPER_START_HOOK - slurpUnsalted CC_WRAPPER_EXEC_HOOK - slurpUnsalted LD_WRAPPER_START_HOOK - slurpUnsalted LD_WRAPPER_EXEC_HOOK - - slurpUnsalted CFLAGS_COMPILE - slurpUnsalted CFLAGS_LINK - slurpUnsalted CXXSTDLIB_COMPILE - slurpUnsalted CXXSTDLIB_LINK - slurpUnsalted GNATFLAGS_COMPILE - slurpUnsalted IGNORE_LD_THROUGH_GCC - slurpUnsalted LDFLAGS - slurpUnsalted LDFLAGS_BEFORE - slurpUnsalted LDFLAGS_AFTER - slurpUnsalted LDFLAGS_HARDEN - - slurpUnsalted SET_BUILD_ID - slurpUnsalted DONT_SET_RPATH - slurpUnsalted ENFORCE_NO_NATIVE + done done -unset -f slurpUnsalted # `-B@out@/bin' forces cc to use ld-wrapper.sh when calling ld. -export NIX_@infixSalt@_CFLAGS_COMPILE="-B@out@/bin/ $NIX_@infixSalt@_CFLAGS_COMPILE" +NIX_@infixSalt@_CFLAGS_COMPILE="-B@out@/bin/ $NIX_@infixSalt@_CFLAGS_COMPILE" # Export and assign separately in order that a failing $(..) will fail # the script. if [ -e @out@/nix-support/libc-cflags ]; then - export NIX_@infixSalt@_CFLAGS_COMPILE NIX_@infixSalt@_CFLAGS_COMPILE="$(< @out@/nix-support/libc-cflags) $NIX_@infixSalt@_CFLAGS_COMPILE" fi if [ -e @out@/nix-support/cc-cflags ]; then - export NIX_@infixSalt@_CFLAGS_COMPILE NIX_@infixSalt@_CFLAGS_COMPILE="$(< @out@/nix-support/cc-cflags) $NIX_@infixSalt@_CFLAGS_COMPILE" fi if [ -e @out@/nix-support/gnat-cflags ]; then - export NIX_@infixSalt@_GNATFLAGS_COMPILE NIX_@infixSalt@_GNATFLAGS_COMPILE="$(< @out@/nix-support/gnat-cflags) $NIX_@infixSalt@_GNATFLAGS_COMPILE" fi if [ -e @out@/nix-support/libc-ldflags ]; then - export NIX_@infixSalt@_LDFLAGS NIX_@infixSalt@_LDFLAGS+=" $(< @out@/nix-support/libc-ldflags)" fi if [ -e @out@/nix-support/cc-ldflags ]; then - export NIX_@infixSalt@_LDFLAGS NIX_@infixSalt@_LDFLAGS+=" $(< @out@/nix-support/cc-ldflags)" fi if [ -e @out@/nix-support/libc-ldflags-before ]; then - export NIX_@infixSalt@_LDFLAGS_BEFORE NIX_@infixSalt@_LDFLAGS_BEFORE="$(< @out@/nix-support/libc-ldflags-before) $NIX_@infixSalt@_LDFLAGS_BEFORE" fi -# That way forked processes don't againt extend these environment variables +# That way forked processes will not extend these environment variables again. export NIX_CC_WRAPPER_@infixSalt@_FLAGS_SET=1 From a6e7dffd1f8e60e852c3de4bf9b153ba874d2823 Mon Sep 17 00:00:00 2001 From: Orivej Desh Date: Tue, 8 Aug 2017 06:56:25 +0000 Subject: [PATCH 14/23] cc-wrapper: Fix standalone ld --- pkgs/build-support/cc-wrapper/ld-wrapper.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/build-support/cc-wrapper/ld-wrapper.sh b/pkgs/build-support/cc-wrapper/ld-wrapper.sh index 028f2d4f548..8db64a38e38 100644 --- a/pkgs/build-support/cc-wrapper/ld-wrapper.sh +++ b/pkgs/build-support/cc-wrapper/ld-wrapper.sh @@ -23,7 +23,7 @@ source @out@/nix-support/utils.sh # Optionally filter out paths not refering to the store. expandResponseParams "$@" -if [[ "${NIX_ENFORCE_PURITY:-}" = 1 && -n "$NIX_STORE" +if [[ "${NIX_ENFORCE_PURITY:-}" = 1 && -n "${NIX_STORE:-}" && ( -z "$NIX_@infixSalt@_IGNORE_LD_THROUGH_GCC" || -z "${NIX_@infixSalt@_LDFLAGS_SET:-}" ) ]]; then rest=() nParams=${#params[@]} @@ -96,7 +96,7 @@ if [ "$NIX_@infixSalt@_DONT_SET_RPATH" != 1 ] || [ "$NIX_@infixSalt@_SET_BUILD_I -l?*) libs["lib${p:2}.so"]=1 ;; - "$NIX_STORE"/*.so | "$NIX_STORE"/*.so.*) + "${NIX_STORE:-}"/*.so | "${NIX_STORE:-}"/*.so.*) # This is a direct reference to a shared library. libDirs+=("${p%/*}") libs["${p##*/}"]=1 @@ -123,7 +123,7 @@ if [ "$NIX_@infixSalt@_DONT_SET_RPATH" != 1 ]; then if [[ "$dir" =~ [/.][/.] ]] && dir2=$(readlink -f "$dir"); then dir="$dir2" fi - if [ -n "${rpaths[$dir]:-}" ] || [[ "$dir" != "$NIX_STORE"/* ]]; then + if [ -n "${rpaths[$dir]:-}" ] || [[ "$dir" != "${NIX_STORE:-}"/* ]]; then # If the path is not in the store, don't add it to the rpath. # This typically happens for libraries in /tmp that are later # copied to $out/lib. If not, we're screwed. From c00a95be6324dffe0afe96f2a362f4c8a2d2364e Mon Sep 17 00:00:00 2001 From: Robin Gloster Date: Tue, 8 Aug 2017 21:45:46 +0200 Subject: [PATCH 15/23] nix-prefetch-git: fix wrapProgram call --- pkgs/tools/package-management/nix-prefetch-scripts/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/tools/package-management/nix-prefetch-scripts/default.nix b/pkgs/tools/package-management/nix-prefetch-scripts/default.nix index f37940c65c1..291b1a7c600 100644 --- a/pkgs/tools/package-management/nix-prefetch-scripts/default.nix +++ b/pkgs/tools/package-management/nix-prefetch-scripts/default.nix @@ -19,7 +19,7 @@ let mkPrefetchScript = tool: src: deps: done wrapArgs="$wrapArgs --prefix PATH : ${gnused}/bin" wrapArgs="$wrapArgs --prefix PATH : ${nix.out}/bin" # For nix-hash - wrapArgs="$wrapArgs --set HOME : /homeless-shelter" + wrapArgs="$wrapArgs --set HOME /homeless-shelter" wrapProgram $out/bin/$name $wrapArgs ''; From 0ff782e14114e71a76d400274dc4c95c980477de Mon Sep 17 00:00:00 2001 From: Frederik Rietdijk Date: Wed, 9 Aug 2017 12:14:20 +0200 Subject: [PATCH 16/23] makeWrapper: fix regression introduced in #24944 In some cases wrappers could not be made. See e.g. https://github.com/NixOS/nixpkgs/pull/24944#issuecomment-321175692 --- pkgs/build-support/setup-hooks/make-wrapper.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/build-support/setup-hooks/make-wrapper.sh b/pkgs/build-support/setup-hooks/make-wrapper.sh index 82176becf2a..cde28fbbcaf 100644 --- a/pkgs/build-support/setup-hooks/make-wrapper.sh +++ b/pkgs/build-support/setup-hooks/make-wrapper.sh @@ -33,7 +33,7 @@ makeWrapper() { local params varName value command separator n fileNames local argv0 flagsBefore flags - assertExecutable "${file}" + assertExecutable "${original}" mkdir -p "$(dirname "$wrapper")" From f4ca99166a8b270b62ed81949ebc0612478fa716 Mon Sep 17 00:00:00 2001 From: Robin Gloster Date: Tue, 8 Aug 2017 20:33:33 +0200 Subject: [PATCH 17/23] serf: fix build --- pkgs/development/libraries/serf/default.nix | 21 +++++++++++++-------- 1 file changed, 13 insertions(+), 8 deletions(-) diff --git a/pkgs/development/libraries/serf/default.nix b/pkgs/development/libraries/serf/default.nix index c10a355dee0..3fab42e3eb5 100644 --- a/pkgs/development/libraries/serf/default.nix +++ b/pkgs/development/libraries/serf/default.nix @@ -1,4 +1,5 @@ -{ stdenv, fetchurl, apr, scons, openssl, aprutil, zlib, kerberos, pkgconfig, gnused }: +{ stdenv, fetchurl, apr, scons, openssl, aprutil, zlib, kerberos +, pkgconfig, gnused, expat, openldap }: stdenv.mkDerivation rec { name = "serf-1.3.9"; @@ -8,18 +9,22 @@ stdenv.mkDerivation rec { sha256 = "1k47gbgpp52049andr28y28nbwh9m36bbb0g8p0aka3pqlhjv72l"; }; + nativeBuildInputs = [ pkgconfig ]; buildInputs = [ apr scons openssl aprutil zlib ] - ++ stdenv.lib.optional (!stdenv.isCygwin) kerberos - ++ [ pkgconfig ]; + ++ stdenv.lib.optional (!stdenv.isCygwin) kerberos; - configurePhase = '' - ${gnused}/bin/sed -e '/^env[.]Append(BUILDERS/ienv.Append(ENV={"PATH":os.environ["PATH"]})' -i SConstruct - ${gnused}/bin/sed -e '/^env[.]Append(BUILDERS/ienv.Append(ENV={"NIX_CFLAGS_COMPILE":os.environ["NIX_CFLAGS_COMPILE"]})' -i SConstruct - ${gnused}/bin/sed -e '/^env[.]Append(BUILDERS/ienv.Append(ENV={"NIX_LDFLAGS":os.environ["NIX_LDFLAGS"]})' -i SConstruct + postPatch = '' + sed -e '/^env[.]Append(BUILDERS/ienv.Append(ENV={"PATH":os.environ["PATH"]})' \ + -e '/^env[.]Append(BUILDERS/ienv.Append(ENV={"NIX_CFLAGS_COMPILE":os.environ["NIX_CFLAGS_COMPILE"]})' \ + -e '/^env[.]Append(BUILDERS/ienv.Append(ENV={"NIX_LDFLAGS":os.environ["NIX_LDFLAGS"]})' \ + -e 's,$OPENSSL/lib,${openssl.out}/lib,' \ + -e 's,$OPENSSL/include,${openssl.dev}/include,' \ + -i SConstruct ''; buildPhase = '' - scons PREFIX="$out" OPENSSL="${openssl.dev}" ZLIB="${zlib.dev}" APR="$(echo "${apr.dev}"/bin/*-config)" \ + scons PREFIX="$out" OPENSSL="${openssl}" ZLIB="${zlib}" APR="$(echo "${apr.dev}"/bin/*-config)" CFLAGS="-I${zlib.dev}/include" \ + LINKFLAGS="-L${zlib.out}/lib -L${expat}/lib -L${openldap}/lib" \ APU="$(echo "${aprutil.dev}"/bin/*-config)" CC="${ if stdenv.cc.isClang then "clang" else "${stdenv.cc}/bin/gcc" }" ${ From 4495bfe1382ea779f02996d0e18d25d892678e8c Mon Sep 17 00:00:00 2001 From: Robin Gloster Date: Wed, 9 Aug 2017 15:06:03 +0200 Subject: [PATCH 18/23] python.buildEnv: only wrap executables --- pkgs/applications/virtualization/xen/packages.nix | 4 ---- pkgs/development/interpreters/python/wrapper.nix | 4 +++- 2 files changed, 3 insertions(+), 5 deletions(-) diff --git a/pkgs/applications/virtualization/xen/packages.nix b/pkgs/applications/virtualization/xen/packages.nix index 8f5262acb02..f4bde18f3df 100644 --- a/pkgs/applications/virtualization/xen/packages.nix +++ b/pkgs/applications/virtualization/xen/packages.nix @@ -10,8 +10,6 @@ rec { xen_4_5-vanilla = callPackage ./4.5.nix { # At the very least included seabios and etherboot need gcc49, # so we have to build all of it with gcc49. - stdenv = overrideCC stdenv gcc49; - meta = { description = "vanilla"; longDescription = '' @@ -60,8 +58,6 @@ rec { xen_4_8-vanilla = callPackage ./4.8.nix { # At the very least included seabios and etherboot need gcc49, # so we have to build all of it with gcc49. - stdenv = overrideCC stdenv gcc49; - meta = { description = "vanilla"; longDescription = '' diff --git a/pkgs/development/interpreters/python/wrapper.nix b/pkgs/development/interpreters/python/wrapper.nix index f95e51c82ee..9f355ddefda 100644 --- a/pkgs/development/interpreters/python/wrapper.nix +++ b/pkgs/development/interpreters/python/wrapper.nix @@ -28,7 +28,9 @@ let for prg in *; do if [ -f "$prg" ]; then rm -f "$out/bin/$prg" - makeWrapper "$path/bin/$prg" "$out/bin/$prg" --set PYTHONHOME "$out" --set PYTHONNOUSERSITE "true" + if [ -x "$prg" ]; then + makeWrapper "$path/bin/$prg" "$out/bin/$prg" --set PYTHONHOME "$out" --set PYTHONNOUSERSITE "true" + fi fi done fi From 25c12d0abf7209f3b7f8a1d102d2426127ca32f2 Mon Sep 17 00:00:00 2001 From: Robin Gloster Date: Wed, 9 Aug 2017 17:34:28 +0200 Subject: [PATCH 19/23] screenfetch: fix wrapProgram usage --- pkgs/tools/misc/screenfetch/default.nix | 15 ++++----------- 1 file changed, 4 insertions(+), 11 deletions(-) diff --git a/pkgs/tools/misc/screenfetch/default.nix b/pkgs/tools/misc/screenfetch/default.nix index c138261f9a3..a781ff91027 100644 --- a/pkgs/tools/misc/screenfetch/default.nix +++ b/pkgs/tools/misc/screenfetch/default.nix @@ -21,17 +21,10 @@ stdenv.mkDerivation { # Fix all of the depedencies of screenfetch patchShebangs $out/bin/screenfetch wrapProgram "$out/bin/screenfetch" \ - --set PATH : "" \ - --prefix PATH : "${coreutils}/bin" \ - --prefix PATH : "${gawk}/bin" \ - --prefix PATH : "${procps}/bin" \ - --prefix PATH : "${gnused}/bin" \ - --prefix PATH : "${findutils}/bin" \ - --prefix PATH : "${xdpyinfo}/bin" \ - --prefix PATH : "${xprop}/bin" \ - --prefix PATH : "${gnugrep}/bin" \ - --prefix PATH : "${ncurses}/bin" \ - --prefix PATH : "${bc}/bin" + --set PATH ${stdenv.lib.makeBinPath [ + coreutils gawk procps gnused findutils xdpyinfo + xprop gnugrep ncurses bc + ]} ''; meta = { From 771f28bac804dfb6ebf99122bfe4e5393d9c278d Mon Sep 17 00:00:00 2001 From: Orivej Desh Date: Wed, 9 Aug 2017 09:02:55 +0000 Subject: [PATCH 20/23] cc-wrapper: Fix support for qtbase-setup-hook Revert https://github.com/NixOS/nixpkgs/pull/27657#issuecomment-318161946 due to https://github.com/NixOS/nixpkgs/pull/28021#issuecomment-321045542 --- pkgs/build-support/cc-wrapper/ld-wrapper.sh | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/pkgs/build-support/cc-wrapper/ld-wrapper.sh b/pkgs/build-support/cc-wrapper/ld-wrapper.sh index 8db64a38e38..d0a1d5a0ddb 100644 --- a/pkgs/build-support/cc-wrapper/ld-wrapper.sh +++ b/pkgs/build-support/cc-wrapper/ld-wrapper.sh @@ -132,11 +132,14 @@ if [ "$NIX_@infixSalt@_DONT_SET_RPATH" != 1 ]; then for path in "$dir"/*; do file="${path##*/}" if [ "${libs[$file]:-}" ]; then - libs["$file"]= - if [ -z "${rpaths[$dir]:-}" ]; then - rpaths["$dir"]=1 - extraAfter+=(-rpath "$dir") - fi + # This library may have been provided by a previous directory, + # but if that library file is inside an output of the current + # derivation, it can be deleted after this compilation and + # should be found in a later directory, so we add all + # directories that contain any of the libraries to rpath. + rpaths["$dir"]=1 + extraAfter+=(-rpath "$dir") + break fi done done From 46a25ea7ea155193302e749e5d72513bee0a296b Mon Sep 17 00:00:00 2001 From: Robin Gloster Date: Wed, 9 Aug 2017 19:43:46 +0200 Subject: [PATCH 21/23] linuxPackages.bcc: fix using wrapProgram on .c file --- pkgs/os-specific/linux/bcc/default.nix | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/pkgs/os-specific/linux/bcc/default.nix b/pkgs/os-specific/linux/bcc/default.nix index 38f57e7663e..24686e73e23 100644 --- a/pkgs/os-specific/linux/bcc/default.nix +++ b/pkgs/os-specific/linux/bcc/default.nix @@ -25,11 +25,13 @@ stdenv.mkDerivation rec { mv $out/share/bcc/man $out/share/ for f in $out/share/bcc/tools\/*; do - ln -s $f $out/bin/$(basename $f) - wrapProgram $f \ - --prefix LD_LIBRARY_PATH : $out/lib \ - --prefix PYTHONPATH : $out/lib/python2.7/site-packages \ - --prefix PYTHONPATH : :${pythonPackages.netaddr}/lib/${python.libPrefix}/site-packages + if [ -x $f ]; then + ln -s $f $out/bin/$(basename $f) + wrapProgram $f \ + --prefix LD_LIBRARY_PATH : $out/lib \ + --prefix PYTHONPATH : $out/lib/python2.7/site-packages \ + --prefix PYTHONPATH : ${pythonPackages.netaddr}/lib/${python.libPrefix}/site-packages + fi done ''; From 5e89bcae00a52c5bf8388c2b737455d3980e83d7 Mon Sep 17 00:00:00 2001 From: Robin Gloster Date: Wed, 9 Aug 2017 23:35:09 +0200 Subject: [PATCH 22/23] evolution_data_server: wrap all and only executables --- .../gnome-3/3.22/core/evolution-data-server/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/desktops/gnome-3/3.22/core/evolution-data-server/default.nix b/pkgs/desktops/gnome-3/3.22/core/evolution-data-server/default.nix index a8c3f724b85..c2038ecdce6 100644 --- a/pkgs/desktops/gnome-3/3.22/core/evolution-data-server/default.nix +++ b/pkgs/desktops/gnome-3/3.22/core/evolution-data-server/default.nix @@ -19,7 +19,7 @@ stdenv.mkDerivation rec { enableParallelBuilding = true; preFixup = '' - for f in "$out/libexec/"*; do + for f in $(find $out/libexec/ -type f -executable); do wrapProgram "$f" \ --prefix XDG_DATA_DIRS : "$GSETTINGS_SCHEMAS_PATH" \ --prefix GIO_EXTRA_MODULES : "${stdenv.lib.getLib dconf}/lib/gio/modules" From b1f5305abd7b1b3d7ed180d9d00301da6e323e41 Mon Sep 17 00:00:00 2001 From: Robin Gloster Date: Wed, 9 Aug 2017 23:53:08 +0200 Subject: [PATCH 23/23] serf: fix darwin build --- pkgs/development/libraries/serf/default.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/development/libraries/serf/default.nix b/pkgs/development/libraries/serf/default.nix index 3fab42e3eb5..001199cd821 100644 --- a/pkgs/development/libraries/serf/default.nix +++ b/pkgs/development/libraries/serf/default.nix @@ -1,5 +1,5 @@ { stdenv, fetchurl, apr, scons, openssl, aprutil, zlib, kerberos -, pkgconfig, gnused, expat, openldap }: +, pkgconfig, gnused, expat, openldap, libiconv }: stdenv.mkDerivation rec { name = "serf-1.3.9"; @@ -10,7 +10,7 @@ stdenv.mkDerivation rec { }; nativeBuildInputs = [ pkgconfig ]; - buildInputs = [ apr scons openssl aprutil zlib ] + buildInputs = [ apr scons openssl aprutil zlib libiconv ] ++ stdenv.lib.optional (!stdenv.isCygwin) kerberos; postPatch = '' @@ -24,7 +24,7 @@ stdenv.mkDerivation rec { buildPhase = '' scons PREFIX="$out" OPENSSL="${openssl}" ZLIB="${zlib}" APR="$(echo "${apr.dev}"/bin/*-config)" CFLAGS="-I${zlib.dev}/include" \ - LINKFLAGS="-L${zlib.out}/lib -L${expat}/lib -L${openldap}/lib" \ + LINKFLAGS="-L${zlib.out}/lib -L${expat}/lib -L${openldap}/lib -L${libiconv}/lib" \ APU="$(echo "${aprutil.dev}"/bin/*-config)" CC="${ if stdenv.cc.isClang then "clang" else "${stdenv.cc}/bin/gcc" }" ${