diff --git a/pkgs/stdenv/generic/make-derivation.nix b/pkgs/stdenv/generic/make-derivation.nix index c2f4f1c7b28..23a77719fa0 100644 --- a/pkgs/stdenv/generic/make-derivation.nix +++ b/pkgs/stdenv/generic/make-derivation.nix @@ -49,6 +49,7 @@ rec { # TODO(@Ericson2314): Make this more modular, and not O(n^2). let supportedHardeningFlags = [ "fortify" "stackprotector" "pie" "pic" "strictoverflow" "format" "relro" "bindnow" ]; + # hardeningDisable additionally supports "all". erroneousHardeningFlags = lib.subtractLists supportedHardeningFlags (hardeningEnable ++ lib.remove "all" hardeningDisable); in if builtins.length erroneousHardeningFlags != 0 then abort ("mkDerivation was called with unsupported hardening flags: " + lib.generators.toPretty {} { diff --git a/pkgs/stdenv/generic/setup.sh b/pkgs/stdenv/generic/setup.sh index d3fff57507c..61877701b71 100644 --- a/pkgs/stdenv/generic/setup.sh +++ b/pkgs/stdenv/generic/setup.sh @@ -473,14 +473,14 @@ substitute() { shift 2 if [ ! -f "$input" ]; then - echo "${FUNCNAME[0]}(): ERROR: file '$input' does not exist" >&2 + echo "substitute(): ERROR: file '$input' does not exist" >&2 return 1 fi local content # read returns non-0 on EOF, so we want read to fail if IFS='' read -r -N 0 content < "$input"; then - echo "${FUNCNAME[0]}(): ERROR: File \"$input\" has null bytes, won't process" >&2 + echo "substitute(): ERROR: File \"$input\" has null bytes, won't process" >&2 return 1 fi @@ -497,10 +497,8 @@ substitute() { shift 2 # check if the used nix attribute name is a valid bash name if ! [[ "$varName" =~ ^[a-zA-Z_][a-zA-Z0-9_]*$ ]]; then - echo "${FUNCNAME[0]}(): WARNING: substitution variables should be valid bash names," >&2 - echo " \"$varName\" isn't and therefore was skipped; it might be caused" >&2 - echo " by multi-line phases in variables - see #14907 for details." >&2 - continue + echo "substitute(): ERROR: substitution variables must be valid Bash names, \"$varName\" isn't." >&2 + return 1 fi pattern="@$varName@" replacement="${!varName}" @@ -513,7 +511,7 @@ substitute() { ;; *) - echo "${FUNCNAME[0]}(): ERROR: Invalid command line argument: $1" >&2 + echo "substitute(): ERROR: Invalid command line argument: $1" >&2 return 1 ;; esac @@ -533,18 +531,16 @@ substituteInPlace() { } -# Substitute all environment variables that do not start with an upper-case -# character or underscore. Note: other names that aren't bash-valid -# will cause an error during `substitute --subst-var`. +# Substitute all environment variables that start with a lowercase character and +# are valid Bash names. substituteAll() { local input="$1" local output="$2" local -a args=() - # Select all environment variables that start with a lowercase character. - for varName in $(env | sed -e $'s/^\([a-z][^= \t]*\)=.*/\\1/; t \n d'); do + for varName in $(awk 'BEGIN { for (v in ENVIRON) if (v ~ /^[a-z][a-zA-Z0-9_]*$/) print v }'); do if [ "${NIX_DEBUG:-}" = "1" ]; then - echo "@${varName}@ -> '${!varName}'" + printf "@%s@ -> %q\n" "${varName}" "${!varName}" fi args+=("--subst-var" "$varName") done