02c09e01712ce0b61e5c8f7159047699a434f7fc (NixOS/nixpkgs#44558) was reverted in
c981787db951afb11c1328461df82d4277ebec07 but, as it turns out, it fixed an issue
I didn't know about at the time: the values of `propagateDoc` options were
(and now again are) inconsistent with the underlying things those wrappers wrap
(see NixOS/nixpkgs#46119), which was (and now is) likely to produce more instances
of NixOS/nixpkgs#43547, if not now, then eventually as stdenv changes.
This patch (which is a simplified version of the original reverted patch) is the
simplest solution to this whole thing: it forces wrappers to directly inspect the
outputs of the things they are wrapping instead of making stdenv guess the correct
values.
This reverts commit 034c9816d5236e5c0131b715ee08fed56c89d4ad, reversing
changes made to 5afe87ed7a75e99c3b68f255562dc82b3e3c7d4e.
Huge rebuild, moving to staging.
In particular, this contains Firefox-related and libgcrypt updates.
Other larger rebuilds would apparently need lots of time to catch up
on Hydra, due to nontrivial rebuilds in other branches than staging.
The hack of using `crossConfig` to enforce stricter handling of
dependencies is replaced with a dedicated `strictDeps` for that purpose.
(Experience has shown that my punning was a terrible idea that made more
difficult and embarrising to teach teach.)
Now that is is clear, a few packages now use `strictDeps`, to fix
various bugs:
- bintools-wrapper and cc-wrapper
... binutils and gcc add it already anyway.
Without this it's easy to get cross-toolchain paths longer than 256
chars and nix-daemon will then fail to commit them to /nix/store on XFS.
This reverts commit 0dbc0067604eb9629d1458fcf2b226a88e728f14, reversing
changes made to cb7f7742652acdf3086b3d132163b5ea2c2328eb.
Should go into staging.
Per @Ericson2314's suggestion [1], make it more clear that the active
hardenings are decided via whitelist; the blacklist is merely for the
debug messages.
1: 36d5ce41d4 (r133279731)
This reverts commit fc232422201c0364dbd57826c9a137cc1239caea, reversing
changes made to 754816b84b98afdc0727e13dd66e1698b097de6a.
We don't have many binaries yet. Comment on the original merge commit.
Before the code would fail silently for zero values and with some output for
empties. We now currently handle both via defaulting value to zero and making
`let` return success error code when there's no syntax error.
- All deps go on the PATH
- CC and Bintools wrappers with their host != depender's host still get their
setup hooks run.
- Environment hooks get applied to all packages
This isn't so elegent, but eases the transition on a very significant
PR.
