diff options
author | Vladimír Čunát <vcunat@gmail.com> | 2016-03-08 09:57:58 +0100 |
---|---|---|
committer | Vladimír Čunát <vcunat@gmail.com> | 2016-03-08 09:58:19 +0100 |
commit | 09af15654f0c8091f1b9e0bbb2e523cdee194442 (patch) | |
tree | e648edef1ce4c64c533f2593aa22b8015cf0e506 /pkgs/build-support | |
parent | f306e67e15bdbe9a8358c9f81319fc4fcbadc2eb (diff) | |
parent | 0ee75214f336474e127c2e3546c0406a0c4d5fa7 (diff) | |
download | nixpkgs-09af15654f0c8091f1b9e0bbb2e523cdee194442.tar nixpkgs-09af15654f0c8091f1b9e0bbb2e523cdee194442.tar.gz nixpkgs-09af15654f0c8091f1b9e0bbb2e523cdee194442.tar.bz2 nixpkgs-09af15654f0c8091f1b9e0bbb2e523cdee194442.tar.lz nixpkgs-09af15654f0c8091f1b9e0bbb2e523cdee194442.tar.xz nixpkgs-09af15654f0c8091f1b9e0bbb2e523cdee194442.tar.zst nixpkgs-09af15654f0c8091f1b9e0bbb2e523cdee194442.zip |
Merge master into closure-size
The kde-5 stuff still didn't merge well. I hand-fixed what I saw, but there may be more problems.
Diffstat (limited to 'pkgs/build-support')
19 files changed, 336 insertions, 256 deletions
diff --git a/pkgs/build-support/build-maven.nix b/pkgs/build-support/build-maven.nix index ff91828eeca..ba85428ba8c 100644 --- a/pkgs/build-support/build-maven.nix +++ b/pkgs/build-support/build-maven.nix @@ -11,7 +11,7 @@ * the project. */ infoFile: let - info = builtins.fromJSON (builtins.readFile infoFile); + info = lib.importJSON infoFile; script = writeText "build-maven-repository.sh" '' ${lib.concatStrings (map (dep: let diff --git a/pkgs/build-support/cc-wrapper/add-flags b/pkgs/build-support/cc-wrapper/add-flags index 59d9614fd21..5634c82aa28 100644 --- a/pkgs/build-support/cc-wrapper/add-flags +++ b/pkgs/build-support/cc-wrapper/add-flags @@ -1,4 +1,4 @@ -# `-B@out@/bin' forces gcc to use ld-wrapper.sh when calling ld. +# `-B@out@/bin' forces cc to use ld-wrapper.sh when calling ld. export NIX_CFLAGS_COMPILE="-B@out@/bin/ $NIX_CFLAGS_COMPILE" if [ -e @out@/nix-support/libc-cflags ]; then diff --git a/pkgs/build-support/docker/default.nix b/pkgs/build-support/docker/default.nix index 55344aad566..8e4a51071e3 100644 --- a/pkgs/build-support/docker/default.nix +++ b/pkgs/build-support/docker/default.nix @@ -267,7 +267,9 @@ EOF let - baseJson = writeText "${name}-config.json" (builtins.toJSON { + baseName = baseNameOf name; + + baseJson = writeText "${baseName}-config.json" (builtins.toJSON { created = "1970-01-01T00:00:01Z"; architecture = "amd64"; os = "linux"; @@ -277,11 +279,11 @@ EOF layer = (if runAsRoot == null then mkPureLayer { inherit baseJson contents extraCommands; } else mkRootLayer { inherit baseJson fromImage fromImageName fromImageTag contents runAsRoot diskSize extraCommands; }); - depsTarball = mkTarball { name = "${name}-deps"; + depsTarball = mkTarball { name = "${baseName}-deps"; drv = layer; onlyDeps = true; }; - result = runCommand "${name}.tar.gz" { + result = runCommand "${baseName}.tar.gz" { buildInputs = [ jshon ]; imageName = name; diff --git a/pkgs/build-support/fetchgit/nix-prefetch-git b/pkgs/build-support/fetchgit/nix-prefetch-git index 2c5852c646e..2c9d61504ed 100755 --- a/pkgs/build-support/fetchgit/nix-prefetch-git +++ b/pkgs/build-support/fetchgit/nix-prefetch-git @@ -12,6 +12,11 @@ fetchSubmodules= builder= branchName=$NIX_PREFETCH_GIT_BRANCH_NAME +# populated by clone_user_rev() +fullRev= +humanReadableRev= +commitDate= + if test -n "$deepClone"; then deepClone=true else @@ -52,6 +57,7 @@ for arg; do --hash) argfun=set_hashType;; --branch-name) argfun=set_branchName;; --deepClone) deepClone=true;; + --quiet) QUIET=true;; --no-deepClone) deepClone=false;; --leave-dotGit) leaveDotGit=true;; --fetch-submodules) fetchSubmodules=true;; @@ -254,7 +260,7 @@ make_deterministic_repo(){ } -clone_user_rev() { +_clone_user_rev() { local dir="$1" local url="$2" local rev="${3:-HEAD}" @@ -272,23 +278,60 @@ clone_user_rev() { fi;; esac - local full_revision=$(cd $dir && (git rev-parse $rev 2> /dev/null || git rev-parse refs/heads/$branchName) | tail -n1) - echo "git revision is $full_revision" - echo "git human-readable version is $(cd $dir && (git describe $full_revision 2> /dev/null || git describe --tags $full_revision 2> /dev/null || echo -- none --))" >&2 - echo "Commit date is $(cd $dir && git show --no-patch --pretty=%ci $full_revision)" + fullRev="$(cd $dir && (git rev-parse $rev 2> /dev/null || git rev-parse refs/heads/$branchName) | tail -n1)" + humanReadableRev="$(cd $dir && (git describe $fullRev 2> /dev/null || git describe --tags $fullRev 2> /dev/null || echo -- none --))" + commitDate="$(cd $dir && git show --no-patch --pretty=%ci $fullRev)" # Allow doing additional processing before .git removal eval "$NIX_PREFETCH_GIT_CHECKOUT_HOOK" if test -z "$leaveDotGit"; then echo "removing \`.git'..." >&2 - find $dir -name .git\* | xargs rm -rf + find "$dir" -name .git\* -print0 | xargs -0 rm -rf else - find $dir -name .git | while read gitdir; do + find "$dir" -name .git | while read gitdir; do make_deterministic_repo "$(readlink -f "$gitdir/..")" done fi } +clone_user_rev() { + if ! test -n "$QUIET"; then + _clone_user_rev "$@" + else + errfile="$(mktemp "${TMPDIR:-/tmp}/git-checkout-err-XXXXXXXX")" + trap "rm -rf \"$errfile\"" EXIT + _clone_user_rev "$@" 2> "$errfile" || ( + status="$?" + cat "$errfile" >&2 + exit "$status" + ) + fi +} + + +print_results() { + hash="$1" + if ! test -n "$QUIET"; then + echo "" >&2 + echo "git revision is $fullRev" >&2 + if test -n "$finalPath"; then + echo "path is $finalPath" >&2 + fi + echo "git human-readable version is $humanReadableRev" >&2 + echo "Commit date is $commitDate" >&2 + if test -n "$hash"; then + echo "hash is $hash" >&2 + fi + fi + if test -n "$hash"; then + echo "{" + echo " \"url\": \"$url\"," + echo " \"rev\": \"$fullRev\"," + echo " \"$hashType\": \"$hash\"" + echo "}" + fi +} + if test -z "$branchName"; then branchName=fetchgit fi @@ -326,21 +369,19 @@ else clone_user_rev "$tmpFile" "$url" "$rev" # Compute the hash. - hash=$(nix-hash --type $hashType $hashFormat $tmpFile) - if ! test -n "$QUIET"; then echo "hash is $hash" >&2; fi + hash=$(nix-hash --type $hashType --base32 $tmpFile) # Add the downloaded file to the Nix store. finalPath=$(nix-store --add-fixed --recursive "$hashType" "$tmpFile") if test -n "$expHash" -a "$expHash" != "$hash"; then - echo "hash mismatch for URL \`$url'" + print_metadata + echo "hash mismatch for URL \`$url'" >&2 exit 1 fi fi - if ! test -n "$QUIET"; then echo "path is $finalPath" >&2; fi - - echo $hash + print_results "$hash" if test -n "$PRINT_PATH"; then echo $finalPath diff --git a/pkgs/build-support/fetchhg/nix-prefetch-hg b/pkgs/build-support/fetchhg/nix-prefetch-hg index 7143eecfe5c..94c6b1ec694 100755 --- a/pkgs/build-support/fetchhg/nix-prefetch-hg +++ b/pkgs/build-support/fetchhg/nix-prefetch-hg @@ -5,79 +5,79 @@ url=$1 rev=$2 expHash=$3 -hashType=$NIX_HASH_ALGO -if test -z "$hashType"; then - hashType=sha256 -fi -if test -z "$hashFormat"; then - hashFormat=--base32 -fi +hashType="${NIX_HASH_ALGO:-sha256}" +hashFormat=${hashFormat:-"--base32"} +rev="${rev:-tip}" + +LOG() { + echo "$@" >&2 +} -if test -z "$url"; then - echo "syntax: nix-prefetch-hg URL [rev [EXPECTED-HASH]]" >&2 - exit 1 +die() { + LOG "$@" + exit 1 +} + +if [[ -z "$url" || "$url" == "--help" ]]; then + die "Usage: nix-prefetch-hg URL [rev [EXPECTED-HASH]]" fi -if test "$fetchSubrepos" == 1; then +if [[ "${fetchSubrepos:-0}" == 1 ]]; then subrepoClause=S else subrepoClause= fi -test -n "$rev" || rev="tip" - - # If the hash was given, a file with that hash may already be in the # store. -if test -n "$expHash"; then +if [[ -n "$expHash" ]]; then finalPath=$(nix-store --print-fixed-path --recursive "$hashType" "$expHash" hg-archive) if ! nix-store --check-validity "$finalPath" 2> /dev/null; then finalPath= fi - hash=$expHash + hash="$expHash" fi # If we don't know the hash or a path with that hash doesn't exist, # download the file and add it to the store. -if test -z "$finalPath"; then +if [[ -z "$finalPath" ]]; then tmpPath="$(mktemp -d "${TMPDIR:-/tmp}/hg-checkout-tmp-XXXXXXXX")" - trap "rm -rf \"$tmpPath\"" EXIT + cleanup() { x=$?; rm -rf "$tmpPath"; exit $x; }; trap cleanup EXIT tmpArchive="$tmpPath/hg-archive" # Perform the checkout. - if [[ $url != /* ]]; then - tmpClone=$tmpPath/hg-clone - hg clone -q -y -U "$url" $tmpClone >&2 + if [[ "$url" != /* ]]; then + tmpClone="$tmpPath/hg-clone" + hg clone -q -y -U "$url" "$tmpClone" >&2 else tmpClone=$url fi - hg archive -q$subrepoClause -y -r "$rev" --cwd $tmpClone $tmpArchive - rm -f $tmpArchive/.hg_archival.txt + hg archive -q$subrepoClause -y -r "$rev" --cwd "$tmpClone" "$tmpArchive" + rm -f "$tmpArchive/.hg_archival.txt" - echo "hg revision is $(cd $tmpClone; hg id -r "$rev" -i)" + LOG "hg revision is $(cd "$tmpClone"; hg id -r "$rev" -i)" # Compute the hash. - hash=$(nix-hash --type $hashType $hashFormat $tmpArchive) - if ! test -n "$QUIET"; then echo "hash is $hash" >&2; fi + hash=$(nix-hash --type "$hashType" "$hashFormat" "$tmpArchive") + if [[ -z "$QUIET" ]]; then LOG "hash is $hash"; fi # Add the downloaded file to the Nix store. - finalPath=$(nix-store --add-fixed --recursive "$hashType" $tmpArchive) + finalPath=$(nix-store --add-fixed --recursive "$hashType" "$tmpArchive") - if test -n "$expHash" -a "$expHash" != "$hash"; then - echo "hash mismatch for URL \`$url'" - exit 1 + if [[ -n "$expHash" && "$expHash" != "$hash" ]]; then + die "ERROR: hash mismatch for URL \`$url'" fi fi -if ! test -n "$QUIET"; then echo "path is $finalPath" >&2; fi +if [[ -z "$QUIET" ]]; then LOG "path is $finalPath"; fi -echo $hash +echo "$hash" -if test -n "$PRINT_PATH"; then - echo $finalPath +if [[ -n "$PRINT_PATH" ]]; then + echo "$finalPath" fi diff --git a/pkgs/build-support/fetchurl/boot.nix b/pkgs/build-support/fetchurl/boot.nix new file mode 100644 index 00000000000..c007281e87b --- /dev/null +++ b/pkgs/build-support/fetchurl/boot.nix @@ -0,0 +1,20 @@ +let mirrors = import ./mirrors.nix; in + +{ system }: + +{ url ? builtins.head urls +, urls ? [] +, sha256 +}: + +import <nix/fetchurl.nix> { + inherit system sha256; + + url = + # Handle mirror:// URIs. Since <nix/fetchurl.nix> currently + # supports only one URI, use the first listed mirror. + let m = builtins.match "mirror://([a-z]+)/(.*)" url; in + if m == null then url + else builtins.head (mirrors.${builtins.elemAt m 0}) + (builtins.elemAt m 1); + +} diff --git a/pkgs/build-support/fetchurl/default.nix b/pkgs/build-support/fetchurl/default.nix index 804974954d1..d4b46cf9e9d 100644 --- a/pkgs/build-support/fetchurl/default.nix +++ b/pkgs/build-support/fetchurl/default.nix @@ -85,8 +85,7 @@ in }: assert builtins.isList urls; -assert urls != [] -> url == ""; -assert url != "" -> urls == []; +assert (urls == []) != (url == ""); let diff --git a/pkgs/build-support/fetchurl/mirrors.nix b/pkgs/build-support/fetchurl/mirrors.nix index 767444e7698..148a72f5d84 100644 --- a/pkgs/build-support/fetchurl/mirrors.nix +++ b/pkgs/build-support/fetchurl/mirrors.nix @@ -61,6 +61,7 @@ rec { # kernel.org's /pub (/pub/{linux,software}) tree. kernel = [ + http://cdn.kernel.org/pub/ http://www.all.kernel.org/pub/ http://ramses.wh2.tu-dresden.de/pub/mirrors/kernel.org/ http://linux-kernel.uio.no/pub/ @@ -333,4 +334,10 @@ rec { ftp://ftp.halifax.rwth-aachen.de/pub/OpenBSD/ ftp://mirror.switch.ch/pub/OpenBSD/ ]; + + # Steam Runtime mirrors + steamrt = [ + http://repo.steampowered.com/steamrt/ + https://abbradar.net/steamrt/ + ]; } diff --git a/pkgs/build-support/fetchzip/nix-prefetch-zip b/pkgs/build-support/fetchzip/nix-prefetch-zip index ea55643668d..d9a5f51057f 100755 --- a/pkgs/build-support/fetchzip/nix-prefetch-zip +++ b/pkgs/build-support/fetchzip/nix-prefetch-zip @@ -6,6 +6,7 @@ usage(){ Options: --url url The url of the archive to fetch. --name name The name to use for the store path (defaults to \`basename \$url\`). + --ext ext The file extension (.zip, .tar.gz, ...) to be REMOVED from name --hash hash The hash of unpacked archive. --hash-type type Use the specified cryptographic hash algorithm, which can be one of md5, sha1, and sha256. --leave-root Keep the root directory of the archive. @@ -16,6 +17,7 @@ Options: name="" +ext="" argi=0 argfun="" for arg; do @@ -23,6 +25,7 @@ for arg; do case $arg in --url) argfun=set_url;; --name) argfun=set_name;; + --ext) argfun=set_ext;; --hash) argfun=set_expHash;; --hash-type) argfun=set_hashType;; --leave-root) leaveRoot=true;; @@ -67,10 +70,12 @@ hashFormat="--base32" tmp=$(mktemp -d 2>/dev/null || mktemp -d -t "$$") trap "rm -rf '$tmp'" EXIT -unpackDirTmp=$tmp/unpacked-tmp/$name +dirname=$(basename -s "$ext" "$name") + +unpackDirTmp=$tmp/unpacked-tmp/$dirname mkdir -p $unpackDirTmp -unpackDir=$tmp/unpacked/$name +unpackDir=$tmp/unpacked/$dirname mkdir -p $unpackDir downloadedFile=$tmp/$(basename "$url") diff --git a/pkgs/build-support/gcc-wrapper-old/add-flags b/pkgs/build-support/gcc-wrapper-old/add-flags index 7714a630573..93da917a541 100644 --- a/pkgs/build-support/gcc-wrapper-old/add-flags +++ b/pkgs/build-support/gcc-wrapper-old/add-flags @@ -1,12 +1,12 @@ -# `-B@out@/bin' forces gcc to use ld-wrapper.sh when calling ld. +# `-B@out@/bin' forces cc to use ld-wrapper.sh when calling ld. export NIX_CFLAGS_COMPILE="-B@out@/bin/ $NIX_CFLAGS_COMPILE" if test -e @out@/nix-support/libc-cflags; then export NIX_CFLAGS_COMPILE="$(cat @out@/nix-support/libc-cflags) $NIX_CFLAGS_COMPILE" fi -if test -e @out@/nix-support/gcc-cflags; then - export NIX_CFLAGS_COMPILE="$(cat @out@/nix-support/gcc-cflags) $NIX_CFLAGS_COMPILE" +if test -e @out@/nix-support/cc-cflags; then + export NIX_CFLAGS_COMPILE="$(cat @out@/nix-support/cc-cflags) $NIX_CFLAGS_COMPILE" fi if test -e @out@/nix-support/gnat-cflags; then @@ -17,8 +17,8 @@ if test -e @out@/nix-support/libc-ldflags; then export NIX_LDFLAGS="$NIX_LDFLAGS $(cat @out@/nix-support/libc-ldflags)" fi -if test -e @out@/nix-support/gcc-ldflags; then - export NIX_LDFLAGS="$NIX_LDFLAGS $(cat @out@/nix-support/gcc-ldflags)" +if test -e @out@/nix-support/cc-ldflags; then + export NIX_LDFLAGS="$NIX_LDFLAGS $(cat @out@/nix-support/cc-ldflags)" fi if test -e @out@/nix-support/libc-ldflags-before; then diff --git a/pkgs/build-support/gcc-wrapper-old/builder.sh b/pkgs/build-support/gcc-wrapper-old/builder.sh index 1fa72deb234..a8e8a370ec0 100644 --- a/pkgs/build-support/gcc-wrapper-old/builder.sh +++ b/pkgs/build-support/gcc-wrapper-old/builder.sh @@ -45,7 +45,7 @@ else if [ -n "$langVhdl" ]; then gccLDFlags="$gccLDFlags -L$zlib/lib" fi - echo "$gccLDFlags" > $out/nix-support/gcc-ldflags + echo "$gccLDFlags" > $out/nix-support/cc-ldflags # GCC shows $gcc/lib in `gcc -print-search-dirs', but not # $gcc/lib64 (even though it does actually search there...).. @@ -63,7 +63,7 @@ else gnatCFlags="-aI$basePath/adainclude -aO$basePath/adalib" echo "$gnatCFlags" > $out/nix-support/gnat-cflags fi - echo "$gccCFlags" > $out/nix-support/gcc-cflags + echo "$gccCFlags" > $out/nix-support/cc-cflags gccPath="$gcc/bin" # On Illumos/Solaris we might prefer native ld diff --git a/pkgs/build-support/make-desktopitem/default.nix b/pkgs/build-support/make-desktopitem/default.nix index 2f6c827d875..f5b4e5af93a 100644 --- a/pkgs/build-support/make-desktopitem/default.nix +++ b/pkgs/build-support/make-desktopitem/default.nix @@ -10,6 +10,7 @@ , mimeType ? "" , categories ? "Application;Other;" , startupNotify ? null +, extraEntries ? "" }: stdenv.mkDerivation { @@ -27,6 +28,7 @@ stdenv.mkDerivation { GenericName=${genericName} MimeType=${mimeType} Categories=${categories} + ${extraEntries} ${if startupNotify == null then ''EOF'' else '' StartupNotify=${startupNotify} EOF''} diff --git a/pkgs/build-support/rust/default.nix b/pkgs/build-support/rust/default.nix index e0d45141778..79e4366eebe 100644 --- a/pkgs/build-support/rust/default.nix +++ b/pkgs/build-support/rust/default.nix @@ -75,7 +75,7 @@ in stdenv.mkDerivation (args // { ( set -euo pipefail - cd ../deps/registry/src/* + cd $NIX_BUILD_TOP/deps/registry/src/* for script in $patchRegistryDeps/*; do # Run in a subshell so that directory changes and shell options don't diff --git a/pkgs/build-support/rust/fetch-cargo-deps b/pkgs/build-support/rust/fetch-cargo-deps index 5074e26848e..4fbc53d1039 100755 --- a/pkgs/build-support/rust/fetch-cargo-deps +++ b/pkgs/build-support/rust/fetch-cargo-deps @@ -1,183 +1,177 @@ -source $stdenv/setup +fetchCargoDeps() { + src=$(realpath $1) + out=$(realpath $2) -set -euo pipefail + echo "Fetching $src to $out" -src=$(realpath $1) -out=$(realpath $2) + mkdir $out -echo "Fetching $src to $out" + # Configure cargo to fetch from a local copy of the crates.io registry -mkdir $out + echo "Using rust registry from $rustRegistry" -# Configure cargo to fetch from a local copy of the crates.io registry - -echo "Using rust registry from $rustRegistry" - -cat <<EOF > $out/config + cat <<EOF > $out/config [registry] index = "file://$rustRegistry" EOF -export CARGO_HOME=$out -cd $src - -if [[ ! -f Cargo.lock ]]; then - echo - echo "ERROR: The Cargo.lock file doesn't exist" - echo - echo "Cargo.lock is needed to make sure that depsSha256 doesn't change" - echo "when the registry is updated." - echo - - exit 1 -fi - -# We need to do the following string replacement so that 'cargo fetch' -# doesn't ignore the versions specified in Cargo.lock -set +u -substituteInPlace Cargo.lock \ - --replace "registry+https://github.com/rust-lang/crates.io-index" \ - "registry+file://$rustRegistry" -set -u - -# Do any possible 'cargo update -p <pkgName> --precise <version>' ad-hoc updates -eval "$cargoUpdateHook" - -# Do the fetch -cargo fetch --verbose - -# Now that we have fetched everything, let's make the output deterministic - -# Cargo uses the following directory structure for fetched data, where -# $indexHash is a hash of the registry index URL: -# -# -# /config: -# -# Cargo config file. We'll delete this because it's not deterministic, -# and instead recreate it just before running 'cargo build'. -# -# /registry/cache/$indexHash/: -# -# This is where tarballs of registry package dependencies are kept -# We'll need to keep this, but make sure $indexHash is a fixed name. -# -# /registry/index/$indexHash/: -# -# A copy of the registry index is kept here. We can delete this, and -# instead, just before running 'cargo build', we'll symlink this -# directory to our static copy of the registry in the Nix store. -# -# /registry/src/$indexHash/{pkgName-pkgVersion}/: -# -# Here cargo keeps extracted sources of the cached tarballs. -# We'll just delete this because cargo will re-populate them from the -# tarballs. -# -# /git/db/{domain-hash}/: -# -# Here cargo keeps the `.git` directories of git dependencies. -# We'll need to keep these, but make them deterministic. -# -# /git/checkouts/{domain-hash}/{branchName}/: -# -# Here cargo keeps checked-out sources of the git dependencies. -# We can delete this, because cargo will re-populate them from the above -# `.git` directories. -# -# Let's start - -# Remove cargo config file, which points to the ever-changing registry -rm $out/config - -# Save the Cargo.lock file into the output, so that we don't have to do another -# 'cargo update' during the build (which would try to access the network) for -# any ad-hoc package updates (through $cargoUpdateHook). -# -# We need to replace the rustRegistry URL with something deterministic. -# Since the URL won't actually be accessed anymore, it's fine to use /dev/null. - -set +u -substituteInPlace Cargo.lock \ - --replace "registry+file://$rustRegistry" \ - "registry+file:///dev/null" -set -u -mv Cargo.lock $out/ - - -# Let's replace $indexHash with something more deterministic -mv $out/registry/cache/* $out/registry/cache/HASH - -# The registry index changes all the time, so it's not deterministic -# We'll symlink it before running 'cargo build' -rm -rf $out/registry/index/* - -# Make git DBs deterministic -# TODO: test with git submodules -[[ ! -d $out/git/checkouts ]] || (cd $out/git/checkouts && for name in *; do - revs="" - cd "$out/git/checkouts/$name" - while read dir; do - # extract substring: [dir = "./xxx/yyy/.git"] => [branch = "xxx/yyy"] - branch="${dir:2:$((${#dir}-7))}" - - cd "$out/git/checkouts/$name/$branch" - rev="$(git rev-parse HEAD)" - revs="$revs $rev" - done < <(find . -type d -name .git -print) - - echo "List of revs to keep for git db $name: $revs" - - ( - # The following code was adapted from nix-prefetch-git - - cd "$out/git/db/$name" - - export GIT_DIR=. - - # Remove all remote branches - git branch -r | while read branch; do - git branch -rD "$branch" >&2 - done - - # Remove all tags - git tag | while read tag; do - git tag -d "$tag" >&2 - done - - # Remove all local branches - branchrefs=() - eval "$(git for-each-ref --shell --format='branchrefs+=(%(refname))' refs/heads/)" - - for branchref in "${branchrefs[@]}"; do - git update-ref -d "$branchref" >&2 - done - - # Create ad-hoc branches for the revs we need - echo "$revs" | while read rev; do - echo "Creating git branch b_$rev $rev" - git branch b_$rev $rev - done - - # Remove files that have timestamps or otherwise have non-deterministic - # properties. - rm -rf logs/ hooks/ index FETCH_HEAD ORIG_HEAD refs/remotes/origin/HEAD config - - # Do a full repack. Must run single-threaded, or else we lose determinism. - git config pack.threads 1 - git repack -A -d -f - rm -f config - - # Garbage collect unreferenced objects. - git gc --prune=all - ) -done) - -# Remove unneeded outputs -[[ ! -d $out/registry/src ]] || rm -rf $out/registry/src -[[ ! -d $out/git/checkouts ]] || rm -rf $out/git/checkouts - -# XXX: provide some debugging output to see find out why we are seeing -# sporadic hash mismatches -find $out ! -type f -find $out -type f -exec sha256sum {} + + export CARGO_HOME=$out + cd $src + + if [[ ! -f Cargo.lock ]]; then + echo + echo "ERROR: The Cargo.lock file doesn't exist" + echo + echo "Cargo.lock is needed to make sure that depsSha256 doesn't change" + echo "when the registry is updated." + echo + + exit 1 + fi + + # We need to do the following string replacement so that 'cargo fetch' + # doesn't ignore the versions specified in Cargo.lock + substituteInPlace Cargo.lock \ + --replace "registry+https://github.com/rust-lang/crates.io-index" \ + "registry+file://$rustRegistry" + + # Do any possible 'cargo update -p <pkgName> --precise <version>' ad-hoc updates + eval "$cargoUpdateHook" + + # Do the fetch + cargo fetch --verbose + + # Now that we have fetched everything, let's make the output deterministic + + # Cargo uses the following directory structure for fetched data, where + # $indexHash is a hash of the registry index URL: + # + # + # /config: + # + # Cargo config file. We'll delete this because it's not deterministic, + # and instead recreate it just before running 'cargo build'. + # + # /registry/cache/$indexHash/: + # + # This is where tarballs of registry package dependencies are kept + # We'll need to keep this, but make sure $indexHash is a fixed name. + # + # /registry/index/$indexHash/: + # + # A copy of the registry index is kept here. We can delete this, and + # instead, just before running 'cargo build', we'll symlink this + # directory to our static copy of the registry in the Nix store. + # + # /registry/src/$indexHash/{pkgName-pkgVersion}/: + # + # Here cargo keeps extracted sources of the cached tarballs. + # We'll just delete this because cargo will re-populate them from the + # tarballs. + # + # /git/db/{domain-hash}/: + # + # Here cargo keeps the `.git` directories of git dependencies. + # We'll need to keep these, but make them deterministic. + # + # /git/checkouts/{domain-hash}/{branchName}/: + # + # Here cargo keeps checked-out sources of the git dependencies. + # We can delete this, because cargo will re-populate them from the above + # `.git` directories. + # + # Let's start + + # Remove cargo config file, which points to the ever-changing registry + rm $out/config + + # Save the Cargo.lock file into the output, so that we don't have to do another + # 'cargo update' during the build (which would try to access the network) for + # any ad-hoc package updates (through $cargoUpdateHook). + # + # We need to replace the rustRegistry URL with something deterministic. + # Since the URL won't actually be accessed anymore, it's fine to use /dev/null. + + substituteInPlace Cargo.lock \ + --replace "registry+file://$rustRegistry" \ + "registry+file:///dev/null" + mv Cargo.lock $out/ + + + # Let's replace $indexHash with something more deterministic + mv $out/registry/cache/* $out/registry/cache/HASH + + # The registry index changes all the time, so it's not deterministic + # We'll symlink it before running 'cargo build' + rm -rf $out/registry/index/* + + # Make git DBs deterministic + # TODO: test with git submodules + [[ ! -d $out/git/checkouts ]] || (cd $out/git/checkouts && for name in *; do + revs="" + cd "$out/git/checkouts/$name" + while read dir; do + # extract substring: [dir = "./xxx/yyy/.git"] => [branch = "xxx/yyy"] + branch="${dir:2:$((${#dir}-7))}" + + cd "$out/git/checkouts/$name/$branch" + rev="$(git rev-parse HEAD)" + revs="$revs $rev" + done < <(find . -type d -name .git -print) + + echo "List of revs to keep for git db $name: $revs" + + ( + # The following code was adapted from nix-prefetch-git + + cd "$out/git/db/$name" + + export GIT_DIR=. + + # Remove all remote branches + git branch -r | while read branch; do + git branch -rD "$branch" >&2 + done + + # Remove all tags + git tag | while read tag; do + git tag -d "$tag" >&2 + done + + # Remove all local branches + branchrefs=() + eval "$(git for-each-ref --shell --format='branchrefs+=(%(refname))' refs/heads/)" + + for branchref in "${branchrefs[@]}"; do + git update-ref -d "$branchref" >&2 + done + + # Create ad-hoc branches for the revs we need + echo "$revs" | while read rev; do + echo "Creating git branch b_$rev $rev" + git branch b_$rev $rev + done + + # Remove files that have timestamps or otherwise have non-deterministic + # properties. + rm -rf logs/ hooks/ index FETCH_HEAD ORIG_HEAD refs/remotes/origin/HEAD config + + # Do a full repack. Must run single-threaded, or else we lose determinism. + git config pack.threads 1 + git repack -A -d -f + rm -f config + + # Garbage collect unreferenced objects. + git gc --prune=all + ) + done) + + # Remove unneeded outputs + [[ ! -d $out/registry/src ]] || rm -rf $out/registry/src + [[ ! -d $out/git/checkouts ]] || rm -rf $out/git/checkouts + + # XXX: provide some debugging output to see find out why we are seeing + # sporadic hash mismatches + find $out ! -type f + find $out -type f -exec sha256sum {} + +} diff --git a/pkgs/build-support/rust/fetchcargo.nix b/pkgs/build-support/rust/fetchcargo.nix index 95eefbedc32..51842000262 100644 --- a/pkgs/build-support/rust/fetchcargo.nix +++ b/pkgs/build-support/rust/fetchcargo.nix @@ -9,15 +9,17 @@ stdenv.mkDerivation { phases = "unpackPhase installPhase"; installPhase = '' - bash ${./fetch-cargo-deps} . "$out" + source ${./fetch-cargo-deps} + + export SSL_CERT_FILE=${cacert}/etc/ssl/certs/ca-bundle.crt + + fetchCargoDeps . "$out" ''; outputHashAlgo = "sha256"; outputHashMode = "recursive"; outputHash = sha256; - SSL_CERT_FILE = "${cacert}/etc/ssl/certs/ca-bundle.crt"; - impureEnvVars = [ "http_proxy" "https_proxy" "ftp_proxy" "all_proxy" "no_proxy" ]; preferLocalBuild = true; } diff --git a/pkgs/build-support/setup-hooks/separate-debug-info.sh b/pkgs/build-support/setup-hooks/separate-debug-info.sh index 55e3236847d..37753d9ce40 100644 --- a/pkgs/build-support/setup-hooks/separate-debug-info.sh +++ b/pkgs/build-support/setup-hooks/separate-debug-info.sh @@ -11,14 +11,9 @@ _separateDebugInfo() { dst="$dst/lib/debug/.build-id" # Find executables and dynamic libraries. - local -a files=($(find "$prefix" -type f -a \( -perm /0100 -o -name "*.so" -o -name "*.so.*" \))) - local i magic - for i in "${files[@]}"; do - # Skip non-ELF files. - exec 10< "$i" - read -n 4 -u 10 magic - exec 10<&- + while IFS= read -r -d $'\0' i; do + if ! isELF "$i"; then continue; fi # Extract the Build ID. FIXME: there's probably a cleaner way. local id="$(readelf -n "$i" | sed 's/.*Build ID: \([0-9a-f]*\).*/\1/; t; d')" @@ -35,7 +30,7 @@ _separateDebugInfo() { # Also a create a symlink <original-name>.debug. ln -sfn ".build-id/${id:0:2}/${id:2}.debug" "$dst/../$(basename "$i")" - done + done < <(find "$prefix" -type f -print0) } # - We might prefer to compress the debug info during link-time already, diff --git a/pkgs/build-support/trivial-builders.nix b/pkgs/build-support/trivial-builders.nix index 134ef48ad06..93b8b1cbc42 100644 --- a/pkgs/build-support/trivial-builders.nix +++ b/pkgs/build-support/trivial-builders.nix @@ -118,15 +118,16 @@ rec { name = name_; outputHashAlgo = hashAlgo; outputHash = hash; + preferLocalBuild = true; builder = writeScript "restrict-message" '' -source ${stdenv}/setup -cat <<_EOF_ + source ${stdenv}/setup + cat <<_EOF_ -*** -${msg} -*** + *** + ${msg} + *** -_EOF_ + _EOF_ ''; }; @@ -156,6 +157,9 @@ _EOF_ ''; # Copy a path to the Nix store. + # Nix automatically copies files to the store before stringifying paths. + # If you need the store path of a file, ${copyPathToStore <path>} can be + # shortened to ${<path>}. copyPathToStore = builtins.filterSource (p: t: true); # Copy a list of paths to the Nix store. diff --git a/pkgs/build-support/vm/default.nix b/pkgs/build-support/vm/default.nix index 97554e4e19e..9d9974660a1 100644 --- a/pkgs/build-support/vm/default.nix +++ b/pkgs/build-support/vm/default.nix @@ -11,6 +11,15 @@ rec { qemu = pkgs.qemu_kvm; + qemu-220 = lib.overrideDerivation pkgs.qemu_kvm (attrs: rec { + version = "2.2.0"; + src = fetchurl { + url = "http://wiki.qemu.org/download/qemu-${version}.tar.bz2"; + sha256 = "1703c3scl5n07gmpilg7g2xzyxnr7jczxgx6nn4m8kv9gin9p35n"; + }; + patches = [ ../../../nixos/modules/virtualisation/azure-qemu-220-no-etc-install.patch ]; + }); + qemuProg = "${qemu}/bin/qemu-kvm"; diff --git a/pkgs/build-support/vm/rpm/rpm-closure.pl b/pkgs/build-support/vm/rpm/rpm-closure.pl index 8f7669d6fef..6442cd91a95 100644 --- a/pkgs/build-support/vm/rpm/rpm-closure.pl +++ b/pkgs/build-support/vm/rpm/rpm-closure.pl @@ -90,7 +90,7 @@ for (my $i = 0; $i < scalar(@packagesFiles); $i++) { } my %provides; -PKG: foreach my $pkgName (keys %pkgs) { +PKG: foreach my $pkgName (sort(keys %pkgs)) { #print STDERR "looking at $pkgName\n"; my $pkg = $pkgs{$pkgName}; |