diff options
| author | Alyssa Ross <hi@alyssa.is> | 2023-11-21 16:12:21 +0100 |
|---|---|---|
| committer | Alyssa Ross <hi@alyssa.is> | 2023-11-21 16:12:48 +0100 |
| commit | 048a4cd441a59cbf89defb18bb45c9f0b4429b35 (patch) | |
| tree | f8f5850ff05521ab82d65745894714a8796cbfb6 /pkgs/stdenv | |
| parent | 030c5028b07afcedce7c5956015c629486cc79d9 (diff) | |
| parent | 4c2d05dd6435d449a3651a6dd314d9411b5f8146 (diff) | |
| download | nixpkgs-rootfs.tar nixpkgs-rootfs.tar.gz nixpkgs-rootfs.tar.bz2 nixpkgs-rootfs.tar.lz nixpkgs-rootfs.tar.xz nixpkgs-rootfs.tar.zst nixpkgs-rootfs.zip | |
Signed-off-by: Alyssa Ross <hi@alyssa.is>
Diffstat (limited to 'pkgs/stdenv')
25 files changed, 521 insertions, 268 deletions
diff --git a/pkgs/stdenv/adapters.nix b/pkgs/stdenv/adapters.nix index f29bdf671c8..dd298719071 100644 --- a/pkgs/stdenv/adapters.nix +++ b/pkgs/stdenv/adapters.nix @@ -42,6 +42,50 @@ rec { stdenv.override (prev: { allowedRequisites = null; extraBuildInputs = (prev.extraBuildInputs or []) ++ pkgs; }); + # Override the libc++ dynamic library used in the stdenv to use the one from the platform’s + # default stdenv. This allows building packages and linking dependencies with different + # compiler versions while still using the same libc++ implementation for compatibility. + # + # Note that this adapter still uses the headers from the new stdenv’s libc++. This is necessary + # because older compilers may not be able to parse the headers from the default stdenv’s libc++. + overrideLibcxx = stdenv: + assert stdenv.cc.libcxx != null; + let + llvmLibcxxVersion = lib.getVersion llvmLibcxx; + stdenvLibcxxVersion = lib.getVersion stdenvLibcxx; + + stdenvLibcxx = pkgs.stdenv.cc.libcxx; + stdenvCxxabi = pkgs.stdenv.cc.libcxx.cxxabi; + + llvmLibcxx = stdenv.cc.libcxx; + llvmCxxabi = stdenv.cc.libcxx.cxxabi; + + libcxx = pkgs.runCommand "${stdenvLibcxx.name}-${llvmLibcxxVersion}" { + outputs = [ "out" "dev" ]; + inherit cxxabi; + isLLVM = true; + } '' + mkdir -p "$dev/nix-support" + ln -s '${stdenvLibcxx}' "$out" + echo '${stdenvLibcxx}' > "$dev/nix-support/propagated-build-inputs" + ln -s '${lib.getDev llvmLibcxx}/include' "$dev/include" + ''; + + cxxabi = pkgs.runCommand "${stdenvCxxabi.name}-${llvmLibcxxVersion}" { + outputs = [ "out" "dev" ]; + inherit (stdenvCxxabi) libName; + } '' + mkdir -p "$dev/nix-support" + ln -s '${stdenvCxxabi}' "$out" + echo '${stdenvCxxabi}' > "$dev/nix-support/propagated-build-inputs" + ln -s '${lib.getDev llvmCxxabi}/include' "$dev/include" + ''; + in + overrideCC stdenv (stdenv.cc.override { + inherit libcxx; + extraPackages = [ cxxabi pkgs.pkgsTargetTarget."llvmPackages_${lib.versions.major llvmLibcxxVersion}".compiler-rt ]; + }); + # Override the setup script of stdenv. Useful for testing new # versions of the setup script without causing a rebuild of # everything. @@ -60,12 +104,13 @@ rec { mkDerivationFromStdenv = withOldMkDerivation old (stdenv: mkDerivationSuper: args: if stdenv.hostPlatform.isDarwin then throw "Cannot build fully static binaries on Darwin/macOS" - else (mkDerivationSuper args).overrideAttrs(finalAttrs: { - NIX_CFLAGS_LINK = toString (finalAttrs.NIX_CFLAGS_LINK or "") + " -static"; - } // lib.optionalAttrs (!(finalAttrs.dontAddStaticConfigureFlags or false)) { - configureFlags = (finalAttrs.configureFlags or []) ++ [ - "--disable-shared" # brrr... - ]; + else (mkDerivationSuper args).overrideAttrs (args: { + NIX_CFLAGS_LINK = toString (args.NIX_CFLAGS_LINK or "") + " -static"; + } // lib.optionalAttrs (!(args.dontAddStaticConfigureFlags or false)) { + configureFlags = (args.configureFlags or []) ++ [ + "--disable-shared" # brrr... + ]; + cmakeFlags = (args.cmakeFlags or []) ++ ["-DCMAKE_SKIP_INSTALL_RPATH=On"]; })); } // lib.optionalAttrs (stdenv0.hostPlatform.libc == "glibc") { extraBuildInputs = (old.extraBuildInputs or []) ++ [ @@ -192,18 +237,15 @@ rec { useMoldLinker = stdenv: let bintools = stdenv.cc.bintools.override { extraBuildCommands = '' - wrap ld.mold ${../build-support/bintools-wrapper/ld-wrapper.sh} ${pkgs.mold}/bin/ld.mold - wrap ld ${../build-support/bintools-wrapper/ld-wrapper.sh} ${pkgs.mold}/bin/ld.mold + wrap ${stdenv.cc.bintools.targetPrefix}ld.mold ${../build-support/bintools-wrapper/ld-wrapper.sh} ${pkgs.mold}/bin/ld.mold + wrap ${stdenv.cc.bintools.targetPrefix}ld ${../build-support/bintools-wrapper/ld-wrapper.sh} ${pkgs.mold}/bin/ld.mold ''; }; in stdenv.override (old: { - cc = stdenv.cc.override { - inherit bintools; - }; - allowedRequisites = - lib.mapNullable (rs: rs ++ [ bintools pkgs.mold (lib.getLib pkgs.mimalloc) (lib.getLib pkgs.openssl) ]) (stdenv.allowedRequisites or null); - # gcc >12.1.0 supports '-fuse-ld=mold' - # the wrap ld above in bintools supports gcc <12.1.0 and shouldn't harm >12.1.0 + allowedRequisites = null; + cc = stdenv.cc.override { inherit bintools; }; + # gcc >12.1.0 supports '-fuse-ld=mold' + # the wrap ld above in bintools supports gcc <12.1.0 and shouldn't harm >12.1.0 # https://github.com/rui314/mold#how-to-use } // lib.optionalAttrs (stdenv.cc.isClang || (stdenv.cc.isGNU && lib.versionAtLeast stdenv.cc.version "12")) { mkDerivationFromStdenv = extendMkDerivationArgs old (args: { @@ -248,4 +290,131 @@ rec { env = (args.env or {}) // { NIX_CFLAGS_COMPILE = toString (args.env.NIX_CFLAGS_COMPILE or "") + " ${toString compilerFlags}"; }; }); }); + + # Overriding the SDK changes the Darwin SDK used to build the package, which: + # * Ensures that the compiler and bintools have the correct Libsystem version; and + # * Replaces any SDK references with those in the SDK corresponding to the requested SDK version. + # + # `sdkVersion` can be any of the following: + # * A version string indicating the requested SDK version; or + # * An attrset consisting of either or both of the following fields: darwinSdkVersion and darwinMinVersion. + overrideSDK = stdenv: sdkVersion: + let + inherit ( + { inherit (stdenv.hostPlatform) darwinMinVersion darwinSdkVersion; } + // (if lib.isAttrs sdkVersion then sdkVersion else { darwinSdkVersion = sdkVersion; }) + ) darwinMinVersion darwinSdkVersion; + + sdk = pkgs.darwin."apple_sdk_${lib.replaceStrings [ "." ] [ "_" ] darwinSdkVersion}"; + # TODO: Make this unconditional after #229210 has been merged, + # and the 10.12 SDK is updated to follow the new structure. + Libsystem = if darwinSdkVersion == "10.12" then pkgs.darwin.Libsystem else sdk.Libsystem; + + replacePropagatedFrameworks = pkg: + let + propagatedInputs = pkg.propagatedBuildInputs; + mappedInputs = map mapPackageToSDK propagatedInputs; + + env = { + inherit (pkg) outputs; + # Map old frameworks to new ones and the package’s outputs to their original outPaths. + # Also map any packages that have propagated frameworks to their proxy packages using + # the requested SDK version. These mappings are rendered into tab-separated files to be + # parsed and read back with `read`. + dependencies = lib.concatMapStrings (pair: "${pair.fst}\t${pair.snd}\n") (lib.zipLists propagatedInputs mappedInputs); + pkgOutputs = lib.concatMapStrings (output: "${output}\t${(lib.getOutput output pkg).outPath}\n") pkg.outputs; + passAsFile = [ "dependencies" "pkgOutputs" ]; + }; + in + # Only remap the package’s propagated inputs if there are any and if any of them were themselves remapped. + if lib.length propagatedInputs > 0 && propagatedInputs != mappedInputs + then pkgs.runCommand pkg.name env '' + # Iterate over the outputs in the package being replaced to make sure the proxy is + # a fully functional replacement. This is like `symlinkJoin` except for outputs and + # the contents of `nix-support`, which will be customized for the requested SDK. + while IFS=$'\t\n' read -r outputName pkgOutputPath; do + mkdir -p "''${!outputName}" + + for targetPath in "$pkgOutputPath"/*; do + targetName=$(basename "$targetPath") + + # `nix-support` is special-cased because any propagated inputs need their SDK + # frameworks replaced with those from the requested SDK. + if [ "$targetName" == "nix-support" ]; then + mkdir "''${!outputName}/nix-support" + + for file in "$targetPath"/*; do + fileName=$(basename "$file") + + if [ "$fileName" == "propagated-build-inputs" ]; then + cp "$file" "''${!outputName}/nix-support/$fileName" + + while IFS=$'\t\n' read -r oldFramework newFramework; do + substituteInPlace "''${!outputName}/nix-support/$fileName" \ + --replace "$oldFramework" "$newFramework" + done < "$dependenciesPath" + fi + done + else + ln -s "$targetPath" "''${!outputName}/$targetName" + fi + done + done < "$pkgOutputsPath" + '' + else pkg; + + # Remap a framework from one SDK version to another. + mapPackageToSDK = pkg: + let + name = lib.getName pkg; + framework = lib.removePrefix "apple-framework-" name; + in + /**/ if pkg == null then pkg + else if name != framework then sdk.frameworks."${framework}" + else replacePropagatedFrameworks pkg; + + mapRuntimeToSDK = pkg: + # Only remap xcbuild for now, which exports the SDK used to build it. + if pkg != null && lib.isAttrs pkg && lib.getName pkg == "xcodebuild" + then pkg.override { stdenv = overrideSDK stdenv { inherit darwinMinVersion darwinSdkVersion; }; } + else pkg; + + mapInputsToSDK = inputs: args: + let + runsAtBuild = lib.flip lib.elem [ + "depsBuildBuild" + "depsBuildBuildPropagated" + "nativeBuildInputs" + "propagatedNativeBuildInputs" + "depsBuildTarget" + "depsBuildTargetPropagated" + ]; + atBuildInputs = lib.filter runsAtBuild inputs; + atRuntimeInputs = lib.subtractLists atBuildInputs inputs; + in + lib.genAttrs atRuntimeInputs (input: map mapPackageToSDK (args."${input}" or [ ])) + // lib.genAttrs atBuildInputs (input: map mapRuntimeToSDK (args."${input}" or [ ])); + + mkCC = cc: cc.override { + bintools = cc.bintools.override { libc = Libsystem; }; + libc = Libsystem; + }; + in + # TODO: make this work across all input types and not just propagatedBuildInputs + stdenv.override (old: { + buildPlatform = old.buildPlatform // { inherit darwinMinVersion darwinSdkVersion; }; + hostPlatform = old.hostPlatform // { inherit darwinMinVersion darwinSdkVersion; }; + targetPlatform = old.targetPlatform // { inherit darwinMinVersion darwinSdkVersion; }; + + allowedRequisites = null; + cc = mkCC old.cc; + + extraBuildInputs = [sdk.frameworks.CoreFoundation ]; + mkDerivationFromStdenv = extendMkDerivationArgs old (mapInputsToSDK [ + "buildInputs" + "nativeBuildInputs" + "propagatedNativeBuildInputs" + "propagatedBuildInputs" + ]); + }); } diff --git a/pkgs/stdenv/darwin/default.nix b/pkgs/stdenv/darwin/default.nix index 25a80fd11aa..c94c56daae1 100644 --- a/pkgs/stdenv/darwin/default.nix +++ b/pkgs/stdenv/darwin/default.nix @@ -245,7 +245,8 @@ in coreutils = bootstrapTools; gnugrep = bootstrapTools; - pbzx = bootstrapTools; + # Either pbzx or Libsystem is required from bootstrap tools (one is used building the other). + pbzx = if localSystem.isAarch64 then bootstrapTools else super.pbzx; cpio = self.stdenv.mkDerivation { name = "bootstrap-stage0-cpio"; buildCommand = '' @@ -255,7 +256,11 @@ in passthru.isFromBootstrapFiles = true; }; - darwin = super.darwin.overrideScope (selfDarwin: _: { + darwin = super.darwin.overrideScope (selfDarwin: superDarwin: { + # Prevent CF from being propagated to the initial stdenv. Packages that require it + # will have to manually add it to their build inputs. + CF = null; + binutils-unwrapped = bootstrapTools // { version = "boot"; }; @@ -296,15 +301,6 @@ in sigtool = bootstrapTools; } // lib.optionalAttrs (! useAppleSDKLibs) { - CF = self.stdenv.mkDerivation { - name = "bootstrap-stage0-CF"; - buildCommand = '' - mkdir -p $out/Library/Frameworks - ln -s ${bootstrapTools}/Library/Frameworks/CoreFoundation.framework $out/Library/Frameworks - ''; - passthru.isFromBootstrapFiles = true; - }; - Libsystem = self.stdenv.mkDerivation { name = "bootstrap-stage0-Libsystem"; buildCommand = '' @@ -424,15 +420,18 @@ in # making sure both packages are present on x86_64-darwin and aarch64-darwin. (prevStage: # previous stage0 stdenv: - assert lib.all isFromBootstrapFiles (with prevStage; [ bash coreutils cpio gnugrep pbzx ]); + assert lib.all isFromBootstrapFiles ( + with prevStage; [ bash coreutils cpio gnugrep ] ++ lib.optionals useAppleSDKLibs [ pbzx ] + ); assert lib.all isFromBootstrapFiles (with prevStage.darwin; [ binutils-unwrapped cctools print-reexports rewrite-tbd sigtool ]); - assert (! useAppleSDKLibs) -> lib.all isFromBootstrapFiles (with prevStage.darwin; [ CF Libsystem ]); - assert useAppleSDKLibs -> lib.all isFromNixpkgs (with prevStage.darwin; [ CF Libsystem ]); + assert (! useAppleSDKLibs) -> lib.all isFromBootstrapFiles (with prevStage.darwin; [ Libsystem ]); + assert useAppleSDKLibs -> lib.all isFromNixpkgs (with prevStage.darwin; [ Libsystem ]); assert lib.all isFromNixpkgs (with prevStage.darwin; [ dyld launchd xnu ]); + assert (with prevStage.darwin; (! useAppleSDKLibs) -> CF == null); assert lib.all isFromBootstrapFiles (with prevStage.llvmPackages; [ clang-unwrapped libclang libllvm llvm compiler-rt libcxx libcxxabi @@ -445,7 +444,11 @@ in inherit (prevStage) ccWrapperStdenv coreutils gnugrep; - cmake = super.cmakeMinimal; + # Use this stage’s CF to build CMake. It’s required but can’t be included in the stdenv. + cmake = self.cmakeMinimal; + cmakeMinimal = super.cmakeMinimal.overrideAttrs (old: { + buildInputs = old.buildInputs ++ [ self.darwin.CF ]; + }); curl = super.curlMinimal; @@ -457,9 +460,18 @@ in ninja = super.ninja.override { buildDocs = false; }; - python3 = super.python3Minimal; + # Use this stage’s CF to build Python. It’s required but can’t be included in the stdenv. + python3 = self.python3Minimal; + python3Minimal = super.python3Minimal.overrideAttrs (old: { + buildInputs = old.buildInputs ++ [ self.darwin.CF ]; + }); darwin = super.darwin.overrideScope (selfDarwin: superDarwin: { + # Use this stage’s CF to build configd. It’s required but can’t be included in the stdenv. + configd = superDarwin.configd.overrideAttrs (old: { + buildInputs = old.buildInputs or [ ] ++ [ self.darwin.CF ]; + }); + signingUtils = prevStage.darwin.signingUtils.override { inherit (selfDarwin) sigtool; }; @@ -529,7 +541,8 @@ in assert lib.all isBuiltByBootstrapFilesCompiler (with prevStage.darwin; [ binutils-unwrapped cctools locale libtapi print-reexports rewrite-tbd sigtool ]); - assert (! useAppleSDKLibs) -> lib.all isBuiltByBootstrapFilesCompiler (with prevStage.darwin; [ CF Libsystem configd ]); + assert (! useAppleSDKLibs) -> lib.all isBuiltByBootstrapFilesCompiler (with prevStage.darwin; [ Libsystem configd ]); + assert (! useAppleSDKLibs) -> lib.all isFromNixpkgs (with prevStage.darwin; [ CF ]); assert useAppleSDKLibs -> lib.all isFromNixpkgs (with prevStage.darwin; [ CF Libsystem libobjc]); assert lib.all isFromNixpkgs (with prevStage.darwin; [ dyld launchd xnu ]); @@ -628,7 +641,8 @@ in binutils-unwrapped cctools locale libtapi print-reexports rewrite-tbd sigtool ]); - assert (! useAppleSDKLibs) -> lib.all isBuiltByBootstrapFilesCompiler (with prevStage.darwin; [ CF Libsystem configd ]); + assert (! useAppleSDKLibs) -> lib.all isBuiltByBootstrapFilesCompiler (with prevStage.darwin; [ Libsystem configd ]); + assert (! useAppleSDKLibs) -> lib.all isFromNixpkgs (with prevStage.darwin; [ CF ]); assert useAppleSDKLibs -> lib.all isFromNixpkgs (with prevStage.darwin; [ CF Libsystem libobjc ]); assert lib.all isFromNixpkgs (with prevStage.darwin; [ dyld launchd xnu ]); @@ -725,7 +739,8 @@ in binutils-unwrapped cctools locale libtapi print-reexports rewrite-tbd sigtool ]); - assert (! useAppleSDKLibs) -> lib.all isBuiltByBootstrapFilesCompiler (with prevStage.darwin; [ CF Libsystem configd ]); + assert (! useAppleSDKLibs) -> lib.all isBuiltByBootstrapFilesCompiler (with prevStage.darwin; [ Libsystem configd ]); + assert (! useAppleSDKLibs) -> lib.all isFromNixpkgs (with prevStage.darwin; [ CF ]); assert useAppleSDKLibs -> lib.all isFromNixpkgs (with prevStage.darwin; [ CF Libsystem libobjc ]); assert lib.all isFromNixpkgs (with prevStage.darwin; [ dyld launchd libclosure libdispatch xnu ]); @@ -824,8 +839,9 @@ in binutils-unwrapped cctools locale libtapi print-reexports rewrite-tbd sigtool ]); - assert (! useAppleSDKLibs) -> lib.all isBuiltByBootstrapFilesCompiler (with prevStage.darwin; [ CF configd ]); + assert (! useAppleSDKLibs) -> lib.all isBuiltByBootstrapFilesCompiler (with prevStage.darwin; [ configd ]); assert (! useAppleSDKLibs) -> lib.all isBuiltByNixpkgsCompiler (with prevStage.darwin; [ Libsystem ]); + assert (! useAppleSDKLibs) -> lib.all isFromNixpkgs (with prevStage.darwin; [ CF ]); assert useAppleSDKLibs -> lib.all isFromNixpkgs (with prevStage.darwin; [ CF Libsystem libobjc ]); assert lib.all isFromNixpkgs (with prevStage.darwin; [ dyld launchd libclosure libdispatch xnu ]); @@ -951,7 +967,8 @@ in ]); assert (! useAppleSDKLibs) -> lib.all isBuiltByBootstrapFilesCompiler (with prevStage.darwin; [ configd ]); - assert (! useAppleSDKLibs) -> lib.all isBuiltByNixpkgsCompiler (with prevStage.darwin; [ CF Libsystem ]); + assert (! useAppleSDKLibs) -> lib.all isBuiltByNixpkgsCompiler (with prevStage.darwin; [ Libsystem ]); + assert (! useAppleSDKLibs) -> lib.all isFromNixpkgs (with prevStage.darwin; [ CF ]); assert useAppleSDKLibs -> lib.all isFromNixpkgs (with prevStage.darwin; [ CF Libsystem libobjc ]); assert lib.all isFromNixpkgs (with prevStage.darwin; [ dyld launchd libclosure libdispatch xnu ]); @@ -1031,7 +1048,8 @@ in ]); assert (! useAppleSDKLibs) -> lib.all isBuiltByBootstrapFilesCompiler (with prevStage.darwin; [ configd ]); - assert (! useAppleSDKLibs) -> lib.all isBuiltByNixpkgsCompiler (with prevStage.darwin; [ CF Libsystem ]); + assert (! useAppleSDKLibs) -> lib.all isBuiltByNixpkgsCompiler (with prevStage.darwin; [ Libsystem ]); + assert (! useAppleSDKLibs) -> lib.all isFromNixpkgs (with prevStage.darwin; [ CF ]); assert useAppleSDKLibs -> lib.all isFromNixpkgs (with prevStage.darwin; [ CF Libsystem libobjc ]); assert lib.all isFromNixpkgs (with prevStage.darwin; [ dyld launchd libclosure libdispatch xnu ]); @@ -1047,9 +1065,9 @@ in overrides = self: super: { inherit (prevStage) ccWrapperStdenv - autoconf automake bash bison cmake cmakeMinimal cpio cyrus_sasl db expat flex groff - libedit libtool m4 ninja openldap openssh patchutils pbzx perl pkg-config python3 - python3Minimal scons serf sqlite subversion sysctl texinfo unzip which + autoconf automake bash bison cmake cmakeMinimal cyrus_sasl db expat flex groff + libedit libtool m4 ninja openldap openssh patchutils perl pkg-config python3 scons + serf sqlite subversion sysctl texinfo unzip which # CF dependencies - don’t rebuild them. icu @@ -1057,11 +1075,40 @@ in # LLVM dependencies - don’t rebuild them. libffi libiconv libxml2 ncurses zlib; + # These overrides are required to break an infinite recursion. curl depends on Darwin + # frameworks, but those frameworks require these dependencies to build, which + # depend on curl indirectly. + cpio = super.cpio.override { + inherit (prevStage) fetchurl; + }; + + libyaml = super.libyaml.override { + inherit (prevStage) fetchFromGitHub; + }; + + pbzx = super.pbzx.override { + inherit (prevStage) fetchFromGitHub; + }; + + python3Minimal = super.python3Minimal.override { + inherit (prevStage) fetchurl; + }; + + xar = super.xar.override { + inherit (prevStage) fetchurl; + }; + darwin = super.darwin.overrideScope (selfDarwin: superDarwin: { inherit (prevStage.darwin) dyld CF Libsystem darwin-stubs # CF dependencies - don’t rebuild them. libobjc objc4; + # rewrite-tbd is also needed to build Darwin frameworks, so it’s built using the + # previous stage’s fetchFromGitHub to avoid an infinite recursion (same as above). + rewrite-tbd = superDarwin.rewrite-tbd.override { + inherit (prevStage) fetchFromGitHub; + }; + signingUtils = superDarwin.signingUtils.override { inherit (selfDarwin) sigtool; }; @@ -1158,16 +1205,18 @@ in (prevStage: # previous stage4 stdenv: assert lib.all isBuiltByNixpkgsCompiler (with prevStage; [ - bash binutils-unwrapped brotli bzip2 curl diffutils ed file findutils gawk gettext gmp - gnugrep gnumake gnused gnutar gzip icu libffi libiconv libidn2 libkrb5 libssh2 - libunistring libxml2 ncurses nghttp2 openbsm openpam openssl patch pcre xz zlib zstd + bash binutils-unwrapped brotli bzip2 cpio curl diffutils ed file findutils gawk + gettext gmp gnugrep gnumake gnused gnutar gzip icu libffi libiconv libidn2 libkrb5 + libssh2 libunistring libxml2 libyaml ncurses nghttp2 openbsm openpam openssl patch + pbzx pcre python3Minimal xar xz zlib zstd ]); assert lib.all isBuiltByNixpkgsCompiler (with prevStage.darwin; [ binutils-unwrapped cctools libtapi locale print-reexports rewrite-tbd sigtool ]); - assert (! useAppleSDKLibs) -> lib.all isBuiltByNixpkgsCompiler (with prevStage.darwin; [ CF Libsystem configd ]); + assert (! useAppleSDKLibs) -> lib.all isBuiltByNixpkgsCompiler (with prevStage.darwin; [ Libsystem configd ]); + assert (! useAppleSDKLibs) -> lib.all isFromNixpkgs (with prevStage.darwin; [ CF ]); assert useAppleSDKLibs -> lib.all isFromNixpkgs (with prevStage.darwin; [ CF Libsystem libobjc ]); assert lib.all isFromNixpkgs (with prevStage.darwin; [ dyld launchd libclosure libdispatch xnu ]); @@ -1176,9 +1225,9 @@ in ]); assert lib.all isBuiltByBootstrapFilesCompiler (with prevStage; [ - autoconf automake bison cmake cmakeMinimal cpio cyrus_sasl db expat flex groff libedit - libtool m4 ninja openldap openssh patchutils pbzx perl pkg-config.pkg-config python3 - python3Minimal scons serf sqlite subversion sysctl.provider texinfo unzip which + autoconf automake bison cmake cmakeMinimal cyrus_sasl db expat flex groff libedit + libtool m4 ninja openldap openssh patchutils perl pkg-config.pkg-config python3 scons + serf sqlite subversion sysctl.provider texinfo unzip which ]); assert prevStage.darwin.cctools == prevStage.darwin.cctools-llvm; @@ -1307,14 +1356,14 @@ in overrides = self: super: { inherit (prevStage) - bash binutils brotli bzip2 coreutils curl diffutils ed file findutils gawk gettext - gmp gnugrep gnumake gnused gnutar gzip icu libffi libiconv libidn2 libssh2 - libunistring libxml2 ncurses nghttp2 openbsm openpam openssl patch pcre xz zlib - zstd; + bash binutils brotli bzip2 coreutils cpio curl diffutils ed file findutils gawk + gettext gmp gnugrep gnumake gnused gnutar gzip icu libffi libiconv libidn2 libssh2 + libunistring libxml2 libyaml ncurses nghttp2 openbsm openpam openssl patch pbzx + pcre python3Minimal xar xz zlib zstd; darwin = super.darwin.overrideScope (_: _: { inherit (prevStage.darwin) - CF ICU Libsystem darwin-stubs dyld locale libobjc libtapi xnu; + CF ICU Libsystem darwin-stubs dyld locale libobjc libtapi rewrite-tbd xnu; } // lib.optionalAttrs (super.stdenv.targetPlatform == localSystem) { inherit (prevStage.darwin) binutils binutils-unwrapped cctools-llvm cctools-port; }); diff --git a/pkgs/stdenv/darwin/make-bootstrap-tools.nix b/pkgs/stdenv/darwin/make-bootstrap-tools.nix index 46ba25f8603..1324c78c5fd 100644 --- a/pkgs/stdenv/darwin/make-bootstrap-tools.nix +++ b/pkgs/stdenv/darwin/make-bootstrap-tools.nix @@ -1,5 +1,21 @@ { pkgspath ? ../../.., test-pkgspath ? pkgspath , localSystem ? { system = builtins.currentSystem; } +# Specify the desired LLVM version in an overlay to avoid the use of +# mismatching versions. +# +# The llvmPackages that we take things (clang, libc++ and such) from +# is specified explicitly to be llvmPackages_11 to keep the +# bootstrap-tools stable. However, tools like otool, +# install_name_tool and strip are taken straight from stdenv.cc, +# which, after the bump, is a different LLVM version altogether. +# +# The original intent was that bootstrap-tools specified LLVM 11 +# exhaustively but it didn't. That should be rectified with this +# PR. As to why stick with 11? That's just to keep the +# bootstrap-tools unchanged. +# +# https://github.com/NixOS/nixpkgs/pull/267058/files#r1390889848 +, overlays ? [(self: super: { llvmPackages = super.llvmPackages_11; })] , crossSystem ? null , bootstrapFiles ? null }: @@ -13,11 +29,9 @@ let cross = if crossSystem != null in (import "${pkgspath}/pkgs/stdenv/darwin" args'); } else {}; -in with import pkgspath ({ inherit localSystem; } // cross // custom-bootstrap); +in with import pkgspath ({ inherit localSystem overlays; } // cross // custom-bootstrap); -let - llvmPackages = llvmPackages_11; -in rec { +rec { coreutils_ = coreutils.override (args: { # We want coreutils without ACL support. aclSupport = false; @@ -28,7 +42,7 @@ in rec { cctools_ = darwin.cctools; # Avoid debugging larger changes for now. - bzip2_ = bzip2.override (args: { linkStatic = true; }); + bzip2_ = bzip2.override (args: { enableStatic = true; enableShared = false; }); # Avoid messing with libkrb5 and libnghttp2. curl_ = curlMinimal.override (args: { gssSupport = false; http2Support = false; }); @@ -211,7 +225,7 @@ in rec { }; bootstrapTools = derivation { - inherit (localSystem) system; + inherit (stdenv.hostPlatform) system; name = "bootstrap-tools"; builder = "${bootstrapFiles.tools}/bin/bash"; diff --git a/pkgs/stdenv/generic/check-meta.nix b/pkgs/stdenv/generic/check-meta.nix index 63fd00d266e..9a794531bc1 100644 --- a/pkgs/stdenv/generic/check-meta.nix +++ b/pkgs/stdenv/generic/check-meta.nix @@ -152,9 +152,8 @@ let # flakeNote will be printed in the remediation messages below. flakeNote = " - Note: For `nix shell`, `nix build`, `nix develop` or any other Nix 2.4+ - (Flake) command, `--impure` must be passed in order to read this - environment variable. + Note: When using `nix shell`, `nix build`, `nix develop`, etc with a flake, + then pass `--impure` in order to allow use of environment variables. "; remediate_allowlist = allow_attr: rebuild_amendment: attrs: diff --git a/pkgs/stdenv/generic/default-builder.sh b/pkgs/stdenv/generic/default-builder.sh index 8c6fec7873b..d49fb8aa57f 100644 --- a/pkgs/stdenv/generic/default-builder.sh +++ b/pkgs/stdenv/generic/default-builder.sh @@ -1,6 +1,4 @@ -if [ -f .attrs.sh ]; then - . .attrs.sh -fi +if [ -e "$NIX_ATTRS_SH_FILE" ]; then . "$NIX_ATTRS_SH_FILE"; elif [ -f .attrs.sh ]; then . .attrs.sh; fi source $stdenv/setup genericBuild diff --git a/pkgs/stdenv/generic/make-derivation.nix b/pkgs/stdenv/generic/make-derivation.nix index 1412d224a84..63d02c8f085 100644 --- a/pkgs/stdenv/generic/make-derivation.nix +++ b/pkgs/stdenv/generic/make-derivation.nix @@ -3,6 +3,43 @@ stdenv: let + # Lib attributes are inherited to the lexical scope for performance reasons. + inherit (lib) + any + assertMsg + attrNames + boolToString + chooseDevOutputs + concatLists + concatMap + concatMapStrings + concatStringsSep + elem + elemAt + extendDerivation + filter + findFirst + flip + head + imap1 + isAttrs + isBool + isDerivation + isInt + isList + isString + mapAttrs + mapNullable + optional + optionalAttrs + optionalString + optionals + remove + splitString + subtractLists + unique + ; + checkMeta = import ./check-meta.nix { inherit lib config; # Nix itself uses the `system` field of a derivation to decide where @@ -115,7 +152,7 @@ let # Including it then would cause needless mass rebuilds. # # TODO(@Ericson2314): Make [ "build" "host" ] always the default / resolve #87909 - configurePlatforms ? lib.optionals + configurePlatforms ? optionals (stdenv.hostPlatform != stdenv.buildPlatform || config.configurePlatformsByDefault) [ "build" "host" ] @@ -165,6 +202,17 @@ let , ... } @ attrs: +# Policy on acceptable hash types in nixpkgs +assert attrs ? outputHash -> ( + let algo = + attrs.outputHashAlgo or (head (splitString "-" attrs.outputHash)); + in + if algo == "md5" then + throw "Rejected insecure ${algo} hash '${attrs.outputHash}'" + else + true +); + let # TODO(@oxij, @Ericson2314): This is here to keep the old semantics, remove when # no package has `doCheck = true`. @@ -172,12 +220,12 @@ let doInstallCheck' = doInstallCheck && stdenv.buildPlatform.canExecute stdenv.hostPlatform; separateDebugInfo' = separateDebugInfo && stdenv.hostPlatform.isLinux; - outputs' = outputs ++ lib.optional separateDebugInfo' "debug"; + outputs' = outputs ++ optional separateDebugInfo' "debug"; # Turn a derivation into its outPath without a string context attached. # See the comment at the usage site. unsafeDerivationToUntrackedOutpath = drv: - if lib.isDerivation drv + if isDerivation drv then builtins.unsafeDiscardStringContext drv.outPath else drv; @@ -187,9 +235,9 @@ let ++ depsTargetTarget ++ depsTargetTargetPropagated) == 0; dontAddHostSuffix = attrs ? outputHash && !noNonNativeDeps || !stdenv.hasCC; - hardeningDisable' = if lib.any (x: x == "fortify") hardeningDisable + hardeningDisable' = if any (x: x == "fortify") hardeningDisable # disabling fortify implies fortify3 should also be disabled - then lib.unique (hardeningDisable ++ [ "fortify3" ]) + then unique (hardeningDisable ++ [ "fortify3" ]) else hardeningDisable; supportedHardeningFlags = [ "fortify" "fortify3" "stackprotector" "pie" "pic" "strictoverflow" "format" "relro" "bindnow" ]; # Musl-based platforms will keep "pie", other platforms will not. @@ -201,19 +249,19 @@ let # - static armv7l, where compilation fails. !(stdenv.hostPlatform.isAarch && stdenv.hostPlatform.isStatic) then supportedHardeningFlags - else lib.remove "pie" supportedHardeningFlags; + else remove "pie" supportedHardeningFlags; enabledHardeningOptions = if builtins.elem "all" hardeningDisable' then [] - else lib.subtractLists hardeningDisable' (defaultHardeningFlags ++ hardeningEnable); + else subtractLists hardeningDisable' (defaultHardeningFlags ++ hardeningEnable); # hardeningDisable additionally supports "all". - erroneousHardeningFlags = lib.subtractLists supportedHardeningFlags (hardeningEnable ++ lib.remove "all" hardeningDisable); + erroneousHardeningFlags = subtractLists supportedHardeningFlags (hardeningEnable ++ remove "all" hardeningDisable); checkDependencyList = checkDependencyList' []; - checkDependencyList' = positions: name: deps: lib.flip lib.imap1 deps (index: dep: - if lib.isDerivation dep || dep == null || builtins.isString dep || builtins.isPath dep then dep - else if lib.isList dep then checkDependencyList' ([index] ++ positions) name dep - else throw "Dependency is not of a valid type: ${lib.concatMapStrings (ix: "element ${toString ix} of ") ([index] ++ positions)}${name} for ${attrs.name or attrs.pname}"); + checkDependencyList' = positions: name: deps: flip imap1 deps (index: dep: + if isDerivation dep || dep == null || builtins.isString dep || builtins.isPath dep then dep + else if isList dep then checkDependencyList' ([index] ++ positions) name dep + else throw "Dependency is not of a valid type: ${concatMapStrings (ix: "element ${toString ix} of ") ([index] ++ positions)}${name} for ${attrs.name or attrs.pname}"); in if builtins.length erroneousHardeningFlags != 0 then abort ("mkDerivation was called with unsupported hardening flags: " + lib.generators.toPretty {} { inherit erroneousHardeningFlags hardeningDisable hardeningEnable supportedHardeningFlags; @@ -222,20 +270,20 @@ else let doCheck = doCheck'; doInstallCheck = doInstallCheck'; buildInputs' = buildInputs - ++ lib.optionals doCheck checkInputs - ++ lib.optionals doInstallCheck installCheckInputs; + ++ optionals doCheck checkInputs + ++ optionals doInstallCheck installCheckInputs; nativeBuildInputs' = nativeBuildInputs - ++ lib.optional separateDebugInfo' ../../build-support/setup-hooks/separate-debug-info.sh - ++ lib.optional stdenv.hostPlatform.isWindows ../../build-support/setup-hooks/win-dll-link.sh - ++ lib.optionals doCheck nativeCheckInputs - ++ lib.optionals doInstallCheck nativeInstallCheckInputs; + ++ optional separateDebugInfo' ../../build-support/setup-hooks/separate-debug-info.sh + ++ optional stdenv.hostPlatform.isWindows ../../build-support/setup-hooks/win-dll-link.sh + ++ optionals doCheck nativeCheckInputs + ++ optionals doInstallCheck nativeInstallCheckInputs; outputs = outputs'; references = nativeBuildInputs ++ buildInputs ++ propagatedNativeBuildInputs ++ propagatedBuildInputs; - dependencies = map (map lib.chooseDevOutputs) [ + dependencies = map (map chooseDevOutputs) [ [ (map (drv: drv.__spliced.buildBuild or drv) (checkDependencyList "depsBuildBuild" depsBuildBuild)) (map (drv: drv.__spliced.buildHost or drv) (checkDependencyList "nativeBuildInputs" nativeBuildInputs')) @@ -249,7 +297,7 @@ else let (map (drv: drv.__spliced.targetTarget or drv) (checkDependencyList "depsTargetTarget" depsTargetTarget)) ] ]; - propagatedDependencies = map (map lib.chooseDevOutputs) [ + propagatedDependencies = map (map chooseDevOutputs) [ [ (map (drv: drv.__spliced.buildBuild or drv) (checkDependencyList "depsBuildBuildPropagated" depsBuildBuildPropagated)) (map (drv: drv.__spliced.buildHost or drv) (checkDependencyList "propagatedNativeBuildInputs" propagatedNativeBuildInputs)) @@ -265,26 +313,26 @@ else let ]; computedSandboxProfile = - lib.concatMap (input: input.__propagatedSandboxProfile or []) + concatMap (input: input.__propagatedSandboxProfile or []) (stdenv.extraNativeBuildInputs ++ stdenv.extraBuildInputs - ++ lib.concatLists dependencies); + ++ concatLists dependencies); computedPropagatedSandboxProfile = - lib.concatMap (input: input.__propagatedSandboxProfile or []) - (lib.concatLists propagatedDependencies); + concatMap (input: input.__propagatedSandboxProfile or []) + (concatLists propagatedDependencies); computedImpureHostDeps = - lib.unique (lib.concatMap (input: input.__propagatedImpureHostDeps or []) + unique (concatMap (input: input.__propagatedImpureHostDeps or []) (stdenv.extraNativeBuildInputs ++ stdenv.extraBuildInputs - ++ lib.concatLists dependencies)); + ++ concatLists dependencies)); computedPropagatedImpureHostDeps = - lib.unique (lib.concatMap (input: input.__propagatedImpureHostDeps or []) - (lib.concatLists propagatedDependencies)); + unique (concatMap (input: input.__propagatedImpureHostDeps or []) + (concatLists propagatedDependencies)); - envIsExportable = lib.isAttrs env && !lib.isDerivation env; + envIsExportable = isAttrs env && !isDerivation env; derivationArg = (removeAttrs attrs @@ -295,8 +343,8 @@ else let "__darwinAllowLocalNetworking" "__impureHostDeps" "__propagatedImpureHostDeps" "sandboxProfile" "propagatedSandboxProfile"] - ++ lib.optional (__structuredAttrs || envIsExportable) "env")) - // (lib.optionalAttrs (attrs ? name || (attrs ? pname && attrs ? version)) { + ++ optional (__structuredAttrs || envIsExportable) "env")) + // (optionalAttrs (attrs ? name || (attrs ? pname && attrs ? version)) { name = let # Indicate the host platform of the derivation if cross compiling. @@ -304,7 +352,7 @@ else let # suffix. But we have some weird ones with run-time deps that are # just used for their side-affects. Those might as well since the # hash can't be the same. See #32986. - hostSuffix = lib.optionalString + hostSuffix = optionalString (stdenv.hostPlatform != stdenv.buildPlatform && !dontAddHostSuffix) "-${stdenv.hostPlatform.config}"; @@ -313,17 +361,17 @@ else let # nix and nixStatic. This should be also achieved by moving the # hostSuffix before the version, so we could contemplate removing # it again. - staticMarker = lib.optionalString stdenv.hostPlatform.isStatic "-static"; + staticMarker = optionalString stdenv.hostPlatform.isStatic "-static"; in lib.strings.sanitizeDerivationName ( if attrs ? name then attrs.name + hostSuffix else # we cannot coerce null to a string below - assert lib.assertMsg (attrs ? version && attrs.version != null) "The ‘version’ attribute cannot be null."; + assert assertMsg (attrs ? version && attrs.version != null) "The ‘version’ attribute cannot be null."; "${attrs.pname}${staticMarker}${hostSuffix}-${attrs.version}" ); - }) // lib.optionalAttrs __structuredAttrs { env = checkedEnv; } // { + }) // optionalAttrs __structuredAttrs { env = checkedEnv; } // { builder = attrs.realBuilder or stdenv.shell; args = attrs.args or ["-e" (attrs.builder or ./default-builder.sh)]; inherit stdenv; @@ -340,22 +388,22 @@ else let __ignoreNulls = true; inherit __structuredAttrs strictDeps; - depsBuildBuild = lib.elemAt (lib.elemAt dependencies 0) 0; - nativeBuildInputs = lib.elemAt (lib.elemAt dependencies 0) 1; - depsBuildTarget = lib.elemAt (lib.elemAt dependencies 0) 2; - depsHostHost = lib.elemAt (lib.elemAt dependencies 1) 0; - buildInputs = lib.elemAt (lib.elemAt dependencies 1) 1; - depsTargetTarget = lib.elemAt (lib.elemAt dependencies 2) 0; + depsBuildBuild = elemAt (elemAt dependencies 0) 0; + nativeBuildInputs = elemAt (elemAt dependencies 0) 1; + depsBuildTarget = elemAt (elemAt dependencies 0) 2; + depsHostHost = elemAt (elemAt dependencies 1) 0; + buildInputs = elemAt (elemAt dependencies 1) 1; + depsTargetTarget = elemAt (elemAt dependencies 2) 0; - depsBuildBuildPropagated = lib.elemAt (lib.elemAt propagatedDependencies 0) 0; - propagatedNativeBuildInputs = lib.elemAt (lib.elemAt propagatedDependencies 0) 1; - depsBuildTargetPropagated = lib.elemAt (lib.elemAt propagatedDependencies 0) 2; - depsHostHostPropagated = lib.elemAt (lib.elemAt propagatedDependencies 1) 0; - propagatedBuildInputs = lib.elemAt (lib.elemAt propagatedDependencies 1) 1; - depsTargetTargetPropagated = lib.elemAt (lib.elemAt propagatedDependencies 2) 0; + depsBuildBuildPropagated = elemAt (elemAt propagatedDependencies 0) 0; + propagatedNativeBuildInputs = elemAt (elemAt propagatedDependencies 0) 1; + depsBuildTargetPropagated = elemAt (elemAt propagatedDependencies 0) 2; + depsHostHostPropagated = elemAt (elemAt propagatedDependencies 1) 0; + propagatedBuildInputs = elemAt (elemAt propagatedDependencies 1) 1; + depsTargetTargetPropagated = elemAt (elemAt propagatedDependencies 2) 0; # This parameter is sometimes a string, sometimes null, and sometimes a list, yuck - configureFlags = let inherit (lib) optional elem; in + configureFlags = configureFlags ++ optional (elem "build" configurePlatforms) "--build=${stdenv.buildPlatform.config}" ++ optional (elem "host" configurePlatforms) "--host=${stdenv.hostPlatform.config}" @@ -363,51 +411,77 @@ else let cmakeFlags = cmakeFlags - ++ lib.optionals (stdenv.hostPlatform != stdenv.buildPlatform) ([ - "-DCMAKE_SYSTEM_NAME=${lib.findFirst lib.isString "Generic" (lib.optional (!stdenv.hostPlatform.isRedox) stdenv.hostPlatform.uname.system)}" - ] ++ lib.optionals (stdenv.hostPlatform.uname.processor != null) [ + ++ optionals (stdenv.hostPlatform != stdenv.buildPlatform) ([ + "-DCMAKE_SYSTEM_NAME=${findFirst isString "Generic" (optional (!stdenv.hostPlatform.isRedox) stdenv.hostPlatform.uname.system)}" + ] ++ optionals (stdenv.hostPlatform.uname.processor != null) [ "-DCMAKE_SYSTEM_PROCESSOR=${stdenv.hostPlatform.uname.processor}" - ] ++ lib.optionals (stdenv.hostPlatform.uname.release != null) [ + ] ++ optionals (stdenv.hostPlatform.uname.release != null) [ "-DCMAKE_SYSTEM_VERSION=${stdenv.hostPlatform.uname.release}" - ] ++ lib.optionals (stdenv.hostPlatform.isDarwin) [ + ] ++ optionals (stdenv.hostPlatform.isDarwin) [ "-DCMAKE_OSX_ARCHITECTURES=${stdenv.hostPlatform.darwinArch}" - ] ++ lib.optionals (stdenv.buildPlatform.uname.system != null) [ + ] ++ optionals (stdenv.buildPlatform.uname.system != null) [ "-DCMAKE_HOST_SYSTEM_NAME=${stdenv.buildPlatform.uname.system}" - ] ++ lib.optionals (stdenv.buildPlatform.uname.processor != null) [ + ] ++ optionals (stdenv.buildPlatform.uname.processor != null) [ "-DCMAKE_HOST_SYSTEM_PROCESSOR=${stdenv.buildPlatform.uname.processor}" - ] ++ lib.optionals (stdenv.buildPlatform.uname.release != null) [ + ] ++ optionals (stdenv.buildPlatform.uname.release != null) [ "-DCMAKE_HOST_SYSTEM_VERSION=${stdenv.buildPlatform.uname.release}" - ] ++ lib.optionals (stdenv.buildPlatform.canExecute stdenv.hostPlatform) [ + ] ++ optionals (stdenv.buildPlatform.canExecute stdenv.hostPlatform) [ "-DCMAKE_CROSSCOMPILING_EMULATOR=env" ]); + mesonFlags = + let + # See https://mesonbuild.com/Reference-tables.html#cpu-families + cpuFamily = platform: with platform; + /**/ if isAarch32 then "arm" + else if isx86_32 then "x86" + else platform.uname.processor; + + crossFile = builtins.toFile "cross-file.conf" '' + [properties] + bindgen_clang_arguments = ['-target', '${stdenv.targetPlatform.config}'] + needs_exe_wrapper = ${boolToString (!stdenv.buildPlatform.canExecute stdenv.hostPlatform)} + + [host_machine] + system = '${stdenv.targetPlatform.parsed.kernel.name}' + cpu_family = '${cpuFamily stdenv.targetPlatform}' + cpu = '${stdenv.targetPlatform.parsed.cpu.name}' + endian = ${if stdenv.targetPlatform.isLittleEndian then "'little'" else "'big'"} + + [binaries] + llvm-config = 'llvm-config-native' + rust = ['rustc', '--target', '${stdenv.targetPlatform.rust.rustcTargetSpec}'] + ''; + crossFlags = optionals (stdenv.hostPlatform != stdenv.buildPlatform) [ "--cross-file=${crossFile}" ]; + in crossFlags ++ mesonFlags; + inherit patches; inherit doCheck doInstallCheck; inherit outputs; - } // lib.optionalAttrs (__contentAddressed) { + } // optionalAttrs (__contentAddressed) { inherit __contentAddressed; # Provide default values for outputHashMode and outputHashAlgo because # most people won't care about these anyways outputHashAlgo = attrs.outputHashAlgo or "sha256"; outputHashMode = attrs.outputHashMode or "recursive"; - } // lib.optionalAttrs (enableParallelBuilding) { + } // optionalAttrs (enableParallelBuilding) { inherit enableParallelBuilding; enableParallelChecking = attrs.enableParallelChecking or true; enableParallelInstalling = attrs.enableParallelInstalling or true; - } // lib.optionalAttrs (hardeningDisable != [] || hardeningEnable != [] || stdenv.hostPlatform.isMusl) { + } // optionalAttrs (hardeningDisable != [] || hardeningEnable != [] || stdenv.hostPlatform.isMusl) { NIX_HARDENING_ENABLE = enabledHardeningOptions; - } // lib.optionalAttrs (stdenv.hostPlatform.isx86_64 && stdenv.hostPlatform ? gcc.arch) { + } // optionalAttrs (stdenv.hostPlatform.isx86_64 && stdenv.hostPlatform ? gcc.arch) { requiredSystemFeatures = attrs.requiredSystemFeatures or [] ++ [ "gccarch-${stdenv.hostPlatform.gcc.arch}" ]; - } // lib.optionalAttrs (stdenv.buildPlatform.isDarwin) { + } // optionalAttrs (stdenv.buildPlatform.isDarwin) { inherit __darwinAllowLocalNetworking; - # TODO: remove lib.unique once nix has a list canonicalization primitive + # TODO: remove `unique` once nix has a list canonicalization primitive __sandboxProfile = let profiles = [ stdenv.extraSandboxProfile ] ++ computedSandboxProfile ++ computedPropagatedSandboxProfile ++ [ propagatedSandboxProfile sandboxProfile ]; - final = lib.concatStringsSep "\n" (lib.filter (x: x != "") (lib.unique profiles)); + final = concatStringsSep "\n" (filter (x: x != "") (unique profiles)); in final; - __propagatedSandboxProfile = lib.unique (computedPropagatedSandboxProfile ++ [ propagatedSandboxProfile ]); + __propagatedSandboxProfile = unique (computedPropagatedSandboxProfile ++ [ propagatedSandboxProfile ]); __impureHostDeps = computedImpureHostDeps ++ computedPropagatedImpureHostDeps ++ __propagatedImpureHostDeps ++ __impureHostDeps ++ stdenv.__extraImpureHostDeps ++ [ "/dev/zero" "/dev/random" @@ -434,21 +508,21 @@ else let # to be built eventually, we would still like to get the error early and without # having to wait while nix builds a derivation that might not be used. # See also https://github.com/NixOS/nix/issues/4629 - lib.optionalAttrs (attrs ? disallowedReferences) { + optionalAttrs (attrs ? disallowedReferences) { disallowedReferences = map unsafeDerivationToUntrackedOutpath attrs.disallowedReferences; } // - lib.optionalAttrs (attrs ? disallowedRequisites) { + optionalAttrs (attrs ? disallowedRequisites) { disallowedRequisites = map unsafeDerivationToUntrackedOutpath attrs.disallowedRequisites; } // - lib.optionalAttrs (attrs ? allowedReferences) { + optionalAttrs (attrs ? allowedReferences) { allowedReferences = - lib.mapNullable unsafeDerivationToUntrackedOutpath attrs.allowedReferences; + mapNullable unsafeDerivationToUntrackedOutpath attrs.allowedReferences; } // - lib.optionalAttrs (attrs ? allowedRequisites) { + optionalAttrs (attrs ? allowedRequisites) { allowedRequisites = - lib.mapNullable unsafeDerivationToUntrackedOutpath attrs.allowedRequisites; + mapNullable unsafeDerivationToUntrackedOutpath attrs.allowedRequisites; }; meta = checkMeta.commonMeta { inherit validity attrs pos references; }; @@ -456,20 +530,20 @@ else let checkedEnv = let - overlappingNames = lib.attrNames (builtins.intersectAttrs env derivationArg); + overlappingNames = attrNames (builtins.intersectAttrs env derivationArg); in - assert lib.assertMsg envIsExportable + assert assertMsg envIsExportable "When using structured attributes, `env` must be an attribute set of environment variables."; - assert lib.assertMsg (overlappingNames == [ ]) - "The ‘env’ attribute set cannot contain any attributes passed to derivation. The following attributes are overlapping: ${lib.concatStringsSep ", " overlappingNames}"; - lib.mapAttrs - (n: v: assert lib.assertMsg (lib.isString v || lib.isBool v || lib.isInt v || lib.isDerivation v) + assert assertMsg (overlappingNames == [ ]) + "The ‘env’ attribute set cannot contain any attributes passed to derivation. The following attributes are overlapping: ${concatStringsSep ", " overlappingNames}"; + mapAttrs + (n: v: assert assertMsg (isString v || isBool v || isInt v || isDerivation v) "The ‘env’ attribute set can only contain derivation, string, boolean or integer attributes. The ‘${n}’ attribute is of type ${builtins.typeOf v}."; v) env; in -lib.extendDerivation +extendDerivation validity.handled ({ # A derivation that always builds successfully and whose runtime @@ -518,7 +592,7 @@ lib.extendDerivation # should be made available to Nix expressions using the # derivation (e.g., in assertions). passthru) - (derivation (derivationArg // lib.optionalAttrs envIsExportable checkedEnv)); + (derivation (derivationArg // optionalAttrs envIsExportable checkedEnv)); in fnOrAttrs: diff --git a/pkgs/stdenv/generic/setup.sh b/pkgs/stdenv/generic/setup.sh index ad9857fc9d6..37c10fb2957 100644 --- a/pkgs/stdenv/generic/setup.sh +++ b/pkgs/stdenv/generic/setup.sh @@ -16,29 +16,15 @@ if (( "${NIX_DEBUG:-0}" >= 6 )); then set -x fi -if [ -f .attrs.sh ]; then +if [ -f .attrs.sh ] || [[ -n "${NIX_ATTRS_JSON_FILE:-}" ]]; then __structuredAttrs=1 echo "structuredAttrs is enabled" -else - __structuredAttrs= -fi -if [ -n "$__structuredAttrs" ]; then for outputName in "${!outputs[@]}"; do # ex: out=/nix/store/... export "$outputName=${outputs[$outputName]}" done - # Before Nix 2.4, $NIX_ATTRS_*_FILE was named differently: - # https://github.com/NixOS/nix/commit/27ce722 - if [[ -n "${ATTRS_JSON_FILE:-}" ]]; then - export NIX_ATTRS_JSON_FILE="$ATTRS_JSON_FILE" - fi - - if [[ -n "${ATTRS_SH_FILE:-}" ]]; then - export NIX_ATTRS_SH_FILE="$ATTRS_SH_FILE" - fi - # $NIX_ATTRS_JSON_FILE pointed to the wrong location in sandbox # https://github.com/NixOS/nix/issues/6736; please keep around until the # fix reaches *every patch version* that's >= lib/minver.nix @@ -49,6 +35,7 @@ if [ -n "$__structuredAttrs" ]; then export NIX_ATTRS_SH_FILE="$NIX_BUILD_TOP/.attrs.sh" fi else + __structuredAttrs= : "${outputs:=out}" fi @@ -1539,6 +1526,44 @@ showPhaseFooter() { } +runPhase() { + local curPhase="$*" + if [[ "$curPhase" = unpackPhase && -n "${dontUnpack:-}" ]]; then return; fi + if [[ "$curPhase" = patchPhase && -n "${dontPatch:-}" ]]; then return; fi + if [[ "$curPhase" = configurePhase && -n "${dontConfigure:-}" ]]; then return; fi + if [[ "$curPhase" = buildPhase && -n "${dontBuild:-}" ]]; then return; fi + if [[ "$curPhase" = checkPhase && -z "${doCheck:-}" ]]; then return; fi + if [[ "$curPhase" = installPhase && -n "${dontInstall:-}" ]]; then return; fi + if [[ "$curPhase" = fixupPhase && -n "${dontFixup:-}" ]]; then return; fi + if [[ "$curPhase" = installCheckPhase && -z "${doInstallCheck:-}" ]]; then return; fi + if [[ "$curPhase" = distPhase && -z "${doDist:-}" ]]; then return; fi + + if [[ -n $NIX_LOG_FD ]]; then + echo "@nix { \"action\": \"setPhase\", \"phase\": \"$curPhase\" }" >&"$NIX_LOG_FD" + fi + + showPhaseHeader "$curPhase" + dumpVars + + local startTime=$(date +"%s") + + # Evaluate the variable named $curPhase if it exists, otherwise the + # function named $curPhase. + eval "${!curPhase:-$curPhase}" + + local endTime=$(date +"%s") + + showPhaseFooter "$curPhase" "$startTime" "$endTime" + + if [ "$curPhase" = unpackPhase ]; then + # make sure we can cd into the directory + [ -n "${sourceRoot:-}" ] && chmod +x "${sourceRoot}" + + cd "${sourceRoot:-.}" + fi +} + + genericBuild() { # variable used by our gzip wrapper to add -n. # gzip is in common-path.nix and is added to nix-shell but we only want to change its behaviour in nix builds. do not move to a setupHook in gzip. @@ -1565,39 +1590,7 @@ genericBuild() { # phase name is space-free, which it must be because it's the name # of either a shell variable or a shell function. for curPhase in ${phases[*]}; do - if [[ "$curPhase" = unpackPhase && -n "${dontUnpack:-}" ]]; then continue; fi - if [[ "$curPhase" = patchPhase && -n "${dontPatch:-}" ]]; then continue; fi - if [[ "$curPhase" = configurePhase && -n "${dontConfigure:-}" ]]; then continue; fi - if [[ "$curPhase" = buildPhase && -n "${dontBuild:-}" ]]; then continue; fi - if [[ "$curPhase" = checkPhase && -z "${doCheck:-}" ]]; then continue; fi - if [[ "$curPhase" = installPhase && -n "${dontInstall:-}" ]]; then continue; fi - if [[ "$curPhase" = fixupPhase && -n "${dontFixup:-}" ]]; then continue; fi - if [[ "$curPhase" = installCheckPhase && -z "${doInstallCheck:-}" ]]; then continue; fi - if [[ "$curPhase" = distPhase && -z "${doDist:-}" ]]; then continue; fi - - if [[ -n $NIX_LOG_FD ]]; then - echo "@nix { \"action\": \"setPhase\", \"phase\": \"$curPhase\" }" >&"$NIX_LOG_FD" - fi - - showPhaseHeader "$curPhase" - dumpVars - - local startTime=$(date +"%s") - - # Evaluate the variable named $curPhase if it exists, otherwise the - # function named $curPhase. - eval "${!curPhase:-$curPhase}" - - local endTime=$(date +"%s") - - showPhaseFooter "$curPhase" "$startTime" "$endTime" - - if [ "$curPhase" = unpackPhase ]; then - # make sure we can cd into the directory - [ -n "${sourceRoot:-}" ] && chmod +x "${sourceRoot}" - - cd "${sourceRoot:-.}" - fi + runPhase "$curPhase" done } diff --git a/pkgs/stdenv/linux/bootstrap-files/aarch64.nix b/pkgs/stdenv/linux/bootstrap-files/aarch64-unknown-linux-gnu.nix index 6719e7ca307..6719e7ca307 100644 --- a/pkgs/stdenv/linux/bootstrap-files/aarch64.nix +++ b/pkgs/stdenv/linux/bootstrap-files/aarch64-unknown-linux-gnu.nix diff --git a/pkgs/stdenv/linux/bootstrap-files/aarch64-musl.nix b/pkgs/stdenv/linux/bootstrap-files/aarch64-unknown-linux-musl.nix index 252783cce47..252783cce47 100644 --- a/pkgs/stdenv/linux/bootstrap-files/aarch64-musl.nix +++ b/pkgs/stdenv/linux/bootstrap-files/aarch64-unknown-linux-musl.nix diff --git a/pkgs/stdenv/linux/bootstrap-files/armv5tel.nix b/pkgs/stdenv/linux/bootstrap-files/armv5tel-unknown-linux-gnueabi.nix index 0ac818b9f22..0ac818b9f22 100644 --- a/pkgs/stdenv/linux/bootstrap-files/armv5tel.nix +++ b/pkgs/stdenv/linux/bootstrap-files/armv5tel-unknown-linux-gnueabi.nix diff --git a/pkgs/stdenv/linux/bootstrap-files/armv6l.nix b/pkgs/stdenv/linux/bootstrap-files/armv6l-unknown-linux-gnueabihf.nix index 8bc99c64c68..8bc99c64c68 100644 --- a/pkgs/stdenv/linux/bootstrap-files/armv6l.nix +++ b/pkgs/stdenv/linux/bootstrap-files/armv6l-unknown-linux-gnueabihf.nix diff --git a/pkgs/stdenv/linux/bootstrap-files/armv6l-musl.nix b/pkgs/stdenv/linux/bootstrap-files/armv6l-unknown-linux-musleabihf.nix index e445a7bba4d..e445a7bba4d 100644 --- a/pkgs/stdenv/linux/bootstrap-files/armv6l-musl.nix +++ b/pkgs/stdenv/linux/bootstrap-files/armv6l-unknown-linux-musleabihf.nix diff --git a/pkgs/stdenv/linux/bootstrap-files/armv7l.nix b/pkgs/stdenv/linux/bootstrap-files/armv7l-unknown-linux-gnueabihf.nix index 74d15845223..74d15845223 100644 --- a/pkgs/stdenv/linux/bootstrap-files/armv7l.nix +++ b/pkgs/stdenv/linux/bootstrap-files/armv7l-unknown-linux-gnueabihf.nix diff --git a/pkgs/stdenv/linux/bootstrap-files/i686.nix b/pkgs/stdenv/linux/bootstrap-files/i686-unknown-linux-gnu.nix index 112d37670c8..112d37670c8 100644 --- a/pkgs/stdenv/linux/bootstrap-files/i686.nix +++ b/pkgs/stdenv/linux/bootstrap-files/i686-unknown-linux-gnu.nix diff --git a/pkgs/stdenv/linux/bootstrap-files/loongson2f.nix b/pkgs/stdenv/linux/bootstrap-files/loongson2f.nix deleted file mode 100644 index 8e22a274974..00000000000 --- a/pkgs/stdenv/linux/bootstrap-files/loongson2f.nix +++ /dev/null @@ -1,44 +0,0 @@ -let - - fetch = { file, sha256 }: import <nix/fetchurl.nix> { - url = "http://tarballs.nixos.org/stdenv-linux/loongson2f/r22849/${file}"; - inherit sha256; - executable = true; - }; - -in { - sh = fetch { - file = "sh"; - sha256 = "02jjl49wdq85pgh61aqf78yaknn9mi3rcspbpk7hs9c4mida2rhf"; - }; - - bzip2 = fetch { - file = "bzip2"; - sha256 = "1qn27y3amj9c6mnjk2kyb59y0d2w4yv16z9apaxx91hyq19gf29z"; - }; - - mkdir = fetch { - file = "mkdir"; - sha256 = "1vbp2bv9hkyb2fwl8hjrffpywn1wrl1kc4yrwi2lirawlnc6kymh"; - }; - - cpio = fetch { - file = "cpio"; - sha256 = "0mqxwdx0sl7skxx6049mk35l7d0fnibqsv174284kdp4p7iixwa0"; - }; - - ln = fetch { - file = "ln"; - sha256 = "05lwx8qvga3yv8xhs8bjgsfygsfrcxsfck0lxw6gsdckx25fgi7s"; - }; - - curl = fetch { - file = "curl.bz2"; - sha256 = "0iblnz4my54gryac04i64fn3ksi9g3dx96yjq93fj39z6kx6151c"; - }; - - bootstrapTools = { - url = "http://tarballs.nixos.org/stdenv-linux/loongson2f/r22849/cross-bootstrap-tools.cpio.bz2"; - sha256 = "00aavbk76qjj2gdlmpaaj66r8nzl4d7pyl8cv1gigyzgpbr5vv3j"; - }; -} diff --git a/pkgs/stdenv/linux/bootstrap-files/mips64el.nix b/pkgs/stdenv/linux/bootstrap-files/mips64el-unknown-linux-gnuabi64.nix index 452a247fb0b..452a247fb0b 100644 --- a/pkgs/stdenv/linux/bootstrap-files/mips64el.nix +++ b/pkgs/stdenv/linux/bootstrap-files/mips64el-unknown-linux-gnuabi64.nix diff --git a/pkgs/stdenv/linux/bootstrap-files/mips64el-n32.nix b/pkgs/stdenv/linux/bootstrap-files/mips64el-unknown-linux-gnuabin32.nix index cf26c2113ec..cf26c2113ec 100644 --- a/pkgs/stdenv/linux/bootstrap-files/mips64el-n32.nix +++ b/pkgs/stdenv/linux/bootstrap-files/mips64el-unknown-linux-gnuabin32.nix diff --git a/pkgs/stdenv/linux/bootstrap-files/mipsel.nix b/pkgs/stdenv/linux/bootstrap-files/mipsel-unknown-linux-gnu.nix index 42f2e871d92..42f2e871d92 100644 --- a/pkgs/stdenv/linux/bootstrap-files/mipsel.nix +++ b/pkgs/stdenv/linux/bootstrap-files/mipsel-unknown-linux-gnu.nix diff --git a/pkgs/stdenv/linux/bootstrap-files/powerpc64le.nix b/pkgs/stdenv/linux/bootstrap-files/powerpc64le-unknown-linux-gnu.nix index c35cb9b102c..c35cb9b102c 100644 --- a/pkgs/stdenv/linux/bootstrap-files/powerpc64le.nix +++ b/pkgs/stdenv/linux/bootstrap-files/powerpc64le-unknown-linux-gnu.nix diff --git a/pkgs/stdenv/linux/bootstrap-files/riscv64.nix b/pkgs/stdenv/linux/bootstrap-files/riscv64-unknown-linux-gnu.nix index aaf1f153c78..aaf1f153c78 100644 --- a/pkgs/stdenv/linux/bootstrap-files/riscv64.nix +++ b/pkgs/stdenv/linux/bootstrap-files/riscv64-unknown-linux-gnu.nix diff --git a/pkgs/stdenv/linux/bootstrap-files/x86_64.nix b/pkgs/stdenv/linux/bootstrap-files/x86_64-unknown-linux-gnu.nix index bdfa98c89cb..1eefa4f3d6d 100644 --- a/pkgs/stdenv/linux/bootstrap-files/x86_64.nix +++ b/pkgs/stdenv/linux/bootstrap-files/x86_64-unknown-linux-gnu.nix @@ -1,5 +1,5 @@ # Use busybox for i686-linux since it works on x86_64-linux as well. -(import ./i686.nix) // +(import ./i686-unknown-linux-gnu.nix) // { bootstrapTools = import <nix/fetchurl.nix> { diff --git a/pkgs/stdenv/linux/bootstrap-files/x86_64-musl.nix b/pkgs/stdenv/linux/bootstrap-files/x86_64-unknown-linux-musl.nix index 98a65bd7764..98a65bd7764 100644 --- a/pkgs/stdenv/linux/bootstrap-files/x86_64-musl.nix +++ b/pkgs/stdenv/linux/bootstrap-files/x86_64-unknown-linux-musl.nix diff --git a/pkgs/stdenv/linux/default.nix b/pkgs/stdenv/linux/default.nix index 34fffd36aa6..35cdb6311df 100644 --- a/pkgs/stdenv/linux/default.nix +++ b/pkgs/stdenv/linux/default.nix @@ -59,24 +59,24 @@ , bootstrapFiles ? let table = { glibc = { - i686-linux = import ./bootstrap-files/i686.nix; - x86_64-linux = import ./bootstrap-files/x86_64.nix; - armv5tel-linux = import ./bootstrap-files/armv5tel.nix; - armv6l-linux = import ./bootstrap-files/armv6l.nix; - armv7l-linux = import ./bootstrap-files/armv7l.nix; - aarch64-linux = import ./bootstrap-files/aarch64.nix; - mipsel-linux = import ./bootstrap-files/mipsel.nix; + i686-linux = import ./bootstrap-files/i686-unknown-linux-gnu.nix; + x86_64-linux = import ./bootstrap-files/x86_64-unknown-linux-gnu.nix; + armv5tel-linux = import ./bootstrap-files/armv5tel-unknown-linux-gnueabi.nix; + armv6l-linux = import ./bootstrap-files/armv6l-unknown-linux-gnueabihf.nix; + armv7l-linux = import ./bootstrap-files/armv7l-unknown-linux-gnueabihf.nix; + aarch64-linux = import ./bootstrap-files/aarch64-unknown-linux-gnu.nix; + mipsel-linux = import ./bootstrap-files/mipsel-unknown-linux-gnu.nix; mips64el-linux = import (if localSystem.isMips64n32 - then ./bootstrap-files/mips64el-n32.nix - else ./bootstrap-files/mips64el.nix); - powerpc64le-linux = import ./bootstrap-files/powerpc64le.nix; - riscv64-linux = import ./bootstrap-files/riscv64.nix; + then ./bootstrap-files/mips64el-unknown-linux-gnuabin32.nix + else ./bootstrap-files/mips64el-unknown-linux-gnuabi64.nix); + powerpc64le-linux = import ./bootstrap-files/powerpc64le-unknown-linux-gnu.nix; + riscv64-linux = import ./bootstrap-files/riscv64-unknown-linux-gnu.nix; }; musl = { - aarch64-linux = import ./bootstrap-files/aarch64-musl.nix; - armv6l-linux = import ./bootstrap-files/armv6l-musl.nix; - x86_64-linux = import ./bootstrap-files/x86_64-musl.nix; + aarch64-linux = import ./bootstrap-files/aarch64-unknown-linux-musl.nix; + armv6l-linux = import ./bootstrap-files/armv6l-unknown-linux-musleabihf.nix; + x86_64-linux = import ./bootstrap-files/x86_64-unknown-linux-musl.nix; }; }; diff --git a/pkgs/stdenv/linux/make-bootstrap-tools-cross.nix b/pkgs/stdenv/linux/make-bootstrap-tools-cross.nix index e67b5aef95c..124575af688 100644 --- a/pkgs/stdenv/linux/make-bootstrap-tools-cross.nix +++ b/pkgs/stdenv/linux/make-bootstrap-tools-cross.nix @@ -12,21 +12,21 @@ let pkgs = releaseLib.pkgsForCross crossSystem system; }; in lib.mapAttrs (n: make) (with lib.systems.examples; { - armv5tel = sheevaplug; - pogoplug4 = pogoplug4; - armv6l = raspberryPi; - armv7l = armv7l-hf-multiplatform; - aarch64 = aarch64-multiplatform; - x86_64-musl = musl64; - armv6l-musl = muslpi; - aarch64-musl = aarch64-multiplatform-musl; - riscv64 = riscv64; - loongarch64-linux = loongarch64-linux; - mips64el-linux-gnuabin32 = mips64el-linux-gnuabin32; - mips64el-linux-gnuabi64 = mips64el-linux-gnuabi64; - mipsel-linux-gnu = mipsel-linux-gnu; - powerpc64 = ppc64; - powerpc64-musl = ppc64-musl; - powerpc64le = powernv; - powerpc64le-musl = musl-power; + # NOTE: Only add platforms for which there are files in `./bootstrap-files`. + # Sort following the sorting in `./default.nix` `bootstrapFiles` argument. + + armv5tel-unknown-linux-gnueabi = sheevaplug; + armv6l-unknown-linux-gnueabihf = raspberryPi; + armv7l-unknown-linux-gnueabihf = armv7l-hf-multiplatform; + aarch64-unknown-linux-gnu = aarch64-multiplatform; + mipsel-unknown-linux-gnu = mipsel-linux-gnu; + mips64el-unknown-linux-gnuabin32 = mips64el-linux-gnuabin32; + mips64el-unknown-linux-gnuabi64 = mips64el-linux-gnuabi64; + powerpc64le-unknown-linux-gnu = powernv; + riscv64-unknown-linux-gnu = riscv64; + + # musl + aarch64-unknown-linux-musl = aarch64-multiplatform-musl; + armv6l-unknown-linux-musleabihf = muslpi; + x86_64-unknown-linux-musl = musl64; }) diff --git a/pkgs/stdenv/linux/make-bootstrap-tools.nix b/pkgs/stdenv/linux/make-bootstrap-tools.nix index d6c4da0ab2b..1334c13ad17 100644 --- a/pkgs/stdenv/linux/make-bootstrap-tools.nix +++ b/pkgs/stdenv/linux/make-bootstrap-tools.nix @@ -78,7 +78,8 @@ in with pkgs; rec { cp -d ${libc.out}/lib/libutil*.so* $out/lib cp -d ${libc.out}/lib/libnss*.so* $out/lib cp -d ${libc.out}/lib/libresolv*.so* $out/lib - cp -d ${libc.out}/lib/crt?.o $out/lib + # Copy all runtime files to enable non-PIE, PIE, static PIE and profile-generated builds + cp -d ${libc.out}/lib/*.o $out/lib # Hacky compat with our current unpack-bootstrap-tools.sh ln -s librt.so "$out"/lib/librt-dummy.so |