diff options
| author | Vladimír Čunát <vcunat@gmail.com> | 2016-01-19 09:55:31 +0100 |
|---|---|---|
| committer | Vladimír Čunát <vcunat@gmail.com> | 2016-01-19 09:55:31 +0100 |
| commit | 716aac2519a7571e7f5fd984a886d579a4a051c5 (patch) | |
| tree | 53cf89cf764d787f4dc8f08474479892b9733177 /pkgs/stdenv/darwin | |
| parent | f8472457a440de3c44f6f604142d678b6ae2a762 (diff) | |
| parent | 53b389327e34de319dc0dbda2b6bcab1a69db69d (diff) | |
| download | nixpkgs-716aac2519a7571e7f5fd984a886d579a4a051c5.tar nixpkgs-716aac2519a7571e7f5fd984a886d579a4a051c5.tar.gz nixpkgs-716aac2519a7571e7f5fd984a886d579a4a051c5.tar.bz2 nixpkgs-716aac2519a7571e7f5fd984a886d579a4a051c5.tar.lz nixpkgs-716aac2519a7571e7f5fd984a886d579a4a051c5.tar.xz nixpkgs-716aac2519a7571e7f5fd984a886d579a4a051c5.tar.zst nixpkgs-716aac2519a7571e7f5fd984a886d579a4a051c5.zip | |
Merge branch 'staging' into closure-size
Diffstat (limited to 'pkgs/stdenv/darwin')
| -rw-r--r-- | pkgs/stdenv/darwin/default.nix | 382 | ||||
| -rw-r--r-- | pkgs/stdenv/darwin/make-bootstrap-tools.nix | 94 | ||||
| -rw-r--r-- | pkgs/stdenv/darwin/standard-sandbox.sb | 72 | ||||
| -rw-r--r-- | pkgs/stdenv/darwin/trivial-bootstrap.sh | 67 |
4 files changed, 398 insertions, 217 deletions
diff --git a/pkgs/stdenv/darwin/default.nix b/pkgs/stdenv/darwin/default.nix index c5634984532..c0c19a64c3c 100644 --- a/pkgs/stdenv/darwin/default.nix +++ b/pkgs/stdenv/darwin/default.nix @@ -1,149 +1,311 @@ -{ system ? builtins.currentSystem -, allPackages ? import ../../top-level/all-packages.nix -, platform ? null -, config ? {} +{ system ? builtins.currentSystem +, allPackages ? import ../../top-level/all-packages.nix +, platform ? null +, config ? {} + +# Allow passing in bootstrap files directly so we can test the stdenv bootstrap process when changing the bootstrap tools +, bootstrapFiles ? let + fetch = { file, sha256, executable ? true }: import <nix/fetchurl.nix> { + url = "http://tarballs.nixos.org/stdenv-darwin/x86_64/4f07c88d467216d9692fefc951deb5cd3c4cc722/${file}"; + inherit sha256 system executable; + }; in { + sh = fetch { file = "sh"; sha256 = "1siix3wakzil31r2cydmh3v8a1nyq4605dwiabqc5lx73j4xzrzi"; }; + bzip2 = fetch { file = "bzip2"; sha256 = "0zvqm977k11b5cl4ixxb5h0ds24g6z0f8m28z4pqxzpa353lqbla"; }; + mkdir = fetch { file = "mkdir"; sha256 = "13frk8lsfgzlb65p9l26cvxf06aag43yjk7vg9msn7ix3v8cmrg1"; }; + cpio = fetch { file = "cpio"; sha256 = "0ms5i9m1vdksj575sf1djwgm7zhnvfrrb44dxnfh9avr793rc2w4"; }; + tarball = fetch { file = "bootstrap-tools.cpio.bz2"; sha256 = "1lz1b0grl4642h6n635xvi6imf0yyy1zyzdr9ing5aphzz0z5iic"; executable = false; }; + } }: -rec { +let + libSystemProfile = '' + (import "${./standard-sandbox.sb}") + ''; +in rec { allPackages = import ../../top-level/all-packages.nix; - bootstrapTools = derivation { + commonPreHook = '' + export NIX_ENFORCE_PURITY=1 + export NIX_IGNORE_LD_THROUGH_GCC=1 + stripAllFlags=" " # the Darwin "strip" command doesn't know "-s" + export MACOSX_DEPLOYMENT_TARGET=10.7 + export SDKROOT= + export CMAKE_OSX_ARCHITECTURES=x86_64 + # Workaround for https://openradar.appspot.com/22671534 on 10.11. + export gl_cv_func_getcwd_abort_bug=no + ''; + + # The one dependency of /bin/sh :( + binShClosure = '' + (allow file-read* (literal "/usr/lib/libncurses.5.4.dylib")) + ''; + + bootstrapTools = derivation rec { inherit system; - name = "trivial-bootstrap-tools"; - builder = "/bin/sh"; - args = [ ./trivial-bootstrap.sh ]; + name = "bootstrap-tools"; + builder = bootstrapFiles.sh; # Not a filename! Attribute 'sh' on bootstrapFiles + args = [ ./unpack-bootstrap-tools.sh ]; + + inherit (bootstrapFiles) mkdir bzip2 cpio tarball; - mkdir = "/bin/mkdir"; - ln = "/bin/ln"; + __sandboxProfile = binShClosure + libSystemProfile; }; - # The simplest stdenv possible to run fetchadc and get the Apple command-line tools - stage0 = rec { - fetchurl = import ../../build-support/fetchurl { - inherit stdenv; - curl = bootstrapTools; - }; + stageFun = step: last: {shell ? "${bootstrapTools}/bin/sh", + overrides ? (pkgs: {}), + extraPreHook ? "", + extraBuildInputs ? with last.pkgs; [ xz darwin.CF libcxx ], + extraInitialPath ? [], + allowedRequisites ? null}: + let + thisStdenv = import ../generic { + inherit system config shell extraBuildInputs allowedRequisites; + + name = "stdenv-darwin-boot-${toString step}"; + + cc = if isNull last then "/dev/null" else import ../../build-support/cc-wrapper { + inherit shell; + inherit (last) stdenv; + inherit (last.pkgs.darwin) dyld; + + nativeTools = true; + nativePrefix = bootstrapTools; + nativeLibc = false; + libc = last.pkgs.darwin.Libsystem; + isClang = true; + cc = { name = "clang-9.9.9"; outPath = bootstrapTools; }; + }; + + preHook = stage0.stdenv.lib.optionalString (shell == "${bootstrapTools}/bin/sh") '' + # Don't patch #!/interpreter because it leads to retained + # dependencies on the bootstrapTools in the final stdenv. + dontPatchShebangs=1 + '' + '' + ${commonPreHook} + ${extraPreHook} + ''; + initialPath = extraInitialPath ++ [ bootstrapTools ]; + fetchurlBoot = import ../../build-support/fetchurl { + stdenv = stage0.stdenv; + curl = bootstrapTools; + }; + + # The stdenvs themselves don't use mkDerivation, so I need to specify this here + stdenvSandboxProfile = binShClosure + libSystemProfile; + extraSandboxProfile = binShClosure + libSystemProfile; + + extraAttrs = { inherit platform; parent = last; }; + overrides = pkgs: (overrides pkgs) // { fetchurl = thisStdenv.fetchurlBoot; }; + }; + + thisPkgs = allPackages { + inherit system platform; + bootStdenv = thisStdenv; + }; + in { stdenv = thisStdenv; pkgs = thisPkgs; }; + + stage0 = stageFun 0 null { + overrides = orig: with stage0; rec { + darwin = orig.darwin // { + Libsystem = stdenv.mkDerivation { + name = "bootstrap-Libsystem"; + buildCommand = '' + mkdir -p $out + ln -s ${bootstrapTools}/lib $out/lib + ln -s ${bootstrapTools}/include-Libsystem $out/include + ''; + }; + dyld = bootstrapTools; + }; + + libcxx = stdenv.mkDerivation { + name = "bootstrap-libcxx"; + phases = [ "installPhase" "fixupPhase" ]; + installPhase = '' + mkdir -p $out/lib $out/include + ln -s ${bootstrapTools}/lib/libc++.dylib $out/lib/libc++.dylib + ln -s ${bootstrapTools}/include/c++ $out/include/c++ + ''; + linkCxxAbi = false; + setupHook = ../../development/compilers/llvm/3.6/libc++/setup-hook.sh; + }; + + libcxxabi = stdenv.mkDerivation { + name = "bootstrap-libcxxabi"; + buildCommand = '' + mkdir -p $out/lib + ln -s ${bootstrapTools}/lib/libc++abi.dylib $out/lib/libc++abi.dylib + ''; + }; - stdenv = import ../generic { - inherit system config; - name = "stdenv-darwin-boot-0"; - shell = "/bin/bash"; - initialPath = [ bootstrapTools ]; - fetchurlBoot = fetchurl; - cc = null; }; + + extraBuildInputs = []; }; - buildTools = import ../../os-specific/darwin/command-line-tools { - inherit (stage0) stdenv fetchurl; - xar = bootstrapTools; - gzip = bootstrapTools; - cpio = bootstrapTools; + persistent0 = _: {}; + + stage1 = with stage0; stageFun 1 stage0 { + extraPreHook = "export NIX_CFLAGS_COMPILE+=\" -F${bootstrapTools}/Library/Frameworks\""; + extraBuildInputs = [ pkgs.libcxx ]; + + allowedRequisites = + [ bootstrapTools ] ++ (with pkgs; [ libcxx libcxxabi ]) ++ [ pkgs.darwin.Libsystem ]; + + overrides = persistent0; }; - preHook = '' - export NIX_IGNORE_LD_THROUGH_GCC=1 - export NIX_DONT_SET_RPATH=1 - export NIX_NO_SELF_RPATH=1 - dontFixLibtool=1 - stripAllFlags=" " # the Darwin "strip" command doesn't know "-s" - xargsFlags=" " - export MACOSX_DEPLOYMENT_TARGET=10.7 - # Use the 10.9 SDK if we're running on 10.9, and 10.10 if we're - # running on 10.10. We need to use the 10.10 headers for functions - # like readlinkat() that are dynamically detected by configure - # scripts. Very impure, obviously. - export SDKROOT=$(/usr/bin/xcrun --sdk macosx"$(/usr/bin/sw_vers -productVersion | /usr/bin/cut -d. -f1,2)" --show-sdk-path 2> /dev/null || echo /) - export NIX_CFLAGS_COMPILE+=" --sysroot=/var/empty -idirafter $SDKROOT/usr/include -F$SDKROOT/System/Library/Frameworks -Wno-multichar -Wno-deprecated-declarations" - export NIX_LDFLAGS_AFTER+=" -L$SDKROOT/usr/lib" - export CMAKE_OSX_ARCHITECTURES=x86_64 - # Workaround for https://openradar.appspot.com/22671534 on 10.11. - export gl_cv_func_getcwd_abort_bug=no - ''; + persistent1 = orig: with stage1.pkgs; { + inherit + zlib patchutils m4 scons flex perl bison unifdef unzip openssl icu python + libxml2 gettext sharutils gmp libarchive ncurses pkg-config libedit groff + openssh sqlite sed serf openldap db cyrus-sasl expat apr-util subversion xz + findfreetype libssh curl cmake autoconf automake libtool ed cpio coreutils; - # A stdenv that wraps the Apple command-line tools and our other trivial symlinked bootstrap tools - stage1 = rec { - nativePrefix = "${buildTools.tools}/Library/Developer/CommandLineTools/usr"; - - stdenv = import ../generic { - name = "stdenv-darwin-boot-1"; - - inherit system config; - inherit (stage0.stdenv) shell fetchurlBoot; - - initialPath = stage0.stdenv.initialPath ++ [ nativePrefix ]; - - preHook = preHook + "\n" + '' - export NIX_LDFLAGS_AFTER+=" -L/usr/lib" - export NIX_ENFORCE_PURITY= - export NIX_CFLAGS_COMPILE+=" -isystem ${nativePrefix}/include/c++/v1 -stdlib=libc++" - export NIX_CFLAGS_LINK+=" -stdlib=libc++ -Wl,-rpath,${nativePrefix}/lib" - ''; - - cc = import ../../build-support/cc-wrapper { - nativeTools = true; - nativePrefix = nativePrefix; - nativeLibc = true; - stdenv = stage0.stdenv; - shell = "/bin/bash"; - cc = { - name = "clang-9.9.9"; - cc = "/usr"; - outPath = nativePrefix; - }; - isClang = true; - }; + darwin = orig.darwin // { + inherit (darwin) + dyld Libsystem xnu configd libdispatch libclosure launchd; }; - pkgs = allPackages { - inherit system platform; - bootStdenv = stdenv; + }; + + stage2 = with stage1; stageFun 2 stage1 { + extraPreHook = '' + export PATH_LOCALE=${pkgs.darwin.locale}/share/locale + ''; + + allowedRequisites = + [ bootstrapTools ] ++ + (with pkgs; [ xz libcxx libcxxabi icu ]) ++ + (with pkgs.darwin; [ dyld Libsystem CF locale ]); + + overrides = persistent1; + }; + + persistent2 = orig: with stage2.pkgs; { + inherit + patchutils m4 scons flex perl bison unifdef unzip openssl python + gettext sharutils libarchive pkg-config groff bash subversion + openssh sqlite sed serf openldap db cyrus-sasl expat apr-util + findfreetype libssh curl cmake autoconf automake libtool cpio + libcxx libcxxabi; + + darwin = orig.darwin // { + inherit (darwin) + dyld Libsystem xnu configd libdispatch libclosure launchd libiconv locale; }; }; - stage2 = rec { - stdenv = import ../generic { - name = "stdenv-darwin-boot-2"; + stage3 = with stage2; stageFun 3 stage2 { + shell = "${pkgs.bash}/bin/bash"; + + # We have a valid shell here (this one has no bootstrap-tools runtime deps) so stageFun + # enables patchShebangs above. Unfortunately, patchShebangs ignores our $SHELL setting + # and instead goes by $PATH, which happens to contain bootstrapTools. So it goes and + # patches our shebangs back to point at bootstrapTools. This makes sure bash comes first. + extraInitialPath = [ pkgs.bash ]; + + extraPreHook = '' + export PATH_LOCALE=${pkgs.darwin.locale}/share/locale + ''; - inherit system config; - inherit (stage1.stdenv) shell fetchurlBoot preHook cc; + allowedRequisites = + [ bootstrapTools ] ++ + (with pkgs; [ icu bash libcxx libcxxabi ]) ++ + (with pkgs.darwin; [ dyld Libsystem locale ]); + + overrides = persistent2; + }; - initialPath = [ stage1.pkgs.xz stage1.pkgs.gnused ] ++ stage1.stdenv.initialPath; + persistent3 = orig: with stage3.pkgs; { + inherit + gnumake gzip gnused bzip2 gawk ed xz patch bash + libcxxabi libcxx ncurses libffi zlib gmp pcre gnugrep + coreutils findutils diffutils patchutils; + + llvmPackages = let llvmOverride = llvmPackages.llvm.override { inherit libcxxabi; }; + in orig.llvmPackages // { + llvm = llvmOverride; + clang-unwrapped = llvmPackages.clang-unwrapped.override { llvm = llvmOverride; }; }; - pkgs = allPackages { - inherit system platform; - bootStdenv = stdenv; + + darwin = orig.darwin // { + inherit (darwin) dyld Libsystem libiconv locale; }; }; - # Use stage1 to build a whole set of actual tools so we don't have to rely on the Apple prebuilt ones or - # the ugly symlinked bootstrap tools anymore. - stage3 = with stage2; import ../generic { - name = "stdenv-darwin-boot-3"; + stage4 = with stage3; stageFun 4 stage3 { + shell = "${pkgs.bash}/bin/bash"; + extraInitialPath = [ pkgs.bash ]; + extraPreHook = '' + export PATH_LOCALE=${pkgs.darwin.locale}/share/locale + ''; + overrides = persistent3; + }; + + persistent4 = orig: with stage4.pkgs; { + inherit + gnumake gzip gnused bzip2 gawk ed xz patch bash + libcxxabi libcxx ncurses libffi zlib icu llvm gmp pcre gnugrep + coreutils findutils diffutils patchutils binutils binutils-raw; + + llvmPackages = orig.llvmPackages // { + inherit (llvmPackages) llvm clang-unwrapped; + }; + darwin = orig.darwin // { + inherit (darwin) dyld Libsystem cctools libiconv; + }; + }; + + stage5 = with stage4; import ../generic rec { inherit system config; inherit (stdenv) fetchurlBoot; - initialPath = (import ../common-path.nix) { inherit pkgs; }; + name = "stdenv-darwin"; - preHook = preHook + "\n" + '' - export NIX_ENFORCE_PURITY=1 + preHook = commonPreHook + '' + export PATH_LOCALE=${pkgs.darwin.locale}/share/locale ''; + stdenvSandboxProfile = binShClosure + libSystemProfile; + extraSandboxProfile = binShClosure + libSystemProfile; + + initialPath = import ../common-path.nix { inherit pkgs; }; + shell = "${pkgs.bash}/bin/bash"; + cc = import ../../build-support/cc-wrapper { - inherit stdenv; - nativeTools = false; - nativeLibc = true; - binutils = pkgs.darwin.cctools; - cc = pkgs.llvmPackages.clang-unwrapped; - coreutils = pkgs.coreutils; - shell = "${pkgs.bash}/bin/bash"; - extraPackages = [ pkgs.libcxx ]; - isClang = true; + inherit stdenv shell; + nativeTools = false; + nativeLibc = false; + inherit (pkgs) coreutils binutils; + inherit (pkgs.darwin) dyld; + cc = pkgs.llvmPackages.clang-unwrapped; + libc = pkgs.darwin.Libsystem; }; - shell = "${pkgs.bash}/bin/bash"; + extraBuildInputs = with pkgs; [ darwin.CF libcxx ]; + + extraAttrs = { + inherit platform bootstrapTools; + libc = pkgs.darwin.Libsystem; + shellPackage = pkgs.bash; + parent = stage4; + }; + + allowedRequisites = (with pkgs; [ + xz libcxx libcxxabi icu gmp gnumake findutils bzip2 llvm zlib libffi + coreutils ed diffutils gnutar gzip ncurses gnused bash gawk + gnugrep llvmPackages.clang-unwrapped patch pcre binutils-raw binutils gettext + ]) ++ (with pkgs.darwin; [ + dyld Libsystem CF cctools libiconv locale + ]); + + overrides = orig: persistent4 orig // { + clang = cc; + inherit cc; + }; }; - stdenvDarwin = stage3; + stdenvDarwin = stage5; } diff --git a/pkgs/stdenv/darwin/make-bootstrap-tools.nix b/pkgs/stdenv/darwin/make-bootstrap-tools.nix index d6b5bef8f47..dc52015c52d 100644 --- a/pkgs/stdenv/darwin/make-bootstrap-tools.nix +++ b/pkgs/stdenv/darwin/make-bootstrap-tools.nix @@ -1,6 +1,6 @@ -{system ? builtins.currentSystem}: +{ system ? builtins.currentSystem }: -with import ../../top-level/all-packages.nix {inherit system;}; +with import ../../top-level/all-packages.nix { inherit system; }; rec { # We want coreutils without ACL support. @@ -9,7 +9,7 @@ rec { }); build = stdenv.mkDerivation { - name = "build"; + name = "stdenv-bootstrap-tools"; buildInputs = [nukeReferences cpio]; @@ -62,14 +62,17 @@ rec { cp -d ${openssl.out}/lib/*.dylib $out/lib cp -d ${gnugrep.pcre.out}/lib/libpcre*.dylib $out/lib - cp -d ${libiconv.lib}/lib/libiconv*.dylib $out/lib + cp -d ${libiconv.lib}/lib/lib*.dylib $out/lib + cp -d ${gettext}/lib/libintl*.dylib $out/lib + chmod +x $out/lib/libintl*.dylib + cp -d ${ncurses.lib}/lib/libncurses*.dylib $out/lib # Copy what we need of clang - cp -d ${llvmPackages.clang}/bin/clang $out/bin - cp -d ${llvmPackages.clang}/bin/clang++ $out/bin - cp -d ${llvmPackages.clang}/bin/clang-3.5 $out/bin + cp -d ${llvmPackages.clang-unwrapped}/bin/clang $out/bin + cp -d ${llvmPackages.clang-unwrapped}/bin/clang++ $out/bin + cp -d ${llvmPackages.clang-unwrapped}/bin/clang-[0-9].[0-9] $out/bin - cp -rL ${llvmPackages.clang}/lib/clang $out/lib + cp -rL ${llvmPackages.clang-unwrapped}/lib/clang $out/lib cp -d ${libcxx}/lib/libc++*.dylib $out/lib cp -d ${libcxxabi}/lib/libc++abi*.dylib $out/lib @@ -79,7 +82,7 @@ rec { cp -d ${icu.out}/lib/libicu*.dylib $out/lib cp -d ${zlib.out}/lib/libz.* $out/lib - cp -d ${gmpxx}/lib/libgmp*.* $out/lib + cp -d ${gmpxx.out}/lib/libgmp*.* $out/lib cp -d ${xz.out}/lib/liblzma*.* $out/lib # Copy binutils. @@ -115,7 +118,7 @@ rec { fi done - for i in $out/bin/* $out/lib/*.dylib $out/lib/clang/3.5.0/lib/darwin/*.dylib $out/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation; do + for i in $out/bin/* $out/lib/*.dylib $out/lib/clang/*/lib/darwin/*.dylib $out/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation; do if test -x $i -a ! -L $i; then echo "Adding rpath to $i" rpathify $i @@ -123,51 +126,60 @@ rec { done nuke-refs $out/lib/* - nuke-refs $out/lib/clang/3.5.0/lib/darwin/* + nuke-refs $out/lib/clang/*/lib/darwin/* nuke-refs $out/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation + set -x mkdir $out/.pack mv $out/* $out/.pack mv $out/.pack $out/pack mkdir $out/on-server - (cd $out/pack && (find | cpio -o -H newc)) | bzip2 > $out/on-server/bootstrap-tools.cpio.bz2 - - mkdir $out/in-nixpkgs - cp ${stdenv.shell} $out/in-nixpkgs/sh - cp ${cpio}/bin/cpio $out/in-nixpkgs - cp ${coreutils_}/bin/mkdir $out/in-nixpkgs - cp ${bzip2}/bin/bzip2 $out/in-nixpkgs + cp ${stdenv.shell} $out/on-server/sh + cp ${cpio}/bin/cpio $out/on-server + cp ${coreutils_}/bin/mkdir $out/on-server + cp ${bzip2.bin}/bin/bzip2 $out/on-server - chmod u+w $out/in-nixpkgs/* - strip $out/in-nixpkgs/* - nuke-refs $out/in-nixpkgs/* + chmod u+w $out/on-server/* + strip $out/on-server/* + nuke-refs $out/on-server/* - for i in $out/in-nixpkgs/*; do + for i in $out/on-server/*; do fix_dyld $i done + + (cd $out/pack && (find | cpio -o -H newc)) | bzip2 > $out/on-server/bootstrap-tools.cpio.bz2 ''; allowedReferences = []; + + meta = { + maintainers = [ stdenv.lib.maintainers.copumpkin ]; + }; }; - host = stdenv.mkDerivation { - name = "host"; + dist = stdenv.mkDerivation { + name = "stdenv-bootstrap-tools"; buildCommand = '' mkdir -p $out/nix-support - - for i in "${build}/on-server/"*; do - echo "file binary-dist $i" >> $out/nix-support/hydra-build-products - done - - echo "darwin-bootstrap-tools-$(date +%Y.%m.%d)" >> $out/nix-support/hydra-release-name + echo "file tarball ${build}/on-server/bootstrap-tools.cpio.bz2" >> $out/nix-support/hydra-build-products + echo "file sh ${build}/on-server/sh" >> $out/nix-support/hydra-build-products + echo "file cpio ${build}/on-server/cpio" >> $out/nix-support/hydra-build-products + echo "file mkdir ${build}/on-server/mkdir" >> $out/nix-support/hydra-build-products + echo "file bzip2 ${build}/on-server/bzip2" >> $out/nix-support/hydra-build-products ''; + }; - allowedReferences = [ build ]; + bootstrapFiles = { + sh = "${build}/on-server/sh"; + bzip2 = "${build}/on-server/bzip2"; + mkdir = "${build}/on-server/mkdir"; + cpio = "${build}/on-server/cpio"; + tarball = "${build}/on-server/bootstrap-tools.cpio.bz2"; }; - unpack = stdenv.mkDerivation { + unpack = stdenv.mkDerivation (bootstrapFiles // { name = "unpack"; # This is by necessity a near-duplicate of unpack-bootstrap-tools.sh. If we refer to it directly, @@ -214,14 +226,8 @@ rec { EOF ''; - tarball = "${build}/on-server/bootstrap-tools.cpio.bz2"; - - mkdir = "${build}/in-nixpkgs/mkdir"; - bzip2 = "${build}/in-nixpkgs/bzip2"; - cpio = "${build}/in-nixpkgs/cpio"; - allowedReferences = [ "out" ]; - }; + }); test = stdenv.mkDerivation { name = "test"; @@ -247,7 +253,7 @@ rec { # an SSL-capable curl curl --version | grep SSL - ${build}/in-nixpkgs/sh -c 'echo Hello World' + ${build}/on-server/sh -c 'echo Hello World' export flags="-idirafter ${unpack}/include-Libsystem --sysroot=${unpack} -L${unpack}/lib" @@ -281,4 +287,12 @@ rec { $out/bin/hello ''; }; + + # The ultimate test: bootstrap a whole stdenv from the tools specified above and get a package set out of it + test-pkgs = let + stdenv = import ./. { inherit system bootstrapFiles; }; + in import ../../top-level/all-packages.nix { + inherit system; + bootStdenv = stdenv.stdenvDarwin; + }; } diff --git a/pkgs/stdenv/darwin/standard-sandbox.sb b/pkgs/stdenv/darwin/standard-sandbox.sb new file mode 100644 index 00000000000..b87be89f35f --- /dev/null +++ b/pkgs/stdenv/darwin/standard-sandbox.sb @@ -0,0 +1,72 @@ +(define TMPDIR (param "_GLOBAL_TMP_DIR")) + +; obvious +(allow process-fork) + +; allow reading system information like #CPUs, etc. +(allow sysctl-read) + +; IPC +(allow ipc-posix*) + +; Unix sockets +(allow system-socket) + +; all runtime dependencies of libSystem.dylib +(allow file-read* + (literal "/usr/lib/libSystem.dylib") + (literal "/usr/lib/libSystem.B.dylib") + (literal "/usr/lib/libobjc.A.dylib") + (literal "/usr/lib/libobjc.dylib") + (literal "/usr/lib/libauto.dylib") + (literal "/usr/lib/libc++abi.dylib") + (literal "/usr/lib/libc++.1.dylib") + (literal "/usr/lib/libDiagnosticMessagesClient.dylib") + (subpath "/usr/lib/system")) + +; tmp +(allow file* process-exec (literal "/tmp") (subpath TMPDIR)) + +; clang likes to read the system version +(allow file-read* (literal "/System/Library/CoreServices/SystemVersion.plist")) + +; used for bootstrap builders +(allow process-exec* (literal "/bin/sh")) + +; without this line clang cannot write to /dev/null, breaking some configure tests +(allow file-read-metadata (literal "/dev")) + +; standard devices +(allow file* + (literal "/dev/null") + (literal "/dev/random") + (literal "/dev/stdin") + (literal "/dev/stdout") + (literal "/dev/tty") + (literal "/dev/urandom") + (literal "/dev/zero") + (subpath "/dev/fd")) + +; does nothing, but reduces build noise +(allow file* (literal "/dev/dtracehelper")) + +; ICU data and zoneinfo data are hardcoded +; both are in libicucore and zoneinfo is in libsystem_c as well +(allow file-read* (subpath "/usr/share/icu") (subpath "/usr/share/zoneinfo")) + +; no idea what this is +(allow file-read-data (literal "/dev/autofs_nowait")) + +; lots of autoconf projects want to list this directory +(allow file-read-metadata (literal "/var") (literal "/private/var/tmp")) + +; send signals +(allow signal (target same-sandbox)) + +; allow getpwuid (for git and other packages) +(allow mach-lookup + (global-name "com.apple.system.notification_center") + (global-name "com.apple.system.opendirectoryd.libinfo")) + +; allow networking on localhost +(allow network* (local ip) (remote unix-socket)) diff --git a/pkgs/stdenv/darwin/trivial-bootstrap.sh b/pkgs/stdenv/darwin/trivial-bootstrap.sh deleted file mode 100644 index 487f1488658..00000000000 --- a/pkgs/stdenv/darwin/trivial-bootstrap.sh +++ /dev/null @@ -1,67 +0,0 @@ - -# Building bootstrap tools -echo Building the trivial bootstrap environment... -$mkdir -p $out/bin - -$ln -s $ln $out/bin/ln - -PATH=$out/bin/ - -cd $out/bin - -ln -s $mkdir -ln -s /bin/sh -ln -s /bin/cp -ln -s /bin/dd -ln -s /bin/mv -ln -s /bin/rm -ln -s /bin/ls -ln -s /bin/ps -ln -s /bin/cat -ln -s /bin/bash -ln -s /bin/echo -ln -s /bin/expr -ln -s /bin/test -ln -s /bin/date -ln -s /bin/chmod -ln -s /bin/rmdir -ln -s /bin/sleep -ln -s /bin/hostname - -ln -s /usr/bin/id -ln -s /usr/bin/od -ln -s /usr/bin/tr -ln -s /usr/bin/wc -ln -s /usr/bin/cut -ln -s /usr/bin/cmp -ln -s /usr/bin/sed -ln -s /usr/bin/tar -ln -s /usr/bin/xar -ln -s /usr/bin/awk -ln -s /usr/bin/env -ln -s /usr/bin/tee -ln -s /usr/bin/comm -ln -s /usr/bin/cpio -ln -s /usr/bin/curl -ln -s /usr/bin/find -ln -s /usr/bin/grep -ln -s /usr/bin/gzip -ln -s /usr/bin/head -ln -s /usr/bin/tail -ln -s /usr/bin/sort -ln -s /usr/bin/uniq -ln -s /usr/bin/less -ln -s /usr/bin/true -ln -s /usr/bin/diff -ln -s /usr/bin/egrep -ln -s /usr/bin/fgrep -ln -s /usr/bin/patch -ln -s /usr/bin/uname -ln -s /usr/bin/touch -ln -s /usr/bin/split -ln -s /usr/bin/xargs -ln -s /usr/bin/which -ln -s /usr/bin/install -ln -s /usr/bin/basename -ln -s /usr/bin/dirname -ln -s /usr/bin/readlink |