diff options
Diffstat (limited to 'pkgs/build-support')
-rw-r--r-- | pkgs/build-support/bintools-wrapper/add-hardening.sh | 2 | ||||
-rw-r--r-- | pkgs/build-support/build-fhs-userenv/env.nix | 12 | ||||
-rw-r--r-- | pkgs/build-support/fetchgitlab/default.nix | 28 | ||||
-rw-r--r-- | pkgs/build-support/setup-hooks/auto-patchelf.sh | 1 |
4 files changed, 26 insertions, 17 deletions
diff --git a/pkgs/build-support/bintools-wrapper/add-hardening.sh b/pkgs/build-support/bintools-wrapper/add-hardening.sh index 5e49b7bd905..4d289a334b7 100644 --- a/pkgs/build-support/bintools-wrapper/add-hardening.sh +++ b/pkgs/build-support/bintools-wrapper/add-hardening.sh @@ -37,7 +37,7 @@ fi for flag in "${!hardeningEnableMap[@]}"; do case $flag in pie) - if [[ ! ("$*" =~ " -shared " || "$*" =~ " -static ") ]]; then + if [[ ! ("$*" =~ " -shared " || "$*" =~ " -static " || "$*" =~ " -r " || "$*" =~ " -Ur " || "$*" =~ " -i ") ]]; then if (( "${NIX_DEBUG:-0}" >= 1 )); then echo HARDENING: enabling LDFlags -pie >&2; fi hardeningLDFlags+=('-pie') fi diff --git a/pkgs/build-support/build-fhs-userenv/env.nix b/pkgs/build-support/build-fhs-userenv/env.nix index 226904f311b..da4521b4de3 100644 --- a/pkgs/build-support/build-fhs-userenv/env.nix +++ b/pkgs/build-support/build-fhs-userenv/env.nix @@ -1,8 +1,11 @@ { stdenv, buildEnv, writeText, pkgs, pkgsi686Linux }: -{ name, profile ? "" -, targetPkgs ? pkgs: [], multiPkgs ? pkgs: [] -, extraBuildCommands ? "", extraBuildCommandsMulti ? "" +{ name +, profile ? "" +, targetPkgs ? pkgs: [] +, multiPkgs ? pkgs: [] +, extraBuildCommands ? "" +, extraBuildCommandsMulti ? "" , extraOutputsToInstall ? [] }: @@ -23,7 +26,8 @@ let is64Bit = stdenv.hostPlatform.parsed.cpu.bits == 64; - isMultiBuild = multiPkgs != null && is64Bit; + # multi-lib glibc is only supported on x86_64 + isMultiBuild = multiPkgs != null && stdenv.hostPlatform.system == "x86_64-linux"; isTargetBuild = !isMultiBuild; # list of packages (usually programs) which are only be installed for the diff --git a/pkgs/build-support/fetchgitlab/default.nix b/pkgs/build-support/fetchgitlab/default.nix index 77512510a7c..5b9dbd71c59 100644 --- a/pkgs/build-support/fetchgitlab/default.nix +++ b/pkgs/build-support/fetchgitlab/default.nix @@ -1,22 +1,26 @@ -{ fetchzip, lib }: +{ fetchgit, fetchzip, lib }: # gitlab example { owner, repo, rev, domain ? "gitlab.com", name ? "source", group ? null +, fetchSubmodules ? false, leaveDotGit ? false, deepClone ? false , ... # For hash agility } @ args: -with lib; - let - slug = concatStringsSep "/" - ((optional (group != null) group) ++ [ owner repo ]); + slug = lib.concatStringsSep "/" ((lib.optional (group != null) group) ++ [ owner repo ]); + escapedSlug = lib.replaceStrings [ "." "/" ] [ "%2E" "%2F" ] slug; + escapedRev = lib.replaceStrings [ "+" "%" "/" ] [ "%2B" "%25" "%2F" ] rev; + passthruAttrs = removeAttrs args [ "domain" "owner" "group" "repo" "rev" ]; + + useFetchGit = deepClone || fetchSubmodules || leaveDotGit; + fetcher = if useFetchGit then fetchgit else fetchzip; - escapedSlug = replaceStrings ["." "/"] ["%2E" "%2F"] slug; - escapedRev = replaceStrings ["+" "%" "/"] ["%2B" "%25" "%2F"] rev; + fetcherArgs = (if useFetchGit then { + inherit rev deepClone fetchSubmodules leaveDotGit; + url = "https://${domain}/${slug}.git"; + } else { + url = "https://${domain}/api/v4/projects/${escapedSlug}/repository/archive.tar.gz?sha=${escapedRev}"; + }) // passthruAttrs // { inherit name; }; in -fetchzip ({ - inherit name; - url = "https://${domain}/api/v4/projects/${escapedSlug}/repository/archive.tar.gz?sha=${escapedRev}"; - meta.homepage = "https://${domain}/${slug}/"; -} // removeAttrs args [ "domain" "owner" "group" "repo" "rev" ]) // { inherit rev; } +fetcher fetcherArgs // { meta.homepage = "https://${domain}/${slug}/"; inherit rev; } diff --git a/pkgs/build-support/setup-hooks/auto-patchelf.sh b/pkgs/build-support/setup-hooks/auto-patchelf.sh index 511371931de..70b1fc802b5 100644 --- a/pkgs/build-support/setup-hooks/auto-patchelf.sh +++ b/pkgs/build-support/setup-hooks/auto-patchelf.sh @@ -29,6 +29,7 @@ isExecutable() { isExeResult="$(LANG=C $READELF -h -l "$1" 2> /dev/null \ | grep '^ *Type: *EXEC\>\|^ *INTERP\>')" # not using grep -q, because it can cause Broken pipe + # https://unix.stackexchange.com/questions/305547/broken-pipe-when-grepping-output-but-only-with-i-flag [ -n "$isExeResult" ] } |