diff options
Diffstat (limited to 'nixpkgs/pkgs/build-support')
13 files changed, 232 insertions, 51 deletions
diff --git a/nixpkgs/pkgs/build-support/build-fhs-userenv/env.nix b/nixpkgs/pkgs/build-support/build-fhs-userenv/env.nix index 295b17eec67..8de43d5a919 100644 --- a/nixpkgs/pkgs/build-support/build-fhs-userenv/env.nix +++ b/nixpkgs/pkgs/build-support/build-fhs-userenv/env.nix @@ -52,7 +52,7 @@ let etcProfile = writeText "profile" '' export PS1='${name}-chrootenv:\u@\h:\w\$ ' export LOCALE_ARCHIVE='/usr/lib/locale/locale-archive' - export LD_LIBRARY_PATH="/run/opengl-driver/lib:/run/opengl-driver-32/lib:/usr/lib:/usr/lib32:$LD_LIBRARY_PATH" + export LD_LIBRARY_PATH="/run/opengl-driver/lib:/run/opengl-driver-32/lib:/usr/lib:/usr/lib32''${LD_LIBRARY_PATH:+:}$LD_LIBRARY_PATH" export PATH="/run/wrappers/bin:/usr/bin:/usr/sbin:$PATH" export TZDIR='/etc/zoneinfo' diff --git a/nixpkgs/pkgs/build-support/docker-slim/default.nix b/nixpkgs/pkgs/build-support/docker-slim/default.nix new file mode 100644 index 00000000000..6004898f08e --- /dev/null +++ b/nixpkgs/pkgs/build-support/docker-slim/default.nix @@ -0,0 +1,67 @@ +{ stdenv +, buildGoPackage +, fetchFromGitHub +, makeWrapper +}: + +let + + version = "1.26.1"; + rev = "2ec04e169b12a87c5286aa09ef44eac1cea2c7a1"; + +in buildGoPackage rec { + pname = "docker-slim"; + inherit version; + + goPackagePath = "github.com/docker-slim/docker-slim"; + + src = fetchFromGitHub { + owner = "docker-slim"; + repo = "docker-slim"; + inherit rev; + # fetchzip yields a different hash on Darwin because `use-case-hack` + sha256 = + if stdenv.isDarwin + then "0j72rn6qap78qparrnslxm3yv83mzy1yc7ha0crb4frwkzmspyvf" + else "01bjb14z7yblm7qdqrx1j2pw5x5da7a6np4rkzay931gly739gbh"; + }; + + subPackages = [ "cmd/docker-slim" "cmd/docker-slim-sensor" ]; + + nativeBuildInputs = [ + makeWrapper + ]; + + # docker-slim vendorized logrus files in different directories, which + # conflicts on case-sensitive filesystems + preBuild = stdenv.lib.optionalString stdenv.isLinux '' + mv go/src/${goPackagePath}/vendor/github.com/Sirupsen/logrus/* \ + go/src/${goPackagePath}/vendor/github.com/sirupsen/logrus/ + ''; + + buildFlagsArray = + let + ldflags = "-ldflags=-s -w " + + "-X ${goPackagePath}/pkg/version.appVersionTag=${version} " + + "-X ${goPackagePath}/pkg/version.appVersionRev=${rev}"; + in + [ ldflags ]; + + # docker-slim tries to create its state dir next to the binary (inside the nix + # store), so we set it to use the working directory at the time of invocation + postInstall = '' + wrapProgram "$bin/bin/docker-slim" --add-flags '--state-path "$(pwd)"' + ''; + + meta = with stdenv.lib; { + description = "Minify and secure Docker containers"; + homepage = "https://dockersl.im/"; + license = licenses.asl20; + maintainers = with maintainers; [ filalex77 marsam mbrgm ]; + # internal/app/sensor/monitors/ptrace/monitor.go:151:16: undefined: + # system.CallNumber + # internal/app/sensor/monitors/ptrace/monitor.go:161:15: undefined: + # system.CallReturnValue + badPlatforms = [ "aarch64-linux" ]; + }; +} diff --git a/nixpkgs/pkgs/build-support/docker/default.nix b/nixpkgs/pkgs/build-support/docker/default.nix index e10ff269950..509b7e2a7e1 100644 --- a/nixpkgs/pkgs/build-support/docker/default.nix +++ b/nixpkgs/pkgs/build-support/docker/default.nix @@ -315,7 +315,7 @@ rec { runCommand "${name}-granular-docker-layers" { inherit maxLayers; paths = referencesByPopularity overallClosure; - nativeBuildInputs = [ jshon rsync tarsum ]; + nativeBuildInputs = [ jshon rsync tarsum moreutils ]; enableParallelBuilding = true; } '' @@ -325,7 +325,6 @@ rec { | jshon -d config \ | jshon -s "1970-01-01T00:00:01Z" -i created > generic.json - # WARNING! # The following code is fiddly w.r.t. ensuring every layer is # created, and that no paths are missed. If you change the @@ -336,7 +335,8 @@ rec { cat $paths ${lib.concatMapStringsSep " " (path: "| grep -v ${path}") (closures ++ [ overallClosure ])} } - paths | head -n $((maxLayers - 1)) | cat -n | xargs -P$NIX_BUILD_CORES -n2 ${storePathToLayer} + # We need to sponge to avoid grep broken pipe error when maxLayers == 1 + paths | sponge | head -n $((maxLayers - 1)) | cat -n | xargs -r -P$NIX_BUILD_CORES -n2 ${storePathToLayer} if [ $(paths | wc -l) -ge $maxLayers ]; then paths | tail -n+$maxLayers | xargs ${storePathToLayer} $maxLayers fi @@ -545,6 +545,9 @@ rec { # believe the actual maximum is 128. maxLayers ? 100 }: + assert + (lib.assertMsg (maxLayers > 1) + "the maxLayers argument of dockerTools.buildLayeredImage function must be greather than 1 (current value: ${toString maxLayers})"); let baseName = baseNameOf name; contentsEnv = symlinkJoin { @@ -625,7 +628,22 @@ rec { -i "$imageName" > image/repositories echo "Cooking the image..." - tar -C image --dereference --hard-dereference --sort=name --mtime="@$SOURCE_DATE_EPOCH" --owner=0 --group=0 --mode=a-w --xform s:'^./':: -c . | pigz -nT > $out + # tar exits with an exit code of 1 if files changed while it was + # reading them. It considers a change in the number of hard links + # to be a "change", which can cause this to fail if images are being + # built concurrently and the auto-optimise-store nix option is turned on. + # Since the contents of these files will not change, we can reasonably + # ignore this exit code. + set +e + tar -C image --dereference --hard-dereference --sort=name \ + --mtime="@$SOURCE_DATE_EPOCH" --owner=0 --group=0 \ + --mode=a-w --xform s:'^./':: --use-compress-program='pigz -nT' \ + --warning=no-file-changed -cf $out . + RET=$? + if [ $RET -ne 0 ] && [ $RET -ne 1 ]; then + exit $RET + fi + set -e echo "Finished." ''; diff --git a/nixpkgs/pkgs/build-support/docker/examples.nix b/nixpkgs/pkgs/build-support/docker/examples.nix index d7d1a693310..a1f71d35793 100644 --- a/nixpkgs/pkgs/build-support/docker/examples.nix +++ b/nixpkgs/pkgs/build-support/docker/examples.nix @@ -238,4 +238,12 @@ rec { config.Cmd = [ "${pkgs.hello}/bin/hello" ]; }; + # 15. Create a layered image with only 2 layers + two-layered-image = pkgs.dockerTools.buildLayeredImage { + name = "two-layered-image"; + tag = "latest"; + config.Cmd = [ "${pkgs.hello}/bin/hello" ]; + contents = [ pkgs.bash pkgs.hello ]; + maxLayers = 2; + }; } diff --git a/nixpkgs/pkgs/build-support/docker/store-path-to-layer.sh b/nixpkgs/pkgs/build-support/docker/store-path-to-layer.sh index bcad9e83e06..c808abab7a8 100755 --- a/nixpkgs/pkgs/build-support/docker/store-path-to-layer.sh +++ b/nixpkgs/pkgs/build-support/docker/store-path-to-layer.sh @@ -5,16 +5,43 @@ set -eu layerNumber=$1 shift +storePath="$1" +shift + layerPath="./layers/$layerNumber" -echo "Creating layer #$layerNumber for $@" +echo "Creating layer #$layerNumber for $storePath" mkdir -p "$layerPath" -tar --no-recursion -rf "$layerPath/layer.tar" \ + +# Make sure /nix and /nix/store appear first in the archive. +# We create the directories here and use them because +# when there are other things being added to the +# nix store, tar could fail, saying, +# "tar: /nix/store: file changed as we read it" +mkdir -p nix/store +tar -cf "$layerPath/layer.tar" \ --mtime="@$SOURCE_DATE_EPOCH" \ - --owner=0 --group=0 /nix /nix/store -tar -rpf "$layerPath/layer.tar" --hard-dereference --sort=name \ + --owner=0 --group=0 \ + --transform='s,nix,/nix,' \ + nix + +# We change into the /nix/store in order to avoid a similar +# "file changed as we read it" error as above. Namely, +# if we use the absolute path of /nix/store/123-pkg +# and something new is added to the nix store while tar +# is running, it will detect a change to /nix/store and +# fail. Instead, if we cd into the nix store and copy +# the relative nix store path, tar will ignore changes +# to /nix/store. In order to create the correct structure +# in the tar file, we transform the relative nix store +# path to the absolute store path. +n=$(basename "$storePath") +tar -C /nix/store -rpf "$layerPath/layer.tar" \ + --hard-dereference --sort=name \ --mtime="@$SOURCE_DATE_EPOCH" \ - --owner=0 --group=0 "$@" + --owner=0 --group=0 \ + --transform="s,$n,/nix/store/$n," \ + $n # Compute a checksum of the tarball. tarhash=$(tarsum < $layerPath/layer.tar) diff --git a/nixpkgs/pkgs/build-support/fetchurl/mirrors.nix b/nixpkgs/pkgs/build-support/fetchurl/mirrors.nix index c0e115bca28..a0a61f7cc50 100644 --- a/nixpkgs/pkgs/build-support/fetchurl/mirrors.nix +++ b/nixpkgs/pkgs/build-support/fetchurl/mirrors.nix @@ -425,8 +425,8 @@ # Maven Central maven = [ - http://repo1.maven.org/maven2/ - http://central.maven.org/maven2/ + https://repo1.maven.org/maven2/ + https://central.maven.org/maven2/ ]; # Alsa Project diff --git a/nixpkgs/pkgs/build-support/libredirect/libredirect.c b/nixpkgs/pkgs/build-support/libredirect/libredirect.c index d31b7551e94..e7f74c736ab 100644 --- a/nixpkgs/pkgs/build-support/libredirect/libredirect.c +++ b/nixpkgs/pkgs/build-support/libredirect/libredirect.c @@ -61,7 +61,11 @@ static const char * rewrite(const char * path, char * buf) static int open_needs_mode(int flags) { +#ifdef O_TMPFILE return (flags & O_CREAT) || (flags & O_TMPFILE) == O_TMPFILE; +#else + return flags & O_CREAT; +#endif } /* The following set of Glibc library functions is very incomplete - diff --git a/nixpkgs/pkgs/build-support/rust/build-rust-crate/build-crate.nix b/nixpkgs/pkgs/build-support/rust/build-rust-crate/build-crate.nix index 4e2e2af1aa7..dec49d24f52 100644 --- a/nixpkgs/pkgs/build-support/rust/build-rust-crate/build-crate.nix +++ b/nixpkgs/pkgs/build-support/rust/build-rust-crate/build-crate.nix @@ -55,9 +55,6 @@ elif [[ -e src/lib.rs ]]; then build_lib src/lib.rs ${lib.optionalString buildTests "build_lib_test src/lib.rs"} - elif [[ -e "src/$LIB_NAME.rs" ]]; then - build_lib src/$LIB_NAME.rs - ${lib.optionalString buildTests ''build_lib_test "src/$LIB_NAME.rs"''} fi diff --git a/nixpkgs/pkgs/build-support/rust/build-rust-crate/configure-crate.nix b/nixpkgs/pkgs/build-support/rust/build-rust-crate/configure-crate.nix index efc538f0fd6..c146ffef5ff 100644 --- a/nixpkgs/pkgs/build-support/rust/build-rust-crate/configure-crate.nix +++ b/nixpkgs/pkgs/build-support/rust/build-rust-crate/configure-crate.nix @@ -137,16 +137,7 @@ in '' CRATENAME=$(echo ${crateName} | sed -e "s/\(.*\)-sys$/\U\1/") grep -P "^cargo:(?!(rustc-|warning=|rerun-if-changed=|rerun-if-env-changed))" target/build/${crateName}.opt \ | sed -e "s/cargo:\([^=]*\)=\(.*\)/export DEP_$(echo $CRATENAME)_\U\1\E=\2/" > target/env - set -e - if [[ -n "$(ls target/build/${crateName}.out)" ]]; then - - if [[ -e "${libPath}" ]]; then - cp -r target/build/${crateName}.out/* $(dirname ${libPath}) #*/ - else - cp -r target/build/${crateName}.out/* src #*/ - fi - fi fi runHook postConfigure '' diff --git a/nixpkgs/pkgs/build-support/rust/build-rust-crate/default.nix b/nixpkgs/pkgs/build-support/rust/build-rust-crate/default.nix index 2885b2aef51..569b48d25ae 100644 --- a/nixpkgs/pkgs/build-support/rust/build-rust-crate/default.nix +++ b/nixpkgs/pkgs/build-support/rust/build-rust-crate/default.nix @@ -23,7 +23,7 @@ let lib.strings.replaceStrings ["-"] ["_"] crateRenames.${dep.crateName} else extern; - in (if lib.any (x: x == "lib") dep.crateType then + in (if lib.any (x: x == "lib" || x == "rlib") dep.crateType then " --extern ${name}=${dep.lib}/lib/lib${extern}-${dep.metadata}.rlib" else " --extern ${name}=${dep.lib}/lib/lib${extern}-${dep.metadata}${stdenv.hostPlatform.extensions.sharedLibrary}") diff --git a/nixpkgs/pkgs/build-support/rust/build-rust-crate/test/default.nix b/nixpkgs/pkgs/build-support/rust/build-rust-crate/test/default.nix index f0f1ed4d1eb..6aad02992c1 100644 --- a/nixpkgs/pkgs/build-support/rust/build-rust-crate/test/default.nix +++ b/nixpkgs/pkgs/build-support/rust/build-rust-crate/test/default.nix @@ -1,17 +1,17 @@ -{ lib, buildRustCrate, runCommand, writeTextFile, symlinkJoin, callPackage }: +{ lib, buildRustCrate, runCommand, writeTextFile, symlinkJoin, callPackage, releaseTools }: let mkCrate = args: let - p = { - crateName = "nixtestcrate"; - version = "0.1.0"; - authors = [ "Test <test@example.com>" ]; - } // args; - in buildRustCrate p; + p = { + crateName = "nixtestcrate"; + version = "0.1.0"; + authors = [ "Test <test@example.com>" ]; + } // args; + in buildRustCrate p; - mkFile = destination: text: writeTextFile { - name = "src"; - destination = "/${destination}"; - inherit text; + mkFile = destination: text: writeTextFile { + name = "src"; + destination = "/${destination}"; + inherit text; }; mkBin = name: mkFile name '' @@ -92,7 +92,17 @@ let cases = { libPath = { libPath = "src/my_lib.rs"; src = mkLib "src/my_lib.rs"; }; srcLib = { src = mkLib "src/lib.rs"; }; - customLibName = { libName = "test_lib"; src = mkLib "src/test_lib.rs"; }; + + # This used to be supported by cargo but as of 1.40.0 I can't make it work like that with just cargo anymore. + # This might be a regression or deprecated thing they finally removed… + # customLibName = { libName = "test_lib"; src = mkLib "src/test_lib.rs"; }; + # rustLibTestsCustomLibName = { + # libName = "test_lib"; + # src = mkTestFile "src/test_lib.rs" "foo"; + # buildTests = true; + # expectedTestOutputs = [ "test foo ... ok" ]; + # }; + customLibNameAndLibPath = { libName = "test_lib"; libPath = "src/best-lib.rs"; src = mkLib "src/best-lib.rs"; }; crateBinWithPath = { crateBin = [{ name = "test_binary1"; path = "src/foobar.rs"; }]; src = mkBin "src/foobar.rs"; }; crateBinNoPath1 = { crateBin = [{ name = "my-binary2"; }]; src = mkBin "src/my_binary2.rs"; }; @@ -122,12 +132,6 @@ let buildTests = true; expectedTestOutputs = [ "test baz ... ok" ]; }; - rustLibTestsCustomLibName = { - libName = "test_lib"; - src = mkTestFile "src/test_lib.rs" "foo"; - buildTests = true; - expectedTestOutputs = [ "test foo ... ok" ]; - }; rustLibTestsCustomLibPath = { libPath = "src/test_path.rs"; src = mkTestFile "src/test_path.rs" "bar"; @@ -181,7 +185,41 @@ let "test tests_bar ... ok" ]; }; - + linkAgainstRlibCrate = { + crateName = "foo"; + src = mkFile "src/main.rs" '' + extern crate somerlib; + fn main() {} + ''; + dependencies = [ + (mkCrate { + crateName = "somerlib"; + type = [ "rlib" ]; + src = mkLib "src/lib.rs"; + }) + ]; + }; + # Regression test for https://github.com/NixOS/nixpkgs/issues/74071 + # Whenevever a build.rs file is generating files those should not be overlayed onto the actual source dir + buildRsOutDirOverlay = { + src = symlinkJoin { + name = "buildrs-out-dir-overlay"; + paths = [ + (mkLib "src/lib.rs") + (mkFile "build.rs" '' + use std::env; + use std::ffi::OsString; + use std::fs; + use std::path::Path; + fn main() { + let out_dir = env::var_os("OUT_DIR").expect("OUT_DIR not set"); + let out_file = Path::new(&out_dir).join("lib.rs"); + fs::write(out_file, "invalid rust code!").expect("failed to write lib.rs"); + } + '') + ]; + }; + }; }; brotliCrates = (callPackage ./brotli-crates.nix {}); in lib.mapAttrs (key: value: mkTest (value // lib.optionalAttrs (!value?crateName) { crateName = key; })) cases // { @@ -207,9 +245,12 @@ let test -e ${pkg}/bin/brotli-decompressor && touch $out ''; }; - test = runCommand "run-buildRustCrate-tests" { - nativeBuildInputs = builtins.attrValues tests; - } " - touch $out - "; + test = releaseTools.aggregate { + name = "buildRustCrate-tests"; + meta = { + description = "Test cases for buildRustCrate"; + maintainers = [ lib.maintainers.andir ]; + }; + constituents = builtins.attrValues tests; + }; } diff --git a/nixpkgs/pkgs/build-support/rust/default.nix b/nixpkgs/pkgs/build-support/rust/default.nix index f9cf8f1f0c1..4089436c0e0 100644 --- a/nixpkgs/pkgs/build-support/rust/default.nix +++ b/nixpkgs/pkgs/build-support/rust/default.nix @@ -100,9 +100,9 @@ stdenv.mkDerivation (args // { '' + stdenv.lib.optionalString verifyCargoDeps '' if ! diff source/Cargo.lock $cargoDeps/Cargo.lock ; then echo - echo "ERROR: cargoSha256 is out of date." + echo "ERROR: cargoSha256 is out of date" echo - echo "Cargo.lock is not the same in $cargoDeps." + echo "Cargo.lock is not the same in $cargoDeps" echo echo "To fix the issue:" echo '1. Use "1111111111111111111111111111111111111111111111111111" as the cargoSha256 value' diff --git a/nixpkgs/pkgs/build-support/setup-hooks/make-symlinks-relative.sh b/nixpkgs/pkgs/build-support/setup-hooks/make-symlinks-relative.sh new file mode 100644 index 00000000000..0608d3ca81c --- /dev/null +++ b/nixpkgs/pkgs/build-support/setup-hooks/make-symlinks-relative.sh @@ -0,0 +1,28 @@ +fixupOutputHooks+=(_makeSymlinksRelative) + +# For every symlink in $output that refers to another file in $output +# ensure that the symlink is relative. This removes references to the output +# has from the resulting store paths and thus the NAR files. +_makeSymlinksRelative() { + local symlinkTarget + + if [ -n "${dontRewriteSymlinks-}" ]; then + return 0 + fi + + while IFS= read -r -d $'\0' f; do + symlinkTarget=$(readlink "$f") + if [[ "$symlinkTarget"/ != "$prefix"/* ]]; then + # skip this symlink as it doesn't point to $prefix + continue + fi + + if [ ! -e "$symlinkTarget" ]; then + echo "the symlink $f is broken, it points to $symlinkTarget (which is missing)" + fi + + echo "rewriting symlink $f to be relative to $prefix" + ln -snrf "$symlinkTarget" "$f" + + done < <(find $prefix -type l -print0) +} |