diff options
Diffstat (limited to 'nixpkgs/pkgs/build-support')
27 files changed, 605 insertions, 208 deletions
diff --git a/nixpkgs/pkgs/build-support/alternatives/blas/default.nix b/nixpkgs/pkgs/build-support/alternatives/blas/default.nix index 9e1aacfaf82..5ebbc737e11 100644 --- a/nixpkgs/pkgs/build-support/alternatives/blas/default.nix +++ b/nixpkgs/pkgs/build-support/alternatives/blas/default.nix @@ -70,7 +70,7 @@ stdenv.mkDerivation { exit 1 fi - nm -an "$libblas" | cut -f3 -d' ' > symbols + $NM -an "$libblas" | cut -f3 -d' ' > symbols for symbol in ${toString blasFortranSymbols}; do grep -q "^$symbol_$" symbols || { echo "$symbol" was not found in "$libblas"; exit 1; } done diff --git a/nixpkgs/pkgs/build-support/appimage/default.nix b/nixpkgs/pkgs/build-support/appimage/default.nix index f15ce80d6d9..e6014e35aef 100644 --- a/nixpkgs/pkgs/build-support/appimage/default.nix +++ b/nixpkgs/pkgs/build-support/appimage/default.nix @@ -163,7 +163,6 @@ rec { SDL_mixer SDL2_ttf SDL2_mixer - gstreamer libappindicator-gtk2 libcaca libcanberra diff --git a/nixpkgs/pkgs/build-support/bintools-wrapper/default.nix b/nixpkgs/pkgs/build-support/bintools-wrapper/default.nix index 786f0f9c598..1aab26532a4 100644 --- a/nixpkgs/pkgs/build-support/bintools-wrapper/default.nix +++ b/nixpkgs/pkgs/build-support/bintools-wrapper/default.nix @@ -311,7 +311,7 @@ stdenv.mkDerivation { substituteAll ${./add-flags.sh} $out/nix-support/add-flags.sh substituteAll ${./add-hardening.sh} $out/nix-support/add-hardening.sh - substituteAll ${../wrapper-common/utils.bash} $out/nix-support/utils.bash + substituteAll ${if stdenv.isDarwin then ../wrapper-common/utils.bash.darwin else ../wrapper-common/utils.bash} $out/nix-support/utils.bash '' ## diff --git a/nixpkgs/pkgs/build-support/build-bazel-package/default.nix b/nixpkgs/pkgs/build-support/build-bazel-package/default.nix index bbcbc4e2e11..4d22a329e41 100644 --- a/nixpkgs/pkgs/build-support/build-bazel-package/default.nix +++ b/nixpkgs/pkgs/build-support/build-bazel-package/default.nix @@ -37,6 +37,12 @@ args@{ # Debian-specific /usr/share/java paths, but doesn't in the configured build). , fetchConfigured ? false +# Donβt add Bazel --copt and --linkopt from NIX_CFLAGS_COMPILE / +# NIX_LDFLAGS. This is necessary when using a custom toolchain which +# Bazel wants all headers / libraries to come from, like when using +# CROSSTOOL. Weirdly, we can still get the flags through the wrapped +# compiler. +, dontAddBazelOpts ? false , ... }: @@ -170,6 +176,8 @@ in stdenv.mkDerivation (fBuildAttrs // { done '' + fBuildAttrs.preConfigure or ""; + inherit dontAddBazelOpts; + buildPhase = fBuildAttrs.buildPhase or '' runHook preBuild @@ -181,20 +189,22 @@ in stdenv.mkDerivation (fBuildAttrs // { # copts=() host_copts=() - for flag in $NIX_CFLAGS_COMPILE; do - copts+=( "--copt=$flag" ) - host_copts+=( "--host_copt=$flag" ) - done - for flag in $NIX_CXXSTDLIB_COMPILE; do - copts+=( "--copt=$flag" ) - host_copts+=( "--host_copt=$flag" ) - done linkopts=() host_linkopts=() - for flag in $NIX_LDFLAGS; do - linkopts+=( "--linkopt=-Wl,$flag" ) - host_linkopts+=( "--host_linkopt=-Wl,$flag" ) - done + if [ -z "''${dontAddBazelOpts:-}" ]; then + for flag in $NIX_CFLAGS_COMPILE; do + copts+=( "--copt=$flag" ) + host_copts+=( "--host_copt=$flag" ) + done + for flag in $NIX_CXXSTDLIB_COMPILE; do + copts+=( "--copt=$flag" ) + host_copts+=( "--host_copt=$flag" ) + done + for flag in $NIX_LDFLAGS; do + linkopts+=( "--linkopt=-Wl,$flag" ) + host_linkopts+=( "--host_linkopt=-Wl,$flag" ) + done + fi BAZEL_USE_CPP_ONLY_TOOLCHAIN=1 \ USER=homeless-shelter \ diff --git a/nixpkgs/pkgs/build-support/build-fhs-userenv-bubblewrap/default.nix b/nixpkgs/pkgs/build-support/build-fhs-userenv-bubblewrap/default.nix new file mode 100644 index 00000000000..c7cfd27d3fa --- /dev/null +++ b/nixpkgs/pkgs/build-support/build-fhs-userenv-bubblewrap/default.nix @@ -0,0 +1,123 @@ +{ callPackage, runCommandLocal, writeShellScriptBin, stdenv, coreutils, bubblewrap }: + +let buildFHSEnv = callPackage ./env.nix { }; in + +args @ { + name, + runScript ? "bash", + extraInstallCommands ? "", + meta ? {}, + passthru ? {}, + ... +}: + +with builtins; +let + env = buildFHSEnv (removeAttrs args [ + "runScript" "extraInstallCommands" "meta" "passthru" + ]); + + chrootenv = callPackage ./chrootenv {}; + + etcBindFlags = let + files = [ + # NixOS Compatibility + "static" + # Users, Groups, NSS + "passwd" + "group" + "shadow" + "hosts" + "resolv.conf" + "nsswitch.conf" + # Sudo & Su + "login.defs" + "sudoers" + "sudoers.d" + # Time + "localtime" + "zoneinfo" + # Other Core Stuff + "machine-id" + "os-release" + # PAM + "pam.d" + # Fonts + "fonts" + # ALSA + "asound.conf" + # SSL + "ssl/certs" + "pki" + ]; + in concatStringsSep " \\\n " + (map (file: "--ro-bind-try /etc/${file} /etc/${file}") files); + + init = run: writeShellScriptBin "${name}-init" '' + source /etc/profile + exec ${run} "$@" + ''; + + bwrapCmd = { initArgs ? "" }: '' + blacklist="/nix /dev /proc /etc" + ro_mounts="" + for i in ${env}/*; do + path="/''${i##*/}" + if [[ $path == '/etc' ]]; then + continue + fi + ro_mounts="$ro_mounts --ro-bind $i $path" + blacklist="$blacklist $path" + done + + if [[ -d ${env}/etc ]]; then + for i in ${env}/etc/*; do + path="/''${i##*/}" + ro_mounts="$ro_mounts --ro-bind $i /etc$path" + done + fi + + auto_mounts="" + # loop through all directories in the root + for dir in /*; do + # if it is a directory and it is not in the blacklist + if [[ -d "$dir" ]] && grep -v "$dir" <<< "$blacklist" >/dev/null; then + # add it to the mount list + auto_mounts="$auto_mounts --bind $dir $dir" + fi + done + + exec ${bubblewrap}/bin/bwrap \ + --dev-bind /dev /dev \ + --proc /proc \ + --chdir "$(pwd)" \ + --unshare-all \ + --share-net \ + --die-with-parent \ + --ro-bind /nix /nix \ + ${etcBindFlags} \ + $ro_mounts \ + $auto_mounts \ + ${init runScript}/bin/${name}-init ${initArgs} + ''; + + bin = writeShellScriptBin name (bwrapCmd { initArgs = ''"$@"''; }); + +in runCommandLocal name { + inherit meta; + + passthru = passthru // { + env = runCommandLocal "${name}-shell-env" { + shellHook = bwrapCmd {}; + } '' + echo >&2 "" + echo >&2 "*** User chroot 'env' attributes are intended for interactive nix-shell sessions, not for building! ***" + echo >&2 "" + exit 1 + ''; + }; +} '' + mkdir -p $out/bin + ln -s ${bin}/bin/${name} $out/bin/${name} + ${extraInstallCommands} +'' diff --git a/nixpkgs/pkgs/build-support/build-fhs-userenv-bubblewrap/env.nix b/nixpkgs/pkgs/build-support/build-fhs-userenv-bubblewrap/env.nix new file mode 100644 index 00000000000..8b2d46c4ae9 --- /dev/null +++ b/nixpkgs/pkgs/build-support/build-fhs-userenv-bubblewrap/env.nix @@ -0,0 +1,167 @@ +{ stdenv, buildEnv, writeText, pkgs, pkgsi686Linux }: + +{ name, profile ? "" +, targetPkgs ? pkgs: [], multiPkgs ? pkgs: [] +, extraBuildCommands ? "", extraBuildCommandsMulti ? "" +, extraOutputsToInstall ? [] +}: + +# HOWTO: +# All packages (most likely programs) returned from targetPkgs will only be +# installed once--matching the host's architecture (64bit on x86_64 and 32bit on +# x86). +# +# Packages (most likely libraries) returned from multiPkgs are installed +# once on x86 systems and twice on x86_64 systems. +# On x86 they are merged with packages from targetPkgs. +# On x86_64 they are added to targetPkgs and in addition their 32bit +# versions are also installed. The final directory structure looks as +# follows: +# /lib32 will include 32bit libraries from multiPkgs +# /lib64 will include 64bit libraries from multiPkgs and targetPkgs +# /lib will link to /lib32 + +let + is64Bit = stdenv.hostPlatform.parsed.cpu.bits == 64; + isMultiBuild = multiPkgs != null && is64Bit; + isTargetBuild = !isMultiBuild; + + # list of packages (usually programs) which are only be installed for the + # host's architecture + targetPaths = targetPkgs pkgs ++ (if multiPkgs == null then [] else multiPkgs pkgs); + + # list of packages which are installed for both x86 and x86_64 on x86_64 + # systems + multiPaths = multiPkgs pkgsi686Linux; + + # base packages of the chroot + # these match the host's architecture, glibc_multi is used for multilib + # builds. glibcLocales must be before glibc or glibc_multi as otherwiese + # the wrong LOCALE_ARCHIVE will be used where only C.UTF-8 is available. + basePkgs = with pkgs; + [ glibcLocales + (if isMultiBuild then glibc_multi else glibc) + (toString gcc.cc.lib) bashInteractive coreutils less shadow su + gawk diffutils findutils gnused gnugrep + gnutar gzip bzip2 xz + ]; + baseMultiPkgs = with pkgsi686Linux; + [ (toString gcc.cc.lib) + ]; + + etcProfile = writeText "profile" '' + export PS1='${name}-chrootenv:\u@\h:\w\$ ' + export LOCALE_ARCHIVE='/usr/lib/locale/locale-archive' + export LD_LIBRARY_PATH="/run/opengl-driver/lib:/run/opengl-driver-32/lib:/usr/lib:/usr/lib32''${LD_LIBRARY_PATH:+:}$LD_LIBRARY_PATH" + export PATH="/run/wrappers/bin:/usr/bin:/usr/sbin:$PATH" + export TZDIR='/etc/zoneinfo' + + # Force compilers and other tools to look in default search paths + unset NIX_ENFORCE_PURITY + export NIX_CC_WRAPPER_TARGET_HOST_${stdenv.cc.suffixSalt}=1 + export NIX_CFLAGS_COMPILE='-idirafter /usr/include' + export NIX_CFLAGS_LINK='-L/usr/lib -L/usr/lib32' + export NIX_LDFLAGS='-L/usr/lib -L/usr/lib32' + export PKG_CONFIG_PATH=/usr/lib/pkgconfig + export ACLOCAL_PATH=/usr/share/aclocal + + ${profile} + ''; + + # Compose /etc for the chroot environment + etcPkg = stdenv.mkDerivation { + name = "${name}-chrootenv-etc"; + buildCommand = '' + mkdir -p $out/etc + cd $out/etc + + # environment variables + ln -s ${etcProfile} profile + + # symlink /etc/mtab -> /proc/mounts (compat for old userspace progs) + ln -s /proc/mounts mtab + ''; + }; + + # Composes a /usr-like directory structure + staticUsrProfileTarget = buildEnv { + name = "${name}-usr-target"; + paths = [ etcPkg ] ++ basePkgs ++ targetPaths; + extraOutputsToInstall = [ "out" "lib" "bin" ] ++ extraOutputsToInstall; + ignoreCollisions = true; + }; + + staticUsrProfileMulti = buildEnv { + name = "${name}-usr-multi"; + paths = baseMultiPkgs ++ multiPaths; + extraOutputsToInstall = [ "out" "lib" ] ++ extraOutputsToInstall; + ignoreCollisions = true; + }; + + # setup library paths only for the targeted architecture + setupLibDirsTarget = '' + # link content of targetPaths + cp -rsHf ${staticUsrProfileTarget}/lib lib + ln -s lib lib${if is64Bit then "64" else "32"} + ''; + + # setup /lib, /lib32 and /lib64 + setupLibDirsMulti = '' + mkdir -m0755 lib32 + mkdir -m0755 lib64 + ln -s lib64 lib + + # copy glibc stuff + cp -rsHf ${staticUsrProfileTarget}/lib/32/* lib32/ && chmod u+w -R lib32/ + + # copy content of multiPaths (32bit libs) + [ -d ${staticUsrProfileMulti}/lib ] && cp -rsHf ${staticUsrProfileMulti}/lib/* lib32/ && chmod u+w -R lib32/ + + # copy content of targetPaths (64bit libs) + cp -rsHf ${staticUsrProfileTarget}/lib/* lib64/ && chmod u+w -R lib64/ + + # symlink 32-bit ld-linux.so + ln -Ls ${staticUsrProfileTarget}/lib/32/ld-linux.so.2 lib/ + ''; + + setupLibDirs = if isTargetBuild then setupLibDirsTarget + else setupLibDirsMulti; + + # the target profile is the actual profile that will be used for the chroot + setupTargetProfile = '' + mkdir -m0755 usr + cd usr + ${setupLibDirs} + for i in bin sbin share include; do + if [ -d "${staticUsrProfileTarget}/$i" ]; then + cp -rsHf "${staticUsrProfileTarget}/$i" "$i" + fi + done + cd .. + + for i in var etc; do + if [ -d "${staticUsrProfileTarget}/$i" ]; then + cp -rsHf "${staticUsrProfileTarget}/$i" "$i" + fi + done + for i in usr/{bin,sbin,lib,lib32,lib64}; do + if [ -d "$i" ]; then + ln -s "$i" + fi + done + ''; + +in stdenv.mkDerivation { + name = "${name}-fhs"; + buildCommand = '' + mkdir -p $out + cd $out + ${setupTargetProfile} + cd $out + ${extraBuildCommands} + cd $out + ${if isMultiBuild then extraBuildCommandsMulti else ""} + ''; + preferLocalBuild = true; + allowSubstitutes = false; +} diff --git a/nixpkgs/pkgs/build-support/cc-wrapper/default.nix b/nixpkgs/pkgs/build-support/cc-wrapper/default.nix index c2a06219f1d..30d3db1866c 100644 --- a/nixpkgs/pkgs/build-support/cc-wrapper/default.nix +++ b/nixpkgs/pkgs/build-support/cc-wrapper/default.nix @@ -8,6 +8,7 @@ { name ? "" , stdenvNoCC , cc ? null, libc ? null, bintools, coreutils ? null, shell ? stdenvNoCC.shell +, gccForLibs ? null , zlib ? null , nativeTools, noLibc ? false, nativeLibc, nativePrefix ? "" , propagateDoc ? cc != null && cc ? man @@ -60,21 +61,35 @@ let then import ../expand-response-params { inherit (buildPackages) stdenv; } else ""; + useGccForLibs = isClang + && libcxx == null + && !(stdenv.targetPlatform.useLLVM or false) + && !(stdenv.targetPlatform.useAndroidPrebuilt or false) + && gccForLibs != null; + # older compilers (for example bootstrap's GCC 5) fail with -march=too-modern-cpu isGccArchSupported = arch: if isGNU then - { skylake = versionAtLeast ccVersion "6.0"; + { # Intel + skylake = versionAtLeast ccVersion "6.0"; skylake-avx512 = versionAtLeast ccVersion "6.0"; cannonlake = versionAtLeast ccVersion "8.0"; icelake-client = versionAtLeast ccVersion "8.0"; icelake-server = versionAtLeast ccVersion "8.0"; knm = versionAtLeast ccVersion "8.0"; + # AMD + znver1 = versionAtLeast ccVersion "6.0"; + znver2 = versionAtLeast ccVersion "9.0"; }.${arch} or true else if isClang then - { cannonlake = versionAtLeast ccVersion "5.0"; + { # Intel + cannonlake = versionAtLeast ccVersion "5.0"; icelake-client = versionAtLeast ccVersion "7.0"; icelake-server = versionAtLeast ccVersion "7.0"; knm = versionAtLeast ccVersion "7.0"; + # AMD + znver1 = versionAtLeast ccVersion "4.0"; + znver2 = versionAtLeast ccVersion "9.0"; }.${arch} or true else false; @@ -208,6 +223,7 @@ stdenv.mkDerivation { wrap ${targetPrefix}gfortran $wrapper $ccPath/${targetPrefix}gfortran ln -sv ${targetPrefix}gfortran $out/bin/${targetPrefix}g77 ln -sv ${targetPrefix}gfortran $out/bin/${targetPrefix}f77 + export named_fc=${targetPrefix}gfortran '' + optionalString cc.langJava or false '' @@ -226,8 +242,8 @@ stdenv.mkDerivation { setupHooks = [ ../setup-hooks/role.bash - ./setup-hook.sh - ]; + ] ++ stdenv.lib.optional (cc.langC or true) ./setup-hook.sh + ++ stdenv.lib.optional (cc.langFortran or false) ./fortran-hook.sh; postFixup = # Ensure flags files exists, as some other programs cat them. (That these @@ -262,11 +278,11 @@ stdenv.mkDerivation { ## ## GCC libs for non-GCC support ## - + optionalString (isClang && libcxx == null && cc ? gcc) '' + + optionalString useGccForLibs '' - echo "-B${cc.gcc}/lib/gcc/${targetPlatform.config}/${cc.gcc.version}" >> $out/nix-support/cc-cflags - echo "-L${cc.gcc}/lib/gcc/${targetPlatform.config}/${cc.gcc.version}" >> $out/nix-support/cc-ldflags - echo "-L${cc.gcc.lib}/${targetPlatform.config}/lib" >> $out/nix-support/cc-ldflags + echo "-B${gccForLibs}/lib/gcc/${targetPlatform.config}/${gccForLibs.version}" >> $out/nix-support/cc-cflags + echo "-L${gccForLibs}/lib/gcc/${targetPlatform.config}/${gccForLibs.version}" >> $out/nix-support/cc-ldflags + echo "-L${gccForLibs.lib}/${targetPlatform.config}/lib" >> $out/nix-support/cc-ldflags '' ## @@ -306,14 +322,15 @@ stdenv.mkDerivation { # We have a libc++ directly, we have one via "smuggled" GCC, or we have one # bundled with the C compiler because it is GCC - + optionalString (libcxx != null || cc.gcc.langCC or false || (isGNU && cc.langCC or false)) '' + + optionalString (libcxx != null || (useGccForLibs && gccForLibs.langCC or false) || (isGNU && cc.langCC or false)) '' touch "$out/nix-support/libcxx-cxxflags" touch "$out/nix-support/libcxx-ldflags" - '' + optionalString (libcxx == null && cc ? gcc) '' - for dir in ${cc.gcc}/include/c++/*; do + '' + + optionalString (libcxx == null && (useGccForLibs && gccForLibs.langCC or false)) '' + for dir in ${gccForLibs}/include/c++/*; do echo "-isystem $dir" >> $out/nix-support/libcxx-cxxflags done - for dir in ${cc.gcc}/include/c++/*/${targetPlatform.config}; do + for dir in ${gccForLibs}/include/c++/*/${targetPlatform.config}; do echo "-isystem $dir" >> $out/nix-support/libcxx-cxxflags done '' @@ -442,7 +459,7 @@ stdenv.mkDerivation { substituteAll ${./add-flags.sh} $out/nix-support/add-flags.sh substituteAll ${./add-hardening.sh} $out/nix-support/add-hardening.sh - substituteAll ${../wrapper-common/utils.bash} $out/nix-support/utils.bash + substituteAll ${if stdenv.isDarwin then ../wrapper-common/utils.bash.darwin else ../wrapper-common/utils.bash} $out/nix-support/utils.bash '' ## diff --git a/nixpkgs/pkgs/build-support/cc-wrapper/fortran-hook.sh b/nixpkgs/pkgs/build-support/cc-wrapper/fortran-hook.sh new file mode 100644 index 00000000000..d72f314c01c --- /dev/null +++ b/nixpkgs/pkgs/build-support/cc-wrapper/fortran-hook.sh @@ -0,0 +1,11 @@ +getTargetRole +getTargetRoleWrapper + +export FC${role_post}=@named_fc@ + +# If unset, assume the default hardening flags. +# These are different for fortran. +: ${NIX_HARDENING_ENABLE="stackprotector pic strictoverflow relro bindnow"} +export NIX_HARDENING_ENABLE + +unset -v role_post diff --git a/nixpkgs/pkgs/build-support/docker/default.nix b/nixpkgs/pkgs/build-support/docker/default.nix index bf815af6f7c..b2c132afd74 100644 --- a/nixpkgs/pkgs/build-support/docker/default.nix +++ b/nixpkgs/pkgs/build-support/docker/default.nix @@ -718,28 +718,41 @@ rec { architecture = buildPackages.go.GOARCH; os = "linux"; }); - customisationLayer = runCommand "${name}-customisation-layer" { inherit extraCommands; } '' - cp -r ${contentsEnv}/ $out - if [[ -n $extraCommands ]]; then - chmod u+w $out - (cd $out; eval "$extraCommands") - fi - ''; - contentsEnv = symlinkJoin { - name = "${name}-bulk-layers"; - paths = if builtins.isList contents - then contents - else [ contents ]; + contentsList = if builtins.isList contents then contents else [ contents ]; + + # We store the customisation layer as a tarball, to make sure that + # things like permissions set on 'extraCommands' are not overriden + # by Nix. Then we precompute the sha256 for performance. + customisationLayer = symlinkJoin { + name = "${name}-customisation-layer"; + paths = contentsList; + inherit extraCommands; + postBuild = '' + mv $out old_out + (cd old_out; eval "$extraCommands" ) + + mkdir $out + + tar \ + --owner 0 --group 0 --mtime "@$SOURCE_DATE_EPOCH" \ + --hard-dereference \ + -C old_out \ + -cf $out/layer.tar . + + sha256sum $out/layer.tar \ + | cut -f 1 -d ' ' \ + > $out/checksum + ''; }; - # NOTE: the `closures` parameter is a list of closures to include. - # The TOP LEVEL store paths themselves will never be present in the - # resulting image. At this time (2020-06-18) none of these layers - # are appropriate to include, as they are all created as - # implementation details of dockerTools. - closures = [ baseJson contentsEnv ]; - overallClosure = writeText "closure" (lib.concatStringsSep " " closures); + closureRoots = [ baseJson ] ++ contentsList; + overallClosure = writeText "closure" (lib.concatStringsSep " " closureRoots); + + # These derivations are only created as implementation details of docker-tools, + # so they'll be excluded from the created images. + unnecessaryDrvs = [ baseJson overallClosure ]; + conf = runCommand "${name}-conf.json" { inherit maxLayers created; imageName = lib.toLower name; @@ -751,9 +764,6 @@ rec { paths = referencesByPopularity overallClosure; buildInputs = [ jq ]; } '' - paths() { - cat $paths ${lib.concatMapStringsSep " " (path: "| (grep -v ${path} || true)") (closures ++ [ overallClosure ])} - } ${if (tag == null) then '' outName="$(basename "$out")" outHash=$(echo "$outName" | cut -d - -f 1) @@ -768,6 +778,12 @@ rec { created="$(date -Iseconds -d "$created")" fi + paths() { + cat $paths ${lib.concatMapStringsSep " " + (path: "| (grep -v ${path} || true)") + unnecessaryDrvs} + } + # Create $maxLayers worth of Docker Layers, one layer per store path # unless there are more paths than $maxLayers. In that case, create # $maxLayers-1 for the most popular layers, and smush the remainaing diff --git a/nixpkgs/pkgs/build-support/docker/examples.nix b/nixpkgs/pkgs/build-support/docker/examples.nix index bc107471762..4a611add8a1 100644 --- a/nixpkgs/pkgs/build-support/docker/examples.nix +++ b/nixpkgs/pkgs/build-support/docker/examples.nix @@ -298,21 +298,10 @@ rec { name = "no-store-paths"; tag = "latest"; extraCommands = '' - chmod a+w bin - # This removes sharing of busybox and is not recommended. We do this # to make the example suitable as a test case with working binaries. cp -r ${pkgs.pkgsStatic.busybox}/* . ''; - contents = [ - # This layer has no dependencies and its symlinks will be dereferenced - # when creating the customization layer. - (pkgs.runCommand "layer-to-flatten" {} '' - mkdir -p $out/bin - ln -s /bin/true $out/bin/custom-true - '' - ) - ]; }; nixLayered = pkgs.dockerTools.buildLayeredImageWithNixDb { @@ -415,7 +404,7 @@ rec { pkgs.dockerTools.buildLayeredImage { name = "bash-layered-with-user"; tag = "latest"; - contents = [ pkgs.bash pkgs.coreutils (nonRootShadowSetup { uid = 999; user = "somebody"; }) ]; + contents = [ pkgs.bash pkgs.coreutils ] ++ nonRootShadowSetup { uid = 999; user = "somebody"; }; }; } diff --git a/nixpkgs/pkgs/build-support/docker/stream_layered_image.py b/nixpkgs/pkgs/build-support/docker/stream_layered_image.py index ffb6ba0ade4..cbae0f723f9 100644 --- a/nixpkgs/pkgs/build-support/docker/stream_layered_image.py +++ b/nixpkgs/pkgs/build-support/docker/stream_layered_image.py @@ -33,7 +33,6 @@ function does all this. import io import os -import re import sys import json import hashlib @@ -45,21 +44,14 @@ from datetime import datetime, timezone from collections import namedtuple -def archive_paths_to(obj, paths, mtime, add_nix, filter=None): +def archive_paths_to(obj, paths, mtime): """ Writes the given store paths as a tar file to the given stream. obj: Stream to write to. Should have a 'write' method. paths: List of store paths. - add_nix: Whether /nix and /nix/store directories should be - prepended to the archive. - filter: An optional transformation to be applied to TarInfo - objects. Should take a single TarInfo object and return - another one. Defaults to identity. """ - filter = filter if filter else lambda i: i - # gettarinfo makes the paths relative, this makes them # absolute again def append_root(ti): @@ -72,7 +64,7 @@ def archive_paths_to(obj, paths, mtime, add_nix, filter=None): ti.gid = 0 ti.uname = "root" ti.gname = "root" - return filter(ti) + return ti def nix_root(ti): ti.mode = 0o0555 # r-xr-xr-x @@ -85,11 +77,9 @@ def archive_paths_to(obj, paths, mtime, add_nix, filter=None): with tarfile.open(fileobj=obj, mode="w|") as tar: # To be consistent with the docker utilities, we need to have - # these directories first when building layer tarballs. But - # we don't need them on the customisation layer. - if add_nix: - tar.addfile(apply_filters(nix_root(dir("/nix")))) - tar.addfile(apply_filters(nix_root(dir("/nix/store")))) + # these directories first when building layer tarballs. + tar.addfile(apply_filters(nix_root(dir("/nix")))) + tar.addfile(apply_filters(nix_root(dir("/nix/store")))) for path in paths: path = pathlib.Path(path) @@ -136,7 +126,7 @@ class ExtractChecksum: LayerInfo = namedtuple("LayerInfo", ["size", "checksum", "path", "paths"]) -def add_layer_dir(tar, paths, mtime, add_nix=True, filter=None): +def add_layer_dir(tar, paths, mtime): """ Appends given store paths to a TarFile object as a new layer. @@ -144,11 +134,6 @@ def add_layer_dir(tar, paths, mtime, add_nix=True, filter=None): paths: List of store paths. mtime: 'mtime' of the added files and the layer tarball. Should be an integer representing a POSIX time. - add_nix: Whether /nix and /nix/store directories should be - added to a layer. - filter: An optional transformation to be applied to TarInfo - objects inside the layer. Should take a single TarInfo - object and return another one. Defaults to identity. Returns: A 'LayerInfo' object containing some metadata of the layer added. @@ -164,8 +149,6 @@ def add_layer_dir(tar, paths, mtime, add_nix=True, filter=None): extract_checksum, paths, mtime=mtime, - add_nix=add_nix, - filter=filter ) (checksum, size) = extract_checksum.extract() @@ -182,8 +165,6 @@ def add_layer_dir(tar, paths, mtime, add_nix=True, filter=None): write, paths, mtime=mtime, - add_nix=add_nix, - filter=filter ) write.close() @@ -199,29 +180,38 @@ def add_layer_dir(tar, paths, mtime, add_nix=True, filter=None): return LayerInfo(size=size, checksum=checksum, path=path, paths=paths) -def add_customisation_layer(tar, path, mtime): +def add_customisation_layer(target_tar, customisation_layer, mtime): """ - Adds the contents of the store path as a new layer. This is different - than the 'add_layer_dir' function defaults in the sense that the contents - of a single store path will be added to the root of the layer. eg (without - the /nix/store prefix). + Adds the customisation layer as a new layer. This is layer is structured + differently; given store path has the 'layer.tar' and corresponding + sha256sum ready. tar: 'tarfile.TarFile' object for the new layer to be added to. - path: A store path. - mtime: 'mtime' of the added files and the layer tarball. Should be an - integer representing a POSIX time. + customisation_layer: Path containing the layer archive. + mtime: 'mtime' of the added layer tarball. """ - def filter(ti): - ti.name = re.sub("^/nix/store/[^/]*", "", ti.name) - return ti - return add_layer_dir( - tar, - [path], - mtime=mtime, - add_nix=False, - filter=filter - ) + checksum_path = os.path.join(customisation_layer, "checksum") + with open(checksum_path) as f: + checksum = f.read().strip() + assert len(checksum) == 64, f"Invalid sha256 at ${checksum_path}." + + layer_path = os.path.join(customisation_layer, "layer.tar") + + path = f"{checksum}/layer.tar" + tarinfo = target_tar.gettarinfo(layer_path) + tarinfo.name = path + tarinfo.mtime = mtime + + with open(layer_path, "rb") as f: + target_tar.addfile(tarinfo, f) + + return LayerInfo( + size=None, + checksum=checksum, + path=path, + paths=[customisation_layer] + ) def add_bytes(tar, path, content, mtime): diff --git a/nixpkgs/pkgs/build-support/fetchgitlab/default.nix b/nixpkgs/pkgs/build-support/fetchgitlab/default.nix index f1850fbaa1e..77512510a7c 100644 --- a/nixpkgs/pkgs/build-support/fetchgitlab/default.nix +++ b/nixpkgs/pkgs/build-support/fetchgitlab/default.nix @@ -12,7 +12,7 @@ let ((optional (group != null) group) ++ [ owner repo ]); escapedSlug = replaceStrings ["." "/"] ["%2E" "%2F"] slug; - escapedRev = replaceStrings ["+"] ["%2B"] rev; + escapedRev = replaceStrings ["+" "%" "/"] ["%2B" "%25" "%2F"] rev; in fetchzip ({ diff --git a/nixpkgs/pkgs/build-support/fetchrepoproject/default.nix b/nixpkgs/pkgs/build-support/fetchrepoproject/default.nix index f8793dbac95..8144ed038bd 100644 --- a/nixpkgs/pkgs/build-support/fetchrepoproject/default.nix +++ b/nixpkgs/pkgs/build-support/fetchrepoproject/default.nix @@ -2,7 +2,7 @@ { name, manifest, rev ? "HEAD", sha256 # Optional parameters: -, repoRepoURL ? "", repoRepoRev ? "", referenceDir ? "" +, repoRepoURL ? "", repoRepoRev ? "", referenceDir ? "", manifestName ? "" , localManifests ? [], createMirror ? false, useArchive ? false }: @@ -16,6 +16,7 @@ let (optionalString (repoRepoURL != "") "--repo-url=${repoRepoURL}") (optionalString (repoRepoRev != "") "--repo-branch=${repoRepoRev}") (optionalString (referenceDir != "") "--reference=${referenceDir}") + (optionalString (manifestName != "") "--manifest-name=${manifestName}") ]; repoInitFlags = [ diff --git a/nixpkgs/pkgs/build-support/kernel/modules-closure.sh b/nixpkgs/pkgs/build-support/kernel/modules-closure.sh index 220f3b00a77..3f895d9cfed 100644 --- a/nixpkgs/pkgs/build-support/kernel/modules-closure.sh +++ b/nixpkgs/pkgs/build-support/kernel/modules-closure.sh @@ -19,37 +19,66 @@ version=$(cd $kernel/lib/modules && ls -d *) echo "kernel version is $version" # Determine the dependencies of each root module. -closure= +mkdir -p $out/lib/modules/"$version" +touch closure for module in $rootModules; do echo "root module: $module" - deps=$(modprobe --config no-config -d $kernel --set-version "$version" --show-depends "$module" \ - | sed 's/^insmod //') \ - || if test -z "$allowMissing"; then exit 1; fi - if [[ "$deps" != builtin* ]]; then - closure="$closure $deps" + modprobe --config no-config -d $kernel --set-version "$version" --show-depends "$module" \ + | while read cmd module args; do + case "$cmd" in + builtin) + touch found + echo "$module" >>closure + echo " builtin dependency: $module";; + insmod) + touch found + if ! test -e "$module"; then + echo " dependency not found: $module" + exit 1 + fi + target=$(echo "$module" | sed "s^$NIX_STORE.*/lib/modules/^$out/lib/modules/^") + if test -e "$target"; then + echo " dependency already copied: $module" + continue + fi + echo "$module" >>closure + echo " copying dependency: $module" + mkdir -p $(dirname $target) + cp "$module" "$target" + # If the kernel is compiled with coverage instrumentation, it + # contains the paths of the *.gcda coverage data output files + # (which it doesn't actually use...). Get rid of them to prevent + # the whole kernel from being included in the initrd. + nuke-refs "$target" + echo "$target" >> $out/insmod-list;; + *) + echo " unexpected modprobe output: $cmd $module" + exit 1;; + esac + done || test -n "$allowMissing" + if ! test -e found; then + echo " not found" + if test -z "$allowMissing"; then + exit 1 + fi + else + rm found fi done -echo "closure:" -mkdir -p $out/lib/modules/"$version" -for module in $closure; do - target=$(echo $module | sed "s^$NIX_STORE.*/lib/modules/^$out/lib/modules/^") - if test -e "$target"; then continue; fi - if test \! -e "$module"; then continue; fi # XXX: to avoid error with "cp builtin builtin" - mkdir -p $(dirname $target) - echo $module - cp $module $target - # If the kernel is compiled with coverage instrumentation, it - # contains the paths of the *.gcda coverage data output files - # (which it doesn't actually use...). Get rid of them to prevent - # the whole kernel from being included in the initrd. - nuke-refs $target - echo $target >> $out/insmod-list -done - mkdir -p $out/lib/firmware -for module in $closure; do - for i in $(modinfo -F firmware $module); do +for module in $(cat closure); do + # for builtin modules, modinfo will reply with a wrong output looking like: + # $ modinfo -F firmware unix + # name: unix + # + # There is a pending attempt to fix this: + # https://github.com/NixOS/nixpkgs/pull/96153 + # https://lore.kernel.org/linux-modules/20200823215433.j5gc5rnsmahpf43v@blumerang/T/#u + # + # For now, the workaround is just to filter out the extraneous lines out + # of its output. + for i in $(modinfo -b $kernel --set-version "$version" -F firmware $module | grep -v '^name:'); do mkdir -p "$out/lib/firmware/$(dirname "$i")" echo "firmware for $module: $i" cp "$firmware/lib/firmware/$i" "$out/lib/firmware/$i" 2>/dev/null || if test -z "$allowMissing"; then exit 1; fi diff --git a/nixpkgs/pkgs/build-support/pkg-config-wrapper/default.nix b/nixpkgs/pkgs/build-support/pkg-config-wrapper/default.nix index e01df107dd1..b1b9325ea6e 100644 --- a/nixpkgs/pkgs/build-support/pkg-config-wrapper/default.nix +++ b/nixpkgs/pkgs/build-support/pkg-config-wrapper/default.nix @@ -107,7 +107,7 @@ stdenv.mkDerivation { + '' substituteAll ${./add-flags.sh} $out/nix-support/add-flags.sh - substituteAll ${../wrapper-common/utils.bash} $out/nix-support/utils.bash + substituteAll ${if stdenv.isDarwin then ../wrapper-common/utils.bash.darwin else ../wrapper-common/utils.bash} $out/nix-support/utils.bash '' ## diff --git a/nixpkgs/pkgs/build-support/release/default.nix b/nixpkgs/pkgs/build-support/release/default.nix index 6b9aa9a8c4a..6aaa0338f0c 100644 --- a/nixpkgs/pkgs/build-support/release/default.nix +++ b/nixpkgs/pkgs/build-support/release/default.nix @@ -41,10 +41,6 @@ rec { doCoverityAnalysis = true; } // args); - gcovReport = args: import ./gcov-report.nix ( - { inherit runCommand lcov rsync; - } // args); - rpmBuild = args: import ./rpm-build.nix ( { inherit vmTools; } // args); diff --git a/nixpkgs/pkgs/build-support/release/gcov-report.nix b/nixpkgs/pkgs/build-support/release/gcov-report.nix deleted file mode 100644 index 8ce5c0488a7..00000000000 --- a/nixpkgs/pkgs/build-support/release/gcov-report.nix +++ /dev/null @@ -1,49 +0,0 @@ -{ runCommand, lcov, rsync, coverageRuns, lcovFilter ? [ "/nix/store/*" ], baseDirHack ? false }: - -runCommand "coverage" - { buildInputs = [ lcov rsync ]; - inherit lcovFilter baseDirHack; - } - '' - mkdir -p $TMPDIR/gcov $out/nix-support $out/coverage - info=$out/coverage/full.info - - for p in ${toString coverageRuns}; do - if [ -f $p/nix-support/hydra-build-products ]; then - cat $p/nix-support/hydra-build-products >> $out/nix-support/hydra-build-products - fi - - [ ! -e $p/nix-support/failed ] || touch $out/nix-support/failed - - opts= - for d in $p/coverage-data/*; do - for i in $(cd $d/nix/store && ls); do - if ! [ -e /nix/store/$i/.build ]; then continue; fi - if [ -e $TMPDIR/gcov/nix/store/$i ]; then continue; fi - echo "copying $i..." - rsync -a /nix/store/$i/.build/* $TMPDIR/gcov/ - if [ -n "$baseDirHack" ]; then - opts="-b $TMPDIR/gcov/$(cd /nix/store/$i/.build && ls)" - fi - done - - for i in $(cd $d/nix/store && ls); do - rsync -a $d/nix/store/$i/.build/* $TMPDIR/gcov/ --include '*/' --include '*.gcda' --exclude '*' - done - done - - chmod -R u+w $TMPDIR/gcov - - echo "producing info..." - geninfo --ignore-errors source,gcov $TMPDIR/gcov --output-file $TMPDIR/app.info $opts - cat $TMPDIR/app.info >> $info - done - - echo "making report..." - set -o noglob - lcov --remove $info ''$lcovFilter > $info.tmp - set +o noglob - mv $info.tmp $info - genhtml --show-details $info -o $out/coverage - echo "report coverage $out/coverage" >> $out/nix-support/hydra-build-products - '' diff --git a/nixpkgs/pkgs/build-support/rust/build-rust-crate/build-crate.nix b/nixpkgs/pkgs/build-support/rust/build-rust-crate/build-crate.nix index f82effdbca7..142109cef49 100644 --- a/nixpkgs/pkgs/build-support/rust/build-rust-crate/build-crate.nix +++ b/nixpkgs/pkgs/build-support/rust/build-rust-crate/build-crate.nix @@ -38,7 +38,7 @@ build_bin = if buildTests then "build_bin_test" else "build_bin"; in '' runHook preBuild - + # configure & source common build functions LIB_RUSTC_OPTS="${libRustcOpts}" BIN_RUSTC_OPTS="${binRustcOpts}" diff --git a/nixpkgs/pkgs/build-support/rust/build-rust-crate/configure-crate.nix b/nixpkgs/pkgs/build-support/rust/build-rust-crate/configure-crate.nix index 8e2f5f7f35e..a95b356646e 100644 --- a/nixpkgs/pkgs/build-support/rust/build-rust-crate/configure-crate.nix +++ b/nixpkgs/pkgs/build-support/rust/build-rust-crate/configure-crate.nix @@ -43,7 +43,7 @@ in '' noisily cd "${workspace_member}" ''} ${lib.optionalString (workspace_member == null) '' - echo_colored "Searching for matching Cargo.toml (${crateName})" + echo_colored "Searching for matching Cargo.toml (${crateName})" local cargo_toml_dir=$(matching_cargo_toml_dir "${crateName}") if [ -z "$cargo_toml_dir" ]; then echo_error "ERROR configuring ${crateName}: No matching Cargo.toml in $(pwd) found." >&2 @@ -53,7 +53,7 @@ in '' ''} runHook preConfigure - + symlink_dependency() { # $1 is the nix-store path of a dependency # $2 is the target path diff --git a/nixpkgs/pkgs/build-support/rust/build-rust-crate/lib.sh b/nixpkgs/pkgs/build-support/rust/build-rust-crate/lib.sh index 3bf1992cecd..d4927b025aa 100644 --- a/nixpkgs/pkgs/build-support/rust/build-rust-crate/lib.sh +++ b/nixpkgs/pkgs/build-support/rust/build-rust-crate/lib.sh @@ -153,8 +153,8 @@ matching_cargo_toml_path() { # is referenced there. cargo metadata --no-deps --format-version 1 \ --manifest-path "$manifest_path" \ - | jq -r '.packages[] - | select( .name == "'$expected_crate_name'") + | jq -r '.packages[] + | select( .name == "'$expected_crate_name'") | .manifest_path' } @@ -171,4 +171,4 @@ matching_cargo_toml_dir() { break fi done -}
\ No newline at end of file +} diff --git a/nixpkgs/pkgs/build-support/rust/build-rust-crate/log.nix b/nixpkgs/pkgs/build-support/rust/build-rust-crate/log.nix index a7e2cb4f463..9054815f4a1 100644 --- a/nixpkgs/pkgs/build-support/rust/build-rust-crate/log.nix +++ b/nixpkgs/pkgs/build-support/rust/build-rust-crate/log.nix @@ -1,23 +1,23 @@ { lib }: let echo_colored_body = start_escape: - # Body of a function that behaves like "echo" but + # Body of a function that behaves like "echo" but # has the output colored by the given start_escape # sequence. E.g. # # * echo_x "Building ..." # * echo_x -n "Running " # - # This is more complicated than apparent at first sight + # This is more complicated than apparent at first sight # because: # * The color markers and the text must be print # in the same echo statement. Otherise, other - # intermingled text from concurrent builds will + # intermingled text from concurrent builds will # be colored as well. # * We need to preserve the trailing newline of the # echo if and only if it is present. Bash likes # to strip those if we capture the output of echo - # in a variable. + # in a variable. # * Leading "-" will be interpreted by test as an # option for itself. Therefore, we prefix it with # an x in `[[ "x$1" =~ ^x- ]]`. @@ -27,13 +27,13 @@ let echo_colored_body = start_escape: echo_args+=" $1" shift done - + local start_escape="$(printf '${start_escape}')" local reset="$(printf '\033[0m')" echo $echo_args $start_escape"$@"$reset ''; echo_conditional_colored_body = colors: start_escape: - if colors == "always" + if colors == "always" then (echo_colored_body start_escape) else ''echo "$@"''; in { @@ -50,7 +50,7 @@ in { noisily = colors: verbose: '' noisily() { ${lib.optionalString verbose '' - echo_colored -n "Running " + echo_colored -n "Running " echo $@ ''} $@ diff --git a/nixpkgs/pkgs/build-support/rust/default.nix b/nixpkgs/pkgs/build-support/rust/default.nix index c292b8ea4d4..f270fe97326 100644 --- a/nixpkgs/pkgs/build-support/rust/default.nix +++ b/nixpkgs/pkgs/build-support/rust/default.nix @@ -181,7 +181,7 @@ stdenv.mkDerivation (args // { "CXX_${rust.toRustTarget stdenv.buildPlatform}"="${cxxForBuild}" \ "CC_${rust.toRustTarget stdenv.hostPlatform}"="${ccForHost}" \ "CXX_${rust.toRustTarget stdenv.hostPlatform}"="${cxxForHost}" \ - cargo build \ + cargo build -j $NIX_BUILD_CORES \ ${stdenv.lib.optionalString (buildType == "release") "--release"} \ --target ${rustTarget} \ --frozen ${concatStringsSep " " cargoBuildFlags} @@ -208,7 +208,7 @@ stdenv.mkDerivation (args // { ${stdenv.lib.optionalString (buildAndTestSubdir != null) "pushd ${buildAndTestSubdir}"} runHook preCheck echo "Running cargo test ${argstr} -- ''${checkFlags} ''${checkFlagsArray+''${checkFlagsArray[@]}}" - cargo test ${argstr} -- ''${checkFlags} ''${checkFlagsArray+"''${checkFlagsArray[@]}"} + cargo test -j $NIX_BUILD_CORES ${argstr} -- --test-threads=$NIX_BUILD_CORES ''${checkFlags} ''${checkFlagsArray+"''${checkFlagsArray[@]}"} runHook postCheck ${stdenv.lib.optionalString (buildAndTestSubdir != null) "popd"} ''); diff --git a/nixpkgs/pkgs/build-support/rust/fetchcrate.nix b/nixpkgs/pkgs/build-support/rust/fetchcrate.nix index 95dfd38b12a..4e6c38b032c 100644 --- a/nixpkgs/pkgs/build-support/rust/fetchcrate.nix +++ b/nixpkgs/pkgs/build-support/rust/fetchcrate.nix @@ -1,10 +1,13 @@ { lib, fetchurl, unzip }: -{ crateName +{ crateName ? args.pname +, pname ? null , version , sha256 , ... } @ args: +assert pname == null || pname == crateName; + lib.overrideDerivation (fetchurl ({ name = "${crateName}-${version}.tar.gz"; @@ -30,6 +33,6 @@ lib.overrideDerivation (fetchurl ({ fi mv "$unpackDir/$fn" "$out" ''; -} // removeAttrs args [ "crateName" "version" ])) +} // removeAttrs args [ "crateName" "pname" "version" ])) # Hackety-hack: we actually need unzip hooks, too (x: {nativeBuildInputs = x.nativeBuildInputs++ [unzip];}) diff --git a/nixpkgs/pkgs/build-support/trivial-builders.nix b/nixpkgs/pkgs/build-support/trivial-builders.nix index 3c81a4ece65..eab5366e183 100644 --- a/nixpkgs/pkgs/build-support/trivial-builders.nix +++ b/nixpkgs/pkgs/build-support/trivial-builders.nix @@ -240,6 +240,8 @@ rec { * This creates a single derivation that replicates the directory structure * of all the input paths. * + * BEWARE: it may not "work right" when the passed paths contain symlinks to directories. + * * Examples: * # adds symlinks of hello to current build. * symlinkJoin { name = "myhello"; paths = [ pkgs.hello ]; } diff --git a/nixpkgs/pkgs/build-support/wrapper-common/utils.bash b/nixpkgs/pkgs/build-support/wrapper-common/utils.bash index 8c4680a8e44..ce569ac2b8c 100644 --- a/nixpkgs/pkgs/build-support/wrapper-common/utils.bash +++ b/nixpkgs/pkgs/build-support/wrapper-common/utils.bash @@ -69,9 +69,9 @@ badPath() { # directory (including the build directory). test \ "$p" != "/dev/null" -a \ - "${p:0:${#NIX_STORE}}" != "$NIX_STORE" -a \ - "${p:0:4}" != "/tmp" -a \ - "${p:0:${#NIX_BUILD_TOP}}" != "$NIX_BUILD_TOP" + "${p#${NIX_STORE}}" = "$p" -a \ + "${p#${TMP:-/tmp}}" = "$p" -a \ + "${p#${NIX_BUILD_TOP}}" = "$p" } expandResponseParams() { diff --git a/nixpkgs/pkgs/build-support/wrapper-common/utils.bash.darwin b/nixpkgs/pkgs/build-support/wrapper-common/utils.bash.darwin new file mode 100644 index 00000000000..8c4680a8e44 --- /dev/null +++ b/nixpkgs/pkgs/build-support/wrapper-common/utils.bash.darwin @@ -0,0 +1,92 @@ +# Accumulate suffixes for taking in the right input parameters with the `mangle*` +# functions below. See setup-hook for details. +accumulateRoles() { + declare -ga role_suffixes=() + if [ "${NIX_@wrapperName@_TARGET_BUILD_@suffixSalt@:-}" ]; then + role_suffixes+=('_FOR_BUILD') + fi + if [ "${NIX_@wrapperName@_TARGET_HOST_@suffixSalt@:-}" ]; then + role_suffixes+=('') + fi + if [ "${NIX_@wrapperName@_TARGET_TARGET_@suffixSalt@:-}" ]; then + role_suffixes+=('_FOR_TARGET') + fi +} + +mangleVarList() { + local var="$1" + shift + local -a role_suffixes=("$@") + + local outputVar="${var}_@suffixSalt@" + declare -gx ${outputVar}+='' + # For each role we serve, we accumulate the input parameters into our own + # cc-wrapper-derivation-specific environment variables. + for suffix in "${role_suffixes[@]}"; do + local inputVar="${var}${suffix}" + if [ -v "$inputVar" ]; then + export ${outputVar}+="${!outputVar:+ }${!inputVar}" + fi + done +} + +mangleVarBool() { + local var="$1" + shift + local -a role_suffixes=("$@") + + local outputVar="${var}_@suffixSalt@" + declare -gxi ${outputVar}+=0 + for suffix in "${role_suffixes[@]}"; do + local inputVar="${var}${suffix}" + if [ -v "$inputVar" ]; then + # "1" in the end makes `let` return success error code when + # expression itself evaluates to zero. + # We don't use `|| true` because that would silence actual + # syntax errors from bad variable values. + let "${outputVar} |= ${!inputVar:-0}" "1" + fi + done +} + +skip () { + if (( "${NIX_DEBUG:-0}" >= 1 )); then + echo "skipping impure path $1" >&2 + fi +} + + +# Checks whether a path is impure. E.g., `/lib/foo.so' is impure, but +# `/nix/store/.../lib/foo.so' isn't. +badPath() { + local p=$1 + + # Relative paths are okay (since they're presumably relative to + # the temporary build directory). + if [ "${p:0:1}" != / ]; then return 1; fi + + # Otherwise, the path should refer to the store or some temporary + # directory (including the build directory). + test \ + "$p" != "/dev/null" -a \ + "${p:0:${#NIX_STORE}}" != "$NIX_STORE" -a \ + "${p:0:4}" != "/tmp" -a \ + "${p:0:${#NIX_BUILD_TOP}}" != "$NIX_BUILD_TOP" +} + +expandResponseParams() { + declare -ga params=("$@") + local arg + for arg in "$@"; do + if [[ "$arg" == @* ]]; then + # phase separation makes this look useless + # shellcheck disable=SC2157 + if [ -x "@expandResponseParams@" ]; then + # params is used by caller + #shellcheck disable=SC2034 + readarray -d '' params < <("@expandResponseParams@" "$@") + return 0 + fi + fi + done +} diff --git a/nixpkgs/pkgs/build-support/writers/default.nix b/nixpkgs/pkgs/build-support/writers/default.nix index 4673b4e6cd8..495a56b4197 100644 --- a/nixpkgs/pkgs/build-support/writers/default.nix +++ b/nixpkgs/pkgs/build-support/writers/default.nix @@ -164,12 +164,13 @@ rec { # ''; writeHaskell = name: { libraries ? [], - ghc ? pkgs.ghc + ghc ? pkgs.ghc, + ghcArgs ? [] }: makeBinWriter { compileScript = '' cp $contentPath tmp.hs - ${ghc.withPackages (_: libraries )}/bin/ghc tmp.hs + ${ghc.withPackages (_: libraries )}/bin/ghc ${lib.escapeShellArgs ghcArgs} tmp.hs mv tmp $out ${pkgs.binutils-unwrapped}/bin/strip --strip-unneeded "$out" ''; |