BoomMicrophone/nixpkgs-suyu
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge pull request #219421 from risicle/ris-fortify-headers-auto

Browse source 
cc-wrapper: include fortify-headers before libc includes for musl
This commit is contained in:
Robert Scott 2023-08-06 22:50:48 +01:00 committed by GitHub
commit 0865f1f4d7
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 57 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

18
pkgs/build-support/cc-wrapper/default.nix
View file

@ -51,6 +51,8 @@
# the derivation at which the `-B` and `-L` flags added by `useCcForLibs` will point # the derivation at which the `-B` and `-L` flags added by `useCcForLibs` will point
, gccForLibs ? if useCcForLibs then cc else null , gccForLibs ? if useCcForLibs then cc else null
, fortify-headers ? null
, includeFortifyHeaders ? null
}: }:
with lib; with lib;
@ -65,6 +67,10 @@ let
stdenv = stdenvNoCC; stdenv = stdenvNoCC;
inherit (stdenv) hostPlatform targetPlatform; inherit (stdenv) hostPlatform targetPlatform;
includeFortifyHeaders' = if includeFortifyHeaders != null
then includeFortifyHeaders
else targetPlatform.libc == "musl";
# Prefix for binaries. Customarily ends with a dash separator. # Prefix for binaries. Customarily ends with a dash separator.
# #
# TODO(@Ericson2314) Make unconditional, or optional but always true by # TODO(@Ericson2314) Make unconditional, or optional but always true by
@ -165,6 +171,8 @@ let
stdenv.targetPlatform.darwinMinVersionVariable; stdenv.targetPlatform.darwinMinVersionVariable;
in in
assert includeFortifyHeaders' -> fortify-headers != null;
# Ensure bintools matches # Ensure bintools matches
assert libc_bin == bintools.libc_bin; assert libc_bin == bintools.libc_bin;
assert libc_dev == bintools.libc_dev; assert libc_dev == bintools.libc_dev;
@ -414,6 +422,16 @@ stdenv.mkDerivation {
echo "${libc_lib}" > $out/nix-support/orig-libc echo "${libc_lib}" > $out/nix-support/orig-libc
echo "${libc_dev}" > $out/nix-support/orig-libc-dev echo "${libc_dev}" > $out/nix-support/orig-libc-dev
''
# fortify-headers is a set of wrapper headers that augment libc
# and use #include_next to pass through to libc's true
# implementations, so must appear before them in search order.
# in theory a correctly placed -idirafter could be used, but in
# practice the compiler may have been built with a --with-headers
# like option that forces the libc headers before all -idirafter,
# hence -isystem here.
+ optionalString includeFortifyHeaders' ''
echo "-isystem ${fortify-headers}/include" >> $out/nix-support/libc-cflags
'') '')
## ##

34
pkgs/development/libraries/fortify-headers/default.nix Normal file
View file

@ -0,0 +1,34 @@
{ lib
, stdenv
, fetchurl
}:
stdenv.mkDerivation {
pname = "fortify-headers";
version = "1.1alpine1";
# upstream only accessible via git - unusable during bootstrap, hence
# extract from the alpine package
src = fetchurl {
url = "https://dl-cdn.alpinelinux.org/alpine/v3.17/main/x86_64/fortify-headers-1.1-r1.apk";
name = "fortify-headers.tar.gz"; # ensure it's extracted as a .tar.gz
hash = "sha256-A67NzUv+dldARY+MTaoVnezTg+Es8ZK/b7XOxA6KzpI=";
};
installPhase = ''
runHook preInstall
mkdir -p $out
cp -r include/fortify $out/include
runHook postInstall
'';
meta = {
description = "Standalone header-based fortify-source implementation";
homepage = "https://git.2f30.org/fortify-headers";
license = lib.licenses.bsd0;
platforms = lib.platforms.all;
maintainers = with lib.maintainers; [ ris ];
};
}

3
pkgs/stdenv/linux/default.nix
View file

@ -194,6 +194,7 @@ let
inherit lib; inherit lib;
inherit (prevStage) coreutils gnugrep; inherit (prevStage) coreutils gnugrep;
stdenvNoCC = prevStage.ccWrapperStdenv; stdenvNoCC = prevStage.ccWrapperStdenv;
fortify-headers = prevStage.fortify-headers;
}).overrideAttrs(a: lib.optionalAttrs (prevStage.gcc-unwrapped.passthru.isXgcc or false) { }).overrideAttrs(a: lib.optionalAttrs (prevStage.gcc-unwrapped.passthru.isXgcc or false) {
# This affects only `xgcc` (the compiler which compiles the final compiler). # This affects only `xgcc` (the compiler which compiles the final compiler).
postFixup = (a.postFixup or "") + '' postFixup = (a.postFixup or "") + ''
@ -568,6 +569,7 @@ in
inherit lib; inherit lib;
inherit (self) stdenvNoCC coreutils gnugrep; inherit (self) stdenvNoCC coreutils gnugrep;
shell = self.bash + "/bin/bash"; shell = self.bash + "/bin/bash";
fortify-headers = self.fortify-headers;
}; };
}; };
extraNativeBuildInputs = [ extraNativeBuildInputs = [
@ -645,6 +647,7 @@ in
++ [ linuxHeaders # propagated from .dev ++ [ linuxHeaders # propagated from .dev
binutils gcc gcc.cc gcc.cc.lib gcc.expand-response-params gcc.cc.libgcc glibc.passthru.libgcc binutils gcc gcc.cc gcc.cc.lib gcc.expand-response-params gcc.cc.libgcc glibc.passthru.libgcc
] ]
++ lib.optionals (localSystem.libc == "musl") [ fortify-headers ]
++ [ prevStage.updateAutotoolsGnuConfigScriptsHook prevStage.gnu-config ] ++ [ prevStage.updateAutotoolsGnuConfigScriptsHook prevStage.gnu-config ]
++ (with gcc-unwrapped.passthru; [ ++ (with gcc-unwrapped.passthru; [
gmp libmpc mpfr isl gmp libmpc mpfr isl

2
pkgs/top-level/all-packages.nix
View file

@ -21097,6 +21097,8 @@ with pkgs;
folks = callPackage ../development/libraries/folks { }; folks = callPackage ../development/libraries/folks { };
fortify-headers = callPackage ../development/libraries/fortify-headers { };
makeFontsConf = let fontconfig_ = fontconfig; in {fontconfig ? fontconfig_, fontDirectories}: makeFontsConf = let fontconfig_ = fontconfig; in {fontconfig ? fontconfig_, fontDirectories}:
callPackage ../development/libraries/fontconfig/make-fonts-conf.nix { callPackage ../development/libraries/fontconfig/make-fonts-conf.nix {
inherit fontconfig fontDirectories; inherit fontconfig fontDirectories;