diff --git a/pkgs/applications/virtualization/xen/packages.nix b/pkgs/applications/virtualization/xen/packages.nix index 8f5262acb024..f4bde18f3df6 100644 --- a/pkgs/applications/virtualization/xen/packages.nix +++ b/pkgs/applications/virtualization/xen/packages.nix @@ -10,8 +10,6 @@ rec { xen_4_5-vanilla = callPackage ./4.5.nix { # At the very least included seabios and etherboot need gcc49, # so we have to build all of it with gcc49. - stdenv = overrideCC stdenv gcc49; - meta = { description = "vanilla"; longDescription = '' @@ -60,8 +58,6 @@ rec { xen_4_8-vanilla = callPackage ./4.8.nix { # At the very least included seabios and etherboot need gcc49, # so we have to build all of it with gcc49. - stdenv = overrideCC stdenv gcc49; - meta = { description = "vanilla"; longDescription = '' diff --git a/pkgs/build-support/cc-wrapper/add-flags.sh b/pkgs/build-support/cc-wrapper/add-flags.sh index 1edfe8bfc753..4d28ba08d103 100644 --- a/pkgs/build-support/cc-wrapper/add-flags.sh +++ b/pkgs/build-support/cc-wrapper/add-flags.sh @@ -1,37 +1,88 @@ +# N.B. It may be a surprise that the derivation-specific variables are exported, +# since this is just sourced by the wrapped binaries---the end consumers. This +# is because one wrapper binary may invoke another (e.g. cc invoking ld). In +# that case, it is cheaper/better to not repeat this step and let the forked +# wrapped binary just inherit the work of the forker's wrapper script. + +var_templates=( + NIX_CC_WRAPPER+START_HOOK + NIX_CC_WRAPPER+EXEC_HOOK + NIX_LD_WRAPPER+START_HOOK + NIX_LD_WRAPPER+EXEC_HOOK + + NIX+CFLAGS_COMPILE + NIX+CFLAGS_LINK + NIX+CXXSTDLIB_COMPILE + NIX+CXXSTDLIB_LINK + NIX+GNATFLAGS_COMPILE + NIX+IGNORE_LD_THROUGH_GCC + NIX+LDFLAGS + NIX+LDFLAGS_BEFORE + NIX+LDFLAGS_AFTER + NIX+LDFLAGS_HARDEN + + NIX+SET_BUILD_ID + NIX+DONT_SET_RPATH + NIX+ENFORCE_NO_NATIVE +) + +# Accumulate infixes for taking in the right input parameters. See setup-hook +# for details. +declare -a role_infixes=() +if [ "${NIX_CC_WRAPPER_@infixSalt@_TARGET_BUILD:-}" ]; then + role_infixes+=(_BUILD_) +fi +if [ "${NIX_CC_WRAPPER_@infixSalt@_TARGET_HOST:-}" ]; then + role_infixes+=(_) +fi +if [ "${NIX_CC_WRAPPER_@infixSalt@_TARGET_TARGET:-}" ]; then + role_infixes+=(_TARGET_) +fi + +# We need to mangle names for hygiene, but also take parameters/overrides +# from the environment. +for var in "${var_templates[@]}"; do + outputVar="${var/+/_@infixSalt@_}" + export ${outputVar}+='' + # For each role we serve, we accumulate the input parameters into our own + # cc-wrapper-derivation-specific environment variables. + for infix in "${role_infixes[@]}"; do + inputVar="${var/+/${infix}}" + if [ -v "$inputVar" ]; then + export ${outputVar}+="${!outputVar:+ }${!inputVar}" + fi + done +done + # `-B@out@/bin' forces cc to use ld-wrapper.sh when calling ld. -export NIX_CFLAGS_COMPILE="-B@out@/bin/ $NIX_CFLAGS_COMPILE" +NIX_@infixSalt@_CFLAGS_COMPILE="-B@out@/bin/ $NIX_@infixSalt@_CFLAGS_COMPILE" # Export and assign separately in order that a failing $(..) will fail # the script. if [ -e @out@/nix-support/libc-cflags ]; then - export NIX_CFLAGS_COMPILE - NIX_CFLAGS_COMPILE="$(< @out@/nix-support/libc-cflags) $NIX_CFLAGS_COMPILE" + NIX_@infixSalt@_CFLAGS_COMPILE="$(< @out@/nix-support/libc-cflags) $NIX_@infixSalt@_CFLAGS_COMPILE" fi if [ -e @out@/nix-support/cc-cflags ]; then - export NIX_CFLAGS_COMPILE - NIX_CFLAGS_COMPILE="$(< @out@/nix-support/cc-cflags) $NIX_CFLAGS_COMPILE" + NIX_@infixSalt@_CFLAGS_COMPILE="$(< @out@/nix-support/cc-cflags) $NIX_@infixSalt@_CFLAGS_COMPILE" fi if [ -e @out@/nix-support/gnat-cflags ]; then - export NIX_GNATFLAGS_COMPILE - NIX_GNATFLAGS_COMPILE="$(< @out@/nix-support/gnat-cflags) $NIX_GNATFLAGS_COMPILE" + NIX_@infixSalt@_GNATFLAGS_COMPILE="$(< @out@/nix-support/gnat-cflags) $NIX_@infixSalt@_GNATFLAGS_COMPILE" fi if [ -e @out@/nix-support/libc-ldflags ]; then - export NIX_LDFLAGS - NIX_LDFLAGS+=" $(< @out@/nix-support/libc-ldflags)" + NIX_@infixSalt@_LDFLAGS+=" $(< @out@/nix-support/libc-ldflags)" fi if [ -e @out@/nix-support/cc-ldflags ]; then - export NIX_LDFLAGS - NIX_LDFLAGS+=" $(< @out@/nix-support/cc-ldflags)" + NIX_@infixSalt@_LDFLAGS+=" $(< @out@/nix-support/cc-ldflags)" fi if [ -e @out@/nix-support/libc-ldflags-before ]; then - export NIX_LDFLAGS_BEFORE - NIX_LDFLAGS_BEFORE="$(< @out@/nix-support/libc-ldflags-before) $NIX_LDFLAGS_BEFORE" + NIX_@infixSalt@_LDFLAGS_BEFORE="$(< @out@/nix-support/libc-ldflags-before) $NIX_@infixSalt@_LDFLAGS_BEFORE" fi -export NIX_CC_WRAPPER_FLAGS_SET=1 +# That way forked processes will not extend these environment variables again. +export NIX_CC_WRAPPER_@infixSalt@_FLAGS_SET=1 diff --git a/pkgs/build-support/cc-wrapper/add-hardening.sh b/pkgs/build-support/cc-wrapper/add-hardening.sh index c91ff0a9d0bd..aa8eb720486c 100644 --- a/pkgs/build-support/cc-wrapper/add-hardening.sh +++ b/pkgs/build-support/cc-wrapper/add-hardening.sh @@ -1,67 +1,69 @@ hardeningFlags=(fortify stackprotector pic strictoverflow format relro bindnow) -# Intentionally word-split in case 'hardeningEnable' is defined in Nix. -hardeningFlags+=(${hardeningEnable[@]}) +# Intentionally word-split in case 'hardeningEnable' is defined in +# Nix. Also, our bootstrap tools version of bash is old enough that +# undefined arrays trip `set -u`. +if [[ -v hardeningEnable[@] ]]; then + hardeningFlags+=(${hardeningEnable[@]}) +fi hardeningCFlags=() hardeningLDFlags=() declare -A hardeningDisableMap -# Intentionally word-split in case 'hardeningDisable' is defined in Nix. The -# array expansion also prevents undefined variables from causing trouble with -# `set -u`. -for flag in ${hardeningDisable[@]} @hardening_unsupported_flags@ +# Intentionally word-split in case 'hardeningDisable' is defined in Nix. +for flag in ${hardeningDisable[@]:-IGNORED_KEY} @hardening_unsupported_flags@ do hardeningDisableMap[$flag]=1 done -if [[ -n "$NIX_DEBUG" ]]; then +if [[ -n "${NIX_DEBUG:-}" ]]; then printf 'HARDENING: disabled flags:' >&2 (( "${#hardeningDisableMap[@]}" )) && printf ' %q' "${!hardeningDisableMap[@]}" >&2 echo >&2 fi -if [[ -z "${hardeningDisableMap[all]}" ]]; then - if [[ -n "$NIX_DEBUG" ]]; then +if [[ -z "${hardeningDisableMap[all]:-}" ]]; then + if [[ -n "${NIX_DEBUG:-}" ]]; then echo 'HARDENING: Is active (not completely disabled with "all" flag)' >&2; fi for flag in "${hardeningFlags[@]}" do - if [[ -z "${hardeningDisableMap[$flag]}" ]]; then + if [[ -z "${hardeningDisableMap[$flag]:-}" ]]; then case $flag in fortify) - if [[ -n "$NIX_DEBUG" ]]; then echo HARDENING: enabling fortify >&2; fi + if [[ -n "${NIX_DEBUG:-}" ]]; then echo HARDENING: enabling fortify >&2; fi hardeningCFlags+=('-O2' '-D_FORTIFY_SOURCE=2') ;; stackprotector) - if [[ -n "$NIX_DEBUG" ]]; then echo HARDENING: enabling stackprotector >&2; fi + if [[ -n "${NIX_DEBUG:-}" ]]; then echo HARDENING: enabling stackprotector >&2; fi hardeningCFlags+=('-fstack-protector-strong' '--param' 'ssp-buffer-size=4') ;; pie) - if [[ -n "$NIX_DEBUG" ]]; then echo HARDENING: enabling CFlags -fPIE >&2; fi + if [[ -n "${NIX_DEBUG:-}" ]]; then echo HARDENING: enabling CFlags -fPIE >&2; fi hardeningCFlags+=('-fPIE') if [[ ! ("$*" =~ " -shared " || "$*" =~ " -static ") ]]; then - if [[ -n "$NIX_DEBUG" ]]; then echo HARDENING: enabling LDFlags -pie >&2; fi + if [[ -n "${NIX_DEBUG:-}" ]]; then echo HARDENING: enabling LDFlags -pie >&2; fi hardeningLDFlags+=('-pie') fi ;; pic) - if [[ -n "$NIX_DEBUG" ]]; then echo HARDENING: enabling pic >&2; fi + if [[ -n "${NIX_DEBUG:-}" ]]; then echo HARDENING: enabling pic >&2; fi hardeningCFlags+=('-fPIC') ;; strictoverflow) - if [[ -n "$NIX_DEBUG" ]]; then echo HARDENING: enabling strictoverflow >&2; fi + if [[ -n "${NIX_DEBUG:-}" ]]; then echo HARDENING: enabling strictoverflow >&2; fi hardeningCFlags+=('-fno-strict-overflow') ;; format) - if [[ -n "$NIX_DEBUG" ]]; then echo HARDENING: enabling format >&2; fi + if [[ -n "${NIX_DEBUG:-}" ]]; then echo HARDENING: enabling format >&2; fi hardeningCFlags+=('-Wformat' '-Wformat-security' '-Werror=format-security') ;; relro) - if [[ -n "$NIX_DEBUG" ]]; then echo HARDENING: enabling relro >&2; fi + if [[ -n "${NIX_DEBUG:-}" ]]; then echo HARDENING: enabling relro >&2; fi hardeningLDFlags+=('-z' 'relro') ;; bindnow) - if [[ -n "$NIX_DEBUG" ]]; then echo HARDENING: enabling bindnow >&2; fi + if [[ -n "${NIX_DEBUG:-}" ]]; then echo HARDENING: enabling bindnow >&2; fi hardeningLDFlags+=('-z' 'now') ;; *) diff --git a/pkgs/build-support/cc-wrapper/cc-wrapper.sh b/pkgs/build-support/cc-wrapper/cc-wrapper.sh index 966556566077..e5a3a5818519 100644 --- a/pkgs/build-support/cc-wrapper/cc-wrapper.sh +++ b/pkgs/build-support/cc-wrapper/cc-wrapper.sh @@ -1,5 +1,5 @@ #! @shell@ -set -e -o pipefail +set -eu -o pipefail shopt -s nullglob path_backup="$PATH" @@ -11,12 +11,12 @@ if [[ -n "@coreutils_bin@" && -n "@gnugrep_bin@" ]]; then PATH="@coreutils_bin@/bin:@gnugrep_bin@/bin" fi -if [ -n "$NIX_CC_WRAPPER_START_HOOK" ]; then - source "$NIX_CC_WRAPPER_START_HOOK" +if [ -z "${NIX_CC_WRAPPER_@infixSalt@_FLAGS_SET:-}" ]; then + source @out@/nix-support/add-flags.sh fi -if [ -z "$NIX_CC_WRAPPER_FLAGS_SET" ]; then - source @out@/nix-support/add-flags.sh +if [ -n "$NIX_CC_WRAPPER_@infixSalt@_START_HOOK" ]; then + source "$NIX_CC_WRAPPER_@infixSalt@_START_HOOK" fi source @out@/nix-support/utils.sh @@ -36,7 +36,7 @@ declare -i n=0 nParams=${#params[@]} while [ "$n" -lt "$nParams" ]; do p=${params[n]} - p2=${params[n+1]} + p2=${params[n+1]:-} # handle `p` being last one if [ "$p" = -c ]; then dontLink=1 elif [ "$p" = -S ]; then @@ -63,7 +63,7 @@ while [ "$n" -lt "$nParams" ]; do nonFlagArgs=1 elif [ "$p" = -m32 ]; then if [ -e @out@/nix-support/dynamic-linker-m32 ]; then - NIX_LDFLAGS+=" -dynamic-linker $(< @out@/nix-support/dynamic-linker-m32)" + NIX_@infixSalt@_LDFLAGS+=" -dynamic-linker $(< @out@/nix-support/dynamic-linker-m32)" fi fi n+=1 @@ -79,13 +79,13 @@ if [ "$nonFlagArgs" = 0 ]; then fi # Optionally filter out paths not refering to the store. -if [[ "$NIX_ENFORCE_PURITY" = 1 && -n "$NIX_STORE" ]]; then +if [[ "${NIX_ENFORCE_PURITY:-}" = 1 && -n "$NIX_STORE" ]]; then rest=() nParams=${#params[@]} declare -i n=0 while [ "$n" -lt "$nParams" ]; do p=${params[n]} - p2=${params[n+1]} + p2=${params[n+1]:-} # handle `p` being last one if [ "${p:0:3}" = -L/ ] && badPath "${p:2}"; then skip "${p:2}" elif [ "$p" = -L ] && badPath "$p2"; then @@ -106,7 +106,7 @@ fi # Clear march/mtune=native -- they bring impurity. -if [ "$NIX_ENFORCE_NO_NATIVE" = 1 ]; then +if [ "$NIX_@infixSalt@_ENFORCE_NO_NATIVE" = 1 ]; then rest=() for p in "${params[@]}"; do if [[ "$p" = -m*=native ]]; then @@ -120,36 +120,36 @@ fi if [[ "$isCpp" = 1 ]]; then if [[ "$cppInclude" = 1 ]]; then - NIX_CFLAGS_COMPILE+=" ${NIX_CXXSTDLIB_COMPILE-@default_cxx_stdlib_compile@}" + NIX_@infixSalt@_CFLAGS_COMPILE+=" ${NIX_@infixSalt@_CXXSTDLIB_COMPILE-@default_cxx_stdlib_compile@}" fi - NIX_CFLAGS_LINK+=" $NIX_CXXSTDLIB_LINK" + NIX_@infixSalt@_CFLAGS_LINK+=" $NIX_@infixSalt@_CXXSTDLIB_LINK" fi source @out@/nix-support/add-hardening.sh # Add the flags for the C compiler proper. -extraAfter=($NIX_CFLAGS_COMPILE "${hardeningCFlags[@]}") +extraAfter=($NIX_@infixSalt@_CFLAGS_COMPILE "${hardeningCFlags[@]}") extraBefore=() if [ "$dontLink" != 1 ]; then # Add the flags that should only be passed to the compiler when # linking. - extraAfter+=($NIX_CFLAGS_LINK "${hardeningLDFlags[@]}") + extraAfter+=($NIX_@infixSalt@_CFLAGS_LINK "${hardeningLDFlags[@]}") # Add the flags that should be passed to the linker (and prevent - # `ld-wrapper' from adding NIX_LDFLAGS again). - for i in $NIX_LDFLAGS_BEFORE; do + # `ld-wrapper' from adding NIX_@infixSalt@_LDFLAGS again). + for i in $NIX_@infixSalt@_LDFLAGS_BEFORE; do extraBefore+=("-Wl,$i") done - for i in $NIX_LDFLAGS; do + for i in $NIX_@infixSalt@_LDFLAGS; do if [ "${i:0:3}" = -L/ ]; then extraAfter+=("$i") else extraAfter+=("-Wl,$i") fi done - export NIX_LDFLAGS_SET=1 + export NIX_@infixSalt@_LDFLAGS_SET=1 fi # As a very special hack, if the arguments are just `-v', then don't @@ -162,18 +162,21 @@ if [ "$*" = -v ]; then fi # Optionally print debug info. -if [ -n "$NIX_DEBUG" ]; then +if [ -n "${NIX_DEBUG:-}" ]; then + set +u # Old bash workaround, see ld-wrapper for explanation. echo "extra flags before to @prog@:" >&2 printf " %q\n" "${extraBefore[@]}" >&2 echo "original flags to @prog@:" >&2 printf " %q\n" "${params[@]}" >&2 echo "extra flags after to @prog@:" >&2 printf " %q\n" "${extraAfter[@]}" >&2 + set -u fi -if [ -n "$NIX_CC_WRAPPER_EXEC_HOOK" ]; then - source "$NIX_CC_WRAPPER_EXEC_HOOK" +if [ -n "$NIX_CC_WRAPPER_@infixSalt@_EXEC_HOOK" ]; then + source "$NIX_CC_WRAPPER_@infixSalt@_EXEC_HOOK" fi PATH="$path_backup" +set +u # Old bash workaround, see above. exec @prog@ "${extraBefore[@]}" "${params[@]}" "${extraAfter[@]}" diff --git a/pkgs/build-support/cc-wrapper/default.nix b/pkgs/build-support/cc-wrapper/default.nix index e0cc1fc26696..01d1bbd7a5d5 100644 --- a/pkgs/build-support/cc-wrapper/default.nix +++ b/pkgs/build-support/cc-wrapper/default.nix @@ -53,42 +53,13 @@ let "-isystem $(echo -n ${cc.gcc}/include/c++/*) -isystem $(echo -n ${cc.gcc}/include/c++/*)/$(${cc.gcc}/bin/gcc -dumpmachine)"; dashlessTarget = stdenv.lib.replaceStrings ["-"] ["_"] targetPlatform.config; - # TODO(@Ericson2314) Make unconditional - infixSalt = stdenv.lib.optionalString (targetPlatform != hostPlatform) dashlessTarget; - infixSalt_ = stdenv.lib.optionalString (targetPlatform != hostPlatform) (dashlessTarget + "_"); - _infixSalt = stdenv.lib.optionalString (targetPlatform != hostPlatform) ("_" + dashlessTarget); - # We want to prefix all NIX_ flags with the target triple - preWrap = textFile: - # TODO: Do even when not cross on next mass-rebuild - # TODO: use @target_tripple@ for consistency - if targetPlatform == hostPlatform - then textFile - else runCommand "sed-nix-env-vars" {} ('' - cp --no-preserve=mode ${textFile} $out - - sed -i $out \ - -e 's^NIX_^NIX_${infixSalt_}^g' \ - -e 's^addCVars^addCVars${_infixSalt}^g' \ - -e 's^\[ -z "\$crossConfig" \]^\[\[ "${builtins.toString (targetPlatform != hostPlatform)}" || -z "$crossConfig" \]\]^g' - - # NIX_ things which we don't both use and define, we revert them - #asymmetric=$( - # for pre in "" "\\$" - # do - # grep -E -ho $pre'NIX_[a-zA-Z_]*' ./* | sed 's/\$//' | sort | uniq - # done | sort | uniq -c | sort -nr | sed -n 's/^1 NIX_//gp') - - # hard-code for now - asymmetric=("CXXSTDLIB_COMPILE" "CC") - - # The ([^a-zA-Z_]|$) bussiness is to ensure environment variables that - # begin with `NIX_CC` don't also get blacklisted. - for var in "''${asymmetric[@]}" - do - sed -i $out -E -e "s~NIX_${infixSalt_}$var([^a-zA-Z_]|$)~NIX_$var\1~g" - done - ''); + # The "infix salt" is a arbitrary string added in the middle of env vars + # defined by cc-wrapper's hooks so that multiple cc-wrappers can be used + # without interfering. For the moment, it is defined as the target triple, + # adjusted to be a valid bash identifier. This should be considered an + # unstable implementation detail, however. + infixSalt = dashlessTarget; # The dynamic linker has different names on different platforms. This is a # shell glob that ought to match it. @@ -129,20 +100,21 @@ stdenv.mkDerivation { gnugrep_bin = if nativeTools then "" else gnugrep; binPrefix = prefix; + inherit infixSalt; passthru = { inherit libc nativeTools nativeLibc nativePrefix isGNU isClang default_cxx_stdlib_compile - prefix infixSalt infixSalt_ _infixSalt; + prefix; emacsBufferSetup = pkgs: '' ; We should handle propagation here too (mapc (lambda (arg) (when (file-directory-p (concat arg "/include")) - (setenv "NIX_${infixSalt_}CFLAGS_COMPILE" (concat (getenv "NIX_${infixSalt_}CFLAGS_COMPILE") " -isystem " arg "/include"))) + (setenv "NIX_${infixSalt}_CFLAGS_COMPILE" (concat (getenv "NIX_${infixSalt}_CFLAGS_COMPILE") " -isystem " arg "/include"))) (when (file-directory-p (concat arg "/lib")) - (setenv "NIX_${infixSalt_}LDFLAGS" (concat (getenv "NIX_${infixSalt_}LDFLAGS") " -L" arg "/lib"))) + (setenv "NIX_${infixSalt}_LDFLAGS" (concat (getenv "NIX_${infixSalt}_LDFLAGS") " -L" arg "/lib"))) (when (file-directory-p (concat arg "/lib64")) - (setenv "NIX_${infixSalt_}LDFLAGS" (concat (getenv "NIX_${infixSalt_}LDFLAGS") " -L" arg "/lib64")))) '(${concatStringsSep " " (map (pkg: "\"${pkg}\"") pkgs)})) + (setenv "NIX_${infixSalt}_LDFLAGS" (concat (getenv "NIX_${infixSalt}_LDFLAGS") " -L" arg "/lib64")))) '(${concatStringsSep " " (map (pkg: "\"${pkg}\"") pkgs)})) ''; }; @@ -268,7 +240,7 @@ stdenv.mkDerivation { # Solaris needs an additional ld wrapper. ldPath="${nativePrefix}/bin" exec="$ldPath/${prefix}ld" - wrap ld-solaris ${preWrap ./ld-solaris-wrapper.sh} + wrap ld-solaris ${./ld-solaris-wrapper.sh} '') + '' @@ -282,7 +254,6 @@ stdenv.mkDerivation { '' + (if !useMacosReexportHack then '' wrap ${prefix}ld ${./ld-wrapper.sh} ''${ld:-$ldPath/${prefix}ld} '' else '' - export binPrefix=${prefix} ldInner="${prefix}ld-reexport-delegate" wrap "$ldInner" ${./macos-sierra-reexport-hack.bash} ''${ld:-$ldPath/${prefix}ld} wrap "${prefix}ld" ${./ld-wrapper.sh} "$out/bin/$ldInner" @@ -290,11 +261,11 @@ stdenv.mkDerivation { '') + '' if [ -e ${binutils_bin}/bin/${prefix}ld.gold ]; then - wrap ${prefix}ld.gold ${preWrap ./ld-wrapper.sh} ${binutils_bin}/bin/${prefix}ld.gold + wrap ${prefix}ld.gold ${./ld-wrapper.sh} ${binutils_bin}/bin/${prefix}ld.gold fi if [ -e ${binutils_bin}/bin/ld.bfd ]; then - wrap ${prefix}ld.bfd ${preWrap ./ld-wrapper.sh} ${binutils_bin}/bin/${prefix}ld.bfd + wrap ${prefix}ld.bfd ${./ld-wrapper.sh} ${binutils_bin}/bin/${prefix}ld.bfd fi # We export environment variables pointing to the wrapped nonstandard @@ -306,49 +277,49 @@ stdenv.mkDerivation { export default_cxx_stdlib_compile="${default_cxx_stdlib_compile}" if [ -e $ccPath/${prefix}gcc ]; then - wrap ${prefix}gcc ${preWrap ./cc-wrapper.sh} $ccPath/${prefix}gcc + wrap ${prefix}gcc ${./cc-wrapper.sh} $ccPath/${prefix}gcc ln -s ${prefix}gcc $out/bin/${prefix}cc export named_cc=${prefix}gcc export named_cxx=${prefix}g++ elif [ -e $ccPath/clang ]; then - wrap ${prefix}clang ${preWrap ./cc-wrapper.sh} $ccPath/clang + wrap ${prefix}clang ${./cc-wrapper.sh} $ccPath/clang ln -s ${prefix}clang $out/bin/${prefix}cc export named_cc=${prefix}clang export named_cxx=${prefix}clang++ fi if [ -e $ccPath/${prefix}g++ ]; then - wrap ${prefix}g++ ${preWrap ./cc-wrapper.sh} $ccPath/${prefix}g++ + wrap ${prefix}g++ ${./cc-wrapper.sh} $ccPath/${prefix}g++ ln -s ${prefix}g++ $out/bin/${prefix}c++ elif [ -e $ccPath/clang++ ]; then - wrap ${prefix}clang++ ${preWrap ./cc-wrapper.sh} $ccPath/clang++ + wrap ${prefix}clang++ ${./cc-wrapper.sh} $ccPath/clang++ ln -s ${prefix}clang++ $out/bin/${prefix}c++ fi if [ -e $ccPath/cpp ]; then - wrap ${prefix}cpp ${preWrap ./cc-wrapper.sh} $ccPath/cpp + wrap ${prefix}cpp ${./cc-wrapper.sh} $ccPath/cpp fi '' + optionalString cc.langFortran or false '' - wrap ${prefix}gfortran ${preWrap ./cc-wrapper.sh} $ccPath/${prefix}gfortran + wrap ${prefix}gfortran ${./cc-wrapper.sh} $ccPath/${prefix}gfortran ln -sv ${prefix}gfortran $out/bin/${prefix}g77 ln -sv ${prefix}gfortran $out/bin/${prefix}f77 '' + optionalString cc.langJava or false '' - wrap ${prefix}gcj ${preWrap ./cc-wrapper.sh} $ccPath/${prefix}gcj + wrap ${prefix}gcj ${./cc-wrapper.sh} $ccPath/${prefix}gcj '' + optionalString cc.langGo or false '' - wrap ${prefix}gccgo ${preWrap ./cc-wrapper.sh} $ccPath/${prefix}gccgo + wrap ${prefix}gccgo ${./cc-wrapper.sh} $ccPath/${prefix}gccgo '' + optionalString cc.langAda or false '' - wrap ${prefix}gnatgcc ${preWrap ./cc-wrapper.sh} $ccPath/${prefix}gnatgcc - wrap ${prefix}gnatmake ${preWrap ./gnat-wrapper.sh} $ccPath/${prefix}gnatmake - wrap ${prefix}gnatbind ${preWrap ./gnat-wrapper.sh} $ccPath/${prefix}gnatbind - wrap ${prefix}gnatlink ${preWrap ./gnatlink-wrapper.sh} $ccPath/${prefix}gnatlink + wrap ${prefix}gnatgcc ${./cc-wrapper.sh} $ccPath/${prefix}gnatgcc + wrap ${prefix}gnatmake ${./gnat-wrapper.sh} $ccPath/${prefix}gnatmake + wrap ${prefix}gnatbind ${./gnat-wrapper.sh} $ccPath/${prefix}gnatbind + wrap ${prefix}gnatlink ${./gnatlink-wrapper.sh} $ccPath/${prefix}gnatlink '' + optionalString cc.langVhdl or false '' @@ -356,7 +327,7 @@ stdenv.mkDerivation { '' + '' - substituteAll ${preWrap ./setup-hook.sh} $out/nix-support/setup-hook.tmp + substituteAll ${./setup-hook.sh} $out/nix-support/setup-hook.tmp cat $out/nix-support/setup-hook.tmp >> $out/nix-support/setup-hook rm $out/nix-support/setup-hook.tmp @@ -375,9 +346,9 @@ stdenv.mkDerivation { '' + '' - substituteAll ${preWrap ./add-flags.sh} $out/nix-support/add-flags.sh - substituteAll ${preWrap ./add-hardening.sh} $out/nix-support/add-hardening.sh - substituteAll ${preWrap ./utils.sh} $out/nix-support/utils.sh + substituteAll ${./add-flags.sh} $out/nix-support/add-flags.sh + substituteAll ${./add-hardening.sh} $out/nix-support/add-hardening.sh + substituteAll ${./utils.sh} $out/nix-support/utils.sh '' + extraBuildCommands; diff --git a/pkgs/build-support/cc-wrapper/gnat-wrapper.sh b/pkgs/build-support/cc-wrapper/gnat-wrapper.sh index dd97a07bd19a..1a09f4841098 100644 --- a/pkgs/build-support/cc-wrapper/gnat-wrapper.sh +++ b/pkgs/build-support/cc-wrapper/gnat-wrapper.sh @@ -1,7 +1,10 @@ #! @shell@ -set -e -o pipefail +set -eu -o pipefail shopt -s nullglob +# N.B. Gnat is not used during bootstrapping, so we don't need to +# worry about the old bash empty array `set -u` workarounds. + path_backup="$PATH" # phase separation makes this look useless @@ -10,12 +13,12 @@ if [ -n "@coreutils_bin@" ]; then PATH="@coreutils_bin@/bin" fi -if [ -n "$NIX_GNAT_WRAPPER_START_HOOK" ]; then - source "$NIX_GNAT_WRAPPER_START_HOOK" +if [ -z "${NIX_@infixSalt@_GNAT_WRAPPER_FLAGS_SET:-}" ]; then + source @out@/nix-support/add-flags.sh fi -if [ -z "$NIX_GNAT_WRAPPER_FLAGS_SET" ]; then - source @out@/nix-support/add-flags.sh +if [ -n "$NIX_@infixSalt@_GNAT_WRAPPER_START_HOOK" ]; then + source "$NIX_@infixSalt@_GNAT_WRAPPER_START_HOOK" fi source @out@/nix-support/utils.sh @@ -35,7 +38,7 @@ for i in "$@"; do nonFlagArgs=1 elif [ "$i" = -m32 ]; then if [ -e @out@/nix-support/dynamic-linker-m32 ]; then - NIX_LDFLAGS+=" -dynamic-linker $(< @out@/nix-support/dynamic-linker-m32)" + NIX_@infixSalt@_LDFLAGS+=" -dynamic-linker $(< @out@/nix-support/dynamic-linker-m32)" fi fi done @@ -52,7 +55,7 @@ fi # Optionally filter out paths not refering to the store. params=("$@") -if [[ "$NIX_ENFORCE_PURITY" = 1 && -n "$NIX_STORE" ]]; then +if [[ "${NIX_ENFORCE_PURITY:-}" = 1 && -n "$NIX_STORE" ]]; then rest=() for p in "${params[@]}"; do if [ "${p:0:3}" = -L/ ] && badPath "${p:2}"; then @@ -72,7 +75,7 @@ fi # Clear march/mtune=native -- they bring impurity. -if [ "$NIX_ENFORCE_NO_NATIVE" = 1 ]; then +if [ "$NIX_@infixSalt@_ENFORCE_NO_NATIVE" = 1 ]; then rest=() for p in "${params[@]}"; do if [[ "$p" = -m*=native ]]; then @@ -86,7 +89,7 @@ fi # Add the flags for the GNAT compiler proper. -extraAfter=($NIX_GNATFLAGS_COMPILE) +extraAfter=($NIX_@infixSalt@_GNATFLAGS_COMPILE) extraBefore=() if [ "$(basename "$0")x" = "gnatmakex" ]; then @@ -95,22 +98,22 @@ fi #if [ "$dontLink" != 1 ]; then # # Add the flags that should be passed to the linker (and prevent -# # `ld-wrapper' from adding NIX_LDFLAGS again). -# for i in $NIX_LDFLAGS_BEFORE; do +# # `ld-wrapper' from adding NIX_@infixSalt@_LDFLAGS again). +# for i in $NIX_@infixSalt@_LDFLAGS_BEFORE; do # extraBefore+=("-largs" "$i") # done -# for i in $NIX_LDFLAGS; do +# for i in $NIX_@infixSalt@_LDFLAGS; do # if [ "${i:0:3}" = -L/ ]; then # extraAfter+=("$i") # else # extraAfter+=("-largs" "$i") # fi # done -# export NIX_LDFLAGS_SET=1 +# export NIX_@infixSalt@_LDFLAGS_SET=1 #fi # Optionally print debug info. -if [ -n "$NIX_DEBUG" ]; then +if [ -n "${NIX_DEBUG:-}" ]; then echo "extra flags before to @prog@:" >&2 printf " %q\n" "${extraBefore[@]}" >&2 echo "original flags to @prog@:" >&2 @@ -119,8 +122,8 @@ if [ -n "$NIX_DEBUG" ]; then printf " %q\n" "${extraAfter[@]}" >&2 fi -if [ -n "$NIX_GNAT_WRAPPER_EXEC_HOOK" ]; then - source "$NIX_GNAT_WRAPPER_EXEC_HOOK" +if [ -n "$NIX_@infixSalt@_GNAT_WRAPPER_EXEC_HOOK" ]; then + source "$NIX_@infixSalt@_GNAT_WRAPPER_EXEC_HOOK" fi PATH="$path_backup" diff --git a/pkgs/build-support/cc-wrapper/gnatlink-wrapper.sh b/pkgs/build-support/cc-wrapper/gnatlink-wrapper.sh index 3c1a805c3fa3..ee973d3270f9 100644 --- a/pkgs/build-support/cc-wrapper/gnatlink-wrapper.sh +++ b/pkgs/build-support/cc-wrapper/gnatlink-wrapper.sh @@ -1,27 +1,30 @@ #! @shell@ -set -e -o pipefail +set -eu -o pipefail shopt -s nullglob +# N.B. Gnat is not used during bootstrapping, so we don't need to +# worry about the old bash empty array `set -u` workarounds. + # Add the flags for the GNAT compiler proper. extraAfter=("--GCC=@out@/bin/gcc") extraBefore=() ## Add the flags that should be passed to the linker (and prevent -## `ld-wrapper' from adding NIX_LDFLAGS again). -#for i in $NIX_LDFLAGS_BEFORE; do +## `ld-wrapper' from adding NIX_@infixSalt@_LDFLAGS again). +#for i in $NIX_@infixSalt@_LDFLAGS_BEFORE; do # extraBefore+=("-largs" "$i") #done -#for i in $NIX_LDFLAGS; do +#for i in $NIX_@infixSalt@_LDFLAGS; do # if [ "${i:0:3}" = -L/ ]; then # extraAfter+=("$i") # else # extraAfter+=("-largs" "$i") # fi #done -#export NIX_LDFLAGS_SET=1 +#export NIX_@infixSalt@_LDFLAGS_SET=1 # Optionally print debug info. -if [ -n "$NIX_DEBUG" ]; then +if [ -n "${NIX_DEBUG:-}" ]; then echo "extra flags before to @prog@:" >&2 printf " %q\n" "${extraBefore[@]}" >&2 echo "original flags to @prog@:" >&2 @@ -30,8 +33,8 @@ if [ -n "$NIX_DEBUG" ]; then printf " %q\n" "${extraAfter[@]}" >&2 fi -if [ -n "$NIX_GNAT_WRAPPER_EXEC_HOOK" ]; then - source "$NIX_GNAT_WRAPPER_EXEC_HOOK" +if [ -n "$NIX_@infixSalt@_GNAT_WRAPPER_EXEC_HOOK" ]; then + source "$NIX_@infixSalt@_GNAT_WRAPPER_EXEC_HOOK" fi exec @prog@ "${extraBefore[@]}" "$@" "${extraAfter[@]}" diff --git a/pkgs/build-support/cc-wrapper/ld-wrapper.sh b/pkgs/build-support/cc-wrapper/ld-wrapper.sh index 6ee66b0e3f2b..d0a1d5a0ddb7 100644 --- a/pkgs/build-support/cc-wrapper/ld-wrapper.sh +++ b/pkgs/build-support/cc-wrapper/ld-wrapper.sh @@ -1,5 +1,5 @@ #! @shell@ -set -e -o pipefail +set -eu -o pipefail shopt -s nullglob path_backup="$PATH" @@ -10,12 +10,12 @@ if [ -n "@coreutils_bin@" ]; then PATH="@coreutils_bin@/bin" fi -if [ -n "$NIX_LD_WRAPPER_START_HOOK" ]; then - source "$NIX_LD_WRAPPER_START_HOOK" +if [ -z "${NIX_CC_WRAPPER_@infixSalt@_FLAGS_SET:-}" ]; then + source @out@/nix-support/add-flags.sh fi -if [ -z "$NIX_CC_WRAPPER_FLAGS_SET" ]; then - source @out@/nix-support/add-flags.sh +if [ -n "$NIX_LD_WRAPPER_@infixSalt@_START_HOOK" ]; then + source "$NIX_LD_WRAPPER_@infixSalt@_START_HOOK" fi source @out@/nix-support/utils.sh @@ -23,14 +23,14 @@ source @out@/nix-support/utils.sh # Optionally filter out paths not refering to the store. expandResponseParams "$@" -if [[ "$NIX_ENFORCE_PURITY" = 1 && -n "$NIX_STORE" - && ( -z "$NIX_IGNORE_LD_THROUGH_GCC" || -z "$NIX_LDFLAGS_SET" ) ]]; then +if [[ "${NIX_ENFORCE_PURITY:-}" = 1 && -n "${NIX_STORE:-}" + && ( -z "$NIX_@infixSalt@_IGNORE_LD_THROUGH_GCC" || -z "${NIX_@infixSalt@_LDFLAGS_SET:-}" ) ]]; then rest=() nParams=${#params[@]} declare -i n=0 while [ "$n" -lt "$nParams" ]; do p=${params[n]} - p2=${params[n+1]} + p2=${params[n+1]:-} # handle `p` being last one if [ "${p:0:3}" = -L/ ] && badPath "${p:2}"; then skip "${p:2}" elif [ "$p" = -L ] && badPath "$p2"; then @@ -59,21 +59,25 @@ source @out@/nix-support/add-hardening.sh extraAfter=("${hardeningLDFlags[@]}") extraBefore=() -if [ -z "$NIX_LDFLAGS_SET" ]; then - extraAfter+=($NIX_LDFLAGS) - extraBefore+=($NIX_LDFLAGS_BEFORE) +if [ -z "${NIX_@infixSalt@_LDFLAGS_SET:-}" ]; then + extraAfter+=($NIX_@infixSalt@_LDFLAGS) + extraBefore+=($NIX_@infixSalt@_LDFLAGS_BEFORE) fi -extraAfter+=($NIX_LDFLAGS_AFTER $NIX_LDFLAGS_HARDEN) +extraAfter+=($NIX_@infixSalt@_LDFLAGS_AFTER $NIX_@infixSalt@_LDFLAGS_HARDEN) declare -a libDirs declare -A libs relocatable= # Find all -L... switches for rpath, and relocatable flags for build id. -if [ "$NIX_DONT_SET_RPATH" != 1 ] || [ "$NIX_SET_BUILD_ID" = 1 ]; then +if [ "$NIX_@infixSalt@_DONT_SET_RPATH" != 1 ] || [ "$NIX_@infixSalt@_SET_BUILD_ID" = 1 ]; then prev= + # Old bash thinks empty arrays are undefined, ugh, so temporarily disable + # `set -u`. + set +u for p in "${extraBefore[@]}" "${params[@]}" "${extraAfter[@]}"; do + set -u case "$prev" in -L) libDirs+=("$p") @@ -92,7 +96,7 @@ if [ "$NIX_DONT_SET_RPATH" != 1 ] || [ "$NIX_SET_BUILD_ID" = 1 ]; then -l?*) libs["lib${p:2}.so"]=1 ;; - "$NIX_STORE"/*.so | "$NIX_STORE"/*.so.*) + "${NIX_STORE:-}"/*.so | "${NIX_STORE:-}"/*.so.*) # This is a direct reference to a shared library. libDirs+=("${p%/*}") libs["${p##*/}"]=1 @@ -108,7 +112,7 @@ fi # Add all used dynamic libraries to the rpath. -if [ "$NIX_DONT_SET_RPATH" != 1 ]; then +if [ "$NIX_@infixSalt@_DONT_SET_RPATH" != 1 ]; then # For each directory in the library search path (-L...), # see if it contains a dynamic library used by a -l... flag. If # so, add the directory to the rpath. @@ -119,20 +123,23 @@ if [ "$NIX_DONT_SET_RPATH" != 1 ]; then if [[ "$dir" =~ [/.][/.] ]] && dir2=$(readlink -f "$dir"); then dir="$dir2" fi - if [ "${rpaths[$dir]}" ] || [[ "$dir" != "$NIX_STORE"/* ]]; then + if [ -n "${rpaths[$dir]:-}" ] || [[ "$dir" != "${NIX_STORE:-}"/* ]]; then # If the path is not in the store, don't add it to the rpath. # This typically happens for libraries in /tmp that are later # copied to $out/lib. If not, we're screwed. continue fi - for path in "$dir"/lib*.so; do + for path in "$dir"/*; do file="${path##*/}" - if [ "${libs[$file]}" ]; then - libs["$file"]= - if [ ! "${rpaths[$dir]}" ]; then - rpaths["$dir"]=1 - extraAfter+=(-rpath "$dir") - fi + if [ "${libs[$file]:-}" ]; then + # This library may have been provided by a previous directory, + # but if that library file is inside an output of the current + # derivation, it can be deleted after this compilation and + # should be found in a later directory, so we add all + # directories that contain any of the libraries to rpath. + rpaths["$dir"]=1 + extraAfter+=(-rpath "$dir") + break fi done done @@ -141,24 +148,27 @@ fi # Only add --build-id if this is a final link. FIXME: should build gcc # with --enable-linker-build-id instead? -if [ "$NIX_SET_BUILD_ID" = 1 ] && [ ! "$relocatable" ]; then +if [ "$NIX_@infixSalt@_SET_BUILD_ID" = 1 ] && [ ! "$relocatable" ]; then extraAfter+=(--build-id) fi # Optionally print debug info. -if [ -n "$NIX_DEBUG" ]; then +if [ -n "${NIX_DEBUG:-}" ]; then + set +u # Old bash workaround, see above. echo "extra flags before to @prog@:" >&2 printf " %q\n" "${extraBefore[@]}" >&2 echo "original flags to @prog@:" >&2 printf " %q\n" "${params[@]}" >&2 echo "extra flags after to @prog@:" >&2 printf " %q\n" "${extraAfter[@]}" >&2 + set -u fi -if [ -n "$NIX_LD_WRAPPER_EXEC_HOOK" ]; then - source "$NIX_LD_WRAPPER_EXEC_HOOK" +if [ -n "$NIX_LD_WRAPPER_@infixSalt@_EXEC_HOOK" ]; then + source "$NIX_LD_WRAPPER_@infixSalt@_EXEC_HOOK" fi PATH="$path_backup" +set +u # Old bash workaround, see above. exec @prog@ "${extraBefore[@]}" "${params[@]}" "${extraAfter[@]}" diff --git a/pkgs/build-support/cc-wrapper/setup-hook.sh b/pkgs/build-support/cc-wrapper/setup-hook.sh index 2bf507ce8dff..c6abd6281d26 100644 --- a/pkgs/build-support/cc-wrapper/setup-hook.sh +++ b/pkgs/build-support/cc-wrapper/setup-hook.sh @@ -1,22 +1,112 @@ -addCVars () { +# CC Wrapper hygiene +# +# For at least cross compilation, we need to depend on multiple cc-wrappers at +# once---specifically up to one per sort of dependency. This follows from having +# different tools targeting different platforms, and different flags for those +# tools. For example: +# +# # Flags for compiling (whether or not linking) C code for the... +# NIX_BUILD_CFLAGS_COMPILE # ...build platform +# NIX_CFLAGS_COMPILE # ...host platform +# NIX_TARGET_CFLAGS_COMPILE # ...target platform +# +# Notice that these platforms are the 3 *relative* to the package using +# cc-wrapper, not absolute like `x86_64-pc-linux-gnu`. +# +# The simplest solution would be to have separate cc-wrappers per (3 intended +# use-cases * n absolute concrete platforms). For the use-case axis, we would +# @-splice in 'BUILD_' '' 'TARGET_' to use the write environment variables when +# building the cc-wrapper, and likewise prefix the binaries' names so they didn't +# clobber each other on the PATH. But the need for 3x cc-wrappers, along with +# non-standard name prefixes, is annoying and liable to break packages' build +# systems. +# +# Instead, we opt to have just one cc-wrapper per absolute platform. Matching +# convention, the binaries' names can just be prefixed with their target +# platform. On the other hand, that means packages will depend on not just +# multiple cc-wrappers, but the exact same cc-wrapper derivation multiple ways. +# That means the exact same cc-wrapper derivation must be able to avoid +# conflicting with itself, despite the fact that `setup-hook.sh`, the `addCvars` +# function, and `add-flags.sh` are all communicating with each other with +# environment variables. Yuck. +# +# The basic strategy is: +# +# - Everyone exclusively *adds information* to relative-platform-specific +# environment variables, like `NIX_TARGET_CFLAGS_COMPILE`, to communicate +# with the wrapped binaries. +# +# - The wrapped binaries will exclusively *read* cc-wrapper-derivation-specific +# environment variables distinguished with with `infixSalt`, like +# `NIX_@infixSalt@_CFLAGS_COMPILE`. +# +# - `add-flags`, beyond its old task of reading extra flags stuck inside the +# cc-wrapper derivation, will convert the relative-platform-specific +# variables to cc-wrapper-derivation-specific variables. This conversion is +# the only time all but one of the cc-wrapper-derivation-specific variables +# are set. +# +# This ensures the flow of information is exclusive from +# relative-platform-specific variables to cc-wrapper-derivation-specific +# variables. This allows us to support the general case of a many--many relation +# between relative platforms and cc-wrapper derivations. +# +# For more details, read the individual files where the mechanisms used to +# accomplish this will be individually documented. + + +# It's fine that any other cc-wrapper will redefine this. Bash functions close +# over no state, and there's no @-substitutions within, so any redefined +# function is guaranteed to be exactly the same. +ccWrapper_addCVars () { + # The `depOffset` describes how the platforms of the dependencies are slid + # relative to the depending package. It is brought into scope of the + # environment hook defined as the role of the dependency being applied. + case $depOffset in + -1) local role='BUILD_' ;; + 0) local role='' ;; + 1) local role='TARGET_' ;; + *) echo "cc-wrapper: Error: Cannot be used with $depOffset-offset deps, " >2; + return 1 ;; + esac + if [[ -d "$1/include" ]]; then - export NIX_CFLAGS_COMPILE+=" ${ccIncludeFlag:--isystem} $1/include" + export NIX_${role}CFLAGS_COMPILE+=" ${ccIncludeFlag:--isystem} $1/include" fi if [[ -d "$1/lib64" && ! -L "$1/lib64" ]]; then - export NIX_LDFLAGS+=" -L$1/lib64" + export NIX_${role}LDFLAGS+=" -L$1/lib64" fi if [[ -d "$1/lib" ]]; then - export NIX_LDFLAGS+=" -L$1/lib" + export NIX_${role}LDFLAGS+=" -L$1/lib" fi if [[ -d "$1/Library/Frameworks" ]]; then - export NIX_CFLAGS_COMPILE+=" -F$1/Library/Frameworks" + export NIX_${role}CFLAGS_COMPILE+=" -F$1/Library/Frameworks" fi } -envHooks+=(addCVars) +# Since the same cc-wrapper derivation can be depend on in multiple ways, we +# need to accumulate *each* role (i.e. target platform relative the depending +# derivation) in which the cc-wrapper derivation is used. +# `NIX_CC_WRAPPER_@infixSalt@_TARGET_*` tracks this (needs to be an exported env +# var so can't use fancier data structures). +# +# We also need to worry about what role is being added on *this* invocation of +# setup-hook, which `role` tracks. +if [ -n "${crossConfig:-}" ]; then + export NIX_CC_WRAPPER_@infixSalt@_TARGET_BUILD=1 + role="BUILD_" +else + export NIX_CC_WRAPPER_@infixSalt@_TARGET_HOST=1 + role="" +fi + +# Eventually the exact sort of env-hook we create will depend on the role. This +# is because based on what relative platform we are targeting, we use different +# dependencies. +envHooks+=(ccWrapper_addCVars) # Note 1: these come *after* $out in the PATH (see setup.sh). # Note 2: phase separation makes this look useless to shellcheck. @@ -41,16 +131,12 @@ if [ -n "@coreutils_bin@" ]; then addToSearchPath _PATH @coreutils_bin@/bin fi -if [ -z "${crossConfig:-}" ]; then - ENV_PREFIX="" -else - ENV_PREFIX="BUILD_" -fi +# Export tool environment variables so various build systems use the right ones. -export NIX_${ENV_PREFIX}CC=@out@ +export NIX_${role}CC=@out@ -export ${ENV_PREFIX}CC=@named_cc@ -export ${ENV_PREFIX}CXX=@named_cxx@ +export ${role}CC=@named_cc@ +export ${role}CXX=@named_cxx@ for CMD in \ cpp \ @@ -59,9 +145,9 @@ do if PATH=$_PATH type -p "@binPrefix@$CMD" > /dev/null then - export "${ENV_PREFIX}$(echo "$CMD" | tr "[:lower:]" "[:upper:]")=@binPrefix@${CMD}"; + export "${role}$(echo "$CMD" | tr "[:lower:]" "[:upper:]")=@binPrefix@${CMD}"; fi done -# No local scope available for sourced files -unset ENV_PREFIX +# No local scope in sourced file +unset role diff --git a/pkgs/build-support/cc-wrapper/utils.sh b/pkgs/build-support/cc-wrapper/utils.sh index 267044b2c4f3..5a70c2d9ccf3 100644 --- a/pkgs/build-support/cc-wrapper/utils.sh +++ b/pkgs/build-support/cc-wrapper/utils.sh @@ -1,5 +1,5 @@ skip () { - if [ -n "$NIX_DEBUG" ]; then + if [ -n "${NIX_DEBUG:-}" ]; then echo "skipping impure path $1" >&2 fi } diff --git a/pkgs/build-support/setup-hooks/die.sh b/pkgs/build-support/setup-hooks/die.sh new file mode 100644 index 000000000000..0db41e030f4c --- /dev/null +++ b/pkgs/build-support/setup-hooks/die.sh @@ -0,0 +1,21 @@ +# Exit with backtrace and error message +# +# Usage: die "Error message" +die() { + # Let us be a little sloppy with errors, because otherwise the final + # invocation of `caller` below will cause the script to exit. + set +e + + # Print our error message + printf "\nBuilder called die: %b\n" "$*" + printf "Backtrace:\n" + + # Print a backtrace. + local frame=0 + while caller $frame; do + ((frame++)); + done + printf "\n" + + exit 1 +} diff --git a/pkgs/build-support/setup-hooks/make-wrapper.sh b/pkgs/build-support/setup-hooks/make-wrapper.sh index eebde886a884..cde28fbbcaf1 100644 --- a/pkgs/build-support/setup-hooks/make-wrapper.sh +++ b/pkgs/build-support/setup-hooks/make-wrapper.sh @@ -1,3 +1,12 @@ +# Assert that FILE exists and is executable +# +# assertExecutable FILE +assertExecutable() { + local file="$1" + [[ -f "${file}" && -x "${file}" ]] || \ + die "Cannot wrap ${file} because it is not an executable file" +} + # construct an executable file that wraps the actual executable # makeWrapper EXECUTABLE ARGS @@ -24,6 +33,8 @@ makeWrapper() { local params varName value command separator n fileNames local argv0 flagsBefore flags + assertExecutable "${original}" + mkdir -p "$(dirname "$wrapper")" echo "#! $SHELL -e" > "$wrapper" @@ -32,26 +43,20 @@ makeWrapper() { for ((n = 2; n < ${#params[*]}; n += 1)); do p="${params[$n]}" - if test "$p" = "--set"; then + if [[ "$p" == "--set" ]]; then varName="${params[$((n + 1))]}" value="${params[$((n + 2))]}" n=$((n + 2)) echo "export $varName=\"$value\"" >> "$wrapper" - fi - - if test "$p" = "--unset"; then + elif [[ "$p" == "--unset" ]]; then varName="${params[$((n + 1))]}" n=$((n + 1)) echo "unset $varName" >> "$wrapper" - fi - - if test "$p" = "--run"; then + elif [[ "$p" == "--run" ]]; then command="${params[$((n + 1))]}" n=$((n + 1)) echo "$command" >> "$wrapper" - fi - - if test "$p" = "--suffix" -o "$p" = "--prefix"; then + elif [[ ("$p" == "--suffix") || ("$p" == "--prefix") ]]; then varName="${params[$((n + 1))]}" separator="${params[$((n + 2))]}" value="${params[$((n + 3))]}" @@ -63,9 +68,7 @@ makeWrapper() { echo "export $varName=$value\${$varName:+$separator}\$$varName" >> "$wrapper" fi fi - fi - - if test "$p" = "--suffix-each"; then + elif [[ "$p" == "--suffix-each" ]]; then varName="${params[$((n + 1))]}" separator="${params[$((n + 2))]}" values="${params[$((n + 3))]}" @@ -73,9 +76,7 @@ makeWrapper() { for value in $values; do echo "export $varName=\$$varName\${$varName:+$separator}$value" >> "$wrapper" done - fi - - if test "$p" = "--suffix-contents" -o "$p" = "--prefix-contents"; then + elif [[ ("$p" == "--suffix-contents") || ("$p" == "--prefix-contents") ]]; then varName="${params[$((n + 1))]}" separator="${params[$((n + 2))]}" fileNames="${params[$((n + 3))]}" @@ -87,17 +88,15 @@ makeWrapper() { echo "export $varName=$(cat "$fileName")\${$varName:+$separator}\$$varName" >> "$wrapper" fi done - fi - - if test "$p" = "--add-flags"; then + elif [[ "$p" == "--add-flags" ]]; then flags="${params[$((n + 1))]}" n=$((n + 1)) flagsBefore="$flagsBefore $flags" - fi - - if test "$p" = "--argv0"; then + elif [[ "$p" == "--argv0" ]]; then argv0="${params[$((n + 1))]}" n=$((n + 1)) + else + die "makeWrapper doesn't understand the arg $p" fi done @@ -131,6 +130,9 @@ filterExisting() { wrapProgram() { local prog="$1" local hidden + + assertExecutable "${prog}" + hidden="$(dirname "$prog")/.$(basename "$prog")"-wrapped while [ -e "$hidden" ]; do hidden="${hidden}_" @@ -138,5 +140,5 @@ wrapProgram() { mv "$prog" "$hidden" # Silence warning about unexpanded $0: # shellcheck disable=SC2016 - makeWrapper "$hidden" "$prog" --argv0 '$0' "$@" + makeWrapper "$hidden" "$prog" --argv0 '$0' "${@:2}" } diff --git a/pkgs/desktops/gnome-3/3.22/core/evolution-data-server/default.nix b/pkgs/desktops/gnome-3/3.22/core/evolution-data-server/default.nix index a8c3f724b850..c2038ecdce60 100644 --- a/pkgs/desktops/gnome-3/3.22/core/evolution-data-server/default.nix +++ b/pkgs/desktops/gnome-3/3.22/core/evolution-data-server/default.nix @@ -19,7 +19,7 @@ stdenv.mkDerivation rec { enableParallelBuilding = true; preFixup = '' - for f in "$out/libexec/"*; do + for f in $(find $out/libexec/ -type f -executable); do wrapProgram "$f" \ --prefix XDG_DATA_DIRS : "$GSETTINGS_SCHEMAS_PATH" \ --prefix GIO_EXTRA_MODULES : "${stdenv.lib.getLib dconf}/lib/gio/modules" diff --git a/pkgs/development/interpreters/python/wrapper.nix b/pkgs/development/interpreters/python/wrapper.nix index f95e51c82ee7..9f355ddefda7 100644 --- a/pkgs/development/interpreters/python/wrapper.nix +++ b/pkgs/development/interpreters/python/wrapper.nix @@ -28,7 +28,9 @@ let for prg in *; do if [ -f "$prg" ]; then rm -f "$out/bin/$prg" - makeWrapper "$path/bin/$prg" "$out/bin/$prg" --set PYTHONHOME "$out" --set PYTHONNOUSERSITE "true" + if [ -x "$prg" ]; then + makeWrapper "$path/bin/$prg" "$out/bin/$prg" --set PYTHONHOME "$out" --set PYTHONNOUSERSITE "true" + fi fi done fi diff --git a/pkgs/development/libraries/serf/default.nix b/pkgs/development/libraries/serf/default.nix index c10a355dee02..001199cd8212 100644 --- a/pkgs/development/libraries/serf/default.nix +++ b/pkgs/development/libraries/serf/default.nix @@ -1,4 +1,5 @@ -{ stdenv, fetchurl, apr, scons, openssl, aprutil, zlib, kerberos, pkgconfig, gnused }: +{ stdenv, fetchurl, apr, scons, openssl, aprutil, zlib, kerberos +, pkgconfig, gnused, expat, openldap, libiconv }: stdenv.mkDerivation rec { name = "serf-1.3.9"; @@ -8,18 +9,22 @@ stdenv.mkDerivation rec { sha256 = "1k47gbgpp52049andr28y28nbwh9m36bbb0g8p0aka3pqlhjv72l"; }; - buildInputs = [ apr scons openssl aprutil zlib ] - ++ stdenv.lib.optional (!stdenv.isCygwin) kerberos - ++ [ pkgconfig ]; + nativeBuildInputs = [ pkgconfig ]; + buildInputs = [ apr scons openssl aprutil zlib libiconv ] + ++ stdenv.lib.optional (!stdenv.isCygwin) kerberos; - configurePhase = '' - ${gnused}/bin/sed -e '/^env[.]Append(BUILDERS/ienv.Append(ENV={"PATH":os.environ["PATH"]})' -i SConstruct - ${gnused}/bin/sed -e '/^env[.]Append(BUILDERS/ienv.Append(ENV={"NIX_CFLAGS_COMPILE":os.environ["NIX_CFLAGS_COMPILE"]})' -i SConstruct - ${gnused}/bin/sed -e '/^env[.]Append(BUILDERS/ienv.Append(ENV={"NIX_LDFLAGS":os.environ["NIX_LDFLAGS"]})' -i SConstruct + postPatch = '' + sed -e '/^env[.]Append(BUILDERS/ienv.Append(ENV={"PATH":os.environ["PATH"]})' \ + -e '/^env[.]Append(BUILDERS/ienv.Append(ENV={"NIX_CFLAGS_COMPILE":os.environ["NIX_CFLAGS_COMPILE"]})' \ + -e '/^env[.]Append(BUILDERS/ienv.Append(ENV={"NIX_LDFLAGS":os.environ["NIX_LDFLAGS"]})' \ + -e 's,$OPENSSL/lib,${openssl.out}/lib,' \ + -e 's,$OPENSSL/include,${openssl.dev}/include,' \ + -i SConstruct ''; buildPhase = '' - scons PREFIX="$out" OPENSSL="${openssl.dev}" ZLIB="${zlib.dev}" APR="$(echo "${apr.dev}"/bin/*-config)" \ + scons PREFIX="$out" OPENSSL="${openssl}" ZLIB="${zlib}" APR="$(echo "${apr.dev}"/bin/*-config)" CFLAGS="-I${zlib.dev}/include" \ + LINKFLAGS="-L${zlib.out}/lib -L${expat}/lib -L${openldap}/lib -L${libiconv}/lib" \ APU="$(echo "${aprutil.dev}"/bin/*-config)" CC="${ if stdenv.cc.isClang then "clang" else "${stdenv.cc}/bin/gcc" }" ${ diff --git a/pkgs/os-specific/linux/bcc/default.nix b/pkgs/os-specific/linux/bcc/default.nix index 38f57e7663eb..24686e73e23a 100644 --- a/pkgs/os-specific/linux/bcc/default.nix +++ b/pkgs/os-specific/linux/bcc/default.nix @@ -25,11 +25,13 @@ stdenv.mkDerivation rec { mv $out/share/bcc/man $out/share/ for f in $out/share/bcc/tools\/*; do - ln -s $f $out/bin/$(basename $f) - wrapProgram $f \ - --prefix LD_LIBRARY_PATH : $out/lib \ - --prefix PYTHONPATH : $out/lib/python2.7/site-packages \ - --prefix PYTHONPATH : :${pythonPackages.netaddr}/lib/${python.libPrefix}/site-packages + if [ -x $f ]; then + ln -s $f $out/bin/$(basename $f) + wrapProgram $f \ + --prefix LD_LIBRARY_PATH : $out/lib \ + --prefix PYTHONPATH : $out/lib/python2.7/site-packages \ + --prefix PYTHONPATH : ${pythonPackages.netaddr}/lib/${python.libPrefix}/site-packages + fi done ''; diff --git a/pkgs/stdenv/generic/setup.sh b/pkgs/stdenv/generic/setup.sh index dc3369f6611c..81ed1c635e17 100644 --- a/pkgs/stdenv/generic/setup.sh +++ b/pkgs/stdenv/generic/setup.sh @@ -336,8 +336,20 @@ fi # Set the relevant environment variables to point to the build inputs # found above. +# +# These `depOffset`s tell the env hook what sort of dependency +# (ignoring propagatedness) is being passed to the env hook. In a real +# language, we'd append a closure with this information to the +# relevant env hook array, but bash doesn't have closures, so it's +# easier to just pass this in. + _addToNativeEnv() { local pkg="$1" + if [[ -n "${crossConfig:-}" ]]; then + local -i depOffset=-1 + else + local -i depOffset=0 + fi # Run the package-specific hooks set by the setup-hook scripts. runHook envHook "$pkg" @@ -349,6 +361,7 @@ done _addToCrossEnv() { local pkg="$1" + local -i depOffset=0 # Run the package-specific hooks set by the setup-hook scripts. runHook crossEnvHook "$pkg" diff --git a/pkgs/tools/archivers/unzip/default.nix b/pkgs/tools/archivers/unzip/default.nix index a35e473ec366..7c4bb988b629 100644 --- a/pkgs/tools/archivers/unzip/default.nix +++ b/pkgs/tools/archivers/unzip/default.nix @@ -37,7 +37,7 @@ stdenv.mkDerivation { makefile = "unix/Makefile"; - ${"NIX_${stdenv.cc.infixSalt_}LDFLAGS"} = [ "-lbz2" ] ++ stdenv.lib.optional enableNLS "-lnatspec"; + NIX_LDFLAGS = [ "-lbz2" ] ++ stdenv.lib.optional enableNLS "-lnatspec"; buildFlags = "generic D_USE_BZ2=-DUSE_BZIP2 L_BZ2=-lbz2"; diff --git a/pkgs/tools/misc/screenfetch/default.nix b/pkgs/tools/misc/screenfetch/default.nix index c138261f9a33..a781ff910270 100644 --- a/pkgs/tools/misc/screenfetch/default.nix +++ b/pkgs/tools/misc/screenfetch/default.nix @@ -21,17 +21,10 @@ stdenv.mkDerivation { # Fix all of the depedencies of screenfetch patchShebangs $out/bin/screenfetch wrapProgram "$out/bin/screenfetch" \ - --set PATH : "" \ - --prefix PATH : "${coreutils}/bin" \ - --prefix PATH : "${gawk}/bin" \ - --prefix PATH : "${procps}/bin" \ - --prefix PATH : "${gnused}/bin" \ - --prefix PATH : "${findutils}/bin" \ - --prefix PATH : "${xdpyinfo}/bin" \ - --prefix PATH : "${xprop}/bin" \ - --prefix PATH : "${gnugrep}/bin" \ - --prefix PATH : "${ncurses}/bin" \ - --prefix PATH : "${bc}/bin" + --set PATH ${stdenv.lib.makeBinPath [ + coreutils gawk procps gnused findutils xdpyinfo + xprop gnugrep ncurses bc + ]} ''; meta = { diff --git a/pkgs/tools/package-management/nix-prefetch-scripts/default.nix b/pkgs/tools/package-management/nix-prefetch-scripts/default.nix index f37940c65c1e..291b1a7c6002 100644 --- a/pkgs/tools/package-management/nix-prefetch-scripts/default.nix +++ b/pkgs/tools/package-management/nix-prefetch-scripts/default.nix @@ -19,7 +19,7 @@ let mkPrefetchScript = tool: src: deps: done wrapArgs="$wrapArgs --prefix PATH : ${gnused}/bin" wrapArgs="$wrapArgs --prefix PATH : ${nix.out}/bin" # For nix-hash - wrapArgs="$wrapArgs --set HOME : /homeless-shelter" + wrapArgs="$wrapArgs --set HOME /homeless-shelter" wrapProgram $out/bin/$name $wrapArgs ''; diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 2b7fa8ef239a..a31aefbab694 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -100,6 +100,8 @@ with pkgs; diffPlugins = (callPackage ../build-support/plugins.nix {}).diffPlugins; + dieHook = makeSetupHook {} ../build-support/setup-hooks/die.sh; + dockerTools = callPackage ../build-support/docker { }; docker_compose = pythonPackages.docker_compose; @@ -287,7 +289,8 @@ with pkgs; inherit contents compressor prepend; }; - makeWrapper = makeSetupHook { } ../build-support/setup-hooks/make-wrapper.sh; + makeWrapper = makeSetupHook { deps = [ dieHook ]; } + ../build-support/setup-hooks/make-wrapper.sh; makeModulesClosure = { kernel, rootModules, allowMissing ? false }: callPackage ../build-support/kernel/modules-closure.nix {