Franz Pletz
3c06e5f6f7
cc-wrapper: check ld hardening capabilities in stdenv
2016-08-23 18:13:31 +02:00
Robin Gloster
07604ad631
add-hardening.sh: fix quotation
2016-08-23 15:27:51 +00:00
Robin Gloster
335d0097cf
cc-wrapper: add-{flags,hardening} -> add-{flags,hardening}.sh
2016-08-23 15:27:51 +00:00
Robin Gloster
5185bc1773
Merge remote-tracking branch 'upstream/master' into hardened-stdenv
2016-07-15 14:41:01 +00:00
Tuomas Tynkkynen
a06a405d0b
cross GCC: Fix some paths to libc headers (after multiple outputs)
...
It's not completely clear to me why the path to libc headers is set
differently when cross building...
2016-06-11 04:15:17 +03:00
Franz Pletz
f8d481754c
Merge remote-tracking branch 'origin/master' into hardened-stdenv
2016-05-18 17:10:02 +02:00
Vladimír Čunát
2cbb7bf9d1
cc-wrapper: add -B flag with cc.lib
...
This fixes `gcc --print-file-name=libstdc++.so`
and thus it should fix #14967 .
2016-05-04 14:23:54 +02:00
Nikolay Amiantov
5ff40ddedf
add get* helper functions and mass-replace manual outputs search with them
2016-04-25 13:24:39 +03:00
Robin Gloster
d020caa5b2
Merge remote-tracking branch 'upstream/master' into hardened-stdenv
2016-04-18 13:49:22 +00:00
Robin Gloster
3e68106afd
Merge remote-tracking branch 'upstream/master' into hardened-stdenv
2016-04-07 21:52:26 +00:00
Vladimír Čunát
d1df28f8e5
Merge 'staging' into closure-size
...
This is mainly to get the update of bootstrap tools.
Otherwise there were mysterious segfaults:
https://github.com/NixOS/nixpkgs/pull/7701#issuecomment-203389817
2016-04-07 14:40:51 +02:00
Tomasz Kontusz
6c9ce23c00
cc-wrapper: Fix a typo in param parsing ( close #14401 )
2016-04-02 20:51:48 +02:00
Vladimír Čunát
ab15a62c68
Merge branch 'master' into closure-size
...
Beware that stdenv doesn't build. It seems something more will be needed
than just resolution of merge conflicts.
2016-04-01 10:06:01 +02:00
Robin Gloster
f60c9df0ba
Merge remote-tracking branch 'upstream/master' into hardened-stdenv
2016-03-28 15:16:29 +00:00
Nikolay Amiantov
119c287c71
cc-wrapper: use Bash arrays properly
2016-03-24 21:13:11 +03:00
Nikolay Amiantov
0c6db0ca48
cc-wrapper: add option to skip flags for native optimizations
2016-03-24 20:16:17 +03:00
Nikolay Amiantov
87607af7a1
cc-wrapper: add C++-specific paths if -x c++
is passed
2016-03-14 06:58:18 +03:00
Robin Gloster
a9b942c061
cc-wrapper: treat hardeningDisable as string
...
This fixes passing the env variable to the ld-wrapper through the gcc
call. Wtf?!
2016-03-14 00:26:52 +00:00
Tristan Helmich
1a5acdb695
cc-wrapper: Add additional NIX_DEBUG statements
2016-03-11 14:02:07 +01:00
Tristan Helmich
7e2e0dfe7a
cc-wrapper: Use stderr for NIX_DEBUG output
...
Otherwise configure scripts might break when looking for the path to ld
2016-03-10 15:47:55 +01:00
Franz Pletz
514a478e61
cc-wrapper: Fix if syntax
2016-03-09 10:08:07 +01:00
Robin Gloster
9a5b070b45
hardening: debug with NIX_DEBUG
2016-03-08 20:51:35 +00:00
Vladimír Čunát
09af15654f
Merge master into closure-size
...
The kde-5 stuff still didn't merge well.
I hand-fixed what I saw, but there may be more problems.
2016-03-08 09:58:19 +01:00
Franz Pletz
baee91ec60
cc-wrapper: Check if ld supports -z, fixes darwin
2016-03-07 21:40:20 +01:00
Franz Pletz
b2b499e6c4
cc-wrapper: Increase number of functions for stackprotector
2016-03-07 01:30:40 +01:00
Franz Pletz
ab1092875a
cc-wrapper: Disable pie for linking static libs
2016-03-07 01:30:39 +01:00
Franz Pletz
63f60b6a13
cc-wrapper: Disable pie when linking shared libraries
2016-03-07 01:30:39 +01:00
Franz Pletz
05a02c53a0
cc-wrapper: -pie is a ldflag
2016-03-06 00:14:55 +01:00
Franz Pletz
aff1f4ab94
Use general hardening flag toggle lists
...
The following parameters are now available:
* hardeningDisable
To disable specific hardening flags
* hardeningEnable
To enable specific hardening flags
Only the cc-wrapper supports this right now, but these may be reused by
other wrappers, builders or setup hooks.
cc-wrapper supports the following flags:
* fortify
* stackprotector
* pie (disabled by default)
* pic
* strictoverflow
* format
* relro
* bindnow
2016-03-05 18:55:26 +01:00
Eelco Dolstra
d5bb6a1f9c
glibc: Enable separate debug symbols
...
The importance of glibc makes it worthwhile to provide debug
symbols. However, this revealed an issue with separateDebugInfo: it
was indiscriminately adding --build-id to all ld invocations, while in
fact it should only do that for final links. Glibc also uses non-final
("relocatable") links, leading to subsequent failure to apply a build
ID ("Cannot create .note.gnu.build-id section, --build-id
ignored"). So now ld-wrapper.sh only passes --build-id for final
links.
2016-02-28 02:57:37 +01:00
Eelco Dolstra
2040a9ac57
stdenv-linux: Ensure binutils comes before bootstrapTools in $PATH
...
Otherwise, when building glibc and other packages, the "strip" from
bootstrapTools is used, which doesn't recognise some tags produced by
the newer "ld" from binutils.
2016-02-28 01:13:15 +01:00
Vladimír Čunát
96cbdc70f2
cc-wrapper: fix #10574 : old gcc -> cc fallout
...
The part with gcc-wrapper-old changes is rather unimportant,
as it's almost unused but I still tested that the sole user `gnat` builds.
2016-02-05 14:05:14 +01:00
Vladimír Čunát
f89a136fd5
cc-wrapper: fixup branch interactions
...
c0599fdd61
and changes on closure-size didn't go well together.
2016-02-03 16:57:41 +01:00
Vladimír Čunát
ae74c356d9
Merge recent 'staging' into closure-size
...
Let's get rid of those merge conflicts.
2016-02-03 16:57:19 +01:00
Vladimír Čunát
a33fcc8731
cc-wrapper: attempt to fix on darwin
...
This fixes evaluation at least. I'm unable to test this myself and noone steps up;
https://github.com/NixOS/nixpkgs/pull/7701#issuecomment-174448705
however, Hydra's macs are idling so let's employ them for that.
2016-01-28 06:59:36 +01:00
Vladimír Čunát
8f48a9756b
cc-wrapper: quote when saving $PATH
2016-01-25 09:54:10 +01:00
Anthony Cowley
d96893647d
cc-wrapper: fix on darwin
...
The ld-wrapper.sh script calls `readlink` in some circumstances. We need
to ensure that this is the `readlink` from the `coreutils` package so
that flag support is as expected.
This is accomplished by explicitly setting PATH at the top of each shell
script.
Without doing this, the following happens with a trivial `main.c`:
```
nix-env -f "<nixpkgs>" -iA pkgs.clang
$ clang main.c -L /nix/../nix/store/2ankvagznq062x1gifpxwkk7fp3xwy63-xnu-2422.115.4/Library -o a.out
readlink: illegal option -- f
usage: readlink [-n] [file ...]
```
The key element is the `..` in the path supplied to the linker via a
`-L` flag. With this patch, the above invocation works correctly on
darwin, whose native `/usr/bin/readlink` does not support the `-f` flag.
The explicit path also ensures that the `grep` called by `cc-wrapper.sh`
is the one from Nix.
Fixes #6447
2016-01-19 17:47:11 -05:00
Vladimír Čunát
716aac2519
Merge branch 'staging' into closure-size
2016-01-19 09:55:31 +01:00
Eelco Dolstra
2b5ed58099
cc-wrapper: Don't mess with __DATE__ and __TIME__
...
This is handled by $SOURCE_DATE_EPOCH now.
2016-01-05 17:21:48 +01:00
Vladimír Čunát
e22d26bedb
cc-wrapper: small changes, mostly just cosmetic ones
2016-01-02 11:14:09 +01:00
Luca Bruno
5b0352a6a4
Merge branch 'master' into closure-size
2015-12-11 18:31:00 +01:00
Danny Wilson
f17dea3b3d
Fix compilation of GCC 4.9 on SmartOS.
...
Fix ld-solaris-wrapper never calling ld (since gcc->cc-wrapper refactor).
2015-11-16 17:20:16 +01:00
Vladimír Čunát
efcad4c910
gcc5: split $doc into $man and $info
...
... because cc-wrapper is meant to propagate man pages into user envs,
and info pages are rather large.
Also replace the duplicate g++ and gcc man1 pages by a symlink.
2015-10-28 10:15:55 +01:00
Vladimír Čunát
55d129609d
cc-wrapper: correct ccLDFlags with multiple outputs
...
Note: -B argument seems more like for gcc's main output,
though it's used in a bit strange way here.
(Upstream default is /usr/lib/gcc/ which we don't move.)
2015-10-28 10:15:54 +01:00
Vladimír Čunát
cd7a78d7e4
cc-wrapper: fix typo ignoring flags; fixes #10574
2015-10-28 10:15:54 +01:00
Vladimír Čunát
5227fb1dd5
Merge commit staging+systemd into closure-size
...
Many non-conflict problems weren't (fully) resolved in this commit yet.
2015-10-03 13:33:37 +02:00
Jude Taylor
80e09678f7
darwin: use system dyld
...
see https://github.com/NixOS/nixpkgs/issues/9432
2015-08-25 11:12:09 -07:00
Jude Taylor
ef95107ddc
make isClang work the way a user might expect
2015-08-12 11:27:54 -07:00
Vladimír Čunát
615f64dcbe
gcc_multi: disable the hook moving lib64 to lib
...
This was preventing wine from build, and we typically don't want it
anyway in multilib builds. /cc #8706 .
2015-07-20 13:43:52 +02:00
Eelco Dolstra
553abf71ba
Merge remote-tracking branch 'origin/staging' into gcc-4.9
...
Conflicts:
pkgs/build-support/cc-wrapper/default.nix
pkgs/development/libraries/wayland/default.nix
pkgs/development/tools/build-managers/cmake/default.nix
pkgs/top-level/all-packages.nix
2015-06-01 20:08:43 +02:00