Commit graph

2435 commits

Author SHA1 Message Date
Antoine Eiche
35f205a4b6 dockerTools.buildImage: Switch to the format image generated by Skopeo
We were using 'Combined Image JSON + Filesystem Changeset Format' [1] to
unpack and pack image and this patch switches to the format used by the registry.

We used the 'repository' file which is not generated by Skopeo when it
pulls an image. Moreover, all information of this file are also in the
manifest.json file.
We then use the manifest.json file instead of 'repository' file. Note
also the manifest.json file is required to push an image with Skopeo.

Fix #29636

[1] 749d90e10f/image/spec/v1.1.md (combined-image-json--filesystem-changeset-format)
2017-09-23 13:17:07 +02:00
Antoine Eiche
cb6fc52f99 dockerTools.buildImageWithNixDb: Make output paths valid and add gcroots
The database dump doesn't contain sha and size. This leads to invalid
path in the container. We have to fix the database by using
nix-store.
Note a better way to do this is available in Nix 1.12 (since the
database dump contains all required information).

We also add content output paths in the gcroots since they ca be used
by the container.
2017-09-20 20:14:29 +02:00
Antoine Eiche
df589a438e dockerTools.buildImageWithNixDb: populate the Nix Db of the image Nix store
Currently, the contents closure is copied to the layer but there is no
nix database initialization. If pkgs.nix is added in the contents,
nix-store doesn't work because there is no nix database.

From the contents of the layer, this commit generates and loads the
database in the nix store of the container. This only works if there
is no parent layer that already have a nix store (to support several
nix layers, we would have to merge nix databases of parent layers).

We also add an example to play with the nix store inside the
container. Note it seems `more` is a missing dependency of the nix
package!
2017-09-20 20:14:24 +02:00
John Ericson
6c74ee68b9 cc-wrapper, cc-wrapper-old: Simplify shell logic
1. `crossDrv` is now the default so we don't need to worry about that in
   build != host builds.

2. shell is the build time shell, so `wrapCCCross` doesn't need to
   worry, as build == host.

3. `shell.shellPath` will always be appended where useful.

4. Complicated `shell == ""` logic served no purpose.
2017-09-19 16:45:24 -04:00
John Ericson
6338c0b202 Merge pull request #29548 from obsidiansystems/cc-wrapper-cross-misc
cc-wrapper: Two trivial changes affecting cross compilation
2017-09-18 19:34:26 -04:00
John Ericson
13fc982e65 cc-wrapper: Use same dynamic loader on all Darwin, not just x86_64
In practice, this is correct because iOS is on ARM and puts the loader
there.
2017-09-18 19:25:58 -04:00
John Ericson
a44bbc72e6 cc-wrapper: Remove obsolete assertion
This was just causing evaluation problems on cross.
2017-09-18 19:22:57 -04:00
Michael Weiss
018a5ae2f4 fetchRepoProject: Fetch into $out and make it deterministic
Fetch into $out and remove all version control files to make it
deterministic (.repo and all .git subdirectories - e.g. the .git/index
files change every time).

Additionally I've changed the default of "useArchive" to false because
fetching with "--archive" will fail for some projects (e.g.
"platform/external/iosched" from the AOSP).

Now, this function should hopefully work for every tag of the AOSP.
2017-09-17 23:16:33 +02:00
Antoine Eiche
01174c5f4d dockerTools.pullImage: use skopeo to pull the image
Before this patch, a VM was used to spawn docker that pulled the
VM. Now, the tool Skopeo does this job well so we can simplify our
dockerTools since we doesn't need Docker anymore:)

This also fixe the regression described in
https://github.com/NixOS/nixpkgs/issues/29271 : cntlm proxy doesn't
work in 17.09 while it worked in 17.03.

Note Skopeo doesn't produce the same output than docker pull so, we
have to update sha.
2017-09-17 08:26:02 +01:00
Michael Weiss
337380ea1d gitRepo: Fix an error due to missing TLS certificates
This was a problem when run inside a sandbox, e.g. via
"fetchRepoProject". The error message from repo seems unrelated:

fatal: Cannot get https://gerrit.googlesource.com/git-repo/clone.bundle
fatal: error no host given

But the exception is actually thrown due to missing certificates
(/etc/ssl/certs). It should be possible to provide another location via
environment variables (e.g. SSL_CERT_FILE, REQUESTS_CA_BUNDLE or
CURL_CA_BUNDLE) but apparently that doesn't actually work for some
reason (would have to study our Python packaging).

Now "fetchRepoProject" works without the "--no-clone-bundle" option.
2017-09-16 22:13:56 +02:00
Michael Weiss
62b9d78b18 fetchRepoProject: Fix the GnuPG verification
The verification was failing with the following error:
gpg: keyblock resource '/tmp/nix-build-XYZ.drv-0/.repo/repo/./.repoconfig/gnupg/pubring.kbx': No such file or directory

Using an absolute path for $HOME fixes this.

And since 175ecbab91 the dependencies on
"git" and "gnupg" aren't required anymore as "gitRepo" already covers
them.
2017-09-16 17:57:14 +02:00
Michael Weiss
50ce8abccf fetchRepoProject: Refactor the code
Should hopefully make it a bit more readable and less redundant.
2017-09-16 17:25:25 +02:00
Frederik Rietdijk
03fa6965ad Merge remote-tracking branch 'upstream/master' into HEAD 2017-09-16 12:34:32 +02:00
John Ericson
12452178e8 Merge pull request #29381 from obsidiansystems/autoreconf-hook
autoreconfHook: Simplify by avoiding `findInputs`
2017-09-14 13:16:53 -04:00
John Ericson
d242978671 autoreconfHook: Simplify by avoiding findInputs
`findInputs` is a stdenv/setup helper we should strive not to call
elsewhere. Using normal deps is more idiomatic anyways.
2017-09-14 13:16:12 -04:00
Frederik Rietdijk
87f757e834 Merge pull request #27780 from tilpner/overridable-buildenv
Make buildEnv overridable
2017-09-14 17:26:33 +02:00
Domen Kožar
f49b7d3c88
vm: remove trusty-updates hash as it changes too often 2017-09-14 11:29:10 +02:00
Jörg Thalheim
9e7db9a9f9 Merge pull request #28963 from nlewo/docker-readiness
dockerTools.pullImage: change the docker deamon readiness mechanism
2017-09-13 10:39:16 +01:00
Frederik Rietdijk
628b6c0e9d Merge remote-tracking branch 'upstream/master' into HEAD 2017-09-11 22:52:53 +02:00
Domen Kožar
c7a152e5d0
vm: bump trusty-updates hash
In future we might just not use the updates if hash changes too
often.
2017-09-11 13:02:19 +02:00
Eelco Dolstra
ec8d41f08c
Revert "Merge pull request #28557 from obsidiansystems/binutils-wrapper"
This reverts commit 0a944b345e, reversing
changes made to 61733ed6cc.

I dislike these massive stdenv changes with unclear motivation,
especially when they involve gratuitous mass renames like NIX_CC ->
NIX_BINUTILS. The previous such rename (NIX_GCC -> NIX_CC) caused
months of pain, so let's not do that again.
2017-09-07 12:51:21 +02:00
John Ericson
eb326c9cb7 macos-sierra-shared: Fix, after binutils-wrapper broke it
cctool's as needs to be told use to use gnu as, or else we'd need a
dependency cycle between cctools and clang for this case.

In general, this is not a problem because clang uses its own integrated
assembler where possible, and gnu as otherwise.
2017-09-06 14:28:14 -04:00
John Ericson
3601a97e3c binutils-wrapper: Accidentally deleted macOS Sierra reexport hack
Did this when spliting off binutils-wrapper from cc-wrapper in
40e9b2a7e6: I deleted the file instead of
moving it.
2017-09-04 11:26:41 -04:00
Antoine Eiche
132e790735 dockerTools.pullImage: change the docker deamon readiness mechanism
To wait for the docker deamon, curl requests are sent. However, if a
http proxy is set, it will respond instead of the docker daemon.
To avoid this, we send docker ps command instead of curl command.
2017-09-04 10:52:16 +02:00
John Ericson
0a944b345e Merge pull request #28557 from obsidiansystems/binutils-wrapper
Binutils-wrapper: Init by refactoring out of cc-wrapper
2017-09-03 10:37:27 -04:00
Vladimír Čunát
51d6d27e90
Merge #28227: set-source-date-epoch-to-latest.sh: ignore generated files 2017-09-02 21:36:34 +02:00
Frederik Rietdijk
d0dab8a330 Merge remote-tracking branch 'upstream/master' into HEAD 2017-09-02 11:10:52 +02:00
John Ericson
dbf6d20d64 binutils-wrapper: Import separately from cc-wrapper 2017-09-01 11:44:56 -04:00
John Ericson
40e9b2a7e6 binutils-wrapper: Init
Factor a binutils wrapper out of cc-wrapper. While only LD is wrapped,
the setup hook defines environment variables on behalf of other
utilites.
2017-09-01 11:44:55 -04:00
John Ericson
fbb7d335db cc-wrapper: Use separate mangler for "bool" variables
This avoids any `NIX_FOOBAR=1 1` not triggering conditions.
2017-09-01 11:44:54 -04:00
John Ericson
1f5807d760 cc-wrapper: Pull variable mangler into utils.sh
In preparation for splitting out binutils-wrapper
2017-09-01 11:44:54 -04:00
John Ericson
94c0267fc1 cc-wrapper: Clean up dynamic linking with x86 multilib
It's better layering to do everything in ld-wrapper.
2017-09-01 11:44:54 -04:00
John Ericson
3d3a6e0fac cc-wrapper: Remove support for NIX_LDFLAGS_HARDEN
It has long been deprecated
2017-08-31 13:54:32 -04:00
John Ericson
46fd4bcb14 cc-wrapper: Remove {START,EXEC}_HOOK
These are no longer used by anything
2017-08-31 13:54:07 -04:00
Frederik Rietdijk
6d4bd78fad Merge commit '2858c41' into HEAD 2017-08-30 21:07:07 +02:00
John Ericson
97a48835b7 mkDerivation, cc-wrapper: Check hardening flag validity in Nix
This becomes necessary if more wrappers besides cc-wrapper start
supporting hardening flags. Also good to make the warning into an
error.

Also ensure interface is being used right: Not as a string, not just in
bash.
2017-08-30 17:53:42 +02:00
John Ericson
822a8d0148 cc-wrapper: Remove redundant hardening
GCC just passes `-z ...` flags to ld unaltered, and they are already
passed to LD anyways. On the other hand, `-pie` affects gcc behavior
too.
2017-08-30 17:53:42 +02:00
Antoine Eiche
d4b0883ad2 vm: Add trusty-updates to the packages list 2017-08-30 02:18:56 +02:00
Daiderd Jordan
5a28fd660a
darwin-frameworks: move fixup setup-hook 2017-08-28 23:25:11 +02:00
Daiderd Jordan
92652b4d79
darwin-CF: use @rpath for library id and add an rpath entry for CF based on NIX_COREFOUNDATION_RPATH 2017-08-28 23:24:58 +02:00
John Ericson
42e639066b Merge pull request #28556 from obsidiansystems/cc-wrapper-nix-cleanup
cc-wrapper: Cleanup of Nix
2017-08-26 17:48:34 -04:00
John Ericson
df7c305c4c cc-wrapper: Leverage the setup script instead of buildCommand 2017-08-25 15:10:05 -04:00
John Ericson
dc47e763c1 cc-wrapper: Use set -u for better maintainability 2017-08-25 15:10:05 -04:00
John Ericson
a470be5a16 expand-response-params: Build more normally 2017-08-25 15:10:02 -04:00
Frederik Rietdijk
656e14f64f Merge remote-tracking branch 'upstream/python-wip' into HEAD 2017-08-25 19:37:57 +02:00
John Ericson
287fce6402 expand-response-params: Pull out of cc-wrapper
No hashes were changed
2017-08-25 11:21:09 -04:00
Daniel Peebles
4f7f48fb1a Merge pull request #28521 from obsidiansystems/cc-wrapper-dead-code
cc-wrapper: Remove dead code
2017-08-24 16:05:51 -04:00
volth
0d80fabbf9 mirrors: update apache and cpan mirrors
removed dead mirrors, added new
2017-08-24 04:22:07 +00:00
Tuomas Tynkkynen
0c0fad6141 treewide: Consistently call ARM 'arm'
No need for silly differences.
2017-08-24 01:17:01 +03:00
John Ericson
08f3a60e7b cc-wrapper: Remove dead code
ccPath is only defined below, so this condition would never be true.

Worse, that's not quite true: what if somebody happend to have `/clang`
and no sandboxing. Boy, wouldn't that be annoying to debug!
2017-08-23 17:09:47 -04:00