Merge remote-tracking branch 'upstream/master' into hardened-stdenv

author: Robin Gloster <mail@glob.in> 2016-02-19 21:16:14 +0000
committer: Robin Gloster <mail@glob.in> 2016-02-19 21:16:14 +0000
commit: bc21db36925af6b79b070d6259c942b5b51239de (patch)
tree: 5489c46ac6a1f101cff9e9b46febcf7bead80404 /pkgs/stdenv
parent: ea84b3a915987edea0fca8545b0136867da16844 (diff)
parent: 5ea21d69f5312db17f9a9d98e439ad1f22d80f73 (diff)
4 files changed, 22 insertions, 9 deletions
diff --git a/pkgs/stdenv/darwin/default.nix b/pkgs/stdenv/darwin/default.nix
index c0c19a64c3c71..0af7071e21869 100644
--- a/pkgs/stdenv/darwin/default.nix
+++ b/pkgs/stdenv/darwin/default.nix
@@ -278,7 +278,7 @@ in rec {
       inherit stdenv shell;
       nativeTools = false;
       nativeLibc  = false;
-      inherit (pkgs) coreutils binutils;
+      inherit (pkgs) coreutils binutils gnugrep;
       inherit (pkgs.darwin) dyld;
       cc   = pkgs.llvmPackages.clang-unwrapped;
       libc = pkgs.darwin.Libsystem;
diff --git a/pkgs/stdenv/generic/setup.sh b/pkgs/stdenv/generic/setup.sh
index d8de9ab2390b9..7d25472993c59 100644
--- a/pkgs/stdenv/generic/setup.sh
+++ b/pkgs/stdenv/generic/setup.sh
@@ -371,6 +371,11 @@ export NIX_BUILD_CORES
 paxmark() { true; }
 
 
+# Prevent OpenSSL-based applications from using certificates in
+# /etc/ssl.
+export SSL_CERT_FILE=/no-cert-file.crt
+
+
 ######################################################################
 # Textual substitution functions.
 
@@ -480,9 +485,11 @@ _defaultUnpack() {
     if [ -d "$fn" ]; then
 
         stripHash "$fn"
-        # We can't preserve hardlinks because they may have been introduced by
-        # store optimization, which might break things in the build
-        cp -pr --reflink=auto --no-preserve=timestamps "$fn" $strippedName
+
+        # We can't preserve hardlinks because they may have been
+        # introduced by store optimization, which might break things
+        # in the build.
+        cp -pr --reflink=auto "$fn" $strippedName
 
     else
 
@@ -637,14 +644,14 @@ configurePhase() {
 
     # Add --disable-dependency-tracking to speed up some builds.
     if [ -z "$dontAddDisableDepTrack" ]; then
-        if grep -q dependency-tracking $configureScript; then
+        if grep -q dependency-tracking "$configureScript"; then
             configureFlags="--disable-dependency-tracking $configureFlags"
         fi
     fi
 
     # By default, disable static builds.
     if [ -z "$dontDisableStatic" ]; then
-        if grep -q enable-static $configureScript; then
+        if grep -q enable-static "$configureScript"; then
             configureFlags="--disable-static $configureFlags"
         fi
     fi
diff --git a/pkgs/stdenv/linux/default.nix b/pkgs/stdenv/linux/default.nix
index 12fc3fed5a5a4..ac7d8f5c706c2 100644
--- a/pkgs/stdenv/linux/default.nix
+++ b/pkgs/stdenv/linux/default.nix
@@ -64,7 +64,7 @@ rec {
   # the bootstrap.  In all stages, we build an stdenv and the package
   # set that can be built with that stdenv.
   stageFun =
-    {gccPlain, glibc, binutils, coreutils, name, overrides ? (pkgs: {}), extraBuildInputs ? []}:
+    {gccPlain, glibc, binutils, coreutils, gnugrep, name, overrides ? (pkgs: {}), extraBuildInputs ? []}:
 
     let
 
@@ -93,7 +93,7 @@ rec {
           cc = gccPlain;
           isGNU = true;
           libc = glibc;
-          inherit binutils coreutils;
+          inherit binutils coreutils gnugrep;
           name = name;
           stdenv = stage0.stdenv;
         };
@@ -125,6 +125,7 @@ rec {
     glibc = null;
     binutils = null;
     coreutils = null;
+    gnugrep = null;
     name = null;
 
     overrides = pkgs: {
@@ -160,6 +161,7 @@ rec {
     inherit (stage0.pkgs) glibc;
     binutils = bootstrapTools;
     coreutils = bootstrapTools;
+    gnugrep = bootstrapTools;
     name = "bootstrap-gcc-wrapper";
 
     # Rebuild binutils to use from stage2 onwards.
@@ -184,6 +186,7 @@ rec {
     inherit (stage1.pkgs) glibc;
     binutils = stage1.pkgs.binutils;
     coreutils = bootstrapTools;
+    gnugrep = bootstrapTools;
     name = "bootstrap-gcc-wrapper";
 
     overrides = pkgs: {
@@ -200,6 +203,7 @@ rec {
     gccPlain = bootstrapTools;
     inherit (stage2.pkgs) glibc binutils;
     coreutils = bootstrapTools;
+    gnugrep = bootstrapTools;
     name = "bootstrap-gcc-wrapper";
 
     overrides = pkgs: rec {
@@ -228,6 +232,7 @@ rec {
   # still from the bootstrap tools.
   stage4 = stageFun {
     inherit (stage3.pkgs) gccPlain glibc binutils;
+    gnugrep = bootstrapTools;
     coreutils = bootstrapTools;
     name = "";
 
@@ -244,7 +249,7 @@ rec {
         isGNU = true;
         cc = stage4.stdenv.cc.cc;
         libc = stage4.pkgs.glibc;
-        inherit (stage4.pkgs) binutils coreutils;
+        inherit (stage4.pkgs) binutils coreutils gnugrep;
         name = "";
         stdenv = stage4.stdenv;
         shell = stage4.pkgs.bash + "/bin/bash";
diff --git a/pkgs/stdenv/linux/make-bootstrap-tools.nix b/pkgs/stdenv/linux/make-bootstrap-tools.nix
index e31fed39843d9..7f7f4c6a2bd14 100644
--- a/pkgs/stdenv/linux/make-bootstrap-tools.nix
+++ b/pkgs/stdenv/linux/make-bootstrap-tools.nix
@@ -11,6 +11,7 @@ rec {
   });
 
   curlMinimal = curl.override {
+    http2Support = false;
     zlibSupport = false;
     sslSupport = false;
     scpSupport = false;
author	Robin Gloster <mail@glob.in>	2016-02-19 21:16:14 +0000
committer	Robin Gloster <mail@glob.in>	2016-02-19 21:16:14 +0000
commit	bc21db36925af6b79b070d6259c942b5b51239de (patch)
tree	5489c46ac6a1f101cff9e9b46febcf7bead80404 /pkgs/stdenv
parent	ea84b3a915987edea0fca8545b0136867da16844 (diff)
parent	5ea21d69f5312db17f9a9d98e439ad1f22d80f73 (diff)