diff options
-rw-r--r-- | pkgs/applications/networking/go-graft/default.nix | 2 | ||||
-rw-r--r-- | pkgs/applications/version-management/gitsign/default.nix | 2 | ||||
-rw-r--r-- | pkgs/build-support/go/module.nix | 6 | ||||
-rw-r--r-- | pkgs/build-support/go/package.nix | 6 | ||||
-rw-r--r-- | pkgs/by-name/at/athens/package.nix | 2 | ||||
-rw-r--r-- | pkgs/by-name/up/uplosi/package.nix | 2 | ||||
-rw-r--r-- | pkgs/development/tools/gofumpt/default.nix | 6 | ||||
-rw-r--r-- | pkgs/development/tools/kind/default.nix | 2 | ||||
-rw-r--r-- | pkgs/tools/networking/tun2socks/default.nix | 2 | ||||
-rw-r--r-- | pkgs/tools/networking/v2ray/default.nix | 2 | ||||
-rw-r--r-- | pkgs/tools/networking/xray/default.nix | 2 | ||||
-rw-r--r-- | pkgs/tools/security/slsa-verifier/default.nix | 1 | ||||
-rw-r--r-- | pkgs/tools/security/step-ca/default.nix | 4 |
13 files changed, 25 insertions, 14 deletions
diff --git a/pkgs/applications/networking/go-graft/default.nix b/pkgs/applications/networking/go-graft/default.nix index ec9ca385e1ef8..14dbcea6277ba 100644 --- a/pkgs/applications/networking/go-graft/default.nix +++ b/pkgs/applications/networking/go-graft/default.nix @@ -13,7 +13,7 @@ buildGoModule rec { CGO_ENABLED = 0; - ldflags = [ "-X github.com/mzz2017/gg/cmd.Version=${version}" "-s" "-w" "-buildid=" ]; + ldflags = [ "-X github.com/mzz2017/gg/cmd.Version=${version}" "-s" "-w" ]; vendorHash = "sha256-fnM4ycqDyruCdCA1Cr4Ki48xeQiTG4l5dLVuAafEm14="; subPackages = [ "." ]; diff --git a/pkgs/applications/version-management/gitsign/default.nix b/pkgs/applications/version-management/gitsign/default.nix index cf804ddfb54c6..87b73391987ed 100644 --- a/pkgs/applications/version-management/gitsign/default.nix +++ b/pkgs/applications/version-management/gitsign/default.nix @@ -19,7 +19,7 @@ buildGoModule rec { nativeBuildInputs = [ makeWrapper ]; - ldflags = [ "-s" "-w" "-buildid=" "-X github.com/sigstore/gitsign/pkg/version.gitVersion=${version}" ]; + ldflags = [ "-s" "-w" "-X github.com/sigstore/gitsign/pkg/version.gitVersion=${version}" ]; preCheck = '' # test all paths diff --git a/pkgs/build-support/go/module.nix b/pkgs/build-support/go/module.nix index 2fb59c6348290..153b675d48aef 100644 --- a/pkgs/build-support/go/module.nix +++ b/pkgs/build-support/go/module.nix @@ -39,6 +39,8 @@ # Not needed with buildGoModule , goPackagePath ? "" +, ldflags ? [ ] + # needed for buildFlags{,Array} warning , buildFlags ? "" , buildFlagsArray ? "" @@ -154,6 +156,9 @@ let GOFLAGS = lib.optionals (!proxyVendor) [ "-mod=vendor" ] ++ lib.optionals (!allowGoReference) [ "-trimpath" ]; inherit CGO_ENABLED enableParallelBuilding GO111MODULE GOTOOLCHAIN; + # If not set to an explicit value, set the buildid empty for reproducibility. + ldflags = ldflags ++ lib.optionals (!lib.any (lib.hasPrefix "-buildid=") ldflags) [ "-buildid=" ]; + configurePhase = args.configurePhase or ('' runHook preConfigure @@ -301,4 +306,5 @@ in lib.warnIf (args' ? vendorSha256) "`vendorSha256` is deprecated. Use `vendorHash` instead" lib.warnIf (buildFlags != "" || buildFlagsArray != "") "Use the `ldflags` and/or `tags` attributes instead of `buildFlags`/`buildFlagsArray`" +lib.warnIf (builtins.elem "-buildid=" ldflags) "`-buildid=` is set by default as ldflag by buildGoModule" package diff --git a/pkgs/build-support/go/package.nix b/pkgs/build-support/go/package.nix index 7e099b76f0b76..8ca5ca0dca011 100644 --- a/pkgs/build-support/go/package.nix +++ b/pkgs/build-support/go/package.nix @@ -37,6 +37,8 @@ , CGO_ENABLED ? go.CGO_ENABLED +, ldflags ? [ ] + # needed for buildFlags{,Array} warning , buildFlags ? "" , buildFlagsArray ? "" @@ -91,6 +93,9 @@ let GOARM = toString (lib.intersectLists [(stdenv.hostPlatform.parsed.cpu.version or "")] ["5" "6" "7"]); + # If not set to an explicit value, set the buildid empty for reproducibility. + ldflags = ldflags ++ lib.optionals (!lib.any (lib.hasPrefix "-buildid=") ldflags) [ "-buildid=" ]; + configurePhase = args.configurePhase or ('' runHook preConfigure @@ -280,4 +285,5 @@ let in lib.warnIf (buildFlags != "" || buildFlagsArray != "") "Use the `ldflags` and/or `tags` attributes instead of `buildFlags`/`buildFlagsArray`" +lib.warnIf (builtins.elem "-buildid=" ldflags) "`-buildid=` is set by default as ldflag by buildGoModule" package diff --git a/pkgs/by-name/at/athens/package.nix b/pkgs/by-name/at/athens/package.nix index e6095f7691a19..c53c571c036f2 100644 --- a/pkgs/by-name/at/athens/package.nix +++ b/pkgs/by-name/at/athens/package.nix @@ -18,7 +18,7 @@ buildGoModule rec { vendorHash = "sha256-8+PdkanodNZW/xeFf+tDm3Ej7DRSpBBtiT/CqjnWthw="; CGO_ENABLED = "0"; - ldflags = [ "-s" "-w" "-buildid=" "-X github.com/gomods/athens/pkg/build.version=${version}" ]; + ldflags = [ "-s" "-w" "-X github.com/gomods/athens/pkg/build.version=${version}" ]; subPackages = [ "cmd/proxy" ]; diff --git a/pkgs/by-name/up/uplosi/package.nix b/pkgs/by-name/up/uplosi/package.nix index 05e38ca8026c7..738f7ea5a5673 100644 --- a/pkgs/by-name/up/uplosi/package.nix +++ b/pkgs/by-name/up/uplosi/package.nix @@ -16,7 +16,7 @@ buildGo121Module rec { vendorHash = "sha256-RsjUPLe8omoN+XGyNhHDxzNfZR7VVTkh/f/On1oCRqM="; CGO_ENABLED = "0"; - ldflags = [ "-s" "-w" "-buildid=" "-X main.version=${version}" ]; + ldflags = [ "-s" "-w" "-X main.version=${version}" ]; flags = [ "-trimpath" ]; meta = with lib; { diff --git a/pkgs/development/tools/gofumpt/default.nix b/pkgs/development/tools/gofumpt/default.nix index 6becc6f4002d4..36e38163e2a77 100644 --- a/pkgs/development/tools/gofumpt/default.nix +++ b/pkgs/development/tools/gofumpt/default.nix @@ -21,7 +21,11 @@ buildGoModule rec { CGO_ENABLED = "0"; - ldflags = "-s -w -X main.version=v${version}"; + ldflags = [ + "-s" + "-w" + "-X main.version=v${version}" + ]; checkFlags = [ # Requires network access (Error: module lookup disabled by GOPROXY=off). diff --git a/pkgs/development/tools/kind/default.nix b/pkgs/development/tools/kind/default.nix index 63f6fff66b623..1f58fd637a6de 100644 --- a/pkgs/development/tools/kind/default.nix +++ b/pkgs/development/tools/kind/default.nix @@ -20,7 +20,7 @@ buildGoModule rec { CGO_ENABLED = 0; GOFLAGS = [ "-trimpath" ]; - ldflags = [ "-buildid=" "-w" ]; + ldflags = [ "-w" ]; doCheck = false; diff --git a/pkgs/tools/networking/tun2socks/default.nix b/pkgs/tools/networking/tun2socks/default.nix index 9296b0df0068e..37019a38b348b 100644 --- a/pkgs/tools/networking/tun2socks/default.nix +++ b/pkgs/tools/networking/tun2socks/default.nix @@ -17,7 +17,7 @@ buildGoModule rec { vendorHash = "sha256-zeiOcn33PnyoseYb0wynkn7MfGp3rHEYBStY98C6aR8="; ldflags = [ - "-w" "-s" "-buildid=" + "-w" "-s" "-X github.com/xjasonlyu/tun2socks/v2/internal/version.Version=v${version}" "-X github.com/xjasonlyu/tun2socks/v2/internal/version.GitCommit=v${version}" ]; diff --git a/pkgs/tools/networking/v2ray/default.nix b/pkgs/tools/networking/v2ray/default.nix index 1da2adba9d542..4d783fb47345f 100644 --- a/pkgs/tools/networking/v2ray/default.nix +++ b/pkgs/tools/networking/v2ray/default.nix @@ -19,7 +19,7 @@ buildGoModule rec { # https://github.com/Mic92/nix-update/pull/95 vendorHash = "sha256-ZBvHu4BEmQi6PQwRHuVwx/6X4gBqlRR44OktKRBGcs4="; - ldflags = [ "-s" "-w" "-buildid=" ]; + ldflags = [ "-s" "-w" ]; subPackages = [ "main" ]; diff --git a/pkgs/tools/networking/xray/default.nix b/pkgs/tools/networking/xray/default.nix index bb317055dc041..683cd9e484479 100644 --- a/pkgs/tools/networking/xray/default.nix +++ b/pkgs/tools/networking/xray/default.nix @@ -26,7 +26,7 @@ buildGoModule rec { doCheck = false; - ldflags = [ "-s" "-w" "-buildid=" ]; + ldflags = [ "-s" "-w" ]; subPackages = [ "main" ]; installPhase = '' diff --git a/pkgs/tools/security/slsa-verifier/default.nix b/pkgs/tools/security/slsa-verifier/default.nix index d02b574b1563b..5a6ab18a49ec5 100644 --- a/pkgs/tools/security/slsa-verifier/default.nix +++ b/pkgs/tools/security/slsa-verifier/default.nix @@ -27,7 +27,6 @@ buildGoModule rec { ldflags = [ "-s" "-w" - "-buildid=" "-X sigs.k8s.io/release-utils/version.gitVersion=${version}" ]; diff --git a/pkgs/tools/security/step-ca/default.nix b/pkgs/tools/security/step-ca/default.nix index 5c1463ec117b8..6bdbfa02d62a3 100644 --- a/pkgs/tools/security/step-ca/default.nix +++ b/pkgs/tools/security/step-ca/default.nix @@ -23,10 +23,6 @@ buildGoModule rec { vendorHash = "sha256-AXMMpzXEhdKSGeVg/KK2NEgalxIXP6DUTcoxOQVqow4="; - ldflags = [ - "-buildid=" - ]; - nativeBuildInputs = lib.optionals hsmSupport [ pkg-config ]; |