diff options
Diffstat (limited to 'pkgs/build-support/bintools-wrapper/default.nix')
| -rw-r--r-- | pkgs/build-support/bintools-wrapper/default.nix | 51 |
1 files changed, 19 insertions, 32 deletions
diff --git a/pkgs/build-support/bintools-wrapper/default.nix b/pkgs/build-support/bintools-wrapper/default.nix index 2a1fe1344e205..6e97d0cf00fab 100644 --- a/pkgs/build-support/bintools-wrapper/default.nix +++ b/pkgs/build-support/bintools-wrapper/default.nix @@ -45,19 +45,21 @@ "relro" "stackprotector" "strictoverflow" - ] ++ lib.optional (with stdenvNoCC; - # Musl-based platforms will keep "pie", other platforms will not. - # If you change this, make sure to update section `{#sec-hardening-in-nixpkgs}` - # in the nixpkgs manual to inform users about the defaults. - targetPlatform.libc == "musl" - # Except when: - # - static aarch64, where compilation works, but produces segfaulting dynamically linked binaries. - # - static armv7l, where compilation fails. - && !(targetPlatform.isAarch && targetPlatform.isStatic) - ) "pie" - -# Darwin code signing support utilities -, postLinkSignHook ? null, signingUtils ? null + "zerocallusedregs" + ] ++ lib.optional (with stdenvNoCC; lib.any (x: x) [ + # OpenBSD static linking requires PIE + (with targetPlatform; isOpenBSD && isStatic) + (lib.all (x: x) [ + # Musl-based platforms will keep "pie", other platforms will not. + # If you change this, make sure to update section `{#sec-hardening-in-nixpkgs}` + # in the nixpkgs manual to inform users about the defaults. + (targetPlatform.libc == "musl") + # Except when: + # - static aarch64, where compilation works, but produces segfaulting dynamically linked binaries. + # - static armv7l, where compilation fails. + (!(targetPlatform.isAarch && targetPlatform.isStatic)) + ]) + ]) "pie" }: assert propagateDoc -> bintools ? man; @@ -118,12 +120,15 @@ let else if targetPlatform.libc == "nblibc" then "${sharedLibraryLoader}/libexec/ld.elf_so" else if targetPlatform.system == "i686-linux" then "${sharedLibraryLoader}/lib/ld-linux.so.2" else if targetPlatform.system == "x86_64-linux" then "${sharedLibraryLoader}/lib/ld-linux-x86-64.so.2" + else if targetPlatform.system == "s390x-linux" then "${sharedLibraryLoader}/lib/ld64.so.1" # ELFv1 (.1) or ELFv2 (.2) ABI else if targetPlatform.isPower64 then "${sharedLibraryLoader}/lib/ld64.so.*" # ARM with a wildcard, which can be "" or "-armhf". else if (with targetPlatform; isAarch32 && isLinux) then "${sharedLibraryLoader}/lib/ld-linux*.so.3" else if targetPlatform.system == "aarch64-linux" then "${sharedLibraryLoader}/lib/ld-linux-aarch64.so.1" else if targetPlatform.system == "powerpc-linux" then "${sharedLibraryLoader}/lib/ld.so.1" + else if targetPlatform.system == "s390-linux" then "${sharedLibraryLoader}/lib/ld.so.1" + else if targetPlatform.system == "s390x-linux" then "${sharedLibraryLoader}/lib/ld64.so.1" else if targetPlatform.isMips then "${sharedLibraryLoader}/lib/ld.so.1" # `ld-linux-riscv{32,64}-<abi>.so.1` else if targetPlatform.isRiscV then "${sharedLibraryLoader}/lib/ld-linux-riscv*.so.1" @@ -352,7 +357,7 @@ stdenvNoCC.mkDerivation { ## # TODO(@sternenseemann): make a generic strip wrapper? - + optionalString (bintools.isGNU or false) '' + + optionalString (bintools.isGNU or false || bintools.isCCTools or false) '' wrap ${targetPrefix}strip ${./gnu-binutils-strip-wrapper.sh} \ "${bintools_bin}/bin/${targetPrefix}strip" '' @@ -392,24 +397,6 @@ stdenvNoCC.mkDerivation { ) ## - ## Code signing on Apple Silicon - ## - + optionalString (targetPlatform.isDarwin && targetPlatform.isAarch64) '' - echo 'source ${postLinkSignHook}' >> $out/nix-support/post-link-hook - - export signingUtils=${signingUtils} - - wrap \ - ${targetPrefix}install_name_tool \ - ${./darwin-install_name_tool-wrapper.sh} \ - "${bintools_bin}/bin/${targetPrefix}install_name_tool" - - wrap \ - ${targetPrefix}strip ${./darwin-strip-wrapper.sh} \ - "${bintools_bin}/bin/${targetPrefix}strip" - '' - - ## ## Extra custom steps ## + extraBuildCommands; |