diff options
Diffstat (limited to 'pkgs/build-support')
10 files changed, 68 insertions, 59 deletions
diff --git a/pkgs/build-support/dotnet/build-dotnet-module/hooks/default.nix b/pkgs/build-support/dotnet/build-dotnet-module/hooks/default.nix index bce3d799fbb1a..a72f0291a872b 100644 --- a/pkgs/build-support/dotnet/build-dotnet-module/hooks/default.nix +++ b/pkgs/build-support/dotnet/build-dotnet-module/hooks/default.nix @@ -20,7 +20,7 @@ in dotnetConfigureHook = callPackage ({ }: makeSetupHook { name = "dotnet-configure-hook"; - deps = [ dotnet-sdk nuget-source ]; + propagatedBuildInputs = [ dotnet-sdk nuget-source ]; substitutions = { nugetSource = nuget-source; inherit runtimeId; @@ -30,7 +30,7 @@ in dotnetBuildHook = callPackage ({ }: makeSetupHook { name = "dotnet-build-hook"; - deps = [ dotnet-sdk ]; + propagatedBuildInputs = [ dotnet-sdk ]; substitutions = { inherit buildType runtimeId; }; @@ -39,7 +39,7 @@ in dotnetCheckHook = callPackage ({ }: makeSetupHook { name = "dotnet-check-hook"; - deps = [ dotnet-test-sdk ]; + propagatedBuildInputs = [ dotnet-test-sdk ]; substitutions = { inherit buildType libraryPath; disabledTests = lib.optionalString (disabledTests != []) @@ -54,7 +54,7 @@ in dotnetInstallHook = callPackage ({ }: makeSetupHook { name = "dotnet-install-hook"; - deps = [ dotnet-sdk ]; + propagatedBuildInputs = [ dotnet-sdk ]; substitutions = { inherit buildType runtimeId; }; @@ -63,7 +63,7 @@ in dotnetFixupHook = callPackage ({ }: makeSetupHook { name = "dotnet-fixup-hook"; - deps = [ dotnet-runtime ]; + propagatedBuildInputs = [ dotnet-runtime ]; substitutions = { dotnetRuntime = dotnet-runtime; runtimeDeps = libraryPath; diff --git a/pkgs/build-support/go/module.nix b/pkgs/build-support/go/module.nix index 284cc1586dad0..aca313264a28c 100644 --- a/pkgs/build-support/go/module.nix +++ b/pkgs/build-support/go/module.nix @@ -193,6 +193,12 @@ let ''} '' + '' + # currently pie is only enabled by default in pkgsMusl + # this will respect the `hardening{Disable,Enable}` flags if set + if [[ $NIX_HARDENING_ENABLE =~ "pie" ]]; then + export GOFLAGS="-buildmode=pie $GOFLAGS" + fi + runHook postConfigure ''; diff --git a/pkgs/build-support/go/package.nix b/pkgs/build-support/go/package.nix index ba1ab37a0c0eb..9106bf9796ebb 100644 --- a/pkgs/build-support/go/package.nix +++ b/pkgs/build-support/go/package.nix @@ -134,6 +134,12 @@ let export GOPATH=$NIX_BUILD_TOP/go:$GOPATH export GOCACHE=$TMPDIR/go-cache + # currently pie is only enabled by default in pkgsMusl + # this will respect the `hardening{Disable,Enable}` flags if set + if [[ $NIX_HARDENING_ENABLE =~ "pie" ]]; then + export GOFLAGS="-buildmode=pie $GOFLAGS" + fi + runHook postConfigure ''; diff --git a/pkgs/build-support/node/build-npm-package/hooks/default.nix b/pkgs/build-support/node/build-npm-package/hooks/default.nix index 65ac661cea516..e5c93f1f77842 100644 --- a/pkgs/build-support/node/build-npm-package/hooks/default.nix +++ b/pkgs/build-support/node/build-npm-package/hooks/default.nix @@ -26,7 +26,7 @@ npmInstallHook = makeSetupHook { name = "npm-install-hook"; - deps = [ buildPackages.makeWrapper ]; + propagatedBuildInputs = [ buildPackages.makeWrapper ]; substitutions = { hostNode = "${nodejs}/bin/node"; jq = "${buildPackages.jq}/bin/jq"; diff --git a/pkgs/build-support/rust/hooks/cargo-setup-hook.sh b/pkgs/build-support/rust/hooks/cargo-setup-hook.sh index 8146573e79dba..90a81d68b5200 100644 --- a/pkgs/build-support/rust/hooks/cargo-setup-hook.sh +++ b/pkgs/build-support/rust/hooks/cargo-setup-hook.sh @@ -61,14 +61,15 @@ cargoSetupPostPatchHook() { fi echo - echo "ERROR: cargoSha256 is out of date" + echo "ERROR: cargoHash or cargoSha256 is out of date" echo echo "Cargo.lock is not the same in $cargoDepsCopy" echo echo "To fix the issue:" - echo '1. Use "0000000000000000000000000000000000000000000000000000" as the cargoSha256 value' - echo "2. Build the derivation and wait for it to fail with a hash mismatch" - echo "3. Copy the 'got: sha256:' value back into the cargoSha256 field" + echo '1. Set cargoHash/cargoSha256 to an empty string: `cargoHash = "";`' + echo '2. Build the derivation and wait for it to fail with a hash mismatch' + echo '3. Copy the "got: sha256-..." value back into the cargoHash field' + echo ' You should have: cargoHash = "sha256-XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX=";' echo exit 1 diff --git a/pkgs/build-support/rust/hooks/default.nix b/pkgs/build-support/rust/hooks/default.nix index 9989e582d2e9a..b4034120103ed 100644 --- a/pkgs/build-support/rust/hooks/default.nix +++ b/pkgs/build-support/rust/hooks/default.nix @@ -31,7 +31,7 @@ in { cargoBuildHook = callPackage ({ }: makeSetupHook { name = "cargo-build-hook.sh"; - deps = [ cargo ]; + propagatedBuildInputs = [ cargo ]; substitutions = { inherit ccForBuild ccForHost cxxForBuild cxxForHost rustBuildPlatform rustTargetPlatform rustTargetPlatformSpec; @@ -41,7 +41,7 @@ in { cargoCheckHook = callPackage ({ }: makeSetupHook { name = "cargo-check-hook.sh"; - deps = [ cargo ]; + propagatedBuildInputs = [ cargo ]; substitutions = { inherit rustTargetPlatformSpec; }; @@ -50,7 +50,7 @@ in { cargoInstallHook = callPackage ({ }: makeSetupHook { name = "cargo-install-hook.sh"; - deps = [ ]; + propagatedBuildInputs = [ ]; substitutions = { inherit shortTarget; }; @@ -59,7 +59,7 @@ in { cargoNextestHook = callPackage ({ }: makeSetupHook { name = "cargo-nextest-hook.sh"; - deps = [ cargo cargo-nextest ]; + propagatedBuildInputs = [ cargo cargo-nextest ]; substitutions = { inherit rustTargetPlatformSpec; }; @@ -68,7 +68,7 @@ in { cargoSetupHook = callPackage ({ }: makeSetupHook { name = "cargo-setup-hook.sh"; - deps = [ ]; + propagatedBuildInputs = [ ]; substitutions = { defaultConfig = ../fetchcargo-default-config.toml; @@ -117,7 +117,7 @@ in { maturinBuildHook = callPackage ({ }: makeSetupHook { name = "maturin-build-hook.sh"; - deps = [ cargo maturin rustc ]; + propagatedBuildInputs = [ cargo maturin rustc ]; substitutions = { inherit ccForBuild ccForHost cxxForBuild cxxForHost rustBuildPlatform rustTargetPlatform rustTargetPlatformSpec; diff --git a/pkgs/build-support/setup-hooks/make-binary-wrapper/default.nix b/pkgs/build-support/setup-hooks/make-binary-wrapper/default.nix index c81a253b0de8d..17b97b1082e93 100644 --- a/pkgs/build-support/setup-hooks/make-binary-wrapper/default.nix +++ b/pkgs/build-support/setup-hooks/make-binary-wrapper/default.nix @@ -11,8 +11,7 @@ makeSetupHook { name = "make-binary-wrapper-hook"; - - deps = [ dieHook ] + propagatedBuildInputs = [ dieHook ] # https://github.com/NixOS/nixpkgs/issues/148189 ++ lib.optional (stdenv.isDarwin && stdenv.isAarch64) cc; diff --git a/pkgs/build-support/setup-hooks/wrap-gapps-hook/default.nix b/pkgs/build-support/setup-hooks/wrap-gapps-hook/default.nix index 5ef6138388562..99633a3c7c9af 100644 --- a/pkgs/build-support/setup-hooks/wrap-gapps-hook/default.nix +++ b/pkgs/build-support/setup-hooks/wrap-gapps-hook/default.nix @@ -9,12 +9,15 @@ , dconf , callPackage , wrapGAppsHook -, writeTextFile +, targetPackages }: makeSetupHook { name = "wrap-gapps-hook"; - deps = lib.optionals (!stdenv.isDarwin) [ + propagatedBuildInputs = [ + # We use the wrapProgram function. + makeWrapper + ] ++ lib.optionals (!stdenv.isDarwin) [ # It is highly probable that a program will use GSettings, # at minimum through GTK file chooser dialogue. # Let’s add a GIO module for “dconf” GSettings backend @@ -23,19 +26,22 @@ makeSetupHook { # Unfortunately, it also requires the user to have dconf # D-Bus service enabled globally (e.g. through a NixOS module). dconf.lib + ] ++ lib.optionals isGraphical [ # TODO: remove this, packages should depend on GTK explicitly. gtk3 + librsvg + ]; + + # depsTargetTargetPropagated will essentially be buildInputs when wrapGAppsHook is placed into nativeBuildInputs + # the librsvg above should be removed but kept to not break anything that implicitly depended on its binaries + depsTargetTargetPropagated = assert (lib.assertMsg (!targetPackages ? raw) "wrapGAppsHook must be in nativeBuildInputs"); lib.optionals isGraphical [ # librsvg provides a module for gdk-pixbuf to allow rendering # SVG icons. Most icon themes are SVG-based and so are some # graphics in GTK (e.g. cross for closing window in window title bar) # so it is pretty much required for applications using GTK. librsvg - ] ++ [ - - # We use the wrapProgram function. - makeWrapper ]; passthru = { tests = let @@ -65,6 +71,15 @@ makeSetupHook { '' ); + basic-contains-gdk-pixbuf = let + tested = basic; + in testLib.runTest "basic-contains-gdk-pixbuf" ( + testLib.skip stdenv.isDarwin '' + ${expectSomeLineContainingYInFileXToMentionZ "${tested}/bin/foo" "GDK_PIXBUF_MODULE_FILE" "${lib.getLib librsvg}/lib/gdk-pixbuf-2.0/2.10.0/loaders.cache"} + ${expectSomeLineContainingYInFileXToMentionZ "${tested}/libexec/bar" "GDK_PIXBUF_MODULE_FILE" "${lib.getLib librsvg}/lib/gdk-pixbuf-2.0/2.10.0/loaders.cache"} + '' + ); + # Simple derivation containing a gobject-introspection typelib. typelib-Mahjong = stdenv.mkDerivation { name = "typelib-Mahjong"; diff --git a/pkgs/build-support/setup-hooks/wrap-gapps-hook/tests/lib.nix b/pkgs/build-support/setup-hooks/wrap-gapps-hook/tests/lib.nix index 42866c3419ddf..59fa9de24f9d1 100644 --- a/pkgs/build-support/setup-hooks/wrap-gapps-hook/tests/lib.nix +++ b/pkgs/build-support/setup-hooks/wrap-gapps-hook/tests/lib.nix @@ -1,7 +1,7 @@ { lib, runCommand }: rec { - runTest = name: body: runCommand name { } '' + runTest = name: body: runCommand name { strictDeps = true; } '' set -o errexit ${body} touch $out diff --git a/pkgs/build-support/trivial-builders.nix b/pkgs/build-support/trivial-builders.nix index 7318d13f6babd..413ed65852f50 100644 --- a/pkgs/build-support/trivial-builders.nix +++ b/pkgs/build-support/trivial-builders.nix @@ -593,45 +593,28 @@ rec { in linkFarm name (map mkEntryFromDrv drvs); - /* - Make a package that just contains a setup hook with the given contents. - This setup hook will be invoked by any package that includes this package - as a buildInput. Optionally takes a list of substitutions that should be - applied to the resulting script. - - Examples: - # setup hook that depends on the hello package and runs ./myscript.sh - myhellohook = makeSetupHook { deps = [ hello ]; } ./myscript.sh; - - # writes a Linux-exclusive setup hook where @bash@ myscript.sh is substituted for the - # bash interpreter. - myhellohookSub = makeSetupHook { - name = "myscript-hook"; - deps = [ hello ]; - substitutions = { bash = "${pkgs.bash}/bin/bash"; }; - meta.platforms = lib.platforms.linux; - } ./myscript.sh; - - # setup hook with a package test - myhellohookTested = makeSetupHook { - name = "myscript-hook"; - deps = [ hello ]; - substitutions = { bash = "${pkgs.bash}/bin/bash"; }; - meta.platforms = lib.platforms.linux; - passthru.tests.greeting = callPackage ./test { }; - } ./myscript.sh; - */ + # docs in doc/builders/special/makesetuphook.section.md makeSetupHook = { name ? lib.warn "calling makeSetupHook without passing a name is deprecated." "hook" - , deps ? [] - , substitutions ? {} - , meta ? {} - , passthru ? {} + , deps ? [ ] + # hooks go in nativeBuildInput so these will be nativeBuildInput + , propagatedBuildInputs ? [ ] + # these will be buildInputs + , depsTargetTargetPropagated ? [ ] + , meta ? { } + , passthru ? { } + , substitutions ? { } }: script: runCommand name (substitutions // { inherit meta; + inherit depsTargetTargetPropagated; + propagatedBuildInputs = + # remove list conditionals before 23.11 + lib.warnIf (!lib.isList deps) "'deps' argument to makeSetupHook must be a list. content of deps: ${toString deps}" + (lib.warnIf (deps != [ ]) "'deps' argument to makeSetupHook is deprecated and will be removed in release 23.11., Please use propagatedBuildInputs instead. content of deps: ${toString deps}" + propagatedBuildInputs ++ (if lib.isList deps then deps else [ deps ])); strictDeps = true; # TODO 2023-01, no backport: simplify to inherit passthru; passthru = passthru @@ -642,8 +625,7 @@ rec { ('' mkdir -p $out/nix-support cp ${script} $out/nix-support/setup-hook - '' + lib.optionalString (deps != []) '' - printWords ${toString deps} > $out/nix-support/propagated-build-inputs + recordPropagatedDependencies '' + lib.optionalString (substitutions != {}) '' substituteAll ${script} $out/nix-support/setup-hook ''); |