diff options
Diffstat (limited to 'pkgs/build-support')
31 files changed, 258 insertions, 120 deletions
diff --git a/pkgs/build-support/appimage/default.nix b/pkgs/build-support/appimage/default.nix index 0d44a5ab23e96..6451feeabe3c9 100644 --- a/pkgs/build-support/appimage/default.nix +++ b/pkgs/build-support/appimage/default.nix @@ -74,7 +74,7 @@ rec { targetPkgs = pkgs: with pkgs; [ gtk3 bashInteractive - gnome.zenity + zenity xorg.xrandr which perl @@ -162,7 +162,7 @@ rec { vulkan-loader flac - freeglut + libglut libjpeg libpng12 libpulseaudio diff --git a/pkgs/build-support/bintools-wrapper/default.nix b/pkgs/build-support/bintools-wrapper/default.nix index 2a1fe1344e205..e7fcf173c6026 100644 --- a/pkgs/build-support/bintools-wrapper/default.nix +++ b/pkgs/build-support/bintools-wrapper/default.nix @@ -45,6 +45,7 @@ "relro" "stackprotector" "strictoverflow" + "zerocallusedregs" ] ++ lib.optional (with stdenvNoCC; # Musl-based platforms will keep "pie", other platforms will not. # If you change this, make sure to update section `{#sec-hardening-in-nixpkgs}` diff --git a/pkgs/build-support/cc-wrapper/add-clang-cc-cflags-before.sh b/pkgs/build-support/cc-wrapper/add-clang-cc-cflags-before.sh index a1d06b9c6b0ae..51bfeb18f58a1 100644 --- a/pkgs/build-support/cc-wrapper/add-clang-cc-cflags-before.sh +++ b/pkgs/build-support/cc-wrapper/add-clang-cc-cflags-before.sh @@ -7,5 +7,5 @@ for p in "${params[@]}"; do done if $needsTarget; then - extraBefore+=(-target @defaultTarget@ @march@) + extraBefore+=(-target @defaultTarget@ @machineFlags@) fi diff --git a/pkgs/build-support/cc-wrapper/add-hardening.sh b/pkgs/build-support/cc-wrapper/add-hardening.sh index ef166e2f50c5e..0dca3b3347e5b 100644 --- a/pkgs/build-support/cc-wrapper/add-hardening.sh +++ b/pkgs/build-support/cc-wrapper/add-hardening.sh @@ -32,7 +32,7 @@ if [[ -n "${hardeningEnableMap[fortify3]-}" ]]; then fi if (( "${NIX_DEBUG:-0}" >= 1 )); then - declare -a allHardeningFlags=(fortify fortify3 stackprotector pie pic strictoverflow format trivialautovarinit zerocallusedregs) + declare -a allHardeningFlags=(fortify fortify3 stackprotector stackclashprotection pie pic strictoverflow format trivialautovarinit zerocallusedregs) declare -A hardeningDisableMap=() # Determine which flags were effectively disabled so we can report below. @@ -79,6 +79,10 @@ for flag in "${!hardeningEnableMap[@]}"; do if (( "${NIX_DEBUG:-0}" >= 1 )); then echo HARDENING: enabling stackprotector >&2; fi hardeningCFlagsBefore+=('-fstack-protector-strong' '--param' 'ssp-buffer-size=4') ;; + stackclashprotection) + if (( "${NIX_DEBUG:-0}" >= 1 )); then echo HARDENING: enabling stack-clash-protection >&2; fi + hardeningCFlagsBefore+=('-fstack-clash-protection') + ;; pie) # NB: we do not use `+=` here, because PIE flags must occur before any PIC flags if (( "${NIX_DEBUG:-0}" >= 1 )); then echo HARDENING: enabling CFlags -fPIE >&2; fi diff --git a/pkgs/build-support/cc-wrapper/default.nix b/pkgs/build-support/cc-wrapper/default.nix index 4adc1dcb1f8d8..d842f3fc70909 100644 --- a/pkgs/build-support/cc-wrapper/default.nix +++ b/pkgs/build-support/cc-wrapper/default.nix @@ -67,6 +67,7 @@ let concatMapStrings concatStringsSep escapeShellArg + escapeShellArgs getBin getDev getLib @@ -234,6 +235,32 @@ let then guess else null; + thumb = if targetPlatform.gcc.thumb then "thumb" else "arm"; + tune = if targetPlatform ? gcc.tune + then findBestTuneApproximation targetPlatform.gcc.tune + else null; + + # Machine flags. These are necessary to support + + # TODO: We should make a way to support miscellaneous machine + # flags and other gcc flags as well. + + machineFlags = + # Always add -march based on cpu in triple. Sometimes there is a + # discrepency (x86_64 vs. x86-64), so we provide an "arch" arg in + # that case. + optional (targetPlatform ? gcc.arch && !(targetPlatform.isDarwin && targetPlatform.isAarch64) && isGccArchSupported targetPlatform.gcc.arch) "-march=${targetPlatform.gcc.arch}" ++ + # TODO: aarch64-darwin has mcpu incompatible with gcc + optional (targetPlatform ? gcc.cpu && !(targetPlatform.isDarwin && targetPlatform.isAarch64)) "-mcpu=${targetPlatform.gcc.cpu}" ++ + # -mfloat-abi only matters on arm32 but we set it here + # unconditionally just in case. If the abi specifically sets hard + # vs. soft floats we use it here. + optional (targetPlatform ? gcc.float-abi) "-mfloat-abi=${targetPlatform.gcc.float-abi}" ++ + optional (targetPlatform ? gcc.fpu) "-mfpu=${targetPlatform.gcc.fpu}" ++ + optional (targetPlatform ? gcc.mode) "-mmode=${targetPlatform.gcc.mode}" ++ + optional (targetPlatform ? gcc.thumb) "-m${thumb}" ++ + optional (tune != null) "-mtune=${tune}"; + defaultHardeningFlags = bintools.defaultHardeningFlags or []; # if cc.hardeningUnsupportedFlagsByTargetPlatform exists, this is @@ -610,53 +637,11 @@ stdenvNoCC.mkDerivation { export hardening_unsupported_flags="${concatStringsSep " " ccHardeningUnsupportedFlags}" '' - # Machine flags. These are necessary to support - - # TODO: We should make a way to support miscellaneous machine - # flags and other gcc flags as well. - - # Always add -march based on cpu in triple. Sometimes there is a - # discrepency (x86_64 vs. x86-64), so we provide an "arch" arg in - # that case. - # # For clang, this is handled in add-clang-cc-cflags-before.sh - - # TODO: aarch64-darwin has mcpu incompatible with gcc - + optionalString ((targetPlatform ? gcc.arch) && !isClang && !(targetPlatform.isDarwin && targetPlatform.isAarch64) && - isGccArchSupported targetPlatform.gcc.arch) '' - echo "-march=${targetPlatform.gcc.arch}" >> $out/nix-support/cc-cflags-before - '' - - # -mcpu is not very useful, except on PowerPC where it is used - # instead of march. On all other platforms you should use mtune - # and march instead. - # TODO: aarch64-darwin has mcpu incompatible with gcc - + optionalString ((targetPlatform ? gcc.cpu) && (isClang || !(targetPlatform.isDarwin && targetPlatform.isAarch64))) '' - echo "-mcpu=${targetPlatform.gcc.cpu}" >> $out/nix-support/cc-cflags-before + + lib.optionalString (!isClang && machineFlags != []) '' + printf "%s\n" ${lib.escapeShellArgs machineFlags} >> $out/nix-support/cc-cflags-before '' - # -mfloat-abi only matters on arm32 but we set it here - # unconditionally just in case. If the abi specifically sets hard - # vs. soft floats we use it here. - + optionalString (targetPlatform ? gcc.float-abi) '' - echo "-mfloat-abi=${targetPlatform.gcc.float-abi}" >> $out/nix-support/cc-cflags-before - '' - + optionalString (targetPlatform ? gcc.fpu) '' - echo "-mfpu=${targetPlatform.gcc.fpu}" >> $out/nix-support/cc-cflags-before - '' - + optionalString (targetPlatform ? gcc.mode) '' - echo "-mmode=${targetPlatform.gcc.mode}" >> $out/nix-support/cc-cflags-before - '' - + optionalString (targetPlatform ? gcc.thumb) '' - echo "-m${if targetPlatform.gcc.thumb then "thumb" else "arm"}" >> $out/nix-support/cc-cflags-before - '' - + (let tune = if targetPlatform ? gcc.tune - then findBestTuneApproximation targetPlatform.gcc.tune - else null; - in optionalString (tune != null) '' - echo "-mtune=${tune}" >> $out/nix-support/cc-cflags-before - '') - # TODO: categorize these and figure out a better place for them + optionalString targetPlatform.isWindows '' hardening_unsupported_flags+=" pic" @@ -718,9 +703,7 @@ stdenvNoCC.mkDerivation { ## + optionalString isClang '' # Escape twice: once for this script, once for the one it gets substituted into. - export march=${escapeShellArg - (optionalString (targetPlatform ? gcc.arch) - (escapeShellArg "-march=${targetPlatform.gcc.arch}"))} + export machineFlags=${escapeShellArg (escapeShellArgs machineFlags)} export defaultTarget=${targetPlatform.config} substituteAll ${./add-clang-cc-cflags-before.sh} $out/nix-support/add-local-cc-cflags-before.sh '' diff --git a/pkgs/build-support/dev-shell-tools/README.md b/pkgs/build-support/dev-shell-tools/README.md new file mode 100644 index 0000000000000..d6d9a8c8ad0df --- /dev/null +++ b/pkgs/build-support/dev-shell-tools/README.md @@ -0,0 +1,13 @@ + +# `devShellTools` + +This directory implements the `pkgs.devShellTools` library. + +# Contributing to `devShellTools` + +- Documentation should be contributed to the Nixpkgs manual, not here. + +- Tests are available in the `tests` directory. + You may run them with `nix-build -A tests.devShellTools`. + +- See [../../README.md](../../README.md) for more information on contributing to Nixpkgs. diff --git a/pkgs/build-support/dev-shell-tools/default.nix b/pkgs/build-support/dev-shell-tools/default.nix new file mode 100644 index 0000000000000..cd5fa5f5937ef --- /dev/null +++ b/pkgs/build-support/dev-shell-tools/default.nix @@ -0,0 +1,16 @@ +{ lib }: +let + inherit (builtins) typeOf; +in +rec { + # This function closely mirrors what this Nix code does: + # https://github.com/NixOS/nix/blob/2.8.0/src/libexpr/primops.cc#L1102 + # https://github.com/NixOS/nix/blob/2.8.0/src/libexpr/eval.cc#L1981-L2036 + valueToString = value: + # We can't just use `toString` on all derivation attributes because that + # would not put path literals in the closure. So we explicitly copy + # those into the store here + if typeOf value == "path" then "${value}" + else if typeOf value == "list" then toString (map valueToString value) + else toString value; +} diff --git a/pkgs/build-support/dev-shell-tools/tests/default.nix b/pkgs/build-support/dev-shell-tools/tests/default.nix new file mode 100644 index 0000000000000..bfedc04409a98 --- /dev/null +++ b/pkgs/build-support/dev-shell-tools/tests/default.nix @@ -0,0 +1,45 @@ +{ + devShellTools, + emptyFile, + lib, + stdenv, + hello, +}: +let + inherit (lib) escapeShellArg; +in +{ + # nix-build -A tests.devShellTools.valueToString + valueToString = + let inherit (devShellTools) valueToString; in + + stdenv.mkDerivation { + name = "devShellTools-valueToString-built-tests"; + + # Test inputs + inherit emptyFile hello; + one = 1; + boolTrue = true; + boolFalse = false; + foo = "foo"; + list = [ 1 2 3 ]; + pathDefaultNix = ./default.nix; + packages = [ hello emptyFile ]; + # TODO: nested lists + + buildCommand = '' + touch $out + ( set -x + [[ "$one" = ${escapeShellArg (valueToString 1)} ]] + [[ "$boolTrue" = ${escapeShellArg (valueToString true)} ]] + [[ "$boolFalse" = ${escapeShellArg (valueToString false)} ]] + [[ "$foo" = ${escapeShellArg (valueToString "foo")} ]] + [[ "$hello" = ${escapeShellArg (valueToString hello)} ]] + [[ "$list" = ${escapeShellArg (valueToString [ 1 2 3 ])} ]] + [[ "$packages" = ${escapeShellArg (valueToString [ hello emptyFile ])} ]] + [[ "$pathDefaultNix" = ${escapeShellArg (valueToString ./default.nix)} ]] + [[ "$emptyFile" = ${escapeShellArg (valueToString emptyFile)} ]] + ) >log 2>&1 || { cat log; exit 1; } + ''; + }; +} diff --git a/pkgs/build-support/docker/default.nix b/pkgs/build-support/docker/default.nix index 1d1989d27fbb2..ea461ccffa078 100644 --- a/pkgs/build-support/docker/default.nix +++ b/pkgs/build-support/docker/default.nix @@ -4,6 +4,7 @@ , callPackage , closureInfo , coreutils +, devShellTools , e2fsprogs , proot , fakeNss @@ -49,6 +50,10 @@ let toList ; + inherit (devShellTools) + valueToString + ; + mkDbExtraCommand = contents: let contentsList = if builtins.isList contents then contents else [ contents ]; @@ -1141,7 +1146,7 @@ rec { # A binary that calls the command to build the derivation builder = writeShellScriptBin "buildDerivation" '' - exec ${lib.escapeShellArg (stringValue drv.drvAttrs.builder)} ${lib.escapeShellArgs (map stringValue drv.drvAttrs.args)} + exec ${lib.escapeShellArg (valueToString drv.drvAttrs.builder)} ${lib.escapeShellArgs (map valueToString drv.drvAttrs.args)} ''; staticPath = "${dirOf shell}:${lib.makeBinPath [ builder ]}"; @@ -1173,20 +1178,9 @@ rec { # https://github.com/NixOS/nix/blob/2.8.0/src/libstore/globals.hh#L464-L465 sandboxBuildDir = "/build"; - # This function closely mirrors what this Nix code does: - # https://github.com/NixOS/nix/blob/2.8.0/src/libexpr/primops.cc#L1102 - # https://github.com/NixOS/nix/blob/2.8.0/src/libexpr/eval.cc#L1981-L2036 - stringValue = value: - # We can't just use `toString` on all derivation attributes because that - # would not put path literals in the closure. So we explicitly copy - # those into the store here - if builtins.typeOf value == "path" then "${value}" - else if builtins.typeOf value == "list" then toString (map stringValue value) - else toString value; - # https://github.com/NixOS/nix/blob/2.8.0/src/libstore/build/local-derivation-goal.cc#L992-L1004 drvEnv = lib.mapAttrs' (name: value: - let str = stringValue value; + let str = valueToString value; in if lib.elem name (drv.drvAttrs.passAsFile or []) then lib.nameValuePair "${name}Path" (writeText "pass-as-text-${name}" str) else lib.nameValuePair name str diff --git a/pkgs/build-support/docker/examples.nix b/pkgs/build-support/docker/examples.nix index 52706ef6b21ff..4949d6b8a8888 100644 --- a/pkgs/build-support/docker/examples.nix +++ b/pkgs/build-support/docker/examples.nix @@ -619,10 +619,14 @@ rec { fakeRootCommands = '' mkdir -p ./home/alice chown 1000 ./home/alice - ln -s ${pkgs.hello.overrideAttrs (o: { + ln -s ${pkgs.hello.overrideAttrs (finalAttrs: prevAttrs: { # A unique `hello` to make sure that it isn't included via another mechanism by accident. - configureFlags = o.configureFlags or [] ++ [ " --program-prefix=layeredImageWithFakeRootCommands-" ]; + configureFlags = prevAttrs.configureFlags or [] ++ [ " --program-prefix=layeredImageWithFakeRootCommands-" ]; doCheck = false; + versionCheckProgram = "${builtins.placeholder "out"}/bin/${finalAttrs.meta.mainProgram}"; + meta = prevAttrs.meta // { + mainProgram = "layeredImageWithFakeRootCommands-hello"; + }; })} ./hello ''; }; diff --git a/pkgs/build-support/dotnet/build-dotnet-global-tool/default.nix b/pkgs/build-support/dotnet/build-dotnet-global-tool/default.nix index 7ae9cfc9f6618..48e6e8ea470a5 100644 --- a/pkgs/build-support/dotnet/build-dotnet-global-tool/default.nix +++ b/pkgs/build-support/dotnet/build-dotnet-global-tool/default.nix @@ -5,6 +5,8 @@ # Name of the nuget package to install, if different from pname , nugetName ? pname # Hash of the nuget package to install, will be given on first build + # nugetHash uses SRI hash and should be preferred +, nugetHash ? "" , nugetSha256 ? "" # Additional nuget deps needed by the tool package , nugetDeps ? (_: []) @@ -24,7 +26,7 @@ buildDotnetModule (args // { nugetDeps = mkNugetDeps { name = pname; nugetDeps = { fetchNuGet }: [ - (fetchNuGet { pname = nugetName; inherit version; sha256 = nugetSha256; }) + (fetchNuGet { pname = nugetName; inherit version; sha256 = nugetSha256; hash = nugetHash; }) ] ++ (nugetDeps fetchNuGet); }; diff --git a/pkgs/build-support/dotnet/fetchnuget/default.nix b/pkgs/build-support/dotnet/fetchnuget/default.nix index 061da746cead0..a8e85270e73fa 100644 --- a/pkgs/build-support/dotnet/fetchnuget/default.nix +++ b/pkgs/build-support/dotnet/fetchnuget/default.nix @@ -5,15 +5,19 @@ attrs @ , version , url ? "https://www.nuget.org/api/v2/package/${pname}/${version}" , sha256 ? "" +, hash ? "" , md5 ? "" , ... }: if md5 != "" then - throw "fetchnuget does not support md5 anymore, please use sha256" + throw "fetchnuget does not support md5 anymore, please use 'hash' attribute with SRI hash" +# This is also detected in fetchurl, but we just throw here to avoid confusion +else if (sha256 != "" && hash != "") then + throw "multiple hashes passed to fetchNuGet" else buildDotnetPackage ({ src = fetchurl { - inherit url sha256; + inherit url sha256 hash; name = "${pname}.${version}.zip"; }; diff --git a/pkgs/build-support/dotnet/make-nuget-deps/default.nix b/pkgs/build-support/dotnet/make-nuget-deps/default.nix index fcd3f9f076b27..cd048bcc30e57 100644 --- a/pkgs/build-support/dotnet/make-nuget-deps/default.nix +++ b/pkgs/build-support/dotnet/make-nuget-deps/default.nix @@ -1,11 +1,14 @@ { linkFarmFromDrvs, fetchurl }: { name, nugetDeps ? import sourceFile, sourceFile ? null }: linkFarmFromDrvs "${name}-nuget-deps" (nugetDeps { - fetchNuGet = { pname, version, sha256 + fetchNuGet = { pname, version, sha256 ? "", hash ? "" , url ? "https://www.nuget.org/api/v2/package/${pname}/${version}" }: fetchurl { name = "${pname}.${version}.nupkg"; - inherit url sha256; + # There is no need to verify whether both sha256 and hash are + # valid here, because nuget-to-nix does not generate a deps.nix + # containing both. + inherit url sha256 hash; }; }) // { inherit sourceFile; diff --git a/pkgs/build-support/dotnet/nuget-to-nix/nuget-to-nix.sh b/pkgs/build-support/dotnet/nuget-to-nix/nuget-to-nix.sh index 2754bfc32d7b7..8cfbf649ad965 100755 --- a/pkgs/build-support/dotnet/nuget-to-nix/nuget-to-nix.sh +++ b/pkgs/build-support/dotnet/nuget-to-nix/nuget-to-nix.sh @@ -65,11 +65,11 @@ for package in *; do for source in "${remote_sources[@]}"; do url="${base_addresses[$source]}$package/$version/$package.$version.nupkg" if [[ "$source" == "$used_source" ]]; then - sha256="$(nix-hash --type sha256 --flat --base32 "$version/$package.$version".nupkg)" + hash="$(nix-hash --type sha256 --flat --sri "$version/$package.$version".nupkg)" found=true break else - if sha256=$(nix-prefetch-url "$url" 2>"$tmp"/error); then + if hash=$(nix-prefetch-url "$url" 2>"$tmp"/error); then # If multiple remote sources are enabled, nuget will try them all # concurrently and use the one that responds first. We always use the # first source that has the package. @@ -91,9 +91,9 @@ for package in *; do fi if [[ "$source" != https://api.nuget.org/v3/index.json ]]; then - echo " (fetchNuGet { pname = \"$id\"; version = \"$version\"; sha256 = \"$sha256\"; url = \"$url\"; })" + echo " (fetchNuGet { pname = \"$id\"; version = \"$version\"; hash = \"$hash\"; url = \"$url\"; })" else - echo " (fetchNuGet { pname = \"$id\"; version = \"$version\"; sha256 = \"$sha256\"; })" + echo " (fetchNuGet { pname = \"$id\"; version = \"$version\"; hash = \"$hash\"; })" fi done cd .. diff --git a/pkgs/build-support/emacs/melpa.nix b/pkgs/build-support/emacs/melpa.nix index c8f6567049180..29b3567ec6f40 100644 --- a/pkgs/build-support/emacs/melpa.nix +++ b/pkgs/build-support/emacs/melpa.nix @@ -38,6 +38,11 @@ in Default: pname */ , ename ? pname + /* + version: Either a stable version such as "1.2" or an unstable version. + An unstable version can use either Nix format (preferred) such as + "1.2-unstable-2024-06-01" or MELPA format such as "20240601.1230". + */ , version /* commit: Optional package history commit. @@ -71,6 +76,19 @@ genericBuild ({ inherit packageBuild commit ename recipe; + melpaVersion = + let + parsed = lib.flip builtins.match version + # match <version>-unstable-YYYY-MM-DD format + "^.*-unstable-([[:digit:]]{4})-([[:digit:]]{2})-([[:digit:]]{2})$"; + unstableVersionInNixFormat = parsed != null; # heuristics + date = builtins.concatStringsSep "" parsed; + time = "0"; # unstable version in nix format lacks this info + in + if unstableVersionInNixFormat + then date + "." + time + else version; + preUnpack = '' mkdir -p "$NIX_BUILD_TOP/recipes" if [ -n "$recipe" ]; then @@ -96,7 +114,7 @@ genericBuild ({ -L "$NIX_BUILD_TOP/package-build" \ -l "$melpa2nix" \ -f melpa2nix-build-package \ - $ename $version $commit + $ename $melpaVersion $commit runHook postBuild ''; @@ -104,9 +122,9 @@ genericBuild ({ installPhase = '' runHook preInstall - archive="$NIX_BUILD_TOP/packages/$ename-$version.el" + archive="$NIX_BUILD_TOP/packages/$ename-$melpaVersion.el" if [ ! -f "$archive" ]; then - archive="$NIX_BUILD_TOP/packages/$ename-$version.tar" + archive="$NIX_BUILD_TOP/packages/$ename-$melpaVersion.tar" fi emacs --batch -Q \ diff --git a/pkgs/build-support/fetchpatch/default.nix b/pkgs/build-support/fetchpatch/default.nix index a3ca6685147d3..97b3661bb2d46 100644 --- a/pkgs/build-support/fetchpatch/default.nix +++ b/pkgs/build-support/fetchpatch/default.nix @@ -14,6 +14,7 @@ , includes ? [] , revert ? false , postFetch ? "" +, nativeBuildInputs ? [] , ... }@args: let @@ -29,6 +30,7 @@ in lib.throwIfNot (excludes == [] || includes == []) "fetchpatch: cannot use excludes and includes simultaneously" fetchurl ({ + nativeBuildInputs = [ patchutils ] ++ nativeBuildInputs; postFetch = '' tmpfile="$TMPDIR/patch" @@ -48,12 +50,12 @@ fetchurl ({ set -e mv "$tmpfile" "$out" - "${patchutils}/bin/lsdiff" \ + lsdiff \ ${lib.optionalString (relative != null) "-p1 -i ${lib.escapeShellArg relative}/'*'"} \ "$out" \ | sort -u | sed -e 's/[*?]/\\&/g' \ | xargs -I{} \ - "${patchutils}/bin/filterdiff" \ + filterdiff \ --include={} \ --strip=${toString stripLen} \ ${lib.optionalString (extraPrefix != null) '' @@ -70,7 +72,7 @@ fetchurl ({ exit 1 fi - ${patchutils}/bin/filterdiff \ + filterdiff \ -p1 \ ${builtins.toString (builtins.map (x: "-x ${lib.escapeShellArg x}") excludes)} \ ${builtins.toString (builtins.map (x: "-i ${lib.escapeShellArg x}") includes)} \ @@ -84,10 +86,10 @@ fetchurl ({ exit 1 fi '' + lib.optionalString revert '' - ${patchutils}/bin/interdiff "$out" /dev/null > "$tmpfile" + interdiff "$out" /dev/null > "$tmpfile" mv "$tmpfile" "$out" '' + postFetch; } // builtins.removeAttrs args [ "relative" "stripLen" "decode" "extraPrefix" "excludes" "includes" "revert" - "postFetch" + "postFetch" "nativeBuildInputs" ]) diff --git a/pkgs/build-support/fetchpatch/tests.nix b/pkgs/build-support/fetchpatch/tests.nix index 0a27f1bc70e7a..b7352fff7f925 100644 --- a/pkgs/build-support/fetchpatch/tests.nix +++ b/pkgs/build-support/fetchpatch/tests.nix @@ -7,7 +7,7 @@ in { simple = testers.invalidateFetcherByDrvHash fetchpatch { url = "https://github.com/facebook/zstd/pull/2724/commits/e1f85dbca3a0ed5ef06c8396912a0914db8dea6a.patch"; - sha256 = if isFetchpatch2 then "sha256-01BrkHLye4KOdqCw3tv7AJzIF6578pl2fl270TJFTmw=" else "sha256-PuYAqnJWAE+L9bsroOnnBGJhERW8LHrGSLtIEkKU9vg="; + sha256 = if isFetchpatch2 then "sha256-w4yU0wt64d0WkuBQPeGf8vn5TH6qSBJvNIgka9QK+/Q=" else "sha256-PuYAqnJWAE+L9bsroOnnBGJhERW8LHrGSLtIEkKU9vg="; }; relative = testers.invalidateFetcherByDrvHash fetchpatch { diff --git a/pkgs/build-support/go/module.nix b/pkgs/build-support/go/module.nix index bc28fbf6fc420..a5e722b0ac08e 100644 --- a/pkgs/build-support/go/module.nix +++ b/pkgs/build-support/go/module.nix @@ -218,8 +218,7 @@ let buildGoDir() { local cmd="$1" dir="$2" - . $TMPDIR/buildFlagsArray - + declare -ga buildFlagsArray declare -a flags flags+=($buildFlags "''${buildFlagsArray[@]}") flags+=(''${tags:+-tags=''${tags// /,}}) @@ -258,11 +257,6 @@ let buildFlagsArray+=(-x) fi - if [ ''${#buildFlagsArray[@]} -ne 0 ]; then - declare -p buildFlagsArray > $TMPDIR/buildFlagsArray - else - touch $TMPDIR/buildFlagsArray - fi if [ -z "$enableParallelBuilding" ]; then export NIX_BUILD_CORES=1 fi diff --git a/pkgs/build-support/kernel/make-initrd.nix b/pkgs/build-support/kernel/make-initrd.nix index 9c27a142f4b65..5f8d1eee8ce4d 100644 --- a/pkgs/build-support/kernel/make-initrd.nix +++ b/pkgs/build-support/kernel/make-initrd.nix @@ -56,7 +56,7 @@ in , prepend ? [] # Whether to wrap the initramfs in a u-boot image. -, makeUInitrd ? stdenvNoCC.hostPlatform.linux-kernel.target == "uImage" +, makeUInitrd ? stdenvNoCC.hostPlatform.linux-kernel.target or "dummy" == "uImage" # If generating a u-boot image, the architecture to use. The default # guess may not align with u-boot's nomenclature correctly, so it can @@ -75,11 +75,9 @@ let toValidStoreName = x: with builtins; lib.concatStringsSep "-" (filter (x: !(isList x)) (split "[^a-zA-Z0-9_=.?-]+" x)); -in stdenvNoCC.mkDerivation rec { +in stdenvNoCC.mkDerivation (rec { inherit name makeUInitrd extension uInitrdArch prepend; - ${if makeUInitrd then "uInitrdCompression" else null} = uInitrdCompression; - builder = ./make-initrd.sh; nativeBuildInputs = [ perl libarchive ] @@ -110,4 +108,6 @@ in stdenvNoCC.mkDerivation rec { contents (lib.range 0 (lib.length contents - 1)); pathsFromGraph = ./paths-from-graph.pl; -} +} // lib.optionalAttrs makeUInitrd { + uInitrdCompression = uInitrdCompression; +}) diff --git a/pkgs/build-support/make-desktopitem/default.nix b/pkgs/build-support/make-desktopitem/default.nix index ccceb23256b6f..9cae8204c6a83 100644 --- a/pkgs/build-support/make-desktopitem/default.nix +++ b/pkgs/build-support/make-desktopitem/default.nix @@ -108,11 +108,12 @@ let renderAction = name: attrs: renderSection "Desktop Action ${name}" (preprocessAction attrs); actionsRendered = lib.mapAttrsToList renderAction actions; + extension = if type == "Directory" then "directory" else "desktop"; content = [ mainSectionRendered ] ++ actionsRendered; in writeTextFile { - name = "${name}.desktop"; - destination = "/share/applications/${name}.desktop"; + name = "${name}.${extension}"; + destination = "/share/applications/${name}.${extension}"; text = builtins.concatStringsSep "\n" content; checkPhase = ''${buildPackages.desktop-file-utils}/bin/desktop-file-validate "$target"''; }) diff --git a/pkgs/build-support/node/fetch-npm-deps/default.nix b/pkgs/build-support/node/fetch-npm-deps/default.nix index d86fc90c6c7d1..a001f80b113ce 100644 --- a/pkgs/build-support/node/fetch-npm-deps/default.nix +++ b/pkgs/build-support/node/fetch-npm-deps/default.nix @@ -142,7 +142,7 @@ meta = with lib; { description = "Prefetch dependencies from npm (for use with `fetchNpmDeps`)"; mainProgram = "prefetch-npm-deps"; - maintainers = with maintainers; [ lilyinstarlight winter ]; + maintainers = with maintainers; [ winter ]; license = licenses.mit; }; }; diff --git a/pkgs/build-support/rust/build-rust-crate/build-crate.nix b/pkgs/build-support/rust/build-rust-crate/build-crate.nix index 7484b3ad0290e..3af13fe70a7de 100644 --- a/pkgs/build-support/rust/build-rust-crate/build-crate.nix +++ b/pkgs/build-support/rust/build-rust-crate/build-crate.nix @@ -1,5 +1,5 @@ { lib, stdenv -, mkRustcDepArgs, mkRustcFeatureArgs, needUnstableCLI +, mkRustcDepArgs, mkRustcFeatureArgs, needUnstableCLI, rustc }: { crateName, @@ -27,6 +27,10 @@ # since rustc 1.42 the "proc_macro" crate is part of the default crate prelude # https://github.com/rust-lang/cargo/commit/4d64eb99a4#diff-7f98585dbf9d30aa100c8318e2c77e79R1021-R1022 ++ lib.optional (lib.elem "proc-macro" crateType) "--extern proc_macro" + ++ lib.optional (stdenv.hostPlatform.linker == "lld") # Needed when building for targets that use lld. e.g. 'wasm32-unknown-unknown' + "-C linker=${rustc.llvmPackages.lld}/bin/lld" + ++ lib.optional (stdenv.hasCC && stdenv.hostPlatform.linker != "lld") + "-C linker=${stdenv.cc}/bin/${stdenv.cc.targetPrefix}cc" ; rustcMeta = "-C metadata=${metadata} -C extra-filename=-${metadata}"; @@ -39,10 +43,7 @@ ++ (map (x: "--crate-type ${x}") crateType) ); - binRustcOpts = lib.concatStringsSep " " ( - [ "-C linker=${stdenv.cc}/bin/${stdenv.cc.targetPrefix}cc" ] ++ - baseRustcOpts - ); + binRustcOpts = lib.concatStringsSep " " baseRustcOpts; build_bin = if buildTests then "build_bin_test" else "build_bin"; in '' diff --git a/pkgs/build-support/rust/build-rust-crate/configure-crate.nix b/pkgs/build-support/rust/build-rust-crate/configure-crate.nix index ab872bac854f8..fd61d73deb722 100644 --- a/pkgs/build-support/rust/build-rust-crate/configure-crate.nix +++ b/pkgs/build-support/rust/build-rust-crate/configure-crate.nix @@ -14,6 +14,7 @@ , crateLicenseFile , crateLinks , crateName +, crateType , crateReadme , crateRenames , crateRepository @@ -209,6 +210,11 @@ in '' EXTRA_LINK_LIBS=$(sed -n "s/^cargo::\{0,1\}rustc-link-lib=\(.*\)/\1/p" target/build/${crateName}.opt | tr '\n' ' ') EXTRA_LINK_SEARCH=$(sed -n "s/^cargo::\{0,1\}rustc-link-search=\(.*\)/\1/p" target/build/${crateName}.opt | tr '\n' ' ' | sort -u) + ${lib.optionalString (lib.elem "cdylib" crateType) '' + CRATE_TYPE_IS_CDYLIB="true" + EXTRA_CDYLIB_LINK_ARGS=$(sed -n "s/^cargo::\{0,1\}rustc-cdylib-link-arg=\(.*\)/-C link-arg=\1/p" target/build/${crateName}.opt | tr '\n' ' ') +''} + # We want to read part of every line that has cargo:rustc-env= prefix and # export it as environment variables. This turns out tricky if the lines # have spaces: we can't wrap the command in double quotes as that captures diff --git a/pkgs/build-support/rust/build-rust-crate/default.nix b/pkgs/build-support/rust/build-rust-crate/default.nix index dfe28cc334b5e..841e8e86cbfb1 100644 --- a/pkgs/build-support/rust/build-rust-crate/default.nix +++ b/pkgs/build-support/rust/build-rust-crate/default.nix @@ -16,6 +16,16 @@ }: let + # Returns a true if the builder's rustc was built with support for the target. + targetAlreadyIncluded = lib.elem stdenv.hostPlatform.rust.rustcTarget + (lib.splitString "," (lib.removePrefix "--target=" ( + lib.elemAt (lib.filter (f: lib.hasPrefix "--target=" f) pkgsBuildBuild.rustc.unwrapped.configureFlags) 0) + )); + + # If the build's rustc was built with support for the target then reuse it. (Avoids uneeded compilation for targets like `wasm32-unknown-unknown`) + rustc' = if targetAlreadyIncluded then pkgsBuildBuild.rustc else rustc; + cargo' = if targetAlreadyIncluded then pkgsBuildBuild.cargo else cargo; + # Create rustc arguments to link against the given list of dependencies # and renames. # @@ -77,6 +87,7 @@ let buildCrate = import ./build-crate.nix { inherit lib stdenv mkRustcDepArgs mkRustcFeatureArgs needUnstableCLI; + rustc = rustc'; }; installCrate = import ./install-crate.nix { inherit stdenv; }; @@ -274,7 +285,8 @@ crate_: lib.makeOverridable name = "rust_${crate.crateName}-${crate.version}${lib.optionalString buildTests_ "-test"}"; version = crate.version; depsBuildBuild = [ pkgsBuildBuild.stdenv.cc ]; - nativeBuildInputs = [ rust stdenv.cc cargo jq ] + nativeBuildInputs = [ rustc' cargo' jq ] + ++ lib.optionals stdenv.hasCC [ stdenv.cc ] ++ lib.optionals stdenv.buildPlatform.isDarwin [ libiconv ] ++ (crate.nativeBuildInputs or [ ]) ++ nativeBuildInputs_; buildInputs = lib.optionals stdenv.isDarwin [ libiconv ] ++ (crate.buildInputs or [ ]) ++ buildInputs_; @@ -345,7 +357,7 @@ crate_: lib.makeOverridable configurePhase = configureCrate { - inherit crateName buildDependencies completeDeps completeBuildDeps crateDescription + inherit crateName crateType buildDependencies completeDeps completeBuildDeps crateDescription crateFeatures crateRenames libName build workspace_member release libPath crateVersion crateLinks extraLinkFlags extraRustcOptsForBuildRs crateLicense crateLicenseFile crateReadme crateRepository crateRustVersion @@ -380,7 +392,7 @@ crate_: lib.makeOverridable ) ) { - rust = rustc; + rust = rustc'; release = crate_.release or true; verbose = crate_.verbose or true; extraRustcOpts = [ ]; diff --git a/pkgs/build-support/rust/build-rust-crate/lib.sh b/pkgs/build-support/rust/build-rust-crate/lib.sh index 0181ae432c85b..36ddc9ac23c4f 100644 --- a/pkgs/build-support/rust/build-rust-crate/lib.sh +++ b/pkgs/build-support/rust/build-rust-crate/lib.sh @@ -114,6 +114,12 @@ setup_link_paths() { tr '\n' ' ' < target/link > target/link_ LINK=$(cat target/link_) fi + + # Add "rustc-cdylib-link-arg" as linker arguments + # https://doc.rust-lang.org/cargo/reference/build-scripts.html#rustc-cdylib-link-arg + if [[ -n "$CRATE_TYPE_IS_CDYLIB" ]]; then + EXTRA_BUILD+=" $EXTRA_CDYLIB_LINK_ARGS" + fi } search_for_bin_path() { diff --git a/pkgs/build-support/rust/build-rust-crate/test/default.nix b/pkgs/build-support/rust/build-rust-crate/test/default.nix index d020031a92f93..dd135af919654 100644 --- a/pkgs/build-support/rust/build-rust-crate/test/default.nix +++ b/pkgs/build-support/rust/build-rust-crate/test/default.nix @@ -8,6 +8,7 @@ , stdenv , symlinkJoin , writeTextFile +, pkgsCross }: let @@ -120,7 +121,10 @@ let `name` is used as part of the derivation name that performs the checking. - `crateArgs` is passed to `mkHostCrate` to build the crate with `buildRustCrate`. + `mkCrate` can be used to override the `mkCrate` call/implementation to use to + override the `buildRustCrate`, useful for cross compilation. Uses `mkHostCrate` by default. + + `crateArgs` is passed to `mkCrate` to build the crate with `buildRustCrate` `expectedFiles` contains a list of expected file paths in the output. E.g. `[ "./bin/my_binary" ]`. @@ -129,13 +133,13 @@ let output is used but e.g. `output = "lib";` will cause the lib output to be checked instead. You do not need to specify any directories. */ - assertOutputs = { name, crateArgs, expectedFiles, output? null }: + assertOutputs = { name, mkCrate ? mkHostCrate, crateArgs, expectedFiles, output? null, }: assert (builtins.isString name); assert (builtins.isAttrs crateArgs); assert (builtins.isList expectedFiles); let - crate = mkHostCrate (builtins.removeAttrs crateArgs ["expectedTestOutput"]); + crate = mkCrate (builtins.removeAttrs crateArgs ["expectedTestOutput"]); crateOutput = if output == null then crate else crate."${output}"; expectedFilesFile = writeTextFile { name = "expected-files-${name}"; @@ -155,7 +159,7 @@ let '' # sed out the hash because it differs per platform + '' - | sed -E -e 's/-[0-9a-fA-F]{10}\.rlib/-HASH.rlib/g' \ + | sed 's/-${crate.metadata}//g' \ > "$actualFiles" diff -q ${expectedFilesFile} "$actualFiles" > /dev/null || { echo -e "\033[0;1;31mERROR: Difference in expected output files in ${crateOutput} \033[0m" >&2 @@ -651,7 +655,7 @@ let }; expectedFiles = [ "./nix-support/propagated-build-inputs" - "./lib/libtest_lib-HASH.rlib" + "./lib/libtest_lib.rlib" "./lib/link" ]; }; @@ -668,7 +672,24 @@ let }; expectedFiles = [ "./nix-support/propagated-build-inputs" - "./lib/libtest_lib-HASH.rlib" + "./lib/libtest_lib.rlib" + "./lib/link" + ]; + }; + + crateLibOutputsWasm32 = assertOutputs { + name = "wasm32-crate-lib"; + output = "lib"; + mkCrate = mkCrate pkgsCross.wasm32-unknown-none.buildRustCrate; + crateArgs = { + libName = "test_lib"; + type = [ "cdylib" ]; + libPath = "src/lib.rs"; + src = mkLib "src/lib.rs"; + }; + expectedFiles = [ + "./nix-support/propagated-build-inputs" + "./lib/test_lib.wasm" "./lib/link" ]; }; diff --git a/pkgs/build-support/rust/hooks/maturin-build-hook.sh b/pkgs/build-support/rust/hooks/maturin-build-hook.sh index b3cc1ced79647..c1e701425f00d 100644 --- a/pkgs/build-support/rust/hooks/maturin-build-hook.sh +++ b/pkgs/build-support/rust/hooks/maturin-build-hook.sh @@ -3,6 +3,9 @@ maturinBuildHook() { runHook preBuild + # Put the wheel to dist/ so that regular Python tooling can find it. + local dist="$PWD/dist" + if [ ! -z "${buildAndTestSubdir-}" ]; then pushd "${buildAndTestSubdir}" fi @@ -16,6 +19,7 @@ maturinBuildHook() { --manylinux off \ --strip \ --release \ + --out "$dist" \ ${maturinBuildFlags-} ) @@ -23,10 +27,6 @@ maturinBuildHook() { popd fi - # Move the wheel to dist/ so that regular Python tooling can find it. - mkdir -p dist - mv ${cargoRoot:+$cargoRoot/}target/wheels/*.whl dist/ - # These are python build hooks and may depend on ./dist runHook postBuild diff --git a/pkgs/build-support/setup-hooks/fix-darwin-dylib-names.sh b/pkgs/build-support/setup-hooks/fix-darwin-dylib-names.sh index e103fe77d9be7..0b03460eacb65 100644 --- a/pkgs/build-support/setup-hooks/fix-darwin-dylib-names.sh +++ b/pkgs/build-support/setup-hooks/fix-darwin-dylib-names.sh @@ -23,10 +23,13 @@ fixDarwinDylibNames() { for fn in "$@"; do if [ -L "$fn" ]; then continue; fi echo "$fn: fixing dylib" + set +e int_out=$(@targetPrefix@install_name_tool -id "$fn" "${flags[@]}" "$fn" 2>&1) result=$? + set -e if [ "$result" -ne 0 ] && - ! grep "shared library stub file and can't be changed" <<< "$out" + ! grep -q -e "shared library stub file and can't be changed" \ + -e "is not a Mach-O file" <<< "$int_out" then echo "$int_out" >&2 exit "$result" diff --git a/pkgs/build-support/setup-hooks/install-shell-files.sh b/pkgs/build-support/setup-hooks/install-shell-files.sh index 194b408b10501..4f4e215da4df2 100644 --- a/pkgs/build-support/setup-hooks/install-shell-files.sh +++ b/pkgs/build-support/setup-hooks/install-shell-files.sh @@ -219,6 +219,11 @@ installShellCompletion() { else install -Dm644 -T "$arg" "$outPath" fi || return + + if [ ! -s "$outPath" ]; then + echo "installShellCompletion: error: installed shell completion file \`$outPath' does not exist or has zero size" >&2 + return 1 + fi # Clear the per-path flags name= done diff --git a/pkgs/build-support/setup-hooks/win-dll-link.sh b/pkgs/build-support/setup-hooks/win-dll-link.sh index 14594bcba9370..2c63dbfb217c1 100644 --- a/pkgs/build-support/setup-hooks/win-dll-link.sh +++ b/pkgs/build-support/setup-hooks/win-dll-link.sh @@ -68,7 +68,7 @@ linkDLLsInfolder() { markFileAsDone "$file" if [ ! -e "./$file" ]; then local pathsFound - readarray -d '' pathsFound < <(find "${searchPaths[@]}" -name "$file" -type f -print0) + readarray -d '' pathsFound < <(find -L "${searchPaths[@]}" -name "$file" -type f -print0) if [ ${#pathsFound[@]} -eq 0 ]; then continue; fi local dllPath dllPath="${pathsFound[0]}" diff --git a/pkgs/build-support/writers/scripts.nix b/pkgs/build-support/writers/scripts.nix index 93fac09c07ba5..bceac1b0c9590 100644 --- a/pkgs/build-support/writers/scripts.nix +++ b/pkgs/build-support/writers/scripts.nix @@ -485,7 +485,7 @@ rec { # returns an executable # # Example: - # writeJS "example" { libraries = [ pkgs.nodePackages.uglify-js ]; } '' + # writeJS "example" { libraries = [ pkgs.uglify-js ]; } '' # var UglifyJS = require("uglify-js"); # var code = "function add(first, second) { return first + second; }"; # var result = UglifyJS.minify(code); |