about summary refs log tree commit diff
path: root/pkgs/development/tools/build-managers/bazel/bazel_6/default.nix
diff options
context:
space:
mode:
Diffstat (limited to 'pkgs/development/tools/build-managers/bazel/bazel_6/default.nix')
-rw-r--r--pkgs/development/tools/build-managers/bazel/bazel_6/default.nix62
1 files changed, 52 insertions, 10 deletions
diff --git a/pkgs/development/tools/build-managers/bazel/bazel_6/default.nix b/pkgs/development/tools/build-managers/bazel/bazel_6/default.nix
index 75c014040e527..5521fcf0d53df 100644
--- a/pkgs/development/tools/build-managers/bazel/bazel_6/default.nix
+++ b/pkgs/development/tools/build-managers/bazel/bazel_6/default.nix
@@ -1,4 +1,4 @@
-{ stdenv, callPackage, lib, fetchurl, fetchpatch, fetchFromGitHub, installShellFiles
+{ stdenv, callPackage, lib, fetchurl, fetchFromGitHub, installShellFiles
 , runCommand, runCommandCC, makeWrapper, recurseIntoAttrs
 # this package (through the fixpoint glass)
 , bazel_self
@@ -8,7 +8,7 @@
 # updater
 , python3, writeScript
 # Apple dependencies
-, cctools, libcxx, CoreFoundation, CoreServices, Foundation
+, cctools, libcxx, CoreFoundation, CoreServices, Foundation, sigtool
 # Allow to independently override the jdks used to build and run respectively
 , buildJdk, runJdk
 , runtimeShell
@@ -25,12 +25,12 @@
 }:
 
 let
-  version = "6.4.0";
+  version = "6.5.0";
   sourceRoot = ".";
 
   src = fetchurl {
     url = "https://github.com/bazelbuild/bazel/releases/download/${version}/bazel-${version}-dist.zip";
-    hash = "sha256-vYj/YCyLuynugroqaxKtCS1R7GaMZXf5Yo8Y5I/05R4=";
+    hash = "sha256-/InakZQVKJ8p5P8YpeAScOzppv6Dy2CWchi6xKO7PtI=";
   };
 
   # Update with
@@ -179,7 +179,7 @@ let
 
 in
 stdenv.mkDerivation rec {
-  pname = "bazel";
+  pname = "bazel${ lib.optionalString enableNixHacks "-hacks" }";
   inherit version;
 
   meta = with lib; {
@@ -205,6 +205,27 @@ stdenv.mkDerivation rec {
     # the prebuilt one does not work in nix world.
     ./java_toolchain.patch
 
+    # Bazel integrates with apple IOKit to inhibit and track system sleep.
+    # Inside the darwin sandbox, these API calls are blocked, and bazel
+    # crashes. It seems possible to allow these APIs inside the sandbox, but it
+    # feels simpler to patch bazel not to use it at all. So our bazel is
+    # incapable of preventing system sleep, which is a small price to pay to
+    # guarantee that it will always run in any nix context.
+    #
+    # See also ./bazel_darwin_sandbox.patch in bazel_5. That patch uses
+    # NIX_BUILD_TOP env var to conditionnally disable sleep features inside the
+    # sandbox.
+    #
+    # If you want to investigate the sandbox profile path,
+    # IORegisterForSystemPower can be allowed with
+    #
+    #     propagatedSandboxProfile = ''
+    #       (allow iokit-open (iokit-user-client-class "RootDomainUserClient"))
+    #     '';
+    #
+    # I do not know yet how to allow IOPMAssertion{CreateWithName,Release}
+    ./darwin_sleep.patch
+
     # On Darwin, the last argument to gcc is coming up as an empty string. i.e: ''
     # This is breaking the build of any C target. This patch removes the last
     # argument if it's found to be an empty string.
@@ -289,7 +310,11 @@ stdenv.mkDerivation rec {
       bazelTest = { name, bazelScript, workspaceDir, bazelPkg, buildInputs ? [] }:
         let
           be = extracted bazelPkg;
-        in runLocal name { inherit buildInputs; } (
+        in runLocal name {
+          inherit buildInputs;
+          # Necessary for the tests to pass on Darwin with sandbox enabled.
+          __darwinAllowLocalNetworking = true;
+        } (
           # skip extraction caching on Darwin, because nobody knows how Darwin works
           (lib.optionalString (!stdenv.hostPlatform.isDarwin) ''
             # set up home with pre-unpacked bazel
@@ -403,7 +428,10 @@ stdenv.mkDerivation rec {
       export NIX_CFLAGS_COMPILE+=" -Wno-deprecated-builtins -Wno-gnu-offsetof-extensions"
 
       # don't use system installed Xcode to run clang, use Nix clang instead
-      sed -i -E "s;/usr/bin/xcrun (--sdk macosx )?clang;${stdenv.cc}/bin/clang $NIX_CFLAGS_COMPILE $(bazelLinkFlags) -framework CoreFoundation;g" \
+      sed -i -E \
+        -e "s;/usr/bin/xcrun (--sdk macosx )?clang;${stdenv.cc}/bin/clang $NIX_CFLAGS_COMPILE $(bazelLinkFlags) -framework CoreFoundation;g" \
+        -e "s;/usr/bin/codesign;CODESIGN_ALLOCATE=${cctools}/bin/${cctools.targetPrefix}codesign_allocate ${sigtool}/bin/codesign;" \
+        -e "s;env -i codesign;env -i CODESIGN_ALLOCATE=${cctools}/bin/${cctools.targetPrefix}codesign_allocate ${sigtool}/bin/codesign;" \
         scripts/bootstrap/compile.sh \
         tools/osx/BUILD
 
@@ -557,7 +585,7 @@ stdenv.mkDerivation rec {
     which
     zip
     python3.pkgs.absl-py   # Needed to build fish completion
-  ] ++ lib.optionals (stdenv.isDarwin) [ cctools libcxx CoreFoundation CoreServices Foundation ];
+  ] ++ lib.optionals (stdenv.isDarwin) [ cctools libcxx sigtool CoreFoundation CoreServices Foundation ];
 
   # Bazel makes extensive use of symlinks in the WORKSPACE.
   # This causes problems with infinite symlinks if the build output is in the same location as the
@@ -593,7 +621,10 @@ stdenv.mkDerivation rec {
     ${python3}/bin/python3 ./bazel_src/scripts/generate_fish_completion.py \
         --bazel=./bazel_src/output/bazel \
         --output=./bazel_src/output/bazel-complete.fish
-
+  '' +
+  # disable execlog parser on darwin, since it fails to build
+  # see https://github.com/NixOS/nixpkgs/pull/273774#issuecomment-1865322055
+  lib.optionalString (!stdenv.isDarwin) ''
     # need to change directory for bazel to find the workspace
     cd ./bazel_src
     # build execlog tooling
@@ -617,6 +648,10 @@ stdenv.mkDerivation rec {
     wrapProgram $out/bin/bazel $wrapperfile --suffix PATH : ${defaultShellPath}
     mv ./bazel_src/output/bazel $out/bin/bazel-${version}-${system}-${arch}
 
+  '' +
+  # disable execlog parser on darwin, since it fails to build
+  # see https://github.com/NixOS/nixpkgs/pull/273774#issuecomment-1865322055
+  (lib.optionalString (!stdenv.isDarwin) ''
     mkdir $out/share
     cp ./bazel_src/bazel-bin/src/tools/execlog/parser_deploy.jar $out/share/parser_deploy.jar
     cat <<EOF > $out/bin/bazel-execlog
@@ -624,7 +659,7 @@ stdenv.mkDerivation rec {
     ${runJdk}/bin/java -jar $out/share/parser_deploy.jar \$@
     EOF
     chmod +x $out/bin/bazel-execlog
-
+  '') + ''
     # shell completion files
     installShellCompletion --bash \
       --name bazel.bash \
@@ -678,6 +713,13 @@ stdenv.mkDerivation rec {
     # second call succeeds because it defers to $out/bin/bazel-{version}-{os_arch}
     hello_test
 
+    ## Test that the GSON serialisation files are present
+    gson_classes=$(unzip -l $($out/bin/bazel info install_base)/A-server.jar | grep -F -c _GsonTypeAdapter.class)
+    if [ "$gson_classes" -lt 10 ]; then
+      echo "Missing GsonTypeAdapter classes in A-server.jar. Lockfile generation will not work"
+      exit 1
+    fi
+
     runHook postInstall
   '';
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-06-02 08:30:24 +0000