about summary refs log tree commit diff
path: root/pkgs/tools/package-management/nix/common.nix
diff options
context:
space:
mode:
Diffstat (limited to 'pkgs/tools/package-management/nix/common.nix')
-rw-r--r--pkgs/tools/package-management/nix/common.nix35
1 files changed, 20 insertions, 15 deletions
diff --git a/pkgs/tools/package-management/nix/common.nix b/pkgs/tools/package-management/nix/common.nix
index a6f9f3c5b594..5c913f681275 100644
--- a/pkgs/tools/package-management/nix/common.nix
+++ b/pkgs/tools/package-management/nix/common.nix
@@ -16,6 +16,7 @@ let
   atLeast210 = lib.versionAtLeast version "2.10pre";
   atLeast213 = lib.versionAtLeast version "2.13pre";
   atLeast214 = lib.versionAtLeast version "2.14pre";
+  atLeast218 = lib.versionAtLeast version "2.18pre";
   atLeast219 = lib.versionAtLeast version "2.19pre";
   atLeast220 = lib.versionAtLeast version "2.20pre";
   atLeast221 = lib.versionAtLeast version "2.21pre";
@@ -42,6 +43,7 @@ in
 , callPackage
 , coreutils
 , curl
+, darwin
 , docbook_xsl_ns
 , docbook5
 , editline
@@ -59,6 +61,7 @@ in
 , libxml2
 , libxslt
 , lowdown
+, lowdown-unsandboxed
 , toml11
 , man
 , mdbook
@@ -76,7 +79,7 @@ in
 , xz
 , enableDocumentation ? stdenv.buildPlatform.canExecute stdenv.hostPlatform
 , enableStatic ? stdenv.hostPlatform.isStatic
-, withAWS ? !enableStatic && (stdenv.isLinux || stdenv.isDarwin), aws-sdk-cpp
+, withAWS ? !enableStatic && (stdenv.hostPlatform.isLinux || stdenv.hostPlatform.isDarwin), aws-sdk-cpp
 , withLibseccomp ? lib.meta.availableOn stdenv.hostPlatform libseccomp, libseccomp
 
 , confDir
@@ -101,7 +104,7 @@ self = stdenv.mkDerivation {
     [ "out" "dev" ]
     ++ lib.optionals enableDocumentation [ "man" "doc" ];
 
-  hardeningEnable = lib.optionals (!stdenv.isDarwin) [ "pie" ];
+  hardeningEnable = lib.optionals (!stdenv.hostPlatform.isDarwin) [ "pie" ];
 
   hardeningDisable = [
     "shadowstack"
@@ -122,11 +125,11 @@ self = stdenv.mkDerivation {
     docbook_xsl_ns
     docbook5
   ] ++ lib.optionals (enableDocumentation && atLeast24) [
-    (lib.getBin lowdown)
+    (lib.getBin lowdown-unsandboxed)
     mdbook
   ] ++ lib.optionals (atLeast213 && enableDocumentation) [
     mdbook-linkcheck
-  ] ++ lib.optionals stdenv.isLinux [
+  ] ++ lib.optionals stdenv.hostPlatform.isLinux [
     util-linuxMinimal
   ];
 
@@ -147,9 +150,9 @@ self = stdenv.mkDerivation {
     libgit2
   ] ++ lib.optionals (atLeast224 || lib.versionAtLeast version "pre20240626") [
     toml11
-  ] ++ lib.optionals stdenv.isDarwin [
+  ] ++ lib.optionals stdenv.hostPlatform.isDarwin [
     Security
-  ] ++ lib.optionals (stdenv.isx86_64) [
+  ] ++ lib.optionals (stdenv.hostPlatform.isx86_64) [
     libcpuid
   ] ++ lib.optionals atLeast214 [
     rapidcheck
@@ -157,6 +160,8 @@ self = stdenv.mkDerivation {
     libseccomp
   ] ++ lib.optionals withAWS [
     aws-sdk-cpp
+  ] ++ lib.optional (atLeast218 && stdenv.hostPlatform.isDarwin) [
+    darwin.apple_sdk.libs.sandbox
   ];
 
 
@@ -177,9 +182,9 @@ self = stdenv.mkDerivation {
       mkdir -p $out/lib
       cp -pd ${boost}/lib/{libboost_context*,libboost_thread*,libboost_system*} $out/lib
       rm -f $out/lib/*.a
-      ${lib.optionalString stdenv.isLinux ''
+      ${lib.optionalString stdenv.hostPlatform.isLinux ''
         chmod u+w $out/lib/*.so.*
-        patchelf --set-rpath $out/lib:${stdenv.cc.cc.lib}/lib $out/lib/libboost_thread.so.*
+        patchelf --set-rpath $out/lib:${lib.getLib stdenv.cc.cc}/lib $out/lib/libboost_thread.so.*
       ''}
     '' +
     # On all versions before c9f51e87057652db0013289a95deffba495b35e7, which
@@ -206,9 +211,9 @@ self = stdenv.mkDerivation {
     "--enable-gc"
   ] ++ lib.optionals (!enableDocumentation) [
     "--disable-doc-gen"
-  ] ++ lib.optionals stdenv.isLinux [
+  ] ++ lib.optionals stdenv.hostPlatform.isLinux [
     "--with-sandbox-shell=${busybox-sandbox-shell}/bin/busybox"
-  ] ++ lib.optionals (atLeast210 && stdenv.isLinux && stdenv.hostPlatform.isStatic) [
+  ] ++ lib.optionals (atLeast210 && stdenv.hostPlatform.isLinux && stdenv.hostPlatform.isStatic) [
     "--enable-embedded-sandbox-shell"
   ] ++ lib.optionals (stdenv.hostPlatform != stdenv.buildPlatform && stdenv.hostPlatform ? nix && stdenv.hostPlatform.nix ? system) [
     "--with-system=${stdenv.hostPlatform.nix.system}"
@@ -234,16 +239,16 @@ self = stdenv.mkDerivation {
   installCheckTarget = if atLeast210 then "installcheck" else null;
 
   # socket path becomes too long otherwise
-  preInstallCheck = lib.optionalString stdenv.isDarwin ''
+  preInstallCheck = lib.optionalString stdenv.hostPlatform.isDarwin ''
     export TMPDIR=$NIX_BUILD_TOP
   ''
   # Prevent crashes in libcurl due to invoking Objective-C `+initialize` methods after `fork`.
   # See http://sealiesoftware.com/blog/archive/2017/6/5/Objective-C_and_fork_in_macOS_1013.html.
-  + lib.optionalString stdenv.isDarwin ''
+  + lib.optionalString stdenv.hostPlatform.isDarwin ''
     export OBJC_DISABLE_INITIALIZE_FORK_SAFETY=YES
   ''
   # See https://github.com/NixOS/nix/issues/5687
-  + lib.optionalString (atLeast25 && stdenv.isDarwin) ''
+  + lib.optionalString (atLeast25 && stdenv.hostPlatform.isDarwin) ''
     echo "exit 99" > tests/gc-non-blocking.sh
   '' # TODO: investigate why this broken
   + lib.optionalString (atLeast25 && stdenv.hostPlatform.system == "aarch64-linux") ''
@@ -253,7 +258,7 @@ self = stdenv.mkDerivation {
     export MANPATH=$man/share/man:$MANPATH
   '';
 
-  separateDebugInfo = stdenv.isLinux && (atLeast24 -> !enableStatic);
+  separateDebugInfo = stdenv.hostPlatform.isLinux && (atLeast24 -> !enableStatic);
 
   enableParallelBuilding = true;
 
@@ -283,7 +288,7 @@ self = stdenv.mkDerivation {
         inherit lib pkgs;
         nix = self;
       };
-    } // lib.optionalAttrs stdenv.isLinux {
+    } // lib.optionalAttrs stdenv.hostPlatform.isLinux {
       nixStatic = pkgsStatic.nixVersions.${self_attribute_name};
 
       # Basic smoke tests that needs to pass when upgrading nix.
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-11-16 04:10:26 +0000