diff options
| author | Alyssa Ross <hi@alyssa.is> | 2023-06-16 06:56:35 +0000 |
|---|---|---|
| committer | Alyssa Ross <hi@alyssa.is> | 2023-06-16 06:56:35 +0000 |
| commit | 99fcaeccb89621dd492203ce1f2d551c06f228ed (patch) | |
| tree | 41cb730ae07383004789779b0f6e11cb3f4642a3 /nixpkgs/doc/stdenv | |
| parent | 59c5f5ac8682acc13bb22bc29c7cf02f7d75f01f (diff) | |
| parent | 75a5ebf473cd60148ba9aec0d219f72e5cf52519 (diff) | |
| download | nixlib-99fcaeccb89621dd492203ce1f2d551c06f228ed.tar nixlib-99fcaeccb89621dd492203ce1f2d551c06f228ed.tar.gz nixlib-99fcaeccb89621dd492203ce1f2d551c06f228ed.tar.bz2 nixlib-99fcaeccb89621dd492203ce1f2d551c06f228ed.tar.lz nixlib-99fcaeccb89621dd492203ce1f2d551c06f228ed.tar.xz nixlib-99fcaeccb89621dd492203ce1f2d551c06f228ed.tar.zst nixlib-99fcaeccb89621dd492203ce1f2d551c06f228ed.zip | |
Merge branch 'nixos-unstable' of https://github.com/NixOS/nixpkgs
Conflicts: nixpkgs/nixos/modules/config/console.nix nixpkgs/nixos/modules/services/mail/mailman.nix nixpkgs/nixos/modules/services/mail/public-inbox.nix nixpkgs/nixos/modules/services/mail/rss2email.nix nixpkgs/nixos/modules/services/networking/ssh/sshd.nix nixpkgs/pkgs/applications/networking/instant-messengers/dino/default.nix nixpkgs/pkgs/applications/networking/irc/weechat/default.nix nixpkgs/pkgs/applications/window-managers/sway/default.nix nixpkgs/pkgs/build-support/go/module.nix nixpkgs/pkgs/build-support/rust/build-rust-package/default.nix nixpkgs/pkgs/development/interpreters/python/default.nix nixpkgs/pkgs/development/node-packages/overrides.nix nixpkgs/pkgs/development/tools/b4/default.nix nixpkgs/pkgs/servers/dict/dictd-db.nix nixpkgs/pkgs/servers/mail/public-inbox/default.nix nixpkgs/pkgs/tools/security/pinentry/default.nix nixpkgs/pkgs/tools/text/unoconv/default.nix nixpkgs/pkgs/top-level/all-packages.nix
Diffstat (limited to 'nixpkgs/doc/stdenv')
| -rw-r--r-- | nixpkgs/doc/stdenv/cross-compilation.chapter.md | 4 | ||||
| -rw-r--r-- | nixpkgs/doc/stdenv/meta.chapter.md | 106 | ||||
| -rw-r--r-- | nixpkgs/doc/stdenv/multiple-output.chapter.md | 2 | ||||
| -rw-r--r-- | nixpkgs/doc/stdenv/stdenv.chapter.md | 515 |
4 files changed, 351 insertions, 276 deletions
diff --git a/nixpkgs/doc/stdenv/cross-compilation.chapter.md b/nixpkgs/doc/stdenv/cross-compilation.chapter.md index 0eff70de5ca1..e659e1803807 100644 --- a/nixpkgs/doc/stdenv/cross-compilation.chapter.md +++ b/nixpkgs/doc/stdenv/cross-compilation.chapter.md @@ -150,7 +150,7 @@ depsBuildBuild = [ buildPackages.stdenv.cc ]; Add the following to your `mkDerivation` invocation. ```nix -doCheck = stdenv.hostPlatform == stdenv.buildPlatform; +doCheck = stdenv.buildPlatform.canExecute stdenv.hostPlatform; ``` #### Package using Meson needs to run binaries for the host platform during build. {#cross-meson-runs-host-code} @@ -250,5 +250,5 @@ Thirdly, it is because everything target-mentioning only exists to accommodate c ::: ::: {.note} -If one explores Nixpkgs, they will see derivations with names like `gccCross`. Such `*Cross` derivations is a holdover from before we properly distinguished between the host and target platforms—the derivation with “Cross” in the name covered the `build = host != target` case, while the other covered the `host = target`, with build platform the same or not based on whether one was using its `.nativeDrv` or `.crossDrv`. This ugliness will disappear soon. +If one explores Nixpkgs, they will see derivations with names like `gccCross`. Such `*Cross` derivations is a holdover from before we properly distinguished between the host and target platforms—the derivation with “Cross” in the name covered the `build = host != target` case, while the other covered the `host = target`, with build platform the same or not based on whether one was using its `.__spliced.buildHost` or `.__spliced.hostTarget`. ::: diff --git a/nixpkgs/doc/stdenv/meta.chapter.md b/nixpkgs/doc/stdenv/meta.chapter.md index 475006b1259b..0cb2d6573dfc 100644 --- a/nixpkgs/doc/stdenv/meta.chapter.md +++ b/nixpkgs/doc/stdenv/meta.chapter.md @@ -11,58 +11,12 @@ meta = with lib; { ''; homepage = "https://www.gnu.org/software/hello/manual/"; license = licenses.gpl3Plus; - maintainers = [ maintainers.eelco ]; + maintainers = with maintainers; [ eelco ]; platforms = platforms.all; }; ``` -Meta-attributes are not passed to the builder of the package. Thus, a change to a meta-attribute doesn’t trigger a recompilation of the package. The value of a meta-attribute must be a string. - -The meta-attributes of a package can be queried from the command-line using `nix-env`: - -```ShellSession -$ nix-env -qa hello --json -{ - "hello": { - "meta": { - "description": "A program that produces a familiar, friendly greeting", - "homepage": "https://www.gnu.org/software/hello/manual/", - "license": { - "fullName": "GNU General Public License version 3 or later", - "shortName": "GPLv3+", - "url": "http://www.fsf.org/licensing/licenses/gpl.html" - }, - "longDescription": "GNU Hello is a program that prints \"Hello, world!\" when you run it.\nIt is fully customizable.\n", - "maintainers": [ - "Ludovic Court\u00e8s <ludo@gnu.org>" - ], - "platforms": [ - "i686-linux", - "x86_64-linux", - "armv5tel-linux", - "armv7l-linux", - "mips32-linux", - "x86_64-darwin", - "i686-cygwin", - "i686-freebsd", - "x86_64-freebsd", - "i686-openbsd", - "x86_64-openbsd" - ], - "position": "/home/user/dev/nixpkgs/pkgs/applications/misc/hello/default.nix:14" - }, - "name": "hello-2.9", - "system": "x86_64-linux" - } -} -``` - -`nix-env` knows about the `description` field specifically: - -```ShellSession -$ nix-env -qa hello --description -hello-2.3 A program that produces a familiar, friendly greeting -``` +Meta-attributes are not passed to the builder of the package. Thus, a change to a meta-attribute doesn’t trigger a recompilation of the package. ## Standard meta-attributes {#sec-standard-meta-attributes} @@ -80,7 +34,7 @@ Right: `"A library for decoding PNG images"` ### `longDescription` {#var-meta-longDescription} -An arbitrarily long description of the package. +An arbitrarily long description of the package in [CommonMark](https://commonmark.org) Markdown. ### `branch` {#var-meta-branch} @@ -112,11 +66,11 @@ For details, see [Licenses](#sec-meta-license). ### `maintainers` {#var-meta-maintainers} -A list of the maintainers of this Nix expression. Maintainers are defined in [`nixpkgs/maintainers/maintainer-list.nix`](https://github.com/NixOS/nixpkgs/blob/master/maintainers/maintainer-list.nix). There is no restriction to becoming a maintainer, just add yourself to that list in a separate commit titled “maintainers: add alice”, and reference maintainers with `maintainers = with lib.maintainers; [ alice bob ]`. +A list of the maintainers of this Nix expression. Maintainers are defined in [`nixpkgs/maintainers/maintainer-list.nix`](https://github.com/NixOS/nixpkgs/blob/master/maintainers/maintainer-list.nix). There is no restriction to becoming a maintainer, just add yourself to that list in a separate commit titled “maintainers: add alice” in the same pull request, and reference maintainers with `maintainers = with lib.maintainers; [ alice bob ]`. ### `mainProgram` {#var-meta-mainProgram} -The name of the main binary for the package. This effects the binary `nix run` executes and falls back to the name of the package. Example: `"rg"` +The name of the main binary for the package. This affects the binary `nix run` executes and falls back to the name of the package. Example: `"rg"` ### `priority` {#var-meta-priority} @@ -132,6 +86,23 @@ meta.platforms = lib.platforms.linux; Attribute Set `lib.platforms` defines [various common lists](https://github.com/NixOS/nixpkgs/blob/master/lib/systems/doubles.nix) of platforms types. +### `badPlatforms` {#var-meta-badPlatforms} + +The list of Nix [platform types](https://github.com/NixOS/nixpkgs/blob/b03ac42b0734da3e7be9bf8d94433a5195734b19/lib/meta.nix#L75-L81) on which the package is known not to be buildable. +Hydra will never create prebuilt binaries for these platform types, even if they are in [`meta.platforms`](#var-meta-platforms). +In general it is preferable to set `meta.platforms = lib.platforms.all` and then exclude any platforms on which the package is known not to build. +For example, a package which requires dynamic linking and cannot be linked statically could use this: + +```nix +meta.platforms = lib.platforms.all; +meta.badPlatforms = [ lib.systems.inspect.patterns.isStatic ]; +``` + +The [`lib.meta.availableOn`](https://github.com/NixOS/nixpkgs/blob/b03ac42b0734da3e7be9bf8d94433a5195734b19/lib/meta.nix#L95-L106) function can be used to test whether or not a package is available (i.e. buildable) on a given platform. +Some packages use this to automatically detect the maximum set of features with which they can be built. +For example, `systemd` [requires dynamic linking](https://github.com/systemd/systemd/issues/20600#issuecomment-912338965), and [has a `meta.badPlatforms` setting](https://github.com/NixOS/nixpkgs/blob/b03ac42b0734da3e7be9bf8d94433a5195734b19/pkgs/os-specific/linux/systemd/default.nix#L752) similar to the one above. +Packages which can be built with or without `systemd` support will use `lib.meta.availableOn` to detect whether or not `systemd` is available on the [`hostPlatform`](#ssec-cross-platform-parameters) for which they are being built; if it is not available (e.g. due to a statically-linked host platform like `pkgsStatic`) this support will be disabled by default. + ### `tests` {#var-meta-tests} ::: {.warning} @@ -147,7 +118,7 @@ $ cd path/to/nixpkgs $ nix-build -A your-package.tests ``` -#### Package tests +#### Package tests {#var-meta-tests-packages} Tests that are part of the source package are often executed in the `installCheckPhase`. @@ -159,7 +130,7 @@ Prefer `passthru.tests` for tests that are introduced in nixpkgs because: For more on how to write and run package tests, see <xref linkend="sec-package-tests"/>. -#### NixOS tests +#### NixOS tests {#var-meta-tests-nixos} The NixOS tests are available as `nixosTests` in parameters of derivations. For instance, the OpenSMTPD derivation includes lines similar to: @@ -211,11 +182,15 @@ runCommand "my-package-test" { ### `timeout` {#var-meta-timeout} -A timeout (in seconds) for building the derivation. If the derivation takes longer than this time to build, it can fail due to breaking the timeout. However, all computers do not have the same computing power, hence some builders may decide to apply a multiplicative factor to this value. When filling this value in, try to keep it approximately consistent with other values already present in `nixpkgs`. +A timeout (in seconds) for building the derivation. If the derivation takes longer than this time to build, Hydra will fail it due to breaking the timeout. However, all computers do not have the same computing power, hence some builders may decide to apply a multiplicative factor to this value. When filling this value in, try to keep it approximately consistent with other values already present in `nixpkgs`. + +`meta` attributes are not stored in the instantiated derivation. +Therefore, this setting may be lost when the package is used as a dependency. +To be effective, it must be presented directly to an evaluation process that handles the `meta.timeout` attribute. ### `hydraPlatforms` {#var-meta-hydraPlatforms} -The list of Nix platform types for which the Hydra instance at `hydra.nixos.org` will build the package. (Hydra is the Nix-based continuous build system.) It defaults to the value of `meta.platforms`. Thus, the only reason to set `meta.hydraPlatforms` is if you want `hydra.nixos.org` to build the package on a subset of `meta.platforms`, or not at all, e.g. +The list of Nix platform types for which the [Hydra](https://github.com/nixos/hydra) [instance at `hydra.nixos.org`](https://nixos.org/hydra) will build the package. (Hydra is the Nix-based continuous build system.) It defaults to the value of `meta.platforms`. Thus, the only reason to set `meta.hydraPlatforms` is if you want `hydra.nixos.org` to build the package on a subset of `meta.platforms`, or not at all, e.g. ```nix meta.platforms = lib.platforms.linux; @@ -224,7 +199,26 @@ meta.hydraPlatforms = []; ### `broken` {#var-meta-broken} -If set to `true`, the package is marked as "broken", meaning that it won’t show up in `nix-env -qa`, and cannot be built or installed. Such packages should be removed from Nixpkgs eventually unless they are fixed. +If set to `true`, the package is marked as "broken", meaning that it won’t show up in [search.nixos.org](https://search.nixos.org/packages), and cannot be built or installed unless the environment variable [`NIXPKGS_ALLOW_BROKEN`](#opt-allowBroken) is set. +Such unconditionally-broken packages should be removed from Nixpkgs eventually unless they are fixed. + +The value of this attribute can depend on a package's arguments, including `stdenv`. +This means that `broken` can be used to express constraints, for example: + +- Does not cross compile + + ```nix + meta.broken = !(stdenv.buildPlatform.canExecute stdenv.hostPlatform) + ``` + +- Broken if all of a certain set of its dependencies are broken + + ```nix + meta.broken = lib.all (map (p: p.meta.broken) [ glibc musl ]) + ``` + +This makes `broken` strictly more powerful than `meta.badPlatforms`. +However `meta.availableOn` currently examines only `meta.platforms` and `meta.badPlatforms`, so `meta.broken` does not influence the default values for optional dependencies. ## Licenses {#sec-meta-license} diff --git a/nixpkgs/doc/stdenv/multiple-output.chapter.md b/nixpkgs/doc/stdenv/multiple-output.chapter.md index 65156816b991..c19d497ab61e 100644 --- a/nixpkgs/doc/stdenv/multiple-output.chapter.md +++ b/nixpkgs/doc/stdenv/multiple-output.chapter.md @@ -29,7 +29,7 @@ NixOS provides two ways to select the outputs to install for packages listed in `nix-env` lacks an easy way to select the outputs to install. When installing a package, `nix-env` always installs the outputs listed in `meta.outputsToInstall`, even when the user explicitly selects an output. ::: {.warning} -`nix-env` silenty disregards the outputs selected by the user, and instead installs the outputs from `meta.outputsToInstall`. For example, +`nix-env` silently disregards the outputs selected by the user, and instead installs the outputs from `meta.outputsToInstall`. For example, ```ShellSession $ nix-env -iA nixpkgs.coreutils.info diff --git a/nixpkgs/doc/stdenv/stdenv.chapter.md b/nixpkgs/doc/stdenv/stdenv.chapter.md index b4cc50b509d4..0b3776b530ca 100644 --- a/nixpkgs/doc/stdenv/stdenv.chapter.md +++ b/nixpkgs/doc/stdenv/stdenv.chapter.md @@ -11,12 +11,13 @@ stdenv.mkDerivation { name = "libfoo-1.2.3"; src = fetchurl { url = "http://example.org/libfoo-1.2.3.tar.bz2"; - sha256 = "0x2g1jqygyr5wiwg4ma1nd7w4ydpy82z9gkcv8vh2v8dn3y58v5m"; + hash = "sha256-tWxU/LANbQE32my+9AXyt3nCT7NBVfJ45CX757EMT3Q="; }; } ``` -(`stdenv` needs to be in scope, so if you write this in a separate Nix expression from `pkgs/all-packages.nix`, you need to pass it as a function argument.) Specifying a `name` and a `src` is the absolute minimum Nix requires. For convenience, you can also use `pname` and `version` attributes and `mkDerivation` will automatically set `name` to `"${pname}-${version}"` by default. Since [RFC 0035](https://github.com/NixOS/rfcs/pull/35), this is preferred for packages in Nixpkgs, as it allows us to reuse the version easily: +(`stdenv` needs to be in scope, so if you write this in a separate Nix expression from `pkgs/all-packages.nix`, you need to pass it as a function argument.) Specifying a `name` and a `src` is the absolute minimum Nix requires. For convenience, you can also use `pname` and `version` attributes and `mkDerivation` will automatically set `name` to `"${pname}-${version}"` by default. +**Since [RFC 0035](https://github.com/NixOS/rfcs/pull/35), this is preferred for packages in Nixpkgs**, as it allows us to reuse the version easily: ```nix stdenv.mkDerivation rec { @@ -24,7 +25,7 @@ stdenv.mkDerivation rec { version = "1.2.3"; src = fetchurl { url = "http://example.org/libfoo-source-${version}.tar.bz2"; - sha256 = "0x2g1jqygyr5wiwg4ma1nd7w4ydpy82z9gkcv8vh2v8dn3y58v5m"; + hash = "sha256-tWxU/LANbQE32my+9AXyt3nCT7NBVfJ45CX757EMT3Q="; }; } ``` @@ -33,7 +34,8 @@ Many packages have dependencies that are not provided in the standard environmen ```nix stdenv.mkDerivation { - name = "libfoo-1.2.3"; + pname = "libfoo"; + version = "1.2.3"; ... buildInputs = [libbar perl ncurses]; } @@ -45,7 +47,8 @@ Often it is necessary to override or modify some aspect of the build. To make th ```nix stdenv.mkDerivation { - name = "fnord-4.5"; + pname = "fnord"; + version = "4.5"; ... buildPhase = '' gcc foo.c -o foo @@ -65,7 +68,8 @@ While the standard environment provides a generic builder, you can still supply ```nix stdenv.mkDerivation { - name = "libfoo-1.2.3"; + pname = "libfoo"; + version = "1.2.3"; ... builder = ./builder.sh; } @@ -95,6 +99,27 @@ installPhase() { genericBuild ``` +### Building a `stdenv` package in `nix-shell` {#sec-building-stdenv-package-in-nix-shell} + +To build a `stdenv` package in a [`nix-shell`](https://nixos.org/manual/nix/unstable/command-ref/nix-shell.html), use + +```bash +nix-shell '<nixpkgs>' -A some_package +eval "${unpackPhase:-unpackPhase}" +cd $sourceRoot +eval "${patchPhase:-patchPhase}" +eval "${configurePhase:-configurePhase}" +eval "${buildPhase:-buildPhase}" +``` + +To modify a [phase](#sec-stdenv-phases), first print it with + +```bash +type buildPhase +``` + +then change it in a text editor, and paste it back to the terminal. + ## Tools provided by `stdenv` {#sec-tools-of-stdenv} The standard environment provides the following packages: @@ -116,6 +141,82 @@ On Linux, `stdenv` also includes the `patchelf` utility. ## Specifying dependencies {#ssec-stdenv-dependencies} +Build systems often require more dependencies than just what `stdenv` provides. This section describes attributes accepted by `stdenv.mkDerivation` that can be used to make these dependencies available to the build system. + +### Overview {#ssec-stdenv-dependencies-overview} + +A full reference of the different kinds of dependencies is provided in [](#ssec-stdenv-dependencies-reference), but here is an overview of the most common ones. +It should cover most use cases. + +Add dependencies to `nativeBuildInputs` if they are executed during the build: +- those which are needed on `$PATH` during the build, for example `cmake` and `pkg-config` +- [setup hooks](#ssec-setup-hooks), for example [`makeWrapper`](#fun-makeWrapper) +- interpreters needed by [`patchShebangs`](#patch-shebangs.sh) for build scripts (with the `--build` flag), which can be the case for e.g. `perl` + +Add dependencies to `buildInputs` if they will end up copied or linked into the final output or otherwise used at runtime: +- libraries used by compilers, for example `zlib`, +- interpreters needed by [`patchShebangs`](#patch-shebangs.sh) for scripts which are installed, which can be the case for e.g. `perl` + +::: {.note} +These criteria are independent. + +For example, software using Wayland usually needs the `wayland` library at runtime, so `wayland` should be added to `buildInputs`. +But it also executes the `wayland-scanner` program as part of the build to generate code, so `wayland` should also be added to `nativeBuildInputs`. +::: + +Dependencies needed only to run tests are similarly classified between native (executed during build) and non-native (executed at runtime): +- `nativeCheckInputs` for test tools needed on `$PATH` (such as `ctest`) and [setup hooks](#ssec-setup-hooks) (for example [`pytestCheckHook`](#python)) +- `checkInputs` for libraries linked into test executables (for example the `qcheck` OCaml package) + +These dependencies are only injected when [`doCheck`](#var-stdenv-doCheck) is set to `true`. + +#### Example {#ssec-stdenv-dependencies-overview-example} + +Consider for example this simplified derivation for `solo5`, a sandboxing tool: +```nix +stdenv.mkDerivation rec { + pname = "solo5"; + version = "0.7.5"; + + src = fetchurl { + url = "https://github.com/Solo5/solo5/releases/download/v${version}/solo5-v${version}.tar.gz"; + sha256 = "sha256-viwrS9lnaU8sTGuzK/+L/PlMM/xRRtgVuK5pixVeDEw="; + }; + + nativeBuildInputs = [ makeWrapper pkg-config ]; + buildInputs = [ libseccomp ]; + + postInstall = '' + substituteInPlace $out/bin/solo5-virtio-mkimage \ + --replace "/usr/lib/syslinux" "${syslinux}/share/syslinux" \ + --replace "/usr/share/syslinux" "${syslinux}/share/syslinux" \ + --replace "cp " "cp --no-preserve=mode " + + wrapProgram $out/bin/solo5-virtio-mkimage \ + --prefix PATH : ${lib.makeBinPath [ dosfstools mtools parted syslinux ]} + ''; + + doCheck = true; + nativeCheckInputs = [ util-linux qemu ]; + checkPhase = '' [elided] ''; +} +``` + +- `makeWrapper` is a setup hook, i.e., a shell script sourced by the generic builder of `stdenv`. + It is thus executed during the build and must be added to `nativeBuildInputs`. +- `pkg-config` is a build tool which the configure script of `solo5` expects to be on `$PATH` during the build: + therefore, it must be added to `nativeBuildInputs`. +- `libseccomp` is a library linked into `$out/bin/solo5-elftool`. + As it is used at runtime, it must be added to `buildInputs`. +- Tests need `qemu` and `getopt` (from `util-linux`) on `$PATH`, these must be added to `nativeCheckInputs`. +- Some dependencies are injected directly in the shell code of phases: `syslinux`, `dosfstools`, `mtools`, and `parted`. +In this specific case, they will end up in the output of the derivation (`$out` here). +As Nix marks dependencies whose absolute path is present in the output as runtime dependencies, adding them to `buildInputs` is not required. + +For more complex cases, like libraries linked into an executable which is then executed as part of the build system, see [](#ssec-stdenv-dependencies-reference). + +### Reference {#ssec-stdenv-dependencies-reference} + As described in the Nix manual, almost any `*.drv` store path in a derivation’s attribute set will induce a dependency on that derivation. `mkDerivation`, however, takes a few attributes intended to include all the dependencies of a package. This is done both for structure and consistency, but also so that certain other setup can take place. For example, certain dependencies need their bin directories added to the `PATH`. That is built-in, but other setup is done via a pluggable mechanism that works in conjunction with these dependency attributes. See [](#ssec-setup-hooks) for details. Dependencies can be broken down along three axes: their host and target platforms relative to the new derivation’s, and whether they are propagated. The platform distinctions are motivated by cross compilation; see [](#chap-cross) for exactly what each platform means. [^footnote-stdenv-ignored-build-platform] But even if one is not cross compiling, the platforms imply whether or not the dependency is needed at run-time or build-time, a concept that makes perfect sense outside of cross compilation. By default, the run-time/build-time distinction is just a hint for mental clarity, but with `strictDeps` set it is mostly enforced even in the native case. @@ -156,7 +257,7 @@ propagated-dep(mapOffset(h0, t0, h1), ``` let mapOffset(h, t, i) = i + (if i <= 0 then h else t - 1) -dep(h0, _, A, B) +dep(h0, t0, A, B) propagated-dep(h1, t1, B, C) h0 + h1 in {-1, 0, 1} h0 + t1 in {-1, 0, -1} @@ -185,23 +286,23 @@ This is where “sum-like” comes in from above: We can just sum all of the hos Because of the bounds checks, the uncommon cases are `h = t` and `h + 2 = t`. In the former case, the motivation for `mapOffset` is that since its host and target platforms are the same, no transitive dependency of it should be able to “discover” an offset greater than its reduced target offsets. `mapOffset` effectively “squashes” all its transitive dependencies’ offsets so that none will ever be greater than the target offset of the original `h = t` package. In the other case, `h + 1` is skipped over between the host and target offsets. Instead of squashing the offsets, we need to “rip” them apart so no transitive dependencies’ offset is that one. -Overall, the unifying theme here is that propagation shouldn’t be introducing transitive dependencies involving platforms the depending package is unaware of. \[One can imagine the dependending package asking for dependencies with the platforms it knows about; other platforms it doesn’t know how to ask for. The platform description in that scenario is a kind of unforagable capability.\] The offset bounds checking and definition of `mapOffset` together ensure that this is the case. Discovering a new offset is discovering a new platform, and since those platforms weren’t in the derivation “spec” of the needing package, they cannot be relevant. From a capability perspective, we can imagine that the host and target platforms of a package are the capabilities a package requires, and the depending package must provide the capability to the dependency. +Overall, the unifying theme here is that propagation shouldn’t be introducing transitive dependencies involving platforms the depending package is unaware of. \[One can imagine the depending package asking for dependencies with the platforms it knows about; other platforms it doesn’t know how to ask for. The platform description in that scenario is a kind of unforgeable capability.\] The offset bounds checking and definition of `mapOffset` together ensure that this is the case. Discovering a new offset is discovering a new platform, and since those platforms weren’t in the derivation “spec” of the needing package, they cannot be relevant. From a capability perspective, we can imagine that the host and target platforms of a package are the capabilities a package requires, and the depending package must provide the capability to the dependency. -### Variables specifying dependencies {#variables-specifying-dependencies} +#### Variables specifying dependencies {#variables-specifying-dependencies} -#### `depsBuildBuild` {#var-stdenv-depsBuildBuild} +##### `depsBuildBuild` {#var-stdenv-depsBuildBuild} A list of dependencies whose host and target platforms are the new derivation’s build platform. These are programs and libraries used at build time that produce programs and libraries also used at build time. If the dependency doesn’t care about the target platform (i.e. isn’t a compiler or similar tool), put it in `nativeBuildInputs` instead. The most common use of this `buildPackages.stdenv.cc`, the default C compiler for this role. That example crops up more than one might think in old commonly used C libraries. Since these packages are able to be run at build-time, they are always added to the `PATH`, as described above. But since these packages are only guaranteed to be able to run then, they shouldn’t persist as run-time dependencies. This isn’t currently enforced, but could be in the future. -#### `nativeBuildInputs` {#var-stdenv-nativeBuildInputs} +##### `nativeBuildInputs` {#var-stdenv-nativeBuildInputs} A list of dependencies whose host platform is the new derivation’s build platform, and target platform is the new derivation’s host platform. These are programs and libraries used at build-time that, if they are a compiler or similar tool, produce code to run at run-time—i.e. tools used to build the new derivation. If the dependency doesn’t care about the target platform (i.e. isn’t a compiler or similar tool), put it here, rather than in `depsBuildBuild` or `depsBuildTarget`. This could be called `depsBuildHost` but `nativeBuildInputs` is used for historical continuity. Since these packages are able to be run at build-time, they are added to the `PATH`, as described above. But since these packages are only guaranteed to be able to run then, they shouldn’t persist as run-time dependencies. This isn’t currently enforced, but could be in the future. -#### `depsBuildTarget` {#var-stdenv-depsBuildTarget} +##### `depsBuildTarget` {#var-stdenv-depsBuildTarget} A list of dependencies whose host platform is the new derivation’s build platform, and target platform is the new derivation’s target platform. These are programs used at build time that produce code to run with code produced by the depending package. Most commonly, these are tools used to build the runtime or standard library that the currently-being-built compiler will inject into any code it compiles. In many cases, the currently-being-built-compiler is itself employed for that task, but when that compiler won’t run (i.e. its build and host platform differ) this is not possible. Other times, the compiler relies on some other tool, like binutils, that is always built separately so that the dependency is unconditional. @@ -209,41 +310,41 @@ This is a somewhat confusing concept to wrap one’s head around, and for good r Since these packages are able to run at build time, they are added to the `PATH`, as described above. But since these packages are only guaranteed to be able to run then, they shouldn’t persist as run-time dependencies. This isn’t currently enforced, but could be in the future. -#### `depsHostHost` {#var-stdenv-depsHostHost} +##### `depsHostHost` {#var-stdenv-depsHostHost} A list of dependencies whose host and target platforms match the new derivation’s host platform. In practice, this would usually be tools used by compilers for macros or a metaprogramming system, or libraries used by the macros or metaprogramming code itself. It’s always preferable to use a `depsBuildBuild` dependency in the derivation being built over a `depsHostHost` on the tool doing the building for this purpose. -#### `buildInputs` {#var-stdenv-buildInputs} +##### `buildInputs` {#var-stdenv-buildInputs} A list of dependencies whose host platform and target platform match the new derivation’s. This would be called `depsHostTarget` but for historical continuity. If the dependency doesn’t care about the target platform (i.e. isn’t a compiler or similar tool), put it here, rather than in `depsBuildBuild`. These are often programs and libraries used by the new derivation at *run*-time, but that isn’t always the case. For example, the machine code in a statically-linked library is only used at run-time, but the derivation containing the library is only needed at build-time. Even in the dynamic case, the library may also be needed at build-time to appease the linker. -#### `depsTargetTarget` {#var-stdenv-depsTargetTarget} +##### `depsTargetTarget` {#var-stdenv-depsTargetTarget} A list of dependencies whose host platform matches the new derivation’s target platform. These are packages that run on the target platform, e.g. the standard library or run-time deps of standard library that a compiler insists on knowing about. It’s poor form in almost all cases for a package to depend on another from a future stage \[future stage corresponding to positive offset\]. Do not use this attribute unless you are packaging a compiler and are sure it is needed. -#### `depsBuildBuildPropagated` {#var-stdenv-depsBuildBuildPropagated} +##### `depsBuildBuildPropagated` {#var-stdenv-depsBuildBuildPropagated} The propagated equivalent of `depsBuildBuild`. This perhaps never ought to be used, but it is included for consistency \[see below for the others\]. -#### `propagatedNativeBuildInputs` {#var-stdenv-propagatedNativeBuildInputs} +##### `propagatedNativeBuildInputs` {#var-stdenv-propagatedNativeBuildInputs} The propagated equivalent of `nativeBuildInputs`. This would be called `depsBuildHostPropagated` but for historical continuity. For example, if package `Y` has `propagatedNativeBuildInputs = [X]`, and package `Z` has `buildInputs = [Y]`, then package `Z` will be built as if it included package `X` in its `nativeBuildInputs`. If instead, package `Z` has `nativeBuildInputs = [Y]`, then `Z` will be built as if it included `X` in the `depsBuildBuild` of package `Z`, because of the sum of the two `-1` host offsets. -#### `depsBuildTargetPropagated` {#var-stdenv-depsBuildTargetPropagated} +##### `depsBuildTargetPropagated` {#var-stdenv-depsBuildTargetPropagated} The propagated equivalent of `depsBuildTarget`. This is prefixed for the same reason of alerting potential users. -#### `depsHostHostPropagated` {#var-stdenv-depsHostHostPropagated} +##### `depsHostHostPropagated` {#var-stdenv-depsHostHostPropagated} The propagated equivalent of `depsHostHost`. -#### `propagatedBuildInputs` {#var-stdenv-propagatedBuildInputs} +##### `propagatedBuildInputs` {#var-stdenv-propagatedBuildInputs} The propagated equivalent of `buildInputs`. This would be called `depsHostTargetPropagated` but for historical continuity. -#### `depsTargetTargetPropagated` {#var-stdenv-depsTargetTargetPropagated} +##### `depsTargetTargetPropagated` {#var-stdenv-depsTargetTargetPropagated} The propagated equivalent of `depsTargetTarget`. This is prefixed for the same reason of alerting potential users. @@ -253,7 +354,7 @@ The propagated equivalent of `depsTargetTarget`. This is prefixed for the same r #### `NIX_DEBUG` {#var-stdenv-NIX_DEBUG} -A natural number indicating how much information to log. If set to 1 or higher, `stdenv` will print moderate debugging information during the build. In particular, the `gcc` and `ld` wrapper scripts will print out the complete command line passed to the wrapped tools. If set to 6 or higher, the `stdenv` setup script will be run with `set -x` tracing. If set to 7 or higher, the `gcc` and `ld` wrapper scripts will also be run with `set -x` tracing. +A number between 0 and 7 indicating how much information to log. If set to 1 or higher, `stdenv` will print moderate debugging information during the build. In particular, the `gcc` and `ld` wrapper scripts will print out the complete command line passed to the wrapped tools. If set to 6 or higher, the `stdenv` setup script will be run with `set -x` tracing. If set to 7 or higher, the `gcc` and `ld` wrapper scripts will also be run with `set -x` tracing. ### Attributes affecting build properties {#attributes-affecting-build-properties} @@ -283,39 +384,107 @@ Values inside it are not passed to the builder, so you can change them without t #### `passthru.updateScript` {#var-passthru-updateScript} -A script to be run by `maintainers/scripts/update.nix` when the package is matched. It needs to be an executable file, either on the file system: +A script to be run by `maintainers/scripts/update.nix` when the package is matched. The attribute can contain one of the following: -```nix -passthru.updateScript = ./update.sh; -``` +- []{#var-passthru-updateScript-command} an executable file, either on the file system: -or inside the expression itself: + ```nix + passthru.updateScript = ./update.sh; + ``` -```nix -passthru.updateScript = writeScript "update-zoom-us" '' - #!/usr/bin/env nix-shell - #!nix-shell -i bash -p curl pcre common-updater-scripts + or inside the expression itself: - set -eu -o pipefail + ```nix + passthru.updateScript = writeScript "update-zoom-us" '' + #!/usr/bin/env nix-shell + #!nix-shell -i bash -p curl pcre common-updater-scripts - version="$(curl -sI https://zoom.us/client/latest/zoom_x86_64.tar.xz | grep -Fi 'Location:' | pcregrep -o1 '/(([0-9]\.?)+)/')" - update-source-version zoom-us "$version" -''; -``` + set -eu -o pipefail -The attribute can also contain a list, a script followed by arguments to be passed to it: + version="$(curl -sI https://zoom.us/client/latest/zoom_x86_64.tar.xz | grep -Fi 'Location:' | pcregrep -o1 '/(([0-9]\.?)+)/')" + update-source-version zoom-us "$version" + ''; + ``` -```nix -passthru.updateScript = [ ../../update.sh pname "--requested-release=unstable" ]; -``` +- a list, a script followed by arguments to be passed to it: + + ```nix + passthru.updateScript = [ ../../update.sh pname "--requested-release=unstable" ]; + ``` + +- an attribute set containing: + - [`command`]{#var-passthru-updateScript-set-command} – a string or list in the [format expected by `passthru.updateScript`](#var-passthru-updateScript-command). + - [`attrPath`]{#var-passthru-updateScript-set-attrPath} (optional) – a string containing the canonical attribute path for the package. If present, it will be passed to the update script instead of the attribute path on which the package was discovered during Nixpkgs traversal. + - [`supportedFeatures`]{#var-passthru-updateScript-set-supportedFeatures} (optional) – a list of the [extra features](#var-passthru-updateScript-supported-features) the script supports. -The script will be run with `UPDATE_NIX_ATTR_PATH` environment variable set to the attribute path it is supposed to update. + ```nix + passthru.updateScript = { + command = [ ../../update.sh pname ]; + attrPath = pname; + supportedFeatures = [ … ]; + }; + ``` + +##### How update scripts are executed? {#var-passthru-updateScript-execution} + +Update scripts are to be invoked by `maintainers/scripts/update.nix` script. You can run `nix-shell maintainers/scripts/update.nix` in the root of Nixpkgs repository for information on how to use it. `update.nix` offers several modes for selecting packages to update (e.g. select by attribute path, traverse Nixpkgs and filter by maintainer, etc.), and it will execute update scripts for all matched packages that have an `updateScript` attribute. + +Each update script will be passed the following environment variables: + +- [`UPDATE_NIX_NAME`]{#var-passthru-updateScript-env-UPDATE_NIX_NAME} – content of the `name` attribute of the updated package. +- [`UPDATE_NIX_PNAME`]{#var-passthru-updateScript-env-UPDATE_NIX_PNAME} – content of the `pname` attribute of the updated package. +- [`UPDATE_NIX_OLD_VERSION`]{#var-passthru-updateScript-env-UPDATE_NIX_OLD_VERSION} – content of the `version` attribute of the updated package. +- [`UPDATE_NIX_ATTR_PATH`]{#var-passthru-updateScript-env-UPDATE_NIX_ATTR_PATH} – attribute path the `update.nix` discovered the package on (or the [canonical `attrPath`](#var-passthru-updateScript-set-attrPath) when available). Example: `pantheon.elementary-terminal` ::: {.note} -The script will be usually run from the root of the Nixpkgs repository but you should not rely on that. Also note that the update scripts will be run in parallel by default; you should avoid running `git commit` or any other commands that cannot handle that. +An update script will be usually run from the root of the Nixpkgs repository but you should not rely on that. Also note that `update.nix` executes update scripts in parallel by default so you should avoid running `git commit` or any other commands that cannot handle that. ::: -For information about how to run the updates, execute `nix-shell maintainers/scripts/update.nix`. +::: {.tip} +While update scripts should not create commits themselves, `maintainers/scripts/update.nix` supports automatically creating commits when running it with `--argstr commit true`. If you need to customize commit message, you can have the update script implement [`commit`](#var-passthru-updateScript-commit) feature. +::: + +##### Supported features {#var-passthru-updateScript-supported-features} +###### `commit` {#var-passthru-updateScript-commit} + +This feature allows update scripts to *ask* `update.nix` to create Git commits. + +When support of this feature is declared, whenever the update script exits with `0` return status, it is expected to print a JSON list containing an object described below for each updated attribute to standard output. + +When `update.nix` is run with `--argstr commit true` arguments, it will create a separate commit for each of the objects. An empty list can be returned when the script did not update any files, for example, when the package is already at the latest version. + +The commit object contains the following values: + +- [`attrPath`]{#var-passthru-updateScript-commit-attrPath} – a string containing attribute path. +- [`oldVersion`]{#var-passthru-updateScript-commit-oldVersion} – a string containing old version. +- [`newVersion`]{#var-passthru-updateScript-commit-newVersion} – a string containing new version. +- [`files`]{#var-passthru-updateScript-commit-files} – a non-empty list of file paths (as strings) to add to the commit. +- [`commitBody`]{#var-passthru-updateScript-commit-commitBody} (optional) – a string with extra content to be appended to the default commit message (useful for adding changelog links). +- [`commitMessage`]{#var-passthru-updateScript-commit-commitMessage} (optional) – a string to use instead of the default commit message. + +If the returned array contains exactly one object (e.g. `[{}]`), all values are optional and will be determined automatically. + +```{=docbook} +<example> +<title>Standard output of an update script using commit feature</title> +``` + +```json +[ + { + "attrPath": "volume_key", + "oldVersion": "0.3.11", + "newVersion": "0.3.12", + "files": [ + "/path/to/nixpkgs/pkgs/development/libraries/volume-key/default.nix" + ] + } +] +``` + +```{=docbook} +</example> +``` ### Recursive attributes in `mkDerivation` {#mkderivation-recursive-attributes} @@ -452,6 +621,8 @@ The list of source files or directories to be unpacked or copied. One of these m After running `unpackPhase`, the generic builder changes the current directory to the directory created by unpacking the sources. If there are multiple source directories, you should set `sourceRoot` to the name of the intended directory. Set `sourceRoot = ".";` if you use `srcs` and control the unpack phase yourself. +By default the `sourceRoot` is set to `"source"`. If you want to point to a sub-directory inside your project, you therefore need to set `sourceRoot = "source/my-sub-directory"`. + ##### `setSourceRoot` {#var-stdenv-setSourceRoot} Alternatively to setting `sourceRoot`, you can set `setSourceRoot` to a shell command to be evaluated by the unpack phase after the sources have been unpacked. This command must set `sourceRoot`. @@ -536,7 +707,7 @@ The prefix under which the package must be installed, passed via the `--prefix` The key to use when specifying the prefix. By default, this is set to `--prefix=` as that is used by the majority of packages. -##### `dontAddStaticConfigureFlags` +##### `dontAddStaticConfigureFlags` {#var-stdenv-dontAddStaticConfigureFlags} By default, when building statically, stdenv will try to add build system appropriate configure flags to try to enable static builds. @@ -624,7 +795,7 @@ Before and after running `make`, the hooks `preBuild` and `postBuild` are called ### The check phase {#ssec-check-phase} -The check phase checks whether the package was built correctly by running its test suite. The default `checkPhase` calls `make check`, but only if the `doCheck` variable is enabled. +The check phase checks whether the package was built correctly by running its test suite. The default `checkPhase` calls `make $checkTarget`, but only if the [`doCheck` variable](#var-stdenv-doCheck) is enabled. #### Variables controlling the check phase {#variables-controlling-the-check-phase} @@ -644,7 +815,8 @@ See the [build phase](#var-stdenv-makeFlags) for details. ##### `checkTarget` {#var-stdenv-checkTarget} -The make target that runs the tests. Defaults to `check`. +The `make` target that runs the tests. +If unset, use `check` if it exists, otherwise `test`; if neither is found, do nothing. ##### `checkFlags` / `checkFlagsArray` {#var-stdenv-checkFlags} @@ -652,7 +824,11 @@ A list of strings passed as additional flags to `make`. Like `makeFlags` and `ma ##### `checkInputs` {#var-stdenv-checkInputs} -A list of dependencies used by the phase. This gets included in `nativeBuildInputs` when `doCheck` is set. +A list of host dependencies used by the phase, usually libraries linked into executables built during tests. This gets included in `buildInputs` when `doCheck` is set. + +##### `nativeCheckInputs` {#var-stdenv-nativeCheckInputs} + +A list of native dependencies used by the phase, notably tools needed on `$PATH`. This gets included in `nativeBuildInputs` when `doCheck` is set. ##### `preCheck` {#var-stdenv-preCheck} @@ -717,11 +893,11 @@ If set, libraries and executables are not stripped. By default, they are. ##### `dontStripHost` {#var-stdenv-dontStripHost} -Like `dontStrip`, but only affects the `strip` command targetting the package’s host platform. Useful when supporting cross compilation, but otherwise feel free to ignore. +Like `dontStrip`, but only affects the `strip` command targeting the package’s host platform. Useful when supporting cross compilation, but otherwise feel free to ignore. ##### `dontStripTarget` {#var-stdenv-dontStripTarget} -Like `dontStrip`, but only affects the `strip` command targetting the packages’ target platform. Useful when supporting cross compilation, but otherwise feel free to ignore. +Like `dontStrip`, but only affects the `strip` command targeting the packages’ target platform. Useful when supporting cross compilation, but otherwise feel free to ignore. ##### `dontMoveSbin` {#var-stdenv-dontMoveSbin} @@ -819,7 +995,11 @@ A list of strings passed as additional flags to `make`. Like `makeFlags` and `ma ##### `installCheckInputs` {#var-stdenv-installCheckInputs} -A list of dependencies used by the phase. This gets included in `nativeBuildInputs` when `doInstallCheck` is set. +A list of host dependencies used by the phase, usually libraries linked into executables built during tests. This gets included in `buildInputs` when `doInstallCheck` is set. + +##### `nativeInstallCheckInputs` {#var-stdenv-nativeInstallCheckInputs} + +A list of native dependencies used by the phase, notably tools needed on `$PATH`. This gets included in `nativeBuildInputs` when `doInstallCheck` is set. ##### `preInstallCheck` {#var-stdenv-preInstallCheck} @@ -835,6 +1015,10 @@ The distribution phase is intended to produce a source distribution of the packa #### Variables controlling the distribution phase {#variables-controlling-the-distribution-phase} +##### `doDist` {#var-stdenv-doDist} + +If set, the distribution phase is executed. + ##### `distTarget` {#var-stdenv-distTarget} The make target that produces the distribution. Defaults to `dist`. @@ -871,12 +1055,27 @@ Constructs a wrapper for a program with various possible arguments. It is define # adds `FOOBAR=baz` to `$out/bin/foo`’s environment makeWrapper $out/bin/foo $wrapperfile --set FOOBAR baz -# prefixes the binary paths of `hello` and `git` +# Prefixes the binary paths of `hello` and `git` +# and suffixes the binary path of `xdg-utils`. # Be advised that paths often should be patched in directly # (via string replacements or in `configurePhase`). -makeWrapper $out/bin/foo $wrapperfile --prefix PATH : ${lib.makeBinPath [ hello git ]} +makeWrapper $out/bin/foo $wrapperfile \ + --prefix PATH : ${lib.makeBinPath [ hello git ]} \ + --suffix PATH : ${lib.makeBinPath [ xdg-utils ]} ``` +Packages may expect or require other utilities to be available at runtime. +`makeWrapper` can be used to add packages to a `PATH` environment variable local to a wrapper. + +Use `--prefix` to explicitly set dependencies in `PATH`. + +::: {.note} +`--prefix` essentially hard-codes dependencies into the wrapper. +They cannot be overridden without rebuilding the package. +::: + +If dependencies should be resolved at runtime, use `--suffix` to append fallback values to `PATH`. + There’s many more kinds of arguments, they are documented in `nixpkgs/pkgs/build-support/setup-hooks/make-wrapper.sh` for the `makeWrapper` implementation and in `nixpkgs/pkgs/build-support/setup-hooks/make-binary-wrapper/make-binary-wrapper.sh` for the `makeBinaryWrapper` implementation. `wrapProgram` is a convenience function you probably want to use most of the time, implemented by both `makeWrapper` and `makeBinaryWrapper`. @@ -900,15 +1099,15 @@ postInstall = '' Performs string substitution on the contents of \<infile\>, writing the result to \<outfile\>. The substitutions in \<subs\> are of the following form: -#### `--replace` \<s1\> \<s2\> +#### `--replace` \<s1\> \<s2\> {#fun-substitute-replace} Replace every occurrence of the string \<s1\> by \<s2\>. -#### `--subst-var` \<varName\> +#### `--subst-var` \<varName\> {#fun-substitute-subst-var} Replace every occurrence of `@varName@` by the contents of the environment variable \<varName\>. This is useful for generating files from templates, using `@...@` in the template as placeholders. -#### `--subst-var-by` \<varName\> \<s\> +#### `--subst-var-by` \<varName\> \<s\> {#fun-substitute-subst-var-by} Replace every occurrence of `@varName@` by the string \<s\>. @@ -973,13 +1172,39 @@ Convenience function for `makeWrapper` that replaces `<\executable\>` with a wra If you will apply it multiple times, it will overwrite the wrapper file and you will end up with double wrapping, which should be avoided. +### `prependToVar` \<variableName\> \<elements...\> {#fun-prependToVar} + +Prepend elements to a variable. + +Example: + +```shellSession +$ configureFlags="--disable-static" +$ prependToVar configureFlags --disable-dependency-tracking --enable-foo +$ echo $configureFlags +--disable-dependency-tracking --enable-foo --disable-static +``` + +### `appendToVar` \<variableName\> \<elements...\> {#fun-appendToVar} + +Append elements to a variable. + +Example: + +```shellSession +$ configureFlags="--disable-static" +$ appendToVar configureFlags --disable-dependency-tracking --enable-foo +$ echo $configureFlags +--disable-static --disable-dependency-tracking --enable-foo +``` + ## Package setup hooks {#ssec-setup-hooks} Nix itself considers a build-time dependency as merely something that should previously be built and accessible at build time—packages themselves are on their own to perform any additional setup. In most cases, that is fine, and the downstream derivation can deal with its own dependencies. But for a few common tasks, that would result in almost every package doing the same sort of setup work—depending not on the package itself, but entirely on which dependencies were used. In order to alleviate this burden, the setup hook mechanism was written, where any package can include a shell script that \[by convention rather than enforcement by Nix\], any downstream reverse-dependency will source as part of its build process. That allows the downstream dependency to merely specify its dependencies, and lets those dependencies effectively initialize themselves. No boilerplate mirroring the list of dependencies is needed. -The setup hook mechanism is a bit of a sledgehammer though: a powerful feature with a broad and indiscriminate area of effect. The combination of its power and implicit use may be expedient, but isn’t without costs. Nix itself is unchanged, but the spirit of added dependencies being effect-free is violated even if the letter isn’t. For example, if a derivation path is mentioned more than once, Nix itself doesn’t care and simply makes sure the dependency derivation is already built just the same—depending is just needing something to exist, and needing is idempotent. However, a dependency specified twice will have its setup hook run twice, and that could easily change the build environment (though a well-written setup hook will therefore strive to be idempotent so this is in fact not observable). More broadly, setup hooks are anti-modular in that multiple dependencies, whether the same or different, should not interfere and yet their setup hooks may well do so. +The setup hook mechanism is a bit of a sledgehammer though: a powerful feature with a broad and indiscriminate area of effect. The combination of its power and implicit use may be expedient, but isn’t without costs. Nix itself is unchanged, but the spirit of added dependencies being effect-free is violated even if the latter isn’t. For example, if a derivation path is mentioned more than once, Nix itself doesn’t care and simply makes sure the dependency derivation is already built just the same—depending is just needing something to exist, and needing is idempotent. However, a dependency specified twice will have its setup hook run twice, and that could easily change the build environment (though a well-written setup hook will therefore strive to be idempotent so this is in fact not observable). More broadly, setup hooks are anti-modular in that multiple dependencies, whether the same or different, should not interfere and yet their setup hooks may well do so. The most typical use of the setup hook is actually to add other hooks which are then run (i.e. after all the setup hooks) on each dependency. For example, the C compiler wrapper’s setup hook feeds itself flags for each dependency that contains relevant libraries and headers. This is done by defining a bash function, and appending its name to one of `envBuildBuildHooks`, `envBuildHostHooks`, `envBuildTargetHooks`, `envHostHostHooks`, `envHostTargetHooks`, or `envTargetTargetHooks`. These 6 bash variables correspond to the 6 sorts of dependencies by platform (there’s 12 total but we ignore the propagated/non-propagated axis). @@ -1023,7 +1248,7 @@ Multiple paths can be specified. patchShebangs [--build | --host] PATH... ``` -##### Flags +##### Flags {#patch-shebangs.sh-invocation-flags} `--build` : Look up commands available at build time @@ -1031,7 +1256,7 @@ patchShebangs [--build | --host] PATH... `--host` : Look up commands available at run time -##### Examples +##### Examples {#patch-shebangs.sh-invocation-examples} ```sh patchShebangs --host /nix/store/<hash>-hello-1.0/bin @@ -1092,13 +1317,15 @@ This setup hook moves any libraries installed in the `lib64/` subdirectory into This setup hook moves any systemd user units installed in the `lib/` subdirectory into `share/`. In addition, a link is provided from `share/` to `lib/` for compatibility. This is needed for systemd to find user services when installed into the user profile. +This hook only runs when compiling for Linux. + ### `set-source-date-epoch-to-latest.sh` {#set-source-date-epoch-to-latest.sh} This sets `SOURCE_DATE_EPOCH` to the modification time of the most recent file. -### Bintools Wrapper {#bintools-wrapper} +### Bintools Wrapper and hook {#bintools-wrapper} -The Bintools Wrapper wraps the binary utilities for a bunch of miscellaneous purposes. These are GNU Binutils when targetting Linux, and a mix of cctools and GNU binutils for Darwin. \[The “Bintools” name is supposed to be a compromise between “Binutils” and “cctools” not denoting any specific implementation.\] Specifically, the underlying bintools package, and a C standard library (glibc or Darwin’s libSystem, just for the dynamic loader) are all fed in, and dependency finding, hardening (see below), and purity checks for each are handled by the Bintools Wrapper. Packages typically depend on CC Wrapper, which in turn (at run time) depends on the Bintools Wrapper. +The Bintools Wrapper wraps the binary utilities for a bunch of miscellaneous purposes. These are GNU Binutils when targeting Linux, and a mix of cctools and GNU binutils for Darwin. \[The “Bintools” name is supposed to be a compromise between “Binutils” and “cctools” not denoting any specific implementation.\] Specifically, the underlying bintools package, and a C standard library (glibc or Darwin’s libSystem, just for the dynamic loader) are all fed in, and dependency finding, hardening (see below), and purity checks for each are handled by the Bintools Wrapper. Packages typically depend on CC Wrapper, which in turn (at run time) depends on the Bintools Wrapper. The Bintools Wrapper was only just recently split off from CC Wrapper, so the division of labor is still being worked out. For example, it shouldn’t care about the C standard library, but just take a derivation with the dynamic loader (which happens to be the glibc on linux). Dependency finding however is a task both wrappers will continue to need to share, and probably the most important to understand. It is currently accomplished by collecting directories of host-platform dependencies (i.e. `buildInputs` and `nativeBuildInputs`) in environment variables. The Bintools Wrapper’s setup hook causes any `lib` and `lib64` subdirectories to be added to `NIX_LDFLAGS`. Since the CC Wrapper and the Bintools Wrapper use the same strategy, most of the Bintools Wrapper code is sparsely commented and refers to the CC Wrapper. But the CC Wrapper’s code, by contrast, has quite lengthy comments. The Bintools Wrapper merely cites those, rather than repeating them, to avoid falling out of sync. @@ -1106,173 +1333,27 @@ A final task of the setup hook is defining a number of standard environment vari A problem with this final task is that the Bintools Wrapper is honest and defines `LD` as `ld`. Most packages, however, firstly use the C compiler for linking, secondly use `LD` anyways, defining it as the C compiler, and thirdly, only so define `LD` when it is undefined as a fallback. This triple-threat means Bintools Wrapper will break those packages, as LD is already defined as the actual linker which the package won’t override yet doesn’t want to use. The workaround is to define, just for the problematic package, `LD` as the C compiler. A good way to do this would be `preConfigure = "LD=$CC"`. -### CC Wrapper {#cc-wrapper} +### CC Wrapper and hook {#cc-wrapper} The CC Wrapper wraps a C toolchain for a bunch of miscellaneous purposes. Specifically, a C compiler (GCC or Clang), wrapped binary tools, and a C standard library (glibc or Darwin’s libSystem, just for the dynamic loader) are all fed in, and dependency finding, hardening (see below), and purity checks for each are handled by the CC Wrapper. Packages typically depend on the CC Wrapper, which in turn (at run-time) depends on the Bintools Wrapper. -Dependency finding is undoubtedly the main task of the CC Wrapper. This works just like the Bintools Wrapper, except that any `include` subdirectory of any relevant dependency is added to `NIX_CFLAGS_COMPILE`. The setup hook itself contains some lengthy comments describing the exact convoluted mechanism by which this is accomplished. +Dependency finding is undoubtedly the main task of the CC Wrapper. This works just like the Bintools Wrapper, except that any `include` subdirectory of any relevant dependency is added to `NIX_CFLAGS_COMPILE`. The setup hook itself contains elaborate comments describing the exact mechanism by which this is accomplished. Similarly, the CC Wrapper follows the Bintools Wrapper in defining standard environment variables with the names of the tools it wraps, for the same reasons described above. Importantly, while it includes a `cc` symlink to the c compiler for portability, the `CC` will be defined using the compiler’s “real name” (i.e. `gcc` or `clang`). This helps lousy build systems that inspect on the name of the compiler rather than run it. Here are some more packages that provide a setup hook. Since the list of hooks is extensible, this is not an exhaustive list. The mechanism is only to be used as a last resort, so it might cover most uses. -### Perl {#setup-hook-perl} - -Adds the `lib/site_perl` subdirectory of each build input to the `PERL5LIB` environment variable. For instance, if `buildInputs` contains Perl, then the `lib/site_perl` subdirectory of each input is added to the `PERL5LIB` environment variable. - -### Python {#setup-hook-python} - -Adds the `lib/${python.libPrefix}/site-packages` subdirectory of each build input to the `PYTHONPATH` environment variable. - -### pkg-config {#setup-hook-pkg-config} - -Adds the `lib/pkgconfig` and `share/pkgconfig` subdirectories of each build input to the `PKG_CONFIG_PATH` environment variable. - -### Automake {#setup-hook-automake} - -Adds the `share/aclocal` subdirectory of each build input to the `ACLOCAL_PATH` environment variable. - -### Autoconf {#setup-hook-autoconf} - -The `autoreconfHook` derivation adds `autoreconfPhase`, which runs autoreconf, libtoolize and automake, essentially preparing the configure script in autotools-based builds. Most autotools-based packages come with the configure script pre-generated, but this hook is necessary for a few packages and when you need to patch the package’s configure scripts. - -### libxml2 {#setup-hook-libxml2} - -Adds every file named `catalog.xml` found under the `xml/dtd` and `xml/xsl` subdirectories of each build input to the `XML_CATALOG_FILES` environment variable. - -### teTeX / TeX Live {#tetex-tex-live} - -Adds the `share/texmf-nix` subdirectory of each build input to the `TEXINPUTS` environment variable. - -### Qt 4 {#qt-4} - -Sets the `QTDIR` environment variable to Qt’s path. - -### gdk-pixbuf {#setup-hook-gdk-pixbuf} - -Exports `GDK_PIXBUF_MODULE_FILE` environment variable to the builder. Add librsvg package to `buildInputs` to get svg support. See also the [setup hook description in GNOME platform docs](#ssec-gnome-hooks-gdk-pixbuf). - -### GHC {#ghc} - -Creates a temporary package database and registers every Haskell build input in it (TODO: how?). - -### GNOME platform {#gnome-platform} - -Hooks related to GNOME platform and related libraries like GLib, GTK and GStreamer are described in [](#sec-language-gnome). - -### autoPatchelfHook {#setup-hook-autopatchelfhook} - -This is a special setup hook which helps in packaging proprietary software in that it automatically tries to find missing shared library dependencies of ELF files based on the given `buildInputs` and `nativeBuildInputs`. - -You can also specify a `runtimeDependencies` variable which lists dependencies to be unconditionally added to rpath of all executables. This is useful for programs that use dlopen 3 to load libraries at runtime. - -In certain situations you may want to run the main command (`autoPatchelf`) of the setup hook on a file or a set of directories instead of unconditionally patching all outputs. This can be done by setting the `dontAutoPatchelf` environment variable to a non-empty value. - -By default `autoPatchelf` will fail as soon as any ELF file requires a dependency which cannot be resolved via the given build inputs. In some situations you might prefer to just leave missing dependencies unpatched and continue to patch the rest. This can be achieved by setting the `autoPatchelfIgnoreMissingDeps` environment variable to a non-empty value. `autoPatchelfIgnoreMissingDeps` can be set to a list like `autoPatchelfIgnoreMissingDeps = [ "libcuda.so.1" "libcudart.so.1" ];` or to simply `[ "*" ]` to ignore all missing dependencies. - -The `autoPatchelf` command also recognizes a `--no-recurse` command line flag, which prevents it from recursing into subdirectories. - -### breakpointHook {#breakpointhook} - -This hook will make a build pause instead of stopping when a failure happens. It prevents nix from cleaning up the build environment immediately and allows the user to attach to a build environment using the `cntr` command. Upon build error it will print instructions on how to use `cntr`, which can be used to enter the environment for debugging. Installing cntr and running the command will provide shell access to the build sandbox of failed build. At `/var/lib/cntr` the sandboxed filesystem is mounted. All commands and files of the system are still accessible within the shell. To execute commands from the sandbox use the cntr exec subcommand. `cntr` is only supported on Linux-based platforms. To use it first add `cntr` to your `environment.systemPackages` on NixOS or alternatively to the root user on non-NixOS systems. Then in the package that is supposed to be inspected, add `breakpointHook` to `nativeBuildInputs`. - -```nix -nativeBuildInputs = [ breakpointHook ]; -``` - -When a build failure happens there will be an instruction printed that shows how to attach with `cntr` to the build sandbox. - -::: {.note} -::: {.title} -Caution with remote builds -::: - -This won’t work with remote builds as the build environment is on a different machine and can’t be accessed by `cntr`. Remote builds can be turned off by setting `--option builders ''` for `nix-build` or `--builders ''` for `nix build`. -::: - -### installShellFiles {#installshellfiles} - -This hook helps with installing manpages and shell completion files. It exposes 2 shell functions `installManPage` and `installShellCompletion` that can be used from your `postInstall` hook. - -The `installManPage` function takes one or more paths to manpages to install. The manpages must have a section suffix, and may optionally be compressed (with `.gz` suffix). This function will place them into the correct directory. - -The `installShellCompletion` function takes one or more paths to shell completion files. By default it will autodetect the shell type from the completion file extension, but you may also specify it by passing one of `--bash`, `--fish`, or `--zsh`. These flags apply to all paths listed after them (up until another shell flag is given). Each path may also have a custom installation name provided by providing a flag `--name NAME` before the path. If this flag is not provided, zsh completions will be renamed automatically such that `foobar.zsh` becomes `_foobar`. A root name may be provided for all paths using the flag `--cmd NAME`; this synthesizes the appropriate name depending on the shell (e.g. `--cmd foo` will synthesize the name `foo.bash` for bash and `_foo` for zsh). The path may also be a fifo or named fd (such as produced by `<(cmd)`), in which case the shell and name must be provided. - -```nix -nativeBuildInputs = [ installShellFiles ]; -postInstall = '' - installManPage doc/foobar.1 doc/barfoo.3 - # explicit behavior - installShellCompletion --bash --name foobar.bash share/completions.bash - installShellCompletion --fish --name foobar.fish share/completions.fish - installShellCompletion --zsh --name _foobar share/completions.zsh - # implicit behavior - installShellCompletion share/completions/foobar.{bash,fish,zsh} - # using named fd - installShellCompletion --cmd foobar \ - --bash <($out/bin/foobar --bash-completion) \ - --fish <($out/bin/foobar --fish-completion) \ - --zsh <($out/bin/foobar --zsh-completion) -''; -``` - -### libiconv, libintl {#libiconv-libintl} - -A few libraries automatically add to `NIX_LDFLAGS` their library, making their symbols automatically available to the linker. This includes libiconv and libintl (gettext). This is done to provide compatibility between GNU Linux, where libiconv and libintl are bundled in, and other systems where that might not be the case. Sometimes, this behavior is not desired. To disable this behavior, set `dontAddExtraLibs`. - -### validatePkgConfig {#validatepkgconfig} - -The `validatePkgConfig` hook validates all pkg-config (`.pc`) files in a package. This helps catching some common errors in pkg-config files, such as undefined variables. - -### cmake {#cmake} - -Overrides the default configure phase to run the CMake command. By default, we use the Make generator of CMake. In addition, dependencies are added automatically to `CMAKE_PREFIX_PATH` so that packages are correctly detected by CMake. Some additional flags are passed in to give similar behavior to configure-based packages. You can disable this hook’s behavior by setting `configurePhase` to a custom value, or by setting `dontUseCmakeConfigure`. `cmakeFlags` controls flags passed only to CMake. By default, parallel building is enabled as CMake supports parallel building almost everywhere. When Ninja is also in use, CMake will detect that and use the ninja generator. - -### xcbuildHook {#xcbuildhook} - -Overrides the build and install phases to run the "xcbuild" command. This hook is needed when a project only comes with build files for the XCode build system. You can disable this behavior by setting buildPhase and configurePhase to a custom value. xcbuildFlags controls flags passed only to xcbuild. - -### Meson {#meson} - -Overrides the configure phase to run meson to generate Ninja files. To run these files, you should accompany Meson with ninja. By default, `enableParallelBuilding` is enabled as Meson supports parallel building almost everywhere. - -#### Variables controlling Meson {#variables-controlling-meson} - -##### `mesonFlags` {#mesonflags} - -Controls the flags passed to meson. - -##### `mesonBuildType` {#mesonbuildtype} - -Which [`--buildtype`](https://mesonbuild.com/Builtin-options.html#core-options) to pass to Meson. We default to `plain`. - -##### `mesonAutoFeatures` {#mesonautofeatures} - -What value to set [`-Dauto_features=`](https://mesonbuild.com/Builtin-options.html#core-options) to. We default to `enabled`. - -##### `mesonWrapMode` {#mesonwrapmode} - -What value to set [`-Dwrap_mode=`](https://mesonbuild.com/Builtin-options.html#core-options) to. We default to `nodownload` as we disallow network access. - -##### `dontUseMesonConfigure` {#dontusemesonconfigure} - -Disables using Meson’s `configurePhase`. - -### ninja {#ninja} - -Overrides the build, install, and check phase to run ninja instead of make. You can disable this behavior with the `dontUseNinjaBuild`, `dontUseNinjaInstall`, and `dontUseNinjaCheck`, respectively. Parallel building is enabled by default in Ninja. - -### unzip {#unzip} - -This setup hook will allow you to unzip .zip files specified in `$src`. There are many similar packages like `unrar`, `undmg`, etc. - -### wafHook {#wafhook} +### Other hooks {#stdenv-other-hooks} -Overrides the configure, build, and install phases. This will run the “waf” script used by many projects. If `wafPath` (default `./waf`) doesn’t exist, it will copy the version of waf available in Nixpkgs. `wafFlags` can be used to pass flags to the waf script. +Many other packages provide hooks, that are not part of `stdenv`. You can find +these in the [Hooks Reference](#chap-hooks). -### scons {#scons} +### Compiler and Linker wrapper hooks {#compiler-linker-wrapper-hooks} -Overrides the build, install, and check phases. This uses the scons build system as a replacement for make. scons does not provide a configure phase, so everything is managed at build and install time. +If the file `${cc}/nix-support/cc-wrapper-hook` exists, it will be run at the end of the [compiler wrapper](#cc-wrapper). +If the file `${binutils}/nix-support/post-link-hook` exists, it will be run at the end of the linker wrapper. +These hooks allow a user to inject code into the wrappers. +As an example, these hooks can be used to extract `extraBefore`, `params` and `extraAfter` which store all the command line arguments passed to the compiler and linker respectively. ## Purity in Nixpkgs {#sec-purity-in-nixpkgs} @@ -1320,7 +1401,7 @@ bin/blib.a(bios_console.o): In function `bios_handle_cup': Adds the `-O2 -D_FORTIFY_SOURCE=2` compiler options. During code generation the compiler knows a great deal of information about buffer sizes (where possible), and attempts to replace insecure unlimited length buffer function calls with length-limited ones. This is especially useful for old, crufty code. Additionally, format strings in writable memory that contain `%n` are blocked. If an application depends on such a format string, it will need to be worked around. -Additionally, some warnings are enabled which might trigger build failures if compiler warnings are treated as errors in the package build. In this case, set `NIX_CFLAGS_COMPILE` to `-Wno-error=warning-type`. +Additionally, some warnings are enabled which might trigger build failures if compiler warnings are treated as errors in the package build. In this case, set `env.NIX_CFLAGS_COMPILE` to `-Wno-error=warning-type`. This needs to be turned off or fixed for errors similar to: |