diff options
| author | Dan Peebles <pumpkin@me.com> | 2017-07-11 21:54:13 -0400 |
|---|---|---|
| committer | Dan Peebles <pumpkin@me.com> | 2017-07-11 21:56:38 -0400 |
| commit | 0419452113ebb135907257bb063cb690a4de0b52 (patch) | |
| tree | ece5dea38ce8b607aa3bf7f3dc48e002296c0333 /pkgs/stdenv/darwin | |
| parent | a889454869e4f7d5ba6067ebcc0ba7fcd26e4417 (diff) | |
| download | nixlib-0419452113ebb135907257bb063cb690a4de0b52.tar nixlib-0419452113ebb135907257bb063cb690a4de0b52.tar.gz nixlib-0419452113ebb135907257bb063cb690a4de0b52.tar.bz2 nixlib-0419452113ebb135907257bb063cb690a4de0b52.tar.lz nixlib-0419452113ebb135907257bb063cb690a4de0b52.tar.xz nixlib-0419452113ebb135907257bb063cb690a4de0b52.tar.zst nixlib-0419452113ebb135907257bb063cb690a4de0b52.zip | |
Fix Darwin stdenv to work on 10.13
The main changes are in libSystem, which lost the coretls component in 10.13 and some hardening changes that quietly crash any program that uses %n in a non-constant format string, so we've needed to patch a lot of programs that use gnulib.
Diffstat (limited to 'pkgs/stdenv/darwin')
| -rw-r--r-- | pkgs/stdenv/darwin/darwin-secure-format.patch | 15 | ||||
| -rw-r--r-- | pkgs/stdenv/darwin/default.nix | 23 |
2 files changed, 31 insertions, 7 deletions
diff --git a/pkgs/stdenv/darwin/darwin-secure-format.patch b/pkgs/stdenv/darwin/darwin-secure-format.patch new file mode 100644 index 000000000000..b14d8be6ef16 --- /dev/null +++ b/pkgs/stdenv/darwin/darwin-secure-format.patch @@ -0,0 +1,15 @@ +With format string strictness, High Sierra also enforces that %n isn't used +in dynamic format strings, but we should just disable its use on darwin in +general. + +--- a/lib/vasnprintf.c 2017-06-22 15:19:15.000000000 -0700 ++++ b/lib/vasnprintf.c 2017-06-22 15:20:20.000000000 -0700 +@@ -4869,7 +4869,7 @@ VASNPRINTF (DCHAR_T *resultbuf, size_t * + #endif + *fbp = dp->conversion; + #if USE_SNPRINTF +-# if !(((__GLIBC__ > 2 || (__GLIBC__ == 2 && __GLIBC_MINOR__ >= 3)) && !defined __UCLIBC__) || ((defined _WIN32 || defined __WIN32__) && ! defined __CYGWIN__)) ++# if !defined(__APPLE__) && !(((__GLIBC__ > 2 || (__GLIBC__ == 2 && __GLIBC_MINOR__ >= 3)) && !defined __UCLIBC__) || ((defined _WIN32 || defined __WIN32__) && ! defined __CYGWIN__)) + fbp[1] = '%'; + fbp[2] = 'n'; + fbp[3] = '\0'; diff --git a/pkgs/stdenv/darwin/default.nix b/pkgs/stdenv/darwin/default.nix index f6d9bcac5104..e7ce04b0a148 100644 --- a/pkgs/stdenv/darwin/default.nix +++ b/pkgs/stdenv/darwin/default.nix @@ -4,15 +4,15 @@ # Allow passing in bootstrap files directly so we can test the stdenv bootstrap process when changing the bootstrap tools , bootstrapFiles ? let fetch = { file, sha256, executable ? true }: import <nix/fetchurl.nix> { - url = "http://tarballs.nixos.org/stdenv-darwin/x86_64/c4effbe806be9a0a3727fdbbc9a5e28149347532/${file}"; + url = "http://tarballs.nixos.org/stdenv-darwin/x86_64/10cbca5b30c6cb421ce15139f32ae3a4977292cf/${file}"; inherit (localSystem) system; inherit sha256 executable; }; in { - sh = fetch { file = "sh"; sha256 = "1b9r3dksj907bpxp589yhc4217cas73vni8sng4r57f04ydjcinr"; }; - bzip2 = fetch { file = "bzip2"; sha256 = "1wm28jgap4cbr8hf4ambg6h9flr2b4mcbh7fw20i0l51v6n8igky"; }; - mkdir = fetch { file = "mkdir"; sha256 = "0jc32mzx2whhx2xh70grvvgz4jj26118p9yxmhjqcysagc0k7y66"; }; - cpio = fetch { file = "cpio"; sha256 = "0x5dcczkzn0g8yb4pah449jmgy3nmpzrqy4s480grcx05b6v6hkp"; }; - tarball = fetch { file = "bootstrap-tools.cpio.bz2"; sha256 = "0ifdc8bwxdhmpbhx2vd3lwjg71gqm6pi5mfm0fkcsbqavl8hd8hz"; executable = false; }; + sh = fetch { file = "sh"; sha256 = "0s8a9vpzj6vadq4jmf4r8cargwnsf327hdjydxgqsfxb8y1q39w3"; }; + bzip2 = fetch { file = "bzip2"; sha256 = "1jqljpjr8mkiv7g5rl5impqx3all8vn1mxxdwa004pr3h48c1zgg"; }; + mkdir = fetch { file = "mkdir"; sha256 = "17zsjiwnq07i5r85q1hg7f6cnkcgllwy2amz9klaqwjy4vzz4vwh"; }; + cpio = fetch { file = "cpio"; sha256 = "04hrair58dgja6syh442pswiga5an9nl58ls57yknkn2pq51nx9m"; }; + tarball = fetch { file = "bootstrap-tools.cpio.bz2"; sha256 = "103833hrci0vwi1gi978hkp69rncicvpdszn87ffpf1cq0jzpa14"; executable = false; }; } }: @@ -109,7 +109,13 @@ in rec { stdenvSandboxProfile = binShClosure + libSystemProfile; extraSandboxProfile = binShClosure + libSystemProfile; - extraAttrs = { inherit platform; parent = last; }; + extraAttrs = { + inherit platform; + parent = last; + + # This is used all over the place so I figured I'd just leave it here for now + secure-format-patch = ./darwin-secure-format.patch; + }; overrides = self: super: (overrides self super) // { fetchurl = thisStdenv.fetchurlBoot; }; }; @@ -319,6 +325,9 @@ in rec { inherit platform bootstrapTools; libc = pkgs.darwin.Libsystem; shellPackage = pkgs.bash; + + # This is used all over the place so I figured I'd just leave it here for now + secure-format-patch = ./darwin-secure-format.patch; }; allowedRequisites = (with pkgs; [ |