diff options
author | Shea Levy <shea@shealevy.com> | 2018-03-25 17:52:20 -0400 |
---|---|---|
committer | Shea Levy <shea@shealevy.com> | 2018-03-27 08:16:24 -0400 |
commit | 26e8d58cb545004acb7cbd00db81a402923a2445 (patch) | |
tree | aee8756eb01ad3b51a90b6027abc1736ae0eaa3b /pkgs | |
parent | cdf9a78a3ebb535fa6ba88fce88c655776d2474f (diff) | |
download | nixlib-26e8d58cb545004acb7cbd00db81a402923a2445.tar nixlib-26e8d58cb545004acb7cbd00db81a402923a2445.tar.gz nixlib-26e8d58cb545004acb7cbd00db81a402923a2445.tar.bz2 nixlib-26e8d58cb545004acb7cbd00db81a402923a2445.tar.lz nixlib-26e8d58cb545004acb7cbd00db81a402923a2445.tar.xz nixlib-26e8d58cb545004acb7cbd00db81a402923a2445.tar.zst nixlib-26e8d58cb545004acb7cbd00db81a402923a2445.zip |
libseccomp: Disable only on RISC-V if Linux.
The isSeccomputable flag treated Linux without seccomp as just a normal variant, when it really should be treated as a special case incurring complexity debt to support.
Diffstat (limited to 'pkgs')
-rw-r--r-- | pkgs/development/libraries/libseccomp/default.nix | 1 | ||||
-rw-r--r-- | pkgs/os-specific/linux/systemd/default.nix | 6 | ||||
-rw-r--r-- | pkgs/tools/package-management/nix/default.nix | 4 | ||||
-rw-r--r-- | pkgs/top-level/all-packages.nix | 4 |
4 files changed, 8 insertions, 7 deletions
diff --git a/pkgs/development/libraries/libseccomp/default.nix b/pkgs/development/libraries/libseccomp/default.nix index d953fd12e68b..e0c77a0cf357 100644 --- a/pkgs/development/libraries/libseccomp/default.nix +++ b/pkgs/development/libraries/libseccomp/default.nix @@ -25,6 +25,7 @@ stdenv.mkDerivation rec { homepage = "https://github.com/seccomp/libseccomp"; license = licenses.lgpl21; platforms = platforms.linux; + badPlatforms = platforms.riscv; maintainers = with maintainers; [ thoughtpolice wkennington ]; }; } diff --git a/pkgs/os-specific/linux/systemd/default.nix b/pkgs/os-specific/linux/systemd/default.nix index 763c28464ab3..7b3590e5c195 100644 --- a/pkgs/os-specific/linux/systemd/default.nix +++ b/pkgs/os-specific/linux/systemd/default.nix @@ -41,8 +41,10 @@ in stdenv.mkDerivation rec { buildInputs = [ linuxHeaders libcap kmod xz pam acl /* cryptsetup */ libuuid glib libgcrypt libgpgerror libidn2 - libmicrohttpd ] ++ stdenv.lib.meta.enableIfAvailable kexectools ++ - [ libseccomp libffi audit lz4 bzip2 libapparmor + libmicrohttpd ] ++ + stdenv.lib.meta.enableIfAvailable kexectools ++ + stdenv.lib.meta.enableIfAvailable libseccomp ++ + [ libffi audit lz4 bzip2 libapparmor iptables gnu-efi # This is actually native, but we already pull it from buildPackages pythonLxmlEnv diff --git a/pkgs/tools/package-management/nix/default.nix b/pkgs/tools/package-management/nix/default.nix index 5140ddd0283d..677c3896fc12 100644 --- a/pkgs/tools/package-management/nix/default.nix +++ b/pkgs/tools/package-management/nix/default.nix @@ -30,7 +30,7 @@ let buildInputs = [ curl openssl sqlite xz bzip2 ] ++ lib.optional (stdenv.isLinux || stdenv.isDarwin) libsodium ++ lib.optionals is20 [ brotli ] # Since 1.12 - ++ lib.optional (hostPlatform.isSeccomputable) libseccomp + ++ lib.meta.enableIfAvailable libseccomp ++ lib.optional ((stdenv.isLinux || stdenv.isDarwin) && is20) (aws-sdk-cpp.override { apis = ["s3"]; @@ -60,7 +60,7 @@ let hostPlatform != buildPlatform && hostPlatform ? nix && hostPlatform.nix ? system ) ''--with-system=${hostPlatform.nix.system}'' # RISC-V support in progress https://github.com/seccomp/libseccomp/pull/50 - ++ lib.optional (!hostPlatform.isSeccomputable) "--disable-seccomp-sandboxing"; + ++ lib.optional (!libseccomp.meta.available) "--disable-seccomp-sandboxing"; makeFlags = "profiledir=$(out)/etc/profile.d"; diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 8d2a17a79daa..7c61381281d0 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -9792,9 +9792,7 @@ with pkgs; libgroove = callPackage ../development/libraries/libgroove { }; - libseccomp = if hostPlatform.isSeccomputable - then callPackage ../development/libraries/libseccomp { } - else null; + libseccomp = callPackage ../development/libraries/libseccomp { }; libsecret = callPackage ../development/libraries/libsecret { }; |