diff options
Diffstat (limited to 'nixpkgs/pkgs/build-support')
20 files changed, 448 insertions, 119 deletions
diff --git a/nixpkgs/pkgs/build-support/cc-wrapper/add-clang-cc-cflags-before.sh b/nixpkgs/pkgs/build-support/cc-wrapper/add-clang-cc-cflags-before.sh index f943b8504683..a1d06b9c6b0a 100644 --- a/nixpkgs/pkgs/build-support/cc-wrapper/add-clang-cc-cflags-before.sh +++ b/nixpkgs/pkgs/build-support/cc-wrapper/add-clang-cc-cflags-before.sh @@ -7,5 +7,5 @@ for p in "${params[@]}"; do done if $needsTarget; then - extraBefore+=(-target @defaultTarget@) + extraBefore+=(-target @defaultTarget@ @march@) fi diff --git a/nixpkgs/pkgs/build-support/cc-wrapper/add-hardening.sh b/nixpkgs/pkgs/build-support/cc-wrapper/add-hardening.sh index e884f8388b58..ef166e2f50c5 100644 --- a/nixpkgs/pkgs/build-support/cc-wrapper/add-hardening.sh +++ b/nixpkgs/pkgs/build-support/cc-wrapper/add-hardening.sh @@ -32,7 +32,7 @@ if [[ -n "${hardeningEnableMap[fortify3]-}" ]]; then fi if (( "${NIX_DEBUG:-0}" >= 1 )); then - declare -a allHardeningFlags=(fortify fortify3 stackprotector pie pic strictoverflow format zerocallusedregs) + declare -a allHardeningFlags=(fortify fortify3 stackprotector pie pic strictoverflow format trivialautovarinit zerocallusedregs) declare -A hardeningDisableMap=() # Determine which flags were effectively disabled so we can report below. @@ -106,6 +106,10 @@ for flag in "${!hardeningEnableMap[@]}"; do hardeningCFlagsBefore+=('-fno-strict-overflow') fi ;; + trivialautovarinit) + if (( "${NIX_DEBUG:-0}" >= 1 )); then echo HARDENING: enabling trivialautovarinit >&2; fi + hardeningCFlagsBefore+=('-ftrivial-auto-var-init=pattern') + ;; format) if (( "${NIX_DEBUG:-0}" >= 1 )); then echo HARDENING: enabling format >&2; fi hardeningCFlagsBefore+=('-Wformat' '-Wformat-security' '-Werror=format-security') diff --git a/nixpkgs/pkgs/build-support/cc-wrapper/default.nix b/nixpkgs/pkgs/build-support/cc-wrapper/default.nix index 9ff560b2286a..d788076dda51 100644 --- a/nixpkgs/pkgs/build-support/cc-wrapper/default.nix +++ b/nixpkgs/pkgs/build-support/cc-wrapper/default.nix @@ -604,8 +604,11 @@ stdenv.mkDerivation { # Always add -march based on cpu in triple. Sometimes there is a # discrepency (x86_64 vs. x86-64), so we provide an "arch" arg in # that case. + # + # For clang, this is handled in add-clang-cc-cflags-before.sh + # TODO: aarch64-darwin has mcpu incompatible with gcc - + optionalString ((targetPlatform ? gcc.arch) && (isClang || !(stdenv.isDarwin && stdenv.isAarch64)) && + + optionalString ((targetPlatform ? gcc.arch) && !isClang && !(stdenv.isDarwin && stdenv.isAarch64) && isGccArchSupported targetPlatform.gcc.arch) '' echo "-march=${targetPlatform.gcc.arch}" >> $out/nix-support/cc-cflags-before '' @@ -694,6 +697,10 @@ stdenv.mkDerivation { ## Needs to go after ^ because the for loop eats \n and makes this file an invalid script ## + optionalString isClang '' + # Escape twice: once for this script, once for the one it gets substituted into. + export march=${lib.escapeShellArg + (lib.optionalString (targetPlatform ? gcc.arch) + (lib.escapeShellArg "-march=${targetPlatform.gcc.arch}"))} export defaultTarget=${targetPlatform.config} substituteAll ${./add-clang-cc-cflags-before.sh} $out/nix-support/add-local-cc-cflags-before.sh '' diff --git a/nixpkgs/pkgs/build-support/dotnet/build-dotnet-module/default.nix b/nixpkgs/pkgs/build-support/dotnet/build-dotnet-module/default.nix index af960fb1d617..15a753df0772 100644 --- a/nixpkgs/pkgs/build-support/dotnet/build-dotnet-module/default.nix +++ b/nixpkgs/pkgs/build-support/dotnet/build-dotnet-module/default.nix @@ -114,7 +114,6 @@ let then nugetDeps else mkNugetDeps { inherit name; - nugetDeps = import nugetDeps; sourceFile = nugetDeps; } else throw "Defining the `nugetDeps` attribute is required, as to lock the NuGet dependencies. This file can be generated by running the `passthru.fetch-deps` script."; diff --git a/nixpkgs/pkgs/build-support/dotnet/make-nuget-deps/default.nix b/nixpkgs/pkgs/build-support/dotnet/make-nuget-deps/default.nix index 8281976df626..fcd3f9f076b2 100644 --- a/nixpkgs/pkgs/build-support/dotnet/make-nuget-deps/default.nix +++ b/nixpkgs/pkgs/build-support/dotnet/make-nuget-deps/default.nix @@ -1,5 +1,5 @@ { linkFarmFromDrvs, fetchurl }: -{ name, nugetDeps, sourceFile ? null }: +{ name, nugetDeps ? import sourceFile, sourceFile ? null }: linkFarmFromDrvs "${name}-nuget-deps" (nugetDeps { fetchNuGet = { pname, version, sha256 , url ? "https://www.nuget.org/api/v2/package/${pname}/${version}" }: diff --git a/nixpkgs/pkgs/build-support/dotnet/nuget-to-nix/nuget-to-nix.sh b/nixpkgs/pkgs/build-support/dotnet/nuget-to-nix/nuget-to-nix.sh index 34c42929857d..def59954e480 100755 --- a/nixpkgs/pkgs/build-support/dotnet/nuget-to-nix/nuget-to-nix.sh +++ b/nixpkgs/pkgs/build-support/dotnet/nuget-to-nix/nuget-to-nix.sh @@ -23,10 +23,17 @@ export DOTNET_CLI_TELEMETRY_OPTOUT=1 mapfile -t sources < <(dotnet nuget list source --format short | awk '/^E / { print $2 }') +declare -a remote_sources declare -A base_addresses for index in "${sources[@]}"; do - base_addresses[$index]=$( + if [[ -d "$index" ]]; then + continue + fi + + remote_sources+=($index) + + base_addresses[$index]=$( curl --compressed --netrc -fsL "$index" | \ jq -r '.resources[] | select(."@type" == "PackageBaseAddress/3.0.0")."@id"') done @@ -35,6 +42,7 @@ echo "{ fetchNuGet }: [" cd "$pkgs" for package in *; do + [[ -d "$package" ]] || continue cd "$package" for version in *; do id=$(xq -r .package.metadata.id "$version"/*.nuspec) @@ -44,7 +52,12 @@ for package in *; do fi used_source="$(jq -r '.source' "$version"/.nupkg.metadata)" - for source in "${sources[@]}"; do + + if [[ -d "$used_source" ]]; then + continue + fi + + for source in "${remote_sources[@]}"; do url="${base_addresses[$source]}$package/$version/$package.$version.nupkg" if [[ "$source" == "$used_source" ]]; then sha256="$(nix-hash --type sha256 --flat --base32 "$version/$package.$version".nupkg)" diff --git a/nixpkgs/pkgs/build-support/node/build-npm-package/default.nix b/nixpkgs/pkgs/build-support/node/build-npm-package/default.nix index 42c6a9c065b2..1c7bf63e8cd6 100644 --- a/nixpkgs/pkgs/build-support/node/build-npm-package/default.nix +++ b/nixpkgs/pkgs/build-support/node/build-npm-package/default.nix @@ -49,6 +49,12 @@ name = "${name}-npm-deps"; hash = npmDepsHash; } + # Custom npmConfigHook +, npmConfigHook ? null + # Custom npmBuildHook +, npmBuildHook ? null + # Custom npmInstallHook +, npmInstallHook ? null , ... } @ args: @@ -57,14 +63,19 @@ let npmHooks = buildPackages.npmHooks.override { inherit nodejs; }; - - inherit (npmHooks) npmConfigHook npmBuildHook npmInstallHook; in stdenv.mkDerivation (args // { inherit npmDeps npmBuildScript; nativeBuildInputs = nativeBuildInputs - ++ [ nodejs npmConfigHook npmBuildHook npmInstallHook nodejs.python ] + ++ [ + nodejs + # Prefer passed hooks + (if npmConfigHook != null then npmConfigHook else npmHooks.npmConfigHook) + (if npmBuildHook != null then npmBuildHook else npmHooks.npmBuildHook) + (if npmInstallHook != null then npmInstallHook else npmHooks.npmInstallHook) + nodejs.python + ] ++ lib.optionals stdenv.isDarwin [ darwin.cctools ]; buildInputs = buildInputs ++ [ nodejs ]; diff --git a/nixpkgs/pkgs/build-support/node/import-npm-lock/default.nix b/nixpkgs/pkgs/build-support/node/import-npm-lock/default.nix new file mode 100644 index 000000000000..d530b8ee30ff --- /dev/null +++ b/nixpkgs/pkgs/build-support/node/import-npm-lock/default.nix @@ -0,0 +1,134 @@ +{ lib +, fetchurl +, stdenv +, callPackages +, runCommand +}: + +let + inherit (builtins) match elemAt toJSON removeAttrs; + inherit (lib) importJSON mapAttrs; + + matchGitHubReference = match "github(.com)?:.+"; + getName = package: package.name or "unknown"; + getVersion = package: package.version or "0.0.0"; + + # Fetch a module from package-lock.json -> packages + fetchModule = + { module + , npmRoot ? null + }: ( + if module ? "resolved" then + ( + let + # Parse scheme from URL + mUrl = match "(.+)://(.+)" module.resolved; + scheme = elemAt mUrl 0; + in + ( + if mUrl == null then + ( + assert npmRoot != null; { + outPath = npmRoot + "/${module.resolved}"; + } + ) + else if (scheme == "http" || scheme == "https") then + ( + fetchurl { + url = module.resolved; + hash = module.integrity; + } + ) + else if lib.hasPrefix "git" module.resolved then + ( + builtins.fetchGit { + url = module.resolved; + } + ) + else throw "Unsupported URL scheme: ${scheme}" + ) + ) + else null + ); + + # Manage node_modules outside of the store with hooks + hooks = callPackages ./hooks { }; + +in +{ + importNpmLock = + { npmRoot ? null + , package ? importJSON (npmRoot + "/package.json") + , packageLock ? importJSON (npmRoot + "/package-lock.json") + , pname ? getName package + , version ? getVersion package + }: + let + mapLockDependencies = + mapAttrs + (name: version: ( + # Substitute the constraint with the version of the dependency from the top-level of package-lock. + if ( + # if the version is `latest` + version == "latest" + || + # Or if it's a github reference + matchGitHubReference version != null + ) then packageLock'.packages.${"node_modules/${name}"}.version + # But not a regular version constraint + else version + )); + + packageLock' = packageLock // { + packages = + mapAttrs + (_: module: + let + src = fetchModule { + inherit module npmRoot; + }; + in + (removeAttrs module [ + "link" + "funding" + ]) // lib.optionalAttrs (src != null) { + resolved = "file:${src}"; + } // lib.optionalAttrs (module ? dependencies) { + dependencies = mapLockDependencies module.dependencies; + } // lib.optionalAttrs (module ? optionalDependencies) { + optionalDependencies = mapLockDependencies module.optionalDependencies; + }) + packageLock.packages; + }; + + mapPackageDependencies = mapAttrs (name: _: packageLock'.packages.${"node_modules/${name}"}.resolved); + + # Substitute dependency references in package.json with Nix store paths + packageJSON' = package // lib.optionalAttrs (package ? dependencies) { + dependencies = mapPackageDependencies package.dependencies; + } // lib.optionalAttrs (package ? devDependencies) { + devDependencies = mapPackageDependencies package.devDependencies; + }; + + pname = package.name or "unknown"; + + in + runCommand "${pname}-${version}-sources" + { + inherit pname version; + + passAsFile = [ "package" "packageLock" ]; + + package = toJSON packageJSON'; + packageLock = toJSON packageLock'; + } '' + mkdir $out + cp "$packagePath" $out/package.json + cp "$packageLockPath" $out/package-lock.json + ''; + + inherit hooks; + inherit (hooks) npmConfigHook; + + __functor = self: self.importNpmLock; +} diff --git a/nixpkgs/pkgs/build-support/node/import-npm-lock/hooks/canonicalize-symlinks.js b/nixpkgs/pkgs/build-support/node/import-npm-lock/hooks/canonicalize-symlinks.js new file mode 100644 index 000000000000..81cd2593c5b2 --- /dev/null +++ b/nixpkgs/pkgs/build-support/node/import-npm-lock/hooks/canonicalize-symlinks.js @@ -0,0 +1,52 @@ +#!/usr/bin/env node +const fs = require("fs"); +const path = require("path"); + +// When installing files rewritten to the Nix store with npm +// npm writes the symlinks relative to the build directory. +// +// This makes relocating node_modules tricky when refering to the store. +// This script walks node_modules and canonicalizes symlinks. + +async function canonicalize(storePrefix, root) { + console.log(storePrefix, root) + const entries = await fs.promises.readdir(root); + const paths = entries.map((entry) => path.join(root, entry)); + + const stats = await Promise.all( + paths.map(async (path) => { + return { + path: path, + stat: await fs.promises.lstat(path), + }; + }) + ); + + const symlinks = stats.filter((stat) => stat.stat.isSymbolicLink()); + const dirs = stats.filter((stat) => stat.stat.isDirectory()); + + // Canonicalize symlinks to their real path + await Promise.all( + symlinks.map(async (stat) => { + const target = await fs.promises.realpath(stat.path); + if (target.startsWith(storePrefix)) { + await fs.promises.unlink(stat.path); + await fs.promises.symlink(target, stat.path); + } + }) + ); + + // Recurse into directories + await Promise.all(dirs.map((dir) => canonicalize(storePrefix, dir.path))); +} + +async function main() { + const args = process.argv.slice(2); + const storePrefix = args[0]; + + if (fs.existsSync("node_modules")) { + await canonicalize(storePrefix, "node_modules"); + } +} + +main(); diff --git a/nixpkgs/pkgs/build-support/node/import-npm-lock/hooks/default.nix b/nixpkgs/pkgs/build-support/node/import-npm-lock/hooks/default.nix new file mode 100644 index 000000000000..5990371def91 --- /dev/null +++ b/nixpkgs/pkgs/build-support/node/import-npm-lock/hooks/default.nix @@ -0,0 +1,13 @@ +{ callPackage, lib, makeSetupHook, srcOnly, nodejs }: +{ + npmConfigHook = makeSetupHook + { + name = "npm-config-hook"; + substitutions = { + nodeSrc = srcOnly nodejs; + nodeGyp = "${nodejs}/lib/node_modules/npm/node_modules/node-gyp/bin/node-gyp.js"; + canonicalizeSymlinksScript = ./canonicalize-symlinks.js; + storePrefix = builtins.storeDir; + }; + } ./npm-config-hook.sh; +} diff --git a/nixpkgs/pkgs/build-support/node/import-npm-lock/hooks/npm-config-hook.sh b/nixpkgs/pkgs/build-support/node/import-npm-lock/hooks/npm-config-hook.sh new file mode 100644 index 000000000000..35c3a2061d4b --- /dev/null +++ b/nixpkgs/pkgs/build-support/node/import-npm-lock/hooks/npm-config-hook.sh @@ -0,0 +1,70 @@ +# shellcheck shell=bash + +npmConfigHook() { + echo "Executing npmConfigHook" + + if [ -n "${npmRoot-}" ]; then + pushd "$npmRoot" + fi + + if [ -z "${npmDeps-}" ]; then + echo "Error: 'npmDeps' should be set when using npmConfigHook." + exit 1 + fi + + echo "Configuring npm" + + export HOME="$TMPDIR" + export npm_config_nodedir="@nodeSrc@" + export npm_config_node_gyp="@nodeGyp@" + npm config set offline true + npm config set progress false + npm config set fund false + + echo "Installing patched package.json/package-lock.json" + + # Save original package.json/package-lock.json for closure size reductions. + # The patched one contains store paths we don't want at runtime. + mv package.json .package.json.orig + if test -f package-lock.json; then # Not all packages have package-lock.json. + mv package-lock.json .package-lock.json.orig + fi + cp --no-preserve=mode "${npmDeps}/package.json" package.json + cp --no-preserve=mode "${npmDeps}/package-lock.json" package-lock.json + + echo "Installing dependencies" + + if ! npm install --ignore-scripts $npmInstallFlags "${npmInstallFlagsArray[@]}" $npmFlags "${npmFlagsArray[@]}"; then + echo + echo "ERROR: npm failed to install dependencies" + echo + echo "Here are a few things you can try, depending on the error:" + echo '1. Set `npmFlags = [ "--legacy-peer-deps" ]`' + echo + + exit 1 + fi + + patchShebangs node_modules + + npm rebuild $npmRebuildFlags "${npmRebuildFlagsArray[@]}" $npmFlags "${npmFlagsArray[@]}" + + patchShebangs node_modules + + # Canonicalize symlinks from relative paths to the Nix store. + node @canonicalizeSymlinksScript@ @storePrefix@ + + # Revert to pre-patched package.json/package-lock.json for closure size reductions + mv .package.json.orig package.json + if test -f ".package-lock.json.orig"; then + mv .package-lock.json.orig package-lock.json + fi + + if [ -n "${npmRoot-}" ]; then + popd + fi + + echo "Finished npmConfigHook" +} + +postConfigureHooks+=(npmConfigHook) diff --git a/nixpkgs/pkgs/build-support/php/hooks/composer-install-hook.sh b/nixpkgs/pkgs/build-support/php/hooks/composer-install-hook.sh index a84a9e3aa862..edba0e5eec4e 100644 --- a/nixpkgs/pkgs/build-support/php/hooks/composer-install-hook.sh +++ b/nixpkgs/pkgs/build-support/php/hooks/composer-install-hook.sh @@ -83,28 +83,7 @@ composerInstallBuildHook() { # Since this file cannot be generated in the composer-repository-hook.sh # because the file contains hardcoded nix store paths, we generate it here. - composer-local-repo-plugin --no-ansi build-local-repo -m "${composerRepository}" . - - # Remove all the repositories of type "composer" and "vcs" - # from the composer.json file. - jq -r -c 'del(try .repositories[] | select(.type == "composer" or .type == "vcs"))' composer.json | sponge composer.json - - # Configure composer to disable packagist and avoid using the network. - composer config repo.packagist false - # Configure composer to use the local repository. - composer config repo.composer composer file://"$PWD"/packages.json - - # Since the composer.json file has been modified in the previous step, the - # composer.lock file needs to be updated. - composer \ - --lock \ - --no-ansi \ - --no-install \ - --no-interaction \ - ${composerNoDev:+--no-dev} \ - ${composerNoPlugins:+--no-plugins} \ - ${composerNoScripts:+--no-scripts} \ - update + composer-local-repo-plugin --no-ansi build-local-repo-lock -m "${composerRepository}" . echo "Finished composerInstallBuildHook" } @@ -112,26 +91,7 @@ composerInstallBuildHook() { composerInstallCheckHook() { echo "Executing composerInstallCheckHook" - if ! composer validate --strict --no-ansi --no-interaction --quiet; then - if [ ! -z "${composerStrictValidation-}" ]; then - echo - echo -e "\e[31mERROR: composer files validation failed\e[0m" - echo - echo -e '\e[31mThe validation of the composer.json and composer.lock failed.\e[0m' - echo -e '\e[31mMake sure that the file composer.lock is consistent with composer.json.\e[0m' - echo - exit 1 - else - echo - echo -e "\e[33mWARNING: composer files validation failed\e[0m" - echo - echo -e '\e[33mThe validation of the composer.json and composer.lock failed.\e[0m' - echo -e '\e[33mMake sure that the file composer.lock is consistent with composer.json.\e[0m' - echo - echo -e '\e[33mThis check is not blocking, but it is recommended to fix the issue.\e[0m' - echo - fi - fi + checkComposerValidate echo "Finished composerInstallCheckHook" } @@ -151,9 +111,6 @@ composerInstallInstallHook() { ${composerNoScripts:+--no-scripts} \ install - # Remove packages.json, we don't need it in the store. - rm packages.json - # Copy the relevant files only in the store. mkdir -p "$out"/share/php/"${pname}" cp -r . "$out"/share/php/"${pname}"/ diff --git a/nixpkgs/pkgs/build-support/php/hooks/composer-repository-hook.sh b/nixpkgs/pkgs/build-support/php/hooks/composer-repository-hook.sh index bb3017bd98c9..762e762761cc 100644 --- a/nixpkgs/pkgs/build-support/php/hooks/composer-repository-hook.sh +++ b/nixpkgs/pkgs/build-support/php/hooks/composer-repository-hook.sh @@ -63,7 +63,7 @@ composerRepositoryBuildHook() { # Build the local composer repository # The command 'build-local-repo' is provided by the Composer plugin # nix-community/composer-local-repo-plugin. - composer-local-repo-plugin --no-ansi build-local-repo ${composerNoDev:+--no-dev} -r repository + composer-local-repo-plugin --no-ansi build-local-repo-lock ${composerNoDev:+--no-dev} -r repository echo "Finished composerRepositoryBuildHook" } @@ -71,26 +71,7 @@ composerRepositoryBuildHook() { composerRepositoryCheckHook() { echo "Executing composerRepositoryCheckHook" - if ! composer validate --strict --no-ansi --no-interaction --quiet; then - if [ ! -z "${composerStrictValidation-}" ]; then - echo - echo -e "\e[31mERROR: composer files validation failed\e[0m" - echo - echo -e '\e[31mThe validation of the composer.json and composer.lock failed.\e[0m' - echo -e '\e[31mMake sure that the file composer.lock is consistent with composer.json.\e[0m' - echo - exit 1 - else - echo - echo -e "\e[33mWARNING: composer files validation failed\e[0m" - echo - echo -e '\e[33mThe validation of the composer.json and composer.lock failed.\e[0m' - echo -e '\e[33mMake sure that the file composer.lock is consistent with composer.json.\e[0m' - echo - echo -e '\e[33mThis check is not blocking, but it is recommended to fix the issue.\e[0m' - echo - fi - fi + checkComposerValidate echo "Finished composerRepositoryCheckHook" } diff --git a/nixpkgs/pkgs/build-support/php/hooks/php-script-utils.bash b/nixpkgs/pkgs/build-support/php/hooks/php-script-utils.bash index 163d9306f5f4..9b5978865634 100644 --- a/nixpkgs/pkgs/build-support/php/hooks/php-script-utils.bash +++ b/nixpkgs/pkgs/build-support/php/hooks/php-script-utils.bash @@ -1,4 +1,5 @@ declare version +declare composerStrictValidation setComposeRootVersion() { set +e # Disable exit on error @@ -10,3 +11,47 @@ setComposeRootVersion() { set -e } + +checkComposerValidate() { + if ! composer validate --strict --no-ansi --no-interaction --quiet --no-check-all --no-check-lock; then + if [ "1" == "${composerStrictValidation-}" ]; then + echo + echo -e "\e[31mERROR: composer files validation failed\e[0m" + echo + echo -e '\e[31mThe validation of the composer.json failed.\e[0m' + echo -e '\e[31mMake sure that the file composer.json is valid.\e[0m' + echo + exit 1 + else + echo + echo -e "\e[33mWARNING: composer files validation failed\e[0m" + echo + echo -e '\e[33mThe validation of the composer.json failed.\e[0m' + echo -e '\e[33mMake sure that the file composer.json is valid.\e[0m' + echo + echo -e '\e[33mThis check is not blocking, but it is recommended to fix the issue.\e[0m' + echo + fi + fi + + if ! composer validate --strict --no-ansi --no-interaction --quiet --no-check-all --check-lock; then + if [ "1" == "${composerStrictValidation-}" ]; then + echo + echo -e "\e[31mERROR: composer files validation failed\e[0m" + echo + echo -e '\e[31mThe validation of the composer.json and composer.lock failed.\e[0m' + echo -e '\e[31mMake sure that the file composer.lock is consistent with composer.json.\e[0m' + echo + exit 1 + else + echo + echo -e "\e[33mWARNING: composer files validation failed\e[0m" + echo + echo -e '\e[33mThe validation of the composer.json and composer.lock failed.\e[0m' + echo -e '\e[33mMake sure that the file composer.lock is consistent with composer.json.\e[0m' + echo + echo -e '\e[33mThis check is not blocking, but it is recommended to fix the issue.\e[0m' + echo + fi + fi +} diff --git a/nixpkgs/pkgs/build-support/php/pkgs/composer-local-repo-plugin.nix b/nixpkgs/pkgs/build-support/php/pkgs/composer-local-repo-plugin.nix index 48d05b7a0008..bfdc3d4f98d1 100644 --- a/nixpkgs/pkgs/build-support/php/pkgs/composer-local-repo-plugin.nix +++ b/nixpkgs/pkgs/build-support/php/pkgs/composer-local-repo-plugin.nix @@ -29,13 +29,13 @@ let in stdenvNoCC.mkDerivation (finalAttrs: { pname = "composer-local-repo-plugin"; - version = "1.0.3"; + version = "1.1.0"; src = fetchFromGitHub { owner = "nix-community"; repo = "composer-local-repo-plugin"; rev = finalAttrs.version; - hash = "sha256-fLJlxcAQ7X28GDK8PVYKxJgTzbspfWxvgRmRK4NZRIA="; + hash = "sha256-edbn07r/Uc1g0qOuVBZBs6N1bMN5kIfA1b4FCufdw5M="; }; COMPOSER_CACHE_DIR = "/dev/null"; diff --git a/nixpkgs/pkgs/build-support/rust/rustc-wrapper/default.nix b/nixpkgs/pkgs/build-support/rust/rustc-wrapper/default.nix index d6034c08af47..0defa6355029 100644 --- a/nixpkgs/pkgs/build-support/rust/rustc-wrapper/default.nix +++ b/nixpkgs/pkgs/build-support/rust/rustc-wrapper/default.nix @@ -6,8 +6,27 @@ runCommand "${rustc-unwrapped.pname}-wrapper-${rustc-unwrapped.version}" { inherit (rustc-unwrapped) outputs; env = { - prog = "${rustc-unwrapped}/bin/rustc"; sysroot = lib.optionalString (sysroot != null) "--sysroot ${sysroot}"; + + # Upstream rustc still assumes that musl = static[1]. The fix for + # this is to disable crt-static by default for non-static musl + # targets. + # + # Even though Cargo will build build.rs files for the build platform, + # cross-compiling _from_ musl appears to work fine, so we only need + # to do this when rustc's target platform is dynamically linked musl. + # + # [1]: https://github.com/rust-lang/compiler-team/issues/422 + # + # WARNING: using defaultArgs is dangerous, as it will apply to all + # targets used by this compiler (host and target). This means + # that it can't be used to set arguments that should only be + # applied to the target. It's fine to do this for -crt-static, + # because rustc does not support +crt-static host platforms + # anyway. + defaultArgs = lib.optionalString + (with rustc-unwrapped.stdenv.targetPlatform; isMusl && !isStatic) + "-C target-feature=-crt-static"; }; passthru = { @@ -22,9 +41,12 @@ runCommand "${rustc-unwrapped.pname}-wrapper-${rustc-unwrapped.version}" { } '' mkdir -p $out/bin ln -s ${rustc-unwrapped}/bin/* $out/bin - rm $out/bin/rustc - substituteAll ${./rustc-wrapper.sh} $out/bin/rustc - chmod +x $out/bin/rustc + rm $out/bin/{rustc,rustdoc} + prog=${rustc-unwrapped}/bin/rustc extraFlagsVar=NIX_RUSTFLAGS \ + substituteAll ${./rustc-wrapper.sh} $out/bin/rustc + prog=${rustc-unwrapped}/bin/rustdoc extraFlagsVar=NIX_RUSTDOCFLAGS \ + substituteAll ${./rustc-wrapper.sh} $out/bin/rustdoc + chmod +x $out/bin/{rustc,rustdoc} ${lib.concatMapStrings (output: "ln -s ${rustc-unwrapped.${output}} \$${output}\n") (lib.remove "out" rustc-unwrapped.outputs)} '' diff --git a/nixpkgs/pkgs/build-support/rust/rustc-wrapper/rustc-wrapper.sh b/nixpkgs/pkgs/build-support/rust/rustc-wrapper/rustc-wrapper.sh index 4a90e30652fe..e33cc3e2a025 100644 --- a/nixpkgs/pkgs/build-support/rust/rustc-wrapper/rustc-wrapper.sh +++ b/nixpkgs/pkgs/build-support/rust/rustc-wrapper/rustc-wrapper.sh @@ -13,8 +13,8 @@ for arg; do esac done -extraBefore=("${defaultSysroot[@]}") -extraAfter=($NIX_RUSTFLAGS) +extraBefore=(@defaultArgs@ "${defaultSysroot[@]}") +extraAfter=($@extraFlagsVar@) # Optionally print debug info. if (( "${NIX_DEBUG:-0}" >= 1 )); then diff --git a/nixpkgs/pkgs/build-support/testers/default.nix b/nixpkgs/pkgs/build-support/testers/default.nix index fc10597e3e12..362622d9b7ee 100644 --- a/nixpkgs/pkgs/build-support/testers/default.nix +++ b/nixpkgs/pkgs/build-support/testers/default.nix @@ -1,4 +1,4 @@ -{ pkgs, buildPackages, lib, callPackage, runCommand, stdenv, substituteAll, testers }: +{ pkgs, pkgsLinux, buildPackages, lib, callPackage, runCommand, stdenv, substituteAll, testers }: # Documentation is in doc/builders/testers.chapter.md { # See https://nixos.org/manual/nixpkgs/unstable/#tester-testBuildFailure @@ -107,7 +107,7 @@ (lib.setDefaultModuleLocation "the argument that was passed to pkgs.runNixOSTest" testModule) ]; hostPkgs = pkgs; - node.pkgs = pkgs; + node.pkgs = pkgsLinux; }; # See doc/builders/testers.chapter.md or @@ -123,7 +123,7 @@ inherit pkgs; extraConfigurations = [( { lib, ... }: { - config.nixpkgs.pkgs = lib.mkDefault pkgs; + config.nixpkgs.pkgs = lib.mkDefault pkgsLinux; } )]; }); diff --git a/nixpkgs/pkgs/build-support/testers/test/default.nix b/nixpkgs/pkgs/build-support/testers/test/default.nix index c48c9f299ebf..da67711156be 100644 --- a/nixpkgs/pkgs/build-support/testers/test/default.nix +++ b/nixpkgs/pkgs/build-support/testers/test/default.nix @@ -27,11 +27,11 @@ lib.recurseIntoAttrs { # Check that the wiring of nixosTest is correct. # Correct operation of the NixOS test driver should be asserted elsewhere. - nixosTest-example = pkgs-with-overlay.testers.nixosTest ({ lib, pkgs, figlet, ... }: { + nixosTest-example = pkgs-with-overlay.testers.nixosTest ({ lib, ... }: { name = "nixosTest-test"; nodes.machine = { pkgs, ... }: { system.nixos = dummyVersioning; - environment.systemPackages = [ pkgs.proof-of-overlay-hello figlet ]; + environment.systemPackages = [ pkgs.proof-of-overlay-hello pkgs.figlet ]; }; testScript = '' machine.succeed("hello | figlet >/dev/console") diff --git a/nixpkgs/pkgs/build-support/writers/data.nix b/nixpkgs/pkgs/build-support/writers/data.nix index 45ed5360eaeb..02f08b9ca0b6 100644 --- a/nixpkgs/pkgs/build-support/writers/data.nix +++ b/nixpkgs/pkgs/build-support/writers/data.nix @@ -1,28 +1,34 @@ -{ lib, pkgs, formats, runCommand, dasel }: +{ lib, pkgs, formats, runCommand }: let - daselBin = lib.getExe dasel; - inherit (lib) last optionalString types ; in -rec { - # Creates a transformer function that writes input data to disk, transformed - # by both the `input` and `output` arguments. - # - # Type: makeDataWriter :: input -> output -> nameOrPath -> data -> (any -> string) -> string -> string -> any -> derivation - # - # input :: T -> string: function that takes the nix data and returns a string - # output :: string: script that takes the $inputFile and write the result into $out - # nameOrPath :: string: if the name contains a / the files gets written to a sub-folder of $out. The derivation name is the basename of this argument. - # data :: T: the data that will be converted. - # - # Example: - # writeJSON = makeDataWriter { input = builtins.toJSON; output = "cp $inputPath $out"; }; - # myConfig = writeJSON "config.json" { hello = "world"; } - # +{ + /** + Creates a transformer function that writes input data to disk, transformed + by both the `input` and `output` arguments. + + # Example + + ```nix + writeJSON = makeDataWriter { input = builtins.toJSON; output = "cp $inputPath $out"; }; + myConfig = writeJSON "config.json" { hello = "world"; } + ``` + + # Type + + ``` + makeDataWriter :: input -> output -> nameOrPath -> data -> (any -> string) -> string -> string -> any -> derivation + + input :: T -> string: function that takes the nix data and returns a string + output :: string: script that takes the $inputFile and write the result into $out + nameOrPath :: string: if the name contains a / the files gets written to a sub-folder of $out. The derivation name is the basename of this argument. + data :: T: the data that will be converted. + ``` + */ makeDataWriter = lib.warn "pkgs.writers.makeDataWriter is deprecated. Use pkgs.writeTextFile." ({ input ? lib.id, output ? "cp $inputPath $out" }: nameOrPath: data: assert lib.or (types.path.check nameOrPath) (builtins.match "([0-9A-Za-z._])[0-9A-Za-z._-]*" nameOrPath != null); let @@ -44,21 +50,36 @@ rec { inherit (pkgs) writeText; - # Writes the content to a JSON file. - # - # Example: - # writeJSON "data.json" { hello = "world"; } + /** + Writes the content to a JSON file. + + # Example + + ```nix + writeJSON "data.json" { hello = "world"; } + ``` + */ writeJSON = (pkgs.formats.json {}).generate; - # Writes the content to a TOML file. - # - # Example: - # writeTOML "data.toml" { hello = "world"; } + /** + Writes the content to a TOML file. + + # Example + + ```nix + writeTOML "data.toml" { hello = "world"; } + ``` + */ writeTOML = (pkgs.formats.toml {}).generate; - # Writes the content to a YAML file. - # - # Example: - # writeYAML "data.yaml" { hello = "world"; } + /** + Writes the content to a YAML file. + + # Example + + ```nix + writeYAML "data.yaml" { hello = "world"; } + ``` + */ writeYAML = (pkgs.formats.yaml {}).generate; } |