diff options
Diffstat (limited to 'nixpkgs/pkgs/build-support')
23 files changed, 232 insertions, 96 deletions
diff --git a/nixpkgs/pkgs/build-support/build-bazel-package/default.nix b/nixpkgs/pkgs/build-support/build-bazel-package/default.nix index f9de0ad468b2..3ffff74f70e2 100644 --- a/nixpkgs/pkgs/build-support/build-bazel-package/default.nix +++ b/nixpkgs/pkgs/build-support/build-bazel-package/default.nix @@ -10,9 +10,12 @@ args@{ , bazelFlags ? [] , bazelBuildFlags ? [] , bazelTestFlags ? [] +, bazelRunFlags ? [] +, runTargetFlags ? [] , bazelFetchFlags ? [] -, bazelTargets +, bazelTargets ? [] , bazelTestTargets ? [] +, bazelRunTarget ? null , buildAttrs , fetchAttrs @@ -46,17 +49,23 @@ args@{ let fArgs = removeAttrs args [ "buildAttrs" "fetchAttrs" "removeRulesCC" ] // { - name = name; - bazelFlags = bazelFlags; - bazelBuildFlags = bazelBuildFlags; - bazelTestFlags = bazelTestFlags; - bazelFetchFlags = bazelFetchFlags; - bazelTestTargets = bazelTestTargets; - dontAddBazelOpts = dontAddBazelOpts; + inherit + name + bazelFlags + bazelBuildFlags + bazelTestFlags + bazelRunFlags + runTargetFlags + bazelFetchFlags + bazelTargets + bazelTestTargets + bazelRunTarget + dontAddBazelOpts + ; }; fBuildAttrs = fArgs // buildAttrs; fFetchAttrs = fArgs // removeAttrs fetchAttrs [ "sha256" ]; - bazelCmd = { cmd, additionalFlags, targets }: + bazelCmd = { cmd, additionalFlags, targets, targetRunFlags ? [ ] }: lib.optionalString (targets != [ ]) '' # See footnote called [USER and BAZEL_USE_CPP_ONLY_TOOLCHAIN variables] BAZEL_USE_CPP_ONLY_TOOLCHAIN=1 \ @@ -73,7 +82,8 @@ let "''${host_linkopts[@]}" \ $bazelFlags \ ${lib.strings.concatStringsSep " " additionalFlags} \ - ${lib.strings.concatStringsSep " " targets} + ${lib.strings.concatStringsSep " " targets} \ + ${lib.optionalString (targetRunFlags != []) " -- " + lib.strings.concatStringsSep " " targetRunFlags} ''; # we need this to chmod dangling symlinks on darwin, gnu coreutils refuses to do so: # chmod: cannot operate on dangling symlink '$symlink' @@ -262,6 +272,15 @@ stdenv.mkDerivation (fBuildAttrs // { targets = fBuildAttrs.bazelTargets; } } + ${ + bazelCmd { + cmd = "run"; + additionalFlags = fBuildAttrs.bazelRunFlags ++ [ "--jobs" "$NIX_BUILD_CORES" ]; + # Bazel run only accepts a single target, but `bazelCmd` expects `targets` to be a list. + targets = lib.optionals (fBuildAttrs.bazelRunTarget != null) [ fBuildAttrs.bazelRunTarget ]; + targetRunFlags = fBuildAttrs.runTargetFlags; + } + } runHook postBuild ''; }) diff --git a/nixpkgs/pkgs/build-support/cc-wrapper/add-hardening.sh b/nixpkgs/pkgs/build-support/cc-wrapper/add-hardening.sh index 07ac6737f39d..7f5cd4cf4af3 100644 --- a/nixpkgs/pkgs/build-support/cc-wrapper/add-hardening.sh +++ b/nixpkgs/pkgs/build-support/cc-wrapper/add-hardening.sh @@ -81,8 +81,18 @@ for flag in "${!hardeningEnableMap[@]}"; do hardeningCFlags+=('-fPIC') ;; strictoverflow) - if (( "${NIX_DEBUG:-0}" >= 1 )); then echo HARDENING: enabling strictoverflow >&2; fi - hardeningCFlags+=('-fno-strict-overflow') + if (( "${NIX_DEBUG:-0}" >= 1 )); then echo HARDENING: enabling strictoverflow >&2; fi + if (( @isClang@ )); then + # In Clang, -fno-strict-overflow only serves to set -fwrapv and is + # reported as an unused CLI argument if -fwrapv or -fno-wrapv is set + # explicitly, so we side step that by doing the conversion here. + # + # See: https://github.com/llvm/llvm-project/blob/llvmorg-16.0.6/clang/lib/Driver/ToolChains/Clang.cpp#L6315 + # + hardeningCFlags+=('-fwrapv') + else + hardeningCFlags+=('-fno-strict-overflow') + fi ;; format) if (( "${NIX_DEBUG:-0}" >= 1 )); then echo HARDENING: enabling format >&2; fi diff --git a/nixpkgs/pkgs/build-support/cc-wrapper/cc-wrapper.sh b/nixpkgs/pkgs/build-support/cc-wrapper/cc-wrapper.sh index 5350fc3cc9ae..244a0bb6623b 100644 --- a/nixpkgs/pkgs/build-support/cc-wrapper/cc-wrapper.sh +++ b/nixpkgs/pkgs/build-support/cc-wrapper/cc-wrapper.sh @@ -246,10 +246,13 @@ if [[ -e @out@/nix-support/cc-wrapper-hook ]]; then fi if (( "${NIX_CC_USE_RESPONSE_FILE:-@use_response_file_by_default@}" >= 1 )); then - exec @prog@ @<(printf "%q\n" \ + responseFile=$(mktemp --tmpdir cc-params.XXXXXX) + trap 'rm -f -- "$responseFile"' EXIT + printf "%q\n" \ ${extraBefore+"${extraBefore[@]}"} \ ${params+"${params[@]}"} \ - ${extraAfter+"${extraAfter[@]}"}) + ${extraAfter+"${extraAfter[@]}"} > "$responseFile" + @prog@ "@$responseFile" else exec @prog@ \ ${extraBefore+"${extraBefore[@]}"} \ diff --git a/nixpkgs/pkgs/build-support/cc-wrapper/default.nix b/nixpkgs/pkgs/build-support/cc-wrapper/default.nix index 551074e0a211..c7c733a427aa 100644 --- a/nixpkgs/pkgs/build-support/cc-wrapper/default.nix +++ b/nixpkgs/pkgs/build-support/cc-wrapper/default.nix @@ -51,6 +51,8 @@ # the derivation at which the `-B` and `-L` flags added by `useCcForLibs` will point , gccForLibs ? if useCcForLibs then cc else null +, fortify-headers ? null +, includeFortifyHeaders ? null }: with lib; @@ -65,6 +67,10 @@ let stdenv = stdenvNoCC; inherit (stdenv) hostPlatform targetPlatform; + includeFortifyHeaders' = if includeFortifyHeaders != null + then includeFortifyHeaders + else targetPlatform.libc == "musl"; + # Prefix for binaries. Customarily ends with a dash separator. # # TODO(@Ericson2314) Make unconditional, or optional but always true by @@ -165,6 +171,8 @@ let stdenv.targetPlatform.darwinMinVersionVariable; in +assert includeFortifyHeaders' -> fortify-headers != null; + # Ensure bintools matches assert libc_bin == bintools.libc_bin; assert libc_dev == bintools.libc_dev; @@ -189,7 +197,7 @@ stdenv.mkDerivation { # Binutils, and Apple's "cctools"; "bintools" as an attempt to find an # unused middle-ground name that evokes both. inherit bintools; - inherit cc libc nativeTools nativeLibc nativePrefix isGNU isClang; + inherit cc libc libcxx nativeTools nativeLibc nativePrefix isGNU isClang; emacsBufferSetup = pkgs: '' ; We should handle propagation here too @@ -414,6 +422,16 @@ stdenv.mkDerivation { echo "${libc_lib}" > $out/nix-support/orig-libc echo "${libc_dev}" > $out/nix-support/orig-libc-dev + '' + # fortify-headers is a set of wrapper headers that augment libc + # and use #include_next to pass through to libc's true + # implementations, so must appear before them in search order. + # in theory a correctly placed -idirafter could be used, but in + # practice the compiler may have been built with a --with-headers + # like option that forces the libc headers before all -idirafter, + # hence -isystem here. + + optionalString includeFortifyHeaders' '' + echo "-isystem ${fortify-headers}/include" >> $out/nix-support/libc-cflags '') ## @@ -609,6 +627,8 @@ stdenv.mkDerivation { env = { + inherit isClang; + # for substitution in utils.bash expandResponseParams = "${expand-response-params}/bin/expand-response-params"; shell = getBin shell + shell.shellPath or ""; diff --git a/nixpkgs/pkgs/build-support/docker/default.nix b/nixpkgs/pkgs/build-support/docker/default.nix index b74d7885d54a..9f57804e957d 100644 --- a/nixpkgs/pkgs/build-support/docker/default.nix +++ b/nixpkgs/pkgs/build-support/docker/default.nix @@ -5,7 +5,7 @@ , closureInfo , coreutils , e2fsprogs -, fakechroot +, proot , fakeNss , fakeroot , go @@ -777,7 +777,7 @@ rec { fi done # Copy all layers from input images to output image directory - cp -R --no-clobber inputs/*/* image/ + cp -R --update=none inputs/*/* image/ # Merge repositories objects and manifests jq -s add "''${repos[@]}" > repositories jq -s add "''${manifests[@]}" > manifest.json @@ -887,6 +887,13 @@ rec { }); contentsList = if builtins.isList contents then contents else [ contents ]; + bind-paths = builtins.toString (builtins.map (path: "--bind=${path}:${path}!") [ + "/dev/" + "/proc/" + "/sys/" + "${builtins.storeDir}/" + "$out/layer.tar" + ]); # We store the customisation layer as a tarball, to make sure that # things like permissions set on 'extraCommands' are not overridden @@ -898,21 +905,14 @@ rec { nativeBuildInputs = [ fakeroot ] ++ optionals enableFakechroot [ - fakechroot - # for chroot - coreutils - # fakechroot needs getopt, which is provided by util-linux - util-linux + proot ]; postBuild = '' mv $out old_out (cd old_out; eval "$extraCommands" ) mkdir $out - ${optionalString enableFakechroot '' - export FAKECHROOT_EXCLUDE_PATH=/dev:/proc:/sys:${builtins.storeDir}:$out/layer.tar - ''} - ${optionalString enableFakechroot ''fakechroot chroot $PWD/old_out ''}fakeroot bash -c ' + ${optionalString enableFakechroot ''proot -r $PWD/old_out ${bind-paths} --pwd=/ ''}fakeroot bash -c ' source $stdenv/setup ${optionalString (!enableFakechroot) ''cd old_out''} eval "$fakeRootCommands" diff --git a/nixpkgs/pkgs/build-support/emacs/wrapper.nix b/nixpkgs/pkgs/build-support/emacs/wrapper.nix index a3842dec6997..ecfcc0cd52c5 100644 --- a/nixpkgs/pkgs/build-support/emacs/wrapper.nix +++ b/nixpkgs/pkgs/build-support/emacs/wrapper.nix @@ -21,7 +21,7 @@ set which contains `emacs.pkgs.withPackages`. For example, to override `emacs.pkgs.emacs.pkgs.withPackages`, ``` let customEmacsPackages = - emacs.pkgs.overrideScope' (self: super: { + emacs.pkgs.overrideScope (self: super: { # use a custom version of emacs emacs = ...; # use the unstable MELPA version of magit diff --git a/nixpkgs/pkgs/build-support/go/module.nix b/nixpkgs/pkgs/build-support/go/module.nix index bb48315dc4f8..a49ea8fac33a 100644 --- a/nixpkgs/pkgs/build-support/go/module.nix +++ b/nixpkgs/pkgs/build-support/go/module.nix @@ -54,6 +54,9 @@ let let args = removeAttrs args' [ "overrideModAttrs" "vendorSha256" "vendorHash" ]; + GO111MODULE = "on"; + GOTOOLCHAIN = "local"; + goModules = if (vendorHash == null) then "" else (stdenv.mkDerivation { name = "${name}-go-modules"; @@ -62,6 +65,7 @@ let inherit (args) src; inherit (go) GOOS GOARCH; + inherit GO111MODULE GOTOOLCHAIN; # The following inheritence behavior is not trivial to expect, and some may # argue it's not ideal. Changing it may break vendor hashes in Nixpkgs and @@ -75,8 +79,6 @@ let postBuild = args.modPostBuild or ""; sourceRoot = args.sourceRoot or ""; - GO111MODULE = "on"; - impureEnvVars = lib.fetchers.proxyImpureEnvVars ++ [ "GIT_PROXY_COMMAND" "SOCKS_SERVER" @@ -87,6 +89,9 @@ let runHook preConfigure export GOCACHE=$TMPDIR/go-cache export GOPATH="$TMPDIR/go" + # fixes 'GOPROXY list is not the empty string, but contains no entries' + # "https://proxy.golang.org,direct" is the go default + export GOPROXY="''${GOPROXY:-"https://proxy.golang.org,direct"}" # respect impureEnvVars cd "${modRoot}" runHook postConfigure ''; @@ -151,9 +156,8 @@ let inherit (go) GOOS GOARCH; - GO111MODULE = "on"; GOFLAGS = lib.optionals (!proxyVendor) [ "-mod=vendor" ] ++ lib.optionals (!allowGoReference) [ "-trimpath" ]; - inherit CGO_ENABLED enableParallelBuilding; + inherit CGO_ENABLED enableParallelBuilding GO111MODULE GOTOOLCHAIN; configurePhase = args.configurePhase or ('' runHook preConfigure diff --git a/nixpkgs/pkgs/build-support/go/package.nix b/nixpkgs/pkgs/build-support/go/package.nix index b4cb264d9f24..7e099b76f0b7 100644 --- a/nixpkgs/pkgs/build-support/go/package.nix +++ b/nixpkgs/pkgs/build-support/go/package.nix @@ -86,6 +86,7 @@ let inherit CGO_ENABLED enableParallelBuilding; GO111MODULE = "off"; + GOTOOLCHAIN = "local"; GOFLAGS = lib.optionals (!allowGoReference) [ "-trimpath" ]; GOARM = toString (lib.intersectLists [(stdenv.hostPlatform.parsed.cpu.version or "")] ["5" "6" "7"]); diff --git a/nixpkgs/pkgs/build-support/libredirect/default.nix b/nixpkgs/pkgs/build-support/libredirect/default.nix index 6e2de7fa11b0..1ab4a0db827a 100644 --- a/nixpkgs/pkgs/build-support/libredirect/default.nix +++ b/nixpkgs/pkgs/build-support/libredirect/default.nix @@ -1,5 +1,12 @@ -{ lib, stdenv, bintools-unwrapped, llvmPackages_13, coreutils }: - +{ lib, stdenv, bintools-unwrapped, llvmPackages, llvmPackages_13, coreutils }: + +let + # aarch64-darwin needs a clang that can build arm64e binaries, so make sure a version of LLVM + # is used that can do that, but prefer the stdenv one if it is new enough. + llvmPkgs = if (lib.versionAtLeast (lib.getVersion llvmPackages.clang) "13") + then llvmPackages + else llvmPackages_13; + in if stdenv.hostPlatform.isStatic then throw '' libredirect is not available on static builds. @@ -39,11 +46,11 @@ else stdenv.mkDerivation rec { # and the library search directory for libdl. # We can't build this on x86_64, because the libSystem we point to doesn't # like arm64(e). - PATH=${bintools-unwrapped}/bin:${llvmPackages_13.clang-unwrapped}/bin:$PATH \ + PATH=${bintools-unwrapped}/bin:${llvmPkgs.clang-unwrapped}/bin:$PATH \ clang -arch x86_64 -arch arm64 -arch arm64e \ - -isystem ${llvmPackages_13.clang.libc}/include \ - -isystem ${llvmPackages_13.libclang.lib}/lib/clang/*/include \ - -L${llvmPackages_13.clang.libc}/lib \ + -isystem ${llvmPkgs.clang.libc}/include \ + -isystem ${llvmPkgs.libclang.lib}/lib/clang/*/include \ + -L${llvmPkgs.clang.libc}/lib \ -Wl,-install_name,$libName \ -Wall -std=c99 -O3 -fPIC libredirect.c \ -shared -o "$libName" diff --git a/nixpkgs/pkgs/build-support/libredirect/libredirect.c b/nixpkgs/pkgs/build-support/libredirect/libredirect.c index 9ecc16450cc2..19211a813eb8 100644 --- a/nixpkgs/pkgs/build-support/libredirect/libredirect.c +++ b/nixpkgs/pkgs/build-support/libredirect/libredirect.c @@ -106,7 +106,7 @@ static int open_needs_mode(int flags) WRAPPER(int, open)(const char * path, int flags, ...) { - int (*open_real) (const char *, int, mode_t) = LOOKUP_REAL(open); + int (*open_real) (const char *, int, ...) = LOOKUP_REAL(open); mode_t mode = 0; if (open_needs_mode(flags)) { va_list ap; @@ -139,7 +139,7 @@ WRAPPER_DEF(open64) WRAPPER(int, openat)(int dirfd, const char * path, int flags, ...) { - int (*openat_real) (int, const char *, int, mode_t) = LOOKUP_REAL(openat); + int (*openat_real) (int, const char *, int, ...) = LOOKUP_REAL(openat); mode_t mode = 0; if (open_needs_mode(flags)) { va_list ap; diff --git a/nixpkgs/pkgs/build-support/node/build-npm-package/hooks/default.nix b/nixpkgs/pkgs/build-support/node/build-npm-package/hooks/default.nix index c34709335ff7..3f2b0adf1668 100644 --- a/nixpkgs/pkgs/build-support/node/build-npm-package/hooks/default.nix +++ b/nixpkgs/pkgs/build-support/node/build-npm-package/hooks/default.nix @@ -27,7 +27,10 @@ npmInstallHook = makeSetupHook { name = "npm-install-hook"; - propagatedBuildInputs = [ buildPackages.makeWrapper ]; + propagatedBuildInputs = with buildPackages; [ + installShellFiles + makeWrapper + ]; substitutions = { hostNode = "${nodejs}/bin/node"; jq = "${buildPackages.jq}/bin/jq"; diff --git a/nixpkgs/pkgs/build-support/node/build-npm-package/hooks/npm-install-hook.sh b/nixpkgs/pkgs/build-support/node/build-npm-package/hooks/npm-install-hook.sh index b17fb552cc6b..64ddcbd567fc 100644 --- a/nixpkgs/pkgs/build-support/node/build-npm-package/hooks/npm-install-hook.sh +++ b/nixpkgs/pkgs/build-support/node/build-npm-package/hooks/npm-install-hook.sh @@ -24,6 +24,12 @@ npmInstallHook() { elif $typ == "object" then .bin | to_entries | map(.key + " " + .value) | join("\n") else "invalid type " + $typ | halt_error end' "${npmWorkspace-.}/package.json") + while IFS= read -r man; do + installManPage "$packageOut/$man" + done < <(@jq@ --raw-output '(.man | type) as $typ | if $typ == "string" then .man + elif $typ == "list" then .man | join("\n") + else "invalid type " + $typ | halt_error end' "${npmWorkspace-.}/package.json") + local -r nodeModulesPath="$packageOut/node_modules" if [ ! -d "$nodeModulesPath" ]; then diff --git a/nixpkgs/pkgs/build-support/rust/default-crate-overrides.nix b/nixpkgs/pkgs/build-support/rust/default-crate-overrides.nix index e4db2c8a0573..f04eeeaa9bf5 100644 --- a/nixpkgs/pkgs/build-support/rust/default-crate-overrides.nix +++ b/nixpkgs/pkgs/build-support/rust/default-crate-overrides.nix @@ -193,8 +193,8 @@ in }; graphene-sys = attrs: { - nativeBuildInputs = [ pkg-config ]; - buildInputs = [ graphene gobject-introspection ]; + nativeBuildInputs = [ pkg-config gobject-introspection ]; + buildInputs = [ graphene ]; }; nettle-sys = attrs: { diff --git a/nixpkgs/pkgs/build-support/rust/hooks/maturin-build-hook.sh b/nixpkgs/pkgs/build-support/rust/hooks/maturin-build-hook.sh index 41b313280d70..62d5619660c6 100644 --- a/nixpkgs/pkgs/build-support/rust/hooks/maturin-build-hook.sh +++ b/nixpkgs/pkgs/build-support/rust/hooks/maturin-build-hook.sh @@ -24,8 +24,6 @@ maturinBuildHook() { ${maturinBuildFlags-} ) - runHook postBuild - if [ ! -z "${buildAndTestSubdir-}" ]; then popd fi @@ -34,6 +32,9 @@ maturinBuildHook() { mkdir -p dist mv target/wheels/*.whl dist/ + # These are python build hooks and may depend on ./dist + runHook postBuild + echo "Finished maturinBuildHook" } diff --git a/nixpkgs/pkgs/build-support/setup-hooks/make-binary-wrapper/default.nix b/nixpkgs/pkgs/build-support/setup-hooks/make-binary-wrapper/default.nix index 17b97b1082e9..62ba3705be20 100644 --- a/nixpkgs/pkgs/build-support/setup-hooks/make-binary-wrapper/default.nix +++ b/nixpkgs/pkgs/build-support/setup-hooks/make-binary-wrapper/default.nix @@ -1,5 +1,4 @@ -{ stdenv -, targetPackages +{ targetPackages , lib , makeSetupHook , dieHook @@ -11,9 +10,7 @@ makeSetupHook { name = "make-binary-wrapper-hook"; - propagatedBuildInputs = [ dieHook ] - # https://github.com/NixOS/nixpkgs/issues/148189 - ++ lib.optional (stdenv.isDarwin && stdenv.isAarch64) cc; + propagatedBuildInputs = [ dieHook ]; substitutions = { cc = "${cc}/bin/${cc.targetPrefix}cc ${lib.escapeShellArgs (map (s: "-fsanitize=${s}") sanitizers)}"; diff --git a/nixpkgs/pkgs/build-support/setup-hooks/patch-shebangs.sh b/nixpkgs/pkgs/build-support/setup-hooks/patch-shebangs.sh index 9a48440debec..e6872db1acd7 100644 --- a/nixpkgs/pkgs/build-support/setup-hooks/patch-shebangs.sh +++ b/nixpkgs/pkgs/build-support/setup-hooks/patch-shebangs.sh @@ -11,11 +11,12 @@ fixupOutputHooks+=(patchShebangsAuto) # Run patch shebangs on a directory or file. # Can take multiple paths as arguments. -# patchShebangs [--build | --host] PATH... +# patchShebangs [--build | --host | --update] [--] PATH... # Flags: # --build : Lookup commands available at build-time # --host : Lookup commands available at runtime +# --update : Update shebang paths that are in Nix store # Example use cases, # $ patchShebangs --host /nix/store/...-hello-1.0/bin @@ -23,14 +24,35 @@ fixupOutputHooks+=(patchShebangsAuto) patchShebangs() { local pathName - - if [[ "$1" == "--host" ]]; then - pathName=HOST_PATH - shift - elif [[ "$1" == "--build" ]]; then - pathName=PATH - shift - fi + local update + + while [[ $# -gt 0 ]]; do + case "$1" in + --host) + pathName=HOST_PATH + shift + ;; + --build) + pathName=PATH + shift + ;; + --update) + update=true + shift + ;; + --) + shift + break + ;; + -*|--*) + echo "Unknown option $1 supplied to patchShebangs" >&2 + return 1 + ;; + *) + break + ;; + esac + done echo "patching script interpreter paths in $@" local f @@ -93,7 +115,7 @@ patchShebangs() { newInterpreterLine="$newPath $args" newInterpreterLine=${newInterpreterLine%${newInterpreterLine##*[![:space:]]}} - if [[ -n "$oldPath" && "${oldPath:0:${#NIX_STORE}}" != "$NIX_STORE" ]]; then + if [[ -n "$oldPath" && ( "$update" == true || "${oldPath:0:${#NIX_STORE}}" != "$NIX_STORE" ) ]]; then if [[ -n "$newPath" && "$newPath" != "$oldPath" ]]; then echo "$f: interpreter directive changed from \"$oldInterpreterLine\" to \"$newInterpreterLine\"" # escape the escape chars so that sed doesn't interpret them diff --git a/nixpkgs/pkgs/build-support/setup-hooks/strip.sh b/nixpkgs/pkgs/build-support/setup-hooks/strip.sh index 849148e92149..d2422bb84234 100644 --- a/nixpkgs/pkgs/build-support/setup-hooks/strip.sh +++ b/nixpkgs/pkgs/build-support/setup-hooks/strip.sh @@ -51,6 +51,9 @@ stripDirs() { local stripFlags="$4" local pathsNew= + [ -z "$cmd" ] && echo "stripDirs: Strip command is empty" 1>&2 && exit 1 + [ -z "$ranlibCmd" ] && echo "stripDirs: Ranlib command is empty" 1>&2 && exit 1 + local p for p in ${paths}; do if [ -e "$prefix/$p" ]; then @@ -61,8 +64,22 @@ stripDirs() { if [ -n "${paths}" ]; then echo "stripping (with command $cmd and flags $stripFlags) in $paths" + local striperr + striperr="$(mktemp --tmpdir="$TMPDIR" 'striperr.XXXXXX')" # Do not strip lib/debug. This is a directory used by setup-hooks/separate-debug-info.sh. - find $paths -type f -a '!' -wholename "$prefix/lib/debug/*" -exec $cmd $stripFlags '{}' \; 2>/dev/null + find $paths -type f -a '!' -path "$prefix/lib/debug/*" -print0 | + # Make sure we process files under symlinks only once. Otherwise + # 'strip` can corrupt files when writes to them in parallel: + # https://github.com/NixOS/nixpkgs/issues/246147#issuecomment-1657072039 + xargs -r -0 -n1 -- realpath -z | sort -u -z | + + xargs -r -0 -n1 -P "$NIX_BUILD_CORES" -- $cmd $stripFlags 2>"$striperr" || exit_code=$? + # xargs exits with status code 123 if some but not all of the + # processes fail. We don't care if some of the files couldn't + # be stripped, so ignore specifically this code. + [[ "$exit_code" = 123 || -z "$exit_code" ]] || (cat "$striperr" 1>&2 && exit 1) + + rm "$striperr" # 'strip' does not normally preserve archive index in .a files. # This usually causes linking failures against static libs like: # ld: ...-i686-w64-mingw32-stage-final-gcc-13.0.0-lib/i686-w64-mingw32/lib/libstdc++.dll.a: diff --git a/nixpkgs/pkgs/build-support/testers/default.nix b/nixpkgs/pkgs/build-support/testers/default.nix index d380dc6f30e1..3ff52ed0178c 100644 --- a/nixpkgs/pkgs/build-support/testers/default.nix +++ b/nixpkgs/pkgs/build-support/testers/default.nix @@ -1,4 +1,4 @@ -{ pkgs, buildPackages, lib, callPackage, runCommand, stdenv, substituteAll, }: +{ pkgs, buildPackages, lib, callPackage, runCommand, stdenv, substituteAll, testers }: # Documentation is in doc/builders/testers.chapter.md { # See https://nixos.org/manual/nixpkgs/unstable/#tester-testBuildFailure @@ -137,7 +137,14 @@ in nixosTesting.simpleTest calledTest; - hasPkgConfigModule = callPackage ./hasPkgConfigModule/tester.nix { }; + hasPkgConfigModule = + { moduleName, ... }@args: + lib.warn "testers.hasPkgConfigModule has been deprecated in favor of testers.hasPkgConfigModules. It accepts a list of strings via the moduleNames argument instead of a single moduleName." ( + testers.hasPkgConfigModules (builtins.removeAttrs args [ "moduleName" ] // { + moduleNames = [ moduleName ]; + }) + ); + hasPkgConfigModules = callPackage ./hasPkgConfigModules/tester.nix { }; testMetaPkgConfig = callPackage ./testMetaPkgConfig/tester.nix { }; } diff --git a/nixpkgs/pkgs/build-support/testers/hasPkgConfigModule/tester.nix b/nixpkgs/pkgs/build-support/testers/hasPkgConfigModules/tester.nix index c8342cdd5c3b..755559038271 100644 --- a/nixpkgs/pkgs/build-support/testers/hasPkgConfigModule/tester.nix +++ b/nixpkgs/pkgs/build-support/testers/hasPkgConfigModules/tester.nix @@ -1,18 +1,18 @@ # Static arguments -{ runCommand, pkg-config }: +{ lib, runCommand, pkg-config }: # Tester arguments { package, - moduleName, - testName ? "check-pkg-config-${moduleName}", + moduleNames ? package.meta.pkgConfigModules, + testName ? "check-pkg-config-${lib.concatStringsSep "-" moduleNames}", }: runCommand testName { nativeBuildInputs = [ pkg-config ]; buildInputs = [ package ]; - inherit moduleName; + inherit moduleNames; meta = { - description = "Test whether ${package.name} exposes pkg-config module ${moduleName}"; + description = "Test whether ${package.name} exposes pkg-config modules ${lib.concatStringsSep ", " moduleNames}."; } # Make sure licensing info etc is preserved, as this is a concern for e.g. cache.nixos.org, # as hydra can't check this meta info in dependencies. @@ -30,18 +30,20 @@ runCommand testName { } package.meta; } '' - echo "checking pkg-config module $moduleName in $buildInputs" - set +e - version="$(pkg-config --modversion $moduleName)" - r=$? - set -e - if [[ $r = 0 ]]; then - echo "✅ pkg-config module $moduleName exists and has version $version" - echo "$version" > $out - else - echo "These modules were available in the input propagation closure:" - pkg-config --list-all - echo "❌ pkg-config module $moduleName was not found" - false - fi + for moduleName in $moduleNames; do + echo "checking pkg-config module $moduleName in $buildInputs" + set +e + version="$(pkg-config --modversion $moduleName)" + r=$? + set -e + if [[ $r = 0 ]]; then + echo "✅ pkg-config module $moduleName exists and has version $version" + printf '%s\t%s\n' "$moduleName" "$version" >> "$out" + else + echo "These modules were available in the input propagation closure:" + pkg-config --list-all + echo "❌ pkg-config module $moduleName was not found" + false + fi + done '' diff --git a/nixpkgs/pkgs/build-support/testers/hasPkgConfigModule/tests.nix b/nixpkgs/pkgs/build-support/testers/hasPkgConfigModules/tests.nix index 8005c3f93709..96569498fb15 100644 --- a/nixpkgs/pkgs/build-support/testers/hasPkgConfigModule/tests.nix +++ b/nixpkgs/pkgs/build-support/testers/hasPkgConfigModules/tests.nix @@ -1,19 +1,32 @@ # cd nixpkgs # nix-build -A tests.testers.hasPkgConfigModule -{ lib, testers, zlib, runCommand }: +{ lib, testers, zlib, openssl, runCommand }: lib.recurseIntoAttrs { - zlib-has-zlib = testers.hasPkgConfigModule { + zlib-has-zlib = testers.hasPkgConfigModules { package = zlib; - moduleName = "zlib"; + moduleNames = [ "zlib" ]; + }; + + zlib-has-meta-pkgConfigModules = testers.hasPkgConfigModules { + package = zlib; + }; + + openssl-has-openssl = testers.hasPkgConfigModules { + package = openssl; + moduleNames = [ "openssl" ]; + }; + + openssl-has-all-meta-pkgConfigModules = testers.hasPkgConfigModules { + package = openssl; }; zlib-does-not-have-ylib = runCommand "zlib-does-not-have-ylib" { failed = testers.testBuildFailure ( - testers.hasPkgConfigModule { + testers.hasPkgConfigModules { package = zlib; - moduleName = "ylib"; + moduleNames = [ "ylib" ]; } ); } '' diff --git a/nixpkgs/pkgs/build-support/testers/test/default.nix b/nixpkgs/pkgs/build-support/testers/test/default.nix index fc4df4964f39..c48c9f299ebf 100644 --- a/nixpkgs/pkgs/build-support/testers/test/default.nix +++ b/nixpkgs/pkgs/build-support/testers/test/default.nix @@ -12,7 +12,7 @@ let in lib.recurseIntoAttrs { - hasPkgConfigModule = pkgs.callPackage ../hasPkgConfigModule/tests.nix { }; + hasPkgConfigModules = pkgs.callPackage ../hasPkgConfigModules/tests.nix { }; runNixOSTest-example = pkgs-with-overlay.testers.runNixOSTest ({ lib, ... }: { name = "runNixOSTest-test"; diff --git a/nixpkgs/pkgs/build-support/trivial-builders/default.nix b/nixpkgs/pkgs/build-support/trivial-builders/default.nix index dcdac09004bb..7c4d204df407 100644 --- a/nixpkgs/pkgs/build-support/trivial-builders/default.nix +++ b/nixpkgs/pkgs/build-support/trivial-builders/default.nix @@ -304,6 +304,7 @@ rec { checkPhase = '' ${stdenv.shellDryRun} "$target" ''; + meta.mainProgram = name; }; /* @@ -357,12 +358,20 @@ rec { ''; checkPhase = + # GHC (=> shellcheck) isn't supported on some platforms (such as risc-v) + # but we still want to use writeShellApplication on those platforms + let + shellcheckSupported = lib.meta.availableOn stdenv.buildPlatform shellcheck.compiler; + shellcheckCommand = lib.optionalString shellcheckSupported '' + # use shellcheck which does not include docs + # pandoc takes long to build and documentation isn't needed for just running the cli + ${lib.getExe (haskell.lib.compose.justStaticExecutables shellcheck.unwrapped)} "$target" + ''; + in if checkPhase == null then '' runHook preCheck ${stdenv.shellDryRun} "$target" - # use shellcheck which does not include docs - # pandoc takes long to build and documentation isn't needed for in nixpkgs usage - ${lib.getExe (haskell.lib.compose.justStaticExecutables shellcheck.unwrapped)} "$target" + ${shellcheckCommand} runHook postCheck '' else checkPhase; diff --git a/nixpkgs/pkgs/build-support/writers/scripts.nix b/nixpkgs/pkgs/build-support/writers/scripts.nix index c43f10f0a2ec..184ecee68777 100644 --- a/nixpkgs/pkgs/build-support/writers/scripts.nix +++ b/nixpkgs/pkgs/build-support/writers/scripts.nix @@ -92,12 +92,7 @@ rec { passAsFile = [ "content" ]; } else { contentPath = content; - }) // lib.optionalAttrs (stdenv.hostPlatform.isDarwin && stdenv.hostPlatform.isAarch64) { - # post-link-hook expects codesign_allocate to be in PATH - # https://github.com/NixOS/nixpkgs/issues/154203 - # https://github.com/NixOS/nixpkgs/issues/148189 - nativeBuildInputs = [ stdenv.cc.bintools ]; - } // lib.optionalAttrs (nameOrPath == "/bin/${name}") { + }) // lib.optionalAttrs (nameOrPath == "/bin/${name}") { meta.mainProgram = name; }) '' ${compileScript} |