diff options
Diffstat (limited to 'pkgs/build-support')
-rw-r--r-- | pkgs/build-support/cc-wrapper/default.nix | 4 | ||||
-rw-r--r-- | pkgs/build-support/docker/default.nix | 2 | ||||
-rw-r--r-- | pkgs/build-support/fetchfile/builder.sh | 11 | ||||
-rw-r--r-- | pkgs/build-support/fetchfile/default.nix | 11 | ||||
-rw-r--r-- | pkgs/build-support/fetchgx/default.nix | 30 | ||||
-rw-r--r-- | pkgs/build-support/gcc-cross-wrapper/builder.sh | 2 | ||||
-rw-r--r-- | pkgs/build-support/grsecurity/default.nix | 2 | ||||
-rw-r--r-- | pkgs/build-support/kernel/modules-closure.nix | 4 |
8 files changed, 37 insertions, 29 deletions
diff --git a/pkgs/build-support/cc-wrapper/default.nix b/pkgs/build-support/cc-wrapper/default.nix index 8a9bd3ecb4d5..c8e3d8b4cc82 100644 --- a/pkgs/build-support/cc-wrapper/default.nix +++ b/pkgs/build-support/cc-wrapper/default.nix @@ -252,10 +252,10 @@ stdenv.mkDerivation { # some linkers on some platforms don't support specific -z flags hardening_unsupported_flags="" - if [[ "$($ldPath/ld -z now 2>&1 || true)" =~ "unknown option" ]]; then + if [[ "$($ldPath/ld -z now 2>&1 || true)" =~ un(recognized|known)\ option ]]; then hardening_unsupported_flags+=" bindnow" fi - if [[ "$($ldPath/ld -z relro 2>&1 || true)" =~ "unknown option" ]]; then + if [[ "$($ldPath/ld -z relro 2>&1 || true)" =~ un(recognized|known)\ option ]]; then hardening_unsupported_flags+=" relro" fi diff --git a/pkgs/build-support/docker/default.nix b/pkgs/build-support/docker/default.nix index 7fc4000cb300..21e0d2b5128a 100644 --- a/pkgs/build-support/docker/default.nix +++ b/pkgs/build-support/docker/default.nix @@ -442,7 +442,7 @@ rec { < image/repositories) for l in image/*/layer.tar; do - ls_tar image/*/layer.tar >> baseFiles + ls_tar $l >> baseFiles done fi diff --git a/pkgs/build-support/fetchfile/builder.sh b/pkgs/build-support/fetchfile/builder.sh deleted file mode 100644 index b849491fc5ab..000000000000 --- a/pkgs/build-support/fetchfile/builder.sh +++ /dev/null @@ -1,11 +0,0 @@ -source $stdenv/setup - -echo "copying $pathname into $out..." - -cp "$pathname" "$out" || exit 1 - -actual=$(md5sum -b $out | cut -c1-32) -if test "$actual" != "$md5"; then - echo "hash is $actual, expected $md5" - exit 1 -fi diff --git a/pkgs/build-support/fetchfile/default.nix b/pkgs/build-support/fetchfile/default.nix deleted file mode 100644 index 685c1e69520a..000000000000 --- a/pkgs/build-support/fetchfile/default.nix +++ /dev/null @@ -1,11 +0,0 @@ -{stdenv}: {pathname, md5 ? "", sha256 ? ""}: stdenv.mkDerivation { - name = baseNameOf (toString pathname); - builder = ./builder.sh; - pathname = pathname; -} // if (sha256 == "") then { - md5 = (stdenv.lib.fetchMD5warn "fetchfile" pathname md5); - id = md5; -} else { - sha256 = sha256; - id = sha256; -} diff --git a/pkgs/build-support/fetchgx/default.nix b/pkgs/build-support/fetchgx/default.nix new file mode 100644 index 000000000000..c72bbec66321 --- /dev/null +++ b/pkgs/build-support/fetchgx/default.nix @@ -0,0 +1,30 @@ +{ stdenv, gx, gx-go, go, cacert }: + +{ name, src, sha256 }: + +stdenv.mkDerivation { + name = "${name}-gxdeps"; + inherit src; + + buildInputs = [ go gx gx-go ]; + + outputHashAlgo = "sha256"; + outputHashMode = "recursive"; + outputHash = sha256; + + phases = [ "unpackPhase" "buildPhase" "installPhase" ]; + + SSL_CERT_FILE = "${cacert}/etc/ssl/certs/ca-bundle.crt"; + + buildPhase = '' + export GOPATH=$(pwd)/vendor + mkdir vendor + gx install + ''; + + installPhase = '' + mv vendor $out + ''; + + preferLocalBuild = true; +} diff --git a/pkgs/build-support/gcc-cross-wrapper/builder.sh b/pkgs/build-support/gcc-cross-wrapper/builder.sh index 1bdda9696536..b729144b8601 100644 --- a/pkgs/build-support/gcc-cross-wrapper/builder.sh +++ b/pkgs/build-support/gcc-cross-wrapper/builder.sh @@ -8,7 +8,7 @@ mkdir $out/nix-support cflagsCompile="-B$out/bin/" if test -z "$nativeLibc" -a -n "$libc"; then - cflagsCompile="$cflagsCompile -B$gccLibs/lib -B$libc/lib/ -isystem $libc/include" + cflagsCompile="$cflagsCompile -B$gccLibs/lib -B$libc/lib/ -isystem $libc_dev/include" ldflags="$ldflags -L$libc/lib" # Get the proper dynamic linker for glibc and uclibc. dlinker=`eval 'echo $libc/lib/ld*.so.?'` diff --git a/pkgs/build-support/grsecurity/default.nix b/pkgs/build-support/grsecurity/default.nix index 4379b1997ae2..ccd46e20654f 100644 --- a/pkgs/build-support/grsecurity/default.nix +++ b/pkgs/build-support/grsecurity/default.nix @@ -21,7 +21,7 @@ assert (kernel.version == grsecPatch.kver); overrideDerivation (kernel.override { inherit modDirVersion; - kernelPatches = [ grsecPatch ] ++ kernelPatches ++ (kernel.kernelPatches or []); + kernelPatches = lib.unique ([ grsecPatch ] ++ kernelPatches ++ (kernel.kernelPatches or [])); extraConfig = '' GRKERNSEC y PAX y diff --git a/pkgs/build-support/kernel/modules-closure.nix b/pkgs/build-support/kernel/modules-closure.nix index 6ae844a62463..9940e611124c 100644 --- a/pkgs/build-support/kernel/modules-closure.nix +++ b/pkgs/build-support/kernel/modules-closure.nix @@ -3,10 +3,10 @@ # the modules identified by `rootModules', plus their dependencies. # Also generate an appropriate modules.dep. -{ stdenv, kernel, nukeReferences, rootModules +{ stdenvNoCC, kernel, nukeReferences, rootModules , kmod, allowMissing ? false }: -stdenv.mkDerivation { +stdenvNoCC.mkDerivation { name = kernel.name + "-shrunk"; builder = ./modules-closure.sh; buildInputs = [ nukeReferences kmod ]; |