10 files changed, 361 insertions, 7 deletions
diff --git a/pkgs/development/compilers/gcc/libstdc++-hook.sh b/pkgs/development/compilers/gcc/libstdc++-hook.sh
new file mode 100644
index 000000000000..2d30c845b5a3
--- /dev/null
+++ b/pkgs/development/compilers/gcc/libstdc++-hook.sh
@@ -0,0 +1,2 @@
+export NIX_CXXSTDLIB_COMPILE+="-isystem $(echo -n @gcc@/include/c++/*) -isystem $(echo -n @gcc@/include/c++/*)/$(@gcc@/bin/gcc -dumpmachine)"
+export NIX_CXXSTDLIB_LINK=" -stdlib=libstdc++"
diff --git a/pkgs/development/compilers/go/1.9.nix b/pkgs/development/compilers/go/1.9.nix
new file mode 100644
index 000000000000..1a148447c6b3
--- /dev/null
+++ b/pkgs/development/compilers/go/1.9.nix
@@ -0,0 +1,181 @@
+{ stdenv, fetchFromGitHub, tzdata, iana-etc, go_bootstrap, runCommand, writeScriptBin
+, perl, which, pkgconfig, patch, fetchpatch
+, pcre, cacert, llvm
+, Security, Foundation, bash
+, makeWrapper, git, subversion, mercurial, bazaar }:
+
+let
+
+  inherit (stdenv.lib) optional optionals optionalString;
+
+  clangHack = writeScriptBin "clang" ''
+    #!${stdenv.shell}
+    exec ${stdenv.cc}/bin/clang "$@" 2> >(sed '/ld: warning:.*ignoring unexpected dylib file/ d' 1>&2)
+  '';
+
+  goBootstrap = runCommand "go-bootstrap" {} ''
+    mkdir $out
+    cp -rf ${go_bootstrap}/* $out/
+    chmod -R u+w $out
+    find $out -name "*.c" -delete
+    cp -rf $out/bin/* $out/share/go/bin/
+  '';
+
+in
+
+stdenv.mkDerivation rec {
+  name = "go-${version}";
+  version = "1.9";
+
+  src = fetchFromGitHub {
+    owner = "golang";
+    repo = "go";
+    rev = "go${version}";
+    sha256 = "06k66x387r93m7d3bd5yzwdm8f8xc43cdjfamqldfc1v8ngak0y9";
+  };
+
+  # perl is used for testing go vet
+  nativeBuildInputs = [ perl which pkgconfig patch makeWrapper ];
+  buildInputs = [ pcre ]
+    ++ optionals stdenv.isLinux [ stdenv.glibc.out stdenv.glibc.static ];
+  propagatedBuildInputs = optionals stdenv.isDarwin [ Security Foundation ];
+
+  hardeningDisable = [ "all" ];
+
+  prePatch = ''
+    patchShebangs ./ # replace /bin/bash
+
+    # This source produces shell script at run time,
+    # and thus it is not corrected by patchShebangs.
+    substituteInPlace misc/cgo/testcarchive/carchive_test.go \
+      --replace '#!/usr/bin/env bash' '#!${stdenv.shell}'
+
+    # Disabling the 'os/http/net' tests (they want files not available in
+    # chroot builds)
+    rm src/net/{listen,parse}_test.go
+    rm src/syscall/exec_linux_test.go
+
+    # !!! substituteInPlace does not seems to be effective.
+    # The os test wants to read files in an existing path. Just don't let it be /usr/bin.
+    sed -i 's,/usr/bin,'"`pwd`", src/os/os_test.go
+    sed -i 's,/bin/pwd,'"`type -P pwd`", src/os/os_test.go
+    # Disable the unix socket test
+    sed -i '/TestShutdownUnix/areturn' src/net/net_test.go
+    # Disable the hostname test
+    sed -i '/TestHostname/areturn' src/os/os_test.go
+    # ParseInLocation fails the test
+    sed -i '/TestParseInSydney/areturn' src/time/format_test.go
+    # Remove the api check as it never worked
+    sed -i '/src\/cmd\/api\/run.go/ireturn nil' src/cmd/dist/test.go
+    # Remove the coverage test as we have removed this utility
+    sed -i '/TestCoverageWithCgo/areturn' src/cmd/go/go_test.go
+    # Remove the timezone naming test
+    sed -i '/TestLoadFixed/areturn' src/time/time_test.go
+    # Remove disable setgid test
+    sed -i '/TestRespectSetgidDir/areturn' src/cmd/go/internal/work/build_test.go
+    # Remove cert tests that conflict with NixOS's cert resolution
+    sed -i '/TestEnvVars/areturn' src/crypto/x509/root_unix_test.go
+
+    sed -i 's,/etc/protocols,${iana-etc}/etc/protocols,' src/net/lookup_unix.go
+    sed -i 's,/etc/services,${iana-etc}/etc/services,' src/net/port_unix.go
+
+    # Disable cgo lookup tests not works, they depend on resolver
+    rm src/net/cgo_unix_test.go
+
+  '' + optionalString stdenv.isLinux ''
+    sed -i 's,/usr/share/zoneinfo/,${tzdata}/share/zoneinfo/,' src/time/zoneinfo_unix.go
+  '' + optionalString stdenv.isArm ''
+    sed -i '/TestCurrent/areturn' src/os/user/user_test.go
+    echo '#!/usr/bin/env bash' > misc/cgo/testplugin/test.bash
+  '' + optionalString stdenv.isDarwin ''
+    substituteInPlace src/race.bash --replace \
+      "sysctl machdep.cpu.extfeatures | grep -qv EM64T" true
+    sed -i 's,strings.Contains(.*sysctl.*,true {,' src/cmd/dist/util.go
+    sed -i 's,"/etc","'"$TMPDIR"'",' src/os/os_test.go
+    sed -i 's,/_go_os_test,'"$TMPDIR"'/_go_os_test,' src/os/path_test.go
+
+    sed -i '/TestChdirAndGetwd/areturn' src/os/os_test.go
+    sed -i '/TestRead0/areturn' src/os/os_test.go
+    sed -i '/TestNohup/areturn' src/os/signal/signal_test.go
+    sed -i '/TestCurrent/areturn' src/os/user/user_test.go
+    sed -i '/TestSystemRoots/areturn' src/crypto/x509/root_darwin_test.go
+
+    sed -i '/TestGoInstallRebuildsStalePackagesInOtherGOPATH/areturn' src/cmd/go/go_test.go
+    sed -i '/TestBuildDashIInstallsDependencies/areturn' src/cmd/go/go_test.go
+
+    sed -i '/TestDisasmExtld/areturn' src/cmd/objdump/objdump_test.go
+
+    sed -i 's/unrecognized/unknown/' src/cmd/link/internal/ld/lib.go
+    sed -i 's/unrecognized/unknown/' src/cmd/go/build.go
+
+    touch $TMPDIR/group $TMPDIR/hosts $TMPDIR/passwd
+
+    sed -i '1 a\exit 0' misc/cgo/errors/test.bash
+  '';
+
+  patches =
+    [ ./remove-tools-1.9.patch
+      ./ssl-cert-file-1.9.patch
+      ./creds-test.patch
+      ./remove-test-pie-1.9.patch
+    ];
+
+  postPatch = optionalString stdenv.isDarwin ''
+    echo "substitute hardcoded dsymutil with ${llvm}/bin/llvm-dsymutil"
+    substituteInPlace "src/cmd/link/internal/ld/lib.go" --replace dsymutil ${llvm}/bin/llvm-dsymutil
+  '';
+
+  NIX_SSL_CERT_FILE = "${cacert}/etc/ssl/certs/ca-bundle.crt";
+
+  GOOS = if stdenv.isDarwin then "darwin" else "linux";
+  GOARCH = if stdenv.isDarwin then "amd64"
+           else if stdenv.system == "i686-linux" then "386"
+           else if stdenv.system == "x86_64-linux" then "amd64"
+           else if stdenv.isArm then "arm"
+           else throw "Unsupported system";
+  GOARM = optionalString (stdenv.system == "armv5tel-linux") "5";
+  GO386 = 387; # from Arch: don't assume sse2 on i686
+  CGO_ENABLED = 1;
+  GOROOT_BOOTSTRAP = "${goBootstrap}/share/go";
+
+  # The go build actually checks for CC=*/clang and does something different, so we don't
+  # just want the generic `cc` here.
+  CC = if stdenv.isDarwin then "clang" else "cc";
+
+  configurePhase = ''
+    mkdir -p $out/share/go/bin
+    export GOROOT=$out/share/go
+    export GOBIN=$GOROOT/bin
+    export PATH=$GOBIN:$PATH
+  '';
+
+  postConfigure = optionalString stdenv.isDarwin ''
+    export PATH=${clangHack}/bin:$PATH
+  '';
+
+  installPhase = ''
+    cp -r . $GOROOT
+    ( cd $GOROOT/src && ./all.bash )
+
+    # (https://github.com/golang/go/wiki/GoGetTools)
+    wrapProgram $out/share/go/bin/go --prefix PATH ":" "${stdenv.lib.makeBinPath [ git subversion mercurial bazaar ]}"
+  '';
+
+  preFixup = ''
+    rm -r $out/share/go/pkg/bootstrap
+    ln -s $out/share/go/bin $out/bin
+  '';
+
+  setupHook = ./setup-hook.sh;
+
+  disallowedReferences = [ go_bootstrap ];
+
+  meta = with stdenv.lib; {
+    branch = "1.8";
+    homepage = http://golang.org/;
+    description = "The Go Programming language";
+    license = licenses.bsd3;
+    maintainers = with maintainers; [ cstrahan wkennington ];
+    platforms = platforms.linux ++ platforms.darwin;
+  };
+}
diff --git a/pkgs/development/compilers/go/remove-test-pie-1.9.patch b/pkgs/development/compilers/go/remove-test-pie-1.9.patch
new file mode 100644
index 000000000000..46f94f29df20
--- /dev/null
+++ b/pkgs/development/compilers/go/remove-test-pie-1.9.patch
@@ -0,0 +1,26 @@
+diff --git a/src/cmd/dist/test.go b/src/cmd/dist/test.go
+index 73432d31ea..3310f5298d 100644
+--- a/src/cmd/dist/test.go
++++ b/src/cmd/dist/test.go
+@@ -510,21 +510,6 @@ func (t *tester) registerTests() {
+ 		})
+ 	}
+ 
+-	// Test internal linking of PIE binaries where it is supported.
+-	if t.goos == "linux" && t.goarch == "amd64" && !isAlpineLinux() {
+-		// Issue 18243: We don't have a way to set the default
+-		// dynamic linker used in internal linking mode. So
+-		// this test is skipped on Alpine.
+-		t.tests = append(t.tests, distTest{
+-			name:    "pie_internal",
+-			heading: "internal linking of -buildmode=pie",
+-			fn: func(dt *distTest) error {
+-				t.addCmd(dt, "src", "go", "test", "reflect", "-short", "-buildmode=pie", "-ldflags=-linkmode=internal", t.timeout(60), t.tags(), t.runFlag(""))
+-				return nil
+-			},
+-		})
+-	}
+-
+ 	// sync tests
+ 	t.tests = append(t.tests, distTest{
+ 		name:    "sync_cpu",
diff --git a/pkgs/development/compilers/go/remove-tools-1.9.patch b/pkgs/development/compilers/go/remove-tools-1.9.patch
new file mode 100644
index 000000000000..e76ed61693a8
--- /dev/null
+++ b/pkgs/development/compilers/go/remove-tools-1.9.patch
@@ -0,0 +1,35 @@
+diff --git a/src/go/build/build.go b/src/go/build/build.go
+index d8163d0172..dd80a70473 100644
+--- a/src/go/build/build.go
++++ b/src/go/build/build.go
+@@ -1592,7 +1592,7 @@ func init() {
+ }
+ 
+ // ToolDir is the directory containing build tools.
+-var ToolDir = filepath.Join(runtime.GOROOT(), "pkg/tool/"+runtime.GOOS+"_"+runtime.GOARCH)
++var ToolDir = runtime.GOTOOLDIR()
+ 
+ // IsLocalImport reports whether the import path is
+ // a local import path, like ".", "..", "./foo", or "../foo".
+diff --git a/src/runtime/extern.go b/src/runtime/extern.go
+index 6e6c674d96..e9f62f96dc 100644
+--- a/src/runtime/extern.go
++++ b/src/runtime/extern.go
+@@ -223,6 +223,17 @@ func GOROOT() string {
+ 	return sys.DefaultGoroot
+ }
+ 
++// GOTOOLDIR returns the root of the Go tree.
++// It uses the GOTOOLDIR environment variable, if set,
++// or else the root used during the Go build.
++func GOTOOLDIR() string {
++	s := gogetenv("GOTOOLDIR")
++	if s != "" {
++		return s
++	}
++	return GOROOT() + "/pkg/tool/" + GOOS + "_" + GOARCH
++}
++
+ // Version returns the Go tree's version string.
+ // It is either the commit hash and date at the time of the build or,
+ // when possible, a release tag like "go1.3".
diff --git a/pkgs/development/compilers/go/ssl-cert-file-1.9.patch b/pkgs/development/compilers/go/ssl-cert-file-1.9.patch
new file mode 100644
index 000000000000..3f27bc138c10
--- /dev/null
+++ b/pkgs/development/compilers/go/ssl-cert-file-1.9.patch
@@ -0,0 +1,80 @@
+diff --git a/src/crypto/x509/root_cgo_darwin.go b/src/crypto/x509/root_cgo_darwin.go
+index 8e80533590..31c0c666ec 100644
+--- a/src/crypto/x509/root_cgo_darwin.go
++++ b/src/crypto/x509/root_cgo_darwin.go
+@@ -201,11 +201,20 @@ int FetchPEMRoots(CFDataRef *pemRoots, CFDataRef *untrustedPemRoots) {
+ import "C"
+ import (
+ 	"errors"
++	"io/ioutil"
++	"os"
+ 	"unsafe"
+ )
+ 
+ func loadSystemRoots() (*CertPool, error) {
+ 	roots := NewCertPool()
++	if file := os.Getenv("NIX_SSL_CERT_FILE"); file != "" {
++		data, err := ioutil.ReadFile(file)
++		if err == nil {
++			roots.AppendCertsFromPEM(data)
++			return roots, nil
++		}
++	}
+ 
+ 	var data C.CFDataRef = nil
+ 	var untrustedData C.CFDataRef = nil
+diff --git a/src/crypto/x509/root_darwin.go b/src/crypto/x509/root_darwin.go
+index bc35a1cf21..21e52bec51 100644
+--- a/src/crypto/x509/root_darwin.go
++++ b/src/crypto/x509/root_darwin.go
+@@ -81,18 +81,26 @@ func execSecurityRoots() (*CertPool, error) {
+ 		)
+ 	}
+ 
+-	cmd := exec.Command("/usr/bin/security", args...)
+-	data, err := cmd.Output()
+-	if err != nil {
+-		return nil, err
+-	}
+-
+ 	var (
+ 		mu          sync.Mutex
+ 		roots       = NewCertPool()
+ 		numVerified int // number of execs of 'security verify-cert', for debug stats
+ 	)
+ 
++	if file := os.Getenv("NIX_SSL_CERT_FILE"); file != "" {
++		data, err := ioutil.ReadFile(file)
++		if err == nil {
++			roots.AppendCertsFromPEM(data)
++			return roots, nil
++		}
++	}
++
++	cmd := exec.Command("/usr/bin/security", args...)
++	data, err := cmd.Output()
++	if err != nil {
++		return nil, err
++	}
++
+ 	blockCh := make(chan *pem.Block)
+ 	var wg sync.WaitGroup
+ 
+diff --git a/src/crypto/x509/root_unix.go b/src/crypto/x509/root_unix.go
+index 65b5a5fdbc..c9c7ac6a74 100644
+--- a/src/crypto/x509/root_unix.go
++++ b/src/crypto/x509/root_unix.go
+@@ -37,6 +37,13 @@ func (c *Certificate) systemVerify(opts *VerifyOptions) (chains [][]*Certificate
+ 
+ func loadSystemRoots() (*CertPool, error) {
+ 	roots := NewCertPool()
++	if file := os.Getenv("NIX_SSL_CERT_FILE"); file != "" {
++		data, err := ioutil.ReadFile(file)
++		if err == nil {
++			roots.AppendCertsFromPEM(data)
++			return roots, nil
++		}
++	}
+ 
+ 	files := certFiles
+ 	if f := os.Getenv(certFileEnv); f != "" {
diff --git a/pkgs/development/compilers/llvm/4/default.nix b/pkgs/development/compilers/llvm/4/default.nix
index 9e5bccff3556..11a9a46c15e5 100644
--- a/pkgs/development/compilers/llvm/4/default.nix
+++ b/pkgs/development/compilers/llvm/4/default.nix
@@ -1,4 +1,8 @@
-{ lowPrio, newScope, stdenv, cmake, libxml2, python2, isl, fetchurl, overrideCC, wrapCC, darwin, ccWrapperFun }:
+{ lowPrio, newScope, stdenv, targetPlatform, cmake, libstdcxxHook
+, libxml2, python2, isl, fetchurl, overrideCC, wrapCC, ccWrapperFun
+, darwin
+}:
+
 let
   callPackage = newScope (self // { inherit stdenv cmake libxml2 python2 isl release_version version fetch; });
 
@@ -46,7 +50,12 @@ let
       extraPackages = [ self.libcxx self.libcxxabi ];
     };
 
-    stdenv = overrideCC stdenv self.clang;
+    stdenv = stdenv.override (drv: {
+      allowedRequisites = null;
+      cc = self.clang;
+      # Use the gcc libstdc++ when targeting linux.
+      extraBuildInputs = if stdenv.cc.isGNU then [ libstdcxxHook ] else drv.extraBuildInputs;
+    });
 
     libcxxStdenv = overrideCC stdenv self.libcxxClang;
 
@@ -58,4 +67,5 @@ let
 
     libcxxabi = callPackage ./libc++abi.nix {};
   };
+
 in self
diff --git a/pkgs/development/haskell-modules/configuration-nix.nix b/pkgs/development/haskell-modules/configuration-nix.nix
index c1813cad7a9e..0f2fd37f5bd8 100644
--- a/pkgs/development/haskell-modules/configuration-nix.nix
+++ b/pkgs/development/haskell-modules/configuration-nix.nix
@@ -499,6 +499,7 @@ self: super: builtins.intersectAttrs super {
   # Disable separate bin outputs for these specific packages that break with it.
   H = hasNoBinOutput super.H;
   cryptol = hasNoBinOutput super.cryptol;
+  hscolour = hasNoBinOutput super.hscolour;
   sproxy = hasNoBinOutput super.sproxy;
   sproxy2 = hasNoBinOutput super.sproxy2;
   sproxy-web = hasNoBinOutput super.sproxy-web;
diff --git a/pkgs/development/libraries/libfpx/default.nix b/pkgs/development/libraries/libfpx/default.nix
index 0a7a1d462ee8..28e1ad895b45 100644
--- a/pkgs/development/libraries/libfpx/default.nix
+++ b/pkgs/development/libraries/libfpx/default.nix
@@ -1,4 +1,4 @@
-{ stdenv, fetchurl }:
+{ stdenv, fetchurl, fetchpatch }:
 
 stdenv.mkDerivation rec {
   name = "libfpx-1.3.1-7";
@@ -11,6 +11,13 @@ stdenv.mkDerivation rec {
   # Darwin gets misdetected as Windows without this
   NIX_CFLAGS_COMPILE = if stdenv.isDarwin then "-D__unix" else null;
 
+  patches = [
+    (fetchpatch {
+      url = "https://gitweb.gentoo.org/repo/gentoo.git/plain/media-libs/libfpx/files/libfpx-1.3.1_p6-gcc6.patch?id=f28a947813dbc0a1fd1a8d4a712d58a64c48ca01";
+      sha256 = "032y8110zgnkdhkdq3745zk53am1x34d912rai8q70k3sskyq22p";
+    })
+  ];
+
   # This dead code causes a duplicate symbol error in Clang so just remove it
   postPatch = if stdenv.cc.isClang then ''
     substituteInPlace jpeg/ejpeg.h --replace "int No_JPEG_Header_Flag" ""
diff --git a/pkgs/tools/security/afl/default.nix b/pkgs/tools/security/afl/default.nix
index 4c3dfe4d07cc..5b96e513fd49 100644
--- a/pkgs/tools/security/afl/default.nix
+++ b/pkgs/tools/security/afl/default.nix
@@ -1,5 +1,6 @@
 { stdenv, fetchurl, bash, callPackage, makeWrapper
-, clang, llvm, which, libcgroup }:
+, clang, llvm, which, libcgroup
+}:
 
 let
   afl-qemu = callPackage ./qemu.nix {};
@@ -7,6 +8,7 @@ let
     else if stdenv.system == "i686-linux" then "qemu-i386"
     else throw "afl: no support for ${stdenv.system}!";
 in
+
 stdenv.mkDerivation rec {
   name    = "afl-${version}";
   version = "2.48b";
@@ -23,7 +25,7 @@ stdenv.mkDerivation rec {
   buildPhase   = ''
     make PREFIX=$out
     cd llvm_mode
-    make PREFIX=$out CC=${clang}/bin/clang CXX=${clang}/bin/clang++
+    make PREFIX=$out
     cd ..
   '';
   installPhase = ''
diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
index 2f4fb44653d4..175b3a98df13 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -396,7 +396,9 @@ with pkgs;
 
   afio = callPackage ../tools/archivers/afio { };
 
-  afl = callPackage ../tools/security/afl { };
+  afl = callPackage ../tools/security/afl {
+    stdenv = clangStdenv;
+  };
 
   afpfs-ng = callPackage ../tools/filesystems/afpfs-ng/default.nix { };
 
@@ -5360,6 +5362,10 @@ with pkgs;
 
   gccApple = throw "gccApple is no longer supported";
 
+  libstdcxxHook = makeSetupHook
+    { substitutions = { gcc = gcc-unwrapped; }; }
+    ../development/compilers/gcc/libstdc++-hook.sh;
+
   # Can't just overrideCC, because then the stdenv-cross mkDerivation will be
   # thrown away. TODO: find a better solution for this.
   crossLibcStdenv = buildPackages.makeStdenvCross {
@@ -5693,7 +5699,11 @@ with pkgs;
     inherit (darwin.apple_sdk.frameworks) Security Foundation;
   };
 
-  go = go_1_8;
+  go_1_9 = callPackage ../development/compilers/go/1.9.nix {
+    inherit (darwin.apple_sdk.frameworks) Security Foundation;
+  };
+
+  go = go_1_9;
 
   go-repo-root = callPackage ../development/tools/go-repo-root { };