From efcb00d002d3bcb830e2aad949044f5f1a1117c6 Mon Sep 17 00:00:00 2001
From: Gergely Risko <errge@nilcons.com>
Date: Fri, 29 Aug 2014 22:09:01 +0200
Subject: Do allowed requisites check in stdenv/linux

Use the new allowedRequisites feature in stdenvLinux.

This way we properly check that the end-result stdenv of the quite
complicated multi-stage stdenvLinux building procedure is sane, and only
depends on the stuff that we know about.

Alternative would be to just disallowRequisites bootstrapTools, which is
the most common offender, but we have had other offenders in the past.

For these checks to actually fire, you currently have to use nixUnstable,
as the necessary feature will be released in Nix 1.8.
---
 pkgs/stdenv/linux/default.nix | 25 ++++++++++++++++---------
 1 file changed, 16 insertions(+), 9 deletions(-)

(limited to 'pkgs/stdenv/linux')

diff --git a/pkgs/stdenv/linux/default.nix b/pkgs/stdenv/linux/default.nix
index 10ae46c23fba..feb8a5172459 100644
--- a/pkgs/stdenv/linux/default.nix
+++ b/pkgs/stdenv/linux/default.nix
@@ -192,7 +192,7 @@ rec {
       name = "bootstrap-gcc-wrapper";
     };
     overrides = pkgs: {
-      inherit (stage2.pkgs) binutils glibc perl patchelf;
+      inherit (stage2.pkgs) binutils glibc perl patchelf linuxHeaders;
       # Link GCC statically against GMP etc.  This makes sense because
       # these builds of the libraries are only used by GCC, so it
       # reduces the size of the stdenv closure.
@@ -225,7 +225,14 @@ rec {
       # because gcc (since JAR support) already depends on zlib, and
       # then if we already have a zlib we want to use that for the
       # other purposes (binutils and top-level pkgs) too.
-      inherit (stage3.pkgs) gettext gnum4 gmp perl glibc zlib;
+      inherit (stage3.pkgs) gettext gnum4 gmp perl glibc zlib linuxHeaders;
+
+      gcc = (wrapGCC {
+        gcc = stage4.stdenv.gcc.gcc;
+        libc = stage4.pkgs.glibc;
+        inherit (stage4.pkgs) binutils coreutils;
+        name = "";
+      }).override { shell = stage4.pkgs.bash + "/bin/bash"; };
     };
     extraBuildInputs = [ stage3.pkgs.patchelf stage3.pkgs.xz ];
   };
@@ -254,14 +261,9 @@ rec {
 
     extraBuildInputs = [ stage4.pkgs.patchelf stage4.pkgs.paxctl ];
 
-    shell = stage4.pkgs.bash + "/bin/bash";
+    gcc = stage4.pkgs.gcc;
 
-    gcc = (wrapGCC rec {
-      gcc = stage4.stdenv.gcc.gcc;
-      libc = stage4.pkgs.glibc;
-      inherit (stage4.pkgs) binutils coreutils;
-      name = "";
-    }).override { inherit shell; };
+    shell = gcc.shell;
 
     inherit (stage4.stdenv) fetchurlBoot;
 
@@ -271,6 +273,11 @@ rec {
       shellPackage = stage4.pkgs.bash;
     };
 
+    allowedRequisites = with stage4.pkgs;
+      [ gzip bzip2 xz bash binutils coreutils diffutils findutils gawk
+        glibc gnumake gnused gnutar gnugrep gnupatch patchelf attr acl
+        paxctl zlib pcre linuxHeaders ed gcc gcc.gcc libsigsegv ];
+
     overrides = pkgs: {
       inherit gcc;
       inherit (stage4.pkgs)
-- 
cgit 1.4.1