2017-08-28 19:56:08 +01:00
|
|
|
# The Nixpkgs CC is not directly usable, since it doesn't know where
|
|
|
|
# the C library and standard header files are. Therefore the compiler
|
|
|
|
# produced by that package cannot be installed directly in a user
|
|
|
|
# environment and used from the command line. So we use a wrapper
|
|
|
|
# script that sets up the right environment variables so that the
|
|
|
|
# compiler and the linker just "work".
|
|
|
|
|
2018-02-01 00:00:00 +00:00
|
|
|
{ name ? ""
|
2021-01-24 03:02:59 +00:00
|
|
|
, lib
|
2018-09-05 19:33:56 +01:00
|
|
|
, stdenvNoCC
|
|
|
|
, bintools ? null, libc ? null, coreutils ? null, shell ? stdenvNoCC.shell, gnugrep ? null
|
2021-05-15 23:24:17 +01:00
|
|
|
, netbsd ? null, netbsdCross ? null
|
|
|
|
, sharedLibraryLoader ?
|
|
|
|
if libc == null then
|
|
|
|
null
|
|
|
|
else if stdenvNoCC.targetPlatform.isNetBSD then
|
2021-06-07 12:25:11 +01:00
|
|
|
if !(targetPackages ? netbsdCross) then
|
|
|
|
netbsd.ld_elf_so
|
|
|
|
else if libc != targetPackages.netbsdCross.headers then
|
2021-05-15 23:24:17 +01:00
|
|
|
targetPackages.netbsdCross.ld_elf_so
|
|
|
|
else
|
|
|
|
null
|
|
|
|
else
|
|
|
|
lib.getLib libc
|
2018-09-05 19:33:56 +01:00
|
|
|
, nativeTools, noLibc ? false, nativeLibc, nativePrefix ? ""
|
|
|
|
, propagateDoc ? bintools != null && bintools ? man
|
2017-08-28 19:56:08 +01:00
|
|
|
, extraPackages ? [], extraBuildCommands ? ""
|
|
|
|
, buildPackages ? {}
|
2021-05-15 23:24:17 +01:00
|
|
|
, targetPackages ? {}
|
2017-08-28 19:56:08 +01:00
|
|
|
, useMacosReexportHack ? false
|
2021-01-21 05:18:51 +00:00
|
|
|
|
|
|
|
# Darwin code signing support utilities
|
|
|
|
, postLinkSignHook ? null, signingUtils ? null
|
2017-08-28 19:56:08 +01:00
|
|
|
}:
|
|
|
|
|
2021-01-24 03:02:59 +00:00
|
|
|
with lib;
|
2017-08-28 19:56:08 +01:00
|
|
|
|
2018-02-01 00:00:00 +00:00
|
|
|
assert nativeTools -> !propagateDoc && nativePrefix != "";
|
2017-08-28 19:56:08 +01:00
|
|
|
assert !nativeTools ->
|
|
|
|
bintools != null && coreutils != null && gnugrep != null;
|
|
|
|
assert !(nativeLibc && noLibc);
|
|
|
|
assert (noLibc || nativeLibc) == (libc == null);
|
|
|
|
|
|
|
|
let
|
|
|
|
stdenv = stdenvNoCC;
|
|
|
|
inherit (stdenv) hostPlatform targetPlatform;
|
|
|
|
|
|
|
|
# Prefix for binaries. Customarily ends with a dash separator.
|
|
|
|
#
|
|
|
|
# TODO(@Ericson2314) Make unconditional, or optional but always true by
|
|
|
|
# default.
|
2021-01-24 03:02:59 +00:00
|
|
|
targetPrefix = lib.optionalString (targetPlatform != hostPlatform)
|
2017-08-28 19:56:08 +01:00
|
|
|
(targetPlatform.config + "-");
|
|
|
|
|
2021-01-24 03:02:59 +00:00
|
|
|
bintoolsVersion = lib.getVersion bintools;
|
|
|
|
bintoolsName = lib.removePrefix targetPrefix (lib.getName bintools);
|
2017-08-28 19:56:08 +01:00
|
|
|
|
|
|
|
libc_bin = if libc == null then null else getBin libc;
|
|
|
|
libc_dev = if libc == null then null else getDev libc;
|
|
|
|
libc_lib = if libc == null then null else getLib libc;
|
|
|
|
bintools_bin = if nativeTools then "" else getBin bintools;
|
|
|
|
# The wrapper scripts use 'cat' and 'grep', so we may need coreutils.
|
|
|
|
coreutils_bin = if nativeTools then "" else getBin coreutils;
|
|
|
|
|
|
|
|
# See description in cc-wrapper.
|
2020-04-28 05:08:48 +01:00
|
|
|
suffixSalt = replaceStrings ["-" "."] ["_" "_"] targetPlatform.config;
|
2017-08-28 19:56:08 +01:00
|
|
|
|
|
|
|
# The dynamic linker has different names on different platforms. This is a
|
|
|
|
# shell glob that ought to match it.
|
|
|
|
dynamicLinker =
|
2021-05-15 18:41:16 +01:00
|
|
|
/**/ if sharedLibraryLoader == null then null
|
|
|
|
else if targetPlatform.libc == "musl" then "${sharedLibraryLoader}/lib/ld-musl-*"
|
2021-02-10 18:38:17 +00:00
|
|
|
else if (targetPlatform.libc == "bionic" && targetPlatform.is32bit) then "/system/bin/linker"
|
|
|
|
else if (targetPlatform.libc == "bionic" && targetPlatform.is64bit) then "/system/bin/linker64"
|
2021-05-15 18:41:16 +01:00
|
|
|
else if targetPlatform.libc == "nblibc" then "${sharedLibraryLoader}/libexec/ld.elf_so"
|
|
|
|
else if targetPlatform.system == "i686-linux" then "${sharedLibraryLoader}/lib/ld-linux.so.2"
|
|
|
|
else if targetPlatform.system == "x86_64-linux" then "${sharedLibraryLoader}/lib/ld-linux-x86-64.so.2"
|
|
|
|
else if targetPlatform.system == "powerpc64le-linux" then "${sharedLibraryLoader}/lib/ld64.so.2"
|
2017-08-28 19:56:08 +01:00
|
|
|
# ARM with a wildcard, which can be "" or "-armhf".
|
2021-05-15 18:41:16 +01:00
|
|
|
else if (with targetPlatform; isAarch32 && isLinux) then "${sharedLibraryLoader}/lib/ld-linux*.so.3"
|
|
|
|
else if targetPlatform.system == "aarch64-linux" then "${sharedLibraryLoader}/lib/ld-linux-aarch64.so.1"
|
|
|
|
else if targetPlatform.system == "powerpc-linux" then "${sharedLibraryLoader}/lib/ld.so.1"
|
|
|
|
else if targetPlatform.isMips then "${sharedLibraryLoader}/lib/ld.so.1"
|
2017-08-28 19:56:08 +01:00
|
|
|
else if targetPlatform.isDarwin then "/usr/lib/dyld"
|
2020-03-01 19:22:16 +00:00
|
|
|
else if targetPlatform.isFreeBSD then "/libexec/ld-elf.so.1"
|
2021-01-24 03:02:59 +00:00
|
|
|
else if lib.hasSuffix "pc-gnu" targetPlatform.config then "ld.so.1"
|
2017-08-28 19:56:08 +01:00
|
|
|
else null;
|
|
|
|
|
|
|
|
expand-response-params =
|
stdenv: Introduce hasCC attribute
Before, we'd always use `cc = null`, and check for that. The problem is
this breaks for cross compilation to platforms that don't support a C
compiler.
It's a very subtle issue. One might think there is no problem because we
have `stdenvNoCC`, and presumably one would only build derivations that
use that. The problem is that one still wants to use tools at build-time
that are themselves built with a C compiler, and those are gotten via
"splicing". The runtime version of those deps will explode, but the
build time / `buildPackages` versions of those deps will be fine, and
splicing attempts to work this by using `builtins.tryEval` to filter out
any broken "higher priority" packages (runtime is the default and
highest priority) so that both `foo` and `foo.nativeDrv` works.
However, `tryEval` only catches certain evaluation failures (e.g.
exceptions), and not arbitrary failures (such as `cc.attr` when `cc` is
null). This means `tryEval` fails to let us use our build time deps, and
everything comes apart.
The right solution is, as usually, to get rid of splicing. Or, baring
that, to make it so `foo` never works and one has to explicitly do
`foo.*`. But that is a much larger change, and certaily one unsuitable
to be backported to stable.
Given that, we instead make an exception-throwing `cc` attribute, and
create a `hasCC` attribute for those derivations which wish to
condtionally use a C compiler: instead of doing `stdenv.cc or null ==
null` or something similar, one does `stdenv.hasCC`. This allows quering
without "tripping" the exception, while also allowing `tryEval` to work.
No platform without a C compiler is yet wired up by default. That will
be done in a following commit.
2019-11-24 23:07:20 +00:00
|
|
|
if buildPackages ? stdenv && buildPackages.stdenv.hasCC && buildPackages.stdenv.cc != "/dev/null"
|
2017-08-28 19:56:08 +01:00
|
|
|
then import ../expand-response-params { inherit (buildPackages) stdenv; }
|
|
|
|
else "";
|
|
|
|
|
|
|
|
in
|
|
|
|
|
|
|
|
stdenv.mkDerivation {
|
2019-06-24 01:42:48 +01:00
|
|
|
pname = targetPrefix
|
|
|
|
+ (if name != "" then name else "${bintoolsName}-wrapper");
|
|
|
|
version = if bintools == null then null else bintoolsVersion;
|
2017-08-28 19:56:08 +01:00
|
|
|
|
|
|
|
preferLocalBuild = true;
|
|
|
|
|
|
|
|
inherit bintools_bin libc_bin libc_dev libc_lib coreutils_bin;
|
|
|
|
shell = getBin shell + shell.shellPath or "";
|
|
|
|
gnugrep_bin = if nativeTools then "" else gnugrep;
|
|
|
|
|
2020-04-28 05:08:48 +01:00
|
|
|
inherit targetPrefix suffixSalt;
|
2017-08-28 19:56:08 +01:00
|
|
|
|
2020-04-21 04:47:17 +01:00
|
|
|
outputs = [ "out" ] ++ optionals propagateDoc ([ "man" ] ++ optional (bintools ? info) "info");
|
2017-08-28 19:56:08 +01:00
|
|
|
|
|
|
|
passthru = {
|
|
|
|
inherit bintools libc nativeTools nativeLibc nativePrefix;
|
|
|
|
|
|
|
|
emacsBufferSetup = pkgs: ''
|
|
|
|
; We should handle propagation here too
|
|
|
|
(mapc
|
|
|
|
(lambda (arg)
|
|
|
|
(when (file-directory-p (concat arg "/lib"))
|
2020-04-28 05:08:48 +01:00
|
|
|
(setenv "NIX_LDFLAGS_${suffixSalt}" (concat (getenv "NIX_LDFLAGS_${suffixSalt}") " -L" arg "/lib")))
|
2017-08-28 19:56:08 +01:00
|
|
|
(when (file-directory-p (concat arg "/lib64"))
|
2020-04-28 05:08:48 +01:00
|
|
|
(setenv "NIX_LDFLAGS_${suffixSalt}" (concat (getenv "NIX_LDFLAGS_${suffixSalt}") " -L" arg "/lib64"))))
|
2017-08-28 19:56:08 +01:00
|
|
|
'(${concatStringsSep " " (map (pkg: "\"${pkg}\"") pkgs)}))
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
|
|
|
|
dontBuild = true;
|
|
|
|
dontConfigure = true;
|
|
|
|
|
|
|
|
unpackPhase = ''
|
|
|
|
src=$PWD
|
|
|
|
'';
|
|
|
|
|
|
|
|
installPhase =
|
|
|
|
''
|
2018-02-01 00:00:00 +00:00
|
|
|
mkdir -p $out/bin $out/nix-support
|
2017-08-28 19:56:08 +01:00
|
|
|
|
|
|
|
wrap() {
|
|
|
|
local dst="$1"
|
|
|
|
local wrapper="$2"
|
|
|
|
export prog="$3"
|
|
|
|
substituteAll "$wrapper" "$out/bin/$dst"
|
|
|
|
chmod +x "$out/bin/$dst"
|
|
|
|
}
|
|
|
|
''
|
|
|
|
|
|
|
|
+ (if nativeTools then ''
|
|
|
|
echo ${nativePrefix} > $out/nix-support/orig-bintools
|
|
|
|
|
|
|
|
ldPath="${nativePrefix}/bin"
|
|
|
|
'' else ''
|
|
|
|
echo $bintools_bin > $out/nix-support/orig-bintools
|
|
|
|
|
|
|
|
ldPath="${bintools_bin}/bin"
|
|
|
|
''
|
|
|
|
|
2020-06-30 16:04:10 +01:00
|
|
|
# Solaris needs an additional ld wrapper.
|
2017-08-28 19:56:08 +01:00
|
|
|
+ optionalString (targetPlatform.isSunOS && nativePrefix != "") ''
|
|
|
|
ldPath="${nativePrefix}/bin"
|
|
|
|
exec="$ldPath/${targetPrefix}ld"
|
|
|
|
wrap ld-solaris ${./ld-solaris-wrapper.sh}
|
|
|
|
'')
|
|
|
|
|
2020-06-30 16:04:10 +01:00
|
|
|
# Create a symlink to as (the assembler).
|
2017-08-28 19:56:08 +01:00
|
|
|
+ ''
|
|
|
|
if [ -e $ldPath/${targetPrefix}as ]; then
|
|
|
|
ln -s $ldPath/${targetPrefix}as $out/bin/${targetPrefix}as
|
|
|
|
fi
|
|
|
|
|
|
|
|
'' + (if !useMacosReexportHack then ''
|
|
|
|
wrap ${targetPrefix}ld ${./ld-wrapper.sh} ''${ld:-$ldPath/${targetPrefix}ld}
|
|
|
|
'' else ''
|
|
|
|
ldInner="${targetPrefix}ld-reexport-delegate"
|
|
|
|
wrap "$ldInner" ${./macos-sierra-reexport-hack.bash} ''${ld:-$ldPath/${targetPrefix}ld}
|
|
|
|
wrap "${targetPrefix}ld" ${./ld-wrapper.sh} "$out/bin/$ldInner"
|
|
|
|
unset ldInner
|
|
|
|
'') + ''
|
|
|
|
|
2017-11-25 19:04:43 +00:00
|
|
|
for variant in ld.gold ld.bfd ld.lld; do
|
|
|
|
local underlying=$ldPath/${targetPrefix}$variant
|
|
|
|
[[ -e "$underlying" ]] || continue
|
|
|
|
wrap ${targetPrefix}$variant ${./ld-wrapper.sh} $underlying
|
|
|
|
done
|
2017-08-28 19:56:08 +01:00
|
|
|
'';
|
|
|
|
|
2017-11-27 05:12:13 +00:00
|
|
|
emulation = let
|
|
|
|
fmt =
|
|
|
|
/**/ if targetPlatform.isDarwin then "mach-o"
|
|
|
|
else if targetPlatform.isWindows then "pe"
|
|
|
|
else "elf" + toString targetPlatform.parsed.cpu.bits;
|
|
|
|
endianPrefix = if targetPlatform.isBigEndian then "big" else "little";
|
2020-11-28 21:57:00 +00:00
|
|
|
sep = optionalString (!targetPlatform.isMips && !targetPlatform.isPower && !targetPlatform.isRiscV) "-";
|
2017-11-27 05:12:13 +00:00
|
|
|
arch =
|
|
|
|
/**/ if targetPlatform.isAarch64 then endianPrefix + "aarch64"
|
treewide: isArm -> isAarch32
Following legacy packing conventions, `isArm` was defined just for
32-bit ARM instruction set. This is confusing to non packagers though,
because Aarch64 is an ARM instruction set.
The official ARM overview for ARMv8[1] is surprisingly not confusing,
given the overall state of affairs for ARM naming conventions, and
offers us a solution. It divides the nomenclature into three levels:
```
ISA: ARMv8 {-A, -R, -M}
/ \
Mode: Aarch32 Aarch64
| / \
Encoding: A64 A32 T32
```
At the top is the overall v8 instruction set archicture. Second are the
two modes, defined by bitwidth but differing in other semantics too, and
buttom are the encodings, (hopefully?) isomorphic if they encode the
same mode.
The 32 bit encodings are mostly backwards compatible with previous
non-Thumb and Thumb encodings, and if so we can pun the mode names to
instead mean "sets of compatable or isomorphic encodings", and then
voilà we have nice names for 32-bit and 64-bit arm instruction sets
which do not use the word ARM so as to not confused either laymen or
experienced ARM packages.
[1]: https://developer.arm.com/products/architecture/a-profile
(cherry picked from commit ba52ae50488de85a9cf60a3a04f1c9ca7122ec74)
2018-03-20 02:41:06 +00:00
|
|
|
else if targetPlatform.isAarch32 then endianPrefix + "arm"
|
2017-11-27 05:12:13 +00:00
|
|
|
else if targetPlatform.isx86_64 then "x86-64"
|
2019-01-06 18:57:36 +00:00
|
|
|
else if targetPlatform.isx86_32 then "i386"
|
2017-12-05 10:27:45 +00:00
|
|
|
else if targetPlatform.isMips then {
|
2019-08-13 22:52:01 +01:00
|
|
|
mips = "btsmipn32"; # n32 variant
|
|
|
|
mipsel = "ltsmipn32"; # n32 variant
|
|
|
|
mips64 = "btsmip";
|
|
|
|
mips64el = "ltsmip";
|
2017-12-05 10:27:45 +00:00
|
|
|
}.${targetPlatform.parsed.cpu.name}
|
2020-11-04 14:13:06 +00:00
|
|
|
else if targetPlatform.isMmix then "mmix"
|
2018-08-21 20:31:34 +01:00
|
|
|
else if targetPlatform.isPower then if targetPlatform.isBigEndian then "ppc" else "lppc"
|
2018-07-26 14:33:36 +01:00
|
|
|
else if targetPlatform.isSparc then "sparc"
|
2019-03-26 02:17:37 +00:00
|
|
|
else if targetPlatform.isMsp430 then "msp430"
|
2018-10-12 21:09:59 +01:00
|
|
|
else if targetPlatform.isAvr then "avr"
|
2019-02-20 03:36:00 +00:00
|
|
|
else if targetPlatform.isAlpha then "alpha"
|
2019-11-02 15:47:38 +00:00
|
|
|
else if targetPlatform.isVc4 then "vc4"
|
2020-11-09 20:06:44 +00:00
|
|
|
else if targetPlatform.isOr1k then "or1k"
|
2020-11-28 21:57:00 +00:00
|
|
|
else if targetPlatform.isRiscV then "lriscv"
|
2019-02-05 15:24:00 +00:00
|
|
|
else throw "unknown emulation for platform: ${targetPlatform.config}";
|
2019-01-30 02:01:24 +00:00
|
|
|
in if targetPlatform.useLLVM or false then ""
|
2021-01-23 01:33:55 +00:00
|
|
|
else targetPlatform.bfdEmulation or (fmt + sep + arch);
|
2017-11-27 05:12:13 +00:00
|
|
|
|
2018-05-13 16:31:24 +01:00
|
|
|
strictDeps = true;
|
2017-07-07 20:57:01 +01:00
|
|
|
depsTargetTargetPropagated = extraPackages;
|
2017-08-28 19:56:08 +01:00
|
|
|
|
2018-05-07 18:07:19 +01:00
|
|
|
wrapperName = "BINTOOLS_WRAPPER";
|
|
|
|
|
|
|
|
setupHooks = [
|
|
|
|
../setup-hooks/role.bash
|
|
|
|
./setup-hook.sh
|
|
|
|
];
|
2017-08-28 19:56:08 +01:00
|
|
|
|
|
|
|
postFixup =
|
2020-06-30 16:04:10 +01:00
|
|
|
##
|
|
|
|
## General libc support
|
|
|
|
##
|
2019-11-05 00:57:14 +00:00
|
|
|
optionalString (libc != null) (''
|
2020-06-30 19:26:37 +01:00
|
|
|
touch "$out/nix-support/libc-ldflags"
|
|
|
|
echo "-L${libc_lib}${libc.libdir or "/lib"}" >> $out/nix-support/libc-ldflags
|
2017-08-28 19:56:08 +01:00
|
|
|
|
|
|
|
echo "${libc_lib}" > $out/nix-support/orig-libc
|
|
|
|
echo "${libc_dev}" > $out/nix-support/orig-libc-dev
|
2020-06-30 16:04:10 +01:00
|
|
|
''
|
2017-08-28 19:56:08 +01:00
|
|
|
|
2020-06-30 16:04:10 +01:00
|
|
|
##
|
|
|
|
## Dynamic linker support
|
|
|
|
##
|
2021-05-15 18:41:16 +01:00
|
|
|
+ optionalString (sharedLibraryLoader != null) ''
|
2017-08-28 19:56:08 +01:00
|
|
|
if [[ -z ''${dynamicLinker+x} ]]; then
|
|
|
|
echo "Don't know the name of the dynamic linker for platform '${targetPlatform.config}', so guessing instead." >&2
|
2021-05-15 18:41:16 +01:00
|
|
|
local dynamicLinker="${sharedLibraryLoader}/lib/ld*.so.?"
|
2017-08-28 19:56:08 +01:00
|
|
|
fi
|
2020-06-30 16:04:10 +01:00
|
|
|
''
|
2017-08-28 19:56:08 +01:00
|
|
|
|
2020-06-30 16:04:10 +01:00
|
|
|
# Expand globs to fill array of options
|
|
|
|
+ ''
|
2017-08-28 19:56:08 +01:00
|
|
|
dynamicLinker=($dynamicLinker)
|
|
|
|
|
|
|
|
case ''${#dynamicLinker[@]} in
|
|
|
|
0) echo "No dynamic linker found for platform '${targetPlatform.config}'." >&2;;
|
|
|
|
1) echo "Using dynamic linker: '$dynamicLinker'" >&2;;
|
|
|
|
*) echo "Multiple dynamic linkers found for platform '${targetPlatform.config}'." >&2;;
|
|
|
|
esac
|
|
|
|
|
2020-06-30 19:26:37 +01:00
|
|
|
if [ -n "''${dynamicLinker-}" ]; then
|
2017-08-28 19:56:08 +01:00
|
|
|
echo $dynamicLinker > $out/nix-support/dynamic-linker
|
|
|
|
|
2020-12-25 20:52:42 +00:00
|
|
|
${if targetPlatform.isDarwin then ''
|
|
|
|
printf "export LD_DYLD_PATH=%q\n" "$dynamicLinker" >> $out/nix-support/setup-hook
|
2021-05-15 18:41:16 +01:00
|
|
|
'' else lib.optionalString (sharedLibraryLoader != null) ''
|
|
|
|
if [ -e ${sharedLibraryLoader}/lib/32/ld-linux.so.2 ]; then
|
|
|
|
echo ${sharedLibraryLoader}/lib/32/ld-linux.so.2 > $out/nix-support/dynamic-linker-m32
|
2020-12-25 20:52:42 +00:00
|
|
|
fi
|
|
|
|
touch $out/nix-support/ld-set-dynamic-linker
|
|
|
|
''}
|
2017-08-28 19:56:08 +01:00
|
|
|
fi
|
|
|
|
'')
|
|
|
|
|
2020-06-30 16:04:10 +01:00
|
|
|
##
|
|
|
|
## User env support
|
|
|
|
##
|
2017-08-28 19:56:08 +01:00
|
|
|
|
2020-06-30 16:04:10 +01:00
|
|
|
# Propagate the underling unwrapped bintools so that if you
|
|
|
|
# install the wrapper, you get tools like objdump (same for any
|
|
|
|
# binaries of libc).
|
|
|
|
+ optionalString (!nativeTools) ''
|
2017-08-28 19:56:08 +01:00
|
|
|
printWords ${bintools_bin} ${if libc == null then "" else libc_bin} > $out/nix-support/propagated-user-env-packages
|
2018-02-01 00:00:00 +00:00
|
|
|
''
|
2017-11-28 22:16:09 +00:00
|
|
|
|
2020-06-30 16:04:10 +01:00
|
|
|
##
|
|
|
|
## Man page and info support
|
|
|
|
##
|
2020-04-21 04:47:17 +01:00
|
|
|
+ optionalString propagateDoc (''
|
2018-09-05 19:35:16 +01:00
|
|
|
ln -s ${bintools.man} $man
|
2020-04-21 04:47:17 +01:00
|
|
|
'' + optionalString (bintools ? info) ''
|
2018-09-05 19:35:16 +01:00
|
|
|
ln -s ${bintools.info} $info
|
2020-04-21 04:47:17 +01:00
|
|
|
'')
|
2017-08-28 19:56:08 +01:00
|
|
|
|
2020-06-30 16:04:10 +01:00
|
|
|
##
|
|
|
|
## Hardening support
|
|
|
|
##
|
2017-08-28 19:56:08 +01:00
|
|
|
|
2020-06-30 16:04:10 +01:00
|
|
|
# some linkers on some platforms don't support specific -z flags
|
|
|
|
+ ''
|
2017-08-28 19:56:08 +01:00
|
|
|
export hardening_unsupported_flags=""
|
|
|
|
if [[ "$($ldPath/${targetPrefix}ld -z now 2>&1 || true)" =~ un(recognized|known)\ option ]]; then
|
|
|
|
hardening_unsupported_flags+=" bindnow"
|
|
|
|
fi
|
|
|
|
if [[ "$($ldPath/${targetPrefix}ld -z relro 2>&1 || true)" =~ un(recognized|known)\ option ]]; then
|
|
|
|
hardening_unsupported_flags+=" relro"
|
|
|
|
fi
|
|
|
|
''
|
|
|
|
|
|
|
|
+ optionalString hostPlatform.isCygwin ''
|
|
|
|
hardening_unsupported_flags+=" pic"
|
|
|
|
''
|
|
|
|
|
2018-10-15 22:11:20 +01:00
|
|
|
+ optionalString targetPlatform.isAvr ''
|
|
|
|
hardening_unsupported_flags+=" relro bindnow"
|
|
|
|
''
|
|
|
|
|
|
|
|
+ optionalString (libc != null && targetPlatform.isAvr) ''
|
|
|
|
for isa in avr5 avr3 avr4 avr6 avr25 avr31 avr35 avr51 avrxmega2 avrxmega4 avrxmega5 avrxmega6 avrxmega7 tiny-stack; do
|
|
|
|
echo "-L${getLib libc}/avr/lib/$isa" >> $out/nix-support/libc-cflags
|
|
|
|
done
|
|
|
|
''
|
|
|
|
|
2020-11-19 07:57:41 +00:00
|
|
|
+ optionalString stdenv.targetPlatform.isDarwin ''
|
|
|
|
echo "-arch ${targetPlatform.darwinArch}" >> $out/nix-support/libc-ldflags
|
|
|
|
''
|
|
|
|
|
2021-01-31 06:12:28 +00:00
|
|
|
###
|
|
|
|
### Remove LC_UUID
|
|
|
|
###
|
|
|
|
+ optionalString (stdenv.targetPlatform.isDarwin && !(stdenv.cc.bintools.bintools.isGNU or false)) ''
|
|
|
|
echo "-no_uuid" >> $out/nix-support/libc-ldflags-before
|
|
|
|
''
|
|
|
|
|
2017-08-28 19:56:08 +01:00
|
|
|
+ ''
|
2020-06-30 19:26:37 +01:00
|
|
|
for flags in "$out/nix-support"/*flags*; do
|
|
|
|
substituteInPlace "$flags" --replace $'\n' ' '
|
|
|
|
done
|
|
|
|
|
2017-08-28 19:56:08 +01:00
|
|
|
substituteAll ${./add-flags.sh} $out/nix-support/add-flags.sh
|
|
|
|
substituteAll ${./add-hardening.sh} $out/nix-support/add-hardening.sh
|
2020-09-06 17:15:32 +01:00
|
|
|
substituteAll ${../wrapper-common/utils.bash} $out/nix-support/utils.bash
|
2017-08-28 19:56:08 +01:00
|
|
|
''
|
2018-02-01 00:00:00 +00:00
|
|
|
|
2021-01-31 06:12:28 +00:00
|
|
|
###
|
|
|
|
### Ensure consistent LC_VERSION_MIN_MACOSX
|
|
|
|
###
|
|
|
|
+ optionalString stdenv.targetPlatform.isDarwin (
|
|
|
|
let
|
2021-04-10 10:06:25 +01:00
|
|
|
inherit (stdenv.targetPlatform)
|
|
|
|
darwinPlatform darwinSdkVersion
|
|
|
|
darwinMinVersion darwinMinVersionVariable;
|
2021-01-31 06:12:28 +00:00
|
|
|
in ''
|
|
|
|
export darwinPlatform=${darwinPlatform}
|
|
|
|
export darwinMinVersion=${darwinMinVersion}
|
|
|
|
export darwinSdkVersion=${darwinSdkVersion}
|
2021-04-10 10:06:25 +01:00
|
|
|
export darwinMinVersionVariable=${darwinMinVersionVariable}
|
2021-01-31 06:12:28 +00:00
|
|
|
substituteAll ${./add-darwin-ldflags-before.sh} $out/nix-support/add-local-ldflags-before.sh
|
|
|
|
''
|
|
|
|
)
|
|
|
|
|
2021-01-21 05:18:51 +00:00
|
|
|
##
|
|
|
|
## Code signing on Apple Silicon
|
|
|
|
##
|
|
|
|
+ optionalString (targetPlatform.isDarwin && targetPlatform.isAarch64) ''
|
|
|
|
echo 'source ${postLinkSignHook}' >> $out/nix-support/post-link-hook
|
|
|
|
|
|
|
|
export signingUtils=${signingUtils}
|
|
|
|
|
|
|
|
wrap \
|
|
|
|
${targetPrefix}install_name_tool \
|
|
|
|
${./darwin-install_name_tool-wrapper.sh} \
|
|
|
|
"${bintools_bin}/bin/${targetPrefix}install_name_tool"
|
|
|
|
|
|
|
|
wrap \
|
|
|
|
${targetPrefix}strip ${./darwin-strip-wrapper.sh} \
|
|
|
|
"${bintools_bin}/bin/${targetPrefix}strip"
|
|
|
|
''
|
|
|
|
|
2020-06-30 16:04:10 +01:00
|
|
|
##
|
|
|
|
## Extra custom steps
|
|
|
|
##
|
2017-08-28 19:56:08 +01:00
|
|
|
+ extraBuildCommands;
|
|
|
|
|
|
|
|
inherit dynamicLinker expand-response-params;
|
|
|
|
|
2018-05-07 18:15:34 +01:00
|
|
|
# for substitution in utils.bash
|
2017-08-28 19:56:08 +01:00
|
|
|
expandResponseParams = "${expand-response-params}/bin/expand-response-params";
|
|
|
|
|
|
|
|
meta =
|
|
|
|
let bintools_ = if bintools != null then bintools else {}; in
|
|
|
|
(if bintools_ ? meta then removeAttrs bintools.meta ["priority"] else {}) //
|
|
|
|
{ description =
|
2021-01-24 03:02:59 +00:00
|
|
|
lib.attrByPath ["meta" "description"] "System binary utilities" bintools_
|
2017-08-28 19:56:08 +01:00
|
|
|
+ " (wrapper script)";
|
2019-02-19 02:10:12 +00:00
|
|
|
priority = 10;
|
2017-08-28 19:56:08 +01:00
|
|
|
} // optionalAttrs useMacosReexportHack {
|
2021-01-24 03:02:59 +00:00
|
|
|
platforms = lib.platforms.darwin;
|
2017-08-28 19:56:08 +01:00
|
|
|
};
|
|
|
|
}
|