diff --git a/pkgs/development/compilers/go/1.7.nix b/pkgs/development/compilers/go/1.7.nix index d623d800bd79..0f78646e1aa0 100644 --- a/pkgs/development/compilers/go/1.7.nix +++ b/pkgs/development/compilers/go/1.7.nix @@ -1,9 +1,17 @@ -{ stdenv, lib, fetchFromGitHub, tzdata, iana_etc, go_bootstrap, runCommand +{ stdenv, fetchFromGitHub, tzdata, iana_etc, go_bootstrap, runCommand, writeScriptBin , perl, which, pkgconfig, patch, fetchpatch -, pcre +, pcre, cacert , Security, Foundation, bash }: let + + inherit (stdenv.lib) optional optionals optionalString; + + clangHack = writeScriptBin "clang" '' + #!${stdenv.shell} + exec ${stdenv.cc}/bin/clang "$@" 2> >(sed '/ld: warning:.*ignoring unexpected dylib file/ d' 1>&2) + ''; + goBootstrap = runCommand "go-bootstrap" {} '' mkdir $out cp -rf ${go_bootstrap}/* $out/ @@ -11,6 +19,7 @@ let find $out -name "*.c" -delete cp -rf $out/bin/* $out/share/go/bin/ ''; + in stdenv.mkDerivation rec { @@ -27,28 +36,11 @@ stdenv.mkDerivation rec { # perl is used for testing go vet nativeBuildInputs = [ perl which pkgconfig patch ]; buildInputs = [ pcre ]; - propagatedBuildInputs = lib.optionals stdenv.isDarwin [ - Security Foundation - ]; + propagatedBuildInputs = optionals stdenv.isDarwin [ Security Foundation ]; hardeningDisable = [ "all" ]; - # I'm not sure what go wants from its 'src', but the go installation manual - # describes an installation keeping the src. - preUnpack = '' - topdir=$PWD - mkdir -p $out/share - cd $out/share - ''; - prePatch = '' - # Ensure that the source directory is named go - cd .. - if [ ! -d go ]; then - mv * go - fi - - cd go patchShebangs ./ # replace /bin/bash # This source produces shell script at run time, @@ -81,9 +73,9 @@ stdenv.mkDerivation rec { # Disable cgo lookup tests not works, they depend on resolver rm src/net/cgo_unix_test.go - '' + lib.optionalString stdenv.isLinux '' + '' + optionalString stdenv.isLinux '' sed -i 's,/usr/share/zoneinfo/,${tzdata}/share/zoneinfo/,' src/time/zoneinfo_unix.go - '' + lib.optionalString stdenv.isDarwin '' + '' + optionalString stdenv.isDarwin '' substituteInPlace src/race.bash --replace \ "sysctl machdep.cpu.extfeatures | grep -qv EM64T" true sed -i 's,strings.Contains(.*sysctl.*,true {,' src/cmd/dist/util.go @@ -93,6 +85,7 @@ stdenv.mkDerivation rec { sed -i '/TestChdirAndGetwd/areturn' src/os/os_test.go sed -i '/TestRead0/areturn' src/os/os_test.go sed -i '/TestNohup/areturn' src/os/signal/signal_test.go + sed -i '/TestCurrent/areturn' src/os/user/user_test.go sed -i '/TestSystemRoots/areturn' src/crypto/x509/root_darwin_test.go sed -i '/TestGoInstallRebuildsStalePackagesInOtherGOPATH/areturn' src/cmd/go/go_test.go @@ -106,20 +99,11 @@ stdenv.mkDerivation rec { touch $TMPDIR/group $TMPDIR/hosts $TMPDIR/passwd sed -i '1 a\exit 0' misc/cgo/errors/test.bash - - mkdir $topdir/dirtyhacks - cat < $topdir/dirtyhacks/clang - #!${bash}/bin/bash - $(type -P clang) "\$@" 2> >(sed '/ld: warning:.*ignoring unexpected dylib file/ d' 1>&2) - exit $? - EOF - chmod +x $topdir/dirtyhacks/clang - PATH=$topdir/dirtyhacks:$PATH ''; - patches = [ - ./remove-tools-1.7.patch - ]; + patches = [ ./remove-tools-1.7.patch ./cacert-1.7.patch ]; + + SSL_CERT_FILE = "${cacert}/etc/ssl/certs/ca-bundle.crt"; GOOS = if stdenv.isDarwin then "darwin" else "linux"; GOARCH = if stdenv.isDarwin then "amd64" @@ -127,7 +111,7 @@ stdenv.mkDerivation rec { else if stdenv.system == "x86_64-linux" then "amd64" else if stdenv.isArm then "arm" else throw "Unsupported system"; - GOARM = stdenv.lib.optionalString (stdenv.system == "armv5tel-linux") "5"; + GOARM = optionalString (stdenv.system == "armv5tel-linux") "5"; GO386 = 387; # from Arch: don't assume sse2 on i686 CGO_ENABLED = 1; GOROOT_BOOTSTRAP = "${goBootstrap}/share/go"; @@ -136,19 +120,25 @@ stdenv.mkDerivation rec { # just want the generic `cc` here. CC = if stdenv.isDarwin then "clang" else "cc"; + configurePhase = '' + mkdir -p $out/share/go/bin + export GOROOT=$out/share/go + export GOBIN=$GOROOT/bin + export PATH=$GOBIN:$PATH + ''; + + postConfigure = optionalString stdenv.isDarwin '' + export PATH=${clangHack}/bin:$PATH + ''; + installPhase = '' - mkdir -p "$out/bin" - export GOROOT="$(pwd)/" - export GOBIN="$out/bin" - export PATH="$GOBIN:$PATH" - cd ./src - echo Building - ./all.bash + cp -r . $GOROOT + ( cd $GOROOT/src && ./all.bash ) ''; preFixup = '' rm -r $out/share/go/pkg/bootstrap - rmdir $out/bin && mv $out/share/go/bin $out/bin + mv $out/share/go/bin $out/bin ''; setupHook = ./setup-hook.sh; diff --git a/pkgs/development/compilers/go/cacert-1.7.patch b/pkgs/development/compilers/go/cacert-1.7.patch new file mode 100644 index 000000000000..0fe9ff8cc239 --- /dev/null +++ b/pkgs/development/compilers/go/cacert-1.7.patch @@ -0,0 +1,82 @@ +diff --git a/src/crypto/x509/root_cgo_darwin.go b/src/crypto/x509/root_cgo_darwin.go +index a4b33c7..9700b75 100644 +--- a/src/crypto/x509/root_cgo_darwin.go ++++ b/src/crypto/x509/root_cgo_darwin.go +@@ -151,11 +151,20 @@ int FetchPEMRoots(CFDataRef *pemRoots) { + import "C" + import ( + "errors" ++ "io/ioutil" ++ "os" + "unsafe" + ) + + func loadSystemRoots() (*CertPool, error) { + roots := NewCertPool() ++ if file := os.Getenv("SSL_CERT_FILE"); file != "" { ++ data, err := ioutil.ReadFile(file) ++ if err == nil { ++ roots.AppendCertsFromPEM(data) ++ return roots, nil ++ } ++ } + + var data C.CFDataRef = nil + err := C.FetchPEMRoots(&data) +diff --git a/src/crypto/x509/root_darwin.go b/src/crypto/x509/root_darwin.go +index 78de56c..05eada4 100644 +--- a/src/crypto/x509/root_darwin.go ++++ b/src/crypto/x509/root_darwin.go +@@ -6,20 +6,31 @@ + + package x509 + +-import "os/exec" ++import ( ++ "io/ioutil" ++ "os" ++ "os/exec" ++) + + func (c *Certificate) systemVerify(opts *VerifyOptions) (chains [][]*Certificate, err error) { + return nil, nil + } + + func execSecurityRoots() (*CertPool, error) { ++ roots := NewCertPool() ++ if file := os.Getenv("SSL_CERT_FILE"); file != "" { ++ data, err := ioutil.ReadFile(file) ++ if err == nil { ++ roots.AppendCertsFromPEM(data) ++ return roots, nil ++ } ++ } + cmd := exec.Command("/usr/bin/security", "find-certificate", "-a", "-p", "/System/Library/Keychains/SystemRootCertificates.keychain") + data, err := cmd.Output() + if err != nil { + return nil, err + } + +- roots := NewCertPool() + roots.AppendCertsFromPEM(data) + return roots, nil + } +diff --git a/src/crypto/x509/root_unix.go b/src/crypto/x509/root_unix.go +index 7bcb3d6..3986e1a 100644 +--- a/src/crypto/x509/root_unix.go ++++ b/src/crypto/x509/root_unix.go +@@ -24,6 +24,14 @@ func (c *Certificate) systemVerify(opts *VerifyOptions) (chains [][]*Certificate + + func loadSystemRoots() (*CertPool, error) { + roots := NewCertPool() ++ if file := os.Getenv("SSL_CERT_FILE"); file != "" { ++ data, err := ioutil.ReadFile(file) ++ if err == nil { ++ roots.AppendCertsFromPEM(data) ++ return roots, nil ++ } ++ } ++ + var firstErr error + for _, file := range certFiles { + data, err := ioutil.ReadFile(file)