3
0
Fork 0
forked from mirrors/nixpkgs
Commit graph

29 commits

Author SHA1 Message Date
John Ericson 0884027ef5 Revert "Revert "Merge pull request #28029 from cstrahan/hardening-fix""
This reverts commit 6c064e6b1f, reapplying
PR #28029 which was supposed to have gone to staging all along.
2018-04-11 14:00:13 -04:00
John Ericson c26252af3e lib, stdenv: Check meta.platforms against host platform and be open world
First, we need check against the host platform, not the build platform.
That's simple enough.

Second, we move away from exahustive finite case analysis (i.e.
exhaustively listing all platforms the package builds on). That only
work in a closed-world setting, where we know all platforms we might
build one. But with cross compilation, we may be building for arbitrary
platforms, So we need fancier filters. This is the closed world to open
world change.

The solution is instead of having a list of systems (strings in the form
"foo-bar"), we have a list of of systems or "patterns", i.e. attributes
that partially match the output of the parsers in `lib.systems.parse`.
The "check meta" logic treats the systems strings as an exact whitelist
just as before, but treats the patterns as a fuzzy whitelist,
intersecting the actual `hostPlatform` with the pattern and then
checking for equality. (This is done using `matchAttrs`).

The default convenience lists for `meta.platforms` are now changed to be
lists of patterns (usually a single pattern) in
`lib/systems/for-meta.nix` for maximum flexibility under this new
system.

Fixes #30902
2018-03-15 00:44:34 -04:00
John Ericson 4c52e34ca6 stdenv: Clean up check meta args 2018-03-14 18:58:07 -04:00
Jan Malakhovski 810c4702cf stdenv.mkDerivation: rename meta.evaluates -> meta.available
A much better name.
2018-02-18 13:33:25 +00:00
Vladimír Čunát 67e8392383
Merge #33057: stdenv meta checks: make them lazy
Closes #22277 - it's superseded;  I have some WIP on evaluation
performance, but best do that in a separate PR/thread.
2018-01-14 21:41:31 +01:00
Jan Malakhovski fac3d49e48 stdenv: provide meta.name 2018-01-14 13:24:30 +00:00
Jan Malakhovski 50148f0630 stdenv: hide name under check-meta assert
This is a temporary workaround to make `nix-env -qa` and `nix search` ignore
broken packages as they they did before this patchset.

This patch should be reverted after `nix` gets a proper fix for this.
See NixOS/nix#1771.
2018-01-14 13:24:30 +00:00
Jan Malakhovski eaee2a1199 stdenv: implement config.checkMetaRecursively
This option makes `meta.evaluate` into a close approximation of the result of
evaluating `.outPath` by checking all the dependencies recursively at a cost of
2x slowdown. Note that actually evaluating `.outPath` costs some
5x-7x more because `.outPath` also computes all the hashes.
2018-01-14 13:24:30 +00:00
Jan Malakhovski ecd3990cd4 stdenv: provide meta.evaluates
This gives a way to see the result of `check-meta` without triggering any assertions.
2018-01-14 13:24:29 +00:00
Jan Malakhovski 9956687151 stdenv: change some indent 2018-01-14 13:24:22 +00:00
John Ericson 567feb3a54 stdenv: Fix doCheck and doInstallCheck logic
It's host != build, not host != target
2018-01-09 16:22:58 -05:00
John Ericson 4e907dbca1 stdenv: Force doCheck and doInstallCheck to be false when we are cross compiling
I hope this will be a temporary measure. If there is consensus around
issue #33599, then we can follow an explicit `dontCheck`, but default to
not checking during cross builds when none is given.
2018-01-09 12:37:12 -05:00
Jan Malakhovski d1d5ecb3bf stdenv: perform checks only when evaluating .drv and .out
This pushes check-meta evaluation to derivation evaluation step, leaving all other
attributes accessible.

Before this commit:

> $ HOME=/homeless-shelter NIX_PATH=nixpkgs=$(pwd) nix-instantiate --eval --strict ./default.nix -A xen --argstr system aarch64-linux
> Package ‘xen-4.5.5’ in pkgs/applications/virtualization/xen/generic.nix:226 is not supported on ‘aarch64-linux’, refusing to evaluate.

as expected

> $ HOME=/homeless-shelter NIX_PATH=nixpkgs=$(pwd) nix-instantiate --eval --strict ./default.nix -A xen.name --argstr system aarch64-linux
> Package ‘xen-4.5.5’ in pkgs/applications/virtualization/xen/generic.nix:226 is not supported on ‘aarch64-linux’, refusing to evaluate.

> $ HOME=/homeless-shelter NIX_PATH=nixpkgs=$(pwd) nix-instantiate --eval --strict ./default.nix -A xen.meta.description --argstr system aarch64-linux
> Package ‘xen-4.5.5’ in pkgs/applications/virtualization/xen/generic.nix:226 is not supported on ‘aarch64-linux’, refusing to evaluate.

which is unfortunate since its impossible to use packages in autogenerated
documentation on all platforms.

After this commit:

> $ HOME=/homeless-shelter NIX_PATH=nixpkgs=$(pwd) nix-instantiate --eval --strict ./default.nix -A xen --argstr system aarch64-linux

still fails

> $ HOME=/homeless-shelter NIX_PATH=nixpkgs=$(pwd) nix-instantiate --eval --strict ./default.nix -A xen.name --argstr system aarch64-linux
> "xen-4.5.5"

> $ HOME=/homeless-shelter NIX_PATH=nixpkgs=$(pwd) nix-instantiate --eval --strict ./default.nix -A xen.meta.description --argstr system aarch64-linux
> "Xen hypervisor and related components (vanilla)"
2018-01-03 12:20:25 +00:00
John Ericson 7f3ca3e21a stdenv: Fix handling of dependencies and hooks
4 far-reaching changes: Smaller PATH, New vars, different propagation
logic, and different hook logic

Smaller PATH
------------

`buildInputs` no longer go on the PATH at build time, as they cannot be
run when cross compiling and we don't want to special case. Simply make
a `nativeBuildInput` too if one needs them on the PATH. Fixes #21191.

Many new depedendency variables
-------------------------------

See the stdenv chapter of the nixpkgs manual. I pulled out the existing
documentation of dependency specification into a new section, and added
language for these two (and their propagated equivalents) along side
the others'.

More complex propagation logic
------------------------------

Before a propagated*XXX*Input always acted as if it was specified
directly as a *XXX*Input downstream. That's simple enough, but violates
the intended roles of each sort of dep, which has functional and not
just stylistic consequences.

The new algorithm is detailed in the manual, and ensures everything
ends up in the right place. I tried to give both an informal and formal
description, but I suspect in practice it will not make much sense
until one tries cross compiling, after which it will immediately make
sense as the only sane option.

Simplified hook logic
---------------------

Rather than `envHook` and `crossEnvHook`, whose behavior differs
depending on whether we are cross compiling or not, there is now one
hook per sort (or rather non-propagated and propagated pair of sorts)
of dependency. These new hooks have the same meaning regardless of
cross compilation. See the setup hook section of stdenv chapter of the
Nixpkgs manual for more details.
2017-12-30 22:04:21 -05:00
John Ericson 51179c6e88 stdenv: Add back leading '-' in cross derivation name suffix
I messed this up when I moved the logic from `makeStdenvCross` in
e826a6a247.
2017-09-18 18:59:48 -04:00
Orivej Desh 447240b19f mkDerivation: explain "all" in hardeningDisable
https://github.com/NixOS/nixpkgs/pull/28806#discussion_r136516276
2017-09-03 12:57:08 +00:00
Orivej Desh d70006c6d9 mkDerivation: fix hardening flags check
- allow "all" in hardeningDisable
- fix busybox flags
- print detailed error message

Discussed at https://github.com/NixOS/nixpkgs/pull/28555#issuecomment-326413032
2017-09-01 01:01:24 +00:00
John Ericson 97a48835b7 mkDerivation, cc-wrapper: Check hardening flag validity in Nix
This becomes necessary if more wrappers besides cc-wrapper start
supporting hardening flags. Also good to make the warning into an
error.

Also ensure interface is being used right: Not as a string, not just in
bash.
2017-08-30 17:53:42 +02:00
John Ericson fbab1d485b stdenvs: Distinguish between extraBuildInputs and extraNativeBuildInputs
This version continues to use bash + stdenv/setup for the default
inputs.
2017-08-18 12:02:13 -04:00
Tuomas Tynkkynen 7320fa9d45 Revert "stdenvs: Distinguish between extraBuildInputs and extraNativeBuildInputs"
This reverts commit eeabf85780.

This change suddenly makes tons of stdenv internals visible in
nativeBuildInputs of every derivation, which doesn't seem desirable.
E.g:

````
nix-repl> hello.nativeBuildInputs
[ «derivation /nix/store/bcfkyf6bhssxd2vzwgzmsbn7b5b9rpxc-patchelf-0.9.drv»
  «derivation /nix/store/4wnshnz9wwanpfzcrdd76rri7pyqn9sk-paxctl-0.9.drv»
  << snip 10+ lines >>
  «derivation /nix/store/d35pgh1lcg5nm0x28d899pxj30b8c9b2-gcc-wrapper-6.4.0.drv»
]
````
2017-08-18 13:21:56 +03:00
John Ericson eeabf85780 stdenvs: Distinguish between extraBuildInputs and extraNativeBuildInputs
Additionally, instead of pulling them from `setup.sh`, route them via
Nix. This gets us one step closer to making stdenv be a plain attribute
set instead of a derivation.
2017-08-15 18:24:54 -04:00
John Ericson a71cf06b16 mkDerivation: Simply Nix
No hashes were changed by this
2017-08-15 16:13:30 -04:00
John Ericson aaaa470ff8 mkDerivation: Fix errors from #27365
`nix-build pkgs/top-level/release.nix -A tarball` now succeeds.

`configureFlags = null` lead to a type error, and one overrideDrv
needed to be converted to to append a configureFlags list instead of
string due to the normalization.

Thanks @vcunat for alerting me to the issues---sorry I did not catch
them before merging my own PR.
2017-07-15 13:47:21 -04:00
John Ericson e826a6a247 stdenv: Move some logic from cross adapter to stdenv proper
Eventually the adapter will be removed.  Moved is

 - Name suffix from hostPlatform

 - configurePlatforms

   To not cause more breakage, the default is currently [], but
   eventually it will be [ "build" "host" ], as the cross adapter makes
   it today.
2017-07-13 19:05:36 -04:00
John Ericson 5896d84dbb stdenv: Stop reversing the list of sandbox stuff
We're breaking hashes anyways
2017-07-10 11:25:51 -04:00
John Ericson 2f198956c7 stdenv: Make separate-debug-info.sh a nativeBuildInput 2017-07-10 11:25:51 -04:00
John Ericson a302d7360f top-level: {build,host,target}Platform are defined in the stdenv instead
See #27069 for a discussion of this
2017-07-07 12:55:02 -04:00
John Ericson afc2023993 stdenv: Have mkDerivation pull the "extra" arguments from stdenv instead
Something more elaborate is needed for the "*Platform" arguments.
2017-07-07 12:16:51 -04:00
John Ericson 4cf4d7180d stdenv: Conservatively move mkDerivation into it's own file 2017-07-07 12:16:51 -04:00