- default coreutils is stripped of /share/ (11 -> 2 MiB)
- coreutils-full retains /share/ and adds openssl for faster *sum tools
- NixOS systemPackages contains coreutils-full
- *Support parameter defaults are moved inside
(it seemed confusing to have `? false` and "at once" with `? isLinux`)
Closure considerations:
+ typical build-time closure will get lighter by ~9 MiB
- typical closure of NixOS installation will grow by ~2 MiB,
due to referring to both versions. I think it would be possible to
re-use most of the utils between the two versions, but the expression
would get much more complex.
I considered having stdenv with minimal coreutils and the default
`coreutils` attribute being full, but it turned out there were too many
trivial references in nixpkgs, so it didn't seem easy to keep rebuild
impact of openssl from growing significantly.
coreutils is part of stdenv, which doesn't allow openssl currently.
It's unclear that adding openssl to stdenv was intended,
but if it was it was not discussed or mentioned.
To unbreak "all the things", reverting until this
has been discussed and a proper fix has been put together.
This reverts commit df9f76c62d, reversing
changes made to 585ded7329.
Originally this was introduced in 055e646b ('coreutils: Guard against compiler not supporting __builtin_stpncpy_chk') four years ago. Right now this doesn't seem to serve any purpose and it conflicts with the hardening flags:
<command line>:2:9: warning: '_FORTIFY_SOURCE' macro redefined [-Wmacro-redefined]
#define _FORTIFY_SOURCE 2
^
<command line>:1:9: note: previous definition is here
#define _FORTIFY_SOURCE 0
^
1 warning generated.
The main changes are in libSystem, which lost the coretls component in 10.13
and some hardening changes that quietly crash any program that uses %n in
a non-constant format string, so we've needed to patch a lot of programs that
use gnulib.
`make install` was failing presumably due to an upstream cross-compilation bug:
Makefile:3440: *** Recursive variable 'INSTALL' references itself (eventually). Stop.
While at it, remove the old ugly cross buildPhase. It was seemingly
trying to work around the fact that the man pages are generated by
piping each command's --help output to help2man. That obviously doesn't
work while cross-compiling.
Instead, set PERL=missing in the environment to make the build system
think there's no perl available to run help2man. (This approach was
stolen from buildroot.)
With the symlinked build it's only renaming 'coreutils' to
'gcoreutils' and leaving all the actual command symlinks alone.
Instead of custom renaming scripts, let's use --program-prefix
from the autotools kitchen sink. This has the nice(?) bonus that
the manpages also get prefixed with 'g' now.
The build system refuses to enable both single-binary build and
--program-prefix - but the symlink-based single-binary build couldn't
possibly work either (as it will be looking at "$0" for which command
to execute).
Our coreutils now uses single-binary-build mode where, by default,
simple shebang scripts are used for all the binaries. That doesn't work
e.g. with the Linux unpacker which only handles standard binaries and
symlinks. Let's use the symlinked mode instead for boostrapping.
This does NOT change any stdenv hashes.
I only tested the case most important to me:
$ nix-build pkgs/top-level/release.nix -A stdenvBootstrapTools.x86_64-linux.test
The following parameters are now available:
* hardeningDisable
To disable specific hardening flags
* hardeningEnable
To enable specific hardening flags
Only the cc-wrapper supports this right now, but these may be reused by
other wrappers, builders or setup hooks.
cc-wrapper supports the following flags:
* fortify
* stackprotector
* pie (disabled by default)
* pic
* strictoverflow
* format
* relro
* bindnow
The patch no longer applies as it's applied in the 8.25 release.
While at it don't use FORCE_UNSAFE_CONFIGURE on ARM as I don't see why
it's needed and it works for me without it.
Build-tested GNU hello on ARMv7 and verified that this affect its hash
on i686.
The most complex problems were from dealing with switches reverted in
the meantime (gcc5, gmp6, ncurses6).
It's likely that darwin is (still) broken nontrivially.
- there were many easy merge conflicts
- cc-wrapper needed nontrivial changes
Many other problems might've been created by interaction of the branches,
but stdenv and a few other packages build fine now.
Also some style cleanup.
Note that defining an empty-string variable *does* change the hash.
I would like to change this behaviour one day
(clean up attrs when compiling the derivation).
From https://lists.macosforge.org/pipermail/macports-dev/2011-July/015263.html:
5) Building with a compiler that doesn't support newer __builtins
If your port uses MacPorts compilers rather than the default compiler,
you may run into trouble with string functions. You'll see errors at
link time about undefined __builtin_* functions. If this happens, you
may want to compile with -D_FORTIFY_SOURCE=0 to tell the headers to
use unfortified versions which do not use compiler builtins.
Here is the error:
set-mode-acl.c: In function 'qset_acl':
set-mode-acl.c:72:6: error: #error Must have acl_delete_def_file (see POSIX 1003.1e draft 17).
This is for consistency with terminology in stdenv (and the terms
"hostDrv" and "buildDrv" are not very intuitive, even if they're
consistent with GNU terminology).
