buildGo{Package,Module}: set trimpath in GOFLAGS

Also drop removeReferencesTo `-trimpath` removes all file system paths from the compiled executable, this should improve reproducibility.
2024-11-19 12:11:28 +00:00 · 2020-10-29 13:27:20 +10:00 · 2020-10-29 13:27:20 +10:00 · 4e9f7bbf85
parent 9f035ff857
commit 4e9f7bbf85
2 changed files with 6 additions and 21 deletions
--- a/pkgs/development/go-modules/generic/default.nix
+++ b/pkgs/development/go-modules/generic/default.nix
@ -1,4 +1,4 @@
-{ go, cacert, git, lib, removeReferencesTo, stdenv, vend }:
+{ go, cacert, git, lib, stdenv, vend }:

 { name ? "${args'.pname}-${args'.version}"
 , src
@ -43,10 +43,6 @@ with builtins;
 let
  args = removeAttrs args' [ "overrideModAttrs" "vendorSha256" "disabled" ];

-  removeReferences = [ ] ++ lib.optional (!allowGoReference) go;
-
-  removeExpr = refs: ''remove-references-to ${lib.concatMapStrings (ref: " -t ${ref}") refs}'';
-
  go-modules = if vendorSha256 != null then go.stdenv.mkDerivation (let modArgs = {

    name = "${name}-go-modules";
@ -121,12 +117,12 @@ let
  ) // overrideModAttrs modArgs) else "";

  package = go.stdenv.mkDerivation (args // {
-    nativeBuildInputs = [ removeReferencesTo go ] ++ nativeBuildInputs;
+    nativeBuildInputs = [ go ] ++ nativeBuildInputs;

    inherit (go) GOOS GOARCH;

    GO111MODULE = "on";
-    GOFLAGS = "-mod=vendor";
+    GOFLAGS = [ "-mod=vendor" ] ++ lib.optionals (!allowGoReference) [ "-trimpath" ];

    configurePhase = args.configurePhase or ''
      runHook preConfigure
@ -229,10 +225,6 @@ let
      runHook postInstall
    '';

-    preFixup = (args.preFixup or "") + ''
-      find $out/{bin,libexec,lib} -type f 2>/dev/null | xargs -r ${removeExpr removeReferences} || true
-    '';
-
    strictDeps = true;

    disallowedReferences = lib.optional (!allowGoReference) go;
--- a/pkgs/development/go-packages/generic/default.nix
+++ b/pkgs/development/go-packages/generic/default.nix
@ -1,5 +1,5 @@
 { go, govers, lib, fetchgit, fetchhg, fetchbzr, rsync
-, removeReferencesTo, fetchFromGitHub, stdenv }:
+, fetchFromGitHub, stdenv }:

 { buildInputs ? []
 , nativeBuildInputs ? []
@ -44,10 +44,6 @@
 with builtins;

 let
-  removeReferences = [ ] ++ lib.optional (!allowGoReference) go;
-
-  removeExpr = refs: ''remove-references-to ${lib.concatMapStrings (ref: " -t ${ref}") refs}'';
-
  dep2src = goDep:
    {
      inherit (goDep) goPackagePath;
@ -78,7 +74,7 @@ let
  package = stdenv.mkDerivation (
    (builtins.removeAttrs args [ "goPackageAliases" "disabled" "extraSrcs"]) // {

-    nativeBuildInputs = [ removeReferencesTo go ]
+    nativeBuildInputs = [ go ]
      ++ (lib.optional (!dontRenameImports) govers) ++ nativeBuildInputs;
    buildInputs = buildInputs;

@ -88,6 +84,7 @@ let
    GOHOSTOS = go.GOHOSTOS or null;

    GO111MODULE = "off";
+    GOFLAGS = lib.optionals (!allowGoReference) [ "-trimpath" ];

    GOARM = toString (stdenv.lib.intersectLists [(stdenv.hostPlatform.parsed.cpu.version or "")] ["5" "6" "7"]);

@ -225,10 +222,6 @@ let
      runHook postInstall
    '';

-    preFixup = preFixup + ''
-      find $out/{bin,libexec,lib} -type f 2>/dev/null | xargs -r ${removeExpr removeReferences} || true
-    '';
-
    strictDeps = true;

    shellHook = ''