This round is without the systemd CVE,
as we don't have binaries for that yet.
BTW, I just ignore darwin binaries these days,
as I'd have to wait for weeks for them.
The only outside-curl uses of `fetchurlBoot` left are `stdenv`
and `apple-source-releases`. The latter one can probably be removed
too, but I can't test it.
Pros:
- Aggregates all behind-the-scenes insanity in a single place.
Cons:
- At the cost of 10 more derivations (but 0 new outpaths).
It was removed on recent versions of macOS and these entries break
sandboxing if they don't exist.
Aborted: while setting up the build environment: getting attributes of path '/System/Library/PrivateFrameworks/Ubiquity.framework/Versions/A/Ubiquity': No such file or directory
xcbuild doesn’t handle dsymutil correctly. fuser.pl does not contain
debug symbols, but xcbuild doesn’t handle this like xcodebuild does.
So, just disable the debug information. We probably should do this in
more places using xcbuild, but it requires some arbitrary patching.
These just copy commands from Products/Release/. But with #52256 we
now build .dsym directories that somehow wind up in Products/Release/.
This makes things more exact by just copying the files in Products/Release/.
Lots of stuff has gotten moved around. Many security libraries have been merged
into the Security monorepo. I’ve cleared them out for now, we will
need to modify Security to build them!
This also moves some things around to more clearly separate
bootstrapping the stdenv from everything else. We want the “normal”
mode to be the non-bootstrapped version. When you ask for “Security”,
you want the actual built software, not a crippled one.
- Add TARGET_OS_OSX to darwin.libSystem. Looks like something
introduced in 10.12. TARGET_OS_MAC is only set when building for
desktop (iOS will have TARGET_OS_MAC set)
- Bump darwin.dtrace
- Bump darwin.libpthread
- Remove SmartCardServices, libsecurity*, etc.
- Install some more headers for darling.
LTO is disabled during bootstrap to keep the bootstrap tools small and
avoid unnecessary LLVM rebuilds, but is enabled in the final stdenv
stage and should be usable by normal packages.
This also updates the bootstrap tool builder to LLVM 5, but not the ones
we actually use for bootstrap. I'll make that change in a subsequent commit
so as to provide traceable provenance of the bootstrap tools.