John Ericson
4f7cdd35d5
Merge pull request #40139 from obsidiansystems/modular-setup-hooks
...
treewide: Modular setup hooks
2018-05-07 15:32:10 -04:00
John Ericson
8b0fce8cb1
{bintools,cc}-wrapper: Factor out role accumulation logic
2018-05-07 15:10:45 -04:00
John Ericson
0884027ef5
Revert "Revert "Merge pull request #28029 from cstrahan/hardening-fix""
...
This reverts commit 6c064e6b1f
, reapplying
PR #28029 which was supposed to have gone to staging all along.
2018-04-11 14:00:13 -04:00
Matthew Bauer
6c064e6b1f
Revert "Merge pull request #28029 from cstrahan/hardening-fix"
...
This reverts commit 0dbc006760
, reversing
changes made to cb7f774265
.
Should go into staging.
2018-04-10 19:07:27 -05:00
Charles Strahan
806edaa0a2
hardening: ld wrapper changes, setup-hook, etc
2018-03-06 19:21:10 -05:00
Charles Strahan
634c748050
hardening: initial cross support
2018-03-06 18:03:13 -05:00
Charles Strahan
fc46895e86
hardening: allow user supplied flags to override
...
Put hardening flags before user supplied flags.
2018-03-06 00:30:09 -05:00
John Ericson
8e557ed2c5
bintools-wrapper: Init
...
Factor a bintools (i.e. binutils / cctools) wrapper out of cc-wrapper. While
only LD is wrapped, the setup hook defines environment variables on behalf of
other utilites.
2017-12-13 16:08:18 -05:00
John Ericson
4f869bccc1
cc-wrapper: Don't treat "-" alone as a flag
...
It means stdin, and is morally equivalent to passing a file. e.g.
$ echo 'int main(void) { return 0; }' | gcc -x c -
will compile and link a binary.
2017-12-13 16:08:17 -05:00
John Ericson
fc7ed86915
cc-wrapper: Pull variable mangler into utils.sh
...
In preparation for splitting out bintools-wrapper
2017-12-13 16:08:13 -05:00
Nikolay Amiantov
5f3b84e979
cc-wrapper: disable POSIX compatibility
2017-11-05 12:19:37 +02:00
John Ericson
fdbda216b1
cc-wrapper: Clean up dynamic linking with x86 multilib
...
It's better layering to do everything in ld-wrapper. Also, use numeric
comparisons for `relocatable`.
2017-09-28 20:05:26 -04:00
John Ericson
0d3d2a01d2
cc-wrapper: Add set -x
tracing for NIX_DEBUG >= 7
2017-09-26 11:24:19 -04:00
John Ericson
127a5f3357
treewide: Use (( "${NIX_DEBUG:-0}" >= 1) ))
consistently
2017-09-26 11:24:19 -04:00
Eelco Dolstra
ec8d41f08c
Revert "Merge pull request #28557 from obsidiansystems/binutils-wrapper"
...
This reverts commit 0a944b345e
, reversing
changes made to 61733ed6cc
.
I dislike these massive stdenv changes with unclear motivation,
especially when they involve gratuitous mass renames like NIX_CC ->
NIX_BINUTILS. The previous such rename (NIX_GCC -> NIX_CC) caused
months of pain, so let's not do that again.
2017-09-07 12:51:21 +02:00
John Ericson
40e9b2a7e6
binutils-wrapper: Init
...
Factor a binutils wrapper out of cc-wrapper. While only LD is wrapped,
the setup hook defines environment variables on behalf of other
utilites.
2017-09-01 11:44:55 -04:00
John Ericson
1f5807d760
cc-wrapper: Pull variable mangler into utils.sh
...
In preparation for splitting out binutils-wrapper
2017-09-01 11:44:54 -04:00
John Ericson
94c0267fc1
cc-wrapper: Clean up dynamic linking with x86 multilib
...
It's better layering to do everything in ld-wrapper.
2017-09-01 11:44:54 -04:00
John Ericson
46fd4bcb14
cc-wrapper: Remove {START,EXEC}_HOOK
...
These are no longer used by anything
2017-08-31 13:54:07 -04:00
John Ericson
822a8d0148
cc-wrapper: Remove redundant hardening
...
GCC just passes `-z ...` flags to ld unaltered, and they are already
passed to LD anyways. On the other hand, `-pie` affects gcc behavior
too.
2017-08-30 17:53:42 +02:00
John Ericson
3c9cf282bb
cc-wrapper: Improve set -u
compliance
2017-08-14 14:44:32 -04:00
John Ericson
2493454e13
cc-wrapper: Use set -u
throughout
...
Now is an opportune time to do this, as the infixSalt conversion in
`add-flags.sh` ensures that all the relevant `NIX_*` vars will be
defined even if empty.
2017-08-07 03:05:51 -04:00
John Ericson
9f1e009975
cc-wrapper: Unconditionally use @infixSalt@ accross the board
...
This is basically a sed job, in preparation of the next commit. The
rules are more or less:
- s"NIX_(.._WRAPPER_)?([a-zA-Z0-9@]*)"NIX_\1@infixSalt@_\2"g
- except for non-cc-wrapper-specific vars like `NIX_DEBUG`
2017-08-07 03:05:50 -04:00
John Ericson
6463fd3d7e
cc-wrapper: Pass shellcheck and other cleanups
...
In many cases, this involved taking @orivej's and @edolstra's recent
ld-wrapper improvements, and applying then elsewhere.
2017-08-04 12:47:29 -04:00
Eelco Dolstra
aa4a92d2df
cc-wrapper/ld-wrapper: Minor speedup in string concatenation
...
There is still a O(n) pattern match in ld-wrapper, so we should
probably rewrite that code to use associative arrays.
2017-07-24 14:48:26 +02:00
Shea Levy
225602d9f2
Merge branch 'response-files' of git://github.com/corngood/nixpkgs into staging
2016-10-31 10:07:30 -04:00
David McFarland
1ad1edbb32
cc-wrapper: expand response files
...
Fixes #11762
2016-10-31 01:12:07 -03:00
obadz
24a9183f90
Merge branch 'hardened-stdenv' into staging
...
Closes #12895
Amazing work by @globin & @fpletz getting hardened compiler flags by
enabled default on the whole package set
2016-08-22 01:19:35 +01:00
Nikolay Amiantov
24f695ffaa
cc-wrapper: handle -nostdinc{++,}
2016-08-17 13:19:46 +03:00
Robin Gloster
d020caa5b2
Merge remote-tracking branch 'upstream/master' into hardened-stdenv
2016-04-18 13:49:22 +00:00
Robin Gloster
3e68106afd
Merge remote-tracking branch 'upstream/master' into hardened-stdenv
2016-04-07 21:52:26 +00:00
Vladimír Čunát
d1df28f8e5
Merge 'staging' into closure-size
...
This is mainly to get the update of bootstrap tools.
Otherwise there were mysterious segfaults:
https://github.com/NixOS/nixpkgs/pull/7701#issuecomment-203389817
2016-04-07 14:40:51 +02:00
Tomasz Kontusz
6c9ce23c00
cc-wrapper: Fix a typo in param parsing ( close #14401 )
2016-04-02 20:51:48 +02:00
Vladimír Čunát
ab15a62c68
Merge branch 'master' into closure-size
...
Beware that stdenv doesn't build. It seems something more will be needed
than just resolution of merge conflicts.
2016-04-01 10:06:01 +02:00
Robin Gloster
f60c9df0ba
Merge remote-tracking branch 'upstream/master' into hardened-stdenv
2016-03-28 15:16:29 +00:00
Nikolay Amiantov
119c287c71
cc-wrapper: use Bash arrays properly
2016-03-24 21:13:11 +03:00
Nikolay Amiantov
0c6db0ca48
cc-wrapper: add option to skip flags for native optimizations
2016-03-24 20:16:17 +03:00
Nikolay Amiantov
87607af7a1
cc-wrapper: add C++-specific paths if -x c++
is passed
2016-03-14 06:58:18 +03:00
Franz Pletz
baee91ec60
cc-wrapper: Check if ld supports -z, fixes darwin
2016-03-07 21:40:20 +01:00
Franz Pletz
aff1f4ab94
Use general hardening flag toggle lists
...
The following parameters are now available:
* hardeningDisable
To disable specific hardening flags
* hardeningEnable
To enable specific hardening flags
Only the cc-wrapper supports this right now, but these may be reused by
other wrappers, builders or setup hooks.
cc-wrapper supports the following flags:
* fortify
* stackprotector
* pie (disabled by default)
* pic
* strictoverflow
* format
* relro
* bindnow
2016-03-05 18:55:26 +01:00
Vladimír Čunát
f89a136fd5
cc-wrapper: fixup branch interactions
...
c0599fdd61
and changes on closure-size didn't go well together.
2016-02-03 16:57:41 +01:00
Vladimír Čunát
8f48a9756b
cc-wrapper: quote when saving $PATH
2016-01-25 09:54:10 +01:00
Anthony Cowley
d96893647d
cc-wrapper: fix on darwin
...
The ld-wrapper.sh script calls `readlink` in some circumstances. We need
to ensure that this is the `readlink` from the `coreutils` package so
that flag support is as expected.
This is accomplished by explicitly setting PATH at the top of each shell
script.
Without doing this, the following happens with a trivial `main.c`:
```
nix-env -f "<nixpkgs>" -iA pkgs.clang
$ clang main.c -L /nix/../nix/store/2ankvagznq062x1gifpxwkk7fp3xwy63-xnu-2422.115.4/Library -o a.out
readlink: illegal option -- f
usage: readlink [-n] [file ...]
```
The key element is the `..` in the path supplied to the linker via a
`-L` flag. With this patch, the above invocation works correctly on
darwin, whose native `/usr/bin/readlink` does not support the `-f` flag.
The explicit path also ensures that the `grep` called by `cc-wrapper.sh`
is the one from Nix.
Fixes #6447
2016-01-19 17:47:11 -05:00
Eelco Dolstra
2b5ed58099
cc-wrapper: Don't mess with __DATE__ and __TIME__
...
This is handled by $SOURCE_DATE_EPOCH now.
2016-01-05 17:21:48 +01:00
Shea Levy
f91dea4c0b
cc-wrapper: Set default system include flags for non-gcc c++ on Linux
...
Without this, clang can't find libstdc++. This needs to happen in the wrapper
so that the libc++ setup hook can still override it
2015-03-06 19:04:43 +00:00
Dan Peebles
7bea6aafae
Some cc-wrapper changes to better support darwin and clang:
...
- Add a conditional flag for the c++ std lib
- Build binaries that get linked by our own dyld (someday)
- Automatically add framework directories in the setup hook
2015-02-08 21:15:22 -05:00
Shea Levy
f326b7995c
Remove libc++ stuff from cc-wrapper
...
This is now part of the libc++ setup hook
2015-01-16 11:30:51 -05:00
Eric Seidel
48f63c2f2e
rename gcc-wrapper to cc-wrapper.
...
also makes cc-wrapper compatible with clang in the darwin fork.
2015-01-14 20:26:56 -08:00