1
0
Fork 1
mirror of https://github.com/NixOS/nixpkgs.git synced 2024-11-25 07:00:43 +00:00
Commit graph

194 commits

Author SHA1 Message Date
David McFarland 63a1a2ac63 stdenv: disable -fPIC on cygwin
It's always on, and you get a warning if you specify it
2017-06-26 09:33:44 -03:00
Franz Pletz d42f502c84
Revert "cc-wrapper: add stackcheck hardening (stack clash)"
This reverts commit 4150f5e8ba.

The stack protector hardening breaks the llvm_4 build.
2017-06-26 01:12:38 +02:00
Franz Pletz a4252649bf
Revert "cc-wrapper: fix darwin"
This reverts commit c3a8595276.

The stack protector hardening breaks the llvm_4 build.
2017-06-26 01:12:11 +02:00
John Ericson 87fab3d6a5 Merge some merged cross-compilation PRs into into staging 2017-06-23 20:24:27 -04:00
John Ericson 12795a7068 misc: Remove almost all uses of stdenv.{ccCross,binutils} 2017-06-22 17:53:52 -04:00
John Ericson c2e2152afc cc-wrapper: Port over finding of dynamic linker from gcc-cross-wrapper
At the next break, we can deduplicate and go for the best of both
worlds.
2017-06-22 17:53:36 -04:00
John Ericson 0aee847858 cc-wrapper: Make the cross compiler use a crossEnvHook
This is a hack until stdenv's setup.hs gets overhauled
2017-06-22 17:52:29 -04:00
Ross MacLeod c1fb71b74a cc-wrapper: when cross building, wedge in setting AR, AS, and LD env vars to their cross building versions
I think it's ok to export things which aren't wrapped. The cc-wrapper
can be thought of as responsible for all of binutils and the c
compiler, only wrapping those binaries which are necessary to
interposition---as opposed to all binaries it thinks are relevaant.

Conversely, adding the setup hook to the unwrapped compilers would be
unforunate as hooks are ugly hacks and the compilers themselves take
a long time to rebuild. Better to wholely separate "pure packages" from
hacks.
2017-06-22 17:52:28 -04:00
John Ericson 8a7433fca4 cc-wrapper: Temporarily got to great lengths to avoid mass-rebuild
Eventually we should avoid this "pre-wrapping" and just update those
files in nixpkgs. This mass-rebuild change is best done along with
those needed to reduce the disparity between native and cross (i.e.
making native the "identity cross").
2017-06-22 17:52:28 -04:00
John Ericson 0f0383394d cc-wrapper: Salt environment variables with LLVM triples
We now (on cross) require per-target flag interposition by putting the
triple in the names of the relevant environment variables, e.g:

export NIX_arm_unknown_linux_gnu_CFLAGS_COMPILE=...

The wrapper also has a `infixSalt` attribute (and "_" prefixed and
suffixed variants) to assist downstream packages.

Note how that the dashes are replaced to keep the identifier valid.
Using names like this allows us to keep the settings for different
compilers seperate.

I think it might be even better to use names like `NIX_{BUILD,HOST}...`
using the platform's role rather than the platform itself, but this
would be more work as the previous stages' tools would have to be re-
wrapped to take on their new role. I therefore didn't do this for now,
but that route should be thoroughly explored in the future.
2017-06-22 17:52:28 -04:00
John Ericson 04a3cad968 cc-wrapper: Add support for no libc whatsoever 2017-06-22 17:52:27 -04:00
John Ericson d70e7263f4 cc-wrapper: Simplify and correct logic to chose dynamic linker library 2017-06-22 17:52:27 -04:00
John Ericson 459f1c60f5 cc-wrapper: Learn about target prefixes
This is first step towards getting rid of gcc-wrapper-cross
2017-06-22 17:52:27 -04:00
John Ericson c4ba2e3ef6 cc-wrapper: Remove stdenv.is* for targetPlatform.is*
Modify bootstrapping stdenvs to make sure `targetPlatform` also passed.
2017-06-22 17:52:27 -04:00
Franz Pletz c3a8595276
cc-wrapper: fix darwin
Clang doesn't support -fstack-check=specific, only -fstack-check. Still a
noop, though.
2017-06-22 02:44:04 +02:00
Franz Pletz 4150f5e8ba
cc-wrapper: add stackcheck hardening (stack clash)
This fixes the Stack Clash issue rediscovered by Qualys. See
https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt
for more information on the topic, specifically section III.

We don't have the kernel mitigation available because it is a Grsecurity
feature which we don't support anymore. Other distributions like Gentoo
Hardened and Arch already have `-fstack-check` enabled by default.

See the Gentoo page on Stack Clash for more information on this solution:
https://wiki.gentoo.org/wiki/Hardened/Gentoo_Hardened_and_Stack_Clash

This unfortunately doesn't apply to clang because `-fstack-check` is a
noop there. Note that the GCC implementation also has problems that could
be exploited to circumvent these checks but it is still better than
keeping it disabled.
2017-06-22 00:41:53 +02:00
Orivej Desh 5413bfa8e3 Speed up parsing @args.rsp compiler arguments
Improves upon #25205

https://gist.github.com/pbogdan/9d6986bf931b58a70d75e14eb40ee8a1 parsing time is
reduced from one minute to one second
2017-06-14 18:56:44 +00:00
Jörg Thalheim e2197465c1
cc-wrapper: externalize default_cxx_stdlib_compile
This value is require to get c++ std include path for libclang based tools (vim plugins in my case).
I currently extract it this with this rather command:

```
eval echo $(nix-instantiate --eval --expr 'with (import <nixpkgs>) {}; clang.default_cxx_stdlib_compile')
```

it did not trigger any recompilation on my system.
2017-06-08 19:50:40 +01:00
Orivej Desh e9adf383e6 Fix parsing @args.rsp compiler arguments 2017-04-25 13:29:43 +00:00
Tuomas Tynkkynen 7c8a060c09 stdenv: Bringup aarch64 architecture support 2017-01-25 00:01:51 +02:00
John Ericson 09401d44eb cc-wrapper: Remove unneeded crossAttrs 2017-01-24 11:37:56 -05:00
David McFarland 175461e09b cc-wrapper: don't expand $ in response files
This makes the response file handling more consistent with GCC.

For example, a reponse file may contain:

    "-Wl,$ORIGIN"

GCC will treat this as a double quoted string and not expand the
variable reference.  Previously, cc-wrapper would expand the variable
in the same was as if the string was provided on the command line.
2016-11-19 20:21:32 -04:00
Shea Levy 225602d9f2 Merge branch 'response-files' of git://github.com/corngood/nixpkgs into staging 2016-10-31 10:07:30 -04:00
David McFarland 1ad1edbb32 cc-wrapper: expand response files
Fixes #11762
2016-10-31 01:12:07 -03:00
David McFarland 2b6659e13e cc-wrapper: fix detection of unsupported linker flags on cygwin 2016-10-18 17:52:20 -03:00
Shea Levy eca0f17ad2 nix-buffer support improvements.
Use inherit-local, add per-package elisp hooks.
2016-10-07 10:31:37 -04:00
Markus Hauck aafbd40577 Replace hard coded /bin/bash occurrences 2016-10-04 20:15:37 +02:00
Franz Pletz c0fa26ef3b Merge remote-tracking branch 'origin/master' into hardened-stdenv 2016-08-24 11:01:53 +02:00
Franz Pletz 8576aea57c cc-wrapper: fix detection of unsupported linker flags 2016-08-24 10:59:52 +02:00
Franz Pletz 3c06e5f6f7 cc-wrapper: check ld hardening capabilities in stdenv 2016-08-23 18:13:31 +02:00
Robin Gloster 07604ad631 add-hardening.sh: fix quotation 2016-08-23 15:27:51 +00:00
Robin Gloster 335d0097cf cc-wrapper: add-{flags,hardening} -> add-{flags,hardening}.sh 2016-08-23 15:27:51 +00:00
Nikolay Amiantov 24f695ffaa cc-wrapper: handle -nostdinc{++,} 2016-08-17 13:19:46 +03:00
Robin Gloster 5185bc1773 Merge remote-tracking branch 'upstream/master' into hardened-stdenv 2016-07-15 14:41:01 +00:00
Tuomas Tynkkynen a06a405d0b cross GCC: Fix some paths to libc headers (after multiple outputs)
It's not completely clear to me why the path to libc headers is set
differently when cross building...
2016-06-11 04:15:17 +03:00
Franz Pletz f8d481754c
Merge remote-tracking branch 'origin/master' into hardened-stdenv 2016-05-18 17:10:02 +02:00
Vladimír Čunát 2cbb7bf9d1 cc-wrapper: add -B flag with cc.lib
This fixes `gcc --print-file-name=libstdc++.so`
and thus it should fix #14967.
2016-05-04 14:23:54 +02:00
Nikolay Amiantov 5ff40ddedf add get* helper functions and mass-replace manual outputs search with them 2016-04-25 13:24:39 +03:00
Robin Gloster d020caa5b2 Merge remote-tracking branch 'upstream/master' into hardened-stdenv 2016-04-18 13:49:22 +00:00
Robin Gloster 3e68106afd Merge remote-tracking branch 'upstream/master' into hardened-stdenv 2016-04-07 21:52:26 +00:00
Vladimír Čunát d1df28f8e5 Merge 'staging' into closure-size
This is mainly to get the update of bootstrap tools.
Otherwise there were mysterious segfaults:
https://github.com/NixOS/nixpkgs/pull/7701#issuecomment-203389817
2016-04-07 14:40:51 +02:00
Tomasz Kontusz 6c9ce23c00 cc-wrapper: Fix a typo in param parsing (close #14401) 2016-04-02 20:51:48 +02:00
Vladimír Čunát ab15a62c68 Merge branch 'master' into closure-size
Beware that stdenv doesn't build. It seems something more will be needed
than just resolution of merge conflicts.
2016-04-01 10:06:01 +02:00
Robin Gloster f60c9df0ba Merge remote-tracking branch 'upstream/master' into hardened-stdenv 2016-03-28 15:16:29 +00:00
Nikolay Amiantov 119c287c71 cc-wrapper: use Bash arrays properly 2016-03-24 21:13:11 +03:00
Nikolay Amiantov 0c6db0ca48 cc-wrapper: add option to skip flags for native optimizations 2016-03-24 20:16:17 +03:00
Nikolay Amiantov 87607af7a1 cc-wrapper: add C++-specific paths if -x c++ is passed 2016-03-14 06:58:18 +03:00
Robin Gloster a9b942c061 cc-wrapper: treat hardeningDisable as string
This fixes passing the env variable to the ld-wrapper through the gcc
call. Wtf?!
2016-03-14 00:26:52 +00:00
Tristan Helmich 1a5acdb695 cc-wrapper: Add additional NIX_DEBUG statements 2016-03-11 14:02:07 +01:00
Tristan Helmich 7e2e0dfe7a cc-wrapper: Use stderr for NIX_DEBUG output
Otherwise configure scripts might break when looking for the path to ld
2016-03-10 15:47:55 +01:00
Franz Pletz 514a478e61 cc-wrapper: Fix if syntax 2016-03-09 10:08:07 +01:00
Robin Gloster 9a5b070b45 hardening: debug with NIX_DEBUG 2016-03-08 20:51:35 +00:00
Vladimír Čunát 09af15654f Merge master into closure-size
The kde-5 stuff still didn't merge well.
I hand-fixed what I saw, but there may be more problems.
2016-03-08 09:58:19 +01:00
Franz Pletz baee91ec60 cc-wrapper: Check if ld supports -z, fixes darwin 2016-03-07 21:40:20 +01:00
Franz Pletz b2b499e6c4 cc-wrapper: Increase number of functions for stackprotector 2016-03-07 01:30:40 +01:00
Franz Pletz ab1092875a cc-wrapper: Disable pie for linking static libs 2016-03-07 01:30:39 +01:00
Franz Pletz 63f60b6a13 cc-wrapper: Disable pie when linking shared libraries 2016-03-07 01:30:39 +01:00
Franz Pletz 05a02c53a0 cc-wrapper: -pie is a ldflag 2016-03-06 00:14:55 +01:00
Franz Pletz aff1f4ab94 Use general hardening flag toggle lists
The following parameters are now available:

  * hardeningDisable
    To disable specific hardening flags
  * hardeningEnable
    To enable specific hardening flags

Only the cc-wrapper supports this right now, but these may be reused by
other wrappers, builders or setup hooks.

cc-wrapper supports the following flags:

  * fortify
  * stackprotector
  * pie (disabled by default)
  * pic
  * strictoverflow
  * format
  * relro
  * bindnow
2016-03-05 18:55:26 +01:00
Eelco Dolstra d5bb6a1f9c glibc: Enable separate debug symbols
The importance of glibc makes it worthwhile to provide debug
symbols. However, this revealed an issue with separateDebugInfo: it
was indiscriminately adding --build-id to all ld invocations, while in
fact it should only do that for final links. Glibc also uses non-final
("relocatable") links, leading to subsequent failure to apply a build
ID ("Cannot create .note.gnu.build-id section, --build-id
ignored"). So now ld-wrapper.sh only passes --build-id for final
links.
2016-02-28 02:57:37 +01:00
Eelco Dolstra 2040a9ac57 stdenv-linux: Ensure binutils comes before bootstrapTools in $PATH
Otherwise, when building glibc and other packages, the "strip" from
bootstrapTools is used, which doesn't recognise some tags produced by
the newer "ld" from binutils.
2016-02-28 01:13:15 +01:00
Vladimír Čunát 96cbdc70f2 cc-wrapper: fix #10574: old gcc -> cc fallout
The part with gcc-wrapper-old changes is rather unimportant,
as it's almost unused but I still tested that the sole user `gnat` builds.
2016-02-05 14:05:14 +01:00
Vladimír Čunát f89a136fd5 cc-wrapper: fixup branch interactions
c0599fdd61 and changes on closure-size didn't go well together.
2016-02-03 16:57:41 +01:00
Vladimír Čunát ae74c356d9 Merge recent 'staging' into closure-size
Let's get rid of those merge conflicts.
2016-02-03 16:57:19 +01:00
Vladimír Čunát a33fcc8731 cc-wrapper: attempt to fix on darwin
This fixes evaluation at least. I'm unable to test this myself and noone steps up;
https://github.com/NixOS/nixpkgs/pull/7701#issuecomment-174448705
however, Hydra's macs are idling so let's employ them for that.
2016-01-28 06:59:36 +01:00
Vladimír Čunát 8f48a9756b cc-wrapper: quote when saving $PATH 2016-01-25 09:54:10 +01:00
Anthony Cowley d96893647d cc-wrapper: fix on darwin
The ld-wrapper.sh script calls `readlink` in some circumstances. We need
to ensure that this is the `readlink` from the `coreutils` package so
that flag support is as expected.

This is accomplished by explicitly setting PATH at the top of each shell
script.

Without doing this, the following happens with a trivial `main.c`:

```
nix-env -f "<nixpkgs>" -iA pkgs.clang
$ clang main.c -L /nix/../nix/store/2ankvagznq062x1gifpxwkk7fp3xwy63-xnu-2422.115.4/Library -o a.out
readlink: illegal option -- f
usage: readlink [-n] [file ...]
```

The key element is the `..` in the path supplied to the linker via a
`-L` flag. With this patch, the above invocation works correctly on
darwin, whose native `/usr/bin/readlink` does not support the `-f` flag.

The explicit path also ensures that the `grep` called by `cc-wrapper.sh`
is the one from Nix.

Fixes #6447
2016-01-19 17:47:11 -05:00
Vladimír Čunát 716aac2519 Merge branch 'staging' into closure-size 2016-01-19 09:55:31 +01:00
Eelco Dolstra 2b5ed58099 cc-wrapper: Don't mess with __DATE__ and __TIME__
This is handled by $SOURCE_DATE_EPOCH now.
2016-01-05 17:21:48 +01:00
Vladimír Čunát e22d26bedb cc-wrapper: small changes, mostly just cosmetic ones 2016-01-02 11:14:09 +01:00
Luca Bruno 5b0352a6a4 Merge branch 'master' into closure-size 2015-12-11 18:31:00 +01:00
Danny Wilson f17dea3b3d Fix compilation of GCC 4.9 on SmartOS.
Fix ld-solaris-wrapper never calling ld (since gcc->cc-wrapper refactor).
2015-11-16 17:20:16 +01:00
Vladimír Čunát efcad4c910 gcc5: split $doc into $man and $info
... because cc-wrapper is meant to propagate man pages into user envs,
and info pages are rather large.

Also replace the duplicate g++ and gcc man1 pages by a symlink.
2015-10-28 10:15:55 +01:00
Vladimír Čunát 55d129609d cc-wrapper: correct ccLDFlags with multiple outputs
Note: -B argument seems more like for gcc's main output,
though it's used in a bit strange way here.
(Upstream default is /usr/lib/gcc/ which we don't move.)
2015-10-28 10:15:54 +01:00
Vladimír Čunát cd7a78d7e4 cc-wrapper: fix typo ignoring flags; fixes #10574 2015-10-28 10:15:54 +01:00
Vladimír Čunát 5227fb1dd5 Merge commit staging+systemd into closure-size
Many non-conflict problems weren't (fully) resolved in this commit yet.
2015-10-03 13:33:37 +02:00
Jude Taylor 80e09678f7 darwin: use system dyld
see https://github.com/NixOS/nixpkgs/issues/9432
2015-08-25 11:12:09 -07:00
Jude Taylor ef95107ddc make isClang work the way a user might expect 2015-08-12 11:27:54 -07:00
Vladimír Čunát 615f64dcbe gcc_multi: disable the hook moving lib64 to lib
This was preventing wine from build, and we typically don't want it
anyway in multilib builds. /cc #8706.
2015-07-20 13:43:52 +02:00
Eelco Dolstra 553abf71ba Merge remote-tracking branch 'origin/staging' into gcc-4.9
Conflicts:
	pkgs/build-support/cc-wrapper/default.nix
	pkgs/development/libraries/wayland/default.nix
	pkgs/development/tools/build-managers/cmake/default.nix
	pkgs/top-level/all-packages.nix
2015-06-01 20:08:43 +02:00
Eelco Dolstra 6671bb8be4 Remove gccStdInc
This reverts d927da8dae. Having a copy
of gcc-wrapper/setup-hook.sh is bad for maintainability - it had
already started to diverge. Also, gccStdInc gave a nix-env conflict
with the standard gcc. And it wasn't actually used in Nixpkgs.

Instead, if you really need to change "-isystem" to "-I", you can now
set ccIncludeFlag to "-I".
2015-05-13 18:17:25 +02:00
Eric Seidel 395829686d add is{GNU,Clang} attrs to cc-wrapper.
These will be more pleasant to use than the existing

    (cc.cc.isClang or false)

nonsense we currently do.
2015-05-11 14:39:36 -07:00
Vladimír Čunát d484c392aa stdenv multiple-outputs: change propagation rules
Now development stuff is propagated from the first output,
and userEnvPkgs from the one with binaries.

Also don't move *.la files (yet). It causes problems, and they're small.
2015-04-18 19:30:28 +02:00
Vladimír Čunát bf414c9d4f Merge 'staging' into closure-size
- there were many easy merge conflicts
- cc-wrapper needed nontrivial changes

Many other problems might've been created by interaction of the branches,
but stdenv and a few other packages build fine now.
2015-04-18 11:22:20 +02:00
Alexander V. Nikolaev 3311513df6 Rename ccgo back to gccgo
I believe this is result of typo, introduced in 48f63c2f.
2015-03-27 12:45:32 +02:00
Shea Levy f91dea4c0b cc-wrapper: Set default system include flags for non-gcc c++ on Linux
Without this, clang can't find libstdc++. This needs to happen in the wrapper
so that the libc++ setup hook can still override it
2015-03-06 19:04:43 +00:00
Dan Peebles 7bea6aafae Some cc-wrapper changes to better support darwin and clang:
- Add a conditional flag for the c++ std lib
- Build binaries that get linked by our own dyld (someday)
- Automatically add framework directories in the setup hook
2015-02-08 21:15:22 -05:00
Eric Seidel 6f7632a7bd update libcxx[abi] to 3.5 2015-02-03 14:02:59 -08:00
Shea Levy aea1254f96 cc-wrapper merge fixes 2015-02-02 21:30:05 -05:00
Shea Levy c45372f038 Merge commit 'cfb29ab882323d379aba20a95020c7c24f883eae'
Partial staging merge, including cc-wrapper fixes

Conflicts:
	pkgs/applications/audio/spotify/default.nix
	pkgs/build-support/cc-wrapper/default.nix
	pkgs/development/compilers/cryptol/1.8.x.nix
2015-02-02 21:14:28 -05:00
Shea Levy 9bccb95a82 cc-wrapper: Fix for cross-compiling
Fixes #5949

Suggested by @ambrop72
2015-01-25 23:29:06 -05:00
Shea Levy f326b7995c Remove libc++ stuff from cc-wrapper
This is now part of the libc++ setup hook
2015-01-16 11:30:51 -05:00
Shea Levy 7dc57a389e cc-wrapper: Set CC/CXX more specifically if possible 2015-01-16 10:50:53 -05:00
Eric Seidel 48f63c2f2e rename gcc-wrapper to cc-wrapper.
also makes cc-wrapper compatible with clang in the darwin fork.
2015-01-14 20:26:56 -08:00