1
0
Fork 1
mirror of https://github.com/NixOS/nixpkgs.git synced 2024-11-23 22:20:51 +00:00
Commit graph

2253 commits

Author SHA1 Message Date
Franz Pletz d42f502c84
Revert "cc-wrapper: add stackcheck hardening (stack clash)"
This reverts commit 4150f5e8ba.

The stack protector hardening breaks the llvm_4 build.
2017-06-26 01:12:38 +02:00
Franz Pletz a4252649bf
Revert "cc-wrapper: fix darwin"
This reverts commit c3a8595276.

The stack protector hardening breaks the llvm_4 build.
2017-06-26 01:12:11 +02:00
John Ericson 87fab3d6a5 Merge some merged cross-compilation PRs into into staging 2017-06-23 20:24:27 -04:00
John Ericson 12795a7068 misc: Remove almost all uses of stdenv.{ccCross,binutils} 2017-06-22 17:53:52 -04:00
John Ericson c2e2152afc cc-wrapper: Port over finding of dynamic linker from gcc-cross-wrapper
At the next break, we can deduplicate and go for the best of both
worlds.
2017-06-22 17:53:36 -04:00
John Ericson 0aee847858 cc-wrapper: Make the cross compiler use a crossEnvHook
This is a hack until stdenv's setup.hs gets overhauled
2017-06-22 17:52:29 -04:00
Ross MacLeod c1fb71b74a cc-wrapper: when cross building, wedge in setting AR, AS, and LD env vars to their cross building versions
I think it's ok to export things which aren't wrapped. The cc-wrapper
can be thought of as responsible for all of binutils and the c
compiler, only wrapping those binaries which are necessary to
interposition---as opposed to all binaries it thinks are relevaant.

Conversely, adding the setup hook to the unwrapped compilers would be
unforunate as hooks are ugly hacks and the compilers themselves take
a long time to rebuild. Better to wholely separate "pure packages" from
hacks.
2017-06-22 17:52:28 -04:00
John Ericson 121e7d9335 gcc-cross-wrapper: Remove in favor of newly-cross-supporting cc-wrapper 2017-06-22 17:52:28 -04:00
John Ericson 8a7433fca4 cc-wrapper: Temporarily got to great lengths to avoid mass-rebuild
Eventually we should avoid this "pre-wrapping" and just update those
files in nixpkgs. This mass-rebuild change is best done along with
those needed to reduce the disparity between native and cross (i.e.
making native the "identity cross").
2017-06-22 17:52:28 -04:00
John Ericson 0f0383394d cc-wrapper: Salt environment variables with LLVM triples
We now (on cross) require per-target flag interposition by putting the
triple in the names of the relevant environment variables, e.g:

export NIX_arm_unknown_linux_gnu_CFLAGS_COMPILE=...

The wrapper also has a `infixSalt` attribute (and "_" prefixed and
suffixed variants) to assist downstream packages.

Note how that the dashes are replaced to keep the identifier valid.
Using names like this allows us to keep the settings for different
compilers seperate.

I think it might be even better to use names like `NIX_{BUILD,HOST}...`
using the platform's role rather than the platform itself, but this
would be more work as the previous stages' tools would have to be re-
wrapped to take on their new role. I therefore didn't do this for now,
but that route should be thoroughly explored in the future.
2017-06-22 17:52:28 -04:00
John Ericson 04a3cad968 cc-wrapper: Add support for no libc whatsoever 2017-06-22 17:52:27 -04:00
John Ericson d70e7263f4 cc-wrapper: Simplify and correct logic to chose dynamic linker library 2017-06-22 17:52:27 -04:00
John Ericson 459f1c60f5 cc-wrapper: Learn about target prefixes
This is first step towards getting rid of gcc-wrapper-cross
2017-06-22 17:52:27 -04:00
John Ericson c4ba2e3ef6 cc-wrapper: Remove stdenv.is* for targetPlatform.is*
Modify bootstrapping stdenvs to make sure `targetPlatform` also passed.
2017-06-22 17:52:27 -04:00
Franz Pletz c3a8595276
cc-wrapper: fix darwin
Clang doesn't support -fstack-check=specific, only -fstack-check. Still a
noop, though.
2017-06-22 02:44:04 +02:00
Franz Pletz 4150f5e8ba
cc-wrapper: add stackcheck hardening (stack clash)
This fixes the Stack Clash issue rediscovered by Qualys. See
https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt
for more information on the topic, specifically section III.

We don't have the kernel mitigation available because it is a Grsecurity
feature which we don't support anymore. Other distributions like Gentoo
Hardened and Arch already have `-fstack-check` enabled by default.

See the Gentoo page on Stack Clash for more information on this solution:
https://wiki.gentoo.org/wiki/Hardened/Gentoo_Hardened_and_Stack_Clash

This unfortunately doesn't apply to clang because `-fstack-check` is a
noop there. Note that the GCC implementation also has problems that could
be exploited to circumvent these checks but it is still better than
keeping it disabled.
2017-06-22 00:41:53 +02:00
Franz Pletz 6338c50a84
Merge branch 'master' into staging 2017-06-22 00:41:25 +02:00
Domen Kožar 55616ad938 Merge pull request #26554 from orivej/rsp
Speed up parsing @args.rsp compiler arguments
2017-06-19 11:39:17 +02:00
Thomas Tuegel be7b7d908f
Remove kdeWrapper 2017-06-18 08:43:39 -05:00
Thomas Tuegel 7b6f8dc77f
qt5: move kdeDerivation to qt5.mkDerivation 2017-06-18 08:42:19 -05:00
Orivej Desh 5413bfa8e3 Speed up parsing @args.rsp compiler arguments
Improves upon #25205

https://gist.github.com/pbogdan/9d6986bf931b58a70d75e14eb40ee8a1 parsing time is
reduced from one minute to one second
2017-06-14 18:56:44 +00:00
Profpatsch 79dd4deda5 Ultrastar (#26524)
* ultrastardx-beta: init at 1.3.5

* libbass, libbass_fx: init at 24

* ultrastar-creator: init at 2017-04-12

* buildSupport/plugins.nix: add diffPlugins

Helper function to compare expected plugin lists to the found plugins.

* ultrastar-manager: init at 2017-05-24

The plugins are built in their own derivations, speeding up (re-)compilation.
The `diffPlugins` function from `beets` is reused to test for changes in the
plugin list on updates.

* beets: switch to diffPlugins

The function is basically just extracted for better reusability.
2017-06-14 11:29:31 +02:00
Jörg Thalheim 557cc2cb63 Merge pull request #26372 from risicle/fetchsvn-unicode
fetchsvn: set LC_ALL in builder to allow svn to handle unicode filenames
2017-06-10 12:00:03 +01:00
Jörg Thalheim e2197465c1
cc-wrapper: externalize default_cxx_stdlib_compile
This value is require to get c++ std include path for libclang based tools (vim plugins in my case).
I currently extract it this with this rather command:

```
eval echo $(nix-instantiate --eval --expr 'with (import <nixpkgs>) {}; clang.default_cxx_stdlib_compile')
```

it did not trigger any recompilation on my system.
2017-06-08 19:50:40 +01:00
Jan Malakhovski d73ef2636f fetchurl: add some https ImageMagick mirrors 2017-06-07 15:27:03 +02:00
Eelco Dolstra 0996ea8a68
NixOS VM tests: Don't create a setgid group in vde_switch
Nix no longer allows this for security reasons.

http://hydra.nixos.org/build/53993125
2017-06-07 11:57:36 +02:00
Robert Scott 60dcb9cc01 fetchsvn: set LC_ALL in builder to allow svn to handle unicode filenames 2017-06-04 13:41:28 +01:00
Jörg Thalheim ee22e3de08 Merge pull request #26358 from LnL7/fetchgit-postfetch
fetchgit: add postFetch argument
2017-06-04 11:14:03 +01:00
Joe Hermaszewski a81f45386b fetchdarcs: Use NIX_SSL_CERT_FILE
`SSL_CERT_FILE` has been replaced with `NIX_SSL_CERT_FILE`.

Before this change using `fetchdarcs` resulted in an error message like:

```
Identifying repository http://hub.darcs.net/scravy/easyplot inventory

darcs failed:  Not a repository: http://hub.darcs.net/scravy/easyplot (Peer certificate cannot be authenticated with given CA certificates)

HINT: Do you have the right URI for the repository?

builder for ‘/nix/store/imyvcs6lvb5yva66krc5wk39931sam8v-fetchdarcs.drv’ failed with exit code 2
```
2017-06-03 20:35:37 +01:00
Daiderd Jordan 7567c5c1ee
fetchgit: add postFetch argument 2017-06-03 20:51:01 +02:00
Rodney Lorrimar 9e56cddf13 emacsWithPackages: support installing larger packages
I was getting the following error building tide from Melpa:

    nix-build  -E '(import <nixpkgs> {}).emacs25WithPackages (p: [p.melpaPackages.tide])'

    File tide-20170509.1134.tar is large (10.2M), really open? (y or n) Error reading from stdin
    builder for ‘/nix/store/gs9ik7yf8iilsikkfing74i70m0diax3-emacs-tide-20170509.1134.drv’ failed with exit code 255
    cannot build derivation ‘/nix/store/m3p080aani4rw82llp8nqk93cw2nvirk-emacs-with-packages-25.2.drv’: 1 dependencies couldn't be built

Solution was to disable the large file warning threshold when
installing packages.
2017-05-29 12:56:09 +01:00
Ryan Trinkle 0916c26ed6 symlinkJoin: eliminate lndir spam
By default lndir outputs the name of each subdirectory as it descends into it; this commit gives it the -silent flag to disable this behavior
2017-05-27 16:19:34 -04:00
Jaka Hudoklin 112f5229d8 Merge pull request #26131 from matejc/pkgs/build-support/docker/pull
docker tools: fix pull image function
2017-05-27 12:44:34 +02:00
Matej Cotman 8d3cb0af9e docker tools: fix pull image function 2017-05-26 18:48:16 +02:00
Vladimír Čunát 00672dec8a
Merge older staging
This still causes some uncached rebuilds, but master(!) and staging
move too fast forward rebuild-wise, so Hydra might never catch up.
(There are also other occasional problems.)
Therefore I merge at this point where the rebuild isn't that bad.
2017-05-26 15:45:43 +02:00
Eelco Dolstra dc4e2cd70f Merge pull request #26062 from cleverca22/libredirect
libredirect: allow null paths
2017-05-24 18:09:55 +02:00
Mateusz Naściszewski 00572d595c
ipfs: 0.4.6 -> 0.4.9 2017-05-24 16:31:17 +02:00
michael bishop 5677ce2008
libredirect: allow null paths 2017-05-24 11:29:06 -03:00
Vladimír Čunát 8004e79415
Merge branch 'master' into staging 2017-05-24 03:24:06 +02:00
Benno Fünfstück 19d3cf81d3 rust: fix fetch-cargo-deps for git dependencies
We need to make sure that `$revs` ends with a space, since files must always
end with newlines. The previous code ignored the last entry in `$revs`, because
read already returns non-zero exit code for the last entry, as it does not end
with a space.
2017-05-23 10:01:33 +02:00
Frederik Rietdijk 99cfab07b9 Merge remote-tracking branch 'upstream/master' into HEAD 2017-05-22 09:21:40 +02:00
Matthew Bauer 2c0006521b
emacsWithPackages: wrap MacOS app
fixes #22893
2017-05-20 18:51:32 -05:00
Shea Levy b71b7ee622 fetchFromGitHub: Allow private repos, hosted githubs 2017-05-19 15:38:01 -04:00
Vladimír Čunát 8b01ec9a9e
Merge branch 'master' into staging 2017-05-10 00:54:53 +02:00
Eelco Dolstra 31c2d20621
debian: 8.7 -> 8.8 2017-05-08 16:02:38 +02:00
Eelco Dolstra 94d164dd7f
Add a setup hook for detecting $TMPDIR references in RPATHs and wrapper scripts 2017-05-04 20:23:57 +02:00
Linus Heckemann 33962a4420 stdenv: fix "grep: invalid range" 2017-05-04 16:54:01 +01:00
Frederik Rietdijk c520e79842 Merge remote-tracking branch 'upstream/master' into HEAD 2017-05-03 09:59:49 +02:00
Vladimír Čunát 1bcd56b6e6
Merge branch 'master' into staging
There's been a very large rebuild on master, unfortunately.
pytestcov conflict: I'm not really sure what should be propagated.
2017-05-02 16:01:48 +02:00
Utku Demir 5a78bed2bb Fix documentation of emacsWithPackages
After [this change](901a778c77), it should be `overrideScope` instead of `override`.
2017-05-02 09:52:04 +12:00