mirror of
https://github.com/NixOS/nixpkgs.git
synced 2025-01-22 14:45:27 +00:00
1a5bd697ad
this makes it a lot easier to create a modified stdenv with a different set of defaultHardeningFlags and as a bonus allows us to inject the correct defaultHardeningFlags into toolchain wrapper scripts, reducing repetition. while most hardening flags are arguably more of a compiler thing, it works better to put them in bintools-wrapper because cc-wrapper can easily refer to bintools but not vice-versa. mkDerivation can still easily refer to either when it is constructed. this also switches fortran-hook.sh to use the same defaults for NIX_HARDENING_ENABLE as for C. previously NIX_HARDENING_ENABLE defaults were apparently used to avoid passing problematic flags to a fortran compiler, but this falls apart as soon as mkDerivation sets its own NIX_HARDENING_ENABLE - cc.hardeningUnsupportedFlags is a more appropriate mechanism for this as it actively filters out flags from being used by the wrapper, so switch to using that instead. this is still an imperfect mechanism because it doesn't handle a compiler which has both langFortran *and* langC very well - applying the superset of the two's hardeningUnsupportedFlags to either compiler's invocation. however this is nothing new - cc-wrapper already poorly handles a langFortran+langC compiler, applying two setup hooks that have contradictory options.
73 lines
2.1 KiB
Bash
73 lines
2.1 KiB
Bash
# Binutils Wrapper hygiene
|
|
#
|
|
# See comments in cc-wrapper's setup hook. This works exactly the same way.
|
|
|
|
# Skip setup hook if we're neither a build-time dep, nor, temporarily, doing a
|
|
# native compile.
|
|
#
|
|
# TODO(@Ericson2314): No native exception
|
|
[[ -z ${strictDeps-} ]] || (( "$hostOffset" < 0 )) || return 0
|
|
|
|
bintoolsWrapper_addLDVars () {
|
|
# See ../setup-hooks/role.bash
|
|
local role_post
|
|
getHostRoleEnvHook
|
|
|
|
if [[ -d "$1/lib64" && ! -L "$1/lib64" ]]; then
|
|
export NIX_LDFLAGS${role_post}+=" -L$1/lib64"
|
|
fi
|
|
|
|
if [[ -d "$1/lib" ]]; then
|
|
# Don't add the /lib directory if it actually doesn't contain any libraries. For instance,
|
|
# Python and Haskell packages often only have directories like $out/lib/ghc-8.4.3/ or
|
|
# $out/lib/python3.6/, so having them in LDFLAGS just makes the linker search unnecessary
|
|
# directories and bloats the size of the environment variable space.
|
|
local -a glob=( $1/lib/lib* )
|
|
if [ "${#glob[*]}" -gt 0 ]; then
|
|
export NIX_LDFLAGS${role_post}+=" -L$1/lib"
|
|
fi
|
|
fi
|
|
}
|
|
|
|
# See ../setup-hooks/role.bash
|
|
getTargetRole
|
|
getTargetRoleWrapper
|
|
|
|
addEnvHooks "$targetOffset" bintoolsWrapper_addLDVars
|
|
|
|
# shellcheck disable=SC2157
|
|
if [ -n "@bintools_bin@" ]; then
|
|
addToSearchPath _PATH @bintools_bin@/bin
|
|
fi
|
|
|
|
# shellcheck disable=SC2157
|
|
if [ -n "@libc_bin@" ]; then
|
|
addToSearchPath _PATH @libc_bin@/bin
|
|
fi
|
|
|
|
# shellcheck disable=SC2157
|
|
if [ -n "@coreutils_bin@" ]; then
|
|
addToSearchPath _PATH @coreutils_bin@/bin
|
|
fi
|
|
|
|
# Export tool environment variables so various build systems use the right ones.
|
|
|
|
export NIX_BINTOOLS${role_post}=@out@
|
|
|
|
for cmd in \
|
|
ar as ld nm objcopy objdump readelf ranlib strip strings size windres
|
|
do
|
|
if
|
|
PATH=$_PATH type -p "@targetPrefix@${cmd}" > /dev/null
|
|
then
|
|
export "${cmd^^}${role_post}=@targetPrefix@${cmd}";
|
|
fi
|
|
done
|
|
|
|
# If unset, assume the default hardening flags.
|
|
: ${NIX_HARDENING_ENABLE="@default_hardening_flags_str@"}
|
|
export NIX_HARDENING_ENABLE
|
|
|
|
# No local scope in sourced file
|
|
unset -v role_post cmd upper_case
|