Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

cctools: 973.0.1 -> 1010.6 #307880

Draft
wants to merge 130 commits into
base: staging
Choose a base branch
from
Draft

cctools: 973.0.1 -> 1010.6 #307880

wants to merge 130 commits into from

Conversation

reckenrode
Copy link
Contributor

Description of changes

This PR updates cctools and ld64. It also fixes related breakage. It is currently set to draft until 24.05 is released. I will be rebasing weekly against staging, resolving any merge conflicts then. Before updating the ld64 branch, I build my configs and the Darwin channel blockers to confirm no regressions.

The following notes are copied from https://discourse.nixos.org/t/darwin-updates-news/42249/10.

Packaging Changes

  • cctools, ld64, and libtapi are now built from Apple’s OSS distributions repo instead of the cctools-port and apple-libtapi repos.
  • These versions (cctools 1010.6, ld64 951.9, libtapi 1500.0.12.3) correspond to the versions shipped with Xcode 15. cctools and ld64 are current as of Xcode 15.3. Packages should no longer have to patch around missing flags or feature support.
  • Restoring Linux support is a WIP. I have made some changes to use non-private and non-portable APIs, but I am currently focused on getting Darwin updates first.
  • The packages have been moved to the by-name hierarchy. Aliases are provided to the old names, but there are some breaking changes (see below).
  • cctools is now only cctools. This is technically a breaking change (see below). ld64 has been moved to its own, separate package.
  • darwin.binutils is now the package that defines the mix of cctools and LLVM tools. It has been update with additional tools. See below for the breakdown of what it contains.
  • The build system has been replaced with Meson. I did this because dealing with xcbuild stinks, and these packages eventually need to support Linux for cross-compilation.
  • corecrypto and CommonCrypto hashing APIs are reimplemented using OpenSSL on both Darwin (and eventually) Linux. cctools-port only does this on non-Darwin platforms.
  • libtapi has been split into separate out and lib outputs. Most packages only need libtapi.dylib, which is ~500 KiB compared to ~30 MiB for the tapi binary.
  • libtapi is linked against zlib. I don’t know what it uses zlib to do, but the upstream libtapi is also linked against zlib, and I want to match what upstream is doing.

Note: ld-prime is will not be packaged because it is not currently included in the source releases. While I think it’s unlikely, ld-prime will be added separately as a new package should the source be released.

New Features

  • LTO support. With this update, LTO works. I had to patch ld64 to look for libLTO.dylib in the store and clang to pass the correct path (see llvmPackages_{12,13,14,15,16,17,18,git}.clang: fix libLTO.dylib path #304350). I bootstrap ld64 and link it with itself with LTO enabled to make sure that LTO actually works.
  • Code directory support. cctools is built with libcodedirectory support, which allows strip and install_name_tool to identify linker-created signatures and update them automatically. This removes the need for postLinkSignHook and actually makes it harmful to continue using it by default (because it prevents automatic signature updates by replacing them with a non-linker-created signature).

Breaking Changes

  • ld64 and cctools use GCD (libdispatch) for parallelism. This should improve performance, but it technically ups the required macOS version to 10.14. The APIs it uses are present under different names in 10.12, so I have attempted to patch around them. It builds with the 10.12 SDK, but it will need testing to confirm the tools actually work. This was the driver of updating the default SDK on x86_64-darwin for 24.11.
  • Apple removed support for nested static archives from ld64. This happened with the release of Xcode 14, so it has been out in the ecosystem for a few years. Hopefully packages have adapted by now. For example, Kyua adds libutils.a to libcli.a using libcli_a_LIBADD in automake. This will fail to link with ld64 951.9.
  • ld64 is more picking about command-line arguments. Passing -rpath when merging Mach-O object files fails.
  • GNU as has been moved to the cctools^gas output. -q and -Q flags are supported to control whether it calls GNU as or the clang assembler (matching the upstream behavior of as).
  • cctools only provides binaries from cctools. ld64 is a separate package now.
  • darwin.cctools-apple, darwin.cctools-port, and darwin.cctools-llvm are replaced by just cctools. cctools-llvm is an alias to darwin.bintools.
  • The old names can’t be used in nixpkgs because aliases are disabled when ofborg eval is run. The PR updating the tools will include changes for all packages using the old names. (Updates for LTO will be done in a separate PR or PRs.)
  • Use of postLinkSignHook has been removed from bintools-wrapper. Because it removes linker-created signatures, it breaks the automatic updating of signatures by strip and install_name_tool. Unless you’re manually invoking codesign, you shouldn’t be affected. install_name_tool will do the right thing by default.
  • strip and install_name_tool are no longer wrapped with sigtool. If you are modifying linker-signed binaries, which should be the typical case, they will update the signatures automatically. If you are manually invoking codesign, you will need to update the signatures manually after running strip or install_name_tool.

stdenv updates

  • Stage 2 has been collapsed from two parts into one stage. The source-based CF is not coming back. It adds a lot of complexity to the bootstrap.
  • As noted in breaking changes, the Darwin stdenv no longer provides bintools using postLinkSignHook. Once the bootstrap tools are updated with these releases, it may be possible to drop sigtool completely from the bootstrap. Until that happens, early stages manually implement postLinkSignHook because the bootstrap tools ld64 does not appear capable of signing binaries on its own.
  • As part of this update, I have to update the stdenv to use the new paths.
  • The overall stdenv size is down by ~20 MiB due to dropping tapi from the closure. It also drops signtool and signingUtils, but those binaries are small.
  • curl and GNU binutils throw when used during the bootstrap. curl should never be used during the bootstrap (to allow it to be updated without triggering a whole rebuild of Darwin). GNU binutils generally shouldn’t be used on Darwin (e.g., Rust 1.77 will clash harder with GNU binutils on Darwin Nix #299606), so the bootstrap shouldn’t need to use it.

darwin.bintools changes

darwin.bintools changes

  • c++filter is no longer linked from GNU binutils. It is linked from LLVM. A handful of packages are linked from cctools because LLVM does not provided drop-in replacements for them. The lists of tools are exported as attributes on darwin.bintools (llvm_cmds and cctools_cmds respectively). All binaries are symlinked to their traditional names (e.g., llvm-strip is symlinked to strip).
    • LLVM tools: addr2line, ar, c++filt, dsymutil, lipo, install-name-tool, nm, objcopy, objdump, otool, size, strings, strip
    • cctools tools: codesign_allocate, gprof, ranlib (and ld from ld64)
  • Darwin is still isCCTools and not isLLVM because it does not use lld by default. Maybe that could change with lld 18, but I’m doubtful.

Resolved Issues

Things done

  • Built on platform(s)
    • x86_64-linux
    • aarch64-linux
    • x86_64-darwin
    • aarch64-darwin
  • For non-Linux: Is sandboxing enabled in nix.conf? (See Nix manual)
    • sandbox = relaxed
    • sandbox = true
  • Tested, as applicable:
  • Tested compilation of all packages that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage
  • Tested basic functionality of all binary files (usually in ./result/bin/)
  • 24.05 Release Notes (or backporting 23.05 and 23.11 Release notes)
    • (Package updates) Added a release notes entry if the change is major or breaking
    • (Module updates) Added a release notes entry if the change is significant
    • (Module addition) Added a release notes entry if adding a new NixOS module
  • Fits CONTRIBUTING.md.

Add a 👍 reaction to pull requests you find important.

@nixos-discourse
Copy link

This pull request has been mentioned on NixOS Discourse. There might be relevant details there:

https://discourse.nixos.org/t/darwin-updates-news/42249/12

@reckenrode
darwin.stdenv: build llvmPackages.libunwind along with libc++ and lib…
3f1a9e4 
…c++abi
@reckenrode
darwin.configd: remove dependency on CF for private headers
6df15be
@reckenrode
darwin.libdispatch: 442.1.4 -> 703.50.37
26b6000
@reckenrode
darwin.Libsystem: use lib.getDev instead of assuming the output exists
47636b4
@reckenrode
ld-wrapper: use a temporary file for reponse file
02bf7b6 
This changes ld-wrapper to use a temporary file for the response file
passed to ld instead of using process substitution.

ld64 does not handle long command-lines when reading from the response
file, which defeats the point of using a response file to handle long
command-lines. cctools-port was patched to work around this, but nixpkgs
is now using Apple’s source release directly instead of the port.

Since it’s preferable not to patch Apple’s release heavily (to reduce
the difficulty of updating to new versions and to match upstream’s
behavior), use the approach that was adopted in cc-wrapper to work
around issues with response files in newer versions of clang.

Related PRs (cctools-port):
- NixOS#213831
- tpoechtrager/cctools-port#132

Related PRs (cc-wrapper):
- NixOS#245282
- NixOS#258608
@reckenrode
libtapi: 1100.0.11 -> 1500.0.12.3
ae0a7e5
@reckenrode
ld64: init at 951.9
dc0eb10
@reckenrode
cctools: 973.0.1 -> 1010.6
695b214
@reckenrode
fixDarwinDylibNames: use darwin.binutils not GNU binutils
44dceb0
@reckenrode
binutils-wrapper: drop postLinkSignHook
5a5b2a2 
When the linker signs a Mach-O binary, it sets a flag in the signature’s
code directory indicating that the signature was generated by a linker.
Tools such as `strip` and `install_name_tool` read this flag and will
update ad hoc signatures after they perform their modifications.

The updated l64 supports signing binaries automatically. Both the
updated cctools and LLVM will check for the linker-signed flag and
resign binaries they modify automatically when it’s present. Given that,
use of postLinkSignHook is unnecessary and potentially harmful.

In particular, if the hook is used and an unwrapped `strip` or
`install_name_tool` is on the user’s path, they will not automatically
update an ad hoc signature. Instead, they will issue a warning and
create a binary with a broken signature.

It is more robust to let the tools handled this since the only time a
signature would not be linker-signed is when the user is manually
invoking `codesign` (or another tool such as `sigtool` or `rcodesign`),
which by nature of the invocation updates the signature to a valid  one.

Since `strip` no longer needs to be wrapped for code-signing,
binutils-wrapper now uses the GNU strip wrapper on Darwin.

Fixes NixOS#208951.
@reckenrode
libredirect: use llvmPackages unconditionally
ba44ed0 
Darwin and its bootstrap tools both use LLVM 16, which is sufficient for
arm64e support in LLVM. Thsi change removes an unnecessary LLVM 13 build
from the stdenv bootstrap.
@reckenrode
darwin.stdenv: update for updated cctools and ld64 and cleanup
444a725 
- Use postLinkSignHook and wrap `strip` and `install_name_tool` until
  the updated cctools and ld64 can be built, which handles ad hoc
  signatures automatically as long as they are linker-signed;
- Drop postLinkSignHook from binutils once it is no longer needed;
- Move the minimal Python 3 with scproxy build to stage 1;
- Combine multi-part stage 2 into a single stage;
- Always use response files now that the bootstrap tools linker is a new
  enough version to support them;
- Use superDarwin.binutils-unwrapped even in stage0 because it just
  symlinks things into place. This simplifies to bootstrap;
- Drop use of cctools-llvm because the logic was moved to
  darwin.binutils-unwrapped, and cctools-llvm is now an alias for that;
- Prevent curl and GNU binutils from being used in the bootstrap; and
- Build libunwind along with libc++ and propagate it to the final
  overlay. It will eventually become the default libunwind on Darwin.
@reckenrode
python3Packages.cffi: fix build with Darwin bootstrap clang
5ebd887 
The bootstrap clang reports its version as “boot”, which results in unwanted test failures when the `-Wnull-pointer-subtraction` workaround is disabled.
@reckenrode
python3: enable LTO on Darwin
463eb7c
@reckenrode
cocotb: enable LTO on Darwin
804649e
@reckenrode
python3Packages.levenshtein: enable LTO on Darwin
671fe0e
@reckenrode
python3Packages.rapidfuzz: enable LTO on Darwin
6492f9d
@reckenrode
rubyPackages.sassc: enable LTO on Darwin
83d8bd7
@reckenrode
tracy: enable LTO on Darwin
fd18a55
@reckenrode
rgbds: enable LTO on Darwin
dcf68d1
@reckenrode
eduke32: enable LTO on Darwin
42f0fd5
@reckenrode
stockfish: enable LTO on Darwin
bf11e07
@reckenrode
apple-source-releases: always use python3Minimal
c8b2470 
Using python3Minimal avoids infinite recursions in the stdenv bootstrap on x86_64-darwin when building Python with configd support.
@reckenrode
firebird-emu: enable LTO on Darwin
e973f8f
@reckenrode
timeloop: enable LTO on Darwin
f1eb182
@reckenrode
rvvm: enable LTO on Darwin
1370d31
@reckenrode
icoutils: fix build with newer ld64
8037716 
Since version 819.6, ld64 no longer supports static archives embedded in
static archives.
@reckenrode
git: fix Darwin SDK check
b0094f2 
The source-based SDK uses a newer version of AvailabilityMacros.h, which
defines various newer SDK availability macros. They are correctly
defined to `UNAVAILABLE_ATTRIBUTE`, but git only checks whether they
exist, which results in its misdetecting the 10.12 SDK as a 10.13 (or
newer) SDK.
@reckenrode
SDL2: fix Darwin SDK checks
f97bffb 
The source-based SDK uses a newer version of AvailabilityMacros.h, which
defines various newer SDK availability macros. They are correctly
defined to `UNAVAILABLE_ATTRIBUTE`, but git only checks whether they
exist, which results in its misdetecting the 10.12 SDK as a 10.13 (or
newer) SDK.
@reckenrode
darwin.apple_sdk.frameworks.CoreFoundation: drop hook
0b1f0f7 
As of NixOS#265102, x86_64-darwin no
longer uses the open-source CF release. Since there is no longer a need
to switch between implementations, and the hook causes problems with
cross-compilation (see NixOS#278348),
drop the hook and make both darwin.CF an alias for
darwin.apple_sdk.frameworks.CoreFoundation.
@reckenrode
darwin.apple_sdk: drop NIX_COREFOUNDATION_RPATH
fbfa755 
x86_64-darwin no longer uses the source-based CF, making this setup hook
unnecessary and harmful since it can break builds with the updated ld64.
@reckenrode
stdenv: set NIX_DONT_SET_RPATH_FOR_TARGET on Darwin
75a5d84
@reckenrode
bacula: fix build on Darwin
5a55644 
After the CoreFoundation hook was dropped, bacula requires the following
changes to build on Darwin:

* Ensure bacula links CoreFoundation. Override incorrectly failing
  `configure` tests and add gettext as a build input. Even if those
  tests pass, bacula only links CoreFoundation when it finds libintl.
* Add Kerberos framework. Required to build on x86_64-darwin.
@reckenrode
librsvg: use libobjc on both Darwin architectures
78e5e05
@reckenrode
python3Packages.docutils: 0.21.1 -> 0.21.2
2eb8664
@reckenrode
darwin.system_cmds: fix build without CoreFoundation hook
45c677c
@reckenrode
meson: fix extraframework dependencies on case-sensitive APFS
7f02648
@reckenrode
winePackages.{stable,unstable,staging}: cleanups
60c33ac 
- Make util-linux conditional in wine-staging due to `uuid.h` conflicts;
- Remove `lib.overrideDerivation`, allowing wine-staging overrides;
- Use `overrideSDK` to build with the 11.0 SDK with a 10.7 deployment
  target, matching the deployment target of the unofficial Mac packages;
- Drop all Darwin-related patches. They’re not needed with the 11.0 SDK;
- Switch to conditionally using `badPlatforms` instead of using a mix of
  `broken` and filtering Darwin from `meta.platforms`; and
- Remove unnecessary rpath references to Darwin frameworks.
@reckenrode reckenrode mentioned this pull request May 3, 2024
Draft
12 tasks
@wolfgangwalther wolfgangwalther mentioned this pull request May 5, 2024
Open
13 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@lilyinstarlight lilyinstarlight Awaiting requested review from lilyinstarlight lilyinstarlight will be requested when the pull request is marked ready for review lilyinstarlight is a code owner

@winterqt winterqt Awaiting requested review from winterqt winterqt will be requested when the pull request is marked ready for review winterqt is a code owner

@IvarWithoutBones IvarWithoutBones Awaiting requested review from IvarWithoutBones IvarWithoutBones will be requested when the pull request is marked ready for review IvarWithoutBones is a code owner

@mmahut mmahut Awaiting requested review from mmahut mmahut will be requested when the pull request is marked ready for review mmahut is a code owner

@RaghavSood RaghavSood Awaiting requested review from RaghavSood RaghavSood will be requested when the pull request is marked ready for review RaghavSood is a code owner

@Profpatsch Profpatsch Awaiting requested review from Profpatsch Profpatsch will be requested when the pull request is marked ready for review Profpatsch is a code owner

@K900 K900 Awaiting requested review from K900 K900 will be requested when the pull request is marked ready for review K900 is a code owner

@NickCao NickCao Awaiting requested review from NickCao NickCao will be requested when the pull request is marked ready for review NickCao is a code owner

@SuperSandro2000 SuperSandro2000 Awaiting requested review from SuperSandro2000 SuperSandro2000 will be requested when the pull request is marked ready for review SuperSandro2000 is a code owner

@ttuegel ttuegel Awaiting requested review from ttuegel ttuegel will be requested when the pull request is marked ready for review ttuegel is a code owner

@ajs124 ajs124 Awaiting requested review from ajs124 ajs124 will be requested when the pull request is marked ready for review ajs124 is a code owner

@lukegb lukegb Awaiting requested review from lukegb lukegb will be requested when the pull request is marked ready for review lukegb is a code owner

@mweinelt mweinelt Awaiting requested review from mweinelt mweinelt will be requested when the pull request is marked ready for review mweinelt is a code owner

@jbedo jbedo Awaiting requested review from jbedo jbedo will be requested when the pull request is marked ready for review jbedo is a code owner

@sternenseemann sternenseemann Awaiting requested review from sternenseemann sternenseemann will be requested when the pull request is marked ready for review sternenseemann is a code owner

@maralorn maralorn Awaiting requested review from maralorn maralorn will be requested when the pull request is marked ready for review maralorn is a code owner

@ncfavier ncfavier Awaiting requested review from ncfavier ncfavier will be requested when the pull request is marked ready for review ncfavier is a code owner

@Ericson2314 Ericson2314 Awaiting requested review from Ericson2314 Ericson2314 will be requested when the pull request is marked ready for review Ericson2314 is a code owner

Assignees
No one assigned
Labels
6.topic: haskell 6.topic: nodejs 6.topic: python 6.topic: qt/kde 6.topic: ruby 6.topic: stdenv Standard environment 6.topic: vim
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@reckenrode @nixos-discourse