New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

WIP: treewide: Always prefix compilers #44583

Open
wants to merge 13 commits into
base: staging
from
@@ -133,7 +133,6 @@ stdenv.mkDerivation rec {
++ (with darwin.apple_sdk.frameworks; optionals stdenv.isDarwin [ Cocoa OpenGL ])
;
configurePlatforms = [ ];
configureFlags = with stdenv.lib; [
"--enable-freetype"
(if fontconfigSupport then "--enable-fontconfig" else "--disable-fontconfig")
@@ -12,7 +12,6 @@ let
sha256 = "03s1zsprz5p6gjgwwqcf7b6cvzwwid6l8k7bamx9i0f1iwkgdm0j";
};
configurePlatforms = [];
configureFlags = [
"--arch=${hostPlatform.parsed.cpu.name}"
] ++ stdenv.lib.optionals stdenv.hostPlatform.isAarch32 [
@@ -30,8 +30,10 @@ let
#
# TODO(@Ericson2314) Make unconditional, or optional but always true by
# default.
targetPrefix = stdenv.lib.optionalString (targetPlatform != hostPlatform)
(targetPlatform.config + "-");
targetPrefix = targetPlatform.config + "-";
# The prefix of the unwrapped tools.
inPrefix = bintools.targetPrefix or "";
bintoolsVersion = (builtins.parseDrvName bintools.name).version;
bintoolsName = (builtins.parseDrvName bintools.name).name;
@@ -81,12 +83,12 @@ stdenv.mkDerivation {
shell = getBin shell + shell.shellPath or "";
gnugrep_bin = if nativeTools then "" else gnugrep;
inherit targetPrefix infixSalt;
inherit inPrefix targetPrefix infixSalt;
outputs = [ "out" ] ++ optionals propagateDoc [ "man" "info" ];
passthru = {
inherit bintools libc nativeTools nativeLibc nativePrefix;
inherit bintools libc nativeTools nativeLibc nativePrefix targetPrefix;
emacsBufferSetup = pkgs: ''
; We should handle propagation here too
@@ -141,23 +143,17 @@ stdenv.mkDerivation {
wrap ld-solaris ${./ld-solaris-wrapper.sh}
'')
+ ''
# Create a symlink to as (the assembler).
if [ -e $ldPath/${targetPrefix}as ]; then
ln -s $ldPath/${targetPrefix}as $out/bin/${targetPrefix}as
fi
'' + (if !useMacosReexportHack then ''
wrap ${targetPrefix}ld ${./ld-wrapper.sh} ''${ld:-$ldPath/${targetPrefix}ld}
+ (if !useMacosReexportHack then ''
wrap ${targetPrefix}ld ${./ld-wrapper.sh} ''${ld:-$ldPath/${inPrefix}ld}
'' else ''
ldInner="${targetPrefix}ld-reexport-delegate"
wrap "$ldInner" ${./macos-sierra-reexport-hack.bash} ''${ld:-$ldPath/${targetPrefix}ld}
wrap "$ldInner" ${./macos-sierra-reexport-hack.bash} ''${ld:-$ldPath/${inPrefix}ld}
wrap "${targetPrefix}ld" ${./ld-wrapper.sh} "$out/bin/$ldInner"
unset ldInner
'') + ''
for variant in ld.gold ld.bfd ld.lld; do
local underlying=$ldPath/${targetPrefix}$variant
local underlying=$ldPath/${inPrefix}$variant
[[ -e "$underlying" ]] || continue
wrap ${targetPrefix}$variant ${./ld-wrapper.sh} $underlying
done
@@ -279,10 +275,10 @@ stdenv.mkDerivation {
# some linkers on some platforms don't support specific -z flags
export hardening_unsupported_flags=""
if [[ "$($ldPath/${targetPrefix}ld -z now 2>&1 || true)" =~ un(recognized|known)\ option ]]; then
if [[ "$($ldPath/${inPrefix}ld -z now 2>&1 || true)" =~ un(recognized|known)\ option ]]; then
hardening_unsupported_flags+=" bindnow"
fi
if [[ "$($ldPath/${targetPrefix}ld -z relro 2>&1 || true)" =~ un(recognized|known)\ option ]]; then
if [[ "$($ldPath/${inPrefix}ld -z relro 2>&1 || true)" =~ un(recognized|known)\ option ]]; then
hardening_unsupported_flags+=" relro"
fi
''
@@ -59,11 +59,13 @@ for cmd in \
ar as ld nm objcopy objdump readelf ranlib strip strings size windres
do
if
PATH=$_PATH type -p "@targetPrefix@${cmd}" > /dev/null
# We prefer wrapped to unwrapped. `command -v`'s error codes by dumb
# luck have the convenient semantics.
cmd_path=$(PATH=$_PATH command -v "@inPrefix@${cmd}" "@targetPrefix@${cmd}" | tail -n 1)
then
upper_case="$(echo "$cmd" | tr "[:lower:]" "[:upper:]")"
export "${role_pre}${upper_case}=@targetPrefix@${cmd}";
export "${upper_case}${role_post}=@targetPrefix@${cmd}";
export "${role_pre}${upper_case}=${cmd_path}";
export "${upper_case}${role_post}=${cmd_path}";
fi
done
@@ -72,5 +74,5 @@ done
export NIX_HARDENING_ENABLE
# No local scope in sourced file
unset -v role_pre role_post cmd upper_case
unset -v role_pre role_post cmd cmd_path upper_case
set +u
@@ -26,7 +26,7 @@ for var in "${var_templates_bool[@]}"; do
done
# `-B@out@/bin' forces cc to use ld-wrapper.sh when calling ld.
NIX_@infixSalt@_CFLAGS_COMPILE="-B@out@/bin/ $NIX_@infixSalt@_CFLAGS_COMPILE"
NIX_@infixSalt@_CFLAGS_COMPILE="-B@out@/libexec/ $NIX_@infixSalt@_CFLAGS_COMPILE"
# Export and assign separately in order that a failing $(..) will fail
# the script.
@@ -29,8 +29,10 @@ let
#
# TODO(@Ericson2314) Make unconditional, or optional but always true by
# default.
targetPrefix = stdenv.lib.optionalString (targetPlatform != hostPlatform)
(targetPlatform.config + "-");
targetPrefix = targetPlatform.config + "-";
# The prefix of the unwrapped tools.
inPrefix = cc.targetPrefix or "";
ccVersion = (builtins.parseDrvName cc.name).version;
ccName = (builtins.parseDrvName cc.name).name;
@@ -88,7 +90,7 @@ stdenv.mkDerivation {
# Binutils, and Apple's "cctools"; "bintools" as an attempt to find an
# unused middle-ground name that evokes both.
inherit bintools;
inherit libc nativeTools nativeLibc nativePrefix isGNU isClang default_cxx_stdlib_compile;
inherit libc nativeTools nativeLibc nativePrefix targetPrefix isGNU isClang default_cxx_stdlib_compile;
emacsBufferSetup = pkgs: ''
; We should handle propagation here too
@@ -132,38 +134,45 @@ stdenv.mkDerivation {
ccPath="${cc}/bin"
'')
# Additionally switch back to the old prefix so the C compiler picks it up with -B
+ ''
# Create symlinks to everything in the bintools wrapper.
for bbin in $bintools/bin/*; do
mkdir -p "$out/bin"
ln -s "$bbin" "$out/bin/$(basename $bbin)"
mkdir -p "$out/libexec"
for prog in ${bintools.bintools or "/nonexistent"}/bin/${bintools.bintools.inPrefix or ""}{as,ld}; do
prog_suffix=$(basename $prog ${optionalString (bintools.bintools.inPrefix or "" != "") "| sed 's/${bintools.bintools.inPrefix}/${inPrefix}/'"})
ln -s "$prog" "$out/libexec/$prog_suffix"
done
for prog in $bintools/bin/*; do
prog_suffix=$(basename $prog | sed 's/${targetPrefix}/${inPrefix}/')
ln -fs "$prog" "$out/libexec/$prog_suffix"
done
''
# We export environment variables pointing to the wrapped nonstandard
# cmds, lest some lousy configure script use those to guess compiler
# version.
# We export environment variables pointing to the wrapped nonstandard
# cmds, lest some lousy configure script use those to guess compiler
# version.
+ ''
export named_cc=${targetPrefix}cc
export named_cxx=${targetPrefix}c++
export default_cxx_stdlib_compile="${default_cxx_stdlib_compile}"
if [ -e $ccPath/${targetPrefix}gcc ]; then
wrap ${targetPrefix}gcc ${./cc-wrapper.sh} $ccPath/${targetPrefix}gcc
if [ -e $ccPath/${inPrefix}gcc ]; then
wrap ${targetPrefix}gcc ${./cc-wrapper.sh} $ccPath/${inPrefix}gcc
ln -s ${targetPrefix}gcc $out/bin/${targetPrefix}cc
export named_cc=${targetPrefix}gcc
export named_cxx=${targetPrefix}g++
elif [ -e $ccPath/clang ]; then
wrap ${targetPrefix}clang ${./cc-wrapper.sh} $ccPath/clang
elif [ -e $ccPath/${inPrefix}clang ]; then
wrap ${targetPrefix}clang ${./cc-wrapper.sh} $ccPath/${inPrefix}clang
ln -s ${targetPrefix}clang $out/bin/${targetPrefix}cc
export named_cc=${targetPrefix}clang
export named_cxx=${targetPrefix}clang++
fi
if [ -e $ccPath/${targetPrefix}g++ ]; then
wrap ${targetPrefix}g++ ${./cc-wrapper.sh} $ccPath/${targetPrefix}g++
if [ -e $ccPath/${inPrefix}g++ ]; then
wrap ${targetPrefix}g++ ${./cc-wrapper.sh} $ccPath/${inPrefix}g++
ln -s ${targetPrefix}g++ $out/bin/${targetPrefix}c++
elif [ -e $ccPath/clang++ ]; then
wrap ${targetPrefix}clang++ ${./cc-wrapper.sh} $ccPath/clang++
elif [ -e $ccPath/${inPrefix}clang++ ]; then
wrap ${targetPrefix}clang++ ${./cc-wrapper.sh} $ccPath/${inPrefix}clang++
ln -s ${targetPrefix}clang++ $out/bin/${targetPrefix}c++
fi
@@ -173,17 +182,17 @@ stdenv.mkDerivation {
''
+ optionalString cc.langFortran or false ''
wrap ${targetPrefix}gfortran ${./cc-wrapper.sh} $ccPath/${targetPrefix}gfortran
wrap ${targetPrefix}gfortran ${./cc-wrapper.sh} $ccPath/${inPrefix}gfortran
ln -sv ${targetPrefix}gfortran $out/bin/${targetPrefix}g77
ln -sv ${targetPrefix}gfortran $out/bin/${targetPrefix}f77
''
+ optionalString cc.langJava or false ''
wrap ${targetPrefix}gcj ${./cc-wrapper.sh} $ccPath/${targetPrefix}gcj
wrap ${targetPrefix}gcj ${./cc-wrapper.sh} $ccPath/${inPrefix}gcj
''
+ optionalString cc.langGo or false ''
wrap ${targetPrefix}gccgo ${./cc-wrapper.sh} $ccPath/${targetPrefix}gccgo
wrap ${targetPrefix}gccgo ${./cc-wrapper.sh} $ccPath/${inPrefix}gccgo
'';
strictDeps = true;
@@ -109,10 +109,10 @@ fi
export NIX_${role_pre}CC=@out@
export ${role_pre}CC=@named_cc@
export ${role_pre}CXX=@named_cxx@
export CC${role_post}=@named_cc@
export CXX${role_post}=@named_cxx@
export ${role_pre}CC=@out@/bin/@named_cc@
export ${role_pre}CXX=@out@/bin/@named_cxx@
export CC${role_post}=@out@/bin/@named_cc@
export CXX${role_post}=@out@/bin/@named_cxx@
# If unset, assume the default hardening flags.
: ${NIX_HARDENING_ENABLE="fortify stackprotector pic strictoverflow format relro bindnow"}
@@ -115,6 +115,7 @@ let version = "4.8.5";
"--enable-sjlj-exceptions"
"--enable-threads=win32"
"--disable-win32-registry"
"--disable-libmpx" # requires libc
] else if crossStageStatic then [
"--disable-libssp"
"--disable-nls"
@@ -123,8 +124,9 @@ let version = "4.8.5";
"--disable-libgomp"
"--disable-libquadmath"
"--disable-shared"
"--disable-libatomic" # libatomic requires libc
"--disable-decimal-float" # libdecnumber requires libc
"--disable-libatomic" # requires libc
"--disable-decimal-float" # requires libc
"--disable-libmpx" # requires libc
] else [
(if crossDarwin then "--with-sysroot=${getLib libcCross}/share/sysroot"
else "--with-headers=${getDev libcCross}/include")
@@ -150,8 +152,8 @@ let version = "4.8.5";
"--enable-nls"
"--disable-decimal-float" # No final libdecnumber (it may work only in 386)
]));
stageNameAddon = if crossStageStatic then "-stage-static" else "-stage-final";
crossNameAddon = if targetPlatform != hostPlatform then "${targetPlatform.config}${stageNameAddon}-" else "";
stageNameAddon = if crossStageStatic then "stage-static" else "stage-final";
crossNameAddon = stdenv.lib.optionalString (targetPlatform != hostPlatform) "${stageNameAddon}-";
bootstrap = targetPlatform == hostPlatform;
@@ -161,7 +163,7 @@ in
assert x11Support -> (filter (x: x == null) ([ gtk2 libart_lgpl ] ++ xlibs)) == [];
stdenv.mkDerivation ({
name = crossNameAddon + "${name}${if stripped then "" else "-debug"}-${version}";
name = targetPlatform.config + "-" + crossNameAddon + "${name}${if stripped then "" else "-debug"}-${version}";
builder = ../builder.sh;
@@ -263,8 +265,7 @@ stdenv.mkDerivation ({
dontDisableStatic = true;
# TODO(@Ericson2314): Always pass "--target" and always prefix.
configurePlatforms = [ "build" "host" ] ++ stdenv.lib.optional (targetPlatform != hostPlatform) "target";
configurePlatforms = [ "build" "host" "target" ];
configureFlags =
# Basic dependencies
@@ -422,6 +423,9 @@ stdenv.mkDerivation ({
inherit langC langCC langObjC langObjCpp langFortran langGo version;
isGNU = true;
hardeningUnsupportedFlags = [ "stackprotector" ];
# Prefix for binaries. Customarily ends with a dash separator.
targetPrefix = targetPlatform.config + "-";
};
inherit enableParallelBuilding enableMultilib;
@@ -120,6 +120,7 @@ let version = "4.9.4";
"--enable-sjlj-exceptions"
"--enable-threads=win32"
"--disable-win32-registry"
"--disable-libmpx" # requires libc
] else if crossStageStatic then [
"--disable-libssp"
"--disable-nls"
@@ -128,8 +129,9 @@ let version = "4.9.4";
"--disable-libgomp"
"--disable-libquadmath"
"--disable-shared"
"--disable-libatomic" # libatomic requires libc
"--disable-decimal-float" # libdecnumber requires libc
"--disable-libatomic" # requires libc
"--disable-decimal-float" # requires libc
"--disable-libmpx" # requires libc
] else [
(if crossDarwin then "--with-sysroot=${getLib libcCross}/share/sysroot"
else "--with-headers=${getDev libcCross}/include")
@@ -158,8 +160,8 @@ let version = "4.9.4";
"--enable-nls"
"--disable-decimal-float" # No final libdecnumber (it may work only in 386)
]));
stageNameAddon = if crossStageStatic then "-stage-static" else "-stage-final";
crossNameAddon = if targetPlatform != hostPlatform then "${targetPlatform.config}${stageNameAddon}-" else "";
stageNameAddon = if crossStageStatic then "stage-static" else "stage-final";
crossNameAddon = lib.optionalString (targetPlatform != hostPlatform) "${stageNameAddon}-";
bootstrap = targetPlatform == hostPlatform;
@@ -169,7 +171,7 @@ in
assert x11Support -> (filter (x: x == null) ([ gtk2 libart_lgpl ] ++ xlibs)) == [];
stdenv.mkDerivation ({
name = crossNameAddon + "${name}${if stripped then "" else "-debug"}-${version}";
name = targetPlatform.config + "-" + crossNameAddon + "${name}${if stripped then "" else "-debug"}-${version}";
builder = ../builder.sh;
@@ -286,8 +288,7 @@ stdenv.mkDerivation ({
dontDisableStatic = true;
# TODO(@Ericson2314): Always pass "--target" and always prefix.
configurePlatforms = [ "build" "host" ] ++ stdenv.lib.optional (targetPlatform != hostPlatform) "target";
configurePlatforms = [ "build" "host" "target" ];
configureFlags =
# Basic dependencies
@@ -440,8 +441,12 @@ stdenv.mkDerivation ({
"-Wl,${libpthreadCross.TARGET_LDFLAGS}"
]);
passthru =
{ inherit langC langCC langObjC langObjCpp langFortran langGo version; isGNU = true; };
passthru = {
inherit langC langCC langObjC langObjCpp langFortran langGo version; isGNU = true;
# Prefix for binaries. Customarily ends with a dash separator.
targetPrefix = targetPlatform.config + "-";
};
inherit enableParallelBuilding enableMultilib;
Oops, something went wrong.
ProTip! Use n and p to navigate between commits in a pull request.