libseccomp: Disable only on RISC-V if Linux.

The isSeccomputable flag treated Linux without seccomp as just a
normal variant, when it really should be treated as a special case
incurring complexity debt to support.
This commit is contained in:
Shea Levy 2018-03-25 17:52:20 -04:00
parent cdf9a78a3e
commit 26e8d58cb5
No known key found for this signature in database
GPG Key ID: 5C0BD6957D86FE27
5 changed files with 8 additions and 9 deletions

View File

@ -41,8 +41,6 @@ rec {
isEfi = map (family: { cpu.family = family; })
[ "x86" "arm" "aarch64" ];
isSeccomputable = map (family: { kernel = kernels.linux; cpu.family = family; })
[ "x86" "arm" "aarch64" "mips" ];
};
matchAnyAttrs = patterns:

View File

@ -25,6 +25,7 @@ stdenv.mkDerivation rec {
homepage = "https://github.com/seccomp/libseccomp";
license = licenses.lgpl21;
platforms = platforms.linux;
badPlatforms = platforms.riscv;
maintainers = with maintainers; [ thoughtpolice wkennington ];
};
}

View File

@ -41,8 +41,10 @@ in stdenv.mkDerivation rec {
buildInputs =
[ linuxHeaders libcap kmod xz pam acl
/* cryptsetup */ libuuid glib libgcrypt libgpgerror libidn2
libmicrohttpd ] ++ stdenv.lib.meta.enableIfAvailable kexectools ++
[ libseccomp libffi audit lz4 bzip2 libapparmor
libmicrohttpd ] ++
stdenv.lib.meta.enableIfAvailable kexectools ++
stdenv.lib.meta.enableIfAvailable libseccomp ++
[ libffi audit lz4 bzip2 libapparmor
iptables gnu-efi
# This is actually native, but we already pull it from buildPackages
pythonLxmlEnv

View File

@ -30,7 +30,7 @@ let
buildInputs = [ curl openssl sqlite xz bzip2 ]
++ lib.optional (stdenv.isLinux || stdenv.isDarwin) libsodium
++ lib.optionals is20 [ brotli ] # Since 1.12
++ lib.optional (hostPlatform.isSeccomputable) libseccomp
++ lib.meta.enableIfAvailable libseccomp
++ lib.optional ((stdenv.isLinux || stdenv.isDarwin) && is20)
(aws-sdk-cpp.override {
apis = ["s3"];
@ -60,7 +60,7 @@ let
hostPlatform != buildPlatform && hostPlatform ? nix && hostPlatform.nix ? system
) ''--with-system=${hostPlatform.nix.system}''
# RISC-V support in progress https://github.com/seccomp/libseccomp/pull/50
++ lib.optional (!hostPlatform.isSeccomputable) "--disable-seccomp-sandboxing";
++ lib.optional (!libseccomp.meta.available) "--disable-seccomp-sandboxing";
makeFlags = "profiledir=$(out)/etc/profile.d";

View File

@ -9792,9 +9792,7 @@ with pkgs;
libgroove = callPackage ../development/libraries/libgroove { };
libseccomp = if hostPlatform.isSeccomputable
then callPackage ../development/libraries/libseccomp { }
else null;
libseccomp = callPackage ../development/libraries/libseccomp { };
libsecret = callPackage ../development/libraries/libsecret { };