The CF configure flags broke with the last update but based on
fa9c81f694 and the comment it seems like
these are not necessary anymore.
$ nix-build -A stdenv.__bootPackages.stdenv.__bootPackages.gettext
/nix/store/dii9p8717rjnbzar4kh1q3sxk77dbbkd-gettext-0.20.1
$ nix-store -qR /nix/store/dii9p8717rjnbzar4kh1q3sxk77dbbkd-gettext-0.20.1
/nix/store/2ws9cmamvr7xyvdg4d2nnd1bmr1zjrrq-bootstrap-tools
/nix/store/2yn28axagwyifnvdm8npy2f982jxr986-libiconv-osx-10.12.6
/nix/store/dii9p8717rjnbzar4kh1q3sxk77dbbkd-gettext-0.20.1
Commit 1279016787 broke building
nixpkgs.clangStdenv (stdenv-darwin) on macOS:
nix-build -A clangStdenv .
these derivations will be built:
/nix/store/b3vyrfzarzyh51n7fj9wrpw12sq3765l-stdenv-darwin.drv
building '/nix/store/b3vyrfzarzyh51n7fj9wrpw12sq3765l-stdenv-darwin.drv'...
output '/nix/store/3agkxvkbhfpimnx5imr09q4rq9pxmjda-stdenv-darwin' is not allowed to refer to the following paths:
/nix/store/jnzhx3hni0ds1wf49z8wfnxi3qdnkk6q-gnum4-1.4.18
/nix/store/smdncnz5pkl5q39k4ldk8bh84p2hmj19-bison-3.3.2
error: build of '/nix/store/b3vyrfzarzyh51n7fj9wrpw12sq3765l-stdenv-darwin.drv' failed
Remove gettext's build dependency on Bison to avoid this error, fixing
Nixpkgs on macOS.
To avoid rebuilding everything unnecessarily on Linux, only apply these
changes to macOS and keep the Bison dependency for Linux.
The hack of using `crossConfig` to enforce stricter handling of
dependencies is replaced with a dedicated `strictDeps` for that purpose.
(Experience has shown that my punning was a terrible idea that made more
difficult and embarrising to teach teach.)
Now that is is clear, a few packages now use `strictDeps`, to fix
various bugs:
- bintools-wrapper and cc-wrapper
gettext won't actually provide libintl unless we go out of
our way to tell it to do so [1][2].
We could add those flags on musl (as I initially did in [3]),
but then we have two different libintl.h files and generally
some confusion about which gettext is being used.
Instead of sorting that out, for now let's just continue on
without gettext providing libintl-- it's worked well enough so far.
Only change that needs to be made, then, is to avoid
adding -lintl on musl since there is no libintl.
[1] c739240fd2
[2] https://gitweb.gentoo.org/repo/gentoo.git/tree/dev-libs/libintl/libintl-0.19.8.1.ebuild?id=332e48712b6521697f992f923c9c985482dd1c36#n41
[3] 729302f29a
The following parameters are now available:
* hardeningDisable
To disable specific hardening flags
* hardeningEnable
To enable specific hardening flags
Only the cc-wrapper supports this right now, but these may be reused by
other wrappers, builders or setup hooks.
cc-wrapper supports the following flags:
* fortify
* stackprotector
* pie (disabled by default)
* pic
* strictoverflow
* format
* relro
* bindnow
- there were many easy merge conflicts
- cc-wrapper needed nontrivial changes
Many other problems might've been created by interaction of the branches,
but stdenv and a few other packages build fine now.