Commit Graph

109 Commits

Author SHA1 Message Date
Artturin
e0464e4788 treewide: replace stdenv.is with stdenv.hostPlatform.is
In preparation for the deprecation of `stdenv.isX`.

These shorthands are not conducive to cross-compilation because they
hide the platforms.

Darwin might get cross-compilation for which the continued usage of `stdenv.isDarwin` will get in the way

One example of why this is bad and especially affects compiler packages
https://www.github.com/NixOS/nixpkgs/pull/343059

There are too many files to go through manually but a treewide should
get users thinking when they see a `hostPlatform.isX` in a place where it
doesn't make sense.

```
fd --type f "\.nix" | xargs sd --fixed-strings "stdenv.is" "stdenv.hostPlatform.is"
fd --type f "\.nix" | xargs sd --fixed-strings "stdenv'.is" "stdenv'.hostPlatform.is"
fd --type f "\.nix" | xargs sd --fixed-strings "clangStdenv.is" "clangStdenv.hostPlatform.is"
fd --type f "\.nix" | xargs sd --fixed-strings "gccStdenv.is" "gccStdenv.hostPlatform.is"
fd --type f "\.nix" | xargs sd --fixed-strings "stdenvNoCC.is" "stdenvNoCC.hostPlatform.is"
fd --type f "\.nix" | xargs sd --fixed-strings "inherit (stdenv) is" "inherit (stdenv.hostPlatform) is"
fd --type f "\.nix" | xargs sd --fixed-strings "buildStdenv.is" "buildStdenv.hostPlatform.is"
fd --type f "\.nix" | xargs sd --fixed-strings "effectiveStdenv.is" "effectiveStdenv.hostPlatform.is"
fd --type f "\.nix" | xargs sd --fixed-strings "originalStdenv.is" "originalStdenv.hostPlatform.is"
```
2024-09-25 00:04:37 +03:00
John Ericson
5f134ec6cf Clean up cross bootstrapping
For a long time, we've had `crossLibcStdenv`, `*Cross` libc attributes,
and `*bsdCross` pre-libc package sets. This was always bad because
having "cross" things is "not declarative": the naming doesn't reflect
what packages *need* but rather how we *provide* something. This is
ugly, and creates needless friction between cross and native building.

Now, almost all of these `*Cross` attributes are gone: just these are
kept:

- Glibc's and Musl's are kept, because those packages are widely used
  and I didn't want to risk changing the native builds of those at this
  time.

- generic `libcCross`, `theadsCross`, and friends, because these relate
  to the convolulted GCC bootstrap which still needs to be redone.

The BSD and obscure Linux or freestnanding libcs have conversely all
been made to use a new `stdenvNoLibc`, which is like the old
`crossLibcStdenv` except:

1. It usable for native and cross alike

2. It named according to what it *is* ("a standard environment without
   libc but with a C compiler"), rather than some non-compositional
   jargon ("the stdenv used for building libc when cross compiling",
   yuck).

I should have done this change long ago, but I was stymied because of
"infinite recursions". The problem was that in too many cases we are
overriding `stdenv` to *remove* things we don't need, and this risks
cyles since those more minimal stdenvs are used to build things in the
more maximal stdenvs.

The solution is to pass `stage.nix` `stdenvNoCC`, so we can override to
*build up* rather than *tear down*. For now, the full `stdenv` is also
passed, so I don't need to change the native bootstraps, but I can see
this changing as we make things more uniform and clean those up.

(adapted from commit 51f1ecaa59)
(adapted from commit 1743662e55)
2024-09-06 10:26:56 -04:00
K900
4f29b5a16b Merge remote-tracking branch 'origin/staging-next' into staging 2024-07-31 08:57:17 +03:00
Robert Scott
48bde3a189 cc-wrapper: add support for pacret hardening flag on aarch64 2024-07-28 19:27:14 +01:00
tomberek
cc7b011fe1
Merge pull request #318034 from ExpidusOS/feat/zig-cc
Add stdenv & CC support for Zig
2024-07-28 14:09:31 -04:00
Robert Scott
a30f794865 pcre: expose enableJit argument, disable shadowstack when enabled 2024-07-28 17:40:54 +01:00
Tristan Ross
9f589ea3a0
arocc: init at 0-unstable-06-01 2024-07-27 19:43:41 -07:00
Tristan Ross
2d4c9e6966
pkgs/top-level/{release,stage}.nix: add zig package set 2024-07-27 19:43:41 -07:00
Tristan Ross
2551138e30
pkgsLLVM: use target platform to fix cross 2024-07-26 10:48:35 -07:00
Robert Scott
41cae89e6b glibc: enableCETRuntimeDefault for pkgsExtraHardening 2024-07-15 20:38:15 +01:00
Robert Scott
b207b6ef74 cc-wrapper: add support for shadowstack hardening flag 2024-07-14 21:25:47 +01:00
Franz Pletz
3db93c351d cc-wrapper: add stack clash protection hardening flag
Most Linux distributions are enabling this these days and it does
protect against real world vulnerabilities as demonstrated by
CVE-2018-16864 and CVE-2018-16865.

Fix #53753.

Information on llvm version support gleaned from
6609892a2d
68e07da3e5
092507a730

Information on gcc version support a lot harder to gather,
but both 32bit and 64bit arm do appear to be supported
based on the test suite.
2024-06-07 20:23:46 +01:00
Robert Scott
dd80ca4d00 stdenv: promote zerocallusedregs to defaultHardeningFlags 2024-06-02 23:53:36 +01:00
Aleksana
cab94ab46e
Merge pull request #283460 from rodarima/fix-pkgs-static-gcc-march
pkgsStatic: Pass hostPlatform.gcc attribute
2024-05-16 21:26:10 +08:00
Rodrigo Arias Mallo
e4ee77feb0 pkgsStatic: Pass hostPlatform.gcc attribute
To build the security wrappers[1] the pkgsStatic stdenv is used, so the
binaries are static. However, the hostPlatform may have gcc attributes
that are *required* to build binaries so they can run on the host
platform. In particular, this is the case when using gcc.arch, which
ends up injecting -march=... in the gcc wrapper. Those attributes are
not contained in hostPlatform.parsed.

This change sets the same gcc attributes found in the hostPlatform for
the pkgsStatic cross system, so it can build binaries with the same gcc
flags.

[1]: nixos/modules/security/wrappers/default.nix
2024-05-16 14:08:34 +02:00
Artemis Tosini
06b05d2289 freebsd: Cleanup, get ready to support version 14
* Extend libc

  Include non-libc core libraries in the libc package. Many of these
  mirror libraries present in glibc on linux, such as libgcc, libraries
  used for iconv, and libraries used for reading kernel info (libkvm,
  libprocstat, libmemstat).

  Without this many packages outside the freebsd tree would need to be
  modified to include standard dependencies which would already be on
  the system for other packages.

* Mark FreeBSD as using LLVM

* Update default LLVM version FreeBSD

* Use patch monolith

  The patchesRoot system combined with the fact that each derivation
  will Request specific names of patches makes it very annoying to use
  other FreeBSD source trees with nixpkgs. This new system allows
  providing one Or more entire trees of patches whose contents will be
  dynamically Parsed and only the relevant patches will be applied for
  any one Derivation.

  With this commit, the following knobs are available for specifying the
  FreeBSD source:

  - overriding `freebsd.versionInfo`, for picking another official
    supported FreeBSD release.

  - overriding `freebsd.source` for specifying a specific unpatched
    FreeBSD source tree.

  - overriding `freebsd.patches`, for specifying the patches to apply.

Co-Authored-by: Audrey Dutcher <audrey@rhelmot.io>
Co-Authored-by: John Ericson <John.Ericson@Obsidian.Systems>
2024-05-11 21:52:07 -04:00
Yueh-Shun Li
e9fd4389d2 writeClosure: init, replacing writeReferencesToFile
Replace writeReferencesToFile with writeClosure.

Make writeClosure accept a list of paths instead of a path.

Re-implement with JSON-based exportReferencesGraph interface provided by
__structuredAttrs = true.

Reword the documentation.

Co-authored-by: Valentin Gagarin <valentin.gagarin@tweag.io>
Co-authored-by: Robert Hensing <roberth@users.noreply.github.com>
Co-authored-by: Someone Serge <sergei.kozlukov@aalto.fi>
2024-03-19 02:45:50 +08:00
github-actions[bot]
9819563ca9
Merge master into staging-next 2024-03-02 06:00:53 +00:00
Gabriella Gonzalez
b8698cd8d6
macOS support for NixOS tests (#282401)
Closes #193336
Closes #261694
Related to #108984

The goal here was to get the following flake to build and run on
`aarch64-darwin`:

```nix
{ inputs.nixpkgs.url = <this branch>;

  outputs = { nixpkgs, ... }: {
    checks.aarch64-darwin.default =
      nixpkgs.legacyPackages.aarch64-darwin.nixosTest {
        name = "test";

        nodes.machine = { };

        testScript = "";
      };
  };
}
```

… and after this change it does.  There's no longer a need for the
user to set `nodes.*.nixpkgs.pkgs` or
`nodes.*.virtualisation.host.pkgs` as the correct values are inferred
from the host system.
2024-03-02 06:33:14 +01:00
Robert Scott
4a91b3e798 cc-wrapper: add trivialautovarinit hardening flag support
this equates to -ftrivial-auto-var-init=pattern

clang has removed support for -ftrivial-auto-var-init=zero and
are unlikely to re-add it, so use -ftrivial-auto-var-init=pattern
on both compilers if only to make behaviour more consistent
between the two.

add to pkgsExtraHardening's defaultHardeningFlags.
2024-02-24 12:00:09 +00:00
Robert Scott
e79c133858 add pkgsExtraHardening package set
this package set can be used to trial new hardening flags or
enable those which are still known to cause some problems
2024-01-21 11:16:07 +00:00
Yueh-Shun Li
409f95731e shellcheck-minimal: init
Expose the minimal and stripped shellcheck package used by writeShellApplication.
2023-11-01 06:23:04 +08:00
Silvan Mosberger
f6467c3574 pkgs/by-name: Introduce
This introduces the `pkgs/by-name` directory as proposed by RFC 140.
Included are:
- The implementation to add packages defined in that directory to the
  top-level package scope
- Contributer documentation on how to add packages to it
- A GitHub Actions workflow to check the structure of it on all PRs
2023-09-05 16:10:50 +02:00
Uri Baghin
42b5817e6b pkgsStatic: add support for non-linux host platforms 2023-06-22 15:33:54 +10:00
Sandro
cac19e0266
trivial-builders: move into the directory named alike (#223429)
While searching for something different I wondered why there is a
trivial-builders.nix file next to the trivial-builders directory where
only tests live. Lets fix that.
2023-05-06 00:16:26 +02:00
Artturin
b1e6e553fa trivial-builders.writeShellApplication: use unwrapped shellcheck
originally done in 62e1d58a6f

but

reverted in 6d8041b053

because it contained many haskell deps
2023-03-07 21:18:48 +02:00
davidak
89bf849a27 pkgsMusl: disable for i686-linux
there are no bootstrap binaries for 32-bit musl libc
2023-02-25 12:09:57 +01:00
Artturin
ecab3edeb7 top-level: move top-level {build,host,target}Platform to aliases
deprecation was attempted in e51f736076

but had to be reverted in 2a6e4ae49a
2023-01-09 05:24:56 +02:00
Uri Baghin
d47adb096e
Merge pull request #161657 from Atemu/pkgsDarwinIntel
pkgsx86Darwin: init
2022-11-03 12:14:51 +11:00
Atemu
6a995fa92c
pkgsx86Darwin -> pkgsx86_64Darwin
The majority of Darwin maintainers was in favour of being explicit about the bitness

Co-authored-by: Uri Baghin <uri@canva.com>
2022-11-02 09:46:54 +01:00
Atemu
69d7939a62 pkgsx86Darwin: init
Many packages don't work on aarch64-darwin yet or are x86-only binary packages.

This gives aarch64-darwin users easy access to x86_64-darwin packages to run via
Rosetta 2.

"x86" was used as a short-hand instead of x86_64 because x86_64-darwin is the
only x86 Darwin package set.
2022-10-18 16:41:05 +02:00
Adam Joseph
33bc0765a5 stage.nix: revert deletion of gcc.abi="elfv2" from 82ff1f5
Commit 82ff1f5db1 in #182807 removed two lines
from stage.nix which were responsible for making sure the `gcc` for `pkgsStatic`
on powerpc64 was built with the `--with-abi=elfv2` flag.

Unfortunately this causes build failures for `pkgsCross.ppc64.pkgsStatic`, as
reported here:

  https://github.com/NixOS/nixpkgs/pull/182807#issuecomment-1247268226

This commit reverts the deletion.

Unfortunately ugly kludges like this are necessary because nixpkgs'
`lib/systems/` doesn't understand the difference between a libc and an abi.  So
we have no clean way to tell nixpkgs "musl on big-endian powerpc64 always uses
the ELFv2 ABI" -- it thinks that musl is an ABI.  Until that gets fixed there is
no better way to add the flag.
2022-09-27 22:48:52 +02:00
Minijackson
82ff1f5db1 pkgsStatic: handle ELFv1/2 ABIs 2022-08-28 21:46:44 +02:00
Robert Hensing
200175a701 config.allowAliases: Define as option
This simplifies usages and makes the default value consistent.

In a few cases, the default value was interpreted to be `false`,
but this is useless, because virtually nobody will explicitly
set `allowAliases = true;`.
2022-04-01 11:33:10 +02:00
Adam Joseph
8a1235f775 https://github.com/NixOS/nixpkgs/pull/161158#pullrequestreview-903824138 2022-03-10 20:30:17 -08:00
Adam Joseph
5b63b25d68 s/makeStaticParsedPlatform/makeMuslParsedPlatform/g 2022-03-10 20:30:17 -08:00
Adam Joseph
3cf831874e Update pkgs/top-level/stage.nix
Co-authored-by: John Ericson <git@JohnEricson.me>
2022-03-10 20:30:17 -08:00
Adam Joseph
12371a51e6 lib/systems: add mips64el definitions
MIPS has a large space of {architecture,abi,endianness}; this commit
adds all of them to lib/systems/platforms.nix so we can be done with
it.

Currently lib/systems/inspect.nix has a single "isMips" predicate,
which is a bit ambiguous now that we will have both mips32 and mips64
support, with the latter having two ABIs.  Let's add four new
predicates (isMips32, isMips64, isMips64n32, and isMips64n64) and
treat the now-ambiguous isMips as deprecated in favor of the
more-specific predicates.  These predicates are used mainly for
enabling/disabling target-specific workarounds, and it is extremely
rare that a platform-specific workaround is needed, and both mips32
and mips64 need exactly the same workaround.

The separate predicates (isMips64n32 and isMips64n64) for ABI
distinctions are, unfortunately, useful.  Boost's user-scheduled
threading (used by nix) does does not currently supports mips64n32,
which is a very desirable ABI on routers since they rarely have
more than 2**32 bytes of DRAM.
2022-03-10 20:30:16 -08:00
Bernardo Meurer
d13430a8da
pkgs/top-level/stage: format trivialBuilders import 2021-11-08 09:33:34 -08:00
Bernardo Meurer
21c299f077
writeShellApplication: get shellcheck from pkgsBuildHost 2021-11-08 09:33:34 -08:00
Ryan Burns
4246d6ce21 aliases: add pkgs.system
This is an old compat definition for stdenv.hostPlatform.system
2021-10-27 09:36:27 -07:00
Alyssa Ross
c13cf1e76f
Merge remote-tracking branch 'nixpkgs/master' into staging-next 2021-09-01 07:47:01 +00:00
Robert Hensing
eb8e943493 Fix interaction between appendOverlays and otherPackageSets
The comment

    a dirty hack that should be removed

has led me to believe that nixpkgsFun isn't the right solution,
but bypassing it is worse, because it creates a second, inner
overriding mechanism that doesn't pass its changes to the old,
outer overriding mechanism.

Before this change:

    nix-repl> ((import <nixpkgs> {}).appendOverlays([(f: s: { foobarbaz = "ok"; })])).foobarbaz
    "ok"

    nix-repl> ((import <nixpkgs> {}).appendOverlays([(f: s: { foobarbaz = "ok"; })])).pkgsCross.aarch64-multiplatform.foobarbaz
    error: attribute 'foobarbaz' missing

           at «string»:1:1:

                1| ((import <nixpkgs> {}).appendOverlays([(f: s: { foobarbaz = "ok"; })])).pkgsCross.aarch64-multiplatform.foobarbaz
                 | ^
                2|

After this change:

    nix-repl> ((import ./. {}).appendOverlays([(f: s: { foobarbaz = "ok"; })])).pkgsCross.aarch64-multiplatform.foobarbaz
    "ok"

Thanks to samueldr for discovering this problem.
2021-08-31 09:18:08 +02:00
John Ericson
3edba5edfc pkgsStatic: Finally obviate overlay! 2021-08-20 06:09:48 +00:00
John Ericson
f110a182a6 stdenv: Fix overriding + overrideAttrs
The old stdenv adapters were subtly wrong in two ways:

 - `overrideAttrs` leaked the original, unoverridden `mkDerivation`.

 - `stdenv.override` would throw away any manually-set `mkDerivation`
   from a stdenv reverting to the original.

Now, `mkDerivation` is controlled (nearly directly) via an argument, and
always correctly closes over the final ("self") stdenv. This means the
adapters can work entirely via `.override` without any manual `stdenv //
...`, and both those issues are fixed.

Note hashes are changed, because stdenvs no previously overridden like
`stdenvNoCC` and `crossLibcStdenv` now are. I had to add some
`dontDisableStatic = true` accordingly. The flip side however is that
since the overrides compose, we no longer need to override anything but
the default `stdenv` from which all the others are created.
2021-08-18 17:22:50 +00:00
Ryan Burns
565db30876 pkgsStatic: fix musleabi* adapter
Fixes pkgsCross.muslpi.nix (depends on
pkgsCross.muslpi.busybox-sandbox-shell, which depends on
pkgsCross.muslpi.pkgsStatic.stdenv)

Currently, the ABI adapter in pkgsStatic does not
recognize musleabi/musleabihf and falls back to "musl".

```
> nix eval -f . pkgsCross.muslpi.stdenv.hostPlatform.config
"armv6l-unknown-linux-musleabihf"
> nix eval -f . pkgsCross.muslpi.pkgsStatic.stdenv.hostPlatform.config
"armv6l-unknown-linux-musl"
```

This results in an invalid config passed to GCC configuration, which
fails with `Configuration armv6l-unknown-linux-musl not supported`.
2021-08-16 18:52:22 -07:00
sternenseemann
148d73fc74 pkgsLLVM.stdenv: use lld again
PR #122778 allowed the linker being chosen independently from useLLVM
which also affected pkgsLLVM where we were relying on this behavior.
For platform sets assembled from scratch useLLVM still implies
linker == "lld", however in the case of pkgsLLVM we update the current
platform via the set update operator which means that `linker` won't
be re-evaluated. Using ld.bfd with pkgsLLVM is okay to a certain extent,
but with C++ things begin to break.

We fix this by setting linker explicitly.
2021-08-03 22:39:29 +02:00
Sandro Jäckel
6708061975
top-level: fix typo 2021-06-17 11:16:37 +02:00
sternenseemann
a13b1a7086 pkgsLLVM: cross compiled package set using llvm compilers
Provide a version of nixpkgs which is built using the LLVM toolchain.
This is achieved by reusing the useLLVM attribute usable in the cross
toolchain bootstrapping which is a) perfectly acceptable and b) the only
way to bootstrap a LLVM stdenv across platforms without unreasonable
amounts of work.

This is mostly working now since we fixed some issues with
llvmPackages_7.lldClang in #119717 and compile glibc with gcc at all
times as of #119786 (since clang can't compile our glibc at the moment).
There are seemingly some issues left to be ironed out, for example the
C++ library of ncurses fails to build with a linking issue. I have
attempted to alleviate that problem with #120790, but to no avail so
far.

Nonetheless, having a working pkgsLLVM.hello is a good start.

A currently present issue is that there is no way to change the libc
since there is some issue with lldClang actually picking up on the set
libc. This will need investigation and fixing.
2021-05-10 12:45:33 +02:00
Ryan Burns
7b9c1dbd28 pkgs/top-level/stage: force elfv2 on static powerpc64-linux
The staging logic reconstructs the target platform, discarding
powerpc64's custom gcc.abi = elfv2 setup. Musl requires ELFv2 ABI so
this should be set unconditionally here.
2021-03-15 19:27:41 -07:00