Commit Graph

214 Commits

Author SHA1 Message Date
Matthew Bauer
6c064e6b1f Revert "Merge pull request #28029 from cstrahan/hardening-fix"
This reverts commit 0dbc006760, reversing
changes made to cb7f774265.

Should go into staging.
2018-04-10 19:07:27 -05:00
John Ericson
0dbc006760
Merge pull request #28029 from cstrahan/hardening-fix
hardening: fix #18995
2018-04-10 19:48:02 -04:00
John Ericson
ac4d74b6d9 hardening: Reindent 2018-04-10 16:33:47 -04:00
John Ericson
21818ae592 hardening: Tiny reindent 2018-04-10 16:33:47 -04:00
John Ericson
2364c22ec9 hardening: line order, spacing, and pointless quoting for consistency 2018-04-10 16:33:47 -04:00
John Ericson
4c76d87871 hardenning: Rejigger ifs and explicit declare and unset -v 2018-04-10 16:33:47 -04:00
Charles Strahan
386e77dae9
hardening: simplify reporting of disabled flags 2018-04-10 15:27:13 -04:00
Charles Strahan
273ce83f29
hardening: make requested fixes 2018-04-10 13:04:46 -04:00
Shea Levy
c69d8bf5e6
treewide: Remove gnat support.
See discussion in 6ac7b19c97.
2018-03-08 13:56:36 -05:00
Charles Strahan
806edaa0a2
hardening: ld wrapper changes, setup-hook, etc 2018-03-06 19:21:10 -05:00
Charles Strahan
634c748050
hardening: initial cross support 2018-03-06 18:03:13 -05:00
Charles Strahan
fc46895e86
hardening: allow user supplied flags to override
Put hardening flags before user supplied flags.
2018-03-06 00:30:09 -05:00
Charles Strahan
cc7ce57f86
hardening: clarify the whitelist logic
Per @Ericson2314's suggestion [1], make it more clear that the active
hardenings are decided via whitelist; the blacklist is merely for the
debug messages.

1: 36d5ce41d4 (r133279731)
2018-03-06 00:30:09 -05:00
Charles Strahan
9920923cde
hardening: fix careless bugs
I got a substitution backwards (used '+' instead of '-').

Also, this now works under `set -u` (had to fix a couple unbound
variable references).
2018-03-06 00:30:08 -05:00
Charles Strahan
0937df463f
hardening: fix bug/typo 2018-03-06 00:30:08 -05:00
Charles Strahan
9fe17b2153
hardening: fix #18995 2018-03-06 00:30:00 -05:00
John Ericson
4a29081a94
Merge pull request #35071 from oxij/stdenv/infopages
stdenv, bash: fixing info pages and stuff
2018-02-26 18:06:11 -05:00
Jan Malakhovski
f1074211ce cc-wrapper: allow building without documentation, propagate info pages 2018-02-26 22:42:33 +00:00
Vladimír Čunát
f5ce8f86df
Revert "Merge staging at '8d490ca9934d0' into master"
This reverts commit fc23242220, reversing
changes made to 754816b84b.
We don't have many binaries yet.  Comment on the original merge commit.
2018-02-26 22:53:18 +01:00
Nikolay Amiantov
9a9c2e6579 cc-wrapper: fix bool handling for empty and zero values
Before the code would fail silently for zero values and with some output for
empties. We now currently handle both via defaulting value to zero and making
`let` return success error code when there's no syntax error.
2018-02-21 23:54:31 +03:00
Vladimír Čunát
1fcd92ce92
Merge branch 'master' into staging
A few thousand rebuilds from master, again.
Hydra: ?compare=1422362
2017-12-31 09:53:49 +01:00
John Ericson
469fd89832 stdenv-setup: Ease the transition with native builds
- All deps go on the PATH

 - CC and Bintools wrappers with their host != depender's host still get their
   setup hooks run.

 - Environment hooks get applied to all packages

This isn't so elegent, but eases the transition on a very significant
PR.
2017-12-30 22:04:23 -05:00
John Ericson
3a50395ef2 {bintools,cc}-wrapper: extraPackages should be depsTargetTargetPropagated
They are libraries used by programs built with these tools, not used by the
tools themselves.
2017-12-30 22:04:21 -05:00
John Ericson
a036473a0a {bintools,cc}-wrapper: Fix setup hook to respect the role of the cc-compiler
We now have the information to properly determine the role the
cc-wrapper dependency has, by taking advantage of `offset`. No longer
use the soon-to-be-deprecated crossConfig environment variable, the
temp hack used before this change.
2017-12-30 22:04:21 -05:00
Dmitry Kalinkin
6d9769663d
cc-wrapper: allow compilers to specify unsupported hardening modes
Fixes: 0fd7ef61b2 ('clang_34: Disable hardening bits (#28543)')
2017-12-30 12:23:25 -05:00
Orivej Desh
7c58e8dfc2 Merge branch 'master' into staging
* master: (125 commits)
  scummvm: fix eval
  tinycc: 0.9.27pre-20171016 -> 0.9.27
  Update terraform provider versions
  vscode: 1.18.1 -> 1.19.0
  linux: 4.14.6 -> 4.14.7
  scummvm: 1.9.0 -> 2.0.0
  cmst: 2017.03.18 -> 2017.09.19
  albert: 0.14.7 -> 0.14.14
  obs-studio: fix vlc plugin
  ffmpeg, ffmpeg-full: 3.4 -> 3.4.1
  uchiwa: 0.26.3 -> 1.1.0
  linux-testing: 4.15-rc3 -> 4.15-rc4
  steam: override nss, nspr, fixes #32781
  ponyc: 0.20.0 -> 0.21.0
  pythonPackages.pwntools: disable tests
  gnome3.gnome-tweak-tool: 3.26.3 → 3.26.4
  vim-rhubarb: init at 2017-06-28
  atom: depend on libsecret
  nvidia-settings: Make sure binary can find libXv.so
  backblaze-b2: 0.6.2 -> 1.1.0
  ...
2017-12-18 15:56:03 +00:00
Dylan Simon
0c62b7cd74 cc-wrapper: don't set cxx_stdlib when nativeTools is true
There are no gcc paths on nativeTools, and cc isn't set.
2017-12-17 04:23:54 +00:00
John Ericson
7ef4448c97 Merge commit '9d8f9b2e531bf95a700a949d879927fb6996ffc9' into binutils-wrapper 2017-12-13 16:08:36 -05:00
John Ericson
2bba929062 bintools-wrapper: Import separately from cc-wrapper 2017-12-13 16:08:18 -05:00
John Ericson
8e557ed2c5 bintools-wrapper: Init
Factor a bintools (i.e. binutils / cctools) wrapper out of cc-wrapper. While
only LD is wrapped, the setup hook defines environment variables on behalf of
other utilites.
2017-12-13 16:08:18 -05:00
John Ericson
4f869bccc1 cc-wrapper: Don't treat "-" alone as a flag
It means stdin, and is morally equivalent to passing a file. e.g.

  $ echo 'int main(void) { return 0; }' | gcc -x c -

will compile and link a binary.
2017-12-13 16:08:17 -05:00
John Ericson
bdd6c037c0 cc-wrapper: Use separate mangler for "bool" variables
This avoids any `NIX_FOOBAR=1 1` not triggering conditions.
2017-12-13 16:08:17 -05:00
John Ericson
fc7ed86915 cc-wrapper: Pull variable mangler into utils.sh
In preparation for splitting out bintools-wrapper
2017-12-13 16:08:13 -05:00
John Ericson
45d4b27d02 cc-wrapper: GNAT wrapper stop caring about -m32
It need not concern itself with 32-bit dynamic linking; ld-wrapper handles that now.
2017-12-11 19:12:28 -05:00
Will Dietz
115bf9d2cf cc-wrapper: don't add broken cflags to clang
On non-GNU (gcc) compilers, there is no "/lib/gcc/..."
so when this is eventually expanded this is empty
resulting in an incomplete "-idirafter " that
eats the next argument:

-idirafter -B/nix/store/wamjwwdvkmhbf4f2902nhw8jxxzv0hy3-clang-wrapper-4.0.1/bin/
2017-11-30 18:43:43 -06:00
John Ericson
43e1137397 cc-wrapper: Define new- and old-style cross env vars
For example, `BUILD_CC` and `CC_FOR_BUILD`
2017-11-28 15:57:05 -05:00
John Ericson
f4cb1e2ffc cc-wrapper: Export env vars for objdump and readelf in setup-hook
Also fix alphabetical order
2017-11-28 15:56:21 -05:00
John Ericson
994cb76850 cc-wrapper: Don't leave CMD defined after setup hook
Rename to `cmd` too, as uppercase typically means the variable is
exported.
2017-11-28 15:56:17 -05:00
John Ericson
43e00f7d18 cc-wrapper: Fix stray binPrefix -> targetPrefix
I thought my sed in e755a8a27d was
exhaustive, but it was not.
2017-11-27 03:30:15 -05:00
John Ericson
e755a8a27d treewide: Use targetPrefix instead of prefix for platform name prefixes
Certain tools, e.g. compilers, are customarily prefixed with the name of
their target platform so that multiple builds can be used at once
without clobbering each other on the PATH. I was using identifiers named
`prefix` for this purpose, but that conflicts with the standard use of
`prefix` to mean the directory where something is installed. To avoid
conflict and confusion, I renamed those to `targetPrefix`.
2017-11-27 03:15:50 -05:00
John Ericson
0101856765
Merge pull request #30549 from obsidiansystems/bintools
treewide: Introduce stdenv.cc.bintools
2017-11-08 14:20:48 -05:00
Vladimír Čunát
c8c6a1edb5
Merge #31209: cc-wrapper: Fix if dynamicLinker not found 2017-11-06 13:07:43 +01:00
Bojan Nikolic
3a63fc1258 Remove trailing line 2017-11-05 23:00:24 +00:00
Bojan Nikolic
2ed054885b Remove the unnecessary second conditional 2017-11-05 22:57:44 +00:00
John Ericson
70d91badf5 treewide: Depend on stdenv.cc.bintools instead of binutils directly
One should do this when needed executables at build time. It is more
honest and cross-friendly than refering to binutils directly.
2017-11-05 17:10:53 -05:00
Nikolay Amiantov
5f3b84e979 cc-wrapper: disable POSIX compatibility 2017-11-05 12:19:37 +02:00
Bojan Nikolic
3e9daece1d nixos/cc-wrapper: Fix bug if dynamicLinker not found
If a dynamic linker for target is not found the generated script fails
due to unbound variable error (due to "set -u"). Correct by specifying
default value with dynamicLinker:- and not generating ldflagsBefore if
no linker is found.

This problem was found when cross compiling to mingw32 targets
2017-11-03 21:36:43 +00:00
Dan Peebles
b426c85ce2 Get rid of most @rpath nonsense on Darwin
This requires some small changes in the stdenv, then working around the
weird choice LLVM made to hardcode @rpath in its install name, and then
lets us remove a ton of annoying workaround hacks in many of our Go
packages. With any luck this will mean less hackery going forward.
2017-10-08 16:13:46 -04:00
John Ericson
fdbda216b1 cc-wrapper: Clean up dynamic linking with x86 multilib
It's better layering to do everything in ld-wrapper. Also, use numeric
comparisons for `relocatable`.
2017-09-28 20:05:26 -04:00
John Ericson
d349f9a340 cc-wrapper: Use stdenvNoCC to build
cc-wrapper may wrap a cc-compiler, but it doesn't need one to build
itself. (c.f. expand-response-params is a separate derivation.) This
helps avoid cycles on the cross stuff, in addition to removing a
useless dependency edge.

I could have been super careful with overrides in the stdenv to avoid
the mass rebuild, but I don't think it's worth it.
2017-09-26 14:08:21 -04:00