This adds a warning to the top of each “boot” package that reads:
Note: this package is used for bootstrapping fetchurl, and thus cannot
use fetchpatch! All mutable patches (generated by GitHub or cgit) that
are needed here should be included directly in Nixpkgs as files.
This makes it clear to maintainer that they may need to treat this
package a little differently than others. Importantly, we can’t use
fetchpatch here due to using <nix/fetchurl.nix>. To avoid having stale
hashes, we need to include patches that are subject to changing
overtime (for instance, gitweb’s patches contain a version number at
the bottom).
The CF configure flags broke with the last update but based on
fa9c81f694 and the comment it seems like
these are not necessary anymore.
$ nix-build -A stdenv.__bootPackages.stdenv.__bootPackages.gettext
/nix/store/dii9p8717rjnbzar4kh1q3sxk77dbbkd-gettext-0.20.1
$ nix-store -qR /nix/store/dii9p8717rjnbzar4kh1q3sxk77dbbkd-gettext-0.20.1
/nix/store/2ws9cmamvr7xyvdg4d2nnd1bmr1zjrrq-bootstrap-tools
/nix/store/2yn28axagwyifnvdm8npy2f982jxr986-libiconv-osx-10.12.6
/nix/store/dii9p8717rjnbzar4kh1q3sxk77dbbkd-gettext-0.20.1
Commit 1279016787 broke building
nixpkgs.clangStdenv (stdenv-darwin) on macOS:
nix-build -A clangStdenv .
these derivations will be built:
/nix/store/b3vyrfzarzyh51n7fj9wrpw12sq3765l-stdenv-darwin.drv
building '/nix/store/b3vyrfzarzyh51n7fj9wrpw12sq3765l-stdenv-darwin.drv'...
output '/nix/store/3agkxvkbhfpimnx5imr09q4rq9pxmjda-stdenv-darwin' is not allowed to refer to the following paths:
/nix/store/jnzhx3hni0ds1wf49z8wfnxi3qdnkk6q-gnum4-1.4.18
/nix/store/smdncnz5pkl5q39k4ldk8bh84p2hmj19-bison-3.3.2
error: build of '/nix/store/b3vyrfzarzyh51n7fj9wrpw12sq3765l-stdenv-darwin.drv' failed
Remove gettext's build dependency on Bison to avoid this error, fixing
Nixpkgs on macOS.
To avoid rebuilding everything unnecessarily on Linux, only apply these
changes to macOS and keep the Bison dependency for Linux.
The hack of using `crossConfig` to enforce stricter handling of
dependencies is replaced with a dedicated `strictDeps` for that purpose.
(Experience has shown that my punning was a terrible idea that made more
difficult and embarrising to teach teach.)
Now that is is clear, a few packages now use `strictDeps`, to fix
various bugs:
- bintools-wrapper and cc-wrapper
gettext won't actually provide libintl unless we go out of
our way to tell it to do so [1][2].
We could add those flags on musl (as I initially did in [3]),
but then we have two different libintl.h files and generally
some confusion about which gettext is being used.
Instead of sorting that out, for now let's just continue on
without gettext providing libintl-- it's worked well enough so far.
Only change that needs to be made, then, is to avoid
adding -lintl on musl since there is no libintl.
[1] c739240fd2
[2] https://gitweb.gentoo.org/repo/gentoo.git/tree/dev-libs/libintl/libintl-0.19.8.1.ebuild?id=332e48712b6521697f992f923c9c985482dd1c36#n41
[3] 729302f29a
The following parameters are now available:
* hardeningDisable
To disable specific hardening flags
* hardeningEnable
To enable specific hardening flags
Only the cc-wrapper supports this right now, but these may be reused by
other wrappers, builders or setup hooks.
cc-wrapper supports the following flags:
* fortify
* stackprotector
* pie (disabled by default)
* pic
* strictoverflow
* format
* relro
* bindnow