nixpkgs/pkgs/development/compilers/llvm/5/llvm.nix
Anders Kaseorg 3cd8ce3bce treewide: Fix unsafe concatenation of $LD_LIBRARY_PATH
Naive concatenation of $LD_LIBRARY_PATH can result in an empty
colon-delimited segment; this tells glibc to load libraries from the
current directory, which is definitely wrong, and may be a security
vulnerability if the current directory is untrusted.  (See #67234, for
example.)  Fix this throughout the tree.

Signed-off-by: Anders Kaseorg <andersk@mit.edu>
2020-01-15 09:47:03 +01:00

178 lines
5.4 KiB
Nix

{ stdenv
, fetch
, fetchpatch
, cmake
, python3
, libffi
, libbfd
, libxml2
, ncurses
, version
, release_version
, zlib
, debugVersion ? false
, enableManpages ? false
, enableSharedLibraries ? !enableManpages
}:
let
# Used when creating a versioned symlinks of libLLVM.dylib
versionSuffixes = with stdenv.lib;
let parts = splitVersion release_version; in
imap (i: _: concatStringsSep "." (take i parts)) parts;
in
stdenv.mkDerivation ({
pname = "llvm";
inherit version;
src = fetch "llvm" "0g1bbj2n6xv4p1n6hh17vj3vpvg56wacipc81dgwga9mg2lys8nm";
unpackPhase = ''
unpackFile $src
mv llvm-${version}* llvm
sourceRoot=$PWD/llvm
'';
outputs = [ "out" "python" ]
++ stdenv.lib.optional enableSharedLibraries "lib";
nativeBuildInputs = [ cmake python3 ]
++ stdenv.lib.optional enableManpages python3.pkgs.sphinx;
buildInputs = [ libxml2 libffi ];
propagatedBuildInputs = [ ncurses zlib ];
patches = [
(fetchpatch {
url = "https://bugzilla.redhat.com/attachment.cgi?id=1389687";
name = "llvm-gcc8-type-mismatch.patch";
sha256 = "0ga2123aclq3x9w72d0rm0az12m8c1i4r1106vh701hf4cghgbch";
})
./fix-gcc9.patch
#(fetchpatch {
# name = "llvm-fix-gcc9.patch";
# url = "https://reviews.llvm.org/file/data/zs3ck5ryvc5n672fd2kw/PHID-FILE-byoqefzwmkd7qnlip4v2/file";
# sha256 = "0injj1hqgrbcbihhwp2nbal88jfykad30r54f2cdcx7gws2fcy8i";
# stripLen = 1;
#})
];
postPatch = stdenv.lib.optionalString stdenv.isDarwin ''
substituteInPlace cmake/modules/AddLLVM.cmake \
--replace 'set(_install_name_dir INSTALL_NAME_DIR "@rpath")' "set(_install_name_dir)" \
--replace 'set(_install_rpath "@loader_path/../lib" ''${extra_libdir})' ""
''
# Patch llvm-config to return correct library path based on --link-{shared,static}.
+ stdenv.lib.optionalString (enableSharedLibraries) ''
substitute '${./llvm-outputs.patch}' ./llvm-outputs.patch --subst-var lib
patch -p1 < ./llvm-outputs.patch
'' + ''
# FileSystem permissions tests fail with various special bits
substituteInPlace unittests/Support/CMakeLists.txt \
--replace "Path.cpp" ""
rm unittests/Support/Path.cpp
'' + stdenv.lib.optionalString stdenv.isAarch64 ''
patch -p0 < ${../aarch64.patch}
'' + stdenv.lib.optionalString stdenv.hostPlatform.isMusl ''
patch -p1 -i ${../TLI-musl.patch}
substituteInPlace unittests/Support/CMakeLists.txt \
--replace "add_subdirectory(DynamicLibrary)" ""
rm unittests/Support/DynamicLibrary/DynamicLibraryTest.cpp
'';
# hacky fix: created binaries need to be run before installation
preBuild = ''
mkdir -p $out/
ln -sv $PWD/lib $out
'';
cmakeFlags = with stdenv; [
"-DCMAKE_BUILD_TYPE=${if debugVersion then "Debug" else "Release"}"
"-DLLVM_INSTALL_UTILS=ON" # Needed by rustc
"-DLLVM_BUILD_TESTS=ON"
"-DLLVM_ENABLE_FFI=ON"
"-DLLVM_ENABLE_RTTI=ON"
"-DLLVM_HOST_TRIPLE=${stdenv.hostPlatform.config}"
"-DLLVM_DEFAULT_TARGET_TRIPLE=${stdenv.hostPlatform.config}"
"-DTARGET_TRIPLE=${stdenv.hostPlatform.config}"
]
++ stdenv.lib.optional enableSharedLibraries
"-DLLVM_LINK_LLVM_DYLIB=ON"
++ stdenv.lib.optionals enableManpages [
"-DLLVM_BUILD_DOCS=ON"
"-DLLVM_ENABLE_SPHINX=ON"
"-DSPHINX_OUTPUT_MAN=ON"
"-DSPHINX_OUTPUT_HTML=OFF"
"-DSPHINX_WARNINGS_AS_ERRORS=OFF"
]
++ stdenv.lib.optional (!isDarwin)
"-DLLVM_BINUTILS_INCDIR=${libbfd.dev}/include"
++ stdenv.lib.optionals (isDarwin) [
"-DLLVM_ENABLE_LIBCXX=ON"
"-DCAN_TARGET_i386=false"
];
postBuild = ''
rm -fR $out
'';
preCheck = ''
export LD_LIBRARY_PATH=$LD_LIBRARY_PATH''${LD_LIBRARY_PATH:+:}$PWD/lib
'';
postInstall = ''
mkdir -p $python/share
mv $out/share/opt-viewer $python/share/opt-viewer
''
+ stdenv.lib.optionalString enableSharedLibraries ''
moveToOutput "lib/libLLVM-*" "$lib"
moveToOutput "lib/libLLVM${stdenv.hostPlatform.extensions.sharedLibrary}" "$lib"
moveToOutput "lib/libLTO${stdenv.hostPlatform.extensions.sharedLibrary}" "$lib"
substituteInPlace "$out/lib/cmake/llvm/LLVMExports-${if debugVersion then "debug" else "release"}.cmake" \
--replace "\''${_IMPORT_PREFIX}/lib/libLLVM-" "$lib/lib/libLLVM-"
''
+ stdenv.lib.optionalString (stdenv.isDarwin && enableSharedLibraries) ''
substituteInPlace "$out/lib/cmake/llvm/LLVMExports-${if debugVersion then "debug" else "release"}.cmake" \
--replace "\''${_IMPORT_PREFIX}/lib/libLLVM.dylib" "$lib/lib/libLLVM.dylib" \
--replace "\''${_IMPORT_PREFIX}/lib/libLTO.dylib" "$lib/lib/libLTO.dylib"
${stdenv.lib.concatMapStringsSep "\n" (v: ''
ln -s $lib/lib/libLLVM.dylib $lib/lib/libLLVM-${v}.dylib
'') versionSuffixes}
'';
doCheck = stdenv.isLinux && (!stdenv.isi686);
checkTarget = "check-all";
enableParallelBuilding = true;
requiredSystemFeatures = [ "big-parallel" ];
meta = {
description = "Collection of modular and reusable compiler and toolchain technologies";
homepage = http://llvm.org/;
license = stdenv.lib.licenses.ncsa;
maintainers = with stdenv.lib.maintainers; [ lovek323 raskin dtzWill ];
platforms = stdenv.lib.platforms.all;
};
} // stdenv.lib.optionalAttrs enableManpages {
pname = "llvm-manpages";
buildPhase = ''
make docs-llvm-man
'';
propagatedBuildInputs = [];
installPhase = ''
make -C docs install
'';
outputs = [ "out" ];
doCheck = false;
meta.description = "man pages for LLVM ${version}";
})