commit feb38c094037a36770af04474003afa735138281 · pyrox.dev/nixpkgs

+33 -8

pkgs/build-support/cc-wrapper/default.nix

···

       365
       365
        
           else

     

       366
       366
        
             targetPlatform.darwinPlatform

     

       367
       367
        
         );

     

       368
       368
       +
       

     

       369
       369
       +
         # Header files that use `__FILE__` (e.g., for error reporting) lead

     

       370
       370
       +
         # to unwanted references to development packages and outputs in built

     

       371
       371
       +
         # binaries, like C++ programs depending on GCC and Boost at runtime.

     

       372
       372
       +
         #

     

       373
       373
       +
         # We use `-fmacro-prefix-map` to avoid the store references in these

     

       374
       374
       +
         # situations while keeping them in compiler diagnostics and debugging

     

       375
       375
       +
         # and profiling output.

     

       376
       376
       +
         #

     

       377
       377
       +
         # Unfortunately, doing this with GCC runs into issues with compiler

     

       378
       378
       +
         # argument length limits due to <https://gcc.gnu.org/PR111527>, so we

     

       379
       379
       +
         # disable it there in favour of our existing patch.

     

       380
       380
       +
         #

     

       381
       381
       +
         # TODO: Drop `mangle-NIX_STORE-in-__FILE__.patch` from GCC and make

     

       382
       382
       +
         # this unconditional once the upstream bug is fixed.

     

       383
       383
       +
         useMacroPrefixMap = !isGNU;

     

       368
       384
        
       in

     

       369
       385
        
       

     

       370
       386
        
       assert includeFortifyHeaders' -> fortify-headers != null;

     
···

       457
       473
        
             substituteAll "$wrapper" "$out/bin/$dst"

     

       458
       474
        
             chmod +x "$out/bin/$dst"

     

       459
       475
        
           }

     

       476
       476
       +
       

     

       477
       477
       +
           include() {

     

       478
       478
       +
             printf -- '%s %s\n' "$1" "$2"

     

       479
       479
       +
             ${lib.optionalString useMacroPrefixMap ''

     

       480
       480
       +
               local scrubbed="$NIX_STORE/eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee-''${2#"$NIX_STORE"/*-}"

     

       481
       481
       +
               printf -- '-fmacro-prefix-map=%s=%s\n' "$2" "$scrubbed"

     

       482
       482
       +
             ''}

     

       483
       483
       +
           }

     

       460
       484
        
         ''

     

       461
       485
        
       

     

       462
       486
        
         + (

     
···

       675
       699
        
               echo "-B${libc_lib}${libc.libdir or "/lib/"}" >> $out/nix-support/libc-crt1-cflags

     

       676
       700
        
             ''

     

       677
       701
        
             + optionalString (!(cc.langD or false)) ''

     

       678
       678
       -
               echo "-${

     

       702
       702
       +
               include "-${

     

       679
       703
        
                 if isArocc then "I" else "idirafter"

     

       680
       680
       -
               } ${libc_dev}${libc.incdir or "/include"}" >> $out/nix-support/libc-cflags

     

       704
       704
       +
               }" "${libc_dev}${libc.incdir or "/include"}" >> $out/nix-support/libc-cflags

     

       681
       705
        
             ''

     

       682
       706
        
             + optionalString (isGNU && (!(cc.langD or false))) ''

     

       683
       707
        
               for dir in "${cc}"/lib/gcc/*/*/include-fixed; do

     

       684
       684
       -
                 echo '-idirafter' ''${dir} >> $out/nix-support/libc-cflags

     

       708
       708
       +
                 include '-idirafter' ''${dir} >> $out/nix-support/libc-cflags

     

       685
       709
        
               done

     

       686
       710
        
             ''

     

       687
       711
        
             + ''

     
···

       697
       721
        
             # like option that forces the libc headers before all -idirafter,

     

       698
       722
        
             # hence -isystem here.

     

       699
       723
        
             + optionalString includeFortifyHeaders' ''

     

       700
       700
       -
               echo "-isystem ${fortify-headers}/include" >> $out/nix-support/libc-cflags

     

       724
       724
       +
               include -isystem "${fortify-headers}/include" >> $out/nix-support/libc-cflags

     

       701
       725
        
             ''

     

       702
       726
        
           )

     

       703
       727
        
       

     
···

       720
       744
        
           # https://github.com/NixOS/nixpkgs/pull/209870#issuecomment-1500550903)

     

       721
       745
        
           + optionalString (libcxx == null && isClang && (useGccForLibs && gccForLibs.langCC or false)) ''

     

       722
       746
        
             for dir in ${gccForLibs}/include/c++/*; do

     

       723
       723
       -
               echo "-isystem $dir" >> $out/nix-support/libcxx-cxxflags

     

       747
       747
       +
               include -isystem "$dir" >> $out/nix-support/libcxx-cxxflags

     

       724
       748
        
             done

     

       725
       749
        
             for dir in ${gccForLibs}/include/c++/*/${targetPlatform.config}; do

     

       726
       726
       -
               echo "-isystem $dir" >> $out/nix-support/libcxx-cxxflags

     

       750
       750
       +
               include -isystem "$dir" >> $out/nix-support/libcxx-cxxflags

     

       727
       751
        
             done

     

       728
       752
        
           ''

     

       729
       753
        
           + optionalString (libcxx.isLLVM or false) ''

     

       730
       730
       -
             echo "-isystem ${getDev libcxx}/include/c++/v1" >> $out/nix-support/libcxx-cxxflags

     

       754
       754
       +
             include -isystem "${getDev libcxx}/include/c++/v1" >> $out/nix-support/libcxx-cxxflags

     

       731
       755
        
             echo "-stdlib=libc++" >> $out/nix-support/libcxx-ldflags

     

       732
       756
        
           ''

     

       733
       757
        
           # GCC NG friendly libc++

     

       734
       758
        
           + optionalString (libcxx != null && libcxx.isGNU or false) ''

     

       735
       735
       -
             echo "-isystem ${getDev libcxx}/include" >> $out/nix-support/libcxx-cxxflags

     

       759
       759
       +
             include -isystem "${getDev libcxx}/include" >> $out/nix-support/libcxx-cxxflags

     

       736
       760
        
           ''

     

       737
       761
        
       

     

       738
       762
        
           ##

     
···

       951
       975
        
           inherit libc_bin libc_dev libc_lib;

     

       952
       976
        
           inherit darwinPlatformForCC;

     

       953
       977
        
           default_hardening_flags_str = builtins.toString defaultHardeningFlags;

     

       978
       978
       +
           inherit useMacroPrefixMap;

     

       954
       979
        
         }

     

       955
       980
        
         // lib.mapAttrs (_: lib.optionalString targetPlatform.isDarwin) {

     

       956
       981
        
           # These will become empty strings when not targeting Darwin.

+9

pkgs/build-support/cc-wrapper/setup-hook.sh

···

       68
       68
        
           local role_post

     

       69
       69
        
           getHostRoleEnvHook

     

       70
       70
        
       

     

       71
       71
       +
           local found=

     

       72
       72
       +
       

     

       71
       73
        
           if [ -d "$1/include" ]; then

     

       72
       74
        
               export NIX_CFLAGS_COMPILE${role_post}+=" -isystem $1/include"

     

       75
       75
       +
               found=1

     

       73
       76
        
           fi

     

       74
       77
        
       

     

       75
       78
        
           if [ -d "$1/Library/Frameworks" ]; then

     

       76
       79
        
               export NIX_CFLAGS_COMPILE${role_post}+=" -iframework $1/Library/Frameworks"

     

       80
       80
       +
               found=1

     

       81
       81
       +
           fi

     

       82
       82
       +
       

     

       83
       83
       +
           if [[ -n "@useMacroPrefixMap@" && -n ${NIX_STORE:-} && -n $found ]]; then

     

       84
       84
       +
               local scrubbed="$NIX_STORE/eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee-${1#"$NIX_STORE"/*-}"

     

       85
       85
       +
               export NIX_CFLAGS_COMPILE${role_post}+=" -fmacro-prefix-map=$1=$scrubbed"

     

       77
       86
        
           fi

     

       78
       87
        
       }

     

       79
       88

-2

pkgs/by-name/ed/edencommon/package.nix

···

       6
       6
        
       

     

       7
       7
        
         cmake,

     

       8
       8
        
         ninja,

     

       9
       9
       -
         sanitiseHeaderPathsHook,

     

       10
       9
        
       

     

       11
       10
        
         glog,

     

       12
       11
        
         gflags,

     
···

       46
       45
        
         nativeBuildInputs = [

     

       47
       46
        
           cmake

     

       48
       47
        
           ninja

     

       49
       49
       -
           sanitiseHeaderPathsHook

     

       50
       48
        
         ];

     

       51
       49
        
       

     

       52
       50
        
         buildInputs = [

-2

pkgs/by-name/fb/fbthrift/package.nix

···

       7
       7
        
       

     

       8
       8
        
         cmake,

     

       9
       9
        
         ninja,

     

       10
       10
       -
         sanitiseHeaderPathsHook,

     

       11
       10
        
       

     

       12
       11
        
         openssl,

     

       13
       12
        
         gflags,

     
···

       64
       63
        
         nativeBuildInputs = [

     

       65
       64
        
           cmake

     

       66
       65
        
           ninja

     

       67
       67
       -
           sanitiseHeaderPathsHook

     

       68
       66
        
         ];

     

       69
       67
        
       

     

       70
       68
        
         buildInputs = [

-2

pkgs/by-name/fi/fizz/package.nix

···

       6
       6
        
       

     

       7
       7
        
         cmake,

     

       8
       8
        
         ninja,

     

       9
       9
       -
         sanitiseHeaderPathsHook,

     

       10
       9
        
       

     

       11
       10
        
         openssl,

     

       12
       11
        
         glog,

     
···

       48
       47
        
         nativeBuildInputs = [

     

       49
       48
        
           cmake

     

       50
       49
        
           ninja

     

       51
       51
       -
           sanitiseHeaderPathsHook

     

       52
       50
        
         ];

     

       53
       51
        
       

     

       54
       52
        
         buildInputs = [

-2

pkgs/by-name/fo/folly/package.nix

···

       8
       8
        
         cmake,

     

       9
       9
        
         ninja,

     

       10
       10
        
         pkg-config,

     

       11
       11
       -
         sanitiseHeaderPathsHook,

     

       12
       11
        
       

     

       13
       12
        
         double-conversion,

     

       14
       13
        
         fast-float,

     
···

       59
       58
        
           cmake

     

       60
       59
        
           ninja

     

       61
       60
        
           pkg-config

     

       62
       62
       -
           sanitiseHeaderPathsHook

     

       63
       61
        
         ];

     

       64
       62
        
       

     

       65
       63
        
         # See CMake/folly-deps.cmake in the Folly source tree.

-2

pkgs/by-name/gt/gtest/package.nix

···

       4
       4
        
         fetchFromGitHub,

     

       5
       5
        
         cmake,

     

       6
       6
        
         ninja,

     

       7
       7
       -
         sanitiseHeaderPathsHook,

     

       8
       7
        
         # Enable C++17 support

     

       9
       8
        
         #     https://github.com/google/googletest/issues/3081

     

       10
       9
        
         # Projects that require a higher standard can override this package.

     
···

       48
       47
        
         nativeBuildInputs = [

     

       49
       48
        
           cmake

     

       50
       49
        
           ninja

     

       51
       51
       -
           sanitiseHeaderPathsHook

     

       52
       50
        
         ];

     

       53
       51
        
       

     

       54
       52
        
         cmakeFlags = [

-2

pkgs/by-name/mv/mvfst/package.nix

···

       6
       6
        
       

     

       7
       7
        
         cmake,

     

       8
       8
        
         ninja,

     

       9
       9
       -
         sanitiseHeaderPathsHook,

     

       10
       9
        
       

     

       11
       10
        
         folly,

     

       12
       11
        
         gflags,

     
···

       43
       42
        
         nativeBuildInputs = [

     

       44
       43
        
           cmake

     

       45
       44
        
           ninja

     

       46
       46
       -
           sanitiseHeaderPathsHook

     

       47
       45
        
         ];

     

       48
       46
        
       

     

       49
       47
        
         buildInputs = [

-18

pkgs/by-name/sa/sanitiseHeaderPathsHook/package.nix

···

       1
       1
       -
       {

     

       2
       2
       -
         lib,

     

       3
       3
       -
         makeSetupHook,

     

       4
       4
       -
         removeReferencesTo,

     

       5
       5
       -
       }:

     

       6
       6
       -
       

     

       7
       7
       -
       makeSetupHook {

     

       8
       8
       -
         name = "sanitise-header-paths-hook";

     

       9
       9
       -
       

     

       10
       10
       -
         substitutions = {

     

       11
       11
       -
           removeReferencesTo = lib.getExe removeReferencesTo;

     

       12
       12
       -
         };

     

       13
       13
       -
       

     

       14
       14
       -
         meta = {

     

       15
       15
       -
           description = "Setup hook to sanitise header file paths to avoid leaked references through `__FILE__`";

     

       16
       16
       -
           maintainers = [ lib.maintainers.emily ];

     

       17
       17
       -
         };

     

       18
       18
       -
       } ./sanitise-header-paths-hook.bash

-10

pkgs/by-name/sa/sanitiseHeaderPathsHook/sanitise-header-paths-hook.bash

···

       1
       1
       -
       sanitiseHeaderPaths() {

     

       2
       2
       -
         local header

     

       3
       3
       -
         while IFS= read -r -d '' header; do

     

       4
       4
       -
           nixLog "sanitising header path in $header"

     

       5
       5
       -
           sed -i "1i#line 1 \"$header\"" "$header"

     

       6
       6
       -
           @removeReferencesTo@ -t "${!outputInclude}" "$header"

     

       7
       7
       -
         done < <(find "${!outputInclude}/include" -type f -print0)

     

       8
       8
       -
       }

     

       9
       9
       -
       

     

       10
       10
       -
       preFixupHooks+=(sanitiseHeaderPaths)

-2

pkgs/by-name/wa/wangle/package.nix

···

       6
       6
        
       

     

       7
       7
        
         cmake,

     

       8
       8
        
         ninja,

     

       9
       9
       -
         sanitiseHeaderPathsHook,

     

       10
       9
        
       

     

       11
       10
        
         folly,

     

       12
       11
        
         fizz,

     
···

       44
       43
        
         nativeBuildInputs = [

     

       45
       44
        
           cmake

     

       46
       45
        
           ninja

     

       47
       47
       -
           sanitiseHeaderPathsHook

     

       48
       46
        
         ];

     

       49
       47
        
       

     

       50
       48
        
         buildInputs = [

-5

pkgs/development/compilers/gcc/common/dependencies.nix

···

       12
       12
        
         gmp,

     

       13
       13
        
         mpfr,

     

       14
       14
        
         libmpc,

     

       15
       15
       -
         sanitiseHeaderPathsHook,

     

       16
       15
        
         libucontext ? null,

     

       17
       16
        
         libxcrypt ? null,

     

       18
       17
        
         isSnapshot ? false,

     
···

       42
       41
        
           texinfo

     

       43
       42
        
           which

     

       44
       43
        
           gettext

     

       45
       45
       -
       

     

       46
       46
       -
           # Prevent GCC leaking into the runtime closure of C++ packages

     

       47
       47
       -
           # through headers using `__FILE__`.

     

       48
       48
       -
           sanitiseHeaderPathsHook

     

       49
       44
        
         ]

     

       50
       45
        
         ++ optionals (perl != null) [ perl ]

     

       51
       46
        
         ++ optionals (with stdenv.targetPlatform; isVc4 || isRedox || isSnapshot && flex != null) [ flex ]

-2

pkgs/development/compilers/gcc/default.nix

···

       49
       49
        
           !enablePlugin

     

       50
       50
        
           || (stdenv.targetPlatform.isAvr && stdenv.hostPlatform.isDarwin && stdenv.hostPlatform.isAarch64),

     

       51
       51
        
         nukeReferences,

     

       52
       52
       -
         sanitiseHeaderPathsHook,

     

       53
       52
        
         callPackage,

     

       54
       53
        
         majorMinorVersion,

     

       55
       54
        
         apple-sdk,

     
···

       184
       183
        
             pkgsBuildTarget

     

       185
       184
        
             profiledCompiler

     

       186
       185
        
             reproducibleBuild

     

       187
       187
       -
             sanitiseHeaderPathsHook

     

       188
       186
        
             staticCompiler

     

       189
       187
        
             stdenv

     

       190
       188
        
             targetPackages

+4

pkgs/development/compilers/gcc/patches/default.nix

···

       83
       83
        
               # Do not try looking for binaries and libraries in /lib and /usr/lib

     

       84
       84
        
               ./13/no-sys-dirs-riscv.patch

     

       85
       85
        
               # Mangle the nix store hash in __FILE__ to prevent unneeded runtime references

     

       86
       86
       +
               #

     

       87
       87
       +
               # TODO: Remove these and the `useMacroPrefixMap` conditional

     

       88
       88
       +
               # in `cc-wrapper` once <https://gcc.gnu.org/PR111527>

     

       89
       89
       +
               # is fixed.

     

       86
       90
        
               ./13/mangle-NIX_STORE-in-__FILE__.patch

     

       87
       91
        
             ];

     

       88
       92
        
             "14" = [

-8

pkgs/development/libraries/boost/generic.nix

···

       10
       10
        
         fixDarwinDylibNames,

     

       11
       11
        
         libiconv,

     

       12
       12
        
         libxcrypt,

     

       13
       13
       -
         sanitiseHeaderPathsHook,

     

       14
       13
        
         makePkgconfigItem,

     

       15
       14
        
         copyPkgconfigItems,

     

       16
       15
        
         boost-build,

     
···

       348
       347
        
           which

     

       349
       348
        
           boost-build

     

       350
       349
        
           copyPkgconfigItems

     

       351
       351
       -
           sanitiseHeaderPathsHook

     

       352
       350
        
         ]

     

       353
       351
        
         ++ lib.optional stdenv.hostPlatform.isDarwin fixDarwinDylibNames;

     

       354
       352
        
         buildInputs = [

     
···

       394
       392
        
           b2 ${b2Args} install

     

       395
       393
        
       

     

       396
       394
        
           runHook postInstall

     

       397
       397
       -
         '';

     

       398
       398
       -
       

     

       399
       399
       -
         preFixup = ''

     

       400
       400
       -
           # Strip UTF‐8 BOMs for `sanitiseHeaderPathsHook`.

     

       401
       401
       -
           cd "$dev" && find include \( -name '*.hpp' -or -name '*.h' -or -name '*.ipp' \) \

     

       402
       402
       -
             -exec sed '1s/^\xef\xbb\xbf//' -i '{}' \;

     

       403
       395
        
         '';

     

       404
       396
        
       

     

       405
       397
        
         postFixup = lib.optionalString stdenv.hostPlatform.isMinGW ''