colin/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
master
nixpkgs/pkgs/build-support/bintools-wrapper/setup-hook.sh
Robert Scott 1a5bd697ad mkDerivation, bintools-wrapper: move defaultHardeningFlags determination to bintools-wrapper 
this makes it a lot easier to create a modified stdenv with a
different set of defaultHardeningFlags and as a bonus allows us
to inject the correct defaultHardeningFlags into toolchain wrapper
scripts, reducing repetition.

while most hardening flags are arguably more of a compiler thing,
it works better to put them in bintools-wrapper because cc-wrapper
can easily refer to bintools but not vice-versa.

mkDerivation can still easily refer to either when it is constructed.

this also switches fortran-hook.sh to use the same defaults for
NIX_HARDENING_ENABLE as for C. previously NIX_HARDENING_ENABLE
defaults were apparently used to avoid passing problematic flags
to a fortran compiler, but this falls apart as soon as mkDerivation
sets its own NIX_HARDENING_ENABLE - cc.hardeningUnsupportedFlags
is a more appropriate mechanism for this as it actively filters
out flags from being used by the wrapper, so switch to using that
instead.

this is still an imperfect mechanism because it doesn't handle a
compiler which has both langFortran *and* langC very well - applying
the superset of the two's hardeningUnsupportedFlags to either
compiler's invocation. however this is nothing new - cc-wrapper
already poorly handles a langFortran+langC compiler, applying two
setup hooks that have contradictory options.
2023-12-09 16:30:45 +00:00

73 lines
2.1 KiB
Bash
Raw Permalink Blame History

# Binutils Wrapper hygiene
#
# See comments in cc-wrapper's setup hook. This works exactly the same way.
# Skip setup hook if we're neither a build-time dep, nor, temporarily, doing a
# native compile.
#
# TODO(@Ericson2314): No native exception
[[ -z ${strictDeps-} ]] || (( "$hostOffset" < 0 )) || return 0
bintoolsWrapper_addLDVars () {
# See ../setup-hooks/role.bash
local role_post
getHostRoleEnvHook
if [[ -d "$1/lib64" && ! -L "$1/lib64" ]]; then
export NIX_LDFLAGS${role_post}+=" -L$1/lib64"
fi
if [[ -d "$1/lib" ]]; then
# Don't add the /lib directory if it actually doesn't contain any libraries. For instance,
# Python and Haskell packages often only have directories like $out/lib/ghc-8.4.3/ or
# $out/lib/python3.6/, so having them in LDFLAGS just makes the linker search unnecessary
# directories and bloats the size of the environment variable space.
local -a glob=( $1/lib/lib* )
if [ "${#glob[*]}" -gt 0 ]; then
export NIX_LDFLAGS${role_post}+=" -L$1/lib"
fi
fi
}
# See ../setup-hooks/role.bash
getTargetRole
getTargetRoleWrapper
addEnvHooks "$targetOffset" bintoolsWrapper_addLDVars
# shellcheck disable=SC2157
if [ -n "@bintools_bin@" ]; then
addToSearchPath _PATH @bintools_bin@/bin
fi
# shellcheck disable=SC2157
if [ -n "@libc_bin@" ]; then
addToSearchPath _PATH @libc_bin@/bin
fi
# shellcheck disable=SC2157
if [ -n "@coreutils_bin@" ]; then
addToSearchPath _PATH @coreutils_bin@/bin
fi
# Export tool environment variables so various build systems use the right ones.
export NIX_BINTOOLS${role_post}=@out@
for cmd in \
ar as ld nm objcopy objdump readelf ranlib strip strings size windres
do
if
PATH=$_PATH type -p "@targetPrefix@${cmd}" > /dev/null
then
export "${cmd^^}${role_post}=@targetPrefix@${cmd}";
fi
done
# If unset, assume the default hardening flags.
: ${NIX_HARDENING_ENABLE="@default_hardening_flags_str@"}
export NIX_HARDENING_ENABLE
# No local scope in sourced file
unset -v role_post cmd upper_case
Reference in New Issue View Git Blame Copy Permalink