colin/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
1a5bd697ad
nixpkgs/pkgs/build-support
History
Robert Scott 1a5bd697ad mkDerivation, bintools-wrapper: move defaultHardeningFlags determination to bintools-wrapper 
this makes it a lot easier to create a modified stdenv with a
different set of defaultHardeningFlags and as a bonus allows us
to inject the correct defaultHardeningFlags into toolchain wrapper
scripts, reducing repetition.

while most hardening flags are arguably more of a compiler thing,
it works better to put them in bintools-wrapper because cc-wrapper
can easily refer to bintools but not vice-versa.

mkDerivation can still easily refer to either when it is constructed.

this also switches fortran-hook.sh to use the same defaults for
NIX_HARDENING_ENABLE as for C. previously NIX_HARDENING_ENABLE
defaults were apparently used to avoid passing problematic flags
to a fortran compiler, but this falls apart as soon as mkDerivation
sets its own NIX_HARDENING_ENABLE - cc.hardeningUnsupportedFlags
is a more appropriate mechanism for this as it actively filters
out flags from being used by the wrapper, so switch to using that
instead.

this is still an imperfect mechanism because it doesn't handle a
compiler which has both langFortran *and* langC very well - applying
the superset of the two's hardeningUnsupportedFlags to either
compiler's invocation. however this is nothing new - cc-wrapper
already poorly handles a langFortran+langC compiler, applying two
setup hooks that have contradictory options.
2023-12-09 16:30:45 +00:00
..
add-driver-runpath addDriverRunpath: init 2023-12-03 07:22:51 -08:00
add-opengl-runpath
agda agdaPackages.*: support literate Typst files 2023-10-24 20:34:05 +02:00
alternatives
appimage appimage-run: add libthai 2023-11-30 12:50:44 +01:00
binary-cache pkgs/build-support: refactor drvs using __structuredAttrs = true 2023-10-04 18:37:00 +02:00
bintools-wrapper mkDerivation, bintools-wrapper: move defaultHardeningFlags determination to bintools-wrapper 2023-12-09 16:30:45 +00:00
build-bazel-package buildBazelPackage: add support for bazel run targets 2023-08-02 16:05:55 +08:00
build-fhsenv-bubblewrap buildFHSenv: fixup /etc permissions 2023-11-12 17:02:53 -08:00
build-fhsenv-chroot buildFHSEnv: fix NIX_LDFLAGS propagation to ld wrapper 2023-08-21 07:50:37 +01:00
build-graalvm-native-image Merge pull request #269479 from jcf/remove-more-graalvm-references 2023-11-26 21:29:05 +00:00
build-setupcfg
buildenv buildenv: Limit exclusion of info/dir 2023-07-09 22:06:26 -04:00
cc-wrapper mkDerivation, bintools-wrapper: move defaultHardeningFlags determination to bintools-wrapper 2023-12-09 16:30:45 +00:00
coq
dart buildDartApplication: Generate Dart wrapper with symlinkJoin 2023-10-28 21:52:36 +11:00
deterministic-uname deterministic-uname: fix default output 2023-09-17 00:08:43 +03:00
dhall
docker nixos/dockerTools: fixup proot/fakeroot code 2023-11-19 08:30:27 +01:00
dotnet buildDotnetModule: fix rare error when evaluation of version fails 2023-12-04 20:24:09 +01:00
emacs emacs: remove backwards-compatibility aliases 2023-11-22 09:25:50 -03:00
expand-response-params expand-response-params: explain what a "response file" is 2023-10-22 08:57:24 +03:00
fake-nss
fetch9front lib: add fetchFrom9Front 2023-07-23 13:16:28 -05:00
fetchbitbucket treewide: Make some fetchers overridable 2023-04-22 22:29:23 +02:00
fetchbower
fetchbzr treewide: refactor .attrs.sh detection 2023-10-04 18:36:57 +02:00
fetchcvs treewide: refactor .attrs.sh detection 2023-10-04 18:36:57 +02:00
fetchdarcs treewide: refactor .attrs.sh detection 2023-10-04 18:36:57 +02:00
fetchdebianpatch fetchDebianPatch: Require patch names with extensions 2023-09-14 18:55:30 +00:00
fetchdocker Merge staging-next into staging 2023-10-21 00:02:49 +00:00
fetchfirefoxaddon fetchfirefoxaddon: fix passing md5 to fetchurl 2023-07-28 16:18:15 -04:00
fetchfossil fetchfossil: support SRI hashes 2023-11-22 09:47:57 +01:00
fetchgit Merge branch 'master' into staging-next 2023-11-12 19:45:20 +01:00
fetchgitea treewide: Make some fetchers overridable 2023-04-22 22:29:23 +02:00
fetchgithub treewide: use optionalString instead of 'then ""' 2023-06-24 20:19:19 +02:00
fetchgitiles treewide: Make some fetchers overridable 2023-04-22 22:29:23 +02:00
fetchgitlab fetchFromGitLab: passthru owner and repo 2023-11-27 10:10:17 +00:00
fetchgitlocal treewide: Make some fetchers overridable 2023-04-22 22:29:23 +02:00
fetchgx
fetchhg treewide: refactor .attrs.sh detection 2023-10-04 18:36:57 +02:00
fetchipfs treewide: refactor .attrs.sh detection 2023-10-04 18:36:57 +02:00
fetchmavenartifact fetchMavenArtifact: deprecate phases & use pname+version 2023-03-26 18:44:55 +02:00
fetchmtn treewide: refactor .attrs.sh detection 2023-10-04 18:36:57 +02:00
fetchnextcloudapp fetchNextcloudApp: remove backwards compat for old interface 2023-08-20 13:41:43 +02:00
fetchpatch
fetchpijul build-support: Add fetchpijul function. 2023-07-17 18:44:06 +02:00
fetchpypi
fetchrepoorcz
fetchrepoproject fetchrepoproject: fix a bug that was there since bef6bef0d2 2023-08-06 12:17:09 +00:00
fetchs3
fetchsavannah treewide: Make some fetchers overridable 2023-04-22 22:29:23 +02:00
fetchsourcehut fetchFromSourcehut: expose gitRepoUrl to consumers 2023-06-11 09:02:34 +01:00
fetchsvn treewide: refactor .attrs.sh detection 2023-10-04 18:36:57 +02:00
fetchsvnrevision
fetchsvnssh treewide: refactor .attrs.sh detection 2023-10-04 18:36:57 +02:00
fetchtorrent tests.fetchtorrent: add watched-cd license 2023-12-02 02:04:50 +01:00
fetchurl fetchurl/mirrors: add cdn.download.kde.org as default KDE mirror 2023-12-03 14:48:56 +03:00
fetchzip fetchzip: cleanup and improve metrics a bit 2023-08-08 13:25:28 +00:00
flutter buildFlutterApplication: Wrap buildDartApplication 2023-10-22 00:31:58 +11:00
go buildGoModule: deprecate vendorSha256 attribute 2023-11-14 09:37:22 +01:00
icon-conv-tools
install-shell-files
java
kernel makeModulesClosure: handle firmware glob patterns 2023-11-29 16:03:16 +01:00
libredirect libredirect: Fix segfault handling null paths 2023-08-19 00:58:43 +02:00
make-darwin-bundle writeDarwinBundle: use binary wrapper 2023-08-21 13:29:12 +10:00
make-desktopitem
make-hardcode-gsettings-patch makeHardcodeGsettingsPatch: Support applying patches 2023-11-21 08:42:47 +01:00
make-pkgconfigitem
make-startupitem make-startupitem: fix typo in comment 2023-08-16 18:03:02 +02:00
mkshell
mono-dll-fixer
nix-gitignore Merge pull request #239624 from Stunkymonkey/use-optionalString-then 2023-07-22 13:02:47 +02:00
node npmHooks.npmInstallHook: only overwrite npm cache for npm pack rather than for entire hook 2023-12-05 21:53:59 +01:00
nuke-references
ocaml ocamlPackages.buildTopkgPackage: Added 2023-09-28 12:03:20 +02:00
oci-tools
php build-support/php: add composerStrictValidation attribute 2023-10-21 11:15:51 +02:00
pkg-config-wrapper treewide: use optionalAttrs instead of 'else {}' 2023-06-25 11:01:34 -03:00
portable-service
prefer-remote-fetch prefer-remote-fetch: add more fetchers which prefer local builds 2023-11-29 10:25:20 +01:00
references-by-popularity pkgs/build-support: refactor drvs using __structuredAttrs = true 2023-10-04 18:37:00 +02:00
release build-support/release: deprecate phases 2023-11-25 21:00:17 +01:00
remove-references-to Merge pull request #162447 from thefloweringash/remove-references-to-region 2023-05-17 12:34:28 +03:00
replace-secret replace-secret: add mainProgram 2023-11-26 16:27:42 +02:00
rust rustc: use the wrapper for fastCross sysroot 2023-11-30 09:23:06 +00:00
setup-hooks separateDebugInfo: use NIX_RUSTFLAGS 2023-11-30 09:23:06 +00:00
singularity-tools apptainer, singularity: drop obsolete LOCALSTATEDIR dirs 2023-08-23 18:20:25 +08:00
snap
src-only nixos/tests: Test that Remote SSH can patch Node 2023-06-09 18:21:41 +10:00
substitute
substitute-files
testers testers.testMetaPkgConfig: fix warning 2023-09-19 16:11:42 +02:00
trivial-builders trivial-builders: add onlyBin 2023-12-02 14:47:36 +00:00
vm vmTools: update debian versions 2023-11-24 20:59:42 +04:00
wrapper-common wrapBintoolsWith: support LINK.EXE-style args in purity checks 2023-04-29 01:37:00 +00:00
writers writers/test: Refactor 2023-10-24 11:17:38 +02:00
build-maven.nix
closure-info.nix closureInfo: handle empty path set explicitly 2023-11-04 09:54:41 +01:00
make-impure-test.nix
plugins.nix
replace-dependency.nix
setup-systemd-units.nix
source-from-head-fun.nix