colin/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
e39acf1da4
nixpkgs/pkgs/development/tools/analysis/retdec/default.nix
rina c099d6661b retdec: 3.2 -> 5.0 
- Bumps vendored dependencies and remove ones no longer needed.
- Since 3.3, compiled patterns are not shipped in the support file, obviating the postFetch strip. (avast/retdec-support#3)
- Now, patterns may be compiled at build time and an argument is provided to control this (on by default).
- As such, retdec-full is no longer needed and removed. The 60MB increase seems more preferred than duplicating the 500MB size.
- We use cmake _URL variables to insert dependencies and we are able to use nixpkgs googletest.
- Fix build with current gcc 13.
- Remove i686 from platforms, as derivation needs to specify lib64.
- Maintainers: remove timokau, add katrinafyi.
2024-02-05 20:31:16 +10:00

237 lines
7.5 KiB
Nix
Raw Blame History

{ stdenv
, fetchFromGitHub
, fetchpatch
, fetchzip
, writeText
, lib
, openssl
, cmake
, autoconf
, automake
, libtool
, pkg-config
, bison
, flex
, groff
, perl
, python3
, ncurses
, time
, upx
, gtest
, libffi
, libxml2
, zlib
, enableTests ? true
, buildDevTools ? true
, compileYaraPatterns ? true
}:
let
# all dependencies that are normally fetched during build time (the subdirectories of `deps`)
# all of these need to be fetched through nix and applied via their <NAME>_URL cmake variable
capstone = fetchFromGitHub {
owner = "capstone-engine";
repo = "capstone";
rev = "5.0-rc2";
sha256 = "sha256-nB7FcgisBa8rRDS3k31BbkYB+tdqA6Qyj9hqCnFW+ME=";
};
llvm = fetchFromGitHub {
owner = "avast-tl";
repo = "llvm";
rev = "2a1f3d8a97241c6e91710be8f84cf3cf80c03390";
sha256 = "sha256-+v1T0VI9R92ed9ViqsfYZMJtPCjPHCr4FenoYdLuFOU=";
};
yaracpp = fetchFromGitHub {
owner = "VirusTotal";
repo = "yara";
rev = "v4.2.0-rc1";
sha256 = "sha256-WcN6ClYO2d+/MdG06RHx3kN0o0WVAY876dJiG7CwJ8w=";
};
yaramod = fetchFromGitHub {
owner = "avast";
repo = "yaramod";
rev = "aa06dd408c492a8f4488774caf2ee105ccc23ab5";
sha256 = "sha256-NVDRf2U5H92EN/Ks//uxNEaeKU+sT4VL4QyyYMO+zKk=";
};
keystone = fetchFromGitHub {
# only for tests
owner = "keystone-engine";
repo = "keystone";
rev = "d7ba8e378e5284e6384fc9ecd660ed5f6532e922";
sha256 = "1yzw3v8xvxh1rysh97y0i8y9svzbglx2zbsqjhrfx18vngh0x58f";
};
retdec-support-version = "2019-03-08";
retdec-support =
{ rev = retdec-support-version; } // # for checking the version against the expected version
fetchzip {
url = "https://github.com/avast-tl/retdec-support/releases/download/${retdec-support-version}/retdec-support_${retdec-support-version}.tar.xz";
hash = "sha256-t1tx4MfLW/lwtbO5JQ1nrFBIOeMclq+0dENuXW+ahIM=";
stripRoot = false;
};
check-dep = name: dep:
''
context="$(grep ${name}_URL --after-context 1 cmake/deps.cmake)"
expected="$(echo "$context" | grep --only-matching '".*"')"
have="${dep.rev}"
echo "checking ${name} dependency matches deps.cmake...";
if ! echo "$expected" | grep -q "$have"; then
printf '%s\n' "${name} version does not match!" " nix: $have, expected: $expected"
false
fi
'';
deps = {
CAPSTONE = capstone;
LLVM = llvm;
YARA = yaracpp;
YARAMOD = yaramod;
SUPPORT_PKG = retdec-support;
} // lib.optionalAttrs enableTests {
KEYSTONE = keystone;
# nixpkgs googletest is used
# GOOGLETEST = googletest;
};
# overwrite install-share.py to copy instead of download.
# we use this so the copy happens at the right time in the build,
# otherwise, the build process cleans the directory.
install-share =
writeText
"install-share.py"
''
import os, sys, shutil, subprocess
install_path, arch_url, sha256hash_ref, version = sys.argv[1:]
support_dir = os.path.join(install_path, 'share', 'retdec', 'support')
assert os.path.isdir(arch_url), "nix install-share.py expects a path for support url"
os.makedirs(support_dir, exist_ok=True)
shutil.copytree(arch_url, support_dir, dirs_exist_ok=True)
subprocess.check_call(['chmod', '-R', 'u+w', support_dir])
'';
in
stdenv.mkDerivation (self: {
pname = "retdec";
# If you update this you will also need to adjust the versions of the updated dependencies.
# I've notified upstream about this problem here:
# https://github.com/avast-tl/retdec/issues/412
#
# The dependencies and their sources are listed in this file:
# https://github.com/avast/retdec/blob/master/cmake/deps.cmake
version = "5.0";
src = fetchFromGitHub {
owner = "avast";
repo = "retdec";
rev = "refs/tags/v${self.version}";
sha256 = "sha256-H4e+aSgdBBbG6X6DzHGiDEIASPwBVNVsfHyeBTQLAKI=";
};
patches = [
# gcc 13 compatibility: https://github.com/avast/retdec/pull/1153
(fetchpatch {
url = "https://github.com/avast/retdec/commit/dbaab2c3d17b1eae22c581e8ab6bfefadf4ef6ae.patch";
hash = "sha256-YqHYPGAGWT4x6C+CpsOSsOIZ+NPM2FBQtGQFs74OUIQ=";
})
];
nativeBuildInputs = [
cmake
autoconf
automake
libtool
pkg-config
bison
flex
groff
perl
python3
];
buildInputs = [
openssl
ncurses
libffi
libxml2
zlib
] ++ lib.optional self.doInstallCheck gtest;
cmakeFlags = [
(lib.cmakeBool "RETDEC_TESTS" self.doInstallCheck) # build tests
(lib.cmakeBool "RETDEC_DEV_TOOLS" buildDevTools) # build tools e.g. capstone2llvmir, retdectool
(lib.cmakeBool "RETDEC_COMPILE_YARA" compileYaraPatterns) # build and install compiled patterns
] ++ lib.mapAttrsToList (k: v: lib.cmakeFeature "${k}_URL" "${v}") deps;
preConfigure =
lib.concatStringsSep "\n" (lib.mapAttrsToList check-dep deps)
+
''
cp -v ${install-share} ./support/install-share.py
# the CMakeLists assume CMAKE_INSTALL_BINDIR, etc are path components but in Nix, they are absolute.
# therefore, we need to remove the unnecessary CMAKE_INSTALL_PREFIX prepend.
substituteInPlace ./CMakeLists.txt \
--replace-warn "''$"{CMAKE_INSTALL_PREFIX}/"''$"{RETDEC_INSTALL_BIN_DIR} "''$"{CMAKE_INSTALL_FULL_BINDIR} \
--replace-warn "''$"{CMAKE_INSTALL_PREFIX}/"''$"{RETDEC_INSTALL_LIB_DIR} "''$"{CMAKE_INSTALL_FULL_LIBDIR} \
# --replace "''$"{CMAKE_INSTALL_PREFIX}/"''$"{RETDEC_INSTALL_SUPPORT_DIR} "''$"{RETDEC_INSTALL_SUPPORT_DIR}
# note! Nix does not set CMAKE_INSTALL_DATADIR to an absolute path, so this replacement would be incorrect
# similarly for yaramod. here, we fix the LIBDIR to lib64. for whatever reason, only "lib64" works.
substituteInPlace deps/yaramod/CMakeLists.txt \
--replace-fail "''$"{YARAMOD_INSTALL_DIR}/"''$"{CMAKE_INSTALL_LIBDIR} "''$"{YARAMOD_INSTALL_DIR}/lib64 \
--replace-fail CMAKE_ARGS 'CMAKE_ARGS -DCMAKE_INSTALL_LIBDIR=lib64'
# yara needs write permissions in the generated source directory.
echo ${lib.escapeShellArg ''
ExternalProject_Add_Step(
yara chmod WORKING_DIRECTORY ''${YARA_DIR}
DEPENDEES download COMMAND chmod -R u+w .
)
''} >> deps/yara/CMakeLists.txt
# patch gtest to use the system package
gtest=deps/googletest/CMakeLists.txt
old="$(cat $gtest)"
(echo 'find_package(GTest REQUIRED)'; echo "$old") > $gtest
sed -i 's/ExternalProject_[^(]\+[(]/ set(IGNORED /g' $gtest
substituteInPlace $gtest \
--replace-fail '$'{GTEST_LIB} "GTest::gtest"\
--replace-fail '$'{GMOCK_LIB} "GTest::gmock"\
--replace-fail '$'{GTEST_MAIN_LIB} "GTest::gtest_main"\
--replace-fail '$'{GMOCK_MAIN_LIB} "GTest::gmock_main"
# without git history, there is no chance these tests will pass.
substituteInPlace tests/utils/version_tests.cpp \
--replace-quiet VersionTests DISABLED_VersionTests
substituteInPlace scripts/retdec-utils.py \
--replace-warn /usr/bin/time ${time} \
--replace-warn /usr/local/bin/gtime ${time}
substituteInPlace scripts/retdec-unpacker.py \
--replace-warn "'upx'" "'${upx}'"
'';
doInstallCheck = enableTests;
installCheckPhase = ''
${python3.interpreter} "$out/bin/retdec-tests-runner.py"
rm -rf $out/bin/__pycache__
'';
meta = with lib; {
description = "A retargetable machine-code decompiler based on LLVM";
homepage = "https://retdec.com";
license = licenses.mit;
maintainers = with maintainers; [ dtzWill katrinafyi ];
platforms = [ "x86_64-linux" ];
};
})
Reference in New Issue View Git Blame Copy Permalink