core/pkgs/by-name/ni/nix/common.nix

303 lines
8.7 KiB
Nix
Raw Normal View History

2024-06-30 08:16:52 +00:00
{
lib,
fetchFromGitHub,
version,
suffix ? "",
hash ? null,
src ? fetchFromGitHub {
owner = "NixOS";
repo = "nix";
rev = version;
inherit hash;
},
patches ? [ ],
maintainers ? with lib.maintainers; [
eelco
lovesegfault
artturin
ma27
],
2024-05-02 00:46:19 +00:00
}@args:
assert (hash == null) -> (src != null);
let
atLeast24 = lib.versionAtLeast version "2.4pre";
atLeast25 = lib.versionAtLeast version "2.5pre";
atLeast27 = lib.versionAtLeast version "2.7pre";
atLeast210 = lib.versionAtLeast version "2.10pre";
atLeast213 = lib.versionAtLeast version "2.13pre";
atLeast214 = lib.versionAtLeast version "2.14pre";
atLeast219 = lib.versionAtLeast version "2.19pre";
atLeast220 = lib.versionAtLeast version "2.20pre";
atLeast221 = lib.versionAtLeast version "2.21pre";
# Major.minor versions unaffected by CVE-2024-27297
unaffectedByFodSandboxEscape = [
"2.3"
"2.16"
"2.18"
"2.19"
"2.20"
];
in
2024-06-30 08:16:52 +00:00
{
stdenv,
autoconf-archive,
autoreconfHook,
bash,
bison,
boehmgc,
boost,
brotli,
busybox-sandbox-shell,
bzip2,
callPackage,
coreutils,
curl,
docbook_xsl_ns,
docbook5,
editline,
flex,
git,
gnutar,
gtest,
gzip,
jq,
lib,
libarchive,
libcpuid,
libgit2,
libsodium,
libxml2,
libxslt,
lowdown,
man,
mdbook,
mdbook-linkcheck,
nlohmann_json,
openssl,
perl,
pkg-config,
rapidcheck,
Security,
sqlite,
util-linuxMinimal,
xz,
2024-05-02 00:46:19 +00:00
2024-06-30 08:16:52 +00:00
enableDocumentation ? !atLeast24 || stdenv.hostPlatform == stdenv.buildPlatform,
enableStatic ? stdenv.hostPlatform.isStatic,
withAWS ? !enableStatic && (stdenv.isLinux || stdenv.isDarwin),
aws-sdk-cpp,
withLibseccomp ? lib.meta.availableOn stdenv.hostPlatform libseccomp,
libseccomp,
2024-05-02 00:46:19 +00:00
2024-06-30 08:16:52 +00:00
confDir,
stateDir,
storeDir,
2024-05-02 00:46:19 +00:00
# passthru tests
2024-06-30 08:16:52 +00:00
pkgsi686Linux,
}:
let
self = stdenv.mkDerivation {
pname = "nix";
2024-05-02 00:46:19 +00:00
2024-06-30 08:16:52 +00:00
version = "${version}${suffix}";
VERSION_SUFFIX = suffix;
2024-05-02 00:46:19 +00:00
2024-06-30 08:16:52 +00:00
inherit src patches;
2024-05-02 00:46:19 +00:00
2024-06-30 08:16:52 +00:00
outputs =
[
"out"
"dev"
]
++ lib.optionals enableDocumentation [
"man"
"doc"
];
2024-05-02 00:46:19 +00:00
2024-06-30 08:16:52 +00:00
hardeningEnable = lib.optionals (!stdenv.isDarwin) [ "pie" ];
2024-05-02 00:46:19 +00:00
2024-06-30 08:16:52 +00:00
hardeningDisable = lib.optional stdenv.hostPlatform.isMusl "fortify";
2024-05-02 00:46:19 +00:00
2024-06-30 08:16:52 +00:00
nativeBuildInputs =
[
pkg-config
autoconf-archive
autoreconfHook
bison
flex
jq
]
++ lib.optionals (enableDocumentation && !atLeast24) [
libxslt
libxml2
docbook_xsl_ns
docbook5
]
++ lib.optionals (enableDocumentation && atLeast24) [
(lib.getBin lowdown)
mdbook
]
++ lib.optionals (atLeast213 && enableDocumentation) [ mdbook-linkcheck ]
++ lib.optionals stdenv.isLinux [ util-linuxMinimal ];
2024-05-02 00:46:19 +00:00
2024-06-30 08:16:52 +00:00
buildInputs =
[
boost
brotli
bzip2
curl
editline
libsodium
openssl
sqlite
xz
gtest
libarchive
lowdown
]
++ lib.optionals atLeast220 [ libgit2 ]
++ lib.optionals stdenv.isDarwin [ Security ]
++ lib.optionals (stdenv.isx86_64) [ libcpuid ]
++ lib.optionals atLeast214 [ rapidcheck ]
++ lib.optionals withLibseccomp [ libseccomp ]
++ lib.optionals withAWS [ aws-sdk-cpp ];
2024-05-02 00:46:19 +00:00
2024-06-30 08:16:52 +00:00
installCheckInputs = lib.optionals atLeast221 [ git ] ++ lib.optionals atLeast219 [ man ];
2024-05-02 00:46:19 +00:00
2024-06-30 08:16:52 +00:00
propagatedBuildInputs = [ boehmgc ] ++ lib.optionals (atLeast27) [ nlohmann_json ];
2024-05-02 00:46:19 +00:00
2024-06-30 08:16:52 +00:00
postPatch = ''
patchShebangs --build tests
2024-05-02 00:46:19 +00:00
'';
2024-06-30 08:16:52 +00:00
preConfigure =
# Copy libboost_context so we don't get all of Boost in our closure.
# https://github.com/NixOS/nixpkgs/issues/45462
lib.optionalString (!enableStatic) ''
mkdir -p $out/lib
cp -pd ${boost}/lib/{libboost_context*,libboost_thread*,libboost_system*} $out/lib
rm -f $out/lib/*.a
${lib.optionalString stdenv.isLinux ''
chmod u+w $out/lib/*.so.*
patchelf --set-rpath $out/lib:${stdenv.cc.cc.lib}/lib $out/lib/libboost_thread.so.*
''}
''
+
# On all versions before c9f51e87057652db0013289a95deffba495b35e7, which
# removes config.nix entirely and is not present in 2.3.x, we need to
# patch around an issue where the Nix configure step pulls in the build
# system's bash and other utilities when cross-compiling.
lib.optionalString (stdenv.buildPlatform != stdenv.hostPlatform && !atLeast24) ''
mkdir tmp/
substitute corepkgs/config.nix.in tmp/config.nix.in \
--subst-var-by bash ${bash}/bin/bash \
--subst-var-by coreutils ${coreutils}/bin \
--subst-var-by bzip2 ${bzip2}/bin/bzip2 \
--subst-var-by gzip ${gzip}/bin/gzip \
--subst-var-by xz ${xz}/bin/xz \
--subst-var-by tar ${gnutar}/bin/tar \
--subst-var-by tr ${coreutils}/bin/tr
mv tmp/config.nix.in corepkgs/config.nix.in
'';
configureFlags =
[
"--with-store-dir=${storeDir}"
"--localstatedir=${stateDir}"
"--sysconfdir=${confDir}"
"--enable-gc"
]
++ lib.optionals (!enableDocumentation) [ "--disable-doc-gen" ]
++ lib.optionals stdenv.isLinux [ "--with-sandbox-shell=${busybox-sandbox-shell}/bin/busybox" ]
++ lib.optionals (atLeast210 && stdenv.isLinux && stdenv.hostPlatform.isStatic) [
"--enable-embedded-sandbox-shell"
]
++ lib.optionals (
stdenv.hostPlatform != stdenv.buildPlatform
&& stdenv.hostPlatform ? nix
&& stdenv.hostPlatform.nix ? system
) [ "--with-system=${stdenv.hostPlatform.nix.system}" ]
++ lib.optionals (!withLibseccomp) [
# RISC-V support in progress https://github.com/seccomp/libseccomp/pull/50
"--disable-seccomp-sandboxing"
]
++ lib.optionals (atLeast210 && stdenv.cc.isGNU && !enableStatic) [ "--enable-lto" ];
2024-05-02 00:46:19 +00:00
2024-06-30 08:16:52 +00:00
makeFlags =
[
# gcc runs multi-threaded LTO using make and does not yet detect the new fifo:/path style
# of make jobserver. until gcc adds support for this we have to instruct make to use this
# old style or LTO builds will run their linking on only one thread, which takes forever.
"--jobserver-style=pipe"
"profiledir=$(out)/etc/profile.d"
]
++ lib.optional (stdenv.hostPlatform != stdenv.buildPlatform) "PRECOMPILE_HEADERS=0"
++ lib.optional (stdenv.hostPlatform.isDarwin) "PRECOMPILE_HEADERS=1";
2024-05-02 00:46:19 +00:00
2024-06-30 08:16:52 +00:00
installFlags = [ "sysconfdir=$(out)/etc" ];
2024-05-02 00:46:19 +00:00
2024-06-30 08:16:52 +00:00
doInstallCheck = true;
installCheckTarget = if atLeast210 then "installcheck" else null;
2024-05-02 00:46:19 +00:00
2024-06-30 08:16:52 +00:00
# socket path becomes too long otherwise
preInstallCheck =
lib.optionalString stdenv.isDarwin ''
export TMPDIR=$NIX_BUILD_TOP
''
# Prevent crashes in libcurl due to invoking Objective-C `+initialize` methods after `fork`.
# See http://sealiesoftware.com/blog/archive/2017/6/5/Objective-C_and_fork_in_macOS_1013.html.
+ lib.optionalString stdenv.isDarwin ''
export OBJC_DISABLE_INITIALIZE_FORK_SAFETY=YES
''
# See https://github.com/NixOS/nix/issues/5687
+ lib.optionalString (atLeast25 && stdenv.isDarwin) ''
echo "exit 99" > tests/gc-non-blocking.sh
'';
2024-05-02 00:46:19 +00:00
2024-06-30 08:16:52 +00:00
separateDebugInfo = stdenv.isLinux && (atLeast24 -> !enableStatic);
2024-05-02 00:46:19 +00:00
2024-06-30 08:16:52 +00:00
enableParallelBuilding = true;
2024-05-02 00:46:19 +00:00
2024-06-30 08:16:52 +00:00
passthru = {
inherit aws-sdk-cpp boehmgc;
2024-05-02 00:46:19 +00:00
2024-06-30 08:16:52 +00:00
perl-bindings = perl.pkgs.toPerlModule (
callPackage ./nix-perl.nix {
nix = self;
inherit Security;
}
);
2024-05-02 00:46:19 +00:00
2024-06-30 08:16:52 +00:00
tests = {
nixi686 =
pkgsi686Linux.nixVersions.${"nix_${lib.versions.major version}_${lib.versions.minor version}"};
};
2024-05-02 00:46:19 +00:00
};
2024-06-30 08:16:52 +00:00
# point 'nix edit' and ofborg at the file that defines the attribute,
# not this common file.
pos = builtins.unsafeGetAttrPos "version" args;
meta = with lib; {
description = "Powerful package manager that makes package management reliable and reproducible";
longDescription = ''
Nix is a powerful package manager for Linux and other Unix systems that
makes package management reliable and reproducible. It provides atomic
upgrades and rollbacks, side-by-side installation of multiple versions of
a package, multi-user package management and easy setup of build
environments.
'';
homepage = "https://nixos.org/";
license = licenses.lgpl21Plus;
inherit maintainers;
platforms = platforms.unix;
outputsToInstall = [ "out" ] ++ optional enableDocumentation "man";
mainProgram = "nix";
knownVulnerabilities = lib.optional (
!builtins.elem (lib.versions.majorMinor version) unaffectedByFodSandboxEscape && !atLeast221
) "CVE-2024-27297";
};
2024-05-02 00:46:19 +00:00
};
2024-06-30 08:16:52 +00:00
in
self