core/pkgs/stdenv/generic/make-derivation.nix

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

758 lines
29 KiB
Nix
Raw Normal View History

2024-05-02 00:46:19 +00:00
{ lib, config }:
stdenv:
let
# Lib attributes are inherited to the lexical scope for performance reasons.
inherit (lib)
any
assertMsg
attrNames
boolToString
concatLists
concatMap
concatMapStrings
concatStringsSep
elem
elemAt
extendDerivation
filter
findFirst
getDev
head
imap1
isAttrs
isBool
isDerivation
isInt
isList
isString
mapAttrs
mapNullable
optional
optionalAttrs
optionalString
optionals
remove
splitString
subtractLists
unique
;
inherit (import ../../build-support/lib/cmake.nix { inherit lib stdenv; }) makeCMakeFlags;
inherit (import ../../build-support/lib/meson.nix { inherit lib stdenv; }) makeMesonFlags;
mkDerivation =
fnOrAttrs:
if builtins.isFunction fnOrAttrs then
makeDerivationExtensible fnOrAttrs
else
makeDerivationExtensibleConst fnOrAttrs;
checkMeta = import ./check-meta.nix {
inherit lib config;
# Nix itself uses the `system` field of a derivation to decide where
# to build it. This is a bit confusing for cross compilation.
inherit (stdenv) hostPlatform;
};
# Based off lib.makeExtensible, with modifications:
makeDerivationExtensible =
rattrs:
let
# NOTE: The following is a hint that will be printed by the Nix cli when
# encountering an infinite recursion. It must not be formatted into
# separate lines, because Nix would only show the last line of the comment.
# An infinite recursion here can be caused by having the attribute names of expression `e` in `.overrideAttrs(finalAttrs: previousAttrs: e)` depend on `finalAttrs`. Only the attribute values of `e` can depend on `finalAttrs`.
args = rattrs (args // { inherit finalPackage overrideAttrs; });
# ^^^^
overrideAttrs =
f0:
let
f =
self: super:
# Convert f0 to an overlay. Legacy is:
# overrideAttrs (super: {})
# We want to introduce self. We follow the convention of overlays:
# overrideAttrs (self: super: {})
# Which means the first parameter can be either self or super.
# This is surprising, but far better than the confusion that would
# arise from flipping an overlay's parameters in some cases.
let
x = f0 super;
in
if builtins.isFunction x then
# Can't reuse `x`, because `self` comes first.
# Looks inefficient, but `f0 super` was a cheap thunk.
f0 self super
else
x;
in
makeDerivationExtensible (
self:
let
super = rattrs self;
in
super // (if builtins.isFunction f0 || f0 ? __functor then f self super else f0)
);
finalPackage = mkDerivationSimple overrideAttrs args;
in
finalPackage;
#makeDerivationExtensibleConst = attrs: makeDerivationExtensible (_: attrs);
# but pre-evaluated for a slight improvement in performance.
makeDerivationExtensibleConst =
attrs:
mkDerivationSimple (
f0:
let
f =
self: super:
let
x = f0 super;
in
if builtins.isFunction x then f0 self super else x;
in
makeDerivationExtensible (
self: attrs // (if builtins.isFunction f0 || f0 ? __functor then f self attrs else f0)
2024-06-30 08:16:52 +00:00
)
2024-05-02 00:46:19 +00:00
) attrs;
knownHardeningFlags = [
"bindnow"
"format"
"fortify"
"fortify3"
"pic"
"pie"
"relro"
"stackprotector"
"strictoverflow"
"trivialautovarinit"
"zerocallusedregs"
];
removedOrReplacedAttrNames = [
"checkInputs"
"installCheckInputs"
"nativeCheckInputs"
"nativeInstallCheckInputs"
"__contentAddressed"
"__darwinAllowLocalNetworking"
"__impureHostDeps"
"__propagatedImpureHostDeps"
"sandboxProfile"
"propagatedSandboxProfile"
];
# Turn a derivation into its outPath without a string context attached.
# See the comment at the usage site.
unsafeDerivationToUntrackedOutpath =
drv: if isDerivation drv then builtins.unsafeDiscardStringContext drv.outPath else drv;
makeDerivationArgument =
# `makeDerivationArgument` is responsible for the `mkDerivation` arguments that
# affect the actual derivation, excluding a few behaviors that are not
# essential, and specific to `mkDerivation`: `env`, `cmakeFlags`, `mesonFlags`.
#
# See also:
#
# * https://nixos.org/nixpkgs/manual/#sec-using-stdenv
# Details on how to use this mkDerivation function
#
# * https://nixos.org/manual/nix/stable/expressions/derivations.html#derivations
# Explanation about derivations in general
{
2024-06-30 08:16:52 +00:00
2024-05-02 00:46:19 +00:00
# These types of dependencies are all exhaustively documented in
# the "Specifying Dependencies" section of the "Standard
# Environment" chapter of the Nixpkgs manual.
2024-06-30 08:16:52 +00:00
2024-05-02 00:46:19 +00:00
# TODO(@Ericson2314): Stop using legacy dep attribute names
2024-06-30 08:16:52 +00:00
2024-05-02 00:46:19 +00:00
# host offset -> target offset
depsBuildBuild ? [ ], # -1 -> -1
depsBuildBuildPropagated ? [ ], # -1 -> -1
nativeBuildInputs ? [ ], # -1 -> 0 N.B. Legacy name
propagatedNativeBuildInputs ? [ ], # -1 -> 0 N.B. Legacy name
depsBuildTarget ? [ ], # -1 -> 1
depsBuildTargetPropagated ? [ ], # -1 -> 1
2024-06-30 08:16:52 +00:00
2024-05-02 00:46:19 +00:00
depsHostHost ? [ ], # 0 -> 0
depsHostHostPropagated ? [ ], # 0 -> 0
buildInputs ? [ ], # 0 -> 1 N.B. Legacy name
propagatedBuildInputs ? [ ], # 0 -> 1 N.B. Legacy name
2024-06-30 08:16:52 +00:00
2024-05-02 00:46:19 +00:00
depsTargetTarget ? [ ], # 1 -> 1
depsTargetTargetPropagated ? [ ], # 1 -> 1
2024-06-30 08:16:52 +00:00
2024-05-02 00:46:19 +00:00
checkInputs ? [ ],
installCheckInputs ? [ ],
nativeCheckInputs ? [ ],
nativeInstallCheckInputs ? [ ],
2024-06-30 08:16:52 +00:00
2024-05-02 00:46:19 +00:00
# Configure Phase
configureFlags ? [ ],
# Target is not included by default because most programs don't care.
# Including it then would cause needless mass rebuilds.
#
# TODO(@Ericson2314): Make [ "build" "host" ] always the default / resolve #87909
configurePlatforms ?
optionals (stdenv.hostPlatform != stdenv.buildPlatform || config.configurePlatformsByDefault)
2024-06-30 08:16:52 +00:00
[
"build"
2024-05-02 00:46:19 +00:00
"host"
2024-06-30 08:16:52 +00:00
],
2024-05-02 00:46:19 +00:00
# TODO(@Ericson2314): Make unconditional / resolve #33599
# Check phase
doCheck ? config.doCheckByDefault or false,
2024-06-30 08:16:52 +00:00
2024-05-02 00:46:19 +00:00
# TODO(@Ericson2314): Make unconditional / resolve #33599
# InstallCheck phase
doInstallCheck ? config.doCheckByDefault or false,
2024-06-30 08:16:52 +00:00
2024-05-02 00:46:19 +00:00
# TODO(@Ericson2314): Make always true and remove / resolve #178468
strictDeps ?
if config.strictDepsByDefault then true else stdenv.hostPlatform != stdenv.buildPlatform,
2024-06-30 08:16:52 +00:00
2024-05-02 00:46:19 +00:00
enableParallelBuilding ? config.enableParallelBuildingByDefault,
2024-06-30 08:16:52 +00:00
2024-05-02 00:46:19 +00:00
separateDebugInfo ? false,
outputs ? [ "out" ],
__darwinAllowLocalNetworking ? false,
__impureHostDeps ? [ ],
__propagatedImpureHostDeps ? [ ],
sandboxProfile ? "",
propagatedSandboxProfile ? "",
2024-06-30 08:16:52 +00:00
2024-05-02 00:46:19 +00:00
hardeningEnable ? [ ],
hardeningDisable ? [ ],
2024-06-30 08:16:52 +00:00
2024-05-02 00:46:19 +00:00
patches ? [ ],
2024-06-30 08:16:52 +00:00
2024-05-02 00:46:19 +00:00
__contentAddressed ?
(!attrs ? outputHash) # Fixed-output drvs can't be content addressed too
&& config.contentAddressedByDefault,
2024-06-30 08:16:52 +00:00
2024-05-02 00:46:19 +00:00
# Experimental. For simple packages mostly just works,
# but for anything complex, be prepared to debug if enabling.
__structuredAttrs ? config.structuredAttrsByDefault or false,
2024-06-30 08:16:52 +00:00
...
2024-05-02 00:46:19 +00:00
}@attrs:
2024-06-30 08:16:52 +00:00
2024-05-02 00:46:19 +00:00
# Policy on acceptable hash types in nixpkgs
assert
attrs ? outputHash
-> (
let
algo = attrs.outputHashAlgo or (head (splitString "-" attrs.outputHash));
in
if algo == "md5" then throw "Rejected insecure ${algo} hash '${attrs.outputHash}'" else true
2024-06-30 08:16:52 +00:00
);
2024-05-02 00:46:19 +00:00
let
# TODO(@oxij, @Ericson2314): This is here to keep the old semantics, remove when
# no package has `doCheck = true`.
doCheck' = doCheck && stdenv.buildPlatform.canExecute stdenv.hostPlatform;
doInstallCheck' = doInstallCheck && stdenv.buildPlatform.canExecute stdenv.hostPlatform;
2024-06-30 08:16:52 +00:00
2024-05-02 00:46:19 +00:00
separateDebugInfo' = separateDebugInfo && stdenv.hostPlatform.isLinux;
outputs' = outputs ++ optional separateDebugInfo' "debug";
2024-06-30 08:16:52 +00:00
2024-05-02 00:46:19 +00:00
noNonNativeDeps =
builtins.length (
depsBuildTarget
++ depsBuildTargetPropagated
++ depsHostHost
++ depsHostHostPropagated
++ buildInputs
++ propagatedBuildInputs
++ depsTargetTarget
++ depsTargetTargetPropagated
2024-06-30 08:16:52 +00:00
) == 0;
2024-05-02 00:46:19 +00:00
dontAddHostSuffix = attrs ? outputHash && !noNonNativeDeps || !stdenv.hasCC;
2024-06-30 08:16:52 +00:00
2024-05-02 00:46:19 +00:00
hardeningDisable' =
2024-06-30 08:16:52 +00:00
if
2024-05-02 00:46:19 +00:00
any (x: x == "fortify") hardeningDisable
# disabling fortify implies fortify3 should also be disabled
2024-06-30 08:16:52 +00:00
then
2024-05-02 00:46:19 +00:00
unique (hardeningDisable ++ [ "fortify3" ])
2024-06-30 08:16:52 +00:00
else
2024-05-02 00:46:19 +00:00
hardeningDisable;
defaultHardeningFlags =
(if stdenv.hasCC then stdenv.cc else { }).defaultHardeningFlags or
# fallback safe-ish set of flags
(remove "pie" knownHardeningFlags);
enabledHardeningOptions =
if builtins.elem "all" hardeningDisable' then
2024-06-30 08:16:52 +00:00
[ ]
else
2024-05-02 00:46:19 +00:00
subtractLists hardeningDisable' (defaultHardeningFlags ++ hardeningEnable);
# hardeningDisable additionally supports "all".
erroneousHardeningFlags = subtractLists knownHardeningFlags (
hardeningEnable ++ remove "all" hardeningDisable
2024-06-30 08:16:52 +00:00
);
2024-05-02 00:46:19 +00:00
checkDependencyList = checkDependencyList' [ ];
checkDependencyList' =
positions: name: deps:
2024-06-30 08:16:52 +00:00
imap1 (
2024-05-02 00:46:19 +00:00
index: dep:
if isDerivation dep || dep == null || builtins.isString dep || builtins.isPath dep then
2024-06-30 08:16:52 +00:00
dep
2024-05-02 00:46:19 +00:00
else if isList dep then
checkDependencyList' ([ index ] ++ positions) name dep
else
throw "Dependency is not of a valid type: ${
concatMapStrings (ix: "element ${toString ix} of ") ([ index ] ++ positions)
}${name} for ${attrs.name or attrs.pname}"
) deps;
in
if builtins.length erroneousHardeningFlags != 0 then
abort (
"mkDerivation was called with unsupported hardening flags: "
+ lib.generators.toPretty { } {
inherit
erroneousHardeningFlags
hardeningDisable
hardeningEnable
knownHardeningFlags
;
}
)
else
let
doCheck = doCheck';
doInstallCheck = doInstallCheck';
buildInputs' =
buildInputs ++ optionals doCheck checkInputs ++ optionals doInstallCheck installCheckInputs;
nativeBuildInputs' =
nativeBuildInputs
++ optional separateDebugInfo' ../../build-support/setup-hooks/separate-debug-info.sh
++ optional stdenv.hostPlatform.isWindows ../../build-support/setup-hooks/win-dll-link.sh
++ optionals doCheck nativeCheckInputs
++ optionals doInstallCheck nativeInstallCheckInputs;
2024-06-30 08:16:52 +00:00
2024-05-02 00:46:19 +00:00
outputs = outputs';
2024-06-30 08:16:52 +00:00
2024-05-02 00:46:19 +00:00
dependencies = [
2024-06-30 08:16:52 +00:00
[
2024-05-02 00:46:19 +00:00
(map (drv: getDev drv.__spliced.buildBuild or drv) (
checkDependencyList "depsBuildBuild" depsBuildBuild
2024-06-30 08:16:52 +00:00
))
2024-05-02 00:46:19 +00:00
(map (drv: getDev drv.__spliced.buildHost or drv) (
checkDependencyList "nativeBuildInputs" nativeBuildInputs'
2024-06-30 08:16:52 +00:00
))
2024-05-02 00:46:19 +00:00
(map (drv: getDev drv.__spliced.buildTarget or drv) (
checkDependencyList "depsBuildTarget" depsBuildTarget
2024-06-30 08:16:52 +00:00
))
]
2024-05-02 00:46:19 +00:00
[
(map (drv: getDev drv.__spliced.hostHost or drv) (checkDependencyList "depsHostHost" depsHostHost))
(map (drv: getDev drv.__spliced.hostTarget or drv) (checkDependencyList "buildInputs" buildInputs'))
2024-06-30 08:16:52 +00:00
]
2024-05-02 00:46:19 +00:00
[
(map (drv: getDev drv.__spliced.targetTarget or drv) (
checkDependencyList "depsTargetTarget" depsTargetTarget
2024-06-30 08:16:52 +00:00
))
]
2024-05-02 00:46:19 +00:00
];
propagatedDependencies = [
2024-06-30 08:16:52 +00:00
[
2024-05-02 00:46:19 +00:00
(map (drv: getDev drv.__spliced.buildBuild or drv) (
checkDependencyList "depsBuildBuildPropagated" depsBuildBuildPropagated
))
(map (drv: getDev drv.__spliced.buildHost or drv) (
checkDependencyList "propagatedNativeBuildInputs" propagatedNativeBuildInputs
2024-06-30 08:16:52 +00:00
))
2024-05-02 00:46:19 +00:00
(map (drv: getDev drv.__spliced.buildTarget or drv) (
checkDependencyList "depsBuildTargetPropagated" depsBuildTargetPropagated
2024-06-30 08:16:52 +00:00
))
]
[
2024-05-02 00:46:19 +00:00
(map (drv: getDev drv.__spliced.hostHost or drv) (
checkDependencyList "depsHostHostPropagated" depsHostHostPropagated
2024-06-30 08:16:52 +00:00
))
2024-05-02 00:46:19 +00:00
(map (drv: getDev drv.__spliced.hostTarget or drv) (
checkDependencyList "propagatedBuildInputs" propagatedBuildInputs
2024-06-30 08:16:52 +00:00
))
]
[
2024-05-02 00:46:19 +00:00
(map (drv: getDev drv.__spliced.targetTarget or drv) (
checkDependencyList "depsTargetTargetPropagated" depsTargetTargetPropagated
2024-06-30 08:16:52 +00:00
))
]
2024-05-02 00:46:19 +00:00
];
2024-06-30 08:16:52 +00:00
2024-05-02 00:46:19 +00:00
derivationArg =
removeAttrs attrs removedOrReplacedAttrNames
// (optionalAttrs (attrs ? name || (attrs ? pname && attrs ? version)) {
2024-06-30 08:16:52 +00:00
name =
let
2024-05-02 00:46:19 +00:00
# Indicate the host platform of the derivation if cross compiling.
# Fixed-output derivations like source tarballs shouldn't get a host
# suffix. But we have some weird ones with run-time deps that are
# just used for their side-affects. Those might as well since the
# hash can't be the same. See #32986.
hostSuffix = optionalString (
stdenv.hostPlatform != stdenv.buildPlatform && !dontAddHostSuffix
) "-${stdenv.hostPlatform.config}";
2024-06-30 08:16:52 +00:00
2024-05-02 00:46:19 +00:00
# Disambiguate statically built packages. This was originally
# introduce as a means to prevent nix-env to get confused between
# nix and nixStatic. This should be also achieved by moving the
# hostSuffix before the version, so we could contemplate removing
# it again.
staticMarker = optionalString stdenv.hostPlatform.isStatic "-static";
2024-06-30 08:16:52 +00:00
in
2024-05-02 00:46:19 +00:00
lib.strings.sanitizeDerivationName (
if attrs ? name then
attrs.name + hostSuffix
2024-06-30 08:16:52 +00:00
else
2024-05-02 00:46:19 +00:00
# we cannot coerce null to a string below
assert assertMsg (
attrs ? version && attrs.version != null
) "The version attribute cannot be null.";
"${attrs.pname}${staticMarker}${hostSuffix}-${attrs.version}"
2024-06-30 08:16:52 +00:00
);
})
// {
2024-05-02 00:46:19 +00:00
builder = attrs.realBuilder or stdenv.shell;
2024-06-30 08:16:52 +00:00
args =
2024-05-02 00:46:19 +00:00
attrs.args or [
2024-06-30 08:16:52 +00:00
"-e"
2024-05-02 00:46:19 +00:00
(attrs.builder or ./default-builder.sh)
2024-06-30 08:16:52 +00:00
];
2024-05-02 00:46:19 +00:00
inherit stdenv;
2024-06-30 08:16:52 +00:00
2024-05-02 00:46:19 +00:00
# The `system` attribute of a derivation has special meaning to Nix.
# Derivations set it to choose what sort of machine could be used to
# execute the build, The build platform entirely determines this,
# indeed more finely than Nix knows or cares about. The `system`
# attribute of `buildPlatfom` matches Nix's degree of specificity.
# exactly.
inherit (stdenv.buildPlatform) system;
2024-06-30 08:16:52 +00:00
2024-05-02 00:46:19 +00:00
userHook = config.stdenv.userHook or null;
__ignoreNulls = true;
inherit __structuredAttrs strictDeps;
2024-06-30 08:16:52 +00:00
2024-05-02 00:46:19 +00:00
depsBuildBuild = elemAt (elemAt dependencies 0) 0;
nativeBuildInputs = elemAt (elemAt dependencies 0) 1;
depsBuildTarget = elemAt (elemAt dependencies 0) 2;
depsHostHost = elemAt (elemAt dependencies 1) 0;
buildInputs = elemAt (elemAt dependencies 1) 1;
depsTargetTarget = elemAt (elemAt dependencies 2) 0;
2024-06-30 08:16:52 +00:00
2024-05-02 00:46:19 +00:00
depsBuildBuildPropagated = elemAt (elemAt propagatedDependencies 0) 0;
propagatedNativeBuildInputs = elemAt (elemAt propagatedDependencies 0) 1;
depsBuildTargetPropagated = elemAt (elemAt propagatedDependencies 0) 2;
depsHostHostPropagated = elemAt (elemAt propagatedDependencies 1) 0;
propagatedBuildInputs = elemAt (elemAt propagatedDependencies 1) 1;
depsTargetTargetPropagated = elemAt (elemAt propagatedDependencies 2) 0;
2024-06-30 08:16:52 +00:00
2024-05-02 00:46:19 +00:00
# This parameter is sometimes a string, sometimes null, and sometimes a list, yuck
configureFlags =
configureFlags
++ optional (elem "build" configurePlatforms) "--build=${stdenv.buildPlatform.config}"
++ optional (elem "host" configurePlatforms) "--host=${stdenv.hostPlatform.config}"
++ optional (elem "target" configurePlatforms) "--target=${stdenv.targetPlatform.config}";
2024-06-30 08:16:52 +00:00
2024-05-02 00:46:19 +00:00
inherit patches;
2024-06-30 08:16:52 +00:00
2024-05-02 00:46:19 +00:00
inherit doCheck doInstallCheck;
2024-06-30 08:16:52 +00:00
2024-05-02 00:46:19 +00:00
inherit outputs;
2024-06-30 08:16:52 +00:00
}
2024-05-02 00:46:19 +00:00
// optionalAttrs (__contentAddressed) {
inherit __contentAddressed;
# Provide default values for outputHashMode and outputHashAlgo because
# most people won't care about these anyways
outputHashAlgo = attrs.outputHashAlgo or "sha256";
outputHashMode = attrs.outputHashMode or "recursive";
2024-06-30 08:16:52 +00:00
}
2024-05-02 00:46:19 +00:00
// optionalAttrs (enableParallelBuilding) {
inherit enableParallelBuilding;
enableParallelChecking = attrs.enableParallelChecking or true;
enableParallelInstalling = attrs.enableParallelInstalling or true;
2024-06-30 08:16:52 +00:00
}
2024-05-02 00:46:19 +00:00
// optionalAttrs (hardeningDisable != [ ] || hardeningEnable != [ ] || stdenv.hostPlatform.isMusl) {
NIX_HARDENING_ENABLE = enabledHardeningOptions;
2024-06-30 08:16:52 +00:00
}
2024-05-02 00:46:19 +00:00
// optionalAttrs (stdenv.hostPlatform.isx86_64 && stdenv.hostPlatform ? gcc.arch) {
requiredSystemFeatures = attrs.requiredSystemFeatures or [ ] ++ [
"gccarch-${stdenv.hostPlatform.gcc.arch}"
];
2024-06-30 08:16:52 +00:00
}
2024-05-02 00:46:19 +00:00
// optionalAttrs (stdenv.buildPlatform.isDarwin) (
2024-06-30 08:16:52 +00:00
let
2024-05-02 00:46:19 +00:00
computedSandboxProfile = concatMap (input: input.__propagatedSandboxProfile or [ ]) (
stdenv.extraNativeBuildInputs ++ stdenv.extraBuildInputs ++ concatLists dependencies
);
2024-06-30 08:16:52 +00:00
2024-05-02 00:46:19 +00:00
computedPropagatedSandboxProfile = concatMap (input: input.__propagatedSandboxProfile or [ ]) (
concatLists propagatedDependencies
2024-06-30 08:16:52 +00:00
);
2024-05-02 00:46:19 +00:00
computedImpureHostDeps = unique (
concatMap (input: input.__propagatedImpureHostDeps or [ ]) (
stdenv.extraNativeBuildInputs ++ stdenv.extraBuildInputs ++ concatLists dependencies
2024-06-30 08:16:52 +00:00
)
);
2024-05-02 00:46:19 +00:00
computedPropagatedImpureHostDeps = unique (
concatMap (input: input.__propagatedImpureHostDeps or [ ]) (concatLists propagatedDependencies)
2024-06-30 08:16:52 +00:00
);
2024-05-02 00:46:19 +00:00
in
2024-06-30 08:16:52 +00:00
{
2024-05-02 00:46:19 +00:00
inherit __darwinAllowLocalNetworking;
# TODO: remove `unique` once nix has a list canonicalization primitive
__sandboxProfile =
let
profiles =
[ stdenv.extraSandboxProfile ]
++ computedSandboxProfile
++ computedPropagatedSandboxProfile
2024-06-30 08:16:52 +00:00
++ [
2024-05-02 00:46:19 +00:00
propagatedSandboxProfile
sandboxProfile
2024-06-30 08:16:52 +00:00
];
2024-05-02 00:46:19 +00:00
final = concatStringsSep "\n" (filter (x: x != "") (unique profiles));
in
2024-06-30 08:16:52 +00:00
final;
2024-05-02 00:46:19 +00:00
__propagatedSandboxProfile = unique (
computedPropagatedSandboxProfile ++ [ propagatedSandboxProfile ]
2024-06-30 08:16:52 +00:00
);
2024-05-02 00:46:19 +00:00
__impureHostDeps =
computedImpureHostDeps
++ computedPropagatedImpureHostDeps
++ __propagatedImpureHostDeps
++ __impureHostDeps
++ stdenv.__extraImpureHostDeps
2024-06-30 08:16:52 +00:00
++ [
2024-05-02 00:46:19 +00:00
"/dev/zero"
"/dev/random"
"/dev/urandom"
"/bin/sh"
2024-06-30 08:16:52 +00:00
];
2024-05-02 00:46:19 +00:00
__propagatedImpureHostDeps = computedPropagatedImpureHostDeps ++ __propagatedImpureHostDeps;
2024-06-30 08:16:52 +00:00
}
)
//
2024-05-02 00:46:19 +00:00
# If we use derivations directly here, they end up as build-time dependencies.
# This is especially problematic in the case of disallowed*, since the disallowed
# derivations will be built by nix as build-time dependencies, while those
# derivations might take a very long time to build, or might not even build
# successfully on the platform used.
# We can improve on this situation by instead passing only the outPath,
# without an attached string context, to nix. The out path will be a placeholder
# which will be replaced by the actual out path if the derivation in question
# is part of the final closure (and thus needs to be built). If it is not
# part of the final closure, then the placeholder will be passed along,
# but in that case we know for a fact that the derivation is not part of the closure.
# This means that passing the out path to nix does the right thing in either
# case, both for disallowed and allowed references/requisites, and we won't
# build the derivation if it wouldn't be part of the closure, saving time and resources.
# While the problem is less severe for allowed*, since we want the derivation
# to be built eventually, we would still like to get the error early and without
# having to wait while nix builds a derivation that might not be used.
# See also https://github.com/NixOS/nix/issues/4629
optionalAttrs (attrs ? disallowedReferences) {
disallowedReferences = map unsafeDerivationToUntrackedOutpath attrs.disallowedReferences;
}
// optionalAttrs (attrs ? disallowedRequisites) {
disallowedRequisites = map unsafeDerivationToUntrackedOutpath attrs.disallowedRequisites;
}
// optionalAttrs (attrs ? allowedReferences) {
allowedReferences = mapNullable unsafeDerivationToUntrackedOutpath attrs.allowedReferences;
}
// optionalAttrs (attrs ? allowedRequisites) {
allowedRequisites = mapNullable unsafeDerivationToUntrackedOutpath attrs.allowedRequisites;
};
2024-06-30 08:16:52 +00:00
in
2024-05-02 00:46:19 +00:00
derivationArg;
2024-06-30 08:16:52 +00:00
2024-05-02 00:46:19 +00:00
mkDerivationSimple =
overrideAttrs:
2024-06-30 08:16:52 +00:00
2024-05-02 00:46:19 +00:00
# `mkDerivation` wraps the builtin `derivation` function to
# produce derivations that use this stdenv and its shell.
2024-06-30 08:16:52 +00:00
#
2024-05-02 00:46:19 +00:00
# Internally, it delegates most of its behavior to `makeDerivationArgument`,
# except for the `env`, `cmakeFlags`, and `mesonFlags` attributes, as well
# as the attributes `meta` and `passthru` that affect [package attributes],
# and not the derivation itself.
2024-06-30 08:16:52 +00:00
#
2024-05-02 00:46:19 +00:00
# See also:
2024-06-30 08:16:52 +00:00
#
2024-05-02 00:46:19 +00:00
# * https://nixos.org/nixpkgs/manual/#sec-using-stdenv
# Details on how to use this mkDerivation function
2024-06-30 08:16:52 +00:00
#
2024-05-02 00:46:19 +00:00
# * https://nixos.org/manual/nix/stable/expressions/derivations.html#derivations
# Explanation about derivations in general
2024-06-30 08:16:52 +00:00
#
2024-05-02 00:46:19 +00:00
# * [package attributes]: https://nixos.org/manual/nix/stable/glossary#package-attribute-set
2024-06-30 08:16:52 +00:00
{
2024-05-02 00:46:19 +00:00
# Configure Phase
cmakeFlags ? [ ],
mesonFlags ? [ ],
2024-06-30 08:16:52 +00:00
meta ? { },
2024-05-02 00:46:19 +00:00
passthru ? { },
pos ? # position used in error messages and for meta.position
2024-06-30 08:16:52 +00:00
(
2024-05-02 00:46:19 +00:00
if attrs.meta.description or null != null then
builtins.unsafeGetAttrPos "description" attrs.meta
else if attrs.version or null != null then
builtins.unsafeGetAttrPos "version" attrs
2024-06-30 08:16:52 +00:00
else
2024-05-02 00:46:19 +00:00
builtins.unsafeGetAttrPos "name" attrs
2024-06-30 08:16:52 +00:00
),
2024-05-02 00:46:19 +00:00
# Experimental. For simple packages mostly just works,
# but for anything complex, be prepared to debug if enabling.
__structuredAttrs ? config.structuredAttrsByDefault or false,
env ? { },
2024-06-30 08:16:52 +00:00
...
2024-05-02 00:46:19 +00:00
}@attrs:
# Policy on acceptable hash types in nixpkgs
assert
attrs ? outputHash
2024-06-30 08:16:52 +00:00
-> (
2024-05-02 00:46:19 +00:00
let
algo = attrs.outputHashAlgo or (head (splitString "-" attrs.outputHash));
in
if algo == "md5" then throw "Rejected insecure ${algo} hash '${attrs.outputHash}'" else true
);
let
envIsExportable = isAttrs env && !isDerivation env;
2024-06-30 08:16:52 +00:00
2024-05-02 00:46:19 +00:00
derivationArg = makeDerivationArgument (
removeAttrs attrs (
2024-06-30 08:16:52 +00:00
[
"meta"
2024-05-02 00:46:19 +00:00
"passthru"
2024-06-30 08:16:52 +00:00
"pos"
]
2024-05-02 00:46:19 +00:00
++ optional (__structuredAttrs || envIsExportable) "env"
2024-06-30 08:16:52 +00:00
)
2024-05-02 00:46:19 +00:00
// optionalAttrs __structuredAttrs { env = checkedEnv; }
2024-06-30 08:16:52 +00:00
// {
2024-05-02 00:46:19 +00:00
cmakeFlags = makeCMakeFlags attrs;
mesonFlags = makeMesonFlags attrs;
2024-06-30 08:16:52 +00:00
}
);
2024-05-02 00:46:19 +00:00
meta = checkMeta.commonMeta {
inherit validity attrs pos;
references =
attrs.nativeBuildInputs or [ ]
++ attrs.buildInputs or [ ]
++ attrs.propagatedNativeBuildInputs or [ ]
++ attrs.propagatedBuildInputs or [ ];
2024-06-30 08:16:52 +00:00
};
2024-05-02 00:46:19 +00:00
validity = checkMeta.assertValidity { inherit meta attrs; };
2024-06-30 08:16:52 +00:00
2024-05-02 00:46:19 +00:00
checkedEnv =
2024-06-30 08:16:52 +00:00
let
2024-05-02 00:46:19 +00:00
overlappingNames = attrNames (builtins.intersectAttrs env derivationArg);
in
assert assertMsg envIsExportable
"When using structured attributes, `env` must be an attribute set of environment variables.";
assert assertMsg (overlappingNames == [ ])
"The env attribute set cannot contain any attributes passed to derivation. The following attributes are overlapping: ${concatStringsSep ", " overlappingNames}";
mapAttrs (
n: v:
assert assertMsg (isString v || isBool v || isInt v || isDerivation v)
"The env attribute set can only contain derivation, string, boolean or integer attributes. The ${n} attribute is of type ${builtins.typeOf v}.";
v
) env;
2024-06-30 08:16:52 +00:00
2024-05-02 00:46:19 +00:00
# Fixed-output derivations may not reference other paths, which means that
# for a fixed-output derivation, the corresponding inputDerivation should
# *not* be fixed-output. To achieve this we simply delete the attributes that
# would make it fixed-output.
deleteFixedOutputRelatedAttrs = lib.flip builtins.removeAttrs [
"outputHashAlgo"
"outputHash"
"outputHashMode"
2024-06-30 08:16:52 +00:00
];
2024-05-02 00:46:19 +00:00
in
extendDerivation validity.handled (
2024-06-30 08:16:52 +00:00
{
2024-05-02 00:46:19 +00:00
# A derivation that always builds successfully and whose runtime
# dependencies are the original derivations build time dependencies
# This allows easy building and distributing of all derivations
# needed to enter a nix-shell with
# nix-build shell.nix -A inputDerivation
inputDerivation = derivation (
deleteFixedOutputRelatedAttrs derivationArg
2024-06-30 08:16:52 +00:00
// {
2024-05-02 00:46:19 +00:00
# Add a name in case the original drv didn't have one
name = derivationArg.name or "inputDerivation";
# This always only has one output
outputs = [ "out" ];
2024-06-30 08:16:52 +00:00
2024-05-02 00:46:19 +00:00
# Propagate the original builder and arguments, since we override
# them and they might contain references to build inputs
_derivation_original_builder = derivationArg.builder;
_derivation_original_args = derivationArg.args;
2024-06-30 08:16:52 +00:00
2024-05-02 00:46:19 +00:00
builder = stdenv.shell;
# The bash builtin `export` dumps all current environment variables,
# which is where all build input references end up (e.g. $PATH for
# binaries). By writing this to $out, Nix can find and register
# them as runtime dependencies (since Nix greps for store paths
# through $out to find them)
2024-06-30 08:16:52 +00:00
args = [
"-c"
''
2024-05-02 00:46:19 +00:00
export > $out
for var in $passAsFile; do
pathVar="''${var}Path"
printf "%s" "$(< "''${!pathVar}")" >> $out
2024-06-30 08:16:52 +00:00
done
''
];
2024-05-02 00:46:19 +00:00
# inputDerivation produces the inputs; not the outputs, so any
# restrictions on what used to be the outputs don't serve a purpose
# anymore.
allowedReferences = null;
allowedRequisites = null;
disallowedReferences = [ ];
disallowedRequisites = [ ];
2024-06-30 08:16:52 +00:00
}
);
2024-05-02 00:46:19 +00:00
inherit passthru overrideAttrs;
inherit meta;
2024-06-30 08:16:52 +00:00
}
//
2024-05-02 00:46:19 +00:00
# Pass through extra attributes that are not inputs, but
# should be made available to Nix expressions using the
# derivation (e.g., in assertions).
passthru
) (derivation (derivationArg // optionalAttrs envIsExportable checkedEnv));
in
{
inherit mkDerivation;
}