From 800f280696d54d718ec78684fd517cce472dedca Mon Sep 17 00:00:00 2001 From: Tmplt Date: Sun, 17 Nov 2019 18:46:52 +0100 Subject: [PATCH 1/5] gdb: wrap, making libstdc++ plugin safe to load --- pkgs/development/tools/misc/gdb/wrapper.nix | 32 +++++++++++++++++++++ pkgs/top-level/all-packages.nix | 4 ++- 2 files changed, 35 insertions(+), 1 deletion(-) create mode 100644 pkgs/development/tools/misc/gdb/wrapper.nix diff --git a/pkgs/development/tools/misc/gdb/wrapper.nix b/pkgs/development/tools/misc/gdb/wrapper.nix new file mode 100644 index 000000000000..7eccba747479 --- /dev/null +++ b/pkgs/development/tools/misc/gdb/wrapper.nix @@ -0,0 +1,32 @@ +{ stdenv, lib, makeWrapper, gdb-unwrapped, safePaths }: + +let + gdb = gdb-unwrapped; +in + stdenv.mkDerivation { + name = gdb.name; + buildInputs = [ makeWrapper ]; + propagatedBuildInputs = [ gdb ]; + propagatedUserEnvPkgs = [ gdb ]; + phases = "installPhase fixupPhase"; + + # Find all gdb plugins in `safePaths` and + # mark these files as safe to load. + installPhase = '' + mkdir -p $out/share/gdb + initScript=$out/share/gdb/gdbinit + touch $initScript + + for safePath in ${lib.concatStringsSep " " safePaths}; do + for plugin in $(find $safePath | grep -- '.*-gdb.*'); do + echo add-auto-load-safe-path $plugin >> $initScript + done + done + + makeWrapper "${gdb}/bin/gdb" \ + "$out/bin/gdb" \ + --add-flags "-x $initScript" + ''; + + meta = gdb.meta; + } diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index c42024b45d3a..fba2a7729241 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -10473,7 +10473,9 @@ in bashdb = callPackage ../development/tools/misc/bashdb { }; - gdb = callPackage ../development/tools/misc/gdb { + gdb = callPackage ../development/tools/misc/gdb/wrapper.nix { safePaths = [ stdenv.cc.cc.lib ]; }; + + gdb-unwrapped = callPackage ../development/tools/misc/gdb { guile = null; }; From 6cff4ce58b28af76e69fd2b4e0fd194207fe70ee Mon Sep 17 00:00:00 2001 From: Tmplt Date: Tue, 19 Nov 2019 16:48:40 +0100 Subject: [PATCH 2/5] gdb: don't propagate unwrapped gdb --- pkgs/development/tools/misc/gdb/wrapper.nix | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/pkgs/development/tools/misc/gdb/wrapper.nix b/pkgs/development/tools/misc/gdb/wrapper.nix index 7eccba747479..2313b0b897a8 100644 --- a/pkgs/development/tools/misc/gdb/wrapper.nix +++ b/pkgs/development/tools/misc/gdb/wrapper.nix @@ -5,8 +5,7 @@ let in stdenv.mkDerivation { name = gdb.name; - buildInputs = [ makeWrapper ]; - propagatedBuildInputs = [ gdb ]; + nativeBuildInputs = [ makeWrapper ]; propagatedUserEnvPkgs = [ gdb ]; phases = "installPhase fixupPhase"; From a3e008420e8d04d8b444272640deee52ef0dac8f Mon Sep 17 00:00:00 2001 From: Tmplt Date: Tue, 19 Nov 2019 21:40:16 +0100 Subject: [PATCH 3/5] gdb: configure a safe path instead of wrapping --- pkgs/development/tools/misc/gdb/default.nix | 1 + pkgs/development/tools/misc/gdb/wrapper.nix | 31 --------------------- pkgs/top-level/all-packages.nix | 4 +-- 3 files changed, 2 insertions(+), 34 deletions(-) delete mode 100644 pkgs/development/tools/misc/gdb/wrapper.nix diff --git a/pkgs/development/tools/misc/gdb/default.nix b/pkgs/development/tools/misc/gdb/default.nix index e990cb683e7d..10afc8d421e4 100644 --- a/pkgs/development/tools/misc/gdb/default.nix +++ b/pkgs/development/tools/misc/gdb/default.nix @@ -70,6 +70,7 @@ stdenv.mkDerivation rec { "--with-gmp=${gmp.dev}" "--with-mpfr=${mpfr.dev}" "--with-expat" "--with-libexpat-prefix=${expat.dev}" + "--with-auto-load-safe-path=${stdenv.cc.cc.lib}" ] ++ stdenv.lib.optional (!pythonSupport) "--without-python"; postInstall = diff --git a/pkgs/development/tools/misc/gdb/wrapper.nix b/pkgs/development/tools/misc/gdb/wrapper.nix deleted file mode 100644 index 2313b0b897a8..000000000000 --- a/pkgs/development/tools/misc/gdb/wrapper.nix +++ /dev/null @@ -1,31 +0,0 @@ -{ stdenv, lib, makeWrapper, gdb-unwrapped, safePaths }: - -let - gdb = gdb-unwrapped; -in - stdenv.mkDerivation { - name = gdb.name; - nativeBuildInputs = [ makeWrapper ]; - propagatedUserEnvPkgs = [ gdb ]; - phases = "installPhase fixupPhase"; - - # Find all gdb plugins in `safePaths` and - # mark these files as safe to load. - installPhase = '' - mkdir -p $out/share/gdb - initScript=$out/share/gdb/gdbinit - touch $initScript - - for safePath in ${lib.concatStringsSep " " safePaths}; do - for plugin in $(find $safePath | grep -- '.*-gdb.*'); do - echo add-auto-load-safe-path $plugin >> $initScript - done - done - - makeWrapper "${gdb}/bin/gdb" \ - "$out/bin/gdb" \ - --add-flags "-x $initScript" - ''; - - meta = gdb.meta; - } diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 5cad0c64d131..d04fcbb89780 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -10471,9 +10471,7 @@ in bashdb = callPackage ../development/tools/misc/bashdb { }; - gdb = callPackage ../development/tools/misc/gdb/wrapper.nix { safePaths = [ stdenv.cc.cc.lib ]; }; - - gdb-unwrapped = callPackage ../development/tools/misc/gdb { + gdb = callPackage ../development/tools/misc/gdb { guile = null; }; From 75348fafae03c3e27b537c96fc8f88eeb6edc99c Mon Sep 17 00:00:00 2001 From: Tmplt Date: Wed, 20 Nov 2019 18:14:54 +0100 Subject: [PATCH 4/5] gdb: use a safePaths parameter instead --- pkgs/development/tools/misc/gdb/default.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/pkgs/development/tools/misc/gdb/default.nix b/pkgs/development/tools/misc/gdb/default.nix index 10afc8d421e4..a4a753bd14bd 100644 --- a/pkgs/development/tools/misc/gdb/default.nix +++ b/pkgs/development/tools/misc/gdb/default.nix @@ -8,6 +8,7 @@ , pythonSupport ? stdenv.hostPlatform == stdenv.buildPlatform && !stdenv.hostPlatform.isCygwin, python3 ? null , guile ? null +, safePaths ? [ stdenv.cc.cc.lib ] }: @@ -70,7 +71,7 @@ stdenv.mkDerivation rec { "--with-gmp=${gmp.dev}" "--with-mpfr=${mpfr.dev}" "--with-expat" "--with-libexpat-prefix=${expat.dev}" - "--with-auto-load-safe-path=${stdenv.cc.cc.lib}" + "--with-auto-load-safe-path=${builtins.concatStringsSep ":" safePaths}" ] ++ stdenv.lib.optional (!pythonSupport) "--without-python"; postInstall = From 2c50bd398463bc2e67824dbf094b157b618e8623 Mon Sep 17 00:00:00 2001 From: Viktor Vilhelm Sonesten Date: Mon, 25 Nov 2019 20:48:28 +0100 Subject: [PATCH 5/5] gdb: prepend default safe paths MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-Authored-By: Jörg Thalheim --- pkgs/development/tools/misc/gdb/default.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/pkgs/development/tools/misc/gdb/default.nix b/pkgs/development/tools/misc/gdb/default.nix index a4a753bd14bd..335699ee5600 100644 --- a/pkgs/development/tools/misc/gdb/default.nix +++ b/pkgs/development/tools/misc/gdb/default.nix @@ -8,7 +8,8 @@ , pythonSupport ? stdenv.hostPlatform == stdenv.buildPlatform && !stdenv.hostPlatform.isCygwin, python3 ? null , guile ? null -, safePaths ? [ stdenv.cc.cc.lib ] +# $debugdir:$datadir/auto-load are whitelisted by default by GDB +, safePaths ? [ "$debugdir" "$datadir/auto-load" stdenv.cc.cc.lib ] }: