If -target is explicitly passed to clang, we shouldn't pass our -march
value for the default target, because it probably won't exist for the
target being used. Up until now, clang has been lenient with this,
but it's a hard error with clang 17, so since gcc.arch is always set
on aarch64, fixing this is a hard requirement for upgrading our
default clang to 17.
Before (with clang 17 on aarch64-linux):
$ clang -target bpf -c -o /dev/null test.bpf.c
clang: warning: ignoring '-fstack-protector-strong' option as it is not currently supported for target 'bpf' [-Woption-ignored]
clang: error: unsupported option '-march=' for target 'bpf'
clang: warning: argument unused during compilation: '--gcc-toolchain=/nix/store/cngak08nb1yk44gnjipv5rg1ahh1xkax-gcc-13.2.0' [-Wunused-command-line-argument]
After:
$ clang -target bpf -c -o /dev/null test.bpf.c
clang: warning: ignoring '-fstack-protector-strong' option as it is not currently supported for target 'bpf' [-Woption-ignored]
clang: warning: argument unused during compilation: '--gcc-toolchain=/nix/store/cngak08nb1yk44gnjipv5rg1ahh1xkax-gcc-13.2.0' [-Wunused-command-line-argument]
Add a makeWrapperArgs argument to all script writers under pkgs.writers.
This can be used to set, prefix, or suffix the PATH or other environment variables which improves the ability to generate scripts with reproducible behavior.
Some of the writers (writeBash, writeDash, writeFish, writeNu) previously did not support passing an argument set, for example
```
writeBash "example" "echo hello"
```
In order to add the new capability to these writers as well, their call signature is now overloaded in order to allow the following:
(The old call style from the example above remains intact)
```
writeBash "example"
{ makeWrapperArgs = [ "--prefix" "PATH" ":" "${pkgs.hello}/bin" ]; }
''
hello
''
```
Done as well:
- add tests
- add more docs
- fix some misleading docs
- extend existing docs with more examples
Previously, when cross compiling from non-musl to musl, the crt-static
default override wouldn't be applied, because the compiler wouldn't
have been built with it due to fastCross. Moving it to the wrapper
fixes this without having to introduce extra compiler rebuilds. And
because the wrapper is applied even to the bootstrap rustc, we no
longer need special handling of crt-static in the Cargo expression.
Unlike --sysroot, rustc allows -C target-feature= to be passed
multiple times, with later instances taking precedence over earlier
ones. This means that it's very easy to set the default in the
wrapper, just by our overridden default before any other arguments.
This fixes pkgsCross.aarch64-multiplatform-musl.mesa from x86_64-linux.
The change is insignificant when the owner is root. However, when it
is not root, this change is needed to allow using Nix (as an
unprivileged user) inside the container.
Ada depencencies musst be build with the same gnat version as the
project. Use a namespace as preperation to build with different gnat
versions.
gprbuild and gnatprove are still globaly visable.
this equates to -ftrivial-auto-var-init=pattern
clang has removed support for -ftrivial-auto-var-init=zero and
are unlikely to re-add it, so use -ftrivial-auto-var-init=pattern
on both compilers if only to make behaviour more consistent
between the two.
add to pkgsExtraHardening's defaultHardeningFlags.
The loaded database contains timestamps of when the nix paths were
registered. Depending on the host store, these can differ between runs.
Resetting them to a well known values ensures that the produced image is
reproducible.
This commit adds support for swapping out the compression algorithm
used in all major docker-tools commands that generate images. The
default algorithm remains unchanged (gzip).
This fetcher is to be used with PyPi mirrors exposing the "legacy" API, such as devpi.
A variant of this fetcher has been used in poetry2nix for years and
has served us well there to support private PyPi mirrors and Devpi.
Example usage:
``` nix
fetchPypiLegacy {
file = "urllib3-1.26.2.tar.gz";
hash = "sha256:19188f96923873c92ccb987120ec4acaa12f0461fa9ce5d3d0772bc965a39e08";
pname = "urllib3";
url = "https://pypi.org/simple";
}
```
cc @lewo who wrote the this originally
cc contributors @rskew @gmacon @jperras @Smaug123
Without the change tests like `xorg.imake.tests.pkg-config` fail as:
$ nix build --no-link -f. -L xorg.imake.tests.pkg-config
error: builder for '/nix/store/i3zb1ykjzm0622497cn4dvifk36sx00r-check-pkg-config-.drv' failed to produce output path for output 'out' at '/nix/store/i3zb1ykjzm0622497cn4dvifk36sx00r-check-pkg-config-.drv.chroot/nix/store/63y92rvkp7gzzp0hlcjyj92srzjwndrq-check-pkg-config-'
error: 1 dependencies of derivation '/nix/store/8qycf49a4h9jj2662d9cf4d56aq6djjj-check-meta-pkg-config-modules-for-imake-1.0.9.drv' failed to build
Let's always produce empty output for zero-modules tests.
The previous version didn't work in the case of relative symlinks in
subdirectories. If "foo/bar" was a link to "baz", it would check for
a link to "baz" in the root, rather than under "foo".
We don't need to dereference the symlink ourselves for [ anyway, as it
dereferences its arguments itself, so all we need to do to fix this is
to pass it the link.
Fixes: 14f83d5c6f ("compressFirmwareXz: fix links to directories")
`multiPaths` is defined via invalid operation on `null` value for
non-multilib environments. Noticed on `notesnook` evan failure as:
nix-repl> notesnook.fhsenv.multiPaths
253| passthru = {
254| inherit args baseTargetPaths targetPaths baseMultiPaths multiPaths ldconfig;
| ^
255| };
error: attempt to call something which is not a function but null
The change makes `multiPaths` a private variable.
The unwrapped version doesn't know where to look for libraries, so
this is required to e.g. build anything that uses openssl-sys with
OPENSSL_NO_VENDOR. A randomly chosen example package that's fixed by
this change is pkgsStatic.gitoxide.
We're already using pkgsBuildBuild, and we'll soon be using
pkgsBuildTarget, so for consistency, change buildPackages and
targetPackages to their corresponding two-component names.
Pass the whole environment to the native-image build process by
generating a -E option for every environment variable.
This has the same effect as setting
NATIVE_IMAGE_DEPRECATED_BUILDER_SANITATION=true
but is compatible with packages providing -E options themselves
Packages that require access to environment variables in the build
should specify these using `-E` arguments in `nativeImageBuildArgs` or
using a `native-image.properties` as described here:
https://www.graalvm.org/22.1/reference-manual/native-image/BuildConfiguration/#embedding-a-configuration-file
Specifying NATIVE_IMAGE_DEPRECATED_BUILDER_SANITATION=true breaks with
packages that list their environment variables explicitly in `native-image.properties`.
this allows a compiler derivation to provide a
hardeningUnsupportedFlagsByTargetPlatform passthru attr
that will be called with the targetPlatform to determine
the unsupported hardening flags for that platform.
we can do this because even though a clang compiler is
multi-target by nature, cc-wrapper effectively fixes the
target platform at wrapping time. otherwise we'd have to
sniff the intended target at runtime, which wouldn't
be fun at all.
the advantage of using a new attribute instead of
allowing hardeningUnsupportedFlags to optionally be a
function is that hardeningUnsupportedFlags retains its
simple overriding pattern for simple cases (i.e.
`(prev.hardeningUnsupportedFlags or []) ++ [ "foo" ]`
) which will continue to work as long as the bottom-most
function of hardeningUnsupportedFlagsByTargetPlatform
falls back to hardeningUnsupportedFlags.
PR #275947, which was self-merged without approvals, inserted
functionality specific to a propriteary closed-source compiler
(CUDA) into cc-wrapper.
This commit relocates this CUDA-specific functionality into the
appropritate place: `cuda-modules`.
It is unclear to me exactly what this function is supposed to be
doing; much of it (like the `.kind` attributes) do not appear to be
used *anywhere* in nixpkgs. Making sure we don't insert unexplained
deadcode like this is one of the important functions of the review
process.
This commit deletes speculative comments which were self-merged with
no approvals in PR #275947.
If you think that "The above 'fix' may be incorrect" the correct
response is to submit a PR which removes the 'fix' and get it reviewed.
Likewise, if you think that "For clang it's not necessary" you
should submit a PR which wraps it in `if !isClang`.
`cc-wrapper` is full of too much junk as it is, let's not make
things worse.
The commit prior to this one, "gcc: fix c++ headers when same
triplet cross compiling" causes gcc's c++ headers to be in the same
outpath subdirectory regardless of whether the gcc build is a
host==target or host!=target compiler.
As a result of that change, the hack in cc-wrapper which adapted to
the different paths is no longer needed. And, in fact, it must be
removed, since if it is left in place builds such as
pkgsCross.aarch64-multiplatform.firefox will fail as shown below.
```
firefox-unwrapped> 0:02.01(B checking the host C compiler works... yes(B(B
firefox-unwrapped> 0:02.01(B checking for the host C++ compiler... /nix/store/1asqji9djmdlapzs70q7jw2j308ry7cn-clang-wrapper-16.0.6/bin/c++(B(B
firefox-unwrapped> 0:02.14(B checking whether the host C++ compiler can be used... yes(B(B
firefox-unwrapped> 0:02.14(B checking the host C++ compiler version... 16.0.6(B(B
firefox-unwrapped> 0:02.21(B checking the host C++ compiler works... yes(B(B
firefox-unwrapped> 0:02.40(B checking for target linker... lld(B(B
firefox-unwrapped> 0:02.51(B checking for host linker... lld(B(B
firefox-unwrapped> 0:02.60(B checking for 64-bit OS... yes(B(B
firefox-unwrapped> 0:02.67(B checking for new enough STL headers from libstdc++...(B(B
firefox-unwrapped> 0:02.67(B DEBUG: <truncated - see config.log for full output>(B(B
firefox-unwrapped> 0:02.67(B DEBUG: | #if defined(__GLIBCXX__) && !defined(_GLIBCXX_RELEASE)(B(B
firefox-unwrapped> 0:02.67(B DEBUG: | # error libstdc++ not new enough(B(B
firefox-unwrapped> 0:02.67(B DEBUG: | #endif(B(B
firefox-unwrapped> 0:02.67(B DEBUG: | #if defined(_GLIBCXX_RELEASE)(B(B
firefox-unwrapped> 0:02.67(B DEBUG: | # if _GLIBCXX_RELEASE < 8(B(B
firefox-unwrapped> 0:02.67(B DEBUG: | # error libstdc++ not new enough(B(B
firefox-unwrapped> 0:02.67(B DEBUG: | # else(B(B
firefox-unwrapped> 0:02.67(B DEBUG: | (void) 0(B(B
firefox-unwrapped> 0:02.67(B DEBUG: | # endif(B(B
firefox-unwrapped> 0:02.67(B DEBUG: | #endif(B(B
firefox-unwrapped> 0:02.67(B DEBUG: | ;(B(B
firefox-unwrapped> 0:02.67(B DEBUG: | return 0;(B(B
firefox-unwrapped> 0:02.67(B DEBUG: | }(B(B
firefox-unwrapped> 0:02.67(B DEBUG: Executing: `/nix/store/7v4bi4q334yircaznwm353h1l5i7k98f-aarch64-unknown-linux-gnu-clang-wrapper-16.0.6/bin/aarch64-unknown-linux-gnu-clang++ /build/conftest.qvbo58dv.cpp -c`(B(B
firefox-unwrapped> 0:02.67(B DEBUG: The command returned non-zero exit status 1.(B(B
firefox-unwrapped> 0:02.67(B DEBUG: Its error output was:(B(B
firefox-unwrapped> 0:02.67(B DEBUG: | /build/conftest.qvbo58dv.cpp:1:10: fatal error: 'cstddef' file not found(B(B
firefox-unwrapped> 0:02.67(B DEBUG: | #include <cstddef>(B(B
firefox-unwrapped> 0:02.67(B DEBUG: | ^~~~~~~~~(B(B
firefox-unwrapped> 0:02.67(B DEBUG: | 1 error generated.(B(B
firefox-unwrapped> 0:02.67(B ERROR: The libstdc++ in use is not new enough. Please run ./mach bootstrap to update your compiler, or update your system libstdc++ installation.(B(B
firefox-unwrapped> *** Fix above errors and then restart with "./mach build"
error: build of '/nix/store/5in7xkji5hzqkl14ygwq3vxnni54lykk-firefox-unwrapped-aarch64-unknown-linux-gnu-119.0.1.drv' on 'ssh://root@192.168.22.103' failed: builder for '/nix/store/5in7xkji5hzqkl14ygwq3vxnni54lykk-firefox-unwrapped-aarch64-unknown-linux-gnu-119.0.1.drv' failed with exit code 1
error: builder for '/nix/store/5in7xkji5hzqkl14ygwq3vxnni54lykk-firefox-unwrapped-aarch64-unknown-linux-gnu-119.0.1.drv' failed with exit code 1;
```
* doc: improve documentation for trivial text writing functions
Co-authored-by: Brian Merchant <bzm3r@proton.me>
Co-authored-by: Robert Hensing <robert@roberthensing.nl>
Co-authored-by: Alexander Groleau <alex@proof.construction>
Co-authored-by: Valentin Gagarin <valentin.gagarin@tweag.io>
Add some minor improvements of the package, and use temp files for the
source difference patch, such that it is more reliable. This follows
from the suggestions of @infinisil.
Co-authored-by: Robert Hensing <roberth@users.noreply.github.com>
All other functions are in the form of `*{c,C}heckpointBuild*`, so we
deprecate the `mkCheckpointedBuild` function in favor of `mkCheckpointBuild`.
Also address some inconsistencies in the docs: some `buildOutput` should
actually be `incrementalBuildArtifacts`.
The build log of the following won't output `foo` as one might expect, but the
`$PATH` set by stdenv.
```nix
with import <nixpkgs> {};
runCommand "foo" { PATH = "foo"; } "echo $PATH; touch $out"
```
- It's useless. The correct attribute name would be `license` and not
`licenses`. Meaning setting this never did anything useful.
- It used IFD in its implementation, meaning to know what the licenses
of a nuget source are, you first had to build that nuget source. This
defeats the point of having license checks in the first place.
- IFD is not allowed by the nixpkgs CI and build farm anyway.
Without the change metadata evaluation fails on package like
`zammad.src` where no fields are defined in `.nix `files:
src = fetchFromGitHub (lib.importJSON ./source.json);
There evaluation fails as:
$ nix-instantiate --strict --eval --expr 'with import ./. {}; zammad.src.meta'
error:
23| # to indicate where derivation originates, similar to make-derivation.nix's mkDerivation
24| position = "${position.file}:${toString position.line}";
| ^
25| };
error: value is null while a set was expected
After the change evaluation succeeds as:
$ nix-instantiate --strict --eval --expr 'with import ./. {}; zammad.src.meta'
{ homepage = "https://github.com/zammad/zammad"; }
Before the change there was no way to poll for presence of
`vendorSha256` attribute:
$ nix-instantiate --strict --eval --expr 'with import ./. {}; _3mux.vendorSha256 or "no hash"'
error: attribute 'vendorSha256' missing
292| passthru = passthru // { inherit go goModules vendorHash; } // { inherit (args') vendorSha256; };
| ^
After the change the poll happens as expected:
$ nix-instantiate --strict --eval --expr 'with import ./. {}; _3mux.vendorSha256 or "no hash"'
"no hash"
- Remove superflous `let` with `defaultMeta`
These can just be assigned to meta directly instead.
- Hoist internal intermediate derivation
- Remove top-level `with lib`
- Inherit `lib`/`builtins` into scopes
We now use a newer version of package-build, since
previously-necessary functions have been moved/removed from package.el
Emacs 30. See https://github.com/melpa/package-build/pull/87
Consequently, some changes are necessary to the corresponding patch
and to melpa2nix.el, which this commit also contains.
We get a dependency list with pub2nix now. We can no longer easily distinguish between development dependency dependencies and regular dependency dependencies, but we weren't doing this anyway.
Conflicts:
- pkgs/development/python-modules/boto3-stubs/default.nix
- pkgs/development/python-modules/openllm-core/default.nix
Between 0.4.22 → 0.4.34 (a82245bd3d)
and 0.4.22 -> 0.4.41 (72c55ce6a6)
Does not build, not pre-merge either.
Prior to this change, the `importCargoLock` git dependency builder
assumed that the workspace root that needed to be passed to
`replace-workspace-values` will always be the root directory of the git
repository.
This is not always the case as independent workspace roots may be used
from subdirectories, and packages be referenced via paths. An example of
this is [1], where the `iced` subdirectory is its own independent
workspace, and workspace values for packages within it should be pulled
from the `iced` subdirectory as the workspace root, not from the
top-level of the fetched repository.
[1]: b8f1a366dd/Cargo.toml
With `cargoRoot` set to a subdirectory of the source, where the
Cargo.{lock,toml} are found, the final mv would previously fail, since
the build results appear relative to cargoRoot, not to the original
build directory.
It turns out that unlike a normal Unix program, if the --sysroot
option is given more than once, rustc will error rather than using the
last value given. Therefore, we need to ensure we only add our
default --sysroot argument if one hasn't been given explicitly on the
wrapper's command line.
This fixes cross compilation of rustc.
Closes: https://github.com/NixOS/nixpkgs/issues/271736
Fixes: 8b51cdd3be ("rustc: add a compiler wrapper")
Rust 1.74 added support for configuring lints with cargo in a new
"lints" table. This also adds a new possible position to reference the
host workspace.
Fixes#273835
