diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 8c42484f..78af1d6a 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -85,7 +85,7 @@ jobs: os: [ubuntu-latest, macos-latest] rust-channel: [stable, beta, nightly] profile: [minimal, default] - nixpkgs-channel: [nixpkgs-unstable, nixos-22.11] + nixpkgs-channel: [nixpkgs-unstable, nixos-23.05] include: # The legacy package, used by compatible functions. - os: ubuntu-latest diff --git a/ld-wrapper.sh b/ld-wrapper.sh new file mode 100644 index 00000000..df770393 --- /dev/null +++ b/ld-wrapper.sh @@ -0,0 +1,281 @@ +#! @shell@ +# This file is copied from nixpkgs with additional handling of `-flavor` prefix. +# See: https://github.com/NixOS/nixpkgs/blob/fa016524af1414fd5e0d9f3de43b6377486601bf/pkgs/build-support/bintools-wrapper/ld-wrapper.sh +set -eu -o pipefail +o posix +shopt -s nullglob + +if (( "${NIX_DEBUG:-0}" >= 7 )); then + set -x +fi + +flavorParams=() +if [[ $# -ge 2 && "$1" == -flavor ]]; then + flavorParams=( "$1" "$2" ) + shift 2 +fi + +path_backup="$PATH" + +# phase separation makes this look useless +# shellcheck disable=SC2157 +if [ -n "@coreutils_bin@" ]; then + PATH="@coreutils_bin@/bin" +fi + +source @out@/nix-support/utils.bash + +if [ -z "${NIX_BINTOOLS_WRAPPER_FLAGS_SET_@suffixSalt@:-}" ]; then + source @out@/nix-support/add-flags.sh +fi + + +# Optionally filter out paths not refering to the store. +expandResponseParams "$@" + +# NIX_LINK_TYPE is set if ld has been called through our cc wrapper. We take +# advantage of this to avoid both recalculating it, and also repeating other +# processing cc wrapper has already done. +if [[ -n "${NIX_LINK_TYPE_@suffixSalt@:-}" ]]; then + linkType=$NIX_LINK_TYPE_@suffixSalt@ +else + linkType=$(checkLinkType "${params[@]}") +fi + +if [[ "${NIX_ENFORCE_PURITY:-}" = 1 && -n "${NIX_STORE:-}" + && ( -z "$NIX_IGNORE_LD_THROUGH_GCC_@suffixSalt@" || -z "${NIX_LINK_TYPE_@suffixSalt@:-}" ) ]]; then + rest=() + nParams=${#params[@]} + declare -i n=0 + + while (( "$n" < "$nParams" )); do + p=${params[n]} + p2=${params[n+1]:-} # handle `p` being last one + if [ "${p:0:3}" = -L/ ] && badPath "${p:2}"; then + skip "${p:2}" + elif [ "$p" = -L ] && badPath "$p2"; then + n+=1; skip "$p2" + elif [ "$p" = -rpath ] && badPath "$p2"; then + n+=1; skip "$p2" + elif [ "$p" = -dynamic-linker ] && badPath "$p2"; then + n+=1; skip "$p2" + elif [ "$p" = -syslibroot ] && [ $p2 == // ]; then + # When gcc is built on darwin --with-build-sysroot=/ + # produces '-syslibroot //' linker flag. It's a no-op, + # which does not introduce impurities. + n+=1; skip "$p2" + elif [ "${p:0:10}" = /LIBPATH:/ ] && badPath "${p:9}"; then + reject "${p:9}" + # We need to not match LINK.EXE-style flags like + # /NOLOGO or /LIBPATH:/nix/store/foo + elif [[ $p =~ ^/[^:]*/ ]] && badPath "$p"; then + reject "$p" + elif [ "${p:0:9}" = --sysroot ]; then + # Our ld is not built with sysroot support (Can we fix that?) + : + else + rest+=("$p") + fi + n+=1 + done + # Old bash empty array hack + params=(${rest+"${rest[@]}"}) +fi + + +source @out@/nix-support/add-hardening.sh + +extraAfter=() +extraBefore=("${flavorParams[@]}" ${hardeningLDFlags[@]+"${hardeningLDFlags[@]}"}) + +if [ -z "${NIX_LINK_TYPE_@suffixSalt@:-}" ]; then + extraAfter+=($(filterRpathFlags "$linkType" $NIX_LDFLAGS_@suffixSalt@)) + extraBefore+=($(filterRpathFlags "$linkType" $NIX_LDFLAGS_BEFORE_@suffixSalt@)) + + # By adding dynamic linker to extraBefore we allow the users set their + # own dynamic linker as NIX_LD_FLAGS will override earlier set flags + if [[ "$linkType" == dynamic && -n "$NIX_DYNAMIC_LINKER_@suffixSalt@" ]]; then + extraBefore+=("-dynamic-linker" "$NIX_DYNAMIC_LINKER_@suffixSalt@") + fi +fi + +extraAfter+=($(filterRpathFlags "$linkType" $NIX_LDFLAGS_AFTER_@suffixSalt@)) + +# These flags *must not* be pulled up to -Wl, flags, so they can't go in +# add-flags.sh. They must always be set, so must not be disabled by +# NIX_LDFLAGS_SET. +if [ -e @out@/nix-support/add-local-ldflags-before.sh ]; then + source @out@/nix-support/add-local-ldflags-before.sh +fi + + +# Three tasks: +# +# 1. Find all -L... switches for rpath +# +# 2. Find relocatable flag for build id. +# +# 3. Choose 32-bit dynamic linker if needed +declare -a libDirs +declare -A libs +declare -i relocatable=0 link32=0 + +linkerOutput="a.out" + +if + [ "$NIX_DONT_SET_RPATH_@suffixSalt@" != 1 ] \ + || [ "$NIX_SET_BUILD_ID_@suffixSalt@" = 1 ] \ + || [ -e @out@/nix-support/dynamic-linker-m32 ] +then + prev= + # Old bash thinks empty arrays are undefined, ugh. + for p in \ + ${extraBefore+"${extraBefore[@]}"} \ + ${params+"${params[@]}"} \ + ${extraAfter+"${extraAfter[@]}"} + do + case "$prev" in + -L) + libDirs+=("$p") + ;; + -l) + libs["lib${p}.so"]=1 + ;; + -m) + # Presumably only the last `-m` flag has any effect. + case "$p" in + elf_i386) link32=1;; + *) link32=0;; + esac + ;; + -dynamic-linker | -plugin) + # Ignore this argument, or it will match *.so and be added to rpath. + ;; + *) + case "$p" in + -L/*) + libDirs+=("${p:2}") + ;; + -l?*) + libs["lib${p:2}.so"]=1 + ;; + "${NIX_STORE:-}"/*.so | "${NIX_STORE:-}"/*.so.*) + # This is a direct reference to a shared library. + libDirs+=("${p%/*}") + libs["${p##*/}"]=1 + ;; + -r | --relocatable | -i) + relocatable=1 + esac + ;; + esac + prev="$p" + done +fi + +# Determine linkerOutput +prev= +for p in \ + ${extraBefore+"${extraBefore[@]}"} \ + ${params+"${params[@]}"} \ + ${extraAfter+"${extraAfter[@]}"} +do + case "$prev" in + -o) + # Informational for post-link-hook + linkerOutput="$p" + ;; + *) + ;; + esac + prev="$p" +done + +if [[ "$link32" == "1" && "$linkType" == dynamic && -e "@out@/nix-support/dynamic-linker-m32" ]]; then + # We have an alternate 32-bit linker and we're producing a 32-bit ELF, let's + # use it. + extraAfter+=( + '-dynamic-linker' + "$(< @out@/nix-support/dynamic-linker-m32)" + ) +fi + +# Add all used dynamic libraries to the rpath. +if [[ "$NIX_DONT_SET_RPATH_@suffixSalt@" != 1 && "$linkType" != static-pie ]]; then + # For each directory in the library search path (-L...), + # see if it contains a dynamic library used by a -l... flag. If + # so, add the directory to the rpath. + # It's important to add the rpath in the order of -L..., so + # the link time chosen objects will be those of runtime linking. + declare -A rpaths + for dir in ${libDirs+"${libDirs[@]}"}; do + if [[ "$dir" =~ [/.][/.] ]] && dir2=$(readlink -f "$dir"); then + dir="$dir2" + fi + if [ -n "${rpaths[$dir]:-}" ] || [[ "$dir" != "${NIX_STORE:-}"/* ]]; then + # If the path is not in the store, don't add it to the rpath. + # This typically happens for libraries in /tmp that are later + # copied to $out/lib. If not, we're screwed. + continue + fi + for path in "$dir"/*; do + file="${path##*/}" + if [ "${libs[$file]:-}" ]; then + # This library may have been provided by a previous directory, + # but if that library file is inside an output of the current + # derivation, it can be deleted after this compilation and + # should be found in a later directory, so we add all + # directories that contain any of the libraries to rpath. + rpaths["$dir"]=1 + extraAfter+=(-rpath "$dir") + break + fi + done + done + +fi + +# This is outside the DONT_SET_RPATH branch because it's more targeted and we +# usually want it (on Darwin) even if DONT_SET_RPATH is set. +if [ -n "${NIX_COREFOUNDATION_RPATH:-}" ]; then + extraAfter+=(-rpath $NIX_COREFOUNDATION_RPATH) +fi + +# Only add --build-id if this is a final link. FIXME: should build gcc +# with --enable-linker-build-id instead? +# +# Note: `lld` interprets `--build-id` to mean `--build-id=fast`; GNU ld defaults +# to SHA1. +if [ "$NIX_SET_BUILD_ID_@suffixSalt@" = 1 ] && ! (( "$relocatable" )); then + extraAfter+=(--build-id="${NIX_BUILD_ID_STYLE:-sha1}") +fi + + +# Optionally print debug info. +if (( "${NIX_DEBUG:-0}" >= 1 )); then + # Old bash workaround, see above. + echo "extra flags before to @prog@:" >&2 + printf " %q\n" ${extraBefore+"${extraBefore[@]}"} >&2 + echo "original flags to @prog@:" >&2 + printf " %q\n" ${params+"${params[@]}"} >&2 + echo "extra flags after to @prog@:" >&2 + printf " %q\n" ${extraAfter+"${extraAfter[@]}"} >&2 +fi + +PATH="$path_backup" +# Old bash workaround, see above. + +if (( "${NIX_LD_USE_RESPONSE_FILE:-@use_response_file_by_default@}" >= 1 )); then + @prog@ @<(printf "%q\n" \ + ${extraBefore+"${extraBefore[@]}"} \ + ${params+"${params[@]}"} \ + ${extraAfter+"${extraAfter[@]}"}) +else + @prog@ \ + ${extraBefore+"${extraBefore[@]}"} \ + ${params+"${params[@]}"} \ + ${extraAfter+"${extraAfter[@]}"} +fi + +if [ -e "@out@/nix-support/post-link-hook" ]; then + source @out@/nix-support/post-link-hook +fi diff --git a/mk-aggregated.nix b/mk-aggregated.nix index d2861957..c8d8cc41 100644 --- a/mk-aggregated.nix +++ b/mk-aggregated.nix @@ -84,7 +84,7 @@ symlinkJoin { fi # symlinkJoin doesn't automatically handle it. Thus do it manually. - mkdir $out/nix-support + mkdir -p $out/nix-support echo "$depsHostHostPropagated " >$out/nix-support/propagated-host-host-deps [[ -z "$propagatedBuildInputs" ]] || echo "$propagatedBuildInputs " >$out/nix-support/propagated-build-inputs [[ -z "$depsTargetTargetPropagated" ]] || echo "$depsTargetTargetPropagated " >$out/nix-support/propagated-target-target-deps diff --git a/mk-component-set.nix b/mk-component-set.nix index 74a7a497..386a4f1c 100644 --- a/mk-component-set.nix +++ b/mk-component-set.nix @@ -1,5 +1,7 @@ # Define component derivations and special treatments. { lib, stdenv, stdenvNoCC, gnutar, autoPatchelfHook, bintools, zlib, gccForLibs +# The path to nixpkgs root. +, path , toRustTarget, removeNulls }: # Release version of the whole set. @@ -105,8 +107,44 @@ let for f in $out/bin/*; do install_name_tool -add_rpath "${self.rustc}/lib" "$f" || true done + '' + # Wrap the shipped `rust-lld` (lld), which is used by default on some targets. + # Unfortunately there is no hook to conveniently wrap CC tools inside + # derivation and `wrapBintools` is designed for wrapping a standalone + # bintools derivation. We hereby copy minimal of their implementation. + # The `wrap()` is from: + # https://github.com/NixOS/nixpkgs/blob/bfb7a882678e518398ce9a31a881538679f6f092/pkgs/build-support/bintools-wrapper/default.nix#L178 + + optionalString (pname == "rustc") '' + wrap() { + local dst="$1" + local wrapper="$2" + export prog="$3" + export use_response_file_by_default=0 + substituteAll "$wrapper" "$dst" + chmod +x "$dst" + } + + dsts=( "$out"/lib/rustlib/*/bin/rust-lld ) + if [[ ''${#dsts} -ne 0 ]]; then + ls -lah $out + mkdir -p $out/nix-support + substituteAll ${path + "/pkgs/build-support/wrapper-common/utils.bash"} $out/nix-support/utils.bash + substituteAll ${path + "/pkgs/build-support/bintools-wrapper/add-flags.sh"} $out/nix-support/add-flags.sh + substituteAll ${path + "/pkgs/build-support/bintools-wrapper/add-hardening.sh"} $out/nix-support/add-hardening.sh + + for dst in "''${dsts[@]}"; do + unwrapped="$(dirname "$dst")/.rust-lld-unwrapped" + mv "$dst" "$unwrapped" + wrap "$dst" ${./ld-wrapper.sh} "$unwrapped" + done + fi ''; + env = lib.optionalAttrs (pname == "rustc") { + inherit (stdenv.cc.bintools) expandResponseParams shell suffixSalt wrapperName coreutils_bin; + hardening_unsupported_flags = ""; + }; + dontStrip = true; };