nixpkgs/pkgs/development/libraries/glibc/default.nix
Adam Joseph 64046f0191 glibcCross: use a libgcc built separately from gcc
### Summary

This PR completely and finally solves the gcc<->glibc circular
`buildInputs` problem, for cross compilation.  The same technique
can be applied to native builds in the future.

Closes #213453

 ### Motivation

Prior to this PR, we had the following circular `buildInputs` problem:

1. gcc has glibc in its `buildInputs`

   - a compiled copy of glibc must be present before building gcc;
     if it isn't, gcc cripples itself (`inhibit_libc`) and refuses
     to build libgcc_s.so

2. glibc has libgcc_s.so in its `buildInputs`

   - glibc `dlopen()`s libgcc_s.so in order to implement POSIX
     thread cancellation.  For security reasons `glibc` requires
     that the path to `libgcc_s.so` is [hardwired] into `glibc` at
     compile time, so it's technically not a true dynamic link -- it
     just pretends to be one.

3. libgcc_s.so is built in the same derivation as gcc

   - libgcc_s.so is built as part of the gcc build process

We must cut one of these three links in the loop.

 ### Previous Attempts

Previously https://github.com/NixOS/nixpkgs/pull/238154 had
attempted to cut link (1) by building `gcc` without `glibc`, and
using the `libgcc_s` which emerges from that build.  Unfortunately
this just doesn't work.  GCC's configure script extracts quite a lot
of information from the glibc headers (which are a build artifact --
you can't just copy them out of the source tarball) and various
`./configure`-driven linking attempts.  If `glibc` isn't around at
build time you wind up with a `libgcc_s.so` that is missing various
unwinder features (see https://github.com/NixOS/nixpkgs/issues/213453
for the most problematic one).

Musl "cuts" link (2), or rather never creates it in the first place.
["Cancellation cleanup handling in musl has no relationship to C++
exceptions and unwinding... glibc implements cancellation as an
exception"](https://wiki.musl-libc.org/functional-differences-from-glibc.html#Thread-cancellation).
IMHO Musl made the smarter decision here.  It is incredibly rare to
find a codebase that uses both POSIX thread cancellation *and* C++
exceptions.  I have never seen a codebase that uses both *and*
expects them to be aware of each other, and I would be astonished if
one existed.  Glibc paid an immense cost in complexity for something
nobody has ever used.

 ### Changes Made

This PR cuts link (3): instead of building libgcc_s.so as part of
gcc, we build it separately from gcc.  Now there is a strict acyclic
graph of `buildInputs`:

```
 gccWithoutTargetLibc
 |
 +--->glibc-nolibgcc
 |    |
 |    v
 +--->libgcc
 |    |
 |    v
 +--->glibc
 |    |
 |    v
 +--->gcc
```

In other words, there's a simple linear `buildInputs` chain
`glibc-nolibgcc` `->` `libgcc` `->` `glibc` `->` `gcc` where all
four packages are compiled by (and therefore have as a
`(native)BuildInput`) `gccWithoutTargetLibc`.

`gccWithoutTargetLibc` and `glibc-nolibgcc` are strictly
bootstrapping artifacts; nothing else has them as a `buildInput` and
they shouldn't appear in the closure of any final deployment
packages.  `glibc-nolibgcc` lacks `libgcc_s.so`, so it will segfault
if you try to use it with POSIX thread cancellation.  Fortunately
all we need from it is (a) its headers (`lib.getDev`) and (b) to use
it in the `./configure` script for `libgcc`.

When translated over to the native bootstrap, `xgcc` takes the place
of `gccWithoutTargetLibc`, and the "first `glibc`" (we build two of
them) takes the place of `glibc-nolibgcc`.  At that point our native
and cross bootstrap have the same overall architecture, and it
becomes possible to merge them (at last!)

[213453]: https://github.com/NixOS/nixpkgs/issues/213453
[238154]: https://github.com/NixOS/nixpkgs/pull/238154
[hardwired]: 7553d0fe29/pkgs/development/libraries/glibc/default.nix (L69-L88)
2023-08-14 15:09:06 -07:00

176 lines
6.9 KiB
Nix

{ lib, stdenv, callPackage
, withLinuxHeaders ? true
, profilingLibraries ? false
, withGd ? false
, withLibcrypt? false
, buildPackages
, libgcc
}:
let
gdCflags = [
"-Wno-error=stringop-truncation"
"-Wno-error=missing-attributes"
"-Wno-error=array-bounds"
];
in
(callPackage ./common.nix { inherit stdenv; } {
inherit withLinuxHeaders withGd profilingLibraries withLibcrypt;
pname = "glibc" + lib.optionalString withGd "-gd" + lib.optionalString (stdenv.cc.isGNU && libgcc==null) "-nolibgcc";
}).overrideAttrs(previousAttrs: {
# Note:
# Things you write here override, and do not add to,
# the values in `common.nix`.
# (For example, if you define `patches = [...]` here, it will
# override the patches in `common.nix` -- so instead you should
# write `patches = (previousAttrs.patches or []) ++ [ ... ]`.
NIX_NO_SELF_RPATH = true;
postConfigure = ''
# Hack: get rid of the `-static' flag set by the bootstrap stdenv.
# This has to be done *after* `configure' because it builds some
# test binaries.
export NIX_CFLAGS_LINK=
export NIX_LDFLAGS_BEFORE=
export NIX_DONT_SET_RPATH=1
unset CFLAGS
# Apparently --bindir is not respected.
makeFlagsArray+=("bindir=$bin/bin" "sbindir=$bin/sbin" "rootsbindir=$bin/sbin")
'' + lib.optionalString stdenv.buildPlatform.isDarwin ''
# ld-wrapper will otherwise attempt to inject CoreFoundation into ld-linux's RUNPATH
export NIX_COREFOUNDATION_RPATH=
'';
# The pie, stackprotector and fortify hardening flags are autodetected by
# glibc and enabled by default if supported. Setting it for every gcc
# invocation does not work.
hardeningDisable = [ "fortify" "pie" "stackprotector" ];
env = (previousAttrs.env or { }) // {
NIX_CFLAGS_COMPILE = (previousAttrs.env.NIX_CFLAGS_COMPILE or "") + lib.concatStringsSep " "
(builtins.concatLists [
(lib.optionals withGd gdCflags)
# Fix -Werror build failure when building glibc with musl with GCC >= 8, see:
# https://github.com/NixOS/nixpkgs/pull/68244#issuecomment-544307798
(lib.optional stdenv.hostPlatform.isMusl "-Wno-error=attribute-alias")
(lib.optionals ((stdenv.hostPlatform != stdenv.buildPlatform) || stdenv.hostPlatform.isMusl) [
# Ignore "error: '__EI___errno_location' specifies less restrictive attributes than its target '__errno_location'"
# New warning as of GCC 9
# Same for musl: https://github.com/NixOS/nixpkgs/issues/78805
"-Wno-error=missing-attributes"
])
(lib.optionals (stdenv.hostPlatform.isPower64) [
# Do not complain about the Processor Specific ABI (i.e. the
# choice to use IEEE-standard `long double`). We pass this
# flag in order to mute a `-Werror=psabi` passed by glibc;
# hopefully future glibc releases will not pass that flag.
"-Wno-error=psabi"
])
]);
};
# glibc needs to `dlopen()` `libgcc_s.so` but does not link
# against it. Furthermore, glibc doesn't use the ordinary
# `dlopen()` call to do this; instead it uses one which ignores
# most paths:
#
# https://sourceware.org/legacy-ml/libc-help/2013-11/msg00026.html
#
# In order to get it to not ignore `libgcc_s.so`, we have to add its path to
# `user-defined-trusted-dirs`:
#
# https://sourceware.org/git/?p=glibc.git;a=blob;f=elf/Makefile;h=b509b3eada1fb77bf81e2a0ca5740b94ad185764#l1355
#
# Conveniently, this will also inform Nix of the fact that glibc depends on
# gcc.libgcc, since the path will be embedded in the resulting binary.
#
makeFlags =
(previousAttrs.makeFlags or [])
++ lib.optionals (libgcc != null) [
"user-defined-trusted-dirs=${libgcc}/lib"
];
postInstall = previousAttrs.postInstall + (if stdenv.hostPlatform == stdenv.buildPlatform then ''
echo SUPPORTED-LOCALES=C.UTF-8/UTF-8 > ../glibc-2*/localedata/SUPPORTED
make -j''${NIX_BUILD_CORES:-1} localedata/install-locales
'' else lib.optionalString stdenv.buildPlatform.isLinux ''
# This is based on http://www.linuxfromscratch.org/lfs/view/development/chapter06/glibc.html
# Instead of using their patch to build a build-native localedef,
# we simply use the one from buildPackages
pushd ../glibc-2*/localedata
export I18NPATH=$PWD GCONV_PATH=$PWD/../iconvdata
mkdir -p $NIX_BUILD_TOP/${buildPackages.glibc}/lib/locale
${lib.getBin buildPackages.glibc}/bin/localedef \
--alias-file=../intl/locale.alias \
-i locales/C \
-f charmaps/UTF-8 \
--prefix $NIX_BUILD_TOP \
${if stdenv.hostPlatform.parsed.cpu.significantByte.name == "littleEndian" then
"--little-endian"
else
"--big-endian"} \
C.UTF-8
cp -r $NIX_BUILD_TOP/${buildPackages.glibc}/lib/locale $out/lib
popd
'') + ''
test -f $out/etc/ld.so.cache && rm $out/etc/ld.so.cache
if test -n "$linuxHeaders"; then
# Include the Linux kernel headers in Glibc, except the `scsi'
# subdirectory, which Glibc provides itself.
(cd $dev/include && \
ln -sv $(ls -d $linuxHeaders/include/* | grep -v scsi\$) .)
fi
# Fix for NIXOS-54 (ldd not working on x86_64). Make a symlink
# "lib64" to "lib".
if test -n "$is64bit"; then
ln -s lib $out/lib64
fi
# Get rid of more unnecessary stuff.
rm -rf $out/var $bin/bin/sln
# Backwards-compatibility to fix e.g.
# "configure: error: Pthreads are required to build libgomp" during `gcc`-build
# because it's not actually needed anymore to link against `pthreads` since
# it's now part of `libc.so.6` itself, but the gcc build breaks if
# this doesn't work.
ln -sf $out/lib/libpthread.so.0 $out/lib/libpthread.so
ln -sf $out/lib/librt.so.1 $out/lib/librt.so
ln -sf $out/lib/libdl.so.2 $out/lib/libdl.so
ln -sf $out/lib/libutil.so.1 $out/lib/libutil.so
touch $out/lib/libpthread.a
# Put libraries for static linking in a separate output. Note
# that libc_nonshared.a and libpthread_nonshared.a are required
# for dynamically-linked applications.
mkdir -p $static/lib
mv $out/lib/*.a $static/lib
mv $static/lib/lib*_nonshared.a $out/lib
# Some of *.a files are linker scripts where moving broke the paths.
sed "/^GROUP/s|$out/lib/lib|$static/lib/lib|g" \
-i "$static"/lib/*.a
# Work around a Nix bug: hard links across outputs cause a build failure.
cp $bin/bin/getconf $bin/bin/getconf_
mv $bin/bin/getconf_ $bin/bin/getconf
'';
separateDebugInfo = true;
passthru =
(previousAttrs.passthru or {})
// lib.optionalAttrs (libgcc != null) {
inherit libgcc;
};
meta = (previousAttrs.meta or {}) // { description = "The GNU C Library"; };
})