nixpkgs/pkgs/top-level/stage.nix
Robert Scott e79c133858 add pkgsExtraHardening package set
this package set can be used to trial new hardening flags or
enable those which are still known to cause some problems
2024-01-21 11:16:07 +00:00

312 lines
12 KiB
Nix
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

/* This file composes a single bootstrapping stage of the Nix Packages
collection. That is, it imports the functions that build the various
packages, and calls them with appropriate arguments. The result is a set of
all the packages in the Nix Packages collection for some particular platform
for some particular stage.
Default arguments are only provided for bootstrapping
arguments. Normal users should not import this directly but instead
import `pkgs/default.nix` or `default.nix`. */
let
# An overlay to auto-call packages in ../by-name.
# By defining it at the top of the file,
# this value gets reused even if this file is imported multiple times,
# thanks to Nix's import-value cache.
autoCalledPackages = import ./by-name-overlay.nix ../by-name;
in
{ ## Misc parameters kept the same for all stages
##
# Utility functions, could just import but passing in for efficiency
lib
, # Use to reevaluate Nixpkgs
nixpkgsFun
## Other parameters
##
, # Either null or an object in the form:
#
# {
# pkgsBuildBuild = ...;
# pkgsBuildHost = ...;
# pkgsBuildTarget = ...;
# pkgsHostHost = ...;
# # pkgsHostTarget skipped on purpose.
# pkgsTargetTarget ...;
# }
#
# These are references to adjacent bootstrapping stages. The more familiar
# `buildPackages` and `targetPackages` are defined in terms of them. If null,
# they are instead defined internally as the current stage. This allows us to
# avoid expensive splicing. `pkgsHostTarget` is skipped because it is always
# defined as the current stage.
adjacentPackages
, # The standard environment to use for building packages.
stdenv
, # This is used because stdenv replacement and the stdenvCross do benefit from
# the overridden configuration provided by the user, as opposed to the normal
# bootstrapping stdenvs.
allowCustomOverrides
, # Non-GNU/Linux OSes are currently "impure" platforms, with their libc
# outside of the store. Thus, GCC, GFortran, & co. must always look for files
# in standard system directories (/usr/include, etc.)
noSysDirs ? stdenv.buildPlatform.system != "x86_64-freebsd"
&& stdenv.buildPlatform.system != "i686-freebsd"
&& stdenv.buildPlatform.system != "x86_64-solaris"
&& stdenv.buildPlatform.system != "x86_64-kfreebsd-gnu"
, # The configuration attribute set
config
, # A list of overlays (Additional `self: super: { .. }` customization
# functions) to be fixed together in the produced package set
overlays
} @args:
let
# This is a function from parsed platforms (like
# stdenv.hostPlatform.parsed) to parsed platforms.
makeMuslParsedPlatform = parsed:
# The following line guarantees that the output of this function
# is a well-formed platform with no missing fields. It will be
# uncommented in a separate PR, in case it breaks the build.
#(x: lib.trivial.pipe x [ (x: builtins.removeAttrs x [ "_type" ]) lib.systems.parse.mkSystem ])
(parsed // {
abi = {
gnu = lib.systems.parse.abis.musl;
gnueabi = lib.systems.parse.abis.musleabi;
gnueabihf = lib.systems.parse.abis.musleabihf;
gnuabin32 = lib.systems.parse.abis.muslabin32;
gnuabi64 = lib.systems.parse.abis.muslabi64;
gnuabielfv2 = lib.systems.parse.abis.musl;
gnuabielfv1 = lib.systems.parse.abis.musl;
# The following two entries ensure that this function is idempotent.
musleabi = lib.systems.parse.abis.musleabi;
musleabihf = lib.systems.parse.abis.musleabihf;
muslabin32 = lib.systems.parse.abis.muslabin32;
muslabi64 = lib.systems.parse.abis.muslabi64;
}.${parsed.abi.name}
or lib.systems.parse.abis.musl;
});
stdenvAdapters = self: super:
let
res = import ../stdenv/adapters.nix {
inherit lib config;
pkgs = self;
};
in res // {
stdenvAdapters = res;
};
trivialBuilders = self: super:
import ../build-support/trivial-builders {
inherit lib;
inherit (self) runtimeShell stdenv stdenvNoCC;
inherit (self.pkgsBuildHost) shellcheck-minimal;
inherit (self.pkgsBuildHost.xorg) lndir;
};
stdenvBootstappingAndPlatforms = self: super: let
withFallback = thisPkgs:
(if adjacentPackages == null then self else thisPkgs)
// { recurseForDerivations = false; };
in {
# Here are package sets of from related stages. They are all in the form
# `pkgs{theirHost}{theirTarget}`. For example, `pkgsBuildHost` means their
# host platform is our build platform, and their target platform is our host
# platform. We only care about their host/target platforms, not their build
# platform, because the the former two alone affect the interface of the
# final package; the build platform is just an implementation detail that
# should not leak.
pkgsBuildBuild = withFallback adjacentPackages.pkgsBuildBuild;
pkgsBuildHost = withFallback adjacentPackages.pkgsBuildHost;
pkgsBuildTarget = withFallback adjacentPackages.pkgsBuildTarget;
pkgsHostHost = withFallback adjacentPackages.pkgsHostHost;
pkgsHostTarget = self // { recurseForDerivations = false; }; # always `self`
pkgsTargetTarget = withFallback adjacentPackages.pkgsTargetTarget;
# Older names for package sets. Use these when only the host platform of the
# package set matter (i.e. use `buildPackages` where any of `pkgsBuild*`
# would do, and `targetPackages` when any of `pkgsTarget*` would do (if we
# had more than just `pkgsTargetTarget`).)
buildPackages = self.pkgsBuildHost;
pkgs = self.pkgsHostTarget;
targetPackages = self.pkgsTargetTarget;
inherit stdenv;
};
splice = self: super: import ./splice.nix lib self (adjacentPackages != null);
allPackages = self: super:
let res = import ./all-packages.nix
{ inherit lib noSysDirs config overlays; }
res self super;
in res;
aliases = self: super: lib.optionalAttrs config.allowAliases (import ./aliases.nix lib self super);
# stdenvOverrides is used to avoid having multiple of versions
# of certain dependencies that were used in bootstrapping the
# standard environment.
stdenvOverrides = self: super:
(super.stdenv.overrides or (_: _: {})) self super;
# Allow packages to be overridden globally via the `packageOverrides'
# configuration option, which must be a function that takes `pkgs'
# as an argument and returns a set of new or overridden packages.
# The `packageOverrides' function is called with the *original*
# (un-overridden) set of packages, allowing packageOverrides
# attributes to refer to the original attributes (e.g. "foo =
# ... pkgs.foo ...").
configOverrides = self: super:
lib.optionalAttrs allowCustomOverrides
((config.packageOverrides or (super: {})) super);
# Convenience attributes for instantitating package sets. Each of
# these will instantiate a new version of allPackages. Currently the
# following package sets are provided:
#
# - pkgsCross.<system> where system is a member of lib.systems.examples
# - pkgsMusl
# - pkgsi686Linux
otherPackageSets = self: super: {
# This maps each entry in lib.systems.examples to its own package
# set. Each of these will contain all packages cross compiled for
# that target system. For instance, pkgsCross.raspberryPi.hello,
# will refer to the "hello" package built for the ARM6-based
# Raspberry Pi.
pkgsCross = lib.mapAttrs (n: crossSystem:
nixpkgsFun { inherit crossSystem; })
lib.systems.examples;
pkgsLLVM = nixpkgsFun {
overlays = [
(self': super': {
pkgsLLVM = super';
})
] ++ overlays;
# Bootstrap a cross stdenv using the LLVM toolchain.
# This is currently not possible when compiling natively,
# so we don't need to check hostPlatform != buildPlatform.
crossSystem = stdenv.hostPlatform // {
useLLVM = true;
linker = "lld";
};
};
# All packages built with the Musl libc. This will override the
# default GNU libc on Linux systems. Non-Linux systems are not
# supported. 32-bit is also not supported.
pkgsMusl = if stdenv.hostPlatform.isLinux && stdenv.buildPlatform.is64bit then nixpkgsFun {
overlays = [ (self': super': {
pkgsMusl = super';
})] ++ overlays;
${if stdenv.hostPlatform == stdenv.buildPlatform
then "localSystem" else "crossSystem"} = {
parsed = makeMuslParsedPlatform stdenv.hostPlatform.parsed;
};
} else throw "Musl libc only supports 64-bit Linux systems.";
# All packages built for i686 Linux.
# Used by wine, firefox with debugging version of Flash, ...
pkgsi686Linux = if stdenv.hostPlatform.isLinux && stdenv.hostPlatform.isx86 then nixpkgsFun {
overlays = [ (self': super': {
pkgsi686Linux = super';
})] ++ overlays;
${if stdenv.hostPlatform == stdenv.buildPlatform
then "localSystem" else "crossSystem"} = {
parsed = stdenv.hostPlatform.parsed // {
cpu = lib.systems.parse.cpuTypes.i686;
};
};
} else throw "i686 Linux package set can only be used with the x86 family.";
# x86_64-darwin packages for aarch64-darwin users to use with Rosetta for incompatible packages
pkgsx86_64Darwin = if stdenv.hostPlatform.isDarwin then nixpkgsFun {
overlays = [ (self': super': {
pkgsx86_64Darwin = super';
})] ++ overlays;
localSystem = {
parsed = stdenv.hostPlatform.parsed // {
cpu = lib.systems.parse.cpuTypes.x86_64;
};
};
} else throw "x86_64 Darwin package set can only be used on Darwin systems.";
# Extend the package set with zero or more overlays. This preserves
# preexisting overlays. Prefer to initialize with the right overlays
# in one go when calling Nixpkgs, for performance and simplicity.
appendOverlays = extraOverlays:
if extraOverlays == []
then self
else nixpkgsFun { overlays = args.overlays ++ extraOverlays; };
# NOTE: each call to extend causes a full nixpkgs rebuild, adding ~130MB
# of allocations. DO NOT USE THIS IN NIXPKGS.
#
# Extend the package set with a single overlay. This preserves
# preexisting overlays. Prefer to initialize with the right overlays
# in one go when calling Nixpkgs, for performance and simplicity.
# Prefer appendOverlays if used repeatedly.
extend = f: self.appendOverlays [f];
# Fully static packages.
# Currently uses Musl on Linux (couldnt get static glibc to work).
pkgsStatic = nixpkgsFun ({
overlays = [ (self': super': {
pkgsStatic = super';
})] ++ overlays;
crossSystem = {
isStatic = true;
parsed =
if stdenv.isLinux
then makeMuslParsedPlatform stdenv.hostPlatform.parsed
else stdenv.hostPlatform.parsed;
} // lib.optionalAttrs (stdenv.hostPlatform.system == "powerpc64-linux") {
gcc.abi = "elfv2";
};
});
pkgsExtraHardening = nixpkgsFun {
overlays = [
(self': super': {
pkgsExtraHardening = super';
stdenv = super'.withDefaultHardeningFlags (
super'.stdenv.cc.defaultHardeningFlags ++ [
"zerocallusedregs"
]
) super'.stdenv;
})
] ++ overlays;
};
};
# The complete chain of package set builders, applied from top to bottom.
# stdenvOverlays must be last as it brings package forward from the
# previous bootstrapping phases which have already been overlayed.
toFix = lib.foldl' (lib.flip lib.extends) (self: {}) ([
stdenvBootstappingAndPlatforms
stdenvAdapters
trivialBuilders
splice
autoCalledPackages
allPackages
otherPackageSets
aliases
configOverrides
] ++ overlays ++ [
stdenvOverrides ]);
in
# Return the complete set of packages.
lib.fix toFix