nixpkgs/pkgs/development/compilers/llvm/8/llvm.nix
Anders Kaseorg 3cd8ce3bce treewide: Fix unsafe concatenation of $LD_LIBRARY_PATH
Naive concatenation of $LD_LIBRARY_PATH can result in an empty
colon-delimited segment; this tells glibc to load libraries from the
current directory, which is definitely wrong, and may be a security
vulnerability if the current directory is untrusted.  (See #67234, for
example.)  Fix this throughout the tree.

Signed-off-by: Anders Kaseorg <andersk@mit.edu>
2020-01-15 09:47:03 +01:00

174 lines
5.3 KiB
Nix

{ stdenv
, fetch
, cmake
, python3
, libffi
, libbfd
, libpfm
, libxml2
, ncurses
, version
, release_version
, zlib
, buildPackages
, debugVersion ? false
, enableManpages ? false
, enableSharedLibraries ? true
, enablePFM ? !(stdenv.isDarwin
|| stdenv.isAarch64 # broken for Ampere eMAG 8180 (c2.large.arm on Packet) #56245
)
, enablePolly ? false
}:
let
inherit (stdenv.lib) optional optionals optionalString;
# Used when creating a version-suffixed symlink of libLLVM.dylib
shortVersion = with stdenv.lib;
concatStringsSep "." (take 1 (splitVersion release_version));
in stdenv.mkDerivation ({
pname = "llvm";
inherit version;
src = fetch "llvm" "1rvm5gqp5v8hfn17kqws3zhk94w4kxndal12bqa0y57p09nply24";
polly_src = fetch "polly" "1lfjdz3ilj5xmjxvicd8f5ykybks67ry2pdb777352r3mzlgg8g8";
unpackPhase = ''
unpackFile $src
mv llvm-${version}* llvm
sourceRoot=$PWD/llvm
'' + optionalString enablePolly ''
unpackFile $polly_src
mv polly-* $sourceRoot/tools/polly
'';
outputs = [ "out" "python" ]
++ optional enableSharedLibraries "lib";
nativeBuildInputs = [ cmake python3 ]
++ optionals enableManpages [ python3.pkgs.sphinx python3.pkgs.recommonmark ];
buildInputs = [ libxml2 libffi ]
++ optional enablePFM libpfm; # exegesis
propagatedBuildInputs = [ ncurses zlib ];
postPatch = optionalString stdenv.isDarwin ''
substituteInPlace cmake/modules/AddLLVM.cmake \
--replace 'set(_install_name_dir INSTALL_NAME_DIR "@rpath")' "set(_install_name_dir)" \
--replace 'set(_install_rpath "@loader_path/../lib" ''${extra_libdir})' ""
''
# Patch llvm-config to return correct library path based on --link-{shared,static}.
+ optionalString (enableSharedLibraries) ''
substitute '${./llvm-outputs.patch}' ./llvm-outputs.patch --subst-var lib
patch -p1 < ./llvm-outputs.patch
'' + ''
# FileSystem permissions tests fail with various special bits
substituteInPlace unittests/Support/CMakeLists.txt \
--replace "Path.cpp" ""
rm unittests/Support/Path.cpp
'' + optionalString stdenv.hostPlatform.isMusl ''
patch -p1 -i ${../TLI-musl.patch}
substituteInPlace unittests/Support/CMakeLists.txt \
--replace "add_subdirectory(DynamicLibrary)" ""
rm unittests/Support/DynamicLibrary/DynamicLibraryTest.cpp
# valgrind unhappy with musl or glibc, but fails w/musl only
rm test/CodeGen/AArch64/wineh4.mir
'' + ''
patchShebangs test/BugPoint/compile-custom.ll.py
'';
# hacky fix: created binaries need to be run before installation
preBuild = ''
mkdir -p $out/
ln -sv $PWD/lib $out
'';
cmakeFlags = with stdenv; [
"-DCMAKE_BUILD_TYPE=${if debugVersion then "Debug" else "Release"}"
"-DLLVM_INSTALL_UTILS=ON" # Needed by rustc
"-DLLVM_BUILD_TESTS=ON"
"-DLLVM_ENABLE_FFI=ON"
"-DLLVM_ENABLE_RTTI=ON"
"-DLLVM_HOST_TRIPLE=${stdenv.hostPlatform.config}"
"-DLLVM_DEFAULT_TARGET_TRIPLE=${stdenv.hostPlatform.config}"
"-DLLVM_ENABLE_DUMP=ON"
] ++ optionals enableSharedLibraries [
"-DLLVM_LINK_LLVM_DYLIB=ON"
] ++ optionals enableManpages [
"-DLLVM_BUILD_DOCS=ON"
"-DLLVM_ENABLE_SPHINX=ON"
"-DSPHINX_OUTPUT_MAN=ON"
"-DSPHINX_OUTPUT_HTML=OFF"
"-DSPHINX_WARNINGS_AS_ERRORS=OFF"
] ++ optionals (!isDarwin) [
"-DLLVM_BINUTILS_INCDIR=${libbfd.dev}/include"
] ++ optionals (isDarwin) [
"-DLLVM_ENABLE_LIBCXX=ON"
"-DCAN_TARGET_i386=false"
] ++ optionals (stdenv.hostPlatform != stdenv.buildPlatform) [
"-DCMAKE_CROSSCOMPILING=True"
"-DLLVM_TABLEGEN=${buildPackages.llvm_8}/bin/llvm-tblgen"
];
postBuild = ''
rm -fR $out
'';
preCheck = ''
export LD_LIBRARY_PATH=$LD_LIBRARY_PATH''${LD_LIBRARY_PATH:+:}$PWD/lib
'';
postInstall = ''
mkdir -p $python/share
mv $out/share/opt-viewer $python/share/opt-viewer
''
+ optionalString enableSharedLibraries ''
moveToOutput "lib/libLLVM-*" "$lib"
moveToOutput "lib/libLLVM${stdenv.hostPlatform.extensions.sharedLibrary}" "$lib"
substituteInPlace "$out/lib/cmake/llvm/LLVMExports-${if debugVersion then "debug" else "release"}.cmake" \
--replace "\''${_IMPORT_PREFIX}/lib/libLLVM-" "$lib/lib/libLLVM-"
''
+ optionalString (stdenv.isDarwin && enableSharedLibraries) ''
substituteInPlace "$out/lib/cmake/llvm/LLVMExports-${if debugVersion then "debug" else "release"}.cmake" \
--replace "\''${_IMPORT_PREFIX}/lib/libLLVM.dylib" "$lib/lib/libLLVM.dylib"
ln -s $lib/lib/libLLVM.dylib $lib/lib/libLLVM-${shortVersion}.dylib
ln -s $lib/lib/libLLVM.dylib $lib/lib/libLLVM-${release_version}.dylib
'';
doCheck = stdenv.isLinux && (!stdenv.isx86_32);
checkTarget = "check-all";
enableParallelBuilding = true;
meta = {
description = "Collection of modular and reusable compiler and toolchain technologies";
homepage = http://llvm.org/;
license = stdenv.lib.licenses.ncsa;
maintainers = with stdenv.lib.maintainers; [ lovek323 raskin dtzWill ];
platforms = stdenv.lib.platforms.all;
};
} // stdenv.lib.optionalAttrs enableManpages {
pname = "llvm-manpages";
buildPhase = ''
make docs-llvm-man
'';
propagatedBuildInputs = [];
installPhase = ''
make -C docs install
'';
postPatch = null;
postInstall = null;
outputs = [ "out" ];
doCheck = false;
meta.description = "man pages for LLVM ${version}";
})