f82063ed20
This is the first step to getting a sandboxable nixpkgs
381 lines
13 KiB
Nix
381 lines
13 KiB
Nix
{ lib
|
|
, localSystem, crossSystem, config, overlays
|
|
|
|
# Allow passing in bootstrap files directly so we can test the stdenv bootstrap process when changing the bootstrap tools
|
|
, bootstrapFiles ? let
|
|
fetch = { file, sha256, executable ? true }: import <nix/fetchurl.nix> {
|
|
url = "http://tarballs.nixos.org/stdenv-darwin/x86_64/d5bdfcbfe6346761a332918a267e82799ec954d2/${file}";
|
|
inherit (localSystem) system;
|
|
inherit sha256 executable;
|
|
}; in {
|
|
sh = fetch { file = "sh"; sha256 = "07wm33f1yzfpcd3rh42f8g096k4cvv7g65p968j28agzmm2s7s8m"; };
|
|
bzip2 = fetch { file = "bzip2"; sha256 = "0y9ri2aprkrp2dkzm6229l0mw4rxr2jy7vvh3d8mxv2698v2kdbm"; };
|
|
mkdir = fetch { file = "mkdir"; sha256 = "0sb07xpy66ws6f2jfnpjibyimzb71al8n8c6y4nr8h50al3g90nr"; };
|
|
cpio = fetch { file = "cpio"; sha256 = "0r5c54hg678w7zydx27bzl9p3v9fs25y5ix6vdfi1ilqim7xh65n"; };
|
|
tarball = fetch { file = "bootstrap-tools.cpio.bz2"; sha256 = "18hp5w6klr8g307ap4368r255qpzg9r0vwg9vqvj8f2zy1xilcjf"; executable = false; };
|
|
}
|
|
}:
|
|
|
|
assert crossSystem == null;
|
|
|
|
let
|
|
inherit (localSystem) system platform;
|
|
|
|
libSystemProfile = ''
|
|
(import "${./standard-sandbox.sb}")
|
|
'';
|
|
in rec {
|
|
commonPreHook = ''
|
|
export NIX_ENFORCE_PURITY="''${NIX_ENFORCE_PURITY-1}"
|
|
export NIX_ENFORCE_NO_NATIVE="''${NIX_ENFORCE_NO_NATIVE-1}"
|
|
export NIX_IGNORE_LD_THROUGH_GCC=1
|
|
stripAllFlags=" " # the Darwin "strip" command doesn't know "-s"
|
|
export MACOSX_DEPLOYMENT_TARGET=10.10
|
|
export SDKROOT=
|
|
export CMAKE_OSX_ARCHITECTURES=x86_64
|
|
# Workaround for https://openradar.appspot.com/22671534 on 10.11.
|
|
export gl_cv_func_getcwd_abort_bug=no
|
|
'';
|
|
|
|
# The one dependency of /bin/sh :(
|
|
binShClosure = ''
|
|
(allow file-read* (literal "/usr/lib/libncurses.5.4.dylib"))
|
|
'';
|
|
|
|
bootstrapTools = derivation rec {
|
|
inherit system;
|
|
|
|
name = "bootstrap-tools";
|
|
builder = bootstrapFiles.sh; # Not a filename! Attribute 'sh' on bootstrapFiles
|
|
args = [ ./unpack-bootstrap-tools.sh ];
|
|
|
|
inherit (bootstrapFiles) mkdir bzip2 cpio tarball;
|
|
reexportedLibrariesFile =
|
|
../../os-specific/darwin/apple-source-releases/Libsystem/reexported_libraries;
|
|
|
|
__sandboxProfile = binShClosure + libSystemProfile;
|
|
};
|
|
|
|
stageFun = step: last: {shell ? "${bootstrapTools}/bin/bash",
|
|
overrides ? (self: super: {}),
|
|
extraPreHook ? "",
|
|
extraNativeBuildInputs,
|
|
extraBuildInputs,
|
|
allowedRequisites ? null}:
|
|
let
|
|
thisStdenv = import ../generic {
|
|
inherit config shell extraNativeBuildInputs extraBuildInputs;
|
|
allowedRequisites = if allowedRequisites == null then null else allowedRequisites ++ [
|
|
thisStdenv.cc.expand-response-params
|
|
];
|
|
|
|
name = "stdenv-darwin-boot-${toString step}";
|
|
|
|
buildPlatform = localSystem;
|
|
hostPlatform = localSystem;
|
|
targetPlatform = localSystem;
|
|
|
|
cc = if isNull last then "/dev/null" else import ../../build-support/cc-wrapper {
|
|
inherit shell;
|
|
inherit (last) stdenvNoCC;
|
|
|
|
nativeTools = false;
|
|
nativeLibc = false;
|
|
buildPackages = lib.optionalAttrs (last ? stdenv) {
|
|
inherit (last) stdenv;
|
|
};
|
|
libc = last.pkgs.darwin.Libsystem;
|
|
isClang = true;
|
|
cc = { name = "clang-9.9.9"; outPath = bootstrapTools; };
|
|
binutils = { name = "binutils-9.9.9"; outPath = bootstrapTools; };
|
|
coreutils = { name = "coreutils-9.9.9"; outPath = bootstrapTools; };
|
|
gnugrep = { name = "gnugrep-9.9.9"; outPath = bootstrapTools; };
|
|
};
|
|
|
|
preHook = stage0.stdenv.lib.optionalString (shell == "${bootstrapTools}/bin/bash") ''
|
|
# Don't patch #!/interpreter because it leads to retained
|
|
# dependencies on the bootstrapTools in the final stdenv.
|
|
dontPatchShebangs=1
|
|
'' + ''
|
|
${commonPreHook}
|
|
${extraPreHook}
|
|
'';
|
|
initialPath = [ bootstrapTools ];
|
|
|
|
fetchurlBoot = import ../../build-support/fetchurl {
|
|
stdenv = stage0.stdenv;
|
|
curl = bootstrapTools;
|
|
};
|
|
|
|
# The stdenvs themselves don't use mkDerivation, so I need to specify this here
|
|
stdenvSandboxProfile = binShClosure + libSystemProfile;
|
|
extraSandboxProfile = binShClosure + libSystemProfile;
|
|
|
|
extraAttrs = {
|
|
inherit platform;
|
|
parent = last;
|
|
|
|
# This is used all over the place so I figured I'd just leave it here for now
|
|
secure-format-patch = ./darwin-secure-format.patch;
|
|
};
|
|
overrides = self: super: (overrides self super) // { fetchurl = thisStdenv.fetchurlBoot; };
|
|
};
|
|
|
|
in {
|
|
inherit config overlays;
|
|
stdenv = thisStdenv;
|
|
};
|
|
|
|
stage0 = stageFun 0 null {
|
|
overrides = self: super: with stage0; rec {
|
|
darwin = super.darwin // {
|
|
Libsystem = stdenv.mkDerivation {
|
|
name = "bootstrap-Libsystem";
|
|
buildCommand = ''
|
|
mkdir -p $out
|
|
ln -s ${bootstrapTools}/lib $out/lib
|
|
ln -s ${bootstrapTools}/include-Libsystem $out/include
|
|
'';
|
|
};
|
|
dyld = bootstrapTools;
|
|
};
|
|
|
|
libcxx = stdenv.mkDerivation {
|
|
name = "bootstrap-libcxx";
|
|
phases = [ "installPhase" "fixupPhase" ];
|
|
installPhase = ''
|
|
mkdir -p $out/lib $out/include
|
|
ln -s ${bootstrapTools}/lib/libc++.dylib $out/lib/libc++.dylib
|
|
ln -s ${bootstrapTools}/include/c++ $out/include/c++
|
|
'';
|
|
linkCxxAbi = false;
|
|
setupHook = ../../development/compilers/llvm/3.9/libc++/setup-hook.sh;
|
|
};
|
|
|
|
libcxxabi = stdenv.mkDerivation {
|
|
name = "bootstrap-libcxxabi";
|
|
buildCommand = ''
|
|
mkdir -p $out/lib
|
|
ln -s ${bootstrapTools}/lib/libc++abi.dylib $out/lib/libc++abi.dylib
|
|
'';
|
|
};
|
|
|
|
};
|
|
|
|
extraNativeBuildInputs = [];
|
|
extraBuildInputs = [];
|
|
};
|
|
|
|
stage1 = prevStage: let
|
|
persistent = _: _: {};
|
|
in with prevStage; stageFun 1 prevStage {
|
|
extraPreHook = "export NIX_CFLAGS_COMPILE+=\" -F${bootstrapTools}/Library/Frameworks\"";
|
|
extraNativeBuildInputs = [];
|
|
extraBuildInputs = [ pkgs.libcxx ];
|
|
|
|
allowedRequisites =
|
|
[ bootstrapTools ] ++ (with pkgs; [ libcxx libcxxabi ]) ++ [ pkgs.darwin.Libsystem ];
|
|
|
|
overrides = persistent;
|
|
};
|
|
|
|
stage2 = prevStage: let
|
|
persistent = self: super: with prevStage; {
|
|
inherit
|
|
zlib patchutils m4 scons flex perl bison unifdef unzip openssl python
|
|
libxml2 gettext sharutils gmp libarchive ncurses pkg-config libedit groff
|
|
openssh sqlite sed serf openldap db cyrus-sasl expat apr-util subversion xz
|
|
findfreetype libssh curl cmake autoconf automake libtool ed cpio coreutils;
|
|
|
|
darwin = super.darwin // {
|
|
inherit (darwin)
|
|
dyld Libsystem xnu configd ICU libdispatch libclosure launchd;
|
|
};
|
|
};
|
|
in with prevStage; stageFun 2 prevStage {
|
|
extraPreHook = ''
|
|
export PATH_LOCALE=${pkgs.darwin.locale}/share/locale
|
|
'';
|
|
|
|
extraNativeBuildInputs = [ pkgs.xz ];
|
|
extraBuildInputs = with pkgs; [ darwin.CF libcxx ];
|
|
|
|
allowedRequisites =
|
|
[ bootstrapTools ] ++
|
|
(with pkgs; [ xz.bin xz.out libcxx libcxxabi ]) ++
|
|
(with pkgs.darwin; [ dyld Libsystem CF ICU locale ]);
|
|
|
|
overrides = persistent;
|
|
};
|
|
|
|
stage3 = prevStage: let
|
|
persistent = self: super: with prevStage; {
|
|
inherit
|
|
patchutils m4 scons flex perl bison unifdef unzip openssl python
|
|
gettext sharutils libarchive pkg-config groff bash subversion
|
|
openssh sqlite sed serf openldap db cyrus-sasl expat apr-util
|
|
findfreetype libssh curl cmake autoconf automake libtool cpio
|
|
libcxx libcxxabi;
|
|
|
|
darwin = super.darwin // {
|
|
inherit (darwin)
|
|
dyld Libsystem xnu configd libdispatch libclosure launchd libiconv locale;
|
|
};
|
|
};
|
|
in with prevStage; stageFun 3 prevStage {
|
|
shell = "${pkgs.bash}/bin/bash";
|
|
|
|
# We have a valid shell here (this one has no bootstrap-tools runtime deps) so stageFun
|
|
# enables patchShebangs above. Unfortunately, patchShebangs ignores our $SHELL setting
|
|
# and instead goes by $PATH, which happens to contain bootstrapTools. So it goes and
|
|
# patches our shebangs back to point at bootstrapTools. This makes sure bash comes first.
|
|
extraNativeBuildInputs = with pkgs; [ xz pkgs.bash ];
|
|
extraBuildInputs = with pkgs; [ darwin.CF libcxx ];
|
|
|
|
extraPreHook = ''
|
|
export PATH=${pkgs.bash}/bin:$PATH
|
|
export PATH_LOCALE=${pkgs.darwin.locale}/share/locale
|
|
'';
|
|
|
|
allowedRequisites =
|
|
[ bootstrapTools ] ++
|
|
(with pkgs; [ xz.bin xz.out bash libcxx libcxxabi ]) ++
|
|
(with pkgs.darwin; [ dyld ICU Libsystem locale ]);
|
|
|
|
overrides = persistent;
|
|
};
|
|
|
|
stage4 = prevStage: let
|
|
persistent = self: super: with prevStage; {
|
|
inherit
|
|
gnumake gzip gnused bzip2 gawk ed xz patch bash
|
|
libcxxabi libcxx ncurses libffi zlib gmp pcre gnugrep
|
|
coreutils findutils diffutils patchutils;
|
|
|
|
llvmPackages = let llvmOverride = llvmPackages.llvm.override { inherit libcxxabi; };
|
|
in super.llvmPackages // {
|
|
llvm = llvmOverride;
|
|
clang-unwrapped = llvmPackages.clang-unwrapped.override { llvm = llvmOverride; };
|
|
};
|
|
|
|
darwin = super.darwin // {
|
|
inherit (darwin) dyld Libsystem libiconv locale;
|
|
};
|
|
};
|
|
in with prevStage; stageFun 4 prevStage {
|
|
shell = "${pkgs.bash}/bin/bash";
|
|
extraNativeBuildInputs = with pkgs; [ xz pkgs.bash ];
|
|
extraBuildInputs = with pkgs; [ darwin.CF libcxx ];
|
|
extraPreHook = ''
|
|
export PATH_LOCALE=${pkgs.darwin.locale}/share/locale
|
|
'';
|
|
overrides = self: super: (persistent self super) // {
|
|
# Hack to make sure we don't link ncurses in bootstrap tools. The proper
|
|
# solution is to avoid passing -L/nix-store/...-bootstrap-tools/lib,
|
|
# quite a sledgehammer just to get the C runtime.
|
|
gettext = super.gettext.overrideAttrs (old: {
|
|
configureFlags = old.configureFlags ++ [
|
|
"--disable-curses"
|
|
];
|
|
});
|
|
};
|
|
};
|
|
|
|
stdenvDarwin = prevStage: let
|
|
pkgs = prevStage;
|
|
persistent = self: super: with prevStage; {
|
|
inherit
|
|
gnumake gzip gnused bzip2 gawk ed xz patch bash
|
|
libcxxabi libcxx ncurses libffi zlib llvm gmp pcre gnugrep
|
|
coreutils findutils diffutils patchutils;
|
|
|
|
llvmPackages = super.llvmPackages // {
|
|
inherit (llvmPackages) llvm clang-unwrapped;
|
|
};
|
|
|
|
darwin = super.darwin // {
|
|
inherit (darwin) dyld ICU Libsystem libiconv;
|
|
} // lib.optionalAttrs (super.targetPlatform == localSystem) {
|
|
inherit (darwin) cctools;
|
|
};
|
|
} // lib.optionalAttrs (super.targetPlatform == localSystem) {
|
|
# Need to get rid of these when cross-compiling.
|
|
inherit binutils binutils-raw;
|
|
};
|
|
in import ../generic rec {
|
|
inherit config;
|
|
inherit (pkgs.stdenv) fetchurlBoot;
|
|
|
|
name = "stdenv-darwin";
|
|
|
|
buildPlatform = localSystem;
|
|
hostPlatform = localSystem;
|
|
targetPlatform = localSystem;
|
|
|
|
preHook = commonPreHook + ''
|
|
export NIX_COREFOUNDATION_RPATH=${pkgs.darwin.CF}/Library/Frameworks
|
|
export PATH_LOCALE=${pkgs.darwin.locale}/share/locale
|
|
'';
|
|
|
|
stdenvSandboxProfile = binShClosure + libSystemProfile;
|
|
extraSandboxProfile = binShClosure + libSystemProfile;
|
|
|
|
initialPath = import ../common-path.nix { inherit pkgs; };
|
|
shell = "${pkgs.bash}/bin/bash";
|
|
|
|
cc = lib.callPackageWith {} ../../build-support/cc-wrapper {
|
|
inherit (pkgs) stdenvNoCC;
|
|
inherit shell;
|
|
nativeTools = false;
|
|
nativeLibc = false;
|
|
buildPackages = {
|
|
inherit (prevStage) stdenv;
|
|
};
|
|
inherit (pkgs) coreutils binutils gnugrep;
|
|
cc = pkgs.llvmPackages.clang-unwrapped;
|
|
libc = pkgs.darwin.Libsystem;
|
|
};
|
|
|
|
extraNativeBuildInputs = [];
|
|
extraBuildInputs = with pkgs; [ darwin.CF libcxx ];
|
|
|
|
extraAttrs = {
|
|
inherit platform bootstrapTools;
|
|
libc = pkgs.darwin.Libsystem;
|
|
shellPackage = pkgs.bash;
|
|
|
|
# This is used all over the place so I figured I'd just leave it here for now
|
|
secure-format-patch = ./darwin-secure-format.patch;
|
|
};
|
|
|
|
allowedRequisites = (with pkgs; [
|
|
xz.out xz.bin libcxx libcxxabi gmp.out gnumake findutils bzip2.out
|
|
bzip2.bin llvmPackages.llvm llvmPackages.llvm.lib zlib.out zlib.dev libffi.out coreutils ed diffutils gnutar
|
|
gzip ncurses.out ncurses.dev ncurses.man gnused bash gawk
|
|
gnugrep llvmPackages.clang-unwrapped patch pcre.out binutils-raw.out
|
|
binutils-raw.dev binutils gettext
|
|
cc.expand-response-params
|
|
]) ++ (with pkgs.darwin; [
|
|
dyld Libsystem CF cctools ICU libiconv locale
|
|
]);
|
|
|
|
overrides = self: super:
|
|
let persistent' = persistent self super; in persistent' // {
|
|
clang = cc;
|
|
llvmPackages = persistent'.llvmPackages // { clang = cc; };
|
|
inherit cc;
|
|
};
|
|
};
|
|
|
|
stagesDarwin = [
|
|
({}: stage0)
|
|
stage1
|
|
stage2
|
|
stage3
|
|
stage4
|
|
(prevStage: {
|
|
inherit config overlays;
|
|
stdenv = stdenvDarwin prevStage;
|
|
})
|
|
];
|
|
}
|