From 4e9f7bbf8573d07f7b0c87d97c026cd4aad5a758 Mon Sep 17 00:00:00 2001 From: zowoq <59103226+zowoq@users.noreply.github.com> Date: Thu, 29 Oct 2020 13:27:20 +1000 Subject: [PATCH] buildGo{Package,Module}: set trimpath in GOFLAGS Also drop removeReferencesTo `-trimpath` removes all file system paths from the compiled executable, this should improve reproducibility. --- pkgs/development/go-modules/generic/default.nix | 14 +++----------- pkgs/development/go-packages/generic/default.nix | 13 +++---------- 2 files changed, 6 insertions(+), 21 deletions(-) diff --git a/pkgs/development/go-modules/generic/default.nix b/pkgs/development/go-modules/generic/default.nix index 7180ab7bf967..3714a1f6f0fb 100644 --- a/pkgs/development/go-modules/generic/default.nix +++ b/pkgs/development/go-modules/generic/default.nix @@ -1,4 +1,4 @@ -{ go, cacert, git, lib, removeReferencesTo, stdenv, vend }: +{ go, cacert, git, lib, stdenv, vend }: { name ? "${args'.pname}-${args'.version}" , src @@ -43,10 +43,6 @@ with builtins; let args = removeAttrs args' [ "overrideModAttrs" "vendorSha256" "disabled" ]; - removeReferences = [ ] ++ lib.optional (!allowGoReference) go; - - removeExpr = refs: ''remove-references-to ${lib.concatMapStrings (ref: " -t ${ref}") refs}''; - go-modules = if vendorSha256 != null then go.stdenv.mkDerivation (let modArgs = { name = "${name}-go-modules"; @@ -121,12 +117,12 @@ let ) // overrideModAttrs modArgs) else ""; package = go.stdenv.mkDerivation (args // { - nativeBuildInputs = [ removeReferencesTo go ] ++ nativeBuildInputs; + nativeBuildInputs = [ go ] ++ nativeBuildInputs; inherit (go) GOOS GOARCH; GO111MODULE = "on"; - GOFLAGS = "-mod=vendor"; + GOFLAGS = [ "-mod=vendor" ] ++ lib.optionals (!allowGoReference) [ "-trimpath" ]; configurePhase = args.configurePhase or '' runHook preConfigure @@ -229,10 +225,6 @@ let runHook postInstall ''; - preFixup = (args.preFixup or "") + '' - find $out/{bin,libexec,lib} -type f 2>/dev/null | xargs -r ${removeExpr removeReferences} || true - ''; - strictDeps = true; disallowedReferences = lib.optional (!allowGoReference) go; diff --git a/pkgs/development/go-packages/generic/default.nix b/pkgs/development/go-packages/generic/default.nix index 5c54e04652f7..ab8ee9166f98 100644 --- a/pkgs/development/go-packages/generic/default.nix +++ b/pkgs/development/go-packages/generic/default.nix @@ -1,5 +1,5 @@ { go, govers, lib, fetchgit, fetchhg, fetchbzr, rsync -, removeReferencesTo, fetchFromGitHub, stdenv }: +, fetchFromGitHub, stdenv }: { buildInputs ? [] , nativeBuildInputs ? [] @@ -44,10 +44,6 @@ with builtins; let - removeReferences = [ ] ++ lib.optional (!allowGoReference) go; - - removeExpr = refs: ''remove-references-to ${lib.concatMapStrings (ref: " -t ${ref}") refs}''; - dep2src = goDep: { inherit (goDep) goPackagePath; @@ -78,7 +74,7 @@ let package = stdenv.mkDerivation ( (builtins.removeAttrs args [ "goPackageAliases" "disabled" "extraSrcs"]) // { - nativeBuildInputs = [ removeReferencesTo go ] + nativeBuildInputs = [ go ] ++ (lib.optional (!dontRenameImports) govers) ++ nativeBuildInputs; buildInputs = buildInputs; @@ -88,6 +84,7 @@ let GOHOSTOS = go.GOHOSTOS or null; GO111MODULE = "off"; + GOFLAGS = lib.optionals (!allowGoReference) [ "-trimpath" ]; GOARM = toString (stdenv.lib.intersectLists [(stdenv.hostPlatform.parsed.cpu.version or "")] ["5" "6" "7"]); @@ -225,10 +222,6 @@ let runHook postInstall ''; - preFixup = preFixup + '' - find $out/{bin,libexec,lib} -type f 2>/dev/null | xargs -r ${removeExpr removeReferences} || true - ''; - strictDeps = true; shellHook = ''