* Reject inputs outside of the store in ld if NIX_ENFORCE_PURITY is

set.
* Various bug fixes.

svn path=/nixpkgs/trunk/; revision=824
This commit is contained in:
Eelco Dolstra 2004-03-09 17:08:41 +00:00
parent d74192ee38
commit b8b4f9ce4b
5 changed files with 91 additions and 30 deletions

View File

@ -2,15 +2,32 @@
. $stdenv/setup
if test -z "$isNative"; then
cflagsCompile="-B$out/bin -B$glibc/lib -isystem $glibc/include"
ldflags="-L$glibc/lib -L$gcc/lib " \
"-dynamic-linker $glibc/lib/ld-linux.so.2" \
"-rpath $glibc/lib -rpath $gcc/lib"
else
# Force gcc to use ld-wrapper.sh when calling ld.
cflagsCompile="-B$out/bin"
if test -n "$glibc"; then
# The "-B$glibc/lib" flag is a quick hack to force gcc to link
# against the crt1.o from our own glibc, rather than the one in
# /usr/lib. The real solution is of course to prevent those paths
# from being used by gcc in the first place.
cflagsCompile="$cflagsCompile -B$glibc/lib -isystem $glibc/include"
ldflags="$ldflags -L$glibc/lib -rpath $glibc/lib -dynamic-linker $glibc/lib/ld-linux.so.2"
fi
if test -n "$gcc"; then
ldflags="$ldflags -L$gcc/lib -rpath $gcc/lib"
fi
if test -n "$isNative"; then
gccPath="$nativePrefix/bin"
ldPath="$nativePrefix/bin"
else
gccPath="$gcc/bin"
ldPath="$binutils/bin"
fi
mkdir $out
mkdir $out/bin
@ -25,39 +42,43 @@ mkGccWrapper () {
fi
sed \
-e "s^@cflagsCompile@^$cflagsCompile^g" \
-e "s^@cflagsLink@^$cflagsLink^g" \
-e "s^@ldflags@^$ldflags^g" \
-e "s^@gcc@^$src^g" \
-e "s^@out@^$out^g" \
< $gccWrapper > $dst
chmod +x $dst
}
mkGccWrapper $out/bin/gcc $gcc/bin/gcc
mkGccWrapper $out/bin/gcc $gccPath/gcc
ln -s gcc $out/bin/cc
mkGccWrapper $out/bin/g++ $gcc/bin/g++
mkGccWrapper $out/bin/g++ $gccPath/g++
ln -s g++ $out/bin/c++
mkGccWrapper $out/bin/g77 $gcc/bin/g77
mkGccWrapper $out/bin/g77 $gccPath/g77
ln -s g77 $out/bin/f77
sed \
-e "s^@ldflags@^$ldflags^g" \
-e "s^@ld@^$gcc/bin/ld^g" \
-e "s^@ld@^$ldPath/ld^g" \
< $ldWrapper > $out/bin/ld
chmod +x $out/bin/ld
mkdir $out/nix-support
test -z "$isNative" && echo $gcc > $out/nix-support/orig-gcc
test -z "$isNative" && echo $glibc > $out/nix-support/orig-glibc
test -z "$gcc" && echo $gcc > $out/nix-support/orig-gcc
test -n "$glibc" && echo $glibc > $out/nix-support/orig-glibc
cat > $out/nix-support/add-flags <<EOF
NIX_CFLAGS_COMPILE="$cflagsCompile \$NIX_CFLAGS_COMPILE"
NIX_CFLAGS_LINK="$cflagsLink \$NIX_CFLAGS_LINK"
NIX_LDFLAGS="$ldflags \$NIX_LDFLAGS"
EOF
sed \
-e "s^@isNative@^$isNative^g" \
-e "s^@enforcePurity@^$enforcePurity^g" \
-e "s^@gcc@^$gcc^g" \
-e "s^@binutils@^$binutils^g" \
-e "s^@glibc@^$glibc^g" \
< $setupHook > $out/nix-support/setup-hook

View File

@ -5,9 +5,10 @@
# derivation provides a wrapper that sets up the right environment
# variables so that the compiler and the linker just "work".
{name, stdenv, isNative, gcc ? null, glibc ? null, binutils ? null}:
{ name, stdenv, isNative, nativePrefix ? ""
, gcc ? null, glibc ? null, binutils ? null}:
assert isNative -> gcc != "";
assert isNative -> nativePrefix != "";
assert !isNative -> gcc != null && glibc != null && binutils != null;
derivation {
@ -16,8 +17,8 @@ derivation {
setupHook = ./setup-hook.sh;
gccWrapper = ./gcc-wrapper.sh;
ldWrapper = ./ld-wrapper.sh;
inherit name stdenv isNative gcc glibc binutils;
enforcePurity = if isNative then false else gcc.noSysDirs;
inherit name stdenv isNative nativePrefix gcc glibc binutils;
enforcePurity = if isNative then false else gcc.enforcePurity;
langC = if isNative then true else gcc.langC;
langCC = if isNative then true else gcc.langCC;
langF77 = if isNative then false else gcc.langF77;

View File

@ -5,16 +5,14 @@ if test -n "$NIX_GCC_WRAPPER_START_HOOK"; then
fi
if test -z "$NIX_GLIBC_FLAGS_SET"; then
NIX_CFLAGS_COMPILE="@cflagsCompile@ $NIX_CFLAGS_COMPILE"
NIX_CFLAGS_LINK="@cflagsLink@ $NIX_CFLAGS_LINK"
NIX_LDFLAGS="@ldflags@ $NIX_LDFLAGS"
. @out@/nix-support/add-flags
fi
# Figure out if linker flags should be passed. GCC prints annoying
# warnings when they are not needed.
dontLink=0
if test "$*" = "-v"; then
if test "$*" = "-v" -o -z "$*"; then
dontLink=1
else
for i in "$@"; do

View File

@ -4,6 +4,37 @@ if test -n "$NIX_LD_WRAPPER_START_HOOK"; then
. "$NIX_LD_WRAPPER_START_HOOK"
fi
# Optionally filter out paths not refering to the store.
skip () {
if test "$NIX_DEBUG" = "1"; then
echo "skipping impure path $1" >&2
fi
}
params=("$@")
if test "$NIX_ENFORCE_PURITY" = "1" -a -n "$NIX_STORE"; then
rest=()
n=0
while test $n -lt ${#params[*]}; do
p=${params[n]}
p2=${params[$((n+1))]}
if test "${p:0:3}" = "-L/" -a "${p:2:${#NIX_STORE}}" != "$NIX_STORE"; then
skip $p
elif test "$p" = "-L" -a "${p2:0:${#NIX_STORE}}" != "$NIX_STORE"; then
n=$((n + 1)); skip $p2
elif test "${p:0:1}" = "/" -a "${p:0:${#NIX_STORE}}" != "$NIX_STORE"; then
# We cannot skip this; barf.
echo "impure path \`$p' used in link"
exit 1
else
rest=("${rest[@]}" "$p")
fi
n=$((n + 1))
done
params=("${rest[@]}")
fi
extra=()
if test -z "$NIX_LDFLAGS_SET"; then
@ -12,7 +43,7 @@ fi
if test "$NIX_DEBUG" = "1"; then
echo "original flags to @ld@:" >&2
for i in "$@"; do
for i in "${params[@]}"; do
echo " $i" >&2
done
echo "extra flags to @ld@:" >&2
@ -25,4 +56,4 @@ if test -n "$NIX_LD_WRAPPER_EXEC_HOOK"; then
. "$NIX_LD_WRAPPER_EXEC_HOOK"
fi
exec @ld@ "$@" ${extra[@]}
exec @ld@ "${params[@]}" ${extra[@]}

View File

@ -11,8 +11,18 @@ addCVars () {
envHooks=(${envHooks[@]} addCVars)
export NIX_IS_NATIVE=@isNative@
if test -z "$NIX_IS_NATIVE"; then
PATH=$PATH:@gcc@/bin:@glibc@/bin
export NIX_ENFORCE_PURITY=@enforcePurity@
# Note: these come *after* $out in the PATH (see setup.sh).
if test -n "@gcc@"; then
PATH=$PATH:@gcc@/bin
fi
export NIX_ENFORCE_PURITY=@enforcePurity@
if test -n "@binutils@"; then
PATH=$PATH:@binutils@/bin
fi
if test -n "@glibc@"; then
PATH=$PATH:@glibc@/bin
fi