stdenv.darwin: bootstrap darwin using updated tools

- update the hashes and tools needed to extract the bootstrap-tools archive
- unify the x64 and aarch64 unpack process
- unpin libxml for python-minimal
This commit is contained in:
annalee 2024-03-20 16:28:21 +00:00
parent fb884172ab
commit f8ad6442d5
No known key found for this signature in database
7 changed files with 55 additions and 172 deletions

View File

@ -23,17 +23,7 @@
, testers
}:
let
# Newer versions fail with minimal python, probably because
# https://gitlab.gnome.org/GNOME/libxml2/-/commit/b706824b612adb2c8255819c9a55e78b52774a3c
# This case is encountered "temporarily" during stdenv bootstrapping on darwin.
# Beware that the old version has known security issues, so the final set shouldn't use it.
oldVer = python.pname == "python3-minimal";
in
assert oldVer -> stdenv.isDarwin; # reduce likelihood of using old libxml2 unintentionally
let
libxml = stdenv.mkDerivation (finalAttrs: rec {
stdenv.mkDerivation (finalAttrs: rec {
pname = "libxml2";
version = "2.12.6";
@ -139,15 +129,4 @@ libxml = stdenv.mkDerivation (finalAttrs: rec {
maintainers = with maintainers; [ eelco jtojnar ];
pkgConfigModules = [ "libxml-2.0" ];
};
});
in
if oldVer then
libxml.overrideAttrs (attrs: rec {
version = "2.10.1";
src = fetchurl {
url = "mirror://gnome/sources/libxml2/${lib.versions.majorMinor version}/libxml2-${version}.tar.xz";
sha256 = "21a9e13cc7c4717a6c36268d0924f92c3f67a1ece6b7ff9d588958a6db9fb9d8";
};
})
else
libxml
})

View File

@ -1,12 +1,22 @@
let
fetch = { file, sha256, executable ? true }: import <nix/fetchurl.nix> {
url = "http://tarballs.nixos.org/stdenv-darwin/aarch64/20acd4c4f14040485f40e55c0a76c186aa8ca4f3/${file}";
inherit sha256 executable;
}; in
# Autogenerated by maintainers/scripts/bootstrap-files/refresh-tarballs.bash as:
# $ ./refresh-tarballs.bash --targets=aarch64-apple-darwin
#
# Metadata:
# - nixpkgs revision: d03ae62edd9402b6ee0471cb1543e1e19585025e
# - hydra build: https://hydra.nixos.org/job/nixpkgs/trunk/stdenvBootstrapTools.aarch64-apple-darwin.build/latest
# - resolved hydra build: https://hydra.nixos.org/build/253789456
# - instantiated derivation: /nix/store/wyviwh9qhjw54vd0y8vlc2nwc012b8gg-stdenv-bootstrap-tools.drv
# - output directory: /nix/store/sxc61dx6sng17lpp2rvv1q2apxj7bvq2-stdenv-bootstrap-tools
# - build time: Thu, 21 Mar 2024 09:34:31 +0000
{
sh = fetch { file = "sh"; sha256 = "17m3xrlbl99j3vm7rzz3ghb47094dyddrbvs2a6jalczvmx7spnj"; };
bzip2 = fetch { file = "bzip2"; sha256 = "1khs8s5klf76plhlvlc1ma838r8pc1qigk9f5bdycwgbn0nx240q"; };
mkdir = fetch { file = "mkdir"; sha256 = "1m9nk90paazl93v43myv2ay68c1arz39pqr7lk5ddbgb177hgg8a"; };
cpio = fetch { file = "cpio"; sha256 = "17pxq61yjjvyd738fy9f392hc9cfzkl612sdr9rxr3v0dgvm8y09"; };
tarball = fetch { file = "bootstrap-tools.cpio.bz2"; sha256 = "1v2332k33akm6mrm4bj749rxnnmc2pkbgcslmd0bbkf76bz2ildy"; executable = false; };
bootstrapTools = import <nix/fetchurl.nix> {
url = "http://tarballs.nixos.org/stdenv/aarch64-apple-darwin/d03ae62edd9402b6ee0471cb1543e1e19585025e/bootstrap-tools.tar.xz";
hash = "sha256-YwQSZvzbOo2wOCncBsnpaco7Zg91UQHElQUweY/axFQ=";
};
unpack = import <nix/fetchurl.nix> {
url = "http://tarballs.nixos.org/stdenv/aarch64-apple-darwin/d03ae62edd9402b6ee0471cb1543e1e19585025e/unpack.nar.xz";
hash = "sha256-2eThRlLWoxdcb5luIUlMn5wZ6rS5cgQSeyoalui5M34=";
name = "unpack";
unpack = true;
};
}

View File

@ -1,12 +1,22 @@
let
fetch = { file, sha256, executable ? true }: import <nix/fetchurl.nix> {
url = "http://tarballs.nixos.org/stdenv-darwin/x86_64/c253216595572930316f2be737dc288a1da22558/${file}";
inherit sha256 executable;
}; in
# Autogenerated by maintainers/scripts/bootstrap-files/refresh-tarballs.bash as:
# $ ./refresh-tarballs.bash --targets=x86_64-apple-darwin
#
# Metadata:
# - nixpkgs revision: d03ae62edd9402b6ee0471cb1543e1e19585025e
# - hydra build: https://hydra.nixos.org/job/nixpkgs/trunk/stdenvBootstrapTools.x86_64-apple-darwin.build/latest
# - resolved hydra build: https://hydra.nixos.org/build/253718221
# - instantiated derivation: /nix/store/jahwrdyh1z3rlphx44zghhjfp4jy1blx-stdenv-bootstrap-tools.drv
# - output directory: /nix/store/z2gdi0ha3w9scbgl3jv6431hd52d4b3j-stdenv-bootstrap-tools
# - build time: Thu, 21 Mar 2024 09:23:11 +0000
{
sh = fetch { file = "sh"; sha256 = "sha256-igMAVEfumFv/LUNTGfNi2nSehgTNIP4Sg+f3L7u6SMA="; };
bzip2 = fetch { file = "bzip2"; sha256 = "sha256-K3rhkJZipudT1Jgh+l41Y/fNsMkrPtiAsNRDha/lpZI="; };
mkdir = fetch { file = "mkdir"; sha256 = "sha256-VddFELwLDJGNADKB1fWwWPBtIAlEUgJv2hXRmC4NEeM="; };
cpio = fetch { file = "cpio"; sha256 = "sha256-SWkwvLaFyV44kLKL2nx720SvcL4ej/p2V/bX3uqAGO0="; };
tarball = fetch { file = "bootstrap-tools.cpio.bz2"; sha256 = "sha256-kRC/bhCmlD4L7KAvJQgcukk7AinkMz4IwmG1rqlh5tA="; executable = false; };
bootstrapTools = import <nix/fetchurl.nix> {
url = "http://tarballs.nixos.org/stdenv/x86_64-apple-darwin/d03ae62edd9402b6ee0471cb1543e1e19585025e/bootstrap-tools.tar.xz";
hash = "sha256-XUSvF96oNQlUubbaqMKIO8svLxYzwZh9JksgAyCRyz0=";
};
unpack = import <nix/fetchurl.nix> {
url = "http://tarballs.nixos.org/stdenv/x86_64-apple-darwin/d03ae62edd9402b6ee0471cb1543e1e19585025e/unpack.nar.xz";
hash = "sha256-9tNU75JhdANoCsRXkzRN6xr8iTmR9bNfuqu/HmUW/BM=";
name = "unpack";
unpack = true;
};
}

View File

@ -52,10 +52,17 @@ let
inherit system;
name = "bootstrap-tools";
builder = bootstrapFiles.sh; # Not a filename! Attribute 'sh' on bootstrapFiles
args = if localSystem.isAarch64 then [ ./unpack-bootstrap-tools-aarch64.sh ] else [ ./unpack-bootstrap-tools.sh ];
builder = "${bootstrapFiles.unpack}/bin/bash";
inherit (bootstrapFiles) mkdir bzip2 cpio tarball;
args = [
"${bootstrapFiles.unpack}/bootstrap-tools-unpack.sh"
bootstrapFiles.bootstrapTools
];
PATH = lib.makeBinPath [
(placeholder "out")
bootstrapFiles.unpack
];
__impureHostDeps = commonImpureHostDeps;
} // lib.optionalAttrs config.contentAddressedByDefault {
@ -223,20 +230,10 @@ in
ccWrapperStdenv = self.stdenv;
bash = bootstrapTools;
coreutils = bootstrapTools;
cpio = bootstrapTools;
gnugrep = bootstrapTools;
# Either pbzx or Libsystem is required from bootstrap tools (one is used building the other).
pbzx = if localSystem.isAarch64 then bootstrapTools else super.pbzx;
cpio = self.stdenv.mkDerivation {
name = "bootstrap-stage0-cpio";
buildCommand = ''
mkdir -p $out/bin
ln -s ${bootstrapFiles.cpio} $out/bin/cpio
'';
passthru.isFromBootstrapFiles = true;
};
pbzx = bootstrapTools;
darwin = super.darwin.overrideScope (selfDarwin: superDarwin: {
# Prevent CF from being propagated to the initial stdenv. Packages that require it

View File

@ -414,8 +414,7 @@ rec {
};
# The ultimate test: bootstrap a whole stdenv from the tools specified above and get a package set out of it
# TODO: uncomment once https://github.com/NixOS/nixpkgs/issues/222717 is resolved
/*
# eg: nix-build -A freshBootstrapTools.test-pkgs.stdenv
test-pkgs = import test-pkgspath {
# if the bootstrap tools are for another platform, we should be testing
# that platform.
@ -425,5 +424,4 @@ rec {
args' = args // { inherit bootstrapFiles; };
in (import (test-pkgspath + "/pkgs/stdenv/darwin") args');
};
*/
}

View File

@ -1,57 +0,0 @@
set -euo pipefail
# Unpack the bootstrap tools tarball.
echo Unpacking the bootstrap tools...
$mkdir $out
$bzip2 -d < $tarball | (cd $out && $cpio -i)
export PATH=$out/bin
# Fix codesign wrapper paths
sed -i \
-e "1c\
#!$out/bin/bash" \
-e "s|[^( ]*\bsigtool\b|$out/bin/sigtool|g" \
$out/bin/codesign
updateInstallName() {
local path="$1"
cp "$path" "$path.new"
install_name_tool -id "$path" "$path.new"
# workaround for https://github.com/NixOS/nixpkgs/issues/294518
# libc++.1.0.dylib contains wrong LC_RPATH
if [[ ${path} == *libc++.1.0.dylib ]]; then
install_name_tool -add_rpath @loader_path/.. "${path}.new"
fi
codesign -f -i "$(basename "$path")" -s - "$path.new"
mv -f "$path.new" "$path"
}
find $out
ln -s bash $out/bin/sh
ln -s bzip2 $out/bin/bunzip2
find $out/lib -type f -name '*.dylib' -print0 | while IFS= read -r -d $'\0' lib; do
updateInstallName "$lib"
done
# Provide a gunzip script.
cat > $out/bin/gunzip <<EOF
#!$out/bin/sh
exec $out/bin/gzip -d "\$@"
EOF
chmod +x $out/bin/gunzip
# Provide fgrep/egrep.
echo "#! $out/bin/sh" > $out/bin/egrep
echo "exec $out/bin/grep -E \"\$@\"" >> $out/bin/egrep
echo "#! $out/bin/sh" > $out/bin/fgrep
echo "exec $out/bin/grep -F \"\$@\"" >> $out/bin/fgrep
cat >$out/bin/dsymutil << EOF
#!$out/bin/sh
EOF
chmod +x $out/bin/egrep $out/bin/fgrep $out/bin/dsymutil

View File

@ -1,54 +0,0 @@
set -e
# Unpack the bootstrap tools tarball.
echo Unpacking the bootstrap tools...
$mkdir $out
$bzip2 -d < $tarball | (cd $out && $cpio -i)
# Set the ELF interpreter / RPATH in the bootstrap binaries.
echo Patching the tools...
export PATH=$out/bin
for i in $out/bin/*; do
if ! test -L $i; then
echo patching $i
install_name_tool -add_rpath $out/lib $i || true
fi
done
for i in $out/lib/*.dylib $out/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation; do
if test ! -L "$i" -a "$i" != "$out/lib/libSystem*.dylib"; then
echo "Patching $i"
id=$(otool -D "$i" | tail -n 1)
install_name_tool -id "$(dirname $i)/$(basename $id)" $i
libs=$(otool -L "$i" | tail -n +2 | grep -v libSystem | cat)
if [ -n "$libs" ]; then
install_name_tool -add_rpath $out/lib $i
fi
fi
done
ln -s bash $out/bin/sh
ln -s bzip2 $out/bin/bunzip2
# Provide a gunzip script.
cat > $out/bin/gunzip <<EOF
#!$out/bin/sh
exec $out/bin/gzip -d "\$@"
EOF
chmod +x $out/bin/gunzip
# Provide fgrep/egrep.
echo "#! $out/bin/sh" > $out/bin/egrep
echo "exec $out/bin/grep -E \"\$@\"" >> $out/bin/egrep
echo "#! $out/bin/sh" > $out/bin/fgrep
echo "exec $out/bin/grep -F \"\$@\"" >> $out/bin/fgrep
cat >$out/bin/dsymutil << EOF
#!$out/bin/sh
EOF
chmod +x $out/bin/egrep $out/bin/fgrep $out/bin/dsymutil