This replaces the mess of buildEnvs with a single Rust binary that
spits out a mostly-complete root filesystem for an fhsenv.
The main goal is to have includeClosures, as we want all of the
dependencies to be in the fhsenv to avoid Steam's (and others')
LD_LIBRARY_PATH shenanigans, but without 32-bit libraries leaking
into lib64 when a 64-bit package like mangohud depends on a 32-bit
version of itself.
We "fix" this by actually looking at the files and explicitly moving
32-bit stuff to $out/lib32. This could be avoided if we had recursive
Nix, or at least system info in exportReferencesGraph, but alas.
For some reason this also shrinks the fhsenvs massively, even though
there's currently no layout optimization (e.g. a package with paths
like lib/foo/{bar,baz} will produce two symlinks in the output, even
when it's more optimal to symlink lib/foo to $out/lib/foo directly).
Originally, we switched to bsdtar from libarchive to solve a reproducibility issue related to hardlinks
As of gnu cpio 2.14 the --ignore-dirnlink option is introduced and now included in --reproducible, which solves this issue
By switching back, we are in turn solving an issue in libarchive >=3.7.5 erroring out with "Error reading archive -: (null)"
Change-Id: Ib6140d599b6547d8e941b0251ce996e303c41fa6
Now that ld.so is symlinked into the libc derivation,
we can use it as a dynamic linker.
In my testing, OpenBSD does not have any issues with executing from
a symlinked ld.so.
`fetchNpmDeps` works from the exact same source tree, thus `patchFlags`
must be respected so that any patches get applied correctly.
Signed-off-by: Christoph Heiss <christoph@c8h4.io>
The indentation stripping semantics of strings are fairly bad and have a
few gotchas where the resulting string has not the intended indentation.
This commit fixes most if not all such instances in Nixpkgs.
I tried to strive a balance between keeping the diff small and
reformatting/refactoring the code to look better. In general,
reformatting should be left to Nixfmt.
Note that this causes a lot of rebuilds by design. All changes need to
be thoroughly vetted and reviewed for correctness. There is no automatic
way to prove correctness.
List of files to fix generated by running
https://gerrit.lix.systems/c/lix/+/2092 on Nixpkgs and looking at the
warnings.
This is a follow-up to a169553f7e.
In most cases it should allow the TLS verification to be enabled.
It also makes the behavior of `fetchurl` more consistent with other fetchers
like `fetchgit`.
Ideally we would always fallback on `cacert` but I am not sure how to build
`cacert` during bootstrap without making an unmaintainable mess.
