If -target is explicitly passed to clang, we shouldn't pass our -march
value for the default target, because it probably won't exist for the
target being used. Up until now, clang has been lenient with this,
but it's a hard error with clang 17, so since gcc.arch is always set
on aarch64, fixing this is a hard requirement for upgrading our
default clang to 17.
Before (with clang 17 on aarch64-linux):
$ clang -target bpf -c -o /dev/null test.bpf.c
clang: warning: ignoring '-fstack-protector-strong' option as it is not currently supported for target 'bpf' [-Woption-ignored]
clang: error: unsupported option '-march=' for target 'bpf'
clang: warning: argument unused during compilation: '--gcc-toolchain=/nix/store/cngak08nb1yk44gnjipv5rg1ahh1xkax-gcc-13.2.0' [-Wunused-command-line-argument]
After:
$ clang -target bpf -c -o /dev/null test.bpf.c
clang: warning: ignoring '-fstack-protector-strong' option as it is not currently supported for target 'bpf' [-Woption-ignored]
clang: warning: argument unused during compilation: '--gcc-toolchain=/nix/store/cngak08nb1yk44gnjipv5rg1ahh1xkax-gcc-13.2.0' [-Wunused-command-line-argument]
Previously, when cross compiling from non-musl to musl, the crt-static
default override wouldn't be applied, because the compiler wouldn't
have been built with it due to fastCross. Moving it to the wrapper
fixes this without having to introduce extra compiler rebuilds. And
because the wrapper is applied even to the bootstrap rustc, we no
longer need special handling of crt-static in the Cargo expression.
Unlike --sysroot, rustc allows -C target-feature= to be passed
multiple times, with later instances taking precedence over earlier
ones. This means that it's very easy to set the default in the
wrapper, just by our overridden default before any other arguments.
This fixes pkgsCross.aarch64-multiplatform-musl.mesa from x86_64-linux.
The change is insignificant when the owner is root. However, when it
is not root, this change is needed to allow using Nix (as an
unprivileged user) inside the container.
Ada depencencies musst be build with the same gnat version as the
project. Use a namespace as preperation to build with different gnat
versions.
gprbuild and gnatprove are still globaly visable.
this equates to -ftrivial-auto-var-init=pattern
clang has removed support for -ftrivial-auto-var-init=zero and
are unlikely to re-add it, so use -ftrivial-auto-var-init=pattern
on both compilers if only to make behaviour more consistent
between the two.
add to pkgsExtraHardening's defaultHardeningFlags.
The loaded database contains timestamps of when the nix paths were
registered. Depending on the host store, these can differ between runs.
Resetting them to a well known values ensures that the produced image is
reproducible.
This commit adds support for swapping out the compression algorithm
used in all major docker-tools commands that generate images. The
default algorithm remains unchanged (gzip).
This fetcher is to be used with PyPi mirrors exposing the "legacy" API, such as devpi.
A variant of this fetcher has been used in poetry2nix for years and
has served us well there to support private PyPi mirrors and Devpi.
Example usage:
``` nix
fetchPypiLegacy {
file = "urllib3-1.26.2.tar.gz";
hash = "sha256:19188f96923873c92ccb987120ec4acaa12f0461fa9ce5d3d0772bc965a39e08";
pname = "urllib3";
url = "https://pypi.org/simple";
}
```
cc @lewo who wrote the this originally
cc contributors @rskew @gmacon @jperras @Smaug123