This PR strips down the modified `python27` derivation used by `resholve`. The
idea is to reduce the possible security issues, and also to make it easier to
bootstrap.
ActiveState is a company that is maintaining a fork of Python 2 to fixes
its security issues. Their support is paid, however the code is
open-source. See the details here:
https://www.activestate.com/products/python/python-2-end-of-life-security-updates/
This enable us to drop a bunch of CVE's patches for Python 2.7 and also
it should be easier to maintain, since we can just bump the version once
ActiveState tags a new version.
Before the change separate-debug-info.sh did the stripping itself.
This scheme has a few problems:
1. Stripping happens only on ELF files. *.a and *.o files are skipped.
Derivations have to do it manually. Usually incorrectly
as they don't run $RANLIB (true for `glibc` and `musl`).
2. Stripping happens on all paths. Ideally only `stripDebugList` paths
should be considered.
3. Host strip is called on Target files.
This change offloads stripping logic to strip hook. This strips more
files for `glibc` and `musl`. Now we can remove most $STRIP calls
from individual derivations.
Co-authored-by: Sandro <sandro.jaeckel@gmail.com>
Python package sets can be overridden by overriding an interpreter
and passing in `packageOverrides = self: super: {...};`. This is fine
in case you need a single interpreter, however, it does not help you
when you want to override all sets.
With this change it is possible to override all sets at once by
appending a list of "extensions" to `pythonPackagesExtensions`.
From reading the implementation you might wonder why a list is used, and
not
`lib.composeExtensions`? The reason is the latter requires knowledge of
the library function. This approach should be easier for most users
as it is similar to how we append to lists of e.g. inputs or patches
when overriding a derivation.
The PEP600 standard gives Python's naming scheme for various
architectures; it follows the convention which was in use by Fedora in
2014. According to PEP600, the architecture name for Power PC is
`ppc64le`, not `powerpc64le`. This is also how python3 declares its
"supported wheels" under Debian on PowerPC, as checked with `pip debug
--verbose`
$ pip debug --verbose | grep powerpc
$ pip debug --verbose | grep ppc | head
cp39-cp39-manylinux_2_31_ppc64le
cp39-cp39-manylinux_2_30_ppc64le
cp39-cp39-manylinux_2_29_ppc64le
cp39-cp39-manylinux_2_28_ppc64le
cp39-cp39-manylinux_2_27_ppc64le
cp39-cp39-manylinux_2_26_ppc64le
cp39-cp39-manylinux_2_25_ppc64le
cp39-cp39-manylinux_2_24_ppc64le
cp39-cp39-manylinux_2_23_ppc64le
Let's adjust the `pythonHostPlatform` expression in
cpython/default.nix to pass the architecture using the naming scheme
Python expects.
Verified on a Raptor Computing Systems Talos II. Without this commit,
PyQt5 fails to build, failing with "unsupported wheel". With this
commit, it builds successfully.
GCC does not come with a `libgcc_eh.a` for the target platform if
it was built without `--enable-shared`. That flag was removed with
c6dd11ca39, meaning we should no longer
attempt to link against that lib.
Overriding the interpreters did not work correctly. When overriding
packages would end up twice in the build time closure: one corresponding
to the overridden interpreter and one corresponding to the original
interpreter. The reason is that the override was not applied to the
interpreters in the spliced package sets.
It seems the additional linker flags were added in 9d3b0a2 (May 2008) as
a workaround for readline support. They were kept since then, but it
also means that `python3-config` outputs these flags
```console
$ python3-config --libs
-lpthread -ldl -lcrypt -lncurses -lutil -lm -lm
```
while other GNU/Linux distros do not. For example, Debian 11:
```console
$ sudo apt install python3-dev
$ python3-config --libs
-lcrypt -lpthread -ldl -lutil -lm -lm
```
This change removes the `-lncurses` flag and aligns Nix/NixOS with other
distros.
The original motivation behind removing that was to appease a consumer
of python-config's output. That issue was probably resolved by now, so
let's bring the build in sync with what python is doing by default.
This reverts b7819e38 ('python3.x: Patch extra stack size on darwin')
Setting an old target conflicts with the -stack_size,1000000 linker
flag. This fixes build of python310.
This reverts ce59dec5 ('python34: as a workaround, explicitly set MACOSX_DEPLOYMENT_TARGET')
