Commit Graph

377 Commits

Author SHA1 Message Date
John Ericson
0c09b3d17c
Merge pull request #197937 from danielbarter/cc-wrapper-hook
cc-wrapper: adding a cc-wrapper-hook to the cc-wrapper
2022-10-28 17:30:03 +01:00
Vladimír Čunát
6890557c17
Revert "Merge #191724: cc-wrapper: remove duplicate include flags"
Let's redo this later, with more testing and less bugs.
This reverts commits 4f6e99870b and d700d8e8a2.
2022-10-28 10:28:12 +02:00
Daniel Barter
77bd639c4c cc-wrapper: adding a cc-wrapper-hook to the cc-wrapper 2022-10-26 09:33:43 -07:00
Sergei Trofimovich
8480f40236
Merge pull request #191134 from Et7f3/remove-duplicate-code-cc-wrapper
cc-wrapper: remove duplicate C{C,XX}${role_post}
2022-10-16 21:02:04 +01:00
Vladimír Čunát
d700d8e8a2
stdenv cc-wrapper: revert a problematic change for non-Linux
The change from 0bea4a194f (PR #191724) broke stdenv bootstap
on *-darwin, and I didn't want to drop the *-linux binaries
that we have already.
2022-10-14 09:40:48 +02:00
Sergei Trofimovich
7d7030c6d5
Merge pull request #193871 from trofi/FORTIFY-unset-and-set
cc-wrapper/add-hardening.sh: always unset _FORTIFY_SOURCE before re-s…
2022-10-08 07:30:17 +01:00
Vladimír Čunát
4f6e99870b
Merge #191724: cc-wrapper: remove duplicate include flags
...into staging
2022-10-05 20:01:34 +02:00
Sergei Trofimovich
2a9fc04635 cc-wrapper/add-hardening.sh: always unset _FORTIFY_SOURCE before re-setting it
On darwin clang driver always sets -D_FORTIFY_SOURCE=0 under asan.
This causes -Werror to trip over macro redefinition:

    <command line>:1:9: error: '_FORTIFY_SOURCE' macro redefined [-Werror,-Wmacro-redefined]
    #define _FORTIFY_SOURCE 2
            ^

To avoid it let's always explicitly undefine it first before redefining.
2022-10-01 08:30:11 +01:00
Daniel Barter
0bea4a194f cc-wrapper/setup-hook.sh: remove duplicate flags in NIX_CFLAGS_COMPILE 2022-09-28 13:24:42 -07:00
Theodore Ni
c319d8ae3b
cc-wrapper: comment explaining C++ stdlib order
There is context here that I needed when resolving an issue in which
libc was added to NIX_CFLAGS_COMPILE before the C++ stdlib that took
me awhile to understand.

It was suggested to me that this context be included as a comment,
since it is not obvious and could help others in the future.
2022-09-20 12:14:51 +02:00
Et7f3
d937f6fc2f
cc-wrapper: remove duplicate C{C,XX}${role_post}
This might be typo but I don't know which other variable was intended to be named. This can also come from a merge conflict.
2022-09-14 02:41:05 +02:00
github-actions[bot]
efe19ddf3b
Merge staging-next into staging 2022-08-25 18:01:48 +00:00
Minijackson
bec06f5bba
cc-wrapper: disable stackprotector for MicroBlaze
This option doesn't seem to be supported in the cross-compiler
2022-08-25 16:00:49 +02:00
Theodore Ni
1f6366d38c
cc-wrapper: fortran: enable stackprotector on M1
Was failing due to https://github.com/iains/gcc-darwin-arm64/issues/54,
fix picked up in https://github.com/NixOS/nixpkgs/pull/186477.
2022-08-19 16:41:36 -07:00
github-actions[bot]
67f5b5a85d
Merge staging-next into staging 2022-08-08 18:02:11 +00:00
adisbladis
5cc12aa8cb
Merge pull request #182187 from adisbladis/newlib-nano-cc
newlib-nano: Set same flags as regular newlib in cc-wrapper/gcc config
2022-08-08 22:07:57 +08:00
Sergei Trofimovich
549e08c8e8 bintools-wrapper, cc-wrapper: avoid invalid export of 'expand-response-params'
POSIX sh (and `bash`) impose a restriction on environment variable name
format and disallow hypheps in the names. Normally it's not a problem
as nothing usually tries to refer nyphenated names.

One exception is `nix develop` (https://github.com/NixOS/nix/issues/6848):

    $ nix develop -f. gcc -L
    gcc-wrapper> ...-get-env.sh: line 70: expand-response-params: bad substitution

Note that bash usually uses explicitly created `expandResponseParams`
variant of the same variable.

To work the problem around let's avoid environment variable export and move
it to `passthru` for `cc` (used ina  few places) and remove it completely for
`binutils` (does not seem to be used at all).
2022-07-31 16:31:13 +01:00
Vladimír Čunát
5b5843e2b2
Merge #151983: wrapper: Fortran: disable stackprotector
...hardening on darwin aarch64 (merge into staging)
2022-07-29 19:27:34 +02:00
adisbladis
d5fb429c7d cc-wrapper: Set correct hardening_unsupported_flags for newlib-nano 2022-07-20 16:41:48 +08:00
Semion Nadezhdin
b060076e21 cc-wrapper: broaden explicit libc++abi linking for LLVM stdenv 2022-07-13 21:19:12 +03:00
Dmitry Bogatov
6eb689d490
cc-wrapper: fix typo in shell script
Noticed this bug when was trying to bootstrap m4 on darwin. That fixes

	line 163: no such file or directory error

That does not solve all problems staging has on darwin.
2022-06-17 20:25:27 -04:00
John Ericson
e23e71f9e4
Merge pull request #176152 from mmlb/cc-wrapper-allow-target-override
cc-wrapper: Allow user to override -target for clang
2022-06-15 15:09:27 -04:00
Manuel Mendez
0fdc72b7e9 cc-wrapper: Add clang specific options to clang specific file
This way gcc doesn't need to be rebuilt because of clang. This also avoids
rebuilding clang when only the wrapper needs to be tweaked.
2022-06-15 11:34:53 -04:00
Manuel Mendez
19b6ccd9ac cc-wrapper: Allow for override of -target for clang/clang++
This enables users to make use of clang's multi-platform/target support
without having to go through full cross system setup. This is especially useful
for generating bpf object files, I'm not even usre what would a no-userland
cross compile system tuple even look like to even try going that route.

Fixes #176128
2022-06-09 16:57:15 -04:00
Manuel Mendez
e91b5670e3 cc-wrapper: Use case statements instead of bunch of if/elif checks
Makes for easier to read code imo, case-in-point there was a duplicate test for
`$p = -E` before. While doing this little bit of refactor I changed rest ->
kept because that makes more sense, rest sounds like its the rest of params
while kept says these are the params that we've kept.

I tested for no change in behavior using the following bash script:

```
reset() {
	cInclude=1
	cxxInclude=1
	cxxLibrary=1
	dontLink=0
	isCxx=0
	nonFlagArgs=0
	params=()
}

parseParams() {
	declare -i n=0
	nParams=${#params[@]}
	while (("$n" < "$nParams")); do
		p=${params[n]}
		p2=${params[n + 1]:-} # handle `p` being last one

		case "$p" in
		-[cSEM] | -MM) dontLink=1 ;;
		-cc1) cc1=1 ;;
		-nostdinc) cInclude=0 cxxInclude=0 ;;
		-nostdinc++) cxxInclude=0 ;;
		-nostdlib) cxxLibrary=0 ;;
		-x)
			case "$p2" in
			*-header) dontLink=1 ;;
			c++*) isCxx=1 ;;
			esac
			;;
		-?*) ;;
		*) nonFlagArgs=1 ;; # Includes a solitary dash (`-`) which signifies standard input; it is not a flag
		esac
		n+=1
	done
}

for p in c S E M MM; do
	reset
	params=-$p
	parseParams
	[[ $dontLink != 1 ]] && echo "expected dontLink=1 for params:${params[@]}" >&2 && exit 1
done

reset
params=(-x foo-header)
parseParams
[[ $dontLink != 1 ]] && echo "expected dontLink=1 for params:${params[@]}" >&2 && exit 1

reset
params=(-x c++-foo)
parseParams
[[ $isCxx != 1 ]] && echo "expected isCxx=1 for params:${params[@]}" >&2 && exit 1

reset
params=-nostdlib
parseParams
[[ $cxxLibrary != 0 ]] && echo "expected cxxLibrary=0 for params:${params[@]}" >&2 && exit 1

reset
params=-nostdinc
parseParams
[[ $cInclude != 0 ]] && echo "expected cInclude=0 for params:${params[@]}" >&2 && exit 1
[[ $cxxInclude != 0 ]] && echo "expected cxxInclude=0 for params:${params[@]}" >&2 && exit 1

reset
params=-nostdinc++
parseParams
[[ $cxxInclude != 0 ]] && echo "expected cxxInclude=0 for params:${params[@]}" >&2 && exit 1

reset
params=-cc1
parseParams
[[ $cc1 != 1 ]] && echo "expected cc1=1 for params:${params[@]}" >&2 && exit 1

reset
params=-
parseParams
[[ $nonFlagArgs != 1 ]] && echo "expected nonFlagArgs=1 for params:${params[@]}" >&2 && exit 1

reset
params=bleh
parseParams
[[ $nonFlagArgs != 1 ]] && echo "expected nonFlagArgs=1 for params:${params[@]}" >&2 && exit 1

reset
params=-?
parseParams
[[ $nonFlagArgs != 0 ]] && echo "expected nonFlagArgs=0 for params:${params[@]}" >&2 && exit 1

exit 0
```
2022-06-09 16:57:15 -04:00
FliegendeWurst
7b185e04a9 cc-wrapper: Fortran: disable format hardening
Otherwise, these warnings are emitted:
command-line option '-Wformat=1' is valid for C/C++/ObjC/ObjC++ but not for Fortran
command-line option '-Wformat-security' is valid for C/C++/ObjC/ObjC++ but not for Fortran
'-Werror=' argument '-Werror=format-security' is not valid for Fortran

Fixes part of #27218
2022-05-26 12:29:35 +02:00
Artturin
1d44ac176c treewide: add enableParallelBuilding's to bootstrap packages so hashes stay the same
when enableParallelBuildingByDefault is enabled

verified with
`nix-diff $(nix eval ".#gcc-unwrapped.drvPath") $(nix eval --expr 'with import ./. { config = { enableParallelBuildingByDefault = true; }; }; gcc-unwrapped.drvPath' --impure)`
2022-05-25 16:03:14 +03:00
Janne Heß
c911240e9c
Revert "Add mingwW64-llvm cross-system." 2022-05-18 13:50:23 +02:00
Shea Levy
0f68ed163c
Merge branch 'mingwW64-clang' into staging 2022-05-18 06:30:21 -04:00
Shea Levy
078a07708a
libunwind: Fix build against compiler-rt-using clang 2022-05-09 10:05:47 -04:00
Shea Levy
4b503b2a58
cc-wrapper: clang doesn't support -fPIC on Windows 2022-05-06 10:54:52 -04:00
Emery Hemingway
89a0dd2414 wrapCCWith: structured argument for wrapper flags
Take a "nixSupport" argument that is an attrset of lists to append
to "$out/nix-support/${name}" where name is the name of the
attribute. This attrset is available from the passthru of the
wrapped compiler.

This is an alternative to imperatively issuing flags with
extraBuildCommands and makes it possible to append or filter
flags with an override.
2022-04-30 21:21:41 -05:00
Doron Behar
2cc754a7ba cc-wrapper: Fortran: disable stackprotector hardening on darwin aarch64 2022-04-16 11:11:26 +03:00
Sergei Trofimovich
649ebfbed6 cc-wrapper: change cflags order from cc/crt1/libc to crt1/libc/cc
In https://github.com/NixOS/nixpkgs/issues/158042 I noticed order
mismatch as a bootstrap build failure when building x86_64-linux
against glibc-2.35 in nixpkgs (bootstrap libs has glibc-2.27):

    expand-response-params> ld: /nix/store/p4s4jf7aq6v6z9iazll1aiqwb34aqxq9-bootstrap-tools/lib/crt1.o: in function `_start':
    expand-response-params> /build/glibc-2.27/csu/../sysdeps/x86_64/start.S:101: undefined reference to `__libc_csu_fini'
    expand-response-params> ld: /build/glibc-2.27/csu/../sysdeps/x86_64/start.S:102: undefined reference to `__libc_csu_init'
    expand-response-params> collect2: error: ld returned 1 exit status

Here crt1.o from glibc-2.27 links against libc.so.6 from glibc-2.35.

This happens because ordering of `-L` (influences `libc.so` lookup) and
`-B` (influences `crt1.o` lookup) flags differs:

    expand-response-params>   -B/...-bootstrap-tools/lib
    expand-response-params>   -B/...-glibc-2.35/lib/
    ...
    expand-response-params>   -L/...-glibc-2.35/lib
    expand-response-params>   -L/...-bootstrap-tools/lib

The change makes consistent ordering of `-L`/`-B` and allows getting to
stage4 for `glibc-2.35` target.
2022-02-20 10:45:45 +00:00
Moritz Angermann
14996789a1
Check link type based on expanded parameters
So far we've ignored response files in arguments, and did not
check linkType against expanded parameters.  This means if
we have `-static` in a @reponse-file, linkType will not be
set to `-static` as we never check against the expanded arguments
from response files.
2022-01-01 20:30:56 +08:00
r-burns
16728283c3
Merge pull request #135619 from r-burns/fpie-musl-fixes
[staging] {cc,binutils}-wrapper: fixes for PIE hardening
2021-09-23 17:55:08 -07:00
Ryan Burns
37d089c1af {cc,binutils}-wrapper: match leading/trailing arguments
fixes e.g.:
pkgsMusl.libfsm
pkgsMusl.libiscsi
pkgsMusl.nsjail
pkgsMusl.pv

match strings have whitespace on either side, which wasn't
matching leading/trailing arguments previously
2021-09-20 17:24:04 -07:00
Ryan Burns
bd8258a389 cc-wrapper: ensure PIE flags precede PIC flags
fixes:
pkgsMusl.bulletml
pkgsMusl.proot
pkgsMusl.python3

Debian explains this issue well in the dpkg-buildflags manpage:

-fPIE
    Can be linked into any program, but not a shared library (recommended).
-fPIC
    Can be linked into any program and shared library.

On projects that build both programs and shared libraries you might need to
make sure that when building the shared libraries -fPIC is always passed last
(so that it overrides any previous -PIE) to compilation flags such as CFLAGS.

(from https://manpages.debian.org/bullseye/dpkg-dev/dpkg-buildflags.1.en.html#hardening)
2021-09-20 11:03:42 -07:00
John Ericson
d3407f1a3b cc-wrapper: Add support for -mthumb / -marm 2021-09-17 17:12:54 +00:00
Shea Levy
9ecfbe0c5b
mingw: Disalbe FORTIFY_SOURCE by default.
In newer versions of mingw, programs compiled with FORTIFY_SOURCE need
to link to libssp or they will have link-time errors.

gmp has been broken since @pstn updated mingw-64 in c60a0b0447
2021-08-11 05:07:42 -04:00
sternenseemann
c3c4ef859a gprbuild, xmlada: init at 21.0.0
GPRbuild is a multi language build system developed by AdaCore which
is mostly used for build Ada-related projects using GNAT.

Since GPRbuild is used to build itself and its dependency library
XML/Ada we first build a bootstrap version of it using the provided
bash build script bootstrap.sh as the gprbuild-boot derivation.
gprbuild-boot is then used to build xmlada and the proper gprbuild
derivation.

GPRbuild has its own search path mechanism via GPR_PROJECT_PATH which
we address via a setupHook. It currently works quite similar to the
pkg-config one: It accumulates all inputs into GPR_PROJECT_PATH,
GPR_PROJECT_PATH_FOR_BUILD etc. However this is quite limited at the
moment as we don't have a gprbuild wrapper yet which understands the
_FOR_BUILD suffix. However, we'll need to address this in the future
as it is currently basically impossible to test since the distinction
only affects cross-compilation, but it is not possible to build a GNAT
cross-compiler in nixpkgs at the moment (I'm working on changing that,
however).

Another issue we had to solve was GPRbuild not finding the right GNAT
via its gprconfig tool: GPRbuild has a knowledge base with compiler
definitions which run some checks and collect info about binaries
which are in PATH. In the end the first compiler in PATH that supports
the desired language is selected.

We want GPRbuild to discover our wrapped GNAT since the unwrapped one
is incapable of producing working binaries since it won't find the
crt*.o objects distributed with libc. GPRbuild however needs to find
the Ada runtime distributed with GNAT which is not part of the wrapper
derivation, so it will skip the wrapper and select the unwrapped GNAT.
Symlinking the unwrapped's lib directory into the wrapper fixes this
problem, but breaks linking in some cases (e. g. when linking against
OMP from gcc, the runtime variant will shadow the problem dynamic lib
from buildInputs). Additionally it uses gnatls as an indicator it has
found GNAT which is not part of the wrapper.

The solution we opted to adopt here is to install a custom compiler
description into gprbuild's knowledge base which properly detects the
nixpkgs GNAT wrapper: It uses gnatmake to detect GNAT instead of
gnatls and discovers the runtime via a symlink we add to
`$out/nix-support`. This additional definition is enough to properly
detect GNAT, since the plain wrapped gcc detection works out of the
box. It may, however, be necessary to add special definitions for
other languages in the future where gprbuild also needs to discover
the runtime.

One future improvement would be to install libgpr into a separate
output or split it into a separate derivation (which would require to
link gprbuild statically always since otherwise we end up with a
cyclical dependency).
2021-08-03 14:58:49 +02:00
Jörg Thalheim
166948d479 cc-wrapper: don't set rpath on static-pie executables 2021-05-23 17:38:17 +00:00
John Ericson
18c38f8aee treewide: All the linker to be chosen independently
This will begin the process of breaking up the `useLLVM` monolith. That
is good in general, but I hope will be good for NetBSD and Darwin in
particular.

Co-authored-by: sterni <sternenseemann@systemli.org>
2021-05-14 21:29:51 +00:00
John Ericson
912c8262b4
Merge pull request #117591 from s1341/android_non_prebuilt
treewide: Support aarch64-android using minimal prebuilt components
2021-05-11 12:49:53 -04:00
s1341
1e1d29c2af treewide: Support aarch64-android using minimal prebuilt components
This PR adds a new aarch64 android toolchain, which leverages the
existing crossSystem infrastructure and LLVM builders to generate a
working toolchain with minimal prebuilt components.

The only thing that is prebuilt is the bionic libc. This is because it
is practically impossible to compile bionic outside of an AOSP tree. I
tried and failed, braver souls may prevail. For now I just grab the
relevant binaries from https://android.googlesource.com/.

I also grab the msm kernel sources from there to generate headers. I've
included a minor patch to the existing kernel-headers derivation in
order to expose an internal function.

Everything else, from binutils up, is using stock code. Many thanks to
@Ericson2314 for his help on this, and for building such a powerful
system in the first place!

One motivation for this is to be able to build a toolchain which will
work on an aarch64 linux machine. To my knowledge, there is no existing
toolchain for an aarch64-linux builder and an aarch64-android target.
2021-05-11 15:39:08 +00:00
Vladimír Čunát
8eabe2ecc5
Merge #115235: gcc: native aarch64-darwin support 2021-05-11 12:12:04 +02:00
Ivan Babrou
4aa95e3312 gcc: native aarch64-darwin support 2021-05-10 19:07:30 -07:00
Dmitry Kalinkin
11b744b59c
cc-wrapper.sh: make -nostdlib disable the standard C++ library, but not its includes
Should be the correct fix for #111970
2021-05-02 14:07:00 -04:00
Dmitry Kalinkin
d9bad0eae6
cc-wrapper.sh: rename variables cpp -> cxx
CPP is the C PreProcessor
CXX is C++
2021-05-02 14:03:51 -04:00
Dmitry Kalinkin
96bbe339d4
Revert "cc-wrapper: -nostdlib does not imply -nostdinc++"
This made C++ standard headers passed to be passed when C compiler is
executed, which is not a correct fix.

This reverts commit 54c7a0f422.
2021-05-02 14:00:37 -04:00