Naive concatenation of $LD_LIBRARY_PATH can result in an empty
colon-delimited segment; this tells glibc to load libraries from the
current directory, which is definitely wrong, and may be a security
vulnerability if the current directory is untrusted. This particular
case probably has no security relevance, but we should avoid this
unsafe pattern anyway in case it gets copied. See #76804.
Signed-off-by: Anders Kaseorg <andersk@mit.edu>
Programs which generate and compile a lot of code at runtime (such as
programming language interpreters like ACL2) are not suited for running on SBCL
executables built with the "immobile space" feature, as explained by Douglas
Katzman in this mail thread:
https://sourceforge.net/p/sbcl/mailman/message/36007057/
In this commit, I add an optional flag to the SBCL package allowing you to
disable the "immobile space" features.
I also migrated away from specifying enabled/disabled features in a
`customize-target-features.lisp` file and towards supplying them as command line
arguments to `make.sh`, as has been recommended by the installation instructions
since 2012 or so.
`with-packages-wrapper.nix` has a hack to workaround the linker limit
in MacOS Sierra. However that is now broken with GHC 8.8, because of
slight change in the format of the package config.
In short, the package config produced by GHC 8.8 has a new line between
the key and list of values, while earlier versions have them separated
by a single space.
This PR fixes the linker hack by modifying the `grep` and `sed` commands
to pattern match on either space or new line, so that the hack can work
on all versions of GHC.
The test suite still fails because of all kinds of implicit assumptions that
are wrong in our build environment. For example, the test suite can't just call
"idris" and expect that executable to be in $PATH.
Updating to the current HEAD of the Tensorflow-Haskell bindings allows
us to also update the dependencies, specifically proto-lens, and avoid
having to retain their outdated versions.
