Without the change the build fails on `staging-next` as
https://hydra.nixos.org/build/248863953/nixlog/2/tail:
/build/edk2-unvendored-src/CryptoPkg/Library/OpensslLib/openssl/crypto/property/property_parse.c:107:19: error: ‘INT64_MAX’ undeclared (first use in this function)
107 | if (v > ((INT64_MAX - (*s - '0')) / 10)) {
| ^~~~~~~~~
The unbundled version of `openssl` `nixpkgs` injects into `edk2` started
using `INT64_MAX` that `edk2`'s `<stdint.h>` does not provide and relies
on `openssl` to define as a fallback.
Let's pull in `openssl`'s own definition of those.
`libuuid` is actually a dependency of the host platform and
should not be tucked in `depBuildBuild`.
Also, we don't need `buildPackages.util-linux` for the compilation.
with structuredAttrs lists will be bash arrays which cannot be exported
which will be a issue with some patches and some wrappers like cc-wrapper
this makes it clearer that NIX_CFLAGS_COMPILE must be a string as lists
in env cause a eval failure
There's nothing about edk2 specific to the host OS, and it builds fine
with e.g. a NetBSD toolchain, so we should only restrict
meta.platforms by architecture, not by OS.
In order to use OVMF firmware with e.g. qemu on macOS, these packages
needed to be made macOS ready. This meant choosing the clang build in
this case, because it is the only one working on macOS.
Unfortunately, just using clang on all platforms doesn't work because
there are hardcoded assumptions in the edk2 build system.
And also build in parallel.
I don't understand why we manually tediously link every single directory
from the source, but I don't want to investigate too much.
- Have only one sed expression per line
- Put the important stuff closer to the command and not hidden in some
continuation line. That is, don't do:
sed \
<boring stuff> \
<boring stuff> \
<boring stuff> \
<boring stuff> \
<boring stuff> \
<IMPORTANT STUFF>
but:
sed <IMPORTANT STUFF> \
<boring stuff> \
<boring stuff> \
<boring stuff> \
<boring stuff> \
<boring stuff>
The following parameters are now available:
* hardeningDisable
To disable specific hardening flags
* hardeningEnable
To enable specific hardening flags
Only the cc-wrapper supports this right now, but these may be reused by
other wrappers, builders or setup hooks.
cc-wrapper supports the following flags:
* fortify
* stackprotector
* pie (disabled by default)
* pic
* strictoverflow
* format
* relro
* bindnow
