to not unnecessarily print
```
hello> ++ type -f strip
hello> strip is /nix/store/xzqzq99kbbkad23s2bf4bbrjppg6x0vj-bootstrap-stage2-gcc-wrapper-/bin/strip
```
printing what the strip command is is already done in stripDirs
`echo "stripping (with command $cmd and flags $stripFlags) in $paths"`
the hook doesn't output the following if $prefix doesn't exist
find: '/nix/store/...': No such file or directory
some other hooks that do this: prune-libtool-files.sh, audit-tmpdir.sh separate-debug-info.sh
Co-authored-by: Robin Gloster <mail@glob.in>
stdenv: print message if structuredAttrs is enabled
stdenv: add _append
reduces the chance of a user doing it wrong
fix nix develop issue
output hooks don't work yet in nix develop though
making $outputs be the same on non-structuredAttrs and structuredAttrs
is too much trouble.
lets instead make a function that gets the output names
reading environment file '/nix/store/2x7m69a2sm2kh0r6v0q5s9z1dh41m4xf-xz-5.2.5-env-bin'
nix: src/nix/develop.cc:299: std::string Common::makeRcScript(nix::ref<nix::Store>, const BuildEnvironment&, const Path&): Assertion `outputs != buildEnvironment.vars.end()' failed.
use a function to get all output names instead of using $outputs
copy env functionality from https://github.com/NixOS/nixpkgs/pull/76732/commits
wlroots(and others) have
```
wlroots> +++ find /nix/store/3a0xwszw8n5dzzhsgfnilvsqi4hk565s-wlroots-0.15.1-examples -type l -print0
wlroots> find: '/nix/store/3a0xwszw8n5dzzhsgfnilvsqi4hk565s-wlroots-0.15.1-examples': No such file or directory
```
because the examples output is created in postFixup while this hook runs in fixupPhase
PostScript Printer Description (ppd) files
describe printer features and capabilities.
They are usually evaluated by CUPS to convert
print jobs into a format suitable for a printer.
The conversion is often accomplished by commands
or even short shell scripts inside the ppd files.
ppd files are included in many printer driver packages.
Their scripts sometimes refer to other executables;
some of them are more common (like `perl`),
others are more exotic (like `rastertohp`).
If an executable is called with its name alone,
the effects of the ppd file depend on whether
the executable is in the PATH of CUPS,
and on the executable's version.
If an executable is called with an absolut path
(like `/usr/bin/perl`), it won't work at all in NixOS.
The commit at hand adds a setup hook that uses
the `fixupPhase` to substitute certain executable's
invocations in pdd files with absolute paths.
To use it, add the hook to `nativeBuildInputs` and
provide a list of executable names in `ppdFileCommands`.
Each executable must be available in the
package that is being built, or in `buildInputs`.
The setup hook's script then looks for ppd files in
`share/cups/model` and `share/ppds` in each output,
and replaces executable names with their absolute paths.
If ppd files need to be patched in unorthodox locations or
the setup hook needs to be invoked manually for other reasons,
one may leave the list `ppdFileCommands` empty to
avoid automatic processing of ppd files, then call
the shell function `patchPpdFileCommands` directly.
Details are described in the file `patch-ppd-hook.sh`.
Notes on the motivation for this setup hook:
Most packages in nixpkgs that provide
ppd files do not patch those ppd files at all.
This is not fatal when the executables are just called
with their names since the user can add packages
with the executables to `services.printing.drivers`.
E.g. if the user adds `pkgs.perl`, then all ppd
files that invoke `perl` will work as expected.
Nevertheless, to make these ppd files independent of
their execution environment, command invocations should
be substituted with absolut paths into the nix store.
This is similar to patching shebang lines so scripts can be
called independently of having the interpreter in the PATH.
The hook script in this commit is meant to support new packages
`foomatic-db*` which will generate several thousands of
ppd files referencing a plethora of different executables.
During development of these packages, I realized that
it's quite hard to patch ppd files in a robust way.
While binary names like `rastertokpsl` seem to be sufficiently
unique to be patched with `sed`, names like `date` or `gs`
are hard to patch without producing "false positives",
i.e., coincidental occurences of the executable's name that do
*not* refer to the executable and should not be patched at all.
As this problem also affects other packages,
it seems reasonable to put a robust implementation
in its own setup hook so that other
packages can use it without much effort.
Notes on the implementation:
The ppd file format is far from trivial.
The basic structure are key-value pairs;
keys may occur multiple times.
Only a small subset of keys may contain
executable names or shell scripts in their values.
Some values may span multiple lines;
a linebreak might even occur in the middle of a token.
Some executable names also occur in other keys by accident
where they must not be substituted (e.g. `gs` or `date`).
It is necessary to provide the list of command
names that will be patched for two reasons:
ppd files often contain "tokens" that might look
like commands (e.g. "file" or "host") but aren't;
these would erroneously get patched.
Also, looking for everything that might be a command
would slow down the patching process considerably.
The implementation uses `awk` to detect
keys that might contain executable names;
only their values are treated for substitution.
This avoids most cases of "overzealous" substitutions.
Since values may span multiple lines,
`sed` alone (while faster than `awk`) cannot focus
its substitution capabilities on relevant keys.
An elaborate set of regular expressions further helps
to minimize the probability of "false positives".
Several tricks are employed to speed up `awk`.
Notably, relevant files are identified with
`grep` before `awk` is applied to those files only.
Note that the script probably cannot handle fancy command
names (like spaces or backslashes as part of the name).
Also, there are still edge cases that the script would
mistakenly skip, e.g. if a shell script contains a
line break in the middle of an executable's name;
although ppd files permit such constellations,
I have yet to see one.
ppd files may be gzipped.
The setup hook accepts gzipped ppd files:
It decompresses them, substitutes paths, then recompresses them.
However, Nix cannot detect substituted paths as
runtime dependencies in compressed ppd files.
To ensure substituted paths are propagated as
runtime dependencies, the script adds each substituted
path to the variable `propagatedBuildInputs`.
Since this might not be enough for multi-output packages,
those paths are also written directly to
`nix-support/propagated-build-inputs`.
See the comment in `patch-ppd-hook.sh` for details.
Finally, the setup hook comes with a small test that
probes some edge cases with an artificial ppd file.
References:
* https://www.cups.org/doc/spec-ppd.html
* general ppd file specification
* lists some keys that may contain
executable names or shell scripts
* https://refspecs.linuxfoundation.org/LSB_4.0.0/LSB-Printing/LSB-Printing/ppdext.html
* lists some keys that may contain
executable names or shell scripts
* https://en.wikipedia.org/wiki/PostScript_Printer_Description#CUPS
* lists the usual locations of ppd files
One significant use case is adding `passthru.tests` to setup-hooks,
and help increase test coverage for mission-critical setup-hooks.
As `meta`, `passthru` doesn't go into the build script directly.
However, passing an empty set to `passthru` breaks nixpkgs-review
and OfBorg tests, so pass it only when specified.
Before the change separate-debug-info.sh did the stripping itself.
This scheme has a few problems:
1. Stripping happens only on ELF files. *.a and *.o files are skipped.
Derivations have to do it manually. Usually incorrectly
as they don't run $RANLIB (true for `glibc` and `musl`).
2. Stripping happens on all paths. Ideally only `stripDebugList` paths
should be considered.
3. Host strip is called on Target files.
This change offloads stripping logic to strip hook. This strips more
files for `glibc` and `musl`. Now we can remove most $STRIP calls
from individual derivations.
Co-authored-by: Sandro <sandro.jaeckel@gmail.com>
The initial intent was to strip .a and .o files, not .a.o files.
While at it expanded stripping for $lib output as well.
Without the change `libgcc.a` was not stripped and `.debug*` sections
made into final binaries. It's not a problem on it's own, but it's an
unintended side-effect. Noticed on `crystal_1_0` test failure where
`crystal` was not able to handle `dwarf-5`.
While at it allowed absolute file names to be passed to stripDebugList
and friends.
'strip' does not normally preserve archive index in .a files.
This usually causes linking failures against static libs like:
$ nix build --no-link -f. pkgsCross.mingw32.re2c
> ...-i686-w64-mingw32-binutils-2.38/bin/i686-w64-mingw32-ld:
/nix/store/...-i686-w64-mingw32-stage-final-gcc-13.0.0-lib/i686-w64-mingw32/lib/libstdc++.dll.a:
error adding symbols: archive has no index; run ranlib to add one
We restore the index by running ranlib explicitly.
This change mimics existing strip{All,Debug}List variables to
allow special stripping directories just for Target.
The primary use case in mind is gcc where package has to install
both host and target ELFs. They have to be stripped by their own
strip tools accordingly.
Co-authored-by: Rick van Schijndel <Mindavi@users.noreply.github.com>
Co-authored-by: Sandro <sandro.jaeckel@gmail.com>
Since 1ac53985 "*-wrapper; Switch from `infixSalt` to `suffixSalt`"
(2020) 'TARGET_' prefix (and infix) is no more. '_FOR_TARGET' suffix
is the only used suffix for target-specific tools and flags.
Use that in stip instead of always-empty variable.
A function to generate pkg-config files for Nix packages that need to create them ad hoc,
like blas and lapack.
Inspiration taken from `makeDesktopItem`.
The comment suggested that "{foo,bar}" is a supported pattern, which
is not true. "{foo,bar}" is only understood by brace expansion but the
code performs only globbing. We replace the comment with "[abc]",
which is a correct example of globbing.
By default, Cargo will only enable line tables. -g enables full debug
info. The RUSTFLAGS environment variable is examined by Cargo,
similar to how the NIX_*FLAGS* variables are examined by our compiler
wrappers.
A small shell script that can be used to extract a binary wrapper's
makeCWrapper call from its embedded docstring, without depending on
makeBinaryWrapper.
This commit fixes precise dependency ignorance by converting the
environment variable `autoPatchelfIgnoreMissingDeps` into a bash array
`ignoreMissingDepsArray`, passing `"${ignoreMissingDepsArray[@]}"`
instead of `"${autoPatchelfIgnoreMissingDeps[@]}"` to the python
script.
The original implementation does not work when
`autoPatchelfIgnoreMissingDeps` contains multiple dependency names.
Because it mistakenly passes `"${autoPatchelfIgnoreMissingDeps[@]}"`
to the python script. According to the Nix manual
(https://nixos.org/manual/nix/stable/expressions/derivations.html),
lists of strings are concatenated into whitespace-separated strings,
then passed to the builder as environment variables. So, if
`autoPatchelfIgnoreMissingDeps = [ "dep1" "dep2" "dep3" ]`,
`"${autoPatchelfIgnoreMissingDeps[@]}"` will be expanded to a single
argument `"dep1 dep2 dep3"`, which is not the intended behavior,
because the python script takes the long argument as a dependency
name.
With this commit, `"${ignoreMissingDepsArray[@]}"` will be expanded to
three arguments `"dep1" "dep2" "dep3"` arguments as expected, fixing
the issue.
Desktop files are only useful when accompanied by the binaries they
specify. So it makes more sense to put them next to the binaries rather
than `$out` which only usually contains the binaries.
Similar to the implementation of the `%f` and `%u` field codes. In this
case the amount of arguments passed poses no problem but the position
could, at least in theory.
This finishes the implementation of all the non-deprecated field codes.
As a part of that, repetitions of field codes are left alone. Originally
all field codes were removed. Now we replace only the first occurence.
This is correct for at least `%f`, `%u`, `%F` and `%U` because at most
one of them is permitted.
Shortcomings:
1. We replace `%[cfFikuU]` patterns one at a time. This means if the
right field code appears as part of the rest of the `Exec` field or
in a field code that was substituted earlier.
2. If any field code is repeated, only the first occurence is
substituted.
`%f` and `%u` are used to signal the program only accepts a single file
or URI argument. I do not believe there's a way to signal this
information to macOS but it is possible the program really won't work if
multiple files are passed and it's possible the relative position of
`%i`, `%c` or `%k` matters. So we replace `%f` or `%u` with `$1`. That
way we only pass one file in the (possibly significant) position of the
field code.
`ls -1 "$iconsdir/"*` listed the source directory for me when the glob
had no matches. Switching to `-A` circumvents this problem and has the
added advantage that it cannot run into argument list length limits.
Checked the desktop entry spec, there's other field codes than `%[fFuU]`
and those can in fact occur more than once, hence dropping '$' and
adding `/g`.
The "Exec" key in desktop items sometimes has one of the `%f`, `%F`,
`%u` and `%U` suffixes, which specify whether the command takes a file,
multiple files or a generalized URL or URLs. Darwin application bundles
do no understand this syntax so we do the next best thing, which is
simply dropping it.
Sometimes scalable icons or icons within the thresholds from the desired
resolutions aren't available. In this case it's still nicer to end up
with a blocky scaled icon rather than the generic default.
In order to compose a `.icns` file containing multiple icon sizes I had
to pass `--toc` to `icnsutil`. This did not seem to have a negative
effect on `.icns` containing only a single icon size.
On macOS 10.13 the 48x48 icon size is not supported. It results in a
corrupted image being displayed. I suspect the image data is being
truncated to what it expects for 32x32 or maybe data is read for
128x128, which would be a buffer overflow.
As discussed in https://github.com/NixOS/nixpkgs/issues/163590, it's not really required and has a side effect of adding refeferences to packages from nativeBuildInputs that aren't really required
- Convert icons to a single .icns file; and
- Provide an opt-out via X-macOS-Squircle in the desktop item to
override the squircle behavior when the source icons look bad when
converted automatically.
Disable file globbing in --prefix/--suffix, since bash will otherwise
try to find filenames matching the the value to be prefixed/suffixed
if it contains characters considered wildcards, such as `?` and
`*`. We want the value as is, except we also want to split it on on
the separator; hence we can't quote it.
* rewrite autoPatchelfHook in python
* Update pkgs/build-support/setup-hooks/auto-patchelf.py
Co-authored-by: aszlig <aszlig@redmoonstudios.org>
* Update pkgs/build-support/setup-hooks/auto-patchelf.py
Co-authored-by: aszlig <aszlig@redmoonstudios.org>
* Apply suggestions from code review
Co-authored-by: aszlig <aszlig@redmoonstudios.org>
* Fix issues discovered during tests
* Apply suggestions from code review
Co-authored-by: aszlig <aszlig@redmoonstudios.org>
* fixup line wrapping
* autoPatchelfHook: Improve compatibility with bash version
* autoPatchelfHook: Fix symlink-reated issues
* autoPatchelfHook: Revert dubious patchelf invocation test
* autoPatchelfHook: Untangle the executable detection logic
* fixup! autoPatchelfHook: Untangle the executable detection logic
* autoPatchelfHook: Fix invalid borrow issue
* autoPatchelfHook: Handle runtimeDependencies as the bare string it is
* autoPatchelfHook: add bintools dependency
For the very rare cases where it is not included by default.
* autoPatchelfHook: replace old hook with the rewrite
* autoPatchelfHook: get rid of the old hook content
* autoPatchelfHook: fix wrong ordering of debug info
* autoPatchelfHook: persist extra search path across incovations
* autoPatchelfHook: fix wrong usage of global variables
* Update auto-patchelf.py
PEP8: ignoreMissing -> ignore_missing
* Apply suggestions from code review
Co-authored-by: aszlig <aszlig@redmoonstudios.org>
* autoPatchelfHook: remove imprecise and incorrect warning
* Apply explicit types from code review
Co-authored-by: Jörg Thalheim <Mic92@users.noreply.github.com>
* Complement and polish types and snake_casing
Co-authored-by: aszlig <aszlig@redmoonstudios.org>
Co-authored-by: Jörg Thalheim <Mic92@users.noreply.github.com>
When prefixing or suffixing list variables, check that the value or
values aren't already part of the list. If this is the case when
suffixing, the list won't be touched at all. When prefixing, however,
the last matching instance of the value will be moved to the beginning
of the list. Any remaining duplicates of the value will be left as-is.
Co-authored-by: Vincenzo Mantova <xworld21@users.sf.net>
This is for symmetry with `--suffix-each`, and also because
(in my limited experience), `--prefix-each` is more useful since it
ensures that the new entries superseded the existing `PATH` entries
autoPatchelfHook actually doesn't depend on stdenv and only needs
bintools (with its wrapper). This change uses $NIX_BINTOOLS instead of
$NIX_CC and makes the dependency on bintools explicit.
Fully enabling crossSystem support for autoPatchelfHook came with some
perhaps unintended consequences of being a bit more aggressive about
patching ELF files from architectures/ABIs that differ from the target
(previously, those files would be ignored because ldd usually couldn't
handle them).
This change adds architecture and rough OS ABI detection to the script
so that it doesn't try to blindly replace the interpreter of files that
can't possibly use that interpreter, and also makes sure it doesn't
accidentally use libraries of other architectures/ABIs.
`--enable-deterministic-archives` is a GNU specific strip flag and
causes other strip implementations (for example LLVM's, see #138013)
to fail. Since strip failures are ignored, this means that stripping
doesn't work at all in certain situation (causing unnecessary
dependencies etc.).
To fix this, no longer pass `--enable-deterministic-archives`
unconditionally, but instead add it in a GNU binutils specific strip
wrapper only.
`commonStripFlags` was only used for this flag, so we can remove
it altogether.
Future work could be to make a generic strip wrapper, with support for
nix-support/strip-flags-{before,after} and NIX_STRIP_FLAGS_{BEFORE,AFTER}.
This possibly overkill and unnecessary though -- also with the
additional challenge of incorporating the darwin strip wrapper somehow.
In #84415, autoPatchelfHook was taught to use the correct path to the
readelf binary when a crossSystem is specified. Unfortunately, the
remainder of the functionality in the script depended on ldd, which only
reads ELF files of its own architecture. It has the further unfortunate
quality of not reporting any useful error, but rather that the file is
not a dynamic executable.
This change uses patchelf to directly analyze the DT_NEEDED tags in the
target files instead, which correctly works across architectures. It
also updates the use of objdump to be prefix-aware $OBJDUMP (which would
have been required in the PR mentioned above, but we never made it that
far into the script execution).
This caused shebangs that were already store paths to be rewritten.
Introduced by ab4c359822 in #94642
Example difference:
$ echo "hello world" | tail -c+3
llo world
$ str="hello world"; echo ${str:3}
lo world
