This round is without the systemd CVE,
as we don't have binaries for that yet.
BTW, I just ignore darwin binaries these days,
as I'd have to wait for weeks for them.
The only outside-curl uses of `fetchurlBoot` left are `stdenv`
and `apple-source-releases`. The latter one can probably be removed
too, but I can't test it.
Pros:
- Aggregates all behind-the-scenes insanity in a single place.
Cons:
- At the cost of 10 more derivations (but 0 new outpaths).
It was removed on recent versions of macOS and these entries break
sandboxing if they don't exist.
Aborted: while setting up the build environment: getting attributes of path '/System/Library/PrivateFrameworks/Ubiquity.framework/Versions/A/Ubiquity': No such file or directory
xcbuild doesn’t handle dsymutil correctly. fuser.pl does not contain
debug symbols, but xcbuild doesn’t handle this like xcodebuild does.
So, just disable the debug information. We probably should do this in
more places using xcbuild, but it requires some arbitrary patching.
These just copy commands from Products/Release/. But with #52256 we
now build .dsym directories that somehow wind up in Products/Release/.
This makes things more exact by just copying the files in Products/Release/.
Lots of stuff has gotten moved around. Many security libraries have been merged
into the Security monorepo. I’ve cleared them out for now, we will
need to modify Security to build them!
This also moves some things around to more clearly separate
bootstrapping the stdenv from everything else. We want the “normal”
mode to be the non-bootstrapped version. When you ask for “Security”,
you want the actual built software, not a crippled one.
- Add TARGET_OS_OSX to darwin.libSystem. Looks like something
introduced in 10.12. TARGET_OS_MAC is only set when building for
desktop (iOS will have TARGET_OS_MAC set)
- Bump darwin.dtrace
- Bump darwin.libpthread
- Remove SmartCardServices, libsecurity*, etc.
- Install some more headers for darling.
LTO is disabled during bootstrap to keep the bootstrap tools small and
avoid unnecessary LLVM rebuilds, but is enabled in the final stdenv
stage and should be usable by normal packages.
This also updates the bootstrap tool builder to LLVM 5, but not the ones
we actually use for bootstrap. I'll make that change in a subsequent commit
so as to provide traceable provenance of the bootstrap tools.
Not every package that needs xcbuild will want to use its build phase.
I have moved the xcbuild setup hook to the new attribute xcbuildHook.
This means that dontUseXcbuild is no longer needed. If you just need
to call xcbuild on its own you can just refer to xcbuild.
toPath has confusing semantics and is never necessary; it can always
either just be omitted or replaced by pre-concatenating `/.`. It has
been marked as "!!! obsolete?" for more than 10 years in a C++
comment, hopefully removing it will let us properly deprecate and,
eventually, remove it.
I’m not going to fix all of them but this is the best way to do this
in Apple things. Just add ‘EXPORT_DSTDIR’ to the installFlags & set
‘DSTDIR’ to $(out). Please do this instead of the patching!
Following legacy packing conventions, `isArm` was defined just for
32-bit ARM instruction set. This is confusing to non packagers though,
because Aarch64 is an ARM instruction set.
The official ARM overview for ARMv8[1] is surprisingly not confusing,
given the overall state of affairs for ARM naming conventions, and
offers us a solution. It divides the nomenclature into three levels:
```
ISA: ARMv8 {-A, -R, -M}
/ \
Mode: Aarch32 Aarch64
| / \
Encoding: A64 A32 T32
```
At the top is the overall v8 instruction set archicture. Second are the
two modes, defined by bitwidth but differing in other semantics too, and
buttom are the encodings, (hopefully?) isomorphic if they encode the
same mode.
The 32 bit encodings are mostly backwards compatible with previous
non-Thumb and Thumb encodings, and if so we can pun the mode names to
instead mean "sets of compatable or isomorphic encodings", and then
voilà we have nice names for 32-bit and 64-bit arm instruction sets
which do not use the word ARM so as to not confused either laymen or
experienced ARM packages.
[1]: https://developer.arm.com/products/architecture/a-profile
Among other things, this will allow *2nix tools to output plain data
while still being composable with the traditional
callPackage/.override interfaces.
- Give cctools a dev output for the headers
- Update Libsystem to grab the headers from that dev output
- Don't include the headers in Darwin binutils, just as GNU Binutils no
longer does.
This includes adding a new xcbuild-based libutil build to test the waters a bit there.
We'll need to get xcbuild into the stdenv bootstrap before we can make the main build,
but it's nice to see that it can work.
This requires some small changes in the stdenv, then working around the
weird choice LLVM made to hardcode @rpath in its install name, and then
lets us remove a ton of annoying workaround hacks in many of our Go
packages. With any luck this will mean less hackery going forward.
The main changes are in libSystem, which lost the coretls component in 10.13
and some hardening changes that quietly crash any program that uses %n in
a non-constant format string, so we've needed to patch a lot of programs that
use gnulib.
This sort of thing is going to get revamped to be less hackish soon but
for now I want it to work. In this particular case, libc++ 4 (and maybe
earlier) gets very upset if we're imprecise about our const markers, and
I guess libauto was careless. This fixes it (PtrPtrMap) to be correct.
This wasn't being used and it was causing an error when evaluating:
error: attribute ‘CoreOSMakefiles’ missing, at /Users/mbauer/Projects/nixpkgs2/pkgs/os-specific/darwin/apple-source-releases/default.nix:140:71
pkill isn't building because of some missing headers:
- xpc/xpc.h
- os/base_private.h
- _simple.h
They are all available somewhere but not set up correctly in the Darwin
stdenv.
TODO: add pkill back in!
This actually has no effect but it bugged me to keep seeing an old version
in the package names :) and since we're making a bunch of stdenv changes
at once, I might as well.
This reinstates the libSystem selective symbol export machinery we used
to have, but locks it to the symbols that were present in 10.11 and skips
the actual compiled code we put into that library in favor of the system
initialization code. That should make it more stable and less likely to
do weird stuff than the last time we did this.
It's a long build and generally painful to split into smaller commits,
so I apologize for lumping many changes into one commit but this is far
easier.
There are still several outdated parts of the darwin stdenv but these
changes should bring us closer to the goal.
Fixes#18461