mirror of
https://github.com/NixOS/nixpkgs.git
synced 2025-01-01 18:44:07 +00:00
194ddeefd5
LLD supports Windows-style linker arguments, but these previously triggered purity check false positives, because it saw that they started with a '/' and assumed they were paths. This tweaks the path detection to allow through certain values that could be paths, but are much more likely to be LINK.EXE-style flags. The risk of false negatives here is low — the only things we'd now fail to catch would be attempts to link with libraries in the root directory, which doesn't happen in practice. We also teach the wrapper how to apply its purity checks to library paths specified with the /LIBPATH: option. Tested that paths we expect to be rejected (like /lib/libfoo.so) still are.
274 lines
8.7 KiB
Bash
274 lines
8.7 KiB
Bash
#! @shell@
|
|
set -eu -o pipefail +o posix
|
|
shopt -s nullglob
|
|
|
|
if (( "${NIX_DEBUG:-0}" >= 7 )); then
|
|
set -x
|
|
fi
|
|
|
|
path_backup="$PATH"
|
|
|
|
# phase separation makes this look useless
|
|
# shellcheck disable=SC2157
|
|
if [ -n "@coreutils_bin@" ]; then
|
|
PATH="@coreutils_bin@/bin"
|
|
fi
|
|
|
|
source @out@/nix-support/utils.bash
|
|
|
|
if [ -z "${NIX_BINTOOLS_WRAPPER_FLAGS_SET_@suffixSalt@:-}" ]; then
|
|
source @out@/nix-support/add-flags.sh
|
|
fi
|
|
|
|
|
|
# Optionally filter out paths not refering to the store.
|
|
expandResponseParams "$@"
|
|
|
|
# NIX_LINK_TYPE is set if ld has been called through our cc wrapper. We take
|
|
# advantage of this to avoid both recalculating it, and also repeating other
|
|
# processing cc wrapper has already done.
|
|
if [[ -n "${NIX_LINK_TYPE_@suffixSalt@:-}" ]]; then
|
|
linkType=$NIX_LINK_TYPE_@suffixSalt@
|
|
else
|
|
linkType=$(checkLinkType "${params[@]}")
|
|
fi
|
|
|
|
if [[ "${NIX_ENFORCE_PURITY:-}" = 1 && -n "${NIX_STORE:-}"
|
|
&& ( -z "$NIX_IGNORE_LD_THROUGH_GCC_@suffixSalt@" || -z "${NIX_LINK_TYPE_@suffixSalt@:-}" ) ]]; then
|
|
rest=()
|
|
nParams=${#params[@]}
|
|
declare -i n=0
|
|
|
|
while (( "$n" < "$nParams" )); do
|
|
p=${params[n]}
|
|
p2=${params[n+1]:-} # handle `p` being last one
|
|
if [ "${p:0:3}" = -L/ ] && badPath "${p:2}"; then
|
|
skip "${p:2}"
|
|
elif [ "$p" = -L ] && badPath "$p2"; then
|
|
n+=1; skip "$p2"
|
|
elif [ "$p" = -rpath ] && badPath "$p2"; then
|
|
n+=1; skip "$p2"
|
|
elif [ "$p" = -dynamic-linker ] && badPath "$p2"; then
|
|
n+=1; skip "$p2"
|
|
elif [ "$p" = -syslibroot ] && [ $p2 == // ]; then
|
|
# When gcc is built on darwin --with-build-sysroot=/
|
|
# produces '-syslibroot //' linker flag. It's a no-op,
|
|
# which does not introduce impurities.
|
|
n+=1; skip "$p2"
|
|
elif [ "${p:0:10}" = /LIBPATH:/ ] && badPath "${p:9}"; then
|
|
reject "${p:9}"
|
|
# We need to not match LINK.EXE-style flags like
|
|
# /NOLOGO or /LIBPATH:/nix/store/foo
|
|
elif [[ $p =~ ^/[^:]*/ ]] && badPath "$p"; then
|
|
reject "$p"
|
|
elif [ "${p:0:9}" = --sysroot ]; then
|
|
# Our ld is not built with sysroot support (Can we fix that?)
|
|
:
|
|
else
|
|
rest+=("$p")
|
|
fi
|
|
n+=1
|
|
done
|
|
# Old bash empty array hack
|
|
params=(${rest+"${rest[@]}"})
|
|
fi
|
|
|
|
|
|
source @out@/nix-support/add-hardening.sh
|
|
|
|
extraAfter=()
|
|
extraBefore=(${hardeningLDFlags[@]+"${hardeningLDFlags[@]}"})
|
|
|
|
if [ -z "${NIX_LINK_TYPE_@suffixSalt@:-}" ]; then
|
|
extraAfter+=($(filterRpathFlags "$linkType" $NIX_LDFLAGS_@suffixSalt@))
|
|
extraBefore+=($(filterRpathFlags "$linkType" $NIX_LDFLAGS_BEFORE_@suffixSalt@))
|
|
|
|
# By adding dynamic linker to extraBefore we allow the users set their
|
|
# own dynamic linker as NIX_LD_FLAGS will override earlier set flags
|
|
if [[ "$linkType" == dynamic && -n "$NIX_DYNAMIC_LINKER_@suffixSalt@" ]]; then
|
|
extraBefore+=("-dynamic-linker" "$NIX_DYNAMIC_LINKER_@suffixSalt@")
|
|
fi
|
|
fi
|
|
|
|
extraAfter+=($(filterRpathFlags "$linkType" $NIX_LDFLAGS_AFTER_@suffixSalt@))
|
|
|
|
# These flags *must not* be pulled up to -Wl, flags, so they can't go in
|
|
# add-flags.sh. They must always be set, so must not be disabled by
|
|
# NIX_LDFLAGS_SET.
|
|
if [ -e @out@/nix-support/add-local-ldflags-before.sh ]; then
|
|
source @out@/nix-support/add-local-ldflags-before.sh
|
|
fi
|
|
|
|
|
|
# Three tasks:
|
|
#
|
|
# 1. Find all -L... switches for rpath
|
|
#
|
|
# 2. Find relocatable flag for build id.
|
|
#
|
|
# 3. Choose 32-bit dynamic linker if needed
|
|
declare -a libDirs
|
|
declare -A libs
|
|
declare -i relocatable=0 link32=0
|
|
|
|
linkerOutput="a.out"
|
|
|
|
if
|
|
[ "$NIX_DONT_SET_RPATH_@suffixSalt@" != 1 ] \
|
|
|| [ "$NIX_SET_BUILD_ID_@suffixSalt@" = 1 ] \
|
|
|| [ -e @out@/nix-support/dynamic-linker-m32 ]
|
|
then
|
|
prev=
|
|
# Old bash thinks empty arrays are undefined, ugh.
|
|
for p in \
|
|
${extraBefore+"${extraBefore[@]}"} \
|
|
${params+"${params[@]}"} \
|
|
${extraAfter+"${extraAfter[@]}"}
|
|
do
|
|
case "$prev" in
|
|
-L)
|
|
libDirs+=("$p")
|
|
;;
|
|
-l)
|
|
libs["lib${p}.so"]=1
|
|
;;
|
|
-m)
|
|
# Presumably only the last `-m` flag has any effect.
|
|
case "$p" in
|
|
elf_i386) link32=1;;
|
|
*) link32=0;;
|
|
esac
|
|
;;
|
|
-dynamic-linker | -plugin)
|
|
# Ignore this argument, or it will match *.so and be added to rpath.
|
|
;;
|
|
*)
|
|
case "$p" in
|
|
-L/*)
|
|
libDirs+=("${p:2}")
|
|
;;
|
|
-l?*)
|
|
libs["lib${p:2}.so"]=1
|
|
;;
|
|
"${NIX_STORE:-}"/*.so | "${NIX_STORE:-}"/*.so.*)
|
|
# This is a direct reference to a shared library.
|
|
libDirs+=("${p%/*}")
|
|
libs["${p##*/}"]=1
|
|
;;
|
|
-r | --relocatable | -i)
|
|
relocatable=1
|
|
esac
|
|
;;
|
|
esac
|
|
prev="$p"
|
|
done
|
|
fi
|
|
|
|
# Determine linkerOutput
|
|
prev=
|
|
for p in \
|
|
${extraBefore+"${extraBefore[@]}"} \
|
|
${params+"${params[@]}"} \
|
|
${extraAfter+"${extraAfter[@]}"}
|
|
do
|
|
case "$prev" in
|
|
-o)
|
|
# Informational for post-link-hook
|
|
linkerOutput="$p"
|
|
;;
|
|
*)
|
|
;;
|
|
esac
|
|
prev="$p"
|
|
done
|
|
|
|
if [[ "$link32" == "1" && "$linkType" == dynamic && -e "@out@/nix-support/dynamic-linker-m32" ]]; then
|
|
# We have an alternate 32-bit linker and we're producing a 32-bit ELF, let's
|
|
# use it.
|
|
extraAfter+=(
|
|
'-dynamic-linker'
|
|
"$(< @out@/nix-support/dynamic-linker-m32)"
|
|
)
|
|
fi
|
|
|
|
# Add all used dynamic libraries to the rpath.
|
|
if [[ "$NIX_DONT_SET_RPATH_@suffixSalt@" != 1 && "$linkType" != static-pie ]]; then
|
|
# For each directory in the library search path (-L...),
|
|
# see if it contains a dynamic library used by a -l... flag. If
|
|
# so, add the directory to the rpath.
|
|
# It's important to add the rpath in the order of -L..., so
|
|
# the link time chosen objects will be those of runtime linking.
|
|
declare -A rpaths
|
|
for dir in ${libDirs+"${libDirs[@]}"}; do
|
|
if [[ "$dir" =~ [/.][/.] ]] && dir2=$(readlink -f "$dir"); then
|
|
dir="$dir2"
|
|
fi
|
|
if [ -n "${rpaths[$dir]:-}" ] || [[ "$dir" != "${NIX_STORE:-}"/* ]]; then
|
|
# If the path is not in the store, don't add it to the rpath.
|
|
# This typically happens for libraries in /tmp that are later
|
|
# copied to $out/lib. If not, we're screwed.
|
|
continue
|
|
fi
|
|
for path in "$dir"/*; do
|
|
file="${path##*/}"
|
|
if [ "${libs[$file]:-}" ]; then
|
|
# This library may have been provided by a previous directory,
|
|
# but if that library file is inside an output of the current
|
|
# derivation, it can be deleted after this compilation and
|
|
# should be found in a later directory, so we add all
|
|
# directories that contain any of the libraries to rpath.
|
|
rpaths["$dir"]=1
|
|
extraAfter+=(-rpath "$dir")
|
|
break
|
|
fi
|
|
done
|
|
done
|
|
|
|
fi
|
|
|
|
# This is outside the DONT_SET_RPATH branch because it's more targeted and we
|
|
# usually want it (on Darwin) even if DONT_SET_RPATH is set.
|
|
if [ -n "${NIX_COREFOUNDATION_RPATH:-}" ]; then
|
|
extraAfter+=(-rpath $NIX_COREFOUNDATION_RPATH)
|
|
fi
|
|
|
|
# Only add --build-id if this is a final link. FIXME: should build gcc
|
|
# with --enable-linker-build-id instead?
|
|
#
|
|
# Note: `lld` interprets `--build-id` to mean `--build-id=fast`; GNU ld defaults
|
|
# to SHA1.
|
|
if [ "$NIX_SET_BUILD_ID_@suffixSalt@" = 1 ] && ! (( "$relocatable" )); then
|
|
extraAfter+=(--build-id="${NIX_BUILD_ID_STYLE:-sha1}")
|
|
fi
|
|
|
|
|
|
# Optionally print debug info.
|
|
if (( "${NIX_DEBUG:-0}" >= 1 )); then
|
|
# Old bash workaround, see above.
|
|
echo "extra flags before to @prog@:" >&2
|
|
printf " %q\n" ${extraBefore+"${extraBefore[@]}"} >&2
|
|
echo "original flags to @prog@:" >&2
|
|
printf " %q\n" ${params+"${params[@]}"} >&2
|
|
echo "extra flags after to @prog@:" >&2
|
|
printf " %q\n" ${extraAfter+"${extraAfter[@]}"} >&2
|
|
fi
|
|
|
|
PATH="$path_backup"
|
|
# Old bash workaround, see above.
|
|
|
|
if (( "${NIX_LD_USE_RESPONSE_FILE:-@use_response_file_by_default@}" >= 1 )); then
|
|
@prog@ @<(printf "%q\n" \
|
|
${extraBefore+"${extraBefore[@]}"} \
|
|
${params+"${params[@]}"} \
|
|
${extraAfter+"${extraAfter[@]}"})
|
|
else
|
|
@prog@ \
|
|
${extraBefore+"${extraBefore[@]}"} \
|
|
${params+"${params[@]}"} \
|
|
${extraAfter+"${extraAfter[@]}"}
|
|
fi
|
|
|
|
if [ -e "@out@/nix-support/post-link-hook" ]; then
|
|
source @out@/nix-support/post-link-hook
|
|
fi
|