nordic-dev.net/nixpkgs
nordic-dev.net/nixpkgs
2
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2025-01-23 21:33:49 +00:00
Code Issues Packages Projects Releases Wiki Activity
e0d2053b87
nixpkgs/pkgs/build-support
History
Peter Waller e0d2053b87 build-support: Use response-expanded params in pie test 
When a response file is in use, "$*" contains the response file and not
the parameters; both the linker and compiler wrappers are updated to use
the response-expanded params.

The compiler driver likes to pass parameters to the linker via a
response file, including -shared.

LLD rejects the combination of (-shared -pie), whereas other linkers
silently ignore the contradiction:

```
ld.lld: error: -shared and -pie may not be used together
```

This breaks certain configurations using LLD as a linker.

Changing `add-hardening.sh` results in a full rebuild. To avoid the
rebuild, here is a quick test case which shows the new hardening script
allows the link to succeed:

```
{ pkgs ? import <nixpkgs> {} }:

let
  # gcc silently accepts -shared -pie together, lld does not.
  linker = pkgs.wrapBintoolsWith { bintools = pkgs.llvmPackages.lld; };

  patchWrapper = prev: prev.overrideAttrs (final: prev: let
    prevScript = builtins.match (".*(/nix/store/[a-z0-9]+-add-hardening.sh).*") prev.postFixup;
  in {
    postFixup = (builtins.replaceStrings prevScript ["${./new-add-hardening.sh}"] prev.postFixup);
  });
in

pkgs.stdenv.mkDerivation {
  name = "nixpkgs-hardening-bug";

  src = pkgs.writeText "src.c" "int main(int argc, char* argv[]) { return 0; }";
  NIX_HARDENING_ENABLE = "pie";

  unpackPhase = ":";
  buildPhase = ''
    $CC -c -o src.o $src
    bash -x ${patchWrapper linker}/bin/ld.lld -o $out @${pkgs.writeText "responsefile" "-shared"} src.o
  '';
}
```

Fixes: #178162
Signed-off-by: Peter Waller <p@pwaller.net>
2023-06-23 11:09:49 +01:00
..
add-opengl-runpath
agda Merge remote-tracking branch 'origin/master' into haskell-updates 2023-02-18 21:56:57 +01:00
alternatives lapack: force a rebuild on x86_64-darwin 2023-03-24 08:57:05 +01:00
appimage tree-wide: buildFHSUserEnv -> buildFHSEnv 2023-04-16 10:15:13 +02:00
binary-cache Introduce mkBinaryCache function 2023-02-07 16:16:07 -08:00
bintools-wrapper build-support: Use response-expanded params in pie test 2023-06-23 11:09:49 +01:00
build-bazel-package bazel_5: 5.4.0->5.4.1 2023-05-10 16:09:19 +02:00
build-fhsenv-bubblewrap Revert "Merge pull request #230693 from Atemu/fix/fhsenv-escape-runScript-path" 2023-05-22 11:34:04 -03:00
build-fhsenv-chroot buildFHSEnv: use default values as fallback for XDG_DATA_DIRS 2023-05-08 18:56:51 -03:00
build-graalvm-native-image buildGraalvmNativeImage: allow overwriting {build,install}Phase/nativeBuildInputs 2023-03-17 16:50:52 +00:00
build-setupcfg treewide: use lib.optionals 2023-02-14 19:11:59 +01:00
buildenv
cc-wrapper build-support: Use response-expanded params in pie test 2023-06-23 11:09:49 +01:00
coq treewide: deprecate isNull 2023-03-06 22:40:04 +01:00
dart buildDartApplication: add sigtool on darwin 2023-06-14 22:29:01 +03:00
deterministic-uname
dhall
docker nix-prefetch-docker: handle overrides correctly 2023-04-03 21:12:13 +03:00
dotnet buildDotnetModule: support native binaries in nuget packages 2023-06-21 17:06:30 +02:00
emacs emacs: add back support in wrapper for using passthru.treeSitter 2023-06-20 02:30:04 +12:00
expand-response-params
fake-nss
fetchbitbucket treewide: Make some fetchers overridable 2023-04-22 22:29:23 +02:00
fetchbower
fetchbzr fetchbzr: set cache directory to tmpdir 2023-03-01 04:20:00 +00:00
fetchcvs treewide: Make some fetchers overridable 2023-04-22 22:29:23 +02:00
fetchdarcs treewide: Make some fetchers overridable 2023-04-22 22:29:23 +02:00
fetchdocker treewide: don't hardcode /nix/store (no rebuilds changes) 2023-03-24 20:11:33 +02:00
fetchfirefoxaddon
fetchfossil treewide: use optionalString 2023-02-13 21:52:34 +01:00
fetchgit fetchgit: fetch submodules in parallel 2023-06-20 10:36:10 +01:00
fetchgitea treewide: Make some fetchers overridable 2023-04-22 22:29:23 +02:00
fetchgithub fetchgit: require sparseCheckout be a list of strings 2023-06-04 10:04:31 +02:00
fetchgitiles treewide: Make some fetchers overridable 2023-04-22 22:29:23 +02:00
fetchgitlab treewide: Make some fetchers overridable 2023-04-22 22:29:23 +02:00
fetchgitlocal treewide: Make some fetchers overridable 2023-04-22 22:29:23 +02:00
fetchgx
fetchhg fetchhg: allow specifying (sri) hash 2023-04-03 12:40:35 +02:00
fetchipfs
fetchmavenartifact fetchMavenArtifact: deprecate phases & use pname+version 2023-03-26 18:44:55 +02:00
fetchmtn
fetchnextcloudapp
fetchpatch fetchpatch: add decode test 2023-03-11 21:39:29 +00:00
fetchpypi
fetchrepoorcz
fetchrepoproject
fetchs3
fetchsavannah treewide: Make some fetchers overridable 2023-04-22 22:29:23 +02:00
fetchsourcehut fetchFromSourcehut: expose gitRepoUrl to consumers 2023-06-11 09:02:34 +01:00
fetchsvn
fetchsvnrevision
fetchsvnssh
fetchurl mirrors: Remove roy 2023-06-14 17:10:36 +10:00
fetchzip
flutter flutter: build-support: allow customizing wrapProgram args 2023-05-14 17:10:49 +02:00
go buildGo{Module,Package}: remove input argument "tags" 2023-05-31 07:14:18 +10:00
icon-conv-tools
install-shell-files
java
kernel makeInitrdNGTool: better errors 2023-05-25 13:26:05 -07:00
libredirect
make-darwin-bundle
make-desktopitem treewide: deprecate isNull 2023-03-06 22:40:04 +01:00
make-hardcode-gsettings-patch
make-pkgconfigitem
make-startupitem
mkshell mkShell: set preferLocalBuild by default 2023-02-22 11:53:51 +01:00
mono-dll-fixer
nix-gitignore
node npmHooks.npmInstallHook: allow disabling npm prune invocation 2023-05-28 00:47:54 -04:00
nuke-references treewide: use optionalString 2023-02-13 21:52:34 +01:00
ocaml ocamlPackages: default to version 3 of Dune 2023-05-12 05:50:40 +02:00
oci-tools
pkg-config-wrapper
portable-service
prefer-remote-fetch
references-by-popularity
release treewide: don't hardcode /nix/store (no rebuilds changes) 2023-03-24 20:11:33 +02:00
remove-references-to Merge pull request #162447 from thefloweringash/remove-references-to-region 2023-05-17 12:34:28 +03:00
replace-secret
rust Merge staging-next into staging 2023-06-22 18:01:45 +00:00
setup-hooks makeWrapper: fix flag handling 2023-06-11 23:14:54 +03:00
singularity-tools apptainer, singularity: fix defaultPath and reflect upstream changes 2023-02-08 18:03:11 +08:00
snap
src-only nixos/tests: Test that Remote SSH can patch Node 2023-06-09 18:21:41 +10:00
substitute
substitute-files
templaterpm
testers testers.runNixOSTest: init 2023-05-11 19:12:07 +02:00
trivial-builders runCommand: set meta.position from the arguments 2023-06-14 23:27:45 +02:00
vm vmTools: download debs from snapshot URLs 2023-06-11 19:13:31 +00:00
wrapper-common wrapBintoolsWith: support LINK.EXE-style args in purity checks 2023-04-29 01:37:00 +00:00
writers writers.makePythonWriter: fix interpreter executable 2023-06-17 22:58:14 +03:00
build-maven.nix
build-pecl.nix
closure-info.nix
make-impure-test.nix
plugins.nix
replace-dependency.nix replaceDependency: use runCommandLocal 2023-03-01 14:36:49 +02:00
setup-systemd-units.nix
source-from-head-fun.nix