stdenvBootstrapTools: Bundle all *.o files from libc #253760
Conversation
|
The build seems to work |
|
I don't know if this should target staging… :D |
|
If my understanding is correct the change itself won't trigger any rebuilds since the bootstrap tools are updated manually? 🤔 |
|
Right, but I wonder if the bootstrap tools should be updated as part of
this change "atomically"
Le jeu. 7 sept. 2023 à 03:46, Hubert Jasudowicz ***@***.***>
a écrit :
… If my understanding is correct the change itself won't trigger any
rebuilds since the bootstrap tools are updated manually? 🤔
—
Reply to this email directly, view it on GitHub
<#253760 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AACMZRDNUYVUSFOA3TZO2CLXZERO3ANCNFSM6AAAAAA4OEVSEA>
.
You are receiving this because you commented.Message ID:
***@***.***>
|
ofborg
bot
added
10.rebuild-darwin: 0
Include all runtime object files in output package, enabling different kinds of build modes - non-PIE, PIE, static PIE and profile-generated. Suggested by @trofi: NixOS#252310 (comment)
chivay
force-pushed
the
bootstrap-scrt
branch
from
79aed5b to
3cc00c9
Compare
chivay
changed the title
wegank
added
the
12.approvals: 1
There was a problem hiding this comment.
tested with
git apply - <<< $(curl "https://patch-diff.githubusercontent.com/raw/NixOS/nixpkgs/pull/253760.patch")
nix build ".#freshBootstrapTools.bootstrapFiles.bootstrapTools"
readlink -f result *copy*diff --git a/pkgs/stdenv/linux/bootstrap-files/x86_64.nix b/pkgs/stdenv/linux/bootstrap-files/x86_64.nix
index bdfa98c89cbc..4c8a72839162 100644
--- a/pkgs/stdenv/linux/bootstrap-files/x86_64.nix
+++ b/pkgs/stdenv/linux/bootstrap-files/x86_64.nix
@@ -2,8 +2,5 @@
(import ./i686.nix) //
{
- bootstrapTools = import <nix/fetchurl.nix> {
- url = "http://tarballs.nixos.org/stdenv-linux/x86_64/c5aabb0d603e2c1ea05f5a93b3be82437f5ebf31/bootstrap-tools.tar.xz";
- sha256 = "a5ce9c155ed09397614646c9717fc7cd94b1023d7b76b618d409e4fefd6e9d39";
- };
+ bootstrapTools = builtins.storePath /nix/store/lrpqbgnbcibsvx6w4fvwhppkrp4p0ls9-bootstrap-tools.tar.xz;
}git apply - <<< $(curl "https://patch-diff.githubusercontent.com/raw/NixOS/nixpkgs/pull/252310.patch")
nix build ".#bash" --impure
|
before |
wegank
added
12.approvals: 2
|
Tested aarch64-linux(native remote nixbuild.net) but i was not able to build because ping @lovesegfault who did a bootstrap update in #207135 all gcc bootstrap files have to be updated cross-trunk could be used like was done here https://github.com/NixOS/nixpkgs/blob/master/pkgs/stdenv/linux/bootstrap-files/armv7l.nix |
|
This should not have been merged without the associated bootstrap tarball updates. The process was not followed, and I am reverting this. |
|
It's unacceptable to ping me and merge the PR 5 mins later, @Artturin. |
As far as I understand it we have to wait for a channel update to get the new files and then update the bootstrap-files, that is why I merged it. |
|
I suppose you could build all the cross files locally but that does not seem as convenient as using hydra |
…-scrt"" This reverts commit 3f46cdc.
This reverts commit 3f46cdc.
Description of changes
Scrt1.o is a critical file used for linking PIE binaries. Add it to the package to enable PIE-based hardening.Add all *.o files to the package to enable all build modes as suggested by @trofi in #252310 (comment)
This is a prerequisite for enabling PIE globally for all packages as seen in #252310
Things done
sandbox = trueset innix.conf? (See Nix manual)nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage./result/bin/)