stdenv-setup: fix substituteAll with set -eu

[orivej]

Motivation for this change

Environment variable filter in substituteAll was not precise and produced undefined and invalid variable names. Vladimír Čunát tried to fix that in [1], but env -0 did not work during Darwin bootstrap, so [2] reverted this change and replaced an error due to invalid variables with a warning. Recently in #28057 John Ericson added set -u to setup.sh and undefined variables made the setup fail during e.g. nix-build -A gnat with setup: line 519: !varName: unbound variable.

This patch fixes the cause of such warnings as [3]:

 WARNING: substitution variables should be valid bash names,
   "ccLDFlags+" isn't and therefore was skipped; it might be caused
   by multi-line phases in variables - see #14907 for details.

[1] 62fc885
[2] 81df035
[3] #14907 (comment)

Things done

Tested building some packages (e.g. nix) on NixOS and Darwin.

• Tested using sandboxing
  (nix.useSandbox on NixOS,
  or option build-use-sandbox in nix.conf
  on non-NixOS)
• Built on platform(s)
  • NixOS
  • macOS
  • Linux
• Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
• Tested compilation of all pkgs that depend on this change using nix-shell -p nox --run "nox-review wip"
• Tested execution of all binary files (usually in ./result/bin/)
• Fits CONTRIBUTING.md.

[mention-bot]

@orivej, thanks for your PR! By analyzing the history of the files in this pull request, we identified @Ericson2314, @vcunat and @domenkozar to be potential reviewers.

[dezgeg]

Ugh, overriding a builtin feels dirty. Does env -0 work on Darwin? That should allow safe parsing even if the variable values contain newlines.

[orivej]

This is what 9e0d042 and [1] above tried to do, but env on Darwin does not understand -0.

[dezgeg]

How about awk 'BEGIN { for (v in ENVIRON) print v }' then?

I checked gawk is in Darwin bootstrap tools and ENVIRON is POSIX even (for stdenvNative).

[orivej]

Good idea!

[copumpkin]

env -0 works fine on Darwin inside most Nix contexts, because we just use the standard Nix tooling (coreutils, bash) in any pure context. The only place to be worried is the occasional script that runs under /bin/sh, where we can no longer control the PATH and bash being used.

[orivej]

@copumpkin setup.sh is needed on Darwin before any bash or env from nixpkgs is available. See 81df035.

[orivej]

@dezgeg

overriding a builtin feels dirty

Actually, overriding builtins with functions is well defined:

 2. If the name does not match a function, the shell searches for it in the list of shell builtins.

https://www.gnu.org/software/bash/manual/html_node/Command-Search-and-Execution.html

Nevertheless, I'm going to continue with awk for now.

Could someone test this on hydra? I have successfully built some packages on Linux and Darwin with this pull request, but I don't know how to test properly without hydra.

[copumpkin]

@orivej are you sure that's still true? I thought that was only true because nix-shell used the host bash, but now that we force it to use the Nix bash (and maybe coreutils?) we might be safer. If not, can we just force setup.sh to incorporate a fixed version of coreutils?

[orivej]

@copumpkin You are right, since 2bc7b4e Darwin always uses Bash from nixpkgs for setup.sh. However, over programs from bootstrap-tools (including env and awk) are not in PATH during early stages (when the shell is ${bootstrapTools}/bin/bash), e.g. env or awk 'BEGIN {}' at the beginning of setup.sh will cause failure, so it is not quite safe to use them at the moment… Currently bootstrap succeeds because early stages do not call substituteAll

[Ericson2314]

err in nix-shell, the impure bash will be used---I've certainly learned that! If any dependency has a setup hook or similar using substitute, it will be run when the nix-shell is entered.

[Ericson2314]

With or without awk seems fine to me. Thanks for fixing!

[Ericson2314]

You could just hardcode substitute(): too. That is what was there before, IIRC.

[orivej]

I'm not familiar with FUNCNAME. Why did you use it 5d693c8?

[Ericson2314]

No great reason, just in-case the code was moved elsewhere / general principle of things not knowing their own name.

[orivej]

If you want to replace ${FUNCNAME[0]} with substitute, I can do this in this pull request.

[Ericson2314]

I don't care which, I'd just like to have something saying what the function is.

[Ericson2314]

(I'll merge it after that.)

[orivej]

Ah, I did not get that you asked for the function name here too. Done.

[Ericson2314]

The >&2 should also still be there.

[orivej]

Thanks, didn't notice that.

[Ericson2314]

Thanks @orivej!