diff --git a/pkgs/build-support/ocaml/default.nix b/pkgs/build-support/ocaml/default.nix index 88ed3dfc2c2f3..cd17eb688c2e4 100644 --- a/pkgs/build-support/ocaml/default.nix +++ b/pkgs/build-support/ocaml/default.nix @@ -1,6 +1,6 @@ { lib, stdenv, writeText, ocaml, findlib, ocamlbuild, camlp4 }: -{ name, version, buildInputs ? [], +{ name, version, nativeBuildInputs ? [], createFindlibDestdir ? true, dontStrip ? true, minimumSupportedOcamlVersion ? null, @@ -19,7 +19,7 @@ in stdenv.mkDerivation (args // { name = "ocaml-${name}-${version}"; - buildInputs = [ ocaml findlib ocamlbuild camlp4 ] ++ buildInputs; + nativeBuildInputs = [ ocaml findlib ocamlbuild camlp4 ] ++ nativeBuildInputs; setupHook = if setupHook == null && hasSharedObjects then writeText "setupHook.sh" '' diff --git a/pkgs/build-support/ocaml/dune.nix b/pkgs/build-support/ocaml/dune.nix index c049878d01311..6bdec501630e9 100644 --- a/pkgs/build-support/ocaml/dune.nix +++ b/pkgs/build-support/ocaml/dune.nix @@ -1,6 +1,6 @@ { lib, stdenv, ocaml, findlib, dune_1, dune_2 }: -{ pname, version, buildInputs ? [], enableParallelBuilding ? true, ... }@args: +{ pname, version, nativeBuildInputs ? [], enableParallelBuilding ? true, ... }@args: let Dune = if args.useDune2 or false then dune_2 else dune_1; in @@ -12,6 +12,8 @@ else stdenv.mkDerivation ({ inherit enableParallelBuilding; + dontAddStaticConfigureFlags = true; + configurePlatforms = []; buildPhase = '' runHook preBuild @@ -33,7 +35,7 @@ stdenv.mkDerivation ({ name = "ocaml${ocaml.version}-${pname}-${version}"; - buildInputs = [ ocaml Dune findlib ] ++ buildInputs; + nativeBuildInputs = [ ocaml Dune findlib ] ++ nativeBuildInputs; meta = (args.meta or {}) // { platforms = args.meta.platforms or ocaml.meta.platforms; }; diff --git a/pkgs/development/compilers/ocaml/generic.nix b/pkgs/development/compilers/ocaml/generic.nix index 2dd959600eacf..e4cec4cf52ed0 100644 --- a/pkgs/development/compilers/ocaml/generic.nix +++ b/pkgs/development/compilers/ocaml/generic.nix @@ -3,7 +3,7 @@ let versionNoPatch = "${toString major_version}.${toString minor_version}"; version = "${versionNoPatch}.${toString patch_version}"; - safeX11 = stdenv: !(stdenv.isAarch32 || stdenv.isMips); + safeX11 = stdenv: !(stdenv.isAarch32 || stdenv.isMips || stdenv.hostPlatform.isStatic); in { lib, stdenv, fetchurl, ncurses, buildEnv, libunwind @@ -13,7 +13,7 @@ in , spaceTimeSupport ? false }: -assert useX11 -> !stdenv.isAarch32 && !stdenv.isMips; +assert useX11 -> safeX11 stdenv; assert aflSupport -> lib.versionAtLeast version "4.05"; assert flambdaSupport -> lib.versionAtLeast version "4.03"; assert spaceTimeSupport -> lib.versionAtLeast version "4.04"; @@ -44,6 +44,8 @@ stdenv.mkDerivation (args // { inherit src; + strictDeps = true; + prefixKey = "-prefix "; configureFlags = let flags = new: old: @@ -56,7 +58,15 @@ stdenv.mkDerivation (args // { ++ optional aflSupport (flags "--with-afl" "-afl-instrument") ++ optional flambdaSupport (flags "--enable-flambda" "-flambda") ++ optional spaceTimeSupport (flags "--enable-spacetime" "-spacetime") - ; + ++ optional (stdenv.hostPlatform.isStatic && (lib.versionOlder version "4.08")) "-no-shared-libs" + ++ optionals (stdenv.hostPlatform != stdenv.buildPlatform && lib.versionOlder version "4.08") [ + "-host ${stdenv.hostPlatform.config}" + "-target ${stdenv.targetPlatform.config}" + ]; + dontAddStaticConfigureFlags = lib.versionOlder version "4.08"; + configurePlatforms = lib.optionals (lib.versionAtLeast version "4.08") [ "host" "target" ]; + # x86_64-unknown-linux-musl-ld: -r and -pie may not be used together + hardeningDisable = lib.optional (lib.versionAtLeast version "4.09" && stdenv.hostPlatform.isMusl) "pie"; buildFlags = [ "world" ] ++ optionals useNativeCompilers [ "bootstrap" "world.opt" ]; buildInputs = optional (!lib.versionAtLeast version "4.07") ncurses @@ -70,6 +80,8 @@ stdenv.mkDerivation (args // { # Do what upstream does by default now: https://github.com/ocaml/ocaml/pull/10176 # This is required for aarch64-darwin, everything else works as is. AS="${stdenv.cc}/bin/cc -c" ASPP="${stdenv.cc}/bin/cc -c" + '' + optionalString (lib.versionOlder version "4.08" && stdenv.hostPlatform.isStatic) '' + configureFlagsArray+=("-cc" "$CC" "-as" "$AS" "-partialld" "$LD -r") ''; postBuild = '' mkdir -p $out/include diff --git a/pkgs/development/interpreters/python/cpython/2.7/default.nix b/pkgs/development/interpreters/python/cpython/2.7/default.nix index ad2b7fe686056..fd7e684113e71 100644 --- a/pkgs/development/interpreters/python/cpython/2.7/default.nix +++ b/pkgs/development/interpreters/python/cpython/2.7/default.nix @@ -26,8 +26,8 @@ , sourceVersion , sha256 , passthruFun -, static ? false -, stripBytecode ? true +, static ? stdenv.hostPlatform.isStatic +, stripBytecode ? reproducibleBuild , rebuildBytecode ? true , reproducibleBuild ? false , enableOptimizations ? false @@ -187,8 +187,9 @@ let configureFlags = optionals enableOptimizations [ "--enable-optimizations" - ] ++ [ + ] ++ optionals (!static) [ "--enable-shared" + ] ++ [ "--with-threads" "--enable-unicode=ucs${toString ucsEncoding}" ] ++ optionals (stdenv.hostPlatform.isCygwin || stdenv.hostPlatform.isAarch64) [ @@ -226,6 +227,7 @@ let ++ optional stdenv.hostPlatform.isLinux "ac_cv_func_lchmod=no" ++ optional static "LDFLAGS=-static"; + strictDeps = true; buildInputs = optional (stdenv ? cc && stdenv.cc.libc != null) stdenv.cc.libc ++ [ bzip2 openssl zlib ] diff --git a/pkgs/development/interpreters/python/cpython/default.nix b/pkgs/development/interpreters/python/cpython/default.nix index 76a66a648d847..8e340dd3b1469 100644 --- a/pkgs/development/interpreters/python/cpython/default.nix +++ b/pkgs/development/interpreters/python/cpython/default.nix @@ -101,6 +101,8 @@ let version = with sourceVersion; "${major}.${minor}.${patch}${suffix}"; + strictDeps = true; + nativeBuildInputs = optionals (!stdenv.isDarwin) [ autoreconfHook ] ++ optionals (!stdenv.isDarwin && passthru.pythonAtLeast "3.10") [ @@ -287,10 +289,11 @@ in with passthru; stdenv.mkDerivation { PYTHONHASHSEED=0; configureFlags = [ - "--enable-shared" "--without-ensurepip" "--with-system-expat" "--with-system-ffi" + ] ++ optionals (!static) [ + "--enable-shared" ] ++ optionals enableOptimizations [ "--enable-optimizations" ] ++ optionals enableLTO [ diff --git a/pkgs/development/libraries/boost/generic.nix b/pkgs/development/libraries/boost/generic.nix index 7ea7902e0873f..2d8d13482eac4 100644 --- a/pkgs/development/libraries/boost/generic.nix +++ b/pkgs/development/libraries/boost/generic.nix @@ -189,6 +189,8 @@ stdenv.mkDerivation { configureScript = "./bootstrap.sh"; configurePlatforms = []; + dontDisableStatic = true; + dontAddStaticConfigureFlags = true; configureFlags = [ "--includedir=$(dev)/include" "--libdir=$(out)/lib" diff --git a/pkgs/development/libraries/libbfd/default.nix b/pkgs/development/libraries/libbfd/default.nix index 499f04349b5de..1e2938d3a8e0e 100644 --- a/pkgs/development/libraries/libbfd/default.nix +++ b/pkgs/development/libraries/libbfd/default.nix @@ -30,6 +30,7 @@ stdenv.mkDerivation { # We update these ourselves dontUpdateAutotoolsGnuConfigScripts = true; + strictDeps = true; nativeBuildInputs = [ autoreconfHook bison ]; buildInputs = [ libiberty zlib.dev ]; @@ -37,9 +38,8 @@ stdenv.mkDerivation { configureFlags = [ "--enable-targets=all" "--enable-64-bit-bfd" "--enable-install-libbfd" - "--enable-shared" "--with-system-zlib" - ]; + ] ++ lib.optional (!stdenv.hostPlatform.isStatic) "--enable-shared"; enableParallelBuilding = true; diff --git a/pkgs/development/libraries/libxml2/default.nix b/pkgs/development/libraries/libxml2/default.nix index 1b58b4539e465..c98a1cbce0e9f 100644 --- a/pkgs/development/libraries/libxml2/default.nix +++ b/pkgs/development/libraries/libxml2/default.nix @@ -2,7 +2,7 @@ , zlib, xz, libintl, python, gettext, ncurses, findXMLCatalogs , pythonSupport ? enableShared && stdenv.buildPlatform == stdenv.hostPlatform , icuSupport ? false, icu ? null -, enableShared ? stdenv.hostPlatform.libc != "msvcrt" +, enableShared ? stdenv.hostPlatform.libc != "msvcrt" && !stdenv.hostPlatform.isStatic , enableStatic ? !enableShared }: @@ -40,6 +40,8 @@ stdenv.mkDerivation rec { ++ lib.optional pythonSupport "py" ++ lib.optional (enableStatic && enableShared) "static"; + strictDeps = true; + buildInputs = lib.optional pythonSupport python ++ lib.optional (pythonSupport && python?isPy2 && python.isPy2) gettext ++ lib.optional (pythonSupport && python?isPy3 && python.isPy3) ncurses diff --git a/pkgs/development/libraries/lzo/default.nix b/pkgs/development/libraries/lzo/default.nix index f5b0111a1a780..480e2bb909cd3 100644 --- a/pkgs/development/libraries/lzo/default.nix +++ b/pkgs/development/libraries/lzo/default.nix @@ -9,12 +9,14 @@ stdenv.mkDerivation rec { sha256 = "0wm04519pd3g8hqpjqhfr72q8qmbiwqaxcs3cndny9h86aa95y60"; }; - configureFlags = [ "--enable-shared" ]; + configureFlags = lib.optional (!stdenv.hostPlatform.isStatic) "--enable-shared" ; enableParallelBuilding = true; doCheck = true; # not cross; + strictDeps = true; + meta = with lib; { description = "Real-time data (de)compression library"; longDescription = '' diff --git a/pkgs/development/libraries/zlib/default.nix b/pkgs/development/libraries/zlib/default.nix index a9fadf46c4b2e..8d7cb3a48c885 100644 --- a/pkgs/development/libraries/zlib/default.nix +++ b/pkgs/development/libraries/zlib/default.nix @@ -57,11 +57,13 @@ stdenv.mkDerivation (rec { # and giving nothing builds both. # So we have 3 possible ways to build both: # `--static --shared`, `--shared` and giving nothing. - # Of these, we choose `--shared`, only because that's - # what we did in the past and we can avoid mass rebuilds this way. - # As a result, we pass `--static` only when we want just static. - configureFlags = lib.optional (static && !shared) "--static" + # Of these, we choose `--static --shared`, for clarity and simpler + # conditions. + configureFlags = lib.optional static "--static" ++ lib.optional shared "--shared"; + # We do the right thing manually, above, so don't need these. + dontDisableStatic = true; + dontAddStaticConfigureFlags = true; # Note we don't need to set `dontDisableStatic`, because static-disabling # works by grepping for `enable-static` in the `./configure` script diff --git a/pkgs/development/ocaml-modules/bolt/default.nix b/pkgs/development/ocaml-modules/bolt/default.nix index 54bc28697ec47..ea32d659f6465 100644 --- a/pkgs/development/ocaml-modules/bolt/default.nix +++ b/pkgs/development/ocaml-modules/bolt/default.nix @@ -42,6 +42,8 @@ EOF # The custom `configure` script does not expect the --prefix # option. Installation is handled by ocamlfind. dontAddPrefix = true; + dontAddStaticConfigureFlags = true; + configurePlatforms = []; createFindlibDestdir = true; diff --git a/pkgs/development/ocaml-modules/easy-format/default.nix b/pkgs/development/ocaml-modules/easy-format/default.nix index 6a3566fda2b61..161e263e129b1 100644 --- a/pkgs/development/ocaml-modules/easy-format/default.nix +++ b/pkgs/development/ocaml-modules/easy-format/default.nix @@ -12,7 +12,8 @@ stdenv.mkDerivation { sha256 = "00ga7mrlycjc99gzp3bgx6iwhf7i6j8856f8xzrf1yas7zwzgzm9"; }; - buildInputs = [ ocaml findlib ]; + nativeBuildInputs = [ ocaml findlib ]; + strictDeps = true; createFindlibDestdir = true; diff --git a/pkgs/development/ocaml-modules/gen/default.nix b/pkgs/development/ocaml-modules/gen/default.nix index 04d1a08166062..77fc0b63c55ed 100644 --- a/pkgs/development/ocaml-modules/gen/default.nix +++ b/pkgs/development/ocaml-modules/gen/default.nix @@ -12,7 +12,9 @@ stdenv.mkDerivation { sha256 = "14b8vg914nb0yp1hgxzm29bg692m0gqncjj43b599s98s1cwl92h"; }; - buildInputs = [ ocaml findlib ocamlbuild qtest ounit ]; + nativeBuildInputs = [ ocaml findlib ocamlbuild ]; + buildInputs = [ qtest ounit ]; + strictDeps = true; configureFlags = [ "--enable-tests" diff --git a/pkgs/development/ocaml-modules/hacl-star/raw.nix b/pkgs/development/ocaml-modules/hacl-star/raw.nix index cd1217b97101a..aa787c9a91a07 100644 --- a/pkgs/development/ocaml-modules/hacl-star/raw.nix +++ b/pkgs/development/ocaml-modules/hacl-star/raw.nix @@ -25,6 +25,8 @@ stdenv.mkDerivation rec { installTargets = "install-hacl-star-raw"; dontAddPrefix = true; + dontAddStaticConfigureFlags = true; + configurePlatforms = []; buildInputs = [ which diff --git a/pkgs/development/ocaml-modules/janestreet/buildOcamlJane.nix b/pkgs/development/ocaml-modules/janestreet/buildOcamlJane.nix index fdb0d8034e690..62876e5eaf948 100644 --- a/pkgs/development/ocaml-modules/janestreet/buildOcamlJane.nix +++ b/pkgs/development/ocaml-modules/janestreet/buildOcamlJane.nix @@ -17,6 +17,8 @@ buildOcaml (args // { buildInputs = [ ocaml_oasis js_build_tools opaline ] ++ buildInputs; dontAddPrefix = true; + dontAddStaticConfigureFlags = true; + configurePlatforms = []; configurePhase = "./configure --prefix $out"; diff --git a/pkgs/development/ocaml-modules/janestreet/js-build-tools.nix b/pkgs/development/ocaml-modules/janestreet/js-build-tools.nix index ff03c209190d7..2f68ee8230e77 100644 --- a/pkgs/development/ocaml-modules/janestreet/js-build-tools.nix +++ b/pkgs/development/ocaml-modules/janestreet/js-build-tools.nix @@ -16,6 +16,8 @@ buildOcaml rec { buildInputs = [ ocaml_oasis opaline ]; dontAddPrefix = true; + dontAddStaticConfigureFlags = true; + configurePlatforms = []; configurePhase = "./configure --prefix $prefix"; installPhase = "opaline -prefix $prefix -libdir $OCAMLFIND_DESTDIR ${name}.install"; diff --git a/pkgs/development/ocaml-modules/javalib/default.nix b/pkgs/development/ocaml-modules/javalib/default.nix index d158e4216ab43..15678f89da3c1 100644 --- a/pkgs/development/ocaml-modules/javalib/default.nix +++ b/pkgs/development/ocaml-modules/javalib/default.nix @@ -25,6 +25,8 @@ stdenv.mkDerivation rec { configureScript = "./configure.sh"; dontAddPrefix = "true"; + dontAddStaticConfigureFlags = true; + configurePlatforms = []; propagatedBuildInputs = [ camlzip extlib ]; diff --git a/pkgs/development/ocaml-modules/labltk/default.nix b/pkgs/development/ocaml-modules/labltk/default.nix index 5a6daa54de39d..3161b56239d07 100644 --- a/pkgs/development/ocaml-modules/labltk/default.nix +++ b/pkgs/development/ocaml-modules/labltk/default.nix @@ -51,6 +51,8 @@ stdenv.mkDerivation rec { configureFlags = [ "--use-findlib" "--installbindir" "$(out)/bin" ]; dontAddPrefix = true; + dontAddStaticConfigureFlags = true; + configurePlatforms = []; buildFlags = [ "all" "opt" ]; diff --git a/pkgs/development/ocaml-modules/ocamlnet/default.nix b/pkgs/development/ocaml-modules/ocamlnet/default.nix index bdbbf1d8c67f0..5c3ca95bb0d8c 100644 --- a/pkgs/development/ocaml-modules/ocamlnet/default.nix +++ b/pkgs/development/ocaml-modules/ocamlnet/default.nix @@ -21,6 +21,8 @@ stdenv.mkDerivation rec { createFindlibDestdir = true; dontAddPrefix = true; + dontAddStaticConfigureFlags = true; + configurePlatforms = []; preConfigure = '' configureFlagsArray=( diff --git a/pkgs/development/ocaml-modules/ocsigen-server/default.nix b/pkgs/development/ocaml-modules/ocsigen-server/default.nix index 25d45d9aed9b1..96a66874c759d 100644 --- a/pkgs/development/ocaml-modules/ocsigen-server/default.nix +++ b/pkgs/development/ocaml-modules/ocsigen-server/default.nix @@ -40,6 +40,8 @@ buildDunePackage rec { configureFlags = [ "--root $(out)" "--prefix /" ]; dontAddPrefix = true; + dontAddStaticConfigureFlags = true; + configurePlatforms = []; postConfigure = '' make -C src confs diff --git a/pkgs/development/ocaml-modules/process/default.nix b/pkgs/development/ocaml-modules/process/default.nix index 34ca51f073926..aecf03987ab16 100644 --- a/pkgs/development/ocaml-modules/process/default.nix +++ b/pkgs/development/ocaml-modules/process/default.nix @@ -11,7 +11,8 @@ stdenv.mkDerivation rec { sha256 = "0m1ldah5r9gcq09d9jh8lhvr77910dygx5m309k1jm60ah9mdcab"; }; - buildInputs = [ ocaml findlib ocamlbuild ]; + nativeBuildInputs = [ ocaml findlib ocamlbuild ]; + strictDeps = true; createFindlibDestdir = true; diff --git a/pkgs/development/ocaml-modules/sawja/default.nix b/pkgs/development/ocaml-modules/sawja/default.nix index 68a8731201d6f..30ac2cfb22dda 100644 --- a/pkgs/development/ocaml-modules/sawja/default.nix +++ b/pkgs/development/ocaml-modules/sawja/default.nix @@ -31,6 +31,8 @@ stdenv.mkDerivation { configureScript = "./configure.sh"; dontAddPrefix = "true"; + dontAddStaticConfigureFlags = true; + configurePlatforms = []; propagatedBuildInputs = [ javalib ]; diff --git a/pkgs/development/ocaml-modules/seq/default.nix b/pkgs/development/ocaml-modules/seq/default.nix index aa0546dd390be..44503668ff0ad 100644 --- a/pkgs/development/ocaml-modules/seq/default.nix +++ b/pkgs/development/ocaml-modules/seq/default.nix @@ -20,7 +20,8 @@ stdenv.mkDerivation ({ sha256 = "1cjpsc7q76yfgq9iyvswxgic4kfq2vcqdlmxjdjgd4lx87zvcwrv"; }; - buildInputs = [ ocaml findlib ocamlbuild ]; + nativeBuildInputs = [ ocaml findlib ocamlbuild ]; + strictDeps = true; createFindlibDestdir = true; diff --git a/pkgs/development/ocaml-modules/syslog/default.nix b/pkgs/development/ocaml-modules/syslog/default.nix index c97f1225663ed..9614c404c5b91 100644 --- a/pkgs/development/ocaml-modules/syslog/default.nix +++ b/pkgs/development/ocaml-modules/syslog/default.nix @@ -13,7 +13,8 @@ stdenv.mkDerivation rec { sha256 = "1kqpc55ppzv9n555qgqpda49n7nvkqimzisyjx2a7338r7q4r5bw"; }; - buildInputs = [ ocaml findlib ]; + nativeBuildInputs = [ ocaml findlib ]; + strictDeps = true; buildFlags = [ "all" "opt" ]; diff --git a/pkgs/development/ocaml-modules/wasm/default.nix b/pkgs/development/ocaml-modules/wasm/default.nix index c89449264889d..4befff2721b97 100644 --- a/pkgs/development/ocaml-modules/wasm/default.nix +++ b/pkgs/development/ocaml-modules/wasm/default.nix @@ -15,7 +15,11 @@ stdenv.mkDerivation rec { sha256 = "1kp72yv4k176i94np0m09g10cviqp2pnpm7jmiq6ik7fmmbknk7c"; }; - buildInputs = [ ocaml findlib ocamlbuild ]; + nativeBuildInputs = [ ocaml findlib ocamlbuild ]; + strictDeps = true; + + # x86_64-unknown-linux-musl-ld: -r and -pie may not be used together + hardeningDisable = lib.optional stdenv.hostPlatform.isStatic "pie"; makeFlags = [ "-C" "interpreter" ]; diff --git a/pkgs/development/ocaml-modules/zarith/default.nix b/pkgs/development/ocaml-modules/zarith/default.nix index eed6b158d4a6f..95351caee307b 100644 --- a/pkgs/development/ocaml-modules/zarith/default.nix +++ b/pkgs/development/ocaml-modules/zarith/default.nix @@ -17,11 +17,13 @@ stdenv.mkDerivation rec { sha256 = "1jslm1rv1j0ya818yh23wf3bb6hz7qqj9pn5fwl45y9mqyqa01s9"; }; - nativeBuildInputs = [ pkg-config ]; - buildInputs = [ ocaml findlib ]; + nativeBuildInputs = [ pkg-config ocaml findlib ]; propagatedBuildInputs = [ gmp ]; + strictDeps = true; dontAddPrefix = true; + dontAddStaticConfigureFlags = true; + configurePlatforms = []; configureFlags = [ "-installdir ${placeholder "out"}/lib/ocaml/${ocaml.version}/site-lib" ]; preInstall = "mkdir -p $out/lib/ocaml/${ocaml.version}/site-lib/stublibs"; diff --git a/pkgs/development/tools/ocaml/dune/1.nix b/pkgs/development/tools/ocaml/dune/1.nix index ad908787911b8..74deb9d2fa556 100644 --- a/pkgs/development/tools/ocaml/dune/1.nix +++ b/pkgs/development/tools/ocaml/dune/1.nix @@ -1,4 +1,4 @@ -{ stdenv, lib, fetchurl, ocaml, findlib }: +{ stdenv, lib, fetchurl, ocaml, findlib, ncurses }: if !lib.versionAtLeast ocaml.version "4.02" || lib.versionAtLeast ocaml.version "4.12" @@ -13,7 +13,9 @@ stdenv.mkDerivation rec { sha256 = "1rkc8lqw30ifjaz8d81la6i8j05ffd0whpxqsbg6dci16945zjvp"; }; - buildInputs = [ ocaml findlib ]; + nativeBuildInputs = [ ocaml findlib ]; + buildInputs = [ ncurses ]; + strictDeps = true; buildFlags = [ "release" ]; makeFlags = [ @@ -22,6 +24,8 @@ stdenv.mkDerivation rec { ]; dontAddPrefix = true; + dontAddStaticConfigureFlags = true; + configurePlatforms = []; meta = with lib; { homepage = "https://dune.build/"; diff --git a/pkgs/development/tools/ocaml/dune/2.nix b/pkgs/development/tools/ocaml/dune/2.nix index 3945389e8cd11..16f33268cf1e8 100644 --- a/pkgs/development/tools/ocaml/dune/2.nix +++ b/pkgs/development/tools/ocaml/dune/2.nix @@ -13,11 +13,14 @@ stdenv.mkDerivation rec { sha256 = "07m476kgagpd6kzm3jq30yfxqspr2hychah0xfqs14z82zxpq8dv"; }; - buildInputs = [ ocaml findlib ]; + nativeBuildInputs = [ ocaml findlib ]; + strictDeps = true; buildFlags = "release"; dontAddPrefix = true; + dontAddStaticConfigureFlags = true; + configurePlatforms = []; installFlags = [ "PREFIX=${placeholder "out"}" "LIBDIR=$(OCAMLFIND_DESTDIR)" ]; diff --git a/pkgs/development/tools/ocaml/findlib/default.nix b/pkgs/development/tools/ocaml/findlib/default.nix index 2286c0945fcf0..497a8ce91c1d5 100644 --- a/pkgs/development/tools/ocaml/findlib/default.nix +++ b/pkgs/development/tools/ocaml/findlib/default.nix @@ -9,25 +9,23 @@ stdenv.mkDerivation rec { sha256 = "sha256-K0K4vVRIjWTEvzy3BUtLN70wwdwSvUMeoeTXrYqYD+I="; }; - buildInputs = [m4 ncurses ocaml]; + nativeBuildInputs = [m4 ocaml]; + buildInputs = [ ncurses ]; patches = [ ./ldconf.patch ./install_topfind.patch ]; dontAddPrefix=true; + dontAddStaticConfigureFlags = true; + configurePlatforms = []; - preConfigure='' - configureFlagsArray=( - -bindir $out/bin - -mandir $out/share/man - -sitelib $out/lib/ocaml/${ocaml.version}/site-lib - -config $out/etc/findlib.conf - ) - ''; + configureFlags = [ + "-bindir" "${placeholder "out"}/bin" + "-mandir" "${placeholder "out"}/share/man" + "-sitelib" "${placeholder "out"}/lib/ocaml/${ocaml.version}/site-lib" + "-config" "${placeholder "out"}/etc/findlib.conf" + ]; - buildPhase = '' - make all - make opt - ''; + buildFlags = [ "all" "opt" ]; setupHook = writeText "setupHook.sh" '' addOCamlPath () { @@ -37,6 +35,8 @@ stdenv.mkDerivation rec { if test -d "''$1/lib/ocaml/${ocaml.version}/site-lib/stublibs"; then export CAML_LD_LIBRARY_PATH="''${CAML_LD_LIBRARY_PATH-}''${CAML_LD_LIBRARY_PATH:+:}''$1/lib/ocaml/${ocaml.version}/site-lib/stublibs" fi + } + createOcamlDestDir () { export OCAMLFIND_DESTDIR="''$out/lib/ocaml/${ocaml.version}/site-lib/" if test -n "''${createFindlibDestdir-}"; then mkdir -p $OCAMLFIND_DESTDIR @@ -44,6 +44,7 @@ stdenv.mkDerivation rec { } addEnvHooks "$targetOffset" addOCamlPath + preConfigureHooks+=(createOcamlDestDir) ''; meta = { diff --git a/pkgs/development/tools/ocaml/ocamlbuild/default.nix b/pkgs/development/tools/ocaml/ocamlbuild/default.nix index 926838ede5456..e3043d46ee5ec 100644 --- a/pkgs/development/tools/ocaml/ocamlbuild/default.nix +++ b/pkgs/development/tools/ocaml/ocamlbuild/default.nix @@ -12,14 +12,22 @@ stdenv.mkDerivation rec { createFindlibDestdir = true; - buildInputs = [ ocaml findlib ]; + nativeBuildInputs = [ ocaml findlib ]; + strictDeps = true; + + # x86_64-unknown-linux-musl-ld: -r and -pie may not be used together + hardeningDisable = lib.optional stdenv.hostPlatform.isStatic "pie"; configurePhase = '' + runHook preConfigure + make -f configure.make Makefile.config \ "OCAMLBUILD_PREFIX=$out" \ "OCAMLBUILD_BINDIR=$out/bin" \ "OCAMLBUILD_MANDIR=$out/share/man" \ "OCAMLBUILD_LIBDIR=$OCAMLFIND_DESTDIR" + + runHook postConfigure ''; meta = with lib; { diff --git a/pkgs/development/tools/ocaml/opaline/default.nix b/pkgs/development/tools/ocaml/opaline/default.nix index 9cdacd289d493..d9ba33bb473e6 100644 --- a/pkgs/development/tools/ocaml/opaline/default.nix +++ b/pkgs/development/tools/ocaml/opaline/default.nix @@ -11,7 +11,8 @@ stdenv.mkDerivation rec { sha256 = "1aj1fdqymq3pnr39h47hn3kxk5v9pnwx0jap1z2jzh78x970z21m"; }; - buildInputs = with ocamlPackages; [ ocaml findlib ocamlbuild opam-file-format ]; + nativeBuildInputs = with ocamlPackages; [ ocaml findlib ocamlbuild ]; + buildInputs = with ocamlPackages; [ opam-file-format ]; preInstall = "mkdir -p $out/bin"; diff --git a/pkgs/stdenv/adapters.nix b/pkgs/stdenv/adapters.nix index 719f679982664..9e1c73a57db14 100644 --- a/pkgs/stdenv/adapters.nix +++ b/pkgs/stdenv/adapters.nix @@ -90,6 +90,24 @@ rec { }); }); + # Best effort static binaries. Will still be linked to libSystem, + # but more portable than Nix store binaries. + makeStaticDarwin = stdenv: stdenv.override (old: { + # extraBuildInputs are dropped in cross.nix, but darwin still needs them + extraBuildInputs = [ pkgs.buildPackages.darwin.CF ]; + mkDerivationFromStdenv = extendMkDerivationArgs old (args: { + NIX_CFLAGS_LINK = toString (args.NIX_CFLAGS_LINK or "") + + lib.optionalString (stdenv.cc.isGNU or false) " -static-libgcc"; + nativeBuildInputs = (args.nativeBuildInputs or []) ++ [ + (pkgs.buildPackages.makeSetupHook { + substitutions = { + libsystem = "${stdenv.cc.libc}/lib/libSystem.B.dylib"; + }; + } ./darwin/portable-libsystem.sh) + ]; + }); + }); + /* Modify a stdenv so that all buildInputs are implicitly propagated to consuming derivations diff --git a/pkgs/tools/networking/curl/default.nix b/pkgs/tools/networking/curl/default.nix index 984a6ecaaef8b..5dba94abe35bc 100644 --- a/pkgs/tools/networking/curl/default.nix +++ b/pkgs/tools/networking/curl/default.nix @@ -7,8 +7,9 @@ , gnutlsSupport ? false, gnutls ? null , wolfsslSupport ? false, wolfssl ? null , scpSupport ? zlibSupport && !stdenv.isSunOS && !stdenv.isCygwin, libssh2 ? null -, gssSupport ? with stdenv.hostPlatform; !( +, gssSupport ? with stdenv.hostPlatform; ( !isWindows && + # disable gss becuase of: undefined reference to `k5_bcmp' # a very sad story re static: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=439039 !isStatic && # the "mig" tool does not configure its compiler correctly. This could be @@ -63,6 +64,8 @@ stdenv.mkDerivation rec { enableParallelBuilding = true; + strictDeps = true; + nativeBuildInputs = [ pkg-config perl ]; # Zlib and OpenSSL must be propagated because `libcurl.la' contains @@ -93,15 +96,15 @@ stdenv.mkDerivation rec { "--without-ca-bundle" "--without-ca-path" # The build fails when using wolfssl with --with-ca-fallback - ( if wolfsslSupport then "--without-ca-fallback" else "--with-ca-fallback") + (lib.withFeature wolfsslSupport "ca-fallback") "--disable-manual" - ( if sslSupport then "--with-ssl=${openssl.dev}" else "--without-ssl" ) - ( if gnutlsSupport then "--with-gnutls=${gnutls.dev}" else "--without-gnutls" ) - ( if scpSupport then "--with-libssh2=${libssh2.dev}" else "--without-libssh2" ) - ( if ldapSupport then "--enable-ldap" else "--disable-ldap" ) - ( if ldapSupport then "--enable-ldaps" else "--disable-ldaps" ) - ( if idnSupport then "--with-libidn=${libidn.dev}" else "--without-libidn" ) - ( if brotliSupport then "--with-brotli" else "--without-brotli" ) + (lib.withFeatureAs sslSupport "ssl" openssl.dev) + (lib.withFeatureAs gnutlsSupport "gnutls" gnutls.dev) + (lib.withFeatureAs scpSupport "libssh2" libssh2.dev) + (lib.enableFeature ldapSupport "ldap") + (lib.enableFeature ldapSupport "ldaps") + (lib.withFeatureAs idnSupport "libidn" libidn.dev) + (lib.withFeature brotliSupport "brotli") ] ++ lib.optional wolfsslSupport "--with-wolfssl=${wolfssl.dev}" ++ lib.optional c-aresSupport "--enable-ares=${c-ares}" diff --git a/pkgs/top-level/static.nix b/pkgs/top-level/static.nix index 73fe6dbc8363a..3cc3f6b79f4b1 100644 --- a/pkgs/top-level/static.nix +++ b/pkgs/top-level/static.nix @@ -13,26 +13,9 @@ self: super: let inherit (super.stdenvAdapters) makeStaticBinaries makeStaticLibraries - propagateBuildInputs; - inherit (super.lib) foldl optional flip id composeExtensions optionalAttrs optionalString; - inherit (super) makeSetupHook; - - # Best effort static binaries. Will still be linked to libSystem, - # but more portable than Nix store binaries. - makeStaticDarwin = stdenv_: let stdenv = stdenv_.override { - # extraBuildInputs are dropped in cross.nix, but darwin still needs them - extraBuildInputs = [ self.buildPackages.darwin.CF ]; - }; in stdenv // { - mkDerivation = args: stdenv.mkDerivation (args // { - NIX_CFLAGS_LINK = toString (args.NIX_CFLAGS_LINK or "") - + optionalString (stdenv_.cc.isGNU or false) " -static-libgcc"; - nativeBuildInputs = (args.nativeBuildInputs or []) ++ [ (makeSetupHook { - substitutions = { - libsystem = "${stdenv.cc.libc}/lib/libSystem.B.dylib"; - }; - } ../stdenv/darwin/portable-libsystem.sh) ]; - }); - }; + propagateBuildInputs + makeStaticDarwin; + inherit (super.lib) foldl optional flip id composeExtensions; staticAdapters = optional super.stdenv.hostPlatform.isDarwin makeStaticDarwin @@ -47,60 +30,9 @@ self: super: let # ++ optional (super.stdenv.hostPlatform.libc == "glibc") ((flip overrideInStdenv) [ self.stdenv.glibc.static ]) ; - ocamlFixPackage = b: - b.overrideAttrs (o: { - configurePlatforms = [ ]; - dontAddStaticConfigureFlags = true; - buildInputs = o.buildInputs ++ o.nativeBuildInputs or [ ]; - propagatedNativeBuildInputs = o.propagatedBuildInputs or [ ]; - }); - - ocamlStaticAdapter = _: super: - self.lib.mapAttrs - (_: p: if p ? overrideAttrs then ocamlFixPackage p else p) - super - // { - lablgtk = null; # Currently xlibs cause infinite recursion - ocaml = ((super.ocaml.override { useX11 = false; }).overrideAttrs (o: { - configurePlatforms = [ ]; - dontUpdateAutotoolsGnuConfigScripts = true; - })).overrideDerivation (o: { - preConfigure = '' - configureFlagsArray+=("-cc" "$CC" "-as" "$AS" "-partialld" "$LD -r") - ''; - dontAddStaticConfigureFlags = true; - configureFlags = [ - "--no-shared-libs" - "-host ${o.stdenv.hostPlatform.config}" - "-target ${o.stdenv.targetPlatform.config}" - ]; - }); - }; - in { - stdenv = foldl (flip id) super.stdenv staticAdapters; - - boost = super.boost.override { - # Don’t use new stdenv for boost because it doesn’t like the - # --disable-shared flag - stdenv = super.stdenv; - }; + # Do not add new packages here! Instead use `stdenv.hostPlatform.isStatic` to + # write conditional code in the original package. - curl = super.curl.override { - # brotli doesn't build static (Mar. 2021) - brotliSupport = false; - # disable gss becuase of: undefined reference to `k5_bcmp' - gssSupport = false; - }; - - ocaml-ng = self.lib.mapAttrs (_: set: - if set ? overrideScope' then set.overrideScope' ocamlStaticAdapter else set - ) super.ocaml-ng; - - - zlib = super.zlib.override { - # Don’t use new stdenv zlib because - # it doesn’t like the --disable-shared flag - stdenv = super.stdenv; - }; + stdenv = foldl (flip id) super.stdenv staticAdapters; }