-
-
Notifications
You must be signed in to change notification settings - Fork 14.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Disallow references to nativeBuildInputs #49417
Disallow references to nativeBuildInputs #49417
Conversation
75a7714
to
7e4624c
Compare
Wooo! Long wanted to do this; it's a huge benefit to native users on this. The one thing is actually I think we need to do The other issue was that |
I think this addresses that. We do "build time deps" - "runtime deps" with lib.subtractLists. The dev output thing could be an issue still. |
Oh haha. I completely missed the Then the question is whether this is blacklist approach better than the whitelist approach. My guess is what we really want is nix-level propagation logic and a whitelist based on that. (Note that I really need to a get a hydra job up where I a) do |
I support this idea, but it seems nix has problems with disallowed references and multiple outputs derivations: NixOS/nix#2310 |
That only appears to happen with disallowedRequisites. |
Ah sorry. So hopefully it can work :) |
But I should probably remove the reference to disallowRequisites though just to be safe 😄 |
* uses meson now * crashes on start complaining schema not installed, so I added a postInstall that compiles the schema? Fixes the problem but I'm not particularly familiar with these bits so review appreciated.
It will only build on avr architectures.
Vanilla newlib doesn’t install nano.
Some of these paths are not in gcc-arm-embedded (instead binutils-arm-embedded).
not in newlib
not in newlib
7e4624c
to
42d252f
Compare
adf52e4
to
f4077af
Compare
When strictDeps = true, we don’t want native build inputs to end up in the output. For instance gcc is a builtin native build input and should only show up in an output if it is also listed in buildInputs. /cc @Ericson2314
f4077af
to
8dbfb61
Compare
@GrahamcOfBorg eval |
Woo!!! |
If a derivation sets |
This appears to be breaking kernel cross compilation (see #50915 (comment)), because the dev output refers to build perl, gcc and openssl. We could try to substitute these with host deps, but that really doesn't make sense. If something depends on the cross compiled kernel's dev output, it is going to be cross compiled as well, and it is likely going to run the scripts in the dev output at build time. Therefore these scripts need to refer to build packages or they will probably fail. This is not just true for the kernel; any cross compiled dev output is probably only going to be used on the build system, and therefore it doesn't make sense to disallow build references. Normally, this isn't a problem because the dev output is just headers that don't refer to anything. When there are scripts or makefiles that refer to other dependencies, this PR incorrectly breaks the build or we have to use hacks like putting It seems to me that disallowing native build inputs in dev outputs is conceptually incorrect. |
Agreed. Dev outputs are usually juts headers but there are enough corner cases to cause issues. I think the information from this is extremely valuable still - we just need to find a way to avoid the breakages. Anyway the cross-patch-shebangs branch has been reverted again! So we need to get that straightened out before we can do something like this either way. We will probably need to wait until something like NixOS/nix@3cd15c5 is widely available. Sorry for any inconveniences! Reverted in 7eeb02d. |
Motivation for this change
Someone at NixCon asked why we don't disallow references to GCC by default. I thought that was a good idea but realized it could be generalized to disallowing any native build input from appearing in the outputs. With strictDeps separation of native & non-native inputs, this is pretty straightforward and pretty generalizable.
If your package does need for instance "gcc" in the output (for instance a wrapper around gcc), you just need to also list it in buildInputs & it will no longer be in disallowed references.