quicksave

NixOS · Jan 2, 2022 · d5edc31 · d5edc31
1 parent c0aab7a
commit d5edc31
Show file tree

Hide file tree

Showing 4 changed files with 168 additions and 42 deletions.
diff --git a/pkgs/os-specific/solo5/default.nix b/pkgs/os-specific/solo5/default.nix
@@ -1,74 +1,134 @@
-{ lib, stdenv, fetchurl, pkg-config, libseccomp, util-linux, qemu }:
+{ lib, stdenv, fetchurl, pkg-config, libseccomp, util-linux, qemu, coreutils
+, writeShellScriptBin
+, pkgsHostTarget
+, pkgsBuildTarget
+, enableToolchain ? stdenv.targetPlatform.isSolo5
+}:
 
 let
-  version = "0.6.9";
-  # list of all theoretically available targets
-  targets = [
-    "genode"
-    "hvt"
-    "muen"
-    "spt"
-    "virtio"
-    "xen"
-  ];
-in stdenv.mkDerivation {
-  pname = "solo5";
+  version = "0.7.0";
+
+  hostTargetBintools = pkgsHostTarget.bintools;
+
+  # gcc is theoretical, since we can't compile it with libc == null atm
+  hostTargetCC =
+    if stdenv.targetPlatform.useLLVM or false
+    then pkgsHostTarget.llvmPackages.clang-unwrapped
+    else pkgsHostTarget.gcc-unwrapped;
+
+  unwrappedCompiler =
+    /**/ if hostTargetCC.isClang or false then "clang"
+    else if hostTargetCC.isGNU or false then "${targetPrefix}gcc"
+    else "${targetPrefix}cc";
+
+  # build->target uses wrapped ones, so stuff compiles properly
+  buildTargetCC =
+    if stdenv.targetPlatform.useLLVM or false
+    then pkgsBuildTarget.llvmPackages.clangNoLibcxx
+    else pkgsBuildTarget.gcc;
+
+  targetPrefix = "${stdenv.targetPlatform.config}-";
+in
+
+if !(enableToolchain -> (with stdenv.targetPlatform; isx86_64 || isAarch64))
+then throw "solo5 only supports aarch64 and x86_64 as targets"
+else
+
+stdenv.mkDerivation {
+  pname =
+    lib.optionalString enableToolchain targetPrefix
+    + "solo5"
+    + lib.optionalString (!enableToolchain) "-tools";
   inherit version;
 
+  depsBuildTarget = [ buildTargetCC ];
   nativeBuildInputs = [ pkg-config ];
   buildInputs = lib.optional (stdenv.hostPlatform.isLinux) libseccomp;
 
   src = fetchurl {
     url = "https://github.com/Solo5/solo5/releases/download/v${version}/solo5-v${version}.tar.gz";
-    sha256 = "03lvk9mab3yxrmi73wrvvhykqcydjrsda0wj6aasnjm5lx9jycpr";
+    sha256 = "132hjmwy0sh2ghx9gd8cbd5p9g7vx00afqcyd6snniw6ig9sxc1r";
   };
 
   hardeningEnable = [ "pie" ];
+  # -fPIC is passed after -fPIE and removes the __PIE__ CPP macro, stopping
+  # configure.sh from detecting PIE support.
+  hardeningDisable = [ "pic" ];
 
-  configurePhase = ''
-    runHook preConfigure
-    sh configure.sh
-    runHook postConfigure
-  '';
+  patches = [
+    ./pkg-config-env.patch
+  ];
 
-  enableParallelBuilding = true;
+  preConfigure = ''
+    export HOST_CC=$CC
+    export HOST_AR=$AR
+    export HOST_PKG_CONFIG=$PKG_CONFIG
 
-  installPhase = ''
-    runHook preInstall
-    export DESTDIR=$out
-    export PREFIX=$out
-    make install-tools
+    makeFlagsArray+=(
+      "SUBDIRS=elftool bindings tenders toolchain"
+    )
+  ''
+  + lib.optionalString enableToolchain ''
+    export TARGET_CC=$CC_FOR_TARGET
+    export TARGET_LD=$LD_FOR_TARGET
+    export TARGET_OBJCOPY=$OBJCOPY_FOR_TARGET
+  '';
 
-    # get CONFIG_* vars from Makeconf which also parse in sh
-    grep '^CONFIG_' Makeconf > nix_tmp_targetconf
-    source nix_tmp_targetconf
-    # install opam / pkg-config files for all enabled targets
-    ${lib.concatMapStrings (bind: ''
-      [ -n "$CONFIG_${lib.toUpper bind}" ] && make install-opam-${bind}
-    '') targets}
+  configureScript = "./configure.sh";
+  configurePlatforms = [ ]; # configure.sh doesn't know about these flags
+  configureFlags = lib.optionals (!enableToolchain) [ "--disable-toolchain" ];
 
-    runHook postInstall
-  '';
+  makeFlags = [
+    "HOSTAR=$(HOST_AR)" # TODO patch in HOST_AR for configure.sh
+    #"V=1"
+  ];
+
+  enableParallelBuilding = false; # TODO
 
-  doCheck = stdenv.hostPlatform.isLinux;
+  doCheck = enableToolchain
+    && stdenv.hostPlatform.isLinux
+    && !stdenv.hostPlatform.isAarch64
+    && false;
   checkInputs = [ util-linux qemu ];
   checkPhase = ''
     runHook preCheck
+    make $makeFlags tests
     patchShebangs tests
     ./tests/bats-core/bats ./tests/tests.bats
     runHook postCheck
   '';
 
+      #sed -i '2i export PATH=${
+      #  lib.makeBinPath [ hostTargetCC hostTargetBintools coreutils ]
+      #}' "$toolPath"
+  postInstall = ''
+    ls $out/bin
+    for tool in cc ld objcopy; do
+      toolPath="$out/bin/${stdenv.targetPlatform.parsed.cpu.name}-solo5-none-static-$tool"
+
+      substituteInPlace "$toolPath" \
+        --replace "exec $CC_FOR_TARGET" "exec ${hostTargetCC}/bin/${unwrappedCompiler}"
+
+      ln -s "$toolPath" "$out/bin/${targetPrefix}$tool"
+    done
+
+    ln -sL "$out/bin/${targetPrefix}cc" "$out/bin/${unwrappedCompiler}"
+  '';
+
+  passthru = {
+    isClang = hostTargetCC.isClang or false;
+    isGNU = hostTargetCC.isGNU or false;
+
+    bintools = hostTargetBintools;
+
+    inherit targetPrefix;
+  };
+
   meta = with lib; {
     description = "Sandboxed execution environment";
     homepage = "https://github.com/solo5/solo5";
     license = licenses.isc;
     maintainers = [ maintainers.ehmry ];
-    platforms = builtins.map ({arch, os}: "${arch}-${os}")
-      (cartesianProductOfSets {
-        arch = [ "aarch64" "x86_64" ];
-        os = [ "freebsd" "genode" "linux" "openbsd" ];
-      });
+    platforms = platforms.freebsd ++ platforms.linux ++ platforms.openbsd;
   };
-
 }
diff --git a/pkgs/os-specific/solo5/pkg-config-env.patch b/pkgs/os-specific/solo5/pkg-config-env.patch
@@ -0,0 +1,45 @@
+diff --git a/configure.sh b/configure.sh
+index a7b0949..2761b23 100755
+--- a/configure.sh
++++ b/configure.sh
+@@ -281,6 +281,8 @@ case ${HOST_CC_MACHINE} in
+         ;;
+ esac
+
++HOST_PKG_CONFIG=${HOST_PKG_CONFIG:-pkg-config}
++
+ CONFIG_SPT_TENDER_NO_PIE=
+ CONFIG_SPT_TENDER_LIBSECCOMP_CFLAGS=
+ CONFIG_SPT_TENDER_LIBSECCOMP_LDFLAGS=
+@@ -295,24 +297,24 @@ if [ -n "${CONFIG_SPT_TENDER}" ]; then
+         CONFIG_SPT_TENDER_NO_PIE=1
+     fi
+
+-    if ! command -v pkg-config >/dev/null; then
+-        die "pkg-config is required"
++    if ! command -v $HOST_PKG_CONFIG >/dev/null; then
++        die "pkg-config is required: $HOST_PKG_CONFIG not in PATH"
+     fi
+-    if ! pkg-config libseccomp; then
++    if ! $HOST_PKG_CONFIG libseccomp; then
+         die "libseccomp development headers are required"
+     else
+-        if ! pkg-config --atleast-version=2.3.3 libseccomp; then
++        if ! $HOST_PKG_CONFIG --atleast-version=2.3.3 libseccomp; then
+             # TODO Make this a hard error once there are no distros with
+             # libseccomp < 2.3.3 in the various CIs.
+             warn "libseccomp >= 2.3.3 is required" \
+                 "for correct spt tender operation"
+             warn "Proceeding anyway, expect tests to fail"
+-        elif ! pkg-config --atleast-version=2.4.1 libseccomp; then
++        elif ! $HOST_PKG_CONFIG --atleast-version=2.4.1 libseccomp; then
+             warn "libseccomp < 2.4.1 has known vulnerabilities"
+             warn "Proceeding anyway, but consider upgrading"
+         fi
+-        CONFIG_SPT_TENDER_LIBSECCOMP_CFLAGS="$(pkg-config --cflags libseccomp)"
+-        CONFIG_SPT_TENDER_LIBSECCOMP_LDLIBS="$(pkg-config --libs libseccomp)"
++        CONFIG_SPT_TENDER_LIBSECCOMP_CFLAGS="$($HOST_PKG_CONFIG --cflags libseccomp)"
++        CONFIG_SPT_TENDER_LIBSECCOMP_LDLIBS="$($HOST_PKG_CONFIG --libs libseccomp)"
+     fi
+     if ! CC="${HOST_CC}" PKG_CFLAGS="${CONFIG_SPT_TENDER_LIBSECCOMP_CFLAGS}" \
+         cc_check_header seccomp.h; then
diff --git a/pkgs/stdenv/cross/default.nix b/pkgs/stdenv/cross/default.nix
@@ -71,6 +71,8 @@ in lib.init bootStages ++ [
              then throw "no C compiler provided for this platform"
            else if crossSystem.isDarwin
              then buildPackages.llvmPackages.clang
+           else if crossSystem.isSolo5
+             then buildPackages.solo5-toolchain
            else if crossSystem.useLLVM or false
              then buildPackages.llvmPackages.clangUseLLVM
            else buildPackages.gcc;

diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
@@ -22912,7 +22912,26 @@ with pkgs;
 
   smimesign = callPackage ../os-specific/darwin/smimesign { };
 
-  solo5 = callPackage ../os-specific/solo5 { };
+  solo5 = callPackage ../os-specific/solo5 { }; # XXX
+  solo5-tools = callPackage ../os-specific/solo5 {
+    enableToolchain = false;
+  };
+
+  solo5-toolchain-unwrapped = callPackage ../os-specific/solo5 {
+    enableToolchain = true;
+  };
+
+  solo5-toolchain = wrapCCWith rec {
+    cc = solo5-toolchain-unwrapped;
+    inherit (solo5-toolchain-unwrapped) targetPrefix;
+    bintools = wrapBintoolsWith {
+      bintools = solo5-toolchain-unwrapped;
+    };
+    # XXX lol
+    extraBuildCommands = ''
+      echo "-target aarch64-unknown-linux" >> "$out/nix-support/cc-cflags"
+    '';
+  };
 
   speedometer = callPackage ../os-specific/linux/speedometer { };