From d81cd04d232aef91e0c367c2de52a79272d77272 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Fri, 4 Apr 2025 18:03:19 +0200 Subject: [PATCH 1/8] Bump version --- .version | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.version b/.version index 90efbd4e3..9738a24f6 100644 --- a/.version +++ b/.version @@ -1 +1 @@ -2.28.0 +2.28.1 From 5c90b41715261120f69f7dd171bc2e6691ceab10 Mon Sep 17 00:00:00 2001 From: Robert Hensing Date: Sat, 5 Apr 2025 00:45:19 +0200 Subject: [PATCH 2/8] Add -Wundef to make #if FOO an error if not defined This commit has all the straightforward stuff. --- nix-meson-build-support/common/meson.build | 1 + src/build-remote/build-remote.cc | 4 ++-- src/libexpr-tests/main.cc | 2 +- src/libexpr/eval-gc.cc | 2 +- src/libmain/shared.cc | 4 ++-- src/libstore-tests/s3-binary-cache-store.cc | 1 + src/libstore/filetransfer.cc | 1 + src/libstore/globals.cc | 10 +++++----- src/libstore/include/nix/store/globals.hh | 2 +- src/libstore/include/nix/store/s3.hh | 2 +- src/libstore/optimise-store.cc | 3 ++- src/libstore/posix-fs-canonicalise.cc | 2 +- src/libstore/s3-binary-cache-store.cc | 1 + .../unix/build/local-derivation-goal.cc | 18 ++++++++++-------- src/libutil/archive.cc | 2 +- src/libutil/file-descriptor.cc | 2 +- src/libutil/file-system.cc | 2 +- src/libutil/fs-sink.cc | 2 +- .../include/nix/util/file-descriptor.hh | 4 ++-- src/libutil/terminal.cc | 2 +- src/libutil/unix/processes.cc | 2 +- src/nix/crash-handler.cc | 2 +- src/nix/unix/daemon.cc | 2 +- 23 files changed, 40 insertions(+), 33 deletions(-) diff --git a/nix-meson-build-support/common/meson.build b/nix-meson-build-support/common/meson.build index 67b6658f5..9d77831b3 100644 --- a/nix-meson-build-support/common/meson.build +++ b/nix-meson-build-support/common/meson.build @@ -10,6 +10,7 @@ add_project_arguments( '-Werror=suggest-override', '-Werror=switch', '-Werror=switch-enum', + '-Werror=undef', '-Werror=unused-result', '-Wignored-qualifiers', '-Wimplicit-fallthrough', diff --git a/src/build-remote/build-remote.cc b/src/build-remote/build-remote.cc index b4eaa389b..60247b735 100644 --- a/src/build-remote/build-remote.cc +++ b/src/build-remote/build-remote.cc @@ -5,7 +5,7 @@ #include #include #include -#if __APPLE__ +#ifdef __APPLE__ #include #endif @@ -225,7 +225,7 @@ static int main_build_remote(int argc, char * * argv) break; } -#if __APPLE__ +#ifdef __APPLE__ futimes(bestSlotLock.get(), NULL); #else futimens(bestSlotLock.get(), NULL); diff --git a/src/libexpr-tests/main.cc b/src/libexpr-tests/main.cc index 6fdaa9178..66afc2272 100644 --- a/src/libexpr-tests/main.cc +++ b/src/libexpr-tests/main.cc @@ -27,7 +27,7 @@ int main (int argc, char **argv) { settings.sandboxBuildDir = "/test-build-dir-instead-of-usual-build-dir"; #endif - #if __APPLE__ + #ifdef __APPLE__ // Avoid this error, when already running in a sandbox: // sandbox-exec: sandbox_apply: Operation not permitted settings.sandboxMode = smDisabled; diff --git a/src/libexpr/eval-gc.cc b/src/libexpr/eval-gc.cc index 6fc5ac334..bec668001 100644 --- a/src/libexpr/eval-gc.cc +++ b/src/libexpr/eval-gc.cc @@ -10,7 +10,7 @@ #if NIX_USE_BOEHMGC # include -# if __FreeBSD__ +# ifdef __FreeBSD__ # include # endif diff --git a/src/libmain/shared.cc b/src/libmain/shared.cc index 65bfcfbd5..7ff93f6d9 100644 --- a/src/libmain/shared.cc +++ b/src/libmain/shared.cc @@ -26,7 +26,7 @@ #include "nix/util/strings.hh" #include "main-config-private.hh" - +#include "nix/expr/config.hh" namespace nix { @@ -144,7 +144,7 @@ void initNix(bool loadConfig) if (sigaction(SIGUSR1, &act, 0)) throw SysError("handling SIGUSR1"); #endif -#if __APPLE__ +#ifdef __APPLE__ /* HACK: on darwin, we need can’t use sigprocmask with SIGWINCH. * Instead, add a dummy sigaction handler, and signalHandlerThread * can handle the rest. */ diff --git a/src/libstore-tests/s3-binary-cache-store.cc b/src/libstore-tests/s3-binary-cache-store.cc index be338084f..dbb414f2b 100644 --- a/src/libstore-tests/s3-binary-cache-store.cc +++ b/src/libstore-tests/s3-binary-cache-store.cc @@ -1,3 +1,4 @@ +#include "store-tests-config.hh" #if ENABLE_S3 # include diff --git a/src/libstore/filetransfer.cc b/src/libstore/filetransfer.cc index 9d83bfa13..2851ab048 100644 --- a/src/libstore/filetransfer.cc +++ b/src/libstore/filetransfer.cc @@ -8,6 +8,7 @@ #include "nix/util/callback.hh" #include "nix/util/signals.hh" +#include "store-config-private.hh" #if ENABLE_S3 #include #endif diff --git a/src/libstore/globals.cc b/src/libstore/globals.cc index a3633b084..6b93e34bb 100644 --- a/src/libstore/globals.cc +++ b/src/libstore/globals.cc @@ -25,7 +25,7 @@ # include #endif -#if __APPLE__ +#ifdef __APPLE__ # include "nix/util/processes.hh" #endif @@ -90,7 +90,7 @@ Settings::Settings() #endif /* chroot-like behavior from Apple's sandbox */ -#if __APPLE__ +#ifdef __APPLE__ sandboxPaths = tokenizeString("/System/Library/Frameworks /System/Library/PrivateFrameworks /bin/sh /bin/bash /private/tmp /private/var/tmp /usr/lib"); allowedImpureHostPrefixes = tokenizeString("/System/Library /usr/lib /dev /bin/sh"); #endif @@ -151,7 +151,7 @@ unsigned int Settings::getDefaultCores() return concurrency; } -#if __APPLE__ +#ifdef __APPLE__ static bool hasVirt() { int hasVMM; @@ -190,7 +190,7 @@ StringSet Settings::getDefaultSystemFeatures() features.insert("kvm"); #endif - #if __APPLE__ + #ifdef __APPLE__ if (hasVirt()) features.insert("apple-virt"); #endif @@ -374,7 +374,7 @@ void initLibStore(bool loadConfig) { [1] https://github.com/apple-oss-distributions/objc4/blob/01edf1705fbc3ff78a423cd21e03dfc21eb4d780/runtime/objc-initialize.mm#L614-L636 */ curl_global_init(CURL_GLOBAL_ALL); -#if __APPLE__ +#ifdef __APPLE__ /* On macOS, don't use the per-session TMPDIR (as set e.g. by sshd). This breaks build users because they don't have access to the TMPDIR, in particular in ‘nix-store --serve’. */ diff --git a/src/libstore/include/nix/store/globals.hh b/src/libstore/include/nix/store/globals.hh index 4c4395e05..38757bcd4 100644 --- a/src/libstore/include/nix/store/globals.hh +++ b/src/libstore/include/nix/store/globals.hh @@ -708,7 +708,7 @@ public: Setting allowedImpureHostPrefixes{this, {}, "allowed-impure-host-deps", "Which prefixes to allow derivations to ask for access to (primarily for Darwin)."}; -#if __APPLE__ +#ifdef __APPLE__ Setting darwinLogSandboxViolations{this, false, "darwin-log-sandbox-violations", "Whether to log Darwin sandbox access violations to the system log."}; #endif diff --git a/src/libstore/include/nix/store/s3.hh b/src/libstore/include/nix/store/s3.hh index c49fa3fb8..5ac5b9a9f 100644 --- a/src/libstore/include/nix/store/s3.hh +++ b/src/libstore/include/nix/store/s3.hh @@ -1,6 +1,6 @@ #pragma once ///@file - +#include "store-config-private.hh" #if ENABLE_S3 #include "nix/util/ref.hh" diff --git a/src/libstore/optimise-store.cc b/src/libstore/optimise-store.cc index 17e13758b..277795053 100644 --- a/src/libstore/optimise-store.cc +++ b/src/libstore/optimise-store.cc @@ -13,6 +13,7 @@ #include #include +#include "store-config-private.hh" namespace nix { @@ -96,7 +97,7 @@ void LocalStore::optimisePath_(Activity * act, OptimiseStats & stats, auto st = lstat(path); -#if __APPLE__ +#ifdef __APPLE__ /* HFS/macOS has some undocumented security feature disabling hardlinking for special files within .app dirs. Known affected paths include *.app/Contents/{PkgInfo,Resources/\*.lproj,_CodeSignature} and .DS_Store. diff --git a/src/libstore/posix-fs-canonicalise.cc b/src/libstore/posix-fs-canonicalise.cc index df51ba307..aeb35eab5 100644 --- a/src/libstore/posix-fs-canonicalise.cc +++ b/src/libstore/posix-fs-canonicalise.cc @@ -58,7 +58,7 @@ static void canonicalisePathMetaData_( { checkInterrupt(); -#if __APPLE__ +#ifdef __APPLE__ /* Remove flags, in particular UF_IMMUTABLE which would prevent the file from being garbage-collected. FIXME: Use setattrlist() to remove other attributes as well. */ diff --git a/src/libstore/s3-binary-cache-store.cc b/src/libstore/s3-binary-cache-store.cc index e76a508ba..4e51e728a 100644 --- a/src/libstore/s3-binary-cache-store.cc +++ b/src/libstore/s3-binary-cache-store.cc @@ -1,3 +1,4 @@ +#include "store-config-private.hh" #if ENABLE_S3 #include diff --git a/src/libstore/unix/build/local-derivation-goal.cc b/src/libstore/unix/build/local-derivation-goal.cc index 302569ac6..c7a0e3ccb 100644 --- a/src/libstore/unix/build/local-derivation-goal.cc +++ b/src/libstore/unix/build/local-derivation-goal.cc @@ -60,7 +60,7 @@ # include "nix/store/personality.hh" #endif -#if __APPLE__ +#ifdef __APPLE__ #include #include #include @@ -76,6 +76,8 @@ extern "C" int sandbox_init_with_parameters(const char *profile, uint64_t flags, #include "nix/util/strings.hh" #include "nix/util/signals.hh" +#include "store-config-private.hh" + namespace nix { void handleDiffHook( @@ -205,7 +207,7 @@ Goal::Co LocalDerivationGoal::tryLocalBuild() if (drvOptions->noChroot) throw Error("derivation '%s' has '__noChroot' set, " "but that's not allowed when 'sandbox' is 'true'", worker.store.printStorePath(drvPath)); -#if __APPLE__ +#ifdef __APPLE__ if (drvOptions->additionalSandboxProfile != "") throw Error("derivation '%s' specifies a sandbox profile, " "but this is only allowed when 'sandbox' is 'relaxed'", worker.store.printStorePath(drvPath)); @@ -548,7 +550,7 @@ void LocalDerivationGoal::startBuilder() /* Create a temporary directory where the build will take place. */ topTmpDir = createTempDir(settings.buildDir.get().value_or(""), "nix-build-" + std::string(drvPath.name()), false, false, 0700); -#if __APPLE__ +#ifdef __APPLE__ if (false) { #else if (useChroot) { @@ -826,7 +828,7 @@ void LocalDerivationGoal::startBuilder() #else if (drvOptions->useUidRange(*drv)) throw Error("feature 'uid-range' is not supported on this platform"); - #if __APPLE__ + #ifdef __APPLE__ /* We don't really have any parent prep work to do (yet?) All work happens in the child, instead. */ #else @@ -906,7 +908,7 @@ void LocalDerivationGoal::startBuilder() if (chown(slaveName.c_str(), buildUser->getUID(), 0)) throw SysError("changing owner of pseudoterminal slave"); } -#if __APPLE__ +#ifdef __APPLE__ else { if (grantpt(builderOut.get())) throw SysError("granting access to pseudoterminal slave"); @@ -1933,7 +1935,7 @@ void LocalDerivationGoal::runChild() for (auto & i : pathsInChroot) { if (i.second.source == "/proc") continue; // backwards compatibility - #if HAVE_EMBEDDED_SANDBOX_SHELL + #ifdef HAVE_EMBEDDED_SANDBOX_SHELL if (i.second.source == "__embedded_sandbox_shell__") { static unsigned char sh[] = { #include "embedded-sandbox-shell.gen.hh" @@ -2087,7 +2089,7 @@ void LocalDerivationGoal::runChild() throw SysError("setuid failed"); } -#if __APPLE__ +#ifdef __APPLE__ /* This has to appear before import statements. */ std::string sandboxProfile = "(version 1)\n"; @@ -2258,7 +2260,7 @@ void LocalDerivationGoal::runChild() for (auto & i : drv->args) args.push_back(rewriteStrings(i, inputRewrites)); -#if __APPLE__ +#ifdef __APPLE__ posix_spawnattr_t attrp; if (posix_spawnattr_init(&attrp)) diff --git a/src/libutil/archive.cc b/src/libutil/archive.cc index 143d01085..487873ce6 100644 --- a/src/libutil/archive.cc +++ b/src/libutil/archive.cc @@ -17,7 +17,7 @@ namespace nix { struct ArchiveSettings : Config { Setting useCaseHack{this, - #if __APPLE__ + #ifdef __APPLE__ true, #else false, diff --git a/src/libutil/file-descriptor.cc b/src/libutil/file-descriptor.cc index 042edbf55..4fc0f06cd 100644 --- a/src/libutil/file-descriptor.cc +++ b/src/libutil/file-descriptor.cc @@ -98,7 +98,7 @@ void AutoCloseFD::fsync() const result = #ifdef _WIN32 ::FlushFileBuffers(fd) -#elif __APPLE__ +#elif defined(__APPLE__) ::fcntl(fd, F_FULLFSYNC) #else ::fsync(fd) diff --git a/src/libutil/file-system.cc b/src/libutil/file-system.cc index c8161d270..c7cea4b58 100644 --- a/src/libutil/file-system.cc +++ b/src/libutil/file-system.cc @@ -574,7 +574,7 @@ Path createTempDir(const Path & tmpRoot, const Path & prefix, , mode #endif ) == 0) { -#if __FreeBSD__ +#ifdef __FreeBSD__ /* Explicitly set the group of the directory. This is to work around around problems caused by BSD's group ownership semantics (directories inherit the group of diff --git a/src/libutil/fs-sink.cc b/src/libutil/fs-sink.cc index aa46b3cd2..7b8fc3b2a 100644 --- a/src/libutil/fs-sink.cc +++ b/src/libutil/fs-sink.cc @@ -4,7 +4,7 @@ #include "nix/util/config-global.hh" #include "nix/util/fs-sink.hh" -#if _WIN32 +#ifdef _WIN32 # include # include "nix/util/file-path.hh" # include "nix/util/windows-error.hh" diff --git a/src/libutil/include/nix/util/file-descriptor.hh b/src/libutil/include/nix/util/file-descriptor.hh index 2e8b4ce10..4f13a9a8f 100644 --- a/src/libutil/include/nix/util/file-descriptor.hh +++ b/src/libutil/include/nix/util/file-descriptor.hh @@ -18,7 +18,7 @@ struct Source; * Operating System capability */ using Descriptor = -#if _WIN32 +#ifdef _WIN32 HANDLE #else int @@ -26,7 +26,7 @@ using Descriptor = ; const Descriptor INVALID_DESCRIPTOR = -#if _WIN32 +#ifdef _WIN32 INVALID_HANDLE_VALUE #else -1 diff --git a/src/libutil/terminal.cc b/src/libutil/terminal.cc index 77766fae1..fa0f7e871 100644 --- a/src/libutil/terminal.cc +++ b/src/libutil/terminal.cc @@ -2,7 +2,7 @@ #include "nix/util/environment-variables.hh" #include "nix/util/sync.hh" -#if _WIN32 +#ifdef _WIN32 # include # define WIN32_LEAN_AND_MEAN # include diff --git a/src/libutil/unix/processes.cc b/src/libutil/unix/processes.cc index c436076ee..4df0a7777 100644 --- a/src/libutil/unix/processes.cc +++ b/src/libutil/unix/processes.cc @@ -78,7 +78,7 @@ int Pid::kill() /* On BSDs, killing a process group will return EPERM if all processes in the group are zombies (or something like that). So try to detect and ignore that situation. */ -#if __FreeBSD__ || __APPLE__ +#if defined(__FreeBSD__) || defined(__APPLE__) if (errno != EPERM || ::kill(pid, 0) != 0) #endif logError(SysError("killing process %d", pid).info()); diff --git a/src/nix/crash-handler.cc b/src/nix/crash-handler.cc index 17d346ecc..d65773fa0 100644 --- a/src/nix/crash-handler.cc +++ b/src/nix/crash-handler.cc @@ -8,7 +8,7 @@ #include // Darwin and FreeBSD stdenv do not define _GNU_SOURCE but do have _Unwind_Backtrace. -#if __APPLE__ || __FreeBSD__ +#if defined(__APPLE__) || defined(__FreeBSD__) # define BOOST_STACKTRACE_GNU_SOURCE_NOT_REQUIRED #endif diff --git a/src/nix/unix/daemon.cc b/src/nix/unix/daemon.cc index 4e60ba102..1acf2bd5b 100644 --- a/src/nix/unix/daemon.cc +++ b/src/nix/unix/daemon.cc @@ -38,7 +38,7 @@ #include "nix/util/cgroup.hh" #endif -#if __APPLE__ || __FreeBSD__ +#if defined(__APPLE__) || defined(__FreeBSD__) #include #endif From bd2d5b7335ea1c3e756bf27b775729e580b0b27b Mon Sep 17 00:00:00 2001 From: Robert Hensing Date: Sat, 5 Apr 2025 00:46:06 +0200 Subject: [PATCH 3/8] Hack together a fix for the public headers Please fix this. --- src/libexpr/expr-config.hh | 3 +++ src/libexpr/include/nix/expr/config.hh | 1 + src/libexpr/include/nix/expr/meson.build | 1 + src/libexpr/meson.build | 11 +++++++++++ src/libmain/meson.build | 2 ++ src/libmain/package.nix | 5 +++++ src/libstore-tests/meson.build | 3 +++ src/libstore/meson.build | 8 +++++++- 8 files changed, 33 insertions(+), 1 deletion(-) create mode 100644 src/libexpr/expr-config.hh create mode 120000 src/libexpr/include/nix/expr/config.hh diff --git a/src/libexpr/expr-config.hh b/src/libexpr/expr-config.hh new file mode 100644 index 000000000..e28b461c0 --- /dev/null +++ b/src/libexpr/expr-config.hh @@ -0,0 +1,3 @@ +// TODO: Remove this damn file while keeping public config headers working +#error \ + "This file is a placeholder. It only exists so that meson accepts the symbolic link include/nix/expr/config.hh to this file, but we expect meson to overwrite it with the real file. Apparently that did not happen. I deeply apologize for this mess." diff --git a/src/libexpr/include/nix/expr/config.hh b/src/libexpr/include/nix/expr/config.hh new file mode 120000 index 000000000..45d3ca29d --- /dev/null +++ b/src/libexpr/include/nix/expr/config.hh @@ -0,0 +1 @@ +../../../expr-config.hh \ No newline at end of file diff --git a/src/libexpr/include/nix/expr/meson.build b/src/libexpr/include/nix/expr/meson.build index 01275e52e..3eb80de68 100644 --- a/src/libexpr/include/nix/expr/meson.build +++ b/src/libexpr/include/nix/expr/meson.build @@ -10,6 +10,7 @@ config_pub_h = configure_file( headers = [config_pub_h] + files( 'attr-path.hh', 'attr-set.hh', + 'config.hh', 'eval-cache.hh', 'eval-error.hh', 'eval-gc.hh', diff --git a/src/libexpr/meson.build b/src/libexpr/meson.build index 2e773938d..402bca0e1 100644 --- a/src/libexpr/meson.build +++ b/src/libexpr/meson.build @@ -79,6 +79,11 @@ config_priv_h = configure_file( output : 'expr-config-private.hh', ) +config_pub_h = configure_file( + configuration : configdata_pub, + output : 'expr-config.hh', +) + subdir('nix-meson-build-support/common') parser_tab = custom_target( @@ -163,6 +168,8 @@ subdir('primops') subdir('nix-meson-build-support/export-all-symbols') subdir('nix-meson-build-support/windows-version') +headers += [config_pub_h] + this_library = library( 'nixexpr', sources, @@ -181,4 +188,8 @@ install_headers(headers, subdir : 'nix/expr', preserve_path : true) libraries_private = [] +nixexpr_dep = declare_dependency( + include_directories : include_directories('.'), + link_with : this_library, +) subdir('nix-meson-build-support/export') diff --git a/src/libmain/meson.build b/src/libmain/meson.build index 414fc679f..4f78d265b 100644 --- a/src/libmain/meson.build +++ b/src/libmain/meson.build @@ -17,6 +17,8 @@ subdir('nix-meson-build-support/deps-lists') configdata = configuration_data() deps_private_maybe_subproject = [ + # This dependency may be very limited; was introduced for NIX_USE_BOEHMGC macro dependency + dependency('nix-expr'), ] deps_public_maybe_subproject = [ dependency('nix-util'), diff --git a/src/libmain/package.nix b/src/libmain/package.nix index 949603464..7b0a4dee7 100644 --- a/src/libmain/package.nix +++ b/src/libmain/package.nix @@ -6,6 +6,7 @@ nix-util, nix-store, + nix-expr, # Configuration Options @@ -33,6 +34,10 @@ mkMesonLibrary (finalAttrs: { ]; propagatedBuildInputs = [ + # FIXME: This is only here for the NIX_USE_BOEHMGC macro dependency + # Removing nix-expr will make the build more concurrent and is + # architecturally nice, perhaps. + nix-expr nix-util nix-store openssl diff --git a/src/libstore-tests/meson.build b/src/libstore-tests/meson.build index 1822a3520..eb3d14530 100644 --- a/src/libstore-tests/meson.build +++ b/src/libstore-tests/meson.build @@ -40,6 +40,9 @@ deps_private += gtest configdata = configuration_data() configdata.set_quoted('PACKAGE_VERSION', meson.project_version()) +aws_s3 = dependency('aws-cpp-sdk-s3', required : false) +configdata.set('ENABLE_S3', aws_s3.found().to_int()) + config_priv_h = configure_file( configuration : configdata, output : 'store-tests-config.hh', diff --git a/src/libstore/meson.build b/src/libstore/meson.build index 1ee11ec11..fecf2f449 100644 --- a/src/libstore/meson.build +++ b/src/libstore/meson.build @@ -158,6 +158,7 @@ if get_option('embedded-sandbox-shell') # The path to busybox is passed as a -D flag when compiling this_library. # This solution is inherited from the old make buildsystem # TODO: do this differently? + # TODO: at least define it unconditionally, so we get checking from -Wundef configdata_priv.set('HAVE_EMBEDDED_SANDBOX_SHELL', 1) hexdump = find_program('hexdump', native : true) embedded_sandbox_shell_gen = custom_target( @@ -181,6 +182,11 @@ config_priv_h = configure_file( output : 'store-config-private.hh', ) +config_pub_h = configure_file( + configuration : configdata_pub, + output : 'store-config.hh', +) + subdir('nix-meson-build-support/common') sources = files( @@ -362,7 +368,7 @@ this_library = library( install : true, ) -install_headers(headers, subdir : 'nix/store', preserve_path : true) +install_headers(headers + [ config_pub_h ], subdir : 'nix/store', preserve_path : true) libraries_private = [] From 615344fdf05334ffc25a85f30080ee970f0e1426 Mon Sep 17 00:00:00 2001 From: Robert Hensing Date: Sat, 5 Apr 2025 00:58:07 +0200 Subject: [PATCH 4/8] Fix more -Wundef, in darwin context --- src/libexpr-tests/main.cc | 2 +- src/libstore/filetransfer.cc | 4 +-- src/libstore/gc.cc | 4 +-- src/libstore/globals.cc | 8 ++--- src/libstore/include/nix/store/globals.hh | 14 ++++----- src/libstore/local-store.cc | 4 +-- src/libstore/store-api.cc | 2 +- .../unix/build/local-derivation-goal.cc | 30 +++++++++---------- src/libstore/unix/user-lock.cc | 6 ++-- src/libutil/current-process.cc | 8 ++--- src/libutil/file-descriptor.cc | 2 +- src/libutil/unix/file-descriptor.cc | 6 ++-- src/libutil/unix/processes.cc | 4 +-- src/libutil/unix/signals.cc | 2 +- src/nix/main.cc | 4 +-- src/nix/run.cc | 8 ++--- src/nix/unix/daemon.cc | 4 +-- 17 files changed, 56 insertions(+), 56 deletions(-) diff --git a/src/libexpr-tests/main.cc b/src/libexpr-tests/main.cc index 66afc2272..52cca53c4 100644 --- a/src/libexpr-tests/main.cc +++ b/src/libexpr-tests/main.cc @@ -14,7 +14,7 @@ int main (int argc, char **argv) { // Disable build hook. We won't be testing remote builds in these unit tests. If we do, fix the above build hook. settings.buildHook = {}; - #if __linux__ // should match the conditional around sandboxBuildDir declaration. + #ifdef __linux__ // should match the conditional around sandboxBuildDir declaration. // When building and testing nix within the host's Nix sandbox, our store dir will be located in the host's sandboxBuildDir, e.g.: // Host diff --git a/src/libstore/filetransfer.cc b/src/libstore/filetransfer.cc index 2851ab048..e85896224 100644 --- a/src/libstore/filetransfer.cc +++ b/src/libstore/filetransfer.cc @@ -13,7 +13,7 @@ #include #endif -#if __linux__ +#ifdef __linux__ # include "nix/util/namespaces.hh" #endif @@ -622,7 +622,7 @@ struct curlFileTransfer : public FileTransfer }); #endif - #if __linux__ + #ifdef __linux__ try { tryUnshareFilesystem(); } catch (nix::Error & e) { diff --git a/src/libstore/gc.cc b/src/libstore/gc.cc index cb3a3c1cd..dabfa4a5f 100644 --- a/src/libstore/gc.cc +++ b/src/libstore/gc.cc @@ -335,7 +335,7 @@ static std::string quoteRegexChars(const std::string & raw) return std::regex_replace(raw, specialRegex, R"(\$&)"); } -#if __linux__ +#ifdef __linux__ static void readFileRoots(const std::filesystem::path & path, UncheckedRoots & roots) { try { @@ -427,7 +427,7 @@ void LocalStore::findRuntimeRoots(Roots & roots, bool censor) } #endif -#if __linux__ +#ifdef __linux__ readFileRoots("/proc/sys/kernel/modprobe", unchecked); readFileRoots("/proc/sys/kernel/fbsplash", unchecked); readFileRoots("/proc/sys/kernel/poweroff_cmd", unchecked); diff --git a/src/libstore/globals.cc b/src/libstore/globals.cc index 6b93e34bb..1df0a846e 100644 --- a/src/libstore/globals.cc +++ b/src/libstore/globals.cc @@ -181,11 +181,11 @@ StringSet Settings::getDefaultSystemFeatures() actually require anything special on the machines. */ StringSet features{"nixos-test", "benchmark", "big-parallel"}; - #if __linux__ + #ifdef __linux__ features.insert("uid-range"); #endif - #if __linux__ + #ifdef __linux__ if (access("/dev/kvm", R_OK | W_OK) == 0) features.insert("kvm"); #endif @@ -205,7 +205,7 @@ StringSet Settings::getDefaultExtraPlatforms() if (std::string{NIX_LOCAL_SYSTEM} == "x86_64-linux" && !isWSL1()) extraPlatforms.insert("i686-linux"); -#if __linux__ +#ifdef __linux__ StringSet levels = computeLevels(); for (auto iter = levels.begin(); iter != levels.end(); ++iter) extraPlatforms.insert(*iter + "-linux"); @@ -224,7 +224,7 @@ StringSet Settings::getDefaultExtraPlatforms() bool Settings::isWSL1() { -#if __linux__ +#ifdef __linux__ struct utsname utsbuf; uname(&utsbuf); // WSL1 uses -Microsoft suffix diff --git a/src/libstore/include/nix/store/globals.hh b/src/libstore/include/nix/store/globals.hh index 38757bcd4..82211d8dc 100644 --- a/src/libstore/include/nix/store/globals.hh +++ b/src/libstore/include/nix/store/globals.hh @@ -34,7 +34,7 @@ struct MaxBuildJobsSetting : public BaseSetting }; const uint32_t maxIdsPerBuild = - #if __linux__ + #ifdef __linux__ 1 << 16 #else 1 @@ -467,7 +467,7 @@ public: )", {}, true, Xp::AutoAllocateUids}; Setting startId{this, - #if __linux__ + #ifdef __linux__ 0x34000000, #else 56930, @@ -476,7 +476,7 @@ public: "The first UID and GID to use for dynamic ID allocation."}; Setting uidCount{this, - #if __linux__ + #ifdef __linux__ maxIdsPerBuild * 128, #else 128, @@ -484,7 +484,7 @@ public: "id-count", "The number of UIDs/GIDs to use for dynamic ID allocation."}; - #if __linux__ + #ifdef __linux__ Setting useCgroups{ this, false, "use-cgroups", R"( @@ -596,7 +596,7 @@ public: Setting sandboxMode{ this, - #if __linux__ + #ifdef __linux__ smEnabled #else smDisabled @@ -671,7 +671,7 @@ public: )"}; #endif -#if __linux__ +#ifdef __linux__ Setting sandboxShmSize{ this, "50%", "sandbox-dev-shm-size", R"( @@ -1066,7 +1066,7 @@ public: // Don't document the machine-specific default value false}; -#if __linux__ +#ifdef __linux__ Setting filterSyscalls{ this, true, "filter-syscalls", R"( diff --git a/src/libstore/local-store.cc b/src/libstore/local-store.cc index e0699fac0..949f0f74f 100644 --- a/src/libstore/local-store.cc +++ b/src/libstore/local-store.cc @@ -38,7 +38,7 @@ # include #endif -#if __linux__ +#ifdef __linux__ # include # include # include @@ -575,7 +575,7 @@ void LocalStore::upgradeDBSchema(State & state) bind mount. So make the Nix store writable for this process. */ void LocalStore::makeStoreWritable() { -#if __linux__ +#ifdef __linux__ if (!isRootUser()) return; /* Check if /nix/store is on a read-only mount. */ struct statvfs stat; diff --git a/src/libstore/store-api.cc b/src/libstore/store-api.cc index a0104b96a..d3bccd7af 100644 --- a/src/libstore/store-api.cc +++ b/src/libstore/store-api.cc @@ -1300,7 +1300,7 @@ ref openStore(StoreReference && storeURI) return std::make_shared(params); else if (pathExists(settings.nixDaemonSocketFile)) return std::make_shared(params); - #if __linux__ + #ifdef __linux__ else if (!pathExists(stateDir) && params.empty() && !isRootUser() diff --git a/src/libstore/unix/build/local-derivation-goal.cc b/src/libstore/unix/build/local-derivation-goal.cc index c7a0e3ccb..b521e23bb 100644 --- a/src/libstore/unix/build/local-derivation-goal.cc +++ b/src/libstore/unix/build/local-derivation-goal.cc @@ -41,7 +41,7 @@ #endif /* Includes required for chroot support. */ -#if __linux__ +#ifdef __linux__ # include "nix/store/fchmodat2-compat.hh" # include # include @@ -129,7 +129,7 @@ LocalDerivationGoal::~LocalDerivationGoal() inline bool LocalDerivationGoal::needsHashRewrite() { -#if __linux__ +#ifdef __linux__ return !useChroot; #else /* Darwin requires hash rewriting even when sandboxing is enabled. */ @@ -170,7 +170,7 @@ void LocalDerivationGoal::killChild() void LocalDerivationGoal::killSandbox(bool getStats) { if (cgroup) { - #if __linux__ + #ifdef __linux__ auto stats = destroyCgroup(*cgroup); if (getStats) { buildResult.cpuUser = stats.cpuUser; @@ -222,14 +222,14 @@ Goal::Co LocalDerivationGoal::tryLocalBuild() auto & localStore = getLocalStore(); if (localStore.storeDir != localStore.realStoreDir.get()) { - #if __linux__ + #ifdef __linux__ useChroot = true; #else throw Error("building using a diverted store is not supported on this platform"); #endif } - #if __linux__ + #ifdef __linux__ if (useChroot) { if (!mountAndPidNamespacesSupported()) { if (!settings.sandboxFallback) @@ -405,7 +405,7 @@ void LocalDerivationGoal::cleanupPostOutputsRegisteredModeNonCheck() cleanupPostOutputsRegisteredModeCheck(); } -#if __linux__ +#ifdef __linux__ static void doBind(const Path & source, const Path & target, bool optional = false) { debug("bind mounting '%1%' to '%2%'", source, target); @@ -478,12 +478,12 @@ static void handleChildException(bool sendException) void LocalDerivationGoal::startBuilder() { if ((buildUser && buildUser->getUIDCount() != 1) - #if __linux__ + #ifdef __linux__ || settings.useCgroups #endif ) { - #if __linux__ + #ifdef __linux__ experimentalFeatureSettings.require(Xp::Cgroups); /* If we're running from the daemon, then this will return the @@ -729,7 +729,7 @@ void LocalDerivationGoal::startBuilder() pathsInChroot[i] = {i, true}; } -#if __linux__ +#ifdef __linux__ /* Create a temporary directory in which we set up the chroot environment using bind-mounts. We put it in the Nix store so that the build outputs can be moved efficiently from the @@ -943,7 +943,7 @@ void LocalDerivationGoal::startBuilder() /* Fork a child to build the package. */ -#if __linux__ +#ifdef __linux__ if (useChroot) { /* Set up private namespaces for the build: @@ -1143,7 +1143,7 @@ void LocalDerivationGoal::initTmpDir() { /* In a sandbox, for determinism, always use the same temporary directory. */ -#if __linux__ +#ifdef __linux__ tmpDirInSandbox = useChroot ? settings.sandboxBuildDir : tmpDir; #else tmpDirInSandbox = tmpDir; @@ -1646,7 +1646,7 @@ void LocalDerivationGoal::addDependency(const StorePath & path) debug("materialising '%s' in the sandbox", worker.store.printStorePath(path)); - #if __linux__ + #ifdef __linux__ Path source = worker.store.Store::toRealPath(path); Path target = chrootRootDir + worker.store.printStorePath(path); @@ -1696,7 +1696,7 @@ void LocalDerivationGoal::chownToBuilder(const Path & path) void setupSeccomp() { -#if __linux__ +#ifdef __linux__ if (!settings.filterSyscalls) return; #if HAVE_SECCOMP scmp_filter_ctx ctx; @@ -1816,7 +1816,7 @@ void LocalDerivationGoal::runChild() } catch (SystemError &) { } } -#if __linux__ +#ifdef __linux__ if (useChroot) { userNamespaceSync.writeSide = -1; @@ -2050,7 +2050,7 @@ void LocalDerivationGoal::runChild() /* Close all other file descriptors. */ unix::closeExtraFDs(); -#if __linux__ +#ifdef __linux__ linux::setPersonality(drv->platform); #endif diff --git a/src/libstore/unix/user-lock.cc b/src/libstore/unix/user-lock.cc index 770b00e2d..eb0bac887 100644 --- a/src/libstore/unix/user-lock.cc +++ b/src/libstore/unix/user-lock.cc @@ -10,7 +10,7 @@ namespace nix { -#if __linux__ +#ifdef __linux__ static std::vector get_group_list(const char *username, gid_t group_id) { @@ -94,7 +94,7 @@ struct SimpleUserLock : UserLock if (lock->uid == getuid() || lock->uid == geteuid()) throw Error("the Nix user should not be a member of '%s'", settings.buildUsersGroup); - #if __linux__ + #ifdef __linux__ /* Get the list of supplementary groups of this user. This is * usually either empty or contains a group such as "kvm". */ @@ -193,7 +193,7 @@ std::unique_ptr acquireUserLock(uid_t nrIds, bool useUserNamespace) bool useBuildUsers() { - #if __linux__ + #ifdef __linux__ static bool b = (settings.buildUsersGroup != "" || settings.autoAllocateUids) && isRootUser(); return b; #elif __APPLE__ diff --git a/src/libutil/current-process.cc b/src/libutil/current-process.cc index 4103c0515..8aef47146 100644 --- a/src/libutil/current-process.cc +++ b/src/libutil/current-process.cc @@ -13,7 +13,7 @@ # include #endif -#if __linux__ +#ifdef __linux__ # include # include "nix/util/cgroup.hh" # include "nix/util/namespaces.hh" @@ -23,7 +23,7 @@ namespace nix { unsigned int getMaxCPU() { - #if __linux__ + #ifdef __linux__ try { auto cgroupFS = getCgroupFS(); if (!cgroupFS) return 0; @@ -82,7 +82,7 @@ void restoreProcessContext(bool restoreMounts) unix::restoreSignals(); #endif if (restoreMounts) { - #if __linux__ + #ifdef __linux__ restoreMountNamespace(); #endif } @@ -106,7 +106,7 @@ std::optional getSelfExe() { static auto cached = []() -> std::optional { - #if __linux__ || __GNU__ + #if defined(__linux__) || defined(__GNU__) return readLink("/proc/self/exe"); #elif __APPLE__ char buf[1024]; diff --git a/src/libutil/file-descriptor.cc b/src/libutil/file-descriptor.cc index 4fc0f06cd..9e0827442 100644 --- a/src/libutil/file-descriptor.cc +++ b/src/libutil/file-descriptor.cc @@ -113,7 +113,7 @@ void AutoCloseFD::fsync() const void AutoCloseFD::startFsync() const { -#if __linux__ +#ifdef __linux__ if (fd != -1) { /* Ignore failure, since fsync must be run later anyway. This is just a performance optimization. */ ::sync_file_range(fd, 0, 0, SYNC_FILE_RANGE_WRITE); diff --git a/src/libutil/unix/file-descriptor.cc b/src/libutil/unix/file-descriptor.cc index 6ce307252..73ee49982 100644 --- a/src/libutil/unix/file-descriptor.cc +++ b/src/libutil/unix/file-descriptor.cc @@ -163,7 +163,7 @@ void Pipe::create() ////////////////////////////////////////////////////////////////////// -#if __linux__ || __FreeBSD__ +#if defined(__linux__) || defined(__FreeBSD__) static int unix_close_range(unsigned int first, unsigned int last, int flags) { #if !HAVE_CLOSE_RANGE @@ -179,7 +179,7 @@ void unix::closeExtraFDs() constexpr int MAX_KEPT_FD = 2; static_assert(std::max({STDIN_FILENO, STDOUT_FILENO, STDERR_FILENO}) == MAX_KEPT_FD); -#if __linux__ || __FreeBSD__ +#if defined(__linux__) || defined(__FreeBSD__) // first try to close_range everything we don't care about. if this // returns an error with these parameters we're running on a kernel // that does not implement close_range (i.e. pre 5.9) and fall back @@ -189,7 +189,7 @@ void unix::closeExtraFDs() } #endif -#if __linux__ +#ifdef __linux__ try { for (auto & s : std::filesystem::directory_iterator{"/proc/self/fd"}) { checkInterrupt(); diff --git a/src/libutil/unix/processes.cc b/src/libutil/unix/processes.cc index 4df0a7777..198243c20 100644 --- a/src/libutil/unix/processes.cc +++ b/src/libutil/unix/processes.cc @@ -190,7 +190,7 @@ static pid_t doFork(bool allowVfork, ChildWrapperFunction & fun) } -#if __linux__ +#ifdef __linux__ static int childEntry(void * arg) { auto & fun = *reinterpret_cast(arg); @@ -213,7 +213,7 @@ pid_t startProcess(std::function fun, const ProcessOptions & options) logger = makeSimpleLogger(); } try { -#if __linux__ +#ifdef __linux__ if (options.dieWithParent && prctl(PR_SET_PDEATHSIG, SIGKILL) == -1) throw SysError("setting death signal"); #endif diff --git a/src/libutil/unix/signals.cc b/src/libutil/unix/signals.cc index f1cb28527..665b9b096 100644 --- a/src/libutil/unix/signals.cc +++ b/src/libutil/unix/signals.cc @@ -105,7 +105,7 @@ void unix::setChildSignalMask(sigset_t * sigs) { assert(sigs); // C style function, but think of sigs as a reference -#if _POSIX_C_SOURCE >= 1 || _XOPEN_SOURCE || _POSIX_SOURCE +#if (defined(_POSIX_C_SOURCE) && _POSIX_C_SOURCE >= 1) || (defined(_XOPEN_SOURCE) && _XOPEN_SOURCE) || (defined(_POSIX_SOURCE) && _POSIX_SOURCE) sigemptyset(&savedSignalMask); // There's no "assign" or "copy" function, so we rely on (math) idempotence // of the or operator: a or a = a. diff --git a/src/nix/main.cc b/src/nix/main.cc index 6470213a2..a2c9dcf68 100644 --- a/src/nix/main.cc +++ b/src/nix/main.cc @@ -36,7 +36,7 @@ # include #endif -#if __linux__ +#ifdef __linux__ # include "nix/util/namespaces.hh" #endif @@ -384,7 +384,7 @@ void mainWrapped(int argc, char * * argv) "__build-remote", }); - #if __linux__ + #ifdef __linux__ if (isRootUser()) { try { saveMountNamespace(); diff --git a/src/nix/run.cc b/src/nix/run.cc index 64eab3ff3..146ae9ec9 100644 --- a/src/nix/run.cc +++ b/src/nix/run.cc @@ -12,7 +12,7 @@ #include "nix/expr/eval.hh" #include -#if __linux__ +#ifdef __linux__ # include # include "nix/store/personality.hh" #endif @@ -59,7 +59,7 @@ void execProgramInStore(ref store, throw SysError("could not execute chroot helper"); } -#if __linux__ +#ifdef __linux__ if (system) linux::setPersonality(*system); #endif @@ -153,7 +153,7 @@ void chrootHelper(int argc, char * * argv) while (p < argc) args.push_back(argv[p++]); -#if __linux__ +#ifdef __linux__ uid_t uid = getuid(); uid_t gid = getgid(); @@ -212,7 +212,7 @@ void chrootHelper(int argc, char * * argv) writeFile(fs::path{"/proc/self/uid_map"}, fmt("%d %d %d", uid, uid, 1)); writeFile(fs::path{"/proc/self/gid_map"}, fmt("%d %d %d", gid, gid, 1)); -#if __linux__ +#ifdef __linux__ if (system != "") linux::setPersonality(system); #endif diff --git a/src/nix/unix/daemon.cc b/src/nix/unix/daemon.cc index 1acf2bd5b..607a7bb01 100644 --- a/src/nix/unix/daemon.cc +++ b/src/nix/unix/daemon.cc @@ -34,7 +34,7 @@ #include #include -#if __linux__ +#ifdef __linux__ #include "nix/util/cgroup.hh" #endif @@ -317,7 +317,7 @@ static void daemonLoop(std::optional forceTrustClientOpt) // Get rid of children automatically; don't let them become zombies. setSigChldAction(true); - #if __linux__ + #ifdef __linux__ if (settings.useCgroups) { experimentalFeatureSettings.require(Xp::Cgroups); From 3bb46b73a80cebc4f66086505cc2cb4abe33b89b Mon Sep 17 00:00:00 2001 From: Robert Hensing Date: Sun, 6 Apr 2025 17:43:10 +0200 Subject: [PATCH 5/8] Fix undefined macro errors (cherry picked from commit 77b4bb74d54edf1597cad73a49b024ff82a30ee8) --- src/libstore/globals.cc | 2 +- src/libstore/unix/user-lock.cc | 2 +- src/libutil/current-process.cc | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/src/libstore/globals.cc b/src/libstore/globals.cc index 1df0a846e..c590ccf28 100644 --- a/src/libstore/globals.cc +++ b/src/libstore/globals.cc @@ -209,7 +209,7 @@ StringSet Settings::getDefaultExtraPlatforms() StringSet levels = computeLevels(); for (auto iter = levels.begin(); iter != levels.end(); ++iter) extraPlatforms.insert(*iter + "-linux"); -#elif __APPLE__ +#elif defined(__APPLE__) // Rosetta 2 emulation layer can run x86_64 binaries on aarch64 // machines. Note that we can’t force processes from executing // x86_64 in aarch64 environments or vice versa since they can diff --git a/src/libstore/unix/user-lock.cc b/src/libstore/unix/user-lock.cc index eb0bac887..2bee277f9 100644 --- a/src/libstore/unix/user-lock.cc +++ b/src/libstore/unix/user-lock.cc @@ -196,7 +196,7 @@ bool useBuildUsers() #ifdef __linux__ static bool b = (settings.buildUsersGroup != "" || settings.autoAllocateUids) && isRootUser(); return b; - #elif __APPLE__ + #elif defined(__APPLE__) static bool b = settings.buildUsersGroup != "" && isRootUser(); return b; #else diff --git a/src/libutil/current-process.cc b/src/libutil/current-process.cc index 8aef47146..926714ae8 100644 --- a/src/libutil/current-process.cc +++ b/src/libutil/current-process.cc @@ -108,7 +108,7 @@ std::optional getSelfExe() { #if defined(__linux__) || defined(__GNU__) return readLink("/proc/self/exe"); - #elif __APPLE__ + #elif defined(__APPLE__) char buf[1024]; uint32_t size = sizeof(buf); if (_NSGetExecutablePath(buf, &size) == 0) From 49b6766332e7754cd8cc2ee1dd2ccc958b284e54 Mon Sep 17 00:00:00 2001 From: Alexander Romanov Date: Sun, 6 Apr 2025 22:52:46 +0300 Subject: [PATCH 6/8] libflake: add lock file path to invalid json error Previously, when lock file contained invalid JSON nix reported a parser error without specifying the file it came from. This change adds flake.lock file path to the error message to avoid confusion. (cherry picked from commit e3873aa1a0b1881f4380dd53ceb5dbd49c69e2c4) --- src/libflake/flake/lockfile.cc | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/src/libflake/flake/lockfile.cc b/src/libflake/flake/lockfile.cc index ba6f18c57..646516caf 100644 --- a/src/libflake/flake/lockfile.cc +++ b/src/libflake/flake/lockfile.cc @@ -108,8 +108,13 @@ LockFile::LockFile( const fetchers::Settings & fetchSettings, std::string_view contents, std::string_view path) { - auto json = nlohmann::json::parse(contents); - + auto json = [=] { + try { + return nlohmann::json::parse(contents); + } catch (const nlohmann::json::parse_error & e) { + throw Error("Could not parse '%s': %s", path, e.what()); + } + }(); auto version = json.value("version", 0); if (version < 5 || version > 7) throw Error("lock file '%s' has unsupported version %d", path, version); From 7e96f317536605882388a4ec507ef761ff490e51 Mon Sep 17 00:00:00 2001 From: John Ericson Date: Sun, 6 Apr 2025 17:17:54 -0400 Subject: [PATCH 7/8] Clean some header related things. Revert most of "Hack together a fix for the public headers" - The `libmain` change is kept, and one more libmain change is made. (Need to update Meson and Nix per the package alike). - The S3 situation is fixed in a different way: the variable is public now, used in the header, and fixed accordingly. - Fix TODO for `HAVE_EMBEDDED_SANDBOX_SHELL` This reverts commit 2b51250534899329906273ae80463ccfe8455d08. (cherry picked from commit 3294b22a6845f08daf095ed425f16877da8ab040) --- src/libexpr/expr-config.hh | 3 --- src/libexpr/include/nix/expr/config.hh | 1 - src/libexpr/include/nix/expr/meson.build | 1 - src/libexpr/meson.build | 11 ---------- src/libmain/meson.build | 6 +++-- src/libstore-tests/meson.build | 3 --- src/libstore-tests/s3-binary-cache-store.cc | 7 +++--- src/libstore/filetransfer.cc | 6 ++--- .../nix/store/s3-binary-cache-store.hh | 10 +++++++-- src/libstore/include/nix/store/s3.hh | 2 +- src/libstore/meson.build | 22 ++++++++----------- src/libstore/s3-binary-cache-store.cc | 6 ++--- .../unix/build/local-derivation-goal.cc | 2 +- 13 files changed, 32 insertions(+), 48 deletions(-) delete mode 100644 src/libexpr/expr-config.hh delete mode 120000 src/libexpr/include/nix/expr/config.hh diff --git a/src/libexpr/expr-config.hh b/src/libexpr/expr-config.hh deleted file mode 100644 index e28b461c0..000000000 --- a/src/libexpr/expr-config.hh +++ /dev/null @@ -1,3 +0,0 @@ -// TODO: Remove this damn file while keeping public config headers working -#error \ - "This file is a placeholder. It only exists so that meson accepts the symbolic link include/nix/expr/config.hh to this file, but we expect meson to overwrite it with the real file. Apparently that did not happen. I deeply apologize for this mess." diff --git a/src/libexpr/include/nix/expr/config.hh b/src/libexpr/include/nix/expr/config.hh deleted file mode 120000 index 45d3ca29d..000000000 --- a/src/libexpr/include/nix/expr/config.hh +++ /dev/null @@ -1 +0,0 @@ -../../../expr-config.hh \ No newline at end of file diff --git a/src/libexpr/include/nix/expr/meson.build b/src/libexpr/include/nix/expr/meson.build index 3eb80de68..01275e52e 100644 --- a/src/libexpr/include/nix/expr/meson.build +++ b/src/libexpr/include/nix/expr/meson.build @@ -10,7 +10,6 @@ config_pub_h = configure_file( headers = [config_pub_h] + files( 'attr-path.hh', 'attr-set.hh', - 'config.hh', 'eval-cache.hh', 'eval-error.hh', 'eval-gc.hh', diff --git a/src/libexpr/meson.build b/src/libexpr/meson.build index 402bca0e1..2e773938d 100644 --- a/src/libexpr/meson.build +++ b/src/libexpr/meson.build @@ -79,11 +79,6 @@ config_priv_h = configure_file( output : 'expr-config-private.hh', ) -config_pub_h = configure_file( - configuration : configdata_pub, - output : 'expr-config.hh', -) - subdir('nix-meson-build-support/common') parser_tab = custom_target( @@ -168,8 +163,6 @@ subdir('primops') subdir('nix-meson-build-support/export-all-symbols') subdir('nix-meson-build-support/windows-version') -headers += [config_pub_h] - this_library = library( 'nixexpr', sources, @@ -188,8 +181,4 @@ install_headers(headers, subdir : 'nix/expr', preserve_path : true) libraries_private = [] -nixexpr_dep = declare_dependency( - include_directories : include_directories('.'), - link_with : this_library, -) subdir('nix-meson-build-support/export') diff --git a/src/libmain/meson.build b/src/libmain/meson.build index 4f78d265b..65fcb6239 100644 --- a/src/libmain/meson.build +++ b/src/libmain/meson.build @@ -17,12 +17,14 @@ subdir('nix-meson-build-support/deps-lists') configdata = configuration_data() deps_private_maybe_subproject = [ - # This dependency may be very limited; was introduced for NIX_USE_BOEHMGC macro dependency - dependency('nix-expr'), ] deps_public_maybe_subproject = [ dependency('nix-util'), dependency('nix-store'), + # FIXME: This is only here for the NIX_USE_BOEHMGC macro dependency + # Removing nix-expr will make the build more concurrent and is + # architecturally nice, perhaps. + dependency('nix-expr'), ] subdir('nix-meson-build-support/subprojects') diff --git a/src/libstore-tests/meson.build b/src/libstore-tests/meson.build index eb3d14530..1822a3520 100644 --- a/src/libstore-tests/meson.build +++ b/src/libstore-tests/meson.build @@ -40,9 +40,6 @@ deps_private += gtest configdata = configuration_data() configdata.set_quoted('PACKAGE_VERSION', meson.project_version()) -aws_s3 = dependency('aws-cpp-sdk-s3', required : false) -configdata.set('ENABLE_S3', aws_s3.found().to_int()) - config_priv_h = configure_file( configuration : configdata, output : 'store-tests-config.hh', diff --git a/src/libstore-tests/s3-binary-cache-store.cc b/src/libstore-tests/s3-binary-cache-store.cc index dbb414f2b..251e96172 100644 --- a/src/libstore-tests/s3-binary-cache-store.cc +++ b/src/libstore-tests/s3-binary-cache-store.cc @@ -1,10 +1,9 @@ -#include "store-tests-config.hh" -#if ENABLE_S3 +#include "nix/store/s3-binary-cache-store.hh" + +#if NIX_WITH_S3_SUPPORT # include -# include "nix/store/s3-binary-cache-store.hh" - namespace nix { TEST(S3BinaryCacheStore, constructConfig) diff --git a/src/libstore/filetransfer.cc b/src/libstore/filetransfer.cc index e85896224..49453f6df 100644 --- a/src/libstore/filetransfer.cc +++ b/src/libstore/filetransfer.cc @@ -9,7 +9,7 @@ #include "nix/util/signals.hh" #include "store-config-private.hh" -#if ENABLE_S3 +#if NIX_WITH_S3_SUPPORT #include #endif @@ -756,7 +756,7 @@ struct curlFileTransfer : public FileTransfer #endif } -#if ENABLE_S3 +#if NIX_WITH_S3_SUPPORT std::tuple parseS3Uri(std::string uri) { auto [path, params] = splitUriAndParams(uri); @@ -779,7 +779,7 @@ struct curlFileTransfer : public FileTransfer if (hasPrefix(request.uri, "s3://")) { // FIXME: do this on a worker thread try { -#if ENABLE_S3 +#if NIX_WITH_S3_SUPPORT auto [bucketName, key, params] = parseS3Uri(request.uri); std::string profile = getOr(params, "profile", ""); diff --git a/src/libstore/include/nix/store/s3-binary-cache-store.hh b/src/libstore/include/nix/store/s3-binary-cache-store.hh index eec2dc6ee..7bc04aa4a 100644 --- a/src/libstore/include/nix/store/s3-binary-cache-store.hh +++ b/src/libstore/include/nix/store/s3-binary-cache-store.hh @@ -1,9 +1,13 @@ #pragma once ///@file -#include "nix/store/binary-cache-store.hh" +#include "nix/store/config.hh" -#include +#if NIX_WITH_S3_SUPPORT + +# include "nix/store/binary-cache-store.hh" + +# include namespace nix { @@ -125,3 +129,5 @@ public: }; } + +#endif diff --git a/src/libstore/include/nix/store/s3.hh b/src/libstore/include/nix/store/s3.hh index 5ac5b9a9f..9c159ba0f 100644 --- a/src/libstore/include/nix/store/s3.hh +++ b/src/libstore/include/nix/store/s3.hh @@ -1,7 +1,7 @@ #pragma once ///@file #include "store-config-private.hh" -#if ENABLE_S3 +#if NIX_WITH_S3_SUPPORT #include "nix/util/ref.hh" diff --git a/src/libstore/meson.build b/src/libstore/meson.build index fecf2f449..66785e311 100644 --- a/src/libstore/meson.build +++ b/src/libstore/meson.build @@ -126,7 +126,8 @@ deps_private += sqlite # AWS C++ SDK has bad pkg-config. See # https://github.com/aws/aws-sdk-cpp/issues/2673 for details. aws_s3 = dependency('aws-cpp-sdk-s3', required : false) -configdata_priv.set('ENABLE_S3', aws_s3.found().to_int()) +# The S3 store definitions in the header will be hidden based on this variables. +configdata_pub.set('NIX_WITH_S3_SUPPORT', aws_s3.found().to_int()) if aws_s3.found() aws_s3 = declare_dependency( include_directories: include_directories(aws_s3.get_variable('includedir')), @@ -153,13 +154,13 @@ endforeach busybox = find_program(get_option('sandbox-shell'), required : false) +# This one goes in config.h +# The path to busybox is passed as a -D flag when compiling this_library. +# This solution is inherited from the old make buildsystem +# TODO: do this differently? +configdata_priv.set('HAVE_EMBEDDED_SANDBOX_SHELL', get_option('embedded-sandbox-shell').to_int()) + if get_option('embedded-sandbox-shell') - # This one goes in config.h - # The path to busybox is passed as a -D flag when compiling this_library. - # This solution is inherited from the old make buildsystem - # TODO: do this differently? - # TODO: at least define it unconditionally, so we get checking from -Wundef - configdata_priv.set('HAVE_EMBEDDED_SANDBOX_SHELL', 1) hexdump = find_program('hexdump', native : true) embedded_sandbox_shell_gen = custom_target( 'embedded-sandbox-shell.gen.hh', @@ -182,11 +183,6 @@ config_priv_h = configure_file( output : 'store-config-private.hh', ) -config_pub_h = configure_file( - configuration : configdata_pub, - output : 'store-config.hh', -) - subdir('nix-meson-build-support/common') sources = files( @@ -368,7 +364,7 @@ this_library = library( install : true, ) -install_headers(headers + [ config_pub_h ], subdir : 'nix/store', preserve_path : true) +install_headers(headers, subdir : 'nix/store', preserve_path : true) libraries_private = [] diff --git a/src/libstore/s3-binary-cache-store.cc b/src/libstore/s3-binary-cache-store.cc index 4e51e728a..87f5feb45 100644 --- a/src/libstore/s3-binary-cache-store.cc +++ b/src/libstore/s3-binary-cache-store.cc @@ -1,10 +1,10 @@ -#include "store-config-private.hh" -#if ENABLE_S3 +#include "nix/store/s3-binary-cache-store.hh" + +#if NIX_WITH_S3_SUPPORT #include #include "nix/store/s3.hh" -#include "nix/store/s3-binary-cache-store.hh" #include "nix/store/nar-info.hh" #include "nix/store/nar-info-disk-cache.hh" #include "nix/store/globals.hh" diff --git a/src/libstore/unix/build/local-derivation-goal.cc b/src/libstore/unix/build/local-derivation-goal.cc index b521e23bb..4d3813dc5 100644 --- a/src/libstore/unix/build/local-derivation-goal.cc +++ b/src/libstore/unix/build/local-derivation-goal.cc @@ -1935,7 +1935,7 @@ void LocalDerivationGoal::runChild() for (auto & i : pathsInChroot) { if (i.second.source == "/proc") continue; // backwards compatibility - #ifdef HAVE_EMBEDDED_SANDBOX_SHELL + #if HAVE_EMBEDDED_SANDBOX_SHELL if (i.second.source == "__embedded_sandbox_shell__") { static unsigned char sh[] = { #include "embedded-sandbox-shell.gen.hh" From efb0feb22b8121a6d36157764373e478db3e3968 Mon Sep 17 00:00:00 2001 From: John Ericson Date: Sun, 6 Apr 2025 17:57:43 -0400 Subject: [PATCH 8/8] Get rid of raw `-D` defines, always use private config files Now that we have the private vs public distinction, we can do this without leaking information downstream. (cherry picked from commit 7a7fe350d55803e3ff73bc0645b0c498b0a0eff9) --- src/libstore-tests/meson.build | 3 +- src/libstore/meson.build | 154 ++++++++++++++------------------- src/nix/man-pages.cc | 1 + src/nix/meson.build | 20 ++--- 4 files changed, 75 insertions(+), 103 deletions(-) diff --git a/src/libstore-tests/meson.build b/src/libstore-tests/meson.build index 1822a3520..8a1ff40f0 100644 --- a/src/libstore-tests/meson.build +++ b/src/libstore-tests/meson.build @@ -40,6 +40,8 @@ deps_private += gtest configdata = configuration_data() configdata.set_quoted('PACKAGE_VERSION', meson.project_version()) +configdata.set_quoted('NIX_STORE_DIR', nix_store.get_variable('storedir')) + config_priv_h = configure_file( configuration : configdata, output : 'store-tests-config.hh', @@ -89,7 +91,6 @@ this_exe = executable( include_directories : include_dirs, # TODO: -lrapidcheck, see ../libutil-support/build.meson link_args: linker_export_flags + ['-lrapidcheck'], - cpp_args : [ '-DNIX_STORE_DIR="' + nix_store.get_variable('storedir') + '"' ], # get main from gtest install : true, ) diff --git a/src/libstore/meson.build b/src/libstore/meson.build index 66785e311..d35cc2c0b 100644 --- a/src/libstore/meson.build +++ b/src/libstore/meson.build @@ -154,12 +154,14 @@ endforeach busybox = find_program(get_option('sandbox-shell'), required : false) -# This one goes in config.h -# The path to busybox is passed as a -D flag when compiling this_library. -# This solution is inherited from the old make buildsystem -# TODO: do this differently? configdata_priv.set('HAVE_EMBEDDED_SANDBOX_SHELL', get_option('embedded-sandbox-shell').to_int()) +if get_option('embedded-sandbox-shell') + configdata_priv.set_quoted('SANDBOX_SHELL', '__embedded_sandbox_shell__') +elif busybox.found() + configdata_priv.set_quoted('SANDBOX_SHELL', busybox.full_path()) +endif + if get_option('embedded-sandbox-shell') hexdump = find_program('hexdump', native : true) embedded_sandbox_shell_gen = custom_target( @@ -178,6 +180,66 @@ if get_option('embedded-sandbox-shell') generated_headers += embedded_sandbox_shell_gen endif +fs = import('fs') + +prefix = get_option('prefix') +# For each of these paths, assume that it is relative to the prefix unless +# it is already an absolute path (which is the default for store-dir, localstatedir, and log-dir). +path_opts = [ + # Meson built-ins. + 'datadir', + 'mandir', + 'libdir', + 'includedir', + 'libexecdir', + # Homecooked Nix directories. + 'store-dir', + 'localstatedir', + 'log-dir', +] +# For your grepping pleasure, this loop sets the following variables that aren't mentioned +# literally above: +# store_dir +# localstatedir +# log_dir +# profile_dir +foreach optname : path_opts + varname = optname.replace('-', '_') + path = get_option(optname) + if fs.is_absolute(path) + set_variable(varname, path) + else + set_variable(varname, prefix / path) + endif +endforeach + +# sysconfdir doesn't get anything installed to directly, and is only used to +# tell Nix where to look for nix.conf, so it doesn't get appended to prefix. +sysconfdir = get_option('sysconfdir') +if not fs.is_absolute(sysconfdir) + sysconfdir = '/' / sysconfdir +endif + +# Aside from prefix itself, each of these was made into an absolute path +# by joining it with prefix, unless it was already an absolute path +# (which is the default for store-dir, localstatedir, and log-dir). +configdata_priv.set_quoted('NIX_PREFIX', prefix) +configdata_priv.set_quoted('NIX_STORE_DIR', store_dir) +configdata_priv.set_quoted('NIX_DATA_DIR', datadir) +configdata_priv.set_quoted('NIX_STATE_DIR', localstatedir / 'nix') +configdata_priv.set_quoted('NIX_LOG_DIR', log_dir) +configdata_priv.set_quoted('NIX_CONF_DIR', sysconfdir / 'nix') +configdata_priv.set_quoted('NIX_MAN_DIR', mandir) + +lsof = find_program('lsof', required : false) +configdata_priv.set_quoted( + 'LSOF', + lsof.found() + ? lsof.full_path() + # Just look up on the PATH + : 'lsof', +) + config_priv_h = configure_file( configuration : configdata_priv, output : 'store-config-private.hh', @@ -265,89 +327,6 @@ else subdir('unix') endif -fs = import('fs') - -prefix = get_option('prefix') -# For each of these paths, assume that it is relative to the prefix unless -# it is already an absolute path (which is the default for store-dir, localstatedir, and log-dir). -path_opts = [ - # Meson built-ins. - 'datadir', - 'mandir', - 'libdir', - 'includedir', - 'libexecdir', - # Homecooked Nix directories. - 'store-dir', - 'localstatedir', - 'log-dir', -] -# For your grepping pleasure, this loop sets the following variables that aren't mentioned -# literally above: -# store_dir -# localstatedir -# log_dir -# profile_dir -foreach optname : path_opts - varname = optname.replace('-', '_') - path = get_option(optname) - if fs.is_absolute(path) - set_variable(varname, path) - else - set_variable(varname, prefix / path) - endif -endforeach - -# sysconfdir doesn't get anything installed to directly, and is only used to -# tell Nix where to look for nix.conf, so it doesn't get appended to prefix. -sysconfdir = get_option('sysconfdir') -if not fs.is_absolute(sysconfdir) - sysconfdir = '/' / sysconfdir -endif - -lsof = find_program('lsof', required : false) - -# Aside from prefix itself, each of these was made into an absolute path -# by joining it with prefix, unless it was already an absolute path -# (which is the default for store-dir, localstatedir, and log-dir). -cpp_str_defines = { - 'NIX_PREFIX': prefix, - 'NIX_STORE_DIR': store_dir, - 'NIX_DATA_DIR': datadir, - 'NIX_STATE_DIR': localstatedir / 'nix', - 'NIX_LOG_DIR': log_dir, - 'NIX_CONF_DIR': sysconfdir / 'nix', - 'NIX_MAN_DIR': mandir, -} - -if lsof.found() - lsof_path = lsof.full_path() -else - # Just look up on the PATH - lsof_path = 'lsof' -endif -cpp_str_defines += { - 'LSOF': lsof_path -} - -if get_option('embedded-sandbox-shell') - cpp_str_defines += { - 'SANDBOX_SHELL': '__embedded_sandbox_shell__' - } -elif busybox.found() - cpp_str_defines += { - 'SANDBOX_SHELL': busybox.full_path() - } -endif - -cpp_args = [] - -foreach name, value : cpp_str_defines - cpp_args += [ - '-D' + name + '=' + '"' + value + '"' - ] -endforeach - subdir('nix-meson-build-support/export-all-symbols') subdir('nix-meson-build-support/windows-version') @@ -358,7 +337,6 @@ this_library = library( config_priv_h, dependencies : deps_public + deps_private + deps_other, include_directories : include_dirs, - cpp_args : cpp_args, link_args: linker_export_flags, prelink : true, # For C++ static initializers install : true, diff --git a/src/nix/man-pages.cc b/src/nix/man-pages.cc index 8da439e7b..8585c164c 100644 --- a/src/nix/man-pages.cc +++ b/src/nix/man-pages.cc @@ -1,4 +1,5 @@ #include "man-pages.hh" +#include "cli-config-private.hh" #include "nix/util/file-system.hh" #include "nix/util/current-process.hh" #include "nix/util/environment-variables.hh" diff --git a/src/nix/meson.build b/src/nix/meson.build index b258778cc..3cb45f1f5 100644 --- a/src/nix/meson.build +++ b/src/nix/meson.build @@ -39,13 +39,16 @@ configdata = configuration_data() configdata.set_quoted('NIX_CLI_VERSION', meson.project_version()) fs = import('fs') +prefix = get_option('prefix') bindir = get_option('bindir') -if not fs.is_absolute(bindir) - bindir = get_option('prefix') / bindir -endif +bindir = fs.is_absolute(bindir) ? bindir : prefix / bindir configdata.set_quoted('NIX_BIN_DIR', bindir) +mandir = get_option('mandir') +mandir = fs.is_absolute(mandir) ? mandir : prefix / mandir +configdata.set_quoted('NIX_MAN_DIR', mandir) + config_priv_h = configure_file( configuration : configdata, output : 'cli-config-private.hh', @@ -174,16 +177,6 @@ if host_machine.system() != 'windows' ] endif -fs = import('fs') -prefix = get_option('prefix') - -mandir = get_option('mandir') -mandir = fs.is_absolute(mandir) ? mandir : prefix / mandir - -cpp_args= [ - '-DNIX_MAN_DIR="@0@"'.format(mandir) -] - include_dirs = [include_directories('.')] this_exe = executable( @@ -191,7 +184,6 @@ this_exe = executable( sources, dependencies : deps_private_subproject + deps_private + deps_other, include_directories : include_dirs, - cpp_args : cpp_args, link_args: linker_export_flags, install : true, )