Tagging release 2.28.1

-----BEGIN PGP SIGNATURE-----
 
 iQFHBAABCAAxFiEEtUHVUwEnDgvPFcpdgXC0cm1xmN4FAmfzku8THGVkb2xzdHJh
 QGdtYWlsLmNvbQAKCRCBcLRybXGY3ngWB/0e5vMSgZtARQXjuyexyJyy2m8JIQzJ
 Stw7dP0/oAvWYWuytez3jX4KC9xztMELblgZzXQhO72wIfzpa/CmxWQXVSaHm6Kq
 zYAWhxXz2HKGEPd8bS6eCFCZcrmChso7UN2WjrROYwB+1HO5S1rtOJtv2K1zvy5C
 xRMoOpSfKVfn63FoODhenW3UWbfeck5Dmb6eirPxvIMUIcDi2FeX5MVlklgNhxum
 351/Ymo5dxyK1pGmm8NrvB/3RSk7rVRUR+R4257lCmrN0g4gvM0G4MvxGm+XHMmC
 d/tmeU+JKPiXKFDSWmuTCmwCenu/q95QRadKST+Wls+qc4gHQLCaXfgn
 =hcKx
 -----END PGP SIGNATURE-----

Merge tag '2.28.1' into sync-2.28.0

Tagging release 2.28.1

.version

@@ -1 +1 @@
-2.28.0
+2.28.1

nix-meson-build-support/common/meson.build

@@ -10,6 +10,7 @@ add_project_arguments(
   '-Werror=suggest-override',
   '-Werror=switch',
   '-Werror=switch-enum',
+  '-Werror=undef',
   '-Werror=unused-result',
   '-Wignored-qualifiers',
   '-Wimplicit-fallthrough',

src/build-remote/build-remote.cc

@@ -5,7 +5,7 @@
 #include <memory>
 #include <tuple>
 #include <iomanip>
-#if __APPLE__
+#ifdef __APPLE__
 #include <sys/time.h>
 #endif
 
@@ -225,7 +225,7 @@ static int main_build_remote(int argc, char * * argv)
                     break;
                 }
 
-#if __APPLE__
+#ifdef __APPLE__
                 futimes(bestSlotLock.get(), NULL);
 #else
                 futimens(bestSlotLock.get(), NULL);

src/libexpr-tests/main.cc

@@ -14,7 +14,7 @@ int main (int argc, char **argv) {
     // Disable build hook. We won't be testing remote builds in these unit tests. If we do, fix the above build hook.
     settings.buildHook = {};
 
-    #if __linux__ // should match the conditional around sandboxBuildDir declaration.
+    #ifdef __linux__ // should match the conditional around sandboxBuildDir declaration.
 
     // When building and testing nix within the host's Nix sandbox, our store dir will be located in the host's sandboxBuildDir, e.g.:
     // Host
@@ -27,7 +27,7 @@ int main (int argc, char **argv) {
     settings.sandboxBuildDir = "/test-build-dir-instead-of-usual-build-dir";
     #endif
 
-    #if __APPLE__
+    #ifdef __APPLE__
     // Avoid this error, when already running in a sandbox:
     // sandbox-exec: sandbox_apply: Operation not permitted
     settings.sandboxMode = smDisabled;

src/libexpr/eval-gc.cc

@@ -10,7 +10,7 @@
 #if NIX_USE_BOEHMGC
 
 #  include <pthread.h>
-#  if __FreeBSD__
+#  ifdef __FreeBSD__
 #    include <pthread_np.h>
 #  endif
 

src/libflake/flake/lockfile.cc

@@ -108,8 +108,13 @@ LockFile::LockFile(
     const fetchers::Settings & fetchSettings,
     std::string_view contents, std::string_view path)
 {
-    auto json = nlohmann::json::parse(contents);
+    auto json = [=] {
-
+        try {
+            return nlohmann::json::parse(contents);
+        } catch (const nlohmann::json::parse_error & e) {
+            throw Error("Could not parse '%s': %s", path, e.what());
+        }
+    }();
     auto version = json.value("version", 0);
     if (version < 5 || version > 7)
         throw Error("lock file '%s' has unsupported version %d", path, version);

src/libmain/meson.build

@@ -21,6 +21,10 @@ deps_private_maybe_subproject = [
 deps_public_maybe_subproject = [
   dependency('nix-util'),
   dependency('nix-store'),
+  # FIXME: This is only here for the NIX_USE_BOEHMGC macro dependency
+  #        Removing nix-expr will make the build more concurrent and is
+  #        architecturally nice, perhaps.
+  dependency('nix-expr'),
 ]
 subdir('nix-meson-build-support/subprojects')
 

src/libmain/package.nix

@@ -6,6 +6,7 @@
 
   nix-util,
   nix-store,
+  nix-expr,
 
   # Configuration Options
 
@@ -33,6 +34,10 @@ mkMesonLibrary (finalAttrs: {
   ];
 
   propagatedBuildInputs = [
+    # FIXME: This is only here for the NIX_USE_BOEHMGC macro dependency
+    #        Removing nix-expr will make the build more concurrent and is
+    #        architecturally nice, perhaps.
+    nix-expr
     nix-util
     nix-store
     openssl

src/libmain/shared.cc

@@ -26,7 +26,7 @@
 #include "nix/util/strings.hh"
 
 #include "main-config-private.hh"
-
+#include "nix/expr/config.hh"
 
 namespace nix {
 
@@ -144,7 +144,7 @@ void initNix(bool loadConfig)
     if (sigaction(SIGUSR1, &act, 0)) throw SysError("handling SIGUSR1");
 #endif
 
-#if __APPLE__
+#ifdef __APPLE__
     /* HACK: on darwin, we need can’t use sigprocmask with SIGWINCH.
      * Instead, add a dummy sigaction handler, and signalHandlerThread
      * can handle the rest. */

src/libstore-tests/meson.build

@@ -40,6 +40,8 @@ deps_private += gtest
 configdata = configuration_data()
 configdata.set_quoted('PACKAGE_VERSION', meson.project_version())
 
+configdata.set_quoted('NIX_STORE_DIR', nix_store.get_variable('storedir'))
+
 config_priv_h = configure_file(
   configuration : configdata,
   output : 'store-tests-config.hh',
@@ -89,7 +91,6 @@ this_exe = executable(
   include_directories : include_dirs,
   # TODO: -lrapidcheck, see ../libutil-support/build.meson
   link_args: linker_export_flags + ['-lrapidcheck'],
-  cpp_args : [ '-DNIX_STORE_DIR="' + nix_store.get_variable('storedir') + '"' ],
   # get main from gtest
   install : true,
 )

src/libstore-tests/s3-binary-cache-store.cc

@@ -1,9 +1,9 @@
-#if ENABLE_S3
+#include "nix/store/s3-binary-cache-store.hh"
+
+#if NIX_WITH_S3_SUPPORT
 
 #  include <gtest/gtest.h>
 
-#  include "nix/store/s3-binary-cache-store.hh"
-
 namespace nix {
 
 TEST(S3BinaryCacheStore, constructConfig)

src/libstore/filetransfer.cc

@@ -8,11 +8,12 @@
 #include "nix/util/callback.hh"
 #include "nix/util/signals.hh"
 
-#if ENABLE_S3
+#include "store-config-private.hh"
+#if NIX_WITH_S3_SUPPORT
 #include <aws/core/client/ClientConfiguration.h>
 #endif
 
-#if __linux__
+#ifdef __linux__
 # include "nix/util/namespaces.hh"
 #endif
 
@@ -623,7 +624,7 @@ struct curlFileTransfer : public FileTransfer
         });
         #endif
 
-        #if __linux__
+        #ifdef __linux__
         try {
             tryUnshareFilesystem();
         } catch (nix::Error & e) {
@@ -757,7 +758,7 @@ struct curlFileTransfer : public FileTransfer
         #endif
     }
 
-#if ENABLE_S3
+#if NIX_WITH_S3_SUPPORT
     std::tuple<std::string, std::string, Store::Params> parseS3Uri(std::string uri)
     {
         auto [path, params] = splitUriAndParams(uri);
@@ -780,7 +781,7 @@ struct curlFileTransfer : public FileTransfer
         if (hasPrefix(request.uri, "s3://")) {
             // FIXME: do this on a worker thread
             try {
-#if ENABLE_S3
+#if NIX_WITH_S3_SUPPORT
                 auto [bucketName, key, params] = parseS3Uri(request.uri);
 
                 std::string profile = getOr(params, "profile", "");

src/libstore/gc.cc

@@ -335,7 +335,7 @@ static std::string quoteRegexChars(const std::string & raw)
     return std::regex_replace(raw, specialRegex, R"(\$&)");
 }
 
-#if __linux__
+#ifdef __linux__
 static void readFileRoots(const std::filesystem::path & path, UncheckedRoots & roots)
 {
     try {
@@ -427,7 +427,7 @@ void LocalStore::findRuntimeRoots(Roots & roots, bool censor)
     }
 #endif
 
-#if __linux__
+#ifdef __linux__
     readFileRoots("/proc/sys/kernel/modprobe", unchecked);
     readFileRoots("/proc/sys/kernel/fbsplash", unchecked);
     readFileRoots("/proc/sys/kernel/poweroff_cmd", unchecked);

src/libstore/globals.cc

@@ -25,7 +25,7 @@
 # include <dlfcn.h>
 #endif
 
-#if __APPLE__
+#ifdef __APPLE__
 # include "nix/util/processes.hh"
 #endif
 
@@ -90,7 +90,7 @@ Settings::Settings()
 #endif
 
     /* chroot-like behavior from Apple's sandbox */
-#if __APPLE__
+#ifdef __APPLE__
     sandboxPaths = tokenizeString<StringSet>("/System/Library/Frameworks /System/Library/PrivateFrameworks /bin/sh /bin/bash /private/tmp /private/var/tmp /usr/lib");
     allowedImpureHostPrefixes = tokenizeString<StringSet>("/System/Library /usr/lib /dev /bin/sh");
 #endif
@@ -151,7 +151,7 @@ unsigned int Settings::getDefaultCores()
       return concurrency;
 }
 
-#if __APPLE__
+#ifdef __APPLE__
 static bool hasVirt() {
 
     int hasVMM;
@@ -181,16 +181,16 @@ StringSet Settings::getDefaultSystemFeatures()
        actually require anything special on the machines. */
     StringSet features{"nixos-test", "benchmark", "big-parallel"};
 
-    #if __linux__
+    #ifdef __linux__
     features.insert("uid-range");
     #endif
 
-    #if __linux__
+    #ifdef __linux__
     if (access("/dev/kvm", R_OK | W_OK) == 0)
         features.insert("kvm");
     #endif
 
-    #if __APPLE__
+    #ifdef __APPLE__
     if (hasVirt())
         features.insert("apple-virt");
     #endif
@@ -205,11 +205,11 @@ StringSet Settings::getDefaultExtraPlatforms()
     if (std::string{NIX_LOCAL_SYSTEM} == "x86_64-linux" && !isWSL1())
         extraPlatforms.insert("i686-linux");
 
-#if __linux__
+#ifdef __linux__
     StringSet levels = computeLevels();
     for (auto iter = levels.begin(); iter != levels.end(); ++iter)
         extraPlatforms.insert(*iter + "-linux");
-#elif __APPLE__
+#elif defined(__APPLE__)
     // Rosetta 2 emulation layer can run x86_64 binaries on aarch64
     // machines. Note that we can’t force processes from executing
     // x86_64 in aarch64 environments or vice versa since they can
@@ -224,7 +224,7 @@ StringSet Settings::getDefaultExtraPlatforms()
 
 bool Settings::isWSL1()
 {
-#if __linux__
+#ifdef __linux__
     struct utsname utsbuf;
     uname(&utsbuf);
     // WSL1 uses -Microsoft suffix
@@ -376,7 +376,7 @@ void initLibStore(bool loadConfig) {
        [1] https://github.com/apple-oss-distributions/objc4/blob/01edf1705fbc3ff78a423cd21e03dfc21eb4d780/runtime/objc-initialize.mm#L614-L636
     */
     curl_global_init(CURL_GLOBAL_ALL);
-#if __APPLE__
+#ifdef __APPLE__
     /* On macOS, don't use the per-session TMPDIR (as set e.g. by
        sshd). This breaks build users because they don't have access
        to the TMPDIR, in particular in ‘nix-store --serve’. */

src/libstore/include/nix/store/globals.hh

@@ -34,7 +34,7 @@ struct MaxBuildJobsSetting : public BaseSetting<unsigned int>
 };
 
 const uint32_t maxIdsPerBuild =
-    #if __linux__
+    #ifdef __linux__
     1 << 16
     #else
     1
@@ -467,7 +467,7 @@ public:
         )", {}, true, Xp::AutoAllocateUids};
 
     Setting<uint32_t> startId{this,
-        #if __linux__
+        #ifdef __linux__
         0x34000000,
         #else
         56930,
@@ -476,7 +476,7 @@ public:
         "The first UID and GID to use for dynamic ID allocation."};
 
     Setting<uint32_t> uidCount{this,
-        #if __linux__
+        #ifdef __linux__
         maxIdsPerBuild * 128,
         #else
         128,
@@ -484,7 +484,7 @@ public:
         "id-count",
         "The number of UIDs/GIDs to use for dynamic ID allocation."};
 
-    #if __linux__
+    #ifdef __linux__
     Setting<bool> useCgroups{
         this, false, "use-cgroups",
         R"(
@@ -596,7 +596,7 @@ public:
 
     Setting<SandboxMode> sandboxMode{
         this,
-        #if __linux__
+        #ifdef __linux__
           smEnabled
         #else
           smDisabled
@@ -671,7 +671,7 @@ public:
         )"};
 #endif
 
-#if __linux__
+#ifdef __linux__
     Setting<std::string> sandboxShmSize{
         this, "50%", "sandbox-dev-shm-size",
         R"(
@@ -708,7 +708,7 @@ public:
     Setting<PathSet> allowedImpureHostPrefixes{this, {}, "allowed-impure-host-deps",
         "Which prefixes to allow derivations to ask for access to (primarily for Darwin)."};
 
-#if __APPLE__
+#ifdef __APPLE__
     Setting<bool> darwinLogSandboxViolations{this, false, "darwin-log-sandbox-violations",
         "Whether to log Darwin sandbox access violations to the system log."};
 #endif
@@ -1066,7 +1066,7 @@ public:
         // Don't document the machine-specific default value
         false};
 
-#if __linux__
+#ifdef __linux__
     Setting<bool> filterSyscalls{
         this, true, "filter-syscalls",
         R"(

src/libstore/include/nix/store/s3-binary-cache-store.hh

@@ -1,9 +1,13 @@
 #pragma once
 ///@file
 
-#include "nix/store/binary-cache-store.hh"
+#include "nix/store/config.hh"
 
-#include <atomic>
+#if NIX_WITH_S3_SUPPORT
+
+#  include "nix/store/binary-cache-store.hh"
+
+#  include <atomic>
 
 namespace nix {
 
@@ -125,3 +129,5 @@ public:
 };
 
 }
+
+#endif

src/libstore/include/nix/store/s3.hh

@@ -1,7 +1,7 @@
 #pragma once
 ///@file
-
+#include "store-config-private.hh"
-#if ENABLE_S3
+#if NIX_WITH_S3_SUPPORT
 
 #include "nix/util/ref.hh"
 

src/libstore/local-store.cc

@@ -38,7 +38,7 @@
 # include <grp.h>
 #endif
 
-#if __linux__
+#ifdef __linux__
 # include <sched.h>
 # include <sys/statvfs.h>
 # include <sys/mount.h>
@@ -575,7 +575,7 @@ void LocalStore::upgradeDBSchema(State & state)
    bind mount.  So make the Nix store writable for this process. */
 void LocalStore::makeStoreWritable()
 {
-#if __linux__
+#ifdef __linux__
     if (!isRootUser()) return;
     /* Check if /nix/store is on a read-only mount. */
     struct statvfs stat;

src/libstore/meson.build

@@ -130,7 +130,8 @@ deps_private += sqlite
 # AWS C++ SDK has bad pkg-config. See
 # https://github.com/aws/aws-sdk-cpp/issues/2673 for details.
 aws_s3 = dependency('aws-cpp-sdk-s3', required : false)
-configdata_priv.set('ENABLE_S3', aws_s3.found().to_int())
+# The S3 store definitions in the header will be hidden based on this variables.
+configdata_pub.set('NIX_WITH_S3_SUPPORT', aws_s3.found().to_int())
 if aws_s3.found()
   aws_s3 = declare_dependency(
     include_directories: include_directories(aws_s3.get_variable('includedir')),
@@ -157,12 +158,15 @@ endforeach
 
 busybox = find_program(get_option('sandbox-shell'), required : false)
 
+configdata_priv.set('HAVE_EMBEDDED_SANDBOX_SHELL', get_option('embedded-sandbox-shell').to_int())
+
+if get_option('embedded-sandbox-shell')
+  configdata_priv.set_quoted('SANDBOX_SHELL', '__embedded_sandbox_shell__')
+elif busybox.found()
+  configdata_priv.set_quoted('SANDBOX_SHELL', busybox.full_path())
+endif
+
 if get_option('embedded-sandbox-shell')
-  # This one goes in config.h
-  # The path to busybox is passed as a -D flag when compiling this_library.
-  # This solution is inherited from the old make buildsystem
-  # TODO: do this differently?
-  configdata_priv.set('HAVE_EMBEDDED_SANDBOX_SHELL', 1)
   hexdump = find_program('hexdump', native : true)
   embedded_sandbox_shell_gen = custom_target(
     'embedded-sandbox-shell.gen.hh',
@@ -180,6 +184,64 @@ if get_option('embedded-sandbox-shell')
   generated_headers += embedded_sandbox_shell_gen
 endif
 
+prefix = get_option('prefix')
+# For each of these paths, assume that it is relative to the prefix unless
+# it is already an absolute path (which is the default for store-dir, localstatedir, and log-dir).
+path_opts = [
+  # Meson built-ins.
+  'datadir',
+  'mandir',
+  'libdir',
+  'includedir',
+  'libexecdir',
+  # Homecooked Nix directories.
+  'store-dir',
+  'localstatedir',
+  'log-dir',
+]
+# For your grepping pleasure, this loop sets the following variables that aren't mentioned
+# literally above:
+# store_dir
+# localstatedir
+# log_dir
+# profile_dir
+foreach optname : path_opts
+  varname = optname.replace('-', '_')
+  path = get_option(optname)
+  if fs.is_absolute(path)
+    set_variable(varname, path)
+  else
+    set_variable(varname, prefix / path)
+  endif
+endforeach
+
+# sysconfdir doesn't get anything installed to directly, and is only used to
+# tell Nix where to look for nix.conf, so it doesn't get appended to prefix.
+sysconfdir = get_option('sysconfdir')
+if not fs.is_absolute(sysconfdir)
+  sysconfdir = '/' / sysconfdir
+endif
+
+# Aside from prefix itself, each of these was made into an absolute path
+# by joining it with prefix, unless it was already an absolute path
+# (which is the default for store-dir, localstatedir, and log-dir).
+configdata_priv.set_quoted('NIX_PREFIX',    prefix)
+configdata_priv.set_quoted('NIX_STORE_DIR', store_dir)
+configdata_priv.set_quoted('NIX_DATA_DIR',  datadir)
+configdata_priv.set_quoted('NIX_STATE_DIR', localstatedir / 'nix')
+configdata_priv.set_quoted('NIX_LOG_DIR',   log_dir)
+configdata_priv.set_quoted('NIX_CONF_DIR',  sysconfdir / 'nix')
+configdata_priv.set_quoted('NIX_MAN_DIR',   mandir)
+
+lsof = find_program('lsof', required : false)
+configdata_priv.set_quoted(
+  'LSOF',
+  lsof.found()
+    ? lsof.full_path()
+    # Just look up on the PATH
+    : 'lsof',
+)
+
 config_priv_h = configure_file(
   configuration : configdata_priv,
   output : 'store-config-private.hh',
@@ -267,87 +329,6 @@ else
   subdir('unix')
 endif
 
-prefix = get_option('prefix')
-# For each of these paths, assume that it is relative to the prefix unless
-# it is already an absolute path (which is the default for store-dir, localstatedir, and log-dir).
-path_opts = [
-  # Meson built-ins.
-  'datadir',
-  'mandir',
-  'libdir',
-  'includedir',
-  'libexecdir',
-  # Homecooked Nix directories.
-  'store-dir',
-  'localstatedir',
-  'log-dir',
-]
-# For your grepping pleasure, this loop sets the following variables that aren't mentioned
-# literally above:
-# store_dir
-# localstatedir
-# log_dir
-# profile_dir
-foreach optname : path_opts
-  varname = optname.replace('-', '_')
-  path = get_option(optname)
-  if fs.is_absolute(path)
-    set_variable(varname, path)
-  else
-    set_variable(varname, prefix / path)
-  endif
-endforeach
-
-# sysconfdir doesn't get anything installed to directly, and is only used to
-# tell Nix where to look for nix.conf, so it doesn't get appended to prefix.
-sysconfdir = get_option('sysconfdir')
-if not fs.is_absolute(sysconfdir)
-  sysconfdir = '/' / sysconfdir
-endif
-
-lsof = find_program('lsof', required : false)
-
-# Aside from prefix itself, each of these was made into an absolute path
-# by joining it with prefix, unless it was already an absolute path
-# (which is the default for store-dir, localstatedir, and log-dir).
-cpp_str_defines = {
-  'NIX_PREFIX':    prefix,
-  'NIX_STORE_DIR': store_dir,
-  'NIX_DATA_DIR':  datadir,
-  'NIX_STATE_DIR': localstatedir / 'nix',
-  'NIX_LOG_DIR':   log_dir,
-  'NIX_CONF_DIR':  sysconfdir / 'nix',
-  'NIX_MAN_DIR':   mandir,
-}
-
-if lsof.found()
-  lsof_path = lsof.full_path()
-else
-  # Just look up on the PATH
-  lsof_path = 'lsof'
-endif
-cpp_str_defines += {
-  'LSOF': lsof_path
-}
-
-if get_option('embedded-sandbox-shell')
-  cpp_str_defines += {
-    'SANDBOX_SHELL': '__embedded_sandbox_shell__'
-  }
-elif busybox.found()
-  cpp_str_defines += {
-    'SANDBOX_SHELL': busybox.full_path()
-  }
-endif
-
-cpp_args = []
-
-foreach name, value : cpp_str_defines
-  cpp_args += [
-    '-D' + name + '=' + '"' + value + '"'
-  ]
-endforeach
-
 subdir('nix-meson-build-support/export-all-symbols')
 subdir('nix-meson-build-support/windows-version')
 
@@ -358,7 +339,6 @@ this_library = library(
   config_priv_h,
   dependencies : deps_public + deps_private + deps_other,
   include_directories : include_dirs,
-  cpp_args : cpp_args,
   link_args: linker_export_flags,
   prelink : true, # For C++ static initializers
   install : true,

src/libstore/optimise-store.cc

@@ -13,6 +13,7 @@
 #include <stdio.h>
 #include <regex>
 
+#include "store-config-private.hh"
 
 namespace nix {
 
@@ -96,7 +97,7 @@ void LocalStore::optimisePath_(Activity * act, OptimiseStats & stats,
 
     auto st = lstat(path);
 
-#if __APPLE__
+#ifdef __APPLE__
     /* HFS/macOS has some undocumented security feature disabling hardlinking for
        special files within .app dirs. Known affected paths include
        *.app/Contents/{PkgInfo,Resources/\*.lproj,_CodeSignature} and .DS_Store.

src/libstore/posix-fs-canonicalise.cc

@@ -58,7 +58,7 @@ static void canonicalisePathMetaData_(
 {
     checkInterrupt();
 
-#if __APPLE__
+#ifdef __APPLE__
     /* Remove flags, in particular UF_IMMUTABLE which would prevent
        the file from being garbage-collected. FIXME: Use
        setattrlist() to remove other attributes as well. */

src/libstore/s3-binary-cache-store.cc

@@ -1,9 +1,10 @@
-#if ENABLE_S3
+#include "nix/store/s3-binary-cache-store.hh"
+
+#if NIX_WITH_S3_SUPPORT
 
 #include <assert.h>
 
 #include "nix/store/s3.hh"
-#include "nix/store/s3-binary-cache-store.hh"
 #include "nix/store/nar-info.hh"
 #include "nix/store/nar-info-disk-cache.hh"
 #include "nix/store/globals.hh"

src/libstore/store-api.cc

@@ -1300,7 +1300,7 @@ ref<Store> openStore(StoreReference && storeURI)
                 return std::make_shared<LocalStore>(params);
             else if (pathExists(settings.nixDaemonSocketFile))
                 return std::make_shared<UDSRemoteStore>(params);
-            #if __linux__
+            #ifdef __linux__
             else if (!pathExists(stateDir)
                 && params.empty()
                 && !isRootUser()

src/libstore/unix/build/local-derivation-goal.cc

@@ -41,7 +41,7 @@
 #endif
 
 /* Includes required for chroot support. */
-#if __linux__
+#ifdef __linux__
 # include "nix/store/fchmodat2-compat.hh"
 # include <sys/ioctl.h>
 # include <net/if.h>
@@ -60,7 +60,7 @@
 # include "nix/store/personality.hh"
 #endif
 
-#if __APPLE__
+#ifdef __APPLE__
 #include <spawn.h>
 #include <sys/sysctl.h>
 #include <sandbox.h>
@@ -76,6 +76,8 @@ extern "C" int sandbox_init_with_parameters(const char *profile, uint64_t flags,
 #include "nix/util/strings.hh"
 #include "nix/util/signals.hh"
 
+#include "store-config-private.hh"
+
 namespace nix {
 
 void handleDiffHook(
@@ -127,7 +129,7 @@ LocalDerivationGoal::~LocalDerivationGoal()
 
 inline bool LocalDerivationGoal::needsHashRewrite()
 {
-#if __linux__
+#ifdef __linux__
     return !useChroot;
 #else
     /* Darwin requires hash rewriting even when sandboxing is enabled. */
@@ -168,7 +170,7 @@ void LocalDerivationGoal::killChild()
 void LocalDerivationGoal::killSandbox(bool getStats)
 {
     if (cgroup) {
-        #if __linux__
+        #ifdef __linux__
         auto stats = destroyCgroup(*cgroup);
         if (getStats) {
             buildResult.cpuUser = stats.cpuUser;
@@ -205,7 +207,7 @@ Goal::Co LocalDerivationGoal::tryLocalBuild()
             if (drvOptions->noChroot)
                 throw Error("derivation '%s' has '__noChroot' set, "
                     "but that's not allowed when 'sandbox' is 'true'", worker.store.printStorePath(drvPath));
-#if __APPLE__
+#ifdef __APPLE__
             if (drvOptions->additionalSandboxProfile != "")
                 throw Error("derivation '%s' specifies a sandbox profile, "
                     "but this is only allowed when 'sandbox' is 'relaxed'", worker.store.printStorePath(drvPath));
@@ -220,14 +222,14 @@ Goal::Co LocalDerivationGoal::tryLocalBuild()
 
     auto & localStore = getLocalStore();
     if (localStore.storeDir != localStore.realStoreDir.get()) {
-        #if __linux__
+        #ifdef __linux__
             useChroot = true;
         #else
             throw Error("building using a diverted store is not supported on this platform");
         #endif
     }
 
-    #if __linux__
+    #ifdef __linux__
     if (useChroot) {
         if (!mountAndPidNamespacesSupported()) {
             if (!settings.sandboxFallback)
@@ -403,7 +405,7 @@ void LocalDerivationGoal::cleanupPostOutputsRegisteredModeNonCheck()
     cleanupPostOutputsRegisteredModeCheck();
 }
 
-#if __linux__
+#ifdef __linux__
 static void doBind(const Path & source, const Path & target, bool optional = false) {
     debug("bind mounting '%1%' to '%2%'", source, target);
 
@@ -476,12 +478,12 @@ static void handleChildException(bool sendException)
 void LocalDerivationGoal::startBuilder()
 {
     if ((buildUser && buildUser->getUIDCount() != 1)
-        #if __linux__
+        #ifdef __linux__
         || settings.useCgroups
         #endif
         )
     {
-        #if __linux__
+        #ifdef __linux__
         experimentalFeatureSettings.require(Xp::Cgroups);
 
         /* If we're running from the daemon, then this will return the
@@ -548,7 +550,7 @@ void LocalDerivationGoal::startBuilder()
     /* Create a temporary directory where the build will take
        place. */
     topTmpDir = createTempDir(settings.buildDir.get().value_or(""), "nix-build-" + std::string(drvPath.name()), false, false, 0700);
-#if __APPLE__
+#ifdef __APPLE__
     if (false) {
 #else
     if (useChroot) {
@@ -727,7 +729,7 @@ void LocalDerivationGoal::startBuilder()
             pathsInChroot[i] = {i, true};
         }
 
-#if __linux__
+#ifdef __linux__
         /* Create a temporary directory in which we set up the chroot
            environment using bind-mounts.  We put it in the Nix store
            so that the build outputs can be moved efficiently from the
@@ -826,7 +828,7 @@ void LocalDerivationGoal::startBuilder()
 #else
         if (drvOptions->useUidRange(*drv))
             throw Error("feature 'uid-range' is not supported on this platform");
-        #if __APPLE__
+        #ifdef __APPLE__
             /* We don't really have any parent prep work to do (yet?)
                All work happens in the child, instead. */
         #else
@@ -906,7 +908,7 @@ void LocalDerivationGoal::startBuilder()
         if (chown(slaveName.c_str(), buildUser->getUID(), 0))
             throw SysError("changing owner of pseudoterminal slave");
     }
-#if __APPLE__
+#ifdef __APPLE__
     else {
         if (grantpt(builderOut.get()))
             throw SysError("granting access to pseudoterminal slave");
@@ -941,7 +943,7 @@ void LocalDerivationGoal::startBuilder()
 
     /* Fork a child to build the package. */
 
-#if __linux__
+#ifdef __linux__
     if (useChroot) {
         /* Set up private namespaces for the build:
 
@@ -1141,7 +1143,7 @@ void LocalDerivationGoal::initTmpDir()
 {
     /* In a sandbox, for determinism, always use the same temporary
        directory. */
-#if __linux__
+#ifdef __linux__
     tmpDirInSandbox = useChroot ? settings.sandboxBuildDir : tmpDir;
 #else
     tmpDirInSandbox = tmpDir;
@@ -1644,7 +1646,7 @@ void LocalDerivationGoal::addDependency(const StorePath & path)
 
         debug("materialising '%s' in the sandbox", worker.store.printStorePath(path));
 
-        #if __linux__
+        #ifdef __linux__
 
             Path source = worker.store.Store::toRealPath(path);
             Path target = chrootRootDir + worker.store.printStorePath(path);
@@ -1694,7 +1696,7 @@ void LocalDerivationGoal::chownToBuilder(const Path & path)
 
 void setupSeccomp()
 {
-#if __linux__
+#ifdef __linux__
     if (!settings.filterSyscalls) return;
 #if HAVE_SECCOMP
     scmp_filter_ctx ctx;
@@ -1814,7 +1816,7 @@ void LocalDerivationGoal::runChild()
            } catch (SystemError &) { }
         }
 
-#if __linux__
+#ifdef __linux__
         if (useChroot) {
 
             userNamespaceSync.writeSide = -1;
@@ -2048,7 +2050,7 @@ void LocalDerivationGoal::runChild()
         /* Close all other file descriptors. */
         unix::closeExtraFDs();
 
-#if __linux__
+#ifdef __linux__
         linux::setPersonality(drv->platform);
 #endif
 
@@ -2087,7 +2089,7 @@ void LocalDerivationGoal::runChild()
                 throw SysError("setuid failed");
         }
 
-#if __APPLE__
+#ifdef __APPLE__
         /* This has to appear before import statements. */
         std::string sandboxProfile = "(version 1)\n";
 
@@ -2258,7 +2260,7 @@ void LocalDerivationGoal::runChild()
         for (auto & i : drv->args)
             args.push_back(rewriteStrings(i, inputRewrites));
 
-#if __APPLE__
+#ifdef __APPLE__
         posix_spawnattr_t attrp;
 
         if (posix_spawnattr_init(&attrp))

src/libstore/unix/user-lock.cc

@@ -10,7 +10,7 @@
 
 namespace nix {
 
-#if __linux__
+#ifdef __linux__
 
 static std::vector<gid_t> get_group_list(const char *username, gid_t group_id)
 {
@@ -94,7 +94,7 @@ struct SimpleUserLock : UserLock
                 if (lock->uid == getuid() || lock->uid == geteuid())
                     throw Error("the Nix user should not be a member of '%s'", settings.buildUsersGroup);
 
-                #if __linux__
+                #ifdef __linux__
                 /* Get the list of supplementary groups of this user. This is
                  * usually either empty or contains a group such as "kvm". */
 
@@ -193,10 +193,10 @@ std::unique_ptr<UserLock> acquireUserLock(uid_t nrIds, bool useUserNamespace)
 
 bool useBuildUsers()
 {
-    #if __linux__
+    #ifdef __linux__
     static bool b = (settings.buildUsersGroup != "" || settings.autoAllocateUids) && isRootUser();
     return b;
-    #elif __APPLE__
+    #elif defined(__APPLE__)
     static bool b = settings.buildUsersGroup != "" && isRootUser();
     return b;
     #else

src/libutil/archive.cc

@@ -17,7 +17,7 @@ namespace nix {
 struct ArchiveSettings : Config
 {
     Setting<bool> useCaseHack{this,
-        #if __APPLE__
+        #ifdef __APPLE__
             true,
         #else
             false,

src/libutil/current-process.cc

@@ -13,7 +13,7 @@
 # include <mach-o/dyld.h>
 #endif
 
-#if __linux__
+#ifdef __linux__
 # include <mutex>
 # include "nix/util/cgroup.hh"
 # include "nix/util/namespaces.hh"
@@ -23,7 +23,7 @@ namespace nix {
 
 unsigned int getMaxCPU()
 {
-    #if __linux__
+    #ifdef __linux__
     try {
         auto cgroupFS = getCgroupFS();
         if (!cgroupFS) return 0;
@@ -82,7 +82,7 @@ void restoreProcessContext(bool restoreMounts)
     unix::restoreSignals();
     #endif
     if (restoreMounts) {
-        #if __linux__
+        #ifdef __linux__
         restoreMountNamespace();
         #endif
     }
@@ -106,9 +106,9 @@ std::optional<Path> getSelfExe()
 {
     static auto cached = []() -> std::optional<Path>
     {
-        #if __linux__ || __GNU__
+        #if defined(__linux__) || defined(__GNU__)
         return readLink("/proc/self/exe");
-        #elif __APPLE__
+        #elif defined(__APPLE__)
         char buf[1024];
         uint32_t size = sizeof(buf);
         if (_NSGetExecutablePath(buf, &size) == 0)

src/libutil/file-descriptor.cc

@@ -98,7 +98,7 @@ void AutoCloseFD::fsync() const
         result =
 #ifdef _WIN32
             ::FlushFileBuffers(fd)
-#elif __APPLE__
+#elif defined(__APPLE__)
             ::fcntl(fd, F_FULLFSYNC)
 #else
             ::fsync(fd)
@@ -113,7 +113,7 @@ void AutoCloseFD::fsync() const
 
 void AutoCloseFD::startFsync() const
 {
-#if __linux__
+#ifdef __linux__
         if (fd != -1) {
             /* Ignore failure, since fsync must be run later anyway. This is just a performance optimization. */
             ::sync_file_range(fd, 0, 0, SYNC_FILE_RANGE_WRITE);

src/libutil/file-system.cc

@@ -574,7 +574,7 @@ Path createTempDir(const Path & tmpRoot, const Path & prefix,
                     , mode
 #endif
                     ) == 0) {
-#if __FreeBSD__
+#ifdef __FreeBSD__
             /* Explicitly set the group of the directory.  This is to
                work around around problems caused by BSD's group
                ownership semantics (directories inherit the group of

src/libutil/fs-sink.cc

@@ -4,7 +4,7 @@
 #include "nix/util/config-global.hh"
 #include "nix/util/fs-sink.hh"
 
-#if _WIN32
+#ifdef _WIN32
 # include <fileapi.h>
 # include "nix/util/file-path.hh"
 # include "nix/util/windows-error.hh"

src/libutil/include/nix/util/file-descriptor.hh

@@ -18,7 +18,7 @@ struct Source;
  * Operating System capability
  */
 using Descriptor =
-#if _WIN32
+#ifdef _WIN32
     HANDLE
 #else
     int
@@ -26,7 +26,7 @@ using Descriptor =
     ;
 
 const Descriptor INVALID_DESCRIPTOR =
-#if _WIN32
+#ifdef _WIN32
     INVALID_HANDLE_VALUE
 #else
     -1

src/libutil/terminal.cc

@@ -2,7 +2,7 @@
 #include "nix/util/environment-variables.hh"
 #include "nix/util/sync.hh"
 
-#if _WIN32
+#ifdef _WIN32
 # include <io.h>
 # define WIN32_LEAN_AND_MEAN
 # include <windows.h>

src/libutil/unix/file-descriptor.cc

@@ -163,7 +163,7 @@ void Pipe::create()
 
 //////////////////////////////////////////////////////////////////////
 
-#if __linux__ || __FreeBSD__
+#if defined(__linux__) || defined(__FreeBSD__)
 static int unix_close_range(unsigned int first, unsigned int last, int flags)
 {
 #if !HAVE_CLOSE_RANGE
@@ -179,7 +179,7 @@ void unix::closeExtraFDs()
     constexpr int MAX_KEPT_FD = 2;
     static_assert(std::max({STDIN_FILENO, STDOUT_FILENO, STDERR_FILENO}) == MAX_KEPT_FD);
 
-#if __linux__ || __FreeBSD__
+#if defined(__linux__) || defined(__FreeBSD__)
     // first try to close_range everything we don't care about. if this
     // returns an error with these parameters we're running on a kernel
     // that does not implement close_range (i.e. pre 5.9) and fall back
@@ -189,7 +189,7 @@ void unix::closeExtraFDs()
     }
 #endif
 
-#if __linux__
+#ifdef __linux__
     try {
         for (auto & s : std::filesystem::directory_iterator{"/proc/self/fd"}) {
             checkInterrupt();

src/libutil/unix/processes.cc

@@ -78,7 +78,7 @@ int Pid::kill()
         /* On BSDs, killing a process group will return EPERM if all
            processes in the group are zombies (or something like
            that). So try to detect and ignore that situation. */
-#if __FreeBSD__ || __APPLE__
+#if defined(__FreeBSD__) || defined(__APPLE__)
         if (errno != EPERM || ::kill(pid, 0) != 0)
 #endif
             logError(SysError("killing process %d", pid).info());
@@ -190,7 +190,7 @@ static pid_t doFork(bool allowVfork, ChildWrapperFunction & fun)
 }
 
 
-#if __linux__
+#ifdef __linux__
 static int childEntry(void * arg)
 {
     auto & fun = *reinterpret_cast<ChildWrapperFunction*>(arg);
@@ -213,7 +213,7 @@ pid_t startProcess(std::function<void()> fun, const ProcessOptions & options)
             logger = makeSimpleLogger();
         }
         try {
-#if __linux__
+#ifdef __linux__
             if (options.dieWithParent && prctl(PR_SET_PDEATHSIG, SIGKILL) == -1)
                 throw SysError("setting death signal");
 #endif

src/libutil/unix/signals.cc

@@ -105,7 +105,7 @@ void unix::setChildSignalMask(sigset_t * sigs)
 {
     assert(sigs); // C style function, but think of sigs as a reference
 
-#if _POSIX_C_SOURCE >= 1 || _XOPEN_SOURCE || _POSIX_SOURCE
+#if (defined(_POSIX_C_SOURCE) && _POSIX_C_SOURCE >= 1) || (defined(_XOPEN_SOURCE) && _XOPEN_SOURCE) || (defined(_POSIX_SOURCE) && _POSIX_SOURCE)
     sigemptyset(&savedSignalMask);
     // There's no "assign" or "copy" function, so we rely on (math) idempotence
     // of the or operator: a or a = a.

src/nix/crash-handler.cc

@@ -8,7 +8,7 @@
 #include <sstream>
 
 // Darwin and FreeBSD stdenv do not define _GNU_SOURCE but do have _Unwind_Backtrace.
-#if __APPLE__ || __FreeBSD__
+#if defined(__APPLE__) || defined(__FreeBSD__)
 #  define BOOST_STACKTRACE_GNU_SOURCE_NOT_REQUIRED
 #endif
 

src/nix/main.cc

@@ -37,7 +37,7 @@
 # include <netinet/in.h>
 #endif
 
-#if __linux__
+#ifdef __linux__
 # include "nix/util/namespaces.hh"
 #endif
 
@@ -382,7 +382,7 @@ void mainWrapped(int argc, char * * argv)
         "__build-remote",
     });
 
-    #if __linux__
+    #ifdef __linux__
     if (isRootUser()) {
         try {
             saveMountNamespace();

src/nix/man-pages.cc

@@ -1,4 +1,5 @@
 #include "man-pages.hh"
+#include "cli-config-private.hh"
 #include "nix/util/file-system.hh"
 #include "nix/util/current-process.hh"
 #include "nix/util/environment-variables.hh"

src/nix/meson.build

@@ -39,13 +39,16 @@ configdata = configuration_data()
 configdata.set_quoted('NIX_CLI_VERSION', meson.project_version())
 
 fs = import('fs')
+prefix = get_option('prefix')
 
 bindir = get_option('bindir')
-if not fs.is_absolute(bindir)
+bindir = fs.is_absolute(bindir) ? bindir : prefix / bindir
-  bindir = get_option('prefix') / bindir
-endif
 configdata.set_quoted('NIX_BIN_DIR', bindir)
 
+mandir = get_option('mandir')
+mandir = fs.is_absolute(mandir) ? mandir : prefix / mandir
+configdata.set_quoted('NIX_MAN_DIR', mandir)
+
 config_priv_h = configure_file(
   configuration : configdata,
   output : 'cli-config-private.hh',
@@ -174,16 +177,6 @@ if host_machine.system() != 'windows'
   ]
 endif
 
-fs = import('fs')
-prefix = get_option('prefix')
-
-mandir = get_option('mandir')
-mandir = fs.is_absolute(mandir) ? mandir : prefix / mandir
-
-cpp_args= [
-  '-DNIX_MAN_DIR="@0@"'.format(mandir)
-]
-
 include_dirs = [include_directories('.')]
 
 this_exe = executable(
@@ -191,7 +184,6 @@ this_exe = executable(
   sources,
   dependencies : deps_private_subproject + deps_private + deps_other,
   include_directories : include_dirs,
-  cpp_args : cpp_args,
   link_args: linker_export_flags,
   install : true,
 )

src/nix/run.cc

@@ -12,7 +12,7 @@
 #include "nix/expr/eval.hh"
 #include <filesystem>
 
-#if __linux__
+#ifdef __linux__
 # include <sys/mount.h>
 # include "nix/store/personality.hh"
 #endif
@@ -59,7 +59,7 @@ void execProgramInStore(ref<Store> store,
         throw SysError("could not execute chroot helper");
     }
 
-#if __linux__
+#ifdef __linux__
     if (system)
         linux::setPersonality(*system);
 #endif
@@ -153,7 +153,7 @@ void chrootHelper(int argc, char * * argv)
     while (p < argc)
         args.push_back(argv[p++]);
 
-#if __linux__
+#ifdef __linux__
     uid_t uid = getuid();
     uid_t gid = getgid();
 
@@ -212,7 +212,7 @@ void chrootHelper(int argc, char * * argv)
     writeFile(fs::path{"/proc/self/uid_map"}, fmt("%d %d %d", uid, uid, 1));
     writeFile(fs::path{"/proc/self/gid_map"}, fmt("%d %d %d", gid, gid, 1));
 
-#if __linux__
+#ifdef __linux__
     if (system != "")
         linux::setPersonality(system);
 #endif

src/nix/unix/daemon.cc

@@ -34,11 +34,11 @@
 #include <grp.h>
 #include <fcntl.h>
 
-#if __linux__
+#ifdef __linux__
 #include "nix/util/cgroup.hh"
 #endif
 
-#if __APPLE__ || __FreeBSD__
+#if defined(__APPLE__) || defined(__FreeBSD__)
 #include <sys/ucred.h>
 #endif
 
@@ -317,7 +317,7 @@ static void daemonLoop(std::optional<TrustedFlag> forceTrustClientOpt)
     //  Get rid of children automatically; don't let them become zombies.
     setSigChldAction(true);
 
-    #if __linux__
+    #ifdef __linux__
     if (settings.useCgroups) {
         experimentalFeatureSettings.require(Xp::Cgroups);