Merge pull request #12931 from roberth/add-Wundef-and-fix-public-headers

Add `-Wundef` and fix public headers
2025-06-25 10:41:16 +02:00 · 2025-04-05 08:43:43 +02:00 · 2025-04-05 08:43:43 +02:00 · cf5e59911b
commit cf5e59911b
parent 8bd342c660 ba89da8fa2
40 changed files with 129 additions and 90 deletions
--- a/nix-meson-build-support/common/meson.build
+++ b/nix-meson-build-support/common/meson.build
@ -10,6 +10,7 @@ add_project_arguments(
  '-Werror=suggest-override',
  '-Werror=switch',
  '-Werror=switch-enum',
+  '-Werror=undef',
  '-Werror=unused-result',
  '-Werror=sign-compare',
  '-Wignored-qualifiers',
--- a/src/build-remote/build-remote.cc
+++ b/src/build-remote/build-remote.cc
@ -5,7 +5,7 @@
 #include <memory>
 #include <tuple>
 #include <iomanip>
-#if __APPLE__
+#ifdef __APPLE__
 #include <sys/time.h>
 #endif

@ -225,7 +225,7 @@ static int main_build_remote(int argc, char * * argv)
                    break;
                }

-#if __APPLE__
+#ifdef __APPLE__
                futimes(bestSlotLock.get(), NULL);
 #else
                futimens(bestSlotLock.get(), NULL);
--- a/src/libexpr-tests/main.cc
+++ b/src/libexpr-tests/main.cc
@ -14,7 +14,7 @@ int main (int argc, char **argv) {
    // Disable build hook. We won't be testing remote builds in these unit tests. If we do, fix the above build hook.
    settings.buildHook = {};

-    #if __linux__ // should match the conditional around sandboxBuildDir declaration.
+    #ifdef __linux__ // should match the conditional around sandboxBuildDir declaration.

    // When building and testing nix within the host's Nix sandbox, our store dir will be located in the host's sandboxBuildDir, e.g.:
    // Host
@ -27,7 +27,7 @@ int main (int argc, char **argv) {
    settings.sandboxBuildDir = "/test-build-dir-instead-of-usual-build-dir";
    #endif

-    #if __APPLE__
+    #ifdef __APPLE__
    // Avoid this error, when already running in a sandbox:
    // sandbox-exec: sandbox_apply: Operation not permitted
    settings.sandboxMode = smDisabled;
--- a/src/libexpr/eval-gc.cc
+++ b/src/libexpr/eval-gc.cc
@ -10,7 +10,7 @@
 #if NIX_USE_BOEHMGC

 #  include <pthread.h>
-#  if __FreeBSD__
+#  ifdef __FreeBSD__
 #    include <pthread_np.h>
 #  endif

--- a/src/libexpr/expr-config.hh
+++ b/src/libexpr/expr-config.hh
@ -0,0 +1,3 @@
+// TODO: Remove this damn file while keeping public config headers working
+#error \
+    "This file is a placeholder. It only exists so that meson accepts the symbolic link include/nix/expr/config.hh to this file, but we expect meson to overwrite it with the real file. Apparently that did not happen. I deeply apologize for this mess."
--- a/src/libexpr/include/nix/expr/config.hh
+++ b/src/libexpr/include/nix/expr/config.hh
@ -0,0 +1 @@
+../../../expr-config.hh
--- a/src/libexpr/include/nix/expr/meson.build
+++ b/src/libexpr/include/nix/expr/meson.build
@ -10,6 +10,7 @@ config_pub_h = configure_file(
 headers = [config_pub_h] + files(
  'attr-path.hh',
  'attr-set.hh',
+  'config.hh',
  'eval-cache.hh',
  'eval-error.hh',
  'eval-gc.hh',
--- a/src/libexpr/meson.build
+++ b/src/libexpr/meson.build
@ -79,6 +79,11 @@ config_priv_h = configure_file(
  output : 'expr-config-private.hh',
 )

+config_pub_h = configure_file(
+  configuration : configdata_pub,
+  output : 'expr-config.hh',
+)
+
 subdir('nix-meson-build-support/common')

 parser_tab = custom_target(
@ -163,6 +168,8 @@ subdir('primops')
 subdir('nix-meson-build-support/export-all-symbols')
 subdir('nix-meson-build-support/windows-version')

+headers += [config_pub_h]
+
 this_library = library(
  'nixexpr',
  sources,
@ -181,4 +188,8 @@ install_headers(headers, subdir : 'nix/expr', preserve_path : true)

 libraries_private = []

+nixexpr_dep = declare_dependency(
+  include_directories : include_directories('.'),
+  link_with : this_library,
+)
 subdir('nix-meson-build-support/export')
--- a/src/libmain/meson.build
+++ b/src/libmain/meson.build
@ -17,6 +17,8 @@ subdir('nix-meson-build-support/deps-lists')
 configdata = configuration_data()

 deps_private_maybe_subproject = [
+  # This dependency may be very limited; was introduced for NIX_USE_BOEHMGC macro dependency
+  dependency('nix-expr'),
 ]
 deps_public_maybe_subproject = [
  dependency('nix-util'),
--- a/src/libmain/package.nix
+++ b/src/libmain/package.nix
@ -6,6 +6,7 @@

  nix-util,
  nix-store,
+  nix-expr,

  # Configuration Options

@ -33,6 +34,10 @@ mkMesonLibrary (finalAttrs: {
  ];

  propagatedBuildInputs = [
+    # FIXME: This is only here for the NIX_USE_BOEHMGC macro dependency
+    #        Removing nix-expr will make the build more concurrent and is
+    #        architecturally nice, perhaps.
+    nix-expr
    nix-util
    nix-store
    openssl
--- a/src/libmain/shared.cc
+++ b/src/libmain/shared.cc
@ -26,7 +26,7 @@
 #include "nix/util/strings.hh"

 #include "main-config-private.hh"
-
+#include "nix/expr/config.hh"

 namespace nix {

@ -144,7 +144,7 @@ void initNix(bool loadConfig)
    if (sigaction(SIGUSR1, &act, 0)) throw SysError("handling SIGUSR1");
 #endif

-#if __APPLE__
+#ifdef __APPLE__
    /* HACK: on darwin, we need can’t use sigprocmask with SIGWINCH.
     * Instead, add a dummy sigaction handler, and signalHandlerThread
     * can handle the rest. */
--- a/src/libstore-tests/meson.build
+++ b/src/libstore-tests/meson.build
@ -40,6 +40,9 @@ deps_private += gtest
 configdata = configuration_data()
 configdata.set_quoted('PACKAGE_VERSION', meson.project_version())

+aws_s3 = dependency('aws-cpp-sdk-s3', required : false)
+configdata.set('ENABLE_S3', aws_s3.found().to_int())
+
 config_priv_h = configure_file(
  configuration : configdata,
  output : 'store-tests-config.hh',
--- a/src/libstore-tests/s3-binary-cache-store.cc
+++ b/src/libstore-tests/s3-binary-cache-store.cc
@ -1,3 +1,4 @@
+#include "store-tests-config.hh"
 #if ENABLE_S3

 #  include <gtest/gtest.h>
--- a/src/libstore/filetransfer.cc
+++ b/src/libstore/filetransfer.cc
@ -8,11 +8,12 @@
 #include "nix/util/callback.hh"
 #include "nix/util/signals.hh"

+#include "store-config-private.hh"
 #if ENABLE_S3
 #include <aws/core/client/ClientConfiguration.h>
 #endif

-#if __linux__
+#ifdef __linux__
 # include "nix/util/namespaces.hh"
 #endif

@ -621,7 +622,7 @@ struct curlFileTransfer : public FileTransfer
        });
        #endif

-        #if __linux__
+        #ifdef __linux__
        try {
            tryUnshareFilesystem();
        } catch (nix::Error & e) {
--- a/src/libstore/gc.cc
+++ b/src/libstore/gc.cc
@ -335,7 +335,7 @@ static std::string quoteRegexChars(const std::string & raw)
    return std::regex_replace(raw, specialRegex, R"(\$&)");
 }

-#if __linux__
+#ifdef __linux__
 static void readFileRoots(const std::filesystem::path & path, UncheckedRoots & roots)
 {
    try {
@ -427,7 +427,7 @@ void LocalStore::findRuntimeRoots(Roots & roots, bool censor)
    }
 #endif

-#if __linux__
+#ifdef __linux__
    readFileRoots("/proc/sys/kernel/modprobe", unchecked);
    readFileRoots("/proc/sys/kernel/fbsplash", unchecked);
    readFileRoots("/proc/sys/kernel/poweroff_cmd", unchecked);
--- a/src/libstore/globals.cc
+++ b/src/libstore/globals.cc
@ -25,7 +25,7 @@
 # include <dlfcn.h>
 #endif

-#if __APPLE__
+#ifdef __APPLE__
 # include "nix/util/processes.hh"
 #endif

@ -90,7 +90,7 @@ Settings::Settings()
 #endif

    /* chroot-like behavior from Apple's sandbox */
-#if __APPLE__
+#ifdef __APPLE__
    sandboxPaths = tokenizeString<StringSet>("/System/Library/Frameworks /System/Library/PrivateFrameworks /bin/sh /bin/bash /private/tmp /private/var/tmp /usr/lib");
    allowedImpureHostPrefixes = tokenizeString<StringSet>("/System/Library /usr/lib /dev /bin/sh");
 #endif
@ -151,7 +151,7 @@ unsigned int Settings::getDefaultCores()
      return concurrency;
 }

-#if __APPLE__
+#ifdef __APPLE__
 static bool hasVirt() {

    int hasVMM;
@ -181,16 +181,16 @@ StringSet Settings::getDefaultSystemFeatures()
       actually require anything special on the machines. */
    StringSet features{"nixos-test", "benchmark", "big-parallel"};

-    #if __linux__
+    #ifdef __linux__
    features.insert("uid-range");
    #endif

-    #if __linux__
+    #ifdef __linux__
    if (access("/dev/kvm", R_OK | W_OK) == 0)
        features.insert("kvm");
    #endif

-    #if __APPLE__
+    #ifdef __APPLE__
    if (hasVirt())
        features.insert("apple-virt");
    #endif
@ -205,7 +205,7 @@ StringSet Settings::getDefaultExtraPlatforms()
    if (std::string{NIX_LOCAL_SYSTEM} == "x86_64-linux" && !isWSL1())
        extraPlatforms.insert("i686-linux");

-#if __linux__
+#ifdef __linux__
    StringSet levels = computeLevels();
    for (auto iter = levels.begin(); iter != levels.end(); ++iter)
        extraPlatforms.insert(*iter + "-linux");
@ -224,7 +224,7 @@ StringSet Settings::getDefaultExtraPlatforms()

 bool Settings::isWSL1()
 {
-#if __linux__
+#ifdef __linux__
    struct utsname utsbuf;
    uname(&utsbuf);
    // WSL1 uses -Microsoft suffix
@ -374,7 +374,7 @@ void initLibStore(bool loadConfig) {
       [1] https://github.com/apple-oss-distributions/objc4/blob/01edf1705fbc3ff78a423cd21e03dfc21eb4d780/runtime/objc-initialize.mm#L614-L636
    */
    curl_global_init(CURL_GLOBAL_ALL);
-#if __APPLE__
+#ifdef __APPLE__
    /* On macOS, don't use the per-session TMPDIR (as set e.g. by
       sshd). This breaks build users because they don't have access
       to the TMPDIR, in particular in ‘nix-store --serve’. */
--- a/src/libstore/include/nix/store/globals.hh
+++ b/src/libstore/include/nix/store/globals.hh
@ -34,7 +34,7 @@ struct MaxBuildJobsSetting : public BaseSetting<unsigned int>
 };

 const uint32_t maxIdsPerBuild =
-    #if __linux__
+    #ifdef __linux__
    1 << 16
    #else
    1
@ -467,7 +467,7 @@ public:
        )", {}, true, Xp::AutoAllocateUids};

    Setting<uint32_t> startId{this,
-        #if __linux__
+        #ifdef __linux__
        0x34000000,
        #else
        56930,
@ -476,7 +476,7 @@ public:
        "The first UID and GID to use for dynamic ID allocation."};

    Setting<uint32_t> uidCount{this,
-        #if __linux__
+        #ifdef __linux__
        maxIdsPerBuild * 128,
        #else
        128,
@ -484,7 +484,7 @@ public:
        "id-count",
        "The number of UIDs/GIDs to use for dynamic ID allocation."};

-    #if __linux__
+    #ifdef __linux__
    Setting<bool> useCgroups{
        this, false, "use-cgroups",
        R"(
@ -596,7 +596,7 @@ public:

    Setting<SandboxMode> sandboxMode{
        this,
-        #if __linux__
+        #ifdef __linux__
          smEnabled
        #else
          smDisabled
@ -671,7 +671,7 @@ public:
        )"};
 #endif

-#if __linux__
+#ifdef __linux__
    Setting<std::string> sandboxShmSize{
        this, "50%", "sandbox-dev-shm-size",
        R"(
@ -708,7 +708,7 @@ public:
    Setting<PathSet> allowedImpureHostPrefixes{this, {}, "allowed-impure-host-deps",
        "Which prefixes to allow derivations to ask for access to (primarily for Darwin)."};

-#if __APPLE__
+#ifdef __APPLE__
    Setting<bool> darwinLogSandboxViolations{this, false, "darwin-log-sandbox-violations",
        "Whether to log Darwin sandbox access violations to the system log."};
 #endif
@ -1066,7 +1066,7 @@ public:
        // Don't document the machine-specific default value
        false};

-#if __linux__
+#ifdef __linux__
    Setting<bool> filterSyscalls{
        this, true, "filter-syscalls",
        R"(
--- a/src/libstore/include/nix/store/s3.hh
+++ b/src/libstore/include/nix/store/s3.hh
@ -1,6 +1,6 @@
 #pragma once
 ///@file
-
+#include "store-config-private.hh"
 #if ENABLE_S3

 #include "nix/util/ref.hh"
--- a/src/libstore/local-store.cc
+++ b/src/libstore/local-store.cc
@ -38,7 +38,7 @@
 # include <grp.h>
 #endif

-#if __linux__
+#ifdef __linux__
 # include <sched.h>
 # include <sys/statvfs.h>
 # include <sys/mount.h>
@ -571,7 +571,7 @@ void LocalStore::upgradeDBSchema(State & state)
   bind mount.  So make the Nix store writable for this process. */
 void LocalStore::makeStoreWritable()
 {
-#if __linux__
+#ifdef __linux__
    if (!isRootUser()) return;
    /* Check if /nix/store is on a read-only mount. */
    struct statvfs stat;
--- a/src/libstore/meson.build
+++ b/src/libstore/meson.build
@ -158,6 +158,7 @@ if get_option('embedded-sandbox-shell')
  # The path to busybox is passed as a -D flag when compiling this_library.
  # This solution is inherited from the old make buildsystem
  # TODO: do this differently?
+  # TODO: at least define it unconditionally, so we get checking from -Wundef
  configdata_priv.set('HAVE_EMBEDDED_SANDBOX_SHELL', 1)
  hexdump = find_program('hexdump', native : true)
  embedded_sandbox_shell_gen = custom_target(
@ -181,6 +182,11 @@ config_priv_h = configure_file(
  output : 'store-config-private.hh',
 )

+config_pub_h = configure_file(
+  configuration : configdata_pub,
+  output : 'store-config.hh',
+)
+
 subdir('nix-meson-build-support/common')

 sources = files(
@ -363,7 +369,7 @@ this_library = library(
  install : true,
 )

-install_headers(headers, subdir : 'nix/store', preserve_path : true)
+install_headers(headers + [ config_pub_h ], subdir : 'nix/store', preserve_path : true)

 libraries_private = []

--- a/src/libstore/optimise-store.cc
+++ b/src/libstore/optimise-store.cc
@ -13,6 +13,7 @@
 #include <stdio.h>
 #include <regex>

+#include "store-config-private.hh"

 namespace nix {

@ -96,7 +97,7 @@ void LocalStore::optimisePath_(Activity * act, OptimiseStats & stats,

    auto st = lstat(path);

-#if __APPLE__
+#ifdef __APPLE__
    /* HFS/macOS has some undocumented security feature disabling hardlinking for
       special files within .app dirs. Known affected paths include
       *.app/Contents/{PkgInfo,Resources/\*.lproj,_CodeSignature} and .DS_Store.
--- a/src/libstore/posix-fs-canonicalise.cc
+++ b/src/libstore/posix-fs-canonicalise.cc
@ -58,7 +58,7 @@ static void canonicalisePathMetaData_(
 {
    checkInterrupt();

-#if __APPLE__
+#ifdef __APPLE__
    /* Remove flags, in particular UF_IMMUTABLE which would prevent
       the file from being garbage-collected. FIXME: Use
       setattrlist() to remove other attributes as well. */
--- a/src/libstore/s3-binary-cache-store.cc
+++ b/src/libstore/s3-binary-cache-store.cc
@ -1,3 +1,4 @@
+#include "store-config-private.hh"
 #if ENABLE_S3

 #include <assert.h>
--- a/src/libstore/store-api.cc
+++ b/src/libstore/store-api.cc
@ -1328,7 +1328,7 @@ ref<Store> openStore(StoreReference && storeURI)
                return std::make_shared<LocalStore>(params);
            else if (pathExists(settings.nixDaemonSocketFile))
                return std::make_shared<UDSRemoteStore>(params);
-            #if __linux__
+            #ifdef __linux__
            else if (!pathExists(stateDir)
                && params.empty()
                && !isRootUser()
--- a/src/libstore/unix/build/local-derivation-goal.cc
+++ b/src/libstore/unix/build/local-derivation-goal.cc
@ -42,7 +42,7 @@
 #endif

 /* Includes required for chroot support. */
-#if __linux__
+#ifdef __linux__
 # include "nix/store/fchmodat2-compat.hh"
 # include <sys/ioctl.h>
 # include <net/if.h>
@ -61,7 +61,7 @@
 # include "nix/store/personality.hh"
 #endif

-#if __APPLE__
+#ifdef __APPLE__
 #include <spawn.h>
 #include <sys/sysctl.h>
 #include <sandbox.h>
@ -77,6 +77,8 @@ extern "C" int sandbox_init_with_parameters(const char *profile, uint64_t flags,
 #include "nix/util/strings.hh"
 #include "nix/util/signals.hh"

+#include "store-config-private.hh"
+
 namespace nix {

 struct LocalDerivationGoal : DerivationGoal, RestrictionContext
@ -416,7 +418,7 @@ LocalDerivationGoal::~LocalDerivationGoal()

 inline bool LocalDerivationGoal::needsHashRewrite()
 {
-#if __linux__
+#ifdef __linux__
    return !useChroot;
 #else
    /* Darwin requires hash rewriting even when sandboxing is enabled. */
@ -457,7 +459,7 @@ void LocalDerivationGoal::killChild()
 void LocalDerivationGoal::killSandbox(bool getStats)
 {
    if (cgroup) {
-        #if __linux__
+        #ifdef __linux__
        auto stats = destroyCgroup(*cgroup);
        if (getStats) {
            buildResult.cpuUser = stats.cpuUser;
@ -496,7 +498,7 @@ Goal::Co LocalDerivationGoal::tryLocalBuild()
            if (drvOptions->noChroot)
                throw Error("derivation '%s' has '__noChroot' set, "
                    "but that's not allowed when 'sandbox' is 'true'", worker.store.printStorePath(drvPath));
-#if __APPLE__
+#ifdef __APPLE__
            if (drvOptions->additionalSandboxProfile != "")
                throw Error("derivation '%s' specifies a sandbox profile, "
                    "but this is only allowed when 'sandbox' is 'relaxed'", worker.store.printStorePath(drvPath));
@ -511,14 +513,14 @@ Goal::Co LocalDerivationGoal::tryLocalBuild()

    auto & localStore = getLocalStore();
    if (localStore.storeDir != localStore.realStoreDir.get()) {
-        #if __linux__
+        #ifdef __linux__
            useChroot = true;
        #else
            throw Error("building using a diverted store is not supported on this platform");
        #endif
    }

-    #if __linux__
+    #ifdef __linux__
    if (useChroot) {
        if (!mountAndPidNamespacesSupported()) {
            if (!settings.sandboxFallback)
@ -745,7 +747,7 @@ bool LocalDerivationGoal::cleanupDecideWhetherDiskFull()
 }


-#if __linux__
+#ifdef __linux__
 static void doBind(const Path & source, const Path & target, bool optional = false) {
    debug("bind mounting '%1%' to '%2%'", source, target);

@ -818,12 +820,12 @@ static void handleChildException(bool sendException)
 void LocalDerivationGoal::startBuilder()
 {
    if ((buildUser && buildUser->getUIDCount() != 1)
-        #if __linux__
+        #ifdef __linux__
        || settings.useCgroups
        #endif
        )
    {
-        #if __linux__
+        #ifdef __linux__
        experimentalFeatureSettings.require(Xp::Cgroups);

        /* If we're running from the daemon, then this will return the
@ -890,7 +892,7 @@ void LocalDerivationGoal::startBuilder()
    /* Create a temporary directory where the build will take
       place. */
    topTmpDir = createTempDir(settings.buildDir.get().value_or(""), "nix-build-" + std::string(drvPath.name()), false, false, 0700);
-#if __APPLE__
+#ifdef __APPLE__
    if (false) {
 #else
    if (useChroot) {
@ -1069,7 +1071,7 @@ void LocalDerivationGoal::startBuilder()
            pathsInChroot[i] = {i, true};
        }

-#if __linux__
+#ifdef __linux__
        /* Create a temporary directory in which we set up the chroot
           environment using bind-mounts.  We put it in the Nix store
           so that the build outputs can be moved efficiently from the
@ -1168,7 +1170,7 @@ void LocalDerivationGoal::startBuilder()
 #else
        if (drvOptions->useUidRange(*drv))
            throw Error("feature 'uid-range' is not supported on this platform");
-        #if __APPLE__
+        #ifdef __APPLE__
            /* We don't really have any parent prep work to do (yet?)
               All work happens in the child, instead. */
        #else
@ -1248,7 +1250,7 @@ void LocalDerivationGoal::startBuilder()
        if (chown(slaveName.c_str(), buildUser->getUID(), 0))
            throw SysError("changing owner of pseudoterminal slave");
    }
-#if __APPLE__
+#ifdef __APPLE__
    else {
        if (grantpt(builderOut.get()))
            throw SysError("granting access to pseudoterminal slave");
@ -1283,7 +1285,7 @@ void LocalDerivationGoal::startBuilder()

    /* Fork a child to build the package. */

-#if __linux__
+#ifdef __linux__
    if (useChroot) {
        /* Set up private namespaces for the build:

@ -1480,7 +1482,7 @@ void LocalDerivationGoal::initTmpDir()
 {
    /* In a sandbox, for determinism, always use the same temporary
       directory. */
-#if __linux__
+#ifdef __linux__
    tmpDirInSandbox = useChroot ? settings.sandboxBuildDir : tmpDir;
 #else
    tmpDirInSandbox = tmpDir;
@ -1726,7 +1728,7 @@ void LocalDerivationGoal::addDependency(const StorePath & path)

        debug("materialising '%s' in the sandbox", worker.store.printStorePath(path));

-        #if __linux__
+        #ifdef __linux__

            Path source = worker.store.Store::toRealPath(path);
            Path target = chrootRootDir + worker.store.printStorePath(path);
@ -1776,7 +1778,7 @@ void LocalDerivationGoal::chownToBuilder(const Path & path)

 void setupSeccomp()
 {
-#if __linux__
+#ifdef __linux__
    if (!settings.filterSyscalls) return;
 #if HAVE_SECCOMP
    scmp_filter_ctx ctx;
@ -1896,7 +1898,7 @@ void LocalDerivationGoal::runChild()
           } catch (SystemError &) { }
        }

-#if __linux__
+#ifdef __linux__
        if (useChroot) {

            userNamespaceSync.writeSide = -1;
@ -2015,7 +2017,7 @@ void LocalDerivationGoal::runChild()
            for (auto & i : pathsInChroot) {
                if (i.second.source == "/proc") continue; // backwards compatibility

-                #if HAVE_EMBEDDED_SANDBOX_SHELL
+                #ifdef HAVE_EMBEDDED_SANDBOX_SHELL
                if (i.second.source == "__embedded_sandbox_shell__") {
                    static unsigned char sh[] = {
                        #include "embedded-sandbox-shell.gen.hh"
@ -2130,7 +2132,7 @@ void LocalDerivationGoal::runChild()
        /* Close all other file descriptors. */
        unix::closeExtraFDs();

-#if __linux__
+#ifdef __linux__
        linux::setPersonality(drv->platform);
 #endif

@ -2169,7 +2171,7 @@ void LocalDerivationGoal::runChild()
                throw SysError("setuid failed");
        }

-#if __APPLE__
+#ifdef __APPLE__
        /* This has to appear before import statements. */
        std::string sandboxProfile = "(version 1)\n";

@ -2340,7 +2342,7 @@ void LocalDerivationGoal::runChild()
        for (auto & i : drv->args)
            args.push_back(rewriteStrings(i, inputRewrites));

-#if __APPLE__
+#ifdef __APPLE__
        posix_spawnattr_t attrp;

        if (posix_spawnattr_init(&attrp))
--- a/src/libstore/unix/user-lock.cc
+++ b/src/libstore/unix/user-lock.cc
@ -10,7 +10,7 @@

 namespace nix {

-#if __linux__
+#ifdef __linux__

 static std::vector<gid_t> get_group_list(const char *username, gid_t group_id)
 {
@ -94,7 +94,7 @@ struct SimpleUserLock : UserLock
                if (lock->uid == getuid() || lock->uid == geteuid())
                    throw Error("the Nix user should not be a member of '%s'", settings.buildUsersGroup);

-                #if __linux__
+                #ifdef __linux__
                /* Get the list of supplementary groups of this user. This is
                 * usually either empty or contains a group such as "kvm". */

@ -193,7 +193,7 @@ std::unique_ptr<UserLock> acquireUserLock(uid_t nrIds, bool useUserNamespace)

 bool useBuildUsers()
 {
-    #if __linux__
+    #ifdef __linux__
    static bool b = (settings.buildUsersGroup != "" || settings.autoAllocateUids) && isRootUser();
    return b;
    #elif __APPLE__
--- a/src/libutil/archive.cc
+++ b/src/libutil/archive.cc
@ -17,7 +17,7 @@ namespace nix {
 struct ArchiveSettings : Config
 {
    Setting<bool> useCaseHack{this,
-        #if __APPLE__
+        #ifdef __APPLE__
            true,
        #else
            false,
--- a/src/libutil/current-process.cc
+++ b/src/libutil/current-process.cc
@ -13,7 +13,7 @@
 # include <mach-o/dyld.h>
 #endif

-#if __linux__
+#ifdef __linux__
 # include <mutex>
 # include "nix/util/cgroup.hh"
 # include "nix/util/namespaces.hh"
@ -23,7 +23,7 @@ namespace nix {

 unsigned int getMaxCPU()
 {
-    #if __linux__
+    #ifdef __linux__
    try {
        auto cgroupFS = getCgroupFS();
        if (!cgroupFS) return 0;
@ -82,7 +82,7 @@ void restoreProcessContext(bool restoreMounts)
    unix::restoreSignals();
    #endif
    if (restoreMounts) {
-        #if __linux__
+        #ifdef __linux__
        restoreMountNamespace();
        #endif
    }
@ -106,7 +106,7 @@ std::optional<Path> getSelfExe()
 {
    static auto cached = []() -> std::optional<Path>
    {
-        #if __linux__ || __GNU__
+        #if defined(__linux__) || defined(__GNU__)
        return readLink("/proc/self/exe");
        #elif __APPLE__
        char buf[1024];
--- a/src/libutil/file-descriptor.cc
+++ b/src/libutil/file-descriptor.cc
@ -98,7 +98,7 @@ void AutoCloseFD::fsync() const
        result =
 #ifdef _WIN32
            ::FlushFileBuffers(fd)
-#elif __APPLE__
+#elif defined(__APPLE__)
            ::fcntl(fd, F_FULLFSYNC)
 #else
            ::fsync(fd)
@ -113,7 +113,7 @@ void AutoCloseFD::fsync() const

 void AutoCloseFD::startFsync() const
 {
-#if __linux__
+#ifdef __linux__
        if (fd != -1) {
            /* Ignore failure, since fsync must be run later anyway. This is just a performance optimization. */
            ::sync_file_range(fd, 0, 0, SYNC_FILE_RANGE_WRITE);
--- a/src/libutil/file-system.cc
+++ b/src/libutil/file-system.cc
@ -576,7 +576,7 @@ Path createTempDir(const Path & tmpRoot, const Path & prefix,
                    , mode
 #endif
                    ) == 0) {
-#if __FreeBSD__
+#ifdef __FreeBSD__
            /* Explicitly set the group of the directory.  This is to
               work around around problems caused by BSD's group
               ownership semantics (directories inherit the group of
--- a/src/libutil/fs-sink.cc
+++ b/src/libutil/fs-sink.cc
@ -4,7 +4,7 @@
 #include "nix/util/config-global.hh"
 #include "nix/util/fs-sink.hh"

-#if _WIN32
+#ifdef _WIN32
 # include <fileapi.h>
 # include "nix/util/file-path.hh"
 # include "nix/util/windows-error.hh"
--- a/src/libutil/include/nix/util/file-descriptor.hh
+++ b/src/libutil/include/nix/util/file-descriptor.hh
@ -18,7 +18,7 @@ struct Source;
 * Operating System capability
 */
 using Descriptor =
-#if _WIN32
+#ifdef _WIN32
    HANDLE
 #else
    int
@ -26,7 +26,7 @@ using Descriptor =
    ;

 const Descriptor INVALID_DESCRIPTOR =
-#if _WIN32
+#ifdef _WIN32
    INVALID_HANDLE_VALUE
 #else
    -1
--- a/src/libutil/terminal.cc
+++ b/src/libutil/terminal.cc
@ -2,7 +2,7 @@
 #include "nix/util/environment-variables.hh"
 #include "nix/util/sync.hh"

-#if _WIN32
+#ifdef _WIN32
 # include <io.h>
 # define WIN32_LEAN_AND_MEAN
 # include <windows.h>
--- a/src/libutil/unix/file-descriptor.cc
+++ b/src/libutil/unix/file-descriptor.cc
@ -163,7 +163,7 @@ void Pipe::create()

 //////////////////////////////////////////////////////////////////////

-#if __linux__ || __FreeBSD__
+#if defined(__linux__) || defined(__FreeBSD__)
 static int unix_close_range(unsigned int first, unsigned int last, int flags)
 {
 #if !HAVE_CLOSE_RANGE
@ -179,7 +179,7 @@ void unix::closeExtraFDs()
    constexpr int MAX_KEPT_FD = 2;
    static_assert(std::max({STDIN_FILENO, STDOUT_FILENO, STDERR_FILENO}) == MAX_KEPT_FD);

-#if __linux__ || __FreeBSD__
+#if defined(__linux__) || defined(__FreeBSD__)
    // first try to close_range everything we don't care about. if this
    // returns an error with these parameters we're running on a kernel
    // that does not implement close_range (i.e. pre 5.9) and fall back
@ -189,7 +189,7 @@ void unix::closeExtraFDs()
    }
 #endif

-#if __linux__
+#ifdef __linux__
    try {
        for (auto & s : std::filesystem::directory_iterator{"/proc/self/fd"}) {
            checkInterrupt();
--- a/src/libutil/unix/processes.cc
+++ b/src/libutil/unix/processes.cc
@ -78,7 +78,7 @@ int Pid::kill()
        /* On BSDs, killing a process group will return EPERM if all
           processes in the group are zombies (or something like
           that). So try to detect and ignore that situation. */
-#if __FreeBSD__ || __APPLE__
+#if defined(__FreeBSD__) || defined(__APPLE__)
        if (errno != EPERM || ::kill(pid, 0) != 0)
 #endif
            logError(SysError("killing process %d", pid).info());
@ -190,7 +190,7 @@ static pid_t doFork(bool allowVfork, ChildWrapperFunction & fun)
 }


-#if __linux__
+#ifdef __linux__
 static int childEntry(void * arg)
 {
    auto & fun = *reinterpret_cast<ChildWrapperFunction*>(arg);
@ -213,7 +213,7 @@ pid_t startProcess(std::function<void()> fun, const ProcessOptions & options)
            logger = makeSimpleLogger();
        }
        try {
-#if __linux__
+#ifdef __linux__
            if (options.dieWithParent && prctl(PR_SET_PDEATHSIG, SIGKILL) == -1)
                throw SysError("setting death signal");
 #endif
--- a/src/libutil/unix/signals.cc
+++ b/src/libutil/unix/signals.cc
@ -105,7 +105,7 @@ void unix::setChildSignalMask(sigset_t * sigs)
 {
    assert(sigs); // C style function, but think of sigs as a reference

-#if _POSIX_C_SOURCE >= 1 || _XOPEN_SOURCE || _POSIX_SOURCE
+#if (defined(_POSIX_C_SOURCE) && _POSIX_C_SOURCE >= 1) || (defined(_XOPEN_SOURCE) && _XOPEN_SOURCE) || (defined(_POSIX_SOURCE) && _POSIX_SOURCE)
    sigemptyset(&savedSignalMask);
    // There's no "assign" or "copy" function, so we rely on (math) idempotence
    // of the or operator: a or a = a.
--- a/src/nix/crash-handler.cc
+++ b/src/nix/crash-handler.cc
@ -8,7 +8,7 @@
 #include <sstream>

 // Darwin and FreeBSD stdenv do not define _GNU_SOURCE but do have _Unwind_Backtrace.
-#if __APPLE__ || __FreeBSD__
+#if defined(__APPLE__) || defined(__FreeBSD__)
 #  define BOOST_STACKTRACE_GNU_SOURCE_NOT_REQUIRED
 #endif

--- a/src/nix/main.cc
+++ b/src/nix/main.cc
@ -36,7 +36,7 @@
 # include <netinet/in.h>
 #endif

-#if __linux__
+#ifdef __linux__
 # include "nix/util/namespaces.hh"
 #endif

@ -384,7 +384,7 @@ void mainWrapped(int argc, char * * argv)
        "__build-remote",
    });

-    #if __linux__
+    #ifdef __linux__
    if (isRootUser()) {
        try {
            saveMountNamespace();
--- a/src/nix/run.cc
+++ b/src/nix/run.cc
@ -12,7 +12,7 @@
 #include "nix/expr/eval.hh"
 #include <filesystem>

-#if __linux__
+#ifdef __linux__
 # include <sys/mount.h>
 # include "nix/store/personality.hh"
 #endif
@ -59,7 +59,7 @@ void execProgramInStore(ref<Store> store,
        throw SysError("could not execute chroot helper");
    }

-#if __linux__
+#ifdef __linux__
    if (system)
        linux::setPersonality(*system);
 #endif
@ -153,7 +153,7 @@ void chrootHelper(int argc, char * * argv)
    while (p < argc)
        args.push_back(argv[p++]);

-#if __linux__
+#ifdef __linux__
    uid_t uid = getuid();
    uid_t gid = getgid();

@ -212,7 +212,7 @@ void chrootHelper(int argc, char * * argv)
    writeFile(fs::path{"/proc/self/uid_map"}, fmt("%d %d %d", uid, uid, 1));
    writeFile(fs::path{"/proc/self/gid_map"}, fmt("%d %d %d", gid, gid, 1));

-#if __linux__
+#ifdef __linux__
    if (system != "")
        linux::setPersonality(system);
 #endif
--- a/src/nix/unix/daemon.cc
+++ b/src/nix/unix/daemon.cc
@ -34,11 +34,11 @@
 #include <grp.h>
 #include <fcntl.h>

-#if __linux__
+#ifdef __linux__
 #include "nix/util/cgroup.hh"
 #endif

-#if __APPLE__ || __FreeBSD__
+#if defined(__APPLE__) || defined(__FreeBSD__)
 #include <sys/ucred.h>
 #endif

@ -317,7 +317,7 @@ static void daemonLoop(std::optional<TrustedFlag> forceTrustClientOpt)
    //  Get rid of children automatically; don't let them become zombies.
    setSigChldAction(true);

-    #if __linux__
+    #ifdef __linux__
    if (settings.useCgroups) {
        experimentalFeatureSettings.require(Xp::Cgroups);