Compile glibc without -fstack-protector.#1
Conversation
At least until NixOS full supports -fstack-protector it's better to turn it off at the moment, as previous successful builds didn't include it either.
|
What would be required for NixOS to fully support -fstack-protector? |
|
https://wiki.ubuntu.com/GccSsp - but that was dated 2006, and for example the kernel now fully supports it. |
|
No one that I know of. If you think you could put something together go for it. |
|
I assume that since this is a Glibc change, it should go into the stdenv branch? |
|
BTW, what is actually gained by disabling stack protection in Glibc? Sure, we don't turn it on in other packages, but does that affect stack protection in Glibc functions? |
|
Yeah, the stdenv concern is why I suggested we look into using stack protection more completely. No idea whether stack protection needs to be in all packages to be useful in any. |
|
Well, the original reason for disabling SSP was because of these build failures: |
|
Is there anything that's harmed by keeping this as it is for now? Since this will require a stdenv rebuild we'd have to put this into a stdenv-updates branch at first anyway, but if it's not a big deal maybe this can wait until a more compelling reason for stdenv-updates arises? Anyway, we can't merge this into master so I'm closing. If it's important to have this fixed soon, please open a PR against the stdenv-updates branch. |
|
@edolstra Ok, having looked into this we have a strange problem. Building glibc as part of stdenv works fine (i.e. nix-build -A glibc), but building the same glibc with the final stdenv instead of the bootstrap fails (i.e. nix-build -A glibc213). So there's definitely an issue. Should I open a stdenv-updates branch? |
Glibc 2.14 also produces a build failure in Hydra, so we need to apply the same fix here, too.
|
It's already open, see https://github.com/NixOS/nixpkgs/commits/stdenv-updates |
Add xserver integration of i3 WM.
The bsddb module is apparently not compatible with db5 (or db48), so switch
back to db44. Fixes the following build error:
$ nix-build -A python26.modules
these derivations will be built:
/nix/store/5zcqmpa4iby0aa342psjph0byiyikm6h-python-bsddb-2.6.8.drv
building path(s) `/nix/store/qpsjyx7nmxhm9zq40674wr67dx8w6ycl-python-bsddb-2.6.8'
building /nix/store/qpsjyx7nmxhm9zq40674wr67dx8w6ycl-python-bsddb-2.6.8
unpacking sources
unpacking source archive /nix/store/2qwc1kd8allnaljm1z360lv9jsf8cfqy-Python-2.6.8.tar.bz2
source root is Python-2.6.8
patching sources
applying patch /nix/store/cfk04ans56xql9l6waqhqzzd60g9rzxi-search-path.patch
patching file setup.py
Hunk #1 succeeded at 424 (offset 145 lines).
applying patch /nix/store/dxscwf37hgq0xafs54h0c8xx47vg6d5g-nix-store-mtime.patch
patching file Python/import.c
Hunk #1 succeeded at 747 (offset -4 lines).
configuring
building
running build_ext
INFO: Can't locate Tcl/Tk libs and/or headers
Traceback (most recent call last):
File "./setup.py", line 2037, in <module>
main()
File "./setup.py", line 2032, in main
'Lib/smtpd.py']
File "/nix/store/xxzwak31qql6vq7v35xmq68zmjpfr5py-python-2.6.8/lib/python2.6/distutils/core.py", line 152, in setup
dist.run_commands()
File "/nix/store/xxzwak31qql6vq7v35xmq68zmjpfr5py-python-2.6.8/lib/python2.6/distutils/dist.py", line 975, in run_commands
self.run_command(cmd)
File "/nix/store/xxzwak31qql6vq7v35xmq68zmjpfr5py-python-2.6.8/lib/python2.6/distutils/dist.py", line 995, in run_command
cmd_obj.run()
File "/nix/store/xxzwak31qql6vq7v35xmq68zmjpfr5py-python-2.6.8/lib/python2.6/distutils/command/build_ext.py", line 340, in run
self.build_extensions()
File "./setup.py", line 249, in build_extensions
longest = max([len(e.name) for e in self.extensions])
ValueError: max() arg is an empty sequence
builder for `/nix/store/5zcqmpa4iby0aa342psjph0byiyikm6h-python-bsddb-2.6.8.drv' failed with exit code 1
error: build of `/nix/store/5zcqmpa4iby0aa342psjph0byiyikm6h-python-bsddb-2.6.8.drv' failed
fix some packages that won't build in the darwin-clang-stdenv
At least until NixOS fully supports -fstack-protector it's better to turn it off
at the moment, as previous successful builds didn't include it either.