Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
5 changed files
with
327 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,181 @@ | ||
{ stdenv, fetchFromGitHub, tzdata, iana-etc, go_bootstrap, runCommand, writeScriptBin | ||
, perl, which, pkgconfig, patch, fetchpatch | ||
, pcre, cacert, llvm | ||
, Security, Foundation, bash | ||
, makeWrapper, git, subversion, mercurial, bazaar }: | ||
|
||
let | ||
|
||
inherit (stdenv.lib) optional optionals optionalString; | ||
|
||
clangHack = writeScriptBin "clang" '' | ||
#!${stdenv.shell} | ||
exec ${stdenv.cc}/bin/clang "$@" 2> >(sed '/ld: warning:.*ignoring unexpected dylib file/ d' 1>&2) | ||
''; | ||
|
||
goBootstrap = runCommand "go-bootstrap" {} '' | ||
mkdir $out | ||
cp -rf ${go_bootstrap}/* $out/ | ||
chmod -R u+w $out | ||
find $out -name "*.c" -delete | ||
cp -rf $out/bin/* $out/share/go/bin/ | ||
''; | ||
|
||
in | ||
|
||
stdenv.mkDerivation rec { | ||
name = "go-${version}"; | ||
version = "1.9"; | ||
|
||
src = fetchFromGitHub { | ||
owner = "golang"; | ||
repo = "go"; | ||
rev = "go${version}"; | ||
sha256 = "06k66x387r93m7d3bd5yzwdm8f8xc43cdjfamqldfc1v8ngak0y9"; | ||
}; | ||
|
||
# perl is used for testing go vet | ||
nativeBuildInputs = [ perl which pkgconfig patch makeWrapper ]; | ||
buildInputs = [ pcre ] | ||
++ optionals stdenv.isLinux [ stdenv.glibc.out stdenv.glibc.static ]; | ||
propagatedBuildInputs = optionals stdenv.isDarwin [ Security Foundation ]; | ||
|
||
hardeningDisable = [ "all" ]; | ||
|
||
prePatch = '' | ||
patchShebangs ./ # replace /bin/bash | ||
# This source produces shell script at run time, | ||
# and thus it is not corrected by patchShebangs. | ||
substituteInPlace misc/cgo/testcarchive/carchive_test.go \ | ||
--replace '#!/usr/bin/env bash' '#!${stdenv.shell}' | ||
# Disabling the 'os/http/net' tests (they want files not available in | ||
# chroot builds) | ||
rm src/net/{listen,parse}_test.go | ||
rm src/syscall/exec_linux_test.go | ||
# !!! substituteInPlace does not seems to be effective. | ||
# The os test wants to read files in an existing path. Just don't let it be /usr/bin. | ||
sed -i 's,/usr/bin,'"`pwd`", src/os/os_test.go | ||
sed -i 's,/bin/pwd,'"`type -P pwd`", src/os/os_test.go | ||
# Disable the unix socket test | ||
sed -i '/TestShutdownUnix/areturn' src/net/net_test.go | ||
# Disable the hostname test | ||
sed -i '/TestHostname/areturn' src/os/os_test.go | ||
# ParseInLocation fails the test | ||
sed -i '/TestParseInSydney/areturn' src/time/format_test.go | ||
# Remove the api check as it never worked | ||
sed -i '/src\/cmd\/api\/run.go/ireturn nil' src/cmd/dist/test.go | ||
# Remove the coverage test as we have removed this utility | ||
sed -i '/TestCoverageWithCgo/areturn' src/cmd/go/go_test.go | ||
# Remove the timezone naming test | ||
sed -i '/TestLoadFixed/areturn' src/time/time_test.go | ||
# Remove disable setgid test | ||
sed -i '/TestRespectSetgidDir/areturn' src/cmd/go/internal/work/build_test.go | ||
# Remove cert tests that conflict with NixOS's cert resolution | ||
sed -i '/TestEnvVars/areturn' src/crypto/x509/root_unix_test.go | ||
sed -i 's,/etc/protocols,${iana-etc}/etc/protocols,' src/net/lookup_unix.go | ||
sed -i 's,/etc/services,${iana-etc}/etc/services,' src/net/port_unix.go | ||
# Disable cgo lookup tests not works, they depend on resolver | ||
rm src/net/cgo_unix_test.go | ||
'' + optionalString stdenv.isLinux '' | ||
sed -i 's,/usr/share/zoneinfo/,${tzdata}/share/zoneinfo/,' src/time/zoneinfo_unix.go | ||
'' + optionalString stdenv.isArm '' | ||
sed -i '/TestCurrent/areturn' src/os/user/user_test.go | ||
echo '#!/usr/bin/env bash' > misc/cgo/testplugin/test.bash | ||
'' + optionalString stdenv.isDarwin '' | ||
substituteInPlace src/race.bash --replace \ | ||
"sysctl machdep.cpu.extfeatures | grep -qv EM64T" true | ||
sed -i 's,strings.Contains(.*sysctl.*,true {,' src/cmd/dist/util.go | ||
sed -i 's,"/etc","'"$TMPDIR"'",' src/os/os_test.go | ||
sed -i 's,/_go_os_test,'"$TMPDIR"'/_go_os_test,' src/os/path_test.go | ||
sed -i '/TestChdirAndGetwd/areturn' src/os/os_test.go | ||
sed -i '/TestRead0/areturn' src/os/os_test.go | ||
sed -i '/TestNohup/areturn' src/os/signal/signal_test.go | ||
sed -i '/TestCurrent/areturn' src/os/user/user_test.go | ||
sed -i '/TestSystemRoots/areturn' src/crypto/x509/root_darwin_test.go | ||
sed -i '/TestGoInstallRebuildsStalePackagesInOtherGOPATH/areturn' src/cmd/go/go_test.go | ||
sed -i '/TestBuildDashIInstallsDependencies/areturn' src/cmd/go/go_test.go | ||
sed -i '/TestDisasmExtld/areturn' src/cmd/objdump/objdump_test.go | ||
sed -i 's/unrecognized/unknown/' src/cmd/link/internal/ld/lib.go | ||
sed -i 's/unrecognized/unknown/' src/cmd/go/build.go | ||
touch $TMPDIR/group $TMPDIR/hosts $TMPDIR/passwd | ||
sed -i '1 a\exit 0' misc/cgo/errors/test.bash | ||
''; | ||
|
||
patches = | ||
[ ./remove-tools-1.9.patch | ||
./ssl-cert-file-1.9.patch | ||
./creds-test.patch | ||
./remove-test-pie-1.9.patch | ||
]; | ||
|
||
postPatch = optionalString stdenv.isDarwin '' | ||
echo "substitute hardcoded dsymutil with ${llvm}/bin/llvm-dsymutil" | ||
substituteInPlace "src/cmd/link/internal/ld/lib.go" --replace dsymutil ${llvm}/bin/llvm-dsymutil | ||
''; | ||
|
||
NIX_SSL_CERT_FILE = "${cacert}/etc/ssl/certs/ca-bundle.crt"; | ||
|
||
GOOS = if stdenv.isDarwin then "darwin" else "linux"; | ||
GOARCH = if stdenv.isDarwin then "amd64" | ||
else if stdenv.system == "i686-linux" then "386" | ||
else if stdenv.system == "x86_64-linux" then "amd64" | ||
else if stdenv.isArm then "arm" | ||
else throw "Unsupported system"; | ||
GOARM = optionalString (stdenv.system == "armv5tel-linux") "5"; | ||
GO386 = 387; # from Arch: don't assume sse2 on i686 | ||
CGO_ENABLED = 1; | ||
GOROOT_BOOTSTRAP = "${goBootstrap}/share/go"; | ||
|
||
# The go build actually checks for CC=*/clang and does something different, so we don't | ||
# just want the generic `cc` here. | ||
CC = if stdenv.isDarwin then "clang" else "cc"; | ||
|
||
configurePhase = '' | ||
mkdir -p $out/share/go/bin | ||
export GOROOT=$out/share/go | ||
export GOBIN=$GOROOT/bin | ||
export PATH=$GOBIN:$PATH | ||
''; | ||
|
||
postConfigure = optionalString stdenv.isDarwin '' | ||
export PATH=${clangHack}/bin:$PATH | ||
''; | ||
|
||
installPhase = '' | ||
cp -r . $GOROOT | ||
( cd $GOROOT/src && ./all.bash ) | ||
# (https://github.com/golang/go/wiki/GoGetTools) | ||
wrapProgram $out/share/go/bin/go --prefix PATH ":" "${stdenv.lib.makeBinPath [ git subversion mercurial bazaar ]}" | ||
''; | ||
|
||
preFixup = '' | ||
rm -r $out/share/go/pkg/bootstrap | ||
ln -s $out/share/go/bin $out/bin | ||
''; | ||
|
||
setupHook = ./setup-hook.sh; | ||
|
||
disallowedReferences = [ go_bootstrap ]; | ||
|
||
meta = with stdenv.lib; { | ||
branch = "1.8"; | ||
This comment has been minimized.
Sorry, something went wrong.
This comment has been minimized.
Sorry, something went wrong.
This comment has been minimized.
Sorry, something went wrong. |
||
homepage = http://golang.org/; | ||
description = "The Go Programming language"; | ||
license = licenses.bsd3; | ||
maintainers = with maintainers; [ cstrahan wkennington ]; | ||
platforms = platforms.linux ++ platforms.darwin; | ||
}; | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,26 @@ | ||
diff --git a/src/cmd/dist/test.go b/src/cmd/dist/test.go | ||
index 73432d31ea..3310f5298d 100644 | ||
--- a/src/cmd/dist/test.go | ||
+++ b/src/cmd/dist/test.go | ||
@@ -510,21 +510,6 @@ func (t *tester) registerTests() { | ||
}) | ||
} | ||
|
||
- // Test internal linking of PIE binaries where it is supported. | ||
- if t.goos == "linux" && t.goarch == "amd64" && !isAlpineLinux() { | ||
- // Issue 18243: We don't have a way to set the default | ||
- // dynamic linker used in internal linking mode. So | ||
- // this test is skipped on Alpine. | ||
- t.tests = append(t.tests, distTest{ | ||
- name: "pie_internal", | ||
- heading: "internal linking of -buildmode=pie", | ||
- fn: func(dt *distTest) error { | ||
- t.addCmd(dt, "src", "go", "test", "reflect", "-short", "-buildmode=pie", "-ldflags=-linkmode=internal", t.timeout(60), t.tags(), t.runFlag("")) | ||
- return nil | ||
- }, | ||
- }) | ||
- } | ||
- | ||
// sync tests | ||
t.tests = append(t.tests, distTest{ | ||
name: "sync_cpu", |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,35 @@ | ||
diff --git a/src/go/build/build.go b/src/go/build/build.go | ||
index d8163d0172..dd80a70473 100644 | ||
--- a/src/go/build/build.go | ||
+++ b/src/go/build/build.go | ||
@@ -1592,7 +1592,7 @@ func init() { | ||
} | ||
|
||
// ToolDir is the directory containing build tools. | ||
-var ToolDir = filepath.Join(runtime.GOROOT(), "pkg/tool/"+runtime.GOOS+"_"+runtime.GOARCH) | ||
+var ToolDir = runtime.GOTOOLDIR() | ||
|
||
// IsLocalImport reports whether the import path is | ||
// a local import path, like ".", "..", "./foo", or "../foo". | ||
diff --git a/src/runtime/extern.go b/src/runtime/extern.go | ||
index 6e6c674d96..e9f62f96dc 100644 | ||
--- a/src/runtime/extern.go | ||
+++ b/src/runtime/extern.go | ||
@@ -223,6 +223,17 @@ func GOROOT() string { | ||
return sys.DefaultGoroot | ||
} | ||
|
||
+// GOTOOLDIR returns the root of the Go tree. | ||
+// It uses the GOTOOLDIR environment variable, if set, | ||
+// or else the root used during the Go build. | ||
+func GOTOOLDIR() string { | ||
+ s := gogetenv("GOTOOLDIR") | ||
+ if s != "" { | ||
+ return s | ||
+ } | ||
+ return GOROOT() + "/pkg/tool/" + GOOS + "_" + GOARCH | ||
+} | ||
+ | ||
// Version returns the Go tree's version string. | ||
// It is either the commit hash and date at the time of the build or, | ||
// when possible, a release tag like "go1.3". |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,80 @@ | ||
diff --git a/src/crypto/x509/root_cgo_darwin.go b/src/crypto/x509/root_cgo_darwin.go | ||
index 8e80533590..31c0c666ec 100644 | ||
--- a/src/crypto/x509/root_cgo_darwin.go | ||
+++ b/src/crypto/x509/root_cgo_darwin.go | ||
@@ -201,11 +201,20 @@ int FetchPEMRoots(CFDataRef *pemRoots, CFDataRef *untrustedPemRoots) { | ||
import "C" | ||
import ( | ||
"errors" | ||
+ "io/ioutil" | ||
+ "os" | ||
"unsafe" | ||
) | ||
|
||
func loadSystemRoots() (*CertPool, error) { | ||
roots := NewCertPool() | ||
+ if file := os.Getenv("NIX_SSL_CERT_FILE"); file != "" { | ||
+ data, err := ioutil.ReadFile(file) | ||
+ if err == nil { | ||
+ roots.AppendCertsFromPEM(data) | ||
+ return roots, nil | ||
+ } | ||
+ } | ||
|
||
var data C.CFDataRef = nil | ||
var untrustedData C.CFDataRef = nil | ||
diff --git a/src/crypto/x509/root_darwin.go b/src/crypto/x509/root_darwin.go | ||
index bc35a1cf21..21e52bec51 100644 | ||
--- a/src/crypto/x509/root_darwin.go | ||
+++ b/src/crypto/x509/root_darwin.go | ||
@@ -81,18 +81,26 @@ func execSecurityRoots() (*CertPool, error) { | ||
) | ||
} | ||
|
||
- cmd := exec.Command("/usr/bin/security", args...) | ||
- data, err := cmd.Output() | ||
- if err != nil { | ||
- return nil, err | ||
- } | ||
- | ||
var ( | ||
mu sync.Mutex | ||
roots = NewCertPool() | ||
numVerified int // number of execs of 'security verify-cert', for debug stats | ||
) | ||
|
||
+ if file := os.Getenv("NIX_SSL_CERT_FILE"); file != "" { | ||
+ data, err := ioutil.ReadFile(file) | ||
+ if err == nil { | ||
+ roots.AppendCertsFromPEM(data) | ||
+ return roots, nil | ||
+ } | ||
+ } | ||
+ | ||
+ cmd := exec.Command("/usr/bin/security", args...) | ||
+ data, err := cmd.Output() | ||
+ if err != nil { | ||
+ return nil, err | ||
+ } | ||
+ | ||
blockCh := make(chan *pem.Block) | ||
var wg sync.WaitGroup | ||
|
||
diff --git a/src/crypto/x509/root_unix.go b/src/crypto/x509/root_unix.go | ||
index 65b5a5fdbc..c9c7ac6a74 100644 | ||
--- a/src/crypto/x509/root_unix.go | ||
+++ b/src/crypto/x509/root_unix.go | ||
@@ -37,6 +37,13 @@ func (c *Certificate) systemVerify(opts *VerifyOptions) (chains [][]*Certificate | ||
|
||
func loadSystemRoots() (*CertPool, error) { | ||
roots := NewCertPool() | ||
+ if file := os.Getenv("NIX_SSL_CERT_FILE"); file != "" { | ||
+ data, err := ioutil.ReadFile(file) | ||
+ if err == nil { | ||
+ roots.AppendCertsFromPEM(data) | ||
+ return roots, nil | ||
+ } | ||
+ } | ||
|
||
files := certFiles | ||
if f := os.Getenv(certFileEnv); f != "" { |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Ahem 😄