New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
cc-wrapper: Pass shellcheck and other cleanups #27879
cc-wrapper: Pass shellcheck and other cleanups #27879
Conversation
@Ericson2314, thanks for your PR! By analyzing the history of the files in this pull request, we identified @edolstra, @vcunat and @abbradar to be potential reviewers. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Here's some things I'd like feedback on (along with me discovering my own mistake :)).
@@ -69,7 +73,7 @@ relocatable= | |||
# Find all -L... switches for rpath, and relocatable flags for build id. | |||
if [ "$NIX_DONT_SET_RPATH" != 1 ] || [ "$NIX_SET_BUILD_ID" = 1 ]; then | |||
prev= | |||
for p in "${params[@]}" "${extra[@]}"; do | |||
for p in "${extraBefore[@]}" "${params[@]}" "${extraAfter[@]}"; do |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think not including extraBefore
here was an oversight of whoever added it originally. Note that the debugging code below originally also skipped it.
if [ -n "@coreutils_bin@" ]; then | ||
addToSearchPath _PATH @coreutils_bin@/bin | ||
fi | ||
|
||
if [ -z "$crossConfig" ]; then | ||
ENV_PREFIX="" | ||
# shellcheck disable=SC2157 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This was the same one as above---eager copy paste---and unneeded.
@@ -1,28 +1,37 @@ | |||
# `-B@out@/bin' forces cc to use ld-wrapper.sh when calling ld. | |||
export NIX_CFLAGS_COMPILE="-B@out@/bin/ $NIX_CFLAGS_COMPILE" | |||
|
|||
# One line export + assign means missing files will not fail script. Not sure | |||
# whether thsi is intentional. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Somebody should weigh in on this.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
thsi
is probably not intentional
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I weigh in on "thsi" most likely being a typo. Does that count?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Wait, we already check for file existence, so this is definitely isn't needed.
@@ -1,26 +1,41 @@ | |||
hardeningFlags=(fortify stackprotector pic strictoverflow format relro bindnow) | |||
hardeningFlags+=("${hardeningEnable[@]}") | |||
# Intentionally word-split in case 'hardeningEnable' is defined in Nix. | |||
hardeningFlags+=(${hardeningEnable[@]}) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Semantics change, but all the flags are sans-whitespace so it seems fine.
# `set -u`. | ||
for flag in ${hardeningDisable[@]} @hardening_unsupported_flags@ | ||
do | ||
hardeningDisableMap[$flag]=1 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think this is clearer than the regex stuff that was there before---and shellcheck said the regex stuff was done wrong anyways such that only string literals would match.
case $flag in | ||
fortify) | ||
if [[ -n "$NIX_DEBUG" ]]; then echo HARDENING: enabling fortify >&2; fi | ||
hardeningCFlags+=('-O2' '-D_FORTIFY_SOURCE=2') | ||
;; | ||
stackprotector) | ||
if [[ -n "$NIX_DEBUG" ]]; then echo HARDENING: enabling stackprotector >&2; fi | ||
hardeningCFlags+=('-fstack-protector-strong' '--param ssp-buffer-size=4') | ||
hardeningCFlags+=('-fstack-protector-strong' '--param' 'ssp-buffer-size=4') |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
N.B. bugs like this weren't being caught because extra word splitting on arrays.
@@ -19,16 +25,17 @@ source @out@/nix-support/utils.sh | |||
# For instance, figure out if linker flags should be passed. | |||
# GCC prints annoying warnings when they are not needed. | |||
dontLink=0 | |||
getVersion=0 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This was unused.
fi | ||
|
||
if [ -n "$NIX_CC_WRAPPER_EXEC_HOOK" ]; then | ||
source "$NIX_CC_WRAPPER_EXEC_HOOK" | ||
fi | ||
|
||
PATH="$path_backup" | ||
exec @prog@ ${extraBefore[@]} "${params[@]}" "${extraAfter[@]}" | ||
exec @prog@ "${extraBefore[@]}" "${params[@]}" "${extraAfter[@]}" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Semantics change, but the old version was a mistake. I fixed a hardening flag bug uncovered by this; hope there aren't others.
@orivej did something the same fix for ld-wrapper, and I guess it was fine there?
if [ "${p:0:3}" = -L/ ] && badPath "${p:2}"; then | ||
skip $p | ||
skip "${p:2}" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
So the "skip" thing does say "bad path", but not knowing what flag it came from is strictly less useful. I'm conflicted.
@@ -18,7 +24,6 @@ source @out@/nix-support/utils.sh | |||
# Figure out if linker flags should be passed. GCC prints annoying | |||
# warnings when they are not needed. | |||
dontLink=0 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is a dead variable, but used in commented code, so I guess I'll leave it for now.
7f7ed3c
to
de957cc
Compare
In #27672 I made cc-wrapper robust with undefined variables with |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm worried about the n+=1:
[grahamc@Morbo:~]$ declare -i n=0
[grahamc@Morbo:~]$ i+=1
[grahamc@Morbo:~]$ echo $i
1
[grahamc@Morbo:~]$ i+=1
[grahamc@Morbo:~]$ echo $i
11
otherwise this looks great
@@ -1,28 +1,37 @@ | |||
# `-B@out@/bin' forces cc to use ld-wrapper.sh when calling ld. | |||
export NIX_CFLAGS_COMPILE="-B@out@/bin/ $NIX_CFLAGS_COMPILE" | |||
|
|||
# One line export + assign means missing files will not fail script. Not sure | |||
# whether thsi is intentional. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
thsi
is probably not intentional
de957cc
to
6463fd3
Compare
OK I think I dealt with all comments. |
@@ -116,23 +125,22 @@ if [[ "$isCpp" = 1 ]]; then | |||
NIX_CFLAGS_LINK+=" $NIX_CXXSTDLIB_LINK" | |||
fi | |||
|
|||
LD=@ldPath@/ld |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This would be the unwrapped ld
, which seems wrong.
@@ -49,18 +54,17 @@ if [ "$NIX_ENFORCE_PURITY" = 1 -a -n "$NIX_STORE" \ | |||
params=("${rest[@]}") | |||
fi | |||
|
|||
LD=@prog@ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This however would be the wrapped ld
. Since cc will fork ld-wrapper, the old LD=...
, assuming LD
was already an export so it affected forked processes' environments (!), would be clobbered anyways.
@@ -1,28 +1,37 @@ | |||
# `-B@out@/bin' forces cc to use ld-wrapper.sh when calling ld. | |||
export NIX_CFLAGS_COMPILE="-B@out@/bin/ $NIX_CFLAGS_COMPILE" | |||
|
|||
# Export and assign separately in order that a failing $(..) will fail | |||
# the script. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Added back better comment without typo.
Motivation for this change
In many cases, this involved taking @orivej's and @edolstra's recent ld-wrapper improvements, and applying then elsewhere.
The only semantics changes I know of are
Fix bad word-splitting---already done with ld-wrapper with no issues
Remove unused and probably wrong
LD=
---didn't take into account cross and in cc-wrapper pointed to unwrapped ld while in ld-wrapper pointed to wrapped ld.Things done
Please check what applies. Note that these are not hard requirements but merely serve as information for reviewers.
(nix.useSandbox on NixOS,
or option
build-use-sandbox
innix.conf
on non-NixOS)
nix-shell -p nox --run "nox-review wip"
./result/bin/
)CC @orivej