pkgs/tools/misc/coreutils/default.nix at master · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / pkgs / tools / misc / coreutils / default.nix
at master 11 kB view raw
  1{
  2  lib,
  3  stdenv,
  4  fetchurl,
  5  autoreconfHook,
  6  buildPackages,
  7  libiconv,
  8  perl,
  9  texinfo,
 10  xz,
 11  binlore,
 12  coreutils,
 13  gmpSupport ? true,
 14  gmp,
 15  aclSupport ? lib.meta.availableOn stdenv.hostPlatform acl,
 16  acl,
 17  attrSupport ? lib.meta.availableOn stdenv.hostPlatform attr,
 18  attr,
 19  selinuxSupport ? false,
 20  libselinux,
 21  libsepol,
 22  # No openssl in default version, so openssl-induced rebuilds aren't too big.
 23  # It makes *sum functions significantly faster.
 24  minimal ? true,
 25  withOpenssl ? !minimal,
 26  openssl,
 27  withPrefix ? false,
 28  singleBinary ? "symlinks", # you can also pass "shebangs" or false
 29}:
 30
 31# Note: this package is used for bootstrapping fetchurl, and thus cannot use
 32# fetchpatch! All mutable patches (generated by GitHub or cgit) that are needed
 33# here should be included directly in Nixpkgs as files.
 34
 35assert aclSupport -> acl != null;
 36assert selinuxSupport -> libselinux != null && libsepol != null;
 37
 38let
 39  inherit (lib)
 40    concatStringsSep
 41    isString
 42    optional
 43    optionalAttrs
 44    optionals
 45    optionalString
 46    ;
 47  isCross = (stdenv.hostPlatform != stdenv.buildPlatform);
 48in
 49stdenv.mkDerivation rec {
 50  pname = "coreutils" + (optionalString (!minimal) "-full");
 51  version = "9.7";
 52
 53  src = fetchurl {
 54    url = "mirror://gnu/coreutils/coreutils-${version}.tar.xz";
 55    hash = "sha256-6LsmrQKT+bWh/EP7QrqXDjEsZs6SwbCxZxPXUA2yUb8=";
 56  };
 57
 58  patches = [
 59    # Heap buffer overflow that's been here since coreutils 7.2 in 2009:
 60    # https://www.openwall.com/lists/oss-security/2025/05/27/2
 61    ./CVE-2025-5278.patch
 62
 63    # Fixes test-float-h failure on ppc64 with C23
 64    # https://lists.gnu.org/archive/html/bug-gnulib/2025-07/msg00021.html
 65    # Multiple upstream commits squashed with adjustments, see header
 66    ./gnulib-float-h-tests-port-to-C23-PowerPC-GCC.patch
 67  ];
 68
 69  postPatch = ''
 70    # The test tends to fail on btrfs, f2fs and maybe other unusual filesystems.
 71    sed '2i echo Skipping dd sparse test && exit 77' -i ./tests/dd/sparse.sh
 72    sed '2i echo Skipping du threshold test && exit 77' -i ./tests/du/threshold.sh
 73    sed '2i echo Skipping cp reflink-auto test && exit 77' -i ./tests/cp/reflink-auto.sh
 74    sed '2i echo Skipping cp sparse test && exit 77' -i ./tests/cp/sparse.sh
 75    sed '2i echo Skipping env test && exit 77' -i ./tests/env/env.sh
 76    sed '2i echo Skipping rm deep-2 test && exit 77' -i ./tests/rm/deep-2.sh
 77    sed '2i echo Skipping du long-from-unreadable test && exit 77' -i ./tests/du/long-from-unreadable.sh
 78
 79    # The test tends to fail on cephfs
 80    sed '2i echo Skipping df total-verify test && exit 77' -i ./tests/df/total-verify.sh
 81
 82    # Some target platforms, especially when building inside a container have
 83    # issues with the inotify test.
 84    sed '2i echo Skipping tail inotify dir recreate test && exit 77' -i ./tests/tail/inotify-dir-recreate.sh
 85
 86    # sandbox does not allow setgid
 87    sed '2i echo Skipping chmod setgid test && exit 77' -i ./tests/chmod/setgid.sh
 88    substituteInPlace ./tests/install/install-C.sh \
 89      --replace 'mode3=2755' 'mode3=1755'
 90
 91    # Fails on systems with a rootfs. Looks like a bug in the test, see
 92    # https://lists.gnu.org/archive/html/bug-coreutils/2019-12/msg00000.html
 93    sed '2i print "Skipping df skip-rootfs test"; exit 77' -i ./tests/df/skip-rootfs.sh
 94
 95    # these tests fail in the unprivileged nix sandbox (without nix-daemon) as we break posix assumptions
 96    for f in ./tests/chgrp/{basic.sh,recurse.sh,default-no-deref.sh,no-x.sh,posix-H.sh}; do
 97      sed '2i echo Skipping chgrp && exit 77' -i "$f"
 98    done
 99    for f in gnulib-tests/{test-chown.c,test-fchownat.c,test-lchown.c}; do
100      echo "int main() { return 77; }" > "$f"
101    done
102
103    # We don't have localtime in the sandbox
104    for f in gnulib-tests/{test-localtime_r.c,test-localtime_r-mt.c}; do
105      echo "int main() { return 77; }" > "$f"
106    done
107
108    # intermittent failures on builders, unknown reason
109    sed '2i echo Skipping du basic test && exit 77' -i ./tests/du/basic.sh
110
111    # fails when syscalls related to acl not being available, e.g. in sandboxed environment
112    sed '2i echo Skipping ls -al with acl test && exit 77' -i ./tests/ls/acl.sh
113  ''
114  + (optionalString (stdenv.hostPlatform.libc == "musl") (
115    concatStringsSep "\n" [
116      ''
117        echo "int main() { return 77; }" > gnulib-tests/test-parse-datetime.c
118        echo "int main() { return 77; }" > gnulib-tests/test-getlogin.c
119      ''
120    ]
121  ))
122  + (optionalString stdenv.hostPlatform.isAarch64 ''
123    # Sometimes fails: https://github.com/NixOS/nixpkgs/pull/143097#issuecomment-954462584
124    sed '2i echo Skipping cut huge range test && exit 77' -i ./tests/cut/cut-huge-range.sh
125  '')
126  + (optionalString stdenv.hostPlatform.isPower64
127    # test command fails to parse long fraction part on ppc64
128    # When fraction parsing is fixed, still wrong output due to fraction length mismatch
129    # https://debbugs.gnu.org/cgi/bugreport.cgi?bug=78985
130    ''
131      sed '2i echo Skipping float sort-ing test && exit 77' -i ./tests/sort/sort-float.sh
132    ''
133  );
134
135  outputs = [
136    "out"
137    "info"
138  ];
139  separateDebugInfo = true;
140
141  nativeBuildInputs = [
142    perl
143    xz.bin
144  ]
145  ++ optionals stdenv.hostPlatform.isCygwin [
146    # due to patch
147    autoreconfHook
148    texinfo
149  ];
150
151  buildInputs =
152    [ ]
153    ++ optional aclSupport acl
154    ++ optional attrSupport attr
155    ++ optional gmpSupport gmp
156    ++ optional withOpenssl openssl
157    ++ optionals selinuxSupport [
158      libselinux
159      libsepol
160    ]
161    # TODO(@Ericson2314): Investigate whether Darwin could benefit too
162    ++ optional (isCross && stdenv.hostPlatform.libc != "glibc") libiconv;
163
164  hardeningDisable = [ "trivialautovarinit" ];
165
166  configureFlags = [
167    "--with-packager=https://nixos.org"
168  ]
169  ++ optional (singleBinary != false) (
170    "--enable-single-binary" + optionalString (isString singleBinary) "=${singleBinary}"
171  )
172  ++ optional withOpenssl "--with-openssl"
173  ++ optional stdenv.hostPlatform.isSunOS "ac_cv_func_inotify_init=no"
174  ++ optional withPrefix "--program-prefix=g"
175  # the shipped configure script doesn't enable nls, but using autoreconfHook
176  # does so which breaks the build
177  ++ optional stdenv.hostPlatform.isDarwin "--disable-nls"
178  # The VMULL-based CRC implementation produces incorrect results on musl.
179  # https://lists.gnu.org/archive/html/bug-coreutils/2025-02/msg00046.html
180  ++ optional (
181    stdenv.hostPlatform.config == "aarch64-unknown-linux-musl"
182  ) "utils_cv_vmull_intrinsic_exists=no"
183  ++ optionals (isCross && stdenv.hostPlatform.libc == "glibc") [
184    # TODO(19b98110126fde7cbb1127af7e3fe1568eacad3d): Needed for fstatfs() I
185    # don't know why it is not properly detected cross building with glibc.
186    "fu_cv_sys_stat_statfs2_bsize=yes"
187  ]
188  # /proc/uptime is available on Linux and produces accurate results even if
189  # the boot time is set to the epoch because the system has no RTC. We
190  # explicitly enable it for cases where it can't be detected automatically,
191  # such as when cross-compiling.
192  ++ optional stdenv.hostPlatform.isLinux "gl_cv_have_proc_uptime=yes";
193
194  # The tests are known broken on Cygwin
195  # (http://article.gmane.org/gmane.comp.gnu.core-utils.bugs/19025),
196  # Darwin (http://article.gmane.org/gmane.comp.gnu.core-utils.bugs/19351),
197  # and {Open,Free}BSD.
198  # With non-standard storeDir: https://github.com/NixOS/nix/issues/512
199  doCheck =
200    (!isCross)
201    && (stdenv.hostPlatform.libc == "glibc" || stdenv.hostPlatform.libc == "musl")
202    && !stdenv.hostPlatform.isAarch32;
203
204  # Prevents attempts of running 'help2man' on cross-built binaries.
205  PERL = if isCross then "missing" else null;
206
207  enableParallelBuilding = true;
208
209  NIX_LDFLAGS = optionalString selinuxSupport "-lsepol";
210  FORCE_UNSAFE_CONFIGURE = optionalString stdenv.hostPlatform.isSunOS "1";
211  env.NIX_CFLAGS_COMPILE = toString (
212    [ ]
213    # Work around a bogus warning in conjunction with musl.
214    ++ optional stdenv.hostPlatform.isMusl "-Wno-error"
215    ++ optional stdenv.hostPlatform.isAndroid "-D__USE_FORTIFY_LEVEL=0"
216  );
217
218  # Works around a bug with 8.26:
219  # Makefile:3440: *** Recursive variable 'INSTALL' references itself (eventually).  Stop.
220  preInstall = optionalString isCross ''
221    sed -i Makefile -e 's|^INSTALL =.*|INSTALL = ${buildPackages.coreutils}/bin/install -c|'
222  '';
223
224  postInstall =
225    optionalString (isCross && !minimal) ''
226      rm $out/share/man/man1/*
227      cp ${buildPackages.coreutils-full}/share/man/man1/* $out/share/man/man1
228    ''
229    # du: 8.7 M locale + 0.4 M man pages
230    + optionalString minimal ''
231      rm -r "$out/share"
232    '';
233
234  passthru =
235    { }
236    // optionalAttrs (singleBinary != false) {
237      # everything in the single binary gets the same verdict, so we
238      # override _that case_ with verdicts from separate binaries.
239      #
240      # binlore only spots exec in runcon on some platforms (i.e., not
241      # darwin; see comment on inverse case below)
242      binlore.out = binlore.synthesize coreutils ''
243        execer can bin/{chroot,env,install,nice,nohup,runcon,sort,split,stdbuf,timeout}
244        execer cannot bin/{[,b2sum,base32,base64,basename,basenc,cat,chcon,chgrp,chmod,chown,cksum,comm,cp,csplit,cut,date,dd,df,dir,dircolors,dirname,du,echo,expand,expr,factor,false,fmt,fold,groups,head,hostid,id,join,kill,link,ln,logname,ls,md5sum,mkdir,mkfifo,mknod,mktemp,mv,nl,nproc,numfmt,od,paste,pathchk,pinky,pr,printenv,printf,ptx,pwd,readlink,realpath,rm,rmdir,seq,sha1sum,sha224sum,sha256sum,sha384sum,sha512sum,shred,shuf,sleep,stat,stty,sum,sync,tac,tail,tee,test,touch,tr,true,truncate,tsort,tty,uname,unexpand,uniq,unlink,uptime,users,vdir,wc,who,whoami,yes}
245      '';
246    }
247    // optionalAttrs (singleBinary == false) {
248      # binlore only spots exec in runcon on some platforms (i.e., not
249      # darwin; I have a note that the behavior may need selinux?).
250      # hard-set it so people working on macOS don't miss cases of
251      # runcon until ofBorg fails.
252      binlore.out = binlore.synthesize coreutils ''
253        execer can bin/runcon
254      '';
255    };
256
257  meta = with lib; {
258    homepage = "https://www.gnu.org/software/coreutils/";
259    description = "GNU Core Utilities";
260    longDescription = ''
261      The GNU Core Utilities are the basic file, shell and text manipulation
262      utilities of the GNU operating system. These are the core utilities which
263      are expected to exist on every operating system.
264    '';
265    license = licenses.gpl3Plus;
266    maintainers = with maintainers; [ das_j ];
267    platforms = with platforms; unix ++ windows;
268    priority = 10;
269  };
270}