pyrox.dev
nukeReferences: fix code signatures on aarch64-darwin
-29
pkgs/build-support/nuke-references/builder.sh
-29
pkgs/build-support/nuke-references/builder.sh
···
1
-
source $stdenv/setup
2
-
3
-
mkdir -p $out/bin
4
-
cat > $out/bin/nuke-refs <<EOF
5
-
#! $SHELL -e
6
-
7
-
excludes=""
8
-
while getopts e: o; do
9
-
case "\$o" in
10
-
e) storeId=\$(echo "\$OPTARG" | $perl/bin/perl -ne "print \"\\\$1\" if m|^\Q$NIX_STORE\E/([a-z0-9]{32})-.*|")
11
-
if [ -z "\$storeId" ]; then
12
-
echo "-e argument must be a Nix store path"
13
-
exit 1
14
-
fi
15
-
excludes="\$excludes(?!\$storeId)"
16
-
;;
17
-
esac
18
-
done
19
-
shift \$((\$OPTIND-1))
20
-
21
-
for i in "\$@"; do
22
-
if test ! -L "\$i" -a -f "\$i"; then
23
-
cat "\$i" | $perl/bin/perl -pe "s|\Q$NIX_STORE\E/\$excludes[a-z0-9]{32}-|$NIX_STORE/eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee-|g" > "\$i.tmp"
24
-
if test -x "\$i"; then chmod +x "\$i.tmp"; fi
25
-
mv "\$i.tmp" "\$i"
26
-
fi
27
-
done
28
-
EOF
29
-
chmod +x $out/bin/nuke-refs
···
+5
pkgs/build-support/nuke-references/darwin-sign-fixup.sh
+5
pkgs/build-support/nuke-references/darwin-sign-fixup.sh
+26
-2
pkgs/build-support/nuke-references/default.nix
+26
-2
pkgs/build-support/nuke-references/default.nix
···
3
# path (/nix/store/eeee...). This is useful for getting rid of
4
# dependencies that you know are not actually needed at runtime.
5
6
-
{ stdenvNoCC, perl }:
7
8
stdenvNoCC.mkDerivation {
9
name = "nuke-references";
10
-
builder = ./builder.sh;
11
# FIXME: get rid of perl dependency.
12
inherit perl;
13
}
···
3
# path (/nix/store/eeee...). This is useful for getting rid of
4
# dependencies that you know are not actually needed at runtime.
5
6
+
{ lib, stdenvNoCC, perl, signingUtils, shell ? stdenvNoCC.shell }:
7
+
8
+
let
9
+
stdenv = stdenvNoCC;
10
+
11
+
darwinCodeSign = stdenv.targetPlatform.isDarwin && stdenv.targetPlatform.isAarch64;
12
+
in
13
14
stdenvNoCC.mkDerivation {
15
name = "nuke-references";
16
+
17
+
dontUnpack = true;
18
+
dontConfigure = true;
19
+
dontBuild = true;
20
+
21
+
installPhase = ''
22
+
mkdir -p $out/bin
23
+
substituteAll ${./nuke-refs.sh} $out/bin/nuke-refs
24
+
chmod a+x $out/bin/nuke-refs
25
+
'';
26
+
27
+
postFixup = lib.optionalString darwinCodeSign ''
28
+
mkdir -p $out/nix-support
29
+
substituteAll ${./darwin-sign-fixup.sh} $out/nix-support/setup-hooks.sh
30
+
'';
31
+
32
# FIXME: get rid of perl dependency.
33
inherit perl;
34
+
inherit (builtins) storeDir;
35
+
shell = lib.getBin shell + (shell.shellPath or "");
36
+
signingUtils = if darwinCodeSign then signingUtils else null;
37
}
+33
pkgs/build-support/nuke-references/nuke-refs.sh
+33
pkgs/build-support/nuke-references/nuke-refs.sh
···
···
1
+
#! @shell@
2
+
3
+
fixupHooks=()
4
+
5
+
if [ -e @out@/nix-support/setup-hooks.sh ]; then
6
+
source @out@/nix-support/setup-hooks.sh
7
+
fi
8
+
9
+
excludes=""
10
+
while getopts e: o; do
11
+
case "$o" in
12
+
e) storeId=$(echo "$OPTARG" | @perl@/bin/perl -ne "print \"\$1\" if m|^\Q@storeDir@\E/([a-z0-9]{32})-.*|")
13
+
if [ -z "$storeId" ]; then
14
+
echo "-e argument must be a Nix store path"
15
+
exit 1
16
+
fi
17
+
excludes="$excludes(?!$storeId)"
18
+
;;
19
+
esac
20
+
done
21
+
shift $(($OPTIND-1))
22
+
23
+
for i in "$@"; do
24
+
if test ! -L "$i" -a -f "$i"; then
25
+
cat "$i" | @perl@/bin/perl -pe "s|\Q@storeDir@\E/$excludes[a-z0-9]{32}-|@storeDir@/eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee-|g" > "$i.tmp"
26
+
if test -x "$i"; then chmod +x "$i.tmp"; fi
27
+
mv "$i.tmp" "$i"
28
+
29
+
for hook in "${fixupHooks[@]}"; do
30
+
eval "$hook" "$i"
31
+
done
32
+
fi
33
+
done
+3
-1
pkgs/top-level/all-packages.nix
+3
-1
pkgs/top-level/all-packages.nix
···
638
639
replaceDependency = callPackage ../build-support/replace-dependency.nix { };
640
641
+
nukeReferences = callPackage ../build-support/nuke-references {
642
+
inherit (darwin) signingUtils;
643
+
};
644
645
referencesByPopularity = callPackage ../build-support/references-by-popularity { };
646