diff --git a/pkgs/development/compilers/go/1.9.nix b/pkgs/development/compilers/go/1.9.nix new file mode 100644 index 000000000000..1a148447c6b3 --- /dev/null +++ b/pkgs/development/compilers/go/1.9.nix @@ -0,0 +1,181 @@ +{ stdenv, fetchFromGitHub, tzdata, iana-etc, go_bootstrap, runCommand, writeScriptBin +, perl, which, pkgconfig, patch, fetchpatch +, pcre, cacert, llvm +, Security, Foundation, bash +, makeWrapper, git, subversion, mercurial, bazaar }: + +let + + inherit (stdenv.lib) optional optionals optionalString; + + clangHack = writeScriptBin "clang" '' + #!${stdenv.shell} + exec ${stdenv.cc}/bin/clang "$@" 2> >(sed '/ld: warning:.*ignoring unexpected dylib file/ d' 1>&2) + ''; + + goBootstrap = runCommand "go-bootstrap" {} '' + mkdir $out + cp -rf ${go_bootstrap}/* $out/ + chmod -R u+w $out + find $out -name "*.c" -delete + cp -rf $out/bin/* $out/share/go/bin/ + ''; + +in + +stdenv.mkDerivation rec { + name = "go-${version}"; + version = "1.9"; + + src = fetchFromGitHub { + owner = "golang"; + repo = "go"; + rev = "go${version}"; + sha256 = "06k66x387r93m7d3bd5yzwdm8f8xc43cdjfamqldfc1v8ngak0y9"; + }; + + # perl is used for testing go vet + nativeBuildInputs = [ perl which pkgconfig patch makeWrapper ]; + buildInputs = [ pcre ] + ++ optionals stdenv.isLinux [ stdenv.glibc.out stdenv.glibc.static ]; + propagatedBuildInputs = optionals stdenv.isDarwin [ Security Foundation ]; + + hardeningDisable = [ "all" ]; + + prePatch = '' + patchShebangs ./ # replace /bin/bash + + # This source produces shell script at run time, + # and thus it is not corrected by patchShebangs. + substituteInPlace misc/cgo/testcarchive/carchive_test.go \ + --replace '#!/usr/bin/env bash' '#!${stdenv.shell}' + + # Disabling the 'os/http/net' tests (they want files not available in + # chroot builds) + rm src/net/{listen,parse}_test.go + rm src/syscall/exec_linux_test.go + + # !!! substituteInPlace does not seems to be effective. + # The os test wants to read files in an existing path. Just don't let it be /usr/bin. + sed -i 's,/usr/bin,'"`pwd`", src/os/os_test.go + sed -i 's,/bin/pwd,'"`type -P pwd`", src/os/os_test.go + # Disable the unix socket test + sed -i '/TestShutdownUnix/areturn' src/net/net_test.go + # Disable the hostname test + sed -i '/TestHostname/areturn' src/os/os_test.go + # ParseInLocation fails the test + sed -i '/TestParseInSydney/areturn' src/time/format_test.go + # Remove the api check as it never worked + sed -i '/src\/cmd\/api\/run.go/ireturn nil' src/cmd/dist/test.go + # Remove the coverage test as we have removed this utility + sed -i '/TestCoverageWithCgo/areturn' src/cmd/go/go_test.go + # Remove the timezone naming test + sed -i '/TestLoadFixed/areturn' src/time/time_test.go + # Remove disable setgid test + sed -i '/TestRespectSetgidDir/areturn' src/cmd/go/internal/work/build_test.go + # Remove cert tests that conflict with NixOS's cert resolution + sed -i '/TestEnvVars/areturn' src/crypto/x509/root_unix_test.go + + sed -i 's,/etc/protocols,${iana-etc}/etc/protocols,' src/net/lookup_unix.go + sed -i 's,/etc/services,${iana-etc}/etc/services,' src/net/port_unix.go + + # Disable cgo lookup tests not works, they depend on resolver + rm src/net/cgo_unix_test.go + + '' + optionalString stdenv.isLinux '' + sed -i 's,/usr/share/zoneinfo/,${tzdata}/share/zoneinfo/,' src/time/zoneinfo_unix.go + '' + optionalString stdenv.isArm '' + sed -i '/TestCurrent/areturn' src/os/user/user_test.go + echo '#!/usr/bin/env bash' > misc/cgo/testplugin/test.bash + '' + optionalString stdenv.isDarwin '' + substituteInPlace src/race.bash --replace \ + "sysctl machdep.cpu.extfeatures | grep -qv EM64T" true + sed -i 's,strings.Contains(.*sysctl.*,true {,' src/cmd/dist/util.go + sed -i 's,"/etc","'"$TMPDIR"'",' src/os/os_test.go + sed -i 's,/_go_os_test,'"$TMPDIR"'/_go_os_test,' src/os/path_test.go + + sed -i '/TestChdirAndGetwd/areturn' src/os/os_test.go + sed -i '/TestRead0/areturn' src/os/os_test.go + sed -i '/TestNohup/areturn' src/os/signal/signal_test.go + sed -i '/TestCurrent/areturn' src/os/user/user_test.go + sed -i '/TestSystemRoots/areturn' src/crypto/x509/root_darwin_test.go + + sed -i '/TestGoInstallRebuildsStalePackagesInOtherGOPATH/areturn' src/cmd/go/go_test.go + sed -i '/TestBuildDashIInstallsDependencies/areturn' src/cmd/go/go_test.go + + sed -i '/TestDisasmExtld/areturn' src/cmd/objdump/objdump_test.go + + sed -i 's/unrecognized/unknown/' src/cmd/link/internal/ld/lib.go + sed -i 's/unrecognized/unknown/' src/cmd/go/build.go + + touch $TMPDIR/group $TMPDIR/hosts $TMPDIR/passwd + + sed -i '1 a\exit 0' misc/cgo/errors/test.bash + ''; + + patches = + [ ./remove-tools-1.9.patch + ./ssl-cert-file-1.9.patch + ./creds-test.patch + ./remove-test-pie-1.9.patch + ]; + + postPatch = optionalString stdenv.isDarwin '' + echo "substitute hardcoded dsymutil with ${llvm}/bin/llvm-dsymutil" + substituteInPlace "src/cmd/link/internal/ld/lib.go" --replace dsymutil ${llvm}/bin/llvm-dsymutil + ''; + + NIX_SSL_CERT_FILE = "${cacert}/etc/ssl/certs/ca-bundle.crt"; + + GOOS = if stdenv.isDarwin then "darwin" else "linux"; + GOARCH = if stdenv.isDarwin then "amd64" + else if stdenv.system == "i686-linux" then "386" + else if stdenv.system == "x86_64-linux" then "amd64" + else if stdenv.isArm then "arm" + else throw "Unsupported system"; + GOARM = optionalString (stdenv.system == "armv5tel-linux") "5"; + GO386 = 387; # from Arch: don't assume sse2 on i686 + CGO_ENABLED = 1; + GOROOT_BOOTSTRAP = "${goBootstrap}/share/go"; + + # The go build actually checks for CC=*/clang and does something different, so we don't + # just want the generic `cc` here. + CC = if stdenv.isDarwin then "clang" else "cc"; + + configurePhase = '' + mkdir -p $out/share/go/bin + export GOROOT=$out/share/go + export GOBIN=$GOROOT/bin + export PATH=$GOBIN:$PATH + ''; + + postConfigure = optionalString stdenv.isDarwin '' + export PATH=${clangHack}/bin:$PATH + ''; + + installPhase = '' + cp -r . $GOROOT + ( cd $GOROOT/src && ./all.bash ) + + # (https://github.com/golang/go/wiki/GoGetTools) + wrapProgram $out/share/go/bin/go --prefix PATH ":" "${stdenv.lib.makeBinPath [ git subversion mercurial bazaar ]}" + ''; + + preFixup = '' + rm -r $out/share/go/pkg/bootstrap + ln -s $out/share/go/bin $out/bin + ''; + + setupHook = ./setup-hook.sh; + + disallowedReferences = [ go_bootstrap ]; + + meta = with stdenv.lib; { + branch = "1.8"; + homepage = http://golang.org/; + description = "The Go Programming language"; + license = licenses.bsd3; + maintainers = with maintainers; [ cstrahan wkennington ]; + platforms = platforms.linux ++ platforms.darwin; + }; +} diff --git a/pkgs/development/compilers/go/remove-test-pie-1.9.patch b/pkgs/development/compilers/go/remove-test-pie-1.9.patch new file mode 100644 index 000000000000..46f94f29df20 --- /dev/null +++ b/pkgs/development/compilers/go/remove-test-pie-1.9.patch @@ -0,0 +1,26 @@ +diff --git a/src/cmd/dist/test.go b/src/cmd/dist/test.go +index 73432d31ea..3310f5298d 100644 +--- a/src/cmd/dist/test.go ++++ b/src/cmd/dist/test.go +@@ -510,21 +510,6 @@ func (t *tester) registerTests() { + }) + } + +- // Test internal linking of PIE binaries where it is supported. +- if t.goos == "linux" && t.goarch == "amd64" && !isAlpineLinux() { +- // Issue 18243: We don't have a way to set the default +- // dynamic linker used in internal linking mode. So +- // this test is skipped on Alpine. +- t.tests = append(t.tests, distTest{ +- name: "pie_internal", +- heading: "internal linking of -buildmode=pie", +- fn: func(dt *distTest) error { +- t.addCmd(dt, "src", "go", "test", "reflect", "-short", "-buildmode=pie", "-ldflags=-linkmode=internal", t.timeout(60), t.tags(), t.runFlag("")) +- return nil +- }, +- }) +- } +- + // sync tests + t.tests = append(t.tests, distTest{ + name: "sync_cpu", diff --git a/pkgs/development/compilers/go/remove-tools-1.9.patch b/pkgs/development/compilers/go/remove-tools-1.9.patch new file mode 100644 index 000000000000..e76ed61693a8 --- /dev/null +++ b/pkgs/development/compilers/go/remove-tools-1.9.patch @@ -0,0 +1,35 @@ +diff --git a/src/go/build/build.go b/src/go/build/build.go +index d8163d0172..dd80a70473 100644 +--- a/src/go/build/build.go ++++ b/src/go/build/build.go +@@ -1592,7 +1592,7 @@ func init() { + } + + // ToolDir is the directory containing build tools. +-var ToolDir = filepath.Join(runtime.GOROOT(), "pkg/tool/"+runtime.GOOS+"_"+runtime.GOARCH) ++var ToolDir = runtime.GOTOOLDIR() + + // IsLocalImport reports whether the import path is + // a local import path, like ".", "..", "./foo", or "../foo". +diff --git a/src/runtime/extern.go b/src/runtime/extern.go +index 6e6c674d96..e9f62f96dc 100644 +--- a/src/runtime/extern.go ++++ b/src/runtime/extern.go +@@ -223,6 +223,17 @@ func GOROOT() string { + return sys.DefaultGoroot + } + ++// GOTOOLDIR returns the root of the Go tree. ++// It uses the GOTOOLDIR environment variable, if set, ++// or else the root used during the Go build. ++func GOTOOLDIR() string { ++ s := gogetenv("GOTOOLDIR") ++ if s != "" { ++ return s ++ } ++ return GOROOT() + "/pkg/tool/" + GOOS + "_" + GOARCH ++} ++ + // Version returns the Go tree's version string. + // It is either the commit hash and date at the time of the build or, + // when possible, a release tag like "go1.3". diff --git a/pkgs/development/compilers/go/ssl-cert-file-1.9.patch b/pkgs/development/compilers/go/ssl-cert-file-1.9.patch new file mode 100644 index 000000000000..3f27bc138c10 --- /dev/null +++ b/pkgs/development/compilers/go/ssl-cert-file-1.9.patch @@ -0,0 +1,80 @@ +diff --git a/src/crypto/x509/root_cgo_darwin.go b/src/crypto/x509/root_cgo_darwin.go +index 8e80533590..31c0c666ec 100644 +--- a/src/crypto/x509/root_cgo_darwin.go ++++ b/src/crypto/x509/root_cgo_darwin.go +@@ -201,11 +201,20 @@ int FetchPEMRoots(CFDataRef *pemRoots, CFDataRef *untrustedPemRoots) { + import "C" + import ( + "errors" ++ "io/ioutil" ++ "os" + "unsafe" + ) + + func loadSystemRoots() (*CertPool, error) { + roots := NewCertPool() ++ if file := os.Getenv("NIX_SSL_CERT_FILE"); file != "" { ++ data, err := ioutil.ReadFile(file) ++ if err == nil { ++ roots.AppendCertsFromPEM(data) ++ return roots, nil ++ } ++ } + + var data C.CFDataRef = nil + var untrustedData C.CFDataRef = nil +diff --git a/src/crypto/x509/root_darwin.go b/src/crypto/x509/root_darwin.go +index bc35a1cf21..21e52bec51 100644 +--- a/src/crypto/x509/root_darwin.go ++++ b/src/crypto/x509/root_darwin.go +@@ -81,18 +81,26 @@ func execSecurityRoots() (*CertPool, error) { + ) + } + +- cmd := exec.Command("/usr/bin/security", args...) +- data, err := cmd.Output() +- if err != nil { +- return nil, err +- } +- + var ( + mu sync.Mutex + roots = NewCertPool() + numVerified int // number of execs of 'security verify-cert', for debug stats + ) + ++ if file := os.Getenv("NIX_SSL_CERT_FILE"); file != "" { ++ data, err := ioutil.ReadFile(file) ++ if err == nil { ++ roots.AppendCertsFromPEM(data) ++ return roots, nil ++ } ++ } ++ ++ cmd := exec.Command("/usr/bin/security", args...) ++ data, err := cmd.Output() ++ if err != nil { ++ return nil, err ++ } ++ + blockCh := make(chan *pem.Block) + var wg sync.WaitGroup + +diff --git a/src/crypto/x509/root_unix.go b/src/crypto/x509/root_unix.go +index 65b5a5fdbc..c9c7ac6a74 100644 +--- a/src/crypto/x509/root_unix.go ++++ b/src/crypto/x509/root_unix.go +@@ -37,6 +37,13 @@ func (c *Certificate) systemVerify(opts *VerifyOptions) (chains [][]*Certificate + + func loadSystemRoots() (*CertPool, error) { + roots := NewCertPool() ++ if file := os.Getenv("NIX_SSL_CERT_FILE"); file != "" { ++ data, err := ioutil.ReadFile(file) ++ if err == nil { ++ roots.AppendCertsFromPEM(data) ++ return roots, nil ++ } ++ } + + files := certFiles + if f := os.Getenv(certFileEnv); f != "" { diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 848850b2f4d0..175b3a98df13 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -5699,7 +5699,11 @@ with pkgs; inherit (darwin.apple_sdk.frameworks) Security Foundation; }; - go = go_1_8; + go_1_9 = callPackage ../development/compilers/go/1.9.nix { + inherit (darwin.apple_sdk.frameworks) Security Foundation; + }; + + go = go_1_9; go-repo-root = callPackage ../development/tools/go-repo-root { };