Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Reference on xgcc-*-libgcc package #227981

Closed
veehaitch opened this issue Apr 24, 2023 · 6 comments
Closed

Reference on xgcc-*-libgcc package #227981

veehaitch opened this issue Apr 24, 2023 · 6 comments

Comments

@veehaitch
Copy link
Member

veehaitch commented Apr 24, 2023
edited
Loading

Issue description

Since #209870, every package which depends on glibc has a dependency on xgcc-*-libgcc:

nix path-info -r $(nix build --print-out-paths --no-link github:nixos/nixpkgs/5f57c2e#hello)
/nix/store/03wnlvjlmnl7apj8af79l6l7293dpbkl-libunistring-1.1
/nix/store/d3w6v846k00pn3nilj14788i3mxbfsak-libidn2-2.3.2
/nix/store/inc9pp65rs7nxi3pv0mm35kj4arp9v67-xgcc-12.2.0-libgcc
/nix/store/qgfa76mgh1m1376npkwbmlsdwycl96k1-glibc-2.35-224
/nix/store/jfyz86p3fgpadwxc16gzvwar6sh42gvw-hello-2.12.1

As far as I can tell, there's no attribute which exposes the derivation.

For some of our systemd services running in a chroot jail, we use explicit confinement. Think systemd.services.<name>.confinement.packages but for the entire unit. Consider the following example systemd service which runs hello in a chroot jail before #209870:

{ pkgs, lib, ... }:
{
  systemd.services.hello = {
    enable = true;
    wantedBy = [ "multi-user.target" ];
  
    serviceConfig = {
      ExecStart = lib.getExe pkgs.hello;
      Type = "oneshot";
      RemainAfterExit = true;

      DynamicUser = true;
  
      RuntimeDirectory = [ "hello" ];
      RootDirectory = "%t/hello";
      BindReadOnlyPaths = with pkgs; [
        hello.out
        glibc.out
        libidn2.out
        libunistring.out
      ];
    };
  };
}

Is there any way I can get a reference on xgcc-*-libgcc to add the package to BindReadOnlyPaths=? stdenv.cc.cc.libgcc is a dependency I'd expect but, quite frankly, I don't understand the bootstrapping of GCC well enough.

cc @amjoseph-nixpkgs who authored #209870.
@ghost
Copy link

ghost commented Apr 24, 2023

Since #209870, every package which depends on glibc has a dependency on xgcc-*-libgcc:

Correct. That is not a bug.

Glibc has required libgcc for over a decade by now; we simply weren't packaging it separately.

@ghost ghost closed this as completed Apr 24, 2023
@ghost
Copy link

ghost commented Apr 24, 2023

Is there any way I can get a reference on xgcc-*-libgcc to add the package to BindReadOnlyPaths=?

I don't use systemd or NixOS, so maybe this makes no sense, but can't you just use stdenv.cc.cc.libgcc or null?

@veehaitch
Copy link
Member Author

Thanks for responding so quickly, @amjoseph-nixpkgs!

Correct. That is not a bug.

Glibc has required libgcc for over a decade by now; we simply weren't packaging it separately.

I guess I didn't convey what's the issue: I'm well aware that you added a dedicated package intentionally. I'm just not sure how I could get a reference to that package which is now part of almost any closure.

Is there any way I can get a reference on xgcc-*-libgcc to add the package to BindReadOnlyPaths=?

I don't use systemd or NixOS, so maybe this makes no sense, but can't you just use stdenv.cc.cc.libgcc or null?

That would be totally acceptable to me, yes! However, that's not the correct package:

$ nix why-depends github:nixos/nixpkgs/5f57c2e#hello github:nixos/nixpkgs/5f57c2e#stdenv.cc.cc.libgcc
'github:nixos/nixpkgs/5f57c2e#hello' does not depend on 'github:nixos/nixpkgs/5f57c2e#stdenv.cc.cc.libgcc'
$ nix build --print-out-paths --no-link github:nixos/nixpkgs/5f57c2e#stdenv.cc.cc.libgcc
/nix/store/5vw1jps97aj3r76rkj7jmq8wijssipji-gcc-12.2.0-libgcc

The required dependency is xgcc-12.2.0-libgcc, not gcc-12.2.0-libgcc:

$ nix path-info -r $(nix build --print-out-paths --no-link github:nixos/nixpkgs/5f57c2e#hello) | grep "libgcc"
/nix/store/inc9pp65rs7nxi3pv0mm35kj4arp9v67-xgcc-12.2.0-libgcc
$ nix why-depends github:nixos/nixpkgs/5f57c2e#hello /nix/store/inc9pp65rs7nxi3pv0mm35kj4arp9v67-xgcc-12.2.0-libgcc
/nix/store/jfyz86p3fgpadwxc16gzvwar6sh42gvw-hello-2.12.1
└───/nix/store/qgfa76mgh1m1376npkwbmlsdwycl96k1-glibc-2.35-224
    └───/nix/store/inc9pp65rs7nxi3pv0mm35kj4arp9v67-xgcc-12.2.0-libgcc

@veehaitch veehaitch reopened this Apr 25, 2023
@wegank
Copy link
Member

wegank commented Apr 25, 2023

Are you looking for: glibc.libgcc?

@veehaitch
Copy link
Member Author

Are you looking for: glibc.libgcc?

That was easy:

$ nix why-depends github:nixos/nixpkgs/5f57c2e#hello github:nixos/nixpkgs/5f57c2e#glibc.libgcc
/nix/store/jfyz86p3fgpadwxc16gzvwar6sh42gvw-hello-2.12.1
└───/nix/store/qgfa76mgh1m1376npkwbmlsdwycl96k1-glibc-2.35-224
    └───/nix/store/inc9pp65rs7nxi3pv0mm35kj4arp9v67-xgcc-12.2.0-libgcc

Thanks a lot @wegank 🙏🏻

@ghost
Copy link

ghost commented May 5, 2023

The required dependency is xgcc-12.2.0-libgcc, not gcc-12.2.0-libgcc:

Ah, try stdenv.cc.cc.stdenv.cc.cc.libgcc (note the extra .stdenv.cc.cc which means "the compiler that compiled that compiler):

nix-instantiate . -A stdenv.cc.cc.stdenv.cc.cc
warning: you did not specify '--add-root'; the result might be removed by the garbage collector
/nix/store/wg247ls59dbnd2mipj2daifq33mbr5kv-xgcc-12.2.0.drv

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@wegank @veehaitch