[RFC] A large batch of cross-compilation fixes #30882
Conversation
|
I have also opened #30883 which isolates the (hopefully reasonably uncontroversial) |
|
Wow, this is impressive. Is there any way to cut the PR in smaller manageable chunks? Also, how do I test this? The nixpkgs has some notes on cross-compilation but it's not really clear how to trigger it. |
|
| @@ -15,7 +15,7 @@ stdenv.mkDerivation rec { | |||
| buildInputs = [ libnetfilter_conntrack libnftnl libmnl ]; | |||
|
|
|||
| preConfigure = '' | |||
| export NIX_LDFLAGS="$NIX_LDFLAGS -lmnl -lnftnl" | |||
| export NIX_LDFLAGS="$NIX_LDFLAGS -lmnl -lnftnl -ldl" | |||
| ''; | |||
There was a problem hiding this comment.
commit message typo, libld -> libdl
There was a problem hiding this comment.
Thanks! Fixed in my local branch.
|
@zimbatm buried within section 5.3 is nix-build <nixpkgs> --arg crossSystem '(import <nixpkgs/lib>).systems.examples.fooBarBazA concrete example would be nix-instantiate --arg crossSystem '(import ./lib).systems.examples.aarch64-multiplatform' -A systemduntil I do that above that should test this. |
Ericson2314
added
the
6.topic: cross-compilation
As @Ericson2314 has said, many of the changes are quite similar. That being said, some are not and deserve closer consideration. I can certainly break these out. |
|
Is there any way to make |
| '' | ||
|
|
||
| + '' | ||
| done |
There was a problem hiding this comment.
Is this not a good candidate for a dedicated PR on top of #29396 ?
| @@ -36,8 +38,11 @@ stdenv.mkDerivation rec { | |||
| mkdir -p $out/lib | |||
| cp src/.libs/libgcrypt.20.dylib $out/lib | |||
| ''; | |||
| configureFlags = [ | |||
| ''--with-libgpg-error-prefix=${libgpgerror.dev.outPath}'' | |||
| ]; | |||
There was a problem hiding this comment.
I am not sure this works at all. libgcrypt/libgpgerror produce some asm code during configure by producing binaries according to the machine architecture. I know these issues from my experiments with webassembly, which is similar to cross-compilation.
There was a problem hiding this comment.
I had a look at the git repo of libgcrypt and i meant libgcrypt/mpi in my previous comment.
| "AR=ar" | ||
| "RANLIB=ranlib" | ||
| "OBJCOPY=objcopy" | ||
| "CC=${stdenv.cc.prefix}gcc" |
There was a problem hiding this comment.
Shouldn't this be cc instead of gcc to be more clang-friendly?
| # However, some packages (libssh2) build non-installed executables | ||
| # in their build trees which link against shared libraries | ||
| # in their tree. Linking these breaks if we are so restrictive. | ||
| */*.so | */*.so.*) |
There was a problem hiding this comment.
Same here, shouldn't this be a separate PR by its own on top of #29396 ?
| # shared objects when cross-compiling. Consequently, we are forced to | ||
| # override this behavior, forcing ld to search DT_RPATH even when | ||
| # cross-compiling. | ||
| ./always-search-rpath.patch |
There was a problem hiding this comment.
Same here, shouldn't this be a separate PR on top of #29396 ?
pkgs/stdenv/adapters.nix
Outdated
| propagatedBuildInputs = propagatedBuildInputs ++ buildInputs; | ||
| propagatedBuildInputs = | ||
| propagatedBuildInputs ++ buildInputs ++ __depsBuildTargetPropagated ++ __depsHostHostPropagated ++ __depsTargetTarget ++ | ||
| depsBuildBuild ++ depsBuildTarget ++ __depsHostHost ++ __depsBuildBuildPropagated ++ __depsTargetTargetPropagated; |
There was a problem hiding this comment.
Same here, shouldn't this be a separate PR on top of #29396 ?
| @@ -49,7 +49,7 @@ let | |||
| ]; | |||
|
|
|||
| buildInputs = [ | |||
| perl | |||
| #perl | |||
There was a problem hiding this comment.
why not drop this comment here? Imho the --without-perl below is quite self-explanatory.
|
First of all many many kudos to @bgamari for this batch of insightful work. @Ericson2314 & @bgamari I noticed the following patterns for maintainers, please beat me if i misunderstood:
Also the following hacks are not obvious from a maintenance perspective, but work:
Finally, the following list of packages mentioned in this PR-changeset, should be picked in a separate PR in order to provide a minimum proper cross-compiling base set for package maintainers, in case this PR takes to long to hit master/staging:
P.S. Yes i went through each commit :) |
|
nice review @periklis! Would it make sense to start with a simple package like |
|
@zimbatm afaik
|
|
Thanks for the review @periklis! I'll split this up a bit more in the next few days. |
|
I sort of mentioned this to @bgamari on IRC, but let me reiterate here.
|
|
@Ericson2314 Thx for re-iterating the information on IRC. What do you think about the rest of the patterns, i identified above? I would be glad to know your opinion on that. Maybe these are too minor to bother. |
It crashes with gcc7.
Otherwise building this fails with -Werror warnings when bootstrapping from gcc7.
Otherwise gems tries to delete files for the build ruby.
This provides fw_printenv and fw_setenv, which are used to manipulate the bootloader configuration on some platforms.
The ipsec utility provided by strongswan is a shell script. Consequently we need to patch it to use the target's shell.
The strongswan-swanctl systemd service starts charon-systemd. This implements a IKE daemon very similar to charon, but it's specifically designed for use with systemd. It uses the systemd libraries for a native integration. Instead of using starter and an ipsec.conf based configuration, the daemon is directly managed by systemd and configured with the swanctl configuration backend. See: https://wiki.strongswan.org/projects/strongswan/wiki/Charon-systemd Note that the strongswan.conf and swantctl.conf configuration files are automatically generated based on NixOS options under services.strongswan-swanctl.strongswan and services.strongswan-swanctl.swanctl respectively.
I determined which options got changed by executing the following commands in the strongswan repository: git diff -U20 5.6.0..5.6.1 src/swanctl/swanctl.opt git diff -U20 5.6.0..5.6.1 conf
This reduces the number of options from 1152 to 756.
|
Just curious, are there still pieces of this that need to be "upstreamed"? |
|
There are a few more patches, but they really aren't upstreamable in their current form. Perl still remains the largest issue (#36675). I have reverted the commit cited in that ticket on my branch. Unfortunately I have been unable to build my rebased branch recently due to an inexplicable stack overflow in the nix interpreter. I'll need to sit down and try to debug this some day. |
|
A lot of cross-related changes have been merged since this PR. Because this can't be merged in this state anyway I am closing this now. I think it's better to pick the things that are mergeable and open smaller PR's for them. |
Note: The prefix of commits authored by @Ericson2314 can be ignored for the purposes of this pull request. These are prerequisites for this work but I'll leave upstreaming these to @Ericson2314.
Motivation for this change
Allow Nix to cross-compile a basic system environment.
Things done
The only testing I have done thusfar is to build
systemdand its dependencies with the following overlay:That being said, this was no small feat. I would like to start getting pieces of this work upstream but I'm a bit uncertain as to how to go about this as there are a few open questions. Namely,
doCheck = stdenv.buildPlatform == stdenv.hostPlatform?buildPackages.tonativeBuildInputs? Shouldn't this be redundant? Is there perhaps a bug, @Ericson2314?fetchurlalways use build packages? Is the approach I took here acceptable? It seems something similar will need to be done withunpackCmd.Always search DT_RPATHhack acceptable?configurescripts have tests that want to run host programs on the build machine. This obviously isn't possible so I provide these test results manually (see, for instance, thekrb5expression). These are of course guesses, but I believe they should apply in most sensible environments. Is this acceptable?Whatever reviews you can offer are greatly appreciated but I really just wanted to raise a flag so people know this work exists.
build-use-sandboxinnix.confon non-NixOS)nix-shell -p nox --run "nox-review wip"./result/bin/)