From 2799fe4cdbe77e017544f2fe61ae9baef650dbe6 Mon Sep 17 00:00:00 2001 From: pennae Date: Tue, 21 Dec 2021 19:34:40 +0100 Subject: enable LTO in optimized builds MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit gives 2-5% performance improvement across a board of tests. LTO is broken when using clang; some libs link fine while others crash the linker with a segfault in the llvm linker plugin. 🙁 --- configure.ac | 14 ++++++++++++++ 1 file changed, 14 insertions(+) (limited to 'configure.ac') diff --git a/configure.ac b/configure.ac index 8a01c33ec..a86d88fad 100644 --- a/configure.ac +++ b/configure.ac @@ -147,6 +147,20 @@ if test "x$GCC_ATOMIC_BUILTINS_NEED_LIBATOMIC" = xyes; then LDFLAGS="-latomic $LDFLAGS" fi +# LTO is currently broken with clang for unknown reasons; ld segfaults in the llvm plugin +AC_ARG_ENABLE(lto, AS_HELP_STRING([--enable-lto],[Enable LTO (only supported with GCC) [default=no]]), + lto=$enableval, lto=no) +if test "$lto" = yes; then + if $CXX --version | grep -q GCC; then + AC_SUBST(CXXLTO, [-flto=jobserver]) + else + echo "error: LTO is only supported with GCC at the moment" >&2 + exit 1 + fi +else + AC_SUBST(CXXLTO, [""]) +fi + PKG_PROG_PKG_CONFIG AC_ARG_ENABLE(shared, AS_HELP_STRING([--enable-shared],[Build shared libraries for Nix [default=yes]]), -- cgit v1.2.3 From cbf60bec6ff900e6759b439b782c8cef163b3046 Mon Sep 17 00:00:00 2001 From: Yorick van Pelt Date: Tue, 24 May 2022 16:26:40 +0200 Subject: configure.ac: check for sandbox-shell's FEATURE_SH_STANDALONE See also: https://bugs.archlinux.org/task/73998. Busybox's FEATURE_SH_STANDALONE feature causes other busybox applets to leak into the sandbox, where system() calls will start preferring them over tools in $PATH. On arch, this even includes `ar`. Let's check for this evil feature and disallow using this as a sandbox shell. --- configure.ac | 11 +++++++++++ 1 file changed, 11 insertions(+) (limited to 'configure.ac') diff --git a/configure.ac b/configure.ac index 8a01c33ec..715c70de1 100644 --- a/configure.ac +++ b/configure.ac @@ -294,6 +294,17 @@ esac AC_ARG_WITH(sandbox-shell, AS_HELP_STRING([--with-sandbox-shell=PATH],[path of a statically-linked shell to use as /bin/sh in sandboxes]), sandbox_shell=$withval) AC_SUBST(sandbox_shell) +if ! test -z ${sandbox_shell+x}; then + AC_MSG_CHECKING([whether sandbox-shell has the standalone feature]) + # busybox shell sometimes allows executing other busybox applets, + # even if they are not in the path, breaking our sandbox + if PATH= $sandbox_shell -c "busybox" 2>&1 | grep -qv "not found"; then + AC_MSG_RESULT(enabled) + AC_MSG_ERROR([Please disable busybox FEATURE_SH_STANDALONE]) + else + AC_MSG_RESULT(disabled) + fi +fi # Expand all variables in config.status. test "$prefix" = NONE && prefix=$ac_default_prefix -- cgit v1.2.3 From 7e52472759bfecbbfc9146fd0992361ea930f195 Mon Sep 17 00:00:00 2001 From: Yorick van Pelt Date: Tue, 24 May 2022 17:00:27 +0200 Subject: configure.ac: don't run sandbox-shell test when cross compiling --- configure.ac | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'configure.ac') diff --git a/configure.ac b/configure.ac index 715c70de1..789dfdb3c 100644 --- a/configure.ac +++ b/configure.ac @@ -294,7 +294,7 @@ esac AC_ARG_WITH(sandbox-shell, AS_HELP_STRING([--with-sandbox-shell=PATH],[path of a statically-linked shell to use as /bin/sh in sandboxes]), sandbox_shell=$withval) AC_SUBST(sandbox_shell) -if ! test -z ${sandbox_shell+x}; then +if test ${cross_compiling:-no} = no && ! test -z ${sandbox_shell+x}; then AC_MSG_CHECKING([whether sandbox-shell has the standalone feature]) # busybox shell sometimes allows executing other busybox applets, # even if they are not in the path, breaking our sandbox -- cgit v1.2.3 From 925b97522497e9c0f7a385c904410e560796208f Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Wed, 22 Jun 2022 18:21:37 +0200 Subject: Embed the sandbox shell into the statically linked 'nix' binary With this, Nix will write a copy of the sandbox shell to /bin/sh in the sandbox rather than bind-mounting it from the host filesystem. This makes /bin/sh work out of the box with nix-static, i.e. you no longer get /nix/store/qa36xhc5gpf42l3z1a8m1lysi40l9p7s-bootstrap-stage4-stdenv-linux/setup: ./configure: /bin/sh: bad interpreter: No such file or directory --- configure.ac | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'configure.ac') diff --git a/configure.ac b/configure.ac index 15d5606c9..f0210ab78 100644 --- a/configure.ac +++ b/configure.ac @@ -320,6 +320,14 @@ if test ${cross_compiling:-no} = no && ! test -z ${sandbox_shell+x}; then fi fi +AC_ARG_ENABLE(embedded-sandbox-shell, AS_HELP_STRING([--enable-embedded-sandbox-shell],[include the sandbox shell in the Nix binary [default=no]]), + embedded_sandbox_shell=$enableval, embedded_sandbox_shell=no) +AC_SUBST(embedded_sandbox_shell) +if test "$embedded_sandbox_shell" = yes; then + AC_DEFINE(HAVE_EMBEDDED_SANDBOX_SHELL, 1, [Include the sandbox shell in the Nix binary.]) +fi + + # Expand all variables in config.status. test "$prefix" = NONE && prefix=$ac_default_prefix test "$exec_prefix" = NONE && exec_prefix='${prefix}' -- cgit v1.2.3 From d1cda07ce47064bda2c609a0290c867295ddd0a8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Th=C3=A9ophane=20Hufschmitt?= Date: Wed, 25 May 2022 11:37:01 +0200 Subject: Don't use -load_all on darwin That flag breaks `-lc++fs` (introducing a duplicate symbol for some reason). Besides, it was apparently needed for bzip2, but we're not using bzip2 anymore. --- configure.ac | 9 --------- 1 file changed, 9 deletions(-) (limited to 'configure.ac') diff --git a/configure.ac b/configure.ac index f0210ab78..64fa12fc7 100644 --- a/configure.ac +++ b/configure.ac @@ -296,15 +296,6 @@ AC_CHECK_FUNCS([setresuid setreuid lchown]) AC_CHECK_FUNCS([strsignal posix_fallocate sysconf]) -# This is needed if bzip2 is a static library, and the Nix libraries -# are dynamic. -case "${host_os}" in - darwin*) - LDFLAGS="-all_load $LDFLAGS" - ;; -esac - - AC_ARG_WITH(sandbox-shell, AS_HELP_STRING([--with-sandbox-shell=PATH],[path of a statically-linked shell to use as /bin/sh in sandboxes]), sandbox_shell=$withval) AC_SUBST(sandbox_shell) -- cgit v1.2.3