-
-
Notifications
You must be signed in to change notification settings - Fork 18.1k
[wip] codesigning on Darwin #38624
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Closed
Closed
[wip] codesigning on Darwin #38624
Changes from all commits
Commits
Show all changes
21 commits
Select commit
Hold shift + click to select a range
e51405d
antlr: supports darwin
matthewbauer a77de95
xcbuild: add framework product
matthewbauer 7c1e397
xcbuild: set SYMROOT and OBJROOT
matthewbauer 65562e4
treewide: change install references for xcbuild
matthewbauer c3ce4ee
pbzx: init at 1.0.2
matthewbauer 72f8df9
swift-corelibs: init
matthewbauer d625fec
CoreSymbolication: init
matthewbauer 0b83326
darling: init
matthewbauer 4a515ed
dtrace: add xcode drv
matthewbauer c468b30
libsecurity_utilities: fixup
matthewbauer 71b53c0
libsecurity_codesigning: init
matthewbauer 77ac9c5
security_systemkeychain: init
matthewbauer ca788ec
gdb, lldb: codesign it!
matthewbauer 4f2c868
xcbuild: fix wrapper
matthewbauer a025bd3
SmartCardServices: init
matthewbauer 1371f23
darwin: fixup eval
matthewbauer 4cfb963
dtrace: patch impurities
matthewbauer 461317a
all-packages: add codesigning!
matthewbauer 9961c6e
darwin.codesign: cleanup
matthewbauer 7fced4f
libsecurity_apple_x509: add more symbols
matthewbauer 16ccc78
wip
matthewbauer File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,19 @@ | ||
| { fetchFromGitHub, stdenv }: | ||
|
|
||
| # Reverse engineered CoreSymbolication to make dtrace buildable | ||
|
|
||
| stdenv.mkDerivation rec { | ||
| name = "CoreSymbolication"; | ||
|
|
||
| src = fetchFromGitHub { | ||
| repo = name; | ||
| owner = "matthewbauer"; | ||
| rev = "671fcb66c82eac1827f3f53dc4cc4e9b1b94da0a"; | ||
| sha256 = "0qpw46gwgjxiwqqjxksb8yghp2q8dwad6hzaf4zl82xpvk9n5ahj"; | ||
| }; | ||
|
|
||
| installPhase = '' | ||
| mkdir -p $out/include | ||
| cp -r CoreSymbolication $out/include | ||
| ''; | ||
| } |
15 changes: 15 additions & 0 deletions
15
pkgs/os-specific/darwin/apple-source-releases/CarbonHeaders/full.nix
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,15 @@ | ||
| { stdenv, appleDerivation }: | ||
|
|
||
| appleDerivation { | ||
| phases = [ "unpackPhase" "installPhase" ]; | ||
|
|
||
| installPhase = '' | ||
| mkdir -p $out/include | ||
| cp MacTypes.h $out/include | ||
| cp ConditionalMacros.h $out/include | ||
| cp MacErrors.h $out/include | ||
|
|
||
| substituteInPlace $out/include/MacTypes.h \ | ||
| --replace "CarbonCore/" "" | ||
| ''; | ||
| } |
26 changes: 26 additions & 0 deletions
26
pkgs/os-specific/darwin/apple-source-releases/Security/libsecurity_authorization.nix
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,26 @@ | ||
| {appleDerivation, xcbuild, osx_private_sdk, apple_sdk, libsecurity_cssm}: | ||
| appleDerivation { | ||
| name = "libsecurity_authorization"; | ||
| buildInputs = [xcbuild libsecurity_cssm]; | ||
| postUnpack = "sourceRoot=\${sourceRoot}/libsecurity_authorization"; | ||
| NIX_CFLAGS_COMPILE = "-I../sec -Iinclude"; | ||
| patchPhase = '' | ||
| cp lib/*.h ../sec/Security | ||
|
|
||
| # private headers | ||
| mkdir -p include/CoreFoundation | ||
| cp ${osx_private_sdk.src}/PrivateSDK10.10.sparse.sdk/System/Library/Frameworks/CoreFoundation.framework/PrivateHeaders/CFXPCBridge.h include/CoreFoundation | ||
| mkdir -p include/xpc | ||
| cp ${apple_sdk.sdk}/include/xpc/* include/xpc | ||
| cp ${osx_private_sdk}/include/xpc/private.h include/xpc | ||
| ''; | ||
| installPhase = '' | ||
| # have no idea why it's called libsecurityd | ||
| install -D Products/Release/libsecurityd.a $out/lib/libsecurity_utilities.a | ||
|
|
||
| mkdir -p $out/include/security_utilities | ||
| cp -r Products/Release/derived_src/security_utilities $out/include/security_utilities | ||
| cp lib/*.h $out/include/security_utilities | ||
| ln -s $out/include/security_utilities $out/include/Security | ||
| ''; | ||
| } |
11 changes: 11 additions & 0 deletions
11
pkgs/os-specific/darwin/apple-source-releases/Security/libsecurity_comcryption.nix
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,11 @@ | ||
| {appleDerivation, xcbuild}: | ||
| appleDerivation { | ||
| name = "libsecurity_comcryption"; | ||
| buildInputs = [xcbuild]; | ||
| postUnpack = "sourceRoot=\${sourceRoot}/libsecurity_comcryption"; | ||
| installPhase = '' | ||
| mkdir -p $out/lib $out/include/security_comcryption | ||
| cp Products/Release/ComCryption.a $out/lib/libComCryption.a | ||
| cp lib/*.h $out/include/security_comcryption | ||
| ''; | ||
| } |
15 changes: 15 additions & 0 deletions
15
pkgs/os-specific/darwin/apple-source-releases/Security/libsecurity_cryptkit.nix
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,15 @@ | ||
| {appleDerivation, xcbuild, libsecurity_cssm, libsecurity_asn1}: | ||
| appleDerivation { | ||
| name = "libsecurity_cryptkit"; | ||
| buildInputs = [xcbuild libsecurity_cssm libsecurity_asn1]; | ||
| postUnpack = "sourceRoot=\${sourceRoot}/libsecurity_cryptkit"; | ||
| patchPhase = '' | ||
| rm ../include/security_asn1 | ||
| ''; | ||
| NIX_CFLAGS_COMPILE = "-I../sec"; | ||
| installPhase = '' | ||
| mkdir -p $out/lib $out/include/security_cryptkit | ||
| cp Products/Release/CryptKit.a $out/lib/libCryptKit.a | ||
| cp lib/*.h $out/include/security_cryptkit | ||
| ''; | ||
| } |
24 changes: 24 additions & 0 deletions
24
pkgs/os-specific/darwin/apple-source-releases/Security/libsecurity_transform.nix
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,24 @@ | ||
| { appleDerivation, xcbuild, apple_sdk, osx_private_sdk, libsecurity_keychain | ||
| , xnu, libsecurity_cssm, corecrypto, zlib }: | ||
| appleDerivation { | ||
| name = "libsecurity_transform"; | ||
| buildInputs = [ xcbuild libsecurity_keychain libsecurity_cssm | ||
| corecrypto apple_sdk.frameworks.CoreServices | ||
| zlib ]; | ||
| postUnpack = "sourceRoot=\${sourceRoot}/libsecurity_transform"; | ||
| NIX_CFLAGS_COMPILE = "-Iinclude -Wno-error -framework CoreServices"; | ||
| NIX_LDFLAGS = "-framework CoreServices"; | ||
| preBuild = '' | ||
| mkdir -p include/xpc | ||
| cp ${apple_sdk.sdk}/include/xpc/* include/xpc | ||
| cp ${osx_private_sdk}/include/xpc/private.h include/xpc | ||
| mkdir -p include/Security | ||
| cp lib/*.h include/Security | ||
| ''; | ||
| patchPhase = '' | ||
| substituteInPlace libsecurity_transform.xcodeproj/project.pbxproj \ | ||
| --replace \ | ||
| "{isa = PBXFileReference; explicitFileType = archive.ar; path = libsecurity_transform.a; sourceTree = BUILT_PRODUCTS_DIR; };" \ | ||
| "{isa = PBXFileReference; explicitFileType = compiled.mach-o.dylib; path = libsecurity_transform.dylib; sourceTree = BUILT_PRODUCTS_DIR; };" | ||
| ''; | ||
| } |
41 changes: 41 additions & 0 deletions
41
pkgs/os-specific/darwin/apple-source-releases/SmartCardServices/default.nix
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,41 @@ | ||
| { stdenv, appleDerivation, xcbuild, gnumake, Security | ||
| , libsecurity_utilities, libsecurity_cdsa_utilities }: | ||
|
|
||
| appleDerivation { | ||
| buildInputs = [ xcbuild libsecurity_utilities libsecurity_cdsa_utilities ]; | ||
|
|
||
| DSTROOT = "$out"; | ||
|
|
||
| NIX_CFLAGS_COMPILE = "-I."; | ||
| preBuild = '' | ||
| mkdir -p Security | ||
| cp ${Security}/Library/Frameworks/Security.framework/Headers/*.h Security | ||
| ''; | ||
|
|
||
| patchPhase = '' | ||
| substituteInPlace SmartCardServices.xcodeproj/project.pbxproj \ | ||
| --replace "/usr/bin/gnumake" "${gnumake}/bin/make" | ||
| substituteInPlace src/PCSC/PCSC.exp \ | ||
| --replace _PCSCVersionString "" \ | ||
| --replace _PCSCVersionNumber "" | ||
| substituteInPlace Makefile.installPhase \ | ||
| --replace chown "# chown" \ | ||
| --replace /usr/bin/ "" | ||
| ''; | ||
|
|
||
| installPhase = '' | ||
| make -f Makefile.installPhase install | ||
| make -f Makefile-exec.installPhase install | ||
| mv $out/usr/* $out | ||
| rmdir $out/usr | ||
|
|
||
| mkdir -p $out/Library/Frameworks | ||
| cp -r Products/Release/PCSC.bundle $out/Library/Frameworks/PCSC.framework | ||
| ''; | ||
|
|
||
| meta = with stdenv.lib; { | ||
| maintainers = with maintainers; [ matthewbauer ]; | ||
| platforms = platforms.darwin; | ||
| license = licenses.apsl20; | ||
| }; | ||
| } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
45 changes: 45 additions & 0 deletions
45
pkgs/os-specific/darwin/apple-source-releases/dtrace/xcode.nix
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,45 @@ | ||
| { appleDerivation, xcbuild, CoreSymbolication, xnu, bison, flex, darling, stdenv }: | ||
|
|
||
| appleDerivation { | ||
| buildInputs = [ xcbuild CoreSymbolication xnu bison flex darling ]; | ||
| NIX_CFLAGS_COMPILE = "-DCTF_OLD_VERSIONS -DPRIVATE -DYYDEBUG=1 -I${xnu}/Library/Frameworks/System.framework/Headers"; | ||
| NIX_LDFLAGS = "-L./Products/Release"; | ||
| xcbuildFlags = "-target dtrace"; | ||
|
|
||
| patchPhase = '' | ||
| substituteInPlace dtrace.xcodeproj/project.pbxproj --replace "/usr/sbin" "" | ||
| substituteInPlace libdtrace/dt_open.c \ | ||
| --replace "/usr/bin/clang" "${stdenv.cc}/bin/cpp" \ | ||
| --replace "/usr/bin/ld" "${stdenv.cc}/bin/ld" \ | ||
| --replace "/usr/bin/dtrace" $out/lib/dtrace | ||
| ''; | ||
|
|
||
| # hack to handle xcbuild's broken lex handling | ||
| preBuild = '' | ||
| cd libdtrace | ||
| yacc -d dt_grammar.y | ||
| flex -l -d dt_lex.l | ||
| cd .. | ||
|
|
||
| substituteInPlace dtrace.xcodeproj/project.pbxproj \ | ||
| --replace '6EBC9800099BFBBF0001019C /* dt_grammar.y */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.yacc; name = dt_grammar.y; path = libdtrace/dt_grammar.y; sourceTree = "<group>"; };' '6EBC9800099BFBBF0001019C /* y.tab.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; name = y.tab.c; path = libdtrace/y.tab.c; sourceTree = "<group>"; };' \ | ||
| --replace '6EBC9808099BFBBF0001019C /* dt_lex.l */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.lex; name = dt_lex.l; path = libdtrace/dt_lex.l; sourceTree = "<group>"; };' '6EBC9808099BFBBF0001019C /* lex.yy.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; name = lex.yy.c; path = libdtrace/lex.yy.c; sourceTree = "<group>"; };' | ||
| ''; | ||
|
|
||
| # xcbuild doesn't support install | ||
| installPhase = '' | ||
| mkdir -p $out | ||
|
|
||
| cp -r Products/Release/usr $out | ||
| mv $out/usr/* $out | ||
| rmdir $out/usr | ||
|
|
||
| mkdir $out/lib | ||
| cp Products/Release/*.dylib $out/lib | ||
|
|
||
| mkdir $out/bin | ||
| cp Products/Release/dtrace $out/bin | ||
|
|
||
| mkdir -p $out/lib/dtrace | ||
| ''; | ||
| } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ideally we would merge these into one- but we run into an issue in bootstrapping.