Skip to content

zig: disable libcxx hardening flags#463199

Open
DDoSolitary wants to merge 1 commit intoNixOS:masterfrom
DDoSolitary:fix-zig-libcpp-harden
Open

zig: disable libcxx hardening flags#463199
DDoSolitary wants to merge 1 commit intoNixOS:masterfrom
DDoSolitary:fix-zig-libcpp-harden

Conversation

@DDoSolitary
Copy link
Contributor

@DDoSolitary DDoSolitary commented Nov 19, 2025
edited
Loading

The libcxxhardeningfast and libcxxhardeingextensive hardening flags introduced by #442945 add _LIBCPP_HARDENING_MODE definitions to compiler invocations, but zig already sets it automatically. This causes macro redefinition warnings (or errors if -Werror is enabled) when compiling C++ projects with zigStdenv.

https://github.com/ziglang/zig/blob/4ea472808437c932f6240c0df5e4d5912d282052/src/libs/libcxx.zig#L542-L544

Repro:

nix build -L --impure --expr 'with builtins.getFlake "git+file:///home/ddosolitary/nixpkgs"; with legacyPackages.x86_64-linux; (hello-cpp.override { stdenv = zigStdenv; }).overrideAttrs { cmakeFlags = [ "-DCMAKE_CXX_LINKER_DEPFILE_SUPPORTED=OFF" ]; env.CXXFLAGS = "-Werror"; }'
hello-cpp> Running phase: unpackPhase
hello-cpp> unpacking source archive /nix/store/icxd577v8wc16sankg0di3wg5dpa6zdq-src
hello-cpp> source root is src
hello-cpp> Running phase: patchPhase
hello-cpp> Running phase: updateAutotoolsGnuConfigScriptsPhase
hello-cpp> Running phase: configurePhase
hello-cpp> cmake flags: -GNinja -DCMAKE_FIND_USE_SYSTEM_PACKAGE_REGISTRY=OFF -DCMAKE_FIND_USE_PACKAGE_REGISTRY=OFF -DCMAKE_EXPORT_NO_PACKAGE_REGISTRY=ON -DCMAKE_BUILD_TYPE=Release -DBUILD_TESTING=OFF -DCMAKE_INSTALL_LOCALEDIR=/nix/store/276rwjs6xcxr2xaz8agm4mldi2ni40fl-hello-cpp/share/locale -DCMAKE_INSTALL_LIBEXECDIR=/nix/store/276rwjs6xcxr2xaz8agm4mldi2ni40fl-hello-cpp/libexec -DCMAKE_INSTALL_LIBDIR=/nix/store/276rwjs6xcxr2xaz8agm4mldi2ni40fl-hello-cpp/lib -DCMAKE_INSTALL_DOCDIR=/nix/store/276rwjs6xcxr2xaz8agm4mldi2ni40fl-hello-cpp/share/doc/hello-cpp -DCMAKE_INSTALL_INFODIR=/nix/store/276rwjs6xcxr2xaz8agm4mldi2ni40fl-hello-cpp/share/info -DCMAKE_INSTALL_MANDIR=/nix/store/276rwjs6xcxr2xaz8agm4mldi2ni40fl-hello-cpp/share/man -DCMAKE_INSTALL_INCLUDEDIR=/nix/store/276rwjs6xcxr2xaz8agm4mldi2ni40fl-hello-cpp/include -DCMAKE_INSTALL_SBINDIR=/nix/store/276rwjs6xcxr2xaz8agm4mldi2ni40fl-hello-cpp/sbin -DCMAKE_INSTALL_BINDIR=/nix/store/276rwjs6xcxr2xaz8agm4mldi2ni40fl-hello-cpp/bin -DCMAKE_INSTALL_NAME_DIR=/nix/store/276rwjs6xcxr2xaz8agm4mldi2ni40fl-hello-cpp/lib -DCMAKE_STRIP= -DCMAKE_RANLIB=/nix/store/yyfy4mihm2nvb3in1zw5fvjrgnwhgwkf-zig-cc-wrapper-0.15.2/bin/ranlib -DCMAKE_AR=/nix/store/yyfy4mihm2nvb3in1zw5fvjrgnwhgwkf-zig-cc-wrapper-0.15.2/bin/ar -DCMAKE_C_COMPILER=clang -DCMAKE_CXX_COMPILER=clang++ -DCMAKE_INSTALL_PREFIX=/nix/store/276rwjs6xcxr2xaz8agm4mldi2ni40fl-hello-cpp -DCMAKE_CXX_LINKER_DEPFILE_SUPPORTED=OFF
hello-cpp> -- The C compiler identification is Clang 20.1.8
hello-cpp> -- The CXX compiler identification is Clang 20.1.8
hello-cpp> -- Detecting C compiler ABI info
hello-cpp> -- Detecting C compiler ABI info - done
hello-cpp> -- Check for working C compiler: /nix/store/yyfy4mihm2nvb3in1zw5fvjrgnwhgwkf-zig-cc-wrapper-0.15.2/bin/clang - skipped
hello-cpp> -- Detecting C compile features
hello-cpp> -- Detecting C compile features - done
hello-cpp> -- Detecting CXX compiler ABI info
hello-cpp> -- Detecting CXX compiler ABI info - done
hello-cpp> -- Check for working CXX compiler: /nix/store/yyfy4mihm2nvb3in1zw5fvjrgnwhgwkf-zig-cc-wrapper-0.15.2/bin/clang++ - skipped
hello-cpp> -- Detecting CXX compile features
hello-cpp> -- Detecting CXX compile features - done
hello-cpp> -- Configuring done (9.7s)
hello-cpp> -- Generating done (0.0s)
hello-cpp> CMake Warning:
hello-cpp>   Manually-specified variables were not used by the project:
hello-cpp> 
hello-cpp>     BUILD_TESTING
hello-cpp>     CMAKE_EXPORT_NO_PACKAGE_REGISTRY
hello-cpp>     CMAKE_FIND_USE_PACKAGE_REGISTRY
hello-cpp>     CMAKE_FIND_USE_SYSTEM_PACKAGE_REGISTRY
hello-cpp>     CMAKE_INSTALL_DOCDIR
hello-cpp>     CMAKE_INSTALL_INCLUDEDIR
hello-cpp>     CMAKE_INSTALL_INFODIR
hello-cpp>     CMAKE_INSTALL_LIBDIR
hello-cpp>     CMAKE_INSTALL_LIBEXECDIR
hello-cpp>     CMAKE_INSTALL_LOCALEDIR
hello-cpp>     CMAKE_INSTALL_MANDIR
hello-cpp>     CMAKE_INSTALL_SBINDIR
hello-cpp> 
hello-cpp> 
hello-cpp> -- Build files have been written to: /build/src/build
hello-cpp> cmake: enabled parallel building
hello-cpp> cmake: enabled parallel installing
hello-cpp> Running phase: buildPhase
hello-cpp> build flags: -j24
hello-cpp> [1/2] Building CXX object CMakeFiles/hello-cpp.dir/main.cpp.o
hello-cpp> FAILED: [code=1] CMakeFiles/hello-cpp.dir/main.cpp.o
hello-cpp> /nix/store/yyfy4mihm2nvb3in1zw5fvjrgnwhgwkf-zig-cc-wrapper-0.15.2/bin/clang++   -Werror -O3 -DNDEBUG -MD -MT CMakeFiles/hello-cpp.dir/main.cpp.o -MF CMakeFiles/hello-cpp.dir/main.cpp.o.d -o CMakeFiles/hello-cpp.dir/main.cpp.o -c /build/src/main.cpp
hello-cpp> In file included from <built-in>:478:
hello-cpp> <command line>:23:9: error: '_LIBCPP_HARDENING_MODE' macro redefined [-Werror,-Wmacro-redefined]
hello-cpp>    23 | #define _LIBCPP_HARDENING_MODE _LIBCPP_HARDENING_MODE_EXTENSIVE
hello-cpp>       |         ^
hello-cpp> <command line>:20:9: note: previous definition is here
hello-cpp>    20 | #define _LIBCPP_HARDENING_MODE _LIBCPP_HARDENING_MODE_NONE
hello-cpp>       |         ^
hello-cpp> 1 error generated.
hello-cpp> ninja: build stopped: subcommand failed.
error: builder for '/nix/store/si1ag79a442k2vg0615jbvfkcw8ygz2m-hello-cpp.drv' failed with exit code 1;
       last 25 log lines:
       >     CMAKE_INSTALL_INFODIR
       >     CMAKE_INSTALL_LIBDIR
       >     CMAKE_INSTALL_LIBEXECDIR
       >     CMAKE_INSTALL_LOCALEDIR
       >     CMAKE_INSTALL_MANDIR
       >     CMAKE_INSTALL_SBINDIR
       >
       > 
       > -- Build files have been written to: /build/src/build
       > cmake: enabled parallel building
       > cmake: enabled parallel installing
       > Running phase: buildPhase
       > build flags: -j24
       > [1/2] Building CXX object CMakeFiles/hello-cpp.dir/main.cpp.o
       > FAILED: [code=1] CMakeFiles/hello-cpp.dir/main.cpp.o
       > /nix/store/yyfy4mihm2nvb3in1zw5fvjrgnwhgwkf-zig-cc-wrapper-0.15.2/bin/clang++   -Werror -O3 -DNDEBUG -MD -MT CMakeFiles/hello-cpp.dir/main.cpp.o -MF CMakeFiles/hello-cpp.dir/main.cpp.o.d -o CMakeFiles/hello-cpp.dir/main.cpp.o -c /build/src/main.cpp
       > In file included from <built-in>:478:
       > <command line>:23:9: error: '_LIBCPP_HARDENING_MODE' macro redefined [-Werror,-Wmacro-redefined]
       >    23 | #define _LIBCPP_HARDENING_MODE _LIBCPP_HARDENING_MODE_EXTENSIVE
       >       |         ^
       > <command line>:20:9: note: previous definition is here
       >    20 | #define _LIBCPP_HARDENING_MODE _LIBCPP_HARDENING_MODE_NONE
       >       |         ^
       > 1 error generated.
       > ninja: build stopped: subcommand failed.
       For full logs, run 'nix log /nix/store/si1ag79a442k2vg0615jbvfkcw8ygz2m-hello-cpp.drv'.

Things done

  • Built on platform:
    • x86_64-linux
    • aarch64-linux
    • x86_64-darwin
    • aarch64-darwin
  • Tested, as applicable:
  • Ran nixpkgs-review on this PR. See nixpkgs-review usage.
  • Tested basic functionality of all binary files, usually in ./result/bin/.
  • Nixpkgs Release Notes
    • Package update: when the change is major or breaking.
  • NixOS Release Notes
    • Module addition: when adding a new NixOS module.
    • Module update: when the change is significant.
  • Fits CONTRIBUTING.md, pkgs/README.md, maintainers/README.md and other READMEs.

Add a 👍 reaction to pull requests you find important.

@nixpkgs-ci nixpkgs-ci bot requested a review from RossComputerGuy November 19, 2025 14:26
@nixpkgs-ci nixpkgs-ci bot added 10.rebuild-linux: 1-10 This PR causes between 1 and 10 packages to rebuild on Linux. 10.rebuild-darwin: 1-10 This PR causes between 1 and 10 packages to rebuild on Darwin. 10.rebuild-darwin: 1 This PR causes 1 package to rebuild on Darwin. 6.topic: zig Zig is an imperative, general-purpose, statically typed, compiled system programming language. labels Nov 19, 2025
@RossComputerGuy
Copy link
Member

RossComputerGuy commented Nov 19, 2025 

hello-cpp-aarch64-unknown-linux-gnu> [1/2] Building CXX object CMakeFiles/hello-cpp.dir/main.cpp.o
hello-cpp-aarch64-unknown-linux-gnu> [2/2] Linking CXX executable hello-cpp
hello-cpp-aarch64-unknown-linux-gnu> FAILED: [code=1] hello-cpp
hello-cpp-aarch64-unknown-linux-gnu> : && /nix/store/2j7nd7wmmssr2x95zdvi9qi0w6aq1rd8-aarch64-unknown-linux-gnu-zig-cc-wrapper-0.15.2/bin/aarch64-unknown-linux-gnu-clang++ -O3 -DNDEBUG -Xlinker --dependency-file=CMakeFiles/hello-cpp.dir/link.d CMakeFiles/hello-cpp.dir/main.cpp.o -o hello-cpp   && :
hello-cpp-aarch64-unknown-linux-gnu> error: unsupported linker arg: --dependency-file=CMakeFiles/hello-cpp.dir/link.d
hello-cpp-aarch64-unknown-linux-gnu> ninja: build stopped: subcommand failed.

I get this when building with your PR for pkgsZig.hello-cpp.

@DDoSolitary
Copy link
Contributor Author

DDoSolitary commented Nov 19, 2025
edited
Loading

@RossComputerGuy The error is irrelevant to this PR. It occurs on current nixpkgs master without this PR, and is caused by incompatibility between Zig and CMake: ziglang/zig-bootstrap#206

You can work around it as shown in my repro command: hello-cpp.overrideAttrs { cmakeFlags = [ "-DCMAKE_CXX_LINKER_DEPFILE_SUPPORTED=OFF" ]; }

RossComputerGuy
RossComputerGuy requested changes Nov 19, 2025
View reviewed changes
@DDoSolitary
zig: disable libcxx hardening flags
a55e7e1 
The libcxxhardeningfast and libcxxhardeingextensive hardening flags
introduced by NixOS#442945 add _LIBCPP_HARDENING_MODE definitions to compiler
invocations, but zig already sets it automatically. This causes macro
re-definition warnings (or errors if -Werror is enabled) when compiling
C++ projects with zigStdenv.
@DDoSolitary DDoSolitary force-pushed the fix-zig-libcpp-harden branch from 52e6428 to a55e7e1 Compare November 19, 2025 21:00
GabrielDougherty
GabrielDougherty approved these changes Dec 7, 2025
View reviewed changes
Copy link
Member

@GabrielDougherty GabrielDougherty left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nixpkgs-review result

Generated using nixpkgs-review.

Command: nixpkgs-review pr 463199
Commit: a55e7e1073f0275e5e6b7b58cc28a696790ccc9d

aarch64-darwin

✅ 2 packages built:
  • nixpkgs-manual
  • zigStdenv

@nixpkgs-ci nixpkgs-ci bot added the 12.approvals: 1 This PR was reviewed and approved by one person. label Dec 7, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@RossComputerGuy RossComputerGuy Awaiting requested review from RossComputerGuy

1 more reviewer

@GabrielDougherty GabrielDougherty GabrielDougherty approved these changes

Reviewers whose approvals may not affect merge requirements

Requested changes must be addressed to merge this pull request.

Assignees

No one assigned

Labels

6.topic: zig Zig is an imperative, general-purpose, statically typed, compiled system programming language. 10.rebuild-darwin: 1-10 This PR causes between 1 and 10 packages to rebuild on Darwin. 10.rebuild-darwin: 1 This PR causes 1 package to rebuild on Darwin. 10.rebuild-linux: 1-10 This PR causes between 1 and 10 packages to rebuild on Linux. 12.approvals: 1 This PR was reviewed and approved by one person.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@DDoSolitary @RossComputerGuy @GabrielDougherty