make-derivation: add disallowedReferences in strictDeps

When strictDeps = true, we don’t want native build inputs to end up in the output. For instance gcc is a builtin native build input and should only show up in an output if it is also listed in buildInputs. /cc @ericson2314
2018-10-29 13:33:42 -05:00 · 2018-10-29 13:33:42 -05:00 · 8dbfb61e46
parent a4234645fe
commit 8dbfb61e46
1 changed files with 16 additions and 0 deletions
--- a/pkgs/stdenv/generic/make-derivation.nix
+++ b/pkgs/stdenv/generic/make-derivation.nix
@ -226,6 +226,22 @@ rec {
          inherit doCheck doInstallCheck;

          inherit outputs;
+        } // lib.optionalAttrs strictDeps {
+          # Make sure "build" dependencies don’t leak into outputs. We
+          # want to disallow references to depsBuildBuild,
+          # nativeBuildInputs, and depsBuildTarget. But depsHostHost,
+          # buildInputs, and depsTargetTarget is okay, so we subtract
+          # those from disallowedReferences in case a dependency is
+          # listed in multiple dependency lists. We also include
+          # propagated dependencies here as well.
+          disallowedReferences = (attrs.disallowedReferences or [])
+          ++ (lib.subtractLists
+              (lib.concatLists ( (lib.elemAt propagatedDependencies 1) ++
+                                 (lib.elemAt dependencies 1) ++
+                                 (lib.elemAt propagatedDependencies 2) ++
+                                 (lib.elemAt dependencies 2) ) )
+              (lib.concatLists ( (lib.elemAt propagatedDependencies 0) ++
+                                 (lib.elemAt dependencies 0) ) ) );
        } // lib.optionalAttrs (stdenv.hostPlatform != stdenv.buildPlatform) {
          cmakeFlags =
            (/**/ if lib.isString cmakeFlags then [cmakeFlags]