Add some workarounds for issues encountered on NixOS.

Specify -DENABLE_NIXOS=ON to enable the workarounds. - Using CMAKE_INSTALL_PREFIX in paths causes a double-path issue. This only seems to happen on NixOS. - std::locale's constructor ends up calling getdents64(), so this syscall needs to be whitelisted. Only on NixOS though, since other Linux distros don't need it... Fixes #406: Building on NixOS returns "invalid system call" Reported by @Whovian9369.
GerbilSoft · Oct 25, 2024 · adc780f · adc780f
1 parent 2314011
commit adc780f
Show file tree

Hide file tree

Showing 6 changed files with 45 additions and 13 deletions.
diff --git a/NEWS.md b/NEWS.md
@@ -94,6 +94,10 @@
   * WiiTicket: Recognize CA04-XS09 from early Wii U titles.
   * Windows: Reverted an rpcli manifest change from v2.1 that broke
     compatibility with Windows XP.
+  * Added some workarounds for NixOS. Specify -DENABLE_NIXOS=ON when building
+    for NixOS to enable the workarounds.
+    * Fixes #406: Building on NixOS returns "invalid system call"
+      * Reported by @Whovian9369.
 
 ## v2.3 (released 2024/03/03)
 

diff --git a/cmake/macros/DirInstallPaths.cmake b/cmake/macros/DirInstallPaths.cmake
@@ -65,10 +65,19 @@ IF(UNIX AND NOT APPLE)
 	SET(DIR_INSTALL_XDG_MIME "share/mime")
 	SET(DIR_INSTALL_XDG_DESKTOP "share/applications")
 	SET(DIR_INSTALL_XDG_APPSTREAM "share/metainfo")
-	SET(DIR_INSTALL_EXE_DEBUG "lib/debug/${CMAKE_INSTALL_PREFIX}/${DIR_INSTALL_EXE}")
-	SET(DIR_INSTALL_DLL_DEBUG "lib/debug/${CMAKE_INSTALL_PREFIX}/${DIR_INSTALL_DLL}")
-	SET(DIR_INSTALL_LIB_DEBUG "lib/debug/${CMAKE_INSTALL_PREFIX}/${DIR_INSTALL_LIB}")
-	SET(DIR_INSTALL_LIBEXEC_DEBUG "lib/debug/${CMAKE_INSTALL_PREFIX}/${DIR_INSTALL_LIBEXEC}")
+
+	IF(ENABLE_NIXOS)
+		# NixOS ends up with a double-path issue if CMAKE_INSTALL_PREFIX is specified here.
+		SET(DIR_INSTALL_EXE_DEBUG "lib/debug/${DIR_INSTALL_EXE}")
+		SET(DIR_INSTALL_DLL_DEBUG "lib/debug/${DIR_INSTALL_DLL}")
+		SET(DIR_INSTALL_LIB_DEBUG "lib/debug/${DIR_INSTALL_LIB}")
+		SET(DIR_INSTALL_LIBEXEC_DEBUG "lib/debug/${DIR_INSTALL_LIBEXEC}")
+	ELSE(ENABLE_NIXOS)
+		SET(DIR_INSTALL_EXE_DEBUG "lib/debug/${CMAKE_INSTALL_PREFIX}/${DIR_INSTALL_EXE}")
+		SET(DIR_INSTALL_DLL_DEBUG "lib/debug/${CMAKE_INSTALL_PREFIX}/${DIR_INSTALL_DLL}")
+		SET(DIR_INSTALL_LIB_DEBUG "lib/debug/${CMAKE_INSTALL_PREFIX}/${DIR_INSTALL_LIB}")
+		SET(DIR_INSTALL_LIBEXEC_DEBUG "lib/debug/${CMAKE_INSTALL_PREFIX}/${DIR_INSTALL_LIBEXEC}")
+	ENDIF(ENABLE_NIXOS)
 
 	# AppArmor profile directory
 	SET(DIR_INSTALL_APPARMOR "/etc/apparmor.d")

diff --git a/cmake/options.cmake b/cmake/options.cmake
@@ -100,7 +100,7 @@ ELSE()
 	SET(ENABLE_PCH OFF CACHE INTERNAL "Enable precompiled headers for faster builds." FORCE)
 ENDIF()
 
-# Link-time optimization.
+# Link-time optimization
 # FIXME: Not working in clang builds and Ubuntu's gcc...
 IF(MSVC)
 	SET(LTO_DEFAULT ON)
@@ -109,7 +109,7 @@ ELSE()
 ENDIF()
 OPTION(ENABLE_LTO "Enable link-time optimization in release builds." ${LTO_DEFAULT})
 
-# Split debug information into a separate file.
+# Split debug information into a separate file
 # FIXME: macOS `strip` shows an error:
 # error: symbols referenced by indirect symbol table entries that can't be stripped in: [library]
 # NOTE: Disabled on Emscripten because it's JavaScript/WebAssembly.
@@ -120,21 +120,21 @@ ELSE(APPLE)
 	OPTION(SPLIT_DEBUG "Split debug information into a separate file." ON)
 ENDIF(APPLE)
 
-# Install the split debug file.
+# Install the split debug file
 OPTION(INSTALL_DEBUG "Install the split debug files." ON)
 IF(INSTALL_DEBUG AND NOT SPLIT_DEBUG)
 	# Cannot install debug files if we're not splitting them.
 	SET(INSTALL_DEBUG OFF CACHE INTERNAL "Install the split debug files." FORCE)
 ENDIF(INSTALL_DEBUG AND NOT SPLIT_DEBUG)
 ENDIF(NOT EMSCRIPTEN)
 
-# Enable coverage checking. (gcc/clang only)
+# Enable coverage checking (gcc/clang only)
 OPTION(ENABLE_COVERAGE "Enable code coverage checking. (gcc/clang only)" OFF)
 IF(ENABLE_COVERAGE)
 	ADD_DEFINITIONS(-DGCOV)
 ENDIF(ENABLE_COVERAGE)
 
-# Enable NLS. (internationalization)
+# Enable NLS (internationalization)
 IF(NOT WIN32 OR NOT MSVC)
 	OPTION(ENABLE_NLS "Enable NLS using gettext for localized messages." ON)
 ELSEIF(MSVC AND _MSVC_C_ARCHITECTURE_FAMILY MATCHES "^([iI]?[xX3]86)|([xX]64)$")
@@ -143,13 +143,18 @@ ELSE()
 	SET(ENABLE_NLS OFF CACHE INTERNAL "Enable NLS using gettext for localized messages." FORCE)
 ENDIF()
 
-# Linux security options.
+# Linux security options
 IF(CMAKE_SYSTEM_NAME STREQUAL "Linux")
 	OPTION(INSTALL_APPARMOR "Install AppArmor profiles." ON)
 ELSE(CMAKE_SYSTEM_NAME STREQUAL "Linux")
 	SET(INSTALL_APPARMOR OFF)
 ENDIF(CMAKE_SYSTEM_NAME STREQUAL "Linux")
 
+# Special handling for NixOS
+IF(CMAKE_SYSTEM_NAME STREQUAL "Linux")
+	OPTION(ENABLE_NIXOS "Enable special handling for NixOS builds." OFF)
+ENDIF(CMAKE_SYSTEM_NAME STREQUAL "Linux")
+
 # Achievements. (TODO: "AUTO" option?)
 OPTION(ENABLE_ACHIEVEMENTS "Enable achievement pop-ups." ON)
 

diff --git a/src/librpsecure/config.librpsecure.h.in b/src/librpsecure/config.librpsecure.h.in
@@ -2,7 +2,7 @@
  * ROM Properties Page shell extension. (librpsecure)                      *
  * config.librpsecure.h.in: librpsecure configuration. (source file)       *
  *                                                                         *
- * Copyright (c) 2016-2023 by David Korth.                                 *
+ * Copyright (c) 2016-2024 by David Korth.                                 *
  * SPDX-License-Identifier: GPL-2.0-or-later                               *
  ***************************************************************************/
 
@@ -22,3 +22,6 @@
 
 /* Define to 1 to enable extra security functionality. */
 #cmakedefine ENABLE_EXTRA_SECURITY 1
+
+/* Define to 1 if building for NixOS. */
+#cmakedefine ENABLE_NIXOS 1
diff --git a/src/librpsecure/os-secure_linux.c b/src/librpsecure/os-secure_linux.c
@@ -2,7 +2,7 @@
  * ROM Properties Page shell extension. (librpsecure)                      *
  * os-secure_linux.c: OS security functions. (Linux)                       *
  *                                                                         *
- * Copyright (c) 2016-2023 by David Korth.                                 *
+ * Copyright (c) 2016-2024 by David Korth.                                 *
  * SPDX-License-Identifier: GPL-2.0-or-later                               *
  ***************************************************************************/
 
@@ -71,6 +71,11 @@ int rp_secure_enable(rp_secure_param_t param)
 		SCMP_SYS(read),
 		SCMP_SYS(rt_sigreturn),
 		SCMP_SYS(write),
+#ifdef ENABLE_NIXOS
+		// NixOS: std::locale ctor ends up calling getdents64().
+		// This doesn't happen on any other Linux system I know of...
+		SCMP_SYS(getdents64),
+#endif /* ENABLE_NIXOS */
 
 		SCMP_SYS(access),
 		SCMP_SYS(faccessat),	// Linux on aarch64 does not have an access() syscall

diff --git a/src/rp-stub/CMakeLists.txt b/src/rp-stub/CMakeLists.txt
@@ -38,8 +38,14 @@ INCLUDE(DirInstallPaths)
 
 # Create symlinks for rp-thumbnail and rp-config.
 # Reference: https://stackoverflow.com/questions/34578362/how-can-i-package-a-symlink-with-cpack
+IF(ENABLE_NIXOS)
+	# NixOS ends up with a double-path issue if CMAKE_INSTALL_PREFIX is specified here.
+	SET(SYMLINK_SRC "${DIR_INSTALL_EXE}/${PROJECT_NAME}")
+ELSE(ENABLE_NIXOS)
+	SET(SYMLINK_SRC "${CMAKE_INSTALL_PREFIX}/${DIR_INSTALL_EXE}/${PROJECT_NAME}")
+ENDIF(ENABLE_NIXOS)
 ADD_CUSTOM_COMMAND(TARGET ${PROJECT_NAME} POST_BUILD
-	COMMAND ln -sf "${CMAKE_INSTALL_PREFIX}/${DIR_INSTALL_EXE}/${PROJECT_NAME}" rp-thumbnail
+	COMMAND ln -sf "${SYMLINK_SRC}" rp-thumbnail
 	WORKING_DIRECTORY "${CMAKE_RUNTIME_OUTPUT_DIRECTORY}"
 	VERBATIM
 	)