graphene-hardened-malloc: migrate to by-name, build light variant

[surfaceflinger]

Description of changes

Also added it to the malloc module :p

Things done

• Built on platform(s)
  • x86_64-linux
  • aarch64-linux
  • x86_64-darwin
  • aarch64-darwin
• For non-Linux: Is sandboxing enabled in nix.conf? (See Nix manual)
  • sandbox = relaxed
  • sandbox = true
• Tested, as applicable:
  • NixOS test(s) (look inside nixos/tests)
  • and/or package tests
  • or, for functions and "core" functionality, tests in lib/tests or pkgs/test
  • made sure NixOS tests are linked to the relevant packages
• Tested compilation of all packages that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage
• Tested basic functionality of all binary files (usually in ./result/bin/)
• 23.11 Release Notes (or backporting 23.05 Release notes)
  • (Package updates) Added a release notes entry if the change is major or breaking
  • (Module updates) Added a release notes entry if the change is significant
  • (Module addition) Added a release notes entry if adding a new NixOS module
• Fits CONTRIBUTING.md.

[risicle]

Got to say I'm very much not a fan of the "by-name" layout.

[Kranzes]

Got to say I'm very much not a fan of the "by-name" layout.

Well there was an RFC for it for a reason..

[surfaceflinger]

@risicle what do you want done then? The end goal is apparently having as many packages as possible in by-name...

[risicle]

Well there was an RFC for it for a reason..

An RFC doesn't (and cannot) produce unanimity.

But I can't stand in the way of the great scattering myself, so do as you like.

[Kranzes]

My point is that at the moment we don't have a policy in-place so it is up to yo,u but it seems like in the near future everything will be moved to by-name so your decision won't be that relevant longer term.

[nixos-discourse]

This pull request has been mentioned on NixOS Discourse. There might be relevant details there:

https://discourse.nixos.org/t/prs-already-reviewed/2617/1245

[SuperSandro2000]

Please use makeTargets instead

[surfaceflinger]

From my tinkering, looks like both makeTargets and makeFlags won't work with how hardened_malloc's Makefile handles VARIANT.

From what I experimented with, we have 2 variants left:

• let mkMalloc = variant: stdenv.mkDerivation {}; in { graphene-hardened-malloc = mkMalloc "default"; graphene-hardened-malloc-light = mkMalloc "light"; }
  but this will create graphene-hardened-malloc.default and graphene-hardened-malloc.light + I don't like how these let blabla = stdenv.mkDerivation in look 🙄
• we can introduce an overridable variant attribute like mimalloc package and then override it in the module.

[surfaceflinger]

Rebased, rewrote descriptions. (more like pasted them from readme)

Also bumped the package from branch 12 to tag 2024040900 as upstream is using these tags to mark production-ready releases.

Regarding overriding buildPhase - I can't really think of anything better when it comes to how the upstream Makefile works, personally I would prefer to leave it as it is here unless someone has a better idea.

[pbsds]

Result of nixpkgs-review pr 266540 run on x86_64-linux 1

2 packages blacklisted:

• nixos-install-tools
• tests.nixos-functions.nixos-test

2 packages built:

• graphene-hardened-malloc
• graphene-hardened-malloc.debug