-
-
Notifications
You must be signed in to change notification settings - Fork 12.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
swtpm: fix build on darwin #163569
swtpm: fix build on darwin #163569
Conversation
I fixed all failing tests. For some reason I didn't need to touch python at all. Here is the full diff, which could replace this PR: index 648165d8262..fae491d00db 100644
--- a/pkgs/tools/security/swtpm/default.nix
+++ b/pkgs/tools/security/swtpm/default.nix
@@ -37,14 +37,18 @@ stdenv.mkDerivation rec {
buildInputs = [
libtpms
- openssl libtasn1 libseccomp
- fuse glib json-glib
+ openssl libtasn1
+ glib json-glib
gnutls
+ ] ++ lib.optionals stdenv.isLinux [
+ fuse
+ libseccomp
];
configureFlags = [
- "--with-cuse"
"--localstatedir=/var"
+ ] ++ lib.optionals stdenv.isLinux [
+ "--with-cuse"
];
postPatch = ''
@@ -56,9 +60,31 @@ stdenv.mkDerivation rec {
# Use the correct path to the certtool binary
# instead of relying on it being in the environment
- substituteInPlace src/swtpm_localca/swtpm_localca.c --replace \
+ substituteInPlace src/swtpm_localca/swtpm_localca.c \
+ --replace \
+ '# define CERTTOOL_NAME "gnutls-certtool"' \
+ '# define CERTTOOL_NAME "${gnutls}/bin/certtool"' \
+ --replace \
'# define CERTTOOL_NAME "certtool"' \
'# define CERTTOOL_NAME "${gnutls}/bin/certtool"'
+
+ substituteInPlace tests/common --replace \
+ 'CERTTOOL=gnutls-certtool;;' \
+ 'CERTTOOL=certtool;;'
+
+ # Fix error on macOS:
+ # stat: invalid option -- '%'
+ # This is caused by the stat program not being the BSD version,
+ # as is expected by the test
+ substituteInPlace tests/common --replace \
+ 'if [[ "$(uname -s)" =~ (Linux|CYGWIN_NT-) ]]; then' \
+ 'if [[ "$(uname -s)" =~ (Linux|Darwin|CYGWIN_NT-) ]]; then'
+
+ # Otherwise certtool seems to pick up the system language on macOS,
+ # which might cause a test to fail
+ substituteInPlace tests/test_swtpm_setup_create_cert --replace \
+ '$CERTTOOL' \
+ 'LC_ALL=C.UTF-8 $CERTTOOL'
'';
doCheck = true; I did not test on Linux, please do. |
👍 |
@willcohen needed python because it's only provided if you run tests (which he disabled on macos). Since you're running tests, python is provided. I still believe it makes sense to bring python in |
Ok, then 👍 on moving python to |
Lovely. Will revise. Many thanks! |
Result of Edit: right, because of openssl. |
Result of 2 packages built:
|
@alyssais does this look good to merge? Not directly related to 9p for Darwin, but still useful for QEMU |
thanks to both of you! |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
This pull request has been mentioned on NixOS Discourse. There might be relevant details there: |
Thanks @SuperSandro2000! |
Description of changes
Fix build on darwin. Note that because netstat still uses
openssl-1.0.2u
on darwin, building this requiresNIXPKGS_ALLOW_INSECURE=1
. See #101229 and #150880.Things done
sandbox = true
set innix.conf
? (See Nix manual)nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD"
. Note: all changes have to be committed, also see nixpkgs-review usage./result/bin/
)nixos/doc/manual/md-to-db.sh
to update generated release notes