Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

dropbear: enable static build on musl #97376

Closed

Conversation

@golddranks
Copy link
Contributor

@golddranks golddranks commented Sep 7, 2020

Adds the --enable-static configuration flag that is required in
the case of static builds. Removes explicit mentions of glibc,
and uses generic stdenv.cc.libc. The static attribute of the
libc is passed only when it exists.

Motivation for this change

Dropbear currently doesn't build with musl & AArch64. It is
affected by this bug #97351,
but even bypassing that, the resulting build segfaults. I don't
know the exact reason for this, but I think that building with musl,
and passing only a partial set of the flags required for a working
static build, the end result not working was not a huge wonder.
I tested this change to work correctly on AArch64 and x86_64,
both with musl and glibc static build.

Things done
  • Tested using sandboxing (nix.useSandbox on NixOS, or option sandbox in nix.conf on non-NixOS linux)
  • Built on platform(s)
    • NixOS
    • macOS
    • other Linux distributions
  • Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
  • Tested compilation of all pkgs that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review wip"
  • Tested execution of all binary files (usually in ./result/bin/)
  • Determined the impact on package closure size (by running nix path-info -S before and after)
  • Ensured that relevant documentation is up to date
  • Fits CONTRIBUTING.md.
@golddranks
Copy link
Contributor Author

@golddranks golddranks commented Sep 7, 2020

Huge thanks for @tomberek for the help!

@KAction
Copy link
Contributor

@KAction KAction commented Sep 7, 2020

What exactly command failed without your patch?

nix build .#pkgsStatic.dropbear

builds fine for me both on master and on checkout of your pull request, so I
don't understand difference.

@tomberek
Copy link
Contributor

@tomberek tomberek commented Sep 8, 2020

The problem happens specifically on Aarch64.

Adds the --enable-static configuration flag that is required in
the case of static builds. Removes explicit mentions of glibc,
and uses generic `stdenv.cc.libc`. The static attribute of the
libc is passed only when it exists.
@golddranks golddranks force-pushed the golddranks:fix/dropbear_enable_static_musl branch from ccc306d to 977cd6f Sep 8, 2020
@golddranks
Copy link
Contributor Author

@golddranks golddranks commented Sep 8, 2020

It seems that I was operating under the false belief that pkgsMusl was supposed to produce statically linked builds. It seems that it's supposed to produce dynamically linked musl builds, whereas pkgsStatic is supposed to produce statically linked musl builds.

However, the segfaults on AArch64 were real. I'll try and reproduce them once more.

@golddranks
Copy link
Contributor Author

@golddranks golddranks commented Sep 8, 2020

There seems to be two things weird about the dropbear builds:

  1. On AArch64, pkgsMusl build result segfaults. Because of my earlier misunderstanding, I thought that this was a problem with static builds, but it seems to be a problem with dynamically linking musl.
  2. On every platform, pkgsStatic.dropbear has two zlib dependencies although it should be stand-alone:
$ nix-store -qR /nix/store/k045f3c3150awvszinpzqs0wp3q723fa-dropbear-2020.80-x86_64-unknown-linux-musl
/nix/store/pq3ii5xns1zs8lvr0276ybgqxv5r9zvy-zlib-1.2.11-x86_64-unknown-linux-musl
/nix/store/mnzfxzbwww1f2xshcg3vlx59zwc08343-zlib-1.2.11-x86_64-unknown-linux-musl-dev
/nix/store/k045f3c3150awvszinpzqs0wp3q723fa-dropbear-2020.80-x86_64-unknown-linux-musl

I need to re-evaluate whether these changes actually help with the problems, or am I imagining things.

@golddranks
Copy link
Contributor Author

@golddranks golddranks commented Sep 8, 2020

The second one seems to be caused by this: #83667

@golddranks
Copy link
Contributor Author

@golddranks golddranks commented Sep 9, 2020

I'll close this one, as the assumptions behind how it should work were wrong to begin with.

@golddranks golddranks closed this Sep 9, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked issues

Successfully merging this pull request may close these issues.

None yet

3 participants
You can’t perform that action at this time.