New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
WIP p11-kit: use meson #73341
WIP p11-kit: use meson #73341
Conversation
|
||
configureFlags = [ | ||
"--sysconfdir=/etc" | ||
"--localstatedir=/var" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
there does not appear to be a meson option for this one
While I like using meson, I have one worry though with these migrations. Because meson is needed it pushes the requirement on Python and packages such as setuptools increasingly lower in our dependency tree. |
"--without-trust-paths" | ||
mesonFlags = [ | ||
"-Dsystem_config=${placeholder "out"}/etc" | ||
"-Dsystemd=disabled" | ||
]; # TODO: store trust anchors in a directory common to Nix and NixOS | ||
|
||
enableParallelBuilding = true; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This can be removed. Meson builds in parallel by default.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
So can installFlags
. ninja install
does not allow overriding variables.
@@ -16,17 +16,12 @@ stdenv.mkDerivation rec { | |||
outputs = [ "out" "dev"]; | |||
outputBin = "dev"; | |||
|
|||
nativeBuildInputs = [ autoreconfHook pkgconfig which ]; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is which used by the build? Meson’s find_program
should not need it.
configureFlags = [ | ||
"--sysconfdir=/etc" | ||
"--localstatedir=/var" | ||
"--without-trust-paths" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is this option no longer necessary with Meson?
@@ -16,17 +16,12 @@ stdenv.mkDerivation rec { | |||
outputs = [ "out" "dev"]; | |||
outputBin = "dev"; | |||
|
|||
nativeBuildInputs = [ autoreconfHook pkgconfig which ]; | |||
nativeBuildInputs = [ meson pkgconfig which ninja ]; | |||
buildInputs = [ gettext libffi libiconv libtasn1 ]; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do we need gettext at run time, or should this go to nativeBuildInputs
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Conveniently there's info about gettext at https://p11-glue.github.io/p11-glue/p11-kit/manual/devel-building.html#devel-building-unix
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Oh, then it should actually be libintl
.
"--localstatedir=/var" | ||
"--without-trust-paths" | ||
mesonFlags = [ | ||
"-Dsystem_config=${placeholder "out"}/etc" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This should probably be
"-Dsystem_config=${placeholder "out"}/etc" | |
"-Dsystem_config=${placeholder "out"}/etc/pkcs11" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
No matter what, we will need to patch https://github.com/p11-glue/p11-kit/blob/17b2edb1354c5d5080172af45ce55408c5e51d59/p11-kit/meson.build#L27-L28 to /etc/…
, or (probably better) drop -Dsystem_config
and patch https://github.com/p11-glue/p11-kit/blob/17b2edb1354c5d5080172af45ce55408c5e51d59/p11-kit/meson.build#L320 to $out/etc
.
Also there might be the problem with --- /nix/store/l22ix8k31ciwj7pq3y4pif9bikw2wvxb-p11-kit-0.23.16.1-dev/lib/pkgconfig/p11-kit-1.pc
+++ /nix/store/ava1pzrv96lghd6xg2xy2wsynrj3fc4l-p11-kit-0.23.18.1-dev/lib/pkgconfig/p11-kit-1.pc
@@ -1,23 +1,14 @@
-prefix=/nix/store/s3i35d5fyssal0h6v6p9ljvcx0q6ky3q-p11-kit-0.23.16.1
-exec_prefix=${prefix}
-libdir=/nix/store/s3i35d5fyssal0h6v6p9ljvcx0q6ky3q-p11-kit-0.23.16.1/lib
-includedir=/nix/store/l22ix8k31ciwj7pq3y4pif9bikw2wvxb-p11-kit-0.23.16.1-dev/include
-datarootdir=${prefix}/share
-datadir=${datarootdir}
-pkgdatadir=${datarootdir}/p11-kit
-sysconfdir=/etc
-p11_module_configs=${pkgdatadir}/modules
-p11_module_path=/nix/store/s3i35d5fyssal0h6v6p9ljvcx0q6ky3q-p11-kit-0.23.16.1/lib/pkcs11
-p11_trust_paths=
-proxy_module=/nix/store/s3i35d5fyssal0h6v6p9ljvcx0q6ky3q-p11-kit-0.23.16.1/lib/p11-kit-proxy.so
+prefix=/nix/store/b5d8cv4v688jp7lgnkjl6n81475va3vn-p11-kit-0.23.18.1
+libdir=${prefix}/lib
+includedir=/nix/store/ava1pzrv96lghd6xg2xy2wsynrj3fc4l-p11-kit-0.23.18.1-dev/include
-# This is for compatibility. Other packages were using this to determine
-# the directory they should install their module configs to, so override
-# this and redirect them to the new location
-p11_system_config_modules=${pkgdatadir}/modules
+p11_module_configs=/nix/store/b5d8cv4v688jp7lgnkjl6n81475va3vn-p11-kit-0.23.18.1/share/p11-kit/modules
+p11_module_path=/nix/store/b5d8cv4v688jp7lgnkjl6n81475va3vn-p11-kit-0.23.18.1/lib/pkcs11
+proxy_module=/nix/store/b5d8cv4v688jp7lgnkjl6n81475va3vn-p11-kit-0.23.18.1/lib/p11-kit-proxy.so
+p11_system_config_modules=/nix/store/b5d8cv4v688jp7lgnkjl6n81475va3vn-p11-kit-0.23.18.1/share/p11-kit/modules
Name: p11-kit
Description: Library and proxy module for properly loading and sharing PKCS#11 modules.
-Version: 0.23.16
+Version: 0.23.18
Libs: -L${libdir} -lp11-kit
Cflags: -I${includedir}/p11-kit-1 |
Building with meson is not upstream default or recommendation for this package. |
It just seems it isn't documented. And we gain meson 😄 I think there's quite a few meson nerds in NixOS that go to great lengths to make the ports very successful. |
Yeah, they seem to be very hardcoded. Maybe we can send them a patch so it's compatible with us. |
Hello, I'm a bot and I thank you in the name of the community for your contributions. Nixpkgs is a busy repository, and unfortunately sometimes PRs get left behind for too long. Nevertheless, we'd like to help committers reach the PRs that are still important. This PR has had no activity for 180 days, and so I marked it as stale, but you can rest assured it will never be closed by a non-human. If this is still important to you and you'd like to remove the stale label, we ask that you leave a comment. Your comment can be as simple as "still important to me". But there's a bit more you can do: If you received an approval by an unprivileged maintainer and you are just waiting for a merge, you can @ mention someone with merge permissions and ask them to help. You might be able to find someone relevant by using Git blame on the relevant files, or via GitHub's web interface. You can see if someone's a member of the nixpkgs-committers team, by hovering with the mouse over their username on the web interface, or by searching them directly on the list. If your PR wasn't reviewed at all, it might help to find someone who's perhaps a user of the package or module you are changing, or alternatively, ask once more for a review by the maintainer of the package/module this is about. If you don't know any, you can use Git blame on the relevant files, or GitHub's web interface to find someone who touched the relevant files in the past. If your PR has had reviews and nevertheless got stale, make sure you've responded to all of the reviewer's requests / questions. Usually when PR authors show responsibility and dedication, reviewers (privileged or not) show dedication as well. If you've pushed a change, it's possible the reviewer wasn't notified about your push via email, so you can always officially request them for a review, or just @ mention them and say you've addressed their comments. Lastly, you can always ask for help at our Discourse Forum, or more specifically, at this thread or at #nixos' IRC channel. |
I marked this as stale due to inactivity. → More info |
Motivation for this change
Things done
sandbox
innix.conf
on non-NixOS linux)nix-shell -p nix-review --run "nix-review wip"
./result/bin/
)nix path-info -S
before and after)Notify maintainers
cc @