Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

darwin: fix Libsystem compatibility for macOS 10.14 #43140

Merged
merged 3 commits into from Aug 14, 2018
Merged

darwin: fix Libsystem compatibility for macOS 10.14 #43140

merged 3 commits into from Aug 14, 2018

Conversation

LnL7
Copy link
Member

@LnL7 LnL7 commented Jul 7, 2018

Motivation for this change

Similar to coretls, libsystem_networking.dylib has been removed in 10.14 so we shouldn't reexport it. Our current bootstrap tarball still references it but that's not a problem in most cases (currently doesn't work 10.13 either) and the changes are already in place to build a new one that will.

Also updated stdenvBootstrapTools.unpack since that's what is tested on hydra.

@copumpkin Why do we reconstruct libSystem.B.dylib after unpacking instead of including it in the tarball?

Things done
  • Tested using sandboxing (nix.useSandbox on NixOS, or option sandbox in nix.conf on non-NixOS)
  • Built on platform(s)
    • NixOS
    • macOS
    • other Linux distributions
  • Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
  • Tested compilation of all pkgs that depend on this change using nix-shell -p nox --run "nox-review wip"
  • Tested execution of all binary files (usually in ./result/bin/)
    • stdenv
    • bootstrap tools
  • Determined the impact on package closure size (by running nix path-info -S before and after)
  • Fits CONTRIBUTING.md.

@LnL7 LnL7 added the 9.needs: port to stable A PR needs a backport to the stable release. label Jul 7, 2018
@LnL7 LnL7 requested a review from copumpkin July 7, 2018 10:05
@matthewbauer
Copy link
Member

@LnL7 Unless there is any serious issue, I would strongly suggest merging this into staging ASAP. It can take up to a week to merge staging & it is definitely possible that Apple release macOS Mojave very soon.

@LnL7
Copy link
Member Author

LnL7 commented Jul 27, 2018

Another issue was mentioned for more recent betas, I don't thinks this is ready yet.

@kirelagin
Copy link
Member

I don’t think there were any issues with more recent betas compared to the first one. What are you referring to specifically? I’ve been using a branch with this throughout all the betas up to the current one (fourth).

@LnL7
Copy link
Member Author

LnL7 commented Aug 8, 2018
edited

@GrahamcOfBorg build stdenv

@GrahamcOfBorg
Copy link

Failure on aarch64-linux (full log)

Attempted: stdenv

Partial log (click to expand)

cannot build derivation '/nix/store/r8bf63l8pmlk3g2zpykz686amdvnsckl-binutils-wrapper-2.30.drv': 4 dependencies couldn't be built
cannot build derivation '/nix/store/dlx8s2bigxfn5dvvh4xxcr6l6ny9iwpc-diffutils-3.6.drv': 3 dependencies couldn't be built
cannot build derivation '/nix/store/ik355xisz4czp29lzplfwg262r21r9ng-ed-1.14.2.drv': 2 dependencies couldn't be built
cannot build derivation '/nix/store/bfkcjhfk08jq33283n2zk72ld78fkppc-findutils-4.6.0.drv': 2 dependencies couldn't be built
cannot build derivation '/nix/store/gz86cspcdi8zm02hbjcg8154v94cayci-libtool-2.4.6.drv': 2 dependencies couldn't be built
cannot build derivation '/nix/store/2ibgx3fdckqa4k2yhi5v1s8rx1h8l0jp-gcc-wrapper-7.3.0.drv': 5 dependencies couldn't be built
cannot build derivation '/nix/store/5xy8xbqc5x3pb5di30cnvgip8h39wcqg-hook.drv': 3 dependencies couldn't be built
cannot build derivation '/nix/store/2sdfyrjyv72gkkdvvzsbi8a7mjja94sn-patch-2.7.6.drv': 3 dependencies couldn't be built
cannot build derivation '/nix/store/4q4lm6425mzlckhd3glcy968wbcr233i-stdenv-linux.drv': 26 dependencies couldn't be built
error: build of '/nix/store/4q4lm6425mzlckhd3glcy968wbcr233i-stdenv-linux.drv' failed

@GrahamcOfBorg
Copy link

Failure on x86_64-darwin (full log)

Attempted: stdenv

Partial log (click to expand)

cannot build derivation '/nix/store/736ipzmq75hvl9kbpk5a8bhdycf07hj6-cctools-port-895.drv': 7 dependencies couldn't be built
cannot build derivation '/nix/store/6r2855c2xzm9kpwrjglkaj7abfhfx4rd-hook.drv': 6 dependencies couldn't be built
cannot build derivation '/nix/store/vlq5bg91gmrkx8ixv08lran73221swzz-ICU-osx-10.10.5.drv': 3 dependencies couldn't be built
cannot build derivation '/nix/store/rmpwd2kgjj5kncdrr9vx29s7c97wmn5i-cctools-binutils-darwin.drv': 4 dependencies couldn't be built
cannot build derivation '/nix/store/0zb5fv29g2xgrw16gd0vq1hbdrinnppm-gnutar-1.30.drv': 3 dependencies couldn't be built
cannot build derivation '/nix/store/rqm51d6xvzbkz5dnv647dwbsl9yvgsfm-CF-osx-10.10.5.drv': 7 dependencies couldn't be built
cannot build derivation '/nix/store/03906kad6d6dvr8103rr1m3rvngis1i2-cctools-binutils-darwin-wrapper.drv': 7 dependencies couldn't be built
cannot build derivation '/nix/store/7xfwp6zh0q5cjvq4zvh1ax131dzf2sj4-clang-wrapper-5.0.2.drv': 11 dependencies couldn't be built
cannot build derivation '/nix/store/9wszbnfybg7s9cg5pw08pv336hby0apy-stdenv-darwin.drv': 36 dependencies couldn't be built
error: build of '/nix/store/9wszbnfybg7s9cg5pw08pv336hby0apy-stdenv-darwin.drv' failed

@GrahamcOfBorg
Copy link

Timed out, unknown build status on x86_64-linux (full log)

Attempted: stdenv

Partial log (click to expand)

cannot build derivation '/nix/store/w11inn5hhnpj4dhrlni4vclshiba3x45-binutils-wrapper-2.30.drv': 4 dependencies couldn't be built
cannot build derivation '/nix/store/rj7n9187xy95g6sy6qn1lzs0fw2dj3bs-diffutils-3.6.drv': 3 dependencies couldn't be built
cannot build derivation '/nix/store/y1p9hi8z2mw54m1107p7k4qprf0skspl-ed-1.14.2.drv': 2 dependencies couldn't be built
cannot build derivation '/nix/store/v3bs2bvzlr389iji0nbxily2ajyvh1bv-findutils-4.6.0.drv': 2 dependencies couldn't be built
cannot build derivation '/nix/store/8rw4xnd8qjbar84p3fdknv7b786g3glz-libtool-2.4.6.drv': 2 dependencies couldn't be built
cannot build derivation '/nix/store/bwkhnbk5qr2pxdwr10klr345m03b3dfi-gcc-wrapper-7.3.0.drv': 5 dependencies couldn't be built
cannot build derivation '/nix/store/ycc73vnyckly3yz5szk527p7l9vn0g4g-hook.drv': 3 dependencies couldn't be built
cannot build derivation '/nix/store/xiphwmh6pyasbpn862hl8yiqvxsd119m-patch-2.7.6.drv': 3 dependencies couldn't be built
cannot build derivation '/nix/store/gf7bv4d4pygwmgg4f27fmfdlimcn0ha3-stdenv-linux.drv': 24 dependencies couldn't be built
error: build of '/nix/store/gf7bv4d4pygwmgg4f27fmfdlimcn0ha3-stdenv-linux.drv' failed

@GrahamcOfBorg
Copy link

Failure on aarch64-linux (full log)

Attempted: stdenv

Partial log (click to expand)

cannot build derivation '/nix/store/r8bf63l8pmlk3g2zpykz686amdvnsckl-binutils-wrapper-2.30.drv': 4 dependencies couldn't be built
cannot build derivation '/nix/store/dlx8s2bigxfn5dvvh4xxcr6l6ny9iwpc-diffutils-3.6.drv': 3 dependencies couldn't be built
cannot build derivation '/nix/store/ik355xisz4czp29lzplfwg262r21r9ng-ed-1.14.2.drv': 2 dependencies couldn't be built
cannot build derivation '/nix/store/bfkcjhfk08jq33283n2zk72ld78fkppc-findutils-4.6.0.drv': 2 dependencies couldn't be built
cannot build derivation '/nix/store/gz86cspcdi8zm02hbjcg8154v94cayci-libtool-2.4.6.drv': 2 dependencies couldn't be built
cannot build derivation '/nix/store/2ibgx3fdckqa4k2yhi5v1s8rx1h8l0jp-gcc-wrapper-7.3.0.drv': 5 dependencies couldn't be built
cannot build derivation '/nix/store/5xy8xbqc5x3pb5di30cnvgip8h39wcqg-hook.drv': 3 dependencies couldn't be built
cannot build derivation '/nix/store/2sdfyrjyv72gkkdvvzsbi8a7mjja94sn-patch-2.7.6.drv': 3 dependencies couldn't be built
cannot build derivation '/nix/store/4q4lm6425mzlckhd3glcy968wbcr233i-stdenv-linux.drv': 26 dependencies couldn't be built
error: build of '/nix/store/4q4lm6425mzlckhd3glcy968wbcr233i-stdenv-linux.drv' failed

@GrahamcOfBorg
Copy link

Timed out, unknown build status on x86_64-darwin (full log)

Attempted: stdenv

Partial log (click to expand)

Scanning dependencies of target LLVMGlobalISel
[ 18%] Building CXX object lib/CodeGen/GlobalISel/CMakeFiles/LLVMGlobalISel.dir/CallLowering.cpp.o
[ 18%] Building CXX object lib/CodeGen/GlobalISel/CMakeFiles/LLVMGlobalISel.dir/IRTranslator.cpp.o
[ 18%] Building CXX object lib/CodeGen/GlobalISel/CMakeFiles/LLVMGlobalISel.dir/InstructionSelect.cpp.o
building of '/nix/store/9y0adcgmk53xfmxs936x5wd694f80dj7-llvm-5.0.2.drv' timed out after 1200 seconds
cannot build derivation '/nix/store/3n2l2a541fwmbbl8gxnaqfxa8zd784rf-clang-5.0.2.drv': 1 dependencies couldn't be built
cannot build derivation '/nix/store/s8819pnh3bia3hj243p6ixmn80gcsbwc-compiler-rt-5.0.2.drv': 1 dependencies couldn't be built
cannot build derivation '/nix/store/7xfwp6zh0q5cjvq4zvh1ax131dzf2sj4-clang-wrapper-5.0.2.drv': 2 dependencies couldn't be built
cannot build derivation '/nix/store/9wszbnfybg7s9cg5pw08pv336hby0apy-stdenv-darwin.drv': 4 dependencies couldn't be built
error: build of '/nix/store/9wszbnfybg7s9cg5pw08pv336hby0apy-stdenv-darwin.drv' failed

@GrahamcOfBorg
Copy link

Timed out, unknown build status on x86_64-linux (full log)

Attempted: stdenv

Partial log (click to expand)

cannot build derivation '/nix/store/w11inn5hhnpj4dhrlni4vclshiba3x45-binutils-wrapper-2.30.drv': 4 dependencies couldn't be built
cannot build derivation '/nix/store/rj7n9187xy95g6sy6qn1lzs0fw2dj3bs-diffutils-3.6.drv': 3 dependencies couldn't be built
cannot build derivation '/nix/store/y1p9hi8z2mw54m1107p7k4qprf0skspl-ed-1.14.2.drv': 2 dependencies couldn't be built
cannot build derivation '/nix/store/v3bs2bvzlr389iji0nbxily2ajyvh1bv-findutils-4.6.0.drv': 2 dependencies couldn't be built
cannot build derivation '/nix/store/8rw4xnd8qjbar84p3fdknv7b786g3glz-libtool-2.4.6.drv': 2 dependencies couldn't be built
cannot build derivation '/nix/store/bwkhnbk5qr2pxdwr10klr345m03b3dfi-gcc-wrapper-7.3.0.drv': 5 dependencies couldn't be built
cannot build derivation '/nix/store/ycc73vnyckly3yz5szk527p7l9vn0g4g-hook.drv': 3 dependencies couldn't be built
cannot build derivation '/nix/store/xiphwmh6pyasbpn862hl8yiqvxsd119m-patch-2.7.6.drv': 3 dependencies couldn't be built
cannot build derivation '/nix/store/gf7bv4d4pygwmgg4f27fmfdlimcn0ha3-stdenv-linux.drv': 24 dependencies couldn't be built
error: build of '/nix/store/gf7bv4d4pygwmgg4f27fmfdlimcn0ha3-stdenv-linux.drv' failed

copumpkin
copumpkin approved these changes Aug 9, 2018
View reviewed changes
Copy link
Member

@copumpkin copumpkin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good, thanks! I haven't tried building it though and it seems like borg is having trouble 😦

@LnL7
Copy link
Member Author

LnL7 commented Aug 9, 2018

I downloaded the latest beta and will try to test this properly during the weekend.

@copumpkin The ofborg builds where intentional, I was testing the new 'Timed out' detection. 😄

@kirelagin
Copy link
Member

I am still getting

HandshakeFailed (Error_Protocol ("certificate has unknown CA",True,UnknownCa))

when trying to setup a TLS connection from Haskell code and right before it I see this:

dyld: Symbol not found: ___CFObjCIsCollectable
  Referenced from: /nix/store/wkqjqwyfi1nn2hg9k0as03lpcmalqxzj-libsecurity_utilities-osx-10.7.5/lib/libsecurity_utilities.0.dylib
  Expected in: /System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation
 in /nix/store/wkqjqwyfi1nn2hg9k0as03lpcmalqxzj-libsecurity_utilities-osx-10.7.5/lib/libsecurity_utilities.0.dylib

I am not sure if it is related to Mojave to be honest, i.e. I have a vague memory of having some TLS-related issues even on High Sierra.

@matthewbauer
Copy link
Member

matthewbauer commented Aug 10, 2018
edited

Do you have an example program? I think I made a few changes to libsecurity recently that hopefully are not causing that issue. I can verify if it is an issue in High Sierra.

It's possible we have too old of a libsecurity. We can try to update it.

@kirelagin
Copy link
Member

kirelagin commented Aug 11, 2018
edited

I had this issue with http-client but for simplicity here is a program using req:

{-# LANGUAGE OverloadedStrings #-}

import Control.Monad
import Data.Default.Class
import Network.HTTP.Req

main :: IO ()
main = runReq def $
  void $ req GET (https "api.github.com" /: "meta") NoReqBody ignoreResponse mempty
› nix-shell -p 'haskellPackages.ghcWithPackages (hp: [ hp.req ])' --run 'runhaskell Main.hs'
dyld: Symbol not found: ___CFObjCIsCollectable
  Referenced from: /nix/store/wkqjqwyfi1nn2hg9k0as03lpcmalqxzj-libsecurity_utilities-osx-10.7.5/lib/libsecurity_utilities.0.dylib
  Expected in: /System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation
 in /nix/store/wkqjqwyfi1nn2hg9k0as03lpcmalqxzj-libsecurity_utilities-osx-10.7.5/lib/libsecurity_utilities.0.dylib
Main.hs: VanillaHttpException (HttpExceptionRequest Request {
  host                 = "api.github.com"
  port                 = 443
  secure               = True
  requestHeaders       = []
  path                 = "/meta"
  queryString          = ""
  method               = "GET"
  proxy                = Nothing
  rawBody              = False
  redirectCount        = 10
  responseTimeout      = ResponseTimeoutDefault
  requestVersion       = HTTP/1.1
}
 (InternalException (HandshakeFailed (Error_Protocol ("certificate has unknown CA",True,UnknownCa)))))

The expected response is a 403 because User-Agent is not set:

$ nix-shell -p 'haskellPackages.ghcWithPackages (hp: [ hp.req ])' --run 'runhaskell Main.hs'
Main.hs: VanillaHttpException (HttpExceptionRequest Request {
  host                 = "api.github.com"
  port                 = 443
  secure               = True
  requestHeaders       = []
  path                 = "/meta"
  queryString          = ""
  method               = "GET"
  proxy                = Nothing
  rawBody              = False
  redirectCount        = 10
  responseTimeout      = ResponseTimeoutDefault
  requestVersion       = HTTP/1.1
}
 (StatusCodeException (Response {responseStatus = Status {statusCode = 403, statusMessage = "Forbidden"}, responseVersion = HTTP/1.0, responseHeaders = [("Cache-Control","no-cache"),("Connection","close"),("Content-Type","text/html")], responseBody = (), responseCookieJar = CJ {expose = []}, responseClose' = ResponseClose}) "Request forbidden by administrative rules. Please make sure your request has a User-Agent header (http://developer.github.com/v3/#user-agent-required). Check https://developer.github.com for other possible causes.\n"))

@LnL7
Libsystem: remove version symbols
54f901d 
These no longer exist on 10.14

Fixes NixOS#42719
@lukateras
Copy link
Member

@LnL7 Can this be merged into staging as is? This seems to be a major improvement over current Nixpkgs situation on macOS Mojave.

@LnL7
Copy link
Member Author

LnL7 commented Aug 14, 2018

I'm still running some builds, but my plan is to merge this once those are finished.

@LnL7
Copy link
Member Author

LnL7 commented Aug 14, 2018

This should be ready for staging now, but I'll wait with the backport until we have some results for that in case there are some side-effects.

@kirelagin Feel free to open a separate issue for that libsecurity/CF problem, looks like that's probably something separate.

@LnL7 LnL7 merged commit ea1542e into NixOS:staging Aug 14, 2018
@LnL7 LnL7 deleted the macos-10.14 branch August 14, 2018 21:02
@kirelagin kirelagin mentioned this pull request Aug 14, 2018
Closed
@copumpkin
Copy link
Member

Yay! thanks 😄

@LnL7 LnL7 mentioned this pull request Aug 21, 2018
Merged
9 tasks
@domenkozar domenkozar mentioned this pull request Sep 27, 2018
Closed
@domenkozar
Copy link
Member

@kirelagin did you manage to resolve your issue? macOS user is reporting the same issue using latest nixpkgs master: cachix/cachix#134 (comment)

@domenkozar
Copy link
Member

Aha seems like it's still broken: #45042

@matthewbauer matthewbauer mentioned this pull request Sep 27, 2018
Closed
@matthewbauer
Copy link
Member

@domenkozar That's a little bit of a different issue that effects only things using darwin.Security. I think it might be time to just use the impure darwin.apple_sdk.frameworks.Security. It's unfortunate because it's using Apple-built stuff but I think it would lead to less issues like this.

@samueldr samueldr removed the 9.needs: port to stable A PR needs a backport to the stable release. label Apr 17, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@copumpkin copumpkin copumpkin approved these changes

@matthewbauer matthewbauer matthewbauer approved these changes

Assignees
No one assigned
Labels
6.topic: darwin Running or building packages on Darwin 6.topic: stdenv Standard environment 10.rebuild-darwin: 501+ 10.rebuild-darwin-stdenv 10.rebuild-linux: 0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
8 participants
@LnL7 @matthewbauer @kirelagin @GrahamcOfBorg @lukateras @copumpkin @domenkozar @samueldr