New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
darwin: fix Libsystem compatibility for macOS 10.14 #43140
Conversation
@LnL7 Unless there is any serious issue, I would strongly suggest merging this into staging ASAP. It can take up to a week to merge staging & it is definitely possible that Apple release macOS Mojave very soon. |
Another issue was mentioned for more recent betas, I don't thinks this is ready yet. |
I don’t think there were any issues with more recent betas compared to the first one. What are you referring to specifically? I’ve been using a branch with this throughout all the betas up to the current one (fourth). |
@GrahamcOfBorg build stdenv |
Failure on aarch64-linux (full log) Attempted: stdenv Partial log (click to expand)
|
Failure on x86_64-darwin (full log) Attempted: stdenv Partial log (click to expand)
|
Timed out, unknown build status on x86_64-linux (full log) Attempted: stdenv Partial log (click to expand)
|
Failure on aarch64-linux (full log) Attempted: stdenv Partial log (click to expand)
|
Timed out, unknown build status on x86_64-darwin (full log) Attempted: stdenv Partial log (click to expand)
|
Timed out, unknown build status on x86_64-linux (full log) Attempted: stdenv Partial log (click to expand)
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good, thanks! I haven't tried building it though and it seems like borg is having trouble 😦
I downloaded the latest beta and will try to test this properly during the weekend. @copumpkin The ofborg builds where intentional, I was testing the new 'Timed out' detection. 😄 |
I am still getting
when trying to setup a TLS connection from Haskell code and right before it I see this:
I am not sure if it is related to Mojave to be honest, i.e. I have a vague memory of having some TLS-related issues even on High Sierra. |
Do you have an example program? I think I made a few changes to libsecurity recently that hopefully are not causing that issue. I can verify if it is an issue in High Sierra. It's possible we have too old of a libsecurity. We can try to update it. |
I had this issue with {-# LANGUAGE OverloadedStrings #-}
import Control.Monad
import Data.Default.Class
import Network.HTTP.Req
main :: IO ()
main = runReq def $
void $ req GET (https "api.github.com" /: "meta") NoReqBody ignoreResponse mempty
The expected response is a 403 because
|
These no longer exist on 10.14 Fixes NixOS#42719
@LnL7 Can this be merged into staging as is? This seems to be a major improvement over current Nixpkgs situation on macOS Mojave. |
I'm still running some builds, but my plan is to merge this once those are finished. |
This should be ready for staging now, but I'll wait with the backport until we have some results for that in case there are some side-effects. @kirelagin Feel free to open a separate issue for that libsecurity/CF problem, looks like that's probably something separate. |
Yay! thanks 😄 |
@kirelagin did you manage to resolve your issue? macOS user is reporting the same issue using latest nixpkgs master: cachix/cachix#134 (comment) |
Aha seems like it's still broken: #45042 |
@domenkozar That's a little bit of a different issue that effects only things using darwin.Security. I think it might be time to just use the impure darwin.apple_sdk.frameworks.Security. It's unfortunate because it's using Apple-built stuff but I think it would lead to less issues like this. |
Motivation for this change
Similar to coretls, libsystem_networking.dylib has been removed in 10.14 so we shouldn't reexport it. Our current bootstrap tarball still references it but that's not a problem in most cases (currently doesn't work 10.13 either) and the changes are already in place to build a new one that will.
Also updated stdenvBootstrapTools.unpack since that's what is tested on hydra.
@copumpkin Why do we reconstruct
libSystem.B.dylib
after unpacking instead of including it in the tarball?Things done
sandbox
innix.conf
on non-NixOS)nix-shell -p nox --run "nox-review wip"
./result/bin/
)nix path-info -S
before and after)