New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
libxml2 and libxslt: build against python3 by default #63174
Conversation
cc @NixOS/darwin-maintainers. Should we use Python 3 for the bootstrapping Python or is that orthogonal to this issue? |
Changing the default may cause breakage, however, users should have already switched to `pythonPackages.libxml2` long ago.
Changing the default may cause breakage, however, users should have already switched to `pythonPackages.libxslt` long ago.
Per http://itstool.org/download.html , itstool doesn't support python3 until version 2.0.3 (and perhaps doesn't support it correctly until 2.0.5). This change allows NixOS tests to run again after NixOS#63174 broke shared-mime-info.
After this change, I get this error:
I notice this error when I try to run any NixOS test, such as Reverting 8d92646 or makes the error go away, as does dropping itstool back to python2 as in #72335. itstool says it does not support Python 3 until version 2.0.3, but bumping its version isn't straightforward because itstool/default.nix says 2.0.3+ breaks the build of gnome3.gnome-desktop. |
@chkno itstool isn't even used in gnome-desktop anymore, it's likely this issue has been resolved already and we can update itstool, or maybe there's a patch needed in libxml2. |
Yeah, distro's have this patch from fedora to fix the crash. Maybe it has been committed in a newer version. |
@worldofpeace unfortunately gnome-desktop was not the only affected package, the cause is not fixed https://bugzilla.gnome.org/show_bug.cgi?id=789714 |
Yes, that seems to have come from https://bugzilla.opensuse.org/show_bug.cgi?id=1065270. It is definitely better but as https://bugzilla.gnome.org/show_bug.cgi?id=789714#c4 says, it is just a hack for broken libxml2. I wonder why is this not considered a critical security vulnerability. |
It seems upstream doesn't find it concerning |
To get python3 support. NixOS#63174 flipped itstool to python3, but itstool doesn't support python3 until 2.0.3 (and perhaps does not support it well until 2.0.5). Pressing forward instead of rolling back at worldofpeace's suggestion, who mentions that other distros seem to be able to ship recent versions of itstool. Tensions in this space seem two-fold. One set centers around libxml2 being a low-level C library with sharp edges, manual memory management, and performance concerns; the python libxml2 wrapper being quite thin (the most dubious character in this drama); and python's sentiment that it ought to be quite hard to crash the interpreter casually. This comes to a head in https://gitlab.gnome.org/GNOME/libxml2/issues/12 , where a use-after-free problem in idiomatic-looking python code is declared working-as-designed. The other set is around python3 being more UTF-8-aware than libxml2's python wrapper, such as https://bugzilla.gnome.org/show_bug.cgi?id=789714 and https://src.fedoraproject.org/rpms/libxml2/blob/master/f/libxml2-2.9.8-python3-unicode-errors.patch itstool is caught in this crossfire merely for being a widely-used python program that uses XML.
See NixOS#63174 where the condition was first introduced.
See NixOS#63174 where the condition was first introduced.
See #63174 where the condition was first introduced.
See NixOS#63174 where the condition was first introduced.
Motivation for this change
Things done
sandbox
innix.conf
on non-NixOS)nix-shell -p nix-review --run "nix-review wip"
./result/bin/
)nix path-info -S
before and after)