New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support mopidy on Darwin #35419
Support mopidy on Darwin #35419
Conversation
Had to remove mjpegtools and Cocoa support because of compile problems.
Darwin doesn't have dbus.
@@ -15,7 +15,9 @@ stdenv.mkDerivation rec { | |||
|
|||
outputs = [ "out" "dev" ]; # to deal with propagatedBuildInputs | |||
|
|||
configureFlags = "--with-ca-certificates=/etc/ssl/certs/ca-certificates.crt"; | |||
configureFlags = "--with-ca-certificates=${cacert}/etc/ssl/certs/ca-bundle.crt"; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This might have been intentional, not sure.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes see 55932c1 for reasoning. I'm not sure if anything is installed in /etc/ssl by default on macOS though.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
As far as I know, macOS uses a patched OpenSSL, which looks for the keys in KeyChain. So there really is no certificates file. Homebrew handles this by generating OpenSSL certificate bundle from KeyChain on install. Macports seems to just use curl ca-certs.
It seems like they are only updated when those packages are reinstalled. It might break the philosophy of Nix (as far as I understand it), but should there be a way to keep up an external state for this situation?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Found out a bigger issue for this: #8247
Maybe I'll just disable certificates for now. At least it will work for local files and non-secure remote files. Which really covers most of the music streams, I guess.
Adds support for MP3 playback.
macOS does not have certificates at /etc/ssl/certs. cacerts package has been deprecated. And there is a long standing issue at NixOS#8247 for figuring out how to handle certificates. Disabling glib-networking ca-certificates on Darwin removes constant warnings when opening remote connections.
gnutls doesn't support NIX_SSL_CERT_FILE? |
The configuration variable expects a path. I see that some packages have been patched to read the environment variable. Is that the suggested approach? |
Yes, with openssl NIX_SSL_CERT_FILE and SSL_CERT_FILE are use to override this at runtime making the default less important. The installer will point this to the default profile which should always contain cacert. On darwin there's also |
Note, fixing gnutls in this pr isn't neccecary but it's something we should probably look into. |
Motivation for this change
I wanted to try out mopidy on Darwin.
Things done
build-use-sandbox
innix.conf
on non-NixOS)nix-shell -p nox --run "nox-review wip"
./result/bin/
)Had to modify a bunch of gstreamer related packages to get them to work on macOS. There were some hard parts in gst-plugins-bad, which resulted in me disabling Cocoa and mjpegtools support in it.
As a side-note I added mpg123 to gst-plugins-ugly to enable MP3 playback in mopidy.
This PR is related to issue #35322
As a global change, I replaced hardcoded SSL cert path with cacert. Not sure if that is the way it should be done.