Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support mopidy on Darwin #35419

Merged
merged 5 commits into from Mar 1, 2018
Merged

Support mopidy on Darwin #35419

merged 5 commits into from Mar 1, 2018

Conversation

Kaali
Copy link

@Kaali Kaali commented Feb 23, 2018

Motivation for this change

I wanted to try out mopidy on Darwin.

Things done
  • Tested using sandboxing (nix.useSandbox on NixOS, or option build-use-sandbox in nix.conf on non-NixOS)
  • Built on platform(s)
    • NixOS
    • macOS
    • other Linux distributions
  • Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
  • Tested compilation of all pkgs that depend on this change using nix-shell -p nox --run "nox-review wip"
  • Tested execution of all binary files (usually in ./result/bin/)
  • Fits CONTRIBUTING.md.

Had to modify a bunch of gstreamer related packages to get them to work on macOS. There were some hard parts in gst-plugins-bad, which resulted in me disabling Cocoa and mjpegtools support in it.

As a side-note I added mpg123 to gst-plugins-ugly to enable MP3 playback in mopidy.

This PR is related to issue #35322

As a global change, I replaced hardcoded SSL cert path with cacert. Not sure if that is the way it should be done.

Väinö Järvelä added 3 commits February 23, 2018 21:20
gst-plugins-bad: Add Darwin support
6166507 
Had to remove mjpegtools and Cocoa support because of compile
problems.
glib-networking: Fix Darwin support
e9ef15c
mopidy: Remove dbus-python on Darwin
74d6d40 
Darwin doesn't have dbus.
LnL7
LnL7 approved these changes Feb 23, 2018
View reviewed changes
pkgs/development/libraries/glib-networking/default.nix Outdated
@@ -15,7 +15,9 @@ stdenv.mkDerivation rec {

outputs = [ "out" "dev" ]; # to deal with propagatedBuildInputs

configureFlags = "--with-ca-certificates=/etc/ssl/certs/ca-certificates.crt";
configureFlags = "--with-ca-certificates=${cacert}/etc/ssl/certs/ca-bundle.crt";
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This might have been intentional, not sure.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes see 55932c1 for reasoning. I'm not sure if anything is installed in /etc/ssl by default on macOS though.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

As far as I know, macOS uses a patched OpenSSL, which looks for the keys in KeyChain. So there really is no certificates file. Homebrew handles this by generating OpenSSL certificate bundle from KeyChain on install. Macports seems to just use curl ca-certs.

It seems like they are only updated when those packages are reinstalled. It might break the philosophy of Nix (as far as I understand it), but should there be a way to keep up an external state for this situation?

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Found out a bigger issue for this: #8247

Maybe I'll just disable certificates for now. At least it will work for local files and non-secure remote files. Which really covers most of the music streams, I guess.

Väinö Järvelä added 2 commits February 24, 2018 07:50
gst-plugins-ugly: Add mpg123 to enable mpg123audiodec in gstreamer
381cb8b 
Adds support for MP3 playback.
glib-networking: Disable ca-certificates on Darwin
5291c20 
macOS does not have certificates at /etc/ssl/certs. cacerts package
has been deprecated. And there is a long standing issue at
NixOS#8247 for figuring out how to
handle certificates.

Disabling glib-networking ca-certificates on Darwin removes constant
warnings when opening remote connections.
@LnL7
Copy link
Member

LnL7 commented Feb 26, 2018

gnutls doesn't support NIX_SSL_CERT_FILE?

@Kaali
Copy link
Author

Kaali commented Feb 27, 2018

The configuration variable expects a path. I see that some packages have been patched to read the environment variable. Is that the suggested approach?

@LnL7
Copy link
Member

LnL7 commented Feb 27, 2018

Yes, with openssl NIX_SSL_CERT_FILE and SSL_CERT_FILE are use to override this at runtime making the default less important. The installer will point this to the default profile which should always contain cacert.

On darwin there's also /etc/ssh/cert.pem but I'm not sure how reliable that is, I've seen people running into issues with that. Alternatively any system installed with the nix installer will have a default profile, using /nix/var/nix/profiles/default/etc/ssl/certs/ca-bundle.crt will be equivalent to the default NIX_SSL_CERT_FILE. Perhaps that's the most reasonable default since it's still possible to override that by installing a custom cacert package.

@LnL7
Copy link
Member

LnL7 commented Feb 27, 2018

Note, fixing gnutls in this pr isn't neccecary but it's something we should probably look into.

@LnL7 LnL7 merged commit 0feffd2 into NixOS:master Mar 1, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@matthewbauer matthewbauer matthewbauer left review comments

@LnL7 LnL7 LnL7 approved these changes

Assignees
No one assigned
Labels
6.topic: darwin Running or building packages on Darwin 8.has: package (new) 10.rebuild-darwin: 11-100 10.rebuild-linux: 101-500
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@Kaali @LnL7 @matthewbauer @GrahamcOfBorg