Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

libseccomp: only on Linux #38280

Closed
wants to merge 1 commit into from
Closed

libseccomp: only on Linux #38280

wants to merge 1 commit into from

Conversation

clacke
Copy link
Contributor

@clacke clacke commented Apr 1, 2018

Enable libseccomp only on Linux, make it null on other platforms, as
it was before the previous change.

Motivation for this change

nixUnstable is broken on Darwin, because libseccomp was accidentally
enabled in commit 26e8d58 (merged in commit cd7047c).

Things done
  • [✓] Tested using sandboxing (nix.useSandbox on NixOS, or option build-use-sandbox in nix.conf on non-NixOS)
  • Built on platform(s)
    • NixOS
    • [✓] macOS
    • [✓] other Linux distributions
  • Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
  • [✓] Tested compilation of all pkgs that depend on this change using nix-shell -p nox --run "nox-review wip"
  • [✓] Tested execution of all binary files (usually in ./result/bin/)
  • [✓] Fits CONTRIBUTING.md.

@clacke
libseccomp: only on Linux
069e7d7 
nixUnstable is broken on Darwin, because libseccomp was accidentally
enabled in commit 26e8d58 (merged in
commit cd7047c).

Enable libseccomp only on Linux, make it null on other platforms, as
it was before the change.
@clacke clacke requested review from edolstra and nbp as code owners April 1, 2018 03:18
@clacke
Copy link
Contributor Author

clacke commented Apr 1, 2018

Affected: nixUnstable dnsperf

@clacke
Copy link
Contributor Author

clacke commented Apr 1, 2018

Many others mention libseccomp, but they all seem to be conditional on isLinux or libseccomp != null already.

It is possible that more places should do the same detection that the nix derivation does, so that they can exclude RISC-V.

@clacke
Copy link
Contributor Author

clacke commented Apr 1, 2018

It is possible that p.meta.available or true in lib/meta.nix is a mistake. It looks backwards to me.

clacke added a commit to clacke/fractalide that referenced this pull request Apr 1, 2018
@clacke
Problem: we are building racket-minimal every time
8d01e8e 
The racket with libiconv override (in racket2nix) is not available in
hydra. We don't really need the override unless we build racket-doc.

Solution: Supply an up-to-date racket-minimal from the latest nixpkgs.

This lowers test build time from ~30 minutes to ~20 minutes.

We still have the problem that it's building nix-2.0. This is probably
related to NixOS/nixpkgs#38280 .
@matthewbauer
Copy link
Member

This is only happening if you have 'allowBroken = true;'. Still should be fixed, but for the time being it's an okay fix to just set 'allowBroken = false;'.

@clacke
Copy link
Contributor Author

clacke commented Apr 1, 2018

I've been trying to understand how meta.available works, and I've been confused that it's always true. Is that because I have allowBroken? That actually makes sense. :-)

@clacke
Copy link
Contributor Author

clacke commented Apr 1, 2018

I may have allowBroken because git-annex is marked broken and actually isn't. I will check and make a PR if that is the case.

@clacke
Copy link
Contributor Author

clacke commented Apr 1, 2018

It's kind of unintuitive that allowBroken actively breaks things, but I can see why. :-)

@clacke
Copy link
Contributor Author

clacke commented Apr 1, 2018

Hm, no, I have not set allowBroken. git-annex seems to have been fixed at some point.

@matthewbauer
Copy link
Member

Yeah see:

26e8d58#r28303854
and
https://groups.google.com/forum/#!topic/nix-devel/IdI2BET4mRA

@matthewbauer
Copy link
Member

You can detect allowBroken with:

nix-instantiate --eval -E 'with import <nixpkgs> {}; config.allowBroken or false'

If not, try running this: (it should give you false)

nix-instantiate --eval -E 'with import <nixpkgs> {}; libseccomp.meta.available'

@clacke
Copy link
Contributor Author

clacke commented Apr 1, 2018

Ok, so that's not trivial. Working, broken and unapplicable seem like a minimum of states a package could be in. Unfree seems like an axis on its own.

Ugh, I was looking in the wrong window. I do indeed have allowBroken on this machine. Thank you for your patience.

So, even if a better grand solution is needed, isn't nix a core enough use case that this special case should be fixed?

dhess added a commit to dhess/nixpkgs-dhess that referenced this pull request Apr 19, 2018
@dhess
Disable allowBroken to fix libseccomp issue on Darwin.
f9d93a9 
ref. NixOS/nixpkgs#38280
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@edolstra edolstra Awaiting requested review from edolstra

@nbp nbp Awaiting requested review from nbp

Assignees
No one assigned
Labels
10.rebuild-darwin: 11-100 10.rebuild-linux: 0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@clacke @matthewbauer @GrahamcOfBorg