search

NixOS / nix

Nix, the purely functional package manager
https://nixos.org/
GNU Lesser General Public License v2.1
12.71k stars 1.51k forks source link

can't build packages with old curl version... #4484

Open masavini opened 3 years ago

masavini commented 3 years ago

hi, i'm trying to install an old (2012) libreoffice version and it fails due to curl not supporting a recent tls version:

$ nix-env -i libreoffice -f https://github.com/NixOS/nixpkgs/archive/1fef26d8f7907acd40ff631f158223bc3769db06.tar.gz
[...]
building '/nix/store/2xzasvpnhqcnbrbzdc6n2wvb9dysw89w-067201ea8b126597670b5eff72e1f66c-mythes-1.2.0.tar.gz.drv'...
error checking the existence of http://nixos.org/tarballs/md5/067201ea8b126597670b5eff72e1f66c:
curl: (35) error:1407742E:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert protocol version

trying http://dev-www.libreoffice.org/src/067201ea8b126597670b5eff72e1f66c-mythes-1.2.0.tar.gz
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   185  100   185    0     0   1909      0 --:--:-- --:--:-- --:--:--  4302
curl: (35) error:1407742E:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert protocol version
error: cannot download 067201ea8b126597670b5eff72e1f66c-mythes-1.2.0.tar.gz from any mirror
builder for '/nix/store/2xzasvpnhqcnbrbzdc6n2wvb9dysw89w-067201ea8b126597670b5eff72e1f66c-mythes-1.2.0.tar.gz.drv' failed with exit code 1
cannot build derivation '/nix/store/idjc2w7spfl27niiccd8p1q3fqxc5r28-libreoffice-3.4.5.2.drv': 1 dependencies couldn't be built

is there a way to: 1) make the build process download packages with a more recent curl version? or 2) pre-fetch all of the needed packages with a recent curl version before the build process start?

sheenobu commented 3 years ago

Replicating this:

> wget https://github.com/NixOS/nixpkgs/archive/1fef26d8f7907acd40ff631f158223bc3769db06.tar.gz
> tar xfvz https://github.com/NixOS/nixpkgs/archive/1fef26d8f7907acd40ff631f158223bc3769db06.tar.gz
> nix repl -I .
nix-repl> nixpkgs = import <nixpkgs> {} 
nix-repl> nixpkgs-old = import <nixpkgs-1fef26d8f7907acd40ff631f158223bc3769db06> {}
nix-repl> nixpkgs.mkShell { name = "my-shell"; buildInputs = [ nixpkgs-old.curl ]; }
«derivation /nix/store/siqbkkcryjg5mg8y32j2yzjp751j2yqs-my-shell.drv»
> nix-shell --pure /nix/store/siqbkkcryjg5mg8y32j2yzjp751j2yqs-my-shell.drv
nix-shell:~/x]$ curl -k -L http://dev-www.libreoffice.org/src/067201ea8b126597670b5eff72e1f66c-mythes-1.2.0.tar.gz
curl: (35) error:1407742E:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert protocol version

Ah got it. You want to build via the old nixpkgs AND with the old fetchurl (due to needing md5 verification) but with you want to use the NEWer curl which you do by overriding fetchurl and curl invocations when building libreoffice.

make the build process download packages with a more recent curl version?

is possible! so far:

nix-repl> :b nixpkgs-old.libreoffice.override { fetchurl = import <nixpkgs-1fef26d8f7907acd40ff631f158223bc3769db06/pkgs/build-support/fetchurl> { stdenv = nixpkgs.stdenv; curl = nixpkgs.curl; }; }

There are URLs that are fully gone, though:

  trying http://download.documentfoundation.org/libreoffice/src/3.4.5/libreoffice-artwork-3.4.5.2.tar.bz2
    % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                   Dload  Upload   Total   Spent    Left  Speed
    0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
  curl: (22) The requested URL returned error: 404 Not Found

anything in the http://download.documentfoundation.org URL will have to point elsewhere. I used http://freebsd.sin.openmirrors.asia/pub/FreeBSD/ports/distfiles/libreoffice/ but I haven't built the full thing yet (I probably wont)

masavini commented 3 years ago

thanks for your help, i'm not sure i'll be able to translate your suggestions to my use case but tonight i'll give it a try.

by the way, wouldn't it be more useful to always have the latest curl version downloading build dependencies?

i mean, tls versions may come and go anytime... if this makes nix unable to build packages released with previous tls versions, it could be quite annoying...

sheenobu commented 3 years ago

What's the use case?

by the way, wouldn't it be more useful to always have the latest curl version downloading build dependencies?

Probably! I'm no authority on this specifically I'm just providing drive-by help. It seems like a chicken-and-egg problem because of the way Nix/NixOS allows you to have multiple versions of a package installed.

There is still the problem that the libreoffice build spec is referencing dead URLs.

stale[bot] commented 3 years ago

I marked this as stale due to inactivity. → More info