search

NixOS / nixpkgs

Nix Packages collection & NixOS
MIT License
18.08k stars 14.13k forks source link

Build failure: botan3 #333114

Closed HungryJoe closed 1 week ago

HungryJoe commented 3 months ago

Steps To Reproduce

Steps to reproduce the behavior:

  1. build botan3 from unstable

Build log

https://gist.github.com/HungryJoe/577d82945d812e418f10157892d9b7cc

Additional context

N/A

Notify maintainers

@thillux @7c6f434c

Metadata

Please run nix-shell -p nix-info --run "nix-info -m" and paste the result.

[user@system:~]$ nix-shell -p nix-info --run "nix-info -m"
 - system: `"x86_64-darwin"`
 - host os: `Darwin 23.6.0, macOS 10.16`
 - multi-user?: `yes`
 - sandbox: `no`
 - version: `nix-env (Nix) 2.13.3`
 - channels(root): `"nixpkgs"`
 - nixpkgs: `/nix/var/nix/profiles/per-user/root/channels/nixpkgs`

Add a :+1: reaction to issues you find important.

7c6f434c commented 3 months ago

I don't use macOS so I'll ask: is there sandbox.h anywhere on your system (on the system side or in the store), and where?

HungryJoe commented 3 months ago

Yes, in a few places. In the store:

/nix/store/flfm81pf8fs3zzsdzx9zagvbbj0fyrj5-libSystem-11.0.0/include/sandbox.h
/nix/store/fjcxkf90zm3ws5wridcdwwg1ml0zzqs8-node-sources/deps/v8/src/sandbox/sandbox.h
/nix/store/7wkia8504idya4f0dc24ppzdhb29j3ha-nodejs-20.14.0-source/deps/v8/src/sandbox/sandbox.h

NB: I removed examples from other <hash>-libSystem-11.0.0's and <hash>-node-sources's since they seemed redundant.

And on the system side:

/Library/Developer/CommandLineTools/SDKs/MacOSX10.15.sdk/usr/include/sandbox.h
/System/Volumes/Data/Library/Developer/CommandLineTools/SDKs/MacOSX10.15.sdk/usr/include/sandbox.h

/Library/Developer/CommandLineTools/SDKs/MacOSX11.1.sdk/usr/include/sandbox.h
/System/Volumes/Data/Library/Developer/CommandLineTools/SDKs/MacOSX11.1.sdk/usr/include/sandbox.h

NB: The two 10.15 files refer to the same inode; same with the two 11.1 files.

7c6f434c commented 3 months ago

Thanks for the comprehensive answer!

If you are comfortable trying a version from a PR, the linked PR might be the fix necessary. Otherwise… eventually OfBorg will build it on Darwin and in case of success the fix will get to the channel (in a few days after merge, I think, but it depends on luck a bit)

Update: First try was wrong, but now I see that I have missed a subtlety. Trying again.

7c6f434c commented 3 months ago

Now I don't understand: https://logs.ofborg.org/?key=nixos/nixpkgs.333292&attempt_id=b727875a-6b1d-4d91-bdb2-3a52dcea4465 — the build on Linux works with clang stdenv, though…

Chaostheorie commented 3 months ago

The error in the log looks like an issue with the libcxx. It might be worthwhile to investigate how the libcxx differs between the linux clang stdenv and darwin. Is there maybe an invalid version declared somewhere?

7c6f434c commented 3 months ago

I think the error happens earlier than without libSystem in the original report? Sometimes «bracketing» the weird deps with what should have priority (libcxx here) helps, sometimes no — we'll see what OfBorg says about this attempt.

This attempt at a fix does have a strong «play stupid games, win stupid prizes» flavour, but as the change is Darwin-only, either it helps, or not…

I guess the alternative is forcing non-use of sandbox.h, but this requires a macOS user to figure out and gives up a bit of hardening.

7c6f434c commented 3 months ago

Nope, doesn't seem to work

ofalvai commented 1 week ago

Good news, this is now fixed in staging-next: https://hydra.nixos.org/build/276108198 So once https://github.com/NixOS/nixpkgs/pull/348827 is merged, this can probably be closed