From 6673cc8ee987d5fac19919380b453d163e40b2cb Mon Sep 17 00:00:00 2001 From: Mario Rodas Date: Sun, 12 May 2019 11:00:00 -0500 Subject: haskell: x509-system fix on darwin x509-system requires access to the `security` executable. Partially reverts [1: d69cc779b52] 1: d69cc779b520ea74a5b52fa5691f3f8fd7fe9cf3 Revert "Revert "darwin 10.12 commits"" --- .../haskell-modules/configuration-nix.nix | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/pkgs/development/haskell-modules/configuration-nix.nix b/pkgs/development/haskell-modules/configuration-nix.nix index 1be90f902e68..f4dd805568ea 100644 --- a/pkgs/development/haskell-modules/configuration-nix.nix +++ b/pkgs/development/haskell-modules/configuration-nix.nix @@ -128,6 +128,26 @@ self: super: builtins.intersectAttrs super { # the system-fileio tests use canonicalizePath, which fails in the sandbox system-fileio = if pkgs.stdenv.isDarwin then dontCheck super.system-fileio else super.system-fileio; + # Prevents needing to add `security_tool` as a run-time dependency for + # everything using x509-system to give access to the `security` executable. + x509-system = + if pkgs.stdenv.hostPlatform.isDarwin && !pkgs.stdenv.cc.nativeLibc + then + # darwin.security_tool is broken in Mojave (#45042) + + # We will use the system provided security for now. + # Beware this WILL break in sandboxes! + + # TODO(matthewbauer): If someone really needs this to work in sandboxes, + # I think we can add a propagatedImpureHost dep here, but I’m hoping to + # get a proper fix available soonish. + overrideCabal super.x509-system (drv: { + postPatch = (drv.postPatch or "") + '' + substituteInPlace System/X509/MacOS.hs --replace security /usr/bin/security + ''; + }) + else super.x509-system; + # https://github.com/NixOS/cabal2nix/issues/136 and https://github.com/NixOS/cabal2nix/issues/216 gio = disableHardening (addPkgconfigDepend (addBuildTool super.gio self.buildHaskellPackages.gtk2hs-buildtools) pkgs.glib) ["fortify"]; glib = disableHardening (addPkgconfigDepend (addBuildTool super.glib self.buildHaskellPackages.gtk2hs-buildtools) pkgs.glib) ["fortify"]; -- cgit 1.4.1