-
-
Notifications
You must be signed in to change notification settings - Fork 13.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
rustls-ffi: 0.10.0 -> 0.13.0 #305391
rustls-ffi: 0.10.0 -> 0.13.0 #305391
Conversation
curl with the Rustls support currently does not build:
From my understanding this is supposed to have been fixed (curl/curl#13200) so it will require some troubleshooting. |
cc @cpu to follow up with #299580 (comment) |
Thanks! I will take a deeper look ASAP.
Hmm that is interesting. I will see if I can reproduce. |
I was able to checkout the I don't think it's load-bearing, but reading "Writing packages providing pkg-config modules " in the manual I noticed there's a |
bcf3076
to
dac547e
Compare
Thanks, I forgot about that. Adjusted in the latest change. Everything has been fixed, curl builds with rustls and it looks OK 👍 |
Nice work! I'm reading the diff and wondering what the key fix was, conditionally adding Edit: Ah, I see you replied in the other thread to confirm. |
Yes, the |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks! I was able to pull this branch, build, and test everything successfully on my x86_64 Linux machine.
Hope to have the Apache update sorted soon :-)
FWIW this has landed in-tree but is pending release: https://svn.apache.org/viewvc?view=revision&revision=1917270 I've used this branch to smoke test the change in Nix-land and it worked well 🎉 The main wrinkle is that it's tricky to build HTTPD from a src clone and not a released tarball. I had to hack up the apache derivation a bit to clone |
dac547e
to
63acfb6
Compare
Thanks for the upstream fix. I applied the patch on top of sources we are using for Apache and it looks good 👍 |
I checked out this branch, built this derivation and diffed the content to the Arch Linux package for 0.13.0 (since the --- is Arch Linux, +++ is NixOS @@ -1,14 +1,9 @@
drwxrwxrwx 0 0 0 0 1970-01-01 00:00:00.000000 ./
drwxrwxrwx 0 0 0 0 1970-01-01 00:00:00.000000 ./include/
-rw-rw-rw- 0 0 0 87309 1970-01-01 00:00:00.000000 ./include/rustls.h
drwxrwxrwx 0 0 0 0 1970-01-01 00:00:00.000000 ./lib/
+-rw-rw-rw- 0 0 0 14631106 1970-01-01 00:00:00.000000 ./lib/librustls.a
lrwxrwxrwx 0 0 0 0 1970-01-01 00:00:00.000000 ./lib/librustls.so -> librustls.so.0.13.0
--rwxrwxrwx 0 0 0 1878432 1970-01-01 00:00:00.000000 ./lib/librustls.so.0.13.0
+-rwxrwxrwx 0 0 0 2389432 1970-01-01 00:00:00.000000 ./lib/librustls.so.0.13.0
drwxrwxrwx 0 0 0 0 1970-01-01 00:00:00.000000 ./lib/pkgconfig/
--rw-rw-rw- 0 0 0 275 1970-01-01 00:00:00.000000 ./lib/pkgconfig/rustls.pc
-drwxrwxrwx 0 0 0 0 1970-01-01 00:00:00.000000 ./share/
-drwxrwxrwx 0 0 0 0 1970-01-01 00:00:00.000000 ./share/licenses/
-drwxrwxrwx 0 0 0 0 1970-01-01 00:00:00.000000 ./share/licenses/librustls/
--rw-rw-rw- 0 0 0 10847 1970-01-01 00:00:00.000000 ./share/licenses/librustls/LICENSE-APACHE
--rw-rw-rw- 0 0 0 781 1970-01-01 00:00:00.000000 ./share/licenses/librustls/LICENSE-ISC
--rw-rw-rw- 0 0 0 1089 1970-01-01 00:00:00.000000 ./share/licenses/librustls/LICENSE-MIT
+-rw-rw-rw- 0 0 0 337 1970-01-01 00:00:00.000000 ./lib/pkgconfig/rustls.pc The @@ -1,10 +1,10 @@
-prefix=/usr
+prefix=/nix/store/7nlybprdl56qj9i3amalmrrlx59fhc0r-rustls-ffi-0.13.0
exec_prefix=${prefix}
-libdir=${prefix}/lib
+libdir=${exec_prefix}/lib
includedir=${prefix}/include
Name: rustls
Description: Rustls bindings for non-Rust languages
Version: 0.13.0
Libs: -L${libdir} -lrustls
Cflags: -I${includedir} For the binary it's normal to have large differences, in this case most of them are offset changes due to an additional symbol: This is most likely because the Arch Linux package was built with a different rustc Version:
I also found a difference in the Library runpath, but I assume this is related to how NixOS works: Overall I think dynamic linking should work fine, I couldn't figure out how to build |
I've resolved the merge conflict in patches = lib.optionals (lib.versionOlder finalAttrs.version "8.7.2") [
# https://github.com/curl/curl/pull/13219
# https://github.com/newsboat/newsboat/issues/2728
./8.7.1-compression-fix.patch
] ++ lib.optionals (rustlsSupport && lib.versionOlder finalAttrs.version "8.7.2") [
# https://github.com/curl/curl/issues/13200 and https://github.com/curl/curl/issues/13248
./rustls-build-fix.patch
]; The rebased commit can also be found at e727f60. |
Thanks for taking the time to compare!
Yup this one is not unexpected in the nixpkgs/NixOS context.
At the root of your nixpkgs clone you can run |
63acfb6
to
7671437
Compare
Thanks, I built the binary but it doesn't seem to pick up ca-certificates:
This could either indicate curl/curl#13248 isn't fully fixed yet, or I'm using the test binary in a way that it's not supposed to be used. Arch Linux currently ships curl-rustls 8.7.1 by reverting curl/curl@647e86a. This command is working fine, so it seems rustls-ffi itself is working correctly:
|
Very curious! I remember testing curl w/ an earlier rev of this branch and it working OK. Possible I made a mistake, or something shifted since then. In either case this is on my radar to look into when time permits. |
7671437
to
6e3f239
Compare
Rebased now that we have curl 8.8.0 in master. The cert issue is not new AFAIK, it probably requires some adjustment to handle |
6e3f239
to
3387d77
Compare
I'm also in favor of merging this |
Switched to the recently introduced cargo-c build in order to get pkg-config/.so config. Changelog: https://github.com/rustls/rustls-ffi/blob/v0.13.0/CHANGELOG.md
3387d77
to
248ffce
Compare
Description of changes
Switched to the recently introduced cargo-c build in order to get pkg-config/.so config.
Changelog:
https://github.com/rustls/rustls-ffi/blob/v0.13.0/CHANGELOG.md
A patch have been applied to Apache in order to resolve an incompatibility.
Things done
nix.conf
? (See Nix manual)sandbox = relaxed
sandbox = true
nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD"
. Note: all changes have to be committed, also see nixpkgs-review usage./result/bin/
)Add a 👍 reaction to pull requests you find important.