Skip to content

cryfs: 0.10.2 -> 0.11.1#151886

Merged
c0bw3b merged 1 commit intoNixOS:masterfrom
c0bw3b:pkg/cryfs
Dec 23, 2021
Merged

cryfs: 0.10.2 -> 0.11.1#151886
c0bw3b merged 1 commit intoNixOS:masterfrom
c0bw3b:pkg/cryfs

Conversation

@c0bw3b
Copy link
Contributor

@c0bw3b c0bw3b commented Dec 23, 2021

Motivation for this change

Package update.
Upstream now provides a way to use dependencies from nixpkgs ;
except for cryptopp and googletest.
Vendored cryptopp is v8.6.0 in cryfs 0.11.1

Things done
  • Built on platform(s)
    • x86_64-linux
    • aarch64-linux
    • x86_64-darwin
    • aarch64-darwin
  • For non-Linux: Is sandbox = true set in nix.conf? (See Nix manual)
  • Tested, as applicable:
  • Tested compilation of all packages that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage
  • Tested basic functionality of all binary files (usually in ./result/bin/)
  • 22.05 Release Notes (or backporting 21.11 Release notes)
    • (Package updates) Added a release notes entry if the change is major or breaking
    • (Module updates) Added a release notes entry if the change is significant
    • (Module addition) Added a release notes entry if adding a new NixOS module
    • (Release notes changes) Ran nixos/doc/manual/md-to-db.sh to update generated release notes
  • Fits CONTRIBUTING.md.

@c0bw3b
Copy link
Contributor Author

c0bw3b commented Dec 23, 2021

Just opening this for review after Christmas holidays. :)

Ping @midchildan for testing on a Darwin platform.
Could you maybe retest locally running the tests? Supposedly all tests using fuse are disabled so maybe they can succeed even on Darwin.

@ofborg ofborg bot requested a review from peterhoeg December 23, 2021 14:05
@ofborg ofborg bot added 11.by: package-maintainer This PR was created by a maintainer of all the package it changes. 10.rebuild-darwin: 1-10 This PR causes between 1 and 10 packages to rebuild on Darwin. 10.rebuild-darwin: 1 This PR causes 1 package to rebuild on Darwin. 10.rebuild-linux: 1-10 This PR causes between 1 and 10 packages to rebuild on Linux. labels Dec 23, 2021
@midchildan
Copy link
Member

midchildan commented Dec 23, 2021
edited
Loading

The following change is needed to compile the vendored cyptopp with Clang:

diff --git a/pkgs/tools/filesystems/cryfs/default.nix b/pkgs/tools/filesystems/cryfs/default.nix
index 446f18661dc..5b927284c49 100644
--- a/pkgs/tools/filesystems/cryfs/default.nix
+++ b/pkgs/tools/filesystems/cryfs/default.nix
@@ -1,6 +1,7 @@
 { lib, stdenv, fetchFromGitHub
 , cmake, pkg-config, python3
 , boost, curl, fuse, openssl, range-v3, spdlog
+, llvmPackages
 # cryptopp and gtest on standby - using the vendored ones for now
 # see https://github.com/cryfs/cryfs/issues/369
 }:
@@ -40,7 +41,11 @@ stdenv.mkDerivation rec {
 
   strictDeps = true;
 
-  buildInputs = [ boost curl fuse openssl range-v3 spdlog ];
+  buildInputs = [ boost curl fuse openssl range-v3 spdlog ]
+    ++ lib.optionals stdenv.cc.isClang [
+      # needed to build the vendored cryptopp
+      llvmPackages.openmp
+    ];
 
   #checkInputs = [ gtest ];
 
diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
index 9ce798e8a88..e0077018108 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -5072,7 +5072,10 @@ with pkgs;
 
   ericw-tools = callPackage ../applications/misc/ericw-tools { };
 
-  cryfs = callPackage ../tools/filesystems/cryfs { };
+  cryfs = callPackage ../tools/filesystems/cryfs {
+    # Use boost >= 1.70 to avoid https://github.com/boostorg/process/issues/55
+    boost = boost17x;
+  };
 
   encfs = callPackage ../tools/filesystems/encfs {
     tinyxml2 = tinyxml-2;

@midchildan
Copy link
Member

midchildan commented Dec 23, 2021
edited
Loading

Unfortunately I'm seeing a regression in Boost that's preventing cryfs from compiling on Darwin. Boost is applying the namespace operator (::) on sigemptyset and other signal related functions, which are actually implemented as preprocessor macros on Darwin and therefore not namespaced.

In file included from /tmp/nix-build-cryfs-0.11.1.drv-1/source/src/cpp-utils/process/subprocess.cpp:6:
In file included from include/boost/process.hpp:24:
In file included from include/boost/process/async_system.hpp:22:
In file included from include/boost/process/child.hpp:21:
In file included from include/boost/process/detail/child_decl.hpp:30:
include/boost/process/detail/posix/wait_for_exit.hpp:60:7: error: expected unqualified-id
    ::sigemptyset(&sigset);
      ^
/nix/store/2dlfw9s2ypb0s245g3yrq29p6rvlwsky-Libsystem-1238.60.2/include/signal.h:125:26: note: expanded from macro 'sigemptyset'
#define sigemptyset(set)        (*(set) = 0, 0)

@midchildan
Copy link
Member

midchildan commented Dec 23, 2021

A bit of searching led me to boostorg/process#55 and #144610. It seems that using a newer version of Boost fixes the problem, so I updated the above patch to use pkgs.boost17x instead. After applying the patch, cryfs now builds and the tests pass too.

@midchildan
Copy link
Member

midchildan commented Dec 23, 2021

I've confirmed that creating/mounting/reading/writing encrypted directories work as intended on Darwin.

@c0bw3b
Copy link
Contributor Author

c0bw3b commented Dec 23, 2021
edited
Loading

Thanks for those tests. I just pushed an update using boost17x by default on all platforms and re-enabling the check phase on Darwin.

@midchildan
Copy link
Member

midchildan commented Dec 23, 2021

I should've mentioned this, but the check phase can't be enabled for Darwin on Hydra because it requires a full installation of macFUSE. Nixpkgs only includes a compile time stub for libfuse. Here's a bit of additional context if you're interested.

With Darwin, the check phase for FUSE packages needs to be run locally.

@c0bw3b
cryfs: 0.10.2 -> 0.11.1
e673e3d 
Upstream now provides a way to use dependencies from nixpkgs ;
except for cryptopp and googletest.
Vendored cryptopp is v8.6.0 in cryfs 0.11.1
@c0bw3b c0bw3b merged commit 2bd4f74 into NixOS:master Dec 23, 2021
@c0bw3b c0bw3b deleted the pkg/cryfs branch December 23, 2021 21:13
@veprbl
Copy link
Member

veprbl commented Dec 23, 2021

I see on staging-next:

error: anonymous function at /nix/store/j5fhw348rsazaxad115xmf1bf683fdsg-source/pkgs/tools/filesystems/cryfs/default.nix:1:1 called with unexpected argument 'boost'

@GrahamcOfBorg eval

@veprbl
Copy link
Member

veprbl commented Dec 23, 2021

Fixed on staging-next in a38c345

@veprbl
Copy link
Member

veprbl commented Dec 24, 2021

However this still regresses on staging-next
https://hydra.nixos.org/build/162001566
I suppose this might need to be included in #151469 now

@c0bw3b c0bw3b mentioned this pull request Dec 30, 2021
Merged
13 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@peterhoeg peterhoeg Awaiting requested review from peterhoeg

Assignees

No one assigned

Labels

10.rebuild-darwin: 1-10 This PR causes between 1 and 10 packages to rebuild on Darwin. 10.rebuild-darwin: 1 This PR causes 1 package to rebuild on Darwin. 10.rebuild-linux: 1-10 This PR causes between 1 and 10 packages to rebuild on Linux. 11.by: package-maintainer This PR was created by a maintainer of all the package it changes.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@c0bw3b @midchildan @veprbl