Skip to content

Comments

staging-next 2022-05-04#171497

Merged
vcunat merged 212 commits intomasterfrom
staging-next
May 9, 2022
Merged

staging-next 2022-05-04#171497
vcunat merged 212 commits intomasterfrom
staging-next

Conversation

@vcunat
Copy link
Member

@vcunat vcunat commented May 4, 2022

thefloweringash and others added 30 commits December 14, 2021 13:21
Pandoc no longer depends on haskellPackages.HTTP at all.
The following error occurs when using `imagemagickBig`:

    $ ./result/bin/identify sample.jp2
    [1]    699089 IOT instruction (core dumped)  ./result/bin/identify sample.jp2

When looking at the call-trace it seems as if certain symbols, e.g.
`opj_malloc` are mixed up:

    #8  0x00007f78c79ad2f5 in MagickSignalHandler.cold () from /nix/store/bqy80qiw6czqh7vsmmmivwdswp9zzjgl-imagemagick-7.1.0-29/lib/libMagickCore-7.Q16HDRI.so.10
    #9  <signal handler called>
    #10 0x00007f78c5a6095f in opj_malloc () from /nix/store/wg6ly83k1k1fjiygiv1jr7li3p6dwsvq-ghostscript-with-X-9.55.0/lib/libgs.so.9
    #11 0x00007f78c5a60981 in opj_calloc () from /nix/store/wg6ly83k1k1fjiygiv1jr7li3p6dwsvq-ghostscript-with-X-9.55.0/lib/libgs.so.9
    #12 0x00007f78c4f48e24 in opj_create_decompress () from /nix/store/qwalb0kjz1p9c4j48qkk6ql47ds2lnhh-openjpeg-2.4.0/lib/libopenjp2.so.7

The `opj_create_decompress()` is called from the `openjpeg`-integration
of `imagemagick` and thus shouldn't affect `ghostscript` at all.
However, `ghostscript` (`libgs.so` to be precise) also exposes e.g.
`opj_malloc`:

    $ objdump -t /nix/store/wg6ly83k1k1fjiygiv1jr7li3p6dwsvq-ghostscript-with-X-9.55.0/lib/libgs.so.9.55|grep opj_malloc
    0000000000205940 g     F .text	000000000000002b              opj_malloc

Because of that, two incompatible symbols are used in the same process
and thus the `identify`-call breaks because the wrong one is used. To
work around that I decided to use the system-wide openjpeg instead.
I'm not sure why `libgs.so` wants to expose these symbols anyways, but
with that workaround the problem is solved.

Even though it's mentioned that ghostscript's openjpeg is heavily
patched, I think that this is somewhat outdated or at least irrelevant
considering that both ArchLinux[1] and Fedora[2] use the system-wide
`openjpeg` instead.

[1] https://github.com/archlinux/svntogit-packages/blob/bafcb5473b59d5386dd110d1cb249372dce9ea6c/trunk/PKGBUILD#L50
[2] https://src.fedoraproject.org/rpms/ghostscript/blob/e4eec13ab6ace2bad64b740d352964bbf61d1aa7/f/ghostscript.spec#_245
In Issue #169693 we found out that systemd-bootaa64.efi does not have
required `#### LoaderInfo: systemd-boot 250.4 ####` marking.

It is destroyed by `nixpkgs`'s `_doStrip` hook (part of `fixupOutputHooks`).
It makes sense as PE32+ is a bit different from ELF where `.sdmagic` section
is inserted.

The change avoids stripping EFI files altogether by moving them out
of default strip directories of _doStrip for the time while `fixupPhase`
is running.

Closes: #169693
- add pythonImportsCheck
- disable on older Python releases
Noticed option globbing when tried to enable parallelism by default
locally for most packages by default. python3Packages.yt-dlp failed as:

    python3.9-yt-dlp> /nix/store/5mywvxdjkk1q6srwwwgdkzc37ibla801-python3.9-setuptools-61.2.0/lib/python3.9/site-packages/setuptools/dist.py:516: UserWarning: Normalizing '2022.04.08' to '2022.4.8'
    python3.9-yt-dlp>   warnings.warn(tmpl.format(**locals()))
    python3.9-yt-dlp> invalid command name 'build_lazy_extractors--parallel'

The change adds leading whitespace everywhere where options might
already be present.
elfutils uses dlopen for central features.
python310Packages.pkgconfig: execute tests, adopt
ghostscript: use system-wide openjpeg
Context: #84312 documents that using .gitattributes on GitHub results in
non-reproducible release tarballs. versioneer uses this to provide
version numbers for Python libraries.

Hack around that issue by deleting the file containing substitutions in
the fixed hash input derivation, and recreate the required info from the
derivation's version info at patchPhase time.
@ncfavier
Copy link
Member

ncfavier commented May 6, 2022

No surprise, this is related to #164163.

The culprit seems to be this part of the firefox wrapper:

# This will not patch binaries, only "text" files.
# Its there for the wrapper mostly.
cd "$out"
replace-literal -esfR -- "${browser}" "$out"

It rewrites

/nix/store/1qg729mv21pk0i7hylx4qczirdfybv8d-firefox-release-bin-unwrapped-100.0

to

/nix/store/gyybbi7d2jwr23f673ascrmq6c5wh2yy-firefox-bin-100.0in-unwrapped-100.0

instead of

/nix/store/gyybbi7d2jwr23f673ascrmq6c5wh2yy-firefox-bin-100.0

in the gapps wrapper, which looks like a bug in replace-literal (at least this behaviour is not documented and I don't see how to make it do the right thing).

@github-actions github-actions bot removed the 6.topic: GNOME GNOME desktop environment and its underlying platform label May 7, 2022
@vcunat
Copy link
Member Author

vcunat commented May 7, 2022

github-actions bot and others added 4 commits May 7, 2022 12:01
instead of just buildInput omission. darwin still fails to build with
svg or heif support, but a change in one of the present dependencies
may cause one of these libraries to be detected and the support
accidentally enabled.
@ncfavier
Copy link
Member

ncfavier commented May 7, 2022

We can't just edit binary wrappers in place because of a length
mismatch, so we have to parse the generating makeCWrapper call out of
the binary, extract wrapper arguments from it and add them to the
Firefox wrapper.

All these contortions are needed because Firefox looks for its runtime
in argv0, so the proper argv0 needs to be set by wrappers to always
point to the "final" runtime. I think this could be avoided by wrapping
/lib/$libName/firefox instead of /bin/firefox, and I'd like to look into
that in the future, but for now I'm just fixing the immediate problem.
@vcunat vcunat requested a review from mweinelt as a code owner May 9, 2022 05:10
@vcunat vcunat merged commit 43c99be into master May 9, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

1.severity: security Issues which raise a security issue, or PRs that fix one 6.topic: nixos Issues or PRs affecting NixOS modules, or package usability issues specific to NixOS 6.topic: python Python is a high-level, general-purpose programming language. 6.topic: stdenv Standard environment 6.topic: systemd Software suite that provides an array of system components for Linux operating systems. 6.topic: vim Advanced text editor 8.has: module (update) This PR changes an existing module in `nixos/` 8.has: package (new) This PR adds a new package 10.rebuild-darwin: 501+ This PR causes many rebuilds on Darwin and should normally target the staging branches. 10.rebuild-darwin: 5001+ This PR causes many rebuilds on Darwin and must target the staging branches. 10.rebuild-darwin-stdenv This PR causes stdenv to rebuild on Darwin and must target a staging branch. 10.rebuild-linux: 501+ This PR causes many rebuilds on Linux and should normally target the staging branches. 10.rebuild-linux: 5001+ This PR causes many rebuilds on Linux and must target the staging branches. 10.rebuild-linux-stdenv This PR causes stdenv to rebuild on Linux and must target a staging branch.

Projects

None yet

Development

Successfully merging this pull request may close these issues.