You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I am guessing nixpkgs bundles this somehow (I am not a darwin dev so I am struggling to find where to look)
Steps To Reproduce
You can build this flake. It builds a Go module that tries to make use of this function.
This is not the actual code I am trying to compile (I cannot share it) but this reproduces the same error.
{inputs.nixpkgs.url="github:NixOS/nixpkgs/nixos-unstable";inputs.utils.url="github:numtide/flake-utils";outputs={nixpkgs,utils, ... }: (utils.lib.eachDefaultSystem(system:
letpkgs=importnixpkgs{inheritsystem;};CoreFoundation=pkgs.darwin.apple_sdk.frameworks.CoreFoundation;Security=pkgs.darwin.apple_sdk.frameworks.Security;inrec{packages.default=pkgs.buildGoModule{pname="tools";version="tools-2023.11.23.685";vendorHash="sha256-Qd2xSBm67tQzYgC+vS76ewaZYWmbvICDQK2NvxwOPDY=";nativeBuildInputs=[CoreFoundationSecurity];buildInputs=[CoreFoundationSecurity];# not sure if this is neededCGO_CFLAGS="-iframework ${CoreFoundation}/Library/Frameworks -iframework ${Security}/Library/Frameworks";CGO_LDFLAGS="-F${CoreFoundation}/Library/Frameworks -F${Security}/Library/Frameworks";src=pkgs.fetchFromGitHub{owner="aws";repo="rolesanywhere-credential-helper";rev="43f2060";hash="sha256-mXLzHPdQLsny2c5dZsL7Y5RRne8taFJt51XwlYmGwf0=";};};}));}
Run nix build . on a directory with that flake
Actual behaviour
$ nix build .
error: builder for '/nix/store/cpkx1c0r3bhs2hq8cakzb82vis1lrbad-tools-tools-2023.11.23.685.drv' failed with exit code 1;
last 10 log lines:
[ ... ]
> building
> Building subPackage .
> # github.com/aws/rolesanywhere-credential-helper/aws_signing_helper
> aws_signing_helper/darwin_cert_store_signer.go:212:18: could not determine kind of name for C.SecTrustCopyCertificateChain
The newest available SDK in nixpkgs is 11.1. #229210 will add several of the missing SDKs (newer and older, hopefully). Until that PR is ready and merged, it won’t be possible to build packages that require newer APIs.
Thank you! That explains everything. Keen to see that merged, then. In the meantime, do you have any workarounds/hacks to make nix build use the systems' present SDK? I realise this would break purity but that is a sacrifice I am willing to make until #229210 is merged
Describe the bug
The
Security
framework includesSecTrustCopyCertificateChain
as of MacOS 12+, but I can't build packages that require that function via flakes.I am guessing nixpkgs bundles this somehow (I am not a darwin dev so I am struggling to find where to look)
Steps To Reproduce
You can build this flake. It builds a Go module that tries to make use of this function.
This is not the actual code I am trying to compile (I cannot share it) but this reproduces the same error.
Run
nix build .
on a directory with that flakeActual behaviour
Expected behavior
Successful build
Additional context
The function is present in my darwin machine:
Although I am not sure if that is the right place to look.
I cannot see it in nixpkgs, when I try to make a derivation that has
pkgs.darwin.apple_sdk.frameworks.Security
as a buildInputNotify maintainers
@wegank or @0xnetfox or @reckenrode ? Based on git blame of what I think might be relevant files. Sorry for pinging you if that's wrong!
Priorities
Add a 👍 reaction to issues you find important.
The text was updated successfully, but these errors were encountered: