Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

build-support/fetchpijul: Add cacert dependency, set impureEnvVars, and enable strictDeps #272520

Merged
merged 2 commits into from
Jan 4, 2024
Merged

build-support/fetchpijul: Add cacert dependency, set impureEnvVars, and enable strictDeps #272520

merged 2 commits into from
Jan 4, 2024

Conversation

nrabulinski
Copy link
Member

Description of changes

Closes #270252
We now properly set SSL_CERT_FILE and the proxy variables. I also added strictDeps = true so that pijul doesn't need to be fetched when using sources obtained with fetchpijul.

cc @2xsaiko

Things done

  • Built on platform(s)
    • x86_64-linux
    • aarch64-linux
    • x86_64-darwin
    • aarch64-darwin
  • For non-Linux: Is sandboxing enabled in nix.conf? (See Nix manual)
    • sandbox = relaxed
    • sandbox = true
  • Tested, as applicable:
  • Tested compilation of all packages that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage
  • Tested basic functionality of all binary files (usually in ./result/bin/)
  • 24.05 Release Notes (or backporting 23.05 and 23.11 Release notes)
    • (Package updates) Added a release notes entry if the change is major or breaking
    • (Module updates) Added a release notes entry if the change is significant
    • (Module addition) Added a release notes entry if adding a new NixOS module
  • Fits CONTRIBUTING.md.

Add a 👍 reaction to pull requests you find important.

@nixos-discourse
Copy link

This pull request has been mentioned on NixOS Discourse. There might be relevant details there:

https://discourse.nixos.org/t/prs-ready-for-review/3032/3055

@ofborg ofborg bot added 10.rebuild-darwin: 0 This PR does not cause any packages to rebuild on Darwin 10.rebuild-linux: 0 This PR does not cause any packages to rebuild on Linux labels Dec 6, 2023
2xsaiko
2xsaiko approved these changes Dec 6, 2023
View reviewed changes
Copy link
Contributor

@2xsaiko 2xsaiko left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks, this indeed fixes the error!

@delroth delroth added the 12.approvals: 1 This PR was reviewed and approved by one reputable person label Dec 6, 2023
@SuperSandro2000
Copy link
Member

I also added strictDeps = true so that pijul doesn't need to be fetched when using sources obtained with fetchpijul.

Why was that the case before? This is unexpected to me.

@nrabulinski
Copy link
Member Author

I also added strictDeps = true so that pijul doesn't need to be fetched when using sources obtained with fetchpijul.

Why was that the case before? This is unexpected to me.

Pijul is a build-time dependency and without strictDeps we don't differentiate between build- and run-time dependencies so anything that references a derivation produced with fetchpijul depends on pijul at "runtime".
There's no runtime per se with sources, but you get what I mean, it could be that you already have the source fetched but nix will still fetch pijul when you try to use said source because it depends on it at runtime.

And if you're asking why it wasn't enabled before - I didn't know about it and none of the reviewers told me about it 😄

@2xsaiko
Copy link
Contributor

2xsaiko commented Dec 7, 2023

Pijul is a build-time dependency and without strictDeps we don't differentiate between build- and run-time dependencies so anything that references a derivation produced with fetchpijul depends on pijul at "runtime". There's no runtime per se with sources, but you get what I mean, it could be that you already have the source fetched but nix will still fetch pijul when you try to use said source because it depends on it at runtime.

I can't really say for certain because the manual seems to support what you're saying but I also don't really understand that section, but I thought runtime dependencies were always strictly decided by references to which inputs are contained in the output paths of the derivation. It seems kinda weird for that not to be the case for the non-cross case (as per the manual).

@nixos-discourse
Copy link

This pull request has been mentioned on NixOS Discourse. There might be relevant details there:

https://discourse.nixos.org/t/prs-ready-for-review/3032/3145

@nixos-discourse
Copy link

This pull request has been mentioned on NixOS Discourse. There might be relevant details there:

https://discourse.nixos.org/t/prs-ready-for-review/3032/3191

@pbsds pbsds merged commit 73148fa into NixOS:master Jan 4, 2024
20 checks passed
@nrabulinski nrabulinski deleted the fix-fetchpijul branch January 5, 2024 10:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@2xsaiko 2xsaiko 2xsaiko approved these changes

Assignees
No one assigned
Labels
6.topic: fetch 10.rebuild-darwin: 0 This PR does not cause any packages to rebuild on Darwin 10.rebuild-linux: 0 This PR does not cause any packages to rebuild on Linux 12.approvals: 1 This PR was reviewed and approved by one reputable person
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

fetchpijul is broken: unable to get local issuer certificate
6 participants
@nrabulinski @nixos-discourse @SuperSandro2000 @2xsaiko @pbsds @delroth