Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

darwin: cargo tries to open /private/etc/ssl/openssl.cnf, which is outside sandbox #178

Open
sellout opened this issue Nov 7, 2024 · 0 comments
Open

darwin: cargo tries to open /private/etc/ssl/openssl.cnf, which is outside sandbox #178

sellout opened this issue Nov 7, 2024 · 0 comments

Comments

@sellout
Copy link

sellout commented Nov 7, 2024

I think I am running into oxalica/rust-overlay#149 over here.

$ otool -L $(which cargo)
/nix/store/im8vsm9gh1dm37pk0akhiv027k0grqrh-rust-stable/bin/cargo:
	/System/Library/Frameworks/Security.framework/Versions/A/Security (compatibility version 1.0.0, current version 60420.101.2)
	/usr/lib/libiconv.2.dylib (compatibility version 7.0.0, current version 7.0.0)
	/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation (compatibility version 150.0.0, current version 1971.0.0)
	/usr/lib/libcurl.4.dylib (compatibility version 7.0.0, current version 9.0.0)
	/usr/lib/libSystem.B.dylib (compatibility version 1.0.0, current version 1319.100.3)

I have the same issue with both stable and nightly:

(crane.mkLib pkgs).overrideToolchain fenix.packages.${pkgs.system}.stable.toolchain;
(crane.mkLib pkgs).overrideToolchain 
(fenix.packages.${pkgs.system}.fromToolchainName {
  name = "nightly";
  sha256 = "xpStU6xQanJNSXnOU9AY7nz9Ycjlv0/eQkNHP1LSBoc=";
}).toolchain;

From the build:

Running phase: buildPhase
++ command cargo --version
Auto configuration failed
8305676096:error:02FFF001:system library:func(4095):Operation not permitted:/AppleInternal/Library/BuildRoots/4ff29661-3588-11ef-9513-e2437461156c/Library/Caches/com.apple.xbs/Sources/libressl/libressl-3.3/crypto/bio/bss_file.c:122:fopen('/private/etc/ssl/openssl.cnf', 'rb')
8305676096:error:20FFF002:BIO routines:CRYPTO_internal:system lib:/AppleInternal/Library/BuildRoots/4ff29661-3588-11ef-9513-e2437461156c/Library/Caches/com.apple.xbs/Sources/libressl/libressl-3.3/crypto/bio/bss_file.c:127:
8305676096:error:0EFFF002:configuration file routines:CRYPTO_internal:system lib:/AppleInternal/Library/BuildRoots/4ff29661-3588-11ef-9513-e2437461156c/Library/Caches/com.apple.xbs/Sources/libressl/libressl-3.3/crypto/conf/conf_def.c:202:

I hacked up the PR I referenced to get a workaround:

let
  fnx = fenix.packages.${pkgs.system};
in
  (crane.mkLib pkgs).overrideToolchain
  (fnx.combine [
    (fnx.stable.cargo.overrideAttrs (old: {
      postBuild = pkgs.lib.optionalString pkgs.stdenv.isDarwin ''
        cargo="./cargo/bin/cargo"
        install_name_tool \
          -change "/usr/lib/libcurl.4.dylib" "${pkgs.curl.out}/lib/libcurl.4.dylib" \
          "$cargo"
      '';
    }))
    fnx.stable.rustc
  ]);

I tried to apply that to the toolchain derivation, but that ultimately uses runCommand, which is built with stdenvNoCC, which doesn’t have install_name_tool, so it was a pain.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@sellout