Nixpkgs: openssl depends on build-time perl
Issue description
openssl cross-compiles incorrectly because c_rehash in openssl.bin refers to build perl (should refer to host perl).
Steps to reproduce
[goertzen@asusnixos:~/nixpkgs]$ nix build -f . --arg crossSystem '{ config = "i686-unknown-linux-gnu"; }' openssl
output '/nix/store/3z8sbrdppg0y2gi3g433j5k5qchpx3bx-openssl-1.0.2p-i686-unknown-linux-gnu-bin' is not allowed to refer to the following paths:
/nix/store/1dzsd6drn31dgp3hk74x2h87j6jdj55b-perl-5.28.0
[0 built (1 failed)]
error: build of '/nix/store/4p4wrc9biy5bvaazp3yvacf0k5ik5sg5-openssl-1.0.2p-i686-unknown-linux-gnu.drv' failed
[goertzen@asusnixos:~/nixpkgs]$ head -n 1 /nix/store/3z8sbrdppg0y2gi3g433j5k5qchpx3bx-openssl-1.0.2p-i686-unknown-linux-gnu-bin/bin/c_rehash
#!/nix/store/1dzsd6drn31dgp3hk74x2h87j6jdj55b-perl-5.28.0/bin/perl
Technical details
- system: `"x86_64-linux"`
- host os: `Linux 4.14.78, NixOS, 18.09.1023.06fb0253afa (Jellyfish)`
- multi-user?: `yes`
- sandbox: `yes`
- version: `nix-env (Nix) 2.1.1`
- channels(root): `"nixos-18.09.1023.06fb0253afa, unstable-18.03pre130569.7a04c2ca296"`
- nixpkgs: `/nix/var/nix/profiles/per-user/root/channels/nixos`
goertzenator
All 14 comments
Same here.
output '/nix/store/c543xsvgcn5vz9q7p4qc14s58vasyhiw-openssl-1.0.2p-armv7l-unknown-linux-gnueabihf-bin' is not allowed to refer to the following paths:
/nix/store/08nciki42z9yxxxk1xrx02kdhrf9ap4h-perl-5.28.0
perl is in nativeBuildInputs so I guess its normal that it references to the one used in build. Very confusing.
nativeBuildInputs = [ perl ];
buildInputs = stdenv.lib.optional withCryptodev cryptodevHeaders;
eburimu
on 22 Nov 2018
I should have mentioned that case #19965 talks more about the perl dependency. In a nutshell, only openssl.bin has the perl dependency but openssl.bin is rarely required (most packages only need the lib).
But unfortunately this derivation builds everything. openssl.bin should probably be separated so that when you are crossbuilding the openssl libs you don't also have to crossbuild perl. All that said, that's a separate issue than the one addressed in this bug report.
goertzenator
on 22 Nov 2018
What confuses me is that this problem seems to persist for every package that requires perl as nativeBuildInput and buildInput at the same time.
eburimu
on 22 Nov 2018
propagatedNativeBuildInputs did not help. I'm still trying to wrap my head around all the different flavours of buildInputs so I'm at a loss right now.
goertzenator
on 22 Nov 2018
OK, fixd it. Try the following:
85 postInstall =
86 stdenv.lib.optionalString (!static) ''
87 # If we're building dynamic libraries, then don't install static
88 # libraries.
89 if [ -n "$(echo $out/lib/*.so $out/lib/*.dylib $out/lib/*.dll)" ]; then
90 rm "$out/lib/"*.a
91 fi
92
93 '' +
94 ''
95 mkdir -p $bin
96 substituteInPlace $out/bin/c_rehash --replace ${buildPackages.perl} ${perl}
97 mv $out/bin $bin/
98
99 mkdir $dev
100 mv $out/include $dev/
101
102 # remove dependency on Perl at runtime
103 rm -r $out/etc/ssl/misc
104
105 rmdir $out/etc/ssl/{certs,private}
106 '';
Seems to work for me. Added substituteInPlace line 96. @goertzenator
eburimu
on 22 Nov 2018
I watched it crossbuild perl, but openssl still fails.
[goertzen@asusnixos:~/nixpkgs]$ nix build -f . --arg crossSystem '{ config = "i686-unknown-linux-gnu"; }' openssl
output '/nix/store/izwn3b71qbnsgdvi8z4s1ib3g98g1w45-openssl-1.0.2p-i686-unknown-linux-gnu-dev' is not allowed to refer to the following paths:
/nix/store/1dzsd6drn31dgp3hk74x2h87j6jdj55b-perl-5.28.0
[2 built (1 failed), 0.0 MiB DL]
error: build of '/nix/store/nlk70g2zigqc4w1pjzmb882svgkdkz8j-openssl-1.0.2p-i686-unknown-linux-gnu.drv' failed
Hm in my case, bin was problematic. It is now fixed by the stuff above. You get now errors related to -dev. Maybe you need an updated drv file, staging or master perhaps?
eburimu
on 22 Nov 2018
My bad, I didn't notice it was dev and not bin. It turns out I still had propagatedNativeBuildInputs going. Changing that back to nativeBuildInputs fixed it.
So, everything is good now! Are you going to do a PR for this?
goertzenator
on 22 Nov 2018
I'll be glad if you can do it on behalf of us. I'm working on the rest atm.
eburimu
on 22 Nov 2018
I'll PR then. Thanks for your help!
goertzenator
on 22 Nov 2018
So the reason this happens so much with perl is that lots of software doesn鈥檛 properly differentiate between BUILD_PERL and PERL. They end up using the command -v perl for the shebang that goes in the output.
matthewbauer
on 23 Nov 2018
Do you have an example of a package that does this really well? I've got a number of packages I'd like to cross compile and would like to be better equipped to cope with more issues on my own.
goertzenator
on 23 Nov 2018
Is this solved or do you want to keep it open until it's properly fixed?
JohnAZoidberg
on 23 Apr 2019
@matthewbauer I think newer patch shebangs actually fixes this (!).
Ericson2314
on 26 Oct 2019
Related issues
teto
路
3Comments
chris-martin
路
3Comments
copumpkin
路
3Comments
langston-barrett
路
3Comments
vaibhavsagar
路
3Comments