Skip to content

python3Packages.tpm2-pytss: fixup build#245139

Merged
peterhoeg merged 1 commit intoNixOS:masterfrom
baloo:baloo/tpm2-pytss/fixup-build
Jul 27, 2023
Merged

python3Packages.tpm2-pytss: fixup build#245139
peterhoeg merged 1 commit intoNixOS:masterfrom
baloo:baloo/tpm2-pytss/fixup-build

Conversation

@baloo
Copy link
Member

@baloo baloo commented Jul 24, 2023

Description of changes

This fixes the build that broke after the upgrade of tpm2-tss to 4.0.1

Fixes #244107

Things done
  • Built on platform(s)
    • x86_64-linux
    • aarch64-linux
    • x86_64-darwin
    • aarch64-darwin
  • For non-Linux: Is sandbox = true set in nix.conf? (See Nix manual)
  • Tested, as applicable:
  • Tested compilation of all packages that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage
  • Tested basic functionality of all binary files (usually in ./result/bin/)
  • 23.11 Release Notes (or backporting 23.05 Release notes)
    • (Package updates) Added a release notes entry if the change is major or breaking
    • (Module updates) Added a release notes entry if the change is significant
    • (Module addition) Added a release notes entry if adding a new NixOS module
  • Fits CONTRIBUTING.md.

@github-actions github-actions bot added the 6.topic: python Python is a high-level, general-purpose programming language. label Jul 24, 2023
@baloo baloo mentioned this pull request Jul 24, 2023
Closed
@ofborg ofborg bot added 11.by: package-maintainer This PR was created by a maintainer of all the package it changes. 10.rebuild-darwin: 1-10 This PR causes between 1 and 10 packages to rebuild on Darwin. 10.rebuild-linux: 1-10 This PR causes between 1 and 10 packages to rebuild on Linux. labels Jul 24, 2023
@peterhoeg
Copy link
Member

peterhoeg commented Jul 24, 2023

How about using hardeningDisable = [ "fortify" ]; instead of patching? Will that work?

@baloo
Copy link
Member Author

baloo commented Jul 24, 2023

That also works, but I don't know if that's worth it.
This only patches the preprocessor call used to "auto detect" the types pytss wants to bind to. I'm afraid that hardeningDisable will also disable fortify of the newly built objects (there is an _libtpm2_pytss.abi3.so used for ffi).

@peterhoeg
Copy link
Member

peterhoeg commented Jul 24, 2023

That makes perfect sense. I suggest adding that in as a comment above the patch entry to make it clear for anyone looking at this in the future.

@baloo baloo force-pushed the baloo/tpm2-pytss/fixup-build branch from 3575d76 to b0bf69d Compare July 24, 2023 05:50
@baloo baloo marked this pull request as draft July 24, 2023 06:07
@baloo
python3Packages.tpm2-pytss: fixup build
9af0813 
This fixes the build that broke after the upgrade of tpm2-tss to 4.0.1

Signed-off-by: Arthur Gautier <baloo@superbaloo.net>
@baloo baloo force-pushed the baloo/tpm2-pytss/fixup-build branch from b0bf69d to 9af0813 Compare July 24, 2023 06:13
@baloo baloo marked this pull request as ready for review July 24, 2023 06:13
@peterhoeg
Copy link
Member

peterhoeg commented Jul 24, 2023

@GrahamcOfBorg build python3Packages.tpm2-pytss

@rhysmdnz
Copy link
Contributor

rhysmdnz commented Jul 27, 2023

Result of nixpkgs-review pr 245139 run on x86_64-linux 1

7 packages built:
  • python310Packages.tpm2-pytss
  • python310Packages.tpm2-pytss.dist
  • python311Packages.tpm2-pytss
  • python311Packages.tpm2-pytss.dist
  • tpm2-pkcs11
  • tpm2-pkcs11.bin
  • tpm2-pkcs11.dev

@peterhoeg
Copy link
Member

peterhoeg commented Jul 27, 2023

I've been running with this for a few days and it works great.

@peterhoeg peterhoeg merged commit 82a3131 into NixOS:master Jul 27, 2023
@baloo baloo deleted the baloo/tpm2-pytss/fixup-build branch July 27, 2023 02:22
@ezracelli ezracelli mentioned this pull request Aug 28, 2023
Closed
@baloo baloo mentioned this pull request Aug 31, 2023
Merged
12 tasks
RaitoBezarius pushed a commit to baloo/nixpkgs that referenced this pull request Sep 1, 2023
@baloo @RaitoBezarius
python3Packages.tpm2-pytss: disable hardening
29afe51 
Hardening got enabled in NixOS#246244 in a way that makes it difficult to disable for
projects to disable selectively. The fix used in NixOS#245139 (and provided upstream)
no longer works, and we need to disable hardening entirely to make `pycparser`
which is unable to handle fortify bits.

Fixes NixOS#252023.

Signed-off-by: Arthur Gautier <baloo@superbaloo.net>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@rhysmdnz rhysmdnz rhysmdnz approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

6.topic: python Python is a high-level, general-purpose programming language. 10.rebuild-darwin: 1-10 This PR causes between 1 and 10 packages to rebuild on Darwin. 10.rebuild-linux: 1-10 This PR causes between 1 and 10 packages to rebuild on Linux. 11.by: package-maintainer This PR was created by a maintainer of all the package it changes.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Build failure: python3Packages.tpm2-pytss

3 participants

@baloo @peterhoeg @rhysmdnz