temporal-cli: Fix Darwin builds with sandbox enabled

Unfortunately one of the issues is within a dependency, so have to do some awkward patching of the go-modules. This patch is pending merge to the upstream dep and will hopefully eventually trickle down. We do *not* optionally apply the patch for Darwin only because then we would have a different hash per system, which seems even more awkward.
2023-07-10 17:53:45 -04:00 · 2023-07-10 17:53:45 -04:00 · 77f010e75f
parent 27df9441f9
commit 77f010e75f
2 changed files with 37 additions and 2 deletions
--- a/pkgs/applications/networking/cluster/temporal-cli/darwin-sandbox-fix.patch
+++ b/pkgs/applications/networking/cluster/temporal-cli/darwin-sandbox-fix.patch
@ -0,0 +1,20 @@
+--- vendor/modernc.org/libc/honnef.co/go/netdb/netdb.go
+++ vendor/modernc.org/libc/honnef.co/go/netdb/netdb.go
+@@ -696,7 +696,7 @@ func init() {
+ 	// Load protocols
+ 	data, err := ioutil.ReadFile("/etc/protocols")
+ 	if err != nil {
+-		if !os.IsNotExist(err) {
+		if !os.IsNotExist(err) && !os.IsPermission(err) {
+ 			panic(err)
+ 		}
+ 
+@@ -732,7 +732,7 @@ func init() {
+ 	// Load services
+ 	data, err = ioutil.ReadFile("/etc/services")
+ 	if err != nil {
+-		if !os.IsNotExist(err) {
+		if !os.IsNotExist(err) && !os.IsPermission(err) {
+ 			panic(err)
+ 		}
+ 
--- a/pkgs/applications/networking/cluster/temporal-cli/default.nix
+++ b/pkgs/applications/networking/cluster/temporal-cli/default.nix
@ -1,6 +1,13 @@
 { lib, fetchFromGitHub, buildGoModule, installShellFiles, symlinkJoin }:

 let
+  overrideModAttrs = old: {
+    # https://gitlab.com/cznic/libc/-/merge_requests/10
+    postBuild = ''
+      patch -p0 < ${./darwin-sandbox-fix.patch}
+    '';
+  };
+
  tctl-next = buildGoModule rec {
    pname = "tctl-next";
    version = "0.9.0";
@ -12,7 +19,9 @@ let
      hash = "sha256-zgi1wNx7fWf/iFGKaVffcXnC90vUz+mBT6HhCGdXMa0=";
    };

-    vendorHash = "sha256-muTNwK2Sb2+0df/6DtAzT14gwyuqa13jkG6eQaqhSKg=";
+    vendorHash = "sha256-EX1T3AygarJn4Zae2I8CHQrZakmbNF1OwE4YZFF+nKc=";
+
+    inherit overrideModAttrs;

    nativeBuildInputs = [ installShellFiles ];

@ -33,6 +42,8 @@ let
        --bash <($out/bin/temporal completion bash) \
        --zsh <($out/bin/temporal completion zsh)
    '';
+
+    __darwinAllowLocalNetworking = true;
  };

  tctl = buildGoModule rec {
@ -46,7 +57,9 @@ let
      hash = "sha256-LcBKkx3mcDOrGT6yJx98CSgxbwskqGPWqOzHWOu6cig=";
    };

-    vendorHash = "sha256-BUYEeC5zli++OxVFgECJGqJkbDwglLppSxgo+4AqOb0=";
+    vendorHash = "sha256-5wCIY95mJ6+FCln4yBu+fM4ZcsxBGcXkCvxjGzt0+dM=";
+
+    inherit overrideModAttrs;

    nativeBuildInputs = [ installShellFiles ];

@ -63,6 +76,8 @@ let
        --bash <($out/bin/tctl completion bash) \
        --zsh <($out/bin/tctl completion zsh)
    '';
+
+    __darwinAllowLocalNetworking = true;
  };
 in
 symlinkJoin rec {