From 8fb70dee32dc0cf86d04b1ae477c0a4ba9a27652 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Vladim=C3=ADr=20=C4=8Cun=C3=A1t?= Date: Mon, 27 Jun 2022 09:51:49 +0200 Subject: [PATCH] gnutls: [darwin] propagate the security framework (#179298) https://hydra.nixos.org/build/181628152 https://hydra.nixos.org/build/181629306 --- pkgs/development/libraries/gnutls/default.nix | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/pkgs/development/libraries/gnutls/default.nix b/pkgs/development/libraries/gnutls/default.nix index e45fa022b7d..f6c6aca19a2 100644 --- a/pkgs/development/libraries/gnutls/default.nix +++ b/pkgs/development/libraries/gnutls/default.nix @@ -36,6 +36,8 @@ stdenv.mkDerivation rec { patches = [ ./nix-ssl-cert-file.patch ] # Disable native add_system_trust. + # FIXME: apparently it's not enough to drop the framework anymore; maybe related to + # https://gitlab.com/gnutls/gnutls/-/commit/c19cb93d492e45141bfef9b926dfeba36003261c ++ lib.optional (isDarwin && !withSecurity) ./no-security-framework.patch; # Skip some tests: @@ -74,7 +76,6 @@ stdenv.mkDerivation rec { buildInputs = [ lzo lzip libtasn1 libidn2 zlib gmp libunistring unbound gettext libiconv ] ++ lib.optional (withP11-kit) p11-kit - ++ lib.optional (isDarwin && withSecurity) Security ++ lib.optional (tpmSupport && stdenv.isLinux) trousers ++ lib.optional guileBindings guile; @@ -82,7 +83,9 @@ stdenv.mkDerivation rec { ++ lib.optionals (isDarwin && !withSecurity) [ autoconf automake ] ++ lib.optionals doCheck [ which nettools util-linux ]; - propagatedBuildInputs = [ nettle ]; + propagatedBuildInputs = [ nettle ] + # Builds dynamically linking against gnutls seem to need the framework now. + ++ lib.optional (isDarwin && withSecurity) Security; inherit doCheck; # stdenv's `NIX_SSL_CERT_FILE=/no-cert-file.crt` breaks tests.