[Nix-dev] Feature request: replace the Darwin stdenv with the pure Darwin stdenv

Jude me at jude.bio
Wed Sep 30 21:48:11 CEST 2015 

Hi all, pikajude here, maintainer of the pure-darwin stdenv in nixpkgs.

Over the past few days in ##nix-darwin, I've discovered that the impure Darwin stdenv on master is broken for nearly everyone due to Xcode 7's introduction of `.tbd` files for library stubs; see https://forums.developer.apple.com/thread/4572 <https://forums.developer.apple.com/thread/4572>.

As far as I have been able to investigate, .tbd compatibility is an Xcode 7-exclusive feature, and I'm not sure whether the changes required to use them are open-source yet. There is a temporary fix to downgrade to Xcode 6.4, but that will obviously only work for a limited time. For people who do use Xcode, I don’t want to restrict them to an older version because our nixpkgs stdenv completely fails at what it is intended to do.

This continues the precedent of OSX updates breaking parts of nixpkgs without warning.

pure-darwin mitigates this problem because the entire compiler toolchain and environment (save a symlink to libSystem, which won't be changing anytime soon) is in the Nix store. If I can get approval, I would love to replace the current Darwin stdenv with the pure one, because it would allow us to upgrade our toolchain on our own terms, as well as work nicely alongside any Xcode version a user would care to install.

I would also like to merge the pure stdenv because it will result in us getting Hydra builds for it, which is the main roadblock that turns people off of using pure-darwin. Having Hydra build the pure stdenv also gives us an easy way to see which packages are broken on pure-darwin.

Answers to some common questions:

Q: Does pure-darwin fix the missing -lgcc_s.10.5 problem?
A: Yes. In the Xcode update, libgcc_s.10.5.dylib was changed from a symlink to /usr/lib/libSystem.dylib to a text-based library stub that (AFAIK) only Xcode 7 can currently use. In pure-darwin, libgcc_s is still a symlink, so ld will understand it just fine.

Q: Will pure-darwin break anything for me?
A: Right now, probably. I’ve been largely the only pure-darwin maintainer for a few months, and my time and ability to fix packages are limited. I welcome you to try the pure-darwin stdenv to see if there are any broken packages. Over the next few days I will be working on building every package that claims to be Darwin-compatible, in order to weed out the remaining errors. Most fixes are trivial. About half of the broken packages I encounter just need to have libiconv added as a build input.

If breakages concern you, you can use the “replaceStdenv” feature of your nixpkgs config to revert to the old stdenv for as long as necessary. Packages built with either stdenv will coexist peacefully.

Q: Do I have to turn on the build sandbox to use pure-darwin?
A: Not if you don’t want to. The sandbox is just an extra layer of security to make sure that the outside world isn’t polluting our builds, but it certainly isn’t mandatory. Even without the sandbox, your compiler will still be using its own toolchain, which means that Xcode updates will not break it.

Q: How do I turn on the build sandbox?
A: Add "build-use-chroot = true” to your /etc/nix/nix.conf. The sandbox is not enabled by default.

Q: Anything else I need to know?
A: In nix-1.10, the sandbox is very imperfect and will cause a lot of false negatives. This causes building polyml and Haskell packages to fail, among a few other things.

Nix pull request #562 (https://github.com/NixOS/nix/pull/562 <https://github.com/NixOS/nix/pull/562>) addresses these problems. If you intend to make heavy usage of the sandbox feature, you should definitely use the checkout of nix in that pull request until it gets merged into master.

Again, if you’re worried about the sandbox breaking builds, feel free to disable it.

Please let me know if you have other questions.

Jude

PS: Sorry for double-post! I sent an email from my old address, which is now stuck in the moderation queue.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.science.uu.nl/pipermail/nix-dev/attachments/20150930/b16e7975/attachment.html

More information about the nix-dev mailing list