From 77f010e75f18b77855cd6f802332485507b24cf8 Mon Sep 17 00:00:00 2001 From: Andrew Marshall Date: Mon, 10 Jul 2023 17:53:45 -0400 Subject: [PATCH] temporal-cli: Fix Darwin builds with sandbox enabled Unfortunately one of the issues is within a dependency, so have to do some awkward patching of the go-modules. This patch is pending merge to the upstream dep and will hopefully eventually trickle down. We do *not* optionally apply the patch for Darwin only because then we would have a different hash per system, which seems even more awkward. --- .../temporal-cli/darwin-sandbox-fix.patch | 20 +++++++++++++++++++ .../cluster/temporal-cli/default.nix | 19 ++++++++++++++++-- 2 files changed, 37 insertions(+), 2 deletions(-) create mode 100644 pkgs/applications/networking/cluster/temporal-cli/darwin-sandbox-fix.patch diff --git a/pkgs/applications/networking/cluster/temporal-cli/darwin-sandbox-fix.patch b/pkgs/applications/networking/cluster/temporal-cli/darwin-sandbox-fix.patch new file mode 100644 index 000000000000..b390d492467c --- /dev/null +++ b/pkgs/applications/networking/cluster/temporal-cli/darwin-sandbox-fix.patch @@ -0,0 +1,20 @@ +--- vendor/modernc.org/libc/honnef.co/go/netdb/netdb.go ++++ vendor/modernc.org/libc/honnef.co/go/netdb/netdb.go +@@ -696,7 +696,7 @@ func init() { + // Load protocols + data, err := ioutil.ReadFile("/etc/protocols") + if err != nil { +- if !os.IsNotExist(err) { ++ if !os.IsNotExist(err) && !os.IsPermission(err) { + panic(err) + } + +@@ -732,7 +732,7 @@ func init() { + // Load services + data, err = ioutil.ReadFile("/etc/services") + if err != nil { +- if !os.IsNotExist(err) { ++ if !os.IsNotExist(err) && !os.IsPermission(err) { + panic(err) + } + diff --git a/pkgs/applications/networking/cluster/temporal-cli/default.nix b/pkgs/applications/networking/cluster/temporal-cli/default.nix index 9671b4b304e9..6d30171e1e08 100644 --- a/pkgs/applications/networking/cluster/temporal-cli/default.nix +++ b/pkgs/applications/networking/cluster/temporal-cli/default.nix @@ -1,6 +1,13 @@ { lib, fetchFromGitHub, buildGoModule, installShellFiles, symlinkJoin }: let + overrideModAttrs = old: { + # https://gitlab.com/cznic/libc/-/merge_requests/10 + postBuild = '' + patch -p0 < ${./darwin-sandbox-fix.patch} + ''; + }; + tctl-next = buildGoModule rec { pname = "tctl-next"; version = "0.9.0"; @@ -12,7 +19,9 @@ let hash = "sha256-zgi1wNx7fWf/iFGKaVffcXnC90vUz+mBT6HhCGdXMa0="; }; - vendorHash = "sha256-muTNwK2Sb2+0df/6DtAzT14gwyuqa13jkG6eQaqhSKg="; + vendorHash = "sha256-EX1T3AygarJn4Zae2I8CHQrZakmbNF1OwE4YZFF+nKc="; + + inherit overrideModAttrs; nativeBuildInputs = [ installShellFiles ]; @@ -33,6 +42,8 @@ let --bash <($out/bin/temporal completion bash) \ --zsh <($out/bin/temporal completion zsh) ''; + + __darwinAllowLocalNetworking = true; }; tctl = buildGoModule rec { @@ -46,7 +57,9 @@ let hash = "sha256-LcBKkx3mcDOrGT6yJx98CSgxbwskqGPWqOzHWOu6cig="; }; - vendorHash = "sha256-BUYEeC5zli++OxVFgECJGqJkbDwglLppSxgo+4AqOb0="; + vendorHash = "sha256-5wCIY95mJ6+FCln4yBu+fM4ZcsxBGcXkCvxjGzt0+dM="; + + inherit overrideModAttrs; nativeBuildInputs = [ installShellFiles ]; @@ -63,6 +76,8 @@ let --bash <($out/bin/tctl completion bash) \ --zsh <($out/bin/tctl completion zsh) ''; + + __darwinAllowLocalNetworking = true; }; in symlinkJoin rec {