From f8ee061247b365a98322c102c5bfd900395a826c Mon Sep 17 00:00:00 2001
From: Uri Baghin <uri@canva.com>
Date: Thu, 6 Apr 2023 10:23:32 +1000
Subject: [PATCH] buildBazelPackage: fix difference between linux and darwin
 deps

---
 .../build-bazel-package/default.nix           | 27 +++++++++++++++++++
 .../python-modules/jaxlib/default.nix         |  2 +-
 .../python-modules/tensorflow/default.nix     |  2 +-
 pkgs/servers/http/envoy/default.nix           |  2 +-
 4 files changed, 30 insertions(+), 3 deletions(-)

diff --git a/pkgs/build-support/build-bazel-package/default.nix b/pkgs/build-support/build-bazel-package/default.nix
index 1901aa2235e7..a49d3c781ed8 100644
--- a/pkgs/build-support/build-bazel-package/default.nix
+++ b/pkgs/build-support/build-bazel-package/default.nix
@@ -1,6 +1,7 @@
 { stdenv
 , cacert
 , lib
+, writeCBin
 }:
 
 args@{
@@ -75,6 +76,28 @@ let
         ${lib.strings.concatStringsSep " " additionalFlags} \
         ${lib.strings.concatStringsSep " " targets}
     '';
+  # we need this to chmod dangling symlinks on darwin, gnu coreutils refuses to do so:
+  # chmod: cannot operate on dangling symlink '$symlink'
+  chmodder = writeCBin "chmodder" ''
+    #include <stdio.h>
+    #include <stdlib.h>
+    #include <sys/types.h>
+    #include <sys/stat.h>
+    #include <errno.h>
+    #include <string.h>
+
+    int main(int argc, char** argv) {
+      mode_t mode = S_IRWXU | S_IRWXG | S_IRWXO;
+      if (argc != 2) {
+        fprintf(stderr, "usage: chmodder file");
+        exit(EXIT_FAILURE);
+      }
+      if (lchmod(argv[1], mode) != 0) {
+        fprintf(stderr, "failed to lchmod '%s': %s", argv[0], strerror(errno));
+        exit(EXIT_FAILURE);
+      }
+    }
+  '';
 in
 stdenv.mkDerivation (fBuildAttrs // {
 
@@ -149,6 +172,10 @@ stdenv.mkDerivation (fBuildAttrs // {
         new_target="$(readlink "$symlink" | sed "s,$NIX_BUILD_TOP,NIX_BUILD_TOP,")"
         rm "$symlink"
         ln -sf "$new_target" "$symlink"
+    '' + lib.optionalString stdenv.isDarwin ''
+        # on linux symlink permissions cannot be modified, so we modify those on darwin to match the linux ones
+        ${chmodder}/bin/chmodder "$symlink"
+    '' + ''
       done
 
       echo '${bazel.name}' > $bazelOut/external/.nix-bazel-version
diff --git a/pkgs/development/python-modules/jaxlib/default.nix b/pkgs/development/python-modules/jaxlib/default.nix
index ad0130d6462f..95f276ec2451 100644
--- a/pkgs/development/python-modules/jaxlib/default.nix
+++ b/pkgs/development/python-modules/jaxlib/default.nix
@@ -239,7 +239,7 @@ let
           x86_64-linux = "sha256-A0A18kxgGNGHNQ67ZPUzh3Yq2LEcRV7CqR9EfP80NQk=";
           aarch64-linux = "sha256-mU2jzuDu89jVmaG/M5bA3jSd7n7lDi+h8sdhs1z8p1A=";
           x86_64-darwin = "sha256-9nNTpetvjyipD/l8vKlregl1j/OnZKAcOCoZQeRBvts=";
-          aarch64-darwin = "sha256-dOGUsdFImeOLcZ3VtgrNnd8A/HgIs/LYuH9GQV7A+78=";
+          aarch64-darwin = "sha256-FqYwI1YC5eqSv+DYj09DC5IaBfFDUCO97y+TFhGiWAA=";
         }.${stdenv.system} or (throw "unsupported system ${stdenv.system}");
     };
 
diff --git a/pkgs/development/python-modules/tensorflow/default.nix b/pkgs/development/python-modules/tensorflow/default.nix
index b8306dff724c..f479bc18d2e4 100644
--- a/pkgs/development/python-modules/tensorflow/default.nix
+++ b/pkgs/development/python-modules/tensorflow/default.nix
@@ -398,7 +398,7 @@ let
         else "sha256-QgOaUaq0V5HG9BOv9nEw8OTSlzINNFvbnyP8Vx+r9Xw=";
       aarch64-linux = "sha256-zjnRtTG1j9cZTbP0Xnk2o/zWTNsP8T0n4Ai8IiAT3PE=";
       x86_64-darwin = "sha256-RBLox9rzBKcZMm4NwnT7vQ/EjapWQJkqxuQ0LIdaM1E=";
-      aarch64-darwin = "sha256-BRzh79lYvMHsUMk8BEYDLHTpnmeZ9+0lrDtj4XI1YY4=";
+      aarch64-darwin = "sha256-tTk2KPFK4+0wA22xzb2C6qODgAbSxVbue0xk9JOjU04=";
       }.${stdenv.hostPlatform.system} or (throw "unsupported system ${stdenv.hostPlatform.system}");
     };
 
diff --git a/pkgs/servers/http/envoy/default.nix b/pkgs/servers/http/envoy/default.nix
index 1d2c43467f86..ad518e43aa87 100644
--- a/pkgs/servers/http/envoy/default.nix
+++ b/pkgs/servers/http/envoy/default.nix
@@ -81,7 +81,7 @@ buildBazelPackage rec {
   fetchAttrs = {
     sha256 = {
       x86_64-linux = "sha256-H2s8sTbmKF+yRfSzLsZAT2ckFuunFwh/FMSKj+GYyPM=";
-      aarch64-linux = "sha256-R9jzy/dpdCcGgT9yq59Wo/IN/bVo6fxnVPGhLMZ9fbM=";
+      aarch64-linux = "sha256-1/z7sZYMiuB4Re2itDZydsFVEel2NOYmi6vRmBGVO/4=";
     }.${stdenv.system} or (throw "unsupported system ${stdenv.system}");
     dontUseCmakeConfigure = true;
     dontUseGnConfigure = true;