Commit Graph

50 Commits

Author SHA1 Message Date
Martin Weinelt
e3da5a807b Merge remote-tracking branch 'origin/staging-next' into staging 2022-12-03 01:28:01 +01:00
Theodore Ni
4fc97dce3c
python310Packages.cffi: patch closures to work on M1 machines
Trusts the libffi library inside of nixpkgs on Apple devices.

When Apple's fork of libffi is not detected, cffi assumes that libffi
uses a strategy for creating closures (i.e. callbacks) that is in
certain cases susceptible to a security exploit.

Based on some analysis I did:

  https://groups.google.com/g/python-cffi/c/xU0Usa8dvhk

I believe that libffi already contains the code from Apple's fork that
is deemed safe to trust in cffi.

It uses a more sophisticated strategy for creating trampolines to
support closures that works on Apple Silicon, while the simple approach
that cffi falls back on does not, so this patch enables code that uses
closures on M1 Macs again.

Notably, pyOpenSSL is impacted and will be fixed by this, reported in

  https://github.com/pyca/pyopenssl/issues/873

Note that libffi closures still will not work on signed apps without the
com.apple.security.cs.allow-unsigned-executable-memory entitlement while

  https://github.com/libffi/libffi/pull/621

is still open (which I haven't tested but is my best guess from reading).

I am hopeful that all of these changes will be upstreamed back into cffi
and libffi, and that this comment provides enough breadcrumbs for future
maintainers to track and clean this up.
2022-11-20 16:16:07 -08:00
Simon Kohlmeyer
8ff2a80445 python311Packages.cffi: patch failing test
This seems like an upstream issue with the final release of python3.11.
Sadly, their gitlab is down right now, but I will pass the patch
upstream as soon as I can.
2022-10-28 15:56:47 +02:00
Martin Weinelt
e1c292692f
python3Packages.cffi: drop empty dev output 2022-08-25 03:10:36 +02:00
Martin Weinelt
4fc678a149 python3Packages.cffi: 1.15.0 -> 1.15.1 2022-07-21 22:33:43 +02:00
Sandro Jäckel
f0719291bc python39Packages.cffi: move prePatch to postPatch to not break patches 2022-04-15 01:39:52 +02:00
Ivan Babrou
18fcfb980a cffi: disable tests on aarch64-darwin
The tests were disabled on Darwin prior to 54b5495e4e, which probably
fixed them for x86_64-darwin, but not for aarch64-darwin.
2021-12-25 17:21:56 -08:00
Jonathan Ringer
a0cf282a69
python3Packages.cffi: 1.14.6 -> 1.15.0 2021-11-30 18:48:38 -08:00
toonn
1be74eb17d cffi: Silence warning causing test failures 2021-11-24 15:17:13 -08:00
toonn
169c34a6a7 cffi: Include pkg-config
The build was falling back on impure paths because pkg-config was
missing. This caused a mismatch between headers picked up at
compile-time and run-time, specifically `ffi.h` from libffi and then one
in `/usr/include/ffi` on macOS.
2021-11-24 15:17:13 -08:00
toonn
54b5495e4e cffi: Reenable checks to reveal Darwin problem
This problem can now be considered investigated.
2021-11-24 15:17:13 -08:00
toonn
c14efb0586 cffi: Drop unnecessary libm substitutes 2021-11-24 15:17:13 -08:00
Martin Weinelt
0d19ece116 python3Packages.cffi: 1.14.5 -> 1.14.6 2021-09-01 21:23:06 +02:00
Robert Schütz
eeeee817ca pythonPackages.cffi: move libffi to buildInputs 2021-05-01 10:58:33 -07:00
Robert Schütz
506fa8baf0 pythonPackages.cffi: use pytestCheckHook 2021-05-01 10:58:33 -07:00
Frederik Rietdijk
f9b91965b4 python3Packages.cffi: 1.14.4 -> 1.14.5 2021-02-26 11:01:42 +01:00
Pavol Rusnak
a4bbfba80d
pkgs/development/python-modules: stdenv.lib -> lib 2021-01-24 01:29:22 +01:00
Profpatsch
4a7f99d55d treewide: with stdenv.lib; in meta -> with lib;
Part of: https://github.com/NixOS/nixpkgs/issues/108938

meta = with stdenv.lib;

is a widely used pattern. We want to slowly remove
the `stdenv.lib` indirection and encourage people
to use `lib` directly. Thus let’s start with the meta
field.

This used a rewriting script to mostly automatically
replace all occurances of this pattern, and add the
`lib` argument to the package header if it doesn’t
exist yet.

The script in its current form is available at
https://cs.tvl.fyi/depot@2f807d7f141068d2d60676a89213eaa5353ca6e0/-/blob/users/Profpatsch/nixpkgs-rewriter/default.nix
2021-01-11 10:38:22 +01:00
Frederik Rietdijk
29f9a10788 python3Packages.cffi: 1.14.3 -> 1.14.4 2020-12-01 14:44:09 +01:00
Frederik Rietdijk
9cac3582c0 python3Packages.cffi: 1.14.2 -> 1.14.3 2020-11-05 15:46:57 -08:00
Frederik Rietdijk
fcdd09359c python: cffi: 1.14.1 -> 1.14.2 2020-08-16 19:30:54 +02:00
Frederik Rietdijk
c5b27305a1 python: cffi: 1.14.0 -> 1.14.1 2020-08-04 21:54:42 +02:00
Michael Reilly
84cf00f980
treewide: Per RFC45, remove all unquoted URLs 2020-04-10 17:54:53 +01:00
Jonathan Ringer
19f7c641cc pythonPackages.cffi: 1.13.2 -> 1.14.0 2020-03-05 15:11:20 -08:00
Robin Gloster
981ae25113
treewide: NIX_*_COMPILE -> string 2019-12-31 00:07:21 +01:00
Frederik Rietdijk
c791dd055d python: cffi: 1.13.1 -> 1.13.2 2019-11-22 08:37:13 +01:00
Frederik Rietdijk
1f8b517d96 python: cffi: 1.12.3 -> 1.13.1 2019-10-27 16:09:08 +01:00
Matthew Bauer
87944c3125
Merge pull request #56744 from matthewbauer/macos-10-12
Update macOS to 10.12
2019-04-26 22:20:03 -04:00
Matthew Bauer
fffc777be4 cffi: don’t run tests on darwin
they fail with llvm 7 for some reason
2019-04-26 21:54:53 -04:00
Frederik Rietdijk
9f4e663fd1 python: cffi: 1.12.2 -> 1.12.3 2019-04-24 18:43:25 +02:00
Frederik Rietdijk
d92ca7a7a0 python: cffi: 1.12.1 -> 1.12.2 2019-04-18 12:42:39 +02:00
Frederik Rietdijk
f6b3fd3b29 python: cffi: 1.12.0 -> 1.12.1 2019-02-23 20:05:18 +01:00
Frederik Rietdijk
fbdbc5f894 python: cffi: 1.11.5 -> 1.12.0 2019-02-17 14:40:16 +01:00
Frederik Rietdijk
5a3670b83c pythonPackages: fix native / check inputs 2019-01-15 10:16:12 +01:00
Frederik Rietdijk
5b744f4cd9 python.pkgs.cffi: disable a test 2018-11-04 10:20:06 +01:00
volth
52f53c69ce pkgs/*: remove unreferenced function arguments 2018-07-21 02:48:04 +00:00
Frederik Rietdijk
ced21f5e1a pythonPackages: remove name attribute`
The `buildPython*` function computes name from `pname` and `version`.
This change removes `name` attribute from all expressions in
`pkgs/development/python-modules`.

While at it, some other minor changes were made as well, such as
replacing `fetchurl` calls with `fetchPypi`.
2018-06-23 18:14:26 +02:00
Frederik Rietdijk
0e5e184836 python: cffi: 1.11.4 -> 1.11.5 2018-03-03 11:58:26 +01:00
Will Dietz
ab92d028f6 python-cffi: disable tests on musl :3 2018-02-13 09:44:52 -06:00
Daiderd Jordan
505c82efe4
python-cffi: add lnl7 to maintainers 2018-01-22 19:58:15 +01:00
Daiderd Jordan
0c27903ac0
python-cffi: remove patch for clang
Builds fine without it now.
2018-01-22 19:45:40 +01:00
Frederik Rietdijk
007cd5262f python: cffi: 1.11.2 -> 1.11.4 2018-01-20 12:05:24 +01:00
Dan Peebles
10220de35e Fix a couple of python modules to work in sandbox 2017-11-14 21:51:40 -05:00
Daiderd Jordan
3f3eb6ca64
python-cffi: fix clang build 2017-10-29 10:51:19 +01:00
Frederik Rietdijk
94c4a6c0b1 Revert "Merge pull request #30913 from LnL7/darwin-cffi"
This reverts commit f20a36fcd8, reversing
changes made to 15350df8d9.

I accidentally pressed the Merge button.
2017-10-29 10:12:24 +01:00
Daiderd Jordan
7efd5abe48
python-cffi: fix clang build 2017-10-29 01:47:46 +02:00
Frederik Rietdijk
7ce848309e python.pkgs: updates 2017-10-27 21:34:42 +02:00
Eelco Dolstra
28299f669a Add even more dev outputs 2017-09-27 12:08:48 +02:00
Daiderd Jordan
35649750c3
python-cffi: fix test failures when using clang 2017-09-16 16:32:40 +02:00
Jörg Thalheim
d08c717eff pythonPackages.cffi: 1.9.1 -> 1.10.0 2017-05-02 07:32:16 +02:00