Hi all, pikajude here, maintainer of the pure-darwin stdenv in nixpkgs.
Over the past few days in ##nix-darwin, I've discovered that the impure Darwin
stdenv on master is broken for nearly everyone due to Xcode 7's introduction of
`.tbd` files for library stubs; see
https://forums.developer.apple.com/thread/4572
<https://forums.developer.apple.com/thread/4572>.
As far as I have been able to investigate, .tbd compatibility is an Xcode
7-exclusive feature, and I'm not sure whether the changes required to use them
are open-source yet. There is a temporary fix to downgrade to Xcode 6.4, but
that will obviously only work for a limited time. For people who do use Xcode,
I don’t want to restrict them to an older version because our nixpkgs stdenv
completely fails at what it is intended to do.
This continues the precedent of OSX updates breaking parts of nixpkgs without
warning.
pure-darwin mitigates this problem because the entire compiler toolchain and
environment (save a symlink to libSystem, which won't be changing anytime soon)
is in the Nix store. If I can get approval, I would love to replace the current
Darwin stdenv with the pure one, because it would allow us to upgrade our
toolchain on our own terms, as well as work nicely alongside any Xcode version
a user would care to install.
I would also like to merge the pure stdenv because it will result in us getting
Hydra builds for it, which is the main roadblock that turns people off of using
pure-darwin. Having Hydra build the pure stdenv also gives us an easy way to
see which packages are broken on pure-darwin.
Answers to some common questions:
Q: Does pure-darwin fix the missing -lgcc_s.10.5 problem?
A: Yes. In the Xcode update, libgcc_s.10.5.dylib was changed from a symlink to
/usr/lib/libSystem.dylib to a text-based library stub that (AFAIK) only Xcode 7
can currently use. In pure-darwin, libgcc_s is still a symlink, so ld will
understand it just fine.
Q: Will pure-darwin break anything for me?
A: Right now, probably. I’ve been largely the only pure-darwin maintainer for a
few months, and my time and ability to fix packages are limited. I welcome you
to try the pure-darwin stdenv to see if there are any broken packages. Over the
next few days I will be working on building every package that claims to be
Darwin-compatible, in order to weed out the remaining errors. Most fixes are
trivial. About half of the broken packages I encounter just need to have
libiconv added as a build input.
If breakages concern you, you can use the “replaceStdenv” feature of your
nixpkgs config to revert to the old stdenv for as long as necessary. Packages
built with either stdenv will coexist peacefully.
Q: Do I have to turn on the build sandbox to use pure-darwin?
A: Not if you don’t want to. The sandbox is just an extra layer of security to
make sure that the outside world isn’t polluting our builds, but it certainly
isn’t mandatory. Even without the sandbox, your compiler will still be using
its own toolchain, which means that Xcode updates will not break it.
Q: How do I turn on the build sandbox?
A: Add "build-use-chroot = true” to your /etc/nix/nix.conf. The sandbox is not
enabled by default.
Q: Anything else I need to know?
A: In nix-1.10, the sandbox is very imperfect and will cause a lot of false
negatives. This causes building polyml and Haskell packages to fail, among a
few other things.
Nix pull request #562 (https://github.com/NixOS/nix/pull/562
<https://github.com/NixOS/nix/pull/562>) addresses these problems. If you
intend to make heavy usage of the sandbox feature, you should definitely use
the checkout of nix in that pull request until it gets merged into master.
Again, if you’re worried about the sandbox breaking builds, feel free to
disable it.
Please let me know if you have other questions.
Jude
PS: Sorry for double-post! I sent an email from my old address, which is now
stuck in the moderation queue.
_______________________________________________
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev
