From 9a1264cab0c050355dbf787bd595ee37188d1b33 Mon Sep 17 00:00:00 2001 From: schnusch Date: Sat, 23 Apr 2022 12:55:57 +0200 Subject: [PATCH] invidious.lsquic.boringssl: fix gcc11 build --- pkgs/servers/invidious/lsquic.nix | 53 +++++++++++++++++++++++++++---- 1 file changed, 47 insertions(+), 6 deletions(-) diff --git a/pkgs/servers/invidious/lsquic.nix b/pkgs/servers/invidious/lsquic.nix index 9c3bc68615ca..ca04c97c1280 100644 --- a/pkgs/servers/invidious/lsquic.nix +++ b/pkgs/servers/invidious/lsquic.nix @@ -1,11 +1,19 @@ -{ lib, boringssl, stdenv, fetchgit, fetchFromGitHub, cmake, zlib, perl, libevent, gcc10Stdenv, buildGoModule }: +{ lib, boringssl, stdenv, fetchgit, fetchFromGitHub, fetchurl, cmake, zlib, perl, libevent }: let versions = builtins.fromJSON (builtins.readFile ./versions.json); - buildGoModuleGcc10 = buildGoModule.override { stdenv = gcc10Stdenv; }; + fetchGitilesPatch = { name, url, sha256 }: + fetchurl { + url = "${url}%5E%21?format=TEXT"; + inherit name sha256; + downloadToTemp = true; + postFetch = '' + base64 -d < $downloadedFile > $out + ''; + }; # lsquic requires a specific boringssl version (noted in its README) - boringssl' = (boringssl.overrideAttrs (old: { + boringssl' = boringssl.overrideAttrs ({ preBuild, ... }: { version = versions.boringssl.rev; src = fetchgit { url = "https://boringssl.googlesource.com/boringssl"; @@ -15,10 +23,43 @@ let patches = [ # Use /etc/ssl/certs/ca-certificates.crt instead of /etc/ssl/cert.pem ./use-etc-ssl-certs.patch + + # because lsquic requires that specific boringssl version and that + # version does not yet include fixes for gcc11 build errors, they + # must be backported + (fetchGitilesPatch { + name = "fix-mismatch-between-header-and-implementation-of-bn_sqr_comba8.patch"; + url = "https://boringssl.googlesource.com/boringssl/+/139adff9b27eaf0bdaac664ec4c9a7db2fe3f920"; + sha256 = "05sp602dvh50v46jkzmh4sf4wqnq5bwy553596g2rhxg75bailjj"; + }) + (fetchGitilesPatch { + name = "use-an-unsized-helper-for-truncated-SHA-512-variants.patch"; + url = "https://boringssl.googlesource.com/boringssl/+/a24ab549e6ae246b391155d7bed3790ac0e07de2"; + sha256 = "0483jkpg4g64v23ln2blb74xnmzdjcn3r7w4zk7nfg8j3q5f9lxm"; + }) +/* + # the following patch is too complex, so we will modify the build flags + # of crypto/fipsmodule/CMakeFiles/fipsmodule.dir/bcm.c.o in preBuild + # and turn off -Werror=stringop-overflow + (fetchGitilesPatch { + name = "make-md32_common.h-single-included-and-use-an-unsized-helper-for-SHA-256.patch"; + url = "https://boringssl.googlesource.com/boringssl/+/597ffef971dd980b7de5e97a0c9b7ca26eec94bc"; + sha256 = "1y0bkkdf1ccd6crx326agp01q22clm4ai4p982y7r6dkmxmh52qr"; + }) +*/ + (fetchGitilesPatch { + name = "fix-array-parameter-warnings.patch"; + url = "https://boringssl.googlesource.com/boringssl/+/92c6fbfc4c44dc8462d260d836020d2b793e7804"; + sha256 = "0h4sl95i8b0dj0na4ngf50wg54raxyjxl1zzwdc810abglp10vnv"; + }) ]; - })).override { - buildGoModule = buildGoModuleGcc10; - }; + + preBuild = '' + ${preBuild} + sed -e '/^build crypto\/fipsmodule\/CMakeFiles\/fipsmodule\.dir\/bcm\.c\.o:/,/^ *FLAGS =/ s/^ *FLAGS = -Werror/& -Wno-error=stringop-overflow/' \ + -i build.ninja + ''; + }); in stdenv.mkDerivation rec { pname = "lsquic";