Skip to content

python3Packages.tpm2-pytss: disable hardening#252525

Merged
RaitoBezarius merged 1 commit intoNixOS:masterfrom
baloo:baloo/tpm2-pytss/hardening
Sep 1, 2023
Merged

python3Packages.tpm2-pytss: disable hardening#252525
RaitoBezarius merged 1 commit intoNixOS:masterfrom
baloo:baloo/tpm2-pytss/hardening

Conversation

@baloo
Copy link
Copy Markdown
Member

@baloo baloo commented Aug 31, 2023
edited
Loading

Description of changes

Hardening got enabled in #246244 in a way that makes it difficult to disable selectively for project. The fix used in #245139 (and provided upstream) no longer works, and we need to disable hardening entirely to make pycparser work (it's unable to handle fortify bits of glibc headers).

Fixes #252023.

Things done

  • Built on platform(s)
    • x86_64-linux
    • aarch64-linux
    • x86_64-darwin
    • aarch64-darwin
  • For non-Linux: Is sandbox = true set in nix.conf? (See Nix manual)
  • Tested, as applicable:
  • Tested compilation of all packages that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage
  • Tested basic functionality of all binary files (usually in ./result/bin/)
  • 23.11 Release Notes (or backporting 23.05 Release notes)
    • (Package updates) Added a release notes entry if the change is major or breaking
    • (Module updates) Added a release notes entry if the change is significant
    • (Module addition) Added a release notes entry if adding a new NixOS module
  • Fits CONTRIBUTING.md.

@github-actions github-actions bot added the 6.topic: python Python is a high-level, general-purpose programming language. label Aug 31, 2023
@baloo baloo mentioned this pull request Aug 31, 2023
Closed
@ofborg ofborg bot added 11.by: package-maintainer This PR was created by a maintainer of all the package it changes. 10.rebuild-darwin: 1-10 This PR causes between 1 and 10 packages to rebuild on Darwin. 10.rebuild-linux: 1-10 This PR causes between 1 and 10 packages to rebuild on Linux. labels Aug 31, 2023
@Cryolitia
Copy link
Copy Markdown
Member

Cryolitia commented Aug 31, 2023

Result of nixpkgs-review pr 252525 run on x86_64-linux 1

7 packages built:
  • python310Packages.tpm2-pytss
  • python310Packages.tpm2-pytss.dist
  • python311Packages.tpm2-pytss
  • python311Packages.tpm2-pytss.dist
  • tpm2-pkcs11
  • tpm2-pkcs11.bin
  • tpm2-pkcs11.dev

@nixos-discourse
Copy link
Copy Markdown

nixos-discourse commented Sep 1, 2023

This pull request has been mentioned on NixOS Discourse. There might be relevant details there:

https://discourse.nixos.org/t/prs-ready-for-review/3032/2617

@baloo @RaitoBezarius
python3Packages.tpm2-pytss: disable hardening
29afe51 
Hardening got enabled in NixOS#246244 in a way that makes it difficult to disable for
projects to disable selectively. The fix used in NixOS#245139 (and provided upstream)
no longer works, and we need to disable hardening entirely to make `pycparser`
which is unable to handle fortify bits.

Fixes NixOS#252023.

Signed-off-by: Arthur Gautier <baloo@superbaloo.net>
@RaitoBezarius RaitoBezarius force-pushed the baloo/tpm2-pytss/hardening branch from cf5b2db to 29afe51 Compare September 1, 2023 21:09
RaitoBezarius
RaitoBezarius approved these changes Sep 1, 2023
View reviewed changes
Copy link
Copy Markdown
Member

@RaitoBezarius RaitoBezarius left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I modified the commit myself to expedite it as I know you are probably not available to do the changes, LGTM for me otherwise.

@RaitoBezarius RaitoBezarius merged commit 1e2f7a7 into NixOS:master Sep 1, 2023
@baloo baloo deleted the baloo/tpm2-pytss/hardening branch September 7, 2023 21:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@RaitoBezarius RaitoBezarius RaitoBezarius approved these changes

Assignees

No one assigned

Labels

6.topic: python Python is a high-level, general-purpose programming language. 10.rebuild-darwin: 1-10 This PR causes between 1 and 10 packages to rebuild on Darwin. 10.rebuild-linux: 1-10 This PR causes between 1 and 10 packages to rebuild on Linux. 11.by: package-maintainer This PR was created by a maintainer of all the package it changes.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Build failure: python3Packages.tpm2-pytss

4 participants

@baloo @Cryolitia @nixos-discourse @RaitoBezarius