Commit 26c3d687 authored by David McFarland's avatar David McFarland
Browse files

dotnet: fix dotnet executables in darwin sandbox 

This fixes:

    Could not load ICU data. UErrorCode: 2

We're using a hook instead of a wrapper because various things like to
reference the unwrapped dotnet executable.
parent dd1e778b

pkgs/build-support/dotnet/build-dotnet-module/default.nix

+5 −5
Original line number Diff line number Diff line
@@ -185,6 +185,10 @@ stdenvNoCC.mkDerivation (args // { 


  inherit selfContainedBuild useAppHost useDotnetFromEnv;



  # propagate the runtime sandbox profile since the contents apply to published

  # executables

  propagatedSandboxProfile = toString dotnet-runtime.__propagatedSandboxProfile;



  passthru = {

    inherit nuget-source;

  } // lib.optionalAttrs (!lib.isDerivation nugetDeps) {
@@ -316,8 +320,4 @@ stdenvNoCC.mkDerivation (args // { 
  } // args.passthru or { };



  meta = (args.meta or { }) // { inherit platforms; };

}

  # ICU tries to unconditionally load files from /usr/share/icu on Darwin, which makes builds fail

  # in the sandbox, so disable ICU on Darwin. This, as far as I know, shouldn't cause any built packages

  # to behave differently, just the dotnet build tool.

  // lib.optionalAttrs stdenvNoCC.isDarwin { DOTNET_SYSTEM_GLOBALIZATION_INVARIANT = 1; })
 
})

pkgs/development/compilers/dotnet/build-dotnet.nix

+27 −1
Original line number Diff line number Diff line
@@ -26,6 +26,7 @@ assert if type == "sdk" then packages != null else true; 
, mkNugetDeps

, callPackage

, dotnetCorePackages

, xmlstarlet

}:



let
@@ -47,6 +48,9 @@ let 


  targetRid = dotnetCorePackages.systemToDotnetRid stdenv.targetPlatform.system;



  sigtool = callPackage ./sigtool.nix {};

  signAppHost = callPackage ./sign-apphost.nix {};



in

mkCommon type rec {

  inherit pname version;
@@ -54,7 +58,11 @@ mkCommon type rec { 
  # Some of these dependencies are `dlopen()`ed.

  nativeBuildInputs = [

    makeWrapper

  ] ++ lib.optional stdenv.isLinux autoPatchelfHook;

  ] ++ lib.optional stdenv.isLinux autoPatchelfHook

  ++ lib.optionals (type == "sdk" && stdenv.isDarwin) [

    xmlstarlet

    sigtool

  ];



  buildInputs = [

    stdenv.cc.cc
@@ -71,6 +79,16 @@ mkCommon type rec { 


  sourceRoot = ".";



  postPatch = if type == "sdk" && stdenv.isDarwin then ''

    xmlstarlet ed \

      --inplace \

      -s //_:Project -t elem -n Import \

      -i \$prev -t attr -n Project -v "${signAppHost}" \

      sdk/*/Sdks/Microsoft.NET.Sdk/targets/Microsoft.NET.Sdk.targets



    codesign --remove-signature packs/Microsoft.NETCore.App.Host.osx-*/*/runtimes/osx-*/native/{apphost,singlefilehost}

  '' else null;



  dontPatchELF = true;

  noDumpEnvVars = true;
@@ -108,6 +126,14 @@ mkCommon type rec { 
      $out/packs/Microsoft.NETCore.App.Host.${targetRid}/*/runtimes/${targetRid}/native/*host

  '';



  # fixes: Could not load ICU data. UErrorCode: 2

  propagatedSandboxProfile = lib.optionalString stdenv.isDarwin ''

    (allow file-read* (subpath "/usr/share/icu"))

    (allow file-read* (subpath "/private/var/db/mds/system"))

    (allow mach-lookup (global-name "com.apple.SecurityServer")

                       (global-name "com.apple.system.opendirectoryd.membership"))

  '';



  passthru = {

    inherit icu;

  } // lib.optionalAttrs (type == "sdk") {

pkgs/development/compilers/dotnet/common.nix

+13 −6
Original line number Diff line number Diff line
@@ -52,7 +52,12 @@ 
          run ? null,

        }:

        let

          built = runCommand "dotnet-test-${name}" { buildInputs = [ finalAttrs.finalPackage ]; } (''

          sdk = finalAttrs.finalPackage;

          built = runCommand "dotnet-test-${name}" {

            buildInputs = [ sdk ];

            # make sure ICU works in a sandbox

            propagatedSandboxProfile = toString sdk.__propagatedSandboxProfile;

          } (''

            HOME=$PWD/.home

            dotnet new nugetconfig

            dotnet nuget disable source nuget
@@ -65,8 +70,10 @@ 
          if run == null

            then built

          else

            runCommand "${built.name}-run" { src = built; nativeBuildInputs = runInputs; } (

              lib.optionalString (runtime != null) ''

            runCommand "${built.name}-run" {

              src = built;

              nativeBuildInputs = [ built ] ++ runInputs;

            } (lib.optionalString (runtime != null) ''

              # TODO: use runtime here

              export DOTNET_ROOT=${runtime}

            '' + run);

pkgs/development/compilers/dotnet/stage0.nix

+0 −8
Original line number Diff line number Diff line
@@ -25,8 +25,6 @@ let 


  patchNupkgs = pkgsBuildHost.callPackage ./patch-nupkgs.nix {};



  signAppHost = callPackage ./sign-apphost.nix {};



  deps = mkNugetDeps {

    name = "dotnet-vmr-deps";

    sourceFile = depsFile;
@@ -51,12 +49,6 @@ let 
        -s //Project -t elem -n Import \

        -i \$prev -t attr -n Project -v "${./patch-restored-packages.proj}" \

        src/*/Directory.Build.targets

    '' + lib.optionalString stdenv.isDarwin ''

      xmlstarlet ed \

        --inplace \

        -s //Project -t elem -n Import \

        -i \$prev -t attr -n Project -v "${signAppHost}" \

        src/runtime/Directory.Build.targets

    '';



    postConfigure = old.postConfigure or "" + ''