libgit2: Disable Security.framework transport on Darwin.
When used by cargo, `libgit2` crashes with a Segmentation Fault on Darwin. This crash is somehow connected to the `Security.framework` native to Darwin, and while being easy to reproduce, is very hard to track down. This commit introduces a patch to `libgit2` which disables the troublesome transport and instead depends on `libcurl`. The patch also adds support for `SSL_CERT_FILE` to `libgit2`. Upstream tracking issue is https://github.com/libgit2/libgit2/issues/3885.
This commit is contained in:
parent
6fd0591674
commit
3cfe3ab6b6
@ -1,4 +1,4 @@
|
||||
{ stdenv, fetchurl, pkgconfig, cmake, zlib, python, libssh2, openssl, http-parser, libiconv }:
|
||||
{ stdenv, fetchurl, pkgconfig, cmake, zlib, python, libssh2, openssl, curl, http-parser, libiconv }:
|
||||
|
||||
stdenv.mkDerivation (rec {
|
||||
version = "0.24.1";
|
||||
@ -10,10 +10,20 @@ stdenv.mkDerivation (rec {
|
||||
sha256 = "0rw80480dx2f6a2wbb1bwixygg1iwq3r7vwhxdmkkf4lpxd35jhd";
|
||||
};
|
||||
|
||||
# TODO: `cargo` (rust's package manager) surfaced a serious bug in
|
||||
# libgit2 when the `Security.framework` transport is used on Darwin.
|
||||
# The upstream issue is tracked at
|
||||
# https://github.com/libgit2/libgit2/issues/3885 - feel free to
|
||||
# remove this patch as soon as it's resolved (i.E. when cargo is
|
||||
# working fine without this patch)
|
||||
patches = stdenv.lib.optionals stdenv.isDarwin [
|
||||
./disable-security.framework.patch
|
||||
];
|
||||
|
||||
cmakeFlags = "-DTHREADSAFE=ON";
|
||||
|
||||
nativeBuildInputs = [ cmake python pkgconfig ];
|
||||
buildInputs = [ zlib libssh2 openssl http-parser ];
|
||||
buildInputs = [ zlib libssh2 openssl http-parser curl ];
|
||||
|
||||
meta = {
|
||||
description = "The Git linkable library";
|
||||
|
@ -0,0 +1,58 @@
|
||||
From fbc2ea65406236a740b8734dd41dc5ddbc24f8c9 Mon Sep 17 00:00:00 2001
|
||||
From: mulrich <mulrich@entwicklerheld.local>
|
||||
Date: Mon, 8 Aug 2016 15:36:07 +0200
|
||||
Subject: [PATCH] disable security.framework
|
||||
|
||||
---
|
||||
CMakeLists.txt | 7 +++----
|
||||
src/curl_stream.c | 9 ++++++++-
|
||||
2 files changed, 11 insertions(+), 5 deletions(-)
|
||||
|
||||
diff --git a/CMakeLists.txt b/CMakeLists.txt
|
||||
index 93a9e47..331e148 100644
|
||||
--- a/CMakeLists.txt
|
||||
+++ b/CMakeLists.txt
|
||||
@@ -49,7 +49,8 @@ ENDIF()
|
||||
|
||||
IF(${CMAKE_SYSTEM_NAME} MATCHES "Darwin")
|
||||
SET( USE_ICONV ON )
|
||||
- FIND_PACKAGE(Security)
|
||||
+ # FIND_PACKAGE(Security)
|
||||
+ SET(SECURITY_FOUND "NO")
|
||||
FIND_PACKAGE(CoreFoundation REQUIRED)
|
||||
ENDIF()
|
||||
|
||||
@@ -87,9 +88,7 @@ IF(MSVC)
|
||||
OPTION(MSVC_CRTDBG "Enable CRTDBG memory leak reporting" OFF)
|
||||
ENDIF()
|
||||
|
||||
-IF (NOT ${CMAKE_SYSTEM_NAME} MATCHES "Darwin")
|
||||
- OPTION( USE_OPENSSL "Link with and use openssl library" ON )
|
||||
-ENDIF()
|
||||
+OPTION( USE_OPENSSL "Link with and use openssl library" ON )
|
||||
|
||||
CHECK_STRUCT_HAS_MEMBER ("struct stat" st_mtim "sys/types.h;sys/stat.h"
|
||||
HAVE_STRUCT_STAT_ST_MTIM LANGUAGE C)
|
||||
diff --git a/src/curl_stream.c b/src/curl_stream.c
|
||||
index 98de187..a8a9f4c 100644
|
||||
--- a/src/curl_stream.c
|
||||
+++ b/src/curl_stream.c
|
||||
@@ -309,7 +309,14 @@ int git_curl_stream_new(git_stream **out, const char *host, const char *port)
|
||||
curl_easy_setopt(handle, CURLOPT_HTTPPROXYTUNNEL, 1);
|
||||
curl_easy_setopt(handle, CURLOPT_PROXYAUTH, CURLAUTH_ANY);
|
||||
|
||||
- /* curl_easy_setopt(handle, CURLOPT_VERBOSE, 1); */
|
||||
+ const char* cainfo = getenv("SSL_CERT_FILE");
|
||||
+ if(cainfo != NULL) {
|
||||
+ curl_easy_setopt(handle, CURLOPT_CAINFO, cainfo);
|
||||
+ }
|
||||
+
|
||||
+ /*
|
||||
+ curl_easy_setopt(handle, CURLOPT_VERBOSE, 1);
|
||||
+ */
|
||||
|
||||
st->parent.version = GIT_STREAM_VERSION;
|
||||
st->parent.encrypted = 0; /* we don't encrypt ourselves */
|
||||
--
|
||||
2.3.8 (Apple Git-58)
|
||||
|
Loading…
Reference in New Issue
Block a user