diff --git a/pkgs/development/libraries/git2/default.nix b/pkgs/development/libraries/git2/default.nix index 7aaac299b0e3..0a0c5858917f 100644 --- a/pkgs/development/libraries/git2/default.nix +++ b/pkgs/development/libraries/git2/default.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchurl, pkgconfig, cmake, zlib, python, libssh2, openssl, http-parser, libiconv }: +{ stdenv, fetchurl, pkgconfig, cmake, zlib, python, libssh2, openssl, curl, http-parser, libiconv }: stdenv.mkDerivation (rec { version = "0.24.1"; @@ -10,10 +10,20 @@ stdenv.mkDerivation (rec { sha256 = "0rw80480dx2f6a2wbb1bwixygg1iwq3r7vwhxdmkkf4lpxd35jhd"; }; + # TODO: `cargo` (rust's package manager) surfaced a serious bug in + # libgit2 when the `Security.framework` transport is used on Darwin. + # The upstream issue is tracked at + # https://github.com/libgit2/libgit2/issues/3885 - feel free to + # remove this patch as soon as it's resolved (i.E. when cargo is + # working fine without this patch) + patches = stdenv.lib.optionals stdenv.isDarwin [ + ./disable-security.framework.patch + ]; + cmakeFlags = "-DTHREADSAFE=ON"; nativeBuildInputs = [ cmake python pkgconfig ]; - buildInputs = [ zlib libssh2 openssl http-parser ]; + buildInputs = [ zlib libssh2 openssl http-parser curl ]; meta = { description = "The Git linkable library"; diff --git a/pkgs/development/libraries/git2/disable-security.framework.patch b/pkgs/development/libraries/git2/disable-security.framework.patch new file mode 100644 index 000000000000..ce6a008b1c4c --- /dev/null +++ b/pkgs/development/libraries/git2/disable-security.framework.patch @@ -0,0 +1,58 @@ +From fbc2ea65406236a740b8734dd41dc5ddbc24f8c9 Mon Sep 17 00:00:00 2001 +From: mulrich +Date: Mon, 8 Aug 2016 15:36:07 +0200 +Subject: [PATCH] disable security.framework + +--- + CMakeLists.txt | 7 +++---- + src/curl_stream.c | 9 ++++++++- + 2 files changed, 11 insertions(+), 5 deletions(-) + +diff --git a/CMakeLists.txt b/CMakeLists.txt +index 93a9e47..331e148 100644 +--- a/CMakeLists.txt ++++ b/CMakeLists.txt +@@ -49,7 +49,8 @@ ENDIF() + + IF(${CMAKE_SYSTEM_NAME} MATCHES "Darwin") + SET( USE_ICONV ON ) +- FIND_PACKAGE(Security) ++ # FIND_PACKAGE(Security) ++ SET(SECURITY_FOUND "NO") + FIND_PACKAGE(CoreFoundation REQUIRED) + ENDIF() + +@@ -87,9 +88,7 @@ IF(MSVC) + OPTION(MSVC_CRTDBG "Enable CRTDBG memory leak reporting" OFF) + ENDIF() + +-IF (NOT ${CMAKE_SYSTEM_NAME} MATCHES "Darwin") +- OPTION( USE_OPENSSL "Link with and use openssl library" ON ) +-ENDIF() ++OPTION( USE_OPENSSL "Link with and use openssl library" ON ) + + CHECK_STRUCT_HAS_MEMBER ("struct stat" st_mtim "sys/types.h;sys/stat.h" + HAVE_STRUCT_STAT_ST_MTIM LANGUAGE C) +diff --git a/src/curl_stream.c b/src/curl_stream.c +index 98de187..a8a9f4c 100644 +--- a/src/curl_stream.c ++++ b/src/curl_stream.c +@@ -309,7 +309,14 @@ int git_curl_stream_new(git_stream **out, const char *host, const char *port) + curl_easy_setopt(handle, CURLOPT_HTTPPROXYTUNNEL, 1); + curl_easy_setopt(handle, CURLOPT_PROXYAUTH, CURLAUTH_ANY); + +- /* curl_easy_setopt(handle, CURLOPT_VERBOSE, 1); */ ++ const char* cainfo = getenv("SSL_CERT_FILE"); ++ if(cainfo != NULL) { ++ curl_easy_setopt(handle, CURLOPT_CAINFO, cainfo); ++ } ++ ++ /* ++ curl_easy_setopt(handle, CURLOPT_VERBOSE, 1); ++ */ + + st->parent.version = GIT_STREAM_VERSION; + st->parent.encrypted = 0; /* we don't encrypt ourselves */ +-- +2.3.8 (Apple Git-58) +