pyrox.dev / nixpkgs
lol
fork atom

invidious.lsquic.boringssl: fix gcc11 build

schnusch 9a1264ca 728b0c81

+47 -6
unified split
+47 -6
pkgs/servers/invidious/lsquic.nix
··· 1 - { lib, boringssl, stdenv, fetchgit, fetchFromGitHub, cmake, zlib, perl, libevent, gcc10Stdenv, buildGoModule }: 1 + { lib, boringssl, stdenv, fetchgit, fetchFromGitHub, fetchurl, cmake, zlib, perl, libevent }: 2 2 let 3 3 versions = builtins.fromJSON (builtins.readFile ./versions.json); 4 4 5 - buildGoModuleGcc10 = buildGoModule.override { stdenv = gcc10Stdenv; }; 5 + fetchGitilesPatch = { name, url, sha256 }: 6 + fetchurl { 7 + url = "${url}%5E%21?format=TEXT"; 8 + inherit name sha256; 9 + downloadToTemp = true; 10 + postFetch = '' 11 + base64 -d < $downloadedFile > $out 12 + ''; 13 + }; 6 14 7 15 # lsquic requires a specific boringssl version (noted in its README) 8 - boringssl' = (boringssl.overrideAttrs (old: { 16 + boringssl' = boringssl.overrideAttrs ({ preBuild, ... }: { 9 17 version = versions.boringssl.rev; 10 18 src = fetchgit { 11 19 url = "https://boringssl.googlesource.com/boringssl"; ··· 15 23 patches = [ 16 24 # Use /etc/ssl/certs/ca-certificates.crt instead of /etc/ssl/cert.pem 17 25 ./use-etc-ssl-certs.patch 26 + 27 + # because lsquic requires that specific boringssl version and that 28 + # version does not yet include fixes for gcc11 build errors, they 29 + # must be backported 30 + (fetchGitilesPatch { 31 + name = "fix-mismatch-between-header-and-implementation-of-bn_sqr_comba8.patch"; 32 + url = "https://boringssl.googlesource.com/boringssl/+/139adff9b27eaf0bdaac664ec4c9a7db2fe3f920"; 33 + sha256 = "05sp602dvh50v46jkzmh4sf4wqnq5bwy553596g2rhxg75bailjj"; 34 + }) 35 + (fetchGitilesPatch { 36 + name = "use-an-unsized-helper-for-truncated-SHA-512-variants.patch"; 37 + url = "https://boringssl.googlesource.com/boringssl/+/a24ab549e6ae246b391155d7bed3790ac0e07de2"; 38 + sha256 = "0483jkpg4g64v23ln2blb74xnmzdjcn3r7w4zk7nfg8j3q5f9lxm"; 39 + }) 40 + /* 41 + # the following patch is too complex, so we will modify the build flags 42 + # of crypto/fipsmodule/CMakeFiles/fipsmodule.dir/bcm.c.o in preBuild 43 + # and turn off -Werror=stringop-overflow 44 + (fetchGitilesPatch { 45 + name = "make-md32_common.h-single-included-and-use-an-unsized-helper-for-SHA-256.patch"; 46 + url = "https://boringssl.googlesource.com/boringssl/+/597ffef971dd980b7de5e97a0c9b7ca26eec94bc"; 47 + sha256 = "1y0bkkdf1ccd6crx326agp01q22clm4ai4p982y7r6dkmxmh52qr"; 48 + }) 49 + */ 50 + (fetchGitilesPatch { 51 + name = "fix-array-parameter-warnings.patch"; 52 + url = "https://boringssl.googlesource.com/boringssl/+/92c6fbfc4c44dc8462d260d836020d2b793e7804"; 53 + sha256 = "0h4sl95i8b0dj0na4ngf50wg54raxyjxl1zzwdc810abglp10vnv"; 54 + }) 18 55 ]; 19 - })).override { 20 - buildGoModule = buildGoModuleGcc10; 21 - }; 56 + 57 + preBuild = '' 58 + ${preBuild} 59 + sed -e '/^build crypto\/fipsmodule\/CMakeFiles\/fipsmodule\.dir\/bcm\.c\.o:/,/^ *FLAGS =/ s/^ *FLAGS = -Werror/& -Wno-error=stringop-overflow/' \ 60 + -i build.ninja 61 + ''; 62 + }); 22 63 in 23 64 stdenv.mkDerivation rec { 24 65 pname = "lsquic";