libgit2: Disable Security.framework transport on Darwin.

When used by cargo, `libgit2` crashes with a Segmentation Fault on
Darwin. This crash is somehow connected to the `Security.framework`
native to Darwin, and while being easy to reproduce, is very hard to
track down.

This commit introduces a patch to `libgit2` which disables the
troublesome transport and instead depends on `libcurl`. The patch also
adds support for `SSL_CERT_FILE` to `libgit2`.

Upstream tracking issue is
https://github.com/libgit2/libgit2/issues/3885.
This commit is contained in:
Moritz Ulrich 2016-08-08 15:55:05 +02:00
parent 6fd0591674
commit 3cfe3ab6b6
2 changed files with 70 additions and 2 deletions

View File

@ -1,4 +1,4 @@
{ stdenv, fetchurl, pkgconfig, cmake, zlib, python, libssh2, openssl, http-parser, libiconv }:
{ stdenv, fetchurl, pkgconfig, cmake, zlib, python, libssh2, openssl, curl, http-parser, libiconv }:
stdenv.mkDerivation (rec {
version = "0.24.1";
@ -10,10 +10,20 @@ stdenv.mkDerivation (rec {
sha256 = "0rw80480dx2f6a2wbb1bwixygg1iwq3r7vwhxdmkkf4lpxd35jhd";
};
# TODO: `cargo` (rust's package manager) surfaced a serious bug in
# libgit2 when the `Security.framework` transport is used on Darwin.
# The upstream issue is tracked at
# https://github.com/libgit2/libgit2/issues/3885 - feel free to
# remove this patch as soon as it's resolved (i.E. when cargo is
# working fine without this patch)
patches = stdenv.lib.optionals stdenv.isDarwin [
./disable-security.framework.patch
];
cmakeFlags = "-DTHREADSAFE=ON";
nativeBuildInputs = [ cmake python pkgconfig ];
buildInputs = [ zlib libssh2 openssl http-parser ];
buildInputs = [ zlib libssh2 openssl http-parser curl ];
meta = {
description = "The Git linkable library";

View File

@ -0,0 +1,58 @@
From fbc2ea65406236a740b8734dd41dc5ddbc24f8c9 Mon Sep 17 00:00:00 2001
From: mulrich <mulrich@entwicklerheld.local>
Date: Mon, 8 Aug 2016 15:36:07 +0200
Subject: [PATCH] disable security.framework
---
CMakeLists.txt | 7 +++----
src/curl_stream.c | 9 ++++++++-
2 files changed, 11 insertions(+), 5 deletions(-)
diff --git a/CMakeLists.txt b/CMakeLists.txt
index 93a9e47..331e148 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -49,7 +49,8 @@ ENDIF()
IF(${CMAKE_SYSTEM_NAME} MATCHES "Darwin")
SET( USE_ICONV ON )
- FIND_PACKAGE(Security)
+ # FIND_PACKAGE(Security)
+ SET(SECURITY_FOUND "NO")
FIND_PACKAGE(CoreFoundation REQUIRED)
ENDIF()
@@ -87,9 +88,7 @@ IF(MSVC)
OPTION(MSVC_CRTDBG "Enable CRTDBG memory leak reporting" OFF)
ENDIF()
-IF (NOT ${CMAKE_SYSTEM_NAME} MATCHES "Darwin")
- OPTION( USE_OPENSSL "Link with and use openssl library" ON )
-ENDIF()
+OPTION( USE_OPENSSL "Link with and use openssl library" ON )
CHECK_STRUCT_HAS_MEMBER ("struct stat" st_mtim "sys/types.h;sys/stat.h"
HAVE_STRUCT_STAT_ST_MTIM LANGUAGE C)
diff --git a/src/curl_stream.c b/src/curl_stream.c
index 98de187..a8a9f4c 100644
--- a/src/curl_stream.c
+++ b/src/curl_stream.c
@@ -309,7 +309,14 @@ int git_curl_stream_new(git_stream **out, const char *host, const char *port)
curl_easy_setopt(handle, CURLOPT_HTTPPROXYTUNNEL, 1);
curl_easy_setopt(handle, CURLOPT_PROXYAUTH, CURLAUTH_ANY);
- /* curl_easy_setopt(handle, CURLOPT_VERBOSE, 1); */
+ const char* cainfo = getenv("SSL_CERT_FILE");
+ if(cainfo != NULL) {
+ curl_easy_setopt(handle, CURLOPT_CAINFO, cainfo);
+ }
+
+ /*
+ curl_easy_setopt(handle, CURLOPT_VERBOSE, 1);
+ */
st->parent.version = GIT_STREAM_VERSION;
st->parent.encrypted = 0; /* we don't encrypt ourselves */
--
2.3.8 (Apple Git-58)