From 7cfdb8950d93888811fbd2da3a575521d8781ace Mon Sep 17 00:00:00 2001 From: Will Dietz Date: Sun, 17 Jun 2018 18:56:22 -0500 Subject: [PATCH 1/3] libgcrypt: keep new lock behavior but only do so around collector access Not around a function that itself will grab the rng lock. Unfortunate that we obtain/release the lock twice but this seems least invasive way to fix this. --- .../libraries/libgcrypt/default.nix | 2 ++ .../libgcrypt/fix-jent-locking.patch | 29 +++++++++++++++++++ 2 files changed, 31 insertions(+) create mode 100644 pkgs/development/libraries/libgcrypt/fix-jent-locking.patch diff --git a/pkgs/development/libraries/libgcrypt/default.nix b/pkgs/development/libraries/libgcrypt/default.nix index de657bc9c34..1a9e19ede23 100644 --- a/pkgs/development/libraries/libgcrypt/default.nix +++ b/pkgs/development/libraries/libgcrypt/default.nix @@ -21,6 +21,8 @@ stdenv.mkDerivation rec { # The build enables -O2 by default for everything else. hardeningDisable = stdenv.lib.optional stdenv.cc.isClang "fortify"; + patches = [ ./fix-jent-locking.patch ]; + depsBuildBuild = [ buildPackages.stdenv.cc ]; buildInputs = [ libgpgerror ] diff --git a/pkgs/development/libraries/libgcrypt/fix-jent-locking.patch b/pkgs/development/libraries/libgcrypt/fix-jent-locking.patch new file mode 100644 index 00000000000..5394e51468e --- /dev/null +++ b/pkgs/development/libraries/libgcrypt/fix-jent-locking.patch @@ -0,0 +1,29 @@ +From bbe989be6ca5e093d5244413590bd80e12c2ec9b Mon Sep 17 00:00:00 2001 +From: Will Dietz +Date: Sun, 17 Jun 2018 18:53:58 -0500 +Subject: [PATCH] rndjent: move locking to fix trying to obtain held lock, + hanging + +--- + random/rndjent.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/random/rndjent.c b/random/rndjent.c +index 0c5a820b..3740ddd4 100644 +--- a/random/rndjent.c ++++ b/random/rndjent.c +@@ -334,9 +334,10 @@ _gcry_rndjent_get_version (int *r_active) + { + if (r_active) + { +- lock_rng (); + /* Make sure the RNG is initialized. */ + _gcry_rndjent_poll (NULL, 0, 0); ++ ++ lock_rng (); + /* To ease debugging we store 2 for a clock_gettime based + * implementation and 1 for a rdtsc based code. */ + *r_active = jent_rng_collector? is_rng_available () : 0; +-- +2.18.0-rc2 + From 6c16f3d62615050e4f91da31a6122a9fdbce7130 Mon Sep 17 00:00:00 2001 From: Will Dietz Date: Wed, 20 Jun 2018 14:03:58 -0500 Subject: [PATCH 2/3] libgcrypt: mention PR, upstream issue --- pkgs/development/libraries/libgcrypt/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/pkgs/development/libraries/libgcrypt/default.nix b/pkgs/development/libraries/libgcrypt/default.nix index 1a9e19ede23..473cd2b12b8 100644 --- a/pkgs/development/libraries/libgcrypt/default.nix +++ b/pkgs/development/libraries/libgcrypt/default.nix @@ -21,6 +21,7 @@ stdenv.mkDerivation rec { # The build enables -O2 by default for everything else. hardeningDisable = stdenv.lib.optional stdenv.cc.isClang "fortify"; + # Accepted upstream, should be in next update: #42150, https://dev.gnupg.org/T4034 patches = [ ./fix-jent-locking.patch ]; depsBuildBuild = [ buildPackages.stdenv.cc ]; From d6bffa6aa45467296d4b20bea7e6575337eed0de Mon Sep 17 00:00:00 2001 From: Will Dietz Date: Sun, 17 Jun 2018 19:16:35 -0500 Subject: [PATCH 3/3] libgcrypt: don't disable checks on Darwin, let's see if patch fixes --- pkgs/development/libraries/libgcrypt/default.nix | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/pkgs/development/libraries/libgcrypt/default.nix b/pkgs/development/libraries/libgcrypt/default.nix index 473cd2b12b8..638dec302b7 100644 --- a/pkgs/development/libraries/libgcrypt/default.nix +++ b/pkgs/development/libraries/libgcrypt/default.nix @@ -52,8 +52,7 @@ stdenv.mkDerivation rec { cp src/.libs/libgcrypt.20.dylib $out/lib ''; - # TODO: reenable with next update? - doCheck = !stdenv.isDarwin; + doCheck = true; meta = with stdenv.lib; { homepage = https://www.gnu.org/software/libgcrypt/;