Skip to content

gem-config: add digest-sha3#54265

Merged
alyssais merged 1 commit intoNixOS:masterfrom
smaximov:gem-config-digest-sha3
Jan 19, 2019
Merged

gem-config: add digest-sha3#54265
alyssais merged 1 commit intoNixOS:masterfrom
smaximov:gem-config-digest-sha3

Conversation

@smaximov
Copy link
Copy Markdown
Contributor

@smaximov smaximov commented Jan 18, 2019

Motivation for this change

digest-sha3 is a C-extension gem which fails to build on Nix because it uses non-literals as format strings which is forbidden by the default Nix hardening settings. There is a pull request to fix that (1), but the gem seems to be abandoned.

Things done

This PR disables the "format" hardening for digest-sha3.

  • Tested using sandboxing (nix.useSandbox on NixOS, or option sandbox in nix.conf on non-NixOS)
  • Built on platform(s)
    • NixOS
    • macOS
    • other Linux distributions
  • Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
  • Tested compilation of all pkgs that depend on this change using nix-shell -p nox --run "nox-review wip"
  • Tested execution of all binary files (usually in ./result/bin/)
  • Determined the impact on package closure size (by running nix path-info -S before and after)
  • Assured whether relevant documentation is up to date
  • Fits CONTRIBUTING.md.

Original thread: https://discourse.nixos.org/t/solved-hardeningdisable-and-bundlerenv/1765

@smaximov
gem-config: add digest-sha3
05c8d5c 
`digest-sha3` is a C-extension gem which fails to build on Nix because
it uses non-literals as format strings which is forbidden by the default
Nix hardening settings. There is a pull request to fix that ([1]), but
the gem seems to be abandoned.

This PR disables the "format" hardening for `digest-sha3`.

[1]: phusion/digest-sha3-ruby#8
@GrahamcOfBorg GrahamcOfBorg added 6.topic: ruby A dynamic, open source programming language with a focus on simplicity and productivity. 10.rebuild-darwin: 0 This PR does not cause any packages to rebuild on Darwin. 10.rebuild-linux: 0 This PR does not cause any packages to rebuild on Linux. labels Jan 18, 2019
@alyssais alyssais merged commit 0bf9656 into NixOS:master Jan 19, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@alyssais alyssais Awaiting requested review from alyssais

@zimbatm zimbatm Awaiting requested review from zimbatm

Assignees

No one assigned

Labels

6.topic: ruby A dynamic, open source programming language with a focus on simplicity and productivity. 10.rebuild-darwin: 0 This PR does not cause any packages to rebuild on Darwin. 10.rebuild-linux: 0 This PR does not cause any packages to rebuild on Linux.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@smaximov @alyssais @GrahamcOfBorg