-
Notifications
You must be signed in to change notification settings - Fork 26
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
openssl support #6
Comments
With the older Rubies, they don't work with openssl >= 1.0, and nixpkgs now defaults to 1.1, which is not backwards-compatible. I think what happens is that the configure script of the ruby therefore fails to detect a working openssl, and quietly skips building it. A couple of years ago, before the switch in nix file structure to use flakes, I worked around this by overriding the openssl version, but since then the older openssl has been completely removed from nixpkgs. Patches exist for the old Ruby code so that they will support the newer openssl, but I can't for the life of me figure out how to include them in the rubies built by mkRuby. Any pointers, @bobvanderlinden? |
You can use overrideAttrs. Something like: (mkRuby { inherit pkgs; rubyVersion = "1.2.3"; }).overrideAttrs {
patches = [ ./mypatch.patch ];
} That said, I'm interested in those patches. I could add them in the repo for specific ranges of versions. Do you have a link where I can find them? |
Huh, thanks, I thought I'd tried exactly that, but must have messed something up. 🙏 I'll report back when I've had chance to fiddle with this and see if I can confirm a working patch. |
BTW, this PR to RVM has a comprehensive set of openssl compatibility patches for various versions of Ruby: rvm/rvm#5248 The patch for 2.2.x there is the same as one I found elsewhere, but doesn't seem to apply cleanly to 2.2.10 via I had to do something similar when assembling a set of old Emacs versions for CI testing (https://github.com/purcell/nix-emacs-ci/) — to just satisfy basic usability with modern nixpkgs, a few small compatibility/backport patches were the practical choice. |
Fixed in master? |
No, I think that's a separate issue: it seems to fix Ruby 3 not building with OpenSSL > 1.1. This particular report is about Ruby < 2.4 not building with OpenSSL > 1.0, which is still the case. |
This problem shouldn't happen anymore. In #23, overrides were introduced that allows making changes to the Ruby derivation based on version ranges. OpenSSL1.1 is now only applied to those versions that failed to build otherwise. In addition, there is now CI running that check whether versions are still able to build. Could you check whether this is still a problem for you? |
@bobvanderlinden Could you clarify what you'd expect to be different now? Even without #23, the old versions built — they just silently had no OpenSSL support, because the unpatched source isn't compatible with any OpenSSL available in nixpkgs. |
I see what you mean. Older Ruby versions are expecting OpenSSL 1.0 and do not support OpenSSL 1.1 nor OpenSSL 3.0. OpenSSL 1.0 is not in nixpkgs anymore, so the Ruby source needs to be patched. #23 merely makes sure Ruby versions that did not support OpenSSL 3.0 would use OpenSSL 1.1. rvm/rvm#5248 does look like the right solution. Might be good to wait for it to be merged before trying to apply it to all applicable Ruby versions. |
Yes, exactly. In practice, as I noted above, the patch in that RVM PR for Ruby 2.2.x didn't apply to 2.2.10 when I tried it, so I'm not sure I hold out much hope that a working set of patches is viable. (Perhaps I messed something up, but I don't think so.) |
I'm strangely having this error despite being on Ruby 3.0.4. My devenv.nix is below, and extremely basic. I've tried adding openssl to the package list to no avail. What's going on here?
|
@trevorfoxsoft could you also post your devenv.yaml? |
Of course, it's just as bare:
|
Still struggling with this one—is there any more info I can provide or any suggestions to explore? |
@trevorfoxsof For now, I am overriding openssl version: { pkgs, nixpkgs-ruby, ... }:
{
languages.ruby.enable = true;
languages.ruby.package = (nixpkgs-ruby.lib.packageFromRubyVersionFile {
file = ./.ruby-version;
system = pkgs.stdenv.system;
}).override { openssl = pkgs.openssl_1_1; };
# Packages to install
packages = with pkgs; [
git
];
services.postgres.enable = true;
} |
As mentioned in #6, there are Ruby versions where openssl does not correctly work. The intention is to add tests for loading the openssl gem so that we can detect for which versions openssl does and does not work. After that it is likely that overrides are needed to change the openssl version for specific Ruby versions.
#71 fixes the issue with Ruby 3.0.x not having openssl available. There are now tests available that check for OpenSSL is still a problem for Ruby <2.4. The patches for RVM were merged, so I thought I'd give them a try as well. It did not really help. There seems to still be a problem during configurePhase. I want to suggest to look into https://lazamar.co.uk/nix-versions/?channel=nixpkgs-unstable&package=ruby for really old Ruby versions. With an older nixpkgs it'll use openssl 1.0 or even 0.9.x. |
Thanks for the library! I'm not able to get openssl to work, does anyone have any thoughts?
The text was updated successfully, but these errors were encountered: