Friendica using php.buildComposerProject - OpenSSL error

hlad · September 25, 2023, 12:49pm

I try to package Friendica using new php.buildComposerProject method, with this minimal default.nix:

{ php, fetchFromGitHub }:

php.buildComposerProject (finalAttrs: {
  pname = "friendica";
  version = "2023.05";

  src = fetchFromGitHub {
    owner = "friendica";
    repo = "friendica";
    rev = finalAttrs.version;
    hash = "sha256-RXzJO++lWm935XNyg5JPmW1sR3MtKAC581E5cmw+WeY=";
  };

  vendorHash = "sha256-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=";
})

I run this command to build the package:
nix-build -E "with import <nixpkgs> {}; callPackage ./default.nix {}"

but when creating local composer repo, wierd OpenSSL error appears when trying to download php package from https://git.friendi.ca (uses Let’s Encrypt certificate) (downloading packages from github.com works fine):

error: builder for '/nix/store/v6wmqmalc59px0q52lsyi836sds4iy61-friendica-2023.05-composer-repository.drv' failed with exit code 1;
       last 10 log lines:
       >   - Downloading ezyang/htmlpurifier (v4.16.0)
       >   - Installing ezyang/htmlpurifier (v4.16.0): Extracting archive
       >   - Downloading fgrosse/phpasn1 (v2.5.0)
       >   - Installing fgrosse/phpasn1 (v2.5.0): Extracting archive
       >   - Installing friendica/json-ld (1.1.2): Cloning 5f6ea87b26
       > Could not build repository: Failed to execute git clone --no-checkout -- 'https://git.friendi.ca/friendica/php-json-ld' '/build/source/repository/friendica/json-ld/1.1.2' && cd '/build/source/repository/friendica/json-ld/1.1.2' && git remote add composer -- 'https://git.friendi.ca/friendica/php-json-ld' && git fetch composer && git remote set-url origin -- 'https://git.friendi.ca/friendica/php-json-ld' && git remote set-url composer -- 'https://git.friendi.ca/friendica/php-json-ld'
       >
       > Cloning into '/build/source/repository/friendica/json-ld/1.1.2'...
       > fatal: unable to access 'https://git.friendi.ca/friendica/php-json-ld/': OpenSSL/3.0.10: error:16000069:STORE routines::unregistered scheme
       >
       For full logs, run 'nix log /nix/store/v6wmqmalc59px0q52lsyi836sds4iy61-friendica-2023.05-composer-repository.drv'.
error: 1 dependencies of derivation '/nix/store/s1g5vad6mch5x2r563jj5acx9nw89yg7-friendica-2023.05.drv' failed to build

When I use the composer-local-repo-plugin directly, the repo will create just fine.

Any advice how to debug this? (I am still newbie in Nix(OS))

Thanks

Hlad

hlad · September 25, 2023, 3:28pm

@drupol maybe you can help me with this

drupol · September 25, 2023, 3:40pm

Hi !

Can you provide the smallest (in size) composer.json where I could reproduce the problem please?
I will try to investigate the issue.

Thanks!

hlad · September 25, 2023, 5:14pm

here is the original composer.json or should i edit it to contain only problematic package?

drupol · September 25, 2023, 8:04pm

Yes please, provide the minimum composer.json file so I can reproduce the issue.

drupol · September 25, 2023, 8:11pm

I just pushed a PR fixing the issue.

Could you please try it? At least I can’t reproduce the issue any more.

(there are issues later, but I don’t think they are related to the OpenSSL issues)

hlad · September 25, 2023, 8:43pm

Yes, with this PR the package friendica/json-ld is downloaded fine.
The build ends with this unrelated error:

post-installation fixup
shrinking RPATHs of ELF executables and libraries in /nix/store/r6l193ghwd6kqg9m2d1ahzvx95bm1bxq-friendica-2023.05-composer-repository
checking for references to /build/ in /nix/store/r6l193ghwd6kqg9m2d1ahzvx95bm1bxq-friendica-2023.05-composer-repository...
error: illegal path references in fixed-output derivation '/nix/store/s812idab1bivvavn6qgxpqh78xs38cgg-friendica-2023.05-composer-repository.drv'

drupol · September 26, 2023, 8:58pm

This is another issue that need some help indeed. I have no clue what’s going on there yet.

drupol · September 29, 2023, 11:05am

I think this issue could also be resolved by adding composer/ca-bundle in the require section of your composer.json file.

If you could try to just let me know, it would be great.

drupol · October 16, 2023, 1:11pm

I think this PR will fix the other issues you were having: build-support/php: fix support of vcs repositories by yu-re-ka · Pull Request #261413 · NixOS/nixpkgs · GitHub

hlad · October 17, 2023, 6:55am

Using master branch of nixpkgs (the PR is merged now) I still have this error:

post-installation fixup
shrinking RPATHs of ELF executables and libraries in /nix/store/r6l193ghwd6kqg9m2d1ahzvx95bm1bxq-friendica-2023.05-composer-repository
checking for references to /build/ in /nix/store/r6l193ghwd6kqg9m2d1ahzvx95bm1bxq-friendica-2023.05-composer-repository...
error: illegal path references in fixed-output derivation '/nix/store/qb5xc7gyfxgs2qhc4zb4mh6xnlifrwaz-friendica-2023.05-composer-repos
itory.drv'
error: 1 dependencies of derivation '/nix/store/p77hrc734s4fmd49zkyc5zhwazjsiwbn-friendica-2023.05.drv' failed to build

Any advice how can I debug it myself?

drupol · October 17, 2023, 7:15am

Could you please post the derivation so I can try to reproduce the issue locally?

Also, what you can do is to build the derivation with something like:

nix build .#friendica --keep-failed

And then, inspect the output at /tmp/nix-build-friendica-.../.
To be honest, I don’t know yet what we’re looking for… but it’s already a start.

drupol · February 7, 2024, 11:15am

What’s the status of this?

hlad · June 25, 2024, 12:32pm

I found this blog post about “error: illegal path references in fixed-output derivation”, which says that “You get this error when your fixed-output derivation places something in $out which contains a Nix store path!”.
https://phip1611.de/blog/fixing-illegal-path-references-in-fixed-output-derivation-in-nix/

Which is actually my case, $out/repository/friendica/json-ld/1.1.4/.git/hook directory contains *.sample files, that contains /nix/store/.. shebangs. (Don’t know why)

How to deal with that? I don’t know how to override installPhase or fixupPhase of composer-repository derivation.

bmillwood · October 14, 2024, 12:43pm

I independently started trying to package friendica for NixOS and I think I have it working, although I haven’t used my new node much yet. See: GitHub - bmillwood/nixos-friendica: NixOS module for the Friendica social network

I gave up on using the existing composer infrastructure because it seems like composer-local-repo-plugin needs Composer 2, but Friendica still uses Composer 1. (You can see more of the gotchas in my code comments). Just writing my own fixed-output derivation directly seemed to work fine.

drupol · October 18, 2024, 9:46pm

The new version of the PHP composer builder does not need that plugin anymore.

bmillwood · October 19, 2024, 8:39pm

ah, I didn’t try that because I think it’s not in nixos-24.05