Hello! I have a Ruby app which I want to develop using nix-shell
. The problem is that the app depends on a gem which is a C extension and it fails to compile because it uses format strings which are not string literals. Unfortunately, the gem seems to be abandoned. I could use a fork, but I want to find out how to resolve this issue using Nix.
I looked up the docs and it turns out that this is a Nix feature called “hardening” and it can be configured using the parameters hardeningEnable
and hardeningDisable
passed to mkDerivation
.
Minimal reproducible example is here.
Gemfile
:
# frozen_string_literal: true
source "https://rubygems.org"
gem 'digest-sha3', '= 1.1.0'
bootstrap.nix
.
{ pkgs ? import <nixpkgs> {}
}:
pkgs.mkShell {
buildInputs = [ pkgs.bundix ];
hardeningDisable = [ "format" ];
}
shell.nix
:
{ pkgs ? import <nixpkgs> {}
}:
let
hardeningDisable = [ "format" ];
gems = pkgs.bundlerEnv {
name = "app-gems";
gemdir = ./.;
# This doens't make any difference:
# inherit hardeningDisable;
};
in pkgs.mkShell {
buildInputs = with pkgs; [
ruby
gems
bundix
];
inherit hardeningDisable;
}
To bootstrap gemset.nix
, I use bootstrap.nix, hardeningDisable
helps here:
$ nix-shell bootstrap.nix --run 'bundix --magic'
This successfully builds gemset.nix
, but when I try to drop into the main shell (nix-shell shell.nix
), building gems
fails because of hardening. Passing hardeningDisable
to bundlerEnv
doesn’t work.
How do I disable/configure hardening for bundlerEnv
? Or is there a better way to work around the issue?
Thanks.