Install conan from nixos-22.05 fails

mtty · June 27, 2022, 2:13pm

I need newest conan. I have following shell.nix

{ pkgs ? import <nixos> {} }:
pkgs.mkShell {
  buildInputs = with pkgs; [
    conan
  ];
}

I know conan is in repository.

$ nix search conan
warning: using cached results; pass '-u' to update the cache
* nixos.conan (conan)
  Decentralized and portable C/C++ package manager

* nixpkgs.conan (conan)
  Decentralized and portable C/C++ package manager

However, nix-shell fails. The output is as below.

$ nix-shell 
these derivations will be built:
  /nix/store/1xp5zq37zmv7kkpl1y5hn4a1n6bvgyw5-python3.9-pyjwt-1.7.1.drv
  /nix/store/yii7bkixjjihhikjp9bl0grw3lcf01gq-conan-1.47.0.drv
building '/nix/store/1xp5zq37zmv7kkpl1y5hn4a1n6bvgyw5-python3.9-pyjwt-1.7.1.drv'...
Sourcing python-remove-tests-dir-hook
Sourcing python-catch-conflicts-hook.sh
Sourcing python-remove-bin-bytecode-hook.sh
Sourcing setuptools-build-hook
Using setuptoolsBuildPhase
Using setuptoolsShellHook
Sourcing pip-install-hook
Using pipInstallPhase
Sourcing python-imports-check-hook.sh
Using pythonImportsCheckPhase
Sourcing python-namespaces-hook
Sourcing setuptools-check-hook
Using setuptoolsCheckPhase
Sourcing pytest-check-hook
Using pytestCheckPhase
Removing setuptoolsCheckPhase
unpacking sources
unpacking source archive /nix/store/nzcyrm0lawr4ff3krarycfvzh3pn64z0-PyJWT-1.7.1.tar.gz
source root is PyJWT-1.7.1
setting SOURCE_DATE_EPOCH to timestamp 1544189988 of file PyJWT-1.7.1/setup.cfg
patching sources
applying patch /nix/store/47myp8mi2x8jn30gxnqw19nvmi82bmpw-CVE-2022-29217.patch
patching file jwt/algorithms.py
Hunk #1 FAILED at 9.
Hunk #2 FAILED at 183.
Hunk #3 FAILED at 551.
3 out of 3 hunks FAILED -- saving rejects to file jwt/algorithms.py.rej
patching file jwt/utils.py
Hunk #1 FAILED at 1.
Hunk #2 succeeded at 111 (offset 14 lines).
1 out of 2 hunks FAILED -- saving rejects to file jwt/utils.py.rej
patching file tests/test_algorithms.py
Hunk #1 succeeded at 365 with fuzz 2 (offset -314 lines).
patching file tests/test_advisory.py
builder for '/nix/store/1xp5zq37zmv7kkpl1y5hn4a1n6bvgyw5-python3.9-pyjwt-1.7.1.drv' failed with exit code 1
cannot build derivation '/nix/store/yii7bkixjjihhikjp9bl0grw3lcf01gq-conan-1.47.0.drv': 1 dependencies couldn't be built
error: build of '/nix/store/yii7bkixjjihhikjp9bl0grw3lcf01gq-conan-1.47.0.drv' failed

The question: how do I fix it? Can I somehow “open the build” of pyjwt, tinker, fix and rerun conan build?

jonringer · June 27, 2022, 3:37pm

looks like a high severity CVE patch caused this to fail. we should probably just backport the update to conan which supports pyjwt 2.0.

Related PR: [22.05] Unbreak conan (upgrade pyjwt, conan) by bjornfor · Pull Request #178579 · NixOS/nixpkgs · GitHub

mtty · June 30, 2022, 1:32pm

The pull request is merged. However, it is not enough to update my nixos channel, yet. How could I point my channel to the branch NixOS:staging-22.05 so that I could get those nixpkgs before they are released?

NobbZ · June 30, 2022, 1:47pm

Just wait, it is usually not worth the constant recompilation of the world when directly using any of the staging-* branches.

If you really want to try though, you can replace the <nixpkgs> in the snippet above with "https://github.com/nixos/nixpkgs/archive/eb14bfa09902325423e5ad540664cd10a5d478c3.tar.gz".

In theory, you can also use that for nix-channel --add if you are still using channels.

If you really want to, even https://github.com/nixos/nixpkgs/archive/staging-22.05.tar.gz can be used as URL for either, though I really wouldn’t recommend that, and just stick to that one commit until the important stuff has hit the actual nixos-* channel and then switch back to that ASAP.