Troubleshooting a Rust build with Carnix on a MacOS system

I’ve been using Carnix to make nix derivations from my Cargo files for a while. I’m not 100% clear on what is happening, and I can’t actually interpret the output from Carnix, but I’ve been able to work with this.

I’m on a Mac, and one of the things I frequently have to do is to include the MacOS Security framework (pkgs.darwin.apple_sdk.frameworks.Security) in a build. I at some point learned that, when I have to add this to the crates that my app depends on, I can use an override to add the framework like so:

  security = pkgs.darwin.apple_sdk.frameworks.Security;
  fitnesstrax_server_crate = ((import ./Cargo.nix).fitnesstrax_server {}).override {
    rust = rustc;
    crateOverrides = pkgs.defaultCrateOverrides // {
      mime_guess = attrs: { buildInputs = [ security ]; };
      orizentic = attrs: { buildInputs = [ security ]; };
      fitnesstrax = attrs: { buildInputs = [ security ]; };
      fitnesstrax_server = attrs: { buildInputs = [ security ]; };
    };
  };

This was working for a long while, but I recently broke one of my crates into library + server. Both require the Security framework. I can see in the process mime_guess, orizentic and fitnesstrax all successfully building, but linking fails when building fitnesstrax_server because the Security framework is missing.

How can I reach in deep enough to the system to inspect the environment that fitnesstrax_server is building in? I particularly want to know what the buildInputs (and other dependencies) actually are, so that I can see whether my override is working in this case.

If you decide to look at the repository, the code above appears in server/default.nix, and it changes in between the last known good build and the broken one, as a result of me extracting an entire library into a separate directory.

Last known good build: https://github.com/luminescent-dreams/fitnesstrax/tree/f4702d62505b7bd27a48ffb3a2c48f5abf0ca3b0
The code you see above: https://github.com/luminescent-dreams/fitnesstrax/tree/669752fedf806b487ce007e2e88a36f7e08b0e3d

1 Like

Figured out how to make this work this morning.

It turns out that the cargo derivation allows me to specify overrides for crates that don’t actually exist in the derivation. This confused me a bit, because fitnesstrax_server, the executable crate that I am building, is (I think), the entire Cargo.nix derivation. As such, the way to inject system dependencies into it is like this:

  security = pkgs.darwin.apple_sdk.frameworks.Security;
  fitnesstrax_server_crate = ((import ./Cargo.nix).fitnesstrax_server {}).override {
    rust = rustc;
    buildInputs = [ security ];
    crateOverrides = pkgs.defaultCrateOverrides // {
      mime_guess = attrs: { buildInputs = [ security ]; };
      orizentic = attrs: { buildInputs = [ security ]; };
      fitnesstrax = attrs: { buildInputs = [ security ]; };
    };
  };

I think I will still want to dig in a bit deeper to analyze the structure of what carnix creates. As I learn things, I’ll write up notes about how to analyze things, particularly with nix repl.

@savannidgerinel just wanted to explicitly thank you for this thread: having just changed mac I figured I might as well change my habits and decided to try out nix as a package manager (instead of my trusty but crusty macports).

I’m just at the “setting environment up” phase and not even though the nix manual so I figured I’d try installing my usual rust utilities via cargo and got stuck with cargo-edit (and a few other similar utilities): after battling with nix-env -i openssl (which apparently doesn’t work because nix-env doesn’t really work with multi-output packages) I found out nix-shell would work better, but then got stuck on

  cargo:warning=libgit2/src/streams/stransport.c:13:10: fatal error: 'Security/SecureTransport.h' file not found
  cargo:warning=#include <Security/SecureTransport.h>
  cargo:warning=         ^~~~~~~~~~~~~~~~~~~~~~~~~~~~

when trying to build git2-rs.

Yours is one of the few references to nix and the Security framework I’ve found, it’s been open for a few days alongside a few other more general posts and issues, and today as I was reading through again trying to see if I could grok useful beginner information from the advanced content it finally dawned on me that security = pkgs.darwin.apple_sdk.frameworks.Security indicates it’s a package, and so I can just add it to the -ps and have that in the shell environment, and then everything works fine (well I also needed SystemConfiguration but that was trivial at that point).

So thanks, even though nobody could help you with your issue I just wanted you to know that you definitely helped me, and I’m not sure where I could have found that information otherwise. I’m guessing I’ll be finding a lot more of you and @spease’s footprints through my journey as both of you seem to have gone through quite a bit of trouble with nix on macos (with rust) circa 2019.

3 Likes

I’m really glad this helped!