Turning off hardening in pypi2nix

Help
1

Hi folks,

I post in the hope that you can help me figure this out. I’d like to install AirBnB’s Airflow app using nix. It’s a python package so I’m trying to generate nix expressions using pypi2nix on macOS. However, pypi2nix exits with an error, and no nix expressions are generated.

The problem is that Airflow depends on an old version of lxml, which is a package that provides python bindings for libxml2 and libxslt. This old version (3.8.0) uses unsafe format strings, which fail to compile under the hardening flags that stdenv supplies to clang. lxml has since been fixed, and the current version (4.2.1) works fine, but Airflow doesn’t work with the current version.

Somehow I need to turn off the hardening flags when compiling the lxml bindings. Before it was updated, nixpkgs did just this - lxml So if I create a similar nix expression, and convince pypi2nix to use it I should be good.

I think that would be something like this:

in extra/default.nix:

with import <nixpkgs> {};
{
  lxml = python36.pkgs.buildPythonPackage rec {
    pname = "lxml";
    version = "3.8.0";
    src = python36.pkgs.fetchPypi {
      inherit pname version;
      sha256 = "15nvf6n285n282682qyw3wihsncb0x5amdhyi4b83bfa2nz74vvk";
    };
    buildInputs = [ libxml2 libxslt ];
    hardeningDisable = ["format"];
  };
}

and run the command like this:

pypi2nix \
  -v \
  -V 3 \
  -s docutils \
  -s numpy \
  -I extra \
  -e airflow \
  -E darwin.apple_sdk.frameworks.Accelerate \
  -E extra.lxml

(docutils and numpy and Accelerate are needed for compiling other dependencies of airflow and that seems to work fine.)

That always results in evaluation aborted with the following error message: 'cannot find attribute 'extra.lxml''
I’ve tried a bunch of variations, and read all the nix-shell documentation about the -I flag, but no dice.

Anybody have a suggestion on how to proceed?

  • Colin

PS. I tried to post this here yesterday, but discourse was in read-only mode, so I sent it to the email list instead. Now that discourse is working again, I’m posting again because everybody seems to have moved over here. Sorry for the duplication.