Always initialize curl in parent process on darwin

Because of an objc quirk[1], calling curl_global_init for the first time
after fork() will always result in a crash.
Up until now the solution has been to set
OBJC_DISABLE_INITIALIZE_FORK_SAFETY for every nix process to ignore
that error.
This is less than ideal because we were setting it in package.nix,
which meant that running nix tests locally would fail because
that variable was not set.
Instead of working around that error we address it at the core -
by calling curl_global_init inside initLibStore, which should mean
curl will already have been initialized by the time we try to do so in
a forked process.

[1] 01edf1705f/runtime/objc-initialize.mm (L614-L636)

Change-Id: Icf26010a8be655127cc130efb9c77b603a6660d0
This commit is contained in:
Nikodem Rabuliński 2024-05-06 18:16:50 +02:00
parent 83a2cd0c46
commit f894cce79b
Signed by: nrabulinski
SSH key fingerprint: SHA256:AZZVyfKStaCo8sbJB+3Rr/CRrlym1oEgw7vMnynJeR8
3 changed files with 13 additions and 10 deletions

View file

@ -2,11 +2,6 @@
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0"> <plist version="1.0">
<dict> <dict>
<key>EnvironmentVariables</key>
<dict>
<key>OBJC_DISABLE_INITIALIZE_FORK_SAFETY</key>
<string>YES</string>
</dict>
<key>Label</key> <key>Label</key>
<string>org.nixos.nix-daemon</string> <string>org.nixos.nix-daemon</string>
<key>KeepAlive</key> <key>KeepAlive</key>

View file

@ -400,10 +400,6 @@ stdenv.mkDerivation (finalAttrs: {
mesonInstallCheckFlags = [ "--suite=installcheck" ]; mesonInstallCheckFlags = [ "--suite=installcheck" ];
preInstallCheck = lib.optionalString stdenv.hostPlatform.isDarwin ''
export OBJC_DISABLE_INITIALIZE_FORK_SAFETY=YES
'';
installCheckPhase = lib.optionalString buildWithMeson '' installCheckPhase = lib.optionalString buildWithMeson ''
runHook preInstallCheck runHook preInstallCheck
flagsArray=($mesonInstallCheckFlags "''${mesonInstallCheckFlagsArray[@]}") flagsArray=($mesonInstallCheckFlags "''${mesonInstallCheckFlagsArray[@]}")

View file

@ -25,6 +25,7 @@
#include "config-impl.hh" #include "config-impl.hh"
#ifdef __APPLE__ #ifdef __APPLE__
#include <curl/curl.h>
#include <sys/sysctl.h> #include <sys/sysctl.h>
#endif #endif
@ -409,10 +410,21 @@ void initLibStore() {
preloadNSS(); preloadNSS();
#if __APPLE__
/* Because of an objc quirk[1], calling curl_global_init for the first time
after fork() will always result in a crash.
Up until now the solution has been to set OBJC_DISABLE_INITIALIZE_FORK_SAFETY
for every nix process to ignore that error.
Instead of working around that error we address it at the core -
by calling curl_global_init here, which should mean curl will already
have been initialized by the time we try to do so in a forked process.
[1] https://github.com/apple-oss-distributions/objc4/blob/01edf1705fbc3ff78a423cd21e03dfc21eb4d780/runtime/objc-initialize.mm#L614-L636
*/
curl_global_init(CURL_GLOBAL_ALL);
/* On macOS, don't use the per-session TMPDIR (as set e.g. by /* On macOS, don't use the per-session TMPDIR (as set e.g. by
sshd). This breaks build users because they don't have access sshd). This breaks build users because they don't have access
to the TMPDIR, in particular in nix-store --serve. */ to the TMPDIR, in particular in nix-store --serve. */
#if __APPLE__
if (getEnv("TMPDIR").value_or("/tmp").starts_with("/var/folders/")) if (getEnv("TMPDIR").value_or("/tmp").starts_with("/var/folders/"))
unsetenv("TMPDIR"); unsetenv("TMPDIR");
#endif #endif