fix(nix): bump macOS SDK to 12.3 for Go 1.26 compatibility (#22963)

Go 1.26's crypto/x509 calls SecTrustCopyCertificateChain via cgo, a Security framework function introduced in macOS 12. The devShell's default stdenv uses the macOS 11 SDK, so clang can't find the symbol at link time. Override the devShell stdenv on Darwin with overrideSDK "12.3" so the clang wrapper links against the 12.3 SDK, and update frontendPackages to use apple_sdk_12_3 frameworks for consistency. Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
2026-06-03 04:58:23 +00:00 · 2026-03-11 15:28:25 -06:00
parent 51198744ff
commit fc607cd400
1 changed files with 8 additions and 2 deletions
@@ -141,7 +141,7 @@
            python312Packages.setuptools # Needed for node-gyp
          ]
          ++ (lib.optionals stdenv.targetPlatform.isDarwin [
-            darwin.apple_sdk.frameworks.Foundation
+            darwin.apple_sdk_12_3.frameworks.Foundation
            xcbuild
          ]);

@@ -292,7 +292,13 @@
        inherit formatter;

        devShells = {
-          default = pkgs.mkShell {
+          default =
+            (pkgs.mkShell.override (
+              pkgs.lib.optionalAttrs pkgs.stdenv.isDarwin {
+                stdenv = pkgs.overrideSDK pkgs.stdenv "12.3";
+              }
+            ))
+            {
            buildInputs = devShellPackages;

            PLAYWRIGHT_BROWSERS_PATH = pkgs.playwright-driver.browsers;