###### Motivation for this change
fixes #51825
###### Things done
<!-- Please check what applies. Note that these are not hard requirements but merely serve as information for reviewers. -->
- [x] Tested using sandboxing ([nix.useSandbox](http://nixos.org/nixos/manual/options.html#opt-nix.useSandbox) on NixOS, or option `sandbox` in [`nix.conf`](http://nixos.org/nix/manual/#sec-conf-file) on non-NixOS)
- Built on platform(s)
- [x] NixOS
- [ ] macOS
- [ ] other Linux distributions
- [ ] Tested via one or more NixOS test(s) if existing and applicable for the change (look inside [nixos/tests](https://github.com/NixOS/nixpkgs/blob/master/nixos/tests))
- [ ] Tested compilation of all pkgs that depend on this change using `nix-shell -p nox --run "nox-review wip"`
- [ ] Tested execution of all binary files (usually in `./result/bin/`)
- [ ] Determined the impact on package closure size (by running `nix path-info -S` before and after)
- [ ] Assured whether relevant documentation is up to date
- [x] Fits [CONTRIBUTING.md](https://github.com/NixOS/nixpkgs/blob/master/.github/CONTRIBUTING.md).
---
Change introduced in #50672.
The patch does not apply on older protobuf like protobuf3_1
```
$ nix-build -E 'with import ./. { }; python3Packages.protobuf.override { protobuf = protobuf3_1; }'
unpacking sources
unpacking source archive /nix/store/1zdyl0cxaa8ha2v1zp75zzdjd6j99d0m-source
source root is source
setting SOURCE_DATE_EPOCH to timestamp 315619200 of file source/util/python/BUILD
patching sources
applying patch /nix/store/yagx7hvylnnjq7lxbcia0y5lq1r736w3-0a59054c30e4f0ba10f10acfc1d7f3814c63e1a7.patch
patching file google/protobuf/pyext/descriptor.cc
Hunk #1 succeeded at 55 (offset -1 lines).
patching file google/protobuf/pyext/descriptor_containers.cc
patching file google/protobuf/pyext/descriptor_pool.cc
Hunk #1 succeeded at 47 (offset -1 lines).
patching file google/protobuf/pyext/extension_dict.cc
Hunk #1 FAILED at 53.
1 out of 1 hunk FAILED -- saving rejects to file google/protobuf/pyext/extension_dict.cc.rej
patching file google/protobuf/pyext/message.cc
Hunk #1 succeeded at 82 (offset 3 lines).
Hunk #2 succeeded at 1425 (offset -104 lines).
```
Since the patch isn't necessary on python versions older than 3.7, let's
only apply it for version 3.7. This means that most things using older
protobuf implementation will now be able to build when using an older
pythonPackage set (as is most probably the case anyway).
This still leaves protobuf 3.1 using packages hanging, but the errors
will be localized to those that would be breaking anyway with the
upgrade to 3.7 as default python.
credstash was only available as a library. Provide it as a standalone
application as well.
In order for this to work, I needed to remove the copy of
the library that's placed in $out/bin and marked executable
during the install phase. Other than the patched shebang and
executable bit, it's identical to the library that's installed to
$out/lib/python3.7/site-packages.
Before the postFixup has run `wrapPythonPrograms`, $out/bin contains
two Python files -- credstash and credstash.py -- where bin/credstash
is the executable you'd expect a user to invoke from the command-line
and bin/credstash.py contains the credstash module, which bin/credstash
imports.
After `wrapPythonPrograms` has run, bin/credstash is a shell
wrapper around the bin/.credstash-wrapped python entrypoint, and
bin/credstash.py is shell wrapper around bin/.credstash.py-wrapped.
Invoking bin/credstash execs bin/.credstash-wrapped, and that python
script attempts to import the credstash module from bin/credstash.py,
the shell wrapper, rather than either bin/.credstash.py-wrapped or
lib/python3.7/site-packages/credstash.py.
This leads to an error:
$ credstash get mykey
Traceback (most recent call last):
File "/nix/store/hk6yma716w6141lcdh509d6qyyi7zm0i-python3.7-credstash-1.15.0/bin/.credstash-wrapped", line 8, in <module>
from credstash import main
File "/nix/store/hk6yma716w6141lcdh509d6qyyi7zm0i-python3.7-credstash-1.15.0/bin/credstash.py", line 2
export PATH='/nix/store/6lm4gi5iv8fbf1b1mm6g3gfnnv63f1gn-python3-3.7.1/bin:/nix/store/hk6yma716w6141lcdh509d6qyyi7zm0i-python3.7-credstash-1.15.0/bin:/nix/store/2n13gf1zdr39ir5dynxlkqndxgy36g08-python3.7-setuptools-40.4.3/bin:/nix/store/mhnqwpa4y1l81zi4cwx989i8h8z9g67l-python3.7-jmespath-0.9.0/bin:/nix/store/qc6q3a2nv4211wyh7q319v6zzd3ab6pc-python3.7-docutils-0.14/bin'${PATH:+':'}$PATH
^
SyntaxError: invalid syntax
If we try using `dontWrapPythonPrograms` to resolve this, runtime
dependency lookups fail:
$ credstash get mykey
Traceback (most recent call last):
File "/run/current-system/sw/bin/credstash", line 7, in <module>
from credstash import main
File "/nix/store/8rmldlvlv1z1xl7w02dy7f5qhkzdrg8z-python3.7-credstash-1.15.0/bin/credstash.py", line 26, in <module>
import boto3
ModuleNotFoundError: No module named 'boto3'
I was able to resolve things by simply removing bin/credstash.py before
the postFixup phase has a chance to wrap any executables. Now the
executable imports the library correctly:
(shell wrapper)
bin/credstash
│ (python executable)
└─> bin/.credstash-wrapped
│ (python library)
└─> lib/python3.7/site-packages/credstash.py