From 2ab1f8ded899b9d3763eeb1ec52c1eb9eea326d6 Mon Sep 17 00:00:00 2001 From: Thomas Gerbet Date: Thu, 3 Jun 2021 23:25:14 +0200 Subject: [PATCH 01/45] gupnp: apply the patch for CVE-2021-33516 Fixes CVE-2021-33516. https://discourse.gnome.org/t/security-relevant-releases-for-gupnp-issue-cve-2021-33516/6536 (cherry picked from commit 78d2a14bb8ee82f7f7d227ab473646460d874159) --- pkgs/development/libraries/gupnp/default.nix | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/pkgs/development/libraries/gupnp/default.nix b/pkgs/development/libraries/gupnp/default.nix index bd8151d603e..c91d25123f6 100644 --- a/pkgs/development/libraries/gupnp/default.nix +++ b/pkgs/development/libraries/gupnp/default.nix @@ -1,5 +1,6 @@ { lib, stdenv , fetchurl +, fetchpatch , meson , ninja , pkg-config @@ -28,6 +29,14 @@ stdenv.mkDerivation rec { sha256 = "sha256-96AwfqUfXkTRuDL0k92QRURKOk4hHvhd/Zql3W6up9E="; }; + patches = [ + (fetchpatch { + name = "CVE-2021-33516.patch"; + url = "https://gitlab.gnome.org/GNOME/gupnp/-/commit/ca6ec9dcb26fd7a2a630eb6a68118659b589afac.patch"; + sha256 = "sha256-G7e/xNQB7Kp2fPzqVeD/cH3h1co9hZXh55QOUBnAnvU="; + }) + ]; + nativeBuildInputs = [ meson ninja From c383af78a118fd0528c8144f071bd86be74f6103 Mon Sep 17 00:00:00 2001 From: "R. RyanTM" Date: Sat, 5 Jun 2021 09:39:17 +0000 Subject: [PATCH 02/45] gnome.gnome-boxes: 40.1 -> 40.2 (cherry picked from commit 1c9adfdc815596ae4853a8a0776b0910ce3df180) --- pkgs/desktops/gnome/apps/gnome-boxes/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/desktops/gnome/apps/gnome-boxes/default.nix b/pkgs/desktops/gnome/apps/gnome-boxes/default.nix index 605275be7de..9ddd53ca429 100644 --- a/pkgs/desktops/gnome/apps/gnome-boxes/default.nix +++ b/pkgs/desktops/gnome/apps/gnome-boxes/default.nix @@ -53,11 +53,11 @@ stdenv.mkDerivation rec { pname = "gnome-boxes"; - version = "40.1"; + version = "40.2"; src = fetchurl { url = "mirror://gnome/sources/${pname}/${lib.versions.major version}/${pname}-${version}.tar.xz"; - sha256 = "seKPLH+3a/T7uGLQ1S6BG5TL6f8W8GdAiWRWhpCILvg="; + sha256 = "hzN1mi2GpWNnWWpTSQRjO4HKqlxFpWNtsulZDHFK6Nk="; }; doCheck = true; From e4a75d365457c38ef4fb4952dba46ad09162ce0b Mon Sep 17 00:00:00 2001 From: "R. RyanTM" Date: Sat, 5 Jun 2021 08:59:49 +0000 Subject: [PATCH 03/45] gnome.gnome-software: 40.1 -> 40.2 (cherry picked from commit 51f510882bce75effedf6922da13952741a92003) --- pkgs/desktops/gnome/core/gnome-software/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/desktops/gnome/core/gnome-software/default.nix b/pkgs/desktops/gnome/core/gnome-software/default.nix index 64cd214e809..226b251ec46 100644 --- a/pkgs/desktops/gnome/core/gnome-software/default.nix +++ b/pkgs/desktops/gnome/core/gnome-software/default.nix @@ -43,11 +43,11 @@ in stdenv.mkDerivation rec { pname = "gnome-software"; - version = "40.1"; + version = "40.2"; src = fetchurl { url = "mirror://gnome/sources/gnome-software/${lib.versions.major version}/${pname}-${version}.tar.xz"; - sha256 = "16q2902swxsjdxb1nj335sv1bb76rvq4w6dn4yszkwf3s0fd86in"; + sha256 = "y9HdKguvw/U93kIAPEpKA3RsuNZNxdJ+uNvmc27nJ5Y="; }; patches = [ From 67f11fe4a036275abf49151f6e88bf44ac90f6ad Mon Sep 17 00:00:00 2001 From: "R. RyanTM" Date: Sat, 5 Jun 2021 05:56:48 +0000 Subject: [PATCH 04/45] evolution-data-server: 3.40.1 -> 3.40.2 (cherry picked from commit c8b5bc9cbc4acb9e8325b8c18dbf5adcb4ab6745) --- pkgs/desktops/gnome/core/evolution-data-server/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/desktops/gnome/core/evolution-data-server/default.nix b/pkgs/desktops/gnome/core/evolution-data-server/default.nix index 0ed3565d7f0..8781a2aa7fd 100644 --- a/pkgs/desktops/gnome/core/evolution-data-server/default.nix +++ b/pkgs/desktops/gnome/core/evolution-data-server/default.nix @@ -6,13 +6,13 @@ stdenv.mkDerivation rec { pname = "evolution-data-server"; - version = "3.40.1"; + version = "3.40.2"; outputs = [ "out" "dev" ]; src = fetchurl { url = "mirror://gnome/sources/evolution-data-server/${lib.versions.majorMinor version}/${pname}-${version}.tar.xz"; - sha256 = "08iykha7zhk21b3axsp3v1jfwda612v0m8rz8zlzppm5i8s5ziza"; + sha256 = "7IKVFjnzKlzs6AqLC5qj9mt9MY4+4sHDUjTy4r3opBg="; }; patches = [ From e2b9878556cde75702ceec8b76b47828b81a7a22 Mon Sep 17 00:00:00 2001 From: "R. RyanTM" Date: Sat, 5 Jun 2021 07:57:40 +0000 Subject: [PATCH 05/45] gnome.gnome-calendar: 40.1 -> 40.2 (cherry picked from commit 356c50f0782ff9d933bbcfe753083a9b9702d4d6) --- pkgs/desktops/gnome/apps/gnome-calendar/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/desktops/gnome/apps/gnome-calendar/default.nix b/pkgs/desktops/gnome/apps/gnome-calendar/default.nix index 9c0b1f65976..da2e37e51fc 100644 --- a/pkgs/desktops/gnome/apps/gnome-calendar/default.nix +++ b/pkgs/desktops/gnome/apps/gnome-calendar/default.nix @@ -24,11 +24,11 @@ stdenv.mkDerivation rec { pname = "gnome-calendar"; - version = "40.1"; + version = "40.2"; src = fetchurl { url = "mirror://gnome/sources/${pname}/${lib.versions.major version}/${pname}-${version}.tar.xz"; - sha256 = "2M30n57uHDo8aZHDL4VjxKfE2w23ymPOUcyRjkM7M6U="; + sha256 = "njcB/UoOWJgA0iUgN3BkTzHVI0ZV9UqDqF/wVW3X6jM="; }; patches = [ From f2484c64f30e3eb6e453c18abe1a941e77b647df Mon Sep 17 00:00:00 2001 From: "R. RyanTM" Date: Sat, 5 Jun 2021 03:31:49 +0000 Subject: [PATCH 06/45] epiphany: 40.1 -> 40.2 (cherry picked from commit 006b7037ed92edd275254eda19a8d0c2a1e2762b) --- pkgs/desktops/gnome/core/epiphany/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/desktops/gnome/core/epiphany/default.nix b/pkgs/desktops/gnome/core/epiphany/default.nix index f286d384c4e..0b4191b2266 100644 --- a/pkgs/desktops/gnome/core/epiphany/default.nix +++ b/pkgs/desktops/gnome/core/epiphany/default.nix @@ -37,11 +37,11 @@ stdenv.mkDerivation rec { pname = "epiphany"; - version = "40.1"; + version = "40.2"; src = fetchurl { url = "mirror://gnome/sources/${pname}/${lib.versions.major version}/${pname}-${version}.tar.xz"; - sha256 = "1l0sb1xg16g4wg3z99xb0w2kbyczbn7q4mphs3w4lxq22xml4sk9"; + sha256 = "dRGeIgZWV89w7ytgPU9zg1VzvQNPHmGMD2YkeP1saDU="; }; nativeBuildInputs = [ From 6a36dabcfaf803b958793288810f0046694614ba Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Eduardo=20S=C3=A1nchez=20Mu=C3=B1oz?= Date: Wed, 30 Jun 2021 16:08:51 +0200 Subject: [PATCH 07/45] seafile-shared: 8.0.1 -> 8.0.3 (cherry picked from commit 7644ef6f57d005a47da37b8eb73df72f3f3b1256) --- pkgs/misc/seafile-shared/default.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/misc/seafile-shared/default.nix b/pkgs/misc/seafile-shared/default.nix index 15a129246e1..a94964d888d 100644 --- a/pkgs/misc/seafile-shared/default.nix +++ b/pkgs/misc/seafile-shared/default.nix @@ -13,13 +13,13 @@ stdenv.mkDerivation rec { pname = "seafile-shared"; - version = "8.0.1"; + version = "8.0.3"; src = fetchFromGitHub { owner = "haiwen"; repo = "seafile"; - rev = "d34499a2aafa024623a4210fe7f663cef13fe9a6"; - sha256 = "VKoGr3CTDFg3Q0X+MTlwa4BbfLB+28FeTyTJRCq37RA="; + rev = "v${version}"; + sha256 = "F6kLPWZb7FttyAP7pNEn+aRcAjvZlMNXrmuHMYa0Xig="; }; nativeBuildInputs = [ From 39e0ac53f8945d8c508c7492a14495e3f4e9b66a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Eduardo=20S=C3=A1nchez=20Mu=C3=B1oz?= Date: Wed, 30 Jun 2021 16:11:42 +0200 Subject: [PATCH 08/45] seafile-client: 8.0.1 -> 8.0.3 (cherry picked from commit 004d1683b883b126b0a604eb769757f41f098764) --- .../networking/seafile-client/default.nix | 17 ++++------------- 1 file changed, 4 insertions(+), 13 deletions(-) diff --git a/pkgs/applications/networking/seafile-client/default.nix b/pkgs/applications/networking/seafile-client/default.nix index 6b73f03531d..f17d1fa3ae7 100644 --- a/pkgs/applications/networking/seafile-client/default.nix +++ b/pkgs/applications/networking/seafile-client/default.nix @@ -1,27 +1,18 @@ -{ mkDerivation, lib, fetchFromGitHub, fetchpatch, pkg-config, cmake, qtbase, qttools +{ mkDerivation, lib, fetchFromGitHub, pkg-config, cmake, qtbase, qttools , seafile-shared, jansson, libsearpc , withShibboleth ? true, qtwebengine }: mkDerivation rec { pname = "seafile-client"; - version = "8.0.1"; + version = "8.0.3"; src = fetchFromGitHub { owner = "haiwen"; repo = "seafile-client"; - rev = "b4b944921c7efef13a93d693c45c997943899dec"; - sha256 = "2vV+6ZXjVg81JVLfWeD0UK+RdmpBxBU2Ozx790WFSyw="; + rev = "v${version}"; + sha256 = "lhdKbR19ScNeezICf7vwZaeJikPjwbqrz42bo4lhxJs="; }; - patches = [ - # Fix compilation failure with "error: template with C linkage", fixes #122505 - (fetchpatch { - url = "https://aur.archlinux.org/cgit/aur.git/plain/fix_build_with_glib2.diff?h=seafile-client&id=7be253aaa2bdb6771721f45aa08bc875c8001c5a"; - name = "fix_build_with_glib2.diff"; - sha256 = "0hl7rcqfr8k62c1pr133bp3j63b905izaaggmgvr1af4jibal05v"; - }) - ]; - nativeBuildInputs = [ pkg-config cmake ]; buildInputs = [ qtbase qttools seafile-shared jansson libsearpc ] ++ lib.optional withShibboleth qtwebengine; From 4ab3794325fbc099d1804c74f5454eff0dc21f77 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Eduardo=20S=C3=A1nchez=20Mu=C3=B1oz?= Date: Sat, 3 Jul 2021 12:38:52 +0200 Subject: [PATCH 09/45] seafile-shared: update source hash It looks like the tag has been modified (cherry picked from commit 8f901848bf509d3719c1805350194e301523b027) --- pkgs/misc/seafile-shared/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/misc/seafile-shared/default.nix b/pkgs/misc/seafile-shared/default.nix index a94964d888d..cc6d0ced6d1 100644 --- a/pkgs/misc/seafile-shared/default.nix +++ b/pkgs/misc/seafile-shared/default.nix @@ -19,7 +19,7 @@ stdenv.mkDerivation rec { owner = "haiwen"; repo = "seafile"; rev = "v${version}"; - sha256 = "F6kLPWZb7FttyAP7pNEn+aRcAjvZlMNXrmuHMYa0Xig="; + sha256 = "QflLh3fj+jOq/8etr9aG8LGrvtIlB/htVkWbdO+GIbM="; }; nativeBuildInputs = [ From 4e3128d349b141267895ba2345f69f5312791913 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Eduardo=20S=C3=A1nchez=20Mu=C3=B1oz?= Date: Sat, 3 Jul 2021 12:42:02 +0200 Subject: [PATCH 10/45] seafile-client: update source hash It looks like the tag has been modified (cherry picked from commit 1a4c9851c2b79c4d181d9c306476714ce6a217c9) --- pkgs/applications/networking/seafile-client/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/applications/networking/seafile-client/default.nix b/pkgs/applications/networking/seafile-client/default.nix index f17d1fa3ae7..446da4cdea3 100644 --- a/pkgs/applications/networking/seafile-client/default.nix +++ b/pkgs/applications/networking/seafile-client/default.nix @@ -10,7 +10,7 @@ mkDerivation rec { owner = "haiwen"; repo = "seafile-client"; rev = "v${version}"; - sha256 = "lhdKbR19ScNeezICf7vwZaeJikPjwbqrz42bo4lhxJs="; + sha256 = "cG3OSqRhYnxlzfauQia6pM/1gu+iE5mtHTGk3kGMFH0="; }; nativeBuildInputs = [ pkg-config cmake ]; From 863262a874935225f80ef1ed840632f459fcd749 Mon Sep 17 00:00:00 2001 From: Mark Vainomaa Date: Sun, 16 May 2021 23:45:37 +0300 Subject: [PATCH 11/45] docker: 20.10.2 -> 20.10.6 (cherry picked from commit 3620b33d0b61a24ccacb312982a5b1e810904c29) --- .../virtualization/docker/default.nix | 18 ++++++++---------- 1 file changed, 8 insertions(+), 10 deletions(-) diff --git a/pkgs/applications/virtualization/docker/default.nix b/pkgs/applications/virtualization/docker/default.nix index 6b72653c347..54db586187a 100644 --- a/pkgs/applications/virtualization/docker/default.nix +++ b/pkgs/applications/virtualization/docker/default.nix @@ -163,8 +163,6 @@ rec { postPatch = '' patchShebangs . substituteInPlace ./scripts/build/.variables --replace "set -eu" "" - substituteInPlace ./scripts/docs/generate-man.sh --replace "-v md2man" "-v go-md2man" - substituteInPlace ./man/md2man-all.sh --replace md2man go-md2man '' + optionalString buildxSupport '' substituteInPlace ./cli-plugins/manager/manager_unix.go --replace /usr/libexec/docker/cli-plugins \ ${lib.strings.makeSearchPathOutput "bin" "libexec/docker/cli-plugins" [docker-buildx]} @@ -222,20 +220,20 @@ rec { # Get revisions from # https://github.com/moby/moby/tree/${version}/hack/dockerfile/install/* docker_20_10 = callPackage dockerGen rec { - version = "20.10.2"; + version = "20.10.6"; rev = "v${version}"; - sha256 = "0z0hpm5hrqh7p8my8lmiwpym2shs48my6p0zv2cc34wym0hcly51"; + sha256 = "15kknb26vyzjgqmn8r81a1sy1i5br6bvngqd5xljihppnxvp2gvl"; moby-src = fetchFromGitHub { owner = "moby"; repo = "moby"; rev = "v${version}"; - sha256 = "0c2zycpnwj4kh8m8xckv1raj3fx07q9bfaj46rr85jihm4p2dp5w"; + sha256 = "1l4ra9bsvydaxd2fy7dgxp7ynpp0mrlwvcdhxiafw596559ab6qk"; }; - runcRev = "ff819c7e9184c13b7c2607fe6c30ae19403a7aff"; # v1.0.0-rc92 - runcSha256 = "0r4zbxbs03xr639r7848282j1ybhibfdhnxyap9p76j5w8ixms94"; - containerdRev = "269548fa27e0089a8b8278fc4fc781d7f65a939b"; # v1.4.3 - containerdSha256 = "09xvhjg5f8h90w1y94kqqnqzhbhd62dcdd9wb9sdqakisjk6zrl0"; - tiniRev = "de40ad007797e0dcd8b7126f27bb87401d224240"; # v0.19.0 + runcRev = "v1.0.0-rc94"; + runcSha256 = "0f11zr2d3bnycd6rmb1cynhy9zh169yj6kcn5s22wz2j6grghwz7"; + containerdRev = "v1.5.1"; + containerdSha256 = "1jwz53cpi9sxjsd1qr3sji1jai9wh3kfwspsgxnijhjs0bz8gvyn"; + tiniRev = "v0.19.0"; tiniSha256 = "1h20i3wwlbd8x4jr2gz68hgklh0lb0jj7y5xk1wvr8y58fip1rdn"; }; } From 0e0356c8b79b214fc38355ac567e3a2dd8e30c58 Mon Sep 17 00:00:00 2001 From: Mark Vainomaa Date: Tue, 18 May 2021 14:43:05 +0300 Subject: [PATCH 12/45] docker: drop unused argument, use pname instead of name (cherry picked from commit aacce6cc4bc962d6e435016c5427e3ed4a51c983) --- pkgs/applications/virtualization/docker/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/applications/virtualization/docker/default.nix b/pkgs/applications/virtualization/docker/default.nix index 54db586187a..de57e5f51ee 100644 --- a/pkgs/applications/virtualization/docker/default.nix +++ b/pkgs/applications/virtualization/docker/default.nix @@ -10,7 +10,7 @@ rec { , containerdRev, containerdSha256 , tiniRev, tiniSha256, buildxSupport ? false # package dependencies - , stdenv, fetchFromGitHub, fetchpatch, buildGoPackage + , stdenv, fetchFromGitHub, buildGoPackage , makeWrapper, installShellFiles, pkg-config , go-md2man, go, containerd, runc, docker-proxy, tini, libtool , sqlite, iproute2, lvm2, systemd, docker-buildx @@ -124,7 +124,7 @@ rec { }) // rec { inherit version rev; - name = "docker-${version}"; + pname = "docker"; src = fetchFromGitHub { owner = "docker"; From ba333b130b19e5ed04f27e6fa7865951b441a950 Mon Sep 17 00:00:00 2001 From: Mark Vainomaa Date: Wed, 19 May 2021 01:55:31 +0300 Subject: [PATCH 13/45] docker: use commit hashes instead of tags, fix containerd sha256 (cherry picked from commit 0068eea01f2462e327ffbe858c34e7a945f1d3be) --- pkgs/applications/virtualization/docker/default.nix | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/pkgs/applications/virtualization/docker/default.nix b/pkgs/applications/virtualization/docker/default.nix index de57e5f51ee..863ca59ed22 100644 --- a/pkgs/applications/virtualization/docker/default.nix +++ b/pkgs/applications/virtualization/docker/default.nix @@ -229,11 +229,11 @@ rec { rev = "v${version}"; sha256 = "1l4ra9bsvydaxd2fy7dgxp7ynpp0mrlwvcdhxiafw596559ab6qk"; }; - runcRev = "v1.0.0-rc94"; + runcRev = "2c7861bc5e1b3e756392236553ec14a78a09f8bf"; # v1.0.0-rc94 runcSha256 = "0f11zr2d3bnycd6rmb1cynhy9zh169yj6kcn5s22wz2j6grghwz7"; - containerdRev = "v1.5.1"; - containerdSha256 = "1jwz53cpi9sxjsd1qr3sji1jai9wh3kfwspsgxnijhjs0bz8gvyn"; - tiniRev = "v0.19.0"; + containerdRev = "12dca9790f4cb6b18a6a7a027ce420145cb98ee7"; # v1.5.1 + containerdSha256 = "16q34yiv5q98b9d5vgy1lmmppg8agrmnfd1kzpakkf4czkws0p4d"; + tiniRev = "de40ad007797e0dcd8b7126f27bb87401d224240"; # v0.19.0 tiniSha256 = "1h20i3wwlbd8x4jr2gz68hgklh0lb0jj7y5xk1wvr8y58fip1rdn"; }; } From ee02d8d854d2af77edc45bc174fdaefc2dc01909 Mon Sep 17 00:00:00 2001 From: Mark Vainomaa Date: Thu, 20 May 2021 00:37:33 +0300 Subject: [PATCH 14/45] docker: bump runc to 1.0-rc95, fixing CVE-2021-30465 (cherry picked from commit 53600565fdb811bc7ac59d73eb59065d575658f2) --- pkgs/applications/virtualization/docker/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/applications/virtualization/docker/default.nix b/pkgs/applications/virtualization/docker/default.nix index 863ca59ed22..bec51af81ac 100644 --- a/pkgs/applications/virtualization/docker/default.nix +++ b/pkgs/applications/virtualization/docker/default.nix @@ -229,8 +229,8 @@ rec { rev = "v${version}"; sha256 = "1l4ra9bsvydaxd2fy7dgxp7ynpp0mrlwvcdhxiafw596559ab6qk"; }; - runcRev = "2c7861bc5e1b3e756392236553ec14a78a09f8bf"; # v1.0.0-rc94 - runcSha256 = "0f11zr2d3bnycd6rmb1cynhy9zh169yj6kcn5s22wz2j6grghwz7"; + runcRev = "b9ee9c6314599f1b4a7f497e1f1f856fe433d3b7"; # v1.0.0-rc95 + runcSha256 = "18sbvmlvb6kird4w3rqsfrjdj7n25firabvdxsl0rxjfy9r1g2xb"; containerdRev = "12dca9790f4cb6b18a6a7a027ce420145cb98ee7"; # v1.5.1 containerdSha256 = "16q34yiv5q98b9d5vgy1lmmppg8agrmnfd1kzpakkf4czkws0p4d"; tiniRev = "de40ad007797e0dcd8b7126f27bb87401d224240"; # v0.19.0 From 49cd45c508333e7c69f214c8fe03a5ff637fce95 Mon Sep 17 00:00:00 2001 From: Marc 'risson' Schmitt Date: Fri, 28 May 2021 22:12:47 +0200 Subject: [PATCH 15/45] nixos/unbound: fix define-tag option Signed-off-by: Marc 'risson' Schmitt (cherry picked from commit 6b12cff0b5746af364066d1bcb2bc2563e978aa8) --- nixos/modules/services/networking/unbound.nix | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/nixos/modules/services/networking/unbound.nix b/nixos/modules/services/networking/unbound.nix index 09aef9a1dcf..6d7178047ea 100644 --- a/nixos/modules/services/networking/unbound.nix +++ b/nixos/modules/services/networking/unbound.nix @@ -21,7 +21,15 @@ let )) else throw (traceSeq v "services.unbound.settings: unexpected type"); - confFile = pkgs.writeText "unbound.conf" (concatStringsSep "\n" ((mapAttrsToList (toConf "") cfg.settings) ++ [""])); + confNoServer = concatStringsSep "\n" ((mapAttrsToList (toConf "") (builtins.removeAttrs cfg.settings [ "server" ])) ++ [""]); + confServer = concatStringsSep "\n" (mapAttrsToList (toConf " ") (builtins.removeAttrs cfg.settings.server [ "define-tag" ])); + + confFile = pkgs.writeText "unbound.conf" '' + server: + ${optionalString (cfg.settings.server.define-tag != "") (toOption " " "define-tag" cfg.settings.server.define-tag)} + ${confServer} + ${confNoServer} + ''; rootTrustAnchorFile = "${cfg.stateDir}/root.key"; @@ -170,6 +178,7 @@ in { # prevent race conditions on system startup when interfaces are not yet # configured ip-freebind = mkDefault true; + define-tag = mkDefault ""; }; remote-control = { control-enable = mkDefault false; From 0006f72f880bc2cd02b0f95a931ffa9ae2e4abc3 Mon Sep 17 00:00:00 2001 From: oxalica Date: Wed, 21 Jul 2021 00:11:21 +0800 Subject: [PATCH 16/45] tdesktop: use bundled libtgvoip (cherry picked from commit 2a12ba467c49bd8885f3726fca061574a4d816cb) --- .../instant-messengers/telegram/tdesktop/default.nix | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/pkgs/applications/networking/instant-messengers/telegram/tdesktop/default.nix b/pkgs/applications/networking/instant-messengers/telegram/tdesktop/default.nix index 27af9698788..9766a198732 100644 --- a/pkgs/applications/networking/instant-messengers/telegram/tdesktop/default.nix +++ b/pkgs/applications/networking/instant-messengers/telegram/tdesktop/default.nix @@ -2,7 +2,7 @@ , pkg-config, cmake, ninja, python3, wrapGAppsHook, wrapQtAppsHook, removeReferencesTo , qtbase, qtimageformats, gtk3, libsForQt5, enchant2, lz4, xxHash , dee, ffmpeg, openalSoft, minizip, libopus, alsaLib, libpulseaudio, range-v3 -, tl-expected, hunspell, glibmm, webkitgtk, libtgvoip +, tl-expected, hunspell, glibmm, webkitgtk # Transitive dependencies: , pcre, xorg, util-linux, libselinux, libsepol, epoxy , at-spi2-core, libXtst, libthai, libdatrie @@ -59,7 +59,7 @@ in mkDerivation rec { qtbase qtimageformats gtk3 libsForQt5.kwayland libsForQt5.libdbusmenu enchant2 lz4 xxHash dee ffmpeg openalSoft minizip libopus alsaLib libpulseaudio range-v3 tl-expected hunspell glibmm webkitgtk - tg_owt libtgvoip + tg_owt # Transitive dependencies: pcre xorg.libpthreadstubs xorg.libXdmcp util-linux libselinux libsepol epoxy at-spi2-core libXtst libthai libdatrie libsysprof-capture libpsl brotli @@ -70,7 +70,6 @@ in mkDerivation rec { # We're allowed to used the API ID of the Snap package: "-DTDESKTOP_API_ID=611335" "-DTDESKTOP_API_HASH=d524b414d21f4d37f08684c1df41ac9c" - #"-DDESKTOP_APP_SPECIAL_TARGET=\"\"" # TODO: Error when set to "": Bad special target '""' "-DTDESKTOP_LAUNCHER_BASENAME=telegramdesktop" # Note: This is the default ]; @@ -115,7 +114,7 @@ in mkDerivation rec { license = licenses.gpl3; platforms = platforms.linux; homepage = "https://desktop.telegram.org/"; - changelog = "https://github.com/telegramdesktop/tdesktop/releases/tag/v{version}"; - maintainers = with maintainers; [ primeos abbradar ]; + changelog = "https://github.com/telegramdesktop/tdesktop/releases/tag/v${version}"; + maintainers = with maintainers; [ primeos abbradar oxalica ]; }; } From e0952c6afdc9dd0e4c5ebdb049ab2d3f8fc1a3bf Mon Sep 17 00:00:00 2001 From: oxalica Date: Fri, 23 Jul 2021 05:15:37 +0800 Subject: [PATCH 17/45] tdesktop: patch dlopen paths (cherry picked from commit 6019d8abff9e4cc31001d2b9a55088bdefa245cd) --- .../instant-messengers/telegram/tdesktop/default.nix | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/pkgs/applications/networking/instant-messengers/telegram/tdesktop/default.nix b/pkgs/applications/networking/instant-messengers/telegram/tdesktop/default.nix index 9766a198732..32f0b480fb4 100644 --- a/pkgs/applications/networking/instant-messengers/telegram/tdesktop/default.nix +++ b/pkgs/applications/networking/instant-messengers/telegram/tdesktop/default.nix @@ -47,6 +47,13 @@ in mkDerivation rec { --replace '"libenchant-2.so.2"' '"${enchant2}/lib/libenchant-2.so.2"' substituteInPlace Telegram/CMakeLists.txt \ --replace '"''${TDESKTOP_LAUNCHER_BASENAME}.appdata.xml"' '"''${TDESKTOP_LAUNCHER_BASENAME}.metainfo.xml"' + + substituteInPlace Telegram/ThirdParty/libtgvoip/os/linux/AudioInputALSA.cpp \ + --replace '"libasound.so.2"' '"${alsaLib}/lib/libasound.so.2"' + substituteInPlace Telegram/ThirdParty/libtgvoip/os/linux/AudioOutputALSA.cpp \ + --replace '"libasound.so.2"' '"${alsaLib}/lib/libasound.so.2"' + substituteInPlace Telegram/ThirdParty/libtgvoip/os/linux/AudioPulse.cpp \ + --replace '"libpulse.so.0"' '"${libpulseaudio}/lib/libpulse.so.0"' ''; # We want to run wrapProgram manually (with additional parameters) From 18f9a94bcd4d54e145462f292963af7aae1d8c94 Mon Sep 17 00:00:00 2001 From: oxalica Date: Fri, 23 Jul 2021 05:17:14 +0800 Subject: [PATCH 18/45] tdesktop: bundle the default font It's worth to think about setting -DDESKTOP_APP_USE_PACKAGED_FONTS=OFF since it's impossible to install fonts as dependencies of packages with Nix and tdesktop's widgets are developed only with Open Sans in mind (it has a lot of hardcoded values and wide fonts like DejaVu may even go out of widgets' bounds) https://github.com/NixOS/nixpkgs/pull/130827#issuecomment-885212649 (cherry picked from commit 27585b98971f8180e12592e694d38a19c072d1bf) --- .../networking/instant-messengers/telegram/tdesktop/default.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/pkgs/applications/networking/instant-messengers/telegram/tdesktop/default.nix b/pkgs/applications/networking/instant-messengers/telegram/tdesktop/default.nix index 32f0b480fb4..5997de14edb 100644 --- a/pkgs/applications/networking/instant-messengers/telegram/tdesktop/default.nix +++ b/pkgs/applications/networking/instant-messengers/telegram/tdesktop/default.nix @@ -78,6 +78,8 @@ in mkDerivation rec { "-DTDESKTOP_API_ID=611335" "-DTDESKTOP_API_HASH=d524b414d21f4d37f08684c1df41ac9c" "-DTDESKTOP_LAUNCHER_BASENAME=telegramdesktop" # Note: This is the default + # See: https://github.com/NixOS/nixpkgs/pull/130827#issuecomment-885212649 + "-DDESKTOP_APP_USE_PACKAGED_FONTS=OFF" ]; # Note: The following packages could be packaged system-wide, but it's From 31f84bb17a9e65b2cee1874874407a8fd115f321 Mon Sep 17 00:00:00 2001 From: Martin Weinelt Date: Sun, 25 Jul 2021 00:04:08 +0200 Subject: [PATCH 19/45] apache-directory-studio: 2.0.0-M15 -> 2.0.0-M17 (cherry picked from commit 6d318b6585c5b12244c91b82e12c732356e4959a) --- .../networking/apache-directory-studio/default.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/applications/networking/apache-directory-studio/default.nix b/pkgs/applications/networking/apache-directory-studio/default.nix index 18f9a7990c3..b37039c94d2 100644 --- a/pkgs/applications/networking/apache-directory-studio/default.nix +++ b/pkgs/applications/networking/apache-directory-studio/default.nix @@ -10,8 +10,8 @@ let genericName = "Apache Directory Studio"; categories = "Java;Network"; }; - version = "2.0.0-M15"; - versionWithDate = "2.0.0.v20200411-M15"; + version = "2.0.0-M17"; + versionWithDate = "2.0.0.v20210717-M17"; in stdenv.mkDerivation rec { pname = "apache-directory-studio"; @@ -21,7 +21,7 @@ stdenv.mkDerivation rec { if stdenv.hostPlatform.system == "x86_64-linux" then fetchurl { url = "mirror://apache/directory/studio/${versionWithDate}/ApacheDirectoryStudio-${versionWithDate}-linux.gtk.x86_64.tar.gz"; - sha256 = "1rkyb0qcsl9hk2qcwp5mwaab69q3sn77v5xyn9mbvi5wg9icbc37"; + sha256 = "19zdspzv4n3mfgb1g45s3wh0vbvn6a9zjd4xi5x2afmdjkzlwxi4"; } else throw "Unsupported system: ${stdenv.hostPlatform.system}"; From ae6a552c882f8ea78dab74f94e4b335d542fdc9e Mon Sep 17 00:00:00 2001 From: Angus Trau Date: Sun, 25 Jul 2021 17:14:03 +1000 Subject: [PATCH 20/45] zoom-us: 5.7.26030.0627 -> 5.7.28852.0718 (cherry picked from commit c2461f0d67efbd642d647e827c8f234f15386fa1) --- .../networking/instant-messengers/zoom-us/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/applications/networking/instant-messengers/zoom-us/default.nix b/pkgs/applications/networking/instant-messengers/zoom-us/default.nix index 44bbbeece30..9e7593c1fb8 100644 --- a/pkgs/applications/networking/instant-messengers/zoom-us/default.nix +++ b/pkgs/applications/networking/instant-messengers/zoom-us/default.nix @@ -29,11 +29,11 @@ assert pulseaudioSupport -> libpulseaudio != null; let - version = "5.6.16888.0424"; + version = "5.7.28852.0718"; srcs = { x86_64-linux = fetchurl { url = "https://zoom.us/client/${version}/zoom_x86_64.pkg.tar.xz"; - sha256 = "H/G9cSVmxYM0AVfrdpXzm7ohssDbKq2xdvIBc4d+elc="; + sha256 = "NoB9qxsuGsiwsZ3Y+F3WZpszujPBX/nehtFFI+KPV5E="; }; }; From 43aa33d9c2bcebf345e8158b4bc99fb49e8f83dd Mon Sep 17 00:00:00 2001 From: Luke Granger-Brown Date: Sun, 25 Jul 2021 08:53:56 +0100 Subject: [PATCH 21/45] google-chrome: avoid crash under some situations If our Chrome derivation is Vulkan enabled, the Chrome GPU process reliably crashes for me under M92 using the proprietary Nvidia drivers. This is because the PCI-based GPU detection path fails, and we attempt to use the Vulkan fallback instead, which then crashes(!!) Including libpci allows us to use Angle's src/gpu_info_util/SystemInfo_libpci.cpp path instead, which doesn't crash, unlike src/gpu_info_util/SystemInfo_vulkan.cpp. (cherry picked from commit 51d83077ffbca115265b04853e244179713c6518) --- .../networking/browsers/google-chrome/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/applications/networking/browsers/google-chrome/default.nix b/pkgs/applications/networking/browsers/google-chrome/default.nix index a7b9ddd07d0..e6e7629ea25 100644 --- a/pkgs/applications/networking/browsers/google-chrome/default.nix +++ b/pkgs/applications/networking/browsers/google-chrome/default.nix @@ -18,7 +18,7 @@ , systemd # Loaded at runtime. -, libexif +, libexif, pciutils # Additional dependencies according to other distros. ## Ubuntu @@ -62,7 +62,7 @@ let alsaLib libXdamage libXtst libXrandr libxshmfence expat cups dbus gdk-pixbuf gcc-unwrapped.lib systemd - libexif + libexif pciutils liberation_ttf curl util-linux xdg-utils wget flac harfbuzz icu libpng opusWithCustomModes snappy speechd bzip2 libcap at-spi2-atk at-spi2-core From 385d6c0d609ea50ba88dba917066ea9c6961fafa Mon Sep 17 00:00:00 2001 From: Michael Weiss Date: Fri, 11 Jun 2021 11:44:24 +0200 Subject: [PATCH 22/45] chromiumBeta: 92.0.4515.40 -> 92.0.4515.51 (cherry picked from commit 558cb984de748cdf86f08c8bf5d410390d2503ec) --- .../networking/browsers/chromium/upstream-info.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/applications/networking/browsers/chromium/upstream-info.json b/pkgs/applications/networking/browsers/chromium/upstream-info.json index eaf86f8a1ff..edadcd8cb82 100644 --- a/pkgs/applications/networking/browsers/chromium/upstream-info.json +++ b/pkgs/applications/networking/browsers/chromium/upstream-info.json @@ -18,9 +18,9 @@ } }, "beta": { - "version": "92.0.4515.40", - "sha256": "1v0vmnzdqq7d2rqp1sam8nk7z20xg5l9lnlpqjxj30y8k37gzh8p", - "sha256bin64": "0i3plysx51n2gsm5vbf9666rz73pqbbns7v09wznbbncvw9zngrf", + "version": "92.0.4515.51", + "sha256": "0x9c5fy95wnri9z0s8pbwyq1lw684n7d70l1s2rp5yxh0snannxg", + "sha256bin64": "036km5dp7asq5n86qx7c9119mdch7sl89lhq1ffss0f4mzcq42yd", "deps": { "gn": { "version": "2021-05-07", From 08c330473e6691a89704f91283daffc46cb9c2ee Mon Sep 17 00:00:00 2001 From: Michael Weiss Date: Wed, 16 Jun 2021 12:54:22 +0200 Subject: [PATCH 23/45] chromiumDev: 93.0.4535.3 -> 93.0.4542.2 (cherry picked from commit 0876f689d75ab65caee1c1ba02ca1be65732a90f) --- .../networking/browsers/chromium/upstream-info.json | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/pkgs/applications/networking/browsers/chromium/upstream-info.json b/pkgs/applications/networking/browsers/chromium/upstream-info.json index edadcd8cb82..144b1a9661e 100644 --- a/pkgs/applications/networking/browsers/chromium/upstream-info.json +++ b/pkgs/applications/networking/browsers/chromium/upstream-info.json @@ -31,15 +31,15 @@ } }, "dev": { - "version": "93.0.4535.3", - "sha256": "19iy4p59n0pg9s39g614y4yxh5f6h86bcp471qdnm6fvzmzcxd18", - "sha256bin64": "16q9s8l20bmr2n0y3pi505l5hbhbmpi8kh47aylj5gzk1nr30a8r", + "version": "93.0.4542.2", + "sha256": "0sfyi52kaxg5mllcvn61285fjnj72vglv9fjf36ri93v6gh34rgw", + "sha256bin64": "0hk31b9nk834gykv977dv7f1hyl7jp527bx5ldxhwcy27333h1hr", "deps": { "gn": { - "version": "2021-05-07", + "version": "2021-06-11", "url": "https://gn.googlesource.com/gn", - "rev": "39a87c0b36310bdf06b692c098f199a0d97fc810", - "sha256": "0x63jr5hssm9dl6la4q5ahy669k4gxvbapqxi5w32vv107jrj8v4" + "rev": "e0c476ffc83dc10897cb90b45c03ae2539352c5c", + "sha256": "01p5w57kksihzg9nb5096a74cw2rp8zzgdjcjm1pgrqvd1mxpjm4" } } }, From dcf696ee71f8f38d986ba35b5aef0a291da164b5 Mon Sep 17 00:00:00 2001 From: Michael Weiss Date: Thu, 17 Jun 2021 12:29:30 +0200 Subject: [PATCH 24/45] chromiumBeta: 92.0.4515.51 -> 92.0.4515.59 (cherry picked from commit 28b48376b992a2126dfa79ddfbcc6c60d5c62438) --- .../networking/browsers/chromium/upstream-info.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/applications/networking/browsers/chromium/upstream-info.json b/pkgs/applications/networking/browsers/chromium/upstream-info.json index 144b1a9661e..9176cc8349e 100644 --- a/pkgs/applications/networking/browsers/chromium/upstream-info.json +++ b/pkgs/applications/networking/browsers/chromium/upstream-info.json @@ -18,9 +18,9 @@ } }, "beta": { - "version": "92.0.4515.51", - "sha256": "0x9c5fy95wnri9z0s8pbwyq1lw684n7d70l1s2rp5yxh0snannxg", - "sha256bin64": "036km5dp7asq5n86qx7c9119mdch7sl89lhq1ffss0f4mzcq42yd", + "version": "92.0.4515.59", + "sha256": "0lpmd4sybr9qxqj7ab25xjliaw2dk9njnik51gdffrrwphv9qdxb", + "sha256bin64": "0qq9a3pzyn5d6bagx3py86ksl8n488lmlrmadgam2gb7421jq71a", "deps": { "gn": { "version": "2021-05-07", From 4ee0ab1564c58d493b33a02ecea82bbb32be8544 Mon Sep 17 00:00:00 2001 From: Michael Weiss Date: Fri, 18 Jun 2021 15:55:37 +0200 Subject: [PATCH 25/45] chromiumDev: Fix building from the release tarball See https://bugs.chromium.org/p/chromium/issues/detail?id=1215229. Before this the build failed with this error: [101/47617] ACTION //build/util:chromium_git_revision(//build/toolchain/linux/unbundle:default)oaded_data.pbchain/linux/unbundle:default) FAILED: gen/build/util/chromium_git_revision.h python3 ../../build/util/lastchange.py --header gen/build/util/chromium_git_revision.h --revision-id-only --revision-id-prefix @ -m\ CHROMIUM_GIT_REVISION ERROR:root:Failed to get git top directory from '/build/chromium-93.0.4542.2/build/util': Git command 'git git rev-parse --show-toplevel' in /build/chromium-93.0.4542.2/build/util failed: [Errno 2] No such file or directory: 'git' (cherry picked from commit 8af443906d795aa562839f4968566dd58b76c0fd) --- pkgs/applications/networking/browsers/chromium/common.nix | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/pkgs/applications/networking/browsers/chromium/common.nix b/pkgs/applications/networking/browsers/chromium/common.nix index c2417d9f524..e276fd107c6 100644 --- a/pkgs/applications/networking/browsers/chromium/common.nix +++ b/pkgs/applications/networking/browsers/chromium/common.nix @@ -175,6 +175,12 @@ let sha256 = "1bxdhxmiy6h4acq26lq43x2mxx6rawmfmlgsh5j7w8kyhkw5af0c"; revert = true; }) + # To fix building from a release tarball (which we do): + (githubPatch { + # Revert back to generating chromium_git_revision.h via version.py + commit = "bd524d08f8465364d12d32a84fd1aa983aecc502"; + sha256 = "1jsxidg5jzwkrcpx3lylx4gyg56zjyd7sc957kaaqqc853bn83b4"; + }) ]; postPatch = '' From 04accba48c91113a6462d187d066b9d5a7701ff3 Mon Sep 17 00:00:00 2001 From: Michael Weiss Date: Tue, 22 Jun 2021 23:56:53 +0200 Subject: [PATCH 26/45] chromiumDev: 93.0.4542.2 -> 93.0.4549.3 (cherry picked from commit c8fe353d8be0cb96e91fae004afb0b2d7b02c502) --- .../networking/browsers/chromium/common.nix | 6 ------ .../networking/browsers/chromium/upstream-info.json | 12 ++++++------ 2 files changed, 6 insertions(+), 12 deletions(-) diff --git a/pkgs/applications/networking/browsers/chromium/common.nix b/pkgs/applications/networking/browsers/chromium/common.nix index e276fd107c6..c2417d9f524 100644 --- a/pkgs/applications/networking/browsers/chromium/common.nix +++ b/pkgs/applications/networking/browsers/chromium/common.nix @@ -175,12 +175,6 @@ let sha256 = "1bxdhxmiy6h4acq26lq43x2mxx6rawmfmlgsh5j7w8kyhkw5af0c"; revert = true; }) - # To fix building from a release tarball (which we do): - (githubPatch { - # Revert back to generating chromium_git_revision.h via version.py - commit = "bd524d08f8465364d12d32a84fd1aa983aecc502"; - sha256 = "1jsxidg5jzwkrcpx3lylx4gyg56zjyd7sc957kaaqqc853bn83b4"; - }) ]; postPatch = '' diff --git a/pkgs/applications/networking/browsers/chromium/upstream-info.json b/pkgs/applications/networking/browsers/chromium/upstream-info.json index 9176cc8349e..7739add5005 100644 --- a/pkgs/applications/networking/browsers/chromium/upstream-info.json +++ b/pkgs/applications/networking/browsers/chromium/upstream-info.json @@ -31,15 +31,15 @@ } }, "dev": { - "version": "93.0.4542.2", - "sha256": "0sfyi52kaxg5mllcvn61285fjnj72vglv9fjf36ri93v6gh34rgw", - "sha256bin64": "0hk31b9nk834gykv977dv7f1hyl7jp527bx5ldxhwcy27333h1hr", + "version": "93.0.4549.3", + "sha256": "0bkr67n1d75ayd1d9sa57c99j85r83gadzfs8iw7kwiha9g0mjgp", + "sha256bin64": "1hac6m668nrdzvfqx3vyc74pnx8lf973m1jxnm3cfy83g7wynphz", "deps": { "gn": { - "version": "2021-06-11", + "version": "2021-06-18", "url": "https://gn.googlesource.com/gn", - "rev": "e0c476ffc83dc10897cb90b45c03ae2539352c5c", - "sha256": "01p5w57kksihzg9nb5096a74cw2rp8zzgdjcjm1pgrqvd1mxpjm4" + "rev": "170c2dba1e0c0299fe8c6a441caf2f2352a42ae0", + "sha256": "1ylx8a5fxq7aciqs0mx7fld763sqkqn39lb9k951w6gksm15lrn3" } } }, From d6b4569f806e72382afe67e4f61e9a64b6e8ac53 Mon Sep 17 00:00:00 2001 From: Michael Weiss Date: Thu, 24 Jun 2021 15:16:19 +0200 Subject: [PATCH 27/45] chromiumBeta: 92.0.4515.59 -> 92.0.4515.70 (cherry picked from commit e829ab8d659cd9e8c574bd366dadaefbef8793e7) --- .../networking/browsers/chromium/upstream-info.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/applications/networking/browsers/chromium/upstream-info.json b/pkgs/applications/networking/browsers/chromium/upstream-info.json index 7739add5005..0f484ff9264 100644 --- a/pkgs/applications/networking/browsers/chromium/upstream-info.json +++ b/pkgs/applications/networking/browsers/chromium/upstream-info.json @@ -18,9 +18,9 @@ } }, "beta": { - "version": "92.0.4515.59", - "sha256": "0lpmd4sybr9qxqj7ab25xjliaw2dk9njnik51gdffrrwphv9qdxb", - "sha256bin64": "0qq9a3pzyn5d6bagx3py86ksl8n488lmlrmadgam2gb7421jq71a", + "version": "92.0.4515.70", + "sha256": "06yhpxr5bg0gx7hmrhc6zg4gr1d9s34y2rb98rpl4dilmc548i6q", + "sha256bin64": "1fkakh1r87pg5nr101m6v86y8iyyfba8vnzrg0229kcar7v8wzf7", "deps": { "gn": { "version": "2021-05-07", From 9c2bdffc2a68c78dd960a03114b1d905091680c1 Mon Sep 17 00:00:00 2001 From: Michael Weiss Date: Mon, 28 Jun 2021 12:43:37 +0200 Subject: [PATCH 28/45] chromiumDev: Fix build errors due to the older system FFmpeg The final linking still fails though, even with llvm-git. We might have to diable use_thin_lto for now: ld.lld: error: undefined symbol: snappy::Compress(char const*, unsigned long, std::__1::basic_string, std::__1::allocator >*) >>> referenced by compression_module.cc >>> thinlto-cache/Thin-ed5ed5.tmp.o:(reporting::CompressionModule::CompressRecord(std::__1::basic_string, std::__1::allocator >, base::OnceCallback, std::__1::allocator >, absl::optional)>) const) clang-13: error: linker command failed with exit code 1 (use -v to see invocation) (cherry picked from commit fcdcb819362836505e059ef1c5cb33c737883400) --- .../networking/browsers/chromium/common.nix | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/pkgs/applications/networking/browsers/chromium/common.nix b/pkgs/applications/networking/browsers/chromium/common.nix index c2417d9f524..db0d1606fa0 100644 --- a/pkgs/applications/networking/browsers/chromium/common.nix +++ b/pkgs/applications/networking/browsers/chromium/common.nix @@ -175,6 +175,18 @@ let sha256 = "1bxdhxmiy6h4acq26lq43x2mxx6rawmfmlgsh5j7w8kyhkw5af0c"; revert = true; }) + # To fix build errors with the older system FFmpeg: + (githubPatch { + # unbundle: add libavcodec/packet.h to shim headers + commit = "e4d228ec30607b06bf3fed77497abef89c29966a"; + sha256 = "02jg2bdmgjcpmk6alb72jc93wy3nf2fpa72hb4aarq337i2mwn4v"; + }) + (githubPatch { + # Roll src/third_party/ffmpeg/ 7e1d53a09..cf7ee6598 (1000 commits) + commit = "3ec3b2992238d4b4764f99f04605e154688c7990"; + sha256 = "1fwb154s5qcis490rvcvm14zrmaj59g5lg9zg8ada36vw9hycbrf"; + revert = true; + }) ]; postPatch = '' From c0a0749d1cc2b094aa0304ec3b98c3f718346faf Mon Sep 17 00:00:00 2001 From: Michael Weiss Date: Wed, 30 Jun 2021 19:59:49 +0200 Subject: [PATCH 29/45] chromiumDev: 93.0.4549.3 -> 93.0.4557.4 Would need to temporarily remove "ffmpeg" from gnSystemLibraries and disable use_thin_lto to fix the build (theoretically). (cherry picked from commit 5cae43456679428a675fb7074b48ceb5aa3f73e4) --- .../networking/browsers/chromium/common.nix | 12 ------------ .../networking/browsers/chromium/upstream-info.json | 12 ++++++------ 2 files changed, 6 insertions(+), 18 deletions(-) diff --git a/pkgs/applications/networking/browsers/chromium/common.nix b/pkgs/applications/networking/browsers/chromium/common.nix index db0d1606fa0..c2417d9f524 100644 --- a/pkgs/applications/networking/browsers/chromium/common.nix +++ b/pkgs/applications/networking/browsers/chromium/common.nix @@ -175,18 +175,6 @@ let sha256 = "1bxdhxmiy6h4acq26lq43x2mxx6rawmfmlgsh5j7w8kyhkw5af0c"; revert = true; }) - # To fix build errors with the older system FFmpeg: - (githubPatch { - # unbundle: add libavcodec/packet.h to shim headers - commit = "e4d228ec30607b06bf3fed77497abef89c29966a"; - sha256 = "02jg2bdmgjcpmk6alb72jc93wy3nf2fpa72hb4aarq337i2mwn4v"; - }) - (githubPatch { - # Roll src/third_party/ffmpeg/ 7e1d53a09..cf7ee6598 (1000 commits) - commit = "3ec3b2992238d4b4764f99f04605e154688c7990"; - sha256 = "1fwb154s5qcis490rvcvm14zrmaj59g5lg9zg8ada36vw9hycbrf"; - revert = true; - }) ]; postPatch = '' diff --git a/pkgs/applications/networking/browsers/chromium/upstream-info.json b/pkgs/applications/networking/browsers/chromium/upstream-info.json index 0f484ff9264..54370802fb5 100644 --- a/pkgs/applications/networking/browsers/chromium/upstream-info.json +++ b/pkgs/applications/networking/browsers/chromium/upstream-info.json @@ -31,15 +31,15 @@ } }, "dev": { - "version": "93.0.4549.3", - "sha256": "0bkr67n1d75ayd1d9sa57c99j85r83gadzfs8iw7kwiha9g0mjgp", - "sha256bin64": "1hac6m668nrdzvfqx3vyc74pnx8lf973m1jxnm3cfy83g7wynphz", + "version": "93.0.4557.4", + "sha256": "06397k5mkrrdrmd7icyvd1ifnmhincgw5nskgc3m436qzzifsab9", + "sha256bin64": "1q2c2dhx1yya6vhr82asf7h2zrv6kjzjv1a0zlfxkp3i6lnivgrd", "deps": { "gn": { - "version": "2021-06-18", + "version": "2021-06-25", "url": "https://gn.googlesource.com/gn", - "rev": "170c2dba1e0c0299fe8c6a441caf2f2352a42ae0", - "sha256": "1ylx8a5fxq7aciqs0mx7fld763sqkqn39lb9k951w6gksm15lrn3" + "rev": "4d207c94eab41f09c9a8505eb47f3d2919e47943", + "sha256": "1jfgksa7rifh3ynnmd7m8xxggwxckz0jnwjaq9m5xapksb89hbn1" } } }, From 1728c037de7c0b6c305aa81c56423945bbd55498 Mon Sep 17 00:00:00 2001 From: Michael Weiss Date: Thu, 1 Jul 2021 10:32:15 +0200 Subject: [PATCH 30/45] chromiumBeta: 92.0.4515.70 -> 92.0.4515.80 (cherry picked from commit 11237c7d83eb87cf9b608e4917f072b8ed206b27) --- .../networking/browsers/chromium/upstream-info.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/applications/networking/browsers/chromium/upstream-info.json b/pkgs/applications/networking/browsers/chromium/upstream-info.json index 54370802fb5..450a73145c4 100644 --- a/pkgs/applications/networking/browsers/chromium/upstream-info.json +++ b/pkgs/applications/networking/browsers/chromium/upstream-info.json @@ -18,9 +18,9 @@ } }, "beta": { - "version": "92.0.4515.70", - "sha256": "06yhpxr5bg0gx7hmrhc6zg4gr1d9s34y2rb98rpl4dilmc548i6q", - "sha256bin64": "1fkakh1r87pg5nr101m6v86y8iyyfba8vnzrg0229kcar7v8wzf7", + "version": "92.0.4515.80", + "sha256": "142v8y275mysgksvfprc83a7r1dlcnb5rqi8a451fmfnj6wrsq8i", + "sha256bin64": "0sz2fvg6l7q7syc5pysa246p03sganmgjdfvind42i8cqxw8gycp", "deps": { "gn": { "version": "2021-05-07", From 9f9708fac7c1c624824f9d517add503d9305ef65 Mon Sep 17 00:00:00 2001 From: Michael Weiss Date: Sat, 3 Jul 2021 11:06:30 +0200 Subject: [PATCH 31/45] chromiumBeta: Install crashpad_handler This executable is required to fix a startup error. TODO: Refactor the Nix expressions to allow chromiumVersionAtLeast, etc. "everywhere" and investigate the VM test failure. (cherry picked from commit ef7f020ec88c6aa92f3c35a4a83cd3517533d690) --- pkgs/applications/networking/browsers/chromium/browser.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/applications/networking/browsers/chromium/browser.nix b/pkgs/applications/networking/browsers/chromium/browser.nix index cc443764447..602e2e6a829 100644 --- a/pkgs/applications/networking/browsers/chromium/browser.nix +++ b/pkgs/applications/networking/browsers/chromium/browser.nix @@ -62,7 +62,7 @@ mkChromiumDerivation (base: rec { -e '/\[Desktop Entry\]/a\' \ -e 'StartupWMClass=chromium-browser' \ $out/share/applications/chromium-browser.desktop - '' + lib.optionalString (channel == "dev") '' + '' + lib.optionalString (channel != "stable") '' cp -v "$buildPath/crashpad_handler" "$libExecPath/" ''; From fe5ef8dbc00f4d8f694a6de50061805da5924967 Mon Sep 17 00:00:00 2001 From: Michael Weiss Date: Fri, 9 Jul 2021 10:17:01 +0200 Subject: [PATCH 32/45] chromiumBeta: 92.0.4515.80 -> 92.0.4515.93 (cherry picked from commit a571f3a94530f36ae1016cb74d2c861cb379ad5e) --- .../networking/browsers/chromium/upstream-info.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/applications/networking/browsers/chromium/upstream-info.json b/pkgs/applications/networking/browsers/chromium/upstream-info.json index 450a73145c4..f088ec6f631 100644 --- a/pkgs/applications/networking/browsers/chromium/upstream-info.json +++ b/pkgs/applications/networking/browsers/chromium/upstream-info.json @@ -18,9 +18,9 @@ } }, "beta": { - "version": "92.0.4515.80", - "sha256": "142v8y275mysgksvfprc83a7r1dlcnb5rqi8a451fmfnj6wrsq8i", - "sha256bin64": "0sz2fvg6l7q7syc5pysa246p03sganmgjdfvind42i8cqxw8gycp", + "version": "92.0.4515.93", + "sha256": "077i1rw84cgcmg2k0p1ycg5pwvnhgsa3qdfsr7icrn7gmagagqd0", + "sha256bin64": "1gf4qv8wvaagdgsinf2gprx9wcfgm8jql6870k50bi26mjqv9800", "deps": { "gn": { "version": "2021-05-07", From 4857d71209aaa7844512554877755cca7e956d61 Mon Sep 17 00:00:00 2001 From: Michael Weiss Date: Wed, 14 Jul 2021 13:51:12 +0200 Subject: [PATCH 33/45] chromiumDev: 93.0.4557.4 -> 93.0.4573.0 (cherry picked from commit 96a3799050f46967f4b1f0141a5965c79137c4a2) --- .../networking/browsers/chromium/upstream-info.json | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/pkgs/applications/networking/browsers/chromium/upstream-info.json b/pkgs/applications/networking/browsers/chromium/upstream-info.json index f088ec6f631..adadb4a8249 100644 --- a/pkgs/applications/networking/browsers/chromium/upstream-info.json +++ b/pkgs/applications/networking/browsers/chromium/upstream-info.json @@ -31,15 +31,15 @@ } }, "dev": { - "version": "93.0.4557.4", - "sha256": "06397k5mkrrdrmd7icyvd1ifnmhincgw5nskgc3m436qzzifsab9", - "sha256bin64": "1q2c2dhx1yya6vhr82asf7h2zrv6kjzjv1a0zlfxkp3i6lnivgrd", + "version": "93.0.4573.0", + "sha256": "0knks0padlcqhwnjpg32d875nycznlbd228sx8qwnylg1ilrzqck", + "sha256bin64": "1kxbsdcc0gh2pllz3szmnjswxqbw9sr457pq8aafpgk9rdchikg1", "deps": { "gn": { - "version": "2021-06-25", + "version": "2021-07-08", "url": "https://gn.googlesource.com/gn", - "rev": "4d207c94eab41f09c9a8505eb47f3d2919e47943", - "sha256": "1jfgksa7rifh3ynnmd7m8xxggwxckz0jnwjaq9m5xapksb89hbn1" + "rev": "24e2f7df92641de0351a96096fb2c490b2436bb8", + "sha256": "1lwkyhfhw0zd7daqz466n7x5cddf0danr799h4jg3s0yvd4galjl" } } }, From affa0971db1570a7c6fd9d03be1462edc717d695 Mon Sep 17 00:00:00 2001 From: Michael Weiss Date: Thu, 15 Jul 2021 10:58:56 +0200 Subject: [PATCH 34/45] chromiumBeta: 92.0.4515.93 -> 92.0.4515.101 (cherry picked from commit b22b804e67e546edda690b3ae9a7d0c7cd38f37e) --- .../networking/browsers/chromium/upstream-info.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/applications/networking/browsers/chromium/upstream-info.json b/pkgs/applications/networking/browsers/chromium/upstream-info.json index adadb4a8249..d7b14cb4ba6 100644 --- a/pkgs/applications/networking/browsers/chromium/upstream-info.json +++ b/pkgs/applications/networking/browsers/chromium/upstream-info.json @@ -18,9 +18,9 @@ } }, "beta": { - "version": "92.0.4515.93", - "sha256": "077i1rw84cgcmg2k0p1ycg5pwvnhgsa3qdfsr7icrn7gmagagqd0", - "sha256bin64": "1gf4qv8wvaagdgsinf2gprx9wcfgm8jql6870k50bi26mjqv9800", + "version": "92.0.4515.101", + "sha256": "1jcas265hhlqd9f63h4zw4n4xsl26c5zmjlmbf1px5icvcjfb2xd", + "sha256bin64": "0sb5l5nzfzisvrnhcfwhdh9rn6z6pkzqz4p92c40q2mlhmjrfhj0", "deps": { "gn": { "version": "2021-05-07", From 741f8416c78c30712c212c22f54ee1fa82c5c9bc Mon Sep 17 00:00:00 2001 From: Michael Weiss Date: Fri, 16 Jul 2021 12:14:45 +0200 Subject: [PATCH 35/45] chromium: get-commit-message.py: Improve the parsing The current stable release announcement [0] uses more HTML tags which broke the detection of "fixes" and "zero_days". Proper HTML parsing could be done using html.parser [1] but for our purposes the naive regex trick works well enough. [0]: https://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop.html [1]: https://docs.python.org/3/library/html.parser.html (cherry picked from commit 3e93811d93b2bc88f047e9a989b456ab3ae3291c) --- .../networking/browsers/chromium/get-commit-message.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/applications/networking/browsers/chromium/get-commit-message.py b/pkgs/applications/networking/browsers/chromium/get-commit-message.py index 2768e31bd03..7a91b74c83d 100755 --- a/pkgs/applications/networking/browsers/chromium/get-commit-message.py +++ b/pkgs/applications/networking/browsers/chromium/get-commit-message.py @@ -19,14 +19,14 @@ for entry in feed.entries: continue url = requests.get(entry.link).url.split('?')[0] content = entry.content[0].value + content = html_tags.sub('', content) # Remove any HTML tags if re.search(r'Linux', content) is None: continue #print(url) # For debugging purposes version = re.search(r'\d+(\.\d+){3}', content).group(0) print('chromium: TODO -> ' + version) print('\n' + url) - if fixes := re.search(r'This update includes .+ security fixes\.', content): - fixes = html_tags.sub('', fixes.group(0)) + if fixes := re.search(r'This update includes .+ security fixes\.', content).group(0): zero_days = re.search(r'Google is aware( of reports)? that .+ in the wild\.', content) if zero_days: fixes += " " + zero_days.group(0) From 03f1833d1ab072899b9a65e4c3417d00521c3946 Mon Sep 17 00:00:00 2001 From: Michael Weiss Date: Tue, 20 Jul 2021 10:08:44 +0200 Subject: [PATCH 36/45] chromiumBeta: 92.0.4515.101 -> 92.0.4515.107 (cherry picked from commit 5c6608144f9cd108565297c7c03ec79bb0fe611f) --- .../networking/browsers/chromium/upstream-info.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/applications/networking/browsers/chromium/upstream-info.json b/pkgs/applications/networking/browsers/chromium/upstream-info.json index d7b14cb4ba6..71887b8b85f 100644 --- a/pkgs/applications/networking/browsers/chromium/upstream-info.json +++ b/pkgs/applications/networking/browsers/chromium/upstream-info.json @@ -18,9 +18,9 @@ } }, "beta": { - "version": "92.0.4515.101", - "sha256": "1jcas265hhlqd9f63h4zw4n4xsl26c5zmjlmbf1px5icvcjfb2xd", - "sha256bin64": "0sb5l5nzfzisvrnhcfwhdh9rn6z6pkzqz4p92c40q2mlhmjrfhj0", + "version": "92.0.4515.107", + "sha256": "04khamgxwzgbm2rn7is53j5g55vm5qfyz7zwxqc51sd429jsqlbf", + "sha256bin64": "179i18lckd85i6cc60mqpvv2jqdshc338m686yackdgz9qjrrlwd", "deps": { "gn": { "version": "2021-05-07", From 9ede7cd91bdde4634fc43bf12c01839cc7db22ca Mon Sep 17 00:00:00 2001 From: Michael Weiss Date: Thu, 22 Jul 2021 10:34:59 +0200 Subject: [PATCH 37/45] chromiumDev: 93.0.4573.0 -> 93.0.4577.8 (cherry picked from commit 503dc62d0468e303758a720c8d650075a48956ec) --- .../networking/browsers/chromium/upstream-info.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/applications/networking/browsers/chromium/upstream-info.json b/pkgs/applications/networking/browsers/chromium/upstream-info.json index 71887b8b85f..a278192f136 100644 --- a/pkgs/applications/networking/browsers/chromium/upstream-info.json +++ b/pkgs/applications/networking/browsers/chromium/upstream-info.json @@ -31,9 +31,9 @@ } }, "dev": { - "version": "93.0.4573.0", - "sha256": "0knks0padlcqhwnjpg32d875nycznlbd228sx8qwnylg1ilrzqck", - "sha256bin64": "1kxbsdcc0gh2pllz3szmnjswxqbw9sr457pq8aafpgk9rdchikg1", + "version": "93.0.4577.8", + "sha256": "1x6i5bmcnj8bkpcb9gcyd1m9nzpq206yyprxrnpak117k7abr2b1", + "sha256bin64": "0qjfb9jxr2gmwb1dsvl6yzz06vsjny2l3icrsdcm0pl6r6davk2w", "deps": { "gn": { "version": "2021-07-08", From a45acbc8e390eacc7c13b189289a5a959e664650 Mon Sep 17 00:00:00 2001 From: Michael Weiss Date: Fri, 23 Jul 2021 10:38:36 +0200 Subject: [PATCH 38/45] chromium: remove bendlas as maintainer Their last Chromium commit is a52d7674cc7 from 2019. Thank you for maintaining Chromium in the past. (cherry picked from commit d4612af2c0d5e3c220bdd37c19272a69cc16cfd0) --- pkgs/applications/networking/browsers/chromium/browser.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/applications/networking/browsers/chromium/browser.nix b/pkgs/applications/networking/browsers/chromium/browser.nix index 602e2e6a829..1b21093e944 100644 --- a/pkgs/applications/networking/browsers/chromium/browser.nix +++ b/pkgs/applications/networking/browsers/chromium/browser.nix @@ -84,7 +84,7 @@ mkChromiumDerivation (base: rec { else "https://www.chromium.org/"; maintainers = with maintainers; if ungoogled then [ squalus primeos ] - else [ primeos thefloweringash bendlas ]; + else [ primeos thefloweringash ]; license = if enableWideVine then licenses.unfree else licenses.bsd3; platforms = platforms.linux; mainProgram = "chromium"; From 507eabd54983696029becdda5a5c7f7b5e095047 Mon Sep 17 00:00:00 2001 From: Danielle Lancashire Date: Fri, 16 Jul 2021 00:53:45 +0200 Subject: [PATCH 39/45] firecracker: 0.24.3 -> 0.24.4 Updated firecracker to v0.24.4. This required updating the buildPhase to point to new compilation result paths. Formatting changes were performed by `nix-update --format` (cherry picked from commit 6fc6e325e6fc6d28a3e2a862e398e773e7442179) --- .../virtualization/firecracker/default.nix | 24 +++++++++---------- 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/pkgs/applications/virtualization/firecracker/default.nix b/pkgs/applications/virtualization/firecracker/default.nix index a8fbb1d09c1..b0cfe8d5973 100644 --- a/pkgs/applications/virtualization/firecracker/default.nix +++ b/pkgs/applications/virtualization/firecracker/default.nix @@ -1,17 +1,17 @@ { fetchurl, lib, stdenv }: let - version = "0.24.3"; + version = "0.24.4"; suffix = { - x86_64-linux = "x86_64"; + x86_64-linux = "x86_64"; aarch64-linux = "aarch64"; }."${stdenv.hostPlatform.system}" or (throw "Unsupported system: ${stdenv.hostPlatform.system}"); baseurl = "https://github.com/firecracker-microvm/firecracker/releases/download"; dlbin = sha256: fetchurl { - url = "${baseurl}/v${version}/firecracker-v${version}-${suffix}.tgz"; + url = "${baseurl}/v${version}/firecracker-v${version}-${suffix}.tgz"; sha256 = sha256."${stdenv.hostPlatform.system}"; }; @@ -22,15 +22,15 @@ stdenv.mkDerivation { sourceRoot = "."; src = dlbin { - x86_64-linux = "sha256-i6NMVFoLm4hQJH7RnhfC0t+0DJCINoP5b/iCv9JyRdk="; - aarch64-linux = "0m7xs12g97z1ipzaf7dgknf3azlah0p6bdr9i454azvzg955238b"; + x86_64-linux = "sha256-EKndfLdkxn+S+2ElAyQ+mKEo5XN6kqZLuLCsQf+fKuk="; + aarch64-linux = "0zzr8x776aya6f6pw0dc0a6jxgbqv3f37p1vd8mmlsdv66c4kmfb"; }; configurePhase = ":"; - buildPhase = '' - mv firecracker-* firecracker - mv jailer-* jailer + buildPhase = '' + mv release-v${version}/firecracker-v${version}-${suffix} firecracker + mv release-v${version}/jailer-v${version}-${suffix} jailer chmod +x firecracker jailer ''; @@ -48,9 +48,9 @@ stdenv.mkDerivation { meta = with lib; { description = "Secure, fast, minimal micro-container virtualization"; - homepage = "http://firecracker-microvm.io"; - license = licenses.asl20; - platforms = [ "x86_64-linux" "aarch64-linux" ]; - maintainers = with maintainers; [ thoughtpolice ]; + homepage = "http://firecracker-microvm.io"; + license = licenses.asl20; + platforms = [ "x86_64-linux" "aarch64-linux" ]; + maintainers = with maintainers; [ thoughtpolice endocrimes ]; }; } From edf50c4c2b017a143ef6b191429734e5a8410d90 Mon Sep 17 00:00:00 2001 From: Robert Scott Date: Sat, 24 Jul 2021 20:07:43 +0100 Subject: [PATCH 40/45] lrzsz: add patch for CVE-2018-10195 provide gettext because modifying source files triggers localization regeneration (cherry picked from commit edc01d05a925369f518b0f3cef6f3689e561011e) --- pkgs/tools/misc/lrzsz/default.nix | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/pkgs/tools/misc/lrzsz/default.nix b/pkgs/tools/misc/lrzsz/default.nix index 55c11b00c93..09e90ca0794 100644 --- a/pkgs/tools/misc/lrzsz/default.nix +++ b/pkgs/tools/misc/lrzsz/default.nix @@ -1,4 +1,4 @@ -{ lib, stdenv, fetchurl }: +{ lib, stdenv, gettext, fetchurl, fetchpatch }: stdenv.mkDerivation rec { name = "lrzsz-0.12.20"; @@ -8,6 +8,16 @@ stdenv.mkDerivation rec { sha256 = "1wcgfa9fsigf1gri74gq0pa7pyajk12m4z69x7ci9c6x9fqkd2y2"; }; + patches = [ + (fetchpatch { + name = "CVE-2018-10195.patch"; + url = "https://bugzilla.redhat.com/attachment.cgi?id=79507"; + sha256 = "0jlh8w0cjaz6k56f0h3a0h4wgc51axmrdn3mdspk7apjfzqcvx3c"; + }) + ]; + + nativeBuildInputs = [ gettext ]; + hardeningDisable = [ "format" ]; configureFlags = [ "--program-transform-name=s/^l//" ]; From 3e6648699f15d1574f04f03f68a895a24749ee90 Mon Sep 17 00:00:00 2001 From: sternenseemann <0rpkxez4ksa01gb3typccl0i@systemli.org> Date: Mon, 5 Jul 2021 14:58:52 +0200 Subject: [PATCH 41/45] chromium: move ed and makeWrapper into nativeBuildInputs This most notably fixes cross _evaluation_ of chromium which previously would fail because makeWrapper relies on runtimeShell which is not available in the HostTarget package set. I tested that the native chromium build still works, but haven't tried cross compiling it yet. There very well may be additional errors, but at least they will be build errors, not hard to understand evaluation errors. (cherry picked from commit 524aa1c87c4cb024747930cda3a3e68c68dc362c) --- pkgs/applications/networking/browsers/chromium/default.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/pkgs/applications/networking/browsers/chromium/default.nix b/pkgs/applications/networking/browsers/chromium/default.nix index 14ee3290c71..535b87a87fd 100644 --- a/pkgs/applications/networking/browsers/chromium/default.nix +++ b/pkgs/applications/networking/browsers/chromium/default.nix @@ -149,9 +149,11 @@ in stdenv.mkDerivation { + "chromium${suffix}-${version}"; inherit version; - buildInputs = [ + nativeBuildInputs = [ makeWrapper ed + ]; + buildInputs = [ # needed for GSETTINGS_SCHEMAS_PATH gsettings-desktop-schemas glib gtk3 From a20f9eb0ec7f2d54243e03b09904904506dd839d Mon Sep 17 00:00:00 2001 From: Michael Weiss Date: Fri, 9 Jul 2021 11:24:16 +0200 Subject: [PATCH 42/45] nixos/tests/chromium: Fix the test for M92+ Unfortunately there are some regressions in the GPU code that cause Chromium and Google Chrome to crash, e.g.: machine # [0709/084047.890436:ERROR:process_memory_range.cc(75)] read out of range[ 30.153484] show_signal: 20 callbacks suppressed machine # [ 30.153490] traps: chrome[1036] trap invalid opcode ip:55af03357b29 sp:7ffeaa69ad10 error:0 in chrome[55aefe7a4000+81ec000] machine # machine # [0709/084047.955039:ERROR:file_io_posix.cc(144)] open /sys/devices/system/cpu/cpu0/cpufreq/scaling_cur_freq: No such file or directory (2) machine # [0709/084047.955078:ERROR:file_io_posix.cc(144)] open /sys/devices/system/cpu/cpu0/cpufreq/scaling_max_freq: No such file or directory (2) machine # [ 30.126905] systemd[1]: Created slice system-systemd\x2dcoredump.slice. machine # [ 30.137012] systemd[1]: Started Process Core Dump (PID 1038/UID 0). machine # [ 30.571987] systemd-coredump[1039]: Process 1036 (chrome) of user 1000 dumped core. machine # [992:1021:0709/084048.501937:ERROR:gpu_process_host.cc(995)] GPU process exited unexpectedly: exit_code=132 machine # [ 30.594747] systemd[1]: systemd-coredump@0-1038-0.service: Succeeded. Hopefully this'll be fixed upstream before the final release (there are bug reports for it) but for the meantime we have to launch the beta and dev versions with "--use-gl=angle --use-angle=swiftshader". (cherry picked from commit f9645002a2d8615fd608bfdef4f924481dca391e) --- nixos/tests/chromium.nix | 30 +++++++++++++++++++----------- 1 file changed, 19 insertions(+), 11 deletions(-) diff --git a/nixos/tests/chromium.nix b/nixos/tests/chromium.nix index 60ecf986d6e..c17d1953894 100644 --- a/nixos/tests/chromium.nix +++ b/nixos/tests/chromium.nix @@ -63,17 +63,25 @@ mapAttrs (channel: chromiumPkg: makeTest rec { return "su - ${user} -c " + shlex.quote(cmd) - def get_browser_binary(): - """Returns the name of the browser binary.""" + def get_browser_call(): + """Returns the name of the browser binary as well as CLI options.""" + # Determine the name of the binary: pname = "${getName chromiumPkg.name}" if pname.find("chromium") != -1: - return "chromium" # Same name for all channels and ungoogled-chromium - if pname == "google-chrome": - return "google-chrome-stable" - if pname == "google-chrome-dev": - return "google-chrome-unstable" - # For google-chrome-beta and as fallback: - return pname + binary = "chromium" # Same name for all channels and ungoogled-chromium + elif pname == "google-chrome": + binary = "google-chrome-stable" + elif pname == "google-chrome-dev": + binary = "google-chrome-unstable" + else: # For google-chrome-beta and as fallback: + binary = pname + # Add optional CLI options: + options = "" + major_version = "${versions.major (getVersion chromiumPkg.name)}" + if major_version > "91": + # To avoid a GPU crash: + options += "--use-gl=angle --use-angle=swiftshader" + return f"{binary} {options}" def create_new_win(): @@ -135,9 +143,9 @@ mapAttrs (channel: chromiumPkg: makeTest rec { machine.wait_for_x() url = "file://${startupHTML}" - machine.succeed(ru(f'ulimit -c unlimited; "{get_browser_binary()}" "{url}" & disown')) + machine.succeed(ru(f'ulimit -c unlimited; {get_browser_call()} "{url}" & disown')) - if get_browser_binary().startswith("google-chrome"): + if get_browser_call().startswith("google-chrome"): # Need to click away the first window: machine.wait_for_text("Make Google Chrome the default browser") machine.screenshot("google_chrome_default_browser_prompt") From 90e44d2f1cf2bf73555ef1fac733b649175fd835 Mon Sep 17 00:00:00 2001 From: Michael Weiss Date: Fri, 9 Jul 2021 19:04:04 +0200 Subject: [PATCH 43/45] nixos/tests/chromium: Refactor launching the browser process It should now be more flexible and less error-prone. (cherry picked from commit 8c52061b1fce2036b70836e5dcdfcf4b702dd405) --- nixos/tests/chromium.nix | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/nixos/tests/chromium.nix b/nixos/tests/chromium.nix index c17d1953894..06d92cd0c03 100644 --- a/nixos/tests/chromium.nix +++ b/nixos/tests/chromium.nix @@ -63,8 +63,8 @@ mapAttrs (channel: chromiumPkg: makeTest rec { return "su - ${user} -c " + shlex.quote(cmd) - def get_browser_call(): - """Returns the name of the browser binary as well as CLI options.""" + def launch_browser(): + """Launches the web browser with the correct options.""" # Determine the name of the binary: pname = "${getName chromiumPkg.name}" if pname.find("chromium") != -1: @@ -76,12 +76,19 @@ mapAttrs (channel: chromiumPkg: makeTest rec { else: # For google-chrome-beta and as fallback: binary = pname # Add optional CLI options: - options = "" + options = [] major_version = "${versions.major (getVersion chromiumPkg.name)}" if major_version > "91": # To avoid a GPU crash: - options += "--use-gl=angle --use-angle=swiftshader" - return f"{binary} {options}" + options += ["--use-gl=angle", "--use-angle=swiftshader"] + options.append("file://${startupHTML}") + # Launch the process: + machine.succeed(ru(f'ulimit -c unlimited; {binary} {shlex.join(options)} & disown')) + if binary.startswith("google-chrome"): + # Need to click away the first window: + machine.wait_for_text("Make Google Chrome the default browser") + machine.screenshot("google_chrome_default_browser_prompt") + machine.send_key("ret") def create_new_win(): @@ -142,14 +149,7 @@ mapAttrs (channel: chromiumPkg: makeTest rec { machine.wait_for_x() - url = "file://${startupHTML}" - machine.succeed(ru(f'ulimit -c unlimited; {get_browser_call()} "{url}" & disown')) - - if get_browser_call().startswith("google-chrome"): - # Need to click away the first window: - machine.wait_for_text("Make Google Chrome the default browser") - machine.screenshot("google_chrome_default_browser_prompt") - machine.send_key("ret") + launch_browser() machine.wait_for_text("startup done") machine.wait_until_succeeds( From 24599a5ba600906d98f1266083024cb68522a6c1 Mon Sep 17 00:00:00 2001 From: Michael Weiss Date: Sat, 10 Jul 2021 10:25:38 +0200 Subject: [PATCH 44/45] nixos/tests/chromium: Print the content of chrome://{sandbox,gpu} This can be very useful when running the test headless or e.g. when looking at Hydra logs. Especially the chrome://gpu content contains a lot of interesting information. I also decided to refactor the test_new_win() function to avoid duplicate code and rely less on xdo. (cherry picked from commit c33015a0c94777261ef054a3d7dacd53e744ceea) --- nixos/tests/chromium.nix | 73 +++++++++++++++------------------------- 1 file changed, 27 insertions(+), 46 deletions(-) diff --git a/nixos/tests/chromium.nix b/nixos/tests/chromium.nix index 06d92cd0c03..d2a8f276f12 100644 --- a/nixos/tests/chromium.nix +++ b/nixos/tests/chromium.nix @@ -30,7 +30,10 @@ mapAttrs (channel: chromiumPkg: makeTest rec { machine.imports = [ ./common/user-account.nix ./common/x11.nix ]; machine.virtualisation.memorySize = 2047; machine.test-support.displayManager.auto.user = user; - machine.environment.systemPackages = [ chromiumPkg ]; + machine.environment = { + systemPackages = [ chromiumPkg ]; + variables."XAUTHORITY" = "/home/alice/.Xauthority"; + }; startupHTML = pkgs.writeText "chromium-startup.html" '' @@ -139,10 +142,25 @@ mapAttrs (channel: chromiumPkg: makeTest rec { @contextmanager - def test_new_win(description): + def test_new_win(description, url, window_name): create_new_win() + machine.wait_for_window("New Tab") + machine.send_chars(f"{url}\n") + machine.wait_for_window(window_name) + machine.screenshot(description) + machine.succeed( + ru( + "${xdo "copy-all" '' + key --delay 1000 Ctrl+a Ctrl+c + ''}" + ) + ) + clipboard = machine.succeed( + ru("${pkgs.xclip}/bin/xclip -o") + ) + print(f"{description} window content:\n{clipboard}") with machine.nested(description): - yield + yield clipboard # Close the newly created window: machine.send_key("ctrl-w") @@ -172,49 +190,7 @@ mapAttrs (channel: chromiumPkg: makeTest rec { machine.screenshot("startup_done") - with test_new_win("check sandbox"): - machine.succeed( - ru( - "${xdo "type-url" '' - search --sync --onlyvisible --name "New Tab" - windowfocus --sync - type --delay 1000 "chrome://sandbox" - ''}" - ) - ) - - machine.succeed( - ru( - "${xdo "submit-url" '' - search --sync --onlyvisible --name "New Tab" - windowfocus --sync - key --delay 1000 Return - ''}" - ) - ) - - machine.screenshot("sandbox_info") - - machine.succeed( - ru( - "${xdo "find-window" '' - search --sync --onlyvisible --name "Sandbox Status" - windowfocus --sync - ''}" - ) - ) - machine.succeed( - ru( - "${xdo "copy-sandbox-info" '' - key --delay 1000 Ctrl+a Ctrl+c - ''}" - ) - ) - - clipboard = machine.succeed( - ru("${pkgs.xclip}/bin/xclip -o") - ) - + with test_new_win("sandbox_info", "chrome://sandbox", "Sandbox Status") as clipboard: filters = [ "layer 1 sandbox.*namespace", "pid namespaces.*yes", @@ -261,6 +237,11 @@ mapAttrs (channel: chromiumPkg: makeTest rec { machine.screenshot("after_copy_from_chromium") + + with test_new_win("gpu_info", "chrome://gpu", "chrome://gpu"): + pass + + machine.shutdown() ''; }) channelMap From 2eaf9b409a9f71f425ffe66faf5fa6ecd0bddbc1 Mon Sep 17 00:00:00 2001 From: Michael Weiss Date: Fri, 23 Jul 2021 10:03:14 +0200 Subject: [PATCH 45/45] chromium: Check the text rendering This should catch regressions like #131074 in the future. In that case a glibc update caused a regression that caused most of the text to become invisible (just not the "Web Store" we've already been checking for). (cherry picked from commit 11400dcd65ed95292d7ac7cb30912e15ec4cf8e1) --- nixos/tests/chromium.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/nixos/tests/chromium.nix b/nixos/tests/chromium.nix index d2a8f276f12..752c8bef31d 100644 --- a/nixos/tests/chromium.nix +++ b/nixos/tests/chromium.nix @@ -239,7 +239,8 @@ mapAttrs (channel: chromiumPkg: makeTest rec { with test_new_win("gpu_info", "chrome://gpu", "chrome://gpu"): - pass + # To check the text rendering (catches regressions like #131074): + machine.wait_for_text("Graphics Feature Status") machine.shutdown()