This also adds a dedicated channel for ungoogled-chromium that enables
us to update ungoogled-chromium independently of chromium.
TODO: Automate ungoogled-chromium updates via update.py (currently it
needs to be updated manually).
Note: Unfortunately this changes the ungoogled-chromium derivation
because common.nix passes the channel as an argument to
stdenv.mkDerivation (this makes it more difficult to verify this commit
but the result should remain the same).
I used nix-instantiate to verify that the derivations for chromium and
ungoogled-chromium remain unchanged (only the meta attributes change
slightly as I added myself as ungoogled-chromium to receive
notifications for PRs/issues).
Backward incompatible changes:
- Support for Python 3.5 has been removed due to low usage and
maintenance burden.
- The GCM and AESGCM now require 64-bit to 1024-bit (8 byte to 128 byte)
initialization vectors. This change is to conform with an upcoming
OpenSSL release that will no longer support sizes outside this window.
- When deserializing asymmetric keys we now raise ValueError rather than
UnsupportedAlgorithm when an unsupported cipher is used. This change
is to conform with an upcoming OpenSSL release that will no longer
distinguish between error types.
- We no longer allow loading of finite field Diffie-Hellman parameters
of less than 512 bits in length. This change is to conform with an
upcoming OpenSSL release that no longer supports smaller sizes. These
keys were already wildly insecure and should not have been used in any
application outside of testing.
siteVersionDir isn't a full path, it's just the name of the version
directory entry in $out/share/emacs, e.g. "27.1", so since
d1b0eef9b51 ("emacs: Don't use interpolation for version"), we've been
trying to remove a non-existent directory. This would have been
caught if we hadn't been giving -f to rm unnecessarily, because -f
suppresses errors. As well as fixing the path, I've removed the -f
from rm. Doing this to the line above as well revealed that rm-ing
$out/var was no longer necessary, since nothing has been put there
since ac23a7c459d8 ("emacs: 25.3 → 26.1") -- it would now only be
created if we set the --with-gameuser configure option, which we
don't.
