Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[19.09] firefox 70 (staging) #71714

Merged
merged 10 commits into from
Nov 2, 2019
Merged

[19.09] firefox 70 (staging) #71714

merged 10 commits into from
Nov 2, 2019
+474 −386

Conversation

andir
Copy link
Member

@andir andir commented Oct 22, 2019

Motivation for this change

Port of #71580 & #71624

This should through staging on 19.09 as it carries a rather large rebuild.

This went into the master staging process earlier today and there doesn't seem to be much unexpected breakage. @FRidh seems to be aware of a python regression and is likely able to help out there.

I compiled firefox from this branch and opened this PR using it.

Things done
  • Tested using sandboxing (nix.useSandbox on NixOS, or option sandbox in nix.conf on non-NixOS)
  • Built on platform(s)
    • NixOS
    • macOS
    • other Linux distributions
  • Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
  • Tested compilation of all pkgs that depend on this change using nix-shell -p nix-review --run "nix-review wip"
  • Tested execution of all binary files (usually in ./result/bin/)
  • Determined the impact on package closure size (by running nix path-info -S before and after)
  • Ensured that relevant documentation is up to date
  • Fits CONTRIBUTING.md.
Notify maintainers

cc RMs @lheckemann @disassembler
cc @FRidh as he might know about some python/sqlachemy breakage from the sqlite change

Sorry, something went wrong.

@ofborg ofborg bot added the 6.topic: rust label Oct 22, 2019
@ofborg ofborg bot requested review from edolstra, np and jtojnar October 22, 2019 21:26
@FRidh FRidh self-assigned this Oct 23, 2019
@FRidh
Copy link
Member

FRidh commented Oct 23, 2019

@andir as I mentioned https://github.com/NixOS/nixpkgs/pull/70593#issuecomment-545057600 I hope we don't have to backport any newer version of sqlite.

https://github.com/NixOS/nixpkgs/pull/71695 we have instead a CVE fix for sqlite.

@andir
Copy link
Member Author

andir commented Oct 23, 2019

The update isn't for the CVE but more because firefox has that as minimum supported version…

I am very unhappy about the state of maintaining firefox on release versions. I am almost in favor of just using bundled libraries at this stage.. I did flip that switch on 18.03 as it was about to go EOL and that avoided having to deal with a bunch of breakage.

@FRidh
Copy link
Member

FRidh commented Oct 23, 2019

If firefox moves this fast with its dependencies, then I see no way for us to build the latest firefox on stable from source using our Nixpkgs packages, without indeed using bundled/vendored/firefox-specific versions of packages. It's good then that they have ESR versions...

@jtojnar
Copy link
Member

jtojnar commented Oct 23, 2019

We would either need to vendor dependencies in master, or convert Firefox to vendored after every branch-off, choosing between ugliness and lot of work and ugliness. At that point, I would rather just drop non-ESR versions after branch-off. People will still be able to use latest Firefox from unstable.

@FRidh FRidh removed their assignment Oct 27, 2019
@andir
Copy link
Member Author

andir commented Oct 27, 2019

Well then I guess we will mark firefox as insecure in 19.09? @FRidh @jtojnar

@jtojnar
Copy link
Member

jtojnar commented Oct 27, 2019

Sounds good.

@andir andir mentioned this pull request Oct 27, 2019
Closed
andir and others added 10 commits November 1, 2019 22:21
@andir
buildRustPackage: support checkFlags and checkFlagsArray
b22fe37 
(cherry picked from commit 7391a7d)
@andir
rust-cbindgen: skip expand tests
c8da23b 
The expand tests require unstable rust features.

(cherry picked from commit 2deef75)
@andir
rust-cbdindgen: 0.9.0 -> 0.9.1
088c7c1 
(cherry picked from commit f19920f)
@andir
nss: 3.46 -> 3.46.1

Partially verified

This commit was created on GitHub.com and signed with GitHub’s verified signature.
We cannot verify signatures from co-authors, and some of the co-authors attributed to this commit require their commits to be signed.
bcdedc8 
(cherry picked from commit b4f278a)
@andir
sqlite: add 3.30 variant for firefox
098dbcd
@andir
firefox: 69.0.2 -> 70.0
e3aca95 
(cherry picked from commit 1b2b476)
@taku0 @andir
firefox-esr: 68.1.0esr -> 68.2.0esr
682eafb 
(cherry picked from commit 20dae73)
@taku0 @andir
firefox-bin: 69.0.2 -> 70.0
f998cae 
(cherry picked from commit dc6ea54)
@taku0 @andir
firefox-bin: 70.0 -> 70.0.1
2850361 
(cherry picked from commit 14282e9)
@taku0 @andir
firefox: 70.0 -> 70.0.1
643c809 
(cherry picked from commit 0bc5d7f)
@andir andir force-pushed the 19.09/firefox-70-staging branch from dab102e to 643c809 Compare November 2, 2019 09:43
@andir
Copy link
Member Author

andir commented Nov 2, 2019
edited
Loading

I reworked that a bit. The main difference is now that the sqlite update ended up in a new attribute that only firefox is consuming. I went forward with keeping the nss update since that is a minor bump and fixes things like static time execution of some algorithms so I consider that worthy.
Same story for rust-cbindgen. It is a minor update and the rebuilds it introduces are minor compared to those caused by nss.

For the next Firefox releases I plan on providing dedicated attributes or overrides for packages that need updating on the 19.09 branch.

Does this look better to you @FRidh ?

FRidh
FRidh approved these changes Nov 2, 2019
View reviewed changes
Copy link
Member

@FRidh FRidh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If it works then I think it's good. Thanks!

@ofborg ofborg bot added the 8.has: package (new) This PR adds a new package label Nov 2, 2019
@ofborg ofborg bot requested a review from lovek323 November 2, 2019 10:09
@andir andir merged commit e65f424 into NixOS:staging-19.09 Nov 2, 2019
@vcunat
Copy link
Member

vcunat commented Nov 3, 2019
edited
Loading

A suggestion to consider: perhaps keep default sqlite for all firefoxPackages except the latest one? (with ffversion > 70)

@FRidh
Copy link
Member

FRidh commented Nov 3, 2019

Ah right indeed, forgot about that one.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@FRidh FRidh

@edolstra edolstra

@np np

@jtojnar jtojnar

@lovek323 lovek323

Assignees
No one assigned
Labels
6.topic: rust 8.has: package (new) This PR adds a new package 10.rebuild-darwin: 501+ 10.rebuild-darwin: 1001-2500 10.rebuild-linux: 501+ 10.rebuild-linux: 5001+
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@andir @FRidh @jtojnar @vcunat @taku0