Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[19.09] firefox 70 (staging) #71714

Merged
merged 10 commits into from Nov 2, 2019
Merged

[19.09] firefox 70 (staging) #71714

merged 10 commits into from Nov 2, 2019

Conversation

andir
Copy link
Member

@andir andir commented Oct 22, 2019

Motivation for this change

Port of #71580 & #71624

This should through staging on 19.09 as it carries a rather large rebuild.

This went into the master staging process earlier today and there doesn't seem to be much unexpected breakage. @FRidh seems to be aware of a python regression and is likely able to help out there.

I compiled firefox from this branch and opened this PR using it.

Things done
  • Tested using sandboxing (nix.useSandbox on NixOS, or option sandbox in nix.conf on non-NixOS)
  • Built on platform(s)
    • NixOS
    • macOS
    • other Linux distributions
  • Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
  • Tested compilation of all pkgs that depend on this change using nix-shell -p nix-review --run "nix-review wip"
  • Tested execution of all binary files (usually in ./result/bin/)
  • Determined the impact on package closure size (by running nix path-info -S before and after)
  • Ensured that relevant documentation is up to date
  • Fits CONTRIBUTING.md.
Notify maintainers

cc RMs @lheckemann @disassembler
cc @FRidh as he might know about some python/sqlachemy breakage from the sqlite change

@ofborg ofborg bot added the 6.topic: rust label Oct 22, 2019
@ofborg ofborg bot requested review from edolstra, np and jtojnar October 22, 2019 21:26
@FRidh FRidh self-assigned this Oct 23, 2019
@FRidh
Copy link
Member

FRidh commented Oct 23, 2019

@andir as I mentioned https://github.com/NixOS/nixpkgs/pull/70593#issuecomment-545057600 I hope we don't have to backport any newer version of sqlite.

https://github.com/NixOS/nixpkgs/pull/71695 we have instead a CVE fix for sqlite.

@andir
Copy link
Member Author

andir commented Oct 23, 2019

The update isn't for the CVE but more because firefox has that as minimum supported version…

I am very unhappy about the state of maintaining firefox on release versions. I am almost in favor of just using bundled libraries at this stage.. I did flip that switch on 18.03 as it was about to go EOL and that avoided having to deal with a bunch of breakage.

@FRidh
Copy link
Member

FRidh commented Oct 23, 2019

If firefox moves this fast with its dependencies, then I see no way for us to build the latest firefox on stable from source using our Nixpkgs packages, without indeed using bundled/vendored/firefox-specific versions of packages. It's good then that they have ESR versions...

@jtojnar
Copy link
Contributor

jtojnar commented Oct 23, 2019

We would either need to vendor dependencies in master, or convert Firefox to vendored after every branch-off, choosing between ugliness and lot of work and ugliness. At that point, I would rather just drop non-ESR versions after branch-off. People will still be able to use latest Firefox from unstable.

@FRidh FRidh added this to New in Staging Oct 24, 2019
@FRidh FRidh moved this from New to Not ready in Staging Oct 24, 2019
@FRidh FRidh removed this from Not ready in Staging Oct 24, 2019
@FRidh FRidh added this to WIP in Staging (stable) Oct 24, 2019
@FRidh FRidh moved this from WIP to Needs review in Staging (stable) Oct 24, 2019
@FRidh FRidh removed their assignment Oct 27, 2019
@andir
Copy link
Member Author

andir commented Oct 27, 2019

Well then I guess we will mark firefox as insecure in 19.09? @FRidh @jtojnar

@jtojnar
Copy link
Contributor

jtojnar commented Oct 27, 2019

Sounds good.

@andir andir mentioned this pull request Oct 27, 2019
Closed
andir and others added 8 commits November 1, 2019 22:21
@andir
buildRustPackage: support checkFlags and checkFlagsArray
b22fe37 
(cherry picked from commit 7391a7d)
@andir
rust-cbindgen: skip expand tests
c8da23b 
The expand tests require unstable rust features.

(cherry picked from commit 2deef75)
@andir
rust-cbdindgen: 0.9.0 -> 0.9.1
088c7c1 
(cherry picked from commit f19920f)
@andir
nss: 3.46 -> 3.46.1
bcdedc8 
(cherry picked from commit b4f278a)
@andir
sqlite: add 3.30 variant for firefox
098dbcd
@andir
firefox: 69.0.2 -> 70.0
e3aca95 
(cherry picked from commit 1b2b476)
@taku0 @andir
firefox-esr: 68.1.0esr -> 68.2.0esr
682eafb 
(cherry picked from commit 20dae73)
@taku0 @andir
firefox-bin: 69.0.2 -> 70.0
f998cae 
(cherry picked from commit dc6ea54)
@taku0 @andir
firefox-bin: 70.0 -> 70.0.1
2850361 
(cherry picked from commit 14282e9)
@taku0 @andir
firefox: 70.0 -> 70.0.1
643c809 
(cherry picked from commit 0bc5d7f)
@andir
Copy link
Member Author

andir commented Nov 2, 2019
edited

I reworked that a bit. The main difference is now that the sqlite update ended up in a new attribute that only firefox is consuming. I went forward with keeping the nss update since that is a minor bump and fixes things like static time execution of some algorithms so I consider that worthy.
Same story for rust-cbindgen. It is a minor update and the rebuilds it introduces are minor compared to those caused by nss.

For the next Firefox releases I plan on providing dedicated attributes or overrides for packages that need updating on the 19.09 branch.

Does this look better to you @FRidh ?

FRidh
FRidh approved these changes Nov 2, 2019
View reviewed changes
Copy link
Member

@FRidh FRidh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If it works then I think it's good. Thanks!

@ofborg ofborg bot requested a review from lovek323 November 2, 2019 10:09
@andir andir merged commit e65f424 into NixOS:staging-19.09 Nov 2, 2019
@vcunat
Copy link
Member

vcunat commented Nov 3, 2019
edited

A suggestion to consider: perhaps keep default sqlite for all firefoxPackages except the latest one? (with ffversion > 70)

@FRidh
Copy link
Member

FRidh commented Nov 3, 2019

Ah right indeed, forgot about that one.

@FRidh FRidh moved this from Needs review to Merged in Staging (stable) Nov 3, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@FRidh FRidh FRidh approved these changes

@edolstra edolstra Awaiting requested review from edolstra

@np np Awaiting requested review from np

@jtojnar jtojnar Awaiting requested review from jtojnar

@lovek323 lovek323 Awaiting requested review from lovek323

Assignees
No one assigned
Labels
6.topic: rust 8.has: package (new) 10.rebuild-darwin: 501+ 10.rebuild-darwin: 1001-2500 10.rebuild-linux: 501+ 10.rebuild-linux: 5001+
Projects
Staging (stable)
  
Done
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@andir @FRidh @jtojnar @vcunat @taku0