Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

electron: mark insecure versions (3,4,5) and require explicit version of electron in packages #89758

Merged
merged 2 commits into from Jul 20, 2020
Merged

electron: mark insecure versions (3,4,5) and require explicit version of electron in packages #89758

merged 2 commits into from Jul 20, 2020

Conversation

prusnak
Copy link
Member

@prusnak prusnak commented Jun 7, 2020
edited

Motivation for this change
  1. require explicit version of electron in packages
  2. point electron alias to the latest stable version
Things done
  • Tested using sandboxing (nix.useSandbox on NixOS, or option sandbox in nix.conf on non-NixOS linux)
  • Built on platform(s)
    • NixOS
    • macOS
    • other Linux distributions
  • Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
  • Tested compilation of all pkgs that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review wip"
  • Tested execution of all binary files (usually in ./result/bin/)
  • Determined the impact on package closure size (by running nix path-info -S before and after)
  • Ensured that relevant documentation is up to date
  • Fits CONTRIBUTING.md.

@ofborg ofborg bot requested review from rvl and cawilliamson June 7, 2020 18:32
@prusnak prusnak changed the title electron: point electron alias to the latest stable version electron: require explicit version of electron in packages Jun 7, 2020
cawilliamson
cawilliamson approved these changes Jun 19, 2020
View reviewed changes
Copy link
Member

@cawilliamson cawilliamson left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me - thanks for taking the time to figure out which version rambox required. Saved me a headache down the road. :)

@dtzWill
Copy link
Member

dtzWill commented Jul 9, 2020

I like this approach, for whatever reason electron packages indeed aren't sufficiently tested (sometimes not at all, other times the issue is not immediately obvious).

Conflict is hopefully minor :).

Out of curiosity--if packaged applications find using specific versions of electron useful/necessary,
what uses (out-of-tree?) might there be for a generic electron alias that points to latest?
Makes sense to have it regardless, I think, for backwards-compat reasons but curious if there's more than that :).

(see also fun situation with LLVM versions ^_^)

@prusnak prusnak requested a review from mmahut as a code owner July 9, 2020 20:23
@prusnak
Copy link
Member Author

prusnak commented Jul 9, 2020

Conflict is hopefully minor :).

It was. :-) Resolved the conflict in de5799f3e75d2368c441a88364dc42cb2ca4335c

what uses (out-of-tree?) might there be for a generic electron alias that points to latest?

pkgs/applications/misc/nix-tour/default.nix uses electron without version, but I think that's the only in-tree package that does that

@prusnak prusnak mentioned this pull request Jul 17, 2020
Closed
1 task
@prusnak
Copy link
Member Author

prusnak commented Jul 20, 2020

Marked electron versions 3, 4, 5 insecure (in 1499874) as per #93264, #93254, #93257

@prusnak prusnak changed the title electron: require explicit version of electron in packages electron: mark insecure versions (3,4,5) and require explicit version of electron in packages Jul 20, 2020
@ofborg ofborg bot requested review from manveru and travisbhartwell July 20, 2020 16:46
@worldofpeace worldofpeace merged commit 1dd4b32 into NixOS:master Jul 20, 2020
@worldofpeace
Copy link
Contributor

@prusnak Thank you soo much ✨ 💖

@prusnak prusnak deleted the electron-explicit branch July 20, 2020 19:36
@prusnak prusnak mentioned this pull request Jul 20, 2020
Open
23 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cawilliamson cawilliamson cawilliamson approved these changes

@dtzWill dtzWill Awaiting requested review from dtzWill

@worldofpeace worldofpeace Awaiting requested review from worldofpeace

@rvl rvl Awaiting requested review from rvl

@Scriptkiddi Scriptkiddi Awaiting requested review from Scriptkiddi

@Shou Shou Awaiting requested review from Shou

@jensbin jensbin Awaiting requested review from jensbin

@cdepillabout cdepillabout Awaiting requested review from cdepillabout

@mmahut mmahut Awaiting requested review from mmahut mmahut is a code owner

@manveru manveru Awaiting requested review from manveru

@travisbhartwell travisbhartwell Awaiting requested review from travisbhartwell

Assignees
No one assigned
Labels
6.topic: haskell 10.rebuild-darwin: 1-10 10.rebuild-darwin: 1 10.rebuild-linux: 1-10
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@prusnak @dtzWill @worldofpeace @cawilliamson