New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
p7zip: vendor debian patches #45097
p7zip: vendor debian patches #45097
Conversation
A few months ago I moved these patches to the new debian alsa instance [1], but it looks like their `sha256`s on the tag at the remote have changed again. It doesn't appear that debian's source remote is stable in the way we need it to be; let's just vendor the patches to avoid future issues. [1] NixOS#41769
@GrahamcOfBorg build p7zip |
(fetchpatch rec { | ||
name = "CVE-2016-9296.patch"; | ||
url = "https://salsa.debian.org/debian/p7zip/raw/debian/${version}+dfsg-6/debian/patches/12-${name}"; | ||
sha256 = "09wbkzai46bwm8zmplsz0m4jck3qn7snr68i9p1gsih300zidj0m"; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I guess they rebased and moved the tag? Strange.
$ nix-prefetch-url https://salsa.debian.org/debian/p7zip/raw/debian/16.02+dfsg-6/debian/patches/12-CVE-2016-9296.patch
0inblicg24gcbaq84n0mr6w4yc5ak65mh9wxml96wlhdf7ph2i3m
Success on x86_64-linux (full log) Attempted: p7zip Partial log (click to expand)
|
Success on aarch64-linux (full log) Attempted: p7zip Partial log (click to expand)
|
Success on aarch64-linux (full log) Attempted: p7zip Partial log (click to expand)
|
Success on x86_64-linux (full log) Attempted: p7zip Partial log (click to expand)
|
Is a backport required? |
Probably not; as far as I can tell the actual content of the patches hasn't materially changed, so as long as Hydra has it in its content-addressed source cache older builds should be OK. |
A few months ago I moved these patches to the new debian alsa instance [1], but
it looks like their
sha256
s on the tag at the remote have changed again.It doesn't appear that debian's source remote is stable in the way we need it to
be; let's just vendor the patches to avoid future issues.
[1] #41769
Motivation for this change
Things done
sandbox
innix.conf
on non-NixOS)nix-shell -p nox --run "nox-review wip"
./result/bin/
)nix path-info -S
before and after)