Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

firefox: 67.0.4 -> 68.0, firefox-esr: 60.7.2esr -> 68.0esr, rust-cbindgen: 0.8.3 -> 0.8.7 #64733

Closed
wants to merge 4 commits into from
Closed

firefox: 67.0.4 -> 68.0, firefox-esr: 60.7.2esr -> 68.0esr, rust-cbindgen: 0.8.3 -> 0.8.7 #64733

wants to merge 4 commits into from

Conversation

taku0
Copy link
Contributor

@taku0 taku0 commented Jul 14, 2019

Motivation for this change
  • Critical security fixes
  • Other improvements
  • ESR is now based on version 68.

https://www.mozilla.org/en-US/firefox/68.0/releasenotes/
https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/

Related: #64577

Things done
  • Tested using sandboxing (nix.useSandbox on NixOS, or option sandbox in nix.conf on non-NixOS)
  • Built on platform(s)
    • NixOS
    • macOS
    • other Linux distributions
  • Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
  • Tested compilation of all pkgs that depend on this change using nix-shell -p nix-review --run "nix-review wip"
  • Tested execution of all binary files (usually in ./result/bin/)
  • Determined the impact on package closure size (by running nix path-info -S before and after)
  • Ensured that relevant documentation is up to date
  • Fits CONTRIBUTING.md.

fix-virtualenv-symlinks.patch deletes all symlinks and activate_this.py in virtualenv to force recreate it. Otherwise it results in OSError: [Errno 17] File exists: '/build/firefox-68.0/obj-x86_64-pc-linux-gnu/_virtualenvs/init/lib/python2.7/lib-dynload'. See also #64577 (comment).

rust-cbindgen and nss are required to be up-to-date. rust-cbindgen needs nightly compiler for now, so I have added RUSTC_BOOTSTRAP = 1;. See mozilla/cbindgen#338 for details.

This PR may results in mass rebuild. Should I PR against the staging branch rather than the master?

@ofborg ofborg bot requested review from andir, jtojnar, lovek323 and edolstra July 14, 2019 14:17
@andir
Copy link
Member

andir commented Jul 14, 2019

Looks good. I would remove the patch and just have a conditional postPatch statement that removes the artifacts. I am boarding a plane home right now and will review this in ~6h.

@andir andir self-assigned this Jul 14, 2019
@andir andir mentioned this pull request Jul 14, 2019
Merged
10 tasks
@andir
Copy link
Member

andir commented Jul 14, 2019
edited

@volth

please keep firefox-esr 60, and just add 68
1. post-60 firefoxes have trouble to build for 32-bit platforms
2. even for 64-bit platforms: there are plugins which require legacy firefox (examples can be found here in the issues)

I agree. I made those changes and a few other tiny nitpicks and opened another PR since I could not update this PR.

@taku0 thank you for looking into this, appreciate your work. 👍 I incorporated my feedback into the new PR #64742. Still building all of the versions. Given this update fixes a bunch of security issues merging to master is usually fine.

@andir andir closed this Jul 14, 2019
@SimonSapin SimonSapin mentioned this pull request Jul 23, 2019
Closed
10 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@andir andir Awaiting requested review from andir

@jtojnar jtojnar Awaiting requested review from jtojnar

@lovek323 lovek323 Awaiting requested review from lovek323

@edolstra edolstra Awaiting requested review from edolstra

Assignees

@andir andir

Labels
8.has: clean-up 8.has: package (new) 10.rebuild-darwin: 501+ 10.rebuild-darwin: 1001-2500 10.rebuild-linux: 501+ 10.rebuild-linux: 5001+
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@taku0 @andir