-
-
Notifications
You must be signed in to change notification settings - Fork 14.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[24.05] Various Electron backports #337776
Conversation
This actually also marks 27 and 28 as EOL, which are used by the following packages that don’t use them on
So there’s some more backporting work to do here. I’ll go PR‐hunting in a bit, but I’d appreciate some help. |
(Also I do need to actually either backport the removals or mark the source packages as vulnerable too, of course… Drafting this for now.) |
f235310
to
eb2e2dc
Compare
Link: https://www.electronjs.org/docs/latest/tutorial/electron-timelines#timeline Link: NixOS#318857 (comment) (cherry picked from commit 7892638)
Follow-up to 7892638. We still have the EOLed `electron-{27,28}-bin` builds, that can be used instead. `electron-source.electron_{27,28}` do not build anymore due to LLVM incompatibilities. This is beneficial to users of software that still depend on those EOLed electron versions as well. Instead of wasting potentially hours of compute trying to build known broken versions from source, the working binary variants will be used. Furthermore, this allows us to cleanup the underlying chromium and electron-source derivations from now unused version conditions such as version specific patches and build flags. (cherry picked from commit 268ce0e)
eb2e2dc
to
9ea9100
Compare
9ea9100
to
283fe7f
Compare
Okay, I think I have all the relevant Electron commits in this now, but it could definitely use double‐checking… I’ll work on getting the PRs for the software this would break backported. |
283fe7f
to
9c01a20
Compare
Final diff of the Electron directory compared to diff --git a/pkgs/development/tools/electron/binary/default.nix b/pkgs/development/tools/electron/binary/default.nix
index 07637d13e9..b884428cf8 100644
--- a/pkgs/development/tools/electron/binary/default.nix
+++ b/pkgs/development/tools/electron/binary/default.nix
@@ -1,11 +1,8 @@
-let
- infoJson = builtins.fromJSON (builtins.readFile ./info.json);
-in
-
{ lib, callPackage }:
let
mkElectron = callPackage ./generic.nix { };
+ infoJson = builtins.fromJSON (builtins.readFile ./info.json);
in
lib.mapAttrs' (majorVersion: info:
lib.nameValuePair
diff --git a/pkgs/development/tools/electron/common.nix b/pkgs/development/tools/electron/common.nix
index 1e86382771..311757ae1b 100644
--- a/pkgs/development/tools/electron/common.nix
+++ b/pkgs/development/tools/electron/common.nix
@@ -16,7 +16,7 @@
, pipewire
, libsecret
, libpulseaudio
-, speechd-minimal
+, speechd
, info
}:
@@ -49,7 +49,7 @@
src = null;
- patches = base.patches ++ lib.optional (lib.versionOlder info.version "30")
+ patches = base.patches ++ lib.optional (lib.versionAtLeast info.version "29" && lib.versionOlder info.version "30")
(substituteAll {
# disable a component that requires CIPD blobs
name = "disable-screen-ai.patch";
@@ -171,8 +171,10 @@
use_qt = false;
v8_builtins_profiling_log_file = "";
enable_dangling_raw_ptr_checks = false;
+ } // lib.optionalAttrs (lib.versionAtLeast info.version "28") {
dawn_use_built_dxc = false;
v8_enable_private_mapping_fork_optimization = true;
+ } // lib.optionalAttrs (lib.versionAtLeast info.version "29") {
v8_expose_public_symbols = true;
} // lib.optionalAttrs (lib.versionOlder info.version "31") {
use_perfetto_client_library = false;
@@ -204,7 +206,7 @@
stdenv.cc.cc.lib
libsecret
libpulseaudio
- speechd-minimal
+ speechd
];
in
base.postFixup + '' |
Okay, I think I tracked down all the relevant PRs to backport. Still some manual ones to tackle and they all need review. |
Or not! Guess I have to backport that change too. I’ll do it tomorrow. |
The minimum versions for both chromium and electron-source are higher than the version bounds of those conditionals. As such, they can be safely removed. This is a no-op. (cherry picked from commit fb9cdbd)
- Changelog: https://github.com/electron/electron/releases/tag/v29.4.6 - Diff: electron/electron@refs/tags/v29.4.5...v29.4.6 - Fixes CVE-2024-6772 - Fixes CVE-2024-6773 - Fixes CVE-2024-6774 - Fixes CVE-2024-6775 - Fixes CVE-2024-6776 - Fixes CVE-2024-6777 - Fixes CVE-2024-6778 - Fixes CVE-2024-6779 - Fixes CVE-2024-6989 - Fixes CVE-2024-6991 (cherry picked from commit 0603cf5)
- Changelog: https://github.com/electron/electron/releases/tag/v30.4.0 - Diff: electron/electron@refs/tags/v30.3.1...v30.4.0 - Fixes CVE-2024-6772 - Fixes CVE-2024-6773 - Fixes CVE-2024-6774 - Fixes CVE-2024-6775 - Fixes CVE-2024-6776 - Fixes CVE-2024-6777 - Fixes CVE-2024-6778 - Fixes CVE-2024-6779 - Fixes CVE-2024-6989 - Fixes CVE-2024-6991 (cherry picked from commit 617ca89)
- Changelog: https://github.com/electron/electron/releases/tag/v29.4.6 - Diff: electron/electron@refs/tags/v29.4.5...v29.4.6 - Fixes CVE-2024-6772 - Fixes CVE-2024-6773 - Fixes CVE-2024-6774 - Fixes CVE-2024-6775 - Fixes CVE-2024-6776 - Fixes CVE-2024-6777 - Fixes CVE-2024-6778 - Fixes CVE-2024-6779 - Fixes CVE-2024-6989 - Fixes CVE-2024-6991 (cherry picked from commit de2eae7)
- Changelog: https://github.com/electron/electron/releases/tag/v30.4.0 - Diff: electron/electron@refs/tags/v30.3.1...v30.4.0 - Fixes CVE-2024-6772 - Fixes CVE-2024-6773 - Fixes CVE-2024-6774 - Fixes CVE-2024-6775 - Fixes CVE-2024-6776 - Fixes CVE-2024-6777 - Fixes CVE-2024-6778 - Fixes CVE-2024-6779 - Fixes CVE-2024-6989 - Fixes CVE-2024-6991 (cherry picked from commit a370fc8)
- Changelog: https://github.com/electron/electron/releases/tag/v29.4.6 - Diff: electron/electron@refs/tags/v29.4.5...v29.4.6 - Fixes CVE-2024-6772 - Fixes CVE-2024-6773 - Fixes CVE-2024-6774 - Fixes CVE-2024-6775 - Fixes CVE-2024-6776 - Fixes CVE-2024-6777 - Fixes CVE-2024-6778 - Fixes CVE-2024-6779 - Fixes CVE-2024-6989 - Fixes CVE-2024-6991 (cherry picked from commit 21635ab)
- Changelog: https://github.com/electron/electron/releases/tag/v30.4.0 - Diff: electron/electron@refs/tags/v30.3.1...v30.4.0 - Fixes CVE-2024-6772 - Fixes CVE-2024-6773 - Fixes CVE-2024-6774 - Fixes CVE-2024-6775 - Fixes CVE-2024-6776 - Fixes CVE-2024-6777 - Fixes CVE-2024-6778 - Fixes CVE-2024-6779 - Fixes CVE-2024-6989 - Fixes CVE-2024-6991 (cherry picked from commit eb6c247)
(cherry picked from commit 39f4f08)
(cherry picked from commit fd91115)
9c01a20
to
3f2a98c
Compare
This should actually work now. Apologies for my sloppiness; this is my first time working with the Electron packages. |
This should be ready now. |
I'll build this branch on my tower and report back with test results. |
Result of 10 packages marked as broken and skipped:
12 packages built:
|
Thanks for checking! is it expected that |
Description of changes
Manual backport of #319252, #319415, #336036, and #335850.
Pending on:
Things done
nix.conf
? (See Nix manual)sandbox = relaxed
sandbox = true
nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD"
. Note: all changes have to be committed, also see nixpkgs-review usage./result/bin/
)Add a 👍 reaction to pull requests you find important.