boringssl: unstable-2024-09-20 -> 0.20250415.0

[theoparis]

I updated boringssl to the latest version, which has now been re-licensed under the Apache 2.0 license. I also added myself as a maintainer. I plan on adding rust support to this package as well as a .pc file for pkg-config.

Things done

• Built on platform(s)
  • x86_64-linux
  • aarch64-linux
  • x86_64-darwin
  • aarch64-darwin
• For non-Linux: Is sandboxing enabled in nix.conf? (See Nix manual)
  • sandbox = relaxed
  • sandbox = true
• Tested, as applicable:
  • NixOS test(s) (look inside nixos/tests)
  • and/or package tests
  • or, for functions and "core" functionality, tests in lib/tests or pkgs/test
  • made sure NixOS tests are linked to the relevant packages
• Tested compilation of all packages that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage
• Tested basic functionality of all binary files (usually in ./result/bin/)
• 25.05 Release Notes (or backporting 24.11 and 25.05 Release notes)
  • (Package updates) Added a release notes entry if the change is major or breaking
  • (Module updates) Added a release notes entry if the change is significant
  • (Module addition) Added a release notes entry if adding a new NixOS module
• Fits CONTRIBUTING.md.

---

Add a 👍 reaction to pull requests you find important.

[theoparis]

This is still marked as a draft since I've been having trouble figuring out how to use cmake + buildRustPackage in the same derivation to enable the rust bindings to build.
Edit: I guess I can just hold off on that for now.

[antonmosich]

It seems to have been wrong already, but version must start with a digit as per pkgs/README.md. It seems boringssl is now being tagged monthly-ish, is there a reason not to use the tags?

[theoparis]

Oh I didn't notice that a digit was required now. I think using the new release tags is a good idea.

[antonmosich]

nixpkgs-review result

Generated using nixpkgs-review.

Command: nixpkgs-review pr 393230

---

x86_64-linux

⏩ 1 package marked as broken and skipped:

• mautrix-signal

❌ 5 packages failed to build:

• libtensorflow (libtensorflow.python)
• python312Packages.smolagents
• python312Packages.smolagents.dist
• python313Packages.smolagents
• python313Packages.smolagents.dist

✅ 19 packages built:

• boringssl
• boringssl.bin
• boringssl.dev
• janus-gateway
• janus-gateway.dev
• janus-gateway.doc
• janus-gateway.man
• libsignal-ffi
• open-webui
• open-webui.dist
• python312Packages.duckduckgo-search
• python312Packages.duckduckgo-search.dist
• python312Packages.primp
• python312Packages.primp.dist
• python313Packages.duckduckgo-search
• python313Packages.duckduckgo-search.dist
• python313Packages.primp
• python313Packages.primp.dist
• ustreamer

[theoparis]

This is now blocked by 0x676e67/boring2#90. I tried to update the primp package to remove the unnecessary preBuild script but ran into issues with the patches used by the rquest crate.

Edit: It seems like boring/boring2 is used by a lot of other rust/python/node.js packages, so this isn't a simple fix unfortunately... the boringssl version can't easily be updated in rust dependencies of dependencies of python/js packages.

[theoparis]

This PR is still relevant because my PR uses the cmake install target instead of manually installing the static libraries. I guess I could make a new PR for that

[SuperSandro2000]

Please rebase if this is still applicable.

[niklaskorz]

Please rebase if this is still applicable.

My PR was based on this (and attributed through the co-authored-by footer), so this can be closed.

[niklaskorz]

Superseded by #453894