Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merge openssl 1.1 into staging #67375

Closed
wants to merge 1,073 commits into from

Conversation

@lheckemann
Copy link
Member

commented Aug 24, 2019

Motivation for this change

openssl 1.1 has been merged into master since it had its own hydra jobset. That means we need to merge it into staging. I'm making this PR so @GrahamcOfBorg can evaluate it, to check if I haven't made any silly mistakes while fixing merge conflicts (lots of them because of the pname change).

Things done
  • Tested using sandboxing (nix.useSandbox on NixOS, or option sandbox in nix.conf on non-NixOS)
  • Built on platform(s)
    • NixOS
    • macOS
    • other Linux distributions
  • Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
  • Tested compilation of all pkgs that depend on this change using nix-shell -p nix-review --run "nix-review wip"
  • Tested execution of all binary files (usually in ./result/bin/)
  • Determined the impact on package closure size (by running nix path-info -S before and after)
  • Ensured that relevant documentation is up to date
  • Fits CONTRIBUTING.md.
Notify maintainers

cc @

kisik21 and others added 5 commits Aug 21, 2019
Some build-time and run-time dependencies were mixed. I put them in a right place!
nixos/fontconfig: harmonize with penultimate
Changelog: https://git.ffmpeg.org/gitweb/ffmpeg.git/blob/refs/heads/release/4.2:/Changelog

Configuration flag changes:
https://git.ffmpeg.org/gitweb/ffmpeg.git/blobdiff/n4.1.4..n4.2:/configure

Ignored new configuration flags:
--enable-libaribb24      enable ARIB text and caption decoding via libaribb24 [no]
--enable-pocketsphinx    enable PocketSphinx, needed for asr filter [no]
--enable-cuda-nvcc       enable Nvidia CUDA compiler [no]
--disable-cuda-llvm      disable CUDA compilation using clang [autodetect]
--disable-msa2           disable MSA2 optimizations

The renamed and removed configuration options where not used.

I've added a patch to prefer libdav1d over libaom, as libaom wasn't even
able to play my sample videos for AV1 (apart from the reduced
performance, at least in theory).
Semi-automatic update generated by
https://github.com/ryantm/nixpkgs-update tools. This update was made
based on information from
https://repology.org/metapackage/thermald/versions
@primeos

This comment has been minimized.

Copy link
Member Author

commented on f4d57f3 Aug 21, 2019

@Chiiruno: Just FYI ;) Noticed this while testing an update for ffmpeg-full.

This comment has been minimized.

Copy link
Contributor

replied Aug 22, 2019

Looks like it's time for an update.
Fix depends on kamilchm/go2nix#78

abbradar and others added 24 commits Aug 21, 2019
sympow: 2.023.4 -> 2.023.5
Per https://www.php.net/manual/en/intro.mhash.php, mhash extension
is obsolete, so disabling it here. (Also it doesn't cross-compile)

**Warning**: This could be a breaking change for some packages that
are very old and rely on this extension, maintainer discretion is
advised.
 python3Packages.xdis: 4.0.1 -> 4.0.3
libressl: build libcrypto with noexecstack
gitkraken: 6.1.3 -> 6.1.4
Fixes #67174.
Dead project, broken with openssl 1.1
Dead project, broken with openssl 1.1
nixos/containers: fix imperative containers
Dead project, broken with openssl 1.1
xonsh: 0.9.9 -> 0.9.10
wpa_supplicant: 2.8 -> 2.9
wpgtk: 6.0.8 -> 6.0.9
waybar: 0.7.1 -> 0.7.2
xst: 0.7.1 -> 0.7.2
@lheckemann lheckemann force-pushed the lheckemann:staging+openssl branch from 06a46cf to 436bbbd Aug 24, 2019
@vcunat

This comment has been minimized.

Copy link
Member

commented Aug 24, 2019

Oh, I haven't noticed this work. I'm afraid I duplicated much of it now when merging master to staging-next in 2e6bf42.

In my experience it's a bit better to merge like master <-> staging-next <-> staging and not the spiral-staircase master -> staging -> staging-next -> master. (Well, for most/easy changes it doesn't matter how you do it.)

@lheckemann

This comment has been minimized.

Copy link
Member Author

commented Aug 24, 2019

Yeah that's my fault for breaking the merge yesterday, thus not being able to push it until I recovered it this morning… Sorry about that!

@lheckemann

This comment has been minimized.

Copy link
Member Author

commented Aug 24, 2019

So do you want to merge staging-next into staging?

@vcunat

This comment has been minimized.

Copy link
Member

commented Aug 24, 2019

When the conflict-resolution work was done twice, we might as well compare whether my merge and yours arrived at the same result :-) (after merging into some common staging commit) At least in my case it's well possible I overlooked some things that weren't caught as evaluation errors (I had to fixup two or three of those).

@edolstra

This comment has been minimized.

Copy link
Member

commented Aug 24, 2019

I don't get this PR. If master already has openssl 1.1, then why does openssl 1.1 specifically need to be merged into staging? Shouldn't we just merge master into staging?

@vcunat

This comment has been minimized.

Copy link
Member

commented Aug 24, 2019

git reports conflicts in very many files, so it's not just a trivial step. (I know of no other motivation.)

@FRidh

This comment has been minimized.

Copy link
Member

commented Aug 25, 2019

@lheckemann lheckemann closed this Aug 26, 2019
@obadz

This comment has been minimized.

Copy link
Contributor

commented on 5ed5493 Sep 7, 2019

Is there a good replacement for ssvncviewer ? Couldn't we just override it against pkgs.openssl_1_0_* ?

Re the dead projects, anything that's sourceforge based is probably dead but we can't exactly get rid of it all...

~/src/nix/pkgs$ grep -sr mirror://sourceforge . | wc -l
950

This comment has been minimized.

Copy link
Member Author

replied Sep 7, 2019

There are a number of vnc clients, is there anything that makes ssvnc special? Openssl 1.0.2 will be EOL at the end of the year, so we should stop depending on it as much as possible.

Probably yes, but they don't depend on cryptography library versions that don't get udpates.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.