Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

oraclejdk8: 8u211 -> 8u241 #77783

Merged
merged 1 commit into from Feb 2, 2020
Merged

oraclejdk8: 8u211 -> 8u241 #77783

merged 1 commit into from Feb 2, 2020

Conversation

@volth
Copy link
Contributor

volth commented Jan 15, 2020

Oracle JDK has not been updated since April 2019 so it should be either updated or marked with meta.vulnerable = true.

Besides many fixes, there are 2 changes affected packaging:

  1. There are no more CPU and PSU versions, so I removed oraclejdk8psu. I might need to add oraclejdk8psu = oraclejdk8 in aliases.nix but I am not sure in correctness of this step.

  2. it is not possible to download with curl -b oraclelicense=a, so fetchurl is back to requireFile. We might be able to develop an automated downloader using selenuim or something like.

@volth volth requested a review from Mic92 Jan 15, 2020
@volth volth force-pushed the volth:oraclejdk8u241 branch from 07cd873 to 619d52a Jan 15, 2020
@volth volth requested a review from NeQuissimus Jan 21, 2020
@nixos-discourse

This comment has been minimized.

Copy link

nixos-discourse commented Feb 2, 2020

This pull request has been mentioned on NixOS Discourse. There might be relevant details there:

https://discourse.nixos.org/t/nixos-20-03-feature-freeze/5655/14

@Ma27 Ma27 merged commit abb5778 into NixOS:master Feb 2, 2020
12 checks passed
12 checks passed
Evaluation Performance Report Evaluator Performance Report
Details
grahamcofborg-eval ^.^!
Details
grahamcofborg-eval-check-meta config.nix: checkMeta = true
Details
grahamcofborg-eval-darwin nix-instantiate --arg nixpkgs { outPath=./.; revCount=999999; shortRev="ofborg"; } ./pkgs/top-level/release.nix -A darwin-tested
Details
grahamcofborg-eval-nixos nix-instantiate --arg nixpkgs { outPath=./.; revCount=999999; shortRev="ofborg"; } ./nixos/release-combined.nix -A tested
Details
grahamcofborg-eval-nixos-manual nix-instantiate --arg nixpkgs { outPath=./.; revCount=999999; shortRev="ofborg"; } ./nixos/release.nix -A manual
Details
grahamcofborg-eval-nixos-options nix-instantiate --arg nixpkgs { outPath=./.; revCount=999999; shortRev="ofborg"; } ./nixos/release.nix -A options
Details
grahamcofborg-eval-nixpkgs-manual nix-instantiate --arg nixpkgs { outPath=./.; revCount=999999; shortRev="ofborg"; } ./pkgs/top-level/release.nix -A manual
Details
grahamcofborg-eval-nixpkgs-tarball nix-instantiate --arg nixpkgs { outPath=./.; revCount=999999; shortRev="ofborg"; } ./pkgs/top-level/release.nix -A tarball
Details
grahamcofborg-eval-nixpkgs-unstable-jobset nix-instantiate --arg nixpkgs { outPath=./.; revCount=999999; shortRev="ofborg"; } ./pkgs/top-level/release.nix -A unstable
Details
grahamcofborg-eval-package-list nix-env -qa --json --file .
Details
grahamcofborg-eval-package-list-no-aliases nix-env -qa --json --file . --arg config { allowAliases = false; }
Details
@Ma27

This comment has been minimized.

Copy link
Member

Ma27 commented Feb 2, 2020

Thanks! Also published some release notes about this: 0c96026

Currently checking how much effort it would be to backport this :)

@Ma27

This comment has been minimized.

Copy link
Member

Ma27 commented Feb 2, 2020

So, travelling home from FOSDEM took a bit longer than I expected, will take care of #79129 and the backport tomorrow :)

@danbst

This comment has been minimized.

Copy link
Contributor

danbst commented Feb 3, 2020

We might be able to develop an automated downloader using selenuim

wasn't OracleJDK hidden by paywall or registerwall? I'm redirected to https://login.oracle.com/mysso/signon.jsp when I try to download any release.

@Ma27

This comment has been minimized.

Copy link
Member

Ma27 commented Feb 3, 2020

wasn't OracleJDK hidden by paywall or registerwall? I'm redirected to https://login.oracle.com/mysso/signon.jsp when I try to download any release.

Yes. I guess this is related to their altered licensing model. But tbh I doubt that we should keep old oraclejdk versions.

Yes, that's what I meant. It seems difficult to bypass registerwall only with curl.

I'm definetely not a lawyer, but are we sure that doesn't violate their terms of use?

@Ma27

This comment has been minimized.

Copy link
Member

Ma27 commented Feb 4, 2020

@NixOS/backports how would you backport this package to 19.09? On one hand we have a fairly oudated oraclejdk version there, on the other hand, this is definetely a breaking change (packages got removed and the src needs to be obtained with requireFile now). OTOH I'm sure that there are at least some oraclejdk users on 19.09, so simply marking this as vulnerable is IMHO not an option.

I'd suggest we enhance the error message of requireFile explaining why this was updated on 19.09 and simply add oraclejdk8psu = throw ... for the removed *psu packages, but I'm not sure if that's sufficient.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked issues

Successfully merging this pull request may close these issues.

None yet

5 participants
You can’t perform that action at this time.