Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Backport 24.11] teleport_15: 15.4.26 -> 15.4.29; teleport_16: 16.4.14 -> 16.4.16; teleport_17: 17.2.1 -> 17.2.9 #387339

Merged
merged 4 commits into from
Mar 22, 2025
Merged

[Backport 24.11] teleport_15: 15.4.26 -> 15.4.29; teleport_16: 16.4.14 -> 16.4.16; teleport_17: 17.2.1 -> 17.2.9 #387339

merged 4 commits into from
Mar 22, 2025

Conversation

JuliusFreudenberger
Copy link
Contributor

@JuliusFreudenberger JuliusFreudenberger commented Mar 5, 2025
edited
Loading

Manual backport of #383650 and #385524.

Again needed some manual merge conflict handling due to different handling of wasm-bindgen-cli.

cc @techknowlogick

Things done

  • Built on platform(s)
    • x86_64-linux
    • aarch64-linux
    • x86_64-darwin
    • aarch64-darwin
  • For non-Linux: Is sandboxing enabled in nix.conf? (See Nix manual)
    • sandbox = relaxed
    • sandbox = true
  • Tested, as applicable:
  • Tested compilation of all packages that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage
  • Tested basic functionality of all binary files (usually in ./result/bin/)
  • 25.05 Release Notes (or backporting 24.11 and 25.05 Release notes)
    • (Package updates) Added a release notes entry if the change is major or breaking
    • (Module updates) Added a release notes entry if the change is significant
    • (Module addition) Added a release notes entry if adding a new NixOS module
  • Fits CONTRIBUTING.md.

Add a 👍 reaction to pull requests you find important.

@JuliusFreudenberger
Copy link
Contributor Author

nixpkgs-review result

Generated using nixpkgs-review.

Command: nixpkgs-review pr 387339

x86_64-linux

✅ 6 packages built:
  • teleport (teleport_16)
  • teleport.client (teleport_16.client)
  • teleport_15
  • teleport_15.client
  • teleport_17
  • teleport_17.client

@techknowlogick
Copy link
Member

nixpkgs-review result

Generated using nixpkgs-review.

Command: nixpkgs-review pr 387339

aarch64-darwin

✅ 6 packages built:
  • teleport (teleport_16)
  • teleport.client (teleport_16.client)
  • teleport_15
  • teleport_15.client
  • teleport_17
  • teleport_17.client

@wegank wegank added the 12.approvals: 1 This PR was reviewed and approved by one reputable person label Mar 5, 2025
@JuliusFreudenberger JuliusFreudenberger changed the title [Backport 24.11] teleport_15: 15.4.26 -> 15.4.29; teleport_16: 16.4.14 -> 16.4.16; teleport_17: 17.2.1 -> 17.2.9 [Backport 24.11] teleport_15: 15.4.26 -> 15.4.30; teleport_16: 16.4.14 -> 16.4.17; teleport_17: 17.2.1 -> 17.3.3 Mar 14, 2025
@JuliusFreudenberger JuliusFreudenberger force-pushed the backport-383650-to-release-24.11 branch from d2a4d3f to 0cf4d1d Compare March 14, 2025 08:33
@JuliusFreudenberger JuliusFreudenberger changed the title [Backport 24.11] teleport_15: 15.4.26 -> 15.4.30; teleport_16: 16.4.14 -> 16.4.17; teleport_17: 17.2.1 -> 17.3.3 [Backport 24.11] teleport_15: 15.4.26 -> 15.4.29; teleport_16: 16.4.14 -> 16.4.16; teleport_17: 17.2.1 -> 17.2.9 Mar 14, 2025
@JuliusFreudenberger
Copy link
Contributor Author

Sorry, I was too fast with backporting new updates. These are dependent on go_1_23_7, which is still in staging-24.11.

@JuliusFreudenberger
Copy link
Contributor Author

@JohnRTitor, could you have a look at this, please? You suggested to ping a maintainer when a PR is not discovered. I think this is ready to merge as it is now.

@JohnRTitor
Copy link
Contributor

nixpkgs-review result

Generated using nixpkgs-review-gha

Command: nixpkgs-review pr 387339

Logs: https://github.com/JohnRTitor/nixpkgs-review-gha/actions/runs/13997733461

x86_64-linux

✅ 6 packages built:
  • teleport (teleport_16)
  • teleport.client (teleport_16.client)
  • teleport_15
  • teleport_15.client
  • teleport_17
  • teleport_17.client

aarch64-linux

✅ 6 packages built:
  • teleport (teleport_16)
  • teleport.client (teleport_16.client)
  • teleport_15
  • teleport_15.client
  • teleport_17
  • teleport_17.client

x86_64-darwin

❌ 6 packages failed to build:
  • teleport (teleport_16)
  • teleport.client (teleport_16.client)
  • teleport_15
  • teleport_15.client
  • teleport_17
  • teleport_17.client

aarch64-darwin

✅ 6 packages built:
  • teleport (teleport_16)
  • teleport.client (teleport_16.client)
  • teleport_15
  • teleport_15.client
  • teleport_17
  • teleport_17.client

@JuliusFreudenberger
Copy link
Contributor Author

x86_64-darwin

❌ 6 packages failed to build:

The failing build is not introduced by this PR. As I have no Darwin machine, I cannot investigate further.
One hope is the newer updates, which brought some changes to the affected library. These however depend on a go 1.23.7, which has not reached release-24.11 yet.

@JohnRTitor
Copy link
Contributor

Then mark it broken for now.

@JuliusFreudenberger
Copy link
Contributor Author

Then mark it broken for now.

Only for the stable release or also on master? I could not find a similar jobset in hydra that builds the master branch on darwin to check the builds there.

@JohnRTitor
Copy link
Contributor

JohnRTitor commented Mar 22, 2025
edited
Loading

Builds fine on master.

johnrtitor@darwin01 ~ % nix build "github:nixos/nixpkgs/master#teleport_17" --print-out-paths --system "x86_64-darwin"
/nix/store/xqyz3080lfwh2h72np5vm375v8j251bs-teleport-17.3.3
johnrtitor@darwin01 ~ % nix build "github:nixos/nixpkgs/master#teleport_16" --print-out-paths --system "x86_64-darwin"
/nix/store/dkxsfi9ic77cgg2n2h934b0ygrbylz1b-teleport-16.4.17
johnrtitor@darwin01 ~ % nix build "github:nixos/nixpkgs/master#teleport_15" --print-out-paths --system "x86_64-darwin"
/nix/store/c90ggy2bjcsr7sgaf9b8z5m3c30a0jbr-teleport-15.4.30

But doesn't on release-24.11 (without this PR patch):

johnrtitor@darwin01 ~ % nix build "github:nixos/nixpkgs/release-24.11#teleport_16" --print-out-paths --system "x86_64-darwin"
error: builder for '/nix/store/1yvxa9nin09qdifxkfg19ycb8swda0bf-teleport-rdpclient-16.4.14.drv' failed with exit code 101;
       last 25 log lines:
       >   exit status: 0
       >   exit status: 0
       >   exit status: 0
       >   exit status: 0
       >   exit status: 0
       >   exit status: 0
       >   exit status: 0
       >   exit status: 0
       >   exit status: 0
       >   exit status: 0
       >   exit status: 0
       >   exit status: 0
       >   exit status: 0
       >   exit status: 0
       >   exit status: 0
       >   exit status: 0
       >   exit status: 0
       >   exit status: 0
       >
       >   --- stderr
       >
       >
       >   error occurred: Command env -u IPHONEOS_DEPLOYMENT_TARGET "/nix/store/ff6gfmiq4kx1ic6y40sv7gxcslj28r12-clang-wrapper-16.0.6/bin/cc" "-O3" "-ffunction-sections" "-fdata-sections" "-fPIC" "-gdwarf-2" "-fno-omit-frame-pointer" "-m64" "--target=x86_64-apple-darwin" "-mmacosx-version-min=10.12" "-static" "-std=c11" "-I" "/private/tmp/nix-build-teleport-rdpclient-16.4.14.drv-0/teleport-rdpclient-16.4.14-vendor/aws-lc-sys-0.21.2/include" "-I" "/private/tmp/nix-build-teleport-rdpclient-16.4.14.drv-0/teleport-rdpclient-16.4.14-vendor/aws-lc-sys-0.21.2/generated-include" "-I" "/private/tmp/nix-build-teleport-rdpclient-16.4.14.drv-0/teleport-rdpclient-16.4.14-vendor/aws-lc-sys-0.21.2/aws-lc/include" "-I" "/private/tmp/nix-build-teleport-rdpclient-16.4.14.drv-0/teleport-rdpclient-16.4.14-vendor/aws-lc-sys-0.21.2/aws-lc/third_party/s2n-bignum/include" "-Wall" "-Wextra" "-Wno-unused-parameter" "-ffile-prefix-map=/private/tmp/nix-build-teleport-rdpclient-16.4.14.drv-0/teleport-rdpclient-16.4.14-vendor/aws-lc-sys-0.21.2=" "-DBORINGSSL_IMPLEMENTATION=1" "-DBORINGSSL_PREFIX=aws_lc_0_21_2" "-o" "/private/tmp/nix-build-teleport-rdpclient-16.4.14.drv-0/source/target/x86_64-apple-darwin/release/build/aws-lc-sys-c00b8e2939c3a1cf/out/5b139495b82cbe51-bcm.o" "-c" "/private/tmp/nix-build-teleport-rdpclient-16.4.14.drv-0/teleport-rdpclient-16.4.14-vendor/aws-lc-sys-0.21.2/aws-lc/crypto/fipsmodule/bcm.c" with args cc did not execute successfully (status code exit status: 1).
       >
       >
       For full logs, run 'nix log /nix/store/1yvxa9nin09qdifxkfg19ycb8swda0bf-teleport-rdpclient-16.4.14.drv'.
error: 1 dependencies of derivation '/nix/store/lkx4qkbcmzwsakwll91c85b5bjkqlfm0-teleport-16.4.14.drv' failed to build

So yeah, I would recommend just marking them as broken so Hydra doesn't try build over and over.

@JohnRTitor JohnRTitor added the 1.severity: security Issues which raise a security issue, or PRs that fix one label Mar 22, 2025
@JohnRTitor JohnRTitor merged commit d6b17b0 into NixOS:release-24.11 Mar 22, 2025
66 of 68 checks passed
@JohnRTitor
Copy link
Contributor

I am just gonna go ahead and merge, this security fix has been held for way too long already. @JuliusFreudenberger could you make a seperate PR marking this broken on "x86_64-darwin" targeting release-24.11?

@JuliusFreudenberger
Copy link
Contributor Author

Thank you for testing this more deeply! I will create a PR marking it broken on x86_64-darwin in release-24.11.
I hope, this can be lifted again on subsequent updates.

@JuliusFreudenberger JuliusFreudenberger deleted the backport-383650-to-release-24.11 branch March 22, 2025 20:46
JuliusFreudenberger added a commit to JuliusFreudenberger/nixpkgs that referenced this pull request Mar 23, 2025
@JuliusFreudenberger
teleport: mark broken on x86_64-darwin
c4238cc 
Due to problems building the rdpclient on this platform.
See NixOS#387339 (comment)
@JuliusFreudenberger JuliusFreudenberger mentioned this pull request Mar 23, 2025
Merged
13 tasks
JuliusFreudenberger added a commit to JuliusFreudenberger/nixpkgs that referenced this pull request Mar 23, 2025
@JuliusFreudenberger
teleport: mark broken on x86_64-darwin
3e522b4 
Due to problems building the rdpclient on this platform.
See NixOS#387339 (comment)
JuliusFreudenberger added a commit to JuliusFreudenberger/nixpkgs that referenced this pull request Mar 23, 2025
@JuliusFreudenberger
teleport: mark broken on x86_64-darwin
5376a4d 
Due to problems building the rdpclient on this platform.
See NixOS#387339 (comment)
JohnRTitor pushed a commit that referenced this pull request Mar 23, 2025
@JuliusFreudenberger @JohnRTitor
teleport: mark broken on x86_64-darwin
b1c6b3a 
Due to problems building the rdpclient on this platform.
See #387339 (comment)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@techknowlogick techknowlogick

@sigma sigma

@tomberek tomberek

@arianvp arianvp

@justinas justinas

@freezeboy freezeboy

Assignees
No one assigned
Labels
1.severity: security Issues which raise a security issue, or PRs that fix one 10.rebuild-darwin: 1-10 10.rebuild-linux: 1-10 12.approvals: 1 This PR was reviewed and approved by one reputable person
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@JuliusFreudenberger @techknowlogick @JohnRTitor @wegank