chromium,ungoogled-chromium: fix ofborg maintainer pings
ofborg uses `builtins.unsafeGetAttrPos` internally, to figure out which maintainers need to be pinged. e.g: `builtins.unsafeGetAttrPos "version" drv` When using a `.json` file containing the version via `lib.importJSON`, this will always return `null` and thus leading to no pings at all. This commit works around this, resulting in properly working pings for any changes to the upstream-info file. A similar thing has been done for element-{web,desktop} in the past.
This commit is contained in:
parent
971443c80e
commit
68c59791fb
|
@ -17,9 +17,9 @@
|
||||||
Hydra). We use these channels for testing and to fix build errors in advance
|
Hydra). We use these channels for testing and to fix build errors in advance
|
||||||
so that `chromium` updates are trivial and can be merged fast.
|
so that `chromium` updates are trivial and can be merged fast.
|
||||||
- `google-chrome`, `google-chrome-beta`, `google-chrome-dev`: Updated via
|
- `google-chrome`, `google-chrome-beta`, `google-chrome-dev`: Updated via
|
||||||
Chromium's `upstream-info.json`
|
Chromium's `upstream-info.nix`
|
||||||
- `ungoogled-chromium`: @squalus
|
- `ungoogled-chromium`: @squalus
|
||||||
- `chromedriver`: Updated via Chromium's `upstream-info.json` and not built
|
- `chromedriver`: Updated via Chromium's `upstream-info.nix` and not built
|
||||||
from source.
|
from source.
|
||||||
|
|
||||||
# Upstream links
|
# Upstream links
|
||||||
|
@ -35,9 +35,9 @@
|
||||||
# Updating Chromium
|
# Updating Chromium
|
||||||
|
|
||||||
Simply run `./pkgs/applications/networking/browsers/chromium/update.py` to
|
Simply run `./pkgs/applications/networking/browsers/chromium/update.py` to
|
||||||
update `upstream-info.json`. After updates it is important to test at least
|
update `upstream-info.nix`. After updates it is important to test at least
|
||||||
`nixosTests.chromium` (or basic manual testing) and `google-chrome` (which
|
`nixosTests.chromium` (or basic manual testing) and `google-chrome` (which
|
||||||
reuses `upstream-info.json`).
|
reuses `upstream-info.nix`).
|
||||||
|
|
||||||
Note: Due to the script downloading many large tarballs it might be
|
Note: Due to the script downloading many large tarballs it might be
|
||||||
necessary to adjust the available tmpfs size (it defaults to 10% of the
|
necessary to adjust the available tmpfs size (it defaults to 10% of the
|
||||||
|
@ -75,7 +75,7 @@ All updates are considered security critical and should be ported to the stable
|
||||||
channel ASAP. When there is a new stable release the old one should receive
|
channel ASAP. When there is a new stable release the old one should receive
|
||||||
security updates for roughly one month. After that it is important to mark
|
security updates for roughly one month. After that it is important to mark
|
||||||
Chromium as insecure (see 69e4ae56c4b for an example; it is important that the
|
Chromium as insecure (see 69e4ae56c4b for an example; it is important that the
|
||||||
tested job still succeeds and that all browsers that use `upstream-info.json`
|
tested job still succeeds and that all browsers that use `upstream-info.nix`
|
||||||
are marked as insecure).
|
are marked as insecure).
|
||||||
|
|
||||||
## Major version updates
|
## Major version updates
|
||||||
|
|
|
@ -374,7 +374,12 @@ let
|
||||||
gn = gnChromium;
|
gn = gnChromium;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
}
|
||||||
|
# overwrite `version` with the exact same `version` from the same source,
|
||||||
|
# except it internally points to `upstream-info.nix` for
|
||||||
|
# `builtins.unsafeGetAttrPos`, which is used by ofborg to decide
|
||||||
|
# which maintainers need to be pinged.
|
||||||
|
// builtins.removeAttrs upstream-info (builtins.filter (e: e != "version") (builtins.attrNames upstream-info));
|
||||||
|
|
||||||
# Remove some extraAttrs we supplied to the base attributes already.
|
# Remove some extraAttrs we supplied to the base attributes already.
|
||||||
in stdenv.mkDerivation (base // removeAttrs extraAttrs [
|
in stdenv.mkDerivation (base // removeAttrs extraAttrs [
|
||||||
|
|
|
@ -22,11 +22,11 @@ let
|
||||||
llvmPackages = llvmPackages_16;
|
llvmPackages = llvmPackages_16;
|
||||||
stdenv = llvmPackages.stdenv;
|
stdenv = llvmPackages.stdenv;
|
||||||
|
|
||||||
upstream-info = (lib.importJSON ./upstream-info.json).${channel};
|
upstream-info = (import ./upstream-info.nix).${channel};
|
||||||
|
|
||||||
# Helper functions for changes that depend on specific versions:
|
# Helper functions for changes that depend on specific versions:
|
||||||
warnObsoleteVersionConditional = min-version: result:
|
warnObsoleteVersionConditional = min-version: result:
|
||||||
let ungoogled-version = (lib.importJSON ./upstream-info.json).ungoogled-chromium.version;
|
let ungoogled-version = (import ./upstream-info.nix).ungoogled-chromium.version;
|
||||||
in lib.warnIf
|
in lib.warnIf
|
||||||
(lib.versionAtLeast ungoogled-version min-version)
|
(lib.versionAtLeast ungoogled-version min-version)
|
||||||
"chromium: ungoogled version ${ungoogled-version} is newer than a conditional bounded at ${min-version}. You can safely delete it."
|
"chromium: ungoogled version ${ungoogled-version} is newer than a conditional bounded at ${min-version}. You can safely delete it."
|
||||||
|
@ -71,10 +71,10 @@ let
|
||||||
# Use the latest stable Chrome version if necessary:
|
# Use the latest stable Chrome version if necessary:
|
||||||
version = if chromium.upstream-info.sha256bin64 != null
|
version = if chromium.upstream-info.sha256bin64 != null
|
||||||
then chromium.upstream-info.version
|
then chromium.upstream-info.version
|
||||||
else (lib.importJSON ./upstream-info.json).stable.version;
|
else (import ./upstream-info.nix).stable.version;
|
||||||
sha256 = if chromium.upstream-info.sha256bin64 != null
|
sha256 = if chromium.upstream-info.sha256bin64 != null
|
||||||
then chromium.upstream-info.sha256bin64
|
then chromium.upstream-info.sha256bin64
|
||||||
else (lib.importJSON ./upstream-info.json).stable.sha256bin64;
|
else (import ./upstream-info.nix).stable.sha256bin64;
|
||||||
in fetchurl {
|
in fetchurl {
|
||||||
urls = map (repo: "${repo}/${pkgName}/${pkgName}_${version}-1_amd64.deb") [
|
urls = map (repo: "${repo}/${pkgName}/${pkgName}_${version}-1_amd64.deb") [
|
||||||
"https://dl.google.com/linux/chrome/deb/pool/main/g"
|
"https://dl.google.com/linux/chrome/deb/pool/main/g"
|
||||||
|
@ -139,8 +139,6 @@ let
|
||||||
|
|
||||||
sandboxExecutableName = chromium.browser.passthru.sandboxExecutableName;
|
sandboxExecutableName = chromium.browser.passthru.sandboxExecutableName;
|
||||||
|
|
||||||
version = chromium.browser.version;
|
|
||||||
|
|
||||||
# We want users to be able to enableWideVine without rebuilding all of
|
# We want users to be able to enableWideVine without rebuilding all of
|
||||||
# chromium, so we have a separate derivation here that copies chromium
|
# chromium, so we have a separate derivation here that copies chromium
|
||||||
# and adds the unfree WidevineCdm.
|
# and adds the unfree WidevineCdm.
|
||||||
|
@ -157,7 +155,7 @@ let
|
||||||
in stdenv.mkDerivation {
|
in stdenv.mkDerivation {
|
||||||
pname = lib.optionalString ungoogled "ungoogled-"
|
pname = lib.optionalString ungoogled "ungoogled-"
|
||||||
+ "chromium${suffix}";
|
+ "chromium${suffix}";
|
||||||
inherit version;
|
inherit (chromium.browser) version;
|
||||||
|
|
||||||
nativeBuildInputs = [
|
nativeBuildInputs = [
|
||||||
makeWrapper ed
|
makeWrapper ed
|
||||||
|
@ -236,3 +234,9 @@ in stdenv.mkDerivation {
|
||||||
inherit chromeSrc sandboxExecutableName;
|
inherit chromeSrc sandboxExecutableName;
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
# the following is a complicated and long-winded variant of
|
||||||
|
# `inherit (chromium.browser) version`, with the added benefit
|
||||||
|
# that it keeps the pointer to upstream-info.nix for
|
||||||
|
# builtins.unsafeGetAttrPos, which is what ofborg uses to
|
||||||
|
# decide which maintainers need to be pinged.
|
||||||
|
// builtins.removeAttrs chromium.browser (builtins.filter (e: e != "version") (builtins.attrNames chromium.browser))
|
||||||
|
|
|
@ -1,8 +1,8 @@
|
||||||
#! /usr/bin/env nix-shell
|
#! /usr/bin/env nix-shell
|
||||||
#! nix-shell -i python -p python3 nix nix-prefetch-git
|
#! nix-shell -i python -p python3 nix nixfmt nix-prefetch-git
|
||||||
|
|
||||||
"""This script automatically updates chromium, google-chrome, chromedriver, and ungoogled-chromium
|
"""This script automatically updates chromium, google-chrome, chromedriver, and ungoogled-chromium
|
||||||
via upstream-info.json."""
|
via upstream-info.nix."""
|
||||||
# Usage: ./update.py [--commit]
|
# Usage: ./update.py [--commit]
|
||||||
|
|
||||||
import base64
|
import base64
|
||||||
|
@ -23,16 +23,23 @@ RELEASES_URL = 'https://versionhistory.googleapis.com/v1/chrome/platforms/linux/
|
||||||
DEB_URL = 'https://dl.google.com/linux/chrome/deb/pool/main/g'
|
DEB_URL = 'https://dl.google.com/linux/chrome/deb/pool/main/g'
|
||||||
BUCKET_URL = 'https://commondatastorage.googleapis.com/chromium-browser-official'
|
BUCKET_URL = 'https://commondatastorage.googleapis.com/chromium-browser-official'
|
||||||
|
|
||||||
JSON_PATH = dirname(abspath(__file__)) + '/upstream-info.json'
|
PIN_PATH = dirname(abspath(__file__)) + '/upstream-info.nix'
|
||||||
UNGOOGLED_FLAGS_PATH = dirname(abspath(__file__)) + '/ungoogled-flags.toml'
|
UNGOOGLED_FLAGS_PATH = dirname(abspath(__file__)) + '/ungoogled-flags.toml'
|
||||||
COMMIT_MESSAGE_SCRIPT = dirname(abspath(__file__)) + '/get-commit-message.py'
|
COMMIT_MESSAGE_SCRIPT = dirname(abspath(__file__)) + '/get-commit-message.py'
|
||||||
|
|
||||||
|
|
||||||
def load_json(path):
|
def load_as_json(path):
|
||||||
"""Loads the given JSON file."""
|
"""Loads the given nix file as JSON."""
|
||||||
with open(path, 'r') as f:
|
out = subprocess.check_output(['nix-instantiate', '--eval', '--strict', '--json', path])
|
||||||
return json.load(f)
|
return json.loads(out)
|
||||||
|
|
||||||
|
def save_dict_as_nix(path, input):
|
||||||
|
"""Saves the given dict/JSON as nix file."""
|
||||||
|
json_string = json.dumps(input)
|
||||||
|
nix = subprocess.check_output(['nix-instantiate', '--eval', '--expr', '{ json }: builtins.fromJSON json', '--argstr', 'json', json_string])
|
||||||
|
formatted = subprocess.check_output(['nixfmt'], input=nix)
|
||||||
|
with open(path, 'w') as out:
|
||||||
|
out.write(formatted.decode())
|
||||||
|
|
||||||
def nix_prefetch_url(url, algo='sha256'):
|
def nix_prefetch_url(url, algo='sha256'):
|
||||||
"""Prefetches the content of the given URL."""
|
"""Prefetches the content of the given URL."""
|
||||||
|
@ -160,7 +167,7 @@ def print_updates(channels_old, channels_new):
|
||||||
|
|
||||||
|
|
||||||
channels = {}
|
channels = {}
|
||||||
last_channels = load_json(JSON_PATH)
|
last_channels = load_as_json(PIN_PATH)
|
||||||
|
|
||||||
|
|
||||||
print(f'GET {RELEASES_URL}', file=sys.stderr)
|
print(f'GET {RELEASES_URL}', file=sys.stderr)
|
||||||
|
@ -225,9 +232,7 @@ if len(sys.argv) == 2 and sys.argv[1] == '--commit':
|
||||||
version_new = sorted_channels[channel_name]['version']
|
version_new = sorted_channels[channel_name]['version']
|
||||||
if LooseVersion(version_old) < LooseVersion(version_new):
|
if LooseVersion(version_old) < LooseVersion(version_new):
|
||||||
last_channels[channel_name] = sorted_channels[channel_name]
|
last_channels[channel_name] = sorted_channels[channel_name]
|
||||||
with open(JSON_PATH, 'w') as out:
|
save_dict_as_nix(PIN_PATH, last_channels)
|
||||||
json.dump(last_channels, out, indent=2)
|
|
||||||
out.write('\n')
|
|
||||||
attr_name = channel_name_to_attr_name(channel_name)
|
attr_name = channel_name_to_attr_name(channel_name)
|
||||||
commit_message = f'{attr_name}: {version_old} -> {version_new}'
|
commit_message = f'{attr_name}: {version_old} -> {version_new}'
|
||||||
if channel_name == 'stable':
|
if channel_name == 'stable':
|
||||||
|
@ -238,7 +243,5 @@ if len(sys.argv) == 2 and sys.argv[1] == '--commit':
|
||||||
subprocess.run(['git', 'add', JSON_PATH], check=True)
|
subprocess.run(['git', 'add', JSON_PATH], check=True)
|
||||||
subprocess.run(['git', 'commit', '--file=-'], input=commit_message.encode(), check=True)
|
subprocess.run(['git', 'commit', '--file=-'], input=commit_message.encode(), check=True)
|
||||||
else:
|
else:
|
||||||
with open(JSON_PATH, 'w') as out:
|
save_dict_as_nix(PIN_PATH, sorted_channels)
|
||||||
json.dump(sorted_channels, out, indent=2)
|
|
||||||
out.write('\n')
|
|
||||||
print_updates(last_channels, sorted_channels)
|
print_updates(last_channels, sorted_channels)
|
||||||
|
|
|
@ -1,64 +0,0 @@
|
||||||
{
|
|
||||||
"stable": {
|
|
||||||
"version": "115.0.5790.110",
|
|
||||||
"sha256": "0wgp44qnvmdqf2kk870ndm51rcvar36li2qq632ay4n8gfpbrm79",
|
|
||||||
"sha256bin64": "1w2jl92x78s4vxv4p1imkz7qaq51yvs0wiz2bclbjz0hjlw9akr3",
|
|
||||||
"deps": {
|
|
||||||
"gn": {
|
|
||||||
"version": "2023-05-19",
|
|
||||||
"url": "https://gn.googlesource.com/gn",
|
|
||||||
"rev": "e9e83d9095d3234adf68f3e2866f25daf766d5c7",
|
|
||||||
"sha256": "0y07c18xskq4mclqiz3a63fz8jicz2kqridnvdhqdf75lhp61f8a"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"chromedriver": {
|
|
||||||
"version": "115.0.5790.98",
|
|
||||||
"sha256_linux": "1797qmb213anvp9lmrkj6wmfdwkdfswmshmk1816zankw5dl883j",
|
|
||||||
"sha256_darwin": "1c41cb7zh13ny4xvpwy7703cnjrkmqxd3n8zpja7n6a38mi8mgsk",
|
|
||||||
"sha256_darwin_aarch64": "1kliszw10jnnlhzi8jrdzjq0r7vfn6ksk1spsh2rfn2hmghccv2d"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"beta": {
|
|
||||||
"version": "116.0.5845.50",
|
|
||||||
"sha256": "0r5m2bcrh2zpl2m8wnzyl4afh8s0dh2m2fnfjf50li94694vy4jz",
|
|
||||||
"sha256bin64": "047wsszg4c23vxq93a335iymiqpy7lw5izzz4f0zk1a4sijafd59",
|
|
||||||
"deps": {
|
|
||||||
"gn": {
|
|
||||||
"version": "2023-06-09",
|
|
||||||
"url": "https://gn.googlesource.com/gn",
|
|
||||||
"rev": "4bd1a77e67958fb7f6739bd4542641646f264e5d",
|
|
||||||
"sha256": "14h9jqspb86sl5lhh6q0kk2rwa9zcak63f8drp7kb3r4dx08vzsw"
|
|
||||||
}
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"dev": {
|
|
||||||
"version": "117.0.5897.3",
|
|
||||||
"sha256": "0pyf3k58m26lkc6v6mqpwvhyaj6bbyywl4c17cxb5zmzc1zmc5ia",
|
|
||||||
"sha256bin64": "10w5dm68aaffgdq0xqi4ans2w7byisqqld09pz5vpk350gy16fjh",
|
|
||||||
"deps": {
|
|
||||||
"gn": {
|
|
||||||
"version": "2023-07-12",
|
|
||||||
"url": "https://gn.googlesource.com/gn",
|
|
||||||
"rev": "fae280eabe5d31accc53100137459ece19a7a295",
|
|
||||||
"sha256": "02javy4jsllwl4mxl2zmg964jvzw800w6gbmr5z6jdkip24fw0kj"
|
|
||||||
}
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"ungoogled-chromium": {
|
|
||||||
"version": "115.0.5790.110",
|
|
||||||
"sha256": "0wgp44qnvmdqf2kk870ndm51rcvar36li2qq632ay4n8gfpbrm79",
|
|
||||||
"sha256bin64": "1w2jl92x78s4vxv4p1imkz7qaq51yvs0wiz2bclbjz0hjlw9akr3",
|
|
||||||
"deps": {
|
|
||||||
"gn": {
|
|
||||||
"version": "2023-05-19",
|
|
||||||
"url": "https://gn.googlesource.com/gn",
|
|
||||||
"rev": "e9e83d9095d3234adf68f3e2866f25daf766d5c7",
|
|
||||||
"sha256": "0y07c18xskq4mclqiz3a63fz8jicz2kqridnvdhqdf75lhp61f8a"
|
|
||||||
},
|
|
||||||
"ungoogled-patches": {
|
|
||||||
"rev": "115.0.5790.110-1",
|
|
||||||
"sha256": "1jahy4jl5bnnzl6433hln0dj3b39v5zqd90n8zf7ss45wqrff91b"
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
|
@ -0,0 +1,65 @@
|
||||||
|
{
|
||||||
|
beta = {
|
||||||
|
deps = {
|
||||||
|
gn = {
|
||||||
|
rev = "4bd1a77e67958fb7f6739bd4542641646f264e5d";
|
||||||
|
sha256 = "14h9jqspb86sl5lhh6q0kk2rwa9zcak63f8drp7kb3r4dx08vzsw";
|
||||||
|
url = "https://gn.googlesource.com/gn";
|
||||||
|
version = "2023-06-09";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
sha256 = "0r5m2bcrh2zpl2m8wnzyl4afh8s0dh2m2fnfjf50li94694vy4jz";
|
||||||
|
sha256bin64 = "047wsszg4c23vxq93a335iymiqpy7lw5izzz4f0zk1a4sijafd59";
|
||||||
|
version = "116.0.5845.50";
|
||||||
|
};
|
||||||
|
dev = {
|
||||||
|
deps = {
|
||||||
|
gn = {
|
||||||
|
rev = "fae280eabe5d31accc53100137459ece19a7a295";
|
||||||
|
sha256 = "02javy4jsllwl4mxl2zmg964jvzw800w6gbmr5z6jdkip24fw0kj";
|
||||||
|
url = "https://gn.googlesource.com/gn";
|
||||||
|
version = "2023-07-12";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
sha256 = "0pyf3k58m26lkc6v6mqpwvhyaj6bbyywl4c17cxb5zmzc1zmc5ia";
|
||||||
|
sha256bin64 = "10w5dm68aaffgdq0xqi4ans2w7byisqqld09pz5vpk350gy16fjh";
|
||||||
|
version = "117.0.5897.3";
|
||||||
|
};
|
||||||
|
stable = {
|
||||||
|
chromedriver = {
|
||||||
|
sha256_darwin = "1c41cb7zh13ny4xvpwy7703cnjrkmqxd3n8zpja7n6a38mi8mgsk";
|
||||||
|
sha256_darwin_aarch64 =
|
||||||
|
"1kliszw10jnnlhzi8jrdzjq0r7vfn6ksk1spsh2rfn2hmghccv2d";
|
||||||
|
sha256_linux = "1797qmb213anvp9lmrkj6wmfdwkdfswmshmk1816zankw5dl883j";
|
||||||
|
version = "115.0.5790.98";
|
||||||
|
};
|
||||||
|
deps = {
|
||||||
|
gn = {
|
||||||
|
rev = "e9e83d9095d3234adf68f3e2866f25daf766d5c7";
|
||||||
|
sha256 = "0y07c18xskq4mclqiz3a63fz8jicz2kqridnvdhqdf75lhp61f8a";
|
||||||
|
url = "https://gn.googlesource.com/gn";
|
||||||
|
version = "2023-05-19";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
sha256 = "0wgp44qnvmdqf2kk870ndm51rcvar36li2qq632ay4n8gfpbrm79";
|
||||||
|
sha256bin64 = "1w2jl92x78s4vxv4p1imkz7qaq51yvs0wiz2bclbjz0hjlw9akr3";
|
||||||
|
version = "115.0.5790.110";
|
||||||
|
};
|
||||||
|
ungoogled-chromium = {
|
||||||
|
deps = {
|
||||||
|
gn = {
|
||||||
|
rev = "e9e83d9095d3234adf68f3e2866f25daf766d5c7";
|
||||||
|
sha256 = "0y07c18xskq4mclqiz3a63fz8jicz2kqridnvdhqdf75lhp61f8a";
|
||||||
|
url = "https://gn.googlesource.com/gn";
|
||||||
|
version = "2023-05-19";
|
||||||
|
};
|
||||||
|
ungoogled-patches = {
|
||||||
|
rev = "115.0.5790.110-1";
|
||||||
|
sha256 = "1jahy4jl5bnnzl6433hln0dj3b39v5zqd90n8zf7ss45wqrff91b";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
sha256 = "0wgp44qnvmdqf2kk870ndm51rcvar36li2qq632ay4n8gfpbrm79";
|
||||||
|
sha256bin64 = "1w2jl92x78s4vxv4p1imkz7qaq51yvs0wiz2bclbjz0hjlw9akr3";
|
||||||
|
version = "115.0.5790.110";
|
||||||
|
};
|
||||||
|
}
|
|
@ -6,7 +6,7 @@
|
||||||
}:
|
}:
|
||||||
|
|
||||||
let
|
let
|
||||||
upstream-info = (lib.importJSON ../../../../applications/networking/browsers/chromium/upstream-info.json).stable.chromedriver;
|
upstream-info = (import ../../../../applications/networking/browsers/chromium/upstream-info.nix).stable.chromedriver;
|
||||||
allSpecs = {
|
allSpecs = {
|
||||||
x86_64-linux = {
|
x86_64-linux = {
|
||||||
system = "linux64";
|
system = "linux64";
|
||||||
|
|
Loading…
Reference in a new issue