Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

electron_30-bin: mark as insecure because it's EOL, electron-source.electron_30: remove as it's EOL #350549

Merged
merged 2 commits into from
Oct 31, 2024

Conversation

emilylange
Copy link
Member

@emilylange emilylange commented Oct 22, 2024

I intend to merge this a week from now, 2024-10-30, a day before ZHF (see #339153)


A week or so too late but here we go:

This marks the binary variant of electron_30 as insecure and removes the source build.

electron_30 reached its end of life on 2024-10-15, see https://www.electronjs.org/docs/latest/tutorial/electron-timelines#timeline.

You may also want to see #335850 from a few weeks ago doing the same thing for electron_29.
It provides some context for how this usually works.

At any rate, the following packages are affected by this and need to move to some newer not-yet-EOL electron release:

Things done

  • Built on platform(s)
    • x86_64-linux
    • aarch64-linux
    • x86_64-darwin
    • aarch64-darwin
  • For non-Linux: Is sandboxing enabled in nix.conf? (See Nix manual)
    • sandbox = relaxed
    • sandbox = true
  • Tested, as applicable:
  • Tested compilation of all packages that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage
  • Tested basic functionality of all binary files (usually in ./result/bin/)
  • 24.11 Release Notes (or backporting 23.11 and 24.05 Release notes)
    • (Package updates) Added a release notes entry if the change is major or breaking
    • (Module updates) Added a release notes entry if the change is significant
    • (Module addition) Added a release notes entry if adding a new NixOS module
  • Fits CONTRIBUTING.md.

nixpkgs-review result

Generated using nixpkgs-review.

Command: nixpkgs-review pr 350549


x86_64-linux

@emilylange emilylange added 1.severity: security Issues which raise a security issue, or PRs that fix one backport release-24.05 Backport PR automatically labels Oct 22, 2024
@NotAShelf
Copy link
Member

Electron versions sure do get deprecated fast...

I'll take a look at Webcord soon.

@cjshearer
Copy link
Member

@NovusTheory is ytmdesktop in a position to cut a release with its latest changes (notably, electron 33)?

@khaneliman
Copy link
Contributor

khaneliman commented Oct 22, 2024

I'll take a look at teams-for-linux, real quick.

Have an open PR #350497 already so I'll bump it in there.

@NovusTheory
Copy link

@NovusTheory is ytmdesktop in a position to cut a release with its latest changes (notably, electron 33)?

@cjshearer I was mostly working on and waiting on some feature branches to be ready and merging everything in for a 2.1 release but I can look over getting a patch release of 2.0.6 pushed which can at least upgrade electron to 33 at minimum in the stable builds. Our dev branch already has the app updated to electron 33 so we should be ready in that sense.

@NotAShelf
Copy link
Member

webcord-vencord bump in #350622. Really unfortunate that we must lag behind latest electron, but it is what it is.

@NotAShelf
Copy link
Member

NotAShelf commented Oct 23, 2024

If nobody objects, I can tackle the antares package as well - got some free time in my hands.

Edit: I did it anyway.

@Bot-wxt1221
Copy link
Member

Bot-wxt1221 commented Oct 23, 2024

bilibili can't work properly on newer electron. We should use electron from upstream or use electron_30-bin.

Copy link
Member

@teutat3s teutat3s left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you for taking care of this 🙌

@teutat3s teutat3s added 12.approvals: 1 This PR was reviewed and approved by one reputable person 12.approved-by: package-maintainer This PR was reviewed and approved by a maintainer listed in the package labels Oct 24, 2024
Copy link
Member

@yayayayaka yayayayaka left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

thanks! :)

@wegank wegank added 12.approvals: 2 This PR was reviewed and approved by two reputable people and removed 12.approvals: 1 This PR was reviewed and approved by one reputable person labels Oct 26, 2024
@emilylange
Copy link
Member Author

I intend to merge this a week from now, 2024-10-30, a day before ZHF (see #339153)

This was supposed to be merged one day before restricting all breaking changes, but there was a typo in the announcement they changed yesterday.
Typos in stable release schedules are nothing new.
It was a pretty obvious typo, which I probably should have noticed. But I didn't.

At any rate, this does place us right in the "restrict all breaking changes" phase since a few hours.

@RossComputerGuy feel free to merge this PR now, a few hours late, or over the span of the next few days.
Whenever you feel like it is the right time.

@emilazy
Copy link
Member

emilazy commented Oct 26, 2024

Security trumps the freeze, I think this is fine.

@cjshearer
Copy link
Member

ytmdesktop PR for updating ytmdesktop from 2.0.5 -> 2.0.6, which bumps electron from 30 -> 33.

Thanks for the quick turnaround @NovusTheory!

@RossComputerGuy
Copy link
Member

Result of nixpkgs-review pr 350549 run on aarch64-linux 1

4 packages marked as broken and skipped:
  • bilibili
  • deltachat-desktop
  • electron_30
  • lx-music-desktop
4 packages built:
  • antares
  • teams-for-linux
  • webcord-vencord
  • ytmdesktop

@RossComputerGuy RossComputerGuy added 12.approvals: 3+ This PR was reviewed and approved by three or more reputable people and removed 12.approvals: 2 This PR was reviewed and approved by two reputable people labels Oct 29, 2024
@RossComputerGuy
Copy link
Member

Will merge this on Wednesday.

Copy link
Member

@yayayayaka yayayayaka left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

thanks!

EDIT: Oh, I already approved 😆

@RossComputerGuy RossComputerGuy merged commit 7ae81f1 into NixOS:master Oct 31, 2024
68 checks passed
Copy link
Contributor

Backport failed for release-24.05, because it was unable to cherry-pick the commit(s).

Please cherry-pick the changes locally and resolve any conflicts.

git fetch origin release-24.05
git worktree add -d .worktree/backport-350549-to-release-24.05 origin/release-24.05
cd .worktree/backport-350549-to-release-24.05
git switch --create backport-350549-to-release-24.05
git cherry-pick -x 14e79e787e654b34df599aee6d721d6f873f4358 87b49e959537f9891d3c258324f750ead9878f7f

@dotlambda
Copy link
Member

I'm trying to update deltachat-desktop (which includes a bump to a supported version of electron) in #355575 but I'm struggling with electron-builder. Help would be appreciated.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
1.severity: security Issues which raise a security issue, or PRs that fix one 8.has: package (new) This PR adds a new package 10.rebuild-darwin: 1-10 10.rebuild-darwin: 1 10.rebuild-linux: 1-10 12.approvals: 3+ This PR was reviewed and approved by three or more reputable people 12.approved-by: package-maintainer This PR was reviewed and approved by a maintainer listed in the package backport release-24.05 Backport PR automatically
Projects
None yet
Development

Successfully merging this pull request may close these issues.