Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

electron_30-bin: mark as insecure because it's EOL, electron-source.electron_30: remove as it's EOL #350549

Merged
merged 2 commits into from
Oct 31, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
19 changes: 2 additions & 17 deletions pkgs/applications/networking/browsers/chromium/common.nix
Original file line number Diff line number Diff line change
Expand Up @@ -253,14 +253,6 @@ let
# We also need enable_widevine_cdm_component to be false. Unfortunately it isn't exposed as gn
# flag (declare_args) so we simply hardcode it to false.
./patches/widevine-disable-auto-download-allow-bundle.patch
] ++ lib.optionals (versionRange "125" "126") [
# Fix building M125 with ninja 1.12. Not needed for M126+.
# https://issues.chromium.org/issues/336911498
# https://chromium-review.googlesource.com/c/chromium/src/+/5487538
(githubPatch {
commit = "a976cb05b4024b7a6452d1541378d718cdfe33e6";
hash = "sha256-K2PSeJAvhGH2/Yp63/4mJ85NyqXqDDkMWY+ptrpgmOI=";
})
] ++ lib.optionals (versionRange "127" "128") [
# Fix missing chrome/browser/ui/webui_name_variants.h dependency
# and ninja 1.12 compat in M127.
Expand Down Expand Up @@ -294,21 +286,14 @@ let
# Chromium reads initial_preferences from its own executable directory
# This patch modifies it to read /etc/chromium/initial_preferences
./patches/chromium-initial-prefs.patch
] ++ lib.optionals (versionRange "120" "126") [
# Partial revert to build M120+ with LLVM 17:
# https://github.com/chromium/chromium/commit/02b6456643700771597c00741937e22068b0f956
# https://github.com/chromium/chromium/commit/69736ffe943ff996d4a88d15eb30103a8c854e29
./patches/chromium-120-llvm-17.patch
] ++ lib.optionals (chromiumVersionAtLeast "126") [
# Rebased variant of patch right above to build M126+ with LLVM 17.
# Rebased variant of patch to build M126+ with LLVM 17.
# staging-next will bump LLVM to 18, so we will be able to drop this soon.
./patches/chromium-126-llvm-17.patch
] ++ lib.optionals (versionRange "121" "126") [
# M121 is the first version to require the new rust toolchain.
] ++ lib.optionals (versionRange "126" "129") [
# Partial revert of https://github.com/chromium/chromium/commit/3687976b0c6d36cf4157419a24a39f6770098d61
# allowing us to use our rustc and our clang.
./patches/chromium-121-rust.patch
] ++ lib.optionals (versionRange "126" "129") [
# Rebased variant of patch right above to build M126+ with our rust and our clang.
./patches/chromium-126-rust.patch
] ++ lib.optionals (chromiumVersionAtLeast "129") [
Expand Down

This file was deleted.

This file was deleted.

2 changes: 1 addition & 1 deletion pkgs/development/tools/electron/binary/generic.nix
Original file line number Diff line number Diff line change
Expand Up @@ -43,7 +43,7 @@ let
++ optionals (versionOlder version "19.0.0") [ "i686-linux" ];
sourceProvenance = with sourceTypes; [ binaryNativeCode ];
# https://www.electronjs.org/docs/latest/tutorial/electron-timelines
knownVulnerabilities = optional (versionOlder version "30.0.0") "Electron version ${version} is EOL";
knownVulnerabilities = optional (versionOlder version "31.0.0") "Electron version ${version} is EOL";
};

fetcher = vers: tag: hash: fetchurl {
Expand Down
12 changes: 1 addition & 11 deletions pkgs/development/tools/electron/common.nix
Original file line number Diff line number Diff line change
Expand Up @@ -49,14 +49,7 @@ in ((chromium.override { upstream-info = info.chromium; }).mkDerivation (base: {

src = null;

patches = base.patches ++ lib.optional (lib.versionOlder info.version "30")
(substituteAll {
# disable a component that requires CIPD blobs
name = "disable-screen-ai.patch";
src = ./disable-screen-ai.patch;
inherit (info) version;
})
;
patches = base.patches;

unpackPhase = ''
runHook preUnpack
Expand Down Expand Up @@ -174,9 +167,6 @@ in ((chromium.override { upstream-info = info.chromium; }).mkDerivation (base: {
dawn_use_built_dxc = false;
v8_enable_private_mapping_fork_optimization = true;
v8_expose_public_symbols = true;
} // lib.optionalAttrs (lib.versionOlder info.version "31") {
use_perfetto_client_library = false;
} // lib.optionalAttrs (lib.versionAtLeast info.version "31") {
enable_dangling_raw_ptr_feature_flag = false;
clang_unsafe_buffers_paths = "";
enterprise_cloud_content_analysis = false;
Expand Down
Loading
Loading