Skip to content

electron_33-bin: mark as insecure because it's EOL, electron-source.electron_33: remove as it's EOL#397918

Merged
TomaSajt merged 2 commits intoNixOS:masterfrom
teutat3s:eol-electron_33
Apr 30, 2025
Merged

electron_33-bin: mark as insecure because it's EOL, electron-source.electron_33: remove as it's EOL#397918
TomaSajt merged 2 commits intoNixOS:masterfrom
teutat3s:eol-electron_33

Conversation

@teutat3s
Copy link
Member

@teutat3s teutat3s commented Apr 11, 2025

Previously:
#383660
#370758
#350549
#335850

electron_33 will be EOL in about two weeks (2025-04-29).
https://www.electronjs.org/docs/latest/tutorial/electron-timelines (permalink)

This PR removes the source build on Linux for electron 33 and marks the binary variants for Darwin and Linux as insecure.
electron_33 will still be available for an undetermined while. Linux will simply use the binary package instead of the source build, just like Darwin.

After this PR has been merged, users will be able opt-into the EOL version of electron as outlined by this eval error message:

❯ nix-instantiate -A electron_33
error:
       … in the condition of the assert statement
         at /home/teutat3s/CodeRoom/github.com/NixOS/nixpkgs/lib/customisation.nix:419:9:
          418|       drvPath =
          419|         assert condition;
             |         ^
          420|         drv.drvPath;

       … while evaluating the attribute 'handled'
         at /home/teutat3s/CodeRoom/github.com/NixOS/nixpkgs/pkgs/stdenv/generic/check-meta.nix:620:9:
          619|         # or, alternatively, just output a warning message.
          620|         handled = (
             |         ^
          621|           if valid == "yes" then

       (stack trace truncated; use '--show-trace' to show the full trace)

       error: Package ‘electron-33.4.8’ in /home/teutat3s/CodeRoom/github.com/NixOS/nixpkgs/pkgs/development/tools/electron/binary/generic.nix:42 is marked as insecure, refusing to evaluate.


       Known issues:
        - Electron version 33.4.8 is EOL

       You can install it anyway by allowing this package, using the
       following methods:

       a) To temporarily allow all insecure packages, you can use an environment
          variable for a single invocation of the nix tools:

            $ export NIXPKGS_ALLOW_INSECURE=1

          Note: When using `nix shell`, `nix build`, `nix develop`, etc with a flake,
                then pass `--impure` in order to allow use of environment variables.

       b) for `nixos-rebuild` you can add ‘electron-33.4.8’ to
          `nixpkgs.config.permittedInsecurePackages` in the configuration.nix,
          like so:

            {
              nixpkgs.config.permittedInsecurePackages = [
                "electron-33.4.8"
              ];
            }

       c) For `nix-env`, `nix-build`, `nix-shell` or any other Nix command you can add
          ‘electron-33.4.8’ to `permittedInsecurePackages` in
          ~/.config/nixpkgs/config.nix, like so:

            {
              permittedInsecurePackages = [
                "electron-33.4.8"
              ];
            }

The following packages are affected by this. Note that those package will continue to work, but users will be presented with the eval error above and have to opt-in.

If you are pinged as one of the maintainers of such package, you can do one of the following:

  1. Check if upstream supports a newer electron version and open a PR in nixpkgs to use that instead OR
  2. Try using a newer electron version than upstream suggests and if that turns out to be stable, open a PR in nixpkgs to use that instead OR
  3. Do nothing in nixpkgs, and maybe make upstream aware that their electron version is EOL.

Things done

  • Built on platform(s)
    • x86_64-linux
    • aarch64-linux
    • x86_64-darwin
    • aarch64-darwin
  • For non-Linux: Is sandboxing enabled in nix.conf? (See Nix manual)
    • sandbox = relaxed
    • sandbox = true
  • Tested, as applicable:
  • Tested compilation of all packages that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage
  • Tested basic functionality of all binary files (usually in ./result/bin/)
  • 25.05 Release Notes (or backporting 24.11 and 25.05 Release notes)
    • (Package updates) Added a release notes entry if the change is major or breaking
    • (Module updates) Added a release notes entry if the change is significant
    • (Module addition) Added a release notes entry if adding a new NixOS module
  • Fits CONTRIBUTING.md.

Add a 👍 reaction to pull requests you find important.

@teutat3s teutat3s added 9.needs: port to stable A PR needs a backport to the stable release. 1.severity: security Issues which raise a security issue, or PRs that fix one labels Apr 11, 2025
@github-actions github-actions bot added 10.rebuild-darwin: 0 This PR does not cause any packages to rebuild on Darwin. 10.rebuild-linux: 101-500 This PR causes between 101 and 500 packages to rebuild on Linux. labels Apr 11, 2025
@github-actions github-actions bot added 10.rebuild-linux: 11-100 This PR causes between 11 and 100 packages to rebuild on Linux. and removed 10.rebuild-linux: 101-500 This PR causes between 101 and 500 packages to rebuild on Linux. labels Apr 11, 2025
@teutat3s teutat3s added the 11.by: package-maintainer This PR was created by a maintainer of all the package it changes. label Apr 12, 2025
@teutat3s
Copy link
Member Author

After chatting with @emilylange on Matrix, I've removed my changes to the chromium version conditional to let the chromium maintainers handle that part of the cleanup in a separate PR, improving backportability of this PR.

@teutat3s teutat3s requested review from TomaSajt and yuyuyureka April 22, 2025 09:50
@teutat3s
Copy link
Member Author

I plan to coordinate merging this PR in one week (2024-04-29). If you are getting pinged as a package maintainer in this PR, please check the initial message for details. TL;DR You will probably want a bump to at least electron_34 for your package.

@github-actions github-actions bot added 10.rebuild-linux: 1-10 This PR causes between 1 and 10 packages to rebuild on Linux. and removed 10.rebuild-linux: 11-100 This PR causes between 11 and 100 packages to rebuild on Linux. labels Apr 22, 2025
@aidalgol aidalgol mentioned this pull request Apr 22, 2025
13 tasks
@NotAShelf
Copy link
Member

I'm currently not on my computer, but I should be back home tomorrow. That should be within the planned schedule, so webcord-vencord should be fine.

@cjshearer
Copy link
Member

I need a merge for #397639, if anyone is available

@flokli
Copy link
Member

flokli commented Apr 24, 2025

I need a merge for #397639, if anyone is available

Please don't derail random PRs with review requests.

@cjshearer
Copy link
Member

cjshearer commented Apr 24, 2025

Sorry I should have been more clear.

That PR and I are tagged by the author of this PR; it includes an electron upgrade.

@TomaSajt
Copy link
Contributor

Semi-related, but #395977 is a PR that addresses the last leftover electron_32 usage.

@NotAShelf
Copy link
Member

Sorry for the delay, I've submitted #402054 to bump webcord-vencord's electron.

@teutat3s
Copy link
Member Author

If there are no last minute objections, I'd like coordinate merging this PR tomorrow.

@teutat3s teutat3s added this to the 25.05 milestone Apr 28, 2025
@TomaSajt TomaSajt merged commit 402f7a0 into NixOS:master Apr 30, 2025
41 of 43 checks passed
@teutat3s teutat3s deleted the eol-electron_33 branch April 30, 2025 08:17
@alexstaeding alexstaeding mentioned this pull request May 5, 2025
3 tasks
@nixpkgs-ci
Copy link
Contributor

nixpkgs-ci bot commented May 12, 2025

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

1.severity: security Issues which raise a security issue, or PRs that fix one 8.has: port to stable This PR already has a backport to the stable release. 10.rebuild-darwin: 0 This PR does not cause any packages to rebuild on Darwin. 10.rebuild-linux: 1-10 This PR causes between 1 and 10 packages to rebuild on Linux. 11.by: package-maintainer This PR was created by a maintainer of all the package it changes.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

7 participants