Skip to content

electron_33-bin: mark as insecure because it's EOL, electron-source.electron_33: remove as it's EOL#397918

Merged
TomaSajt merged 2 commits intoNixOS:masterfrom
teutat3s:eol-electron_33
Apr 30, 2025
Merged

electron_33-bin: mark as insecure because it's EOL, electron-source.electron_33: remove as it's EOL#397918
TomaSajt merged 2 commits intoNixOS:masterfrom
teutat3s:eol-electron_33

Conversation

@teutat3s
Copy link
Member

@teutat3s teutat3s commented Apr 11, 2025
edited by TomaSajt
Loading

Previously:
#383660
#370758
#350549
#335850

electron_33 will be EOL in about two weeks (2025-04-29).
https://www.electronjs.org/docs/latest/tutorial/electron-timelines (permalink)

This PR removes the source build on Linux for electron 33 and marks the binary variants for Darwin and Linux as insecure.
electron_33 will still be available for an undetermined while. Linux will simply use the binary package instead of the source build, just like Darwin.

After this PR has been merged, users will be able opt-into the EOL version of electron as outlined by this eval error message:

❯ nix-instantiate -A electron_33
error:
       … in the condition of the assert statement
         at /home/teutat3s/CodeRoom/github.com/NixOS/nixpkgs/lib/customisation.nix:419:9:
          418|       drvPath =
          419|         assert condition;
             |         ^
          420|         drv.drvPath;

       … while evaluating the attribute 'handled'
         at /home/teutat3s/CodeRoom/github.com/NixOS/nixpkgs/pkgs/stdenv/generic/check-meta.nix:620:9:
          619|         # or, alternatively, just output a warning message.
          620|         handled = (
             |         ^
          621|           if valid == "yes" then

       (stack trace truncated; use '--show-trace' to show the full trace)

       error: Package ‘electron-33.4.8’ in /home/teutat3s/CodeRoom/github.com/NixOS/nixpkgs/pkgs/development/tools/electron/binary/generic.nix:42 is marked as insecure, refusing to evaluate.


       Known issues:
        - Electron version 33.4.8 is EOL

       You can install it anyway by allowing this package, using the
       following methods:

       a) To temporarily allow all insecure packages, you can use an environment
          variable for a single invocation of the nix tools:

            $ export NIXPKGS_ALLOW_INSECURE=1

          Note: When using `nix shell`, `nix build`, `nix develop`, etc with a flake,
                then pass `--impure` in order to allow use of environment variables.

       b) for `nixos-rebuild` you can add ‘electron-33.4.8’ to
          `nixpkgs.config.permittedInsecurePackages` in the configuration.nix,
          like so:

            {
              nixpkgs.config.permittedInsecurePackages = [
                "electron-33.4.8"
              ];
            }

       c) For `nix-env`, `nix-build`, `nix-shell` or any other Nix command you can add
          ‘electron-33.4.8’ to `permittedInsecurePackages` in
          ~/.config/nixpkgs/config.nix, like so:

            {
              permittedInsecurePackages = [
                "electron-33.4.8"
              ];
            }

The following packages are affected by this. Note that those package will continue to work, but users will be presented with the eval error above and have to opt-in.

If you are pinged as one of the maintainers of such package, you can do one of the following:

  1. Check if upstream supports a newer electron version and open a PR in nixpkgs to use that instead OR
  2. Try using a newer electron version than upstream suggests and if that turns out to be stable, open a PR in nixpkgs to use that instead OR
  3. Do nothing in nixpkgs, and maybe make upstream aware that their electron version is EOL.

Things done

  • Built on platform(s)
    • x86_64-linux
    • aarch64-linux
    • x86_64-darwin
    • aarch64-darwin
  • For non-Linux: Is sandboxing enabled in nix.conf? (See Nix manual)
    • sandbox = relaxed
    • sandbox = true
  • Tested, as applicable:
  • Tested compilation of all packages that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage
  • Tested basic functionality of all binary files (usually in ./result/bin/)
  • 25.05 Release Notes (or backporting 24.11 and 25.05 Release notes)
    • (Package updates) Added a release notes entry if the change is major or breaking
    • (Module updates) Added a release notes entry if the change is significant
    • (Module addition) Added a release notes entry if adding a new NixOS module
  • Fits CONTRIBUTING.md.

Add a 👍 reaction to pull requests you find important.

@teutat3s teutat3s mentioned this pull request Apr 11, 2025
Open
@teutat3s teutat3s added 9.needs: port to stable A PR needs a backport to the stable release. 1.severity: security Issues which raise a security issue, or PRs that fix one labels Apr 11, 2025
@github-actions github-actions bot added 10.rebuild-darwin: 0 This PR does not cause any packages to rebuild on Darwin. 10.rebuild-linux: 101-500 This PR causes between 101 and 500 packages to rebuild on Linux. labels Apr 11, 2025
yuyuyureka
yuyuyureka reviewed Apr 11, 2025
View reviewed changes
yuyuyureka
yuyuyureka reviewed Apr 11, 2025
View reviewed changes
TomaSajt
TomaSajt reviewed Apr 11, 2025
View reviewed changes
@github-actions github-actions bot added 10.rebuild-linux: 11-100 This PR causes between 11 and 100 packages to rebuild on Linux. and removed 10.rebuild-linux: 101-500 This PR causes between 101 and 500 packages to rebuild on Linux. labels Apr 11, 2025
@teutat3s teutat3s added the 11.by: package-maintainer This PR was created by a maintainer of all the package it changes. label Apr 12, 2025
@teutat3s
Copy link
Member Author

teutat3s commented Apr 22, 2025

After chatting with @emilylange on Matrix, I've removed my changes to the chromium version conditional to let the chromium maintainers handle that part of the cleanup in a separate PR, improving backportability of this PR.

@teutat3s teutat3s requested review from TomaSajt and yuyuyureka April 22, 2025 09:50
@teutat3s
Copy link
Member Author

teutat3s commented Apr 22, 2025

I plan to coordinate merging this PR in one week (2024-04-29). If you are getting pinged as a package maintainer in this PR, please check the initial message for details. TL;DR You will probably want a bump to at least electron_34 for your package.

@github-actions github-actions bot added 10.rebuild-linux: 1-10 This PR causes between 1 and 10 packages to rebuild on Linux. and removed 10.rebuild-linux: 11-100 This PR causes between 11 and 100 packages to rebuild on Linux. labels Apr 22, 2025
@aidalgol aidalgol mentioned this pull request Apr 22, 2025
Merged
13 tasks
@NotAShelf
Copy link
Member

NotAShelf commented Apr 22, 2025

I'm currently not on my computer, but I should be back home tomorrow. That should be within the planned schedule, so webcord-vencord should be fine.

@cjshearer
Copy link
Member

cjshearer commented Apr 22, 2025

I need a merge for #397639, if anyone is available

@flokli
Copy link
Member

flokli commented Apr 24, 2025

I need a merge for #397639, if anyone is available

Please don't derail random PRs with review requests.

@cjshearer
Copy link
Member

cjshearer commented Apr 24, 2025
edited
Loading

Sorry I should have been more clear.

That PR and I are tagged by the author of this PR; it includes an electron upgrade.

@TomaSajt
Copy link
Contributor

TomaSajt commented Apr 24, 2025

Semi-related, but #395977 is a PR that addresses the last leftover electron_32 usage.

@NotAShelf NotAShelf mentioned this pull request Apr 26, 2025
Merged
13 tasks
@NotAShelf
Copy link
Member

NotAShelf commented Apr 26, 2025

Sorry for the delay, I've submitted #402054 to bump webcord-vencord's electron.

@teutat3s teutat3s mentioned this pull request Apr 28, 2025
Closed
13 tasks
@teutat3s
Copy link
Member Author

teutat3s commented Apr 28, 2025

If there are no last minute objections, I'd like coordinate merging this PR tomorrow.

@teutat3s teutat3s added this to the 25.05 milestone Apr 28, 2025
@TomaSajt TomaSajt mentioned this pull request Apr 28, 2025
Merged
13 tasks
@TomaSajt TomaSajt merged commit 402f7a0 into NixOS:master Apr 30, 2025
41 of 43 checks passed
@teutat3s teutat3s deleted the eol-electron_33 branch April 30, 2025 08:17
@alexstaeding alexstaeding mentioned this pull request May 5, 2025
Closed
3 tasks
@nixpkgs-ci
Copy link
Contributor

nixpkgs-ci bot commented May 12, 2025

Successfully created backport PR for release-24.11:

@nixpkgs-ci nixpkgs-ci bot mentioned this pull request May 12, 2025
Merged
1 task
@nixpkgs-ci nixpkgs-ci bot added the 8.has: port to stable This PR already has a backport to the stable release. label May 12, 2025
@teutat3s teutat3s mentioned this pull request May 14, 2025
Merged
13 tasks
@mdaniels5757 mdaniels5757 removed the 9.needs: port to stable A PR needs a backport to the stable release. label Jun 22, 2025
@TomaSajt TomaSajt mentioned this pull request Jun 25, 2025
Merged
22 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@yayayayaka yayayayaka Awaiting requested review from yayayayaka

@yuyuyureka yuyuyureka Awaiting requested review from yuyuyureka

@TomaSajt TomaSajt Awaiting requested review from TomaSajt

Assignees

No one assigned

Labels

1.severity: security Issues which raise a security issue, or PRs that fix one 8.has: port to stable This PR already has a backport to the stable release. 10.rebuild-darwin: 0 This PR does not cause any packages to rebuild on Darwin. 10.rebuild-linux: 1-10 This PR causes between 1 and 10 packages to rebuild on Linux. 11.by: package-maintainer This PR was created by a maintainer of all the package it changes.

Projects

None yet

Milestone

25.05

Development

Successfully merging this pull request may close these issues.

7 participants

@teutat3s @NotAShelf @cjshearer @flokli @TomaSajt @yuyuyureka @mdaniels5757