treewide: drop uses of libsoup_2_4 where possible#398783
Conversation
github-actions
bot
added
6.topic: python
github-actions
bot
added
10.rebuild-darwin: 1-10
LordGrimmauld
added
the
1.severity: security
@jtojnar you fixed the ostree on master in #302813, i will fix Of these 248 packages, 186 have colliding libsoups. I am working on reducing that number still. |
…updates This merges in the merge base of master and staging.
|
Assuming #398828 gets merged, and with ostree and other changes on master: 145 of the 175 have potentially colliding libspoup, see https://termbin.com/ceze |
|
Merging a bunch of things into this, i get the following list of intersecting libsoups: List of things i merged into this:
Of the list, i am now checking |
part of NixOS#398783 part of NixOS#388196 part of NixOS#371265 closes NixOS#384284
Part of NixOS#398783 Part of NixOS#371265
|
Alright, i just checked. |
|
I am hoping to get this in before 25.05 gets blocked (#393359) |
SuperSandro2000
left a comment
SuperSandro2000
left a comment
There was a problem hiding this comment.
LGTM, only tested dino though
wegank
added
the
12.approvals: 1
Methodology: - `sed` to find and replace in pkgs/* - exclude pkgs/top-level - nixpkgs-review on x86_64-linux and aarch64-linux - revert everything that doesn't build - revert everything that doesn't launch [x86_64-linux] - check upstream source whether the change makes sense [free software only]
ofborg
bot
added
the
2.status: merge conflict
|
Uh oh - how the hell do i fix merge conflicts on a branch i can't push to?? |
|
Fix and push to your fork, then ask any committer to sync the branch from your fork. |
|
https://github.com/NixOS/nixpkgs/tree/libsoup-updates |
|
I think since this branch is a PR target, it makes more sense to merge into it than to rebase it, like we do with staging-next. I'll do that. |
Conflicts: pkgs/development/libraries/rnnoise-plugin/default.nix
ofborg
bot
removed
the
2.status: merge conflict
|
Thanks! |
|
I do believe this is ready too, all the other connected work already happened on master. I estimate breakage of this to be minimal, and restricted to very few leaf packages (that all use webkitgtk_4_0 and therefore are themselves quite crusty already), that all were broken before |
|
@jtojnar wdyt? |
|
Currently this is 108 deps on old libsoup, almost all (except dleyna) going through webkitgtk_4_0 |
|
What's up with dleyna? |
Super annoying to test, but there is a pending update. My "best effort" was seeing it run in journal. The reverse dependents are minimal, and it seems to not care about symbol collisions. |
geoclue only uses libsoup_3 in the daemon. webkitgtk uses the library, which does not use libsoup so it cannot leak it: $ ldd $(nix-build -A geoclue2.out)/lib/libgeoclue-2.so
linux-vdso.so.1 (0x00007f438f951000)
libglib-2.0.so.0 => /nix/store/vi9n40g3814x3f7sqnc3jvmrhr4n3ij9-glib-2.82.5/lib/libglib-2.0.so.0 (0x00007f438f7d3000)
libgio-2.0.so.0 => /nix/store/vi9n40g3814x3f7sqnc3jvmrhr4n3ij9-glib-2.82.5/lib/libgio-2.0.so.0 (0x00007f438f400000)
libgobject-2.0.so.0 => /nix/store/vi9n40g3814x3f7sqnc3jvmrhr4n3ij9-glib-2.82.5/lib/libgobject-2.0.so.0 (0x00007f438f76e000)
libc.so.6 => /nix/store/rmy663w9p7xb202rcln4jjzmvivznmz8-glibc-2.40-66/lib/libc.so.6 (0x00007f438f000000)
libpcre2-8.so.0 => /nix/store/gd0nqxbn5nz4as2pbkkr0xb753j4b2b9-pcre2-10.44/lib/libpcre2-8.so.0 (0x00007f438f6c9000)
libgmodule-2.0.so.0 => /nix/store/vi9n40g3814x3f7sqnc3jvmrhr4n3ij9-glib-2.82.5/lib/libgmodule-2.0.so.0 (0x00007f438f6c2000)
libz.so.1 => /nix/store/xijpnhg8mg0g4lahwrxdwylpcq7249gc-zlib-1.3.1/lib/libz.so.1 (0x00007f438f6a3000)
libmount.so.1 => /nix/store/bd12z7swxj5kzqw9m1gf99d6v570h0b3-util-linux-minimal-2.40.4-lib/lib/libmount.so.1 (0x00007f438f62e000)
libselinux.so.1 => /nix/store/szpy4jwrsmpd8m0ynvsagi7d2w4szxa8-libselinux-3.8/lib/libselinux.so.1 (0x00007f438f3ca000)
libffi.so.8 => /nix/store/k9hqqrqws9jsvl1ip8890nrsgavn3kyb-libffi-3.4.6/lib/libffi.so.8 (0x00007f438f61b000)
/nix/store/rmy663w9p7xb202rcln4jjzmvivznmz8-glibc-2.40-66/lib64/ld-linux-x86-64.so.2 (0x00007f438f953000)
libblkid.so.1 => /nix/store/bd12z7swxj5kzqw9m1gf99d6v570h0b3-util-linux-minimal-2.40.4-lib/lib/libblkid.so.1 (0x00007f438f368000)
libdl.so.2 => /nix/store/rmy663w9p7xb202rcln4jjzmvivznmz8-glibc-2.40-66/lib/libdl.so.2 (0x00007f438f616000) |
|
Ah, that is reassuring! Though that does mean my assumption "no new crashes" might not actually hold. (it is basically identical to the above #398783 (comment) ) |
|
It would be nice to see what actually brings But I probably will not have much time to look into this this week. |
|
So that means skip this for the upcoming staging cycle, meaning we don't get it in 25.05? |
|
There are still two staging cycles before 25.05, #390768. Though technically breaking changes are no longer allowed starting tomorrow. |
|
We need this no matter what since it is security relevant and will block further security updates in the future. |
|
In that case, wouldn't it make sense to merge it now so we can look at the fallout before 25.05 is literally right there? |
|
+1 for merging this now :P |
|
Given the above, I think the best thing is to get this into staging just after a cycle has started (i.e. now) so it gets maximum possible exposure before being part of a staging-next and potential reverts becoming hard due to rebuild counts. |
7 participants
Closes #360897
This is a batch of all the
libsoup_2_4drops that are not viable to do bit by bit.The lack of
libsoup_2_4can be checked using https://gitlab.com/K900/nix-closure-thingyCurrently, this is a draft. There is various things that should happen before this is merged:
wxGTK32,wxpython: wxGTK32, python3Packages.wxpython: update to libsoup_3 #398405, wxGTK depends on deprecated libsoup 2 #369710gupnp-igd,libnice: gupnp-igd: 1.2.0 → 1.6.0; gupnp-igd: refactor; libnice: refactor and switch to gupnp-igd_1_6 #395063ostree: fixed on master, ostree: 2024.10 -> 2025.2 #302813libmateweather: mate.libmateweather: build against libsoup_3 #398828dleyna: dleyna: 0.7.0 -> 0.8.3 #400157libchamplain: libchamplain: default to libsoup_3 #399078dino: dino: 0.4.5 -> 0.5.0 #398018webkitgtk_4_0withwebkitgtk_4_1where possible: treewide: update to webkitgtk_4_1 where possible #398999telepathy-gabble: drop: telepathy-{logger, gabble}: drop #400308farstream: drop (this is optional, and can happen on master)This is a draft until at least the big things are merged into
libsoup-updatesbranch.Things done
nix.conf? (See Nix manual)sandbox = relaxedsandbox = truenix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage./result/bin/)Add a 👍 reaction to pull requests you find important.