osm-gps-map: patch libsoup 2.4 → 3.0#429473
Conversation
nixpkgs-ci
bot
added
10.rebuild-linux: 1-10
|
|
can't we do the following to exclude (fetchpatch2 {
url = "...";
hash = "...";
excludes = [ ".github/*" ];
})Then we wouldn't need to vendor these patches, assuming the rest merges cleanly. |
|
That said we can't fetch entire unmerged PRs. Fetching patches from debian is fine if the url is stable (pinned to a commit digest as well as a sha hash in nix). Fetching patches from github pull requests that are not yet merged, you need to fetch the actual commits, and even those sometimes get garbage-collected. |
trespaul
force-pushed
the
osm-gps-map-patch
branch
from
b3637bb to
530c9a4
Compare
|
I changed it to fetch the patches out of the Debian repo's 1.2.0-4 release tag. Should it instead reference by the commit hash? I.e.,
|
|
Debian tags tend to be stable, this is fine |
|
An issue i have now spotted: This suggests the patch to the package config file doesn't actually do anything, this is problematic as it means pkg-config things break |
|
|
(darktable builds, but disables |
|
Though i am a little confused as to why this is happening: it should be fine.... |
|
Of course this issue can be bypassed by just supplying diff --git a/pkgs/by-name/os/osm-gps-map/package.nix b/pkgs/by-name/os/osm-gps-map/package.nix
index ac31cbf184fb..3f6c429655c7 100644
--- a/pkgs/by-name/os/osm-gps-map/package.nix
+++ b/pkgs/by-name/os/osm-gps-map/package.nix
@@ -36,11 +36,6 @@ stdenv.mkDerivation (finalAttrs: {
})
# 3. fix autoconf checks
./port-configure-to-libsoup3.patch
-
- # libsoup is only used internally
- # it should only be listed as private requirement
- # https://github.com/nzjrs/osm-gps-map/pull/108
- ./dont-require-libsoup.patch
];
outputs = [
@@ -58,11 +53,11 @@ stdenv.mkDerivation (finalAttrs: {
buildInputs = [
cairo
glib
- libsoup_3
];
propagatedBuildInputs = [
gtk3
+ libsoup_3
];
meta = {You might want to look into what darktable is doing though. |
|
Actually, scratch that, it seems |
|
When I build darktable it includes map support:
and in the built darktable the map tab is visible and functional. |
|
Yeah in the darktable build log it does say at first, but further down it says and ends with the success message in my previous comment. Not sure what's going on there. |
the map is there and works, so i guess mission successful. |
|
I rebuilt the current darktable and it also doesn't find the old libsoup: |
|
As long as #402543 doesn't reoccur (which it doesn't) this should be fine then. |
nixpkgs-ci
bot
added
the
12.approvals: 1
| }) | ||
| # 2. port-to-libsoup3.patch | ||
| (fetchpatch2 { | ||
| url = "https://salsa.debian.org/debian-gis-team/osm-gps-map/-/raw/debian/1.2.0-4/debian/patches/0001-Port-to-libsoup3.patch"; |
There was a problem hiding this comment.
Btw. those patches are also upstream: https://github.com/nzjrs/osm-gps-map/commits/master/
There was a problem hiding this comment.
We were considering tracking their main branch or picking a more recent commit than the release, but then stability would have to be independently checked. We could pull the commit(s) directly, but they can't be applied as a patch on the 1.2.0 release, since the files have changed in the interim. They'd have to be rebased and merged (probably by hand), which is what I assume the Debian people did to construct their patches. Unless I'm misunderstanding what you mean (or missing something).
There was a problem hiding this comment.
@Mic92 do you have any advice or recommendations that I/we should look at before resolving? If there's a better way to do this, please do let me know 🙏
|
This PR is very important for other packages as well. Hope this gets merged as quickly as possible. Upstream is seeking for a new maintainer, so maybe it's a waste of time to wait for a new release. |
nixpkgs-ci
bot
added
12.approvals: 2
trespaul
added
the
1.severity: security
|
Merging this, because it seems to build & run fine and security impact for other packages might be non-negligible. Patch source can be changed later if needed, but salsa.debian.org seems good enough to me. Especially if they are already upstreamed and so expected to be gone by next release. |
wait until NixOS/nixpkgs#429473 reach unstable
6 participants
libsoup-2.4is EOL and vulnerable (#427813), yet some packages still depend on it (#360897).osm-gps-mapis one, but althoughlibsoup-3.0is used in its dev branch, the project's development has slowed (the last update being in 2021), so we can't expect a release soon.Until then, this change follows the lead of Debian, which has patched-in support for libsoup-3.0 from upstream. (Thanks to @yapxuan for pointing this out.)
I used the two patches from the Debian repo, but removed the part of the one patch which patches the CI config in the .github folder, which is not included in the tarball release from which nix builds.
I also added a patch to change the
configurefile. I just manually replaced the occurrences oflibsoup-2.4andSOUP24withlibsoup-3.0andSOUP30respectively. I'm not well versed in autoconf or building C projects in general, so this is maybe a kludge, but it seems to work. I'd appreciate if someone more experienced / knowledgable could let me know if there's a more appropriate way to do this.I built darktable against this version, and the map widget works.
Closes #429268.
Contributes to progress of #360897.
Things done
passthru.tests.nixpkgs-reviewon this PR. See nixpkgs-review usage../result/bin/.Add a 👍 reaction to pull requests you find important.