Skip to content

[Backport release-25.05] nixos/lomiri: Exclude Morph Browser by default#443158

Merged
OPNA2608 merged 3 commits intoNixOS:release-25.05from
OPNA2608:backport/25.05/fix/lomiri/morph-browser-qtwebengine-insecure
Sep 27, 2025
Merged

[Backport release-25.05] nixos/lomiri: Exclude Morph Browser by default#443158
OPNA2608 merged 3 commits intoNixOS:release-25.05from
OPNA2608:backport/25.05/fix/lomiri/morph-browser-qtwebengine-insecure

Conversation

@OPNA2608
Copy link
Contributor

@OPNA2608 OPNA2608 commented Sep 15, 2025

Manual backport of #436723, so #439081 can eventually get backported.

Ripping away the only properly-working & integrated web browser of the DE under users' feet, especially on the stable branch, is really giving me stomach pains… But it uses a known-vulnerable browser engine, so I guess we gotta do it. 🫤

Things done

  • Built on platform:
    • x86_64-linux
    • aarch64-linux
    • x86_64-darwin
    • aarch64-darwin
  • Tested, as applicable:
  • Ran nixpkgs-review on this PR. See nixpkgs-review usage.
  • Tested basic functionality of all binary files, usually in ./result/bin/.
  • Nixpkgs Release Notes
    • Package update: when the change is major or breaking.
  • NixOS Release Notes
    • Module addition: when adding a new NixOS module.
    • Module update: when the change is significant.
  • Fits CONTRIBUTING.md, pkgs/README.md, maintainers/README.md and other READMEs.

Add a 👍 reaction to pull requests you find important.

@OPNA2608
nixos/lomiri: Exclude Morph Browser by default
062b9d9 
Qt5 qtwebengine will be marked insecure, so this would block the entire DE from being usable.
Epiphany seems to work as a replacement until Morph can be built with Qt6.

Content-Hub test will still need adjustment, but keeping it out of this to make future reverting easier.

(cherry picked from commit 5063462)
@OPNA2608
nixosTests.lomiri.desktop-appinteractions: Switch Content-Hub test to…
9214d9f 
… using Gallery app instead

(cherry picked from commit 8ae6f58)

Manually adjusted some mouse click coords in the test, due to different mouse handling between stable and unstable.
@OPNA2608
ayatana-indicator-sound: Lengthen timeouts in tests
11d960a 
OfBorg please...

(cherry picked from commit f03a8ca)
github-actions[bot]
github-actions bot previously requested changes Sep 15, 2025
View reviewed changes
Copy link
Contributor

@github-actions github-actions bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This report is automatically generated by the PR / Check / cherry-pick CI workflow.

Some of the commits in this PR require the author's and reviewer's attention.

Sometimes it is not possible to cherry-pick exactly the same patch.
This most frequently happens when resolving merge conflicts.
The range-diff will help to review the resolution of conflicts.

If you need to merge this PR despite the warnings, please dismiss this review shortly before merging.

Warning

Difference between 9214d9f and original 8ae6f58 may warrant inspection.

Show diff 
@@ Metadata
  ## Commit message ##
     nixosTests.lomiri.desktop-appinteractions: Switch Content-Hub test to using Gallery app instead
 
+    (cherry picked from commit 8ae6f582ef7b2326f99e096fd56f551d1a66d00d)
+
+    Manually adjusted some mouse click coords in the test, due to different mouse handling between stable and unstable.
+
  ## nixos/tests/lomiri.nix ##
 @@ nixos/tests/lomiri.nix: in
                machine.send_key("ret")
@@ nixos/tests/lomiri.nix: in
                machine.screenshot("settings_lomiri-content-hub_peers")
  
 -              # Select Morph as content source
--              mouse_click(340, 80)
+-              mouse_click(370, 100)
 +              # Select Gallery as content source
-+              mouse_click(460, 80)
++              mouse_click(500, 100)
  
 -              # Expect Morph to be brought into the foreground, with its Downloads page open
 -              wait_for_text("No downloads")

Hint: The full diffs are also available in the runner logs with slightly better highlighting.

@OPNA2608 OPNA2608 mentioned this pull request Sep 15, 2025
Closed
1 task
@nixpkgs-ci nixpkgs-ci bot added 10.rebuild-linux: 1-10 This PR causes between 1 and 10 packages to rebuild on Linux. 10.rebuild-darwin: 0 This PR does not cause any packages to rebuild on Darwin. 11.by: package-maintainer This PR was created by a maintainer of all the package it changes. 6.topic: nixos Issues or PRs affecting NixOS modules, or package usability issues specific to NixOS 8.has: module (update) This PR changes an existing module in `nixos/` 4.workflow: backport This targets a stable branch 9.needs: reviewer This PR currently has no reviewers requested and needs attention. labels Sep 15, 2025
@OPNA2608
Copy link
Contributor Author

OPNA2608 commented Sep 25, 2025

I guess let's send this - Qt6 Morph Browser is still abit away, and vulnerabilities are exploitable…

@OPNA2608 OPNA2608 enabled auto-merge (rebase) September 25, 2025 09:00
@OPNA2608 OPNA2608 dismissed github-actions[bot]’s stale review September 25, 2025 12:52

Difference from version on master is fine.

@OPNA2608 OPNA2608 disabled auto-merge September 25, 2025 21:29
@OPNA2608 OPNA2608 added this pull request to the merge queue Sep 27, 2025
Merged via the queue into NixOS:release-25.05 with commit a32b7e3 Sep 27, 2025
37 of 38 checks passed
@OPNA2608 OPNA2608 deleted the backport/25.05/fix/lomiri/morph-browser-qtwebengine-insecure branch September 27, 2025 19:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@github-actions github-actions[bot] github-actions[bot] left review comments

Assignees

No one assigned

Labels

4.workflow: backport This targets a stable branch 6.topic: nixos Issues or PRs affecting NixOS modules, or package usability issues specific to NixOS 8.has: module (update) This PR changes an existing module in `nixos/` 9.needs: reviewer This PR currently has no reviewers requested and needs attention. 10.rebuild-darwin: 0 This PR does not cause any packages to rebuild on Darwin. 10.rebuild-linux: 1-10 This PR causes between 1 and 10 packages to rebuild on Linux. 11.by: package-maintainer This PR was created by a maintainer of all the package it changes.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@OPNA2608