Conversation
jtojnar
force-pushed
the
wip-no-webkitgtk_4_0
branch
from
5323832 to
0b5b859
Compare
|
(Replying here to avoid a thread on an issue with many subscribers)
What help do you need? |
|
We need to either port each package referencing If the package does not have any other transitive dependency on Symbols from |
|
We could technically just bump everything to |
This comment was marked as resolved.
This comment was marked as resolved.
|
Already removing it from skytemple #449192 |
|
cinny-desktop has been waiting on this. cinnyapp/cinny-desktop#429 Bumping webkitgtk is not enough. It has to be updated to support Tauri v2 |
|
The remains could be later just added into ZHF regressions, and then perhaps marked as broken if not resolved during ZHF. |
This comment was marked as resolved.
This comment was marked as resolved.
This comment was marked as resolved.
This comment was marked as resolved.
jtojnar
force-pushed
the
wip-no-webkitgtk_4_0
branch
from
6eb54b5 to
7b0b419
Compare
Good idea, did that. Thanks. |
jtojnar
force-pushed
the
wip-no-webkitgtk_4_0
branch
from
1744efc to
2aefa67
Compare
Thanks. Reworded.
I decided to just mark them as broken myself since they were already marked as insecure and switching them to |
jtojnar
force-pushed
the
wip-no-webkitgtk_4_0
branch
from
2aefa67 to
2216040
Compare
nixpkgs-ci
bot
added
the
2.status: merge conflict
hackage2nix can't run if there are unrecoverable errors while generating the nixpkgs package Nix. To create this change, I temporarily added webkitgtk_4_0 = null to all-packages.nix to solve those errors. Then running ./maintainers/scripts/haskell/regenerate-hackage-packages.sh --fast effects the desired change. See also NixOS/cabal2nix#674.
Unused and it depends on `webkitgtk_4_0` about to be dropped.
We are removing `webkitgtk_4_0` let’s switch to 4.1 since emacs supports both.
Though the build system caps it to unmaintained versions:
> checking for webkit2gtk-4.1 >= 2.12 webkit2gtk-4.1 < 2.41.92... no
> checking for webkit2gtk-4.0 >= 2.12 webkit2gtk-4.0 < 2.41.92... no
> configure: error: xwidgets requested but WebKitGTK+ or WebKit framework not found.
Let’s also mark webkitgtk support as broken.
(It is disabled by default since a755ead.)
Co-authored-by: Lin Jian <me@linj.tech>
`webkitgtk_4_0` was already transitively insecure because of `libsoup_2_4` and it will be removed soon. Ideally, we would just replace it with `libsoup_3`-based `webkitgtk_4_1` but it is unclear if they would work with the 4.1 ABI. At best, the programs would only be looking for 4.0, failing to build or start, at worst there might be conflicts with libsoup 2 symbols if that is pulled in by anything or crashes that will only happen after certain action. Let’s mark the packages as broken to ensure human intervention.
libsoup 2 is unmaintained so WebkitGTK decided to drop support for it in next release in March 2026: https://discourse.gnome.org/t/webkitgtk-is-removing-support-for-libsoup-2/31873 Since the package is security critical, we backport all updates to stable. Let’s remove it before branch-off to avoid breaking stable when that version is backported.
jtojnar
force-pushed
the
wip-no-webkitgtk_4_0
branch
from
2216040 to
a8b1837
Compare
nixpkgs-ci
bot
removed
the
2.status: merge conflict
LordGrimmauld
left a comment
LordGrimmauld
left a comment
There was a problem hiding this comment.
diff looks generally very reasonable. You are being inconsistent in whether you comment or remove webkitgtk_4_0 from package arguments, but that is a minor thing. Tbh i'd be happy to merge this soon.
| pkg-config, | ||
| gtk3, | ||
| libsoup_2_4, | ||
| webkitgtk_4_0, |
There was a problem hiding this comment.
any reason why you removed this but commented the other occurrences? Not a big deal, but just a little inconsistent.
There was a problem hiding this comment.
I am removing it when it's in the last position because otherwise, formatter will handle it weirdly.
There was a problem hiding this comment.
fwiw, this was just fixed in nixfmt. It should be fine on the next release
| freetype, | ||
| libsoup_2_4, | ||
| openssl, | ||
| webkitgtk_4_0, |
| udevCheckHook, | ||
| gtk3, | ||
| libsoup_2_4, | ||
| webkitgtk_4_0, |
| libopus, | ||
| curl, | ||
| gtk3, | ||
| webkitgtk_4_0, |
There was a problem hiding this comment.
and here... I guess it is really very mixed... Oh well
nixpkgs-ci
bot
added
12.approvals: 2
github-project-automation
bot
moved this from In progress
to Done
in Picking up garbage
Removed from Nixpkgs in NixOS/nixpkgs#450065.
Nixpkgs has removed webkit 4.0 (which is outdated but required by Citrix Workspace), hence importing the nixpkgs repo commit just before the removal to make sure Citrix Workspace can still be built. See: NixOS/nixpkgs#450065 Signed-off-by: Manuel Hutter <manuel@hutter.io>
Flake lock file updates:
• Updated input 'home-manager':
'github:nix-community/home-manager/5a21f4819ee1be645f46d6b255d49f4271ef6723?narHash=sha256-G104PUPKBgJmcu4NWs0LUaPpSOTD4jiq4mamLWu3Oc0%3D' (2025-09-30)
→ 'github:nix-community/home-manager/9b4a2a7c4fbd75b422f00794af02d6edb4d9d315?narHash=sha256-IwpfaKg5c/WWQiy8b5QGaVPMvoEQ2J6kpwRFdpVpBNQ%3D' (2025-10-21)
• Updated input 'nixos-hardware':
'github:nixos/nixos-hardware/e087756cf4abbe1a34f3544c480fc1034d68742f?narHash=sha256-wPd5oGvBBpUEzMF0kWnXge0WITNsITx/aGI9qLHgJ4g%3D' (2025-09-30)
→ 'github:nixos/nixos-hardware/d6645c340ef7d821602fd2cd199e8d1eed10afbc?narHash=sha256-2m1S4jl%2BGEDtlt2QqeHil8Ny456dcGSKJAM7q3j/BFU%3D' (2025-10-20)
• Updated input 'nixpkgs':
'github:nixos/nixpkgs/e9f00bd893984bc8ce46c895c3bf7cac95331127?narHash=sha256-0m27AKv6ka%2Bq270dw48KflE0LwQYrO7Fm4/2//KCVWg%3D' (2025-09-28)
→ 'github:nixos/nixpkgs/5e2a59a5b1a82f89f2c7e598302a9cacebb72a67?narHash=sha256-K5Osef2qexezUfs0alLvZ7nQFTGS9DL2oTVsIXsqLgs%3D' (2025-10-19)
Pin older nixpkgs for Citrix to build.
See: NixOS/nixpkgs#450065
11 participants
libsoup 2 is unmaintained so WebkitGTK decided to drop support for it in next release in March 2026:
https://discourse.gnome.org/t/webkitgtk-is-removing-support-for-libsoup-2/31873
Since the package is security critical, we backport all updates to stable.
Let’s remove it before branch-off to avoid breaking stable when that version is backported.
Things done
passthru.tests.nixpkgs-reviewon this PR. See nixpkgs-review usage../result/bin/.Add a 👍 reaction to pull requests you find important.