Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chromium{Beta,Dev},google-chrome-{beta,dev}: drop #261870

Merged
merged 1 commit into from
Oct 29, 2023
Merged

chromium{Beta,Dev},google-chrome-{beta,dev}: drop #261870

merged 1 commit into from
Oct 29, 2023
+12 −38

Conversation

emilylange
Copy link
Member

@emilylange emilylange commented Oct 18, 2023
edited
Loading

Description of changes

This is mainly due to the lack of maintenance in nixpkgs. google-chrome-{beta,dev} depend on chromium{Beta,Dev}'s version info.

chromium{Beta,Dev} are rarely updated and explicitly blocklisted by hydra.nixos.org, meaning they are almost always outdated and not cached in cache.nixos.org.

chromium{Beta,Dev} were intended to fix the build derivation of each new major release (if something broke) before stable reached that new major release.
Allowing for fast bumps in nixpkgs, especially if the stable bump contains very important critical security fixes.

Something that can easily be replicated by using an early-stable release or by manually entering an dev/beta version string in stable's upstream-info.nix.

This resolves exposing end-users to outdated and vulnerable google-chrome-{beta,dev} and chromium{Beta,Dev} versions.

Deadline: 2023-10-29 UTC (which is one day before the "Restrict all breaking changes with the exception of desktop environments" in our 23.11 release schedule #258640).

Ref: #255197

cc (chromium{,Beta,Dev}): @primeos @thefloweringash @networkException @emilylange
cc (google-chrome{,-beta,-dev}): @primeos

Things done

  • Built on platform(s)
    • x86_64-linux
    • aarch64-linux
    • x86_64-darwin
    • aarch64-darwin
  • For non-Linux: Is sandbox = true set in nix.conf? (See Nix manual)
  • Tested, as applicable:
  • Tested compilation of all packages that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage
  • Tested basic functionality of all binary files (usually in ./result/bin/)
  • 23.11 Release Notes (or backporting 23.05 Release notes)
    • (Package updates) Added a release notes entry if the change is major or breaking
    • (Module updates) Added a release notes entry if the change is significant
    • (Module addition) Added a release notes entry if adding a new NixOS module
  • Fits CONTRIBUTING.md.

@github-actions github-actions bot added 6.topic: nixos Issues or PRs affecting NixOS modules, or package usability issues specific to NixOS 8.has: documentation 8.has: changelog labels Oct 18, 2023
@ofborg ofborg bot added 8.has: clean-up 10.rebuild-darwin: 0 This PR does not cause any packages to rebuild on Darwin 10.rebuild-linux: 1-10 labels Oct 18, 2023
@networkException
Copy link
Member

Besides @emilylange I'm currently more or less the only active maintainer. I don't have the capacity to maintain dev or beta myself (I've been doing stable bumps pretty much exclusively) and don't see any real interest from other maintainers or outside contributors, as such I support this removal.

@emilylange emilylange linked an issue Oct 18, 2023 that may be closed by this pull request
Update request: google-chrome 116.0.5845.179 → 116.0.5845.187 #255197
Closed
1 task
@delroth delroth added the 12.approvals: 1 This PR was reviewed and approved by one reputable person label Oct 18, 2023
@lorenz
Copy link
Contributor

lorenz commented Oct 19, 2023

Not a maintainer, but I am also in favor of this. As these are not built by Hydra they are not useful for casual testing of newer versions and people who hack on Chromium or its packaging don't need them as they'll change the chromium derivation directly.

@Nanotwerp
Copy link
Contributor

What would be the best way to override the version of Chrome/Chromium? Would it involve overriding the upstream-info.nix file used for the package? I'm not sure how to do this without getting billions of errors after attempting to rebuild.

@emilylange
Copy link
Member Author

@Nanotwerp^
Chrome and Chromium are very different in nixpkgs.
Chrome is essentially a wrapper around the official binary release from Google, while Chromium is built from source, leveraging a fairly complex built-process.

I am not quite sure if you are asking how to override the version from within nixpkgs, e.g. for a PR, or as a consumer/user of nixpkgs.
And, e.g. if what you are trying to accomplish is using an older or newer version than in nixpkgs.

Either way, I would suggest that you create a new issue instead, so we don't end up creating a huge thread here, related to, but not quite the topic of this PR.

Thank you very much :)

@emilylange
chromium{Beta,Dev},google-chrome-{beta,dev}: drop
59719f7 
This is mainly due to the lack of maintenance in nixpkgs.
`google-chrome-{beta,dev}` depend on `chromium{Beta,Dev}`'s version
info.

`chromium{Beta,Dev}` are rarely updated and explicitly blocklisted by
`hydra.nixos.org`, meaning they are almost always outdated and not
cached in `cache.nixos.org`.

`chromium{Beta,Dev}` were intended to fix the build derivation of each
new major release (if something broke) *before* stable reached that
new major release.
Allowing for fast bumps in nixpkgs, especially if the stable bump
contains very important critical security fixes.

Something that can easily be replicated by using an early-stable release
or by manually entering a dev/beta version string in stable's
`upstream-info.nix`.

This resolves exposing end-users to outdated and vulnerable
`google-chrome-{beta,dev}` and `chromium{Beta,Dev}` versions.
@emilylange
Copy link
Member Author

Today is the deadline day (2023-10-29 UTC), as mentioned in my opening comment.

There were no objection to drop chromiumBeta, chromiumDev, google-chrome-beta and google-chrome-dev.

I am, however, a bit disappointed, that none of the other maintainers (@primeos and @thefloweringash) responded or at least acknowledged it in any way. But I am afraid that's something I expected, given their lack of activity in the past months.

Merging.

@emilylange emilylange merged commit 707696c into NixOS:master Oct 29, 2023
19 checks passed
@emilylange emilylange deleted the drop-chromium-beta-dev branch October 29, 2023 20:37
@nixos-discourse
Copy link

This pull request has been mentioned on NixOS Discourse. There might be relevant details there:

https://discourse.nixos.org/t/fresh-google-chrome-dev-in-nixos/35124/1

@nixos-discourse
Copy link

This pull request has been mentioned on NixOS Discourse. There might be relevant details there:

https://discourse.nixos.org/t/chrome-wayland/35395/9

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@networkException networkException networkException approved these changes

Assignees
No one assigned
Labels
6.topic: nixos Issues or PRs affecting NixOS modules, or package usability issues specific to NixOS 8.has: changelog 8.has: clean-up 8.has: documentation 10.rebuild-darwin: 0 This PR does not cause any packages to rebuild on Darwin 10.rebuild-linux: 1-10 12.approvals: 1 This PR was reviewed and approved by one reputable person
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Update request: google-chrome 116.0.5845.179 → 116.0.5845.187
6 participants
@emilylange @networkException @lorenz @Nanotwerp @nixos-discourse @delroth