From 439ec33ea7b25f9549a5d14f9b6c1317c715f46a Mon Sep 17 00:00:00 2001 From: networkException Date: Wed, 20 Nov 2024 23:22:20 +0100 Subject: [PATCH 1/2] chromium: use cached dependencies from other attributes in update script This patch extends the caching mechanism of the chromium update scripts to use cached dependencies of all attributes in the lockfile. When updating ungoogled-chromium for example, the update script will now use cached dependencies from vanilla chromium, usually meaning that no additional fetching has to be done. (cherry picked from commit 68d51619a279eea68df7a656a7276877412e6347) --- .../networking/browsers/chromium/update.mjs | 36 ++++++++++++------- 1 file changed, 23 insertions(+), 13 deletions(-) diff --git a/pkgs/applications/networking/browsers/chromium/update.mjs b/pkgs/applications/networking/browsers/chromium/update.mjs index 6a596c354a4c..7bbb7794c356 100755 --- a/pkgs/applications/networking/browsers/chromium/update.mjs +++ b/pkgs/applications/networking/browsers/chromium/update.mjs @@ -38,7 +38,7 @@ for (const attr_path of Object.keys(lockfile)) { } const ungoogled = attr_path === 'ungoogled-chromium' - const version_nixpkgs = !ungoogled ? lockfile[attr_path].version : lockfile[attr_path].deps["ungoogled-patches"].rev + const version_nixpkgs = !ungoogled ? lockfile[attr_path].version : lockfile[attr_path].deps['ungoogled-patches'].rev const version_upstream = !ungoogled ? await get_latest_chromium_release() : await get_latest_ungoogled_release() console.log(`[${attr_path}] ${chalk.red(version_nixpkgs)} (nixpkgs)`) @@ -56,7 +56,7 @@ for (const attr_path of Object.keys(lockfile)) { deps: { depot_tools: {}, gn: {}, - "ungoogled-patches": ungoogled ? await fetch_ungoogled(version_upstream) : undefined, + 'ungoogled-patches': ungoogled ? await fetch_ungoogled(version_upstream) : undefined, npmHash: dummy_hash, }, DEPS: {}, @@ -84,18 +84,28 @@ for (const attr_path of Object.keys(lockfile)) { value.recompress = true } - const cache = lockfile_initial[attr_path].DEPS[path] - const cache_hit = - cache !== undefined && - value.url === cache.url && - value.rev === cache.rev && - value.recompress === cache.recompress && - cache.hash !== undefined && - cache.hash !== '' && - cache.hash !== dummy_hash + const cache_hit = (() => { + for (const attr_path in lockfile_initial) { + const cache = lockfile_initial[attr_path].DEPS[path] + const hits_cache = + cache !== undefined && + value.url === cache.url && + value.rev === cache.rev && + value.recompress === cache.recompress && + cache.hash !== undefined && + cache.hash !== '' && + cache.hash !== dummy_hash + + if (hits_cache) { + cache.attr_path = attr_path + return cache; + } + } + })(); + if (cache_hit) { - console.log(`[${chalk.green(path)}] Reusing hash from previous info.json for ${cache.url}@${cache.rev}`) - value.hash = cache.hash + console.log(`[${chalk.green(path)}] Reusing hash from previous info.json for ${cache_hit.url}@${cache_hit.rev} from ${cache_hit.attr_path}`) + value.hash = cache_hit.hash continue } From 4a21ed568a072a3b440602a6041c1454a245f090 Mon Sep 17 00:00:00 2001 From: networkException Date: Wed, 20 Nov 2024 23:28:35 +0100 Subject: [PATCH 2/2] ungoogled-chromium: 131.0.6778.69-1 -> 131.0.6778.85-1 https://chromereleases.googleblog.com/2024/11/stable-channel-update-for-desktop_19.html This update includes 3 security fixes. CVEs: CVE-2024-11395 (cherry picked from commit bd84f1c657c79169651f84f06d6aa4204c6ca59c) --- .../networking/browsers/chromium/info.json | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/pkgs/applications/networking/browsers/chromium/info.json b/pkgs/applications/networking/browsers/chromium/info.json index 7af67049ae44..d17a75454052 100644 --- a/pkgs/applications/networking/browsers/chromium/info.json +++ b/pkgs/applications/networking/browsers/chromium/info.json @@ -766,7 +766,7 @@ } }, "ungoogled-chromium": { - "version": "131.0.6778.69", + "version": "131.0.6778.85", "deps": { "depot_tools": { "rev": "20b9bdcace7ed561d6a75728c85373503473cb6b", @@ -777,16 +777,16 @@ "hash": "sha256-a8yCdBsl0nBMPS+pCLwrkAvQNP/THx/z/GySyOgx4Jk=" }, "ungoogled-patches": { - "rev": "131.0.6778.69-1", - "hash": "sha256-1XKlIO8aH3eHNiF4fPJGymo1MGUgHlqD98vWjHGMWHY=" + "rev": "131.0.6778.85-1", + "hash": "sha256-mcSshjdfUEH4ur4z+0P0oWCjlV8EhFMc+7rdfIIPASI=" }, "npmHash": "sha256-b1l8SwjAfoColoa3zhTMPEF/rRuxzT3ATHE77rWU5EA=" }, "DEPS": { "src": { "url": "https://chromium.googlesource.com/chromium/src.git", - "rev": "131.0.6778.69", - "hash": "sha256-GbhiqLRC5Kilo84XwYHnosNUgtZNCwmuzSOkP6if/8s=", + "rev": "131.0.6778.85", + "hash": "sha256-fREToEHVbTD0IVGx/sn7csSju4BYajWZ+LDCiKWV4cI=", "recompress": true }, "src/third_party/clang-format/script": { @@ -886,8 +886,8 @@ }, "src/third_party/dawn": { "url": "https://dawn.googlesource.com/dawn.git", - "rev": "cdc5b4dc1ee1482378b545b6c1efa1a234195ab5", - "hash": "sha256-HtLdotDYA0fsUyFkk/nhJ+GPC+GkbwfmyPbJLKAyKdE=" + "rev": "7e742cac42c29a14ab7f54b134b2f17592711267", + "hash": "sha256-K2gwKNwonzCIu4hnlYuOaYyKaRV11hwDzF4oykiKsl0=" }, "src/third_party/dawn/third_party/glfw": { "url": "https://chromium.googlesource.com/external/github.com/glfw/glfw", @@ -1526,8 +1526,8 @@ }, "src/v8": { "url": "https://chromium.googlesource.com/v8/v8.git", - "rev": "7075674f24f09d3b30913710a31e8793c131000a", - "hash": "sha256-N6FB/ocU1KIAGoYTnAl42qjrjatuD5fooRu93akPUjM=" + "rev": "bd2671b973062afc614b852ec190524b80aaef8a", + "hash": "sha256-uq0CE7Chqzy2d+iifC3hV9RTnDVinpwjl1pOzyNGbSo=" } } }