The nixpkgs-unstable channel's programs.sqlite was used to identify
packages producing exactly one binary, and these automatically added
to their package definitions wherever possible.
Fixes https://nvd.nist.gov/vuln/detail/CVE-2021-33896.
The current 9acb54df9254609f2fe4de83c9047d408412de28 patch landed in
dino as 4592b72dfa324d8a4b9f8c25b359110889b2206c. Removing it from the
patch list.
* Remove direct dependencies on some X11 libs. We still inherit them through
Gtk+ but it's a start
* Rename plugin files from .dylib to .so so Dino's plugin loader finds them
The experience is still somewhat janky (no app icon, macOS thinks the app is called
".dino-wrapped", and the Cocoa menu bar is nonresponsive), but beyond this things
mostly work fine
The exact version of libsignal-protocol-c used by dino is hard-coded to 2.3.2 because "libsignal-protocol-c has a history of breaking compatibility on the patch level". This prevents libsignal-protocol-c from being updated in https://github.com/NixOS/nixpkgs/pull/83736. Upstream already allows newer versions in the latest git master, so patch the source with this commit. Unfortunately patching doesn't work with git submodules but since the submodule is not used anyways, simply ignore this part of the patch.
As explained by Orivej (reformatted from Markdown):
> These (except libsignal-protocol-c) are private dependencies of the
> actual dependencies that should neither be propagated nor added
> manually to dino. For example, libpsl and brotli come from
> libsoup-2.4.pc:
>
> Requires: glib-2.0 >= 2.38, gobject-2.0 >= 2.38, gio-2.0 >= 2.38
> Requires.private: libxml-2.0, sqlite3, libpsl >= 0.20, libbrotlidec, zlib
>
> (To be precise, glib uses utillinuxMinimal rather than utillinux.)
>
> The warnings we see, such as Package 'mount', required by 'gio-2.0',
> not found, come from CMake running both pkg-config --libs and
> pkg-config --static --libs to populate both <XXX>_LIBRARIES and
> <XXX>_STATIC_LIBRARIES[1], but dino has no use for the latter.
> Currently these warnings can not be disabled:
> https://gitlab.kitware.com/cmake/cmake/issues/18158
>
> (They could be prevented by pruning Requires.private from shared-only
> libraries akin to <https://github.com/NixOS/nixpkgs/pull/51767>,
> although it can not be detected if a library is shared-only from the
> .pc file alone, and this is just a warning.)
>
> [1]: docs: https://cmake.org/cmake/help/v3.16/module/FindPkgConfig.html
Previously:
** (dino:7442): CRITICAL **: 00:35:22.373: file /build/source/main/src/ui/unified_window.vala: line 86: uncaught error: Unrecognized image file format (gdk-pixbuf-error-quark, 3)
(dino:7442): Gtk-WARNING **: 00:35:22.601: Found an icon but could not load it. Most likely gdk-pixbuf does not provide SVG support.
The system libsignal-protocol-c is preferred now, so fetching
submodules is no longer required.
The other libraries added are ones that the build complained about. I
suspect they are optional dependencies. Adding them makes the build
quieter, and has basically no impact on runtime closure size, so no
harm in making them available to keep the build system happy.