nextcloud{28,29}Packages: update; revamp generation script #326947
Conversation
ofborg
bot
added
10.rebuild-darwin: 0
|
Is this better than using a more recent nc4nix and rewriting |
|
I think this makes more sense since it doesn't require any non-core packages, and guarantees compatibility by using nix as the hasher. To me this made more sense than rewriting the fetcher, and I think rewriting the fetcher would be more trouble than it would be worth here, as you'd need to unpack it anyways. Leaving it as fetchzip means you don't have to handle that manually. |
|
Backport failed for Please cherry-pick the changes locally and resolve any conflicts. git fetch origin release-24.05
git worktree add -d .worktree/backport-326947-to-release-24.05 origin/release-24.05
cd .worktree/backport-326947-to-release-24.05
git switch --create backport-326947-to-release-24.05
git cherry-pick -x 4349a61a715bb29e0c326076f3666a8c419130ec d5d501b799ab338b5262cbe3fa771a9dc49a512a fe3e80ad3883e9ddf9b3f471692b8f5f2c3033d2 |
| # Get all of our variables | ||
| VERSION=$(jq -r ".[] | select(.id == \"${a}\") | .releases[0].version" "$APPS_PER_VERSION") | ||
| URL=$(jq -r ".[] | select(.id == \"${a}\") | .releases[0].download" "$APPS_PER_VERSION") | ||
| HASH=$(nix store prefetch-file --json --hash-type sha256 --unpack "$URL" | jq -r .hash) |
There was a problem hiding this comment.
This raises
[…]
++ jq -r .hash
++ nix store prefetch-file --json --hash-type sha256 --unpack https://github.com/nextcloud/bookmarks/releases/download/v14.2.2/bookmarks-14.2.2.tar.gz
error: unrecognised flag '--unpack'
when I try to run the generation script. How does this work? My nix version is nix (Nix) 2.18.4 .
There was a problem hiding this comment.
Ah, --unpack is nix 2.20.0/lix-exclusive. I'll send a followup that uses nix-prefetch-url instead, which has a backwards-compatible --unpack option that nix 2.18 can use.
There was a problem hiding this comment.
FWIW I fixed this up locally by requiring nixVersions.latest in the generate.sh script.
There was a problem hiding this comment.
I think we want to pin Nix to an explicit version here. Technically, you can still use Nix 2.3 to instantiate nixpkgs and requiring newer features is fine here, but it has to be made explicit.
|
So, this change feels a bit off and I'm considering to propose a revert now. Didn't the old update script ignore prereleases? I now get contacts 6.0 rc1 and a nightly release for maps. That said, I don't think that a hacky bash script is the best option here. What is the current issue even? Also, how do we want to proceed with stable backports? Given that Nextcloud discloses vulnerabilities a few weeks after the release, we should still backport Nextcloud. But now I have to do it manually because
|
|
Looking at how nextcloud filters out pre-releases and nightly versions. Shouldn't be too hard, and will push a PR with updated packages and script. |
No, I've seen plenty of nightly versions with nc4nix in the past. |
|
So, I did a bit of debugging:
We'll always get the RC here even though there's a 6.0.0 out already. I'm pretty sure that's the case that helsinki-systems/nc4nix#5 is fixing. I'm not sure though how nightly versions appeared here, perhaps a bug (cc @onny). First and foremost, this is clearly a regression from this fetcher. |
|
I see two possibilities for moving this forward:
I would prefer the second option, since it places less maintenance burden on us. What are your thoughts on this? |
| # Ensure the app exists in the file | ||
| if [ "$(jq -r ".[] | select(.id == \"${a}\")" "$APPS_PER_VERSION")" != "" ]; then | ||
| # Get all of our variables | ||
| VERSION=$(jq -r ".[] | select(.id == \"${a}\") | .releases[0].version" "$APPS_PER_VERSION") |
There was a problem hiding this comment.
This just picks the first item in releases, which might not actually be the most recent version. See e.g. the calendar app.
Description of changes
This updates the nextcloudPackages sets to use SRI hashes instead of sha256 hashes, and regenerates the package set using a new generation script that just uses bash, jq, and curl, as the previous generation script's tool, nc4nix, doesn't work properly anymore. This should make updating the package set in the future better and more robust. I've double-checked that the new hashes work properly, so this should not need to be reverted in future(as happened in #326912)
Things done
nix.conf? (See Nix manual)sandbox = relaxedsandbox = truenix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage./result/bin/)Add a 👍 reaction to pull requests you find important.