Skip to content

pomerium: 0.14.7 -> 0.15.7#138359

Merged
lukegb merged 4 commits intoNixOS:masterfrom
lukegb:pomerium
Dec 21, 2021
Merged

pomerium: 0.14.7 -> 0.15.7#138359
lukegb merged 4 commits intoNixOS:masterfrom
lukegb:pomerium

Conversation

@lukegb
Copy link
Contributor

@lukegb lukegb commented Sep 18, 2021

Motivation for this change

Update Pomerium to latest version. Includes bumps to Envoy to match what upstream has done, and a bump to Gn because otherwise Envoy doesn't build.

Things done
  • Built on platform(s)
    • x86_64-linux
    • aarch64-linux
    • x86_64-darwin
    • aarch64-darwin
  • For non-Linux: Is sandbox = true set in nix.conf? (See Nix manual)
  • [ x Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
  • Tested compilation of all packages that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review wip"
  • Tested execution of all binary files (usually in ./result/bin/)
  • 21.11 Release Notes (or backporting 21.05 Release notes)
    • (Package updates) Added a release notes entry if the change is major or breaking
    • (Module updates) Added a release notes entry if the change is significant
    • (Module addition) Added a release notes entry if adding a new NixOS module
  • Fits CONTRIBUTING.md.

@lukegb
Copy link
Contributor Author

lukegb commented Sep 18, 2021

I suspect that Envoy's bazel build hashes won't be stable and I'll have to do some more surgery...

@ofborg ofborg bot added 10.rebuild-darwin: 11-100 This PR causes between 11 and 100 packages to rebuild on Darwin. 10.rebuild-linux: 101-500 This PR causes between 101 and 500 packages to rebuild on Linux. labels Sep 18, 2021
@lukegb
Copy link
Contributor Author

lukegb commented Sep 19, 2021

Result of nixpkgs-review pr 138359 run on x86_64-linux 1

114 packages marked as broken and skipped:
  • falkon
  • kexi
  • libsForQt512.akonadi-calendar
  • libsForQt512.akonadi-calendar-tools
  • libsForQt512.akonadi-contacts
  • libsForQt512.akonadi-import-wizard
  • libsForQt512.akonadiconsole
  • libsForQt512.akregator
  • libsForQt512.calendarsupport
  • libsForQt512.eventviews
  • libsForQt512.incidenceeditor
  • libsForQt512.kaccounts-providers
  • libsForQt512.kaddressbook
  • libsForQt512.kalarm
  • libsForQt512.kde-cli-tools
  • libsForQt512.kdepim-addons
  • libsForQt512.kdepim-runtime
  • libsForQt512.kdeplasma-addons
  • libsForQt512.kgpg
  • libsForQt512.khotkeys
  • libsForQt512.kinfocenter
  • libsForQt512.kio-gdrive
  • libsForQt512.kmail
  • libsForQt512.kmail-account-wizard
  • libsForQt512.kmailtransport
  • libsForQt512.kmenuedit
  • libsForQt512.knotes
  • libsForQt512.konqueror
  • libsForQt512.kontact
  • libsForQt512.korganizer
  • libsForQt512.kreport
  • libsForQt512.krohnkite
  • libsForQt512.ksystemstats
  • libsForQt512.kwin-dynamic-workspaces
  • libsForQt512.kwin-tiling
  • libsForQt512.libgravatar
  • libsForQt512.libkdepim
  • libsForQt512.libkgapi
  • libsForQt512.libksieve
  • libsForQt512.libksysguard
  • libsForQt512.mailcommon
  • libsForQt512.mailimporter
  • libsForQt512.marble
  • libsForQt512.mbox-importer
  • libsForQt512.messagelib
  • libsForQt512.parachute
  • libsForQt512.pim-data-exporter
  • libsForQt512.pim-sieve-editor
  • libsForQt512.pimcommon
  • libsForQt512.plasma-browser-integration
  • libsForQt512.plasma-desktop
  • libsForQt512.plasma-disks
  • libsForQt512.plasma-systemmonitor
  • libsForQt512.plasma-vault
  • libsForQt512.plasma-workspace
  • libsForQt512.powerdevil
  • libsForQt512.systemsettings
  • libsForQt514.akonadi-calendar
  • libsForQt514.akonadi-calendar-tools
  • libsForQt514.akonadi-contacts
  • libsForQt514.akonadi-import-wizard
  • libsForQt514.akonadiconsole
  • libsForQt514.akregator
  • libsForQt514.calendarsupport
  • libsForQt514.eventviews
  • libsForQt514.incidenceeditor
  • libsForQt514.kaccounts-providers
  • libsForQt514.kaddressbook
  • libsForQt514.kalarm
  • libsForQt514.kde-cli-tools
  • libsForQt514.kdepim-addons
  • libsForQt514.kdepim-runtime
  • libsForQt514.kdeplasma-addons
  • libsForQt514.kgpg
  • libsForQt514.khotkeys
  • libsForQt514.kinfocenter
  • libsForQt514.kio-gdrive
  • libsForQt514.kmail
  • libsForQt514.kmail-account-wizard
  • libsForQt514.kmailtransport
  • libsForQt514.kmenuedit
  • libsForQt514.knotes
  • libsForQt514.konqueror
  • libsForQt514.kontact
  • libsForQt514.korganizer
  • libsForQt514.kreport
  • libsForQt514.krohnkite
  • libsForQt514.ksystemstats
  • libsForQt514.kwin-dynamic-workspaces
  • libsForQt514.kwin-tiling
  • libsForQt514.libgravatar
  • libsForQt514.libkdepim
  • libsForQt514.libkgapi
  • libsForQt514.libksieve
  • libsForQt514.libksysguard
  • libsForQt514.mailcommon
  • libsForQt514.mailimporter
  • libsForQt514.marble
  • libsForQt514.mbox-importer
  • libsForQt514.messagelib
  • libsForQt514.parachute
  • libsForQt514.pim-data-exporter
  • libsForQt514.pim-sieve-editor
  • libsForQt514.pimcommon
  • libsForQt514.plasma-browser-integration
  • libsForQt514.plasma-desktop
  • libsForQt514.plasma-disks
  • libsForQt514.plasma-systemmonitor
  • libsForQt514.plasma-vault
  • libsForQt514.plasma-workspace
  • libsForQt514.powerdevil
  • libsForQt514.systemsettings
  • multibootusb
  • toggldesktop
45 packages failed to build:
  • calligra
  • cq-editor
  • csound-qt
  • discourse
  • discourseAllPlugins
  • gitlab
  • gitlab-ee
  • golden-cheetah
  • gollum
  • libsForQt5.plasma-vault (libsForQt515.plasma-vault ,plasma5Packages.plasma-vault)
  • qt512.full (libsForQt512.full)
  • qt512.qtwebengine (libsForQt512.qtwebengine)
  • qt512.qtwebview (libsForQt512.qtwebview)
  • qt514.full (libsForQt514.full)
  • qt514.qtwebengine (libsForQt514.qtwebengine)
  • qt514.qtwebview (libsForQt514.qtwebview)
  • mendeley
  • minizincide
  • musescore
  • nmapsi4
  • p4v
  • plex-media-player
  • postgresql11Packages.plv8
  • postgresql12Packages.plv8
  • postgresqlPackages.plv8 (postgresql13Packages.plv8)
  • python-qt
  • python38Packages.spyder
  • python38Packages.tumpa
  • python39Packages.tumpa
  • rubyPackages.coffee-script (rubyPackages_2_7.coffee-script)
  • rubyPackages.execjs (rubyPackages_2_7.execjs)
  • rubyPackages.github-pages (rubyPackages_2_7.github-pages)
  • rubyPackages.jekyll-coffeescript (rubyPackages_2_7.jekyll-coffeescript)
  • rubyPackages.libv8 (rubyPackages_2_7.libv8)
  • rubyPackages_2_6.coffee-script
  • rubyPackages_2_6.execjs
  • rubyPackages_2_6.github-pages
  • rubyPackages_2_6.jekyll-coffeescript
  • rubyPackages_2_6.libv8
  • rubyPackages_3_0.coffee-script
  • rubyPackages_3_0.execjs
  • rubyPackages_3_0.github-pages
  • rubyPackages_3_0.jekyll-coffeescript
  • rubyPackages_3_0.libv8
  • v8
144 packages built:
  • amarok (amarok-kf5)
  • angelfish
  • anki
  • ankisyncd
  • aseprite-unfree
  • calamares
  • calibre
  • chromium
  • clipgrab
  • cutter
  • digikam
  • eagle
  • envoy
  • fast-cli
  • fcitx-engines.libpinyin
  • fcitx5-chinese-addons
  • freecad
  • frescobaldi
  • ghostwriter
  • globalprotect-openconnect
  • gn
  • hqplayer-desktop
  • hydrus
  • insync-v3
  • jellyfin-media-player
  • jellyfin-mpv-shim
  • kbibtex
  • kdeltachat
  • kdev-php
  • kdev-python
  • kdevelop
  • kdevelop-unwrapped
  • kiwix
  • libsForQt5.akonadi-calendar (libsForQt515.akonadi-calendar ,plasma5Packages.akonadi-calendar)
  • libsForQt5.akonadi-calendar-tools (libsForQt515.akonadi-calendar-tools ,plasma5Packages.akonadi-calendar-tools)
  • libsForQt5.akonadi-contacts (libsForQt515.akonadi-contacts ,plasma5Packages.akonadi-contacts)
  • libsForQt5.akonadi-import-wizard (libsForQt515.akonadi-import-wizard ,plasma5Packages.akonadi-import-wizard)
  • libsForQt5.akonadiconsole (libsForQt515.akonadiconsole ,plasma5Packages.akonadiconsole)
  • libsForQt5.akregator (libsForQt515.akregator ,plasma5Packages.akregator)
  • libsForQt5.calendarsupport (libsForQt515.calendarsupport ,plasma5Packages.calendarsupport)
  • libsForQt5.eventviews (libsForQt515.eventviews ,plasma5Packages.eventviews)
  • qt5Full (qt5.full)
  • libsForQt5.incidenceeditor (libsForQt515.incidenceeditor ,plasma5Packages.incidenceeditor)
  • libsForQt5.kaccounts-providers (libsForQt515.kaccounts-providers ,plasma5Packages.kaccounts-providers)
  • libsForQt5.kaddressbook (libsForQt515.kaddressbook ,plasma5Packages.kaddressbook)
  • libsForQt5.kalarm (libsForQt515.kalarm ,plasma5Packages.kalarm)
  • libsForQt5.kde-cli-tools (libsForQt515.kde-cli-tools ,plasma5Packages.kde-cli-tools)
  • libsForQt5.kdepim-addons (libsForQt515.kdepim-addons ,plasma5Packages.kdepim-addons)
  • libsForQt5.kdepim-runtime (libsForQt515.kdepim-runtime ,plasma5Packages.kdepim-runtime)
  • libsForQt5.kdeplasma-addons (libsForQt515.kdeplasma-addons ,plasma5Packages.kdeplasma-addons)
  • libsForQt5.kgpg (libsForQt515.kgpg ,plasma5Packages.kgpg)
  • libsForQt5.khotkeys (libsForQt515.khotkeys ,plasma5Packages.khotkeys)
  • libsForQt5.kinfocenter (libsForQt515.kinfocenter ,plasma5Packages.kinfocenter)
  • libsForQt5.kio-gdrive (libsForQt515.kio-gdrive ,plasma5Packages.kio-gdrive)
  • libsForQt5.kmail (libsForQt515.kmail ,plasma5Packages.kmail)
  • libsForQt5.kmail-account-wizard (libsForQt515.kmail-account-wizard ,plasma5Packages.kmail-account-wizard)
  • libsForQt5.kmailtransport (libsForQt515.kmailtransport ,plasma5Packages.kmailtransport)
  • libsForQt5.kmenuedit (libsForQt515.kmenuedit ,plasma5Packages.kmenuedit)
  • libsForQt5.knotes (libsForQt515.knotes ,plasma5Packages.knotes)
  • libsForQt5.konqueror (libsForQt515.konqueror ,plasma5Packages.konqueror)
  • libsForQt5.kontact (libsForQt515.kontact ,plasma5Packages.kontact)
  • libsForQt5.korganizer (libsForQt515.korganizer ,plasma5Packages.korganizer)
  • libsForQt5.kreport (libsForQt515.kreport ,plasma5Packages.kreport)
  • libsForQt5.krohnkite (libsForQt515.krohnkite ,plasma5Packages.krohnkite)
  • libsForQt5.ksystemstats (libsForQt515.ksystemstats ,plasma5Packages.ksystemstats)
  • libsForQt5.kwin-dynamic-workspaces (libsForQt515.kwin-dynamic-workspaces ,plasma5Packages.kwin-dynamic-workspaces)
  • libsForQt5.kwin-tiling (libsForQt515.kwin-tiling ,plasma5Packages.kwin-tiling)
  • libsForQt5.libgravatar (libsForQt515.libgravatar ,plasma5Packages.libgravatar)
  • libsForQt5.libkdepim (libsForQt515.libkdepim ,plasma5Packages.libkdepim)
  • libsForQt5.libkgapi (libsForQt515.libkgapi ,plasma5Packages.libkgapi)
  • libsForQt5.libksieve (libsForQt515.libksieve ,plasma5Packages.libksieve)
  • libsForQt5.libksysguard (libsForQt515.libksysguard ,plasma5Packages.libksysguard)
  • libsForQt5.mailcommon (libsForQt515.mailcommon ,plasma5Packages.mailcommon)
  • libsForQt5.mailimporter (libsForQt515.mailimporter ,plasma5Packages.mailimporter)
  • libsForQt5.marble (libsForQt515.marble ,plasma5Packages.marble)
  • libsForQt5.mbox-importer (libsForQt515.mbox-importer ,plasma5Packages.mbox-importer)
  • libsForQt5.messagelib (libsForQt515.messagelib ,plasma5Packages.messagelib)
  • libsForQt5.parachute (libsForQt515.parachute ,plasma5Packages.parachute)
  • libsForQt5.pim-data-exporter (libsForQt515.pim-data-exporter ,plasma5Packages.pim-data-exporter)
  • libsForQt5.pim-sieve-editor (libsForQt515.pim-sieve-editor ,plasma5Packages.pim-sieve-editor)
  • libsForQt5.pimcommon (libsForQt515.pimcommon ,plasma5Packages.pimcommon)
  • libsForQt5.plasma-browser-integration (libsForQt515.plasma-browser-integration ,plasma5Packages.plasma-browser-integration)
  • libsForQt5.plasma-desktop (libsForQt515.plasma-desktop ,plasma5Packages.plasma-desktop)
  • libsForQt5.plasma-disks (libsForQt515.plasma-disks ,plasma5Packages.plasma-disks)
  • libsForQt5.plasma-systemmonitor (libsForQt515.plasma-systemmonitor ,plasma5Packages.plasma-systemmonitor)
  • libsForQt5.plasma-workspace (libsForQt515.plasma-workspace ,plasma5Packages.plasma-workspace)
  • libsForQt5.powerdevil (libsForQt515.powerdevil ,plasma5Packages.powerdevil)
  • qt5.qtwebengine (libsForQt5.qtwebengine ,qt515.qtwebengine)
  • qt5.qtwebview (libsForQt5.qtwebview ,qt515.qtwebview)
  • libsForQt5.systemsettings (libsForQt515.systemsettings ,plasma5Packages.systemsettings)
  • luminanceHDR
  • mellowplayer
  • merkaartor
  • mindforger
  • mnemosyne
  • neovide
  • nextcloud-client
  • onionshare-gui
  • patray
  • pentobi
  • pomerium
  • psi
  • puppeteer-cli
  • python38Packages.foxdot
  • python38Packages.pyqtwebengine
  • python38Packages.pyside2
  • python38Packages.pyside2-tools
  • python38Packages.pywebview
  • python39Packages.foxdot
  • python39Packages.pyqtwebengine
  • python39Packages.pyside2
  • python39Packages.pyside2-tools
  • python39Packages.pywebview
  • qmapshack
  • qolibri
  • qsyncthingtray
  • qutebrowser
  • rssguard
  • rstudio
  • rstudioWrapper
  • seafile-client
  • semantik
  • sigil
  • skrooge
  • sl1-to-photon
  • sonic-pi
  • supercollider
  • supercollider_scel
  • syncplay
  • syncthingtray
  • tageditor
  • teamspeak_client
  • tellico
  • texmaker
  • trojita
  • ungoogled-chromium
  • vnote
  • wacomtablet
  • webmacs
  • yuzu-ea
  • yuzu-mainline
  • zanshin
  • zeal
  • zombietrackergps

@lukegb
Copy link
Contributor Author

lukegb commented Sep 19, 2021

OK, this gn bump doesn't work with this v8 build... Taking a look.

@lukegb lukegb marked this pull request as draft September 20, 2021 07:48
@risicle risicle added the 1.severity: security Issues which raise a security issue, or PRs that fix one label Dec 6, 2021
@risicle
Copy link
Contributor

risicle commented Dec 6, 2021
edited
Loading

https://nvd.nist.gov/vuln/detail/CVE-2021-39206
https://nvd.nist.gov/vuln/detail/CVE-2021-39204
https://nvd.nist.gov/vuln/detail/CVE-2021-41230

#147901

@lukegb
Copy link
Contributor Author

lukegb commented Dec 7, 2021

I'm going to fix this by importing a newer version of gn just for pomerium.

@lukegb
gn1924: init at 2021-08-08, use generic derivation generator
786b421 
Split into "current" version, as used by most things (aka gn),
and "gn1924", which uses a more recent version of gn which is
incompatible with the currently packaged version of v8 in nixpkgs.

We can't win, but I need a newer version of gn for envoy.

Note that the newer gn matches the version in Chromium's DEPS for
v93.0.4577.82, the current Linux stable build as of September.
@lukegb lukegb changed the title pomerium: 0.14.7 -> 0.15.2 pomerium: 0.14.7 -> 0.15.7 Dec 7, 2021
@lukegb
Copy link
Contributor Author

lukegb commented Dec 7, 2021

@ofborg build gn gn1924 envoy pomerium
@ofborg test pomerium

@ofborg ofborg bot added 8.has: package (new) This PR adds a new package 10.rebuild-darwin: 1-10 This PR causes between 1 and 10 packages to rebuild on Darwin. 10.rebuild-darwin: 1 This PR causes 1 package to rebuild on Darwin. 10.rebuild-linux: 1-10 This PR causes between 1 and 10 packages to rebuild on Linux. and removed 10.rebuild-darwin: 11-100 This PR causes between 11 and 100 packages to rebuild on Darwin. 10.rebuild-linux: 101-500 This PR causes between 101 and 500 packages to rebuild on Linux. labels Dec 7, 2021
lukegb added 2 commits December 7, 2021 13:41
@lukegb
envoy: 1.17.3 -> 1.19.1
637d735 
This now uses gn1924 to allow v8 to build properly.
@lukegb
pomerium: 0.14.7 -> 0.15.7
4099f93
@lukegb
Copy link
Contributor Author

lukegb commented Dec 7, 2021

@ofborg build gn gn1924 envoy pomerium
@ofborg test pomerium

@lukegb lukegb marked this pull request as ready for review December 7, 2021 14:35
@lukegb
Copy link
Contributor Author

lukegb commented Dec 7, 2021

This is ready for review, but I don't know why OfBorg isn't happy with this; in particular, it's finding a link failure, which I can't reproduce locally building /nix/store/bl3xsj6mym955b1v9d45yy2w4xgccgvs-envoy-1.19.1.drv:

ERROR: /build/source/source/exe/BUILD:23:16: Linking of rule '//source/exe:envoy-static' failed (Exit 1): gcc failed: error executing command /nix/store/xiq6j4jsyj351p8q3yw9cg1hdqp9m685-gcc-wrapper-10.3.0/bin/gcc @bazel-out/k8-opt/bin/source/exe/envoy-static-2.params
[4,995 / 4,995] checking cached actions
external/com_google_cel_cpp/parser/parser.cc:155: error: undefined reference to 'cel_grammar::CelLexer::~CelLexer()'
external/com_google_cel_cpp/parser/parser.cc:157: error: undefined reference to 'cel_grammar::CelParser::~CelParser()'
external/com_google_cel_cpp/parser/parser.cc:155: error: undefined reference to 'cel_grammar::CelLexer::CelLexer(antlr4::CharStream*)'
external/com_google_cel_cpp/parser/parser.cc:157: error: undefined reference to 'cel_grammar::CelParser::CelParser(antlr4::TokenStream*)'
external/com_google_cel_cpp/parser/parser.cc:176: error: undefined reference to 'cel_grammar::CelParser::start()'
external/com_google_cel_cpp/parser/parser.cc:157: error: undefined reference to 'cel_grammar::CelParser::~CelParser()'
external/com_google_cel_cpp/parser/parser.cc:155: error: undefined reference to 'cel_grammar::CelLexer::~CelLexer()'
bazel-out/k8-opt/bin/external/com_google_cel_cpp/parser/_objs/parser/parser.o(.debug_addr+0xc08): error: undefined reference to 'cel_grammar::CelParser::start()'
external/com_google_cel_cpp/parser/visitor.cc:134: error: undefined reference to 'cel_grammar::CelParser::StartContext::expr()'
external/com_google_cel_cpp/parser/visitor.cc:102: error: undefined reference to 'cel_grammar::CelParser::PrimaryExprContext::primary()'
external/com_google_cel_cpp/parser/visitor.cc:46: error: undefined reference to 'typeinfo for cel_grammar::CelParser::NestedContext'
external/com_google_cel_cpp/parser/visitor.cc:46: error: undefined reference to 'typeinfo for cel_grammar::CelParser::IdentOrGlobalCallContext'
external/com_google_cel_cpp/parser/visitor.cc:46: error: undefined reference to 'typeinfo for cel_grammar::CelParser::CreateListContext'
external/com_google_cel_cpp/parser/visitor.cc:46: error: undefined reference to 'typeinfo for cel_grammar::CelParser::CreateStructContext'
external/com_google_cel_cpp/parser/visitor.cc:46: error: undefined reference to 'typeinfo for cel_grammar::CelParser::ConstantLiteralContext'
external/com_google_cel_cpp/parser/visitor.cc:120: error: undefined reference to 'cel_grammar::CelParser::MemberExprContext::member()'
external/com_google_cel_cpp/parser/visitor.cc:46: error: undefined reference to 'typeinfo for cel_grammar::CelParser::PrimaryExprContext'
external/com_google_cel_cpp/parser/visitor.cc:46: error: undefined reference to 'typeinfo for cel_grammar::CelParser::SelectOrCallContext'
external/com_google_cel_cpp/parser/visitor.cc:46: error: undefined reference to 'typeinfo for cel_grammar::CelParser::IndexContext'
external/com_google_cel_cpp/parser/visitor.cc:46: error: undefined reference to 'typeinfo for cel_grammar::CelParser::CreateMessageContext'
external/com_google_cel_cpp/parser/visitor.cc:46: error: undefined reference to 'typeinfo for cel_grammar::CelParser::StartContext'
external/com_google_cel_cpp/parser/visitor.cc:134: error: undefined reference to 'cel_grammar::CelParser::StartContext::expr()'
external/com_google_cel_cpp/parser/visitor.cc:46: error: undefined reference to 'typeinfo for cel_grammar::CelParser::ExprContext'
external/com_google_cel_cpp/parser/visitor.cc:46: error: undefined reference to 'typeinfo for cel_grammar::CelParser::ConditionalAndContext'
external/com_google_cel_cpp/parser/visitor.cc:46: error: undefined reference to 'typeinfo for cel_grammar::CelParser::ConditionalOrContext'
external/com_google_cel_cpp/parser/visitor.cc:46: error: undefined reference to 'typeinfo for cel_grammar::CelParser::RelationContext'
external/com_google_cel_cpp/parser/visitor.cc:46: error: undefined reference to 'typeinfo for cel_grammar::CelParser::CalcContext'
external/com_google_cel_cpp/parser/visitor.cc:46: error: undefined reference to 'typeinfo for cel_grammar::CelParser::LogicalNotContext'
external/com_google_cel_cpp/parser/visitor.cc:46: error: undefined reference to 'typeinfo for cel_grammar::CelParser::PrimaryExprContext'
external/com_google_cel_cpp/parser/visitor.cc:46: error: undefined reference to 'typeinfo for cel_grammar::CelParser::MemberExprContext'
external/com_google_cel_cpp/parser/visitor.cc:46: error: undefined reference to 'typeinfo for cel_grammar::CelParser::SelectOrCallContext'
external/com_google_cel_cpp/parser/visitor.cc:46: error: undefined reference to 'typeinfo for cel_grammar::CelParser::MapInitializerListContext'
external/com_google_cel_cpp/parser/visitor.cc:46: error: undefined reference to 'typeinfo for cel_grammar::CelParser::NegateContext'
external/com_google_cel_cpp/parser/visitor.cc:46: error: undefined reference to 'typeinfo for cel_grammar::CelParser::IndexContext'
external/com_google_cel_cpp/parser/visitor.cc:46: error: undefined reference to 'typeinfo for cel_grammar::CelParser::UnaryContext'
external/com_google_cel_cpp/parser/visitor.cc:46: error: undefined reference to 'typeinfo for cel_grammar::CelParser::CreateListContext'
external/com_google_cel_cpp/parser/visitor.cc:46: error: undefined reference to 'typeinfo for cel_grammar::CelParser::CreateMessageContext'
external/com_google_cel_cpp/parser/visitor.cc:46: error: undefined reference to 'typeinfo for cel_grammar::CelParser::CreateStructContext'
external/com_google_cel_cpp/parser/visitor.cc:361: error: undefined reference to 'cel_grammar::CelParser::ConstantLiteralContext::literal()'
external/com_google_cel_cpp/parser/visitor.cc:46: error: undefined reference to 'typeinfo for cel_grammar::CelParser::IntContext'
external/com_google_cel_cpp/parser/visitor.cc:46: error: undefined reference to 'typeinfo for cel_grammar::CelParser::UintContext'
external/com_google_cel_cpp/parser/visitor.cc:46: error: undefined reference to 'typeinfo for cel_grammar::CelParser::DoubleContext'
external/com_google_cel_cpp/parser/visitor.cc:46: error: undefined reference to 'typeinfo for cel_grammar::CelParser::StringContext'
external/com_google_cel_cpp/parser/visitor.cc:46: error: undefined reference to 'typeinfo for cel_grammar::CelParser::BytesContext'
external/com_google_cel_cpp/parser/visitor.cc:46: error: undefined reference to 'typeinfo for cel_grammar::CelParser::BoolFalseContext'
external/com_google_cel_cpp/parser/visitor.cc:46: error: undefined reference to 'typeinfo for cel_grammar::CelParser::BoolTrueContext'
external/com_google_cel_cpp/parser/visitor.cc:46: error: undefined reference to 'typeinfo for cel_grammar::CelParser::NullContext'
external/com_google_cel_cpp/parser/visitor.cc:263: error: undefined reference to 'cel_grammar::CelParser::IndexContext::member()'
external/com_google_cel_cpp/parser/visitor.cc:249: error: undefined reference to 'cel_grammar::CelParser::SelectOrCallContext::member()'
external/com_google_cel_cpp/parser/visitor.cc:231: error: undefined reference to 'cel_grammar::CelParser::LogicalNotContext::member()'
external/com_google_cel_cpp/parser/visitor.cc:234: error: undefined reference to 'cel_grammar::CelParser::LogicalNotContext::member()'
external/com_google_cel_cpp/parser/visitor.cc:240: error: undefined reference to 'cel_grammar::CelParser::NegateContext::member()'
external/com_google_cel_cpp/parser/visitor.cc:243: error: undefined reference to 'cel_grammar::CelParser::NegateContext::member()'
external/com_google_cel_cpp/parser/visitor.cc:189: error: undefined reference to 'cel_grammar::CelParser::RelationContext::calc()'
external/com_google_cel_cpp/parser/visitor.cc:190: error: undefined reference to 'cel_grammar::CelParser::RelationContext::calc()'
external/com_google_cel_cpp/parser/visitor.cc:198: error: undefined reference to 'cel_grammar::CelParser::RelationContext::relation(unsigned long)'
external/com_google_cel_cpp/parser/visitor.cc:200: error: undefined reference to 'cel_grammar::CelParser::RelationContext::relation(unsigned long)'
external/com_google_cel_cpp/parser/visitor.cc:207: error: undefined reference to 'cel_grammar::CelParser::CalcContext::unary()'
external/com_google_cel_cpp/parser/visitor.cc:208: error: undefined reference to 'cel_grammar::CelParser::CalcContext::unary()'
external/com_google_cel_cpp/parser/visitor.cc:216: error: undefined reference to 'cel_grammar::CelParser::CalcContext::calc(unsigned long)'
external/com_google_cel_cpp/parser/visitor.cc:218: error: undefined reference to 'cel_grammar::CelParser::CalcContext::calc(unsigned long)'
external/com_google_cel_cpp/parser/visitor.cc:271: error: undefined reference to 'cel_grammar::CelParser::CreateMessageContext::member()'
bazel-out/k8-opt/bin/external/com_google_cel_cpp/parser/_objs/visitor/visitor.o(.debug_addr+0x580): error: undefined reference to 'cel_grammar::CelParser::CreateMessageContext::member()'
bazel-out/k8-opt/bin/external/com_google_cel_cpp/parser/_objs/visitor/visitor.o(.debug_addr+0x1770): error: undefined reference to 'cel_grammar::CelParser::SelectOrCallContext::member()'
bazel-out/k8-opt/bin/external/com_google_cel_cpp/parser/_objs/visitor/visitor.o(.debug_addr+0x1988): error: undefined reference to 'cel_grammar::CelParser::NegateContext::member()'
bazel-out/k8-opt/bin/external/com_google_cel_cpp/parser/_objs/visitor/visitor.o(.debug_addr+0x2fb0): error: undefined reference to 'cel_grammar::CelParser::CalcContext::unary()'
bazel-out/k8-opt/bin/external/com_google_cel_cpp/parser/_objs/visitor/visitor.o(.debug_addr+0x3bf0): error: undefined reference to 'cel_grammar::CelParser::CalcContext::calc(unsigned long)'
bazel-out/k8-opt/bin/external/com_google_cel_cpp/parser/_objs/visitor/visitor.o(.debug_addr+0x4eb8): error: undefined reference to 'cel_grammar::CelParser::IndexContext::member()'
bazel-out/k8-opt/bin/external/com_google_cel_cpp/parser/_objs/visitor/visitor.o(.debug_addr+0x4f58): error: undefined reference to 'cel_grammar::CelParser::RelationContext::calc()'
bazel-out/k8-opt/bin/external/com_google_cel_cpp/parser/_objs/visitor/visitor.o(.debug_addr+0x58b0): error: undefined reference to 'cel_grammar::CelParser::LogicalNotContext::member()'
bazel-out/k8-opt/bin/external/com_google_cel_cpp/parser/_objs/visitor/visitor.o(.debug_addr+0x7980): error: undefined reference to 'cel_grammar::CelParser::StartContext::expr()'
bazel-out/k8-opt/bin/external/com_google_cel_cpp/parser/_objs/visitor/visitor.o(.debug_addr+0x85d8): error: undefined reference to 'cel_grammar::CelParser::MemberExprContext::member()'
bazel-out/k8-opt/bin/external/com_google_cel_cpp/parser/_objs/visitor/visitor.o(.debug_addr+0x8940): error: undefined reference to 'cel_grammar::CelParser::PrimaryExprContext::primary()'
bazel-out/k8-opt/bin/external/com_google_cel_cpp/parser/_objs/visitor/visitor.o(.debug_addr+0xb0e8): error: undefined reference to 'cel_grammar::CelParser::RelationContext::relation(unsigned long)'
bazel-out/k8-opt/bin/external/com_google_cel_cpp/parser/_objs/visitor/visitor.o(.debug_addr+0xd3b8): error: undefined reference to 'cel_grammar::CelParser::ConstantLiteralContext::literal()'
collect2: error: ld returned 1 exit status
[4,995 / 4,995] checking cached actions
Target //source/exe:envoy-static failed to build

@lukegb
pomerium: use on-disk envoy
74560e3 
We can set an override path for Envoy's binary location now, so
do that instead of the previous thing of embedding the binary.

Note that we still need to include the SHA256/version of the binary
we're referring to, but Through The Power Of Nix™ we can do that
with relative ease.
@lukegb
Copy link
Contributor Author

lukegb commented Dec 7, 2021

@stesie @matthewbauer @primeos for changes to gn

I tried to get things working, but between building Node and Chromium and Envoy's bundled V8 I couldn't make it work with just one gn version :(

@mohe2015
Copy link
Contributor

mohe2015 commented Dec 21, 2021

Result of nixpkgs-review pr 138359 run on x86_64-linux 1

3 packages built:
  • envoy
  • gn1924
  • pomerium

@mohe2015
Copy link
Contributor

mohe2015 commented Dec 21, 2021 

@nix { "action": "setPhase", "phase": "unpackPhase" }
unpacking sources
@nix { "action": "setPhase", "phase": "patchPhase" }
patching sources
@nix { "action": "setPhase", "phase": "configurePhase" }
configuring
gn flags:  
ERROR Can't find source root.
I could not find a ".gn" file in the current directory or any parent,
and the --root command-line argument was not specified.

@lukegb
Copy link
Contributor Author

lukegb commented Dec 21, 2021 

@nix { "action": "setPhase", "phase": "unpackPhase" }
unpacking sources
@nix { "action": "setPhase", "phase": "patchPhase" }
patching sources
@nix { "action": "setPhase", "phase": "configurePhase" }
configuring
gn flags:  
ERROR Can't find source root.
I could not find a ".gn" file in the current directory or any parent,
and the --root command-line argument was not specified.

You're gonna have to be more specific, I think? Your previous comment seemed to indicate you managed to build everything successfully.

@mohe2015
Copy link
Contributor

mohe2015 commented Dec 21, 2021

@lukegb Honestly I was irritated myself. I was just quickly going over all security PRs and the second error came from nixpkgs-review but it also reported it could build everything. I will try again.

@mohe2015

This comment has been minimized.

Sign in to view
@mohe2015
Copy link
Contributor

mohe2015 commented Dec 21, 2021
edited
Loading

Full output:

LC_ALL=C nix run --impure github:NixOS/nixpkgs#nixpkgs-review pr 138359
$ git -c fetch.prune=false fetch --no-tags --force https://github.com/NixOS/nixpkgs master:refs/nixpkgs-review/0 pull/138359/head:refs/nixpkgs-review/1
$ git worktree add /home/moritz/.cache/nixpkgs-review/pr-138359-6/nixpkgs 741de109d34f6cc8c1c6d6b0aee2599cff689e4b
Preparing worktree (detached HEAD 741de109d34)
Updating files: 100% (29344/29344), done.
HEAD is now at 741de109d34 Merge pull request #151593 from fabaff/bump-checkov
$ git merge --no-commit --no-ff 74560e35e5c8ada70bb170be352d8996160f7be3
Auto-merging pkgs/top-level/all-packages.nix
Automatic merge went well; stopped before committing as requested
$ nix --experimental-features nix-command build --no-link --keep-going --option build-use-sandbox relaxed -f /home/moritz/.cache/nixpkgs-review/pr-138359-6/build.nix
error: builder for '/nix/store/bwyb5wshj1dycfc0wisnxmv1x49x9i1r-review-shell.drv' failed with exit code 1;
       last 7 log lines:
       > unpacking sources
       > patching sources
       > configuring
       > gn flags:
       > ERROR Can't find source root.
       > I could not find a ".gn" file in the current directory or any parent,
       > and the --root command-line argument was not specified.
       For full logs, run 'nix log /nix/store/bwyb5wshj1dycfc0wisnxmv1x49x9i1r-review-shell.drv'.

Link to currently reviewing PR:
https://github.com/NixOS/nixpkgs/pull/138359

3 packages built:
envoy gn1924 pomerium

$ nix-shell /home/moritz/.cache/nixpkgs-review/pr-138359-6/shell.nix

@mohe2015
Copy link
Contributor

mohe2015 commented Dec 21, 2021
edited
Loading

build.nix contains

{ pkgs ? import ./nixpkgs { system = "x86_64-linux"; } }:
with pkgs;
let
  paths = [
        envoy
        gn1924
        pomerium
  ];
  env = buildEnv {
    name = "env";
    inherit paths;
    ignoreCollisions = true;
  };
in stdenv.mkDerivation rec {
  name = "review-shell";
  preferLocalBuild = true;
  allowSubstitutes = false;
  buildInputs = if builtins.length paths > 50 then [ env ] else paths;
  unpackPhase = ":";
  installPhase = "touch $out";
}

@mohe2015
Copy link
Contributor

mohe2015 commented Dec 21, 2021

I think it can be ignored

@mohe2015
Copy link
Contributor

mohe2015 commented Dec 21, 2021
edited
Loading

nix build -L .#nixosTests.pomerium passed

@lukegb
Copy link
Contributor Author

lukegb commented Dec 21, 2021
edited
Loading

Ah right, I see the problem - because it includes gn as a dependency, the review shell inherited the gn build hook, which promptly failed because it couldn't actually find anything to actually build with gn. It's WAI but a little confusing. Thanks for the context.

@lukegb lukegb merged commit b4d776b into NixOS:master Dec 21, 2021
@lukegb lukegb deleted the pomerium branch December 21, 2021 21:48
This was referenced Oct 5, 2022
Closed
Closed
@skeuchel skeuchel mentioned this pull request Nov 3, 2024
Merged
13 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@kalbasit kalbasit Awaiting requested review from kalbasit

@stesie stesie Awaiting requested review from stesie

@primeos primeos Awaiting requested review from primeos

@matthewbauer matthewbauer Awaiting requested review from matthewbauer

Assignees

No one assigned

Labels

1.severity: security Issues which raise a security issue, or PRs that fix one 8.has: package (new) This PR adds a new package 10.rebuild-darwin: 1-10 This PR causes between 1 and 10 packages to rebuild on Darwin. 10.rebuild-darwin: 1 This PR causes 1 package to rebuild on Darwin. 10.rebuild-linux: 1-10 This PR causes between 1 and 10 packages to rebuild on Linux.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@lukegb @risicle @mohe2015