bazel: bazel_6 -> bazel_7; bazel_6: drop#435096
Conversation
nixpkgs-ci
bot
added
10.rebuild-linux: 11-100
emilazy
force-pushed
the
push-rxzpqpqmkvmr
branch
from
d89d778 to
202cc7f
Compare
|
While updating the existing packages that use bazel 7 instead of bazel 6 is a good idea, I'd prefer if the actual bazel 6, the build tool, will stay through 25.11 and maybe removed 26.05. bazel 6 is still supported up to December 2025 (https://bazel.build/release), so should be good for 25.11. After that, it is deprecated, but that doesn't mean that it isn't still useful. There will be plenty of projects that might want to use bazel 6 as bazel 7 can be a breaking change for them and they might only start switching after the deadline. In my personal projects (such as bant) I am using bazel and often explicitly choose bazel 6 to be able to test compatibility and not accidentally pick up too new bazel features, so I'd be bummed if I can't do that on my regularly updated NixOS. |
We support Nixpkgs releases for 7 months; removing software versions that will go EOL during the release window and not receive security support for its lifetime is standard procedure. Bazel 6 will be going EOL basically as soon as 25.11 releases. Bazel 5 has been out of security support for more than 25.05’s entire lifespan, which is really quite bad (and why it is being dropped in #434827). Note that Bazel 6’s current maintenance state already only receives critical security fixes.
It’ll still be possible to use Bazel 6 from an older Nixpkgs release, with all the attendant security implications. The alternative would be to mark it as |
|
Fair enough, I just wanted to bring in my perspective as developer (The last tagged bazel 6 release is https://github.com/bazelbuild/bazel/releases/tag/6.5.0 from January 2024, so it is not that there is a lot of churn.) |
nix-owners
bot
requested review from
GovanifY,
Profpatsch,
berberman,
hzeller,
lromor,
newAM and
pineapplehunter
|
Yeah, it is unfortunate. But the alternative would be that if there is a Bazel security issue that gets a fix that isn’t backported back to Bazel 6, we’d have to mark it with I’m not hugely opposed to keeping it for 25.11, but the fact that there’s only one package that can’t easily be bumped to Bazel 7 in Nixpkgs (edit: other than the source Ironically the one straggler is |
emilazy
force-pushed
the
push-rxzpqpqmkvmr
branch
from
202cc7f to
b88d784
Compare
pkgs/by-name/mo/mozc/package.nix
Outdated
There was a problem hiding this comment.
I found that mozc was not building on x86_64-linux. Bazel 7 introduced a platform-dependent file in the FOD.
Applying this patch should fix the issue.
fetchAttrs = {
- sha256 = "sha256-+N7AhSemcfhq6j0IUeWZ0DyVvr1l5FbAkB+kahTy3pM=";
+ hash = "sha256-c+v2vWvTmwJ7MFh3VJlUh+iSINjsX66W9K0UBX5K/1s=";
- # remove references of buildInputs and zip code files
preInstall = ''
- rm -rv $bazelOut/external/{ibus,qt_linux,zip_code_*}
+ # Remove zip code data. It will be replaced with jp-zip-codes from nixpkgs
+ rm -rv "$bazelOut"/external/zip_code_{jigyosyo,ken_all}
+ # Remove references to buildInputs
+ rm -rv "$bazelOut"/external/{ibus,qt_linux}
+ # Remove reference to the host platform
+ rm -rv "$bazelOut"/external/host_platform
'';
};There was a problem hiding this comment.
Thank you! These Bazel FODs are quite unfortunate…
I have applied both of these patches and credited you as a co‐author on the relevant commits; I hope you don’t mind. I’m verifying the build on aarch64-linux and will also check the other builds on x86_64-linux to ensure nothing else like this slipped in.
There was a problem hiding this comment.
Similar to the patch on mozc.
fetchAttrs = {
preInstall = ''
+ # Remove reference to buildInput
rm -rf $bazelOut/external/fcitx5
+ # Remove reference to the host platform
+ rm -rv "$bazelOut"/external/host_platform
'';
- sha256 = "sha256-rrRp/v1pty7Py80/6I8rVVQvkeY72W+nlixUeYkjp+o=";
+ hash = "sha256-nFPGhZWvzzBOSeIa35XQbK6dHgJJSYum/5X8eAA0uCY=";
};
emilazy
force-pushed
the
push-rxzpqpqmkvmr
branch
from
b88d784 to
46e2c37
Compare
Co-authored-by: Shogo Takata <[email protected]>
Co-authored-by: Shogo Takata <[email protected]>
emilazy
force-pushed
the
push-rxzpqpqmkvmr
branch
from
46e2c37 to
95cfbc3
Compare
|
nixpkgs-ci
bot
added
12.approvals: 1
nixpkgs-ci
bot
added
12.approvals: 2
hzeller
left a comment
hzeller
left a comment
There was a problem hiding this comment.
LGTM for
- bant
- perf_data_converter
- verible
Thanks for working on this!
nixpkgs-ci
bot
added
12.approvals: 3+
| # See https://github.com/google/jax/blob/main/.bazelversion for the latest. | ||
| bazel = bazel_6; | ||
| #bazel = bazel_6; | ||
| bazel = bazel; |
There was a problem hiding this comment.
This causes infinite recursion (and breaks nixpkgs evaluation), right?
There was a problem hiding this comment.
The package is marked as broken and CI eval was happy; did this actually break the branch? Apologies for missing it, though.
7 participants
Bazel 6 will be out of security support by the release of 25.11.
cc @NixOS/bazel – I see there’s an open PR for Bazel 8 but that it doesn’t work with
buildBazelPackageyet, so hopefully this should be an okay incremental step to deal with the EOL version.cc @lukegb for
envoy(#435062)cc @GaetanLepage for
tensorflow-probabilityThings done
passthru.tests.nixpkgs-reviewon this PR. See nixpkgs-review usage../result/bin/.Add a 👍 reaction to pull requests you find important.