diff --git a/third_party/nixpkgs/pkgs/servers/http/envoy/0001-nixpkgs-use-system-Python.patch b/third_party/nixpkgs/pkgs/servers/http/envoy/0001-nixpkgs-use-system-Python.patch index fc10f59992..8d7d63445c 100644 --- a/third_party/nixpkgs/pkgs/servers/http/envoy/0001-nixpkgs-use-system-Python.patch +++ b/third_party/nixpkgs/pkgs/servers/http/envoy/0001-nixpkgs-use-system-Python.patch @@ -1,21 +1,22 @@ -From 4a9739da420b9584d5b9582c19cf3f86a6a90609 Mon Sep 17 00:00:00 2001 -From: Luke Granger-Brown -Date: Fri, 12 May 2023 08:12:04 +0100 -Subject: [PATCH 1/3] nixpkgs: use system Python +From 418d38868d63c0009460e1a3ca004987fe26346b Mon Sep 17 00:00:00 2001 +From: Paul Meyer <49727155+katexochen@users.noreply.github.com> +Date: Mon, 22 Apr 2024 11:52:59 +0200 +Subject: [PATCH 1/4] nixpkgs: use system Python +Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com> --- bazel/python_dependencies.bzl | 11 ++++------- - bazel/repositories_extra.bzl | 16 ---------------- - 2 files changed, 4 insertions(+), 23 deletions(-) + bazel/repositories_extra.bzl | 17 +---------------- + 2 files changed, 5 insertions(+), 23 deletions(-) diff --git a/bazel/python_dependencies.bzl b/bazel/python_dependencies.bzl -index ea50bf30ba..b82f374720 100644 +index b747fd0b9a..b82f374720 100644 --- a/bazel/python_dependencies.bzl +++ b/bazel/python_dependencies.bzl @@ -1,27 +1,24 @@ - load("@rules_python//python:pip.bzl", "pip_parse") --load("@python3_11//:defs.bzl", "interpreter") -load("@envoy_toolshed//:packages.bzl", "load_packages") +-load("@python3_11//:defs.bzl", "interpreter") + load("@rules_python//python:pip.bzl", "pip_parse") def envoy_python_dependencies(): - # TODO(phlax): rename base_pip3 -> pip3 and remove this @@ -45,15 +46,16 @@ index ea50bf30ba..b82f374720 100644 extra_pip_args = ["--require-hashes"], ) diff --git a/bazel/repositories_extra.bzl b/bazel/repositories_extra.bzl -index 40d348073f..17b98b1ea1 100644 +index a5bc2d5277..001de36a16 100644 --- a/bazel/repositories_extra.bzl +++ b/bazel/repositories_extra.bzl -@@ -1,29 +1,13 @@ +@@ -2,19 +2,11 @@ load("@aspect_bazel_lib//lib:repositories.bzl", "aspect_bazel_lib_dependencies") + load("@com_github_rules_proto_grpc//:repositories.bzl", "rules_proto_grpc_toolchains") load("@emsdk//:deps.bzl", emsdk_deps = "deps") --load("@rules_python//python:repositories.bzl", "python_register_toolchains") load("@proxy_wasm_cpp_host//bazel/cargo/wasmtime:crates.bzl", "wasmtime_fetch_remote_crates") +-load("@rules_python//python:repositories.bzl", "py_repositories", "python_register_toolchains") ++load("@rules_python//python:repositories.bzl", "py_repositories") load("//bazel/external/cargo:crates.bzl", "raze_fetch_remote_crates") - load("@aspect_bazel_lib//lib:repositories.bzl", "aspect_bazel_lib_dependencies") -def _python_minor_version(python_version): - return "_".join(python_version.split(".")[:-1]) @@ -68,7 +70,9 @@ index 40d348073f..17b98b1ea1 100644 ignore_root_user_error = False): emsdk_deps() raze_fetch_remote_crates() - wasmtime_fetch_remote_crates() +@@ -22,11 +14,4 @@ def envoy_dependencies_extra( + rules_proto_grpc_toolchains() + py_repositories() - # Registers underscored Python minor version - eg `python3_10` - python_register_toolchains( @@ -79,5 +83,5 @@ index 40d348073f..17b98b1ea1 100644 - aspect_bazel_lib_dependencies() -- -2.42.0 +2.44.0 diff --git a/third_party/nixpkgs/pkgs/servers/http/envoy/0002-nixpkgs-use-system-Go.patch b/third_party/nixpkgs/pkgs/servers/http/envoy/0002-nixpkgs-use-system-Go.patch index 494b1e4e72..b58bbdedf5 100644 --- a/third_party/nixpkgs/pkgs/servers/http/envoy/0002-nixpkgs-use-system-Go.patch +++ b/third_party/nixpkgs/pkgs/servers/http/envoy/0002-nixpkgs-use-system-Go.patch @@ -1,69 +1,32 @@ -From 10e577a3c300f76ead5a5512f2fe970f12e46592 Mon Sep 17 00:00:00 2001 -From: Luke Granger-Brown -Date: Fri, 12 May 2023 08:13:21 +0100 -Subject: [PATCH 2/3] nixpkgs: use system Go +From 0ecb8b5bc194fecb10c523d5856dc0b4cb78f6e4 Mon Sep 17 00:00:00 2001 +From: Paul Meyer <49727155+katexochen@users.noreply.github.com> +Date: Mon, 22 Apr 2024 11:58:00 +0200 +Subject: [PATCH 2/4] nixpkgs: use system Go +Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com> --- - bazel/dependency_imports.bzl | 29 +---------------------------- - bazel/repositories.bzl | 3 --- - 2 files changed, 1 insertion(+), 31 deletions(-) + bazel/dependency_imports.bzl | 2 +- + bazel/repositories.bzl | 3 --- + 2 files changed, 1 insertion(+), 4 deletions(-) diff --git a/bazel/dependency_imports.bzl b/bazel/dependency_imports.bzl -index b743a1936d..afa04ef5c0 100644 +index 0e29abb8d0..df19c84755 100644 --- a/bazel/dependency_imports.bzl +++ b/bazel/dependency_imports.bzl -@@ -18,7 +18,7 @@ load("@com_google_cel_cpp//bazel:deps.bzl", "parser_deps") - load("@com_github_chrusty_protoc_gen_jsonschema//:deps.bzl", protoc_gen_jsonschema_go_dependencies = "go_dependencies") +@@ -19,7 +19,7 @@ load("@rules_rust//rust:repositories.bzl", "rules_rust_dependencies", "rust_regi + load("@upb//bazel:workspace_deps.bzl", "upb_deps") # go version for rules_go --GO_VERSION = "1.18" +-GO_VERSION = "1.20" +GO_VERSION = "host" - JQ_VERSION = "1.6" + JQ_VERSION = "1.7" YQ_VERSION = "4.24.4" -@@ -27,7 +27,6 @@ def envoy_dependency_imports(go_version = GO_VERSION, jq_version = JQ_VERSION, y - rules_foreign_cc_dependencies() - go_rules_dependencies() - go_register_toolchains(go_version) -- envoy_download_go_sdks(go_version) - gazelle_dependencies(go_sdk = "go_sdk") - apple_rules_dependencies() - pip_dependencies() -@@ -148,29 +147,3 @@ def envoy_dependency_imports(go_version = GO_VERSION, jq_version = JQ_VERSION, y - ) - - protoc_gen_jsonschema_go_dependencies() -- --def envoy_download_go_sdks(go_version): -- go_download_sdk( -- name = "go_linux_amd64", -- goos = "linux", -- goarch = "amd64", -- version = go_version, -- ) -- go_download_sdk( -- name = "go_linux_arm64", -- goos = "linux", -- goarch = "arm64", -- version = go_version, -- ) -- go_download_sdk( -- name = "go_darwin_amd64", -- goos = "darwin", -- goarch = "amd64", -- version = go_version, -- ) -- go_download_sdk( -- name = "go_darwin_arm64", -- goos = "darwin", -- goarch = "arm64", -- version = go_version, -- ) diff --git a/bazel/repositories.bzl b/bazel/repositories.bzl -index 71667227f7..b10a47d344 100644 +index d91aa712bd..6623972286 100644 --- a/bazel/repositories.bzl +++ b/bazel/repositories.bzl -@@ -215,9 +215,6 @@ def _go_deps(skip_targets): +@@ -246,9 +246,6 @@ def _go_deps(skip_targets): if "io_bazel_rules_go" not in skip_targets: external_http_archive( name = "io_bazel_rules_go", @@ -74,5 +37,5 @@ index 71667227f7..b10a47d344 100644 external_http_archive("bazel_gazelle") -- -2.42.0 +2.44.0 diff --git a/third_party/nixpkgs/pkgs/servers/http/envoy/0003-nixpkgs-use-system-C-C-toolchains.patch b/third_party/nixpkgs/pkgs/servers/http/envoy/0003-nixpkgs-use-system-C-C-toolchains.patch index 5a24e7e4a9..1e5a792f55 100644 --- a/third_party/nixpkgs/pkgs/servers/http/envoy/0003-nixpkgs-use-system-C-C-toolchains.patch +++ b/third_party/nixpkgs/pkgs/servers/http/envoy/0003-nixpkgs-use-system-C-C-toolchains.patch @@ -1,29 +1,30 @@ -From 6175deb13a2df8bd25a56021ba8754e4be445219 Mon Sep 17 00:00:00 2001 -From: Luke Granger-Brown -Date: Fri, 13 Oct 2023 21:42:51 +0000 -Subject: [PATCH 3/3] nixpkgs: use system C/C++ toolchains +From d2fbc618ea040360e08b3c462bcdf0f8f44dd434 Mon Sep 17 00:00:00 2001 +From: Paul Meyer <49727155+katexochen@users.noreply.github.com> +Date: Mon, 22 Apr 2024 11:59:22 +0200 +Subject: [PATCH 3/4] nixpkgs: use system C/C++ toolchains +Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com> --- bazel/dependency_imports.bzl | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/bazel/dependency_imports.bzl b/bazel/dependency_imports.bzl -index afa04ef5c0..a5ffaf4ff3 100644 +index df19c84755..9732a5d646 100644 --- a/bazel/dependency_imports.bzl +++ b/bazel/dependency_imports.bzl -@@ -24,7 +24,11 @@ JQ_VERSION = "1.6" +@@ -25,7 +25,11 @@ JQ_VERSION = "1.7" YQ_VERSION = "4.24.4" def envoy_dependency_imports(go_version = GO_VERSION, jq_version = JQ_VERSION, yq_version = YQ_VERSION): - rules_foreign_cc_dependencies() + rules_foreign_cc_dependencies( + register_default_tools=False, # no prebuilt toolchains -+ register_built_tools=False, # nor from source -+ register_preinstalled_tools=True, # use host tools (default) ++ register_built_tools=False, # nor from source ++ register_preinstalled_tools=True, # use host tools (default) + ) go_rules_dependencies() go_register_toolchains(go_version) - gazelle_dependencies(go_sdk = "go_sdk") + if go_version != "host": -- -2.42.0 +2.44.0 diff --git a/third_party/nixpkgs/pkgs/servers/http/envoy/0004-nixpkgs-add-cstdint-in-dd-trace-cpp.patch b/third_party/nixpkgs/pkgs/servers/http/envoy/0004-nixpkgs-add-cstdint-in-dd-trace-cpp.patch new file mode 100644 index 0000000000..31dfe08f91 --- /dev/null +++ b/third_party/nixpkgs/pkgs/servers/http/envoy/0004-nixpkgs-add-cstdint-in-dd-trace-cpp.patch @@ -0,0 +1,29 @@ +From dd3509a7d646a970480f94a8e09f377e9783504d Mon Sep 17 00:00:00 2001 +From: Malte Poll <1780588+malt3@users.noreply.github.com> +Date: Mon, 22 Apr 2024 16:07:58 +0200 +Subject: [PATCH 4/4] nixpkgs: add cstdint in dd-trace-cpp + +--- + bazel/repositories.bzl | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +diff --git a/bazel/repositories.bzl b/bazel/repositories.bzl +index d91aa712bd..467348e773 100644 +--- a/bazel/repositories.bzl ++++ b/bazel/repositories.bzl +@@ -772,7 +772,11 @@ def _io_opentelemetry_api_cpp(): + ) + + def _com_github_datadog_dd_trace_cpp(): +- external_http_archive("com_github_datadog_dd_trace_cpp") ++ external_http_archive( ++ name = "com_github_datadog_dd_trace_cpp", ++ patch_args = ["-p1"], ++ patches = ["@envoy//bazel:dd_trace_cpp.patch"], ++ ) + native.bind( + name = "dd_trace_cpp", + actual = "@com_github_datadog_dd_trace_cpp//:dd_trace_cpp", +-- +2.42.0 + diff --git a/third_party/nixpkgs/pkgs/servers/http/envoy/dd_trace_cpp.patch b/third_party/nixpkgs/pkgs/servers/http/envoy/dd_trace_cpp.patch new file mode 100644 index 0000000000..d9873c8f1a --- /dev/null +++ b/third_party/nixpkgs/pkgs/servers/http/envoy/dd_trace_cpp.patch @@ -0,0 +1,25 @@ +From 4851a6a722b228ecbfd9df255dab3d8f30bd84b9 Mon Sep 17 00:00:00 2001 +From: Malte Poll <1780588+malt3@users.noreply.github.com> +Date: Mon, 22 Apr 2024 15:36:33 +0200 +Subject: [PATCH] nixpkgs: add cstdint to fix compilation under GCC 13 + +https://gcc.gnu.org/gcc-13/porting_to.html#header-dep-changes +--- + src/datadog/parse_util.h | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/src/datadog/parse_util.h b/src/datadog/parse_util.h +index c603286..c8e4e83 100644 +--- a/src/datadog/parse_util.h ++++ b/src/datadog/parse_util.h +@@ -2,6 +2,7 @@ + + // This component provides parsing-related miscellanea. + ++#include + #include + #include + #include +-- +2.42.0 + diff --git a/third_party/nixpkgs/pkgs/servers/http/envoy/default.nix b/third_party/nixpkgs/pkgs/servers/http/envoy/default.nix index 50067d7dd6..6125463f1b 100644 --- a/third_party/nixpkgs/pkgs/servers/http/envoy/default.nix +++ b/third_party/nixpkgs/pkgs/servers/http/envoy/default.nix @@ -25,15 +25,15 @@ let # However, the version string is more useful for end-users. # These are contained in a attrset of their own to make it obvious that # people should update both. - version = "1.27.3"; - rev = "0fd81ee7ffcd7cfc864094b24dc9b5c3ade89ff2"; - hash = "sha256-WNyyUw3517oKqMd1sJMk9CiLa/V7UrhwlRS+AWNNOOo="; + version = "1.30.1"; + rev = "816188b86a0a52095b116b107f576324082c7c02"; + hash = "sha256-G0rT+OfMk2nitTXcxMr04jwUMYTfb4VBEV1zftalgFU="; }; # these need to be updated for any changes to fetchAttrs depsHash = { - x86_64-linux = "sha256-wTGHfeFkCuijPdX//lT5GPspaxZsxzBHJffH1tpVM2w="; - aarch64-linux = "sha256-9/Wem+Gk/7bFeMNFC4J3mdTm3mrNmyMxiu5oadQcovU="; + x86_64-linux = "sha256-Pj176fQts/H+BlzsVkx+OlUF+4+GHutnNZ5f+eagMmk="; + aarch64-linux = "sha256-5El0WOYTLiBKhYxRXKJFv1m2M8jZlN1cYrJDnRX2wYs="; }.${stdenv.system} or (throw "unsupported system ${stdenv.system}"); in buildBazelPackage { @@ -57,7 +57,7 @@ buildBazelPackage { sed -i '/javabase=/d' .bazelrc sed -i '/"-Werror"/d' bazel/envoy_internal.bzl - cp ${./protobuf.patch} bazel/protobuf.patch + cp ${./dd_trace_cpp.patch} bazel/dd_trace_cpp.patch ''; patches = [ @@ -70,11 +70,10 @@ buildBazelPackage { # use system C/C++ tools ./0003-nixpkgs-use-system-C-C-toolchains.patch - # bump proxy-wasm-cpp-host until > 1.27.3/1.28.0 - (fetchpatch { - url = "https://github.com/envoyproxy/envoy/pull/31451.patch"; - hash = "sha256-n8k7bho3B8Gm0dJbgf43kU7ymvo15aGJ2Twi2xR450g="; - }) + # apply patch to dd-trace-cpp + # remove once a version of dd-trace-cpp is released and adopted by envoy + # that contains https://github.com/DataDog/dd-trace-cpp/commit/3a8e1e9a3cf4e87ef053e954a39dc7a967ac6965 + ./0004-nixpkgs-add-cstdint-in-dd-trace-cpp.patch ]; nativeBuildInputs = [ @@ -91,9 +90,6 @@ buildBazelPackage { linuxHeaders ]; - # external/com_github_grpc_grpc/src/core/ext/transport/binder/transport/binder_transport.cc:756:29: error: format not a string literal and no format arguments [-Werror=format-security] - hardeningDisable = [ "format" ]; - fetchAttrs = { sha256 = depsHash; dontUseCmakeConfigure = true; @@ -172,6 +168,14 @@ buildBazelPackage { "--java_runtime_version=local_jdk" "--tool_java_runtime_version=local_jdk" + # undefined reference to 'grpc_core::*Metadata*::*Memento* + # + # During linking of the final binary, we see undefined references to grpc_core related symbols. + # The missing symbols would be instantiations of a template class from https://github.com/grpc/grpc/blob/v1.59.4/src/core/lib/transport/metadata_batch.h + # "ParseMemento" and "MementoToValue" are only implemented for some types + # and appear unused and unimplemented for the undefined cases reported by the linker. + "--linkopt=-Wl,--unresolved-symbols=ignore-in-object-files" + "--define=wasm=${wasmRuntime}" ] ++ (lib.optionals stdenv.isAarch64 [ # external/com_github_google_tcmalloc/tcmalloc/internal/percpu_tcmalloc.h:611:9: error: expected ':' or '::' before '[' token @@ -179,8 +183,13 @@ buildBazelPackage { # | ^ "--define=tcmalloc=disabled" ]); + bazelFetchFlags = [ "--define=wasm=${wasmRuntime}" + + # https://github.com/bazelbuild/rules_go/issues/3844 + "--repo_env=GOPROXY=https://proxy.golang.org,direct" + "--repo_env=GOSUMDB=sum.golang.org" ]; passthru.tests = { @@ -197,6 +206,5 @@ buildBazelPackage { license = licenses.asl20; maintainers = with maintainers; [ lukegb ]; platforms = [ "x86_64-linux" "aarch64-linux" ]; - knownVulnerabilities = [ "CVE-2024-30255" ]; }; } diff --git a/third_party/nixpkgs/pkgs/servers/http/envoy/protobuf.patch b/third_party/nixpkgs/pkgs/servers/http/envoy/protobuf.patch deleted file mode 100644 index dc70263503..0000000000 --- a/third_party/nixpkgs/pkgs/servers/http/envoy/protobuf.patch +++ /dev/null @@ -1,116 +0,0 @@ -diff --git a/BUILD.bazel b/BUILD.bazel -index 637882c49..2cb08f1b0 100644 ---- a/BUILD.bazel -+++ b/BUILD.bazel -@@ -165,6 +165,8 @@ alias( - visibility = ["//visibility:public"], - ) - -+# Envoy: Patch -+ - cc_binary( - name = "protoc", - copts = COPTS, -@@ -173,6 +175,14 @@ cc_binary( - deps = ["//src/google/protobuf/compiler:protoc_lib"], - ) - -+alias( -+ name = "protobuf_python_genproto", -+ actual = "//python:well_known_types_py_pb2_genproto", -+ visibility = ["//visibility:public"], -+) -+ -+# /Envoy: Patch -+ - cc_binary( - name = "protoc_static", - copts = COPTS, -diff --git a/python/google/protobuf/__init__.py b/python/google/protobuf/__init__.py -index 88de4cf8a..b3e046997 100755 ---- a/python/google/protobuf/__init__.py -+++ b/python/google/protobuf/__init__.py -@@ -31,3 +31,10 @@ - # Copyright 2007 Google Inc. All Rights Reserved. - - __version__ = '4.23.1' -+ -+ -+if __name__ != '__main__': -+ try: -+ __import__('pkg_resources').declare_namespace(__name__) -+ except ImportError: -+ __path__ = __import__('pkgutil').extend_path(__path__, __name__) -diff --git a/src/google/protobuf/compiler/BUILD.bazel b/src/google/protobuf/compiler/BUILD.bazel -index a2171c806..8aec6187f 100644 ---- a/src/google/protobuf/compiler/BUILD.bazel -+++ b/src/google/protobuf/compiler/BUILD.bazel -@@ -306,7 +306,7 @@ cc_library( - srcs = ["retention.cc"], - hdrs = ["retention.h"], - include_prefix = "google/protobuf/compiler", -- visibility = ["//src/google/protobuf:__subpackages__"], -+ visibility = ["//visibility:public"], - deps = [ - "//src/google/protobuf:protobuf_nowkt", - "@com_google_absl//absl/types:span", -diff --git a/src/google/protobuf/io/BUILD.bazel b/src/google/protobuf/io/BUILD.bazel -index 8f39625c2..2c2c73dcd 100644 ---- a/src/google/protobuf/io/BUILD.bazel -+++ b/src/google/protobuf/io/BUILD.bazel -@@ -142,7 +142,7 @@ cc_library( - "@com_google_absl//absl/log:absl_log", - ] + select({ - "//build_defs:config_msvc": [], -- "//conditions:default": ["@zlib//:zlib"], -+ "//conditions:default": ["//external:zlib"], - }), - ) - -diff --git a/src/google/protobuf/map.h b/src/google/protobuf/map.h -index 869ebf100..fec92e2b1 100644 ---- a/src/google/protobuf/map.h -+++ b/src/google/protobuf/map.h -@@ -883,7 +883,7 @@ class KeyMapBase : public UntypedMapBase { - TreeConvert(b); - } - ABSL_DCHECK(TableEntryIsTree(b)) -- << (void*)table_[b] << " " << (uintptr_t)table_[b]; -+ << reinterpret_cast(table_[b]) << " " << static_cast(table_[b]); - InsertUniqueInTree(b, node); - index_of_first_non_null_ = (std::min)(index_of_first_non_null_, b); - } -diff --git a/src/google/protobuf/map_field.h b/src/google/protobuf/map_field.h -index 70b12b1e7..b8f46db45 100644 ---- a/src/google/protobuf/map_field.h -+++ b/src/google/protobuf/map_field.h -@@ -345,7 +345,7 @@ class PROTOBUF_EXPORT MapFieldBase : public MapFieldBaseForParse { - - protected: - // "protected" stops users from deleting a `MapFieldBase *` -- ~MapFieldBase(); -+ virtual ~MapFieldBase(); - - public: - // Returns reference to internal repeated field. Data written using -diff --git a/src/google/protobuf/port_def.inc b/src/google/protobuf/port_def.inc -index 1c6a24945..6186c2ad1 100644 ---- a/src/google/protobuf/port_def.inc -+++ b/src/google/protobuf/port_def.inc -@@ -1004,7 +1004,7 @@ static_assert(PROTOBUF_ABSL_MIN(20230125, 3), - #pragma clang diagnostic ignored "-Wshorten-64-to-32" - // Turn on -Wdeprecated-enum-enum-conversion. This deprecation comes in C++20 - // via http://wg21.link/p1120r0. --#pragma clang diagnostic error "-Wdeprecated-enum-enum-conversion" -+// #pragma clang diagnostic error "-Wdeprecated-enum-enum-conversion" - // This error has been generally flaky, but we need to disable it specifically - // to fix https://github.com/protocolbuffers/protobuf/issues/12313 - #pragma clang diagnostic ignored "-Wunused-parameter" -@@ -1062,6 +1062,7 @@ static_assert(PROTOBUF_ABSL_MIN(20230125, 3), - #pragma warning(disable: 4125) - #endif - -+#pragma GCC diagnostic ignored "-Wundef" - #if PROTOBUF_ENABLE_DEBUG_LOGGING_MAY_LEAK_PII - #define PROTOBUF_DEBUG true - #else