diff --git a/third_party/nixpkgs/patches/pr217197-envoy.patch b/third_party/nixpkgs/patches/pr217197-envoy.patch new file mode 100644 index 0000000000..8e69a3bc31 --- /dev/null +++ b/third_party/nixpkgs/patches/pr217197-envoy.patch @@ -0,0 +1,381 @@ +From 22d9547ce3f6bdd3f33eb20b03b59614844a5660 Mon Sep 17 00:00:00 2001 +From: Luke Granger-Brown +Date: Sun, 19 Feb 2023 18:56:55 +0000 +Subject: [PATCH] envoy: 1.23.3 -> 1.25.1 + +--- + ...h => 0001-nixpkgs-use-system-Python.patch} | 26 +++-- + .../envoy/0002-nixpkgs-use-system-Go.patch | 94 +++++++++++++++++++ + pkgs/servers/http/envoy/bump-brotli.patch | 15 --- + pkgs/servers/http/envoy/default.nix | 29 +++--- + .../servers/http/envoy/fix-aarch64-wamr.patch | 38 -------- + pkgs/servers/http/envoy/protobuf.patch | 53 +++++++++++ + 6 files changed, 180 insertions(+), 75 deletions(-) + rename pkgs/servers/http/envoy/{use-system-python.patch => 0001-nixpkgs-use-system-Python.patch} (76%) + create mode 100644 pkgs/servers/http/envoy/0002-nixpkgs-use-system-Go.patch + delete mode 100644 pkgs/servers/http/envoy/bump-brotli.patch + delete mode 100644 pkgs/servers/http/envoy/fix-aarch64-wamr.patch + create mode 100644 pkgs/servers/http/envoy/protobuf.patch + +diff --git a/pkgs/servers/http/envoy/use-system-python.patch b/pkgs/servers/http/envoy/0001-nixpkgs-use-system-Python.patch +similarity index 76% +rename from pkgs/servers/http/envoy/use-system-python.patch +rename to pkgs/servers/http/envoy/0001-nixpkgs-use-system-Python.patch +index a2030cc75fd05..11871275f4ffc 100644 +--- a/pkgs/servers/http/envoy/use-system-python.patch ++++ b/pkgs/servers/http/envoy/0001-nixpkgs-use-system-Python.patch +@@ -1,5 +1,15 @@ ++From 329ad7cb56e66464e5570bbb51dea0fd56c4d9ae Mon Sep 17 00:00:00 2001 ++From: Luke Granger-Brown ++Date: Sun, 19 Feb 2023 17:40:50 +0000 ++Subject: [PATCH 1/2] nixpkgs: use system Python ++ ++--- ++ bazel/python_dependencies.bzl | 4 ---- ++ bazel/repositories_extra.bzl | 13 +------------ ++ 2 files changed, 1 insertion(+), 16 deletions(-) ++ + diff --git a/bazel/python_dependencies.bzl b/bazel/python_dependencies.bzl +-index d9dfb14a9b..b8e92452a7 100644 ++index a5c3283d0a..1c2c31ebf2 100644 + --- a/bazel/python_dependencies.bzl + +++ b/bazel/python_dependencies.bzl + @@ -1,10 +1,8 @@ +@@ -14,7 +24,7 @@ index d9dfb14a9b..b8e92452a7 100644 + extra_pip_args = ["--require-hashes"], + ) + @@ -12,14 +10,12 @@ def envoy_python_dependencies(): +- # These need to use `pip_install` ++ # TODO(phlax): switch to `pip_parse` + pip_install( + # Note: dev requirements do *not* check hashes + - python_interpreter_target = interpreter, +@@ -22,17 +32,17 @@ index d9dfb14a9b..b8e92452a7 100644 + requirements = "@envoy//tools/dev:requirements.txt", + ) + +- pip_install( ++ pip_parse( + name = "fuzzing_pip3", + - python_interpreter_target = interpreter, +- requirements = "@rules_fuzzing//fuzzing:requirements.txt", ++ requirements_lock = "@rules_fuzzing//fuzzing:requirements.txt", + extra_pip_args = ["--require-hashes"], + ) + diff --git a/bazel/repositories_extra.bzl b/bazel/repositories_extra.bzl +-index 885b41dec6..ac5605eb30 100644 ++index 9d1b31c5d6..ac5605eb30 100644 + --- a/bazel/repositories_extra.bzl + +++ b/bazel/repositories_extra.bzl +-@@ -1,22 +1,12 @@ ++@@ -1,23 +1,12 @@ + load("@emsdk//:deps.bzl", emsdk_deps = "deps") + -load("@rules_python//python:repositories.bzl", "python_register_toolchains") + load("@proxy_wasm_cpp_host//bazel/cargo/wasmtime:crates.bzl", "wasmtime_fetch_remote_crates") +@@ -53,6 +63,10 @@ index 885b41dec6..ac5605eb30 100644 + - python_register_toolchains( + - name = "python%s" % ("_".join(python_version.split(".")[:-1])), + - python_version = python_version, ++- ignore_root_user_error = True, + - ) + - + aspect_bazel_lib_dependencies() ++-- ++2.39.1 ++ +diff --git a/pkgs/servers/http/envoy/0002-nixpkgs-use-system-Go.patch b/pkgs/servers/http/envoy/0002-nixpkgs-use-system-Go.patch +new file mode 100644 +index 0000000000000..594d51cce9dc1 +--- /dev/null ++++ b/pkgs/servers/http/envoy/0002-nixpkgs-use-system-Go.patch +@@ -0,0 +1,94 @@ ++From 31d864a3b6a1a3455191e87ff680eb812f77dc3c Mon Sep 17 00:00:00 2001 ++From: Luke Granger-Brown ++Date: Sun, 19 Feb 2023 17:43:03 +0000 ++Subject: [PATCH 2/2] nixpkgs: use system Go ++ ++--- ++ bazel/dependency_imports.bzl | 29 +---------------------------- ++ bazel/repositories.bzl | 3 --- ++ bazel/repository_locations.bzl | 4 ++-- ++ 3 files changed, 3 insertions(+), 33 deletions(-) ++ ++diff --git a/bazel/dependency_imports.bzl b/bazel/dependency_imports.bzl ++index 7dbdb0174e..e73662ed79 100644 ++--- a/bazel/dependency_imports.bzl +++++ b/bazel/dependency_imports.bzl ++@@ -15,7 +15,7 @@ load("@aspect_bazel_lib//lib:repositories.bzl", "register_jq_toolchains", "regis ++ load("@com_google_cel_cpp//bazel:deps.bzl", "parser_deps") ++ ++ # go version for rules_go ++-GO_VERSION = "1.18" +++GO_VERSION = "host" ++ ++ JQ_VERSION = "1.6" ++ YQ_VERSION = "4.24.4" ++@@ -25,7 +25,6 @@ def envoy_dependency_imports(go_version = GO_VERSION, jq_version = JQ_VERSION, y ++ rules_foreign_cc_dependencies(register_default_tools = False, register_built_tools = False) ++ go_rules_dependencies() ++ go_register_toolchains(go_version) ++- envoy_download_go_sdks(go_version) ++ gazelle_dependencies(go_sdk = "go_sdk") ++ apple_rules_dependencies() ++ pip_dependencies() ++@@ -134,29 +133,3 @@ def envoy_dependency_imports(go_version = GO_VERSION, jq_version = JQ_VERSION, y ++ # use_category = ["api"], ++ # source = "https://github.com/bufbuild/protoc-gen-validate/blob/v0.6.1/dependencies.bzl#L23-L28" ++ ) ++- ++-def envoy_download_go_sdks(go_version): ++- go_download_sdk( ++- name = "go_linux_amd64", ++- goos = "linux", ++- goarch = "amd64", ++- version = go_version, ++- ) ++- go_download_sdk( ++- name = "go_linux_arm64", ++- goos = "linux", ++- goarch = "arm64", ++- version = go_version, ++- ) ++- go_download_sdk( ++- name = "go_darwin_amd64", ++- goos = "darwin", ++- goarch = "amd64", ++- version = go_version, ++- ) ++- go_download_sdk( ++- name = "go_darwin_arm64", ++- goos = "darwin", ++- goarch = "arm64", ++- version = go_version, ++- ) ++diff --git a/bazel/repositories.bzl b/bazel/repositories.bzl ++index fca05b6062..a2f60014cb 100644 ++--- a/bazel/repositories.bzl +++++ b/bazel/repositories.bzl ++@@ -115,9 +115,6 @@ def _go_deps(skip_targets): ++ if "io_bazel_rules_go" not in skip_targets: ++ external_http_archive( ++ name = "io_bazel_rules_go", ++- # TODO(wrowe, sunjayBhatia): remove when Windows RBE supports batch file invocation ++- patch_args = ["-p1"], ++- patches = ["@envoy//bazel:rules_go.patch"], ++ ) ++ external_http_archive("bazel_gazelle") ++ ++diff --git a/bazel/repository_locations.bzl b/bazel/repository_locations.bzl ++index e4e89d281a..fb62c4f8f3 100644 ++--- a/bazel/repository_locations.bzl +++++ b/bazel/repository_locations.bzl ++@@ -878,8 +878,8 @@ REPOSITORY_LOCATIONS_SPEC = dict( ++ project_name = "Go rules for Bazel", ++ project_desc = "Bazel rules for the Go language", ++ project_url = "https://github.com/bazelbuild/rules_go", ++- version = "0.36.0", ++- sha256 = "ae013bf35bd23234d1dea46b079f1e05ba74ac0321423830119d3e787ec73483", +++ version = "0.38.1", +++ sha256 = "dd926a88a564a9246713a9c00b35315f54cbd46b31a26d5d8fb264c07045f05d", ++ urls = ["https://github.com/bazelbuild/rules_go/releases/download/v{version}/rules_go-v{version}.zip"], ++ use_category = ["build", "api"], ++ release_date = "2022-11-23", ++-- ++2.39.1 ++ +diff --git a/pkgs/servers/http/envoy/bump-brotli.patch b/pkgs/servers/http/envoy/bump-brotli.patch +deleted file mode 100644 +index 5656b8f260cfa..0000000000000 +--- a/pkgs/servers/http/envoy/bump-brotli.patch ++++ /dev/null +@@ -1,15 +0,0 @@ +-diff --git a/bazel/repository_locations.bzl b/bazel/repository_locations.bzl +-index 454c54b0ef..2ac0623cf0 100644 +---- a/bazel/repository_locations.bzl +-+++ b/bazel/repository_locations.bzl +-@@ -510,8 +510,8 @@ REPOSITORY_LOCATIONS_SPEC = dict( +- project_url = "https://brotli.org", +- # Use the dev branch of brotli to resolve compilation issues. +- # TODO(rojkov): Remove when brotli > 1.0.9 is released. +-- version = "0cd2e3926e95e7e2930f57ae3f4885508d462a25", +-- sha256 = "93810780e60304b51f2c9645fe313a6e4640711063ed0b860cfa60999dd256c5", +-+ version = "27dd7265403d8e8fed99a854b9c3e1db7d79525f", +-+ sha256 = "e71238b12e30233bdf25997132b29ae49639a69f33fdef3ae18a47abfc0d5e4c", +- strip_prefix = "brotli-{version}", +- urls = ["https://github.com/google/brotli/archive/{version}.tar.gz"], +- use_category = ["dataplane_ext"], +diff --git a/pkgs/servers/http/envoy/default.nix b/pkgs/servers/http/envoy/default.nix +index 4a219a9cfb05a..db040f8a2080b 100644 +--- a/pkgs/servers/http/envoy/default.nix ++++ b/pkgs/servers/http/envoy/default.nix +@@ -24,8 +24,8 @@ let + # However, the version string is more useful for end-users. + # These are contained in a attrset of their own to make it obvious that + # people should update both. +- version = "1.23.3"; +- rev = "4801f5881893857fbc53a4061f0b20ef4ca91a5b"; ++ version = "1.25.1"; ++ rev = "bae2e9d642a6a8ae6c5d3810f77f3e888f0d97da"; + }; + in + buildBazelPackage rec { +@@ -36,13 +36,12 @@ buildBazelPackage rec { + owner = "envoyproxy"; + repo = "envoy"; + inherit (srcVer) rev; +- sha256 = "sha256-akAuFk+jESWWvLRCDQ0XDT1Eplutfj5uacAFQp714vM="; ++ sha256 = "sha256-qA3+bta2vXGtAYX3mg+CmSIEitk4576JQB/QLPsj9Vc="; + + postFetch = '' + chmod -R +w $out + rm $out/.bazelversion + echo ${srcVer.rev} > $out/SOURCE_VERSION +- sed -i 's/GO_VERSION = ".*"/GO_VERSION = "host"/g' $out/bazel/dependency_imports.bzl + ''; + }; + +@@ -51,20 +50,15 @@ buildBazelPackage rec { + sed -i '/javabase=/d' .bazelrc + sed -i '/"-Werror"/d' bazel/envoy_internal.bzl + +- # Use system Python. +- sed -i -e '/python_interpreter_target =/d' -e '/@python3_10/d' bazel/python_dependencies.bzl ++ cp ${./protobuf.patch} bazel/protobuf.patch + ''; + + patches = [ +- # fix issues with brotli and GCC 11.2.0+ (-Werror=vla-parameter) +- ./bump-brotli.patch +- +- # fix linux-aarch64 WAMR builds +- # (upstream WAMR only detects aarch64 on Darwin, not Linux) +- ./fix-aarch64-wamr.patch +- + # use system Python, not bazel-fetched binary Python +- ./use-system-python.patch ++ ./0001-nixpkgs-use-system-Python.patch ++ ++ # use system Go, not bazel-fetched binary Go ++ ./0002-nixpkgs-use-system-Go.patch + ]; + + nativeBuildInputs = [ +@@ -81,10 +75,13 @@ buildBazelPackage rec { + linuxHeaders + ]; + ++ # external/com_github_grpc_grpc/src/core/ext/transport/binder/transport/binder_transport.cc:756:29: error: format not a string literal and no format arguments [-Werror=format-security] ++ hardeningDisable = [ "format" ]; ++ + fetchAttrs = { + sha256 = { +- x86_64-linux = "sha256-UXTh5sCN7PJxNbTaG47YnW7aQBBtu101UjfsWU1CtBw="; +- aarch64-linux = "sha256-uynV2/RWBybR2bjErDjcfoacv5vsI4GJ3SL4OF1kFOE="; ++ x86_64-linux = "sha256-H2s8sTbmKF+yRfSzLsZAT2ckFuunFwh/FMSKj+GYyPM="; ++ aarch64-linux = "sha256-R9jzy/dpdCcGgT9yq59Wo/IN/bVo6fxnVPGhLMZ9fbM="; + }.${stdenv.system} or (throw "unsupported system ${stdenv.system}"); + dontUseCmakeConfigure = true; + dontUseGnConfigure = true; +diff --git a/pkgs/servers/http/envoy/fix-aarch64-wamr.patch b/pkgs/servers/http/envoy/fix-aarch64-wamr.patch +deleted file mode 100644 +index 4d8bc6c02adce..0000000000000 +--- a/pkgs/servers/http/envoy/fix-aarch64-wamr.patch ++++ /dev/null +@@ -1,38 +0,0 @@ +-diff --git a/bazel/envoy_build_system.bzl b/bazel/envoy_build_system.bzl +-index f48ebe7056..1e5cc5d663 100644 +---- a/bazel/envoy_build_system.bzl +-+++ b/bazel/envoy_build_system.bzl +-@@ -102,6 +102,7 @@ def envoy_cmake( +- pdb_name = "", +- cmake_files_dir = "$BUILD_TMPDIR/CMakeFiles", +- generate_crosstool_file = False, +-+ generate_args = [], +- **kwargs): +- cache_entries.update({"CMAKE_BUILD_TYPE": "Bazel"}) +- cache_entries_debug = dict(cache_entries) +-@@ -131,7 +132,7 @@ def envoy_cmake( +- "@envoy//bazel:dbg_build": cache_entries_debug, +- "//conditions:default": cache_entries, +- }), +-- generate_args = ["-GNinja"], +-+ generate_args = ["-GNinja"] + generate_args, +- targets = ["", "install"], +- # TODO: Remove install target and make this work +- install = False, +-diff --git a/bazel/foreign_cc/BUILD b/bazel/foreign_cc/BUILD +-index 4d3a281669..b4716dfe2e 100644 +---- a/bazel/foreign_cc/BUILD +-+++ b/bazel/foreign_cc/BUILD +-@@ -394,6 +394,12 @@ envoy_cmake( +- "WAMR_BUILD_LIBC_WASI": "0", +- "WAMR_BUILD_TAIL_CALL": "1", +- }, +-+ generate_args = select({ +-+ "//conditions:default": [], +-+ "@platforms//cpu:aarch64": [ +-+ "-DWAMR_BUILD_TARGET=AARCH64", +-+ ], +-+ }), +- lib_source = "@com_github_wamr//:all", +- out_static_libs = ["libvmlib.a"], +- tags = ["skip_on_windows"], +diff --git a/pkgs/servers/http/envoy/protobuf.patch b/pkgs/servers/http/envoy/protobuf.patch +new file mode 100644 +index 0000000000000..1cc071bd861a1 +--- /dev/null ++++ b/pkgs/servers/http/envoy/protobuf.patch +@@ -0,0 +1,53 @@ ++diff --git a/BUILD.bazel b/BUILD.bazel ++index 0f6e41e3a..c0d2bbccf 100644 ++--- a/BUILD.bazel +++++ b/BUILD.bazel ++@@ -138,7 +138,7 @@ cc_library( ++ visibility = ["//visibility:public"], ++ deps = [":protobuf_lite"] + select({ ++ "//build_defs:config_msvc": [], ++- "//conditions:default": ["@zlib//:zlib"], +++ "//conditions:default": ["//external:zlib"], ++ }), ++ ) ++ ++@@ -755,7 +820,7 @@ cc_test( ++ "@com_google_googletest//:gtest_main", ++ ] + select({ ++ "//build_defs:config_msvc": [], ++- "//conditions:default": ["@zlib//:zlib"], +++ "//conditions:default": ["//external:zlib"], ++ }), ++ ) ++ ++diff --git a/python/google/protobuf/__init__.py b/python/google/protobuf/__init__.py ++index e7555ee10..a93beb1c5 100644 ++--- a/python/google/protobuf/__init__.py +++++ b/python/google/protobuf/__init__.py ++@@ -31,3 +31,10 @@ ++ # Copyright 2007 Google Inc. All Rights Reserved. ++ ++ __version__ = '4.21.12' +++ +++ +++if __name__ != '__main__': +++ try: +++ __import__('pkg_resources').declare_namespace(__name__) +++ except ImportError: +++ __path__ = __import__('pkgutil').extend_path(__path__, __name__) ++diff --git a/src/google/protobuf/generated_message_tctable_lite.cc b/src/google/protobuf/generated_message_tctable_lite.cc ++index 9993811dc..d80006af7 100644 ++--- a/src/google/protobuf/generated_message_tctable_lite.cc +++++ b/src/google/protobuf/generated_message_tctable_lite.cc ++@@ -343,11 +343,6 @@ const char* TcParser::MiniParse(PROTOBUF_TC_PARAM_DECL) { ++ ++ namespace { ++ ++-// Offset returns the address `offset` bytes after `base`. ++-inline void* Offset(void* base, uint32_t offset) { ++- return static_cast(base) + offset; ++-} ++- ++ // InvertPacked changes tag bits from the given wire type to length ++ // delimited. This is the difference expected between packed and non-packed ++ // repeated fields. diff --git a/third_party/nixpkgs/patches/series b/third_party/nixpkgs/patches/series index d9d628e304..3f6ea918b5 100644 --- a/third_party/nixpkgs/patches/series +++ b/third_party/nixpkgs/patches/series @@ -1,3 +1,4 @@ kubo-multiaddr.patch prison-zxing.patch buildrustcrate-aarch64-linux.patch +pr217197-envoy.patch diff --git a/third_party/nixpkgs/pkgs/servers/http/envoy/use-system-python.patch b/third_party/nixpkgs/pkgs/servers/http/envoy/0001-nixpkgs-use-system-Python.patch similarity index 76% rename from third_party/nixpkgs/pkgs/servers/http/envoy/use-system-python.patch rename to third_party/nixpkgs/pkgs/servers/http/envoy/0001-nixpkgs-use-system-Python.patch index a2030cc75f..11871275f4 100644 --- a/third_party/nixpkgs/pkgs/servers/http/envoy/use-system-python.patch +++ b/third_party/nixpkgs/pkgs/servers/http/envoy/0001-nixpkgs-use-system-Python.patch @@ -1,5 +1,15 @@ +From 329ad7cb56e66464e5570bbb51dea0fd56c4d9ae Mon Sep 17 00:00:00 2001 +From: Luke Granger-Brown +Date: Sun, 19 Feb 2023 17:40:50 +0000 +Subject: [PATCH 1/2] nixpkgs: use system Python + +--- + bazel/python_dependencies.bzl | 4 ---- + bazel/repositories_extra.bzl | 13 +------------ + 2 files changed, 1 insertion(+), 16 deletions(-) + diff --git a/bazel/python_dependencies.bzl b/bazel/python_dependencies.bzl -index d9dfb14a9b..b8e92452a7 100644 +index a5c3283d0a..1c2c31ebf2 100644 --- a/bazel/python_dependencies.bzl +++ b/bazel/python_dependencies.bzl @@ -1,10 +1,8 @@ @@ -14,7 +24,7 @@ index d9dfb14a9b..b8e92452a7 100644 extra_pip_args = ["--require-hashes"], ) @@ -12,14 +10,12 @@ def envoy_python_dependencies(): - # These need to use `pip_install` + # TODO(phlax): switch to `pip_parse` pip_install( # Note: dev requirements do *not* check hashes - python_interpreter_target = interpreter, @@ -22,17 +32,17 @@ index d9dfb14a9b..b8e92452a7 100644 requirements = "@envoy//tools/dev:requirements.txt", ) - pip_install( + pip_parse( name = "fuzzing_pip3", - python_interpreter_target = interpreter, - requirements = "@rules_fuzzing//fuzzing:requirements.txt", + requirements_lock = "@rules_fuzzing//fuzzing:requirements.txt", extra_pip_args = ["--require-hashes"], ) diff --git a/bazel/repositories_extra.bzl b/bazel/repositories_extra.bzl -index 885b41dec6..ac5605eb30 100644 +index 9d1b31c5d6..ac5605eb30 100644 --- a/bazel/repositories_extra.bzl +++ b/bazel/repositories_extra.bzl -@@ -1,22 +1,12 @@ +@@ -1,23 +1,12 @@ load("@emsdk//:deps.bzl", emsdk_deps = "deps") -load("@rules_python//python:repositories.bzl", "python_register_toolchains") load("@proxy_wasm_cpp_host//bazel/cargo/wasmtime:crates.bzl", "wasmtime_fetch_remote_crates") @@ -53,6 +63,10 @@ index 885b41dec6..ac5605eb30 100644 - python_register_toolchains( - name = "python%s" % ("_".join(python_version.split(".")[:-1])), - python_version = python_version, +- ignore_root_user_error = True, - ) - aspect_bazel_lib_dependencies() +-- +2.39.1 + diff --git a/third_party/nixpkgs/pkgs/servers/http/envoy/0002-nixpkgs-use-system-Go.patch b/third_party/nixpkgs/pkgs/servers/http/envoy/0002-nixpkgs-use-system-Go.patch new file mode 100644 index 0000000000..594d51cce9 --- /dev/null +++ b/third_party/nixpkgs/pkgs/servers/http/envoy/0002-nixpkgs-use-system-Go.patch @@ -0,0 +1,94 @@ +From 31d864a3b6a1a3455191e87ff680eb812f77dc3c Mon Sep 17 00:00:00 2001 +From: Luke Granger-Brown +Date: Sun, 19 Feb 2023 17:43:03 +0000 +Subject: [PATCH 2/2] nixpkgs: use system Go + +--- + bazel/dependency_imports.bzl | 29 +---------------------------- + bazel/repositories.bzl | 3 --- + bazel/repository_locations.bzl | 4 ++-- + 3 files changed, 3 insertions(+), 33 deletions(-) + +diff --git a/bazel/dependency_imports.bzl b/bazel/dependency_imports.bzl +index 7dbdb0174e..e73662ed79 100644 +--- a/bazel/dependency_imports.bzl ++++ b/bazel/dependency_imports.bzl +@@ -15,7 +15,7 @@ load("@aspect_bazel_lib//lib:repositories.bzl", "register_jq_toolchains", "regis + load("@com_google_cel_cpp//bazel:deps.bzl", "parser_deps") + + # go version for rules_go +-GO_VERSION = "1.18" ++GO_VERSION = "host" + + JQ_VERSION = "1.6" + YQ_VERSION = "4.24.4" +@@ -25,7 +25,6 @@ def envoy_dependency_imports(go_version = GO_VERSION, jq_version = JQ_VERSION, y + rules_foreign_cc_dependencies(register_default_tools = False, register_built_tools = False) + go_rules_dependencies() + go_register_toolchains(go_version) +- envoy_download_go_sdks(go_version) + gazelle_dependencies(go_sdk = "go_sdk") + apple_rules_dependencies() + pip_dependencies() +@@ -134,29 +133,3 @@ def envoy_dependency_imports(go_version = GO_VERSION, jq_version = JQ_VERSION, y + # use_category = ["api"], + # source = "https://github.com/bufbuild/protoc-gen-validate/blob/v0.6.1/dependencies.bzl#L23-L28" + ) +- +-def envoy_download_go_sdks(go_version): +- go_download_sdk( +- name = "go_linux_amd64", +- goos = "linux", +- goarch = "amd64", +- version = go_version, +- ) +- go_download_sdk( +- name = "go_linux_arm64", +- goos = "linux", +- goarch = "arm64", +- version = go_version, +- ) +- go_download_sdk( +- name = "go_darwin_amd64", +- goos = "darwin", +- goarch = "amd64", +- version = go_version, +- ) +- go_download_sdk( +- name = "go_darwin_arm64", +- goos = "darwin", +- goarch = "arm64", +- version = go_version, +- ) +diff --git a/bazel/repositories.bzl b/bazel/repositories.bzl +index fca05b6062..a2f60014cb 100644 +--- a/bazel/repositories.bzl ++++ b/bazel/repositories.bzl +@@ -115,9 +115,6 @@ def _go_deps(skip_targets): + if "io_bazel_rules_go" not in skip_targets: + external_http_archive( + name = "io_bazel_rules_go", +- # TODO(wrowe, sunjayBhatia): remove when Windows RBE supports batch file invocation +- patch_args = ["-p1"], +- patches = ["@envoy//bazel:rules_go.patch"], + ) + external_http_archive("bazel_gazelle") + +diff --git a/bazel/repository_locations.bzl b/bazel/repository_locations.bzl +index e4e89d281a..fb62c4f8f3 100644 +--- a/bazel/repository_locations.bzl ++++ b/bazel/repository_locations.bzl +@@ -878,8 +878,8 @@ REPOSITORY_LOCATIONS_SPEC = dict( + project_name = "Go rules for Bazel", + project_desc = "Bazel rules for the Go language", + project_url = "https://github.com/bazelbuild/rules_go", +- version = "0.36.0", +- sha256 = "ae013bf35bd23234d1dea46b079f1e05ba74ac0321423830119d3e787ec73483", ++ version = "0.38.1", ++ sha256 = "dd926a88a564a9246713a9c00b35315f54cbd46b31a26d5d8fb264c07045f05d", + urls = ["https://github.com/bazelbuild/rules_go/releases/download/v{version}/rules_go-v{version}.zip"], + use_category = ["build", "api"], + release_date = "2022-11-23", +-- +2.39.1 + diff --git a/third_party/nixpkgs/pkgs/servers/http/envoy/bump-brotli.patch b/third_party/nixpkgs/pkgs/servers/http/envoy/bump-brotli.patch deleted file mode 100644 index 5656b8f260..0000000000 --- a/third_party/nixpkgs/pkgs/servers/http/envoy/bump-brotli.patch +++ /dev/null @@ -1,15 +0,0 @@ -diff --git a/bazel/repository_locations.bzl b/bazel/repository_locations.bzl -index 454c54b0ef..2ac0623cf0 100644 ---- a/bazel/repository_locations.bzl -+++ b/bazel/repository_locations.bzl -@@ -510,8 +510,8 @@ REPOSITORY_LOCATIONS_SPEC = dict( - project_url = "https://brotli.org", - # Use the dev branch of brotli to resolve compilation issues. - # TODO(rojkov): Remove when brotli > 1.0.9 is released. -- version = "0cd2e3926e95e7e2930f57ae3f4885508d462a25", -- sha256 = "93810780e60304b51f2c9645fe313a6e4640711063ed0b860cfa60999dd256c5", -+ version = "27dd7265403d8e8fed99a854b9c3e1db7d79525f", -+ sha256 = "e71238b12e30233bdf25997132b29ae49639a69f33fdef3ae18a47abfc0d5e4c", - strip_prefix = "brotli-{version}", - urls = ["https://github.com/google/brotli/archive/{version}.tar.gz"], - use_category = ["dataplane_ext"], diff --git a/third_party/nixpkgs/pkgs/servers/http/envoy/default.nix b/third_party/nixpkgs/pkgs/servers/http/envoy/default.nix index 4a219a9cfb..db040f8a20 100644 --- a/third_party/nixpkgs/pkgs/servers/http/envoy/default.nix +++ b/third_party/nixpkgs/pkgs/servers/http/envoy/default.nix @@ -24,8 +24,8 @@ let # However, the version string is more useful for end-users. # These are contained in a attrset of their own to make it obvious that # people should update both. - version = "1.23.3"; - rev = "4801f5881893857fbc53a4061f0b20ef4ca91a5b"; + version = "1.25.1"; + rev = "bae2e9d642a6a8ae6c5d3810f77f3e888f0d97da"; }; in buildBazelPackage rec { @@ -36,13 +36,12 @@ buildBazelPackage rec { owner = "envoyproxy"; repo = "envoy"; inherit (srcVer) rev; - sha256 = "sha256-akAuFk+jESWWvLRCDQ0XDT1Eplutfj5uacAFQp714vM="; + sha256 = "sha256-qA3+bta2vXGtAYX3mg+CmSIEitk4576JQB/QLPsj9Vc="; postFetch = '' chmod -R +w $out rm $out/.bazelversion echo ${srcVer.rev} > $out/SOURCE_VERSION - sed -i 's/GO_VERSION = ".*"/GO_VERSION = "host"/g' $out/bazel/dependency_imports.bzl ''; }; @@ -51,20 +50,15 @@ buildBazelPackage rec { sed -i '/javabase=/d' .bazelrc sed -i '/"-Werror"/d' bazel/envoy_internal.bzl - # Use system Python. - sed -i -e '/python_interpreter_target =/d' -e '/@python3_10/d' bazel/python_dependencies.bzl + cp ${./protobuf.patch} bazel/protobuf.patch ''; patches = [ - # fix issues with brotli and GCC 11.2.0+ (-Werror=vla-parameter) - ./bump-brotli.patch - - # fix linux-aarch64 WAMR builds - # (upstream WAMR only detects aarch64 on Darwin, not Linux) - ./fix-aarch64-wamr.patch - # use system Python, not bazel-fetched binary Python - ./use-system-python.patch + ./0001-nixpkgs-use-system-Python.patch + + # use system Go, not bazel-fetched binary Go + ./0002-nixpkgs-use-system-Go.patch ]; nativeBuildInputs = [ @@ -81,10 +75,13 @@ buildBazelPackage rec { linuxHeaders ]; + # external/com_github_grpc_grpc/src/core/ext/transport/binder/transport/binder_transport.cc:756:29: error: format not a string literal and no format arguments [-Werror=format-security] + hardeningDisable = [ "format" ]; + fetchAttrs = { sha256 = { - x86_64-linux = "sha256-UXTh5sCN7PJxNbTaG47YnW7aQBBtu101UjfsWU1CtBw="; - aarch64-linux = "sha256-uynV2/RWBybR2bjErDjcfoacv5vsI4GJ3SL4OF1kFOE="; + x86_64-linux = "sha256-H2s8sTbmKF+yRfSzLsZAT2ckFuunFwh/FMSKj+GYyPM="; + aarch64-linux = "sha256-R9jzy/dpdCcGgT9yq59Wo/IN/bVo6fxnVPGhLMZ9fbM="; }.${stdenv.system} or (throw "unsupported system ${stdenv.system}"); dontUseCmakeConfigure = true; dontUseGnConfigure = true; diff --git a/third_party/nixpkgs/pkgs/servers/http/envoy/fix-aarch64-wamr.patch b/third_party/nixpkgs/pkgs/servers/http/envoy/fix-aarch64-wamr.patch deleted file mode 100644 index 4d8bc6c02a..0000000000 --- a/third_party/nixpkgs/pkgs/servers/http/envoy/fix-aarch64-wamr.patch +++ /dev/null @@ -1,38 +0,0 @@ -diff --git a/bazel/envoy_build_system.bzl b/bazel/envoy_build_system.bzl -index f48ebe7056..1e5cc5d663 100644 ---- a/bazel/envoy_build_system.bzl -+++ b/bazel/envoy_build_system.bzl -@@ -102,6 +102,7 @@ def envoy_cmake( - pdb_name = "", - cmake_files_dir = "$BUILD_TMPDIR/CMakeFiles", - generate_crosstool_file = False, -+ generate_args = [], - **kwargs): - cache_entries.update({"CMAKE_BUILD_TYPE": "Bazel"}) - cache_entries_debug = dict(cache_entries) -@@ -131,7 +132,7 @@ def envoy_cmake( - "@envoy//bazel:dbg_build": cache_entries_debug, - "//conditions:default": cache_entries, - }), -- generate_args = ["-GNinja"], -+ generate_args = ["-GNinja"] + generate_args, - targets = ["", "install"], - # TODO: Remove install target and make this work - install = False, -diff --git a/bazel/foreign_cc/BUILD b/bazel/foreign_cc/BUILD -index 4d3a281669..b4716dfe2e 100644 ---- a/bazel/foreign_cc/BUILD -+++ b/bazel/foreign_cc/BUILD -@@ -394,6 +394,12 @@ envoy_cmake( - "WAMR_BUILD_LIBC_WASI": "0", - "WAMR_BUILD_TAIL_CALL": "1", - }, -+ generate_args = select({ -+ "//conditions:default": [], -+ "@platforms//cpu:aarch64": [ -+ "-DWAMR_BUILD_TARGET=AARCH64", -+ ], -+ }), - lib_source = "@com_github_wamr//:all", - out_static_libs = ["libvmlib.a"], - tags = ["skip_on_windows"], diff --git a/third_party/nixpkgs/pkgs/servers/http/envoy/protobuf.patch b/third_party/nixpkgs/pkgs/servers/http/envoy/protobuf.patch new file mode 100644 index 0000000000..1cc071bd86 --- /dev/null +++ b/third_party/nixpkgs/pkgs/servers/http/envoy/protobuf.patch @@ -0,0 +1,53 @@ +diff --git a/BUILD.bazel b/BUILD.bazel +index 0f6e41e3a..c0d2bbccf 100644 +--- a/BUILD.bazel ++++ b/BUILD.bazel +@@ -138,7 +138,7 @@ cc_library( + visibility = ["//visibility:public"], + deps = [":protobuf_lite"] + select({ + "//build_defs:config_msvc": [], +- "//conditions:default": ["@zlib//:zlib"], ++ "//conditions:default": ["//external:zlib"], + }), + ) + +@@ -755,7 +820,7 @@ cc_test( + "@com_google_googletest//:gtest_main", + ] + select({ + "//build_defs:config_msvc": [], +- "//conditions:default": ["@zlib//:zlib"], ++ "//conditions:default": ["//external:zlib"], + }), + ) + +diff --git a/python/google/protobuf/__init__.py b/python/google/protobuf/__init__.py +index e7555ee10..a93beb1c5 100644 +--- a/python/google/protobuf/__init__.py ++++ b/python/google/protobuf/__init__.py +@@ -31,3 +31,10 @@ + # Copyright 2007 Google Inc. All Rights Reserved. + + __version__ = '4.21.12' ++ ++ ++if __name__ != '__main__': ++ try: ++ __import__('pkg_resources').declare_namespace(__name__) ++ except ImportError: ++ __path__ = __import__('pkgutil').extend_path(__path__, __name__) +diff --git a/src/google/protobuf/generated_message_tctable_lite.cc b/src/google/protobuf/generated_message_tctable_lite.cc +index 9993811dc..d80006af7 100644 +--- a/src/google/protobuf/generated_message_tctable_lite.cc ++++ b/src/google/protobuf/generated_message_tctable_lite.cc +@@ -343,11 +343,6 @@ const char* TcParser::MiniParse(PROTOBUF_TC_PARAM_DECL) { + + namespace { + +-// Offset returns the address `offset` bytes after `base`. +-inline void* Offset(void* base, uint32_t offset) { +- return static_cast(base) + offset; +-} +- + // InvertPacked changes tag bits from the given wire type to length + // delimited. This is the difference expected between packed and non-packed + // repeated fields.