diff --git a/third_party/nixpkgs/patches/pr217197-envoy.patch b/third_party/nixpkgs/patches/pr217197-envoy.patch deleted file mode 100644 index 8e69a3bc31..0000000000 --- a/third_party/nixpkgs/patches/pr217197-envoy.patch +++ /dev/null @@ -1,381 +0,0 @@ -From 22d9547ce3f6bdd3f33eb20b03b59614844a5660 Mon Sep 17 00:00:00 2001 -From: Luke Granger-Brown -Date: Sun, 19 Feb 2023 18:56:55 +0000 -Subject: [PATCH] envoy: 1.23.3 -> 1.25.1 - ---- - ...h => 0001-nixpkgs-use-system-Python.patch} | 26 +++-- - .../envoy/0002-nixpkgs-use-system-Go.patch | 94 +++++++++++++++++++ - pkgs/servers/http/envoy/bump-brotli.patch | 15 --- - pkgs/servers/http/envoy/default.nix | 29 +++--- - .../servers/http/envoy/fix-aarch64-wamr.patch | 38 -------- - pkgs/servers/http/envoy/protobuf.patch | 53 +++++++++++ - 6 files changed, 180 insertions(+), 75 deletions(-) - rename pkgs/servers/http/envoy/{use-system-python.patch => 0001-nixpkgs-use-system-Python.patch} (76%) - create mode 100644 pkgs/servers/http/envoy/0002-nixpkgs-use-system-Go.patch - delete mode 100644 pkgs/servers/http/envoy/bump-brotli.patch - delete mode 100644 pkgs/servers/http/envoy/fix-aarch64-wamr.patch - create mode 100644 pkgs/servers/http/envoy/protobuf.patch - -diff --git a/pkgs/servers/http/envoy/use-system-python.patch b/pkgs/servers/http/envoy/0001-nixpkgs-use-system-Python.patch -similarity index 76% -rename from pkgs/servers/http/envoy/use-system-python.patch -rename to pkgs/servers/http/envoy/0001-nixpkgs-use-system-Python.patch -index a2030cc75fd05..11871275f4ffc 100644 ---- a/pkgs/servers/http/envoy/use-system-python.patch -+++ b/pkgs/servers/http/envoy/0001-nixpkgs-use-system-Python.patch -@@ -1,5 +1,15 @@ -+From 329ad7cb56e66464e5570bbb51dea0fd56c4d9ae Mon Sep 17 00:00:00 2001 -+From: Luke Granger-Brown -+Date: Sun, 19 Feb 2023 17:40:50 +0000 -+Subject: [PATCH 1/2] nixpkgs: use system Python -+ -+--- -+ bazel/python_dependencies.bzl | 4 ---- -+ bazel/repositories_extra.bzl | 13 +------------ -+ 2 files changed, 1 insertion(+), 16 deletions(-) -+ - diff --git a/bazel/python_dependencies.bzl b/bazel/python_dependencies.bzl --index d9dfb14a9b..b8e92452a7 100644 -+index a5c3283d0a..1c2c31ebf2 100644 - --- a/bazel/python_dependencies.bzl - +++ b/bazel/python_dependencies.bzl - @@ -1,10 +1,8 @@ -@@ -14,7 +24,7 @@ index d9dfb14a9b..b8e92452a7 100644 - extra_pip_args = ["--require-hashes"], - ) - @@ -12,14 +10,12 @@ def envoy_python_dependencies(): -- # These need to use `pip_install` -+ # TODO(phlax): switch to `pip_parse` - pip_install( - # Note: dev requirements do *not* check hashes - - python_interpreter_target = interpreter, -@@ -22,17 +32,17 @@ index d9dfb14a9b..b8e92452a7 100644 - requirements = "@envoy//tools/dev:requirements.txt", - ) - -- pip_install( -+ pip_parse( - name = "fuzzing_pip3", - - python_interpreter_target = interpreter, -- requirements = "@rules_fuzzing//fuzzing:requirements.txt", -+ requirements_lock = "@rules_fuzzing//fuzzing:requirements.txt", - extra_pip_args = ["--require-hashes"], - ) - diff --git a/bazel/repositories_extra.bzl b/bazel/repositories_extra.bzl --index 885b41dec6..ac5605eb30 100644 -+index 9d1b31c5d6..ac5605eb30 100644 - --- a/bazel/repositories_extra.bzl - +++ b/bazel/repositories_extra.bzl --@@ -1,22 +1,12 @@ -+@@ -1,23 +1,12 @@ - load("@emsdk//:deps.bzl", emsdk_deps = "deps") - -load("@rules_python//python:repositories.bzl", "python_register_toolchains") - load("@proxy_wasm_cpp_host//bazel/cargo/wasmtime:crates.bzl", "wasmtime_fetch_remote_crates") -@@ -53,6 +63,10 @@ index 885b41dec6..ac5605eb30 100644 - - python_register_toolchains( - - name = "python%s" % ("_".join(python_version.split(".")[:-1])), - - python_version = python_version, -+- ignore_root_user_error = True, - - ) - - - aspect_bazel_lib_dependencies() -+-- -+2.39.1 -+ -diff --git a/pkgs/servers/http/envoy/0002-nixpkgs-use-system-Go.patch b/pkgs/servers/http/envoy/0002-nixpkgs-use-system-Go.patch -new file mode 100644 -index 0000000000000..594d51cce9dc1 ---- /dev/null -+++ b/pkgs/servers/http/envoy/0002-nixpkgs-use-system-Go.patch -@@ -0,0 +1,94 @@ -+From 31d864a3b6a1a3455191e87ff680eb812f77dc3c Mon Sep 17 00:00:00 2001 -+From: Luke Granger-Brown -+Date: Sun, 19 Feb 2023 17:43:03 +0000 -+Subject: [PATCH 2/2] nixpkgs: use system Go -+ -+--- -+ bazel/dependency_imports.bzl | 29 +---------------------------- -+ bazel/repositories.bzl | 3 --- -+ bazel/repository_locations.bzl | 4 ++-- -+ 3 files changed, 3 insertions(+), 33 deletions(-) -+ -+diff --git a/bazel/dependency_imports.bzl b/bazel/dependency_imports.bzl -+index 7dbdb0174e..e73662ed79 100644 -+--- a/bazel/dependency_imports.bzl -++++ b/bazel/dependency_imports.bzl -+@@ -15,7 +15,7 @@ load("@aspect_bazel_lib//lib:repositories.bzl", "register_jq_toolchains", "regis -+ load("@com_google_cel_cpp//bazel:deps.bzl", "parser_deps") -+ -+ # go version for rules_go -+-GO_VERSION = "1.18" -++GO_VERSION = "host" -+ -+ JQ_VERSION = "1.6" -+ YQ_VERSION = "4.24.4" -+@@ -25,7 +25,6 @@ def envoy_dependency_imports(go_version = GO_VERSION, jq_version = JQ_VERSION, y -+ rules_foreign_cc_dependencies(register_default_tools = False, register_built_tools = False) -+ go_rules_dependencies() -+ go_register_toolchains(go_version) -+- envoy_download_go_sdks(go_version) -+ gazelle_dependencies(go_sdk = "go_sdk") -+ apple_rules_dependencies() -+ pip_dependencies() -+@@ -134,29 +133,3 @@ def envoy_dependency_imports(go_version = GO_VERSION, jq_version = JQ_VERSION, y -+ # use_category = ["api"], -+ # source = "https://github.com/bufbuild/protoc-gen-validate/blob/v0.6.1/dependencies.bzl#L23-L28" -+ ) -+- -+-def envoy_download_go_sdks(go_version): -+- go_download_sdk( -+- name = "go_linux_amd64", -+- goos = "linux", -+- goarch = "amd64", -+- version = go_version, -+- ) -+- go_download_sdk( -+- name = "go_linux_arm64", -+- goos = "linux", -+- goarch = "arm64", -+- version = go_version, -+- ) -+- go_download_sdk( -+- name = "go_darwin_amd64", -+- goos = "darwin", -+- goarch = "amd64", -+- version = go_version, -+- ) -+- go_download_sdk( -+- name = "go_darwin_arm64", -+- goos = "darwin", -+- goarch = "arm64", -+- version = go_version, -+- ) -+diff --git a/bazel/repositories.bzl b/bazel/repositories.bzl -+index fca05b6062..a2f60014cb 100644 -+--- a/bazel/repositories.bzl -++++ b/bazel/repositories.bzl -+@@ -115,9 +115,6 @@ def _go_deps(skip_targets): -+ if "io_bazel_rules_go" not in skip_targets: -+ external_http_archive( -+ name = "io_bazel_rules_go", -+- # TODO(wrowe, sunjayBhatia): remove when Windows RBE supports batch file invocation -+- patch_args = ["-p1"], -+- patches = ["@envoy//bazel:rules_go.patch"], -+ ) -+ external_http_archive("bazel_gazelle") -+ -+diff --git a/bazel/repository_locations.bzl b/bazel/repository_locations.bzl -+index e4e89d281a..fb62c4f8f3 100644 -+--- a/bazel/repository_locations.bzl -++++ b/bazel/repository_locations.bzl -+@@ -878,8 +878,8 @@ REPOSITORY_LOCATIONS_SPEC = dict( -+ project_name = "Go rules for Bazel", -+ project_desc = "Bazel rules for the Go language", -+ project_url = "https://github.com/bazelbuild/rules_go", -+- version = "0.36.0", -+- sha256 = "ae013bf35bd23234d1dea46b079f1e05ba74ac0321423830119d3e787ec73483", -++ version = "0.38.1", -++ sha256 = "dd926a88a564a9246713a9c00b35315f54cbd46b31a26d5d8fb264c07045f05d", -+ urls = ["https://github.com/bazelbuild/rules_go/releases/download/v{version}/rules_go-v{version}.zip"], -+ use_category = ["build", "api"], -+ release_date = "2022-11-23", -+-- -+2.39.1 -+ -diff --git a/pkgs/servers/http/envoy/bump-brotli.patch b/pkgs/servers/http/envoy/bump-brotli.patch -deleted file mode 100644 -index 5656b8f260cfa..0000000000000 ---- a/pkgs/servers/http/envoy/bump-brotli.patch -+++ /dev/null -@@ -1,15 +0,0 @@ --diff --git a/bazel/repository_locations.bzl b/bazel/repository_locations.bzl --index 454c54b0ef..2ac0623cf0 100644 ----- a/bazel/repository_locations.bzl --+++ b/bazel/repository_locations.bzl --@@ -510,8 +510,8 @@ REPOSITORY_LOCATIONS_SPEC = dict( -- project_url = "https://brotli.org", -- # Use the dev branch of brotli to resolve compilation issues. -- # TODO(rojkov): Remove when brotli > 1.0.9 is released. --- version = "0cd2e3926e95e7e2930f57ae3f4885508d462a25", --- sha256 = "93810780e60304b51f2c9645fe313a6e4640711063ed0b860cfa60999dd256c5", --+ version = "27dd7265403d8e8fed99a854b9c3e1db7d79525f", --+ sha256 = "e71238b12e30233bdf25997132b29ae49639a69f33fdef3ae18a47abfc0d5e4c", -- strip_prefix = "brotli-{version}", -- urls = ["https://github.com/google/brotli/archive/{version}.tar.gz"], -- use_category = ["dataplane_ext"], -diff --git a/pkgs/servers/http/envoy/default.nix b/pkgs/servers/http/envoy/default.nix -index 4a219a9cfb05a..db040f8a2080b 100644 ---- a/pkgs/servers/http/envoy/default.nix -+++ b/pkgs/servers/http/envoy/default.nix -@@ -24,8 +24,8 @@ let - # However, the version string is more useful for end-users. - # These are contained in a attrset of their own to make it obvious that - # people should update both. -- version = "1.23.3"; -- rev = "4801f5881893857fbc53a4061f0b20ef4ca91a5b"; -+ version = "1.25.1"; -+ rev = "bae2e9d642a6a8ae6c5d3810f77f3e888f0d97da"; - }; - in - buildBazelPackage rec { -@@ -36,13 +36,12 @@ buildBazelPackage rec { - owner = "envoyproxy"; - repo = "envoy"; - inherit (srcVer) rev; -- sha256 = "sha256-akAuFk+jESWWvLRCDQ0XDT1Eplutfj5uacAFQp714vM="; -+ sha256 = "sha256-qA3+bta2vXGtAYX3mg+CmSIEitk4576JQB/QLPsj9Vc="; - - postFetch = '' - chmod -R +w $out - rm $out/.bazelversion - echo ${srcVer.rev} > $out/SOURCE_VERSION -- sed -i 's/GO_VERSION = ".*"/GO_VERSION = "host"/g' $out/bazel/dependency_imports.bzl - ''; - }; - -@@ -51,20 +50,15 @@ buildBazelPackage rec { - sed -i '/javabase=/d' .bazelrc - sed -i '/"-Werror"/d' bazel/envoy_internal.bzl - -- # Use system Python. -- sed -i -e '/python_interpreter_target =/d' -e '/@python3_10/d' bazel/python_dependencies.bzl -+ cp ${./protobuf.patch} bazel/protobuf.patch - ''; - - patches = [ -- # fix issues with brotli and GCC 11.2.0+ (-Werror=vla-parameter) -- ./bump-brotli.patch -- -- # fix linux-aarch64 WAMR builds -- # (upstream WAMR only detects aarch64 on Darwin, not Linux) -- ./fix-aarch64-wamr.patch -- - # use system Python, not bazel-fetched binary Python -- ./use-system-python.patch -+ ./0001-nixpkgs-use-system-Python.patch -+ -+ # use system Go, not bazel-fetched binary Go -+ ./0002-nixpkgs-use-system-Go.patch - ]; - - nativeBuildInputs = [ -@@ -81,10 +75,13 @@ buildBazelPackage rec { - linuxHeaders - ]; - -+ # external/com_github_grpc_grpc/src/core/ext/transport/binder/transport/binder_transport.cc:756:29: error: format not a string literal and no format arguments [-Werror=format-security] -+ hardeningDisable = [ "format" ]; -+ - fetchAttrs = { - sha256 = { -- x86_64-linux = "sha256-UXTh5sCN7PJxNbTaG47YnW7aQBBtu101UjfsWU1CtBw="; -- aarch64-linux = "sha256-uynV2/RWBybR2bjErDjcfoacv5vsI4GJ3SL4OF1kFOE="; -+ x86_64-linux = "sha256-H2s8sTbmKF+yRfSzLsZAT2ckFuunFwh/FMSKj+GYyPM="; -+ aarch64-linux = "sha256-R9jzy/dpdCcGgT9yq59Wo/IN/bVo6fxnVPGhLMZ9fbM="; - }.${stdenv.system} or (throw "unsupported system ${stdenv.system}"); - dontUseCmakeConfigure = true; - dontUseGnConfigure = true; -diff --git a/pkgs/servers/http/envoy/fix-aarch64-wamr.patch b/pkgs/servers/http/envoy/fix-aarch64-wamr.patch -deleted file mode 100644 -index 4d8bc6c02adce..0000000000000 ---- a/pkgs/servers/http/envoy/fix-aarch64-wamr.patch -+++ /dev/null -@@ -1,38 +0,0 @@ --diff --git a/bazel/envoy_build_system.bzl b/bazel/envoy_build_system.bzl --index f48ebe7056..1e5cc5d663 100644 ----- a/bazel/envoy_build_system.bzl --+++ b/bazel/envoy_build_system.bzl --@@ -102,6 +102,7 @@ def envoy_cmake( -- pdb_name = "", -- cmake_files_dir = "$BUILD_TMPDIR/CMakeFiles", -- generate_crosstool_file = False, --+ generate_args = [], -- **kwargs): -- cache_entries.update({"CMAKE_BUILD_TYPE": "Bazel"}) -- cache_entries_debug = dict(cache_entries) --@@ -131,7 +132,7 @@ def envoy_cmake( -- "@envoy//bazel:dbg_build": cache_entries_debug, -- "//conditions:default": cache_entries, -- }), --- generate_args = ["-GNinja"], --+ generate_args = ["-GNinja"] + generate_args, -- targets = ["", "install"], -- # TODO: Remove install target and make this work -- install = False, --diff --git a/bazel/foreign_cc/BUILD b/bazel/foreign_cc/BUILD --index 4d3a281669..b4716dfe2e 100644 ----- a/bazel/foreign_cc/BUILD --+++ b/bazel/foreign_cc/BUILD --@@ -394,6 +394,12 @@ envoy_cmake( -- "WAMR_BUILD_LIBC_WASI": "0", -- "WAMR_BUILD_TAIL_CALL": "1", -- }, --+ generate_args = select({ --+ "//conditions:default": [], --+ "@platforms//cpu:aarch64": [ --+ "-DWAMR_BUILD_TARGET=AARCH64", --+ ], --+ }), -- lib_source = "@com_github_wamr//:all", -- out_static_libs = ["libvmlib.a"], -- tags = ["skip_on_windows"], -diff --git a/pkgs/servers/http/envoy/protobuf.patch b/pkgs/servers/http/envoy/protobuf.patch -new file mode 100644 -index 0000000000000..1cc071bd861a1 ---- /dev/null -+++ b/pkgs/servers/http/envoy/protobuf.patch -@@ -0,0 +1,53 @@ -+diff --git a/BUILD.bazel b/BUILD.bazel -+index 0f6e41e3a..c0d2bbccf 100644 -+--- a/BUILD.bazel -++++ b/BUILD.bazel -+@@ -138,7 +138,7 @@ cc_library( -+ visibility = ["//visibility:public"], -+ deps = [":protobuf_lite"] + select({ -+ "//build_defs:config_msvc": [], -+- "//conditions:default": ["@zlib//:zlib"], -++ "//conditions:default": ["//external:zlib"], -+ }), -+ ) -+ -+@@ -755,7 +820,7 @@ cc_test( -+ "@com_google_googletest//:gtest_main", -+ ] + select({ -+ "//build_defs:config_msvc": [], -+- "//conditions:default": ["@zlib//:zlib"], -++ "//conditions:default": ["//external:zlib"], -+ }), -+ ) -+ -+diff --git a/python/google/protobuf/__init__.py b/python/google/protobuf/__init__.py -+index e7555ee10..a93beb1c5 100644 -+--- a/python/google/protobuf/__init__.py -++++ b/python/google/protobuf/__init__.py -+@@ -31,3 +31,10 @@ -+ # Copyright 2007 Google Inc. All Rights Reserved. -+ -+ __version__ = '4.21.12' -++ -++ -++if __name__ != '__main__': -++ try: -++ __import__('pkg_resources').declare_namespace(__name__) -++ except ImportError: -++ __path__ = __import__('pkgutil').extend_path(__path__, __name__) -+diff --git a/src/google/protobuf/generated_message_tctable_lite.cc b/src/google/protobuf/generated_message_tctable_lite.cc -+index 9993811dc..d80006af7 100644 -+--- a/src/google/protobuf/generated_message_tctable_lite.cc -++++ b/src/google/protobuf/generated_message_tctable_lite.cc -+@@ -343,11 +343,6 @@ const char* TcParser::MiniParse(PROTOBUF_TC_PARAM_DECL) { -+ -+ namespace { -+ -+-// Offset returns the address `offset` bytes after `base`. -+-inline void* Offset(void* base, uint32_t offset) { -+- return static_cast(base) + offset; -+-} -+- -+ // InvertPacked changes tag bits from the given wire type to length -+ // delimited. This is the difference expected between packed and non-packed -+ // repeated fields. diff --git a/third_party/nixpkgs/patches/series b/third_party/nixpkgs/patches/series index 3f6ea918b5..d9d628e304 100644 --- a/third_party/nixpkgs/patches/series +++ b/third_party/nixpkgs/patches/series @@ -1,4 +1,3 @@ kubo-multiaddr.patch prison-zxing.patch buildrustcrate-aarch64-linux.patch -pr217197-envoy.patch