Message ID | 87bkb34up8.fsf@gmail.com |
---|---|
State | New |
Headers | show |
Series | [bug#67655] : Update webkitgtk to 2.42.3 | expand |
Am Mittwoch, dem 06.12.2023 um 10:10 +0200 schrieb André A. Gomes: > Hi Guix, > > Tested the build locally by running the minibrowser and it works fine > (x86-64). Thanks. Hi, > - (version "2.40.5") > + (version "2.42.3") Unfortunately, this is a GNOME rebuild, so I'm reluctant to push this directly to master. What's more, we can not even graft it because the GTK4 Typelib changed. Sorry :( Feel free to rebase this on gnome-team, however. Cheers
On Fri, Dec 08, 2023 at 07:08:28PM +0100, Liliana Marie Prikler wrote: > Unfortunately, this is a GNOME rebuild, so I'm reluctant to push this > directly to master. What's more, we can not even graft it because the > GTK4 Typelib changed. Sorry :( WebKitGTK is a security-sensitive package with frequent potential for arbitrary code execution via web content. My advice is to push it to master ASAP. We used to be able to do that, btw.
Am Freitag, dem 08.12.2023 um 13:41 -0500 schrieb Leo Famulari: > On Fri, Dec 08, 2023 at 07:08:28PM +0100, Liliana Marie Prikler > wrote: > > Unfortunately, this is a GNOME rebuild, so I'm reluctant to push > > this directly to master. What's more, we can not even graft it > > because the GTK4 Typelib changed. Sorry :( > > WebKitGTK is a security-sensitive package with frequent potential for > arbitrary code execution via web content. And we normally have the grafting mechanism for just that. The problem with WebkitGTK 2.42 is that paths change, so we can't graft it. > My advice is to push it to master ASAP. We used to be able to do > that, btw. From the manual: > Changes which affect more than 300 dependent packages (*note Invoking > guix refresh::) should first be pushed to a topic branch other than > ‘master’ The webkitgtk-* family collectively accounts for more than 600 rebuilds, three of them being webkit (i.e. you'll wait 10 hours while your machine nearly dies grasping for more RAM). Even with a graft, I'd first verify that it builds on CI. Plus, I don't see how this series accounts for webkitgtk-next, i.e. the GTK4 variant. We have that over at gnome-team already, but a nontrivial amount of work went into getting it into a functional state. I've cherry-picked them onto a wip-webkit branch now. Hopefully we can merge that faster than gnome itself. Cheers
Liliana Marie Prikler <liliana.prikler@gmail.com> writes: > The webkitgtk-* family collectively accounts for more than 600 > rebuilds, three of them being webkit (i.e. you'll wait 10 hours while > your machine nearly dies grasping for more RAM). Even with a graft, > I'd first verify that it builds on CI. > > Plus, I don't see how this series accounts for webkitgtk-next, i.e. the > GTK4 variant. We have that over at gnome-team already, but a > nontrivial amount of work went into getting it into a functional state. > I've cherry-picked them onto a wip-webkit branch now. Hopefully we can > merge that faster than gnome itself. As Leo mentioned, WebKitGTK updates are paramount from a security point of view. But I understand the constraints that Liliana mentions. Is there anything I can do to help? It's hard for me to grasp the full picture that you describe. Thanks.
Am Dienstag, dem 12.12.2023 um 10:15 +0200 schrieb André A. Gomes: > Liliana Marie Prikler <liliana.prikler@gmail.com> writes: > > > The webkitgtk-* family collectively accounts for more than 600 > > rebuilds, three of them being webkit (i.e. you'll wait 10 hours > > while your machine nearly dies grasping for more RAM). Even with a > > graft, I'd first verify that it builds on CI. > > > > Plus, I don't see how this series accounts for webkitgtk-next, i.e. > > the GTK4 variant. We have that over at gnome-team already, but a > > nontrivial amount of work went into getting it into a functional > > state. > > I've cherry-picked them onto a wip-webkit branch now. Hopefully we > > can merge that faster than gnome itself. > > As Leo mentioned, WebKitGTK updates are paramount from a security > point of view. But I understand the constraints that Liliana > mentions. Is there anything I can do to help? It's hard for me to > grasp the full picture that you describe. Thanks. Looking at QA [1] and fixing freshly failing builds as they come along would be a great help. Vivien mentioned in both IRC and XMPP that our old Epiphany fails, so we gotta bump that to a newer version. I don't see any other gnome-critical rebuilds (yet), but am staying tuned for more to come. Cheers [1] https://qa.guix.gnu.org/branch/wip-webkit
From 8db07a63b96ab85312d4560f7faaf6bb6c15fb1c Mon Sep 17 00:00:00 2001 From: "Andre A. Gomes" <andremegafone@gmail.com> Date: Wed, 6 Dec 2023 10:07:45 +0200 Subject: [PATCH] gnu: webkitgtk: Update to 2.42.3. * gnu/packages/webkit.scm (webkitgtk): Update to 2.42.3. --- gnu/packages/webkit.scm | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/gnu/packages/webkit.scm b/gnu/packages/webkit.scm index 0c82435cde..bcd5ea02fd 100644 --- a/gnu/packages/webkit.scm +++ b/gnu/packages/webkit.scm @@ -127,13 +127,13 @@ (define-public wpebackend-fdo (define-public webkitgtk (package (name "webkitgtk") ; webkit2gtk4 - (version "2.40.5") + (version "2.42.3") (source (origin (method url-fetch) (uri (string-append "https://www.webkitgtk.org/releases/" name "-" version ".tar.xz")) (sha256 - (base32 "0zq32rn34v7hzr53s100r77aglbi6wffp9b13bcj31k6cfi53q3x")) + (base32 "1qnq2f6chsfns1psrqbbsqhgyb458zf75nlmzskb6a2n0hq4c6ha")) (patches (search-patches "webkitgtk-adjust-bubblewrap-paths.patch")))) (build-system cmake-build-system) @@ -149,6 +149,7 @@ (define-public webkitgtk #:build-type "Release" #:configure-flags #~(list "-DPORT=GTK" + "-DUSE_GTK4=OFF" ;; GTKDOC will be removed upstream soon in favor of ;; gi-docgen; it is normally disabled because the ;; doc is rather expensive to build. @@ -249,6 +250,7 @@ (define-public webkitgtk libgcrypt libgudev libjpeg-turbo + libjxl libmanette libnotify libpng -- 2.41.0