diff --git a/pkgs/servers/http/envoy/use-system-python.patch b/pkgs/servers/http/envoy/0001-nixpkgs-use-system-Python.patch similarity index 76% rename from pkgs/servers/http/envoy/use-system-python.patch rename to pkgs/servers/http/envoy/0001-nixpkgs-use-system-Python.patch index a2030cc75fd0..11871275f4ff 100644 --- a/pkgs/servers/http/envoy/use-system-python.patch +++ b/pkgs/servers/http/envoy/0001-nixpkgs-use-system-Python.patch @@ -1,5 +1,15 @@ +From 329ad7cb56e66464e5570bbb51dea0fd56c4d9ae Mon Sep 17 00:00:00 2001 +From: Luke Granger-Brown +Date: Sun, 19 Feb 2023 17:40:50 +0000 +Subject: [PATCH 1/2] nixpkgs: use system Python + +--- + bazel/python_dependencies.bzl | 4 ---- + bazel/repositories_extra.bzl | 13 +------------ + 2 files changed, 1 insertion(+), 16 deletions(-) + diff --git a/bazel/python_dependencies.bzl b/bazel/python_dependencies.bzl -index d9dfb14a9b..b8e92452a7 100644 +index a5c3283d0a..1c2c31ebf2 100644 --- a/bazel/python_dependencies.bzl +++ b/bazel/python_dependencies.bzl @@ -1,10 +1,8 @@ @@ -14,7 +24,7 @@ index d9dfb14a9b..b8e92452a7 100644 extra_pip_args = ["--require-hashes"], ) @@ -12,14 +10,12 @@ def envoy_python_dependencies(): - # These need to use `pip_install` + # TODO(phlax): switch to `pip_parse` pip_install( # Note: dev requirements do *not* check hashes - python_interpreter_target = interpreter, @@ -22,17 +32,17 @@ index d9dfb14a9b..b8e92452a7 100644 requirements = "@envoy//tools/dev:requirements.txt", ) - pip_install( + pip_parse( name = "fuzzing_pip3", - python_interpreter_target = interpreter, - requirements = "@rules_fuzzing//fuzzing:requirements.txt", + requirements_lock = "@rules_fuzzing//fuzzing:requirements.txt", extra_pip_args = ["--require-hashes"], ) diff --git a/bazel/repositories_extra.bzl b/bazel/repositories_extra.bzl -index 885b41dec6..ac5605eb30 100644 +index 9d1b31c5d6..ac5605eb30 100644 --- a/bazel/repositories_extra.bzl +++ b/bazel/repositories_extra.bzl -@@ -1,22 +1,12 @@ +@@ -1,23 +1,12 @@ load("@emsdk//:deps.bzl", emsdk_deps = "deps") -load("@rules_python//python:repositories.bzl", "python_register_toolchains") load("@proxy_wasm_cpp_host//bazel/cargo/wasmtime:crates.bzl", "wasmtime_fetch_remote_crates") @@ -53,6 +63,10 @@ index 885b41dec6..ac5605eb30 100644 - python_register_toolchains( - name = "python%s" % ("_".join(python_version.split(".")[:-1])), - python_version = python_version, +- ignore_root_user_error = True, - ) - aspect_bazel_lib_dependencies() +-- +2.39.1 + diff --git a/pkgs/servers/http/envoy/0002-nixpkgs-use-system-Go.patch b/pkgs/servers/http/envoy/0002-nixpkgs-use-system-Go.patch new file mode 100644 index 000000000000..594d51cce9dc --- /dev/null +++ b/pkgs/servers/http/envoy/0002-nixpkgs-use-system-Go.patch @@ -0,0 +1,94 @@ +From 31d864a3b6a1a3455191e87ff680eb812f77dc3c Mon Sep 17 00:00:00 2001 +From: Luke Granger-Brown +Date: Sun, 19 Feb 2023 17:43:03 +0000 +Subject: [PATCH 2/2] nixpkgs: use system Go + +--- + bazel/dependency_imports.bzl | 29 +---------------------------- + bazel/repositories.bzl | 3 --- + bazel/repository_locations.bzl | 4 ++-- + 3 files changed, 3 insertions(+), 33 deletions(-) + +diff --git a/bazel/dependency_imports.bzl b/bazel/dependency_imports.bzl +index 7dbdb0174e..e73662ed79 100644 +--- a/bazel/dependency_imports.bzl ++++ b/bazel/dependency_imports.bzl +@@ -15,7 +15,7 @@ load("@aspect_bazel_lib//lib:repositories.bzl", "register_jq_toolchains", "regis + load("@com_google_cel_cpp//bazel:deps.bzl", "parser_deps") + + # go version for rules_go +-GO_VERSION = "1.18" ++GO_VERSION = "host" + + JQ_VERSION = "1.6" + YQ_VERSION = "4.24.4" +@@ -25,7 +25,6 @@ def envoy_dependency_imports(go_version = GO_VERSION, jq_version = JQ_VERSION, y + rules_foreign_cc_dependencies(register_default_tools = False, register_built_tools = False) + go_rules_dependencies() + go_register_toolchains(go_version) +- envoy_download_go_sdks(go_version) + gazelle_dependencies(go_sdk = "go_sdk") + apple_rules_dependencies() + pip_dependencies() +@@ -134,29 +133,3 @@ def envoy_dependency_imports(go_version = GO_VERSION, jq_version = JQ_VERSION, y + # use_category = ["api"], + # source = "https://github.com/bufbuild/protoc-gen-validate/blob/v0.6.1/dependencies.bzl#L23-L28" + ) +- +-def envoy_download_go_sdks(go_version): +- go_download_sdk( +- name = "go_linux_amd64", +- goos = "linux", +- goarch = "amd64", +- version = go_version, +- ) +- go_download_sdk( +- name = "go_linux_arm64", +- goos = "linux", +- goarch = "arm64", +- version = go_version, +- ) +- go_download_sdk( +- name = "go_darwin_amd64", +- goos = "darwin", +- goarch = "amd64", +- version = go_version, +- ) +- go_download_sdk( +- name = "go_darwin_arm64", +- goos = "darwin", +- goarch = "arm64", +- version = go_version, +- ) +diff --git a/bazel/repositories.bzl b/bazel/repositories.bzl +index fca05b6062..a2f60014cb 100644 +--- a/bazel/repositories.bzl ++++ b/bazel/repositories.bzl +@@ -115,9 +115,6 @@ def _go_deps(skip_targets): + if "io_bazel_rules_go" not in skip_targets: + external_http_archive( + name = "io_bazel_rules_go", +- # TODO(wrowe, sunjayBhatia): remove when Windows RBE supports batch file invocation +- patch_args = ["-p1"], +- patches = ["@envoy//bazel:rules_go.patch"], + ) + external_http_archive("bazel_gazelle") + +diff --git a/bazel/repository_locations.bzl b/bazel/repository_locations.bzl +index e4e89d281a..fb62c4f8f3 100644 +--- a/bazel/repository_locations.bzl ++++ b/bazel/repository_locations.bzl +@@ -878,8 +878,8 @@ REPOSITORY_LOCATIONS_SPEC = dict( + project_name = "Go rules for Bazel", + project_desc = "Bazel rules for the Go language", + project_url = "https://github.com/bazelbuild/rules_go", +- version = "0.36.0", +- sha256 = "ae013bf35bd23234d1dea46b079f1e05ba74ac0321423830119d3e787ec73483", ++ version = "0.38.1", ++ sha256 = "dd926a88a564a9246713a9c00b35315f54cbd46b31a26d5d8fb264c07045f05d", + urls = ["https://github.com/bazelbuild/rules_go/releases/download/v{version}/rules_go-v{version}.zip"], + use_category = ["build", "api"], + release_date = "2022-11-23", +-- +2.39.1 + diff --git a/pkgs/servers/http/envoy/bump-brotli.patch b/pkgs/servers/http/envoy/bump-brotli.patch deleted file mode 100644 index 5656b8f260cf..000000000000 --- a/pkgs/servers/http/envoy/bump-brotli.patch +++ /dev/null @@ -1,15 +0,0 @@ -diff --git a/bazel/repository_locations.bzl b/bazel/repository_locations.bzl -index 454c54b0ef..2ac0623cf0 100644 ---- a/bazel/repository_locations.bzl -+++ b/bazel/repository_locations.bzl -@@ -510,8 +510,8 @@ REPOSITORY_LOCATIONS_SPEC = dict( - project_url = "https://brotli.org", - # Use the dev branch of brotli to resolve compilation issues. - # TODO(rojkov): Remove when brotli > 1.0.9 is released. -- version = "0cd2e3926e95e7e2930f57ae3f4885508d462a25", -- sha256 = "93810780e60304b51f2c9645fe313a6e4640711063ed0b860cfa60999dd256c5", -+ version = "27dd7265403d8e8fed99a854b9c3e1db7d79525f", -+ sha256 = "e71238b12e30233bdf25997132b29ae49639a69f33fdef3ae18a47abfc0d5e4c", - strip_prefix = "brotli-{version}", - urls = ["https://github.com/google/brotli/archive/{version}.tar.gz"], - use_category = ["dataplane_ext"], diff --git a/pkgs/servers/http/envoy/default.nix b/pkgs/servers/http/envoy/default.nix index 4a219a9cfb05..db040f8a2080 100644 --- a/pkgs/servers/http/envoy/default.nix +++ b/pkgs/servers/http/envoy/default.nix @@ -24,8 +24,8 @@ let # However, the version string is more useful for end-users. # These are contained in a attrset of their own to make it obvious that # people should update both. - version = "1.23.3"; - rev = "4801f5881893857fbc53a4061f0b20ef4ca91a5b"; + version = "1.25.1"; + rev = "bae2e9d642a6a8ae6c5d3810f77f3e888f0d97da"; }; in buildBazelPackage rec { @@ -36,13 +36,12 @@ buildBazelPackage rec { owner = "envoyproxy"; repo = "envoy"; inherit (srcVer) rev; - sha256 = "sha256-akAuFk+jESWWvLRCDQ0XDT1Eplutfj5uacAFQp714vM="; + sha256 = "sha256-qA3+bta2vXGtAYX3mg+CmSIEitk4576JQB/QLPsj9Vc="; postFetch = '' chmod -R +w $out rm $out/.bazelversion echo ${srcVer.rev} > $out/SOURCE_VERSION - sed -i 's/GO_VERSION = ".*"/GO_VERSION = "host"/g' $out/bazel/dependency_imports.bzl ''; }; @@ -51,20 +50,15 @@ buildBazelPackage rec { sed -i '/javabase=/d' .bazelrc sed -i '/"-Werror"/d' bazel/envoy_internal.bzl - # Use system Python. - sed -i -e '/python_interpreter_target =/d' -e '/@python3_10/d' bazel/python_dependencies.bzl + cp ${./protobuf.patch} bazel/protobuf.patch ''; patches = [ - # fix issues with brotli and GCC 11.2.0+ (-Werror=vla-parameter) - ./bump-brotli.patch - - # fix linux-aarch64 WAMR builds - # (upstream WAMR only detects aarch64 on Darwin, not Linux) - ./fix-aarch64-wamr.patch - # use system Python, not bazel-fetched binary Python - ./use-system-python.patch + ./0001-nixpkgs-use-system-Python.patch + + # use system Go, not bazel-fetched binary Go + ./0002-nixpkgs-use-system-Go.patch ]; nativeBuildInputs = [ @@ -81,10 +75,13 @@ buildBazelPackage rec { linuxHeaders ]; + # external/com_github_grpc_grpc/src/core/ext/transport/binder/transport/binder_transport.cc:756:29: error: format not a string literal and no format arguments [-Werror=format-security] + hardeningDisable = [ "format" ]; + fetchAttrs = { sha256 = { - x86_64-linux = "sha256-UXTh5sCN7PJxNbTaG47YnW7aQBBtu101UjfsWU1CtBw="; - aarch64-linux = "sha256-uynV2/RWBybR2bjErDjcfoacv5vsI4GJ3SL4OF1kFOE="; + x86_64-linux = "sha256-H2s8sTbmKF+yRfSzLsZAT2ckFuunFwh/FMSKj+GYyPM="; + aarch64-linux = "sha256-R9jzy/dpdCcGgT9yq59Wo/IN/bVo6fxnVPGhLMZ9fbM="; }.${stdenv.system} or (throw "unsupported system ${stdenv.system}"); dontUseCmakeConfigure = true; dontUseGnConfigure = true; diff --git a/pkgs/servers/http/envoy/fix-aarch64-wamr.patch b/pkgs/servers/http/envoy/fix-aarch64-wamr.patch deleted file mode 100644 index 4d8bc6c02adc..000000000000 --- a/pkgs/servers/http/envoy/fix-aarch64-wamr.patch +++ /dev/null @@ -1,38 +0,0 @@ -diff --git a/bazel/envoy_build_system.bzl b/bazel/envoy_build_system.bzl -index f48ebe7056..1e5cc5d663 100644 ---- a/bazel/envoy_build_system.bzl -+++ b/bazel/envoy_build_system.bzl -@@ -102,6 +102,7 @@ def envoy_cmake( - pdb_name = "", - cmake_files_dir = "$BUILD_TMPDIR/CMakeFiles", - generate_crosstool_file = False, -+ generate_args = [], - **kwargs): - cache_entries.update({"CMAKE_BUILD_TYPE": "Bazel"}) - cache_entries_debug = dict(cache_entries) -@@ -131,7 +132,7 @@ def envoy_cmake( - "@envoy//bazel:dbg_build": cache_entries_debug, - "//conditions:default": cache_entries, - }), -- generate_args = ["-GNinja"], -+ generate_args = ["-GNinja"] + generate_args, - targets = ["", "install"], - # TODO: Remove install target and make this work - install = False, -diff --git a/bazel/foreign_cc/BUILD b/bazel/foreign_cc/BUILD -index 4d3a281669..b4716dfe2e 100644 ---- a/bazel/foreign_cc/BUILD -+++ b/bazel/foreign_cc/BUILD -@@ -394,6 +394,12 @@ envoy_cmake( - "WAMR_BUILD_LIBC_WASI": "0", - "WAMR_BUILD_TAIL_CALL": "1", - }, -+ generate_args = select({ -+ "//conditions:default": [], -+ "@platforms//cpu:aarch64": [ -+ "-DWAMR_BUILD_TARGET=AARCH64", -+ ], -+ }), - lib_source = "@com_github_wamr//:all", - out_static_libs = ["libvmlib.a"], - tags = ["skip_on_windows"], diff --git a/pkgs/servers/http/envoy/protobuf.patch b/pkgs/servers/http/envoy/protobuf.patch new file mode 100644 index 000000000000..1cc071bd861a --- /dev/null +++ b/pkgs/servers/http/envoy/protobuf.patch @@ -0,0 +1,53 @@ +diff --git a/BUILD.bazel b/BUILD.bazel +index 0f6e41e3a..c0d2bbccf 100644 +--- a/BUILD.bazel ++++ b/BUILD.bazel +@@ -138,7 +138,7 @@ cc_library( + visibility = ["//visibility:public"], + deps = [":protobuf_lite"] + select({ + "//build_defs:config_msvc": [], +- "//conditions:default": ["@zlib//:zlib"], ++ "//conditions:default": ["//external:zlib"], + }), + ) + +@@ -755,7 +820,7 @@ cc_test( + "@com_google_googletest//:gtest_main", + ] + select({ + "//build_defs:config_msvc": [], +- "//conditions:default": ["@zlib//:zlib"], ++ "//conditions:default": ["//external:zlib"], + }), + ) + +diff --git a/python/google/protobuf/__init__.py b/python/google/protobuf/__init__.py +index e7555ee10..a93beb1c5 100644 +--- a/python/google/protobuf/__init__.py ++++ b/python/google/protobuf/__init__.py +@@ -31,3 +31,10 @@ + # Copyright 2007 Google Inc. All Rights Reserved. + + __version__ = '4.21.12' ++ ++ ++if __name__ != '__main__': ++ try: ++ __import__('pkg_resources').declare_namespace(__name__) ++ except ImportError: ++ __path__ = __import__('pkgutil').extend_path(__path__, __name__) +diff --git a/src/google/protobuf/generated_message_tctable_lite.cc b/src/google/protobuf/generated_message_tctable_lite.cc +index 9993811dc..d80006af7 100644 +--- a/src/google/protobuf/generated_message_tctable_lite.cc ++++ b/src/google/protobuf/generated_message_tctable_lite.cc +@@ -343,11 +343,6 @@ const char* TcParser::MiniParse(PROTOBUF_TC_PARAM_DECL) { + + namespace { + +-// Offset returns the address `offset` bytes after `base`. +-inline void* Offset(void* base, uint32_t offset) { +- return static_cast(base) + offset; +-} +- + // InvertPacked changes tag bits from the given wire type to length + // delimited. This is the difference expected between packed and non-packed + // repeated fields.