From 5eb227c31fab2ab3828d1453671ff373fb7f8796 Mon Sep 17 00:00:00 2001 From: networkException Date: Wed, 14 Feb 2024 00:14:47 +0100 Subject: [PATCH 1/4] chromium: cache chromium tarball hashes in update script this patch introduces an in memory cache for the result of hashing a chromium release tarball after recompressing and pruning it. previously updating chromium and ungoogled-chromium to the same chromium version would result in the expensive recompression happening twice. --- .../networking/browsers/chromium/update.py | 21 ++++++++++++++----- 1 file changed, 16 insertions(+), 5 deletions(-) diff --git a/pkgs/applications/networking/browsers/chromium/update.py b/pkgs/applications/networking/browsers/chromium/update.py index c231febabd60..dc1e31e81eaf 100755 --- a/pkgs/applications/networking/browsers/chromium/update.py +++ b/pkgs/applications/networking/browsers/chromium/update.py @@ -201,6 +201,8 @@ def print_updates(channels_old, channels_new): channels = {} last_channels = load_as_json(PIN_PATH) +src_hash_cache = {} + print(f'GET {RELEASES_URL}', file=sys.stderr) with urlopen(RELEASES_URL) as resp: @@ -240,13 +242,22 @@ with urlopen(RELEASES_URL) as resp: google_chrome_suffix = channel_name try: - channel['hash'] = prefetch_src_sri_hash( - channel_name_to_attr_name(channel_name), - release["version"] - ) + version = release["version"] + + if version in src_hash_cache: + print(f'Already got hash {src_hash_cache[version]} for {version}, skipping FOD prefetch for {channel_name_to_attr_name(channel_name)}') + + channel["hash"] = src_hash_cache[version] + else: + channel["hash"] = prefetch_src_sri_hash( + channel_name_to_attr_name(channel_name), + version + ) + src_hash_cache[version] = channel["hash"] + channel['hash_deb_amd64'] = nix_prefetch_url( f'{DEB_URL}/google-chrome-{google_chrome_suffix}/' + - f'google-chrome-{google_chrome_suffix}_{release["version"]}-1_amd64.deb') + f'google-chrome-{google_chrome_suffix}_{version}-1_amd64.deb') except subprocess.CalledProcessError: # This release isn't actually available yet. Continue to # the next one. From 9e33ff71831da6106fa01de7c617d495fdfd60c8 Mon Sep 17 00:00:00 2001 From: networkException Date: Wed, 14 Feb 2024 02:31:26 +0100 Subject: [PATCH 2/4] chromium: use hashes in upstream-info.nix for tarballs in update script this patch teaches the update script to use the hash for a recompressed chromium source tarball from the upstream-info.nix file instead of recompressing a new tarball for an already hashed version. --- pkgs/applications/networking/browsers/chromium/update.py | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/pkgs/applications/networking/browsers/chromium/update.py b/pkgs/applications/networking/browsers/chromium/update.py index dc1e31e81eaf..c1d893e0cff9 100755 --- a/pkgs/applications/networking/browsers/chromium/update.py +++ b/pkgs/applications/networking/browsers/chromium/update.py @@ -243,11 +243,16 @@ with urlopen(RELEASES_URL) as resp: try: version = release["version"] + existing_releases = dict(map(lambda channel: (channel[1]['version'], channel[1]['hash']), last_channels.items())) if version in src_hash_cache: print(f'Already got hash {src_hash_cache[version]} for {version}, skipping FOD prefetch for {channel_name_to_attr_name(channel_name)}') channel["hash"] = src_hash_cache[version] + elif version in existing_releases: + print(f'Already got hash {existing_releases[version]} for {version} (from upstream-info.nix), skipping FOD prefetch for {channel_name_to_attr_name(channel_name)}') + + channel["hash"] = existing_releases[version] else: channel["hash"] = prefetch_src_sri_hash( channel_name_to_attr_name(channel_name), From 9bb6dc139dae38fb7043eb2c9308aa2de23ac2d7 Mon Sep 17 00:00:00 2001 From: networkException Date: Wed, 14 Feb 2024 02:33:42 +0100 Subject: [PATCH 3/4] chromium: 121.0.6167.160 -> 121.0.6167.184 https://chromereleases.googleblog.com/2024/02/stable-channel-update-for-desktop_13.html This update includes 1 security fix. --- .../networking/browsers/chromium/upstream-info.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/applications/networking/browsers/chromium/upstream-info.nix b/pkgs/applications/networking/browsers/chromium/upstream-info.nix index 00a9e8af67e3..0e819abb4adb 100644 --- a/pkgs/applications/networking/browsers/chromium/upstream-info.nix +++ b/pkgs/applications/networking/browsers/chromium/upstream-info.nix @@ -15,9 +15,9 @@ version = "2023-11-28"; }; }; - hash = "sha256-mncN1Np/70r0oMnJ4oV7PU6Ivi5AiRar5O2G8bNdwY8="; - hash_deb_amd64 = "sha256-t/5Mx3P3LaH/6GjwMFP+lVoz7xq7jqAKYxLqlWBnwIE="; - version = "121.0.6167.160"; + hash = "sha256-mLXBaW4KBieOiz2gRXfgA/KPdmUnNlpUIOqdj7CywcY="; + hash_deb_amd64 = "sha256-UDgO1sJ7bggFTe7C36CnHYXjG9rM+ZqFCOzNyIDpQ0Y="; + version = "121.0.6167.184"; }; ungoogled-chromium = { deps = { From 246a3db24d7266a97af0ff6bdce64f7cf722cba6 Mon Sep 17 00:00:00 2001 From: networkException Date: Wed, 14 Feb 2024 02:34:03 +0100 Subject: [PATCH 4/4] ungoogled-chromium: 121.0.6167.160-1 -> 121.0.6167.184-1 https://chromereleases.googleblog.com/2024/02/stable-channel-update-for-desktop_13.html This update includes 1 security fix. --- .../networking/browsers/chromium/upstream-info.nix | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/pkgs/applications/networking/browsers/chromium/upstream-info.nix b/pkgs/applications/networking/browsers/chromium/upstream-info.nix index 0e819abb4adb..6711701fe3f9 100644 --- a/pkgs/applications/networking/browsers/chromium/upstream-info.nix +++ b/pkgs/applications/networking/browsers/chromium/upstream-info.nix @@ -28,12 +28,12 @@ version = "2023-11-28"; }; ungoogled-patches = { - hash = "sha256-qwMQoJEJxNjDEdqzSMBTozv8+wl+SbBmzIm/VbiGxKw="; - rev = "121.0.6167.160-1"; + hash = "sha256-nJDLCVynuGFRIjLBV0NmC0zHeEDHjzFM16FKAv2QyNY="; + rev = "121.0.6167.184-1"; }; }; - hash = "sha256-mncN1Np/70r0oMnJ4oV7PU6Ivi5AiRar5O2G8bNdwY8="; - hash_deb_amd64 = "sha256-t/5Mx3P3LaH/6GjwMFP+lVoz7xq7jqAKYxLqlWBnwIE="; - version = "121.0.6167.160"; + hash = "sha256-mLXBaW4KBieOiz2gRXfgA/KPdmUnNlpUIOqdj7CywcY="; + hash_deb_amd64 = "sha256-UDgO1sJ7bggFTe7C36CnHYXjG9rM+ZqFCOzNyIDpQ0Y="; + version = "121.0.6167.184"; }; }