Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

signald: 0.19.1 -> 0.23.0 #198121

Merged
merged 1 commit into from
Nov 7, 2022
Merged

signald: 0.19.1 -> 0.23.0 #198121

merged 1 commit into from
Nov 7, 2022

Conversation

Ma27
Copy link
Member

@Ma27 Ma27 commented Oct 27, 2022

Description of changes

Note: I guess it'd make sense to backport, but perhaps we should do it in a less invasive way, i.e. without having to migrate all your data. OTOH I'm not sure if it's a good idea to cherry-pick db migrations from later versions as it'd perhaps cause issues on later upgrades, so I'm open for suggestions.

Replaces/Closes #174256

Needed because the CA of a signal server seems to have changed[1] which has caused the following errors to appear while trying to send messages from Matrix (via mautrix-signal and subsequently signald):

⚠ Your message was not bridged:
org.whispersystems.signalservice.api.push.exceptions.PushNetworkException,
javax.net.ssl.SSLHandshakeException,
sun.security.validator.ValidatorException,
sun.security.provider.certpath.SunCertPathBuilderException:
org.whispersystems.signalservice.api.push.exceptions.PushNetworkException:
javax.net.ssl.SSLHandshakeException:
PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException:
unable to find valid certification path to requested target

Migration can be performed by running a command like

$ signald \
    -d /var/lib/signald/data \
    --database sqlite:/var/lib/signald/db \
    -s /run/signald/signald.sock \
    --migrate-data

before starting signald itself.

ChangeLogs:

[1] https://gitlab.com/signald/signald/-/blob/main/releases/0.23.0.md

Things done
  • Built on platform(s)
    • x86_64-linux
    • aarch64-linux
    • x86_64-darwin
    • aarch64-darwin
  • For non-Linux: Is sandbox = true set in nix.conf? (See Nix manual)
  • Tested, as applicable:
  • Tested compilation of all packages that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage
  • Tested basic functionality of all binary files (usually in ./result/bin/)
  • 22.11 Release Notes (or backporting 22.05 Release notes)
    • (Package updates) Added a release notes entry if the change is major or breaking
    • (Module updates) Added a release notes entry if the change is significant
    • (Module addition) Added a release notes entry if adding a new NixOS module
    • (Release notes changes) Ran nixos/doc/manual/md-to-db.sh to update generated release notes
  • Fits CONTRIBUTING.md.

@Ma27
signald: 0.19.1 -> 0.23.0
65778c0 
Replaces/Closes NixOS#174256

Needed because the CA of a signal server seems to have changed[1] which
has caused the following errors to appear while trying to send messages
from Matrix (via `mautrix-signal` and subsequently `signald`):

    ⚠ Your message was not bridged:
    org.whispersystems.signalservice.api.push.exceptions.PushNetworkException,
    javax.net.ssl.SSLHandshakeException,
    sun.security.validator.ValidatorException,
    sun.security.provider.certpath.SunCertPathBuilderException:
    org.whispersystems.signalservice.api.push.exceptions.PushNetworkException:
    javax.net.ssl.SSLHandshakeException:
    PKIX path building failed:
    sun.security.provider.certpath.SunCertPathBuilderException:
    unable to find valid certification path to requested target

Migration can be performed by running a command like

    $ signald \
        -d /var/lib/signald/data \
        --database sqlite:/var/lib/signald/db \
        -s /run/signald/signald.sock \
        --migrate-data

before starting signald itself.

ChangeLogs:

* https://gitlab.com/signald/signald/-/blob/main/releases/0.20.0.md
* https://gitlab.com/signald/signald/-/blob/main/releases/0.21.0.md
* https://gitlab.com/signald/signald/-/blob/main/releases/0.22.0.md
* https://gitlab.com/signald/signald/-/blob/main/releases/0.22.1.md
* https://gitlab.com/signald/signald/-/blob/main/releases/0.22.2.md
* https://gitlab.com/signald/signald/-/blob/main/releases/0.23.0.md

[1] https://gitlab.com/signald/signald/-/blob/main/releases/0.23.0.md
@ofborg ofborg bot requested a review from expipiplus1 October 27, 2022 19:39
@Flakebi
Copy link
Member

Flakebi commented Oct 31, 2022

I get a hash-mismatch:

error: hash mismatch in fixed-output derivation '/nix/store/8vnd53mwx5wqalv7dnw5xn9syiyc9a7r-signald-deps-0.23.0.drv':
         specified: sha256-ANiNDdTuCuDEH5zUPsrVF6Uegdq3zVsMv+uMtYRX0jE=
            got:    sha256-6VpKKj4FrPwj5M/2OWmN/fq/naJmxKGOFNR1fhtX0mo=

With the fixed hash, signald works again for me.

@Ma27
Copy link
Member Author

Ma27 commented Nov 5, 2022

@Flakebi Cannot reproduce and the CI also agrees with the hash I pushed.

A few things that might've caused this: did you cherry-pick the commit onto another branch before building? From which country did you perform the requests? (Perhaps a different CDN is at fault, but I really hope it's not the case although I observed it once).

Can you perhaps share the fixed-output-path of signald-deps so that we can diff for the actual changes that caused the mismatch on your end?

@Flakebi
Copy link
Member

Flakebi commented Nov 5, 2022
edited
Loading

Building the branch of this PR works fine, I got the mismatch when running nixpkgs-review :)

Edit: When I build the PR branch first and then try nixpkgs-review, it works fine, I guess that’s because the hash with the (incorrect) hash is already in my store now.

@Ma27
Copy link
Member Author

Ma27 commented Nov 5, 2022

Building the branch of this PR works fine, I got the mismatch when running nixpkgs-review :)

Ok... which attribute path exactly failed? Can you give me a command, please?

Edit: When I build the PR branch first and then try nixpkgs-review, it works fine, I guess that’s because the hash with the (incorrect) hash is already in my store now.

Yes. You can remove it again with either nix-collect-garbage or nix-store --delete.

Flakebi
Flakebi approved these changes Nov 6, 2022
View reviewed changes
Copy link
Member

@Flakebi Flakebi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

When I tried back then, the command was nixpkgs-review pr 198121.
But I can’t reproduce it anymore when merging this into nixos-unstable, I also get sha256-ANiNDdTuCuDEH5zUPsrVF6Uegdq3zVsMv+uMtYRX0jE= as the correct hash now.

@Ma27 Ma27 merged commit 656fe72 into NixOS:master Nov 7, 2022
@Ma27 Ma27 deleted the bump-signald branch November 7, 2022 22:17
@ajs124
Copy link
Member

ajs124 commented Nov 8, 2022

Maybe the migration steps should be mentioned in the release notes for 22.11

@Ma27
Copy link
Member Author

Ma27 commented Nov 8, 2022

You're right, sorry. Will file a PR later for that, thanks for pointing this out! :)

@Ma27 Ma27 mentioned this pull request Nov 8, 2022
Merged
13 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Flakebi Flakebi Flakebi approved these changes

@expipiplus1 expipiplus1 Awaiting requested review from expipiplus1

Assignees
No one assigned
Labels
10.rebuild-darwin: 0 10.rebuild-linux: 1-10 11.by: package-maintainer
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@Ma27 @Flakebi @ajs124