diff options
| author | Simon Bruder <simon@sbruder.de> | 2021-11-14 10:07:09 +0100 |
|---|---|---|
| committer | Simon Bruder <simon@sbruder.de> | 2021-11-14 10:07:09 +0100 |
| commit | 970d249d39ccac356c705e6e4db6318ffe93dd42 (patch) | |
| tree | 02d81e62862ad77678f0fba6c5ae78dff96a1610 | |
| parent | 95382df163ab7418e0941f7f1422a36cdda13791 (diff) | |
invidious: unstable-2021-11-08 -> unstable-2021-11-13
This update disables QUIC by default which fixes Invidious not loading anything except for the home page due to YouTube no longer accepting HTTP/3 (Upstream Issue: https://github.com/iv-org/invidious/issues/2577). It therefore uses Crystal’s internal HTTP client, which failed because the statically linked boringssl (required by lsquic) overrides OpenSSL’s CA certificate file location. This is fixed by applying the same patch to boringssl that is applied to openssl for using the correct CA certificate file.
| -rw-r--r-- | pkgs/servers/invidious/default.nix | 6 | ||||
| -rw-r--r-- | pkgs/servers/invidious/lsquic.nix | 5 | ||||
| -rw-r--r-- | pkgs/servers/invidious/use-etc-ssl-certs.patch | 13 |
3 files changed, 21 insertions, 3 deletions
diff --git a/pkgs/servers/invidious/default.nix b/pkgs/servers/invidious/default.nix index 7e939f51bc952..a50c128b03f57 100644 --- a/pkgs/servers/invidious/default.nix +++ b/pkgs/servers/invidious/default.nix @@ -8,17 +8,17 @@ let # * shards.nix (by running `crystal2nix` in invidious’ source tree) # * If the lsquic.cr dependency changed: lsquic in lsquic.nix (version, sha256) # * If the lsquic version changed: boringssl' in lsquic.nix (version, sha256) - rev = "21879da80d2dfa97e789a13b90e82e466c4854e3"; + rev = "00904ae3f2ab6a3cf5f96012d36c5672c3aa17b4"; in crystal.buildCrystalPackage rec { pname = "invidious"; - version = "unstable-2021-11-08"; + version = "unstable-2021-11-13"; src = fetchFromGitHub { owner = "iv-org"; repo = pname; inherit rev; - sha256 = "0jvnwjdh2l0hxfvzim00r3zbs528bb93y1nk0bjrbbrcfv5cn5ss"; + sha256 = "sha256-DET4jvB5epkpl5/HTORNTWDL4Ck4IsqhdTApJE8t6Tg="; }; postPatch = diff --git a/pkgs/servers/invidious/lsquic.nix b/pkgs/servers/invidious/lsquic.nix index 35b93e4249f26..fbef8805bb536 100644 --- a/pkgs/servers/invidious/lsquic.nix +++ b/pkgs/servers/invidious/lsquic.nix @@ -8,6 +8,11 @@ let rev = version; sha256 = "sha256-EU6T9yQCdOLx98Io8o01rEsgxDFF/Xoy42LgPopD2/A="; }; + + patches = [ + # Use /etc/ssl/certs/ca-certificates.crt instead of /etc/ssl/cert.pem + ./use-etc-ssl-certs.patch + ]; }); in stdenv.mkDerivation rec { diff --git a/pkgs/servers/invidious/use-etc-ssl-certs.patch b/pkgs/servers/invidious/use-etc-ssl-certs.patch new file mode 100644 index 0000000000000..b60b0b1f1a122 --- /dev/null +++ b/pkgs/servers/invidious/use-etc-ssl-certs.patch @@ -0,0 +1,13 @@ +diff --git a/crypto/x509/x509_def.c b/crypto/x509/x509_def.c +index d2bc3e5c1..329580075 100644 +--- a/crypto/x509/x509_def.c ++++ b/crypto/x509/x509_def.c +@@ -67,7 +67,7 @@ + + #define X509_CERT_AREA OPENSSLDIR + #define X509_CERT_DIR OPENSSLDIR "/certs" +-#define X509_CERT_FILE OPENSSLDIR "/cert.pem" ++#define X509_CERT_FILE "/etc/ssl/certs/ca-certificates.crt" + #define X509_PRIVATE_DIR OPENSSLDIR "/private" + #define X509_CERT_DIR_EVP "SSL_CERT_DIR" + #define X509_CERT_FILE_EVP "SSL_CERT_FILE" |