envoy: 1.21.5 -> 1.23.1

author: Luke Granger-Brown <git@lukegb.com> 2022-09-04 22:20:47 +0100
committer: Luke Granger-Brown <git@lukegb.com> 2022-09-05 00:54:39 +0100
commit: 16215285cd14ee42f1764d93a22bde764b216e7d (patch)
tree: 2b112957d12cab24a4d5a457af8ab96b0f88c01a /pkgs/servers/http
parent: 7f6ab2ddbc08de30f1e5a3b7644a5523daf51554 (diff)
2 files changed, 85 insertions, 19 deletions
diff --git a/pkgs/servers/http/envoy/default.nix b/pkgs/servers/http/envoy/default.nix
index 9bcf573d06c44..b9342ccd4fac5 100644
--- a/pkgs/servers/http/envoy/default.nix
+++ b/pkgs/servers/http/envoy/default.nix
@@ -1,14 +1,14 @@
 { lib
-, bazel_4
+, bazel_5
 , buildBazelPackage
 , fetchFromGitHub
-, fetchpatch
 , stdenv
 , cmake
 , gn
 , go
 , jdk
 , ninja
+, patchelf
 , python3
 , linuxHeaders
 , nixosTests
@@ -23,19 +23,19 @@ let
     # However, the version string is more useful for end-users.
     # These are contained in a attrset of their own to make it obvious that
     # people should update both.
-    version = "1.21.5";
-    rev = "0512f18b764828497febd0f6dcecc1861003d614";
+    version = "1.23.1";
+    rev = "edd69583372955fdfa0b8ca3820dd7312c094e46";
   };
 in
 buildBazelPackage rec {
   pname = "envoy";
   inherit (srcVer) version;
-  bazel = bazel_4;
+  bazel = bazel_5;
   src = fetchFromGitHub {
     owner = "envoyproxy";
     repo = "envoy";
     inherit (srcVer) rev;
-    sha256 = "sha256-VWcfdoZ1wGkxaf0PZwfiSFg8D/QDIZs4u/iLUnsbjMo=";
+    sha256 = "sha256:157dbmp479xv5507n48yibvlgi2ac0l3sl9rzm28cm9lhzwva3k0";
 
     postFetch = ''
       chmod -R +w $out
@@ -48,26 +48,21 @@ buildBazelPackage rec {
   postPatch = ''
     sed -i 's,#!/usr/bin/env python3,#!${python3}/bin/python,' bazel/foreign_cc/luajit.patch
     sed -i '/javabase=/d' .bazelrc
-    # Patch paths to build tools, and disable gold because it just segfaults.
-    substituteInPlace bazel/external/wee8.genrule_cmd \
-      --replace '"''$$gn"' '"''$$(command -v gn)"' \
-      --replace '"''$$ninja"' '"''$$(command -v ninja)"' \
-      --replace '"''$$WEE8_BUILD_ARGS"' '"''$$WEE8_BUILD_ARGS use_gold=false"'
+
+    # Use system Python.
+    sed -i -e '/python_interpreter_target =/d' -e '/@python3_10/d' bazel/python_dependencies.bzl
   '';
 
   patches = [
-    # make linux/tcp.h relative. drop when upgrading to >1.21
-    (fetchpatch {
-      url = "https://github.com/envoyproxy/envoy/commit/68448aae7a78a3123097b6ea96016b270457e7b8.patch";
-      sha256 = "123kv3x37p8fgfp29jhw5xg5js5q5ipibs8hsm7gzfd5bcllnpfh";
-    })
-
     # fix issues with brotli and GCC 11.2.0+ (-Werror=vla-parameter)
     ./bump-brotli.patch
 
     # fix linux-aarch64 WAMR builds
     # (upstream WAMR only detects aarch64 on Darwin, not Linux)
     ./fix-aarch64-wamr.patch
+
+    # use system Python, not bazel-fetched binary Python
+    ./use-system-python.patch
   ];
 
   nativeBuildInputs = [
@@ -77,6 +72,7 @@ buildBazelPackage rec {
     go
     jdk
     ninja
+    patchelf
   ];
 
   buildInputs = [
@@ -85,8 +81,8 @@ buildBazelPackage rec {
 
   fetchAttrs = {
     sha256 = {
-      x86_64-linux = "sha256-bE28PBQjsOLkxjIoDk6HcELPP3XzvqKKVa7yUbXB1Qk=";
-      aarch64-linux = "sha256-Rf7kEBeH72vsvmzKy/7oKQf8cVNVzIcSuXMhrIhMFKM=";
+      x86_64-linux = "0y3gpvx148bnn6kljdvkg99m681vw39l0avrhvncbf62hvpifqkw";
+      aarch64-linux = "0lln5mdlskahz5hb4w268ys2ksy3051drrwlhracmk4i7rpm7fq3";
     }.${stdenv.system} or (throw "unsupported system ${stdenv.system}");
     dontUseCmakeConfigure = true;
     dontUseGnConfigure = true;
@@ -95,6 +91,12 @@ buildBazelPackage rec {
       find $bazelOut/external -name requirements.bzl | while read requirements; do
         sed -i '/# Generated from /d' "$requirements"
       done
+      find $bazelOut/external -type f -executable | while read execbin; do
+        file "$execbin" | grep -q ': ELF .*, dynamically linked,' || continue
+        patchelf \
+          --set-interpreter $(cat ${stdenv.cc}/nix-support/dynamic-linker) \
+          "$execbin"
+      done
 
       # Remove references to paths in the Nix store.
       sed -i \
@@ -138,6 +140,12 @@ buildBazelPackage rec {
     "--cxxopt=-Wno-maybe-uninitialized"
     "--cxxopt=-Wno-uninitialized"
     "--cxxopt=-Wno-error=type-limits"
+    "--cxxopt=-Wno-error=range-loop-construct"
+
+    # Force use of system Java.
+    "--extra_toolchains=@local_jdk//:all"
+    "--java_runtime_version=local_jdk"
+    "--tool_java_runtime_version=local_jdk"
 
     "--define=wasm=${wasmRuntime}"
   ];
diff --git a/pkgs/servers/http/envoy/use-system-python.patch b/pkgs/servers/http/envoy/use-system-python.patch
new file mode 100644
index 0000000000000..a2030cc75fd05
--- /dev/null
+++ b/pkgs/servers/http/envoy/use-system-python.patch
@@ -0,0 +1,58 @@
+diff --git a/bazel/python_dependencies.bzl b/bazel/python_dependencies.bzl
+index d9dfb14a9b..b8e92452a7 100644
+--- a/bazel/python_dependencies.bzl
++++ b/bazel/python_dependencies.bzl
+@@ -1,10 +1,8 @@
+ load("@rules_python//python:pip.bzl", "pip_install", "pip_parse")
+-load("@python3_10//:defs.bzl", "interpreter")
+ 
+ def envoy_python_dependencies():
+     pip_parse(
+         name = "base_pip3",
+-        python_interpreter_target = interpreter,
+         requirements_lock = "@envoy//tools/base:requirements.txt",
+         extra_pip_args = ["--require-hashes"],
+     )
+@@ -12,14 +10,12 @@ def envoy_python_dependencies():
+     # These need to use `pip_install`
+     pip_install(
+         # Note: dev requirements do *not* check hashes
+-        python_interpreter_target = interpreter,
+         name = "dev_pip3",
+         requirements = "@envoy//tools/dev:requirements.txt",
+     )
+ 
+     pip_install(
+         name = "fuzzing_pip3",
+-        python_interpreter_target = interpreter,
+         requirements = "@rules_fuzzing//fuzzing:requirements.txt",
+         extra_pip_args = ["--require-hashes"],
+     )
+diff --git a/bazel/repositories_extra.bzl b/bazel/repositories_extra.bzl
+index 885b41dec6..ac5605eb30 100644
+--- a/bazel/repositories_extra.bzl
++++ b/bazel/repositories_extra.bzl
+@@ -1,22 +1,12 @@
+ load("@emsdk//:deps.bzl", emsdk_deps = "deps")
+-load("@rules_python//python:repositories.bzl", "python_register_toolchains")
+ load("@proxy_wasm_cpp_host//bazel/cargo/wasmtime:crates.bzl", "wasmtime_fetch_remote_crates")
+ load("//bazel/external/cargo:crates.bzl", "raze_fetch_remote_crates")
+ load("@aspect_bazel_lib//lib:repositories.bzl", "aspect_bazel_lib_dependencies")
+ 
+-# Python version for `rules_python`
+-PYTHON_VERSION = "3.10.2"
+-
+ # Envoy deps that rely on a first stage of dependency loading in envoy_dependencies().
+-def envoy_dependencies_extra(python_version = PYTHON_VERSION):
++def envoy_dependencies_extra():
+     emsdk_deps()
+     raze_fetch_remote_crates()
+     wasmtime_fetch_remote_crates()
+ 
+-    # Registers underscored Python minor version - eg `python3_10`
+-    python_register_toolchains(
+-        name = "python%s" % ("_".join(python_version.split(".")[:-1])),
+-        python_version = python_version,
+-    )
+-
+     aspect_bazel_lib_dependencies()
author	Luke Granger-Brown <git@lukegb.com>	2022-09-04 22:20:47 +0100
committer	Luke Granger-Brown <git@lukegb.com>	2022-09-05 00:54:39 +0100
commit	16215285cd14ee42f1764d93a22bde764b216e7d (patch)
tree	2b112957d12cab24a4d5a457af8ab96b0f88c01a /pkgs/servers/http
parent	7f6ab2ddbc08de30f1e5a3b7644a5523daf51554 (diff)