ejabberd: 26.02 → 26.04

[toastal]

Things done

• Built on platform:
  • x86_64-linux
  • aarch64-linux
  • x86_64-darwin
  • aarch64-darwin
• Tested, as applicable:
  • NixOS tests in nixos/tests.
  • Package tests at passthru.tests.
  • Tests in lib/tests or pkgs/test for functions and "core" functionality.
• Ran nixpkgs-review on this PR. See nixpkgs-review usage.
• Tested basic functionality of all binary files, usually in ./result/bin/.
• Nixpkgs Release Notes
  • Package update: when the change is major or breaking.
• NixOS Release Notes
  • Module addition: when adding a new NixOS module.
  • Module update: when the change is significant.
• Fits CONTRIBUTING.md, pkgs/README.md, maintainers/README.md and other READMEs.

¹

Footnotes

1. Please consider giving up MS GitHub or offering a non-proprietary, non-US-corporate-controlled mirror for this free software project. I wish to delete this Microsoft account in the future, but I need more projects like this to support alternative methods to send patches & contribute. ↩

[toastal]

@chuangzhu … jiffy is no longer in the rebar.lock. I assume it isn’t a dep?

Running phase: autoreconfPhase
autoreconf: export WARNINGS=
autoreconf: Entering directory '.'
...skipping...
chmod 755 ejabberd.init
tools/dl_invites_page_deps.sh: line 20: curl: command not found
make: *** [Makefile:236: priv/mod_invites/static/bootstrap/] Error 127
make: *** Waiting for unfinished jobs....
tools/dl_invites_page_deps.sh: line 20: curl: command not found
make: *** [Makefile:238: priv/mod_invites/static/jquery/] Error 127
===> Errors loading plugin configure_deps. Run rebar3 with DEBUG=1 set to see errors.
===> Errors loading plugin {pc,"~> 1.15.0"}. Run rebar3 with DEBUG=1 set to see errors.
===> Errors loading plugin {pc,"~> 1.15.0"}. Run rebar3 with DEBUG=1 set to see errors.
Ignoring deps...
===> App cache_tab is no longer needed and can be deleted.
===> App eimp is no longer needed and can be deleted.
===> App erlydtl is no longer needed and can be deleted.
===> App ezlib is no longer needed and can be deleted.
===> App fast_tls is no longer needed and can be deleted.
===> App fast_xml is no longer needed and can be deleted.
===> App fast_yaml is no longer needed and can be deleted.
===> App idna is no longer needed and can be deleted.
===> App jose is no longer needed and can be deleted.
===> App mqtree is no longer needed and can be deleted.
===> App p1_acme is no longer needed and can be deleted.
===> App p1_oauth2 is no longer needed and can be deleted.
===> App p1_utils is no longer needed and can be deleted.
===> App pkix is no longer needed and can be deleted.
===> App stringprep is no longer needed and can be deleted.
===> App stun is no longer needed and can be deleted.
===> App xmpp is no longer needed and can be deleted.
===> App yconf is no longer needed and can be deleted.
===> Analyzing applications...
===> Compiling ejabberd

I think it might be failing on getting Twitter Bootstrap & jQuery for mod_invites but doing that in the Makefile.

[chuangzhu]

I think it might be failing on getting Twitter Bootstrap & jQuery for mod_invites but doing that in the Makefile.

We actually have two options:

ifeq (, $(shell which npm))
  INSTALL_INVITES_DEPS=tools/dl_invites_page_deps.sh priv/mod_invites/static
else
  INSTALL_INVITES_DEPS=npm install
endif

If the deps get complicated, we can use something like buildNpmPackages. But for now that seemed like overengineering since there are only two deps. Patching tools/dl_invites_page_deps.sh seems more reasonable.

[chuangzhu]

diff --git a/pkgs/by-name/ej/ejabberd/package.nix b/pkgs/by-name/ej/ejabberd/package.nix
index bdec28abbf8a..3ec1606bf4af 100644
--- a/pkgs/by-name/ej/ejabberd/package.nix
+++ b/pkgs/by-name/ej/ejabberd/package.nix
@@ -20,6 +20,8 @@
   fetchFromGitHub,
   fetchgit,
   beamPackages,
+  fetchurl,
+  unzip,
   nixosTests,
   withMysql ? false,
   withPgsql ? false,
@@ -136,6 +138,17 @@ let
     "ezlib"
   ];
 
+  invitePageDeps = {
+    jquery = fetchurl {
+      url = "https://code.jquery.com/jquery-4.0.0.min.js";
+      sha256 = "39a546ea9ad97f8bfaf5d3e0e8f8556adb415e470e59007ada9759dce472adaa";
+    };
+    bootstrap = fetchurl {
+      url = "https://github.com/twbs/bootstrap/releases/download/v5.3.8/bootstrap-5.3.8-dist.zip";
+      sha256 = "3258c873cbcb1e2d81f4374afea2ea6437d9eee9077041073fd81dd579c5ba6b";
+    };
+  };
+
 in
 stdenv.mkDerivation (finalAttrs: {
   pname = "ejabberd";
@@ -150,6 +163,7 @@ stdenv.mkDerivation (finalAttrs: {
         rebar3_hex
       ];
     })
+    unzip # invitePageDeps
   ];
 
   buildInputs = [
@@ -189,13 +203,19 @@ stdenv.mkDerivation (finalAttrs: {
   ]
   ++ lib.optional withSqlite "--with-sqlite3=${sqlite.dev}";
 
-  enableParallelBuilding = true;
+  # It wants to execute two dl_invites_page_deps.sh in parallel
+  # Causing unzip conflicts
+  enableParallelBuilding = false;
 
   postPatch = ''
     patchShebangs .
     mkdir -p _build/default/lib
     touch _build/default/lib/.got
     touch _build/default/lib/.built
+    sed -i \
+      -e 's|curl .* $jquery .*|cp ${invitePageDeps.jquery} $jquery|' \
+      -e 's|curl .* $bootstrap .*|cp ${invitePageDeps.bootstrap} $bootstrap|' \
+      tools/dl_invites_page_deps.sh
   '';
 
   env.REBAR_IGNORE_DEPS = 1;

[toastal]

That’s one solution… doesn’t scale the best. Since they use SRIs, if we don’t have our versions in sync with upstream, we won’t know about breakage until runtime where we don’t match their hashes—which could mean a NixOS upgrade could make the invites not work entirely. Had they not included SRIs on the page, it would probably be fine/safe to be slightly out of sync on versions.

I opened these upstream to see if they have any takes:

• dl_invites_page_deps.sh fixups processone/ejabberd#4553
• Make fetching mod_invites dependencies optional processone/ejabberd#4554
• Remove jQuery processone/ejabberd#4555

We could run the script in IFD perhaps to fetch (slow, but small deps) or use the npm Hooks (pulls in a massive, questionable toolchain just to fetch deps).

Additionally, since mod_invites can be disabled, I think they made the wrong choice requiring these dependencies.

[chuangzhu]

we won’t know about breakage until runtime where we don’t match their hashes

I tested the patch I posted above with this:

diff --git a/pkgs/by-name/ej/ejabberd/package.nix b/pkgs/by-name/ej/ejabberd/package.nix
index 3ec1606bf4af..160967eed12e 100644
--- a/pkgs/by-name/ej/ejabberd/package.nix
+++ b/pkgs/by-name/ej/ejabberd/package.nix
@@ -140,8 +140,8 @@ let
 
   invitePageDeps = {
     jquery = fetchurl {
-      url = "https://code.jquery.com/jquery-4.0.0.min.js";
-      sha256 = "39a546ea9ad97f8bfaf5d3e0e8f8556adb415e470e59007ada9759dce472adaa";
+      url = "https://code.jquery.com/jquery-3.0.0.min.js";
+      sha256 = "266bcea0bb58b26aa5b16c5aee60d22ccc1ae9d67daeb21db6bad56119c3447d";
     };
     bootstrap = fetchurl {
       url = "https://github.com/twbs/bootstrap/releases/download/v5.3.8/bootstrap-5.3.8-dist.zip";

And it totally noticed the checksum mismatch:

ejabberd> tools/dl_invites_page_deps.sh priv/mod_invites/static
ejabberd> /tmp/jquery.DGdCBgFFs: FAILED
ejabberd> sha256sum: WARNING: 1 computed checksum did NOT match
ejabberd> checksum failed: /tmp/jquery.DGdCBgFFs (does not match 39a546ea9ad97f8bfaf5d3e0e8f8556adb415e470e59007ada9759dce472adaa)
ejabberd> make: *** [Makefile:236: priv/mod_invites/static/bootstrap/] Error 1
error: Cannot build '/nix/store/6k7852y0q84114cysr2y9yn303ikyvam-ejabberd-26.03.drv'.
       Reason: builder failed with exit code 2.
       Output paths:
         /nix/store/m43g3j8rw651rv85hvi250x134zy6y3n-ejabberd-26.03

I only changed curl to cp, I didn't delete the checksum logic.

[chuangzhu]

I think they made the wrong choice requiring these dependencies.

I would argue it's not that bad (at least for now...). I've seen much worse

[toastal]

I see what you did, but was I hoping we can have a better solution.

However, having thought on it a bit, this could be good enough for now as it likely won’t be addressed in the near term. Hopefully it can trip on the version with diff not being very smart to catch version mismatches.

I’d rather they ripped the SRIs out so I could recompile Bootstrap for a specific target (meaning Browserslist) or in line with 5.x upstream generally vs. Ejabberd’s specific version. Subresource integrity is best for using with third-party scripts (never ideal) & since these deps are already vendored & checked with their hashes, I don’t know what they are getting out of checking again at runtime.

I would argue it's not that bad (at least for now...). I've seen much worse

True, but it also doesn’t make a lot of sense since a) you can disable the module & b) the docs say you can point to your own endpoint… both of which don’t need it.

[adamcstephens]

While I have little skin in this game, I would recommend accepting that there's now nodejs in this package and using standard npm fetchers/builders.Using fetchers like this is a bit too much of a hack around the problem, in my opinion.

[toastal]

I had looked into the npm option in the WIP (now reverted), but I didn’t like the way it was going just to fetch 2 dependencies. Since I thought this was not very good design, I reported it on their bug tracker & would rather see upstream’s response. At least we could gate Node.js behind withInvitePageDeps ? true/false in future versions if they agree the design should be better.

Sorry, this whole issue really frustrated me being a, well I guess now ex-, front-end developer.

[toastal]

@chuangzhu @adamcstephens I patched with their open merge request to make Bootstrap optional (+ removing jQuery <3). This means users can opt out of the heft of the npm ecosystem if desired.

What I mostly need help with: what is the default? withBootstrap ? true or withBootstarp ? false?

[adamcstephens]

I personally prefer to ship things as upstream intends with all features available, and let users that want to optimize override to do so. So I’d recommend enabled by default.

[SuperSandro2000]

This is not merged, we must vendor the patch

[toastal]

I think the consensus is that this release isn’t going to be merged at all since that patch isn’t in the version.

[SuperSandro2000]

Suggested change

if npmToolingUsed then

[toastal]

This doesn’t work. The current setup allows Nixpkgs Ejabberd users to opt out (override { withBootstrap = false; }) of the npm toolchain if not using Bootstrap. This boolean gates pulling in such a large (but maintainable) toolchain.

[chuangzhu]

Just use withBootstrap instead of npmToolingUsed. Also, maybe use lib.optionalDrvAttr to make the code cleaner

[toastal]

I don’t agree with that style since withBootstrap might not be the only long-term flag for if npm tooling is used & this boolean needs to be in 3 locations. I prefer descriptive names that think about the future when XXX & YYY feature is added that also needs npm added than

{
  preBuild = lib.optionalString (withBootstrap || withXXX || withYYY) "…";
  
  nativeBuildInputs = lib.optionals (withBootstrap || withXXX || withYYY) [ ];
  
  npmDeps = lib.optionalDrvAttr (withBootstrap || withXXX || withYYY) [ ];
}

npmToolingUsed is easy to extend in the future while being a self-documenting name.

[toastal]

I did use lib.optionalDrvAttr which I did not know of.

[chuangzhu]

Just use withBootstrap instead of npmToolingUsed. Also, maybe use lib.optionalDrvAttr to make the code cleaner

[niklaskorz]

nixpkgs-review result

Generated using nixpkgs-review.

Command: nixpkgs-review pr 504293
Commit: f0595626ae670a5077546883f44be3adac0b9235

---

x86_64-linux

✅ 1 package built:

• ejabberd

[niklaskorz]

nixpkgs-review result

Generated using nixpkgs-review.

Command: nixpkgs-review pr 504293 --package nixosTests.ejabberd
Commit: f0595626ae670a5077546883f44be3adac0b9235

---

x86_64-linux

✅ 1 test built:

• nixosTests.ejabberd