-
-
Notifications
You must be signed in to change notification settings - Fork 14.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
zen-browser: init at 1.0.1-a.22 #347222
zen-browser: init at 1.0.1-a.22 #347222
Conversation
4484966
to
ddda268
Compare
Could you please add me as a maintainer? I'm really happy I could be a maintainer in Nixpkgs :D |
I too would like to be added as a maintainer for this package if possible :) |
In order to be added as a maintainer you need to have an entry in I'm not sure if I'm supposed to add you as nixpkgs would likely prefer users add themselves rather than getting someone else to do it for them. |
After ~2 hours on my laptop, it built. Typing from the browser right now! Seems functionally it works fine :) |
Hey ! Could I be added as a maintainer too ? |
Is it allowed to add others to maintainers list in a pull request? Or may I add my self at next update? 🤔 |
It is preferable for users to add themselves. At least, the commit must be authored and signed by the added user. If @matthewpi gives you a write access to its fork's branch, you would be able to add yourself and the change will be in this MR. |
Hey ➜ nix run nixpkgs#nixpkgs-review -- pr --print-result 347222 --no-shell
[...]
[1/0/2 built] building zen-browser-unwrapped-1.0.1-a.7 (buildPhase): 00:22:21 Javascript error: chome://browser/content/parent/ext-browser.js, line: TypeError: currentTab.linkedBrowser is null Does someone got the same ? The thing is the build seems to be stuck forever in this state |
How powerful is the system you are building this on? It's not uncommon for the output to become "stuck" and not print anything for awhile, especially on lower-end systems. |
Well, I am not really on lower-end gear (Ryzen 9 5900X, 32 Go of RAM) but good news, the build is continuing. 1 package built: Result of 1 package built:
|
That is not a build failure. The build continues and succeeds. I saw the same log message, but it had no effect on the success of the build. |
New release pushed with critical security fixes (from upstream firefox): https://github.com/zen-browser/desktop/releases/tag/1.0.1-a.8 |
That still leave the issue of why or fixed the fact that the closure size of llvm & approvals from earlier. |
It was updated in HEAD, but not in the currently released version. Please see here and here. |
ok, fair criticism. we'll see how this plays out. |
I'm new here, so please excuse me. If a package is accepted, will it be added to the stable channel? Or is that something else entirely? |
@AyushmanOfficial it can be backported to the stable channel, after merged. |
This comment was marked as duplicate.
This comment was marked as duplicate.
Why is this merged but not in unstable? Or Rather, why was it reverted in #360291 ? |
See this comment |
@matthewpi have you made another PR to follow this one up? |
It sounds like we have to wait for a new release of Zen that addresses the 2nd point. To be fair to the upstream they do label it as "alpha version". I think it is understandable that their releases might have known security issues. But maybe somebody should provide some feedback all the same - if that is possible. Maybe reverting back to an old Firefox version in order to reduce breakage at the expense of re-introducing old security issues wasn't the best decision... |
Hey they are releasing a beta version tomorrow lets wait for that, then we can make a new pr. |
Zen released a new version (aka beta) and I am working on a new pr, and Darwin support will be becoming soon. |
On the topic of reducing closure size, the file |
The zen beta has been released btw |
Maybe, please mention a way I could do that, because I can only think is by doing a patch. |
While I appreciate the effort to fix the issues mentioned here, it is unlikely that this will be merged in the near future, so I would recommend maybe holding off on this for now (or contributing your efforts to an out-of-tree package). |
May i ask why? From what i understand, the main reason is security issues. Isn't almost every piece of software have some issues in terms of security? I'm pretty sure that many people will rather choose to have a package faster with some vulnerabilities, then not have a package and wait an uncertain amount of time for upstream fix. I may be completely wrong, please explain it to me. |
Every software have security issue. It's true that they exists but they are not discover. here we have well known security issues (see Mozilla Foundation Security Advisory 2024-63) and the editor recommendation is to update the software. Furthermore when you download/install software you except it not to be a security issue you and don't have to make some research to check that the program is vulnerable. Also the program can be used as dependencies of an other one. If you need to check all the package and derivation of your system don't use NixOS, use Gentoo and build all your package from source. Here we are speaking of a program that is always open and has a huge attack surface so no It's not a good idea to publish that. In case you want the derivation build it your self ( To finish Nix and NixOS are used in production environment where you definitively don't want to have vulnerable/broken packages. |
https://nixos.org/manual/nixpkgs/unstable/#fun-remove-references-to |
It's not just security issues it also includes major breaking changes, until it's stable the solution is build from my pr.
Yes this is true, but for most browsers that people are using, require it to be up to date and with no vulnerabilities.
At the moment it is because it's in beta not fully stable and it may miss a FF version that patches FF vulnerabilities or changes the way of the package.
Or add it to your channels or add it to your flake. |
That's completely valid reason, thanks everyone above for clarification! Also thanks for the tip about building derivations as separate input. Does this mean that no cache(like Cachix for Hyprland) for this package is available and it should be built on my machine? |
Well, there would be no binary cache (Cachix or otherwise) unless someone makes a cache and pushes artifacts to it. Shameless plug but you can use my flake youwen5/zen-browser-flake to run Zen Browser on |
Im a bit confused why is the security thing still a topic? In the beta its based on FF 133. And even if, we could just mark it as insecure. And why is stability a topic either i mean we have cosmic-comp in the main repo and that still in alpha 2. |
It seems that firefox forks cost a lot of resources to build and pop in and out of existence too quickly, so the members recently decided to be stricter with the requirements to accepting such a package. This package in particular uses even more resources than expected. It's a bummer, but infrastructure is not free. I'm not a member though, so don't cite me on this. |
Oh, ok interesting, that makes sense. And i guess people are not that big of a fan of making -bin packages. |
Sometimes you will see both the build package and a Maybe there is a potential solution so everyone would be happy with: offload the package building & nix packaging onto the zen-browser team. Create a flake on their repo, which packages the browser, so folks interested in it, can get it from there. I am using this to get nightly builds from helix and wezterm, and those projects go even further and offer cached builds on cachix! If the zen team isn't keen on offering their resources to build this for nix again, one could also package their binary release for now :) The only thing needed to do, is to convince the zen team, to incorporate the flake into their project (with all of the packaging stuff around it), and have some ppl be willing to maintain it if it breaks, but it seems that there are a few folks eagirly working on it! And yeah, I am aware of zen-browser/desktop#78, but maybe they will consider it again. Or plan B, someone offers a repo, like the one from @Eveeifyeve :) |
Someone did literally that #347222 (comment) |
Yeah i know im using it right now. I just thought that building from source would be more nix style, especially in the main repo. |
https://zen-browser.app/
Closes #327982
NOTE: This package takes quite a lot of resources to build. On my desktop (7900X) and on my build server (5950X) the build takes upwards of about 30-35 minutes. This is not a package you want to compile yourself if you can avoid it.
If anyone wants to be added as a maintainer to this package, please leave a comment and I will add you.
@Zh40Le1ZOOB thanks for doing the legwork to get this packaged. I based this package on the one you linked in the associated package request, but merged in a bunch of the options from the
firefox
package already in nixpkgs.Things done
nix.conf
? (See Nix manual)sandbox = relaxed
sandbox = true
nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD"
. Note: all changes have to be committed, also see nixpkgs-review usage./result/bin/
)Add a 👍 reaction to pull requests you find important.