Skip to content

[25.11] cosmic-greeter: apply upstream patch for security hardening#505350

Open
a-kenji wants to merge 1 commit intoNixOS:release-25.11from
a-kenji:backport-499524-to-release-25.11
Open

[25.11] cosmic-greeter: apply upstream patch for security hardening#505350
a-kenji wants to merge 1 commit intoNixOS:release-25.11from
a-kenji:backport-499524-to-release-25.11

Conversation

@a-kenji
Copy link
Copy Markdown
Member

@a-kenji a-kenji commented Mar 31, 2026
edited
Loading

(cherry picked from commit 64db9dd)

Things done

  • Built on platform:
    • x86_64-linux
    • aarch64-linux
    • x86_64-darwin
    • aarch64-darwin
  • Tested, as applicable:
  • Ran nixpkgs-review on this PR. See nixpkgs-review usage.
  • Tested basic functionality of all binary files, usually in ./result/bin/.
  • Nixpkgs Release Notes
    • Package update: when the change is major or breaking.
  • NixOS Release Notes
    • Module addition: when adding a new NixOS module.
    • Module update: when the change is significant.
  • Fits CONTRIBUTING.md, pkgs/README.md, maintainers/README.md and other READMEs.

github-actions[bot]
github-actions bot requested changes Mar 31, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@github-actions github-actions bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This report is automatically generated by the PR / Check / cherry-pick CI workflow.

Some of the commits in this PR require the author's and reviewer's attention.

Sometimes it is not possible to cherry-pick exactly the same patch.
This most frequently happens when resolving merge conflicts.
The range-diff will help to review the resolution of conflicts.

If you need to merge this PR despite the warnings, please dismiss this review shortly before merging.

Warning

Difference between 838c3f9 and original 64db9dd may warrant inspection.

Show diff 
@@ Metadata
  ## Commit message ##
     cosmic-greeter: apply upstream patch for security hardening
 
+    (cherry picked from commit 64db9dd59be49b07d88409084dd94c1cf34b5097)
+
  ## pkgs/by-name/co/cosmic-greeter/package.nix ##
 @@
    nix-update-script,
@@ pkgs/by-name/co/cosmic-greeter/package.nix
  
  rustPlatform.buildRustPackage (finalAttrs: {
 @@ pkgs/by-name/co/cosmic-greeter/package.nix: rustPlatform.buildRustPackage (finalAttrs: {
-     hash = "sha256-U0JrxvMWzISSA0tP8moasN7iN7TfZreEwbvWZGHRn8E=";
+     hash = "sha256-HP2Dl/vEX4K3XaXtjOpN1EW6uE4RuLm2+RMLB3QvOXQ=";
    };
  
--  cargoHash = "sha256-sNJTXBInr/h8w5dhOOP9ceBYWBcJW3qGjDuaG6UTV90=";
-+  cargoHash = "sha256-J5ycaeKZsEBPcI9JH8bHsOAcXXwcx/D21GlVhJZbGwM=";
+-  cargoHash = "sha256-4yRBgFrH4RBpuvChTED+ynx+PyFumoT2Z+R1gXxF4Xc=";
++  cargoHash = "sha256-KLIUE3+iAZbNB6YPSl75I6jHwa1RBN+go5A7RFi5LxE=";
 +
 +  cargoPatches = [
 +    (fetchpatch2 {
@@ pkgs/by-name/co/cosmic-greeter/package.nix: rustPlatform.buildRustPackage (final
 +    })
 +  ];
  
-   env.VERGEN_GIT_SHA = finalAttrs.src.tag;
- 
+   env = {
+     VERGEN_GIT_COMMIT_DATE = "2025-12-05";

Hint: The full diffs are also available in the runner logs with slightly better highlighting.

@a-kenji a-kenji mentioned this pull request Mar 31, 2026
Open
@nixpkgs-ci nixpkgs-ci bot requested a review from a team March 31, 2026 13:34
@nixpkgs-ci nixpkgs-ci bot added 10.rebuild-linux: 1-10 This PR causes between 1 and 10 packages to rebuild on Linux. 10.rebuild-darwin: 0 This PR does not cause any packages to rebuild on Darwin. 11.by: package-maintainer This PR was created by a maintainer of all the package it changes. 10.rebuild-linux: 1 This PR causes 1 package to rebuild on Linux. 6.topic: COSMIC COSMIC is a software platform for designing beautiful user experiences 4.workflow: backport This targets a stable branch labels Mar 31, 2026
@nixpkgs-ci nixpkgs-ci bot added 12.approvals: 1 This PR was reviewed and approved by one person. 12.approved-by: package-maintainer This PR was reviewed and approved by a maintainer listed in any of the changed packages. labels Mar 31, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@github-actions github-actions[bot] github-actions[bot] requested changes

+1 more reviewer

@drakon64 drakon64 drakon64 approved these changes

Reviewers whose approvals may not affect merge requirements

Requested changes must be addressed to merge this pull request.

Assignees

No one assigned

Labels

4.workflow: backport This targets a stable branch 6.topic: COSMIC COSMIC is a software platform for designing beautiful user experiences 10.rebuild-darwin: 0 This PR does not cause any packages to rebuild on Darwin. 10.rebuild-linux: 1-10 This PR causes between 1 and 10 packages to rebuild on Linux. 10.rebuild-linux: 1 This PR causes 1 package to rebuild on Linux. 11.by: package-maintainer This PR was created by a maintainer of all the package it changes. 12.approvals: 1 This PR was reviewed and approved by one person. 12.approved-by: package-maintainer This PR was reviewed and approved by a maintainer listed in any of the changed packages.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@a-kenji @drakon64 @thefossguy