alioth/nixpkgs
3
0
Fork 0
forked from mirrors/nixpkgs
Code Releases Activity

invidious: unstable-2021-11-08 -> unstable-2021-11-13

Browse source 
This update disables QUIC by default which fixes Invidious not loading
anything except for the home page due to YouTube no longer accepting
HTTP/3 (Upstream Issue:
https://github.com/iv-org/invidious/issues/2577).

It therefore uses Crystal’s internal HTTP client, which failed because
the statically linked boringssl (required by lsquic) overrides OpenSSL’s
CA certificate file location. This is fixed by applying the same patch
to boringssl that is applied to openssl for using the correct CA
certificate file.
This commit is contained in:
Simon Bruder 2021-11-14 10:07:09 +01:00
parent 95382df163
commit 970d249d39
No known key found for this signature in database
GPG key ID: 8D3C82F9F309F8EC
3 changed files with 21 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
pkgs/servers/invidious/default.nix
View file

@ -8,17 +8,17 @@ let
# * shards.nix (by running `crystal2nix` in invidious source tree)
# * If the lsquic.cr dependency changed: lsquic in lsquic.nix (version, sha256)
# * If the lsquic version changed: boringssl' in lsquic.nix (version, sha256)
rev = "21879da80d2dfa97e789a13b90e82e466c4854e3";
rev = "00904ae3f2ab6a3cf5f96012d36c5672c3aa17b4";
in
crystal.buildCrystalPackage rec {
pname = "invidious";
version = "unstable-2021-11-08";
version = "unstable-2021-11-13";
src = fetchFromGitHub {
owner = "iv-org";
repo = pname;
inherit rev;
sha256 = "0jvnwjdh2l0hxfvzim00r3zbs528bb93y1nk0bjrbbrcfv5cn5ss";
sha256 = "sha256-DET4jvB5epkpl5/HTORNTWDL4Ck4IsqhdTApJE8t6Tg=";
};
postPatch =

5
pkgs/servers/invidious/lsquic.nix
View file

@ -8,6 +8,11 @@ let
rev = version;
sha256 = "sha256-EU6T9yQCdOLx98Io8o01rEsgxDFF/Xoy42LgPopD2/A=";
};
patches = [
# Use /etc/ssl/certs/ca-certificates.crt instead of /etc/ssl/cert.pem
./use-etc-ssl-certs.patch
];
});
in
stdenv.mkDerivation rec {

13
pkgs/servers/invidious/use-etc-ssl-certs.patch Normal file
View file

@ -0,0 +1,13 @@
diff --git a/crypto/x509/x509_def.c b/crypto/x509/x509_def.c
index d2bc3e5c1..329580075 100644
--- a/crypto/x509/x509_def.c
+++ b/crypto/x509/x509_def.c
@@ -67,7 +67,7 @@
#define X509_CERT_AREA OPENSSLDIR
#define X509_CERT_DIR OPENSSLDIR "/certs"
-#define X509_CERT_FILE OPENSSLDIR "/cert.pem"
+#define X509_CERT_FILE "/etc/ssl/certs/ca-certificates.crt"
#define X509_PRIVATE_DIR OPENSSLDIR "/private"
#define X509_CERT_DIR_EVP "SSL_CERT_DIR"
#define X509_CERT_FILE_EVP "SSL_CERT_FILE"