invidious: unstable-2021-11-08 -> unstable-2021-11-13

This update disables QUIC by default which fixes Invidious not loading anything except for the home page due to YouTube no longer accepting HTTP/3 (Upstream Issue: https://github.com/iv-org/invidious/issues/2577). It therefore uses Crystal’s internal HTTP client, which failed because the statically linked boringssl (required by lsquic) overrides OpenSSL’s CA certificate file location. This is fixed by applying the same patch to boringssl that is applied to openssl for using the correct CA certificate file.
3 years ago · 970d249d39
parent 95382df163
commit 970d249d39
3 changed files with 21 additions and 3 deletions
--- a/pkgs/servers/invidious/default.nix
+++ b/pkgs/servers/invidious/default.nix
@ -8,17 +8,17 @@ let
  #  * shards.nix (by running `crystal2nix` in invidious’ source tree)
  #  * If the lsquic.cr dependency changed: lsquic in lsquic.nix (version, sha256)
  #  * If the lsquic version changed: boringssl' in lsquic.nix (version, sha256)
-  rev = "21879da80d2dfa97e789a13b90e82e466c4854e3";
+  rev = "00904ae3f2ab6a3cf5f96012d36c5672c3aa17b4";
 in
 crystal.buildCrystalPackage rec {
  pname = "invidious";
-  version = "unstable-2021-11-08";
+  version = "unstable-2021-11-13";

  src = fetchFromGitHub {
    owner = "iv-org";
    repo = pname;
    inherit rev;
-    sha256 = "0jvnwjdh2l0hxfvzim00r3zbs528bb93y1nk0bjrbbrcfv5cn5ss";
+    sha256 = "sha256-DET4jvB5epkpl5/HTORNTWDL4Ck4IsqhdTApJE8t6Tg=";
  };

  postPatch =
--- a/pkgs/servers/invidious/lsquic.nix
+++ b/pkgs/servers/invidious/lsquic.nix
@ -8,6 +8,11 @@ let
      rev = version;
      sha256 = "sha256-EU6T9yQCdOLx98Io8o01rEsgxDFF/Xoy42LgPopD2/A=";
    };
+
+    patches = [
+      # Use /etc/ssl/certs/ca-certificates.crt instead of /etc/ssl/cert.pem
+      ./use-etc-ssl-certs.patch
+    ];
  });
 in
 stdenv.mkDerivation rec {
--- a/pkgs/servers/invidious/use-etc-ssl-certs.patch
+++ b/pkgs/servers/invidious/use-etc-ssl-certs.patch
@ -0,0 +1,13 @@
+diff --git a/crypto/x509/x509_def.c b/crypto/x509/x509_def.c
+index d2bc3e5c1..329580075 100644
+--- a/crypto/x509/x509_def.c
+++ b/crypto/x509/x509_def.c
+@@ -67,7 +67,7 @@
+ 
+ #define X509_CERT_AREA          OPENSSLDIR
+ #define X509_CERT_DIR           OPENSSLDIR "/certs"
+-#define X509_CERT_FILE          OPENSSLDIR "/cert.pem"
+#define X509_CERT_FILE          "/etc/ssl/certs/ca-certificates.crt"
+ #define X509_PRIVATE_DIR        OPENSSLDIR "/private"
+ #define X509_CERT_DIR_EVP        "SSL_CERT_DIR"
+ #define X509_CERT_FILE_EVP       "SSL_CERT_FILE"