aboutsummaryrefslogtreecommitdiff
path: root/doc
AgeCommit message (Collapse)Author
2024-05-04Merge "libstore/local-derivation-goal: prohibit creating setuid/setgid ↵Maximilian Bosch
binaries" into main
2024-05-03libstore/local-derivation-goal: prohibit creating setuid/setgid binariesMaximilian Bosch
With Linux kernel >=6.6 & glibc 2.39 a `fchmodat2(2)` is available that isn't filtered away by the libseccomp sandbox. Being able to use this to bypass that restriction has surprising results for some builds such as lxc[1]: > With kernel ≥6.6 and glibc 2.39, lxc's install phase uses fchmodat2, > which slips through https://github.com/NixOS/nix/blob/9b88e5284608116b7db0dbd3d5dd7a33b90d52d7/src/libstore/build/local-derivation-goal.cc#L1650-L1663. > The fixupPhase then uses fchmodat, which fails. > With older kernel or glibc, setting the suid bit fails in the > install phase, which is not treated as fatal, and then the > fixup phase does not try to set it again. Please note that there are still ways to bypass this sandbox[2] and this is mostly a fix for the breaking builds. This change works by creating a syscall filter for the `fchmodat2` syscall (number 452 on most systems). The problem is that glibc 2.39 is needed to have the correct syscall number available via `__NR_fchmodat2` / `__SNR_fchmodat2`, but this flake is still on nixpkgs 23.11. To have this change everywhere and not dependent on the glibc this package is built against, I added a header "fchmodat2-compat.hh" that sets the syscall number based on the architecture. On most platforms its 452 according to glibc with a few exceptions: $ rg --pcre2 'define __NR_fchmodat2 (?!452)' sysdeps/unix/sysv/linux/x86_64/x32/arch-syscall.h 58:#define __NR_fchmodat2 1073742276 sysdeps/unix/sysv/linux/mips/mips64/n32/arch-syscall.h 67:#define __NR_fchmodat2 6452 sysdeps/unix/sysv/linux/mips/mips64/n64/arch-syscall.h 62:#define __NR_fchmodat2 5452 sysdeps/unix/sysv/linux/mips/mips32/arch-syscall.h 70:#define __NR_fchmodat2 4452 sysdeps/unix/sysv/linux/alpha/arch-syscall.h 59:#define __NR_fchmodat2 562 I added a small regression-test to the setuid integration-test that attempts to set the suid bit on a file using the fchmodat2 syscall. I confirmed that the test fails without the change in local-derivation-goal. Additionally, we require libseccomp 2.5.5 or greater now: as it turns out, libseccomp maintains an internal syscall table and validates each rule against it. This means that when using libseccomp 2.5.4 or older, one may pass `452` as syscall number against it, but since it doesn't exist in the internal structure, `libseccomp` will refuse to create a filter for that. This happens with nixpkgs-23.11, i.e. on stable NixOS and when building Lix against the project's flake. To work around that * a backport of libseccomp 2.5.5 on upstream nixpkgs has been scheduled[3]. * the package now uses libseccomp 2.5.5 on its own already. This is to provide a quick fix since the correct fix for 23.11 is still a staging cycle away. We still need the compat header though since `SCMP_SYS(fchmodat2)` internally transforms this into `__SNR_fchmodat2` which points to `__NR_fchmodat2` from glibc 2.39, so it wouldn't build on glibc 2.38. The updated syscall table from libseccomp 2.5.5 is NOT used for that step, but used later, so we need both, our compat header and their syscall table 🤷 Relevant PRs in CppNix: * https://github.com/NixOS/nix/pull/10591 * https://github.com/NixOS/nix/pull/10501 [1] https://github.com/NixOS/nixpkgs/issues/300635#issuecomment-2031073804 [2] https://github.com/NixOS/nixpkgs/issues/300635#issuecomment-2030844251 [3] https://github.com/NixOS/nixpkgs/pull/306070 (cherry picked from commit ba6804518772e6afb403dd55478365d4b863c854) Change-Id: I6921ab5a363188c6bff617750d00bb517276b7fe
2024-05-03Rename `nix show-config` to `nix config show`Théophane Hufschmitt
Part of #7672 My main motivation is to be able to use `nix.checkConfig`[1]. This doesn't work with Lix currently since the module uses `nix show-config` if the Nix version is <2.20pre and `nix config show` otherwise. I think this is the only instance where nixpkgs checks for which Nix commands exist that affects us now, so I figured we could just perform the rename here as well[2] and still provide the current version number[3]. I don't have a strong opinion on whether to deprecate `nix show-config`, the warning is added there automatically. (cherry picked from commit f300e11b056dea414d7d77bbc6e5a7dc5d9ddd41) [1] https://nixos.org/manual/nixos/stable/options.html#opt-nix.checkConfig [2] I should add that I don't use the "official" ways of installing Lix because using the flake directly and callPackaging it seemed to fit better into my workflow: I already have a little mess to make sure Hydra from the flake uses the correct pkgs.nix and I didn't want to complicate it further while keeping a single package-set I can build in CI. Don't get me wrong, I think such a module for a quick-start is very important, just giving context on why I bother in the first place :) [3] When we go public, I think it's worth considering to add support in nixpkgs itself for Lix. Change-Id: I47b4239b05cbeda3c370d2fa56ea768b768768ac
2024-05-02Merge changes from topic "profile-v3" into mainQyriad
* changes: nix3-profile: remove check "name" attr in manifests Add profile migration test nix3-profile: make element names stable getNameFromURL(): Support uppercase characters in attribute names nix3-profile: remove indices nix3-profile: allow using human-readable names to select packages implement parsing human-readable names from URLs
2024-05-02nix3-profile: make element names stableQyriad
Based off of commit 6268a45b650f563bae2360e0540920a2959bdd40 Upstream-PR: https://github.com/NixOS/nix/pull/9656 Co-authored-by: Eelco Dolstra <edolstra@gmail.com> Change-Id: I0fcf069a8537c61ad6fc4eee1f3c193a708ea1c4
2024-05-02nix3-profile: remove indicesQyriad
Based off of commit 3187bc9ac3dd193b9329ef68c73ac3cca794ed78 Upstream-PR: https://github.com/NixOS/nix/pull/9656 Co-authored-by: Eelco Dolstra <edolstra@gmail.com> Change-Id: I8ac4a33314cd1cf9de95404c20f58e883460acc7
2024-05-02nix3-profile: allow using human-readable names to select packagesQyriad
These names are parsed from the URL provided for that package Based off of commit 257b768436a0e8ab7887f9b790c5b92a7fe51ef5 Upstream-PR: https://github.com/NixOS/nix/pull/8678 Co-authored-by: Felix Uhl <felix.uhl@outlook.com> Change-Id: I76d5f9cfb11d3d2915b3dd1db21d7bb49e91f4fb
2024-05-02Disallow store path names that are . or .. (plus opt. -)Robert Hensing
As discussed in the maintainer meeting on 2024-01-29. Mainly this is to avoid a situation where the name is parsed and treated as a file name, mostly to protect users. .-* and ..-* are also considered invalid because they might strip on that separator to remove versions. Doesn't really work, but that's what we decided, and I won't argue with it, because .-* probably doesn't seem to have a real world application anyway. We do still permit a 1-character name that's just "-", which still poses a similar risk in such a situation. We can't start disallowing trailing -, because a non-zero number of users will need it and we've seen how annoying and painful such a change is. What matters most is preventing a situation where . or .. can be injected, and to just get this done. (cherry picked from commit f1b4663805a9dbcb1ace64ec110092d17c9155e0) Change-Id: I900a8509933cee662f888c3c76fa8986b0058839
2024-05-02parseStorePath: Support leading periodRobert Hensing
(cherry picked from commit b13e6a76b4f289c6db69ffaa7bd35b7e44f2a391) Change-Id: Ie14be437d87d17248f80e1f009aa2a4311ddede6
2024-04-29nix3-upgrade-nix: allow manually specifying new nixQyriad
This allows manually specifying a store path for the new Nix that gets linked into Nix's profile. Change-Id: Ib71711ffb466febf4a6892e3fdbda644e053770d
2024-04-29fix `nix upgrade-nix` on new-style profilesQyriad
nix3-profile automatically migrates any profile its used on to its style of profile -- the ones with manifest.json instead of manifest.nix. On non-NixOS systems, Nix is conventionally installed to the profile at /nix/var/nix/profiles/default, so if a user passed that to `--profile` of `nix profile`, then it would break upgrade-nix from ever working again, without recreating the profile. This commit fixes that, and allows upgrade-nix to work on either kind of profile. Fixes #16. Change-Id: I4c49b1beba93bb50e8f8a107edc451affe08c3f7
2024-04-26docs(nix-env): summarize of each subcommand in --helpQyriad
This should have been there from the beginning. As much as nix-env is a pile of problems we don't need trivial docs papercuts like this adding to it. Change-Id: I0c53e4b146af2fefdd0e4743d850672729cb2194
2024-04-22meson: flip the switch!!Qyriad
This commit makes Meson the default buildsystem for Lix. The Make buildsystem is now deprecated and will be removed soon, but has not yet, which will be done in a later commit when all seems good. The mesonBuild jobs have been removed, and have not been replaced with equivalent jobs to ensure the Make buildsystem still works. The full, new commands in a development shell are: $ meson setup ./build "--prefix=$out" $mesonFlags (A simple `meson setup ./build` will also build, but will do a different thing, not having the settings from package.nix applied.) $ meson compile -C build $ meson test -C build --suite=check $ meson install -C build $ meson test -C build --suite=installcheck (Check and installcheck may both be done after install, allowing you to omit the --suite argument entirely, but this is the order package.nix runs them in.) If tests fail and Meson helpfully has no output for why, use the `--print-error-logs` option to `meson test`. Why this is not the default I cannot explain. If you change a setting in the buildsystem, most cases will automatically regenerate the Meson configuration, but some cases, like trying to build a specific target whose name is new to the buildsystem (e.g. `meson compile -C build src/libmelt/libmelt.dylib`, when `libmelt.dylib` did not exist as a target the last time the buildsystem was generated), then you can reconfigure using new settings but existing options, and only recompiling stuff affected by the changes: $ meson setup --reconfigure build Note that changes to the default values in `meson.options` or in the `default_options :` argument to project() are NOT propagated with `--reconfigure`. If you want a totally clean build, you can use: $ meson setup --wipe build That will work regardless of if `./build` exists or not. Specific, named targets may be addressed in `meson build -C build <target>` with the "target ID" if there is one, which is the first string argument passed to target functions that have one, and unrelated to the variable name, e.g.: libexpr_dylib = library('nixexpr', …) can be addressed with: $ meson compile -C build nixexpr All targets may be addressed as their output, relative to the build directory, e.g.: $ meson compile -C build src/libexpr/libnixexpr.so But Meson does not consider intermediate files like object files targets. To build a specific object file, use Ninja directly and specify the output file relative to the build directory: $ ninja -C build src/libexpr/libnixexpr.so.p/nixexpr.cc.o To inspect the canonical source of truth on what the state of the buildsystem configuration is, use: $ meson introspect Have fun! Change-Id: Ia3e7b1e6fae26daf3162e655b4ded611a5cd57ad
2024-04-17Merge "build internal API docs with Meson" into mainQyriad
2024-04-15build internal API docs with MesonQyriad
This commit adds the capability for building the Doxygen internal API docs in the Meson buildsystem, and also makes doing so the default for the internal-api-docs hydra job. Aside from the /nix-support directory, which differed only by the hash part of a store path, the outputs of hydraJobs.internal-api-docs before and after this commit were bit-for-bit identical on my machine. Change-Id: I98f0017891c25b06866c15f7652fe74f706ec8e1
2024-04-11manual: build docs with dummy envseldritch horrors
this was previously used because the macOS docs build would otherwise pull files out of the host nix store. or something. not sure about it Change-Id: I76b51eac1ebc5de5f00e2e4be086dd8db3eeb8e6
2024-04-11docs: redo content generation for mdbook and manualeldritch horrors
manpages can be rendered using the markdown output of mdbook, the rest of the manual can generated out of the main doc/manual source tree. we still use lowdown to actually render manpages instead of eg mdbook-man because lowdown does generate reasonably good manpages (though that is also somewhat debatable, but they're a lot better than mdbook-man). doing this not only lets us drastically simplify the lowdown pipeline, but also remove all custom {{#include}} handling since now mdbook does all of it, even for the manpage builds. even the lowdown wrapper isn't entirely necessary because lowdown can take all wrapper arguments with command line flags rather than bits of input file content. This also implements running mdbook in Meson, in order to generate the manpages. The mdbook outputs are also installed in the usual location. Co-authored-by: Qyriad <qyriad@qyriad.me> Change-Id: I60193f9fd0f15d48872f071af35855cda2a0f40b
2024-04-10Merge "Print top-level errors normally in `nix repl`" into mainrebecca “wiggles” turner
2024-04-10docs: generalize manpage generation script as json-to-tree.pyQyriad
This should be capable of replacing every invocation of nix eval --write-to. Change-Id: I60387bc9b0fc54a91244eddb639beaa64d705878
2024-04-09Print top-level errors normally in `nix repl`Rebecca Turner
Previously, errors while printing values in `nix repl` would be printed in `«error: ...»` brackets rather than displayed normally: ``` nix-repl> legacyPackages.aarch64-darwin.pythonPackages.APScheduler «error: Package ‘python-2.7.18.7’ in /nix/store/6s0m1qc31zw3l3kq0q4wd5cp3lqpkq0q-source/pkgs/development/interpreters/python/cpython/2.7/default.nix:335 is marked as insecure, refusing to evaluate.» ``` Now, errors will be displayed normally if they're emitted at the top-level of an expression: ``` nix-repl> legacyPackages.aarch64-darwin.pythonPackages.APScheduler error: … in the condition of the assert statement at /nix/store/6s0m1qc31zw3l3kq0q4wd5cp3lqpkq0q-source/lib/customisation.nix:268:17: 267| in commonAttrs // { 268| drvPath = assert condition; drv.drvPath; | ^ 269| outPath = assert condition; drv.outPath; … in the left operand of the OR (||) operator at /nix/store/6s0m1qc31zw3l3kq0q4wd5cp3lqpkq0q-source/pkgs/development/interpreters/python/passthrufun.nix:28:45: 27| if lib.isDerivation value then 28| lib.extendDerivation (valid value || throw "${name} should use `buildPythonPackage` or `toPythonModule` if it is to be part of the Python packages set.") {} value | ^ 29| else (stack trace truncated; use '--show-trace' to show the full trace) error: Package ‘python-2.7.18.7’ in /nix/store/6s0m1qc31zw3l3kq0q4wd5cp3lqpkq0q-source/pkgs/development/interpreters/python/cpython/2.7/default.nix:335 is marked as insecure, refusing to evaluate. ``` Errors emitted in nested structures (like e.g. when printing `nixpkgs`) will still be printed in brackets. Change-Id: I25aeddf08c017582718cb9772a677bf51b9fc2ad
2024-04-09Merge "Add `repl-overlays`" into mainrebecca “wiggles” turner
2024-04-09docs: put the manual build into a known tmpdireldritch horrors
this isn't strictly necessary, but it'll make it a lot easier to put the generated files used by the autoconf build system in this directory too. doing this now already will make the meson transition a lot easier later Change-Id: I5fb39eade2ff88b6093c9ee436c9e8db793e9448
2024-04-09docs: don't compute SUMMARY.md during buildeldritch horrors
this would make meson build compatibility unnecessarily hard and the cli does not change often enough to justify this complexity. Change-Id: I17b1870cdf8538feeaa01a9945db97af2175a642
2024-04-09docs: don't compute rl-next.md during buildeldritch horrors
not sure why this was done the way it was considering that includes are a feature the doc toolchain had previously. let's just always have some kind of entry for the upcoming release in the dev manual builds even if that means having a completely empty release notes chapter. the release notes generation script isn't entirely functional right now due to pre-commit hooks, but it's good enough for time being. we need a better release process for notes anyway. Change-Id: Ifda6912cf5233db013f72a30247a62d6f22b1565 Change-Id: I9eb347ec4aabc5be2b816ff0fd3e4be45f93b934
2024-04-09docs: skip do custom include processing for mdbookeldritch horrors
mdbook already does include processing of its own, and the custom processing code has always admitted as much. we don't need it for the mdbook build at this point if we run our preprocessors in the right order, and maybe we can even have mdbook to return complete pages to us that we only have to pass to lowdown without any more preprocessing of our own. Change-Id: Icd978acbc3b1e215fee8f062c53ab2cb2a222ab1
2024-04-09docs: remove many link-to-selfeldritch horrors
for some reason these three were anchors, not links, but had they been links they wouldn't've worked because they're not defined anywhere but here. in the print version of the manual they're duplicated many times over (creating id collisions), so we should better remove them anyway. Change-Id: I8988a7c32c812dee0f0b6d4953faa7cd1255228d
2024-04-08Add `repl-overlays`Rebecca Turner
Adds a `repl-overlays` option, which specifies files that can overlay and modify the top-level bindings in `nix repl`. For example, with the following contents in `~/.config/nix/repl.nix`: info: final: prev: let optionalAttrs = predicate: attrs: if predicate then attrs else {}; in optionalAttrs (prev ? legacyPackages && prev.legacyPackages ? ${info.currentSystem}) { pkgs = prev.legacyPackages.${info.currentSystem}; } We can run `nix repl` and use `pkgs` to refer to `legacyPackages.${currentSystem}`: $ nix repl --repl-overlays ~/.config/nix/repl.nix nixpkgs Lix 2.90.0 Type :? for help. Loading installable 'flake:nixpkgs#'... Added 5 variables. Loading 'repl-overlays'... Added 6 variables. nix-repl> pkgs.bash «derivation /nix/store/g08b5vkwwh0j8ic9rkmd8mpj878rk62z-bash-5.2p26.drv» Change-Id: Ic12e0f2f210b2f46e920c33088dfe1083f42391a
2024-04-08build: enable libstdc++ assertionsJade Lovelace
Benchmarks say that it does not regress performance by more than 1% (which is where it gets really hard to measure accurately anyhow). Meson appears to be planning to do this for us without asking us in a release we will get in the future, and it seems good enough to ship today: https://mesonbuild.com/Release-notes-for-1-4-0.html#ndebug-setting-now-controls-c-stdlib-assertions Benchmarks: | Command | Mean [ms] | Min [ms] | Max [ms] | Relative | |:---|---:|---:|---:|---:| | `result-asserts/bin/nix --extra-experimental-features 'nix-command flakes' eval -f ../nixpkgs/pkgs/development/haskell-modules/hackage-packages.nix` | 418.4 ± 25.0 | 396.9 | 451.2 | 1.01 ± 0.08 | | `result/bin/nix --extra-experimental-features 'nix-command flakes' eval -f ../nixpkgs/pkgs/development/haskell-modules/hackage-packages.nix` | 416.1 ± 23.9 | 397.1 | 445.4 | 1.00 | | Command | Mean [s] | Min [s] | Max [s] | Relative | |:---|---:|---:|---:|---:| | `GC_INITIAL_HEAP_SIZE=10g result-asserts/bin/nix eval --extra-experimental-features 'nix-command flakes' --raw --impure --expr 'with import <nixpkgs/nixos> {}; system'` | 4.147 ± 0.021 | 4.123 | 4.195 | 1.00 | | `GC_INITIAL_HEAP_SIZE=10g result/bin/nix eval --extra-experimental-features 'nix-command flakes' --raw --impure --expr 'with import <nixpkgs/nixos> {}; system'` | 4.149 ± 0.027 | 4.126 | 4.215 | 1.00 ± 0.01 | | Command | Mean [s] | Min [s] | Max [s] | Relative | |:---|---:|---:|---:|---:| | `result-asserts/bin/nix --extra-experimental-features 'nix-command flakes' eval --raw --impure --expr 'with import <nixpkgs/nixos> {}; system'` | 5.838 ± 0.023 | 5.799 | 5.867 | 1.01 ± 0.01 | | `result/bin/nix --extra-experimental-features 'nix-command flakes' eval --raw --impure --expr 'with import <nixpkgs/nixos> {}; system'` | 5.788 ± 0.044 | 5.715 | 5.876 | 1.00 | | Command | Mean [s] | Min [s] | Max [s] | Relative | |:---|---:|---:|---:|---:| | `result-asserts/bin/nix --extra-experimental-features 'nix-command flakes' search --no-eval-cache github:nixos/nixpkgs/e1fa12d4f6c6fe19ccb59cac54b5b3f25e160870 hello` | 15.993 ± 0.081 | 15.829 | 16.096 | 1.01 ± 0.01 | | `result/bin/nix --extra-experimental-features 'nix-command flakes' search --no-eval-cache github:nixos/nixpkgs/e1fa12d4f6c6fe19ccb59cac54b5b3f25e160870 hello` | 15.897 ± 0.075 | 15.807 | 16.047 | 1.00 | Fixes: https://git.lix.systems/lix-project/lix/issues/4 Change-Id: Id3a6f38274ba94d5d10b09edd19dfd96bc3e7d5f
2024-04-08Format Nix code with `nixfmt`Rebecca Turner
Change-Id: I61efeb666ff7481c05fcb247168290e86a250151
2024-04-06meson: fix warm nix3 CLI manual generationQyriad
`nix eval --write-to` refuses to write to a directory that exists at all, so now we generate in a temporary directory, and copy the generated tree to the build directory. This is equivalent to what the Make buildsystem did, actually, but hopefully more robust. Future work: documenting the doc generation architecture in the top-level meson.build outline comment. Change-Id: Ic3eb6d26e3cc249a1c042fd3ced22d637ac66a69
2024-04-06always re-eval cached failuresQyriad
This is terrible UX, and frankly an eval failure should be a cache invalidation anyway. This removes the CachedEvalError type entirely. Fixes #223. Change-Id: I91f8003eabd0ea45003024e96d1de3c7ae8e49d8
2024-04-04docs: replace sed invocation with an mdbook preprocessor for @docroot@Qyriad
We're not entirely clear on why the links preprocessor has to be done *before* rather than after, but we assume it is probably that as a builtin preprocessor it does some processing on the raw book source, and not just the JSON data. Also a real use for Python pattern matching? I know I was surprised too. Change-Id: Ibe8b59e7b5bd5f357a655d8b4c5f0b0f58a67d6b
2024-04-04Revert "meson: move nix3 manpage generation into command-ref/"Qyriad
This reverts commit 70954233743a233744787103d3211237a28ddbca. This seems to have broken running ninja on warm build directories, which is not what we want. Reverted until we figure out something better Change-Id: I9623ae078917e7c59a930bf8044a216501d4bb20
2024-04-03Merge "meson: move nix3 manpage generation into command-ref/" into mainQyriad
2024-04-03meson: move nix3 manpage generation into command-ref/Qyriad
This puts the generated files where they are for the make system. This is in preparation for further meson-mdbook stuff. Change-Id: I934df6854a80af5ccf381cf1da0bda0187a8bcfc
2024-04-03repl: improve `:doc` builtin repl command to support lambdas.Lunaphied
For a long time `nix repl` has supported displaying documentation set on builtins, however, it has long been convention to use Markdown comments on Nix functions themselves for documentation. This exposes that information to `nix repl` users in a nice and formatted way. NixOS/rfcs#145 doc-comments are primarily what this feature is intended to consume, however, support for lambda documentation in the repl is experimental. We do our best effort to support the RFC here. These changes are based on [the nix-doc library](https://github.com/lf-/nix-doc) and are licensed under the terms described in the relevant source files. Change-Id: Ic6fe947d39a22540705d890737e336c4720b0a22
2024-04-01doc: remove the -- unescaping hackeldritch horrors
lowdown has an option to disable this behavior. use it. Change-Id: I06d4201b7f528021ddb8e94ac6baff385402e080
2024-03-31Merge pull request #9920 from 9999years/forbid-nested-debuggersThéophane Hufschmitt
Forbid nested debuggers (cherry picked from commit e164b39ee90fd655dbb7f479fdd4fbe38cc883bd) Change-Id: Iff62f40fd251116516a63e2d3f9fb5b21480b16d
2024-03-30Merge "Add `pre-commit` checks" into mainrebecca “wiggles” turner
2024-03-30meson: build and install nix3 manpageseldritch horrors
this notably does *not* install the `nix3-manpages` manpage the old system generated, mostly because that page was empty and just a bug with a coat of documentation paint. Change-Id: I7a4248a72e7bb5e0cc925a6311a33b6b72589569
2024-03-30meson: add manpages for old cli and config fileseldritch horrors
Change-Id: I93384ec774d1945a649f6aaf7cd967c3fb7197f9
2024-03-30build: extract make "functions" into scriptseldritch horrors
we'll want to use these for the meson builds, and probably eventually rewrite them in something that isn't plain shell. diffoscope confirms that out/share and doc/share are equal before and after these changes Change-Id: I49aa418fc8615cad86d67328e08c28a7405ec952
2024-03-29Add `pre-commit` checksRebecca Turner
The big ones here are `trim-trailing-whitespace` and `end-of-file-fixer` (which makes sure that every file ends with exactly one newline character). Change-Id: Idca73b640883188f068f9903e013cf0d82aa1123
2024-03-27Stop vendoring toml11Winter
We don't apply any patches to it, and vendoring it locks users into bugs (it hasn't been updated since its introduction in late 2021). Closes https://git.lix.systems/lix-project/lix/issues/164 Change-Id: Ied071c841fc30b0dfb575151afd1e7f66970fdb9
2024-03-27Enable clang build timing analysisJade Lovelace
I didn't enable this by default for clang due to making the build time 10% worse or so. Unfortunate, but tbh devs for whom 10% of build time is not *that* bad should probably simply enable this. Change-Id: I8d1e5b6f3f76c649a4e2f115f534f7f97cee46e6
2024-03-27build: replace changelog-d with local scripteldritch horrors
hacking changelog-d to support not just github but also forgejo and gerrit is a lot more complicated than it's worth, even moreso since the entire thing can just as well be done with ~60 lines of python. this new script is also much cheaper to instantiate (being python), so having it enabled in all shells is far less of a hassle. we've also adjusted existing release notes that referenced a gerrit cl to auto-link to the cl in question, making the diff a bit bigger closes https://git.lix.systems/lix-project/lix/issues/176 Change-Id: I8ba7dd0070aad9ba4474401731215fcf5d9d2130
2024-03-27manual: fix release noteseldritch horrors
fix key spelling errors, type errors, things-should-not-be-comments errors Change-Id: I3ce12873aa78002bca686bd88404771895b05d30
2024-03-25Merge pull request #8817 from iFreilicht/flake-update-lock-overhaulThéophane Hufschmitt
Overhaul `nix flake update` and `nix flake lock` UX (cherry picked from commit 12a0ae73dbb37becefa5a442eb4532ff0de9ce65) Change-Id: Iff3b4f4235ebb1948ec612036b39ab29e4ca22b2
2024-03-24Improve new CLI UX by supporting short `-E` flag for `--expr`Lunaphied
Change-Id: I55881c846da8416a92a14deedfa5bbbf09a122fb
2024-03-19Merge "un-ups your start" into mainjade