Age | Commit message (Collapse) | Author |
|
The seccomp setup code was a huge chunk of conditionally compiled
platform-specific code. For this reason, it is appropriate to move it to the
platform-specific implementation file. Ideally its setup could be moved a bit
to make it happen at the same place as the Darwin restrictions, but that change
is going to be less mechanical.
Change-Id: I496aa3c4fabf34656aba1e32b0089044ab5b99f8
|
|
Previously, system call filtering (to prevent builders from storing files with
setuid/setgid permission bits or extended attributes) was performed using a
blocklist. While this looks simple at first, it actually carries significant
security and maintainability risks: after all, the kernel may add new syscalls
to achieve the same functionality one is trying to block, and it can even be
hard to actually add the syscall to the blocklist when building against a C
library that doesn't know about it yet. For a recent demonstration of this
happening in practice to Nix, see the introduction of fchmodat2 [0] [1].
The allowlist approach does not share the same drawback. While it does require
a rather large list of harmless syscalls to be maintained in the codebase,
failing to update this list (and roll out the update to all users) in time has
rather benign effects; at worst, very recent programs that already rely on new
syscalls will fail with an error the same way they would on a slightly older
kernel that doesn't support them yet. Most importantly, no unintended new ways
of performing dangerous operations will be silently allowed.
Another possible drawback is reduced system call performance due to the larger
filter created by the allowlist requiring more computation [2]. However, this
issue has not convincingly been demonstrated yet in practice, for example in
systemd or various browsers. To the contrary, it has been measured that the the
actual filter constructed here has approximately the same overhead as a very
simple filter blocking only one system call.
This commit tries to keep the behavior as close to unchanged as possible. The
system call list is in line with libseccomp 2.5.5 and glibc 2.39, which are the
latest versions at the point of writing. Since libseccomp 2.5.5 is already a
requirement and the distributions shipping this together with older versions of
glibc are mostly not a thing any more, this should not lead to more build
failures any more.
[0] https://github.com/NixOS/nixpkgs/issues/300635
[1] https://github.com/NixOS/nix/issues/10424
[2] https://github.com/flatpak/flatpak/pull/4462#issuecomment-1061690607
Change-Id: I541be3ea9b249bcceddfed6a5a13ac10b11e16ad
|
|
* changes:
doc/hacking: fix internal api docs section to say to enable it
doc: Add more about the release note generator
|
|
Change-Id: I8a274227cb1b05d442d3f644603dd2844ecc9d05
|
|
On operating systems where /bin/sh is not Bash, some scripts are invalid
because of bashisms, and building Lix fails with errors like this:
`render-manpage.sh: 3: set: Illegal option -o pipefail`
This modifies all scripts that use a `/bin/sh` shebang to `/usr/bin/env
bash`, including currently POSIX-compliant ones, to prevent any future
confusion.
Change-Id: Ia074cc6db42d40fc59a63726f6194ea0149ea5e0
|
|
Also delete the obsolescent maintainers/release-notes script that is
unmaintained.
Change-Id: I3f4a75d790e8e00e970358ca8f32e8295c91aac3
|
|
This can release x86_64-linux binaries to staging, with ephemeral keys.
I think it's good enough to review at least at this point, so we don't
keep adding more stuff to it to make it harder to review.
Change-Id: Ie95e8f35d1252f5d014e819566f170b30eda152e
|
|
We realized that there's really no good place to put these dev facing
bulletins, and the user-facing release notes aren't really the worst
place to put them, I guess, and we do kind of hope that it converts
users to devs.
Change-Id: Id9387b2964fe291cb5a3f74ad6344157f19b540c
|
|
|
|
We are doing releases totally differently than Nix so this will need
rewriting anyway.
Change-Id: Iba4ad160b9d215fcbf20a14243fd87cfbb527760
|
|
Fate has something different in store for the release process,
backporting process and the general maintainer documentation.
See https://git.lix.systems/lix-project/lix/issues/260.
Change-Id: I626686ff4059aee22a3ab1664b52581b2dbf6ed7
Signed-off-by: Raito Bezarius <raito@lix.systems>
|
|
Change-Id: I6f5fb54f70b02a467bbdee4c526f59da1193f7db
|
|
This allows us to have links to peoples' GitHub and Forgejo profiles.
I used YAML because I don't want to introduce a dependency on having a
working Nix evaluator to be able to build release notes, and we already
have a YAML parser in this script.
Change-Id: Idf2813f79e0407460c796cba6c383496465e152d
|
|
Change-Id: Icdcbd2cf5bf075e7006ce1f8bc0c9d6c35cfd072
|
|
This was a combination of two problems: the python didn't throw an error
because apparently glob on a nonexistent directory doesn't crash, and
secondarily, bash ignores bad exit codes without `set -e` if they are
not in the final/only command.
Change-Id: I812bde7a4daee5c77ffe9d7c73a25fd14969f548
|
|
|
|
Now, we can credit folks for their work.
The credit generator is very basic, we probably want a database of
profiles and link to their preferred page or something.
Change-Id: Ida81905750371e5e125d0ce7e554d0526265cf8e
Co-Authored-By: Jade Lovelace <lix@jade.fyi>
Signed-off-by: Raito Bezarius <raito@lix.systems>
|
|
This is not like, perfect, since it is a manual operation, but we can
automate it in the future. rclone is used, since it seems like awscli is
not (obviously at least?) able to sync directories such that old things
are deleted, and rclone does this thing properly.
Fixes: https://git.lix.systems/lix-project/meta/issues/2
Change-Id: Ia6a46d861342a6d29b22f981ba4e35e79f79e60e
|
|
not sure why this was done the way it was considering that includes are
a feature the doc toolchain had previously. let's just always have some
kind of entry for the upcoming release in the dev manual builds even if
that means having a completely empty release notes chapter.
the release notes generation script isn't entirely functional right now
due to pre-commit hooks, but it's good enough for time being. we need a
better release process for notes anyway.
Change-Id: Ifda6912cf5233db013f72a30247a62d6f22b1565
Change-Id: I9eb347ec4aabc5be2b816ff0fd3e4be45f93b934
|
|
This is in our style guide, we can cheaply enforce it, let's do it.
```
$ pre-commit
check-case-conflicts.....................................................Passed
check-executables-have-shebangs..........................................Passed
check-headers............................................................Failed
- hook id: check-headers
- exit code: 1
Missing pattern @file in file src/libexpr/value.hh
We found some header files that don't conform to the style guide.
The Lix style guide requests that header files:
- Begin with `#pragma once` so they only get parsed once
- Contain a doxygen comment (`/**` or `///`) containing `@file`, for
example, `///@file`, which will make doxygen generate docs for them.
When adding that, consider also adding a `@brief` with a sentence
explaining what the header is for.
For more details: https://wiki.lix.systems/link/3#bkmrk-header-files
check-merge-conflicts....................................................Passed
check-shebang-scripts-are-executable.....................................Passed
check-symlinks.......................................(no files to check)Skipped
end-of-file-fixer........................................................Passed
mixed-line-endings.......................................................Passed
no-commit-to-branch......................................................Passed
release-notes........................................(no files to check)Skipped
treefmt..................................................................Passed
trim-trailing-whitespace.................................................Passed
```
Fixes: https://git.lix.systems/lix-project/lix/issues/233
Change-Id: I77150b9298c844ffedd0f85cc5250ae9208502e3
|
|
This required making the build-release-notes script understand how to
check multiple directories.
Change-Id: I057f5f636155ab6c6fb5755da5217b7e72249ece
|
|
Change-Id: I923e4af099d02d2324777cc9f7e6d38b130aac10
|
|
Change-Id: I61efeb666ff7481c05fcb247168290e86a250151
|
|
For a long time `nix repl` has supported displaying documentation set on
builtins, however, it has long been convention to use Markdown comments
on Nix functions themselves for documentation. This exposes that
information to `nix repl` users in a nice and formatted way.
NixOS/rfcs#145 doc-comments are primarily what this feature is intended
to consume, however, support for lambda documentation in the repl is
experimental. We do our best effort to support the RFC here.
These changes are based on [the nix-doc library](https://github.com/lf-/nix-doc) and
are licensed under the terms described in the relevant source files.
Change-Id: Ic6fe947d39a22540705d890737e336c4720b0a22
|
|
The big ones here are `trim-trailing-whitespace` and `end-of-file-fixer`
(which makes sure that every file ends with exactly one newline
character).
Change-Id: Idca73b640883188f068f9903e013cf0d82aa1123
|
|
I didn't enable this by default for clang due to making the build time
10% worse or so. Unfortunate, but tbh devs for whom 10% of build time is
not *that* bad should probably simply enable this.
Change-Id: I8d1e5b6f3f76c649a4e2f115f534f7f97cee46e6
|
|
hacking changelog-d to support not just github but also forgejo and
gerrit is a lot more complicated than it's worth, even moreso since
the entire thing can just as well be done with ~60 lines of python.
this new script is also much cheaper to instantiate (being python),
so having it enabled in all shells is far less of a hassle.
we've also adjusted existing release notes that referenced a gerrit
cl to auto-link to the cl in question, making the diff a bit bigger
closes https://git.lix.systems/lix-project/lix/issues/176
Change-Id: I8ba7dd0070aad9ba4474401731215fcf5d9d2130
|
|
This uses the forgejo patch we have for dont_notify on issue creation on
the api, and indeed does not notify, so we can simply run the script
safely :D
Fixes: https://git.lix.systems/lix-project/web-services/issues/38
Change-Id: I86bcbf9b4499b439b79b82af84ee7df0f8eb3298
|
|
Turns out also, you cannot set the queue to 0 with any success. So we
really should just like, prevent notifications in forgejo itself.
Filed a bug for that:
https://git.lix.systems/lix-project/web-services/issues/38
Change-Id: Ib96749f3159659182904963cab7b2ef88fc64442
|
|
We needed a script to go yoink all the real NixOS/Nix issues from our
mirror into the Lix repo.
Change-Id: If8c8ebfb58634c675eae450454c0189288c6b18a
|
|
Automatically compile hand-written release notes with `changelog-d`
(cherry picked from commit 928f0c13414d20c1af88b30bd6700fd730ee0bab)
Change-Id: Ia0685835c52edf185b64dd696b19305746c077e5
|
|
as discussed with maintainers team
|
|
Fixes #8451.
|
|
|
|
https://github.com/NixOS/nixpkgs/pull/235463
|
|
|
|
|
|
this allows easier linking and a provides a bit more visual clarity
|
|
|
|
review process: all PRs must be triaged
|
|
the team perceives triaging literally everything as too much overhead,
and there is a desire to allow for more parallel action.
|
|
in order to make the development process more transparent for everyone,
all pull requests should go through the triage process before getting
merged.
this ensures that all team members are aware of what is going on, and
that rationale for decisions is kept track of in the meeting notes for
posterity. (ideally all that should go into the commit history, but this
is a more invasive process change that needs further deliberation.)
having all team members take at least a brief but conscious look at each
change may also help with keeping our quality standards, as more
reviewers are more likely to remind each other of our shared values.
|
|
PRs that don't increase our ongoing obligations (i.e. by adding new
features) but do increase test coverage of existing features are good
things to merge for the health of the project, and thus good to
prioritize.
|
|
add objectives and tasks for Nix team
|
|
add @Ericson2314 to the Nix team
|
|
|
|
|
|
so far there were no even remotely measurable objectives, only a general
purpose statement.
this change is intended to focus the team's work on what I (and many
others I talked to) perceive to be the main pain point in the
development process.
Co-authored-by: solene.rapenne@tweag.io
|
|
Document the release process
|
|
Co-authored-by: Valentin Gagarin <valentin.gagarin@tweag.io>
|