Commit graph

91 commits

Author SHA1 Message Date
alois31 741d3b441c
libstore: add LocalDerivationGoal setupSyscallFilter hook
The seccomp setup code was a huge chunk of conditionally compiled
platform-specific code. For this reason, it is appropriate to move it to the
platform-specific implementation file. Ideally its setup could be moved a bit
to make it happen at the same place as the Darwin restrictions, but that change
is going to be less mechanical.

Change-Id: I496aa3c4fabf34656aba1e32b0089044ab5b99f8
2024-08-06 18:27:09 +02:00
alois31 127ee1a101
libstore/build: use an allowlist approach to syscall filtering
Previously, system call filtering (to prevent builders from storing files with
setuid/setgid permission bits or extended attributes) was performed using a
blocklist. While this looks simple at first, it actually carries significant
security and maintainability risks: after all, the kernel may add new syscalls
to achieve the same functionality one is trying to block, and it can even be
hard to actually add the syscall to the blocklist when building against a C
library that doesn't know about it yet. For a recent demonstration of this
happening in practice to Nix, see the introduction of fchmodat2 [0] [1].

The allowlist approach does not share the same drawback. While it does require
a rather large list of harmless syscalls to be maintained in the codebase,
failing to update this list (and roll out the update to all users) in time has
rather benign effects; at worst, very recent programs that already rely on new
syscalls will fail with an error the same way they would on a slightly older
kernel that doesn't support them yet. Most importantly, no unintended new ways
of performing dangerous operations will be silently allowed.

Another possible drawback is reduced system call performance due to the larger
filter created by the allowlist requiring more computation [2]. However, this
issue has not convincingly been demonstrated yet in practice, for example in
systemd or various browsers. To the contrary, it has been measured that the the
actual filter constructed here has approximately the same overhead as a very
simple filter blocking only one system call.

This commit tries to keep the behavior as close to unchanged as possible. The
system call list is in line with libseccomp 2.5.5 and glibc 2.39, which are the
latest versions at the point of writing. Since libseccomp 2.5.5 is already a
requirement and the distributions shipping this together with older versions of
glibc are mostly not a thing any more, this should not lead to more build
failures any more.

[0] https://github.com/NixOS/nixpkgs/issues/300635
[1] https://github.com/NixOS/nix/issues/10424
[2] https://github.com/flatpak/flatpak/pull/4462#issuecomment-1061690607

Change-Id: I541be3ea9b249bcceddfed6a5a13ac10b11e16ad
2024-07-25 18:24:40 +02:00
jade 9afb0fe41c Merge changes I476a2516,I8a274227 into main
* changes:
  doc/hacking: fix internal api docs section to say to enable it
  doc: Add more about the release note generator
2024-06-26 17:34:45 +00:00
jade e537678f1e doc: Add more about the release note generator
Change-Id: I8a274227cb1b05d442d3f644603dd2844ecc9d05
2024-06-25 21:22:37 -07:00
vigress8 c7af89c797 change shebangs of all .sh scripts to bash
On operating systems where /bin/sh is not Bash, some scripts are invalid
because of bashisms, and building Lix fails with errors like this:
`render-manpage.sh: 3: set: Illegal option -o pipefail`
This modifies all scripts that use a `/bin/sh` shebang to `/usr/bin/env
bash`, including currently POSIX-compliant ones, to prevent any future
confusion.

Change-Id: Ia074cc6db42d40fc59a63726f6194ea0149ea5e0
2024-06-24 14:00:43 -07:00
jade 79404f7ffc releng: automatically add to the summary page
Also delete the obsolescent maintainers/release-notes script that is
unmaintained.

Change-Id: I3f4a75d790e8e00e970358ca8f32e8295c91aac3
2024-06-15 18:46:18 -07:00
jade c32a01f9eb Put into place initial release engineering
This can release x86_64-linux binaries to staging, with ephemeral keys.
I think it's good enough to review at least at this point, so we don't
keep adding more stuff to it to make it harder to review.

Change-Id: Ie95e8f35d1252f5d014e819566f170b30eda152e
2024-06-06 20:53:08 -07:00
jade 24057dcb6a Remove rl-next-dev
We realized that there's really no good place to put these dev facing
bulletins, and the user-facing release notes aren't really the worst
place to put them, I guess, and we do kind of hope that it converts
users to devs.

Change-Id: Id9387b2964fe291cb5a3f74ad6344157f19b540c
2024-06-06 15:08:12 -07:00
raito 8e1a883186 Merge "chore: remove incorrect maintainers/*.md documentation" into main 2024-05-20 12:35:20 +00:00
jade a354779d78 Remove upload-release.pl
We are doing releases totally differently than Nix so this will need
rewriting anyway.

Change-Id: Iba4ad160b9d215fcbf20a14243fd87cfbb527760
2024-05-19 13:53:39 -07:00
raito 93dbb698b3 chore: remove incorrect maintainers/*.md documentation
Fate has something different in store for the release process,
backporting process and the general maintainer documentation.

See #260.

Change-Id: I626686ff4059aee22a3ab1664b52581b2dbf6ed7
Signed-off-by: Raito Bezarius <raito@lix.systems>
2024-05-19 16:58:52 +02:00
jade 2a7b3d7c94 build-release-notes: add change author metadata and use it
Change-Id: I6f5fb54f70b02a467bbdee4c526f59da1193f7db
2024-05-15 14:33:35 -07:00
jade c8329e5667 build-release-notes: add change author info DB
This allows us to have links to peoples' GitHub and Forgejo profiles.

I used YAML because I don't want to introduce a dependency on having a
working Nix evaluator to be able to build release notes, and we already
have a YAML parser in this script.

Change-Id: Idf2813f79e0407460c796cba6c383496465e152d
2024-05-15 14:33:35 -07:00
jade 79ee9355ae build-release-notes: support categories
Change-Id: Icdcbd2cf5bf075e7006ce1f8bc0c9d6c35cfd072
2024-05-15 13:27:31 -07:00
jade 03655c310d build-release-notes: fail if the directory does not exist
This was a combination of two problems: the python didn't throw an error
because apparently glob on a nonexistent directory doesn't crash, and
secondarily, bash ignores bad exit codes without `set -e` if they are
not in the final/only command.

Change-Id: I812bde7a4daee5c77ffe9d7c73a25fd14969f548
2024-05-15 20:18:50 +00:00
jade f5828f2ee0 Merge "feat: add credits field to release note generator" into main 2024-05-15 20:18:21 +00:00
raito c52eba4424 feat: add credits field to release note generator
Now, we can credit folks for their work.

The credit generator is very basic, we probably want a database of
profiles and link to their preferred page or something.

Change-Id: Ida81905750371e5e125d0ce7e554d0526265cf8e
Co-Authored-By: Jade Lovelace <lix@jade.fyi>
Signed-off-by: Raito Bezarius <raito@lix.systems>
2024-05-14 19:26:09 -07:00
jade 58ff8960cd doc: add a script to upload the nightly manual manually
This is not like, perfect, since it is a manual operation, but we can
automate it in the future. rclone is used, since it seems like awscli is
not (obviously at least?) able to sync directories such that old things
are deleted, and rclone does this thing properly.

Fixes: lix-project/meta#2
Change-Id: Ia6a46d861342a6d29b22f981ba4e35e79f79e60e
2024-05-14 14:28:01 -07:00
eldritch horrors d9bc197ff4 docs: don't compute rl-next.md during build
not sure why this was done the way it was considering that includes are
a feature the doc toolchain had previously. let's just always have some
kind of entry for the upcoming release in the dev manual builds even if
that means having a completely empty release notes chapter.

the release notes generation script isn't entirely functional right now
due to pre-commit hooks, but it's good enough for time being. we need a
better release process for notes anyway.

Change-Id: Ifda6912cf5233db013f72a30247a62d6f22b1565

Change-Id: I9eb347ec4aabc5be2b816ff0fd3e4be45f93b934
2024-04-09 02:09:36 +00:00
jade 1e74bffd5c pre-commit check for pragma once and ///@file
This is in our style guide, we can cheaply enforce it, let's do it.

```
$ pre-commit
check-case-conflicts.....................................................Passed
check-executables-have-shebangs..........................................Passed
check-headers............................................................Failed
- hook id: check-headers
- exit code: 1

Missing pattern @file in file src/libexpr/value.hh

We found some header files that don't conform to the style guide.

The Lix style guide requests that header files:
- Begin with `#pragma once` so they only get parsed once
- Contain a doxygen comment (`/**` or `///`) containing `@file`, for
  example, `///@file`, which will make doxygen generate docs for them.

  When adding that, consider also adding a `@brief` with a sentence
  explaining what the header is for.

For more details: https://wiki.lix.systems/link/3#bkmrk-header-files

check-merge-conflicts....................................................Passed
check-shebang-scripts-are-executable.....................................Passed
check-symlinks.......................................(no files to check)Skipped
end-of-file-fixer........................................................Passed
mixed-line-endings.......................................................Passed
no-commit-to-branch......................................................Passed
release-notes........................................(no files to check)Skipped
treefmt..................................................................Passed
trim-trailing-whitespace.................................................Passed
```

Fixes: #233
Change-Id: I77150b9298c844ffedd0f85cc5250ae9208502e3
2024-04-08 16:10:57 -07:00
jade 06f17a5c78 release-notes: check with pre-commit
This required making the build-release-notes script understand how to
check multiple directories.

Change-Id: I057f5f636155ab6c6fb5755da5217b7e72249ece
2024-04-08 15:40:12 -07:00
jade 860b34cf07 build-release-notes: support multiple PRs/CLs
Change-Id: I923e4af099d02d2324777cc9f7e6d38b130aac10
2024-04-08 15:29:19 -07:00
Rebecca Turner cfbcf12276 Format Nix code with nixfmt
Change-Id: I61efeb666ff7481c05fcb247168290e86a250151
2024-04-08 13:00:00 -07:00
Lunaphied 7a1054fa5f repl: improve :doc builtin repl command to support lambdas.
For a long time `nix repl` has supported displaying documentation set on
builtins, however, it has long been convention to use Markdown comments
on Nix functions themselves for documentation. This exposes that
information to `nix repl` users in a nice and formatted way.

NixOS/rfcs#145 doc-comments are primarily what this feature is intended
to consume, however, support for lambda documentation in the repl is
experimental. We do our best effort to support the RFC here.

These changes are based on [the nix-doc library](https://github.com/lf-/nix-doc) and
are licensed under the terms described in the relevant source files.

Change-Id: Ic6fe947d39a22540705d890737e336c4720b0a22
2024-04-03 13:47:22 -06:00
Rebecca Turner 2a98ba8b97 Add pre-commit checks
The big ones here are `trim-trailing-whitespace` and `end-of-file-fixer`
(which makes sure that every file ends with exactly one newline
character).

Change-Id: Idca73b640883188f068f9903e013cf0d82aa1123
2024-03-29 22:57:40 -07:00
jade 412a9c9f67 Enable clang build timing analysis
I didn't enable this by default for clang due to making the build time
10% worse or so. Unfortunate, but tbh devs for whom 10% of build time is
not *that* bad should probably simply enable this.

Change-Id: I8d1e5b6f3f76c649a4e2f115f534f7f97cee46e6
2024-03-27 03:52:57 +00:00
eldritch horrors 279e30e7ef build: replace changelog-d with local script
hacking changelog-d to support not just github but also forgejo and
gerrit is a lot more complicated than it's worth, even moreso since
the entire thing can just as well be done with ~60 lines of python.
this new script is also much cheaper to instantiate (being python),
so having it enabled in all shells is far less of a hassle.

we've also adjusted existing release notes that referenced a gerrit
cl to auto-link to the cl in question, making the diff a bit bigger

closes #176

Change-Id: I8ba7dd0070aad9ba4474401731215fcf5d9d2130
2024-03-27 03:09:14 +00:00
jade 33da9c09c8 Issue importer: do not notify
This uses the forgejo patch we have for dont_notify on issue creation on
the api, and indeed does not notify, so we can simply run the script
safely :D

Fixes: lix-project/web-services#38

Change-Id: I86bcbf9b4499b439b79b82af84ee7df0f8eb3298
2024-03-23 19:03:34 -07:00
jade 81be5eb7c6 issue importer: list issues that are *not* closed when finding existing issues
Turns out also, you cannot set the queue to 0 with any success. So we
really should just like, prevent notifications in forgejo itself.

Filed a bug for that:
lix-project/web-services#38

Change-Id: Ib96749f3159659182904963cab7b2ef88fc64442
2024-03-18 18:14:31 -07:00
jade 3392020710 Forgejo issue importer
We needed a script to go yoink all the real NixOS/Nix issues from our
mirror into the Lix repo.

Change-Id: If8c8ebfb58634c675eae450454c0189288c6b18a
2024-03-16 00:22:33 -07:00
eldritch horrors e8a488236c Merge pull request #9393 from hercules-ci/changelog-d
Automatically compile hand-written release notes with `changelog-d`

(cherry picked from commit 928f0c13414d20c1af88b30bd6700fd730ee0bab)
Change-Id: Ia0685835c52edf185b64dd696b19305746c077e5
2024-03-04 07:11:19 +01:00
Valentin Gagarin b6e74ea5a8
maintainers: add note on marking PRs as draft
as discussed with maintainers team
2023-06-19 10:55:34 +02:00
Eelco Dolstra 76e032bcf8 Upload the manual to releases.nixos.org
Fixes #8451.
2023-06-06 15:37:26 +02:00
Eelco Dolstra d14f993a76 Fix MIME type 2023-06-06 14:03:24 +02:00
Eelco Dolstra 42e908a308 Upload fallback-paths.nix as part of the release
https://github.com/NixOS/nixpkgs/pull/235463
2023-06-06 13:56:43 +02:00
Eelco Dolstra ebed259768 Bump version 2023-05-31 17:09:38 +02:00
Eelco Dolstra f3a88857b4 maintainers/upload-release.pl: Don't update nix-fallback-paths.nix 2023-05-30 11:49:59 +02:00
Valentin Gagarin feb2200ba6 use headings instead of list items
this allows easier linking and a provides a bit more visual clarity
2023-05-02 11:30:27 +02:00
Valentin Gagarin 521cca1840 add procedure for 'idea approved' label 2023-05-02 11:28:03 +02:00
Théophane Hufschmitt 1707e7ea5f
Merge pull request #7579 from fricklerhandwerk/review-process
review process: all PRs must be triaged
2023-04-05 01:57:17 +02:00
Valentin Gagarin f912ab89cc only triage non-trivial pull requests
the team perceives triaging literally everything as too much overhead,
and there is a desire to allow for more parallel action.
2023-04-05 01:27:15 +02:00
Valentin Gagarin 6c651599b0 review process: all PRs must be triaged
in order to make the development process more transparent for everyone,
all pull requests should go through the triage process before getting
merged.

this ensures that all team members are aware of what is going on, and
that rationale for decisions is kept track of in the meeting notes for
posterity. (ideally all that should go into the commit history, but this
is a more invasive process change that needs further deliberation.)

having all team members take at least a brief but conscious look at each
change may also help with keeping our quality standards, as more
reviewers are more likely to remind each other of our shared values.
2023-03-28 11:51:57 +02:00
John Ericson 95dabbadd8 Prioritize testing in the maintainers process docs
PRs that don't increase our ongoing obligations (i.e. by adding new
features) but do increase test coverage of existing features are good
things to merge for the health of the project, and thus good to
prioritize.
2023-03-16 22:27:46 -04:00
Valentin Gagarin d9f60ffb81
Merge pull request #7534 from fricklerhandwerk/maintainers-goals
add objectives and tasks for Nix team
2023-03-13 14:01:15 +01:00
Eelco Dolstra 02bf521968
Merge pull request #7580 from fricklerhandwerk/nix-team-add-john
add @Ericson2314 to the Nix team
2023-03-06 15:02:07 +01:00
Eelco Dolstra 378508a877 Bump version 2023-03-02 10:01:24 +01:00
Valentin Gagarin 164a5e2629 incorporate feedback from maintainers 2023-02-24 15:05:31 +01:00
Valentin Gagarin a556143dc1 add objectives and tasks for Nix team
so far there were no even remotely measurable objectives, only a general
purpose statement.

this change is intended to focus the team's work on what I (and many
others I talked to) perceive to be the main pain point in the
development process.

Co-authored-by: solene.rapenne@tweag.io
2023-02-24 09:50:06 +01:00
Eelco Dolstra 92611e6e4c
Merge pull request #7412 from edolstra/release-process
Document the release process
2023-02-24 09:13:46 +01:00
Robert Hensing 40d8955b89
Apply suggestions from code review
Co-authored-by: Valentin Gagarin <valentin.gagarin@tweag.io>
2023-02-08 00:24:28 +01:00