Type checking of secrets was removed in cff6575948 to get rid of yants.
This adds back type checking using Korora.
Fixes https://git.snix.dev/snix/snix/issues/71
Change-Id: I27cd47b7e1810be5c4cd5d86366e860ca217f9c4
Reviewed-on: https://cl.snix.dev/c/snix/+/30118
Tested-by: besadii
Reviewed-by: Ryan Lahfa <masterancpp@gmail.com>
Reviewed-by: Florian Klink <flokli@flokli.de>
This allows us to remove npmlock2nix as a dependency.
Change-Id: Ic08a2ba082618292c6ea34141bcaeb3b04a306a9
Reviewed-on: https://cl.snix.dev/c/snix/+/30117
Tested-by: besadii
Reviewed-by: Florian Klink <flokli@flokli.de>
A similar fix was indeed merged upstream a year ago, but later partially reverted.
Change-Id: I9c0ed259507511ca4e3180f752ba527ea9bca4f8
Reviewed-on: https://cl.tvl.fyi/c/depot/+/13241
Autosubmit: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
* Bump Emacs 29 to 30 to address CVEs in prior versions:
https://github.com/NixOS/nixpkgs/pull/386174
* //3p/overlays/tvl:
- Drop upstreamed fix for buildkite-agent
- Drop tpm2-pkcs11 patch for an issue that has been
addressed in 1.9.1.
- Drop Nix 2.3 patch for home-manager. An alternative
to it has been upstreamed in
<https://github.com/nix-community/home-manager/pull/5067>.
* //users/flokli/presentations: disable derivations that have
been failing since the latest chromium upgrade (presumably).
reveal-md … --print fails to export a PDF. Enabling debug
output reveals that a timeout in pupeteer is hit.
Change-Id: Id83eb5e5fe2db77e648817c5c737b2f95b43deeb
Reviewed-on: https://cl.tvl.fyi/c/depot/+/13217
Autosubmit: sterni <sternenseemann@systemli.org>
Reviewed-by: sterni <sternenseemann@systemli.org>
Reviewed-by: flokli <flokli@flokli.de>
Reviewed-by: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
Upstream has removed its fancy support for units and calculations. It
appears panettone does not rely on this at all.
Change-Id: I9ee3637ba44d1d3c225e6bbfc02b820f3a7d028c
Reviewed-on: https://cl.tvl.fyi/c/depot/+/13230
Reviewed-by: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
Autosubmit: sterni <sternenseemann@systemli.org>
Extracts the required version out of the telega.el Dockerfile (this seems to be
the authoritative source), and matches that against what nixpkgs has.
In a future commit I'll improve this to reduce the likelihood of blocking a
channel bump (by also pinning tdlib, and issuing warnings when nixpkgs has a
newer telega/tdlib).
Change-Id: I1129c1f6b38aa58eb8661f2ad9bc6fa19382d81c
Reviewed-on: https://cl.tvl.fyi/c/depot/+/13220
Tested-by: BuildkiteCI
Reviewed-by: tazjin <tazjin@tvl.su>
Buildkite introduced a weird check that determines whether the bootstrap agent
path (?) matches the binary that the agent was started from:
https://github.com/buildkite/agent/pull/3123
They did this to work around some internal development flow problems. However,
this check is toggled by whether or not the `buildNumber` compile-time variable
is set to the special `x` sentinel value.
In their publicly released binaries (which we do not use, of course), this is
set to some other value. In Nix builds they are at the default sentinel value,
causing crashes at startup because of the wrapper script not matching the binary
path:
```
buildkite-agent: fatal: check binary paths: mismatched buildkite-agent paths: host="/nix/store/rmp9g00bppi8yimr0ngnx6490w196in8-buildkite-agent-3.89.0/bin/.buildkite-agent-wrapped" bootstrap="/nix/store/rmp9g00bppi8yimr0ngnx6490w196in8-buildkite-agent-3.89.0/bin/buildkite-agent"
```
To work around this we just set the build "number" to `nix`.
Change-Id: I794861aeaf63764689148cae841ce56f88752186
Reviewed-on: https://cl.tvl.fyi/c/depot/+/13205
Autosubmit: tazjin <tazjin@tvl.su>
Reviewed-by: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
Our maintenance branch includes additional concurrency fixes which are not in
the upstream 2.3 branch.
These issues are fixed in C++ Nix HEAD, but in a more invasive way (by removing
the second set of locks completely).
This also retains additional debug information in the built binaries to make
future issues easier to debug.
Change-Id: I4e7a8baabd059c96404822d9634df52c403a869f
Reviewed-on: https://cl.tvl.fyi/c/depot/+/13135
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
* //tvix/*-go: regenerate protobuf files
* //tvix/boot:
- Explicitly set compression method of mkBinaryCache which has
made this configurable and (at the same time) changed the default.
- Adjust to change of extension of the nar files from .nar.xz to
plain .xz.
Change-Id: Ie79ea8e0ac8fe04ae01f5558bffca93e9314f56d
Reviewed-on: https://cl.tvl.fyi/c/depot/+/13174
Autosubmit: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
Reviewed-by: flokli <flokli@flokli.de>
Build //3p/lisp from pkgs proper, i.e. nixpkgs' nixos-unstable channel
instead of nixos-23.11 (yikes).
Basically, multiple package sets are attached to the different lisp
implementations now instead of having a “generic” lispPackages
set (which defaults to sbcl). We can just use that instead even though
it looks a bit weird having `srcOnly sbcl.pkgs.foo` everywhere when the
packages is not necessarily related to SBCL.
We could in theory create a source only package set by abusing how the
infrastructure works internally, but it's probably somewhat brittle:
callPackage (pkgs.path + "/pkgs/development/lisp-modules/imported.nix") {
build-asdf-system = { src, ... }: src;
}
Since we do a pretty hefty jump in package versions, many packages have
to be adapted to internal changes and restructuring:
- bordeaux-threads
- cffi
- cl-colors2 (which has been deprecated, but is still required by other
packages)
- cl-smtp
- cl-plus-ssl
- cl-prevalence
- hunchentoot (compiling the asd file no longer seemed to work)
- ironclad (fixes for SBCL compiler warnings caused a CCL compiler
warning)
- nibbles (revert the only commit to sbcl-opt/x86-vm.lisp that's new
compared to canon since it broke compilation for unknown reasons)
The following new packages had to be added as existing packages added
new dependencies:
- frugal-uuid, frugal-uuid/non-frugal
- trivial-clock
Change-Id: I8b94894df0357907cf2b27cf1e34a7e804b68e02
Reviewed-on: https://cl.tvl.fyi/c/depot/+/13134
Autosubmit: sterni <sternenseemann@systemli.org>
Reviewed-by: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
Included changes:
* targeted primary NixOS channel back at `nixos-unstable`
* //3p/chicago95: disable new broken symlink check
* //tvix: omit unnecessary lifetime clippy recommends
* //users/sterni/blipqn: wait a bit for data to arrive in test so it
succeeds under load.
* //fun/paroxysm: force pkg-config flag of pq-sys by adding a bogus
dependency on it. Otherwise, pq-sys will try to use pg_config
which does not work correctly in pkgs.libpq at the moment.
* //users/flokli/keyboards/dilemma: disable temporarily
Change-Id: I6d53bd7bca6886f3457e1f41505e97314f4cd191
Reviewed-on: https://cl.tvl.fyi/c/depot/+/13119
Reviewed-by: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
Reviewed-by: flokli <flokli@flokli.de>
Autosubmit: tazjin <tazjin@tvl.su>
Reviewed-by: aspen <root@gws.fyi>
Reviewed-by: sterni <sternenseemann@systemli.org>
Included changes/fixes:
* bumped all `wasm-bindgen` usages again
* regenerated protobuf files
* keycloak terraform provider has been migrated to new name
This also included a state migration in the bucket, which I've already
performed.
* tvix/boot: disable tests that are broken in CI
* users/aspen/yeren: avoid upgrading kernel to 6.12
digimend depends on a fix: https://github.com/NixOS/nixpkgs/pull/378830/
Change-Id: I657dcf5c4d0d08f231bfe30e37c8062bfcfaaa32
Reviewed-on: https://cl.tvl.fyi/c/depot/+/13098
Reviewed-by: aspen <root@gws.fyi>
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
Autosubmit: tazjin <tazjin@tvl.su>
These have been deprecated for a while.
Change-Id: Iafeac725c84d6c5cae42dd7acdf01239bbcfdd96
Reviewed-on: https://cl.tvl.fyi/c/depot/+/13114
Tested-by: BuildkiteCI
Autosubmit: flokli <flokli@flokli.de>
Reviewed-by: sterni <sternenseemann@systemli.org>
This (temporarily) bumps the nixpkgs channel to nixos-unstable-small, because it
has an update I really want, and also to stress-test the new builders.
Included fixes:
* disabled tests in niri to avoid a flaky test; this is fixed upstream already,
but the change is still percolating through
* regenerated Go protobufs
Change-Id: Ia09fdc38f620fe8301c2111b0e4c142f37df2dd5
Reviewed-on: https://cl.tvl.fyi/c/depot/+/12991
Reviewed-by: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
Autosubmit: tazjin <tazjin@tvl.su>
Not all dependencies in //third_party/sources are equally important for
evaluation, some are never used (e.g. rustsec-advisory-db is re-fetched
using fetchFromGitHub). It seems to be a good idea to make it
configurable what to gcroot and thus unconditionally download as soon
as .envrc is loaded for the first time.
This frees //third_party/sources to be used more extensively, e.g. for
managing third_party dependencies that aren't used at eval time.
This commit is very conservative and only gcroots:
- nixpkgs, nixpgs-stable (obviously)
- rust-overlay (applied to our nixpkgs instance unconditionally)
- home-manager (used in //third_party/overlays/tvl)
I'm open to re-enabling gcrooting of the following other sources which
are only necessary to evaluate some targets:
- agenix (obvious candidate, widely used in depot)
- naersk (used for many targets)
- napalm (used in //users/Profpatsch and //users/sterni)
- impermanence (only used in //users/tazjin)
Change-Id: I39eef14d08bec6857499655e30ecf47d5fdd1260
Reviewed-on: https://cl.tvl.fyi/c/depot/+/12965
Tested-by: BuildkiteCI
Reviewed-by: tazjin <tazjin@tvl.su>
The Nix code used to access niv's pins has changed and now deals with plain git
dependencies slightly differently.
This change should be no-op functionally.
Change-Id: I6834594d10078b03f23252901143c941ff523cdf
Reviewed-on: https://cl.tvl.fyi/c/depot/+/12946
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
Autosubmit: tazjin <tazjin@tvl.su>
Last one of the year! С наступающим)
Fixes:
* users/wpcarro: remove use-package from emacs packages (it has been built-in
for a while now)
* users/sterni: the same thing
* users/aspen: remove `coz`, forwardport `gdmap` from stable
* users/flokli: dropped corneish_zen firmware from CI
This firmware depends on a non-reproducible FOD which, when updated, causes
build failures. We have worked around this repeatedly, but it needs to be
fixed properly.
* tvix: regenerate Go protobufs
* tvix: address new clippy lints
* tvix/{castore,store,build}-go: update grpc/protobuf libraries
* tvix/eval: formatting fixes
* 3p/overlays/tvl: work around GCC 14 -Werrors
Change-Id: Ice5948ca7780192fb7d2abc6a48971fb875f03c9
Reviewed-on: https://cl.tvl.fyi/c/depot/+/12933
Reviewed-by: tazjin <tazjin@tvl.su>
Reviewed-by: sterni <sternenseemann@systemli.org>
Reviewed-by: aspen <root@gws.fyi>
Autosubmit: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
I'm not really describing what the problem here is because I don't
think a writeup is really useful. It would just be speculation and
I don't need to syncronize my efforts with anyone at the moment,
so it's best to keep those notes offline.
Basically, the next problem I want to tackle is that the initial
parsing of a multipart message (to get the number, types, offsets
etc. of the different parts) is very slow. This is because READ-LINE
on a FLEXI-STREAM dispatches to READ-CHAR which is laughably slow.
Change-Id: Ia5d6e335abb23639cfe9c2149ead99ffa5dbbcf5
Reviewed-on: https://cl.tvl.fyi/c/depot/+/12936
Reviewed-by: sterni <sternenseemann@systemli.org>
Autosubmit: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
* //users/flokli/keyboards/chocofi:
The hash got invalidated somehow which I've updated (to what
https://buildkite.com/tvl/depot/builds/37991#0193f512-78ba-491f-af60-a23e987def95
showed). This seems to have triggered an update of ZMK and some
options have gotten renamed.
Change-Id: I5a62cd4636c23bfdeae671da7b8acb0f02cc2263
Reviewed-on: https://cl.tvl.fyi/c/depot/+/12905
Reviewed-by: tazjin <tazjin@tvl.su>
Autosubmit: sterni <sternenseemann@systemli.org>
Reviewed-by: flokli <flokli@flokli.de>
Tested-by: BuildkiteCI
* //tools/nixery/popcount:
replace removed buildGoPackage with buildGoModule.
* //users/aspen/system/system/modules:
pkgs.nerdfonts has been removed. Instead we have a
pkgs.nerd-fonts attribute set that contains all fonts
as individual derivations.
* //users/tazjin/presentations:
The ms package was removed from texlive for some reason
in the latest release. Replace it with the packages it
bundles (according to CTAN).
* //tvix/verify-lang-tests:
Test on latest Nix release 2.25.2.
* //tvix/*-go:
regenerate code from protobufs.
Change-Id: I19fcb3a0267f929f6e7388aa69ad99ac53b62236
Reviewed-on: https://cl.tvl.fyi/c/depot/+/12859
Autosubmit: sterni <sternenseemann@systemli.org>
Reviewed-by: tazjin <tazjin@tvl.su>
Reviewed-by: flokli <flokli@flokli.de>
Reviewed-by: aspen <root@gws.fyi>
Tested-by: BuildkiteCI
Because OPEN-DECODED-FILE-PORTION only knows about transfer encodings it
would only return a character stream for 7bit encoded bodies. This
causes inconsistent behavior where some bodies would return binary and
some character streams. To fix this, we specialize MIME-BODY-STREAM for
MIME-TEXT parts which may or may not be a good enough solution.
We may actually want to make MIME-BODY-STREAM binary always and let the
user handle decoding?! This may be a good idea to take care after yet
another stream machinery redesign.
Since the mime4cl test suite doesn't test MIME-BODY-STREAM (much), add a
message generated by notemap that hits this issue to the mblog golden
test suite.
Change-Id: Ie340c42ced6c693af9b3c84b177408d6b6d2c9c4
Reviewed-on: https://cl.tvl.fyi/c/depot/+/12913
Reviewed-by: sterni <sternenseemann@systemli.org>
Autosubmit: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
This should allow for refactors with more confidence as we can make sure
base functionality stays the same. It is important to test image
extraction, so unfortunately we need to check in a base64 rendering of
an image file. I've used //users/tvlbot.jpg, so git should at least be
able to deduplicate the extracted content. Note that this was achieved
by altering the note message since I wasn't able to add the picture in
the iOS Notes.app without the image being recompressed.
To get extra benefit, we also add the test note to the mime4cl test suite.
The expected output can be updated with
mblog $(mg build :maildir) expected
Change-Id: I0aa493b206439018ad89745bacbd47af78bd1396
Reviewed-on: https://cl.tvl.fyi/c/depot/+/12911
Tested-by: BuildkiteCI
Autosubmit: sterni <sternenseemann@systemli.org>
Reviewed-by: sterni <sternenseemann@systemli.org>
These functions are not very useful—as far as I'm aware at least—, are
not implemented very efficiently and totally untested. Remove them for
now. See also r/8978.
Change-Id: If9d277b460c3ed728a171bc29dd626c4c5fc0313
Reviewed-on: https://cl.tvl.fyi/c/depot/+/12868
Reviewed-by: sterni <sternenseemann@systemli.org>
Autosubmit: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
This is far from comprehensive, mainly covering stuff I'm interested for
mblog currently. I should extend it as I go. The cases I've added reveal
something I've noticed recently: The worst performing part of mime4cl
seems to be the initial parsing of the message. My current theory is
that this is due to the use of READ-LINE in DO-MULTIPART-PARTS which
seems to ultimately dispatch to READ-CHAR internally due to the way our
streams are set up. We should look into fixing this soon.
It may be interesting to add this to windtunnel at some point, but I'd
rather not burden a runner with this given that mime4cl is only worked
on once every blue moon and I'm the only user.
Change-Id: I001de3aac01f8aa7ea923b43b2db29cf66a4aac3
Reviewed-on: https://cl.tvl.fyi/c/depot/+/12864
Reviewed-by: sterni <sternenseemann@systemli.org>
Autosubmit: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
As it turns out, some of the load/compile time set up the package does
doesn't work in ECL for unknown reasons at the moment. Executables using
closure-* will crash after starting up:
;;; Checking for wide character support... WARNING: Lisp implementation doesn't use UTF-16, but accepts surrogate code points.
yes, using code points.
;;; Building Closure with CHARACTER RUNES
Condition of type: SIMPLE-ERROR
Invalid relative pathname #P"package.lisp" for component ("closure-common" "package")
Change-Id: I4b4bf96835a39696884ec6fea9c249fdeb53c853
Reviewed-on: https://cl.tvl.fyi/c/depot/+/12863
Reviewed-by: sterni <sternenseemann@systemli.org>
Autosubmit: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
Only significant implementation specific code at the moment is FILE-SIZE
which isn't very important. We can also easily implement it for CCL.
Additionally, we clean up an unused lexical variable warning and remove
a duplicate definiton of MIME-TYPE-STRING fro MIME-UNKNOWN-PART that CCL
doesn't like.
Change-Id: I7c960e50dcdc1d3e46cb4945f36ea315a3c9838d
Reviewed-on: https://cl.tvl.fyi/c/depot/+/12862
Autosubmit: sterni <sternenseemann@systemli.org>
Reviewed-by: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
This is a silly mistake and was not caught because FILE-SIZE isn't
exercised in the test suite. We can probably remove MIME-BODY-SIZE and
look into removing MIME-PART-SIZE as well. I just want to be thorough
here so that we can revert into a non-broken state in case we decide we
need those functions for something.
Change-Id: I5bbb3dde6616220fc3b6feddbf7a39b6a9b0ea0d
Reviewed-on: https://cl.tvl.fyi/c/depot/+/12861
Autosubmit: sterni <sternenseemann@systemli.org>
Reviewed-by: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI