This extends the package set import mechanism in
build-registry-image.nix with several different options:
1. Importing a nixpkgs channel from Github (the default, pinned to
nixos-19.03)
2. Importing a custom Nix git repository. This uses builtins.fetchGit
and can thus rely on git/SSH configuration in the environment (such
as keys)
3. Importing a local filesystem path
As long as the repository pointed at is either a checkout of nixpkgs,
or nixpkgs overlaid with custom packages this will work.
A special syntax has been defined for how these three options are
passed in, but users should not need to concern themselves with it as
it will be taken care of by the server component.
This relates to #3.
Adds git & SSH as part of the Nixery image, which are required to use
Nix's builtins.fetchGit.
The dependency on interactive tools is dropped, as it was only
required during development when debugging the image building process
itself.
Introduce an empty runtime configuration object in each built layer.
This is required because Kubernetes expects the configuration to be
present (even if it's just empty values).
Providing an empty configuration will make Docker's API return a full
configuration struct with default (i.e. empty) values rather than
`null`, which works for Kubernetes.
This fixes issue #1. See the issue for additional details.
startProcess does not appear to send the exit code to the helper
correctly. Not sure why this is, but it is probably safe to just
fallback on all sandbox errors.
--
788c948f698afe5998738cbb40b0629668640d73 by Derek Mauro <dmauro@google.com>:
Add an empty raw_logging_internal library. The raw_logging sources
will eventually migrate here.
This target will only contain internal sources. Abseil compatibility
guidelines require users not depend on internals.
https://abseil.io/about/compatibility
PiperOrigin-RevId: 260712817
--
8ea947ec54f47fb02e97597d243cb63aa4c5fe0b by Abseil Team <absl-team@google.com>:
Fixed an incorrect version number test for optional,etc. availability
in iOS. Added tests for watchOS and tvOS.
PiperOrigin-RevId: 260490390
--
53af0544277dc3020b81d16ce110e7bc89f5cf6e by Jorg Brown <jorg@google.com>:
Test the error-string path a bit more.
PiperOrigin-RevId: 260175886
GitOrigin-RevId: 788c948f698afe5998738cbb40b0629668640d73
Change-Id: I366b73331857dc5a1db843b650c2ba27a69a141e
Instead of just dispatching on URL regexes, use handlers to split the
routes into registry-related handlers and otherwise(tm).
For now the otherwise(tm) consists of a file server serving the static
directory, rather than just a plain match on the index route.
This also required making the noodles character not actually the emoji,
since the emoji being double-width means it still gets overwritten when
you walk to the right of it (D:)
Rather than overwriting entities with the same ID when appending, make
EntityMap::append actually respect the internal invariants of the map
and preserve entities from both sides, with no regard for their id.
Add a new Wall entity, and allow converting generated levels to entity
maps containing them, then finally displaying them using some of
the (now expanded) box drawing machinery.
Add a generic text-prompt system to the Game, and use it to prompt the
character for their name on startup. There's also a Promise type in
util, which is used for the result of the prompt.
* exwm-workspace.el (exwm-workspace--original-handle-focus-in)
(exwm-workspace--original-handle-focus-out): Store the original
`handle-focus-{in,out}'.
(exwm-workspace-switch): Now that `handle-focus-{in,out}' has been
updated to call other stuffs like `after-focus-change-function', we
can no longer run `focus-{in,out}-hook' only.
When running on AppEngine, the image is expected to be configured with
a default entry point / command.
This sets the command to the wrapper script, so that the image can
actually run properly when deployed.
--
1224e58a45e4d016b18f5a6cf5762ba33027017a by CJ Johnson <johnsoncj@google.com>:
Unifies the growth factor of InlinedVector's mutating members to max(2 * capacity, req_capacity). In doing so, LegacyNextCapacityFrom(...) is removed thus removing a loop from several callsites.
PiperOrigin-RevId: 259920301
--
945fc0bf27b67ea77d39144dcb6a483dc879ceda by Laramie Leavitt <lar@google.com>:
Cleanup header guards which do not reflect the correct style.
PiperOrigin-RevId: 259881520
--
8c7d0532ba9a9aabfd57f67552572b2b1bedda97 by Derek Mauro <dmauro@google.com>:
Move log_severity sources to the new log_severity target.
PiperOrigin-RevId: 259837015
GitOrigin-RevId: 1224e58a45e4d016b18f5a6cf5762ba33027017a
Change-Id: Id19506c3b8db71a0d4391ee917bfef3e802d550d
When sandbox-fallback = true (the default), the Nix builder will fall
back to disabled sandbox mode when the kernel doesn’t allow users to
set it up. This prevents hard errors from occuring in tricky places,
especially the initial installer. To restore the previous behavior,
users can set:
sandbox-fallback = false
in their /etc/nix/nix.conf configuration.
Some kernels disable "unpriveleged user namespaces". This is
unfortunate, but we can still use mount namespaces. Anyway, since each
builder has its own nixbld user, we already have most of the benefits
of user namespaces.
Instead of using whatever the current system default is, import a Nix
channel when building an image.
This will use Nix' internal caching behaviour for tarballs fetched
without a SHA-hash.
For now the downloaded channel is pinned to nixos-19.03.
When running Nix inside of a container image, there are several
environment-specific details that need to be configured appropriately.
Most importantly, since one of the recent Nix 2.x releases, sandboxing
during builds is enabled by default. This, however, requires kernel
privileges which commonly aren't available to containers.
Nixery's demo instance (for instance, hehe) is deployed on AppEngine
where this type of container configuration is difficult, hence this
change.
Specifically the following were changed:
* additional tools (such as tar/gzip) were introduced into the image
because the builtins-toolset in Nix does not reference these tools
via their store paths, which leads to them not being included
automatically
* Nix sandboxing was disabled in the container image
* the users/groups required by Nix were added to the container setup.
Note that these are being configured manually instead of via the
tools from the 'shadow'-package, because the latter requires some
user information (such as root) to be present already, which is not
the case inside of the container
--
1f44f8f487aa3afe8248132e4081519e85671965 by CJ Johnson <johnsoncj@google.com>:
Updates ScopedAllocatorWorks test for InlinedVector to not depend on specific byte counts of standard library vectors. It's too brittle in the face of capacity-changing changes to InlinedVector and does not provide signal in those breakages.
PiperOrigin-RevId: 259590332
--
fef7589547e9cdd04a254f6ae06e2bd9ec2b35f0 by CJ Johnson <johnsoncj@google.com>:
Updates the implementation of InlinedVector::insert(...) to be exception safe and adds an exception safety tests for insert(...)
PiperOrigin-RevId: 259542968
GitOrigin-RevId: 1f44f8f487aa3afe8248132e4081519e85671965
Change-Id: I514beff56159c9c717f8d29197728011af1fecd7
Introduces a wrapper script which automatically sets the paths to the
required runtime data dependencies.
Additionally configures a container image derivation which will output
a derivation with Nixery, Nix and other dependencies.
