Age | Commit message (Collapse) | Author | Files | Lines |
|
nixpkgs-crate-holes can build a markdown report detailing all vulnerable
crates pinned in cargoDeps vendors in nixpkgs according to RustSec's
advisory db. This report is intended to be pasted into a GitHub issue.
The report is produced by a derivation and can be obtained like this:
nix-build -A users.sterni.nixpkgs-crate-holes.full \
--argstr nixpkgsPath /path/to/nixpkgs
Example output: https://gist.github.com/sternenseemann/27509eece93d6eff35cd4b8ce75423b5
Additionally, you can obtain a more verbose report for a single
attribute of nixpkgs, in HTML format since we just reuse the command
line output of cargo-audit and convert it to HTML using ansi2html:
nix-build -A users.sterni.nixpkgs-crate-holes.single \
--argstr nixpkgsPath /path/to/nixpkgs --argstr attr ripgrep
Change-Id: Ic1c029ab67770fc41ba521b2acb798628357f9b2
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3715
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
|
|
This makes it much easier to update the db manually and also lays the
foundation for future automation bumping the advisory db.
Change-Id: I1244020c8bb1af43bf4e207c55f6420eb3f57bcf
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3713
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
Reviewed-by: Profpatsch <mail@profpatsch.de>
|
|
Change-Id: Iaaed35de078292c0c99a7c83de9ca5fdf27b8135
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3711
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
|
|
Change-Id: I4c27b7a3b89ffd3a84313b70af3dfda2b2f6fa98
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3714
Reviewed-by: tazjin <mail@tazj.in>
Tested-by: BuildkiteCI
|
|
Change-Id: I64c305c60d2187633cb84e8642e4639f1402325c
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3725
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
|
|
Change-Id: I943343af92665897e2ebc556f3984a2f8ede9a23
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3723
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
|
|
Change-Id: Ic180b67c764e750d82c3bf4273216d7da75d3aaa
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3709
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
|
|
Change-Id: I794738b8e27404e9b8de2f04d980b94b73dae764
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3708
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
|
|
... the amount of times I've not had this and nix-shell'd it is ridiculous.
Change-Id: I8ac3a7a2915e68d235f8349373b2575e6ebe1cb5
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3710
Reviewed-by: tazjin <mail@tazj.in>
Tested-by: BuildkiteCI
|
|
Change-Id: Ibe1a7d4b67c9986aa3da1493e0f30906209abcca
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3707
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
|
|
Change-Id: I0592f5f9be9b01d7809e4d6a2d282e3398dbed4d
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3706
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
|
|
cleanSource needs to import the path into store which is quite slow at
this point. Since we are filtering the path later anyways, using the
original path is probably perfectly fine and speeds up builds (which is
nice when iterating on something).
Change-Id: I0628854d754b5903eb4ae93a3c3e2539b2c1c7e9
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3705
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
|
|
Passed strings will be treated as a relative path below the given root,
which is quite convenient when using depot.path by eliminating a lot of
repetition.
Change-Id: I3da6058094484f4a6ffbb84f89ad4472b502a00c
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3704
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
|
|
The point where this broke is likely when llvmPackages_11.stdenv started
respecting stdenv.hostPlatform.linker and thus using GNU binutils'
ld.bfd for linking. That linker can't deal with clang's C++ ABI.
To fix this we introduce a modified version of llvmPackages_11.stdenv
which uses llvmPackages_11.bintools for linking purposes (I also aim to
upstream this in some form, but am not sure about the details atm, so
we'll just do this in the tvl overlay for now). This is the precondition
for getting our C++ packages in //third_party to work
again. Additionally the following fixes were necessary:
* abseil-cpp needed to be updated (by overriding the version from
nixpkgs for now, since I can't update the subtree on my own) to
fulfill grpc's requirements (grpc 1.41.0 needs abseil-cpp LTS
20210324).
* gtest needs a patch from nixpkgs which fixes the path to its include
directory for CMake.
* We need to build re2 with clang as well, otherwise linking will fail.
Fixes b/132.
Change-Id: I7b64579fe96451547babe070fd35db398581e49d
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3701
Tested-by: BuildkiteCI
Reviewed-by: lukegb <lukegb@tvl.fyi>
Reviewed-by: tazjin <mail@tazj.in>
|
|
Change-Id: I8247ac6c15d3ee89e902737f160d5f0acae707bd
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3703
Reviewed-by: tazjin <mail@tazj.in>
Tested-by: BuildkiteCI
|
|
Change-Id: Ic74cf57cafb34b18ef632e4718493146dc063236
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3702
Reviewed-by: tazjin <mail@tazj.in>
Tested-by: BuildkiteCI
|
|
Replaces all uses of relative static paths in TVL pages with the
static.tvl.fyi domain. Where possible, the drv hash is directly
embedded in the content.
Change-Id: Ia882dd37ceae9d047cd81cf1eb37a856b339643a
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3682
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
|
|
The previous hash had a weird salt length and a trailing newline.
This fixes it.
Change-Id: I1f03238181d0caad38e1f1dbc477356bc20fc32d
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3689
Reviewed-by: tazjin <mail@tazj.in>
Tested-by: BuildkiteCI
|
|
Change-Id: I1fc67c0e33e1e1add8a4ea53c8c94e90e53d8bd5
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3687
Tested-by: BuildkiteCI
Reviewed-by: grfn <grfn@gws.fyi>
Reviewed-by: tazjin <mail@tazj.in>
|
|
This ensures in a simple example that __readTree and __readTreeChildren
are populated correctly.
Change-Id: I69a46b2ddde0d1f9bf0dff1c4780f033ac8fc27a
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3655
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
|
|
Change-Id: Ibccb690dc1371499e9800d4414002ce586490a91
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3681
Tested-by: BuildkiteCI
Reviewed-by: grfn <grfn@gws.fyi>
|
|
* //third_party/overlays/tvl: sbcl 2.1.8 -> 2.1.9
Change-Id: I6817a641d2926af9cd38e90138840e761e5c1581
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3686
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
Reviewed-by: grfn <grfn@gws.fyi>
|
|
In order to make readTree import symlinked directories I've been looking
into how to detect if a symlink points to a directory (since this would
allow us to use symlinks for //nix/sparseTree). I've found a hack for
this:
symlinkPointsToDir = path: isSymlink path &&
builtins.pathExists (toString path + "/.")
Unfortunately it doesn't seem to be possible to distinguish whether the
symlink target does not exist or is a regular file.
Since it's possible, I thought might as well add this to
`pathType`. To make returning the extra information workable, I've
elected to use the attribute set layout used by `//nix/tag`. This
doesn't require us to depend anything (as opposed to yants), but gives
us pattern matching (via `nix.tag.match`) and also quite idiomatic
checking of pathTypes:
pathType ./foo ? file
(pathType ./foo).symlink or null == "symlink-directory"
Nonexistent paths are encoded like this:
pathType ./foo ? missing
Of course we can't use this in readTree (since it must be zero
dependency), but we can easily inline this hack at some point.
Change-Id: I15b64a1ea69953c95dc3239ef5860623652b3089
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3535
Tested-by: BuildkiteCI
Reviewed-by: Profpatsch <mail@profpatsch.de>
Reviewed-by: tazjin <mail@tazj.in>
|
|
The setup is explained in the comment, but TL;DR: Use the derivation
hash of static files to create permanent URLs.
Relates to b/151.
Change-Id: Ib1ca3a1a00c90a47f4bf39c29a8b4bbf5b215e7d
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3664
Tested-by: BuildkiteCI
Reviewed-by: grfn <grfn@gws.fyi>
|
|
This hostname can be used for hosting static assets with aggressive
caching for everything, or potentially CDNing stuff if we ever have
large things here.
Change-Id: I10afdad5eb08125d8d09108e9e099f5573362fe5
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3663
Reviewed-by: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
|
|
Change-Id: Ie5ee4fe9d137cde9502ded1558fae3ad685b8863
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3661
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
|
|
This can be used for easy cachebusting of static assets, so that we
can serve them all with a really long cache-time easily.
Change-Id: I7c9f6beddec58e1caf02cda33bc587590217a939
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3660
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
|
|
Change-Id: I168924cd7b15103d64c9ad72172f72304e1d3a7d
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3659
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
|
|
Change-Id: I21e1ddf9a32568cac8ad2595869ac8670867efa9
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3658
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
|
|
This makes it possible to directly use the folder as an nginx root.
Change-Id: I8cb5236f8d6d01658926330a01c9dfdfa7d60dcc
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3657
Reviewed-by: tazjin <mail@tazj.in>
Tested-by: BuildkiteCI
|
|
depot-nixpkgs-update did not update the unstable channel properly, since
nixos.org still has caching issues: The channel has updated (e. g. the
nixos-unstable branch in nixpkgs), but channels.nixos.org is still
pointing to a stale version. See:
* https://github.com/NixOS/nixpkgs/issues/140026
* https://github.com/NixOS/nixos-org-configurations/issues/169
I've updated the channel manually here, since that version of nixpkgs
has a fix for bqn-mode I'm interested in.
Hopefully this problem is sorted out soon since depot-nixpkgs-update
relies on the HTTP channel “API” to obtain the date of the channel (as
opposed to the date of the commit).
Change-Id: Iae55e4a7f77b479e08dbe9eb82752ecc4f470d81
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3656
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
|
|
This was a regression introduced in cl/3554.
Change-Id: I0721693a6eb1b28976b28499875812b1c3d1c910
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3654
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
|
|
* awscli2 now builds again upstream
Change-Id: Iabffe8251e5839a49f217c7d351c8c712b5ddbb0
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3653
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
|
|
Change-Id: I45cc10aaa7bfc7561ef25978c71248659ce6579d
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3652
Reviewed-by: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
|
|
Change-Id: Ib2d7c0c8db8a6a579985b8c84739c72b8e8e395b
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3651
Reviewed-by: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
|
|
Change-Id: I83506c214a5db1be283913ed2ebd182fbba00c61
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3650
Reviewed-by: tazjin <mail@tazj.in>
Tested-by: BuildkiteCI
|
|
Change-Id: If42bb8476cd513d7844ef3494e82563a5786c670
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3649
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
|
|
This will be used for anything to do with the TVL company. For the
most part this will be website stuff, and maybe a handful of legal
documents.
Usage rights to this folder are reserved, in contrast to the rest of
the depot.
Change-Id: I7fb70278f49d52d7c54132fe4f8f22fb93a10da7
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3648
Reviewed-by: tazjin <mail@tazj.in>
Tested-by: BuildkiteCI
|
|
grfn pointed out that the previous animation was so subtle that it
could be mistaken for a symptom of perceptual distortion, which is not
ideal.
This doubles the speed of the animation to make it more obvious that
animation is not taking place in the viewer's head.
Change-Id: Icd836e91677dfab44357932b53673d701ac6b9f3
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3647
Reviewed-by: grfn <grfn@gws.fyi>
Tested-by: BuildkiteCI
|
|
Change-Id: I94337f7af76ff554370593709088503ee4b21564
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3645
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
|
|
Change-Id: If0e43f62b6f6adec32efddcad9c1a887d3ef5ece
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3646
Tested-by: BuildkiteCI
Reviewed-by: grfn <grfn@gws.fyi>
Reviewed-by: sterni <sternenseemann@systemli.org>
|
|
Pointing people at IRC and mentioning that there's technology
involved, etc.
Change-Id: I414c006952d60b1fff619edda5016bb2a8714dfb
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3640
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
Reviewed-by: grfn <grfn@gws.fyi>
|
|
This isn't really adding anything and I don't think anyone
particularly wants us to link to them.
Change-Id: I6c1c8949d8e64e8c50cc8220a911183b2a166232
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3632
Tested-by: BuildkiteCI
Reviewed-by: grfn <grfn@gws.fyi>
|
|
Change-Id: I5212b235aa2a72c90e4795dce4c9fccfa00ddec3
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3629
Tested-by: BuildkiteCI
Reviewed-by: grfn <grfn@gws.fyi>
|
|
The previous impl of this was formatting the pre-save contents of the
buffer, effectively preventing saving any changes (oops).
Change-Id: I17d4b8ba0943964d700f7dca81af4f46b149c0b8
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3644
Tested-by: BuildkiteCI
Reviewed-by: grfn <grfn@gws.fyi>
|
|
Change-Id: I525aa3ddcacb583e6d3a3ba1529d718b43379273
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3643
Tested-by: BuildkiteCI
Reviewed-by: grfn <grfn@gws.fyi>
|
|
This is really just not worth the performance hit
Change-Id: I6f603aa154c562da2803bd8f73b1135faad243be
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3642
Tested-by: BuildkiteCI
Reviewed-by: grfn <grfn@gws.fyi>
|
|
This doesn't work right now, and I'm not currently writing any idris
Change-Id: I7c090ad9f05c5d24f4f80fdd444e8995629aaba4
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3641
Tested-by: BuildkiteCI
Reviewed-by: grfn <grfn@gws.fyi>
|
|
Change-Id: I215b010ea4595d1c6b76138cf7f7b1fb7f435085
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3639
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
|
|
Change-Id: I4e00168328e1129f43f4e2e4016ad0543607a73f
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3638
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
|