Project board: Nix team · GitHub
Video conference: Jitsi Meet
Previous notes: Nix - NixOS Discourse
Announcement: The team’s current focus is on polish in preparation for the upcomming Nixpkgs/NixOS release.
2024-04-22 Nix team meeting minutes #140
Agenda
-
Discuss how to continue with the installer
-
Sandbox bypass
- Current fix libstore/local-derivation-goal: prohibit creating setuid/setgid binaries by Ma27 · Pull Request #10501 · NixOS/nix · GitHub, breaks the Hydra build.
- Alternative fixes are available, but need work.
- Plan to revert #10501, unless fix available by end-of-day Tuesday. (update: fixed and merged instead)
-
Nixpkgs Release version
- proposed 2.22
- considering 2.21
- Many changes to file structure impedes backports
- Odd to already consider 2.22 bad
-
Proposal: focus on bug fixes, bypass, and release.
- delay current release?
- pro: gives time to update
- con: might not be better
- 5 weeks is enough time
- @ericson2314: -1
- should be in releasable state
- proof is in the pudding
- testing improvements need to discover issues earlier
- outcome
- announce on discourse the focus on polish in preparation for the upcomming Nixpkgs/NixOS release
- last release (2.21)
- delay current release?
Breakout working sessions
- bypass (theophane + tomberek) (`fchmodat2` seccomp filter breaks sandboxed builds with glibc 2.38 · Issue #10585 · NixOS/nix · GitHub)
- robert
a. nested submodules (Nix >=2.19.0 has a regression on fetchGit submodules recursive clone · Issue #10538 · NixOS/nix · GitHub) - symlink + evaluator regression (eelco + john)
Discussion
-
@l-as: wants to re-do the building code
- build/local-derivation-goal.{cc,hh}
- time estimate: large changes against master are acceptable
- speed up changes for after release “island of stability”
- pros: improve understanding, long-term improvements
- cons: bugs, visible behavior changes
- RFC92 blocker related to goal propagation
- ericson in favor: state machine and small funcs makes FFI approach viable
- incremental
- co-routine refactor
- impacts on testing? can add unit testing
- outcomes + goal
- improve understanding
- work toward WASM support
- RFC 92 - dyn drvs + bazel-like fine-grained
- performance
- sync substitution
- “fearless concurency”
- other sandboxing strategies, like “capsicum style” vs “container style”
-
Build capability interface · Issue #10579 · NixOS/nix · GitHub
- turns the scheduler into a (large) unit, testable without real “builder”
- turns the “builder” implementations into units
- idea: remove build-remote (somewhat implied in the issue, implementation detail, but significant one)
- time? yes, can devote time, especially if progress is made
- questions? coordinate in “Nix Hackers”
- mentor + codeowner: Ericson
- 1 more thing!
- comment: C++23 modules to improve APIs
- interested, but need to ensure support in upstream