Another two weeks, another Tweag update:
CA Nix
Still gathering feedback from the early testers, @thufschmitt spent most of his time fixing newly found bugs:
- The most important (and still open) bug is the Two Glibc issue.
The fix should be there now, scattered across several different pull-requests (#4833, #4836, #4838, #4839). -
nix rungot a fix to make it work with content-addressed derivations (#4819) likewise, there’s an open pull-request to fixnix-shell(#4842). - While working on [CA-drvs] nix-store --export fails with "error: hash of path ... has changed" · Issue #4792 · NixOS/nix · GitHub, @thufschmitt noticed that content-addressed paths with self-references (so essentially the outputs of CA derivations) were hashed in a slightly weird way (which was the cause for [CA-drvs] nix-store --export fails with "error: hash of path ... has changed" · Issue #4792 · NixOS/nix · GitHub). This got fixed in Make the Nar hash non modulo by thufschmitt · Pull Request #4849 · NixOS/nix · GitHub. Note that this changes the way the
narHashis computed for these paths, meaning that you might not be able to copy old paths to a store using the new Nix version (not without repairing them first at least). - Still while working on this issue, @thufschmitt also noticed that content-addressed store paths (outputs of CA derivations, but also fixed-output derivations, derivation files or path litterals) weren’t properly validated when importing them into the store. This meant that a rogue binary-cache/untrusted user could forge a pseudo-content-addressed path with an invalid content that would be silently trusted by the Nix daemon. Thanks to @edolstra, this is now fixed in 5985b8 (and backported to 2.3).
Trustix
@adisbladis just released an alpha version of Trustix 
Amongst the last-minute changes,
- The internal db engine got changed from Badger to Bbolt (042200)
- All the components got a nice shiny NixOS module (03f009, 7dabed, 9547d3)
- Docs, docs, docs
Nickel
After quite a bit of work on the academic side (conference presentation, and submission of papers), @yannham could at last spend some time on the website again. It’s still not live, but it’s taking a pretty good shape. And it now has a very fancy online editor to try it out:
And that’s all for now folks!