Hey Nixers
Yet another (the 30th already!) update from the Tweag Nix team (following the previous one here)
Nix implementation
-
I mentioned last time that @edolstra was working on making the new CLI respect the
meta.outputsToInstall
field. This work got merged, but accidentally brokenix develop
(https://github.com/NixOS/nix/issues/6500). @alexshpilkin submitted a fix (https://github.com/NixOS/nix/pull/6502), but @edolstra finding it too fragile submitted (and merged) another one (https://github.com/NixOS/nix/pull/6518). -
A long time ago, @andir (who had previously worked as a Tweag employee) opened a pull-request adding some unit tests to
libnixexpr
, the Nix library responsible for the evaluation of the Nix language. After a long time of silence, @thufschmitt eventually got to rebase and merge it. This triggered a small discussion around the testing strategy for Nix (https://github.com/NixOS/nix/pull/5377 and the follow-up at https://github.com/NixOS/nix/pull/6517) -
Nix got indirectly affected by CVE-2022-24765 in two ways:
- Because it (mostly the flakes part) heavily uses Git internally, and often in ways that the CVE fix breaks (because the Git directory might be owned by root).
This got fixed by @ma27 (not from Tweag) in https://github.com/NixOS/nix/pull/6440 and https://github.com/NixOS/nix/pull/6470. - Flakes recently got a similar behavior as the one that caused the issue with Git, meaning that it is affected by a similar issue (though arguably less severe because it’s only affecting an experimental feature, and it shouldn’t be possible to just execute arbitrary untrusted code with the main commands).
@thufschmitt opened a fix for it (https://github.com/NixOS/nix/pull/6464)
- Because it (mostly the flakes part) heavily uses Git internally, and often in ways that the CVE fix breaks (because the Git directory might be owned by root).
-
@radvendii got bitten by an confusing
nix-shell
behaviour when running as a shebang with an emptyNIX_PATH
. Being curious and stubborn, he went down the rabbit hole with @thufschmitt and opened a fix (https://github.com/NixOS/nix/pull/6472) -
And like always, reviews, bug fixes, and all that stuff
{Document,communic}ation
-
Faithful to his role of marketing team lead, @garbas led a number of reviews of PRs against nixos-homepage
-
Keeping on his (much welcome) crusade on improving the documentation of the Nixverse, @fricklerhandwerk kept working on documenting the broad architecture of Nix, trying to get a comprehensive explanation of the in and outs of both the tool and the underlying model (mostly here)
-
With the insight given to him by the above, @fricklerhandwerk offered to improve the “How Nix works” page on the NixOS website (https://github.com/NixOS/nixos-homepage/pull/840, https://github.com/NixOS/nixos-homepage/pull/841)
-
Following on his first experience, @thufschmitt published a second video showing the implementation of the
randomStorePath
Nix builtin (with Infinisil)
- @garbas started working on gathering some metrics from the Nix binary cache. The end-goal is to feed https://status.nixos.org/prometheus (or anything similar). In the meantime, the data is kept in GitHub - NixOS/nixos-metrics
Nickel
- @yannham, with help from the Nix team, started to draft an RFC for using Nickel for Nix #693. The design is still an ongoing work.
- @thufschmitt improved the small Nickel+Nix POC (here) to make it able to instantiate derivations, and give it a (very partial) support for string contexts
- @ErinvanderVeen implemented a command to generate simple markdown documentation from a Nickel expression #696
- @yannham continued working on formalising the type system with support for subtyping (which is the ability, in simpler words, to accept some safe upcasts from a more precise type to a less precise type) in #691
And that’s all, folks