Skip to content

staging-next 2025-07-04#422427

Merged
vcunat merged 951 commits intomasterfrom
staging-next
Jul 13, 2025
Merged

staging-next 2025-07-04#422427
vcunat merged 951 commits intomasterfrom
staging-next

Conversation

wolfgangwalther and others added 30 commits June 30, 2025 12:07
Since the shebang calls nix-shell, we can safely assume that Nix (Lix,
C++ Nix) is installed. Our scripts should support a wide enough range of
Nix versions so that using the “impure” version of the tool is not a
problem.

This works around #400784. My theory is that the Nix frontend commands
no longer work with older versions of the Nix daemon nor the Lix daemon
in our workloads.
- Add test to ensure ability to patch read-only-files (see #414448 (comment))
- Add test to ensure the timestamp is preserved
- Add test to ensure read-only permissions are preserved
Fixes a regression introduced by c1cc6ff where patchShebangs would crash if a file is read-only
This package is affected by the same problem as jpeg-turbo,
missing test files in the sdist.
Interestingly, this did not break anything super obvious before, but now
paths between GHC and separate libraries match.
K900 and others added 23 commits July 12, 2025 11:22
Upstream builds with Gradle now, so yay, we can use normal tooling.
Also no more JDK8.
`dev` output unchanged (verified by `diffoscope`).

`out` output still contains all the translation files,
with no obvious encoding issues i spotted. Slight
deviations in the metadata, but should be fine.

Fixing the build with modern gettext requires replacing the obsolete glib gettext.
Fixing the build with modern autoconf requires making IT_PROG_INTLTOOL
unconditional, hence the indent changes in the patch.
The next haskellPackages bulk update will also resolve this, but picking
the patch will prevent a broken git-annex until the next staging-next is
merged into master.
Upstream doesn't support 3.5 yet.
This sucks, but 3.0 is too old, 3.5 is too new, and we're not
shipping 3.4 just for this.
`glib` gettext is deprecated and currently broken.
This fixes the build by using regular gettext instead.
@vcunat vcunat merged commit b47d4f0 into master Jul 13, 2025
30 checks passed
@sehnryr sehnryr mentioned this pull request Jul 21, 2025
3 tasks
@juliusrickert
Copy link
Member

juliusrickert commented Jul 23, 2025

I can't pin it down to a specific commit for now, but – according to git bisect start --first-parent – since this PR found its way into nixpkgs-unstable, our container images, built with pkgs.dockerTools.buildLayeredImage, no longer work.

Details:

$ git checkout nixpkgs-unstable
$ git rev-parse HEAD
2baf8e1658cba84a032c3a8befb1e7b06629242a
$ git bisect start --first-parent
$ git bisect good ceb24d94c6feaa4e8737a8e2bd3cf71c3a7eaaa0
$ git bisect bad 6b4955211758ba47fac850c040a27f23b9b4008f
$ git bisect run sh -c "nix build --print-build-logs --verbose --no-update-lock-file --override-input nixpkgs $(pwd) /root/project#packages.x86_64-linux.oci_image
<…>
b47d4f01d4213715a1f09b999bab96bb6a5b675e is the first bad commit
commit b47d4f01d4213715a1f09b999bab96bb6a5b675e
Merge: b2e5044b3e79 a82a7e5045b5
Author: Vladimír Čunát <[email protected]>
Date:   Sun Jul 13 19:33:14 2025 +0200

    staging-next 2025-07-04 (#422427)

Excerpt from the build logs:

these 5 derivations will be built:
  /nix/store/my0qi1h6q3kkqmwp62s85gbhygpqc9j5-foo-customisation-layer.drv
  /nix/store/a71fkwnqn1iz2jp8l63w75cbxxyiwyv9-docker-layers.drv
  /nix/store/wp8wf0m2kkb15pabc0rws7yc2nrd5cip-foo-conf.json.drv
  /nix/store/wnbvligwqmxc064cipq135rn5qcbsyrq-stream-foo.drv
  /nix/store/54s0bhjc594f0xfv33kla6kyrkjdg7g2-foo.tar.gz.drv
building '/nix/store/my0qi1h6q3kkqmwp62s85gbhygpqc9j5-foo-customisation-layer.drv'...
foo-customisation-layer> proot warning: can't sanitize binding "/sys/": No such file or directory
foo-customisation-layer> proot warning: can't sanitize binding "/nix/store/5chahxg9lvs7d0617zn3lqqkydh4rsh3-foo-customisation-layer/layer.tar": No such file or directory
error: builder for '/nix/store/my0qi1h6q3kkqmwp62s85gbhygpqc9j5-foo-customisation-layer.drv' failed with exit code 1;
       last 2 log lines:
       > proot warning: can't sanitize binding "/sys/": No such file or directory
       > proot warning: can't sanitize binding "/nix/store/5chahxg9lvs7d0617zn3lqqkydh4rsh3-foo-customisation-layer/layer.tar": No such file or directory
       For full logs, run 'nix log /nix/store/my0qi1h6q3kkqmwp62s85gbhygpqc9j5-foo-customisation-layer.drv'.
error: 1 dependencies of derivation '/nix/store/wp8wf0m2kkb15pabc0rws7yc2nrd5cip-foo-conf.json.drv' failed to build
error: 1 dependencies of derivation '/nix/store/wnbvligwqmxc064cipq135rn5qcbsyrq-stream-foo.drv' failed to build
error: 1 dependencies of derivation '/nix/store/54s0bhjc594f0xfv33kla6kyrkjdg7g2-foo.tar.gz.drv' failed to build

I'm working on a minimal reproducible example.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

1.severity: security Issues which raise a security issue, or PRs that fix one 4.workflow: staging A staging-next or staging-next-XX.YY branch 9.needs: reviewer This PR currently has no reviewers requested and needs attention. 10.rebuild-darwin: 501+ This PR causes many rebuilds on Darwin and should normally target the staging branches. 10.rebuild-darwin: 5001+ This PR causes many rebuilds on Darwin and must target the staging branches. 10.rebuild-darwin-stdenv This PR causes stdenv to rebuild on Darwin and must target a staging branch. 10.rebuild-linux: 501+ This PR causes many rebuilds on Linux and should normally target the staging branches. 10.rebuild-linux: 5001+ This PR causes many rebuilds on Linux and must target the staging branches. 10.rebuild-linux-stdenv This PR causes stdenv to rebuild on Linux and must target a staging branch.

Projects

None yet

Development

Successfully merging this pull request may close these issues.