Skip to content

ci/pinned: update#427437

Merged
wolfgangwalther merged 6 commits intoNixOS:masterfrom
wolfgangwalther:ci-pinned-update
Jul 24, 2025
Merged

ci/pinned: update#427437
wolfgangwalther merged 6 commits intoNixOS:masterfrom
wolfgangwalther:ci-pinned-update

Conversation

@wolfgangwalther
Copy link
Contributor

@wolfgangwalther wolfgangwalther commented Jul 22, 2025

This gives us Nix 2.30 and nixfmt 1.0.0.

From the nixpkgs-unstable channel:
https://hydra.nixos.org/eval/1817034#tabs-inputs

Changes for treefmt-nix:
numtide/treefmt-nix@a05be41...421b563

Things done

Add a 👍 reaction to pull requests you find important.

@wolfgangwalther wolfgangwalther mentioned this pull request Jul 22, 2025
Merged
2 tasks
@nixpkgs-ci nixpkgs-ci bot added 10.rebuild-darwin: 0 This PR does not cause any packages to rebuild on Darwin. 10.rebuild-linux: 0 This PR does not cause any packages to rebuild on Linux. 6.topic: continuous integration Affects continuous integration (CI) in Nixpkgs, including Ofborg and GitHub Actions backport release-25.05 labels Jul 22, 2025
@wolfgangwalther
Copy link
Contributor Author

wolfgangwalther commented Jul 22, 2025

Hm, we have a problem on this pin, because nix 2.3 has been marked insecure in #420974. This means it's not cached anymore. I guess we'll have to drop it from the parse check.

@wolfgangwalther
Copy link
Contributor Author

wolfgangwalther commented Jul 22, 2025

@sternenseemann @tazjin could you chime in on what the plans / progress are for backporting the recent CVE patches to Nix 2.3?

We have multiple options here:

  • Drop Nix 2.3 from nixpkgs, raise nixVersions.minimum to the next available version and run the parse check with that at the lower end.
  • Temporarily remove the parse check for nix 2.3 in the expectation that all knownVulnerabilities will be fixed: Only then will we get a cached nix 2.3 again.
  • Immediately fix 2.3 and wait for that before the bump here.

In case we drop Nix 2.3, we can't prevent nix 2.3-incompatible syntax from sneaking in anymore and should raise the minimum required nix version to evaluate nixpkgs. IIRC, this will also allow us to remove some cruft around structuredAttrs, because we'll be able to drop support for many intermediate versions, where fixes for that were not backported.

@nixpkgs-ci nixpkgs-ci bot added 10.rebuild-linux: 1-10 This PR causes between 1 and 10 packages to rebuild on Linux. 10.rebuild-darwin: 1-10 This PR causes between 1 and 10 packages to rebuild on Darwin. 6.topic: nixos Issues or PRs affecting NixOS modules, or package usability issues specific to NixOS 6.topic: GNOME GNOME desktop environment and its underlying platform 6.topic: qt/kde Object-oriented framework for GUI creation 6.topic: kernel The Linux kernel 8.has: module (update) This PR changes an existing module in `nixos/` 6.topic: emacs Text editor 6.topic: printing Drivers, CUPS & Co. 6.topic: rust General-purpose programming language emphasizing performance, type safety, and concurrency. 6.topic: golang Go is a high-level general purpose programming language that is statically typed and compiled. 6.topic: vim Advanced text editor 6.topic: fetch Fetchers (e.g. fetchgit, fetchsvn, ...) 6.topic: nodejs Node.js is a free, open-source, cross-platform JavaScript runtime environment 6.topic: hardware Drivers, Firmware and Kernels and removed 10.rebuild-darwin: 0 This PR does not cause any packages to rebuild on Darwin. 10.rebuild-linux: 0 This PR does not cause any packages to rebuild on Linux. labels Jul 22, 2025
@nixpkgs-ci nixpkgs-ci bot added the 2.status: merge conflict This PR has merge conflicts with the target branch label Jul 22, 2025
@Ma27
Copy link
Member

Ma27 commented Jul 23, 2025

I guess the reformat should also be added to .git-blame-ignore-revs?

@wolfgangwalther
Copy link
Contributor Author

wolfgangwalther commented Jul 23, 2025

I guess the reformat should also be added to .git-blame-ignore-revs?

Yes, but I'd like to do this in a follow up. I'm sure I'll need to rebase a bit more, and don't want to have a wrong hash in there. Been there before elsewhere.

@jfly jfly mentioned this pull request Jul 23, 2025
Merged
13 tasks
@wolfgangwalther wolfgangwalther mentioned this pull request Jul 24, 2025
Merged
1 task
@wolfgangwalther
Copy link
Contributor Author

wolfgangwalther commented Jul 24, 2025

what the plans / progress are for backporting the recent CVE patches to Nix 2.3?

I looked into this a bit more.

Since we surely don't want to block this PR / updates to CI indefinitely, I will do the following:

  • Remove Nix 2.3 from the CI parse check to unblock this PR.
  • Open a new PR to drop Nix 2.3 entirely, since we can't test for it. Ofc, this will be subject to discussion and it ultimately doesn't need to be done at all, if the patches can be backported - but the discussion about it will be decoupled from advancing the CI pin (and nixfmt'ing the tree etc.).

@wolfgangwalther
treewide: fix syntax errors in nix code blocks
6c47e7d 
Fixes all code blocks with "nix" language in markdown files for syntax
errors to be able to run nixfmt in the next step.
@wolfgangwalther
treewide: run treefmt with mdcr/nixfmt
62fe016
@wolfgangwalther
nixos/doc/wireless: fix comments
0f3f710 
Those had been misplaced by nixfmt.
@wolfgangwalther
ci/parse: raise minimum test to Nix 2.24
ea970ff 
Nix 2.3 is marked as insecure and thus not cached anymore.

We'll either need to patch it and cache it again or drop it.
@wolfgangwalther
ci/pinned: update
6f56639 
This gives us Nix 2.30 and nixfmt 1.0.0.

From the nixpkgs-unstable channel:
https://hydra.nixos.org/eval/1817034#tabs-inputs

Changes for treefmt-nix:
numtide/treefmt-nix@a05be41...421b563
@wolfgangwalther
treewide: run nixfmt 1.0.0
5a07111
@nixpkgs-ci nixpkgs-ci bot removed the 2.status: merge conflict This PR has merge conflicts with the target branch label Jul 24, 2025
@wolfgangwalther
Copy link
Contributor Author

wolfgangwalther commented Jul 24, 2025

Rebased and resolved merge conflicts. Not keen on more of them, so let's get this done.

@wolfgangwalther wolfgangwalther merged commit ebebf7f into NixOS:master Jul 24, 2025
24 of 27 checks passed
@wolfgangwalther wolfgangwalther deleted the ci-pinned-update branch July 24, 2025 12:11
@nixpkgs-ci

This comment was marked as resolved.

Sign in to view
@wolfgangwalther
Copy link
Contributor Author

wolfgangwalther commented Jul 24, 2025
edited
Loading

I will now do all the periodic merges to resolve the arising conflicts.

Edit: For the curious, I am using the approach outlined in #395864, aka the custom git merge driver.

This was referenced Jul 24, 2025
Merged
Merged
@wolfgangwalther
Copy link
Contributor Author

wolfgangwalther commented Jul 24, 2025

Backport in #428039.

@wolfgangwalther wolfgangwalther added the 8.has: port to stable This PR already has a backport to the stable release. label Jul 24, 2025
@wolfgangwalther
Copy link
Contributor Author

wolfgangwalther commented Jul 24, 2025

I did the following:

  • merged this PR
  • merged master into staging-next
  • merged staging-next into staging
  • merged (master/staging) into haskell-updates
  • merged the backport
  • merged release-25.05 into staging-next-25.05
  • merged staging-next-25.05 into staging-25.05

Each merge was done with the custom merge driver and then amended with another run of treefmt for incoming changes from the other branch.

All development branches are now formatted with nixfmt 1.0.0!

@wolfgangwalther wolfgangwalther mentioned this pull request Jul 24, 2025
Merged
2 tasks
@emilazy
Copy link
Member

emilazy commented Jul 24, 2025

Thanks for handling this! Really happy to see the concatenation change land. Are you going to handle adding all of those to .git-blame-ignore-revs?

@wolfgangwalther
Copy link
Contributor Author

wolfgangwalther commented Jul 24, 2025

Yes, on my list.

@wolfgangwalther wolfgangwalther mentioned this pull request Jul 24, 2025
Merged
@tpwrules tpwrules mentioned this pull request Aug 3, 2025
Merged
@rnhmjoj rnhmjoj mentioned this pull request Aug 20, 2025
Merged
16 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@infinisil infinisil Awaiting requested review from infinisil

@philiptaron philiptaron Awaiting requested review from philiptaron

@Mic92 Mic92 Awaiting requested review from Mic92

@MattSturgeon MattSturgeon Awaiting requested review from MattSturgeon

@zowoq zowoq Awaiting requested review from zowoq

1 more reviewer

@jfly jfly jfly approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

6.topic: agda A dependently typed programming language / interactive theorem prover 6.topic: cinnamon Desktop environment 6.topic: continuous integration Affects continuous integration (CI) in Nixpkgs, including Ofborg and GitHub Actions 6.topic: coq A formal proof management system 6.topic: COSMIC COSMIC is a software platform for designing beautiful user experiences 6.topic: docker tools Open-source software for deploying and running of containerized applications 6.topic: dotnet Language: .NET 6.topic: emacs Text editor 6.topic: erlang General-purpose, concurrent, functional high-level programming language 6.topic: fetch Fetchers (e.g. fetchgit, fetchsvn, ...) 6.topic: GNOME GNOME desktop environment and its underlying platform 6.topic: golang Go is a high-level general purpose programming language that is statically typed and compiled. 6.topic: hardware Drivers, Firmware and Kernels 6.topic: haskell General-purpose, statically typed, purely functional programming language 6.topic: java Including JDK, tooling, other languages, other VMs 6.topic: jitsi VoIP and instant messaging application with video conferencing capabilities 6.topic: jupyter Interactive computing tooling: kernels, notebook, jupyterlab 6.topic: k3s Kubernates distribution (https://k3s.io/) 6.topic: kernel The Linux kernel 6.topic: lib The Nixpkgs function library 6.topic: module system About "NixOS" module system internals 6.topic: nim Nim programing language 6.topic: nixos Issues or PRs affecting NixOS modules, or package usability issues specific to NixOS 6.topic: nixos-container Imperative and declarative systemd-nspawn containers 6.topic: nodejs Node.js is a free, open-source, cross-platform JavaScript runtime environment 6.topic: nvidia Nvidia-specific issues and fixes 6.topic: pantheon The Pantheon desktop environment 6.topic: php PHP is a general-purpose scripting language geared towards web development. 6.topic: policy discussion Discuss policies to work in and around Nixpkgs 6.topic: printing Drivers, CUPS & Co. 6.topic: python Python is a high-level, general-purpose programming language. 6.topic: qt/kde Object-oriented framework for GUI creation 6.topic: R R is a programming language for statistical computing and data visualization. 6.topic: ruby A dynamic, open source programming language with a focus on simplicity and productivity. 6.topic: rust General-purpose programming language emphasizing performance, type safety, and concurrency. 6.topic: systemd Software suite that provides an array of system components for Linux operating systems. 6.topic: testing Tooling for automated testing of packages and modules 6.topic: TeX Issues regarding texlive and TeX in general 6.topic: vim Advanced text editor 6.topic: vscode A free and versatile code editor that supports almost every major programming language. 6.topic: zig Zig is an imperative, general-purpose, statically typed, compiled system programming language. 8.has: changelog This PR adds or changes release notes 8.has: documentation This PR adds or changes documentation 8.has: module (update) This PR changes an existing module in `nixos/` 8.has: port to stable This PR already has a backport to the stable release. 10.rebuild-darwin: 1-10 This PR causes between 1 and 10 packages to rebuild on Darwin. 10.rebuild-linux: 1-10 This PR causes between 1 and 10 packages to rebuild on Linux. 12.approvals: 1 This PR was reviewed and approved by one person.

Projects

Nix formatting
Status: Done

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

8 participants

@wolfgangwalther @MattSturgeon @infinisil @nixos-discourse @Ma27 @emilazy @jfly @alinarielle