This is a program written in a memory‐unsafe language that processes
potentially‐untrusted user input. We shouldn’t disable upstream’s
sandboxing mechanisms for all downstream consumers without good
reason.
Although the sandbox API is officially marked as deprecated, it is
used as the basis for the supported App Sandbox and it is extremely
unlikely to ever be removed as it is used extensively throughout
the OS for service hardening and by third parties like the Chrome
sandbox. Nix itself uses it to sandbox builds, and its lack of support
for nesting is why this caused problems in the first place. Instead,
introduce a `lowdown-unsandboxed` package that can be used in the
`nativeBuildInputs` of Nix builds, while keeping the sandboxed
version of the program for general use. The name might not be ideal,
as it remains identical to `lowdown` on non‐Darwin platforms,
but I couldn’t think of a better one.
See: #125004Closes: #346933
In preparation for the deprecation of `stdenv.isX`.
These shorthands are not conducive to cross-compilation because they
hide the platforms.
Darwin might get cross-compilation for which the continued usage of `stdenv.isDarwin` will get in the way
One example of why this is bad and especially affects compiler packages
https://www.github.com/NixOS/nixpkgs/pull/343059
There are too many files to go through manually but a treewide should
get users thinking when they see a `hostPlatform.isX` in a place where it
doesn't make sense.
```
fd --type f "\.nix" | xargs sd --fixed-strings "stdenv.is" "stdenv.hostPlatform.is"
fd --type f "\.nix" | xargs sd --fixed-strings "stdenv'.is" "stdenv'.hostPlatform.is"
fd --type f "\.nix" | xargs sd --fixed-strings "clangStdenv.is" "clangStdenv.hostPlatform.is"
fd --type f "\.nix" | xargs sd --fixed-strings "gccStdenv.is" "gccStdenv.hostPlatform.is"
fd --type f "\.nix" | xargs sd --fixed-strings "stdenvNoCC.is" "stdenvNoCC.hostPlatform.is"
fd --type f "\.nix" | xargs sd --fixed-strings "inherit (stdenv) is" "inherit (stdenv.hostPlatform) is"
fd --type f "\.nix" | xargs sd --fixed-strings "buildStdenv.is" "buildStdenv.hostPlatform.is"
fd --type f "\.nix" | xargs sd --fixed-strings "effectiveStdenv.is" "effectiveStdenv.hostPlatform.is"
fd --type f "\.nix" | xargs sd --fixed-strings "originalStdenv.is" "originalStdenv.hostPlatform.is"
```
- Improve UTF-8 handling by not treating bytes >=0x80, which tend to be
UTF-8 continuation bytes, as control characters.
This leaves control characters U+0080 through U+009F in the output
(incorrectly) but doesn't mangle other UTF-8 characters, so it's a net
win.
See: https://github.com/kristapsdz/lowdown/pull/140
- Don't output a newline between a `.SH` and a heading.
This fixes `makewhatis` output on macOS and (as a result) `man`
completions for `fish` on macOS.
See: https://github.com/kristapsdz/lowdown/pull/138
The GitHub account has been inactive for 4+ years.
This is sadly necessary due to the delays in reviews/merges when others are waiting for the requested maintainers to review the PR.
Instructions for re-adding once you return https://github.com/NixOS/nixpkgs/tree/master/maintainers#how-to-become-a-maintainer
We appreciate your past and future contributions.
Co-authored-by: Anderson Torres <torres.anderson.85@protonmail.com>
Without the change the eval fails as:
$ nix build --no-link -f. tectonic.tests
error:
… while evaluating the attribute 'biber-compatibility'
… in the condition of the assert statement
at pkgs/stdenv/generic/make-derivation.nix:540:1:
539| # Policy on acceptable hash types in nixpkgs
540| assert attrs ? outputHash -> (
| ^
541| let algo =
… in the right operand of the IMPL (->) operator
at /home/slyfox/dev/git/nixpkgs-master/pkgs/stdenv/generic/make-derivation.nix:540:27:
539| # Policy on acceptable hash types in nixpkgs
540| assert attrs ? outputHash -> (
| ^
541| let algo =
(stack trace truncated; use '--show-trace' to show the full, detailed trace)
error: attribute 'outputHashAlgo' missing
at pkgs/tools/typesetting/tectonic/tests.nix:65:9:
64| inherit (emptyFile)
65| outputHashAlgo
| ^
66| outputHashMode
Hash mismatch was caused by #333143.
The build error message contains:
Validating consistency between /build/source/Cargo.lock and /build/texpresso-tonic-0.15.0-vendor.tar.gz/Cargo.lock
2372d2371
< "time",
2707c2706
< version = "0.3.36"
---
> version = "0.3.34"
...
ERROR: cargoHash or cargoSha256 is out of date
Fixes#334648.
This is done with the following bash script:
```
#!/usr/bin/env bash
process_line() {
local filename=${1%:}
if [[ $4 =~ \"(.*)\"\; ]]; then
local sha256="${BASH_REMATCH[1]}"
fi
[[ -z $sha256 ]] && return 0
local hash=$(nix hash to-sri --type sha256 $sha256)
echo "Processing: $filename"
echo " $sha256 => $hash"
sed -i "s|cargoSha256 = \"$sha256\"|cargoHash = \"$hash\"|"
$filename
}
# split output by line
grep -r 'cargoSha256 = ' . | while IFS= read -r line; do
# split them further by space
read -r -a parts <<< "$line"
process_line "${parts[@]}"
done
```
