-
-
Notifications
You must be signed in to change notification settings - Fork 14.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
nix: 2.18 -> 2.24 #335342
nix: 2.18 -> 2.24 #335342
Conversation
This comment was marked as resolved.
This comment was marked as resolved.
This comment was marked as outdated.
This comment was marked as outdated.
I’m pretty strongly opposed to merging this when NixOS/nix#11098 hasn’t been addressed at all. The UX regression for macOS flakes users on 2.19+ is severe. (I daily drive the newer versions, but I wouldn’t wish it on anyone else.) |
Does this also happen on arm64 because I cannot confirm those performance numbers? |
I can’t speak to whether @cigrainger is on AArch64. The performance regression isn’t as bad for me as described in the original post for that issue, but everything involving flakes is still noticeably and painfully slower. If it turns out to be |
Ok. Would be great if you provide concrete numbers for different operations that you have seen being slower. I will try in a bit, if using the nix-daemon introduces a significant difference. |
I’ll try to find the time to do some proper measurements. If other people can’t reproduce this then I don’t want to block on those grounds though; it just seemed like a lot of people found the upstream report for it to be a particularly specific thing. |
Result of 1 package marked as broken and skipped:
30 packages failed to build:
78 packages built:
I think we need to pin a few packages against older nix version. Some of them are using nix bindings. |
I can probably also get hold on a native x86_64-darwin machine, but that would take me a few days. |
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as outdated.
Result of 1 package blacklisted:
10 packages failed to build:
102 packages built:
|
nix-doc should have its plugin turned off entirely. it's not required if |
nixStatic should be a hard blocker on merging this. If it's broken since it broke upstream somehow, I guess y'all need to fix that and roll a release. |
It's actually nixpkgs that is broken (perl-static), so we need to fix nixpkgs itself. nixStatic in the nix flake builds as it uses an older version of nixpkgs. |
How does one verify that it works? We could otherwise also pin it to an old version and leave it to its maintainers to fix it. |
Yep. Even on upstream/master the dependencies of nixStatic are broken. Not even libcurl does build |
This comment was marked as outdated.
This comment was marked as outdated.
What I also found to be quite fast, especially w.r.t. to update is using nix's shallow clone feature:
I haven't bench-marked yet in depth but it feels to me that it also copies faster to the next store than the tarball cache. |
Fixed in Devenv 1.1.0. It should not block this PR now. |
(BTW, after correcting the URL it looks like the backport hasn’t hit a 2.24 release yet, right?) |
@emilazy I've fixed the link. $ git show --oneline ae486b2
ae486b291 Merge pull request #11446 from NixOS/mergify/bp/2.24-maintenance/pr-11285
$ git where ae486b2
refs/remotes/upstream/2.24-maintenance
refs/remotes/upstream/latest-release
refs/tags/2.24.6
[ omitted a few lines ] # Home Manager
programs.git.aliases.where = "for-each-ref '--format=%(refname)' --contains"; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I share people’s concerns about the Nix release process of late, but it doesn’t seem like just shipping Nix 2.18 forever is a viable path forward. This bump has a lot more care put into it than the previous few times. Putting my 2¢ in that It seems worth trying, as long as we’re prepared to revert before 24.11 if necessary.
This pull request has been mentioned on NixOS Discourse. There might be relevant details there: https://discourse.nixos.org/t/nar-unpacking-vulnerability-post-mortem/52301/1 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ran:
nix build .#nixosTests.misc
Thanks for adding some new testing. Seems like all major points have been addressed and further improvements can be done in future merge requests.
Failing test is also failing on the main branch with very similar log: https://hydra.nixos.org/build/272709812/nixlog/1
Tested switching locally
A |
Though still errors with
With
test passes |
Upstreamed one part edolstra/nix-serve#60 |
https://hydra.nixos.org/build/273031249/nixlog/6 Are we doing this again |
oh no |
holy crap it's the apparently intermittent bug that was reported in the nix matrix channel today. well i guess we have a repro now. |
This pull request has been mentioned on NixOS Discourse. There might be relevant details there: https://discourse.nixos.org/t/nar-unpacking-vulnerability-post-mortem/52301/29 |
|
|
That |
Thanks for the explanation, don't think I can further help with this UnU |
Dawn has a full core dump of the bug run in the matrix, if that's helpful to anyone figuring it out. |
Description of changes
lib
test suite to passthru. I think it already runs fornix
aka stable as part of the normal CI, but this makes it easier to run by handDepends on #335458
Things done
nix.conf
? (See Nix manual)sandbox = relaxed
sandbox = true
nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD"
. Note: all changes have to be committed, also see nixpkgs-review usage./result/bin/
)Add a 👍 reaction to pull requests you find important.