Upstream tracking#165
Draft
grahamc wants to merge 2817 commits into
Draft
Conversation
…998-5408-415d-888c-22b360e92308 Release v3.20.0
Add `nix serve` command
Restore resBuildResult fields for failed builds
If the string isn't terminated, parseString() returns a string of size std::string::npos, which then causes an out-of-bounds read later. Fixes: ==47978== Invalid read of size 1 ==47978== at 0x4BEF70A: nix::expect(nix::(anonymous namespace)::StringViewStream&, char) (../src/libstore/derivations.cc:232) ==47978== by 0x4BEE3CA: parseDerivationOutput (../src/libstore/derivations.cc:383) ==47978== by 0x4BEE3CA: nix::parseDerivation(nix::StoreDirConfig const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >&&, std::basic_string_view<char, std::char_traits<char> >, nix::ExperimentalFeatureSettings const&) (???:492) ==47978== by 0x3F3803: nix::DerivationTest_UnterminatedString_Test::TestBody() (../src/libstore-tests/derivation/external-formats.cc:27) ==47978== by 0x52AD3DD: void testing::internal::HandleExceptionsInMethodIfSupported<testing::Test, void>(testing::Test*, void (testing::Test::*)(), char const*) (in /nix/store/qyg0071v3bf8vgcnccd6zi0gvc5abs3f-gtest-1.17.0/lib/libgtest.so.1.17.0) ==47978== by 0x5298E3D: testing::Test::Run() (in /nix/store/qyg0071v3bf8vgcnccd6zi0gvc5abs3f-gtest-1.17.0/lib/libgtest.so.1.17.0) ==47978== by 0x5298FCC: testing::TestInfo::Run() (in /nix/store/qyg0071v3bf8vgcnccd6zi0gvc5abs3f-gtest-1.17.0/lib/libgtest.so.1.17.0) ==47978== by 0x529920E: testing::TestSuite::Run() (in /nix/store/qyg0071v3bf8vgcnccd6zi0gvc5abs3f-gtest-1.17.0/lib/libgtest.so.1.17.0) ==47978== by 0x52A3996: testing::internal::UnitTestImpl::RunAllTests() (in /nix/store/qyg0071v3bf8vgcnccd6zi0gvc5abs3f-gtest-1.17.0/lib/libgtest.so.1.17.0) ==47978== by 0x52A3F74: testing::UnitTest::Run() (in /nix/store/qyg0071v3bf8vgcnccd6zi0gvc5abs3f-gtest-1.17.0/lib/libgtest.so.1.17.0) ==47978== by 0x49DD52: RUN_ALL_TESTS (gtest.h:2334) ==47978== by 0x49DD52: main (???:16)
parseString(): Fix out-of-bounds read
…exceptions filetransfer: handle exceptions thrown from enqueueItem
`pull_request_target` is a dangerous action trigger and should be avoided. This workflow comes from upstream, and is not necessary in this repository.
Delete .github/workflows/labels.yml: uses pull_request_target
libfetchers: verify git-lfs returns the same objects as git
Send assertion messages to Sentry
This speeds up running meson (re)configuration from 16.6s to 2.9s. More importantly though, it's better to just specify that we expect this to work rather than try to compile something, since that can silently mask errors and disable this feature.
Include panic() and std::terminate() info in Sentry crash reports
The only reason it treats 403 errors as 404s is that S3 returns 403 for files that don't exist if the bucket is unlistable. But we don't want to ignore (and definitely shouldn't cache) 401/407 errors as "file not found". This fixes "token expired" errors from cache.flakehub.com being silently ignored and cached. Now you get: # nix build --dry-run /nix/store/qnfhg5anpfpr4il3jlp9bnkf6vhyzbnj-determinate-nix-3.20.0 error: unable to download 'https://cache.flakehub.com/qnfhg5anpfpr4il3jlp9bnkf6vhyzbnj.narinfo': HTTP error 401 response body: {"code":401,"error":"Unauthorized","message":"Unauthorized.","request_id":"019e3a82-2474-7f80-8564-6e1bc2234654"} don't know how to build these paths: /nix/store/qnfhg5anpfpr4il3jlp9bnkf6vhyzbnj-determinate-nix-3.20.0 i.e. it's a fatal error now unless you use `--fallback`.
cxa-throw: Don't auto-detect
HttpBinaryCacheStore: Don't ignore 401/407 errors
…files This should provide better stack unwinding in Sentry.
upload-debug-info-to-sentry.py: Upload binaries in addition to debug files
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
12 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Motivation
Not intended to be merged directly. This PR is a convenience to show the diff between upstream Nix and Determinate Nix (the
mainbranch).Continuation of #4.