This introduces a patch that improves binary reproducibility since changes in
ordering of the generated code indeed cause changes in the compiled code.
Additionally, since neovim embeds luajit-compiled bytecode into the nvim binary,
we are impacted by https://github.com/LuaJIT/LuaJIT/issues/626 . It is possible
to switch to lua 5.1, but that'd be a regression (luajit has much better
performance and some plugins depend on it, like for example Noice and Lazy).
Disabling `COMPILE_LUA` at build time would cause a runtime penalty each time
neovim starts. Instead, we run luagit with those security settings disabled for
the build-time code generation.
(Note to self: for a minimized testcase this seemed to help at
975ec13f5d5aefcac1dbb15fa867e660e07c93a1 but no longer at
03080b795aa3496ed62d4a0697c9f4767e7ca7e5 of luajit, which is surprising since
that commit doesn't look super relevant. _Also_ surprisingly it does seem to
work in the context of the neovim code generation, though, so that might be
good enough...)
Also, some of the code generation (using mpack and tables) still relies on
stable table ordering. This should eventually be fixed, but as a workaround
we use the luajit-with-stable-string-ids for those generators as well.
Fixes#207841
Goal is to improve separation between packages and utilities.
Can help with autocompletion/navigate nixpkgs faster.
Also it will help standardize how LUA_PATH is exported across packages,
so that one can more easily make lua changes across nixpkgs (for
instance changing where lua modules are installed).
/cc roundup issues: #96821, #96828.
The diff upstream is fairly small, so let me trust Mike Pall on this.
Both versions get a pair of commits that seem to address the CVE
https://github.com/LuaJIT/LuaJIT/issues/603
and 2.1 additionally gets one other small commit.
Overriding INSTALL_INC caused luajit to be installed directly into the
`include/` directory instead of `include/luajit-${version}` as normally
expected. Previously the path indicated in the pkg-config file also did
not match the actual header file location.
I suppose 2.1 with caveats with some pointers is better than nothing.
I'm sorry for the potential confusion. In particular, the problem
about 64-bit pointers is the same in 2.0 and 2.1, despite the warning
only being shown for 2.1 on the web site.