Commit Graph

243 Commits

Author SHA1 Message Date
Robert Scott
745046d266 doc/stdenv: hardening flags: add section on pacret hardening flag 2024-07-28 19:27:21 +01:00
Emily
8a837af302
Merge pull request #326819 from risicle/ris-shadowstack
cc-wrapper: add support for `shadowstack` hardening flag
2024-07-28 19:07:52 +01:00
Robert Scott
5ce990eb57 doc/stdenv: add section on shadowstack hardening flag 2024-07-28 17:40:53 +01:00
Aleksana
40c6a068bd
Merge pull request #324687 from kini/add-sourceProvenance-subheading
doc/meta: Add sourceProvenance to "Standard meta-attributes" section
2024-07-26 11:07:05 +08:00
Alexis Hildebrandt
ab42ca141a doc: Remove indefinite article and ending period from example meta.description
so that meta.description examples shown in the documentation
align with recommendations given in the "Meta attributes" section
in pkgs/README.md.

The changes were made with the following commands:
nix run nixpkgs#silver-searcher -- -l0 'description\s*=\s*"([Aa]n?|[Tt]he)\s' doc \
  | xargs -0 nix run nixpkgs#gnused -- -i '' -Ee '/description/s/"([Aa]n?|[Tt]he)\s(.)/"\U\2/'
nix run nixpkgs#silver-searcher -- -l0 'description\s*=\s*".*\."' doc \
  | xargs -0 nix run nixpkgs#gnused -- -i '' -Ee '/description/s/\."/"/'
2024-07-20 09:18:42 +02:00
John Ericson
000b58721f Merge remote-tracking branch 'upstream/master' into openbsd-static 2024-07-09 18:18:47 -04:00
John Ericson
676df1cf2d openbsd: Add static linking support
I've had better luck creating statically-linked binaries that work than
dynamically-linked ones, so this is needed quite practically.
2024-07-09 18:17:06 -04:00
Keshav Kini
89fcddbc8c doc/meta: Add sourceProvenance to "Standard meta-attributes" section
`meta.sourceProvenance` has its own level 2 heading at the bottom of the file,
but unlike the other meta-attributes it doesn't have a level 3 heading under the
"Standard meta-attributes" section.  Readers looking at the list of subheadings
directly under the "Standard meta-attributes" section header may not realize
that `meta.sourceProvenance` exists unless they scroll down to the bottom of the
page.

This commit adds a level 3 heading for sourceProvenance under "Standard
meta-attributes".
2024-07-04 14:58:25 -07:00
github-actions[bot]
aba75819b6
Merge master into staging-next 2024-07-03 18:01:04 +00:00
aleksana
19bbe0b3eb doc/meta: make meta.description consistent with contributing document 2024-07-04 01:22:08 +08:00
github-actions[bot]
d77a3adc09
Merge master into staging-next 2024-07-03 00:02:45 +00:00
Doron Behar
f42d4debf0 doc: recommend versionCheckHook whenever relevant 2024-06-28 18:03:59 +03:00
Robert Scott
f52a4c6810 doc/stdenv: hardening flags: add example error for trivialautovarinit 2024-06-22 01:11:27 +01:00
Rick van Schijndel
43ce0f9ee0
Merge pull request #318256 from risicle/ris-stack-clash-protection
cc-wrapper: add stack clash protection hardening flag
2024-06-19 19:54:30 +02:00
github-actions[bot]
f9c7b930b4
Merge staging-next into staging 2024-06-11 12:01:44 +00:00
Travis A. Everett
9ff9bbdb34
doc: add stdenv passthru chapter (#315909)
* doc: add stdenv passthru chapter

Broad strokes:
- create the chapter
- move existing stdenv passthru coverage into it
- move out-of-place coverage of passthru.tests from the stdenv meta chapter into it
- (try to) apply 1-sentence-per-line to text I've touched
- add legacy anchors for everything moved
- update existing links to the new anchors
- add tentative motivating text
- make nixpkgs-internal links relative/branchless

razor: if it is only ever needed by contributors, which is likely if links
refer to the latest revision of the source code, then it's for
the contributor guide

Co-authored-by: Valentin Gagarin <valentin.gagarin@tweag.io>
2024-06-11 10:51:03 +02:00
Robert Scott
a3f5640dd7 doc/stdenv: hardening flags: add section on stackclashprotection 2024-06-07 20:24:46 +01:00
Robert Scott
932bf58e90 doc/stdenv: hardening flags: move zerocallusedregs into "enabled by default" section
following dd80ca4d00
2024-06-07 20:17:51 +01:00
Arnout Engelen
eb83125aa3
Merge pull request #315616 from doronbehar/doc/installCheckPhase
doc/meta: Mention --version as a good usecase for installCheckPhase
2024-06-07 11:41:37 +02:00
Robert Scott
062f1fa52a doc/stdenv: hardening flags: add section on trivialautovarinit 2024-06-05 23:10:20 +01:00
Robert Scott
39f39b5568 doc/stdenv: hardening flags: add section on zerocallusedregs 2024-06-05 23:10:20 +01:00
Robert Scott
65cc6d3cf1 doc/stdenv: hardening flags: add section on fortify3 2024-06-05 23:10:19 +01:00
Robert Scott
a8062e526c doc/stdenv: hardening flags: add note on conditional support for some flags 2024-06-05 23:10:12 +01:00
Doron Behar
0aa9043370 doc/meta: still mention testVersion near the installCheckPhase recommendation 2024-05-30 16:33:27 +03:00
Doron Behar
444c2b6dd0 doc/meta: Mention --version as a good usecase for installCheckPhase 2024-05-30 16:09:04 +03:00
Doron Behar
f4e6f41b72 doc/meta: better explain an advantage or passthru.tests 2024-05-30 16:09:03 +03:00
Doron Behar
f4e7ce7719 doc/meta: small link target shortenning
Shorten the path from the link to the to actual content about
passthru.tests - the content was moved into pkgs/README.md .
2024-05-30 16:09:03 +03:00
Doron Behar
2093ef28d9 doc/meta: mention how Hydra and other tools don't run passthru.tests 2024-05-30 16:09:03 +03:00
Alyssa Ross
20ca4f5529 doc: fix meta.badPlatforms example
error: attribute 'isStatic' missing
2024-05-13 10:24:25 +02:00
Aleksana
fe0c92572f
doc/stdenv: document prefixKey more precisely (#302535)
* doc/stdenv: document prefixKey more precisely

Co-authored-by: Valentin Gagarin <valentin.gagarin@tweag.io>
2024-04-08 14:07:40 +02:00
K900
59bccda153 Revert "stdenv: add meta.repository field"
This reverts commit 7e1443abbb.
2024-03-30 17:19:21 +03:00
a-n-n-a-l-e-e
2809c84cfb
Merge pull request #294347 from lolbinarycat/meta.repository
stdenv: add meta.repository field
2024-03-29 13:03:04 -07:00
binarycat
7e1443abbb stdenv: add meta.repository field 2024-03-29 14:34:09 -04:00
Janne Heß
fcc95ff817 treewide: Fix all Nix ASTs in all markdown files
This allows for correct highlighting and maybe future automatic
formatting. The AST was verified to work with nixfmt only.
2024-03-28 09:28:12 +01:00
Janne Heß
bc77c7a973 treewide: Mark Nix blocks in markdown as Nix
This should help us with highlighting and future formatting.
2024-03-28 09:28:12 +01:00
Anderson Torres
e671d3bbbd Nix docs: remove with lib; from example code
Following [Best Practices](https://nix.dev/guides/best-practices#with-scopes),
`with` is a problematic language construction and should be avoided.

Usually it is employed like a "factorization": `[ X.A X.B X.C X.D ]` is written
`with X; [ A B C D ]`.

However, as shown in the link above, the syntatical rules of `with` are not so
intuitive, and this "distributive rule" is very selective, in the sense that
`with X; [ A B C D ]` is not equivalent to `[ X.A X.B X.C X.D ]`.

However, this factorization is still useful to "squeeze" some code, especially
in lists like `meta.maintainers`.

On the other hand, it becomes less justifiable in bigger scopes. This is
especially true in cases like `with lib;` in the top of expression and in sets
like `meta = with lib; { . . . }`.

That being said, this patch removes most of example code in the current
documentation.

The exceptions are, for now
- doc/functions/generators.section.md
- doc/languages-frameworks/coq.section.md

because, well, they are way more complicated, and I couldn't parse them
mentally - yet another reason why `with` should be avoided!
2024-03-06 11:40:09 -03:00
github-actions[bot]
dc4a7c97b0
Merge master into staging-next 2024-01-18 18:00:55 +00:00
Peder Bergebakken Sundt
e07a2fab7f stdenv: substituteStream: deprecate --replace in favor of --replace-{fail,warn,quiet} 2024-01-14 22:07:58 +01:00
Olivia Crain
f6e6a6d80e
doc: replace pcre with pcre2 in example script
https://www.pcre.org/

The `pcre` library is "now at end of life, and is no longer being
maintained," according to the upstream maintainers. Accordingly, we
should replace uses of `pcre` with its actively maintained successor,
`pcre2`, wherever possible .
2024-01-03 11:36:03 -06:00
Silvan Mosberger
59a6f908b5
Merge pull request #271797 from bzm3r/master
doc: diagram explaining what it means for a dependency to be propagated
2023-12-21 17:14:30 +01:00
Brian Merchant
b37adfc009 doc: Clarify dependency propagation 2023-12-21 17:11:47 +01:00
Silvan Mosberger
6afebb56f8
Merge pull request #271360 from mattpolzin/patch-1
doc: clarify stdenv phase flag attributes
2023-12-20 20:37:41 +01:00
Danila Danko
ceb8e4efd9
doc: Update stdenv.chapter.md (#274706)
Extended genericBuild description
2023-12-16 13:32:15 +01:00
Mathew Polzin
fb9e48c6b9 doc: clarify stdenv phase flag attributes 2023-11-30 22:28:58 -06:00
Ivan Mincik
57801428da doc/stdenv: update manual phases execution instructions
Update instructions for manual build phases execution via `nix-shell` to
cover all phases. There is no easy way of getting those commands, so it
makes a sense to have them all properly documented.
2023-11-20 00:06:11 +01:00
Arnout Engelen
97b0ae26f7
doc: avoid 'simply' (#266434)
While the word 'simply' is usually added to encourage readers, it often has the
opposite effect and may even appear condescending, especially when the reader
runs into trouble trying to apply the suggestions from the documentation. It is
almost always an improvement to simply drop the word from the sentence.

(there are more possible improvements like this, we can apply those in separate
PRs)
2023-11-09 21:48:05 +01:00
Yueh-Shun Li
9d6da5bd1e doc: rename sub-section Recursive attributes in stdenv -> Fixed-point arguments in stdenv
Co-authored-by: Valentin Gagarin <valentin.gagarin@tweag.io>
2023-11-07 19:58:54 +00:00
Jade Lovelace
0504bc63e4
doc/stdenv: rewrite manual build procedure to be closer to an auto-build (#262137)
* doc/stdenv: rewrite manual build procedure to be closer to an auto-build

This is based on
<https://jade.fyi/blog/building-nix-derivations-manually/> plus some
more original research.

The previous version of this section did not work for your choice of
simple Haskell package, e.g. haskellPackages.hscolour, due to things
like `compileBuildDriverPhase` and other custom phases that it
does not address at all.

It seems more correct to use genericBuild in development to harmonize it
with what is actually done.

I feel a little bit like I am committing a sin by suggesting using the
experimental CLI in the manual (afaict I am the first to do this), but I
have given the old version of the command, and there are justifiable
reasons to do it:
* The noted limitations with env-vars are fixed. The one with the
  non-empty temp directory was one I ran into myself and oh boy was that
  not fun to debug.
* Additionally the outputs are set *before* sourcing `setup.sh`: there
  is an issue with nix-shell where the original version of `$out` winds
  up in `NIX_LDFLAGS` due to _addRpathPrefix, which means that resulting
  executables may not run properly.

It is sad that `nix develop` propagates a wrong value of `SHELL` to
builders, though. It is equally sad that `nix-shell` is essentially
abandoned upstream, with undocumented and not insignificant differences
from `nix develop`.

For the exact script differences:
17e6b85d05/src/nix-build/nix-build.cc (L516-L551)
db026103b1/src/nix/get-env.sh

Co-authored-by: Valentin Gagarin <valentin.gagarin@tweag.io>
2023-10-23 01:53:23 +02:00
Alejandro Sánchez Medina
cbd1748558
nixpkgs manual: add an alternative example in stdenv-separateDebugInfo (#257861)
* nixpkgs manual: add an alternative example in stdenv-separateDebugInfo

This change gets rid of the indirect reference to `nix-env -i` usage
and shows how to achieve the same goal with a shell expression.

Co-authored-by: Valentin Gagarin <valentin.gagarin@tweag.io>
2023-09-29 10:23:22 +02:00
Felix Yan
8ac0795c1f doc: fix wrong flag in description of bindnow
`-z bindnow` doesn't exist. The actual flag added is `-z now`.
2023-09-27 09:59:56 -03:00