-
-
Notifications
You must be signed in to change notification settings - Fork 14.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
treewide: use new cargo fetcher #357257
Comments
Now All PR have split nixfmt into one. |
@emilazy do you agree with the step of changing to |
Sorry, when was this resolved? |
Yes, I’m fine with that if others decide it’s a good idea (opinions on a treewide migration seemed mixed in #356862, but I have no objection myself) – my reviews were only to ensure that the PRs were not prematurely merged without someone reviewing the migration program’s logic and reproducing its results, as a mass change of FOD hashes across the tree is a worst‐case scenario for Nixpkgs supply‐chain attacks. |
I'm sorry that I can't promise to have enough time for a long term to keep active in nix community. So I close it. The script is still here that anyone run it and review it. |
I think the one large lockfile approach would be desirable whether we have the cargo fetcher or not.
You're in the same place as many of us; everyone understands. It's totally fine to keep issues open or work unfinished for years. No worries. Get back to it when/if you have time and motivation. If you know you won't personally do it any time soon, it's good to be explicit about that (as you've just done) so others know they're free to pick up where you left off. |
Agreed, of course, but I’m biased, and I don’t want to block incremental improvements on my moonshot :) (Though these days I refer to it as separate crate packaging rather than one big lock file since we wouldn’t actually have or want one gigantic |
TODO: @emilazy suggest my script should be reviewd independently and all output should be reduced.
She has mentioned that FOD hash attack is possible.
This is a tracking issue to replace #356862.
These are from old PR:
Already done. We should run nixpkgs-review to check if some package have different Cargo.lock when building and in nixpkgs, like veloren.
I have writen a script to update it automatically.
Now It can solve:
Script: https://github.com/Bot-wxt1221/cargo-rename
Usage:
Compile with gcc. Make sure fetch-cargo can be exec. Exec with
a xx/pkgs/by-name/xx/xx/package.nix
cc #327063
#349360
Step to reduce:
cargoLock
:useFetchCargoVendor
The text was updated successfully, but these errors were encountered: