nixos/nixos-option: Show values inside aggregate options uniformly #2
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
10 tasks
lheckemann
reviewed
Dec 14, 2019
Ma27
reviewed
Dec 14, 2019
There was a problem hiding this comment.
After e0780c5 but before this change, this query just printed out a raw
thing, which is behavior that belongs in nix eval, nix-instantiate --eval, or nix repl <<<:
I don't think that this is a bad thing: nixos-option is supposed to be used to introspect the current configuration's values. Especially for non-power-users it is probably unintuitive to hack a fairly long nix eval call together. If you simply want to see options, man configuration.nix should be sufficient.
For aggregates of other types (not submodules), print out the option
that contains them rather than printing an error message.
Nice! Thanks a lot for taking care of this!
chkno
force-pushed
the
submodule-fixes-for-nixos-option
branch
from
f210a14
to
0fd37e9
Compare
chkno
commented
Dec 16, 2019
There was a problem hiding this comment.
I don't think that this is a bad thing:
nixos-optionis supposed to be used to introspect the current configuration's values. Especially for non-power-users it is probably unintuitive to hack a fairly longnix evalcall together. If you simply want to see options,man configuration.nixshould be sufficient.
(man configuration.nix - Oh, that's a neat manpage. Thanks! I added it to man nixos-option's see-also in NixOS#75787 )
It doesn't make sense to me for options to be treated differently based on whether they're submodules or not.
I agree that dumping the values of options is much more helpful to humans than just their names. This seems true to me whether or not the option is in a submodule or not -- compare users.users.root (a submodule) and powerManagement (not a submodule):
| Current | Seems Better |
|---|---|
$ nixos-option powerManagement This attribute set contains: cpuFreqGovernor cpufreq enable powerDownCommands powerUpCommands powertop resumeCommands scsiLinkPolicy | $ nixos-option --all | grep ^powerManagement powerManagement.cpuFreqGovernor = null; powerManagement.cpufreq.max = null; powerManagement.cpufreq.min = null; powerManagement.enable = true; powerManagement.powerDownCommands = ""; powerManagement.powerUpCommands = ""; powerManagement.powertop.enable = false; powerManagement.resumeCommands = ""; powerManagement.scsiLinkPolicy = null; |
$ nixos-option users.users.root This attribute set contains: createHome cryptHomeLuks description extraGroups group hashedPassword home initialHashedPassword initialPassword isNormalUser isSystemUser name openssh packages password passwordFile shell subGidRanges subUidRanges uid useDefaultShell | $ nixos-option --all | grep ^users.users.root users.users.root.createHome = false; users.users.root.cryptHomeLuks = null; users.users.root.description = "System administrator"; users.users.root.extraGroups = [ ]; users.users.root.group = "root"; users.users.root.hashedPassword = null; users.users.root.home = "/root"; users.users.root.initialHashedPassword = "!"; users.users.root.initialPassword = null; users.users.root.isNormalUser = false; users.users.root.isSystemUser = false; users.users.root.name = "root"; users.users.root.openssh.authorizedKeys.keyFiles = [ ]; users.users.root.openssh.authorizedKeys.keys = [ ]; users.users.root.packages = [ ]; users.users.root.password = null; users.users.root.passwordFile = null; users.users.root.shell = «derivation /nix/store/...-bash-interactive-4.4-p23.drv»; users.users.root.subGidRanges = [ ]; users.users.root.subUidRanges = [ ]; users.users.root.uid = 0; users.users.root.useDefaultShell = false; |
The nixos-option --all | grep ^... trick doesn't work for any options with multi-line values, and writing a little sed program that would do the right thing to --all output is at least as far out of reach of novice users as invoking nix repl <<< ... correctly.
What if the output format of --all could be used with only part of the option tree? Suppose it goes behind a -r for "recursive" flag such that nixos-option -r powerManagement and nixos-option -r users.users.root would produce the second-column output above? (nixos-option --all would then have the same meaning as nixos-option -r "")
I don't know if it makes sense to make this the default format, though. The current content-free format is much faster to print, more robust against broken configs with errors or circular references or whatever, doesn't ever surprise you by usually printing ~10 lines and occasionally printing ~10,000, and is very easy to parse with scripts, which makes me fear that changing it would break someone's scripts.
Thoughts?
|
First of all thanks a lot for your hard and continuous work on
Fair enough. The thing is, I'd really love to see this for submodule roots while I don't consider it that important for attr sets with options (like
👍 If we fix this for both cases, I'm fine with this as well :)
👍 |
1. This makes aggregates of submodules (including the very important "nixos-option users.users.<username>" case) behave the same way as any other you-need-to-keep-typing-to-get-to-an-option-leaf (eg: "nixos-option environment"). Before e0780c5: $ nixos-option users.users.root error: At 'root' in path 'users.users.root': Attribute not found An error occurred while looking for attribute names. Are you sure that 'users.users.root' exists? After e0780c5 but before this change, this query just printed out a raw thing, which is behavior that belongs in "nix eval", "nix-instantiate --eval", or "nix repl <<<": $ nixos-option users.users.root { _module = { args = { name = "root"; }; check = true; }; createHome = false; cryptHomeLuks = null; description = "System administrator"; ... After this change: $ nixos-option users.users.root This attribute set contains: createHome cryptHomeLuks description extraGroups group hashedPassword ... 2. For aggregates of other types (not submodules), print out the option that contains them rather than printing an error message. Before: $ nixos-option environment.shellAliases.l error: At 'l' in path 'environment.shellAliases.l': Attribute not found An error occurred while looking for attribute names. Are you sure that 'environment.shellAliases.l' exists? After: $ nixos-option environment.shellAliases.l Note: showing environment.shellAliases instead of environment.shellAliases.l Value: { l = "ls -alh"; ll = "ls -l"; ls = "ls --color=tty"; } ...
chkno
force-pushed
the
submodule-fixes-for-nixos-option
branch
from
0fd37e9
to
16d6c6d
Compare
|
I added the |
Ma27
approved these changes
Dec 19, 2019
|
@chkno thanks! |
Ma27
pushed a commit
that referenced
this pull request
Aug 24, 2022
SQLAlchemy-Utils v0.36.6 package override build is failing. This is due to a patch in the original SQLAlchemy-Utils package which broke the build of this package override: ```bash > applying patch /nix/store/pd6anhwbf0in3r3jhi3sbn5v2fjs0mf2-skip-database-tests.patch > patching file conftest.py > Hunk #1 FAILED at 61. > Hunk #2 succeeded at 98 (offset -10 lines). ``` These SQLAlchemy package overrides were originaly added to fix incompatibilities with Flask-Admin. See commit 05ae01f However with Flask-Admin >= v1.5.6, several SQLAlchemy compatibility patches were added: * https://flask-admin.readthedocs.io/en/latest/changelog/ We can now safely remove these package overrides to make bukuserver work again.
Ma27
pushed a commit
that referenced
this pull request
Jan 2, 2023
Without this change it segfaults when trying to play any media: $ jellyfinmediaplayer Warning: Ignoring XDG_SESSION_TYPE=wayland on Gnome. Use QT_QPA_PLATFORM=wayland to run on Wayland anyway. libpng warning: iCCP: known incorrect sRGB profile Logging to /home/bf/.local/share/jellyfinmediaplayer/logs/jellyfinmediaplayer.log Cannot load libcuda.so.1 Segmentation fault (core dumped) The backtrace shows pipewire being at fault: $ coredumpctl debug [...] Program terminated with signal SIGSEGV, Segmentation fault. #0 0x00007f711428c9bb in core_event_demarshal_remove_id () from /nix/store/nhffrd7f15dhfbkwzgayq7hhzmdvdy19-pipewire-0.3.63-lib/lib/pipewire-0.3/libpipewire-module-protocol-native.so [Current thread is 1 (Thread 0x7f6ffdc87640 (LWP 1360949))] (gdb) bt #0 0x00007f711428c9bb in core_event_demarshal_remove_id () from /nix/store/nhffrd7f15dhfbkwzgayq7hhzmdvdy19-pipewire-0.3.63-lib/lib/pipewire-0.3/libpipewire-module-protocol-native.so #1 0x00007f711428886c in process_remote () from /nix/store/nhffrd7f15dhfbkwzgayq7hhzmdvdy19-pipewire-0.3.63-lib/lib/pipewire-0.3/libpipewire-module-protocol-native.so #2 0x00007f7114288e68 in on_remote_data () from /nix/store/nhffrd7f15dhfbkwzgayq7hhzmdvdy19-pipewire-0.3.63-lib/lib/pipewire-0.3/libpipewire-module-protocol-native.so #3 0x00007f7114310efe in loop_iterate () from /nix/store/nhffrd7f15dhfbkwzgayq7hhzmdvdy19-pipewire-0.3.63-lib/lib/spa-0.2/support/libspa-support.so #4 0x00007f71266fe7f2 in do_loop () from /nix/store/nhffrd7f15dhfbkwzgayq7hhzmdvdy19-pipewire-0.3.63-lib/lib/libpipewire-0.3.so.0 #5 0x00007f7128b08e86 in start_thread () from /nix/store/ayfr5l52xkqqjn3n4h9jfacgnchz1z7s-glibc-2.35-224/lib/libc.so.6 #6 0x00007f7128b8fce0 in clone3 () from /nix/store/ayfr5l52xkqqjn3n4h9jfacgnchz1z7s-glibc-2.35-224/lib/libc.so.6 (gdb) Standalone mpv doesn't segfault (when directly playing the underlying media files). I don't know why. Fixes: b97cda7 ("mpv-unwrapped: 0.34.1 -> 0.35.0") Fixes NixOS#205141 Ref jellyfin/jellyfin-media-player#341
Ma27
pushed a commit
that referenced
this pull request
Jan 15, 2023
Without this change it segfaults when trying to play any media: $ jellyfinmediaplayer Warning: Ignoring XDG_SESSION_TYPE=wayland on Gnome. Use QT_QPA_PLATFORM=wayland to run on Wayland anyway. libpng warning: iCCP: known incorrect sRGB profile Logging to /home/bf/.local/share/jellyfinmediaplayer/logs/jellyfinmediaplayer.log Cannot load libcuda.so.1 Segmentation fault (core dumped) The backtrace shows pipewire being at fault: $ coredumpctl debug [...] Program terminated with signal SIGSEGV, Segmentation fault. #0 0x00007f711428c9bb in core_event_demarshal_remove_id () from /nix/store/nhffrd7f15dhfbkwzgayq7hhzmdvdy19-pipewire-0.3.63-lib/lib/pipewire-0.3/libpipewire-module-protocol-native.so [Current thread is 1 (Thread 0x7f6ffdc87640 (LWP 1360949))] (gdb) bt #0 0x00007f711428c9bb in core_event_demarshal_remove_id () from /nix/store/nhffrd7f15dhfbkwzgayq7hhzmdvdy19-pipewire-0.3.63-lib/lib/pipewire-0.3/libpipewire-module-protocol-native.so #1 0x00007f711428886c in process_remote () from /nix/store/nhffrd7f15dhfbkwzgayq7hhzmdvdy19-pipewire-0.3.63-lib/lib/pipewire-0.3/libpipewire-module-protocol-native.so #2 0x00007f7114288e68 in on_remote_data () from /nix/store/nhffrd7f15dhfbkwzgayq7hhzmdvdy19-pipewire-0.3.63-lib/lib/pipewire-0.3/libpipewire-module-protocol-native.so #3 0x00007f7114310efe in loop_iterate () from /nix/store/nhffrd7f15dhfbkwzgayq7hhzmdvdy19-pipewire-0.3.63-lib/lib/spa-0.2/support/libspa-support.so #4 0x00007f71266fe7f2 in do_loop () from /nix/store/nhffrd7f15dhfbkwzgayq7hhzmdvdy19-pipewire-0.3.63-lib/lib/libpipewire-0.3.so.0 #5 0x00007f7128b08e86 in start_thread () from /nix/store/ayfr5l52xkqqjn3n4h9jfacgnchz1z7s-glibc-2.35-224/lib/libc.so.6 #6 0x00007f7128b8fce0 in clone3 () from /nix/store/ayfr5l52xkqqjn3n4h9jfacgnchz1z7s-glibc-2.35-224/lib/libc.so.6 (gdb) Standalone mpv doesn't segfault (when directly playing the underlying media files). I don't know why. Fixes: b97cda7 ("mpv-unwrapped: 0.34.1 -> 0.35.0") Fixes NixOS#205141 Ref jellyfin/jellyfin-media-player#341 (cherry picked from commit 3c528bc)
Ma27
pushed a commit
that referenced
this pull request
Jan 23, 2023
nixos/no-x-libs: fix infinite recursion accidentally introduced in #2…
Ma27
pushed a commit
that referenced
this pull request
Jul 5, 2023
flutter: Separate cache and unwrapped derivations #2
Ma27
pushed a commit
that referenced
this pull request
Jul 24, 2023
1.2.1: Bug fix release: Single bug fix (#1) that fixes regression in `perf` tool caused by libbpf resetting its custom catch-all `SEC()` handler on explicit `bpf_program__set_type()` call. Given setting custom `SEC()` handlers is rarely used and pretty esoteric feature of libbpf, most users should not be affected. 1.2.2: One more fix: - Fix (#2) possible double-free in USDT-related libbpf code, which happens when libbpf runs out of space in `__bpf_usdt_specs` map due to having too many unique USDT specs. Running out of space can be mitigated by bumping up `BPF_USDT_MAX_SPEC_CNT` define before including `bpf/usdt.bpf.h` header in BPF-side code. This will prevent the double-free as a side effect (and will make it possible to successfully attach all requested USDTs), which is a recommended work-around for libbpf versions prior to v1.2.2. Link: libbpf/libbpf@e4d3827 #1 Link: libbpf/libbpf@f117080 #2
Ma27
pushed a commit
that referenced
this pull request
Aug 5, 2023
Pull in _FORTIFY_SOURCE=3 stack smashing fix. Without the change on
current `master` `rtorrent` crashes at start as:
*** buffer overflow detected ***: terminated
__pthread_kill_implementation (threadid=<optimized out>, signo=signo@entry=6, no_tid=no_tid@entry=0) at pthread_kill.c:44
44 pthread_kill.c: No such file or directory.
(gdb) bt
#0 __pthread_kill_implementation (threadid=<optimized out>, signo=signo@entry=6, no_tid=no_tid@entry=0) at pthread_kill.c:44
#1 0x00007ffff7880af3 in __pthread_kill_internal (signo=6, threadid=<optimized out>) at pthread_kill.c:78
#2 0x00007ffff7831c86 in __GI_raise (sig=sig@entry=6) at ../sysdeps/posix/raise.c:26
#3 0x00007ffff781b8ba in __GI_abort () at abort.c:79
#4 0x00007ffff781c5f5 in __libc_message (fmt=fmt@entry=0x7ffff7992540 "*** %s ***: terminated\n") at ../sysdeps/posix/libc_fatal.c:150
#5 0x00007ffff7910679 in __GI___fortify_fail (msg=msg@entry=0x7ffff79924e6 "buffer overflow detected") at fortify_fail.c:24
#6 0x00007ffff790eea4 in __GI___chk_fail () at chk_fail.c:28
NixOS#7 0x00007ffff790ea85 in ___snprintf_chk (s=<optimized out>, maxlen=<optimized out>, flag=<optimized out>, slen=<optimized out>, format=<optimized out>) at snprintf_chk.c:29
NixOS#8 0x0000000000472acf in utils::Lockfile::try_lock() ()
NixOS#9 0x000000000044b524 in core::DownloadStore::enable(bool) ()
NixOS#10 0x00000000004b1f7b in Control::initialize() ()
NixOS#11 0x000000000043000b in main ()
Ma27
pushed a commit
that referenced
this pull request
Feb 19, 2024
Since ba83271 the build fails with applying patch /nix/store/46rxbbvl2l3mrxb50y9rzy7ahgx0lraj-d741901dddd731895346636c0d3556c6fa51fbe6.patch patching file tests/hazmat/primitives/test_aead.py Hunk #1 FAILED at 56. Hunk #2 FAILED at 197. Hunk #3 FAILED at 378. Hunk #4 FAILED at 525. Hunk #5 FAILED at 700. Hunk #6 FAILED at 844. 6 out of 6 hunks FAILED -- saving rejects to file tests/hazmat/primitives/test_aead.py.rej
Ma27
pushed a commit
that referenced
this pull request
Mar 2, 2024
Without the change `unnethack` startup crashes as:
(gdb) bt
#0 __pthread_kill_implementation (threadid=<optimized out>, signo=signo@entry=6, no_tid=no_tid@entry=0) at pthread_kill.c:44
#1 0x00007f734250c0e3 in __pthread_kill_internal (signo=6, threadid=<optimized out>) at pthread_kill.c:78
#2 0x00007f73424bce06 in __GI_raise (sig=sig@entry=6) at ../sysdeps/posix/raise.c:26
#3 0x00007f73424a58f5 in __GI_abort () at abort.c:79
#4 0x00007f73424a67a1 in __libc_message (fmt=fmt@entry=0x7f734261e2f8 "*** %s ***: terminated\n") at ../sysdeps/posix/libc_fatal.c:150
#5 0x00007f734259b1d9 in __GI___fortify_fail (msg=msg@entry=0x7f734261e2df "buffer overflow detected") at fortify_fail.c:24
#6 0x00007f734259ab94 in __GI___chk_fail () at chk_fail.c:28
NixOS#7 0x00000000005b2ac5 in strcpy (__src=0x7ffe68838b00 "Shall I pick a character's race, role, gender and alignment for you? [YNTQ] (y)",
__dest=0x7ffe68838990 "\001") at /nix/store/B0S2LKF593R3585038WS4JD3LYLF2WDX-glibc-2.38-44-dev/include/bits/string_fortified.h:79
NixOS#8 curses_break_str (str=str@entry=0x7ffe68838b00 "Shall I pick a character's race, role, gender and alignment for you? [YNTQ] (y)", width=width@entry=163,
line_num=line_num@entry=1) at ../win/curses/cursmisc.c:275
NixOS#9 0x00000000005b3f51 in curses_character_input_dialog (prompt=prompt@entry=0x7ffe68838cf0 "Shall I pick a character's race, role, gender and alignment for you?",
choices=choices@entry=0x7ffe68838d70 "YNTQ", def=def@entry=121) at ../win/curses/cursdial.c:211
NixOS#10 0x00000000005b9ca0 in curses_choose_character () at ../win/curses/cursinit.c:556
NixOS#11 0x0000000000404eb1 in main (argc=<optimized out>, argv=<optimized out>) at ./../sys/unix/unixmain.c:309
which corresponds to `gcc` warning:
../win/curses/cursmisc.c: In function 'curses_break_str':
../win/curses/cursmisc.c:275:5: warning: '__builtin___strcpy_chk' writing one too many bytes into a region of a size that depends on 'strlen' [-Wstringop-overflow=]
275 | strcpy(substr, str);
| ^
I did not find a single small upstream change that fixes it. Let's
disable `fortify3` until next release.
Closes: NixOS#292113
Ma27
pushed a commit
that referenced
this pull request
Aug 4, 2024
This adds some extremely helpful and popular encoders in by default: * openjpeg * celt * libwebp * libaom On the `master` branch, closure size for ffmpeg-headless went up 18.5 MiB. ``` $ nix store diff-closures nixpkgs#ffmpeg-headless^bin .#ffmpeg-headless^bin celt: ∅ → 0.11.3, +168.4 KiB ffmpeg-headless: +70.0 KiB giflib: ∅ → 5.2.2, +398.7 KiB lcms2: ∅ → 2.16, +466.2 KiB lerc: ∅ → 4.0.0, +840.2 KiB libaom: ∅ → 3.9.0, +8047.8 KiB libdeflate: ∅ → 1.20, +427.0 KiB libtiff: ∅ → 4.6.0, +655.9 KiB libvmaf: ∅ → 3.0.0, +2665.0 KiB libwebp: ∅ → 1.4.0, +2559.7 KiB openjpeg: ∅ → 2.5.2, +1525.1 KiB zstd: ∅ → 1.5.6, +1158.0 KiB $ nvd diff $(nix build nixpkgs#ffmpeg-headless^bin --print-out-paths --no-link) $(nix build .#ffmpeg-headless^bin --print-out-paths --no-link) <<< /nix/store/4n60lnj3zkjpasd4c56bzhpx2m8lc1sx-ffmpeg-headless-6.1.1-bin >>> /nix/store/884f487w5hac6rs94jq6hq5zqkxdv666-ffmpeg-headless-6.1.1-bin Added packages: [A.] #1 celt 0.11.3 [A.] #2 giflib 5.2.2 [A.] #3 lcms2 2.16 [A.] #4 lerc 4.0.0 [A.] #5 libaom 3.9.0 [A.] #6 libdeflate 1.20 [A.] NixOS#7 libtiff 4.6.0 [A.] NixOS#8 libvmaf 3.0.0 [A.] NixOS#9 libwebp 1.4.0 x2 [A.] NixOS#10 openjpeg 2.5.2 [A.] NixOS#11 zstd 1.5.6 Closure size: 66 -> 78 (15 paths added, 3 paths removed, delta +12, disk usage +18.5MiB). ```
Ma27
added a commit
that referenced
this pull request
Aug 24, 2024
Strongly inspired by the forgejo counterpart[1], for the following
reasons:
* The feature is broken with the current module and crashes on
authentication with the following stacktrace (with a PAM service
`gitea` added):
server # Stack trace of thread 1008:
server # #0 0x00007f3116917dfb __nptl_setxid (libc.so.6 + 0x8ddfb)
server # #1 0x00007f3116980ae6 setuid (libc.so.6 + 0xf6ae6)
server # #2 0x00007f30cc80f420 _unix_run_helper_binary (pam_unix.so + 0x5420)
server # #3 0x00007f30cc8108c9 _unix_verify_password (pam_unix.so + 0x68c9)
server # #4 0x00007f30cc80e1b5 pam_sm_authenticate (pam_unix.so + 0x41b5)
server # #5 0x00007f3116a84e5b _pam_dispatch (libpam.so.0 + 0x3e5b)
server # #6 0x00007f3116a846a3 pam_authenticate (libpam.so.0 + 0x36a3)
server # NixOS#7 0x00000000029b1e7a n/a (.gitea-wrapped + 0x25b1e7a)
server # NixOS#8 0x000000000047c7e4 n/a (.gitea-wrapped + 0x7c7e4)
server # ELF object binary architecture: AMD x86-64
server #
server # [ 42.420827] gitea[897]: pam_unix(gitea:auth): unix_chkpwd abnormal exit: 159
server # [ 42.423142] gitea[897]: pam_unix(gitea:auth): authentication failure; logname= uid=998 euid=998 tty= ruser= rhost= user=snenskek
It only worked after turning off multiple sandbox settings and adding
`shadow` as supplementary group to `gitea.service`.
I'm not willing to maintain additional multiple sandbox settings for
different features, especially given that it was probably not used for
quite a long time:
* There was no PR or bugreport about sandboxing issues related to
PAM.
* Ever since the module exists, it used the user `gitea`, i.e. it had
never read-access to `/etc/shadow`.
* Upstream has it disabled by default[2].
If somebody really needs it, it can still be brought back by an overlay
updating `tags` accordingly and modifying the systemd service config.
[1] 07641a9
[2] https://docs.gitea.com/usage/authentication#pam-pluggable-authentication-module
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
nixos-option users.users.<username>case) behave the same way as anyother you-need-to-keep-typing-to-get-to-an-option-leaf (eg:
"nixos-option environment").
Before e0780c5:
After e0780c5 but before this change, this query just printed out a raw
thing, which is behavior that belongs in
nix eval,nix-instantiate --eval, ornix repl <<<:After this change:
that contains them rather than printing an error message.
Before:
After:
Motivation for this change
Things done
sandboxinnix.confon non-NixOS linux)nix-shell -p nix-review --run "nix-review wip"./result/bin/)nix path-info -Sbefore and after)Notify maintainers
cc @chkno