-
-
Notifications
You must be signed in to change notification settings - Fork 12.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
doc: explain pull request template #28589
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for taking the time to write this down. I largely agree on the content.
I am not a good proof reader though, so maybe somebody else should read it too.
doc/submitting-changes.xml
Outdated
<literal>fetch*</literal> functions and files outside the Nix store. | ||
Depending on the operating system access to other resources are blocked | ||
as well (ex. inter process communication is isolated on Linux); see <link | ||
xlink:href="https://nixos.org/nix/manual/#description-45">build-use-sandbox</link> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@other reviewer
Since both documents are in the same documentation, what is the right way to link them in docbook?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't think you can because these are in separate documents. This is linking the nix manual, but this is in the nixpkgs manual. Someone that knows docbook better than me can correct me if I'm wrong here.
doc/submitting-changes.xml
Outdated
maintainer to verify the functionality of the package. If there are | ||
existing tests for the package, they should be ran to verify your changes | ||
do not break the tests. Tests only apply to packages with NixOS modules | ||
defined and can only be ran on NixOS. For more details on writing and |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
- can be only ran on NixOS
+ can be only ran on Linux
our tests are using qemu so they are not limited to NixOS.
doc/submitting-changes.xml
Outdated
</para> | ||
<para> | ||
Depending if you use NixOS or other platforms you can use one of the | ||
following methods to enable sandboxing: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
what I forgot to add here is the following:
- following methods to enable sandboxing.
+ following methods to enable sandboxing <emphasis role="bold">before</emphasis> building the package.
doc/submitting-changes.xml
Outdated
<itemizedlist> | ||
<listitem> | ||
<para><emphasis role="bold">Enable sandboxing for single build</emphasis>: | ||
<screen>nix-shell -I nixpkgs=/path/to/nixpkgs --option build-use-sandbox true -p hello</screen> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
append:
(replace <literal>hello</literal> with the package you want to build)
doc/submitting-changes.xml
Outdated
<itemizedlist> | ||
<listitem> | ||
<para><emphasis role="bold">Enable sandboxing for single build</emphasis>: | ||
<screen>nix-shell -I nixpkgs=/path/to/nixpkgs --option build-use-sandbox true -p hello</screen> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The way this is worded gives the impression that an ordinary user can control sandbox usage even if they are using the Nix daemon.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Are options ignored, when nix-daemon is used? Then we should probably not mention this at all. Otherwise people, will fall into the trap.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I agree it'd be better to leave this out, or at least add some caveats.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Apart from the minor nitpick, very nice!
doc/submitting-changes.xml
Outdated
Packages with automated tests are much more likely to be merged in a | ||
timely fashion because it doesn't require as much manual testing by the | ||
maintainer to verify the functionality of the package. If there are | ||
existing tests for the package, they should be ran to verify your changes |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ran -> run
doc/submitting-changes.xml
Outdated
maintainer to verify the functionality of the package. If there are | ||
existing tests for the package, they should be ran to verify your changes | ||
do not break the tests. Tests only apply to packages with NixOS modules | ||
defined and can only be ran on NixOS. For more details on writing and |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ran -> run
8d67106
to
3b5e1e9
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Really really great. A few nits to be picked, and I think the part about why sandboxing is disabled by default should be corrected prior to merging. Thank you a lot for writing this :D
doc/submitting-changes.xml
Outdated
Depending on the operating system access to other resources are blocked | ||
as well (ex. inter process communication is isolated on Linux); see <link | ||
xlink:href="https://nixos.org/nix/manual/#description-45">build-use-sandbox</link> | ||
in nix manual for details. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nix -> Nix
doc/submitting-changes.xml
Outdated
for each build process. It is used to remove further hidden dependencies | ||
set by the build environment to improve reproducibility. This includes | ||
access to the network during the build outside of | ||
<literal>fetch*</literal> functions and files outside the Nix store. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
<function>
over <literal>
I think?
doc/submitting-changes.xml
Outdated
</para> | ||
<para> | ||
Sandboxes are not enabled by default in Nix as there are cases where it | ||
makes building packages harder (for example <command>npm |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sandboxing is disabled by default not because it is harder, but because it is slower: NixOS/nix#179
doc/submitting-changes.xml
Outdated
<section> | ||
<title>Built on platform(s)</title> | ||
<para> | ||
Many <literal>Nix</literal> packages are designed to run on multiple |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nix isn't a literal here
doc/submitting-changes.xml
Outdated
</para> | ||
<para> | ||
review changes from pull request number 12345: | ||
<screen>nix-shell -p nox --run nox-review 12345</screen> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Missing the command pr
, should be: nox-review pr 12345
doc/submitting-changes.xml
Outdated
It's important to test any executables generated by a build when you | ||
change or create a package in nixpkgs. This can be done by looking in | ||
<filename>./result/bin</filename> and running any files in there, or at a | ||
minimum, the main file for the package. For example, if you make a change |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
file
is ambiguous, I think you mean the main executable for the package
3b5e1e9
to
c2d0917
Compare
c2d0917
to
aae7745
Compare
Motivation for this change
Give detailed sections in nixpkgs contributing section of what the different sections of the PR template are and how to fulfill the requirements for each checkbox. This addresses #28579.
Things done
(nix.useSandbox on NixOS,
or option
build-use-sandbox
innix.conf
on non-NixOS)
nix-shell -p nox --run "nox-review wip"
./result/bin/
)