ce96c79779
Previously, when updating multiple packages, we just updated them in arbitrary order. However, when some of those packages depended on each other, it could happen that some of the intermediary commits would not build because of version constraints on dependencies.
If we want each commit in the history to build when feasible, we need to consider four different scenarios:
1. Updated dependant is compatible with both the old and the new version of the dependency. Order of commits does not matter. But updating dependents first (i.e. reverse topological order) is useful since it allows building each package on the commit that updates it with minimal rebuilds.
2. Updated dependant raises the minimal dependency version. Dependency needs to be updated first (i.e. topological order).
3. Old dependant sets the maximal dependency version. Dependant needs to be updated first (i.e. reverse topological order).
4. Updated dependant depends on exact version of dependency and they are expected to be updated in lockstep. The earlier commit will be broken no matter the order.
This change allows selecting the order of updates to facilitate the first three scenarios. Since most package sets only have loose version constraints, the reverse topological order will generally be the most convenient. In major package set updates like bumping GNOME release, there will be exceptions (e.g. libadwaita typically requires GTK 4 from the same release) but those were probably in broken order before as well.
The downside of this feature is that it is quite slow – it requires instantiating each package and then querying Nix store for requisites.
It may also fail to detect dependency if there are multiple variants of the package and dependant uses a different one than the canonical one.
Testing with:
env GNOME_UPDATE_STABILITY=unstable NIX_PATH=nixpkgs=$HOME/Projects/nixpkgs nix-shell maintainers/scripts/update.nix --arg predicate '(path: pkg: path == ["gnome-shell"] || path == ["mutter"] || path == ["glib"] || path == ["gtk3"] || path == ["pango"] || path == ["gnome-text-editor"])' --argstr order reverse-topological --argstr commit true --argstr max-workers 4
Maintainer scripts
This folder contains various executable scripts for nixpkgs maintainers, and supporting data or nixlang files as needed. These scripts generally aren't a stable interface and may changed or be removed.
What follows is a (very incomplete) overview of available scripts.
Metadata
get-maintainer.sh
get-maintainer.sh [selector] value returns a JSON object describing
a given nixpkgs maintainer, equivalent to lib.maintainers.${x} // { handle = x; }.
This allows looking up a maintainer's attrset (including GitHub and Matrix
handles, email address etc.) based on any of their handles, more correctly and
robustly than text search through maintainers-list.nix.
❯ ./get-maintainer.sh nicoo
{
"email": "nicoo@debian.org",
"github": "nbraud",
"githubId": 1155801,
"keys": [
{
"fingerprint": "E44E 9EA5 4B8E 256A FB73 49D3 EC9D 3708 72BC 7A8C"
}
],
"name": "nicoo",
"handle": "nicoo"
}
❯ ./get-maintainer.sh name 'Silvan Mosberger'
{
"email": "contact@infinisil.com",
"github": "infinisil",
"githubId": 20525370,
"keys": [
{
"fingerprint": "6C2B 55D4 4E04 8266 6B7D DA1A 422E 9EDA E015 7170"
}
],
"matrix": "@infinisil:matrix.org",
"name": "Silvan Mosberger",
"handle": "infinisil"
}
The maintainer is designated by a selector which must be one of:
handle(default): the maintainer's attribute name inlib.maintainers;email,name,github,githubId,matrix,name: attributes of the maintainer's object, matched exactly; seemaintainer-list.nixfor the fields' definition.
Conventions
sha-to-sri.py
sha-to-sri.py path ... (atomically) rewrites hash attributes (named hash or sha(1|256|512))
into the SRI format: hash = "{hash name}-{base64 encoded value}".
path must point to either a nix file, or a directory which will be automatically traversed.
sha-to-sri.py automatically skips files whose first non-empty line contains generated by or do not edit.
Moreover, when walking a directory tree, the script will skip files whose name is yarn.nix or contains generated.