* //3p/overlays/tvl: build nixos-option with latest Nix version (2.24)
as is required now. It would be nice to avoid this somehow to prevent
NixOS machines in depot having to carry around two versions of Nix.
Maybe we can at least use a statically linked nixos-option?
* //3p/{gerrit,gerrit_plugins}: update deps hash
* //tvix/eval: adjust our nixVersion “user agent” so that it'll pass the
new 2.3.17 minimum version nixpkgs prescribes (to check for zstd
support when substituting from the binary cache).
Change-Id: I4eb715afdc3dbb857340839f08ce86612aa7f117
Reviewed-on: https://cl.tvl.fyi/c/depot/+/12805
Reviewed-by: flokli <flokli@flokli.de>
Autosubmit: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
This bumps Gerrit to 3.10.0, and also introduces a new mechanism for
building it that should hopefully have some more stable hashes than the
previous bodgery.
In this world, we only cache what we explicitly want to. There are some
hooks implemented for `rules_java` and `rules_nodejs` (before version
6) that force use of local binaries; this means we can drop the use of
the FHSUserEnv and use the java and nodejs binaries provided by nixpkgs
instead.
detzip is deleted; it hasn't been used in yonks.
We also add https://gerrit-review.googlesource.com/c/gerrit/+/431977,
which bumps the SSHd version so that we can have U2F-based SSH keys.
Change-Id: Ie12a9a33bbb1e4bd96aa252580aca3b8bc4a1205
Reviewed-on: https://cl.tvl.fyi/c/depot/+/11963
Reviewed-by: lukegb <lukegb@tvl.fyi>
Autosubmit: lukegb <lukegb@tvl.fyi>
Tested-by: BuildkiteCI
Bump gerrit plugins dep hashes, and for code-owners rebase it against
master.
Change-Id: If7da0ca391b4a5c0102560ca8d52b6f5a2dfd223
Reviewed-on: https://cl.tvl.fyi/c/depot/+/9734
Autosubmit: lukegb <lukegb@tvl.fyi>
Tested-by: BuildkiteCI
Reviewed-by: lukegb <lukegb@tvl.fyi>
This should make the canon pipeline gcroot the deps tarball, making it
less likely to be garbage-collected and rebuilt unnecessarily (which
usually incurs a hash change due to impurities).
Change-Id: I92a353d0f45056fffbc016c44a1ae05a63d76849
Reviewed-on: https://cl.tvl.fyi/c/depot/+/8527
Tested-by: BuildkiteCI
Reviewed-by: flokli <flokli@flokli.de>
Autosubmit: sterni <sternenseemann@systemli.org>
* Satisfy new assert that the corresponding shell needs to be enabled
via programs.* if it is as the login shell of at least one user.
* //users/tazjin: “Address” removal of hardware.video.hidpi option.
* //3p/gerrit: update fetch sha256
Change-Id: Id0988a0ea7f393d6b7848a7104fc3526ee1177f4
Reviewed-on: https://cl.tvl.fyi/c/depot/+/8407
Autosubmit: sterni <sternenseemann@systemli.org>
Reviewed-by: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
* //3p/sources: temporarily switch to nixos-unstable-small, since it
includes:
- evans update we are interested in, allowing us to drop our evans
patches.
- awscli2 update that unbreaks //users/grfn
* //3p/overlays/tvl:
- drop evans patches
- update tdlib to 1.8.11 to make tazjin's emacs happy
- drop obsolete mullvad workaround
* //users/grfn/keyboard: disable -Werror for array-bounds warnings.
Seems like a non-trivial job to resolve the warning properly,
hopefully GCC 12 still generates the same working code as GCC 11 used
to.
* //users/grfn/system/home: remove yubikey-manager-qt.
Yubico can't seem to keep that on pace with yubikey-manager. It
requires a <5 version of the latter which is incompatible with the
recently released cryptography >= 39.
* //3p/gerrit: update changed FOD hash for the fetch step
Change-Id: I590ab996247e69b0ab5059cd173840ef4ebfe939
Reviewed-on: https://cl.tvl.fyi/c/depot/+/8133
Tested-by: BuildkiteCI
Reviewed-by: flokli <flokli@flokli.de>
Reviewed-by: tazjin <tazjin@tvl.su>
Autosubmit: sterni <sternenseemann@systemli.org>
Reviewed-by: grfn <grfn@gws.fyi>
* //3p/gerrit: prevent python2 from crashing evaluating due to
upstream now officially considering it insecure after being EOL
for 3 years.
Overriding the meta set has the benefit that we do not need to
whitelist the package globally, forcing us to opt in everywhere
the dependency is acceptable.
* //3p/overlays: bump tdlib so tazjin's emacs can build
Change-Id: I50df82d35d56b0dd44b5f687e2dcb101db79738d
Reviewed-on: https://cl.tvl.fyi/c/depot/+/7809
Autosubmit: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
Reviewed-by: tazjin <tazjin@tvl.su>
* //3p/nixpkgs: allow insecure qtwebkit, since a package
in grfn's home depends on it. Reasoning for marking
qtwebkit as insecure is given here:
https://blogs.gnome.org/mcatanzaro/2022/11/04/stop-using-qtwebkit/
* //3p/gerrit: update nondeterministic bazel output hash
Change-Id: Ie652905969bf43abb457f6af211f771cff093dce
Reviewed-on: https://cl.tvl.fyi/c/depot/+/7353
Tested-by: BuildkiteCI
Reviewed-by: tazjin <tazjin@tvl.su>
This change cannot be deployed OOTB: you must upgrade
by 3.5.2+ first, and run copy-approvals.
Change-Id: Ia2e49da4d801a21a3db59e2d5b054eeb46d7dc79
Reviewed-on: https://cl.tvl.fyi/c/depot/+/6505
Tested-by: BuildkiteCI
Reviewed-by: tazjin <tazjin@tvl.su>
In the current config, Gerrit doesn't actually seem to realise that
avatars are not enabled (this changed in 3.4 somehow).
Either way we don't need to maintain this fix since there's an actual
upstream one now: https://gerrit-review.googlesource.com/313982
Change-Id: I7efab7b8fa5e9e38bddae86acd8d8a7852b27bb6
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3465
Tested-by: BuildkiteCI
Reviewed-by: lukegb <lukegb@tvl.fyi>
Brings us back to a stable version of Gerrit instead of a random
commit. Note that Gerrit 3.4.1 is out, but due to a bug it can not be
built publicly because it accidentally points at a private
submodule (this is being fixed upstream).
Change-Id: I0376c63a649498cef999dfa99bfccba511f2c8da
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3444
Tested-by: BuildkiteCI
Reviewed-by: lukegb <lukegb@tvl.fyi>
Writing Gerrit plugins that don't use the in-tree build system is more
convenient if the API is actually exposed in the derivation's output.
Change-Id: I3408d35498ca879576d532b005e36fde8ff2ea61
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2871
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
This reverts commit f59c6214c4.
Reason for revert: new gerrit's JS appears to not have compiled correctly; rolling back until I can figure out why
Change-Id: If16fe341aad25bef30ed7be8c6ac49cadf2a732c
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2821
Reviewed-by: lukegb <lukegb@tvl.fyi>
Tested-by: BuildkiteCI
We don't have an avatar provider at the moment, so it's wonky. I'll make
this a CL upstream as well once my work laptop has charged.
Change-Id: I79754560b2de6981508ba7e10faf6b50cb9c3f8f
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2266
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
I don't know what I was smoking.
Change-Id: I650777bbbd24a1922f26967fbbd7da06d14b6781
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1514
Tested-by: BuildkiteCI
Reviewed-by: glittershark <grfn@gws.fyi>
This looks particularly obnoxious for the owners plugin, because it's
actually two plugins with a common library in the same repo. Other
plugins are much cleaner to deal with (hence the default for
overlayPluginCmd).
Change-Id: Ibb9588c8a29b63e8509436fcbb70054e89349712
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1461
Tested-by: BuildkiteCI
Reviewed-by: glittershark <grfn@gws.fyi>
Firefox doesn't implement the IE6 fromElement/toElement, and it's
not in the MouseEvent spec (at the moment).
Replace with the worse-named but better-specified target and
relatedTarget attributes instead.
Upstream change: https://gerrit-review.googlesource.com/q/I9eeb26c032a38de9d7185749373c7982c796acb2
Change-Id: I9f9a1eb9342bc80b91b5b364a04cc5fa9a7ccaeb
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1442
Tested-by: BuildkiteCI
Reviewed-by: glittershark <grfn@gws.fyi>
This is the version currently (2020-07-25) deployed on https://gerrit-review.googlesource.com/,
and includes features such as The Attention Set.
Change-Id: Idf29f96c38d7737efb0d64c4cd294dab46fe5412
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1437
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
This also incidentally includes a fix for _not_ loading fonts from
Google Fonts, but I don't really care about that.
Change-Id: I6e00791d0ba06cb1e3c029e1b8617c33000d2ab1
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1041
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
At present, we don't return HTML titles if there's a trailing slash,
or a patchset. Instead, just consume the / and anything after it.
This also fixes /123, because this is HTTP redirected to the full path
*with a trailing slash* which otherwise wouldn't get the title
injected.
Change-Id: Idfd0e67752880a37dce0b400a3c1cfc53fac2912
Reviewed-on: https://cl.tvl.fyi/c/depot/+/859
Reviewed-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
Tested-by: BuildkiteCI
Without these changes, the NixOS module isn't able to use the new
Gerrit derivation.
These changes are already deployed as I needed to make them to get
Gerrit back up.
Change-Id: Iad3aa6158789a014134fddccd40b508b81486100
Reviewed-on: https://cl.tvl.fyi/c/depot/+/301
Reviewed-by: lukegb <lukegb@tvl.fyi>
This adds support for overriding the detected languages based on the
filename - we assume here that rules.pl will always map to a Prolog
file.
I could've overridden the entire default language to Prolog, since it's
unlikely that we'll have any Perl here, but given the relative
popularity of the two languages I opted to just override the file we
know we'll have (because it's used by Gerrit itself).
https://usercontent.irccloud-cdn.com/file/yhZZx1nd/highlighted_prolog.png
Change-Id: I26a7e6dab191e0b80a027b026f884020a1f07178
Reviewed-on: https://cl.tvl.fyi/c/depot/+/254
Reviewed-by: tazjin <mail@tazj.in>
highlight.js supports syntax highlighting .nix files, but the Gerrit
diff components doesn't map the .nix mimetype onto the nix language.
.nix appears to already be taken by another mimetype that isn't
Nix-related, but we just map that onto nix anyway.
https://usercontent.irccloud-cdn.com/file/AVhoPvrb/highlighted.png
Change-Id: I842b29c78355e5bec580e711e25d693284ab6f59
Reviewed-on: https://cl.tvl.fyi/c/depot/+/253
Reviewed-by: tazjin <mail@tazj.in>
Reviewed-by: q3k <q3k@q3k.org>
This uses the actual Bazel build, using a variety of tricks and hacks to
make it actually work.
Bazel really wants to download linux binaries from the internet and run
them. In lieu of trying to fix the build system to not do this, we
instead put bazel inside an FHS environment, which allows the binaries
to find their dependencies.
We also have to patch a few things:
* We use build --nobuild instead of fetch, so we only fetch the
dependencies we actually need for the build and not, say, Windows
binaries.
* We don't remove rules_cc, because we need it as an external
dependency, not bundled.
* We do some manual fixes on the cache before packing, because we need
to remove some in-tree sources (so they don't cause the hash to break,
since the hashes differ each time they're generated), and also remove
some extraneous files.
* We explicitly turn off the repository and disk caches, because the
.bazelrc at the root of the Gerrit tree turns them on, with paths
pointing into the user's home directory.
* detzip is used instead of the zip binary for packing bower_components
into an archive. detzip doesn't create entries for directories, and
also doesn't store most metadata (timestamps, etc.), and uses store
(i.e. uncompressed) compression only. It also sorts the file tree
before writing them into the file.
Change-Id: I572c43f7175067ecb1b85cdf40dda13a52de1439
Reviewed-on: https://cl.tvl.fyi/c/depot/+/252
Reviewed-by: tazjin <mail@tazj.in>
detzip will be used in a patch for the Gerrit bower repository helper, which allows
us to get consistent hashes for the output of fetching the dependencies for the
Bazel build.
Change-Id: I6c87b19815b9d747064108aecbb57ed875d2623b
Reviewed-on: https://cl.tvl.fyi/c/depot/+/251
Reviewed-by: lukegb <lukegb@tvl.fyi>