New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
sequoia: 0.18.0 -> 0.19.0 #96180
sequoia: 0.18.0 -> 0.19.0 #96180
Conversation
d7bf2e9
to
4a2bdd7
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you 👍 I haven't had time to build this yet. So, only some comments about comments :)
4a2bdd7
to
bdd92c4
Compare
Result of 2 packages were built:
Otherwise, thanks for the update! Not much else to say after @puzzlewolf's review |
BTW, just out of curiosity, do you actively use this package? At the time I packaged it, I thought and I still think it's important we have it packaged in the best possible manner because GnuPG is old and annoying (Just today I ran into this) but it's not usable for my usage for a password manager.. So I just keep maintaining it for the sake of everyone else. |
I don't know if you were asking me, but I haven't had the time to invest into switching from GPG unfortunately :-/ I agree that the GPG cli is quite hard to grok, and that's in part why I think the sequoia project is important, and hence why I put myself as maintainer. I'd like to use it more, though... I've also had my share of pinentry issues with SSH x) |
substituteInPlace openpgp-ffi/Makefile \ | ||
--replace 'git grep' 'grep -R' |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Oddly, the string git grep
that is substituted here has not been in the Makefile since sequoia 0.11.0. I'd guess the problem this line solved is not there anymore?
The package from this PR builds (on my machine) even without leaveDotGit = true;
. Are there circumstances where it's needed?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Correct. But, note the (harmless?) errors you get without it at the beginning:
unpacking sources
unpacking source archive /nix/store/b7h3ypagny9sz9y50kl2a0bdvywmvf3m-sequoia
source root is sequoia
unpacking source archive /nix/store/nsijfzfig03h0vdlabdw0xlkmlf708ny-sequoia-0.19.0-vendor.tar.gz
setting SOURCE_DATE_EPOCH to timestamp 315619200 of file sequoia/tool/tests/sq-sign.rs
patching sources
Validating consistency between /build/sequoia/Cargo.lock and /build/sequoia-0.19.0-vendor.tar.gz/Cargo.lock
configuring
no configure script, doing nothing
building
build flags: SHELL=/nix/store/j206pskg2yzyla1cnfrb9kb5n5bfvjgm-bash-4.4-p23/bin/bash PREFIX=/nix/store/42wx89vypywfm2qpvwb68zkmqgcpcxsl-sequoia-0.19.0 build-release
make -Copenpgp-ffi build-release
fatal: not a git repository (or any of the parent directories): .git
make[1]: Entering directory '/build/sequoia/openpgp-ffi'
Upstream seems to be relying on this in some way. I also would like to avoid the scenario where in future releases, lacking a.git
directory will lead to errors making the build fail.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Unless it is essential for it to build I'd recommend removing leaveDotGit
: #8567
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Upstream removes the .git
directory from source distributions (dist
target in the main Makefile), and they build without that error. So, I guess we should be fine with removing .git
, too. However, I have not found out where the error line comes from 🤷
The signed source distributions are available at https://sequoia-pgp.org/dist/. I'd like to switch to those in the long run, and also verify the signatures :)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The signed source distributions are available at sequoia-pgp.org/dist. I'd like to switch to those in the long run, and also verify the signatures :)
That would be terrific indeed, but it's kind of hard to get a tarball out of these archives in a Nix expression - it seems we'd need gpg in order to verify the signature which kind of defeats the purpose of creating a new openPGP software (to get rid of gpg).
I'm switching back to fetchFromGitLab
and hopefully we won't encounter "not a git directory" build failures in the future.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Also, the distribution tarball shouldn't be different then the gitlab tarballs, as it seems according to: https://gitlab.com/sequoia-pgp/sequoia/-/blob/v0.19.0/Makefile#L119
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That's true. Now I'm really confused about the not a git repository
line. It definitely didn't show up when I ran make -Copenpgp-ffi build-release
from the source distribution.
bdd92c4
to
269c445
Compare
Format inputs with newlines for easier future diffs. Use pkg-config instead of pkgconfig. Use llvmPackages_10 - the same version used by rustc. Remove a substituteInPlace hook not doing anything since 0.11.0.
269c445
to
7179b10
Compare
This pull request has been mentioned on NixOS Discourse. There might be relevant details there: https://discourse.nixos.org/t/any-interest-in-checkings-signatures-while-building-packages/8918/9 |
The darwin builds hangs for ever... I'm merging anyway. Nag us in an issue Darwin users if you encounter issues. |
Format inputs with newlines for easier future diffs.
Use pkg-config instead of pkgconfig.
Use llvmPackages_10 - the same version used by rustc.
Use fetchgit instead of fetchFromGitLab since the first can
leaveDotGit
.Remove some part of hooks not needed thanks to fetchgit now used.
Motivation for this change
Things done
sandbox
innix.conf
on non-NixOS linux)nix-shell -p nixpkgs-review --run "nixpkgs-review wip"
./result/bin/
)nix path-info -S
before and after)