[Nix-dev] Status: Transparent Security Updates

Nicolas Pierron nicolas.b.pierron at gmail.com
Sun Mar 27 18:42:55 CEST 2016


Hi all,

This is email is an update on the status of the transparent security
update feature:

 - #14000 (#9400) landed again.  This change improves the ways Nixpkgs
is written.  One of the major visible changes, is that
`all-packages.nix` is now properly indented :) .  Also, Nixpkgs is now
written as a single fix-point with multiple extends function.

    The reason this changes were blocking #10851, was mainly because
#10851 requires Nixpkgs to behave as a single and pure function.

    Please, join me to thanks all the persons who helped by reviewing
these changes:
      * Mathnerd314
      * aszlig
      * John Ericson
      * Peter Simons
      * Shea Levy
      * Vladimír Čunát
      * zimbatm

 - #10851 is now rebased, with none of the package fixes. The
description of the pull request now explicit the motivations, goals
and approach taken in the pull request.  This pull request should be
complete, and ready for review tomorrow.

   The reason I stripped all the changes related to the package fixes,
is that they can be done in parallel.  Thus, I think it is better to
avoid adding extra review complexity for the reviewers, and first get
the infrastructure in place.

What to expect next:

The static analysis, added as part of #10851, would be addressed.
This static analysis currently reports more than 20k issues.  Most of
the remaining work would be to minimize the numbers of issues reported
by the static analysis.

Most of them are common issues related to the lookup of the functions
used to build the packages.  Fixing those issues would remove a large
chunk of these ~20k.

Aliasing of packages is currently the source of 2120 issues, while
running `nix-env -f ./. -qaP --drv-path`.  This is caused by the fact
that packages are aliasing each others by using the `pkgs` argument
instead of using `self`, or instead of being moved in `aliases.nix`.

Cheers,

#14000 https://github.com/NixOS/nixpkgs/pull/14000
#9400 https://github.com/NixOS/nixpkgs/pull/9400
#10851 https://github.com/NixOS/nixpkgs/pull/10851

-- 
Nicolas Pierron
http://www.linkedin.com/in/nicolasbpierron - http://nbp.name/


More information about the nix-dev mailing list