The nixpkgs manual contains references to both sri hash and explicit
sha256 attributes. This is at best confusing to new users. Since the
final destination is exclusive use of sri hashes, see nixos/rfcs#131,
might as well push new users in that direction gently.
Notable exceptions to sri hash support are builtins.fetchTarball,
cataclysm-dda, coq, dockerTools.pullimage, elixir.override, and
fetchCrate. None, other than builtins.fetchTarball, are fundamentally
incompatible, but all currently accept explicit sha256 attributes as
input. Because adding backwards compatibility is out of scope for this
change, they have been left intact, but migration to sri format has been
made for any using old hash formats.
All hashes have been manually tested to be accurate, and updates were
only made for missing upstream artefacts or bugs.
https://github.com/NixOS/nixpkgs/pull/89885 ensures that fetches are
done securely (i.e. without `--insecure`) when the `hash` parameter is one of
the four special "fake" hashes. However the manual was not updated in that PR.
This commit updates the manual to account for the already-merged changes from
that PR.
Co-authored-by: Valentin Gagarin <valentin.gagarin@tweag.io>
Allows restricting patches to a specific subdirectory, à la
`git diff --relative=subdir`.
This cannot be done (cleanly) currently because the `includes` logic
happens *after* `stripLen` is applied, so we can't match on `subdir/*`.
This change adds a `relative` argument that makes this possible by
filtering files before doing any processing, and setting `stripLen` and
`extraPrefix` accordingly.
The current doc is wildly out of touch with reality. A regex search shows
the following stats.
```
Style example Frequency Regex used
nix-2-5: 8 [a-zA-Z]-[0-9]+(-[0-9]+)+ =
nix-2_5: 17 [a-zA-Z]-[0-9]+(_[0-9]+)+ =
nix_2_5: 689 [a-zA-Z]_[0-9]+(_[0-9]+)+ =
nix_2-5: 1 [a-zA-Z]_[0-9]+(-[0-9]+)+ =
```
3s is too small a margin for a loaded slow system to start a bloated
program.
This leads to problems when tests are written on decent dev hardware
but later run on build farms of potentially slower hardware,
particularly in the case of non x86.
The chance of needing the timeout is actually very small, so those
rare 57s are a reasonable price to pay for fewer timeouts on build
farms, each of which should be investigated and usually fixed by
increasing the timeout.
We are still using Pandoc’s Markdown parser, which differs from CommonMark spec slightly.
Notably:
- Line breaks in lists behave differently.
- Admonitions do not support the simpler syntax https://github.com/jgm/commonmark-hs/issues/75
- The auto_identifiers uses a different algorithm – I made the previous ones explicit.
- Languages (classes) of code blocks cannot contain whitespace so we have to use “pycon” alias instead of Python “console” as GitHub’s linguist
While at it, I also fixed the following issues:
- ShellSesssion was used
- Removed some pointless docbook tags.
The patch utility does not understand git formatted patches.
For text files, there is no problem, but binary files use the
git format.
The -a param makes git diff put binary files into the patch in
raw format that can be understood by the patch tool.
