Init grist core at 1.3.2 #376176
Init grist core at 1.3.2 #376176
Conversation
github-actions
bot
added
6.topic: python
6.topic: nixos
|
@bendlas and @soyouzpanda this is based on a lot of your work, so let me know if this is an issue for you. I've added myself as a maintainer to the package and module; if you would like to be added as maintainers, please let me know as well. |
NixOSInfra
added
the
12. first-time contribution
Scandiravian
force-pushed
the
init-grist-core
branch
3 times, most recently
from
f0923d1 to
1cff416
Compare
|
|
|
@soyouzpanda I'm not sure I follow - could you explain what you mean by this? 😕 |
I do not want my work to be used in an open source project that collaborates with weapon makers and fascists, that's all. |
@soyouzpanda I hear what you're saying. I don't want to get into a big discussion, but suffice to say that I understand your point of view and where you're coming from. I can remove the commits that I cherry-picked from your PR and rewrite those parts myself. I can't guarantee that it won't be somewhat similar to the work you made, since there's a limited number of ways to configure things in Nix, but it will remove your association from the history. Would that be acceptable to you? |
|
Sorry, I don't really know what's going on and I also don't really feel like playing catch-up, so let me just write down what I'm taking from this and where I'm at: I'm assuming that Scandiravian or their project has a known association with Anduril and the MIC, either way they don't seem to deny it. I am feeling blindsided by them not being up-front about it, because at this point, their controversial status within the community cannot be considered suprising. For this reason, I'll disengage from this conversation and rescind my earlier offer of helping shepherd their work. Please let me know if I've got anything wrong in my assessment. thanks |
@bendlas I completely understand your position, but to clear things up, I don't have any affiliation with Anduril, nor any other company related to the MIC, in any capacity. I never have and I never will, as it would be irreconcilable with my personal values. The organisation I'm working for is a public institution that works to improve treatment for patients across the EU. I think @soyouzpanda is uncomfortable contributing to nixpkgs as a whole, not due to anything related to me. I want to respect their position and accommodate it in a way that works for them, which is why I chose to keep the focus on how to resolve the issues they have with their work being contributed to nixpkgs. |
|
@Scandiravian thank you very much for that clarification! In this case, I'd like to ask your forgiveness for the misunderstanding and to re-offer my help. I'll have a closer look at this PR, next week. |
|
As for soyouzpanda's contributions: It's probably best to remove their commits entirely, in order to respect their protest. I agree that it wouldn't be reasonable for them to expect zero overlap in solution space, and I feel if that was their goal they might have deleted their PR - lets just be as clean-room as possible, given that we've already looked at their commits. cc @NixOS/moderation, just to make sure we're getting this right |
There's nothing to forgive. This is a sensitive topic and I understand there are strong feelings involved. Your help would be greatly appreciated! I made some changes to the systemd unit that I forgot to push before finishing work yesterday. I got to a point where the module works with sandboxing disabled, but there's still some issues when it's turned on. I'll push my work when I get to the office on Monday.
That sounds reasonable; until there's input from soyouzpanda on a solution that would work for them, I think it's the best we can do given the circumstances. I'll sort out the history on Monday. |
h7x4
added
8.has: module (new)
Scandiravian
force-pushed
the
init-grist-core
branch
5 times, most recently
from
8200fca to
d52fb68
Compare
needed for grist-core
Scandiravian
force-pushed
the
init-grist-core
branch
from
d52fb68 to
75e3ea5
Compare
|
I've updated the history and pushed my local changes. The module should work as long as It's something that could be fixed upstream by rewriting I'll spend some more time on this issue later this week (probably Wednesday). I'm also confused about the failing CI check regarding the docs - If someone understands why this is failing, please let me know 😅 |
Scandiravian
force-pushed
the
init-grist-core
branch
from
75e3ea5 to
465cb53
Compare
Basic smoketest for the gVisor sandboxing. Signed-off-by: Raito Bezarius <[email protected]>
Scandiravian
force-pushed
the
init-grist-core
branch
from
465cb53 to
b87dd96
Compare
|
I gave this a quick whirl and got up to the failure with sandboxing, that you mentioned. I added two fixes, feel free to pull into your PR: bendlas/nixpkgs@c21b41c...32ee840
EDIT probably disregard the state dir change, there are other issues with sandboxed operation in the state directory, related to user mapping and permission. I only got to there, when I ran with DynamicUsers=false |
|
The sandboxing fail: I didn't find anything so far, and I'll give this a break for now, but one useful command, that I used to get into the service context, maybe it can be helpful for you as well:
|
This is based on the work done in
#305019 and#322633. I've added some additional changes to the service and changed thebuildPhaseto bring the output size down with a few hundred MiB.Things done
nix.conf? (See Nix manual)sandbox = relaxedsandbox = truenix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage./result/bin/)Add a 👍 reaction to pull requests you find important.