profile
viewpoint
Lily Ballard lilyball Twitch San Francisco, CA https://blog.eridi.us iOS Developer at Twitch. Open source contributor. Programming language aficionado. She/her.

apple/swift 53960

The Swift Programming Language

apple/swift-evolution 11559

This maintains proposals for changes and user-visible enhancements to the Swift Programming Language.

apple/swift-package-manager 8009

The Package Manager for the Swift Programming Language

apple/swift-corelibs-foundation 4037

The Foundation Project, providing core utilities, internationalization, and OS independence

apple/swift-corelibs-libdispatch 1898

The libdispatch Project, (a.k.a. Grand Central Dispatch), for concurrency on multicore hardware

apple/swift-corelibs-xctest 862

The XCTest Project, A Swift core library for providing unit test support

apple/swift-llbuild 798

A low-level build system, used by Xcode and the Swift Package Manager

apple/swift-lldb 645

This is the version of LLDB that supports the Swift programming language & REPL.

issue openedsilverhammermba/plist2junit

Support skipped tests

Xcode now has support for skipping tests, it would be great to see this tool support those as neither xcpretty nor trainer currently do.

created time in 2 hours

Pull request review commentNixOS/nix

darwin: encrypt nix volume if filevault is enabled

 main() {     fi      disk="$(root_disk_identifier)"-    volume=$(find_nix_volume "$disk")+    volume=$(find_nix_volume "$disk") # existing volname starting w/ "nix"?     if [ -z "$volume" ]; then-        echo "Creating a Nix Store volume..." >&2+        volume="Nix Volume"    # otherwise use default+        create_volume=1+    fi+    # fstab used to be responsible for mounting the volume. Now the last+    # step adds a LaunchDaemon responsible for mounting. This is technically+    # redundant for mounting, but diskutil appears to pick up mount options+    # from fstab (and diskutil's support for specifying them directly is not+    # consistent across versions/subcommands), enabling us to specify mount+    # options by *label*.+    #+    # Being able to do all of this by label is helpful because it's a stable+    # identifier that we can know at code-time, letting us skirt some logistic+    # complexity that comes with doing this by UUID (which is stable, but not+    # known ahead of time) or special device name/path (which is not stable).+    if ! test_fstab; then+        echo "Configuring /etc/fstab..." >&2+        label=$(echo "$volume" | sed 's/ /\\040/g')+        # shellcheck disable=SC2209+        printf "\$a\nLABEL=%s /nix apfs rw,nobrowse\n.\nwq\n" "$label" | EDITOR=ed sudo vifs+    fi -        if test_filevault_in_use; then-            # TODO: Not sure if it's in-scope now, but `diskutil apfs list`-            # shows both filevault and encrypted at rest status, and it-            # may be the more semantic way to test for this? It'll show-            # `FileVault:                 No (Encrypted at rest)`-            # `FileVault:                 No`-            # `FileVault:                 Yes (Unlocked)`-            # and so on.-            if test_t2_chip_present; then-                echo "warning: boot volume is FileVault-encrypted, but the Nix store volume" >&2-                echo "         is only encrypted at rest." >&2-                echo "         See https://nixos.org/nix/manual/#sect-macos-installation" >&2-            else-                echo "error: refusing to create Nix store volume because the boot volume is" >&2-                echo "       FileVault encrypted, but encryption-at-rest is not available." >&2-                echo "       Manually create a volume for the store and re-run this script." >&2-                echo "       See https://nixos.org/nix/manual/#sect-macos-installation" >&2-                exit 1-            fi+    if [ -n "$create_volume" ]; then+        echo "Creating a Nix volume..." >&2++        sudo diskutil apfs addVolume "$disk" "$NIX_VOLUME_FS" "$volume" -mountpoint /nix+        new_uuid="$(volume_uuid "$volume")"++        if [ "$INSTALL_MODE" = "no-daemon" ]; then # exported by caller+            # TODO: is there a better way to do this?+            sudo chown $USER:admin /nix         fi -        sudo diskutil apfs addVolume "$disk" APFS 'Nix Store' -mountpoint /nix-        volume="Nix Store"+        if test_filevault_in_use; then+            # security program's flags won't let us both specify a keychain+            # and be prompted for a pw to add; two step workaround:+            # 1. add a blank pw to system keychain++            # system is in some sense less secure than user keychain... (it's+            # possible to read the password for decrypting the keychain) but+            # the user keychain appears to be available too late. As far as I+            # can tell, the file with this password (/var/db/SystemKey) is+            # inside the FileVault envelope. If that isn't true, it may make+            # sense to store the password inside the envelope?+            sudo /usr/bin/security add-generic-password -a "$volume" -s "$new_uuid" -D "$volume encryption password" -j "Added automatically by the Nix installer for use by /Library/LaunchDaemons/org.nixos.darwin-store.plist" "/Library/Keychains/System.keychain"+            # TODO: decide if we should add `-T /System/Library/CoreServices/APFSUserAgent`+            # This should let the system seamlessly supply the password for this volume+            # which in turn means the fstab entry is enough for the system to (eventually)+            # decrypt and mount the volume we're adding, but I hesitate because I'm not+            # certain the system _should_ transparently failover if the LaunchDaemon is+            # broken for some reason? Without supplying this flag, the system will instead+            # start prompting them to allow APFSUserAgent to access this credential.++            # 2. add a password with the -U (update) flag and -w (prompt if last)+            #    flags, but specify no keychain; security will use the first it finds+            prepare_darwin_volume_password "$volume" "$new_uuid" | sudo diskutil apfs encryptVolume "$volume" -user disk -stdinpassphrase+        fi     else         echo "Using existing '$volume' volume" >&2     fi -    if ! test_fstab; then-        echo "Configuring /etc/fstab..." >&2-        label=$(echo "$volume" | sed 's/ /\\040/g')-        # shellcheck disable=SC2209-        printf "\$a\nLABEL=%s /nix apfs rw,nobrowse\n.\nwq\n" "$label" | EDITOR=ed sudo vifs+    if ! test_voldaemon; then+        echo "Configuring LaunchDaemon to mount '$volume'..." >&2+        generate_mount_daemon | sudo tee /Library/LaunchDaemons/org.nixos.darwin-store.plist >/dev/null

I'm inclined to say if we detect that the plist already exists, we should unload it (sudo launchctl bootout system/org.nixos.darwin-store, note that this may return a non-zero exit code if the process is currently running but it will boot it out anyway according to my own experience), delete it, and then recreate it. This way we can be sure to embed the correct info.

Or at least, we should do this if create_volume is set. If it's not set, then we're re-using an existing volume and presumably the existing plist (if there is one) is therefore still valid.

abathur

comment created time in 5 hours

Pull request review commentNixOS/nix

darwin: encrypt nix volume if filevault is enabled

 main() {     fi      disk="$(root_disk_identifier)"-    volume=$(find_nix_volume "$disk")+    volume=$(find_nix_volume "$disk") # existing volname starting w/ "nix"?     if [ -z "$volume" ]; then-        echo "Creating a Nix Store volume..." >&2+        volume="Nix Volume"    # otherwise use default+        create_volume=1+    fi+    # fstab used to be responsible for mounting the volume. Now the last+    # step adds a LaunchDaemon responsible for mounting. This is technically+    # redundant for mounting, but diskutil appears to pick up mount options+    # from fstab (and diskutil's support for specifying them directly is not+    # consistent across versions/subcommands), enabling us to specify mount+    # options by *label*.+    #+    # Being able to do all of this by label is helpful because it's a stable+    # identifier that we can know at code-time, letting us skirt some logistic+    # complexity that comes with doing this by UUID (which is stable, but not+    # known ahead of time) or special device name/path (which is not stable).+    if ! test_fstab; then+        echo "Configuring /etc/fstab..." >&2+        label=$(echo "$volume" | sed 's/ /\\040/g')+        # shellcheck disable=SC2209+        printf "\$a\nLABEL=%s /nix apfs rw,nobrowse\n.\nwq\n" "$label" | EDITOR=ed sudo vifs+    fi -        if test_filevault_in_use; then-            # TODO: Not sure if it's in-scope now, but `diskutil apfs list`-            # shows both filevault and encrypted at rest status, and it-            # may be the more semantic way to test for this? It'll show-            # `FileVault:                 No (Encrypted at rest)`-            # `FileVault:                 No`-            # `FileVault:                 Yes (Unlocked)`-            # and so on.-            if test_t2_chip_present; then-                echo "warning: boot volume is FileVault-encrypted, but the Nix store volume" >&2-                echo "         is only encrypted at rest." >&2-                echo "         See https://nixos.org/nix/manual/#sect-macos-installation" >&2-            else-                echo "error: refusing to create Nix store volume because the boot volume is" >&2-                echo "       FileVault encrypted, but encryption-at-rest is not available." >&2-                echo "       Manually create a volume for the store and re-run this script." >&2-                echo "       See https://nixos.org/nix/manual/#sect-macos-installation" >&2-                exit 1-            fi+    if [ -n "$create_volume" ]; then+        echo "Creating a Nix volume..." >&2++        sudo diskutil apfs addVolume "$disk" "$NIX_VOLUME_FS" "$volume" -mountpoint /nix+        new_uuid="$(volume_uuid "$volume")"++        if [ "$INSTALL_MODE" = "no-daemon" ]; then # exported by caller+            # TODO: is there a better way to do this?+            sudo chown $USER:admin /nix         fi -        sudo diskutil apfs addVolume "$disk" APFS 'Nix Store' -mountpoint /nix-        volume="Nix Store"+        if test_filevault_in_use; then+            # security program's flags won't let us both specify a keychain+            # and be prompted for a pw to add; two step workaround:+            # 1. add a blank pw to system keychain++            # system is in some sense less secure than user keychain... (it's+            # possible to read the password for decrypting the keychain) but+            # the user keychain appears to be available too late. As far as I+            # can tell, the file with this password (/var/db/SystemKey) is+            # inside the FileVault envelope. If that isn't true, it may make+            # sense to store the password inside the envelope?+            sudo /usr/bin/security add-generic-password -a "$volume" -s "$new_uuid" -D "$volume encryption password" -j "Added automatically by the Nix installer for use by /Library/LaunchDaemons/org.nixos.darwin-store.plist" "/Library/Keychains/System.keychain"+            # TODO: decide if we should add `-T /System/Library/CoreServices/APFSUserAgent`+            # This should let the system seamlessly supply the password for this volume+            # which in turn means the fstab entry is enough for the system to (eventually)+            # decrypt and mount the volume we're adding, but I hesitate because I'm not+            # certain the system _should_ transparently failover if the LaunchDaemon is+            # broken for some reason? Without supplying this flag, the system will instead+            # start prompting them to allow APFSUserAgent to access this credential.++            # 2. add a password with the -U (update) flag and -w (prompt if last)+            #    flags, but specify no keychain; security will use the first it finds+            prepare_darwin_volume_password "$volume" "$new_uuid" | sudo diskutil apfs encryptVolume "$volume" -user disk -stdinpassphrase

Also if we end up keeping the two-step setup we should probably move the first step into prepare_darwin_volume_password, it's already responsible for updating the keychain item so it'll be cleaner if we can remove its assumption that the keychain item already exists.

abathur

comment created time in 5 hours

Pull request review commentNixOS/nix

darwin: encrypt nix volume if filevault is enabled

 while [ $# -gt 0 ]; do         --no-modify-profile)             NIX_INSTALLER_NO_MODIFY_PROFILE=1;;         --darwin-use-unencrypted-nix-store-volume)-            CREATE_DARWIN_VOLUME=1;;+            (+                echo "Warning: the flag --darwin-use-unencrypted-nix-store-volume"+                echo "         is no longer needed and will be removed in the future."+                echo ""+            ) >&2;;

The subshell can be replaced with a braced list instead.

            {
                echo "Warning: the flag --darwin-use-unencrypted-nix-store-volume"
                echo "         is no longer needed and will be removed in the future."
                echo ""
            } >&2;;

Though looking at the subsequent lines we're using subshells unnecessarily there too.

abathur

comment created time in 4 hours

Pull request review commentNixOS/nix

darwin: encrypt nix volume if filevault is enabled

 suggest_report_error(){     echo "       please report this @ https://github.com/nixos/nix/issues" >&2 } +generate_mount_command(){+    if test_filevault_in_use; then+        printf "    <string>%s</string>\n" /bin/sh -c '/usr/bin/security find-generic-password -a "Nix Volume" -w | /usr/sbin/diskutil apfs unlockVolume "Nix Volume" -mountpoint /nix -stdinpassphrase'+    else+        printf "    <string>%s</string>\n" /usr/sbin/diskutil mount -mountPoint /nix "Nix Volume"

Heck, for that matter we should probably embed the service too, so that way if I delete the volume and clean up everything except for my keychain password, when it creates a brand new password this won't accidentally read the old one.

abathur

comment created time in 5 hours

Pull request review commentNixOS/nix

darwin: encrypt nix volume if filevault is enabled

 main() {     fi      disk="$(root_disk_identifier)"-    volume=$(find_nix_volume "$disk")+    volume=$(find_nix_volume "$disk") # existing volname starting w/ "nix"?     if [ -z "$volume" ]; then-        echo "Creating a Nix Store volume..." >&2+        volume="Nix Volume"    # otherwise use default+        create_volume=1+    fi+    # fstab used to be responsible for mounting the volume. Now the last+    # step adds a LaunchDaemon responsible for mounting. This is technically+    # redundant for mounting, but diskutil appears to pick up mount options+    # from fstab (and diskutil's support for specifying them directly is not+    # consistent across versions/subcommands), enabling us to specify mount+    # options by *label*.+    #+    # Being able to do all of this by label is helpful because it's a stable+    # identifier that we can know at code-time, letting us skirt some logistic+    # complexity that comes with doing this by UUID (which is stable, but not+    # known ahead of time) or special device name/path (which is not stable).+    if ! test_fstab; then+        echo "Configuring /etc/fstab..." >&2+        label=$(echo "$volume" | sed 's/ /\\040/g')+        # shellcheck disable=SC2209+        printf "\$a\nLABEL=%s /nix apfs rw,nobrowse\n.\nwq\n" "$label" | EDITOR=ed sudo vifs+    fi -        if test_filevault_in_use; then-            # TODO: Not sure if it's in-scope now, but `diskutil apfs list`-            # shows both filevault and encrypted at rest status, and it-            # may be the more semantic way to test for this? It'll show-            # `FileVault:                 No (Encrypted at rest)`-            # `FileVault:                 No`-            # `FileVault:                 Yes (Unlocked)`-            # and so on.-            if test_t2_chip_present; then-                echo "warning: boot volume is FileVault-encrypted, but the Nix store volume" >&2-                echo "         is only encrypted at rest." >&2-                echo "         See https://nixos.org/nix/manual/#sect-macos-installation" >&2-            else-                echo "error: refusing to create Nix store volume because the boot volume is" >&2-                echo "       FileVault encrypted, but encryption-at-rest is not available." >&2-                echo "       Manually create a volume for the store and re-run this script." >&2-                echo "       See https://nixos.org/nix/manual/#sect-macos-installation" >&2-                exit 1-            fi+    if [ -n "$create_volume" ]; then+        echo "Creating a Nix volume..." >&2++        sudo diskutil apfs addVolume "$disk" "$NIX_VOLUME_FS" "$volume" -mountpoint /nix+        new_uuid="$(volume_uuid "$volume")"++        if [ "$INSTALL_MODE" = "no-daemon" ]; then # exported by caller+            # TODO: is there a better way to do this?+            sudo chown $USER:admin /nix         fi -        sudo diskutil apfs addVolume "$disk" APFS 'Nix Store' -mountpoint /nix-        volume="Nix Store"+        if test_filevault_in_use; then+            # security program's flags won't let us both specify a keychain+            # and be prompted for a pw to add; two step workaround:+            # 1. add a blank pw to system keychain++            # system is in some sense less secure than user keychain... (it's+            # possible to read the password for decrypting the keychain) but+            # the user keychain appears to be available too late. As far as I+            # can tell, the file with this password (/var/db/SystemKey) is+            # inside the FileVault envelope. If that isn't true, it may make+            # sense to store the password inside the envelope?+            sudo /usr/bin/security add-generic-password -a "$volume" -s "$new_uuid" -D "$volume encryption password" -j "Added automatically by the Nix installer for use by /Library/LaunchDaemons/org.nixos.darwin-store.plist" "/Library/Keychains/System.keychain"+            # TODO: decide if we should add `-T /System/Library/CoreServices/APFSUserAgent`+            # This should let the system seamlessly supply the password for this volume+            # which in turn means the fstab entry is enough for the system to (eventually)+            # decrypt and mount the volume we're adding, but I hesitate because I'm not+            # certain the system _should_ transparently failover if the LaunchDaemon is+            # broken for some reason? Without supplying this flag, the system will instead+            # start prompting them to allow APFSUserAgent to access this credential.++            # 2. add a password with the -U (update) flag and -w (prompt if last)+            #    flags, but specify no keychain; security will use the first it finds+            prepare_darwin_volume_password "$volume" "$new_uuid" | sudo diskutil apfs encryptVolume "$volume" -user disk -stdinpassphrase+        fi     else         echo "Using existing '$volume' volume" >&2     fi -    if ! test_fstab; then-        echo "Configuring /etc/fstab..." >&2-        label=$(echo "$volume" | sed 's/ /\\040/g')-        # shellcheck disable=SC2209-        printf "\$a\nLABEL=%s /nix apfs rw,nobrowse\n.\nwq\n" "$label" | EDITOR=ed sudo vifs+    if ! test_voldaemon; then+        echo "Configuring LaunchDaemon to mount '$volume'..." >&2+        generate_mount_daemon | sudo tee /Library/LaunchDaemons/org.nixos.darwin-store.plist >/dev/null

We need to check if the volume is encrypted first. If this is using a pre-existing unencrypted Nix volume, then the LaunchDaemon is superfluous (and the keychain entry won't exist).

For that matter, if it's using a pre-existing Nix volume at all, then there's no guarantee about the keychain entry's status. We should probably actually just skip this if we're not creating the volume. Anyone who creates their own volume is then on the hook for managing its mounting, and we can print a warning to this effect in the "Using existing volume" path.

abathur

comment created time in 4 hours

Pull request review commentNixOS/nix

darwin: encrypt nix volume if filevault is enabled

 main() {     fi      disk="$(root_disk_identifier)"-    volume=$(find_nix_volume "$disk")+    volume=$(find_nix_volume "$disk") # existing volname starting w/ "nix"?     if [ -z "$volume" ]; then-        echo "Creating a Nix Store volume..." >&2+        volume="Nix Volume"    # otherwise use default+        create_volume=1+    fi+    # fstab used to be responsible for mounting the volume. Now the last+    # step adds a LaunchDaemon responsible for mounting. This is technically+    # redundant for mounting, but diskutil appears to pick up mount options+    # from fstab (and diskutil's support for specifying them directly is not+    # consistent across versions/subcommands), enabling us to specify mount+    # options by *label*.+    #+    # Being able to do all of this by label is helpful because it's a stable+    # identifier that we can know at code-time, letting us skirt some logistic+    # complexity that comes with doing this by UUID (which is stable, but not+    # known ahead of time) or special device name/path (which is not stable).+    if ! test_fstab; then+        echo "Configuring /etc/fstab..." >&2+        label=$(echo "$volume" | sed 's/ /\\040/g')+        # shellcheck disable=SC2209+        printf "\$a\nLABEL=%s /nix apfs rw,nobrowse\n.\nwq\n" "$label" | EDITOR=ed sudo vifs+    fi -        if test_filevault_in_use; then-            # TODO: Not sure if it's in-scope now, but `diskutil apfs list`-            # shows both filevault and encrypted at rest status, and it-            # may be the more semantic way to test for this? It'll show-            # `FileVault:                 No (Encrypted at rest)`-            # `FileVault:                 No`-            # `FileVault:                 Yes (Unlocked)`-            # and so on.-            if test_t2_chip_present; then-                echo "warning: boot volume is FileVault-encrypted, but the Nix store volume" >&2-                echo "         is only encrypted at rest." >&2-                echo "         See https://nixos.org/nix/manual/#sect-macos-installation" >&2-            else-                echo "error: refusing to create Nix store volume because the boot volume is" >&2-                echo "       FileVault encrypted, but encryption-at-rest is not available." >&2-                echo "       Manually create a volume for the store and re-run this script." >&2-                echo "       See https://nixos.org/nix/manual/#sect-macos-installation" >&2-                exit 1-            fi+    if [ -n "$create_volume" ]; then+        echo "Creating a Nix volume..." >&2++        sudo diskutil apfs addVolume "$disk" "$NIX_VOLUME_FS" "$volume" -mountpoint /nix+        new_uuid="$(volume_uuid "$volume")"++        if [ "$INSTALL_MODE" = "no-daemon" ]; then # exported by caller+            # TODO: is there a better way to do this?+            sudo chown $USER:admin /nix         fi -        sudo diskutil apfs addVolume "$disk" APFS 'Nix Store' -mountpoint /nix-        volume="Nix Store"+        if test_filevault_in_use; then+            # security program's flags won't let us both specify a keychain+            # and be prompted for a pw to add; two step workaround:+            # 1. add a blank pw to system keychain++            # system is in some sense less secure than user keychain... (it's+            # possible to read the password for decrypting the keychain) but+            # the user keychain appears to be available too late. As far as I+            # can tell, the file with this password (/var/db/SystemKey) is+            # inside the FileVault envelope. If that isn't true, it may make+            # sense to store the password inside the envelope?+            sudo /usr/bin/security add-generic-password -a "$volume" -s "$new_uuid" -D "$volume encryption password" -j "Added automatically by the Nix installer for use by /Library/LaunchDaemons/org.nixos.darwin-store.plist" "/Library/Keychains/System.keychain"+            # TODO: decide if we should add `-T /System/Library/CoreServices/APFSUserAgent`+            # This should let the system seamlessly supply the password for this volume+            # which in turn means the fstab entry is enough for the system to (eventually)+            # decrypt and mount the volume we're adding, but I hesitate because I'm not+            # certain the system _should_ transparently failover if the LaunchDaemon is+            # broken for some reason? Without supplying this flag, the system will instead+            # start prompting them to allow APFSUserAgent to access this credential.++            # 2. add a password with the -U (update) flag and -w (prompt if last)+            #    flags, but specify no keychain; security will use the first it finds+            prepare_darwin_volume_password "$volume" "$new_uuid" | sudo diskutil apfs encryptVolume "$volume" -user disk -stdinpassphrase+        fi     else         echo "Using existing '$volume' volume" >&2     fi -    if ! test_fstab; then-        echo "Configuring /etc/fstab..." >&2-        label=$(echo "$volume" | sed 's/ /\\040/g')-        # shellcheck disable=SC2209-        printf "\$a\nLABEL=%s /nix apfs rw,nobrowse\n.\nwq\n" "$label" | EDITOR=ed sudo vifs+    if ! test_voldaemon; then+        echo "Configuring LaunchDaemon to mount '$volume'..." >&2+        generate_mount_daemon | sudo tee /Library/LaunchDaemons/org.nixos.darwin-store.plist >/dev/null++        sudo launchctl load /Library/LaunchDaemons/org.nixos.darwin-store.plist

load is a deprecated legacy command.

        sudo launchctl bootstrap system /Library/LaunchDaemons/org.nixos.darwin-store.plist
abathur

comment created time in 5 hours

Pull request review commentNixOS/nix

darwin: encrypt nix volume if filevault is enabled

 while [ $# -gt 0 ]; do         --no-modify-profile)             NIX_INSTALLER_NO_MODIFY_PROFILE=1;;         --darwin-use-unencrypted-nix-store-volume)-            CREATE_DARWIN_VOLUME=1;;+            (+                echo "Warning: the flag --darwin-use-unencrypted-nix-store-volume"+                echo "         is no longer needed and will be removed in the future."+                echo ""

It may not be necessary but I'm not sure if that means we should remove support for it.

abathur

comment created time in 5 hours

Pull request review commentNixOS/nix

darwin: encrypt nix volume if filevault is enabled

 elif [ "$(uname -s)" = "Linux" ]; then     echo "Note: a multi-user installation is possible. See https://nixos.org/nix/manual/#sect-multi-user-installation" >&2 fi -INSTALL_MODE=no-daemon-CREATE_DARWIN_VOLUME=0+export INSTALL_MODE=no-daemon+CREATE_DARWIN_VOLUME=${CREATE_DARWIN_VOLUME:-1} # now default

We can reduce name duplication using := instead

: ${CREATE_DARWIN_VOLUME:=1} # now default
abathur

comment created time in 5 hours

Pull request review commentNixOS/nix

darwin: encrypt nix volume if filevault is enabled

 main() {     fi      disk="$(root_disk_identifier)"-    volume=$(find_nix_volume "$disk")+    volume=$(find_nix_volume "$disk") # existing volname starting w/ "nix"?     if [ -z "$volume" ]; then-        echo "Creating a Nix Store volume..." >&2+        volume="Nix Volume"    # otherwise use default+        create_volume=1+    fi+    # fstab used to be responsible for mounting the volume. Now the last+    # step adds a LaunchDaemon responsible for mounting. This is technically+    # redundant for mounting, but diskutil appears to pick up mount options+    # from fstab (and diskutil's support for specifying them directly is not+    # consistent across versions/subcommands), enabling us to specify mount+    # options by *label*.+    #+    # Being able to do all of this by label is helpful because it's a stable+    # identifier that we can know at code-time, letting us skirt some logistic+    # complexity that comes with doing this by UUID (which is stable, but not+    # known ahead of time) or special device name/path (which is not stable).+    if ! test_fstab; then+        echo "Configuring /etc/fstab..." >&2+        label=$(echo "$volume" | sed 's/ /\\040/g')+        # shellcheck disable=SC2209+        printf "\$a\nLABEL=%s /nix apfs rw,nobrowse\n.\nwq\n" "$label" | EDITOR=ed sudo vifs+    fi -        if test_filevault_in_use; then-            # TODO: Not sure if it's in-scope now, but `diskutil apfs list`-            # shows both filevault and encrypted at rest status, and it-            # may be the more semantic way to test for this? It'll show-            # `FileVault:                 No (Encrypted at rest)`-            # `FileVault:                 No`-            # `FileVault:                 Yes (Unlocked)`-            # and so on.-            if test_t2_chip_present; then-                echo "warning: boot volume is FileVault-encrypted, but the Nix store volume" >&2-                echo "         is only encrypted at rest." >&2-                echo "         See https://nixos.org/nix/manual/#sect-macos-installation" >&2-            else-                echo "error: refusing to create Nix store volume because the boot volume is" >&2-                echo "       FileVault encrypted, but encryption-at-rest is not available." >&2-                echo "       Manually create a volume for the store and re-run this script." >&2-                echo "       See https://nixos.org/nix/manual/#sect-macos-installation" >&2-                exit 1-            fi+    if [ -n "$create_volume" ]; then+        echo "Creating a Nix volume..." >&2++        sudo diskutil apfs addVolume "$disk" "$NIX_VOLUME_FS" "$volume" -mountpoint /nix+        new_uuid="$(volume_uuid "$volume")"++        if [ "$INSTALL_MODE" = "no-daemon" ]; then # exported by caller+            # TODO: is there a better way to do this?+            sudo chown $USER:admin /nix         fi -        sudo diskutil apfs addVolume "$disk" APFS 'Nix Store' -mountpoint /nix-        volume="Nix Store"+        if test_filevault_in_use; then+            # security program's flags won't let us both specify a keychain+            # and be prompted for a pw to add; two step workaround:+            # 1. add a blank pw to system keychain++            # system is in some sense less secure than user keychain... (it's+            # possible to read the password for decrypting the keychain) but+            # the user keychain appears to be available too late. As far as I+            # can tell, the file with this password (/var/db/SystemKey) is+            # inside the FileVault envelope. If that isn't true, it may make+            # sense to store the password inside the envelope?+            sudo /usr/bin/security add-generic-password -a "$volume" -s "$new_uuid" -D "$volume encryption password" -j "Added automatically by the Nix installer for use by /Library/LaunchDaemons/org.nixos.darwin-store.plist" "/Library/Keychains/System.keychain"+            # TODO: decide if we should add `-T /System/Library/CoreServices/APFSUserAgent`+            # This should let the system seamlessly supply the password for this volume+            # which in turn means the fstab entry is enough for the system to (eventually)+            # decrypt and mount the volume we're adding, but I hesitate because I'm not+            # certain the system _should_ transparently failover if the LaunchDaemon is+            # broken for some reason? Without supplying this flag, the system will instead+            # start prompting them to allow APFSUserAgent to access this credential.++            # 2. add a password with the -U (update) flag and -w (prompt if last)+            #    flags, but specify no keychain; security will use the first it finds+            prepare_darwin_volume_password "$volume" "$new_uuid" | sudo diskutil apfs encryptVolume "$volume" -user disk -stdinpassphrase+        fi     else         echo "Using existing '$volume' volume" >&2     fi -    if ! test_fstab; then-        echo "Configuring /etc/fstab..." >&2-        label=$(echo "$volume" | sed 's/ /\\040/g')-        # shellcheck disable=SC2209-        printf "\$a\nLABEL=%s /nix apfs rw,nobrowse\n.\nwq\n" "$label" | EDITOR=ed sudo vifs+    if ! test_voldaemon; then+        echo "Configuring LaunchDaemon to mount '$volume'..." >&2+        generate_mount_daemon | sudo tee /Library/LaunchDaemons/org.nixos.darwin-store.plist >/dev/null

As previously mentioned, we need to pipe the volume name here so it can write the correct plist.

This does raise the worry of "what if we detect the plist already exists, but it has the wrong volume name" though.

abathur

comment created time in 5 hours

Pull request review commentNixOS/nix

darwin: encrypt nix volume if filevault is enabled

 main() {     fi      disk="$(root_disk_identifier)"-    volume=$(find_nix_volume "$disk")+    volume=$(find_nix_volume "$disk") # existing volname starting w/ "nix"?     if [ -z "$volume" ]; then-        echo "Creating a Nix Store volume..." >&2+        volume="Nix Volume"    # otherwise use default+        create_volume=1+    fi+    # fstab used to be responsible for mounting the volume. Now the last+    # step adds a LaunchDaemon responsible for mounting. This is technically+    # redundant for mounting, but diskutil appears to pick up mount options+    # from fstab (and diskutil's support for specifying them directly is not+    # consistent across versions/subcommands), enabling us to specify mount+    # options by *label*.+    #+    # Being able to do all of this by label is helpful because it's a stable+    # identifier that we can know at code-time, letting us skirt some logistic+    # complexity that comes with doing this by UUID (which is stable, but not+    # known ahead of time) or special device name/path (which is not stable).+    if ! test_fstab; then+        echo "Configuring /etc/fstab..." >&2+        label=$(echo "$volume" | sed 's/ /\\040/g')+        # shellcheck disable=SC2209+        printf "\$a\nLABEL=%s /nix apfs rw,nobrowse\n.\nwq\n" "$label" | EDITOR=ed sudo vifs+    fi -        if test_filevault_in_use; then-            # TODO: Not sure if it's in-scope now, but `diskutil apfs list`-            # shows both filevault and encrypted at rest status, and it-            # may be the more semantic way to test for this? It'll show-            # `FileVault:                 No (Encrypted at rest)`-            # `FileVault:                 No`-            # `FileVault:                 Yes (Unlocked)`-            # and so on.-            if test_t2_chip_present; then-                echo "warning: boot volume is FileVault-encrypted, but the Nix store volume" >&2-                echo "         is only encrypted at rest." >&2-                echo "         See https://nixos.org/nix/manual/#sect-macos-installation" >&2-            else-                echo "error: refusing to create Nix store volume because the boot volume is" >&2-                echo "       FileVault encrypted, but encryption-at-rest is not available." >&2-                echo "       Manually create a volume for the store and re-run this script." >&2-                echo "       See https://nixos.org/nix/manual/#sect-macos-installation" >&2-                exit 1-            fi+    if [ -n "$create_volume" ]; then+        echo "Creating a Nix volume..." >&2++        sudo diskutil apfs addVolume "$disk" "$NIX_VOLUME_FS" "$volume" -mountpoint /nix+        new_uuid="$(volume_uuid "$volume")"++        if [ "$INSTALL_MODE" = "no-daemon" ]; then # exported by caller+            # TODO: is there a better way to do this?+            sudo chown $USER:admin /nix         fi -        sudo diskutil apfs addVolume "$disk" APFS 'Nix Store' -mountpoint /nix-        volume="Nix Store"+        if test_filevault_in_use; then+            # security program's flags won't let us both specify a keychain+            # and be prompted for a pw to add; two step workaround:+            # 1. add a blank pw to system keychain++            # system is in some sense less secure than user keychain... (it's+            # possible to read the password for decrypting the keychain) but+            # the user keychain appears to be available too late. As far as I+            # can tell, the file with this password (/var/db/SystemKey) is+            # inside the FileVault envelope. If that isn't true, it may make+            # sense to store the password inside the envelope?+            sudo /usr/bin/security add-generic-password -a "$volume" -s "$new_uuid" -D "$volume encryption password" -j "Added automatically by the Nix installer for use by /Library/LaunchDaemons/org.nixos.darwin-store.plist" "/Library/Keychains/System.keychain"+            # TODO: decide if we should add `-T /System/Library/CoreServices/APFSUserAgent`+            # This should let the system seamlessly supply the password for this volume+            # which in turn means the fstab entry is enough for the system to (eventually)+            # decrypt and mount the volume we're adding, but I hesitate because I'm not+            # certain the system _should_ transparently failover if the LaunchDaemon is+            # broken for some reason? Without supplying this flag, the system will instead+            # start prompting them to allow APFSUserAgent to access this credential.++            # 2. add a password with the -U (update) flag and -w (prompt if last)+            #    flags, but specify no keychain; security will use the first it finds+            prepare_darwin_volume_password "$volume" "$new_uuid" | sudo diskutil apfs encryptVolume "$volume" -user disk -stdinpassphrase

Note that earlier when I recommended we just pass the password in the command-line arguments, that means we can get rid of this two-step keychain setup.

abathur

comment created time in 5 hours

Pull request review commentNixOS/nix

darwin: encrypt nix volume if filevault is enabled

 main() {     fi      disk="$(root_disk_identifier)"-    volume=$(find_nix_volume "$disk")+    volume=$(find_nix_volume "$disk") # existing volname starting w/ "nix"?     if [ -z "$volume" ]; then-        echo "Creating a Nix Store volume..." >&2+        volume="Nix Volume"    # otherwise use default+        create_volume=1+    fi+    # fstab used to be responsible for mounting the volume. Now the last+    # step adds a LaunchDaemon responsible for mounting. This is technically+    # redundant for mounting, but diskutil appears to pick up mount options+    # from fstab (and diskutil's support for specifying them directly is not+    # consistent across versions/subcommands), enabling us to specify mount+    # options by *label*.+    #+    # Being able to do all of this by label is helpful because it's a stable+    # identifier that we can know at code-time, letting us skirt some logistic+    # complexity that comes with doing this by UUID (which is stable, but not+    # known ahead of time) or special device name/path (which is not stable).+    if ! test_fstab; then+        echo "Configuring /etc/fstab..." >&2+        label=$(echo "$volume" | sed 's/ /\\040/g')+        # shellcheck disable=SC2209+        printf "\$a\nLABEL=%s /nix apfs rw,nobrowse\n.\nwq\n" "$label" | EDITOR=ed sudo vifs+    fi -        if test_filevault_in_use; then-            # TODO: Not sure if it's in-scope now, but `diskutil apfs list`-            # shows both filevault and encrypted at rest status, and it-            # may be the more semantic way to test for this? It'll show-            # `FileVault:                 No (Encrypted at rest)`-            # `FileVault:                 No`-            # `FileVault:                 Yes (Unlocked)`-            # and so on.-            if test_t2_chip_present; then-                echo "warning: boot volume is FileVault-encrypted, but the Nix store volume" >&2-                echo "         is only encrypted at rest." >&2-                echo "         See https://nixos.org/nix/manual/#sect-macos-installation" >&2-            else-                echo "error: refusing to create Nix store volume because the boot volume is" >&2-                echo "       FileVault encrypted, but encryption-at-rest is not available." >&2-                echo "       Manually create a volume for the store and re-run this script." >&2-                echo "       See https://nixos.org/nix/manual/#sect-macos-installation" >&2-                exit 1-            fi+    if [ -n "$create_volume" ]; then+        echo "Creating a Nix volume..." >&2++        sudo diskutil apfs addVolume "$disk" "$NIX_VOLUME_FS" "$volume" -mountpoint /nix+        new_uuid="$(volume_uuid "$volume")"++        if [ "$INSTALL_MODE" = "no-daemon" ]; then # exported by caller+            # TODO: is there a better way to do this?+            sudo chown $USER:admin /nix         fi -        sudo diskutil apfs addVolume "$disk" APFS 'Nix Store' -mountpoint /nix-        volume="Nix Store"+        if test_filevault_in_use; then+            # security program's flags won't let us both specify a keychain+            # and be prompted for a pw to add; two step workaround:+            # 1. add a blank pw to system keychain++            # system is in some sense less secure than user keychain... (it's+            # possible to read the password for decrypting the keychain) but+            # the user keychain appears to be available too late. As far as I+            # can tell, the file with this password (/var/db/SystemKey) is+            # inside the FileVault envelope. If that isn't true, it may make+            # sense to store the password inside the envelope?+            sudo /usr/bin/security add-generic-password -a "$volume" -s "$new_uuid" -D "$volume encryption password" -j "Added automatically by the Nix installer for use by /Library/LaunchDaemons/org.nixos.darwin-store.plist" "/Library/Keychains/System.keychain"+            # TODO: decide if we should add `-T /System/Library/CoreServices/APFSUserAgent`+            # This should let the system seamlessly supply the password for this volume+            # which in turn means the fstab entry is enough for the system to (eventually)+            # decrypt and mount the volume we're adding, but I hesitate because I'm not+            # certain the system _should_ transparently failover if the LaunchDaemon is+            # broken for some reason? Without supplying this flag, the system will instead+            # start prompting them to allow APFSUserAgent to access this credential.++            # 2. add a password with the -U (update) flag and -w (prompt if last)+            #    flags, but specify no keychain; security will use the first it finds+            prepare_darwin_volume_password "$volume" "$new_uuid" | sudo diskutil apfs encryptVolume "$volume" -user disk -stdinpassphrase+        fi     else         echo "Using existing '$volume' volume" >&2     fi -    if ! test_fstab; then-        echo "Configuring /etc/fstab..." >&2-        label=$(echo "$volume" | sed 's/ /\\040/g')-        # shellcheck disable=SC2209-        printf "\$a\nLABEL=%s /nix apfs rw,nobrowse\n.\nwq\n" "$label" | EDITOR=ed sudo vifs+    if ! test_voldaemon; then+        echo "Configuring LaunchDaemon to mount '$volume'..." >&2+        generate_mount_daemon | sudo tee /Library/LaunchDaemons/org.nixos.darwin-store.plist >/dev/null++        sudo launchctl load /Library/LaunchDaemons/org.nixos.darwin-store.plist++        sudo launchctl start org.nixos.darwin-store

I don't think this is necessary, bootstrapping the daemon should be enough as it's configured to run automatically. If we did need to run it manually then we should use kickstart as start is a legacy command, but we really shouldn't need this at all.

abathur

comment created time in 5 hours

Pull request review commentNixOS/nix

darwin: encrypt nix volume if filevault is enabled

 main() {     fi      disk="$(root_disk_identifier)"-    volume=$(find_nix_volume "$disk")+    volume=$(find_nix_volume "$disk") # existing volname starting w/ "nix"?     if [ -z "$volume" ]; then-        echo "Creating a Nix Store volume..." >&2+        volume="Nix Volume"    # otherwise use default+        create_volume=1+    fi+    # fstab used to be responsible for mounting the volume. Now the last+    # step adds a LaunchDaemon responsible for mounting. This is technically+    # redundant for mounting, but diskutil appears to pick up mount options+    # from fstab (and diskutil's support for specifying them directly is not+    # consistent across versions/subcommands), enabling us to specify mount+    # options by *label*.+    #+    # Being able to do all of this by label is helpful because it's a stable+    # identifier that we can know at code-time, letting us skirt some logistic+    # complexity that comes with doing this by UUID (which is stable, but not+    # known ahead of time) or special device name/path (which is not stable).+    if ! test_fstab; then+        echo "Configuring /etc/fstab..." >&2+        label=$(echo "$volume" | sed 's/ /\\040/g')+        # shellcheck disable=SC2209+        printf "\$a\nLABEL=%s /nix apfs rw,nobrowse\n.\nwq\n" "$label" | EDITOR=ed sudo vifs+    fi -        if test_filevault_in_use; then-            # TODO: Not sure if it's in-scope now, but `diskutil apfs list`-            # shows both filevault and encrypted at rest status, and it-            # may be the more semantic way to test for this? It'll show-            # `FileVault:                 No (Encrypted at rest)`-            # `FileVault:                 No`-            # `FileVault:                 Yes (Unlocked)`-            # and so on.-            if test_t2_chip_present; then-                echo "warning: boot volume is FileVault-encrypted, but the Nix store volume" >&2-                echo "         is only encrypted at rest." >&2-                echo "         See https://nixos.org/nix/manual/#sect-macos-installation" >&2-            else-                echo "error: refusing to create Nix store volume because the boot volume is" >&2-                echo "       FileVault encrypted, but encryption-at-rest is not available." >&2-                echo "       Manually create a volume for the store and re-run this script." >&2-                echo "       See https://nixos.org/nix/manual/#sect-macos-installation" >&2-                exit 1-            fi+    if [ -n "$create_volume" ]; then+        echo "Creating a Nix volume..." >&2++        sudo diskutil apfs addVolume "$disk" "$NIX_VOLUME_FS" "$volume" -mountpoint /nix+        new_uuid="$(volume_uuid "$volume")"++        if [ "$INSTALL_MODE" = "no-daemon" ]; then # exported by caller+            # TODO: is there a better way to do this?+            sudo chown $USER:admin /nix         fi -        sudo diskutil apfs addVolume "$disk" APFS 'Nix Store' -mountpoint /nix-        volume="Nix Store"+        if test_filevault_in_use; then+            # security program's flags won't let us both specify a keychain+            # and be prompted for a pw to add; two step workaround:+            # 1. add a blank pw to system keychain++            # system is in some sense less secure than user keychain... (it's+            # possible to read the password for decrypting the keychain) but+            # the user keychain appears to be available too late. As far as I+            # can tell, the file with this password (/var/db/SystemKey) is+            # inside the FileVault envelope. If that isn't true, it may make+            # sense to store the password inside the envelope?+            sudo /usr/bin/security add-generic-password -a "$volume" -s "$new_uuid" -D "$volume encryption password" -j "Added automatically by the Nix installer for use by /Library/LaunchDaemons/org.nixos.darwin-store.plist" "/Library/Keychains/System.keychain"

The label will default to the service name. We should provide an explicit label instead.

And the kind should probably be something generic instead of including the volume name.

Here's what I'd recommend:

            sudo /usr/bin/security add-generic-password -a "$volume" -s "$new_uuid" -l "$volume encryption password" -D "Encrypted volume password" -j "Added automatically by the Nix installer for use by /Library/LaunchDaemons/org.nixos.darwin-store.plist" "/Library/Keychains/System.keychain"
abathur

comment created time in 5 hours

Pull request review commentNixOS/nix

darwin: encrypt nix volume if filevault is enabled

 main() {     fi      disk="$(root_disk_identifier)"-    volume=$(find_nix_volume "$disk")+    volume=$(find_nix_volume "$disk") # existing volname starting w/ "nix"?     if [ -z "$volume" ]; then-        echo "Creating a Nix Store volume..." >&2+        volume="Nix Volume"    # otherwise use default+        create_volume=1+    fi+    # fstab used to be responsible for mounting the volume. Now the last+    # step adds a LaunchDaemon responsible for mounting. This is technically+    # redundant for mounting, but diskutil appears to pick up mount options+    # from fstab (and diskutil's support for specifying them directly is not+    # consistent across versions/subcommands), enabling us to specify mount+    # options by *label*.+    #+    # Being able to do all of this by label is helpful because it's a stable+    # identifier that we can know at code-time, letting us skirt some logistic+    # complexity that comes with doing this by UUID (which is stable, but not+    # known ahead of time) or special device name/path (which is not stable).+    if ! test_fstab; then+        echo "Configuring /etc/fstab..." >&2+        label=$(echo "$volume" | sed 's/ /\\040/g')+        # shellcheck disable=SC2209+        printf "\$a\nLABEL=%s /nix apfs rw,nobrowse\n.\nwq\n" "$label" | EDITOR=ed sudo vifs+    fi -        if test_filevault_in_use; then-            # TODO: Not sure if it's in-scope now, but `diskutil apfs list`-            # shows both filevault and encrypted at rest status, and it-            # may be the more semantic way to test for this? It'll show-            # `FileVault:                 No (Encrypted at rest)`-            # `FileVault:                 No`-            # `FileVault:                 Yes (Unlocked)`-            # and so on.-            if test_t2_chip_present; then-                echo "warning: boot volume is FileVault-encrypted, but the Nix store volume" >&2-                echo "         is only encrypted at rest." >&2-                echo "         See https://nixos.org/nix/manual/#sect-macos-installation" >&2-            else-                echo "error: refusing to create Nix store volume because the boot volume is" >&2-                echo "       FileVault encrypted, but encryption-at-rest is not available." >&2-                echo "       Manually create a volume for the store and re-run this script." >&2-                echo "       See https://nixos.org/nix/manual/#sect-macos-installation" >&2-                exit 1-            fi+    if [ -n "$create_volume" ]; then+        echo "Creating a Nix volume..." >&2++        sudo diskutil apfs addVolume "$disk" "$NIX_VOLUME_FS" "$volume" -mountpoint /nix+        new_uuid="$(volume_uuid "$volume")"++        if [ "$INSTALL_MODE" = "no-daemon" ]; then # exported by caller+            # TODO: is there a better way to do this?+            sudo chown $USER:admin /nix         fi -        sudo diskutil apfs addVolume "$disk" APFS 'Nix Store' -mountpoint /nix-        volume="Nix Store"+        if test_filevault_in_use; then+            # security program's flags won't let us both specify a keychain+            # and be prompted for a pw to add; two step workaround:+            # 1. add a blank pw to system keychain++            # system is in some sense less secure than user keychain... (it's+            # possible to read the password for decrypting the keychain) but+            # the user keychain appears to be available too late. As far as I+            # can tell, the file with this password (/var/db/SystemKey) is+            # inside the FileVault envelope. If that isn't true, it may make+            # sense to store the password inside the envelope?+            sudo /usr/bin/security add-generic-password -a "$volume" -s "$new_uuid" -D "$volume encryption password" -j "Added automatically by the Nix installer for use by /Library/LaunchDaemons/org.nixos.darwin-store.plist" "/Library/Keychains/System.keychain"+            # TODO: decide if we should add `-T /System/Library/CoreServices/APFSUserAgent`

According to the comment I left earlier, we should include /System/Library/CoreServices/CSUserAgent as well. I don't know under what conditions (if any) CoreStorage would be used on Catalina+, but maybe this is important for backwards-compatibility?

abathur

comment created time in 5 hours

Pull request review commentNixOS/nix

darwin: encrypt nix volume if filevault is enabled

 main() {     fi      disk="$(root_disk_identifier)"-    volume=$(find_nix_volume "$disk")+    volume=$(find_nix_volume "$disk") # existing volname starting w/ "nix"?     if [ -z "$volume" ]; then-        echo "Creating a Nix Store volume..." >&2+        volume="Nix Volume"    # otherwise use default

Previously this was Nix Store. I'm partial to just calling it Nix, but I think Nix Store makes more sense than Nix Volume anyway; it's already a volume, so putting "volume" in the name is redundant.

abathur

comment created time in 5 hours

Pull request review commentNixOS/nix

darwin: encrypt nix volume if filevault is enabled

 suggest_report_error(){     echo "       please report this @ https://github.com/nixos/nix/issues" >&2 } +generate_mount_command(){+    if test_filevault_in_use; then+        printf "    <string>%s</string>\n" /bin/sh -c '/usr/bin/security find-generic-password -a "Nix Volume" -w | /usr/sbin/diskutil apfs unlockVolume "Nix Volume" -mountpoint /nix -stdinpassphrase'+    else+        printf "    <string>%s</string>\n" /usr/sbin/diskutil mount -mountPoint /nix "Nix Volume"

If a volume exists starting with "Nix" already, we use that volume. This mount command needs to be parameterized accordingly.

abathur

comment created time in 5 hours

Pull request review commentNixOS/nix

darwin: encrypt nix volume if filevault is enabled

 suggest_report_error(){     echo "       please report this @ https://github.com/nixos/nix/issues" >&2 } +generate_mount_command(){+    if test_filevault_in_use; then+        printf "    <string>%s</string>\n" /bin/sh -c '/usr/bin/security find-generic-password -a "Nix Volume" -w | /usr/sbin/diskutil apfs unlockVolume "Nix Volume" -mountpoint /nix -stdinpassphrase'+    else+        printf "    <string>%s</string>\n" /usr/sbin/diskutil mount -mountPoint /nix "Nix Volume"+    fi+}++generate_mount_daemon(){+    cat << EOF+<?xml version="1.0" encoding="UTF-8"?>+<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">+<plist version="1.0">+<dict>+  <key>RunAtLoad</key>+  <true/>+  <key>KeepAlive</key>+  <dict>+    <key>PathState</key>+    <dict>+      <key>/nix/var/nix</key>+      <false/>+    </dict>+  </dict>+  <key>Label</key>+  <string>org.nixos.darwin-store</string>+  <key>ProgramArguments</key>+  <array>+$(generate_mount_command)+  </array>+</dict>+</plist>+EOF+}++prepare_darwin_volume_password(){+    sudo /usr/bin/expect -f - "$1" "$2" << 'EOF'+log_user 0+set VOLUME [lindex $argv 0];+set UUID [lindex $argv 1];+set PASSPHRASE [exec /usr/bin/ruby -rsecurerandom -e "puts SecureRandom.hex(32)"]++# Cargo culting: people recommend this; not sure how necessary+set send_slow {1 .1}+spawn /usr/bin/sudo /usr/bin/security add-generic-password -a "$VOLUME" -s "$UUID" -D "$VOLUME encryption password" -U -w+expect {+    "password data for new item: " {+        send -s -- "$PASSPHRASE\r"+        expect "retype password for new item: " {+            send -s -- "$PASSPHRASE\r"+        }+    }+}

I assume we're using expect here purely to avoid having the password show up in the command-line arguments in case anyone is sniffing it?

I don't think we need to worry about that. The volume is going to be mounted the entire time the computer is running, so any process that can sniff the command-line arguments can also just look at the volume while it's mounted anyway. We should ditch the complexity of expect (and the risk that it might be deprecated too since tclsh is) and just provide the passphrase on the command-line.

abathur

comment created time in 5 hours

Pull request review commentNixOS/nix

darwin: encrypt nix volume if filevault is enabled

 suggest_report_error(){     echo "       please report this @ https://github.com/nixos/nix/issues" >&2 } +generate_mount_command(){+    if test_filevault_in_use; then+        printf "    <string>%s</string>\n" /bin/sh -c '/usr/bin/security find-generic-password -a "Nix Volume" -w | /usr/sbin/diskutil apfs unlockVolume "Nix Volume" -mountpoint /nix -stdinpassphrase'+    else+        printf "    <string>%s</string>\n" /usr/sbin/diskutil mount -mountPoint /nix "Nix Volume"+    fi+}++generate_mount_daemon(){+    cat << EOF+<?xml version="1.0" encoding="UTF-8"?>+<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">+<plist version="1.0">+<dict>+  <key>RunAtLoad</key>+  <true/>+  <key>KeepAlive</key>+  <dict>+    <key>PathState</key>+    <dict>+      <key>/nix/var/nix</key>+      <false/>+    </dict>+  </dict>+  <key>Label</key>+  <string>org.nixos.darwin-store</string>+  <key>ProgramArguments</key>+  <array>+$(generate_mount_command)+  </array>+</dict>+</plist>+EOF+}++prepare_darwin_volume_password(){+    sudo /usr/bin/expect -f - "$1" "$2" << 'EOF'+log_user 0+set VOLUME [lindex $argv 0];+set UUID [lindex $argv 1];+set PASSPHRASE [exec /usr/bin/ruby -rsecurerandom -e "puts SecureRandom.hex(32)"]

/usr/bin/ruby is deprecated on macOS (all scripting languages besides bash are; python3 is available if and only if Xcode is installed).

I think bash version of this hex generation could look like

cat /dev/random | head -c 32 | xxd -p -c 256
abathur

comment created time in 5 hours

Pull request review commentNixOS/nix

darwin: encrypt nix volume if filevault is enabled

 main() {         echo "     ------------------------------------------------------------------ "         echo ""         echo "  1. Remove the entry from fstab using 'sudo vifs'"-        echo "  2. Destroy the data volume using 'diskutil apfs deleteVolume'"-        echo "  3. Remove the 'nix' line from /etc/synthetic.conf or the file"+        echo "  2. Remove /Library/LaunchDaemons/org.nixos.darwin-store.plist"+        echo "  3. Destroy the data volume using 'diskutil apfs deleteVolume'"+        echo "  4. Remove the 'nix' line from /etc/synthetic.conf (or the file)"
        echo "  2. Run `sudo launchctl bootout system/org.nixos.darwin-store`
        echo "  3. Remove /Library/LaunchDaemons/org.nixos.darwin-store.plist"
        echo "  4. Destroy the data volume using 'diskutil apfs deleteVolume'"
        echo "  5. Remove the 'nix' line from /etc/synthetic.conf (or the file)"
abathur

comment created time in 5 hours

Pull request review commentNixOS/nix

darwin: encrypt nix volume if filevault is enabled

 suggest_report_error(){     echo "       please report this @ https://github.com/nixos/nix/issues" >&2 } +generate_mount_command(){+    if test_filevault_in_use; then+        printf "    <string>%s</string>\n" /bin/sh -c '/usr/bin/security find-generic-password -a "Nix Volume" -w | /usr/sbin/diskutil apfs unlockVolume "Nix Volume" -mountpoint /nix -stdinpassphrase'+    else+        printf "    <string>%s</string>\n" /usr/sbin/diskutil mount -mountPoint /nix "Nix Volume"+    fi+}++generate_mount_daemon(){+    cat << EOF+<?xml version="1.0" encoding="UTF-8"?>+<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">+<plist version="1.0">+<dict>+  <key>RunAtLoad</key>+  <true/>+  <key>KeepAlive</key>+  <dict>+    <key>PathState</key>+    <dict>+      <key>/nix/var/nix</key>+      <false/>+    </dict>+  </dict>+  <key>Label</key>+  <string>org.nixos.darwin-store</string>+  <key>ProgramArguments</key>+  <array>+$(generate_mount_command)+  </array>+</dict>+</plist>+EOF+}++prepare_darwin_volume_password(){+    sudo /usr/bin/expect -f - "$1" "$2" << 'EOF'

tclsh is deprecated on macOS. Is /usr/bin/expect reliable going forward? I hadn't thought of this before, expect requires tclsh, but it doesn't print the deprecation warning tclsh does upon entering the REPL, which could just be an oversight on Apple's part, or it could indicate that expect will stay even as tclsh is deprecated or removed from PATH.

abathur

comment created time in 5 hours

PullRequestReviewEvent
PullRequestReviewEvent

pull request commentNixOS/nix

darwin: encrypt nix volume if filevault is enabled

adds an "active" component (the LaunchDaemon); note: the current .plist "KeepAlive" setting attempts to run until a path we expect to be on the volume is available; this can and should be refined to limit the resources it can waste if the volume isn't mountable for some reason

What is the reason for using KeepAlive here? Do we actually expect it to fail to mount a few times before it successfully mounts? With it set up this way, if I manually unmount the volume it will be expected to immediately remount it, which seems rather odd.

abathur

comment created time in 5 hours

pull request commentNixOS/nix

darwin: encrypt nix volume if filevault is enabled

Regarding the keychain thing, I wonder if someone can expend an Apple developer account incident to see if we can get in touch with an Apple filesystem engineer in order to confirm whether the "grant keychain access to these 2 processes" is reliable going forward, or whether there's any alternative supported mechanism.

abathur

comment created time in 5 hours

pull request commentNixOS/nix

darwin: encrypt nix volume if filevault is enabled

I was actually planning on looking into this problem this very week, as I'm currently working on figuring out how to deploy Nix to my team 😅 I have not yet looked at what this PR does but here are my immediate thoughts:

  1. Last time I looked into this, it appeared that putting the volume passphrase into the system keychain and granting access to a few specific processes allowed the system to mount it automatically upon boot, just as it mounts the volume when unencrypted. This is mentioned in this PR comment and the reference for this is this third-party install script. According to that script, the keychain entry needs to be accessible by APFSUserAgent and CSUserAgent. If this approach just works, that's fantastic. My worry here is just that the need to grant access to 2 specific daemons is undocumented and it's not clear if this will be reliable going forward.
  2. I like the convenience of single-user as I don't have to use sudo to update my channels, and the conceptual simplicity of only having one profile instead of having default + per-user is nice. I worry that when introducing Nix to colleagues, a multi-user install might lead them to accidentally installing some stuff in the default profile and some in the per-user profile (though my intended usage of Nix does not have them explicitly installing anything at all). Having said that, the fact that there are two different ways of installing Nix, and the fact that the shell setup is different for these, and the usage patterns are different, is annoying. Ultimately, it's probably a good idea to remove single-user install, given that we need sudo to install it anyway. Single-user install is probably only worth having if we have a sudoless installation (which is never going to happen as that means the installation path would be relative to the user's home folder and would break all binary caches).
abathur

comment created time in 5 hours

issue openeddandavison/delta

🐛 Delta removes old/new mode lines in diff output

When a file's mode is changed, git diff will emit lines in between the diff --git a/path b/path line and the index hash1..hash2 line that shows the mode change. Unfortunately delta discards this entire header, including the mode change. Using --color-only or --diff-highlight preserves these lines, but otherwise they get removed.

This is rather annoying as the mode changes are actually important.

git diff --no-pager output:

diff --git a/tools/is_ci.tcl b/tools/is_ci.tcl
old mode 100644
new mode 100755
index d984ab2c65..d047b92be6
--- a/tools/is_ci.tcl
+++ b/tools/is_ci.tcl
@@ -6,10 +6,10 @@ namespace import util::*
 
 proc usage {} {
     return "usage: [file tail $::argv0] \[-q]
-	
+
 Options:
   -q --quiet  Suppress all output.
-  
+
 Description:
   Checks if the script was invoked from within a CI environment. If so, prints
   'yes', otherwise prints 'no'.

delta --no-gitconfig output (sans color):


tools/is_ci.tcl
─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────

─────────────────────────┐
namespace import util::* │
─────────────────────────┘
6

proc usage {} {
    return "usage: [file tail $::argv0] \[-q]
    

Options:
  -q --quiet  Suppress all output.
  

Description:
  Checks if the script was invoked from within a CI environment. If so, prints
  'yes', otherwise prints 'no'.

created time in 7 days

issue openedpostmates/PMJSON

Allow for overriding Content-Type on HTTPManagerUploadJSONRequest

HTTPManagerUploadJSONRequest currently hardcodes the Content-Type as application/json. This is usually the right call, but we really should have a way to override this, such as by making the property mutable (as HTTPManagerUploadDataRequest does).

created time in 10 days

issue openedlyndsey-ferguson/fastlane-plugin-test_center

Allow controlling the html report verbose logging separately from fastlane verbose flag

Feature Request

Motivation Behind Feature

I run fastlane with the --verbose flag because it's really useful when diagnosing failures, especially with long-running jobs that I don't want to have to repeat locally.

The downside is multi_scan dumps a ton of output under verbose when it's collating HTML reports, as it prints the entire raw HTML contents of the report. I'd really like a way to disable printing of these HTML reports while keeping verbose on for everything else.

Feature Description

Give me some flag I can set in my Fastfile to enable/disable verbose logging of html report collating.

created time in 10 days

push eventlilyball/.vim

Lily Ballard

commit sha 1061b97c61f54e9e2e2434975f700f781d588406

Remove gitv, update fugitive

view details

Lily Ballard

commit sha a21f98c649eb1533f74e1ca139fbf0cd95f58af3

Update my name

view details

Lily Ballard

commit sha fd633f70a4b0a3f61327e386339fe7c64a341447

Move some plugins to Nix config

view details

push time in 11 days

push eventlilyball/.vim

Lily Ballard

commit sha 746b80a7ff6f3c4f8fd9f8015338b038480d7f19

Update my name

view details

push time in 11 days

push eventlilyball/.vim

Lily Ballard

commit sha 0d9cd99ac3234f4850375608e9d66d2ba11efa89

Remove gitv, update fugitive

view details

push time in 11 days

issue commentlyndsey-ferguson/fastlane-plugin-test_center

Feature Request: Parallel workers to periodically emit status updates to stdout

It turns out that STDOUT.puts doesn't work. You're calling $stdout.reopen rather than reassigning to $stdout, which means it's modifying the underlying file descriptor (which is to say, $stdout == STDOUT). Presumably you're doing this because you don't otherwise have a safe way of redirecting the logger owned by UI.

https://github.com/lyndsey-ferguson/fastlane-plugin-test_center/blob/bbf1637943b289261bfc693d76df0db8edf254dc/lib/fastlane/plugin/test_center/helper/multi_scan_manager/parallel_test_batch_worker.rb#L84

I can probably hack around this by cloning STDOUT prior to invoking multi_scan, though this feels ugly.

lilyball

comment created time in 14 days

issue commentlyndsey-ferguson/fastlane-plugin-test_center

Feature Request: Parallel workers to periodically emit status updates to stdout

Is there any way for me to figure out what worker I'm running in if I print directly to STDOUT? I think it would be useful to include that info in the line.

lilyball

comment created time in 14 days

issue openedlyndsey-ferguson/fastlane-plugin-test_center

Request: Workers should periodically emit status updates to fastlane stdout

Feature Request

Motivation Behind Feature

When we run our full UI test suite, this can take a while. Last time I checked, a full run took about 40min. We have our Jenkins job set to time out after an hour of no activity. The problem is, our full UI test run sometimes times out, my assumption is because something happened and it has to retry a lot more tests than normal, but the console output is not helpful at all. The end of the output just looks like

INFO [2020-10-09 01:08:02.24]: Starting test run 1
INFO [2020-10-09 01:08:02.30]: Starting test run 2
INFO [2020-10-09 01:08:02.39]: Starting test run 3
INFO [2020-10-09 01:08:02.41]: Starting test run 4
Sending interrupt signal to process
sh: line 1: 67112 Terminated: 15          JENKINS_SERVER_COOKIE=$jsc '/Users/jenkins/workspace/twitch-iphone-ui-tests-nightly@tmp/durable-3f3ac35b/script.sh' > '/Users/jenkins/workspace/twitch-iphone-ui-tests-nightly@tmp/durable-3f3ac35b/jenkins-log.txt' 2>&1

We have a testrun_completed_block defined, but apparently anything it prints is buffered by the worker.

In any case, this means that as long as some worker hasn't finished yet, fastlane won't print any output, and an activity-based timeout will therefore degrade into an absolute timeout and potentially kill the job despite it making progress.

Feature Description

I think the workers really should be periodically emitting status into the output, as long as they're making progress. This way activity-based timeouts (like I'm using) won't abort the tests if they're still running. At the very least any time a worker finishes a batch it should immediately send its status to fastlane stdout; if it's capable of determining status in the middle then it could send an update periodically as well (e.g. any time it finishes a test suite, if it's been longer than 5 minutes since the last update it could send a new update), though I don't know if the workers actually parse that kind of status during the middle of a run.

Ideally the fastlane process would use terminal escapes to show one line of status for each worker constantly (such as the last line of output from the worker), but I'm guessing moving the cursor to overwrite lines doesn't play well with Jenkins logs (even though it handles colors).

Maybe you can think of some other way to do periodic updates too that would make more sense. Ultimately I just need it to print something to stdout periodically, preferably giving me a sense of its progress, and this printing should actually represent progress being made (e.g. if a worker actually legitimately hangs, then it should stop printing status).

created time in 17 days

pull request commentNixOS/nixpkgs

installShellFiles: Enhance installShellCompletion

I rebased onto staging, fixed the merge conflict, and added passthru.tests. For the tests I had to use overrideAttrs as makeSetupHook has no direct support for this; I can't test locally because of the mass rebuild but I'm assuming it will work.

lilyball

comment created time in 18 days

push eventlilyball/nixpkgs

Jonathan Ringer

commit sha 24a1c3977bb1d5dd530e20ecc275a55564a5ea7d

python3Packages.azure-storage-blob: 12.4.0 -> 12.5.0

view details

Jonathan Ringer

commit sha 50d41537dd19bd0ff314f0ec6cae0f428512d1b5

python3Packages.azure-synapse-accesscontrol: 0.2.0 -> 0.3.0

view details

Jonathan Ringer

commit sha 156acc6f9779a829acd5f42e37fac491bcc4f61f

python3Packages.azure-synapse-spark: 0.2.0 -> 0.3.0

view details

Jonathan Ringer

commit sha 61ae2b47155c990bf2e696a9736e5e74e51c7363

python3Packages.azure-keyvault-administration: init at 4.0.0b1

view details

Jonathan Ringer

commit sha 4d165d29dec9b843f9fd00b1bc98ea6cd7769d9f

python3Packages.azure-appconfiguration: init at 1.1.0

view details

Jonathan Ringer

commit sha f89469957dcd2ca1c897325228ff9023f99a5725

azure-cli: 2.11.1 -> 2.12.1

view details

kfollesdal

commit sha b22a482dda56a24fa5d36f527dcd7bce60ecf6ae

pythonPackages.databricks-connect: 7.1.0 -> 7.1.1

view details

R. RyanTM

commit sha 1da60d0177160da564cc8ac1f90c849e1277c7a7

python37Packages.asyncssh: 2.3.0 -> 2.4.2

view details

R. RyanTM

commit sha 9658a8e0c2866b7bd843e6f43afb47594a4cfd9e

python27Packages.datadog: 0.38.0 -> 0.39.0

view details

R. RyanTM

commit sha 70c5ca0b2ed79b09966f05f978a283b4701b080e

python37Packages.bidict: 0.20.0 -> 0.21.2

view details

Raphael Borun Das Gupta

commit sha 9a2f904e8f686cc33a2cc161656e1e0d91d97161

pythonPackages.namedlist: 1.7 -> 1.8

view details

Raphael Borun Das Gupta

commit sha 638612dadf64da1f776139b208a0d959142c4adc

pythonPackages.namedlist: bitbucket -> gitlab.com adapt meta.homepage, as upstream has moved to gitlab.com

view details

Francesco Zanini

commit sha 6efc71f17b1af84964fa1f5907f1929d49873205

python3Packages.git-remote-codecommit: init at 1.15.1

view details

Robert Scott

commit sha 85e6474eeec3d510aac82c15b55d249731a22b7b

pythonPackages.ruffus: 2.8.1 -> 2.8.4, fix build simplify test execution by skipping their makefile entirely. disable tests on darwin as they are very flaky & hang often. this is probably ok because we're not hacking this package's source to get it installed, and the user is probably getting something very similar as they would get using a regular pip installation.

view details

Sandro

commit sha b76670f139e140afe0f49016e0beb85b086add48

duf: 0.3.0 -> 0.3.1 (#99092)

view details

Jan Tojnar

commit sha a7f375d3354af159eab45896e012fb9e856b93cb

Merge pull request #98909 from r-ryantm/auto-update/xdg-desktop-portal xdg-desktop-portal: 1.7.2 -> 1.8.0

view details

Jonathan Ringer

commit sha f2de9ca370c018d05428d9b0438ade8116ec81db

xorg.xkeyboardconfig: build man pages

view details

oxalica

commit sha 7d325775445ede2b6bc011eae4d218da9eb40902

rust-analyzer: 2020-09-21 -> 2020-09-28

view details

R. RyanTM

commit sha 1a519a6ff37cd936f5ea6eca4ac2d7ddcccf0d2c

python37Packages.libcloud: 3.1.0 -> 3.2.0

view details

R. RyanTM

commit sha bf97ef57fe88a9ab1391c4264bfd6d5bf5c81c9f

python27Packages.argcomplete: 1.12.0 -> 1.12.1

view details

push time in 18 days

issue commentFLEXTool/FLEX

Some way to disable loading of FLEX at runtime

@NSExceptional

I'm curious though, your use case sounds unique; does a rebuild (in your example) take a significantly longer time between the two test targets where one includes FLEX and one does not?

FLEX isn't in the test target. It's in the app target. The app has unit tests that use the app as the host. It's impossible to use #if for this because the app isn't built in any kind of special test configuration for unit tests, it's just built in the normal Debug configuration. Determining whether unit tests are running must be done at runtime (e.g. checking if XCTest.framework is loaded by looking for one of its classes, or looking for the undocumented XCTestConfigurationFilePath env var that controls the injection of the test bundle), which means it's too late to prevent linking in FLEX.

In theory we could pass build setting overrides when building in CI, but I really don't like that because it means FLEX will still be loaded when developers run unit tests locally.

As for categories, I'm not too concerned about their presence as long as they're all prefixed properly. The fact that some are not is pretty bad though.

lilyball

comment created time in 18 days

issue commentcli/cli

Checkout PR by creating a new worktree

I'd like to see this, especially the "create a worktree in a known temporary location", but I would also want a way to say "prune all of my PR worktrees" so I can run that periodically.

tony84727

comment created time in 18 days

issue commentcli/cli

add flag to pr checkout to use detached head

I would really love to see a config option to make this the default as well, along with an inverse flag (e.g. --no-foo) to opt in to the original behavior. I never want to create a local branch. I know I can make an alias but I'd prefer to keep the gh pr checkout invocation because it's easier to remember than custom aliases.

openjck

comment created time in 18 days

pull request commentcli/cli

Add flag for using detached HEAD to `pr checkout`

Please call this --detach instead of --detach-head; the former already has precedent in the Git CLI (e.g. git checkout --detach refname) so it'll be easier to remember that way.

fsmiamoto

comment created time in 18 days

pull request commentNixOS/nixpkgs

installShellFiles: Enhance installShellCompletion

I can't promise it but I will do my best to revisit this today.

lilyball

comment created time in 18 days

issue commentFLEXTool/FLEX

Some way to disable loading of FLEX at runtime

Apparently the os_log at-load stuff is already gated by this as of v4.1.0, but this wasn't in the release notes. But I'd like to disable all such functionality, not just the os_log stuff.

lilyball

comment created time in 21 days

issue commentFLEXTool/FLEX

Some way to disable loading of FLEX at runtime

I'm saying the +load methods should consult either an env var or NSUserDefaults to check for a predefined var/key whose presence signals "don't load FLEX". If this var/key is present, the +load method would then just exit without doing anything.

The NSUserDefaults method would be to allow the app to be launched with an argument like -DisableFLEX YES (which sets the user defaults key "DisableFlex" in the volatile NSArgumentDomain). The env var would just be something like DISABLE_FLEX=1 and could be tested with a simple getenv() (for the env var I'd say treat the mere presence of the var as disabling it, e.g. getenv("DISABLE_FLEX") != NULL).

I'm not asking for a way for me to programmatically tweak the behavior, I'm asking for FLEX to define this env var or user defaults key itself.

lilyball

comment created time in 21 days

issue commentFLEXTool/FLEX

Some way to disable loading of FLEX at runtime

That would require me to pass a custom build setting flag to xcodebuild when building in CI, which is doable, but also prevents me from sharing any build artifacts with other builds (e.g. if I want to disable in unit testing but actually have it in UI testing for some reason, the two would have to independently rebuild the app).

I would much prefer a runtime check, so I can disable it without having to rebuild.

lilyball

comment created time in 21 days

issue openedFLEXTool/FLEX

Some way to disable loading of FLEX at runtime

I'd really like to be able to completely disable loading of FLEX at runtime, either with a launch argument (e.g. something that sets a volatile defaults key) or with an env variable.

The idea here is that I really don't need FLEX to be loading while running unit/UI tests in CI, especially given crashes like #469. It's meant to be an aid for exploring/debugging, not something that should be loaded when I'm running automated tests. But since building for testing is just doing a debug build, the test app includes FLEX.

In particular, what I'd like to do is disable fishhook, and anything else that runs at load time. The framework would still be linked into my app, so if I have code that programmatically shows it, that code will continue to link, but it's okay for FLEX to be nonfunctional if I actually try and show it with the runtime disabled (a quick hack might be for showExplorer() to simply do nothing and log an error if invoked with the runtime disabled, and of course the default simulator keyboard shortcuts shouldn't exist in this case though I assume disabling run-at-load behavior would do that already).

created time in 21 days

issue openedFLEXTool/FLEX

fishhook crash on launch in perform_rebinding_with_section

We've been seeing our app intermittently crash on launch when trying to run unit tests in CI. I don't know why it only crashes sometimes, but the latest crash is occurring inside of FLEX's perform_rebinding_with_section function as a null pointer dereference.

Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0   org.cocoapods.FLEX            	0x000000011509deb2 perform_rebinding_with_section + 274 (flex_fishhook.c:130)

<details><summary>Full backtrace:</summary>

Exception Type:        EXC_CRASH (SIGKILL)
Exception Codes:       0x0000000000000000, 0x0000000000000000
Exception Note:        EXC_CORPSE_NOTIFY

Termination Reason:    Namespace SPRINGBOARD, Code 0x8badf00d

Application Specific Information:
CoreSimulator 732.17 - Device: iPhone 8 (830B3EAB-16D5-4D6D-86CF-A5B31AADC0C9) - Runtime: iOS 13.4 (17E255) - DeviceType: iPhone 8

Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0   org.cocoapods.FLEX            	0x000000011509deb2 perform_rebinding_with_section + 274 (flex_fishhook.c:130)
1   org.cocoapods.FLEX            	0x000000011509dbf7 rebind_symbols_for_image + 1095 (flex_fishhook.c:244)
2   org.cocoapods.FLEX            	0x000000011509dd98 _rebind_symbols_for_image + 56 (flex_fishhook.c:252)
3   dyld_sim                      	0x0000000111219be3 dyld::registerAddCallback(void (*)(mach_header const*, long)) + 257
4   libdyld.dylib                 	0x00000001287ab9cb _dyld_register_func_for_add_image + 87
5   org.cocoapods.FLEX            	0x000000011509dce6 rebind_symbols + 150 (flex_fishhook.c:282)
6   org.cocoapods.FLEX            	0x000000011517c57c +[FLEXSystemLogViewController load] + 188 (FLEXSystemLogViewController.m:58)
7   libobjc.A.dylib               	0x000000011d5ca477 load_images + 1386
8   dyld_sim                      	0x0000000111217e34 dyld::notifySingle(dyld_image_states, ImageLoader const*, ImageLoader::InitializerTimingList*) + 418
9   dyld_sim                      	0x0000000111225856 ImageLoader::recursiveInitialization(ImageLoader::LinkContext const&, unsigned int, char const*, ImageLoader::InitializerTimingList&, ImageLoader::UninitedUpwards&) + 438
10  dyld_sim                      	0x00000001112257d5 ImageLoader::recursiveInitialization(ImageLoader::LinkContext const&, unsigned int, char const*, ImageLoader::InitializerTimingList&, ImageLoader::UninitedUpwards&) + 309
11  dyld_sim                      	0x0000000111223d2c ImageLoader::processInitializers(ImageLoader::LinkContext const&, unsigned int, ImageLoader::InitializerTimingList&, ImageLoader::UninitedUpwards&) + 188
12  dyld_sim                      	0x0000000111223dcc ImageLoader::runInitializers(ImageLoader::LinkContext const&, ImageLoader::InitializerTimingList&) + 82
13  dyld_sim                      	0x000000011121b258 dyld::runInitializers(ImageLoader*) + 82
14  dyld_sim                      	0x000000011121f56a dlopen_internal + 909
15  libdyld.dylib                 	0x00000001287abe48 dlopen + 171
16  com.apple.CoreFoundation      	0x0000000126e2e1f7 _CFBundleDlfcnLoadBundle + 151
17  com.apple.CoreFoundation      	0x0000000126cfbe92 _CFBundleLoadExecutableAndReturnError + 274
18  com.apple.Foundation          	0x00000001153d80af -[NSBundle loadAndReturnError:] + 356
19  libXCTestBundleInject.dylib   	0x00000001112bf519 __XCTestBundleInject + 721
20  dyld_sim                      	0x000000011122a6d9 ImageLoaderMachO::doModInitFunctions(ImageLoader::LinkContext const&) + 513
21  dyld_sim                      	0x000000011122aace ImageLoaderMachO::doInitialization(ImageLoader::LinkContext const&) + 40
22  dyld_sim                      	0x0000000111225868 ImageLoader::recursiveInitialization(ImageLoader::LinkContext const&, unsigned int, char const*, ImageLoader::InitializerTimingList&, ImageLoader::UninitedUpwards&) + 456
23  dyld_sim                      	0x0000000111223d2c ImageLoader::processInitializers(ImageLoader::LinkContext const&, unsigned int, ImageLoader::InitializerTimingList&, ImageLoader::UninitedUpwards&) + 188
24  dyld_sim                      	0x0000000111223dcc ImageLoader::runInitializers(ImageLoader::LinkContext const&, ImageLoader::InitializerTimingList&) + 82
25  dyld_sim                      	0x000000011121822a dyld::initializeMainExecutable() + 129
26  dyld_sim                      	0x000000011121c1bb dyld::_main(macho_header const*, unsigned long, int, char const**, char const**, char const**, unsigned long*) + 3662
27  dyld_sim                      	0x00000001112171cd start_sim + 122
28  dyld                          	0x000000011d71385c dyld::useSimulatorDyld(int, macho_header const*, char const*, int, char const**, char const**, char const**, unsigned long*, unsigned long*) + 2308
29  dyld                          	0x000000011d7114f4 dyld::_main(macho_header const*, unsigned long, int, char const**, char const**, char const**, unsigned long*) + 837
30  dyld                          	0x000000011d70c227 dyldbootstrap::start(dyld3::MachOLoaded const*, int, char const**, dyld3::MachOLoaded const*, unsigned long*) + 453
31  dyld                          	0x000000011d70c025 _dyld_start + 37

</details>

This is with FLEX v4.0.0, but I took a look and the only difference in flex_fishhook.c between 4.0.0 and 4.1.1 is namespacing of the functions.

The crashing line

https://github.com/FLEXTool/FLEX/blob/23c7cfbe6e6815fd7639b462dc40c282a7785e89/Classes/Utility/Runtime/flex_fishhook.c#L130

is dereferencing a pointer that's supposed to be the indirect symbols but apparently must be NULL.

What's weird is this crash only occurs occasionally, but looking at the code, this is expected to run against all loaded images every time, so it shouldn't be an issue of ordering of loads (besides which, the order of loads should presumably be deterministic). I'm really not sure what's going on here, but it might be a good idea to add some error checking in here.

created time in 21 days

push eventlilyball/git-scripts

Lily Ballard

commit sha 8d4b22d4b561eb495408ca20d1dfd0d755d1f9e0

[find-merge] Show correct merge results, introduce --all flag `git-find-merge` wasn't necessarily finding the correct results before. Fix the logic for merge detection, and add an `--all` flag for when we need to see the intermediate merges.

view details

push time in 24 days

issue openedlyndsey-ferguson/fastlane-plugin-test_center

scan option :build_without_testing is silently ignored

New Issue Checklist

  • [ ] Updated fastlane-plugin-test_center to the latest version (I checked latest source though)
  • [X] I read the README.md
  • [X] I reviewed the example(s) for the action(s) I am using
  • [X] I have removed any sensitive data such as passwords, authentication tokens, or anything else I do not want to world to see

Issue Description

When using multi_scan, the scan option :build_without_testing is silently ignored and it runs tests anyway. This can be seen here where it simply deletes that option, after having previously inserted it here. It never checks to see if I originally passed that flag in.

Environment

fastlane gems

Gem Version Update-Status
fastlane 2.156.0 🚫 Update available

Loaded fastlane plugins:

Plugin Version Update-Status
fastlane-plugin-firebase_app_distribution 0.1.4 🚫 Update available
fastlane-plugin-test_center 3.13.2 🚫 Update available
fastlane-plugin-sentry 1.6.0 ✅ Up-To-Date

created time in a month

delete branch lilyball/nixpkgs

delete branch : macvim-20.09

delete time in a month

pull request commentNixOS/nixpkgs

[20.09] macvim: 8.2.539 -> 8.2.1719

I think ofborg is just really slow right now for darwin, the original PR took a while for its checks to populate too.

Anyway nix-review builds it just fine

https://github.com/NixOS/nixpkgs/pull/99117
2 packages built:
macvim vimacs

I didn't even know about vimacs 😅 I also tested the scripting language integration and it works (e.g. :perl print "hi" works correctly). And vimacs runs, though I don't know how to use emacs.

lilyball

comment created time in a month

pull request commentNixOS/nixpkgs

[20.09] macvim: 8.2.539 -> 8.2.1719

ping @NixOS/nixos-release-managers

lilyball

comment created time in a month

PR opened NixOS/nixpkgs

[20.09] macvim: 8.2.539 -> 8.2.1719
Motivation for this change

backport of #99045

Without this version bump the package is broken due to a recent perl update. However it doesn't build on Hydra so it's not showing up as a Hydra failure.

ZHF: #97479

Things done

<!-- Please check what applies. Note that these are not hard requirements but merely serve as information for reviewers. -->

  • [ ] Tested using sandboxing (nix.useSandbox on NixOS, or option sandbox in nix.conf on non-NixOS linux)
  • Built on platform(s)
    • [ ] NixOS
    • [x] macOS
    • [ ] other Linux distributions
  • [ ] Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
  • [ ] Tested compilation of all pkgs that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review wip"
  • [x] Tested execution of all binary files (usually in ./result/bin/)
  • [ ] Determined the impact on package closure size (by running nix path-info -S before and after)
  • [x] Ensured that relevant documentation is up to date
  • [x] Fits CONTRIBUTING.md.
+29 -27

0 comment

2 changed files

pr created time in a month

created taglilyball/nixpkgs

tag20.09-beta

Nix Packages collection

created time in a month

create barnchlilyball/nixpkgs

branch : macvim-20.09

created branch time in a month

created taglilyball/nixpkgs

tag20.09-alpha

Nix Packages collection

created time in a month

delete branch lilyball/nixpkgs

delete branch : macvim-plugins

delete time in a month

delete branch lilyball/nixpkgs

delete branch : macvim

delete time in a month

issue commentstarship/starship

Starship takes over 50 seconds to load with some git repos

Wow that repo is pathological. On a fresh clone, git status took 30 seconds, and printed a warning saying it took 20 seconds just to enumerate untracked files (and offered flags that disables the untracked files tests).

This definitely seems like an issue with the git_status module. Keeping the other git modules at their default is fine, and simply disabling git_status makes starship nice and zippy.

I'm also hitting this on my own repo, but it's not nearly so pathological. fish_git_prompt takes 570ms while warm. Running git status by itself actually takes slightly longer at about 660ms, though git status -s is around 480ms. And starship is taking about 1.1s (going up to 2s on the first prompt). Most of the time fish_git_prompt takes is in the command git ls-files --others --exclude-standard --directory --no-empty-directory --error-unmatch -- :/ >/dev/null 2>&1 (which is testing for untracked files, and which appears to be what git status -s is running as well).

So I'm wondering why starship is taking so much longer to do basically the same thing. It's really only untracked files that should be expensive (since it requires walking the whole work tree), everything else is cheap.

ncautotest

comment created time in a month

pull request commentNixOS/nixpkgs

macvim: add configuration similar to vim_configurable and neovim

I rewrote this such that it doesn't modify the original macvim.nix file at all (and rebased it). Other than that, the behavior is identical.

lilyball

comment created time in a month

push eventlilyball/nixpkgs

Daniël de Kok

commit sha fcd084b6ecf69d4ff7fcee5817dc1e905c2f8b8e

rocm-device-libs: 3.7.0 -> 3.8.0

view details

José Romildo Malaquias

commit sha 64916fe0776125e503898927a79c4d28fc68dadf

mate.engrampa: enable libmagic to detect file type

view details

Peter Simons

commit sha e2b99c074a663ba03dc755546b8d159702f191f9

LTS Haskell 16.15

view details

Peter Simons

commit sha 0be74333d01ee0a431417ffee9f9c61ae3b07322

hackage2nix: disable failing builds to fix evaluation on Hydra

view details

Peter Simons

commit sha eb523e8663829be02087188974bc38e44cd4e8d3

hackage-packages.nix: automatic Haskell package set update This update was generated by hackage2nix v2.15.5-17-g25ee725 from Hackage revision https://github.com/commercialhaskell/all-cabal-hashes/commit/2f8dc088ed039ec87e5acbc9ec0048244cbf2b9f.

view details

Kai Harries

commit sha f40afea4178949c171d37f9114b552185fca7010

haskellPackages.sbv: fix tests By patching paths of the external provers and excluding not available provers from the test. ZHF: #97479

view details

Malte Brandy

commit sha 59617bc142f959d5e0e5f37efdbb9e53085932ea

haskellPackages.ghcide: Fix build

view details

Malte Brandy

commit sha ae73fa0d56d5c78cabdfa146d5f6f301a6c127a1

haskellPackages.ghc.withPackages: Remove obsolete ghcide wrapper

view details

Malte Brandy

commit sha 2bf095d0269b9e88aac7b18793337cfe6074d413

haskellPackages.hnix: Fix build

view details

Peter Simons

commit sha d0541e2ecaa7ba1cd4ffa9c10a47b4515c267b31

haskell-pandoc-plot: mark broken because of failing test suite Reported upstream at https://github.com/LaurentRDC/pandoc-plot/issues/13.

view details

Peter Simons

commit sha 7e120085693d7fb6a33d78dbae9e0934e043f85e

Merge pull request #98227 from NixOS/haskell-updates Update Haskell package set to LTS 16.15 (plus other fixes)

view details

William Kral

commit sha 7567bd6d89653e9cf275a803d9de4dbe059121a1

python3Packages.irc: fix build

view details

Robert Scott

commit sha b6c70260c94e99161efdf124258d173344e1b7f2

Merge pull request #98232 from wkral/py-irc-fix-build python3Packages.irc: fix build

view details

ajs124

commit sha 5096b51667dfa837d7253a3a5b7ac2b8ce8551a3

Merge pull request #98051 from lb5tr/master vcv-rack: fix broken pffft reference

view details

Stig P

commit sha f6e70564fc18d3e941b5b144143f9029099cb00a

Merge pull request #97748 from flosse/microserver microserver: init at 0.1.8

view details

Jonathan Ringer

commit sha a9162ffdaa77d7fbc0c72f822449f63fae9454ec

python3Packages.runway-python: add missing deps

view details

Jonathan Ringer

commit sha 2a35f664394b379e0c0785cc769ff6ccc791be39

python3Packages.lightparam: fix source and deps

view details

Anderson Torres

commit sha 6740a5998b7b62a892dc1799fa2889fd3c7937cd

Merge pull request #93082 from cfhammill/cfh/fix-singularity-shell-copy singularity-tools: Check for /bin/sh existence before symlink

view details

Anderson Torres

commit sha c0d285c9a10dc9adb8b4d5599659b34079b6e49d

Merge pull request #98213 from titouanco/lazygit lazygit: 0.22.1 -> 0.22.8

view details

Anderson Torres

commit sha 3fe693a4a2b8dc34e174db4593fd0c2a6c6120cc

Merge pull request #98194 from lovek323/jetbrains-idea-update idea: 2020.2.1 -> 2020.2.2

view details

push time in a month

create barnchlilyball/nixpkgs

branch : macvim

created branch time in a month

issue commentfastlane/fastlane

scan: include_simulator_logs collects months worth of log data

/cc @lyndsey-ferguson

lilyball

comment created time in a month

PR opened NixOS/nixpkgs

macvim: 8.2.539 -> 8.2.1719
Motivation for this change

https://github.com/macvim-dev/macvim/releases/tag/snapshot-165 https://github.com/macvim-dev/macvim/releases/tag/snapshot-166

Also the current snapshot 163 is incompatible with the recent Perl update. This snapshot update fixes compatibility.

Beyond the snapshot update I also fixed an issue where it was compiling/linking against system ncurses instead of nixpkgs ncurses.

Things done

<!-- Please check what applies. Note that these are not hard requirements but merely serve as information for reviewers. -->

  • [ ] Tested using sandboxing (nix.useSandbox on NixOS, or option sandbox in nix.conf on non-NixOS linux)
  • Built on platform(s)
    • [ ] NixOS
    • [X] macOS
    • [ ] other Linux distributions
  • [ ] Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
  • [ ] Tested compilation of all pkgs that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review wip"
  • [X] Tested execution of all binary files (usually in ./result/bin/)
  • [ ] Determined the impact on package closure size (by running nix path-info -S before and after)
  • [X] Ensured that relevant documentation is up to date
  • [X] Fits CONTRIBUTING.md.
+29 -27

0 comment

2 changed files

pr created time in a month

issue openedNixOS/nix

nix-prefetch-url manpage does not document --attr or --executable flags

Describe the bug

The nix-prefetch-url command is documented as taking a URL to fetch. However, it can also take the -A/--attr flag and use that to look up the URL for an attribute.

It also appears to take an --executable flag that is undocumented, which just controls whether it sets the executable bit on the downloaded file.

Steps To Reproduce

  1. nix-prefetch-url --help

Expected behavior

The manpage it shows should document the -A/--attr flag as well as the --executable flag.

nix-prefetch-url --version output

nix-prefetch-url (Nix) 2.3.7

Additional context

The documentation on --attr should also explain that it defaults to a file path of . if no non-option arguments are given, otherwise it uses the first non-option argument as the path.

created time in a month

issue commentRanchero-Software/NetNewsWire

iOS: Swipe left to delete

@benubois Feedbin. The articles are old enough that they won’t sync to NNW.

tubereuse

comment created time in a month

issue commentRanchero-Software/NetNewsWire

Tapping on cell during scroll view bounce highlights cell but does not select it

Mail isn’t doing it for me, but Notes is. Also neither one of them have NNW’s behavior of highlighting immediately on touch down even if I’m attempting to scroll (NNW is somewhat inconsistent here but usually when I touch down it highlights the cell (and unhighlights the selected one) immediately even if I’m about to scroll).

If it makes a difference, I’m testing on iPad. It’s entirely possible iPhone has different behavior.

Also NNW will select the article if I drag into the bounce area and let go and then tap an article, but Mail doesn’t select anything in that scenario.

lilyball

comment created time in a month

issue commentRanchero-Software/NetNewsWire

Tapping on cell during scroll view bounce highlights cell but does not select it

I just tested in Notes and tapping during the bounce actually does select the note. Press and hold for a moment shows the grey selection and doesn’t select, but a normal quick tap does.

lilyball

comment created time in a month

issue openedRanchero-Software/NetNewsWire

Tapping on cell during scroll view bounce highlights cell but does not select it

When I swipe the article list, if I then try and tap on an article during the bounce, it highlights the cell while my finger is touching the screen but doesn’t actually select it, so the result of tapping is for the cell to highlight momentarily and then revert back to the previously-selected cell. I can even hold my finger down for a moment and it stays highlighted, but then reverts when I release, as long as I didn’t hold it down long enough to trigger the contextual menu.

This is confusing and annoying. Either it should select the article despite bouncing (this is my preference), or it should avoid highlighting the cell if it’s not going to go ahead and select it.

Curiously, this bug only triggers if my scroll gesture ends before the article list starts bouncing. Which is to say, it has to be in the state where it’s inertial scrolling without dragging. This makes some sense, as when it’s inertial scrolling like this a tap doesn’t select anything it just stops the scroll, but it also doesn’t highlight the cell when stopping the scroll. It’s only when it’s bouncing after the inertial scroll that the tap highlights the cell without selecting. And really, it shouldn’t matter if I dragged into the bounce or if it was inertial scrolling before bouncing, either way tapping during the bounce should select the article.

Reproduced on iOS 14.0.1 with NNW 5.0.3 (Build 50)

created time in a month

issue commentRanchero-Software/NetNewsWire

iOS: Swipe left to delete

@vincode-io Yes, that worked. I just starred an article from November of last year, then went to NNW and checked the feed, and it’s showing that starred article.

I’m pretty sure the issue with the missing starred articles right now is entirely on Feedbin’s end, given that Feedbin isn’t showing these previously-starred articles in the Starred list even if I unstar and restar them (but it does show other articles of similar or older age that I’m starring now for the first time).

As far as NNW is concerned, it still needs a prompt to confirm when swiping to delete a feed, both because Undo doesn’t properly restore all state even on NNW’s end (e.g. filter unread articles), and because it’s easy to do by accident so we shouldn’t rely on Undo as the only safeguard (e.g. I might not even realize I deleted a feed until later).

tubereuse

comment created time in a month

issue commentfish-shell/fish-shell

Bigword movement doesn't handle non-print non-blank characters very well

Bigword movement should not stop on newlines. It should stop on words. If I have several blank lines in a row, bigword movement should not step one newline at a time.

lilyball

comment created time in a month

issue commentRanchero-Software/NetNewsWire

iOS: Swipe left to delete

If it helps, the blog is https://mjtsai.com/blog/, and one of the items is Fast Safe Mutable State in Swift 5 (dated Feb 7, 2019).

tubereuse

comment created time in a month

issue commentRanchero-Software/NetNewsWire

iOS: Swipe left to delete

@vincode-io I think Feedbin is actually being a little weird here. These starred articles aren’t showing up in the “Starred” section of Feedbin. If I go back to one of them and star an adjacent article, it pops up in Feedbin’s “Starred” section, but unstarring and restarring one of these previously-starred items does not do this.

tubereuse

comment created time in a month

issue commentRanchero-Software/NetNewsWire

iOS: Swipe left to delete

Interesting. I just checked the Feedbin website and if I scroll back into the history of the feed I can actually see the items are still starred there. But they’re old enough that they’re not being synced to NetNewsWire. I don’t know precisely what controls what gets synced to NetNewsWire, I’d have hoped that starred items always would, but after restoring the feed, NetNewsWire’s oldest post is June 29, 2020, but the Feedbin website shows a much longer history (and all the starred items are older than that).

tubereuse

comment created time in a month

issue commentRanchero-Software/NetNewsWire

iOS: Swipe left to delete

Also the 10 most recent entries were marked as unread again, even though everything in the feed (except the 4 starred items) had been marked as read.

tubereuse

comment created time in a month

issue commentRanchero-Software/NetNewsWire

iOS: Swipe left to delete

I just accidentally swiped to delete a feed. I reflexively hit Cmd-Z, but I didn’t see any feedback in the app. I cmd-tabbed away to another app, and back, at which point I saw the feed was in my list again.

However, the 4 starred items I had in the feed are gone. And they were really old items, so there’s no hope of finding them again. This is a rather serious consequence and is extremely annoying.

Also NetNewsWire didn’t restore my Read Articles Filter setting for the feed, though that’s pretty minor.

tubereuse

comment created time in a month

issue openedsgwozdz/jenkinsfile-support

Groovy slashy strings aren't highlighted

Describe the bug Groovy supports "slashy strings", such as /foo/, and also "dollar slashy strings", like $/foo/$ (the latter is to allow for unescaped slashes within the pattern).

Expected behaviour The JenkisFile syntax should highlight these properly.

Actual behaviour The JenkinsFile syntax does not know about these and mis-highlights. In my case, $//[^/]*$/$ is being interpreted as an unknown token $ followed by a line comment //.

created time in a month

issue openedsgwozdz/jenkinsfile-support

Keywords used in declarations don't highlight very well

Describe the bug When I'm declaring stuff using normal Groovy code, the keywords used for declarations don't highlight very well.

I really wish the syntax highlighting here worked by taking the Groovy syntax highlighter and adding new keywords, since it looks like all of the pipeline-specific highlighting is just keywords. But short of doing that, we could at least highlight the most common Groovy syntax.

Expected behaviour def should be highlighted using probably some storage scope (the Groovy syntax uses storage.type.def.groovy). Access modifiers should be highlighted using some storage.modifier (the Groovy syntax uses storage.modifier.access-control.groovy).

Ideally the identifier being declared should also be highlighted, though that requires more contextual awareness. It could at least be done for an identifier immediately after def, though I don't know if this is a good idea if it won't also work for e.g. String foo = … or String foo() { … }.

Actual behaviour def is highlighted using strong.jenkinsfile, which means there's no semantic meaning whatsoever and it just appears bolded. Access modifiers aren't highlighted at all.

Screenshots image

Additional context Version 1.1.0

created time in a month

issue openedsgwozdz/jenkinsfile-support

String interpolations don't highlight

Describe the bug This syntax does not highlight Groovy string interpolations.

For example, given the following code:

def foo = "bar ${flag ? "baz" : "wat"} qux"

Expected behaviour The string interpolation should be highlighted separately. Ideally the ${} delimiters should get special highlighting, and then the contents should be highlighted as groovy code.

Actual behaviour A string interpolation is highlighted exactly the same as the string itself, down to the editor scopes. A string nested inside the interpolation actually ends the outer string.

When I inspect editor tokens and scopes, the interpolation has the scope source.jenkins > string.quoted.double.jenkins (which is identical to the string outside of the interpolation), and is colored according to string. When I enter a nested string in the interpolation, it reverts to just source.jenkins, indicating that the outer string simply ended there.

Screenshots

image

Additional context

I saw #37 (Nested string interpolation not highlighted correctly) and @sgwozdz posted a screenshot indicating that interpolation contents were indeed being highlighted separately (though the interpolation did not highlight groovy tokens within it, the whole thing was one solid color, which seems wrong. I don't know why the behavior differs there.

I have version 1.1.0 installed.

created time in a month

CommitCommentEvent

issue openedfish-shell/fish-shell

Bigword movement doesn't handle non-print non-blank characters very well

Bigword movement uses std::iswblank(c) and std::iswgraph(c) in its implementation, and seems to make the assumption that any character is either blank or graph (or a control character which it doesn't care about). But in the BMP alone there are 6801 codepoints (on my machine running macOS 10.15.6) that are neither blank nor graph or control. Some of these are reserved codepoints, but many are not. For example, Σ (U+03A3 GREEK CAPITAL LETTER SIGMA). Given this, the implementation should probably be using !std::iswblank(c) anywhere it uses std::iswgraph(c).

For that matter, newlines are whitespace but they aren't blank, which means bigword movement stops on every newline, which seems odd. So it should probably be using std::iswspace instead of std::iswblank (the former includes 8 characters the latter doesn't).

created time in a month

CommitCommentEvent

issue commentfish-shell/fish-shell

Add forward-kill-arg and backward-kill-arg

The behavior of bigword seems to be broken right now when it should be doing single-char movements (see https://github.com/fish-shell/fish-shell/issues/7325), which explains the observed behavior with backward-bigword on a\ b. bigword movement is not expected to care about fish syntax, only about whitespaces, so escapes and quotes don't matter.

I would really love to see forward/backword-[kill-]arg bindings that do explicitly care about fish syntax.

jonhoo

comment created time in 2 months

issue openedfish-shell/fish-shell

backward/forward-[kill-]bigword movement incorrect with single-char words

When using the bigword movement or kill bindings (forward-bigword, backword-bigword, etc) the movement is incorrect when the bigword is only one character long. In particular, forward-bigword acts like I'd expect forward-char forward-bigword to act, and similarly for backward. This also affects the kill variant.

For example, given the following, where | is the current character position:

echo a b c d|

Executing backward-bigword produces

echo a b |c d

instead of the expected

echo a b c |d

asciicast

fish 3.1.2

created time in 2 months

issue commentfish-shell/fish-shell

`kill-bigword` should affect *escaped* spaces

I think there's a valid case for movement by space-delimited words independently of fish escaping. In particular, if I have a long quoted string, I might want to be able to move by bigwords within the string.

Also see #2014 that asks for separate bindings for killing arguments.

mqudsi

comment created time in 2 months

issue openednewmarcel/KeepingYouAwake

Remaining duration went negative after sleep

I turned on KeepingYouAwake yesterday with a 6h duration, and then put my laptop to sleep without disabling it. I just checked right now and it's still active with a remaining duration of -16h. Screen Shot 2020-09-10 at 12 45 27 PM

created time in 2 months

startedDeVaukz/MachO-Explorer

started time in 2 months

issue commentfastlane/fastlane

scan: include_simulator_logs collects months worth of log data

This is the line of code in question:

command = "xcrun simctl spawn #{device.udid} log collect --output #{logarchive_dst.shellescape} 2>/dev/null"

Note how it doesn't limit the collection, which means it's going to try and collect everything.

lilyball

comment created time in 2 months

issue commentfastlane/fastlane

scan: include_simulator_logs collects months worth of log data

Last time I checked this is still an issue. This was reproduced with fastlane 2.153.1, but the release notes for the later releases show nothing relevant, and the responsible code is still just blindly fetching everything.

lilyball

comment created time in 2 months

issue commentmystor/git-revise

Add flag to update other local branches affected by the rewrite

patch ids are not reliable enough for a feature like this. Especially because git-revise very explicitly has features that break patch ids (such as merging/squashing two commits together, which will break heuristics based on metadata too).

lilyball

comment created time in 2 months

delete branch lilyball/nixpkgs

delete branch : cocoapods

delete time in 2 months

pull request commentNixOS/nixpkgs

installShellFiles: Enhance installShellCompletion

@Luflosi Sorry, I haven't had time to work on this in ages. I wanted to put the tests into passthru.tests so they'd actually be run. I'll try to find the time to come back to this soon.

lilyball

comment created time in 2 months

issue commentlilyball/Tomorrowland

Add Promise-creation methods with __has_feature(objc_arc_fields)

I'm not sure what we should call them though, we can't re-use the same selector name.

lilyball

comment created time in 2 months

push eventlilyball/Tomorrowland

Lily Ballard

commit sha 852d0e4432a1d6455871434e2645778258856193

Fix various typos in the README

view details

push time in 2 months

delete branch lilyball/Tomorrowland

delete branch : PromiseOperation

delete time in 2 months

push eventlilyball/Tomorrowland

Lily Ballard

commit sha 5c859e91ba114620be1c7f06e667a8ba7b4f37f5

Add PromiseOperation class This is an `Operation` subclass that wraps a `Promise`, including deferred execution of the handler that resolves the promise. Fixes #58.

view details

push time in 2 months

issue closedlilyball/Tomorrowland

Add Operation subclass that works with Promise

It would be useful to have an async Operation subclass that wraps a computation and has an associated Promise. This would make it easier to integrate promises into dependency management that Operation is good at expressing.

With this approach, the client would create an instance of the Operation subclass, and the instance would have an associated read-only promise property that returns a promise that is resolved by the operation's computation. No computation occurs until the operation starts (either by calling start() or by adding it to a queue). Requesting cancellation of the promise should call cancel() on the operation, and calling cancel() on the operation should request cancellation of the promise.

closed time in 2 months

lilyball

push eventlilyball/Tomorrowland

Lily Ballard

commit sha 5c859e91ba114620be1c7f06e667a8ba7b4f37f5

Add PromiseOperation class This is an `Operation` subclass that wraps a `Promise`, including deferred execution of the handler that resolves the promise. Fixes #58.

view details

push time in 2 months

issue openedlilyball/Tomorrowland

Add Promise-creation methods with __has_feature(objc_arc_fields)

We have a few methods on TWLPromise that we expose for Obj-C++ that return std::pair or std::tuple. Starting in Xcode 10 we can expose similar methods to Obj-C because C structs are allowed to have ARC object pointers in fields. We can test for this with __has_feature(objc_arc_fields).

The new methods we add should be omitted in C++ because the existing std::pair and std::tuple methods are better there.

created time in 2 months

push eventlilyball/Tomorrowland

Lily Ballard

commit sha fdc3bc93a29defb8bd2546af8cc150e373942b3b

Add PromiseOperation class This is an `Operation` subclass that wraps a `Promise`, including deferred execution of the handler that resolves the promise. This is just the Swift support. The Obj-C support will come in a separate commit. Fixes #58.

view details

push time in 2 months

push eventlilyball/Tomorrowland

Lily Ballard

commit sha 8666ffaa44c6d2da13956e0f29399f5bae5566da

Add PromiseOperation class This is an `Operation` subclass that wraps a `Promise`, including deferred execution of the handler that resolves the promise. This is just the Swift support. The Obj-C support will come in a separate commit. Fixes #58.

view details

push time in 2 months

more