qtdeclarative
nixpkgs
Our great sponsors
qtdeclarative | nixpkgs | |
---|---|---|
4 | 974 | |
194 | 15,656 | |
4.6% | 5.3% | |
9.9 | 10.0 | |
3 days ago | 2 days ago | |
C++ | Nix | |
GNU General Public License v3.0 or later | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
qtdeclarative
-
Mtime comparison considered harmful (2018)
Current ideas to work around it require individual solutions per distribution/ISV, as this would mean they'd have to come up with domain specific criteria for cache invalidation (as the store path/derivation hash on NixOS) and to maintain a downstream patch for this solution and furthermore wouldn't work for local build processes (e.g. from within an IDE).
Lesson of the day: never use mtimes, they'll bite you in the ass sooner or later!
[1] https://github.com/NixOS/nixpkgs/issues/177720
[2] https://reproducible-builds.org/docs/timestamps/
[3] https://github.com/qt/qtdeclarative/commit/5106afcd76e377a6b...
[4] https://github.com/NixOS/nixpkgs/issues/177720#issuecomment-...
-
A new wave of Linux applications
I found a qmlcompiler folder at https://github.com/qt/qtdeclarative/tree/dev/src/qmlcompiler, but I don't know if it's the compiler itself or bindings. I can't find qmlsc in GitHub qt or qtproject though.
- Delphi 11 Alexandria Has Been Released
-
Enumerating and analyzing 40 non-V8 JavaScript implementations
Ok sweet I see now. They used JavaScriptCore until 2011 or so, switched to V8 until 2013, and have been using their own implementation, q4, since then. The source code seems to be here: https://github.com/qt/qtdeclarative/tree/dev/src/qml/jsrunti....
Thanks! Will add and be live shortly.
nixpkgs
- Maintainers Leaving
-
Air Force picks Anduril, General Atomics to develop unmanned fighter jets
https://github.com/NixOS/nixpkgs/commits?author=neon-sunset
-
Eelco Dolstra's leadership is corrosive to the Nix project
I see two signers in the top 6 displayed on https://github.com/NixOS/nixpkgs/graphs/contributors
-
3rd Edition of Programming: Principles and Practice Using C++ by Stroustrup
For a single file script, nix can make the package management quite easy: https://github.com/NixOS/nixpkgs/blob/master/doc/languages-f...
For example,
```
- NixOS/nixpkgs: There isn't a clear canonical way to refer to a specific package
-
NixOS Is Not Reproducible
Yes, Nix doesn't actually ensure that the builds are deterministic. In fact it works just fine if they aren't. There are packages in nixpkgs that aren't reproducible: https://github.com/NixOS/nixpkgs/issues?q=is%3Aopen+is%3Aiss...
-
The xz attack shell script
I'm not familiar with Bazel, but Nix in it's current form wouldn't have solved this attack. First of all, the standard mkDerivation function calls the same configure; make; make install process that made this attack possible. Nixpkgs regularly pulls in external resources (fetchUrl and friends) that are equally vulnerable to a poisoned release tarball. Checkout the comment on the current xz entry in nixpkgs https://github.com/NixOS/nixpkgs/blob/master/pkgs/tools/comp...
-
Debian Git Monorepo
NixOS uses a monorepo and I think everyone's love it.
I love being able to easily grep through all the packages source code and there's regularly PRs that harmonizes conventions across many packages.
Nixpkgs doesn't include the packaged software source code, so it's a lot more practical than what Debian is doing.
https://github.com/NixOS/nixpkgs
-
From xz to ibus: more questionable tarballs
In this specific case, nix uses fetchFromGitHub to download the source archive, which are generated by GitHub for the specified revision[1]. Arch seems to just download the tarball from the releases page[2].
[1]: https://github.com/NixOS/nixpkgs/blob/3c2fdd0a4e6396fc310a6e...
[2]: https://gitlab.archlinux.org/archlinux/packaging/packages/ib...
-
GitHub Disabled the Xz Repo
True, but irrelevant -- _some packages_, _somewhere_, do depend on xz, which, if built, requires pulling the source from GitHub (see the default.nix: https://github.com/NixOS/nixpkgs/blob/nixos-23.11/pkgs/tools...)
It's not the vulnerability that's a problem right now (NixOS was protected by a couple of factors) but rather GitHub's hamfisted response.
That is the problem.
What are some alternatives?
Gittyup - Understand your Git history!
asdf - Extendable version manager with support for Ruby, Node.js, Elixir, Erlang & more
test262 - Official ECMAScript Conformance Test Suite
Home Manager using Nix - Manage a user environment using Nix [maintainer=@rycee]
Duilib
git-lfs - Git extension for versioning large files
Qt - Qt Base (Core, Gui, Widgets, Network, ...)
easyeffects - Limiter, compressor, convolver, equalizer and auto volume and many other plugins for PipeWire applications
engine262 - An implementation of ECMA-262 in JavaScript
spack - A flexible package manager that supports multiple versions, configurations, platforms, and compilers.
ChakraCore - ChakraCore is an open source Javascript engine with a C API.
waydroid - Waydroid uses a container-based approach to boot a full Android system on a regular GNU/Linux system like Ubuntu.