Upstream tracking by grahamc · Pull Request #165 · DeterminateSystems/nix-src

grahamc · 2025-07-31T17:14:46Z

Motivation

Not intended to be merged directly. This PR is a convenience to show the diff between upstream Nix and Determinate Nix (the main branch).

Continuation of #4.

The original set only covered 5 error codes. The AWS C++ SDK treats additional error codes as retryable, including throttling variants (Throttling, ThrottledException, RequestThrottled), internal error aliases (InternalFailure, InternalServerError), and clock-related errors (RequestExpired, RequestTimeTooSkewed). Also use constexpr std::array<std::string_view> instead of std::set<std::string> to avoid heap allocation. Reference: https://github.com/aws/aws-sdk-cpp/blob/3d8614fbd6d2/src/aws-cpp-sdk-core/source/client/CoreErrors.cpp#L27-L55

ML-DSA-65 is a post-quantum cryptography signaturew scheme/ To use, just call `nix key generate-secret` with `--key-type ml-dsa-65`, otherwise it works the same as ed25519 (libsodium) signatures except that it produces much bigger keys/signatures

Fixes #447.

Remove non-atomically initialised variable vImportedDrvToDerivation

Re-enable TCP keep-alive and handle S3's XML errors

Make static packages use libcxx on Darwin

This uses test vectors from the NIST ACVP ML-DSA-sigGen test set. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

Add support for signing store paths using CNSA algorithms

grahamc requested a review from edolstra as a code owner July 31, 2025 17:14

github-actions Bot temporarily deployed to production July 31, 2025 17:14 Inactive

DeterminateSystems locked as off-topic and limited conversation to collaborators Jul 31, 2025

github-actions Bot temporarily deployed to pull request July 31, 2025 18:20 Inactive

github-actions Bot temporarily deployed to production July 31, 2025 18:21 Inactive

cole-h marked this pull request as draft August 1, 2025 14:26

github-actions Bot temporarily deployed to pull request August 4, 2025 22:15 Inactive

github-actions Bot temporarily deployed to commit August 4, 2025 22:15 Inactive

github-actions Bot temporarily deployed to production August 4, 2025 22:15 Inactive

detsys-spaghetti Bot temporarily deployed to production August 4, 2025 22:22 Inactive

github-actions Bot temporarily deployed to production August 5, 2025 14:25 Inactive

github-actions Bot temporarily deployed to pull request August 5, 2025 14:25 Inactive

grahamc added the exclude-from-pr-dashboard label Aug 5, 2025

github-actions Bot temporarily deployed to pull request August 7, 2025 15:58 Inactive

github-actions Bot temporarily deployed to production August 7, 2025 15:58 Inactive

github-actions Bot temporarily deployed to pull request August 7, 2025 23:01 Inactive

github-actions Bot temporarily deployed to production August 7, 2025 23:02 Inactive

github-actions Bot temporarily deployed to pull request August 10, 2025 16:36 Inactive

github-actions Bot temporarily deployed to production August 10, 2025 16:36 Inactive

github-actions Bot temporarily deployed to pull request August 10, 2025 20:06 Inactive

github-actions Bot temporarily deployed to production August 10, 2025 20:06 Inactive

github-actions Bot temporarily deployed to production August 19, 2025 15:04 Inactive

github-actions Bot temporarily deployed to pull request August 19, 2025 15:04 Inactive

github-actions Bot temporarily deployed to production August 20, 2025 10:41 Inactive

github-actions Bot temporarily deployed to pull request August 20, 2025 10:41 Inactive

github-actions Bot temporarily deployed to commit August 20, 2025 10:41 Inactive

detsys-spaghetti Bot temporarily deployed to production August 20, 2025 10:46 Inactive

github-actions Bot temporarily deployed to pull request August 25, 2025 16:07 Inactive

github-actions Bot temporarily deployed to production August 25, 2025 16:07 Inactive

github-actions Bot temporarily deployed to production August 25, 2025 16:14 Inactive

Mic92 and others added 30 commits May 18, 2026 20:58

Run ML-DSA-65 in deterministic mode

7d7192c

Fix warning

03dd606

Support ML-DSA-44 and ML-DSA-87

ee0b318

Get rid of hacky key type detection

65d2055

Add commands for converting keys to PEM

99f570e

Fix build

6cb0523

Make SecretKey virtual

fa3c26f

Make PublicKey virtual

38ec1c1

Keep parsed OpenSSL keys in memory

05707d4

Clean up generate()

8a2c08f

Add FIXME

302c1f4

Improve help text

f04e984

Add ml-dsa experimental feature

4113fa7

Add support for ecdsa-p384

9eced63

Add Ed25519 unit tests

3c8ba21

Test key generation/signing for all key types

42a800c

Test some more

e3d3dc0

Add ecdsa-p384 test vectors

5e70ead

Remove non-atomically initialised variable vImportedDrvToDerivation

b3a8c90

Fixes #447.

Merge pull request #464 from DeterminateSystems/eelcodolstra/nix-404

2d89bda

Remove non-atomically initialised variable vImportedDrvToDerivation

Make static packages use libcxx on Darwin

134a332

Merge pull request #463 from DeterminateSystems/eelcodolstra/nix-403

8670c07

Re-enable TCP keep-alive and handle S3's XML errors

Merge pull request #452 from DeterminateSystems/fix/missing-attributes

eecb07a

Make static packages use libcxx on Darwin

Add test vectors for ML-DSA-*

cb42c40

This uses test vectors from the NIST ACVP ML-DSA-sigGen test set. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

Update cnsa feature description

4487189

Only show the name part of keys

c8a2a35

Fix URL

99587ed

Merge pull request #449 from DeterminateSystems/eelcodolstra/nix-373

6b78b5d

Add support for signing store paths using CNSA algorithms

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Upstream tracking#165

Upstream tracking#165
grahamc wants to merge 2849 commits into
2.34-maintenancefrom
main

grahamc commented Jul 31, 2025

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

11 participants

Conversation

grahamc commented Jul 31, 2025

Motivation

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

11 participants