This is the multi-page printable view of this section. Click here to print.

Return to the regular view of this page.

Misc

Miscellaneous pages

1 - Bazel

Advantages

  • Hermetic builds
  • Dependency graph
  • Local build and test cache
  • Remote cache
  • Remote execution
  • Unified API for builds, tasks, and tests

Disadvantages

  • Additional layer of abstraction and complexity
  • Weird edge cases and occasional bugs
  • Lack of support, documentation, and information on the internet
  • The majority of advantages are irrelevant for the majority of codebases

.bazelrc has variables

  • %workspace%: Workspace directory

https://bazel.build/run/bazelrc

Local registry module is cached

If you changed a local registry module, but bazel still uses the old version, restart bazel: bazel shutdown

https://github.com/bazelbuild/bazel/issues/20477#issuecomment-1851057077

Output root ownership

Bazel checks ownership of the output root at startup, so it will fail with mkdir('/path/to/dir'): (error: 13): Permission denied if the current user does not own the directory.

Example:

$ bazel --client_debug
...
[FATAL 15:19:33.457 src/main/cpp/blaze_util_posix.cc:499] mkdir('/path/to/dir'): (error: 13): Permission denied

Traceback:

js_binary does not work for some reason

One of possible errors:

FATAL: aspect_rules_js[js_binary]: RUNFILES environment variable is not set

Solutions

Run the binary (that fixes it for some reason)

bazel run //tools:postcss

Run pnpm install (sometimes node_modules directory is not up-to-date)

bazel run -- tools:pnpm --dir "${PWD}" install

2 - Books

Books
Thumbnail Info

3 - Glossary

Subresource Integrity

Subresource Integrity (SRI) is a security feature that enables browsers to verify that resources they fetch (for example, from a CDN) are delivered without unexpected manipulation. It works by allowing you to provide a cryptographic hash that a fetched resource must match.

https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity

4 - Gnome boxes

Gnome boxes is a hypervisor.

Cpu

The default cpu doesn’t have a lot of capabilities, so you might need to patch the config:

  <!-- https://www.qemu.org/docs/master/system/i386/cpu.html -->
  <cpu mode="host-model" />

Network

Default libvirt network interferes with gnome-boxes, you might need to disable it:

sudo systemctl disable --now libvirtd

Disk size

Just increasing the disk size is not enough, you need to increase the logical volume size:

sudo growpart /dev/vda 3
sudo lvextend -l +100%FREE /dev/fedora/root
sudo xfs_growfs /dev/fedora/root

Links:

5 - Hugo

Hugo is a static site builder

Environment variables

Hugo has an allowlist of environment variables, and js_binary rules do not work because they need a BAZEL_BINDIR variable

Fix:

[security.exec]
osEnv = [
    '(?i)^((HTTPS?|NO)_PROXY|PATH(EXT)?|APPDATA|TE?MP|TERM|GO\w+|(XDG_CONFIG_)?HOME|USERPROFILE|SSH_AUTH_SOCK|DISPLAY|LANG|SYSTEMDRIVE|BAZEL.+)$',
]

Configuration reference: https://gohugo.io/configuration/security/

6 - Mullvad

Device limit

Mullvad will invalidate a key If a host connects to many vpns with it at the same time

7 - Ping

sendmsg: operation not permitted

This problem can be caused by vpns with “kill-switch” enabled, so you might need to disable them.

Disable Mullvad VPN:

sudo systemctl disable --now mullvad-daemon

8 - Shell

Deactivate venv in subshell

A subshell doesn’t have the deactivate function, so you have to use a workaround:

. .venv/bin/activate
(
    echo "subshell, still in venv: $(which python)" && \
    . "$(dirname "$(which python)")/activate" && \
    deactivate && \
    echo "subshell, out of venv: $(which python)"
)

A subshell () is different from a subprocess

https://unix.stackexchange.com/a/138498

A subshell starts out as an almost identical copy of the original shell process. Under the hood, the shell calls the fork system call1, which creates a new process whose code and memory are copies2. When the subshell is created, there are very few differences between it and its parent. In particular, they have the same variables. Even the $$ special variable keeps the same value in subshells: it’s the original shell’s process ID. Similarly $PPID is the PID of the parent of the original shell.

A few shells change a few variables in the subshell. Bash ≥4.0 sets BASHPID to the PID of the shell process, which changes in subshells. Bash, zsh and mksh arrange for $RANDOM to yield different values in the parent and in the subshell. But apart from built-in special cases like these, all variables have the same value in the subshell as in the original shell, the same export status, the same read-only status, etc. All function definitions, alias definitions, shell options and other settings are inherited as well.

A subshell created by (…) has the same file descriptors as its creator. Some other means of creating subshells modify some file descriptors before executing user code; for example, the left-hand side of a pipe runs in a subshell3 with standard output connected to the pipe. The subshell also starts out with the same current directory, the same signal mask, etc. One of the few exceptions is that subshells do not inherit custom traps: ignored signals (trap ’’ SIGNAL) remain ignored in the subshell, but other traps (trap CODE SIGNAL) are reset to the default action4.

A subshell is thus different from executing a script. A script is a separate program. This separate program might coincidentally be also a script which is executed by the same interpreter as the parent, but this coincidence doesn’t give the separate program any special visibility on internal data of the parent. Non-exported variables are internal data, so when the interpreter for the child shell script is executed, it doesn’t see these variables. Exported variables, i.e. environment variables, are transmitted to executed programs.

9 - Waydroid

Shared folder and copying files

chmod 777 file
sudo cp file ~/.local/share/waydroid/data/media/0/Download/

Docs: https://docs.waydro.id/faq/setting-up-a-shared-folder