Commit graph

534 commits

Author SHA1 Message Date
Cole Helbling be67a8a4e2 [DetSys#1143] repair: add sequoia subcommand to migrate build users to the new 351+ UID range
* repair: use target_lexicon::OperatingSystem over target_os cfg

* repair: make repair actions a collection

* Make some things pub for ease of reuse

* fixup: make write_receipt() take a reference instead of ownership

* fixup: make write_receipt() atomic and member of InstallPlan

* CreateUser: enable skipping the completion check

This is useful for when you don't care if it's been completed or not and
want to rerun the commands. Especially useful on macOS, where `dscl .
-create` is idempotent.

* repair: add `sequoia` subcommand that can migrate build users to the new 351+ UID range

* fixup: should not be able to specify uid base

* fixup: nicer wording for human consumption

* fixup: don't worry about incompatible receipts

* fixup: prompt before some repair commands

* fixup: set user_base outside of branch

* fixup: store a timestamped, pre-repair copy of the receipt

* fixup: note whether or not the receipt will be updated

* fixup: note that uninstallation will work even if the receipt could not be updated

(cherry picked from commit ded6eb7352eaf1bf9dcd07719a13c5b3f083a739)
Upstream-PR: https://github.com/DeterminateSystems/nix-installer/pull/1143
Change-Id: I9084dcf5a53b1453436db6fedbe5e785a8b5e3ae
2024-09-13 23:17:59 +00:00
Cole Helbling 7c00e44b14 [DetSys#1123] Synchronize macOS UIDs and GIDs with upstream scripts to prepare for Sequoia
This removes the conditionality of the higher UID range and instead
makes all future installs on macOS use 351+.

(cherry picked from commit d8f9ed9dd92b1cb3ed9a73b3461065834c40b170)
Upstream-PR: https://github.com/DeterminateSystems/nix-installer/pull/1123
Fixes: #18
Fixes: #24
Change-Id: Ieb988f81d0acfa00cbbfe40c4305e8e82387f116
2024-09-13 16:10:15 -07:00
jade 962d7bf745 version: update to 2.91.0
Change-Id: I5bd9d77a146cc2126d3b7d88af0c549b4997bb44
2024-08-17 13:43:06 -07:00
jade ae03473d8a Fix: make Lix actually update the lock file correctly
Workaround for: lix-project/lix#465

Change-Id: If275926403f902fd784ffb122726a21c88f13136
2024-08-17 13:43:06 -07:00
Artemis Tosini 9c97d3964b Merge "nix/tests/vm-test: Use currently supported distros" into main 2024-08-01 07:31:58 +00:00
Artemis Tosini 5ad658776d
nix/tests/vm-test: Use currently supported distros
Ubuntu 16.04, Fedora 36-37, and RHEL 7 are all out of support.
Replace them with more recent VM images from vagrant, when available

Change-Id: I7760d1784d6b70757e5795499caaa6fe2c9dae83
2024-07-19 19:54:31 +00:00
Artemis Tosini 9ff24626b8
set_version.py: Update flake.lock
Updating the lix version changes flake.nix inputs,
but did not change flake.lock.
Running `nix flake lock` is sufficient.

Change-Id: Ib1f482a0deb5c95ff2c9fc4d715bbc0733a5630b
2024-07-19 19:34:45 +00:00
jade 9b02b774bb Update version to 2.90.0
Change-Id: I7019ce4188061e9481add774938f5b20c785a416
2024-07-10 19:10:49 +02:00
jade 8d04ca8d3d Fix the contributing documentation for Lix, some
Some. There's still a bunch of stuff that's busted and we need to fix it
up.

Change-Id: Id9fe1fc054616df34045340ec3b02dda723f1d9c
2024-06-15 20:07:34 -07:00
jade 0256e915e7 Fix various bugs in the tests such that Lix works now
- We were looking for a top-level tarball path that looked like nix-*.
  This was invalid, since our tarballs have lix-*.
- We were looking for a store path that looked like nix-*.*.*. This was
  invalid, since ours is lix-*.*.*.

  This change accepts both.
- We also added a symlink for nix-installer and nix-installer.sh, which
  deals with the test suite being pretty tightly coupled to that path.
- We fixed a bug exposed in the tests where --no-substitute is not
  passed while self-testing builds. This seems to have been relying on
  offline detection and while it eventually passed, it was busted and
  took ages.

Change-Id: I2f497bd647ecf1db5963a4bb245279db582d2af3
2024-06-15 20:03:03 -07:00
jade 4a4f16676d Update version to 2.90.0-rc1
Change-Id: I05f3efd6663bec418ce93fb2dca53977d3523f7d
2024-06-14 21:12:44 -07:00
Artemis Tosini f1a45806c7
flake: test using lix
Previously we used a nix install tarball built from nix 2.20.5,
download with flakehub.

That does not make sense for a lix installer, use Lix 2.90 beta 1
instead.

Also use this opportunity to remove the unused flake-compat input.

Change-Id: I622bb9fedb45f3a03c1e5f43757afbd0222c6b90
2024-06-02 01:41:14 +00:00
Artemis Tosini 9705a12ec0
tests: Fix container and VM tests
The `nix-installer-static` package is now named `lix-installer-static`.
However, the uninstall binary is still called `nix-installer`

Change-Id: I60fd2ab84867beaa8cf527e88c953298ec703881
2024-06-02 00:51:12 +00:00
Artemis Tosini 85bbfe3d7c
lix-installer.sh: rename
The flake build relies on the name lix-installer.sh.
Rename nix-installer.sh to lix-installer.sh and, AFAICT,
all references

Change-Id: I4f2594e9a38d5489de6be092ce97dcb247627aca
2024-06-02 00:51:02 +00:00
Artemis Tosini f6ee8eeda8
treewide: s/nix_installer/lix_installer/ where needed
Not all references to the crate name were caught when it was changed.
Some tests rely on importing from `lix_installer` and filter directives
for the logs vary based on crate name.

Change-Id: I29acde8b96c823332a740dc69ef1847fdd89d967
2024-06-02 00:50:53 +00:00
Artemis Tosini cc9f65a03a
tests: fix json syntax error
When detsys-specific items were removed, some lines of JSON were
removed. This caused syntax errors due to the trailing commas.

Also use this opportunity to add `enable_flakes`, which is required
in new lix-installer plan files

Change-Id: I7874b3b19cb2e15f82b0733894c52b3a23c0cbe5
2024-06-02 00:50:39 +00:00
Kate Temkin 693592ed10 releases: bump to beta1 2024-05-05 18:14:26 -06:00
Kate Temkin 06dfab632a release: tag for beta0 2024-05-05 17:10:25 -06:00
Qyriad 1352eddc39 Merge pull request 'Make flakes optional.' (#9) from optional_flakes into main
Reviewed-on: #9
Reviewed-by: Qyriad <qyriad+lix@fastmail.com>
2024-05-05 22:50:15 +00:00
Kate Temkin 7c36a83a86 config: prompt user for flakes 2024-05-05 16:48:16 -06:00
Kate Temkin 83960c7814 fix: provide a convenient message if TERM isn't set 2024-05-05 16:46:41 -06:00
Kate Temkin 9038c2e7b8 cargo: bump the version of nix-rust to avoid issues 2024-05-05 16:45:09 -06:00
Qyriad dbf87d7f96 Merge pull request 'experimental release: add a release so we can try out the installer' (#6) from preview_release into main
Reviewed-on: #6
2024-04-12 13:57:44 +00:00
Kate Temkin 4ee3774d11 experimental release: add a release so we can try out the installer 2024-04-12 07:52:58 -06:00
Qyriad 9ab13259f0 Merge pull request 'tools: add scripts to build all and upload all' (#5) from add_tools into main
Reviewed-on: #5
2024-04-12 12:34:32 +00:00
Kate Temkin 5d8b5248d8 tools: add scripts to build all and upload all 2024-04-12 06:33:04 -06:00
ktemkin 220e252230 upload a baseline that's been de-detsys'd 2024-04-02 15:40:06 -06:00
Eelco Dolstra 41dc9fecde
Mark release (#885) 2024-03-07 20:47:08 +01:00
Eelco Dolstra 79e3aa2beb
Upgrade to Nix 2.20.5 (CVE-2024-27297) (#882) 2024-03-07 19:51:15 +01:00
Graham Christensen 06eaf882e6
Correct privacy policy link (#863) 2024-02-25 16:45:14 -05:00
Cole Helbling 9c109b71d1
Bump version to 0.17.1-unreleased (#861) 2024-02-23 14:12:58 -08:00
Cole Helbling e6117e8741
Release v0.17.0 (#859) 2024-02-23 12:26:10 -08:00
Cole Helbling bb665028de
Update dependencies (#858)
* flake.lock: Update, exclude Nixpkgs

Updating Nixpkgs seems to break the Nix build somehow (even though we
don't use the Nix input except for its `binaryTarball` job...).

Flake lock file updates:

• Updated input 'fenix':
    'https://api.flakehub.com/f/pinned/nix-community/fenix/0.1.1727%2Brev-66fc1883c34c42df188b83272445aedb26bb64b5/018cc416-f0ae-724d-989f-aa4ded05d885/source.tar.gz?narHash=sha256-Vti1mv4WhmXHPNcFgUiJyt4OKLvsvLzM2eKS4bEegf0%3D' (2024-01-01)
  → 'https://api.flakehub.com/f/pinned/nix-community/fenix/0.1.1762%2Brev-668102037129923cd0fc239d864fce71eabdc6a3/018d63bb-6455-7a2f-98c6-74a36b8216a4/source.tar.gz?narHash=sha256-4o6TMpzBHO659EiJTzd/EGQGUDdbgwKwhqf3u6b23U8%3D' (2024-02-01)
• Updated input 'fenix/rust-analyzer-src':
    'github:rust-lang/rust-analyzer/cf52c4b2b3367ae7355ef23393e2eae1d37de723' (2023-12-31)
  → 'github:rust-lang/rust-analyzer/42cb1a2bd79af321b0cc503d2960b73f34e2f92b' (2024-01-31)
• Updated input 'nix/libgit2':
    'github:libgit2/libgit2/8fd4f83e8acf5ee813191f08c3433e77200ea38b' (2024-02-22)
  → 'github:libgit2/libgit2/45fd9ed7ae1a9b74b957ef4f337bc3c8b3df01b5' (2023-10-18)

* Cargo.lock: update

* fixup: indexmap deprecation warnings

* Cargo.toml: bump strum to 0.26.1, which to 6.0.0

* CONTRIBUTING: update with more specific commands
2024-02-23 09:27:43 -08:00
Ana Hobden 40740423ca
Don't check /run for systemd if we're not starting the daemon (#853)
* Don't check /run for systemd if we're not starting the daemon

* Add a note about start_daemon and checking /run/systemd/system
2024-02-23 08:41:41 -08:00
Cole Helbling 09ddc9be6b
Nix 2.20.3 (#856) 2024-02-23 07:49:07 -08:00
Cole Helbling f2cf30ecd6
README updates from amazing contributors (#854)
* Document nix version pinning more explicitly

https://github.com/DeterminateSystems/nix-installer/issues/387#issuecomment-1581743074

Co-authored-by: Ana Hobden <operator@hoverbear.org>

* Fixed a single typo in README.md

* Link to nixos.org to explain Nix

* README: Delete now-incorrect link listing installed `nix` versions

---------

Co-authored-by: Peter Kolloch <peter.kolloch@nexxiot.com>
Co-authored-by: Ana Hobden <operator@hoverbear.org>
Co-authored-by: Mikko Lukas Räsänen <1522239+mikkolukas@users.noreply.github.com>
Co-authored-by: Mauricio Scheffer <mauricioscheffer@gmail.com>
Co-authored-by: Ilya Grigoriev <ilyagr@users.noreply.github.com>
2024-02-22 17:28:07 +00:00
Ana Hobden 58303b5598
Document how to get started on GitLab (#841) 2024-02-09 13:54:51 -08:00
Cole Helbling 15802f0730
Cargo.lock: update h2 (#830) 2024-01-31 16:32:12 +00:00
Ana Hobden d6c5e1f114
0.16.2-unreleased (#827) 2024-01-26 12:31:41 -08:00
Ana Hobden 7119f93bd0
Release v0.16.1 (#826) 2024-01-26 08:44:39 -08:00
Ana Hobden 769d5c72fa
Bump to Nix 2.19.3 (#820) 2024-01-25 09:37:18 -08:00
Cole Helbling 62afef6e3c
fixup uninstall tag links (#812)
We tag with a leading `v`, but the messages did not have this.
2024-01-10 20:55:56 +00:00
Ana Hobden dc241f2853
Add readme entry for PR 772 (#809) 2024-01-08 18:50:10 +00:00
Ana Hobden 2477de21eb
Bump to 0.16.1-unreleased (#808) 2024-01-08 18:43:45 +00:00
Ana Hobden fb4401df00
Release v0.16.0 (#804) 2024-01-08 08:41:39 -08:00
Ana Hobden 83a0da10c4
Fix adduser so it doesn't create the home (#801) 2024-01-05 11:45:06 -08:00
Ana Hobden e48a8962b5
Bump dependencies (#800) 2024-01-04 11:17:58 -08:00
Ana Hobden 7011c077ec
fix create build users action description (#788)
Co-authored-by: Michael Gallagher <mjgallag@gmail.com>
2024-01-03 20:01:11 +00:00
Ana Hobden e815280881
Fix arm64 darwin install (#789)
* fix: workaround for lies from uname -m

On an arm64 mac, `uname -m` returns x86_64 which causes install script to install with the wrong architecture

* refactor: use same logic from rustup

* Tweak credit comment

* Prod ci

---------

Co-authored-by: oz <otech47@gmail.com>
2024-01-03 12:00:51 -08:00
Graham Christensen 0b0172547c
Fetch updates from i.d.s by default (#772)
* Fetch updates from i.d.s by default

Our goal is to deliver a solid experience with Nix flakes, including an upgrade path that is safe. Occasionally, the upstream Nix project may introduce regressions for the common flake path. This is not desirable for our users, who depend on a consistent and stable flakes experience.

Additionally, the Nix project isn't directly responsible for delivering updates to users as that role is delegated to the Nixpkgs project.

Overall, this means upgrades are not consistently delivered to users.

This update directs future update requests to install.determinate.systems, which we will upgrade as part of our standard release process.

Our standard release process includes proactive testing: validating our installer and Nix's behavior across a wide variety of platforms and scenarios.

After an update passes our proactive validation, we do a phased rollout of reactive monitoring: the update is released to a small percentage of users on GitHub Actions. We monitor the failure rate of the installer and overall workflows to ensure the updated Nix isn't causing widespread failure we weren't able to identify ahead of time.

Only after a release passes both proactive and reactive validation, our macOS .pkg and nix-upgrade paths are bumped to the most recent release. This gives user the confidence they're looking for that the Nix release they're getting is safe.

* Universal -> universal
2023-12-08 03:45:05 +00:00