Compare commits

..

13 commits

Author SHA1 Message Date
jade 6390b2de41 fix: make the boehm patch content addressed to avoid rebuilds 2024-03-18 13:16:19 -07:00
jade c6193dbc89 update lix 2024-03-16 16:37:28 -07:00
jade 8b7315c5b9 nix-doc: disable plugin since it is broken by Lix API changes
We don't intend to fix the API changes in nix-doc, because we should be
able to kill nix-doc in like a week?
2024-03-16 16:30:31 -07:00
jade e61b27f3f6 Merge pull request 'Switch to the replicated forgejo, and bump lix to head' (#2) from ktemkin/nixos-module:change_url into main
Reviewed-on: #2
2024-03-09 00:30:16 -07:00
Kate Temkin ff76ec73c9 flake.lock: Update
Flake lock file updates:

• Updated input 'lix':
    'git+ssh://gerrit.lix.systems:2022/lix?ref=refs/heads/main&rev=eac76dbe90ad1ceade863744739246e9b6abaa90' (2024-03-08)
  → 'git+ssh://git@git.lix.systems/lix-project/lix.git?ref=refs/heads/main&rev=896e525681bbf696c330af4e51c5e161d3818350' (2024-03-09)
2024-03-09 00:24:17 -07:00
Kate Temkin c88abb52dc lix: switch to forgejo (replicated) clone addr 2024-03-09 00:23:44 -07:00
raito 89ccd6e015 fix: pin nixos-option to upstream
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-03-09 02:27:21 +01:00
jade 7083c47d04 Merge pull request 'feat: introduce our own flake-compat' (#1) from flake-compat into main
Reviewed-on: #1
2024-03-08 18:11:31 -07:00
raito d2b5d0a958 feat: introduce our own flake-compat
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-03-09 01:48:11 +01:00
Jade Lovelace a312274b08 fake version 2024-03-08 00:10:56 -08:00
Jade Lovelace 5ca6ed5690 fix git-requiring tests 2024-03-08 00:05:25 -08:00
Jade Lovelace c4615ccc7f fix version 2024-03-07 23:49:29 -08:00
Jade Lovelace 9ed607358a update lix 2024-03-07 23:43:21 -08:00
15 changed files with 169 additions and 548 deletions

2
.gitignore vendored
View file

@ -1,2 +0,0 @@
result
result-*

19
LICENSE
View file

@ -1,19 +0,0 @@
MIT License
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is furnished
to do so, subject to the following conditions:
The above copyright notice and this permission notice (including the next
paragraph) shall be included in all copies or substantial portions of the
Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS
OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF
OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

View file

@ -1,79 +0,0 @@
# Lix NixOS module
See the [official installation guide][install-guide] for details on usage of
release versions.
[install-guide]: https://lix.systems/install/
See the [beta guide][beta-guide] for a setup guide on how to use HEAD:
[beta-guide]: https://wiki.lix.systems/link/1
## What does this do?
This is an overlay wrapped in a NixOS module that will replace CppNix with Lix
in nixpkgs. This is useful so that `nixos-rebuild`, `nix-direnv` and similar
will use Lix.
Optionally, it can build Lix from source.
## Versioning with Lix
The version of this overlay should match the major Lix version, *and* if
running HEAD, it should be the latest available version of the overlay.
Changes breaking the overlay are shamelessly done on HEAD, and we expect people
doing such changes to have prepared corresponding fix commits to make to the
overlay immediately after submitting their changes. If your build randomly
broke when updating HEAD, try updating your overlay.
The version of Lix pinned in this flake's `flake.lock` is a version of Lix
that is expected to work, however if running HEAD, it can be assumed to work
with HEAD as well if both `lix-nixos-module` and `lix` are the latest version.
## Common pitfalls
Various flake frameworks such as flake-parts and snowfall (and possibly Colmena
in the future if they do a similar optimization) manage overlays separately
from NixOS, since they provide `pkgs` pre-imported to NixOS. This saves a
couple of seconds of evaluation time and resources, but it means that the NixOS
option `nixpkgs.overlays` **is completely ignored** on these frameworks.
If you are using such a framework, add `overlays.default` to the overlays list
for said framework.
## Flake structure and usage
The flake here has two inputs of note:
- `nixpkgs`, *which is unused for most people*. It is purely used for `checks`
in developing `lix-nixos-module` itself.
The installation instructions make it `follows` to make `flake.lock` less
confusing, but it is nonetheless unused.
- `lix`, which determines the version of Lix to do source builds for, if doing
source builds.
These are the most relevant outputs for most people:
- `nixosModules.lixFromNixpkgs` - uses Lix from nixpkgs and installs the
overlay to use Lix on a NixOS system. This is only useful for a stable
version of Lix, and cannot be used for running HEAD.
- `nixosModules.default` - uses Lix from source and installs the overlay to use
Lix on a NixOS system.
- `overlays.lixFromNixpkgs` - overlay to use Lix from nixpkgs in place of Nix.
- `overlays.default` - overlay to use Lix from source in place of Nix.
## Non-flake usage
Import `module.nix` or `overlay.nix` as desired, with the arguments `lix`
(derivation-like attribute set with the Lix sources, or `null` to use Lix from
nixpkgs) and `versionSuffix` (optional string).
It's desirable to also include a `versionSuffix` like the following while
building HEAD from source, to have `nix --version` include date and commit
information. To get such metadata, it depends on which pinning system is in
use, but `builtins.fetchGit` will provide the necessary metadata for the
following to work:
```
versionSuffix = "pre${builtins.substring 0 8 lix.lastModifiedDate}-${lix.shortRev or lix.dirtyShortRev}";
```

10
default.nix Normal file
View file

@ -0,0 +1,10 @@
(import
(
let lock = builtins.fromJSON (builtins.readFile ./flake.lock); in
fetchTarball {
url = lock.nodes.flake-compat.locked.url or "https://git.lix.systems/lix-project/flake-compat/archive/${lock.nodes.flake-compat.locked.rev}.tar.gz";
sha256 = lock.nodes.flake-compat.locked.narHash;
}
)
{ src = ./.; }
).defaultNix

View file

@ -1,15 +1,30 @@
{ {
"nodes": { "nodes": {
"flake-compat": {
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"ref": "refs/heads/master",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"revCount": 57,
"type": "git",
"url": "ssh://git@git.lix.systems/lix-project/flake-compat"
},
"original": {
"type": "git",
"url": "ssh://git@git.lix.systems/lix-project/flake-compat"
}
},
"flake-utils": { "flake-utils": {
"inputs": { "inputs": {
"systems": "systems" "systems": "systems"
}, },
"locked": { "locked": {
"lastModified": 1731533236, "lastModified": 1709126324,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", "narHash": "sha256-q6EQdSeUZOG26WelxqkmR7kArjgWCdw5sfJVHPH/7j8=",
"owner": "numtide", "owner": "numtide",
"repo": "flake-utils", "repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", "rev": "d465f4819400de7c8d874d50b982301f28a84605",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -18,42 +33,29 @@
"type": "github" "type": "github"
} }
}, },
"flakey-profile": {
"locked": {
"lastModified": 1712898590,
"narHash": "sha256-FhGIEU93VHAChKEXx905TSiPZKga69bWl1VB37FK//I=",
"owner": "lf-",
"repo": "flakey-profile",
"rev": "243c903fd8eadc0f63d205665a92d4df91d42d9d",
"type": "github"
},
"original": {
"owner": "lf-",
"repo": "flakey-profile",
"type": "github"
}
},
"lix": { "lix": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1731683711, "lastModified": 1710623569,
"narHash": "sha256-bq21I1EjXJa/s5Rra9J9ot2NkPCnI0F5uNPurwYLdpE=", "narHash": "sha256-AUvlDCtq8ITFVHhy2SOboKSDC829LPciA/AAFD6zIyo=",
"rev": "c859d03013712b349d82ee6223948d6d03e63a8d", "ref": "refs/heads/main",
"type": "tarball", "rev": "11f35afa6f7933d1640e55473a8c7a153bf89b14",
"url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/c859d03013712b349d82ee6223948d6d03e63a8d.tar.gz?rev=c859d03013712b349d82ee6223948d6d03e63a8d" "revCount": 15181,
"type": "git",
"url": "ssh://git@git.lix.systems/lix-project/lix.git"
}, },
"original": { "original": {
"type": "tarball", "type": "git",
"url": "https://git.lix.systems/lix-project/lix/archive/main.tar.gz" "url": "ssh://git@git.lix.systems/lix-project/lix.git"
} }
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1731676054, "lastModified": 1709703039,
"narHash": "sha256-OZiZ3m8SCMfh3B6bfGC/Bm4x3qc1m2SVEAlkV6iY7Yg=", "narHash": "sha256-6hqgQ8OK6gsMu1VtcGKBxKQInRLHtzulDo9Z5jxHEFY=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "5e4fbfb6b3de1aa2872b76d49fafc942626e2add", "rev": "9df3e30ce24fd28c7b3e2de0d986769db5d6225d",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -65,8 +67,8 @@
}, },
"root": { "root": {
"inputs": { "inputs": {
"flake-compat": "flake-compat",
"flake-utils": "flake-utils", "flake-utils": "flake-utils",
"flakey-profile": "flakey-profile",
"lix": "lix", "lix": "lix",
"nixpkgs": "nixpkgs" "nixpkgs": "nixpkgs"
} }

View file

@ -1,66 +1,25 @@
{ {
inputs.nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; inputs.nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
inputs.lix = { inputs.lix = {
url = "https://git.lix.systems/lix-project/lix/archive/main.tar.gz"; url = "git+ssh://git@git.lix.systems/lix-project/lix.git";
flake = false; flake = false;
}; };
inputs.flake-utils.url = "github:numtide/flake-utils"; inputs.flake-utils.url = "github:numtide/flake-utils";
inputs.flakey-profile.url = "github:lf-/flakey-profile"; inputs.flake-compat.url = "git+ssh://git@git.lix.systems/lix-project/flake-compat";
outputs = inputs@{ self, nixpkgs, lix, flake-utils, flakey-profile, ... }: outputs = { self, nixpkgs, lix, flake-utils, ... }: {
nixosModules.default = import ./module.nix { inherit lix; };
overlays.default = import ./overlay.nix { inherit lix; };
} // flake-utils.lib.eachDefaultSystem (system:
let let
lixVersionJson = builtins.fromJSON (builtins.readFile (lix + "/version.json")); pkgs = import nixpkgs {
versionSuffix = nixpkgs.lib.optionalString (!lixVersionJson.official_release) inherit system;
"-pre${builtins.substring 0 8 lix.lastModifiedDate}-${lix.shortRev or lix.dirtyShortRev}"; overlays = [ self.overlays.default ];
};
in in
{ {
inherit inputs; inherit pkgs;
nixosModules = { packages.default = pkgs.nixVersions.nix_2_18;
# Use a locally built Lix packages.nix-doc = pkgs.nix-doc;
default = import ./module.nix { inherit lix versionSuffix; }; });
# Use Lix from nixpkgs
lixFromNixpkgs = import ./module.nix { lix = null; };
};
overlays = {
# Use a locally built Lix
default = import ./overlay.nix { inherit lix versionSuffix; };
# Use Lix from nixpkgs
lixFromNixpkgs = import ./overlay.nix { lix = null; };
};
} // flake-utils.lib.eachDefaultSystem (system:
let
pkgs = import nixpkgs {
inherit system;
overlays = [ self.overlays.default ];
};
linux64BitSystems = [
"x86_64-linux"
"aarch64-linux"
];
inherit (pkgs) lib;
in
{
inherit pkgs;
packages = {
default = pkgs.nix;
inherit (pkgs) nix-doc nix-eval-jobs;
};
packages.system-profile = import ./system-profile.nix { inherit pkgs flakey-profile; };
nixosTests = pkgs.recurseIntoAttrs (pkgs.callPackage ./test-nixos.nix { inherit pkgs; lix-module = self.nixosModules.default; });
checks = {
inherit (self.packages.${system}) default nix-eval-jobs;
inherit (pkgs) nixos-option nix-doc nixd nixt;
} // lib.optionalAttrs (lib.elem system linux64BitSystems) {
# wrongMajor intentionally not included here since it is expected to fail
inherit (self.nixosTests.${system}) it-builds;
};
});
} }

View file

@ -1,5 +1,5 @@
{ lix, versionSuffix ? "" }: { lix }:
{ pkgs, config, ... }: { pkgs, config, ... }:
{ {
nixpkgs.overlays = [ (import ./overlay.nix { inherit lix versionSuffix; }) ]; nixpkgs.overlays = [ (import ./overlay.nix { inherit lix; }) ];
} }

64
nix-doc/package.nix Normal file
View file

@ -0,0 +1,64 @@
# Temporary replacement of the nix-doc package with
# https://github.com/NixOS/nixpkgs/pull/296523 so that we can have working Lix
# with nix-doc on 23.11 and 24.05-pre
#
# Can be removed when that commit is in 23.11 and 24.05-pre, or 24.05 is
# released with the commit.
{ lib
, stdenv
, rustPlatform
, fetchFromGitHub
, boost
, nix
, pkg-config
# Whether to build the nix-doc plugin for Nix
, withPlugin ? true
}:
let
packageFlags = [ "-p" "nix-doc" ] ++ lib.optionals withPlugin [ "-p" "nix-doc-plugin" ];
in
rustPlatform.buildRustPackage rec {
pname = "nix-doc";
version = "0.6.5";
src = fetchFromGitHub {
rev = "v${version}";
owner = "lf-";
repo = "nix-doc";
sha256 = "sha256-9cuNzq+CBA2jz0LkZb7lh/WISIlKklfovGBAbSo1Mgk=";
};
doCheck = true;
buildInputs = lib.optionals withPlugin [ boost nix ];
nativeBuildInputs = lib.optionals withPlugin [ pkg-config nix ];
cargoBuildFlags = packageFlags;
cargoTestFlags = packageFlags;
# Packaging support for making the nix-doc plugin load cleanly as a no-op on
# the wrong Nix version (disabling bindnow permits loading libraries
# requiring unavailable symbols if they are unreached)
hardeningDisable = lib.optionals withPlugin [ "bindnow" ];
# Due to a Rust bug, setting -Z relro-level to anything including "off" on
# macOS will cause link errors
env = lib.optionalAttrs (withPlugin && stdenv.isLinux) {
# nix-doc does not use nightly features, however, there is no other way to
# set relro-level
RUSTC_BOOTSTRAP = 1;
RUSTFLAGS = "-Z relro-level=partial";
};
cargoSha256 = "sha256-CHagzXTG9AfrFd3WmHanQ+YddMgmVxSuB8vK98A1Mlw=";
meta = with lib; {
description = "An interactive Nix documentation tool";
longDescription = "An interactive Nix documentation tool providing a CLI for function search, a Nix plugin for docs in the REPL, and a ctags implementation for Nix script";
homepage = "https://github.com/lf-/nix-doc";
license = licenses.lgpl3Plus;
maintainers = [ maintainers.lf- ];
platforms = platforms.unix;
mainProgram = "nix-doc";
};
}

View file

@ -1,129 +1,52 @@
{ lix, versionSuffix ? "" }: { lix }:
final: prev: final: prev:
let let
lixPackageFromSource = final.callPackage (lix + "/package.nix") ({ boehmgc-patched = ((final.boehmgc.override {
inherit versionSuffix; enableLargeConfig = true;
stdenv = final.clangStdenv; }).overrideAttrs (o: {
}); patches = (o.patches or [ ]) ++ [
# for clown reasons this version is newer than the one in lix, we should
# fix this and update our nixpkgs pin
(prev.path + "/pkgs/tools/package-management/nix/patches/boehmgc-coroutine-sp-fallback.patch")
# These packages should receive CppNix since they may link to it or otherwise # https://github.com/ivmai/bdwgc/pull/586
# cause problems (or even just silly mass-rebuilds) if we give them Lix (builtins.path { path = lix + "/boehmgc-traceable_allocator-public.diff"; name = "boehmgc-traceable_allocator-public.patch"; })
overridelist_upstream = [ ];
"attic-client" })
"devenv" );
"nix-du"
"nix-init"
"nix-prefetch-git"
"nixd"
"nixos-option"
"nixt"
"nurl"
"prefetch-yarn-deps" # force these onto upstream so we are not regularly rebuilding electron
];
inherit (prev) lib;
csi = builtins.fromJSON ''"\u001b"'';
orange = "${csi}[35;1m";
normal = "${csi}[0m";
warning = ''
${orange}warning${normal}: You have the lix overlay included into a nixpkgs import twice,
perhaps due to the NixOS module being included twice, or because of using
pkgs.nixos and also including it in imports, or perhaps some unknown
machinations of a complicated flake library.
This is completely harmless since we have no-op'd the second one if you are
seeing this message, but it would be a small style improvement to fix
it :)
P.S. If you had some hack to fix nixos-option build failures in your
configuration, that was caused by including an older version of the lix
overlay twice, which is now mitigated if you see this message, so you can
delete that.
P.P.S. This Lix has super catgirl powers.
'';
wrongMajorWarning = ''
${orange}warning${normal}: This Lix NixOS module is being built against a Lix with a
major version (got ${lixPackageToUse.version}) other than the one the
module was designed for (expecting ${supportedLixMajor}). Some downstream
packages like nix-eval-jobs may be broken by this. Consider using a
matching version of the Lix NixOS module to the version of Lix you are
using.
'';
maybeWarnDuplicate = x: if final.lix-overlay-present > 1 then builtins.trace warning x else x;
versionJson = builtins.fromJSON (builtins.readFile ./version.json);
supportedLixMajor = lib.versions.majorMinor versionJson.version;
lixPackageToUse = if lix != null then lixPackageFromSource else prev.lix;
# Especially if using Lix from nixpkgs, it is plausible that the overlay
# could be used against the wrong Lix major version and cause confusing build
# errors. This is a simple safeguard to put in at least something that might be seen.
maybeWarnWrongMajor = x: if !(lib.hasPrefix supportedLixMajor lixPackageToUse.version) then builtins.trace wrongMajorWarning x else x;
# It is not enough to *just* throw whatever the default nix version is at
# anything in the "don't give lix" list, we have to *also* ensure that we
# give whatever upstream version as specified in the callPackage invocation.
#
# Unfortunately I don't think there is any actual way to directly query that,
# so we instead do something extremely evil and guess which version it
# probably was. This code is not generalizable to arbitrary derivations, so
# it will hopefully not make us cry, at least.
useCppNixOverlay =
lib.genAttrs overridelist_upstream (
name:
if (lib.functionArgs prev.${name}.override ? "nix") then
let
# Get the two common inputs of a derivation/package.
inputs = prev.${name}.buildInputs ++ prev.${name}.nativeBuildInputs;
nixDependency = lib.findFirst
(drv: (drv.pname or "") == "nix")
final.nixVersions.stable_upstream # default to stable nix if nix is not an input
inputs;
nixMajor = lib.versions.major (nixDependency.version or "");
nixMinor = lib.versions.minor (nixDependency.version or "");
nixAttr = "nix_${nixMajor}_${nixMinor}";
finalNix = final.nixVersions.${nixAttr};
in
prev.${name}.override {
nix = finalNix;
}
else prev.${name}
);
overlay = useCppNixOverlay // {
lix-overlay-present = 1;
# used for things that one wouldn't necessarily want to update, but we
# nevertheless shove it in the overlay and fixed-point it in case one *does*
# want to do that.
lix-sources = import ./pins.nix;
lix = maybeWarnWrongMajor (maybeWarnDuplicate lixPackageToUse);
nixVersions = prev.nixVersions // {
stable = final.lix;
stable_upstream = prev.nixVersions.stable;
};
nix-eval-jobs = (prev.nix-eval-jobs.override {
# lix
nix = final.lix;
}).overrideAttrs (old:
let src = final.lix-sources.nix-eval-jobs;
in {
version = "2.92.0-lix-${builtins.substring 0 7 src.rev}";
# FIXME: should this be patches instead?
inherit src;
mesonBuildType = "debugoptimized";
ninjaFlags = old.ninjaFlags or [ ] ++ [ "-v" ];
}
);
nix-doc = prev.nix-doc.override { withPlugin = false; };
};
in in
# Make the overlay idempotent, since flakes passing nixos modules around by {
# value and many other things make it way too easy to include the overlay nixVersions = prev.nixVersions // rec {
# twice # FIXME: do something less scuffed
if (prev ? lix-overlay-present) then { lix-overlay-present = 2; } else overlay nix_2_18 = (prev.nixVersions.nix_2_18.override { boehmgc = boehmgc-patched; }).overrideAttrs (old: {
src = lix;
# FIXME: fake version so that nixpkgs will not try to use nix config >_>
version = "2.18.3-lix";
VERSION_SUFFIX = "-lix";
patches = [ ];
# FIXME: we don't know why this was not being picked up properly when
# included in nativeCheckInputs.
nativeBuildInputs = old.nativeBuildInputs or [ ] ++ [ final.git ];
});
stable = nix_2_18;
nix_2_18_upstream = prev.nixVersions.nix_2_18;
};
# force these onto upstream so we are not regularly rebuilding electron
prefetch-yarn-deps = prev.prefetch-yarn-deps.override {
nix = final.nixVersions.nix_2_18_upstream;
};
prefetch-npm-deps = prev.prefetch-npm-deps.override {
nix = final.nixVersions.nix_2_18_upstream;
};
nix-prefetch-git = prev.nix-prefetch-git.override {
nix = final.nixVersions.nix_2_18_upstream;
};
nixos-option = prev.nixos-option.override {
nix = final.nixVersions.nix_2_18_upstream;
};
nix-doc = prev.callPackage ./nix-doc/package.nix { withPlugin = false; };
}

View file

@ -1 +0,0 @@
{"nix-eval-jobs": {"kind": "tarball", "rev": "dfc286ca3dc49118c30d8d6205d6d6af76c62b7a", "nar_hash": "sha256-H94CcQ3yamG5+RMxtxXllR02YIlxQ5WD/8PcolO9yEA=", "locked_url": "https://git.lix.systems/api/v1/repos/lix-project/nix-eval-jobs/archive/dfc286ca3dc49118c30d8d6205d6d6af76c62b7a.tar.gz?rev=dfc286ca3dc49118c30d8d6205d6d6af76c62b7a", "url": "https://git.lix.systems/lix-project/nix-eval-jobs/archive/main.tar.gz"}}

View file

@ -1,26 +0,0 @@
# this is a custom pinning tool, written because npins doesn't have narHash
# compatible output for git inputs, and also doesn't support the Nix immutable
# tarball protocol
let
pins = builtins.fromJSON (builtins.readFile ./pins.json);
fetchPin = args@{ kind, ... }:
if kind == "git" then
builtins.fetchGit
{
name = "source";
url = args.url;
ref = args.ref;
rev = args.rev;
narHash = args.nar_hash;
}
else if kind == "tarball" then
args // {
outPath = builtins.fetchTarball {
name = "source";
url = args.locked_url;
sha256 = args.nar_hash;
};
}
else builtins.throw "unsupported input type ${kind}";
in
builtins.mapAttrs (_: fetchPin) pins

View file

@ -1,10 +0,0 @@
{ pkgs, flakey-profile }:
flakey-profile.lib.mkProfile {
inherit pkgs;
paths = with pkgs; [
cacert
nix
];
name = "system-profile";
extraSwitchArgs = [ "--profile" "/nix/var/nix/profiles/default" ];
}

View file

@ -1,32 +0,0 @@
{ pkgs, nixos, lix-module }:
let
pkgs' = import pkgs.path {
inherit (pkgs) system;
};
configs = {
it-builds = nixos ({ ... }: {
imports = [ lix-module ];
documentation.enable = false;
fileSystems."/".device = "ignore-root-device";
boot.loader.grub.enable = false;
system.stateVersion = "24.05";
});
# Intentionally provoke the wrong major version.
# Does assume that the module is one major ahead of the release; the main
# purpose here is a manual testing fixture.
wrongMajor = pkgs'.nixos ({ ... }: {
imports = [ (import ./module.nix { lix = null; }) ];
documentation.enable = false;
fileSystems."/".device = "ignore-root-device";
boot.loader.grub.enable = false;
system.stateVersion = "24.05";
});
};
in
{
inherit configs;
it-builds = configs.it-builds.config.system.build.toplevel;
wrongMajor = configs.wrongMajor.config.system.build.toplevel;
}

View file

@ -1,165 +0,0 @@
#!/usr/bin/env nix-shell
#!nix-shell -i python3 -p 'python3.withPackages (ps: [ ps.requests ])'
"""
Updates pins in this repo to their latest version.
This is a custom pinning tool, written because npins doesn't have narHash
compatible output for git inputs (it is not SRI), and also doesn't support the
Nix immutable tarball protocol which we would like to use when we become public.
"""
import subprocess
import tempfile
from pathlib import Path
import re
import dataclasses
from typing import Literal
import urllib.parse
import json
# https://stackoverflow.com/a/51286749
class DataclassJSONEncoder(json.JSONEncoder):
def default(self, o):
if dataclasses.is_dataclass(o):
return dataclasses.asdict(o)
return super().default(o)
@dataclasses.dataclass
class PinSerialized:
kind: str
rev: str | None
nar_hash: str
@dataclasses.dataclass
class GitPinSerialized(PinSerialized):
kind: Literal['git']
url: str
rev: str
ref: str
@dataclasses.dataclass
class TarballPinSerialized(PinSerialized):
kind: Literal['tarball']
locked_url: str
url: str
class PinSpec:
def do_pin(self) -> dict[str, str]:
raise ValueError('unimplemented')
@dataclasses.dataclass
class GitPinSpec(PinSpec):
url: str
branch: str
def do_pin(self) -> GitPinSerialized:
return lock_git(self.url, self.branch)
@dataclasses.dataclass
class TarballPinSpec(PinSpec):
url: str
def do_pin(self) -> TarballPinSerialized:
return lock_tarball(self.url)
@dataclasses.dataclass
class LinkHeader:
url: str
rev: str | None
LINK_HEADER_RE = re.compile(r'<(?P<url>.*)>; rel="immutable"')
def parse_link_header(header) -> LinkHeader | None:
matched = LINK_HEADER_RE.match(header)
if not matched:
return None
url = matched.group('url')
parsed_url = urllib.parse.urlparse(url)
parsed_qs = urllib.parse.parse_qs(parsed_url.query)
return LinkHeader(url=url, rev=next(iter(parsed_qs.get('rev', [])), None))
def lock_tarball(url) -> TarballPinSerialized:
"""
Prefetches a tarball using the Nix immutable tarball protocol
"""
import requests
resp = requests.get(url)
with tempfile.TemporaryDirectory() as td:
td = Path(td)
proc = subprocess.Popen(["tar", "-C", td, "-xvzf", "-"],
stdin=subprocess.PIPE)
assert proc.stdin
for chunk in resp.iter_content(64 * 1024):
proc.stdin.write(chunk)
proc.stdin.close()
if proc.wait() != 0:
raise RuntimeError("untarring failed")
children = list(td.iterdir())
# FIXME: allow different tarball structures
assert len(children) == 1
child = children[0].rename(children[0].parent.joinpath('source'))
sri_hash = subprocess.check_output(
["nix-hash", "--type", "sha256", "--sri", child]).decode().strip()
path = subprocess.check_output(
["nix-store", "--add-fixed", "--recursive", "sha256",
child]).decode().strip()
link_info = parse_link_header(resp.headers['Link'])
print(sri_hash, path)
return TarballPinSerialized(kind='tarball',
nar_hash=sri_hash,
locked_url=link_info.url if link_info else url,
rev=link_info.rev if link_info else None,
url=url)
def lock_git(url, branch) -> GitPinSerialized:
url_escaped = json.dumps(url)
ref_escaped = json.dumps(branch)
data = json.loads(
subprocess.check_output([
"nix", "eval", "--impure", "--json", "--expr",
f"builtins.removeAttrs (builtins.fetchGit {{ url = {url_escaped}; ref = {ref_escaped}; }}) [ \"outPath\" ]"
]).strip())
return GitPinSerialized(kind='git',
url=url,
rev=data['rev'],
ref=branch,
nar_hash=data['narHash'])
PINS = {
'nix-eval-jobs':
TarballPinSpec('https://git.lix.systems/lix-project/nix-eval-jobs/archive/main.tar.gz')
}
def main():
output = {}
for (name, pin) in PINS.items():
output[name] = pin.do_pin()
print(output)
with open('pins.json', 'w') as fh:
json.dump(output, fh, cls=DataclassJSONEncoder)
if __name__ == '__main__':
main()

View file

@ -1,3 +0,0 @@
{
"version": "2.92.0-dev"
}