forked from lix-project/lix
0726ad5825
Starting macOS 10.15 /nix can't be creasted directly anymore due to the readonly filesystem, but synthetic.conf was introduced to enable creating mountpoints or symlinks for special usecases like package managers.
367 lines
12 KiB
Nix
367 lines
12 KiB
Nix
{ nix ? builtins.fetchGit ./.
|
|
, nixpkgs ? builtins.fetchTarball https://github.com/NixOS/nixpkgs/archive/nixos-20.03-small.tar.gz
|
|
, officialRelease ? false
|
|
, systems ? [ "x86_64-linux" "i686-linux" "x86_64-darwin" "aarch64-linux" ]
|
|
}:
|
|
|
|
let
|
|
|
|
pkgs = import nixpkgs { system = builtins.currentSystem or "x86_64-linux"; };
|
|
|
|
version =
|
|
builtins.readFile ./.version
|
|
+ (if officialRelease then "" else "pre${toString nix.revCount}_${nix.shortRev}");
|
|
|
|
# Create a "vendor" directory that contains the crates listed in
|
|
# Cargo.lock. This allows Nix to be built without network access.
|
|
vendoredCrates' =
|
|
let
|
|
lockFile = builtins.fromTOML (builtins.readFile nix-rust/Cargo.lock);
|
|
|
|
files = map (pkg: import <nix/fetchurl.nix> {
|
|
url = "https://crates.io/api/v1/crates/${pkg.name}/${pkg.version}/download";
|
|
sha256 = lockFile.metadata."checksum ${pkg.name} ${pkg.version} (registry+https://github.com/rust-lang/crates.io-index)";
|
|
}) (builtins.filter (pkg: pkg.source or "" == "registry+https://github.com/rust-lang/crates.io-index") lockFile.package);
|
|
|
|
in pkgs.runCommand "cargo-vendor-dir" {}
|
|
''
|
|
mkdir -p $out/vendor
|
|
|
|
cat > $out/vendor/config <<EOF
|
|
[source.crates-io]
|
|
replace-with = "vendored-sources"
|
|
|
|
[source.vendored-sources]
|
|
directory = "vendor"
|
|
EOF
|
|
|
|
${toString (builtins.map (file: ''
|
|
mkdir $out/vendor/tmp
|
|
tar xvf ${file} -C $out/vendor/tmp
|
|
dir=$(echo $out/vendor/tmp/*)
|
|
|
|
# Add just enough metadata to keep Cargo happy.
|
|
printf '{"files":{},"package":"${file.outputHash}"}' > "$dir/.cargo-checksum.json"
|
|
|
|
# Clean up some cruft from the winapi crates. FIXME: find
|
|
# a way to remove winapi* from our dependencies.
|
|
if [[ $dir =~ /winapi ]]; then
|
|
find $dir -name "*.a" -print0 | xargs -0 rm -f --
|
|
fi
|
|
|
|
mv "$dir" $out/vendor/
|
|
|
|
rm -rf $out/vendor/tmp
|
|
'') files)}
|
|
'';
|
|
|
|
jobs = rec {
|
|
|
|
vendoredCrates =
|
|
with pkgs;
|
|
runCommand "vendored-crates" {}
|
|
''
|
|
mkdir -p $out/nix-support
|
|
name=nix-vendored-crates-${version}
|
|
fn=$out/$name.tar.xz
|
|
tar cvfJ $fn -C ${vendoredCrates'} vendor \
|
|
--owner=0 --group=0 --mode=u+rw,uga+r \
|
|
--transform "s,vendor,$name,"
|
|
echo "file crates-tarball $fn" >> $out/nix-support/hydra-build-products
|
|
'';
|
|
|
|
build = pkgs.lib.genAttrs systems (system:
|
|
|
|
let pkgs = import nixpkgs { inherit system; }; in
|
|
|
|
with pkgs;
|
|
|
|
with import ./release-common.nix { inherit pkgs; };
|
|
|
|
stdenv.mkDerivation {
|
|
name = "nix-${version}";
|
|
|
|
src = nix;
|
|
|
|
outputs = [ "out" "dev" "doc" ];
|
|
|
|
buildInputs = buildDeps;
|
|
|
|
propagatedBuildInputs = propagatedDeps;
|
|
|
|
preConfigure =
|
|
''
|
|
# Copy libboost_context so we don't get all of Boost in our closure.
|
|
# https://github.com/NixOS/nixpkgs/issues/45462
|
|
mkdir -p $out/lib
|
|
cp -pd ${boost}/lib/{libboost_context*,libboost_thread*,libboost_system*} $out/lib
|
|
rm -f $out/lib/*.a
|
|
${lib.optionalString stdenv.isLinux ''
|
|
chmod u+w $out/lib/*.so.*
|
|
patchelf --set-rpath $out/lib:${stdenv.cc.cc.lib}/lib $out/lib/libboost_thread.so.*
|
|
''}
|
|
|
|
ln -sfn ${vendoredCrates'}/vendor/ nix-rust/vendor
|
|
|
|
(cd perl; autoreconf --install --force --verbose)
|
|
'';
|
|
|
|
configureFlags = configureFlags ++
|
|
[ "--sysconfdir=/etc" ];
|
|
|
|
enableParallelBuilding = true;
|
|
|
|
makeFlags = "profiledir=$(out)/etc/profile.d";
|
|
|
|
installFlags = "sysconfdir=$(out)/etc";
|
|
|
|
doCheck = true;
|
|
|
|
doInstallCheck = true;
|
|
installCheckFlags = "sysconfdir=$(out)/etc";
|
|
|
|
separateDebugInfo = true;
|
|
|
|
preDist = ''
|
|
mkdir -p $doc/nix-support
|
|
echo "doc manual $doc/share/doc/nix/manual" >> $doc/nix-support/hydra-build-products
|
|
'';
|
|
});
|
|
|
|
|
|
perlBindings = pkgs.lib.genAttrs systems (system:
|
|
|
|
let pkgs = import nixpkgs { inherit system; }; in with pkgs;
|
|
|
|
releaseTools.nixBuild {
|
|
name = "nix-perl-${version}";
|
|
|
|
src = nix;
|
|
|
|
buildInputs =
|
|
[ autoconf-archive
|
|
autoreconfHook
|
|
jobs.build.${system}
|
|
curl
|
|
bzip2
|
|
xz
|
|
pkgconfig
|
|
pkgs.perl
|
|
boost
|
|
]
|
|
++ lib.optional (stdenv.isLinux || stdenv.isDarwin) libsodium;
|
|
|
|
configureFlags = ''
|
|
--with-dbi=${perlPackages.DBI}/${pkgs.perl.libPrefix}
|
|
--with-dbd-sqlite=${perlPackages.DBDSQLite}/${pkgs.perl.libPrefix}
|
|
'';
|
|
|
|
enableParallelBuilding = true;
|
|
|
|
postUnpack = "sourceRoot=$sourceRoot/perl";
|
|
});
|
|
|
|
|
|
binaryTarball = pkgs.lib.genAttrs systems (system:
|
|
|
|
with import nixpkgs { inherit system; };
|
|
|
|
let
|
|
toplevel = builtins.getAttr system jobs.build;
|
|
installerClosureInfo = closureInfo { rootPaths = [ toplevel cacert ]; };
|
|
in
|
|
|
|
runCommand "nix-binary-tarball-${version}"
|
|
{ #nativeBuildInputs = lib.optional (system != "aarch64-linux") shellcheck;
|
|
meta.description = "Distribution-independent Nix bootstrap binaries for ${system}";
|
|
}
|
|
''
|
|
cp ${installerClosureInfo}/registration $TMPDIR/reginfo
|
|
cp ${./scripts/create-darwin-volume.sh} $TMPDIR/create-darwin-volume.sh
|
|
substitute ${./scripts/install-nix-from-closure.sh} $TMPDIR/install \
|
|
--subst-var-by nix ${toplevel} \
|
|
--subst-var-by cacert ${cacert}
|
|
substitute ${./scripts/install-darwin-multi-user.sh} $TMPDIR/install-darwin-multi-user.sh \
|
|
--subst-var-by nix ${toplevel} \
|
|
--subst-var-by cacert ${cacert}
|
|
substitute ${./scripts/install-systemd-multi-user.sh} $TMPDIR/install-systemd-multi-user.sh \
|
|
--subst-var-by nix ${toplevel} \
|
|
--subst-var-by cacert ${cacert}
|
|
substitute ${./scripts/install-multi-user.sh} $TMPDIR/install-multi-user \
|
|
--subst-var-by nix ${toplevel} \
|
|
--subst-var-by cacert ${cacert}
|
|
|
|
if type -p shellcheck; then
|
|
# SC1090: Don't worry about not being able to find
|
|
# $nix/etc/profile.d/nix.sh
|
|
shellcheck --exclude SC1090 $TMPDIR/install
|
|
shellcheck $TMPDIR/create-darwin-volume.sh
|
|
shellcheck $TMPDIR/install-darwin-multi-user.sh
|
|
shellcheck $TMPDIR/install-systemd-multi-user.sh
|
|
|
|
# SC1091: Don't panic about not being able to source
|
|
# /etc/profile
|
|
# SC2002: Ignore "useless cat" "error", when loading
|
|
# .reginfo, as the cat is a much cleaner
|
|
# implementation, even though it is "useless"
|
|
# SC2116: Allow ROOT_HOME=$(echo ~root) for resolving
|
|
# root's home directory
|
|
shellcheck --external-sources \
|
|
--exclude SC1091,SC2002,SC2116 $TMPDIR/install-multi-user
|
|
fi
|
|
|
|
chmod +x $TMPDIR/install
|
|
chmod +x $TMPDIR/create-darwin-volume.sh
|
|
chmod +x $TMPDIR/install-darwin-multi-user.sh
|
|
chmod +x $TMPDIR/install-systemd-multi-user.sh
|
|
chmod +x $TMPDIR/install-multi-user
|
|
dir=nix-${version}-${system}
|
|
fn=$out/$dir.tar.xz
|
|
mkdir -p $out/nix-support
|
|
echo "file binary-dist $fn" >> $out/nix-support/hydra-build-products
|
|
tar cvfJ $fn \
|
|
--owner=0 --group=0 --mode=u+rw,uga+r \
|
|
--absolute-names \
|
|
--hard-dereference \
|
|
--transform "s,$TMPDIR/install,$dir/install," \
|
|
--transform "s,$TMPDIR/create-darwin-volume.sh,$dir/create-darwin-volume.sh," \
|
|
--transform "s,$TMPDIR/reginfo,$dir/.reginfo," \
|
|
--transform "s,$NIX_STORE,$dir/store,S" \
|
|
$TMPDIR/install \
|
|
$TMPDIR/create-darwin-volume.sh \
|
|
$TMPDIR/install-darwin-multi-user.sh \
|
|
$TMPDIR/install-systemd-multi-user.sh \
|
|
$TMPDIR/install-multi-user \
|
|
$TMPDIR/reginfo \
|
|
$(cat ${installerClosureInfo}/store-paths)
|
|
'');
|
|
|
|
|
|
coverage =
|
|
with pkgs;
|
|
|
|
with import ./release-common.nix { inherit pkgs; };
|
|
|
|
releaseTools.coverageAnalysis {
|
|
name = "nix-coverage-${version}";
|
|
|
|
src = nix;
|
|
|
|
preConfigure =
|
|
''
|
|
ln -sfn ${vendoredCrates'}/vendor/ nix-rust/vendor
|
|
'';
|
|
|
|
enableParallelBuilding = true;
|
|
|
|
buildInputs = buildDeps ++ propagatedDeps;
|
|
|
|
dontInstall = false;
|
|
|
|
doInstallCheck = true;
|
|
|
|
lcovFilter = [ "*/boost/*" "*-tab.*" ];
|
|
|
|
# We call `dot', and even though we just use it to
|
|
# syntax-check generated dot files, it still requires some
|
|
# fonts. So provide those.
|
|
FONTCONFIG_FILE = texFunctions.fontsConf;
|
|
|
|
# To test building without precompiled headers.
|
|
makeFlagsArray = [ "PRECOMPILE_HEADERS=0" ];
|
|
};
|
|
|
|
|
|
# System tests.
|
|
tests.remoteBuilds = (import ./tests/remote-builds.nix rec {
|
|
inherit nixpkgs;
|
|
nix = build.x86_64-linux; system = "x86_64-linux";
|
|
});
|
|
|
|
tests.nix-copy-closure = (import ./tests/nix-copy-closure.nix rec {
|
|
inherit nixpkgs;
|
|
nix = build.x86_64-linux; system = "x86_64-linux";
|
|
});
|
|
|
|
tests.setuid = pkgs.lib.genAttrs
|
|
["i686-linux" "x86_64-linux"]
|
|
(system:
|
|
import ./tests/setuid.nix rec {
|
|
inherit nixpkgs;
|
|
nix = build.${system}; inherit system;
|
|
});
|
|
|
|
tests.binaryTarball =
|
|
with import nixpkgs { system = "x86_64-linux"; };
|
|
vmTools.runInLinuxImage (runCommand "nix-binary-tarball-test"
|
|
{ diskImage = vmTools.diskImages.ubuntu1204x86_64;
|
|
}
|
|
''
|
|
set -x
|
|
useradd -m alice
|
|
su - alice -c 'tar xf ${binaryTarball.x86_64-linux}/*.tar.*'
|
|
mkdir /dest-nix
|
|
mount -o bind /dest-nix /nix # Provide a writable /nix.
|
|
chown alice /nix
|
|
su - alice -c '_NIX_INSTALLER_TEST=1 ./nix-*/install'
|
|
su - alice -c 'nix-store --verify'
|
|
su - alice -c 'PAGER= nix-store -qR ${build.x86_64-linux}'
|
|
|
|
# Check whether 'nix upgrade-nix' works.
|
|
cat > /tmp/paths.nix <<EOF
|
|
{
|
|
x86_64-linux = "${build.x86_64-linux}";
|
|
}
|
|
EOF
|
|
su - alice -c 'nix --experimental-features nix-command upgrade-nix -vvv --nix-store-paths-url file:///tmp/paths.nix'
|
|
(! [ -L /home/alice/.profile-1-link ])
|
|
su - alice -c 'PAGER= nix-store -qR ${build.x86_64-linux}'
|
|
|
|
mkdir -p $out/nix-support
|
|
touch $out/nix-support/hydra-build-products
|
|
umount /nix
|
|
''); # */
|
|
|
|
/*
|
|
tests.evalNixpkgs =
|
|
import (nixpkgs + "/pkgs/top-level/make-tarball.nix") {
|
|
inherit nixpkgs;
|
|
inherit pkgs;
|
|
nix = build.x86_64-linux;
|
|
officialRelease = false;
|
|
};
|
|
|
|
tests.evalNixOS =
|
|
pkgs.runCommand "eval-nixos" { buildInputs = [ build.x86_64-linux ]; }
|
|
''
|
|
export NIX_STATE_DIR=$TMPDIR
|
|
|
|
nix-instantiate ${nixpkgs}/nixos/release-combined.nix -A tested --dry-run \
|
|
--arg nixpkgs '{ outPath = ${nixpkgs}; revCount = 123; shortRev = "abcdefgh"; }'
|
|
|
|
touch $out
|
|
'';
|
|
*/
|
|
|
|
|
|
installerScript =
|
|
pkgs.runCommand "installer-script"
|
|
{ buildInputs = [ build.${builtins.currentSystem or "x86_64-linux"} ]; }
|
|
''
|
|
mkdir -p $out/nix-support
|
|
|
|
substitute ${./scripts/install.in} $out/install \
|
|
${pkgs.lib.concatMapStrings
|
|
(system: "--replace '@binaryTarball_${system}@' $(nix --experimental-features nix-command hash-file --base16 --type sha256 ${binaryTarball.${system}}/*.tar.xz) ")
|
|
systems
|
|
} \
|
|
--replace '@nixVersion@' ${version}
|
|
|
|
echo "file installer $out/install" >> $out/nix-support/hydra-build-products
|
|
'';
|
|
|
|
};
|
|
|
|
|
|
in jobs
|