diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index c015a25f7..8ac5b6dc3 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -69,7 +69,7 @@ jobs: needs: [lints, build-x86_64-linux] strategy: matrix: - determinate: [true, false] + determinate: [false] permissions: id-token: "write" contents: "read" @@ -187,7 +187,7 @@ jobs: needs: [lints, build-x86_64-linux] strategy: matrix: - determinate: [true, false] + determinate: [false] permissions: id-token: "write" contents: "read" @@ -311,7 +311,7 @@ jobs: needs: [lints, build-x86_64-darwin] strategy: matrix: - determinate: [true, false] + determinate: [false] permissions: id-token: "write" contents: "read" @@ -402,7 +402,7 @@ jobs: # needs: [lints, build-aarch64-linux] # strategy: # matrix: - # determinate: [true, false] + # determinate: [false] # permissions: # id-token: "write" # contents: "read" @@ -520,7 +520,7 @@ jobs: needs: [lints, build-aarch64-darwin] strategy: matrix: - determinate: [true, false] + determinate: [false] permissions: id-token: "write" contents: "read" @@ -572,14 +572,15 @@ jobs: logger: pretty - name: echo $PATH run: echo $PATH - - name: Test `nix` with `$GITHUB_PATH` - if: success() || failure() - run: | - nix run nixpkgs#hello - nix profile install nixpkgs#hello - hello - nix store gc - nix run nixpkgs#hello + # We don't enable flakes by default. + # - name: Test `nix` with `$GITHUB_PATH` + # if: success() || failure() + # run: | + # nix run nixpkgs#hello + # nix profile install nixpkgs#hello + # hello + # nix store gc + # nix run nixpkgs#hello # NOTE(cole-h): GHA pushed a weird image that breaks this test for whatever reason, so ignore # the failure for now - name: Test bash diff --git a/assemble_installer.py b/assemble_installer.py index e17b0cf79..bd19bd359 100644 --- a/assemble_installer.py +++ b/assemble_installer.py @@ -1,6 +1,6 @@ import requests import subprocess -import shutil +import shutil import sys response = requests.get('https://hydra.nixos.org/jobset/experimental-nix-installer/experimental-installer/evals', headers={'Accept': 'application/json'}) diff --git a/flake.lock b/flake.lock index df8454f1a..b2e2c2e8f 100644 --- a/flake.lock +++ b/flake.lock @@ -1,70 +1,5 @@ { "nodes": { - "determinate": { - "inputs": { - "determinate-nixd-aarch64-darwin": "determinate-nixd-aarch64-darwin", - "determinate-nixd-aarch64-linux": "determinate-nixd-aarch64-linux", - "determinate-nixd-x86_64-darwin": [ - "determinate", - "determinate-nixd-aarch64-darwin" - ], - "determinate-nixd-x86_64-linux": "determinate-nixd-x86_64-linux", - "nix": [ - "nix" - ], - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1729548094, - "narHash": "sha256-+jP+Zlg0prpcmBy5s7cPUa7nJr90Zm2m933aibrHBYw=", - "rev": "5babe9d6a9eb52ee001bf70ad607fd66522f781b", - "revCount": 145, - "type": "tarball", - "url": "https://api.flakehub.com/f/pinned/DeterminateSystems/determinate/0.1.145%2Brev-5babe9d6a9eb52ee001bf70ad607fd66522f781b/0192b11b-c96e-7199-ba89-8c923541fcce/source.tar.gz" - }, - "original": { - "type": "tarball", - "url": "https://flakehub.com/f/DeterminateSystems/determinate/0.1.tar.gz" - } - }, - "determinate-nixd-aarch64-darwin": { - "flake": false, - "locked": { - "narHash": "sha256-OhG8joS/uN3Kdw4h9w8F/6ZIVTFZ8J9Fb4NGn/KK5/s=", - "type": "file", - "url": "https://install.determinate.systems/determinate-nixd/rev/51ecec5a3148baef87c2015536aa12dd18e4c4ad/macOS" - }, - "original": { - "type": "file", - "url": "https://install.determinate.systems/determinate-nixd/rev/51ecec5a3148baef87c2015536aa12dd18e4c4ad/macOS" - } - }, - "determinate-nixd-aarch64-linux": { - "flake": false, - "locked": { - "narHash": "sha256-AGcHQSIdb+KEJlhJzMB4YyFxbjdLZEDDf6bv6Zi3wqM=", - "type": "file", - "url": "https://install.determinate.systems/determinate-nixd/rev/51ecec5a3148baef87c2015536aa12dd18e4c4ad/aarch64-linux" - }, - "original": { - "type": "file", - "url": "https://install.determinate.systems/determinate-nixd/rev/51ecec5a3148baef87c2015536aa12dd18e4c4ad/aarch64-linux" - } - }, - "determinate-nixd-x86_64-linux": { - "flake": false, - "locked": { - "narHash": "sha256-kU4dqHoYe3sFf4LDAUj4fyl9uGV8IHtE22+DdMeRN0s=", - "type": "file", - "url": "https://install.determinate.systems/determinate-nixd/rev/51ecec5a3148baef87c2015536aa12dd18e4c4ad/x86_64-linux" - }, - "original": { - "type": "file", - "url": "https://install.determinate.systems/determinate-nixd/rev/51ecec5a3148baef87c2015536aa12dd18e4c4ad/x86_64-linux" - } - }, "fenix": { "inputs": { "nixpkgs": [ @@ -73,17 +8,17 @@ "rust-analyzer-src": "rust-analyzer-src" }, "locked": { - "lastModified": 1714544767, - "narHash": "sha256-kF1bX+YFMedf1g0PAJYwGUkzh22JmULtj8Rm4IXAQKs=", + "lastModified": 1727764514, + "narHash": "sha256-tvN9v5gTxLI5zOKsNvYl1aUxIitHm8Nj3vKdXNfJo50=", "owner": "nix-community", "repo": "fenix", - "rev": "73124e1356bde9411b163d636b39fe4804b7ca45", + "rev": "a9d2e5fa8d77af05240230c9569bbbddd28ccfaf", "type": "github" }, "original": { "owner": "nix-community", "repo": "fenix", - "rev": "73124e1356bde9411b163d636b39fe4804b7ca45", + "rev": "a9d2e5fa8d77af05240230c9569bbbddd28ccfaf", "type": "github" } }, @@ -195,11 +130,11 @@ ] }, "locked": { - "lastModified": 1721727458, - "narHash": "sha256-r/xppY958gmZ4oTfLiHN0ZGuQ+RSTijDblVgVLFi1mw=", + "lastModified": 1733346208, + "narHash": "sha256-a4WZp1xQkrnA4BbnKrzJNr+dYoQr5Xneh2syJoddFyE=", "owner": "nix-community", "repo": "naersk", - "rev": "3fb418eaf352498f6b6c30592e3beb63df42ef11", + "rev": "378614f37a6bee5a3f2ef4f825a73d948d3ae921", "type": "github" }, "original": { @@ -283,23 +218,22 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1714635257, - "narHash": "sha256-4cPymbty65RvF1DWQfc+Bc8B233A1BWxJnNULJKQ1EY=", + "lastModified": 1730200266, + "narHash": "sha256-l253w0XMT8nWHGXuXqyiIC/bMvh1VRszGXgdpQlfhvU=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "63c3a29ca82437c87573e4c6919b09a24ea61b0f", + "rev": "807e9154dcb16384b1b765ebe9cd2bba2ac287fd", "type": "github" }, "original": { "owner": "NixOS", "repo": "nixpkgs", - "rev": "63c3a29ca82437c87573e4c6919b09a24ea61b0f", + "rev": "807e9154dcb16384b1b765ebe9cd2bba2ac287fd", "type": "github" } }, "root": { "inputs": { - "determinate": "determinate", "fenix": "fenix", "flake-compat": "flake-compat", "naersk": "naersk", @@ -310,11 +244,11 @@ "rust-analyzer-src": { "flake": false, "locked": { - "lastModified": 1714501997, - "narHash": "sha256-g31zfxwUFzkPgX0Q8sZLcrqGmOxwjEZ/iqJjNx4fEGo=", + "lastModified": 1727706011, + "narHash": "sha256-xxgUHwwJ+1xQQoUWvLDo807IZ0MDldkfr9N1G4fvNJU=", "owner": "rust-lang", "repo": "rust-analyzer", - "rev": "49e502b277a8126a9ad10c802d1aaa3ef1a280ef", + "rev": "28830ff2f1158ee92f4852ef3ec35af0935d1562", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 9d44b4d2a..d7638123c 100644 --- a/flake.nix +++ b/flake.nix @@ -2,10 +2,14 @@ description = "Experimental Nix Installer"; inputs = { - nixpkgs.url = "github:NixOS/nixpkgs/63c3a29ca82437c87573e4c6919b09a24ea61b0f"; + # can track upstream versioning with + # git show $most_recently_merged_commit:flake.lock | jq '.nodes[.nodes.root.inputs.nixpkgs].locked.rev' + nixpkgs.url = "github:NixOS/nixpkgs/807e9154dcb16384b1b765ebe9cd2bba2ac287fd"; fenix = { - url = "github:nix-community/fenix/73124e1356bde9411b163d636b39fe4804b7ca45"; + # can track upstream versioning with + # git show $most_recently_merged_commit:flake.lock | jq '.nodes[.nodes.root.inputs.fenix].locked.rev' + url = "github:nix-community/fenix/a9d2e5fa8d77af05240230c9569bbbddd28ccfaf"; inputs.nixpkgs.follows = "nixpkgs"; }; @@ -18,19 +22,19 @@ url = "github:NixOS/nix/2.24.9"; # Omitting `inputs.nixpkgs.follows = "nixpkgs";` on purpose }; + # We don't use this, so let's save download/update time + # determinate = { + # url = "https://flakehub.com/f/DeterminateSystems/determinate/0.1.tar.gz"; - determinate = { - url = "https://flakehub.com/f/DeterminateSystems/determinate/0.1.tar.gz"; - - # We set the overrides below so the flake.lock has many fewer nodes. - # - # The `determinate` input is used to access the builds of `determinate-nixd`. - # Below, we access the `packages` outputs, which download static builds of `determinate-nixd` and makes them executable. - # The way we consume the determinate flake means the `nix` and `nixpkgs` inputs are not meaningfully used. - # This means `follows` won't cause surprisingly extensive rebuilds, just trivial `chmod +x` rebuilds. - inputs.nixpkgs.follows = "nixpkgs"; - inputs.nix.follows = "nix"; - }; + # # We set the overrides below so the flake.lock has many fewer nodes. + # # + # # The `determinate` input is used to access the builds of `determinate-nixd`. + # # Below, we access the `packages` outputs, which download static builds of `determinate-nixd` and makes them executable. + # # The way we consume the determinate flake means the `nix` and `nixpkgs` inputs are not meaningfully used. + # # This means `follows` won't cause surprisingly extensive rebuilds, just trivial `chmod +x` rebuilds. + # inputs.nixpkgs.follows = "nixpkgs"; + # inputs.nix.follows = "nix"; + # }; flake-compat.url = "github:edolstra/flake-compat/v1.0.0"; }; @@ -41,12 +45,12 @@ , fenix , naersk , nix - , determinate + # , determinate , ... } @ inputs: let supportedSystems = [ "x86_64-linux" "aarch64-linux" "x86_64-darwin" "aarch64-darwin" ]; - systemsSupportedByDeterminateNixd = [ ]; # avoid refs to detsys nixd for now + systemsSupportedByDeterminateNixd = [ ]; # avoid refs to detsys nixd for now forAllSystems = f: nixpkgs.lib.genAttrs supportedSystems (system: (forSystem system f)); @@ -95,6 +99,8 @@ nativeBuildInputs = with final; [ ]; buildInputs = with final; [ ] ++ lib.optionals (final.stdenv.isDarwin) (with final.darwin.apple_sdk.frameworks; [ SystemConfiguration + # temporary fix for naersk to nix flake update; see df13b0b upstream + final.darwin.libiconv ]); copyBins = true; diff --git a/src/planner/linux.rs b/src/planner/linux.rs index f4ff9291c..8f8f9c6cb 100644 --- a/src/planner/linux.rs +++ b/src/planner/linux.rs @@ -8,7 +8,7 @@ use crate::{ action::{ base::{CreateDirectory, RemoveDirectory}, common::{ - ConfigureNix, ConfigureDeterminateNixdInitService, ConfigureUpstreamInitService, + ConfigureDeterminateNixdInitService, ConfigureNix, ConfigureUpstreamInitService, CreateUsersAndGroups, ProvisionDeterminateNixd, ProvisionNix, }, linux::{ diff --git a/src/planner/macos/mod.rs b/src/planner/macos/mod.rs index 5bdb55665..57c7bbab2 100644 --- a/src/planner/macos/mod.rs +++ b/src/planner/macos/mod.rs @@ -16,7 +16,7 @@ use crate::{ action::{ base::RemoveDirectory, common::{ - ConfigureNix, ConfigureDeterminateNixdInitService, ConfigureUpstreamInitService, + ConfigureDeterminateNixdInitService, ConfigureNix, ConfigureUpstreamInitService, CreateUsersAndGroups, ProvisionDeterminateNixd, ProvisionNix, }, macos::{