From 2f00f73da167a7299ea0a363fc408524ec8fab08 Mon Sep 17 00:00:00 2001 From: "Travis A. Everett" Date: Fri, 20 Dec 2024 09:24:46 -0600 Subject: [PATCH 1/7] remove unused determinate input We've previously disabled the usage of this, but snipping the input itself out saves us some time downloading/updating stuff we aren't using and dodge questions about its presence. --- flake.lock | 66 ------------------------------------------------------ flake.nix | 28 +++++++++++------------ 2 files changed, 14 insertions(+), 80 deletions(-) diff --git a/flake.lock b/flake.lock index df8454f1a..978a48730 100644 --- a/flake.lock +++ b/flake.lock @@ -1,70 +1,5 @@ { "nodes": { - "determinate": { - "inputs": { - "determinate-nixd-aarch64-darwin": "determinate-nixd-aarch64-darwin", - "determinate-nixd-aarch64-linux": "determinate-nixd-aarch64-linux", - "determinate-nixd-x86_64-darwin": [ - "determinate", - "determinate-nixd-aarch64-darwin" - ], - "determinate-nixd-x86_64-linux": "determinate-nixd-x86_64-linux", - "nix": [ - "nix" - ], - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1729548094, - "narHash": "sha256-+jP+Zlg0prpcmBy5s7cPUa7nJr90Zm2m933aibrHBYw=", - "rev": "5babe9d6a9eb52ee001bf70ad607fd66522f781b", - "revCount": 145, - "type": "tarball", - "url": "https://api.flakehub.com/f/pinned/DeterminateSystems/determinate/0.1.145%2Brev-5babe9d6a9eb52ee001bf70ad607fd66522f781b/0192b11b-c96e-7199-ba89-8c923541fcce/source.tar.gz" - }, - "original": { - "type": "tarball", - "url": "https://flakehub.com/f/DeterminateSystems/determinate/0.1.tar.gz" - } - }, - "determinate-nixd-aarch64-darwin": { - "flake": false, - "locked": { - "narHash": "sha256-OhG8joS/uN3Kdw4h9w8F/6ZIVTFZ8J9Fb4NGn/KK5/s=", - "type": "file", - "url": "https://install.determinate.systems/determinate-nixd/rev/51ecec5a3148baef87c2015536aa12dd18e4c4ad/macOS" - }, - "original": { - "type": "file", - "url": "https://install.determinate.systems/determinate-nixd/rev/51ecec5a3148baef87c2015536aa12dd18e4c4ad/macOS" - } - }, - "determinate-nixd-aarch64-linux": { - "flake": false, - "locked": { - "narHash": "sha256-AGcHQSIdb+KEJlhJzMB4YyFxbjdLZEDDf6bv6Zi3wqM=", - "type": "file", - "url": "https://install.determinate.systems/determinate-nixd/rev/51ecec5a3148baef87c2015536aa12dd18e4c4ad/aarch64-linux" - }, - "original": { - "type": "file", - "url": "https://install.determinate.systems/determinate-nixd/rev/51ecec5a3148baef87c2015536aa12dd18e4c4ad/aarch64-linux" - } - }, - "determinate-nixd-x86_64-linux": { - "flake": false, - "locked": { - "narHash": "sha256-kU4dqHoYe3sFf4LDAUj4fyl9uGV8IHtE22+DdMeRN0s=", - "type": "file", - "url": "https://install.determinate.systems/determinate-nixd/rev/51ecec5a3148baef87c2015536aa12dd18e4c4ad/x86_64-linux" - }, - "original": { - "type": "file", - "url": "https://install.determinate.systems/determinate-nixd/rev/51ecec5a3148baef87c2015536aa12dd18e4c4ad/x86_64-linux" - } - }, "fenix": { "inputs": { "nixpkgs": [ @@ -299,7 +234,6 @@ }, "root": { "inputs": { - "determinate": "determinate", "fenix": "fenix", "flake-compat": "flake-compat", "naersk": "naersk", diff --git a/flake.nix b/flake.nix index 9d44b4d2a..97c540d41 100644 --- a/flake.nix +++ b/flake.nix @@ -18,19 +18,19 @@ url = "github:NixOS/nix/2.24.9"; # Omitting `inputs.nixpkgs.follows = "nixpkgs";` on purpose }; - - determinate = { - url = "https://flakehub.com/f/DeterminateSystems/determinate/0.1.tar.gz"; - - # We set the overrides below so the flake.lock has many fewer nodes. - # - # The `determinate` input is used to access the builds of `determinate-nixd`. - # Below, we access the `packages` outputs, which download static builds of `determinate-nixd` and makes them executable. - # The way we consume the determinate flake means the `nix` and `nixpkgs` inputs are not meaningfully used. - # This means `follows` won't cause surprisingly extensive rebuilds, just trivial `chmod +x` rebuilds. - inputs.nixpkgs.follows = "nixpkgs"; - inputs.nix.follows = "nix"; - }; + # We don't use this, so let's save download/update time + # determinate = { + # url = "https://flakehub.com/f/DeterminateSystems/determinate/0.1.tar.gz"; + + # # We set the overrides below so the flake.lock has many fewer nodes. + # # + # # The `determinate` input is used to access the builds of `determinate-nixd`. + # # Below, we access the `packages` outputs, which download static builds of `determinate-nixd` and makes them executable. + # # The way we consume the determinate flake means the `nix` and `nixpkgs` inputs are not meaningfully used. + # # This means `follows` won't cause surprisingly extensive rebuilds, just trivial `chmod +x` rebuilds. + # inputs.nixpkgs.follows = "nixpkgs"; + # inputs.nix.follows = "nix"; + # }; flake-compat.url = "github:edolstra/flake-compat/v1.0.0"; }; @@ -41,7 +41,7 @@ , fenix , naersk , nix - , determinate + # , determinate , ... } @ inputs: let From ddcdd3d84ec0f7ee3a2234812b6788104e0ef6af Mon Sep 17 00:00:00 2001 From: "Travis A. Everett" Date: Fri, 20 Dec 2024 09:45:42 -0600 Subject: [PATCH 2/7] update nixpkgs This rev is already a little stale, but it was recommended by Cole in WG meeting due to some issue in nixpkgs beyond this point that neither detsys nor nixpkgs have sorted out yet. If we want to update beyond this before they do, we may have to figure it out :) --- flake.lock | 8 ++++---- flake.nix | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/flake.lock b/flake.lock index 978a48730..640a0828a 100644 --- a/flake.lock +++ b/flake.lock @@ -218,17 +218,17 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1714635257, - "narHash": "sha256-4cPymbty65RvF1DWQfc+Bc8B233A1BWxJnNULJKQ1EY=", + "lastModified": 1730200266, + "narHash": "sha256-l253w0XMT8nWHGXuXqyiIC/bMvh1VRszGXgdpQlfhvU=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "63c3a29ca82437c87573e4c6919b09a24ea61b0f", + "rev": "807e9154dcb16384b1b765ebe9cd2bba2ac287fd", "type": "github" }, "original": { "owner": "NixOS", "repo": "nixpkgs", - "rev": "63c3a29ca82437c87573e4c6919b09a24ea61b0f", + "rev": "807e9154dcb16384b1b765ebe9cd2bba2ac287fd", "type": "github" } }, diff --git a/flake.nix b/flake.nix index 97c540d41..ee7a9b2d5 100644 --- a/flake.nix +++ b/flake.nix @@ -2,7 +2,7 @@ description = "Experimental Nix Installer"; inputs = { - nixpkgs.url = "github:NixOS/nixpkgs/63c3a29ca82437c87573e4c6919b09a24ea61b0f"; + nixpkgs.url = "github:NixOS/nixpkgs/807e9154dcb16384b1b765ebe9cd2bba2ac287fd"; fenix = { url = "github:nix-community/fenix/73124e1356bde9411b163d636b39fe4804b7ca45"; From 635e4497f4401c3edc6cd74d892835d104f89140 Mon Sep 17 00:00:00 2001 From: "Travis A. Everett" Date: Fri, 20 Dec 2024 10:21:24 -0600 Subject: [PATCH 3/7] nix flake update - This update only actually updates naersk because I already bit off removal of the determinate input and update of nixpkgs input in separate commits for visibility. - A naive update causes iconv related build failures. Upstream has seen the same and this just tracks the workaround they added in df13b0b. I suspect this is related to macos stdenv refactoring. --- flake.lock | 6 +++--- flake.nix | 2 ++ 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index 640a0828a..af7a28f1d 100644 --- a/flake.lock +++ b/flake.lock @@ -130,11 +130,11 @@ ] }, "locked": { - "lastModified": 1721727458, - "narHash": "sha256-r/xppY958gmZ4oTfLiHN0ZGuQ+RSTijDblVgVLFi1mw=", + "lastModified": 1733346208, + "narHash": "sha256-a4WZp1xQkrnA4BbnKrzJNr+dYoQr5Xneh2syJoddFyE=", "owner": "nix-community", "repo": "naersk", - "rev": "3fb418eaf352498f6b6c30592e3beb63df42ef11", + "rev": "378614f37a6bee5a3f2ef4f825a73d948d3ae921", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index ee7a9b2d5..21a725c86 100644 --- a/flake.nix +++ b/flake.nix @@ -95,6 +95,8 @@ nativeBuildInputs = with final; [ ]; buildInputs = with final; [ ] ++ lib.optionals (final.stdenv.isDarwin) (with final.darwin.apple_sdk.frameworks; [ SystemConfiguration + # temporary fix for naersk to nix flake update; see df13b0b upstream + final.darwin.libiconv ]); copyBins = true; From bd5c1c6b34a652025093da5813e003580eab2683 Mon Sep 17 00:00:00 2001 From: "Travis A. Everett" Date: Fri, 20 Dec 2024 10:47:53 -0600 Subject: [PATCH 4/7] fix format issues with 0.27.0 merge In the course of the 0.27.0 merge we were having trouble with the lint workflow that ~enabled me to accidentally a few format issues in. I introduced a format-only diff when we fiddled with a few different ways of disabling '--determinate' features. I inadvertently swapped the order of these when merging an item back in. I also left an errant space in flake.nix. Someone else left an errant one in assemble_installer.py :) --- assemble_installer.py | 2 +- flake.nix | 2 +- src/planner/linux.rs | 2 +- src/planner/macos/mod.rs | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/assemble_installer.py b/assemble_installer.py index e17b0cf79..bd19bd359 100644 --- a/assemble_installer.py +++ b/assemble_installer.py @@ -1,6 +1,6 @@ import requests import subprocess -import shutil +import shutil import sys response = requests.get('https://hydra.nixos.org/jobset/experimental-nix-installer/experimental-installer/evals', headers={'Accept': 'application/json'}) diff --git a/flake.nix b/flake.nix index 21a725c86..14c15d2fb 100644 --- a/flake.nix +++ b/flake.nix @@ -46,7 +46,7 @@ } @ inputs: let supportedSystems = [ "x86_64-linux" "aarch64-linux" "x86_64-darwin" "aarch64-darwin" ]; - systemsSupportedByDeterminateNixd = [ ]; # avoid refs to detsys nixd for now + systemsSupportedByDeterminateNixd = [ ]; # avoid refs to detsys nixd for now forAllSystems = f: nixpkgs.lib.genAttrs supportedSystems (system: (forSystem system f)); diff --git a/src/planner/linux.rs b/src/planner/linux.rs index f4ff9291c..8f8f9c6cb 100644 --- a/src/planner/linux.rs +++ b/src/planner/linux.rs @@ -8,7 +8,7 @@ use crate::{ action::{ base::{CreateDirectory, RemoveDirectory}, common::{ - ConfigureNix, ConfigureDeterminateNixdInitService, ConfigureUpstreamInitService, + ConfigureDeterminateNixdInitService, ConfigureNix, ConfigureUpstreamInitService, CreateUsersAndGroups, ProvisionDeterminateNixd, ProvisionNix, }, linux::{ diff --git a/src/planner/macos/mod.rs b/src/planner/macos/mod.rs index 5bdb55665..57c7bbab2 100644 --- a/src/planner/macos/mod.rs +++ b/src/planner/macos/mod.rs @@ -16,7 +16,7 @@ use crate::{ action::{ base::RemoveDirectory, common::{ - ConfigureNix, ConfigureDeterminateNixdInitService, ConfigureUpstreamInitService, + ConfigureDeterminateNixdInitService, ConfigureNix, ConfigureUpstreamInitService, CreateUsersAndGroups, ProvisionDeterminateNixd, ProvisionNix, }, macos::{ From bd550b12d3522628ff6d6c1da2498f0d688919ab Mon Sep 17 00:00:00 2001 From: "Travis A. Everett" Date: Fri, 20 Dec 2024 11:27:23 -0600 Subject: [PATCH 5/7] disable --determinate workflows --- .github/workflows/ci.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index c015a25f7..dbbf03b2a 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -69,7 +69,7 @@ jobs: needs: [lints, build-x86_64-linux] strategy: matrix: - determinate: [true, false] + determinate: [false] permissions: id-token: "write" contents: "read" @@ -187,7 +187,7 @@ jobs: needs: [lints, build-x86_64-linux] strategy: matrix: - determinate: [true, false] + determinate: [false] permissions: id-token: "write" contents: "read" @@ -311,7 +311,7 @@ jobs: needs: [lints, build-x86_64-darwin] strategy: matrix: - determinate: [true, false] + determinate: [false] permissions: id-token: "write" contents: "read" @@ -402,7 +402,7 @@ jobs: # needs: [lints, build-aarch64-linux] # strategy: # matrix: - # determinate: [true, false] + # determinate: [false] # permissions: # id-token: "write" # contents: "read" @@ -520,7 +520,7 @@ jobs: needs: [lints, build-aarch64-darwin] strategy: matrix: - determinate: [true, false] + determinate: [false] permissions: id-token: "write" contents: "read" From 1aed1437b9426c512a0816b35446b7c23c9439ed Mon Sep 17 00:00:00 2001 From: "Travis A. Everett" Date: Fri, 20 Dec 2024 11:42:45 -0600 Subject: [PATCH 6/7] track comments & fenix update from matthew's PR --- flake.lock | 14 +++++++------- flake.nix | 6 +++++- 2 files changed, 12 insertions(+), 8 deletions(-) diff --git a/flake.lock b/flake.lock index af7a28f1d..b2e2c2e8f 100644 --- a/flake.lock +++ b/flake.lock @@ -8,17 +8,17 @@ "rust-analyzer-src": "rust-analyzer-src" }, "locked": { - "lastModified": 1714544767, - "narHash": "sha256-kF1bX+YFMedf1g0PAJYwGUkzh22JmULtj8Rm4IXAQKs=", + "lastModified": 1727764514, + "narHash": "sha256-tvN9v5gTxLI5zOKsNvYl1aUxIitHm8Nj3vKdXNfJo50=", "owner": "nix-community", "repo": "fenix", - "rev": "73124e1356bde9411b163d636b39fe4804b7ca45", + "rev": "a9d2e5fa8d77af05240230c9569bbbddd28ccfaf", "type": "github" }, "original": { "owner": "nix-community", "repo": "fenix", - "rev": "73124e1356bde9411b163d636b39fe4804b7ca45", + "rev": "a9d2e5fa8d77af05240230c9569bbbddd28ccfaf", "type": "github" } }, @@ -244,11 +244,11 @@ "rust-analyzer-src": { "flake": false, "locked": { - "lastModified": 1714501997, - "narHash": "sha256-g31zfxwUFzkPgX0Q8sZLcrqGmOxwjEZ/iqJjNx4fEGo=", + "lastModified": 1727706011, + "narHash": "sha256-xxgUHwwJ+1xQQoUWvLDo807IZ0MDldkfr9N1G4fvNJU=", "owner": "rust-lang", "repo": "rust-analyzer", - "rev": "49e502b277a8126a9ad10c802d1aaa3ef1a280ef", + "rev": "28830ff2f1158ee92f4852ef3ec35af0935d1562", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 14c15d2fb..d7638123c 100644 --- a/flake.nix +++ b/flake.nix @@ -2,10 +2,14 @@ description = "Experimental Nix Installer"; inputs = { + # can track upstream versioning with + # git show $most_recently_merged_commit:flake.lock | jq '.nodes[.nodes.root.inputs.nixpkgs].locked.rev' nixpkgs.url = "github:NixOS/nixpkgs/807e9154dcb16384b1b765ebe9cd2bba2ac287fd"; fenix = { - url = "github:nix-community/fenix/73124e1356bde9411b163d636b39fe4804b7ca45"; + # can track upstream versioning with + # git show $most_recently_merged_commit:flake.lock | jq '.nodes[.nodes.root.inputs.fenix].locked.rev' + url = "github:nix-community/fenix/a9d2e5fa8d77af05240230c9569bbbddd28ccfaf"; inputs.nixpkgs.follows = "nixpkgs"; }; From 14a8e32c540a4ca0fd82ded2e12e8166cfc40df9 Mon Sep 17 00:00:00 2001 From: "Travis A. Everett" Date: Fri, 20 Dec 2024 11:47:05 -0600 Subject: [PATCH 7/7] disable CI step that depends on flakes Our fork doesn't enable the experimental features by default. --- .github/workflows/ci.yml | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index dbbf03b2a..8ac5b6dc3 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -572,14 +572,15 @@ jobs: logger: pretty - name: echo $PATH run: echo $PATH - - name: Test `nix` with `$GITHUB_PATH` - if: success() || failure() - run: | - nix run nixpkgs#hello - nix profile install nixpkgs#hello - hello - nix store gc - nix run nixpkgs#hello + # We don't enable flakes by default. + # - name: Test `nix` with `$GITHUB_PATH` + # if: success() || failure() + # run: | + # nix run nixpkgs#hello + # nix profile install nixpkgs#hello + # hello + # nix store gc + # nix run nixpkgs#hello # NOTE(cole-h): GHA pushed a weird image that breaks this test for whatever reason, so ignore # the failure for now - name: Test bash