2019-04-08 15:28:05 +00:00
|
|
|
|
{
|
|
|
|
|
description = "The purely functional package manager";
|
|
|
|
|
|
2023-09-22 01:00:35 +00:00
|
|
|
|
inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.05-small";
|
2022-05-16 18:46:44 +00:00
|
|
|
|
inputs.nixpkgs-regression.url = "github:NixOS/nixpkgs/215d4d0fd80ca5163643b03a33fde804a29cc1e2";
|
2021-09-24 13:21:41 +00:00
|
|
|
|
inputs.lowdown-src = { url = "github:kristapsdz/lowdown"; flake = false; };
|
2023-03-06 19:51:58 +00:00
|
|
|
|
inputs.flake-compat = { url = "github:edolstra/flake-compat"; flake = false; };
|
2019-04-08 15:28:05 +00:00
|
|
|
|
|
2023-03-06 19:51:58 +00:00
|
|
|
|
outputs = { self, nixpkgs, nixpkgs-regression, lowdown-src, flake-compat }:
|
2019-04-08 15:28:05 +00:00
|
|
|
|
|
2019-10-04 08:45:33 +00:00
|
|
|
|
let
|
2022-03-02 02:40:18 +00:00
|
|
|
|
inherit (nixpkgs) lib;
|
2019-05-29 15:25:41 +00:00
|
|
|
|
|
2022-01-24 23:13:54 +00:00
|
|
|
|
officialRelease = true;
|
2022-12-06 17:00:10 +00:00
|
|
|
|
|
2022-03-02 02:40:18 +00:00
|
|
|
|
version = lib.fileContents ./.version + versionSuffix;
|
2020-03-31 22:20:12 +00:00
|
|
|
|
versionSuffix =
|
|
|
|
|
if officialRelease
|
|
|
|
|
then ""
|
2020-10-21 19:31:19 +00:00
|
|
|
|
else "pre${builtins.substring 0 8 (self.lastModifiedDate or self.lastModified or "19700101")}_${self.shortRev or "dirty"}";
|
2020-03-13 17:28:01 +00:00
|
|
|
|
|
2023-08-23 18:28:24 +00:00
|
|
|
|
linux32BitSystems = [ "i686-linux" ];
|
2020-10-28 05:13:18 +00:00
|
|
|
|
linux64BitSystems = [ "x86_64-linux" "aarch64-linux" ];
|
2023-08-23 18:28:24 +00:00
|
|
|
|
linuxSystems = linux32BitSystems ++ linux64BitSystems;
|
|
|
|
|
darwinSystems = [ "x86_64-darwin" "aarch64-darwin" ];
|
|
|
|
|
systems = linuxSystems ++ darwinSystems;
|
2023-10-05 16:12:18 +00:00
|
|
|
|
|
2021-02-06 00:22:34 +00:00
|
|
|
|
crossSystems = [ "armv6l-linux" "armv7l-linux" ];
|
2021-02-06 00:07:48 +00:00
|
|
|
|
|
2022-09-23 09:21:19 +00:00
|
|
|
|
stdenvs = [ "gccStdenv" "clangStdenv" "clang11Stdenv" "stdenv" "libcxxStdenv" "ccacheStdenv" ];
|
2021-07-08 15:01:51 +00:00
|
|
|
|
|
2022-03-02 02:40:18 +00:00
|
|
|
|
forAllSystems = lib.genAttrs systems;
|
|
|
|
|
|
|
|
|
|
forAllCrossSystems = lib.genAttrs crossSystems;
|
|
|
|
|
|
|
|
|
|
forAllStdenvs = f:
|
|
|
|
|
lib.listToAttrs
|
2021-07-08 15:01:51 +00:00
|
|
|
|
(map
|
2022-03-02 02:40:18 +00:00
|
|
|
|
(stdenvName: {
|
|
|
|
|
name = "${stdenvName}Packages";
|
|
|
|
|
value = f stdenvName;
|
|
|
|
|
})
|
|
|
|
|
stdenvs);
|
2021-07-08 15:01:51 +00:00
|
|
|
|
|
Add positive source filter
Source filtering is a really cool Nix feature that lets us avoid a
lot of rebuilds, which speeds up the iteration cycle a lot in cases
where the relevant source files aren't actually modified.
We used to have a source filter that marked a few files as irrelevant,
but this is the wrong approach, as we have many more files that are
irrelevant. We may call this negative filtering.
This commit switches the source filtering to positive filtering, which
is a lot more robust. Instead of marking which files we don't need
we marked the files that we do need.
It's a superior approach because it is fail safe. Instead of allowing
build performance problems to creep in over time, we require that all
source inputs are declared.
I shouldn't have to explain that declaring inputs is a good practice,
so I'll stop over-explaining here.
I do have to acknowledge that this will cause a build failure when the
filter is incomplete. This is *good*, because it's the only realistic
way we could be reminded of these problems. These events will be
infrequent, so the small cost of extending the filter is worth it,
compared to the hidden cost of longer dev cycles for things like tests,
docker image, etc, etc.
(Also rebuilding Nix for stupid unnecessary reasons makes my blood boil)
2023-08-14 10:24:26 +00:00
|
|
|
|
# Experimental fileset library: https://github.com/NixOS/nixpkgs/pull/222981
|
|
|
|
|
# Not an "idiomatic" flake input because:
|
|
|
|
|
# - Propagation to dependent locks: https://github.com/NixOS/nix/issues/7730
|
|
|
|
|
# - Subflake would download redundant and huge parent flake
|
|
|
|
|
# - No git tree hash support: https://github.com/NixOS/nix/issues/6044
|
2023-08-16 14:01:46 +00:00
|
|
|
|
inherit (import (builtins.fetchTarball { url = "https://github.com/NixOS/nix/archive/1bdcd7fc8a6a40b2e805bad759b36e64e911036b.tar.gz"; sha256 = "sha256:14ljlpdsp4x7h1fkhbmc4bd3vsqnx8zdql4h3037wh09ad6a0893"; }))
|
Add positive source filter
Source filtering is a really cool Nix feature that lets us avoid a
lot of rebuilds, which speeds up the iteration cycle a lot in cases
where the relevant source files aren't actually modified.
We used to have a source filter that marked a few files as irrelevant,
but this is the wrong approach, as we have many more files that are
irrelevant. We may call this negative filtering.
This commit switches the source filtering to positive filtering, which
is a lot more robust. Instead of marking which files we don't need
we marked the files that we do need.
It's a superior approach because it is fail safe. Instead of allowing
build performance problems to creep in over time, we require that all
source inputs are declared.
I shouldn't have to explain that declaring inputs is a good practice,
so I'll stop over-explaining here.
I do have to acknowledge that this will cause a build failure when the
filter is incomplete. This is *good*, because it's the only realistic
way we could be reminded of these problems. These events will be
infrequent, so the small cost of extending the filter is worth it,
compared to the hidden cost of longer dev cycles for things like tests,
docker image, etc, etc.
(Also rebuilding Nix for stupid unnecessary reasons makes my blood boil)
2023-08-14 10:24:26 +00:00
|
|
|
|
fileset;
|
|
|
|
|
|
|
|
|
|
baseFiles =
|
|
|
|
|
# .gitignore has already been processed, so any changes in it are irrelevant
|
|
|
|
|
# at this point. It is not represented verbatim for test purposes because
|
|
|
|
|
# that would interfere with repo semantics.
|
|
|
|
|
fileset.fileFilter (f: f.name != ".gitignore") ./.;
|
|
|
|
|
|
|
|
|
|
nixSrc = fileset.toSource {
|
|
|
|
|
root = ./.;
|
2023-10-05 16:12:18 +00:00
|
|
|
|
fileset = fileset.intersect baseFiles (fileset.unions [
|
|
|
|
|
./.version
|
|
|
|
|
./boehmgc-coroutine-sp-fallback.diff
|
|
|
|
|
./bootstrap.sh
|
|
|
|
|
./configure.ac
|
|
|
|
|
./doc
|
|
|
|
|
./local.mk
|
|
|
|
|
./m4
|
|
|
|
|
./Makefile
|
|
|
|
|
./Makefile.config.in
|
|
|
|
|
./misc
|
|
|
|
|
./mk
|
|
|
|
|
./precompiled-headers.h
|
|
|
|
|
./src
|
|
|
|
|
./tests/functional
|
2023-08-25 14:20:28 +00:00
|
|
|
|
./tests/unit
|
2023-10-05 16:12:18 +00:00
|
|
|
|
./COPYING
|
|
|
|
|
./scripts/local.mk
|
|
|
|
|
(fileset.fileFilter (f: lib.strings.hasPrefix "nix-profile" f.name) ./scripts)
|
|
|
|
|
# TODO: do we really need README.md? It doesn't seem used in the build.
|
|
|
|
|
./README.md
|
|
|
|
|
]);
|
Add positive source filter
Source filtering is a really cool Nix feature that lets us avoid a
lot of rebuilds, which speeds up the iteration cycle a lot in cases
where the relevant source files aren't actually modified.
We used to have a source filter that marked a few files as irrelevant,
but this is the wrong approach, as we have many more files that are
irrelevant. We may call this negative filtering.
This commit switches the source filtering to positive filtering, which
is a lot more robust. Instead of marking which files we don't need
we marked the files that we do need.
It's a superior approach because it is fail safe. Instead of allowing
build performance problems to creep in over time, we require that all
source inputs are declared.
I shouldn't have to explain that declaring inputs is a good practice,
so I'll stop over-explaining here.
I do have to acknowledge that this will cause a build failure when the
filter is incomplete. This is *good*, because it's the only realistic
way we could be reminded of these problems. These events will be
infrequent, so the small cost of extending the filter is worth it,
compared to the hidden cost of longer dev cycles for things like tests,
docker image, etc, etc.
(Also rebuilding Nix for stupid unnecessary reasons makes my blood boil)
2023-08-14 10:24:26 +00:00
|
|
|
|
};
|
Support non-x86_64-linux system types in flakes
A command like
$ nix run nixpkgs#hello
will now build the attribute 'packages.${system}.hello' rather than
'packages.hello'. Note that this does mean that the flake needs to
export an attribute for every system type it supports, and you can't
build on unsupported systems. So 'packages' typically looks like this:
packages = nixpkgs.lib.genAttrs ["x86_64-linux" "i686-linux"] (system: {
hello = ...;
});
The 'checks', 'defaultPackage', 'devShell', 'apps' and 'defaultApp'
outputs similarly are now attrsets that map system types to
derivations/apps. 'nix flake check' checks that the derivations for
all platforms evaluate correctly, but only builds the derivations in
'checks.${system}'.
Fixes #2861. (That issue also talks about access to ~/.config/nixpkgs
and --arg, but I think it's reasonable to say that flakes shouldn't
support those.)
The alternative to attribute selection is to pass the system type as
an argument to the flake's 'outputs' function, e.g. 'outputs = { self,
nixpkgs, system }: ...'. However, that approach would be at odds with
hermetic evaluation and make it impossible to enumerate the packages
provided by a flake.
2019-10-15 15:52:10 +00:00
|
|
|
|
|
2019-10-04 08:45:33 +00:00
|
|
|
|
# Memoize nixpkgs for different platforms for efficiency.
|
2022-03-02 02:40:18 +00:00
|
|
|
|
nixpkgsFor = forAllSystems
|
|
|
|
|
(system: let
|
|
|
|
|
make-pkgs = crossSystem: stdenv: import nixpkgs {
|
|
|
|
|
inherit system crossSystem;
|
|
|
|
|
overlays = [
|
|
|
|
|
(overlayFor (p: p.${stdenv}))
|
|
|
|
|
];
|
|
|
|
|
};
|
|
|
|
|
stdenvs = forAllStdenvs (make-pkgs null);
|
|
|
|
|
native = stdenvs.stdenvPackages;
|
|
|
|
|
in {
|
|
|
|
|
inherit stdenvs native;
|
|
|
|
|
static = native.pkgsStatic;
|
|
|
|
|
cross = forAllCrossSystems (crossSystem: make-pkgs crossSystem "stdenv");
|
|
|
|
|
});
|
2019-10-04 08:45:33 +00:00
|
|
|
|
|
2023-02-21 15:15:24 +00:00
|
|
|
|
commonDeps =
|
|
|
|
|
{ pkgs
|
|
|
|
|
, isStatic ? pkgs.stdenv.hostPlatform.isStatic
|
|
|
|
|
}:
|
|
|
|
|
with pkgs; rec {
|
2019-10-04 08:45:33 +00:00
|
|
|
|
# Use "busybox-sandbox-shell" if present,
|
|
|
|
|
# if not (legacy) fallback and hope it's sufficient.
|
|
|
|
|
sh = pkgs.busybox-sandbox-shell or (busybox.override {
|
|
|
|
|
useMusl = true;
|
|
|
|
|
enableStatic = true;
|
|
|
|
|
enableMinimal = true;
|
|
|
|
|
extraConfig = ''
|
|
|
|
|
CONFIG_FEATURE_FANCY_ECHO y
|
|
|
|
|
CONFIG_FEATURE_SH_MATH y
|
|
|
|
|
CONFIG_FEATURE_SH_MATH_64 y
|
|
|
|
|
|
|
|
|
|
CONFIG_ASH y
|
|
|
|
|
CONFIG_ASH_OPTIMIZE_FOR_SIZE y
|
|
|
|
|
|
|
|
|
|
CONFIG_ASH_ALIAS y
|
|
|
|
|
CONFIG_ASH_BASH_COMPAT y
|
|
|
|
|
CONFIG_ASH_CMDCMD y
|
|
|
|
|
CONFIG_ASH_ECHO y
|
|
|
|
|
CONFIG_ASH_GETOPTS y
|
|
|
|
|
CONFIG_ASH_INTERNAL_GLOB y
|
|
|
|
|
CONFIG_ASH_JOB_CONTROL y
|
|
|
|
|
CONFIG_ASH_PRINTF y
|
|
|
|
|
CONFIG_ASH_TEST y
|
|
|
|
|
'';
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
configureFlags =
|
2023-02-20 19:27:50 +00:00
|
|
|
|
lib.optionals stdenv.isLinux [
|
2021-10-23 13:32:48 +00:00
|
|
|
|
"--with-boost=${boost}/lib"
|
2019-10-04 08:45:33 +00:00
|
|
|
|
"--with-sandbox-shell=${sh}/bin/busybox"
|
2022-07-11 18:56:19 +00:00
|
|
|
|
]
|
|
|
|
|
++ lib.optionals (stdenv.isLinux && !(isStatic && stdenv.system == "aarch64-linux")) [
|
2020-09-23 14:05:47 +00:00
|
|
|
|
"LDFLAGS=-fuse-ld=gold"
|
2019-10-04 08:45:33 +00:00
|
|
|
|
];
|
2023-03-02 15:11:49 +00:00
|
|
|
|
|
2023-02-20 19:27:50 +00:00
|
|
|
|
testConfigureFlags = [
|
2023-02-13 17:37:35 +00:00
|
|
|
|
"RAPIDCHECK_HEADERS=${lib.getDev rapidcheck}/extras/gtest/include"
|
|
|
|
|
];
|
|
|
|
|
|
|
|
|
|
internalApiDocsConfigureFlags = [
|
|
|
|
|
"--enable-internal-api-docs"
|
2023-02-20 19:27:50 +00:00
|
|
|
|
];
|
2019-10-04 08:45:33 +00:00
|
|
|
|
|
2020-07-30 19:59:57 +00:00
|
|
|
|
nativeBuildDeps =
|
|
|
|
|
[
|
|
|
|
|
buildPackages.bison
|
|
|
|
|
buildPackages.flex
|
2021-09-27 08:31:13 +00:00
|
|
|
|
(lib.getBin buildPackages.lowdown-nix)
|
2020-09-04 02:40:36 +00:00
|
|
|
|
buildPackages.mdbook
|
2023-01-03 07:53:29 +00:00
|
|
|
|
buildPackages.mdbook-linkcheck
|
2020-09-04 02:30:12 +00:00
|
|
|
|
buildPackages.autoconf-archive
|
2020-07-30 19:59:57 +00:00
|
|
|
|
buildPackages.autoreconfHook
|
2021-12-15 18:13:06 +00:00
|
|
|
|
buildPackages.pkg-config
|
2020-07-30 19:59:57 +00:00
|
|
|
|
|
|
|
|
|
# Tests
|
|
|
|
|
buildPackages.git
|
2021-10-06 16:29:20 +00:00
|
|
|
|
buildPackages.mercurial # FIXME: remove? only needed for tests
|
2022-05-26 14:47:40 +00:00
|
|
|
|
buildPackages.jq # Also for custom mdBook preprocessor.
|
2021-03-24 13:50:15 +00:00
|
|
|
|
]
|
2021-06-25 20:51:02 +00:00
|
|
|
|
++ lib.optionals stdenv.hostPlatform.isLinux [(buildPackages.util-linuxMinimal or buildPackages.utillinuxMinimal)];
|
2020-07-30 19:59:57 +00:00
|
|
|
|
|
2020-03-13 17:28:01 +00:00
|
|
|
|
buildDeps =
|
2022-11-26 20:06:29 +00:00
|
|
|
|
[ curl
|
2021-04-15 11:51:00 +00:00
|
|
|
|
bzip2 xz brotli editline
|
2020-09-04 02:30:12 +00:00
|
|
|
|
openssl sqlite
|
2019-12-20 11:45:58 +00:00
|
|
|
|
libarchive
|
2019-10-04 08:45:33 +00:00
|
|
|
|
boost
|
2021-09-27 08:31:13 +00:00
|
|
|
|
lowdown-nix
|
2019-10-04 08:45:33 +00:00
|
|
|
|
]
|
2024-03-01 16:42:24 +00:00
|
|
|
|
++ lib.optionals stdenv.isDarwin [darwin.apple_sdk.libs.sandbox]
|
Require at least libseccomp 2.5.5
Closes #10585
As it turns out, libseccomp maintains an internal syscall table and
validates each rule against it. This means that when using libseccomp
2.5.4 or older, one may pass `452` as syscall number against it, but
since it doesn't exist in the internal structure, `libseccomp` will refuse
to create a filter for that. This happens with nixpkgs-23.11, i.e. on
stable NixOS and when building Nix against the project's flake.
To work around that
* a backport of libseccomp 2.5.5 on upstream nixpkgs has been
scheduled[1].
* the package now uses libseccomp 2.5.5 on its own already. This is to
provide a quick fix since the correct fix for 23.11 is still a staging cycle
away.
It must not be possible to build a Nix with an incompatible libseccomp
version (nothing can be built in a sandbox on Linux!), so configure.ac
rejects libseccomp if `__SNR_fchmodat2` is not defined.
We still need the compat header though since `SCMP_SYS(fchmodat2)`
internally transforms this into `__SNR_fchmodat2` which points to
`__NR_fchmodat2` from glibc 2.39, so it wouldn't build on glibc 2.38.
The updated syscall table from libseccomp 2.5.5 is NOT used for that
step, but used later, so we need both, our compat header and their
syscall table 🤷
[1] https://github.com/NixOS/nixpkgs/pull/306070
(cherry picked from commit 73918b0ae4f1bfbf0a11fb50df8b48f7135060ba)
2024-04-22 18:19:03 +00:00
|
|
|
|
++ lib.optionals stdenv.isLinux [(libseccomp.overrideAttrs (_: rec {
|
|
|
|
|
version = "2.5.5";
|
|
|
|
|
src = fetchurl {
|
|
|
|
|
url = "https://github.com/seccomp/libseccomp/releases/download/v${version}/libseccomp-${version}.tar.gz";
|
|
|
|
|
hash = "sha256-JIosik2bmFiqa69ScSw0r+/PnJ6Ut23OAsHJqiX7M3U=";
|
|
|
|
|
};
|
|
|
|
|
}))]
|
2021-02-16 13:32:12 +00:00
|
|
|
|
++ lib.optional (stdenv.isLinux || stdenv.isDarwin) libsodium
|
2021-03-09 17:40:16 +00:00
|
|
|
|
++ lib.optional stdenv.hostPlatform.isx86_64 libcpuid;
|
2020-07-30 19:59:57 +00:00
|
|
|
|
|
2023-02-20 19:27:50 +00:00
|
|
|
|
checkDeps = [
|
|
|
|
|
gtest
|
|
|
|
|
rapidcheck
|
|
|
|
|
];
|
|
|
|
|
|
2023-02-13 17:37:35 +00:00
|
|
|
|
internalApiDocsDeps = [
|
|
|
|
|
buildPackages.doxygen
|
|
|
|
|
];
|
|
|
|
|
|
2020-07-30 19:59:57 +00:00
|
|
|
|
awsDeps = lib.optional (stdenv.isLinux || stdenv.isDarwin)
|
|
|
|
|
(aws-sdk-cpp.override {
|
|
|
|
|
apis = ["s3" "transfer"];
|
|
|
|
|
customMemoryManagement = false;
|
|
|
|
|
});
|
2019-10-04 08:45:33 +00:00
|
|
|
|
|
2020-02-15 20:48:28 +00:00
|
|
|
|
propagatedDeps =
|
2023-01-24 13:57:18 +00:00
|
|
|
|
[ ((boehmgc.override {
|
2021-06-24 16:02:51 +00:00
|
|
|
|
enableLargeConfig = true;
|
2023-01-24 13:57:18 +00:00
|
|
|
|
}).overrideAttrs(o: {
|
|
|
|
|
patches = (o.patches or []) ++ [
|
|
|
|
|
./boehmgc-coroutine-sp-fallback.diff
|
|
|
|
|
];
|
2022-11-26 20:06:29 +00:00
|
|
|
|
})
|
2023-01-24 13:57:18 +00:00
|
|
|
|
)
|
2022-01-26 10:41:51 +00:00
|
|
|
|
nlohmann_json
|
2020-02-15 20:48:28 +00:00
|
|
|
|
];
|
2019-10-04 08:45:33 +00:00
|
|
|
|
};
|
|
|
|
|
|
2022-01-25 00:28:44 +00:00
|
|
|
|
installScriptFor = systems:
|
2022-03-02 02:40:18 +00:00
|
|
|
|
with nixpkgsFor.x86_64-linux.native;
|
2021-02-15 10:20:54 +00:00
|
|
|
|
runCommand "installer-script"
|
|
|
|
|
{ buildInputs = [ nix ];
|
|
|
|
|
}
|
|
|
|
|
''
|
|
|
|
|
mkdir -p $out/nix-support
|
|
|
|
|
|
2021-10-05 12:50:55 +00:00
|
|
|
|
# Converts /nix/store/50p3qk8k...-nix-2.4pre20201102_550e11f/bin/nix to 50p3qk8k.../bin/nix.
|
2021-02-15 10:20:54 +00:00
|
|
|
|
tarballPath() {
|
|
|
|
|
# Remove the store prefix
|
|
|
|
|
local path=''${1#${builtins.storeDir}/}
|
|
|
|
|
# Get the path relative to the derivation root
|
|
|
|
|
local rest=''${path#*/}
|
|
|
|
|
# Get the derivation hash
|
|
|
|
|
local drvHash=''${path%%-*}
|
|
|
|
|
echo "$drvHash/$rest"
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
substitute ${./scripts/install.in} $out/install \
|
|
|
|
|
${pkgs.lib.concatMapStrings
|
2021-06-26 05:12:03 +00:00
|
|
|
|
(system: let
|
|
|
|
|
tarball = if builtins.elem system crossSystems then self.hydraJobs.binaryTarballCross.x86_64-linux.${system} else self.hydraJobs.binaryTarball.${system};
|
|
|
|
|
in '' \
|
|
|
|
|
--replace '@tarballHash_${system}@' $(nix --experimental-features nix-command hash-file --base16 --type sha256 ${tarball}/*.tar.xz) \
|
|
|
|
|
--replace '@tarballPath_${system}@' $(tarballPath ${tarball}/*.tar.xz) \
|
2021-02-15 10:20:54 +00:00
|
|
|
|
''
|
|
|
|
|
)
|
|
|
|
|
systems
|
|
|
|
|
} --replace '@nixVersion@' ${version}
|
|
|
|
|
|
|
|
|
|
echo "file installer $out/install" >> $out/nix-support/hydra-build-products
|
|
|
|
|
'';
|
|
|
|
|
|
2022-07-11 18:56:19 +00:00
|
|
|
|
testNixVersions = pkgs: client: daemon: with commonDeps { inherit pkgs; }; with pkgs.lib; pkgs.stdenv.mkDerivation {
|
2021-03-16 12:43:08 +00:00
|
|
|
|
NIX_DAEMON_PACKAGE = daemon;
|
|
|
|
|
NIX_CLIENT_PACKAGE = client;
|
2021-10-05 12:50:55 +00:00
|
|
|
|
name =
|
|
|
|
|
"nix-tests"
|
|
|
|
|
+ optionalString
|
|
|
|
|
(versionAtLeast daemon.version "2.4pre20211005" &&
|
|
|
|
|
versionAtLeast client.version "2.4pre20211005")
|
|
|
|
|
"-${client.version}-against-${daemon.version}";
|
2021-03-16 12:43:08 +00:00
|
|
|
|
inherit version;
|
|
|
|
|
|
Add positive source filter
Source filtering is a really cool Nix feature that lets us avoid a
lot of rebuilds, which speeds up the iteration cycle a lot in cases
where the relevant source files aren't actually modified.
We used to have a source filter that marked a few files as irrelevant,
but this is the wrong approach, as we have many more files that are
irrelevant. We may call this negative filtering.
This commit switches the source filtering to positive filtering, which
is a lot more robust. Instead of marking which files we don't need
we marked the files that we do need.
It's a superior approach because it is fail safe. Instead of allowing
build performance problems to creep in over time, we require that all
source inputs are declared.
I shouldn't have to explain that declaring inputs is a good practice,
so I'll stop over-explaining here.
I do have to acknowledge that this will cause a build failure when the
filter is incomplete. This is *good*, because it's the only realistic
way we could be reminded of these problems. These events will be
infrequent, so the small cost of extending the filter is worth it,
compared to the hidden cost of longer dev cycles for things like tests,
docker image, etc, etc.
(Also rebuilding Nix for stupid unnecessary reasons makes my blood boil)
2023-08-14 10:24:26 +00:00
|
|
|
|
src = nixSrc;
|
2021-03-16 12:43:08 +00:00
|
|
|
|
|
|
|
|
|
VERSION_SUFFIX = versionSuffix;
|
|
|
|
|
|
|
|
|
|
nativeBuildInputs = nativeBuildDeps;
|
2023-02-20 19:27:50 +00:00
|
|
|
|
buildInputs = buildDeps ++ awsDeps ++ checkDeps;
|
2021-03-16 12:43:08 +00:00
|
|
|
|
propagatedBuildInputs = propagatedDeps;
|
|
|
|
|
|
|
|
|
|
enableParallelBuilding = true;
|
|
|
|
|
|
2023-04-09 00:33:53 +00:00
|
|
|
|
configureFlags = testConfigureFlags; # otherwise configure fails
|
2021-03-16 12:43:08 +00:00
|
|
|
|
dontBuild = true;
|
|
|
|
|
doInstallCheck = true;
|
|
|
|
|
|
|
|
|
|
installPhase = ''
|
|
|
|
|
mkdir -p $out
|
|
|
|
|
'';
|
|
|
|
|
|
2021-09-14 09:34:17 +00:00
|
|
|
|
installCheckPhase = "make installcheck -j$NIX_BUILD_CORES -l$NIX_BUILD_CORES";
|
2021-03-16 12:43:08 +00:00
|
|
|
|
};
|
|
|
|
|
|
2022-03-02 02:40:18 +00:00
|
|
|
|
binaryTarball = nix: pkgs:
|
2022-01-25 00:28:44 +00:00
|
|
|
|
let
|
2022-03-02 02:40:18 +00:00
|
|
|
|
inherit (pkgs) buildPackages;
|
2022-01-25 00:28:44 +00:00
|
|
|
|
inherit (pkgs) cacert;
|
|
|
|
|
installerClosureInfo = buildPackages.closureInfo { rootPaths = [ nix cacert ]; };
|
|
|
|
|
in
|
|
|
|
|
|
|
|
|
|
buildPackages.runCommand "nix-binary-tarball-${version}"
|
|
|
|
|
{ #nativeBuildInputs = lib.optional (system != "aarch64-linux") shellcheck;
|
|
|
|
|
meta.description = "Distribution-independent Nix bootstrap binaries for ${pkgs.system}";
|
|
|
|
|
}
|
|
|
|
|
''
|
|
|
|
|
cp ${installerClosureInfo}/registration $TMPDIR/reginfo
|
|
|
|
|
cp ${./scripts/create-darwin-volume.sh} $TMPDIR/create-darwin-volume.sh
|
|
|
|
|
substitute ${./scripts/install-nix-from-closure.sh} $TMPDIR/install \
|
|
|
|
|
--subst-var-by nix ${nix} \
|
|
|
|
|
--subst-var-by cacert ${cacert}
|
|
|
|
|
|
|
|
|
|
substitute ${./scripts/install-darwin-multi-user.sh} $TMPDIR/install-darwin-multi-user.sh \
|
|
|
|
|
--subst-var-by nix ${nix} \
|
|
|
|
|
--subst-var-by cacert ${cacert}
|
|
|
|
|
substitute ${./scripts/install-systemd-multi-user.sh} $TMPDIR/install-systemd-multi-user.sh \
|
|
|
|
|
--subst-var-by nix ${nix} \
|
|
|
|
|
--subst-var-by cacert ${cacert}
|
|
|
|
|
substitute ${./scripts/install-multi-user.sh} $TMPDIR/install-multi-user \
|
|
|
|
|
--subst-var-by nix ${nix} \
|
|
|
|
|
--subst-var-by cacert ${cacert}
|
|
|
|
|
|
|
|
|
|
if type -p shellcheck; then
|
|
|
|
|
# SC1090: Don't worry about not being able to find
|
|
|
|
|
# $nix/etc/profile.d/nix.sh
|
|
|
|
|
shellcheck --exclude SC1090 $TMPDIR/install
|
|
|
|
|
shellcheck $TMPDIR/create-darwin-volume.sh
|
|
|
|
|
shellcheck $TMPDIR/install-darwin-multi-user.sh
|
|
|
|
|
shellcheck $TMPDIR/install-systemd-multi-user.sh
|
|
|
|
|
|
|
|
|
|
# SC1091: Don't panic about not being able to source
|
|
|
|
|
# /etc/profile
|
|
|
|
|
# SC2002: Ignore "useless cat" "error", when loading
|
|
|
|
|
# .reginfo, as the cat is a much cleaner
|
|
|
|
|
# implementation, even though it is "useless"
|
|
|
|
|
# SC2116: Allow ROOT_HOME=$(echo ~root) for resolving
|
|
|
|
|
# root's home directory
|
|
|
|
|
shellcheck --external-sources \
|
|
|
|
|
--exclude SC1091,SC2002,SC2116 $TMPDIR/install-multi-user
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
chmod +x $TMPDIR/install
|
|
|
|
|
chmod +x $TMPDIR/create-darwin-volume.sh
|
|
|
|
|
chmod +x $TMPDIR/install-darwin-multi-user.sh
|
|
|
|
|
chmod +x $TMPDIR/install-systemd-multi-user.sh
|
|
|
|
|
chmod +x $TMPDIR/install-multi-user
|
|
|
|
|
dir=nix-${version}-${pkgs.system}
|
|
|
|
|
fn=$out/$dir.tar.xz
|
|
|
|
|
mkdir -p $out/nix-support
|
|
|
|
|
echo "file binary-dist $fn" >> $out/nix-support/hydra-build-products
|
|
|
|
|
tar cvfJ $fn \
|
|
|
|
|
--owner=0 --group=0 --mode=u+rw,uga+r \
|
2022-09-05 12:44:01 +00:00
|
|
|
|
--mtime='1970-01-01' \
|
2022-01-25 00:28:44 +00:00
|
|
|
|
--absolute-names \
|
|
|
|
|
--hard-dereference \
|
|
|
|
|
--transform "s,$TMPDIR/install,$dir/install," \
|
|
|
|
|
--transform "s,$TMPDIR/create-darwin-volume.sh,$dir/create-darwin-volume.sh," \
|
|
|
|
|
--transform "s,$TMPDIR/reginfo,$dir/.reginfo," \
|
|
|
|
|
--transform "s,$NIX_STORE,$dir/store,S" \
|
|
|
|
|
$TMPDIR/install \
|
|
|
|
|
$TMPDIR/create-darwin-volume.sh \
|
|
|
|
|
$TMPDIR/install-darwin-multi-user.sh \
|
|
|
|
|
$TMPDIR/install-systemd-multi-user.sh \
|
|
|
|
|
$TMPDIR/install-multi-user \
|
|
|
|
|
$TMPDIR/reginfo \
|
|
|
|
|
$(cat ${installerClosureInfo}/store-paths)
|
|
|
|
|
'';
|
2021-06-26 05:12:03 +00:00
|
|
|
|
|
2021-07-08 15:01:51 +00:00
|
|
|
|
overlayFor = getStdenv: final: prev:
|
2022-01-25 00:28:44 +00:00
|
|
|
|
let currentStdenv = getStdenv final; in
|
|
|
|
|
{
|
|
|
|
|
nixStable = prev.nix;
|
2020-11-10 09:43:33 +00:00
|
|
|
|
|
2022-01-25 00:28:44 +00:00
|
|
|
|
# Forward from the previous stage as we don’t want it to pick the lowdown override
|
|
|
|
|
nixUnstable = prev.nixUnstable;
|
2021-09-20 12:37:09 +00:00
|
|
|
|
|
2023-02-21 15:15:24 +00:00
|
|
|
|
nix =
|
|
|
|
|
with final;
|
|
|
|
|
with commonDeps {
|
|
|
|
|
inherit pkgs;
|
|
|
|
|
inherit (currentStdenv.hostPlatform) isStatic;
|
|
|
|
|
};
|
|
|
|
|
let
|
2022-03-02 02:40:18 +00:00
|
|
|
|
canRunInstalled = currentStdenv.buildPlatform.canExecute currentStdenv.hostPlatform;
|
2023-02-20 19:27:50 +00:00
|
|
|
|
in currentStdenv.mkDerivation (finalAttrs: {
|
2022-01-25 00:28:44 +00:00
|
|
|
|
name = "nix-${version}";
|
|
|
|
|
inherit version;
|
2020-03-13 17:28:01 +00:00
|
|
|
|
|
Add positive source filter
Source filtering is a really cool Nix feature that lets us avoid a
lot of rebuilds, which speeds up the iteration cycle a lot in cases
where the relevant source files aren't actually modified.
We used to have a source filter that marked a few files as irrelevant,
but this is the wrong approach, as we have many more files that are
irrelevant. We may call this negative filtering.
This commit switches the source filtering to positive filtering, which
is a lot more robust. Instead of marking which files we don't need
we marked the files that we do need.
It's a superior approach because it is fail safe. Instead of allowing
build performance problems to creep in over time, we require that all
source inputs are declared.
I shouldn't have to explain that declaring inputs is a good practice,
so I'll stop over-explaining here.
I do have to acknowledge that this will cause a build failure when the
filter is incomplete. This is *good*, because it's the only realistic
way we could be reminded of these problems. These events will be
infrequent, so the small cost of extending the filter is worth it,
compared to the hidden cost of longer dev cycles for things like tests,
docker image, etc, etc.
(Also rebuilding Nix for stupid unnecessary reasons makes my blood boil)
2023-08-14 10:24:26 +00:00
|
|
|
|
src = nixSrc;
|
2022-01-25 00:28:44 +00:00
|
|
|
|
VERSION_SUFFIX = versionSuffix;
|
2020-03-31 22:20:12 +00:00
|
|
|
|
|
2022-01-25 00:28:44 +00:00
|
|
|
|
outputs = [ "out" "dev" "doc" ];
|
2019-10-07 12:02:52 +00:00
|
|
|
|
|
2022-01-25 00:28:44 +00:00
|
|
|
|
nativeBuildInputs = nativeBuildDeps;
|
2022-03-02 02:40:18 +00:00
|
|
|
|
buildInputs = buildDeps
|
|
|
|
|
# There have been issues building these dependencies
|
2023-02-20 19:27:50 +00:00
|
|
|
|
++ lib.optionals (currentStdenv.hostPlatform == currentStdenv.buildPlatform) awsDeps
|
|
|
|
|
++ lib.optionals finalAttrs.doCheck checkDeps;
|
2019-10-04 08:45:33 +00:00
|
|
|
|
|
2022-01-25 00:28:44 +00:00
|
|
|
|
propagatedBuildInputs = propagatedDeps;
|
2020-02-15 20:48:28 +00:00
|
|
|
|
|
2022-01-25 00:28:44 +00:00
|
|
|
|
disallowedReferences = [ boost ];
|
2022-01-14 14:41:14 +00:00
|
|
|
|
|
2022-03-02 02:40:18 +00:00
|
|
|
|
preConfigure = lib.optionalString (! currentStdenv.hostPlatform.isStatic)
|
2022-01-25 00:28:44 +00:00
|
|
|
|
''
|
|
|
|
|
# Copy libboost_context so we don't get all of Boost in our closure.
|
|
|
|
|
# https://github.com/NixOS/nixpkgs/issues/45462
|
|
|
|
|
mkdir -p $out/lib
|
|
|
|
|
cp -pd ${boost}/lib/{libboost_context*,libboost_thread*,libboost_system*} $out/lib
|
|
|
|
|
rm -f $out/lib/*.a
|
2022-03-02 02:40:18 +00:00
|
|
|
|
${lib.optionalString currentStdenv.hostPlatform.isLinux ''
|
2022-01-25 00:28:44 +00:00
|
|
|
|
chmod u+w $out/lib/*.so.*
|
|
|
|
|
patchelf --set-rpath $out/lib:${currentStdenv.cc.cc.lib}/lib $out/lib/libboost_thread.so.*
|
|
|
|
|
''}
|
2022-03-02 02:40:18 +00:00
|
|
|
|
${lib.optionalString currentStdenv.hostPlatform.isDarwin ''
|
2022-01-25 00:28:44 +00:00
|
|
|
|
for LIB in $out/lib/*.dylib; do
|
|
|
|
|
chmod u+w $LIB
|
|
|
|
|
install_name_tool -id $LIB $LIB
|
2022-06-08 11:39:44 +00:00
|
|
|
|
install_name_tool -delete_rpath ${boost}/lib/ $LIB || true
|
2022-01-25 00:28:44 +00:00
|
|
|
|
done
|
|
|
|
|
install_name_tool -change ${boost}/lib/libboost_system.dylib $out/lib/libboost_system.dylib $out/lib/libboost_thread.dylib
|
|
|
|
|
''}
|
|
|
|
|
'';
|
2019-10-04 08:45:33 +00:00
|
|
|
|
|
2022-01-25 00:28:44 +00:00
|
|
|
|
configureFlags = configureFlags ++
|
2022-03-02 02:40:18 +00:00
|
|
|
|
[ "--sysconfdir=/etc" ] ++
|
|
|
|
|
lib.optional stdenv.hostPlatform.isStatic "--enable-embedded-sandbox-shell" ++
|
2023-02-28 14:56:46 +00:00
|
|
|
|
[ (lib.enableFeature finalAttrs.doCheck "tests") ] ++
|
|
|
|
|
lib.optionals finalAttrs.doCheck testConfigureFlags ++
|
2022-03-02 02:40:18 +00:00
|
|
|
|
lib.optional (!canRunInstalled) "--disable-doc-gen";
|
2019-10-04 08:45:33 +00:00
|
|
|
|
|
2022-01-25 00:28:44 +00:00
|
|
|
|
enableParallelBuilding = true;
|
2019-10-04 08:45:33 +00:00
|
|
|
|
|
2022-01-25 00:28:44 +00:00
|
|
|
|
makeFlags = "profiledir=$(out)/etc/profile.d PRECOMPILE_HEADERS=1";
|
2019-10-04 08:45:33 +00:00
|
|
|
|
|
2022-01-25 00:28:44 +00:00
|
|
|
|
doCheck = true;
|
2020-03-13 17:28:01 +00:00
|
|
|
|
|
2022-01-25 00:28:44 +00:00
|
|
|
|
installFlags = "sysconfdir=$(out)/etc";
|
2019-10-04 08:45:33 +00:00
|
|
|
|
|
2022-01-25 00:28:44 +00:00
|
|
|
|
postInstall = ''
|
|
|
|
|
mkdir -p $doc/nix-support
|
|
|
|
|
echo "doc manual $doc/share/doc/nix/manual" >> $doc/nix-support/hydra-build-products
|
2023-03-02 18:02:55 +00:00
|
|
|
|
${lib.optionalString currentStdenv.hostPlatform.isStatic ''
|
|
|
|
|
mkdir -p $out/nix-support
|
|
|
|
|
echo "file binary-dist $out/bin/nix" >> $out/nix-support/hydra-build-products
|
|
|
|
|
''}
|
2022-01-25 00:28:44 +00:00
|
|
|
|
${lib.optionalString currentStdenv.isDarwin ''
|
|
|
|
|
install_name_tool \
|
|
|
|
|
-change ${boost}/lib/libboost_context.dylib \
|
|
|
|
|
$out/lib/libboost_context.dylib \
|
|
|
|
|
$out/lib/libnixutil.dylib
|
|
|
|
|
''}
|
|
|
|
|
'';
|
2020-05-28 10:55:24 +00:00
|
|
|
|
|
2023-02-20 19:27:50 +00:00
|
|
|
|
doInstallCheck = finalAttrs.doCheck;
|
2022-01-25 00:28:44 +00:00
|
|
|
|
installCheckFlags = "sysconfdir=$(out)/etc";
|
2023-03-08 12:38:04 +00:00
|
|
|
|
installCheckTarget = "installcheck"; # work around buggy detection in stdenv
|
2020-02-15 20:30:26 +00:00
|
|
|
|
|
2023-02-22 13:10:07 +00:00
|
|
|
|
separateDebugInfo = !currentStdenv.hostPlatform.isStatic;
|
2019-10-04 08:45:33 +00:00
|
|
|
|
|
2022-01-25 00:28:44 +00:00
|
|
|
|
strictDeps = true;
|
2021-03-23 11:06:43 +00:00
|
|
|
|
|
2022-03-02 02:40:18 +00:00
|
|
|
|
hardeningDisable = lib.optional stdenv.hostPlatform.isStatic "pie";
|
|
|
|
|
|
2022-05-30 12:01:35 +00:00
|
|
|
|
passthru.perl-bindings = with final; perl.pkgs.toPerlModule (currentStdenv.mkDerivation {
|
2022-01-25 00:28:44 +00:00
|
|
|
|
name = "nix-perl-${version}";
|
2020-03-13 17:28:01 +00:00
|
|
|
|
|
2022-01-25 00:28:44 +00:00
|
|
|
|
src = self;
|
2019-10-04 08:45:33 +00:00
|
|
|
|
|
2022-01-25 00:28:44 +00:00
|
|
|
|
nativeBuildInputs =
|
|
|
|
|
[ buildPackages.autoconf-archive
|
|
|
|
|
buildPackages.autoreconfHook
|
|
|
|
|
buildPackages.pkg-config
|
|
|
|
|
];
|
2020-09-04 02:30:12 +00:00
|
|
|
|
|
2022-01-25 00:28:44 +00:00
|
|
|
|
buildInputs =
|
|
|
|
|
[ nix
|
2022-11-26 20:06:29 +00:00
|
|
|
|
curl
|
2022-01-25 00:28:44 +00:00
|
|
|
|
bzip2
|
|
|
|
|
xz
|
|
|
|
|
pkgs.perl
|
|
|
|
|
boost
|
|
|
|
|
]
|
|
|
|
|
++ lib.optional (currentStdenv.isLinux || currentStdenv.isDarwin) libsodium
|
2024-10-31 11:47:51 +00:00
|
|
|
|
++ lib.optional currentStdenv.isDarwin darwin.apple_sdk.frameworks.Security
|
|
|
|
|
++ lib.optional stdenv.hostPlatform.isDarwin darwin.apple_sdk.libs.sandbox;
|
2019-10-04 08:45:33 +00:00
|
|
|
|
|
2022-06-07 11:59:36 +00:00
|
|
|
|
configureFlags = [
|
|
|
|
|
"--with-dbi=${perlPackages.DBI}/${pkgs.perl.libPrefix}"
|
|
|
|
|
"--with-dbd-sqlite=${perlPackages.DBDSQLite}/${pkgs.perl.libPrefix}"
|
|
|
|
|
];
|
2019-10-04 15:25:59 +00:00
|
|
|
|
|
2022-01-25 00:28:44 +00:00
|
|
|
|
enableParallelBuilding = true;
|
2019-10-04 08:45:33 +00:00
|
|
|
|
|
2022-01-25 00:28:44 +00:00
|
|
|
|
postUnpack = "sourceRoot=$sourceRoot/perl";
|
2022-05-30 12:01:35 +00:00
|
|
|
|
});
|
2022-01-25 00:28:44 +00:00
|
|
|
|
|
2022-03-02 02:40:18 +00:00
|
|
|
|
meta.platforms = lib.platforms.unix;
|
2023-02-20 19:27:50 +00:00
|
|
|
|
});
|
2019-10-04 08:45:33 +00:00
|
|
|
|
|
2022-01-25 00:28:44 +00:00
|
|
|
|
lowdown-nix = with final; currentStdenv.mkDerivation rec {
|
|
|
|
|
name = "lowdown-0.9.0";
|
2020-07-22 11:51:11 +00:00
|
|
|
|
|
2022-01-25 00:28:44 +00:00
|
|
|
|
src = lowdown-src;
|
2020-07-22 11:51:11 +00:00
|
|
|
|
|
2022-01-25 00:28:44 +00:00
|
|
|
|
outputs = [ "out" "bin" "dev" ];
|
2020-07-22 11:51:11 +00:00
|
|
|
|
|
2022-01-25 00:28:44 +00:00
|
|
|
|
nativeBuildInputs = [ buildPackages.which ];
|
2020-07-22 11:51:11 +00:00
|
|
|
|
|
2022-01-25 00:28:44 +00:00
|
|
|
|
configurePhase = ''
|
|
|
|
|
${if (currentStdenv.isDarwin && currentStdenv.isAarch64) then "echo \"HAVE_SANDBOX_INIT=false\" > configure.local" else ""}
|
|
|
|
|
./configure \
|
|
|
|
|
PREFIX=${placeholder "dev"} \
|
|
|
|
|
BINDIR=${placeholder "bin"}/bin
|
|
|
|
|
'';
|
|
|
|
|
};
|
2020-07-22 11:51:11 +00:00
|
|
|
|
};
|
2020-03-13 17:31:16 +00:00
|
|
|
|
|
2023-01-20 14:32:31 +00:00
|
|
|
|
nixos-lib = import (nixpkgs + "/nixos/lib") { };
|
|
|
|
|
|
|
|
|
|
# https://nixos.org/manual/nixos/unstable/index.html#sec-calling-nixos-tests
|
|
|
|
|
runNixOSTestFor = system: test: nixos-lib.runTest {
|
|
|
|
|
imports = [ test ];
|
2022-03-02 02:40:18 +00:00
|
|
|
|
hostPkgs = nixpkgsFor.${system}.native;
|
2023-01-20 14:32:31 +00:00
|
|
|
|
defaults = {
|
2022-03-02 02:40:18 +00:00
|
|
|
|
nixpkgs.pkgs = nixpkgsFor.${system}.native;
|
2023-01-20 14:32:31 +00:00
|
|
|
|
};
|
|
|
|
|
_module.args.nixpkgs = nixpkgs;
|
|
|
|
|
};
|
|
|
|
|
|
2021-07-08 15:01:51 +00:00
|
|
|
|
in {
|
|
|
|
|
# A Nixpkgs overlay that overrides the 'nix' and
|
|
|
|
|
# 'nix.perl-bindings' packages.
|
2022-02-11 14:05:07 +00:00
|
|
|
|
overlays.default = overlayFor (p: p.stdenv);
|
2021-07-08 15:01:51 +00:00
|
|
|
|
|
2020-03-13 17:31:16 +00:00
|
|
|
|
hydraJobs = {
|
|
|
|
|
|
2019-10-04 08:45:33 +00:00
|
|
|
|
# Binary package for various platforms.
|
2022-03-02 02:40:18 +00:00
|
|
|
|
build = forAllSystems (system: self.packages.${system}.nix);
|
2020-07-30 19:59:57 +00:00
|
|
|
|
|
2022-03-02 02:40:18 +00:00
|
|
|
|
buildStatic = lib.genAttrs linux64BitSystems (system: self.packages.${system}.nix-static);
|
2019-10-04 08:45:33 +00:00
|
|
|
|
|
2022-03-02 02:40:18 +00:00
|
|
|
|
buildCross = forAllCrossSystems (crossSystem:
|
|
|
|
|
lib.genAttrs ["x86_64-linux"] (system: self.packages.${system}."nix-${crossSystem}"));
|
2021-02-06 00:07:48 +00:00
|
|
|
|
|
2022-03-02 02:40:18 +00:00
|
|
|
|
buildNoGc = forAllSystems (system: self.packages.${system}.nix.overrideAttrs (a: { configureFlags = (a.configureFlags or []) ++ ["--enable-gc=no"];}));
|
2022-12-13 09:44:07 +00:00
|
|
|
|
|
2023-02-20 19:27:50 +00:00
|
|
|
|
buildNoTests = forAllSystems (system:
|
|
|
|
|
self.packages.${system}.nix.overrideAttrs (a: {
|
|
|
|
|
doCheck =
|
|
|
|
|
assert ! a?dontCheck;
|
|
|
|
|
false;
|
|
|
|
|
})
|
|
|
|
|
);
|
|
|
|
|
|
2019-10-04 08:45:33 +00:00
|
|
|
|
# Perl bindings for various platforms.
|
2022-03-02 02:40:18 +00:00
|
|
|
|
perlBindings = forAllSystems (system: nixpkgsFor.${system}.native.nix.perl-bindings);
|
2019-10-04 08:45:33 +00:00
|
|
|
|
|
|
|
|
|
# Binary tarball for various platforms, containing a Nix store
|
|
|
|
|
# with the closure of 'nix' package, and the second half of
|
|
|
|
|
# the installation script.
|
2022-03-02 02:40:18 +00:00
|
|
|
|
binaryTarball = forAllSystems (system: binaryTarball nixpkgsFor.${system}.native.nix nixpkgsFor.${system}.native);
|
|
|
|
|
|
|
|
|
|
binaryTarballCross = lib.genAttrs ["x86_64-linux"] (system:
|
|
|
|
|
forAllCrossSystems (crossSystem:
|
|
|
|
|
binaryTarball
|
|
|
|
|
self.packages.${system}."nix-${crossSystem}"
|
|
|
|
|
nixpkgsFor.${system}.cross.${crossSystem}));
|
2019-10-04 08:45:33 +00:00
|
|
|
|
|
|
|
|
|
# The first half of the installation script. This is uploaded
|
|
|
|
|
# to https://nixos.org/nix/install. It downloads the binary
|
|
|
|
|
# tarball for the user's system and calls the second half of the
|
|
|
|
|
# installation script.
|
2021-06-26 05:12:03 +00:00
|
|
|
|
installerScript = installScriptFor [ "x86_64-linux" "i686-linux" "aarch64-linux" "x86_64-darwin" "aarch64-darwin" "armv6l-linux" "armv7l-linux" ];
|
2024-09-09 15:42:20 +00:00
|
|
|
|
installerScriptForGHA = installScriptFor [ "x86_64-linux" "aarch64-darwin" "armv6l-linux" "armv7l-linux"];
|
2019-10-04 08:45:33 +00:00
|
|
|
|
|
2021-10-30 22:22:35 +00:00
|
|
|
|
# docker image with Nix inside
|
2022-03-02 02:40:18 +00:00
|
|
|
|
dockerImage = lib.genAttrs linux64BitSystems (system: self.packages.${system}.dockerImage);
|
2021-10-30 22:22:35 +00:00
|
|
|
|
|
2019-10-04 08:45:33 +00:00
|
|
|
|
# Line coverage analysis.
|
|
|
|
|
coverage =
|
2022-03-02 02:40:18 +00:00
|
|
|
|
with nixpkgsFor.x86_64-linux.native;
|
2022-07-11 18:56:19 +00:00
|
|
|
|
with commonDeps { inherit pkgs; };
|
2019-10-04 08:45:33 +00:00
|
|
|
|
|
|
|
|
|
releaseTools.coverageAnalysis {
|
2020-03-13 17:28:01 +00:00
|
|
|
|
name = "nix-coverage-${version}";
|
|
|
|
|
|
Add positive source filter
Source filtering is a really cool Nix feature that lets us avoid a
lot of rebuilds, which speeds up the iteration cycle a lot in cases
where the relevant source files aren't actually modified.
We used to have a source filter that marked a few files as irrelevant,
but this is the wrong approach, as we have many more files that are
irrelevant. We may call this negative filtering.
This commit switches the source filtering to positive filtering, which
is a lot more robust. Instead of marking which files we don't need
we marked the files that we do need.
It's a superior approach because it is fail safe. Instead of allowing
build performance problems to creep in over time, we require that all
source inputs are declared.
I shouldn't have to explain that declaring inputs is a good practice,
so I'll stop over-explaining here.
I do have to acknowledge that this will cause a build failure when the
filter is incomplete. This is *good*, because it's the only realistic
way we could be reminded of these problems. These events will be
infrequent, so the small cost of extending the filter is worth it,
compared to the hidden cost of longer dev cycles for things like tests,
docker image, etc, etc.
(Also rebuilding Nix for stupid unnecessary reasons makes my blood boil)
2023-08-14 10:24:26 +00:00
|
|
|
|
src = nixSrc;
|
2019-10-04 08:45:33 +00:00
|
|
|
|
|
2023-02-13 17:37:35 +00:00
|
|
|
|
configureFlags = testConfigureFlags;
|
2023-01-25 00:19:19 +00:00
|
|
|
|
|
2020-01-21 20:18:52 +00:00
|
|
|
|
enableParallelBuilding = true;
|
|
|
|
|
|
2020-07-30 19:59:57 +00:00
|
|
|
|
nativeBuildInputs = nativeBuildDeps;
|
2023-03-08 13:19:43 +00:00
|
|
|
|
buildInputs = buildDeps ++ propagatedDeps ++ awsDeps ++ checkDeps;
|
2019-10-04 08:45:33 +00:00
|
|
|
|
|
|
|
|
|
dontInstall = false;
|
|
|
|
|
|
|
|
|
|
doInstallCheck = true;
|
2023-03-08 13:19:43 +00:00
|
|
|
|
installCheckTarget = "installcheck"; # work around buggy detection in stdenv
|
2019-10-04 08:45:33 +00:00
|
|
|
|
|
2019-11-08 13:29:10 +00:00
|
|
|
|
lcovFilter = [ "*/boost/*" "*-tab.*" ];
|
2019-10-04 08:45:33 +00:00
|
|
|
|
|
2023-03-08 13:19:43 +00:00
|
|
|
|
hardeningDisable = ["fortify"];
|
2023-09-19 14:04:00 +00:00
|
|
|
|
|
|
|
|
|
NIX_CFLAGS_COMPILE = "-DCOVERAGE=1";
|
2019-10-04 08:45:33 +00:00
|
|
|
|
};
|
|
|
|
|
|
2023-02-13 17:37:35 +00:00
|
|
|
|
# API docs for Nix's unstable internal C++ interfaces.
|
|
|
|
|
internal-api-docs =
|
|
|
|
|
with nixpkgsFor.x86_64-linux.native;
|
|
|
|
|
with commonDeps { inherit pkgs; };
|
|
|
|
|
|
|
|
|
|
stdenv.mkDerivation {
|
|
|
|
|
pname = "nix-internal-api-docs";
|
|
|
|
|
inherit version;
|
|
|
|
|
|
Add positive source filter
Source filtering is a really cool Nix feature that lets us avoid a
lot of rebuilds, which speeds up the iteration cycle a lot in cases
where the relevant source files aren't actually modified.
We used to have a source filter that marked a few files as irrelevant,
but this is the wrong approach, as we have many more files that are
irrelevant. We may call this negative filtering.
This commit switches the source filtering to positive filtering, which
is a lot more robust. Instead of marking which files we don't need
we marked the files that we do need.
It's a superior approach because it is fail safe. Instead of allowing
build performance problems to creep in over time, we require that all
source inputs are declared.
I shouldn't have to explain that declaring inputs is a good practice,
so I'll stop over-explaining here.
I do have to acknowledge that this will cause a build failure when the
filter is incomplete. This is *good*, because it's the only realistic
way we could be reminded of these problems. These events will be
infrequent, so the small cost of extending the filter is worth it,
compared to the hidden cost of longer dev cycles for things like tests,
docker image, etc, etc.
(Also rebuilding Nix for stupid unnecessary reasons makes my blood boil)
2023-08-14 10:24:26 +00:00
|
|
|
|
src = nixSrc;
|
2023-02-13 17:37:35 +00:00
|
|
|
|
|
|
|
|
|
configureFlags = testConfigureFlags ++ internalApiDocsConfigureFlags;
|
|
|
|
|
|
|
|
|
|
nativeBuildInputs = nativeBuildDeps;
|
|
|
|
|
buildInputs = buildDeps ++ propagatedDeps
|
|
|
|
|
++ awsDeps ++ checkDeps ++ internalApiDocsDeps;
|
|
|
|
|
|
|
|
|
|
dontBuild = true;
|
|
|
|
|
|
|
|
|
|
installTargets = [ "internal-api-html" ];
|
|
|
|
|
|
|
|
|
|
postInstall = ''
|
|
|
|
|
mkdir -p $out/nix-support
|
2023-03-20 12:13:57 +00:00
|
|
|
|
echo "doc internal-api-docs $out/share/doc/nix/internal-api/html" >> $out/nix-support/hydra-build-products
|
2023-02-13 17:37:35 +00:00
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
|
2019-10-04 08:45:33 +00:00
|
|
|
|
# System tests.
|
2023-02-07 15:36:10 +00:00
|
|
|
|
tests.authorization = runNixOSTestFor "x86_64-linux" ./tests/nixos/authorization.nix;
|
|
|
|
|
|
2024-10-14 13:52:21 +00:00
|
|
|
|
tests.fetchurl = runNixOSTestFor "x86_64-linux" ./tests/nixos/fetchurl.nix;
|
|
|
|
|
|
2023-01-20 14:32:31 +00:00
|
|
|
|
tests.remoteBuilds = runNixOSTestFor "x86_64-linux" ./tests/nixos/remote-builds.nix;
|
2019-10-04 08:45:33 +00:00
|
|
|
|
|
2023-01-20 14:32:31 +00:00
|
|
|
|
tests.nix-copy-closure = runNixOSTestFor "x86_64-linux" ./tests/nixos/nix-copy-closure.nix;
|
2019-10-04 08:45:33 +00:00
|
|
|
|
|
2023-03-16 09:34:48 +00:00
|
|
|
|
tests.nix-copy = runNixOSTestFor "x86_64-linux" ./tests/nixos/nix-copy.nix;
|
|
|
|
|
|
2023-01-20 14:32:31 +00:00
|
|
|
|
tests.nssPreload = runNixOSTestFor "x86_64-linux" ./tests/nixos/nss-preload.nix;
|
2021-10-07 16:58:15 +00:00
|
|
|
|
|
2023-01-20 14:32:31 +00:00
|
|
|
|
tests.githubFlakes = runNixOSTestFor "x86_64-linux" ./tests/nixos/github-flakes.nix;
|
2019-10-04 08:45:33 +00:00
|
|
|
|
|
2023-01-20 14:32:31 +00:00
|
|
|
|
tests.sourcehutFlakes = runNixOSTestFor "x86_64-linux" ./tests/nixos/sourcehut-flakes.nix;
|
2022-02-23 14:58:09 +00:00
|
|
|
|
|
2023-06-07 12:26:30 +00:00
|
|
|
|
tests.tarballFlakes = runNixOSTestFor "x86_64-linux" ./tests/nixos/tarball-flakes.nix;
|
|
|
|
|
|
2023-01-20 14:32:31 +00:00
|
|
|
|
tests.containers = runNixOSTestFor "x86_64-linux" ./tests/nixos/containers/containers.nix;
|
2022-11-27 15:38:34 +00:00
|
|
|
|
|
2022-03-02 02:40:18 +00:00
|
|
|
|
tests.setuid = lib.genAttrs
|
2019-10-04 08:45:33 +00:00
|
|
|
|
["i686-linux" "x86_64-linux"]
|
2023-01-20 14:32:31 +00:00
|
|
|
|
(system: runNixOSTestFor system ./tests/nixos/setuid.nix);
|
|
|
|
|
|
2024-03-01 08:42:26 +00:00
|
|
|
|
tests.ca-fd-leak = runNixOSTestFor "x86_64-linux" ./tests/nixos/ca-fd-leak;
|
|
|
|
|
|
2024-04-08 12:51:54 +00:00
|
|
|
|
tests.user-sandboxing = runNixOSTestFor "x86_64-linux" ./tests/nixos/user-sandboxing;
|
|
|
|
|
|
2019-10-04 08:45:33 +00:00
|
|
|
|
|
2022-01-24 23:02:48 +00:00
|
|
|
|
# Make sure that nix-env still produces the exact same result
|
|
|
|
|
# on a particular version of Nixpkgs.
|
2019-10-04 08:45:33 +00:00
|
|
|
|
tests.evalNixpkgs =
|
2022-03-02 02:40:18 +00:00
|
|
|
|
with nixpkgsFor.x86_64-linux.native;
|
2019-10-04 08:45:33 +00:00
|
|
|
|
runCommand "eval-nixos" { buildInputs = [ nix ]; }
|
|
|
|
|
''
|
2022-01-24 23:02:48 +00:00
|
|
|
|
type -p nix-env
|
|
|
|
|
# Note: we're filtering out nixos-install-tools because https://github.com/NixOS/nixpkgs/pull/153594#issuecomment-1020530593.
|
|
|
|
|
time nix-env --store dummy:// -f ${nixpkgs-regression} -qaP --drv-path | sort | grep -v nixos-install-tools > packages
|
|
|
|
|
[[ $(sha1sum < packages | cut -c1-40) = ff451c521e61e4fe72bdbe2d0ca5d1809affa733 ]]
|
|
|
|
|
mkdir $out
|
2019-10-04 08:45:33 +00:00
|
|
|
|
'';
|
2022-01-24 23:02:48 +00:00
|
|
|
|
|
2023-01-17 23:17:59 +00:00
|
|
|
|
tests.nixpkgsLibTests =
|
2022-03-02 02:40:18 +00:00
|
|
|
|
forAllSystems (system:
|
2023-01-17 23:17:59 +00:00
|
|
|
|
import (nixpkgs + "/lib/tests/release.nix")
|
2023-08-11 13:58:43 +00:00
|
|
|
|
{ pkgs = nixpkgsFor.${system}.native;
|
|
|
|
|
nixVersions = [ self.packages.${system}.nix ];
|
|
|
|
|
}
|
2023-01-17 23:17:59 +00:00
|
|
|
|
);
|
|
|
|
|
|
2022-01-24 23:02:48 +00:00
|
|
|
|
metrics.nixpkgs = import "${nixpkgs-regression}/pkgs/top-level/metrics.nix" {
|
2022-03-02 02:40:18 +00:00
|
|
|
|
pkgs = nixpkgsFor.x86_64-linux.native;
|
2022-01-24 23:02:48 +00:00
|
|
|
|
nixpkgs = nixpkgs-regression;
|
|
|
|
|
};
|
2019-10-04 08:45:33 +00:00
|
|
|
|
|
2021-10-15 10:36:29 +00:00
|
|
|
|
installTests = forAllSystems (system:
|
2022-03-02 02:40:18 +00:00
|
|
|
|
let pkgs = nixpkgsFor.${system}.native; in
|
2021-03-16 12:43:08 +00:00
|
|
|
|
pkgs.runCommand "install-tests" {
|
|
|
|
|
againstSelf = testNixVersions pkgs pkgs.nix pkgs.pkgs.nix;
|
2021-10-06 11:17:39 +00:00
|
|
|
|
againstCurrentUnstable =
|
|
|
|
|
# FIXME: temporarily disable this on macOS because of #3605.
|
|
|
|
|
if system == "x86_64-linux"
|
|
|
|
|
then testNixVersions pkgs pkgs.nix pkgs.nixUnstable
|
|
|
|
|
else null;
|
2021-03-16 12:43:08 +00:00
|
|
|
|
# Disabled because the latest stable version doesn't handle
|
|
|
|
|
# `NIX_DAEMON_SOCKET_PATH` which is required for the tests to work
|
|
|
|
|
# againstLatestStable = testNixVersions pkgs pkgs.nix pkgs.nixStable;
|
2021-10-15 10:36:29 +00:00
|
|
|
|
} "touch $out");
|
|
|
|
|
|
2022-09-14 13:40:43 +00:00
|
|
|
|
installerTests = import ./tests/installer {
|
|
|
|
|
binaryTarballs = self.hydraJobs.binaryTarball;
|
|
|
|
|
inherit nixpkgsFor;
|
|
|
|
|
};
|
|
|
|
|
|
2021-10-15 10:36:29 +00:00
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
checks = forAllSystems (system: {
|
|
|
|
|
binaryTarball = self.hydraJobs.binaryTarball.${system};
|
|
|
|
|
perlBindings = self.hydraJobs.perlBindings.${system};
|
|
|
|
|
installTests = self.hydraJobs.installTests.${system};
|
2023-01-17 23:17:59 +00:00
|
|
|
|
nixpkgsLibTests = self.hydraJobs.tests.nixpkgsLibTests.${system};
|
2022-03-02 02:40:18 +00:00
|
|
|
|
} // (lib.optionalAttrs (builtins.elem system linux64BitSystems)) {
|
2021-11-24 08:19:29 +00:00
|
|
|
|
dockerImage = self.hydraJobs.dockerImage.${system};
|
2021-12-21 21:42:47 +00:00
|
|
|
|
});
|
2019-10-04 08:45:33 +00:00
|
|
|
|
|
2022-02-11 14:05:07 +00:00
|
|
|
|
packages = forAllSystems (system: rec {
|
2022-03-02 02:40:18 +00:00
|
|
|
|
inherit (nixpkgsFor.${system}.native) nix;
|
2022-02-11 14:05:07 +00:00
|
|
|
|
default = nix;
|
2022-03-02 02:40:18 +00:00
|
|
|
|
} // (lib.optionalAttrs (builtins.elem system linux64BitSystems) {
|
|
|
|
|
nix-static = nixpkgsFor.${system}.static.nix;
|
2022-01-26 13:31:23 +00:00
|
|
|
|
dockerImage =
|
|
|
|
|
let
|
2022-03-02 02:40:18 +00:00
|
|
|
|
pkgs = nixpkgsFor.${system}.native;
|
2022-01-26 13:31:23 +00:00
|
|
|
|
image = import ./docker.nix { inherit pkgs; tag = version; };
|
|
|
|
|
in
|
|
|
|
|
pkgs.runCommand
|
|
|
|
|
"docker-image-tarball-${version}"
|
|
|
|
|
{ meta.description = "Docker image with Nix for ${system}"; }
|
|
|
|
|
''
|
|
|
|
|
mkdir -p $out/nix-support
|
|
|
|
|
image=$out/image.tar.gz
|
|
|
|
|
ln -s ${image} $image
|
|
|
|
|
echo "file binary-dist $image" >> $out/nix-support/hydra-build-products
|
|
|
|
|
'';
|
2022-03-02 02:40:18 +00:00
|
|
|
|
} // builtins.listToAttrs (map
|
|
|
|
|
(crossSystem: {
|
|
|
|
|
name = "nix-${crossSystem}";
|
|
|
|
|
value = nixpkgsFor.${system}.cross.${crossSystem}.nix;
|
|
|
|
|
})
|
|
|
|
|
crossSystems)
|
|
|
|
|
// builtins.listToAttrs (map
|
|
|
|
|
(stdenvName: {
|
|
|
|
|
name = "nix-${stdenvName}";
|
|
|
|
|
value = nixpkgsFor.${system}.stdenvs."${stdenvName}Packages".nix;
|
|
|
|
|
})
|
|
|
|
|
stdenvs)));
|
|
|
|
|
|
|
|
|
|
devShells = let
|
|
|
|
|
makeShell = pkgs: stdenv:
|
2022-07-11 18:56:19 +00:00
|
|
|
|
with commonDeps { inherit pkgs; };
|
2022-03-02 02:40:18 +00:00
|
|
|
|
stdenv.mkDerivation {
|
2022-02-11 14:05:07 +00:00
|
|
|
|
name = "nix";
|
2019-10-04 08:45:33 +00:00
|
|
|
|
|
2022-02-11 14:05:07 +00:00
|
|
|
|
outputs = [ "out" "dev" "doc" ];
|
2020-08-28 16:16:03 +00:00
|
|
|
|
|
2022-11-25 13:47:05 +00:00
|
|
|
|
nativeBuildInputs = nativeBuildDeps
|
2022-03-02 02:40:18 +00:00
|
|
|
|
++ (lib.optionals stdenv.cc.isClang [ pkgs.bear pkgs.clang-tools ]);
|
|
|
|
|
|
2023-02-13 17:37:35 +00:00
|
|
|
|
buildInputs = buildDeps ++ propagatedDeps
|
|
|
|
|
++ awsDeps ++ checkDeps ++ internalApiDocsDeps;
|
2019-10-04 08:45:33 +00:00
|
|
|
|
|
2023-02-13 17:37:35 +00:00
|
|
|
|
configureFlags = configureFlags
|
|
|
|
|
++ testConfigureFlags ++ internalApiDocsConfigureFlags;
|
2019-10-04 08:45:33 +00:00
|
|
|
|
|
2022-02-11 14:05:07 +00:00
|
|
|
|
enableParallelBuilding = true;
|
2019-10-04 08:45:33 +00:00
|
|
|
|
|
2022-02-11 14:05:07 +00:00
|
|
|
|
installFlags = "sysconfdir=$(out)/etc";
|
2019-10-04 08:45:33 +00:00
|
|
|
|
|
2022-02-11 14:05:07 +00:00
|
|
|
|
shellHook =
|
|
|
|
|
''
|
|
|
|
|
PATH=$prefix/bin:$PATH
|
|
|
|
|
unset PYTHONPATH
|
|
|
|
|
export MANPATH=$out/share/man:$MANPATH
|
2021-12-22 12:21:45 +00:00
|
|
|
|
|
2022-02-11 14:05:07 +00:00
|
|
|
|
# Make bash completion work.
|
|
|
|
|
XDG_DATA_DIRS+=:$out/share
|
|
|
|
|
'';
|
2022-03-02 02:40:18 +00:00
|
|
|
|
};
|
|
|
|
|
in
|
|
|
|
|
forAllSystems (system:
|
|
|
|
|
let
|
|
|
|
|
makeShells = prefix: pkgs:
|
|
|
|
|
lib.mapAttrs'
|
|
|
|
|
(k: v: lib.nameValuePair "${prefix}-${k}" v)
|
|
|
|
|
(forAllStdenvs (stdenvName: makeShell pkgs pkgs.${stdenvName}));
|
|
|
|
|
in
|
|
|
|
|
(makeShells "native" nixpkgsFor.${system}.native) //
|
|
|
|
|
(makeShells "static" nixpkgsFor.${system}.static) //
|
|
|
|
|
(forAllCrossSystems (crossSystem: let pkgs = nixpkgsFor.${system}.cross.${crossSystem}; in makeShell pkgs pkgs.stdenv)) //
|
|
|
|
|
{
|
|
|
|
|
default = self.devShells.${system}.native-stdenvPackages;
|
|
|
|
|
}
|
|
|
|
|
);
|
2019-04-08 15:28:05 +00:00
|
|
|
|
};
|
|
|
|
|
}
|