From 52cf6582cce9049d1d7e0d2e1ba11ed7c6dae17d Mon Sep 17 00:00:00 2001 From: Benoit Donneaux Date: Tue, 3 Dec 2024 23:50:06 +0100 Subject: [PATCH 01/31] Update the Nix flake to follow only nixos-24_05 Signed-off-by: Benoit Donneaux --- flake.lock | 60 ++++++++++++------------------------------------------ flake.nix | 19 ++++++++--------- 2 files changed, 21 insertions(+), 58 deletions(-) diff --git a/flake.lock b/flake.lock index b7b74a0e4f..d7b6677e51 100644 --- a/flake.lock +++ b/flake.lock @@ -3,11 +3,11 @@ "flake-compat": { "flake": false, "locked": { - "lastModified": 1673956053, - "narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=", + "lastModified": 1732722421, + "narHash": "sha256-HRJ/18p+WoXpWJkcdsk9St5ZiukCqSDgbOGFa8Okehg=", "owner": "edolstra", "repo": "flake-compat", - "rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9", + "rev": "9ed2ac151eada2306ca8c418ebd97807bb08f6ac", "type": "github" }, "original": { @@ -21,11 +21,11 @@ "systems": "systems" }, "locked": { - "lastModified": 1687709756, - "narHash": "sha256-Y5wKlQSkgEK2weWdOu4J3riRd+kV/VCgHsqLNTTWQ/0=", + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", "owner": "numtide", "repo": "flake-utils", - "rev": "dbabf0ca0c0c4bce6ea5eaf65af5cb694d2082c7", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", "type": "github" }, "original": { @@ -34,50 +34,18 @@ "type": "github" } }, - "nixpkgs-22_11": { + "nixpkgs-24_05": { "locked": { - "lastModified": 1688392541, - "narHash": "sha256-lHrKvEkCPTUO+7tPfjIcb7Trk6k31rz18vkyqmkeJfY=", + "lastModified": 1733016324, + "narHash": "sha256-8qwPSE2g1othR1u4uP86NXxm6i7E9nHPyJX3m3lx7Q4=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "ea4c80b39be4c09702b0cb3b42eab59e2ba4f24b", + "rev": "7e1ca67996afd8233d9033edd26e442836cc2ad6", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixos-22.11", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs-23_05": { - "locked": { - "lastModified": 1689885880, - "narHash": "sha256-2ikAcvHKkKh8J/eUrwMA+wy1poscC+oL1RkN1V3RmT8=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "fa793b06f56896b7d1909e4b69977c7bf842b2f0", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-23.05", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs-unstable": { - "locked": { - "lastModified": 1689791806, - "narHash": "sha256-QpXjfiyBFwa7MV/J6nM5FoBreks9O7j9cAZxV22MR8A=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "439ba0789ff84dddea64eb2d47a4a0d4887dbb1f", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "pull/244135/head", + "ref": "nixos-24.05", "repo": "nixpkgs", "type": "github" } @@ -87,11 +55,9 @@ "flake-compat": "flake-compat", "flake-utils": "flake-utils", "nixpkgs": [ - "nixpkgs-unstable" + "nixpkgs-24_05" ], - "nixpkgs-22_11": "nixpkgs-22_11", - "nixpkgs-23_05": "nixpkgs-23_05", - "nixpkgs-unstable": "nixpkgs-unstable" + "nixpkgs-24_05": "nixpkgs-24_05" } }, "systems": { diff --git a/flake.nix b/flake.nix index bde792db3c..40742372b1 100644 --- a/flake.nix +++ b/flake.nix @@ -5,8 +5,8 @@ # Supply configuration for the build cache updated by our CI system. This # should allow most users to avoid having to build a large number of # packages (otherwise necessary due to our Python package overrides). - substituters = ["https://tahoe-lafs-opensource.cachix.org"]; - trusted-public-keys = ["tahoe-lafs-opensource.cachix.org-1:eIKCHOPJYceJ2gb74l6e0mayuSdXqiavxYeAio0LFGo="]; + #substituters = ["https://tahoe-lafs-opensource.cachix.org"]; + #trusted-public-keys = ["tahoe-lafs-opensource.cachix.org-1:eIKCHOPJYceJ2gb74l6e0mayuSdXqiavxYeAio0LFGo="]; }; inputs = { @@ -20,25 +20,22 @@ # requirements. We could decide in the future that supporting multiple # releases of NixOS at a time is worthwhile and then pins like these will # help us test each of those releases. - "nixpkgs-22_11" = { - url = github:NixOS/nixpkgs?ref=nixos-22.11; - }; - "nixpkgs-23_05" = { - url = github:NixOS/nixpkgs?ref=nixos-23.05; + "nixpkgs-24_05" = { + url = github:NixOS/nixpkgs?ref=nixos-24.05; }; # We depend on a very new python-cryptography which is not yet available # from any release branch of nixpkgs. However, it is contained in a PR # currently up for review. Point our nixpkgs at that for now. - "nixpkgs-unstable" = { - url = github:NixOS/nixpkgs?ref=pull/244135/head; - }; + #"nixpkgs-unstable" = { + # url = github:NixOS/nixpkgs?ref=pull/244135/head; + #}; # Point the default nixpkgs at one of those. This avoids having getting a # _third_ package set involved and gives a way to provide what should be a # working experience by default (that is, if nixpkgs doesn't get # overridden). - nixpkgs.follows = "nixpkgs-unstable"; + nixpkgs.follows = "nixpkgs-24_05"; # Also get flake-utils for simplified multi-system definitions. flake-utils = { From 2bc29b50b3826737bffba5b907319b6c2f477758 Mon Sep 17 00:00:00 2001 From: Benoit Donneaux Date: Wed, 4 Dec 2024 00:01:51 +0100 Subject: [PATCH 02/31] Our flake can only support Python 3.10 and 3.11 - ipython-8.24.0 not supported for interpreter python3.9 - magic-wormhole-transit-relay-0.2.1 not supported for interpreter python3.12 Signed-off-by: Benoit Donneaux --- flake.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/flake.nix b/flake.nix index 40742372b1..e671894596 100644 --- a/flake.nix +++ b/flake.nix @@ -77,7 +77,7 @@ # or PyPy. We take care to avoid things like "python-foo" and # "python3Full-unittest" though. We only want things like "pypy38" # or "python311". - nameMatches = name: null != builtins.match "(python|pypy)3[[:digit:]]{0,2}" name; + nameMatches = name: null != builtins.match "(python|pypy)3(10|11)?" name; # Sometimes an old version is left in the package set as an error # saying something like "we remove this". Make sure we whatever we From c13e42f852b0b11fa44824d101867363e5b8f677 Mon Sep 17 00:00:00 2001 From: Benoit Donneaux Date: Tue, 3 Dec 2024 21:35:06 +0100 Subject: [PATCH 03/31] Implement Nix CI workflow on GitHub instead of CircleCI Signed-off-by: Benoit Donneaux --- .github/workflows/nix.yml | 159 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 159 insertions(+) create mode 100644 .github/workflows/nix.yml diff --git a/.github/workflows/nix.yml b/.github/workflows/nix.yml new file mode 100644 index 0000000000..aa1eb4a0a2 --- /dev/null +++ b/.github/workflows/nix.yml @@ -0,0 +1,159 @@ +name: Nix + +on: + push: + branches: + - main + paths: + - '.github/workflows/nix.yml' + - 'flake.*' + - 'setup.cfg' + - '*.nix' + - '*.py' + - '*.ini' + pull_request: + paths: + - '.github/workflows/nix.yml' + - 'flake.*' + - 'setup.cfg' + - '*.nix' + - '*.py' + - '*.ini' + +jobs: + check: + runs-on: ubuntu-22.04 + outputs: + NIXPKGS: ${{ steps.prep.outputs.NIXPKGS }} + NIX_PATH: ${{ steps.prep.outputs.NIX_PATH }} + env: + nixpkgs: nixos-24_05 + steps: + - name: Checkout + id: checkout + uses: actions/checkout@v4 + with: + fetch-depth: 0 + fetch-tags: true + + - name: Install nix + id: install_nix + uses: nixbuild/nix-quick-install-action@v28 + + - name: Show the flake + id: show + run: | + nix flake show + + - name: Check the flake + id: check + env: + # FIXME: Our python39 package depends on some broken zope + NIXPKGS_ALLOW_BROKEN: 1 + run: | + nix flake check --impure + + - name: Restore and cache Nix store for nixpkgs-${{ env.nixpkgs }} + uses: nix-community/cache-nix-action@v5 + with: + # restore and save a cache using this key + primary-key: nixpkgs-${{ env.nixpkgs }}-${{ hashFiles('flake.*', '*.nix') }} + # if there's no cache hit, restore a cache by this prefix + restore-prefixes-first-match: nixpkgs-${{ env.nixpkgs }}- + # collect garbage until Nix store size (in bytes) is at most this number + # before trying to save a new cache + gc-max-store-size-linux: 1073741824 + # do purge caches + purge: true + # purge all versions of the cache + purge-prefixes: nixpkgs-${{ env.nixpkgs }}- + # created more than 0 seconds ago relative to the start of the `Post Restore` phase + purge-created: 0 + # except the version with the `primary-key`, if it exists + purge-primary-key: never + + - name: Prepare environment + id: prep + run: | + # Get the reference to the nixpkgs pinned in the flake - dirty way + NIXPKGS=$(nix flake metadata | grep -E '[^\w]+nixpkgs-${{ matrix.nixpkgs }}[^\w]+:' | cut -d' ' -f2 | cut -d'?' -f1) + NIX_PATH=nixpkgs=https://github.com/NixOS/nixpkgs/archive/${NIXPKGS##*/}.tar.gz + # Pass those variables to the next steps and jobs + echo NIXPKGS=$NIXPKGS | tee -a $GITHUB_ENV >> $GITHUB_OUTPUT + echo NIX_PATH=$NIX_PATH | tee -a $GITHUB_ENV >> $GITHUB_OUTPUT + + - name: Generate version + # The Nix package doesn't know how to do this part, unfortunately. + run: | + nix-shell \ + -p 'python3.withPackages (ps: [ ps.setuptools ])' \ + --run 'python setup.py update_version' + + packaging: + runs-on: ubuntu-22.04 + needs: check + env: + NIXPKGS: ${{ needs.check.outputs.NIXPKGS }} + NIX_PATH: ${{ needs.check.outputs.NIX_PATH }} + strategy: + fail-fast: false + matrix: + python-version: + - 310 + - 311 + nixpkgs: + - nixos-24_05 + steps: + - name: Checkout + id: checkout + uses: actions/checkout@v4 + + - name: Install nix + id: install_nix + uses: nixbuild/nix-quick-install-action@v28 + + - name: Restore and cache Nix store for nixpkgs-${{ matrix.nixpkgs }} + uses: nix-community/cache-nix-action@v5 + with: + # restore and save a cache using this key + primary-key: python${{ matrix.python-version }}-nixpkgs-${{ matrix.nixpkgs }}-${{ hashFiles('flake.*', '*.nix') }} + # if there's no cache hit, restore a cache by this prefix + restore-prefixes-first-match: nixpkgs-${{ matrix.nixpkgs }}- + # collect garbage until Nix store size (in bytes) is at most this number + # before trying to save a new cache + gc-max-store-size-linux: 1073741824 + # do purge caches + purge: true + # purge all versions of the cache + purge-prefixes: python${{ matrix.python-version }}-nixpkgs-${{ matrix.nixpkgs }}- + # created more than 0 seconds ago relative to the start of the `Post Restore` phase + purge-created: 0 + # except the version with the `primary-key`, if it exists + purge-primary-key: never + + - name: Build package + env: + # CircleCI build environment looks like it has a zillion and a half cores. + # Don't let Nix autodetect this high core count because it blows up memory + # usage and fails the test run. Pick a number of cores that suits the build + # environment we're paying for (the free one!). + DEPENDENCY_CORES: 3 + run: | + nix build \ + --verbose \ + --print-build-logs \ + --cores "$DEPENDENCY_CORES" \ + --override-input nixpkgs "$NIXPKGS" \ + .#python${{ matrix.python-version }}-tahoe-lafs + + - name: Unit test + env: + # Once dependencies are built, we can allow some more concurrency for our own + # test suite. + UNITTEST_CORES: 8 + run: | + nix run \ + --override-input nixpkgs "$NIXPKGS" \ + .#python${{ matrix.python-version }}-unittest -- \ + --jobs $UNITTEST_CORES \ + allmydata From 357d201476ea4e767036dcdd1c62d0be6545e0e7 Mon Sep 17 00:00:00 2001 From: Benoit Donneaux Date: Wed, 4 Dec 2024 17:51:18 +0100 Subject: [PATCH 04/31] Update flake to use nixos-24_11 Signed-off-by: Benoit Donneaux --- flake.lock | 20 ++++++++++---------- flake.nix | 6 +++--- 2 files changed, 13 insertions(+), 13 deletions(-) diff --git a/flake.lock b/flake.lock index d7b6677e51..cd383b2299 100644 --- a/flake.lock +++ b/flake.lock @@ -3,11 +3,11 @@ "flake-compat": { "flake": false, "locked": { - "lastModified": 1732722421, - "narHash": "sha256-HRJ/18p+WoXpWJkcdsk9St5ZiukCqSDgbOGFa8Okehg=", + "lastModified": 1733328505, + "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=", "owner": "edolstra", "repo": "flake-compat", - "rev": "9ed2ac151eada2306ca8c418ebd97807bb08f6ac", + "rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec", "type": "github" }, "original": { @@ -34,18 +34,18 @@ "type": "github" } }, - "nixpkgs-24_05": { + "nixpkgs-24_11": { "locked": { - "lastModified": 1733016324, - "narHash": "sha256-8qwPSE2g1othR1u4uP86NXxm6i7E9nHPyJX3m3lx7Q4=", + "lastModified": 1733261153, + "narHash": "sha256-eq51hyiaIwtWo19fPEeE0Zr2s83DYMKJoukNLgGGpek=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "7e1ca67996afd8233d9033edd26e442836cc2ad6", + "rev": "b681065d0919f7eb5309a93cea2cfa84dec9aa88", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixos-24.05", + "ref": "nixos-24.11", "repo": "nixpkgs", "type": "github" } @@ -55,9 +55,9 @@ "flake-compat": "flake-compat", "flake-utils": "flake-utils", "nixpkgs": [ - "nixpkgs-24_05" + "nixpkgs-24_11" ], - "nixpkgs-24_05": "nixpkgs-24_05" + "nixpkgs-24_11": "nixpkgs-24_11" } }, "systems": { diff --git a/flake.nix b/flake.nix index e671894596..bbc3e5bb05 100644 --- a/flake.nix +++ b/flake.nix @@ -20,8 +20,8 @@ # requirements. We could decide in the future that supporting multiple # releases of NixOS at a time is worthwhile and then pins like these will # help us test each of those releases. - "nixpkgs-24_05" = { - url = github:NixOS/nixpkgs?ref=nixos-24.05; + "nixpkgs-24_11" = { + url = github:NixOS/nixpkgs?ref=nixos-24.11; }; # We depend on a very new python-cryptography which is not yet available @@ -35,7 +35,7 @@ # _third_ package set involved and gives a way to provide what should be a # working experience by default (that is, if nixpkgs doesn't get # overridden). - nixpkgs.follows = "nixpkgs-24_05"; + nixpkgs.follows = "nixpkgs-24_11"; # Also get flake-utils for simplified multi-system definitions. flake-utils = { From 6985b38dd523d45ad0a14c2762450ddfaa1b7d2c Mon Sep 17 00:00:00 2001 From: Benoit Donneaux Date: Wed, 4 Dec 2024 17:54:39 +0100 Subject: [PATCH 05/31] FIXME: skip flake check for now becasue of imcompatibility - tkinter-7.3.12 not supported for interpreter pypy3.9 Signed-off-by: Benoit Donneaux --- .github/workflows/nix.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/nix.yml b/.github/workflows/nix.yml index aa1eb4a0a2..92eb846462 100644 --- a/.github/workflows/nix.yml +++ b/.github/workflows/nix.yml @@ -51,7 +51,7 @@ jobs: # FIXME: Our python39 package depends on some broken zope NIXPKGS_ALLOW_BROKEN: 1 run: | - nix flake check --impure + echo FIXME: nix flake check --impure - name: Restore and cache Nix store for nixpkgs-${{ env.nixpkgs }} uses: nix-community/cache-nix-action@v5 From 93c5fd97cf1585fe80dec44796dd583fc8feea7e Mon Sep 17 00:00:00 2001 From: Florian Sesser Date: Tue, 5 Nov 2024 17:43:45 +0000 Subject: [PATCH 06/31] Update PyOpenSSL to the second-latest version The latest version 404s ? --- nix/pyopenssl.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/nix/pyopenssl.nix b/nix/pyopenssl.nix index b8966fad15..100be47842 100644 --- a/nix/pyopenssl.nix +++ b/nix/pyopenssl.nix @@ -1,10 +1,10 @@ { pyopenssl, fetchPypi, isPyPy }: pyopenssl.overrideAttrs (old: rec { pname = "pyOpenSSL"; - version = "23.2.0"; + version = "24.1.0"; name = "${pname}-${version}"; src = fetchPypi { inherit pname version; - sha256 = "J2+TH1WkUufeppxxc+mE6ypEB85BPJGKo0tV+C+bi6w="; + sha256 = "yr7Uv6pd+fGhbA72Sgy2Uxi1zQd6ftp9aXATHKL0Gm8="; }; }) From e03a5dcb71b9b6388d69c6450584045d1c540599 Mon Sep 17 00:00:00 2001 From: Florian Sesser Date: Wed, 4 Dec 2024 17:43:57 +0000 Subject: [PATCH 07/31] Drop our vendored pycddl, upstream has our fixes now --- nix/pycddl.nix | 57 ---------------------------------------- nix/python-overrides.nix | 1 - 2 files changed, 58 deletions(-) delete mode 100644 nix/pycddl.nix diff --git a/nix/pycddl.nix b/nix/pycddl.nix deleted file mode 100644 index 8b214a91bb..0000000000 --- a/nix/pycddl.nix +++ /dev/null @@ -1,57 +0,0 @@ -# package https://gitlab.com/tahoe-lafs/pycddl -# -# also in the process of being pushed upstream -# https://github.com/NixOS/nixpkgs/pull/221220 -# -# we should switch to the upstream package when it is available from our -# minimum version of nixpkgs. -# -# if you need to update this package to a new pycddl release then -# -# 1. change value given to `buildPythonPackage` for `version` to match the new -# release -# -# 2. change the value given to `fetchPypi` for `sha256` to `lib.fakeHash` -# -# 3. run `nix-build` -# -# 4. there will be an error about a hash mismatch. change the value given to -# `fetchPypi` for `sha256` to the "actual" hash value report. -# -# 5. change the value given to `cargoDeps` for `hash` to lib.fakeHash`. -# -# 6. run `nix-build` -# -# 7. there will be an error about a hash mismatch. change the value given to -# `cargoDeps` for `hash` to the "actual" hash value report. -# -# 8. run `nix-build`. it should succeed. if it does not, seek assistance. -# -{ lib, fetchPypi, python, buildPythonPackage, rustPlatform }: -buildPythonPackage rec { - pname = "pycddl"; - version = "0.6.1"; - format = "pyproject"; - - src = fetchPypi { - inherit pname version; - sha256 = "sha256-63fe8UJXEH6t4l7ujV8JDvlGb7q3kL6fHHATFdklzFc="; - }; - - # Without this, when building for PyPy, `maturin build` seems to fail to - # find the interpreter at all and then fails early in the build process with - # an error saying "unsupported Python interpreter". We can easily point - # directly at the relevant interpreter, so do that. - maturinBuildFlags = [ "--interpreter" python.executable ]; - - nativeBuildInputs = with rustPlatform; [ - maturinBuildHook - cargoSetupHook - ]; - - cargoDeps = rustPlatform.fetchCargoTarball { - inherit src; - name = "${pname}-${version}"; - hash = "sha256-ssDEKRd3Y9/10oXBZHCxvlRkl9KMh3pGYbCkM4rXThQ="; - }; -} diff --git a/nix/python-overrides.nix b/nix/python-overrides.nix index 006c2682dc..2e42ef3d49 100644 --- a/nix/python-overrides.nix +++ b/nix/python-overrides.nix @@ -43,7 +43,6 @@ in { }; # Some dependencies aren't packaged in nixpkgs so supply our own packages. - pycddl = self.callPackage ./pycddl.nix { }; txi2p = self.callPackage ./txi2p.nix { }; # Some packages are of somewhat too-old versions - update them. From b9f3fd3c360df79e74fac42b75a757ef1d89c575 Mon Sep 17 00:00:00 2001 From: Florian Sesser Date: Wed, 4 Dec 2024 17:47:15 +0000 Subject: [PATCH 08/31] Update nixpkgs in github workflow definition too --- .github/workflows/nix.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/nix.yml b/.github/workflows/nix.yml index 92eb846462..ddfb015156 100644 --- a/.github/workflows/nix.yml +++ b/.github/workflows/nix.yml @@ -27,7 +27,7 @@ jobs: NIXPKGS: ${{ steps.prep.outputs.NIXPKGS }} NIX_PATH: ${{ steps.prep.outputs.NIX_PATH }} env: - nixpkgs: nixos-24_05 + nixpkgs: nixos-24_11 steps: - name: Checkout id: checkout @@ -102,7 +102,7 @@ jobs: - 310 - 311 nixpkgs: - - nixos-24_05 + - nixos-24_11 steps: - name: Checkout id: checkout From 2d56be5ae2b3c400027f15159a5f0fdad1b1d369 Mon Sep 17 00:00:00 2001 From: Florian Sesser Date: Wed, 4 Dec 2024 18:21:08 +0000 Subject: [PATCH 09/31] Klein asks for hypothesis to run its tests --- nix/klein.nix | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/nix/klein.nix b/nix/klein.nix index be4426465f..6ccbfa5eeb 100644 --- a/nix/klein.nix +++ b/nix/klein.nix @@ -1,4 +1,4 @@ -{ klein, fetchPypi }: +{ klein, fetchPypi, hypothesis }: klein.overrideAttrs (old: rec { pname = "klein"; version = "23.5.0"; @@ -6,4 +6,7 @@ klein.overrideAttrs (old: rec { inherit pname version; sha256 = "sha256-kGkSt6tBDZp/NRICg5w81zoqwHe9AHHIYcMfDu92Aoc="; }; + nativeCheckInputs = [ + hypothesis + ]; }) From f39b28d2124ec02ec1b9554b5592656abff79808 Mon Sep 17 00:00:00 2001 From: Florian Sesser Date: Wed, 4 Dec 2024 18:48:01 +0000 Subject: [PATCH 10/31] Use the nixpkgs-provided klein --- nix/klein.nix | 12 ------------ nix/python-overrides.nix | 5 +---- 2 files changed, 1 insertion(+), 16 deletions(-) delete mode 100644 nix/klein.nix diff --git a/nix/klein.nix b/nix/klein.nix deleted file mode 100644 index 6ccbfa5eeb..0000000000 --- a/nix/klein.nix +++ /dev/null @@ -1,12 +0,0 @@ -{ klein, fetchPypi, hypothesis }: -klein.overrideAttrs (old: rec { - pname = "klein"; - version = "23.5.0"; - src = fetchPypi { - inherit pname version; - sha256 = "sha256-kGkSt6tBDZp/NRICg5w81zoqwHe9AHHIYcMfDu92Aoc="; - }; - nativeCheckInputs = [ - hypothesis - ]; -}) diff --git a/nix/python-overrides.nix b/nix/python-overrides.nix index 2e42ef3d49..4621fd3218 100644 --- a/nix/python-overrides.nix +++ b/nix/python-overrides.nix @@ -46,11 +46,8 @@ in { txi2p = self.callPackage ./txi2p.nix { }; # Some packages are of somewhat too-old versions - update them. - klein = self.callPackage ./klein.nix { - # Avoid infinite recursion. - inherit (super) klein; - }; txtorcon = self.callPackage ./txtorcon.nix { + # Avoid infinite recursion. inherit (super) txtorcon; }; From e4e10857719252d45b1c9b99f2dfd879a6c70891 Mon Sep 17 00:00:00 2001 From: Florian Sesser Date: Wed, 4 Dec 2024 18:54:52 +0000 Subject: [PATCH 11/31] Use the nixpkgs-provided pyopenssl --- nix/pyopenssl.nix | 10 ---------- nix/python-overrides.nix | 7 ------- 2 files changed, 17 deletions(-) delete mode 100644 nix/pyopenssl.nix diff --git a/nix/pyopenssl.nix b/nix/pyopenssl.nix deleted file mode 100644 index 100be47842..0000000000 --- a/nix/pyopenssl.nix +++ /dev/null @@ -1,10 +0,0 @@ -{ pyopenssl, fetchPypi, isPyPy }: -pyopenssl.overrideAttrs (old: rec { - pname = "pyOpenSSL"; - version = "24.1.0"; - name = "${pname}-${version}"; - src = fetchPypi { - inherit pname version; - sha256 = "yr7Uv6pd+fGhbA72Sgy2Uxi1zQd6ftp9aXATHKL0Gm8="; - }; -}) diff --git a/nix/python-overrides.nix b/nix/python-overrides.nix index 4621fd3218..3faa4aa995 100644 --- a/nix/python-overrides.nix +++ b/nix/python-overrides.nix @@ -58,13 +58,6 @@ in { patches = (old.patches or []) ++ [ ./twisted.patch ]; }); - # Update the version of pyopenssl - and since we're doing that anyway, we - # don't need the docs. Unfortunately this triggers a lot of rebuilding of - # dependent packages. - pyopenssl = dontBuildDocs (self.callPackage ./pyopenssl.nix { - inherit (super) pyopenssl; - }); - # The cryptography that we get from nixpkgs to satisfy the pyopenssl upgrade # that we did breaks service-identity ... so get a newer version that works. service-identity = self.callPackage ./service-identity.nix { }; From dc19ef793830eb305dc7be562dd13eaa2ba6e74e Mon Sep 17 00:00:00 2001 From: Florian Sesser Date: Wed, 4 Dec 2024 19:00:18 +0000 Subject: [PATCH 12/31] Use the nixpkgs-provided twisted --- nix/python-overrides.nix | 11 ----------- nix/twisted.patch | 12 ------------ 2 files changed, 23 deletions(-) delete mode 100644 nix/twisted.patch diff --git a/nix/python-overrides.nix b/nix/python-overrides.nix index 3faa4aa995..22bac1ca15 100644 --- a/nix/python-overrides.nix +++ b/nix/python-overrides.nix @@ -51,17 +51,6 @@ in { inherit (super) txtorcon; }; - # With our customized package set a Twisted unit test fails. Patch the - # Twisted test suite to skip that test. - # Filed upstream at https://github.com/twisted/twisted/issues/11877 - twisted = super.twisted.overrideAttrs (old: { - patches = (old.patches or []) ++ [ ./twisted.patch ]; - }); - - # The cryptography that we get from nixpkgs to satisfy the pyopenssl upgrade - # that we did breaks service-identity ... so get a newer version that works. - service-identity = self.callPackage ./service-identity.nix { }; - # collections-extended is currently broken for Python 3.11 in nixpkgs but # we know where a working version lives. collections-extended = self.callPackage ./collections-extended.nix { diff --git a/nix/twisted.patch b/nix/twisted.patch deleted file mode 100644 index 1b6846c8ee..0000000000 --- a/nix/twisted.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff --git a/src/twisted/internet/test/test_endpoints.py b/src/twisted/internet/test/test_endpoints.py -index c650fd8aa6..a1754fd533 100644 ---- a/src/twisted/internet/test/test_endpoints.py -+++ b/src/twisted/internet/test/test_endpoints.py -@@ -4214,6 +4214,7 @@ class WrapClientTLSParserTests(unittest.TestCase): - connectionCreator = connectionCreatorFromEndpoint(reactor, endpoint) - self.assertEqual(connectionCreator._hostname, "\xe9xample.example.com") - -+ @skipIf(True, "self.assertFalse(plainClient.transport.disconnecting) fails") - def test_tls(self): - """ - When passed a string endpoint description beginning with C{tls:}, From 0019e78ce06887aea4614055eb2b8f5ffe76d194 Mon Sep 17 00:00:00 2001 From: Florian Sesser Date: Wed, 4 Dec 2024 19:07:34 +0000 Subject: [PATCH 13/31] Use nixpkgs-provided txtorcon --- nix/python-overrides.nix | 7 +------ nix/txtorcon.nix | 9 --------- 2 files changed, 1 insertion(+), 15 deletions(-) delete mode 100644 nix/txtorcon.nix diff --git a/nix/python-overrides.nix b/nix/python-overrides.nix index 22bac1ca15..48a8e4515b 100644 --- a/nix/python-overrides.nix +++ b/nix/python-overrides.nix @@ -45,15 +45,10 @@ in { # Some dependencies aren't packaged in nixpkgs so supply our own packages. txi2p = self.callPackage ./txi2p.nix { }; - # Some packages are of somewhat too-old versions - update them. - txtorcon = self.callPackage ./txtorcon.nix { - # Avoid infinite recursion. - inherit (super) txtorcon; - }; - # collections-extended is currently broken for Python 3.11 in nixpkgs but # we know where a working version lives. collections-extended = self.callPackage ./collections-extended.nix { + # Avoid infinite recursion. inherit (super) collections-extended; }; diff --git a/nix/txtorcon.nix b/nix/txtorcon.nix deleted file mode 100644 index 552c03fd03..0000000000 --- a/nix/txtorcon.nix +++ /dev/null @@ -1,9 +0,0 @@ -{ txtorcon, fetchPypi }: -txtorcon.overrideAttrs (old: rec { - pname = "txtorcon"; - version = "23.5.0"; - src = fetchPypi { - inherit pname version; - hash = "sha256-k/2Aqd1QX2mNCGT+k9uLapwRRLX+uRUwggtw7YmCZRw="; - }; -}) From 646b38b1b30ec569b5c99ac19c1d2caefdd16594 Mon Sep 17 00:00:00 2001 From: Florian Sesser Date: Wed, 4 Dec 2024 19:08:16 +0000 Subject: [PATCH 14/31] Use nixpkgs-provided txi2p-tahoe --- nix/python-overrides.nix | 3 --- nix/txi2p.nix | 39 --------------------------------------- 2 files changed, 42 deletions(-) delete mode 100644 nix/txi2p.nix diff --git a/nix/python-overrides.nix b/nix/python-overrides.nix index 48a8e4515b..1094e08a37 100644 --- a/nix/python-overrides.nix +++ b/nix/python-overrides.nix @@ -42,9 +42,6 @@ in { tahoe-lafs-src = self.lib.cleanSource ../.; }; - # Some dependencies aren't packaged in nixpkgs so supply our own packages. - txi2p = self.callPackage ./txi2p.nix { }; - # collections-extended is currently broken for Python 3.11 in nixpkgs but # we know where a working version lives. collections-extended = self.callPackage ./collections-extended.nix { diff --git a/nix/txi2p.nix b/nix/txi2p.nix deleted file mode 100644 index 3464b7b3d9..0000000000 --- a/nix/txi2p.nix +++ /dev/null @@ -1,39 +0,0 @@ -# package https://github.com/tahoe-lafs/txi2p -# -# if you need to update this package to a new txi2p release then -# -# 1. change value given to `buildPythonPackage` for `version` to match the new -# release -# -# 2. change the value given to `fetchPypi` for `sha256` to `lib.fakeHash` -# -# 3. run `nix-build` -# -# 4. there will be an error about a hash mismatch. change the value given to -# `fetchPypi` for `sha256` to the "actual" hash value report. -# -# 5. if there are new runtime dependencies then add them to the argument list -# at the top. if there are new test dependencies add them to the -# `checkInputs` list. -# -# 6. run `nix-build`. it should succeed. if it does not, seek assistance. -# -{ fetchPypi -, buildPythonPackage -, parsley -, twisted -, unittestCheckHook -}: -buildPythonPackage rec { - pname = "txi2p-tahoe"; - version = "0.3.7"; - - src = fetchPypi { - inherit pname version; - hash = "sha256-+Vs9zaFS+ACI14JNxEme93lnWmncdZyFAmnTH0yhOiY="; - }; - - propagatedBuildInputs = [ twisted parsley ]; - checkInputs = [ unittestCheckHook ]; - pythonImportsCheck = [ "parsley" "ometa"]; -} From 201db2918dd335ff70bede0dc6c65e5d461d317d Mon Sep 17 00:00:00 2001 From: Florian Sesser Date: Wed, 4 Dec 2024 19:09:16 +0000 Subject: [PATCH 15/31] Forgot to remove service-identity.nix which belonged to our pyopenssl fix --- nix/service-identity.nix | 61 ---------------------------------------- 1 file changed, 61 deletions(-) delete mode 100644 nix/service-identity.nix diff --git a/nix/service-identity.nix b/nix/service-identity.nix deleted file mode 100644 index fef68b16e1..0000000000 --- a/nix/service-identity.nix +++ /dev/null @@ -1,61 +0,0 @@ -{ lib -, attrs -, buildPythonPackage -, cryptography -, fetchFromGitHub -, hatch-fancy-pypi-readme -, hatch-vcs -, hatchling -, idna -, pyasn1 -, pyasn1-modules -, pytestCheckHook -, pythonOlder -, setuptools -}: - -buildPythonPackage rec { - pname = "service-identity"; - version = "23.1.0"; - format = "pyproject"; - - disabled = pythonOlder "3.8"; - - src = fetchFromGitHub { - owner = "pyca"; - repo = pname; - rev = "refs/tags/${version}"; - hash = "sha256-PGDtsDgRwh7GuuM4OuExiy8L4i3Foo+OD0wMrndPkvo="; - }; - - nativeBuildInputs = [ - hatch-fancy-pypi-readme - hatch-vcs - hatchling - setuptools - ]; - - propagatedBuildInputs = [ - attrs - cryptography - idna - pyasn1 - pyasn1-modules - ]; - - nativeCheckInputs = [ - pytestCheckHook - ]; - - pythonImportsCheck = [ - "service_identity" - ]; - - meta = with lib; { - description = "Service identity verification for pyOpenSSL"; - homepage = "https://service-identity.readthedocs.io"; - changelog = "https://github.com/pyca/service-identity/releases/tag/${version}"; - license = licenses.mit; - maintainers = with maintainers; [ fab ]; - }; -} From da7ecb8c39ca109d373d1cb2e10e256e45515f16 Mon Sep 17 00:00:00 2001 From: Florian Sesser Date: Wed, 4 Dec 2024 19:15:07 +0000 Subject: [PATCH 16/31] Spell txi2p correctly --- nix/tahoe-lafs.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nix/tahoe-lafs.nix b/nix/tahoe-lafs.nix index 273fa3a763..fa538767d3 100644 --- a/nix/tahoe-lafs.nix +++ b/nix/tahoe-lafs.nix @@ -50,7 +50,7 @@ buildPythonPackage rec { txtorcon ]; i2p = [ - txi2p + txi2p-tahoe ]; unittest = [ beautifulsoup4 From a96a73e42220f7e54ff4d3618ce8a70091fbef5b Mon Sep 17 00:00:00 2001 From: Florian Sesser Date: Wed, 4 Dec 2024 19:19:29 +0000 Subject: [PATCH 17/31] Also run CI for Python 3.12 --- .github/workflows/nix.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/nix.yml b/.github/workflows/nix.yml index ddfb015156..2fa0eac6c0 100644 --- a/.github/workflows/nix.yml +++ b/.github/workflows/nix.yml @@ -101,6 +101,7 @@ jobs: python-version: - 310 - 311 + - 312 nixpkgs: - nixos-24_11 steps: From 53517142ee711e922a32f1693001b7c4ca50078c Mon Sep 17 00:00:00 2001 From: Florian Sesser Date: Wed, 4 Dec 2024 19:28:52 +0000 Subject: [PATCH 18/31] Allow Python 3.12 --- flake.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/flake.nix b/flake.nix index bbc3e5bb05..a55f9bc4ca 100644 --- a/flake.nix +++ b/flake.nix @@ -77,7 +77,7 @@ # or PyPy. We take care to avoid things like "python-foo" and # "python3Full-unittest" though. We only want things like "pypy38" # or "python311". - nameMatches = name: null != builtins.match "(python|pypy)3(10|11)?" name; + nameMatches = name: null != builtins.match "(python|pypy)3(10|11|12)?" name; # Sometimes an old version is left in the package set as an error # saying something like "we remove this". Make sure we whatever we From a90240129387ebefc28616d76264f46fcbc98fae Mon Sep 17 00:00:00 2001 From: Florian Sesser Date: Wed, 4 Dec 2024 20:04:32 +0000 Subject: [PATCH 19/31] Patch _version.py Courtesy of the ZKAPAuthorizer nix expressions --- nix/tahoe-lafs.nix | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/nix/tahoe-lafs.nix b/nix/tahoe-lafs.nix index fa538767d3..7d4a631afa 100644 --- a/nix/tahoe-lafs.nix +++ b/nix/tahoe-lafs.nix @@ -70,6 +70,24 @@ buildPythonPackage rec { }; }; + postPatch = + let + versionFileContents = version: '' + # This _version.py is generated by tahoe-lafs.nix. + # TODO: We can have more metadata after we switch to flakes. + # Then the `self` input will have a `sourceInfo` attribute telling + __pkgname__ = "tahoe-lafs" + real_version = "${version}" + full_version = "${version}" + branch = "" + verstr = "${version}" + __version__ = verstr + ''; + in + '' + cp ${builtins.toFile "_version.py" (versionFileContents version)} src/allmydata/_version.py + ''; + meta = with lib; { homepage = "https://tahoe-lafs.org/"; description = "secure, decentralized, fault-tolerant file store"; From e9f8c3d9f25f47e2973d135ccc9d3ea4dba07dad Mon Sep 17 00:00:00 2001 From: Florian Sesser Date: Wed, 4 Dec 2024 20:37:30 +0000 Subject: [PATCH 20/31] The missing version fails a unit test - does this help? --- .github/workflows/nix.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/nix.yml b/.github/workflows/nix.yml index 2fa0eac6c0..b634566e9c 100644 --- a/.github/workflows/nix.yml +++ b/.github/workflows/nix.yml @@ -108,6 +108,9 @@ jobs: - name: Checkout id: checkout uses: actions/checkout@v4 + with: + fetch-depth: 0 + fetch-tags: true - name: Install nix id: install_nix From 68f706e689b1bea013c9c08af7eb71b60fe2c872 Mon Sep 17 00:00:00 2001 From: Florian Sesser Date: Thu, 5 Dec 2024 00:30:33 +0000 Subject: [PATCH 21/31] Don't test Python 3.10 on NixOS 24.11 ... it's old (3.12 is the default), it's not in the NixOS binary caches, some dependency fails building and fixing it feels like picking over bones --- .github/workflows/nix.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/nix.yml b/.github/workflows/nix.yml index b634566e9c..2bd534137b 100644 --- a/.github/workflows/nix.yml +++ b/.github/workflows/nix.yml @@ -99,7 +99,6 @@ jobs: fail-fast: false matrix: python-version: - - 310 - 311 - 312 nixpkgs: From 371854bc7c669b8111fbe5f9afe663babcf56fe2 Mon Sep 17 00:00:00 2001 From: Florian Sesser Date: Thu, 5 Dec 2024 00:34:12 +0000 Subject: [PATCH 22/31] Remove check step ... it has served its purpose (development) and is using runner time --- .github/workflows/nix.yml | 68 --------------------------------------- 1 file changed, 68 deletions(-) diff --git a/.github/workflows/nix.yml b/.github/workflows/nix.yml index 2bd534137b..9eec0d4811 100644 --- a/.github/workflows/nix.yml +++ b/.github/workflows/nix.yml @@ -21,74 +21,6 @@ on: - '*.ini' jobs: - check: - runs-on: ubuntu-22.04 - outputs: - NIXPKGS: ${{ steps.prep.outputs.NIXPKGS }} - NIX_PATH: ${{ steps.prep.outputs.NIX_PATH }} - env: - nixpkgs: nixos-24_11 - steps: - - name: Checkout - id: checkout - uses: actions/checkout@v4 - with: - fetch-depth: 0 - fetch-tags: true - - - name: Install nix - id: install_nix - uses: nixbuild/nix-quick-install-action@v28 - - - name: Show the flake - id: show - run: | - nix flake show - - - name: Check the flake - id: check - env: - # FIXME: Our python39 package depends on some broken zope - NIXPKGS_ALLOW_BROKEN: 1 - run: | - echo FIXME: nix flake check --impure - - - name: Restore and cache Nix store for nixpkgs-${{ env.nixpkgs }} - uses: nix-community/cache-nix-action@v5 - with: - # restore and save a cache using this key - primary-key: nixpkgs-${{ env.nixpkgs }}-${{ hashFiles('flake.*', '*.nix') }} - # if there's no cache hit, restore a cache by this prefix - restore-prefixes-first-match: nixpkgs-${{ env.nixpkgs }}- - # collect garbage until Nix store size (in bytes) is at most this number - # before trying to save a new cache - gc-max-store-size-linux: 1073741824 - # do purge caches - purge: true - # purge all versions of the cache - purge-prefixes: nixpkgs-${{ env.nixpkgs }}- - # created more than 0 seconds ago relative to the start of the `Post Restore` phase - purge-created: 0 - # except the version with the `primary-key`, if it exists - purge-primary-key: never - - - name: Prepare environment - id: prep - run: | - # Get the reference to the nixpkgs pinned in the flake - dirty way - NIXPKGS=$(nix flake metadata | grep -E '[^\w]+nixpkgs-${{ matrix.nixpkgs }}[^\w]+:' | cut -d' ' -f2 | cut -d'?' -f1) - NIX_PATH=nixpkgs=https://github.com/NixOS/nixpkgs/archive/${NIXPKGS##*/}.tar.gz - # Pass those variables to the next steps and jobs - echo NIXPKGS=$NIXPKGS | tee -a $GITHUB_ENV >> $GITHUB_OUTPUT - echo NIX_PATH=$NIX_PATH | tee -a $GITHUB_ENV >> $GITHUB_OUTPUT - - - name: Generate version - # The Nix package doesn't know how to do this part, unfortunately. - run: | - nix-shell \ - -p 'python3.withPackages (ps: [ ps.setuptools ])' \ - --run 'python setup.py update_version' - packaging: runs-on: ubuntu-22.04 needs: check From a4a9c890634ffc62c07d8c604b0484f12b290e39 Mon Sep 17 00:00:00 2001 From: Florian Sesser Date: Thu, 5 Dec 2024 00:48:03 +0000 Subject: [PATCH 23/31] Don't test obsolete Python 3.11, don't depend on check phase --- .github/workflows/nix.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/.github/workflows/nix.yml b/.github/workflows/nix.yml index 9eec0d4811..7b4769c387 100644 --- a/.github/workflows/nix.yml +++ b/.github/workflows/nix.yml @@ -23,7 +23,6 @@ on: jobs: packaging: runs-on: ubuntu-22.04 - needs: check env: NIXPKGS: ${{ needs.check.outputs.NIXPKGS }} NIX_PATH: ${{ needs.check.outputs.NIX_PATH }} @@ -31,7 +30,6 @@ jobs: fail-fast: false matrix: python-version: - - 311 - 312 nixpkgs: - nixos-24_11 From 6d99d58e27911f411f01af3fa1c854c5fb334469 Mon Sep 17 00:00:00 2001 From: Florian Sesser Date: Thu, 5 Dec 2024 01:01:16 +0000 Subject: [PATCH 24/31] Does this create the environment variables? Why is this so complicated? I thought the nixpkgs were defined in flake.lock? --- .github/workflows/nix.yml | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/.github/workflows/nix.yml b/.github/workflows/nix.yml index 7b4769c387..a5322812f8 100644 --- a/.github/workflows/nix.yml +++ b/.github/workflows/nix.yml @@ -23,9 +23,6 @@ on: jobs: packaging: runs-on: ubuntu-22.04 - env: - NIXPKGS: ${{ needs.check.outputs.NIXPKGS }} - NIX_PATH: ${{ needs.check.outputs.NIX_PATH }} strategy: fail-fast: false matrix: @@ -41,6 +38,11 @@ jobs: fetch-depth: 0 fetch-tags: true + - name: Set environment variables + run: | + echo "NIXPKGS=$(nix flake metadata | grep -E '[^\w]+nixpkgs-${{ matrix.nixpkgs }}[^\w]+:' | cut -d' ' -f2 | cut -d'?' -f1)" >> $GITHUB_ENV + echo "NIX_PATH=nixpkgs=https://github.com/NixOS/nixpkgs/archive/${NIXPKGS##*/}.tar.gz" >> $GITHUB_ENV + - name: Install nix id: install_nix uses: nixbuild/nix-quick-install-action@v28 From c1f16bc8edfcbab4102f9ea3dae436438c5602fa Mon Sep 17 00:00:00 2001 From: Florian Sesser Date: Thu, 5 Dec 2024 01:06:16 +0000 Subject: [PATCH 25/31] Setting the env vars already requires Nix --- .github/workflows/nix.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/nix.yml b/.github/workflows/nix.yml index a5322812f8..78890a6e38 100644 --- a/.github/workflows/nix.yml +++ b/.github/workflows/nix.yml @@ -38,15 +38,15 @@ jobs: fetch-depth: 0 fetch-tags: true + - name: Install nix + id: install_nix + uses: nixbuild/nix-quick-install-action@v28 + - name: Set environment variables run: | echo "NIXPKGS=$(nix flake metadata | grep -E '[^\w]+nixpkgs-${{ matrix.nixpkgs }}[^\w]+:' | cut -d' ' -f2 | cut -d'?' -f1)" >> $GITHUB_ENV echo "NIX_PATH=nixpkgs=https://github.com/NixOS/nixpkgs/archive/${NIXPKGS##*/}.tar.gz" >> $GITHUB_ENV - - name: Install nix - id: install_nix - uses: nixbuild/nix-quick-install-action@v28 - - name: Restore and cache Nix store for nixpkgs-${{ matrix.nixpkgs }} uses: nix-community/cache-nix-action@v5 with: From 740759b0b0252f92eea5aa6e648bb1f86ba1cb16 Mon Sep 17 00:00:00 2001 From: Florian Sesser Date: Thu, 5 Dec 2024 01:13:07 +0000 Subject: [PATCH 26/31] Remove input overriding --- .github/workflows/nix.yml | 7 ------- 1 file changed, 7 deletions(-) diff --git a/.github/workflows/nix.yml b/.github/workflows/nix.yml index 78890a6e38..2930d0544d 100644 --- a/.github/workflows/nix.yml +++ b/.github/workflows/nix.yml @@ -42,11 +42,6 @@ jobs: id: install_nix uses: nixbuild/nix-quick-install-action@v28 - - name: Set environment variables - run: | - echo "NIXPKGS=$(nix flake metadata | grep -E '[^\w]+nixpkgs-${{ matrix.nixpkgs }}[^\w]+:' | cut -d' ' -f2 | cut -d'?' -f1)" >> $GITHUB_ENV - echo "NIX_PATH=nixpkgs=https://github.com/NixOS/nixpkgs/archive/${NIXPKGS##*/}.tar.gz" >> $GITHUB_ENV - - name: Restore and cache Nix store for nixpkgs-${{ matrix.nixpkgs }} uses: nix-community/cache-nix-action@v5 with: @@ -78,7 +73,6 @@ jobs: --verbose \ --print-build-logs \ --cores "$DEPENDENCY_CORES" \ - --override-input nixpkgs "$NIXPKGS" \ .#python${{ matrix.python-version }}-tahoe-lafs - name: Unit test @@ -88,7 +82,6 @@ jobs: UNITTEST_CORES: 8 run: | nix run \ - --override-input nixpkgs "$NIXPKGS" \ .#python${{ matrix.python-version }}-unittest -- \ --jobs $UNITTEST_CORES \ allmydata From 0c0b83536685c1c21d7591d17bed364c732abf95 Mon Sep 17 00:00:00 2001 From: Florian Sesser Date: Thu, 5 Dec 2024 01:26:42 +0000 Subject: [PATCH 27/31] Try out what the default number of cores does on GitHub Actions --- .github/workflows/nix.yml | 12 ------------ 1 file changed, 12 deletions(-) diff --git a/.github/workflows/nix.yml b/.github/workflows/nix.yml index 2930d0544d..e9d37ffef9 100644 --- a/.github/workflows/nix.yml +++ b/.github/workflows/nix.yml @@ -62,26 +62,14 @@ jobs: purge-primary-key: never - name: Build package - env: - # CircleCI build environment looks like it has a zillion and a half cores. - # Don't let Nix autodetect this high core count because it blows up memory - # usage and fails the test run. Pick a number of cores that suits the build - # environment we're paying for (the free one!). - DEPENDENCY_CORES: 3 run: | nix build \ --verbose \ --print-build-logs \ - --cores "$DEPENDENCY_CORES" \ .#python${{ matrix.python-version }}-tahoe-lafs - name: Unit test - env: - # Once dependencies are built, we can allow some more concurrency for our own - # test suite. - UNITTEST_CORES: 8 run: | nix run \ .#python${{ matrix.python-version }}-unittest -- \ - --jobs $UNITTEST_CORES \ allmydata From e825c125f5a728b1e6df5a1204057e18b4bc7a52 Mon Sep 17 00:00:00 2001 From: Florian Sesser Date: Thu, 5 Dec 2024 01:31:08 +0000 Subject: [PATCH 28/31] Restore old / more generic version guard ... so we have less places where we have to change versions --- flake.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/flake.nix b/flake.nix index a55f9bc4ca..f5bf9e9dd5 100644 --- a/flake.nix +++ b/flake.nix @@ -77,7 +77,7 @@ # or PyPy. We take care to avoid things like "python-foo" and # "python3Full-unittest" though. We only want things like "pypy38" # or "python311". - nameMatches = name: null != builtins.match "(python|pypy)3(10|11|12)?" name; + nameMatches = name: null != builtins.match "(python|pypy)3[[:digit:]]{0,2}" name; # Sometimes an old version is left in the package set as an error # saying something like "we remove this". Make sure we whatever we From 81e283eeffd15105ddb3af080f28910862d1ab65 Mon Sep 17 00:00:00 2001 From: Florian Sesser Date: Thu, 5 Dec 2024 01:34:42 +0000 Subject: [PATCH 29/31] Have fewer outdated comments --- flake.nix | 20 +------------------- 1 file changed, 1 insertion(+), 19 deletions(-) diff --git a/flake.nix b/flake.nix index f5bf9e9dd5..8a2d3c3261 100644 --- a/flake.nix +++ b/flake.nix @@ -1,14 +1,6 @@ { description = "Tahoe-LAFS, free and open decentralized data store"; - nixConfig = { - # Supply configuration for the build cache updated by our CI system. This - # should allow most users to avoid having to build a large number of - # packages (otherwise necessary due to our Python package overrides). - #substituters = ["https://tahoe-lafs-opensource.cachix.org"]; - #trusted-public-keys = ["tahoe-lafs-opensource.cachix.org-1:eIKCHOPJYceJ2gb74l6e0mayuSdXqiavxYeAio0LFGo="]; - }; - inputs = { # A couple possible nixpkgs pins. Ideally these could be selected easily # from the command line but there seems to be no syntax/support for that. @@ -24,17 +16,7 @@ url = github:NixOS/nixpkgs?ref=nixos-24.11; }; - # We depend on a very new python-cryptography which is not yet available - # from any release branch of nixpkgs. However, it is contained in a PR - # currently up for review. Point our nixpkgs at that for now. - #"nixpkgs-unstable" = { - # url = github:NixOS/nixpkgs?ref=pull/244135/head; - #}; - - # Point the default nixpkgs at one of those. This avoids having getting a - # _third_ package set involved and gives a way to provide what should be a - # working experience by default (that is, if nixpkgs doesn't get - # overridden). + # Point the default nixpkgs at one of those. nixpkgs.follows = "nixpkgs-24_11"; # Also get flake-utils for simplified multi-system definitions. From ec3908bfd487fb6d542f86a44f22bfd31cfbf727 Mon Sep 17 00:00:00 2001 From: Florian Sesser Date: Thu, 5 Dec 2024 01:34:56 +0000 Subject: [PATCH 30/31] Revert "Try out what the default number of cores does on GitHub Actions" This reverts commit 0c0b83536685c1c21d7591d17bed364c732abf95. Not setting cores by hand made the build take 5m31s instead of 2m46s. Undoing that change. --- .github/workflows/nix.yml | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/.github/workflows/nix.yml b/.github/workflows/nix.yml index e9d37ffef9..2930d0544d 100644 --- a/.github/workflows/nix.yml +++ b/.github/workflows/nix.yml @@ -62,14 +62,26 @@ jobs: purge-primary-key: never - name: Build package + env: + # CircleCI build environment looks like it has a zillion and a half cores. + # Don't let Nix autodetect this high core count because it blows up memory + # usage and fails the test run. Pick a number of cores that suits the build + # environment we're paying for (the free one!). + DEPENDENCY_CORES: 3 run: | nix build \ --verbose \ --print-build-logs \ + --cores "$DEPENDENCY_CORES" \ .#python${{ matrix.python-version }}-tahoe-lafs - name: Unit test + env: + # Once dependencies are built, we can allow some more concurrency for our own + # test suite. + UNITTEST_CORES: 8 run: | nix run \ .#python${{ matrix.python-version }}-unittest -- \ + --jobs $UNITTEST_CORES \ allmydata From 7042baf9f127fec07922ed104ec255c4ab6fd32c Mon Sep 17 00:00:00 2001 From: Florian Sesser Date: Thu, 5 Dec 2024 01:38:30 +0000 Subject: [PATCH 31/31] Remove NixOS jobs from CircleCI ... they run much better in GitHub Actions --- .circleci/config.yml | 115 ------------------------------------------- 1 file changed, 115 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 6377ece0b9..685a5f2e26 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -92,16 +92,6 @@ workflows: - "oraclelinux-8": {} - - "nixos": - name: "<>" - nixpkgs: "nixpkgs-unstable" - matrix: - parameters: - pythonVersion: - - "python39" - - "python310" - - "python311" - # Eventually, test against PyPy 3.8 #- "pypy27-buster": # {} @@ -574,40 +564,6 @@ jobs: image: "tahoelafsci/fedora:35-py3" user: "nobody" - nixos: - parameters: - nixpkgs: - description: >- - Reference the name of a flake-managed nixpkgs input (see `nix flake - metadata` and flake.nix) - type: "string" - pythonVersion: - description: >- - Reference the name of a Python package in nixpkgs to use. - type: "string" - - executor: "nix" - - steps: - - "nix-build": - nixpkgs: "<>" - pythonVersion: "<>" - buildSteps: - - "run": - name: "Unit Test" - command: | - source .circleci/lib.sh - - # Translate the nixpkgs selection into a flake reference we - # can use to override the default nixpkgs input. - NIXPKGS=$(nixpkgs_flake_reference <>) - - cache_if_able nix run \ - --override-input nixpkgs "$NIXPKGS" \ - .#<>-unittest -- \ - --jobs $UNITTEST_CORES \ - allmydata - typechecks: docker: - <<: *DOCKERHUB_AUTH @@ -737,74 +693,3 @@ executors: shell: "powershell.exe -ExecutionPolicy Bypass" resource_class: "windows.large" - nix: - docker: - # Run in a highly Nix-capable environment. - - <<: *DOCKERHUB_AUTH - image: "nixos/nix:2.16.1" - environment: - # CACHIX_AUTH_TOKEN is manually set in the CircleCI web UI and allows us - # to push to CACHIX_NAME. CACHIX_NAME tells cachix which cache to push - # to. - CACHIX_NAME: "tahoe-lafs-opensource" - # Let us use features marked "experimental". For example, most/all of - # the `nix ` forms. - NIX_CONFIG: "experimental-features = nix-command flakes" - -commands: - nix-build: - parameters: - nixpkgs: - description: >- - Reference the name of a flake-managed nixpkgs input (see `nix flake - metadata` and flake.nix) - type: "string" - pythonVersion: - description: >- - Reference the name of a Python package in nixpkgs to use. - type: "string" - buildSteps: - description: >- - The build steps to execute after setting up the build environment. - type: "steps" - - steps: - - "run": - # Get cachix for Nix-friendly caching. - name: "Install Basic Dependencies" - command: | - # Get some build environment dependencies and let them float on a - # certain release branch. These aren't involved in the actual - # package build (only in CI environment setup) so the fact that - # they float shouldn't hurt reproducibility. - NIXPKGS="nixpkgs/nixos-23.05" - nix profile install $NIXPKGS#cachix $NIXPKGS#bash $NIXPKGS#jp - - # Activate our cachix cache for "binary substitution". This sets - # up configuration tht lets Nix download something from the cache - # instead of building it locally, if possible. - cachix use "${CACHIX_NAME}" - - - "checkout" - - - "run": - # The Nix package doesn't know how to do this part, unfortunately. - name: "Generate version" - command: | - nix-shell \ - -p 'python3.withPackages (ps: [ ps.setuptools ])' \ - --run 'python setup.py update_version' - - - "run": - name: "Build Package" - command: | - source .circleci/lib.sh - NIXPKGS=$(nixpkgs_flake_reference <>) - cache_if_able nix build \ - --verbose \ - --print-build-logs \ - --cores "$DEPENDENCY_CORES" \ - --override-input nixpkgs "$NIXPKGS" \ - .#<>-tahoe-lafs - - - steps: "<>"