New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
lorri: init at version unstable-2019-10-30 #72889
Conversation
pkgs/tools/misc/lorri/default.nix
Outdated
description = "Your project's nix-env"; | ||
homepage = "https://github.com/target/lorri"; | ||
license = licenses.asl20; | ||
maintainers = [ maintainers.Profpatsch ]; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@Profpatsch :D - let me know if you're okay with this
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sure. We should add Graham and yourself :)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Great work!
pkgs/tools/misc/lorri/default.nix
Outdated
description = "Your project's nix-env"; | ||
homepage = "https://github.com/target/lorri"; | ||
license = licenses.asl20; | ||
maintainers = [ maintainers.Profpatsch ]; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sure. We should add Graham and yourself :)
pkgs/tools/misc/lorri/default.nix
Outdated
|
||
rustPlatform.buildRustPackage rec { | ||
pname = "lorri"; | ||
version = "rolling-release-2019-10-30"; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think we wanted to push this as 0.5 (should also put that into the Cargo.toml
in upstream).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Cool - I'm happy to change this to reflect a new release of lorri
. For now, I think that rolling-release-2019-10-30
is an accurate name for the revision this is pulling from.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for the porting effort.
I think unstable-YYYY-MM-DD
is the preferred naming schema. But 0.5 is released soon. So no further change needed.
pkgs/tools/misc/lorri/default.nix
Outdated
cargoSha256 = "1daff4plh7hwclfp21hkx4fiflh9r80y2c7k2sd3zm4lmpy0jpfz"; | ||
|
||
# Note that https://travis-ci.org/target/lorri/builds/605036891 passed. | ||
doCheck = false; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Are the tests failing? We might want to enable them, because we pin a different nixpkgs
version in the lorri repo (which we don’t update that often usually).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, they were failing due to path issues. I'll look into making them pass.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Okay, here's what I've tried:
- If I just set
doCheck = true
, two tests fail. One of them because it fails to write something to/nix/var
. I believe that this error does not occur upstream because of thebogus-nixpkgs
NIX_PATH: https://github.com/target/lorri/blob/95c3e3da1be4f0d8ddb62dce21afa02d8cecfdf7/default.nix#L18. I don't really understand the effect of setting this. - The
bogus-nixpkgs
thing in the upstreamdefault.nix
requires that directory to exist, and possibly also to be populated with packages that are used for testing: https://github.com/target/lorri/tree/95c3e3da1be4f0d8ddb62dce21afa02d8cecfdf7/nix/bogus-nixpkgs. I think there is a way to make this work, which is essentially "copy every .nix file from thelorri
repo intonixpkgs
in this PR". - As a last alternative, I kept
doCheck = false
and tried to create an integration test innixpkgs/nixos/tests
. I didn't get very far unfortunately: making the Python test helpers do what I want is non-trivial.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
- I don't really understand the effect of setting this.
Setting it in the checkPhase
should be fine and fix that issue.
- which is essentially "copy every .nix file from the
lorri
repo intonixpkgs
in this PR".
Just the stuff under nix/bogus-nixpkgs
should be necessary.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I couldn't get it to work, and I'm not convinced it is worth cluttering the nixpkgs repo with lorri's nix files and slowing down the nixpkgs build given that lorri
has CI. You can see my attempts in the commit history of this branch.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@curiousleo you can just point the NIX_PATH to $src. No need to have these nix files locally.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yep, you can do something like
preCheck = ''
export NIX_PATH=nixpkgs=${src}/nix/bogus-nixpkgs
''
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
you can just point the NIX_PATH to $src. No need to have these nix files locally.
I must have misunderstood @Profpatsch - I thought you said that there were checks preventing the use of this technique in order to ensure all nix files are actually checked into this repo.
That makes things much neater, of course! :)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yep, you can do something like
preCheck = '' export NIX_PATH=nixpkgs=${src}/nix/bogus-nixpkgs ''
The test errors with "can't write to /nix/store" persist. Do you think running the unit tests is necessary if there is an integration test (https://github.com/NixOS/nixpkgs/blob/115d1ec64f851df9db365ad7b6bf7b3e629f32d0/nixos/tests/lorri/default.nix)? If yes, I'm going to need help with getting doCheck = true
to work.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Let’s just set it to false
for now, to get it in. We are running the tests upstream anyway.
PrivateTmp = true; | ||
ProtectSystem = "strict"; | ||
ProtectHome = "read-only"; | ||
Restart = "on-failure"; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Not sure, it’s certainly more user-friendly, but would we be notified of issues that way?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It should still appear in the syslog, and if it keeps crashing, systemd won't restart it indefinitely, so should be fine IMHO.
serviceConfig = { | ||
ExecStart = "${pkgs.lorri}/bin/lorri daemon"; | ||
PrivateTmp = true; | ||
ProtectSystem = "strict"; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Remark: Even more strict would be if we'd have systemd-confinement for user units.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'd keep that as a follow-up.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks @aszlig and @Profpatsch for the reviews! I will now do the following:
- Remove the systemd service from this PR as suggested by @Profpatsch.
- Address your comments on the package declaration to get it into a mergeable state.
- Create a second PR with just the systemd service and address your comments related to the service declaration there. I'll reply to your comments here and point to the changes I'll have made so you'll see that I will have addressed them.
pkgs/tools/misc/lorri/default.nix
Outdated
|
||
rustPlatform.buildRustPackage rec { | ||
pname = "lorri"; | ||
version = "rolling-release-2019-10-30"; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Cool - I'm happy to change this to reflect a new release of lorri
. For now, I think that rolling-release-2019-10-30
is an accurate name for the revision this is pulling from.
pkgs/tools/misc/lorri/default.nix
Outdated
cargoSha256 = "1daff4plh7hwclfp21hkx4fiflh9r80y2c7k2sd3zm4lmpy0jpfz"; | ||
|
||
# Note that https://travis-ci.org/target/lorri/builds/605036891 passed. | ||
doCheck = false; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, they were failing due to path issues. I'll look into making them pass.
Comments on the package declaration addressed, PTAL. (See #72889 (review) for what I'm planning to do next.) |
I have not yet addressed all review comments - no need to review again at this point, thanks! |
serviceConfig = { | ||
ExecStart = "${pkgs.lorri}/bin/lorri daemon"; | ||
PrivateTmp = true; | ||
ProtectSystem = "strict"; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'd keep that as a follow-up.
PrivateTmp = true; | ||
ProtectSystem = "strict"; | ||
ProtectHome = "read-only"; | ||
Restart = "on-failure"; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It should still appear in the syslog, and if it keeps crashing, systemd won't restart it indefinitely, so should be fine IMHO.
115d1ec
to
98dd3bb
Compare
c990d27
to
061169f
Compare
Comments addressed, PTAL. |
061169f
to
0e54a83
Compare
@grahamc @Profpatsch mind taking another look? |
@GrahamcOfBorg test lorri |
) | ||
|
||
# Start the daemon and wait until it is ready | ||
machine.execute("lorri daemon > lorri.stdout 2> lorri.stderr &") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
At least according to previous discussions, we don't really want to run lorri as the root
user, do we?
I'd suggest to import ./common/user-account.nix
, and run it as alice or bob.
We also don't test the socket activation at all. I propose starting and forking the daemon manually should be done for alice
, and bob
should rely on systemd socket activation. WDYT?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
My thinking:
no test < current test < what you're proposing
Unfortunately I can't get your proposal to work! So I'm inclined to merge now with the test as-is, and improve on the test in a follow-up.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Captured this task here: target/lorri#218
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think we can merge
Addressed the description part, PTAL. Would love a meta.longDescription
as well, but that can be fixed later.
We can pull the tests into a different PR if you want, the module and package are good!
Includes user service (nixos/modules/services/development/lorri) that starts on demand.
0e54a83
to
5ca6763
Compare
5ca6763
to
0cec061
Compare
@GrahamcOfBorg test lorri |
LGTM! |
Motivation for this change
lorri
is still unstable, but already makes it easier to work with project-specific Nix shells.Things done
sandbox
innix.conf
on non-NixOS linux)nix-shell -p nix-review --run "nix-review wip"
(trivially true:lorri
is not depended on by any other package at the moment)./result/bin/
)nix path-info -S
before and after)Notify maintainers
cc @Profpatsch @grahamc @ocharles