lorri: init at version unstable-2019-10-30 #72889
Conversation
pkgs/tools/misc/lorri/default.nix
Outdated
| description = "Your project's nix-env"; | ||
| homepage = "https://github.com/target/lorri"; | ||
| license = licenses.asl20; | ||
| maintainers = [ maintainers.Profpatsch ]; |
There was a problem hiding this comment.
@Profpatsch :D - let me know if you're okay with this
There was a problem hiding this comment.
Sure. We should add Graham and yourself :)
pkgs/tools/misc/lorri/default.nix
Outdated
| description = "Your project's nix-env"; | ||
| homepage = "https://github.com/target/lorri"; | ||
| license = licenses.asl20; | ||
| maintainers = [ maintainers.Profpatsch ]; |
There was a problem hiding this comment.
Sure. We should add Graham and yourself :)
pkgs/tools/misc/lorri/default.nix
Outdated
|
|
||
| rustPlatform.buildRustPackage rec { | ||
| pname = "lorri"; | ||
| version = "rolling-release-2019-10-30"; |
There was a problem hiding this comment.
I think we wanted to push this as 0.5 (should also put that into the Cargo.toml in upstream).
There was a problem hiding this comment.
Cool - I'm happy to change this to reflect a new release of lorri. For now, I think that rolling-release-2019-10-30 is an accurate name for the revision this is pulling from.
There was a problem hiding this comment.
Thanks for the porting effort.
I think unstable-YYYY-MM-DD is the preferred naming schema. But 0.5 is released soon. So no further change needed.
pkgs/tools/misc/lorri/default.nix
Outdated
| cargoSha256 = "1daff4plh7hwclfp21hkx4fiflh9r80y2c7k2sd3zm4lmpy0jpfz"; | ||
|
|
||
| # Note that https://travis-ci.org/target/lorri/builds/605036891 passed. | ||
| doCheck = false; |
There was a problem hiding this comment.
Are the tests failing? We might want to enable them, because we pin a different nixpkgs version in the lorri repo (which we don’t update that often usually).
There was a problem hiding this comment.
Yes, they were failing due to path issues. I'll look into making them pass.
There was a problem hiding this comment.
Okay, here's what I've tried:
- If I just set
doCheck = true, two tests fail. One of them because it fails to write something to/nix/var. I believe that this error does not occur upstream because of thebogus-nixpkgsNIX_PATH: https://github.com/target/lorri/blob/95c3e3da1be4f0d8ddb62dce21afa02d8cecfdf7/default.nix#L18. I don't really understand the effect of setting this. - The
bogus-nixpkgsthing in the upstreamdefault.nixrequires that directory to exist, and possibly also to be populated with packages that are used for testing: https://github.com/target/lorri/tree/95c3e3da1be4f0d8ddb62dce21afa02d8cecfdf7/nix/bogus-nixpkgs. I think there is a way to make this work, which is essentially "copy every .nix file from thelorrirepo intonixpkgsin this PR". - As a last alternative, I kept
doCheck = falseand tried to create an integration test innixpkgs/nixos/tests. I didn't get very far unfortunately: making the Python test helpers do what I want is non-trivial.
There was a problem hiding this comment.
- I don't really understand the effect of setting this.
Setting it in the checkPhase should be fine and fix that issue.
- which is essentially "copy every .nix file from the
lorrirepo intonixpkgsin this PR".
Just the stuff under nix/bogus-nixpkgs should be necessary.
There was a problem hiding this comment.
I couldn't get it to work, and I'm not convinced it is worth cluttering the nixpkgs repo with lorri's nix files and slowing down the nixpkgs build given that lorri has CI. You can see my attempts in the commit history of this branch.
There was a problem hiding this comment.
@curiousleo you can just point the NIX_PATH to $src. No need to have these nix files locally.
There was a problem hiding this comment.
Yep, you can do something like
preCheck = ''
export NIX_PATH=nixpkgs=${src}/nix/bogus-nixpkgs
''
There was a problem hiding this comment.
you can just point the NIX_PATH to $src. No need to have these nix files locally.
I must have misunderstood @Profpatsch - I thought you said that there were checks preventing the use of this technique in order to ensure all nix files are actually checked into this repo.
That makes things much neater, of course! :)
There was a problem hiding this comment.
Yep, you can do something like
preCheck = '' export NIX_PATH=nixpkgs=${src}/nix/bogus-nixpkgs ''
The test errors with "can't write to /nix/store" persist. Do you think running the unit tests is necessary if there is an integration test (https://github.com/NixOS/nixpkgs/blob/115d1ec64f851df9db365ad7b6bf7b3e629f32d0/nixos/tests/lorri/default.nix)? If yes, I'm going to need help with getting doCheck = true to work.
There was a problem hiding this comment.
Let’s just set it to false for now, to get it in. We are running the tests upstream anyway.
| PrivateTmp = true; | ||
| ProtectSystem = "strict"; | ||
| ProtectHome = "read-only"; | ||
| Restart = "on-failure"; |
There was a problem hiding this comment.
Not sure, it’s certainly more user-friendly, but would we be notified of issues that way?
There was a problem hiding this comment.
It should still appear in the syslog, and if it keeps crashing, systemd won't restart it indefinitely, so should be fine IMHO.
| serviceConfig = { | ||
| ExecStart = "${pkgs.lorri}/bin/lorri daemon"; | ||
| PrivateTmp = true; | ||
| ProtectSystem = "strict"; |
There was a problem hiding this comment.
Remark: Even more strict would be if we'd have systemd-confinement for user units.
There was a problem hiding this comment.
I'd keep that as a follow-up.
There was a problem hiding this comment.
Thanks @aszlig and @Profpatsch for the reviews! I will now do the following:
- Remove the systemd service from this PR as suggested by @Profpatsch.
- Address your comments on the package declaration to get it into a mergeable state.
- Create a second PR with just the systemd service and address your comments related to the service declaration there. I'll reply to your comments here and point to the changes I'll have made so you'll see that I will have addressed them.
pkgs/tools/misc/lorri/default.nix
Outdated
|
|
||
| rustPlatform.buildRustPackage rec { | ||
| pname = "lorri"; | ||
| version = "rolling-release-2019-10-30"; |
There was a problem hiding this comment.
Cool - I'm happy to change this to reflect a new release of lorri. For now, I think that rolling-release-2019-10-30 is an accurate name for the revision this is pulling from.
pkgs/tools/misc/lorri/default.nix
Outdated
| cargoSha256 = "1daff4plh7hwclfp21hkx4fiflh9r80y2c7k2sd3zm4lmpy0jpfz"; | ||
|
|
||
| # Note that https://travis-ci.org/target/lorri/builds/605036891 passed. | ||
| doCheck = false; |
There was a problem hiding this comment.
Yes, they were failing due to path issues. I'll look into making them pass.
|
Comments on the package declaration addressed, PTAL. (See #72889 (review) for what I'm planning to do next.) |
curiousleo
changed the title
|
I have not yet addressed all review comments - no need to review again at this point, thanks! |
| serviceConfig = { | ||
| ExecStart = "${pkgs.lorri}/bin/lorri daemon"; | ||
| PrivateTmp = true; | ||
| ProtectSystem = "strict"; |
There was a problem hiding this comment.
I'd keep that as a follow-up.
| PrivateTmp = true; | ||
| ProtectSystem = "strict"; | ||
| ProtectHome = "read-only"; | ||
| Restart = "on-failure"; |
There was a problem hiding this comment.
It should still appear in the syslog, and if it keeps crashing, systemd won't restart it indefinitely, so should be fine IMHO.
curiousleo
force-pushed
the
add-lorri
branch
from
115d1ec
to
98dd3bb
Compare
curiousleo
force-pushed
the
add-lorri
branch
2 times, most recently
from
c990d27
to
061169f
Compare
|
Comments addressed, PTAL. |
curiousleo
changed the title
curiousleo
force-pushed
the
add-lorri
branch
from
061169f
to
0e54a83
Compare
|
@grahamc @Profpatsch mind taking another look? |
|
@GrahamcOfBorg test lorri |
| ) | ||
|
|
||
| # Start the daemon and wait until it is ready | ||
| machine.execute("lorri daemon > lorri.stdout 2> lorri.stderr &") |
There was a problem hiding this comment.
At least according to previous discussions, we don't really want to run lorri as the root user, do we?
I'd suggest to import ./common/user-account.nix, and run it as alice or bob.
We also don't test the socket activation at all. I propose starting and forking the daemon manually should be done for alice, and bob should rely on systemd socket activation. WDYT?
There was a problem hiding this comment.
My thinking:
no test < current test < what you're proposing
Unfortunately I can't get your proposal to work! So I'm inclined to merge now with the test as-is, and improve on the test in a follow-up.
There was a problem hiding this comment.
Captured this task here: target/lorri#218
Includes user service (nixos/modules/services/development/lorri) that starts on demand.
curiousleo
force-pushed
the
add-lorri
branch
from
0e54a83
to
5ca6763
Compare
curiousleo
force-pushed
the
add-lorri
branch
from
5ca6763
to
0cec061
Compare
|
@GrahamcOfBorg test lorri |
|
LGTM! |
Motivation for this change
lorriis still unstable, but already makes it easier to work with project-specific Nix shells.Things done
sandboxinnix.confon non-NixOS linux)nix-shell -p nix-review --run "nix-review wip"(trivially true:lorriis not depended on by any other package at the moment)./result/bin/)nix path-info -Sbefore and after)Notify maintainers
cc @Profpatsch @grahamc @ocharles