chore(nixery): Housekeeping for depot compatibility
Cleans up a whole bunch of things I wanted to get out of the door right away: * depot internal references to //third_party/nixery have been replaced with //tools/nixery * cleaned up files from Github * fixed SPDX & Copyright headers * code formatting and inclusion in //tools/depotfmt checks Change-Id: Iea79f0fdf3aa04f71741d4f4032f88605ae415bb Reviewed-on: https://cl.tvl.fyi/c/depot/+/5486 Tested-by: BuildkiteCI Reviewed-by: tazjin <tazjin@tvl.su> Autosubmit: tazjin <tazjin@tvl.su>
This commit is contained in:
		
							parent
							
								
									535ad8732a
								
							
						
					
					
						commit
						6716bf018c
					
				
					 32 changed files with 192 additions and 478 deletions
				
			
		|  | @ -49,6 +49,9 @@ configuration is tracked in `//ops/{modules,machines}`. | ||||||
| * [`//nix/readTree`](https://cs.tvl.fyi/depot/-/blob/nix/readTree/README.md) | * [`//nix/readTree`](https://cs.tvl.fyi/depot/-/blob/nix/readTree/README.md) | ||||||
|   contains the Nix code which automatically registers projects in our Nix |   contains the Nix code which automatically registers projects in our Nix | ||||||
|   attribute hierarchy based on their in-tree location |   attribute hierarchy based on their in-tree location | ||||||
|  | * [`//tools/nixery`](https://cs.tvl.fyi/depot/-/tree/tools/nixery) | ||||||
|  |   contains the source code of [Nixery][], a container registry that | ||||||
|  |   can build images ad-hoc from Nix packages | ||||||
| * `//nix/yants` contains **Y**et **A**nother **N**ix **T**ype **S**ystem, which | * `//nix/yants` contains **Y**et **A**nother **N**ix **T**ype **S**ystem, which | ||||||
|   we use for a variety of things throughout the repository |   we use for a variety of things throughout the repository | ||||||
| * `//nix/buildGo` implements a Nix library that can build Go software in the | * `//nix/buildGo` implements a Nix library that can build Go software in the | ||||||
|  | @ -119,3 +122,4 @@ Hackint also provide a [web chat][tvl-webchat]. | ||||||
| [hackint-xmpp]: https://hackint.org/transport/xmpp | [hackint-xmpp]: https://hackint.org/transport/xmpp | ||||||
| [tvl-xmpp]: xmpp:#tvl@irc.hackint.org?join | [tvl-xmpp]: xmpp:#tvl@irc.hackint.org?join | ||||||
| [tvl-webchat]: https://webirc.hackint.org/#ircs://irc.hackint.org/#tvl | [tvl-webchat]: https://webirc.hackint.org/#ircs://irc.hackint.org/#tvl | ||||||
|  | [Nixery]: https://nixery.dev | ||||||
|  |  | ||||||
|  | @ -28,7 +28,7 @@ in | ||||||
|         StateDirectory = "nixery"; |         StateDirectory = "nixery"; | ||||||
|         Restart = "always"; |         Restart = "always"; | ||||||
|         ExecStartPre = "${pkgs.coreutils}/bin/mkdir -p ${storagePath}"; |         ExecStartPre = "${pkgs.coreutils}/bin/mkdir -p ${storagePath}"; | ||||||
|         ExecStart = "${depot.third_party.nixery.nixery-bin}/bin/nixery"; |         ExecStart = "${depot.tools.nixery.nixery-bin}/bin/nixery"; | ||||||
|       }; |       }; | ||||||
| 
 | 
 | ||||||
|       environment = { |       environment = { | ||||||
|  |  | ||||||
							
								
								
									
										19
									
								
								third_party/nixery/default.nix
									
										
									
									
										vendored
									
									
								
							
							
						
						
									
										19
									
								
								third_party/nixery/default.nix
									
										
									
									
										vendored
									
									
								
							|  | @ -1,19 +0,0 @@ | ||||||
| # Import the Nixery repository as-is, but pass our own package set |  | ||||||
| # instead of the pin it has. |  | ||||||
| { depot, pkgs, ... }: |  | ||||||
| 
 |  | ||||||
| let |  | ||||||
|   inherit (depot.nix.readTree) drvTargets; |  | ||||||
| 
 |  | ||||||
|   commit = "601cd998077f77f257ad1a40fa488add8464650f"; |  | ||||||
|   src = pkgs.fetchFromGitHub { |  | ||||||
|     owner = "google"; |  | ||||||
|     repo = "nixery"; |  | ||||||
|     rev = commit; |  | ||||||
|     sha256 = "195rz25y3hfxcmniysajzjg7g69qhz7w06lql8fn0dbcdcxsq6g4"; |  | ||||||
|   }; |  | ||||||
| in |  | ||||||
| drvTargets (import src { |  | ||||||
|   inherit pkgs; |  | ||||||
|   commitHash = _: commit; |  | ||||||
| }) |  | ||||||
|  | @ -24,8 +24,7 @@ let | ||||||
|     includes = [ "*.nix" ] |     includes = [ "*.nix" ] | ||||||
|     excludes = [ |     excludes = [ | ||||||
|       "third_party/nix/tests/*", |       "third_party/nix/tests/*", | ||||||
|       "third_party/nix/src/tests/*", |       "third_party/nix/src/tests/*" | ||||||
|       "tools/nixery/*" |  | ||||||
|     ] |     ] | ||||||
| 
 | 
 | ||||||
|     [formatter.rust] |     [formatter.rust] | ||||||
|  |  | ||||||
							
								
								
									
										2
									
								
								tools/nixery/.gitattributes
									
										
									
									
										vendored
									
									
								
							
							
						
						
									
										2
									
								
								tools/nixery/.gitattributes
									
										
									
									
										vendored
									
									
								
							|  | @ -1,2 +0,0 @@ | ||||||
| # Ignore stylesheet modifications for the book in Linguist stats |  | ||||||
| *.css linguist-detectable=false |  | ||||||
|  | @ -1,27 +0,0 @@ | ||||||
| # Build Nixery, spin up an instance and pull an image from it. |  | ||||||
| name: "Build and test Nixery" |  | ||||||
| on: |  | ||||||
|   push: |  | ||||||
|     branches: |  | ||||||
|       - master |  | ||||||
|   pull_request: {} |  | ||||||
| env: |  | ||||||
|   NIX_PATH: "nixpkgs=https://github.com/NixOS/nixpkgs/archive/4263ba5e133cc3fc699c1152ab5ee46ef668e675.tar.gz" |  | ||||||
| jobs: |  | ||||||
|   build-and-test: |  | ||||||
|     runs-on: ubuntu-latest |  | ||||||
|     steps: |  | ||||||
|       - name: Install Nix |  | ||||||
|         uses: cachix/install-nix-action@v13 |  | ||||||
|       - name: Checkout |  | ||||||
|         uses: actions/checkout@v2.3.4 |  | ||||||
|       - name: Prepare environment |  | ||||||
|         run: nix-env -f '<nixpkgs>' -iA go |  | ||||||
|       - name: Check formatting |  | ||||||
|         run: "test -z $(gofmt -l .)" |  | ||||||
|       - name: Run `go vet` |  | ||||||
|         run: "go vet ./..." |  | ||||||
|       - name: Build Nixery |  | ||||||
|         run: "nix-build --no-out-link" |  | ||||||
|       - name: Run integration test |  | ||||||
|         run: scripts/integration-test.sh |  | ||||||
|  | @ -1,35 +0,0 @@ | ||||||
| # How to Contribute |  | ||||||
| 
 |  | ||||||
| We'd love to accept your patches and contributions to this project. There are |  | ||||||
| just a few small guidelines you need to follow. |  | ||||||
| 
 |  | ||||||
| ## Contributor License Agreement |  | ||||||
| 
 |  | ||||||
| Contributions to this project must be accompanied by a Contributor License |  | ||||||
| Agreement. You (or your employer) retain the copyright to your contribution; |  | ||||||
| this simply gives us permission to use and redistribute your contributions as |  | ||||||
| part of the project. Head over to <https://cla.developers.google.com/> to see |  | ||||||
| your current agreements on file or to sign a new one. |  | ||||||
| 
 |  | ||||||
| You generally only need to submit a CLA once, so if you've already submitted one |  | ||||||
| (even if it was for a different project), you probably don't need to do it |  | ||||||
| again. |  | ||||||
| 
 |  | ||||||
| ## Commit messages |  | ||||||
| 
 |  | ||||||
| Commits in this repository follow the [Angular commit message |  | ||||||
| guidelines][commits]. |  | ||||||
| 
 |  | ||||||
| ## Code reviews |  | ||||||
| 
 |  | ||||||
| All submissions, including submissions by project members, require review. We |  | ||||||
| use GitHub pull requests for this purpose. Consult |  | ||||||
| [GitHub Help](https://help.github.com/articles/about-pull-requests/) for more |  | ||||||
| information on using pull requests. |  | ||||||
| 
 |  | ||||||
| ## Community Guidelines |  | ||||||
| 
 |  | ||||||
| This project follows [Google's Open Source Community |  | ||||||
| Guidelines](https://opensource.google.com/conduct/). |  | ||||||
| 
 |  | ||||||
| [commits]: https://github.com/angular/angular/blob/master/CONTRIBUTING.md#commit |  | ||||||
|  | @ -4,7 +4,7 @@ | ||||||
| 
 | 
 | ||||||
| ----------------- | ----------------- | ||||||
| 
 | 
 | ||||||
| [](https://github.com/tazjin/nixery/actions/workflows/build-and-test.yaml) | [](https://buildkite.com/tvl/depot) | ||||||
| 
 | 
 | ||||||
| **Nixery** is a Docker-compatible container registry that is capable of | **Nixery** is a Docker-compatible container registry that is capable of | ||||||
| transparently building and serving container images using [Nix][]. | transparently building and serving container images using [Nix][]. | ||||||
|  | @ -24,6 +24,15 @@ You can watch the NixCon 2019 [talk about | ||||||
| Nixery](https://www.youtube.com/watch?v=pOI9H4oeXqA) for more information about | Nixery](https://www.youtube.com/watch?v=pOI9H4oeXqA) for more information about | ||||||
| the project and its use-cases. | the project and its use-cases. | ||||||
| 
 | 
 | ||||||
|  | The canonical location of the Nixery source code is | ||||||
|  | [`//tools/nixery`][depot-link] in the [TVL](https://tvl.fyi) | ||||||
|  | monorepository. If cloning the entire repository is not desirable, the | ||||||
|  | Nixery subtree can be cloned like this: | ||||||
|  | 
 | ||||||
|  |     git clone https://code.tvl.fyi/depot.git:/tools/nixery.git | ||||||
|  | 
 | ||||||
|  | The subtree is infrequently mirrored to `tazjin/nixery` on Github. | ||||||
|  | 
 | ||||||
| ## Demo | ## Demo | ||||||
| 
 | 
 | ||||||
| Click the image to see an example in which an image containing an interactive | Click the image to see an example in which an image containing an interactive | ||||||
|  | @ -139,8 +148,9 @@ separate Nix function, which will make it possible to build images directly in | ||||||
| Nix builds. | Nix builds. | ||||||
| 
 | 
 | ||||||
| [Nix]: https://nixos.org/ | [Nix]: https://nixos.org/ | ||||||
| [layering strategy]: https://storage.googleapis.com/nixdoc/nixery-layers.html | [layering strategy]: https://tazj.in/blog/nixery-layers | ||||||
| [gist]: https://gist.github.com/tazjin/08f3d37073b3590aacac424303e6f745 | [gist]: https://gist.github.com/tazjin/08f3d37073b3590aacac424303e6f745 | ||||||
| [buildLayeredImage]: https://grahamc.com/blog/nix-and-layered-docker-images | [buildLayeredImage]: https://grahamc.com/blog/nix-and-layered-docker-images | ||||||
| [public]: https://nixery.dev | [public]: https://nixery.dev | ||||||
|  | [depot-link]: https://cs.tvl.fyi/depot/-/tree/tools/nixery | ||||||
| [gcs]: https://cloud.google.com/storage/ | [gcs]: https://cloud.google.com/storage/ | ||||||
|  |  | ||||||
|  | @ -1,16 +1,5 @@ | ||||||
| // Copyright 2019 Google LLC | // Copyright 2022 The TVL Contributors | ||||||
| // | // SPDX-License-Identifier: Apache-2.0 | ||||||
| // Licensed under the Apache License, Version 2.0 (the "License"); you may not |  | ||||||
| // use this file except in compliance with the License. You may obtain a copy of |  | ||||||
| // the License at |  | ||||||
| // |  | ||||||
| //     https://www.apache.org/licenses/LICENSE-2.0 |  | ||||||
| // |  | ||||||
| // Unless required by applicable law or agreed to in writing, software |  | ||||||
| // distributed under the License is distributed on an "AS IS" BASIS, WITHOUT |  | ||||||
| // WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the |  | ||||||
| // License for the specific language governing permissions and limitations under |  | ||||||
| // the License. |  | ||||||
| package builder | package builder | ||||||
| 
 | 
 | ||||||
| // This file implements logic for walking through a directory and creating a | // This file implements logic for walking through a directory and creating a | ||||||
|  |  | ||||||
|  | @ -1,16 +1,5 @@ | ||||||
| // Copyright 2019 Google LLC | // Copyright 2022 The TVL Contributors | ||||||
| // | // SPDX-License-Identifier: Apache-2.0 | ||||||
| // Licensed under the Apache License, Version 2.0 (the "License"); you may not |  | ||||||
| // use this file except in compliance with the License. You may obtain a copy of |  | ||||||
| // the License at |  | ||||||
| // |  | ||||||
| //     https://www.apache.org/licenses/LICENSE-2.0 |  | ||||||
| // |  | ||||||
| // Unless required by applicable law or agreed to in writing, software |  | ||||||
| // distributed under the License is distributed on an "AS IS" BASIS, WITHOUT |  | ||||||
| // WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the |  | ||||||
| // License for the specific language governing permissions and limitations under |  | ||||||
| // the License. |  | ||||||
| 
 | 
 | ||||||
| // Package builder implements the logic for assembling container | // Package builder implements the logic for assembling container | ||||||
| // images. It shells out to Nix to retrieve all required Nix-packages | // images. It shells out to Nix to retrieve all required Nix-packages | ||||||
|  |  | ||||||
|  | @ -1,16 +1,5 @@ | ||||||
| // Copyright 2019 Google LLC | // Copyright 2022 The TVL Contributors | ||||||
| // | // SPDX-License-Identifier: Apache-2.0 | ||||||
| // Licensed under the Apache License, Version 2.0 (the "License"); you may not |  | ||||||
| // use this file except in compliance with the License. You may obtain a copy of |  | ||||||
| // the License at |  | ||||||
| // |  | ||||||
| //     https://www.apache.org/licenses/LICENSE-2.0 |  | ||||||
| // |  | ||||||
| // Unless required by applicable law or agreed to in writing, software |  | ||||||
| // distributed under the License is distributed on an "AS IS" BASIS, WITHOUT |  | ||||||
| // WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the |  | ||||||
| // License for the specific language governing permissions and limitations under |  | ||||||
| // the License. |  | ||||||
| package builder | package builder | ||||||
| 
 | 
 | ||||||
| import ( | import ( | ||||||
|  |  | ||||||
|  | @ -1,16 +1,5 @@ | ||||||
| // Copyright 2019 Google LLC | // Copyright 2022 The TVL Contributors | ||||||
| // | // SPDX-License-Identifier: Apache-2.0 | ||||||
| // Licensed under the Apache License, Version 2.0 (the "License"); you may not |  | ||||||
| // use this file except in compliance with the License. You may obtain a copy of |  | ||||||
| // the License at |  | ||||||
| // |  | ||||||
| //     https://www.apache.org/licenses/LICENSE-2.0 |  | ||||||
| // |  | ||||||
| // Unless required by applicable law or agreed to in writing, software |  | ||||||
| // distributed under the License is distributed on an "AS IS" BASIS, WITHOUT |  | ||||||
| // WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the |  | ||||||
| // License for the specific language governing permissions and limitations under |  | ||||||
| // the License. |  | ||||||
| package builder | package builder | ||||||
| 
 | 
 | ||||||
| import ( | import ( | ||||||
|  |  | ||||||
|  | @ -1,16 +1,5 @@ | ||||||
| // Copyright 2019 Google LLC | // Copyright 2022 The TVL Contributors | ||||||
| // | // SPDX-License-Identifier: Apache-2.0 | ||||||
| // Licensed under the Apache License, Version 2.0 (the "License"); you may not |  | ||||||
| // use this file except in compliance with the License. You may obtain a copy of |  | ||||||
| // the License at |  | ||||||
| // |  | ||||||
| //     https://www.apache.org/licenses/LICENSE-2.0 |  | ||||||
| // |  | ||||||
| // Unless required by applicable law or agreed to in writing, software |  | ||||||
| // distributed under the License is distributed on an "AS IS" BASIS, WITHOUT |  | ||||||
| // WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the |  | ||||||
| // License for the specific language governing permissions and limitations under |  | ||||||
| // the License. |  | ||||||
| 
 | 
 | ||||||
| // This package reads an export reference graph (i.e. a graph representing the | // This package reads an export reference graph (i.e. a graph representing the | ||||||
| // runtime dependencies of a set of derivations) created by Nix and groups it in | // runtime dependencies of a set of derivations) created by Nix and groups it in | ||||||
|  |  | ||||||
|  | @ -1,16 +1,5 @@ | ||||||
| // Copyright 2019 Google LLC | // Copyright 2022 The TVL Contributors | ||||||
| // | // SPDX-License-Identifier: Apache-2.0 | ||||||
| // Licensed under the Apache License, Version 2.0 (the "License"); you may not |  | ||||||
| // use this file except in compliance with the License. You may obtain a copy of |  | ||||||
| // the License at |  | ||||||
| // |  | ||||||
| //     https://www.apache.org/licenses/LICENSE-2.0 |  | ||||||
| // |  | ||||||
| // Unless required by applicable law or agreed to in writing, software |  | ||||||
| // distributed under the License is distributed on an "AS IS" BASIS, WITHOUT |  | ||||||
| // WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the |  | ||||||
| // License for the specific language governing permissions and limitations under |  | ||||||
| // the License. |  | ||||||
| 
 | 
 | ||||||
| // Package config implements structures to store Nixery's configuration at | // Package config implements structures to store Nixery's configuration at | ||||||
| // runtime as well as the logic for instantiating this configuration from the | // runtime as well as the logic for instantiating this configuration from the | ||||||
|  |  | ||||||
|  | @ -1,16 +1,5 @@ | ||||||
| // Copyright 2019 Google LLC | // Copyright 2022 The TVL Contributors | ||||||
| // | // SPDX-License-Identifier: Apache-2.0 | ||||||
| // Licensed under the Apache License, Version 2.0 (the "License"); you may not |  | ||||||
| // use this file except in compliance with the License. You may obtain a copy of |  | ||||||
| // the License at |  | ||||||
| // |  | ||||||
| //     https://www.apache.org/licenses/LICENSE-2.0 |  | ||||||
| // |  | ||||||
| // Unless required by applicable law or agreed to in writing, software |  | ||||||
| // distributed under the License is distributed on an "AS IS" BASIS, WITHOUT |  | ||||||
| // WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the |  | ||||||
| // License for the specific language governing permissions and limitations under |  | ||||||
| // the License. |  | ||||||
| package config | package config | ||||||
| 
 | 
 | ||||||
| import ( | import ( | ||||||
|  |  | ||||||
|  | @ -1,16 +1,5 @@ | ||||||
| # Copyright 2019-2021 Google LLC | # Copyright 2022 The TVL Contributors | ||||||
| # | # SPDX-License-Identifier: Apache-2.0 | ||||||
| # Licensed under the Apache License, Version 2.0 (the "License"); |  | ||||||
| # you may not use this file except in compliance with the License. |  | ||||||
| # You may obtain a copy of the License at |  | ||||||
| # |  | ||||||
| #     https://www.apache.org/licenses/LICENSE-2.0 |  | ||||||
| # |  | ||||||
| # Unless required by applicable law or agreed to in writing, software |  | ||||||
| # distributed under the License is distributed on an "AS IS" BASIS, |  | ||||||
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |  | ||||||
| # See the License for the specific language governing permissions and |  | ||||||
| # limitations under the License. |  | ||||||
| 
 | 
 | ||||||
| # This function header aims to provide compatibility between builds of | # This function header aims to provide compatibility between builds of | ||||||
| # Nixery taking place inside/outside of the TVL depot. | # Nixery taking place inside/outside of the TVL depot. | ||||||
|  | @ -19,12 +8,13 @@ | ||||||
| # build system and this will need some major adaptations to support | # build system and this will need some major adaptations to support | ||||||
| # that. | # that. | ||||||
| { depot ? { nix.readTree.drvTargets = x: x; } | { depot ? { nix.readTree.drvTargets = x: x; } | ||||||
| , pkgs ? import <nixpkgs> {} | , pkgs ? import <nixpkgs> { } | ||||||
| , preLaunch ? "" | , preLaunch ? "" | ||||||
| , extraPackages ? [] | , extraPackages ? [ ] | ||||||
| , maxLayers ? 20 | , maxLayers ? 20 | ||||||
| , commitHash ? null | , commitHash ? null | ||||||
| , ... }@args: | , ... | ||||||
|  | }@args: | ||||||
| 
 | 
 | ||||||
| with pkgs; | with pkgs; | ||||||
| 
 | 
 | ||||||
|  | @ -54,7 +44,8 @@ let | ||||||
|       "-ldflags=-s -w -X main.version=${nixery-commit-hash}" |       "-ldflags=-s -w -X main.version=${nixery-commit-hash}" | ||||||
|     ]; |     ]; | ||||||
|   }; |   }; | ||||||
| in depot.nix.readTree.drvTargets rec { | in | ||||||
|  | depot.nix.readTree.drvTargets rec { | ||||||
|   # Implementation of the Nix image building logic |   # Implementation of the Nix image building logic | ||||||
|   nixery-prepare-image = import ./prepare-image { inherit pkgs; }; |   nixery-prepare-image = import ./prepare-image { inherit pkgs; }; | ||||||
| 
 | 
 | ||||||
|  | @ -79,55 +70,57 @@ in depot.nix.readTree.drvTargets rec { | ||||||
|   # Container image containing Nixery and Nix itself. This image can |   # Container image containing Nixery and Nix itself. This image can | ||||||
|   # be run on Kubernetes, published on AppEngine or whatever else is |   # be run on Kubernetes, published on AppEngine or whatever else is | ||||||
|   # desired. |   # desired. | ||||||
|   nixery-image = let |   nixery-image = | ||||||
|     # Wrapper script for the wrapper script (meta!) which configures |     let | ||||||
|     # the container environment appropriately. |       # Wrapper script for the wrapper script (meta!) which configures | ||||||
|     # |       # the container environment appropriately. | ||||||
|     # Most importantly, sandboxing is disabled to avoid privilege |  | ||||||
|     # issues in containers. |  | ||||||
|     nixery-launch-script = writeShellScriptBin "nixery" '' |  | ||||||
|       set -e |  | ||||||
|       export PATH=${coreutils}/bin:$PATH |  | ||||||
|       export NIX_SSL_CERT_FILE=/etc/ssl/certs/ca-bundle.crt |  | ||||||
|       mkdir -p /tmp |  | ||||||
| 
 |  | ||||||
|       # Create the build user/group required by Nix |  | ||||||
|       echo 'nixbld:x:30000:nixbld' >> /etc/group |  | ||||||
|       echo 'nixbld:x:30000:30000:nixbld:/tmp:/bin/bash' >> /etc/passwd |  | ||||||
|       echo 'root:x:0:0:root:/root:/bin/bash' >> /etc/passwd |  | ||||||
|       echo 'root:x:0:' >> /etc/group |  | ||||||
| 
 |  | ||||||
|       # Disable sandboxing to avoid running into privilege issues |  | ||||||
|       mkdir -p /etc/nix |  | ||||||
|       echo 'sandbox = false' >> /etc/nix/nix.conf |  | ||||||
| 
 |  | ||||||
|       # In some cases users building their own image might want to |  | ||||||
|       # customise something on the inside (e.g. set up an environment |  | ||||||
|       # for keys or whatever). |  | ||||||
|       # |       # | ||||||
|       # This can be achieved by setting a 'preLaunch' script. |       # Most importantly, sandboxing is disabled to avoid privilege | ||||||
|       ${preLaunch} |       # issues in containers. | ||||||
|  |       nixery-launch-script = writeShellScriptBin "nixery" '' | ||||||
|  |         set -e | ||||||
|  |         export PATH=${coreutils}/bin:$PATH | ||||||
|  |         export NIX_SSL_CERT_FILE=/etc/ssl/certs/ca-bundle.crt | ||||||
|  |         mkdir -p /tmp | ||||||
| 
 | 
 | ||||||
|       exec ${nixery-bin}/bin/nixery |         # Create the build user/group required by Nix | ||||||
|     ''; |         echo 'nixbld:x:30000:nixbld' >> /etc/group | ||||||
|   in dockerTools.buildLayeredImage { |         echo 'nixbld:x:30000:30000:nixbld:/tmp:/bin/bash' >> /etc/passwd | ||||||
|     name = "nixery"; |         echo 'root:x:0:0:root:/root:/bin/bash' >> /etc/passwd | ||||||
|     config.Cmd = [ "${nixery-launch-script}/bin/nixery" ]; |         echo 'root:x:0:' >> /etc/group | ||||||
| 
 | 
 | ||||||
|     inherit maxLayers; |         # Disable sandboxing to avoid running into privilege issues | ||||||
|     contents = [ |         mkdir -p /etc/nix | ||||||
|       bashInteractive |         echo 'sandbox = false' >> /etc/nix/nix.conf | ||||||
|       cacert | 
 | ||||||
|       coreutils |         # In some cases users building their own image might want to | ||||||
|       git |         # customise something on the inside (e.g. set up an environment | ||||||
|       gnutar |         # for keys or whatever). | ||||||
|       gzip |         # | ||||||
|       iana-etc |         # This can be achieved by setting a 'preLaunch' script. | ||||||
|       nix |         ${preLaunch} | ||||||
|       nixery-prepare-image | 
 | ||||||
|       nixery-launch-script |         exec ${nixery-bin}/bin/nixery | ||||||
|       openssh |       ''; | ||||||
|       zlib |     in | ||||||
|     ] ++ extraPackages; |     dockerTools.buildLayeredImage { | ||||||
|   }; |       name = "nixery"; | ||||||
|  |       config.Cmd = [ "${nixery-launch-script}/bin/nixery" ]; | ||||||
|  | 
 | ||||||
|  |       inherit maxLayers; | ||||||
|  |       contents = [ | ||||||
|  |         bashInteractive | ||||||
|  |         cacert | ||||||
|  |         coreutils | ||||||
|  |         git | ||||||
|  |         gnutar | ||||||
|  |         gzip | ||||||
|  |         iana-etc | ||||||
|  |         nix | ||||||
|  |         nixery-prepare-image | ||||||
|  |         nixery-launch-script | ||||||
|  |         openssh | ||||||
|  |         zlib | ||||||
|  |       ] ++ extraPackages; | ||||||
|  |     }; | ||||||
| } | } | ||||||
|  |  | ||||||
|  | @ -1,16 +1,5 @@ | ||||||
| # Copyright 2019 Google LLC | # Copyright 2022 The TVL Contributors | ||||||
| # | # SPDX-License-Identifier: Apache-2.0 | ||||||
| # Licensed under the Apache License, Version 2.0 (the "License"); |  | ||||||
| # you may not use this file except in compliance with the License. |  | ||||||
| # You may obtain a copy of the License at |  | ||||||
| # |  | ||||||
| #     https://www.apache.org/licenses/LICENSE-2.0 |  | ||||||
| # |  | ||||||
| # Unless required by applicable law or agreed to in writing, software |  | ||||||
| # distributed under the License is distributed on an "AS IS" BASIS, |  | ||||||
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |  | ||||||
| # See the License for the specific language governing permissions and |  | ||||||
| # limitations under the License. |  | ||||||
| 
 | 
 | ||||||
| # Builds the documentation page using the Rust project's 'mdBook' | # Builds the documentation page using the Rust project's 'mdBook' | ||||||
| # tool. | # tool. | ||||||
|  | @ -27,7 +16,8 @@ let | ||||||
|     rev = "9f0baf5e270128d9101ba4446cf6844889e399a2"; |     rev = "9f0baf5e270128d9101ba4446cf6844889e399a2"; | ||||||
|     sha256 = "1pf9i90gn98vz67h296w5lnwhssk62dc6pij983dff42dbci7lhj"; |     sha256 = "1pf9i90gn98vz67h296w5lnwhssk62dc6pij983dff42dbci7lhj"; | ||||||
|   }; |   }; | ||||||
| in runCommand "nixery-book" { } '' | in | ||||||
|  | runCommand "nixery-book" { } '' | ||||||
|   mkdir -p $out |   mkdir -p $out | ||||||
|   cp -r ${./.}/* . |   cp -r ${./.}/* . | ||||||
|   chmod -R a+w src |   chmod -R a+w src | ||||||
|  |  | ||||||
|  | @ -68,10 +68,6 @@ production project we recommend setting up a private instance. The public Nixery | ||||||
| at `nixery.dev` is run on a best-effort basis and we make no guarantees about | at `nixery.dev` is run on a best-effort basis and we make no guarantees about | ||||||
| availability. | availability. | ||||||
| 
 | 
 | ||||||
| ### Is this an official Google project? |  | ||||||
| 
 |  | ||||||
| **No.** Nixery is not officially supported by Google. |  | ||||||
| 
 |  | ||||||
| ### Who made this? | ### Who made this? | ||||||
| 
 | 
 | ||||||
| Nixery was written by [tazjin][], but many people have contributed to Nix over | Nixery was written by [tazjin][], but many people have contributed to Nix over | ||||||
|  | @ -81,4 +77,4 @@ time, maybe you could become one of them? | ||||||
| [Nix]: https://nixos.org/nix | [Nix]: https://nixos.org/nix | ||||||
| [layering strategy]: https://storage.googleapis.com/nixdoc/nixery-layers.html | [layering strategy]: https://storage.googleapis.com/nixdoc/nixery-layers.html | ||||||
| [layers]: https://grahamc.com/blog/nix-and-layered-docker-images | [layers]: https://grahamc.com/blog/nix-and-layered-docker-images | ||||||
| [tazjin]: https://github.com/tazjin | [tazjin]: https://tazj.in | ||||||
|  |  | ||||||
|  | @ -65,13 +65,17 @@ use it with your own packages. There are three options available: | ||||||
| 
 | 
 | ||||||
| ### 2.1. With a container image | ### 2.1. With a container image | ||||||
| 
 | 
 | ||||||
| The easiest way to run Nixery is to build a container image. | The easiest way to run Nixery is to build a container image. This | ||||||
| This section assumes that the container runtime used is Docker, | section assumes that the container runtime used is Docker, please | ||||||
| please modify instructions accordingly if | modify instructions accordingly if you are using something else. | ||||||
| you are using something else. |  | ||||||
| 
 | 
 | ||||||
| With a working Nix installation, building Nixery is done by invoking `nix-build | With a working Nix installation, you can clone and build the Nixery | ||||||
| -A nixery-image` from a checkout of the [Nixery repository][repo]. | image like this: | ||||||
|  | 
 | ||||||
|  | ``` | ||||||
|  | git clone https://code.tvl.fyi/depot.git:/tools/nixery.git | ||||||
|  | nix-build -A nixery-image | ||||||
|  | ``` | ||||||
| 
 | 
 | ||||||
| This will create a `result`-symlink which points to a tarball containing the | This will create a `result`-symlink which points to a tarball containing the | ||||||
| image. In Docker, this tarball can be loaded by using `docker load -i result`. | image. In Docker, this tarball can be loaded by using `docker load -i result`. | ||||||
|  | @ -184,7 +188,6 @@ If the directory doesn't exist, Nixery will run fine but serve 404. | ||||||
| [nixery#4]: https://github.com/tazjin/nixery/issues/4 | [nixery#4]: https://github.com/tazjin/nixery/issues/4 | ||||||
| [Nix]: https://nixos.org/nix | [Nix]: https://nixos.org/nix | ||||||
| [gcs]: https://cloud.google.com/storage/ | [gcs]: https://cloud.google.com/storage/ | ||||||
| [repo]: https://github.com/tazjin/nixery |  | ||||||
| [signed-urls]: under-the-hood.html#5-image-layers-are-requested | [signed-urls]: under-the-hood.html#5-image-layers-are-requested | ||||||
| [ADC]: https://cloud.google.com/docs/authentication/production#finding_credentials_automatically | [ADC]: https://cloud.google.com/docs/authentication/production#finding_credentials_automatically | ||||||
| [nixinstall]: https://nixos.org/manual/nix/stable/installation/installing-binary.html | [nixinstall]: https://nixos.org/manual/nix/stable/installation/installing-binary.html | ||||||
|  |  | ||||||
|  | @ -1,16 +1,5 @@ | ||||||
| // Copyright 2019 Google LLC | // Copyright 2022 The TVL Contributors | ||||||
| // | // SPDX-License-Identifier: Apache-2.0 | ||||||
| // Licensed under the Apache License, Version 2.0 (the "License"); you may not |  | ||||||
| // use this file except in compliance with the License. You may obtain a copy of |  | ||||||
| // the License at |  | ||||||
| // |  | ||||||
| //     https://www.apache.org/licenses/LICENSE-2.0 |  | ||||||
| // |  | ||||||
| // Unless required by applicable law or agreed to in writing, software |  | ||||||
| // distributed under the License is distributed on an "AS IS" BASIS, WITHOUT |  | ||||||
| // WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the |  | ||||||
| // License for the specific language governing permissions and limitations under |  | ||||||
| // the License. |  | ||||||
| package logs | package logs | ||||||
| 
 | 
 | ||||||
| // This file configures different log formatters via logrus. The | // This file configures different log formatters via logrus. The | ||||||
|  |  | ||||||
|  | @ -1,16 +1,5 @@ | ||||||
| // Copyright 2019-2020 Google LLC | // Copyright 2022 The TVL Contributors | ||||||
| // | // SPDX-License-Identifier: Apache-2.0 | ||||||
| // Licensed under the Apache License, Version 2.0 (the "License"); you may not |  | ||||||
| // use this file except in compliance with the License. You may obtain a copy of |  | ||||||
| // the License at |  | ||||||
| // |  | ||||||
| //     https://www.apache.org/licenses/LICENSE-2.0 |  | ||||||
| // |  | ||||||
| // Unless required by applicable law or agreed to in writing, software |  | ||||||
| // distributed under the License is distributed on an "AS IS" BASIS, WITHOUT |  | ||||||
| // WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the |  | ||||||
| // License for the specific language governing permissions and limitations under |  | ||||||
| // the License. |  | ||||||
| 
 | 
 | ||||||
| // The nixery server implements a container registry that transparently builds | // The nixery server implements a container registry that transparently builds | ||||||
| // container images based on Nix derivations. | // container images based on Nix derivations. | ||||||
|  |  | ||||||
|  | @ -1,16 +1,5 @@ | ||||||
| // Copyright 2019 Google LLC | // Copyright 2022 The TVL Contributors | ||||||
| // | // SPDX-License-Identifier: Apache-2.0 | ||||||
| // Licensed under the Apache License, Version 2.0 (the "License"); you may not |  | ||||||
| // use this file except in compliance with the License. You may obtain a copy of |  | ||||||
| // the License at |  | ||||||
| // |  | ||||||
| //     https://www.apache.org/licenses/LICENSE-2.0 |  | ||||||
| // |  | ||||||
| // Unless required by applicable law or agreed to in writing, software |  | ||||||
| // distributed under the License is distributed on an "AS IS" BASIS, WITHOUT |  | ||||||
| // WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the |  | ||||||
| // License for the specific language governing permissions and limitations under |  | ||||||
| // the License. |  | ||||||
| 
 | 
 | ||||||
| // Package image implements logic for creating the image metadata | // Package image implements logic for creating the image metadata | ||||||
| // (such as the image manifest and configuration). | // (such as the image manifest and configuration). | ||||||
|  |  | ||||||
|  | @ -1,16 +1,5 @@ | ||||||
| # Copyright 2019 Google LLC | # Copyright 2022 The TVL Contributors | ||||||
| # | # SPDX-License-Identifier: Apache-2.0 | ||||||
| # Licensed under the Apache License, Version 2.0 (the "License"); |  | ||||||
| # you may not use this file except in compliance with the License. |  | ||||||
| # You may obtain a copy of the License at |  | ||||||
| # |  | ||||||
| #     https://www.apache.org/licenses/LICENSE-2.0 |  | ||||||
| # |  | ||||||
| # Unless required by applicable law or agreed to in writing, software |  | ||||||
| # distributed under the License is distributed on an "AS IS" BASIS, |  | ||||||
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |  | ||||||
| # See the License for the specific language governing permissions and |  | ||||||
| # limitations under the License. |  | ||||||
| 
 | 
 | ||||||
| { buildGoPackage }: | { buildGoPackage }: | ||||||
| 
 | 
 | ||||||
|  |  | ||||||
|  | @ -1,16 +1,5 @@ | ||||||
| // Copyright 2019 Google LLC | // Copyright 2022 The TVL Contributors | ||||||
| // | // SPDX-License-Identifier: Apache-2.0 | ||||||
| // Licensed under the Apache License, Version 2.0 (the "License"); you may not |  | ||||||
| // use this file except in compliance with the License. You may obtain a copy of |  | ||||||
| // the License at |  | ||||||
| // |  | ||||||
| //     https://www.apache.org/licenses/LICENSE-2.0 |  | ||||||
| // |  | ||||||
| // Unless required by applicable law or agreed to in writing, software |  | ||||||
| // distributed under the License is distributed on an "AS IS" BASIS, WITHOUT |  | ||||||
| // WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the |  | ||||||
| // License for the specific language governing permissions and limitations under |  | ||||||
| // the License. |  | ||||||
| 
 | 
 | ||||||
| // Popcount fetches popularity information for each store path in a | // Popcount fetches popularity information for each store path in a | ||||||
| // given Nix channel from the upstream binary cache. | // given Nix channel from the upstream binary cache. | ||||||
|  |  | ||||||
|  | @ -1,16 +1,5 @@ | ||||||
| # Copyright 2019 Google LLC | # Copyright 2022 The TVL Contributors | ||||||
| # | # SPDX-License-Identifier: Apache-2.0 | ||||||
| # Licensed under the Apache License, Version 2.0 (the "License"); |  | ||||||
| # you may not use this file except in compliance with the License. |  | ||||||
| # You may obtain a copy of the License at |  | ||||||
| # |  | ||||||
| #     https://www.apache.org/licenses/LICENSE-2.0 |  | ||||||
| # |  | ||||||
| # Unless required by applicable law or agreed to in writing, software |  | ||||||
| # distributed under the License is distributed on an "AS IS" BASIS, |  | ||||||
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |  | ||||||
| # See the License for the specific language governing permissions and |  | ||||||
| # limitations under the License. |  | ||||||
| 
 | 
 | ||||||
| # This file builds a wrapper script called by Nixery to ask for the | # This file builds a wrapper script called by Nixery to ask for the | ||||||
| # content information for a given image. | # content information for a given image. | ||||||
|  | @ -18,7 +7,7 @@ | ||||||
| # The purpose of using a wrapper script is to ensure that the paths to | # The purpose of using a wrapper script is to ensure that the paths to | ||||||
| # all required Nix files are set correctly at runtime. | # all required Nix files are set correctly at runtime. | ||||||
| 
 | 
 | ||||||
| { pkgs ? import <nixpkgs> {} }: | { pkgs ? import <nixpkgs> { } }: | ||||||
| 
 | 
 | ||||||
| pkgs.writeShellScriptBin "nixery-prepare-image" '' | pkgs.writeShellScriptBin "nixery-prepare-image" '' | ||||||
|   exec ${pkgs.nix}/bin/nix-build \ |   exec ${pkgs.nix}/bin/nix-build \ | ||||||
|  |  | ||||||
|  | @ -1,16 +1,5 @@ | ||||||
| # Copyright 2019 Google LLC | # Copyright 2022 The TVL Contributors | ||||||
| # | # SPDX-License-Identifier: Apache-2.0 | ||||||
| # Licensed under the Apache License, Version 2.0 (the "License"); |  | ||||||
| # you may not use this file except in compliance with the License. |  | ||||||
| # You may obtain a copy of the License at |  | ||||||
| # |  | ||||||
| #     https://www.apache.org/licenses/LICENSE-2.0 |  | ||||||
| # |  | ||||||
| # Unless required by applicable law or agreed to in writing, software |  | ||||||
| # distributed under the License is distributed on an "AS IS" BASIS, |  | ||||||
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |  | ||||||
| # See the License for the specific language governing permissions and |  | ||||||
| # limitations under the License. |  | ||||||
| 
 | 
 | ||||||
| # Load a Nix package set from one of the supported source types | # Load a Nix package set from one of the supported source types | ||||||
| # (nixpkgs, git, path). | # (nixpkgs, git, path). | ||||||
|  | @ -24,7 +13,8 @@ let | ||||||
|     let |     let | ||||||
|       url = |       url = | ||||||
|         "https://github.com/NixOS/nixpkgs/archive/${channel}.tar.gz"; |         "https://github.com/NixOS/nixpkgs/archive/${channel}.tar.gz"; | ||||||
|     in import (fetchTarball url) importArgs; |     in | ||||||
|  |     import (fetchTarball url) importArgs; | ||||||
| 
 | 
 | ||||||
|   # If a git repository is requested, it is retrieved via |   # If a git repository is requested, it is retrieved via | ||||||
|   # builtins.fetchGit which defaults to the git configuration of the |   # builtins.fetchGit which defaults to the git configuration of the | ||||||
|  | @ -35,7 +25,8 @@ let | ||||||
|   # No special handling is used for paths, so users are expected to pass one |   # No special handling is used for paths, so users are expected to pass one | ||||||
|   # that will work natively with Nix. |   # that will work natively with Nix. | ||||||
|   importPath = path: import (toPath path) importArgs; |   importPath = path: import (toPath path) importArgs; | ||||||
| in if srcType == "nixpkgs" then | in | ||||||
|  | if srcType == "nixpkgs" then | ||||||
|   fetchImportChannel srcArgs |   fetchImportChannel srcArgs | ||||||
| else if srcType == "git" then | else if srcType == "git" then | ||||||
|   fetchImportGit (fromJSON srcArgs) |   fetchImportGit (fromJSON srcArgs) | ||||||
|  |  | ||||||
|  | @ -1,16 +1,5 @@ | ||||||
| # Copyright 2019 Google LLC | # Copyright 2022 The TVL Contributors | ||||||
| # | # SPDX-License-Identifier: Apache-2.0 | ||||||
| # Licensed under the Apache License, Version 2.0 (the "License"); |  | ||||||
| # you may not use this file except in compliance with the License. |  | ||||||
| # You may obtain a copy of the License at |  | ||||||
| # |  | ||||||
| #     https://www.apache.org/licenses/LICENSE-2.0 |  | ||||||
| # |  | ||||||
| # Unless required by applicable law or agreed to in writing, software |  | ||||||
| # distributed under the License is distributed on an "AS IS" BASIS, |  | ||||||
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |  | ||||||
| # See the License for the specific language governing permissions and |  | ||||||
| # limitations under the License. |  | ||||||
| 
 | 
 | ||||||
| # This file contains a derivation that outputs structured information | # This file contains a derivation that outputs structured information | ||||||
| # about the runtime dependencies of an image with a given set of | # about the runtime dependencies of an image with a given set of | ||||||
|  | @ -23,13 +12,13 @@ | ||||||
| 
 | 
 | ||||||
| { | { | ||||||
|   # Description of the package set to be used (will be loaded by load-pkgs.nix) |   # Description of the package set to be used (will be loaded by load-pkgs.nix) | ||||||
|   srcType ? "nixpkgs", |   srcType ? "nixpkgs" | ||||||
|   srcArgs ? "nixos-20.09", | , srcArgs ? "nixos-20.09" | ||||||
|   system ? "x86_64-linux", | , system ? "x86_64-linux" | ||||||
|   importArgs ? { }, | , importArgs ? { } | ||||||
|   # Path to load-pkgs.nix | , # Path to load-pkgs.nix | ||||||
|   loadPkgs ? ./load-pkgs.nix, |   loadPkgs ? ./load-pkgs.nix | ||||||
|   # Packages to install by name (which must refer to top-level attributes of | , # Packages to install by name (which must refer to top-level attributes of | ||||||
|   # nixpkgs). This is passed in as a JSON-array in string form. |   # nixpkgs). This is passed in as a JSON-array in string form. | ||||||
|   packages ? "[]" |   packages ? "[]" | ||||||
| }: | }: | ||||||
|  | @ -77,24 +66,28 @@ let | ||||||
|   # `deepFetch haskellpackages.stylish-haskell` retrieves |   # `deepFetch haskellpackages.stylish-haskell` retrieves | ||||||
|   # `haskellPackages.stylish-haskell`. |   # `haskellPackages.stylish-haskell`. | ||||||
|   deepFetch = with lib; s: n: |   deepFetch = with lib; s: n: | ||||||
|     let path = splitString "." n; |     let | ||||||
|         err = { error = "not_found"; pkg = n; }; |       path = splitString "." n; | ||||||
|         # The most efficient way I've found to do a lookup against |       err = { error = "not_found"; pkg = n; }; | ||||||
|         # case-differing versions of an attribute is to first construct a |       # The most efficient way I've found to do a lookup against | ||||||
|         # mapping of all lowercased attribute names to their differently cased |       # case-differing versions of an attribute is to first construct a | ||||||
|         # equivalents. |       # mapping of all lowercased attribute names to their differently cased | ||||||
|         # |       # equivalents. | ||||||
|         # This map is then used for a second lookup if the top-level |       # | ||||||
|         # (case-sensitive) one does not yield a result. |       # This map is then used for a second lookup if the top-level | ||||||
|         hasUpper = str: (match ".*[A-Z].*" str) != null; |       # (case-sensitive) one does not yield a result. | ||||||
|         allUpperKeys = filter hasUpper (attrNames s); |       hasUpper = str: (match ".*[A-Z].*" str) != null; | ||||||
|         lowercased = listToAttrs (map (k: { |       allUpperKeys = filter hasUpper (attrNames s); | ||||||
|  |       lowercased = listToAttrs (map | ||||||
|  |         (k: { | ||||||
|           name = toLower k; |           name = toLower k; | ||||||
|           value = k; |           value = k; | ||||||
|           }) allUpperKeys); |         }) | ||||||
|         caseAmendedPath = map (v: if hasAttr v lowercased then lowercased."${v}" else v) path; |         allUpperKeys); | ||||||
|         fetchLower = attrByPath caseAmendedPath err s; |       caseAmendedPath = map (v: if hasAttr v lowercased then lowercased."${v}" else v) path; | ||||||
|     in attrByPath path fetchLower s; |       fetchLower = attrByPath caseAmendedPath err s; | ||||||
|  |     in | ||||||
|  |     attrByPath path fetchLower s; | ||||||
| 
 | 
 | ||||||
|   # allContents contains all packages successfully retrieved by name |   # allContents contains all packages successfully retrieved by name | ||||||
|   # from the package set, as well as any errors encountered while |   # from the package set, as well as any errors encountered while | ||||||
|  | @ -105,27 +98,30 @@ let | ||||||
|     # Folds over the results of 'deepFetch' on all requested packages to |     # Folds over the results of 'deepFetch' on all requested packages to | ||||||
|     # separate them into errors and content. This allows the program to |     # separate them into errors and content. This allows the program to | ||||||
|     # terminate early and return only the errors if any are encountered. |     # terminate early and return only the errors if any are encountered. | ||||||
|     let splitter = attrs: res: |     let | ||||||
|           if hasAttr "error" res |       splitter = attrs: res: | ||||||
|           then attrs // { errors = attrs.errors ++ [ res ]; } |         if hasAttr "error" res | ||||||
|           else attrs // { contents = attrs.contents ++ [ res ]; }; |         then attrs // { errors = attrs.errors ++ [ res ]; } | ||||||
|         init = { contents = []; errors = []; }; |         else attrs // { contents = attrs.contents ++ [ res ]; }; | ||||||
|         fetched = (map (deepFetch pkgs) (fromJSON packages)); |       init = { contents = [ ]; errors = [ ]; }; | ||||||
|     in foldl' splitter init fetched; |       fetched = (map (deepFetch pkgs) (fromJSON packages)); | ||||||
|  |     in | ||||||
|  |     foldl' splitter init fetched; | ||||||
| 
 | 
 | ||||||
|   # Contains the export references graph of all retrieved packages, |   # Contains the export references graph of all retrieved packages, | ||||||
|   # which has information about all runtime dependencies of the image. |   # which has information about all runtime dependencies of the image. | ||||||
|   # |   # | ||||||
|   # This is used by Nixery to group closures into image layers. |   # This is used by Nixery to group closures into image layers. | ||||||
|   runtimeGraph = runCommand "runtime-graph.json" { |   runtimeGraph = runCommand "runtime-graph.json" | ||||||
|     __structuredAttrs = true; |     { | ||||||
|     exportReferencesGraph.graph = allContents.contents; |       __structuredAttrs = true; | ||||||
|     PATH = "${coreutils}/bin"; |       exportReferencesGraph.graph = allContents.contents; | ||||||
|     builder = toFile "builder" '' |       PATH = "${coreutils}/bin"; | ||||||
|       . .attrs.sh |       builder = toFile "builder" '' | ||||||
|       cp .attrs.json ''${outputs[out]} |         . .attrs.sh | ||||||
|     ''; |         cp .attrs.json ''${outputs[out]} | ||||||
|   } ""; |       ''; | ||||||
|  |     } ""; | ||||||
| 
 | 
 | ||||||
|   # Create a symlink forest into all top-level store paths of the |   # Create a symlink forest into all top-level store paths of the | ||||||
|   # image contents. |   # image contents. | ||||||
|  | @ -151,7 +147,7 @@ let | ||||||
|   # Image layer that contains the symlink forest created above. This |   # Image layer that contains the symlink forest created above. This | ||||||
|   # must be included in the image to ensure that the filesystem has a |   # must be included in the image to ensure that the filesystem has a | ||||||
|   # useful layout at runtime. |   # useful layout at runtime. | ||||||
|   symlinkLayer = runCommand "symlink-layer.tar" {} '' |   symlinkLayer = runCommand "symlink-layer.tar" { } '' | ||||||
|     cp -r ${contentsEnv}/ ./layer |     cp -r ${contentsEnv}/ ./layer | ||||||
|     tar --transform='s|^\./||' -C layer --sort=name --mtime="@$SOURCE_DATE_EPOCH" --owner=0 --group=0 -cf $out . |     tar --transform='s|^\./||' -C layer --sort=name --mtime="@$SOURCE_DATE_EPOCH" --owner=0 --group=0 -cf $out . | ||||||
|   ''; |   ''; | ||||||
|  | @ -159,9 +155,10 @@ let | ||||||
|   # Metadata about the symlink layer which is required for serving it. |   # Metadata about the symlink layer which is required for serving it. | ||||||
|   # Two different hashes are computed for different usages (inclusion |   # Two different hashes are computed for different usages (inclusion | ||||||
|   # in manifest vs. content-checking in the layer cache). |   # in manifest vs. content-checking in the layer cache). | ||||||
|   symlinkLayerMeta = fromJSON (readFile (runCommand "symlink-layer-meta.json" { |   symlinkLayerMeta = fromJSON (readFile (runCommand "symlink-layer-meta.json" | ||||||
|     buildInputs = [ coreutils jq openssl ]; |     { | ||||||
|   }'' |       buildInputs = [ coreutils jq openssl ]; | ||||||
|  |     } '' | ||||||
|     tarHash=$(sha256sum ${symlinkLayer} | cut -d ' ' -f1) |     tarHash=$(sha256sum ${symlinkLayer} | cut -d ' ' -f1) | ||||||
|     layerSize=$(stat --printf '%s' ${symlinkLayer}) |     layerSize=$(stat --printf '%s' ${symlinkLayer}) | ||||||
| 
 | 
 | ||||||
|  | @ -181,7 +178,8 @@ let | ||||||
|     error = "not_found"; |     error = "not_found"; | ||||||
|     pkgs = map (err: err.pkg) allContents.errors; |     pkgs = map (err: err.pkg) allContents.errors; | ||||||
|   }; |   }; | ||||||
| in writeText "build-output.json" (if (length allContents.errors) == 0 | in | ||||||
|   then toJSON buildOutput | writeText "build-output.json" (if (length allContents.errors) == 0 | ||||||
|   else toJSON errorOutput | then toJSON buildOutput | ||||||
|  | else toJSON errorOutput | ||||||
| ) | ) | ||||||
|  |  | ||||||
|  | @ -1,16 +1,5 @@ | ||||||
| # Copyright 2019 Google LLC | # Copyright 2022 The TVL Contributors | ||||||
| # | # SPDX-License-Identifier: Apache-2.0 | ||||||
| # Licensed under the Apache License, Version 2.0 (the "License"); |  | ||||||
| # you may not use this file except in compliance with the License. |  | ||||||
| # You may obtain a copy of the License at |  | ||||||
| # |  | ||||||
| #     https://www.apache.org/licenses/LICENSE-2.0 |  | ||||||
| # |  | ||||||
| # Unless required by applicable law or agreed to in writing, software |  | ||||||
| # distributed under the License is distributed on an "AS IS" BASIS, |  | ||||||
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |  | ||||||
| # See the License for the specific language governing permissions and |  | ||||||
| # limitations under the License. |  | ||||||
| 
 | 
 | ||||||
| # Configures a shell environment that builds required local packages to | # Configures a shell environment that builds required local packages to | ||||||
| # run Nixery. | # run Nixery. | ||||||
|  |  | ||||||
|  | @ -1,16 +1,5 @@ | ||||||
| // Copyright 2019 Google LLC | // Copyright 2022 The TVL Contributors | ||||||
| // | // SPDX-License-Identifier: Apache-2.0 | ||||||
| // Licensed under the Apache License, Version 2.0 (the "License"); you may not |  | ||||||
| // use this file except in compliance with the License. You may obtain a copy of |  | ||||||
| // the License at |  | ||||||
| // |  | ||||||
| //     https://www.apache.org/licenses/LICENSE-2.0 |  | ||||||
| // |  | ||||||
| // Unless required by applicable law or agreed to in writing, software |  | ||||||
| // distributed under the License is distributed on an "AS IS" BASIS, WITHOUT |  | ||||||
| // WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the |  | ||||||
| // License for the specific language governing permissions and limitations under |  | ||||||
| // the License. |  | ||||||
| 
 | 
 | ||||||
| // Filesystem storage backend for Nixery. | // Filesystem storage backend for Nixery. | ||||||
| package storage | package storage | ||||||
|  |  | ||||||
|  | @ -1,16 +1,5 @@ | ||||||
| // Copyright 2019 Google LLC | // Copyright 2022 The TVL Contributors | ||||||
| // | // SPDX-License-Identifier: Apache-2.0 | ||||||
| // Licensed under the Apache License, Version 2.0 (the "License"); you may not |  | ||||||
| // use this file except in compliance with the License. You may obtain a copy of |  | ||||||
| // the License at |  | ||||||
| // |  | ||||||
| //     https://www.apache.org/licenses/LICENSE-2.0 |  | ||||||
| // |  | ||||||
| // Unless required by applicable law or agreed to in writing, software |  | ||||||
| // distributed under the License is distributed on an "AS IS" BASIS, WITHOUT |  | ||||||
| // WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the |  | ||||||
| // License for the specific language governing permissions and limitations under |  | ||||||
| // the License. |  | ||||||
| 
 | 
 | ||||||
| // Google Cloud Storage backend for Nixery. | // Google Cloud Storage backend for Nixery. | ||||||
| package storage | package storage | ||||||
|  |  | ||||||
|  | @ -1,16 +1,5 @@ | ||||||
| // Copyright 2019-2020 Google LLC | // Copyright 2022 The TVL Contributors | ||||||
| // | // SPDX-License-Identifier: Apache-2.0 | ||||||
| // Licensed under the Apache License, Version 2.0 (the "License"); you may not |  | ||||||
| // use this file except in compliance with the License. You may obtain a copy of |  | ||||||
| // the License at |  | ||||||
| // |  | ||||||
| //     https://www.apache.org/licenses/LICENSE-2.0 |  | ||||||
| // |  | ||||||
| // Unless required by applicable law or agreed to in writing, software |  | ||||||
| // distributed under the License is distributed on an "AS IS" BASIS, WITHOUT |  | ||||||
| // WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the |  | ||||||
| // License for the specific language governing permissions and limitations under |  | ||||||
| // the License. |  | ||||||
| 
 | 
 | ||||||
| // Package storage implements an interface that can be implemented by | // Package storage implements an interface that can be implemented by | ||||||
| // storage backends, such as Google Cloud Storage or the local | // storage backends, such as Google Cloud Storage or the local | ||||||
|  |  | ||||||
|  | @ -260,13 +260,13 @@ TIP: This is implemented in [popcount][] in Nixery. | ||||||
| Hopefully this detailed design review was useful to you. You can also watch [my | Hopefully this detailed design review was useful to you. You can also watch [my | ||||||
| NixCon talk][talk] about Nixery for a review of some of this, and some demos. | NixCon talk][talk] about Nixery for a review of some of this, and some demos. | ||||||
| 
 | 
 | ||||||
| [Nixery]: https://github.com/google/nixery | [Nixery]: https://cs.tvl.fyi/depot/-/tree/tools/nixery | ||||||
| [grhmc]: https://grahamc.com/blog/nix-and-layered-docker-images | [grhmc]: https://grahamc.com/blog/nix-and-layered-docker-images | ||||||
| [Nix]: https://nixos.org/nix | [Nix]: https://nixos.org/nix | ||||||
| [registry protocols]: https://github.com/opencontainers/distribution-spec/blob/master/spec.md | [registry protocols]: https://github.com/opencontainers/distribution-spec/blob/master/spec.md | ||||||
| [nixery.dev]: https://nixery.dev | [nixery.dev]: https://nixery.dev | ||||||
| [dominator trees]: https://en.wikipedia.org/wiki/Dominator_(graph_theory) | [dominator trees]: https://en.wikipedia.org/wiki/Dominator_(graph_theory) | ||||||
| [gonum/graph]: https://godoc.org/gonum.org/v1/gonum/graph | [gonum/graph]: https://godoc.org/gonum.org/v1/gonum/graph | ||||||
| [layers.go]: https://github.com/google/nixery/blob/master/builder/layers.go | [layers.go]: https://cs.tvl.fyi/depot/-/blob/tools/nixery/builder/layers.go | ||||||
| [popcount]: https://github.com/google/nixery/tree/master/popcount | [popcount]: https://cs.tvl.fyi/depot/-/tree/tools/nixery/popcount | ||||||
| [talk]: https://www.youtube.com/watch?v=pOI9H4oeXqA | [talk]: https://www.youtube.com/watch?v=pOI9H4oeXqA | ||||||
|  |  | ||||||
		Loading…
	
	Add table
		Add a link
		
	
		Reference in a new issue